CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] - libreoffice 4:24.2.3~rc1-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) NOT-FOR-US: Red Hat Satellite CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) NOT-FOR-US: WordPress plugin CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) NOT-FOR-US: Solidus CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) NOT-FOR-US: WordPress plugin CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) NOT-FOR-US: WordPress plugin CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) NOT-FOR-US: Open-source project Online Shopping System Advanced CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) TODO: check CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) TODO: check CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) NOT-FOR-US: D-Link CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) TODO: check CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) NOT-FOR-US: PrestaShop CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) NOT-FOR-US: PrestaShop CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) TODO: check CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) TODO: check CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) TODO: check CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) NOT-FOR-US: TYPO3 CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) NOT-FOR-US: TYPO3 CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) NOT-FOR-US: TYPO3 CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) NOT-FOR-US: TYPO3 CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) NOT-FOR-US: OFCMS CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) NOT-FOR-US: Konga CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) TODO: check CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) TODO: check CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) TODO: check CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) NOT-FOR-US: linqi CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) NOT-FOR-US: linqi CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) NOT-FOR-US: linqi CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) NOT-FOR-US: linqi CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) NOT-FOR-US: linqi CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) NOT-FOR-US: linqi CVE-2024-33647 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...) NOT-FOR-US: Siemens CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33498 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33497 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33496 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33495 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33494 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2024-33493 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-33492 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-33491 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-33490 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-33489 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-33485 (SQL Injection vulnerability in CASAP Automated Enrollment System using ...) NOT-FOR-US: CASAP Automated Enrollment System CVE-2024-32977 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - octoprint (bug #718591) CVE-2024-32742 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32741 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32740 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32639 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...) NOT-FOR-US: Siemens CVE-2024-32637 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...) TODO: check CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) TODO: check CVE-2024-32354 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) TODO: check CVE-2024-32353 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) TODO: check CVE-2024-32352 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) TODO: check CVE-2024-32351 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) TODO: check CVE-2024-32350 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) TODO: check CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) TODO: check CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) TODO: check CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) TODO: check CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) TODO: check CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) TODO: check CVE-2024-31980 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) TODO: check CVE-2024-31491 (A client-side enforcement of server-side security in Fortinet FortiSan ...) TODO: check CVE-2024-31488 (An improper neutralization of inputs during web page generation vulner ...) TODO: check CVE-2024-31486 (A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions ...) TODO: check CVE-2024-31485 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...) TODO: check CVE-2024-31484 (A vulnerability has been identified in CPC80 Central Processing/Commun ...) TODO: check CVE-2024-30209 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) TODO: check CVE-2024-30208 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) TODO: check CVE-2024-30207 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) TODO: check CVE-2024-30206 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) TODO: check CVE-2024-30059 (Microsoft Intune for Android Mobile Application Management Tampering V ...) TODO: check CVE-2024-30054 (Microsoft Power BI Client JavaScript SDK Information Disclosure Vulner ...) TODO: check CVE-2024-30053 (Azure Migrate Cross-Site Scripting Vulnerability) TODO: check CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) TODO: check CVE-2024-30050 (Windows Mark of the Web Security Feature Bypass Vulnerability) TODO: check CVE-2024-30049 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) TODO: check CVE-2024-30048 (Dynamics 365 Customer Insights Spoofing Vulnerability) TODO: check CVE-2024-30047 (Dynamics 365 Customer Insights Spoofing Vulnerability) TODO: check CVE-2024-30046 (Visual Studio Denial of Service Vulnerability) TODO: check CVE-2024-30045 (.NET and Visual Studio Remote Code Execution Vulnerability) TODO: check CVE-2024-30044 (Microsoft SharePoint Server Remote Code Execution Vulnerability) TODO: check CVE-2024-30043 (Microsoft SharePoint Server Information Disclosure Vulnerability) TODO: check CVE-2024-30042 (Microsoft Excel Remote Code Execution Vulnerability) TODO: check CVE-2024-30041 (Microsoft Bing Search Spoofing Vulnerability) TODO: check CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) TODO: check CVE-2024-30039 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) TODO: check CVE-2024-30038 (Win32k Elevation of Privilege Vulnerability) TODO: check CVE-2024-30037 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) TODO: check CVE-2024-30036 (Windows Deployment Services Information Disclosure Vulnerability) TODO: check CVE-2024-30035 (Windows DWM Core Library Elevation of Privilege Vulnerability) TODO: check CVE-2024-30034 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) TODO: check CVE-2024-30033 (Windows Search Service Elevation of Privilege Vulnerability) TODO: check CVE-2024-30032 (Windows DWM Core Library Elevation of Privilege Vulnerability) TODO: check CVE-2024-30031 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) TODO: check CVE-2024-30030 (Win32k Elevation of Privilege Vulnerability) TODO: check CVE-2024-30029 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30028 (Win32k Elevation of Privilege Vulnerability) TODO: check CVE-2024-30027 (NTFS Elevation of Privilege Vulnerability) TODO: check CVE-2024-30025 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) TODO: check CVE-2024-30024 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30023 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30022 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30021 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30020 (Windows Cryptographic Services Remote Code Execution Vulnerability) TODO: check CVE-2024-30019 (DHCP Server Service Denial of Service Vulnerability) TODO: check CVE-2024-30018 (Windows Kernel Elevation of Privilege Vulnerability) TODO: check CVE-2024-30017 (Windows Hyper-V Remote Code Execution Vulnerability) TODO: check CVE-2024-30016 (Windows Cryptographic Services Information Disclosure Vulnerability) TODO: check CVE-2024-30015 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30014 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30012 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30011 (Windows Hyper-V Denial of Service Vulnerability) TODO: check CVE-2024-30010 (Windows Hyper-V Remote Code Execution Vulnerability) TODO: check CVE-2024-30009 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) TODO: check CVE-2024-30008 (Windows DWM Core Library Information Disclosure Vulnerability) TODO: check CVE-2024-30007 (Microsoft Brokering File System Elevation of Privilege Vulnerability) TODO: check CVE-2024-30006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) TODO: check CVE-2024-30005 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30004 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30003 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30002 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30001 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-30000 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-2637 (An authenticated local attacker who successfully exploited this vulner ...) TODO: check CVE-2024-29999 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-29998 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-29997 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability) TODO: check CVE-2024-29996 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) TODO: check CVE-2024-29994 (Microsoft Windows SCSI Class System File Elevation of Privilege Vulner ...) TODO: check CVE-2024-28137 (A local attacker with low privileges canperform a privilege escalation ...) TODO: check CVE-2024-28136 (A local attacker with low privileges can use a command injection vulne ...) TODO: check CVE-2024-28135 (A low privileged remote attacker can usea command injection vulnerabil ...) TODO: check CVE-2024-28134 (An unauthenticated remote attacker can extract a session token with a ...) TODO: check CVE-2024-28133 (A local low privileged attacker can use an untrusted search path in aC ...) TODO: check CVE-2024-27947 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27946 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27945 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27944 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27943 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27942 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27941 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27940 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27939 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) TODO: check CVE-2024-27110 (Elevation of privilege vulnerability in GE HealthCare EchoPAC products) TODO: check CVE-2024-27109 (Insufficiently protected credentials in GE HealthCare EchoPAC products) TODO: check CVE-2024-27108 (Non privileged access to critical file vulnerability in GE HealthCare ...) TODO: check CVE-2024-27107 (Weak account password in GE HealthCare EchoPAC products) TODO: check CVE-2024-27106 (Vulnerable data in transit in GE HealthCare EchoPAC products) TODO: check CVE-2024-26367 (Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firm ...) TODO: check CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerab ...) TODO: check CVE-2024-26007 (An improper check or handling of exceptional conditions vulnerability ...) TODO: check CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet Forti ...) TODO: check CVE-2024-22270 (VMware Workstation and Fusion contain an information disclosure vulner ...) TODO: check CVE-2024-22269 (VMware Workstation and Fusion contain an information disclosure vulner ...) TODO: check CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vulnerabi ...) TODO: check CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...) TODO: check CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...) TODO: check CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...) TODO: check CVE-2024-1630 (Path traversal vulnerability in \u201cgetAllFolderContents\u201d funct ...) TODO: check CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d function of Co ...) TODO: check CVE-2024-1628 (OS command injection vulnerabilities in GE HealthCare ultrasound devic ...) TODO: check CVE-2024-1598 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) TODO: check CVE-2024-1486 (Elevation of privileges via misconfigured access control list in GE He ...) TODO: check CVE-2024-0862 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) TODO: check CVE-2024-0762 (Potential buffer overflow in unsafe UEFI variable handling in Phoen ...) TODO: check CVE-2023-50180 (An exposure of sensitive system information to an unauthorized control ...) TODO: check CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in Fortinet Fort ...) TODO: check CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions), Security ...) TODO: check CVE-2023-45586 (An insufficient verification of data authenticity vulnerability [CWE-3 ...) TODO: check CVE-2023-45583 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) TODO: check CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 ...) TODO: check CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...) TODO: check CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) TODO: check CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...) TODO: check CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778 CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777 CVE-2024-4776 (A file dialog shown while in full-screen mode could have resulted in t ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4776 CVE-2024-4775 (An iterator stop condition was missing when handling WASM code in the ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4775 CVE-2024-4774 (The `ShmemCharMapHashEntry()` code was susceptible to potentially unde ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4774 CVE-2024-4773 (When a network error occurred during page load, the prior content coul ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4773 CVE-2024-4772 (An HTTP digest authentication nonce value was generated using `rand()` ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4772 CVE-2024-4771 (A memory allocation check was missing which would lead to a use-after- ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771 CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768 CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4767 CVE-2024-4766 (Different techniques existed to obscure the fullscreen notification in ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4766 CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 hash wh ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765 CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...) - firefox - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4367 CVE-2024-4764 (Multiple WebRTC threads could have claimed a newly connected audio inp ...) - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4764 CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...) - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2024-08.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19782 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19783 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19784 CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...) - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2024-07.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19726 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2024-08.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724 CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) NOT-FOR-US: Red Hat OpenStack Platform CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) TODO: check CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) NOT-FOR-US: PaperCut NG/MF CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) NOT-FOR-US: SAP CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) NOT-FOR-US: SAP CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...) NOT-FOR-US: PaperCut NG/MF CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...) NOT-FOR-US: SAP CVE-2024-33878 REJECTED CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On exploit ...) NOT-FOR-US: SAP CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for executing ...) NOT-FOR-US: SAP CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product which shows ...) NOT-FOR-US: SAP CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the server ...) NOT-FOR-US: SAP CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is vulnerable to I ...) NOT-FOR-US: SAP CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning Service does ...) NOT-FOR-US: SAP CVE-2024-33000 (SAP Bank Account Management does not perform necessary authorization c ...) NOT-FOR-US: SAP CVE-2024-32733 (Due to missing input validation and output encoding of untrusted data, ...) NOT-FOR-US: SAP CVE-2024-32731 (SAP My Travel Requests does not perform necessary authorization checks ...) NOT-FOR-US: SAP CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is vulnerable to s ...) NOT-FOR-US: SAP CVE-2024-27852 (A privacy issue was addressed with improved client ID handling for alt ...) NOT-FOR-US: Apple CVE-2024-27847 (This issue was addressed with improved checks This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-27843 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-27842 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-27841 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a more secur ...) NOT-FOR-US: Apple CVE-2024-27837 (A downgrade issue was addressed with additional code-signing restricti ...) NOT-FOR-US: Apple CVE-2024-27835 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-27829 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-27827 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) NOT-FOR-US: Apple CVE-2024-27824 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2024-27822 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2024-27821 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2024-27818 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-27816 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-27813 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-27810 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2024-27804 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-27803 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2024-27798 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2024-27796 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-27789 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-25970 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an impro ...) NOT-FOR-US: Dell CVE-2024-25969 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an alloc ...) NOT-FOR-US: Dell CVE-2024-25968 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of ...) NOT-FOR-US: Dell CVE-2024-25967 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execu ...) NOT-FOR-US: Dell CVE-2024-25966 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an impro ...) NOT-FOR-US: Dell CVE-2024-25965 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an exter ...) NOT-FOR-US: Dell CVE-2024-23576 (Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow d ...) NOT-FOR-US: HCL CVE-2024-23236 (A correctness issue was addressed with improved checks. This issue is ...) NOT-FOR-US: Apple CVE-2024-23229 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2024-0870 (The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6812 (The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-4761 (Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 all ...) - chromium [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) NOT-FOR-US: Agentejo Cockpit CMS CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry Management ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4816 (A vulnerability, which was classified as critical, was found in Ruijie ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4815 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) - node-braces NOTE: https://github.com/micromatch/braces/issues/35 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - node-micromatch NOTE: https://github.com/micromatch/micromatch/issues/243 NOTE: https://github.com/micromatch/micromatch/pull/247 CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) NOT-FOR-US: Ant Media Server Community Edition CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) NOT-FOR-US: YMS VIS Pro CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...) NOT-FOR-US: WordPress plugin CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges ...) NOT-FOR-US: SurveyKing CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after ...) NOT-FOR-US: SurveyKing CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...) NOT-FOR-US: SurveyKing CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: WWBN AVideo CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...) NOT-FOR-US: Phormer CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) TODO: check CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...) TODO: check CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity. The proble ...) TODO: check CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) TODO: check CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged ...) TODO: check CVE-2024-34698 (FreeScout is a free, self-hosted help desk and shared mailbox. Version ...) NOT-FOR-US: FreeScout CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A store ...) NOT-FOR-US: FreeScout CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - libxml2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) NOT-FOR-US: WordPress plugin CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...) NOT-FOR-US: WordPress plugin CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...) TODO: check CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-34226 (SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id ...) NOT-FOR-US: SourceCodester Visitor Management System CVE-2024-34225 (Cross Site Scripting vulnerability in php-lms/admin/?page=system_info ...) NOT-FOR-US: Computer Laboratory Management System using PHP and MySQL CVE-2024-34224 (Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=sav ...) NOT-FOR-US: Computer Laboratory Management System using PHP and MySQL CVE-2024-34223 (Insecure permission vulnerability in /hrm/leaverequest.php in SourceCo ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2024-34222 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...) NOT-FOR-US: Sourcecodester Human Resource Management System CVE-2024-34221 (Sourcecodester Human Resource Management System 1.0 is vulnerable to I ...) NOT-FOR-US: Sourcecodester Human Resource Management System CVE-2024-34081 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improp ...) - mantis CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an i ...) - mantis CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insuffi ...) - mantis CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B2 ...) NOT-FOR-US: TOTOLINK CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a remote at ...) TODO: check CVE-2024-33250 (An issue in Open-Source Technology Committee SRS real-time video serve ...) NOT-FOR-US: Open-Source Technology Committee SRS real-time video server CVE-2024-32100 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hard ...) NOT-FOR-US: TOTOLINK CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local ...) NOT-FOR-US: TotalAV CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r CVE-2024-31458 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x CVE-2024-31445 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc NOTE: https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 CVE-2024-31444 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87 CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 NOTE: https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) NOT-FOR-US: WordPress plugin CVE-2024-30268 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) TODO: check CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) TODO: check CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) NOT-FOR-US: BlueRiSC WindowsSCOPE Cyber Forensics CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) TODO: check CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...) TODO: check CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Code-projects Computer Book Store CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was identi ...) NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scr ...) NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...) TODO: check CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-22774 (An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.760 ...) TODO: check CVE-2023-50718 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) TODO: check CVE-2023-50717 (NocoDB is software for building databases as spreadsheets. Starting in ...) TODO: check CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior to 0. ...) TODO: check CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) TODO: check CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) TODO: check CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) CVE-2024-27400 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7) CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9) CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3) CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...) - dnsdist [bookworm] - dnsdist (Vulnerable code not present) [bullseye] - dnsdist (Vulnerable code not present) [buster] - dnsdist (Vulnerable code not present) NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html NOTE: Patches: https://downloads.powerdns.com/patches/2024-03/ CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source Clinic Ma ...) NOT-FOR-US: SourceCodester Open Source Clinic Management System CVE-2024-4808 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4807 (A vulnerability, which was classified as critical, has been found in K ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4806 (A vulnerability classified as critical was found in Kashipara College ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4805 (A vulnerability classified as critical has been found in Kashipara Col ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4804 (A vulnerability was found in Kashipara College Management System 1.0. ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4803 (A vulnerability was found in Kashipara College Management System 1.0. ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4802 (A vulnerability was found in Kashipara College Management System 1.0. ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4801 (A vulnerability was found in Kashipara College Management System 1.0 a ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4800 (A vulnerability has been found in Kashipara College Management System ...) NOT-FOR-US: Kashipara College Management System CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) NOT-FOR-US: WordPress plugin CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...) NOT-FOR-US: WPS Office CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect permissions f ...) NOT-FOR-US: Veritas CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability in Kogne ...) NOT-FOR-US: WordPress plugin CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the parisn ...) NOT-FOR-US: lollms-webui CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) NOT-FOR-US: Veeam CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) TODO: check CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5, consisting of an ...) NOT-FOR-US: Uniform Zero Server CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) NOT-FOR-US: Contemporary Control System BASrouter BACnet BASRT-B CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) NOT-FOR-US: DedeCMS CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) NOT-FOR-US: WordPress plugin CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) NOT-FOR-US: WordPress plugin CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) NOT-FOR-US: WordPress plugin CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) NOT-FOR-US: Huawei CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) NOT-FOR-US: WordPress plugin CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) NOT-FOR-US: Huawei CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) NOT-FOR-US: Huawei CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) NOT-FOR-US: Huawei CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) NOT-FOR-US: Huawei CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) NOT-FOR-US: Huawei CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) NOT-FOR-US: Huawei CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) NOT-FOR-US: Huawei CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) NOT-FOR-US: Huawei CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) NOT-FOR-US: Huawei CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) NOT-FOR-US: Huawei CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) NOT-FOR-US: HP CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) NOT-FOR-US: Synaptics CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) NOT-FOR-US: Huawei CVE-2023-52720 (Race condition vulnerability in the soundtrigger module Impact: Succes ...) NOT-FOR-US: Huawei CVE-2023-52719 (Privilege escalation vulnerability in the PMS module Impact: Successfu ...) NOT-FOR-US: Huawei CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) NOT-FOR-US: Huawei CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) NOT-FOR-US: Huawei CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) NOT-FOR-US: IBM CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) NOT-FOR-US: IBM CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) NOT-FOR-US: Netflix CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) NOT-FOR-US: WordPress plugin CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4631 REJECTED CVE-2024-4490 (The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plug ...) NOT-FOR-US: WordPress plugin CVE-2024-4481 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4449 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4448 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4444 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4434 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4398 (The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-4280 (The White Label CMS plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-4277 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4275 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4232 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) NOT-FOR-US: Digisol Router CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) NOT-FOR-US: Digisol Router CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...) NOT-FOR-US: Snow Software AB Snow License Manager CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in common cod ...) NOT-FOR-US: National Instruments CVE-2024-4039 (The The Orders Tracking for WooCommerce plugin for WordPress for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-3956 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-3941 (The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2024-3940 (The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2024-3828 (The Spectra Pro plugin for WordPress is vulnerable to privilege escala ...) NOT-FOR-US: WordPress plugin CVE-2024-3547 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) NOT-FOR-US: WordPress plugin CVE-2024-34974 (Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSe ...) NOT-FOR-US: Tenda CVE-2024-34946 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-34945 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-34944 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-34943 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-34942 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-34828 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...) NOT-FOR-US: WordPress plugin CVE-2024-34827 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan ...) NOT-FOR-US: WordPress plugin CVE-2024-34825 (Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Soc ...) NOT-FOR-US: WordPress plugin CVE-2024-34823 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...) NOT-FOR-US: WordPress plugin CVE-2024-34818 (Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-34817 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) NOT-FOR-US: WordPress plugin CVE-2024-34816 (Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io \u ...) NOT-FOR-US: WordPress plugin CVE-2024-34814 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-34695 (WOWS Karma is a reputation system for Wargaming's World of Warships. A ...) NOT-FOR-US: WOWS Karma CVE-2024-34360 (go-spacemesh is a Go implementation of the Spacemesh protocol full nod ...) NOT-FOR-US: go-spacemesh CVE-2024-34359 (llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-pyth ...) NOT-FOR-US: llama-cpp-python CVE-2024-34349 (Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13 ...) NOT-FOR-US: Sylius CVE-2024-34310 (Jin Fang Times Content Management System v3.2.3 was discovered to cont ...) NOT-FOR-US: Jin Fang Times Content Management System CVE-2024-34245 (An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authen ...) NOT-FOR-US: DedeCMS CVE-2024-34199 (TinyWeb 1.94 and below allows unauthenticated remote attackers to caus ...) NOT-FOR-US: TinyWeb CVE-2024-34079 (octo-sts is a GitHub App that acts like a Security Token Service (STS) ...) NOT-FOR-US: octo-sts CVE-2024-34070 (Froxlor is open source server administration software. Prior to 2.1.9, ...) - froxlor (bug #581792) CVE-2024-33819 (Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-s ...) NOT-FOR-US: Globitel KSA SpeechLog CVE-2024-33818 (Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Dire ...) NOT-FOR-US: Globitel KSA SpeechLog CVE-2024-33774 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...) NOT-FOR-US: D-Link CVE-2024-33773 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...) NOT-FOR-US: D-Link CVE-2024-33772 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...) NOT-FOR-US: D-Link CVE-2024-33771 (A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2 ...) NOT-FOR-US: D-Link CVE-2024-32985 (Stellar-core is a reference implementation for the peer-to-peer agent ...) NOT-FOR-US: Stellar-core CVE-2024-32964 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...) NOT-FOR-US: Lobe Chat CVE-2024-32776 (Missing Authorization vulnerability in AppPresser Team AppPresser.This ...) NOT-FOR-US: WordPress plugin CVE-2024-31441 (DataEase is an open source data visualization analysis tool. Due to th ...) NOT-FOR-US: DataEase CVE-2024-31113 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...) NOT-FOR-US: WordPress plugin CVE-2024-30802 (An issue in Vehicle Management System 7.31.0.3_20230412 allows an atta ...) NOT-FOR-US: Vehicle Management System CVE-2024-30801 (SQL Injection vulnerability in Cloud based customer service management ...) NOT-FOR-US: Cloud based customer service management platform CVE-2024-30055 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-2749 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...) NOT-FOR-US: WordPress plugin CVE-2024-2662 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) NOT-FOR-US: WordPress plugin CVE-2024-2441 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...) NOT-FOR-US: WordPress plugin CVE-2024-2257 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) NOT-FOR-US: Digisol Router CVE-2024-28781 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) NOT-FOR-US: IBM CVE-2024-27269 (IBM QRadar SIEM 7.5 could allow a privileged user to configure user ma ...) NOT-FOR-US: IBM CVE-2024-22345 (IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication ...) NOT-FOR-US: IBM CVE-2024-22344 (IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A ...) NOT-FOR-US: IBM CVE-2024-22343 (IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored loca ...) NOT-FOR-US: IBM CVE-2024-22064 (ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi ...) NOT-FOR-US: ZTE CVE-2024-0100 (NVIDIA Triton Inference Server for Linux contains a vulnerability in t ...) NOT-FOR-US: NVIDIA CVE-2024-0098 (NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI ...) NOT-FOR-US: NVIDIA CVE-2024-0097 (NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, whe ...) NOT-FOR-US: NVIDIA CVE-2024-0096 (NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, wh ...) NOT-FOR-US: NVIDIA CVE-2024-0088 (NVIDIA Triton Inference Server for Linux contains a vulnerability in s ...) NOT-FOR-US: NVIDIA CVE-2024-0087 (NVIDIA Triton Inference Server for Linux contains a vulnerability wher ...) NOT-FOR-US: NVIDIA CVE-2023-38264 (The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1 ...) NOT-FOR-US: IBM CVE-2023-37526 (HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Shari ...) NOT-FOR-US: HCL CVE-2024-4671 (Use after free in Visuals in Google Chrome prior to 124.0.6367.201 all ...) {DSA-5687-1} - chromium 124.0.6367.201-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4614 REJECTED CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...) NOT-FOR-US: WordPress plugin CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) NOT-FOR-US: WordPress plugin CVE-2024-4579 REJECTED CVE-2024-4572 REJECTED CVE-2024-4571 REJECTED CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) NOT-FOR-US: EnterpriseDB CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) NOT-FOR-US: WordPress plugin CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) NOT-FOR-US: WordPress plugin CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) NOT-FOR-US: CemiPark software CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) NOT-FOR-US: CemiPark software CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) NOT-FOR-US: CemiPark software CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) NOT-FOR-US: WordPress plugin CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress theme CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: WordPress plugin CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...) NOT-FOR-US: WordPress plugin CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...) NOT-FOR-US: WordPress plugin CVE-2024-3990 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3989 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3974 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-3954 (The Ditty plugin for WordPress is vulnerable to PHP Object Injection i ...) NOT-FOR-US: WordPress plugin CVE-2024-3952 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-3923 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3916 (The Swift Framework plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-3915 (The Swift Framework plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-3831 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-3809 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3808 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3807 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...) NOT-FOR-US: WordPress theme CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...) NOT-FOR-US: WordPress theme CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...) - golang-github-opencontainers-go-digest (bug #1070858) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274767 CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-3680 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-3595 (The Pure Chat \u2013 Live Chat Plugin & More! plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-3461 (KioWare for Windows (versions all through 8.35)allows to brute force t ...) NOT-FOR-US: KioWare for Windows CVE-2024-3460 (In KioWare for Windows (versions all through 8.34)it is possible to ex ...) NOT-FOR-US: KioWare for Windows CVE-2024-3459 (KioWare for Windows (versions allthrough 8.34)allows to escape the env ...) NOT-FOR-US: KioWare for Windows CVE-2024-3070 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability in Ghos ...) NOT-FOR-US: WordPress plugin CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode ...) NOT-FOR-US: WordPress plugin CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34439 (Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Mes ...) NOT-FOR-US: WordPress plugin CVE-2024-34437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34433 (Deserialization of Untrusted Data vulnerability in OCDI One Click Demo ...) NOT-FOR-US: WordPress plugin CVE-2024-34432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34430 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34427 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...) NOT-FOR-US: WordPress plugin CVE-2024-34426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34424 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34423 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34421 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34420 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34419 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34418 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34417 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34354 (CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tai ...) NOT-FOR-US: CMSaaSStarter CVE-2024-34352 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-34351 (Next.js is a React framework that can provide building blocks to creat ...) NOT-FOR-US: Next.js CVE-2024-34350 (Next.js is a React framework that can provide building blocks to creat ...) NOT-FOR-US: Next.js CVE-2024-34345 (The CycloneDX JavaScript library contains the core functionality of OW ...) NOT-FOR-US: CycloneDX CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2 V1.0.0.12 and ea ...) NOT-FOR-US: Tenda CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...) NOT-FOR-US: Sourcecodester Human Resource Management System CVE-2024-34219 (TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vuln ...) NOT-FOR-US: TOTOLINK CVE-2024-34218 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...) NOT-FOR-US: TOTOLINK CVE-2024-34217 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34215 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34213 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34212 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34211 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hard ...) NOT-FOR-US: TOTOLINK CVE-2024-34210 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...) NOT-FOR-US: TOTOLINK CVE-2024-34209 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34207 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34206 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...) NOT-FOR-US: TOTOLINK CVE-2024-34205 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2024-34204 (TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to co ...) NOT-FOR-US: TOTOLINK CVE-2024-34203 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34202 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34201 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34200 (TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a ...) NOT-FOR-US: TOTOLINK CVE-2024-34074 (Frappe is a full-stack web application framework. Prior to 15.26.0 and ...) NOT-FOR-US: Frappe Framework CVE-2024-33877 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__c ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33876 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_d ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33875 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__l ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_n ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...) NOT-FOR-US: esp-idf CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local object d ...) NOT-FOR-US: Frigate CVE-2024-32739 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) NOT-FOR-US: CyberPower PowerPanel CVE-2024-32738 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) NOT-FOR-US: CyberPower PowerPanel CVE-2024-32737 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) NOT-FOR-US: CyberPower PowerPanel CVE-2024-32736 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...) NOT-FOR-US: CyberPower PowerPanel CVE-2024-32735 (An issue regarding missing authentication for certain utilities exists ...) NOT-FOR-US: CyberPower PowerPanel CVE-2024-32724 (Missing Authorization vulnerability in Woo product importer Sharkdrops ...) NOT-FOR-US: WordPress plugin CVE-2024-32719 (Missing Authorization vulnerability in WP Club Manager.This issue affe ...) NOT-FOR-US: WordPress plugin CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper SchedulePress.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...) NOT-FOR-US: WordPress plugin CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` met ...) - npgsql (bug #1070859) NOTE: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c NOTE: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6 CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32623 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32622 (HDF5 Library through 1.14.3 contains a out-of-bounds read operation in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32621 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32620 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32619 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32618 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32617 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read cau ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32616 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32615 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32614 (HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32613 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32612 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32611 (HDF5 Library through 1.14.3 may use an uninitialized value in H5A__att ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32610 (HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, res ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32609 (HDF5 Library through 1.14.3 allows stack consumption in the function H ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32607 (HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resu ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32606 (HDF5 Library through 1.14.3 may attempt to dereference uninitialized v ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32605 (HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_ ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-31954 (An issue was discovered in the installer in Samsung Portable SSD for T ...) NOT-FOR-US: Samsung CVE-2024-31953 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it ...) NOT-FOR-US: Samsung CVE-2024-31952 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because sy ...) NOT-FOR-US: Samsung CVE-2024-31803 (Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attack ...) NOT-FOR-US: emp-ot CVE-2024-2923 (The Magical Addons For Elementor ( Header Footer Builder, Free Element ...) NOT-FOR-US: WordPress plugin CVE-2024-2846 (The Visual Footer Credit Remover plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2785 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2290 (The Advanced Ads plugin for WordPress is vulnerable to PHP Object Inje ...) NOT-FOR-US: WordPress plugin CVE-2024-29800 (Deserialization of Untrusted Data vulnerability in Timber Team & Contr ...) NOT-FOR-US: Timber CVE-2024-29166 (HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, r ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29165 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29164 (HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_he ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29163 (HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29162 (HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29161 (HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_relea ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29160 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_hea ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29159 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoff ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29158 (HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_mallo ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resu ...) - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...) NOT-FOR-US: Gnuboard CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...) NOT-FOR-US: SolarWinds CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...) NOT-FOR-US: CrushFTP CVE-2024-1693 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-1467 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) NOT-FOR-US: WordPress plugin CVE-2024-1230 (The SimpleShop plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1229 (The SimpleShop plugin for WordPress is vulnerable to unauthorized disc ...) NOT-FOR-US: WordPress plugin CVE-2024-1166 (The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-0445 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2023-6327 (The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-33655 - unbound 1.20.0-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de (release-1.20.0rc1) CVE-2024-4693 (A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci ...) - qemu 1:8.2.3+ds-1 [bookworm] - qemu (Vulnerable code not present) [bullseye] - qemu (Vulnerable code not present) [buster] - qemu (Vulnerable code not present) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2321 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f9a09ca3ea69d108d828b7c82f1bd61b2df6fc96 (v8.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304 (v8.2.3) CVE-2024-4317 (Missing authorization in PostgreSQL built-in views pg_stats_ext and pg ...) - postgresql-16 16.3-1 - postgresql-15 [bookworm] - postgresql-15 (Minor issue; can be fixed via point release) - postgresql-13 (Vulnerable code not present) - postgresql-11 (Vulnerable code not present) NOTE: https://www.postgresql.org/support/security/CVE-2024-4317/ CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...) - gitlab (Specific to EE) CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have ...) NOT-FOR-US: WordPress plugin CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...) NOT-FOR-US: NEC Platforms DT900 and DT900S Series CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) - apache-karaf (bug #881297) CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...) NOT-FOR-US: TOTOLINK CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source Escargo ...) NOT-FOR-US: Samsung CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...) NOT-FOR-US: Samsung CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...) NOT-FOR-US: Wind River CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...) NOT-FOR-US: School Task Manager CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...) NOT-FOR-US: WordPress plugin CVE-2024-29510 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662 CVE-2024-33871 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754 CVE-2024-33870 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686 CVE-2024-33869 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1) NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707691 CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) NOT-FOR-US: BlueNet Technology Clinical Browsing System CVE-2024-4653 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) NOT-FOR-US: BlueNet Technology Clinical Browsing System CVE-2024-4652 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4651 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4650 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4649 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4648 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4647 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4646 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4645 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-4644 (A vulnerability has been found in SourceCodester Prison Management Sys ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-4281 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print Invoice & ...) NOT-FOR-US: WordPress plugin CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to arbitrary sh ...) NOT-FOR-US: WordPress plugin CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting vulnerability t ...) NOT-FOR-US: PTC Codebeamer CVE-2024-3507 (Improper privilege management vulnerability in Lunar software that aff ...) NOT-FOR-US: Lunar CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34414 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34347 (@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environm ...) NOT-FOR-US: @hoppscotch/cli CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the ap ...) NOT-FOR-US: TOTOLINK CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...) NOT-FOR-US: jizhicms CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...) - libmodbus [buster] - libmodbus (Minor issue; out-of-bounds read, DoS) NOTE: https://github.com/stephane/libmodbus/issues/743 CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...) NOT-FOR-US: F5 BIG-IP CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffic can ...) NOT-FOR-US: F5 BIG-IP CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...) NOT-FOR-US: F5 BIG-IP CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...) NOT-FOR-US: appsbd Vitepos CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...) NOT-FOR-US: WordPress plugin CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...) NOT-FOR-US: Open5GS CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...) NOT-FOR-US: Spin CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...) NOT-FOR-US: Vitess CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...) NOT-FOR-US: F5 BIG-IP CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Apache OFBiz CVE-2024-32049 (BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote ...) NOT-FOR-US: F5 BIG-IP CVE-2024-31961 (A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide bef ...) NOT-FOR-US: Sonic Shopfloor CVE-2024-31270 (Missing Authorization vulnerability in Repute InfoSystems ARForms Form ...) NOT-FOR-US: WordPress plugin CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...) NOT-FOR-US: F5 BIG-IP CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...) NOT-FOR-US: Dell CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...) NOT-FOR-US: F5 BIG-IP CVE-2024-28883 (An origin validation vulnerability exists in BIG-IP APM browser netw ...) NOT-FOR-US: F5 BIG-IP CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GSLB con ...) NOT-FOR-US: F5 BIG-IP CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...) NOT-FOR-US: F5 BIG-IP CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) NOT-FOR-US: Apache InLong CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...) NOT-FOR-US: F5 BIG-IP CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...) NOT-FOR-US: F5 BIG-IP CVE-2024-25533 (Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the ...) NOT-FOR-US: RuvarOA CVE-2024-25532 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25531 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25530 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25529 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25528 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25527 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25526 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25525 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25524 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25523 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25522 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25521 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25520 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25519 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25518 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25517 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitra ...) NOT-FOR-US: Dell CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for Element ...) NOT-FOR-US: WordPress plugin CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecu ...) NOT-FOR-US: Dell CVE-2024-21793 (An OData injection vulnerability exists in the BIG-IP Next Central Man ...) NOT-FOR-US: BIG-IP CVE-2024-1438 (Missing Authorization vulnerability in PressFore Rolo Slider.This issu ...) NOT-FOR-US: WordPress plugin CVE-2023-41651 (Missing Authorization vulnerability in Multi-column Tag Map.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-27397 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/7395dfacfff65e9938ac0889dafa1ab01e987d15 (6.8-rc4) CVE-2024-27396 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/f2a904107ee2b647bb7794a1a82b67740d7c8a64 (6.9-rc6) CVE-2024-27395 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bookworm] - linux 6.1.90-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2 (6.9-rc6) CVE-2024-27394 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/80e679b352c3ce5158f3f778cfb77eb767e586fb (6.9-rc6) CVE-2024-27393 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/037965402a010898d34f4e35327d22c0a95cd51f (6.9-rc3) NOTE: https://www.openwall.com/lists/oss-security/2024/05/08/1 CVE-2023-52654 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5) CVE-2024-24787 (On Darwin, building a Go module which contains CGO can trigger arbitra ...) - golang-1.22 (Specific to MacOS) - golang-1.21 (Specific to MacOS) - golang-1.19 (Specific to MacOS) - golang-1.15 (Specific to MacOS) - golang-1.11 (Specific to MacOS) NOTE: https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 NOTE: https://github.com/golang/go/issues/67119 CVE-2024-24788 (A malformed DNS message in response to a query can cause the Lookup fu ...) - golang-1.22 1.22.3-1 - golang-1.21 (Vulnerable code not present) - golang-1.19 (Vulnerable code not present) - golang-1.15 (Vulnerable code not present) - golang-1.11 (Vulnerable code not present) NOTE: https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 NOTE: https://github.com/golang/go/issues/66754 NOTE: https://go-review.googlesource.com/c/go/+/578375 NOTE: Introduced with: https://github.com/golang/go/commit/865760373194e358fefa4d1e45ebdf2141b77b59 (go1.22rc1) NOTE: Fixed by: https://github.com/golang/go/commit/93d8777d244962d1b706c0b695c8b72e9702577e (go1.22.3) CVE-2024-4456 (In affected versions of Octopus Server with certain access levels it w ...) NOT-FOR-US: Octopus Server CVE-2024-4393 (The Social Connect plugin for WordPress is vulnerable to authenticatio ...) NOT-FOR-US: WordPress plugin CVE-2024-4162 (A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may ...) NOT-FOR-US: Panasonic CVE-2024-4030 (On Windows a directory returned by tempfile.mkdtemp() would not always ...) - python3.12 (Specific to Windows) - python3.11 (Specific to Windows) - python3.9 (Specific to Windows) - python3.7 (Specific to Windows) - python2.7 (Specific to Windows) NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/ NOTE: https://github.com/python/cpython/issues/118486 CVE-2024-3494 (The Mesmerize Companion plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2024-34346 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) NOT-FOR-US: Deno CVE-2024-32674 (Heateor Social Login WordPress prior to 1.1.32 contains a cross-site s ...) NOT-FOR-US: WordPress plugin CVE-2024-2860 (The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a ...) NOT-FOR-US: Brocade CVE-2024-27273 (IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram ...) NOT-FOR-US: AIX CVE-2024-23713 (In migrateNotificationFilter of NotificationManagerService.java, there ...) NOT-FOR-US: Android CVE-2024-23712 (In multiple functions of AppOpsService.java, there is a possible way t ...) NOT-FOR-US: Android CVE-2024-23710 (In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.j ...) NOT-FOR-US: Android CVE-2024-23709 (In multiple locations, there is a possible out of bounds write due to ...) NOT-FOR-US: Android CVE-2024-23708 (In multiple functions of NotificationManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2024-23707 (In multiple locations, there is a possible permissions bypass due to i ...) NOT-FOR-US: Android CVE-2024-23706 (In multiple locations, there is a possible bypass of health data permi ...) NOT-FOR-US: Android CVE-2024-23705 (In multiple locations, there is a possible failure to persist or enfor ...) NOT-FOR-US: Android CVE-2024-23704 (In onCreate of WifiDialogActivity.java, there is a possible way to byp ...) NOT-FOR-US: Android CVE-2024-23551 (Database scanning using username and password stores the credentials i ...) NOT-FOR-US: HCL CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vulnerabil ...) NOT-FOR-US: VMware CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...) NOT-FOR-US: VMware CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...) NOT-FOR-US: WordPress plugin CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...) NOT-FOR-US: Android CVE-2024-0042 (In TBD of TBD, there is a possible confusion of OEM and DRM certificat ...) NOT-FOR-US: Android CVE-2024-0027 (In multiple functions of SnoozeHelper.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2024-0026 (In multiple functions of SnoozeHelper.java, there is a possible persis ...) NOT-FOR-US: Android CVE-2024-0025 (In sendIntentSender of ActivityManagerService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2024-0024 (In multiple methods of UserManagerService.java, there is a possible fa ...) NOT-FOR-US: Android CVE-2024-0022 (In multiple functions of CompanionDeviceManagerService.java, there is ...) NOT-FOR-US: Android CVE-2023-40694 (IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sen ...) NOT-FOR-US: IBM CVE-2023-40490 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Maxon CVE-2023-37325 (D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability ...) NOT-FOR-US: D-Link CVE-2023-35757 (D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2023-35749 (D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-35748 (D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based B ...) NOT-FOR-US: D-Link CVE-2024-4438 (The etcd package distributed with the Red Hat OpenStack platform has a ...) NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4437 (The etcd package distributed with the Red Hat OpenStack platform has a ...) NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4436 (The etcd package distributed with the Red Hat OpenStack platform has a ...) NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform CVE-2024-4601 (An incorrect authentication vulnerability has been found in Socomec Ne ...) NOT-FOR-US: Socomec Net Vision CVE-2024-4600 (Cross-Site Request Forgery vulnerability in Socomec Net Vision, versio ...) NOT-FOR-US: Socomec Net Vision CVE-2024-4599 (Remote denial of service vulnerability in LAN Messenger affecting vers ...) NOT-FOR-US: LAN Messenger CVE-2024-4596 (A vulnerability was found in Kimai up to 2.15.0 and classified as prob ...) NOT-FOR-US: Kimai CVE-2024-4595 (A vulnerability has been found in SEMCMS up to 4.8 and classified as c ...) NOT-FOR-US: SEMCMS CVE-2024-4594 (A vulnerability, which was classified as problematic, was found in Ded ...) NOT-FOR-US: DedeCMS CVE-2024-4593 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: DedeCMS CVE-2024-4592 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) NOT-FOR-US: DedeCMS CVE-2024-4591 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) NOT-FOR-US: DedeCMS CVE-2024-4590 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) NOT-FOR-US: DedeCMS CVE-2024-4589 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) NOT-FOR-US: DedeCMS CVE-2024-4588 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) NOT-FOR-US: DedeCMS CVE-2024-4587 (A vulnerability was found in DedeCMS 5.7 and classified as problematic ...) NOT-FOR-US: DedeCMS CVE-2024-4586 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) NOT-FOR-US: DedeCMS CVE-2024-4585 (A vulnerability, which was classified as problematic, was found in Ded ...) NOT-FOR-US: DedeCMS CVE-2024-4584 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Faraday CVE-2024-4583 (A vulnerability classified as problematic was found in Faraday GM8181 ...) NOT-FOR-US: Faraday CVE-2024-4582 (A vulnerability classified as critical has been found in Faraday GM818 ...) NOT-FOR-US: Faraday CVE-2024-4538 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) NOT-FOR-US: Janto Ticketing Software CVE-2024-4537 (IDOR vulnerability in Janto Ticketing Software affecting version 4.3r1 ...) NOT-FOR-US: Janto Ticketing Software CVE-2024-4536 (In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the ED ...) NOT-FOR-US: Eclipse Dataspace Components CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) NOT-FOR-US: WordPress plugin CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) NOT-FOR-US: WordPress plugin CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...) NOT-FOR-US: AChecker CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...) NOT-FOR-US: Neo4j Cypher CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...) NOT-FOR-US: react-pdf CVE-2024-34341 (Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, ...) NOT-FOR-US: Trix CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) NOT-FOR-US: CmsEasy CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) NOT-FOR-US: CmsEasy CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...) NOT-FOR-US: Minder by Stacklok CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...) NOT-FOR-US: Logpoint CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...) NOT-FOR-US: Logpoint CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...) NOT-FOR-US: Logpoint CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...) NOT-FOR-US: Logpoint CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...) NOT-FOR-US: Logpoint CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) NOT-FOR-US: MP-SPDZ CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) NOT-FOR-US: MP-SPDZ CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) NOT-FOR-US: MP-SPDZ CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) NOT-FOR-US: MP-SPDZ CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mav ...) NOT-FOR-US: MvnRepository MS Basic CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...) NOT-FOR-US: tiagorlampert CHAOS CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: Roothub CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: Roothub CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload vulner ...) NOT-FOR-US: Roothub CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5 NOTE: https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 (suricata-7.0.5) NOTE: https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 (suricata-7.0.5) NOTE: https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8 (suricata-7.0.5) NOTE: https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b (suricata-6.0.19) NOTE: https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634 (suricata-6.0.19) NOTE: https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9 (suricata-6.0.19) NOTE: https://redmine.openinfosecfoundation.org/issues/6672 NOTE: https://redmine.openinfosecfoundation.org/issues/6673 NOTE: https://redmine.openinfosecfoundation.org/issues/6677 CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7 NOTE: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 (suricata-7.0.5) NOTE: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 (suricata-6.0.19) CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r NOTE: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 (suricata-6.0.19) NOTE: https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 (suricata-6.0.19) NOTE: https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 (suricata-7.0.5) NOTE: https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd (suricata-7.0.5) NOTE: https://redmine.openinfosecfoundation.org/issues/6892 NOTE: https://redmine.openinfosecfoundation.org/issues/6900 CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...) NOT-FOR-US: HSC Cybersecurity HC Mailinspector CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...) NOT-FOR-US: HSC Cybersecurity HC Mailinspector CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2. ...) NOT-FOR-US: HSC Cybersecurity HC Mailinspector CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j NOTE: https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26 CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g NOTE: https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7 CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been identified i ...) NOT-FOR-US: Phish Alert Button for Outlook (PAB) CVE-2024-29209 (A medium severity vulnerability has been identified in the update mech ...) NOT-FOR-US: Phish Alert Button for Outlook (PAB) CVE-2024-29208 (An Unverified Password Change could allow a malicious actor with API a ...) NOT-FOR-US: UniFi CVE-2024-29207 (An Improper Certificate Validation could allow a malicious actor with ...) NOT-FOR-US: UniFi CVE-2024-29206 (An Improper Access Control could allow a malicious actor authenticated ...) NOT-FOR-US: UniFi CVE-2024-29150 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...) NOT-FOR-US: Alcatel-Lucent ALE NOE deskphones CVE-2024-29149 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...) NOT-FOR-US: Alcatel-Lucent ALE NOE deskphones CVE-2024-28148 (An authenticated user could potentially access metadata for a datasour ...) NOT-FOR-US: Apache Superset CVE-2024-25514 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25513 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25512 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25511 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25510 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25509 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25508 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2024-25507 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) NOT-FOR-US: RuvarOA CVE-2023-7240 (An improper authorization level has been detected in the login panel. ...) NOT-FOR-US: NetIQ Identity Console CVE-2023-6810 (The ClickCease Click Fraud Protection plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-46012 (Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a rem ...) NOT-FOR-US: LINKSYS CVE-2023-42757 (Process Explorer before 17.04 allows attackers to make it functionally ...) NOT-FOR-US: Buffer Overflow CVE-2024-4559 (Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367. ...) {DSA-5683-1} - chromium 124.0.6367.155-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4558 (Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allow ...) {DSA-5683-1} - chromium 124.0.6367.155-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-34397 (An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2. ...) {DSA-5682-1 DLA-3814-1} - glib2.0 2.80.0-10 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3268 NOTE: Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3268#fixes NOTE: Requires regression fix for src:gnome-shell: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/50a011a19dcc6997ea6173c07bb80b2d9888d363 CVE-2024-4186 (The Build App Online plugin for WordPress is vulnerable to authenticat ...) NOT-FOR-US: WordPress plugin CVE-2024-3759 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-3758 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-3757 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-3628 (The EasyEvent WordPress plugin through 1.0.0 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2024-34534 (A SQL injection vulnerability in Cybrosys Techno Solutions Text Comman ...) NOT-FOR-US: Cybrosys Techno Solutions Text Commander module CVE-2024-34533 (A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Dat ...) NOT-FOR-US: ZI PT Solusi Usaha Mudah Analytic Data Query module CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe mo ...) NOT-FOR-US: Yvan Dotet PostgreSQL Query Deluxe module CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-2 ...) NOT-FOR-US: V-SOL CVE-2024-2913 (A race condition vulnerability exists in the mintplex-labs/anything-ll ...) NOT-FOR-US: anything-llm CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys in the ...) NOT-FOR-US: anything-llm CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attacker ...) NOT-FOR-US: YzmCMS CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devi ...) NOT-FOR-US: Silicon Labs CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in Talkback ...) NOT-FOR-US: Samsung CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior to vers ...) NOT-FOR-US: Samsung CVE-2024-20870 (Improper verification of intent by broadcast receiver vulnerability in ...) NOT-FOR-US: Samsung CVE-2024-20869 (Improper privilege management vulnerability in Samsung Internet prior ...) NOT-FOR-US: Samsung CVE-2024-20868 (Improper input validation in Samsung Notes prior to version 4.4.15 all ...) NOT-FOR-US: Samsung CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email prior to ...) NOT-FOR-US: Samsung CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to SMR May-20 ...) NOT-FOR-US: Samsung CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024 Release 1 al ...) NOT-FOR-US: Samsung CVE-2024-20864 (Improper access control vulnerability in DarManagerService prior to SM ...) NOT-FOR-US: Samsung CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 ...) NOT-FOR-US: Samsung CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allo ...) NOT-FOR-US: Samsung CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR May-2024 Relea ...) NOT-FOR-US: Samsung CVE-2024-20860 (Improper export of android application components vulnerability in Tel ...) NOT-FOR-US: Samsung CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior to SMR Ma ...) NOT-FOR-US: Samsung CVE-2024-20858 (Improper access control vulnerability in setCocktailHostCallbacks of C ...) NOT-FOR-US: Samsung CVE-2024-20857 (Improper access control vulnerability in startListening of CocktailBar ...) NOT-FOR-US: Samsung CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior to SMR Ma ...) NOT-FOR-US: Samsung CVE-2024-20855 (Improper access control vulnerability in multitasking framework prior ...) NOT-FOR-US: Samsung CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local attackers to ...) NOT-FOR-US: Samsung CVE-2024-1695 (A potential security vulnerability has been identified in the HP Appli ...) NOT-FOR-US: HP CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmwar ...) NOT-FOR-US: ASUS CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...) NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago) CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...) NOT-FOR-US: Delta Electronics CVE-2024-4548 (An SQLi vulnerability exists inDelta Electronics DIAEnergie v1.10.1.86 ...) NOT-FOR-US: Delta Electronics CVE-2024-4547 (A SQLi vulnerability exists inDelta ElectronicsDIAEnergie v1.10.1.8610 ...) NOT-FOR-US: Delta Electronics CVE-2024-4528 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-4527 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4526 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4525 (A vulnerability has been found in Campcodes Complete Web-Based School ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4524 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4523 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4522 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4521 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4519 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4518 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4517 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4516 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4515 (A vulnerability has been found in Campcodes Complete Web-Based School ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4514 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4513 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4512 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-4511 (A vulnerability classified as critical has been found in Shanghai Sunf ...) NOT-FOR-US: Shanghai Sunfull Automation BACnet Server CVE-2024-4510 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4509 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4508 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4507 (A vulnerability was found in Ruijie RG-UAC up to 20240428 and classifi ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4506 (A vulnerability has been found in Ruijie RG-UAC up to 20240428 and cla ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4505 (A vulnerability, which was classified as critical, was found in Ruijie ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4504 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4503 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4502 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-3756 (The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2024-3661 (DHCP can add routes to a client\u2019s routing table via the classless ...) NOT-FOR-US: DHCP protocol issue CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...) NOT-FOR-US: Moxa CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.) NOT-FOR-US: Mateso PasswordSafe CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary Keycloak root password.) NOT-FOR-US: Nebari CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race ...) NOT-FOR-US: WordOps CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print stateme ...) NOT-FOR-US: SolidUI CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext ...) NOT-FOR-US: FileCodeBox CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection mecha ...) NOT-FOR-US: XLANG OpenAgents CVE-2024-34519 (Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles ...) NOT-FOR-US: Avantra Server CVE-2024-34515 (image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the ph ...) NOT-FOR-US: PHP image-optimizer CVE-2024-34472 (An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18 ...) NOT-FOR-US: HSC Mailinspector CVE-2024-34471 (An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversa ...) NOT-FOR-US: HSC Mailinspector CVE-2024-34470 (An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18 ...) NOT-FOR-US: HSC Mailinspector CVE-2024-34466 REJECTED CVE-2024-34412 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-34390 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34389 (Missing Authorization vulnerability in AF themes WP Post Author.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-34388 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34387 (Missing Authorization vulnerability in AF themes WP Post Author.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-34386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-34383 (Authorization Bypass Through User-Controlled Key vulnerability in The ...) NOT-FOR-US: WordPress plugin CVE-2024-34382 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34381 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34380 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34379 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaura ...) NOT-FOR-US: WordPress plugin CVE-2024-34378 (Missing Authorization vulnerability in LeadConnector.This issue affect ...) NOT-FOR-US: WordPress plugin CVE-2024-34377 (Missing Authorization vulnerability in A WP Life Video Gallery \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2024-34376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34375 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34374 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34373 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34372 (Missing Authorization vulnerability in AddonMaster Post Grid Master.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-34371 (Missing Authorization vulnerability in Hamid Alinia \u2013 idehweb Log ...) NOT-FOR-US: WordPress plugin CVE-2024-34369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34368 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-34367 (Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popu ...) NOT-FOR-US: WordPress plugin CVE-2024-34366 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34252 (wasm3 v0.5.0 was discovered to contain a global buffer overflow which ...) NOT-FOR-US: wasm3 CVE-2024-34251 (An out-of-bound memory read vulnerability was discovered in Bytecode A ...) NOT-FOR-US: wasm-micro-runtime CVE-2024-34250 (A heap buffer overflow vulnerability was discovered in Bytecode Allian ...) NOT-FOR-US: wasm-micro-runtime CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a heap buffer overflow which le ...) NOT-FOR-US: wasm3 CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory read whi ...) NOT-FOR-US: wasm3 CVE-2024-34093 (An issue was discovered in Archer Platform 6 before 2024.03. There is ...) NOT-FOR-US: Archer Platform CVE-2024-34092 (An issue was discovered in Archer Platform 6 before 2024.04. Authentic ...) NOT-FOR-US: Archer Platform CVE-2024-34091 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) NOT-FOR-US: Archer Platform CVE-2024-34090 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) NOT-FOR-US: Archer Platform CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04. There is ...) NOT-FOR-US: Archer Platform CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typo ...) - python-html-sanitizer (bug #1070710) NOTE: https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3 NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2) CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...) - python-werkzeug 3.0.3-1 (bug #1070711) [bookworm] - python-werkzeug (Minor issue) [bullseye] - python-werkzeug (Minor issue) [buster] - python-werkzeug (Minor issue) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3) NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3) CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...) - jinja2 (bug #1070712) [bookworm] - jinja2 (Minor issue) [bullseye] - jinja2 (Minor issue) [buster] - jinja2 (Minor issue) NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj NOTE: Fixed by: https://github.com/pallets/jinja/commit/d655030770081e2dfe46f90e27620472a502289d (3.1.4) CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects ...) NOT-FOR-US: WordPress plugin CVE-2024-33910 (Missing Authorization vulnerability in Supsystic Digital Publications ...) NOT-FOR-US: WordPress plugin CVE-2024-33908 (Missing Authorization vulnerability in Themesgrove WidgetKit.This issu ...) NOT-FOR-US: WordPress plugin CVE-2024-33907 (Missing Authorization vulnerability in Michael Nelson Print My Blog.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-33830 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-33829 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-33788 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...) NOT-FOR-US: Linksys CVE-2024-33753 (Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allo ...) NOT-FOR-US: Section Camera CVE-2024-33752 (An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and p ...) NOT-FOR-US: Emlog Pro CVE-2024-33749 (DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_m ...) NOT-FOR-US: DedeCMS CVE-2024-33576 (Missing Authorization vulnerability in Ollybach WPPizza.This issue aff ...) NOT-FOR-US: Ollybach WPPizza CVE-2024-33570 (Missing Authorization vulnerability in Wpmet Metform Elementor Contact ...) NOT-FOR-US: WordPress plugin CVE-2024-33411 (A SQL injection vulnerability in /model/get_admin_profile.php in Campc ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33410 (SQL injection vulnerability in /model/delete_range_grade.php in campco ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33409 (SQL injection vulnerability in index.php in campcodes Complete Web-Bas ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33408 (A SQL injection vulnerability in /model/get_classroom.php in campcodes ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33407 (SQL injection vulnerability in /model/delete_record.php in campcodes C ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33406 (SQL injection vulnerability in /model/delete_student_grade_subject.php ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33405 (SQL injection vulnerability in add_friends.php in campcodes Complete W ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33404 (A SQL injection vulnerability in /model/add_student_first_payment.php ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33403 (A SQL injection vulnerability in /model/get_events.php in campcodes Co ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-33294 (An issue in Library System using PHP/MySQli with Source Code V1.0 allo ...) NOT-FOR-US: Library System using PHP/MySQli with Source Code CVE-2024-33121 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: Roothub CVE-2024-33118 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulne ...) NOT-FOR-US: LuckyFrameWeb CVE-2024-33117 (crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forg ...) NOT-FOR-US: crmeb_java CVE-2024-33113 (D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey ...) NOT-FOR-US: D-LINK CVE-2024-33112 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command ...) NOT-FOR-US: D-LINK CVE-2024-33111 (D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Script ...) NOT-FOR-US: D-LINK CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permissi ...) NOT-FOR-US: D-LINK CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway Interface (ASG ...) NOT-FOR-US: litestar CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-2041 REJECTED CVE-2024-26312 (Archer Platform 6 before 2024.03 contains a sensitive information disc ...) NOT-FOR-US: Archer Platform CVE-2024-23354 (Memory corruption when the IOCTL call is interrupted by a signal.) NOT-FOR-US: Qualcomm CVE-2024-23351 (Memory corruption as GPU registers beyond the last protected range can ...) NOT-FOR-US: Qualcomm CVE-2024-23193 (E-Mails exported as PDF were stored in a cache that did not consider s ...) NOT-FOR-US: Open-Xchange CVE-2024-23188 (Maliciously crafted E-Mail attachment names could be used to temporari ...) NOT-FOR-US: Open-Xchange CVE-2024-23187 (Content-ID based embedding of resources in E-Mails could be abused to ...) NOT-FOR-US: Open-Xchange CVE-2024-23186 (E-Mail containing malicious display-name information could trigger cli ...) NOT-FOR-US: Open-Xchange CVE-2024-21480 (Memory corruption while playing audio file having large-sized input bu ...) NOT-FOR-US: Qualcomm CVE-2024-21477 (Transient DOS while parsing a protected 802.11az Fine Time Measurement ...) NOT-FOR-US: Qualcomm CVE-2024-21476 (Memory corruption when the channel ID passed by user is not validated ...) NOT-FOR-US: Qualcomm CVE-2024-21475 (Memory corruption when the payload received from firmware is not as pe ...) NOT-FOR-US: Qualcomm CVE-2024-21474 (Memory corruption when size of buffer from previous call is used witho ...) NOT-FOR-US: Qualcomm CVE-2024-21471 (Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.) NOT-FOR-US: Qualcomm CVE-2024-20064 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2024-20060 (In da, there is a possible escalation of privilege due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2024-20059 (In da, there is a possible escalation of privilege due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2024-20058 (In keyInstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek CVE-2024-20057 (In keyInstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2024-20056 (In preloader, there is a possible escalation of privilege due to an in ...) NOT-FOR-US: MediaTek CVE-2024-20021 (In atf spm, there is a possible way to remap physical memory to virtua ...) NOT-FOR-US: MediaTek CVE-2024-0904 (The Fancy Product Designer WordPress plugin before 6.1.81 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-6854 (The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-49676 (An unauthenticated local attacker may trick a user to open corrupted p ...) NOT-FOR-US: CODESYS CVE-2023-49675 (An unauthenticated local attacker may trick a user to open corrupted p ...) NOT-FOR-US: CODESYS CVE-2023-43531 (Memory corruption while verifying the serialized header when the key p ...) NOT-FOR-US: Qualcomm CVE-2023-43530 (Memory corruption in HLOS while checking for the storage type.) NOT-FOR-US: Qualcomm CVE-2023-43529 (Transient DOS while processing IKEv2 Informational request messages, w ...) NOT-FOR-US: Qualcomm CVE-2023-43528 (Information disclosure when the ADSP payload size received in HLOS in ...) NOT-FOR-US: Qualcomm CVE-2023-43527 (Information disclosure while parsing dts header atom in Video.) NOT-FOR-US: Qualcomm CVE-2023-43526 (Memory corruption while querying module parameters from Listen Sound m ...) NOT-FOR-US: Qualcomm CVE-2023-43525 (Memory corruption while copying the sound model data from user to kern ...) NOT-FOR-US: Qualcomm CVE-2023-43524 (Memory corruption when the bandpass filter order received from AHAL is ...) NOT-FOR-US: Qualcomm CVE-2023-43521 (Memory corruption when multiple listeners are being registered with th ...) NOT-FOR-US: Qualcomm CVE-2023-33119 (Memory corruption while loading a VM from a signed VM image that is no ...) NOT-FOR-US: Qualcomm CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) NOT-FOR-US: MediaTek CVE-2024-29857 (An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castl ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latest_releases.html CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1599 NOTE: https://www.bouncycastle.org/latest_releases.html NOTE: https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49 (r1rv78v1) CVE-2024-34505 NOT-FOR-US: MediaWiki extension CheckUser CVE-2024-34501 NOT-FOR-US: MediaWiki extension CheckUser CVE-2024-34503 NOT-FOR-US: MediaWiki extension ReportIncident CVE-2024-34504 NOT-FOR-US: MediaWiki extension IPInfo CVE-2024-4501 (A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-34511 REJECTED CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.) NOT-FOR-US: Gradio CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid ...) - dcmtk NOTE: https://support.dcmtk.org/redmine/issues/1114 NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5 CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...) - dcmtk NOTE: https://support.dcmtk.org/redmine/issues/1114 NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5 CVE-2024-34507 (An issue was discovered in includes/CommentFormatter/CommentParser.php ...) - mediawiki 1:1.39.7-1 [bookworm] - mediawiki 1:1.39.7-1~deb12u1 [bullseye] - mediawiki (Vulnerable code not present, introduced in 1.38) [buster] - mediawiki (Vulnerable code not present, introduced in 1.38) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/ NOTE: https://phabricator.wikimedia.org/T355538 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015422 CVE-2024-34506 (An issue was discovered in includes/specials/SpecialMovePage.php in Me ...) {DSA-5651-1 DLA-3796-1} - mediawiki 1:1.39.7-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/ NOTE: https://phabricator.wikimedia.org/T357760 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1015423 CVE-2024-34502 (An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, ...) NOT-FOR-US: MediaWiki extension WikibaseLexeme CVE-2024-34500 (An issue was discovered in the UnlinkedWikibase extension in MediaWiki ...) NOT-FOR-US: MediaWiki extension UnlinkedWikibase CVE-2024-34474 (Clario through 2024-04-11 for Desktop has weak permissions for %PROGRA ...) NOT-FOR-US: Clario CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) NOT-FOR-US: Tenda CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) NOT-FOR-US: Tenda CVE-2024-4495 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...) NOT-FOR-US: Tenda CVE-2024-4494 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...) NOT-FOR-US: Tenda CVE-2024-4493 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-4492 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21 1.0.0.14 ...) NOT-FOR-US: Tenda CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting facilities make u ...) - maxima [bookworm] - maxima (Minor issue) [bullseye] - maxima (Minor issue) [buster] - maxima (Minor issue) NOTE: https://sourceforge.net/p/maxima/bugs/3755/ CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34488 (OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34487 (OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to c ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34486 (OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to caus ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus rules ou ...) NOT-FOR-US: btcd CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) NOT-FOR-US: Open5GS CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...) NOT-FOR-US: Open5GS CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An a ...) NOT-FOR-US: O-RAN Near-RT CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module ...) NOT-FOR-US: Rukovoditel CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.) NOT-FOR-US: Rukovoditel CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...) NOT-FOR-US: ThinkPHP CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.) - sogo NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...) NOT-FOR-US: SimpleNetwork CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...) NOT-FOR-US: WordPress plugin CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to unauthorized mod ...) NOT-FOR-US: WordPress plugin CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snip ...) NOT-FOR-US: Zenario CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is a ...) NOT-FOR-US: Zenario CVE-2024-1050 (The Import and export users and customers plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-4466 (SQL injection vulnerability in Gescen on the centrosdigitales.net plat ...) NOT-FOR-US: Gescen CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync versions prior ...) NOT-FOR-US: SugarSync CVE-2024-4433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-4406 (Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote ...) NOT-FOR-US: Xiaomi CVE-2024-4405 (Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code ...) NOT-FOR-US: Xiaomi CVE-2024-4334 (The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Build ...) NOT-FOR-US: WordPress plugin CVE-2024-4324 (The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-4265 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) NOT-FOR-US: WordPress plugin CVE-2024-4216 (pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API ...) - pgadmin4 (bug #834129) CVE-2024-4215 (pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vul ...) - pgadmin4 (bug #834129) CVE-2024-4203 (The Premium Addons Pro for Elementor plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-4156 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4133 (The ARMember \u2013 Membership Plugin, Content Restriction, Member Lev ...) NOT-FOR-US: WordPress plugin CVE-2024-4128 (This vulnerability was a potential CSRF attack.When running the Fireba ...) NOT-FOR-US: Firebase emulator CVE-2024-4097 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-4092 (The Slider Revolution plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-4086 (The CM Tooltip Glossary \u2013 Powerful Glossary Plugin plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-4085 (The Tabellen von faustball.com plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-4083 (The Easy Restaurant Table Booking plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-4036 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-4034 (The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scri ...) NOT-FOR-US: WordPress theme CVE-2024-4033 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...) NOT-FOR-US: WordPress plugin CVE-2024-4003 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-4000 (The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3991 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2024-3985 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3957 (The Booster for WooCommerce plugin is vulnerable to Unauthenticated Ar ...) NOT-FOR-US: WordPress plugin CVE-2024-3955 (URL GET parameter "logtime" utilized within the "downloadlog" function ...) NOT-FOR-US: CraftBeerPi CVE-2024-3942 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) NOT-FOR-US: WordPress plugin CVE-2024-3936 (The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Add ...) NOT-FOR-US: WordPress plugin CVE-2024-3897 (The Popup Box \u2013 Best WordPress Popup Plugin plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3895 (The WP Datepicker plugin for WordPress is vulnerable to unauthorized m ...) NOT-FOR-US: WordPress plugin CVE-2024-3891 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-3885 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3883 (The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3870 (The Contact Form 7 Database Addon \u2013 CFDB7 plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-3849 (The Click to Chat \u2013 HoliThemes plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3819 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-3747 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress theme CVE-2024-3743 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-3734 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin i ...) NOT-FOR-US: WordPress plugin CVE-2024-3729 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3728 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-3725 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-3724 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-3717 (The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2024-3715 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-3703 (The Carousel Slider WordPress plugin before 2.2.10 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2024-3692 (The Gutenverse WordPress plugin before 1.9.1 does not validate the ht ...) NOT-FOR-US: WordPress plugin CVE-2024-3681 (The Interactive World Maps plugin for WordPress is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2024-3677 (The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-3675 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-3674 (The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3670 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-3650 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3649 (The Contact Form by WPForms \u2013 Drag & Drop Form Builder for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-3647 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3637 (The Responsive Contact Form Builder & Lead Generation Plugin WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3607 (The PropertyHive plugin for WordPress is vulnerable to unauthorized lo ...) NOT-FOR-US: WordPress plugin CVE-2024-3606 (The ProfileGrid \u2013 User Profiles, Memberships, Groups and Communit ...) NOT-FOR-US: WordPress plugin CVE-2024-3601 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3599 (The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3588 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3585 (The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3581 (The MaxGalleria plugin for WordPress is vulnerable to unauthorized ima ...) NOT-FOR-US: WordPress plugin CVE-2024-3554 (The All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Impr ...) NOT-FOR-US: WordPress plugin CVE-2024-3553 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-3550 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3546 (The WordPress Backup & Migration plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3544 (Unauthenticated attackers can perform actions, using SSH private keys, ...) NOT-FOR-US: ECS Connection Manager (ECS CM) CVE-2024-3543 (Use of reversible password encryption algorithm allows attackers to de ...) NOT-FOR-US: ECS Connection Manager (ECS CM) CVE-2024-3520 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3517 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3500 (The ElementsKit Pro plugin for WordPress is vulnerable to Local File I ...) NOT-FOR-US: WordPress plugin CVE-2024-3499 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3489 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3480 (An Implicit intent vulnerability was reported in the Motorola framewor ...) NOT-FOR-US: Motorola CVE-2024-3479 (An improper export vulnerability was reported in the Motorola Enterpri ...) NOT-FOR-US: Motorola CVE-2024-3473 (The Header Footer Code Manager Pro plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3341 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3340 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-3338 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-3337 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-3312 (The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2024-3308 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3307 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3295 (The User Registration \u2013 Custom Registration Form, Login Form, and ...) NOT-FOR-US: WordPress plugin CVE-2024-3287 (The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plug ...) NOT-FOR-US: WordPress plugin CVE-2024-3275 (The eRoom \u2013 Zoom Meetings & Webinars plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-3233 (The Ivory Search \u2013 WordPress Search Plugin plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-3215 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) NOT-FOR-US: WordPress plugin CVE-2024-3206 (The Different Menu in Different Pages \u2013 Control Menu Visibility ( ...) NOT-FOR-US: WordPress plugin CVE-2024-3199 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-3197 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-3161 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-3109 (A hard-coded AES key vulnerability was reported in the Motorola GuideM ...) NOT-FOR-US: Motorola CVE-2024-3108 (An implicit intent vulnerability was reported for Motorola\u2019s Time ...) NOT-FOR-US: Motorola CVE-2024-3107 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-3074 (The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-3071 (The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized m ...) NOT-FOR-US: WordPress plugin CVE-2024-3047 (The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3045 (The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3023 (The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3021 (The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-3005 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-34455 (Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directo ...) NOT-FOR-US: Buildroot CVE-2024-34453 (TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to ...) NOT-FOR-US: TwoNav CVE-2024-34449 (Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the v ...) NOT-FOR-US: Vditor CVE-2024-34447 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://www.bouncycastle.org/latest_releases.html CVE-2024-34446 (Mullvad VPN through 2024.1 on Android does not set a DNS server in the ...) NOT-FOR-US: Mullvad VPN CVE-2024-34408 (Tencent libpag through 4.3.51 has an integer overflow in DecodeStream: ...) NOT-FOR-US: libpag CVE-2024-34404 (A vulnerability was discovered in the Alta Recovery Vault feature of V ...) NOT-FOR-US: Veritas NetBackup CVE-2024-34403 (An issue was discovered in uriparser through 0.9.7. ComposeQueryMalloc ...) - uriparser (bug #1070376) [buster] - uriparser (Minor issue) NOTE: https://github.com/uriparser/uriparser/issues/183 NOTE: https://github.com/uriparser/uriparser/pull/186 CVE-2024-34402 (An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine ...) - uriparser (bug #1070376) [buster] - uriparser (Minor issue) NOTE: https://github.com/uriparser/uriparser/pull/185 NOTE: https://github.com/uriparser/uriparser/issues/183 CVE-2024-34401 (Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ ...) NOT-FOR-US: Savsoft Quiz CVE-2024-34394 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...) NOT-FOR-US: libxmljs2 CVE-2024-34393 (libxmljs2 is vulnerable to a type confusion vulnerability when parsing ...) NOT-FOR-US: libxmljs2 CVE-2024-34392 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...) NOT-FOR-US: libxmljs2 CVE-2024-34391 (libxmljs is vulnerable to a type confusion vulnerability when parsing ...) NOT-FOR-US: libxmljs2 CVE-2024-34075 (kurwov is a fast, dependency-free library for creating Markov Chains. ...) NOT-FOR-US: kurwov CVE-2024-34073 (sagemaker-python-sdk is a library for training and deploying machine l ...) NOT-FOR-US: sagemaker-python-sdk CVE-2024-34072 (sagemaker-python-sdk is a library for training and deploying machine l ...) NOT-FOR-US: sagemaker-python-sdk CVE-2024-34068 (Pterodactyl wings is the server control plane for Pterodactyl Panel. A ...) NOT-FOR-US: Pterodactyl wings CVE-2024-34067 (Pterodactyl is a free, open-source game server management panel built ...) NOT-FOR-US: Pterodactyl CVE-2024-34066 (Pterodactyl wings is the server control plane for Pterodactyl Panel. I ...) NOT-FOR-US: Pterodactyl wings CVE-2024-34063 (vodozemac is an implementation of Olm and Megolm in pure Rust. Version ...) NOT-FOR-US: vodozemac CVE-2024-34062 (tqdm is an open source progress bar for Python and CLI. Any optional n ...) - tqdm 4.66.4-1 (bug #1070372) [bookworm] - tqdm (Minor issue) [bullseye] - tqdm (Minor issue) [buster] - tqdm (Minor issue) NOTE: https://github.com/tqdm/tqdm/security/advisories/GHSA-g7vv-2v7x-gj9p NOTE: Fixed by: https://github.com/tqdm/tqdm/commit/b53348c73080b4edeb30b4823d1fa0d8d2c06721 (v4.66.3) CVE-2024-34061 (changedetection.io is a free open source web page change detection, we ...) NOT-FOR-US: changedetection.io CVE-2024-34033 (Delta Electronics DIAEnergie has insufficient input validation which m ...) NOT-FOR-US: Delta Electronics CVE-2024-34032 (Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnera ...) NOT-FOR-US: Delta Electronics CVE-2024-34031 (Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnera ...) NOT-FOR-US: Delta Electronics CVE-2024-33956 (Missing Authorization vulnerability in ThemeLocation Custom WooCommerc ...) NOT-FOR-US: WordPress plugin CVE-2024-33955 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33954 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33953 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33950 (Administrator Cross Site Scripting (XSS) in Archives Calendar Widget < ...) NOT-FOR-US: WordPress plugin CVE-2024-33949 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33948 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33947 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33946 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33945 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33944 (Missing Authorization vulnerability in Kestrel WooCommerce AWeber News ...) NOT-FOR-US: WordPress plugin CVE-2024-33943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33942 (Missing Authorization vulnerability in Eric Alli Google Typography.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-33941 (Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-33940 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33938 (Missing Authorization vulnerability in codename065 Sliding Widgets all ...) NOT-FOR-US: WordPress plugin CVE-2024-33937 (Missing Authorization vulnerability in Nico Martin Progressive WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-33936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33931 (Missing Authorization vulnerability in ilGhera JW Player for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-33930 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in I ...) NOT-FOR-US: WordPress plugin CVE-2024-33929 (Missing Authorization vulnerability in wpWax Directorist.This issue af ...) NOT-FOR-US: WordPress plugin CVE-2024-33928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33925 (Missing Authorization vulnerability in Adrian M\xf6rchen Embed Google ...) NOT-FOR-US: WordPress plugin CVE-2024-33924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33923 (Missing Authorization vulnerability in Smartypants SP Project & Docume ...) NOT-FOR-US: WordPress plugin CVE-2024-33922 (Insertion of Sensitive Information into Log File vulnerability in Jord ...) NOT-FOR-US: WordPress plugin CVE-2024-33921 (Broken Access Control vulnerability in ReviewX.This issue affects Revi ...) NOT-FOR-US: WordPress plugin CVE-2024-33920 (Missing Authorization vulnerability in Kama Democracy Poll.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-33919 (Missing Authorization vulnerability in Rometheme RomethemeKit For Elem ...) NOT-FOR-US: WordPress plugin CVE-2024-33918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33915 (Missing Authorization vulnerability in Bowo Debug Log Manager.This iss ...) NOT-FOR-US: WordPress plugin CVE-2024-33914 (Missing Authorization vulnerability in Exclusive Addons Exclusive Addo ...) NOT-FOR-US: WordPress plugin CVE-2024-33913 (Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary F ...) NOT-FOR-US: WordPress plugin CVE-2024-33911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-33844 (The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the M ...) NOT-FOR-US: Parrot ANAFI USA firmware CVE-2024-33793 (netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS ...) NOT-FOR-US: netis-systems MEX605 CVE-2024-33792 (netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS ...) NOT-FOR-US: netis-systems MEX605 CVE-2024-33791 (A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2. ...) NOT-FOR-US: netis-systems MEX605 CVE-2024-33789 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection ...) NOT-FOR-US: Linksys CVE-2024-33787 (Hengan Weighing Management Information Query Platform 2019-2021 53.25 ...) NOT-FOR-US: Hengan Weighing Management Information Query Platform CVE-2024-33786 (An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing M ...) NOT-FOR-US: Zhongcheng Kexin Ticketing Management Platform CVE-2024-33530 (In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi me ...) - jitsi-meet (bug #760485) CVE-2024-33398 (There is a ClusterRole in piraeus-operator v2.5.0 and earlier which ha ...) NOT-FOR-US: piraeus-operator CVE-2024-33396 (An issue in karmada-io karmada v1.9.0 and before allows a local attack ...) NOT-FOR-US: karmada CVE-2024-33394 (An issue in kubevirt kubevirt v1.2.0 and before allows a local attacke ...) NOT-FOR-US: KubeVirt CVE-2024-33305 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33303 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: SourceCodester Product Show Room CVE-2024-33302 (SourceCodester Product Show Room 1.0 and before is vulnerable to Cross ...) NOT-FOR-US: SourceCodester Product Show Room CVE-2024-32986 (PWAsForFirefox is a tool to install, manage and use Progressive Web Ap ...) NOT-FOR-US: PWAsForFirefox CVE-2024-32831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32810 (Missing Authorization vulnerability in ShortPixel ShortPixel Critical ...) NOT-FOR-US: WordPress plugin CVE-2024-32638 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) NOT-FOR-US: Apache APISIX CVE-2024-32359 (An RBAC authorization risk in Carina v0.13.0 and earlier allows local ...) NOT-FOR-US: Carina CVE-2024-32114 (In Apache ActiveMQ 6.x, the default configuration doesn't secure the A ...) - activemq (Vulnerable code introduced later) NOTE: https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt CVE-2024-31967 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones throug ...) NOT-FOR-US: Mitel CVE-2024-31966 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones throug ...) NOT-FOR-US: Mitel CVE-2024-31965 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones throug ...) NOT-FOR-US: Mitel CVE-2024-31964 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones throug ...) NOT-FOR-US: Mitel CVE-2024-31963 (A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones throug ...) NOT-FOR-US: Mitel CVE-2024-31673 (Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via t ...) NOT-FOR-US: Kliqqi-CMS CVE-2024-31636 (An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive ...) - lief [bookworm] - lief (Minor issue) [bullseye] - lief (Minor issue) [buster] - lief (Minor issue) NOTE: https://github.com/lief-project/LIEF/issues/1038 NOTE: https://github.com/lief-project/LIEF/commit/307e113f8e00b034f0a5f1baa33e54d636c52ea3 CVE-2024-30851 (Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v. ...) NOT-FOR-US: codesiddhant Jasmin Ransomware CVE-2024-30306 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-30305 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-30304 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-30303 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-30302 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-30301 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-2967 (The Guest posting / Frontend Posting wordpress plugin \u2013 WP Front ...) NOT-FOR-US: WordPress plugin CVE-2024-2960 (The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-2959 (The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-2958 (The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2876 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) NOT-FOR-US: WordPress plugin CVE-2024-2867 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-2840 (The Enhanced Media Library plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-2831 (The Calendar plugin for WordPress is vulnerable to SQL Injection via t ...) NOT-FOR-US: WordPress plugin CVE-2024-2797 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-2790 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2765 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) NOT-FOR-US: WordPress plugin CVE-2024-2752 (The Where Did You Hear About Us Checkout Field for WooCommerce plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-2751 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2750 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2667 (The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-2661 (The Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2024-2542 (The Jotform Online Forms \u2013 Drag & Drop Form Builder, Securely Emb ...) NOT-FOR-US: WordPress plugin CVE-2024-2503 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2417 (The User Registration \u2013 Custom Registration Form, Login Form, and ...) NOT-FOR-US: WordPress plugin CVE-2024-2410 (The JsonToBinaryStream()function is part of the protocol buffers C++ i ...) - protobuf (No vulnerable release was uploaded to archive) NOTE: https://github.com/protocolbuffers/protobuf/releases/tag/v25.0 NOTE: Fixed by: https://github.com/protocolbuffers/protobuf/commit/b955165ebdcc5a8ba9c267230d6305f4e3d9c118 CVE-2024-2401 (The Admin Page Spider plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2349 (The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-2346 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...) NOT-FOR-US: WordPress plugin CVE-2024-2345 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...) NOT-FOR-US: WordPress plugin CVE-2024-2328 (The Real Media Library: Media Library Folder & File Manager plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2324 (The FileOrganizer \u2013 Manage WordPress and Website Files plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2273 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2024-2109 (The Booster Extension plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: WordPress plugin CVE-2024-2085 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2084 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2082 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...) NOT-FOR-US: WordPress plugin CVE-2024-2043 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...) NOT-FOR-US: WordPress plugin CVE-2024-29417 (Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1 ...) NOT-FOR-US: Horacius CVE-2024-29309 (An issue in Alfresco Content Services v.23.3.0.7 allows a remote attac ...) NOT-FOR-US: Alfresco CVE-2024-28519 (A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld ...) NOT-FOR-US: MicroWorld Technologies Inc eScan Antivirus CVE-2024-28072 (A highly privileged account can overwrite arbitrary files on the syste ...) NOT-FOR-US: SolarWinds CVE-2024-27453 (In Extreme XOS through 22.6.1.4, a read-only user can escalate privile ...) NOT-FOR-US: Extreme XOS CVE-2024-25290 (An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to ...) NOT-FOR-US: Casa Systems NL1901ACV R6B032 CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 i ...) NOT-FOR-US: IBM CVE-2024-24710 (Missing Authorization vulnerability in SlickRemix Feed Them Social.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-23914 (Use of Externally-Controlled Format String vulnerability in Merge DICO ...) NOT-FOR-US: Merge DICOM Toolkit CVE-2024-23913 (Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolki ...) NOT-FOR-US: Merge DICOM Toolkit CVE-2024-23912 (Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windo ...) NOT-FOR-US: Merge DICOM Toolkit CVE-2024-23462 (An Improper Validation of Integrity Check Value vulnerability in Zscal ...) NOT-FOR-US: Zscaler CVE-2024-23461 (An Improper Validation of Integrity Check Value vulnerability in Zscal ...) NOT-FOR-US: Zscaler CVE-2024-23459 (An Improper Link Resolution Before File Access ('Link Following') vuln ...) NOT-FOR-US: Zscaler CVE-2024-1993 (The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-1959 (The Social Sharing Plugin \u2013 Social Warfare plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-1945 (The Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARF ...) NOT-FOR-US: WordPress plugin CVE-2024-1897 (The Grid Gallery \u2013 Photo Image Grid Gallery plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1896 (The Photo Gallery \u2013 Responsive Photo Gallery, Image Gallery, Port ...) NOT-FOR-US: WordPress plugin CVE-2024-1842 (The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-1841 (The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-1840 (The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-1809 (The Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 ana ...) NOT-FOR-US: WordPress plugin CVE-2024-1805 (The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-1797 (The WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-1759 (The WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-1716 (The Admin Bar Remover plugin for WordPress is vulnerable to unauthoriz ...) NOT-FOR-US: WordPress plugin CVE-2024-1688 (The Woo Total Sales plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1679 (The Print Labels with Barcodes. Create price tags, product labels, ord ...) NOT-FOR-US: WordPress plugin CVE-2024-1678 (The Subway \u2013 Private Site Option plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-1677 (The Print Labels with Barcodes. Create price tags, product labels, ord ...) NOT-FOR-US: WordPress plugin CVE-2024-1584 (The Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 ana ...) NOT-FOR-US: WordPress plugin CVE-2024-1572 (The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-1567 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1533 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1416 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2024-1415 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2024-1396 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1395 (Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture K ...) NOT-FOR-US: Arm CVE-2024-1386 (The MailerLite \u2013 Signup forms (official) plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1348 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1173 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-1067 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2024-0908 (The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts o ...) NOT-FOR-US: WordPress plugin CVE-2024-0848 (The AA Cash Calculator plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2024-0847 (The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-0710 (The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modif ...) NOT-FOR-US: WordPress plugin CVE-2024-0629 (The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-0615 (The Content Control \u2013 The Ultimate Content Restriction Plugin! Re ...) NOT-FOR-US: WordPress plugin CVE-2024-0613 (The Delete Custom Fields plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-7067 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2023-7064 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-7030 (The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-6962 (The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Inform ...) NOT-FOR-US: WordPress plugin CVE-2023-6961 (The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-6731 (The WP Show Posts plugin for WordPress is vulnerable to unauthorized a ...) NOT-FOR-US: WordPress plugin CVE-2023-6363 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-6214 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-51633 (Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerabil ...) - centreon-web (bug #913903) CVE-2023-51629 (D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerab ...) NOT-FOR-US: D-Link CVE-2023-51628 (D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remo ...) NOT-FOR-US: D-Link CVE-2023-51627 (D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote ...) NOT-FOR-US: D-Link CVE-2023-51626 (D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Ba ...) NOT-FOR-US: D-Link CVE-2023-51625 (D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remot ...) NOT-FOR-US: D-Link CVE-2023-51624 (D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based ...) NOT-FOR-US: D-Link CVE-2023-51623 (D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-51622 (D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer O ...) NOT-FOR-US: D-Link CVE-2023-51621 (D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflo ...) NOT-FOR-US: D-Link CVE-2023-51620 (D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Over ...) NOT-FOR-US: D-Link CVE-2023-51619 (D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-51618 (D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Over ...) NOT-FOR-US: D-Link CVE-2023-51617 (D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-51616 (D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-51615 (D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer O ...) NOT-FOR-US: D-Link CVE-2023-51614 (D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buf ...) NOT-FOR-US: D-Link CVE-2023-51613 (D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-51612 (Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51611 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51610 (Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51609 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51608 (Kofax Power PDF J2K File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51607 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51606 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execut ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51605 (Honeywell Saia PG5 Controls Suite XML External Entity Processing Infor ...) NOT-FOR-US: Honeywell CVE-2023-51604 (Honeywell Saia PG5 Controls Suite XML External Entity Processing Infor ...) NOT-FOR-US: Honeywell CVE-2023-51603 (Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal ...) NOT-FOR-US: Honeywell CVE-2023-51602 (Honeywell Saia PG5 Controls Suite XML External Entity Processing Infor ...) NOT-FOR-US: Honeywell CVE-2023-51601 (Honeywell Saia PG5 Controls Suite XML External Entity Processing Infor ...) NOT-FOR-US: Honeywell CVE-2023-51600 (Honeywell Saia PG5 Controls Suite XML External Entity Processing Infor ...) NOT-FOR-US: Honeywell CVE-2023-51599 (Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Exec ...) NOT-FOR-US: Honeywell CVE-2023-51598 (Hancom Office Word DOC File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: Hancom Office Word CVE-2023-51597 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1902/ CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1901/ CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection Remote Cod ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1905/ CVE-2023-51591 (Voltronic Power ViewPower Pro doDocument XML External Entity Processin ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51590 (Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Re ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1904/ CVE-2023-51588 (Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Loca ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51587 (Voltronic Power ViewPower getModbusPassword Missing Authentication Inf ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51586 (Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote C ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51585 (Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote ...) NOT-FOR-US: Voltronic Power ViewPower USBCommEx CVE-2023-51584 (Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method ...) NOT-FOR-US: Voltronic Power ViewPower USBCommEx CVE-2023-51583 (Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51582 (Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51581 (Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method R ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1903/ CVE-2023-51579 (Voltronic Power ViewPower Incorrect Permission Assignment Local Privil ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51578 (Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Deni ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51577 (Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local P ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51576 (Voltronic Power ViewPower Deserialization of Untrusted Data Remote Cod ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51575 (Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remo ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51574 (Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Meth ...) NOT-FOR-US: Voltronic Power ViewPower CVE-2023-51569 (Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51568 (Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosur ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51567 (Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51566 (Kofax Power PDF OXPS File Parsing Stack-based Buffer Overflow Remote C ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51565 (Kofax Power PDF XPS File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51564 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51563 (Kofax Power PDF XPS File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Kofax Power PDF CVE-2023-51562 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51561 (Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51560 (Foxit PDF Reader Annotation Type Confusion Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51559 (Foxit PDF Reader Doc Out-Of-Bounds Read Remote Code Execution Vulnerab ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51558 (Foxit PDF Reader AcroForm Doc Out-Of-Bounds Read Information Disclosur ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51557 (Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vul ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51556 (Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vul ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51555 (Foxit PDF Reader Doc Out-Of-Bounds Read Information Disclosure Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51554 (Foxit PDF Reader Signature Use-After-Free Information Disclosure Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51553 (Foxit PDF Reader Bookmark Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51552 (Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Executi ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51551 (Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Executi ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51550 (Foxit PDF Reader combobox Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-51549 (Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execut ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-50685 (An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker t ...) NOT-FOR-US: Hipcam Cameras RealServer CVE-2023-50235 (Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote ...) NOT-FOR-US: Hancom Office CVE-2023-50234 (Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote ...) NOT-FOR-US: Hancom Office CVE-2023-50233 (Inductive Automation Ignition getJavaExecutable Directory Traversal Re ...) NOT-FOR-US: Inductive Automation CVE-2023-50232 (Inductive Automation Ignition getParams Argument Injection Remote Code ...) NOT-FOR-US: Inductive Automation CVE-2023-50231 (NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scr ...) NOT-FOR-US: Netgear CVE-2023-50230 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) - bluez 5.70-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1812/ NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 (5.70) CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) - bluez 5.70-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1811/ NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 (5.70) CVE-2023-50228 (Parallels Desktop Updater Improper Verification of Cryptographic Signa ...) NOT-FOR-US: Parallels Desktop CVE-2023-50227 (Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution ...) NOT-FOR-US: Parallels Desktop CVE-2023-50226 (Parallels Desktop Updater Link Following Local Privilege Escalation Vu ...) NOT-FOR-US: Parallels Desktop CVE-2023-50225 (TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote ...) NOT-FOR-US: TP-Link CVE-2023-50224 (TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disc ...) NOT-FOR-US: TP-Link CVE-2023-50223 (Inductive Automation Ignition ExtendedDocumentCodec Deserialization of ...) NOT-FOR-US: Inductive Automation CVE-2023-50222 (Inductive Automation Ignition ResponseParser Notification Deserializat ...) NOT-FOR-US: Inductive Automation CVE-2023-50221 (Inductive Automation Ignition ResponseParser SerializedResponse Deseri ...) NOT-FOR-US: Inductive Automation CVE-2023-50220 (Inductive Automation Ignition Base64Element Deserialization of Untrust ...) NOT-FOR-US: Inductive Automation CVE-2023-50219 (Inductive Automation Ignition RunQuery Deserialization of Untrusted Da ...) NOT-FOR-US: Inductive Automation CVE-2023-50218 (Inductive Automation Ignition ModuleInvoke Deserialization of Untruste ...) NOT-FOR-US: Inductive Automation CVE-2023-50217 (D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnera ...) NOT-FOR-US: D-Link CVE-2023-50216 (D-Link G416 awsfile tar File Handling Command Injection Remote Code Ex ...) NOT-FOR-US: D-Link CVE-2023-50215 (D-Link G416 nodered gz File Handling Command Injection Remote Code Exe ...) NOT-FOR-US: D-Link CVE-2023-50214 (D-Link G416 nodered tar File Handling Command Injection Remote Code Ex ...) NOT-FOR-US: D-Link CVE-2023-50213 (D-Link G416 nodered File Handling Command Injection Remote Code Execut ...) NOT-FOR-US: D-Link CVE-2023-50212 (D-Link G416 httpd Improper Handling of Exceptional Conditions Informat ...) NOT-FOR-US: D-Link CVE-2023-50211 (D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-50210 (D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2023-50209 (D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution ...) NOT-FOR-US: D-Link CVE-2023-50208 (D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution ...) NOT-FOR-US: D-Link CVE-2023-50207 (D-Link G416 flupl filename Command Injection Remote Code Execution Vul ...) NOT-FOR-US: D-Link CVE-2023-50206 (D-Link G416 flupl query_type edit Command Injection Remote Code Execut ...) NOT-FOR-US: D-Link CVE-2023-50205 (D-Link G416 awsfile chmod Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-50204 (D-Link G416 flupl pythonapp Command Injection Remote Code Execution Vu ...) NOT-FOR-US: D-Link CVE-2023-50203 (D-Link G416 nodered chmod Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-50202 (D-Link G416 flupl pythonmodules Command Injection Remote Code Executio ...) NOT-FOR-US: D-Link CVE-2023-50201 (D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-50200 (D-Link G416 cfgsave backusb Command Injection Remote Code Execution Vu ...) NOT-FOR-US: D-Link CVE-2023-50199 (D-Link G416 httpd Missing Authentication for Critical Function Remote ...) NOT-FOR-US: D-Link CVE-2023-50198 (D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerabil ...) NOT-FOR-US: D-Link CVE-2023-50197 (Intel Driver & Support Assistant Link Following Local Privilege Escala ...) NOT-FOR-US: Intel CVE-2023-50196 (Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Ex ...) NOT-FOR-US: Trimble CVE-2023-50195 (Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Cod ...) NOT-FOR-US: Trimble CVE-2023-50194 (Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Cod ...) NOT-FOR-US: Trimble CVE-2023-50193 (Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Ex ...) NOT-FOR-US: Trimble CVE-2023-50192 (Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Ex ...) NOT-FOR-US: Trimble CVE-2023-50191 (Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Ex ...) NOT-FOR-US: Trimble CVE-2023-50190 (Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Write Remote Co ...) NOT-FOR-US: Trimble CVE-2023-50189 (Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Ex ...) NOT-FOR-US: Trimble CVE-2023-50188 (Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote ...) NOT-FOR-US: Trimble CVE-2023-50187 (Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code ...) NOT-FOR-US: Trimble CVE-2023-47727 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...) NOT-FOR-US: IBM CVE-2023-47220 (An OS command injection vulnerability has been reported to affect Medi ...) NOT-FOR-US: QNAP CVE-2023-44472 (Missing Authorization vulnerability in ThemeFuse Unyson.This issue aff ...) NOT-FOR-US: WordPress plugin CVE-2023-44452 (Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Exe ...) NOT-FOR-US: Linux Mint Xreader CVE-2023-44451 (Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code E ...) NOT-FOR-US: Linux Mint Xreader CVE-2023-44450 (NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch ...) NOT-FOR-US: Netgear CVE-2023-44449 (NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injectio ...) NOT-FOR-US: Netgear CVE-2023-44448 (TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overfl ...) NOT-FOR-US: TP-Link CVE-2023-44447 (TP-Link TL-WR902AC loginFs Improper Authentication Information Disclos ...) NOT-FOR-US: TP-Link CVE-2023-44445 (NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vu ...) NOT-FOR-US: Netgear CVE-2023-44440 (Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Exe ...) NOT-FOR-US: Ashlar-Vellum Lithium CVE-2023-44439 (Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execu ...) NOT-FOR-US: Ashlar-Vellum Lithium CVE-2023-44438 (Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execu ...) NOT-FOR-US: Ashlar-Vellum Lithium CVE-2023-44437 (Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Exec ...) NOT-FOR-US: Ashlar-Vellum Lithium CVE-2023-44436 (Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vuln ...) NOT-FOR-US: Kofax Power PDF CVE-2023-44435 (Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vuln ...) NOT-FOR-US: Kofax Power PDF CVE-2023-44434 (Kofax Power PDF File Parsing Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Kofax Power PDF CVE-2023-44433 (Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: Kofax Power PDF CVE-2023-44432 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Exec ...) - bluez NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1900/ CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...) NOT-FOR-US: Bentley CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...) - musescore2 - musescore3 (bug #1070860) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1526/ CVE-2023-44427 (D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injecti ...) NOT-FOR-US: D-Link CVE-2023-44426 (D-Link DIR-X3260 SetSysEmailSettings AccountPassword Command Injection ...) NOT-FOR-US: D-Link CVE-2023-44425 (D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Rem ...) NOT-FOR-US: D-Link CVE-2023-44424 (D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote ...) NOT-FOR-US: D-Link CVE-2023-44423 (D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Re ...) NOT-FOR-US: D-Link CVE-2023-44422 (D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remot ...) NOT-FOR-US: D-Link CVE-2023-44421 (D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Re ...) NOT-FOR-US: D-Link CVE-2023-44420 (D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication A ...) NOT-FOR-US: D-Link CVE-2023-44419 (D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Exec ...) NOT-FOR-US: D-Link CVE-2023-44418 (D-Link DIR-X3260 Prog.cgi Heap-based Buffer Overflow Remote Code Execu ...) NOT-FOR-US: D-Link CVE-2023-44417 (D-Link DAP-2622 DDP Set IPv4 Address Auth Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-44416 (D-Link DAP-2622 Telnet CLI Command Injection Remote Code Execution Vul ...) NOT-FOR-US: D-Link CVE-2023-44415 (D-Link Multiple Routers cli Command Injection Remote Code Execution Vu ...) NOT-FOR-US: D-Link CVE-2023-44414 (D-Link D-View coreservice_action_script Exposed Dangerous Function Rem ...) NOT-FOR-US: D-Link CVE-2023-44413 (D-Link D-View shutdown_coreserver Missing Authentication Denial-of-Ser ...) NOT-FOR-US: D-Link CVE-2023-44412 (D-Link D-View addDv7Probe XML External Entity Processing Information D ...) NOT-FOR-US: D-Link CVE-2023-44411 (D-Link D-View InstallApplication Use of Hard-coded Credentials Authent ...) NOT-FOR-US: D-Link CVE-2023-44410 (D-Link D-View showUsers Improper Authorization Privilege Escalation Vu ...) NOT-FOR-US: D-Link CVE-2023-44409 (D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2023-44408 (D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-44407 (D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-44406 (D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflo ...) NOT-FOR-US: D-Link CVE-2023-44405 (D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: D-Link CVE-2023-44404 (D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote ...) NOT-FOR-US: D-Link CVE-2023-44403 (D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Re ...) NOT-FOR-US: D-Link CVE-2023-42131 (Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Exec ...) NOT-FOR-US: Ansys CVE-2023-42130 (A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read ...) NOT-FOR-US: A10 Thunder ADC FileMgmtExport CVE-2023-42129 (A10 Thunder ADC ShowTechDownloadView Directory Traversal Information D ...) NOT-FOR-US: A10 Thunder ADC CVE-2023-42128 (Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnera ...) NOT-FOR-US: Magnet Forensics AXIOM CVE-2023-42127 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42126 (G DATA Total Security GDBackupSvc Service Link Following Local Privile ...) NOT-FOR-US: G DATA Total Security GDBackupSvc Service CVE-2023-42125 (Avast Premium Security Sandbox Protection Link Following Privilege Esc ...) NOT-FOR-US: Avast Premium Security Sandbox Protection CVE-2023-42124 (Avast Premium Security Sandbox Protection Incorrect Authorization Priv ...) NOT-FOR-US: Avast Premium Security Sandbox Protection CVE-2023-42123 (Control Web Panel mysql_manager Command Injection Remote Code Executio ...) NOT-FOR-US: Control Web Panel CVE-2023-42122 (Control Web Panel wloggui Command Injection Local Privilege Escalation ...) NOT-FOR-US: Control Web Panel CVE-2023-42121 (Control Web Panel Missing Authentication Remote Code Execution Vulnera ...) NOT-FOR-US: Control Web Panel CVE-2023-42120 (Control Web Panel dns_zone_editor Command Injection Remote Code Execut ...) NOT-FOR-US: Control Web Panel CVE-2023-42113 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor EMF CVE-2023-42112 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor EMF CVE-2023-42111 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42110 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42109 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42108 (PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42107 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42106 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42105 (Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execut ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-42104 (Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execut ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-42103 (Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execut ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-42102 (Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execut ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-42101 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Ex ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-42100 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42099 (Intel Driver & Support Assistant Link Following Local Privilege Escala ...) NOT-FOR-US: Intel CVE-2023-42098 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42097 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42096 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42095 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42094 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42093 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42092 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42091 (Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution V ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42090 (Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclos ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42089 (Foxit PDF Reader templates Use-After-Free Information Disclosure Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-42088 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42087 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42086 (PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42085 (PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42084 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42083 (PDF-XChange Editor JPG File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42082 (PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42081 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42080 (PDF-XChange Editor EMF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42079 (PDF-XChange Editor J2K File Parsing Uninitialized Variable Information ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42078 (PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Exec ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42077 (PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42076 (PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42075 (PDF-XChange Editor JPG File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42074 (PDF-XChange Editor addScript Type Confusion Remote Code Execution Vuln ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42073 (PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosur ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42072 (PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42071 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42070 (PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosur ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42069 (PDF-XChange Editor PDF File Parsing Stack-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42068 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42067 (PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42066 (PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42065 (PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42064 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42063 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42062 (PDF-XChange Editor U3D File Parsing Uninitialized Variable Remote Code ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42061 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42060 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42059 (PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42058 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42057 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42056 (PDF-XChange Editor U3D File Parsing Uninitialized Variable Information ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42055 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42054 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42053 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42052 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42051 (PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42050 (PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclos ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42049 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42048 (PDF-XChange Editor J2K File Parsing Uninitialized Variable Information ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42047 (PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Exec ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42046 (PDF-XChange Editor J2K File Parsing Uninitialized Variable Information ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42045 (PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42044 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42043 (PDF-XChange Editor PDF File Parsing Memory Corruption Remote Code Exec ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42042 (PDF-XChange Editor App Object Out-Of-Bounds Read Remote Code Execution ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42041 (PDF-XChange Editor Annotation Use-After-Free Remote Code Execution Vul ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42040 (PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerabilit ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-42039 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42038 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42037 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42036 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-42035 (Visualware MyConnection Server doIForward XML External Entity Processi ...) NOT-FOR-US: Visualware MyConnection Server doIForward CVE-2023-42034 (Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scriptin ...) NOT-FOR-US: Visualware MyConnection Server doRTAAccessCTConfig CVE-2023-42033 (Visualware MyConnection Server doPostUploadfiles Directory Traversal R ...) NOT-FOR-US: Visualware MyConnection Server doPostUploadfiles CVE-2023-42032 (Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Meth ...) NOT-FOR-US: Visualware MyConnection Server doRTAAccessUPass CVE-2023-41971 (An Improper Link Resolution Before File Access ('Link Following') vuln ...) NOT-FOR-US: Zscaler CVE-2023-41970 (An Improper Validation of Integrity Check Value vulnerability in Zscal ...) NOT-FOR-US: Zscaler CVE-2023-41830 (An improper absolute path traversal vulnerability was reported for the ...) NOT-FOR-US: Motorola CVE-2023-41828 (An implicit intent export vulnerability was reported in the Motorola P ...) NOT-FOR-US: Motorola CVE-2023-41826 (A PendingIntent hijacking vulnerability in Motorola Device Help (Genie ...) NOT-FOR-US: Motorola CVE-2023-41825 (A path traversal vulnerability was reported in the Motorola Ready For ...) NOT-FOR-US: Motorola CVE-2023-41824 (An implicit intent vulnerability was reported in the Motorola Phone Ca ...) NOT-FOR-US: Motorola CVE-2023-41823 (An improper export vulnerability was reported in the Motorola Phone Ex ...) NOT-FOR-US: Motorola CVE-2023-41822 (An improper export vulnerability was reported in the Motorola Interfac ...) NOT-FOR-US: Motorola CVE-2023-41821 (A an improper export vulnerability was reported in the Motorola Setup ...) NOT-FOR-US: Motorola CVE-2023-41820 (An implicit intent vulnerability was reported in the Motorola Ready Fo ...) NOT-FOR-US: Motorola CVE-2023-41819 (A PendingIntent hijacking vulnerability was reported in the Motorola F ...) NOT-FOR-US: Motorola CVE-2023-41818 (An improper use of the SD card for sensitive data vulnerability was re ...) NOT-FOR-US: Motorola CVE-2023-41817 (An improper export vulnerability was reported in the Motorola Phone Ca ...) NOT-FOR-US: Motorola CVE-2023-41816 (An improper export vulnerability was reported in the Motorola Services ...) NOT-FOR-US: Motorola CVE-2023-41230 (D-Link DIR-3040 HTTP Request Processing Referer Stack-Based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-41229 (D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Over ...) NOT-FOR-US: D-Link CVE-2023-41228 (D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2023-41227 (D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-41226 (D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-41225 (D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-41224 (D-Link DIR-3040 prog.cgi SetDeviceSettings Stack-Based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2023-41223 (D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-41222 (D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-41221 (D-Link DIR-3040 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-41220 (D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2023-41219 (D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-41218 (D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-41217 (D-Link DIR-3040 prog.cgi SetQuickVPNSettings Password Stack-Based Buff ...) NOT-FOR-US: D-Link CVE-2023-41216 (D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Over ...) NOT-FOR-US: D-Link CVE-2023-41215 (D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote C ...) NOT-FOR-US: D-Link CVE-2023-41214 (D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-41213 (D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-41212 (D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-41211 (D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-bas ...) NOT-FOR-US: D-Link CVE-2023-41210 (D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffe ...) NOT-FOR-US: D-Link CVE-2023-41209 (D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffe ...) NOT-FOR-US: D-Link CVE-2023-41208 (D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-b ...) NOT-FOR-US: D-Link CVE-2023-41207 (D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Bu ...) NOT-FOR-US: D-Link CVE-2023-41206 (D-Link DAP-1325 SetHostIPv6Settings IPv6Mode Stack-based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2023-41205 (D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflo ...) NOT-FOR-US: D-Link CVE-2023-41204 (D-Link DAP-1325 SetAPLanSettings SecondaryDNS Stack-based Buffer Overf ...) NOT-FOR-US: D-Link CVE-2023-41203 (D-Link DAP-1325 SetAPLanSettings PrimaryDNS Stack-based Buffer Overflo ...) NOT-FOR-US: D-Link CVE-2023-41202 (D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remo ...) NOT-FOR-US: D-Link CVE-2023-41201 (D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Re ...) NOT-FOR-US: D-Link CVE-2023-41200 (D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Comm ...) NOT-FOR-US: D-Link CVE-2023-41199 (D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS2 Command Inje ...) NOT-FOR-US: D-Link CVE-2023-41198 (D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDNS1 Command Inje ...) NOT-FOR-US: D-Link CVE-2023-41197 (D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticDefaultGateway Co ...) NOT-FOR-US: D-Link CVE-2023-41196 (D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticAddress Command I ...) NOT-FOR-US: D-Link CVE-2023-41195 (D-Link DAP-1325 HNAP SetHostIPv6Settings IPv6Mode Command Injection Re ...) NOT-FOR-US: D-Link CVE-2023-41194 (D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Rem ...) NOT-FOR-US: D-Link CVE-2023-41193 (D-Link DAP-1325 HNAP SetAPLanSettings SecondaryDNS Command Injection R ...) NOT-FOR-US: D-Link CVE-2023-41192 (D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Rem ...) NOT-FOR-US: D-Link CVE-2023-41191 (D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Co ...) NOT-FOR-US: D-Link CVE-2023-41190 (D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote ...) NOT-FOR-US: D-Link CVE-2023-41189 (D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote ...) NOT-FOR-US: D-Link CVE-2023-41188 (D-Link DAP-1325 HNAP SetAPLanSettings DeviceName Command Injection Rem ...) NOT-FOR-US: D-Link CVE-2023-41187 (D-Link DAP-1325 HNAP Missing Authentication Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-41186 (D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vuln ...) NOT-FOR-US: D-Link CVE-2023-41185 (Unified Automation UaGateway Certificate Parsing Integer Overflow Deni ...) NOT-FOR-US: Unified Automation UaGateway Certificate Parsing CVE-2023-41184 (TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code ...) NOT-FOR-US: TP-Link CVE-2023-41183 (NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vu ...) NOT-FOR-US: Netgear CVE-2023-41182 (NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal ...) NOT-FOR-US: Netgear CVE-2023-41181 (LG SuperSign Media Editor getSubFolderList Directory Traversal Informa ...) NOT-FOR-US: LG SuperSign Media Editor CVE-2023-40696 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expe ...) NOT-FOR-US: IBM CVE-2023-40695 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate s ...) NOT-FOR-US: IBM CVE-2023-40517 (LG SuperSign Media Editor ContentRestController getObject Directory Tr ...) NOT-FOR-US: LG SuperSign Media Editor CVE-2023-40516 (LG Simple Editor Incorrect Permission Assignment Local Privilege Escal ...) NOT-FOR-US: LG Simple Editor CVE-2023-40515 (LG Simple Editor joinAddUser Improper Input Validation Denial-of-Servi ...) NOT-FOR-US: LG Simple Editor CVE-2023-40514 (LG Simple Editor FileManagerController getImageByFilename Directory Tr ...) NOT-FOR-US: LG Simple Editor CVE-2023-40513 (LG Simple Editor UserManageController getImageByFilename Directory Tra ...) NOT-FOR-US: LG Simple Editor CVE-2023-40512 (LG Simple Editor PlayerController getImageByFilename Directory Travers ...) NOT-FOR-US: LG Simple Editor CVE-2023-40511 (LG Simple Editor checkServer Authentication Bypass Vulnerability. This ...) NOT-FOR-US: LG Simple Editor CVE-2023-40510 (LG Simple Editor getServerSetting Authentication Bypass Vulnerability. ...) NOT-FOR-US: LG Simple Editor CVE-2023-40509 (LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Delet ...) NOT-FOR-US: LG Simple Editor CVE-2023-40508 (LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deleti ...) NOT-FOR-US: LG Simple Editor CVE-2023-40507 (LG Simple Editor copyContent XML External Entity Processing Informatio ...) NOT-FOR-US: LG Simple Editor CVE-2023-40506 (LG Simple Editor copyContent XML External Entity Processing Informatio ...) NOT-FOR-US: LG Simple Editor CVE-2023-40505 (LG Simple Editor createThumbnailByMovie Command Injection Remote Code ...) NOT-FOR-US: LG Simple Editor CVE-2023-40504 (LG Simple Editor readVideoInfo Command Injection Remote Code Execution ...) NOT-FOR-US: LG Simple Editor CVE-2023-40503 (LG Simple Editor saveXmlFile XML External Entity Processing Informatio ...) NOT-FOR-US: LG Simple Editor CVE-2023-40502 (LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion ...) NOT-FOR-US: LG Simple Editor CVE-2023-40501 (LG Simple Editor copyContent Exposed Dangerous Function Remote Code Ex ...) NOT-FOR-US: LG Simple Editor CVE-2023-40500 (LG Simple Editor copyContent Exposed Dangerous Function Remote Code Ex ...) NOT-FOR-US: LG Simple Editor CVE-2023-40499 (LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vul ...) NOT-FOR-US: LG Simple Editor CVE-2023-40498 (LG Simple Editor cp Command Directory Traversal Remote Code Execution ...) NOT-FOR-US: LG Simple Editor CVE-2023-40497 (LG Simple Editor saveXml Directory Traversal Remote Code Execution Vul ...) NOT-FOR-US: LG Simple Editor CVE-2023-40496 (LG Simple Editor copyStickerContent Directory Traversal Information Di ...) NOT-FOR-US: LG Simple Editor CVE-2023-40495 (LG Simple Editor copyTemplateAll Directory Traversal Information Discl ...) NOT-FOR-US: LG Simple Editor CVE-2023-40494 (LG Simple Editor deleteFolder Directory Traversal Arbitrary File Delet ...) NOT-FOR-US: LG Simple Editor CVE-2023-40493 (LG Simple Editor copySessionFolder Directory Traversal Remote Code Exe ...) NOT-FOR-US: LG Simple Editor CVE-2023-40492 (LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File ...) NOT-FOR-US: LG Simple Editor CVE-2023-40491 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40489 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40488 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40487 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40486 (Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40485 (Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40484 (Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40483 (Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40482 (Maxon Cinema 4D SKP File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Maxon Cinema 4D SKP CVE-2023-40480 (NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: Netgear CVE-2023-40479 (NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerabili ...) NOT-FOR-US: Netgear CVE-2023-40478 (NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Netgear CVE-2023-40473 (PDF-XChange Editor Doc Object Out-Of-Bounds Read Information Disclosur ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-40472 (PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Rem ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-40471 (PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execu ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-40470 (PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-40469 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-40468 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39506 (PDF-XChange Editor createDataObject Directory Traversal Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39505 (PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Inform ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39504 (PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Di ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39503 (PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Read Information Di ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39502 (PDF-XChange Editor OXPS File Parsing Out-Of-Bounds Write Remote Code E ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39501 (PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Rem ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39500 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39499 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39498 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39497 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39496 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39495 (PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39494 (PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39493 (PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code E ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39492 (PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39491 (PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39490 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39489 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39488 (PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39487 (PDF-XChange Editor util Out-Of-Bounds Read Information Disclosure Vuln ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39486 (PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Exec ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39485 (PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39484 (PDF-XChange Editor PDF File Parsing Uninitialized Variable Information ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39483 (PDF-XChange Editor J2K File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-39482 (Softing Secure Integration Server Hardcoded Cryptographic Key Informat ...) NOT-FOR-US: Softing Secure Integration Server CVE-2023-39481 (Softing Secure Integration Server Interpretation Conflict Remote Code ...) NOT-FOR-US: Softing Secure Integration Server CVE-2023-39480 (Softing Secure Integration Server FileDirectory OPC UA Object Arbitrar ...) NOT-FOR-US: Softing Secure Integration Server CVE-2023-39479 (Softing Secure Integration Server OPC UA Gateway Directory Creation Vu ...) NOT-FOR-US: Softing Secure Integration Server CVE-2023-39478 (Softing Secure Integration Server Exposure of Resource to Wrong Sphere ...) NOT-FOR-US: Softing Secure Integration Server CVE-2023-39477 (Inductive Automation Ignition ConditionRefresh Resource Exhaustion Den ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39476 (Inductive Automation Ignition JavaSerializationCodec Deserialization o ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39475 (Inductive Automation Ignition ParameterVersionJavaSerializationCodec D ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39474 (Inductive Automation Ignition downloadLaunchClientJar Remote Code Exec ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39473 (Inductive Automation Ignition AbstractGatewayFunction Deserialization ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39472 (Inductive Automation Ignition SimpleXMLReader XML External Entity Proc ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-39471 (TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: TP-Link CVE-2023-39469 (PaperCut NG External User Lookup Code Injection Remote Code Execution ...) NOT-FOR-US: PaperCut CVE-2023-39468 (Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39467 (Triangle MicroWorks SCADA Data Gateway certificate Information Disclos ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39466 (Triangle MicroWorks SCADA Data Gateway get_config Missing Authenticati ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39465 (Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39464 (Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted S ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39463 (Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestric ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39462 (Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload V ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39461 (Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutr ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39460 (Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal A ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39459 (Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary F ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39458 (Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials A ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-39457 (Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerab ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2023-38724 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2023-38125 (Softing edgeAggregator Permissive Cross-domain Policy with Untrusted D ...) NOT-FOR-US: Softing CVE-2023-38124 (Inductive Automation Ignition OPC UA Quick Client Task Scheduling Expo ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-38123 (Inductive Automation Ignition OPC UA Quick Client Missing Authenticati ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-38122 (Inductive Automation Ignition OPC UA Quick Client Permissive Cross-dom ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-38121 (Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting ...) NOT-FOR-US: Inductive Automation Ignition CVE-2023-38120 (Adtran SR400ac ping Command Injection Remote Code Execution Vulnerabil ...) NOT-FOR-US: Adtran SR400ac CVE-2023-38119 (Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38118 (Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Write Remote Code E ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38117 (Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execut ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38116 (Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38115 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38114 (Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execut ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38113 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38112 (Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution V ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38111 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38110 (Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Di ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38109 (Foxit PDF Reader Doc Object Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38108 (Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38107 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38106 (Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38105 (Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-38102 (NETGEAR ProSAFE Network Management System createUser Missing Authoriza ...) NOT-FOR-US: Netgear CVE-2023-38101 (NETGEAR ProSAFE Network Management System SettingConfigController Expo ...) NOT-FOR-US: Netgear CVE-2023-38100 (NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injectio ...) NOT-FOR-US: Netgear CVE-2023-38099 (NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch ...) NOT-FOR-US: Netgear CVE-2023-38098 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...) NOT-FOR-US: Netgear CVE-2023-38097 (NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Da ...) NOT-FOR-US: Netgear CVE-2023-38096 (NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authent ...) NOT-FOR-US: Netgear CVE-2023-38095 (NETGEAR ProSAFE Network Management System MFileUploadController Unrest ...) NOT-FOR-US: Netgear CVE-2023-38094 (Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code E ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38093 (Kofax Power PDF saveAs Stack-based Buffer Overflow Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38092 (Kofax Power PDF importDataObject Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38091 (Kofax Power PDF response Type Confusion Remote Code Execution Vulnerab ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38090 (Kofax Power PDF popUpMenu Heap-based Buffer Overflow Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38089 (Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Executio ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38088 (Kofax Power PDF printf Uninitialized Variable Remote Code Execution Vu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38087 (Kofax Power PDF clearTimeOut Out-Of-Bounds Write Remote Code Execution ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38086 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38085 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38084 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38083 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38082 (Kofax Power PDF GIF File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38081 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38080 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38079 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38078 (Kofax Power PDF U3D File Parsing Use-After-Free Information Disclosure ...) NOT-FOR-US: Kofax Power PDF CVE-2023-38077 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37407 (IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attac ...) NOT-FOR-US: IBM CVE-2023-37359 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37358 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37357 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37356 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37355 (Kofax Power PDF JPG File Parsing Use-After-Free Information Disclosure ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37354 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execut ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37353 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37352 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37351 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37350 (Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37349 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37348 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37347 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execut ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37346 (Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37345 (Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37344 (Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37343 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37342 (Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37341 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37340 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37339 (Kofax Power PDF PCX File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37338 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37337 (Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37336 (Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37335 (Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37334 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37333 (Kofax Power PDF PCX File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37332 (Kofax Power PDF PNG File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37331 (Kofax Power PDF GIF File Parsing Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37330 (Kofax Power PDF exportAsText Exposed Dangerous Method Remote Code Exec ...) NOT-FOR-US: Kofax Power PDF CVE-2023-37326 (D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37324 (D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37323 (D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remo ...) NOT-FOR-US: D-Link CVE-2023-37322 (D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-37321 (D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-37320 (D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflo ...) NOT-FOR-US: D-Link CVE-2023-37319 (D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remot ...) NOT-FOR-US: D-Link CVE-2023-37318 (D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37317 (D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-37316 (D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffe ...) NOT-FOR-US: D-Link CVE-2023-37315 (D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37314 (D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37313 (D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-37312 (D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-37311 (D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer O ...) NOT-FOR-US: D-Link CVE-2023-37310 (D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer O ...) NOT-FOR-US: D-Link CVE-2023-37244 (The affected AutomationManager.AgentService.exe application contains a ...) NOT-FOR-US: D-Link CVE-2023-35756 (D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-35755 (D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-35754 (D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2023-35753 (D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-35752 (D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-35751 (D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Ov ...) NOT-FOR-US: D-Link CVE-2023-35750 (D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulne ...) NOT-FOR-US: D-Link CVE-2023-35747 (D-Link DAP-2622 DDP Firmware Upgrade Auth Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35746 (D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35745 (D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35744 (D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-ba ...) NOT-FOR-US: D-Link CVE-2023-35743 (D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Bu ...) NOT-FOR-US: D-Link CVE-2023-35742 (D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Bu ...) NOT-FOR-US: D-Link CVE-2023-35741 (D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer O ...) NOT-FOR-US: D-Link CVE-2023-35740 (D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Bu ...) NOT-FOR-US: D-Link CVE-2023-35739 (D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-bas ...) NOT-FOR-US: D-Link CVE-2023-35738 (D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buf ...) NOT-FOR-US: D-Link CVE-2023-35737 (D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buf ...) NOT-FOR-US: D-Link CVE-2023-35736 (D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35735 (D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35734 (Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Dis ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-35733 (D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffe ...) NOT-FOR-US: D-Link CVE-2023-35732 (D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-35731 (D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Ove ...) NOT-FOR-US: D-Link CVE-2023-35730 (D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-35729 (D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-35728 (D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-35727 (D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow R ...) NOT-FOR-US: D-Link CVE-2023-35726 (D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35725 (D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer ...) NOT-FOR-US: D-Link CVE-2023-35724 (D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication ...) NOT-FOR-US: D-Link CVE-2023-35723 (D-Link DIR-X3260 prog.cgi SOAPAction Command Injection Remote Code Exe ...) NOT-FOR-US: D-Link CVE-2023-35722 (NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerabili ...) NOT-FOR-US: Netgear CVE-2023-35721 (NETGEAR Multiple Routers curl_post Improper Certificate Validation Rem ...) NOT-FOR-US: Netgear CVE-2023-35720 (ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclos ...) NOT-FOR-US: ASUS CVE-2023-35718 (D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffe ...) NOT-FOR-US: D-Link CVE-2023-35717 (TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerabilit ...) NOT-FOR-US: TP-Link CVE-2023-35716 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Ex ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35715 (Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35714 (Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code E ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35713 (Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35712 (Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35711 (Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Rem ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35710 (Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35709 (Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-35701 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache Hive CVE-2023-34311 (Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Executi ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34310 (Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulner ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34309 (Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Executi ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34308 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Ashlar-Vellum Graphite CVE-2023-34307 (Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Ashlar-Vellum Graphite CVE-2023-34306 (Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Re ...) NOT-FOR-US: Ashlar-Vellum Graphite CVE-2023-34305 (Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnera ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34304 (Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulner ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34303 (Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerab ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34302 (Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remot ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34301 (Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Rem ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34300 (Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Rem ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34299 (Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34298 (Pulse Secure Client SetupService Directory Traversal Local Privilege E ...) NOT-FOR-US: Pulse Secure Client CVE-2023-34297 (Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-34296 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-34295 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-34294 (Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Dis ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-34293 (Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnera ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34292 (Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnera ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34291 (Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnera ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34290 (Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnera ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34289 (Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34288 (Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34287 (Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remot ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34286 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code E ...) NOT-FOR-US: Ashlar-Vellum Cobalt CVE-2023-34285 (NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote C ...) NOT-FOR-US: Netgear CVE-2023-34284 (NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vuln ...) NOT-FOR-US: Netgear CVE-2023-34283 (NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerab ...) NOT-FOR-US: Netgear CVE-2023-34282 (D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algori ...) NOT-FOR-US: D-Link CVE-2023-34281 (D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code ...) NOT-FOR-US: D-Link CVE-2023-34280 (D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote C ...) NOT-FOR-US: D-Link CVE-2023-34279 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...) NOT-FOR-US: D-Link CVE-2023-34278 (D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote ...) NOT-FOR-US: D-Link CVE-2023-34277 (D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remo ...) NOT-FOR-US: D-Link CVE-2023-34276 (D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Rem ...) NOT-FOR-US: D-Link CVE-2023-34275 (D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Exe ...) NOT-FOR-US: D-Link CVE-2023-34274 (D-Link DIR-2150 LoginPassword Incorrect Implementation of Authenticati ...) NOT-FOR-US: D-Link CVE-2023-34273 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34272 (Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Rem ...) NOT-FOR-US: Fatek Automation CVE-2023-34271 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34270 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34269 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34268 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34267 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34266 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34265 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34264 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-34263 (Fatek Automation FvDesigner FPJ File Parsing Uninitialized Pointer Rem ...) NOT-FOR-US: Fatek Automation CVE-2023-34262 (Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remot ...) NOT-FOR-US: Fatek Automation CVE-2023-32179 (VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Esc ...) NOT-FOR-US: VIPRE Antivirus Plus CVE-2023-32178 (VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Es ...) NOT-FOR-US: VIPRE Antivirus Plus CVE-2023-32177 (VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privi ...) NOT-FOR-US: VIPRE Antivirus Plus CVE-2023-32176 (VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privi ...) NOT-FOR-US: VIPRE Antivirus Plus CVE-2023-32175 (VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnera ...) NOT-FOR-US: VIPRE Antivirus Plus CVE-2023-32174 (Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Co ...) NOT-FOR-US: Unified Automation UaGateway CVE-2023-32173 (Unified Automation UaGateway AddServer XML Injection Denial-of-Service ...) NOT-FOR-US: Unified Automation UaGateway CVE-2023-32172 (Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Se ...) NOT-FOR-US: Unified Automation UaGateway CVE-2023-32171 (Unified Automation UaGateway OPC UA Server Null Pointer Dereference De ...) NOT-FOR-US: Unified Automation UaGateway CVE-2023-32170 (Unified Automation UaGateway OPC UA Server Improper Input Validation D ...) NOT-FOR-US: Unified Automation UaGateway CVE-2023-32169 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...) NOT-FOR-US: D-Link CVE-2023-32168 (D-Link D-View showUser Improper Authorization Privilege Escalation Vul ...) NOT-FOR-US: D-Link CVE-2023-32167 (D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or ...) NOT-FOR-US: D-Link CVE-2023-32166 (D-Link D-View uploadFile Directory Traversal Arbitrary File Creation V ...) NOT-FOR-US: D-Link CVE-2023-32165 (D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code E ...) NOT-FOR-US: D-Link CVE-2023-32164 (D-Link D-View TftpSendFileThread Directory Traversal Information Discl ...) NOT-FOR-US: D-Link CVE-2023-32161 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-32160 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-32159 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-32158 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-32157 (Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code ...) NOT-FOR-US: Tesla CVE-2023-32156 (Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerabili ...) NOT-FOR-US: Tesla CVE-2023-32155 (Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vu ...) NOT-FOR-US: Tesla CVE-2023-32154 (Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vuln ...) NOT-FOR-US: Mikrotik RouterOS CVE-2023-32153 (D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-32152 (D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability ...) NOT-FOR-US: D-Link CVE-2023-32151 (D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vu ...) NOT-FOR-US: D-Link CVE-2023-32150 (D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vuln ...) NOT-FOR-US: D-Link CVE-2023-32149 (D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2023-32148 (D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. ...) NOT-FOR-US: D-Link CVE-2023-32147 (D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution ...) NOT-FOR-US: D-Link CVE-2023-32146 (D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote ...) NOT-FOR-US: D-Link CVE-2023-32145 (D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerabil ...) NOT-FOR-US: D-Link CVE-2023-32144 (D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2023-32143 (D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code ...) NOT-FOR-US: D-Link CVE-2023-32142 (D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: D-Link CVE-2023-32141 (D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Re ...) NOT-FOR-US: D-Link CVE-2023-32140 (D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remot ...) NOT-FOR-US: D-Link CVE-2023-32139 (D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execut ...) NOT-FOR-US: D-Link CVE-2023-32138 (D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Executi ...) NOT-FOR-US: D-Link CVE-2023-32137 (D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Informatio ...) NOT-FOR-US: D-Link CVE-2023-32136 (D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: D-Link CVE-2023-32135 (Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Dis ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-32134 (Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Exe ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-32133 (Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-32132 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2023-32131 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Cod ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-48705 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa3fbe64037839f448dc569212bafc5a495d8219 (6.0-rc5) CVE-2022-48704 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/f461950fdc374a3ada5a63c669d997de4600dffe (6.0-rc3) CVE-2022-48703 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/7931e28098a4c1a2a6802510b0cbe57546d2049d (6.0-rc3) CVE-2022-48702 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/d29f59051d3a07b81281b2df2b8c9dfe4716067f (6.0-rc5) CVE-2022-48701 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/e53f47f6c1a56d2af728909f1cb894da6b43d9bf (6.0-rc5) CVE-2022-48700 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4 (6.0-rc5) CVE-2022-48699 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/c2e406596571659451f4b95e37ddfd5a8ef1d0dc (6.0-rc5) CVE-2022-48698 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/cbfac7fa491651c57926c99edeb7495c6c1aeac2 (6.0-rc5) CVE-2022-48697 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/6a02a61e81c231cc5c680c5dbf8665275147ac52 (6.0-rc5) CVE-2022-48696 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5723cfc01932c7a8d5c78dbf7e067e537c91439 (6.0-rc5) CVE-2022-48695 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34 (6.0-rc5) CVE-2022-48694 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ead54ced6321099978d30d62dc49c282a6e70574 (6.0-rc5) CVE-2022-48693 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/1085f5080647f0c9f357c270a537869191f7f2a1 (6.0-rc5) CVE-2022-48692 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/12f35199a2c0551187edbf8eb01379f0598659fa (6.0-rc5) CVE-2022-48691 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/77972a36ecc4db7fc7c68f0e80714263c5f03f65 (6.0-rc5) CVE-2022-48690 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7e753eb675f0523207b184558638ee2eed6c9ac2 (6.0-rc5) CVE-2022-48689 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3261400639463a853ba2b3be8bd009c2a8089775 (6.0-rc5) CVE-2022-48688 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/fb8396aeda5872369a8ed6d2301e2c86e303c520 (6.0-rc5) CVE-2022-48687 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/84a53580c5d2138c7361c7c3eea5b31827e63b35 (6.0-rc5) CVE-2022-48686 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/160f3549a907a50e51a8518678ba2dcf2541abea (6.0-rc5) CVE-2022-48675 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/85eaeb5058f0f04dffb124c97c86b4f18db0b833 (6.0-rc5) CVE-2022-48674 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/2f44013e39984c127c6efedf70e6b5f4e9dcf315 (6.0-rc5) CVE-2022-48673 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968 (6.0-rc5) CVE-2022-48672 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/2f945a792f67815abca26fa8a5e863ccf3fa1181 (6.0-rc6) CVE-2022-48671 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/43626dade36fa74d3329046f4ae2d7fdefe401c6 (6.0-rc3) CVE-2022-48670 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/1c11289b34ab67ed080bbe0f1855c4938362d9cf (6.0-rc4) CVE-2024-4418 (A race condition leading to a stack use-after-free flaw was found in l ...) - libvirt 10.3.0-1 (bug #1070330) [bookworm] - libvirt (Vulnerable code not present) [bullseye] - libvirt (Vulnerable code not present) [buster] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2278616 NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1 NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/7cb03e6a28e465c49f0cabe8fe2e7d21edb5aadf (v10.0.0-rc2) CVE-2024-4140 (An excessive memory use issue (CWE-770) exists in Email-MIME, before v ...) - libemail-mime-perl 1.954-1 (bug #960062) [bookworm] - libemail-mime-perl (Minor issue) [bullseye] - libemail-mime-perl (Minor issue) [buster] - libemail-mime-perl (Minor issue; OOM DoS) NOTE: https://github.com/rjbs/Email-MIME/issues/66 NOTE: https://github.com/rjbs/Email-MIME/pull/80 NOTE: https://github.com/rjbs/Email-MIME/commit/fc0fededd24a71ccc51bcd8b1e486385d09aae63 (1.954) NOTE: https://github.com/rjbs/Email-MIME/commit/b2cb62f19e12580dd235f79e2546d44a6bec54d1 (1.954) CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. Due ...) - wildfly (bug #752018) CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp (bug #1070364) [buster] - python-aiohttp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4 NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84 NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19 (v3.9.4) NOTE: Followup: https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597 (v3.9.5) NOTE: Followup: https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866 (v3.9.5) CVE-2024-34148 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier pr ...) NOT-FOR-US: Jenkins plugin CVE-2024-34147 (Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot ...) NOT-FOR-US: Jenkins plugin CVE-2024-34146 (Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perf ...) NOT-FOR-US: Jenkins plugin CVE-2024-34145 (A sandbox bypass vulnerability involving sandbox-defined classes that ...) NOT-FOR-US: Jenkins plugin CVE-2024-34144 (A sandbox bypass vulnerability involving crafted constructor bodies in ...) NOT-FOR-US: Jenkins plugin CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...) NOT-FOR-US: JFrog Artifactory CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-3481 (The Counter Box WordPress plugin before 1.2.4 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2024-3478 (The Herd Effects WordPress plugin before 5.2.7 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2024-3477 (The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2024-3476 (The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-3475 (The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-3474 (The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2024-3472 (The Modal Window WordPress plugin before 5.3.10 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2024-3471 (The Button Generator WordPress plugin before 3.0 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust to run a ...) NOT-FOR-US: Apollo Router CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library for Node ...) NOT-FOR-US: Node xml-crypto CVE-2024-32882 (Wagtail is an open source content management system built on Django. I ...) NOT-FOR-US: Wagtail CVE-2024-2405 (The Float menu WordPress plugin before 6.0.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...) NOT-FOR-US: Tenda CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...) NOT-FOR-US: Totolink CVE-2024-33775 (An issue with the Autodiscover component in Nagios XI 2024R1.01 allows ...) NOT-FOR-US: Nagios XI CVE-2024-33518 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33517 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33516 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33515 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33514 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33513 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the A ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33512 (There is a buffer overflow vulnerability in the underlying Local User ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33511 (There is a buffer overflow vulnerability in the underlying Automatic R ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-33442 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) NOT-FOR-US: flusity-CMS CVE-2024-33431 (An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a ...) NOT-FOR-US: phiola CVE-2024-33430 (An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 a ...) NOT-FOR-US: phiola CVE-2024-33429 (Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 ...) NOT-FOR-US: phiola CVE-2024-33428 (Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 a ...) NOT-FOR-US: phiola CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) NOT-FOR-US: CMSimple CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...) NOT-FOR-US: CMSimple CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...) NOT-FOR-US: spiderpool CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: SourceCodester Laboratory Management System CVE-2024-33304 (SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: SourceCodester Product Show Room CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross ...) NOT-FOR-US: Typora CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...) NOT-FOR-US: Realisation MGSD CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...) NOT-FOR-US: libpag CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...) NOT-FOR-US: rust-yamux CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) NOT-FOR-US: Pluto CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) NOT-FOR-US: LoMag WareHouse Management application CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...) NOT-FOR-US: LOGINT LoMag Inventory Management CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before a ...) NOT-FOR-US: LOGINT LoMag Inventory Management CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...) NOT-FOR-US: LoMag WareHouse Management application CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...) NOT-FOR-US: CX-One CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...) NOT-FOR-US: CX-One CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...) NOT-FOR-US: Logpoint CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...) NOT-FOR-US: SonicWall CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...) NOT-FOR-US: SonicWall CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...) NOT-FOR-US: HP CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...) NOT-FOR-US: IBM CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute ...) NOT-FOR-US: Wifire Hotspot CVE-2024-26305 (There is a buffer overflow vulnerability in the underlying Utility dae ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-26304 (There is a buffer overflow vulnerability in the underlying L2/L3 Manag ...) NOT-FOR-US: HPE Aruba Networking CVE-2024-25676 (An issue was discovered in ViewerJS 0.5.8. A script from the component ...) NOT-FOR-US: ViewerJS CVE-2024-25458 (An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board ident ...) NOT-FOR-US: CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera firmware CVE-2024-25355 (s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes ...) NOT-FOR-US: s3-url-parser CVE-2024-25015 (IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a r ...) NOT-FOR-US: IBM CVE-2024-24978 (Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receivi ...) NOT-FOR-US: TvRock CVE-2024-24912 (A local privilege escalation vulnerability has been identified in Harm ...) NOT-FOR-US: Harmony Endpoint Security Client CVE-2024-24403 REJECTED CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote att ...) NOT-FOR-US: Vaales Technologies V_QRS CVE-2024-24312 (SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 ...) NOT-FOR-US: Vaales Technologies V_QRS CVE-2024-23597 (Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8 ...) NOT-FOR-US: TvRock CVE-2024-23480 (A fallback mechanism in code sign checking on macOS may allow arbitrar ...) NOT-FOR-US: Zscaler CVE-2024-23457 (The anti-tampering functionality of the Zscaler Client Connector can b ...) NOT-FOR-US: Zscaler CVE-2024-22830 (Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2 ...) NOT-FOR-US: Anti-Cheat Expert CVE-2024-20378 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco CVE-2024-20376 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco CVE-2024-20357 (A vulnerability in the XML service of Cisco IP Phone firmware could al ...) NOT-FOR-US: Cisco CVE-2024-0334 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-7241 (Privilege Escalationin WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 ...) NOT-FOR-US: Webroot Antivirus CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Headers p ...) - tinyproxy 1.11.1-4 (bug #1070395) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889 NOTE: https://github.com/tinyproxy/tinyproxy/issues/533 NOTE: https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956 CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...) - libstb (bug #1070394) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846 CVE-2023-47166 (A firmware update vulnerability exists in the luci2-io file-import fun ...) NOT-FOR-US: Milesight UR32L CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated ...) NOT-FOR-US: Teledyne FLIR M300 CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...) NOT-FOR-US: Teledyne FLIR M300 CVE-2023-40533 REJECTED CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1) CVE-2024-27391 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/328efda22af81130c2ad981c110518cb29ff2f1d (6.9-rc1) CVE-2024-27390 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/17ef8efc00b34918b966388b2af0993811895a8c (6.9-rc1) CVE-2024-27389 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1) CVE-2024-27388 (In the Linux kernel, the following vulnerability has been resolved: S ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/3cfcfc102a5e57b021b786a755a38935e357797d (6.9-rc1) CVE-2024-27080 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/978b63f7464abcfd364a6c95f734282c50f3decf (6.9-rc1) CVE-2024-27079 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/81e921fd321614c2ad8ac333b041aae1da7a1c6d (6.9-rc1) CVE-2024-27078 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c (6.9-rc1) CVE-2024-27077 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/8f94b49a5b5d386c038e355bef6347298aabd211 (6.9-rc1) CVE-2024-27076 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4797a3dd46f220e6d83daf54d70c5b33db6deb01 (6.9-rc1) CVE-2024-27075 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/7a4cf27d1f0538f779bf31b8c99eda394e277119 (6.9-rc1) CVE-2024-27074 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/b9b683844b01d171a72b9c0419a2d760d946ee12 (6.9-rc1) CVE-2024-27073 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/d0b07f712bf61e1a3cf23c87c663791c42e50837 (6.9-rc1) CVE-2024-27072 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux NOTE: https://git.kernel.org/linus/65e6a2773d655172143cc0b927cdc89549842895 (6.9-rc1) CVE-2024-27071 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 (6.9-rc1) CVE-2024-27070 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 (6.9-rc1) CVE-2024-27069 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/77a28aa476873048024ad56daf8f4f17d58ee48e (6.9-rc1) CVE-2024-27068 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ca93bf607a44c1f009283dac4af7df0d9ae5e357 (6.9-rc1) CVE-2024-27067 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/51c23bd691c0f1fb95b29731c356c6fd69925d17 (6.9-rc1) CVE-2024-27066 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd (6.9-rc1) CVE-2024-27065 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4a0e7f2decbf9bd72461226f1f5f7dcc4b08f139 (6.9-rc1) CVE-2024-27064 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7eaf837a4eb5f74561e2486972e7f5184b613f6e (6.9-rc1) CVE-2024-27063 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/415798bc07dd1c1ae3a656aa026580816e0b9fe8 (6.9-rc1) CVE-2024-27062 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8) CVE-2024-27061 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/183420038444547c149a0fc5f58e792c2752860c (6.8) CVE-2024-27060 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa (6.8) CVE-2024-27059 (In the Linux kernel, the following vulnerability has been resolved: U ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/014bcf41d946b36a8f0b8e9b5d9529efbb822f49 (6.8) CVE-2024-27058 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0a69b6b3a026543bc215ccc866d0aea5579e6ce2 (6.9-rc2) CVE-2024-27057 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5) CVE-2024-27056 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7) CVE-2024-27055 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/15930da42f8981dc42c19038042947b475b19f47 (6.9-rc1) CVE-2024-27054 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/c3116e62ddeff79cae342147753ce596f01fcf06 (6.9-rc1) CVE-2024-27053 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/205c50306acf58a335eb19fa84e40140f4fe814f (6.9-rc1) CVE-2024-27052 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1213acb478a7181cd73eeaf00db430f1e45b1361 (6.9-rc1) CVE-2024-27051 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/f661017e6d326ee187db24194cabb013d81bc2a6 (6.9-rc1) CVE-2024-27050 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/92a871ab9fa59a74d013bc04f321026a057618e7 (6.9-rc1) CVE-2024-27049 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a5a5f4413d91f395cb2d89829d376d7393ad48b9 (6.9-rc1) CVE-2024-27048 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b4152222e04cb8afeeca239c90e3fcaf4c553b42 (6.9-rc1) CVE-2024-27047 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4469c0c5b14a0919f5965c7ceac96b523eb57b79 (6.9-rc1) CVE-2024-27046 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/84e95149bd341705f0eca6a7fcb955c548805002 (6.9-rc1) CVE-2024-27045 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4b09715f1504f1b6e8dff0e9643630610bc05141 (6.9-rc1) CVE-2024-27044 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9ccfe80d022df7c595f1925afb31de2232900656 (6.9-rc1) CVE-2024-27043 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5 (6.9-rc1) CVE-2024-27042 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cdb637d339572398821204a1142d8d615668f1e9 (6.9-rc1) CVE-2024-27041 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1) CVE-2024-27040 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b (6.9-rc1) CVE-2024-27039 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/64c6a38136b74a2f18c42199830975edd9fbc379 (6.9-rc1) CVE-2024-27038 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e97fe4901e0f59a0bfd524578fe3768f8ca42428 (6.9-rc1) CVE-2024-27037 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/7938e9ce39d6779d2f85d822cc930f73420e54a6 (6.9-rc1) CVE-2024-27036 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c (6.9-rc1) CVE-2024-27035 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1) CVE-2024-27034 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fd244524c2cf07b5f4c3fe8abd6a99225c76544b (6.9-rc1) CVE-2024-27033 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b896e302f79678451a94769ddd9e52e954c64fbb (6.9-rc1) CVE-2024-27032 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1) CVE-2024-27031 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fd5860ab6341506004219b080aea40213b299d2e (6.9-rc1) CVE-2024-27030 (In the Linux kernel, the following vulnerability has been resolved: o ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/50e60de381c342008c0956fd762e1c26408f372c (6.9-rc1) CVE-2024-27029 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6540ff6482c1a5a6890ae44b23d0852ba1986d9e (6.9-rc1) CVE-2024-27028 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/a20ad45008a7c82f1184dc6dee280096009ece55 (6.9-rc1) CVE-2024-27027 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b446631f355ece73b13c311dd712c47381a23172 (6.9-rc1) CVE-2024-27026 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e127ce7699c1e05279ee5ee61f00893e7bfa9671 (6.9-rc1) CVE-2024-27025 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1) CVE-2024-27024 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/c055fc00c07be1f0df7375ab0036cebd1106ed38 (6.8) CVE-2024-27023 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/855678ed8534518e2b428bcbcec695de9ba248e8 (6.8-rc6) CVE-2023-52653 (In the Linux kernel, the following vulnerability has been resolved: S ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1) CVE-2023-52652 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/aebfdfe39b9327a3077d0df8db3beb3160c9bdd0 (6.9-rc1) CVE-2023-52651 REJECTED CVE-2023-52650 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/afe6fcb9775882230cd29b529203eabd5d2a638d (6.9-rc1) CVE-2023-52649 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2fee84030d12d9fddfa874e4562d71761a129277 (6.9-rc1) CVE-2022-48669 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1) CVE-2024-4331 (Use after free in Picture In Picture in Google Chrome prior to 124.0.6 ...) {DSA-5676-1} - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4368 (Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowe ...) {DSA-5676-1} - chromium 124.0.6367.118-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4369 (An information disclosure flaw was found in OpenShift's internal image ...) NOT-FOR-US: OpenShift CVE-2024-4349 (A vulnerability has been found in SourceCodester Pisay Online E-Learni ...) NOT-FOR-US: SourceCodester CVE-2024-4348 (A vulnerability, which was classified as problematic, was found in osC ...) NOT-FOR-US: osCommerce CVE-2024-4192 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...) NOT-FOR-US: Delta Electronics CVE-2024-3591 (The Geo Controller WordPress plugin before 8.6.5 unserializes user inp ...) NOT-FOR-US: WordPress plugin CVE-2024-34149 (In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots202311 ...) - bitcoin CVE-2024-33768 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) NOT-FOR-US: lunasvg CVE-2024-33767 (lunasvg v2.3.9 was discovered to contain a segmentation violation via ...) NOT-FOR-US: lunasvg CVE-2024-33766 (lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Except ...) NOT-FOR-US: lunasvg CVE-2024-33764 (lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/s ...) NOT-FOR-US: lunasvg CVE-2024-33763 (lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at l ...) NOT-FOR-US: lunasvg CVE-2024-32970 (Phlex is a framework for building object-oriented views in Ruby. In af ...) NOT-FOR-US: Phlex CVE-2024-32967 (Zitadel is an open source identity management system. In case ZITADEL ...) NOT-FOR-US: Zitadel CVE-2024-32966 (Static Web Server (SWS) is a tiny and fast production-ready web server ...) NOT-FOR-US: Static Web Server CVE-2024-32963 (Navidrome is an open source web-based music collection server and stre ...) NOT-FOR-US: Navidrome CVE-2024-32890 (librespeed/speedtest is an open source, self-hosted speed test for HTM ...) NOT-FOR-US: Navidrome CVE-2024-32018 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-32017 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-31225 (RIOT is a real-time multi-threading operating system that supports a r ...) NOT-FOR-US: RIOT CVE-2024-29466 (Directory Traversal vulnerability in lsgwr spring boot online exam v.0 ...) NOT-FOR-US: lsgwr spring boot online exam CVE-2024-28979 (Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS i ...) NOT-FOR-US: Dell CVE-2024-28978 (Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Imprope ...) NOT-FOR-US: Dell CVE-2024-23336 (MyBB is a free and open source forum software. The default list of dis ...) NOT-FOR-US: MyBB CVE-2024-23335 (MyBB is a free and open source forum software. The backup management m ...) NOT-FOR-US: MyBB CVE-2024-27022 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 (6.9-rc5) CVE-2024-27021 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/19fa4f2a85d777a8052e869c1b892a2f7556569d (6.9-rc4) CVE-2024-27020 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf (6.9-rc5) CVE-2024-27019 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/d78d867dcea69c328db30df665be5be7d0148484 (6.9-rc5) CVE-2024-27018 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/751de2012eafa4d46d8081056761fa0e9cc8a178 (6.9-rc5) CVE-2024-27017 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/29b359cf6d95fd60730533f7f10464e95bd17c73 (6.9-rc5) CVE-2024-27016 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/87b3593bed1868b2d9fe096c01bcdf0ea86cbebf (6.9-rc5) CVE-2024-27015 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6db5dc7b351b9569940cd1cf445e237c42cd6d27 (6.9-rc5) CVE-2024-27014 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/fef965764cf562f28afb997b626fc7c3cec99693 (6.9-rc5) CVE-2024-27013 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/f8bbc07ac535593139c875ffa19af924b1084540 (6.9-rc5) CVE-2024-27012 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e79b47a8615d42c68aaeb68971593333667382ed (6.9-rc5) CVE-2024-27011 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5) CVE-2024-27010 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux NOTE: https://git.kernel.org/linus/0f022d32c3eca477fbf79a205243a6123ed0fe11 (6.9-rc5) CVE-2024-27009 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2d8527f2f911fab84aec04df4788c0c23af3df48 (6.9-rc5) CVE-2024-27008 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/cf92bb778eda7830e79452c6917efa8474a30c1e (6.9-rc5) CVE-2024-27007 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50 (6.9-rc5) CVE-2024-27006 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd (6.9-rc5) CVE-2024-27005 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5) CVE-2024-27004 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/e581cf5d216289ef292d1a4036d53ce90e122469 (6.9-rc5) CVE-2024-27003 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9d1e795f754db1ac3344528b7af0b17b8146f321 (6.9-rc5) CVE-2024-27002 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5680-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3 (6.9-rc5) CVE-2024-27001 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/d1718530e3f640b7d5f0050e725216eab57a85d8 (6.9-rc5) CVE-2024-27000 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/54c4ec5f8c471b7c1137a1f769648549c423c026 (6.9-rc5) CVE-2024-26999 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/1be3226445362bfbf461c92a5bcdb1723f2e4907 (6.9-rc5) CVE-2024-26998 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9cf7ea2eeb745213dc2a04103e426b960e807940 (6.9-rc5) CVE-2024-26997 (In the Linux kernel, the following vulnerability has been resolved: u ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/eed04fa96c48790c1cce73c8a248e9d460b088f8 (6.9-rc5) CVE-2024-26996 (In the Linux kernel, the following vulnerability has been resolved: u ...) {DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/6334b8e4553cc69f51e383c9de545082213d785e (6.9-rc5) CVE-2024-26995 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c4128304c2169b4664ed6fb6200f228cead2ab70 (6.9-rc5) CVE-2024-26994 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1 (6.9-rc5) CVE-2024-26993 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/a90bca2228c0646fc29a72689d308e5fe03e6d78 (6.9-rc5) CVE-2024-26992 (In the Linux kernel, the following vulnerability has been resolved: K ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9e985cbf2942a1bb8fcef9adc2a17d90fd7ca8ee (6.9-rc5) CVE-2024-26991 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/992b54bd083c5bee24ff7cc35991388ab08598c4 (6.9-rc5) CVE-2024-26990 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2673dfb591a359c75080dd5af3da484b89320d22 (6.9-rc5) CVE-2024-26989 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457 (6.9-rc5) CVE-2024-26988 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1 DSA-5680-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/46dad3c1e57897ab9228332f03e1c14798d2d3b9 (6.9-rc5) CVE-2024-26987 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1983184c22dd84a4d95a71e5c6775c2638557dc7 (6.9-rc5) CVE-2024-26986 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/18921b205012568b45760753ad3146ddb9e2d4e2 (6.9-rc5) CVE-2024-26985 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/652ead9b746a63e4e79d7ad66d3edf0a8a5b0c2f (6.9-rc5) CVE-2024-26984 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/fff1386cc889d8fb4089d285f883f8cba62d82ce (6.9-rc5) CVE-2024-26983 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/89f9a1e876b5a7ad884918c03a46831af202c8a0 (6.9-rc5) CVE-2024-26982 (In the Linux kernel, the following vulnerability has been resolved: S ...) - linux NOTE: https://git.kernel.org/linus/9253c54e01b6505d348afbc02abaa4d9f8a01395 (6.9-rc5) CVE-2024-26981 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/c4a7dc9523b59b3e73fd522c73e95e072f876b16 (6.9-rc5) CVE-2024-26980 (In the Linux kernel, the following vulnerability has been resolved: k ...) {DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/c119f4ede3fa90a9463f50831761c28f989bfb20 (6.9-rc6) CVE-2024-26979 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/517621b7060096e48e42f545fa6646fc00252eac (6.9-rc1) CVE-2024-26978 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d27056c24efd3d63a03f3edfbcfc4827086b110 (6.9-rc1) CVE-2024-26977 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7626913652cc786c238e2dd7d8740b17d41b2637 (6.9-rc1) CVE-2024-26976 (In the Linux kernel, the following vulnerability has been resolved: K ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/3d75b8aa5c29058a512db29da7cbee8052724157 (6.9-rc1) CVE-2024-26975 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2d1f5006ff95770da502f8cee2a224a1ff83866e (6.9-rc1) CVE-2024-26974 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/7d42e097607c4d246d99225bf2b195b6167a210c (6.9-rc1) CVE-2024-26973 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/fde2497d2bc3a063d8af88b258dbadc86bd7b57c (6.9-rc1) CVE-2024-26972 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6379b44cdcd67f5f5d986b73953e99700591edfa (6.9-rc1) CVE-2024-26971 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/90ad946fff70f312b8d23226afc38c13ddd88c4b (6.9-rc1) CVE-2024-26970 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d (6.9-rc1) CVE-2024-26969 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/1040ef5ed95d6fd2628bad387d78a61633e09429 (6.9-rc1) CVE-2024-26968 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bd2b6395671d823caa38d8e4d752de2448ae61e1 (6.9-rc1) CVE-2024-26967 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6a3d70f7802a98e6c28a74f997a264118b9f50cd (6.9-rc1) CVE-2024-26966 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/a903cfd38d8dee7e754fb89fd1bebed99e28003d (6.9-rc1) CVE-2024-26965 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96 (6.9-rc1) CVE-2024-26964 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/be95cc6d71dfd0cba66e3621c65413321b398052 (6.9-rc1) CVE-2024-26963 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6661befe41009c210efa2c1bcd16a5cc4cff8a06 (6.9-rc1) CVE-2024-26962 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/41425f96d7aa59bc865f60f5dda3d7697b555677 (6.9-rc1) CVE-2024-26961 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/e8a1e58345cf40b7b272e08ac7b32328b2543e40 (6.9-rc1) CVE-2024-26960 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/82b1c07a0af603e3c47b906c8e991dc96f01688e (6.9-rc1) CVE-2024-26959 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/664130c0b0309b360bc5bdd40a30604a9387bde8 (6.9-rc1) CVE-2024-26958 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/17f46b803d4f23c66cacce81db35fef3adb8f2af (6.9-rc1) CVE-2024-26957 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/50ed48c80fecbe17218afed4f8bed005c802976c (6.9-rc1) CVE-2024-26956 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba (6.9-rc1) CVE-2024-26955 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/269cdf353b5bdd15f1a079671b0f889113865f20 (6.9-rc1) CVE-2024-26954 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/a80a486d72e20bd12c335bcd38b6e6f19356b0aa (6.9-rc1) CVE-2024-26953 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c3198822c6cb9fb588e446540485669cc81c5d34 (6.9-rc1) CVE-2024-26952 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da (6.9-rc1) CVE-2024-26951 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/55b6c738673871c9b0edae05d0c97995c1ff08c4 (6.9-rc1) CVE-2024-26950 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f (6.9-rc1) CVE-2024-26949 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/08ae9ef829b8055c2fdc8cfee37510c1f4721a07 (6.9-rc1) CVE-2024-26948 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/334b56cea5d9df5989be6cf1a5898114fa70ad98 (6.9-rc1) CVE-2024-26947 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc (6.9-rc1) CVE-2024-26946 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b (6.9-rc1) CVE-2024-26945 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux NOTE: https://git.kernel.org/linus/5a7e89d3315d1be86aff8a8bf849023cda6547f7 (6.9-rc2) CVE-2024-26944 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux NOTE: https://git.kernel.org/linus/1ec17ef59168a1a6f1105f5dc517f783839a5302 (6.9-rc2) CVE-2024-26943 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/16e87fe23d4af6df920406494ced5c0f4354567b (6.9-rc2) CVE-2024-26942 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6a4aee277740d04ac0fd54cfa17cc28261932ddc (6.9-rc2) CVE-2024-26941 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9cbd1dae842737bfafa4b10a87909fa209dde250 (6.9-rc2) CVE-2024-26940 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4be9075fec0a639384ed19975634b662bfab938f (6.9-rc2) CVE-2024-26939 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5680-1} - linux [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0e45882ca829b26b915162e8e86dbb1095768e9e (6.9-rc2) CVE-2024-26938 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/32e39bab59934bfd3f37097d4dd85ac5eb0fd549 (6.9-rc2) CVE-2024-26937 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4a3859ea5240365d21f6053ee219bb240d520895 (6.9-rc2) CVE-2024-26936 (In the Linux kernel, the following vulnerability has been resolved: k ...) {DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/17cf0c2794bdb6f39671265aa18aea5c22ee8c4a (6.9-rc6) CVE-2024-26935 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f23a4d6e07570826fe95023ca1aa96a011fa9f84 (6.9-rc2) CVE-2024-26934 (In the Linux kernel, the following vulnerability has been resolved: U ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/80ba43e9f799cbdd83842fc27db667289b3150f5 (6.9-rc2) CVE-2024-26933 (In the Linux kernel, the following vulnerability has been resolved: U ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/f4d1960764d8a70318b02f15203a1be2b2554ca1 (6.9-rc2) CVE-2024-26932 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b63f90487bdf93a4223ce7853d14717e9d452856 (6.9-rc2) CVE-2024-26931 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/a27d4d0e7de305def8a5098a614053be208d1aa1 (6.9-rc2) CVE-2024-26930 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/e288285d47784fdcf7c81be56df7d65c6f10c58b (6.9-rc2) CVE-2024-26929 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/82f522ae0d97119a43da53e0f729275691b9c525 (6.9-rc2) CVE-2023-52648 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/27571c64f1855881753e6f33c3186573afbab7ba (6.9-rc1) CVE-2023-52647 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1) CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) - sqlparse 0.5.0-1 (bug #1070148) [buster] - sqlparse (Minor issue) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 (0.5.0) NOTE: https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) NOT-FOR-US: Adive Framework CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) NOT-FOR-US: Adive Framework CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and ...) NOT-FOR-US: Measuresoft CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...) NOT-FOR-US: IPMI implementations CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WordPress plugin CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...) - frr (bug #1070377) [bullseye] - frr (Vulnerable code introduced later) [buster] - frr (Vulnerable code introduced later) NOTE: https://github.com/FRRouting/frr/pull/15674 NOTE: Proposed fix: https://github.com/FRRouting/frr/commit/34d704fb0ea60dc5063af477a2c11d4884984d4f NOTE: Introduced by: https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (base_8.0) CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...) NOT-FOR-US: OneNav CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...) NOT-FOR-US: yapi CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...) NOT-FOR-US: MajorDoMo (aka Major Domestic Module) CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) NOT-FOR-US: CSS Exfil Protection CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) NOT-FOR-US: CSS Exfil Protection CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...) NOT-FOR-US: novel-plus CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) NOT-FOR-US: DedeCMS CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...) NOT-FOR-US: SpringBlade CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) NOT-FOR-US: TVS Motor Company Limited TVS Connet CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...) NOT-FOR-US: TVS Motor Company Limited TVS Connet CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...) NOT-FOR-US: PrestaShop module CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7 ...) NOT-FOR-US: PrestaShop module CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...) NOT-FOR-US: PrestaShop module CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...) NOT-FOR-US: PrestaShop module CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...) NOT-FOR-US: PrestaShop module CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component ...) - dokuwiki (unimportant) NOTE: https://github.com/dokuwiki/dokuwiki/issues/4267 NOTE: Not a security issue by upstream response and rather a misconfiguration. The NOTE: data directory should never be directly accessible. CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...) NOT-FOR-US: ThinkSAAS CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...) NOT-FOR-US: ThinkSAAS CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...) NOT-FOR-US: HashiCorp Vault CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...) NOT-FOR-US: WordPress plugin CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...) NOT-FOR-US: Hitachi CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...) NOT-FOR-US: Hitachi CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web ...) NOT-FOR-US: Hitachi CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...) NOT-FOR-US: CSS Exfil Protection CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...) NOT-FOR-US: Wallos CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...) NOT-FOR-US: ReCrystallize Server CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...) NOT-FOR-US: ReCrystallize Server CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) NOT-FOR-US: Foxit Reader CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...) NOT-FOR-US: Foxit Reader CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...) NOT-FOR-US: Foxit Reader CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) NOT-FOR-US: Quest KACE Agent CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) NOT-FOR-US: Quest KACE Agent CVE-2024-23772 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...) NOT-FOR-US: Quest KACE Agent CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be bypas ...) NOT-FOR-US: Zscaler CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...) NOT-FOR-US: TRENDnet TEW-815DAP CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...) NOT-FOR-US: XADMaster CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...) NOT-FOR-US: WordPress plugin CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...) NOT-FOR-US: GOG Galaxy CVE-2023-50914 (A Privilege Escalation issue in the inter-process communication proced ...) NOT-FOR-US: GOG Galaxy CVE-2023-50059 (An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to ob ...) NOT-FOR-US: ingalxe.com Galxe CVE-2023-50053 (An issue in Foundation.app Foundation platform 1.0 allows a remote att ...) NOT-FOR-US: Foundation.app Foundation platform CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware ...) NOT-FOR-US: Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...) NOT-FOR-US: Vtiger CRM CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...) NOT-FOR-US: ProQuality pqprintshippinglabels CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...) - libreoffice (unimportant) NOTE: Resource overload in desktop app, no security impact CVE-2024-29040 - tpm2-tss 4.1.0-1 (bug #1070140) NOTE: https://github.com/tpm2-software/tpm2-tss/commit/710cd0b6adf3a063f34a8e92da46df7a107d9a99 (4.1.0) CVE-2024-29039 - tpm2-tools 5.7-1 (bug #1070139) NOTE: https://github.com/tpm2-software/tpm2-tools/commit/98599df9392a346216c5a059b8d35271286100bb (5.7) CVE-2024-29038 - tpm2-tools 5.7-1 (bug #1070139) NOTE: https://github.com/tpm2-software/tpm2-tools/commit/66d922d6547b7b4fe4f274fb2ec10b376e0e259c (5.7) CVE-2024-4327 (A vulnerability was found in Apryse WebViewer up to 10.8.0. It has bee ...) NOT-FOR-US: Apryse WebViewer CVE-2024-4226 (It was identified that in certain versions of Octopus Server, that a u ...) NOT-FOR-US: Octopus Server CVE-2024-4225 (Multiple security vulnerabilities has been discovered in web interface ...) NOT-FOR-US: NetGuardian DIN Remote Telemetry Unit (RTU) CVE-2024-34050 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) NOT-FOR-US: Open Networking Foundation SD-RAN Rimedo rimedo-ts CVE-2024-34049 (Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice b ...) NOT-FOR-US: Open Networking Foundation SD-RAN Rimedo rimedo-ts CVE-2024-34048 (O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdat ...) NOT-FOR-US: O-RAN RIC I-Release e2mgr CVE-2024-34047 (O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateH ...) NOT-FOR-US: O-RAN RIC I-Release e2mgr CVE-2024-34046 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) NOT-FOR-US: O-RAN CVE-2024-34045 (The O-RAN E2T I-Release Prometheus metric Increment function can crash ...) NOT-FOR-US: O-RAN CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a NULL p ...) NOT-FOR-US: O-RAN CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...) NOT-FOR-US: O-RAN CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...) NOT-FOR-US: Calico CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...) NOT-FOR-US: DedeCMS CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...) NOT-FOR-US: TaoCMS CVE-2024-31837 (DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string ...) - dmitry (bug #1070370) [bookworm] - dmitry (Minor issue) [bullseye] - dmitry (Minor issue) [buster] - dmitry (Minor issue, crash in CLI tool, requires malicious parameter) NOTE: https://github.com/jaygreig86/dmitry/pull/12 CVE-2024-28294 (Limbas up to v5.2.14 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Limbas CVE-2024-27518 (An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 all ...) NOT-FOR-US: SUPERAntiSyware Professional X CVE-2024-1371 (The LeadConnector plugin for WordPress is vulnerable to unauthorized m ...) NOT-FOR-US: WordPress plugin CVE-2024-0216 (The Google Doc Embedder plugin for WordPress is vulnerable to Server S ...) NOT-FOR-US: WordPress plugin CVE-2023-52728 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) NOT-FOR-US: onos-lib-go CVE-2023-52727 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an i ...) NOT-FOR-US: onos-lib-go CVE-2023-52726 (Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows i ...) NOT-FOR-US: onos-ric-sdk-go CVE-2023-52725 (Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocki ...) NOT-FOR-US: onos-kpimon CVE-2023-52724 (Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-boun ...) NOT-FOR-US: onos-kpimon CVE-2023-50434 (emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen wit ...) NOT-FOR-US: emdns CVE-2023-50433 (marshall in dhcp_packet.c in simple-dhcp-server through ec976d2 allows ...) NOT-FOR-US: simple-dhcp-server CVE-2023-50432 (simple-dhcp-server through ec976d2 allows remote attackers to cause a ...) NOT-FOR-US: simple-dhcp-server CVE-2023-46960 (Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacke ...) NOT-FOR-US: PyPXE CVE-2023-46566 (Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e3 ...) - tftpy [buster] - tftpy (Minor issue, DoS/exception, no sanctioned patch, no recent upstream activity) NOTE: https://github.com/msoulier/tftpy/issues/140 CVE-2023-31889 (An issue discovered in httpd in ASUS RT-AC51U with firmware version up ...) NOT-FOR-US: ASUS CVE-2024-4310 (Cross-site Scripting (XSS) vulnerability in HubBank affecting version ...) NOT-FOR-US: HubBank CVE-2024-4309 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) NOT-FOR-US: HubBank CVE-2024-4308 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) NOT-FOR-US: HubBank CVE-2024-4307 (SQL injection vulnerability in HubBank affecting version 1.0.2. This v ...) NOT-FOR-US: HubBank CVE-2024-4306 (Critical unrestricted file upload vulnerability in HubBank affecting v ...) NOT-FOR-US: HubBank CVE-2024-4304 (A Cross-Site Scripting XSS vulnerability has been detected on GT3 Solu ...) NOT-FOR-US: GT3 Soluciones SWAL CVE-2024-3375 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: Havelsan Inc. Dialogue CVE-2024-34020 (A stack-based buffer overflow was found in the putSDN() function of ma ...) NOT-FOR-US: hcode CVE-2024-34011 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis Cyber Protect Cloud Agent CVE-2024-34010 (Local privilege escalation due to unquoted search path vulnerability. ...) NOT-FOR-US: Acronis Cyber Protect Cloud Agent CVE-2024-33684 (Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by ...) NOT-FOR-US: WordPress plugin CVE-2024-33652 (Missing Authorization vulnerability in Real Big Plugins Client Dash.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-33636 (Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget ...) NOT-FOR-US: WordPress plugin CVE-2024-33635 (Missing Authorization vulnerability in Piotnet Piotnet Addons For Elem ...) NOT-FOR-US: WordPress plugin CVE-2024-33597 (Missing Authorization vulnerability in ProFaceOff SSU.This issue affec ...) NOT-FOR-US: WordPress plugin CVE-2024-33596 (Missing Authorization vulnerability in Five Star Plugins Five Star Res ...) NOT-FOR-US: WordPress plugin CVE-2024-33595 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...) NOT-FOR-US: WordPress plugin CVE-2024-33594 (Missing Authorization vulnerability in Leaky Paywall.This issue affect ...) NOT-FOR-US: WordPress plugin CVE-2024-33593 (Missing Authorization vulnerability in RedNao Smart Forms.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-33591 (Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept ...) NOT-FOR-US: WordPress plugin CVE-2024-33590 (Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowled ...) NOT-FOR-US: WordPress plugin CVE-2024-33589 (Missing Authorization vulnerability in WPOmnia KB Support.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-33588 (Missing Authorization vulnerability in codeSavory Knowledge Base docum ...) NOT-FOR-US: WordPress plugin CVE-2024-33587 (Missing Authorization vulnerability in Copy Content Protection Team Se ...) NOT-FOR-US: WordPress plugin CVE-2024-33586 (Missing Authorization vulnerability in Photo Gallery Team Photo Galler ...) NOT-FOR-US: WordPress plugin CVE-2024-33585 (Missing Authorization vulnerability in Tyche Softwares Payment Gateway ...) NOT-FOR-US: WordPress plugin CVE-2024-33558 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-33449 (An SSRF issue in the PDFMyURL service allows a remote attacker to obta ...) NOT-FOR-US: PDFMyURL CVE-2024-33445 (An issue in hisiphp v2.0.111 allows a remote attacker to execute arbit ...) NOT-FOR-US: hisiphp CVE-2024-33444 (SQL injection vulnerability in onethink v.1.1 allows a remote attacker ...) NOT-FOR-US: onethink CVE-2024-33443 (An issue in onethink v.1.1 allows a remote attacker to execute arbitra ...) NOT-FOR-US: onethink CVE-2024-33438 (File Upload vulnerability in CubeCart before 6.5.5 allows an authentic ...) NOT-FOR-US: CubeCart CVE-2024-33435 (Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Tec ...) NOT-FOR-US: Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi CVE-2024-33345 (D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer derefe ...) NOT-FOR-US: D-Link CVE-2024-33338 (Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote ...) NOT-FOR-US: jizhicms CVE-2024-33276 (SQL Injection vulnerability in FME Modules preorderandnotication v.3.1 ...) NOT-FOR-US: PrestaShop module CVE-2024-33272 (SQL injection vulnerability in KnowBand for PrestaShop autosuggest bef ...) NOT-FOR-US: PrestaShop module CVE-2024-33271 (An issue in FME Modules eventsmanager before 4.4.0 allows an attacker ...) NOT-FOR-US: PrestaShop module CVE-2024-33269 (SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before ...) NOT-FOR-US: PrestaShop module CVE-2024-33268 (SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 al ...) NOT-FOR-US: PrestaShop module CVE-2024-33266 (SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8 ...) NOT-FOR-US: PrestaShop module CVE-2024-32269 (An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to caus ...) NOT-FOR-US: Yonganda YAD-LOJ CVE-2024-32268 (An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to ...) NOT-FOR-US: Tuya Smart camera U6N CVE-2024-31823 (An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2024-31822 (An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2024-31821 (SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2024-31820 (An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2024-31801 (Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 all ...) NOT-FOR-US: NEXSYS-ONE CVE-2024-31747 (An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (f ...) NOT-FOR-US: Yealink CVE-2024-31705 (An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote at ...) NOT-FOR-US: GLPI plugin CVE-2024-31621 (An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote a ...) NOT-FOR-US: FlowiseAI Inc Flowise CVE-2024-28961 (Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensi ...) NOT-FOR-US: Dell CVE-2024-28320 (Insecure Direct Object References (IDOR) vulnerability in Hospital Man ...) NOT-FOR-US: Hospital Management System CVE-2024-27322 (Deserialization of untrusted data can occur in the R statistical progr ...) - r-base 4.4.0-2 NOTE: https://hiddenlayer.com/research/r-bitrary-code-execution/ NOTE: https://kb.cert.org/vuls/id/238194 CVE-2024-23995 (Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allo ...) NOT-FOR-US: Beekeeper Studio CVE-2024-1969 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Secomea CVE-2024-1579 (Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vuln ...) NOT-FOR-US: Secomea CVE-2024-0840 (The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is ...) NOT-FOR-US: Grandstream UCM CVE-2023-52080 (IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerabil ...) NOT-FOR-US: IEIT NF5280M6 UEFI firmware CVE-2023-51710 (EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a ...) NOT-FOR-US: EMS SQL Manager CVE-2023-51254 (Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remot ...) NOT-FOR-US: Jfinalcms CVE-2023-48684 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis Cyber Protect Cloud Agent CVE-2023-48683 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis Cyber Protect Cloud Agent CVE-2023-46565 (Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d1 ...) - gobgp (bug #1070393) [bookworm] - gobgp (Minor issue) [bullseye] - gobgp (Minor issue) NOTE: https://github.com/osrg/gobgp/issues/2725 CVE-2023-46270 (MacPaw The Unarchiver before 4.3.6 contains vulnerability related to m ...) NOT-FOR-US: MacPaw The Unarchiver CVE-2024-4303 (ArmorX Android APP's multi-factor authentication (MFA) for the login f ...) NOT-FOR-US: ArmorX Android APP's multi-factor authentication (MFA) CVE-2024-4302 (Super 8 Live Chat online customer service platform fails to properly f ...) NOT-FOR-US: Super 8 Live Chat online customer service platform CVE-2024-4301 (N-Reporter and N-Cloud, products of the N-Partner, have an OS Command ...) NOT-FOR-US: N-Reporter CVE-2024-4300 (E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in ...) NOT-FOR-US: E-WEBInformationCo. FS-EZViewer(Web) CVE-2024-4299 (The system configuration interface of HGiga iSherlock (including MailS ...) NOT-FOR-US: HGiga iSherlock CVE-2024-4298 (The email search interface of HGiga iSherlock (including MailSherlock, ...) NOT-FOR-US: HGiga iSherlock CVE-2024-4297 (The system configuration interface of HGiga iSherlock (including MailS ...) NOT-FOR-US: HGiga iSherlock CVE-2024-4296 (The account management interface of HGiga iSherlock (including MailShe ...) NOT-FOR-US: HGiga iSherlock CVE-2024-3196 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) NOT-FOR-US: MailCleaner CVE-2024-3195 (A vulnerability was found in MailCleaner up to 2023.03.14. It has been ...) NOT-FOR-US: MailCleaner CVE-2024-3194 (A vulnerability was found in MailCleaner up to 2023.03.14 and classifi ...) NOT-FOR-US: MailCleaner CVE-2024-3193 (A vulnerability has been found in MailCleaner up to 2023.03.14 and cla ...) NOT-FOR-US: MailCleaner CVE-2024-3192 (A vulnerability, which was classified as problematic, was found in Mai ...) NOT-FOR-US: MailCleaner CVE-2024-3191 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: MailCleaner CVE-2024-33905 (In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS ...) NOT-FOR-US: Telegram WebK CVE-2024-33904 (In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), ...) - hyprland (bug #1040971) CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles some situat ...) NOT-FOR-US: CARLA (carla-simulator) CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attacke ...) TODO: check CVE-2024-33891 (Delinea Secret Server before 11.7.000001 allows attackers to bypass au ...) NOT-FOR-US: Delinea Secret Server CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway, Extend T ...) NOT-FOR-US: WordPress themes CVE-2024-33681 (Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regen ...) NOT-FOR-US: WordPress plugin CVE-2024-33649 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33648 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33646 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Stick ...) NOT-FOR-US: WordPress plugin CVE-2024-33645 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33641 (Deserialization of Untrusted Data vulnerability in Team Yoast Custom f ...) NOT-FOR-US: WordPress plugin CVE-2024-33640 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33637 (Insertion of Sensitive Information into Log File vulnerability in Soli ...) NOT-FOR-US: WordPress plugin CVE-2024-33634 (Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Ad ...) NOT-FOR-US: WordPress plugin CVE-2024-33633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33632 (Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Add ...) NOT-FOR-US: WordPress plugin CVE-2024-33631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33629 (Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Au ...) NOT-FOR-US: WordPress plugin CVE-2024-33627 (Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely ...) NOT-FOR-US: WordPress plugin CVE-2024-33584 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) NOT-FOR-US: WordPress plugin CVE-2024-33575 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-33571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33566 (Missing Authorization vulnerability in N-Media OrderConvo allows OS Co ...) NOT-FOR-US: WordPress plugin CVE-2024-33562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33559 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-33554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33553 (Deserialization of Untrusted Data vulnerability in 8theme XStore Core. ...) NOT-FOR-US: WordPress plugin CVE-2024-33551 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-33548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33546 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-33544 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-33542 (Authorization Bypass Through User-Controlled Key vulnerability in Fabi ...) NOT-FOR-US: WordPress plugin CVE-2024-33540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33538 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-33537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33339 REJECTED CVE-2024-33331 REJECTED CVE-2024-2505 (The GamiPress WordPress plugin before 6.8.9's access control mechanis ...) NOT-FOR-US: WordPress plugin CVE-2024-1905 (The Smart Forms WordPress plugin before 2.6.96 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-52723 (In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cl ...) {DLA-3809-1} - libkf5ksieve 4:22.12.3-2 (bug #1069163) [bookworm] - libkf5ksieve (Minor issue, will be fixed via spu) [bullseye] - libkf5ksieve (Minor issue, will be fixed via ospu) NOTE: https://www.openwall.com/lists/oss-security/2024/04/25/1 NOTE: Fixed by: https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac4ac503ba039d0b788ac7595120db1 (v23.03.80) CVE-2024-4294 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Doctor Appointment Management System CVE-2024-4293 (A vulnerability classified as problematic was found in PHPGurukul Doct ...) NOT-FOR-US: PHPGurukul Doctor Appointment Management System CVE-2024-4292 (A vulnerability classified as critical has been found in Contemporary ...) NOT-FOR-US: Contemporary Controls BASrouter BACnet BASRT-B CVE-2024-33883 (The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ...) - node-ejs 3.1.10+~3.1.5-1 [bookworm] - node-ejs (Minor issue) [bullseye] - node-ejs (Minor issue) [buster] - node-ejs (Minor issue, follow bullseye) NOTE: https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5 (v3.1.10) CVE-2024-33851 (phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based t ...) NOT-FOR-US: phpecc CVE-2024-25050 (IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2 ...) NOT-FOR-US: IBM CVE-2023-52722 (An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zm ...) - ghostscript 10.02.0~dfsg-1 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1 (ghostpdl-10.03.0rc1) NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1ff9a695947967d2d327c45bf5145dd381fc1745 (ghostpdl-10.02.0) CVE-2022-48685 (An issue was discovered in Logpoint 7.1 before 7.1.2. The daily execut ...) NOT-FOR-US: Logpoint CVE-2022-48684 (An issue was discovered in Logpoint before 7.1.1. Template injection w ...) NOT-FOR-US: Logpoint CVE-2024-26928 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/ca545b7f0823f19db0f1148d59bc5e1a56634502 (6.9-rc3) CVE-2024-26927 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98f681b0f84cfc3a1d83287b77697679e0398306 (6.9-rc1) CVE-2022-48668 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4) CVE-2022-48667 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4) CVE-2022-48666 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8fe4ce5836e932f5766317cb651c1ff2a4cd0506 (6.0-rc5) CVE-2022-48665 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62 (6.0-rc7) CVE-2022-48664 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/a362bb864b8db4861977d00bd2c3222503ccc34b (6.0-rc7) CVE-2022-48663 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68 (6.0-rc7) CVE-2022-48662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d119888b09bd567e07c6b93a07f175df88857e02 (6.0-rc7) CVE-2022-48661 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/02743c4091ccfb246f5cdbbe3f44b152d5d12933 (6.0-rc7) CVE-2022-48660 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/69bef19d6b9700e96285f4b4e28691cda3dcd0d1 (6.0-rc7) CVE-2022-48659 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/7e9c323c52b379d261a72dc7bd38120a761a93cd (6.0-rc7) CVE-2022-48658 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e45cc288724f0cfd497bb5920bcfa60caa335729 (6.0-rc7) CVE-2022-48657 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.0.2-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d4955c0ad77dbc684fc716387070ac24801b8bca (6.0-rc7) CVE-2022-48656 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e (6.0-rc7) CVE-2022-48655 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e9076ffbcaed5da6c182b144ef9f6e24554af268 (6.0-rc7) CVE-2022-48654 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 (6.0-rc7) CVE-2022-48653 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/23c619190318376769ad7b61504c2ea0703fb783 (6.0-rc7) CVE-2022-48652 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a509702cac95a8b450228a037c8542f57e538e5b (6.0-rc7) CVE-2022-48651 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/81225b2ea161af48e093f58e8dfee6d705b16af4 (6.0-rc7) CVE-2022-48650 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/601be20fc6a1b762044d2398befffd6bf236cebf (6.0-rc7) CVE-2022-48649 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d71608a877362becdc94191f190902fac1e64d35 (6.0-rc7) CVE-2022-48648 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0a242eb2913a4aa3d6fbdb86559f27628e9466f3 (6.0-rc7) CVE-2022-48647 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f232af4295653afa4ade3230462b3be15ad16419 (6.0-rc7) CVE-2022-48646 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa (6.0-rc7) CVE-2022-48645 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5641c751fe2f92d3d9e8a8e03c1263ac8caa0b42 (6.0-rc7) CVE-2022-48644 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/db46e3a88a09c5cf7e505664d01da7238cd56c92 (6.0-rc7) CVE-2022-48643 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/921ebde3c0d22c8cba74ce8eb3cc4626abff1ccd (6.0-rc7) CVE-2022-48642 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9a4d6dd554b86e65581ef6b6638a39ae079b17ac (6.0-rc7) CVE-2022-48641 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/62ce44c4fff947eebdf10bb582267e686e6835c9 (6.0-rc7) CVE-2022-48640 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0e400d602f46360752e4b32ce842dba3808e15e6 (6.0-rc7) CVE-2022-48639 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c2e1cfefcac35e0eea229e148c8284088ce437b5 (6.0-rc7) CVE-2022-48638 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/df02452f3df069a59bc9e69c84435bf115cb6e37 (6.0-rc7) CVE-2022-48637 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c31f26c8f69f776759cbbdfb38e40ea91aa0dd65 (6.0-rc7) CVE-2022-48636 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/db7ba07108a48c0f95b74fabbfd5d63e924f992d (6.0-rc7) CVE-2022-48635 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/17d9c15c9b9e7fb285f7ac5367dfb5f00ff575e3 (6.0-rc7) CVE-2022-48634 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/63e37a79f7bd939314997e29c2f5a9f0ef184281 (6.0-rc6) CVE-2022-48633 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.0.2-1 NOTE: https://git.kernel.org/linus/b6f25c3b94f2aadbf5cbef954db4073614943d74 (6.0-rc6) CVE-2022-48632 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/de24aceb07d426b6f1c59f33889d6a964770547b (6.0-rc7) CVE-2022-48631 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/29a5b8a137ac8eb410cc823653a29ac0e7b7e1b0 (6.0-rc7) CVE-2024-4291 (A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It ha ...) NOT-FOR-US: Tenda CVE-2024-4257 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) NOT-FOR-US: BlueNet Technology Clinical Browsing System CVE-2024-4256 (A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6 ...) NOT-FOR-US: Techkshetra Info Solutions Savsoft Quiz CVE-2024-4255 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-4252 (A vulnerability classified as critical has been found in Tenda i22 1.0 ...) NOT-FOR-US: Tenda CVE-2024-4251 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rat ...) NOT-FOR-US: Tenda CVE-2024-4250 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...) NOT-FOR-US: Tenda CVE-2024-4249 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...) NOT-FOR-US: Tenda CVE-2024-4248 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...) NOT-FOR-US: Tenda CVE-2024-4247 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...) NOT-FOR-US: Tenda CVE-2024-4246 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-3342 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-3309 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-25048 (IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer ...) NOT-FOR-US: IBM CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...) NOT-FOR-US: Tenda CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...) NOT-FOR-US: Tenda CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) NOT-FOR-US: Tenda CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) NOT-FOR-US: Tenda CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) NOT-FOR-US: Tenda CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...) NOT-FOR-US: Tenda CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...) NOT-FOR-US: silabs CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...) NOT-FOR-US: silabs CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...) NOT-FOR-US: WordPress plugin CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...) - ruby-sidekiq (Vulnerable code introduced in 7.2.0) NOTE: Introduced by: https://github.com/sidekiq/sidekiq/commit/1b9f7db4c5d0dc41b6eac2682710715eed5aadce (v7.2.0) NOTE: Fixed by: https://github.com/sidekiq/sidekiq/commit/30786e082c70349ab27ffa9eccc42fb0c696164d (v7.2.4) NOTE: https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...) NOT-FOR-US: mcuboot CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...) NOT-FOR-US: Danswer CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...) NOT-FOR-US: llama.cpp CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...) NOT-FOR-US: Lavalite CMS CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...) NOT-FOR-US: MiniCMS CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...) NOT-FOR-US: Panabit CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...) NOT-FOR-US: cmseasy CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...) NOT-FOR-US: Insurance Management System CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...) NOT-FOR-US: ASUS CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...) NOT-FOR-US: Brocade CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) NOT-FOR-US: WordPress plugin CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...) NOT-FOR-US: PuneethReddyHC Event Management CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) NOT-FOR-US: Tenda CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...) NOT-FOR-US: Netgear CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Sayful Islam Filterable Portfolio CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) - mattermost-server (bug #823556) CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) - mattermost-server (bug #823556) CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...) - mattermost-server (bug #823556) CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...) - mattermost-server (bug #823556) CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup ...) NOT-FOR-US: WordPress plugin CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...) NOT-FOR-US: WordPress plugin CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...) NOT-FOR-US: WordPress plugin CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...) NOT-FOR-US: WordPress plugin CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...) NOT-FOR-US: WordPress plugin CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information ...) NOT-FOR-US: WordPress plugin CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...) NOT-FOR-US: WordPress plugin CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...) NOT-FOR-US: WordPress plugin CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...) NOT-FOR-US: WordPress plugin CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...) NOT-FOR-US: WordPress plugin CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...) NOT-FOR-US: D-Link CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...) NOT-FOR-US: D-Link CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...) NOT-FOR-US: D-Link CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure ...) - quickjs (bug #1070373) NOTE: https://github.com/bellard/quickjs/issues/277 CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5133 CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5132 CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5114 CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5135 CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...) NOT-FOR-US: WordPress plugin CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...) - rust-gitoxide (bug #1043208) CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...) - pyload (bug #1001980) CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...) NOT-FOR-US: WordPress plugin CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible Shipping.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.T ...) NOT-FOR-US: WordPress plugin CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews Plus.This iss ...) NOT-FOR-US: WordPress plugin CVE-2024-32766 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2024-32764 (A missing authentication for critical function vulnerability has been ...) NOT-FOR-US: QNAP CVE-2024-32730 (SAP Enable Now Manager does not perform necessary authorization checks ...) NOT-FOR-US: SAP CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...) - mattermost-server (bug #823556) CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows administ ...) NOT-FOR-US: ASUS CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...) NOT-FOR-US: ASUS CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...) NOT-FOR-US: ASUS CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...) NOT-FOR-US: ASUS CVE-2024-27790 (Claris International has resolved an issue of potentially allowing una ...) NOT-FOR-US: Claris CVE-2024-27124 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass intended sec ...) NOT-FOR-US: Tenda CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 an ...) - mattermost-server (bug #823556) CVE-2024-21905 (An integer overflow or wraparound vulnerability has been reported to a ...) NOT-FOR-US: QNAP CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection via th ...) NOT-FOR-US: WordPress plugin CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...) NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in 4.1.x) NOTE: https://trac.ffmpeg.org/ticket/10746 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07 (n7.0) CVE-2023-51365 (A path traversal vulnerability has been reported to affect several QNA ...) NOT-FOR-US: QNAP CVE-2023-51364 (A path traversal vulnerability has been reported to affect several QNA ...) NOT-FOR-US: QNAP CVE-2023-50364 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-50363 (An incorrect authorization vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2023-50362 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-50361 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-47222 (An exposure of sensitive information vulnerability has been reported t ...) NOT-FOR-US: QNAP CVE-2023-42955 (Claris International has successfully resolved an issue of potentially ...) NOT-FOR-US: Claris CVE-2023-41291 (A path traversal vulnerability has been reported to affect QuFirewall. ...) NOT-FOR-US: QNAP CVE-2023-41290 (A path traversal vulnerability has been reported to affect QuFirewall. ...) NOT-FOR-US: QNAP CVE-2022-48611 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-52646 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/81e9d6f8647650a7bead74c5f926e29970e834d1 (6.2) CVE-2024-4163 (The Skylab IGX IIoT Gateway allowed users to connect to it via a limit ...) NOT-FOR-US: Skylab IGX IIoT Gateway CVE-2024-4056 (Denial of service condition in M-Files Server in versions before 24.4. ...) NOT-FOR-US: M-Files Server CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...) NOT-FOR-US: WordPress plugin CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...) NOT-FOR-US: WordPress plugin CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) NOT-FOR-US: Veritas CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...) NOT-FOR-US: Veritas CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) NOT-FOR-US: Veritas CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...) NOT-FOR-US: Passbolt API CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...) NOT-FOR-US: Passbolt Browser Extension CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...) - zammad (bug #841355) CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...) - zammad (bug #841355) CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with customer ac ...) - zammad (bug #841355) CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...) NOT-FOR-US: angular-translate CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...) - python-jose (bug #1070375) NOTE: https://github.com/mpdavis/python-jose/issues/344 NOTE: https://github.com/mpdavis/python-jose/pull/345 CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) - python-jose (bug #1070375) NOTE: https://github.com/mpdavis/python-jose/issues/346 CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) NOT-FOR-US: Portainer CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) NOT-FOR-US: WordPress plugin CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...) NOT-FOR-US: WordPress plugin CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...) NOT-FOR-US: WordPress plugin CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...) NOT-FOR-US: Zitadel CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...) NOT-FOR-US: changedetection.io CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) NOT-FOR-US: inducer relate CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) NOT-FOR-US: inducer relate CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...) - cjson NOTE: https://github.com/DaveGamble/cJSON/issues/839 NOTE: https://github.com/DaveGamble/cJSON/pull/840 NOTE: https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59 CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...) NOT-FOR-US: Code-Projects Simple School Management System CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...) NOT-FOR-US: BOSSCMS CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2024-2429 (The Salon booking system WordPress plugin through 9.6.5 does not have ...) NOT-FOR-US: WordPress plugin CVE-2024-2310 (The WP Google Review Slider WordPress plugin before 13.6 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2024-2159 (The Social Sharing Plugin WordPress plugin before 3.3.61 does not val ...) NOT-FOR-US: WordPress plugin CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This issue af ...) NOT-FOR-US: UvDesk Community CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) NOT-FOR-US: Hanwha Vision Co CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw that using ...) NOT-FOR-US: Hanwha Vision Co CVE-2023-6095 (Vladimir Kononovich, a Security Researcher has found a flaw that allow ...) NOT-FOR-US: Hanwha Vision Co CVE-2023-47252 (An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 ...) NOT-FOR-US: InsydeH2O CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows ...) - fdupes 1:2.2.1-1 [bullseye] - fdupes (Minor issue) [buster] - fdupes (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381 NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0) CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...) {DSA-5677-1} - ruby3.2 (bug #1069968) - ruby3.1 (bug #1069969) - ruby2.7 - ruby2.5 NOTE: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ NOTE: https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer strings The ...) {DSA-5678-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31680 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/2 NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation failure ...) {DSA-5678-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31679 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/2 NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b CVE-2024-33600 (nscd: Null pointer crashes after notfound response If the Name Servic ...) {DSA-5678-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31678 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/2 NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=b048a482f088e53144d26a61c390bed0210f49f2 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7835b00dbce53c3c87bbbb1754a95fb5e58187aa CVE-2024-33599 (nscd: Stack-based buffer overflow in netgroup cache If the Name Servi ...) {DSA-5678-1} - glibc 2.37-19 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31677 NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/2 NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=87801a8fd06db1d654eea3e4f7626ff476a9bdaa CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...) NOT-FOR-US: Hyperion CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...) NOT-FOR-US: Hyperion CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...) NOT-FOR-US: idcCMS CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...) NOT-FOR-US: Tenda CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...) NOT-FOR-US: Tenda CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...) NOT-FOR-US: Tenda CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...) NOT-FOR-US: Tenda CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...) NOT-FOR-US: Tenda CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...) NOT-FOR-US: Tenda CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...) NOT-FOR-US: WordPress plugin CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...) NOT-FOR-US: WordPress plugin CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...) NOT-FOR-US: Sourcecodester Employee Task Management System CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...) NOT-FOR-US: MeterSphere CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...) NOT-FOR-US: Jpress CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd ...) NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...) NOT-FOR-US: CmsEasy CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.) NOT-FOR-US: ThinkCMF CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...) NOT-FOR-US: TWCMS CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...) NOT-FOR-US: Yealink CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...) NOT-FOR-US: ED01-CMS CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...) NOT-FOR-US: WordPress plugin CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...) - gitlab CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...) NOT-FOR-US: DedeCMS CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version 1.7.2, ...) - glpi NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw NOTE: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9 CVE-2024-28240 (The GLPI Agent is a generic management agent. A vulnerability that onl ...) - glpi NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp NOTE: https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f CVE-2024-25917 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident responder ...) NOT-FOR-US: Iris CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::DecodeByte ...) - gdcm 3.0.24-1 (bug #1070387) [bookworm] - gdcm (Minor issue) [bullseye] - gdcm (Minor issue) [buster] - gdcm (Minor issue, follow bullseye) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944 NOTE: https://github.com/malaterre/GDCM/commit/dda17aa8d5939e4e255ebba67aacf34b09d88692 (v3.0.24) CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) NOT-FOR-US: IBM CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupTable:: ...) - gdcm 3.0.24-1 (bug #1070387) [bookworm] - gdcm (Minor issue) [bullseye] - gdcm (Minor issue) [buster] - gdcm (Minor issue, follow bullseye) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924 NOTE: https://github.com/malaterre/GDCM/commit/21a793095ab3aecb794c56439873e5b181ea9d91 (v3.0.24) CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...) - gdcm 3.0.24-1 (bug #1070387) [bookworm] - gdcm (Minor issue) [bullseye] - gdcm (Minor issue) [buster] - gdcm (Minor issue, follow bullseye) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935 NOTE: https://github.com/malaterre/GDCM/commit/371c2d937e37b08a46eeb0628c553ce4608a45df (v3.0.24) CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...) NOT-FOR-US: MonsterInsights Google Analytics CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User or Custo ...) NOT-FOR-US: WordPress plugin CVE-2023-51482 (Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manag ...) NOT-FOR-US: WordPress plugin CVE-2024-4173 (A vulnerability in Brocade SANnav exposes Kafka in the wan interface. ...) NOT-FOR-US: Brocade CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...) NOT-FOR-US: Brocade CVE-2024-4159 (Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377 ...) NOT-FOR-US: Brocade CVE-2024-3988 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) NOT-FOR-US: WordPress plugin CVE-2024-3929 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) NOT-FOR-US: WordPress plugin CVE-2024-3893 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-2907 (The AGCA WordPress plugin before 7.2.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2024-29205 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Ivanti CVE-2024-23527 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-20313 (A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE ...) NOT-FOR-US: Cisco CVE-2023-51478 (Improper Authentication vulnerability in Abdul Hakeem Build App Online ...) NOT-FOR-US: WordPress plugin CVE-2024-26926 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1 DSA-5680-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aaef73821a3b0194a01bd23ca77774f704a04d40 (6.9-rc5) CVE-2024-26925 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5680-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d459e2ffb541841714839e8228b845458ed3b27 (6.9-rc3) NOTE: https://www.openwall.com/lists/oss-security/2024/05/07/6 CVE-2024-26924 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5680-1} - linux [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (6.9-rc5) CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 (Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed ...) {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4059 (Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 a ...) {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4058 (Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowe ...) {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...) NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago) CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) NOT-FOR-US: Tenda CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) NOT-FOR-US: Tenda CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) NOT-FOR-US: Tenda CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...) NOT-FOR-US: Tenda CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...) NOT-FOR-US: Tenda CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...) NOT-FOR-US: Tenda CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...) NOT-FOR-US: Tenda CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...) NOT-FOR-US: Tenda CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...) NOT-FOR-US: Tenda CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...) NOT-FOR-US: Tenda CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...) NOT-FOR-US: Tenda CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara Online Furniture Shopping Ecommerce Website CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...) NOT-FOR-US: Tenda CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...) NOT-FOR-US: MongoDB Compass CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...) NOT-FOR-US: lua-resty-jwt CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...) NOT-FOR-US: WordPress plugin CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...) NOT-FOR-US: WordPress plugin CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...) NOT-FOR-US: WordPress plugin CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...) NOT-FOR-US: WordPress plugin CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...) NOT-FOR-US: WordPress plugin CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...) NOT-FOR-US: WordPress plugin CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...) - social-auth-app-django (bug #1070374) [bookworm] - social-auth-app-django (Minor issue) [bullseye] - social-auth-app-django (Minor issue) [buster] - social-auth-app-django (Minor issue) - python-social-auth NOTE: https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 NOTE: https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 (5.4.1) CVE-2024-32876 (NewPipe is an Android app for video streaming written in Java. It supp ...) NOT-FOR-US: NewPipe Android app CVE-2024-32875 (Hugo is a static site generator. Starting in version 0.123.0 and prior ...) - hugo 0.125.4-1 [bookworm] - hugo (Vulnerable code not present) [bullseye] - hugo (Vulnerable code not present) [buster] - hugo (Vulnerable code not present) NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-ppf8-hhpp-f5hj CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content management ...) NOT-FOR-US: Umbraco CVE-2024-32869 (Hono is a Web application framework that provides support for any Java ...) NOT-FOR-US: Hono CVE-2024-32866 (Conform, a type-safe form validation library, allows the parsing of ne ...) NOT-FOR-US: Conform CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability in WP La ...) NOT-FOR-US: WordPress plugin CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee Import Ex ...) NOT-FOR-US: WordPress plugin CVE-2024-32834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32825 (Insertion of Sensitive Information into Log File vulnerability in Patr ...) NOT-FOR-US: WordPress plugin CVE-2024-32823 (Authorization Bypass Through User-Controlled Key vulnerability in Feed ...) NOT-FOR-US: WordPress plugin CVE-2024-32819 (Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-32817 (Deserialization of Untrusted Data vulnerability in Import and export u ...) NOT-FOR-US: WordPress plugin CVE-2024-32816 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32812 (Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Po ...) NOT-FOR-US: WordPress plugin CVE-2024-32808 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) NOT-FOR-US: WordPress plugin CVE-2024-32806 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline ...) NOT-FOR-US: WordPress plugin CVE-2024-32803 (Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon S ...) NOT-FOR-US: WordPress plugin CVE-2024-32801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32796 (Insertion of Sensitive Information into Log File vulnerability in Very ...) NOT-FOR-US: WordPress plugin CVE-2024-32795 (Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io \u ...) NOT-FOR-US: WordPress plugin CVE-2024-32794 (Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pr ...) NOT-FOR-US: WordPress plugin CVE-2024-32793 (Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pr ...) NOT-FOR-US: WordPress plugin CVE-2024-32791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32789 (Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-32788 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) NOT-FOR-US: WordPress plugin CVE-2024-32785 (Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack E ...) NOT-FOR-US: WordPress plugin CVE-2024-32782 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32781 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32780 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32775 (Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google ...) NOT-FOR-US: WordPress plugin CVE-2024-32773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elem ...) NOT-FOR-US: WordPress plugin CVE-2024-32772 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) NOT-FOR-US: WordPress plugin CVE-2024-32728 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...) NOT-FOR-US: WordPress plugin CVE-2024-32726 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32723 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32722 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32721 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32718 (Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack ...) NOT-FOR-US: WordPress plugin CVE-2024-32716 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32711 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32710 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32709 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32706 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32702 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32699 (Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2024-32678 (Missing Authorization vulnerability in TrackShip TrackShip for WooComm ...) NOT-FOR-US: WordPress plugin CVE-2024-32677 (Missing Authorization vulnerability in LoginPress LoginPress Pro.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order Limit for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 - freerdp2 (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4 NOTE: https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7 (3.5.1) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4 (3.0.0-beta1) CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) NOT-FOR-US: WordPress plugin CVE-2024-32077 (Apache Airflow version 2.9.0 has a vulnerability that allows an authen ...) - airflow (bug #819700) CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...) NOT-FOR-US: RoamWiFi CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...) NOT-FOR-US: RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45 ...) NOT-FOR-US: RoamWiFi CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the remotelink fu ...) NOT-FOR-US: HadSky CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...) NOT-FOR-US: WordPress plugin CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path ...) NOT-FOR-US: Dell CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Path Trav ...) NOT-FOR-US: Dell CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive ...) NOT-FOR-US: Dell CVE-2024-28825 (Improper restriction of excessive authentication attempts on some auth ...) - check-mk CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System v.1.0 allows ...) NOT-FOR-US: PHP Task Management System CVE-2024-27791 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-27537 REJECTED CVE-2024-27536 REJECTED CVE-2024-23271 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-23228 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the preloading ...) NOT-FOR-US: Cisco CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore ...) NOT-FOR-US: Cisco CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2024-20353 (A vulnerability in the management and VPN web servers for Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management Controll ...) NOT-FOR-US: Cisco CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...) NOT-FOR-US: WordPress plugin CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...) NOT-FOR-US: WordPress plugin CVE-2024-0151 (Insufficient argument checking in Secure state Entry functions in soft ...) NOT-FOR-US: Arm CVE-2023-7253 (The Import WP WordPress plugin before 2.13.1 does not prevent users w ...) NOT-FOR-US: WordPress plugin CVE-2023-51477 (Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Them ...) NOT-FOR-US: WordPress plugin CVE-2023-51472 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...) NOT-FOR-US: WordPress plugin CVE-2023-51471 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...) NOT-FOR-US: WordPress plugin CVE-2023-51425 (Improper Privilege Management vulnerability in Jacques Malgrange Renco ...) NOT-FOR-US: WordPress plugin CVE-2023-51405 (Improper Authentication vulnerability in Repute Infosystems BookingPre ...) NOT-FOR-US: WordPress plugin CVE-2023-48939 REJECTED CVE-2023-48938 REJECTED CVE-2023-48763 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: WordPress plugin CVE-2023-47774 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2023-47504 (Improper Authentication vulnerability in Elementor Elementor Website B ...) NOT-FOR-US: WordPress plugin CVE-2023-47357 REJECTED CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi Rating allo ...) NOT-FOR-US: WordPress plugin CVE-2024-25583 (A crafted response from an upstream server the recursor has been confi ...) {DSA-5674-1} - pdns-recursor 4.9.5-1 (bug #1069762) [bullseye] - pdns-recursor (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1 NOTE: Introduced by: https://github.com/PowerDNS/pdns/commit/3f427fc636282792374e2eb754621f0520e52402 (rec-4.9.4) NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/3d16f2f49c22326e5a72f074c2a1f1b45769cb3f (rec-4.9.5) NOTE: Introduced by: https://github.com/PowerDNS/pdns/commit/c090cc8b9198a9ee9155486894505a86878e30ee (rec-4.8.7) NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9 (rec-4.8.8) CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property can be ...) - cri-o (bug #979702) CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE Provide ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) [buster] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1528 NOTE: https://www.bouncycastle.org/latest_releases.html CVE-2024-4065 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-4064 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...) NOT-FOR-US: Tenda CVE-2024-4063 (A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. I ...) NOT-FOR-US: EZVIZ CVE-2024-4062 (A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classi ...) NOT-FOR-US: Hualai Xiaofang iSC5 CVE-2024-3911 (An unauthenticated remote attacker candeceive users into performing un ...) NOT-FOR-US: Welotec GmbH products CVE-2024-3732 (The GeoDirectory \u2013 WordPress Business Directory Plugin, or Classi ...) NOT-FOR-US: WordPress plugin CVE-2024-3665 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3491 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-3185 (A key used in logging.json does not follow the least privilege princip ...) NOT-FOR-US: Rapid7 CVE-2024-33217 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33215 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33214 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33213 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33212 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-33211 (Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based ...) NOT-FOR-US: Tenda CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared Files.T ...) NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10) CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1) CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7) CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - freerdp2 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1) CVE-2024-32482 (The Tillitis TKey signer device application is an ed25519 signing tool ...) NOT-FOR-US: Tillitis TKey CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerability, ...) - fceux (Vulnerable code never uploaded to the archive) NOTE: https://github.com/TASEmulators/fceux/issues/727 NOTE: Introduced in https://github.com/TASEmulators/fceux/commit/798c5a1d9c73b899cdbe3d613c0022588281979f NOTE: Fixed in https://github.com/TASEmulators/fceux/commit/48b48e7c13be1b949074f42660a33c7ef57135e1 CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) - matrix-synapse (bug #1069763) NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v NOTE: https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) NOT-FOR-US: PX4 Autopilot CVE-2024-2477 (The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-28627 (An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain s ...) NOT-FOR-US: Flipsnack CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSoftcopyV ...) - dcmtk (bug #1070207) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957 NOTE: https://support.dcmtk.org/redmine/issues/1120 NOTE: https://github.com/DCMTK/dcmtk/commit/601b227eecaab33a3a3a11dc256d84b1a62f63af NOTE: https://github.com/DCMTK/dcmtk/commit/7d54f8efec995e5601d089fa17b0625c2b41af23 CVE-2024-21979 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) NOT-FOR-US: AMD Radeon Windows driver CVE-2024-21972 (An out of bounds write vulnerability in the AMD Radeon\u2122 user mode ...) NOT-FOR-US: AMD Radeon Windows driver CVE-2024-0900 (The Elespare \u2013 Build Your Blog, News & Magazine Websites with Exp ...) NOT-FOR-US: WordPress plugin CVE-2023-47731 (IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM CVE-2024-26922 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (6.9-rc5) CVE-2024-4031 (Unquoted Search Path or Element vulnerability in Logitech MEVO WEBCAM ...) NOT-FOR-US: Logitech CVE-2024-3889 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-3664 (The Quick Featured Images plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2024-3293 (The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-32657 (Hydra is a Continuous Integration service for Nix based projects. Atta ...) NOT-FOR-US: Hydra CVE-2024-32656 (Ant Media Server is live streaming engine software. A local privilege ...) NOT-FOR-US: Ant Media Server CVE-2024-32653 (jadx is a Dex to Java decompiler. Prior to version 1.5.0, the packag ...) NOT-FOR-US: jadx CVE-2024-32480 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) NOT-FOR-US: LibreNMS CVE-2024-32479 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) NOT-FOR-US: LibreNMS CVE-2024-32461 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...) NOT-FOR-US: LibreNMS CVE-2024-32394 (An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01 ...) NOT-FOR-US: ruijie.com/cn CVE-2024-31857 (Forminator prior to 1.15.4 contains a cross-site scripting vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-31077 (Forminator prior to 1.29.3 contains a SQL injection vulnerability. If ...) NOT-FOR-US: WordPress plugin CVE-2024-31036 (A heap-buffer-overflow vulnerability in the read_byte function in Nano ...) NOT-FOR-US: NanoMQ CVE-2024-2799 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-2798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-2760 (Bkav Home v7816, build 2403161130 is vulnerable to a Memory Informatio ...) NOT-FOR-US: Bkac CVE-2024-2493 (Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This is ...) NOT-FOR-US: Hitachi CVE-2024-29368 (An arbitrary file upload vulnerability in the file handling module of ...) NOT-FOR-US: moziloCMS CVE-2024-28890 (Forminator prior to 1.29.0 contains an unrestricted upload of file wit ...) NOT-FOR-US: WordPress plugin CVE-2024-27574 (SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 a ...) NOT-FOR-US: Trainme Academy CVE-2024-21511 (Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrar ...) NOT-FOR-US: Node mysql2 CVE-2024-1241 (Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulne ...) NOT-FOR-US: Watchdog Antivirus CVE-2023-6833 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2023-48184 (QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free b ...) - quickjs 2024.01.13-1 NOTE: https://github.com/bellard/quickjs/issues/198 NOTE: https://github.com/bellard/quickjs/issues/156 NOTE: https://github.com/bellard/quickjs/commit/7414e5f67f9a404f3cf91ffa69d0c93bf46d099e CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer derefe ...) - quickjs 2024.01.13-1 NOTE: https://github.com/bellard/quickjs/issues/192 NOTE: https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077 CVE-2024-4040 (A server side template injection vulnerability in CrushFTP in all vers ...) NOT-FOR-US: CrushFTP CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...) NOT-FOR-US: Holded CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...) NOT-FOR-US: WordPress plugin CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought ...) NOT-FOR-US: WordPress plugin CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) NOT-FOR-US: WordPress plugin CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) NOT-FOR-US: WordPress plugin CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...) NOT-FOR-US: inducer relate CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...) NOT-FOR-US: inducer relate CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...) NOT-FOR-US: RaidenMAILD Mail Server CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...) NOT-FOR-US: Agasta Sanketlife CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...) NOT-FOR-US: H3C ER8300G2-X CVE-2024-32205 REJECTED CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...) NOT-FOR-US: flusity-CMS CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Computer Laboratory Management System CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...) NOT-FOR-US: DedeCMS CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...) NOT-FOR-US: Sylius CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...) NOT-FOR-US: OpenStack Storlets yoga-eom CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...) NOT-FOR-US: D-Link CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...) NOT-FOR-US: Axefinance Axe Credit Portal CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...) NOT-FOR-US: Tormach xsTECH CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) NOT-FOR-US: Tormach xsTECH CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) NOT-FOR-US: Tormach xsTECH CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...) NOT-FOR-US: Tormach xsTECH CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) NOT-FOR-US: Tormach xsTECH CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...) NOT-FOR-US: Tormach xsTECH CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...) NOT-FOR-US: Sharp CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...) NOT-FOR-US: vendor.gsm.serial, CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...) NOT-FOR-US: Orbic Maui CVE-2023-38299 (Various software builds for the AT&T Calypso, Nokia C100, Nokia C200, ...) NOT-FOR-US: Nokia CVE-2023-38298 (Various software builds for the following TCL devices (30Z, A3X, 20XE, ...) NOT-FOR-US: TCL CVE-2023-38297 (An issue was discovered in a third-party com.factory.mmigroup componen ...) NOT-FOR-US: com.factory.mmigroup CVE-2023-38296 (Various software builds for the following TCL 30Z and TCL A3X devices ...) NOT-FOR-US: TCL CVE-2023-38295 (Certain software builds for the TCL 30Z and TCL 10 Android devices con ...) NOT-FOR-US: TCL CVE-2023-38294 (Certain software builds for the Itel Vision 3 Turbo Android device con ...) NOT-FOR-US: Itel CVE-2023-38293 (Certain software builds for the Nokia C200 and Nokia C100 Android devi ...) NOT-FOR-US: Nokia CVE-2023-38292 (Certain software builds for the TCL 20XE Android device contain a vuln ...) NOT-FOR-US: TCL CVE-2023-38291 (An issue was discovered in a third-party component related to ro.boot. ...) NOT-FOR-US: ro.boot.wifimacaddr CVE-2023-38290 (Certain software builds for the BLU View 2 and Sharp Rouvo V Android d ...) NOT-FOR-US: BLU / Sharp CVE-2024-27349 (Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Se ...) NOT-FOR-US: Apache HugeGraph-Hubble CVE-2024-27348 (RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. ...) NOT-FOR-US: Apache HugeGraph-Hubble CVE-2024-27347 (Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-H ...) NOT-FOR-US: Apache HugeGraph-Hubble CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) NOT-FOR-US: Keenetic router CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...) NOT-FOR-US: Keenetic router CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automati ...) NOT-FOR-US: WordPress plugin CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...) NOT-FOR-US: flusity CMS CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...) NOT-FOR-US: PX4 Autopilot CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...) NOT-FOR-US: Innovaphone CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent users fr ...) NOT-FOR-US: WordPress plugin CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Koha Library Management System CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...) NOT-FOR-US: WordPress plugin CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6) CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9 NOTE: https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6) CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5 NOTE: https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07 (2.11.6) CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p NOTE: https://github.com/FreeRDP/FreeRDP/commit/9bc624c721ecde8251cfabd1edf069bc713ccc97 (2.11.6) CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9 NOTE: https://github.com/FreeRDP/FreeRDP/commit/b70c8e989d2807cea47bbf89e57700b5a10b2ca7 (2.11.6) CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 (Fixed with initial upload to Debian unstable) - freerdp2 (bug #1069728) NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr NOTE: https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6) CVE-2024-32493 (An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0 ...) - znuny 6.5.8-1 [bookworm] - znuny (Non-free not supported) NOTE: https://www.znuny.org/en/advisories/zsa-2024-03 CVE-2024-32492 (An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket ...) - znuny (Only affects Znuny from 7.0.1 up to including 7.0.16) NOTE: https://www.znuny.org/en/advisories/zsa-2024-02 CVE-2024-32491 (An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 an ...) - znuny 6.5.8-1 [bookworm] - znuny (Non-free not supported) NOTE: https://www.znuny.org/en/advisories/zsa-2024-01 CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...) NOT-FOR-US: Tenda CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...) NOT-FOR-US: Byzoro Smart S80 Management Platform CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) NOT-FOR-US: BeyondTrust U-Series Appliance CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...) NOT-FOR-US: BeyondTrust U-Series Appliance CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote ...) NOT-FOR-US: CmSimple CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...) NOT-FOR-US: MacCMS CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) NOT-FOR-US: Mealie CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) NOT-FOR-US: Mealie CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) NOT-FOR-US: Mealie CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...) NOT-FOR-US: Mealie CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...) - pytorch (bug #1070379) [bookworm] - pytorch (Minor issue) [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...) NOT-FOR-US: autoexpress CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...) NOT-FOR-US: ARM mbed-os CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) NOT-FOR-US: WordPress plugin CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...) NOT-FOR-US: Unitronics CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...) - vsomeip (bug #997892) CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) NOT-FOR-US: WordPress plugin CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use of these ...) NOT-FOR-US: Electrolink transmitters CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication bypass v ...) NOT-FOR-US: Electrolink transmitters CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3684 (A server side request forgery vulnerability was identified in GitHub E ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, version ...) NOT-FOR-US: Teimas Global's Teixo CVE-2024-3646 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to Reflec ...) NOT-FOR-US: WordPress plugin CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in GitHu ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...) NOT-FOR-US: WordPress plugin CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application ...) NOT-FOR-US: @hono/node-server CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...) - rust-rustls (bug #1069677) [bookworm] - rust-rustls (Minor issue) NOTE: github.com: https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj NOTE: github.com: https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d (v/0.23.5) NOTE: github.com: https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e (v/0.23.5) NOTE: github.com: https://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e (v/0.23.5) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0336.html CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...) NOT-FOR-US: Evmos CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential helper. Prior ...) - git-credential-manager (bug #1002300) CVE-2024-32473 (Moby is an open source container framework that is a key component of ...) - docker.io (bug #1070378) [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9 NOTE: https://github.com/moby/moby/commit/841c4c8057bcf5317d6565875595a3f0c046e3fa CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary ...) NOT-FOR-US: SEMCMS CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...) NOT-FOR-US: WUZHICMS CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...) NOT-FOR-US: Webid CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...) NOT-FOR-US: Italtel Embrace CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...) NOT-FOR-US: Italtel Embrace CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote ...) NOT-FOR-US: f-logic datacube3 CVE-2024-31745 REJECTED CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/381 NOTE: https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5 CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...) NOT-FOR-US: SecuSTATION Camera CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...) NOT-FOR-US: CuteHttpFileServer CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Computer Laboratory Management System CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Computer Laboratory Management System CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...) NOT-FOR-US: Owncast CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) NOT-FOR-US: SEMCMS CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30928 (SQL Injection vulnerability in DerbyNet v9.0 and below allows attacker ...) NOT-FOR-US: DerbyNet CVE-2024-30927 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30926 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30925 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30924 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30923 (SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote ...) NOT-FOR-US: DerbyNet CVE-2024-30922 (SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker ...) NOT-FOR-US: DerbyNet CVE-2024-30921 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30920 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...) NOT-FOR-US: DerbyNet CVE-2024-30107 (HCL Connections contains a broken access control vulnerability that ma ...) NOT-FOR-US: HCL CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not properly esc ...) NOT-FOR-US: WordPress plugin CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an existing admin ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade SANnav v2. ...) NOT-FOR-US: Brocade SANnav CVE-2024-29968 (An information disclosure vulnerability exists in Brocade SANnav befor ...) NOT-FOR-US: Brocade SANnav CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was obse ...) NOT-FOR-US: Brocade SANnav CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded creden ...) NOT-FOR-US: Brocade SANnav CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back u ...) NOT-FOR-US: Brocade SANnav CVE-2024-29964 (Brocade SANnav versions before v2.3.0a do not correctly set permission ...) NOT-FOR-US: Brocade SANnav CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS k ...) NOT-FOR-US: Brocade SANnav CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file per ...) NOT-FOR-US: Brocade SANnav CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It a ...) NOT-FOR-US: Brocade SANnav CVE-2024-29960 (In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys insid ...) NOT-FOR-US: Brocade SANnav CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Bro ...) NOT-FOR-US: Brocade SANnav CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) NOT-FOR-US: Brocade SANnav CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured i ...) NOT-FOR-US: Brocade SANnav CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...) NOT-FOR-US: Ivanti CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...) NOT-FOR-US: OpenRASP CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) NOT-FOR-US: memos CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) NOT-FOR-US: memos CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...) NOT-FOR-US: memos CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...) NOT-FOR-US: Ivanti CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService component of Iva ...) NOT-FOR-US: Ivanti CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote ...) NOT-FOR-US: CSZ CMS CVE-2024-25000 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24999 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24998 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24997 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24996 (A Heap overflow vulnerability in WLInfoRailService component of Ivanti ...) NOT-FOR-US: Ivanti CVE-2024-24995 (A Race Condition (TOCTOU) vulnerability in web component of Ivanti Ava ...) NOT-FOR-US: Ivanti CVE-2024-24994 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24993 (A Race Condition (TOCTOU) vulnerability in web component of Ivanti Ava ...) NOT-FOR-US: Ivanti CVE-2024-24992 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-24991 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...) NOT-FOR-US: Ivanti CVE-2024-23535 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2024-23534 (An Unrestricted File-upload vulnerability in web component of Ivanti A ...) NOT-FOR-US: Ivanti CVE-2024-23533 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-23532 (An out-of-bounds Read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-23531 (An Integer Overflow vulnerability in WLInfoRailService component of Iv ...) NOT-FOR-US: Ivanti CVE-2024-23530 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-23529 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-23528 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-23526 (An out-of-bounds read vulnerability in WLAvalancheService component of ...) NOT-FOR-US: Ivanti CVE-2024-22186 (The application suffers from a privilege escalation vulnerability. An ...) NOT-FOR-US: Electrolink CVE-2024-22179 (The application is vulnerable to an unauthenticated parameter manipul ...) NOT-FOR-US: Electrolink CVE-2024-22061 (A Heap Overflow vulnerability in WLInfoRailService component of Ivanti ...) NOT-FOR-US: Ivanti CVE-2024-21872 (The device allows an unauthenticated attacker to bypass authentication ...) NOT-FOR-US: Electrolink CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmitter ...) NOT-FOR-US: Electrolink CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...) - python-flask-cors 4.0.1-1 (bug #1069764) NOTE: https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644 NOTE: https://github.com/corydolphin/flask-cors/issues/349 NOTE: Fixed by: https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630 (4.0.1) CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...) NOT-FOR-US: Electrolink CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://trac.ffmpeg.org/ticket/10758 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/68146f06f852078866b3ef1564556e3a272920c7 (n7.0) CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://trac.ffmpeg.org/ticket/10756 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906 (n7.0) CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/10753 NOTE: Fixed in https://github.com/ffmpeg/FFmpeg/commit/61e73851a33f0b4cb7662f8578a4695e77bd3c19 (n7.0) NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/45dc668aea0edac34969b5a1ff76cf9ad3a09be1 (n5.0) CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/10749 NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0) NOTE: Introduced in https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1) CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62 (n7.0) NOTE: https://trac.ffmpeg.org/ticket/10743 CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ...) - libde265 1.0.13-1 [bookworm] - libde265 (Minor issue) [bullseye] - libde265 (Minor issue) [buster] - libde265 (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/427 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/221e767136b8c46c748ae35b79ec9b976b3da301 (v1.0.13) CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://trac.ffmpeg.org/ticket/10738 NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/fb54c89a0df3d63198678b17d64aef4dbb599109 (n7.0) CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://trac.ffmpeg.org/ticket/10702 NOTE: https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a (n7.0) CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056 (n7.0) NOTE: https://trac.ffmpeg.org/ticket/10699 CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b (n7.0) NOTE: https://trac.ffmpeg.org/ticket/10701 CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47 (n7.0) NOTE: https://trac.ffmpeg.org/ticket/10700 CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a backdoor hard-c ...) NOT-FOR-US: DYMO LabelWriter Print Server CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://github.com/FFmpeg/FFmpeg/commit/737ede405b11a37fdd61d19cf25df296a0cb0b75 (n7.0) NOTE: https://trac.ffmpeg.org/ticket/10688 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a ...) - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in most related branch) NOTE: https://trac.ffmpeg.org/ticket/10686 CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery v2.0.0 al ...) NOT-FOR-US: hexo-theme-matery CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to esca ...) NOT-FOR-US: IBM CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) NOT-FOR-US: IBM CVE-2023-37396 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) NOT-FOR-US: IBM CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service System ...) NOT-FOR-US: SourceCodester Home Clean Service System CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social Comments. ...) NOT-FOR-US: WordPress plugin CVE-2024-32686 (Insertion of Sensitive Information into Log File vulnerability in Inis ...) NOT-FOR-US: WordPress plugin CVE-2024-32604 (Authorization Bypass Through User-Controlled Key vulnerability in Plec ...) NOT-FOR-US: WordPress plugin CVE-2024-32603 (Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy ...) NOT-FOR-US: WordPress plugin CVE-2024-32602 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32601 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...) NOT-FOR-US: WordPress plugin CVE-2024-32600 (Deserialization of Untrusted Data vulnerability in Averta Master Slide ...) NOT-FOR-US: WordPress plugin CVE-2024-32599 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-32598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32595 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32587 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32586 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32585 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32584 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32583 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32572 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32571 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32569 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32568 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32567 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32565 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32560 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32551 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32477 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) NOT-FOR-US: Deno CVE-2024-32475 (Envoy is a cloud-native, open source edge and service proxy. When an u ...) - envoyproxy (bug #987544) CVE-2024-32474 (Sentry is an error tracking and performance monitoring platform. Prior ...) NOT-FOR-US: Sentry CVE-2024-32470 (Tolgee is an open-source localization platform. When API key created b ...) NOT-FOR-US: Tolgee CVE-2024-32466 (Tolgee is an open-source localization platform. For the `/v2/projects/ ...) NOT-FOR-US: Tolgee CVE-2024-32462 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-5666-1} - flatpak 1.14.6-1 [buster] - flatpak (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/5 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj NOTE: Fixed by: https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931 (1.15.8) NOTE: Fixed by: https://github.com/flatpak/flatpak/commit/b7c1a558e58aaeb1d007d29529bbb270dc4ff11e (1.14.6) NOTE: Fixed by: https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97 (1.12.9) NOTE: Fixed by: https://github.com/flatpak/flatpak/commit/72016e3fce8fcbeab707daf4f1a02b931fcc004d (1.10.9) CVE-2024-32335 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scri ...) NOT-FOR-US: TOTOLINK CVE-2024-32334 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scri ...) NOT-FOR-US: TOTOLINK CVE-2024-32333 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scri ...) NOT-FOR-US: TOTOLINK CVE-2024-32332 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scri ...) NOT-FOR-US: TOTOLINK CVE-2024-32327 (TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scri ...) NOT-FOR-US: TOTOLINK CVE-2024-32326 (TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting ...) NOT-FOR-US: TOTOLINK CVE-2024-32325 (TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting ...) NOT-FOR-US: TOTOLINK CVE-2024-32142 (Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBak ...) NOT-FOR-US: WordPress plugin CVE-2024-32126 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31229 (Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-30564 (An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1. ...) NOT-FOR-US: nora-firebase-common CVE-2024-30257 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-2833 (The Jobs for WordPress plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2024-2796 (A server-side request forgery (SSRF) was discovered in the Akana Commu ...) NOT-FOR-US: Akana Community Manager Developer Portal CVE-2024-29987 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29986 (Microsoft Edge for Android (Chromium-based) Information Disclosure Vul ...) NOT-FOR-US: Microsoft CVE-2024-29021 (Judge0 is an open-source online code execution system. The default con ...) NOT-FOR-US: Judge0 CVE-2024-29003 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...) NOT-FOR-US: SolarWinds CVE-2024-29001 (A SolarWinds Platform SWQL Injection Vulnerability was identified in t ...) NOT-FOR-US: SolarWinds CVE-2024-28189 (Judge0 is an open-source online code execution system. The application ...) NOT-FOR-US: Judge0 CVE-2024-28185 (Judge0 is an open-source online code execution system. The application ...) NOT-FOR-US: Judge0 CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open Redirectio ...) NOT-FOR-US: SolarWinds CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp (bug #1070665) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g NOTE: https://github.com/aio-libs/aiohttp/pull/8319 NOTE: https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397 (v3.9.4) CVE-2024-24910 (A local attacker can escalate privileges on affected Check Point ZoneA ...) NOT-FOR-US: Check Point CVE-2024-23557 (HCL Connections contains a user enumeration vulnerability. Certain act ...) NOT-FOR-US: HCL CVE-2024-20380 (A vulnerability in the HTML parser of ClamAV could allow an unauthenti ...) - clamav (Only affects 1.3.0) NOTE: https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html CVE-2023-6897 (The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure ...) NOT-FOR-US: WordPress plugin CVE-2023-6892 (The EAN for WooCommerce plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2023-50885 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2023-49768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49742 (Missing Authorization vulnerability in Support Genix.This issue affect ...) NOT-FOR-US: WordPress plugin CVE-2023-47843 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group Pe ...) NOT-FOR-US: WordPress plugin CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is not co ...) - sssd (bug #1070369) [bookworm] - sssd (Minor issue) [bullseye] - sssd (Minor issue) [buster] - sssd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223762 NOTE: https://github.com/SSSD/sssd/pull/7302 NOTE: https://github.com/SSSD/sssd/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a (master) NOTE: https://github.com/SSSD/sssd/commit/e1bfbc2493c4194988acc3b2413df3dde0735ae3 (sssd-2-9 branch) NOTE: https://github.com/SSSD/sssd/commit/f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726 (sssd-2-8-branch) CVE-2023-3675 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Secomea GateManager CVE-2024-XXXX [tryton zipbomb DoS] - tryton-server 6.0.45-1 [bookworm] - tryton-server (Minor issue) [bullseye] - tryton-server (Minor issue) NOTE: https://discuss.tryton.org/t/security-release-for-issue-13142/7196 NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/13142 CVE-2024-26921 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/18685451fc4e546fc0e718580d32df3c0e5c8272 (6.9-rc2) CVE-2024-3177 (A security issue was discovered in Kubernetes where users may be able ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) NOT-FOR-US: Totara LMS CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) NOT-FOR-US: Totara LMS CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It ...) NOT-FOR-US: Dromara open-capacity-platform CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...) NOT-FOR-US: excalidraw CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) NOT-FOR-US: CMSimple CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) NOT-FOR-US: CMSimple CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) NOT-FOR-US: Boid CMS CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) NOT-FOR-US: Boid CMS CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...) NOT-FOR-US: WonderCMS CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...) NOT-FOR-US: WonderCMS CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) NOT-FOR-US: WonderCMS CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows ...) - airflow (bug #819700) CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not properly esca ...) NOT-FOR-US: WordPress plugin CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) NOT-FOR-US: Brocade CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) NOT-FOR-US: Brocade CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) NOT-FOR-US: Brocade CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) NOT-FOR-US: WordPress plugin CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) NOT-FOR-US: WordPress plugin CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit ...) NOT-FOR-US: Octopus Deploy CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono (bug #1070371) [bookworm] - ofono (Minor issue) [bullseye] - ofono (Minor issue) [buster] - ofono (Minor issue, follow bullseye) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402 CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono (bug #1070371) [bookworm] - ofono (Minor issue) [bullseye] - ofono (Minor issue) [buster] - ofono (Minor issue, follow bullseye) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399 CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono (bug #1070371) [bookworm] - ofono (Minor issue) [bullseye] - ofono (Minor issue) [buster] - ofono (Minor issue, follow bullseye) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396 CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono (bug #1070371) [bookworm] - ofono (Minor issue) [bullseye] - ofono (Minor issue) [buster] - ofono (Minor issue, follow bullseye) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255394 CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3910 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-3909 (A vulnerability classified as critical was found in Tenda AC500 2.0.1. ...) NOT-FOR-US: Tenda CVE-2024-3908 (A vulnerability classified as critical has been found in Tenda AC500 2 ...) NOT-FOR-US: Tenda CVE-2024-3907 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been ra ...) NOT-FOR-US: Tenda CVE-2024-3906 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been de ...) NOT-FOR-US: Tenda CVE-2024-3905 (A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been cl ...) NOT-FOR-US: Tenda CVE-2024-3900 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long ...) NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago) CVE-2024-3825 (Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw ...) NOT-FOR-US: Jenkins plugin CVE-2024-3817 (HashiCorp\u2019s go-getter library is vulnerable to argument injection ...) - golang-github-hashicorp-go-getter NOTE: https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 CVE-2024-3333 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3323 (Cross Site Scripting in UI Request/Response Validation in TIBCO Ja ...) NOT-FOR-US: TIBCO JasperReports Server CVE-2024-32550 (Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Cal ...) NOT-FOR-US: WordPress plugin CVE-2024-32549 (Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Po ...) NOT-FOR-US: WordPress plugin CVE-2024-32548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32538 (Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Eas ...) NOT-FOR-US: WordPress plugin CVE-2024-32536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32531 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32529 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32528 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32510 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32463 (phlex is an open source framework for building object-oriented views i ...) NOT-FOR-US: phlex framework CVE-2024-32457 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32456 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32320 (Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32318 (Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32317 (Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack ove ...) NOT-FOR-US: Tenda CVE-2024-32316 (Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32315 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) NOT-FOR-US: Tenda CVE-2024-32314 (Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulne ...) NOT-FOR-US: Tenda CVE-2024-32313 (Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32312 (Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability locat ...) NOT-FOR-US: Tenda CVE-2024-32311 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via ...) NOT-FOR-US: Tenda CVE-2024-32310 (Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability locat ...) NOT-FOR-US: Tenda CVE-2024-32307 (Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32306 (Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerabil ...) NOT-FOR-US: Tenda CVE-2024-32305 (Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability loc ...) NOT-FOR-US: Tenda CVE-2024-32303 (Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware ha ...) NOT-FOR-US: Tenda CVE-2024-32302 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) NOT-FOR-US: Tenda CVE-2024-32301 (Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2024-32299 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via ...) NOT-FOR-US: Tenda CVE-2024-32293 (Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32292 (Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection v ...) NOT-FOR-US: Tenda CVE-2024-32291 (Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32290 (Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32288 (Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32287 (Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32286 (Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32285 (Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerabi ...) NOT-FOR-US: Tenda CVE-2024-32283 (Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility ...) NOT-FOR-US: Tenda CVE-2024-32282 (Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vuln ...) NOT-FOR-US: Tenda CVE-2024-32281 (Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulne ...) NOT-FOR-US: Tenda CVE-2024-32163 (CMSeasy 7.7.7.9 is vulnerable to code execution.) NOT-FOR-US: CMSeasy CVE-2024-32162 (CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.) NOT-FOR-US: CMSeasy CVE-2024-32161 (jizhiCMS 2.5 suffers from a File upload vulnerability.) NOT-FOR-US: jizhiCMS CVE-2024-32130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Er ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 (n7.0) NOTE: Introduced by https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1) CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...) - pytorch (bug #1070379) [bookworm] - pytorch (Minor issue) [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2 CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in 4.1.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2 (n7.0) CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper validation o ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in 4.3.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196 (n7.0) CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...) - pytorch (bug #1070379) [bookworm] - pytorch (Minor issue) [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81 CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free ...) [experimental] - ffmpeg 7:7.0-1 - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Pick up when fixed in 4.3.x) [buster] - ffmpeg (Pick up when fixed in 4.3.x) NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7 (n7.0) CVE-2024-31463 (Ironic-image is an OpenStack Ironic deployment packaged and configured ...) NOT-FOR-US: ironic-image container image CVE-2024-31041 (Null Pointer Dereference vulnerability in topic_filtern function in mq ...) NOT-FOR-US: NanoMQ CVE-2024-31040 (Buffer Overflow vulnerability in the get_var_integer function in mqtt_ ...) NOT-FOR-US: NanoMQ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause un ...) - libcoap (Vulnerable code not present) - libcoap2 (Vulnerable code not present) - libcoap3 (bug #1070362) [bookworm] - libcoap3 (Minor issue) NOTE: https://github.com/obgm/libcoap/issues/1351 NOTE: https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928 (develop) NOTE: Introduced by: https://github.com/obgm/libcoap/commit/7033555d2978b8d4d5e16d43cfbfe1b1781c418f (v4.3.0-rc1) NOTE: Introduced by: https://github.com/obgm/libcoap/commit/47a83549a80dad9a83f84cdfaba54c54defb5444 (v4.3.2-rc1) CVE-2024-30990 (SQL Injection vulnerability in the "Invoices" page in phpgurukul Clien ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30989 (Cross Site Scripting vulnerability in /edit-client-details.php of phpg ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30988 (Cross Site Scripting vulnerability in /search-invoices.php of phpguruk ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30987 (Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgu ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30986 (Cross Site Scripting vulnerability in /edit-services-details.php of ph ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30985 (SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul ...) NOT-FOR-US: phpgurukul Client Management System CVE-2024-30983 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30982 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30981 (SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul ...) NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30980 (SQL Injection vulnerability in phpgurukul Cyber Cafe Management System ...) NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30979 (Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 ...) NOT-FOR-US: phpgurukul Cyber Cafe Management System CVE-2024-30953 (A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allo ...) NOT-FOR-US: Htmly CVE-2024-30952 (A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3. ...) NOT-FOR-US: PESCMS-TEAM CVE-2024-30951 (FUDforum v3.1.3 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: FUDforum CVE-2024-30950 (A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 a ...) NOT-FOR-US: FUDforum CVE-2024-30253 (@solana/web3.js is the Solana JavaScript SDK. Using particular inputs ...) NOT-FOR-US: @solana/web3.js CVE-2024-2419 (A flaw was found in Keycloak's redirect_uri validation logic. This iss ...) NOT-FOR-US: Keycloak CVE-2024-29951 (Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in intern ...) NOT-FOR-US: Brocade CVE-2024-29950 (The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2 ...) NOT-FOR-US: Brocade CVE-2024-29035 (Umbraco is an ASP.NET CMS. Failing webhooks logs are available when so ...) NOT-FOR-US: Umbraco CVE-2024-28073 (SolarWinds Serv-U was found to be susceptible to a Directory Traversal ...) NOT-FOR-US: SolarWinds CVE-2024-24856 (The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee ...) TODO: check CVE-2024-21990 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) NOT-FOR-US: ONTAP / NetAPP CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) NOT-FOR-US: ONTAP / NetAPP CVE-2024-1350 (Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP ...) NOT-FOR-US: WordPress plugin CVE-2024-1249 (A flaw was found in Keycloak's OIDC component in the "checkLoginIframe ...) NOT-FOR-US: Keycloak CVE-2024-1132 (A flaw was found in Keycloak, where it does not properly validate URLs ...) NOT-FOR-US: Keycloak CVE-2024-0257 (RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while proc ...) NOT-FOR-US: RoboDK CVE-2023-6805 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2023-5407 (Controller denial of service due to improper handling of a specially c ...) NOT-FOR-US: Honeywell CVE-2023-5406 (Server communication with a controller can lead to remote code executi ...) NOT-FOR-US: Honeywell CVE-2023-5405 (Server information leak for the CDA Server process memory can occur wh ...) NOT-FOR-US: Honeywell CVE-2023-5404 (Server receiving a malformed message can cause a pointer to be overwri ...) NOT-FOR-US: Honeywell CVE-2023-5403 (Server hostname translation to IP address manipulation which could lea ...) NOT-FOR-US: Honeywell CVE-2023-5401 (Server receiving a malformed message based on a using the specified ke ...) NOT-FOR-US: Honeywell CVE-2023-5400 (Server receiving a malformed message based on a using the specified ke ...) NOT-FOR-US: Honeywell CVE-2023-5398 (Server receiving a malformed message based on a list of IPs resulting ...) NOT-FOR-US: Honeywell CVE-2023-5397 (Server receiving a malformed message to create a new connection could ...) NOT-FOR-US: Honeywell CVE-2023-5396 (Server receiving a malformed message creates connection for a hostname ...) NOT-FOR-US: Honeywell CVE-2023-5395 (Server receiving a malformed message that uses the hostname in an inte ...) NOT-FOR-US: Honeywell CVE-2023-51500 (Missing Authorization vulnerability in Undsgn Uncode Core.This issue a ...) NOT-FOR-US: Undsgn Uncode Core CVE-2023-51418 (Missing Authorization vulnerability in Joris van Montfort JVM rich tex ...) NOT-FOR-US: Joris van Montfort JVM rich text icons CVE-2023-46060 (A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remo ...) NOT-FOR-US: Tenda CVE-2023-45744 (A data integrity vulnerability exists in the web interface /cgi-bin/up ...) NOT-FOR-US: Peplink Smart Reader CVE-2023-45209 (An information disclosure vulnerability exists in the web interface /c ...) NOT-FOR-US: Peplink Smart Reader CVE-2023-44227 (Missing Authorization vulnerability in Mitchell Bennis Simple File Lis ...) NOT-FOR-US: WordPress plugin CVE-2023-43491 (An information disclosure vulnerability exists in the web interface /c ...) NOT-FOR-US: Peplink Smart Reader CVE-2023-40146 (A privilege escalation vulnerability exists in the /bin/login function ...) NOT-FOR-US: Peplink Smart Reader CVE-2023-39367 (An OS command injection vulnerability exists in the web interface mac2 ...) NOT-FOR-US: Peplink Smart Reader CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive Ninja Forms ...) NOT-FOR-US: WordPress plugin CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and older may ...) {DSA-5673-1 DLA-3807-1} - glibc 2.37-18 (bug #1069191) NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9 NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4 NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 NOTE: Introduced by: https://sourceware.org/git?p=glibc.git;a=commit;h=755104edc75c53f4a0e7440334e944ad3c6b32fc (cvs/libc-2_1_94) NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=f9dc609e06b1136bb0408be9605ce7973a767ada CVE-2024-26920 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/0958b33ef5a04ed91f61cef4760ac412080c4e08 (6.8-rc3) CVE-2024-26919 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3caf2b2ad7334ef35f55b95f3e1b138c6f77b368 (6.8-rc3) CVE-2024-26918 (In the Linux kernel, the following vulnerability has been resolved: P ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/41044d5360685e78a869d40a168491a70cdb7e73 (6.8-rc5) CVE-2024-26917 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/977fe773dcc7098d8eaf4ee6382cb51e13e784cb (6.8-rc5) CVE-2024-26916 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/916361685319098f696b798ef1560f69ed96e934 (6.8-rc5) CVE-2024-26915 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/7330256268664ea0a7dd5b07a3fed363093477dd (6.8-rc3) CVE-2024-26914 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/39079fe8e660851abbafa90cd55cbf029210661f (6.8-rc3) CVE-2024-26913 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/faf51b201bc42adf500945732abb6220c707d6f3 (6.8-rc3) CVE-2024-26912 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/042b5f83841fbf7ce39474412db3b5e4765a7ea7 (6.8-rc4) CVE-2024-26911 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8746c6c9dfa31d269c65dd52ab42fde0720b7d91 (6.8-rc5) CVE-2024-26910 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/97f7cf1cd80eeed3b7c808b7c12463295c751001 (6.8-rc3) CVE-2024-26909 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b979f2d50a099f3402418d7ff5f26c3952fb08bb (6.8-rc7) CVE-2024-26908 REJECTED CVE-2024-26907 (In the Linux kernel, the following vulnerability has been resolved: R ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/4d5e86a56615cc387d21c629f9af8fb0e958d350 (6.8-rc6) CVE-2024-26906 (In the Linux kernel, the following vulnerability has been resolved: x ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 (6.8-rc6) CVE-2024-26905 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/e06cc89475eddc1f3a7a4d471524256152c68166 (6.8-rc7) CVE-2024-26904 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/c7bb26b847e5b97814f522686068c5628e2b3646 (6.8-rc7) CVE-2024-26903 (In the Linux kernel, the following vulnerability has been resolved: B ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/2535b848fa0f42ddff3e5255cf5e742c9b77bb26 (6.8-rc7) CVE-2024-26902 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/34b567868777e9fd39ec5333969728a7f0cf179c (6.8-rc7) CVE-2024-26901 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/3948abaa4e2be938ccdfc289385a27342fb13d43 (6.9-rc1) CVE-2024-26900 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6cf350658736681b9d6b0b6e58c5c76b235bb4c4 (6.9-rc1) CVE-2024-26899 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/03f12122b20b6e6028e9ed69030a49f9cffcbb75 (6.9-rc1) CVE-2024-26898 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/f98364e926626c678fb4b9004b75cacf92ff0662 (6.9-rc1) CVE-2024-26897 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/24355fcb0d4cbcb6ddda262596558e8cfba70f11 (6.9-rc1) CVE-2024-26896 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b8cfb7c819dd39965136a66fe3a7fde688d976fc (6.9-rc1) CVE-2024-26895 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cb5942b77c05d54310a0420cac12935e9b6aa21c (6.9-rc1) CVE-2024-26894 (In the Linux kernel, the following vulnerability has been resolved: A ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/e18afcb7b2a12b635ac10081f943fcf84ddacc51 (6.9-rc1) CVE-2024-26893 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f1d71576d2c9ec8fdb822173fa7f3de79475e9bd (6.9-rc1) CVE-2024-26892 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c957280ef6ab6bdf559a91ae693a6b34310697e3 (6.9-rc1) CVE-2024-26891 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4fc82cd907ac075648789cc3a00877778aa1838b (6.9-rc1) CVE-2024-26890 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/de4e88ec58c4202efd1f02eebb4939bbf6945358 (6.9-rc1) CVE-2024-26889 (In the Linux kernel, the following vulnerability has been resolved: B ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/81137162bfaa7278785b24c1fd2e9e74f082e8e4 (6.9-rc1) CVE-2024-26888 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a6e06258f4c31eba0fcd503e19828b5f8fe7b08b (6.9-rc1) CVE-2024-26887 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/79f4127a502c5905f04da1f20a7bbe07103fb77c (6.9-rc1) CVE-2024-26886 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f7b94bdc1ec107c92262716b073b3e816d4784fb (6.9-rc1) CVE-2024-26885 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/281d464a34f540de166cee74b723e97ac2515ec3 (6.9-rc1) CVE-2024-26884 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/6787d916c2cf9850c97a0a3f73e08c43e7d973b1 (6.9-rc1) CVE-2024-26883 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/7a4b21250bf79eef26543d35bd390448646c536b (6.9-rc1) CVE-2024-26882 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/b0ec2abf98267f14d032102551581c833b0659d3 (6.9-rc1) CVE-2024-26881 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0fbcf2366ba9888cf02eda23e35fde7f7fcc07c3 (6.9-rc1) CVE-2024-26880 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/65e8fbde64520001abf1c8d0e573561b4746ef38 (6.9-rc1) CVE-2024-26879 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba535bce57e71463a86f8b33a0ea88c26e3a6418 (6.9-rc1) CVE-2024-26878 (In the Linux kernel, the following vulnerability has been resolved: q ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/d0aa72604fbd80c8aabb46eda00535ed35570f1f (6.9-rc1) CVE-2024-26877 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a853450bf4c752e664abab0b2fad395b7ad7701c (6.9-rc1) CVE-2024-26876 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/aeedaee5ef5468caf59e2bb1265c2116e0c9a924 (6.9-rc1) CVE-2024-26875 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/0a0b79ea55de8514e1750884e5fec77f9fdd01ee (6.9-rc1) CVE-2024-26874 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/c958e86e9cc1b48cac004a6e245154dfba8e163b (6.9-rc1) CVE-2024-26873 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3c4f53b2c341ec6428b98cb51a89a09b025d0953 (6.9-rc1) CVE-2024-26872 (In the Linux kernel, the following vulnerability has been resolved: R ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/c21a8870c98611e8f892511825c9607f1e2cd456 (6.9-rc1) CVE-2024-26871 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c2034ef6192a65a986a45c2aa2ed05824fdc0e9f (6.9-rc1) CVE-2024-26870 (In the Linux kernel, the following vulnerability has been resolved: N ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/251a658bbfceafb4d58c76b77682c8bf7bcfad65 (6.9-rc1) CVE-2024-26869 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65 (6.9-rc1) CVE-2024-26868 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/719fcafe07c12646691bd62d7f8d94d657fa0766 (6.9-rc1) CVE-2024-26867 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cfa9ba1ae0bef0681833a22d326174fe633caab5 (6.8) CVE-2024-26866 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/2ae0ab0143fcc06190713ed81a6486ed0ad3c861 (6.9-rc1) CVE-2024-26865 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/2a750d6a5b365265dbda33330a6188547ddb5c24 (6.9-rc1) CVE-2024-26864 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04d9d1fc428ac9f581d55118d67e0cb546701feb (6.9-rc1) CVE-2024-26863 (In the Linux kernel, the following vulnerability has been resolved: h ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/ddbec99f58571301679addbc022256970ca3eac6 (6.9-rc1) CVE-2024-26862 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 (6.9-rc1) CVE-2024-26861 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 (6.9-rc1) CVE-2024-26860 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/55e565c42dce81a4e49c13262d5bc4eb4c2e588a (6.9-rc1) CVE-2024-26859 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/d27e2da94a42655861ca4baea30c8cd65546f25d (6.9-rc1) CVE-2024-26858 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7cf07586c40f926063d4d09f7de28ff82f62b2a (6.8) CVE-2024-26857 (In the Linux kernel, the following vulnerability has been resolved: g ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/1ca1ba465e55b9460e4e75dec9fff31e708fec74 (6.8) CVE-2024-26856 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/89d72d4125e94aa3c2140fedd97ce07ba9e37674 (6.8) CVE-2024-26855 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/06e456a05d669ca30b224b8ed962421770c1496c (6.8) CVE-2024-26854 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9224fc86f1776193650a33a275cac628952f80a9 (6.8) CVE-2024-26853 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ef27f655b438bed4c83680e4f01e1cde2739854b (6.8) CVE-2024-26852 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/685f7d531264599b3f167f1e94bbd22f120e5fab (6.8) CVE-2024-26851 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/767146637efc528b5e3d31297df115e85a2fd362 (6.8) CVE-2024-26850 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/720da1e593b85a550593b415bf1d79a053133451 (6.8-rc7) CVE-2024-26849 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9a0d18853c280f6a0ee99f91619f2442a17a323a (6.8-rc7) CVE-2024-26848 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5f7a07646655fb4108da527565dcdc80124b14c4 (6.8-rc7) CVE-2024-26847 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fad87dbd48156ab940538f052f1820f4b6ed2819 (6.8-rc7) CVE-2024-26846 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/70fbfc47a392b98e5f8dba70c6efc6839205c982 (6.8-rc3) CVE-2024-26845 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/83ab68168a3d990d5ff39ab030ad5754cbbccb25 (6.8-rc1) CVE-2024-26844 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6 (6.8-rc2) CVE-2024-26843 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/de1034b38a346ef6be25fe8792f5d1e0684d5ff4 (6.8-rc4) CVE-2024-26842 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/b513d30d59bb383a6a5d6b533afcab2cee99a8f8 (6.8-rc4) CVE-2024-26841 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/752cd08da320a667a833803a8fd6bb266114cce5 (6.8-rc6) CVE-2024-26840 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e21a2f17566cbd64926fb8f16323972f7a064444 (6.8-rc6) CVE-2024-26839 (In the Linux kernel, the following vulnerability has been resolved: I ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/809aa64ebff51eb170ee31a95f83b2d21efa32e2 (6.8-rc6) CVE-2024-26838 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bd97cea7b18a0a553773af806dfbfac27a7c4acb (6.8-rc6) CVE-2024-26837 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dc489f86257cab5056e747344f17a164f63bff4b (6.8-rc6) CVE-2024-26836 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6f7d0f5fd8e440c3446560100ac4ff9a55eec340 (6.8-rc6) CVE-2024-26835 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bccebf64701735533c8db37773eeacc6566cc8ec (6.8-rc6) CVE-2024-26834 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8762785f459be1cfe6fcf7285c123aad6a3703f0 (6.8-rc6) CVE-2024-26833 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bae67893578d608e35691dcdfa90c4957debf1d3 (6.8-rc6) CVE-2024-26832 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e3b63e966cac0bf78aaa1efede1827a252815a1d (6.8-rc6) CVE-2024-26831 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4e1d71cabb19ec2586827adfc60d68689c68c194 (6.8-rc5) CVE-2024-26830 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/73d9629e1c8c1982f13688c4d1019c3994647ccc (6.8-rc5) CVE-2024-26829 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dc9ceb90c4b42c6e5c6757df1d6257110433788e (6.8-rc5) CVE-2024-26828 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/cffe487026be13eaf37ea28b783d9638ab147204 (6.8-rc5) CVE-2024-26827 REJECTED CVE-2024-26826 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b6c620dc43ccb4e802894e54b651cf81495e9598 (6.8-rc3) CVE-2024-26825 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c (6.8-rc3) CVE-2024-26824 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/24c890dd712f6345e382256cae8c97abb0406b70 (6.8-rc4) CVE-2024-26823 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8b02da04ad978827e5ccd675acf170198f747a7a (6.8-rc5) CVE-2024-26822 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4508ec17357094e2075f334948393ddedbb75157 (6.8-rc5) CVE-2024-26821 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/46f5ab762d048dad224436978315cbc2fa79c630 (6.8-rc5) CVE-2024-26820 (In the Linux kernel, the following vulnerability has been resolved: h ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 (6.8-rc4) CVE-2024-26819 REJECTED CVE-2024-26818 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30369084ac6e27479a347899e74f523e6ca29b89 (6.8-rc5) CVE-2023-52645 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c41336f4d69057cbf88fed47951379b384540df5 (6.8-rc4) CVE-2023-52644 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/9636951e4468f02c72cc75a82dc65d003077edbc (6.9-rc1) CVE-2023-52643 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/95a0d596bbd0552a78e13ced43f2be1038883c81 (6.8-rc5) CVE-2023-52642 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/6a9d552483d50953320b9d3b57abdee8d436f23f (6.8-rc5) CVE-2024-3882 (A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been cla ...) NOT-FOR-US: Tenda CVE-2024-3881 (A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified a ...) NOT-FOR-US: Tenda CVE-2024-3880 (A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classif ...) NOT-FOR-US: Tenda CVE-2024-3879 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-3878 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-3877 (A vulnerability classified as critical was found in Tenda F1202 1.2.0. ...) NOT-FOR-US: Tenda CVE-2024-3876 (A vulnerability classified as critical has been found in Tenda F1202 1 ...) NOT-FOR-US: Tenda CVE-2024-3875 (A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been ra ...) NOT-FOR-US: Tenda CVE-2024-3874 (A vulnerability was found in Tenda W20E 15.11.0.6. It has been declare ...) NOT-FOR-US: Tenda CVE-2024-3873 (A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has bee ...) NOT-FOR-US: SMI-EX-5414W CVE-2024-3872 (Mattermost Mobile app versions 2.13.0 and earlier use a regular expres ...) NOT-FOR-US: Mattermost Mobile app CVE-2024-3871 (The Delta Electronics DVW-W02W2-E2 devices expose a web administration ...) NOT-FOR-US: Delta Electronics CVE-2024-3869 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable to R ...) NOT-FOR-US: WordPress theme CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...) - tensorflow (bug #804612) CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...) - check-mk CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...) NOT-FOR-US: ASR Falcon CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...) NOT-FOR-US: ASR Falcon CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...) NOT-FOR-US: ASR Falcon CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...) NOT-FOR-US: ASR Falcon CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...) NOT-FOR-US: ASR Falcon CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...) NOT-FOR-US: WordPress plugin CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...) NOT-FOR-US: WordPress plugin CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...) NOT-FOR-US: WordPress plugin CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...) NOT-FOR-US: WordPress plugin CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...) NOT-FOR-US: WordPress plugin CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...) NOT-FOR-US: WordPress plugin CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...) NOT-FOR-US: WordPress plugin CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...) NOT-FOR-US: WordPress plugin CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...) NOT-FOR-US: WordPress plugin CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...) NOT-FOR-US: WordPress plugin CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...) NOT-FOR-US: WordPress plugin CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...) NOT-FOR-US: WordPress plugin CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...) NOT-FOR-US: WordPress plugin CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...) NOT-FOR-US: Phpgurukul Tourism Management System CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...) NOT-FOR-US: Kohya_ss CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) NOT-FOR-US: Kohya_ss CVE-2024-32025 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) NOT-FOR-US: Kohya_ss CVE-2024-32024 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) NOT-FOR-US: Kohya_ss CVE-2024-32023 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...) NOT-FOR-US: Kohya_ss CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is ...) NOT-FOR-US: Kohya_ss CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...) NOT-FOR-US: IBM CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...) NOT-FOR-US: flipped-aurora gin-vue-admin CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...) NOT-FOR-US: PublicCMS CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...) NOT-FOR-US: Shibang Communications Co., Ltd. IP network intercom broadcasting system CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...) - dolibarr CVE-2024-31452 (OpenFGA is a high-performance and flexible authorization/permission en ...) NOT-FOR-US: OpenFGA CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable ...) NOT-FOR-US: DocsGPT CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable computers and ...) NOT-FOR-US: OpenComputers Minecraft mod CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...) NOT-FOR-US: Juniper CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...) NOT-FOR-US: Open WebUI CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...) NOT-FOR-US: WordPress plugin CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...) NOT-FOR-US: cskefu CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...) NOT-FOR-US: Disputed Laravel issue CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...) NOT-FOR-US: microsoft-authentication-library-for-dotnet CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...) NOT-FOR-US: HPE CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) NOT-FOR-US: IBM CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...) NOT-FOR-US: IBM CVE-2024-21676 REJECTED CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2024-21119 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2024-21118 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2024-21117 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2024-21116 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21115 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21114 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21113 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21110 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21109 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21108 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21107 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21106 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21105 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2024-21104 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.16-dfsg-1 CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-21098 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) NOT-FOR-US: Oracle CVE-2024-21097 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2024-21096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21095 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2024-21094 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5672-1 DSA-5671-1 DLA-3793-1} - openjdk-8 8u412-ga-1 (bug #1069678) - openjdk-11 11.0.23+9-1 - openjdk-17 17.0.11+9-1 - openjdk-21 21.0.3+9-1 NOTE: https://bugs.openjdk.org/browse/JDK-8317507 CVE-2024-21093 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2024-21092 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) NOT-FOR-US: Oracle CVE-2024-21091 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) NOT-FOR-US: Oracle CVE-2024-21090 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-python CVE-2024-21089 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...) NOT-FOR-US: Oracle CVE-2024-21088 (Vulnerability in the Oracle Production Scheduling product of Oracle E- ...) NOT-FOR-US: Oracle CVE-2024-21087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21086 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-21085 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5671-1 DLA-3793-1} - openjdk-8 8u412-ga-1 (bug #1069678) - openjdk-11 11.0.23+9-1 CVE-2024-21084 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-21083 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-21082 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-21081 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2024-21080 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2024-21079 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2024-21078 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2024-21077 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2024-21076 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2024-21075 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2024-21074 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2024-21073 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2024-21072 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-21071 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2024-21070 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2024-21069 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21068 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5672-1 DSA-5671-1 DLA-3793-1} - openjdk-8 8u412-ga-1 (bug #1069678) - openjdk-11 11.0.23+9-1 - openjdk-17 17.0.11+9-1 - openjdk-21 21.0.3+9-1 CVE-2024-21067 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...) NOT-FOR-US: Oracle CVE-2024-21066 (Vulnerability in the RDBMS component of Oracle Database Server. Suppo ...) NOT-FOR-US: Oracle CVE-2024-21065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2024-21064 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-21063 (Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration ...) NOT-FOR-US: Oracle CVE-2024-21062 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 CVE-2024-21060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21059 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2024-21058 (Vulnerability in the Unified Audit component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2024-21057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 CVE-2024-21056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 CVE-2024-21054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21052 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21051 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21050 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21049 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21048 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2024-21047 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21046 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21045 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21044 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21043 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21042 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21041 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21040 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21039 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21038 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21037 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21036 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21035 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21034 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21033 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21032 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21031 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21030 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21029 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21028 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21027 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21026 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21025 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21024 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21023 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21022 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21021 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21020 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21019 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21018 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21017 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21016 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-21015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-21014 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2024-21013 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21012 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5672-1 DSA-5671-1 DLA-3793-1} - openjdk-11 11.0.23+9-1 - openjdk-17 17.0.11+9-1 - openjdk-21 21.0.3+9-1 CVE-2024-21011 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5672-1 DSA-5671-1 DLA-3793-1} - openjdk-8 8u412-ga-1 (bug #1069678) - openjdk-11 11.0.23+9-1 - openjdk-17 17.0.11+9-1 - openjdk-21 21.0.3+9-1 CVE-2024-21010 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2024-21009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-21007 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-21006 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-21005 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-21004 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-21003 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-21002 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-21001 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-21000 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-20999 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2024-20998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-20997 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2024-20995 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) NOT-FOR-US: Oracle CVE-2024-20994 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.37-1 (bug #1069189) CVE-2024-20993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 CVE-2024-20992 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2024-20991 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2024-20990 (Vulnerability in the Oracle Applications Technology product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-20989 (Vulnerability in the Oracle Hospitality Simphony product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2024-20954 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) NOT-FOR-US: Oracle CVE-2024-1357 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1219 (The Easy Social Feed WordPress plugin before 6.5.6 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...) NOT-FOR-US: Micrium OS Network HTTP Server CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...) NOT-FOR-US: Accredible Credential.net API CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...) NOT-FOR-US: LiteSpeed Technologies CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: LiteSpeed Technologies CVE-2024-XXXX [gix-transport indirect code execution via malicious username] - rust-gix-transport 0.42.0-1 NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0335.html CVE-2024-27980 - nodejs (Only affects Windows) CVE-2024-3847 (Insufficient policy enforcement in WebUI in Google Chrome prior to 124 ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3846 (Inappropriate implementation in Prompts in Google Chrome prior to 124. ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3845 (Inappropriate implementation in Networks in Google Chrome prior to 124 ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3844 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3843 (Insufficient data validation in Downloads in Google Chrome prior to 12 ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3841 (Insufficient data validation in Browser Switcher in Google Chrome prio ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3840 (Insufficient policy enforcement in Site Isolation in Google Chrome pri ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3839 (Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 al ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3838 (Inappropriate implementation in Autofill in Google Chrome prior to 124 ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3837 (Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3834 (Use after free in Downloads in Google Chrome prior to 124.0.6367.60 al ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3833 (Object corruption in WebAssembly in Google Chrome prior to 124.0.6367. ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowe ...) {DSA-5668-1} - chromium 124.0.6367.60-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...) - wordpress 6.5.2+dfsg1-1 (bug #1069091) NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/ NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/ NOTE: https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3 NOTE: https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3302 CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs showed e ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865 CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3864 CVE-2024-3863 (The executable file warning was not presented when downloading .xrm-ms ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3863 CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine, coul ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862 CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3861 CVE-2024-3860 (An out-of-memory condition during object initialization could result i ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860 CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3859 CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT could cr ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858 CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3857 CVE-2024-3856 (A use-after-free could occur during WASM execution if garbage collecti ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856 CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations, whi ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855 CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch statements ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3854 CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the process ...) - firefox 125.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853 CVE-2024-3852 (GetBoundName could return the wrong version of an object when JIT opti ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 125.0.1-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3852 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) NOT-FOR-US: mindsdb CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) - python-scrapy 2.11.1-1 [bookworm] - python-scrapy (Minor issue) [bullseye] - python-scrapy (Minor issue) [buster] - python-scrapy (Minor issue, HTTP-redirect leak) NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-cw9j-q3vf-hrrv NOTE: https://huntr.com/bounties/49974321-2718-43e3-a152-62b16eed72a9 NOTE: https://github.com/scrapy/scrapy/commit/5bcb8fd5019c72d05c4a96da78a7fcb6ecb55b75 (2.11.1) CVE-2024-3573 (mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impro ...) NOT-FOR-US: mlflow CVE-2024-3572 (The scrapy/scrapy project is vulnerable to XML External Entity (XXE) a ...) - python-scrapy 2.11.1-1 [bookworm] - python-scrapy (Minor issue) [bullseye] - python-scrapy (Minor issue) [buster] - python-scrapy (Minor issue, DoS) NOTE: https://huntr.com/bounties/c4a0fac9-0c5a-4718-9ee4-2d06d58adabb NOTE: https://github.com/scrapy/scrapy/commit/809bfac4890f75fc73607318a04d2ccba71b3d9f (2.11.1) NOTE: The CVE and bounty descriptions discuss general XML issues (not specifically XXE), but NOTE: the bounty comments and the patch discuss a compression bomb. NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-7j7m-v7m3-jqm7 (compression bomb) CVE-2024-3571 (langchain-ai/langchain is vulnerable to path traversal due to improper ...) NOT-FOR-US: langchain CVE-2024-3493 (A specific malformed fragmented packet type (fragmented packets may be ...) NOT-FOR-US: Rockwell CVE-2024-3271 (A command injection vulnerability exists in the run-llama/llama_index ...) NOT-FOR-US: llama_index CVE-2024-3029 (In mintplex-labs/anything-llm, an attacker can exploit improper input ...) NOT-FOR-US: anything-llm CVE-2024-3028 (mintplex-labs/anything-llm is vulnerable to improper input validation, ...) NOT-FOR-US: anything-llm CVE-2024-32557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32036 (ImageSharp is a 2D graphics API. A data leakage flaw was found in Imag ...) NOT-FOR-US: ImageSharp CVE-2024-31784 (An issue in Typora v.1.8.10 and before, allows a local attacker to obt ...) NOT-FOR-US: Typora CVE-2024-31783 (Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, ...) NOT-FOR-US: Typora CVE-2024-31652 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31651 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31650 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31649 (A cross-site scripting (XSS) in Cosmetics and Beauty Product Online St ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2024-31648 (Cross Site Scripting (XSS) in Insurance Management System v1.0, allows ...) NOT-FOR-US: Insurance Management System CVE-2024-31634 (Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 a ...) NOT-FOR-US: Xunruicms CVE-2024-30656 (An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-202 ...) NOT-FOR-US: ireboltt Dream Wristphone CVE-2024-30567 (An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allow ...) NOT-FOR-US: JNT Telecom JNT Liftcom UMS CVE-2024-2912 (An insecure deserialization vulnerability exists in the BentoML framew ...) NOT-FOR-US: BentoML CVE-2024-2424 (An input validation vulnerability exists in the Rockwell Automation501 ...) NOT-FOR-US: Rockwell CVE-2024-2260 (A session fixation vulnerability exists in the zenml-io/zenml applicat ...) NOT-FOR-US: zenml CVE-2024-2083 (A directory traversal vulnerability exists in the zenml-io/zenml repos ...) NOT-FOR-US: zenml CVE-2024-27794 (Claris FileMaker Server before version 20.3.2 was susceptible to a ref ...) NOT-FOR-US: CLaris CVE-2024-23561 (HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information ...) NOT-FOR-US: HCL CVE-2024-23558 (HCL DevOps Deploy / HCL Launch does not invalidate session after logou ...) NOT-FOR-US: HCL CVE-2024-22262 (Applications that use UriComponentsBuilderto parse an externally provi ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2024-22262 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2024-1961 (vertaai/modeldb is vulnerable to a path traversal attack due to improp ...) NOT-FOR-US: vertaai/modeldb CVE-2024-1739 (lunary-ai/lunary is vulnerable to an authentication issue due to impro ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1738 (An incorrect authorization vulnerability exists in the lunary-ai/lunar ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1666 (In lunary-ai/lunary version 1.0.0, an authorization flaw exists that a ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1665 (lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluatio ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1646 (parisneo/lollms-webui is vulnerable to authentication bypass due to in ...) NOT-FOR-US: lollms-webui CVE-2024-1626 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1601 (An SQL injection vulnerability exists in the `delete_discussion()` fun ...) NOT-FOR-US: lollms-webui CVE-2024-1594 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) NOT-FOR-US: mlflow CVE-2024-1593 (A path traversal vulnerability exists in the mlflow/mlflow repository ...) NOT-FOR-US: mlflow CVE-2024-1569 (parisneo/lollms-webui is vulnerable to a denial of service (DoS) attac ...) NOT-FOR-US: lollms-webui CVE-2024-1561 (An issue was discovered in gradio-app/gradio, where the `/component_se ...) NOT-FOR-US: Gradio CVE-2024-1560 (A path traversal vulnerability exists in the mlflow/mlflow repository, ...) NOT-FOR-US: mlflow CVE-2024-1558 (A path traversal vulnerability exists in the `_create_model_version()` ...) NOT-FOR-US: mlflow CVE-2024-1483 (A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, ...) NOT-FOR-US: mlflow CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 ...) NOT-FOR-US: h2oai/h2o-3 CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) - gunicorn (bug #1069126) [bookworm] - gunicorn (Minor issue) [bullseye] - gunicorn (Minor issue) [buster] - gunicorn (Minor issue) NOTE: https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1 NOTE: https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d CVE-2024-0549 (mintplex-labs/anything-llm is vulnerable to a relative path traversal ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0404 (A mass assignment vulnerability exists in the `/api/invite/:code` endp ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2023-33806 (Insecure default configurations in Hikvision Interactive Tablet DS-D5B ...) NOT-FOR-US: Hikvision CVE-2023-3597 (A flaw was found in Keycloak, where it does not correctly validate its ...) NOT-FOR-US: Keycloak CVE-2024-31497 (In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation ...) - putty 0.81-1 [bookworm] - putty (Minor issue) [bullseye] - putty (Minor issue) - filezilla 3.67.0-1 [bookworm] - filezilla (Minor issue) [bullseye] - filezilla (Minor issue) [buster] - filezilla (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/04/15/6 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c193fe9848f50a88a4089aac647fecc31ae96d27 (0.81) CVE-2024-3804 (A vulnerability, which was classified as critical, has been found in V ...) NOT-FOR-US: Vesystem Cloud Desktop CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...) NOT-FOR-US: Vesystem Cloud Desktop CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...) NOT-FOR-US: Celeste CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...) NOT-FOR-US: SourceCodester QR Code Bookmark System CVE-2024-3796 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3795 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3794 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3793 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3792 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3791 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3790 (Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross ...) NOT-FOR-US: WBSAirback CVE-2024-3789 (Uncontrolled resource consumption vulnerability in White Bear Solution ...) NOT-FOR-US: WBSAirback CVE-2024-3788 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) NOT-FOR-US: WBSAirback CVE-2024-3787 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) NOT-FOR-US: WBSAirback CVE-2024-3786 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) NOT-FOR-US: WBSAirback CVE-2024-3785 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) NOT-FOR-US: WBSAirback CVE-2024-3784 (Vulnerability in WBSAirback 21.02.04, which involves improper neutrali ...) NOT-FOR-US: WBSAirback CVE-2024-3783 (The Backup Agents section in WBSAirback 21.02.04 is affected by a Path ...) NOT-FOR-US: WBSAirback CVE-2024-3782 (Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which ...) NOT-FOR-US: WBSAirback CVE-2024-3781 (Command injection vulnerability in the operating system. Improper neut ...) NOT-FOR-US: WBSAirback CVE-2024-3780 (A vulnerability of Information Exposure has been found on Technicolor ...) NOT-FOR-US: Technicolor CVE-2024-32437 (Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce ...) NOT-FOR-US: WordPress plugin CVE-2024-32436 (Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift V ...) NOT-FOR-US: WordPress plugin CVE-2024-32435 (Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiE ...) NOT-FOR-US: WordPress plugin CVE-2024-32434 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Ord ...) NOT-FOR-US: WordPress plugin CVE-2024-32433 (Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32141 (Cross-Site Request Forgery (CSRF) vulnerability in Libsyn Libsyn Publi ...) NOT-FOR-US: WordPress plugin CVE-2024-32129 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) NOT-FOR-US: WordPress plugin CVE-2024-32104 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove ...) NOT-FOR-US: WordPress plugin CVE-2024-32103 (Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This is ...) NOT-FOR-US: WordPress plugin CVE-2024-32102 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clar ...) NOT-FOR-US: WordPress plugin CVE-2024-32101 (Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Mark ...) NOT-FOR-US: WordPress plugin CVE-2024-32099 (Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail ...) NOT-FOR-US: WordPress plugin CVE-2024-32097 (Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO m ...) NOT-FOR-US: WordPress plugin CVE-2024-32096 (Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migrat ...) NOT-FOR-US: WordPress plugin CVE-2024-32095 (Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiP ...) NOT-FOR-US: WordPress plugin CVE-2024-32094 (Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church ...) NOT-FOR-US: WordPress plugin CVE-2024-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist ...) NOT-FOR-US: WordPress plugin CVE-2024-32092 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimi ...) NOT-FOR-US: WordPress plugin CVE-2024-32091 (Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slide ...) NOT-FOR-US: WordPress plugin CVE-2024-32090 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...) NOT-FOR-US: WordPress plugin CVE-2024-32089 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital P ...) NOT-FOR-US: WordPress plugin CVE-2024-32088 (Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soo ...) NOT-FOR-US: WordPress plugin CVE-2024-32085 (Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela ...) NOT-FOR-US: WordPress plugin CVE-2024-32084 (Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before ...) NOT-FOR-US: WordPress plugin CVE-2024-32035 (ImageSharp is a 2D graphics API. A vulnerability discovered in the Ima ...) NOT-FOR-US: ImageSharp CVE-2024-31990 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-31942 (Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista ...) NOT-FOR-US: WordPress plugin CVE-2024-31941 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media ...) NOT-FOR-US: WordPress plugin CVE-2024-31940 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Produc ...) NOT-FOR-US: WordPress plugin CVE-2024-31938 (Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpres ...) NOT-FOR-US: WordPress plugin CVE-2024-31933 (Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team ...) NOT-FOR-US: WordPress plugin CVE-2024-31923 (Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather L ...) NOT-FOR-US: WordPress plugin CVE-2024-31922 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov W ...) NOT-FOR-US: WordPress plugin CVE-2024-31921 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design U ...) NOT-FOR-US: WordPress plugin CVE-2024-31920 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cur ...) NOT-FOR-US: WordPress plugin CVE-2024-31576 REJECTED CVE-2024-31434 (Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The ...) NOT-FOR-US: WordPress plugin CVE-2024-31433 (Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar ...) NOT-FOR-US: WordPress plugin CVE-2024-31432 (Missing Authorization vulnerability in StellarWP Restrict Content.This ...) NOT-FOR-US: WordPress plugin CVE-2024-31431 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Pro ...) NOT-FOR-US: WordPress plugin CVE-2024-31429 (Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sara ...) NOT-FOR-US: WordPress plugin CVE-2024-31428 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conf ...) NOT-FOR-US: WordPress plugin CVE-2024-31427 (Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io ...) NOT-FOR-US: WordPress plugin CVE-2024-31426 (Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Rela ...) NOT-FOR-US: WordPress plugin CVE-2024-31425 (Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This iss ...) NOT-FOR-US: WordPress plugin CVE-2024-31424 (Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia - ideh ...) NOT-FOR-US: WordPress plugin CVE-2024-31422 (Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Fa ...) NOT-FOR-US: WordPress plugin CVE-2024-31421 (Missing Authorization vulnerability in Supsystic Popup by Supsystic.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-31389 (Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.T ...) NOT-FOR-US: WordPress plugin CVE-2024-31388 (Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Cont ...) NOT-FOR-US: WordPress plugin CVE-2024-31385 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary R ...) NOT-FOR-US: WordPress plugin CVE-2024-31384 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and ...) NOT-FOR-US: WordPress plugin CVE-2024-31383 (Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX ...) NOT-FOR-US: WordPress plugin CVE-2024-31382 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ ...) NOT-FOR-US: WordPress plugin CVE-2024-31381 (Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight ...) NOT-FOR-US: WordPress plugin CVE-2024-31379 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash ...) NOT-FOR-US: WordPress plugin CVE-2024-31378 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...) NOT-FOR-US: WordPress plugin CVE-2024-31376 (Cross-Site Request Forgery (CSRF) vulnerability in Andrew Rapps Dashbo ...) NOT-FOR-US: WordPress plugin CVE-2024-31374 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...) NOT-FOR-US: WordPress plugin CVE-2024-31373 (Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue af ...) NOT-FOR-US: WordPress plugin CVE-2024-31219 (Discourse-reactions is a plugin that allows user to add their reaction ...) NOT-FOR-US: Discourse plugin CVE-2024-30840 (A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attac ...) NOT-FOR-US: Tenda CVE-2024-30546 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With ...) NOT-FOR-US: WordPress plugin CVE-2024-30220 (Command injection vulnerability in MZK-MF300N all firmware versions al ...) NOT-FOR-US: MZK-MF300N CVE-2024-30219 (Active debug code vulnerability exists in MZK-MF300N all firmware vers ...) NOT-FOR-US: MZK-MF300N CVE-2024-2659 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...) NOT-FOR-US: Lenovo CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and ear ...) NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...) NOT-FOR-US: KEYENCE KV STUDIO CVE-2024-29217 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Apache Answer CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...) NOT-FOR-US: Cente CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...) NOT-FOR-US: Cente CVE-2024-28558 (SQL Injection vulnerability in sourcecodester Petrol pump management s ...) NOT-FOR-US: Sourcecodester CVE-2024-28557 (SQL Injection vulnerability in Sourcecodester php task management syst ...) NOT-FOR-US: Sourcecodester CVE-2024-28556 (SQL Injection vulnerability in Sourcecodester php task management syst ...) NOT-FOR-US: Sourcecodester CVE-2024-28099 (VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search p ...) NOT-FOR-US: VT Studio CVE-2024-28056 (Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role ...) NOT-FOR-US: Amazon AWS Amplify CLI CVE-2024-26023 (OS command injection vulnerability in BUFFALO wireless LAN routers all ...) NOT-FOR-US: BUFFALO CVE-2024-24898 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - linux (OpenEuler-specific driver) CVE-2024-24891 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - linux (OpenEuler-specific driver) CVE-2024-24487 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) NOT-FOR-US: silex CVE-2024-24486 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) NOT-FOR-US: silex CVE-2024-24485 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...) NOT-FOR-US: silex CVE-2024-23911 (Out-of-bounds read vulnerability caused by improper checking of the op ...) NOT-FOR-US: Cente CVE-2024-23594 (A buffer overflow vulnerability was reported in a system recovery boo ...) NOT-FOR-US: Lenovo CVE-2024-23593 (A vulnerability was reported in a system recovery bootloader that was ...) NOT-FOR-US: Lenovo CVE-2024-23560 (HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revoc ...) NOT-FOR-US: HCL CVE-2024-23559 (HCL DevOps Deploy / Launch is generating an obsolete HTTP header.) NOT-FOR-US: HCL CVE-2024-23486 (Plaintext storage of a password issue exists in BUFFALO wireless LAN r ...) NOT-FOR-US: BUFFALO CVE-2024-22439 (A potential security vulnerability has been identified in HPE FlexFabr ...) NOT-FOR-US: HPE CVE-2024-22438 (A potential security vulnerability has been identified in Hewlett Pack ...) NOT-FOR-US: HPE CVE-2024-22437 (A potential security vulnerability has been identified in VSS Provider ...) NOT-FOR-US: HPE CVE-2024-22435 (A potential security vulnerability has been identified in Web ViewPoin ...) NOT-FOR-US: HPE CVE-2024-22014 (An issue discovered in 360 Total Security Antivirus through 11.0.0.106 ...) NOT-FOR-US: 360 Total Security Antivirus CVE-2023-4857 (An authentication bypass vulnerability was identified in SMM/SMM2 and ...) NOT-FOR-US: Lenovo CVE-2023-4856 (A format string vulnerability was identified in SMM/SMM2 and FPC that ...) NOT-FOR-US: Lenovo CVE-2023-4855 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...) NOT-FOR-US: Lenovo CVE-2023-48710 (iTop is an IT service management platform. Files from the `env-produc ...) NOT-FOR-US: iTop CVE-2023-48709 (iTop is an IT service management platform. When exporting data from b ...) NOT-FOR-US: iTop CVE-2023-47626 (iTop is an IT service management platform. When displaying/editing th ...) NOT-FOR-US: iTop CVE-2023-47622 (iTop is an IT service management platform. When dashlet are refreshed ...) NOT-FOR-US: iTop CVE-2023-47123 (iTop is an IT service management platform. By filling malicious code ...) NOT-FOR-US: iTop CVE-2023-45808 (iTop is an IT service management platform. When creating or updating ...) NOT-FOR-US: iTop CVE-2023-45503 (SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote ...) NOT-FOR-US: Macrob7 Macs CMS CVE-2023-44396 (iTop is an IT service management platform. Dashlet edits ajax endpoin ...) NOT-FOR-US: iTop CVE-2023-43790 (iTop is an IT service management platform. By manipulating HTTP queri ...) NOT-FOR-US: iTop CVE-2023-38511 (iTop is an IT service management platform. Dashboard editor : can loa ...) NOT-FOR-US: iTop CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection] - ngircd 27~rc1-1 [bookworm] - ngircd (Minor issue, will be fixed via point update) [bullseye] - ngircd (Minor issue, will be fixed via point update) [buster] - ngircd (Minor issue, follow bullseye point update) NOTE: https://github.com/ngircd/ngircd/issues/120 NOTE: https://github.com/ngircd/ngircd/commit/817937b218c4b57515f54216ebc936cd69df0aae (rel-27-rc1) CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...) NOT-FOR-US: Ai3 QbiBot CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access control, ...) NOT-FOR-US: Ai3 QbiBot CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is not prope ...) NOT-FOR-US: Netvision airPASS CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files using y ...) NOT-FOR-US: aEnrich Technology CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end retrieval of sy ...) NOT-FOR-US: aEnrich Technology CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 all ...) - pydantic 1.10.13-0.1 [bookworm] - pydantic (Minor issue) [bullseye] - pydantic (Minor issue) NOTE: https://github.com/pydantic/pydantic/pull/7360 NOTE: https://github.com/pydantic/pydantic/commit/e4393ae6145c4dadff739990bb0116c6dec3441b (v2.4.0) NOTE: https://github.com/pydantic/pydantic/pull/7673 NOTE: https://github.com/pydantic/pydantic/commit/59d8f38fd6220e3917c53785dbc70317d6f8e631 (v1.0.13) CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 3.20 and ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record System 3.2 ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3769 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Student Record System CVE-2024-3768 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul News Portal CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...) NOT-FOR-US: PHPGurukul News Portal CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: slowlyo OwlAdmin CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...) NOT-FOR-US: Xiongmai CVE-2024-3764 (** DISPUTED ** A vulnerability classified as problematic has been foun ...) NOT-FOR-US: Tuya Camera CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...) NOT-FOR-US: Emlog Pro CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...) NOT-FOR-US: Emlog Pro CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...) NOT-FOR-US: TECNO Mobile Limited CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...) NOT-FOR-US: JFrog Artifactory Self-Hosted CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.) - tcpdf 6.7.4+dfsg-1 [bookworm] - tcpdf (Minor issue) [bullseye] - tcpdf (Minor issue) NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7 NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 (6.7.4) CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...) NOT-FOR-US: Foxit CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appoi ...) NOT-FOR-US: WordPress plugin CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This is ...) NOT-FOR-US: WordPress plugin CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.T ...) NOT-FOR-US: WordPress plugin CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpT ...) NOT-FOR-US: WordPress plugin CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPr ...) NOT-FOR-US: WordPress plugin CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads. ...) NOT-FOR-US: WordPress plugin CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) NOT-FOR-US: WordPress plugin CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...) NOT-FOR-US: WordPress plugin CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team We ...) NOT-FOR-US: WordPress plugin CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Downloa ...) NOT-FOR-US: WordPress plugin CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...) NOT-FOR-US: WordPress plugin CVE-2024-32440 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...) NOT-FOR-US: WordPress plugin CVE-2024-32439 (Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client ...) NOT-FOR-US: WordPress plugin CVE-2024-32438 (Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com S ...) NOT-FOR-US: WordPress plugin CVE-2024-32431 (Deserialization of Untrusted Data vulnerability in WP All Import Impor ...) NOT-FOR-US: WordPress plugin CVE-2024-32430 (Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-32429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32147 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32145 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32140 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32139 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32137 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32136 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32134 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32133 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32132 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32127 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32125 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32098 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post ...) NOT-FOR-US: WordPress plugin CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov ...) NOT-FOR-US: WordPress plugin CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change de ...) NOT-FOR-US: WordPress plugin CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social ...) NOT-FOR-US: WordPress plugin CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...) NOT-FOR-US: WordPress plugin CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...) NOT-FOR-US: WordPress plugin CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...) NOT-FOR-US: Evolution Controller CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29842 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29841 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29840 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29839 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29838 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29837 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-29836 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...) NOT-FOR-US: Evolution Controller CVE-2024-27462 REJECTED CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection vulnerabi ...) NOT-FOR-US: ASUS WiFi routers CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent users wit ...) NOT-FOR-US: WordPress plugin CVE-2024-1307 (The Smart Forms WordPress plugin before 2.6.94 does not have proper a ...) NOT-FOR-US: WordPress plugin CVE-2024-1306 (The Smart Forms WordPress plugin before 2.6.94 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2024-1204 (The Meta Box WordPress plugin before 5.9.4 does not prevent users wit ...) NOT-FOR-US: WordPress plugin CVE-2024-0902 (The Fancy Product Designer WordPress plugin before 6.1.81 does not san ...) NOT-FOR-US: WordPress plugin CVE-2024-0399 (The WooCommerce Customers Manager WordPress plugin before 29.7 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-7201 (The Everest Backup WordPress plugin before 2.2.5 does not properly va ...) NOT-FOR-US: WordPress plugin CVE-2023-6067 (The WP User Profile Avatar WordPress plugin through 1.0.1 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-3508 (A flaw was found in Bombastic, which allows authenticated users to upl ...) NOT-FOR-US: Bombastic's use of bzip2 CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()] {DLA-3811-1} - python-idna (bug #1069127) [bookworm] - python-idna (Minor issue) [bullseye] - python-idna (Minor issue) NOTE: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779 NOTE: Fixed by: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (v3.7) CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) TODO: check CVE-2024-24862 (In function pci1xxxx_spi_probe, there is a potential null pointer that ...) TODO: check CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3738 (A vulnerability classified as critical has been found in cym1102 nginx ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3737 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3736 (A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has be ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3735 (A vulnerability was found in Smart Office up to 20240405. It has been ...) NOT-FOR-US: Smart Office CVE-2024-3721 (A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 ...) NOT-FOR-US: TBK DVR-4104 and DVR-4216 CVE-2024-3720 (A vulnerability has been found in Tianwell Fire Intelligent Command Pl ...) NOT-FOR-US: Tianwell Fire Intelligent Command Platform CVE-2024-3719 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) {DSA-5679-1} - less 590-2.1 (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 CVE-2024-26817 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1 DSA-5680-1} - linux NOTE: https://git.kernel.org/linus/3b0daecfeac0103aba8b293df07a0cbaf8b43f29 CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...) NOT-FOR-US: OpenTelemetry dotnet CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...) - netdata (Vulnerable code not present) NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93 NOTE: https://github.com/netdata/netdata/pull/17377 CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...) NOT-FOR-US: NiceGUI CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...) NOT-FOR-US: Winter CMS CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...) NOT-FOR-US: Stable Diffusion webui CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...) NOT-FOR-US: Xibo CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...) NOT-FOR-US: Xibo CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...) - traefik (bug #983289) CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) NOT-FOR-US: OpenGnsys CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) NOT-FOR-US: OpenGnsys CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) NOT-FOR-US: OpenGnsys CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) NOT-FOR-US: Zhejiang Land Zongheng Network Technology O2OA CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) NOT-FOR-US: Xiamen Four-Faith RMP Router Management Platform CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) NOT-FOR-US: bihell Dice CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) NOT-FOR-US: DedeCMS CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) NOT-FOR-US: DedeCMS CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) NOT-FOR-US: matrix-appservice-irc CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) NOT-FOR-US: DerbyNet CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) NOT-FOR-US: WordPress plugin CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) NOT-FOR-US: WordPress plugin CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) NOT-FOR-US: WordPress plugin CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) NOT-FOR-US: WordPress plugin CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) NOT-FOR-US: WordPress plugin CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) NOT-FOR-US: WordPress plugin CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) NOT-FOR-US: WordPress plugin CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) NOT-FOR-US: WordPress plugin CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) NOT-FOR-US: WordPress plugin CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) NOT-FOR-US: WordPress plugin CVE-2024-31293 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...) NOT-FOR-US: WordPress plugin CVE-2024-31289 (Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Ele ...) NOT-FOR-US: WordPress plugin CVE-2024-31279 (Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Gener ...) NOT-FOR-US: WordPress plugin CVE-2024-31272 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...) NOT-FOR-US: WordPress plugin CVE-2024-31271 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate ...) NOT-FOR-US: WordPress plugin CVE-2024-31269 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) NOT-FOR-US: WordPress plugin CVE-2024-31268 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...) NOT-FOR-US: WordPress plugin CVE-2024-31265 (Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This is ...) NOT-FOR-US: WordPress plugin CVE-2024-31264 (Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counte ...) NOT-FOR-US: WordPress plugin CVE-2024-31263 (Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repaymen ...) NOT-FOR-US: WordPress plugin CVE-2024-31262 (Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce ...) NOT-FOR-US: WordPress plugin CVE-2024-31251 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) NOT-FOR-US: WordPress plugin CVE-2024-31250 (Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP ...) NOT-FOR-US: WordPress plugin CVE-2024-31239 (Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Soc ...) NOT-FOR-US: WordPress plugin CVE-2024-31238 (Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Onlin ...) NOT-FOR-US: WordPress plugin CVE-2024-31235 (Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-31069 (IO-1020 Micro ELD web server uses a default password for authenticatio ...) NOT-FOR-US: IO-1020 Micro ELD web server CVE-2024-30845 (Cross Site Scripting vulnerability in Rainbow external link network di ...) NOT-FOR-US: Rainbow external link network disk CVE-2024-30410 (An Incorrect Behavior Order in the routing engine (RE) of Juniper Netw ...) NOT-FOR-US: Juniper CVE-2024-30409 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-30407 (The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Net ...) NOT-FOR-US: Juniper CVE-2024-30406 (A Cleartext Storage in a File on Disk vulnerability in Juniper Network ...) NOT-FOR-US: Juniper CVE-2024-30405 (An Incorrect Calculation of Buffer Size vulnerability in Juniper Netwo ...) NOT-FOR-US: Juniper CVE-2024-30403 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...) NOT-FOR-US: Juniper CVE-2024-30402 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-30401 (An Out-of-bounds Read vulnerability in the advanced forwarding managem ...) NOT-FOR-US: Juniper CVE-2024-30398 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) NOT-FOR-US: Juniper CVE-2024-30397 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-30395 (AnImproper Validation of Specified Type of Input vulnerability in Rout ...) NOT-FOR-US: Juniper CVE-2024-30394 (AStack-based Buffer Overflow vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2024-30392 (A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon ...) NOT-FOR-US: Juniper CVE-2024-30391 (A Missing Authentication for Critical Function vulnerability in the Pa ...) NOT-FOR-US: Juniper CVE-2024-30390 (An Improper Restriction of Excessive Authentication Attempts vulnerabi ...) NOT-FOR-US: Juniper CVE-2024-30389 (An Incorrect Behavior Order vulnerability in the Packet Forwarding Eng ...) NOT-FOR-US: Juniper CVE-2024-30388 (An Improper Isolation or Compartmentalization vulnerability in the Pac ...) NOT-FOR-US: Juniper CVE-2024-30387 (AMissing Synchronization vulnerability in the Packet Forwarding Engine ...) NOT-FOR-US: Juniper CVE-2024-30386 (A Use-After-Free vulnerability in theLayer 2 Address Learning Daemon ( ...) NOT-FOR-US: Juniper CVE-2024-30384 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-30382 (An Improper Handling of Exceptional Conditions vulnerability in the ro ...) NOT-FOR-US: Juniper CVE-2024-30381 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...) NOT-FOR-US: Juniper CVE-2024-30210 (IO-1020 Micro ELD uses a default WIFI password that could allow an adj ...) NOT-FOR-US: IO-1020 Micro ELD CVE-2024-2397 (Due to a bug in packet data buffers management, the PPP printer in tcp ...) - tcpdump (Vulnerable code not present in any version uploaded to Debian) NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/0d4083ee8687a9f6578e26a1407bd9f2a9d27885 NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 CVE-2024-29461 (An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote a ...) NOT-FOR-US: Floodlight CVE-2024-28878 (IO-1020 Micro ELD downloads source code or an executable from an adja ...) NOT-FOR-US: IO-1020 Micro ELD CVE-2024-28718 (An issue in OpenStack magnum yoga-eom version allows a remote attacker ...) NOT-FOR-US: OpenStack magnum yoga-eom CVE-2024-27261 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could al ...) NOT-FOR-US: IBM CVE-2024-25545 (An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to e ...) NOT-FOR-US: Weave Weave Desktop CVE-2024-22359 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) NOT-FOR-US: IBM CVE-2024-22358 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) NOT-FOR-US: IBM CVE-2024-22339 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) NOT-FOR-US: IBM CVE-2024-22334 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) NOT-FOR-US: IBM CVE-2024-21618 (An Access of Memory Location After End of Buffer vulnerability in the ...) NOT-FOR-US: Juniper CVE-2024-21615 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2024-21610 (An Improper Handling of Exceptional Conditions vulnerability in the Cl ...) NOT-FOR-US: Juniper CVE-2024-21609 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2024-21605 (An Exposure of Resource to Wrong Sphere vulnerability in the Packet Fo ...) NOT-FOR-US: Juniper CVE-2024-21598 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21593 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21590 (An Improper Input Validation vulnerability in Juniper Tunnel Driver (j ...) NOT-FOR-US: Juniper CVE-2024-0157 (Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session ...) NOT-FOR-US: Dell CVE-2023-52211 (Missing Authorization vulnerability in Automattic WP Job Manager.This ...) NOT-FOR-US: WordPress plugin CVE-2023-51515 (Missing Authorization vulnerability in Undsgn Uncode Core allows Privi ...) NOT-FOR-US: WordPress plugin CVE-2023-51499 (Missing Authorization vulnerability in WooCommerce WooCommerce Shippin ...) NOT-FOR-US: WordPress plugin CVE-2023-51409 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2023-47714 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1 ...) NOT-FOR-US: IBM CVE-2024-31391 (Insertion of Sensitive Information into Log File vulnerability in the ...) NOT-FOR-US: Apache Solr Operator CVE-2024-3625 (A flaw was found in Quay, where Quay's database is stored in plain tex ...) NOT-FOR-US: mirror-registry for Quay CVE-2024-3624 (A flaw was found in how Quay's database is stored in plain-text in mir ...) NOT-FOR-US: mirror-registry for Quay CVE-2024-3623 (A flaw was found when using mirror-registry to install Quay. It uses a ...) NOT-FOR-US: mirror-registry for Quay CVE-2024-3622 (A flaw was found when using mirror-registry to install Quay. It uses a ...) NOT-FOR-US: mirror-registry for Quay CVE-2024-3400 (A command injection as a result of arbitrary file creation vulnerabili ...) NOT-FOR-US: Palo Alto Networks CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) NOT-FOR-US: tiagorlampert CHAOS CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...) NOT-FOR-US: Ametys CMS CVE-2024-2801 (The Shopkeeper Extender plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) NOT-FOR-US: RuoYi CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) - swftools CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) NOT-FOR-US: Corezoid Process Engine CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) NOT-FOR-US: Thesycon CVE-2024-22734 (An issue was discovered in AMCS Group Trux Waste Management Software b ...) NOT-FOR-US: AMCS Group Trux Waste Management Software CVE-2024-22526 (Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows loca ...) NOT-FOR-US: bandisoft bandiview CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) NOT-FOR-US: IBM CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) NOT-FOR-US: IBM CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) - ffmpeg [bookworm] - ffmpeg (Pick up when fixed in 5.1.x) [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/10691 NOTE: Introduced after: https://github.com/FFmpeg/FFmpeg/commit/f05c52985cf80d565c6e91fb4749e57dd8977d3e (n5.1) CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) NOT-FOR-US: Reportico Till CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) NOT-FOR-US: IBM CVE-2023-44857 (An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44856 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44855 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44854 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2024-1874 (In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...) - php8.2 (Windows-specific) - php7.4 (Windows-specific) - php7.3 (Windows-specific) NOTE: Fixed in: 8.2.18, 8.1.28 NOTE: https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 NOTE: Only affects improper handling of command line arguments on Windows NOTE: https://github.com/php/php-src/commit/e3c784f2bfb6029b49d27783b2efc87ee6923f79 CVE-2024-2756 (Due to an incomplete fix to CVE-2022-31629 https://github.com/advisor ...) {DSA-5661-1 DSA-5660-1 DLA-3810-1} - php8.2 8.2.18-1 - php7.4 - php7.3 NOTE: Fixed in: 8.2.18, 8.1.28 NOTE: https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 NOTE: https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53 CVE-2024-3096 (In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...) {DSA-5661-1 DSA-5660-1 DLA-3810-1} - php8.2 8.2.18-1 - php7.4 - php7.3 NOTE: Fixed in: 8.2.18, 8.1.28 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr NOTE: https://github.com/php/php-src/commit/0ba5229a3f7572846e91c8f5382e87785f543826 CVE-2024-2757 (In PHP 8.3.* before 8.3.5, functionmb_encode_mimeheader() runs endless ...) - php8.2 (Only affects 8.3) - php7.4 (Only affects 8.3) - php7.3 (Only affects 8.3) NOTE: Fixed in: 8.3.6 NOTE: https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq NOTE: https://github.com/php/php-src/commit/3394efc63e52a017995f92d8da4ef28224247bb3 CVE-2024-27309 (While an Apache Kafka cluster is being migrated from ZooKeeper mode to ...) - kafka (bug #786460) CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-3343 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-32112 (Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. ...) NOT-FOR-US: WordPress plugin CVE-2024-32109 (Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / ...) NOT-FOR-US: WordPress plugin CVE-2024-32108 (Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Con ...) NOT-FOR-US: WordPress plugin CVE-2024-32107 (Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Li ...) NOT-FOR-US: WordPress plugin CVE-2024-32106 (Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Comp ...) NOT-FOR-US: WordPress plugin CVE-2024-32105 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) NOT-FOR-US: WordPress plugin CVE-2024-32083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-32080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31936 (Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP ...) NOT-FOR-US: WordPress plugin CVE-2024-31935 (Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple ...) NOT-FOR-US: WordPress plugin CVE-2024-31934 (Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link W ...) NOT-FOR-US: WordPress plugin CVE-2024-31932 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Bloc ...) NOT-FOR-US: WordPress plugin CVE-2024-31931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31861 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31678 (Sourcecodester Loan Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Sourcecodester Loan Management System CVE-2024-31387 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31285 (Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress T ...) NOT-FOR-US: WordPress plugin CVE-2024-30273 (Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack- ...) NOT-FOR-US: Adobe CVE-2024-30272 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2024-29454 (An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) NOT-FOR-US: Linksys CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) NOT-FOR-US: Form Tools CVE-2024-22721 (Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 al ...) NOT-FOR-US: Form Tools CVE-2024-22719 (SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to ru ...) NOT-FOR-US: Form Tools CVE-2024-22718 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) NOT-FOR-US: Form Tools CVE-2024-22717 (Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows at ...) NOT-FOR-US: Form Tools CVE-2024-20798 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-o ...) NOT-FOR-US: Adobe CVE-2024-20797 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2024-20796 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2024-20795 (Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer ...) NOT-FOR-US: Adobe CVE-2024-20794 (Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Poi ...) NOT-FOR-US: Adobe CVE-2024-20771 (Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2024-0881 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) NOT-FOR-US: WordPress plugin CVE-2023-5394 (Server receiving a malformed message that where the GCL message hostna ...) NOT-FOR-US: Honeywell CVE-2023-5393 (Server receiving a malformed message that causes a disconnect to a hos ...) NOT-FOR-US: Honeywell CVE-2023-5392 (C300 information leak due to an analysis feature which allows extracti ...) NOT-FOR-US: Honeywell CVE-2023-50949 (IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauth ...) NOT-FOR-US: IBM CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appointmen ...) NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) NOT-FOR-US: Bosch CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...) - gitlab CVE-2023-6678 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan (bug #1069194) NOTE: https://github.com/libreswan/libreswan/issues/1665 NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/03caa63de1e34c29dd3e7e835070d363ca197bfd NOTE: Patch: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.patch NOTE: Advisory: https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt CVE-2024-3621 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3620 (A vulnerability was found in SourceCodester Kortex Lite Advocate Offic ...) NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3619 (A vulnerability has been found in SourceCodester Kortex Lite Advocate ...) NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3618 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3617 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System CVE-2024-3616 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3614 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3613 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3612 (A vulnerability was found in SourceCodester Warehouse Management Syste ...) NOT-FOR-US: SourceCodester Warehouse Management System CVE-2024-3285 (The Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive Word ...) NOT-FOR-US: WordPress plugin CVE-2024-32001 (SpiceDB is a graph database purpose-built for storing and evaluating a ...) NOT-FOR-US: SpiceDB CVE-2024-31999 (@festify/secure-session creates a secure stateless cookie session for ...) NOT-FOR-US: @festify/secure-session CVE-2024-31997 (XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, ...) NOT-FOR-US: XWiki CVE-2024-31996 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) NOT-FOR-US: XWiki CVE-2024-31995 (`@digitalbazaar/zcap` provides JavaScript reference implementation for ...) NOT-FOR-US: @digitalbazaar/zcap CVE-2024-31988 (XWiki Platform is a generic wiki platform. Starting in version 13.9-rc ...) NOT-FOR-US: XWiki CVE-2024-31987 (XWiki Platform is a generic wiki platform. Starting in version 6.4-mil ...) NOT-FOR-US: XWiki CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) NOT-FOR-US: XWiki CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) NOT-FOR-US: XWiki CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) - fastdds [bookworm] - fastdds (Minor issue) [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/issues/4609 CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) - fastdds [bookworm] - fastdds (Minor issue) [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/issues/4609 CVE-2024-30915 (An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de ...) NOT-FOR-US: OpenDDS CVE-2024-30885 (Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, a ...) NOT-FOR-US: HadSky CVE-2024-30884 (Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version ...) NOT-FOR-US: Discuz! CVE-2024-30883 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) NOT-FOR-US: RageFrame2 CVE-2024-30880 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) NOT-FOR-US: RageFrame2 CVE-2024-30879 (Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6. ...) NOT-FOR-US: RageFrame2 CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allo ...) NOT-FOR-US: RageFrame2 CVE-2024-30728 (An issue was discovered in the default configurations of ROS (Robot Op ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) NOT-FOR-US: WordPress plugin CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...) NOT-FOR-US: Cosign CVE-2024-29902 (Cosign provides code signing and transparency for containers and binar ...) NOT-FOR-US: Cosign CVE-2024-29504 (Cross Site Scripting vulnerability in Summernote v.0.8.18 and before a ...) NOT-FOR-US: Summernote CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate th ...) NOT-FOR-US: PX4 Autopilot CVE-2024-29455 (An arbitrary file upload vulnerability has been discovered in ROS2 Hum ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29452 (An insecure deserialization vulnerability has been identified in ROS2 ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29450 (An issue has been discovered in the permission and access control comp ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29449 (An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29448 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29447 (An issue was discovered in the default configurations of ROS2 Humble H ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29445 (An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawk ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29444 (An OS command injection vulnerability has been discovered in ROS2 (Rob ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29443 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29441 (An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawk ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29439 (An unauthorized node injection vulnerability has been identified in RO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29399 (An issue was discovered in GNU Savane v.3.13 and before, allows a remo ...) NOT-FOR-US: GNU Savane CVE-2024-29220 (Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-26362 (HTML injection vulnerability in Enpass Password Manager Desktop Client ...) NOT-FOR-US: WordPress plugin CVE-2024-26019 (Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-25572 (Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms ...) NOT-FOR-US: WordPress plugin CVE-2024-21508 (Versions of the package mysql2 before 3.9.4 are vulnerable to Remote C ...) NOT-FOR-US: Node mysql2 CVE-2023-6811 (The Language Translate Widget for WordPress \u2013 ConveyThis plugin f ...) NOT-FOR-US: WordPress plugin CVE-2023-6257 (The Inline Related Posts WordPress plugin before 3.6.0 does not ensure ...) NOT-FOR-US: WordPress plugin CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...) NOT-FOR-US: anything-llm CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...) NOT-FOR-US: anything-llm CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) NOT-FOR-US: huggingface/transformers CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) - qemu 1:8.2.3+ds-1 (bug #1068822) [bookworm] - qemu (Vulnerable code introduced later) [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273 NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/f199b13bc113c46eaddcf9f375d13f1e400b4e35 (v8.1.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/83ddb3dbba2ee0f1767442ae6ee665058aeb1093 (v9.0.0-rc3) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719 (v8.2.3) CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) - nodejs (Only affects Windows) CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) {DSA-5656-1} - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) {DSA-5656-1} - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) NOT-FOR-US: Mautic CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) NOT-FOR-US: Palo Alto Networks CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) NOT-FOR-US: anything-llm CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) {DSA-5656-1} - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) NOT-FOR-US: anything-llm CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) NOT-FOR-US: anything-llm CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) NOT-FOR-US: anything-llm CVE-2024-31984 (XWiki Platform is a generic wiki platform. Starting in version 7.2-rc- ...) NOT-FOR-US: XWiki CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) NOT-FOR-US: XWiki CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) NOT-FOR-US: XWiki CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) NOT-FOR-US: XWiki CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) NOT-FOR-US: WordPress plugin CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) NOT-FOR-US: WordPress plugin CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) NOT-FOR-US: WordPress plugin CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) NOT-FOR-US: WordPress plugin CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) NOT-FOR-US: IBM CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) NOT-FOR-US: IBM CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) NOT-FOR-US: WWBN AVideo CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) NOT-FOR-US: FortiGuard CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) NOT-FOR-US: XWiki CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) NOT-FOR-US: XWiki CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) NOT-FOR-US: Plane CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) NOT-FOR-US: WordPress plugin CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) NOT-FOR-US: WordPress plugin CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31355 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31353 (Insertion of Sensitive Information into Log File vulnerability in Trib ...) NOT-FOR-US: WordPress plugin CVE-2024-31343 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...) NOT-FOR-US: WordPress plugin CVE-2024-31342 (Missing Authorization vulnerability in WPcloudgallery WordPress Galler ...) NOT-FOR-US: WordPress plugin CVE-2024-31302 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-31299 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary R ...) NOT-FOR-US: WordPress plugin CVE-2024-31298 (Insertion of Sensitive Information into Log File vulnerability in Joel ...) NOT-FOR-US: WordPress plugin CVE-2024-31297 (Missing Authorization vulnerability in WPExperts Wholesale For WooComm ...) NOT-FOR-US: WordPress plugin CVE-2024-31287 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-31282 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...) NOT-FOR-US: WordPress plugin CVE-2024-31278 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-31259 (Insertion of Sensitive Information into Log File vulnerability in Sear ...) NOT-FOR-US: WordPress plugin CVE-2024-31254 (Insertion of Sensitive Information into Log File vulnerability in WebT ...) NOT-FOR-US: WordPress plugin CVE-2024-31253 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2024-31249 (Insertion of Sensitive Information into Log File vulnerability in WPKu ...) NOT-FOR-US: WordPress plugin CVE-2024-31247 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) NOT-FOR-US: WordPress plugin CVE-2024-31245 (Insertion of Sensitive Information into Log File vulnerability in Conv ...) NOT-FOR-US: WordPress plugin CVE-2024-31242 (Missing Authorization vulnerability in Bricksforge.This issue affects ...) NOT-FOR-US: WordPress plugin CVE-2024-31240 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-31230 (Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive ...) NOT-FOR-US: WordPress plugin CVE-2024-31214 (Traccar is an open source GPS tracking system. Traccar versions 5.1 th ...) NOT-FOR-US: Traccar CVE-2024-2952 (BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) ...) NOT-FOR-US: BerriAI/litellm CVE-2024-2731 (Users with low privileges (all permissions deselected in the administr ...) NOT-FOR-US: Mautic CVE-2024-2730 (Mautic uses predictable page indices for unpublished landing pages, th ...) NOT-FOR-US: Mautic CVE-2024-2221 (qdrant/qdrant is vulnerable to a path traversal and arbitrary file upl ...) NOT-FOR-US: qdrant CVE-2024-2217 (gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, a ...) NOT-FOR-US: gaizhenbiao/chuanhuchatgpt CVE-2024-2196 (aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allow ...) NOT-FOR-US: aimhubio/aim CVE-2024-2195 (A critical Remote Code Execution (RCE) vulnerability was identified in ...) NOT-FOR-US: aimhubio/aim CVE-2024-2029 (A command injection vulnerability exists in the `TranscriptEndpoint` o ...) NOT-FOR-US: mudler/localai CVE-2024-29502 (An issue in Secure Lockdown Multi Application Edition v2.00.219 allows ...) NOT-FOR-US: Secure Lockdown Multi Application CVE-2024-29500 (An issue in the kiosk mode of Secure Lockdown Multi Application Editio ...) NOT-FOR-US: Secure Lockdown Multi Application CVE-2024-29296 (A user enumeration vulnerability was found in Portainer CE 2.19.4. Thi ...) NOT-FOR-US: Portainer CVE-2024-29269 (An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows a ...) NOT-FOR-US: Telesquare TLR-2005Ksh CVE-2024-28345 (An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows ...) NOT-FOR-US: Sipwise C5 NGCP Dashboard CVE-2024-28344 (An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard ...) NOT-FOR-US: Sipwise C5 NGCP Dashboard CVE-2024-27477 (In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within ...) NOT-FOR-US: Leantime CVE-2024-27476 (Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/ti ...) NOT-FOR-US: Leantime CVE-2024-27474 (Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). Thi ...) NOT-FOR-US: Leantime CVE-2024-26122 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26098 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26097 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26087 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26084 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26079 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26076 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26047 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26046 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-24809 (Traccar is an open source GPS tracking system. Versions prior to 6.0 a ...) NOT-FOR-US: Traccar CVE-2024-23735 (Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate ...) NOT-FOR-US: savignano S/Notify CVE-2024-23734 (Cross Site Request Forgery vulnerability in in the upload functionalit ...) NOT-FOR-US: savignano S/Notify CVE-2024-23083 (Time4J Base v5.9.3 was discovered to contain a NullPointerException vi ...) NOT-FOR-US: Time4J Base CVE-2024-23080 (Joda Time v2.12.5 was discovered to contain a NullPointerException via ...) NOT-FOR-US: Joda Time CVE-2024-23077 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) NOT-FOR-US: Disputed JFreeChart issue CVE-2024-23076 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) NOT-FOR-US: Disputed JFreeChart issue CVE-2024-20780 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20779 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20778 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20772 (Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a St ...) NOT-FOR-US: Adobe CVE-2024-20770 (Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2024-20766 (InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an ...) NOT-FOR-US: Adobe CVE-2024-20759 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...) NOT-FOR-US: Adobe CVE-2024-20758 (Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and ...) NOT-FOR-US: Adobe CVE-2024-20737 (After Effects versions 24.1, 23.6.2 and earlier are affected by an out ...) NOT-FOR-US: Adobe CVE-2024-1902 (lunary-ai/lunary is vulnerable to a session reuse attack, allowing a r ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1741 (lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1740 (In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1728 (gradio-app/gradio is vulnerable to a local file inclusion vulnerabilit ...) NOT-FOR-US: Gradio CVE-2024-1643 (By knowing an organization's ID, an attacker can join the organization ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1625 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1602 (parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XS ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-1600 (A Local File Inclusion (LFI) vulnerability exists in the parisneo/loll ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-1599 (lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project c ...) NOT-FOR-US: lunary-ai/lunary CVE-2024-1520 (An OS Command Injection vulnerability exists in the '/open_code_folder ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-1511 (The parisneo/lollms-webui repository is susceptible to a path traversa ...) NOT-FOR-US: parisneo/lollms-webui CVE-2024-0218 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, c ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive information. ...) NOT-FOR-US: Nozomi Networks CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) NOT-FOR-US: Disputed JFreeChart issue CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - ofono (bug #1069679) [bookworm] - ofono (Minor issue) [bullseye] - ofono (Minor issue) [buster] - ofono (Minor issue, follow bullseye) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387 NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682 NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400 NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877ef7d15a7b0b8b79d32ad0a3607e NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1edb588c6a5e2688880b065a39c9 CVE-2021-47219 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/f347c26836c270199de1599c3cd466bb7747caa9 (5.16-rc1) CVE-2021-47218 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dc27f3c5d10c58069672215787a96b4fae01818b (5.16-rc3) CVE-2021-47217 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/daf972118c517b91f74ff1731417feb4270625a4 (5.16-rc2) CVE-2021-47216 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/d4996c6eac4c81b8872043e9391563f67f13e406 (5.16-rc1) CVE-2021-47215 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6 (5.16-rc2) CVE-2021-47214 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cc30042df6fcc82ea18acf0dace831503e60a0b7 (5.16-rc2) CVE-2021-47213 REJECTED CVE-2021-47212 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.5-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (5.16-rc2) CVE-2021-47211 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/b97053df0f04747c3c1e021ecbe99db675342954 (5.16-rc1) CVE-2021-47210 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/b7a0a63f3fed57d413bb857de164ea9c3984bc4e (5.16-rc1) CVE-2021-47209 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b027789e5e50494c2325cc70c8642e7fd6059479 (5.16-rc1) CVE-2021-47207 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/a0d21bb3279476c777434c40d969ea88ca64f9aa (5.16-rc1) CVE-2021-47206 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/9eff2b2e59fda25051ab36cd1cb5014661df657b (5.16-rc1) CVE-2021-47205 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/9bec2b9c6134052994115d2d3374e96f2ccb9b9d (5.16-rc1) CVE-2021-47204 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/9b5a333272a48c2f8b30add7a874e46e8b26129c (5.16-rc2) CVE-2021-47203 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/99154581b05c8fb22607afb7c3d66c1bace6aa5d (5.16-rc1) CVE-2021-47202 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/96cfe05051fd8543cdedd6807ec59a0e6c409195 (5.16-rc1) CVE-2021-47201 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/89f22f129696ab53cfbc608e0a2184d0fea46ac1 (5.16-rc2) CVE-2021-47200 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.15.5-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8244a3bc27b3efd057da154b8d7e414670d5044f (5.16-rc1) CVE-2021-47199 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.5-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/806401c20a0f9c51b6c8fd7035671e6ca841f6c2 (5.16-rc2) CVE-2021-47198 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/79b20beccea3a3938a8500acef4e6b9d7c66142f (5.16-rc1) CVE-2021-47197 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/76ded29d3fcda4928da8849ffc446ea46871c1c2 (5.16-rc2) CVE-2021-47196 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6cd7397d01c4a3e09757840299e4f114f0aa5fa0 (5.16-rc2) CVE-2021-47195 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6c53b45c71b4920b5e62f0ea8079a1da382b9434 (5.16-rc2) CVE-2021-47194 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/563fbefed46ae4c1f70cffb8eb54c02df480b2c2 (5.16-rc2) CVE-2021-47193 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/51e6ed83bb4ade7c360551fa4ae55c4eacea354b (5.16-rc1) CVE-2021-47192 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4edd8cd4e86dd3047e5294bbefcc0a08f66a430f (5.16-rc2) CVE-2021-47191 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/4e3ace0051e7e504b55d239daab8789dd89b863c (5.16-rc1) CVE-2021-47190 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4924b1f7c46711762fd0e65c135ccfbcfd6ded1f (5.16-rc1) CVE-2021-47189 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/45da9c1767ac31857df572f0a909fbe88fd5a7e9 (5.16-rc2) CVE-2021-47188 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566 (5.16-rc2) CVE-2021-47187 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/3f1dcaff642e75c1d2ad03f783fa8a3b1f56dd50 (5.16-rc1) CVE-2021-47186 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/3e6db079751afd527bf3db32314ae938dc571916 (5.16-rc2) CVE-2021-47185 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/3968ddcf05fb4b9409cd1859feb06a5b0550a1c1 (5.16-rc1) CVE-2021-47184 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/37d9e304acd903a445df8208b8a13d707902dea6 (5.16-rc2) CVE-2021-47183 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/1854f53ccd88ad4e7568ddfafafffe71f1ceb0a6 (5.16-rc1) CVE-2021-47182 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 NOTE: https://git.kernel.org/linus/17b49bcbf8351d3dbe57204468ac34f033ed60bc (5.16-rc1) CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1) CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved: x ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5658-1} - linux 6.7.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1) CVE-2024-3447 - qemu 1:8.2.3+ds-1 (bug #1068821) [bookworm] - qemu (Minor issue) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) NOTE: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ NOTE: https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9e4b27ca6bf4974f169bbca7f3dca117b1208b6f (v9.0.0-rc3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/35a67d2aa8caf8eb0bee7d38515924c95417047e (v8.2.3) CVE-2024-2905 (A security vulnerability has been discovered within rpm-ostree, pertai ...) NOT-FOR-US: rpm-ostree CVE-2024-2243 (A vulnerability was found in csmock where a regular user of the OSH se ...) NOT-FOR-US: csmock CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Church Management System CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) NOT-FOR-US: Byzoro CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) NOT-FOR-US: PowerSYSTEM Server CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) - sngrep 1.8.1-1 (bug #1068818) [bookworm] - sngrep (Minor issue) [bullseye] - sngrep (Minor issue) [buster] - sngrep (Minor issue) NOTE: https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1) CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) - sngrep 1.8.1-1 (bug #1068818) [bookworm] - sngrep (Minor issue) [bullseye] - sngrep (Minor issue) [buster] - sngrep (Minor issue) NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1) CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30716 (An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSIO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30715 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30713 (An OS command injection vulnerability has been discovered in ROS2 Dash ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30712 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30711 (An issue was discovered in the default configurations of ROS2 Dashing ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30710 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30707 (Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-2736 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2735 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2734 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2733 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2666 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2665 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2664 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2655 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2539 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2428 (The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 ...) NOT-FOR-US: WordPress plugin CVE-2024-22450 (Dell Alienware Command Center, versions prior to 6.2.7.0, contain an u ...) NOT-FOR-US: Dell CVE-2024-22448 (Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authe ...) NOT-FOR-US: Dell CVE-2024-21509 (Versions of the package mysql2 before 3.9.4 are vulnerable to Prototyp ...) NOT-FOR-US: Node mysql2 CVE-2024-21507 (Versions of the package mysql2 before 3.9.3 are vulnerable to Improper ...) NOT-FOR-US: Node mysql2 CVE-2024-1780 (The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1042 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-1041 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-0159 (Dell Alienware Command Center, versions 5.5.52.0 and prior, contain im ...) NOT-FOR-US: Dell CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves multiple t ...) NOT-FOR-US: JBoss EAP CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnera ...) NOT-FOR-US: HCL CVE-2023-40148 (Server-side request forgery (SSRF) in PingFederate allows unauthentica ...) NOT-FOR-US: Ping Identity CVE-2024-3545 (Improper permission handling in the vault offline cache feature in Dev ...) NOT-FOR-US: Devolutions CVE-2024-3514 REJECTED CVE-2024-3512 REJECTED CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices (virtio-g ...) - qemu 1:8.2.3+ds-1 (bug #1068820) [bookworm] - qemu (Minor issue) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211 NOTE: https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org/ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc (v9.0.0-rc3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca (v9.0.0-rc3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132 (v9.0.0-rc3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a (v8.2.3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 (v8.2.3) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/1b2a52712b249e14d246cd9c7db126088e6e64db (v8.2.3) CVE-2024-3281 (A vulnerability was discovered in the firmware builds after 8.0.2.3267 ...) NOT-FOR-US: HP CVE-2024-3267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-3266 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-3244 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-3214 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-3213 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-3208 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-3167 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-3136 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) NOT-FOR-US: WordPress plugin CVE-2024-3097 (The WordPress Gallery Plugin \u2013 NextGEN Gallery plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3093 REJECTED CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) NOT-FOR-US: WordPress plugin CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) NOT-FOR-US: Eclipse Kura LogServlet CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31867 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31866 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31865 (Improper Input Validation vulnerability in Apache Zeppelin. The attac ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31864 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31863 (Authentication Bypass by Spoofing vulnerability by replacing to exsiti ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31862 (Improper Input Validation vulnerability in Apache Zeppelin when creati ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31860 (Improper Input Validation vulnerability in Apache Zeppelin. By adding ...) NOT-FOR-US: Apache Zeppelin CVE-2024-31544 (A stored cross-site scripting (XSS) vulnerability in Computer Laborato ...) NOT-FOR-US: Computer Laboratory Management System CVE-2024-31507 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Online Graduate Tracer System CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Online Graduate Tracer System CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) NOT-FOR-US: FortiGuard CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: gin-vue-admin CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) NOT-FOR-US: Minder by Stacklok CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) NOT-FOR-US: PsiTransfer CVE-2024-31453 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) NOT-FOR-US: PsiTransfer CVE-2024-31370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31369 (Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad ...) NOT-FOR-US: WordPress plugin CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...) NOT-FOR-US: Contao CMS CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) NOT-FOR-US: Siemens CVE-2024-30190 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) NOT-FOR-US: Siemens CVE-2024-30189 (A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1 ...) NOT-FOR-US: Siemens CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-2957 REJECTED CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2024-2918 (Improper input validation in PAM JIT elevation feature in Devolutions ...) NOT-FOR-US: Devolutions CVE-2024-2871 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2024-2866 REJECTED CVE-2024-2847 (The WordPress File Upload plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-2845 (The BetterDocs \u2013 Best Documentation, FAQ & Knowledge Base Plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-2804 (The Network Summary plugin for WordPress is vulnerable to SQL Injectio ...) NOT-FOR-US: WordPress plugin CVE-2024-2792 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-2789 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2788 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2787 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2786 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2783 (The GamiPress \u2013 The #1 gamification plugin to reward points, achi ...) NOT-FOR-US: WordPress plugin CVE-2024-2738 (The Permalink Manager Lite and Pro plugins for WordPress are vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-2693 (The Link Whisper Free plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2024-2654 (The File Manager plugin for WordPress is vulnerable to Directory Trave ...) NOT-FOR-US: WordPress plugin CVE-2024-2650 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-2623 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-2543 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-2536 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...) NOT-FOR-US: WordPress plugin CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress theme CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection via the ' ...) NOT-FOR-US: WordPress theme CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) NOT-FOR-US: WordPress theme CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) NOT-FOR-US: WordPress plugin CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) NOT-FOR-US: WordPress plugin CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive Information E ...) NOT-FOR-US: WordPress theme CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress theme CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-2305 (The Cards for Beaver Builder plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-2302 (The Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions ( ...) NOT-FOR-US: WordPress plugin CVE-2024-2289 (The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-2287 (The Knight Lab Timeline plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2024-2261 (The Event Tickets and Registration plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2226 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-2224 (Improper Limitation of a Pathname to a Restricted Directory (\u2018Pat ...) NOT-FOR-US: Bitdefender CVE-2024-2223 (An Incorrect Regular Expression vulnerability in Bitdefender GravityZo ...) NOT-FOR-US: Bitdefender CVE-2024-2222 (The Advanced Classifieds & Directory Pro plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-2200 (The Contact Form by BestWebSoft plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2198 (The Contact Form by BestWebSoft plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2187 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2186 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2185 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2183 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2181 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2165 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2138 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-2125 (The Env\xedaloSimple: Email Marketing y Newsletters plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-2117 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) NOT-FOR-US: WordPress plugin CVE-2024-2112 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) NOT-FOR-US: WordPress plugin CVE-2024-2093 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2081 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-2039 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2033 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29990 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) NOT-FOR-US: Microsoft CVE-2024-29989 (Azure Monitor Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29988 (SmartScreen Prompt Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29985 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29984 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29983 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29982 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29905 (DIRAC is an interware, meaning a software framework for distributed co ...) NOT-FOR-US: DIRAC CVE-2024-29066 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-29064 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29063 (Azure AI Search Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29062 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29061 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29056 (Windows Authentication Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29055 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29054 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29053 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29052 (Windows Storage Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29050 (Windows Cryptographic Services Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29048 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29047 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29046 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29045 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29044 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-29043 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28945 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28944 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28943 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28942 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28941 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28940 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28939 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28938 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28937 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28936 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28935 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28934 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28933 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28932 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28931 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28930 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28929 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-28927 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28926 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28925 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28924 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28923 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28922 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28921 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28920 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28919 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28917 (Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Priv ...) NOT-FOR-US: Microsoft CVE-2024-28915 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28914 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28913 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28912 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28911 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28910 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28909 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28908 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28907 (Microsoft Brokering File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28906 (Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-28905 (Microsoft Brokering File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28904 (Microsoft Brokering File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28903 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28902 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-28901 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-28900 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-28898 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28897 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28896 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28235 (Contao is an open source content management system. Starting in versio ...) NOT-FOR-US: Contao CMS CVE-2024-28234 (Contao is an open source content management system. Starting in versio ...) NOT-FOR-US: Contao CMS CVE-2024-28191 (Contao is an open source content management system. Starting in versio ...) NOT-FOR-US: Contao CMS CVE-2024-28190 (Contao is an open source content management system. Starting in versio ...) NOT-FOR-US: Contao CMS CVE-2024-27665 (Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XS ...) NOT-FOR-US: Unifiedtransform CVE-2024-27247 (Improper privilege management in the installer for Zoom Desktop Client ...) NOT-FOR-US: Zoom CVE-2024-27242 (Cross site scripting in Zoom Desktop Client for Linux before version 5 ...) NOT-FOR-US: Zoom CVE-2024-26277 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-26276 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) TODO: check CVE-2024-26255 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26254 (Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26253 (Windows rndismp6.sys Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26252 (Windows rndismp6.sys Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26251 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26250 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26248 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26245 (Windows SMB Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26244 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26243 (Windows USB Print Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26242 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26241 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26240 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26239 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26237 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26236 (Windows Update Stack Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26235 (Windows Update Stack Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26234 (Proxy Driver Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26233 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26232 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26231 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26230 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26229 (Windows CSC Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26228 (Windows Cryptographic Services Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26227 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26226 (Windows Distributed File System (DFS) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2024-26224 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26223 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26222 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26221 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26220 (Windows Mobile Hotspot Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26219 (HTTP.sys Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26218 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26217 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26216 (Windows File Server Resource Management Service Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2024-26215 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26214 (Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-26213 (Microsoft Brokering File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26212 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26211 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26210 (Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26209 (Microsoft Local Security Authority Subsystem Service Information Discl ...) NOT-FOR-US: Microsoft CVE-2024-26208 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26207 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26205 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2024-26202 (DHCP Server Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26200 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2024-26195 (DHCP Server Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26194 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26193 (Azure Migrate Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26189 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26183 (Windows Kerberos Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26180 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26179 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2024-26175 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26172 (Windows DWM Core Library Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26171 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26168 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26158 (Microsoft Install Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-25116 (RedisBloom adds a set of probabilistic data structures to Redis. Start ...) NOT-FOR-US: RedisBloom CVE-2024-25115 (RedisBloom adds a set of probabilistic data structures to Redis. Start ...) NOT-FOR-US: RedisBloom CVE-2024-24694 (Improper privilege management in the installer for Zoom Desktop Client ...) NOT-FOR-US: Zoom CVE-2024-24576 (Rust is a programming language. The Rust Security Response WG was noti ...) - rustc (Only affects rustc on Windows) NOTE: https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh CVE-2024-24245 (An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fi ...) NOT-FOR-US: Canimaan Software LTD ClamXAV CVE-2024-23671 (A improper limitation of a pathname to a restricted directory ('path t ...) NOT-FOR-US: FortiGuard CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...) NOT-FOR-US: FortiGuard CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...) - yt-dlp (Windows-specific) NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/ff07792676f404ffff6ee61b5638c9dc1a33a37a (2024.04.09) NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09 NOTE: Issue exists because of incomplete fix to address CVE-2023-40581 CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2024-21447 (Windows Authentication Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21424 (Azure Compute Gallery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21409 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft .NET CVE-2024-21324 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21323 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21322 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20693 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20689 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20688 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20685 (Azure Private 5G Core Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20678 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20670 (Outlook for Windows Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) NOT-FOR-US: WordPress plugin CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) NOT-FOR-US: WordPress plugin CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress theme CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WordPress plugin CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...) NOT-FOR-US: WordPress plugin CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...) NOT-FOR-US: WordPress plugin CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...) NOT-FOR-US: WordPress plugin CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...) NOT-FOR-US: WordPress plugin CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...) NOT-FOR-US: WordPress theme CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1463 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-1461 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1458 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1424 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1412 (The Memberpress plugin for WordPress is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-1387 (The Happy Addons for Elementor plugin for WordPress is vulnerable to u ...) NOT-FOR-US: WordPress plugin CVE-2024-1352 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1315 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1308 (The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-1289 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-0952 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0899 (The s2Member \u2013 Best Membership Plugin for All Kinds of Membership ...) NOT-FOR-US: WordPress plugin CVE-2024-0873 (The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-0872 (The Watu Quiz plugin for WordPress is vulnerable to Sensitive Informat ...) NOT-FOR-US: WordPress plugin CVE-2024-0826 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-0662 (The FancyBox for WordPress plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0626 (The WooCommerce Clover Payment Gateway plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-0598 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2024-0588 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) NOT-FOR-US: WordPress plugin CVE-2024-0376 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-7046 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS ...) NOT-FOR-US: WordPress plugin CVE-2023-6999 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2023-6993 (The Custom post types, Custom Fields & more plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2023-6967 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2023-6965 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2023-6964 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2023-6799 (The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2023-6777 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-6695 (The Beaver Themer plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: WordPress plugin CVE-2023-6694 (The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-6486 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-6320 (A command injection vulnerability exists in the com.webos.service.conn ...) NOT-FOR-US: Bitdefender CVE-2023-6319 (A command injection vulnerability exists in the getAudioMetadatamethod ...) NOT-FOR-US: Bitdefender CVE-2023-6318 (A command injection vulnerability exists in the processAnalyticsReport ...) NOT-FOR-US: Bitdefender CVE-2023-6317 (A prompt bypass exists in the secondscreen.gateway service running on ...) NOT-FOR-US: Bitdefender CVE-2023-50821 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All version ...) NOT-FOR-US: Siemens CVE-2023-49913 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49912 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49911 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49910 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49909 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49908 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49907 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49906 (A stack-based buffer overflow vulnerability exists in the web interfac ...) NOT-FOR-US: Tp-Link CVE-2023-49134 (A command execution vulnerability exists in the tddpd enable_test_mode ...) NOT-FOR-US: Tp-Link CVE-2023-49133 (A command execution vulnerability exists in the tddpd enable_test_mode ...) NOT-FOR-US: Tp-Link CVE-2023-49074 (A denial of service vulnerability exists in the TDDP functionality of ...) NOT-FOR-US: Tp-Link CVE-2023-48784 (Ause of externally-controlled format string vulnerability [CWE-134] in ...) NOT-FOR-US: FortiGuard CVE-2023-48724 (A memory corruption vulnerability exists in the web interface function ...) NOT-FOR-US: Tp-Link CVE-2023-47542 (A improper neutralization of special elements used in a template engin ...) NOT-FOR-US: FortiGuard CVE-2023-47541 (An improper limitation of a pathname to a restricted directory ('path ...) NOT-FOR-US: FortiGuard CVE-2023-47540 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: FortiGuard CVE-2023-45590 (An improper control of generation of code ('code injection') in Fortin ...) NOT-FOR-US: FortiGuard CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7 ...) NOT-FOR-US: FortiGuard CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...) NOT-FOR-US: WordPress plugin CVE-2024-2201 [Native Branch History Injection] {DSA-5658-1} - linux - xen [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://vusec.net/projects/native-bhi NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf NOTE: https://xenbits.xen.org/xsa/advisory-456.html CVE-2024-31142 [x86: Incorrect logic for BTC/SRSO mitigations] - xen [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-455.html CVE-2024-3466 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3465 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder (PTB) ...) NOT-FOR-US: WordPress plugin CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...) - openexr (bug #1068939) [bookworm] - openexr (Minor issue) [bullseye] - openexr (Minor issue) [buster] - openexr (exrmultipart not installed in the Debian package before 2.5.0-1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30684 (An insecure logging vulnerability has been identified within ROS2 Iron ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30683 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30681 (An OS command injection vulnerability has been discovered in ROS2 Iron ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30680 (Shell injection vulnerability was discovered in ROS2 (Robot Operating ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30679 (An issue was discovered in the default configurations of ROS2 Iron Irw ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30678 (An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30676 (A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini ver ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30218 (The ABAP Application Server of SAP NetWeaver as well as ABAP Platforma ...) NOT-FOR-US: SAP CVE-2024-30217 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) NOT-FOR-US: SAP CVE-2024-30216 (Cash Management in SAP S/4 HANA does not perform necessary authorizati ...) NOT-FOR-US: SAP CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to load ex ...) NOT-FOR-US: SAP CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...) NOT-FOR-US: SAP CVE-2024-2975 (A race condition was identified through which privilege escalation was ...) NOT-FOR-US: Octopus Server CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...) NOT-FOR-US: SAP CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...) NOT-FOR-US: SAP CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...) NOT-FOR-US: SAP CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...) NOT-FOR-US: GNU Savane CVE-2024-27631 (Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and befo ...) NOT-FOR-US: GNU Savane CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and befor ...) NOT-FOR-US: GNU Savane CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...) NOT-FOR-US: SAP CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) NOT-FOR-US: HCL CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) NOT-FOR-US: Disputed Apfloat issue CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) NOT-FOR-US: ThreeTen Backport CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) NOT-FOR-US: Disputed JGraphT issue CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) NOT-FOR-US: Disputed JFreeChart issue CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) NOT-FOR-US: JBoss EAP CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX CVE-2024-25743 - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html CVE-2024-25742 - linux NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry Management Sy ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3457 (A vulnerability classified as critical has been found in Netentsec NS- ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System ...) NOT-FOR-US: SourceCodester Laundry Management System CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It ...) NOT-FOR-US: Wangshen SecGate 3600 CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) NOT-FOR-US: TOTOLINK CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) NOT-FOR-US: TOTOLINK CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the c ...) NOT-FOR-US: TOTOLINK CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login ...) NOT-FOR-US: TOTOLINK CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authenticati ...) NOT-FOR-US: TOTOLINK CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...) NOT-FOR-US: TOTOLINK CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) NOT-FOR-US: TOTOLINK CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) NOT-FOR-US: TOTOLINK CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) NOT-FOR-US: TOTOLINK CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...) NOT-FOR-US: TOTOLINK CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Deni ...) NOT-FOR-US: TOTOLINK CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Te ...) NOT-FOR-US: TOTOLINK CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony Framework and ...) NOT-FOR-US: Shopware CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In al ...) NOT-FOR-US: Redon Hub CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.T ...) NOT-FOR-US: WordPress plugin CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31224 (GPT Academic provides interactive interfaces for large language models ...) NOT-FOR-US: GPT Academic CVE-2024-31221 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) NOT-FOR-US: Sunshine CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and prior ...) NOT-FOR-US: Saleor CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...) NOT-FOR-US: DataEase CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) NOT-FOR-US: OpenText CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...) NOT-FOR-US: Faucet SDN Ryu CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...) NOT-FOR-US: web-flash CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...) NOT-FOR-US: Ollama CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...) NOT-FOR-US: Unify CP IP Phone firmware CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...) NOT-FOR-US: Huawei CVE-2024-27896 (Input verification vulnerability in the log module. Impact: Successful ...) NOT-FOR-US: Huawei CVE-2024-27895 (Vulnerability of permission control in the window module. Successful e ...) NOT-FOR-US: Huawei CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 al ...) NOT-FOR-US: Wondershare Filmora CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint ...) NOT-FOR-US: secdiskapp CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...) NOT-FOR-US: Open-Xchange CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...) NOT-FOR-US: Open-Xchange CVE-2024-23190 (Upsell shop information of an account can be manipulated to execute sc ...) NOT-FOR-US: Open-Xchange CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...) NOT-FOR-US: Open-Xchange CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...) NOT-FOR-US: Disputed Apfloat issue CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...) NOT-FOR-US: Disputed Apfloat issue CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...) NOT-FOR-US: ThreeTen Backport CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) NOT-FOR-US: Disputed JGraphT issue CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...) NOT-FOR-US: WordPress plugin CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...) NOT-FOR-US: Huawei CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: Successful e ...) NOT-FOR-US: Huawei CVE-2023-52552 (Input verification vulnerability in the power module. Impact: Successf ...) NOT-FOR-US: Huawei CVE-2023-52551 (Vulnerability of data verification errors in the kernel module. Impact ...) NOT-FOR-US: Huawei CVE-2023-52550 (Vulnerability of data verification errors in the kernel module. Impact ...) NOT-FOR-US: Huawei CVE-2023-52549 (Vulnerability of data verification errors in the kernel module. Impact ...) NOT-FOR-US: Huawei CVE-2023-52546 (Vulnerability of package name verification being bypassed in the Calen ...) NOT-FOR-US: Huawei CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. Impact: Su ...) NOT-FOR-US: Huawei CVE-2023-52544 (Vulnerability of file path verification being bypassed in the email mo ...) NOT-FOR-US: Huawei CVE-2023-52543 (Permission verification vulnerability in the system module. Impact: Su ...) NOT-FOR-US: Huawei CVE-2023-52542 (Permission verification vulnerability in the system module. Impact: Su ...) NOT-FOR-US: Huawei CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. Impact: S ...) NOT-FOR-US: Huawei CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. Impact: ...) NOT-FOR-US: Huawei CVE-2023-52539 (Permission verification vulnerability in the Settings module. Impact: ...) NOT-FOR-US: Huawei CVE-2023-52538 (Vulnerability of package name verification being bypassed in the HwIms ...) NOT-FOR-US: Huawei CVE-2023-52537 (Vulnerability of package name verification being bypassed in the HwIms ...) NOT-FOR-US: Huawei CVE-2023-52388 (Permission control vulnerability in the clock module. Impact: Successf ...) NOT-FOR-US: Huawei CVE-2023-52386 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...) NOT-FOR-US: Huawei CVE-2023-52385 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...) NOT-FOR-US: Huawei CVE-2023-52364 (Vulnerability of input parameters being not strictly verified in the R ...) NOT-FOR-US: Huawei CVE-2023-52359 (Vulnerability of permission verification in some APIs in the ActivityT ...) NOT-FOR-US: Huawei CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and c ...) NOT-FOR-US: WordPress plugin CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has ...) NOT-FOR-US: WordPress plugin CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved: k ...) {DSA-5658-1} - linux NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3) CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...) [experimental] - openssl 3.3.0-1 - openssl (bug #1068658) [bookworm] - openssl (Minor issue, fix along with next update round) [bullseye] - openssl (Minor issue, fix along with next update round) [buster] - openssl (Minor issue, fix along with next update round) NOTE: https://www.openssl.org/news/secadv/20240408.txt NOTE: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 (openssl-3.2.y) NOTE: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce (openssl-3.1.y) NOTE: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d (openssl-3.0.y) CVE-2024-3437 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3436 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2024-3434 (A vulnerability classified as critical was found in CP Plus Wi-Fi Came ...) NOT-FOR-US: CP Plus Wi-Fi Camera CVE-2024-3433 (A vulnerability classified as problematic has been found in PuneethRed ...) NOT-FOR-US: PuneethReddyHC Event Management CVE-2024-3432 (A vulnerability was found in PuneethReddyHC Event Management 1.0. It h ...) NOT-FOR-US: PuneethReddyHC Event Management CVE-2024-3431 (A vulnerability was found in EyouCMS 1.6.5. It has been declared as cr ...) NOT-FOR-US: EyouCMS CVE-2024-3430 (A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been ...) NOT-FOR-US: QKSMS CVE-2024-31951 (In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, ...) - frr [bullseye] - frr (Vulnerable code not present) [buster] - frr (Vulnerable code not present) NOTE: https://github.com/FRRouting/frr/pull/15674/ NOTE: Proposed fix: https://github.com/FRRouting/frr/pull/15674/commits/344fb4be2bc27316c74b17003c05ea40be395836 NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0) CVE-2024-31950 (In FRRouting (FRR) through 9.1, there can be a buffer overflow and dae ...) - frr [bullseye] - frr (Vulnerable code not present) [buster] - frr (Vulnerable code not present) NOTE: https://github.com/FRRouting/frr/pull/15674/ NOTE: Proposed fix: https://github.com/FRRouting/frr/pull/15674/commits/6b84541df71772f697a7f9e6b2aaf72536aab775 NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0) CVE-2024-31949 (In FRRouting (FRR) through 9.1, an infinite loop can occur when receiv ...) {DLA-3797-1} - frr NOTE: https://github.com/FRRouting/frr/pull/15640 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30a332dad86fafd2b0b6c61d23de59ed969a219b CVE-2024-31948 (In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix S ...) {DLA-3797-1} - frr NOTE: https://github.com/FRRouting/frr/pull/15628 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ba6a8f1a31e1a88df2de69ea46068e8bd9b97138 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/babb23b74855e23c987a63f8256d24e28c044d07 CVE-2024-31022 (An issue was discovered in CandyCMS version 1.0.0, allows remote attac ...) NOT-FOR-US: CandyCMS CVE-2024-30675 (Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_V ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30674 (Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION i ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30672 (Arbitrary file upload vulnerability in ROS (Robot Operating System) Me ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30667 (Insecure deserialization vulnerability in ROS (Robot Operating System) ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30666 (A buffer overflow vulnerability has been discovered in the C++ compone ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30665 (An OS command injection vulnerability has been discovered in ROS (Robo ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30663 (An issue was discovered in the default configurations of ROS (Robot Op ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30662 (An issue was discovered in ROS (Robot Operating System) Melodic Moreni ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30661 (An unauthorized access vulnerability has been discovered in ROS Melodi ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30659 (Shell Injection vulnerability in ROS (Robot Operating System) Melodic ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-28744 (The password is empty in the initial configuration of ACERA 9010-08 fi ...) NOT-FOR-US: ACERA CVE-2024-27488 (Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 thro ...) NOT-FOR-US: ZLMediaKit CVE-2024-23658 (In camera driver, there is a possible use after free due to a logic er ...) NOT-FOR-US: Unisoc CVE-2024-1958 (The WPB Show Core WordPress plugin before 2.7 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2024-1956 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2024-1752 (The Font Farsi WordPress plugin through 1.6.6 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2024-1589 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) NOT-FOR-US: WordPress plugin CVE-2024-1588 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not ...) NOT-FOR-US: WordPress plugin CVE-2024-1292 (The WPB Show Core WordPress plugin before 2.7 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-52536 (In faceid service, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-52535 (In vsp driver, there is a possible missing verification incorrect inpu ...) NOT-FOR-US: Unisoc CVE-2023-52534 (In ngmm, there is a possible undefined behavior due to incorrect error ...) NOT-FOR-US: Unisoc CVE-2023-52533 (In modem-ps-nas-ngmm, there is a possible undefined behavior due to in ...) NOT-FOR-US: Unisoc CVE-2023-52352 (In Network Adapter Service, there is a possible missing permission che ...) NOT-FOR-US: Unisoc CVE-2023-52351 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-52350 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-52349 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-52348 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-52347 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-52346 (In modem driver, there is a possible system crash due to improper inpu ...) NOT-FOR-US: Unisoc CVE-2023-52345 (In modem driver, there is a possible system crash due to improper inpu ...) NOT-FOR-US: Unisoc CVE-2023-52344 (In modem-ps-nas-ngmm, there is a possible undefined behavior due to in ...) NOT-FOR-US: Unisoc CVE-2023-52343 (In SecurityCommand message after as security has been actived., there ...) NOT-FOR-US: Unisoc CVE-2023-52342 (In modem-ps-nas-ngmm, there is a possible undefined behavior due to in ...) NOT-FOR-US: Unisoc CVE-2023-52341 (In Plaintext COUNTER CHECK message accepted before AS security activat ...) NOT-FOR-US: Unisoc CVE-2021-47208 (The Mojolicious module before 9.11 for Perl has a bug in format detect ...) - libmojolicious-perl 9.21+dfsg-1 [bullseye] - libmojolicious-perl (Minor issue) NOTE: https://github.com/mojolicious/mojo/issues/1736 NOTE: https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c (v9.11) CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to secure_co ...) - libmojolicious-perl 8.65+dfsg-1 NOTE: https://github.com/mojolicious/mojo/pull/1601 (v8.65) NOTE: https://github.com/mojolicious/mojo/issues/1599 CVE-2024-3428 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3427 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3426 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3425 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3424 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3423 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3422 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3421 (A vulnerability was found in SourceCodester Online Courseware 1.0. It ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3420 (A vulnerability was found in SourceCodester Online Courseware 1.0 and ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3419 (A vulnerability has been found in SourceCodester Online Courseware 1.0 ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3418 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-31349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31346 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31345 (Unrestricted Upload of File with Dangerous Type vulnerability in Sukhc ...) NOT-FOR-US: WordPress plugin CVE-2024-31344 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31308 (Deserialization of Untrusted Data vulnerability in VJInfotech WP Impor ...) NOT-FOR-US: WordPress plugin CVE-2024-31306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31296 (Authorization Bypass Through User-Controlled Key vulnerability in Repu ...) NOT-FOR-US: WordPress plugin CVE-2024-31292 (Unrestricted Upload of File with Dangerous Type vulnerability in Moove ...) NOT-FOR-US: WordPress plugin CVE-2024-31291 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) NOT-FOR-US: WordPress plugin CVE-2024-31288 (Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoa ...) NOT-FOR-US: WordPress plugin CVE-2024-31286 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) NOT-FOR-US: WordPress plugin CVE-2024-31280 (Unrestricted Upload of File with Dangerous Type vulnerability in Andy ...) NOT-FOR-US: WordPress plugin CVE-2024-31277 (Deserialization of Untrusted Data vulnerability in PickPlugins Product ...) NOT-FOR-US: WordPress plugin CVE-2024-31260 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31258 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31257 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31256 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31255 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31236 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31234 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31233 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30418 (Vulnerability of insufficient permission verification in the app manag ...) NOT-FOR-US: Huawei CVE-2024-30417 (Path traversal vulnerability in the Bluetooth-based sharing module. Im ...) NOT-FOR-US: Huawei CVE-2024-30416 (Use After Free (UAF) vulnerability in the underlying driver module. Im ...) NOT-FOR-US: Huawei CVE-2024-22155 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-52717 (Permission verification vulnerability in the lock screen module. Impac ...) NOT-FOR-US: Huawei CVE-2023-52716 (Vulnerability of starting activities in the background in the Activity ...) NOT-FOR-US: Huawei CVE-2023-52715 (The SystemUI module has a vulnerability in permission management. Impa ...) NOT-FOR-US: Huawei CVE-2023-52714 (Vulnerability of defects introduced in the design process in the hwnff ...) NOT-FOR-US: Huawei CVE-2023-52713 (Vulnerability of improper permission control in the window management ...) NOT-FOR-US: Huawei CVE-2023-52382 REJECTED CVE-2021-4438 (A vulnerability, which was classified as critical, has been found in k ...) NOT-FOR-US: react-native-sms-user-consent CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Courseware CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-30415 (Vulnerability of improper permission control in the window management ...) NOT-FOR-US: Huawei CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact: ...) NOT-FOR-US: Huawei CVE-2024-30413 (Vulnerability of improper permission control in the window management ...) NOT-FOR-US: Huawei CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...) NOT-FOR-US: SourceCodester Human Resource Information System CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1 ...) NOT-FOR-US: iboss Secure Web Gateway CVE-2024-3377 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3376 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3369 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Car Rental CVE-2024-3366 (A vulnerability classified as problematic was found in Xuxueli xxl-job ...) NOT-FOR-US: XXL-Job CVE-2024-3365 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3364 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3363 (A vulnerability was found in SourceCodester Online Library System 1.0. ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-2296 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-2132 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-28741 (Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 a ...) NOT-FOR-US: EginDemirbilek NorthStar CVE-2024-27620 (An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to o ...) NOT-FOR-US: Ladder CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows s ...) NOT-FOR-US: IBM CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2024-XXXX [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - rust-h2 0.4.4-1 [bookworm] - rust-h2 (Minor issue) [buster] - rust-h2 (Minor issue, CPU DoS) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html NOTE: https://github.com/advisories/GHSA-q6cp-qfwq-4gcv CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3360 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3359 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3358 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3357 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3356 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3355 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3245 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-3216 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) NOT-FOR-US: WordPress plugin CVE-2024-30977 (An issue in Secnet Security Network Intelligent AC Management System v ...) NOT-FOR-US: Secnet Security Network Intelligent AC Management System CVE-2024-2950 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-2949 (The Carousel, Slider, Gallery by WP Carousel \u2013 Image Carousel & P ...) NOT-FOR-US: WordPress plugin CVE-2024-2656 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) NOT-FOR-US: WordPress plugin CVE-2024-2471 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-2458 (The Powerkit \u2013 Supercharge your WordPress Site plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-2444 (The Inline Related Posts WordPress plugin before 3.5.0 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2024-27912 (A denial of service vulnerability was reported in some Lenovo Printers ...) NOT-FOR-US: Lenovo CVE-2024-27911 (A vulnerability was reported in some Lenovo Printers that could allow ...) NOT-FOR-US: Lenovo CVE-2024-27910 (A vulnerability was reported in some Lenovo Printers that could allow ...) NOT-FOR-US: Lenovo CVE-2024-27909 (A denial of service vulnerability was reported in the HTTPS service of ...) NOT-FOR-US: Lenovo CVE-2024-27908 (A buffer overflow vulnerability was reported in the HTTPS service of s ...) NOT-FOR-US: Lenovo CVE-2024-23592 (An authentication bypass vulnerability was reported in Lenovo devices ...) NOT-FOR-US: Lenovo CVE-2024-21506 (Versions of the package pymongo before 4.6.3 are vulnerable to Out-of- ...) - pymongo (bug #1069581) [bookworm] - pymongo (Minor issue) [bullseye] - pymongo (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-PYMONGO-6370597 NOTE: https://gist.github.com/keltecc/62a7c2bf74a997d0a7b48a0ff3853a03 CVE-2024-1994 (The Image Watermark plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1428 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) NOT-FOR-US: WordPress plugin CVE-2024-1385 (The WP-Stateless \u2013 Google Cloud Storage plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-0837 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) NOT-FOR-US: WordPress plugin CVE-2023-5912 (A potential memory leakage vulnerability was reported in some Lenovo N ...) NOT-FOR-US: Lenovo CVE-2023-4605 (A valid authenticated Lenovo XClarity Administrator (LXCA) user can po ...) NOT-FOR-US: Lenovo CVE-2024-3354 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3353 (A vulnerability was found in SourceCodester Aplaya Beach Resort Online ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3352 (A vulnerability has been found in SourceCodester Aplaya Beach Resort O ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3351 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3350 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3349 (A vulnerability classified as critical was found in SourceCodester Apl ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3348 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Aplaya Beach Resort Online Reservation System CVE-2024-3347 (A vulnerability was found in SourceCodester Airline Ticket Reservation ...) NOT-FOR-US: SourceCodester Airline Ticket Reservation System CVE-2024-3346 (A vulnerability was found in Byzoro Smart S80 up to 20240328. It has b ...) NOT-FOR-US: Byzro Smart S80 CVE-2024-31852 (LLVM before 18.1.3 generates code in which the LR register can be over ...) - llvm-toolchain-14 (bug #1070384) [bookworm] - llvm-toolchain-14 (Minor issue) - llvm-toolchain-15 (bug #1070383) [bookworm] - llvm-toolchain-15 (Minor issue) - llvm-toolchain-16 (bug #1070382) [bookworm] - llvm-toolchain-16 (Minor issue) [bullseye] - llvm-toolchain-16 (Minor issue) - llvm-toolchain-17 (bug #1070381) - llvm-toolchain-18 (bug #1070380) NOTE: https://github.com/llvm/llvm-project/issues/80287 NOTE: https://bugs.chromium.org/p/llvm/issues/detail?id=69 NOTE: https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2 CVE-2024-31851 (A path traversal vulnerability exists in the Java version of CData Syn ...) NOT-FOR-US: CData CVE-2024-31850 (A path traversal vulnerability exists in the Java version of CData Arc ...) NOT-FOR-US: CData CVE-2024-31849 (A path traversal vulnerability exists in the Java version of CData Con ...) NOT-FOR-US: CData CVE-2024-31848 (A path traversal vulnerability exists in the Java version of CData API ...) NOT-FOR-US: CData CVE-2024-31220 (Sunshine is a self-hosted game stream host for Moonlight. Starting in ...) NOT-FOR-US: Sunshine CVE-2024-31218 (Webhood is a self-hosted URL scanner used analyzing phishing and malic ...) NOT-FOR-US: Webhood CVE-2024-31213 (InstantCMS is a free and open source content management system. An ope ...) NOT-FOR-US: InstantCMS CVE-2024-2499 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-2447 (Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x bef ...) - mattermost-server (bug #823556) CVE-2024-2380 (Stored XSS in graph rendering in Checkmk <2.3.0b4.) - check-mk CVE-2024-2312 (GRUB2 does not call the module fini functions on exit, leading to Debi ...) - grub2 2.12-2 [bookworm] - grub2 (Vulnerable code not present) [bullseye] - grub2 (Vulnerable code not present) [buster] - grub2 (Vulnerable code not present) NOTE: https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127 CVE-2024-29783 (In tmu_get_tr_thresholds, there is a possible out of bounds read due t ...) NOT-FOR-US: Android CVE-2024-29782 (In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2024-29757 (there is a possible permission bypass due to Debug certs being allowli ...) NOT-FOR-US: Android CVE-2024-29756 (In afe_callback of q6afe.c, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2024-29755 (In tmu_get_pi of tmu.c, there is a possible out of bounds read due to ...) NOT-FOR-US: Android CVE-2024-29754 (In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a ...) NOT-FOR-US: Android CVE-2024-29753 (In tmu_set_control_temp_step of tmu.c, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2024-29752 (In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2024-29751 (In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB R ...) NOT-FOR-US: Android CVE-2024-29750 (In km_exp_did_inner of kmv.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-29749 (In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2024-29748 (there is a possible way to bypass due to a logic error in the code. T ...) NOT-FOR-US: Android CVE-2024-29747 (In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2024-29746 (In lpm_req_handler of lpm.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2024-29745 (there is a possible Information Disclosure due to uninitialized data. ...) NOT-FOR-US: Android CVE-2024-29744 (In tmu_get_gov_time_windows, there is a possible out of bounds read du ...) NOT-FOR-US: Android CVE-2024-29743 (In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2024-29742 (In apply_minlock_constraint of dvfs.c, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2024-29741 (In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass du ...) NOT-FOR-US: Android CVE-2024-29740 (In tmu_set_table of tmu.c, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2024-29739 (In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-29738 (In gov_init, there is a possible out of bounds read due to a missing b ...) NOT-FOR-US: Android CVE-2024-29221 (Improper Access Control in Mattermost Server versions 9.5.x before 9.5 ...) - mattermost-server (bug #823556) CVE-2024-28949 (Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3 ...) - mattermost-server (bug #823556) CVE-2024-28065 (In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and co ...) NOT-FOR-US: Unify CP IP Phone firmware CVE-2024-27232 (In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read d ...) NOT-FOR-US: Android CVE-2024-27231 (In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-22004 (Due to length check, an attacker with privilege access on a Linux Nons ...) NOT-FOR-US: Google Nest CVE-2024-21848 (Improper Access Control in Mattermost Server versions 8.1.x before 8.1 ...) - mattermost-server (bug #823556) CVE-2024-0081 (NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr ...) NOT-FOR-US: NVIDIA NeMo framework CVE-2024-0080 (NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability w ...) NOT-FOR-US: NVIDIA nvTIFF Library CVE-2024-0076 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - nvidia-cuda-toolkit (bug #1070177) [bookworm] - nvidia-cuda-toolkit (Non-free not supported) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 CVE-2024-0072 (NVIDIA CUDA toolkit for all platforms contains a vulnerability in cuob ...) - nvidia-cuda-toolkit (bug #1070177) [bookworm] - nvidia-cuda-toolkit (Non-free not supported) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5517 CVE-2023-6523 (Authorization Bypass Through User-Controlled Key vulnerability in Extr ...) NOT-FOR-US: ExtremePacs Extreme XDS CVE-2023-6522 (Improper Privilege Management vulnerability in ExtremePacs Extreme XDS ...) NOT-FOR-US: ExtremePacs Extreme XDS CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure in vers ...) - wordpress 6.5+dfsg1-1 NOTE: https://core.trac.wordpress.org/changeset/57645 CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ...) NOT-FOR-US: SpaceX Starlink Wi-Fi router CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved: v ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1) CVE-2024-26814 (In the Linux kernel, the following vulnerability has been resolved: v ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1) CVE-2024-26813 (In the Linux kernel, the following vulnerability has been resolved: v ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1) CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolved: v ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1) CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved: v ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1) CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) NOT-FOR-US: Apache NimBLE CVE-2024-3321 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester eLearning System CVE-2024-3320 (A vulnerability was found in SourceCodester eLearning System 1.0. It h ...) NOT-FOR-US: SourceCodester eLearning System CVE-2024-3316 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3315 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3314 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been de ...) NOT-FOR-US: Dreamer CMS CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WordPress plugin CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, wh ...) - yubikey-manager-qt (Only affects ykman-gui on Windows) NOTE: https://www.yubico.com/support/security-advisories/ysa-2024-01/ CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) NOT-FOR-US: InstantCMS CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...) {DSA-5685-1} - wordpress 6.4.3+dfsg1-1 [buster] - wordpress 5.0.21+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...) NOT-FOR-US: Node dectalk-tts CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...) NOT-FOR-US: mailcow CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) NOT-FOR-US: Tenda CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...) NOT-FOR-US: Sourcecodester CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...) NOT-FOR-US: mailcow CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...) NOT-FOR-US: Typebot CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 ...) NOT-FOR-US: WordPress plugin CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...) NOT-FOR-US: Qlikview CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...) NOT-FOR-US: zly2006 Reden CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...) NOT-FOR-US: Unifi CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...) NOT-FOR-US: MailDev 2 CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...) NOT-FOR-US: Chilkat CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...) NOT-FOR-US: SheetJS CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) NOT-FOR-US: Ivanti CVE-2023-5973 (Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...) NOT-FOR-US: Brocade CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish ...) NOT-FOR-US: SpaceX CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free ...) NOT-FOR-US: Solidworks CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...) NOT-FOR-US: Solidworks CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...) - request-tracker4 (bug #1068452) [bookworm] - request-tracker4 (Minor issue) [bullseye] - request-tracker4 (Minor issue) [buster] - request-tracker4 (Minor issue) - request-tracker5 (bug #1068453) [bookworm] - request-tracker5 (Minor issue) NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...) NOT-FOR-US: Canonical pebble CVE-2024-3116 (pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerabi ...) - pgadmin4 (bug #834129) CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for ...) NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...) NOT-FOR-US: oidcc CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...) NOT-FOR-US: vitejs CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...) NOT-FOR-US: SeaCMS CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime ...) NOT-FOR-US: wasmtime CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...) NOT-FOR-US: PDF Viewer Macro for XWiki CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...) - node-undici 5.28.4+dfsg1+~cs23.12.11-1 [bookworm] - node-undici (Minor issue) NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 NOTE: https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055 (v5.28.4) NOTE: https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3 (v6.11.1) NOTE: https://hackerone.com/reports/2377760 CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) - node-undici 5.28.4+dfsg1+~cs23.12.11-1 [bookworm] - node-undici (Minor issue) NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 NOTE: https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f (v5.28.4) NOTE: https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75 (v6.11.1) CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...) NOT-FOR-US: MesonLSP CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...) NOT-FOR-US: Livemarks CVE-2024-30250 (Astro-Shield is an integration to enhance website security with SubRes ...) NOT-FOR-US: Astro-Shield CVE-2024-30249 (Cloudburst Network provides network components used within Cloudburst ...) NOT-FOR-US: Cloudburst CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for PrestaShop ...) NOT-FOR-US: PrestaShop addon CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not correc ...) NOT-FOR-US: HashiCorp Vault CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...) NOT-FOR-US: projeqtor CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...) NOT-FOR-US: projeqtor CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) NOT-FOR-US: gotortc CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) NOT-FOR-US: gotortc CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...) NOT-FOR-US: gotortc CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...) - libhtp 1:0.5.47-1 [bookworm] - libhtp (Vulnerable code introduced in 0.5.46) [bullseye] - libhtp (Vulnerable code introduced in 0.5.46) [buster] - libhtp (Vulnerable code introduced in 0.5.46) NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg NOTE: Introduced by: https://github.com/OISF/libhtp/commit/bf618ec7f243cebfb0f7e84c3cb158955cb32b4d (0.5.46) NOTE: Fixed by: https://github.com/OISF/libhtp/commit/79e713f3e527593a45f545e854cd9e6fbb3cd3ed (0.5.47) NOTE: https://redmine.openinfosecfoundation.org/issues/6757 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...) NOT-FOR-US: IBM CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote a ...) NOT-FOR-US: INOTEC CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2024-25709 REJECTED CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...) NOT-FOR-US: Esri Portal CVE-2024-25706 REJECTED CVE-2024-25705 REJECTED CVE-2024-25704 REJECTED CVE-2024-25703 REJECTED CVE-2024-25700 REJECTED CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...) NOT-FOR-US: Esri Portal CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...) NOT-FOR-US: Esri Portal CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...) NOT-FOR-US: Esri Portal CVE-2024-25696 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...) NOT-FOR-US: Esri Portal CVE-2024-25695 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in ...) NOT-FOR-US: Esri Portal CVE-2024-25693 (There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. ...) NOT-FOR-US: Esri Portal CVE-2024-25692 (There is a cross-site-request forgery vulnerability in Esri Portal for ...) NOT-FOR-US: Esri Portal CVE-2024-25690 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...) NOT-FOR-US: Esri Portal CVE-2024-25007 (Ericsson Network Manager (ENM), versions prior to 23.1, contains a vul ...) NOT-FOR-US: Ericsson Network Manager CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...) - golang-github-lucas-clemente-quic-go [bookworm] - golang-github-lucas-clemente-quic-go (Minor issue) [bullseye] - golang-github-lucas-clemente-quic-go (Minor issue) NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 NOTE: https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a (v0.42.0) NOTE: https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management CVE-2024-22053 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...) NOT-FOR-US: Ivanti CVE-2024-22052 (A null pointer dereference vulnerability in IPSec component of Ivanti ...) NOT-FOR-US: Ivanti CVE-2024-22023 (An XML entity expansion or XEE vulnerability in SAML component of Ivan ...) NOT-FOR-US: Ivanti CVE-2024-20800 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-3454 (Remote code execution (RCE) vulnerability in Brocade Fabric OS after v ...) NOT-FOR-US: Brocade CVE-2023-36645 (SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote a ...) NOT-FOR-US: ITB-GmbH TradePro CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...) NOT-FOR-US: ITB-GmbH TradePro CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...) NOT-FOR-US: ITB-GmbH TradePro CVE-2024-26809 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (6.9-rc1) CVE-2024-26808 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/01acb2e8666a6529697141a6017edbf206921913 (6.8-rc2) CVE-2024-26807 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.9-1 NOTE: https://git.kernel.org/linus/32ce3bb57b6b402de2aec1012511e7ac4e7449dc (6.8-rc7) CVE-2024-26806 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/959043afe53ae80633e810416cee6076da6e91c6 (6.8-rc7) CVE-2024-26805 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd (6.8-rc7) CVE-2024-26804 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f (6.8-rc7) CVE-2024-26803 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fe9f801355f0b47668419f30f1fac1cf4539e736 (6.8-rc7) CVE-2024-26802 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8af411bbba1f457c33734795f024d0ef26d0963f (6.8-rc7) CVE-2024-26801 (In the Linux kernel, the following vulnerability has been resolved: B ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/2449007d3f73b2842c9734f45f0aadb522daf592 (6.8-rc7) CVE-2024-26800 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5658-1} - linux 6.7.9-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/13114dc5543069f7b97991e3b79937b6da05f5b0 (6.8-rc7) CVE-2024-26799 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 6.7.9-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1382d8b55129875b2e07c4d2a7ebc790183769ee (6.8-rc7) CVE-2024-26798 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f (6.8-rc7) CVE-2024-26797 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0f8ca019544a252d1afb468ce840c6dcbac73af4 (6.8-rc7) CVE-2024-26796 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/682dc133f83e0194796e6ea72eb642df1c03dfbe (6.8-rc7) CVE-2024-26795 (In the Linux kernel, the following vulnerability has been resolved: r ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a11dd49dcb9376776193e15641f84fcc1e5980c9 (6.8-rc7) CVE-2024-26794 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a1a4a9ca77f143c00fce69c1239887ff8b813bec (6.8-rc7) CVE-2024-26793 (In the Linux kernel, the following vulnerability has been resolved: g ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e (6.8-rc7) CVE-2024-26792 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e2b54eaf28df0c978626c9736b94f003b523b451 (6.8-rc7) CVE-2024-26791 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4 (6.8-rc7) CVE-2024-26790 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e (6.8-rc7) CVE-2024-26789 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c0cf6d19690141002889d72622b90fc01562ce4 (6.8-rc7) CVE-2024-26788 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/87a39071e0b639f45e05d296cc0538eef44ec0bd (6.8-rc7) CVE-2024-26787 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6b1ba3f9040be5efc4396d86c9752cdc564730be (6.8-rc7) CVE-2024-26786 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aeb004c0cd6958e910123a1607634401009c9539 (6.8-rc7) CVE-2024-26785 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cf7c2789822db8b5efa34f5ebcf1621bc0008d48 (6.8-rc7) CVE-2024-26784 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb5555d422d0fc325e1574a7353d3c616f82d8b5 (6.8-rc7) CVE-2024-26783 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.9-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2774f256e7c0219e2b0a0894af1c76bdabc4f974 (6.8-rc7) CVE-2024-26782 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/10048689def7e40a4405acda16fdc6477d4ecc5c (6.8-rc7) CVE-2024-26781 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d6a9608af9a75d13243d217f6ce1e30e57d56ffe (6.8-rc7) CVE-2024-26780 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/25236c91b5ab4a26a56ba2e79b8060cf4e047839 (6.8-rc5) CVE-2024-26750 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aa82ac51d63328714645c827775d64dbfd9941f3 (6.8-rc6) CVE-2024-26746 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3ea125df37dc37972d581b74a5d3785c3f283ab (6.8-rc7) CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7) CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...) {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) - uwsgi (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-24795 NOTE: https://github.com/apache/httpd/commit/a29723ce1af75eed0813c3717d3f6dee9b405ca8 NOTE: Fix will trigger a regression at least in fossil see https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 NOTE: Fossil fix here: https://fossil-scm.org/home/info/f4ffefe708793b03 NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. NOTE: https://github.com/unbit/uwsgi/issues/2635 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...) {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 NOTE: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44 CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...) {DSA-5662-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-27316 NOTE: https://github.com/apache/httpd/commit/0d73970ec161300a55b630f71bbf72b5c41f28b9 CVE-2024-3296 (A timing-based side-channel flaw exists in the rust-openssl package, w ...) - rust-openssl (bug #1068418) [bookworm] - rust-openssl (Minor issue) [bullseye] - rust-openssl (Minor issue) [buster] - rust-openssl (Minor issue) NOTE: https://github.com/sfackler/rust-openssl/issues/2171 CVE-2024-31309 (HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to consu ...) {DSA-5659-1 DLA-3799-1} - trafficserver 9.2.4+ds-1 (bug #1068417) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2269627 NOTE: https://github.com/apache/trafficserver/pull/11207 NOTE: https://github.com/apache/trafficserver/commit/d8cb125e55ad7f9cc043e655f7ef25acbbbe0a2c (8.1.10-rc0) NOTE: https://github.com/apache/trafficserver/pull/11206 NOTE: https://github.com/apache/trafficserver/commit/b8c6a23b74af1772e5cb0de25b38c234a418cb1d (9.2.4-rc0) NOTE: https://www.openwall.com/lists/oss-security/2024/04/10/7 CVE-2024-30255 (Envoy is a cloud-native, open source edge and service proxy. The HTTP/ ...) - envoyproxy (bug #987544) CVE-2024-28182 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...) {DLA-3804-1} - nghttp2 1.61.0-1 (bug #1068415) NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0 (v1.61.0) NOTE: https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9 (v1.61.0) CVE-2024-27919 (Envoy is a cloud-native, open-source edge and service proxy. In versio ...) - envoyproxy (bug #987544) CVE-2024-2700 (A vulnerability was found in the quarkus-core component. Quarkus captu ...) NOT-FOR-US: Quarkus CVE-2024-1139 (A credentials leak vulnerability was found in the cluster monitoring o ...) NOT-FOR-US: Red Hat OpenShift Container Platform CVE-2024-3274 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) NOT-FOR-US: D-Link CVE-2024-3273 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2024-3272 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2024-3270 (A vulnerability classified as problematic was found in ThingsBoard up ...) NOT-FOR-US: ThingsBoard CVE-2024-3030 (The Announce from the Dashboard plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-3022 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) NOT-FOR-US: WordPress plugin CVE-2024-31025 (SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain ...) NOT-FOR-US: ECshop CVE-2024-30265 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2024-2919 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2024-2868 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) NOT-FOR-US: WooCommerce plugin CVE-2024-2830 (The WordPress Tag and Category Manager \u2013 AI Autotagger plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2803 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2692 (SiYuan version 3.0.3 allows executing arbitrary commands on the server ...) NOT-FOR-US: SiYuan CVE-2024-2689 (Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, ...) NOT-FOR-US: Temporal Server CVE-2024-2008 (The Modal Popup Box \u2013 Popup Builder, Show Offers And News in Popu ...) NOT-FOR-US: WordPress plugin CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote ...) NOT-FOR-US: Webasyst CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...) NOT-FOR-US: Addactis IBNRS CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...) NOT-FOR-US: WRC-X3200GST3-B CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...) NOT-FOR-US: SEEnergy Corp SVR-116 CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...) NOT-FOR-US: Apache CloudStack CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...) NOT-FOR-US: Apache CloudStack CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...) NOT-FOR-US: Apache CloudStack CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.4-1 [bookworm] - suricata (Minor issue) [bullseye] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8 NOTE: https://redmine.openinfosecfoundation.org/issues/6800 NOTE: https://redmine.openinfosecfoundation.org/issues/6801 CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...) NOT-FOR-US: Byzoro CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...) NOT-FOR-US: Huily Platform CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...) NOT-FOR-US: Leantime CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) NOT-FOR-US: WRC-X3200GST3-B CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...) NOT-FOR-US: WRC-X3200GST3-B CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...) NOT-FOR-US: Advanced REST Client CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...) NOT-FOR-US: WordPress plugin CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...) NOT-FOR-US: D-Link CVE-2023-45288 (An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of ...) - golang-1.22 1.22.2-1 - golang-1.21 1.21.9-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.23.0+dfsg-1 NOTE: https://github.com/golang/go/issues/65051 NOTE: https://github.com/golang/go/commit/e55d7cf8435ba4e58d4a5694e63b391821d4ee9b (go1.22.2) NOTE: https://github.com/golang/go/commit/ae5913347d15cf7d1f218916c22717e5739a9ea3 (go1.21.9) NOTE: https://www.kb.cert.org/vuls/id/421644 CVE-2024-3259 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3258 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3257 (A vulnerability was found in SourceCodester Internship Portal Manageme ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3256 (A vulnerability has been found in SourceCodester Internship Portal Man ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3255 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3254 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3253 (A vulnerability classified as critical was found in SourceCodester Int ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3252 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Internship Portal Management System CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8 ...) NOT-FOR-US: Concrete CMS CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 ...) NOT-FOR-US: Concrete CMS CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.1 ...) NOT-FOR-US: Concrete CMS CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...) NOT-FOR-US: Concrete CMS CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...) NOT-FOR-US: KubeVirt CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization. ...) NOT-FOR-US: Red Hat OpenShift Virtualization CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...) - firefox (Only affects Firefox for iOS) CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...) - firefox (Only affects Firefox for iOS) CVE-2024-31390 (: Improper Control of Generation of Code ('Code Injection') vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) NOT-FOR-US: Netgear CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear R6850 v1. ...) NOT-FOR-US: Netgear CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows ...) NOT-FOR-US: Netgear CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 a ...) NOT-FOR-US: Netgear CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command injection v ...) NOT-FOR-US: Netgear CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vul ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are either se ...) NOT-FOR-US: Tempesta FW CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...) NOT-FOR-US: Concrete CMS CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffer and ...) - php-amphp-http (bug #1011337) - php-amphp-http-client (bug #1011274) NOTE: https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm NOTE: https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4 CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...) - dolibarr CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...) NOT-FOR-US: Puwell Cloud Tech Co, Ltd 360Eyes Pro CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: WordPress plugin CVE-2024-27951 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...) NOT-FOR-US: WordPress plugin CVE-2024-27674 (Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to ...) NOT-FOR-US: Macro Expert CVE-2024-27673 REJECTED CVE-2024-27346 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax CVE-2024-27345 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax CVE-2024-27344 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Executi ...) NOT-FOR-US: Kofax CVE-2024-27343 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax CVE-2024-27342 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax CVE-2024-27341 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax CVE-2024-27340 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Cod ...) NOT-FOR-US: Kofax CVE-2024-27339 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execu ...) NOT-FOR-US: Kofax CVE-2024-27338 (Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution ...) NOT-FOR-US: Kofax CVE-2024-27337 (Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Co ...) NOT-FOR-US: Kofax CVE-2024-27336 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: Kofax CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execut ...) NOT-FOR-US: Kofax CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2024-27201 (An improper input validation vulnerability exists in the OAS Engine Us ...) NOT-FOR-US: OAS Engine User Configuration CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-26701 REJECTED CVE-2024-25918 (Unrestricted Upload of File with Dangerous Type vulnerability in Insta ...) NOT-FOR-US: WordPress plugin CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine File Data S ...) NOT-FOR-US: OAS Engine File Data Source Configuration CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path traversal which ...) NOT-FOR-US: HCL CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save Security Conf ...) NOT-FOR-US: OAS Engine Save Security Configuration CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags Configuration ...) NOT-FOR-US: OAS Engine Tags Configuration CVE-2024-20368 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2024-20367 (A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) ...) NOT-FOR-US: Cisco CVE-2024-20362 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2024-20352 (A vulnerability in Cisco Emergency Responder could allow an authentica ...) NOT-FOR-US: Cisco CVE-2024-20348 (A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature o ...) NOT-FOR-US: Cisco CVE-2024-20347 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...) NOT-FOR-US: Cisco CVE-2024-20334 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2024-20332 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2024-20310 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2024-20302 (A vulnerability in the tenant security implementation of Cisco Nexus D ...) NOT-FOR-US: Cisco CVE-2024-20283 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2024-20282 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2024-20281 (A vulnerability in the web-based management interface of Cisco Nexus D ...) NOT-FOR-US: Cisco CVE-2024-1180 (TP-Link Omada ER605 Access Control Command Injection Remote Code Execu ...) NOT-FOR-US: TP-Link CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege esca ...) NOT-FOR-US: Rapid7 Minerva Armor CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI feature ...) NOT-FOR-US: ABB CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...) NOT-FOR-US: Dell CVE-2023-5755 REJECTED CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulner ...) NOT-FOR-US: VeridiumID CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is susceptible ...) NOT-FOR-US: VeridiumID CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauth ...) NOT-FOR-US: VeridiumID CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows an unaut ...) NOT-FOR-US: VeridiumID CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, ...) NOT-FOR-US: IBM CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 fo ...) NOT-FOR-US: Incomplate OpenSSH backport in Amazon Linux CVE-2024-26779 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f (6.8-rc2) CVE-2024-26778 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 (6.8-rc2) CVE-2024-26777 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e421946be7d9bf545147bea8419ef8239cb7ca52 (6.8-rc2) CVE-2024-26776 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/de8b6e1c231a95abf95ad097b993d34b31458ec9 (6.8-rc2) CVE-2024-26775 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86 (6.8-rc2) CVE-2024-26774 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/993bf0f4c393b3667830918f9247438a8f6fdb5b (6.8-rc3) CVE-2024-26773 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/4530b3660d396a646aad91a787b6ab37cf604b53 (6.8-rc3) CVE-2024-26772 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/832698373a25950942c04a512daa652c18a9b513 (6.8-rc3) CVE-2024-26771 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/6e2276203ac9ff10fc76917ec9813c660f627369 (6.8-rc3) CVE-2024-26770 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/b6eda11c44dc89a681e1c105f0f4660e69b1e183 (6.8-rc3) CVE-2024-26769 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/710c69dbaccdac312e32931abcb8499c1525d397 (6.8-rc3) CVE-2024-26768 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/4551b30525cf3d2f026b92401ffe241eb04dfebe (6.8-rc4) CVE-2024-26767 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/0484e05d048b66d01d1f3c1d2306010bb57d8738 (6.8-rc5) CVE-2024-26766 (In the Linux kernel, the following vulnerability has been resolved: I ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e6f57c6881916df39db7d95981a8ad2b9c3458d6 (6.8-rc6) CVE-2024-26765 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/1001db6c42e4012b55e5ee19405490f23e033b5a (6.8-rc6) CVE-2024-26764 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/b820de741ae48ccf50dd95e297889c286ff4f760 (6.8-rc6) CVE-2024-26763 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/50c70240097ce41fe6bce6478b80478281e4d0f7 (6.8-rc6) CVE-2024-26762 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eef5c7b28dbecd6b141987a96db6c54e49828102 (6.8-rc6) CVE-2024-26761 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0cab687205986491302cd2e440ef1d253031c221 (6.8-rc6) CVE-2024-26760 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/de959094eb2197636f7c803af0943cb9d3b35804 (6.8-rc6) CVE-2024-26759 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/13ddaf26be324a7f951891ecd9ccd04466d27458 (6.8-rc6) CVE-2024-26758 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/1baae052cccd08daf9a9d64c3f959d8cdb689757 (6.8-rc6) CVE-2024-26757 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/55a48ad2db64737f7ffc0407634218cc6e4c513b (6.8-rc6) CVE-2024-26756 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/ad39c08186f8a0f221337985036ba86731d6aafe (6.8-rc6) CVE-2024-26755 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9e46c70e829bddc24e04f963471e9983a11598b7 (6.8-rc6) CVE-2024-26754 (In the Linux kernel, the following vulnerability has been resolved: g ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/136cfaca22567a03bbb3bf53a43d8cb5748b80ec (6.8-rc6) CVE-2024-26753 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c0ec2a712daf133d9996a8a1b7ee2d4996080363 (6.8-rc6) CVE-2024-26752 (In the Linux kernel, the following vulnerability has been resolved: l ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79 (6.8-rc6) CVE-2024-26751 (In the Linux kernel, the following vulnerability has been resolved: A ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fdf87a0dc26d0550c60edc911cda42f9afec3557 (6.8-rc6) CVE-2024-26749 (In the Linux kernel, the following vulnerability has been resolved: u ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6 (6.8-rc6) CVE-2024-26748 (In the Linux kernel, the following vulnerability has been resolved: u ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5fd9e45f1ebcd57181358af28506e8a661a260b3 (6.8-rc6) CVE-2024-26747 (In the Linux kernel, the following vulnerability has been resolved: u ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/1c9be13846c0b2abc2480602f8ef421360e1ad9e (6.8-rc6) CVE-2024-26744 (In the Linux kernel, the following vulnerability has been resolved: R ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fdfa083549de5d50ebf7f6811f33757781e838c0 (6.8-rc6) CVE-2024-26743 (In the Linux kernel, the following vulnerability has been resolved: R ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5ba4e6d5863c53e937f49932dee0ecb004c65928 (6.8-rc6) CVE-2024-26742 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a (6.8-rc6) CVE-2024-26741 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f (6.8-rc6) CVE-2024-26740 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/52f671db18823089a02f07efc04efdb2272ddc17 (6.8-rc6) CVE-2024-26739 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 (6.8-rc6) CVE-2024-26738 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321 (6.8-rc6) CVE-2024-26737 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0281b919e175bb9c3128bd3872ac2903e9436e3f (6.8-rc6) CVE-2024-26736 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d (6.8-rc6) CVE-2024-26735 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5559cea2d5aa3018a5f00dd2aca3427ba09b386b (6.8-rc6) CVE-2024-26734 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c (6.8-rc6) CVE-2024-26733 (In the Linux kernel, the following vulnerability has been resolved: a ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/a7d6027790acea24446ddd6632d394096c0f4667 (6.8-rc6) CVE-2024-26732 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/56667da7399eb19af857e30f41bea89aa6fa812c (6.8-rc6) CVE-2024-26731 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4cd12c6065dfcdeba10f49949bffcf383b3952d8 (6.8-rc6) CVE-2024-26730 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d56e460e19ea8382f813eb489730248ec8d7eb73 (6.8-rc6) CVE-2024-26729 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907 (6.8-rc6) CVE-2024-26728 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9671761792156f2339627918bafcd713a8a6f777 (6.8-rc6) CVE-2024-26727 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb (6.8-rc4) CVE-2024-26726 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade (6.8-rc5) CVE-2024-26725 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/53c0441dd2c44ee93fddb5473885fd41e4bc2361 (6.8-rc5) CVE-2024-26724 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aa1eec2f546f2afa8c98ec41e5d8ee488165d685 (6.8-rc5) CVE-2024-26723 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/15faa1f67ab405d47789d4702f587ec7df7ef03e (6.8-rc5) CVE-2024-26722 (In the Linux kernel, the following vulnerability has been resolved: A ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/6ef5d5b92f7117b324efaac72b3db27ae8bb3082 (6.8-rc5) CVE-2024-26721 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/962ac2dce56bb3aad1f82a4bbe3ada57a020287c (6.8-rc5) CVE-2024-26720 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/9319b647902cbd5cc884ac08a8a6d54ce111fc78 (6.8-rc3) CVE-2024-26719 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/39126abc5e20611579602f03b66627d7cd1422f0 (6.8-rc3) CVE-2024-26718 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0a9bab391e336489169b95cb0d4553d921302189 (6.8-rc3) CVE-2024-26717 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/00aab7dcb2267f2aef59447602f34501efe1a07f (6.8-rc3) CVE-2024-26716 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/12783c0b9e2c7915a50d5ec829630ff2da50472c (6.8-rc3) CVE-2024-26715 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/61a348857e869432e6a920ad8ea9132e8d44c316 (6.8-rc3) CVE-2024-26714 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/85e985a4f46e462a37f1875cb74ed380e7c0c2e0 (6.8-rc5) CVE-2024-26713 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ed8b94f6e0acd652ce69bd69d678a0c769172df8 (6.8-rc5) CVE-2024-26712 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 (6.8-rc5) CVE-2024-26711 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a22b0a2be69a36511cb5b37d948b651ddf7debf3 (6.8-rc5) CVE-2024-26710 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f1acb109505d983779bbb7e20a1ee6244d2b5736 (6.8-rc5) CVE-2024-26709 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0846dd77c8349ec92ca0079c9c71d130f34cb192 (6.8-rc5) CVE-2024-26708 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/337cebbd850f94147cee05252778f8f78b8c337f (6.8-rc5) CVE-2024-26707 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/37e8c97e539015637cb920d3e6f1e404f707a06e (6.8-rc3) CVE-2024-26706 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/8b1d72395635af45410b66cc4c4ab37a12c4a831 (6.8-rc3) CVE-2024-26705 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/913b9d443a0180cf0de3548f1ab3149378998486 (6.8-rc3) CVE-2024-26704 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/55583e899a5357308274601364741a83e78d6ac4 (6.8-rc3) CVE-2024-26703 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1389358bb008e7625942846e9f03554319b7fecc (6.8-rc3) CVE-2024-26702 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/792595bab4925aa06532a14dd256db523eb4fa5e (6.8-rc5) CVE-2024-26700 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57 (6.8-rc4) CVE-2024-26699 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/46806e59a87790760870d216f54951a5b4d545bc (6.8-rc5) CVE-2024-26698 (In the Linux kernel, the following vulnerability has been resolved: h ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e0526ec5360a48ad3ab2e26e802b0532302a7e11 (6.8-rc3) CVE-2024-26697 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/67b8bcbaed4777871bb0dcc888fb02a614a98ab1 (6.8-rc4) CVE-2024-26696 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/38296afe3c6ee07319e01bb249aa4bb47c07b534 (6.8-rc4) CVE-2024-26695 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ccb88e9549e7cfd8bcd511c538f437e20026e983 (6.8-rc4) CVE-2024-26694 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/353d321f63f7dbfc9ef58498cc732c9fe886a596 (6.8-rc4) CVE-2024-26693 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b7198383ef2debe748118996f627452281cf27d7 (6.8-rc5) CVE-2024-26692 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4860abb91f3d7fbaf8147d54782149bb1fc45892 (6.8-rc5) CVE-2024-26691 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5) CVE-2024-26690 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8 (6.8-rc4) CVE-2024-26689 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/cda4672da1c26835dcbd7aec2bfed954eda9b5ef (6.8-rc4) CVE-2024-26688 (In the Linux kernel, the following vulnerability has been resolved: f ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/79d72c68c58784a3e1cd2378669d51bfd0cb7498 (6.8-rc4) CVE-2024-26687 (In the Linux kernel, the following vulnerability has been resolved: x ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fa765c4b4aed2d64266b694520ecb025c862c5a9 (6.8-rc5) CVE-2024-26686 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/7601df8031fd67310af891897ef6cc0df4209305 (6.8-rc4) CVE-2024-26685 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5bc09b397cbf1221f8a8aacb1152650c9195b02b (6.8-rc4) CVE-2023-52641 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/aaab47f204aaf47838241d57bf8662c8840de60a (6.8-rc4) CVE-2023-52640 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/731ab1f9828800df871c5a7ab9ffe965317d3f15 (6.8-rc4) CVE-2023-52639 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fe752331d4b361d43cfd0b89534b4b2176057c32 (6.8-rc4) CVE-2023-52638 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/6cdedc18ba7b9dacc36466e27e3267d201948c8d (6.8-rc5) CVE-2023-52637 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5) CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGlyphs() ...) {DSA-5657-1 DLA-3787-1} - xorg-server 2:21.1.11-3 - xwayland 2:23.2.6-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb31609b1280fc93237b00c77 NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html NOTE: Followup to fix regression: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04 CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) - xorg-server 2:21.1.11-3 (unimportant) [bookworm] - xorg-server 2:21.1.7-3+deb12u7 [bullseye] - xorg-server 2:1.20.11-1+deb11u13 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) {DSA-5657-1 DLA-3787-1} - xorg-server 2:21.1.11-3 - xwayland 2:23.2.6-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) {DSA-5657-1 DLA-3787-1} - xorg-server 2:21.1.11-3 - xwayland 2:23.2.6-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely unavailable ...) - nodejs 18.20.1+dfsg-1 (bug #1068347) NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ NOTE: Fixed by: https://github.com/nodejs/node/commit/0fb816dbccde955cd24acc1b16497a91fab507c8 (v18.20.1) CVE-2024-27982 (The team has identified a critical vulnerability in the http server of ...) - nodejs 18.20.1+dfsg-1 (bug #1068347) NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ NOTE: Fixed by: https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca (v18.20.1) CVE-2024-3248 (In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads ...) - xpdf (Debian uses poppler, which is not affected) CVE-2024-3247 (In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...) - xpdf (Debian uses poppler, which is not affected) CVE-2024-3227 (A vulnerability was found in Panwei eoffice OA up to 9.5. It has been ...) NOT-FOR-US: Panwei eoffice OA CVE-2024-3226 (A vulnerability was found in Campcodes Online Patient Record Managemen ...) NOT-FOR-US: Campcodes Online Patient Record Management System CVE-2024-3225 (A vulnerability was found in SourceCodester PHP Task Management System ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3224 (A vulnerability has been found in SourceCodester PHP Task Management S ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3223 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3222 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3221 (A vulnerability classified as critical was found in SourceCodester PHP ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-3218 (A vulnerability classified as critical has been found in Shibang Commu ...) NOT-FOR-US: Shibang Communications IP Network Intercom Broadcasting System CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated as cri ...) - upx-ucl TODO: check upstream report status, seems not filled as issue CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) NOT-FOR-US: ermig1979 Simd CVE-2024-3205 (A vulnerability was found in yaml libyaml up to 0.2.5 and classified a ...) NOTE: Non issue reported for libyaml: NOTE: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931 NOTE: https://vuldb.com/?submit.304561 NOTE: https://github.com/yaml/libyaml/issues/289 CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) - c-blosc2 2.13.1+ds-3 NOTE: https://github.com/Blosc/c-blosc2/commit/892f6d9c8ffc6e3c4d571df8fc02114f88c69b52 (v2.14.2) CVE-2024-3203 (A vulnerability, which was classified as critical, was found in c-blos ...) - c-blosc2 2.13.1+ds-3 NOTE: https://github.com/Blosc/c-blosc2/commit/892f6d9c8ffc6e3c4d571df8fc02114f88c69b52 (v2.14.2) CVE-2024-3202 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2024-3162 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-31013 (Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, all ...) NOT-FOR-US: emlog CVE-2024-31012 (An issue was discovered in SEMCMS v.4.8, allows remote attackers to ex ...) NOT-FOR-US: SEMCMS CVE-2024-31011 (Arbitrary file write vulnerability in beescms v.4.0, allows a remote a ...) NOT-FOR-US: beescms CVE-2024-31010 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) NOT-FOR-US: SEMCMS CVE-2024-31009 (SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker ...) NOT-FOR-US: SEMCMS CVE-2024-31008 (An issue was discovered in WUZHICMS version 4.1.0, allows an attacker ...) NOT-FOR-US: WUZHICMS CVE-2024-30998 (SQL Injection vulnerability in PHPGurukul Men Salon Management System ...) NOT-FOR-US: PHPGurukul Men Salon Management System CVE-2024-30371 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30370 (RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability ...) NOTE: RARLabs WinRAR CVE-2024-30367 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30365 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30364 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30363 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30362 (Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30361 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30360 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30359 (Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30358 (Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulner ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30357 (Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execut ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30356 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30355 (Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vu ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30354 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30353 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vul ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30352 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30351 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30350 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30349 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Exec ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30348 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Exec ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30347 (Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Discl ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30346 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30345 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30344 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30343 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30342 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30341 (Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution V ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30340 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30339 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30338 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30337 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30336 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30166 (In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can c ...) - mbedtls TODO: check, missing details CVE-2024-2879 (The LayerSlider plugin for WordPress is vulnerable to SQL Injection vi ...) NOT-FOR-US: WordPress plugin CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2. ...) NOT-FOR-US: WordPress plugin CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM Media View ...) NOT-FOR-US: SonicDICOM Media Viewer CVE-2024-29733 (Improper Certificate Validation vulnerability in Apache Airflow FTP Pr ...) NOT-FOR-US: Airflow FTP provider CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 allows ...) NOT-FOR-US: Alldata CVE-2024-29432 (Alldata v0.4.6 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Alldata CVE-2024-28836 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ...) - mbedtls TODO: check, missing details CVE-2024-28755 (An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ...) - mbedtls [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654 NOTE: Possibly the same as CVE-2023-52353. CVE-2024-28589 (An issue was discovered in Axigen Mail Server for Windows versions 10. ...) NOT-FOR-US: Axigen Mail Server for Windows CVE-2024-28515 (Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx ...) NOT-FOR-US: CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx CVE-2024-27605 (Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (tes ...) NOT-FOR-US: Alldata CVE-2024-27604 (Alldata V0.4.6 is vulnerable to Command execution vulnerability. Syste ...) NOT-FOR-US: Alldata CVE-2024-27602 (Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of m ...) NOT-FOR-US: Alldata CVE-2024-26495 (Cross Site Scripting (XSS) vulnerability in Friendica versions after v ...) NOT-FOR-US: Friendica CVE-2024-25864 (Server Side Request Forgery (SSRF) vulnerability in Friendica versions ...) NOT-FOR-US: Friendica CVE-2024-25075 (An issue was discovered in Softing uaToolkit Embedded before 1.41.1. W ...) NOT-FOR-US: Softing uaToolkit Embedded CVE-2024-24724 (Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSetting ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edit ...) - limesurvey (bug #472802) CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-35764 (Insufficient verification of data authenticity issue in Survey Maker p ...) NOT-FOR-US: Survey Maker CVE-2023-34423 (Survey Maker prior to 3.6.4 contains a stored cross-site scripting vul ...) NOT-FOR-US: Survey Maker CVE-2024-3159 (Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3158 (Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 a ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3156 (Inappropriate implementation in V8 in Google Chrome prior to 123.0.631 ...) {DSA-5654-1} - chromium 123.0.6312.105-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) NOT-FOR-US: WordPress plugin CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) NOT-FOR-US: WordPress plugin CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) NOT-FOR-US: Bento4 CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) NOT-FOR-US: Bento4 CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) NOT-FOR-US: Bento4 CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) NOT-FOR-US: Bento4 CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) NOT-FOR-US: Tenda CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) NOT-FOR-US: Tenda CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) NOT-FOR-US: WordPress plugin CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) NOT-FOR-US: WordPress plugin CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) NOT-FOR-US: Piccolo Admin CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) NOT-FOR-US: Rapid7 CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) NOT-FOR-US: Temporal ui-server CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) NOT-FOR-US: Flowmon CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) NOT-FOR-US: Hikvision CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) NOT-FOR-US: Hikvision CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) NOT-FOR-US: Hikvision CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) NOT-FOR-US: Apache Pulsar CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) NOT-FOR-US: INSTINCT UI Web Client CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) NOT-FOR-US: WordPress plugin CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) NOT-FOR-US: CA17 TeamsACS CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) NOT-FOR-US: VMware CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) NOT-FOR-US: VMware CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) NOT-FOR-US: VMware CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...) NOT-FOR-US: DJI CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...) NOT-FOR-US: DJI CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...) NOT-FOR-US: DJI CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...) NOT-FOR-US: DJI CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...) NOT-FOR-US: DJI CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...) NOT-FOR-US: DJI CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a ...) NOT-FOR-US: DJI CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...) NOT-FOR-US: DJI CVE-2023-51452 (A Improper Input Validation issue affecting the v2_sdk_service running ...) NOT-FOR-US: DJI CVE-2023-50313 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) NOT-FOR-US: IBM CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) NOT-FOR-US: dotCMS CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) NOT-FOR-US: dotCMS CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) NOT-FOR-US: IntelBras CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) NOT-FOR-US: DedeCMS CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) NOT-FOR-US: DedeCMS CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) NOT-FOR-US: DedeCMS CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) NOT-FOR-US: DedeCMS CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) NOT-FOR-US: DedeCMS CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) NOT-FOR-US: DedeCMS CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and ...) NOT-FOR-US: Clavister CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 ...) NOT-FOR-US: Clavister CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) NOT-FOR-US: RosarioSISster CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) NOT-FOR-US: UVdesk CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) NOT-FOR-US: Bento4 CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) NOT-FOR-US: Bento4 CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) NOT-FOR-US: Bento4 CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) NOT-FOR-US: Bento4 CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does n ...) NOT-FOR-US: WordPress plugin CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) NOT-FOR-US: seeyonOA CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: KOfax Power PDF CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) NOT-FOR-US: KOfax Power PDF CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-26684 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/46eba193d04f8bd717e525eb4110f3c46c12aec3 (6.8-rc4) CVE-2024-26683 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/177fbbcb4ed6b306c1626a277fac3fb1c495a4c7 (6.8-rc4) CVE-2024-26682 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35e2385dbe787936c793d70755a5177d267a40aa (6.8-rc4) CVE-2024-26681 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba5e1272142d051dcc57ca1d3225ad8a089f9858 (6.8-rc4) CVE-2024-26680 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e7d3b67630dfd8f178c41fa2217aa00e79a5887 (6.8-rc4) CVE-2024-26679 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/eef00a82c568944f113f2de738156ac591bbd5cd (6.8-rc4) CVE-2024-26678 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1ad55cecf22f05f1c884adf63cc09d3c3e609ebf (6.8-rc4) CVE-2024-26677 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/e7870cf13d20f56bfc19f9c3e89707c69cf104ef (6.8-rc4) CVE-2024-26676 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1279f9d9dec2d7462823a18c29ad61359e0a007d (6.8-rc4) CVE-2024-26675 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (6.8-rc4) CVE-2024-26674 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8eed4e00a370b37b4e5985ed983dccedd555ea9d (6.8-rc4) CVE-2024-26673 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (6.8-rc3) CVE-2024-26672 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/4f32504a2f85a7b40fe149436881381f48e9c0c0 (6.8-rc1) CVE-2024-26671 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5266caaf5660529e3da53004b8b7174cab6374ed (6.8-rc1) CVE-2024-26670 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.6.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/832dd634bd1b4e3bbe9f10b9c9ba5db6f6f2b97f (6.8-rc1) CVE-2024-26669 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/32f2a0afa95fae0d1ceec2ff06e0e816939964b8 (6.8-rc2) CVE-2024-26668 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa (6.8-rc2) CVE-2024-26667 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52 (6.8-rc4) CVE-2024-26666 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9480adfe4e0f0319b9da04b44e4eebd5ad07e0cd (6.8-rc4) CVE-2024-26665 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d75abeec401f8c86b470e7028a13fcdc87e5dd06 (6.8-rc4) CVE-2024-26664 (In the Linux kernel, the following vulnerability has been resolved: h ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/4e440abc894585a34c2904a32cd54af1742311b3 (6.8-rc4) CVE-2024-26663 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/3871aa01e1a779d866fa9dfdd5a836f342f4eb87 (6.8-rc4) CVE-2024-26662 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e96fddb32931d007db12b1fce9b5e8e4c080401b (6.8-rc4) CVE-2024-26661 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/66951d98d9bf45ba25acf37fe0747253fafdf298 (6.8-rc4) CVE-2024-26660 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/58fca355ad37dcb5f785d9095db5f748b79c5dc2 (6.8-rc4) CVE-2024-26659 (In the Linux kernel, the following vulnerability has been resolved: x ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/7c4650ded49e5b88929ecbbb631efb8b0838e811 (6.8-rc3) CVE-2024-26658 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/2acc59dd88d27ad69b66ded80df16c042b04eeec (6.8-rc1) CVE-2024-26657 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f34e8bb7d6c6626933fe993e03ed59ae85e16abb (6.9-rc2) CVE-2024-26656 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/22207fd5c80177b860279653d017474b2812af5e (6.9-rc1) CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allo ...) NOT-FOR-US: 71cms CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulne ...) - centreon-web (bug #913903) CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code Execution ...) - centreon-web (bug #913903) CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote Code Execut ...) - centreon-web (bug #913903) CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution Vulnera ...) - centreon-web (bug #913903) CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution Vulnerabilit ...) - centreon-web (bug #913903) CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-22098 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-22092 (in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypas ...) NOT-FOR-US: OpenHarmony CVE-2024-21834 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-20854 (Improper handling of insufficient privileges vulnerability in Samsung ...) NOT-FOR-US: Samsung CVE-2024-20853 (Improper verification of intent by broadcast receiver vulnerability in ...) NOT-FOR-US: Samsung CVE-2024-20852 (Improper verification of intent by broadcast receiver vulnerability in ...) NOT-FOR-US: Samsung CVE-2024-20851 (Improper access control vulnerability in Samsung Data Store prior to v ...) NOT-FOR-US: Samsung CVE-2024-20850 (Use of Implicit Intent for Sensitive Communication in Samsung Pay prio ...) NOT-FOR-US: Samsung CVE-2024-20849 (Out-of-bound Write vulnerability in chunk parsing implementation of li ...) NOT-FOR-US: Samsung CVE-2024-20848 (Improper Input Validation vulnerability in text parsing implementation ...) NOT-FOR-US: Samsung CVE-2024-20847 (Improper Access Control vulnerability in StorageManagerService prior t ...) NOT-FOR-US: Samsung CVE-2024-20846 (Out-of-bounds write vulnerability while decoding hcr of libsavsac.so p ...) NOT-FOR-US: Samsung CVE-2024-20845 (Out-of-bounds write vulnerability while releasing memory in libsavsac. ...) NOT-FOR-US: Samsung CVE-2024-20844 (Out-of-bounds write vulnerability while parsing remaining codewords in ...) NOT-FOR-US: Samsung CVE-2024-20843 (Out-of-bound write vulnerability in command parsing implementation of ...) NOT-FOR-US: Samsung CVE-2024-20842 (Improper Input Validation vulnerability in handling apdu of libsec-ril ...) NOT-FOR-US: Samsung CVE-2024-20799 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-1863 (Sante PACS Server Token Endpoint SQL Injection Remote Code Execution V ...) NOT-FOR-US: Sante PACS Server CVE-2024-1504 (The SecuPress Free \u2014 WordPress Security plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow ...) NOT-FOR-US: TP-Link CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution Vulnerabi ...) - centreon-web (bug #913903) CVE-2023-52636 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8e46a2d068c92a905d01cbb018b00d66991585ab (6.8-rc4) CVE-2023-52635 (In the Linux kernel, the following vulnerability has been resolved: P ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6 (6.8-rc1) CVE-2023-52634 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/2ce156482a6fef349d2eba98e5070c412d3af662 (6.8-rc1) CVE-2023-52633 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/abe4eaa8618bb36c2b33e9cdde0499296a23448c (6.8-rc1) CVE-2023-52632 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/2a9de42e8d3c82c6990d226198602be44f43f340 (6.8-rc1) CVE-2023-52631 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b2dd7b953c25ffd5912dda17e980e7168bebcf6c (6.8-rc4) CVE-2023-52630 REJECTED CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remo ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authentication Den ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2024-28219 (In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists bec ...) {DLA-3786-1} - pillow 10.3.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0) CVE-2024-3135 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler ...) NOT-FOR-US: LocalAI CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) NOT-FOR-US: CoolKit eWeLlink app CVE-2024-3129 (A vulnerability was found in SourceCodester Image Accordion Gallery Ap ...) NOT-FOR-US: SourceCodester Image Accordion Gallery App CVE-2024-3128 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: Replify-Messenger CVE-2024-3125 (A vulnerability classified as problematic was found in Zebra ZTC GK420 ...) NOT-FOR-US: Zebra ZTC GK420d CVE-2024-3124 (A vulnerability classified as problematic has been found in fridgecow ...) NOT-FOR-US: fridgecow smartalarm CVE-2024-31099 (Missing Authorization vulnerability in Averta Shortcodes and extra fea ...) NOT-FOR-US: WordPress plugin CVE-2024-30872 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /include/authr ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30871 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/appl ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30870 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/address ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30868 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_get ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30867 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_vi ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30866 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/menu.php.) NOT-FOR-US: netentsec NS-ASG CVE-2024-30865 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_us ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30864 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30863 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /WebPages/hist ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30862 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /3g/index.php.) NOT-FOR-US: netentsec NS-ASG CVE-2024-30861 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configg ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30860 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/export_ ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/config_ ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) NOT-FOR-US: Alldata CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) NOT-FOR-US: Alldata CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) NOT-FOR-US: Delta Electronics CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) NOT-FOR-US: Axigen CVE-2024-21473 (Memory corruption while redirecting log file to any file location with ...) NOT-FOR-US: Qualcomm CVE-2024-21472 (Memory corruption in Kernel while handling GPU operations.) NOT-FOR-US: Qualcomm CVE-2024-21470 (Memory corruption while allocating memory for graphics.) NOT-FOR-US: Qualcomm CVE-2024-21468 (Memory corruption when there is failed unmap operation in GPU.) NOT-FOR-US: Qualcomm CVE-2024-21463 (Memory corruption while processing Codec2 during v13k decoder pitch sy ...) NOT-FOR-US: Qualcomm CVE-2024-21454 (Transient DOS while decoding the ToBeSignedMessage in Automotive Telem ...) NOT-FOR-US: Qualcomm CVE-2024-21453 (Transient DOS while decoding message of size that exceeds the availabl ...) NOT-FOR-US: Qualcomm CVE-2024-21452 (Transient DOS while decoding an ASN.1 OER message containing a SEQUENC ...) NOT-FOR-US: Qualcomm CVE-2023-6154 (A configuration setting issue in seccenter.exe as used in Bitdefender ...) NOT-FOR-US: Bitdefender CVE-2023-48906 (Stack Overflow vulnerability in Btstack 1.6 and earlier allows attacke ...) NOT-FOR-US: Btstack CVE-2023-43515 (Memory corruption in HLOS while running kernel address sanitizers (syz ...) NOT-FOR-US: Qualcomm CVE-2023-33115 (Memory corruption while processing buffer initialization, when trusted ...) NOT-FOR-US: Qualcomm CVE-2023-33111 (Information disclosure when VI calibration state set by ADSP is greate ...) NOT-FOR-US: Qualcomm CVE-2023-33101 (Transient DOS while processing DL NAS TRANSPORT message with payload l ...) NOT-FOR-US: Qualcomm CVE-2023-33100 (Transient DOS while processing DL NAS Transport message when message I ...) NOT-FOR-US: Qualcomm CVE-2023-33099 (Transient DOS while processing SMS container of non-standard size rece ...) NOT-FOR-US: Qualcomm CVE-2023-33023 (Memory corruption while processing finish_sign command to pass a rsp b ...) NOT-FOR-US: Qualcomm CVE-2022-4966 (A vulnerability was found in sequentech admin-console up to 6.1.7 and ...) NOT-FOR-US: sequentech admin-console CVE-2024-26655 (In the Linux kernel, the following vulnerability has been resolved: F ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8 (6.9-rc2) CVE-2024-26654 (In the Linux kernel, the following vulnerability has been resolved: A ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/051e0840ffa8ab25554d6b14b62c9ab9e4901457 (6.9-rc2) CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2) CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) NOT-FOR-US: Java JWT CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) NOT-FOR-US: WordPress plugin CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) NOT-FOR-US: WordPress plugin CVE-2024-2262 (Themify WordPress plugin before 1.4.4 does not have CSRF check in its ...) NOT-FOR-US: WordPress plugin CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' A ...) NOT-FOR-US: 'Yahoo! JAPAN' App CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in the admin ...) NOT-FOR-US: Bonita CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a missing ...) NOT-FOR-US: Mediatek CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a missing ...) NOT-FOR-US: Mediatek CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an uncaught ...) NOT-FOR-US: Mediatek CVE-2024-20052 (In flashc, there is a possible information disclosure due to an uncaug ...) NOT-FOR-US: Mediatek CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught excepti ...) NOT-FOR-US: Mediatek CVE-2024-20050 (In flashc, there is a possible information disclosure due to an uncaug ...) NOT-FOR-US: Mediatek CVE-2024-20049 (In flashc, there is a possible information disclosure due to an uncaug ...) NOT-FOR-US: Mediatek CVE-2024-20048 (In flashc, there is a possible information disclosure due to an uncaug ...) NOT-FOR-US: Mediatek CVE-2024-20047 (In battery, there is a possible out of bounds read due to an integer o ...) NOT-FOR-US: Mediatek CVE-2024-20046 (In battery, there is a possible escalation of privilege due to an inte ...) NOT-FOR-US: Mediatek CVE-2024-20045 (In audio, there is a possible out of bounds read due to an incorrect c ...) NOT-FOR-US: Mediatek CVE-2024-20044 (In da, there is a possible out of bounds write due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2024-20043 (In da, there is a possible out of bounds write due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2024-20042 (In da, there is a possible out of bounds write due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due to impro ...) NOT-FOR-US: Mediatek CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Mediatek CVE-2024-1526 (The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that u ...) NOT-FOR-US: WordPress plugin CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...) NOT-FOR-US: LinuxServer.io Heimdall CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...) NOT-FOR-US: NUUO NVRmini CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on ...) NOT-FOR-US: WordPress plugin CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31121 (Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.) NOT-FOR-US: WordPress plugin CVE-2024-31120 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31116 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-31115 (Unrestricted Upload of File with Dangerous Type vulnerability in Quant ...) NOT-FOR-US: WordPress plugin CVE-2024-31114 (Unrestricted Upload of File with Dangerous Type vulnerability in biplo ...) NOT-FOR-US: WordPress plugin CVE-2024-31112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31100 (Cross-Site Request Forgery (CSRF) vulnerability in Festi-Team Popup Ca ...) NOT-FOR-US: WordPress plugin CVE-2024-31097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31096 (Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate ...) NOT-FOR-US: WordPress plugin CVE-2024-31095 (Authorization Bypass Through User-Controlled Key vulnerability in Rica ...) NOT-FOR-US: WordPress plugin CVE-2024-31094 (Deserialization of Untrusted Data vulnerability in Filter Custom Field ...) NOT-FOR-US: WordPress plugin CVE-2024-31092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31085 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31084 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30543 (Authorization Bypass Through User-Controlled Key vulnerability in UPQO ...) NOT-FOR-US: WordPress plugin CVE-2024-30541 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-30536 (Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Slugs Man ...) NOT-FOR-US: WordPress plugin CVE-2024-30535 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30533 (Unrestricted Upload of File with Dangerous Type vulnerability in Teche ...) NOT-FOR-US: WordPress plugin CVE-2024-30530 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30526 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-30524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30523 (Insertion of Sensitive Information into Log File vulnerability in Paid ...) NOT-FOR-US: WordPress plugin CVE-2024-30489 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-25027 (IBM Security Verify Access 10.0.6 could disclose sensitive snapshot in ...) NOT-FOR-US: IBM CVE-2024-22353 (IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2023-50959 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 1 ...) NOT-FOR-US: IBM CVE-2023-50311 (IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits ...) NOT-FOR-US: IBM CVE-2020-36828 (A vulnerability was found in DiscuzX up to 3.4-20200818. It has been c ...) NOT-FOR-US: DiscuzX CVE-2017-20191 (A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has ...) NOT-FOR-US: Zimbra CVE-2024-3118 (A vulnerability, which was classified as critical, has been found in D ...) NOT-FOR-US: Dreamer CMS CVE-2024-3117 (A vulnerability classified as critical was found in YouDianCMS up to 9 ...) NOT-FOR-US: YouDianCMS CVE-2023-46808 (An file upload vulnerability in Ivanti ITSM before 2023.4, allows an a ...) NOT-FOR-US: Ivanti CVE-2023-41724 (A command injection vulnerability in Ivanti Sentry prior to 9.19.0 all ...) NOT-FOR-US: Ivanti CVE-2015-10131 (A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on W ...) NOT-FOR-US: WordPress plugin CVE-2024-3091 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3090 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3089 (A vulnerability has been found in PHPGurukul Emergency Ambulance Hirin ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3088 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3087 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3086 (A vulnerability classified as problematic was found in PHPGurukul Emer ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3085 (A vulnerability classified as critical has been found in PHPGurukul Em ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-3018 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2491 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1522 (A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/loll ...) NOT-FOR-US: lollms-webui CVE-2024-3084 (A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Por ...) NOT-FOR-US: PHPGurukul Emergency Ambulance Hiring Portal CVE-2024-2948 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-2794 (The Gutenberg Block Editor Toolkit \u2013 EditorsKit plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-2144 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2143 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2142 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2141 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2140 (The Ultimate Addons for Beaver Builder \u2013 Lite plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-2086 (The Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Pla ...) NOT-FOR-US: WordPress plugin CVE-2024-2047 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29278 (funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title ...) NOT-FOR-US: funboot CVE-2024-28288 (Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when re ...) NOT-FOR-US: Ruijie RG-NBR700GW router CVE-2024-1692 (The BoldGrid Easy SEO \u2013 Simple and Effective SEO plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-1238 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1051 (The List category posts plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2024-0367 (The Unlimited Elements For Elementor plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-3081 (A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has be ...) NOT-FOR-US: EasyCorp EasyAdmin CVE-2024-3078 (A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classi ...) NOT-FOR-US: Qdrant CVE-2024-3077 (An malicious BLE device can crash BLE victim device by sending malform ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2024-3061 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-31032 (An issue in Huashi Private Cloud CDN Live Streaming Acceleration Serve ...) NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport CVE-2024-30645 (Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability v ...) NOT-FOR-US: Tenda CVE-2024-30639 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the p ...) NOT-FOR-US: Tenda CVE-2024-30638 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) NOT-FOR-US: Tenda CVE-2024-30637 (Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in t ...) NOT-FOR-US: Tenda CVE-2024-30636 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) NOT-FOR-US: Tenda CVE-2024-30635 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located ...) NOT-FOR-US: Tenda CVE-2024-30634 (Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the ...) NOT-FOR-US: Tenda CVE-2024-30633 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) NOT-FOR-US: Tenda CVE-2024-30632 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) NOT-FOR-US: Tenda CVE-2024-30631 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) NOT-FOR-US: Tenda CVE-2024-30630 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the t ...) NOT-FOR-US: Tenda CVE-2024-30629 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the l ...) NOT-FOR-US: Tenda CVE-2024-30628 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) NOT-FOR-US: Tenda CVE-2024-30627 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the d ...) NOT-FOR-US: Tenda CVE-2024-30626 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the s ...) NOT-FOR-US: Tenda CVE-2024-30625 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the e ...) NOT-FOR-US: Tenda CVE-2024-30624 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the u ...) NOT-FOR-US: Tenda CVE-2024-30623 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the p ...) NOT-FOR-US: Tenda CVE-2024-30622 (Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the m ...) NOT-FOR-US: Tenda CVE-2024-30613 (Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time ...) NOT-FOR-US: Tenda CVE-2024-30521 (Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi L ...) NOT-FOR-US: WordPress plugin CVE-2024-30520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30518 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custo ...) NOT-FOR-US: WordPress plugin CVE-2024-30514 (Insertion of Sensitive Information into Log File vulnerability in Paid ...) NOT-FOR-US: WordPress plugin CVE-2024-30513 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...) NOT-FOR-US: WordPress plugin CVE-2024-30511 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...) NOT-FOR-US: PrestaShop module CVE-2024-30510 (Unrestricted Upload of File with Dangerous Type vulnerability in Salon ...) NOT-FOR-US: WordPress plugin CVE-2024-30508 (Missing Authorization vulnerability in ThimPress WP Hotel Booking.This ...) NOT-FOR-US: WordPress plugin CVE-2024-30507 (Authorization Bypass Through User-Controlled Key vulnerability in Molo ...) NOT-FOR-US: WordPress plugin CVE-2024-30506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30505 (Missing Authorization vulnerability in Andy Moyle Church Admin.This is ...) NOT-FOR-US: WordPress plugin CVE-2024-30504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30503 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30502 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30501 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30500 (Unrestricted Upload of File with Dangerous Type vulnerability in CubeW ...) NOT-FOR-US: WordPress plugin CVE-2024-30499 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30498 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30497 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30496 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30494 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30493 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church A ...) NOT-FOR-US: WordPress plugin CVE-2024-30492 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2024-30491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30490 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30488 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30487 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...) NOT-FOR-US: WordPress plugin CVE-2024-30486 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30483 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30482 (Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Si ...) NOT-FOR-US: WordPress plugin CVE-2024-30478 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30477 (Missing Authorization vulnerability in Klarna Klarna Payments for WooC ...) NOT-FOR-US: WordPress plugin CVE-2024-30469 (Missing Authorization vulnerability in WPExperts Wholesale For WooComm ...) NOT-FOR-US: WordPress plugin CVE-2024-30468 (Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Secur ...) NOT-FOR-US: WordPress plugin CVE-2024-30463 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...) NOT-FOR-US: WordPress plugin CVE-2024-30462 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...) NOT-FOR-US: WordPress plugin CVE-2024-30460 (Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult H ...) NOT-FOR-US: WordPress plugin CVE-2024-30458 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS \u ...) NOT-FOR-US: WordPress plugin CVE-2024-30457 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-30456 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-30455 (Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issu ...) NOT-FOR-US: WordPress plugin CVE-2024-30454 (Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.T ...) NOT-FOR-US: WordPress plugin CVE-2024-30453 (Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup ...) NOT-FOR-US: WordPress plugin CVE-2024-30452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30448 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30447 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30446 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30444 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30439 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30435 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30430 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30423 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30247 (NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi ...) NOT-FOR-US: NextcloudPi CVE-2024-30246 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-2970 (The News Wall plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2024-2969 (The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-2968 (The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-2964 (The Pocket News Generator plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-2963 (The Pocket News Generator plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2024-2936 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-2848 (The Responsive theme for WordPress is vulnerable to unauthorized modif ...) NOT-FOR-US: WordPress theme CVE-2024-2844 (The Easy Appointments plugin for WordPress is vulnerable to unauthoriz ...) NOT-FOR-US: WordPress plugin CVE-2024-2842 (The Easy Appointments plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2841 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-2476 (The OceanWP theme for WordPress is vulnerable to unauthorized access o ...) NOT-FOR-US: WordPress theme CVE-2024-2475 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-2411 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...) NOT-FOR-US: WordPress plugin CVE-2024-2409 (The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Es ...) NOT-FOR-US: WordPress plugin CVE-2024-2280 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-2250 (The 130+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-2116 (The Christmas Greetings plugin for WordPress is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2024-2113 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) NOT-FOR-US: WordPress plugin CVE-2024-2108 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) NOT-FOR-US: WordPress plugin CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...) - codeigniter (bug #471583) CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...) NOT-FOR-US: AuthKit library for Next.js CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...) NOT-FOR-US: Electron Packager CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...) NOT-FOR-US: DataLens CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1. ...) NOT-FOR-US: Winter CMS CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...) NOT-FOR-US: Tongtianxing CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...) NOT-FOR-US: aliyundrive-webdav CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5101 NOTE: https://github.com/jerryscript-project/jerryscript/pull/5129 NOTE: https://github.com/jerryscript-project/jerryscript/commit/cefd391772529c8a9531d7b3c244d78d38be47c6 CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...) NOT-FOR-US: NodeBB CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...) NOT-FOR-US: JumpServer CVE-2024-29201 (JumpServer is an open source bastion host and an operation and mainten ...) NOT-FOR-US: JumpServer CVE-2024-29024 (JumpServer is an open source bastion host and an operation and mainten ...) NOT-FOR-US: JumpServer CVE-2024-29020 (JumpServer is an open source bastion host and an operation and mainten ...) NOT-FOR-US: JumpServer CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ...) - mbedtls 2.28.8-1 [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/ NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...) NOT-FOR-US: swift-prometheus CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...) NOT-FOR-US: CRMEB_Java e-commerce system CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-28405 (SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code install ...) NOT-FOR-US: SEMCMS CVE-2024-27619 (Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. ...) NOT-FOR-US: Dlink CVE-2024-25944 (Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversa ...) NOT-FOR-US: Dell CVE-2024-24407 (SQL Injection vulnerability in Best Courier management system v.1.0 al ...) NOT-FOR-US: Best Courier management system CVE-2024-23727 (The YI Smart Kami Vision com.kamivision.yismart application through 1. ...) NOT-FOR-US: YI Smart Kami Vision com.kamivision.yismart application CVE-2024-23539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache Fineract CVE-2024-23538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache Fineract CVE-2024-23537 (Improper Privilege Management vulnerability in Apache Fineract.This is ...) NOT-FOR-US: Apache Fineract CVE-2024-23449 (An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs wh ...) - elasticsearch CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injection ...) NOT-FOR-US: WordPress plugin CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-1729 (A timing attack vulnerability exists in the gradio-app/gradio reposito ...) NOT-FOR-US: Gradio CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0913 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0609 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0608 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-6191 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Egehan Security WebPDKS CVE-2023-6047 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Algoritim E-commerce Software CVE-2023-52629 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.5.6-1 NOTE: https://git.kernel.org/linus/246f80a0b17f8f582b2c0996db02998239057c65 (6.6-rc1) CVE-2023-50969 (Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to b ...) NOT-FOR-US: Thales Imperva SecureSphere WAF CVE-2023-49234 (An XML external entity (XXE) vulnerability was found in Stilog Visual ...) NOT-FOR-US: Stilog Visual Planning CVE-2023-49232 (An authentication bypass vulnerability was found in Stilog Visual Plan ...) NOT-FOR-US: Stilog Visual Planning CVE-2023-49231 (An authentication bypass vulnerability was found in Stilog Visual Plan ...) NOT-FOR-US: Stilog Visual Planning CVE-2023-33528 (halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Halo CVE-2024-3094 (Malicious code was discovered in the upstream tarballs of xz, starting ...) {DSA-5649-1} - xz-utils 5.6.1+really5.4.5-1 [bookworm] - xz-utils (Vulnerable code not present) [bullseye] - xz-utils (Vulnerable code not present) [buster] - xz-utils (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2024/03/29/4 NOTE: https://tukaani.org/xz-backdoor/ NOTE: https://boehs.org/node/everything-i-know-about-the-xz-backdoor NOTE: https://rya.nc/xz-valid-n.html NOTE: https://lwn.net/Articles/967192/ CVE-2024-3042 (A vulnerability was found in SourceCodester Simple Subscription Websit ...) NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3041 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3040 (A vulnerability, which was classified as critical, was found in Netent ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-3039 (A vulnerability classified as critical has been found in Shanghai Brad ...) NOT-FOR-US: Shanghai Brad Technology BladeX CVE-2024-3019 (A flaw was found in PCP. The default pmproxy configuration exposes the ...) - pcp 6.2.1-1 (bug #1068112) [bookworm] - pcp (Minor issue) [bullseye] - pcp (Minor issue) [buster] - pcp (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2271898 NOTE: Fixed by: https://github.com/performancecopilot/pcp/commit/3bde240a2acc85e63e2f7813330713dd9b59386e (6.2.1) CVE-2024-31140 (In JetBrains TeamCity before 2024.03 server administrators could remov ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31139 (In JetBrains TeamCity before 2024.03 xXE was possible in the Maven bui ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31138 (In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distri ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31137 (In JetBrains TeamCity before 2024.03 reflected XSS was possible via Sp ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31136 (In JetBrains TeamCity before 2024.03 2FA could be bypassed by providin ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31135 (In JetBrains TeamCity before 2024.03 open redirect was possible on the ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31134 (In JetBrains TeamCity before 2024.03 authenticated users without admin ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-31065 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) NOT-FOR-US: Insurance Mangement System CVE-2024-31064 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) NOT-FOR-US: Insurance Mangement System CVE-2024-31063 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) NOT-FOR-US: Insurance Mangement System CVE-2024-31062 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) NOT-FOR-US: Insurance Mangement System CVE-2024-31061 (Cross Site Scripting vulnerability in Insurance Mangement System v.1.0 ...) NOT-FOR-US: Insurance Mangement System CVE-2024-30612 (Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the dev ...) NOT-FOR-US: Tenda CVE-2024-30607 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) NOT-FOR-US: Tenda CVE-2024-30606 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page p ...) NOT-FOR-US: Tenda CVE-2024-30604 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 ...) NOT-FOR-US: Tenda CVE-2024-30603 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls p ...) NOT-FOR-US: Tenda CVE-2024-30602 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedS ...) NOT-FOR-US: Tenda CVE-2024-30601 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time p ...) NOT-FOR-US: Tenda CVE-2024-30600 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedE ...) NOT-FOR-US: Tenda CVE-2024-30599 (Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the device ...) NOT-FOR-US: Tenda CVE-2024-30598 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) NOT-FOR-US: Tenda CVE-2024-30597 (Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in t ...) NOT-FOR-US: Tenda CVE-2024-30596 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30595 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30594 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30593 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located ...) NOT-FOR-US: Tenda CVE-2024-30592 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30591 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30590 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30589 (Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerabilit ...) NOT-FOR-US: Tenda CVE-2024-30588 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30587 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30586 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30585 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30584 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30583 (Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the ...) NOT-FOR-US: Tenda CVE-2024-30422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30421 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Man ...) NOT-FOR-US: WordPress plugin CVE-2024-2947 (A flaw was found in Cockpit. Deleting a sosreport with a crafted name ...) {DSA-5655-1} - cockpit 314-1 [bullseye] - cockpit (Vulnerable code not present) [buster] - cockpit (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2271614 NOTE: https://github.com/cockpit-project/cockpit/pull/20232 NOTE: Introduced by: https://github.com/cockpit-project/cockpit/commit/ee8f946df39779ee37071006d1d4826317f25c9a (270) NOTE: Fixed by: https://github.com/cockpit-project/cockpit/commit/9c4cc9b6df632082538b53bdc8ee9ec1c5cad4da (314) CVE-2024-29898 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) NOT-FOR-US: CreateWiki MediaWiki extension CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) NOT-FOR-US: CreateWiki MediaWiki extension CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...) NOT-FOR-US: Astro-Shield CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...) NOT-FOR-US: SRS video server CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...) NOT-FOR-US: Kimai CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...) NOT-FOR-US: Mblog Blog system CVE-2024-28109 (veraPDF-library is a PDF/A validation library. Executing policy checks ...) NOT-FOR-US: veraPDF-library CVE-2024-28091 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...) NOT-FOR-US: Technicolor CVE-2024-28090 (Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T ...) NOT-FOR-US: Technicolor CVE-2024-27775 (SysAid before version 23.2.14 b18 -CWE-918: Server-Side Request Forger ...) NOT-FOR-US: SysAid CVE-2024-27719 (A cross site scripting (XSS) vulnerability in rems FAQ Management Syst ...) NOT-FOR-US: rems FAQ Management System CVE-2024-25971 (Dell PowerProtect Data Manager, version 19.15, contains an XML Externa ...) NOT-FOR-US: Dell CVE-2024-25963 (Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use ...) NOT-FOR-US: Dell CVE-2024-25961 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an imp ...) NOT-FOR-US: Dell CVE-2024-25960 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a clea ...) NOT-FOR-US: Dell CVE-2024-25959 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an ins ...) NOT-FOR-US: Dell CVE-2024-25955 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...) NOT-FOR-US: Dell CVE-2024-25954 (Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an in ...) NOT-FOR-US: Dell CVE-2024-25953 (Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNI ...) NOT-FOR-US: Dell CVE-2024-25952 (Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNI ...) NOT-FOR-US: Dell CVE-2024-25946 (Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injecti ...) NOT-FOR-US: Dell CVE-2024-25506 (Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker ...) NOT-FOR-US: Process Maker CVE-2024-0259 (Fortra's Robot Schedule Enterprise Agent for Windows prior to version ...) NOT-FOR-US: Fortra CVE-2023-6437 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: TP-Link CVE-2023-45715 (The console may experience a service interruption when processing file ...) NOT-FOR-US: HCL CVE-2023-45706 (An administrative user of WebReports may perform a Cross Site Scriptin ...) NOT-FOR-US: HCL CVE-2023-45705 (An administrative user of WebReports may perform a Server Side Request ...) NOT-FOR-US: HCL CVE-2023-42974 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2023-42962 (This issue was addressed with improved checks This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42947 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2023-42936 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42931 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42930 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-42913 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-42896 (An issue was addressed with improved handling of temporary files. This ...) NOT-FOR-US: Apple CVE-2023-42893 (A permissions issue was addressed by removing vulnerable code and addi ...) NOT-FOR-US: Apple CVE-2023-42892 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-40390 (A privacy issue was addressed by moving sensitive data to a protected ...) NOT-FOR-US: Apple CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) - tcpreplay (unimportant) NOTE: Crash in CLI tool, no security impact CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3013 (A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated ...) NOT-FOR-US: FLIR AX8 CVE-2024-3012 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been de ...) NOT-FOR-US: Tenda CVE-2024-3011 (A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been cl ...) NOT-FOR-US: Tenda CVE-2024-3010 (A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified ...) NOT-FOR-US: Tenda CVE-2024-3009 (A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classi ...) NOT-FOR-US: Tenda CVE-2024-3008 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-3007 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-3006 (A vulnerability classified as critical was found in Tenda FH1205 2.0.0 ...) NOT-FOR-US: Tenda CVE-2024-3004 (A vulnerability was found in code-projects Online Book System 1.0 and ...) NOT-FOR-US: code-projects Online Book System CVE-2024-3003 (A vulnerability has been found in code-projects Online Book System 1.0 ...) NOT-FOR-US: code-projects Online Book System CVE-2024-3002 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: code-projects Online Book System CVE-2024-3001 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Online Book System CVE-2024-3000 (A vulnerability classified as critical was found in code-projects Onli ...) NOT-FOR-US: code-projects Online Book System CVE-2024-30245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30243 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30242 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30241 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Metagauss ProfileGrid CVE-2024-30240 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30239 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30237 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30230 (Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoice ...) NOT-FOR-US: WordPress plugin CVE-2024-30229 (Deserialization of Untrusted Data vulnerability in GiveWP.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-30228 (Deserialization of Untrusted Data vulnerability in Hercules Design Her ...) NOT-FOR-US: WordPress plugin CVE-2024-30227 (Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo ...) NOT-FOR-US: WordPress plugin CVE-2024-30226 (Deserialization of Untrusted Data vulnerability in WPDeveloper BetterD ...) NOT-FOR-US: WordPress plugin CVE-2024-30225 (Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP M ...) NOT-FOR-US: WordPress plugin CVE-2024-30224 (Deserialization of Untrusted Data vulnerability in Wholesale Team Whol ...) NOT-FOR-US: WordPress plugin CVE-2024-30223 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) NOT-FOR-US: WordPress plugin CVE-2024-30222 (Deserialization of Untrusted Data vulnerability in Repute Infosystems ...) NOT-FOR-US: WordPress plugin CVE-2024-30221 (Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshin ...) NOT-FOR-US: WordPress plugin CVE-2024-30200 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2999 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Online Art Gallery Management System CVE-2024-2998 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-2997 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-2890 (Unrestricted Upload of File with Dangerous Type vulnerability in Tumul ...) NOT-FOR-US: WordPress plugin CVE-2024-2818 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2024-2111 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-2110 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-2091 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-29241 (Missing authorization vulnerability in System webapi component in Syno ...) NOT-FOR-US: Synology CVE-2024-29240 (Missing authorization vulnerability in LayoutSave webapi component in ...) NOT-FOR-US: Synology CVE-2024-29239 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29238 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29237 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29236 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29235 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29234 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29233 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29232 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29231 (Improper validation of array index vulnerability in UserPrivilege.Enum ...) NOT-FOR-US: Synology CVE-2024-29230 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29229 (Missing authorization vulnerability in GetLiveViewPath webapi componen ...) NOT-FOR-US: Synology CVE-2024-29228 (Missing authorization vulnerability in GetStmUrlPath webapi component ...) NOT-FOR-US: Synology CVE-2024-29227 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...) NOT-FOR-US: WordPress plugin CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...) NOT-FOR-US: NEC CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...) NOT-FOR-US: NEC CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1 ...) NOT-FOR-US: NEC CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC Corporation A ...) NOT-FOR-US: NEC CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) NOT-FOR-US: NEC CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, ...) NOT-FOR-US: NEC CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200H ...) NOT-FOR-US: NEC CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) NOT-FOR-US: NEC CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG190 ...) NOT-FOR-US: NEC CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) NOT-FOR-US: NEC CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...) NOT-FOR-US: NEC CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...) NOT-FOR-US: NEC CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...) NOT-FOR-US: WordPress plugin CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...) NOT-FOR-US: WordPress plugin CVE-2024-28002 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-28001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27999 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-25923 (Insertion of Sensitive Information into Log File vulnerability in Peep ...) NOT-FOR-US: WordPress plugin CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...) NOT-FOR-US: domain-suffix Nodejs module CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) NOT-FOR-US: WordPress plugin CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...) NOT-FOR-US: WordPress plugin CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2024-0980 (The Auto-update service for Okta Verify for Windows is vulnerable to t ...) NOT-FOR-US: Okta CVE-2024-0677 (The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users ...) NOT-FOR-US: WordPress plugin CVE-2024-0673 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-0672 (The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-0079 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) NOT-FOR-US: NVIDIA GPU Display Driver CVE-2024-0077 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2024-0073 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver CVE-2024-0071 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver CVE-2023-6371 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2023-52628 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1) CVE-2023-52234 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52231 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-50374 (Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP \u ...) NOT-FOR-US: WordPress plugin CVE-2023-47438 (SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers t ...) NOT-FOR-US: Reportico Till CVE-2023-39313 (Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada. ...) NOT-FOR-US: WordPress theme CVE-2023-39309 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-36679 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) NOT-FOR-US: WordPress plugin CVE-2023-34370 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) NOT-FOR-US: WordPress plugin CVE-2024-30238 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-30186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2996 (A vulnerability was found in Bdtask Multi-Store Inventory Management S ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-2995 (A vulnerability was found in NUUO Camera up to 20240319 and classified ...) NOT-FOR-US: NUUO Camera CVE-2024-2994 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declare ...) NOT-FOR-US: Tenda CVE-2024-2993 (A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classif ...) NOT-FOR-US: Tenda CVE-2024-2992 (A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as cr ...) NOT-FOR-US: Tenda CVE-2024-2991 (A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified ...) NOT-FOR-US: Tenda CVE-2024-2990 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2989 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2988 (A vulnerability classified as critical was found in Tenda FH1203 2.0.1 ...) NOT-FOR-US: Tenda CVE-2024-2987 (A vulnerability classified as critical has been found in Tenda FH1202 ...) NOT-FOR-US: Tenda CVE-2024-2986 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been r ...) NOT-FOR-US: Tenda CVE-2024-2985 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been d ...) NOT-FOR-US: Tenda CVE-2024-2984 (A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been c ...) NOT-FOR-US: Tenda CVE-2024-2983 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...) NOT-FOR-US: Tenda CVE-2024-2982 (A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and class ...) NOT-FOR-US: Tenda CVE-2024-2981 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2980 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2979 (A vulnerability classified as critical was found in Tenda F1203 2.0.1. ...) NOT-FOR-US: Tenda CVE-2024-2978 (A vulnerability classified as critical has been found in Tenda F1203 2 ...) NOT-FOR-US: Tenda CVE-2024-2977 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as ...) NOT-FOR-US: Tenda CVE-2024-2976 (A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared ...) NOT-FOR-US: Tenda CVE-2024-2962 (The Networker - Tech News WordPress Theme with Dark Mode theme for Wor ...) NOT-FOR-US: WordPress theme CVE-2024-29946 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashb ...) NOT-FOR-US: Splunk CVE-2024-29945 (In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the softw ...) NOT-FOR-US: Splunk CVE-2024-29936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29929 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29892 (ZITADEL, open source authentication management software, uses Go templ ...) NOT-FOR-US: Zitadel CVE-2024-29891 (ZITADEL users can upload their own avatar image and various image type ...) NOT-FOR-US: Zitadel CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...) NOT-FOR-US: Saleor CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) NOT-FOR-US: Serverpod CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...) NOT-FOR-US: Serverpod CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29816 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29807 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: DearHive DearFlip CVE-2024-29806 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29805 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: ppsmav Gratisfaction CVE-2024-29797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29795 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29793 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29792 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29788 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29776 (Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This ...) NOT-FOR-US: WordPress plugin CVE-2024-29775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29774 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29773 (Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Conc ...) NOT-FOR-US: WordPress plugin CVE-2024-29772 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29769 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29763 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29761 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29760 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29758 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-28860 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-28853 (Ampache is a web based audio/video streaming application and file mana ...) - ampache CVE-2024-28852 (Ampache is a web based audio/video streaming application and file mana ...) - ampache CVE-2024-28784 (IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulner ...) NOT-FOR-US: IBM CVE-2024-28247 (The Pi-hole is a DNS sinkhole that protects your devices from unwanted ...) NOT-FOR-US: Pi-Hole CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) - jupyterhub (bug #1070388) [bookworm] - jupyterhub (Minor issue) NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g NOTE: https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...) NOT-FOR-US: IBM CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...) NOT-FOR-US: GeoNode CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...) NOT-FOR-US: Dell CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...) NOT-FOR-US: WordPress plugin CVE-2024-23510 (Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin D ...) NOT-FOR-US: WordPress plugin CVE-2024-23451 (Incorrect Authorization issue exists in the API key based security mod ...) - elasticsearch CVE-2024-23450 (A flaw was discovered in Elasticsearch, where processing a document in ...) - elasticsearch CVE-2024-22413 REJECTED CVE-2024-20354 (A vulnerability in the handling of encrypted wireless frames of Cisco ...) NOT-FOR-US: Cisco CVE-2024-20333 (A vulnerability in the web-based management interface of Cisco Catalys ...) NOT-FOR-US: Cisco CVE-2024-20324 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2024-20316 (A vulnerability in the data model interface (DMI) services of Cisco IO ...) NOT-FOR-US: Cisco CVE-2024-20314 (A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric ...) NOT-FOR-US: Cisco CVE-2024-20312 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...) NOT-FOR-US: Cisco CVE-2024-20311 (A vulnerability in the Locator ID Separation Protocol (LISP) feature o ...) NOT-FOR-US: Cisco CVE-2024-20309 (A vulnerability in auxiliary asynchronous port (AUX) functions of Cisc ...) NOT-FOR-US: Cisco CVE-2024-20308 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...) NOT-FOR-US: Cisco CVE-2024-20307 (A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software ...) NOT-FOR-US: Cisco CVE-2024-20306 (A vulnerability in the Unified Threat Defense (UTD) configuration CLI ...) NOT-FOR-US: Cisco CVE-2024-20303 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco I ...) NOT-FOR-US: Cisco CVE-2024-20278 (A vulnerability in the NETCONF feature of Cisco IOS XE Software could ...) NOT-FOR-US: Cisco CVE-2024-20276 (A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series S ...) NOT-FOR-US: Cisco CVE-2024-20271 (A vulnerability in the IP packet processing of Cisco Access Point (AP) ...) NOT-FOR-US: Cisco CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) Softwar ...) NOT-FOR-US: Cisco CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2024-1540 (A command injection vulnerability exists in the deploy+test-visual.yml ...) NOT-FOR-US: Gradio CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...) NOT-FOR-US: OpenText CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: TeoSOFT Software TeoBASE CVE-2023-6153 (Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Sof ...) NOT-FOR-US: TeoSOFT Software TeoBASE CVE-2023-50961 (IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2023-44999 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) NOT-FOR-US: WordPress plugin CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion ...) NOT-FOR-US: WordPress plugin CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...) NOT-FOR-US: WordPress plugin CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...) {DSA-5650-1 DLA-3782-1} - util-linux 2.39.3-11 (bug #1067849) NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5 NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40) CVE-2024-26651 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/07161b2416f740a2cb87faa5566873f401440a61 (6.9-rc1) CVE-2024-26652 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba18deddd6d502da71fd6b6143c53042271b82bd (6.8) CVE-2024-2004 (When a protocol selection parameter option disables all protocols with ...) - curl 8.7.1-1 [bookworm] - curl (Minor issue) [bullseye] - curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2024-2004.html NOTE: Introduced by: https://github.com/curl/curl/commit/e6f8445edef8e7996d1cfb141d6df184efef972c (curl-7_85_0) NOTE: Fixed by: https://github.com/curl/curl/commit/17d302e56221f5040092db77d4f85086e8a20e0e (curl-8_7_0) CVE-2024-2379 (libcurl skips the certificate verification for a QUIC connection under ...) - curl 8.7.1-1 (unimportant) NOTE: https://curl.se/docs/CVE-2024-2379.html NOTE: Introduced by: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7fe57e (curl-8_6_0) NOTE: Fixed by: https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc39600914f5eda6c409c (curl-8_7_0) NOTE: curl in Debian not built with wolfSSL support CVE-2024-2398 (When an application tells libcurl it wants to allow HTTP/2 server push ...) - curl 8.7.1-1 [bookworm] - curl (Minor issue) [bullseye] - curl (Minor issue) [buster] - curl (Minor issue; can be fixed in next update) NOTE: https://curl.se/docs/CVE-2024-2398.html NOTE: Introduced by: https://github.com/curl/curl/commit/ea7134ac874a66107e54ff93657ac565cf2ec4aa (curl-7_44_0) NOTE: Fixed by: https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764 (curl-8_7_0) CVE-2024-2466 (libcurl did not check the server certificate of TLS connections done t ...) - curl 8.7.1-1 (unimportant) [bookworm] - curl (Vulnerable code not present) [bullseye] - curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2024-2466.html NOTE: Introduced by: https://github.com/curl/curl/commit/fa714830e92cba7b16b9d3f2cc92a72ee9d821fa (curl-8_5_0) NOTE: Fixed by: https://github.com/curl/curl/commit/3d0fd382a29b95561b90b7ea3e7eb04dfdd43538 (curl-8_7_0) NOTE: curl in Debian not built with mbedTLS support CVE-2024-30201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30199 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2971 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negat ...) NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago) CVE-2024-2956 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-2954 (The Action Network plugin for WordPress is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2024-2945 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2944 (A vulnerability was found in Campcodes Online Examination System 1.0 a ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2943 (A vulnerability has been found in Campcodes Online Examination System ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2942 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2941 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2940 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2939 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2938 (A vulnerability was found in Campcodes Online Examination System 1.0. ...) NOT-FOR-US: Campcodes Online Examination System CVE-2024-2935 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Todo List in Kanban Board CVE-2024-2934 (A vulnerability classified as critical was found in SourceCodester Tod ...) NOT-FOR-US: SourceCodester Todo List in Kanban Board CVE-2024-2932 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Chatting System CVE-2024-2930 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2024-2927 (A vulnerability was found in code-projects Mobile Shop 1.0. It has bee ...) NOT-FOR-US: code-projects Mobile Shop CVE-2024-2917 (A vulnerability was found in Campcodes House Rental Management System ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-2916 (A vulnerability was found in Campcodes House Rental Management System ...) NOT-FOR-US: Campcodes House Rental Management System CVE-2024-2911 (A vulnerability, which was classified as problematic, was found in Tia ...) NOT-FOR-US: Tianjin PubliCMS CVE-2024-2910 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Ruijie CVE-2024-2909 (A vulnerability classified as critical was found in Ruijie RG-EG350 up ...) NOT-FOR-US: Ruijie CVE-2024-2903 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) NOT-FOR-US: Tenda CVE-2024-2781 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2244 (REST service authentication anomaly with \u201cvalid username/no passw ...) NOT-FOR-US: Hitachi CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...) NOT-FOR-US: HP CVE-2024-2206 (An SSRF vulnerability exists in the gradio-app/gradio due to insuffici ...) NOT-FOR-US: Gradio CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-2121 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2120 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) NOT-FOR-US: WordPress plugin CVE-2024-2097 (Authenticated List control client can execute the LINQ query in SCM Se ...) NOT-FOR-US: Hitachi CVE-2024-29928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29925 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29924 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29915 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29914 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29913 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29910 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29909 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29908 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-28815 (A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 thr ...) NOT-FOR-US: Mitel CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid ...) NOT-FOR-US: Tenda CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in ...) NOT-FOR-US: Tenda CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell ...) NOT-FOR-US: Lektor CMS CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...) NOT-FOR-US: TOTOLINK CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-26577 (VSeeFace through 1.13.38.c2 allows attackers to cause a denial of serv ...) NOT-FOR-US: VSeeFace CVE-2024-26303 (Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Da ...) NOT-FOR-US: Aruba CVE-2024-25926 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25736 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...) NOT-FOR-US: WyreStorm Apollo VX20 devices CVE-2024-25735 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...) NOT-FOR-US: WyreStorm Apollo VX20 devices CVE-2024-25734 (An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58 ...) NOT-FOR-US: WyreStorm Apollo VX20 devices CVE-2024-25421 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2024-25420 (An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remot ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2024-25138 (In AutomationDirect C-MORE EA9 HMI, credentials used by the platform ...) NOT-FOR-US: AutomationDirect C-MORE EA9 HMI CVE-2024-25137 (In AutomationDirect C-MORE EA9 HMI there is a program that copies a bu ...) NOT-FOR-US: AutomationDirect C-MORE EA9 HMI CVE-2024-25136 (There is a function in AutomationDirect C-MORE EA9 HMI that allows an ...) NOT-FOR-US: AutomationDirect C-MORE EA9 HMI CVE-2024-24842 (Deserialization of Untrusted Data vulnerability in Echo Plugins Knowle ...) NOT-FOR-US: WordPress plugin CVE-2024-24800 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22311 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22288 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-1532 (A vulnerability exists in the stb-language file handling that affects ...) NOT-FOR-US: Hitachi CVE-2024-1531 (A vulnerability exists in the stb-language file handling that affects ...) NOT-FOR-US: Hitachi CVE-2024-1521 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-1364 (The Elementor Website Builder Pro plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-0400 (SCM Software is a client and server application. An Authenticated Syst ...) NOT-FOR-US: Hitachi CVE-2023-52228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Mark Kinchin Beds24 Online Booking CVE-2023-51148 (An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Acc ...) NOT-FOR-US: TRENDnet CVE-2023-51147 (Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP w ...) NOT-FOR-US: TRENDnet CVE-2023-51146 (Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmw ...) NOT-FOR-US: TRENDnet CVE-2023-50702 (Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem ...) NOT-FOR-US: Sikka SSCWindowsService CVE-2023-49815 (Unrestricted Upload of File with Dangerous Type vulnerability in WappP ...) NOT-FOR-US: WordPress plugin CVE-2023-48777 (Unrestricted Upload of File with Dangerous Type vulnerability in Eleme ...) NOT-FOR-US: WordPress plugin CVE-2023-48275 (Unrestricted Upload of File with Dangerous Type vulnerability in Trust ...) NOT-FOR-US: WordPress plugin CVE-2023-47873 (Unrestricted Upload of File with Dangerous Type vulnerability in WEN S ...) NOT-FOR-US: WordPress plugin CVE-2023-47846 (Unrestricted Upload of File with Dangerous Type vulnerability in Terry ...) NOT-FOR-US: WordPress plugin CVE-2023-47842 (Unrestricted Upload of File with Dangerous Type vulnerability in Zacha ...) NOT-FOR-US: WordPress plugin CVE-2023-46052 (Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c ...) - sane-backends (unimportant) NOTE: https://gitlab.com/sane-project/backends/-/issues/709 NOTE: https://gitlab.com/sane-project/backends/-/commit/a92ffb3d978329c29513b0acb98ae7987ec1bed7 (1.3.0) NOTE: Negligible security impact CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdfte ...) - texlive-bin (unimportant) NOTE: https://tug.org/pipermail/tex-live/2023-August/049406.html NOTE: Crash in CLI tool, negligible security impact CVE-2023-46049 (LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() f ...) NOTE: Disputed LLVM issue CVE-2023-46048 (Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdi ...) - texlive-bin (unimportant) NOTE: https://tug.org/pipermail/tex-live/2023-August/049400.html NOTE: Crash in CLI tool, negligible security impact CVE-2023-46047 (An issue in Sane 1.2.1 allows a local attacker to execute arbitrary co ...) - sane-backends (unimportant) NOTE: https://gitlab.com/sane-project/backends/-/issues/708 NOTE: https://gitlab.com/sane-project/backends/-/commit/fd7b83c8f7b4da4a9e1fb715d070aa2fd96832ff (1.3.0) NOTE: Negligible security impact CVE-2023-46046 (An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference vi ...) - minizinc 2.8.2+dfsg1-1 (unimportant) NOTE: https://github.com/MiniZinc/libminizinc/issues/730 NOTE: https://github.com/MiniZinc/libminizinc/commit/afe67acc20898e4308044b54c4acf7a08df544f0 (2.8.0) NOTE: Negligible security impact, crash in CLI tool CVE-2023-45935 (Qt 6 through 6.6 was discovered to contain a NULL pointer dereference ...) - qt6-base (unimportant) - qtbase-opensource-src (unimportant) - qtbase-opensource-src-gles (unimportant) NOTE: https://bugreports.qt.io/browse/QTBUG-115599 NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=df77d8939d1c04aa18833fe1e141bb71af1f8e04 (v6.5.3) NOTE: No security impact CVE-2023-45931 (Mesa 23.0.4 was discovered to contain a NULL pointer dereference in ch ...) - mesa (unimportant) NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9859 NOTE: Disputed and no reasonable security impact proven CVE-2023-45929 (S-Lang 2.3.2 was discovered to contain a segmentation fault via the fu ...) - slang2 (unimportant; bug #1068144) NOTE: http://lists.jedsoft.org/lists/slang-users/2023/0000002.html NOTE: Negligible security impact CVE-2023-45927 (S-Lang 2.3.2 was discovered to contain an arithmetic exception via the ...) - slang2 (unimportant; bug #1068144) NOTE: http://lists.jedsoft.org/lists/slang-users/2023/0000003.html NOTE: Negligible security impact CVE-2023-45925 (GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain ...) - mc (unimportant) NOTE: https://midnight-commander.org/ticket/4484 NOTE: Negligible security impact, crash in CLI tool CVE-2023-45924 (libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a ...) - libglvnd (unimportant) NOTE: https://gitlab.freedesktop.org/glvnd/libglvnd/-/issues/242 NOTE: Negligible security impact CVE-2023-45922 (glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation ...) - mesa (unimportant) NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857 NOTE: Negligible security impact CVE-2023-45920 (Xfig v3.2.8 was discovered to contain a NULL pointer dereference when ...) - xfig 1:3.2.9-1 (unimportant) NOTE: https://sourceforge.net/p/mcj/tickets/155/ NOTE: https://sourceforge.net/p/mcj/xfig/ci/ec49cde00dbd6f7f45d8e386795079d5d636496f/ NOTE: Crash in CLI tool, no security impact CVE-2023-45919 (Mesa 23.0.4 was discovered to contain a buffer over-read in glXQuerySe ...) - mesa (unimportant) NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9858 NOTE: Negligible (and disputed) security impact CVE-2023-45913 (Mesa v23.0.4 was discovered to contain a NULL pointer dereference via ...) - mesa (unimportant) NOTE: https://gitlab.freedesktop.org/mesa/mesa/-/issues/9856 NOTE: Negligible (and disputed) security impact CVE-2023-43768 (An issue was discovered in Couchbase Server 6.6.x through 7.2.0, befor ...) NOT-FOR-US: Couchbase Server CVE-2023-40290 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-40289 (A command injection issue was discovered on Supermicro X11SSM-F, X11SA ...) NOT-FOR-US: Supermicro CVE-2023-40288 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-40287 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-40286 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-40285 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-40284 (An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F ...) NOT-FOR-US: Supermicro CVE-2023-39307 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...) NOT-FOR-US: WordPress plugin CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...) NOT-FOR-US: WordPress plugin CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...) NOT-FOR-US: precomp CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...) NOT-FOR-US: TeslaMate CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...) NOT-FOR-US: Microsoft CVE-2024-22029 - tomcat10 (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions) - tomcat9 (SUSE specfic packaging issue on /usr/share/tomcat/tomcat-webapps permissions) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1219208#c12 CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...) NOT-FOR-US: WordPress plugin CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This ...) NOT-FOR-US: WordPress plugin CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) NOT-FOR-US: WordPress plugin CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...) - wireshark 4.2.4-1 (bug #1068111) [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue; can be fixed in next update) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-06.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19695 CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...) NOT-FOR-US: WordPress plugin CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...) NOT-FOR-US: Rockwell Automation CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...) NOT-FOR-US: Devolutions Server CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...) NOT-FOR-US: Devolutions Server CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...) NOT-FOR-US: WordPress theme CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) NOT-FOR-US: Tenda CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) NOT-FOR-US: Tenda CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...) NOT-FOR-US: Tenda CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...) NOT-FOR-US: Tenda CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...) NOT-FOR-US: Tenda CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...) NOT-FOR-US: Tenda CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...) NOT-FOR-US: Tenda CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...) NOT-FOR-US: Tenda CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2802 REJECTED CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control ...) NOT-FOR-US: Eclipse ThreadX CVE-2024-2214 (In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in th ...) NOT-FOR-US: Eclipse ThreadX CVE-2024-2212 (In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() ...) NOT-FOR-US: Eclipse ThreadX CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) NOT-FOR-US: CreateWiki MediaWiki extension CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site scripting (X ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78 NOTE: https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...) NOT-FOR-US: WordPress plugin CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...) NOT-FOR-US: WordPress plugin CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...) NOT-FOR-US: WordPress plugin CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...) NOT-FOR-US: WordPress plugin CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...) NOT-FOR-US: WordPress plugin CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...) NOT-FOR-US: dcat-admin CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which ...) NOT-FOR-US: xzs-mysql CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f NOTE: https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...) NOT-FOR-US: Pimcore CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...) NOT-FOR-US: Yealink CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file search p ...) NOT-FOR-US: EasyRange CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. ...) NOT-FOR-US: 0ch BBS Script CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...) NOT-FOR-US: AdTran NetVanta devices CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma ...) NOT-FOR-US: ffBull CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread Version 3.33\ ...) NOT-FOR-US: Mini Thread Version CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, ...) NOT-FOR-US: WebProxy CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitra ...) NOT-FOR-US: TvRock CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4, contain Wea ...) NOT-FOR-US: Dell CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext ...) NOT-FOR-US: Dell CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an improper ...) NOT-FOR-US: Dell CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...) NOT-FOR-US: WordPress plugin CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce Box Off ...) NOT-FOR-US: WordPress plugin CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location Picker a ...) NOT-FOR-US: WordPress plugin CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue affects ...) NOT-FOR-US: WordPress plugin CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...) NOT-FOR-US: WordPress plugin CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be c ...) NOT-FOR-US: Fluent Bit CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...) NOT-FOR-US: ZScaler CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...) NOT-FOR-US: HPE CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) NOT-FOR-US: IBM CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital SalesKing.This issu ...) NOT-FOR-US: WordPress plugin CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...) NOT-FOR-US: Rockwell Automation CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena Simulation softw ...) NOT-FOR-US: Rockwell Automation CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena Simulation ...) NOT-FOR-US: Rockwell Automation CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell Automati ...) NOT-FOR-US: Rockwell Automation CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation Arena ...) NOT-FOR-US: Rockwell Automation CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...) NOT-FOR-US: TeamViewer CVE-2024-1455 (A vulnerability in the langchain-ai/langchain repository allows for a ...) NOT-FOR-US: LangChain CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...) - grafana CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability in mndps ...) NOT-FOR-US: WordPress theme CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact Form 7 ...) NOT-FOR-US: WordPress plugin CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods in the de ...) NOT-FOR-US: Janitza GridVis CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded credentials in th ...) NOT-FOR-US: Janitza GridVis CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya the ...) NOT-FOR-US: WordPress theme CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could ...) NOT-FOR-US: IBM CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability in GShe ...) NOT-FOR-US: WordPress plugin CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter to Tray ...) NOT-FOR-US: Zscaler CVE-2023-41972 (In some rare cases, there is a password type validation missing in Rev ...) NOT-FOR-US: Zscaler CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects the tem ...) NOT-FOR-US: Zscaler CVE-2023-41696 REJECTED CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM Common Crypt ...) NOT-FOR-US: IBM CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress theme CVE-2024-2887 (Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 ...) {DSA-5648-1} - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2886 (Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 al ...) {DSA-5648-1} - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2885 (Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed ...) {DSA-5648-1} - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowe ...) {DSA-5648-1} - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-26650 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b (6.8-rc2) CVE-2024-26649 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453 (6.8-rc1) CVE-2024-26648 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 NOTE: https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1) CVE-2024-26647 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 NOTE: https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1) CVE-2024-26646 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/97566d09fd02d2ab329774bb89a2cdf2267e86d9 (6.8-rc1) CVE-2024-26645 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/2b44760609e9eaafc9d234a6883d042fc21132a7 (6.8-rc2) CVE-2024-26644 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/7081929ab2572920e94d70be3d332e5c9f97095a (6.8-rc2) CVE-2023-52627 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f (6.8-rc1) CVE-2023-52626 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3876638b2c7ebb2c9d181de1191db0de8cac143a (6.8-rc2) CVE-2023-52625 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1) CVE-2023-52624 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1) CVE-2023-52623 (In the Linux kernel, the following vulnerability has been resolved: S ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/31b62908693c90d4d07db597e685d9f25a120073 (6.8-rc1) CVE-2023-52622 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/5d1935ac02ca5aee364a449a35e2977ea84509b0 (6.8-rc1) CVE-2023-52621 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/169410eba271afc9f0fb476d996795aa26770c6d (6.8-rc1) CVE-2024-29735 (Improper Preservation of Permissions vulnerability in Apache Airflow.T ...) - airflow (bug #819700) CVE-2024-2889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2888 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2873 (A vulnerability was found in wolfSSH's server-side state machine befor ...) - wolfssh (bug #983449) CVE-2024-2732 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2427 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) NOT-FOR-US: Rockwell Automation CVE-2024-2426 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) NOT-FOR-US: Rockwell Automation CVE-2024-2425 (A denial-of-service vulnerability exists in the Rockwell Automation Po ...) NOT-FOR-US: Rockwell Automation CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29301 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29199 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) NOT-FOR-US: Nautobot CVE-2024-29196 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-29195 (The azure-c-shared-utility is a C library for AMQP/MQTT communication ...) - azure-uamqp-python 1.6.9-2 (bug #1068457) NOTE: https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg NOTE: https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geometry ser ...) NOT-FOR-US: Ansys CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...) - node-express 4.19.2+~cs8.36.21-1 (bug #1068346) [bookworm] - node-express (Minor issue) [bullseye] - node-express (Minor issue) [buster] - node-express (Minor issue; can be fixed in next update) NOTE: https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc NOTE: https://github.com/koajs/koa/issues/1800 NOTE: https://github.com/expressjs/express/pull/5539 NOTE: https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd (4.19.0) NOTE: https://github.com/expressjs/express/commit/da4d763ff6ba9df6dbd8f1f0b1d05412dda934d5 (4.19.2) NOTE: https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) NOT-FOR-US: Cobub Razor CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...) NOT-FOR-US: Rockwell Automation CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of Content Man ...) NOT-FOR-US: Microfocus CVE-2024-1745 (The Testimonial Slider WordPress plugin before 2.3.7 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2024-0901 (Remotely executed SEGV and out of bounds read allows malicious packet ...) [experimental] - wolfssl 5.7.0-0.1 - wolfssl 5.7.0-0.3 (bug #1067799) [bookworm] - wolfssl (Minor issue) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/issues/7089 NOTE: https://github.com/wolfSSL/wolfssl/pull/7099 CVE-2024-0866 (The Check & Log Email plugin for WordPress is vulnerable to Unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2023-7232 (The Backup and Restore WordPress WordPress plugin through 1.45 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-51416 (Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple Env\x ...) NOT-FOR-US: WordPress plugin CVE-2023-49839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 al ...) - minidlna (bug #1068148; unimportant) NOTE: https://sourceforge.net/p/minidlna/bugs/361/ NOTE: TiVo support not enabled in the Debian builds CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs (Minor issue, will be fixed via point release) [bullseye] - emacs (Minor issue, will be fixed via point release) - org-mode 9.6.23+dfsg-1 (bug #1067663) [bookworm] - org-mode (Produces only a dependency binary package) [bullseye] - org-mode (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1 NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 (emacs-29.3) NOTE: https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d (release_9.6.23) CVE-2024-30204 (In Emacs before 29.3, LaTeX preview is enabled by default for e-mail a ...) {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs (Minor issue, will be fixed via point release) [bullseye] - emacs (Minor issue, will be fixed via point release) - org-mode 9.6.23+dfsg-1 (bug #1067663) [bookworm] - org-mode (Produces only a dependency binary package) [bullseye] - org-mode (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1 NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c (emacs-29.3) NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages NOTE: making an empty dependency package only. CVE-2024-30203 (In Emacs before 29.3, Gnus treats inline MIME contents as trusted.) {DLA-3802-1 DLA-3801-1} - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs (Minor issue, will be fixed via point release) [bullseye] - emacs (Minor issue, will be fixed via point release) - org-mode 9.6.23+dfsg-1 (bug #1067663) [bookworm] - org-mode (Produces only a dependency binary package) [bullseye] - org-mode (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1 NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804 (emacs-29.3) CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turn ...) - emacs 1:29.3+1-1 (bug #1067630) [bookworm] - emacs (Minor issue, will be fixed via point release) [bullseye] - emacs (Vulnerable code not present) [buster] - emacs (Vulnerable code not present) - org-mode 9.6.23+dfsg-1 (bug #1067663) [bookworm] - org-mode (Produces only a dependency binary package) [bullseye] - org-mode (Vulnerable code not present) [buster] - org-mode (Vulnerable code not present; added in tag release_9.5) NOTE: https://www.openwall.com/lists/oss-security/2024/03/24/1 NOTE: https://lists.gnu.org/archive/html/info-gnu/2024-03/msg00005.html NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb NOTE: https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 (release_9.6.23) NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8abdbbee395f284f2262a89187d662eaf40080b1 (release_9.5) NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=bf9ec3d91a79414deac039f7bf83352a9b0a9a85 (emacs-28.0.90) NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages NOTE: making an empty dependency package only. CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mergen Software Quality Management System CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) NOT-FOR-US: Vehicle Monitoring platform system CMSV6 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) NOT-FOR-US: @thi.ng/paths CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) - netty 1:4.1.48-10 (bug #1068110) [bookworm] - netty (Minor issue, fix along with future update) [bullseye] - netty (Minor issue, fix along with future update) [buster] - netty (Minor issue, HTTP multipart DoS, fix along with future update) NOTE: https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v NOTE: https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c (netty-4.1.108.Final) NOTE: https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites. WP Crontr ...) NOT-FOR-US: WP Crontrol CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file u ...) NOT-FOR-US: Twenty CRM CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site scripting v ...) NOT-FOR-US: Twenty CRM CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before allows a r ...) NOT-FOR-US: PrestaShop module CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote attacker to ob ...) NOT-FOR-US: PrestaShop module CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remo ...) NOT-FOR-US: PrestaShop module CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) [bookworm] - node-katex (Minor issue) [bullseye] - node-katex (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329 NOTE: https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de (v0.16.10) CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) [bookworm] - node-katex (Minor issue) [bullseye] - node-katex (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h NOTE: https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 (v0.16.10) CVE-2024-28244 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) [bookworm] - node-katex (Minor issue) [bullseye] - node-katex (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc NOTE: https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 (v0.16.10) CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...) - node-katex 0.16.10+~cs6.1.0-1 (bug #1067805) [bookworm] - node-katex (Minor issue) [bullseye] - node-katex (Minor issue) NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10) CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) NOT-FOR-US: Espressif CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing ...) NOT-FOR-US: Dell CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to provide an XS ...) NOT-FOR-US: Kickdler CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch Network Sy ...) NOT-FOR-US: Bosch CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP). Navigation ...) NOT-FOR-US: OroPlatform CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A logged in ...) NOT-FOR-US: OroPlatform CVE-2021-47180 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/e0652f8bb44d6294eeeac06d703185357f25d50b (5.13-rc4) CVE-2021-47179 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/a421d218603ffa822a0b8045055c03eae394a7eb (5.13-rc4) CVE-2021-47178 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/70ca3c57ff914113f681e657634f7fbfa68e1ad1 (5.13-rc4) CVE-2021-47177 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/0ee74d5a48635c848c20f152d0d488bf84641304 (5.13-rc4) CVE-2021-47176 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.6-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 (5.13-rc4) CVE-2021-47175 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e70f7a11876a1a788ceadf75e9e5f7af2c868680 (5.13-rc4) CVE-2021-47174 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 (5.13-rc4) CVE-2021-47173 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/dcb4b8ad6a448532d8b681b5d1a7036210b622de (5.13-rc4) CVE-2021-47172 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f2a772c51206b0c3f262e4f6a3812c89a650191b (5.13-rc4) CVE-2021-47171 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 (5.13-rc4) CVE-2021-47170 (In the Linux kernel, the following vulnerability has been resolved: U ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de (5.13-rc4) CVE-2021-47169 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/016002848c82eeb5d460489ce392d91fe18c475c (5.13-rc4) CVE-2021-47168 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 (5.13-rc4) CVE-2021-47167 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/56517ab958b7c11030e626250c00b9b1a24b41eb (5.13-rc4) CVE-2021-47166 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/0d0ea309357dea0d85a82815f02157eb7fcda39f (5.13-rc4) CVE-2021-47165 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 (5.13-rc4) CVE-2021-47164 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/83026d83186bc48bb41ee4872f339b83f31dfc55 (5.13-rc4) CVE-2021-47163 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/04c26faa51d1e2fe71cf13c45791f5174c37f986 (5.13-rc4) CVE-2021-47162 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/b7df21cf1b79ab7026f545e7bf837bd5750ac026 (5.13-rc4) CVE-2021-47161 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/680ec0549a055eb464dce6ffb4bfb736ef87236e (5.13-rc4) CVE-2021-47160 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/474a2ddaa192777522a7499784f1d60691cd831a (5.13-rc4) CVE-2021-47159 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/a269333fa5c0c8e53c92b5a28a6076a28cde3e83 (5.13-rc4) CVE-2021-47158 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cec279a898a3b004411682f212215ccaea1cd0fb (5.13-rc4) CVE-2021-47153 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/e4d8716c3dcec47f1557024add24e1f3c09eb24b (5.13-rc4) CVE-2021-47152 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/29249eac5225429b898f278230a6ca2baa1ae154 (5.13-rc4) CVE-2021-47151 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a00593737f8bac2c9e97b696e7ff84a4446653e8 (5.13-rc4) CVE-2021-47150 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/619fee9eb13b5d29e4267cb394645608088c28a8 (5.13-rc4) CVE-2021-47149 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/52202be1cd996cde6e8969a128dc27ee45a7cb5e (5.13-rc3) CVE-2021-47148 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e5cc361e21648b75f935f9571d4003aaee480214 (5.13-rc4) CVE-2021-47147 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4 (5.13-rc4) CVE-2021-47146 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/020ef930b826d21c5446fdc9db80fd72a791bc21 (5.13-rc4) CVE-2021-47145 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d (5.13-rc3) CVE-2021-47144 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/fa7e6abc75f3d491bc561734312d065dc9dc2a77 (5.13-rc3) CVE-2021-47143 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/444d7be9532dcfda8e0385226c862fd7e986f607 (5.13-rc4) CVE-2021-47142 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 (5.13-rc3) CVE-2021-47141 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5218e919c8d06279884aa0baf76778a6817d5b93 (5.13-rc4) CVE-2021-47140 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d6177a6556f853785867e2ec6d5b7f4906f0d809 (5.13-rc4) CVE-2021-47139 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a289a7e5c1d49b7d47df9913c1cc81fb48fab613 (5.13-rc4) CVE-2021-47138 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 (5.13-rc4) CVE-2021-47137 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 (5.13-rc4) CVE-2021-47136 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9453d45ecb6c2199d72e73c993e9d98677a2801b (5.13-rc4) CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths via file ...) NOT-FOR-US: LG CVE-2024-2862 (This vulnerability allows remote attackers to reset the password of an ...) NOT-FOR-US: LG CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in cg6kwin ...) NOT-FOR-US: cg6kwin2k.sys CVE-2024-29194 (OneUptime is a solution for monitoring and managing online services. T ...) NOT-FOR-US: OneUptime CVE-2024-29188 (WiX toolset lets developers create installers for Windows Installer, t ...) NOT-FOR-US: WiX toolset (not same as wixl from src:msitools) CVE-2024-29187 (WiX toolset lets developers create installers for Windows Installer, t ...) NOT-FOR-US: WiX toolset (not same as wixl from src:msitools) CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) - ruby-carrierwave (Incomplete fix for CVE-2023-49090 not applied) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2 (v2.2.6) NOTE: CVE is for incomplete fix of CVE-2023-49090 CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in easy-popup-show all ...) NOT-FOR-US: WordPress plugin CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent una ...) NOT-FOR-US: HGW BL1500HM CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: openEuler aops-zeus CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: openEuler A-Tune-Collector CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: openEuler migration-tools CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: openEuler gala-gopher CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) NOT-FOR-US: Node web3 CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...) NOT-FOR-US: WordPress plugin CVE-2024-1232 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2024-1231 (The CM Download Manager WordPress plugin before 2.9.0 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) NOT-FOR-US: WordPress theme CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...) NOT-FOR-US: WordPress theme CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...) NOT-FOR-US: WordPress theme CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been classi ...) NOT-FOR-US: AwesomestCode LiveBot CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and ...) NOT-FOR-US: cyberaz0r WebRAT CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...) {DSA-5677-1} - ruby3.2 (bug #1067802) - ruby3.1 (bug #1067803) - ruby2.7 - ruby2.5 NOTE: https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ NOTE: https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d (v6.6.3) CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...) {DSA-5677-1} - ruby3.2 (Fixed before initial upload to Debian) - ruby3.1 (bug #1069966) - ruby2.7 - ruby2.5 NOTE: https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ NOTE: https://github.com/ruby/stringio/commit/a35268a3ac1b5f0058e5b7c1a041a7e86d9da067 (v3.0.3) NOTE: https://github.com/ruby/stringio/commit/c58c5f54f1eab99665ea6a161d29ff6a7490afc8 (v3.0.1.1) NOTE: https://github.com/ruby/stringio/commit/0e596524097706263d10900ca180898e4a8f5233 (v3.0.1.2) CVE-2024-30161 (In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be acce ...) - qt6-base (wasm target not built/buildable with Debian package, see bug #1068454) - qtbase-opensource-src (Only affects Qt6) - qtbase-opensource-src-gles (Only affects Qt6) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/544314 NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtbase.git;a=commit;h=a5b00cefef12999e9a213943855abe6bc0ab5365 CVE-2024-30156 (Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...) - varnish (bug #1068455) [bookworm] - varnish (Minor issue, too intrusive to backport) [bullseye] - varnish (Minor issue, too intrusive to backport) NOTE: https://varnish-cache.org/security/VSV00014.html NOTE: https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#cve-2024-30156 NOTE: https://github.com/varnishcache/varnish-cache/commit/c0201724f0280894ec714fe76fc26ba9831f0551 (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/727a5f80347545b6fc7a6aa48f9fb74e90528f0c (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/42a10e90015bd8a9cb1c7c2e0e313f8b5ae9ebe9 (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/eccb50837d61fcb5a6927eef94c570bd1d03c26d (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/0b82e00708b88f696af5881b7a19caf2144d13f7 (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/4938f05b318eb2daa2ccc89dafeed3126552c481 (varnish-7.5.0) NOTE: https://github.com/varnishcache/varnish-cache/commit/41ef373af53571a94ea8f73f0538322270799a84 (varnish-7.5.0) CVE-2024-2856 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2855 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) NOT-FOR-US: Tenda CVE-2024-2854 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) NOT-FOR-US: Tenda CVE-2024-2853 (A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It h ...) NOT-FOR-US: Tenda CVE-2024-2852 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) NOT-FOR-US: Tenda CVE-2024-2851 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) NOT-FOR-US: Tenda CVE-2024-2850 (A vulnerability was found in Tenda AC15 15.03.05.18 and classified as ...) NOT-FOR-US: Tenda CVE-2024-24725 (Gibbon through 26.0.00 allows remote authenticated users to conduct PH ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2024-23755 (ClickUp Desktop before 3.3.77 on macOS and Windows allows code injecti ...) NOT-FOR-US: ClickUp Desktop CVE-2020-36827 (The XAO::Web module before 1.84 for Perl mishandles < and > characters ...) NOT-FOR-US: XAO::Web Perl module CVE-2018-25100 (The Mojolicious module before 7.66 for Perl may leak cookies in certai ...) - libmojolicious-perl 7.71+dfsg-1 NOTE: https://github.com/mojolicious/mojo/pull/1192 NOTE: https://github.com/mojolicious/mojo/issues/1185 NOTE: https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149 (v7.66) CVE-2024-30187 (Anope before 2.0.15 does not prevent resetting the password of a suspe ...) - anope 2.0.15-1 [bookworm] - anope (Minor issue; due to apparmor bug not affecting default configurations) [bullseye] - anope (Minor issue) [buster] - anope (Minor issue; can be fixed in next update) NOTE: https://github.com/anope/anope/issues/351 NOTE: https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 (2.0.15) CVE-2024-2849 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple File Manager CVE-2024-24840 (Missing Authorization vulnerability in BdThemes Element Pack Elementor ...) NOT-FOR-US: WordPress plugin CVE-2024-24835 (Missing Authorization vulnerability in realmag777 BEAR.This issue affe ...) NOT-FOR-US: WordPress plugin CVE-2024-24832 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-1603 (paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision ...) NOT-FOR-US: PaddlePaddle CVE-2024-2832 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Shopping System CVE-2024-2688 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-2468 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-2326 (The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking ...) NOT-FOR-US: WordPress plugin CVE-2024-2202 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-2131 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-2025 (The "BuddyPress WooCommerce My Account Integration. Create WooCommerce ...) NOT-FOR-US: WordPress plugin CVE-2024-29190 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...) NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2024-29059 (.NET Framework Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29057 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26247 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1697 (The Custom WooCommerce Checkout Fields Editor plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1049 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...) NOT-FOR-US: lakernote EasyAdmin CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...) - jhead (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/Matthias-Wandel/jhead/issues/84 CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...) NOT-FOR-US: DedeCMS CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...) NOT-FOR-US: DedeCMS CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: DedeCMS CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...) NOT-FOR-US: DedeCMS CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...) NOT-FOR-US: CIGESv2 system CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...) NOT-FOR-US: CIGESv2 system CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...) NOT-FOR-US: CIGESv2 system CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...) NOT-FOR-US: CIGESv2 system CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...) NOT-FOR-US: CIGESv2 system CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...) NOT-FOR-US: CIGESv2 system CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...) NOT-FOR-US: CIGESv2 system CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...) NOT-FOR-US: LoadMaster CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...) NOT-FOR-US: LoadMaster CVE-2024-2228 (This vulnerability allows an authenticated user to perform a Lifecycle ...) NOT-FOR-US: Sailpoint CVE-2024-2227 (This vulnerability allows access to arbitrary files in the application ...) NOT-FOR-US: Sailpoint CVE-2024-29944 (An attacker was able to inject an event handler into a privileged obje ...) {DSA-5645-1 DLA-3775-1} - firefox 124.0.1-1 (bug #1067523) - firefox-esr 115.9.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29944 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-16/#CVE-2024-29944 CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write on a Ja ...) - firefox 124.0.1-1 (bug #1067523) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943 CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page ...) NOT-FOR-US: Logpoint CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Anchor CMS CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...) NOT-FOR-US: DIR-845L router CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...) NOT-FOR-US: DIR-845L router CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Anchor CMS CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...) NOT-FOR-US: Bref CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...) NOT-FOR-US: FreeScout CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...) NOT-FOR-US: FreeScout CVE-2024-29042 (Translate is a package that allows users to convert text to different ...) NOT-FOR-US: translate Node.js module CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...) NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...) - check-mk CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...) - moodle CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) NOT-FOR-US: Niushop B2B2C CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...) NOT-FOR-US: Niushop B2B2C CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...) NOT-FOR-US: snow snow CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...) NOT-FOR-US: Solidworks CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...) - check-mk CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...) - check-mk CVE-2023-4063 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...) NOT-FOR-US: HP CVE-2023-41099 (In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, ...) NOT-FOR-US: Windows installer in Atos Eviden CardOS API CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Tenda CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...) NOT-FOR-US: Tenda CVE-2024-2815 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) NOT-FOR-US: Tenda CVE-2024-2814 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been ra ...) NOT-FOR-US: Tenda CVE-2024-2813 (A vulnerability was found in Tenda AC15 15.03.20_multi. It has been de ...) NOT-FOR-US: Tenda CVE-2024-2812 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) NOT-FOR-US: Tenda CVE-2024-2811 (A vulnerability was found in Tenda AC15 15.03.20_multi and classified ...) NOT-FOR-US: Tenda CVE-2024-2810 (A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_mult ...) NOT-FOR-US: Tenda CVE-2024-2809 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2808 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2807 (A vulnerability classified as critical was found in Tenda AC15 15.03.0 ...) NOT-FOR-US: Tenda CVE-2024-2806 (A vulnerability classified as critical has been found in Tenda AC15 15 ...) NOT-FOR-US: Tenda CVE-2024-2805 (A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It ...) NOT-FOR-US: Tenda CVE-2024-2780 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2779 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2778 (A vulnerability was found in Campcodes Online Marriage Registration Sy ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2777 (A vulnerability has been found in Campcodes Online Marriage Registrati ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2776 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2775 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2774 (A vulnerability classified as critical was found in Campcodes Online M ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2773 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Online Marriage Registration System CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2767 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...) NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2766 (A vulnerability has been found in Campcodes Complete Online Beauty Par ...) NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System CVE-2024-2764 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2763 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2500 (The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress theme CVE-2024-2453 (There is an SQL injection vulnerability in Advantech WebAccess/SCADA s ...) NOT-FOR-US: Advantech CVE-2024-2392 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2080 (The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-29275 (SQL injection vulnerability in SeaCMS version 12.9, allows remote unau ...) NOT-FOR-US: SeaCMS CVE-2024-29273 (There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 ...) NOT-FOR-US: dzzoffice CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, a ...) NOT-FOR-US: VvvebJs CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...) NOT-FOR-US: VvvebJs CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...) NOT-FOR-US: Meshery CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.) NOT-FOR-US: Delta Electronics CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no ...) - node-tar 6.1.13+~cs7.0.5-2 [bookworm] - node-tar (Minor issue) [bullseye] - node-tar (Minor issue) [buster] - node-tar (Minor issue) NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 NOTE: https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 (v6.2.1) CVE-2024-28756 (The SolarEdge mySolarEdge application before 2.20.1 for Android has a ...) NOT-FOR-US: SolarEdge mySolarEdge CVE-2024-28521 (SQL Injection vulnerability in Netcome NS-ASG Application Security Gat ...) NOT-FOR-US: Netcome NS-ASG Application Security Gateway CVE-2024-28441 (File Upload vulnerability in magicflue v.7.0 and before allows a remot ...) NOT-FOR-US: magicflue CVE-2024-28171 (It is possible to perform a path traversal attack and write outside of ...) NOT-FOR-US: Delta Electronics CVE-2024-28119 (Grav is an open-source, flat-file content management system. Prior to ...) NOT-FOR-US: Grav CMS CVE-2024-28118 (Grav is an open-source, flat-file content management system. Prior to ...) NOT-FOR-US: Grav CMS CVE-2024-28117 (Grav is an open-source, flat-file content management system. Prior to ...) NOT-FOR-US: Grav CMS CVE-2024-28116 (Grav is an open-source, flat-file content management system. Grav CMS ...) NOT-FOR-US: Grav CMS CVE-2024-28045 (Improper neutralization of input within the affected product could lea ...) NOT-FOR-US: Delta Electronics CVE-2024-28040 (SQL injection vulnerability exists in GetDIAE_astListParameters.) NOT-FOR-US: Delta Electronics CVE-2024-28029 (Privileges are not fully verified server-side, which can be abused by ...) NOT-FOR-US: Delta Electronics CVE-2024-27921 (Grav is an open-source, flat-file content management system. A file up ...) NOT-FOR-US: Grav CMS CVE-2024-26557 (Codiad v2.8.4 allows reflected XSS via the components/market/dialog.ph ...) NOT-FOR-US: Codiad CVE-2024-25937 (SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.) NOT-FOR-US: Delta Electronics CVE-2024-25808 (Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1. ...) NOT-FOR-US: Lychee CVE-2024-25807 (Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remot ...) NOT-FOR-US: Lychee CVE-2024-25567 (Path traversal attack is possible and write outside of the intended di ...) NOT-FOR-US: Delta Electronics CVE-2024-24272 (An issue in iTop DualSafe Password Manager & Digital Vault before 1.4. ...) NOT-FOR-US: iTop DualSafe Password Manager & Digital Vault CVE-2024-23975 (SQL injection vulnerability exists in GetDIAE_slogListParameters.) NOT-FOR-US: Delta Electronics CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.) NOT-FOR-US: Delta Electronics CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) NOT-FOR-US: WordPress plugin CVE-2023-42956 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially ...) NOT-FOR-US: Claris FileMaker Server CVE-2023-42950 (A use after free issue was addressed with improved memory management. ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...) NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...) NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S, affecting ...) NOT-FOR-US: Planet IGS-4215-16T2S CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC server de ...) {DLA-3778-1} - libvirt 10.2.0-1 (bug #1067461) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270115 NOTE: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/ NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3ff885b15557f2 (v10.2.0-rc1) CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to redirect u ...) NOT-FOR-US: CDeX CVE-2024-2464 (This issue occurs during password recovery, where a difference in mess ...) NOT-FOR-US: CDeX CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...) NOT-FOR-US: CDeX CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...) NOT-FOR-US: OpenBSD/FreeBSD CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...) NOT-FOR-US: dormakaba Saflok system CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) NOT-FOR-US: Sentrifugo CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) NOT-FOR-US: Sentrifugo CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...) NOT-FOR-US: Sentrifugo CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/in ...) NOT-FOR-US: Sentrifugo CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) NOT-FOR-US: Sentrifugo CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) NOT-FOR-US: Sentrifugo CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) NOT-FOR-US: Sentrifugo CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...) NOT-FOR-US: Sentrifugo CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) NOT-FOR-US: Sentrifugo CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...) NOT-FOR-US: Sentrifugo CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Inco ...) NOT-FOR-US: Datalust Seq CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewe ...) NOT-FOR-US: SCAN_VISIO eDocument Suite Web Viewer of Abast CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...) - moodle CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) NOT-FOR-US: Shenzhen Libituo Technology CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...) NOT-FOR-US: Shenzhen Libituo Technology CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...) NOT-FOR-US: Node webpack-dev-middleware CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...) NOT-FOR-US: ESPHome CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) NOT-FOR-US: TOTOLINK CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27993 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27990 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27985 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-27970 (Missing Authorization vulnerability in BogdanFix WP SendFox.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-27969 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27968 (Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page ...) NOT-FOR-US: WordPress plugin CVE-2024-27967 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DS ...) NOT-FOR-US: WordPress plugin CVE-2024-27966 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27965 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27964 (Unrestricted Upload of File with Dangerous Type vulnerability in Gesun ...) NOT-FOR-US: WordPress plugin CVE-2024-27963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27956 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-27683 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) NOT-FOR-US: D-Link CVE-2024-27277 (The private key for the IBM Storage Protect Plus Server 10.1.0 through ...) NOT-FOR-US: IBM CVE-2024-27190 (Missing Authorization vulnerability in Jean-David Daviet Download Medi ...) NOT-FOR-US: Jean-David Daviet Download Media CVE-2024-25935 (Missing Authorization vulnerability in Metagauss RegistrationMagic.Thi ...) NOT-FOR-US: WordPress plugin CVE-2024-25922 (Missing Authorization vulnerability in Peach Payments Peach Payments G ...) NOT-FOR-US: WordPress plugin CVE-2024-25912 (Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue a ...) NOT-FOR-US: WordPress plugin CVE-2024-25908 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...) NOT-FOR-US: WordPress plugin CVE-2024-25907 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...) NOT-FOR-US: WordPress plugin CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...) NOT-FOR-US: WordPress plugin CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand Post Fi ...) NOT-FOR-US: WordPress plugin CVE-2024-1727 (A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio ...) NOT-FOR-US: Gradio CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...) NOT-FOR-US: FunnelKit CVE-2023-51142 (An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-51141 (An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss Code E ...) NOT-FOR-US: WordPress plugin CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an ...) NOT-FOR-US: IBM CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8) CVE-2024-26642 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1 DSA-5658-1} - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8) CVE-2023-52620 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.4.4-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e26d3009efda338f19016df4175f354a9bd0a4ab (6.4) CVE-2024-29131 (Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...) - commons-configuration2 2.10.1-1 (bug #1067513) [bookworm] - commons-configuration2 (Minor issue) [bullseye] - commons-configuration2 (Minor issue) [buster] - commons-configuration2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/4 NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-840 NOTE: Fixed by: https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554 (commons-configuration-2.10.1-RC1) NOTE: Fixed by: https://github.com/apache/commons-configuration/commit/7d7d399d0598cb0ca5f81891de34694178156dab (commons-configuration-2.10.1-RC1) NOTE: Fixed by: https://github.com/apache/commons-configuration/commit/041094f820d1cfe0a2787c4ba194a3215d927b26 (commons-configuration-2.10.1-RC1) CVE-2024-29133 (Out-of-bounds Write vulnerability in Apache Commons Configuration.This ...) - commons-configuration2 2.10.1-1 (bug #1067514) [bookworm] - commons-configuration2 (Minor issue) [bullseye] - commons-configuration2 (Minor issue) [buster] - commons-configuration2 (Minor issue) NOTE: https://issues.apache.org/jira/browse/CONFIGURATION-841 NOTE: https://github.com/apache/commons-configuration/commit/43f4dab021e9acb8db390db2ae80aa0cee4f9ee4 (commons-configuration-2.10.1-RC1) NOTE: https://www.openwall.com/lists/oss-security/2024/03/20/3 CVE-2024-1394 (A memory leak flaw was found in Golang in the RSA encrypting/decryptin ...) NOT-FOR-US: golang-fips CVE-2024-26307 (Possible race condition vulnerability in Apache Doris. Some of code us ...) NOT-FOR-US: Apache Doris CVE-2024-27438 (Download of Code Without Integrity Check vulnerability in Apache Doris ...) NOT-FOR-US: Apache Doris CVE-2024-2754 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Complete E-Commerce Site CVE-2024-2748 (A Cross Site Request Forgery vulnerability was identified in GitHub En ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-2720 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2719 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2718 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2717 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2469 (An attacker with an Administrator role in GitHub Enterprise Server cou ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-2443 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-2162 (An OS Command Injection vulnerability in Kiloview NDI allows a low-pri ...) NOT-FOR-US: Kiloview CVE-2024-2161 (Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated ...) NOT-FOR-US: Kiloview CVE-2024-29864 (Distrobox before 1.7.0.1 allows attackers to execute arbitrary code vi ...) - distrobox 1.7.0.1-1 [bookworm] - distrobox (Minor issue) NOTE: https://github.com/89luca89/distrobox/issues/1275 NOTE: Fixed by: https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 (1.7.0.1) CVE-2024-29862 (The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4. ...) NOT-FOR-US: Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder CVE-2024-29859 (In MISP before 2.4.187, add_misp_export in app/Controller/EventsContro ...) NOT-FOR-US: MISP CVE-2024-29858 (In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsCo ...) NOT-FOR-US: MISP CVE-2024-29474 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: OneBlog CVE-2024-29473 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: OneBlog CVE-2024-29472 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: OneBlog CVE-2024-29471 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: OneBlog CVE-2024-29470 (OneBlog v2.3.4 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: OneBlog CVE-2024-29469 (A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 al ...) NOT-FOR-US: OneBlog CVE-2024-29037 (datahub-helm provides the Kubernetes Helm charts for deploying Datahub ...) NOT-FOR-US: Datahub Helm chart CVE-2024-29036 (Saleor Storefront is software for building e-commerce experiences. Pri ...) NOT-FOR-US: Saleor Storefront CVE-2024-29033 (OAuthenticator provides plugins for JupyterHub to use common OAuth pro ...) NOT-FOR-US: JupyterHub plugin CVE-2024-29032 (Qiskit IBM Runtime is an environment that streamlines quantum computat ...) NOT-FOR-US: IBM CVE-2024-29026 (Owncast is an open source, self-hosted, decentralized, single user liv ...) NOT-FOR-US: Owncast CVE-2024-29018 (Moby is an open source container framework that is a key component of ...) - docker.io (bug #1068460) [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx NOTE: https://github.com/moby/moby/pull/46609 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...) [experimental] - gnutls28 3.8.4-1 - gnutls28 3.8.4-2 (bug #1067463) [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue) [buster] - gnutls28 (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2269084 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1525 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1527 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2024-01-23 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d (3.8.4) NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/d268f19510a95f92d11d8f8dc7d94fcae4d765cc (3.7.0) CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...) [experimental] - gnutls28 3.8.4-1 - gnutls28 3.8.4-2 (bug #1067464) [bookworm] - gnutls28 (Minor issue) [bullseye] - gnutls28 (Minor issue) [buster] - gnutls28 (Vulnerable code not present) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1516 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/1c4701ffc342259fc5965d5a0de90d87f780e3e5 (3.8.4) NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/merge_requests/1051 (gnutls_3_6_10) CVE-2024-28635 (Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v. ...) NOT-FOR-US: SurveyJS Survey Creator CVE-2024-25294 (An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sens ...) NOT-FOR-US: REBUILD CVE-2024-24050 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Jou ...) NOT-FOR-US: Sourcecodester Workout Journal App CVE-2024-22724 (An issue was discovered in osCommerce v4, allows local attackers to by ...) NOT-FOR-US: osCommerce CVE-2024-1538 (The File Manager plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: WordPress plugin CVE-2024-1148 (Weak access control in OpenText PVCS Version Manager allows potential ...) NOT-FOR-US: OpenText CVE-2024-1147 (Weak access control in OpenText PVCS Version Manager allows potential ...) NOT-FOR-US: OpenText CVE-2023-48903 (Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpre ...) NOT-FOR-US: tramyardg autoexpress CVE-2023-48902 (An issue was discovered in tramyardg autoexpress version 1.3.0, allows ...) NOT-FOR-US: tramyardg autoexpress CVE-2023-48901 (A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, ...) NOT-FOR-US: tramyardg autoexpress CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) NOT-FOR-US: WordPress plugin CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) NOT-FOR-US: Tenda CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) NOT-FOR-US: Tenda CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) NOT-FOR-US: Tenda CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) NOT-FOR-US: Tenda CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) NOT-FOR-US: Tenda CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) NOT-FOR-US: Tenda CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) NOT-FOR-US: Tenda CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) NOT-FOR-US: Olive Themes Olive One Click Demo Import CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) NOT-FOR-US: Umbraco CVE-2024-28735 (Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incor ...) NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) NOT-FOR-US: PrestaShop module CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) NOT-FOR-US: PrestaShop module CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) NOT-FOR-US: PrestaShop module CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) [experimental] - fastdds 2.14.0+ds-1 - fastdds 2.14.0+ds-2 (bug #1067393) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) NOT-FOR-US: Jupyter Server Proxy CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) NOT-FOR-US: Zulip CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) NOT-FOR-US: Draytek Vigor3910 devices CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23640 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-23634 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2024-1992 REJECTED CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) NOT-FOR-US: Progress Telerik Reporting CVE-2024-1811 (A potential vulnerability has been identified in OpenText ArcSight Pla ...) NOT-FOR-US: OpenText CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) NOT-FOR-US: Progress Telerik Reporting CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q1 (1 ...) NOT-FOR-US: Progress Telerik Reporting CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd ...) NOT-FOR-US: WordPress plugin CVE-2023-51445 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2023-51444 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...) - jose 13-1 (bug #1067457) NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md NOTE: https://github.com/latchset/jose/issues/151 NOTE: Fixed by: https://github.com/latchset/jose/commit/4ee7708bf6dbfaa712749f081eec1f0d122fa001 (v13) CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 and ve ...) - firebird3.0 (Vulnerable code not present) NOTE: https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692 CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2022-4963 (A vulnerability was found in Folio Spring Module Core up to 1.1.5. It ...) NOT-FOR-US: Folio Spring Module Core CVE-2024-2631 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2630 (Inappropriate implementation in iOS in Google Chrome prior to 123.0.63 ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2629 (Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 a ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2628 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2627 (Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allow ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2626 (Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312 ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2625 (Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 a ...) {DSA-5648-1} - chromium 123.0.6312.58-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2647 (A vulnerability, which was classified as critical, has been found in N ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2646 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2645 (A vulnerability classified as problematic has been found in Netentsec ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2644 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2642 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) NOT-FOR-US: Ruijie CVE-2024-2641 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) NOT-FOR-US: Ruijie CVE-2024-2538 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-2474 (The Standout Color Boxes and Buttons plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-2460 (The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-2459 (The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Contact F ...) NOT-FOR-US: WordPress plugin CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) NOT-FOR-US: WordPress plugin CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) NOT-FOR-US: WordPress plugin CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) NOT-FOR-US: Chirp Access CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream, low severity DoS in user interactive software) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...) NOT-FOR-US: KnowBand spinwheel CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_act fu ...) NOT-FOR-US: KnowBand spinwheel CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...) NOT-FOR-US: UBEE DDW365 XCNDDW365 CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...) NOT-FOR-US: Koha Library Management System CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) NOT-FOR-US: Spring Authorization Server CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22084 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22083 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22082 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22081 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22080 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22079 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22078 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22077 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-1995 (The Smart Custom Fields plugin for WordPress is vulnerable to unauthor ...) NOT-FOR-US: WordPress plugin CVE-2024-1983 (The Simple Ajax Chat WordPress plugin before 20240223 does not preven ...) NOT-FOR-US: WordPress plugin CVE-2024-1844 (The RevivePress \u2013 Keep your Old Content Evergreen plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-1799 (The GamiPress \u2013 The #1 gamification plugin to reward points, achi ...) NOT-FOR-US: WordPress plugin CVE-2024-1787 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-1785 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1711 (The Create by Mediavine plugin for WordPress is vulnerable to SQL Inje ...) NOT-FOR-US: WordPress plugin CVE-2024-1477 (The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensit ...) NOT-FOR-US: WordPress plugin CVE-2024-1473 (The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1379 (The Website Article Monetization By MageNet plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-1325 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1205 (The Management App for WooCommerce \u2013 Order notifications, Order m ...) NOT-FOR-US: WordPress plugin CVE-2024-1181 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1119 (The Order Tip for WooCommerce plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-0856 (The Appointment Booking Calendar WordPress plugin before 1.3.83 does n ...) NOT-FOR-US: WordPress plugin CVE-2024-0337 (The Travelpayouts: All Travel Brands in One Place WordPress plugin thr ...) NOT-FOR-US: WordPress plugin CVE-2023-7246 (The System Dashboard WordPress plugin before 2.8.10 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2023-50811 (An issue discovered in SELESTA Visual Access Manager 4.38.6 allows att ...) NOT-FOR-US: SELESTA Visual Access Manager CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory Management Sys ...) NOT-FOR-US: Bdtask Wholesale Inventory Management System CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been found on Cegid M ...) NOT-FOR-US: Meta4 HR CVE-2024-2635 (The configuration pages available are not intended to be placed on an ...) NOT-FOR-US: Meta4 HR CVE-2024-2634 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...) NOT-FOR-US: Meta4 HR CVE-2024-2633 (A Cross-Site Scripting Vulnerability has been found on Meta4 HR affect ...) NOT-FOR-US: Meta4 HR CVE-2024-2632 (A Information Exposure Vulnerability has been found on Meta4 HR. This ...) NOT-FOR-US: Meta4 HR CVE-2024-2545 REJECTED CVE-2024-2442 (Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path ...) NOT-FOR-US: Franklin Fueling System CVE-2024-2307 (A flaw was found in osbuild-composer. A condition can be triggered tha ...) NOT-FOR-US: osbuild-composer CVE-2024-2169 (Implementations of UDP application protocol are vulnerable to network ...) NOT-FOR-US: Various UDP implementations CVE-2024-29143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29141 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29140 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29139 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29136 (Deserialization of Untrusted Data vulnerability in Themefic Tourfic.Th ...) NOT-FOR-US: WordPress plugin CVE-2024-29135 (Unrestricted Upload of File with Dangerous Type vulnerability in Tourf ...) NOT-FOR-US: WordPress plugin CVE-2024-29134 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29130 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29129 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29126 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29117 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29116 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29115 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29114 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29113 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29111 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29109 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29108 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29106 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29103 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29099 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29096 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29095 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29093 (Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Build ...) NOT-FOR-US: WordPress plugin CVE-2024-29092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-29027 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2024-28734 (Cross Site Scripting vulnerability in Unit4 Financials by Coda prior t ...) NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28595 (SQL Injection vulnerability in Employee Management System v1.0 allows ...) NOT-FOR-US: Employee Management System CVE-2024-28394 (An issue in Advanced Plugins reportsstatistics v1.3.20 and before allo ...) NOT-FOR-US: PrestaShop module CVE-2024-28303 (Open Source Medicine Ordering System v1.0 was discovered to contain a ...) NOT-FOR-US: Open Source Medicine Ordering System CVE-2024-27998 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27997 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27996 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-21677 (This High severity Path Traversal vulnerability was introduced in vers ...) NOT-FOR-US: Confluence Data Center CVE-2024-1401 (The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 doe ...) NOT-FOR-US: WordPress plugin CVE-2024-1146 (Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects ...) NOT-FOR-US: Devklan's Alma Blog CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that affects ver ...) NOT-FOR-US: Devklan's Alma Blog CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that affe ...) NOT-FOR-US: Devklan's Alma Blog CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...) {DLA-3772-1 DLA-3771-1} - pypy3 7.3.16+dfsg-1 [bookworm] - pypy3 (Minor issue) [bullseye] - pypy3 (Minor issue) - python3.12 3.12.2-1 - python3.11 3.11.8-1 (bug #1070133) [bookworm] - python3.11 (Minor issue) - python3.10 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) NOTE: https://github.com/python/cpython/pull/110016 NOTE: https://github.com/python/cpython/issues/109858 NOTE: https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba (v3.13.0a3) NOTE: https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b (v3.12.2) NOTE: https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 (v3.11.8) NOTE: https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 (v3.10.14) NOTE: https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 (v3.9.19) NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` class ...) {DLA-3772-1} - python3.12 3.12.1-1 - python3.11 3.11.8-1 (bug #1070135) [bookworm] - python3.11 (Minor issue) - python3.10 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 (tempfile.TemporaryDirectory added in 3.2) - pypy3 7.3.13+dfsg-1 [bookworm] - pypy3 (Minor issue) [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/pull/99930 NOTE: https://github.com/python/cpython/issues/91133 NOTE: https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 (v3.12.1) NOTE: https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 (v3.11.8) NOTE: https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 (v3.10.14) NOTE: https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b (v3.9.19) NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/ NOTE: Introduced by: https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c (v3.8.0b1) CVE-2023-50966 (erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow atta ...) - erlang-jose (bug #1067456) NOTE: https://github.com/potatosalad/erlang-jose/issues/156 NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md CVE-2023-4426 REJECTED CVE-2023-44092 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Pandora FMS CVE-2023-44091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Pandora FMS CVE-2023-44090 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Pandora FMS CVE-2023-42920 (Claris International has fixed a dylib hijacking vulnerability in the ...) NOT-FOR-US: Claris International CVE-2023-41793 (: Path Traversal vulnerability in Pandora FMS on all allows Path Trave ...) NOT-FOR-US: Pandora FMS CVE-2023-40279 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...) NOT-FOR-US: OpenClinic GA CVE-2023-40278 (An issue was discovered in OpenClinic GA 5.247.01. An Information Disc ...) NOT-FOR-US: OpenClinic GA CVE-2023-32260 (Misinterpretation of Input vulnerability in OpenText\u2122 Service Man ...) NOT-FOR-US: OpenText CVE-2023-32259 (Insufficient Granularity of Access Control vulnerability in OpenText\u ...) NOT-FOR-US: OpenText CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could allow a ...) NOT-FOR-US: Apache Wicket CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...) NOT-FOR-US: Apache Hop Engine CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2616 CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs showed e ...) - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615 CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2614 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2614 CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; this c ...) - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613 CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2612 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612 CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2611 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611 CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610 CVE-2024-2609 (The permission prompt input delay could expire while the window is not ...) {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1} - firefox 124.0-1 - firefox-esr 115.10.0esr-1 - thunderbird 1:115.10.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-2609 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2608 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608 CVE-2024-2607 (Return registers were overwritten which could have allowed an attacker ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2607 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2607 CVE-2024-2606 (Passing invalid data could have led to invalid wasm values being creat ...) - firefox 124.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2606 CVE-2024-2605 (An attacker could have leveraged the Windows Error Reporter to run arb ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2605 CVE-2024-2622 (A vulnerability was found in Fujian Kelixin Communication Command and ...) NOT-FOR-US: Fujian CVE-2024-2621 (A vulnerability was found in Fujian Kelixin Communication Command and ...) NOT-FOR-US: Fujian CVE-2024-2620 (A vulnerability has been found in Fujian Kelixin Communication Command ...) NOT-FOR-US: Fujian CVE-2024-2604 (A vulnerability was found in SourceCodester File Manager App 1.0. It h ...) NOT-FOR-US: SourceCodester CVE-2024-28865 (django-wiki is a wiki system for Django. Installations of django-wiki ...) NOT-FOR-US: django-wiki CVE-2024-28864 (SecureProps is a PHP library designed to simplify the encryption and d ...) NOT-FOR-US: SecureProps CVE-2024-28855 (ZITADEL, open source authentication management software, uses Go templ ...) NOT-FOR-US: Zitadel CVE-2024-28447 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) NOT-FOR-US: Shenzhen Libituo Technology Co CVE-2024-28446 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discove ...) NOT-FOR-US: Shenzhen Libituo Technology Co CVE-2024-28250 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-28249 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-28248 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - octoprint (bug #718591) CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...) [experimental] - fastdds 2.14.0+ds-1 - fastdds 2.14.0+ds-2 (bug #1067180) NOTE: https://github.com/eProsima/Fast-DDS/issues/4365 NOTE: https://github.com/eProsima/Fast-DDS/pull/4375 CVE-2024-25942 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...) NOT-FOR-US: Dell CVE-2024-24578 (RaspberryMatic is an open-source operating system for HomeMatic intern ...) NOT-FOR-US: RaspberryMatic CVE-2024-24043 (Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and befo ...) NOT-FOR-US: Speedy11CZ MCRPX CVE-2024-24042 (Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and bef ...) NOT-FOR-US: Devan-Kerman ARRP CVE-2024-23333 (LDAP Account Manager (LAM) is a webfrontend for managing entries store ...) - ldap-account-manager 8.7-1 (bug #1067179) [bookworm] - ldap-account-manager (Minor issue) [bullseye] - ldap-account-manager (Minor issue) NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv CVE-2024-22453 (Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulne ...) NOT-FOR-US: Dell CVE-2024-22412 (ClickHouse is an open-source column-oriented database management syste ...) - clickhouse (bug #1067178) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue; can be fixed in next update) NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r NOTE: https://github.com/ClickHouse/ClickHouse/pull/58611 CVE-2024-21504 (Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 ...) NOT-FOR-US: livewire CVE-2024-21503 (Versions of the package black before 24.3.0 are vulnerable to Regular ...) - black 24.4.0-1 (bug #1067177) [bookworm] - black (Minor issue) [bullseye] - black (Minor issue) [buster] - black (Minor issue; can be fixed in next update) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 NOTE: https://github.com/psf/black/releases/tag/24.3.0 NOTE: https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 (24.3.0) CVE-2024-0055 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) NOT-FOR-US: AXIS OS CVE-2024-0054 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) NOT-FOR-US: AXIS OS CVE-2023-40280 (An issue was discovered in OpenClinic GA 5.247.01. An attacker can per ...) NOT-FOR-US: OpenClinic GA CVE-2023-40277 (An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-S ...) NOT-FOR-US: OpenClinic GA CVE-2023-40276 (An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated ...) NOT-FOR-US: OpenClinic GA CVE-2023-40275 (An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval ...) NOT-FOR-US: OpenClinic GA CVE-2024-2599 (File upload restriction evasion vulnerability in AMSS++ version 4.31. ...) NOT-FOR-US: AMSS++ CVE-2024-2598 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2597 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2596 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2595 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2594 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2593 (Vulnerability in AMSS++ version 4.31, which does not sufficiently enco ...) NOT-FOR-US: AMSS++ CVE-2024-2592 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2591 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2590 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2589 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2588 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2587 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2586 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2585 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2584 (Vulnerability in AMSS++ version 4.31 that allows SQL injection through ...) NOT-FOR-US: AMSS++ CVE-2024-2390 (As a part of Tenable\u2019s vulnerability disclosure program, a vulner ...) NOT-FOR-US: Tenable CVE-2024-2229 (CWE-502: Deserialization of Untrusted Data vulnerability exists that c ...) NOT-FOR-US: Schneider Electric CVE-2024-2052 (CWE-552: Files or Directories Accessible to External Parties vulnerabi ...) NOT-FOR-US: Schneider Electric CVE-2024-2051 (CWE-307: Improper Restriction of Excessive Authentication Attempts vul ...) NOT-FOR-US: Schneider Electric CVE-2024-2050 (CWE-79: Improper Neutralization of Input During Web Page Generation (\ ...) NOT-FOR-US: Schneider Electric CVE-2024-28550 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the file ...) NOT-FOR-US: Tenda CVE-2024-28547 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the fire ...) NOT-FOR-US: Tenda CVE-2024-28537 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page ...) NOT-FOR-US: Tenda CVE-2024-28039 (Improper restriction of XML external entity references vulnerability e ...) NOT-FOR-US: FitNesse CVE-2024-27937 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj NOTE: https://github.com/glpi-project/glpi/commit/d02c537d23cbb729fe18b87f71b3c6e84e9892da CVE-2024-27930 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/commit/1942b70b2422fff51822f6eb3af500c94760871e CVE-2024-27914 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r NOTE: https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95 CVE-2024-27774 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27773 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27772 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27771 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27770 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27769 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CW ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27768 (Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 - CWE- ...) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27767 (CWE-287: Improper Authentication may allow Authentication Bypass) NOT-FOR-US: Unitronics Unistream Unilogic CVE-2024-27104 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj NOTE: https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65 CVE-2024-27098 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w NOTE: https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484 CVE-2024-27096 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv NOTE: https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9 CVE-2024-26125 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26124 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26120 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26119 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26118 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26107 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26106 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26105 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26104 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26103 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26102 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26101 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26096 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26094 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26080 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26073 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26069 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26067 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26065 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26064 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26063 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26062 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26061 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26059 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26056 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26052 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26051 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26050 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26045 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26044 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26043 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26042 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26041 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26040 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26038 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26035 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26034 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26033 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26032 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26031 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26030 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-26028 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-25657 (An open redirect in the Login/Logout functionality of web management i ...) NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25656 (Improper input validation in AVSystem Unified Management Platform (UMP ...) NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25655 (Insecure storage of LDAP passwords in the authentication functionality ...) NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-25654 (Insecure permissions for log files of AVSystem Unified Management Plat ...) NOT-FOR-US: AVSystem Unified Management Platform (UMP) CVE-2024-22257 (In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5. ...) - libspring-security-2.0-java CVE-2024-21662 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-21661 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-21652 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-20768 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20767 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2024-20764 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2024-20763 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2024-20762 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2024-20761 (Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2024-20760 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20757 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2024-20756 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2024-20755 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-base ...) NOT-FOR-US: Adobe CVE-2024-20754 (Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrus ...) NOT-FOR-US: Adobe CVE-2024-20752 (Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After ...) NOT-FOR-US: Adobe CVE-2024-20746 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out- ...) NOT-FOR-US: Adobe CVE-2024-20745 (Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap- ...) NOT-FOR-US: Adobe CVE-2024-1753 (A flaw was found in Buildah (and subsequently Podman Build) which allo ...) - golang-github-containers-buildah 1.33.7+ds1-1 (bug #1067800) [bookworm] - golang-github-containers-buildah (Minor issue) [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf NOTE: at least podman will need a rebuild with a fixed buildah CVE-2024-1658 (The Grid Shortcodes WordPress plugin before 1.1.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2024-1606 (Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.2 ...) NOT-FOR-US: BMC CVE-2024-1605 (BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dyn ...) NOT-FOR-US: BMC CVE-2024-1604 (Improper authorization in the report management and creation module of ...) NOT-FOR-US: BMC CVE-2024-1333 (The Responsive Pricing Table WordPress plugin before 5.1.11 does not v ...) NOT-FOR-US: WordPress plugin CVE-2024-1331 (The Team Members WordPress plugin before 5.3.2 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2024-1013 (An out-of-bounds stack write flaw was found in unixODBC on 64-bit arch ...) - unixodbc (unimportant) NOTE: https://github.com/lurcher/unixODBC/pull/157 NOTE: Fixed by: https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1 NOTE: Only affects example code, not present in binary packages CVE-2024-0973 (The Widget for Social Page Feeds WordPress plugin before 6.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2024-0951 (The Advanced Social Feeds Widget & Shortcode WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2024-0858 (The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2024-0820 (The Jobs for WordPress plugin before 2.7.4 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2024-0780 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2024-0779 (The Enjoy Social Feed plugin for WordPress website WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2024-0719 (The Tabs Shortcode and Widget WordPress plugin through 1.17 does not v ...) NOT-FOR-US: WordPress plugin CVE-2024-0711 (The Buttons Shortcode and Widget WordPress plugin through 1.16 does no ...) NOT-FOR-US: WordPress plugin CVE-2024-0365 (The Fancy Product Designer WordPress plugin before 6.1.5 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-7236 (The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Inform ...) NOT-FOR-US: WordPress plugin CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...) NOT-FOR-US: WordPress plugin CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...) {DLA-3803-1} - astropy 5.3.3-1 [bookworm] - astropy (Minor issue) [bullseye] - astropy (Minor issue) NOTE: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf NOTE: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5 (v5.3.3) CVE-2024-26641 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/8d975c15c0cd744000ca386247432d57b21f9df0 (6.8-rc3) CVE-2024-26640 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/577e4432f3ac810049cb7e6b71f4d96ec7c6e894 (6.8-rc3) CVE-2024-26639 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f6564fce256a3944aa1bc76cb3c40e792d97c1eb (6.8-rc3) CVE-2024-26638 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/78fbb92af27d0982634116c7a31065f24d092826 (6.8-rc1) CVE-2024-26637 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/556857aa1d0855aba02b1c63bc52b91ec63fc2cc (6.8-rc2) CVE-2024-26636 (In the Linux kernel, the following vulnerability has been resolved: l ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/dad555c816a50c6a6a8a86be1f9177673918c647 (6.8-rc2) CVE-2024-26635 (In the Linux kernel, the following vulnerability has been resolved: l ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/e3f9bed9bee261e3347131764e42aeedf1ffea61 (6.8-rc2) CVE-2024-26634 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d09486a04f5da0a812c26217213b89a3b1acf836 (6.8-rc2) CVE-2024-26633 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/d375b98e0248980681e5e56b712026174d617198 (6.8-rc1) CVE-2024-26632 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7 (6.8-rc1) CVE-2024-26631 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e7ef287f07c74985f1bf2858bedc62bd9ebf155 (6.8-rc1) CVE-2023-52619 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/d49270a04623ce3c0afddbf3e984cb245aa48e9c (6.8-rc1) CVE-2023-52618 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/9e4bf6a08d1e127bcc4bd72557f2dfafc6bc7f41 (6.8-rc1) CVE-2023-52617 (In the Linux kernel, the following vulnerability has been resolved: P ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/df25461119d987b8c81d232cfe4411e91dcabe66 (6.8-rc1) CVE-2023-52616 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba3c5574203034781ac4231acf117da917efcd2a (6.8-rc1) CVE-2023-52615 (In the Linux kernel, the following vulnerability has been resolved: h ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/78aafb3884f6bc6636efcc1760c891c8500b9922 (6.8-rc1) CVE-2023-52614 (In the Linux kernel, the following vulnerability has been resolved: P ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 (6.8-rc1) CVE-2023-52613 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/15ef92e9c41124ee9d88b01208364f3fe1f45f84 (6.8-rc1) CVE-2023-52612 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/744e1885922a9943458954cfea917b31064b4131 (6.8-rc1) CVE-2023-52611 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/00384f565a91c08c4bedae167f749b093d10e3fe (6.8-rc1) CVE-2023-52610 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3f14b377d01d8357eba032b4cabc8c1149b458b6 (6.8-rc1) CVE-2023-52609 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/9a9ab0d963621d9d12199df9817e66982582d5a5 (6.8-rc1) CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...) NOT-FOR-US: Tenda CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task Managem ...) NOT-FOR-US: SourceCodester CVE-2024-2576 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2024-2575 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2024-2574 (A vulnerability classified as critical was found in SourceCodester Emp ...) NOT-FOR-US: SourceCodester CVE-2024-2573 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2024-2572 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester CVE-2024-2571 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester CVE-2024-2570 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester CVE-2024-2569 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classifi ...) NOT-FOR-US: JFinalCMS CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: AndroidWeatherApp CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...) - murano (bug #1068459) [bookworm] - murano (To be removed in point release) [bullseye] - murano (To be removed in point release) [buster] - murano (unmaintained upstream) NOTE: https://bugs.launchpad.net/murano/+bug/2048114 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0093 NOTE: No fix in Murano, but a change in src:yaql renders this unexploitable: NOTE: https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 (3.0.0) CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows installer/client/gui/static ...) NOT-FOR-US: danielmiessler/fabric CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which doe ...) NOT-FOR-US: Rocket.Chat.Audit CVE-2024-28745 (Improper export of Android application components issue exists in 'ABE ...) NOT-FOR-US: ABEMA App for Android CVE-2024-28128 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...) NOT-FOR-US: FitNesse CVE-2024-28125 (FitNesse all releases allows a remote authenticated attacker to execut ...) NOT-FOR-US: FitNesse CVE-2024-27974 (Cross-site request forgery vulnerability in FUJIFILM printers which im ...) NOT-FOR-US: FUJIFILM CVE-2024-27757 (flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XS ...) NOT-FOR-US: flusity CMS CVE-2024-24539 (FusionPBX before 5.2.0 does not validate a session.) NOT-FOR-US: FusionPBX CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vul ...) NOT-FOR-US: Komm.One CMS CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all releases, wh ...) NOT-FOR-US: FitNesse CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1. ...) NOT-FOR-US: Autodesk CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk DWG TrueVi ...) NOT-FOR-US: Autodesk CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers and scan ...) NOT-FOR-US: BROTHER CVE-2024-21824 (Improper authentication vulnerability in exists in multiple printers a ...) NOT-FOR-US: BROTHER CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x ...) {DLA-3774-1} - gross 1.0.2-4.1 (bug #1067115) [bookworm] - gross (Minor issue) [bullseye] - gross (Minor issue) NOTE: https://codeberg.org/bizdelnick/gross/commit/6403985fc1060e7aacea96e60535e1e7b0f6f193 (master) NOTE: https://codeberg.org/bizdelnick/gross/commit/3f5508cce2c49d216b163eb7b38ea72d5162c76e (1.0.4) NOTE: https://codeberg.org/bizdelnick/gross/wiki/Known-vulnerabilities#cve-2023-52159 CVE-2023-40747 (Directory traversal vulnerability exists in A.K.I Software's PMailServ ...) NOT-FOR-US: PMailServer2 CVE-2023-40160 (Directory traversal vulnerability exists in Mailing List Search CGI (p ...) NOT-FOR-US: PMailServer2 CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast Mail CGI ( ...) NOT-FOR-US: PMailServer2 CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs included in A ...) NOT-FOR-US: PMailServer2 CVE-2021-47157 (The Kossy module before 0.60 for Perl allows JSON hijacking because of ...) NOT-FOR-US: Kossy Perl module CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not properl ...) NOT-FOR-US: Net::IPAddress::Util Perl module CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...) - libnetwork-ipv4addr-perl [bookworm] - libnetwork-ipv4addr-perl (Minor issue) [bullseye] - libnetwork-ipv4addr-perl (Minor issue) [buster] - libnetwork-ipv4addr-perl (Minor issue, revisit when fix is available) NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-ipv4addrhttpsmetacpanorgreleasenet-ipv4addr CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not properly cons ...) {DLA-3770-1} - libnet-cidr-lite-perl 0.22-1 NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/#net-cidr-litehttpsmetacpanorgreleasenet-cidr-lite NOTE: https://github.com/stigtsp/Net-CIDR-Lite/commit/23b6ff0590dc279521863a502e890ef19a5a76fc (0.22) CVE-2018-25099 (In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and c ...) - libcryptx-perl 0.062-1 NOTE: https://github.com/DCIT/perl-CryptX/issues/47 NOTE: https://github.com/libtom/libtomcrypt/pull/451 NOTE: https://github.com/libtom/libtomcrypt/commit/2599618ca640bc5a506954f975be4109613366c6 NOTE: https://github.com/libtom/libtomcrypt/commit/27c472654c3fba983d74debad5a8fb21247f76db NOTE: https://github.com/libtom/libtomcrypt/commit/fd4d8fbc0558157276229202d2883d01f7bd56d8 NOTE: https://github.com/libtom/libtomcrypt/commit/9a1131da144ee1f93ccbcaf032f39d783495d3b9 NOTE: https://github.com/libtom/libtomcrypt/commit/7d8567695bfb991c84f09d4d3aabc4568fa0c835 NOTE: Fixed by: https://github.com/DCIT/perl-CryptX/commit/23f75413c0262ad26d2d980f7fb4731bea595e59 (v0.062) CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and ...) NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...) NOT-FOR-US: PandaXGO PandaX CVE-2024-2564 (A vulnerability was found in PandaXGO PandaX up to 20240310 and classi ...) NOT-FOR-US: PandaXGO PandaX CVE-2024-2563 (A vulnerability has been found in PandaXGO PandaX up to 20240310 and c ...) NOT-FOR-US: PandaXGO PandaX CVE-2024-2562 (A vulnerability, which was classified as critical, was found in PandaX ...) NOT-FOR-US: PandaXGO PandaX CVE-2024-2561 (A vulnerability, which was classified as critical, has been found in 7 ...) NOT-FOR-US: 74CMS CVE-2024-2560 (A vulnerability classified as problematic was found in Tenda AC18 15.0 ...) NOT-FOR-US: Tenda CVE-2024-2559 (A vulnerability classified as problematic has been found in Tenda AC18 ...) NOT-FOR-US: Tenda CVE-2024-2558 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-2557 (A vulnerability was found in kishor-23 Food Waste Management System 1. ...) NOT-FOR-US: kishor-23 Food Waste Management System CVE-2024-27961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27957 (Unrestricted Upload of File with Dangerous Type vulnerability in Pie R ...) NOT-FOR-US: WordPress plugin CVE-2024-25933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-25903 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-25591 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-24867 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-2556 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2555 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2554 (A vulnerability has been found in SourceCodester Employee Task Managem ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2024-2553 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Product Review Rating System CVE-2024-2547 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) NOT-FOR-US: Tenda CVE-2024-2546 (A vulnerability has been found in Tenda AC18 15.13.07.09 and classifie ...) NOT-FOR-US: Tenda CVE-2024-2535 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2534 (A vulnerability, which was classified as critical, was found in MAGESH ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2533 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2532 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2531 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2530 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2529 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2528 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2527 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2526 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2525 (A vulnerability, which was classified as problematic, was found in MAG ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2524 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2523 (A vulnerability classified as problematic was found in MAGESH-K21 Onli ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2522 (A vulnerability classified as critical has been found in MAGESH-K21 On ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2521 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2520 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2519 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2518 (A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Rese ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2517 (A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2516 (A vulnerability, which was classified as critical, was found in MAGESH ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2515 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-1857 (The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage ...) NOT-FOR-US: WooCommerce plugin CVE-2024-2467 (A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA ...) - libcrypt-openssl-rsa-perl (bug #1066969) [bookworm] - libcrypt-openssl-rsa-perl (Minor issue) [bullseye] - libcrypt-openssl-rsa-perl (Minor issue) [buster] - libcrypt-openssl-rsa-perl (Minor issue; side-channel timing attack) NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42 CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...) NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...) - ruby-rotp (Only affects the upstream build, permissions are correct for the deb) NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...) NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements) CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) NOT-FOR-US: TOTOLink CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...) NOT-FOR-US: TOTOLink CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) NOT-FOR-US: Mitel CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) NOT-FOR-US: Mitel CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...) NOT-FOR-US: WordPress plugin CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...) NOT-FOR-US: WordPress plugin CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...) NOT-FOR-US: WordPress plugin CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github ...) NOT-FOR-US: Gnuboard CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-23298 (A logic issue was addressed with improved state management.) NOT-FOR-US: Apple CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...) - python-djangorestframework-simplejwt (bug #1067641) [bookworm] - python-djangorestframework-simplejwt (Minor issue) NOTE: https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513 CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2024-22259 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...) NOT-FOR-US: WordPress plugin CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...) NOT-FOR-US: WordPress plugin CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) NOT-FOR-US: WordPress plugin CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...) NOT-FOR-US: WordPress plugin CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...) NOT-FOR-US: WordPress plugin CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...) NOT-FOR-US: WordPress plugin CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...) NOT-FOR-US: WordPress plugin CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce ...) NOT-FOR-US: WordPress plugin CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...) NOT-FOR-US: WordPress plugin CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...) NOT-FOR-US: WordPress plugin CVE-2023-36483 (Authorization bypass can be achieved by session ID prediction in MASmo ...) NOT-FOR-US: Carrier applications CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5) CVE-2021-47134 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/668a84c1bfb2b3fd5a10847825a854d63fac7baa (5.13-rc5) CVE-2021-47133 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5ad755fd2b326aa2bc8910b0eb351ee6aece21b1 (5.13-rc5) CVE-2021-47132 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b5941f066b4ca331db225a976dae1d6ca8cf0ae3 (5.13-rc5) CVE-2021-47131 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/c55dcdd435aa6c6ad6ccac0a4c636d010ee367a4 (5.13-rc5) CVE-2021-47130 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bcd9a0797d73eeff659582f23277e7ab6e5f18f3 (5.13-rc5) CVE-2021-47129 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1710eb913bdcda3917f44d383c32de6bdabfc836 (5.13-rc5) CVE-2021-47128 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ff40e51043af63715ab413995ff46996ecf9583f (5.13-rc5) CVE-2021-47127 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e102db780e1c14f10c70dafa7684af22a745b51d (5.13-rc5) CVE-2021-47126 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/821bbf79fe46a8b1d18aa456e8ed0a3c208c3754 (5.13-rc5) CVE-2021-47125 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/944d671d5faa0d78980a3da5c0f04960ef1ad893 (5.13-rc5) CVE-2021-47124 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82 (5.13-rc2) CVE-2021-47123 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/447c19f3b5074409c794b350b10306e1da1ef4ba (5.13-rc2) CVE-2021-47122 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/b53558a950a89824938e9811eddfc8efcd94e1bb (5.13-rc5) CVE-2021-47121 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/7f5d86669fa4d485523ddb1d212e0a2d90bd62bb (5.13-rc5) CVE-2021-47120 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4b4f6cecca446abcb686c6e6c451d4f1ec1a7497 (5.13-rc5) CVE-2021-47119 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/afd09b617db3786b6ef3dc43e28fe728cfea84df (5.13-rc5) CVE-2021-47118 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/0711f0d7050b9e07c44bc159bbc64ac0a1022c7f (5.13-rc5) CVE-2021-47117 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/082cd4ec240b8734a82a89ffb890216ac98fec68 (5.13-rc5) CVE-2021-47116 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/a8867f4e3809050571c98de7a2d465aff5e4daf5 (5.13-rc5) CVE-2021-47115 REJECTED CVE-2021-47114 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/6bba4471f0cc1296fe3c2089b9e52442d3074b2e (5.13-rc5) CVE-2021-47113 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/dc09ef3562726cd520c8338c1640872a60187af5 (5.13-rc5) CVE-2021-47112 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/8b79feffeca28c5459458fe78676b081e87c93a4 (5.13-rc2) CVE-2021-47111 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/107866a8eb0b664675a260f1ba0655010fac1e08 (5.13-rc6) CVE-2021-47110 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 5.10.46-1 NOTE: https://git.kernel.org/linus/c02027b5742b5aa804ef08a4a9db433295533046 (5.13-rc2) CVE-2021-47109 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f (5.13-rc7) CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) NOT-FOR-US: Logitech Logi Tune CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...) NOT-FOR-US: RaspAP raspap-webgui CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...) NOT-FOR-US: riendlyWrt firmware CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...) NOT-FOR-US: Tenda CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...) NOT-FOR-US: Tenda CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...) NOT-FOR-US: Tenda CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) - mattermost-server (bug #823556) CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...) - mattermost-server (bug #823556) CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...) - mattermost-server (bug #823556) CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...) NOT-FOR-US: tls-listener CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...) NOT-FOR-US: Snowflake Hive metastore connector CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...) NOT-FOR-US: TOTOLINK CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...) NOT-FOR-US: TOTOLINK CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...) NOT-FOR-US: TOTOLINK CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...) - gpac (bug #1068462) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2763 NOTE: https://github.com/gpac/gpac/commit/cb3c29809bddfa32686e3deb231a76af67b68e1e CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...) - gpac (bug #1068462) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2764 NOTE: https://github.com/gpac/gpac/commit/ae831621a08a64e3325ce532f8b78811a1581716 CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...) NOT-FOR-US: OpenMetadata CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...) NOT-FOR-US: CoreWCF CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...) - mattermost-server (bug #823556) CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...) NOT-FOR-US: projectdiscovery/nuclei CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...) NOT-FOR-US: WordPress plugin CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24975 (Uncontrolled Resource Consumption in Mattermost Mobile versions before ...) NOT-FOR-US: Mattermost Mobile CVE-2024-24827 (Discourse is an open source platform for community discussion. Without ...) NOT-FOR-US: Discourse CVE-2024-24748 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2023-7248 (Certain functionality in OpenText Vertica Management console might be ...) NOT-FOR-US: OpenText Vertica Management console CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...) NOT-FOR-US: Sciener locks' firmware CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...) NOT-FOR-US: Sciener-based locks CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...) NOT-FOR-US: Sciener server CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute ...) NOT-FOR-US: Sciener firmware CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...) NOT-FOR-US: TTLock App CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...) NOT-FOR-US: Sciener firmware CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...) NOT-FOR-US: TTLock App CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component ...) - designate NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249273 TODO: check, details unclear CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...) NOT-FOR-US: Fluid CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...) NOT-FOR-US: WordPress plugin CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...) NOT-FOR-US: WordPress plugin CVE-2023-51369 (Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize ...) NOT-FOR-US: WordPress plugin CVE-2023-50898 (Missing Authorization vulnerability in sirv.Com Sirv.This issue affect ...) NOT-FOR-US: WordPress plugin CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...) NOT-FOR-US: WordPress plugin CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to o ...) NOT-FOR-US: IBM CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be store ...) NOT-FOR-US: IBM CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attr ...) NOT-FOR-US: IBM CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...) NOT-FOR-US: Tenda CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as ...) NOT-FOR-US: Tenda CVE-2024-2483 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2482 (A vulnerability has been found in Surya2Developer Hostel Management Se ...) NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2481 (A vulnerability, which was classified as critical, was found in Surya2 ...) NOT-FOR-US: Surya2Developer Hostel Management Service CVE-2024-2480 (A vulnerability classified as critical was found in MHA Sistemas arMHA ...) NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2479 (A vulnerability classified as problematic has been found in MHA Sistem ...) NOT-FOR-US: MHA Sistemas arMHAzena CVE-2024-2478 (A vulnerability was found in BradWenqiang HR 2.0. It has been rated as ...) NOT-FOR-US: BradWenqiang HR CVE-2024-2399 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2256 (The oik plugin for WordPress is vulnerable to Stored Cross-Site Script ...) NOT-FOR-US: WordPress plugin CVE-2024-2249 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-2204 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service ( ...) NOT-FOR-US: Zemana AntiLogger CVE-2024-2180 (Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information ...) NOT-FOR-US: Zemana AntiLogger CVE-2024-28354 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) NOT-FOR-US: TRENDnet CVE-2024-28353 (There is a command injection vulnerability in the TRENDnet TEW-827DRU ...) NOT-FOR-US: TRENDnet CVE-2024-27756 (GLPI through 10.0.12 allows CSV injection by an attacker who is able t ...) - glpi NOTE: https://medium.com/%40cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 CVE-2024-26540 (A heap-based buffer overflow in Clmg before 3.3.3 can occur via a craf ...) - cimg (bug #1068153) [bookworm] - cimg (Minor issue) [bullseye] - cimg (Minor issue) [buster] - cimg (Minor issue; no rdeps) NOTE: https://github.com/GreycLab/CImg/issues/403 NOTE: https://github.com/GreycLab/CImg/commit/6a97a5209987e60fcce293ea102a068a88085098 (v.3.3.3) NOTE: https://github.com/GreycLab/CImg/commit/c214dfee22a3fedcfae48fba7645f7a819cc9385 (v.3.3.3) NOTE: https://github.com/GreycLab/CImg/commit/ec6a1f2183620a90b4dcf456813e597ade791dc6 (v.3.3.3) NOTE: https://github.com/GreycLab/CImg/commit/cb9c5518905ea370954a59903ff747650c6edd40 (v.3.3.3) CVE-2024-26503 (Unrestricted File Upload vulnerability in Greek Universities Network O ...) NOT-FOR-US: Greek Universities Network Open eClass CVE-2024-26475 (An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5 ...) - radare2 5.9.0+dfsg-1 NOTE: https://github.com/TronciuVlad/CVE-2024-26475 NOTE: https://github.com/radareorg/radare2/commit/8419d7d0cbe61c687dcb8a35de0acccb2ee4c220 (5.9.0) CVE-2024-26454 (A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7 ...) NOT-FOR-US: Healthcare-Chatbot CVE-2024-26246 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26163 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-25227 (SQL Injection vulnerability in ABO.CMS version 5.8, allows remote atta ...) NOT-FOR-US: ABO.CMS CVE-2024-1917 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-1916 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-1915 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) NOT-FOR-US: Mitsubishi CVE-2024-1853 (Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process ...) NOT-FOR-US: Zemana AntiLogger CVE-2024-1796 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plugin f ...) NOT-FOR-US: WordPress plugin CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed ...) - plv8 CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...) NOT-FOR-US: Softing CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...) NOT-FOR-US: Mitsubishi CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...) NOT-FOR-US: NETGEAR CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...) NOT-FOR-US: eyoucms CVE-2024-28054 (Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its ...) - amavisd-new 1:2.13.0-5 [bookworm] - amavisd-new (Minor issue; will be fixed via point release) [bullseye] - amavisd-new (Minor issue; will be fixed via point release) [buster] - amavisd-new (Minor issue; new configuration to spam-tag some broken e-mails; follow point release) NOTE: https://gitlab.com/amavis/amavis/commit/78c4b7076ebf1d711629a95860aae1bc0db5277a (v2.13.1) NOTE: https://gitlab.com/amavis/amavis/commit/d921bc5208ce5b4e8f3e387a1d4e1f8fa4e85008 (v2.13.1) NOTE: https://gitlab.com/amavis/amavis/commit/c6c4a4c27c60194b68b617b7d3cfb033d6c587e2 (v2.13.1) NOTE: Patched amavisd-new version can use MIME::Entity->ambiguous_content if available NOTE: to get help on detecting an an ambiguous email or use an own ambiguous_content NOTE: check if the available MIME::Tools are too old. CVE-2024-28752 (A SSRF vulnerability using the Aegis DataBinding in versions of Apache ...) NOT-FOR-US: Apache CXF CVE-2024-23944 (Information disclosure in persistent watchers handling in Apache ZooKe ...) - zookeeper 3.9.2-1 (bug #1066947) [bookworm] - zookeeper (Minor issue) [bullseye] - zookeeper (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/03/14/2 NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-4799 NOTE: Fixed by: https://github.com/apache/zookeeper/commit/65b91d2d9a56157285c2a86b106e67c26520b01d (release-3.8.4-0) NOTE: Fixed by: https://github.com/apache/zookeeper/commit/daf7cfd04005cff1a4f7cab5ab13d41db88d0cd8 (release-3.9.2-0) NOTE: Persistent (and p-recursive) watches were introduced by ZOOKEEPER-1416, which only exists in 3.6+. NOTE: See https://issues.apache.org/jira/browse/ZOOKEEPER-1416 NOTE: However, classical watches are used (<< 3.6), it seems that to trigger for nodes whose names are not NOTE: known in advance is not possible. Nevertheless classical watch leaks some information. CVE-2024-2746 (Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was t ...) NOT-FOR-US: dnf5daemon-server CVE-2024-1930 (No Limit on Number of Open Sessions / Bad Session Close Behaviour in ...) NOT-FOR-US: dnf5daemon-server CVE-2024-1929 (Local Root Exploit via Configuration Dictionary in dnf5daemon-serverb ...) NOT-FOR-US: dnf5daemon-server CVE-2024-2438 REJECTED CVE-2024-2437 REJECTED CVE-2024-28849 (follow-redirects is an open source, drop-in replacement for Node's `ht ...) - node-follow-redirects 1.15.6+~1.14.4-1 (bug #1066971) [bookworm] - node-follow-redirects (Minor issue) [bullseye] - node-follow-redirects (Minor issue) [buster] - node-follow-redirects (Follow-up to CVE-2022-0155) NOTE: https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp NOTE: https://github.com/psf/requests/issues/1885 NOTE: https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b (v1.15.6) CVE-2024-28425 (greykite v1.0.0 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: greykite CVE-2024-28424 (zenml v0.55.4 was discovered to contain an arbitrary file upload vulne ...) NOT-FOR-US: zenml CVE-2024-28423 (Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file up ...) NOT-FOR-US: Airflow-Diagrams CVE-2024-28418 (Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition ...) NOT-FOR-US: Webedition CMS CVE-2024-28417 (Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/ ...) NOT-FOR-US: Webedition CMS CVE-2024-28383 (Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2024-28323 (The bwdates-report-result.php file in Phpgurukul User Registration & L ...) NOT-FOR-US: Phpgurukul User Registration & Login and User Management System CVE-2024-28181 (turbo_boost-commands is a set of commands to help you build robust rea ...) NOT-FOR-US: turbo_boost-commands CVE-2024-27986 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27301 (Support App is an opensource application specialized in managing Apple ...) NOT-FOR-US: Support App CVE-2024-27266 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External ...) NOT-FOR-US: IBM CVE-2024-27265 (IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2024-25156 (A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 ...) NOT-FOR-US: GoAnywhere MFT CVE-2024-25139 (In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary ...) NOT-FOR-US: TP-Link CVE-2024-24770 (vantage6 is an open source framework built to enable, manage and deplo ...) NOT-FOR-US: vantage6 CVE-2024-24562 (vantage6-UI is the official user interface for the vantage6 server. In ...) NOT-FOR-US: vantage6 CVE-2024-23823 (vantage6 is an open source framework built to enable, manage and deplo ...) NOT-FOR-US: vantage6 CVE-2024-22346 (Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a loca ...) NOT-FOR-US: IBM CVE-2024-1998 REJECTED CVE-2024-1623 (Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone ...) NOT-FOR-US: FAST3686 V2 Vodafone router from Sagemcom CVE-2024-0313 (A malicious insider exploiting this vulnerability can circumvent exist ...) NOT-FOR-US: Trellix CVE-2024-0312 (A malicious insider can uninstall Skyhigh Client Proxy without a valid ...) NOT-FOR-US: Trellix CVE-2024-0311 (A malicious insider can bypass the existing policy of Skyhigh Client P ...) NOT-FOR-US: Trellix CVE-2023-50168 (Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF G ...) NOT-FOR-US: Pega Platform CVE-2023-42938 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-35191 (Uncontrolled resource consumption for some Intel(R) SPS firmware versi ...) NOT-FOR-US: Intel CVE-2023-32633 (Improper input validation in the Intel(R) CSME installer software befo ...) NOT-FOR-US: Intel CVE-2023-28389 (Incorrect default permissions in some Intel(R) CSME installer software ...) NOT-FOR-US: Intel CVE-2024-25395 (A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Threa ...) NOT-FOR-US: RT-Thread CVE-2024-25394 (A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread thro ...) NOT-FOR-US: RT-Thread CVE-2024-25393 (A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread ...) NOT-FOR-US: RT-Thread CVE-2024-25392 (An out-of-bounds access occurs in utilities/var_export/var_export.c in ...) NOT-FOR-US: RT-Thread CVE-2024-25391 (A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread ...) NOT-FOR-US: RT-Thread CVE-2024-25390 (A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in R ...) NOT-FOR-US: RT-Thread CVE-2024-25388 (drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer sig ...) NOT-FOR-US: RT-Thread CVE-2024-25389 (RT-Thread through 5.0.2 generates random numbers with a weak algorithm ...) NOT-FOR-US: RT-Thread CVE-2024-24335 (A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread ...) NOT-FOR-US: RT-Thread CVE-2024-24334 (A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through ...) NOT-FOR-US: RT-Thread CVE-2024-28746 (Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that ...) - airflow (bug #819700) CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...) - piwigo CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable module fo ...) NOT-FOR-US: PrestaShop module CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for PrestaShop b ...) NOT-FOR-US: PrestaShop module CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments module for P ...) NOT-FOR-US: PrestaShop module CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated table metada ...) NOT-FOR-US: Querybook CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) NOT-FOR-US: your_spotify CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) NOT-FOR-US: your_spotify CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...) NOT-FOR-US: Leantime CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...) NOT-FOR-US: Wings CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...) NOT-FOR-US: CKAN CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25651 (User enumeration can occur in the Authentication REST API in Delinea P ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4 and the D ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an attacker (wit ...) NOT-FOR-US: Delinea PAM Secret Server CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School Management Sy ...) NOT-FOR-US: code-projects Agro-School Management System CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authentic ...) NOT-FOR-US: Vinchin Backup and Recovery CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science Time Tab ...) NOT-FOR-US: Code-projects Computer Science Time Table System CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory (Path T ...) NOT-FOR-US: SonicWall CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: SonicWall CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...) NOT-FOR-US: SonicWall CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk PrivateAccess a ...) NOT-FOR-US: WesternDigital CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in the Pape ...) NOT-FOR-US: Papercut CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the PaperCut ...) NOT-FOR-US: Papercut CVE-2024-1882 (This vulnerability allows an already authenticated admin user to creat ...) NOT-FOR-US: Papercut CVE-2024-1654 (This vulnerability potentially allows unauthorized write operations wh ...) NOT-FOR-US: Papercut CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration of info ...) NOT-FOR-US: Papercut CVE-2024-1222 (This allows attackers to use a maliciously formed API request to gain ...) NOT-FOR-US: Papercut CVE-2024-1221 (This vulnerability potentially allows files on a PaperCut NG/MF server ...) NOT-FOR-US: Papercut CVE-2023-50726 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-41505 (An arbitrary file upload vulnerability in the Add Student's Profile Pi ...) NOT-FOR-US: Student Enrollment In PHP CVE-2023-41504 (SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows at ...) NOT-FOR-US: Student Enrollment In PHP CVE-2023-38536 (HTML injection inOpenText\u2122Exceed Turbo X affecting version 12.5.1 ...) NOT-FOR-US: OpenText CVE-2023-38535 (Use of Hard-coded Cryptographic Key vulnerability inOpenText\u2122Exce ...) NOT-FOR-US: OpenText CVE-2023-38534 (Improper authentication vulnerability inOpenText\u2122Exceed Turbo X a ...) NOT-FOR-US: OpenText CVE-2023-36238 (Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an a ...) NOT-FOR-US: Bagisto CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...) NOT-FOR-US: Palo Alto Networks CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...) NOT-FOR-US: Palo Alto Networks CVE-2024-2431 (An issue in the Palo Alto Networks GlobalProtect app enables a non-pri ...) NOT-FOR-US: Palo Alto Networks CVE-2024-2418 (A vulnerability was found in SourceCodester Best POS Management System ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2416 (Cross-Site Request Forgery vulnerability in Movistar's 4G router affec ...) NOT-FOR-US: Movistar CVE-2024-2415 (Command injection vulnerability in Movistar 4G router affecting versio ...) NOT-FOR-US: Movistar CVE-2024-2414 (The primary channel is unprotected on Movistar 4G router affecting E v ...) NOT-FOR-US: Movistar CVE-2024-2403 (Improper cleanup in temporary file handling component in Devolutions R ...) NOT-FOR-US: Devolutions CVE-2024-2293 (The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-2286 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...) NOT-FOR-US: WordPress plugin CVE-2024-2252 (The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library F ...) NOT-FOR-US: WordPress plugin CVE-2024-2247 (JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM ...) NOT-FOR-US: JFrog Artifactory CVE-2024-2239 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2238 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2237 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-2194 (The WP Statistics plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2024-2172 (The Malware Scanner plugin and the Web Application Firewall plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-2126 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-2123 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) NOT-FOR-US: WordPress plugin CVE-2024-2106 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) NOT-FOR-US: WordPress plugin CVE-2024-2030 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-2028 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-2020 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-2006 (The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Guten ...) NOT-FOR-US: WordPress plugin CVE-2024-2000 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-28684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28683 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: DedeCMS CVE-2024-28682 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28681 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28680 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28679 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: DedeCMS CVE-2024-28678 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28677 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28676 (DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: DedeCMS CVE-2024-28675 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28673 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28672 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28671 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28670 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28669 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28668 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28667 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28666 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28665 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28432 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28431 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28430 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28429 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: DedeCMS CVE-2024-28196 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) NOT-FOR-US: your_spotify CVE-2024-28195 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) NOT-FOR-US: your_spotify CVE-2024-28194 (your_spotify is an open source, self hosted Spotify tracking dashboard ...) NOT-FOR-US: your_spotify CVE-2024-27953 (Missing Authorization vulnerability in Cool Plugins Cryptocurrency Wid ...) NOT-FOR-US: WordPress plugin CVE-2024-27952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-27441 REJECTED CVE-2024-26630 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3a75cb05d53f4a6823a32deb078de1366954a804 (6.8-rc7) CVE-2024-26629 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/edcf9725150e42beeca42d085149f4c88fa97afd (6.8-rc2) CVE-2024-25155 (In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server ...) NOT-FOR-US: FileCatalyst Direct CVE-2024-25154 (Improper URL validation leads to path traversal in FileCatalyst Direct ...) NOT-FOR-US: FileCatalyst Direct CVE-2024-25153 (A directory traversal within the \u2018ftpservlet\u2019 of the FileCat ...) NOT-FOR-US: FileCatalyst CVE-2024-25101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25099 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25097 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client for Win ...) NOT-FOR-US: Zoom CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) {DSA-5667-1 DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg NOTE: https://github.com/apache/tomcat/commit/d07c82194edb69d99b438828fe2cbfadbb207843 (10.1.19) NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) {DSA-5667-1 DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066877) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f NOTE: https://github.com/apache/tomcat/commit/0052b374684b613b0c849899b325ebe334ac6501 (10.1.19) NOTE: https://github.com/apache/tomcat/commit/52d6650e062d880704898d7d8c1b2b7a3efe8068 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-20327 (A vulnerability in the PPP over Ethernet (PPPoE) termination feature o ...) NOT-FOR-US: Cisco CVE-2024-20322 (A vulnerability in the access control list (ACL) processing on Pseudow ...) NOT-FOR-US: Cisco CVE-2024-20320 (A vulnerability in the SSH client feature of Cisco IOS XR Software for ...) NOT-FOR-US: Cisco CVE-2024-20319 (A vulnerability in the UDP forwarding code of Cisco IOS XR Software co ...) NOT-FOR-US: Cisco CVE-2024-20318 (A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Softw ...) NOT-FOR-US: Cisco CVE-2024-20315 (A vulnerability in the access control list (ACL) processing on MPLS in ...) NOT-FOR-US: Cisco CVE-2024-20266 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...) NOT-FOR-US: Cisco CVE-2024-20262 (A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of ...) NOT-FOR-US: Cisco CVE-2024-1997 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1996 (The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1985 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1951 (The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Gr ...) NOT-FOR-US: WordPress plugin CVE-2024-1950 (The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1935 (The Giveaways and Contests by RafflePress \u2013 Get More Website Traf ...) NOT-FOR-US: WordPress plugin CVE-2024-1894 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2024-1862 (The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2024-1854 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) NOT-FOR-US: WordPress plugin CVE-2024-1843 (The Auto Affiliate Links plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WordPress plugin CVE-2024-1806 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1793 (The AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2024-1772 (The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech ...) NOT-FOR-US: WordPress plugin CVE-2024-1763 (The Wp Social Login and Register Social Counter plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-1751 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-1723 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1691 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-1690 (The TeraWallet \u2013 Best WooCommerce Wallet System With Cashback Rew ...) NOT-FOR-US: WordPress plugin CVE-2024-1684 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin CVE-2024-1680 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1668 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-1642 (The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites M ...) NOT-FOR-US: WordPress plugin CVE-2024-1640 (The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form ...) NOT-FOR-US: WordPress plugin CVE-2024-1585 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-1541 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) NOT-FOR-US: WordPress plugin CVE-2024-1537 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1536 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1535 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1508 (The Prime Slider \u2013 Addons For Elementor plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1507 (The Prime Slider \u2013 Addons For Elementor plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1505 (The Academy LMS \u2013 eLearning and online course solution for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-1499 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-1497 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-1489 (The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2024-1484 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-1479 (The WP Show Posts plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: WordPress plugin CVE-2024-1462 (The Maintenance Page plugin for WordPress is vulnerable to Basic Infor ...) NOT-FOR-US: WordPress plugin CVE-2024-1452 (The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Inf ...) NOT-FOR-US: WordPress plugin CVE-2024-1422 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-1414 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1413 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1409 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1393 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-1392 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-1391 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-1383 (The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: WordPress plugin CVE-2024-1380 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-1370 (The Maintenance Page plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2024-1365 (The YML for Yandex Market plugin for WordPress is vulnerable to Reflec ...) NOT-FOR-US: WordPress plugin CVE-2024-1363 (The Easy Accordion \u2013 Best Accordion FAQ Plugin for WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1358 (The Elementor Addon Elements plugin for WordPress is vulnerable to Dir ...) NOT-FOR-US: WordPress plugin CVE-2024-1321 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1311 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to ar ...) NOT-FOR-US: WordPress plugin CVE-2024-1296 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1293 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1291 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1237 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-1234 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1203 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via ...) NOT-FOR-US: WordPress plugin CVE-2024-1176 (The HT Easy GA4 \u2013 Google Analytics WordPress Plugin plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-1158 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...) NOT-FOR-US: WordPress plugin CVE-2024-1127 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1126 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1083 (The Simple Restrict plugin for WordPress is vulnerable to Sensitive In ...) NOT-FOR-US: WordPress plugin CVE-2024-1080 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1074 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1071 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...) NOT-FOR-US: WordPress plugin CVE-2024-1038 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0976 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...) NOT-FOR-US: WordPress plugin CVE-2024-0898 (The Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages ...) NOT-FOR-US: WordPress plugin CVE-2024-0897 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0896 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0871 (The Beaver Builder plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-0839 (The FeedWordPress plugin for WordPress is vulnerable to Insecure Direc ...) NOT-FOR-US: WordPress plugin CVE-2024-0830 (The Comments Extra Fields For Post,Pages and CPT plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0829 (The Comments Extra Fields For Post,Pages and CPT plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0828 (The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech ...) NOT-FOR-US: WordPress plugin CVE-2024-0827 (The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech ...) NOT-FOR-US: WordPress plugin CVE-2024-0801 (A denial of service vulnerability exists in Arcserve Unified Data Prot ...) NOT-FOR-US: Arcserve Unified Data Protection CVE-2024-0800 (A path traversal vulnerability exists in Arcserve Unified Data Protect ...) NOT-FOR-US: Arcserve Unified Data Protection CVE-2024-0799 (An authentication bypass vulnerability exists in Arcserve Unified Data ...) NOT-FOR-US: Arcserve Unified Data Protection CVE-2024-0700 (The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-0687 (The Restrict User Access \u2013 Ultimate Membership & Content Protecti ...) NOT-FOR-US: WordPress plugin CVE-2024-0683 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-0681 (The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-0631 (The Duitku Payment Gateway plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-0614 (The Events Manager plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-0592 (The Related Posts for WordPress plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-0591 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) NOT-FOR-US: WordPress plugin CVE-2024-0449 (The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0447 (The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0385 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-0377 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-0369 (The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2024-0368 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plu ...) NOT-FOR-US: WordPress plugin CVE-2024-0326 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-0173 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...) NOT-FOR-US: Dell CVE-2024-0163 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCT ...) NOT-FOR-US: Dell CVE-2024-0162 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Imp ...) NOT-FOR-US: Dell CVE-2024-0161 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Imp ...) NOT-FOR-US: Dell CVE-2024-0154 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...) NOT-FOR-US: Dell CVE-2023-7015 (The File Manager Pro plugin for WordPress is vulnerable to Reflected C ...) NOT-FOR-US: WordPress plugin CVE-2023-6969 (The User Shortcodes Plus plugin for WordPress is vulnerable to Insecur ...) NOT-FOR-US: WordPress plugin CVE-2023-6957 (The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-6954 (The Download Manager Pro plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-6880 (The Visual Composer Website Builder, Landing Page Builder, Custom Them ...) NOT-FOR-US: WordPress plugin CVE-2023-6825 (The File Manager and File Manager Pro plugins for WordPress are vulner ...) NOT-FOR-US: WordPress plugin CVE-2023-6809 (The Custom fields shortcode plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-6785 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5663 (The News Announcement Scroll plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2023-52608 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/437a310b22244d4e0b78665c3042e5d1c0f45306 (6.8-rc2) CVE-2023-43043 (IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 cou ...) NOT-FOR-US: IBM CVE-2023-38723 (IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-sit ...) NOT-FOR-US: IBM CVE-2023-32335 (IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2018-25090 (An unauthenticated remote attacker can use an XSS attack due to improp ...) NOT-FOR-US: VDE CVE-2015-10123 (An unautheticated remote attacker could send specifically crafted pack ...) NOT-FOR-US: VDE CVE-2024-2413 (Intumit SmartRobot uses a fixed encryption key for authentication. Rem ...) NOT-FOR-US: Intumit SmartRobot CVE-2024-2412 (The disabling function of the user registration page for Heimavista Rp ...) NOT-FOR-US: Heimavista Rpage and Epage CVE-2024-2406 (A vulnerability, which was classified as critical, was found in Gacjie ...) NOT-FOR-US: Gacjie Server CVE-2024-2400 (Use after free in Performance Manager in Google Chrome prior to 122.0. ...) {DSA-5639-1} - chromium 122.0.6261.128-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2395 (The Bulgarisation for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2107 (The Blossom Spa theme for WordPress is vulnerable to Sensitive Informa ...) NOT-FOR-US: WordPress theme CVE-2024-28623 (RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: RiteCMS CVE-2024-28239 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-28238 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-28236 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) NOT-FOR-US: Vela CVE-2024-27440 (The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyok ...) NOT-FOR-US: Toyoko Inn official App CVE-2024-27305 (aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on ...) - python-aiosmtpd (bug #1066820) [bookworm] - python-aiosmtpd (Minor issue) [bullseye] - python-aiosmtpd (Minor issue) [buster] - python-aiosmtpd (Minor issue) NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 NOTE: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5) CVE-2024-26529 (An issue in mz-automation libiec61850 v.1.5.3 and before, allows a rem ...) NOT-FOR-US: libIEC61850 CVE-2024-24101 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24097 (Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tra ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24093 (SQL Injection vulnerability in Code-projects Scholars Tracking System ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24092 (SQL Injection vulnerability in Code-projects.org Scholars Tracking Sys ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23300 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: GarageBand CVE-2024-1582 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1503 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-1502 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-1450 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-1421 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1397 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1326 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1278 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) NOT-FOR-US: WordPress plugin CVE-2024-1214 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) NOT-FOR-US: WordPress plugin CVE-2024-1213 (The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2 ...) NOT-FOR-US: WordPress plugin CVE-2024-0966 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-0386 (The weForms plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-7072 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2023-6500 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-4839 (The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Script ...) NOT-FOR-US: WordPress plugin CVE-2023-43292 (Cross Site Scripting vulnerability in My Food Recipe Using PHP with So ...) NOT-FOR-US: My Food Recipe Using PHP with Source Code CVE-2023-43279 (Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcprepla ...) - tcpreplay (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/appneta/tcpreplay/issues/824 CVE-2023-42308 (Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects i ...) NOT-FOR-US: Code-Projects Exam Form Submission CVE-2023-42307 (Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Su ...) NOT-FOR-US: Code-Projects Exam Form Submission CVE-2015-10130 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as problem ...) NOT-FOR-US: EVE-NG CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 affecting fi ...) NOT-FOR-US: Korenix JetI/O 6550 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium E ...) NOT-FOR-US: Citrix CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entr ...) NOT-FOR-US: Tenda CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitI ...) NOT-FOR-US: Tenda CVE-2024-28340 (An information leak in the currentsetting.htm component of Netgear CBR ...) NOT-FOR-US: Netgear CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear CBR40 2. ...) NOT-FOR-US: Netgear CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attacke ...) NOT-FOR-US: TOTOLINK CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built with PHP. ...) NOT-FOR-US: FreeScout CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both Rails a ...) NOT-FOR-US: stimulus_reflex CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a Server Si ...) NOT-FOR-US: Peering Manager CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering Manager < ...) NOT-FOR-US: Peering Manager CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected versions of ...) NOT-FOR-US: Peering Manager CVE-2024-28098 (The vulnerability allows authenticated users with only produce or cons ...) NOT-FOR-US: Apache Pulsar CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits authent ...) NOT-FOR-US: Apache Pulsar CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that calls the at ...) - rpyc (bug #1066879) [bookworm] - rpyc (Minor issue) NOTE: https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw NOTE: https://github.com/tomerfiliba-org/rpyc/issues/551 NOTE: https://github.com/tomerfiliba-org/rpyc/commit/bba1d3562e6f9f1256ec64048cc23001c0bb7516 (6.0.0) CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload functions i ...) NOT-FOR-US: Apache Pulsar CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) NOT-FOR-US: a-blog cms CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows a malic ...) NOT-FOR-US: Apache Pulsar CVE-2024-26288 (An unauthenticated remote attacker can influence the communication due ...) NOT-FOR-US: VDE CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of Service V ...) NOT-FOR-US: Microsoft CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26182 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26181 (Windows Kernel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26178 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26177 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26176 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26174 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26173 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26170 (Windows Composite Image File System (CimFS) Elevation of Privilege Vul ...) NOT-FOR-US: Microsoft CVE-2024-26169 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26166 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26165 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26164 (Microsoft Django Backend for SQL Server Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2024-26162 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26161 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-26160 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft CVE-2024-26159 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26005 (An unauthenticated remote attackercan gain service level privileges th ...) NOT-FOR-US: VDE CVE-2024-26004 (An unauthenticated remote attacker can DoS a control agent due to acce ...) NOT-FOR-US: VDE CVE-2024-26003 (An unauthenticated remote attacker can DoS the control agent due to a ...) NOT-FOR-US: VDE CVE-2024-26002 (An improper input validation in the Qualcom plctool allows a local att ...) NOT-FOR-US: VDE CVE-2024-26001 (An unauthenticated remote attacker can writememory out of bounds due t ...) NOT-FOR-US: VDE CVE-2024-26000 (An unauthenticated remote attacker can read memory out of bounds due t ...) NOT-FOR-US: VDE CVE-2024-25999 (An unauthenticated local attacker can perform a privilege escalation d ...) NOT-FOR-US: VDE CVE-2024-25998 (An unauthenticated remote attacker can perform a command injectionin t ...) NOT-FOR-US: VDE CVE-2024-25997 (An unauthenticated remote attacker can perform a log injection due to ...) NOT-FOR-US: VDE CVE-2024-25996 (An unauthenticated remote attacker can perform a remote code execution ...) NOT-FOR-US: VDE CVE-2024-25995 (An unauthenticated remote attacker can modify configurations to perfor ...) NOT-FOR-US: VDE CVE-2024-25994 (An unauthenticated remote attacker can upload a arbitrary script file ...) NOT-FOR-US: VDE CVE-2024-23112 (An authorization bypass through user-controlled key vulnerability [CWE ...) NOT-FOR-US: FortiGuard CVE-2024-22045 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) NOT-FOR-US: Siemens CVE-2024-22044 (A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Modu ...) NOT-FOR-US: Siemens CVE-2024-22041 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) NOT-FOR-US: Siemens CVE-2024-22040 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) NOT-FOR-US: Siemens CVE-2024-22039 (A vulnerability has been identified in Cerberus PRO EN Engineering Too ...) NOT-FOR-US: Siemens CVE-2024-21761 (An improper authorization vulnerability [CWE-285] in FortiPortal versi ...) NOT-FOR-US: FortiGuard CVE-2024-21483 (A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3 ...) NOT-FOR-US: Siemens CVE-2024-21451 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21450 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21448 (Microsoft Teams for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21446 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21445 (Windows USB Print Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21444 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21443 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21442 (Windows USB Print Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21441 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21440 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21439 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21438 (Microsoft AllJoyn API Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21437 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21436 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21435 (Windows OLE Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21434 (Microsoft Windows SCSI Class System File Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2024-21433 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21432 (Windows Update Stack Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21431 (Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vul ...) NOT-FOR-US: Microsoft CVE-2024-21430 (Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnera ...) NOT-FOR-US: Microsoft CVE-2024-21429 (Windows USB Hub Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21427 (Windows Kerberos Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21426 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21421 (Azure SDK Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21419 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2024-21418 (Software for Open Networking in the Cloud (SONiC) Elevation of Privile ...) NOT-FOR-US: Microsoft CVE-2024-21411 (Skype for Consumer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21408 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21407 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21400 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) NOT-FOR-US: Microsoft CVE-2024-21392 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21390 (Microsoft Authenticator Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an u ...) NOT-FOR-US: Cloudflare quiche CVE-2024-1618 (A search path or unquoted item vulnerability in Faronics Deep Freeze S ...) NOT-FOR-US: Faronics Deep Freeze Server Standard CVE-2024-1529 (Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently e ...) NOT-FOR-US: CMS Made Simple CVE-2024-1528 (CMS Made Simple version 2.2.14, does not sufficiently encode user-cont ...) NOT-FOR-US: CMS Made Simple CVE-2024-1527 (Unrestricted file upload vulnerability in CMS Made Simple, affecting v ...) NOT-FOR-US: CMS Made Simple CVE-2024-1410 (Cloudflare quiche was discovered to be vulnerable to unbounded storage ...) NOT-FOR-US: Cloudflare quiche CVE-2024-1328 (The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2024-1304 (Cross-site scripting vulnerability in Badger Meter Monitool that affec ...) NOT-FOR-US: Badger Meter Monitool CVE-2024-1303 (Incorrectly limiting the path to a restricted directory vulnerability ...) NOT-FOR-US: Badger Meter Monitool CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool affecting ...) NOT-FOR-US: Badger Meter Monitool CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting version ...) NOT-FOR-US: Badger Meter Monitool CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could allow ...) NOT-FOR-US: Rejettos CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes certain ch ...) NOT-FOR-US: Rejettos CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterpri ...) NOT-FOR-US: TIBCO CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveS ...) NOT-FOR-US: TIBCO CVE-2024-0906 (The f(x) Private Site plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: WordPress plugin CVE-2023-5410 (A potential security vulnerability has been reported in the system BIO ...) NOT-FOR-US: HP CVE-2023-4780 REJECTED CVE-2023-4731 (The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-4729 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-4728 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...) NOT-FOR-US: WordPress plugin CVE-2023-4629 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-4628 (The LadiApp plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-4627 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...) NOT-FOR-US: WordPress plugin CVE-2023-4626 (The LadiApp plugin for WordPress is vulnerable to unauthorized modific ...) NOT-FOR-US: WordPress plugin CVE-2023-48788 (A improper neutralization of special elements used in an sql command ( ...) NOT-FOR-US: FortiGuard CVE-2023-47534 (A improper neutralization of formula elements in a csv file in Fortine ...) NOT-FOR-US: FortiGuard CVE-2023-46717 (An improper authentication vulnerability [CWE-287] in FortiOS versions ...) NOT-FOR-US: FortiGuard CVE-2023-45793 (A vulnerability has been identified in Siveillance Control (All versio ...) NOT-FOR-US: Siemens CVE-2023-42790 (A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, ...) NOT-FOR-US: FortiGuard CVE-2023-42789 (A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 t ...) NOT-FOR-US: FortiGuard CVE-2023-41842 (A use of externally-controlled format string vulnerability [CWE-134] i ...) NOT-FOR-US: FortiGuard CVE-2023-41313 (The authentication method in Apache Doris versions before 2.0.0 was vu ...) NOT-FOR-US: Apache Doris CVE-2023-36554 (A improper access control in Fortinet FortiManager version 7.4.0, vers ...) NOT-FOR-US: FortiGuard CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN clusters wh ...) - ovn 24.03.1-1 [bookworm] - ovn (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2053113 NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Intel(R) ...) {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...) {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...) {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...) {DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-28746 (Information exposure through microarchitectural state after transient ...) {DSA-5681-1 DLA-3808-1} - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode (Decide after exposure on unstable for update) [bullseye] - intel-microcode (Decide after exposure on unstable for update) - linux 6.7.9-2 [bookworm] - linux 6.1.82-1 - xen [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/13 NOTE: https://xenbits.xen.org/xsa/advisory-452.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts modern C ...) - linux - xen [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/14 NOTE: https://www.vusec.net/projects/ghostrace/ NOTE: https://xenbits.xen.org/xsa/advisory-453.html CVE-2024-28199 (phlex is an open source framework for building object-oriented views i ...) NOT-FOR-US: phlex framework CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver Process I ...) NOT-FOR-US: SAP CVE-2024-28120 (codeium-chrome is an open source code completion plugin for the chrome ...) NOT-FOR-US: codeium-chrome CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less than 3.0.0 ...) NOT-FOR-US: Postal SMTP server (not the same as src:postal) CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - vers ...) NOT-FOR-US: SAP CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...) NOT-FOR-US: SAP CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...) {DSA-5669-1} - guix 1.4.0-6 (bug #1066113) - nix (bug #1066812) [bookworm] - nix (Minor issue) [bullseye] - nix (Minor issue) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143 NOTE: Followup: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ff1251de0bc327ec478fc66a562430fbf35aef42 NOTE: https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/ NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 NOTE: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation Controller N ...) NOT-FOR-US: Machine Automation Controller CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows ...) NOT-FOR-US: CE Phoenix CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance M ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2024-25645 (Under certain conditionSAPNetWeaver (Enterprise Portal) - version 7.50 ...) NOT-FOR-US: SAP CVE-2024-25644 (Under certain conditions SAP NetWeaverWSRM- version 7.50, allows an at ...) NOT-FOR-US: SAP CVE-2024-25331 (DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.0 ...) NOT-FOR-US: D-Link CVE-2024-25325 (SQL injection vulnerability in Employee Management System v.1.0 allows ...) NOT-FOR-US: Employee Management System CVE-2024-25114 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2024-24964 (Improper access control vulnerability exists in the resident process o ...) NOT-FOR-US: SKYSEA Client View CVE-2024-22133 (SAP Fiori Front End Server - version 605, allows altering of approver ...) NOT-FOR-US: SAP CVE-2024-22127 (SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) ...) NOT-FOR-US: SAP CVE-2024-21805 (Improper access control vulnerability exists in the specific folder of ...) NOT-FOR-US: SKYSEA Client View CVE-2024-21584 (Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulner ...) NOT-FOR-US: Pleasanter CVE-2024-1645 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized ac ...) NOT-FOR-US: WordPress plugin CVE-2024-1400 (The Mollie Forms plugin for WordPress is vulnerable to unauthorized po ...) NOT-FOR-US: WordPress plugin CVE-2023-6814 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2023-49785 (NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat use ...) NOT-FOR-US: NextChat CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22 ...) - racktables (bug #629531) CVE-2024-2370 REJECTED CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan 4.14-1 (bug #1066059) [bookworm] - libreswan (Minor issue) [bullseye] - libreswan (Minor issue) NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.patch NOTE: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt NOTE: https://github.com/libreswan/libreswan/issues/1609 NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/cb9e1047d33fde695d63a95854c2bc2470a476c8 CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...) NOT-FOR-US: OpenOlat CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...) NOT-FOR-US: Zitadel CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...) NOT-FOR-US: SOY CMS CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...) NOT-FOR-US: Android CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...) NOT-FOR-US: Android CVE-2024-27235 (In plugin_extern_func of , there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...) NOT-FOR-US: Android CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...) NOT-FOR-US: Android CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...) NOT-FOR-US: Android CVE-2024-27228 (there is a possible out of bounds write due to a heap buffer overflow. ...) NOT-FOR-US: Android CVE-2024-27227 (A malicious DNS response can trigger a number of OOB reads, writes, an ...) NOT-FOR-US: Android CVE-2024-27226 (In tmu_config_gov_params of , there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) NOT-FOR-US: Android CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...) NOT-FOR-US: Android CVE-2024-27221 (In update_policy_data of , there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2024-27220 (In lpm_req_handler of , there is a possible out of bounds memory acces ...) NOT-FOR-US: Android CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...) NOT-FOR-US: Android CVE-2024-27218 (In update_freq_data of , there is a possible out of bounds read due to ...) NOT-FOR-US: Android CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...) NOT-FOR-US: Android CVE-2024-27212 (In init_data of , there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Android CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...) NOT-FOR-US: Android CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2024-27209 (there is a possible out of bounds write due to a heap buffer overflow. ...) NOT-FOR-US: Android CVE-2024-27208 (there is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: Android CVE-2024-27207 (Exported broadcast receivers allowing malicious apps to bypass broadca ...) NOT-FOR-US: Android CVE-2024-27206 (there is a possible out of bounds read due to a missing bounds check. ...) NOT-FOR-US: Android CVE-2024-27205 (there is a possible memory corruption due to a use after free. This co ...) NOT-FOR-US: Android CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...) NOT-FOR-US: Android CVE-2024-25993 (In tmu_reset_tmu_trip_counter of , there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2024-25991 (In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2024-25990 (In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, th ...) NOT-FOR-US: Android CVE-2024-25989 (In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out ...) NOT-FOR-US: Android CVE-2024-25988 (In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possibl ...) NOT-FOR-US: Android CVE-2024-25987 (In pt_sysctl_command of pt.c, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2024-25986 (In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of p ...) NOT-FOR-US: Android CVE-2024-25985 (In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a mis ...) NOT-FOR-US: Android CVE-2024-25984 (In dumpBatteryDefend of dump_power.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2024-23717 (In access_secure_service_from_temp_bond of btm_sec.cc, there is a poss ...) NOT-FOR-US: Android CVE-2024-23612 (An improper error handling vulnerability in LabVIEW may result in remo ...) NOT-FOR-US: LabVIEW CVE-2024-23611 (An out of bounds write due to a missing bounds check in LabVIEW may re ...) NOT-FOR-US: LabVIEW CVE-2024-23610 (An out of bounds write due to a missing bounds check in LabVIEW may re ...) NOT-FOR-US: LabVIEW CVE-2024-23609 (An improper error handling vulnerability in LabVIEW may result in remo ...) NOT-FOR-US: LabVIEW CVE-2024-23608 (An out of bounds write due to a missing bounds check in LabVIEW may re ...) NOT-FOR-US: LabVIEW CVE-2024-22011 (In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possi ...) NOT-FOR-US: Android CVE-2024-22010 (In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2024-22009 (In init_data of , there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Android CVE-2024-22008 (In config_gov_time_windows of tmu.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2024-22007 (In constraint_check of fvp.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2024-22006 (OOB read in the TMU plugin that allows for memory disclosure in the po ...) NOT-FOR-US: Android CVE-2024-22005 (there is a possible Authentication Bypass due to improperly used crypt ...) NOT-FOR-US: Android CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user op ...) NOT-FOR-US: Santesoft Sante FFT Imaging CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...) NOT-FOR-US: WordPress plugin CVE-2024-2496 (A NULL pointer dereference flaw was found in the udevConnectListAllInt ...) {DLA-3778-1} - libvirt 9.8.0-1 [bookworm] - libvirt (Minor issue) [bullseye] - libvirt (Minor issue) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8 (v9.8.0-rc1) CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...) {DLA-3778-1} - libvirt 10.1.0-1 (bug #1066058) [bookworm] - libvirt (Minor issue) [bullseye] - libvirt (Minor issue) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/5a33366f5c0b18c93d161bd144f9f079de4ac8ca (v1.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/d6064e2759a24e0802f363e3a810dc5a7d7ebb15 (v5.10.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8 (v10.1.0) CVE-2024-1373 REJECTED CVE-2024-1290 (The User Registration WordPress plugin before 2.12 does not prevent us ...) NOT-FOR-US: WordPress plugin CVE-2024-1279 (The Paid Memberships Pro WordPress plugin before 2.12.9 does not preve ...) NOT-FOR-US: WordPress plugin CVE-2024-1273 (The Starbox WordPress plugin before 3.5.0 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2024-1068 (The 404 Solution WordPress plugin before 2.35.8 does not properly sani ...) NOT-FOR-US: WordPress plugin CVE-2024-0670 (Privilege escalation in windows agent plugin in Checkmk before 2.2.0p2 ...) - check-mk CVE-2024-0561 (The Ultimate Posts Widget WordPress plugin before 2.3.1 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2024-0559 (The Enhanced Text Widget WordPress plugin before 1.6.6 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2024-0053 (In getCustomPrinterIcon of PrintManagerService.java, there is a possib ...) NOT-FOR-US: Android CVE-2024-0052 (In multiple functions of healthconnect, there is a possible leakage of ...) NOT-FOR-US: Android CVE-2024-0051 (In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2024-0050 (In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2024-0049 (In multiple locations, there is a possible out of bounds write due to ...) NOT-FOR-US: Android CVE-2024-0048 (In Session of AccountManagerService.java, there is a possible method t ...) NOT-FOR-US: Android CVE-2024-0047 (In writeUserLP of UserManagerService.java, device policies are seriali ...) NOT-FOR-US: Android CVE-2024-0046 (In installExistingPackageAsUser of InstallPackageHelper.java, there is ...) NOT-FOR-US: Android CVE-2024-0045 (In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2024-0044 (In createSessionInternal of PackageInstallerService.java, there is a p ...) NOT-FOR-US: Android CVE-2024-0039 (In attp_build_value_cmd of att_protocol.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-7247 (The Login as User or Customer WordPress plugin through 3.8 does not pr ...) NOT-FOR-US: WordPress plugin CVE-2023-6444 (The Seriously Simple Podcasting WordPress plugin before 3.0.0 disclose ...) NOT-FOR-US: WordPress plugin CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...) NOT-FOR-US: Musicshelf CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...) NOT-FOR-US: Musicshelf CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM T ...) NOT-FOR-US: AOL AIM Triton CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load them ...) - bpfcc [bookworm] - bpfcc (Minor issue) [bullseye] - bpfcc (Minor issue) [buster] - bpfcc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0) NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and NOTE: resulting in the additional problem in https://bugs.debian.org/1068297 CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace [bookworm] - bpftrace (Minor issue) [bullseye] - bpftrace (Minor issue) [buster] - bpftrace (Vulnerable code introduced later) NOTE: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 NOTE: Introduced by: https://github.com/bpftrace/bpftrace/commit/896fafbe925385500c6626b19348739142944b88 (v0.9.3) CVE-2024-2184 (Buffer overflow in identifier field of WSD probe request process of Sm ...) NOT-FOR-US: Small Office Multifunction Printers and Laser Printers (Canon) CVE-2024-28823 (Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 a ...) NOT-FOR-US: AWS JavaScript S3 Explorer CVE-2024-28816 (Student Information Chatbot a0196ab allows SQL injection via the usern ...) NOT-FOR-US: Student Information Chatbot CVE-2024-2355 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2354 (A vulnerability, which was classified as problematic, was found in Dre ...) NOT-FOR-US: Dreamer CMS CVE-2024-2353 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-2352 (A vulnerability, which was classified as critical, has been found in 1 ...) NOT-FOR-US: 1Panel CVE-2024-2351 (A vulnerability classified as critical was found in CodeAstro Ecommerc ...) NOT-FOR-US: CodeAstro Ecommerce Site CVE-2024-27698 REJECTED CVE-2024-28757 (libexpat through 2.6.1 allows an XML Entity Expansion attack when ther ...) - expat 2.6.1-2 (bug #1065868; unimportant) NOTE: https://github.com/libexpat/libexpat/pull/842 NOTE: https://github.com/libexpat/libexpat/issues/839 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8 NOTE: Tests: https://github.com/libexpat/libexpat/commit/072eca0b72373da103ce15f8f62d1d7b52695454 NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat NOTE: Cf. Billion laughs attack assessment for src:expat in CVE-2013-0340. CVE-2024-2333 (A vulnerability classified as critical has been found in CodeAstro Mem ...) NOT-FOR-US: CodeAstro Membership Management System CVE-2024-2332 (A vulnerability was found in SourceCodester Online Mobile Management S ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2331 (A vulnerability was found in SourceCodester Tourist Reservation System ...) NOT-FOR-US: SourceCodester Tourist Reservation System CVE-2024-2330 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-1870 (The Colibri Page Builder plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WordPress plugin CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...) NOT-FOR-US: RaspAP CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...) NOT-FOR-US: RaspAP CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...) - weasyprint 61.2-1 [bookworm] - weasyprint (Vulnerable code not present) [bullseye] - weasyprint (Vulnerable code not present) NOTE: https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r NOTE: https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598 (v61.2) CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...) - golang-github-go-jose-go-jose 4.0.1-1 (bug #1065814) NOTE: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g NOTE: https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 (v2.6.3) NOTE: https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a (v3.0.3) NOTE: https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 (v4.0.1) TODO: check completeness CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...) NOT-FOR-US: JavaScript module for JSON Object Signing and Encryption (panva/jose) CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...) NOT-FOR-US: Wasmi CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...) NOT-FOR-US: lestrrat-go/jwx CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...) NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589 CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious ...) NOT-FOR-US: Dell CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...) NOT-FOR-US: WinMail CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress theme CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...) NOT-FOR-US: Grandstream CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...) NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...) - gpac (bug #1068462) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2641 NOTE: https://github.com/gpac/gpac/commit/ed8424300fc4a1f5231ecd1d47f502ddd3621d1a CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev58 ...) - gpac (bug #1068462) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2642 NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341 CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...) NOT-FOR-US: OpenText CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...) NOT-FOR-US: PostgreSQL Anonymizer CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...) NOT-FOR-US: PostgreSQL Anonymizer CVE-2024-2319 (Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX proje ...) NOT-FOR-US: Django MarkdownX CVE-2024-2318 (A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1 ...) NOT-FOR-US: ZKTeco CVE-2024-2317 (A vulnerability was found in Bdtask Hospital AutoManager up to 2024022 ...) NOT-FOR-US: Bdtask Hospital AutoManager CVE-2024-2316 (A vulnerability has been found in Bdtask Hospital AutoManager up to 20 ...) NOT-FOR-US: Bdtask Hospital AutoManager CVE-2024-21901 (A SQL injection vulnerability has been reported to affect myQNAPcloud. ...) NOT-FOR-US: QNAP CVE-2024-21900 (An injection vulnerability has been reported to affect several QNAP op ...) NOT-FOR-US: QNAP CVE-2024-21899 (An improper authentication vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2023-47221 (A path traversal vulnerability has been reported to affect Photo Stati ...) NOT-FOR-US: QNAP CVE-2023-34980 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-32969 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-2285 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: boyiddha Automated-Mess-Management-System CVE-2024-2284 (A vulnerability classified as problematic was found in boyiddha Automa ...) NOT-FOR-US: boyiddha Automated-Mess-Management-System CVE-2024-2283 (A vulnerability classified as critical has been found in boyiddha Auto ...) NOT-FOR-US: boyiddha Automated-Mess-Management-System CVE-2024-2282 (A vulnerability was found in boyiddha Automated-Mess-Management-System ...) NOT-FOR-US: boyiddha Automated-Mess-Management-System CVE-2024-2281 (A vulnerability was found in boyiddha Automated-Mess-Management-System ...) NOT-FOR-US: boyiddha Automated-Mess-Management-System CVE-2024-2277 (A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS C ...) NOT-FOR-US: Bdtask G-Prescription Gynaecology & OBS Consultation Software CVE-2024-2276 (A vulnerability has been found in Bdtask G-Prescription Gynaecology & ...) NOT-FOR-US: Bdtask G-Prescription Gynaecology & OBS Consultation Software CVE-2024-2275 (A vulnerability, which was classified as problematic, was found in Bdt ...) NOT-FOR-US: Bdtask G-Prescription Gynaecology & OBS Consultation Software CVE-2024-2274 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Bdtask G-Prescription Gynaecology & OBS Consultation Software CVE-2024-2272 (A vulnerability classified as critical was found in keerti1924 Online- ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2271 (A vulnerability classified as critical has been found in keerti1924 On ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2270 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2269 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2268 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2267 (A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 ...) NOT-FOR-US: keerti1924 Online-Book-Store-Website CVE-2024-2266 (A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project ...) NOT-FOR-US: keerti1924 Secret-Coder-PHP-Project CVE-2024-2265 (A vulnerability, which was classified as problematic, was found in kee ...) NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System CVE-2024-2264 (A vulnerability, which was classified as critical, has been found in k ...) NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System CVE-2024-2044 (pgAdmin <= 8.3 is affected by a path-traversal vulnerability while des ...) - pgadmin4 (bug #834129) CVE-2024-28115 (FreeRTOS is a real-time operating system for microcontrollers. FreeRTO ...) NOT-FOR-US: FreeRTOS kernel CVE-2024-27707 (Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly ...) NOT-FOR-US: hcengineering Huly Platform CVE-2024-27613 (Numbas editor before 7.3 mishandles reading of themes and extensions.) NOT-FOR-US: Numbas editor CVE-2024-27612 (Numbas editor before 7.3 mishandles editing of themes and extensions.) NOT-FOR-US: Numbas editor CVE-2024-26492 (An issue in Online Diagnostic Lab Management System 1.0 allows a remot ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2024-26313 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored ...) NOT-FOR-US: Archer CVE-2024-26309 (Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensiti ...) NOT-FOR-US: Archer CVE-2024-26167 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-25849 (In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKi ...) NOT-FOR-US: PrestaShop module CVE-2024-25848 (In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever ...) NOT-FOR-US: PrestaShop module CVE-2024-25845 (In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1 ...) NOT-FOR-US: PrestaShop module CVE-2024-25729 (Arris SBG6580 devices have predictable default WPA2 security passwords ...) NOT-FOR-US: Arris SBG6580 devices CVE-2024-25327 (Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt ...) NOT-FOR-US: Justice Systems FullCourt Enterprise CVE-2024-24035 (Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 ...) NOT-FOR-US: Setor Informatica SIL CVE-2024-23297 (The issue was addressed with improved checks. This issue is fixed in t ...) NOT-FOR-US: Apple CVE-2024-23295 (A permissions issue was addressed to help ensure Personas are always p ...) NOT-FOR-US: Apple CVE-2024-23294 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2024-23293 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-23292 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2024-23291 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23290 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2024-23289 (A lock screen issue was addressed with improved state management. This ...) NOT-FOR-US: Apple CVE-2024-23288 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2024-23287 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2024-23286 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2024-23285 (This issue was addressed with improved handling of symlinks. This issu ...) NOT-FOR-US: Apple CVE-2024-23284 (A logic issue was addressed with improved state management. This issue ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2024-23283 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23281 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2024-23280 (An injection issue was addressed with improved validation. This issue ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2024-23279 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23278 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-23277 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-23276 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-23275 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2024-23274 (An injection issue was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2024-23273 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-23272 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2024-23270 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23269 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) NOT-FOR-US: Apple CVE-2024-23268 (An injection issue was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2024-23267 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-23266 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-23265 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2024-23264 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2024-23263 (A logic issue was addressed with improved validation. This issue is fi ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2024-23262 (This issue was addressed with additional entitlement checks. This issu ...) NOT-FOR-US: Apple CVE-2024-23260 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2024-23259 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-23258 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2024-23257 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23255 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2024-23254 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2024-23253 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2024-23252 REJECTED CVE-2024-23250 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2024-23249 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23248 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23247 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23246 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2024-23245 (This issue was addressed by adding an additional prompt for user conse ...) NOT-FOR-US: Apple CVE-2024-23244 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2024-23242 (A privacy issue was addressed by not logging contents of text fields. ...) NOT-FOR-US: Apple CVE-2024-23241 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-23240 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2024-23239 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2024-23238 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2024-23235 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2024-23234 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2024-23233 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2024-23232 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2024-23231 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23230 (This issue was addressed with improved file handling. This issue is fi ...) NOT-FOR-US: Apple CVE-2024-23227 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2024-23226 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23220 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2024-23216 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2024-23205 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23201 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2024-1987 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1986 (The Booster Elite for WooCommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-1851 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-1802 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-0258 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-46172 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...) NOT-FOR-US: IBM CVE-2023-46171 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...) NOT-FOR-US: IBM CVE-2023-46170 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...) NOT-FOR-US: IBM CVE-2023-46169 (IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89 ...) NOT-FOR-US: IBM CVE-2023-28826 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sendin ...) NOT-FOR-US: moziloCMS CVE-2024-2241 (Improper access control in the user interface in Devolutions Workspace ...) NOT-FOR-US: Devolutions CVE-2024-2136 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-2128 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) NOT-FOR-US: WordPress plugin CVE-2024-2127 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-28230 (In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow ...) NOT-FOR-US: JetBrains YouTrack CVE-2024-28229 (In JetBrains YouTrack before 2024.1.25893 user without appropriate per ...) NOT-FOR-US: JetBrains YouTrack CVE-2024-28228 (In JetBrains YouTrack before 2024.1.25893 creation comments on behalf ...) NOT-FOR-US: JetBrains YouTrack CVE-2024-27733 (File Upload vulnerability in Byzro Network Smart s42 Management Platfo ...) NOT-FOR-US: Byzro Network Smart s42 Management Platform CVE-2024-22752 (Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allow ...) NOT-FOR-US: EaseUS MobiMover CVE-2024-22256 (VMware Cloud Director contains a partial information disclosure vulner ...) NOT-FOR-US: VMware CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 c ...) - unbound 1.19.2-1 [bookworm] - unbound (Vulnerable code introduced later) [bullseye] - unbound (Vulnerable code introduced later) [buster] - unbound (Vulnerable code introduced later) NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...) NOT-FOR-US: kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP) CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...) - grafana CVE-2024-1382 (The Restaurant Reservations plugin for WordPress is vulnerable to Loca ...) NOT-FOR-US: WordPress plugin CVE-2024-1351 (Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Se ...) - mongodb CVE-2024-1170 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...) NOT-FOR-US: WordPress plugin CVE-2024-1169 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...) NOT-FOR-US: WordPress plugin CVE-2024-0917 (remote code execution in paddlepaddle/paddle 2.6.0) NOT-FOR-US: PaddlePaddle CVE-2024-0818 (Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle bef ...) NOT-FOR-US: PaddlePaddle CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON Parsing ...) NOT-FOR-US: Netgear CVE-2023-47691 REJECTED CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...) NOT-FOR-US: JFrog Artifactory CVE-2023-42661 (JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary F ...) NOT-FOR-US: JFrog Artifactory CVE-2023-42509 (JFrog Artifactory later than version 7.17.4 but prior to version 7.77. ...) NOT-FOR-US: JFrog Artifactory CVE-2023-41503 (Student Enrollment In PHP v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Student Enrollment In PHP CVE-2023-41015 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: code-projects.org Online Job Portal CVE-2023-41014 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: code-projects.org Online Job Portal CVE-2023-33676 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...) NOT-FOR-US: Sourcecodester Lost and Found Information System CVE-2024-XXXX [RUSTSEC-2024-0021] - rust-eyre (Vulnerable code introduce in 0.6.9) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0021.html NOTE: https://github.com/eyre-rs/eyre/issues/141 CVE-2024-28222 (In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2 ...) NOT-FOR-US: Veritas CVE-2024-28216 (nGrinder before 3.5.9 allows an attacker to obtain the results of webh ...) NOT-FOR-US: nGrinder CVE-2024-28215 (nGrinder before 3.5.9 allows an attacker to create or update webhook c ...) NOT-FOR-US: nGrinder CVE-2024-28214 (nGrinder before 3.5.9 allows to set delay without limitation, which co ...) NOT-FOR-US: nGrinder CVE-2024-28213 (nGrinder before 3.5.9 allows to accept serialized Java objects from un ...) NOT-FOR-US: nGrinder CVE-2024-28212 (nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow ...) NOT-FOR-US: nGrinder CVE-2024-28211 (nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by ...) NOT-FOR-US: nGrinder CVE-2024-28111 (Canarytokens helps track activity and actions on a network. Canarytoke ...) NOT-FOR-US: Canarytokens CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integrate ap ...) NOT-FOR-US: cloudevents/sdk-go CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...) - python-jwcrypto 1.5.6-1 (bug #1065688) [bookworm] - python-jwcrypto (Minor issue) [bullseye] - python-jwcrypto (Minor issue) NOTE: https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97 NOTE: https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f (v1.5.6) CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a federated ...) NOT-FOR-US: Apollo Router CVE-2024-28097 (Calendar functionality in Schoolbox application before version 23.1.3 ...) NOT-FOR-US: Schoolbox application CVE-2024-28096 (Class functionality in Schoolbox application before version 23.1.3 is ...) NOT-FOR-US: Schoolbox application CVE-2024-28095 (News functionality in Schoolbox application before version 23.1.3 is ...) NOT-FOR-US: Schoolbox application CVE-2024-28094 (Chat functionality in Schoolbox application before version 23.1.3 is ...) NOT-FOR-US: Schoolbox application CVE-2024-27936 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) NOT-FOR-US: Deno CVE-2024-27935 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...) NOT-FOR-US: Deno CVE-2024-27934 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...) NOT-FOR-US: Deno CVE-2024-27933 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version ...) NOT-FOR-US: Deno CVE-2024-27932 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...) NOT-FOR-US: Deno CVE-2024-27927 (RSSHub is an open source RSS feed generator. Prior to version 1.0.0-ma ...) NOT-FOR-US: RSSHub CVE-2024-27926 (RSSHub is an open source RSS feed generator. Starting in version 1.0.0 ...) NOT-FOR-US: RSSHub CVE-2024-27923 (Grav is a content management system (CMS). Prior to version 1.7.43, us ...) NOT-FOR-US: Grav CMS CVE-2024-27922 (TOMP Bare Server implements the TompHTTP bare server. A vulnerability ...) NOT-FOR-US: TOMP Bare Server CVE-2024-27918 (Coder allows oragnizations to provision remote development environment ...) NOT-FOR-US: Coder CVE-2024-26566 (An issue in Cute Http File Server v.3.1 allows a remote attacker to es ...) NOT-FOR-US: Cute Http File Server CVE-2024-24389 (A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 a ...) NOT-FOR-US: XunRuiCMS CVE-2024-24375 (SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attac ...) NOT-FOR-US: Jfinalcms CVE-2024-1761 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-1720 (The User Registration \u2013 Custom Registration Form, Login Form, and ...) NOT-FOR-US: WordPress plugin CVE-2024-1506 (The Prime Slider \u2013 Addons For Elementor plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1500 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1460 (MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vul ...) NOT-FOR-US: MSI Afterburner CVE-2024-1443 (MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vuln ...) NOT-FOR-US: MSI Afterburner CVE-2024-1419 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2024-1377 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-1366 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0817 (Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0) NOT-FOR-US: PaddlePaddle CVE-2024-0815 (Command injection in paddle.utils.download._wget_download (bypass filt ...) NOT-FOR-US: PaddlePaddle CVE-2023-51395 (The vulnerability described by CVE-2023-0972 has been additionally dis ...) NOT-FOR-US: Silicon Labs CVE-2023-51281 (Cross Site Scripting vulnerability in Customer Support System v.1.0 al ...) NOT-FOR-US: Customer Support System CVE-2023-49989 (Hotel Booking Management v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Hotel Booking Management CVE-2023-49988 (Hotel Booking Management v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Hotel Booking Management CVE-2023-49987 (A cross-site scripting (XSS) vulnerability in the component /managemen ...) NOT-FOR-US: School Fees Management System CVE-2023-49986 (A cross-site scripting (XSS) vulnerability in the component /admin/par ...) NOT-FOR-US: School Fees Management System CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to cont ...) NOT-FOR-US: Cypress Solutions CTM-200 CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...) - libgcrypt20 (bug #1065683) [bookworm] - libgcrypt20 (Minor issue) [bullseye] - libgcrypt20 (Minor issue) [buster] - libgcrypt20 (Minor issue; side-channel timing attack) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2268268 NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html NOTE: https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt NOTE: https://people.redhat.com/~hkario/marvin/ CVE-2024-1299 (A privilege escalation vulnerability was discovered in GitLab affectin ...) - gitlab 16.8.4-1 CVE-2024-0199 (An authorization bypass vulnerability was discovered in GitLab affecti ...) - gitlab 16.8.4-1 CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting version ...) NOT-FOR-US: Gophish CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL generation reques ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build param ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-27917 (Shopware is an open commerce platform based on Symfony Framework and V ...) NOT-FOR-US: Shopware CVE-2024-27916 (Minder is a software supply chain security platform. Prior to version ...) NOT-FOR-US: Minder CVE-2024-27915 (Sulu is a PHP content management system. Starting in verson 2.2.0 and ...) NOT-FOR-US: Sulu CVE-2024-27307 (JSONata is a JSON query and transformation language. Starting in versi ...) NOT-FOR-US: jsonata-js CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur ...) - golang-github-jackc-pgx (bug #1065687) [bookworm] - golang-github-jackc-pgx (Minor issue) [bullseye] - golang-github-jackc-pgx (Minor issue) NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv NOTE: https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 (v5.5.4) NOTE: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4) NOTE: https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df (v4.18.2) CVE-2024-27303 (electron-builder is a solution to package and build a ready for distri ...) NOT-FOR-US: electron-builder CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...) NOT-FOR-US: go-zero CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...) - golang-github-jackc-pgx (bug #1065686) [bookworm] - golang-github-jackc-pgx (Minor issue) [bullseye] - golang-github-jackc-pgx (Minor issue) NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p NOTE: https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c (v4.18.2) CVE-2024-27288 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home Automation ...) NOT-FOR-US: ESPHome CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execu ...) NOT-FOR-US: zuoxingdong lagom CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the usage of vu ...) NOT-FOR-US: AppSamvid software CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the usage of a ...) NOT-FOR-US: AppSamvid software CVE-2024-24767 (CasaOS-UserService provides user management functionalities to CasaOS. ...) NOT-FOR-US: CasaOS CVE-2024-24766 (CasaOS-UserService provides user management functionalities to CasaOS. ...) NOT-FOR-US: CasaOS CVE-2024-24765 (CasaOS-UserService provides user management functionalities to CasaOS. ...) NOT-FOR-US: CasaOS CVE-2024-24761 (Galette is a membership management web application for non profit orga ...) - galette CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco AppDyna ...) NOT-FOR-US: Cisco CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco AppDynamics ...) NOT-FOR-US: Cisco CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of Cisco Secur ...) NOT-FOR-US: Cisco CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco Secure Cli ...) NOT-FOR-US: Cisco CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small Busines ...) NOT-FOR-US: Cisco CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon and RDP ...) NOT-FOR-US: Cisco CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo Authentication f ...) NOT-FOR-US: Cisco CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of a weake ...) NOT-FOR-US: USB Pratirodh CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remote au ...) NOT-FOR-US: Sonatype CVE-2023-50716 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...) [experimental] - fastdds 2.14.0+ds-1 - fastdds 2.14.0+ds-2 (bug #1066119) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h CVE-2023-50167 (Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with ed ...) NOT-FOR-US: Pega Platform CVE-2023-49985 (A cross-site scripting (XSS) vulnerability in the component /managemen ...) NOT-FOR-US: School Fees Management System CVE-2023-49984 (A cross-site scripting (XSS) vulnerability in the component /managemen ...) NOT-FOR-US: School Fees Management System CVE-2023-49983 (A cross-site scripting (XSS) vulnerability in the component /managemen ...) NOT-FOR-US: School Fees Management System CVE-2023-49982 (Broken access control in the component /admin/management/users of Scho ...) NOT-FOR-US: School Fees Management System CVE-2023-49981 (A directory listing vulnerability in School Fees Management System v1. ...) NOT-FOR-US: School Fees Management System CVE-2023-49980 (A directory listing vulnerability in Best Student Result Management Sy ...) NOT-FOR-US: Best Student Result Management System CVE-2023-49979 (A directory listing vulnerability in Customer Support System v1 allows ...) NOT-FOR-US: Customer Support System CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows non-admi ...) NOT-FOR-US: Customer Support System CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...) NOT-FOR-US: go-saml CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...) NOT-FOR-US: Vanderbilt REDCap CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...) NOT-FOR-US: Jenkins plugin CVE-2024-28159 (A missing permission check in Jenkins Subversion Partial Release Manag ...) NOT-FOR-US: Jenkins plugin CVE-2024-28158 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...) NOT-FOR-US: Jenkins plugin CVE-2024-28157 (Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket U ...) NOT-FOR-US: Jenkins plugin CVE-2024-28156 (Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2024-2215 (A cross-site request forgery (CSRF) vulnerability in Jenkins docker-bu ...) NOT-FOR-US: Jenkins plugin CVE-2024-2216 (A missing permission check in an HTTP endpoint in Jenkins docker-build ...) NOT-FOR-US: Jenkins plugin CVE-2024-28161 (In Jenkins Delphix Plugin 3.0.1, a global option for administrators to ...) NOT-FOR-US: Jenkins plugin CVE-2024-28162 (In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a globa ...) NOT-FOR-US: Jenkins plugin CVE-2024-28155 (Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permissio ...) NOT-FOR-US: Jenkins plugin CVE-2024-28154 (Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitiv ...) NOT-FOR-US: Jenkins plugin CVE-2024-28153 (Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2024-28152 (In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earli ...) NOT-FOR-US: Jenkins plugin CVE-2024-28151 (Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbol ...) NOT-FOR-US: Jenkins plugin CVE-2024-28150 (Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job nam ...) NOT-FOR-US: Jenkins plugin CVE-2024-28149 (Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does ...) NOT-FOR-US: Jenkins plugin CVE-2023-50740 (In Apache Linkis <=1.4.0, The password is printed to the log when usin ...) NOT-FOR-US: Apache Linkis CVE-2024-26580 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) NOT-FOR-US: Apache InLong CVE-2024-2179 (Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via th ...) NOT-FOR-US: Concrete CMS CVE-2024-27765 (Directory Traversal vulnerability in Jeewms v.3.7 and before allows a ...) NOT-FOR-US: Jeewms CVE-2024-27764 (An issue in Jeewms v.3.7 and before allows a remote attacker to escala ...) NOT-FOR-US: Jeewms CVE-2024-27278 (OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross- ...) NOT-FOR-US: OpenPNE Plugin CVE-2024-25858 (In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code e ...) NOT-FOR-US: Foxit PDF Reader CVE-2024-25817 (Buffer Overflow vulnerability in eza before version 0.18.2, allows loc ...) - rust-eza 0.18.2-1 NOTE: https://github.com/advisories/GHSA-3qx3-6hxr-j2ch CVE-2024-25616 (Aruba has identified certain configurations of ArubaOS that can lead t ...) NOT-FOR-US: Aruba CVE-2024-25615 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) NOT-FOR-US: Aruba CVE-2024-25614 (There is an arbitrary file deletion vulnerability in the CLI used by A ...) NOT-FOR-US: Aruba CVE-2024-25613 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2024-25612 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2024-25611 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2024-24786 (The protojson.Unmarshal function can enter an infinite loop when unmar ...) - golang-google-protobuf 1.33.0-1 (bug #1065684) [bookworm] - golang-google-protobuf (Minor issue) [bullseye] - golang-google-protobuf (Minor issue) NOTE: https://go-review.googlesource.com/c/protobuf/+/569356 CVE-2024-24278 (An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 al ...) NOT-FOR-US: Teamwire Windows desktop client CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop c ...) NOT-FOR-US: Teamwire Windows desktop client CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client ...) NOT-FOR-US: Teamwire Windows desktop client CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...) NOT-FOR-US: Plone CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...) NOT-FOR-US: Devolutions CVE-2024-1900 (Improper session management in the identity provider authentication fl ...) NOT-FOR-US: Devolutions CVE-2024-1898 (Improper access control in the notification feature in Devolutions Ser ...) NOT-FOR-US: Devolutions CVE-2024-1771 (The Total theme for WordPress is vulnerable to unauthorized modificati ...) NOT-FOR-US: WordPress theme CVE-2024-1764 (Improper privilege management in Just-in-time (JIT) elevation module i ...) NOT-FOR-US: Devolutions CVE-2024-1760 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) NOT-FOR-US: WordPress plugin CVE-2024-1356 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2024-1220 (A stack-based buffer overflow in the built-in web server in Moxa NPort ...) NOT-FOR-US: Moxa CVE-2023-49977 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) NOT-FOR-US: Customer Support System CVE-2023-49976 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) NOT-FOR-US: Customer Support System CVE-2023-49974 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) NOT-FOR-US: Customer Support System CVE-2023-49973 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) NOT-FOR-US: Customer Support System CVE-2023-49971 (A cross-site scripting (XSS) vulnerability in Customer Support System ...) NOT-FOR-US: Customer Support System CVE-2023-48644 (An issue was discovered in the Archibus app 4.0.3 for iOS. There is an ...) NOT-FOR-US: Archibus app for iOS CVE-2023-43318 (TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows at ...) NOT-FOR-US: TP-Link CVE-2023-38946 (An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_p ...) NOT-FOR-US: Multilaser RE160 firmware CVE-2023-38945 (Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser R ...) NOT-FOR-US: Multilaser CVE-2023-38944 (An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser ...) NOT-FOR-US: Multilaser CVE-2023-33677 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...) NOT-FOR-US: Sourcecodester Lost and Found Information System CVE-2024-2176 (Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allow ...) {DSA-5636-1} - chromium 122.0.6261.111-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2174 (Inappropriate implementation in V8 in Google Chrome prior to 122.0.626 ...) {DSA-5636-1} - chromium 122.0.6261.111-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-2173 (Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261 ...) {DSA-5636-1} - chromium 122.0.6261.111-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-26628 REJECTED CVE-2024-26627 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4373534a9850627a2695317944898eb1283a2db0 (6.8-rc3) CVE-2024-26626 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e622502c310f1069fd9f41cd38210553115f610a (6.8-rc3) CVE-2024-26625 (In the Linux kernel, the following vulnerability has been resolved: l ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/aa2b2eb3934859904c287bf5434647ba72e14c1c (6.8-rc3) CVE-2024-26624 REJECTED CVE-2024-26623 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7e82a8745b951b1e794cc780d46f3fbee5e93447 (6.8-rc3) CVE-2023-52607 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/f46c8a75263f97bda13c739ba1c90aced0d3b071 (6.8-rc1) CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1) CVE-2023-52605 REJECTED CVE-2023-52604 (In the Linux kernel, the following vulnerability has been resolved: F ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 (6.8-rc1) CVE-2023-52603 (In the Linux kernel, the following vulnerability has been resolved: U ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16 (6.8-rc1) CVE-2023-52602 (In the Linux kernel, the following vulnerability has been resolved: j ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fa5492ee89463a7590a1449358002ff7ef63529f (6.8-rc1) CVE-2023-52601 (In the Linux kernel, the following vulnerability has been resolved: j ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/74ecdda68242b174920fe7c6133a856fb7d8559b (6.8-rc1) CVE-2023-52600 (In the Linux kernel, the following vulnerability has been resolved: j ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e0e1958f4c365e380b17ccb35617345b31ef7bf3 (6.8-rc1) CVE-2023-52599 (In the Linux kernel, the following vulnerability has been resolved: j ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/49f9637aafa6e63ba686c13cb8549bf5e6920402 (6.8-rc1) CVE-2023-52598 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (s390 not supported in LTS) NOTE: https://git.kernel.org/linus/8b13601d19c541158a6e18b278c00ba69ae37829 (6.8-rc1) CVE-2023-52597 (In the Linux kernel, the following vulnerability has been resolved: K ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (s390 not supported in LTS) NOTE: https://git.kernel.org/linus/b988b1bb0053c0dcd26187d29ef07566a565cf55 (6.8-rc1) CVE-2023-52596 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/315552310c7de92baea4e570967066569937a843 (6.8-rc1) CVE-2023-52595 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 (6.8-rc1) CVE-2023-52594 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/2adc886244dff60f948497b59affb6c6ebb3c348 (6.8-rc1) CVE-2023-52593 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d (6.8-rc1) CVE-2023-52592 REJECTED CVE-2023-52591 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1) CVE-2023-52590 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1) CVE-2023-52589 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1) CVE-2023-52588 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/4961acdd65c956e97c1a000c82d91a8c1cdbe44b (6.8-rc1) CVE-2023-52587 (In the Linux kernel, the following vulnerability has been resolved: I ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/4f973e211b3b1c6d36f7c6a19239d258856749f9 (6.8-rc1) CVE-2023-52586 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1) CVE-2023-52585 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/b8d55a90fd55b767c25687747e2b24abd1ef8680 (6.8-rc1) CVE-2023-52584 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/e821d50ab5b956ed0effa49faaf29912fd4106d9 (6.8-rc1) CVE-2023-52583 (In the Linux kernel, the following vulnerability has been resolved: c ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/b493ad718b1f0357394d2cdecbf00a44a36fa085 (6.8-rc1) CVE-2024-24785 (If errors returned from MarshalJSON methods contain user controlled da ...) - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65697 NOTE: https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1) NOTE: https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8) CVE-2024-24784 (The ParseAddressList function incorrectly handles comments (text withi ...) - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65083 NOTE: https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1) NOTE: https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8) CVE-2024-24783 (Verifying a certificate chain which contains a certificate with an unk ...) - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65390 NOTE: https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1) NOTE: https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8) CVE-2024-1979 (A vulnerability was found in Quarkus. In certain conditions related to ...) NOT-FOR-US: Quarkus CVE-2023-5685 (A flaw was found in XNIO. The XNIO NotifierState that can cause a Stac ...) - jboss-xnio (bug #1065847) [bookworm] - jboss-xnio (Minor issue) [bullseye] - jboss-xnio (Minor issue) [buster] - jboss-xnio (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241822 CVE-2023-45290 (When parsing a multipart form (either explicitly with Request.ParseMul ...) - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65383 NOTE: https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1) NOTE: https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8) CVE-2023-45289 (When following an HTTP redirect to a domain which is not a subdomain m ...) - golang-1.22 1.22.1-1 - golang-1.21 1.21.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/65065 NOTE: https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1) NOTE: https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8) CVE-2024-2188 (Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 ...) NOT-FOR-US: TP-Link CVE-2024-2056 (Services that are running and bound to the loopback interface on the A ...) NOT-FOR-US: Artica Proxy CVE-2024-2055 (The "Rich Filemanager" feature of Artica Proxy provides a web-based in ...) NOT-FOR-US: Artica Proxy CVE-2024-2054 (The Artica-Proxy administrative web application will deserialize arbit ...) NOT-FOR-US: Artica Proxy CVE-2024-2053 (The Artica Proxy administrative web application will deserialize arbit ...) NOT-FOR-US: Artica Proxy CVE-2024-2005 (In Blue Planet\xae products through 22.12, a misconfiguration in the ...) NOT-FOR-US: Blue Planet CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...) NOT-FOR-US: Deno CVE-2024-27929 (ImageSharp is a managed, cross-platform, 2D graphics library. A heap-u ...) NOT-FOR-US: ImageSharp CVE-2024-27627 (A reflected cross-site scripting (XSS) vulnerability exists in SuperCa ...) NOT-FOR-US: SuperCali CVE-2024-27626 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...) - dotclear CVE-2024-27625 (CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting ( ...) NOT-FOR-US: CMS Made Simple CVE-2024-27623 (CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template I ...) NOT-FOR-US: CMS Made Simple CVE-2024-27622 (A remote code execution vulnerability has been identified in the User ...) NOT-FOR-US: CMS Made Simple CVE-2024-27565 (A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-p ...) NOT-FOR-US: ChatGPT-wechat-personal CVE-2024-27564 (A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT co ...) NOT-FOR-US: ChatGPT CVE-2024-27563 (A Server-Side Request Forgery (SSRF) in the getFileFromRepo function o ...) NOT-FOR-US: WonderCMS CVE-2024-27561 (A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAc ...) NOT-FOR-US: WonderCMS CVE-2024-26339 (swftools v0.9.2 was discovered to contain a strcpy parameter overlap v ...) - swftools CVE-2024-26337 (swftools v0.9.2 was discovered to contain a segmentation violation via ...) - swftools CVE-2024-26335 (swftools v0.9.2 was discovered to contain a segmentation violation via ...) - swftools CVE-2024-26334 (swftools v0.9.2 was discovered to contain a segmentation violation via ...) - swftools CVE-2024-24098 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-23296 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2024-23256 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2024-23243 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2024-23225 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2024-22352 (IBM InfoSphere Information Server 11.7 stores potentially sensitive in ...) NOT-FOR-US: IBM CVE-2024-22255 (VMware ESXi, Workstation, and Fusion contain an information disclosure ...) NOT-FOR-US: VMware CVE-2024-22254 (VMware ESXi contains an out-of-bounds write vulnerability.A malicious ...) NOT-FOR-US: VMware CVE-2024-22253 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) NOT-FOR-US: VMware CVE-2024-22252 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) NOT-FOR-US: VMware CVE-2024-1202 (Authentication Bypass by Primary Weakness vulnerability in XPodas Octo ...) NOT-FOR-US: XPodas Octopod CVE-2023-7103 (Authentication Bypass by Primary Weakness vulnerability in ZKSoftware ...) NOT-FOR-US: ZKSoftware Biometric Security Solutions UFace CVE-2023-5457 (A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d v ...) NOT-FOR-US: AiLux imx6 CVE-2023-5456 (A CWE-798 \u201cUse of Hard-coded Credentials\u201d vulnerability in t ...) NOT-FOR-US: AiLux imx6 CVE-2023-45600 (A CWE-613 \u201cInsufficient Session Expiration\u201d vulnerability in ...) NOT-FOR-US: AiLux imx6 CVE-2023-45599 (A CWE-646 \u201cReliance on File Name or Extension of Externally-Suppl ...) NOT-FOR-US: AiLux imx6 CVE-2023-45598 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201 ...) NOT-FOR-US: AiLux imx6 CVE-2023-45597 (A CWE-1236 \u201cImproper Neutralization of Formula Elements in a CSV ...) NOT-FOR-US: AiLux imx6 CVE-2023-45596 (A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201 ...) NOT-FOR-US: AiLux imx6 CVE-2023-45595 (A CWE-434 \u201cUnrestricted Upload of File with Dangerous Type\u201d ...) NOT-FOR-US: AiLux imx6 CVE-2023-45594 (A CWE-552 \u201cFiles or Directories Accessible to External Parties\u2 ...) NOT-FOR-US: AiLux imx6 CVE-2023-45593 (A CWE-693 \u201cProtection Mechanism Failure\u201d vulnerability in th ...) NOT-FOR-US: AiLux imx6 CVE-2023-45592 (A CWE-250 \u201cExecution with Unnecessary Privileges\u201d vulnerabil ...) NOT-FOR-US: AiLux imx6 CVE-2023-45591 (A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the ...) NOT-FOR-US: AiLux imx6 CVE-2023-35899 (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 1 ...) NOT-FOR-US: IBM CVE-2022-48630 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/16287397ec5c08aa58db6acf7dbc55470d78087d (5.18) CVE-2022-48629 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.16.18-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/a680b1832ced3b5fa7c93484248fd221ea0d614b (5.17) CVE-2024-27308 (Mio is a Metal I/O library for Rust. When using named pipes on Windows ...) - rust-mio (Windows-specific) - rust-mio-0.6 (Vulnerable code not present) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0019.html CVE-2024-XXXX [RUSTSEC-2024-0020] - rust-whoami (Specific to Solaris) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0020.html CVE-2024-25111 (Squid is a web proxy cache. Starting in version 3.5.27 and prior to ve ...) - squid 6.8-1 [bookworm] - squid 5.7-2+deb12u1 - squid3 NOTE: https://lists.squid-cache.org/pipermail/squid-announce/2024-March/000165.html NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc NOTE: https://github.com/squid-cache/squid/pull/1553 NOTE: https://github.com/squid-cache/squid/commit/50c5af88bd74208103722f87593a974bb0f0b8e9 (master) NOTE: https://github.com/squid-cache/squid/commit/4658d0fc049738c2e6cd25fc0af10e820cf4c11a (v6) CVE-2024-2168 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2024-27718 (SQL Injection vulnerability in Baizhuo Network Smart s200 Management P ...) NOT-FOR-US: Baizhuo Network Smart s200 Management Platform CVE-2024-26333 (swftools v0.9.2 was discovered to contain a segmentation violation via ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/219 CVE-2024-25731 (The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Androi ...) NOT-FOR-US: Elink Smart eSmartCam (com.cn.dq.ipc) application CVE-2024-25269 (libheif <= 1.17.6 contains a memory leak in the function JpegEncoder:: ...) - libheif (unimportant) NOTE: https://github.com/strukturag/libheif/issues/1073 NOTE: https://github.com/strukturag/libheif/pull/1074 NOTE: https://github.com/strukturag/libheif/commit/877de6b398198bca387df791b9232922c5721c80 NOTE: Memory leak in example code CVE-2024-25164 (iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows u ...) NOT-FOR-US: iDURAR CVE-2024-22383 (Missing release of resource after effective lifetime (CWE-772) in the ...) NOT-FOR-US: Gallagher CVE-2024-22188 (TYPO3 before 13.0.1 allows an authenticated admin user (with system ma ...) NOT-FOR-US: TYPO3 CVE-2024-21838 (Improper neutralization of special elements in output (CWE-74) used by ...) NOT-FOR-US: Gallagher CVE-2024-21815 (Insufficiently protected credentials (CWE-522) for third party DVR int ...) NOT-FOR-US: Gallagher CVE-2024-20841 (Improper Handling of Insufficient Privileges in Samsung Account prior ...) NOT-FOR-US: Samsung CVE-2024-20840 (Improper access control in Samsung Voice Recorder prior to versions 21 ...) NOT-FOR-US: Samsung CVE-2024-20839 (Improper access control in Samsung Voice Recorder prior to versions 21 ...) NOT-FOR-US: Samsung CVE-2024-20838 (Improper validation vulnerability in Samsung Internet prior to version ...) NOT-FOR-US: Samsung CVE-2024-20837 (Improper handling of granting permission for Trusted Web Activities in ...) NOT-FOR-US: Samsung CVE-2024-20836 (Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.s ...) NOT-FOR-US: Samsung CVE-2024-20835 (Improper access control vulnerability in CustomFrequencyManagerService ...) NOT-FOR-US: Samsung CVE-2024-20834 (The sensitive information exposure vulnerability in WlanTest prior to ...) NOT-FOR-US: Samsung CVE-2024-20833 (Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2 ...) NOT-FOR-US: Samsung CVE-2024-20832 (Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Rel ...) NOT-FOR-US: Samsung CVE-2024-20831 (Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Re ...) NOT-FOR-US: Samsung CVE-2024-20830 (Incorrect default permission in AppLock prior to SMR MAr-2024 Release ...) NOT-FOR-US: Samsung CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung Internet pr ...) NOT-FOR-US: Samsung CVE-2024-1936 (The encrypted subject of an email message could be incorrectly and per ...) {DSA-5644-1 DLA-3769-1} - thunderbird 1:115.8.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936 CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2024-1769 (The JM Twitter Cards plugin for WordPress is vulnerable to Information ...) NOT-FOR-US: WordPress plugin CVE-2024-1731 (The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP ...) NOT-FOR-US: WordPress plugin CVE-2024-1478 (The Maintenance Mode plugin for WordPress is vulnerable to Sensitive I ...) NOT-FOR-US: WordPress plugin CVE-2024-1381 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1319 (The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent ...) NOT-FOR-US: WordPress plugin CVE-2024-1316 (The Event Tickets and Registration WordPress plugin before 5.8.1, Even ...) NOT-FOR-US: WordPress plugin CVE-2024-1285 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...) NOT-FOR-US: WordPress plugin CVE-2024-1178 (The SportsPress \u2013 Sports Club & League Manager plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1095 (The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor pl ...) NOT-FOR-US: WordPress plugin CVE-2024-1093 (The Change Memory Limit plugin for WordPress is vulnerable to unauthor ...) NOT-FOR-US: WordPress plugin CVE-2024-1088 (The Password Protected Store for WooCommerce plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-0825 (The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-0698 (The Easy!Appointments plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-52432 (Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril pri ...) NOT-FOR-US: Samsung CVE-2023-49970 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-49969 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-49968 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-49548 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-49547 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-49546 (Customer Support System v1 was discovered to contain a SQL injection v ...) NOT-FOR-US: Customer Support System CVE-2023-42419 (Maintenance Server, inCybellum'sQCOW air-gapped distribution (China Ed ...) NOT-FOR-US: Cybellum CVE-2023-41829 (An improper export vulnerability was reported in the Motorola Carrier ...) NOT-FOR-US: Motorola CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OTA upda ...) NOT-FOR-US: Motorola CVE-2024-2002 (A double-free vulnerability was found in libdwarf. In a multiply-corru ...) - dwarfutils (bug #1065511) [bookworm] - dwarfutils (Minor issue) [bullseye] - dwarfutils (Minor issue) [buster] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002 NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad (v0.9.2) CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, ...) - python-django 3:4.2.11-1 [bookworm] - python-django (Minor issue, fix along in future update) [bullseye] - python-django (Minor issue, fix along in future update) [buster] - python-django (Minor issue) NOTE: https://www.djangoproject.com/weblog/2024/mar/04/security-releases/ NOTE: https://github.com/django/django/commit/3394fc6132436eca89e997083bae9985fb7e761e (5.0.3) NOTE: https://github.com/django/django/commit/3c9a2771cc80821e041b16eb36c1c37af5349d4a (4.2.11) NOTE: https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521 (3.2.25) NOTE: CVE is a followup to CVE-2019-14232 and CVE-2023-43665. CVE-2024-2167 REJECTED CVE-2024-1657 (A flaw was found in the ansible automation platform. An insecure WebSo ...) NOT-FOR-US: Red Hat Ansible Automation Platform CVE-2024-2048 (Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth me ...) NOT-FOR-US: HashiCorp Vault CVE-2024-27889 (Multiple SQL Injection vulnerabilities exist in the reporting applicat ...) NOT-FOR-US: Arista CVE-2024-27694 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: FlyCms CVE-2024-27684 (A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, ...) NOT-FOR-US: D-Link CVE-2024-27680 (Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the " ...) NOT-FOR-US: Flusity-CMS CVE-2024-27668 (Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custo ...) NOT-FOR-US: Flusity-CMS CVE-2024-27199 (In JetBrains TeamCity before 2023.11.4 path traversal allowing to perf ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-27198 (In JetBrains TeamCity before 2023.11.4 authentication bypass allowing ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24901 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient lo ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2024-22463 (Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2024-22452 (Dell Display and Peripheral Manager for macOS prior to 1.3 contains an ...) NOT-FOR-US: Dell CVE-2024-1788 REJECTED CVE-2024-0686 REJECTED CVE-2024-0156 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Ov ...) NOT-FOR-US: Dell CVE-2024-0155 (Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After ...) NOT-FOR-US: Dell CVE-2023-6241 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-6143 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-6068 (On affected 7130 Series FPGA platforms running MOS and recent versions ...) NOT-FOR-US: Arista CVE-2023-5451 (Forcepoint NGFW Security Management Center Management Server has SMC ...) NOT-FOR-US: Forcepoint CVE-2023-43553 (Memory corruption while parsing beacon/probe response frame when AP se ...) NOT-FOR-US: Qualcomm CVE-2023-43552 (Memory corruption while processing MBSSID beacon containing several su ...) NOT-FOR-US: Qualcomm CVE-2023-43550 (Memory corruption while processing a QMI request for allocating memory ...) NOT-FOR-US: Qualcomm CVE-2023-43549 (Memory corruption while processing TPC target power table in FTM TPC.) NOT-FOR-US: Qualcomm CVE-2023-43548 (Memory corruption while parsing qcp clip with invalid chunk data size.) NOT-FOR-US: Qualcomm CVE-2023-43547 (Memory corruption while invoking IOCTLs calls in Automotive Multimedia ...) NOT-FOR-US: Qualcomm CVE-2023-43546 (Memory corruption while invoking HGSL IOCTL context create.) NOT-FOR-US: Qualcomm CVE-2023-43541 (Memory corruption while invoking the SubmitCommands call on Gfx engine ...) NOT-FOR-US: Qualcomm CVE-2023-43540 (Memory corruption while processing the IOCTL FM HCI WRITE request.) NOT-FOR-US: Qualcomm CVE-2023-43539 (Transient DOS while processing an improperly formatted 802.11az Fine T ...) NOT-FOR-US: Qualcomm CVE-2023-38362 (IBM CICS TX Advanced 10.1 could disclose sensitive information to a re ...) NOT-FOR-US: IBM CVE-2023-38360 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2023-33105 (Transient DOS in WLAN Host and Firmware when large number of open auth ...) NOT-FOR-US: Qualcomm CVE-2023-33104 (Transient DOS while processing PDU Release command with a parameter PD ...) NOT-FOR-US: Qualcomm CVE-2023-33103 (Transient DOS while processing CAG info IE received from NW.) NOT-FOR-US: Qualcomm CVE-2023-33096 (Transient DOS while processing DL NAS Transport message, as specified ...) NOT-FOR-US: Qualcomm CVE-2023-33095 (Transient DOS while processing multiple payload container type with in ...) NOT-FOR-US: Qualcomm CVE-2023-33090 (Transient DOS while processing channel information for speaker protect ...) NOT-FOR-US: Qualcomm CVE-2023-33086 (Transient DOS while processing multiple IKEV2 Informational Request to ...) NOT-FOR-US: Qualcomm CVE-2023-33084 (Transient DOS while processing IE fragments from server during DTLS ha ...) NOT-FOR-US: Qualcomm CVE-2023-33078 (Information Disclosure while processing IOCTL request in FastRPC.) NOT-FOR-US: Qualcomm CVE-2023-33066 (Memory corruption in Audio while processing RT proxy port register dri ...) NOT-FOR-US: Qualcomm CVE-2023-32331 (IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow ...) NOT-FOR-US: IBM CVE-2021-47108 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3b8e19a0aa3933a785be9f1541afd8d398c4ec69 (5.16-rc7) CVE-2021-47107 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/53b1119a6e5028b125f431a0116ba73510d82a72 (5.16-rc7) CVE-2021-47106 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0f7d9b31ce7abdbb29bf018131ac920c9f698518 (5.16-rc7) CVE-2021-47105 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05 (5.16-rc7) CVE-2021-47104 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/bee90911e0138c76ee67458ac0d58b38a3190f65 (5.16-rc7) CVE-2021-47103 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.15-1 [bullseye] - linux 5.10.158-1 [buster] - linux 4.19.269-1 NOTE: https://git.kernel.org/linus/8f905c0e7354ef261360fb7535ea079b1082c105 (5.16-rc7) CVE-2021-47102 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2efc2256febf214e7b2bdaa21fe6c3c3146acdcb (5.16-rc7) CVE-2021-47101 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 5.15.15-1 NOTE: https://git.kernel.org/linus/8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 (5.16-rc7) CVE-2021-47100 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/ffb76a86f8096a8206be03b14adda6092e18e275 (5.16-rc7) CVE-2021-47099 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9695b7de5b4760ed22132aca919570c0190cb0ce (5.16-rc7) CVE-2021-47098 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/55840b9eae5367b5d5b29619dc2fb7e4596dba46 (5.16-rc7) CVE-2021-47097 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1d72d9f960ccf1052a0630a68c3d358791dbdaaa (5.16-rc7) CVE-2021-47096 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/39a8fc4971a00d22536aeb7d446ee4a97810611b (5.16-rc7) CVE-2021-47095 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/34f35f8f14bc406efc06ee4ff73202c6fd245d15 (5.16-rc7) CVE-2021-47094 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3a0f64de479cae75effb630a2e0a237ca0d0623c (5.16-rc7) CVE-2021-47093 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/26a8b09437804fabfb1db080d676b96c0de68e7c (5.16-rc7) CVE-2021-47092 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a80dfc025924024d2c61a4c1b8ef62b2fce76a04 (5.16-rc7) CVE-2021-47091 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/87a270625a89fc841f1a7e21aae6176543d8385c (5.16-rc7) CVE-2021-47090 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2a57d83c78f889bf3f54eede908d0643c40d5418 (5.16-rc7) CVE-2021-47089 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0129ab1f268b6cf88825eae819b9b84aa0a85634 (5.16-rc7) CVE-2021-47088 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/34796417964b8d0aef45a99cf6c2d20cebe33733 (5.16-rc7) CVE-2021-47087 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/18549bf4b21c739a9def39f27dcac53e27286ab5 (5.16-rc7) CVE-2021-47086 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/75a2f31520095600f650597c0ac41f48b5ba0068 (5.16-rc7) CVE-2021-47085 REJECTED CVE-2021-47084 REJECTED CVE-2021-47083 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 NOTE: https://git.kernel.org/linus/2d5446da5acecf9c67db1c9d55ae2c3e5de01f8d (5.16-rc7) CVE-2021-47082 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.15.15-1 [bullseye] - linux 5.10.136-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/158b515f703e75e7d68289bf4d98c664e1d632df (5.16-rc7) CVE-2024-2156 (A vulnerability was found in SourceCodester Best POS Management System ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2155 (A vulnerability was found in SourceCodester Best POS Management System ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2024-2154 (A vulnerability has been found in SourceCodester Online Mobile Managem ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2153 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2152 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2151 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-28088 (LangChain through 0.1.10 allows ../ directory traversal by an actor wh ...) NOT-FOR-US: LanChain-ai Langchain CVE-2024-28084 (p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers ...) - iwd 2.16-1 (bug #1065443) [bookworm] - iwd (Minor issue) [bullseye] - iwd (Minor issue) [buster] - iwd (Vulnerable code not present) NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=52a47c9fd428904de611a90cbf8b223af879684d (2.16) NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=d34b4e16e045142590ed7cb653e01ed0ae5362eb (2.16) NOTE: first version of p2putil in 0.19, P2P is supported since 1.8 CVE-2024-21826 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-21816 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-20038 (In pq, there is a possible out of bounds read due to an incorrect boun ...) NOT-FOR-US: MediaTek CVE-2024-20037 (In pq, there is a possible write-what-where condition due to an incorr ...) NOT-FOR-US: MediaTek CVE-2024-20036 (In vdec, there is a possible permission bypass due to a permissions by ...) NOT-FOR-US: MediaTek CVE-2024-20034 (In battery, there is a possible escalation of privilege due to a missi ...) NOT-FOR-US: MediaTek CVE-2024-20033 (In nvram, there is a possible information disclosure due to a missing ...) NOT-FOR-US: MediaTek CVE-2024-20032 (In aee, there is a possible permission bypass due to a missing permiss ...) NOT-FOR-US: MediaTek CVE-2024-20031 (In da, there is a possible out of bounds write due to lack of valudati ...) NOT-FOR-US: MediaTek CVE-2024-20030 (In da, there is a possible information disclosure due to improper inpu ...) NOT-FOR-US: MediaTek CVE-2024-20029 (In wlan firmware, there is a possible out of bounds write due to impro ...) NOT-FOR-US: MediaTek CVE-2024-20028 (In da, there is a possible out of bounds write due to lack of valudati ...) NOT-FOR-US: MediaTek CVE-2024-20027 (In da, there is a possible out of bounds write due to improper input v ...) NOT-FOR-US: MediaTek CVE-2024-20026 (In da, there is a possible information disclosure due to improper inpu ...) NOT-FOR-US: MediaTek CVE-2024-20025 (In da, there is a possible out of bounds write due to an integer overf ...) NOT-FOR-US: MediaTek CVE-2024-20024 (In flashc, there is a possible out of bounds write due to lack of valu ...) NOT-FOR-US: MediaTek CVE-2024-20023 (In flashc, there is a possible out of bounds write due to lack of valu ...) NOT-FOR-US: MediaTek CVE-2024-20022 (In lk, there is a possible escalation of privilege due to a missing bo ...) NOT-FOR-US: MediaTek CVE-2024-20020 (In OPTEE, there is a possible out of bounds write due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2024-20019 (In wlan driver, there is a possible memory leak due to improper input ...) NOT-FOR-US: MediaTek CVE-2024-20018 (In wlan driver, there is a possible out of bounds write due to imprope ...) NOT-FOR-US: MediaTek CVE-2024-20017 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2024-20005 (In da, there is a possible permission bypass due to a missing permissi ...) NOT-FOR-US: MediaTek CVE-2023-4479 (Stored XSS Vulnerability in M-Files Web versions before 23.8 allows at ...) NOT-FOR-US: M-Files Web CVE-2023-49602 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-46708 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2023-25176 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2019-25210 (An issue was discovered in Cloud Native Computing Foundation (CNCF) He ...) - helm-kubernetes (bug #910799) CVE-2024-26622 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.9-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 (6.8-rc7) CVE-2024-2150 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Insurance Management System CVE-2024-2149 (A vulnerability classified as critical was found in CodeAstro Membersh ...) NOT-FOR-US: CodeAstro Membership Management System CVE-2024-2148 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2147 (A vulnerability was found in SourceCodester Online Mobile Management S ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2146 (A vulnerability was found in SourceCodester Online Mobile Management S ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-2145 (A vulnerability was found in SourceCodester Online Mobile Management S ...) NOT-FOR-US: SourceCodester Online Mobile Management Store CVE-2024-27255 (IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 throu ...) NOT-FOR-US: IBM CVE-2024-26469 (Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Produc ...) NOT-FOR-US: PrestaShop module CVE-2024-25847 (SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, ...) NOT-FOR-US: PrestaShop module CVE-2024-25842 (An issue was discovered in Presta World "Account Manager - Sales Repre ...) NOT-FOR-US: PrestaShop module CVE-2024-25839 (An issue was discovered in Webbax "Super Newsletter" (supernewsletter) ...) NOT-FOR-US: PrestaShop module CVE-2024-24302 (An issue was discovered in Tunis Soft "Product Designer" (productdesig ...) NOT-FOR-US: PrestaShop module CVE-2024-22355 (IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM CVE-2024-0765 (As a default user on a multi-user instance of AnythingLLM, you could e ...) NOT-FOR-US: AnythingLLM CVE-2023-47745 (IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 throu ...) NOT-FOR-US: IBM CVE-2023-47742 (IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...) NOT-FOR-US: IBM CVE-2023-43054 (IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to store ...) NOT-FOR-US: IBM CVE-2024-2135 (A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 ...) NOT-FOR-US: Bdtask Hospita AutoManager CVE-2024-2134 (A vulnerability has been found in Bdtask Hospita AutoManager up to 202 ...) NOT-FOR-US: Bdtask Hospita AutoManager CVE-2024-2133 (A vulnerability, which was classified as problematic, was found in Bdt ...) NOT-FOR-US: Bdtask Isshue Multi Store eCommerce Shopping Cart Solution CVE-2024-25865 (Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12 ...) NOT-FOR-US: hexo-theme-anzhiyu CVE-2024-25844 (An issue was discovered in Common-Services "So Flexibilite" (soflexibi ...) NOT-FOR-US: PrestaShop module CVE-2024-25551 (Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Stud ...) NOT-FOR-US: sourcecodester Simple Student Attendance System CVE-2024-25016 (IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could al ...) NOT-FOR-US: IBM CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer" (product ...) NOT-FOR-US: PrestaShop module CVE-2024-0968 REJECTED CVE-2024-0795 (If an attacked was given access to an instance with the admin or manag ...) NOT-FOR-US: AnythingLLM CVE-2024-26621 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.7.7-1 (bug #1024149) [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4ef9ad19e17676b9ef071309bc62020e2373705d (6.8-rc3) CVE-2023-52582 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/df1c357f25d808e30b216188330e708e09e1a412 (6.6-rc3) CVE-2023-52581 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cf5000a7787cbc10341091d37245a42c119d26c5 (6.6-rc3) CVE-2023-52580 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/75ad80ed88a182ab2ad5513e448cf07b403af5c3 (6.6-rc3) CVE-2023-52579 REJECTED CVE-2023-52578 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/44bdb313da57322c9b3c108eb66981c6ec6509f4 (6.6-rc3) CVE-2023-52577 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/6af289746a636f71f4c0535a9801774118486c7a (6.6-rc3) CVE-2023-52576 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/34cf99c250d5cd2530b93a57b0de31d3aaf8685b (6.6-rc3) CVE-2023-52575 REJECTED CVE-2023-52574 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/492032760127251e5540a5716a70996bacf2a3fd (6.6-rc3) CVE-2023-52573 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f1d95df0f31048f1c59092648997686e3f7d9478 (6.6-rc3) CVE-2023-52572 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/d527f51331cace562393a8038d870b3e9916686f (6.6-rc3) CVE-2023-52571 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/488ef44c068e79752dba8eda0b75f524f111a695 (6.6-rc4) CVE-2023-52570 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c777b11d34e0f47dbbc4b018ef65ad030f2b283a (6.6-rc4) CVE-2023-52569 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9 (6.6-rc2) CVE-2023-52568 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c6c2adcba50c2622ed25ba5d5e7f05f584711358 (6.6-rc4) CVE-2023-52567 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/cce7fc8b29961b64fadb1ce398dc5ff32a79643b (6.6-rc4) CVE-2023-52566 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/7ee29facd8a9c5a26079148e36bcf07141b3a6bc (6.6-rc4) CVE-2023-52565 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb (6.6-rc3) CVE-2023-52564 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/29346e217b8ab8a52889b88f00b268278d6b7668 (6.6-rc4) CVE-2023-52563 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/099f0af9d98231bb74956ce92508e87cbcb896be (6.6-rc3) CVE-2023-52562 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/46a9ea6681907a3be6b6b0d43776dccc62cad6cf (6.6-rc4) CVE-2023-52561 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/110e70fccce4f22b53986ae797d665ffb1950aa6 (6.6-rc1) CVE-2023-52560 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/45120b15743fa7c0aa53d5db6dfb4c8f87be4abd (6.6-rc4) CVE-2023-52559 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/59df44bfb0ca4c3ee1f1c3c5d0ee8e314844799e (6.6-rc5) CVE-2023-52532 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b2b000069a4c307b09548dc2243f31f3ca0eac9c (6.6-rc5) CVE-2023-52531 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d (6.6-rc5) CVE-2023-52530 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/31db78a4923ef5e2008f2eed321811ca79e7f71b (6.6-rc5) CVE-2023-52529 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e1cd4004cde7c9b694bbdd8def0e02288ee58c74 (6.6-rc5) CVE-2023-52528 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/e9c65989920f7c28775ec4e0c11b483910fb67b8 (6.6-rc5) CVE-2023-52527 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/9d4c75800f61e5d75c1659ba201b6c0c7ead3070 (6.6-rc5) CVE-2023-52526 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/75a5221630fe5aa3fedba7a06be618db0f79ba1e (6.6-rc5) CVE-2023-52525 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/aef7a0300047e7b4707ea0411dc9597cba108fc8 (6.6-rc5) CVE-2023-52524 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dfc7f7a988dad34c3bf4c053124fb26aa6c5f916 (6.6-rc5) CVE-2023-52523 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b80e31baa43614e086a9d29dc1151932b1bd7fc5 (6.6-rc5) CVE-2023-52522 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/25563b581ba3a1f263a00e8c9a97f5e7363be6fd (6.6-rc5) CVE-2023-52521 REJECTED CVE-2023-52520 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81 (6.6-rc5) CVE-2023-52519 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8f02139ad9a7e6e5c05712f8c1501eebed8eacfd (6.6-rc5) CVE-2023-52518 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b938790e70540bf4f2e653dcd74b232494d06c8f (6.6-rc5) CVE-2023-52517 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/1f11f4202caf5710204d334fe63392052783876d (6.6-rc1) CVE-2023-52516 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/fb5a4315591dae307a65fc246ca80b5159d296e1 (6.6-rc1) CVE-2023-52515 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/e193b7955dfad68035b983a0011f4ef3590c85eb (6.6-rc5) CVE-2023-52514 REJECTED CVE-2023-52513 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/53a3f777049771496f791504e7dc8ef017cba590 (6.6-rc5) CVE-2023-52512 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/87d315a34133edcb29c4cadbf196ec6c30dfd47b (6.6-rc6) CVE-2023-52511 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/171f8a49f212e87a8b04087568e1b3d132e36a18 (6.6-rc1) CVE-2023-52510 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/f990874b1c98fe8e57ee9385669f501822979258 (6.6-rc6) CVE-2023-52509 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/3971442870713de527684398416970cf025b4f89 (6.6-rc6) CVE-2023-52508 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c (6.6-rc2) CVE-2023-52507 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/354a6e707e29cb0c007176ee5b8db8be7bd2dee0 (6.6-rc6) CVE-2023-52506 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b795fb9f5861ee256070d59e33130980a01fadd7 (6.6-rc3) CVE-2023-52505 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/139ad1143151a07be93bf741d4ea7c89e59f89ce (6.6-rc6) CVE-2023-52504 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61 (6.6-rc6) CVE-2023-52503 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f4384b3e54ea813868bb81a861bf5b2406e15d8f (6.6-rc6) CVE-2023-52502 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/31c07dffafce914c1d1543c135382a11ff058d93 (6.6-rc6) CVE-2023-52501 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/95a404bd60af6c4d9d8db01ad14fe8957ece31ca (6.6-rc2) CVE-2023-52500 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/c13e7331745852d0dd7c35eabbe181cbd5b01172 (6.6-rc2) CVE-2023-52499 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f0eee815babed70a749d2496a7678be5b45b4c14 (6.6-rc6) CVE-2022-48628 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd (6.6-rc1) CVE-2022-48627 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.18.14-1 [bullseye] - linux 5.10.136-1 NOTE: https://git.kernel.org/linus/39cdb68c64d84e71a4a717000b6e5de208ee60cc (5.19-rc7) CVE-2024-1449 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-1398 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-0611 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0378 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-6326 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-27747 (File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allo ...) NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27746 (SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 al ...) NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27744 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...) NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27743 (Cross Site Scripting vulnerability in Petrol Pump Mangement Software v ...) NOT-FOR-US: Petrol Pump Mangement Software CVE-2024-27101 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...) NOT-FOR-US: SpiceDB CVE-2024-25438 (A cross-site scripting (XSS) vulnerability in the Submission module of ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS) CVE-2024-25436 (A cross-site scripting (XSS) vulnerability in the Production module of ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS) CVE-2024-25434 (A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows atta ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS) CVE-2024-25064 (Due to insufficient server-side validation, an attacker with login pri ...) NOT-FOR-US: Hikvision CVE-2024-25063 (Due to insufficient server-side validation, a successful exploit of th ...) NOT-FOR-US: Hikvision CVE-2024-24512 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS) CVE-2024-24511 (Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker ...) NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS) CVE-2024-23492 (A weak encoding is used to transmit credentials for WS203VICM.) NOT-FOR-US: WS203VICM CVE-2024-22182 (A remote, unauthenticated attacker may be able to send crafted message ...) NOT-FOR-US: WS203VICM CVE-2024-21767 (A remote attacker may be able to bypass access control of Commend WS20 ...) NOT-FOR-US: WS203VICM CVE-2024-1869 (Certain HP DesignJet print products are potentially vulnerable to info ...) NOT-FOR-US: HP CVE-2024-1775 (The Nextend Social Login and Register plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2024-1592 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-7244 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) NOT-FOR-US: Ethercat Zeek Plugin CVE-2023-7243 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) NOT-FOR-US: Ethercat Zeek Plugin CVE-2023-7242 (Industrial Control Systems Network Protocol Parsers (ICSNPP) - Etherca ...) NOT-FOR-US: Ethercat Zeek Plugin CVE-2023-49545 (A directory listing vulnerability in Customer Support System v1 allows ...) NOT-FOR-US: Customer Support System CVE-2023-49544 (A local file inclusion (LFI) in Customer Support System v1 allows atta ...) NOT-FOR-US: Customer Support System CVE-2023-49543 (Incorrect access control in Book Store Management System v1 allows att ...) NOT-FOR-US: Book Store Management System CVE-2023-49540 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2023-49539 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2021-47081 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/115726c5d312b462c9d9931ea42becdfa838a076 (5.13-rc3) CVE-2021-47080 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/54d87913f147a983589923c7f651f97de9af5be1 (5.13-rc3) CVE-2021-47079 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ff67dbd554b2aaa22be933eced32610ff90209dd (5.13-rc3) CVE-2021-47078 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.10.40-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/67f29896fdc83298eed5a6576ff8f9873f709228 (5.13-rc3) CVE-2021-47077 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.40-1 NOTE: https://git.kernel.org/linus/73578af92a0fae6609b955fcc9113e50e413c80f (5.13-rc3) CVE-2021-47076 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.14.6-1 NOTE: https://git.kernel.org/linus/dc07628bd2bbc1da768e265192c28ebd301f509d (5.13-rc3) CVE-2021-47075 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fec356a61aa3d3a66416b4321f1279e09e0f256f (5.13-rc3) CVE-2021-47074 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.40-1 NOTE: https://git.kernel.org/linus/03504e3b54cc8118cc26c064e60a0b00c2308708 (5.13-rc3) CVE-2021-47073 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.40-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/3a53587423d25c87af4b4126a806a0575104b45e (5.13-rc3) CVE-2021-47072 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/54a40fc3a1da21b52dbf19f72fdc27a2ec740760 (5.13-rc3) CVE-2021-47071 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3ee098f96b8b6c1a98f7f97915f8873164e6af9d (5.13-rc3) CVE-2021-47070 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0b0226be3a52dadd965644bc52a807961c2c26df (5.13-rc3) CVE-2021-47069 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a11ddb37bf367e6b5239b95ca759e5389bb46048 (5.13-rc3) CVE-2024-2078 (A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ ...) NOT-FOR-US: HelpDeskZ CVE-2024-2077 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Online Bidding System CVE-2024-2076 (A vulnerability was found in CodeAstro House Rental Management System ...) NOT-FOR-US: CodeAstro House Rental Management System CVE-2024-2075 (A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. I ...) NOT-FOR-US: SourceCodester Daily Habit Tracker CVE-2024-2074 (A vulnerability was found in Mini-Tmall up to 20231017 and classified ...) NOT-FOR-US: Mini-Tmall CVE-2024-2073 (A vulnerability has been found in SourceCodester Block Inserter for Dy ...) NOT-FOR-US: SourceCodester Block Inserter for Dynamic Content CVE-2024-2072 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Flashcard Quiz App CVE-2024-2071 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester FAQ Management System CVE-2024-2070 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester FAQ Management System CVE-2024-2069 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester FAQ Management System CVE-2024-2068 (A vulnerability was found in SourceCodester Computer Inventory System ...) NOT-FOR-US: SourceCodester Computer Inventory System CVE-2024-2067 (A vulnerability was found in SourceCodester Computer Inventory System ...) NOT-FOR-US: SourceCodester Computer Inventory System CVE-2024-2066 (A vulnerability was found in SourceCodester Computer Inventory System ...) NOT-FOR-US: SourceCodester Computer Inventory System CVE-2024-2065 (A vulnerability was found in SourceCodester Barangay Population Monito ...) NOT-FOR-US: SourceCodester Barangay Population Monitoring System CVE-2024-2064 (A vulnerability has been found in rahman SelectCours 1.0 and classifie ...) NOT-FOR-US: rahman SelectCours CVE-2024-2063 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2062 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2061 (A vulnerability classified as critical was found in SourceCodester Pet ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2060 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2059 (A vulnerability was found in SourceCodester Petrol Pump Management Sof ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2058 (A vulnerability was found in SourceCodester Petrol Pump Management Sof ...) NOT-FOR-US: SourceCodester Petrol Pump Management Software CVE-2024-2057 (A vulnerability was found in LangChain langchain_community 0.0.26. It ...) NOT-FOR-US: Harrison Chase LangChain CVE-2024-27734 (A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an atta ...) NOT-FOR-US: CSZ CMS CVE-2024-27692 REJECTED CVE-2024-27689 (Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Reques ...) NOT-FOR-US: Stupid Simple CMS CVE-2024-27572 (LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27571 (LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27570 (LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27569 (LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27568 (LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27567 (LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow vi ...) NOT-FOR-US: LBT T300-T390 CVE-2024-27559 (Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Reques ...) NOT-FOR-US: Stupid Simple CMS CVE-2024-27558 (Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) wi ...) NOT-FOR-US: Stupid Simple CMS CVE-2024-27499 (Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png fil ...) NOT-FOR-US: Bagisto CVE-2024-27497 (Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypas ...) NOT-FOR-US: Linksys CVE-2024-27298 (parse-server is a Parse Server for Node.js / Express. This vulnerabili ...) NOT-FOR-US: Parse Server CVE-2024-27296 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-27295 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-27140 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input Duri ...) NOT-FOR-US: Apache Archiva CVE-2024-27139 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability ...) NOT-FOR-US: Apache Archiva CVE-2024-27138 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability ...) NOT-FOR-US: Apache Archiva CVE-2024-26280 (Apache Airflow, versions before 2.8.2, has a vulnerability that allows ...) - airflow (bug #819700) CVE-2024-25972 (Initialization of a resource with an insecure default vulnerability in ...) NOT-FOR-US: Atsumi CVE-2024-25091 (Protection mechanism failure issue exists in RevoWorks SCVX prior to s ...) NOT-FOR-US: RevoWorks CVE-2024-24907 (Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contai ...) NOT-FOR-US: Dell CVE-2024-24906 (Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contai ...) NOT-FOR-US: Dell CVE-2024-24905 (Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contai ...) NOT-FOR-US: Dell CVE-2024-24904 (Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contai ...) NOT-FOR-US: Dell CVE-2024-24903 (Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, conta ...) NOT-FOR-US: Dell CVE-2024-24900 (Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contai ...) NOT-FOR-US: Dell CVE-2024-22458 (Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption S ...) NOT-FOR-US: Dell CVE-2024-22457 (Dell Secure Connect Gateway 5.20 contains an improper authentication v ...) NOT-FOR-US: Dell CVE-2024-1624 (An OS Command Injection vulnerability affecting documentation server o ...) NOT-FOR-US: 3DEXPERIENCE CVE-2024-1453 (In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open ...) NOT-FOR-US: Sante DICOM Viewer Pro CVE-2024-1174 (Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could p ...) NOT-FOR-US: HP CVE-2024-1120 (The NextMove Lite \u2013 Thank You Page for WooCommerce and Finale Lit ...) NOT-FOR-US: WordPress plugin CVE-2024-0967 (A potential vulnerability has been identified in OpenText / Micro Focu ...) NOT-FOR-US: OpenText CVE-2024-0692 (The SolarWinds Security Event Manager was susceptible to Remote Code E ...) NOT-FOR-US: SolarWinds CVE-2023-52558 (In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, an ...) NOT-FOR-US: OpenBSD CVE-2023-52557 (In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp messa ...) NOT-FOR-US: OpenBSD npppd CVE-2023-52556 (In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s pro ...) NOT-FOR-US: OpenBSD CVE-2023-50378 (Lack of proper input validation and constraint enforcement in Apache A ...) NOT-FOR-US: Apache Ambari CVE-2023-48674 (Dell Platform BIOS contains an Improper Null Termination vulnerability ...) NOT-FOR-US: Dell CVE-2023-46951 (Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allow ...) NOT-FOR-US: sidekiq-unique-jobs CVE-2023-46950 (Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allow ...) NOT-FOR-US: sidekiq-unique-jobs CVE-2023-39254 (Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontr ...) NOT-FOR-US: Dell CVE-2024-2045 (Session version 1.17.5 allows obtaining internal application files and ...) NOT-FOR-US: Session Android CVE-2024-2022 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2021 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2016 (A vulnerability, which was classified as critical, was found in ZhiCms ...) NOT-FOR-US: ZhiCms CVE-2024-2015 (A vulnerability, which was classified as critical, has been found in Z ...) NOT-FOR-US: ZhiCms CVE-2024-2014 (A vulnerability classified as critical was found in Panabit Panalog 20 ...) NOT-FOR-US: Panabit Panalog CVE-2024-27950 (Missing Authorization vulnerability in sirv.Com Image Optimizer, Resiz ...) NOT-FOR-US: WordPress plugin CVE-2024-27949 (Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Opt ...) NOT-FOR-US: WordPress plugin CVE-2024-27294 (dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp ...) NOT-FOR-US: dp-golang Puppet module CVE-2024-27292 (Docassemble is an expert system for guided interviews and document ass ...) NOT-FOR-US: Docassemble CVE-2024-27291 (Docassemble is an expert system for guided interviews and document ass ...) NOT-FOR-US: Docassemble CVE-2024-27290 (Docassemble is an expert system for guided interviews and document ass ...) NOT-FOR-US: Docassemble CVE-2024-26196 (Microsoft Edge for Android (Chromium-based) Information Disclosure Vul ...) NOT-FOR-US: Microsoft CVE-2024-25578 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain ...) NOT-FOR-US: MicroDicom DICOM Viewer CVE-2024-25554 REJECTED CVE-2024-25553 REJECTED CVE-2024-25552 (A local attacker can gain administrative privileges by inserting an ex ...) NOT-FOR-US: VDE CVE-2024-25386 (Directory Traversal vulnerability in DICOM\xae Connectivity Framework ...) NOT-FOR-US: laurelbridge CVE-2024-25293 (mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a re ...) NOT-FOR-US: mjml-app CVE-2024-25239 (SQL Injection vulnerability in Sourcecodester Employee Management Syst ...) NOT-FOR-US: Sourcecodester Employee Management System CVE-2024-25167 (Cross Site Scripting vulnerability in eblog v1.0 allows a remote attac ...) NOT-FOR-US: eblog CVE-2024-24520 (An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbi ...) NOT-FOR-US: Lepton CMS CVE-2024-24028 (Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2. ...) NOT-FOR-US: Likeshop CVE-2024-22891 (Nteract v.0.28.0 was discovered to contain a remote code execution (RC ...) NOT-FOR-US: Nteract CVE-2024-22100 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are aff ...) NOT-FOR-US: MicroDicom DICOM Viewer CVE-2024-1941 (Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2024-1859 (The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow ...) NOT-FOR-US: WordPress plugin CVE-2024-0403 (Recipes version 1.5.10 allows arbitrary HTTP requests to be made thro ...) NOT-FOR-US: Recipes CVE-2023-52555 (In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletio ...) NOT-FOR-US: mongo-express CVE-2023-50324 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-As ...) NOT-FOR-US: IBM CVE-2023-50312 (IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 cou ...) NOT-FOR-US: IBM CVE-2023-50305 (IBM Engineering Requirements Management DOORS 9.7.2.7 does not require ...) NOT-FOR-US: IBM CVE-2023-47716 (IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5 ...) NOT-FOR-US: IBM CVE-2023-38366 (IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 ...) NOT-FOR-US: IBM CVE-2021-47068 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 (5.13-rc1) CVE-2021-47067 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ef85bb582c41524e9e68dfdbde48e519dac4ab3d (5.13-rc1) CVE-2021-47066 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8 (5.13-rc1) CVE-2021-47065 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e (5.13-rc1) CVE-2021-47064 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b4403cee6400c5f679e9c4a82b91d61aa961eccf (5.13-rc1) CVE-2021-47063 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/4d906839d321c2efbf3fed4bc31ffd9ff55b75c0 (5.13-rc1) CVE-2021-47062 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c36b16d29f3af5f32fc1b2a3401bf48f71cabee1 (5.13-rc1) CVE-2021-47061 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/2ee3757424be7c1cd1d0bbfa6db29a7edd82a250 (5.13-rc1) CVE-2021-47060 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/5d3c4c79384af06e3c8e25b7770b6247496b4417 (5.13-rc1) CVE-2021-47059 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1dbc6a1e25be8575d6c4114d1d2b841a796507f7 (5.13-rc1) CVE-2021-47058 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/e41a962f82e7afb5b1ee644f48ad0b3aee656268 (5.13-rc1) CVE-2021-47057 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98b5ef3e97b16eaeeedb936f8bda3594ff84a70e (5.13-rc1) CVE-2021-47056 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446 (5.13-rc1) CVE-2021-47055 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/1e97743fd180981bef5f01402342bb54bf1c6366 (5.13-rc1) CVE-2021-47054 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/ac6ad7c2a862d682bb584a4bc904d89fa7721af8 (5.13-rc1) CVE-2021-47020 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/48f17f96a81763c7c8bf5500460a359b9939359f (5.13-rc1) CVE-2021-47016 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/43262178c043032e7c42d00de44c818ba05f9967 (5.13-rc1) CVE-2021-46959 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/794aaf01444d4e765e2b067cba01cc69c1c68ed9 (5.13-rc1) CVE-2024-2009 (A vulnerability was found in Nway Pro 9. It has been rated as problema ...) NOT-FOR-US: Nway Pro CVE-2024-2007 (A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declare ...) NOT-FOR-US: OpenBMB XAgent CVE-2024-2001 (A Cross-Site Scripting vulnerability in Cockpit CMS affecting version ...) NOT-FOR-US: Cockpit CMS CVE-2024-27906 (Apache Airflow, versions before 2.8.2, has a vulnerability that allows ...) - airflow (bug #819700) CVE-2024-27662 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer d ...) NOT-FOR-US: D-Link CVE-2024-27661 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...) NOT-FOR-US: D-Link CVE-2024-27660 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer d ...) NOT-FOR-US: D-Link CVE-2024-27659 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...) NOT-FOR-US: D-Link CVE-2024-27658 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer der ...) NOT-FOR-US: D-Link CVE-2024-27657 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2024-27656 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2024-27655 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2024-27094 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2024-26548 (An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remot ...) NOT-FOR-US: vivotek Network Camera CVE-2024-25811 (An access control issue in Dreamer CMS v4.0.1 allows attackers to down ...) NOT-FOR-US: Dreamer CMS CVE-2024-25180 (An issue discovered in pdfmake 0.2.9 allows remote attackers to run ar ...) NOT-FOR-US: pdfmake CVE-2024-24818 (EspoCRM is an Open Source Customer Relationship Management software. A ...) NOT-FOR-US: EspoCRM CVE-2024-24246 (Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to ...) - qpdf 11.9.0-1 [bookworm] - qpdf (Minor issue) [bullseye] - qpdf (Vulnerable code not present) [buster] - qpdf (Vulnerable code was introduced later) NOTE: https://github.com/qpdf/qpdf/issues/1123 NOTE: https://github.com/qpdf/qpdf/commit/cb0f390cc1f98a8e82b27259f8f3cd5f162992eb (v11.9.0) CVE-2024-24110 (SQL Injection vulnerability in crmeb_java before v1.3.4 allows attacke ...) NOT-FOR-US: crmeb_java CVE-2024-20765 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-1953 (Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and ...) - mattermost-server (bug #823556) CVE-2024-1952 (Mattermost version 8.1.x before 8.1.9 fails to sanitize data associate ...) - mattermost-server (bug #823556) CVE-2024-1949 (A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x ...) - mattermost-server (bug #823556) CVE-2024-1942 (Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 ...) - mattermost-server (bug #823556) CVE-2024-1908 (An Improper Privilege Management vulnerabilitywas identified in GitHub ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1888 (Mattermost fails to check the"invite_guest" permission when invitinggu ...) - mattermost-server (bug #823556) CVE-2024-1619 (Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for ...) NOT-FOR-US: Kaspersky Security CVE-2024-1595 (Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely lo ...) NOT-FOR-US: Delta Electronics CVE-2024-0864 (Enabling Simple Ajax Uploader plugin included in Laragon open-source s ...) NOT-FOR-US: Laragon CVE-2024-0068 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) NOT-FOR-US: HYPR Workforce Access CVE-2023-6132 (The vulnerability, if exploited, could allow a malicious entity with a ...) NOT-FOR-US: AVEVA CVE-2024-26620 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11 (6.8-rc1) CVE-2024-26619 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 (6.8-rc1) CVE-2024-26618 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.6.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 (6.8-rc1) CVE-2024-26617 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4cccb6221cae6d020270606b9e52b1678fc8b71a (6.8-rc1) CVE-2024-26616 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f546c4282673497a06ecb6190b50ae7f6c85b02f (6.8-rc2) CVE-2024-26615 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/dbc153fd3c142909e564bb256da087e13fbf239c (6.8-rc2) CVE-2024-26614 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/198bc90e0e734e5f98c3d2833e8390cac3df61b2 (6.8-rc2) CVE-2024-26613 REJECTED CVE-2024-26612 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 (6.8-rc2) CVE-2024-26611 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c5114710c8ce86b8317e9b448f4fd15c711c2a82 (6.8-rc2) CVE-2024-26610 (In the Linux kernel, the following vulnerability has been resolved: w ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d (6.8-rc2) CVE-2024-26609 REJECTED CVE-2024-26608 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ebeae8adf89d9a82359f6659b1663d09beec2faa (6.8-rc2) CVE-2024-26607 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/08ac6f132dd77e40f786d8af51140c96c6d739c9 (6.8-rc2) CVE-2023-52498 (In the Linux kernel, the following vulnerability has been resolved: P ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557 (6.8-rc1) CVE-2023-52497 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de (6.8-rc1) CVE-2023-52496 REJECTED CVE-2023-52495 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0 (6.8-rc1) CVE-2023-52494 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eff9704f5332a13b08fbdbe0f84059c9e7051d5f (6.8-rc1) CVE-2023-52493 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/01bd694ac2f682fb8017e16148b928482bc8fa4b (6.8-rc1) CVE-2023-52492 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5c24d94512f1b288262beda4d3dcb9629222fc7 (6.8-rc1) CVE-2023-52491 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/206c857dd17d4d026de85866f1b5f0969f2a109e (6.8-rc1) CVE-2023-52490 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d1adb25df7111de83b64655a80b5a135adbded61 (6.8-rc1) CVE-2023-52489 (In the Linux kernel, the following vulnerability has been resolved: m ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5ec8e8ea8b7783fab150cf86404fc38cb4db8800 (6.8-rc1) CVE-2023-52488 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/dbf4ab821804df071c8b566d9813083125e6d97b (6.8-rc1) CVE-2023-52487 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d76fdd31f953ac5046555171620f2562715e9b71 (6.8-rc2) CVE-2023-52486 (In the Linux kernel, the following vulnerability has been resolved: d ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c (6.8-rc1) CVE-2023-52485 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1) CVE-2024-0074 (NVIDIA GPU Display Driver for Linux contains a vulnerability where an ...) [experimental] - nvidia-graphics-drivers 535.161.07-1 - nvidia-graphics-drivers (bug #1064983) [bookworm] - nvidia-graphics-drivers (Non-free not supported) [bullseye] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1064984) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1064986) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.248.02-4 (bug #1064987) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1064988) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.239.06-1 (bug #1064989) [bookworm] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla (bug #1064990) [bookworm] - nvidia-graphics-drivers-tesla (Non-free not supported) - nvidia-open-gpu-kernel-modules (bug #1064991) [bookworm] - nvidia-open-gpu-kernel-modules (Contrib not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520 CVE-2024-42265 - nvidia-graphics-drivers (bug #1064983) [bookworm] - nvidia-graphics-drivers (Non-free not supported) [bullseye] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1064984) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1064986) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.248.02-4 (bug #1064987) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1064988) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.239.06-1 (bug #1064989) [bookworm] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520 CVE-2024-0078 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) [experimental] - nvidia-graphics-drivers 535.161.07-1 - nvidia-graphics-drivers (bug #1064983) [bookworm] - nvidia-graphics-drivers (Non-free not supported) [bullseye] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1064984) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx (bug #1064985) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1064986) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.248.02-4 (bug #1064987) [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1064988) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.239.06-1 (bug #1064989) [bookworm] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla (bug #1064990) [bookworm] - nvidia-graphics-drivers-tesla (Non-free not supported) - nvidia-open-gpu-kernel-modules (bug #1064991) [bookworm] - nvidia-open-gpu-kernel-modules (Contrib not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520 CVE-2024-0075 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) [experimental] - nvidia-graphics-drivers 535.161.07-1 - nvidia-graphics-drivers (bug #1064983) [bookworm] - nvidia-graphics-drivers (Non-free not supported) [bullseye] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla (bug #1064990) [bookworm] - nvidia-graphics-drivers-tesla (Non-free not supported) - nvidia-open-gpu-kernel-modules (bug #1064991) [bookworm] - nvidia-open-gpu-kernel-modules (Contrib not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5520 CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sensitive ...) NOT-FOR-US: uverif CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...) NOT-FOR-US: OpenEMR CVE-2024-26450 (An issue exists within Piwigo before v.14.2.0 allowing a malicious use ...) - piwigo CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...) NOT-FOR-US: CodeAstro CVE-2024-25868 (A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Man ...) NOT-FOR-US: CodeAstro CVE-2024-25867 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...) NOT-FOR-US: CodeAstro CVE-2024-25866 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...) NOT-FOR-US: CodeAstro CVE-2024-25594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25579 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) NOT-FOR-US: ELECOM CVE-2024-25422 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...) NOT-FOR-US: SEMCMS CVE-2024-25351 (SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGuruku ...) NOT-FOR-US: PHPGurukul CVE-2024-25350 (SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGuruku ...) NOT-FOR-US: PHPGurukul CVE-2024-25292 (Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows a ...) NOT-FOR-US: RenderTune CVE-2024-25291 (Deskfiler v1.2.3 allows attackers to execute arbitrary code via upload ...) NOT-FOR-US: Deskfiler CVE-2024-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24988 (Mattermost fails to properly validate the length of the emoji value in ...) - mattermost-server (bug #823556) CVE-2024-24525 (An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 all ...) NOT-FOR-US: EpointWebBuilder CVE-2024-24155 (Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, pars ...) NOT-FOR-US: Bento4 CVE-2024-24150 (A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4. ...) - ming CVE-2024-24149 (A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4. ...) - ming CVE-2024-24147 (A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v ...) - ming CVE-2024-24146 (A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0. ...) - ming CVE-2024-23910 (Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN ...) NOT-FOR-US: ELECOM CVE-2024-23501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23493 (Mattermost fails to properly authorize the requests fetchingteam assoc ...) - mattermost-server (bug #823556) CVE-2024-23488 (Mattermost fails to properly restrict the access of files attached to ...) - mattermost-server (bug #823556) CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.) NOT-FOR-US: Couchbase Server CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...) NOT-FOR-US: Projectworlds Visitor Management System CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker ...) - clojure NOTE: https://hackmd.io/@fe1w0/rymmJGida CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x8 ...) NOT-FOR-US: XNSoft NConvert CVE-2024-21798 (ELECOM wireless LAN routers contain a cross-site scripting vulnerabili ...) NOT-FOR-US: ELECOM CVE-2024-21752 (Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Aja ...) NOT-FOR-US: WordPress plugin CVE-2024-1982 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1981 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1978 (The Friends plugin for WordPress is vulnerable to Server-Side Request ...) NOT-FOR-US: WordPress plugin CVE-2024-1977 (The Restaurant Solutions \u2013 Checklist plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-1976 (The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-1972 (A vulnerability was found in SourceCodester Online Job Portal 1.0 and ...) NOT-FOR-US: SourceCodester CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online Shopping Syst ...) NOT-FOR-US: Surya2Developer Online Shopping System CVE-2024-1970 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when fetchin ...) - mattermost-server (bug #823556) CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-1341 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-0689 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-6090 (Unrestricted Upload of File with Dangerous Type vulnerability in Molli ...) NOT-FOR-US: WooCommerce plugin CVE-2023-5617 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...) NOT-FOR-US: Hitachi CVE-2023-51802 (Cross Site Scripting (XSS) vulnerability in the Simple Student Attenda ...) NOT-FOR-US: Simple Student Attendance System CVE-2023-51801 (SQL Injection vulnerability in the Simple Student Attendance System v. ...) NOT-FOR-US: Simple Student Attendance System CVE-2023-51800 (Cross Site Scripting (XSS) vulnerability in School Fees Management Sys ...) NOT-FOR-US: School Fees Management System CVE-2023-51696 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...) NOT-FOR-US: WordPress plugin CVE-2023-51531 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...) NOT-FOR-US: WordPress plugin CVE-2023-51530 (Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Sli ...) NOT-FOR-US: WordPress plugin CVE-2023-51529 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega \ ...) NOT-FOR-US: WordPress plugin CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Powe ...) NOT-FOR-US: WordPress plugin CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. ...) NOT-FOR-US: Couchbase Server CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4. ns_server ad ...) NOT-FOR-US: Couchbase Server CVE-2023-49932 (An issue was discovered in Couchbase Server before 7.2.4. An attacker ...) NOT-FOR-US: Couchbase Server CVE-2023-49931 (An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL c ...) NOT-FOR-US: Couchbase Server CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL calls t ...) NOT-FOR-US: Couchbase Server CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authent ...) NOT-FOR-US: Couchbase Server CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue affects ...) NOT-FOR-US: WordPress plugin CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) NOT-FOR-US: Couchbase Server CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...) NOT-FOR-US: Couchbase Server CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 ...) - hazelcast (bug #745640) CVE-2023-43769 (An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 ...) NOT-FOR-US: Couchbase Server CVE-2023-38372 (An unauthorized attacker who has obtained an IBM Watson IoT Platform 1 ...) NOT-FOR-US: IBM CVE-2023-38367 (IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM C ...) NOT-FOR-US: IBM CVE-2023-52484 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/d5afb4b47e13161b3f33904d45110f9e6463bad6 (6.6-rc5) CVE-2023-52483 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5093bbfc10ab6636b32728e35813cbd79feb063c (6.6-rc6) CVE-2023-52482 (In the Linux kernel, the following vulnerability has been resolved: x ...) {DSA-5681-1} - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d (6.6-rc4) CVE-2023-52481 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5) CVE-2023-52480 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f (6.6-rc5) CVE-2023-52479 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/c69813471a1ec081a0b9bf0c6bd7e8afd818afce (6.6-rc5) CVE-2023-52478 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/dac501397b9d81e4782232c39f94f4307b137452 (6.6-rc6) CVE-2023-52477 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/f74a7afc224acd5e922c7a2e52244d891bbe44ee (6.6-rc6) CVE-2023-52476 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/e53899771a02f798d436655efbd9d4b46c0f9265 (6.6-rc6) CVE-2023-52475 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/5c15c60e7be615f05a45cd905093a54b11f461bc (6.6-rc6) CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahual ...) NOT-FOR-US: bytesforall Atahualpa CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attacke ...) NOT-FOR-US: Webasyst CVE-2024-27516 (Server-Side Template Injection (SSTI) vulnerability in livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.) NOT-FOR-US: Osclass CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within the Y ...) {DSA-5635-1 DLA-3753-1} - yard 0.9.36-1 (bug #1065118) NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc NOTE: Fixed by: https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 (v0.9.35) NOTE: Followup: https://github.com/lsegal/yard/commit/c88406e4b78f8dd4ba38c79eea0bcec716dbbef8 (v0.9.36) NOTE: Followup: https://github.com/lsegal/yard/commit/2a0b9990b64ceeeb0456177c593e36e204a06df1 (v0.9.36) NOTE: Followup: https://github.com/lsegal/yard/commit/a831a596b2a7cabdd2e17855dd179af2ebf3d559 (v0.9.36) CVE-2024-27284 (cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts ...) NOT-FOR-US: Rust crate cassandra-rs CVE-2024-27103 (Querybook is a Big Data Querying UI. When a user searches for their qu ...) NOT-FOR-US: Querybook CVE-2024-27083 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (bug #1065116) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 (v4.2.1) CVE-2024-26342 (A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384 ...) NOT-FOR-US: ASUS CVE-2024-25932 (Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwa ...) NOT-FOR-US: WordPress plugin CVE-2024-25931 (Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heure ...) NOT-FOR-US: WordPress plugin CVE-2024-25930 (Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Or ...) NOT-FOR-US: WordPress plugin CVE-2024-25927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-25910 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-25902 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-25859 (A path traversal vulnerability in the /path/to/uploads/ directory of B ...) NOT-FOR-US: Blesta CVE-2024-25833 (F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, ...) NOT-FOR-US: F-logic DataCube3 CVE-2024-25832 (F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, whic ...) NOT-FOR-US: F-logic DataCube3 CVE-2024-25831 (F-logic DataCube3 Version 1.0 is affected by a reflected cross-site sc ...) NOT-FOR-US: F-logic DataCube3 CVE-2024-25830 (F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due t ...) NOT-FOR-US: F-logic DataCube3 CVE-2024-25435 (A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2. ...) NOT-FOR-US: Md1health Md1patient CVE-2024-25202 (Cross Site Scripting vulnerability in Phpgurukul User Registration & L ...) NOT-FOR-US: Phpgurukul User Registration & Login and User Management System CVE-2024-25170 (An issue in Mezzanine v6.0.0 allows attackers to bypass access control ...) NOT-FOR-US: Mezzanine CVE-2024-25169 (An issue in Mezzanine v6.0.0 allows attackers to bypass access control ...) NOT-FOR-US: Mezzanine CVE-2024-25128 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (bug #1065115) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8 (v4.3.11) CVE-2024-24868 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-24708 (Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEED ...) NOT-FOR-US: WordPress plugin CVE-2024-24705 (Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibi ...) NOT-FOR-US: WordPress plugin CVE-2024-24702 (Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy S ...) NOT-FOR-US: WordPress plugin CVE-2024-24701 (Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A n ...) NOT-FOR-US: WordPress plugin CVE-2024-24148 (A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0 ...) - ming CVE-2024-23519 (Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Emai ...) NOT-FOR-US: WordPress plugin CVE-2024-22459 (Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3 ...) NOT-FOR-US: Dell CVE-2024-21749 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click d ...) NOT-FOR-US: WordPress plugin CVE-2024-20344 (A vulnerability in system resource management in Cisco UCS 6400 and 65 ...) NOT-FOR-US: Cisco CVE-2024-20321 (A vulnerability in the External Border Gateway Protocol (eBGP) impleme ...) NOT-FOR-US: Cisco CVE-2024-20294 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...) NOT-FOR-US: Cisco CVE-2024-20291 (A vulnerability in the access control list (ACL) programming for port ...) NOT-FOR-US: Cisco CVE-2024-20267 (A vulnerability with the handling of MPLS traffic for Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2024-1965 (Server-Side Request Forgery vulnerability in Haivision's Aviwest Manag ...) NOT-FOR-US: Haivision's Aviwest Manager and Aviwest Steamhub CVE-2024-1954 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-1861 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...) NOT-FOR-US: WordPress plugin CVE-2024-1860 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...) NOT-FOR-US: WordPress plugin CVE-2024-1847 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...) NOT-FOR-US: Solidworks CVE-2024-1808 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1791 (The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1719 (The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-1636 (Potential Cross-Site Scripting (XSS) in the page editing area.) NOT-FOR-US: sitefinity-cms CVE-2024-1632 (Low-privileged users with access to the Sitefinity backend may obtain ...) NOT-FOR-US: sitefinity-cms CVE-2024-1566 (The Redirects plugin for WordPress is vulnerable to unauthorized modif ...) NOT-FOR-US: WordPress plugin CVE-2024-1516 (The WP eCommerce plugin for WordPress is vulnerable to unauthorized ar ...) NOT-FOR-US: WordPress plugin CVE-2024-1514 (The WP eCommerce plugin for WordPress is vulnerable to time-based blin ...) NOT-FOR-US: WordPress plugin CVE-2024-1476 (The Under Construction / Maintenance Mode from Acurax plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-1368 (The Page Duplicator plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1136 (The Coming Soon Page & Maintenance Mode plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2024-0975 (The WordPress Access Control plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2024-0786 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via ...) NOT-FOR-US: WordPress plugin CVE-2024-0768 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0767 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0766 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2024-0682 (The Page Restrict plugin for WordPress is vulnerable to information di ...) NOT-FOR-US: WordPress plugin CVE-2024-0680 (The WP Private Content Plus plugin for WordPress is vulnerable to info ...) NOT-FOR-US: WordPress plugin CVE-2024-0560 (A vulnerability was found in 3Scale, when used with Keycloak 15 (or RH ...) NOT-FOR-US: Red Hat 3scale API gateway CVE-2024-0433 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-0432 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2024-0431 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-6922 (The Under Construction / Maintenance Mode from Acurax plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-6917 (A vulnerability has been identified in the Performance Co-Pilot (PCP) ...) - pcp 6.2.0-1 [bookworm] - pcp (Minor issue) [bullseye] - pcp (Minor issue) [buster] - pcp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/02/28/1 NOTE: https://github.com/performancecopilot/pcp/pull/1873 CVE-2023-52226 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.T ...) NOT-FOR-US: WordPress plugin CVE-2023-52223 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLi ...) NOT-FOR-US: WordPress plugin CVE-2023-52048 (RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: RuoYi CVE-2023-52047 (Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: Dedecms CVE-2023-51692 (Missing Authorization vulnerability in CusRev Customer Reviews for Woo ...) NOT-FOR-US: WordPress plugin CVE-2023-51683 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy ...) NOT-FOR-US: WordPress plugin CVE-2023-51681 (Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicat ...) NOT-FOR-US: WordPress plugin CVE-2023-51533 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...) NOT-FOR-US: WordPress plugin CVE-2024-25065 (Possible path traversal in Apache OFBiz allowing authentication bypass ...) NOT-FOR-US: Apache OFBiz CVE-2024-23946 (Possible path traversal in Apache OFBiz allowing file inclusion. Users ...) NOT-FOR-US: Apache OFBiz CVE-2024-22857 (Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().Th ...) NOT-FOR-US: zlog CVE-2024-26016 (A low privilege authenticated user could import an existing dashboard ...) NOT-FOR-US: Apache Superset CVE-2024-24779 (Apache Superset with custom roles that include `can write on dataset` ...) NOT-FOR-US: Apache Superset CVE-2024-24772 (A guest user could exploit a chart data REST API and send arbitrary SQ ...) NOT-FOR-US: Apache Superset CVE-2024-24773 (Improper parsing of nested SQL statements on SQLLab would allow authen ...) NOT-FOR-US: Apache Superset CVE-2024-27315 (An authenticated user with privileges to create Alerts on Alerts & Rep ...) NOT-FOR-US: Apache Superset CVE-2021-47053 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/50274b01ac1689b1a3f6bc4b5b3dbf361a55dd3a (5.13-rc1) CVE-2021-47052 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/854b7737199848a91f6adfa0a03cf6f0c46c86e8 (5.13-rc1) CVE-2021-47051 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a03675497970a93fcf25d81d9d92a59c2d7377a7 (5.13-rc1) CVE-2021-47050 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/59e27d7c94aa02da039b000d33c304c179395801 (5.13-rc1) CVE-2021-47049 (In the Linux kernel, the following vulnerability has been resolved: D ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/3e9bf43f7f7a46f21ec071cb47be92d0874c48da (5.13-rc1) CVE-2021-47048 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a2c5bedb2d55dd27c642c7b9fb6886d7ad7bdb58 (5.13-rc1) CVE-2021-47047 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/126bdb606fd2802454e6048caef1be3e25dd121e (5.13-rc1) CVE-2021-47046 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1 (5.13-rc1) CVE-2021-47045 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8dd1c125f7f838abad009b64bff5f0a11afe3cb6 (5.13-rc1) CVE-2021-47044 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/39a2a6eb5c9b66ea7c8055026303b3aa681b49a5 (5.13-rc1) CVE-2021-47043 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5a465c5391a856a0c1e9554964d660676c35d1b2 (5.13-rc1) CVE-2021-47042 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/616cf23b6cf40ad6f03ffbddfa1b6c4eb68d8ae1 (5.13-rc1) CVE-2021-47041 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b5332a9f3f3d884a1b646ce155e664cc558c1722 (5.13-rc1) CVE-2021-47040 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/38134ada0ceea3e848fe993263c0ff6207fd46e7 (5.13-rc1) CVE-2021-47039 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1ffec389a6431782a8a28805830b6fae9bf00af1 (5.13-rc1) CVE-2021-47038 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/17486960d79b900c45e0bb8fbcac0262848582ba (5.13-rc1) CVE-2021-47037 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/96fadf7e8ff49fdb74754801228942b67c3eeebd (5.13-rc4) CVE-2021-47036 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/18f25dc399901426dff61e676ba603ff52c666f7 (5.13-rc1) CVE-2021-47035 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eea53c5816889ee8b64544fa2e9311a81184ff9c (5.13-rc1) CVE-2021-47034 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/b8b2f37cf632434456182e9002d63cbc4cccc50c (5.13-rc1) CVE-2021-47033 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ebee7885bb12a8fe2c2f9bac87dbd87a05b645f9 (5.13-rc1) CVE-2021-47032 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7dcf3c04f0aca746517a77433b33d40868ca4749 (5.13-rc1) CVE-2021-47031 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/782b3e86ea970e899f8e723db9f64708a15ca30e (5.13-rc1) CVE-2021-47030 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/49cc85059a2cb656f96ff3693f891e8fe8f669a9 (5.13-rc1) CVE-2021-47029 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c996f0346e40e3b1ac2ebaf0681df898fb157f60 (5.13-rc1) CVE-2021-47028 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f43b941fd61003659a3f0e039595e5e525917aa8 (5.13-rc1) CVE-2021-47027 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e230f0c44f011f3270680a506b19b7e84c5e8923 (5.13-rc1) CVE-2021-47026 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7f4a8592ff29f19c5a2ca549d0973821319afaad (5.13-rc1) CVE-2021-47025 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b34ea31fe013569d42b7e8681ef3f717f77c5b72 (5.13-rc1) CVE-2021-47024 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/8432b8114957235f42e070a16118a7f750de9d39 (5.13-rc1) CVE-2021-47023 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/333980481b99edb24ebd5d1a53af70a15d9146de (5.13-rc1) CVE-2021-47022 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8ab31da7b89f71c4c2defcca989fab7b42f87d71 (5.13-rc1) CVE-2021-47021 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e9d32af478cfc3744a45245c0b126738af4b3ac4 (5.13-rc1) CVE-2021-47019 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fe3fccde8870764ba3e60610774bd7bc9f8faeff (5.13-rc1) CVE-2021-47018 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9ccba66d4d2aff9a3909aa77d57ea8b7cc166f3c (5.13-rc1) CVE-2021-47017 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8392df5d7e0b6a7d21440da1fc259f9938f4dec3 (5.13-rc1) CVE-2021-47015 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/bbd6f0a948139970f4a615dff189d9a503681a39 (5.13-rc1) CVE-2021-47014 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f77bd544a6bbe69aa50d9ed09f13494cf36ff806 (5.13-rc1) CVE-2021-47013 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/6d72e7c767acbbdd44ebc7d89c6690b405b32b57 (5.13-rc1) CVE-2021-47012 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3093ee182f01689b89e9f8797b321603e5de4f63 (5.13-rc1) CVE-2021-47011 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9f38f03ae8d5f57371b71aa6b4275765b65454fd (5.13-rc1) CVE-2021-47010 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/8d432592f30fcc34ef5a10aac4887b4897884493 (5.13-rc1) CVE-2021-47009 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/83a775d5f9bfda95b1c295f95a3a041a40c7f321 (5.13-rc2) CVE-2021-47008 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a3ba26ecfb569f4aa3f867e80c02aa65f20aadad (5.13-rc1) CVE-2021-47007 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3ab0598e6d860ef49d029943ba80f627c15c15d6 (5.13-rc1) CVE-2021-47006 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/a506bd5756290821a4314f502b4bafc2afcf5260 (5.13-rc1) CVE-2021-47005 (In the Linux kernel, the following vulnerability has been resolved: P ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6613bc2301ba291a1c5a90e1dc24cf3edf223c03 (5.13-rc1) CVE-2021-47004 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/61461fc921b756ae16e64243f72af2bfc2e620db (5.13-rc1) CVE-2021-47003 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/28ac8e03c43dfc6a703aa420d18222540b801120 (5.13-rc1) CVE-2021-47002 (In the Linux kernel, the following vulnerability has been resolved: S ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b9f83ffaa0c096b4c832a43964fe6bff3acffe10 (5.13-rc1) CVE-2021-47001 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/35d8b10a25884050bb3b0149b62c3818ec59f77c (5.13-rc1) CVE-2021-47000 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1775c7ddacfcea29051c67409087578f8f4d751b (5.13-rc1) CVE-2021-46999 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/35b4f24415c854cd718ccdf38dbea6297f010aae (5.13-rc1) CVE-2021-46998 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/643001b47adc844ae33510c4bb93c236667008a3 (5.13-rc1) CVE-2021-46997 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4d6a38da8e79e94cbd1344aa90876f0f805db705 (5.13-rc1) CVE-2021-46996 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/85dfd816fabfc16e71786eda0a33a7046688b5b0 (5.13-rc1) CVE-2021-46995 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4cc7faa406975b460aa674606291dea197c1210c (5.13-rc1) CVE-2021-46994 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/03c427147b2d3e503af258711af4fc792b89b0af (5.13-rc1) CVE-2021-46993 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6d2f8909a5fabb73fe2a63918117943986c39b6c (5.13-rc1) CVE-2021-46992 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/a54754ec9891830ba548e2010c889e3c8146e449 (5.13-rc1) CVE-2021-46991 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/38318f23a7ef86a8b1862e5e8078c4de121960c3 (5.13-rc1) CVE-2021-46990 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/aec86b052df6541cc97c5fca44e5934cbea4963b (5.13-rc2) CVE-2021-46989 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c3187cf32216313fb316084efac4dab3a8459b1d (5.13-rc2) CVE-2021-46988 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/7ed9d238c7dbb1fdb63ad96a6184985151b0171c (5.13-rc2) CVE-2021-46987 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f9baa501b4fd6962257853d46ddffbc21f27e344 (5.13-rc2) CVE-2021-46986 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bb9c74a5bd1462499fe5ccb1e3c5ac40dcfa9139 (5.13-rc2) CVE-2021-46985 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/0c8bd174f0fc131bc9dfab35cd8784f59045da87 (5.13-rc2) CVE-2021-46984 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/efed9a3337e341bd0989161b97453b52567bc59d (5.13-rc2) CVE-2021-46983 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8cc365f9559b86802afc0208389f5c8d46b4ad61 (5.13-rc2) CVE-2021-46982 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a949dc5f2c5cfe0c910b664650f45371254c0744 (5.13-rc2) CVE-2021-46981 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/79ebe9110fa458d58f1fceb078e2068d7ad37390 (5.13-rc2) CVE-2021-46980 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1f4642b72be79757f050924a9b9673b6a02034bc (5.13-rc2) CVE-2021-46979 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/901f84de0e16bde10a72d7eb2f2eb73fcde8fa1a (5.13-rc2) CVE-2021-46978 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5c7e8425f18fdb9bdb7d13340651d7876890329 (5.13-rc2) CVE-2021-46977 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5104d7ffcf24749939bea7fdb5378d186473f890 (5.13-rc2) CVE-2021-46976 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/402be8a101190969fc7ff122d07e262df86e132b (5.13-rc2) CVE-2020-36787 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3536169f8531c2c5b153921dc7d1ac9fd570cda7 (5.13-rc1) CVE-2020-36786 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6045b01dd0e3cd3759eafe7f290ed04c957500b1 (5.13-rc1) CVE-2020-36785 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ba11bbf303fafb33989e95473e409f6ab412b18d (5.13-rc1) CVE-2020-36784 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6 (5.13-rc1) CVE-2020-36783 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/223125e37af8a641ea4a09747a6a52172fc4b903 (5.13-rc1) CVE-2020-36782 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/278e5bbdb9a94fa063c0f9bcde2479d0b8042462 (5.13-rc1) CVE-2020-36781 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/47ff617217ca6a13194fcb35c6c3a0c57c080693 (5.13-rc1) CVE-2020-36780 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/3a4f326463117cee3adcb72999ca34a9aaafda93 (5.13-rc1) CVE-2020-36779 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2c662660ce2bd3b09dae21a9a9ac9395e1e6c00b (5.13-rc1) CVE-2020-36778 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a85c5c7a3aa8041777ff691400b4046e56149fd3 (5.13-rc1) CVE-2023-51786 (An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x ...) - lustre NOTE: http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html CVE-2024-27913 (ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 all ...) - frr 9.1-0.1 (bug #1065144) [bullseye] - frr (Vulnerable code not present) [buster] - frr (Vulnerable code not present) NOTE: https://github.com/FRRouting/frr/pull/15431 NOTE: stable/9.0: https://github.com/FRRouting/frr/commit/aae54e20498974cb026bd0e2649ca3e753090492 NOTE: vulnerable feature introduced in https://github.com/FRRouting/frr/commit/f173deb35206a09e8dc22828cb08638e289b72a5 (first shipped with 8.0) CVE-2024-26542 (Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixe ...) NOT-FOR-US: Bonitasoft CVE-2024-26302 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: HPE CVE-2024-26301 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: HPE CVE-2024-26300 (A vulnerability in the guest interface of ClearPass Policy Manager cou ...) NOT-FOR-US: HPE CVE-2024-26299 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: HPE CVE-2024-26298 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: HPE CVE-2024-26297 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: HPE CVE-2024-26296 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: HPE CVE-2024-26295 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: HPE CVE-2024-26294 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: HPE CVE-2024-24027 (SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers ...) NOT-FOR-US: Likeshop CVE-2024-22723 (Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating ...) NOT-FOR-US: Webtrees CVE-2024-1943 (The Yuki theme for WordPress is vulnerable to Cross-Site Request Forge ...) NOT-FOR-US: WordPress theme CVE-2024-1932 (Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/ ...) NOT-FOR-US: freescout-helpdesk CVE-2024-1892 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...) - python-scrapy 2.11.1-1 (bug #1065111) [bookworm] - python-scrapy (Minor issue) [bullseye] - python-scrapy (Minor issue) [buster] - python-scrapy (Minor issue) NOTE: https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b/ NOTE: https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5 (2.11.1) NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-cc65-xxvf-f7r9 CVE-2024-1866 REJECTED CVE-2024-1865 REJECTED CVE-2024-1864 REJECTED CVE-2024-1568 (The Seraphinite Accelerator plugin for WordPress is vulnerable to Serv ...) NOT-FOR-US: WordPress plugin CVE-2024-1388 (The Yuki theme for WordPress is vulnerable to unauthorized modificatio ...) NOT-FOR-US: WordPress theme CVE-2024-0763 (Any user can delete an arbitrary folder (recursively) on a remote serv ...) NOT-FOR-US: anythingllm CVE-2024-0550 (A user who is privileged already `manager` or `admin` can set their pr ...) NOT-FOR-US: anythingllm CVE-2023-50737 (The SE menu contains information used by Lexmark to diagnose device er ...) NOT-FOR-US: Lexmark CVE-2023-50736 (A memory corruption vulnerability has been identified in PostScript in ...) NOT-FOR-US: Lexmark CVE-2023-50735 (A heap corruption vulnerability has been identified in PostScript inte ...) NOT-FOR-US: Lexmark CVE-2023-50734 (A buffer overflow vulnerability has been identified in PostScript inte ...) NOT-FOR-US: Lexmark CVE-2023-50303 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2021-46969 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0ecc1c70dcd32c0f081b173a1a5d89952686f271 (5.13-rc1) CVE-2021-46972 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41 (5.13-rc1) CVE-2021-46973 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/47a017f33943278570c072bc71681809b2567b3a (5.13-rc1) CVE-2021-46958 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/061dde8245356d8864d29e25207aa4daa0be4d3c (5.13-rc1) CVE-2021-46957 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b1ebaa0e1318494a7637099a26add50509e37964 (5.13-rc1) CVE-2021-46956 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c79c5e0178922a9e092ec8fed026750f39dcaef4 (5.13-rc1) CVE-2021-46975 REJECTED CVE-2021-46974 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/b9b34ddbe2076ade359cd5ce7537d5ed019e9807 (5.13-rc1) CVE-2021-46971 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b (5.13-rc1) CVE-2021-46970 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0fccbf0a3b690b162f53b13ed8bc442ea33437dc (5.13-rc1) CVE-2021-46968 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/70fac8088cfad9f3b379c9082832b4d7532c16c2 (5.13-rc1) CVE-2021-46967 (In the Linux kernel, the following vulnerability has been resolved: v ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44 (5.13-rc1) CVE-2021-46966 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/e483bb9a991bdae29a0caa4b3a6d002c968f94aa (5.13-rc1) CVE-2021-46965 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/683313993dbe1651c7aa00bb42a041d70e914925 (5.13-rc1) CVE-2021-46964 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f02d4086a8f36a0e1aaebf559b54cf24a177a486 (5.13-rc1) CVE-2021-46963 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/6641df81ab799f28a5d564f860233dd26cca0d93 (5.13-rc1) CVE-2021-46962 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e29c84857e2d51aa017ce04284b962742fb97d9e (5.13-rc1) CVE-2021-46961 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a97709f563a078e259bf0861cd259aa60332890a (5.13-rc1) CVE-2021-46960 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/83728cbf366e334301091d5b808add468ab46b27 (5.13-rc1) CVE-2021-46955 (In the Linux kernel, the following vulnerability has been resolved: o ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/7c0ea5930c1c211931819d83cfb157bff1539a4c (5.13-rc1) CVE-2021-46954 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/31fe34a0118e0acc958c802e830ad5d37ef6b1d3 (5.13-rc1) CVE-2021-46953 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/1ecd5b129252249b9bc03d7645a7bda512747277 (5.13-rc1) CVE-2021-46952 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c09f11ef35955785f92369e25819bf0629df2e59 (5.13-rc1) CVE-2021-46951 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/48cff270b037022e37835d93361646205ca25101 (5.13-rc1) CVE-2021-46950 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/2417b9869b81882ab90fd5ed1081a1cb2d4db1dd (5.13-rc1) CVE-2021-46949 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5b1faa92289b53cad654123ed2bc8e10f6ddd4ac (5.13-rc1) CVE-2021-46948 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/83b09a1807415608b387c7bc748d329fefc5617e (5.13-rc1) CVE-2021-46947 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/99ba0ea616aabdc8e26259fd722503e012199a76 (5.13-rc1) CVE-2021-46946 REJECTED CVE-2021-46945 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ac2f7ca51b0929461ea49918f27c11b680f28995 (5.13-rc1) CVE-2021-46944 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3630901933afba1d16c462b04d569b7576339223 (5.13-rc1) CVE-2021-46943 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ad91849996f9dd79741a961fd03585a683b08356 (5.13-rc1) CVE-2021-46942 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/734551df6f9bedfbefcd113ede665945e9de0b99 (5.13-rc1) CVE-2021-46941 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/f88359e1588b85cf0e8209ab7d6620085f3441d9 (5.13-rc1) CVE-2021-46940 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/13a779de4175df602366d129e41782ad7168cef0 (5.13-rc1) CVE-2021-46939 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/aafe104aa9096827a429bc1358f8260ee565b7cc (5.13-rc1) CVE-2021-46938 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/8e947c8f4a5620df77e43c9c75310dc510250166 (5.13-rc1) CVE-2020-36777 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/bf9a40ae8d722f281a2721779595d6df1c33a0bf (5.13-rc1) CVE-2020-36776 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 5.10.38-1 NOTE: https://git.kernel.org/linus/34ab17cc6c2c1ac93d7e5d53bb972df9a968f085 (5.13-rc1) CVE-2024-27508 (Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/cryp ...) - atheme-services (Vulnerable code not yet present in 7.2.12) NOTE: https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md NOTE: Also not a real issue: https://github.com/atheme/atheme/issues/921 CVE-2024-27507 (libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2l ...) - liblas [buster] - liblas (Minor issue) CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Ser ...) - azure-uamqp-python 1.6.8-2 (bug #1064996) NOTE: https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj NOTE: https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...) NOT-FOR-US: SocialMediaWebsite CVE-2024-26472 (KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected c ...) NOT-FOR-US: SocialMediaWebsite CVE-2024-26471 (A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBa ...) NOT-FOR-US: zhimengzhe iBarn CVE-2024-26470 (A host header injection vulnerability in the forgot password function ...) NOT-FOR-US: FullStackHero's WebAPI Boilerplate CVE-2024-26464 REJECTED CVE-2024-26143 (Rails is a web-application framework. There is a possible XSS vulnerab ...) - rails (Vulnerable code not present) NOTE: https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4 NOTE: https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc (v7.0.8.1) NOTE: https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e (v7.1.3.1) CVE-2024-26142 (Rails is a web-application framework. Starting in version 7.1.0, there ...) - rails (Vulnerable code not present) NOTE: https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq NOTE: https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272 (v7.1.3.1) CVE-2024-25846 (In the module "Product Catalog (CSV, Excel) Import" (simpleimportprodu ...) NOT-FOR-US: PrestaShop module CVE-2024-25843 (In the module "Import/Update Bulk Product from any Csv/Excel File Pro" ...) NOT-FOR-US: PrestaShop module CVE-2024-25841 (In the module "So Flexibilite" (soflexibilite) from Common-Services fo ...) NOT-FOR-US: PrestaShop module CVE-2024-25840 (In the module "Account Manager | Sales Representative & Dealers | CRM" ...) NOT-FOR-US: PrestaShop module CVE-2024-25723 (ZenML Server in the ZenML machine learning package before 0.46.7 for P ...) NOT-FOR-US: ZenML CVE-2024-25400 (Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.ph ...) NOT-FOR-US: Subrion CMS CVE-2024-25399 (Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via admi ...) NOT-FOR-US: Subrion CMS CVE-2024-25398 (In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted n ...) NOT-FOR-US: Srelay CVE-2024-24323 (SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a re ...) NOT-FOR-US: linlinjava litemall CVE-2024-22251 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...) NOT-FOR-US: VMware CVE-2024-21742 (Improper input validation allows for header injection in MIME4J librar ...) - apache-mime4j 0.8.10-1 (bug #1064966) [bookworm] - apache-mime4j (Minor issue) [bullseye] - apache-mime4j (Minor issue) [buster] - apache-mime4j (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/02/27/5 NOTE: https://github.com/apache/james-mime4j/commit/9dec5df2a588fed8027839815daefa79ee66efd1 (apache-mime4j-project-0.8.10) NOTE: https://github.com/apache/james-mime4j/pull/91 CVE-2024-1928 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2024-1927 (A vulnerability classified as critical was found in SourceCodester Web ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2024-1926 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System CVE-2024-1925 (A vulnerability was found in Ctcms 2.1.2. It has been declared as crit ...) NOT-FOR-US: Ctcms CVE-2024-1924 (A vulnerability was found in CodeAstro Membership Management System 1. ...) NOT-FOR-US: CodeAstro Membership Management System CVE-2024-1923 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2024-1922 (A vulnerability has been found in SourceCodester Online Job Portal 1.0 ...) NOT-FOR-US: SourceCodester Online Job Portal CVE-2024-1921 (A vulnerability, which was classified as critical, was found in osuuu ...) NOT-FOR-US: osuuu LightPicture CVE-2024-1920 (A vulnerability, which was classified as critical, has been found in o ...) NOT-FOR-US: osuuu LightPicture CVE-2024-1919 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Job Portal CVE-2024-1918 (A vulnerability has been found in Byzoro Smart S42 Management Platform ...) NOT-FOR-US: Beijing Baichuo Smart S42 Management Platform CVE-2024-1912 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1910 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1909 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1907 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1906 (The Categorify plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2024-1653 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-1652 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-1650 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-1649 (The Categorify plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-1423 REJECTED CVE-2024-1403 (In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 1 ...) NOT-FOR-US: OpenEdge Authentication Gateway and AdminServer CVE-2024-1106 (The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2024-0855 (The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the ev ...) NOT-FOR-US: WordPress plugin CVE-2024-0819 (Improper initialization of default settings in TeamViewer Remote Clien ...) NOT-FOR-US: TeamViewer CVE-2024-0551 (Enable exports of the database and associated exported information of ...) NOT-FOR-US: anything-llm CVE-2024-0197 (A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to ...) NOT-FOR-US: Thales SafeNet CVE-2023-7203 (The Smart Forms WordPress plugin before 2.6.87 does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2023-7202 (The Fatal Error Notify WordPress plugin before 1.5.3 does not have aut ...) NOT-FOR-US: WordPress plugin CVE-2023-7198 (The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-7167 (The Persian Fonts WordPress plugin through 1.6 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-7165 (The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files ...) NOT-FOR-US: WordPress plugin CVE-2023-7115 (The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-7016 (A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Wi ...) NOT-FOR-US: Thales SafeNet CVE-2023-6585 (The WP JobSearch WordPress plugin before 2.3.4 does not validate files ...) NOT-FOR-US: WordPress plugin CVE-2023-6584 (The WP JobSearch WordPress plugin before 2.3.4 does not prevent attack ...) NOT-FOR-US: WordPress plugin CVE-2023-5993 (A flaw in the Windows Installer in Thales SafeNet Authentication Clien ...) NOT-FOR-US: Thales SafeNet CVE-2023-5947 REJECTED CVE-2023-50380 (XML External Entity injection in apache ambari versions <= 2.7.7,Users ...) NOT-FOR-US: Apache Ambari CVE-2023-48682 (Stored cross-site scripting (XSS) vulnerability in unit name. The foll ...) NOT-FOR-US: Acronis CVE-2023-48681 (Self cross-site scripting (XSS) vulnerability in storage nodes search ...) NOT-FOR-US: Acronis CVE-2023-48680 (Sensitive information disclosure due to excessive collection of system ...) NOT-FOR-US: Acronis CVE-2023-48679 (Stored cross-site scripting (XSS) vulnerability due to missing origin ...) NOT-FOR-US: Acronis CVE-2023-48678 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...) {DLA-3750-1 DLA-3749-1} - phpseclib 1.0.23-1 [bookworm] - phpseclib (Minor issue; can be fixed via pu) [bullseye] - phpseclib (Minor issue; can be fixed via pu) - php-phpseclib 2.0.47-1 [bookworm] - php-phpseclib (Minor issue; can be fixed via pu) [bullseye] - php-phpseclib (Minor issue; can be fixed via pu) - php-phpseclib3 3.0.36-1 [bookworm] - php-phpseclib3 (Minor issue; can be fixed via pu) NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575 CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...) {DLA-3750-1 DLA-3749-1} - phpseclib 1.0.23-1 [bookworm] - phpseclib (Minor issue; can be fixed via pu) [bullseye] - phpseclib (Minor issue; can be fixed via pu) - php-phpseclib 2.0.47-1 [bookworm] - php-phpseclib (Minor issue; can be fixed via pu) [bullseye] - php-phpseclib (Minor issue; can be fixed via pu) - php-phpseclib3 3.0.36-1 [bookworm] - php-phpseclib3 (Minor issue; can be fixed via pu) NOTE: https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 CVE-2023-50379 (Malicious code injection in Apache Ambari in prior to 2.7.8.Users are ...) NOT-FOR-US: Apache Ambari CVE-2023-51747 (Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP s ...) NOT-FOR-US: Apache James CVE-2024-27905 (** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to a ...) NOT-FOR-US: Apache Aurora CVE-2024-27356 (An issue was discovered on certain GL-iNet devices. Attackers can down ...) NOT-FOR-US: GL-iNet devices CVE-2024-27093 (Minder is a Software Supply Chain Security Platform. In version 0.0.31 ...) NOT-FOR-US: Minder CVE-2024-27089 REJECTED CVE-2024-26149 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-25751 (A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with fi ...) NOT-FOR-US: Tenda CVE-2024-25248 (SQL Injection vulnerability in the orderGoodsDelivery() function in Ni ...) NOT-FOR-US: Niushop CVE-2024-25247 (SQL Injection vulnerability in /app/api/controller/Store.php in Niusho ...) NOT-FOR-US: Niushop CVE-2024-25166 (Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote at ...) NOT-FOR-US: 71CMS CVE-2024-24721 (An issue was discovered on Innovaphone PBX before 14r1 devices. The pa ...) NOT-FOR-US: Innovaphone PBX CVE-2024-24720 (An issue was discovered in the Forgot password function in Innovaphone ...) NOT-FOR-US: Innovaphone PBX CVE-2024-24564 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-24100 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Code-projects Computer Book Store CVE-2024-24099 (Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Code-projects Scholars Tracking System CVE-2024-24096 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Code-projects Computer Book Store CVE-2024-24095 (Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.) NOT-FOR-US: Code-projects Simple Stock System CVE-2024-22917 (SQL injection vulnerability in Dynamic Lab Management System Project i ...) NOT-FOR-US: Dynamic Lab Management System Project in PHP CVE-2024-22544 (An issue was discovered in Linksys Router E1700 version 1.0.04 (build ...) NOT-FOR-US: Linksys CVE-2024-22543 (An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allo ...) NOT-FOR-US: Linksys CVE-2024-1698 (The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Po ...) NOT-FOR-US: WordPress plugin CVE-2024-1687 (The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sal ...) NOT-FOR-US: WordPress plugin CVE-2024-1686 (The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sal ...) NOT-FOR-US: WordPress plugin CVE-2024-1323 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0759 (Should an instance of AnythingLLM be hosted on an internal network and ...) NOT-FOR-US: anythingllm CVE-2023-7033 (Insufficient Resource Pool vulnerability in Ethernet function of Mitsu ...) NOT-FOR-US: Mitsubishi CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Student's Pr ...) NOT-FOR-US: Update/Edit Student's Profile Picture function of Student Enrollment In PHP CVE-2023-36237 (Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 all ...) NOT-FOR-US: Bagisto CVE-2021-46937 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ebb3f994dd92f8fb4d70c7541091216c1e10cb71 (5.16-rc8) CVE-2021-46936 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (5.16-rc8) CVE-2021-46935 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/cfd0d84ba28c18b531648c9d4a35ecca89ad9901 (5.16-rc8) CVE-2021-46934 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/bb436283e25aaf1533ce061605d23a9564447bdf (5.16-rc8) CVE-2021-46933 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/b1e0887379422975f237d43d8839b751a6bcf154 (5.16-rc8) CVE-2021-46932 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (5.16-rc8) CVE-2021-46931 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/918fc3855a6507a200e9cf22c20be852c0982687 (5.16-rc8) CVE-2021-46930 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf (5.16-rc8) CVE-2021-46929 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8) CVE-2021-46928 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 NOTE: https://git.kernel.org/linus/484730e5862f6b872dca13840bed40fd7c60fa26 (5.16-rc7) CVE-2021-46927 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3a0152b219523227c2a62a0a122cf99608287176 (5.16-rc8) CVE-2021-46926 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.15.15-1 NOTE: https://git.kernel.org/linus/385f287f9853da402d94278e59f594501c1d1dad (5.16-rc7) CVE-2021-46925 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 NOTE: https://git.kernel.org/linus/349d43127dac00c15231e8ffbcaabd70f7b0e544 (5.16-rc8) CVE-2021-46924 (In the Linux kernel, the following vulnerability has been resolved: N ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/1b9dadba502234eea7244879b8d5d126bfaf9f0c (5.16-rc8) CVE-2021-46923 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/012e332286e2bb9f6ac77d195f17e74b2963d663 (5.16-rc8) CVE-2021-46922 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9d5171eab462a63e2fbebfccf6026e92be018f20 (5.12) CVE-2021-46921 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896 (5.12) CVE-2021-46920 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ea941ac294d75d0ace50797aebf0056f6f8f7a7f (5.12-rc8) CVE-2021-46919 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0fff71c5a311e1264988179f7dcc217fda15fadd (5.12-rc8) CVE-2021-46918 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6df0e6c57dfc064af330071f372f11aa8c584997 (5.12-rc8) CVE-2021-46917 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a (5.12-rc8) CVE-2021-46916 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/31166efb1cee348eb6314e9c0095d84cbeb66b9d (5.12-rc8) CVE-2021-46914 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/debb9df311582c83fe369baa35fa4b92e8a9c58a (5.12-rc8) CVE-2021-46915 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/b895bdf5d643b6feb7c60856326dd4feb6981560 (5.12-rc8) CVE-2021-46913 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4d8f9065830e526c83199186c5f56a6514f457d2 (5.12-rc8) CVE-2021-46912 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/97684f0970f6e112926de631fdd98d9693c7e5c1 (5.12-rc8) CVE-2021-46911 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1a73e427b824133940c2dd95ebe26b6dce1cbf10 (5.12-rc8) CVE-2021-46910 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d624833f5984d484c5e3196f34b926f9e71dafee (5.12-rc8) CVE-2021-46909 (In the Linux kernel, the following vulnerability has been resolved: A ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/30e3b4f256b4e366a61658c294f6a21b8626dda7 (5.12-rc8) CVE-2021-46908 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9601148392520e2e134936e76788fc2a6371e7be (5.12-rc8) CVE-2021-46907 REJECTED CVE-2024-26144 (Rails is a web-application framework. Starting with version 5.2.0, the ...) - rails (bug #1065119) NOTE: https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...) NOT-FOR-US: Hoppscotch CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very ...) - node-es5-ext 0.10.64+dfsg1+~1.1.0-1 (bug #1064933) [bookworm] - node-es5-ext (Minor issue) [bullseye] - node-es5-ext (Minor issue) [buster] - node-es5-ext (Minor issue) NOTE: https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h NOTE: https://github.com/medikoo/es5-ext/issues/201 NOTE: https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 (v0.10.63) NOTE: https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 (v0.10.63) CVE-2024-27087 (Kirby is a content management system. The new link field introduced in ...) NOT-FOR-US: Kirby CMS CVE-2024-27084 REJECTED CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...) NOT-FOR-US: ESPHome CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: urlpages CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: tabatkins/railroad-diagrams CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: web-platform-tests/wpt CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: beep.js CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) - krb5 (bug #1064965) [bookworm] - krb5 (Minor issue) [bullseye] - krb5 (Minor issue) [buster] - krb5 (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) - krb5 (bug #1064965) [bookworm] - krb5 (Minor issue) [bullseye] - krb5 (Minor issue) [buster] - krb5 (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...) - krb5 (bug #1064965) [bookworm] - krb5 (Minor issue) [bullseye] - krb5 (Minor issue) [buster] - krb5 (Minor issue) NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...) NOT-FOR-US: Fluent Bit CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...) NOT-FOR-US: WordPress plugin CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability in Skymo ...) NOT-FOR-US: WordPress plugin CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in JoomU ...) NOT-FOR-US: WordPress plugin CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...) - ming CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...) - opendmarc (bug #1070390) [bookworm] - opendmarc (Minor issue) [bullseye] - opendmarc (Minor issue) [buster] - opendmarc (Minor issue) NOTE: https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...) NOT-FOR-US: NanoMQ CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...) - opennds NOTE: https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md CVE-2024-25760 REJECTED CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...) NOT-FOR-US: flusity-CMS CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...) NOT-FOR-US: ITFlow.org CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via ...) {DSA-5641-1 DLA-3754-1} - fontforge 1:20230101~dfsg-1.1 (bug #1064967) NOTE: https://github.com/fontforge/fontforge/pull/5367 NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429 NOTE: https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via ...) {DSA-5641-1 DLA-3754-1} - fontforge 1:20230101~dfsg-1.1 (bug #1064967) NOTE: https://github.com/fontforge/fontforge/pull/5367 NOTE: https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429 NOTE: https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in bPlug ...) NOT-FOR-US: WordPress plugin CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.3-1 [bookworm] - suricata (Vulnerable code not present) [bullseye] - suricata (Vulnerable code not present) [buster] - suricata (Vulnerable code not present) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c NOTE: https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0 (suricata-7.0.3) NOTE: https://redmine.openinfosecfoundation.org/issues/6717 CVE-2024-24528 REJECTED CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate p ...) NOT-FOR-US: Nagios XI CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote att ...) NOT-FOR-US: Nagios XI CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.3-1 [bookworm] - suricata (Vulnerable code not present) [bullseye] - suricata (Vulnerable code not present) [buster] - suricata (Vulnerable code not present) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7 NOTE: https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f (suricata-7.0.3) NOTE: https://redmine.openinfosecfoundation.org/issues/6657 CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...) - libhtp 1:0.5.46-1 [bookworm] - libhtp (Minor issue) [bullseye] - libhtp (Minor issue) [buster] - libhtp (Minor issue) NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m NOTE: https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a (0.5.46) NOTE: https://redmine.openinfosecfoundation.org/issues/6444 CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.3-1 [bookworm] - suricata (Minor issue) [bullseye] - suricata (Minor issue) [buster] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc NOTE: https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747 (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7 (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8 (suricata-6.0.16) NOTE: https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97 (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01 (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786 (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5 (suricata-7.0.3) NOTE: https://redmine.openinfosecfoundation.org/issues/6531 NOTE: https://redmine.openinfosecfoundation.org/issues/6532 NOTE: https://redmine.openinfosecfoundation.org/issues/6540 NOTE: https://redmine.openinfosecfoundation.org/issues/6658 NOTE: https://redmine.openinfosecfoundation.org/issues/6659 NOTE: https://redmine.openinfosecfoundation.org/issues/6660 CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.3-1 [bookworm] - suricata (Vulnerable code not present) [bullseye] - suricata (Vulnerable code not present) [buster] - suricata (Vulnerable code not present) NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc NOTE: https://redmine.openinfosecfoundation.org/issues/6411 NOTE: https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd (master) NOTE: https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f (master) NOTE: https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3) NOTE: https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3) CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) NOT-FOR-US: llama.cpp CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) NOT-FOR-US: llama.cpp CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) {DSA-5664-1 DLA-3780-1} - jetty9 9.4.54-1 (bug #1064923) NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 NOTE: Fixed by: https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b (jetty-9.4.54.v20240208) CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) NOT-FOR-US: llama.cpp CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) NOT-FOR-US: llama.cpp CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) NOT-FOR-US: llama.cpp CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...) NOT-FOR-US: Showdownjs CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...) NOT-FOR-US: Sunny WebBox firmware CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...) NOT-FOR-US: SMA Cluster Controller CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate when an ...) - routinator (bug #929024) CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding ...) NOT-FOR-US: EDS-4000/G4000 Series CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vuln ...) NOT-FOR-US: Indo-Sol PROFINET-INspektor NT CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection v ...) NOT-FOR-US: Indo-Sol PROFINET-INspektor NT CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...) NOT-FOR-US: Qognify VMS Client Viewer CVE-2023-51518 (Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint o ...) NOT-FOR-US: Apache James CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1) CVE-2021-46906 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5) CVE-2020-36775 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.6.7-1 NOTE: https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1) CVE-2019-25162 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1) CVE-2019-25161 REJECTED CVE-2019-25160 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 4.19.28-1 NOTE: https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0) CVE-2024-26606 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3) CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...) - ruby-rack-cors (Only affects the upstream build, permissions are correct for the deb) NOTE: https://github.com/cyu/rack-cors/issues/274 CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...) NOT-FOR-US: Bentley CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...) - python-orjson (bug #1002996) CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.) NOT-FOR-US: pretix CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...) NOT-FOR-US: langchain_experimental CVE-2024-1886 (This vulnerability allows remote attackers to traverse the directory o ...) NOT-FOR-US: LG Electronics CVE-2024-1885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: LG Electronics CVE-2024-1878 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester CVE-2024-1877 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester CVE-2024-1876 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management Syste ...) NOT-FOR-US: SourceCodester CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...) NOT-FOR-US: armeria-saml CVE-2024-0798 (A privilege escalation vulnerability exists in mintplex-labs/anything- ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0440 (Attacker, with permission to submit a link or submits a link via POST ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0439 (As a manager, you should not be able to modify a series of settings. I ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0436 (Theoretically, it would be possible for an attacker to brute-force the ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2024-0435 (User can send a chat that contains an XSS opportunity that will then r ...) NOT-FOR-US: mintplex-labs/anything-llm CVE-2022-48626 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 5.16.10-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) CVE-2021-46905 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (No Debian released version vulnerable)) NOTE: https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 (5.13-rc1) CVE-2021-46904 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/8a12f8836145ffe37e9c8733dce18c22fb668b66 (5.12-rc7) CVE-2023-52465 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/88f04bc3e737155e13caddf0ba8ed19db87f0212 (6.8-rc1) CVE-2023-52466 REJECTED CVE-2023-52467 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/41673c66b3d0c09915698fec5c13b24336f18dd1 (6.8-rc1) CVE-2023-52468 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/93ec4a3b76404bce01bd5c9032bef5df6feb1d62 (6.8-rc1) CVE-2023-52469 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/28dd788382c43b330480f57cd34cde0840896743 (6.8-rc1) CVE-2023-52470 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/7a2464fac80d42f6f8819fed97a553e9c2f43310 (6.8-rc1) CVE-2023-52471 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf (6.8-rc1) CVE-2023-52472 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 (6.8-rc1) CVE-2023-52473 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea (6.8-rc1) CVE-2024-27359 (Certain WithSecure products allow a Denial of Service because the engi ...) NOT-FOR-US: WithSecure CVE-2024-27350 (Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV ap ...) NOT-FOR-US: Amazon Fire OS CVE-2024-1871 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1758 (The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Ser ...) NOT-FOR-US: WordPress plugin CVE-2024-1710 (The Addon Library plugin for WordPress is vulnerable to unauthorized a ...) NOT-FOR-US: WordPress plugin CVE-2024-1165 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Di ...) NOT-FOR-US: WordPress plugin CVE-2024-0243 (With the following crawler configuration: ```python from bs4 import B ...) NOT-FOR-US: LanChain-ai Langchain CVE-2023-5775 (The BackWPup plugin for WordPress is vulnerable to Plaintext Storage o ...) NOT-FOR-US: WordPress plugin CVE-2023-43051 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2023-38359 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2023-32344 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form ...) NOT-FOR-US: IBM CVE-2024-26600 (In the Linux kernel, the following vulnerability has been resolved: p ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/7104ba0f1958adb250319e68a15eff89ec4fd36d (6.8-rc3) CVE-2024-26601 (In the Linux kernel, the following vulnerability has been resolved: e ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c9b528c35795b711331ed36dc3dbee90d5812d4e (6.8-rc3) CVE-2024-26602 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/944d5fe50f3f03daacfea16300e656a1691c4a23 (6.8-rc6) NOTE: https://www.vusec.net/projects/ghostrace/ CVE-2024-26603 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d877550eaf2dc9090d782864c96939397a3c6835 (6.8-rc4) CVE-2024-26604 (In the Linux kernel, the following vulnerability has been resolved: R ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c (6.8-rc5) CVE-2024-26605 (In the Linux kernel, the following vulnerability has been resolved: P ...) {DSA-5680-1} - linux 6.7.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1e560864159d002b453da42bd2c13a1805515a20 (6.8-rc3) CVE-2024-27133 (Insufficient sanitization in MLflow leads to XSS when running a recipe ...) NOT-FOR-US: mlflow CVE-2024-27132 (Insufficient sanitization in MLflow leads to XSS when running an untru ...) NOT-FOR-US: mlflow CVE-2024-26192 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26188 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-25730 (Hitron CODA-4582 and CODA-4589 devices have default PSKs that are gene ...) NOT-FOR-US: Hitron CODA-4582 and CODA-4589 devices CVE-2024-25469 (SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before all ...) NOT-FOR-US: CRMEB crmeb_java CVE-2024-24681 (An issue was discovered in Yealink Configuration Encrypt Tool (AES ver ...) NOT-FOR-US: Yealink CVE-2024-24310 (In the module "Generate barcode on invoice / delivery slip" (ecgenerat ...) NOT-FOR-US: PrestaShop module CVE-2024-24309 (In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 fro ...) NOT-FOR-US: PrestaShop module CVE-2024-22988 (An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute ar ...) NOT-FOR-US: zkteco zkbio WDMS CVE-2024-22395 (Improper access control vulnerability has been identified in the SMA10 ...) NOT-FOR-US: SMA100 SSL-VPN virtual office portal CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable to Use o ...) NOT-FOR-US: fastecdsa CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are vulnerable to ...) - node-sanitize-html 2.13.0+~2.11.0-1 (bug #1064808) [bookworm] - node-sanitize-html (Minor issue) NOTE: https://github.com/apostrophecms/sanitize-html/pull/650 NOTE: https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf NOTE: https://github.com/apostrophecms/apostrophe/discussions/4436 NOTE: https://github.com/apostrophecms/sanitize-html/commit/075499d1b98c387f4200fd59972ca9b15796b51b (2.12.1) NOTE: https://github.com/apostrophecms/sanitize-html/commit/1e2294c8001ce07c89448e03289818da631795ba (2.12.1) CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious EventFactory and ...) NOT-FOR-US: Apache Camel CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...) NOT-FOR-US: onnx CVE-2024-27318 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...) NOT-FOR-US: onnx CVE-2024-26150 (`@backstage/backend-common` is a common functionality library for back ...) NOT-FOR-US: backstage/backend-common CVE-2024-25928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Sitepact CVE-2024-25915 (Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pex ...) NOT-FOR-US: Raaj Trambadia Pexels: Free Stock Photos CVE-2024-25629 (c-ares is a C library for asynchronous DNS requests. `ares__read_line( ...) - c-ares 1.27.0-1 [bookworm] - c-ares (Minor issue) [bullseye] - c-ares (Minor issue) [buster] - c-ares (Minor issue) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q NOTE: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 (cares-1_27_0) CVE-2024-23320 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...) NOT-FOR-US: Apache DolphinScheduler CVE-2024-22776 (Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-bas ...) NOT-FOR-US: Wallos CVE-2024-1834 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester CVE-2024-1833 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester CVE-2024-1832 (A vulnerability has been found in SourceCodester Complete File Managem ...) NOT-FOR-US: SourceCodester CVE-2024-1831 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2024-1830 (A vulnerability was found in code-projects Library System 1.0. It has ...) NOT-FOR-US: code-projects Library System CVE-2024-1829 (A vulnerability was found in code-projects Library System 1.0. It has ...) NOT-FOR-US: code-projects Library System CVE-2024-1828 (A vulnerability was found in code-projects Library System 1.0. It has ...) NOT-FOR-US: code-projects Library System CVE-2024-1827 (A vulnerability was found in code-projects Library System 1.0 and clas ...) NOT-FOR-US: code-projects Library System CVE-2024-1826 (A vulnerability has been found in code-projects Library System 1.0 and ...) NOT-FOR-US: code-projects Library System CVE-2024-1825 (A vulnerability, which was classified as problematic, was found in Cod ...) NOT-FOR-US: CodeAstro CVE-2024-1824 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: CodeAstro CVE-2024-1823 (A vulnerability classified as critical was found in CodeAstro Simple V ...) NOT-FOR-US: CodeAstro CVE-2024-1822 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul CVE-2024-1821 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...) NOT-FOR-US: Crime Reporting System CVE-2024-1820 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...) NOT-FOR-US: Crime Reporting System CVE-2024-1819 (A vulnerability was found in CodeAstro Membership Management System 1. ...) NOT-FOR-US: CodeAstro CVE-2024-1818 (A vulnerability was found in CodeAstro Membership Management System 1. ...) NOT-FOR-US: CodeAstro CVE-2024-1817 (A vulnerability has been found in Demososo DM Enterprise Website Build ...) NOT-FOR-US: Demososo DM Enterprise Website Builder CVE-2024-1590 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-1362 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2024-1361 (The Colibri Page Builder plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2024-1360 (The Colibri WP theme for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2024-0563 (Denial of service condition in M-Files Server inversions before 24.2 ( ...) NOT-FOR-US: M-Files CVE-2023-52457 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ad90d0358bd3b4554f243a425168fc7cebe7d04e (6.8-rc1) CVE-2023-51394 (High traffic environments may result in NULL Pointer Dereference vulne ...) NOT-FOR-US: Silabs CVE-2023-51393 (Due to an allocation of resources without limits, an uncontrolled reso ...) NOT-FOR-US: Silabs CVE-2023-51392 (Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of ...) NOT-FOR-US: Ember ZNet CVE-2023-4826 (The SocialDriver WordPress theme before version 2024 has a prototype p ...) NOT-FOR-US: WordPress theme CVE-2024-26597 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/b33fb5b801c6db408b774a68e7c8722796b59ecc (6.8-rc1) CVE-2023-52464 (In the Linux kernel, the following vulnerability has been resolved: E ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/475c58e1a471e9b873e3e39958c64a2d278275c8 (6.8-rc1) CVE-2023-52463 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0e8d2444168dd519fea501599d150e62718ed2fe (6.8-rc1) CVE-2023-52459 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2 (6.8-rc1) CVE-2024-26599 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 (6.8-rc1) CVE-2024-26598 (In the Linux kernel, the following vulnerability has been resolved: K ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/ad362fe07fecf0aba839ff2cc59a3617bd42c33f (6.8-rc1) CVE-2024-26596 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b (6.8-rc1) CVE-2024-26595 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 (6.8-rc1) CVE-2023-52461 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2bbe6ab2be53858507f11f99f856846d04765ae3 (6.8-rc1) CVE-2023-52462 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae (6.8-rc1) CVE-2023-52460 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b719a9c15d52d4f56bdea8241a5d90fd9197ce99 (6.8-rc1) CVE-2023-52458 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/6f64f866aa1ae6975c95d805ed51d7e9433a0016 (6.8-rc1) CVE-2023-52456 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0 (6.8-rc1) CVE-2023-52455 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bb57f6705960bebeb832142ce9abf43220c3eab1 (6.8-rc1) CVE-2023-52454 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1) CVE-2023-52453 (In the Linux kernel, the following vulnerability has been resolved: h ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/be12ad45e15b5ee0e2526a50266ba1d295d26a88 (6.8-rc1) CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1) CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial ...) {DLA-3776-1} - nodejs 18.19.1+dfsg-1 NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x) NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 (main) CVE-2024-26593 (In the Linux kernel, the following vulnerability has been resolved: i ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 (6.8-rc5) CVE-2024-23807 (The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contai ...) NOTE: No change CVE assignment to clarify affected versions for CVE-2018-1311 NOTE: Debian was already correct CVE-2024-26445 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-26352 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-26351 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-26350 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-26349 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-26287 REJECTED CVE-2024-26284 (Utilizing a 302 redirect, an attacker could have conducted a Universal ...) NOT-FOR-US: Mozilla Firefox Focus CVE-2024-26283 (An attacker could have executed unauthorized scripts on top origin sit ...) - firefox (iOS-specific) CVE-2024-26282 (Using an AMP url with a canonical element, an attacker could have exec ...) - firefox (iOS-specific) CVE-2024-26281 (Upon scanning a JavaScript URI with the QR code scanner, an attacker c ...) - firefox (iOS-specific) CVE-2024-26152 (### Summary On all Label Studio versions prior to 1.11.0, data importe ...) - label-studio (bug #1026232) CVE-2024-26151 (The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHu ...) NOT-FOR-US: mjml Python package CVE-2024-26128 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) NOT-FOR-US: baserCMS CVE-2024-25876 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) NOT-FOR-US: Enhavo CMS module CVE-2024-25875 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...) NOT-FOR-US: Enhavo CMS module CVE-2024-25874 (A cross-site scripting (XSS) vulnerability in the New/Edit Article mod ...) NOT-FOR-US: Enhavo CMS module CVE-2024-25873 (Enhavo v0.13.1 was discovered to contain an HTML injection vulnerabili ...) NOT-FOR-US: Enhavo CMS CVE-2024-25851 (Netis WF2780 v2.1.40144 was discovered to contain a command injection ...) NOT-FOR-US: Netis WF2780 CVE-2024-25850 (Netis WF2780 v2.1.40144 was discovered to contain a command injection ...) NOT-FOR-US: Netis WF2780 CVE-2024-25828 (cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/a ...) NOT-FOR-US: cmseasy CVE-2024-25802 (SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add M ...) NOT-FOR-US: SKINsoft S-Museum CVE-2024-25756 (A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with fi ...) NOT-FOR-US: Tenda CVE-2024-25753 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...) NOT-FOR-US: Tenda CVE-2024-25748 (A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 wit ...) NOT-FOR-US: Tenda CVE-2024-25746 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...) NOT-FOR-US: Tenda CVE-2024-25385 (An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial ...) NOT-FOR-US: FLVMeta CVE-2024-25369 (A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2 ...) NOT-FOR-US: FUEL CMS CVE-2024-25130 (Tuleap is an open source suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-25129 (The CodeQL CLI repo holds binaries for the CodeQL command line interfa ...) NOT-FOR-US: CodeQL CVE-2024-25021 (IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileg ...) NOT-FOR-US: IBM CVE-2024-24817 (Discourse Calendar adds the ability to create a dynamic calendar in th ...) NOT-FOR-US: Discourse Calendar CVE-2024-23094 (Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: Flusity-CMS CVE-2024-22547 (WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: WayOS CVE-2024-22243 (Applications that use UriComponentsBuilderto parse an externally provi ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2024-22243 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2024-1786 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2024-1784 (A vulnerability classified as problematic was found in Limbas 5.2.14. ...) NOT-FOR-US: Limbas CVE-2024-1783 (A vulnerability classified as critical has been found in Totolink LR12 ...) NOT-FOR-US: Totolink CVE-2024-1781 (A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_202307 ...) NOT-FOR-US: Totolink CVE-2024-1779 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1778 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1777 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1776 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-1750 (A vulnerability, which was classified as critical, was found in Temmok ...) NOT-FOR-US: TemmokuMVC CVE-2024-1749 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Bhojon Best Restaurant Management Software CVE-2024-1748 (A vulnerability classified as critical was found in van_der_Schaar LAB ...) NOT-FOR-US: van_der_Schaar LAB AutoPrognosis CVE-2024-1683 (A DLL injection vulnerability exists where an authenticated, low-privi ...) NOT-FOR-US: Tenable CVE-2024-1563 (An attacker could have executed unauthorized scripts on top origin sit ...) NOT-FOR-US: Mozilla Firefox Focus CVE-2024-1104 (An unauthenticated remote attacker can bypass the brute force preventi ...) NOT-FOR-US: Areal Topkapi WebServ2 CVE-2024-0220 (B&R Automation Studio Upgrade Service and B&R Technology Guarding use ...) NOT-FOR-US: B&R Automation Studio CVE-2023-51653 (Hertzbeat is a real-time monitoring system. In the implementation of ` ...) NOT-FOR-US: Hertzbeat CVE-2023-51450 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) NOT-FOR-US: baserCMS CVE-2023-51389 (Hertzbeat is a real-time monitoring system. At the interface of `/defi ...) NOT-FOR-US: Hertzbeat CVE-2023-51388 (Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, ...) NOT-FOR-US: Hertzbeat CVE-2023-44379 (baserCMS is a website development framework. Prior to version 5.0.9, t ...) NOT-FOR-US: baserCMS CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not use or req ...) NOT-FOR-US: Sametime Connect CVE-2024-26141 (Rack is a modular Ruby web server interface. Carefully crafted Range h ...) {DLA-3800-1} - ruby-rack 2.2.7-1.1 (bug #1064516) NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 NOTE: https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b (v2.2.8.1) CVE-2024-25126 (Rack is a modular Ruby web server interface. Carefully crafted content ...) {DLA-3800-1} - ruby-rack 2.2.7-1.1 (bug #1064516) NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 NOTE: https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 (v2.2.8.1) CVE-2024-26146 (Rack is a modular Ruby web server interface. Carefully crafted headers ...) {DLA-3800-1} - ruby-rack 2.2.7-1.1 (bug #1064516) NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1 NOTE: https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd (v2.2.8.1) CVE-2024-26592 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/38d20c62903d669693a1869aa68c4dd5674e2544 (6.8-rc1) CVE-2023-52446 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90 (6.8-rc1) CVE-2024-26588 (In the Linux kernel, the following vulnerability has been resolved: L ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/36a87385e31c9343af9a4756598e704741250a67 (6.8-rc1) CVE-2024-26587 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ea937f77208323d35ffe2f8d8fc81b00118bfcda (6.8-rc1) CVE-2024-26586 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/483ae90d8f976f8339cf81066312e1329f2d3706 (6.8-rc1) CVE-2024-26591 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/715d82ba636cb3629a6e18a33bb9dbe53f9936ee (6.8-rc1) CVE-2023-52451 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5 (6.8-rc1) CVE-2023-52452 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6b4a64bafd107e521c01eec3453ce94a3fb38529 (6.8-rc1) CVE-2023-52450 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1692cf434ba13ee212495b5af795b6a07e986ce4 (6.8-rc1) CVE-2023-52448 (In the Linux kernel, the following vulnerability has been resolved: g ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa (6.8-rc1) CVE-2023-52449 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6 (6.8-rc1) CVE-2023-52447 (In the Linux kernel, the following vulnerability has been resolved: b ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/876673364161da50eed6b472d746ef88242b2368 (6.8-rc1) CVE-2023-52445 (In the Linux kernel, the following vulnerability has been resolved: m ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/ded85b0c0edd8f45fec88783d7555a5b982449c1 (6.8-rc1) CVE-2023-52444 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/53edb549565f55ccd0bdf43be3d66ce4c2d48b28 (6.8-rc1) CVE-2024-26590 (In the Linux kernel, the following vulnerability has been resolved: e ...) - linux 6.6.15-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/118a8cf504d7dfa519562d000f423ee3ca75d2c4 (6.8-rc1) CVE-2024-26589 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed (6.8-rc1) CVE-2023-52443 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/55a8210c9e7d21ff2644809699765796d4bfb200 (6.8-rc1) CVE-2024-26578 (Concurrent Execution using Shared Resource with Improper Synchronizati ...) NOT-FOR-US: Apache Answer CVE-2024-23349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Apache Answer CVE-2024-22393 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...) NOT-FOR-US: Apache Answer CVE-2024-27283 (A vulnerability was discovered in Veritas eDiscovery Platform before 1 ...) NOT-FOR-US: Veritas CVE-2024-26491 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Me ...) NOT-FOR-US: flusity-CMS module CVE-2024-26490 (A cross-site scripting (XSS) vulnerability in the Addon JD Simple modu ...) NOT-FOR-US: flusity-CMS module CVE-2024-26489 (A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'So ...) NOT-FOR-US: flusity-CMS module CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Content ...) NOT-FOR-US: Kirby CMS module CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of ...) NOT-FOR-US: Kirby CMS module CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content Layout modu ...) NOT-FOR-US: Kirby CMS module CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulner ...) NOT-FOR-US: Kirby CMS CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version ...) NOT-FOR-US: Querybook CVE-2024-25801 (SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded fi ...) NOT-FOR-US: SKINsoft S-Museum CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execu ...) NOT-FOR-US: MAXON CINEMA 4D CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from Incorr ...) NOT-FOR-US: code-projects Agro-School Management System CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...) NOT-FOR-US: Fiber CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform ...) NOT-FOR-US: Discourse plugin CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed ...) NOT-FOR-US: Autodesk CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed through ...) NOT-FOR-US: Autodesk CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed throu ...) NOT-FOR-US: Autodesk CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through Autodesk ...) NOT-FOR-US: Autodesk CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed through ...) NOT-FOR-US: Autodesk CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...) NOT-FOR-US: Autodesk CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll ...) NOT-FOR-US: Autodesk CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when pa ...) NOT-FOR-US: Autodesk CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll ...) NOT-FOR-US: Autodesk CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) NOT-FOR-US: Autodesk CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll ...) NOT-FOR-US: Autodesk CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...) NOT-FOR-US: Autodesk CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...) NOT-FOR-US: Autodesk CVE-2024-23124 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...) NOT-FOR-US: Autodesk CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll wh ...) NOT-FOR-US: Autodesk CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...) NOT-FOR-US: Autodesk CVE-2024-23121 (A maliciously crafted MODEL file in libodxdll.dll when parsed through ...) NOT-FOR-US: Autodesk CVE-2024-23120 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...) NOT-FOR-US: Autodesk CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...) NOT-FOR-US: WordPress plugin CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll wh ...) NOT-FOR-US: Autodesk CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...) NOT-FOR-US: PMB CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...) NOT-FOR-US: PMB CVE-2023-52153 (A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.p ...) NOT-FOR-US: PMB CVE-2023-51828 (A SQL Injection vulnerability in /admin/convert/export.class.php in PM ...) NOT-FOR-US: PMB CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote ...) NOT-FOR-US: PMB CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before all ...) NOT-FOR-US: PMB CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions prior to ...) - helm-kubernetes (bug #910799) CVE-2024-1726 (A flaw was discovered in the RESTEasy Reactive implementation in Quark ...) NOT-FOR-US: Quarkus CVE-2024-1722 (A flaw was found in Keycloak. In certain conditions, this issue may al ...) NOT-FOR-US: Keycloak CVE-2023-6787 (A flaw was found in Keycloak that occurs from an error in the re-authe ...) NOT-FOR-US: Keycloak CVE-2024-27215 REJECTED CVE-2024-26311 (Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflect ...) NOT-FOR-US: Archer Platform CVE-2024-26310 (Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper acc ...) NOT-FOR-US: Archer Platform CVE-2024-26145 (Discourse Calendar adds the ability to create a dynamic calendar in th ...) NOT-FOR-US: Discourse Calendar CVE-2024-26138 (The XWiki licensor application, which manages and enforce application ...) NOT-FOR-US: XWiki CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store events. ...) NOT-FOR-US: EventStoreDB (ESDB) CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives ...) - python-cryptography 42.0.5-1 (bug #1064778) [bookworm] - python-cryptography (Minor issue) [bullseye] - python-cryptography (Minor issue) [buster] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 NOTE: https://github.com/pyca/cryptography/pull/10423 NOTE: Fixed by: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 (main) NOTE: Fixed by: https://github.com/pyca/cryptography/commit/7a4d012991061974da5d9cb7614de65eac94f49b (42.0.4) CVE-2024-25898 (A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, ...) NOT-FOR-US: ChurchCRM CVE-2024-25897 (ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Ti ...) NOT-FOR-US: ChurchCRM CVE-2024-25896 (ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection ( ...) NOT-FOR-US: ChurchCRM CVE-2024-25895 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5. ...) NOT-FOR-US: ChurchCRM CVE-2024-25894 (ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection ...) NOT-FOR-US: ChurchCRM CVE-2024-25893 (ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injectio ...) NOT-FOR-US: ChurchCRM CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection ...) NOT-FOR-US: ChurchCRM CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection ( ...) NOT-FOR-US: ChurchCRM CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM ...) NOT-FOR-US: Terrasoft CRM CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publish ...) NOT-FOR-US: Emlog Pro CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerab ...) NOT-FOR-US: SLIMS (Senayan Library Management Systems) CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote attackers ...) NOT-FOR-US: He3 App for macOS CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...) {DSA-5642-1} - php-dompdf-svg-lib 0.5.2-1 (bug #1064781) NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2) NOTE: https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 (0.5.2) CVE-2024-24479 (A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker t ...) - wireshark (Did not affect any released version) NOTE: https://github.com/wireshark/wireshark/commit/c3720cff158c265dec2a0c6104b1d65954ae6bfd CVE-2024-24478 (An issue in Wireshark before 4.2.0 allows a remote attacker to cause a ...) - wireshark (Did not affect any released version) NOTE: https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19347 CVE-2024-24476 (A buffer overflow in Wireshark before 4.2.0 allows a remote attacker t ...) - wireshark (Did not affect any released version) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19344 NOTE: https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78 CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library ...) - pymatgen 2024.1.27+dfsg1-6 (bug #1064514) NOTE: https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f NOTE: https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a (v2024.2.20) CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.) NOT-FOR-US: HackMD CodiMD CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...) NOT-FOR-US: Silabs CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 ...) NOT-FOR-US: Terminalfour CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...) NOT-FOR-US: Cisco CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ Lifecycle Mana ...) NOT-FOR-US: IdentityIQ Lifecycle Manager CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2024-1707 (A vulnerability, which was classified as problematic, was found in GAR ...) NOT-FOR-US: GARO WALLBOX GLB+ T2EV7 CVE-2024-1706 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ZKTeco ZKBio Access IVS CVE-2024-1705 (A vulnerability was found in Shopwind up to 4.6. It has been rated as ...) NOT-FOR-US: Shopwind CVE-2024-1704 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been de ...) NOT-FOR-US: ZhongBangKeJi CRMEB CVE-2024-1703 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been cl ...) NOT-FOR-US: ZhongBangKeJi CRMEB CVE-2024-1702 (A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1. ...) NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System CVE-2024-1701 (A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-Syst ...) NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System CVE-2024-1700 (A vulnerability, which was classified as problematic, was found in kee ...) NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site scripting ...) NOT-FOR-US: Progress WS_FTP Server CVE-2024-1212 (Unauthenticated remote attackers can access the system through the Loa ...) NOT-FOR-US: LoadMaster Linux CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the proper ...) NOT-FOR-US: OpenVPN 2.x GUI on Windows CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to crash PC C ...) NOT-FOR-US: Silabs CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent to th ...) NOT-FOR-US: Silabs CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allow ...) NOT-FOR-US: TD Bank TD Advanced Dashboard client CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an authenticated pr ...) NOT-FOR-US: IBM CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-boun ...) - arm-trusted-firmware 2.10.0+dfsg-1 [bookworm] - arm-trusted-firmware (Minor issue) [bullseye] - arm-trusted-firmware (Minor issue) [buster] - arm-trusted-firmware (Minor issue) NOTE: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=a7eff3477dcf3624c74f5217419b1a27b7ebd2aa CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the Document and Me ...) NOT-FOR-US: Liferay CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables authentication via ...) NOT-FOR-US: Discourse plugin CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2024-0410 (An authorization bypass vulnerability was discovered in GitLab affecti ...) - gitlab 16.8.3-1 CVE-2023-3509 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 16.8.3-1 CVE-2024-0861 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-4895 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2024-1525 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab CVE-2023-6477 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Only affects 16.9) CVE-2024-26585 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5658-1} - linux 6.7.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5) CVE-2024-26584 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5658-1} - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5) CVE-2024-26583 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aec7961916f3f9e88766e2688992da6980f11b8d (6.8-rc5) CVE-2024-26582 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f (6.8-rc5) CVE-2024-26269 (Cross-site scripting (XSS) vulnerability in the Frontend JS module's p ...) NOT-FOR-US: Liferay CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay ...) NOT-FOR-US: Liferay CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to v ...) NOT-FOR-US: Yet Analytics Core LRS Library CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4 ...) NOT-FOR-US: kedi ElectronCord CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...) NOT-FOR-US: Mondula GmbH Multi Step Form CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMC ...) NOT-FOR-US: TinyMCE addon CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Ma ...) NOT-FOR-US: Liferay CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin module' ...) NOT-FOR-US: Liferay CVE-2024-25601 (Stored cross-site scripting (XSS) vulnerability in Expando module's ge ...) NOT-FOR-US: Liferay CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run ar ...) NOT-FOR-US: MRCMS CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message Board widge ...) NOT-FOR-US: Liferay CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older u ...) NOT-FOR-US: Liferay CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in L ...) NOT-FOR-US: Liferay CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included "allow_i ...) NOT-FOR-US: Apache Airflow Mongo Provider CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin M ...) NOT-FOR-US: WordPress plugin CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Bui ...) NOT-FOR-US: WordPress plugin CVE-2024-24849 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quick ...) NOT-FOR-US: WordPress plugin CVE-2024-24843 (Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons fo ...) NOT-FOR-US: WordPress plugin CVE-2024-24837 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric GILL ...) NOT-FOR-US: WordPress plugin CVE-2024-24802 (Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Re ...) NOT-FOR-US: WordPress plugin CVE-2024-24798 (Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug. ...) NOT-FOR-US: WordPress plugin CVE-2024-23830 (MantisBT is an open source issue tracker. Prior to version 2.26.1, an ...) - mantis CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to vi ...) NOT-FOR-US: Unisys CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation vulnerabi ...) NOT-FOR-US: VMware CVE-2024-1631 (Impact: The library offers a function to generate an ed25519 key pair ...) NOT-FOR-US: agent-js CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to unauthorized m ...) NOT-FOR-US: WordPress plugin CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-0593 (The Simple Job Board plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-52442 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3df0411e132ee74a87aa13142dfd2b190275332e (6.5-rc4) CVE-2023-52441 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/536bb492d39bb6c080c92f31e8a55fe9934f452b (6.5-rc4) CVE-2023-52440 (In the Linux kernel, the following vulnerability has been resolved: k ...) - linux 6.5.3-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4b081ce0d830b684fdf967abc3696d1261387254 (6.6-rc1) CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) ...) NOT-FOR-US: QUIC protocol issue CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a ...) NOT-FOR-US: ProjeQtOr CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.5 ...) NOT-FOR-US: Tenda CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in Enhance ...) NOT-FOR-US: osTicket CVE-2023-42953 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-42952 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42951 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-42946 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42945 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-42942 (This issue was addressed with improved handling of symlinks. This issu ...) NOT-FOR-US: Apple CVE-2023-42939 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42928 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-42889 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42878 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-42877 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42873 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-42860 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-42859 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42858 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42855 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-42853 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42848 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-42843 (An inconsistent user interface issue was addressed with improved state ...) {DSA-5684-1} - webkit2gtk 2.44.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.44.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0002.html CVE-2023-42840 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42839 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-42838 (An access issue was addressed with improvements to the sandbox. This i ...) NOT-FOR-US: Apple CVE-2023-42836 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42835 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42834 (A privacy issue was addressed with improved handling of files. This is ...) NOT-FOR-US: Apple CVE-2023-42823 (The issue was resolved by sanitizing logging This issue is fixed in wa ...) NOT-FOR-US: Apple CVE-2023-42498 (Reflected cross-site scripting (XSS) vulnerability in the Language Ove ...) NOT-FOR-US: Liferay CVE-2023-42496 (Reflected cross-site scripting (XSS) vulnerability on the add assignee ...) NOT-FOR-US: Liferay CVE-2023-40191 (Reflected cross-site scripting (XSS) vulnerability in the instance set ...) NOT-FOR-US: Liferay CVE-2024-1939 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a ...) {DSA-5634-1} - chromium 122.0.6261.94-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1938 (Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a ...) {DSA-5634-1} - chromium 122.0.6261.94-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1676 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1675 (Insufficient policy enforcement in Download in Google Chrome prior to ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1674 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1673 (Use after free in Accessibility in Google Chrome prior to 122.0.6261.5 ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1672 (Inappropriate implementation in Content Security Policy in Google Chro ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1671 (Inappropriate implementation in Site Isolation in Google Chrome prior ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1670 (Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1669 (Out of bounds memory access in Blink in Google Chrome prior to 122.0.6 ...) {DSA-5629-1} - chromium 122.0.6261.57-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1481 (A flaw was found in FreeIPA. This issue may allow a remote attacker to ...) {DLA-3773-1} - freeipa (bug #1065106) [bookworm] - freeipa (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262169 NOTE: https://pagure.io/freeipa/issue/9541 NOTE: ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c NOTE: ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538 NOTE: ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d NOTE: ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd NOTE: For buster (and most likely later versions) the vulnerable rpcserver.py code NOTE: is not part of the provided binary packages. The kinit.py file is however and NOTE: it is not entirelly clear whether this may be used in a vulnerable way when NOTE: the client is used for authentication purposes. CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...) NOT-FOR-US: Liferay CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...) NOT-FOR-US: Liferay CVE-2024-26267 (In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versio ...) NOT-FOR-US: Liferay CVE-2024-26265 (The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, an ...) NOT-FOR-US: Liferay CVE-2024-26135 (MeshCentral is a full computer management web site. Versions prior to ...) NOT-FOR-US: MeshCentral CVE-2024-26132 (Element Android is an Android Matrix Client. A third-party malicious a ...) NOT-FOR-US: Element Android CVE-2024-26131 (Element Android is an Android Matrix Client. Element Android version 1 ...) NOT-FOR-US: Element Android CVE-2024-25631 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-25630 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-25610 (In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versio ...) NOT-FOR-US: Liferay CVE-2024-25609 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and ...) NOT-FOR-US: Liferay CVE-2024-25608 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and ...) NOT-FOR-US: Liferay CVE-2024-25607 (The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay P ...) NOT-FOR-US: Liferay CVE-2024-25606 (XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older u ...) NOT-FOR-US: Liferay CVE-2024-25605 (The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older ...) NOT-FOR-US: Liferay CVE-2024-25604 (Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, ...) NOT-FOR-US: Liferay CVE-2024-25366 (Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 ...) NOT-FOR-US: mz-automation.de libiec61859 CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile/uploa ...) NOT-FOR-US: Novel-Plus CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...) - texlive-bin 2023.20230311.66589-9 (bug #1064517) [bookworm] - texlive-bin (Minor issue) [bullseye] - texlive-bin (Minor issue) [buster] - texlive-bin (Minor issue) NOTE: https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co NOTE: https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912 NOTE: https://github.com/TeX-Live/texlive-source/pull/63 CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer dereference v ...) - elfutils (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31058 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944 NOTE: Crash in CLI tool, considered only to be a normal bug by upstream CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...) NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...) NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...) NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...) NOT-FOR-US: ROS2 Navigation Framework and System CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in Liferay P ...) NOT-FOR-US: Liferay CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element Parsing as ...) NOT-FOR-US: libdicom CVE-2024-24793 (A use-after-free vulnerability exists in the DICOM Element Parsing as ...) NOT-FOR-US: libdicom CVE-2024-24763 (JumpServer is an open source bastion host and an operation and mainten ...) NOT-FOR-US: JumpServer CVE-2024-24475 REJECTED CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer overf ...) - qemu 1:8.2.0+ds-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/1b9e48a5bdbc96833113f249909af0d30a76cc25 (v6.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 (v8.2.0-rc0) CVE-2024-23809 (A double-free vulnerability exists in the BrainVision ASCII Header Par ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919 NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/ CVE-2024-23606 (An out-of-bounds write vulnerability exists in the sopen_FAMOS_read fu ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925 NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/ CVE-2024-23313 (An integer underflow vulnerability exists in the sopen_FAMOS_read func ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922 NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/ CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read function ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923 NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/ CVE-2024-23305 (An out-of-bounds write vulnerability exists in the BrainVisionMarker P ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918 NOTE: https://sourceforge.net/p/biosig/code/ci/76c1369de1a9a24feed558ab8834b4410310b07b/ CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary ...) NOT-FOR-US: Timo CVE-2024-22250 (Session Hijack vulnerability in Deprecated VMware Enhanced Authenticat ...) NOT-FOR-US: VMware CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack vulnerabilities in t ...) NOT-FOR-US: VMware CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header Parsing f ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917 NOTE: https://sourceforge.net/p/biosig/code/ci/3848d1ca0e1b2a60df395ddc76a191e835a1e4de/ CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with preexistin ...) NOT-FOR-US: UniFi CVE-2024-21812 (An integer overflow vulnerability exists in the sopen_FAMOS_read funct ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921 NOTE: https://sourceforge.net/p/biosig/code/ci/e20e81564f0709323f7b99486a0a2b4594ab05f2/ CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi parsing ...) - biosig 2.6.0-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920 NOTE: https://sourceforge.net/p/biosig/code/ci/71057b016be545974565fdc0f903871c345da412/ CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in various c ...) NOT-FOR-US: Joomla! CVE-2024-21725 (Inadequate escaping of mail addresses lead to XSS vulnerabilities in v ...) NOT-FOR-US: Joomla! CVE-2024-21724 (Inadequate input validation for media selection fields lead to XSS vul ...) NOT-FOR-US: Joomla! CVE-2024-21723 (Inadequate parsing of URLs could result into an open redirect.) NOT-FOR-US: Joomla! CVE-2024-21722 (The MFA management features did not properly terminate existing user s ...) NOT-FOR-US: Joomla! CVE-2024-21682 (This High severity Injection vulnerability was introduced in Assets Di ...) NOT-FOR-US: Atlassian CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in version ...) NOT-FOR-US: Atlassian CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink X6000R ...) NOT-FOR-US: Totolink CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of privil ...) NOT-FOR-US: OPPO CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-1570 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1557 (Memory safety bugs present in Firefox 122. Some of these bugs showed e ...) - firefox 123.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1557 CVE-2024-1556 (The incorrect object was checked for NULL in the built-in profiler, po ...) - firefox 123.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1556 CVE-2024-1555 (When opening a website using the `firefox://` protocol handler, SameSi ...) - firefox 123.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1555 CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same cache, as ...) - firefox 123.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554 CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1553 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553 CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric convers ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1552 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552 CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in multipar ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1551 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551 CVE-2024-1550 (A malicious website could have used a combination of exiting fullscree ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550 CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor could h ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1549 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549 CVE-2024-1548 (A website could have obscured the fullscreen notification by using a d ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548 CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controlled al ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547 CVE-2024-1546 (When storing and re-accessing data on a networking channel, the length ...) {DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1} - firefox 123.0-1 - firefox-esr 115.8.0esr-1 - thunderbird 1:115.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1546 CVE-2024-1519 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1496 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1492 (The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2024-1475 (The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1472 (The WP Maintenance plugin for WordPress is vulnerable to Information E ...) NOT-FOR-US: WordPress plugin CVE-2024-1470 (Authorization Bypass Through User-Controlled Key vulnerability in NetI ...) NOT-FOR-US: Microfocus CVE-2024-1448 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1447 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2024-1445 (The Page scroll to id plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1425 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) NOT-FOR-US: WordPress plugin CVE-2024-1411 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-1408 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-1390 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...) NOT-FOR-US: WordPress plugin CVE-2024-1389 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...) NOT-FOR-US: WordPress plugin CVE-2024-1349 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) NOT-FOR-US: WordPress plugin CVE-2024-1340 (The Login Lockdown \u2013 Protect Login Form plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-1339 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1338 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1337 (The SKT Page Builder plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2024-1336 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1335 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1334 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1322 (The Directorist \u2013 WordPress Business Directory Plugin with Classi ...) NOT-FOR-US: WordPress plugin CVE-2024-1318 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2024-1317 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2024-1294 (The Sunshine Photo Cart: Free Client Galleries for Photographers plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-1288 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-1282 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...) NOT-FOR-US: WordPress plugin CVE-2024-1277 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-1276 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1242 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1236 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1235 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-1218 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...) NOT-FOR-US: WordPress plugin CVE-2024-1217 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...) NOT-FOR-US: WordPress plugin CVE-2024-1206 (The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injectio ...) NOT-FOR-US: WordPress plugin CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ service may ...) NOT-FOR-US: NI SystemLink server CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...) NOT-FOR-US: Silabs CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-1128 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-1091 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1090 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1089 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-1070 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1058 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-1054 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-1044 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2024-1043 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-0984 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0983 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0978 (The My Private Site plugin for WordPress is vulnerable to Sensitive In ...) NOT-FOR-US: WordPress plugin CVE-2024-0838 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0821 (The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerc ...) NOT-FOR-US: WordPress plugin CVE-2024-0794 (Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Manag ...) NOT-FOR-US: HP CVE-2024-0792 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-0702 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-0658 (The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-0656 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...) NOT-FOR-US: WordPress plugin CVE-2024-0621 (The Simple Share Buttons Adder plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0620 (The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2024-0616 (The Passster \u2013 Password Protect Pages and Content plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-0604 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-0602 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-0590 (The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2024-0516 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0515 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0514 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0513 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0512 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0506 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) NOT-FOR-US: WordPress plugin CVE-2024-0442 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0438 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are p ...) NOT-FOR-US: HP CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3. ...) NOT-FOR-US: OpenVPN Connect CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin f ...) NOT-FOR-US: WordPress plugin CVE-2023-6881 (Possible buffer overflow in is_mount_point) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: WordPress plugin CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did ...) - openvpn3-client (bug #904044) CVE-2023-52439 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/0c9ae0b8605078eafc3bea053cc78791e97ba2e2 (6.8-rc1) CVE-2023-52438 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3f489c2067c5824528212b0fc18b28d51332d906 (6.8-rc1) CVE-2023-52437 REJECTED CVE-2023-52436 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/e26b6d39270f5eab0087453d9b544189a38c8564 (6.8-rc1) CVE-2023-52435 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.6.11-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/23d05d563b7e7b0314e65c8e882bc27eac2da8e7 (6.7-rc6) CVE-2023-51770 (Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This is ...) NOT-FOR-US: Apache Dolphinscheduler CVE-2023-51447 (Decidim is a participatory democracy framework. Starting in version 0. ...) NOT-FOR-US: Decidim CVE-2023-50306 (IBM Common Licensing 9.0 could allow a local user to enumerate usernam ...) NOT-FOR-US: IBM CVE-2023-50270 (Session Fixation Apache DolphinScheduler before version 3.2.0, which s ...) NOT-FOR-US: Apache Dolphinscheduler CVE-2023-49250 (Because the HttpUtils class did not verify certificates, an attacker t ...) NOT-FOR-US: Apache Dolphinscheduler CVE-2023-49109 (Exposure of Remote Code Execution in Apache Dolphinscheduler. This is ...) NOT-FOR-US: Apache Dolphinscheduler CVE-2023-48220 (Decidim is a participatory democracy framework. Starting in version 0. ...) NOT-FOR-US: Decidim CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in version 0. ...) NOT-FOR-US: Decidim CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in version 0. ...) NOT-FOR-US: Decidim CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) NOT-FOR-US: Silabs CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version 7.4.0 and 7 ...) NOT-FOR-US: Fortinet CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) NOT-FOR-US: Silabs CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...) NOT-FOR-US: Silabs CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback parsing f ...) NOT-FOR-US: Silabs CVE-2023-37495 (Internet passwords stored in Person documents in the Domino\xae Direct ...) NOT-FOR-US: HCL CVE-2023-52434 (In the Linux kernel, the following vulnerability has been resolved: s ...) {DSA-5681-1} - linux 6.6.8-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/af1689a9b7701d9907dfc84d2a4b57c4bc907144 (6.7-rc6) CVE-2024-26581 (In the Linux kernel, the following vulnerability has been resolved: n ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 (6.8-rc4) CVE-2023-52433 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.5.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 (6.6-rc1) CVE-2024-26134 (cbor2 provides encoding and decoding for the Concise Binary Object Rep ...) - cbor2 5.6.2-1 (bug #1064416) [bookworm] - cbor2 (Vulnerable code not present) [bullseye] - cbor2 (Vulnerable code not present) NOTE: https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m NOTE: https://github.com/agronholm/cbor2/pull/204 NOTE: Introduced by: https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 (5.6.0) NOTE: Fixed by: https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df (5.6.2) CVE-2024-26129 (PrestaShop is an open-source e-commerce platform. Starting in version ...) NOT-FOR-US: PrestaShop CVE-2024-25974 (The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scrip ...) NOT-FOR-US: Frentix GmbH OpenOlat LMS CVE-2024-25973 (The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Sit ...) NOT-FOR-US: Frentix GmbH OpenOlat LMS CVE-2024-25149 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, an ...) NOT-FOR-US: Liferay CVE-2024-22234 (In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x p ...) - libspring-security-2.0-java CVE-2024-1651 (Torrentpier version 2.4.1 allows executing arbitrary commands on the s ...) NOT-FOR-US: Torrentpier CVE-2024-1648 (electron-pdf version 20.0.0 allows an external attacker to remotely ob ...) NOT-FOR-US: electron-pdf CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtai ...) NOT-FOR-US: Pyhtml2pdf CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...) NOT-FOR-US: Suite CRM CVE-2024-1638 (The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GAT ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-1297 (Loomio version 2.22.0 allows executing arbitrary commands on the serve ...) NOT-FOR-US: Loomio CVE-2024-0715 (Expression Language Injection vulnerability in Hitachi Global Link Man ...) NOT-FOR-US: Hitachi CVE-2023-6764 (A format string vulnerability in a function of the IPSec VPN feature i ...) NOT-FOR-US: Zyxel CVE-2023-6399 (A format string vulnerability in Zyxel ATP series firmware versions fr ...) NOT-FOR-US: Zyxel CVE-2023-6398 (A post-authentication command injection vulnerability in the file uplo ...) NOT-FOR-US: Zyxel CVE-2023-6397 (A null pointer dereference vulnerability in Zyxel ATP series firmware ...) NOT-FOR-US: Zyxel CVE-2023-6260 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Brivo CVE-2023-6259 (Insufficiently Protected Credentials, : Improper Access Control vulner ...) NOT-FOR-US: Brivo CVE-2023-5190 (Open redirect vulnerability in the Countries Management\u2019s edit re ...) NOT-FOR-US: Liferay CVE-2023-44308 (Open redirect vulnerability in adaptive media administration page in L ...) NOT-FOR-US: Liferay CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key ...) NOT-FOR-US: Yealink CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability impacts a se ...) - undertow (bug #1068817) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928 CVE-2024-25983 (Insufficient checks in a web service made it possible to add comments ...) - moodle CVE-2024-25982 (The link to update all installed language packs did not include the ne ...) - moodle CVE-2024-25981 (Separate Groups mode restrictions were not honored when performing a f ...) - moodle CVE-2024-25980 (Separate Groups mode restrictions were not honored in the H5P attempts ...) - moodle CVE-2024-25979 (The URL parameters accepted by forum search were not limited to the al ...) - moodle CVE-2024-25978 (Insufficient file size checks resulted in a denial of service risk in ...) - moodle CVE-2024-25640 (Iris is a web collaborative platform that helps incident responders sh ...) NOT-FOR-US: Iris CVE-2024-25636 (Misskey is an open source, decentralized social media platform with Ac ...) NOT-FOR-US: Misskey CVE-2024-25635 (alf.io is an open source ticket reservation system. Prior to version 2 ...) NOT-FOR-US: Alf.io CVE-2024-25634 (alf.io is an open source ticket reservation system. Prior to version 2 ...) NOT-FOR-US: Alf.io CVE-2024-25626 (Yocto Project is an open source collaboration project that helps devel ...) NOT-FOR-US: Yocto CVE-2024-25625 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A po ...) NOT-FOR-US: Pimcore's Admin Classic Bundle CVE-2024-25623 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...) NOT-FOR-US: Renesas CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...) {DLA-3812-1} - libpgjava 42.7.2-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 NOTE: https://github.com/pgjdbc/pgjdbc/commit/93b0fcb2711d9c1e3a2a03134369738a02a58b40 (REL42.7.2) NOTE: https://github.com/pgjdbc/pgjdbc/commit/06abfb78a627277a580d4df825f210e96a4e14ee (REL42.7.2) NOTE: https://github.com/pgjdbc/pgjdbc/commit/1b1d6b53eca90409af0069d5327d4fdf8d40a255 (REL42.5.5) NOTE: https://github.com/pgjdbc/pgjdbc/commit/475e3e2af3033c666fc1c0015159b35455118ae5 (REL42.5.5) NOTE: https://github.com/pgjdbc/pgjdbc/commit/b9b3777671c8a5cc580e1985f61337d39d47c730 (REL42.2.28) NOTE: https://github.com/pgjdbc/pgjdbc/commit/990d63f6be401ab40de5eb303a75924c9e71903c (REL42.2.28) CVE-2024-1580 (An integer overflow in dav1d AV1 decoder that can occur when decoding ...) {DSA-5686-1} - dav1d 1.4.0-1 (bug #1064310) NOTE: https://code.videolan.org/videolan/dav1d/commit/2b475307dc11be9a1c3cc4358102c76a7f386a51 (1.4.0) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2502 CVE-2024-1346 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...) NOT-FOR-US: LaborOfficeFree CVE-2024-1345 (Weak MySQL database root password in LaborOfficeFree affects version 1 ...) NOT-FOR-US: LaborOfficeFree CVE-2024-1344 (Encrypted database credentials in LaborOfficeFree affecting version 19 ...) NOT-FOR-US: LaborOfficeFree CVE-2024-1343 (A weak permission was found in the backup directory in LaborOfficeFree ...) NOT-FOR-US: LaborOfficeFree CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the ...) [experimental] - fastdds 2.14.0+ds-1 - fastdds 2.14.0+ds-2 (bug #1064515) [bookworm] - fastdds (Minor issue) [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98 NOTE: https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86 CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in ...) - libcommons-compress-java (bug #1064414) [bookworm] - libcommons-compress-java (Minor issue) [bullseye] - libcommons-compress-java (Vulnerable code introduced later) [buster] - libcommons-compress-java (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2 CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) - libcommons-compress-java (bug #1064413) [bookworm] - libcommons-compress-java (Minor issue) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/1 NOTE: Related to and fixed by https://issues.apache.org/jira/browse/COMPRESS-632 CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache Camel Cassan ...) NOT-FOR-US: Apache Camel CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache Camel SQL Co ...) NOT-FOR-US: Apache Camel CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...) - qemu 1:8.2.3+ds-1 (bug #1068819) [bookworm] - qemu (Minor issue) [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/7c0fa8dff811b5648964630a1334c3bb97e1e1c6 (v7.0.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/91bb64a8d2014fda33a81fcf0fce37340f0d3b0c (v9.0.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/98f3488c1b6090024299f8d6362aa6aac03fe26d (v8.2.3) NOTE: https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org CVE-2024-26327 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...) - qemu 1:8.2.3+ds-1 (bug #1068819) [bookworm] - qemu (Minor issue) [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/7c0fa8dff811b5648964630a1334c3bb97e1e1c6 (v7.0.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/6081b4243cd64dff1b2cf5b0c215c71e9d7e753b (v9.0.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/313e746958967a4b941ad4bbb80726727318edfa (v8.2.3) NOTE: https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com/ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an email link because LoginPage.t ...) NOT-FOR-US: Serenity CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server and F ...) NOT-FOR-US: 12d Synergy Server CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...) {DSA-5679-1} - less 590-2.1 (bug #1064293) [buster] - less (Minor issue) NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606) CVE-2020-36774 (plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x b ...) - glade 3.38.2-1 [buster] - glade (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/glade/-/issues/479 NOTE: https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 (GLADE_3_40_0) NOTE: https://gitlab.gnome.org/GNOME/glade/-/commit/2e2475bb27f891d3ad71cbd5b7152b4751da5874 (GLADE_3_38_1) CVE-2024-25628 (Alf.io is a free and open source event attendance management system. I ...) NOT-FOR-US: Alf.io CVE-2024-25627 (Alf.io is a free and open source event attendance management system. A ...) NOT-FOR-US: Alf.io CVE-2024-25468 (An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote at ...) NOT-FOR-US: TOTOLINK CVE-2024-25298 (An issue was discovered in REDAXO version 5.15.1, allows attackers to ...) NOT-FOR-US: REDAXO CVE-2024-25297 (Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, a ...) NOT-FOR-US: Bludit CMS CVE-2024-25113 REJECTED CVE-2024-25083 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust CVE-2024-24758 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...) - node-undici 5.28.4+dfsg1+~cs23.12.11-1 (bug #1064312) [bookworm] - node-undici (Minor issue) NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 NOTE: https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef (v6.6.1) NOTE: https://github.com/nodejs/undici/commit/d3aa574b1259c1d8d329a0f0f495ee82882b1458 (v5.28.3) CVE-2024-24750 (Undici is an HTTP/1.1 client, written from scratch for Node.js. In aff ...) - node-undici (Vulnerable code not present) NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw NOTE: https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663 (v6.6.1) CVE-2024-22727 (Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 a ...) NOT-FOR-US: Teltonika TRB1-series devices CVE-2024-22337 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...) NOT-FOR-US: IBM CVE-2024-22336 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...) NOT-FOR-US: IBM CVE-2024-22335 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...) NOT-FOR-US: IBM CVE-2024-21987 (SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerabili ...) NOT-FOR-US: NetApp CVE-2024-21984 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 ar ...) NOT-FOR-US: StorageGRID CVE-2024-21983 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 ar ...) NOT-FOR-US: StorageGRID CVE-2024-21500 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21499 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21498 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21497 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21496 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21495 (Versions of the package github.com/greenpau/caddy-security before 1.0. ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21494 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21493 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-21492 (All versions of the package github.com/greenpau/caddy-security are vul ...) NOT-FOR-US: caddy-security (addon for src:caddy) CVE-2024-20986 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-20980 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-20958 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-20956 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) NOT-FOR-US: Oracle CVE-2024-20953 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2024-20951 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2024-20949 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2024-20947 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2024-20943 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2024-20941 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-20939 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-20937 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-20935 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-20933 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-20931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-20929 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2024-20927 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-20917 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...) NOT-FOR-US: Oracle CVE-2024-20915 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2024-20913 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-20911 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...) NOT-FOR-US: Oracle CVE-2024-20909 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...) NOT-FOR-US: Oracle CVE-2024-20907 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2024-20905 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-20903 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2024-1512 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...) NOT-FOR-US: WordPress Plugin CVE-2024-0610 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...) NOT-FOR-US: WordPress Plugin CVE-2023-6749 (Unchecked length coming from user input in settings shell) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5779 (can: out of bounds in remove_rx_filter function) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-52387 (Resource reuse vulnerability in the GPU module. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2023-52381 (Script injection vulnerability in the email module.Successful exploita ...) NOT-FOR-US: Huawei CVE-2023-52380 (Vulnerability of improper access control in the email module.Successfu ...) NOT-FOR-US: Huawei CVE-2023-52379 (Permission control vulnerability in the calendarProvider module.Succes ...) NOT-FOR-US: Huawei CVE-2023-52378 (Vulnerability of incorrect service logic in the WindowManagerServices ...) NOT-FOR-US: Huawei CVE-2023-52377 (Vulnerability of input data not being verified in the cellular data mo ...) NOT-FOR-US: Huawei CVE-2023-52376 (Information management vulnerability in the Gallery module.Successful ...) NOT-FOR-US: Huawei CVE-2023-52375 (Permission control vulnerability in the WindowManagerServices module.S ...) NOT-FOR-US: Huawei CVE-2023-52374 (Permission control vulnerability in the package management module.Succ ...) NOT-FOR-US: Huawei CVE-2023-52373 (Vulnerability of permission verification in the content sharing pop-up ...) NOT-FOR-US: Huawei CVE-2023-52372 (Vulnerability of input parameter verification in the motor module.Succ ...) NOT-FOR-US: Huawei CVE-2023-52371 (Vulnerability of null references in the motor module.Successful exploi ...) NOT-FOR-US: Huawei CVE-2023-52370 (Stack overflow vulnerability in the network acceleration module.Succes ...) NOT-FOR-US: Huawei CVE-2023-52369 (Stack overflow vulnerability in the NFC module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2023-52368 (Input verification vulnerability in the account module.Successful expl ...) NOT-FOR-US: Huawei CVE-2023-52367 (Vulnerability of improper access control in the media library module.S ...) NOT-FOR-US: Huawei CVE-2023-52366 (Out-of-bounds read vulnerability in the smart activity recognition mod ...) NOT-FOR-US: Huawei CVE-2023-52365 (Out-of-bounds read vulnerability in the smart activity recognition mod ...) NOT-FOR-US: Huawei CVE-2023-52363 (Vulnerability of defects introduced in the design process in the Contr ...) NOT-FOR-US: Huawei CVE-2023-52362 (Permission management vulnerability in the lock screen module.Successf ...) NOT-FOR-US: Huawei CVE-2023-52361 (The VerifiedBoot module has a vulnerability that may cause authenticat ...) NOT-FOR-US: Huawei CVE-2023-52360 (Logic vulnerabilities in the baseband.Successful exploitation of this ...) NOT-FOR-US: Huawei CVE-2023-52358 (Vulnerability of configuration defects in some APIs of the audio modul ...) NOT-FOR-US: Huawei CVE-2023-52357 (Vulnerability of serialization/deserialization mismatch in the vibrati ...) NOT-FOR-US: Huawei CVE-2023-52097 (Vulnerability of foreground service restrictions being bypassed in the ...) NOT-FOR-US: Huawei CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...) NOT-FOR-US: IBM CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...) - ncurses 6.4+20230625-1 [bookworm] - ncurses (Minor issue) [bullseye] - ncurses (Minor issue) [buster] - ncurses (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230615 NOTE: Fixed in ncurses-6.4-20230615 patchlevel CVE-2023-31728 (Teltonika RUT240 devices with firmware before 07.04.2, when bridge mod ...) NOT-FOR-US: Teltonika RUT240 devices CVE-2022-48621 (Vulnerability of missing authentication for critical functions in the ...) NOT-FOR-US: Huawei CVE-2024-25466 (Directory Traversal vulnerability in React Native Document Picker befo ...) NOT-FOR-US: React Native Document Picker CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a SQL inject ...) NOT-FOR-US: Tongda CVE-2024-24377 (An issue in idocv v.14.1.3_20231228 allows a remote attacker to execut ...) NOT-FOR-US: idocv CVE-2024-23591 (ThinkSystem SR670V2 servers manufactured from approximately June 2021 ...) NOT-FOR-US: Lenovo CVE-2024-22854 (DOM-based HTML injection vulnerability in the main page of Darktrace T ...) NOT-FOR-US: Darktrace Threat Visualizer CVE-2024-22426 (Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command in ...) NOT-FOR-US: Dell CVE-2024-22425 (Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/di ...) NOT-FOR-US: Dell CVE-2024-21915 (A privilege escalation vulnerability exists in Rockwell Automation Fac ...) NOT-FOR-US: Rockwell Automation CVE-2024-21775 (Zoho ManageEngine Exchange Reporter Plus versions5714and below are vul ...) NOT-FOR-US: Zoho ManageEngine CVE-2024-1591 (Prior to version 24.1, a local authenticated attacker can view Sysvol ...) NOT-FOR-US: BeyondTrust CVE-2024-1515 REJECTED CVE-2024-1444 REJECTED CVE-2024-0023 (In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2024-0021 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) NOT-FOR-US: Android CVE-2024-0020 (In onActivityResult of NotificationSoundPreference.java, there is a po ...) NOT-FOR-US: Android CVE-2024-0019 (In setListening of AppOpsControllerImpl.java, there is a possible way ...) NOT-FOR-US: Android CVE-2024-0018 (In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2024-0017 (In shouldUseNoOpLocation of CameraActivity.java, there is a possible c ...) NOT-FOR-US: Android CVE-2024-0016 (In multiple locations, there is a possible out of bounds read due to a ...) NOT-FOR-US: Android CVE-2024-0015 (In convertToComponentName of DreamService.java, there is a possible wa ...) NOT-FOR-US: Android CVE-2023-51931 (An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a de ...) NOT-FOR-US: urlite CVE-2023-45860 (In Hazelcast Platform through 5.3.4, a security issue exists within th ...) - hazelcast (bug #745640) CVE-2023-40085 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-52160 (The implementation of PEAP in wpa_supplicant through 2.10 allows authe ...) {DLA-3743-1} - wpa 2:2.10-21.1 (bug #1064061) [bookworm] - wpa (Minor issue; Will be fixed via point release) [bullseye] - wpa (Minor issue; can be fixed via point release) NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/ NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042362.html NOTE: https://lists.infradead.org/pipermail/hostap/2024-February/042364.html CVE-2023-52161 (The Access Point functionality in eapol_auth_key_handle in eapol.c in ...) {DSA-5631-1 DLA-3738-1} - iwd 2.14-1 (bug #1064062) NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/ NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca (2.14) CVE-2024-0793 NOT-FOR-US: kube-controller-manager CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15. ...) [experimental] - qt6-base 6.6.2+dfsg-1 - qt6-base (bug #1064052) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src 5.15.10+dfsg-7 (bug #1064053) [bookworm] - qtbase-opensource-src (Minor issue) [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Vulnerable code not present) - qtbase-opensource-src-gles 5.15.10+dfsg-5 (bug #1064054) [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264423 NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=28ecb523ce8490bff38b251b3df703c72e057519 NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=dec1863c7dc63e5788b0c6c061d36e856a6ae2b2 (v6.6.2) NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2024-25580-qtbase-5.15.diff NOTE: https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images CVE-2024-25415 (A remote code execution (RCE) vulnerability in /admin/define_language. ...) NOT-FOR-US: CE Phoenix CVE-2024-25414 (An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1 ...) NOT-FOR-US: CSZ CMS CVE-2024-25413 (A XSLT Server Side injection vulnerability in the Import Jobs function ...) NOT-FOR-US: Magento plugin CVE-2024-25123 (MSS (Mission Support System) is an open source package designed for pl ...) NOT-FOR-US: MSS (Mission Support System) CVE-2024-23674 (The Online-Ausweis-Funktion eID scheme in the German National Identity ...) NOT-FOR-US: Questionable CVE assignment for Online-Ausweis-Funktion protocol scheme CVE-2024-23479 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) NOT-FOR-US: SolarWinds CVE-2024-23478 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...) NOT-FOR-US: SolarWinds CVE-2024-23477 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...) NOT-FOR-US: SolarWinds CVE-2024-23476 (The SolarWinds Access Rights Manager (ARM) was found to be susceptible ...) NOT-FOR-US: SolarWinds CVE-2024-21728 (An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTi ...) NOT-FOR-US: osTicky2 CVE-2024-0622 (Local privilege escalation vulnerabilityaffects OpenText Operations Ag ...) NOT-FOR-US: OpenText Operations Agent CVE-2024-0240 (A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products ...) NOT-FOR-US: Silabs CVE-2024-0041 (In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there ...) NOT-FOR-US: Android CVE-2024-0040 (In setParameter of MtpPacket.cpp, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2024-0038 (In injectInputEventToInputFilter of AccessibilityManagerService.java, ...) NOT-FOR-US: Android CVE-2024-0037 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) NOT-FOR-US: Android CVE-2024-0036 (In startNextMatchingActivity of ActivityTaskManagerService.java, there ...) NOT-FOR-US: Android CVE-2024-0035 (In onNullBinding of TileLifecycleManager.java, there is a possible way ...) NOT-FOR-US: Android CVE-2024-0034 (In BackgroundLaunchProcessController, there is a possible way to launc ...) NOT-FOR-US: Android CVE-2024-0033 (In multiple functions of ashmem-dev.cpp, there is a possible missing s ...) NOT-FOR-US: Android CVE-2024-0032 (In queryChildDocuments of FileSystemProvider.java, there is a possible ...) NOT-FOR-US: Android CVE-2024-0031 (In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a p ...) NOT-FOR-US: Android CVE-2024-0030 (In btif_to_bta_response of btif_gatt_util.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2024-0029 (In multiple files, there is a possible way to capture the device scree ...) NOT-FOR-US: Android CVE-2024-0014 (In startInstall of UpdateFetcher.java, there is a possible way to trig ...) NOT-FOR-US: Android CVE-2023-6451 (Publicly known cryptographic machine key in AlayaCare's Procura Portal ...) NOT-FOR-US: AlayaCare Procura Portal CVE-2023-6123 (Improper Neutralization vulnerability affects OpenText ALM Octaneversi ...) NOT-FOR-US: Open Text ALM Octane CVE-2023-49508 (Directory Traversal vulnerability in YetiForceCompany YetiForceCRM ver ...) NOT-FOR-US: YetiForceCRM CVE-2023-40122 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) NOT-FOR-US: Android CVE-2023-40093 (In multiple files, there is a possible way that trimmed content could ...) NOT-FOR-US: Android CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be susceptible to a ...) NOT-FOR-US: SolarWinds CVE-2024-21890 (The Node.js Permission Model does not clarify in the documentation tha ...) [experimental] - nodejs - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#improper-handling-of-wildcards-in---allow-fs-read-and---allow-fs-write-cve-2024-21890---medium CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normalize pa ...) [experimental] - nodejs - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium CVE-2023-46809 {DLA-3776-1} - nodejs 18.19.1+dfsg-1 (bug #1064055) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x) NOTE: https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587 (main) CVE-2024-22017 (setuid() does not affect libuv's internal io_uring operations if initi ...) [experimental] - nodejs - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high CVE-2024-21896 (The permission model protects itself against path traversal attacks by ...) [experimental] - nodejs - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to send a s ...) - nodejs 18.19.1+dfsg-1 (bug #1064055) [buster] - nodejs (Vulnerable code not present) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high NOTE: https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171 (v18.x) NOTE: https://github.com/nodejs/node/commit/911cb33cdadab57a75f97186290ea8f3903a6171 (main) CVE-2024-21892 (On Linux, Node.js ignores certain environment variables if those may h ...) - nodejs 18.19.1+dfsg-1 (bug #1064055) [bullseye] - nodejs (Vulnerable code not present) [buster] - nodejs (Vulnerable code not present) NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high NOTE: https://github.com/nodejs/node/commit/e6b4c105e0795fba8afb3f8e910c56ba9e60f4b5 (v18.x) NOTE: https://github.com/nodejs/node/commit/10ecf400679e04eddab940721cad3f6c1d603b61 (main) CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...) NOT-FOR-US: flusity CMS CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2024-23113 (A use of externally-controlled format string in Fortinet FortiOS versi ...) NOT-FOR-US: Fortinet CVE-2024-20750 (Substance3D - Designer versions 13.1.0 and earlier are affected by an ...) NOT-FOR-US: Adobe CVE-2024-20749 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20748 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20747 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20744 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20743 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20742 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20741 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Wri ...) NOT-FOR-US: Adobe CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-ba ...) NOT-FOR-US: Adobe CVE-2024-20738 (Adobe FrameMaker Publishing Server versions 2022.1 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20735 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20734 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20733 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20731 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20730 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20729 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20728 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20727 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20726 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...) NOT-FOR-US: Adobe CVE-2024-20725 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20724 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20723 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Buf ...) NOT-FOR-US: Adobe CVE-2024-20722 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...) NOT-FOR-US: Adobe CVE-2024-20720 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) NOT-FOR-US: Adobe CVE-2024-20719 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) NOT-FOR-US: Adobe CVE-2024-20718 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) NOT-FOR-US: Adobe CVE-2024-20717 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) NOT-FOR-US: Adobe CVE-2024-20716 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...) NOT-FOR-US: Adobe CVE-2024-1530 (A vulnerability, which was classified as critical, has been found in E ...) NOT-FOR-US: ECshop CVE-2024-0390 (INPRAX "iZZi connect" application on Android contains hard-coded MQTT ...) NOT-FOR-US: INPRAX "iZZi connect" application on Android CVE-2023-7081 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: POSTASIL Online Payment System CVE-2023-6255 (Use of Hard-coded Credentials vulnerability in Utarit Information Tech ...) NOT-FOR-US: Utarit CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Utarit CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit Information Tech ...) NOT-FOR-US: Utarit CVE-2023-4539 (Use of a hard-coded password for a special database account created du ...) NOT-FOR-US: Comarch ERP XL CVE-2023-4538 (The database access credentials configured during installation are sto ...) NOT-FOR-US: Comarch ERP XL CVE-2023-4537 (Comarch ERP XL client is vulnerable to MS SQL protocol downgrade reque ...) NOT-FOR-US: Comarch ERP XL CVE-2023-47537 (An improper certificate validation vulnerability in Fortinet FortiOS 7 ...) NOT-FOR-US: Fortinet CVE-2023-45581 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...) NOT-FOR-US: Fortinet CVE-2023-44253 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortinet CVE-2023-39245 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...) NOT-FOR-US: Dell CVE-2023-39244 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...) NOT-FOR-US: Dell CVE-2023-32484 (Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0. ...) NOT-FOR-US: Dell CVE-2023-32462 (Dell OS10 Networking Switches running 10.5.2.x and above contain an OS ...) NOT-FOR-US: Dell CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...) NOT-FOR-US: EBM Technologies RISWEB CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...) NOT-FOR-US: EBM Technologies RISWEB CVE-2024-26262 (EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks ...) NOT-FOR-US: EBM Technologies Uniweb/SoliPACS WebServer CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain modules ...) NOT-FOR-US: HGiga OAKlouds CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds' certain moudu ...) NOT-FOR-US: HGiga OAKlouds CVE-2024-25941 (The jail(2) system call has not limited a visiblity of allocated TTYs ...) NOT-FOR-US: FreeBSD CVE-2024-25940 (`bhyveload -h ` may be used to grant loader access to the < ...) NOT-FOR-US: FreeBSD CVE-2024-25620 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...) - helm-kubernetes (bug #910799) CVE-2024-25619 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2024-25618 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...) {DSA-5637-1} - squid 6.5-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr NOTE: https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 (SQUID_6_5) NOTE: https://github.com/squid-cache/squid/pull/1536 NOTE: https://megamansec.github.io/Squid-Security-Audit/response-memleaks.html CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...) NOT-FOR-US: a-blog cms CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...) NOT-FOR-US: VitalPBX CVE-2024-24301 (Command Injection vulnerability discovered in 4ipnet EAP-767 device v3 ...) NOT-FOR-US: 4ipnet EAP-767 device CVE-2024-24300 (4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The ...) NOT-FOR-US: 4ipnet EAP-767 CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise informatio ...) NOT-FOR-US: Yonyou space-time enterprise information integration platform CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.) NOT-FOR-US: DP Calendar component for Joomla CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restriction ...) NOT-FOR-US: EC-WEB FS-EZViewer CVE-2024-1482 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1471 (An HTML injection vulnerability exists where an authenticated, remote ...) NOT-FOR-US: Tenable CVE-2024-1367 (A command injection vulnerability exists where an authenticated, remot ...) NOT-FOR-US: Tenable CVE-2024-0708 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squee ...) NOT-FOR-US: WordPress plugin CVE-2024-0353 (Local privilege escalation vulnerability potentially allowed an attack ...) NOT-FOR-US: ESET CVE-2023-6138 (A potential security vulnerability has been identified in the system B ...) NOT-FOR-US: HP CVE-2023-51787 (An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a ...) NOT-FOR-US: Wind River VxWorks CVE-2023-46596 (Improper input validation in Algosec FireFlow VisualFlow workflow edit ...) NOT-FOR-US: Algosec FireFlow VisualFlow CVE-2024-1488 (A vulnerability was found in Unbound due to incorrect default permissi ...) - unbound (RedHat specific patch vulnerability) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264183 CVE-2024-25301 (Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Redaxo CVE-2024-25300 (A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows at ...) NOT-FOR-US: Redaxo CVE-2024-25226 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...) NOT-FOR-US: Simple Admin Panel App CVE-2024-25225 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...) NOT-FOR-US: Simple Admin Panel App CVE-2024-25224 (A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v ...) NOT-FOR-US: Simple Admin Panel App CVE-2024-25223 (Simple Admin Panel App v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Simple Admin Panel App CVE-2024-25222 (Task Manager App v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Task Manager App CVE-2024-25221 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...) NOT-FOR-US: Task Manager App CVE-2024-25220 (Task Manager App v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Task Manager App CVE-2024-25219 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...) NOT-FOR-US: Task Manager App CVE-2024-25218 (A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 al ...) NOT-FOR-US: Task Manager App CVE-2024-25217 (Online Medicine Ordering System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Online Medicine Ordering System CVE-2024-25216 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Employee Managment System CVE-2024-25215 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Employee Managment System CVE-2024-25214 (An issue in Employee Managment System v1.0 allows attackers to bypass ...) NOT-FOR-US: Employee Managment System CVE-2024-25213 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Employee Managment System CVE-2024-25212 (Employee Managment System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Employee Managment System CVE-2024-25211 (Simple Expense Tracker v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Simple Expense Tracker CVE-2024-25210 (Simple Expense Tracker v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Simple Expense Tracker CVE-2024-25209 (Barangay Population Monitoring System 1.0 was discovered to contain a ...) NOT-FOR-US: Barangay Population Monitoring System CVE-2024-25208 (Barangay Population Monitoring System v1.0 was discovered to contain a ...) NOT-FOR-US: Barangay Population Monitoring System CVE-2024-25207 (Barangay Population Monitoring System v1.0 was discovered to contain a ...) NOT-FOR-US: Barangay Population Monitoring System CVE-2024-25165 (A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, i ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/217 CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) NOT-FOR-US: Quic module for Nginx CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) NOT-FOR-US: Quic module for Nginx CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a remote user w ...) NOT-FOR-US: F5 BIG-IP CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT listener is ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23982 (When a BIG-IP PEM classification profile is configured on a UDP virtua ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23979 (When SSL Client Certificate LDAP or Certificate Revocation List Distri ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23976 (When running in Appliance mode, an authenticated attacker assigned the ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23805 (Undisclosed requests can cause the Traffic Management Microkernel (TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23789 (Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver. ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23788 (Server-side request forgery vulnerability in Energy Management Control ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23787 (Path traversal vulnerability in Energy Management Controller with Clou ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23786 (Cross-site scripting vulnerability in Energy Management Controller wit ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23785 (Cross-site request forgery vulnerability in Energy Management Controll ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23784 (Improper access control vulnerability exists in Energy Management Cont ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23783 (Improper authentication vulnerability in Energy Management Controller ...) NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 CVE-2024-23607 (A directory traversal vulnerability exists in the F5OS QKView utility ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23603 (An SQL injection vulnerability exists in an undisclosed page of the BI ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23314 (When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisc ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23308 (When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Ha ...) NOT-FOR-US: F5 BIG-IP CVE-2024-23306 (A vulnerability exists in BIG-IP Next CNF and SPK systems that may all ...) NOT-FOR-US: F5 BIG-IP CVE-2024-22389 (When BIG-IP is deployed in high availability (HA) and an iControl REST ...) NOT-FOR-US: F5 BIG-IP CVE-2024-22093 (When running in appliance mode, an authenticated remote command inject ...) NOT-FOR-US: F5 BIG-IP CVE-2024-21849 (When an Advanced WAF/ASM security policy and a Websockets profile are ...) NOT-FOR-US: F5 BIG-IP CVE-2024-21789 (When a BIG-IP ASM/Advanced WAF security policy is configured on a virt ...) NOT-FOR-US: F5 BIG-IP CVE-2024-21782 (BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who ...) NOT-FOR-US: F5 BIG-IP CVE-2024-21771 (For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an e ...) NOT-FOR-US: F5 BIG-IP CVE-2024-21763 (When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN ...) NOT-FOR-US: F5 BIG-IP CVE-2024-0568 (CWE-287: Improper Authentication vulnerability exists that could cause ...) NOT-FOR-US: Schneider Electric CVE-2024-0011 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...) NOT-FOR-US: Palo Alto Networks CVE-2024-0010 (A reflected cross-site scripting (XSS) vulnerability in the GlobalProt ...) NOT-FOR-US: Palo Alto Networks CVE-2024-0009 (An improper verification vulnerability in the GlobalProtect gateway fe ...) NOT-FOR-US: Palo Alto Networks CVE-2024-0008 (Web sessions in the management interface in Palo Alto Networks PAN-OS ...) NOT-FOR-US: Palo Alto Networks CVE-2024-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6441 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: UNI-PA University Marketing & Computer Internet Trade Inc. University Information System CVE-2023-6409 (CWE-798: Use of Hard-coded Credentials vulnerability exists that could ...) NOT-FOR-US: Schneider Electric CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...) NOT-FOR-US: Schneider Electric CVE-2023-5123 (The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcu ...) NOT-FOR-US: Grafana plugin CVE-2023-5122 (Grafana is an open-source platform for monitoring and observability. T ...) NOT-FOR-US: Grafana plugin CVE-2023-52399 REJECTED CVE-2023-52398 REJECTED CVE-2023-52396 REJECTED CVE-2023-52395 REJECTED CVE-2023-52392 REJECTED CVE-2023-51755 REJECTED CVE-2023-51754 REJECTED CVE-2023-50927 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2023-50926 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2023-50337 REJECTED CVE-2023-50336 REJECTED CVE-2023-50335 REJECTED CVE-2023-50329 REJECTED CVE-2023-50293 REJECTED CVE-2023-50241 REJECTED CVE-2023-50174 REJECTED CVE-2023-50170 REJECTED CVE-2023-49872 REJECTED CVE-2023-49870 REJECTED CVE-2023-49811 REJECTED CVE-2023-49712 REJECTED CVE-2023-49710 REJECTED CVE-2023-49611 REJECTED CVE-2023-49609 REJECTED CVE-2023-49590 REJECTED CVE-2023-49588 REJECTED CVE-2023-48987 (Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content ...) NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS) CVE-2023-48986 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...) NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS) CVE-2023-48985 (Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) ...) NOT-FOR-US: CU Solutions Group (CUSG) Content Management System (CMS) CVE-2023-48734 REJECTED CVE-2023-48729 REJECTED CVE-2023-48229 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2023-46186 (IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized u ...) NOT-FOR-US: IBM CVE-2023-45850 REJECTED CVE-2023-45738 REJECTED CVE-2023-45224 REJECTED CVE-2023-44294 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...) NOT-FOR-US: Dell CVE-2023-43749 REJECTED CVE-2023-42776 (Improper input validation in some Intel(R) SGX DCAP software for Windo ...) NOT-FOR-US: Intel CVE-2023-42775 REJECTED CVE-2023-42665 REJECTED CVE-2023-42437 REJECTED CVE-2023-41252 (Out-of-bounds read in some Intel(R) QAT software drivers for Windows b ...) NOT-FOR-US: Intel CVE-2023-41231 (Incorrect default permissions in some ACAT software maintained by Inte ...) NOT-FOR-US: Intel CVE-2023-41091 (Uncontrolled search path for some Intel(R) MPI Library Software before ...) NOT-FOR-US: Intel CVE-2023-41090 (Race condition in some Intel(R) MAS software before version 2.3 may al ...) NOT-FOR-US: Intel CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software before ...) NOT-FOR-US: Intel CVE-2023-40156 (Uncontrolled search path element in some Intel(R) SSU software before ...) NOT-FOR-US: Intel CVE-2023-40154 (Incorrect default permissions in the Intel(R) SUR for Gameplay Softwar ...) NOT-FOR-US: Intel CVE-2023-39941 (Improper access control in some Intel(R) SUR software before version 2 ...) NOT-FOR-US: Intel CVE-2023-39932 (Uncontrolled search path in the Intel(R) SUR for Gameplay Software bef ...) NOT-FOR-US: Intel CVE-2023-39450 REJECTED CVE-2023-39432 (Improper access control element in some Intel(R) Ethernet tools and dr ...) NOT-FOR-US: Intel CVE-2023-39425 (Improper access control in some Intel(R) DSA software before version 2 ...) NOT-FOR-US: Intel CVE-2023-38566 (Uncontrolled search path in some Intel(R) ISPC software before version ...) NOT-FOR-US: Intel CVE-2023-38561 (Improper access control in some Intel(R) XTU software before version 7 ...) NOT-FOR-US: Intel CVE-2023-38262 REJECTED CVE-2023-38137 REJECTED CVE-2023-38135 (Improper authorization in some Intel(R) PM software may allow a privil ...) NOT-FOR-US: Intel CVE-2023-36493 (Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applicati ...) NOT-FOR-US: Intel CVE-2023-36490 (Improper initialization in some Intel(R) MAS software before version 2 ...) NOT-FOR-US: Intel CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before version ...) NOT-FOR-US: Intel CVE-2023-35121 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...) NOT-FOR-US: Intel CVE-2023-35062 (Improper access control in some Intel(R) DSA software before version 2 ...) NOT-FOR-US: Intel CVE-2023-35061 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool ...) NOT-FOR-US: Intel CVE-2023-35003 (Path transversal in some Intel(R) VROC software before version 8.0.8.1 ...) NOT-FOR-US: Intel CVE-2023-34983 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version 202307 m ...) NOT-FOR-US: Intel CVE-2023-34315 (Incorrect default permissions in some Intel(R) VROC software before ve ...) NOT-FOR-US: Intel CVE-2023-33875 (Improper access control for some Intel(R) PROSet/Wireless and Intel(R) ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools and dri ...) NOT-FOR-US: Intel CVE-2023-32651 (Improper validation of specified type of input for some Intel(R) PROSe ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32647 (Improper access control in some Intel(R) XTU software before version 7 ...) NOT-FOR-US: Intel CVE-2023-32646 (Uncontrolled search path element in some Intel(R) VROC software before ...) NOT-FOR-US: Intel CVE-2023-32644 (Protection mechanism failure for some Intel(R) PROSet/Wireless and Int ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32642 (Insufficient adherence to expected conventions for some Intel(R) PROSe ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel CVE-2023-32282 (Race condition in BIOS firmware for some Intel(R) Processors may allow ...) NOT-FOR-US: Intel CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server Product O ...) NOT-FOR-US: Intel CVE-2023-31271 (Improper access control in some Intel(R) VROC software before version ...) NOT-FOR-US: Intel CVE-2023-31189 (Improper authentication in some Intel(R) Server Product OpenBMC firmwa ...) NOT-FOR-US: Intel CVE-2023-30767 (Improper buffer restrictions in Intel(R) Optimization for TensorFlow b ...) NOT-FOR-US: Intel CVE-2023-29153 (Uncontrolled resource consumption for some Intel(R) SPS firmware befor ...) NOT-FOR-US: Intel CVE-2023-28720 (Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-28374 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ...) - lxd (Debian uses OVMF as packaged/fixed in the EDK2 package) - incus (Debian uses OVMF as packaged/fixed in the EDK2 package) NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 CVE-2023-48733 (An insecure default to allow UEFI Shell in EDK2 was left enabled in Ub ...) {DSA-5624-1} - edk2 2023.11-7 NOTE: https://www.openwall.com/lists/oss-security/2024/02/14/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 CVE-2024-25125 (Digdag is an open source tool that to build, run, schedule, and monito ...) NOT-FOR-US: Digdag CVE-2024-25121 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2024-25120 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2024-25119 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2024-25118 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2024-24699 (Business logic error in some Zoom clients may allow an authenticated u ...) NOT-FOR-US: Zoom CVE-2024-24698 (Improper authentication in some Zoom clients may allow a privileged us ...) NOT-FOR-US: Zoom CVE-2024-24697 (Untrusted search path in some Zoom 32 bit Windows clients may allow an ...) NOT-FOR-US: Zoom CVE-2024-24696 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...) NOT-FOR-US: Zoom CVE-2024-24695 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...) NOT-FOR-US: Zoom CVE-2024-24691 (Improper input validation in Zoom Desktop Client for Windows, Zoom VDI ...) NOT-FOR-US: Zoom CVE-2024-24690 (Improper input validation in some Zoom clients may allow an authentica ...) NOT-FOR-US: Zoom CVE-2024-24142 (Sourcecodester School Task Manager 1.0 allows SQL Injection via the 's ...) NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-22455 (Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Obje ...) NOT-FOR-US: Dell CVE-2024-1485 (A flaw was found in the decompression function of registry-support. Th ...) NOT-FOR-US: OpenShift CVE-2023-6152 (A user changing their email after signing up and verifying it can chan ...) - grafana CVE-2023-44293 (In Dell Secure Connect Gateway Application and Secure Connect Gateway ...) NOT-FOR-US: Dell CVE-2023-44283 (In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and Supp ...) NOT-FOR-US: Dell CVE-2023-39249 (Dell SupportAssist for Business PCs version 3.4.0 contains a local Aut ...) NOT-FOR-US: Dell CVE-2023-38960 (Insecure Permissions issue in Raiden Professional Server RaidenFTPD v. ...) NOT-FOR-US: RaidenFTPD CVE-2024-1342 (A flaw was found in OpenShift. The existing Cross-Site Request Forgery ...) NOT-FOR-US: Red Hat OpenShift CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) NOT-FOR-US: sidekiq-unique-jobs CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) {DLA-3751-1} - libapache2-mod-auth-openidc 2.4.15.7-1 (bug #1064183) [bookworm] - libapache2-mod-auth-openidc (Minor issue) [bullseye] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2) CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) NOT-FOR-US: VDE CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) NOT-FOR-US: VDE CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...) NOT-FOR-US: TYPO3 extension CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) NOT-FOR-US: Siemens CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) NOT-FOR-US: Vba32 Antivirus CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) NOT-FOR-US: Vba32 Antivirus CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...) NOT-FOR-US: adv radius CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...) NOT-FOR-US: Siemens CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21404 (.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) NOT-FOR-US: Microsoft CVE-2024-21402 (Microsoft Outlook Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21401 (Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2024-21397 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21396 (Dynamics 365 Sales Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21395 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2024-21394 (Dynamics 365 Field Service Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21393 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2024-21391 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21389 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2024-21386 (.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21384 (Microsoft Office OneNote Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21381 (Microsoft Azure Active Directory B2C Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21380 (Microsoft Dynamics Business Central/NAV Information Disclosure Vulnera ...) NOT-FOR-US: Microsoft CVE-2024-21379 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21378 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21377 (Windows DNS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21376 (Microsoft Azure Kubernetes Service Confidential Container Remote Code ...) NOT-FOR-US: Microsoft CVE-2024-21375 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21374 (Microsoft Teams for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21372 (Windows OLE Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21371 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21370 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21369 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21368 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21367 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21366 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21365 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21364 (Microsoft Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21363 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21362 (Windows Kernel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21361 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21360 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21359 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21358 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21357 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2024-21356 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...) NOT-FOR-US: Microsoft CVE-2024-21355 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21354 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21353 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21352 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21351 (Windows SmartScreen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21350 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2024-21349 (Microsoft ActiveX Data Objects Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21348 (Internet Connection Sharing (ICS) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21347 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21346 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21345 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21344 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-21343 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2024-21342 (Windows DNS Client Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21341 (Windows Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21340 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21339 (Windows USB Generic Parent Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21338 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21329 (Azure Connected Machine Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21328 (Dynamics 365 Sales Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21327 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2024-21315 (Microsoft Defender for Endpoint Protection Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2024-21304 (Trusted Compute Base Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20695 (Skype for Business Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20684 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20679 (Azure Stack Hub Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20673 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20667 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1378 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1374 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1372 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1369 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1359 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1355 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1354 (A command injection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niagara F ...) NOT-FOR-US: Honeywell CVE-2024-1216 REJECTED CVE-2024-1163 (Uncontrolled Resource Consumption in GitHub repository mbloch/mapshape ...) NOT-FOR-US: mapshaper CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1159 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1157 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-1140 (Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnera ...) NOT-FOR-US: Twister Antivirus CVE-2024-1096 (Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerabi ...) NOT-FOR-US: Twister Antivirus CVE-2024-1084 (Cross-site Scripting in thetag name pattern field in the tag protectio ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-1082 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-0707 REJECTED CVE-2023-6072 (A cross-site scripting vulnerability in Trellix Central Management (CM ...) NOT-FOR-US: Trellix CVE-2023-5680 (If a resolver cache has a very large number of ECS records stored for ...) - bind9 (Only impacts BIND Supported Preview Edition) CVE-2023-51440 (A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30 ...) NOT-FOR-US: Siemens CVE-2023-50808 (Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based ...) NOT-FOR-US: Zimbra CVE-2023-50236 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2023-49125 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-48432 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...) NOT-FOR-US: Zimbra CVE-2023-48364 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...) NOT-FOR-US: Siemens CVE-2023-48363 (A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), ...) NOT-FOR-US: Siemens CVE-2023-45207 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...) NOT-FOR-US: Zimbra CVE-2023-45206 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and ...) NOT-FOR-US: Zimbra CVE-2023-31347 (Due to a code bug in Secure_TSC, SEV firmware may allow an attacker wi ...) NOT-FOR-US: AMD CVE-2023-31346 (Failure to initialize memory in SEV Firmware may allow a privileged at ...) NOT-FOR-US: AMD CVE-2023-4408 (The DNS message parsing code in `named` includes a section whose compu ...) {DSA-5621-1} - bind9 1:9.19.21-1 NOTE: https://kb.isc.org/docs/cve-2023-4408 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/770bb71ce7d934d2461a719af76bee3803145811 (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/0bbb0065e63c3231b320bd20d1121aed6c4d00d8 (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/f397ff5bb81413004fa6367f63a833fe70a3ac59 (v9.16.48) CVE-2023-5517 (A flaw in query-handling code can cause `named` to exit prematurely wi ...) {DSA-5621-1} - bind9 1:9.19.21-1 [buster] - bind9 (Issue does not affect 9.11.y series) NOTE: https://kb.isc.org/docs/cve-2023-5517 CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named` to c ...) {DSA-5621-1} - bind9 1:9.19.21-1 [buster] - bind9 (Vulnerable code not present) NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...) - bind9 1:9.17.19-1 [bullseye] - bind9 1:9.16.48-1 [buster] - bind9 (Vulnerable code only in 9.16.y series) NOTE: https://kb.isc.org/docs/cve-2023-6516 NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series NOTE: which entered unstable as the fixed version as workaround. CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...) {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1} - bind9 1:9.19.21-1 - dnsmasq 2.90-1 - knot-resolver 5.7.1-1 [bullseye] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) [buster] - knot-resolver (Too intrusive to backport) - pdns-recursor 4.9.3-1 (bug #1063852) [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) - unbound 1.19.1-1 (bug #1063845) - systemd 255.4-1 [bookworm] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) [bullseye] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) [buster] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/c12608ca934c0433d280e65fe6c631013e200cfe (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/751b7cc4750ede6d8c5232751d60aad8ad84aa67 (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/6a65a425283d70da86bf732449acd6d7c8dec718 (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/3d206e918b3efbc20074629ad9d99095fbd2e5fd (v9.16.48) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/a520fbc0470a0d6b72db6aa0b8deda8798551614 (v9.16.48) NOTE: https://downloads.isc.org/isc/bind9/9.16.48/patches/0005-CVE-2023-50387-CVE-2023-50868.patch NOTE: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html NOTE: https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html NOTE: https://github.com/CZ-NIC/knot-resolver/commit/7ddabe80fa05b76fc57b5a112a82a2c032032534 NOTE: https://github.com/CZ-NIC/knot-resolver/commit/feb65eb97b93f0f024d70c7f5f6cbc6802ba02ec (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/cc5051b4441307d9b262fa382bc715391112ddbb (v5.7.1) NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1) NOTE: https://github.com/systemd/systemd/issues/31413 NOTE: https://github.com/systemd/systemd/commit/67d0ce8843d612a2245d0966197d4f528b911b66 (v256) NOTE: https://github.com/systemd/systemd/commit/eba291124bc11f03732d1fc468db3bfac069f9cb (v256) NOTE: https://github.com/systemd/systemd-stable/commit/1ebdb19ff194120109b08bbf888bdcc502f83211 (v255.4) NOTE: https://github.com/systemd/systemd-stable/commit/572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 (v255.4) NOTE: https://github.com/systemd/systemd-stable/commit/2f5edffa8ffd5210165ebe7604f07d23f375fe9a (v254.10) NOTE: https://github.com/systemd/systemd-stable/commit/9899281c59a91f19c8b39362d203e997d2faf233 (v254.10) NOTE: https://github.com/systemd/systemd-stable/commit/7886eea2425fe7773cc012da0b2e266e33d4be12 (v253.17) NOTE: https://github.com/systemd/systemd-stable/commit/156e519d990a5662c719a1cbe80c6a02a2b9115f (v253.17) NOTE: https://github.com/systemd/systemd-stable/commit/7633d969f3422f9ad380a512987d398e54764817 (v252.23) NOTE: https://github.com/systemd/systemd-stable/commit/b43bcb51ebf9aea21b1e280e1872056994e3f53d (v252.23) NOTE: systemd: DNSSEC is default to off in systemd-resolved CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...) {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3736-1} - bind9 1:9.19.21-1 - dnsmasq 2.90-1 - knot-resolver 5.7.1-1 [bullseye] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) [buster] - knot-resolver (Too intrusive to backport, if DNSSEC is used Bookworm can be used) - pdns-recursor 4.9.3-1 (bug #1063852) [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) - unbound 1.19.1-1 (bug #1063845) - systemd 255.4-1 [bookworm] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) [bullseye] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) [buster] - systemd (DNSSEC is disabled by default in systemd-resolved; can be fixed via point release) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://downloads.isc.org/isc/bind9/9.16.48/patches/0005-CVE-2023-50387-CVE-2023-50868.patch NOTE: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html NOTE: https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html NOTE: https://github.com/CZ-NIC/knot-resolver/commit/e966b7fdb167add0ec37c56a954c2d847f627985 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/eccb8e278c1cde0548cc570eac619feaa290cede (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/b5051ac26f34358b40f9115f977fe1f54e8f581e (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/24699e9f206a8f957b516cad22a8e5790d226836 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/a05cf1d379d1af0958587bd111f791b72f404364 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/9b421cdf91f987e0254a06ff2c4e8fbf76dc2b58 (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/5e80624b18d40ae44be704751d3b22943edf287f NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f9ba52e6f54bc1db122870df50cb364cb977436e (v5.7.1) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/b044babbee358dc305d770a1dab3a877c49468a7 (v5.7.1) NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c (release-1.19.1) NOTE: https://github.com/systemd/systemd/issues/31413 NOTE: https://github.com/systemd/systemd/commit/67d0ce8843d612a2245d0966197d4f528b911b66 (v256) NOTE: https://github.com/systemd/systemd/commit/eba291124bc11f03732d1fc468db3bfac069f9cb (v256) NOTE: https://github.com/systemd/systemd-stable/commit/1ebdb19ff194120109b08bbf888bdcc502f83211 (v255.4) NOTE: https://github.com/systemd/systemd-stable/commit/572692f0bdd6a3fabe3dd4a3e8e5565cc69b5e14 (v255.4) NOTE: https://github.com/systemd/systemd-stable/commit/2f5edffa8ffd5210165ebe7604f07d23f375fe9a (v254.10) NOTE: https://github.com/systemd/systemd-stable/commit/9899281c59a91f19c8b39362d203e997d2faf233 (v254.10) NOTE: https://github.com/systemd/systemd-stable/commit/7886eea2425fe7773cc012da0b2e266e33d4be12 (v253.17) NOTE: https://github.com/systemd/systemd-stable/commit/156e519d990a5662c719a1cbe80c6a02a2b9115f (v253.17) NOTE: https://github.com/systemd/systemd-stable/commit/7633d969f3422f9ad380a512987d398e54764817 (v252.23) NOTE: https://github.com/systemd/systemd-stable/commit/b43bcb51ebf9aea21b1e280e1872056994e3f53d (v252.23) NOTE: systemd: DNSSEC is default to off in systemd-resolved CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) NOT-FOR-US: SAP CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) NOT-FOR-US: SAP CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) NOT-FOR-US: SteVe CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) [experimental] - exiv2 0.28.2+dfsg-1 - exiv2 (bug #1070392) [bookworm] - exiv2 (Minor issue) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36 NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/355afea485550e8214ac6b449fb210a7efb71365 (v0.28.2) NOTE: GHSA mentions new in v0.28.0, but that only applies to the "main" branch, where NOTE: it was removed and later reintroduced. The 0.27-maintenance branch _does_ include NOTE: the Quicktime decoder CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) - azure-uamqp-python 1.6.8-2 (bug #1064051) NOTE: https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 NOTE: https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v NOTE: https://github.com/Azure/azure-uamqp-python/issues/380 CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) NOT-FOR-US: Pixelfed CVE-2024-24935 (Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic ...) NOT-FOR-US: WordPress plugin CVE-2024-24929 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter We ...) NOT-FOR-US: WordPress plugin CVE-2024-24887 (Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Pho ...) NOT-FOR-US: WordPress plugin CVE-2024-24884 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Fo ...) NOT-FOR-US: WordPress plugin CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Li ...) NOT-FOR-US: WordPress plugin CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) [experimental] - exiv2 0.28.2+dfsg-1 - exiv2 (bug #1070392) [bookworm] - exiv2 (Minor issue) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w NOTE: https://github.com/Exiv2/exiv2/pull/2337 NOTE: GHSA mentions new in v0.28.0, but that only applies to the "main" branch, where NOTE: it was removed and later reintroduced. The 0.27-maintenance branch _does_ include NOTE: the Quicktime decoder CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) NOT-FOR-US: SAP CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...) NOT-FOR-US: SAP CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...) NOT-FOR-US: SAP CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...) NOT-FOR-US: SAP CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) NOT-FOR-US: SAP CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) NOT-FOR-US: Koha Library Management System CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) - openrefine 3.7.8-1 (bug #1064192) [bookworm] - openrefine (Minor issue) NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8) CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) NOT-FOR-US: Gambio CVE-2024-23762 (Unrestricted File Upload vulnerability in Content Manager feature in G ...) NOT-FOR-US: Gambio CVE-2024-23761 (Server Side Template Injection in Gambio 4.9.2.0 allows attackers to r ...) NOT-FOR-US: Gambio CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows at ...) NOT-FOR-US: Gambio CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...) NOT-FOR-US: Gambio CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...) NOT-FOR-US: WordPress plugin CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) NOT-FOR-US: Dell CVE-2024-22445 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) NOT-FOR-US: Dell CVE-2024-22230 (Dell Unity, versions prior to 5.4, contains a Cross-site scripting vul ...) NOT-FOR-US: Dell CVE-2024-22228 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22227 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22226 (Dell Unity, versions prior to 5.4, contain a path traversal vulnerabil ...) NOT-FOR-US: Dell CVE-2024-22225 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22224 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22223 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22222 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-22221 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) NOT-FOR-US: Dell CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...) NOT-FOR-US: SAP CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...) NOT-FOR-US: SAP CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND 102, S4FN ...) NOT-FOR-US: SAP CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that could b ...) NOT-FOR-US: SAP CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_U ...) NOT-FOR-US: SAP CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - version 7.50 ...) NOT-FOR-US: SAP CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML component of I ...) NOT-FOR-US: Ivanti CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...) NOT-FOR-US: Rust crate svix CVE-2024-1439 (Inadequate access control in Moodle LMS. This vulnerability could allo ...) - moodle CVE-2024-1420 REJECTED CVE-2024-0566 (The Smart Manager WordPress plugin before 8.28.0 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2024-0421 (The MapPress Maps for WordPress plugin before 2.88.16 does not ensure ...) NOT-FOR-US: WordPress plugin CVE-2024-0420 (The MapPress Maps for WordPress plugin before 2.88.15 does not sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2024-0250 (The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-0248 (The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 ...) NOT-FOR-US: WordPress plugin CVE-2024-0170 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-0169 (Dell Unity, versions prior to 5.4, contains a cross-site scripting (XS ...) NOT-FOR-US: Dell CVE-2024-0168 (Dell Unity, versions prior to 5.4, contains a Command Injection Vulner ...) NOT-FOR-US: Dell CVE-2024-0167 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-0166 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-0165 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) NOT-FOR-US: Dell CVE-2024-0164 (Dell Unity, versions prior to 5.4, contain an OS Command Injection Vul ...) NOT-FOR-US: Dell CVE-2023-7233 (The GigPress WordPress plugin through 2.3.29 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-6815 (Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2023-6591 (The Popup Box WordPress plugin before 20.9.0 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-6501 (The Splashscreen WordPress plugin through 0.20 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-6499 (The lasTunes WordPress plugin through 3.6.1 does not have CSRF check i ...) NOT-FOR-US: WordPress plugin CVE-2023-6294 (The Popup Builder WordPress plugin before 4.2.6 does not validate a pa ...) NOT-FOR-US: WordPress plugin CVE-2023-6082 (The chartjs WordPress plugin through 2023.2 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-6081 (The chartjs WordPress plugin through 2023.2 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-6036 (The Web3 WordPress plugin before 3.0.0 is vulnerable to an authenticat ...) NOT-FOR-US: WordPress plugin CVE-2023-52431 (The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows ...) NOT-FOR-US: Plack::Middleware::XSRFBlock perl module CVE-2023-52430 (The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a ...) NOT-FOR-US: Caddy plugin CVE-2023-52060 (A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attacker ...) NOT-FOR-US: Gestsup CVE-2023-52059 (A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows a ...) NOT-FOR-US: Gestsup CVE-2023-50358 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-49339 (Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) vi ...) NOT-FOR-US: Ellucian Banner CVE-2023-47218 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-46615 (Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Comin ...) NOT-FOR-US: WordPress plugin CVE-2023-42374 (An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote at ...) NOT-FOR-US: mystenlabs Sui Blockchain CVE-2023-41708 (References to the "app loader" functionality could contain redirects t ...) NOT-FOR-US: OX App Suite CVE-2023-41707 (Processing of user-defined mail search expressions is not limited. Ava ...) NOT-FOR-US: OX App Suite CVE-2023-41706 (Processing time of drive search expressions now gets monitored, and th ...) NOT-FOR-US: OX App Suite CVE-2023-41705 (Processing of user-defined DAV user-agent strings is not limited. Avai ...) NOT-FOR-US: OX App Suite CVE-2023-41704 (Processing of CID references at E-Mail can be abused to inject malicio ...) NOT-FOR-US: OX App Suite CVE-2023-41703 (User ID references at mentions in document comments were not correctly ...) NOT-FOR-US: OX App Suite CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-boun ...) - libcpanel-json-xs-perl 4.35-1 [bullseye] - libcpanel-json-xs-perl (Minor issue) [buster] - libcpanel-json-xs-perl (Minor issue) NOTE: https://github.com/rurban/Cpanel-JSON-XS/issues/208 NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b (4.33) CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: lambda-middleware frameguard CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue may a ...) - undertow (bug #1068816) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475 CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC driver in ...) - opensc 0.25.0~rc1-1 [bookworm] - opensc (Minor issue) [bullseye] - opensc (Minor issue) [buster] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2263929 NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454 NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an attacker to ...) - python-jwcrypto 1.5.4-1 [bookworm] - python-jwcrypto (Minor issue) [bullseye] - python-jwcrypto (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843 NOTE: https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8 (v1.5.1) CVE-2023-6110 [deleting a non existing access rule deletes another existing access rule in it's scope] - python-openstackclient 6.3.0-2 [bookworm] - python-openstackclient (Minor issue) [bullseye] - python-openstackclient (Minor issue) [buster] - python-openstackclient (app cred access rules introduced in v5) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212960 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209607 NOTE: https://review.opendev.org/888697 CVE-2024-25744 (In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 s ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b82a8dbd3d2f4563156f7150c6f2ecab6e960b30 (6.7-rc5) CVE-2024-25741 (printer_write in drivers/usb/gadget/function/f_printer.c in the Linux ...) - linux NOTE: https://www.spinics.net/lists/linux-usb/msg252167.html CVE-2024-25740 (A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/atta ...) - linux NOTE: https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T/ CVE-2024-25739 (create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel throug ...) - linux NOTE: https://www.spinics.net/lists/kernel/msg5074816.html NOTE: https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg CVE-2024-25728 (ExpressVPN before 12.73.0 on Windows, when split tunneling is used, se ...) NOT-FOR-US: ExpressVPN CVE-2024-25419 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-25418 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-25417 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: flusity-CMS CVE-2024-25100 (Deserialization of Untrusted Data vulnerability in WP Swings Coupon Re ...) NOT-FOR-US: WordPress plugin CVE-2024-24933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24926 (Deserialization of Untrusted Data vulnerability in UnitedThemes Brookl ...) NOT-FOR-US: WordPress plugin CVE-2024-24889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24797 (Deserialization of Untrusted Data vulnerability in G5Theme ERE Recentl ...) NOT-FOR-US: WordPress plugin CVE-2024-24796 (Deserialization of Untrusted Data vulnerability in MagePeople Team Eve ...) NOT-FOR-US: WordPress plugin CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...) NOT-FOR-US: WordPress plugin CVE-2024-1433 (A vulnerability, which was classified as problematic, was found in KDE ...) - plasma-workspace (bug #1064063) [bookworm] - plasma-workspace (Minor issue) [bullseye] - plasma-workspace (Minor issue) [buster] - plasma-workspace (Minor issue) NOTE: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6 ...) {DSA-5681-1} - linux 6.7.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/bd504bcfec41a503b32054da5472904b404341a4 (6.8-rc3) CVE-2023-51403 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47526 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-25722 (qanything_kernel/connector/database/mysql/mysql_client.py in qanything ...) NOT-FOR-US: qanything.ai QAnything CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_as ...) NOT-FOR-US: Samly CVE-2024-25715 (Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redi ...) - glewlwyd 2.7.6+ds-2 [bookworm] - glewlwyd (Minor issue) [bullseye] - glewlwyd (Minor issue) [buster] - glewlwyd (Minor issue) NOTE: https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754 NOTE: https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75 CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ...) - rhonabwy 1.1.13-2 [bookworm] - rhonabwy (Minor issue) [bullseye] - rhonabwy (Minor issue) NOTE: https://github.com/babelouest/rhonabwy/commit/f9fd9a1c77e48b514ebb3baf0360f87eef3d846e CVE-2024-25713 (yyjson through 0.8.0 has a double free, leading to remote code executi ...) - yyjson (bug #972804) CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because a file ...) NOT-FOR-US: http-swagger CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant privilege escala ...) NOT-FOR-US: Ghost CMS CVE-2024-21875 (Allocation of Resources Without Limits or Throttling vulnerability in ...) NOT-FOR-US: Team Hacker Hotel Badge CVE-2024-1432 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...) NOT-FOR-US: DeepFaceLab CVE-2024-1431 (A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and cla ...) NOT-FOR-US: Netgear CVE-2024-1430 (A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 an ...) NOT-FOR-US: Netgear CVE-2024-1151 (A vulnerability was reported in the Open vSwitch sub-component in the ...) {DSA-5681-1} - linux [bookworm] - linux 6.1.82-1 NOTE: https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ NOTE: https://git.kernel.org/linus/6e2f90d31fe09f2b852de25125ca875aabd81367 CVE-2023-52428 (In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a d ...) NOT-FOR-US: Connect2id Nimbus JOSE+JWT CVE-2023-52427 (In OpenDDS through 3.27, there is a segmentation fault for a DataWrite ...) NOT-FOR-US: OpenDDS CVE-2024-23517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22361 (IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0 ...) NOT-FOR-US: IBM CVE-2024-22313 (IBM Storage Defender - Resiliency Service 2.0 contains hard-coded cred ...) NOT-FOR-US: IBM CVE-2024-22312 (IBM Storage Defender - Resiliency Service 2.0 stores user credentials ...) NOT-FOR-US: IBM CVE-2023-51493 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51492 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51488 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51485 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51480 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51404 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50957 (IBM Storage Defender - Resiliency Service 2.0 could allow a privileged ...) NOT-FOR-US: IBM CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Sp ...) NOT-FOR-US: MediaWiki extension CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...) NOT-FOR-US: Node pkg CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When PPv2 is en ...) - envoyproxy (bug #987544) CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy crashes i ...) - envoyproxy (bug #987544) CVE-2024-23324 (Envoy is a high-performance edge/middle/service proxy. External authen ...) - envoyproxy (bug #987544) CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The regex expre ...) - envoyproxy (bug #987544) CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy will cras ...) - envoyproxy (bug #987544) CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...) NOT-FOR-US: nonebot2 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...) - angular.js [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Fix along with the next DLA) NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been decl ...) NOT-FOR-US: Linksys CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been clas ...) NOT-FOR-US: Linksys CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as ...) NOT-FOR-US: Linksys CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerabil ...) NOT-FOR-US: Sametime Proxy application CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The applica ...) NOT-FOR-US: HCL CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.) NOT-FOR-US: HCL / Sametime application CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in Outlook add ...) NOT-FOR-US: HCL / Sametime application CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabled in ...) NOT-FOR-US: HCL / Sametime application CVE-2024-25711 (diffoscope before 256 allows directory traversal via an embedded filen ...) - diffoscope 256 [bookworm] - diffoscope (Minor issue) [bullseye] - diffoscope (Minor issue) [buster] - diffoscope (Minor issue; fix it along the next DLA) NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361 NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476 (256) CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial encryption keys a ...) NOT-FOR-US: pquic CVE-2024-25678 (In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mi ...) NOT-FOR-US: LiteSpeed QUIC (LSQUIC) Library CVE-2024-25677 (In Min before 1.31.0, local files are not correctly treated as unique ...) NOT-FOR-US: Min CVE-2024-25675 (An issue was discovered in MISP before 2.4.184. A client does not need ...) NOT-FOR-US: MISP CVE-2024-25674 (An issue was discovered in MISP before 2.4.184. Organisation logo uplo ...) NOT-FOR-US: MISP CVE-2024-25454 (Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference ...) NOT-FOR-US: Bento4 CVE-2024-25453 (Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference ...) NOT-FOR-US: Bento4 CVE-2024-25452 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via t ...) NOT-FOR-US: Bento4 CVE-2024-25451 (Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via t ...) NOT-FOR-US: Bento4 CVE-2024-25450 (imlib2 v1.9.1 was discovered to mishandle memory allocation in the fun ...) - imlib2 1.10.0-2 [bullseye] - imlib2 (Minor issue) [buster] - imlib2 (Vulnerable code introduced later) NOTE: https://github.com/derf/feh/issues/712 NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20 NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0) NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0) CVE-2024-25448 (An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 ...) - imlib2 1.10.0-2 [bullseye] - imlib2 (Minor issue) [buster] - imlib2 (Vulnerable code introduced later) NOTE: https://github.com/derf/feh/issues/711 NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20 NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0) NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0) CVE-2024-25447 (An issue in the imlib_load_image_with_error_return function of imlib2 ...) - imlib2 1.10.0-2 [bullseye] - imlib2 (Minor issue) [buster] - imlib2 (Vulnerable code introduced later) NOTE: https://github.com/derf/feh/issues/709 NOTE: https://git.enlightenment.org/old/legacy-imlib2/issues/20 NOTE: Introduced by: https://git.enlightenment.org/old/legacy-imlib2/commit/0d0a701a96bf87a5df95fd8bb599b414b6a6a220 (v1.6.0) NOTE: Fixed by: https://git.enlightenment.org/old/legacy-imlib2/commit/e9c09deb08047c9e902ce37144e82b6edb8aedb6 (v1.10.0) CVE-2024-25446 (An issue in the HuginBase::PTools::setDestImage function of Hugin v202 ...) - hugin 2023.0~beta1+dfsg-1 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://bugs.launchpad.net/hugin/+bug/2025037 CVE-2024-25445 (Improper handling of values in HuginBase::PTools::Transform::transform ...) - hugin 2023.0~beta1+dfsg-1 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://bugs.launchpad.net/hugin/+bug/2025038 CVE-2024-25443 (An issue in the HuginBase::ImageVariable::linkWith function of ...) - hugin 2023.0~beta1+dfsg-1 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://bugs.launchpad.net/hugin/+bug/2025035 CVE-2024-25442 (An issue in the HuginBase::PanoramaMemento::loadPTScript function of H ...) - hugin 2023.0~beta1+dfsg-1 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://bugs.launchpad.net/hugin/+bug/2025032 CVE-2024-25318 (Code-projects Hotel Managment System 1.0 allows SQL Injection via the ...) NOT-FOR-US: Code-projects Hotel Managment System CVE-2024-25316 (Code-projects Hotel Managment System 1.0 allows SQL Injection via the ...) NOT-FOR-US: Code-projects Hotel Managment System CVE-2024-25315 (Code-projects Hotel Managment System 1.0, allows SQL Injection via the ...) NOT-FOR-US: Code-projects Hotel Managment System CVE-2024-25314 (Code-projects Hotel Managment System 1.0, allows SQL Injection via the ...) NOT-FOR-US: Code-projects Hotel Managment System CVE-2024-25313 (Code-projects Simple School Managment System 1.0 allows Authentication ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25312 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25310 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25309 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25308 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25307 (Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Cinema Seat Reservation System CVE-2024-25306 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25305 (Code-projects Simple School Managment System 1.0 allows Authentication ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25304 (Code-projects Simple School Managment System 1.0 allows SQL Injection ...) NOT-FOR-US: Code-projects Simple School Managment System CVE-2024-25302 (Sourcecodester Event Student Attendance System 1.0, allows SQL Injecti ...) NOT-FOR-US: Sourcecodester Event Student Attendance System CVE-2024-24776 (Mattermost fails to check the required permissions in thePOST /api/v4/ ...) - mattermost-server (bug #823556) CVE-2024-24774 (Mattermost Jira Plugin handling subscriptions fails to check the secur ...) NOT-FOR-US: Mattermost Jira Plugin CVE-2024-23319 (Mattermost Jira Plugin fails to protect against logout CSRF allowing a ...) NOT-FOR-US: Mattermost Jira Plugin CVE-2024-22119 (The cause of vulnerability is improper validation of form input field ...) {DLA-3798-1} - zabbix 1:6.0.24+dfsg-1 NOTE: https://support.zabbix.com/browse/ZBX-24070 NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/d5b73ddafc2b91376c0d74027b5f727cea6f9c29 (4.0.0alpha1) NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aec9ebf575e6c62b5397f267ae5353b121a91262 (6.0.24rc1) NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/62a62b1b7f07a4a7cf249bef05968bb0eef1cfb2 (5.0.40rc1) CVE-2024-21762 (A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2 ...) NOT-FOR-US: FortiGuard CVE-2024-1402 (Mattermost fails to check if a custom emoji reaction exists when sendi ...) - mattermost-server (bug #823556) CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS via the ...) NOT-FOR-US: Concrete CMS CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS ...) NOT-FOR-US: Concrete CMS CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS in file ...) NOT-FOR-US: Concrete CMS CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability in Soft ...) NOT-FOR-US: Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System CVE-2023-6716 REJECTED CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Oduyo Financial Technology Online Collection CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, Unrestricted U ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/1 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/2 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50292 (Incorrect Permission Assignment for Critical Resource, Improper Contro ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50292-apache-solr-schema-designer-blindly-trusts-all-configsets-possibly-leading-to-rce-by-unauthenticated-users NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/3 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2023-50291 (Insufficiently Protected Credentials vulnerability in Apache Solr. Th ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (No longer supported in LTS) NOTE: https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies NOTE: https://www.openwall.com/lists/oss-security/2024/02/09/4 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2024-25107 (WikiDiscover is an extension designed for use with a CreateWiki manage ...) NOT-FOR-US: MediaWiki extension CVE-2024-25106 (OpenObserve is a observability platform built specifically for logs, m ...) NOT-FOR-US: OpenObserve CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...) NOT-FOR-US: KiTTY CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...) NOT-FOR-US: KiTTY CVE-2024-24830 (OpenObserve is a observability platform built specifically for logs, m ...) NOT-FOR-US: OpenObserve CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. Sentr ...) NOT-FOR-US: Sentry CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...) NOT-FOR-US: DIRAC CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...) {DSA-5632-1} - composer 2.7.1-1 (bug #1063603) [buster] - composer (InstalledVersions feature is post version 2.0) NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0) CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...) NOT-FOR-US: Icinga Director CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...) NOT-FOR-US: icingaweb2-module-incubator CVE-2024-24499 REJECTED CVE-2024-24498 REJECTED CVE-2024-24497 REJECTED CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...) NOT-FOR-US: Daily Habit Tracker CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily Habit Track ...) NOT-FOR-US: Daily Habit Tracker CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows ...) NOT-FOR-US: Daily Habit Tracker CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows a remot ...) NOT-FOR-US: Pichome CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module f ...) NOT-FOR-US: Boostmyshop CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone official Dock ...) NOT-FOR-US: Plone Docker image CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command injection ...) NOT-FOR-US: KiTTY CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java framework ...) NOT-FOR-US: Micronaut Framework CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vul ...) NOT-FOR-US: IBM CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 th ...) NOT-FOR-US: IBM CVE-2024-1353 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPEMS CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2 ...) NOT-FOR-US: WooCommerce plugin CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...) NOT-FOR-US: Emerson Rosemount CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypa ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi Accessories Pro" ...) NOT-FOR-US: Presta CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authe ...) NOT-FOR-US: Emerson Rosemount CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and ...) NOT-FOR-US: Axigen CVE-2023-47132 (An issue discovered in N-able N-central before 2023.6 and earlier allo ...) NOT-FOR-US: N-able CVE-2023-47131 (The N-able PassPortal extension before 3.29.2 for Chrome inserts sensi ...) NOT-FOR-US: N-able CVE-2023-46687 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...) NOT-FOR-US: Emerson Rosemount CVE-2023-46350 (SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier ...) NOT-FOR-US: InnovaDeluxe CVE-2023-45191 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequ ...) NOT-FOR-US: IBM CVE-2023-45190 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable t ...) NOT-FOR-US: IBM CVE-2023-45187 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 do ...) NOT-FOR-US: IBM CVE-2023-43609 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...) NOT-FOR-US: Emerson Rosemount CVE-2023-42016 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...) NOT-FOR-US: IBM CVE-2023-40266 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...) NOT-FOR-US: Atos Unify CVE-2023-40265 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...) NOT-FOR-US: Atos Unify CVE-2023-40264 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...) NOT-FOR-US: Atos Unify CVE-2023-40263 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...) NOT-FOR-US: Atos Unify CVE-2023-40262 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...) NOT-FOR-US: Atos Unify CVE-2023-39683 (Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and bef ...) NOT-FOR-US: EasyEmail CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 throug ...) NOT-FOR-US: IBM CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...) NOT-FOR-US: Grav CMS CVE-2023-4639 [Cookie Smuggling/Spoofing] - undertow (bug #1063539) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022 CVE-2023-3966 (A flaw was found in Open vSwitch where multiple versions are vulnerabl ...) {DSA-5640-1} - openvswitch 3.3.0-1 (bug #1063492) [buster] - openvswitch (Vulnerable feature introduced later) NOTE: https://www.openwall.com/lists/oss-security/2024/02/08/3 NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/a468645c6d330943dbe0c8d466e05b9af2d7df0c (v2.11.0) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/2cfbcd5247ed0fd941c1ebb9f4adb952b67fe13a (v3.2.2) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/91e621bd5abab19954bec09c7d27c59acdf607b1 (v3.1.4) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/935cd1d574c6f432a451df8941374ffb36d767d9 (v3.0.6) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...) - php-jwt CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...) NOT-FOR-US: l8w8jwt CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...) {DLA-3739-1} [experimental] - libjwt 1.17.0-1 - libjwt 1.17.0-2 (bug #1063534) [bookworm] - libjwt (Minor issue) [bullseye] - libjwt (Minor issue) NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md NOTE: https://github.com/benmcollins/libjwt/commit/f73bac57c5bece16ac24f1a70022aa34355fc1bf (v1.17.0) NOTE: https://github.com/benmcollins/libjwt/commit/a5d61ef4f1b383876e0a78534383f38159471fd6 (v1.17.0) CVE-2024-24886 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24881 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24879 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24878 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24871 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24321 (An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to ex ...) NOT-FOR-US: D-Link CVE-2024-24215 (An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web ...) NOT-FOR-US: Cellinx NVT Web Server CVE-2024-24213 (Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vu ...) NOT-FOR-US: Supabase CVE-2024-24115 (A stored cross-site scripting (XSS) vulnerability in the Edit Page fun ...) NOT-FOR-US: Cotonti CMS CVE-2024-24113 (xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerabilit ...) NOT-FOR-US: XXL-Job CVE-2024-24034 (Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via ...) NOT-FOR-US: Setor Informatica S.I.L CVE-2024-23764 (Certain WithSecure products allow Local Privilege Escalation. This aff ...) NOT-FOR-US: WithSecure Client Security CVE-2024-23660 (The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844f ...) NOT-FOR-US: Binance Trust Wallet app for iOS CVE-2024-23452 (Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1. ...) NOT-FOR-US: Apache bRPC CVE-2024-22836 (An OS command injection vulnerability exists in Akaunting v3.1.3 and e ...) NOT-FOR-US: Akaunting CVE-2024-22795 (Insecure Permissions vulnerability in Forescout SecureConnector v.11.3 ...) NOT-FOR-US: Forescout SecureConnector CVE-2024-22464 (Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Servi ...) NOT-FOR-US: Dell EMC AppSync CVE-2024-1329 (HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 tem ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack CVE-2024-1207 (The WP Booking Calendar plugin for WordPress is vulnerable to SQL Inje ...) NOT-FOR-US: WordPress plugin CVE-2024-1150 (Improper Verification of Cryptographic Signature vulnerability in Snow ...) NOT-FOR-US: Snow Software Inventory Agent CVE-2024-1149 (Improper Verification of Cryptographic Signature vulnerability in Snow ...) NOT-FOR-US: Snow Software Inventory Agent CVE-2024-0965 (The Simple Page Access Restriction plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-0242 (Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior ...) NOT-FOR-US: IQ Panel4 and IQ4 Hub panel software CVE-2023-7169 (Authentication Bypass by Spoofing vulnerability in Snow Software Snow ...) NOT-FOR-US: Snow Software Snow Inventory Agent CVE-2023-6519 (Exposure of Data Element to Wrong Session vulnerability in Mia Technol ...) NOT-FOR-US: Mia Technology Inc. MIA-MED CVE-2023-6518 (Plaintext Storage of a Password vulnerability in Mia Technology Inc. M ...) NOT-FOR-US: Mia Technology Inc. MIA-MED CVE-2023-6517 (Exposure of Sensitive Information Due to Incompatible Policies vulnera ...) NOT-FOR-US: Mia Technology Inc. MIA-MED CVE-2023-6515 (Authorization Bypass Through User-Controlled Key vulnerability in Mia ...) NOT-FOR-US: Mia Technology Inc. MIA-MED CVE-2023-50061 (PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable t ...) NOT-FOR-US: PrestaShop module CVE-2023-47020 (Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Ha ...) NOT-FOR-US: NCR Terminal Handler CVE-2023-42282 (The ip package before 1.1.9 for Node.js might allow SSRF because some ...) - node-ip 2.0.1+~1.1.3-1 (bug #1063535) [bookworm] - node-ip (Minor issue) [bullseye] - node-ip (Minor issue) [buster] - node-ip (Minor issue) NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/ NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html NOTE: https://github.com/indutny/node-ip/issues/136 NOTE: https://github.com/indutny/node-ip/issues/144 CVE-2024-0985 (Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in Postg ...) {DSA-5623-1 DSA-5622-1 DLA-3764-1} - postgresql-16 16.2-1 - postgresql-15 - postgresql-13 - postgresql-11 NOTE: https://github.com/google/security-research/security/advisories/GHSA-9984-7hcf-v553 NOTE: https://www.postgresql.org/support/security/CVE-2024-0985/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d6a61cb3bef3c8fbc35c2a6182e75a8c1d351e41 (REL_16_2) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f2fdea198b3d0ab30b9e8478a762488ecebabd88 (REL_15_6) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d541ce3b6f0582723150f45d52eab119985d3c19 (REL_13_14) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2699fc035a75d0774c1f013e9320882287f78adb (REL_12_18) NOTE: Commits have wrong CVE mentioned but the correct one is CVE-2024-0985 CVE-2024-25148 (In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, ...) NOT-FOR-US: Liferay Portal CVE-2024-25146 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, an ...) NOT-FOR-US: Liferay Portal CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older ...) NOT-FOR-US: Liferay Portal CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynchronous ...) {DSA-5638-1 DLA-3752-1} - libuv1 1.48.0-1 (bug #1063484) NOTE: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 NOTE: Introduced by: https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de (v1.24.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 (v1.48.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 (v1.48.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 (v1.48.0) CVE-2024-24350 (File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and be ...) NOT-FOR-US: Software Publico e-Sic Livre CVE-2024-24216 (Zentao v18.0 to v18.10 was discovered to contain a remote code executi ...) NOT-FOR-US: Zentao CVE-2024-24202 (An arbitrary file upload vulnerability in /upgrade/control.php of ZenT ...) NOT-FOR-US: Zentao CVE-2024-24091 (Yealink Meeting Server before v26.0.0.66 was discovered to contain an ...) NOT-FOR-US: Yealink Meeting Server CVE-2024-24026 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...) NOT-FOR-US: Novel-Plus CVE-2024-24025 (An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 ...) NOT-FOR-US: Novel-Plus CVE-2024-24024 (An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-R ...) NOT-FOR-US: Novel-Plus CVE-2024-24023 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24021 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24018 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24017 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) NOT-FOR-US: jshERP CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR level, a ...) NOT-FOR-US: Elastic CVE-2024-22394 (An improper authentication vulnerability has been identified in SonicW ...) NOT-FOR-US: SonicWall CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.6 ...) NOT-FOR-US: Axigen WebMail CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsup ...) NOT-FOR-US: Liferay Portal CVE-2024-1312 (A use-after-free flaw was found in the Linux kernel's Memory Managemen ...) - linux 6.4.11-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/657b5146955eba331e01b9a6ae89ce2e716ba306 (6.5-rc4) CVE-2024-1300 (A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in ...) NOT-FOR-US: Eclipse Vertx CVE-2024-1066 (An issue has been discovered in GitLab EE affecting all versions from ...) - gitlab 16.6.7-1 NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#resource-exhaustion-using-graphql-vulnerabilitiescountbyday CVE-2023-6386 [ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax] - gitlab 16.6.7-1 NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#redos-in-ci/cd-pipeline-editor-while-verifying-pipeline-syntax CVE-2023-6840 (An issue has been discovered in GitLab EE affecting all versions from ...) - gitlab 16.6.7-1 NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#project-maintainers-can-bypass-groups-scan-result-policy-block_branch_modification-setting CVE-2024-1250 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Only affects 16.8.y) NOTE: https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/#restrict-group-access-token-creation-for-custom-roles CVE-2024-25201 (Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bou ...) NOT-FOR-US: Espruino CVE-2024-25200 (Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overf ...) NOT-FOR-US: Espruino CVE-2024-25145 (Stored cross-site scripting (XSS) vulnerability in the Portal Search m ...) NOT-FOR-US: Liferay Portal CVE-2024-25143 (The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, a ...) NOT-FOR-US: Liferay Portal CVE-2024-24824 (Graylog is a free and open log management platform. Starting in versio ...) - graylog2 (bug #652273) CVE-2024-24823 (Graylog is a free and open log management platform. Starting in versio ...) - graylog2 (bug #652273) CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...) NOT-FOR-US: Pimcore's Admin Classic Bundle CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76 NOTE: https://github.com/ckeditor/ckeditor4/commit/7518202f0f228ee5549a36ecb7cb880b06ea5add (4.24.0-lts) CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm NOTE: https://github.com/ckeditor/ckeditor4/commit/889315aa89de1d08f320990367ef4559551fdf9f (4.24.0-lts) CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and ...) NOT-FOR-US: Frappe Framework CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...) NOT-FOR-US: SQLAlchemyDA CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...) NOT-FOR-US: Open Forms CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...) NOT-FOR-US: WordPress plugin CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2024-24488 (An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allo ...) NOT-FOR-US: Shenzen Tenda Technology CVE-2024-24311 (Path Traversal vulnerability in Linea Grafica "Multilingual and Multis ...) NOT-FOR-US: PrestaShop module CVE-2024-24304 (In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before v ...) NOT-FOR-US: PrestaShop module CVE-2024-24303 (SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvance ...) NOT-FOR-US: PrestaShop module CVE-2024-24189 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-fr ...) NOT-FOR-US: jsish CVE-2024-24188 (Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src ...) NOT-FOR-US: jsish CVE-2024-24186 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overfl ...) NOT-FOR-US: jsish CVE-2024-24133 (Atmail v6.6.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Atmail CVE-2024-24131 (SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cro ...) NOT-FOR-US: SuperWebMailer CVE-2024-24130 (Mail2World v12 Business Control Center was discovered to contain a ref ...) NOT-FOR-US: Mail2World v12 Business Control Center CVE-2024-23806 (Sensitive data can be extracted from HID iCLASS SE reader configuratio ...) NOT-FOR-US: HID iCLASS SE reader configuration cards CVE-2024-23769 (Improper privilege control for the named pipe in Samsung Magician PC S ...) NOT-FOR-US: Samsung CVE-2024-22984 REJECTED CVE-2024-22012 (there is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: Android CVE-2024-20290 (A vulnerability in the OLE2 file format parser of ClamAV could allow a ...) - clamav 1.0.5+dfsg-1 (bug #1063479) [bookworm] - clamav (clamav is updated via -updates) [bullseye] - clamav (Vulnerable code not present) [buster] - clamav (Vulnerable code not present) NOTE: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html CVE-2024-20328 (A vulnerability in the VirusEvent feature of ClamAV could allow a loca ...) - clamav 1.0.5+dfsg-1 (bug #1063479) [bookworm] - clamav (clamav is updated via -updates) [bullseye] - clamav (Vulnerable code not present) [buster] - clamav (Vulnerable code not present) NOTE: https://blog.clamav.net/2023/11/clamav-130-122-105-released.html CVE-2024-20255 (A vulnerability in the SOAP API of Cisco Expressway Series and Cisco T ...) NOT-FOR-US: Cisco CVE-2024-20254 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) NOT-FOR-US: Cisco CVE-2024-20252 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) NOT-FOR-US: Cisco CVE-2024-1118 (The Podlove Subscribe button plugin for WordPress is vulnerable to UNI ...) NOT-FOR-US: WordPress plugin CVE-2024-1110 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-1109 (The Podlove Podcast Publisher plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2023-47700 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...) NOT-FOR-US: IBM CVE-2023-46914 (SQL Injection vulnerability in RM bookingcalendar module for PrestaSho ...) NOT-FOR-US: PrestaShop module CVE-2023-43017 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a pri ...) NOT-FOR-US: IBM CVE-2023-38995 (An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the ...) NOT-FOR-US: SCHUHFRIED CVE-2023-38369 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does n ...) NOT-FOR-US: IBM CVE-2023-32330 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure cal ...) NOT-FOR-US: IBM CVE-2023-32328 (IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure pro ...) NOT-FOR-US: IBM CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a WDKTestCe ...) NOT-FOR-US: RustDesk CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible via a ma ...) NOT-FOR-US: JetBrains Toolbox App CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...) - intellij-idea (bug #747616) CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...) - intellij-idea (bug #747616) CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...) NOT-FOR-US: JetBrains Rider CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24937 (In JetBrains TeamCity before 2023.11.2 stored XSS via agent distributi ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24936 (In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifa ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-24810 (WiX toolset lets developers create installers for Windows Installer, t ...) NOT-FOR-US: WiX toolset CVE-2024-24594 (A cross-site scripting (XSS) vulnerability in all versions of the web ...) NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all versions up t ...) NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24592 (Lack of authentication in all versions of the fileserver component of ...) NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24591 (A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the clie ...) NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24590 (Deserialization of untrusted data can occur in versions 0.17.0 to 1.14 ...) NOT-FOR-US: Allegro AI's ClearML platform CVE-2024-24291 (An issue in the component /member/index/login of yzmcms v7.0 allows at ...) NOT-FOR-US: yzmcms CVE-2024-24255 (A Race Condition discovered in geofence.cpp and mission_feasibility_ch ...) NOT-FOR-US: PX4 Autopilot CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mec ...) NOT-FOR-US: PX4 Autopilot CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24013 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...) NOT-FOR-US: Novel-Plus CVE-2024-24004 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) NOT-FOR-US: jshERP CVE-2024-24002 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...) NOT-FOR-US: jshERP CVE-2024-24001 (jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.contro ...) NOT-FOR-US: jshERP CVE-2024-24000 (jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/sy ...) NOT-FOR-US: jshERP CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass leading t ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-23673 (Malicious code execution via path traversal in Apache Software Foundat ...) NOT-FOR-US: Apache Sling Servlets Resolver CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector when us ...) NOT-FOR-US: Elastic Network Drive Connector CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection Engine Searc ...) - kibana (bug #700337) CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers t ...) NOT-FOR-US: Dronetag Drone Scanner CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to imper ...) NOT-FOR-US: OpenDroneID OSM CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5. ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attack ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2024-22388 (Certain configuration available in the communication channel for encod ...) NOT-FOR-US: HID Global iCLASS SE CP1000 Encoder CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, ...) NOT-FOR-US: IBM CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) NOT-FOR-US: VMware CVE-2024-22240 (Aria Operations for Networks contains a local file read vulnerability. ...) NOT-FOR-US: VMware CVE-2024-22239 (Aria Operations for Networks contains a local privilege escalation vul ...) NOT-FOR-US: VMware CVE-2024-22238 (Aria Operations for Networks contains a cross site scripting vulnerabi ...) NOT-FOR-US: VMware CVE-2024-22237 (Aria Operations for Networks contains a local privilege escalation vul ...) NOT-FOR-US: VMware CVE-2024-22022 (Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user ...) NOT-FOR-US: Veeam CVE-2024-22021 (VulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator user wi ...) NOT-FOR-US: Veeam CVE-2024-1269 (A vulnerability has been found in SourceCodester Product Management Sy ...) NOT-FOR-US: SourceCodester Product Management System CVE-2024-1268 (A vulnerability, which was classified as critical, was found in CodeAs ...) NOT-FOR-US: CodeAstro Restaurant POS System CVE-2024-1267 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: CodeAstro Restaurant POS System CVE-2024-1266 (A vulnerability classified as problematic was found in CodeAstro Unive ...) NOT-FOR-US: CodeAstro University Management System CVE-2024-1265 (A vulnerability classified as problematic has been found in CodeAstro ...) NOT-FOR-US: CodeAstro University Management System CVE-2024-1264 (A vulnerability has been found in Juanpao JPShop up to 1.5.02 and clas ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1263 (A vulnerability, which was classified as critical, was found in Juanpa ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1262 (A vulnerability, which was classified as critical, has been found in J ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1261 (A vulnerability classified as critical was found in Juanpao JPShop up ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1260 (A vulnerability classified as critical has been found in Juanpao JPSho ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1259 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1258 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been ...) NOT-FOR-US: Juanpao JPShop CVE-2024-1257 (A vulnerability was found in Jspxcms 10.2.0. It has been classified as ...) NOT-FOR-US: Jspxcms CVE-2024-1256 (A vulnerability was found in Jspxcms 10.2.0 and classified as problema ...) NOT-FOR-US: Jspxcms CVE-2024-1255 (A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0 ...) NOT-FOR-US: SepidzDigitalMenu CVE-2024-1254 (A vulnerability, which was classified as critical, was found in Byzoro ...) NOT-FOR-US: Beijing Baichuo Smart S20 Management Platform CVE-2024-1253 (A vulnerability, which was classified as critical, has been found in B ...) NOT-FOR-US: Beijing Baichuo Smart S40 Management Platform CVE-2024-1252 (A vulnerability classified as critical was found in Tongda OA 2017 up ...) NOT-FOR-US: Tongda CVE-2024-1251 (A vulnerability classified as critical has been found in Tongda OA 201 ...) NOT-FOR-US: Tongda CVE-2024-1079 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized acce ...) NOT-FOR-US: WordPress plugin CVE-2024-1078 (The Quiz Maker plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: WordPress plugin CVE-2024-1055 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) NOT-FOR-US: WordPress plugin CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical & Hori ...) NOT-FOR-US: WordPress plugin CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated, low-privi ...) NOT-FOR-US: Nessus CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated, remote attac ...) NOT-FOR-US: Nessur CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files. This is ...) NOT-FOR-US: Leanote CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Sid ...) NOT-FOR-US: WordPress plugin CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-6388 (Suite CRM version 7.14.2 allows making arbitrary HTTP requests through ...) NOT-FOR-US: Suite CRM CVE-2023-5584 REJECTED CVE-2023-50395 (SQL Injection Remote Code Execution Vulnerability was found using an u ...) NOT-FOR-US: SolarWinds CVE-2023-47618 (A post authentication command execution vulnerability exists in the we ...) NOT-FOR-US: Tp-Link CVE-2023-47617 (A post authentication command injection vulnerability exists when conf ...) NOT-FOR-US: Tp-Link CVE-2023-47209 (A post authentication command injection vulnerability exists in the ip ...) NOT-FOR-US: Tp-Link CVE-2023-47167 (A post authentication command injection vulnerability exists in the GR ...) NOT-FOR-US: Tp-Link CVE-2023-46683 (A post authentication command injection vulnerability exists when con ...) NOT-FOR-US: Tp-Link CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) NOT-FOR-US: IBM CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device may be ab ...) NOT-FOR-US: Westermo Lynx CVE-2023-45227 (An attacker with access to the web application with vulnerable softwar ...) NOT-FOR-US: Westermo Lynx CVE-2023-45222 (An attacker with access to the web application that has the vulnerable ...) NOT-FOR-US: Westermo Lynx CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device would be ...) NOT-FOR-US: Westermo Lynx CVE-2023-43482 (A command execution vulnerability exists in the guest resource functio ...) NOT-FOR-US: Tp-Link CVE-2023-42765 (An attacker with access to the vulnerable software could introduce arb ...) NOT-FOR-US: Westermo Lynx CVE-2023-42664 (A post authentication command injection vulnerability exists when sett ...) NOT-FOR-US: Tp-Link CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using client_secret_jwt ...) NOT-FOR-US: Ping Identity PingFederate CVE-2023-40544 (An attacker with access to the network where the affected devices are ...) NOT-FOR-US: Westermo Lynx CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 b ...) NOT-FOR-US: Axigen CVE-2023-40143 (An attacker with access to the Westermo Lynx web application that has ...) NOT-FOR-US: Westermo Lynx CVE-2023-38579 (The cross-site request forgery token in the request may be predictable ...) NOT-FOR-US: Westermo Lynx CVE-2023-36498 (A post-authentication command injection vulnerability exists in the PP ...) NOT-FOR-US: Tp-Link CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found using a cr ...) NOT-FOR-US: SolarWinds CVE-2024-1271 [privileges escalation from root to domain admin] - freeipa (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2263012#c2 NOTE: Not considered a security issue by FreeIPA team CVE-2024-24577 (libgit2 is a portable C implementation of the Git core methods provide ...) {DSA-5619-1 DLA-3742-1} - libgit2 1.7.2+ds-1 (bug #1063416) NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 NOTE: Fixed by: https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3 (v1.6.5) NOTE: Fixed by: https://github.com/libgit2/libgit2/commit/487af0cf6687dc48b0a960fa2f39894e2d84d77b (v1.7.2) CVE-2024-24575 (libgit2 is a portable C implementation of the Git core methods provide ...) - libgit2 1.7.2+ds-1 (bug #1063415) [bookworm] - libgit2 1.5.1+ds-1+deb12u1 [bullseye] - libgit2 (Vulnerable code introduced later) [buster] - libgit2 (Vulnerable code introduced later) NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v NOTE: Introduced by: https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa (v1.4.0) NOTE: Fixed by: https://github.com/libgit2/libgit2/commit/c9d31b711e8906cf248566f43142f20b03e20cbf (v1.6.5) NOTE: Fixed by: https://github.com/libgit2/libgit2/commit/7f6f3dff9c41f3be7598693aa3c716c8354fba7f (v1.7.2) CVE-2024-1284 (Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowe ...) {DSA-5617-1} - chromium 121.0.6167.160-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1283 (Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 ...) {DSA-5617-1} - chromium 121.0.6167.160-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-24680 (An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10 ...) - python-django 3:4.2.10-1 [bookworm] - python-django (Minor issue, fix along in future update) [bullseye] - python-django (Minor issue, fix along in future update) [buster] - python-django (Minor issue, fix along in future update) NOTE: https://www.openwall.com/lists/oss-security/2024/02/06/2 NOTE: https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ NOTE: https://github.com/django/django/commit/55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9 (main) NOTE: https://github.com/django/django/commit/16a8fe18a3b81250f4fa57e3f93f0599dc4895bc (5.0.2) NOTE: https://github.com/django/django/commit/572ea07e84b38ea8de0551f4b4eda685d91d09d2 (4.2.10) NOTE: https://github.com/django/django/commit/c1171ffbd570db90ca206c30f8e2b9f691243820 (3.2.24) CVE-2024-1048 (A flaw was found in the grub2-set-bootflag utility of grub2. After the ...) - grub2 (Red Hat-specific extension) NOTE: https://www.openwall.com/lists/oss-security/2024/02/06/3 CVE-2024-24808 (pyLoad is an open-source Download Manager written in pure Python. Ther ...) - pyload (bug #1001980) CVE-2024-24807 (Sulu is a highly extensible open-source PHP content management system ...) NOT-FOR-US: Sulu CVE-2024-24595 (Allegro AI\u2019s open-source version of ClearML stores passwords in p ...) NOT-FOR-US: Allegro AI open-source version of ClearML CVE-2024-24574 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-24559 (Vyper is a Pythonic Smart Contract Language for the EVM. There is an e ...) NOT-FOR-US: Vyper CVE-2024-24543 (Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC ...) NOT-FOR-US: Tenda CVE-2024-24398 (Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashbo ...) NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS CVE-2024-24112 (xmall v1.1 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: Exrick xmall CVE-2024-23304 (Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthentica ...) NOT-FOR-US: Cybozu KUNAI for Android CVE-2024-23049 (An issue in symphony v.3.6.3 and before allows a remote attacker to ex ...) NOT-FOR-US: symphony forum software CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password fo ...) NOT-FOR-US: D-LINK CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...) NOT-FOR-US: D-LINK CVE-2024-22773 (Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 ...) NOT-FOR-US: Intelbras Roteador ACtion RF 1200 CVE-2024-22208 (phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-20828 (Improper authorization verification vulnerability in Samsung Internet ...) NOT-FOR-US: Samsung CVE-2024-20827 (Improper access control vulnerability in Samsung Gallery prior to vers ...) NOT-FOR-US: Samsung CVE-2024-20826 (Implicit intent hijacking vulnerability in UPHelper library prior to v ...) NOT-FOR-US: Samsung CVE-2024-20825 (Implicit intent hijacking vulnerability in IAP of Galaxy Store prior t ...) NOT-FOR-US: Samsung CVE-2024-20824 (Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store ...) NOT-FOR-US: Samsung CVE-2024-20823 (Implicit intent hijacking vulnerability in SamsungAccount of Galaxy St ...) NOT-FOR-US: Samsung CVE-2024-20822 (Implicit intent hijacking vulnerability in AccountActivity of Galaxy S ...) NOT-FOR-US: Samsung CVE-2024-20820 (Improper input validation in bootloader prior to SMR Feb-2024 Release ...) NOT-FOR-US: Samsung CVE-2024-20819 (Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc. ...) NOT-FOR-US: Samsung CVE-2024-20818 (Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so ...) NOT-FOR-US: Samsung CVE-2024-20817 (Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so ...) NOT-FOR-US: Samsung CVE-2024-20816 (Improper authentication vulnerability in onCharacteristicWriteRequest ...) NOT-FOR-US: Samsung CVE-2024-20815 (Improper authentication vulnerability in onCharacteristicReadRequest i ...) NOT-FOR-US: Samsung CVE-2024-20814 (Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to ...) NOT-FOR-US: Samsung CVE-2024-20813 (Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2 ...) NOT-FOR-US: Samsung CVE-2024-20812 (Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2 ...) NOT-FOR-US: Samsung CVE-2024-20811 (Improper caller verification in GameOptimizer prior to SMR Feb-2024 Re ...) NOT-FOR-US: Samsung CVE-2024-20810 (Implicit intent hijacking vulnerability in Smart Suggestions prior to ...) NOT-FOR-US: Samsung CVE-2024-1210 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: WordPress plugin CVE-2024-1209 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: WordPress plugin CVE-2024-1208 (The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: WordPress plugin CVE-2024-1177 (The WP Club Manager \u2013 WordPress Sports Club Plugin plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2024-1121 (The Advanced Forms for ACF plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-1092 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2024-1075 (The Minimal Coming Soon \u2013 Coming Soon Page plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2024-1072 (The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Bui ...) NOT-FOR-US: WordPress plugin CVE-2024-1052 (Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable ...) NOT-FOR-US: Hashicorp Boundary CVE-2024-1046 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-0969 (The ARMember plugin for WordPress is vulnerable to Sensitive Informati ...) NOT-FOR-US: WordPress plugin CVE-2024-0964 (A local file include could be remotely triggered in Gradio due to a vu ...) NOT-FOR-US: Gradio CVE-2024-0961 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-0954 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-0869 (The Instant Images \u2013 One Click Image Uploads from Unsplash, Openv ...) NOT-FOR-US: WordPress plugin CVE-2024-0859 (The Affiliates Manager plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-0835 (The Royal Elementor Kit theme for WordPress is vulnerable to unauthori ...) NOT-FOR-US: WordPress plugin CVE-2024-0834 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-0823 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-0797 (The Active Products Tables for WooCommerce. Professional products tabl ...) NOT-FOR-US: WordPress plugin CVE-2024-0796 (The Active Products Tables for WooCommerce. Professional products tabl ...) NOT-FOR-US: WordPress plugin CVE-2024-0791 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional p ...) NOT-FOR-US: WordPress plugin CVE-2024-0790 (The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional p ...) NOT-FOR-US: WordPress plugin CVE-2024-0761 (The File Manager plugin for WordPress is vulnerable to Sensitive Infor ...) NOT-FOR-US: WordPress plugin CVE-2024-0709 (The Cryptocurrency Widgets \u2013 Price Ticker & Coins List plugin for ...) NOT-FOR-US: WordPress plugin CVE-2024-0701 (The UserPro plugin for WordPress is vulnerable to Security Feature Byp ...) NOT-FOR-US: WordPress plugin CVE-2024-0699 (The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugi ...) NOT-FOR-US: WordPress plugin CVE-2024-0691 (The FileBird plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-0678 (The Order Delivery Date for WP e-Commerce plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-0668 (The Advanced Database Cleaner plugin for WordPress is vulnerable to PH ...) NOT-FOR-US: WordPress plugin CVE-2024-0660 (The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calcu ...) NOT-FOR-US: WordPress plugin CVE-2024-0659 (The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0630 (The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2024-0612 (The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Block ...) NOT-FOR-US: WordPress plugin CVE-2024-0597 (The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0586 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-0585 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2024-0509 (The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-0508 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0448 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-0428 (The Index Now plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2024-0384 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-0382 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-0380 (The WP Recipe Maker plugin for WordPress is vulnerable to Directory Tr ...) NOT-FOR-US: WordPress plugin CVE-2024-0374 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...) NOT-FOR-US: WordPress plugin CVE-2024-0373 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...) NOT-FOR-US: WordPress plugin CVE-2024-0372 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...) NOT-FOR-US: WordPress plugin CVE-2024-0371 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...) NOT-FOR-US: WordPress plugin CVE-2024-0370 (The Views for WPForms \u2013 Display & Edit WPForms Entries on your si ...) NOT-FOR-US: WordPress plugin CVE-2024-0366 (The Starbox \u2013 the Author Box for Humans plugin for WordPress is v ...) NOT-FOR-US: WordPress plugin CVE-2024-0324 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...) NOT-FOR-US: WordPress plugin CVE-2024-0255 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-0254 (The (Simply) Guest Author Name plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2024-0244 (Buffer overflow in CPCA PCFAX number process of Office Multifunction P ...) NOT-FOR-US: CPCA PCFAX CVE-2024-0221 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-0202 (A security vulnerability has been identified in the cryptlib cryptogra ...) NOT-FOR-US: cryptlib CVE-2023-7029 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-7014 (The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molo ...) NOT-FOR-US: WordPress plugin CVE-2023-6996 (The Display custom fields in the frontend \u2013 Post and User Profile ...) NOT-FOR-US: WordPress plugin CVE-2023-6989 (The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention S ...) NOT-FOR-US: WordPress plugin CVE-2023-6985 (The 10Web AI Assistant \u2013 AI content writing assistant plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-6983 (The Display custom fields in the frontend \u2013 Post and User Profile ...) NOT-FOR-US: WordPress plugin CVE-2023-6982 (The Display custom fields in the frontend \u2013 Post and User Profile ...) NOT-FOR-US: WordPress plugin CVE-2023-6963 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-6959 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-6953 (The PDF Generator For Fluent Forms \u2013 The Contact Form Plugin plug ...) NOT-FOR-US: WordPress plugin CVE-2023-6933 (The Better Search Replace plugin for WordPress is vulnerable to PHP Ob ...) NOT-FOR-US: WordPress plugin CVE-2023-6925 (The Unlimited Addons for WPBakery Page Builder plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-6884 (This plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2023-6846 (The File Manager Pro plugin for WordPress is vulnerable to Arbitrary F ...) NOT-FOR-US: WordPress plugin CVE-2023-6808 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-6807 (The GeneratePress Premium plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-6701 (The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6700 (The Cookie Information | Free GDPR Consent Solution plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6635 (The EditorsKit plugin for WordPress is vulnerable to arbitrary file up ...) NOT-FOR-US: WordPress plugin CVE-2023-6557 (The The Events Calendar plugin for WordPress is vulnerable to Sensitiv ...) NOT-FOR-US: WordPress plugin CVE-2023-6526 (The Meta Box \u2013 WordPress Custom Fields Framework plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-6234 (Buffer overflow in CPCA Color LUT Resource Download process of Office ...) NOT-FOR-US: Canon CVE-2023-6233 (Buffer overflow in SLP attribute request process of Office Multifuncti ...) NOT-FOR-US: Canon CVE-2023-6232 (Buffer overflow in the Address Book username process in authentication ...) NOT-FOR-US: Canon CVE-2023-6231 (Buffer overflow in WSD probe request process of Office Multifunction P ...) NOT-FOR-US: Canon CVE-2023-6230 (Buffer overflow in the Address Book password process in authentication ...) NOT-FOR-US: Canon CVE-2023-6229 (Buffer overflow in CPCA PDL Resource Download process of Office Multif ...) NOT-FOR-US: Canon CVE-2023-52239 (The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE att ...) NOT-FOR-US: Magic xpi Integration Platform CVE-2023-51951 (SQL Injection vulnerability in Stock Management System 1.0 allows a re ...) NOT-FOR-US: Stock Management System CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes ...) NOT-FOR-US: Android application BINHDRM26 com.bdrm.superreboot CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) ...) NOT-FOR-US: Super Reboot (Root) Recovery CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService componen ...) NOT-FOR-US: com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO CVE-2023-47022 (Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allow ...) NOT-FOR-US: NCR Terminal Handler CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable ...) NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2 eCharge Lade ...) NOT-FOR-US: WordPress plugin CVE-2023-43536 (Transient DOS while parse fils IE with length equal to 1.) NOT-FOR-US: Qualcomm CVE-2023-43535 (Memory corruption when negative display IDs are sent as input while pr ...) NOT-FOR-US: Qualcomm CVE-2023-43534 (Memory corruption while validating the TID to Link Mapping action requ ...) NOT-FOR-US: Qualcomm CVE-2023-43533 (Transient DOS in WLAN Firmware when the length of received beacon is l ...) NOT-FOR-US: Qualcomm CVE-2023-43532 (Memory corruption while reading ACPI config through the user mode app.) NOT-FOR-US: Qualcomm CVE-2023-43523 (Transient DOS while processing 11AZ RTT management action frame receiv ...) NOT-FOR-US: Qualcomm CVE-2023-43522 (Transient DOS while key unwrapping process, when the given encrypted k ...) NOT-FOR-US: Qualcomm CVE-2023-43520 (Memory corruption when AP includes TID to link mapping IE in the beaco ...) NOT-FOR-US: Qualcomm CVE-2023-43519 (Memory corruption in video while parsing the Videoinfo, when the size ...) NOT-FOR-US: Qualcomm CVE-2023-43518 (Memory corruption in video while parsing invalid mp2 clip.) NOT-FOR-US: Qualcomm CVE-2023-43517 (Memory corruption in Automotive Multimedia due to improper access cont ...) NOT-FOR-US: Qualcomm CVE-2023-43516 (Memory corruption when malformed message payload is received from firm ...) NOT-FOR-US: Qualcomm CVE-2023-43513 (Memory corruption while processing the event ring, the context read po ...) NOT-FOR-US: Qualcomm CVE-2023-34042 (The spring-security.xsd file inside the spring-security-config jar is ...) NOT-FOR-US: spring-security-config CVE-2023-33077 (Memory corruption in HLOS while converting from authorization token to ...) NOT-FOR-US: Qualcomm CVE-2023-33076 (Memory corruption in Core when updating rollback version for TA and OT ...) NOT-FOR-US: Qualcomm CVE-2023-33072 (Memory corruption in Core while processing control functions.) NOT-FOR-US: Qualcomm CVE-2023-33069 (Memory corruption in Audio while processing the calibration data retur ...) NOT-FOR-US: Qualcomm CVE-2023-33068 (Memory corruption in Audio while processing IIR config data from AFE c ...) NOT-FOR-US: Qualcomm CVE-2023-33067 (Memory corruption in Audio while calling START command on host voice P ...) NOT-FOR-US: Qualcomm CVE-2023-33065 (Information disclosure in Audio while accessing AVCS services from ADS ...) NOT-FOR-US: Qualcomm CVE-2023-33064 (Transient DOS in Audio when invoking callback function of ASM driver.) NOT-FOR-US: Qualcomm CVE-2023-33060 (Transient DOS in Core when DDR memory check is called while DDR is not ...) NOT-FOR-US: Qualcomm CVE-2023-33058 (Information disclosure in Modem while processing SIB5.) NOT-FOR-US: Qualcomm CVE-2023-33057 (Transient DOS in Multi-Mode Call Processor while processing UE policy ...) NOT-FOR-US: Qualcomm CVE-2023-33049 (Transient DOS in Multi-Mode Call Processor due to UE failure because o ...) NOT-FOR-US: Qualcomm CVE-2023-33046 (Memory corruption in Trusted Execution Environment while deinitializin ...) NOT-FOR-US: Qualcomm CVE-2023-32479 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...) NOT-FOR-US: Dell CVE-2023-32474 (Dell Display Manager application, version 2.1.1.17 and prior, contain ...) NOT-FOR-US: Dell CVE-2023-32454 (DUP framework version 4.9.4.36 and prior contains insecure operation o ...) NOT-FOR-US: Dell CVE-2023-32451 (Dell Display Manager application, version 2.1.1.17, contains a vulnera ...) NOT-FOR-US: Dell CVE-2024-24768 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-24762 (`python-multipart` is a streaming multipart parser for Python. When us ...) - python-multipart 0.0.9-1 (bug #1063538) [bookworm] - python-multipart (Minor issue) [bullseye] - python-multipart (Minor issue) NOTE: Original report at fastapi: https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 NOTE: But the fix is within python-multipart: NOTE: https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4 (0.0.7) NOTE: https://github.com/Kludex/python-multipart/pull/75 CVE-2024-24469 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...) NOT-FOR-US: flusity-CMS CVE-2024-24468 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...) NOT-FOR-US: flusity-CMS CVE-2024-24397 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...) NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS CVE-2024-24396 (Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashb ...) NOT-FOR-US: Stimulsoft GmbH Stimulsoft Dashboard.JS CVE-2024-24267 (gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob ...) - gpac (bug #1068462) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md CVE-2024-24266 (gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerabi ...) - gpac (bug #1068462) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md CVE-2024-24265 (gpac v2.2.1 was discovered to contain a memory leak via the dst_props ...) - gpac (bug #1068462) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md CVE-2024-24263 (Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF ...) NOT-FOR-US: Lotos WebServer CVE-2024-24262 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...) NOT-FOR-US: media-server CVE-2024-24260 (media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) v ...) NOT-FOR-US: media-server CVE-2024-24259 (freeglut through 3.4.0 was discovered to contain a memory leak via the ...) - freeglut (bug #1063801) [bookworm] - freeglut (Minor issue) [bullseye] - freeglut (Minor issue) [buster] - freeglut (Minor issue) NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md NOTE: https://github.com/freeglut/freeglut/pull/155 NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57 CVE-2024-24258 (freeglut 3.4.0 was discovered to contain a memory leak via the menuEnt ...) - freeglut (bug #1063801) [bookworm] - freeglut (Minor issue) [bullseye] - freeglut (Minor issue) [buster] - freeglut (Minor issue) NOTE: https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md NOTE: https://github.com/freeglut/freeglut/pull/155 NOTE: Fixed by: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57 CVE-2024-23109 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: FortiGuard CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: FortiGuard CVE-2024-23054 (An issue in Plone Docker Official Image 5.2.13 (5221) open-source soft ...) NOT-FOR-US: official Plone Docker image CVE-2024-22567 (File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arb ...) NOT-FOR-US: MCMS CVE-2024-22202 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-1225 (A vulnerability classified as critical was found in QiboSoft QiboCMS X ...) NOT-FOR-US: QiboSoft QiboCMS X1 CVE-2024-0953 (When a user scans a QR Code with the QR Code Scanner feature, the user ...) - firefox (Only affects Firefox for iOS) CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R ...) NOT-FOR-US: B&R Industrial Automation Automation Runtime (SDM modules) CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...) NOTE: Disputed cpio issue, probably going to be rejected NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2249901 NOTE: Upstream considers it normal behavior: NOTE: https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attac ...) NOT-FOR-US: Ember ZNet CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...) NOT-FOR-US: B&R Automation Runtime CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver ...) NOT-FOR-US: Arm CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...) {DSA-5625-1 DLA-3741-1} - engrampa 1.26.2-1 (bug #1063494) NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v NOTE: https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970 CVE-2023-47355 (The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Rebo ...) NOT-FOR-US: com.eypcnnapps.quickreboot application CVE-2021-4436 (The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any aut ...) NOT-FOR-US: WordPress plugin CVE-2024-0406 (A flaw was discovered in the mholt/archiver package. This flaw allows ...) NOT-FOR-US: mholt/archiver Go package CVE-2024-25089 (Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows r ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control CVE-2024-24870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24865 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24864 (A race condition was found in the Linux kernel's media/dvb-core in dvb ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8178 CVE-2024-24861 (A race condition was found in the Linux kernel's media/xc4000 device d ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8150 NOTE: https://git.kernel.org/linus/36d503ad547d1c75758a6fcdbec2806f1b6aeb41 CVE-2024-24860 (A race condition was found in the Linux kernel's bluetooth device driv ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8151 NOTE: https://git.kernel.org/linus/da9065caa594d19b26e1a030fd0cc27bd365d685 (6.8-rc1) CVE-2024-24859 (A race condition was found in the Linux kernel's net/bluetooth in snif ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 CVE-2024-24858 (A race condition was found in the Linux kernel's net/bluetooth in {con ...) {DSA-5681-1 DSA-5658-1} - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 NOTE: https://git.kernel.org/linus/7835fcfd132eb88b87e8eb901f88436f63ab60f7 (6.9-rc3) CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth device ...) {DSA-5681-1 DSA-5658-1} - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 NOTE: https://git.kernel.org/linus/7835fcfd132eb88b87e8eb901f88436f63ab60f7 (6.9-rc3) CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device driver in ...) - linux 6.5.3-1 NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8149 NOTE: https://git.kernel.org/linus/0e881c0a4b6146b7e856735226208f48251facd8 (6.5-rc2) CVE-2024-24848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-24838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23196 (A race condition was found in the Linux kernel's sound/hda device dri ...) - linux 6.4.13-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.197-1 NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8148 NOTE: https://git.kernel.org/linus/1f4a08fed450db87fbb5ff5105354158bdbe1a22 (6.5-rc1) CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because did_set_ ...) - vim 2:9.0.2189-1 [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue) NOTE: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 (v9.0.2142) NOTE: https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8147 CVE-2024-20016 (In ged, there is a possible out of bounds write due to an integer over ...) NOT-FOR-US: MediaTek CVE-2024-20015 (In telephony, there is a possible escalation of privilege due to a per ...) NOT-FOR-US: MediaTek CVE-2024-20013 (In keyInstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2024-20012 (In keyInstall, there is a possible escalation of privilege due to type ...) NOT-FOR-US: MediaTek CVE-2024-20011 (In alac decoder, there is a possible information disclosure due to an ...) NOT-FOR-US: MediaTek CVE-2024-20010 (In keyInstall, there is a possible escalation of privilege due to type ...) NOT-FOR-US: MediaTek CVE-2024-20009 (In alac decoder, there is a possible out of bounds write due to an inc ...) NOT-FOR-US: MediaTek CVE-2024-20007 (In mp3 decoder, there is a possible out of bounds write due to a race ...) NOT-FOR-US: MediaTek CVE-2024-20006 (In da, there is a possible out of bounds write due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2024-20004 (In Modem NL1, there is a possible system crash due to an improper inpu ...) NOT-FOR-US: MediaTek CVE-2024-20003 (In Modem NL1, there is a possible system crash due to an improper inpu ...) NOT-FOR-US: MediaTek CVE-2024-20002 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2024-20001 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-7077 (Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554 ...) NOT-FOR-US: Sharp CVE-2023-5800 (Vintage, member of the AXIS OS Bug Bounty Program, has found that the ...) NOT-FOR-US: AXIS CVE-2023-5677 (Brandon Rothel from QED Secure Solutions has found that the VAPIX API ...) NOT-FOR-US: AXIS CVE-2023-51504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47170 REJECTED CVE-2021-46903 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...) NOT-FOR-US: Meinberg CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...) NOT-FOR-US: Meinberg CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...) [experimental] - libxml2 2.12.5+dfsg-0exp1 - libxml2 (bug #1063234) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 (v2.11.7) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970884fcc13305cb8e23cdc5f0dd7667c2c (v2.12.5) CVE-2023-6240 (A Marvin vulnerability side-channel leakage was found in the RSA decry ...) - linux NOTE: https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2250843 CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DT ...) - expat 2.6.0-1 (bug #1063240; unimportant) NOTE: https://github.com/libexpat/libexpat/pull/777 NOTE: https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 NOTE: https://github.com/libexpat/libexpat/pull/777#issuecomment-1965172301 NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined, NOTE: which is not the case for Debian. CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...) {DLA-3783-1} - expat 2.6.0-1 (bug #1063238) [bookworm] - expat (Minor issue; can be fixed via point release) [bullseye] - expat (Minor issue; can be fixed via point release) NOTE: https://github.com/libexpat/libexpat/pull/789 NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1 CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...) - ghostscript 9.53.0~dfsg-1 [buster] - ghostscript (regression introduced in version 9.50) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702229 NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?8c7bd787defa071c96289b7da9397f673fddb874 (ghostpdl-9.53.0rc1) CVE-2018-25098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmaso ...) NOT-FOR-US: blackmason credit-protocol CVE-2023-50947 (IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnera ...) NOT-FOR-US: IBM CVE-2023-33851 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...) NOT-FOR-US: IBM CVE-2019-25159 (A vulnerability was found in mpedraza2020 Intranet del Monterroso up t ...) NOT-FOR-US: mpedraza2020 Intranet del Monterroso CVE-2015-10129 (A vulnerability was found in planet-freo up to 20150116 and classified ...) NOT-FOR-US: planet-freo CVE-2024-1215 (A vulnerability was found in SourceCodester CRUD without Page Reload 1 ...) NOT-FOR-US: SourceCodester CRUD without Page Reload CVE-2024-1064 (A host header injection vulnerability in the HTTP handler component of ...) NOT-FOR-US: Crafty Controller CVE-2023-49950 (The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 ...) NOT-FOR-US: Logpoint SIEM CVE-2023-44031 (Incorrect access control in Reprise License Management Software Repris ...) NOT-FOR-US: Reprise License Management Software Reprise License Manager CVE-2023-43183 (Incorrect access control in Reprise License Management Software Repris ...) NOT-FOR-US: Reprise License Management Software Reprise License Manager CVE-2024-23553 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2024-23550 (HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user inf ...) NOT-FOR-US: HCL CVE-2024-1200 (A vulnerability was found in Jspxcms 10.2.0 and classified as problema ...) NOT-FOR-US: Jspxcms CVE-2024-1199 (A vulnerability has been found in CodeAstro Employee Task Management S ...) NOT-FOR-US: CodeAstro Employee Task Management System CVE-2024-1198 (A vulnerability, which was classified as critical, was found in openBI ...) NOT-FOR-US: openBI CVE-2024-1197 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Testimonial Page Manager CVE-2024-1196 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Testimonial Page Manager CVE-2024-1195 (A vulnerability classified as critical was found in iTop VPN up to 4.0 ...) NOT-FOR-US: iTop VPN CVE-2024-1194 (A vulnerability classified as problematic has been found in Armcode Al ...) NOT-FOR-US: Armcode AlienIP CVE-2024-1193 (A vulnerability was found in Navicat 12.0.29. It has been rated as pro ...) NOT-FOR-US: Navicat CVE-2024-0909 (The Anonymous Restricted Content plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-0895 (The PDF Flipbook, 3D Flipbook \u2013 DearFlip plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-43016 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-37531 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2023-37528 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2023-32329 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-32327 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write access) b ...) NOT-FOR-US: XenForo CVE-2024-25001 REJECTED CVE-2024-24760 (mailcow is a dockerized email package, with multiple containers linked ...) NOT-FOR-US: mailcow CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in the inst ...) NOT-FOR-US: open-irs CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows ...) NOT-FOR-US: flusity-CMS CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 ...) NOT-FOR-US: XunRuiCMS CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file ...) NOT-FOR-US: MRCMS CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /adm ...) NOT-FOR-US: MRCMS CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data ...) NOT-FOR-US: JFinalCMS CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system. When a L ...) - ledgersmb (bug #1062845) [bookworm] - ledgersmb (Minor issue) [bullseye] - ledgersmb (Minor issue) [buster] - ledgersmb (Minor issue) NOTE: https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm NOTE: https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers linked ...) NOT-FOR-US: mailcow CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...) - libowasp-antisamy-java (bug #1062846) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows ...) NOT-FOR-US: LiveConfig CVE-2024-22108 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...) NOT-FOR-US: GTB Central Console CVE-2024-22107 (An issue was discovered in GTB Central Console 15.17.1-30814.NG. The m ...) NOT-FOR-US: GTB Central Console CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health affecting ver ...) NOT-FOR-US: HDD Health CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057. It has b ...) NOT-FOR-US: South River WebDrive CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classi ...) NOT-FOR-US: Hyper CdCatalog CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classifi ...) NOT-FOR-US: Global Scape CuteFTP CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as problema ...) NOT-FOR-US: AMPPS CVE-2024-1188 (A vulnerability, which was classified as problematic, was found in Riz ...) NOT-FOR-US: Rizone Soft Notepad3 CVE-2024-1187 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Munsoft Easy Outlook Express Recovery CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft Easy Ar ...) NOT-FOR-US: Munsoft Easy Archive Recovery CVE-2024-1185 (A vulnerability classified as problematic has been found in Nsasoft NB ...) NOT-FOR-US: Nsasoft NBMonitor Network Bandwidth Monitor CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has be ...) NOT-FOR-US: Nsasoft Network Sleuth CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP affecting vers ...) NOT-FOR-US: XAMPP CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...) NOT-FOR-US: ManageEngine CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable to the ...) NOT-FOR-US: ManageEngine CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber ...) NOT-FOR-US: National Keep Cyber Security Services CyberMath CVE-2023-6675 (Unrestricted Upload of File with Dangerous Type vulnerability in Natio ...) NOT-FOR-US: National Keep Cyber Security Services CyberMath CVE-2023-6673 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: National Keep Cyber Security Services CyberMath CVE-2023-6672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: National Keep Cyber Security Services CyberMath CVE-2023-6387 (A potential buffer overflow exists in the Bluetooth LE HCI CPC sample ...) NOT-FOR-US: Silicon Labs GDSK CVE-2023-51838 (Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Crypt ...) NOT-FOR-US: Ylianst MeshCentral CVE-2023-51820 (An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows ...) NOT-FOR-US: Blurams Lumi Security Camera (A31C) CVE-2023-51072 (A stored cross-site scripting (XSS) vulnerability in the NOC component ...) NOT-FOR-US: Nagios XI CVE-2023-50488 (An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allo ...) NOT-FOR-US: Blurams Lumi Security Camera (A31C) CVE-2023-50359 (An unchecked return value vulnerability has been reported to affect se ...) NOT-FOR-US: QNAP CVE-2023-48645 (An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a l ...) NOT-FOR-US: Archibus app CVE-2023-47568 (A SQL injection vulnerability has been reported to affect several QNAP ...) NOT-FOR-US: QNAP CVE-2023-47567 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-47566 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-47564 (An incorrect permission assignment for critical resource vulnerability ...) NOT-FOR-US: QNAP CVE-2023-47562 (An OS command injection vulnerability has been reported to affect Phot ...) NOT-FOR-US: QNAP CVE-2023-47561 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2023-47148 (IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console ...) NOT-FOR-US: IBM CVE-2023-47144 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...) NOT-FOR-US: IBM CVE-2023-47143 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...) NOT-FOR-US: IBM CVE-2023-47142 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7. ...) NOT-FOR-US: IBM CVE-2023-45037 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45036 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45035 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45028 (An uncontrolled resource consumption vulnerability has been reported t ...) NOT-FOR-US: QNAP CVE-2023-45027 (A path traversal vulnerability has been reported to affect several QNA ...) NOT-FOR-US: QNAP CVE-2023-45026 (A path traversal vulnerability has been reported to affect several QNA ...) NOT-FOR-US: QNAP CVE-2023-45025 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-41292 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41283 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-41282 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-41281 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-41280 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41279 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41278 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41277 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41276 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41275 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41274 (A NULL pointer dereference vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2023-41273 (A heap-based buffer overflow vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2023-39611 (An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attac ...) NOT-FOR-US: Software FX Chart FX CVE-2023-39303 (An improper authentication vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2023-39302 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-39297 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-38273 (IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate ...) NOT-FOR-US: IBM CVE-2023-37530 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2023-37529 (A cross-site scripting (XSS) vulnerability in the Web Reports componen ...) NOT-FOR-US: HCL CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the Web Report ...) NOT-FOR-US: HCL CVE-2023-32967 (An incorrect authorization vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2024-XXXX [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow] - rust-snow 0.9.6-1 (bug #1062663) NOTE: https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0011.html CVE-2024-24945 (A stored cross-site scripting (XSS) vulnerability in Travel Journal Us ...) NOT-FOR-US: Travel Journal Using PHP and MySQL CVE-2024-24756 (Crafatar serves Minecraft avatars based on the skin for use in externa ...) NOT-FOR-US: Crafatar CVE-2024-24755 (discourse-group-membership-ip-block is a discourse plugin that adds su ...) NOT-FOR-US: discourse-group-membership-ip-block CVE-2024-24524 (Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, ...) NOT-FOR-US: flusity-CMS CVE-2024-24482 (Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversa ...) NOT-FOR-US: Aprktool CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel Journal Us ...) NOT-FOR-US: Travel Journal Using PHP and MySQL CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V10 ...) NOT-FOR-US: HOME SPOT CUBE2 CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows local Electron code injection via ...) NOT-FOR-US: Miro Desktop CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a ...) NOT-FOR-US: WuKongOpenSource WukongCRM CVE-2024-23034 (Cross Site Scripting vulnerability in the input parameter in eyoucms v ...) NOT-FOR-US: eyoucms CVE-2024-23033 (Cross Site Scripting vulnerability in the path parameter in eyoucms v. ...) NOT-FOR-US: eyoucms CVE-2024-23032 (Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 ...) NOT-FOR-US: eyoucms CVE-2024-23031 (Cross Site Scripting (XSS) vulnerability in is_water parameter in eyou ...) NOT-FOR-US: eyoucms CVE-2024-22927 (Cross Site Scripting (XSS) vulnerability in the func parameter in eyou ...) NOT-FOR-US: eyoucms CVE-2024-22903 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...) NOT-FOR-US: Vinchin Backup & Recovery CVE-2024-22902 (Vinchin Backup & Recovery v7.2 was discovered to be configured with de ...) NOT-FOR-US: Vinchin Backup & Recovery CVE-2024-22901 (Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL cre ...) NOT-FOR-US: Vinchin Backup & Recovery CVE-2024-22900 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...) NOT-FOR-US: Vinchin Backup & Recovery CVE-2024-22899 (Vinchin Backup & Recovery v7.2 was discovered to contain an authentica ...) NOT-FOR-US: Vinchin Backup & Recovery CVE-2024-22779 (Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 an ...) NOT-FOR-US: Kihron ServerRPExposer CVE-2024-22533 (Before Beetl v3.15.12, the rendering template has a server-side templa ...) NOT-FOR-US: Beetl CVE-2024-22320 (IBM Operational Decision Manager 8.10.3 could allow a remote authentic ...) NOT-FOR-US: IBM CVE-2024-22319 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11. ...) NOT-FOR-US: IBM CVE-2024-22096 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an ...) NOT-FOR-US: Rapid SCADA CVE-2024-22016 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an ...) NOT-FOR-US: Rapid SCADA CVE-2024-21869 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...) NOT-FOR-US: Rapid SCADA CVE-2024-21866 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...) NOT-FOR-US: Rapid SCADA CVE-2024-21863 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-21860 (in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker a ...) NOT-FOR-US: OpenHarmony CVE-2024-21852 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an ...) NOT-FOR-US: Rapid SCADA CVE-2024-21851 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-21845 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-21794 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4,an ...) NOT-FOR-US: Rapid SCADA CVE-2024-21780 (Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V1 ...) NOT-FOR-US: HOME SPOT CUBE2 CVE-2024-21764 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 5.8.4, th ...) NOT-FOR-US: Rapid SCADA CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0; versions o ...) NOT-FOR-US: Node dash-core-components CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1162 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2024-1143 (Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scr ...) NOT-FOR-US: Central Dogma CVE-2024-1073 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1047 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2024-1040 (Gessler GmbH WEB-MASTER user account is stored using a weak hashing al ...) NOT-FOR-US: WEB-MASTER CVE-2024-1039 (Gessler GmbH WEB-MASTER has a restoration account that uses weak hard ...) NOT-FOR-US: WEB-MASTER CVE-2024-0685 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...) NOT-FOR-US: WordPress plugin CVE-2024-0325 (In Helix Sync versions prior to 2024.1, a local command injection was ...) NOT-FOR-US: Helix Sync CVE-2024-0285 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-6221 (The cloud provider MachineSense uses for integration and deployment fo ...) NOT-FOR-US: MachineSense CVE-2023-50962 (IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict ...) NOT-FOR-US: IBM CVE-2023-50941 (IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, w ...) NOT-FOR-US: IBM CVE-2023-50940 (IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS ...) NOT-FOR-US: IBM CVE-2023-50939 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic ...) NOT-FOR-US: IBM CVE-2023-50938 (IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack ...) NOT-FOR-US: IBM CVE-2023-50937 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic ...) NOT-FOR-US: IBM CVE-2023-50936 (IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout ...) NOT-FOR-US: IBM CVE-2023-50935 (IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a U ...) NOT-FOR-US: IBM CVE-2023-50934 (IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which ...) NOT-FOR-US: IBM CVE-2023-50933 (IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remot ...) NOT-FOR-US: IBM CVE-2023-50328 (IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view sess ...) NOT-FOR-US: IBM CVE-2023-50327 (IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could a ...) NOT-FOR-US: IBM CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setti ...) NOT-FOR-US: IBM CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a cryptographically we ...) NOT-FOR-US: Objectplanet Opinio CVE-2023-49617 (The MachineSense application programmable interface (API) is improperl ...) NOT-FOR-US: MachineSense CVE-2023-49610 (MachineSense FeverWarn Raspberry Pi-based devices lack input sanitizat ...) NOT-FOR-US: MachineSense CVE-2023-49118 (in OpenHarmony v3.2.4 and prior versions allow a local attacker causes ...) NOT-FOR-US: OpenHarmony CVE-2023-49115 (MachineSense devices use unauthenticated MQTT messaging to monitor dev ...) NOT-FOR-US: MachineSense CVE-2023-48793 (Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in th ...) NOT-FOR-US: Zoho ManageEngine ADAudit Plus CVE-2023-48792 (Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injec ...) NOT-FOR-US: Zoho ManageEngine ADAudit Plus CVE-2023-47867 (MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way ...) NOT-FOR-US: MachineSense CVE-2023-47257 (ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle atta ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2023-47256 (ConnectWise ScreenConnect through 23.8.4 allows local users to connect ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2023-46706 (Multiple MachineSense devices have credentials unable to be changed by ...) NOT-FOR-US: MachineSense CVE-2023-46344 (A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and pos ...) NOT-FOR-US: Solar-Log Base 15 Firmware CVE-2023-46159 (IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2023-45734 (in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker ar ...) NOT-FOR-US: OpenHarmony CVE-2023-43756 (in OpenHarmony v3.2.4 and prior versions allow a local attacker causes ...) NOT-FOR-US: OpenHarmony CVE-2023-38263 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authentica ...) NOT-FOR-US: IBM CVE-2023-38020 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authentica ...) NOT-FOR-US: IBM CVE-2023-38019 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote atta ...) NOT-FOR-US: IBM CVE-2023-36496 (Delegated Admin Privilege virtual attribute provider plugin, when enab ...) NOT-FOR-US: pingidentity CVE-2023-32333 (IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to l ...) NOT-FOR-US: IBM CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...) NOT-FOR-US: Bref CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in combina ...) NOT-FOR-US: Bref CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...) NOT-FOR-US: Bref CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted to look ...) NOT-FOR-US: Statamic CMS CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs meant t ...) NOT-FOR-US: Pixee Java Code Security Toolkit CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-24557 (Moby is an open-source project created by Docker to enable software co ...) - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue with workarounds) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc NOTE: Workarounds exists (cf. GHSA-xw73-rw38-6vjc): Avoid using the cache or use Buildkit CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24060 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24059 (springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The sy ...) NOT-FOR-US: springboot-manager CVE-2024-23832 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x NOTE: https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0 NOTE: https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A deseria ...) NOT-FOR-US: Dataease CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remo ...) NOT-FOR-US: FlyCms CVE-2024-22936 (Cross-site scripting (XSS) vulnerability in Parents & Student Portal i ...) NOT-FOR-US: Parents & Student Portal in Genesis School Management Systems CVE-2024-22449 (Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a miss ...) NOT-FOR-US: Dell CVE-2024-22433 (Dell Data Protection Search 19.2.0 and above contain an exposed passwo ...) NOT-FOR-US: Dell CVE-2024-22430 (Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incor ...) NOT-FOR-US: Dell CVE-2024-22148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-21750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-1167 (When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information un ...) NOT-FOR-US: SEW-EURODRIVE MOVITOOLS MotionStudio CVE-2024-1141 (A vulnerability was found in python-glance-store. The issue occurs whe ...) - python-glance-store (bug #1063795) [bookworm] - python-glance-store (Minor issue) [bullseye] - python-glance-store (Minor issue) [buster] - python-glance-store (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258836 NOTE: https://github.com/openstack/glance_store/commit/d6e531af4821c8466b1e9404f12f89f6216417f2 NOTE: https://github.com/openstack/glance_store/commit/a5ba027922ba1230b4ae9abb810f36427be6354a CVE-2024-0935 (Insertion of Sensitive Information into Log File vulnerabilities are a ...) NOT-FOR-US: DELMIA Apriso CVE-2024-0704 REJECTED CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA Materials Studi ...) NOT-FOR-US: BIOVIA Materials Studio products CVE-2023-5841 (Due to a failure in validating the number of scanline samples of a Ope ...) - openexr (bug #1063414) [bookworm] - openexr (Minor issue) [bullseye] - openexr (Only affects 3.x) [buster] - openexr (Only affects 3.x) NOTE: https://takeonme.org/cves/CVE-2023-5841.html NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1625 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/46944c3a87ebc6c5d9a9a4962a94569ba1082bc3 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1627 CVE-2023-52195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52175 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51835 (An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to e ...) NOT-FOR-US: TRENDnet CVE-2023-51695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51691 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51689 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When authenti ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8 NOTE: https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35 CVE-2023-37621 REJECTED CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...) - minio (bug #859207) CVE-2024-24573 (facileManager is a modular suite of web apps built with the sysadmin i ...) NOT-FOR-US: facileManager CVE-2024-24572 (facileManager is a modular suite of web apps built with the sysadmin i ...) NOT-FOR-US: facileManager CVE-2024-24571 (facileManager is a modular suite of web apps built with the sysadmin i ...) NOT-FOR-US: facileManager CVE-2024-24548 (Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attac ...) NOT-FOR-US: Payment EX CVE-2024-23941 (Cross-site scripting vulnerability exists in Group Office prior to v6. ...) NOT-FOR-US: Group Office CVE-2024-23653 (BuildKit is a toolkit for converting source code to build artifacts in ...) NOT-FOR-US: BuildKit CVE-2024-23652 (BuildKit is a toolkit for converting source code to build artifacts in ...) NOT-FOR-US: BuildKit CVE-2024-23651 (BuildKit is a toolkit for converting source code to build artifacts in ...) NOT-FOR-US: BuildKit CVE-2024-23650 (BuildKit is a toolkit for converting source code to build artifacts in ...) NOT-FOR-US: BuildKit CVE-2024-22859 (Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3. ...) NOT-FOR-US: livewire CVE-2024-1130 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) NOT-FOR-US: WordPress plugin CVE-2024-1129 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) NOT-FOR-US: WordPress plugin CVE-2024-1117 (A vulnerability was found in openBI up to 1.0.8. It has been declared ...) NOT-FOR-US: openBI CVE-2024-0907 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...) NOT-FOR-US: WordPress plugin CVE-2024-0831 (Vault and Vault Enterprise (\u201cVault\u201d) may expose sensitive in ...) NOT-FOR-US: HashiCorp Vault CVE-2023-7069 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-51939 (An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of ...) NOT-FOR-US: relic-toolkit CVE-2024-0853 (curl inadvertently kept the SSL session ID for connections in its cach ...) - curl 8.6.0-1 [bookworm] - curl (Vulnerable code introduced later) [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2024-0853.html NOTE: Introduced by: https://github.com/curl/curl/commit/395365ad2d9a6c3f1a35d5e268a6af2824129832 (curl-8_5_0) NOTE: Fixed by: https://github.com/curl/curl/commit/c28e9478cb2548848eca9b765d0d409bfb18668c (curl-8_6_0) CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux accord ...) {DSA-5615-1 DLA-3735-1} - runc 1.1.12+ds1-1 (bug #1062532) NOTE: https://www.openwall.com/lists/oss-security/2024/01/31/6 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv NOTE: https://github.com/opencontainers/runc/commit/937ca107c3d22da77eb8e8030f2342253b980980 NOTE: https://github.com/opencontainers/runc/commit/8e1cd2f56d518f8d6292b8bb39f0d0932e4b6c2a NOTE: https://github.com/opencontainers/runc/commit/f2f16213e174fb63e931fe0546bbbad1d9bbed6f NOTE: https://github.com/opencontainers/runc/commit/89c93ddf289437d5c8558b37047c54af6a0edb48 NOTE: https://github.com/opencontainers/runc/commit/ee73091a8d28692fa4868bac81aa40a0b05f9780 NOTE: https://github.com/opencontainers/runc/commit/d8edada9f252873b88043279a71099db71941dea NOTE: DLA-3735-1/buster fixes everything but additional hardening: NOTE: https://lists.debian.org/debian-lts/2024/03/msg00022.html CVE-2024-24579 (stereoscope is a go library for processing container images and simula ...) NOT-FOR-US: stereoscope CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...) NOT-FOR-US: Lobe Chat CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...) - octoprint (bug #718591) CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability in ali ...) NOT-FOR-US: WordPress plugin CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshM ...) NOT-FOR-US: WordPress plugin CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browse ...) NOT-FOR-US: WordPress plugin CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,Uni ...) NOT-FOR-US: WordPress plugin CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar ...) NOT-FOR-US: WordPress plugin CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpa ...) NOT-FOR-US: WordPress plugin CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This ...) NOT-FOR-US: WordPress plugin CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...) NOT-FOR-US: WordPress plugin CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit E ...) NOT-FOR-US: WordPress plugin CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae Service ...) NOT-FOR-US: Rockwell Automation CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell Automati ...) NOT-FOR-US: Rockwell Automation CVE-2024-21893 (A server-side request forgery vulnerability in the SAML component of I ...) NOT-FOR-US: Ivanti CVE-2024-21888 (A privilege escalation vulnerability in web component of Ivanti Connec ...) NOT-FOR-US: Ivanti CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been classifie ...) NOT-FOR-US: openBI CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...) NOT-FOR-US: openBI CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...) NOT-FOR-US: openBI CVE-2024-1113 (A vulnerability, which was classified as critical, was found in openBI ...) NOT-FOR-US: openBI CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, developed ...) NOT-FOR-US: Resource Hacker CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester QR Code Login System CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...) NOT-FOR-US: CodeAstro Real Estate Management System CVE-2024-1102 (A vulnerability was found in jberet-core logging. An exception in 'dbP ...) NOT-FOR-US: JBeret CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...) NOT-FOR-US: Rebuild CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...) NOT-FOR-US: Rebuild CVE-2024-1087 REJECTED CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-2 NOTE: https://pwning.tech/nftables/ NOTE: https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 NOTE: https://git.kernel.org/linus/f342de4e2f33e0e39165d8639387aa6c19dff660 (6.8-rc2) NOTE: https://github.com/Notselwyn/CVE-2024-1086 CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 NOTE: https://git.kernel.org/linus/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 (6.8-rc1) CVE-2024-0833 (In Telerik Test Studio versions prior to v2023.3.1330, a privilege e ...) NOT-FOR-US: Telerik CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege elevation ...) NOT-FOR-US: Telerik CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview tab in ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege elevat ...) NOT-FOR-US: Telerik CVE-2023-7043 (Unquoted service path in ESET products allows to drop a prepared pro ...) NOT-FOR-US: ESET CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading to f ...) NOT-FOR-US: Honeywell CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...) NOT-FOR-US: AREAL SAS Websrv1 ASP website CVE-2023-50356 (SSL connections to some LDAP servers are vulnerable to a man-in-the-mi ...) NOT-FOR-US: AREAL Topkapi Vision (Server) CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an ...) NOT-FOR-US: Pega Platform CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Gen ...) NOT-FOR-US: Pega Platform CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...) - label-studio (bug #1026232) CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...) NOT-FOR-US: Apache ServiceComb Service-Center CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in Apache S ...) NOT-FOR-US: Apache ServiceComb Service-Center CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly sanitized ...) NOT-FOR-US: Discourse CVE-2024-23745 (In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirt ...) NOT-FOR-US: Notion Web Clipper CVE-2024-22569 (Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allo ...) NOT-FOR-US: POSCMS CVE-2024-22236 (In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0. ...) NOT-FOR-US: Spring Cloud Contract CVE-2024-1069 (The Contact Form Entries plugin for WordPress is vulnerable to arbitra ...) NOT-FOR-US: WordPress plugin CVE-2024-1012 (A vulnerability, which was classified as critical, has been found in W ...) NOT-FOR-US: Wanhu ezOFFICE CVE-2024-0836 (The WordPress Review & Structure Data Schema Plugin \u2013 Review Sche ...) NOT-FOR-US: WordPress plugin CVE-2023-51204 (Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PY ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51202 (OS command injection vulnerability in command processing or system cal ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51198 (An issue in the permission and access control components within ROS2 F ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51197 (An issue discovered in shell command execution in ROS2 (Robot Operatin ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-3934 REJECTED CVE-2023-31505 (An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows ...) NOT-FOR-US: Schlix CMS CVE-2023-2439 (The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2024-1062 (A heap overflow flaw was found in 389-ds-base. This issue leads to a d ...) - 389-ds-base (bug #1066120) [bookworm] - 389-ds-base (Minor issue) [bullseye] - 389-ds-base (Minor issue) [buster] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2261879 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256711 NOTE: https://github.com/389ds/389-ds-base/issues/5647 CVE-2023-5992 (A vulnerability was found in OpenSC where PKCS#1 encryption padding re ...) - opensc 0.25.0~rc1-1 (bug #1064189) [bookworm] - opensc (Minor issue) [bullseye] - opensc (Minor issue) [buster] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2248685 NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 NOTE: https://github.com/OpenSC/OpenSC/pull/2948 CVE-2024-1060 (Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allo ...) {DSA-5612-1} - chromium 121.0.6167.139-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1059 (Use after free in Peer Connection in Google Chrome prior to 121.0.6167 ...) {DSA-5612-1} - chromium 121.0.6167.139-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-1077 (Use after free in Network in Google Chrome prior to 121.0.6167.139 all ...) {DSA-5612-1} - chromium 121.0.6167.139-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-24565 (CrateDB is a distributed SQL database that makes it simple to store an ...) NOT-FOR-US: CrateDB CVE-2024-24558 (TanStack Query supplies asynchronous state management, server-state ut ...) NOT-FOR-US: TanStack Query CVE-2024-24556 (urql is a GraphQL client that exposes a set of helpers for several fra ...) NOT-FOR-US: urql CVE-2024-24333 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24332 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24331 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24330 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24329 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24328 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24327 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24326 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24325 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-24324 (TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hard ...) NOT-FOR-US: TOTOLINK CVE-2024-23841 (apollo-client-nextjs is the Apollo Client support for the Next.js App ...) NOT-FOR-US: apollo-client-nextjs CVE-2024-23840 (GoReleaser builds Go binaries for several platforms, creates a GitHub ...) NOT-FOR-US: GoReleaser CVE-2024-23838 (TrueLayer.NET is the .Net client for TrueLayer. The vulnerability cou ...) NOT-FOR-US: TrueLayer.NET CVE-2024-23825 (TablePress is a table plugin for Wordpress. For importing tables, Tabl ...) NOT-FOR-US: WordPress plugin CVE-2024-23647 (Authentik is an open-source Identity Provider. There is a bug in our i ...) NOT-FOR-US: authentik CVE-2024-22894 (An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or l ...) NOT-FOR-US: AIT-Deutschland Alpha Innotec Heatpumps CVE-2024-22523 (Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and b ...) NOT-FOR-US: Qiyu iFair CVE-2024-22200 (vantage6-UI is the User Interface for vantage6. The docker image used ...) NOT-FOR-US: vantage6-UI CVE-2024-22193 (The vantage6 technology enables to manage and deploy privacy enhancing ...) NOT-FOR-US: vantage6 CVE-2024-21671 (The vantage6 technology enables to manage and deploy privacy enhancing ...) NOT-FOR-US: vantage6 CVE-2024-21653 (The vantage6 technology enables to manage and deploy privacy enhancing ...) NOT-FOR-US: vantage6 CVE-2024-21649 (The vantage6 technology enables to manage and deploy privacy enhancing ...) NOT-FOR-US: vantage6 CVE-2024-21388 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1063 (Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF ...) NOT-FOR-US: Appwrite CVE-2024-1061 (The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affecte ...) NOT-FOR-US: WordPress plugin CVE-2024-1036 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...) NOT-FOR-US: openBI CVE-2024-1035 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...) NOT-FOR-US: openBI CVE-2024-1034 (A vulnerability, which was classified as critical, was found in openBI ...) NOT-FOR-US: openBI CVE-2024-1033 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: openBI CVE-2024-1032 (A vulnerability classified as critical was found in openBI up to 1.0.8 ...) NOT-FOR-US: openBI CVE-2024-1031 (A vulnerability was found in CodeAstro Expense Management System 1.0. ...) NOT-FOR-US: CodeAstro Expense Management System CVE-2024-1030 (A vulnerability was found in Cogites eReserv 7.7.58. It has been class ...) NOT-FOR-US: Cogites eReserv CVE-2024-1019 (ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypa ...) - modsecurity 3.0.12-1 [bookworm] - modsecurity (Minor issue) [bullseye] - modsecurity (Minor issue) [buster] - modsecurity (Minor issue) NOTE: https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 CVE-2024-0676 (Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro ...) NOT-FOR-US: Lamassu Bitcoin ATM Douro machines CVE-2024-0675 (Vulnerability of improper checking for unusual or exceptional conditio ...) NOT-FOR-US: Lamassu Bitcoin ATM Douro machines CVE-2024-0674 (Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machin ...) NOT-FOR-US: Lamassu Bitcoin ATM Douro machines CVE-2024-0564 (A flaw was found in the Linux kernel's memory deduplication mechanism. ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258514 CVE-2023-6943 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe ...) NOT-FOR-US: Mitsubishi CVE-2023-6942 (Missing Authentication for Critical Function vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi CVE-2023-6374 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) NOT-FOR-US: Mitsubishi CVE-2023-6258 (A security vulnerability has been identified in the pkcs11-provider, w ...) - pkcs11-provider 0.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2251062 NOTE: https://github.com/latchset/pkcs11-provider/pull/308 NOTE: https://github.com/latchset/pkcs11-provider/commit/de52d24c1b4b0bdc3a49a23db0f3231e209c3c68 (v0.3) CVE-2023-5389 (An attacker could potentially exploit this vulnerability, leading to t ...) NOT-FOR-US: Honeywell CVE-2023-46231 (In Splunk Add-on Builder versions below 4.1.4, the application writes ...) NOT-FOR-US: Splunk Add-on Builder CVE-2023-46230 (In Splunk Add-on Builder versions below 4.1.4, the app writes sensitiv ...) NOT-FOR-US: Splunk Add-on Builder CVE-2023-37518 (HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A ma ...) NOT-FOR-US: HCL BigFix ServiceNow CVE-2023-36260 (An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It ...) NOT-FOR-US: Craft CMS CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin bef ...) NOT-FOR-US: Craft CMS Audit Plugin CVE-2023-6246 (A heap-based buffer overflow was found in the __vsyslog_internal funct ...) {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc (Vulnerable code not present) [buster] - glibc (Vulnerable code not present) NOTE: https://www.qualys.com/2024/01/30/syslog NOTE: Introduced by: https://sourceware.org/git?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=6bd0e4efcc78f3c0115e5ea9739a1642807450da NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0001 CVE-2023-6779 (An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...) {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc (Vulnerable code not present) [buster] - glibc (Vulnerable code not present) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7e5a0c286da33159d47d0122007aac016f3e02cd NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0002;hb=HEAD NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0002 CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function of th ...) {DSA-5611-1} - glibc 2.37-15 [bullseye] - glibc (Vulnerable code not present) [buster] - glibc (Vulnerable code not present) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ddf542da94caf97ff43cc2875c88749880b7259b NOTE: https://sourceware.org/pipermail/libc-announce/2024/000037.html NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003 CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp (bug #1062708) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 NOTE: https://github.com/aio-libs/aiohttp/pull/8074 NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master) NOTE: https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82 (v3.9.2) CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp (bug #1062709) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f NOTE: https://github.com/aio-libs/aiohttp/pull/8079 NOTE: https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b (master) NOTE: https://github.com/aio-libs/aiohttp/commit/9118a5831e8a65b8c839eb7e4ac983e040ff41df (v3.9.2) CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local a ...) NOT-FOR-US: BossCMS CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to ...) NOT-FOR-US: DuckDB CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionali ...) NOT-FOR-US: SEO Panel CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel 4.10.0. This ...) NOT-FOR-US: SEO Panel CVE-2024-22646 (An email address enumeration vulnerability exists in the password rese ...) NOT-FOR-US: SEO Panel CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version ...) NOT-FOR-US: SEO Panel CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in ...) NOT-FOR-US: Hitachi CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on Linux, x8 ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to Arbitra ...) NOT-FOR-US: Node network CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...) NOT-FOR-US: Cogites eReserv CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...) NOT-FOR-US: SourceCodester Facebook News Feed Like CVE-2024-1027 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Facebook News Feed Like CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as ...) NOT-FOR-US: Cogites eReserv CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...) NOT-FOR-US: SourceCodester Facebook News Feed Like CVE-2024-1022 (A vulnerability, which was classified as problematic, was found in Cod ...) NOT-FOR-US: CodeAstro Simple Student Result Management System CVE-2024-1021 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Rebuild CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild up to 3 ...) NOT-FOR-US: Rebuild CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-5372 (The post-authentication command injection vulnerability in Zyxel NAS32 ...) NOT-FOR-US: Zyxel CVE-2023-52071 REJECTED CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass vulnerability in th ...) NOT-FOR-US: CrateDB CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as h ...) NOT-FOR-US: react-dashboard CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Va ...) NOT-FOR-US: Ylianst MeshCentral CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source In ...) NOT-FOR-US: Free Open-Source Inventory Management System CVE-2023-4554 (Improper Restriction of XML External Entity Reference vulnerability in ...) NOT-FOR-US: OpenText AppBuilder CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) NOT-FOR-US: OpenText AppBuilder CVE-2023-4552 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) NOT-FOR-US: OpenText AppBuilder CVE-2023-4551 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...) NOT-FOR-US: OpenText AppBuilder CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to External ...) NOT-FOR-US: OpenText AppBuilder CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allo ...) NOT-FOR-US: Buffalo CVE-2023-45930 REJECTED CVE-2023-45928 REJECTED CVE-2023-45926 REJECTED CVE-2023-45923 REJECTED CVE-2023-37571 (Softing TH SCOPE through 3.70 allows XSS.) NOT-FOR-US: Softing TH SCOPE CVE-2024-1023 (A vulnerability in the Eclipse Vert.x toolkit results in a memory leak ...) NOT-FOR-US: Eclipse Vertx CVE-2024-24141 (Sourcecodester School Task Manager App 1.0 allows SQL Injection via th ...) NOT-FOR-US: Sourcecodester School Task Manager App CVE-2024-24140 (Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via th ...) NOT-FOR-US: Sourcecodester Daily Habit Tracker App CVE-2024-24139 (Sourcecodester Login System with Email Verification 1.0 allows SQL Inj ...) NOT-FOR-US: Sourcecodester Login System with Email Verification CVE-2024-24136 (The 'Your Name' field in the Submit Score section of Sourcecodester Ma ...) NOT-FOR-US: Sourcecodester Math Game with Leaderboard CVE-2024-24135 (Product Name and Product Code in the 'Add Product' section of Sourceco ...) NOT-FOR-US: Sourcecodester Product Inventory with Export to Excel CVE-2024-24134 (Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Script ...) NOT-FOR-US: Sourcecodester Online Food Menu CVE-2024-23940 (Trend Micro uiAirSupport, included in the Trend Micro Security 2023 fa ...) NOT-FOR-US: Trend Micro CVE-2024-23828 (Nginx-UI is a web interface to manage Nginx configurations. It is vuln ...) NOT-FOR-US: Nginx-UI CVE-2024-23827 (Nginx-UI is a web interface to manage Nginx configurations. The Import ...) NOT-FOR-US: Nginx-UI CVE-2024-23826 (spbu_se_site is the website of the Department of System Programming of ...) NOT-FOR-US: spbu_se_site (website of the Department of System Programming of St. Petersburg State University) CVE-2024-23822 (Thruk is a multibackend monitoring webinterface. Prior to 3.12, the T ...) NOT-FOR-US: Thruk CVE-2024-23792 (When adding attachments to ticket comments, another user can add atta ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x CVE-2024-23791 (Insertion of debug information into log file during building the elast ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x CVE-2024-23790 (Improper Input Validation vulnerability in the upload functionality fo ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x CVE-2024-23747 (The Moderna Sistemas ModernaNet Hospital Management System 2024 is sus ...) NOT-FOR-US: Moderna Sistemas ModernaNet Hospital Management System CVE-2024-23441 (Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerabi ...) NOT-FOR-US: Vba32 Antivirus CVE-2024-22570 (A stored cross-site scripting (XSS) vulnerability in /install.php?m=in ...) NOT-FOR-US: GreenCMS CVE-2024-22559 (LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Conte ...) NOT-FOR-US: LightCMS CVE-2024-1018 (A vulnerability classified as problematic has been found in PbootCMS 3 ...) NOT-FOR-US: PbootCMS CVE-2024-1017 (A vulnerability was found in Gabriels FTP Server 1.2. It has been rate ...) NOT-FOR-US: Gabriels FTP Server CVE-2024-1016 (A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been ...) NOT-FOR-US: Solar FTP Server CVE-2024-1015 (Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 ...) NOT-FOR-US: SE-elektronic GmbH E-DDC3.3 CVE-2024-1014 (Uncontrolled resource consumption vulnerability in SE-elektronic GmbH ...) NOT-FOR-US: SE-elektronic GmbH E-DDC3.3 CVE-2024-1011 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1010 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1009 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1008 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1007 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2024-1006 (A vulnerability was found in Shanxi Diankeyun Technology NODERP up to ...) NOT-FOR-US: Shanxi Diankeyun Technology NODERP CVE-2024-1005 (A vulnerability has been found in Shanxi Diankeyun Technology NODERP u ...) NOT-FOR-US: Shanxi Diankeyun Technology NODERP CVE-2024-1004 (A vulnerability, which was classified as critical, was found in Totoli ...) NOT-FOR-US: Totolink CVE-2024-1003 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-1002 (A vulnerability classified as critical was found in Totolink N200RE 9. ...) NOT-FOR-US: Totolink CVE-2024-1001 (A vulnerability classified as critical has been found in Totolink N200 ...) NOT-FOR-US: Totolink CVE-2024-1000 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2024-0999 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2024-0998 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2024-0997 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and ...) NOT-FOR-US: Totolink CVE-2024-0788 (SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API pa ...) NOT-FOR-US: SUPERAntiSpyware Pro X CVE-2024-0212 (The Cloudflare Wordpress plugin was found to be vulnerable to improper ...) NOT-FOR-US: WordPress plugin CVE-2023-7204 (The WP STAGING WordPress Backup plugin before 3.2.0 allows access to c ...) NOT-FOR-US: WordPress plugin CVE-2023-7200 (The EventON WordPress plugin before 4.4.1 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-7199 (The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium Word ...) NOT-FOR-US: WordPress plugin CVE-2023-7089 (The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uplo ...) NOT-FOR-US: WordPress plugin CVE-2023-7074 (The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-6946 (The Autotitle for WordPress plugin through 1.0.3 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2023-6633 (The Site Notes WordPress plugin through 2.0.0 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-6530 (The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-6503 (The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2023-6391 (The Custom User CSS WordPress plugin through 0.2 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2023-6390 (The WordPress Users WordPress plugin through 1.4 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2023-6389 (The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any ...) NOT-FOR-US: WordPress plugin CVE-2023-6279 (The Woostify Sites Library WordPress plugin before 1.4.8 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-6278 (The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-6165 (The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 ...) NOT-FOR-US: WordPress plugin CVE-2023-5956 (The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-5943 (The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-5378 (Improper Input Validation vulnerability in MegaBIP and already unsupp ...) NOT-FOR-US: MegaBIPMegaBIP (and SmodBIP) software CVE-2023-5124 (The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prev ...) NOT-FOR-US: WordPress plugin CVE-2023-51842 (An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1 ...) NOT-FOR-US: Ylianst MeshCentral CVE-2023-51840 (DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.) NOT-FOR-US: DoraCMS CVE-2023-51839 (DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptogr ...) NOT-FOR-US: DeviceFarmer stf CVE-2023-46050 REJECTED CVE-2023-45932 REJECTED CVE-2023-45921 REJECTED CVE-2023-45916 REJECTED CVE-2024-24736 (The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial ...) NOT-FOR-US: POP3 service in YahooPOPs CVE-2024-23782 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) NOT-FOR-US: a-blog cms CVE-2024-0996 (A vulnerability classified as critical has been found in Tenda i9 1.0. ...) NOT-FOR-US: Tenda CVE-2024-0995 (A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated ...) NOT-FOR-US: Tenda CVE-2024-0994 (A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been decla ...) NOT-FOR-US: Tenda CVE-2024-0993 (A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been class ...) NOT-FOR-US: Tenda CVE-2024-0992 (A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as ...) NOT-FOR-US: Tenda CVE-2024-0991 (A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classifie ...) NOT-FOR-US: Tenda CVE-2024-0990 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-0989 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0988 (A vulnerability classified as critical was found in Sichuan Yougou Tec ...) NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0987 (A vulnerability classified as critical has been found in Sichuan Yougo ...) NOT-FOR-US: Sichuan Yougou Technology KuERP CVE-2024-0986 (A vulnerability was found in Issabel PBX 4.0.0. It has been rated as c ...) NOT-FOR-US: Issabel PBX CVE-2023-52340 [ipv6: remove max_size check inline with ipv4] - linux 6.3.7-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/af6d10345ca76670c1b7c37799f0d5576ccef277 (6.3-rc1) CVE-2024-0841 (A null pointer dereference flaw was found in the hugetlbfs_fill_super ...) {DSA-5681-1} - linux 6.6.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256490 NOTE: https://lore.kernel.org/all/20240130210418.3771-1-osalvador@suse.de/T/#u CVE-2023-6200 (A race condition was found in the Linux Kernel. Under certain conditio ...) - linux 6.6.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dade3f6a1e4e35a5ae916d5e78b3229ec34c78ec (6.7-rc7) CVE-2024-23743 (Notion through 3.1.0 on macOS might allow code execution because of Ru ...) NOT-FOR-US: Notion for macOS CVE-2024-23742 (An issue in Loom on macOS version 0.196.1 and before, allows remote at ...) NOT-FOR-US: Loom on macOS CVE-2024-23741 (An issue in Hyper on macOS version 3.4.1 and before, allows remote att ...) NOT-FOR-US: Hyper on macOS CVE-2024-23740 (An issue in Kap for macOS version 3.6.0 and before, allows remote atta ...) NOT-FOR-US: Kap for macOS CVE-2024-23739 (An issue in Discord for macOS version 0.0.291 and before, allows remot ...) NOT-FOR-US: Discord for macOS CVE-2024-23738 (An issue in Postman version 10.22 and before on macOS allows a remote ...) NOT-FOR-US: Postman on MacOS CVE-2024-0962 (A vulnerability was found in obgm libcoap 4.3.4. It has been rated as ...) - libcoap3 (bug #1061704) [bookworm] - libcoap3 (Vulnerable code not present) - libcoap2 (Vulnerable code not present) - libcoap (Vulnerable code not present) NOTE: https://github.com/obgm/libcoap/issues/1310 NOTE: https://github.com/obgm/libcoap/issues/1310#issue-2099860835 NOTE: https://github.com/obgm/libcoap/pull/1311 NOTE: Introduced by: https://github.com/obgm/libcoap/commit/dac6bd3b603fc8a37fe80f8a459d82c79feebad0 (v4.3.2-rc1) NOTE: Fixed by: https://github.com/obgm/libcoap/commit/2b28d8b0e9607e71a145345b4fe49517e052b7d9 CVE-2024-0960 (A vulnerability was found in flink-extended ai-flow 0.3.1. It has been ...) NOT-FOR-US: flink-extended ai-flow CVE-2024-0959 (A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been c ...) NOT-FOR-US: StanfordVL GibsonEnv CVE-2024-23775 (Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x b ...) - mbedtls 2.28.7-1 [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/ CVE-2024-23170 (An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ...) - mbedtls 2.28.7-1 [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ CVE-2024-23506 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-22862 (Integer overflow vulnerability in FFmpeg before n6.1, allows remote at ...) - ffmpeg 7:6.1-1 [bookworm] - ffmpeg (jpegxl support added in 6.1) [bullseye] - ffmpeg (jpegxl support added in 6.1) [buster] - ffmpeg (jpegxl support added in 6.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/ca09d8a0dcd82e3128e62463231296aaf63ae6f7 (n6.1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113 CVE-2024-22861 (Integer overflow vulnerability in FFmpeg before n6.1, allows attackers ...) - ffmpeg 7:6.1-1 [bookworm] - ffmpeg (osq support added in 6.1) [bullseye] - ffmpeg (osq support added in 6.1) [buster] - ffmpeg (osq support added in 6.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce (n6.1) CVE-2024-22860 (Integer overflow vulnerability in FFmpeg before n6.1, allows remote at ...) - ffmpeg 7:6.1-1 [bookworm] - ffmpeg (jpegxl support added in 6.1) [bullseye] - ffmpeg (jpegxl support added in 6.1) [buster] - ffmpeg (jpegxl support added in 6.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5 (n6.1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991 CVE-2024-22283 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-22147 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-0958 (A vulnerability was found in CodeAstro Stock Management System 1.0 and ...) NOT-FOR-US: CodeAstro Stock Management System CVE-2024-0948 (** DISPUTED ** A vulnerability, which was classified as problematic, h ...) - netbox (bug #1017079) CVE-2024-0946 (A vulnerability classified as critical was found in 60IndexPage up to ...) NOT-FOR-US: 60IndexPage CVE-2024-0945 (A vulnerability classified as critical has been found in 60IndexPage u ...) NOT-FOR-US: 60IndexPage CVE-2024-0824 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-0697 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2024-0667 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...) NOT-FOR-US: WordPress plugin CVE-2024-0664 (The Meks Smart Social Widget plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-0618 (The Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-6497 (The WordPress Simple Shopping Cart plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-6482 (Use of encryption key derived from static information in Synaptics Fin ...) NOT-FOR-US: Synaptics CVE-2023-6470 REJECTED CVE-2023-52389 (UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow a ...) [experimental] - poco 1.13.0-1 - poco 1.13.0-6 [bookworm] - poco (Minor issue) [bullseye] - poco (Minor issue) [buster] - poco (Minor issue) NOTE: https://pocoproject.org/blog/?p=1226 NOTE: https://github.com/pocoproject/poco/issues/4320 NOTE: https://github.com/pocoproject/poco/commit/62f875dfe1298041289f926a6a1a39cb765b13ee CVE-2023-52187 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-48202 (Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows ...) NOT-FOR-US: Sunlight CMS CVE-2023-48201 (Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allo ...) NOT-FOR-US: Sunlight CMS CVE-2024-0444 [GStreamer-SA-2024-0001: AV1 codec parser potential buffer overflow during tile list parsing] {DSA-5608-1} - gst-plugins-bad1.0 1.22.9-1 [buster] - gst-plugins-bad1.0 (AV1 parser introduced in 1.17.1) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5970 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe (1.22.9) CVE-2023-46045 (Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read vi ...) - graphviz 2.42.2-8 (unimportant) NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f (2.38.0) NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a NOTE: Fixed by: https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e CVE-2024-23896 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23894 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23893 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23892 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23891 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23890 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23889 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23888 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23887 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23886 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23885 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23884 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23883 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23882 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23881 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23880 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23879 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23878 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23877 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23876 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23875 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23874 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23873 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23872 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23871 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23870 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23869 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23868 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23867 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23866 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23865 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23864 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23863 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23862 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23861 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23860 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23859 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23858 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23857 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23856 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23820 (OpenFGA, an authorization/permission engine, is vulnerable to a denial ...) NOT-FOR-US: OpenFGA CVE-2024-22551 (WhatACart v2.0.7 was discovered to contain a reflected cross-site scri ...) NOT-FOR-US: WhatACart CVE-2024-22550 (An arbitrary file upload vulnerability in the component /alsdemo/ss/me ...) NOT-FOR-US: ShopSite CVE-2024-21985 (ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 a ...) NOT-FOR-US: ONTAP (NetAPP) CVE-2024-21336 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20305 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2024-20263 (A vulnerability with the access control list (ACL) management within a ...) NOT-FOR-US: Cisco CVE-2024-20253 (A vulnerability in multiple Cisco Unified Communications and Contact C ...) NOT-FOR-US: Cisco CVE-2024-0944 (A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has ...) NOT-FOR-US: Totolink CVE-2024-0943 (A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been ...) NOT-FOR-US: Totolink CVE-2024-0942 (A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. ...) NOT-FOR-US: Totolink CVE-2024-0941 (A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as cr ...) NOT-FOR-US: Novel-Plus CVE-2024-0939 (A vulnerability has been found in Byzoro Smart S210 Management Platfor ...) NOT-FOR-US: Beijing Baichuo Smart S210 Management Platform CVE-2024-0938 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2024-0937 (A vulnerability, which was classified as critical, has been found in v ...) NOT-FOR-US: van_der_Schaar LAB synthcity CVE-2024-0936 (A vulnerability classified as critical was found in van_der_Schaar LAB ...) NOT-FOR-US: van_der_Schaar LAB TemporAI CVE-2024-0933 (A vulnerability was found in Niushop B2B2C V5 and classified as critic ...) NOT-FOR-US: Niushop B2B2C CVE-2024-0932 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda AC10U CVE-2024-0931 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) NOT-FOR-US: Tenda AC10U CVE-2024-0930 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) NOT-FOR-US: Tenda AC10U CVE-2024-0929 (A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It h ...) NOT-FOR-US: Tenda AC10U CVE-2024-0928 (A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It h ...) NOT-FOR-US: Tenda AC10U CVE-2024-0927 (A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It h ...) NOT-FOR-US: Tenda AC10U CVE-2024-0926 (A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and c ...) NOT-FOR-US: Tenda AC10U CVE-2024-0925 (A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 ...) NOT-FOR-US: Tenda AC10U CVE-2024-0924 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda AC10U CVE-2024-0923 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda AC10U CVE-2024-0922 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) NOT-FOR-US: Tenda AC10U CVE-2024-0921 (A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and clas ...) NOT-FOR-US: D-Link CVE-2024-0920 (A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been ...) NOT-FOR-US: TRENDnet TEW-822DRE CVE-2024-0919 (A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been ...) NOT-FOR-US: TRENDnet CVE-2024-0918 (A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified ...) NOT-FOR-US: TRENDnet CVE-2022-48622 (In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows ...) - gdk-pixbuf [bookworm] - gdk-pixbuf (Revisit once fixed upstream) [bullseye] - gdk-pixbuf (Revisit once fixed upstream) [buster] - gdk-pixbuf (Minor issue, recheck when fixed upstream) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202 CVE-2024-24399 (An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authent ...) NOT-FOR-US: LeptonCMS CVE-2024-23630 (An arbitrary firmware upload vulnerability exists in the Motorola MR2 ...) NOT-FOR-US: Motorola CVE-2024-23629 (An authentication bypass vulnerability exists in the web component of ...) NOT-FOR-US: Motorola CVE-2024-23628 (A command injection vulnerability exists in the 'SaveStaticRouteIPv6P ...) NOT-FOR-US: Motorola CVE-2024-23627 (A command injection vulnerability exists in the 'SaveStaticRouteIPv4Pa ...) NOT-FOR-US: Motorola CVE-2024-23626 (A command injection vulnerability exists in the \u2018SaveSysLogParams ...) NOT-FOR-US: Motorola CVE-2024-23625 (A command injection vulnerability exists in D-Link DAP-1650 devices wh ...) NOT-FOR-US: D-Link CVE-2024-23624 (A command injection vulnerability exists in the gena.cgi module of D-L ...) NOT-FOR-US: D-Link CVE-2024-23622 (A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Wor ...) NOT-FOR-US: IBM CVE-2024-23621 (A buffer overflow exists in IBM Merge Healthcare eFilm Workstation lic ...) NOT-FOR-US: IBM CVE-2024-23620 (An improper privilege management vulnerability exists in IBM Merge Hea ...) NOT-FOR-US: IBM CVE-2024-23619 (A hardcoded credential vulnerability exists in IBM Merge Healthcare eF ...) NOT-FOR-US: IBM CVE-2024-23618 (An arbitrary code execution vulnerability exists in Arris SURFboard SG ...) NOT-FOR-US: Arris CVE-2024-23617 (A buffer overflow vulnerability exists in Symantec Data Loss Preventio ...) NOT-FOR-US: Symantec CVE-2024-23616 (A buffer overflow vulnerability exists in Symantec Server Management S ...) NOT-FOR-US: Symantec CVE-2024-23615 (A buffer overflow vulnerability exists in Symantec Messaging Gateway v ...) NOT-FOR-US: Symantec CVE-2024-23614 (A buffer overflow vulnerability exists in Symantec Messaging Gateway v ...) NOT-FOR-US: Symantec CVE-2024-23613 (A buffer overflow vulnerability exists in Symantec Deployment Solution ...) NOT-FOR-US: Symantec CVE-2024-23388 (Improper authorization in handler for custom URL scheme issue in "Merc ...) NOT-FOR-US: Mercari CVE-2024-23055 (An issue in Plone Docker Official Image 5.2.13 (5221) open-source soft ...) NOT-FOR-US: Plone Docker image CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows ...) NOT-FOR-US: Projectworlds Vistor Management Systemin PHP CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...) - tcpdf 6.7.5+dfsg-1 [bookworm] - tcpdf (Minor issue) [bullseye] - tcpdf (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090 NOTE: https://github.com/zunak/CVE-2024-22640 NOTE: https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679 (6.7.5) CVE-2024-22639 (iGalerie v3.0.22 was discovered to contain a reflected cross-site scri ...) NOT-FOR-US: iGalerie CVE-2024-22638 (liveSite v2019.1 was discovered to contain a remote code execution (RC ...) NOT-FOR-US: liveSite CVE-2024-22637 (Form Tools v3.1.1 was discovered to contain a reflected cross-site scr ...) NOT-FOR-US: Form Tools CVE-2024-22636 (PluXml Blog v5.8.9 was discovered to contain a remote code execution ( ...) - pluxml [buster] - pluxml (EOL in buster LTS) CVE-2024-22635 (WebCalendar v1.3.0 was discovered to contain a reflected cross-site sc ...) - webcalendar CVE-2024-22545 (An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows ...) NOT-FOR-US: TRENDnet CVE-2024-21620 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Juniper CVE-2024-21619 (A Missing Authentication for Critical Function vulnerability combined ...) NOT-FOR-US: Juniper CVE-2024-21387 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21385 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21383 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21382 (Microsoft Edge for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21326 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-0891 (A vulnerability was found in hongmaple octopus 1.0. It has been declar ...) NOT-FOR-US: hongmaple octopus CVE-2024-0890 (A vulnerability was found in hongmaple octopus 1.0. It has been classi ...) NOT-FOR-US: hongmaple octopus CVE-2024-0889 (A vulnerability was found in Kmint21 Golden FTP Server 2.02b and class ...) NOT-FOR-US: Kmint21 Golden FTP Server CVE-2024-0888 (A vulnerability, which was classified as problematic, was found in BOR ...) NOT-FOR-US: BORGChat CVE-2024-0887 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Mafiatic Blue Server CVE-2024-0886 (A vulnerability classified as problematic was found in Poikosoft EZ CD ...) NOT-FOR-US: Poikosoft CVE-2024-0885 (A vulnerability classified as problematic has been found in SpyCamLiza ...) NOT-FOR-US: SpyCamLizard CVE-2024-0884 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester CVE-2023-6919 (Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technol ...) NOT-FOR-US: Biges Safe Life Technologies Electronics Inc CVE-2023-52251 (An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows r ...) NOT-FOR-US: kafka-ui CVE-2023-52046 (Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier ...) - webmin CVE-2023-51833 (A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that al ...) NOT-FOR-US: TRENDnet CVE-2023-48135 (An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: mimasaka_farm mini-app on Line CVE-2023-48133 (An issue in angel coffee mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: angel coffee mini-app on Line CVE-2023-48132 (An issue in kosei entertainment esportsstudioLegends mini-app on Line ...) NOT-FOR-US: kosei entertainment esportsstudioLegends mini-app on Line CVE-2023-48131 (An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers ...) NOT-FOR-US: CHIGASAKI BAKERY mini-app on Line CVE-2023-48130 (An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to se ...) NOT-FOR-US: GINZA CAFE mini-app on Line CVE-2023-48129 (An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: kimono-oldnew mini-app on Line CVE-2023-48128 (An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attacker ...) NOT-FOR-US: UNITED BOXING GYM mini-app on Line CVE-2023-48127 (An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send ...) NOT-FOR-US: myGAKUYA mini-app on Line CVE-2023-48126 (An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attacke ...) NOT-FOR-US: Luxe Beauty Clinic mini-app on Line CVE-2024-0914 (A timing side-channel vulnerability has been discovered in the opencry ...) - opencryptoki [bookworm] - opencryptoki (Minor issue) [bullseye] - opencryptoki (Minor issue) [buster] - opencryptoki (Minor issue) NOTE: https://github.com/opencryptoki/opencryptoki/issues/731 NOTE: https://github.com/opencryptoki/opencryptoki/pull/732 NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/2ea019ee2b09f15724d808382d53baca03403288 NOTE: https://github.com/opencryptoki/opencryptoki/pull/737 NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/7ffc0e135b4d923d686be536aa7bf69405a360a1 NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/c26e049bf40d656bc51429bad190b82fbf63f0c7 NOTE: https://people.redhat.com/~hkario/marvin/ CVE-2024-0911 (A flaw was found in indent, a program for formatting C code. This issu ...) - indent 2.2.13-4 (unimportant; bug #1061543) [bookworm] - indent 2.2.12-4+deb12u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259883 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260399 NOTE: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html NOTE: Crash in CLI tool, no security impact CVE-2024-0874 (A flaw was found in coredns. This issue could lead to invalid cache en ...) - coredns (bug #880676) CVE-2024-0456 (An authorization vulnerability exists in GitLab versions 14.0 prior to ...) - gitlab 16.6.6-1 NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released CVE-2023-5612 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 16.6.6-1 NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released CVE-2023-5933 (An issue has been discovered in GitLab CE/EE affecting all versions af ...) - gitlab 16.6.6-1 NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released CVE-2023-6159 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.6.6-1 NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released CVE-2024-0402 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.6.6-1 NOTE: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2024-23817 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...) - dolibarr CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive authentic ...) - coreos-dex (bug #879562) CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 3.118.12 and p ...) NOT-FOR-US: Tuta CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the function g ...) - gpac (bug #1065861) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2713 NOTE: https://github.com/gpac/gpac/commit/7aef8038c6bdd310e65000704e39afaa0e721048 CVE-2024-22729 (NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command i ...) NOT-FOR-US: NETIS SYSTEMS MW5360 CVE-2024-22529 (TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vuln ...) NOT-FOR-US: TOTOLINK CVE-2024-22432 (Networker 19.9 and all prior versions contains a Plain-text Password s ...) NOT-FOR-US: Dell Networker CVE-2024-21630 (Zulip is an open-source team collaboration tool. A vulnerability in ve ...) NOT-FOR-US: Zulip CVE-2024-0883 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2024-0882 (A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been c ...) NOT-FOR-US: qwdigital LinkWechat CVE-2024-0880 (A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as ...) NOT-FOR-US: Qidianbang qdbcrm CVE-2024-0879 (Authentication bypass in vector-admin allows a user to register to a v ...) NOT-FOR-US: JFROG vector-admin CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulner ...) NOT-FOR-US: SystemK NVR 504/508/516 CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...) NOT-FOR-US: IceHrm CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...) {DSA-5688-1} - atril 1.26.2-1 (bug #1061522) NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37 NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50 CVE-2023-41474 (Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows ...) NOT-FOR-US: Ivanti CVE-2023-3181 (The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst ...) NOT-FOR-US: Splashtop CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via a long ...) NOT-FOR-US: EzServer CVE-2024-23307 (Integer Overflow or Wraparound vulnerability in Linux Linux kernel ker ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 NOTE: https://git.kernel.org/linus/dfd2bf436709b2bccb78c2dda550dde93700efa7 CVE-2024-22751 (D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack ove ...) NOT-FOR-US: D-Link CVE-2024-22099 (NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on ...) {DSA-5681-1} - linux [bookworm] - linux 6.1.82-1 NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=7956 NOTE: https://git.kernel.org/linus/2535b848fa0f42ddff3e5255cf5e742c9b77bb26 (v6.8-rc7) CVE-2024-0688 (The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-0625 (The WPFront Notification Bar plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2024-0624 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) NOT-FOR-US: WordPress plugin CVE-2024-0617 (The Category Discount Woocommerce plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2023-50785 (Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view ...) NOT-FOR-US: Zoho CVE-2023-33760 (SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize ...) NOT-FOR-US: SpliceCom CVE-2023-33759 (SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessi ...) NOT-FOR-US: SpliceCom CVE-2023-33758 (Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain ...) NOT-FOR-US: SpliceCom CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3. ...) NOT-FOR-US: SpliceCom CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...) NOT-FOR-US: ovirt-engine CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...) - openssl 3.1.5-1 (bug #1061582) [bookworm] - openssl (Minor issue) [bullseye] - openssl (Minor issue) [buster] - openssl (Minor issue, DoS, Low severity) NOTE: https://www.openssl.org/news/secadv/20240125.txt NOTE: https://github.com/openssl/openssl/commit/041962b429ebe748c8b6b7922980dfb6decfef26 (master) NOTE: https://github.com/openssl/openssl/commit/8a85df7c60ba1372ee98acc5982e902d75f52130 (master) NOTE: https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c (openssl-3.1.5) NOTE: https://github.com/openssl/openssl/commit/febb086d0fc1ea12181f4d833aa9b8fdf2133b3b (openssl-3.1.5) CVE-2023-6267 (A flaw was found in the json payload. If annotation based security is ...) NOT-FOR-US: Quarkus CVE-2023-5675 (A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reacti ...) NOT-FOR-US: Quarkus CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be trigger ...) {DLA-3758-1} - tiff 4.5.1+git230720-4 (bug #1061524) [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/622 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/546 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a CVE-2023-52355 (An out-of-memory flaw was found in libtiff that could be triggered by ...) - tiff 4.5.1+git230720-4 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue, DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/621 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/335947359ce2dd3862cd9f7c49f92eba065dfed4 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/16ab4a205cfc938c32686e8d697d048fabf97ed4 NOTE: Issue fixed by providing a documentation update CVE-2023-40551 (A flaw was found in the MZ binary format in Shim. An out-of-bounds rea ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259918 NOTE: https://github.com/rhboot/shim/commit/5a5147d1e19cf90ec280990c84061ac3f67ea1ab (15.8) CVE-2023-40550 (An out-of-bounds read flaw was found in Shim when it tried to validate ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259915 NOTE: https://github.com/rhboot/shim/commit/93ce2552f3e9f71f888a672913bfc0eef255c56d (15.8) NOTE: Followup: https://github.com/rhboot/shim/commit/e7f5fdf53ee68025f3ef2688e2f27ccb0082db83 (15.8) CVE-2023-40549 (An out-of-bounds read flaw was found in Shim due to the lack of proper ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241797 NOTE: https://github.com/rhboot/shim/commit/afdc5039de0a4a3a40162a32daa070f94a883f09 (15.8) CVE-2023-40548 (A buffer overflow was found in Shim in the 32-bit system. The overflow ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782 NOTE: https://github.com/rhboot/shim/commit/96dccc255b16e9465dbee50b3cef6b3db74d11c8 (15.8) CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The Shim boot ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589 NOTE: https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d (15.8) CVE-2023-40546 (A flaw was found in Shim when an error happened while creating a new E ...) {DLA-3813-1} - shim 15.8-1 (bug #1061519) [bookworm] - shim (Minor issue, fix with a point release) [bullseye] - shim (Minor issue, fix with a point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241796 NOTE: https://github.com/rhboot/shim/commit/66e6579dbf921152f647a0c16da1d3b2f40861ca (15.8) NOTE: https://github.com/rhboot/shim/commit/dae82f6bd72cf600e5d48046ec674a441d0f49d7 (15.8) CVE-2024-23649 (Lemmy is a link aggregator and forum for the fediverse. Starting in ve ...) NOT-FOR-US: Lemmy CVE-2024-23648 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...) NOT-FOR-US: Pimcore's Admin Classic Bundle CVE-2024-23646 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...) NOT-FOR-US: Pimcore's Admin Classic Bundle CVE-2024-23644 (Trillium is a composable toolkit for building internet applications wi ...) NOT-FOR-US: Trillium CVE-2024-23641 (SvelteKit is a web development kit. In SvelteKit 2, sending a GET requ ...) NOT-FOR-US: SvelteKit CVE-2024-22725 (Orthanc versions before 1.12.2 are affected by a reflected cross-site ...) - orthanc 1.12.2+dfsg-1 [bookworm] - orthanc (Minor issue) [bullseye] - orthanc (Minor issue) [buster] - orthanc (Minor issue, XSS) NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0 CVE-2024-22720 (Kanboard 1.2.34 is vulnerable to Html Injection in the group managemen ...) - kanboard (bug #1062710) [bookworm] - kanboard (Minor issue) NOTE: https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b NOTE: https://github.com/kanboard/kanboard/issues/5411 NOTE: Fixed by: https://github.com/kanboard/kanboard/commit/70df1210259a2e5ec258a753318bddfda6f7d024 (v1.2.35) CVE-2024-22651 (There is a command injection vulnerability in the ssdpcgi_main functio ...) NOT-FOR-US: D-Link CVE-2024-22309 (Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBo ...) NOT-FOR-US: QuantumCloud ChatBot with AI CVE-2024-22308 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in s ...) NOT-FOR-US: WordPress plugin CVE-2024-22301 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-22294 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-22284 (Deserialization of Untrusted Data vulnerability in Thomas Belser Asgar ...) NOT-FOR-US: WordPress plugin CVE-2024-22229 (Dell Unity, versions prior to 5.4, contain a vulnerability whereby log ...) NOT-FOR-US: Dell CVE-2024-22154 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-22152 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) NOT-FOR-US: WordPress plugin CVE-2024-22141 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2024-22135 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...) NOT-FOR-US: WordPress plugin CVE-2024-22134 (Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Cont ...) NOT-FOR-US: WordPress plugin CVE-2024-0854 (URL redirection to untrusted site ('Open Redirect') vulnerability in f ...) NOT-FOR-US: Synology CVE-2023-6697 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-52221 (Unrestricted Upload of File with Dangerous Type vulnerability in UkrSo ...) NOT-FOR-US: WordPress plugin CVE-2023-52040 (An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows a ...) NOT-FOR-US: TOTOLINK CVE-2023-52039 (An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows a ...) NOT-FOR-US: TOTOLINK CVE-2023-52038 (An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows a ...) NOT-FOR-US: TOTOLINK CVE-2023-51890 (An infinite loop issue discovered in Mathtex 1.05 and before allows a ...) - mathtex (bug #1061520; unimportant) NOTE: Hang in CLI tool, no security impact NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51889 (Stack Overflow vulnerability in the validate() function in Mathtex v.1 ...) - mathtex (bug #1061520) [bookworm] - mathtex (Minor issue) [bullseye] - mathtex (Minor issue) [buster] - mathtex (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51888 (Buffer Overflow vulnerability in the nomath() function in Mathtex v.1. ...) - mathtex (bug #1061520) [bookworm] - mathtex (Minor issue) [bullseye] - mathtex (Minor issue) [buster] - mathtex (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51887 (Command Injection vulnerability in Mathtex v.1.05 and before allows a ...) - mathtex (bug #1061520) [bookworm] - mathtex (Minor issue) [bullseye] - mathtex (Minor issue) [buster] - mathtex (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51886 (Buffer Overflow vulnerability in the main() function in Mathtex 1.05 a ...) - mathtex (bug #1061520) [bookworm] - mathtex (Minor issue) [bullseye] - mathtex (Minor issue) [buster] - mathtex (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51885 (Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a re ...) - mathtex (bug #1061520) [bookworm] - mathtex (Minor issue) [bullseye] - mathtex (Minor issue) [buster] - mathtex (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ CVE-2023-51702 (Since version 5.2.0, when using deferrable mode with the path of a Kub ...) - airflow (bug #819700) CVE-2023-50944 (Apache Airflow, versions before 2.8.1, have a vulnerability that allow ...) - airflow (bug #819700) CVE-2023-50943 (Apache Airflow, versions before 2.8.1, have a vulnerability that allow ...) - airflow (bug #819700) CVE-2023-44281 (Dell Pair Installer version prior to 1.2.1 contains an elevation of pr ...) NOT-FOR-US: Dell CVE-2023-44001 (An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: Ailand clinic mini-app on Line CVE-2023-44000 (An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attac ...) NOT-FOR-US: Otakara lapis totuka mini-app on Line CVE-2023-43999 (An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers ...) NOT-FOR-US: COLORFUL_laundry mini-app on Line CVE-2023-43998 (An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: Books-futaba mini-app on Line CVE-2023-43997 (An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attack ...) NOT-FOR-US: Yoruichi hobby base mini-app on Line CVE-2023-43996 (An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send ...) NOT-FOR-US: Q co ltd mini-app on Line CVE-2023-43995 (An issue in picot.golf mini-app on Line v13.6.1 allows attackers to se ...) NOT-FOR-US: picot.golf mini-app on Line CVE-2023-43994 (An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attacker ...) NOT-FOR-US: Cleaning_makotoya mini-app on Line CVE-2023-43993 (An issue in smaregi_app_market mini-app on Line v13.6.1 allows attacke ...) NOT-FOR-US: smaregi_app_market mini-app on Line CVE-2023-43992 (An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers t ...) NOT-FOR-US: STOCKMAN GROUP mini-app on Line CVE-2023-43991 (An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: PRIMA CLINIC mini-app on Line CVE-2023-43990 (An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to s ...) NOT-FOR-US: cherub-hair mini-app on Line CVE-2023-43989 (An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers t ...) NOT-FOR-US: mokumoku chohu mini-app on Line CVE-2023-43988 (An issue in nature fitness saijo mini-app on Line v13.6.1 allows attac ...) NOT-FOR-US: nature fitness saijo mini-app on Line CVE-2024-23905 (Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programm ...) NOT-FOR-US: Jenkins plugin CVE-2024-23904 (Jenkins Log Command Plugin 1.0.2 and earlier does not disable a featur ...) NOT-FOR-US: Jenkins plugin CVE-2024-23903 (Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier us ...) NOT-FOR-US: Jenkins plugin CVE-2024-23902 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Br ...) NOT-FOR-US: Jenkins plugin CVE-2024-23901 (Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier un ...) NOT-FOR-US: Jenkins plugin CVE-2024-23900 (Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2024-23899 (Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not di ...) NOT-FOR-US: Jenkins plugin CVE-2024-23898 (Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.42 ...) - jenkins CVE-2024-23897 (Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a ...) - jenkins CVE-2024-XXXX [RUSTSEC-2024-0006] - rust-shlex 1.3.0-1 [bookworm] - rust-shlex (Minor issue) [bullseye] - rust-shlex (Minor issue) [buster] - rust-shlex (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired pointer refere ...) {DSA-5637-1} - squid 6.6-1 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx NOTE: https://megamansec.github.io/Squid-Security-Audit/stream-assert.html NOTE: https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b (SQUID_6_6) NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch CVE-2024-23633 (Label Studio, an open source data labeling tool had a remote import fe ...) - label-studio (bug #1026232) CVE-2024-23453 (Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded cred ...) NOT-FOR-US: Android Spoon CVE-2024-22380 (Electronic Delivery Check System (Ministry of Agriculture, Forestry an ...) NOT-FOR-US: Electronic Delivery Check System CVE-2024-22372 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) NOT-FOR-US: ELECOM CVE-2024-22366 (Active debug code exists in Yamaha wireless LAN access point devices. ...) NOT-FOR-US: Yamaha CVE-2024-21796 (Electronic Deliverables Creation Support Tool (Construction Edition) p ...) NOT-FOR-US: Electronic Deliverables Creation Support Tool CVE-2024-21765 (Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Elec ...) NOT-FOR-US: Electronic Delivery Check System CVE-2024-0665 (The WP Customer Area plugin for WordPress is vulnerable to Reflected C ...) NOT-FOR-US: WordPress plugin CVE-2023-7237 (Lantronix XPort sends weakly encoded credentials within web request he ...) NOT-FOR-US: Lantronix CVE-2023-52338 (A link following vulnerability in the Trend Micro Deep Security 20.0 a ...) NOT-FOR-US: Trend Micro CVE-2023-52337 (An improper access control vulnerability in Trend Micro Deep Security ...) NOT-FOR-US: Trend Micro CVE-2023-52331 (A post-authenticated server-side request forgery (SSRF) vulnerability ...) NOT-FOR-US: Trend Micro CVE-2023-52330 (A cross-site scripting vulnerability in Trend Micro Apex Central could ...) NOT-FOR-US: Trend Micro CVE-2023-52329 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-52328 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-52327 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-52326 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-52325 (A local file inclusion vulnerability in one of Trend Micro Apex Centra ...) NOT-FOR-US: Trend Micro CVE-2023-52324 (An unrestricted file upload vulnerability in Trend Micro Apex Central ...) NOT-FOR-US: Trend Micro CVE-2023-52094 (An updater link following vulnerability in the Trend Micro Apex One ag ...) NOT-FOR-US: Trend Micro CVE-2023-52093 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-52092 (A security agent link following vulnerability in Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2023-52091 (An anti-spyware engine link following vulnerability in Trend Micro Ape ...) NOT-FOR-US: Trend Micro CVE-2023-52090 (A security agent link following vulnerability in Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows version 4 ...) NOT-FOR-US: Regify Regipay Client CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSIO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy F ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51200 (An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSIO ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and R ...) NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex One manag ...) NOT-FOR-US: Trend Micro CVE-2023-47201 (A plug-in manager origin validation vulnerability in the Trend Micro A ...) NOT-FOR-US: Trend Micro CVE-2023-47200 (A plug-in manager origin validation vulnerability in the Trend Micro A ...) NOT-FOR-US: Trend Micro CVE-2023-47199 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47198 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47197 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47196 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47195 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47194 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47193 (An origin validation vulnerability in the Trend Micro Apex One securit ...) NOT-FOR-US: Trend Micro CVE-2023-47192 (An agent link vulnerability in the Trend Micro Apex One security agent ...) NOT-FOR-US: Trend Micro CVE-2023-47115 (Label Studio is an a popular open source data labeling tool. Versions ...) - label-studio (bug #1026232) CVE-2023-46892 (The radio frequency communication protocol being used by Meross MSH30Q ...) NOT-FOR-US: Meross CVE-2023-46889 (Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensit ...) NOT-FOR-US: Meross CVE-2023-43317 (An issue in Coign CRM Portal v.06.06 allows a remote attacker to escal ...) NOT-FOR-US: Coign CRM Portal CVE-2023-42144 (Cleartext Transmission during initial setup in Shelly TRV 20220811-152 ...) NOT-FOR-US: Shelly TRV CVE-2023-41178 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...) NOT-FOR-US: Trend Micro CVE-2023-41177 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...) NOT-FOR-US: Trend Micro CVE-2023-41176 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...) NOT-FOR-US: Trend Micro CVE-2023-38627 (A post-authenticated server-side request forgery (SSRF) vulnerability ...) NOT-FOR-US: Trend Micro CVE-2023-38626 (A post-authenticated server-side request forgery (SSRF) vulnerability ...) NOT-FOR-US: Trend Micro CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) vulnerability ...) NOT-FOR-US: Trend Micro CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) vulnerability ...) NOT-FOR-US: Trend Micro CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, allows remo ...) NOT-FOR-US: badaix Snapcast CVE-2023-35837 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authe ...) NOT-FOR-US: SolaX Pocket WiFi CVE-2023-35836 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An at ...) NOT-FOR-US: SolaX Pocket WiFi CVE-2023-35835 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The d ...) NOT-FOR-US: SolaX Pocket WiFi CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to contain ...) NOT-FOR-US: redisraft CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even when the ...) - pipewire 1.0.2-1 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/ NOTE: https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/d568dcd64f64454289e1f35ed07a11749f95b04e NOTE: In Debian pipewire is not built with snap support until 1.0.2-1 (including at same time the fix NOTE: for CVE-2022-4964; earlier versions did not include snap feature support) CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 121.0.6167 ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0813 (Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0812 (Inappropriate implementation in Accessibility in Google Chrome prior t ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0811 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0810 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0809 (Inappropriate implementation in Autofill in Google Chrome prior to 121 ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0808 (Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 all ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0807 (Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 al ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0806 (Use after free in Passwords in Google Chrome prior to 121.0.6167.85 al ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0805 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google Chrome pr ...) {DSA-5607-1} - chromium 121.0.6167.85-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-23854 REJECTED CVE-2024-23851 (copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 ...) {DSA-5681-1} - linux 6.6.7-1 [bookworm] - linux 6.1.82-1 NOTE: https://www.spinics.net/lists/dm-devel/msg56574.html CVE-2024-23850 (In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel throug ...) {DSA-5681-1} - linux 6.6.7-1 [bookworm] - linux 6.1.82-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/ CVE-2024-23849 (In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel thro ...) {DSA-5681-1} - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 NOTE: https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan%40oracle.com/ NOTE: https://git.kernel.org/linus/13e788deb7348cc88df34bed736c3b3b9927ea52 (6.8-rc2) CVE-2024-23848 (In the Linux kernel through 6.7.1, there is a use-after-free in cec_qu ...) - linux NOTE: https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl/ CVE-2024-23636 (SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA He ...) NOT-FOR-US: SOFARPC CVE-2024-23348 (Improper input validation vulnerability in a-blog cms Ver.3.1.x series ...) NOT-FOR-US: a-blog cms CVE-2024-23341 (TuiTse-TsuSin is a package for organizing the comparative corpus of Ta ...) NOT-FOR-US: TuiTse-TsuSin CVE-2024-23330 (Tuta is an encrypted email service. In versions prior to 119.10, an at ...) NOT-FOR-US: Tuta CVE-2024-23183 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series vers ...) NOT-FOR-US: a-blog cms CVE-2024-23182 (Relative path traversal vulnerability in a-blog cms Ver.3.1.x series v ...) NOT-FOR-US: a-blog cms CVE-2024-23181 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series vers ...) NOT-FOR-US: a-blog cms CVE-2024-23180 (Improper input validation vulnerability in a-blog cms Ver.3.1.x series ...) NOT-FOR-US: a-blog cms CVE-2024-22705 (An issue was discovered in ksmbd in the Linux kernel before 6.6.10. sm ...) - linux 6.6.11-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d10c77873ba1e9e6b91905018e29e196fd5f863d (6.7-rc8) CVE-2024-22663 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerabi ...) NOT-FOR-US: TOTOLINK CVE-2024-22662 (TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerabili ...) NOT-FOR-US: TOTOLINK CVE-2024-22660 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerabilit ...) NOT-FOR-US: TOTOLINK CVE-2024-22497 (Cross Site Scripting (XSS) vulnerability in /admin/login password para ...) NOT-FOR-US: JFinalcms CVE-2024-22496 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows att ...) NOT-FOR-US: JFinalcms CVE-2024-22490 (Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attac ...) NOT-FOR-US: beetl-bbs CVE-2024-22417 (Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 a ...) NOT-FOR-US: Whoogle Search CVE-2024-22205 (Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 a ...) NOT-FOR-US: Whoogle Search CVE-2024-22204 (Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and ...) NOT-FOR-US: Whoogle Search CVE-2024-22203 (Whoogle Search is a self-hosted metasearch engine. In versions prior t ...) NOT-FOR-US: Whoogle Search CVE-2024-22076 (MyQ Print Server before 8.2 patch 43 allows remote authenticated admin ...) NOT-FOR-US: MyQ Print Server CVE-2024-0703 (The Sticky Buttons \u2013 floating buttons builder plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-7238 (A XSS payload can be uploaded as a DICOM study and when a user tries t ...) NOT-FOR-US: Osimis WebViewer CVE-2023-6926 (There is an OS command injection vulnerability in Crestron AM-300 firm ...) NOT-FOR-US: Crestron CVE-2023-6573 (HPE OneView may have a missing passphrase during restore.) NOT-FOR-US: HPE CVE-2023-51210 (SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a re ...) NOT-FOR-US: Webkul Bundle Product CVE-2023-51043 (In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a u ...) - linux 6.4.11-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/4e076c73e4f6e90816b30fcd4a0d7ab365087255 (6.5-rc3) CVE-2023-51042 (In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in driver ...) - linux 6.4.13-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.197-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 (6.5-rc1) CVE-2023-50275 (HPE OneView may allow clusterService Authentication Bypass resulting i ...) NOT-FOR-US: HPE CVE-2023-50274 (HPE OneView may allow command injection with local privilege escalatio ...) NOT-FOR-US: HPE CVE-2023-49783 (Silverstripe Admin provides a basic management interface for the Silve ...) NOT-FOR-US: Silverstripe Admin CVE-2023-49657 (A stored cross-site scripting (XSS) vulnerability exists in Apache Sup ...) NOT-FOR-US: Apache Superset CVE-2023-48714 (Silverstripe Framework is the framework that forms the base of the Sil ...) NOT-FOR-US: Silverstripe Framework CVE-2023-46343 (In the Linux kernel before 6.5.9, there is a NULL pointer dereference ...) - linux 6.5.10-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/7937609cd387246aed994e81aa4fa951358fba41 (6.6-rc7) CVE-2023-45889 (A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink One ...) NOT-FOR-US: ClassLink OneClick Extension CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQ ...) NOT-FOR-US: Silverstripe CVE-2023-42143 (Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c ...) NOT-FOR-US: Shelly CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0755 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0755 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0755 CVE-2024-0754 (Some WASM source files could have caused a crash when loaded in devtoo ...) - firefox 122.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0754 CVE-2024-0753 (In specific HSTS configurations an attacker could have bypassed HSTS o ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0753 CVE-2024-0752 (A use-after-free crash could have occurred on macOS if a Firefox updat ...) - firefox (Only affects Firefox on MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0752 CVE-2024-0751 (A malicious devtools extension could have been used to escalate privil ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751 CVE-2024-0750 (A bug in popup notifications delay calculation could have made it poss ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0750 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750 CVE-2024-0749 (A phishing site could have repurposed an `about:` dialog to show phish ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0749 CVE-2024-0748 (A compromised content process could have updated the document URI. Thi ...) - firefox 122.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0748 CVE-2024-0747 (When a parent page loaded a child in an iframe with `unsafe-inline`, t ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747 CVE-2024-0746 (A Linux user opening the print preview dialog could have caused the br ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0746 CVE-2024-0745 (The WebAudio `OscillatorNode` object was susceptible to a stack buffer ...) - firefox 122.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0745 CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced a wil ...) - firefox 122.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0744 CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1 DLA-3757-1} - firefox 122.0-1 - firefox-esr 115.9.0esr-1 - nss 2:3.96.1-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-0743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-0743 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 NOTE: https://hg.mozilla.org/projects/nss/rev/1bda168c0da97e19e5f14bc4227c15c0a9f493b CVE-2024-0742 (It was possible for certain browser prompts and dialogs to be activate ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742 CVE-2024-0741 (An out of bounds write in ANGLE could have allowed an attacker to corr ...) {DSA-5606-1 DSA-5605-1 DLA-3727-1 DLA-3720-1} - firefox 122.0-1 - firefox-esr 115.7.0esr-1 - thunderbird 1:115.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0741 CVE-2024-23842 (Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 al ...) NOT-FOR-US: Hitron Systems DVR LGUVR-16H CVE-2024-23678 (In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splun ...) NOT-FOR-US: Splunk CVE-2024-23677 (In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utilit ...) NOT-FOR-US: Splunk CVE-2024-23676 (In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL ...) NOT-FOR-US: Splunk CVE-2024-23675 (In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key va ...) NOT-FOR-US: Splunk CVE-2024-23345 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2024-23342 (The `ecdsa` PyPI package is a pure Python implementation of ECC (Ellip ...) - python-ecdsa (unimportant) NOTE: https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp NOTE: https://minerva.crocs.fi.muni.cz/ NOTE: Side channel attacks not covered by their security policy: NOTE: https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md CVE-2024-23340 (@hono/node-server is an adapter that allows users to run Hono applicat ...) NOT-FOR-US: Hono CVE-2024-23339 (hoolock is a suite of lightweight utilities designed to maintain a sma ...) NOT-FOR-US: hoolock CVE-2024-23224 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2024-23223 (A privacy issue was addressed with improved handling of files. This is ...) NOT-FOR-US: Apple CVE-2024-23222 (A type confusion issue was addressed with improved checks. This issue ...) {DSA-5618-1} - webkit2gtk 2.42.5-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0001.html CVE-2024-23219 (The issue was addressed with improved authentication. This issue is fi ...) NOT-FOR-US: Apple CVE-2024-23218 (A timing side-channel issue was addressed with improvements to constan ...) NOT-FOR-US: Apple CVE-2024-23217 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2024-23215 (An issue was addressed with improved handling of temporary files. This ...) NOT-FOR-US: Apple CVE-2024-23214 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2024-23213 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5618-1} - webkit2gtk 2.42.5-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0001.html CVE-2024-23212 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23211 (A privacy issue was addressed with improved handling of user preferenc ...) NOT-FOR-US: Apple CVE-2024-23210 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2024-23209 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23208 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2024-23207 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2024-23206 (An access issue was addressed with improved access restrictions. This ...) {DSA-5618-1} - webkit2gtk 2.42.5-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0001.html CVE-2024-23204 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2024-23203 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2024-22772 (Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 all ...) NOT-FOR-US: Hitron Systems DVR LGUVR-8H CVE-2024-22771 (Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 all ...) NOT-FOR-US: Hitron Systems DVR LGUVR-4H CVE-2024-22770 (Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 al ...) NOT-FOR-US: Hitron Systems DVR HVR-16781 CVE-2024-22769 (Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 all ...) NOT-FOR-US: Hitron Systems DVR HVR-8781 CVE-2024-22768 (Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 all ...) NOT-FOR-US: Hitron Systems DVR HVR-4781 CVE-2024-0587 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-47141 (IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11. ...) NOT-FOR-US: IBM CVE-2023-42937 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-42935 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-42915 REJECTED CVE-2023-42888 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42887 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2023-42881 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40528 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/modul ...) NOT-FOR-US: DedeCMS CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...) - libspring-java (Only affects 6.x) NOTE: https://spring.io/security/cve-2024-22233/ CVE-2024-0784 (A vulnerability was found in hongmaple octopus 1.0. It has been classi ...) NOT-FOR-US: biantaibao octopus CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission System 1. ...) NOT-FOR-US: Project Worlds Online Admission System CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway Reservation ...) NOT-FOR-US: CodeAstro Online Railway Reservation System CVE-2024-0781 (A vulnerability, which was classified as problematic, was found in Cod ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: Uniview CVE-2024-0706 REJECTED CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate site thr ...) NOT-FOR-US: Focus for iOS CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an attacker ...) NOT-FOR-US: Focus for iOS CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Servic ...) NOT-FOR-US: IObit Malware Fighter CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows ...) NOT-FOR-US: Fortra's GoAnywhere MFT CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress theme CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3 accept ...) NOT-FOR-US: WordPress plugin CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks authentication and ...) NOT-FOR-US: WordPress plugin CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 al ...) NOT-FOR-US: Quest Analytics LLC IQCRM CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...) NOT-FOR-US: IBM CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10 ...) NOT-FOR-US: IBM CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-44395 (Autolab is a course management service that enables instructors to off ...) NOT-FOR-US: Autolab CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths ...) NOT-FOR-US: CloudLinux CageFS CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...) NOT-FOR-US: CloudLinux CageFS CVE-2023-46842 [x86 HVM hypercalls may trigger Xen bug check] - xen [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-454.html CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow Enforcement Tec ...) - xen 4.17.3+36-g54dacb5c02-1 [bookworm] - xen (Minor issue, fix along in next DSA) [bullseye] - xen (EOLed in Bullseye) [buster] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-451.html CVE-2023-46840 (Incorrect placement of a preprocessor directive in source code results ...) - xen 4.17.3+10-g091466ba55-1 [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1 [bullseye] - xen (Vulnerable code not present) [buster] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-450.html CVE-2023-46839 (PCI devices can make use of a functionality called phantom functions, ...) - xen 4.17.3+10-g091466ba55-1 [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-449.html CVE-2023-46838 (Transmit requests in Xen's virtual network protocol can consist of mul ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://xenbits.xen.org/xsa/advisory-448.html NOTE: https://git.kernel.org/linus/c7ec4f2d684e17d69bbdd7c4324db0ef5daac26a CVE-2024-23771 (darkhttpd before 1.15 uses strcmp (which is not constant time) to veri ...) - darkhttpd (bug #775096) CVE-2024-23770 (darkhttpd through 1.15 allows local users to discover credentials (for ...) - darkhttpd (bug #775096) CVE-2024-23768 (Dremio before 24.3.1 allows path traversal. An authenticated user who ...) NOT-FOR-US: Dremio CVE-2024-23752 (GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) ...) NOT-FOR-US: PandasAI CVE-2024-23751 (LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via t ...) NOT-FOR-US: LlamaIndex CVE-2024-23750 (MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary ...) NOT-FOR-US: MetaGPTLlamaIndex CVE-2024-23744 (An issue was discovered in Mbed TLS 3.5.1. There is persistent handsha ...) - mbedtls [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8694 NOTE: https://github.com/Mbed-TLS/mbedtls/pull/8595 NOTE: Likely specific to 3.5.1: https://github.com/Mbed-TLS/mbedtls/issues/8694#issuecomment-1889411367 CVE-2024-22113 (Open redirect vulnerability in Access analysis CGI An-Analyzer release ...) NOT-FOR-US: Access analysis CGI An-Analyzer CVE-2024-21484 (Versions of the package jsrsasign before 11.0.0 are vulnerable to Obse ...) NOT-FOR-US: jsrsasign CVE-2024-0776 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: pb-cms CVE-2024-0774 (A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It h ...) NOT-FOR-US: Any-Capture Any Sound Recorder CVE-2024-0773 (A vulnerability classified as problematic was found in CodeAstro Inter ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2024-0772 (A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classifie ...) NOT-FOR-US: Nsasoft CVE-2024-0771 (A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 a ...) NOT-FOR-US: Nsasoft CVE-2024-0770 (A vulnerability, which was classified as critical, was found in Europe ...) NOT-FOR-US: European Chemicals Agency EUCLID CVE-2023-52354 (chasquid before 1.13 allows SMTP smuggling because LF-terminated lines ...) - chasquid 1.13-1 [bookworm] - chasquid (Minor issue) [bullseye] - chasquid (Minor issue) [buster] - chasquid (Minor issue, request smuggling) NOTE: https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24 CVE-2023-52353 (An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_sess ...) - mbedtls [bookworm] - mbedtls (Minor issue) [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://github.com/Mbed-TLS/mbedtls/issues/8654 CVE-2023-47352 (Technicolor TC8715D devices have predictable default WPA2 security pas ...) NOT-FOR-US: Technicolor CVE-2017-20189 (In Clojure before 1.9.0, classes can be used to construct a serialized ...) - clojure 1.9.0-1 NOTE: https://github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3 (clojure-1.9.0-alpha20) CVE-2024-0775 (A use-after-free flaw was found in the __ext4_remount in fs/ext4/super ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.289-1 NOTE: https://git.kernel.org/linus/4c0b4818b1f636bc96359f7817a2d8bab6370162 (6.4-rc2) CVE-2024-23732 (The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular ex ...) NOT-FOR-US: Embedchain CVE-2024-23731 (The OpenAPI loader in Embedchain before 0.1.57 allows attackers to exe ...) NOT-FOR-US: Embedchain CVE-2024-23730 (The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) bef ...) NOT-FOR-US: OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) CVE-2024-23726 (Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that ...) NOT-FOR-US: Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices CVE-2024-23725 (Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XS ...) NOT-FOR-US: Ghost CMS CVE-2024-0769 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DI ...) NOT-FOR-US: D-Link CVE-2024-0521 (Code Injection in paddlepaddle/paddle) NOT-FOR-US: PaddlePaddle CVE-2016-15037 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: go4rayyan Scumblr CVE-2023-7063 (The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-23689 (Exposure of sensitive information in exceptions in ClichHouse's clickh ...) NOT-FOR-US: clickhouse-r2dbc CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same AES/GCM non ...) NOT-FOR-US: Consensys Discovery CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring versions before ...) NOT-FOR-US: FOLIO mod-data-export-spring CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0 ...) NOT-FOR-US: DependencyCheck for Maven CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 1.7.2 and ...) NOT-FOR-US: mod-remote-storage CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function in com. ...) NOT-FOR-US: Java CBOR library CVE-2024-23683 (Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a ...) NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sa ...) NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a s ...) NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9. ...) NOT-FOR-US: AWS Encryption SDK for Java CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session fixatio ...) NOT-FOR-US: Enonic XP CVE-2024-23332 (The Notary Project is a set of specifications and tools intended to pr ...) NOT-FOR-US: Notary Project CVE-2024-22421 (JupyterLab is an extensible environment for interactive and reproducib ...) - jupyterlab 4.0.11+ds1-1 (bug #1061221) NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 TODO: check completeness, src:jupyter-notebook? CVE-2024-22420 (JupyterLab is an extensible environment for interactive and reproducib ...) - jupyterlab 4.0.11+ds1-1 (bug #1061221) NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4 TODO: check completeness, src:jupyter-notebook? CVE-2024-0758 (MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A r ...) NOT-FOR-US: MolecularFaces CVE-2024-0739 (A vulnerability, which was classified as critical, was found in Hechen ...) NOT-FOR-US: Hecheng Leadshop CVE-2024-0738 (A vulnerability, which was classified as critical, has been found in \ ...) NOT-FOR-US: mldong CVE-2024-0737 (A vulnerability classified as problematic was found in Xlightftpd Xlig ...) NOT-FOR-US: Xlightftpd Xlight FTP Server CVE-2024-0736 (A vulnerability classified as problematic has been found in EFS Easy F ...) NOT-FOR-US: EFS Easy File Sharing FTP CVE-2024-0735 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2024-0734 (A vulnerability was found in Smsot up to 2.12. It has been declared as ...) NOT-FOR-US: Smsot CVE-2024-0733 (A vulnerability was found in Smsot up to 2.12. It has been classified ...) NOT-FOR-US: Smsot CVE-2024-0679 (The ColorMag theme for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress theme CVE-2024-0623 (The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-51928 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...) NOT-FOR-US: YonBIP CVE-2023-51927 (YonBIP v3_23.05 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: YonBIP CVE-2023-51926 (YonBIP v3_23.05 was discovered to contain an arbitrary file read vulne ...) NOT-FOR-US: YonBIP CVE-2023-51925 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...) NOT-FOR-US: YonBIP CVE-2023-51924 (An arbitrary file upload vulnerability in the uap.framework.rc.itf.IRe ...) NOT-FOR-US: YonBIP CVE-2023-51906 (An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute ...) NOT-FOR-US: YonBIP CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to ...) NOT-FOR-US: weaver e-cology CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...) NOT-FOR-US: Anomali Match CVE-2023-47024 (Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 lead ...) NOT-FOR-US: NCR Terminal Handler CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth ...) NOT-FOR-US: POPS! Rebel CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...) NOT-FOR-US: Vite CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...) NOT-FOR-US: changedetection.io CVE-2024-22957 (swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnera ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/206 CVE-2024-22956 (swftools 0.9.2 was discovered to contain a heap-use-after-free vulnera ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/208 CVE-2024-22955 (swftools 0.9.2 was discovered to contain a stack-buffer-underflow vuln ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/207 CVE-2024-22920 (swftools 0.9.2 was discovered to contain a heap-use-after-free via the ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/211 CVE-2024-22919 (swftools0.9.2 was discovered to contain a global-buffer-overflow vulne ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/209 CVE-2024-22915 (A heap-use-after-free was found in SWFTools v0.9.2, in the function sw ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/215 CVE-2024-22914 (A heap-use-after-free was found in SWFTools v0.9.2, in the function in ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/214 CVE-2024-22913 (A heap-buffer-overflow was found in SWFTools v0.9.2, in the function s ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/213 CVE-2024-22912 (A global-buffer-overflow was found in SWFTools v0.9.2, in the function ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/212 CVE-2024-22911 (A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, i ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/216 CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: StrangeBee TheHive CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to ...) NOT-FOR-US: StrangeBee TheHive CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...) - openvswitch 2.17.2-4 [bullseye] - openvswitch 2.15.0+ds1-2+deb11u5 [buster] - openvswitch (Vulnerable code introduced later) NOTE: https://github.com/openvswitch/ovs-issues/issues/315 NOTE: https://github.com/openvswitch/ovs/commit/3168f328c78cf6e4b3022940452673b0e49f7620 (v2.17.0) NOTE: Introduced with: https://github.com/openvswitch/ovs/commit/b6e840aed03e3f6d1aa726b482140d895f60f90f (v2.11.0) CVE-2024-22562 (swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/210 CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop protocol libra ...) - freerdp2 2.11.5+dfsg1-1 (bug #1061173) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 NOTE: https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff (3.2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 (2.11.5) CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as ...) NOT-FOR-US: PCMan FTP Server CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...) NOT-FOR-US: PCMan FTP Server CVE-2024-0730 (A vulnerability, which was classified as critical, was found in Projec ...) NOT-FOR-US: Project Worlds Online Time Table Generator CVE-2024-0729 (A vulnerability, which was classified as critical, has been found in F ...) NOT-FOR-US: ForU CMS CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS up to ...) NOT-FOR-US: ForU CMS CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project Allocation ...) NOT-FOR-US: Project Worlds Student Project Allocation System CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has been decla ...) NOT-FOR-US: ProSSHD CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been cl ...) NOT-FOR-US: freeSSHd CVE-2024-0722 (A vulnerability was found in code-projects Social Networking Site 1.0 ...) NOT-FOR-US: code-projects Social Networking Site CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified as pro ...) NOT-FOR-US: Jspxcms CVE-2024-0720 (A vulnerability, which was classified as problematic, was found in Fac ...) NOT-FOR-US: FactoMineR FactoInvestigate CVE-2024-0718 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: liuwy-dlsdys zhglxt CVE-2024-0717 (A vulnerability classified as critical was found in D-Link DAP-1360, D ...) NOT-FOR-US: D-Link CVE-2024-0716 (A vulnerability classified as problematic has been found in Byzoro Sma ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...) NOT-FOR-US: MiczFlor RPi-Jukebox-RFID CVE-2024-0713 REJECTED CVE-2024-0712 (A vulnerability was found in Byzoro Smart S150 Management Platform V31 ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2024-0663 REJECTED CVE-2023-6450 (An incorrect permissions vulnerability was reported in the Lenovo App ...) NOT-FOR-US: Lenovo CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...) NOT-FOR-US: Lenovo CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...) NOT-FOR-US: Lenovo CVE-2023-5081 (An information disclosure vulnerability was reported in the Lenovo Tab ...) NOT-FOR-US: Lenovo CVE-2023-5080 (A privilege escalation vulnerability was reported in some Lenovo table ...) NOT-FOR-US: Lenovo CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata actiNAS ...) NOT-FOR-US: actidata actiNAS SL 2U-8 RDX CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX ...) NOT-FOR-US: actidata actiNAS SL 2U-8 RDX CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSv ...) NOT-FOR-US: actidata actiNAS-SL-2U-8 CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacke ...) NOT-FOR-US: dom96 HTTPbeast CVE-2023-50693 (An issue in Jester v.0.6.0 and before allows a remote attacker to send ...) NOT-FOR-US: dom96 Jester CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...) {DLA-3724-1} - pillow 10.2.0-1 (bug #1061172) NOTE: https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#imagemath-eval-restricted-environment-keys NOTE: https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a (10.2.0) NOTE: https://github.com/python-pillow/Pillow/commit/0ca3c33c59927e1c7e0c14dbc1eea1dfb2431a80 (10.2.0) NOTE: https://github.com/python-pillow/Pillow/commit/557ba59d13de919d04b3fd4cdef8634f7d4b3348 (10.2.0) CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for PrestaSh ...) NOT-FOR-US: PrestaShop module CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to version 2. ...) NOT-FOR-US: PrestaShop module CVE-2023-47035 (RPTC 0x3b08c was discovered to not conduct status checks on the parame ...) NOT-FOR-US: RPTC CVE-2023-47034 (A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to caus ...) NOT-FOR-US: UniswapFrontRunBot CVE-2023-47033 (MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerab ...) NOT-FOR-US: MultiSigWallet CVE-2023-46351 (In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can ...) NOT-FOR-US: PrestaShop module CVE-2023-45485 REJECTED CVE-2023-43985 (SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL inj ...) NOT-FOR-US: PrestaShop module CVE-2023-43956 REJECTED CVE-2023-42766 (Improper input validation in some Intel NUC 8 Compute Element BIOS fir ...) NOT-FOR-US: Intel CVE-2023-42429 (Improper buffer restrictions in some Intel NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may allow a ...) NOT-FOR-US: Intel CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter drivers ...) NOT-FOR-US: Intel CVE-2023-33295 (Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a ...) NOT-FOR-US: Cohesity DataProtect CVE-2023-32544 (Improper access control in some Intel HotKey Services for Windows 10 f ...) NOT-FOR-US: Intel CVE-2023-32272 (Uncontrolled search path in some Intel NUC Pro Software Suite Configur ...) NOT-FOR-US: Intel CVE-2023-29495 (Improper input validation for some Intel NUC BIOS firmware before vers ...) NOT-FOR-US: Intel CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware before vers ...) NOT-FOR-US: Intel CVE-2024-21733 (Generation of Error Message Containing Sensitive Information vulnerabi ...) - tomcat9 9.0.53-1 [bullseye] - tomcat9 (Minor issue, fix along in next update) [buster] - tomcat9 (Minor issue, fix along in next update) NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2 NOTE: https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a (9.0.44) CVE-2024-23387 (FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability ...) NOT-FOR-US: FusionPBX CVE-2024-22424 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2024-22422 (AnythingLLM is an application that turns any document, resource, or pi ...) NOT-FOR-US: AnythingLLM CVE-2024-22418 (Group-Office is an enterprise CRM and groupware tool. Affected version ...) NOT-FOR-US: Group-Office CVE-2024-22415 (jupyter-lsp is a coding assistance tool for JupyterLab (code navigatio ...) NOT-FOR-US: jupyter-lsp CVE-2024-22404 (Nextcloud files Zip app is a tool to create zip archives from one or m ...) NOT-FOR-US: Nextcloud files Zip app CVE-2024-22403 (Nextcloud server is a self hosted personal cloud system. In affected v ...) - nextcloud-server (bug #941708) CVE-2024-22402 (Nextcloud guests app is a utility to create guest users which can only ...) NOT-FOR-US: Nextcloud guests app CVE-2024-22401 (Nextcloud guests app is a utility to create guest users which can only ...) NOT-FOR-US: Nextcloud guests app CVE-2024-0696 (A vulnerability, which was classified as problematic, was found in Atr ...) NOT-FOR-US: AtroCore AtroPIM CVE-2024-0695 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: EFS Easy Chat Server CVE-2024-0693 (A vulnerability classified as problematic was found in EFS Easy File S ...) NOT-FOR-US: EFS Easy Chat Server CVE-2023-5716 (ASUS Armoury Crate has a vulnerability in arbitrary file write and all ...) NOT-FOR-US: ASUS CVE-2023-5131 (A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymo ...) NOT-FOR-US: Delta Electronics CVE-2023-5130 (A buffer overflow vulnerability exists in Delta Electronics WPLSoft. A ...) NOT-FOR-US: Delta Electronics CVE-2023-51258 (A memory leak issue discovered in YASM v.1.3.0 allows a local attacker ...) - yasm (unimportant) NOTE: Memory leak in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/257 CVE-2023-51217 (An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-2018092 ...) NOT-FOR-US: TenghuTOS TWS-200 firmware CVE-2023-50963 (IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable ...) NOT-FOR-US: IBM CVE-2023-50614 (An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obt ...) NOT-FOR-US: EBYTE CVE-2023-47718 (IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through ...) NOT-FOR-US: IBM CVE-2023-47092 REJECTED CVE-2023-43824 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43823 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43822 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43821 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43820 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43819 (A stack based buffer overflow exists in Delta Electronics Delta Indust ...) NOT-FOR-US: Delta Electronics CVE-2023-43818 (A buffer overflow exists in Delta Electronics Delta Industrial Automat ...) NOT-FOR-US: Delta Electronics CVE-2023-43817 (A buffer overflow exists in Delta Electronics Delta Industrial Automat ...) NOT-FOR-US: Delta Electronics CVE-2023-43816 (A buffer overflow vulnerability exists in Delta Electronics Delta Indu ...) NOT-FOR-US: Delta Electronics CVE-2023-43815 (A buffer overflow vulnerability exists in Delta Electronics Delta Indu ...) NOT-FOR-US: Delta Electronics CVE-2023-40683 (IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to b ...) NOT-FOR-US: IBM CVE-2023-38738 (IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expect ...) NOT-FOR-US: IBM CVE-2023-35020 (IBM Sterling Control Center 6.3.0 could allow a remote attacker to tra ...) NOT-FOR-US: IBM CVE-2023-32337 (IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side ...) NOT-FOR-US: IBM CVE-2024-0690 (An information disclosure flaw was found in ansible-core due to a fail ...) - ansible-core 2.16.5-1 (bug #1061156) [bookworm] - ansible-core (Minor issue) - ansible 5.4.0-1 [bullseye] - ansible (Minor issue) NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259013 NOTE: https://github.com/ansible/ansible/pull/82565 NOTE: https://github.com/ansible/ansible/commit/beb04bc2642c208447c5a936f94310528a1946b1 (v2.14.14rc1) CVE-2024-0684 (A flaw was found in the GNU coreutils "split" program. A heap overflow ...) - coreutils (bug #1061138) [bookworm] - coreutils (Vulnerable code not present) [bullseye] - coreutils (Vulnerable code not present) [buster] - coreutils (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/2 NOTE: Introduced by: https://github.com/coreutils/coreutils/commit/40bf1591bb4362fa91e501bcec7c2029c5f65a43#diff-30bc328ab3afa0ab9f17c6e7cf1752d558ae37cf4200e95bbb04c405c2b59518L821 (v9.2) NOTE: Fixed by: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 CVE-2024-23175 NOT-FOR-US: MediaWiki extension FlexDiagrams CVE-2024-23176 NOT-FOR-US: MediaWiki extension MassMessage CVE-2024-22819 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22818 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility ...) NOT-FOR-US: FlyCms CVE-2024-22817 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22699 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22603 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22601 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22593 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22592 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22591 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22568 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: FlyCms CVE-2024-22549 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email se ...) NOT-FOR-US: FlyCms CVE-2024-22548 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system w ...) NOT-FOR-US: FlyCms CVE-2024-22419 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2024-22400 (Nextcloud User Saml is an app for authenticating Nextcloud users using ...) NOT-FOR-US: Nextcloud User Saml app CVE-2024-22317 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-22213 (Deck is a kanban style organization tool aimed at personal planning an ...) NOT-FOR-US: Deck CVE-2024-22212 (Nextcloud Global Site Selector is a tool which allows you to run multi ...) NOT-FOR-US: Nextcloud Global Site Selector CVE-2024-0694 REJECTED CVE-2024-0669 (A Cross-Frame Scripting vulnerability has been found on Plone CMS affe ...) NOT-FOR-US: Plone CVE-2024-0580 (Omission of user-controlled key authorization in the IDMSistemas platf ...) NOT-FOR-US: IDMSistemas platform / QSige CVE-2023-7153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Macroturk Software and Internet Technologies Macro-Bel CVE-2023-5806 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mergen Software Quality Management System CVE-2023-51464 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51463 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-49943 (Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-40052 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...) NOT-FOR-US: OpenEdge CVE-2023-40051 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...) NOT-FOR-US: OpenEdge CVE-2023-34348 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...) NOT-FOR-US: AVEVA PI Server CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...) NOT-FOR-US: AVEVA PI Server CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE att ...) {DLA-3723-1} - libspreadsheet-parsexlsx-perl 0.31-1 (bug #1061098) [bookworm] - libspreadsheet-parsexlsx-perl 0.27-3+deb12u2 [bullseye] - libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u2 NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a NOTE: https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10 NOTE: Isolated changes: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/1d55f90caf433c7442e5be21a1849af2b5522ffe#diff-0702489aae2d242fa44a345ab28b021c884c51a87ba376b835f44e3474dc2385L1175-L1180 (0.30) CVE-2024-22416 (pyLoad is a free and open-source Download Manager written in pure Pyth ...) - pyload (bug #1001980) CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper storage and ...) NOT-FOR-US: flaskBlog CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit transacti ...) NOT-FOR-US: Creditcoin CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified ...) NOT-FOR-US: Novel-Plus CVE-2024-0654 (A vulnerability, which was classified as problematic, was found in Dee ...) NOT-FOR-US: DeepFaceLab CVE-2024-0652 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...) NOT-FOR-US: PHPGurukul Company Visitor Management System CVE-2024-0651 (A vulnerability was found in PHPGurukul Company Visitor Management Sys ...) NOT-FOR-US: PHPGurukul Company Visitor Management System CVE-2024-0650 (A vulnerability was found in Project Worlds Visitor Management System ...) NOT-FOR-US: Project Worlds Visitor Management System CVE-2024-0649 (A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as ...) NOT-FOR-US: ZhiHuiYun CVE-2024-0648 (A vulnerability has been found in Yunyou CMS up to 2.2.6 and classifie ...) NOT-FOR-US: Yunyou CMS CVE-2024-0381 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-6970 (The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-6958 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-6549 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: Citrix CVE-2023-6548 (Improper Control of Generation of Code ('Code Injection') in NetScaler ...) NOT-FOR-US: Citrix CVE-2023-6340 (SonicWall Capture Client version 3.7.10,NetExtender client version 10. ...) NOT-FOR-US: SonicWall CVE-2023-6184 (Cross SiteScripting vulnerability in Citrix Session Recording allows a ...) NOT-FOR-US: Citrix CVE-2023-5914 (Cross-site scripting (XSS)) NOT-FOR-US: Citrix CVE-2023-48858 (A Cross-site scripting (XSS) vulnerability in login page php code in A ...) NOT-FOR-US: Armex ABO.CMS CVE-2023-48359 (In autotest driver, there is a possible out of bounds write due to imp ...) NOT-FOR-US: Unisoc CVE-2023-48358 (In drm driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-48357 (In vsp driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-48356 (In jpg driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-48355 (In jpg driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-48354 (In telephone service, there is a possible improper input validation. T ...) NOT-FOR-US: Unisoc CVE-2023-48353 (In vsp driver, there is a possible use after free due to a logic error ...) NOT-FOR-US: Unisoc CVE-2023-48352 (In phasecheckserver, there is a possible out of bounds write due to a ...) NOT-FOR-US: Unisoc CVE-2023-48351 (In video decoder, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-48350 (In video decoder, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-48349 (In video decoder, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-48348 (In video decoder, there is a possible out of bounds write due to impro ...) NOT-FOR-US: Unisoc CVE-2023-48347 (In video decoder, there is a possible out of bounds read due to improp ...) NOT-FOR-US: Unisoc CVE-2023-48346 (In video decoder, there is a possible improper input validation. This ...) NOT-FOR-US: Unisoc CVE-2023-48345 (In video decoder, there is a possible out of bounds read due to improp ...) NOT-FOR-US: Unisoc CVE-2023-48344 (In video decoder, there is a possible out of bounds read due to improp ...) NOT-FOR-US: Unisoc CVE-2023-48343 (In video decoder, there is a possible out of bounds write due to impro ...) NOT-FOR-US: Unisoc CVE-2023-48342 (In media service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-48341 (In video decoder, there is a possible out of bounds read due to improp ...) NOT-FOR-US: Unisoc CVE-2023-48340 (In video decoder, there is a possible out of bounds write due to impro ...) NOT-FOR-US: Unisoc CVE-2023-48339 (In jpg driver, there is a possible missing permission check. This coul ...) NOT-FOR-US: Unisoc CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a victi ...) - node-yarnpkg 1.22.19+~cs24.27.18-1 [bullseye] - node-yarnpkg (Minor issue) [buster] - node-yarnpkg (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262284 NOTE: Fixed by: https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 (v1.22.12) CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...) NOT-FOR-US: Karjasoft Sami HTTP Server CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...) [experimental] - pam 1.5.3-2 - pam 1.5.3-4 (bug #1061097) [bookworm] - pam (Minor issue) [bullseye] - pam (Minor issue) [buster] - pam (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/3 NOTE: https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb (v1.6.0) CVE-2023-6596 (An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE- ...) NOT-FOR-US: Red Hat OpenShift (specific for incomplete fixes in Red Hat for two OpenShift Containers) CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Reque ...) NOT-FOR-US: Stupid Simple CMS CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Stupid Simple CMS CVE-2024-20287 (A vulnerability in the web-based management interface of the Cisco WAP ...) NOT-FOR-US: Cisco CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco Thousan ...) NOT-FOR-US: Cisco CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2024-0647 (A vulnerability, which was classified as problematic, was found in Spa ...) NOT-FOR-US: Sparksuite SimpleMDE CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.209-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd (6.7-rc5) CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.53 ...) NOT-FOR-US: Explorer++ CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live Encoder an ...) NOT-FOR-US: C21 Live encoder and Live Mosaic CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live Mosaic prod ...) NOT-FOR-US: C21 Live encoder and Live Mosaic CVE-2024-0641 (A denial of service vulnerability was found in tipc_crypto_key_revoke ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/08e50cf071847323414df0835109b6f3560d44f5 (6.6-rc5) CVE-2024-0639 (A denial of service vulnerability due to a deadlock was found in sctp_ ...) - linux 6.4.4-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a (6.5-rc1) CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.1 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were discovered in th ...) NOT-FOR-US: Avaya CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not protect s ...) NOT-FOR-US: WordPress plugin CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information in resp ...) NOT-FOR-US: IBM CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles s ...) NOT-FOR-US: Studio Network Solutions ShareBrowser CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento ...) NOT-FOR-US: WordPress plugin CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote Code E ...) NOT-FOR-US: WordPress plugin CVE-2024-20968 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-20984 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20978 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20974 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20970 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20964 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-22916 (In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 ...) NOT-FOR-US: D-LINK CVE-2024-22411 (Avo is a framework to create admin panels for Ruby on Rails apps. In A ...) NOT-FOR-US: Avo CVE-2024-22409 (DataHub is an open-source metadata platform. In affected versions a lo ...) NOT-FOR-US: DataHub CVE-2024-22408 (Shopware is an open headless commerce platform. The implemented Flow B ...) NOT-FOR-US: Shopware CVE-2024-22407 (Shopware is an open headless commerce platform. In the Shopware CMS, t ...) NOT-FOR-US: Shopware CVE-2024-22406 (Shopware is an open headless commerce platform. The Shopware applicati ...) NOT-FOR-US: Shopware CVE-2024-22192 (Ursa is a cryptographic library for use with blockchains. The revocati ...) NOT-FOR-US: Ursa CVE-2024-22191 (Avo is a framework to create admin panels for Ruby on Rails apps. A st ...) NOT-FOR-US: Avo CVE-2024-21670 (Ursa is a cryptographic library for use with blockchains. The revocati ...) NOT-FOR-US: Ursa CVE-2024-20987 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-20985 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20983 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 CVE-2024-20981 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20979 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2024-20977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20975 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Only affects 8.2) CVE-2024-20973 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20971 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20967 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20965 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20961 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.36-1 (bug #1061126) CVE-2024-20959 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2024-20957 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2024-20955 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) NOT-FOR-US: Oracle CVE-2024-20950 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2024-20948 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2024-20946 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2024-20944 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2024-20942 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) NOT-FOR-US: Oracle CVE-2024-20940 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2024-20938 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2024-20936 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2024-20934 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2024-20930 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2024-20928 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2024-20924 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...) NOT-FOR-US: Oracle CVE-2024-20920 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2024-20916 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...) NOT-FOR-US: Oracle CVE-2024-20914 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2024-20912 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...) NOT-FOR-US: Oracle CVE-2024-20910 (Vulnerability in Oracle Audit Vault and Database Firewall (component: ...) NOT-FOR-US: Oracle CVE-2024-20908 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2024-20906 (Vulnerability in the Integrated Lights Out Manager (ILOM) product of O ...) NOT-FOR-US: Oracle CVE-2024-20904 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2024-0603 (A vulnerability classified as critical has been found in ZhiCms up to ...) NOT-FOR-US: ZhiCms CVE-2024-0601 (A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been ra ...) NOT-FOR-US: ZhongFuCheng3y CVE-2024-0405 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2023-52285 (ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php ...) NOT-FOR-US: ExamSys CVE-2023-52069 (kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: kodbox CVE-2023-52068 (kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: kodbox CVE-2023-52042 (An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu ...) NOT-FOR-US: TOTOLINK CVE-2023-51807 (Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote att ...) NOT-FOR-US: OFCMS CVE-2023-51743 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51742 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51741 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51740 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51739 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51738 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51737 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51736 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51735 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51734 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51733 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51732 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51731 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51730 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51729 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51728 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51727 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51726 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51725 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51724 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51723 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51722 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51721 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51720 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-51719 (This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, ...) NOT-FOR-US: Skyworth Router CM5100 CVE-2023-49515 (Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camer ...) NOT-FOR-US: TP Link CVE-2023-48926 (An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points bef ...) NOT-FOR-US: PrestaShop addon CVE-2023-46952 (Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attack ...) NOT-FOR-US: ABO.CMS CVE-2023-39691 (An issue discovered in kodbox through 1.43 allows attackers to arbitra ...) NOT-FOR-US: kodbox CVE-2023-36236 (Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and befor ...) NOT-FOR-US: webkil Bagisto CVE-2023-36235 (An issue in webkul qloapps before v1.6.0 allows an attacker to obtain ...) NOT-FOR-US: webkul qloapps CVE-2024-0607 (A flaw was found in the Netfilter subsystem in the Linux kernel. The i ...) {DSA-5681-1} - linux 6.5.13-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 (6.7-rc2) CVE-2024-0519 (Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099 ...) {DSA-5602-1} - chromium 120.0.6099.224-1 [buster] - chromium (see DSA 5046) CVE-2024-0518 (Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed ...) {DSA-5602-1} - chromium 120.0.6099.224-1 [buster] - chromium (see DSA 5046) CVE-2024-0517 (Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 all ...) {DSA-5602-1} - chromium 120.0.6099.224-1 [buster] - chromium (see DSA 5046) CVE-2024-20922 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-20923 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-20925 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjfx (Only affects JavaFX 8) CVE-2024-20945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20921 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20919 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1 DSA-5604-1 DLA-3728-1} - openjdk-8 8u402-ga-1 - openjdk-11 11.0.22+7-1 - openjdk-17 17.0.10+7-1 - openjdk-21 21.0.2+13-1 CVE-2024-20932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5613-1} - openjdk-17 17.0.10+7-1 CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio would exec ...) NOT-FOR-US: Meta Spark Studio CVE-2024-22628 (Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Budget and Expense Tracker System CVE-2024-22627 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Complete Supplier Management System CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Complete Supplier Management System CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Complete Supplier Management System CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 all ...) NOT-FOR-US: beetl-bbs CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been declared as p ...) NOT-FOR-US: Jspxcms CVE-2024-0584 REJECTED CVE-2024-0582 (A memory leak flaw was found in the Linux kernel\u2019s io_uring funct ...) - linux 6.6.8-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2504 NOTE: https://git.kernel.org/linus/c392cbecd8eca4c53f2bf508731257d9d0a21c2d (6.7-rc4) NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/3 CVE-2024-0581 (An Uncontrolled Resource Consumption vulnerability has been found on S ...) NOT-FOR-US: Sandsprite CVE-2024-0579 (A vulnerability classified as critical was found in Totolink X2000R 1. ...) NOT-FOR-US: Totolink CVE-2024-0578 (A vulnerability classified as critical has been found in Totolink LR12 ...) NOT-FOR-US: Totolink CVE-2024-0577 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...) NOT-FOR-US: Totolink CVE-2024-0576 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...) NOT-FOR-US: Totolink CVE-2024-0575 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...) NOT-FOR-US: Totolink CVE-2024-0574 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 a ...) NOT-FOR-US: Totolink CVE-2024-0573 (A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230 ...) NOT-FOR-US: Totolink CVE-2024-0572 (A vulnerability, which was classified as critical, was found in Totoli ...) NOT-FOR-US: Totolink CVE-2024-0571 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-0570 (A vulnerability classified as critical was found in Totolink N350RT 9. ...) NOT-FOR-US: Totolink CVE-2024-0569 (A vulnerability classified as problematic has been found in Totolink T ...) NOT-FOR-US: Totolink CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL ...) - gnutls28 3.8.3-1 (bug #1061045) [bookworm] - gnutls28 3.7.9-2+deb12u2 [bullseye] - gnutls28 (Minor issue; will be fixed in point release) [buster] - gnutls28 (Vulnerabity introduced in 3.7) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1521 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-09 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html NOTE: https://gitlab.com/gnutls/gnutls/-/commit/9edbdaa84e38b1bfb53a7d72c1de44f8de373405 (3.8.3) CVE-2024-0556 (A Weak Cryptography for Passwords vulnerability has been detected on W ...) NOT-FOR-US: WIC200 CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found on WI ...) NOT-FOR-US: WIC200 CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200, ...) NOT-FOR-US: WIC200 CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...) {DLA-3740-1} - gnutls28 3.8.3-1 (bug #1061046) [bookworm] - gnutls28 3.7.9-2+deb12u2 [bullseye] - gnutls28 (Minor issue; will be fixed in point release) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1522 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e (3.8.3) NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html NOTE: Issue exists because of incomplete fix for CVE-2023-5981 CVE-2024-0507 (An attacker with access to a Management Console user account with the ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-0238 (The EventON Premium WordPress plugin before 4.5.6, EventON WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2024-0237 (The EventON WordPress plugin through 4.5.8, EventON WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub Enterprise ...) NOT-FOR-US: GitHub Enterprise Server CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA client has ...) NOT-FOR-US: OPCUAServerToolkit CVE-2023-7154 (The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-7151 (The Product Enquiry for WooCommerce WordPress plugin before 3.2 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-7125 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-7084 (The Voting Record WordPress plugin through 2.0 is missing sanitisation ...) NOT-FOR-US: WordPress plugin CVE-2023-7083 (The Voting Record WordPress plugin through 2.0 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-6824 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...) NOT-FOR-US: WordPress plugin CVE-2023-6741 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...) NOT-FOR-US: WordPress plugin CVE-2023-6732 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent directory lis ...) NOT-FOR-US: WordPress plugin CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) NOT-FOR-US: HYPR CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) NOT-FOR-US: HYPR CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: HYPR CVE-2023-6292 (The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6046 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-6005 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-5922 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.8 ...) NOT-FOR-US: WordPress plugin CVE-2023-5558 (The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-5097 (Improper Input Validation vulnerability in HYPR Workforce Access on Wi ...) NOT-FOR-US: HYPR CVE-2023-52116 (Permission management vulnerability in the multi-screen interaction mo ...) NOT-FOR-US: Huawei CVE-2023-52115 (The iaware module has a Use-After-Free (UAF) vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2023-52114 (Data confidentiality vulnerability in the ScreenReader module. Success ...) NOT-FOR-US: Huawei CVE-2023-52108 (Vulnerability of process priorities being raised in the ActivityManage ...) NOT-FOR-US: Huawei CVE-2023-52107 (Vulnerability of permissions being not strictly verified in the WMS mo ...) NOT-FOR-US: Huawei CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API permission ...) NOT-FOR-US: Huawei CVE-2023-52105 (The nearby module has a privilege escalation vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2023-52104 (Vulnerability of parameters being not verified in the WMS module. Succ ...) NOT-FOR-US: Huawei CVE-2023-52103 (Buffer overflow vulnerability in the FLP module. Successful exploitati ...) NOT-FOR-US: Huawei CVE-2023-52102 (Vulnerability of parameters being not verified in the WMS module. Succ ...) NOT-FOR-US: Huawei CVE-2023-52101 (Component exposure vulnerability in the Wi-Fi module. Successful explo ...) NOT-FOR-US: Huawei CVE-2023-52100 (The Celia Keyboard module has a vulnerability in access control. Succe ...) NOT-FOR-US: Huawei CVE-2023-52099 (Vulnerability of foreground service restrictions being bypassed in the ...) NOT-FOR-US: Huawei CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module. Successful ex ...) NOT-FOR-US: Huawei CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows a ...) NOT-FOR-US: Totolink CVE-2023-51381 REJECTED CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...) - firmware-nonfree (bug #1061460) [bookworm] - firmware-nonfree (Minor issue, revisit when updates are available around March 2024) [bullseye] - firmware-nonfree (Non-free not supported) [buster] - firmware-nonfree (Minor issue, revisit when updates are available) NOTE: https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6010.html CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly escape ...) NOT-FOR-US: WordPress plugin CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-4703 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...) NOT-FOR-US: WordPress plugin CVE-2023-4536 (The My Account Page Editor WordPress plugin before 1.3.2 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-49351 (A stack-based buffer overflow vulnerability in /bin/webs binary in Edi ...) NOT-FOR-US: Edimax BR6478AC V2 firmware CVE-2023-3771 (The T1 WordPress theme through 19.0 is vulnerable to unauthenticated o ...) NOT-FOR-US: WordPress theme CVE-2023-3647 (The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-3372 (The Lana Shortcodes WordPress plugin before 1.2.0 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-3211 (The WordPress Database Administrator WordPress plugin through 1.0.3 do ...) NOT-FOR-US: WordPress plugin CVE-2023-3178 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...) NOT-FOR-US: WordPress plugin CVE-2023-37523 (Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI ...) NOT-FOR-US: HCL CVE-2023-37522 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has mis ...) NOT-FOR-US: HCL CVE-2023-37521 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can som ...) NOT-FOR-US: HCL CVE-2023-34063 (Aria Automation contains a Missing Access Control vulnerability. An ...) NOT-FOR-US: VMware CVE-2023-2655 (The Contact Form by WD WordPress plugin through 1.13.23 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2021-4432 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been class ...) NOT-FOR-US: PCMan FTP Server CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...) - edk2 (bug #1063727) [bookworm] - edk2 (Minor issue) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...) - edk2 (bug #1063726) [bookworm] - edk2 (Minor issue) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...) - edk2 2023.11-6 (bug #1061256) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2 CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker could p ...) - mock [buster] - mock (Vulnerable code not present) - templated-dictionary (bug #1025862) NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/1 NOTE: Introduced in: https://github.com/rpm-software-management/mock/commit/426d973c2917a18303eea243bdf496ff6942bd27 (mock-1.4.14-1) NOTE: templated-dictionary spit up from mock project in: https://github.com/rpm-software-management/mock/commit/c989e28ba92c571c0834e9b5d10ef29340e661f8 (mock-2.9) NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69 (python-templated-dictionary-1.4-1) NOTE: Fixed by: https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933 (python-templated-dictionary-1.4-1) CVE-2024-0408 (A flaw was found in the X.Org server. The GLX PBuffer code does not ca ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e5e8586a12a3ec915673edffa10dc8fe5e15dac3 CVE-2024-0409 (A flaw was found in the X.Org server. The cursor code in both Xephyr a ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7 CVE-2024-21886 (A heap buffer overflow flaw was found in the DisableDevice function in ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bc1fdbe46559dd947674375946bbef54dd0ce36b NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26769aa71fcbe0a8403b7fb13b7c9010cc07c3a8 NOTE: Regression: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1623 CVE-2024-21885 (A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent fu ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4a5e9b1895627d40d26045bd0b7ef3dce503cbd1 CVE-2024-0229 (An out-of-bounds memory access flaw was found in the X.Org server. Thi ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ece23be888a93b741aa1209d1dbf64636109d6a5 NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/219c54b8a3337456ce5270ded6a67bcde53553d5 NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/df3c65706eb169d5938df0052059f3e0d5981b74 CVE-2023-6816 (A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQuer ...) {DSA-5603-1 DLA-3721-1} - xorg-server 2:21.1.11-1 - xwayland 2:23.2.4-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 CVE-2024-22428 (Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Inco ...) NOT-FOR-US: Dell CVE-2024-22362 (Drupal contains a vulnerability with improper handling of structural e ...) - drupal7 CVE-2024-21674 (This High severity Remote Code Execution (RCE) vulnerability was intro ...) NOT-FOR-US: Atlassian Confluence Data Center and Server CVE-2024-21673 (This High severity Remote Code Execution (RCE) vulnerability was intro ...) NOT-FOR-US: Atlassian Confluence Data Center and Server CVE-2024-21672 (This High severity Remote Code Execution (RCE) vulnerability was intro ...) NOT-FOR-US: Atlassian Confluence Data Center and Server CVE-2023-7206 (In Horner Automation Cscape versions 9.90 SP10 and prior, local attack ...) NOT-FOR-US: Horner Automation CVE-2023-6457 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager ...) NOT-FOR-US: Hitachi CVE-2023-52113 (launchAnyWhere vulnerability in the ActivityManagerService module. Suc ...) NOT-FOR-US: Huawei CVE-2023-52112 (Unauthorized file access vulnerability in the wallpaper service module ...) NOT-FOR-US: Huawei CVE-2023-52111 (Authorization vulnerability in the BootLoader module. Successful explo ...) NOT-FOR-US: Huawei CVE-2023-52110 (The sensor module has an out-of-bounds access vulnerability.Successful ...) NOT-FOR-US: Huawei CVE-2023-52109 (Vulnerability of trust relationships being inaccurate in distributed s ...) NOT-FOR-US: Huawei CVE-2023-51810 (SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixe ...) NOT-FOR-US: StackIdeas EasyDiscuss CVE-2023-51282 (An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain ...) NOT-FOR-US: mingSoft MCMS CVE-2023-51257 (An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and be ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/367 NOTE: https://github.com/jasper-software/jasper/commit/aeef5293c978158255ad4f127089644745602f2a CVE-2023-51059 (An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 an ...) NOT-FOR-US: MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway CVE-2023-4566 (Vulnerability of trust relationships being inaccurate in distributed s ...) NOT-FOR-US: Huawei CVE-2023-49107 (Generation of Error Message Containing Sensitive Information vulnerabi ...) NOT-FOR-US: Hitachi CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device Manager ...) NOT-FOR-US: Hitachi CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.) - sogo 5.9.1-1 (bug #1060925) [buster] - sogo (Minor issue) NOTE: Fixed by: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 (SOGo-5.9.1) CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a rem ...) NOT-FOR-US: Knovos Discovery CVE-2023-47459 (An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obt ...) NOT-FOR-US: Knovos Discovery CVE-2023-44117 (Vulnerability of trust relationships being inaccurate in distributed s ...) NOT-FOR-US: Huawei CVE-2023-44112 (Out-of-bounds access vulnerability in the device authentication module ...) NOT-FOR-US: Huawei CVE-2023-43449 (An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenti ...) NOT-FOR-US: HummerRisk CVE-2023-41619 (Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XS ...) NOT-FOR-US: Emlog Pro CVE-2011-10005 (A vulnerability, which was classified as critical, was found in EasyFT ...) NOT-FOR-US: EasyFTP CVE-2024-22207 (fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior ...) NOT-FOR-US: fastify-swagger-ui CVE-2024-20721 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are a ...) NOT-FOR-US: Acrobat Reader T5 (MSFT Edge) CVE-2024-20709 (Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are a ...) NOT-FOR-US: Acrobat Reader T5 (MSFT Edge) CVE-2024-0565 (An out-of-bounds memory read flaw was found in receive_encrypted_stand ...) {DSA-5681-1} - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 NOTE: https://git.kernel.org/linus/eec04ea119691e65227a97ce53c0da6b9b74b0b7 (6.7-rc6) CVE-2024-0562 (A use-after-free flaw was found in the Linux Kernel. When a disk is re ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f87904c075515f3e1d8f4a7115869d3b914674fd (6.0-rc3) CVE-2024-0558 (A vulnerability has been found in DedeBIZ 6.3.0 and classified as crit ...) NOT-FOR-US: DedeBIZ CVE-2024-0557 (A vulnerability, which was classified as problematic, was found in Ded ...) NOT-FOR-US: DedeBIZ CVE-2024-0320 (Cross-Site Scripting in FireEye Malware Analysis (AX) affecting versio ...) NOT-FOR-US: FireEye Malware Analysis (AX) CVE-2024-0319 (Open Redirect vulnerability in FireEye HXTool affecting version 4.6, t ...) NOT-FOR-US: FireEye HXTool CVE-2024-0318 (Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vul ...) NOT-FOR-US: FireEye HXTool CVE-2024-0317 (Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Ex ...) NOT-FOR-US: FireEye EX CVE-2024-0316 (Improper cleanup vulnerability in exceptions thrown in FireEye Endpoin ...) NOT-FOR-US: FireEye Endpoint Security CVE-2024-0315 (Remote file inclusion vulnerability in FireEye Central Management affe ...) NOT-FOR-US: FireEye Central Management CVE-2024-0314 (XSS vulnerability in FireEye Central Management affecting version 9.1. ...) NOT-FOR-US: FireEye Central Management CVE-2023-6991 (The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 do ...) NOT-FOR-US: WordPress plugin CVE-2023-6941 (The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-6915 (A Null pointer dereference problem was found in ida_free in lib/idr.c ...) - linux 6.6.13-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/af73483f4e8b6f5c68c9aa63257bdd929a9c194a (6.7-rc7) CVE-2023-6843 (The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, ...) NOT-FOR-US: WordPress plugin CVE-2023-6623 (The Essential Blocks WordPress plugin before 4.4.3 does not prevent un ...) NOT-FOR-US: WordPress plugin CVE-2023-6620 (The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2023-6163 (The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-6066 (The WP Custom Widget area WordPress plugin through 1.2.5 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-6050 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-6049 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unseriali ...) NOT-FOR-US: WordPress plugin CVE-2023-6048 (The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-6029 (The EazyDocs WordPress plugin before 2.3.6 does not have authorization ...) NOT-FOR-US: WordPress plugin CVE-2023-5905 (The DeMomentSomTres WordPress Export Posts With Images WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-5253 (A missing authentication check in the WebSocket channel used for the C ...) NOT-FOR-US: Nozomi Networks CVE-2023-50729 (Traccar is an open source GPS tracking system. Prior to 5.11, Traccar ...) NOT-FOR-US: Traccar CVE-2023-4925 (The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-4818 (PAX A920 device allows to downgrade bootloader due to a bug in its ver ...) NOT-FOR-US: PAX A920 device CVE-2023-46226 (Remote Code Execution vulnerability in Apache IoTDB.This issue affects ...) NOT-FOR-US: Apache IoTDB CVE-2023-42137 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50 ...) NOT-FOR-US: PAX devices CVE-2023-42136 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50 ...) NOT-FOR-US: PAX devices CVE-2023-42135 (PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230 ...) NOT-FOR-US: PAX devices CVE-2023-42134 (PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45 ...) NOT-FOR-US: PAX devices CVE-2023-6237 (Issue summary: Checking excessively long invalid RSA public keys may t ...) - openssl 3.1.5-1 (bug #1060858) [bookworm] - openssl (Minor issue) [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20240115.txt NOTE: https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a830f551557d3d66a84bbb18a5b889c640c36294 (openssl-3.1) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=18c02492138d1eb8b6548cb26e7b625fb2414a2a (openssl-3.0) CVE-2024-XXXX [RUSTSEC-2023-0078] - rust-tracing (Vulnerable code never in a Debian released version; bug #1060861) [bookworm] - rust-tracing (Vulnerable code not present) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0078.html NOTE: https://github.com/tokio-rs/tracing/pull/2765 NOTE: Introduced by: https://github.com/tokio-rs/tracing/commit/3a65354837a0f176178e15787fc700dd6fa11a92 (tracing-0.1.38) NOTE: Fixed by: https://github.com/tokio-rs/tracing/commit/20a1762b3fd5f1fafead198fd18e469c68683721 (tracing-0.1.40) CVE-2024-22028 (Insufficient technical documentation issue exists in thermal camera TM ...) NOT-FOR-US: thermal camera TMC series firmware CVE-2024-0552 (Intumit inc. SmartRobot's web framwork has a remote code execution vul ...) NOT-FOR-US: SmartRobot's web framwork CVE-2024-0548 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...) NOT-FOR-US: FreeFloat FTP Server CVE-2024-0547 (A vulnerability has been found in Ability FTP Server 2.34 and classifi ...) NOT-FOR-US: Ability FTP Server CVE-2024-0546 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: EasyFTP CVE-2024-0545 (A vulnerability classified as problematic was found in CodeCanyon RISE ...) NOT-FOR-US: CodeCanyon RISE Rise Ultimate Project Manager CVE-2024-0543 (A vulnerability classified as critical has been found in CodeAstro Rea ...) NOT-FOR-US: CodeAstro Real Estate Management System CVE-2024-0542 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...) NOT-FOR-US: Tenda CVE-2024-0541 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...) NOT-FOR-US: Tenda CVE-2024-0540 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...) NOT-FOR-US: Tenda CVE-2024-0539 (A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as ...) NOT-FOR-US: Tenda CVE-2024-0538 (A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classifie ...) NOT-FOR-US: Tenda CVE-2024-0537 (A vulnerability, which was classified as critical, was found in Tenda ...) NOT-FOR-US: Tenda CVE-2024-0536 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tenda CVE-2024-0535 (A vulnerability classified as critical was found in Tenda PA6 1.0.1.21 ...) NOT-FOR-US: Tenda CVE-2024-0534 (A vulnerability classified as critical has been found in Tenda A15 15. ...) NOT-FOR-US: Tenda CVE-2024-0533 (A vulnerability was found in Tenda A15 15.13.07.13. It has been rated ...) NOT-FOR-US: Tenda CVE-2024-0532 (A vulnerability was found in Tenda A15 15.13.07.13. It has been declar ...) NOT-FOR-US: Tenda CVE-2024-0531 (A vulnerability was found in Tenda A15 15.13.07.13. It has been classi ...) NOT-FOR-US: Tenda CVE-2024-0530 (A vulnerability was found in CXBSoft Post-Office up to 1.0 and classif ...) NOT-FOR-US: CXBSoft Post-Office CVE-2024-0529 (A vulnerability has been found in CXBSoft Post-Office up to 1.0 and cl ...) NOT-FOR-US: CXBSoft Post-Office CVE-2024-0528 (A vulnerability, which was classified as critical, was found in CXBSof ...) NOT-FOR-US: CXBSoft Post-Office CVE-2024-0527 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: CXBSoft CVE-2024-0526 (A vulnerability classified as critical was found in CXBSoft Url-shorti ...) NOT-FOR-US: CXBSoft CVE-2024-0525 (A vulnerability classified as critical has been found in CXBSoft Url-s ...) NOT-FOR-US: CXBSoft CVE-2024-0524 (A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has ...) NOT-FOR-US: CXBSoft CVE-2024-0523 (A vulnerability was found in CmsEasy up to 7.7.7. It has been declared ...) NOT-FOR-US: CmsEasy CVE-2024-0522 (A vulnerability was found in Allegro RomPager 4.01. It has been classi ...) NOT-FOR-US: Allegro RomPager CVE-2023-48383 (NetVision Information airPASS has a path traversal vulnerability w ...) NOT-FOR-US: NetVision CVE-2020-36770 (pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessar ...) NOT-FOR-US: Gentoo (ebuild for Slurm) CVE-2024-0510 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: HaoKeKeJi YiQiNiu CVE-2024-0505 (A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified ...) NOT-FOR-US: ZhongFuCheng3y Austin CVE-2024-0504 (A vulnerability has been found in code-projects Simple Online Hotel Re ...) NOT-FOR-US: code-projects Simple Online Hotel Reservation System CVE-2024-0503 (A vulnerability was found in code-projects Online FIR System 1.0. It h ...) NOT-FOR-US: code-projects Online FIR System CVE-2024-0502 (A vulnerability was found in SourceCodester House Rental Management Sy ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0501 (A vulnerability has been found in SourceCodester House Rental Manageme ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0500 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0499 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester House Rental Management System CVE-2024-0498 (A vulnerability was found in Project Worlds Lawyer Management System 1 ...) NOT-FOR-US: Project Worlds Lawyer Management System CVE-2024-0497 (A vulnerability was found in Campcodes Student Information System 1.0. ...) NOT-FOR-US: Campcodes Student Information System CVE-2024-0496 (A vulnerability was found in Kashipara Billing Software 1.0 and classi ...) NOT-FOR-US: Kashipara Billing Software CVE-2024-0495 (A vulnerability has been found in Kashipara Billing Software 1.0 and c ...) NOT-FOR-US: Kashipara Billing Software CVE-2024-0494 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara Billing Software CVE-2024-0493 (A vulnerability, which was classified as critical, has been found in K ...) NOT-FOR-US: Kashipara Billing Software CVE-2024-0492 (A vulnerability classified as critical was found in Kashipara Billing ...) NOT-FOR-US: Kashipara Billing Software CVE-2024-0491 (A vulnerability classified as problematic has been found in Huaxia ERP ...) NOT-FOR-US: Huaxia ERP CVE-2024-0490 (A vulnerability was found in Huaxia ERP up to 3.1. It has been rated a ...) NOT-FOR-US: Huaxia ERP CVE-2024-0489 (A vulnerability was found in code-projects Fighting Cock Information S ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0488 (A vulnerability was found in code-projects Fighting Cock Information S ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0487 (A vulnerability was found in code-projects Fighting Cock Information S ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0486 (A vulnerability has been found in code-projects Fighting Cock Informat ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0485 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0484 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0483 (A vulnerability classified as critical was found in Taokeyun up to 1.0 ...) NOT-FOR-US: Taokeyun CVE-2024-0482 (A vulnerability classified as critical has been found in Taokeyun up t ...) NOT-FOR-US: Taokeyun CVE-2024-0481 (A vulnerability was found in Taokeyun up to 1.0.5. It has been rated a ...) NOT-FOR-US: Taokeyun CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable init ...) {DLA-3733-1} - rear (bug #1060747) [bookworm] - rear (Minor issue) [bullseye] - rear (Minor issue) NOTE: https://github.com/rear/rear/issues/3122 NOTE: https://github.com/rear/rear/pull/3123 NOTE: https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16 CVE-2024-22209 (Open edX Platform is a service-oriented platform for authoring and del ...) NOT-FOR-US: Open edX CVE-2024-22206 (Clerk helps developers build user management. Unauthorized access or p ...) NOT-FOR-US: Clerk CVE-2024-22142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Cozmoslabs Profile Builder Pro CVE-2024-22137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: MailMunch Constant Contact Forms CVE-2024-21655 (Discourse is a platform for community discussion. For fields that are ...) NOT-FOR-US: Discourse CVE-2024-21654 (Rubygems.org is the Ruby community's gem hosting service. Rubygems.org ...) NOT-FOR-US: Rubygems.org gem hosting service CVE-2024-21640 (Chromium Embedded Framework (CEF) is a simple framework for embedding ...) - chromium-embedded-framework (bug #915400) CVE-2024-21639 (CEF (Chromium Embedded Framework ) is a simple framework for embedding ...) - chromium-embedded-framework (bug #915400) CVE-2024-0480 (A vulnerability was found in Taokeyun up to 1.0.5. It has been declare ...) NOT-FOR-US: Taokeyun CVE-2024-0479 (A vulnerability was found in Taokeyun up to 1.0.5. It has been classif ...) NOT-FOR-US: Taokeyun CVE-2024-0478 (A vulnerability was found in code-projects Fighting Cock Information S ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0477 (A vulnerability has been found in code-projects Fighting Cock Informat ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0476 (A vulnerability, which was classified as problematic, was found in Blo ...) NOT-FOR-US: Blood Bank & Donor Management CVE-2024-0475 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Dormitory Management System CVE-2024-0474 (A vulnerability classified as critical was found in code-projects Dorm ...) NOT-FOR-US: code-projects Dormitory Management System CVE-2024-0473 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Dormitory Management System CVE-2024-0472 (A vulnerability was found in code-projects Dormitory Management System ...) NOT-FOR-US: code-projects Dormitory Management System CVE-2024-0471 (A vulnerability was found in code-projects Human Resource Integrated S ...) NOT-FOR-US: code-projects Human Resource Integrated System CVE-2024-0470 (A vulnerability was found in code-projects Human Resource Integrated S ...) NOT-FOR-US: code-projects Human Resource Integrated System CVE-2024-0469 (A vulnerability was found in code-projects Human Resource Integrated S ...) NOT-FOR-US: code-projects Human Resource Integrated System CVE-2024-0468 (A vulnerability has been found in code-projects Fighting Cock Informat ...) NOT-FOR-US: code-projects Fighting Cock Information System CVE-2024-0251 (The Advanced Woo Search plugin for WordPress is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2024-0230 (A session management issue was addressed with improved checks. This is ...) NOT-FOR-US: Magic Keyboard Firmware Update CVE-2023-52289 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...) NOT-FOR-US: flaskcode for Python CVE-2023-52288 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...) NOT-FOR-US: flaskcode for Python CVE-2023-51805 (SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows ...) NOT-FOR-US: TDuckCLoud tduck-platform CVE-2023-51804 (An issue in rymcu forest v.0.02 allows a remote attacker to obtain sen ...) NOT-FOR-US: rymcu forest CVE-2023-51698 (Atril is a simple multi-page document viewer. Atril is vulnerable to a ...) - atril 1.26.1-4 (bug #1060751) [bookworm] - atril 1.26.0-2+deb12u2 [bullseye] - atril 1.24.0-1+deb11u1 - evince 3.25.92-1 NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2 NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/7b5ad18399b04cbfce02730d28baf30e9fc35b58 (3.25.4) CVE-2023-51071 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51070 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51068 (An authenticated reflected cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51067 (An unauthenticated reflected cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51066 (An authenticated remote code execution vulnerability in QStar Archive ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51065 (Incorrect access control in QStar Archive Solutions Release RELEASE_3- ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51064 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discov ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51063 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discov ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-51062 (An unauthenticated log file read in the component log-smblog-save of Q ...) NOT-FOR-US: QStar Archive Solutions Release CVE-2023-50072 (A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM ver ...) NOT-FOR-US: OpenKM CVE-2023-49801 (Lif Auth Server is a server for validating logins, managing informatio ...) NOT-FOR-US: Lif Auth Server CVE-2023-49647 (Improper access control in Zoom Desktop Client for Windows, Zoom VDI C ...) NOT-FOR-US: Zoom CVE-2023-49099 (Discourse is a platform for community discussion. Under very specific ...) NOT-FOR-US: Discourse CVE-2023-49098 (Discourse-reactions is a plugin that allows user to add their reaction ...) NOT-FOR-US: Discourse plugin CVE-2023-48297 (Discourse is a platform for community discussion. The message serializ ...) NOT-FOR-US: Discourse CVE-2023-48166 (A directory traversal vulnerability in the SOAP Server integrated in A ...) NOT-FOR-US: Unify CVE-2023-46943 (An issue was discovered in NPM's package @evershop/evershop before ver ...) NOT-FOR-US: evershop Nodejs module CVE-2023-46942 (Lack of authentication in NPM's package @evershop/evershop before vers ...) NOT-FOR-US: evershop Nodejs module CVE-2023-42463 (Wazuh is a free and open source platform used for threat prevention, d ...) NOT-FOR-US: Wazuh CVE-2023-33472 (An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and bef ...) NOT-FOR-US: Scada-LTS CVE-2022-4962 (A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as prob ...) NOT-FOR-US: Apollo CVE-2023-50290 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - lucene-solr (Vulnerable code not yet present) CVE-2023-46749 (Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a p ...) - shiro 1.3.2-5 (bug #1060754) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/2 CVE-2024-0232 (A heap use-after-free issue has been identified in SQLite in the jsonP ...) - sqlite3 3.43.2-1 [bookworm] - sqlite3 (Minor issue) [bullseye] - sqlite3 (Vulnerable code not present) [buster] - sqlite3 (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2243754 NOTE: https://sqlite.org/forum/forumpost/4aa381993a NOTE: https://sqlite.org/forum/forumpost/b25edc1d46 NOTE: https://sqlite.org/src/info/a163fecca90cab9d (v3.43.2) CVE-2024-22494 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...) NOT-FOR-US: JFinalcms CVE-2024-22493 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...) NOT-FOR-US: JFinalcms CVE-2024-22492 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...) NOT-FOR-US: JFinalcms CVE-2024-21887 (A command injection vulnerability in web components of Ivanti Connect ...) NOT-FOR-US: Ivanti CVE-2024-0467 (A vulnerability, which was classified as problematic, was found in cod ...) NOT-FOR-US: code-projects Employee Profile Management System CVE-2024-0466 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Employee Profile Management System CVE-2024-0465 (A vulnerability classified as problematic was found in code-projects E ...) NOT-FOR-US: code-projects Employee Profile Management System CVE-2024-0464 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Online Faculty Clearance CVE-2024-0463 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...) NOT-FOR-US: code-projects Online Faculty Clearance CVE-2024-0462 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...) NOT-FOR-US: code-projects Online Faculty Clearance CVE-2024-0461 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...) NOT-FOR-US: code-projects Online Faculty Clearance CVE-2024-0460 (A vulnerability was found in code-projects Faculty Management System 1 ...) NOT-FOR-US: code-projects Faculty Management System CVE-2024-0459 (A vulnerability has been found in Blood Bank & Donor Management 5.6 an ...) NOT-FOR-US: Blood Bank & Donor Management CVE-2023-6683 (A flaw was found in the QEMU built-in VNC server while processing Clie ...) - qemu 1:8.2.0+ds-5 (bug #1060749) [bookworm] - qemu 1:7.2+dfsg-7+deb12u4 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254825 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/660e8d0f0be4e87da937ce797973874bb282d498 (v6.1.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a CVE-2023-52026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a r ...) NOT-FOR-US: TOTOlink CVE-2023-51978 (In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image ...) NOT-FOR-US: PHPGurukul Art Gallery Management System CVE-2023-51949 (Verydows v2.0 was discovered to contain a Cross-Site Request Forgery ( ...) NOT-FOR-US: Verydows CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to ...) NOT-FOR-US: Ujcms CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote ...) - piwigo CVE-2023-49569 (A path traversal vulnerability was discovered in go-git versions prior ...) - golang-github-go-git-go-git (bug #1060701) [bookworm] - golang-github-go-git-go-git (Minor issue) NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in go-git versi ...) - golang-github-go-git-go-git (bug #1060701) [bookworm] - golang-github-go-git-go-git (Minor issue) NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing the value ...) NOT-FOR-US: Hongdian CVE-2023-49261 (The "tokenKey" value used in user authorization is visible in the HTML ...) NOT-FOR-US: Hongdian CVE-2023-49260 (An XSS attack can be performed by changing the MOTD banner and pointin ...) NOT-FOR-US: Hongdian CVE-2023-49259 (The authentication cookies are generated using an algorithm based on t ...) NOT-FOR-US: Hongdian CVE-2023-49258 (User browser may be forced to execute JavaScript and pass the authenti ...) NOT-FOR-US: Hongdian CVE-2023-49257 (An authenticated user is able to upload an arbitrary CGI-compatible fi ...) NOT-FOR-US: Hongdian CVE-2023-49256 (It is possible to download the configuration backup without authorizat ...) NOT-FOR-US: Hongdian CVE-2023-49255 (The router console is accessible without authentication at "data" fiel ...) NOT-FOR-US: Hongdian CVE-2023-49254 (Authenticated user can execute arbitrary commands in the context of th ...) NOT-FOR-US: Hongdian CVE-2023-49253 (Root user password is hardcoded into the device and cannot be changed ...) NOT-FOR-US: Hongdian CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows attackers to ex ...) NOT-FOR-US: Jave2 CVE-2023-46805 (An authentication bypass vulnerability in the web component of Ivanti ...) NOT-FOR-US: Ivanti CVE-2010-10011 (A vulnerability, which was classified as problematic, was found in Acr ...) NOT-FOR-US: Acritum Femitter Server CVE-2024-23659 (SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of a ...) - spip 4.1.15+dfsg-1 [bookworm] - spip 4.1.9+dfsg-1+deb12u4 [bullseye] - spip (Vulnerable code not present) [buster] - spip (Vulnerable code not present) NOTE: https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc NOTE: https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2 NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr CVE-2023-6955 (An improper access control vulnerability exists in GitLab Remote Devel ...) - gitlab 16.6.5-3 CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab 16.6.5-3 CVE-2023-5356 (Incorrect authorization checks in GitLab CE/EE from all versions start ...) - gitlab 16.6.5-3 CVE-2023-7028 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.4.5+ds2-1 CVE-2024-23179 (An issue was discovered in the GlobalBlocking extension in MediaWiki b ...) NOT-FOR-US: MediaWiki extension GlobalBlocking CVE-2024-23178 (An issue was discovered in the Phonos extension in MediaWiki before 1. ...) NOT-FOR-US: MediaWiki extension Phonos CVE-2024-23177 (An issue was discovered in the WatchAnalytics extension in MediaWiki b ...) NOT-FOR-US: MediaWiki extension WatchAnalytics CVE-2024-23174 (An issue was discovered in the PageTriage extension in MediaWiki befor ...) NOT-FOR-US: MediaWiki extension PageTriage CVE-2024-23173 (An issue was discovered in the Cargo extension in MediaWiki before 1.3 ...) NOT-FOR-US: MediaWiki extension Cargo CVE-2024-23172 (An issue was discovered in the CheckUser extension in MediaWiki before ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2024-23171 (An issue was discovered in the CampaignEvents extension in MediaWiki b ...) NOT-FOR-US: MediaWiki extension CampaignEvents CVE-2024-22027 (Improper input validation vulnerability in WordPress Quiz Maker Plugin ...) NOT-FOR-US: WordPress plugin CVE-2024-21982 (ONTAP versions 9.4 and higher are susceptible to a vulnerability whic ...) NOT-FOR-US: ONTAP CVE-2024-21617 (An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) co ...) NOT-FOR-US: Juniper CVE-2024-21616 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21614 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21613 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2024-21612 (An Improper Handling of Syntactically Invalid Structure vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21611 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2024-21607 (An Unsupported Feature in the UI vulnerability in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2024-21606 (A Double Free vulnerability in the flow processing daemon (flowd) of J ...) NOT-FOR-US: Juniper CVE-2024-21604 (An Allocation of Resources Without Limits or Throttling vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21603 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21602 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2024-21601 (A Concurrent Execution using Shared Resource with Improper Synchroniza ...) NOT-FOR-US: Juniper CVE-2024-21600 (An Improper Neutralization of Equivalent Special Elements vulnerabilit ...) NOT-FOR-US: Juniper CVE-2024-21599 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2024-21597 (An Exposure of Resource to Wrong Sphere vulnerability in the Packet Fo ...) NOT-FOR-US: Juniper CVE-2024-21596 (A Heap-based Buffer Overflow vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2024-21595 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2024-21594 (A Heap-based Buffer Overflow vulnerability in the Network Services Dae ...) NOT-FOR-US: Juniper CVE-2024-21591 (An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Juno ...) NOT-FOR-US: Juniper CVE-2024-21589 (An Improper Access Control vulnerability in the Juniper Networks Parag ...) NOT-FOR-US: Juniper CVE-2024-21587 (An Improper Handling of Exceptional Conditions vulnerability in the br ...) NOT-FOR-US: Juniper CVE-2024-21585 (An Improper Handling of Exceptional Conditions vulnerability in BGP se ...) NOT-FOR-US: Juniper CVE-2024-21337 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20675 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-0454 (ELAN Match-on-Chip FPR solution has design fault about potential risk ...) NOT-FOR-US: ELAN Match-on-Chip FPR CVE-2024-0426 (A vulnerability, which was classified as critical, has been found in F ...) NOT-FOR-US: ForU CMS CVE-2024-0393 REJECTED CVE-2023-7226 (A vulnerability was found in meetyoucrop big-whale 1.1 and classified ...) NOT-FOR-US: meetyoucrop big-whale CVE-2023-6740 (Privilege escalation in jar_signature agent plugin in Checkmk before 2 ...) - check-mk CVE-2023-6735 (Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18 ...) - check-mk CVE-2023-6040 (An out-of-bounds access vulnerability involving netfilter was reported ...) - linux 5.18.2-1 [bullseye] - linux 5.10.209-1 NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/1 NOTE: https://git.kernel.org/linus/f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 (5.18-rc1) CVE-2023-52339 (In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can ...) - libebml 1.4.5-1 [bookworm] - libebml (Minor issue) [bullseye] - libebml (Minor issue) [buster] - libebml (Minor issue) NOTE: https://github.com/Matroska-Org/libebml/issues/147 NOTE: https://github.com/Matroska-Org/libebml/pull/148 NOTE: https://github.com/Matroska-Org/libebml/commit/4d577f5c3e267b2988d56dafebc82dedb4c45506 (master) NOTE: https://github.com/Matroska-Org/libebml/commit/4c0d757d6de529e8dda6bb6ca08369d5f9bffdb3 (release-1.4.5) CVE-2023-51350 (A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain ...) NOT-FOR-US: ujcms CVE-2023-50920 (An issue was discovered on GL.iNet devices before version 4.5.0. They ...) NOT-FOR-US: GL.iNet CVE-2023-50919 (An issue was discovered on GL.iNet devices before version 4.5.0. There ...) NOT-FOR-US: GL.iNet CVE-2023-50129 (Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 ...) NOT-FOR-US: Flient Smart Door Lock CVE-2023-50128 (The remote keyless system of the Hozard alarm system (alarmsystemen) v ...) NOT-FOR-US: Hozard alarm system CVE-2023-50127 (Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Auth ...) NOT-FOR-US: Hozard alarm system CVE-2023-50126 (Missing encryption in the RFID tags of the Hozard alarm system (Alarms ...) NOT-FOR-US: Hozard alarm system CVE-2023-50125 (A default engineer password set on the Hozard alarm system (Alarmsyste ...) NOT-FOR-US: Hozard alarm system CVE-2023-50124 (Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credential ...) NOT-FOR-US: Flient Smart Door Lock CVE-2023-50123 (The number of attempts to bring the Hozard Alarm system (alarmsystemen ...) NOT-FOR-US: Hozard alarm system CVE-2023-46474 (File Upload vulnerability PMB v.7.4.8 allows a remote attacker to exec ...) NOT-FOR-US: PMB CVE-2023-40362 (An issue was discovered in CentralSquare Click2Gov Building Permit bef ...) NOT-FOR-US: CentralSquare Click2Gov Building Permit CVE-2023-40250 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Hancom CVE-2023-37117 (A heap-use-after-free vulnerability was found in live555 version 2023. ...) - liblivemedia [buster] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2023-June/022331.html CVE-2023-36842 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-34061 (Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are v ...) NOT-FOR-US: Cloud Foundry CVE-2022-4961 (A vulnerability was found in Weitong Mall 1.0.0. It has been declared ...) NOT-FOR-US: Weitong Mall CVE-2022-4960 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: cloudfavorites CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk redbbs ...) NOT-FOR-US: qkmc-rk redbbs CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if m ...) - libuev 2.4.1-1 (bug #1060692) [bookworm] - libuev (Minor issue) [bullseye] - libuev (Minor issue) NOTE: https://github.com/troglobit/libuev/issues/27 NOTE: https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 (v2.4.1) CVE-2022-48619 (An issue was discovered in drivers/input/input.c in the Linux kernel b ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/409353cbe9fe48f6bc196114c442b1cff05a39bc (5.18-rc1) CVE-2016-20021 (In Gentoo Portage before 3.0.47, there is missing PGP validation of ex ...) NOT-FOR-US: Portage CVE-2024-0443 (A flaw was found in the blkgs destruction path in block/blk-cgroup.c i ...) - linux 6.3.11-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/20cb1c2fb7568a6054c55defe044311397e01ddb (6.4-rc7) CVE-2024-23061 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-23060 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-23059 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-23058 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-23057 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-22942 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2024-22199 (This package provides universal methods to use multiple template engin ...) NOT-FOR-US: Fiber web framework CVE-2024-22198 (Nginx-UI is a web interface to manage Nginx configurations. It is vuln ...) NOT-FOR-US: Nginx-UI CVE-2024-22197 (Nginx-ui is online statistics for Server Indicators Monitor CPU usage, ...) NOT-FOR-US: Nginx-UI CVE-2024-22196 (Nginx-UI is an online statistics for Server Indicators Monitor CPU usa ...) NOT-FOR-US: Nginx-UI CVE-2024-0429 (A denial service vulnerability has been found on Hex Workshop affectin ...) NOT-FOR-US: Hex Workshop CVE-2024-0425 (A vulnerability classified as critical was found in ForU CMS up to 202 ...) NOT-FOR-US: ForU CMS CVE-2024-0424 (A vulnerability classified as problematic has been found in CodeAstro ...) NOT-FOR-US: CodeAstro Simple Banking System CVE-2024-0423 (A vulnerability was found in CodeAstro Online Food Ordering System 1.0 ...) NOT-FOR-US: CodeAstro Online Food Ordering System CVE-2024-0422 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) NOT-FOR-US: CodeAstro POS and Inventory Management System CVE-2024-0419 (A vulnerability was found in Jasper httpdx up to 1.5.4 and classified ...) NOT-FOR-US: Jasper httpdx CVE-2024-0418 (A vulnerability has been found in iSharer and upRedSun File Sharing Wi ...) NOT-FOR-US: iSharer and upRedSun File Sharing Wizard CVE-2024-0417 (A vulnerability, which was classified as critical, was found in DeShan ...) NOT-FOR-US: DeShang DSShop CVE-2024-0416 (A vulnerability, which was classified as critical, has been found in D ...) NOT-FOR-US: DeShang DSMall CVE-2024-0415 (A vulnerability classified as critical was found in DeShang DSMall up ...) NOT-FOR-US: DeShang DSMall CVE-2024-0414 (A vulnerability classified as problematic has been found in DeShang DS ...) NOT-FOR-US: DeShang DSCMS CVE-2024-0413 (A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been ra ...) NOT-FOR-US: DeShang DSKMS CVE-2024-0412 (A vulnerability was found in DeShang DSShop up to 3.1.0. It has been d ...) NOT-FOR-US: DeShang DSShop CVE-2024-0411 (A vulnerability was found in DeShang DSMall up to 6.1.0. It has been c ...) NOT-FOR-US: DeShang DSMall CVE-2024-0227 REJECTED CVE-2023-7071 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) NOT-FOR-US: WordPress plugin CVE-2023-7070 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...) NOT-FOR-US: WordPress plugin CVE-2023-7048 (The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: WordPress plugin CVE-2023-7019 (The LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page B ...) NOT-FOR-US: WordPress plugin CVE-2023-6994 (The List category posts plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2023-6990 (The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2023-6988 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-6979 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2023-6938 (The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2023-6934 (The Limit Login Attempts Reloaded plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2023-6924 (The Photo Gallery by 10Web plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2023-6882 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2023-6878 (The Slick Social Share Buttons plugin for WordPress is vulnerable to u ...) NOT-FOR-US: WordPress plugin CVE-2023-6875 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) NOT-FOR-US: WordPress plugin CVE-2023-6855 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...) NOT-FOR-US: WordPress plugin CVE-2023-6828 (The Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARF ...) NOT-FOR-US: WordPress plugin CVE-2023-6782 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-6781 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2023-6776 (The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-6751 (The Hostinger plugin for WordPress is vulnerable to unauthorized plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-6742 (The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin fo ...) NOT-FOR-US: WordPress plugin CVE-2023-6737 (The Enable Media Replace plugin for WordPress is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2023-6684 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2023-6645 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...) NOT-FOR-US: WordPress plugin CVE-2023-6638 (The GTG Product Feed for Shopping plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2023-6637 (The CAOS | Host Google Analytics Locally plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-6636 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-6634 (The LearnPress plugin for WordPress is vulnerable to Command Injection ...) NOT-FOR-US: WordPress plugin CVE-2023-6632 (The Happy Addons for Elementor plugin for WordPress is vulnerable to R ...) NOT-FOR-US: WordPress plugin CVE-2023-6624 (The Import and export users and customers plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-6598 (The SpeedyCache plugin for WordPress is vulnerable to unauthorized mod ...) NOT-FOR-US: WordPress plugin CVE-2023-6583 (The Import and export users and customers plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-6582 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6567 (The LearnPress plugin for WordPress is vulnerable to time-based SQL In ...) NOT-FOR-US: WordPress plugin CVE-2023-6561 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-6558 (The Export and Import Users and Customers plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-6556 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...) NOT-FOR-US: WordPress plugin CVE-2023-6554 (When access to the "admin" folder is not protected by some external au ...) NOT-FOR-US: TCExam CVE-2023-6504 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...) NOT-FOR-US: WordPress plugin CVE-2023-6496 (The Manage Notification E-mails plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6369 (The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-6316 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file up ...) NOT-FOR-US: WordPress plugin CVE-2023-6266 (The Backup Migration plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-6244 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-6242 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-6220 (The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file ...) NOT-FOR-US: WordPress plugin CVE-2023-5691 (The Chatbot for WordPress plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5504 (The BackWPup plugin for WordPress is vulnerable to Directory Traversal ...) NOT-FOR-US: WordPress plugin CVE-2023-5118 (The application is vulnerable to Stored Cross-Site Scripting (XSS) in ...) NOT-FOR-US: Kofax CVE-2023-52032 (TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a r ...) NOT-FOR-US: TOTOlink CVE-2023-52031 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...) NOT-FOR-US: TOTOlink CVE-2023-52030 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...) NOT-FOR-US: TOTOlink CVE-2023-52029 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...) NOT-FOR-US: TOTOlink CVE-2023-52028 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...) NOT-FOR-US: TOTOlink CVE-2023-52027 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...) NOT-FOR-US: TOTOlink CVE-2023-51989 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...) NOT-FOR-US: D-Link CVE-2023-51987 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...) NOT-FOR-US: D-Link CVE-2023-51984 (D-Link DIR-822+ V1.0.2 was found to contain a command injection in Set ...) NOT-FOR-US: D-Link CVE-2023-51751 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...) NOT-FOR-US: ScaleFusion CVE-2023-51750 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...) NOT-FOR-US: ScaleFusion CVE-2023-51749 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...) NOT-FOR-US: ScaleFusion CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...) NOT-FOR-US: ScaleFusion CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...) - exiftags (bug #1060753) [bookworm] - exiftags (Minor issue) [bullseye] - exiftags (Minor issue) [buster] - exiftags (Minor issue) NOTE: https://blog.yulun.ac.cn/posts/2023/fuzzing-exiftags/ CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode applicat ...) NOT-FOR-US: ScaleFusion CVE-2023-4962 (The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-4960 (The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-4372 (The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-4248 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-4247 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-4246 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2022-4958 (A vulnerability classified as problematic has been found in qkmc-rk re ...) NOT-FOR-US: qkmc-rk redbbs CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders in the ...) {DLA-3715-1} - jinja2 3.1.3-1 (bug #1060748) [bookworm] - jinja2 (Minor issue) [bullseye] - jinja2 (Minor issue) NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 NOTE: Fixed by: https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23 (3.1.3) CVE-2024-22194 (cdo-local-uuid project provides a specialized UUID-generating function ...) NOT-FOR-US: cdo-local-uuid project CVE-2024-22190 (GitPython is a python library used to interact with Git repositories. ...) - python-git (Only affects Windows) NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx NOTE: https://github.com/gitpython-developers/GitPython/pull/1792 NOTE: https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f (3.1.41) CVE-2024-21833 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...) NOT-FOR-US: TP-LINK CVE-2024-21821 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...) NOT-FOR-US: TP-LINK CVE-2024-21773 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...) NOT-FOR-US: TP-LINK CVE-2024-21669 (Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for buil ...) NOT-FOR-US: Hyperledger Aries Cloud Agent Python (ACA-Py) CVE-2024-21667 (pimcore/customer-data-framework is the Customer Management Framework f ...) NOT-FOR-US: Pimcore framework CVE-2024-21666 (The Customer Management Framework (CMF) for Pimcore adds functionality ...) NOT-FOR-US: Pimcore framework CVE-2024-21665 (ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. ...) NOT-FOR-US: Pimcore CVE-2024-21638 (Azure IPAM (IP Address Management) is a lightweight solution developed ...) NOT-FOR-US: Azure IPAM (IP Address Management) CVE-2024-21637 (Authentik is an open-source Identity Provider. Authentik is a vulnerab ...) NOT-FOR-US: authentik CVE-2024-0252 (ManageEngine ADSelfService Plus versions6401and below are vulnerable t ...) NOT-FOR-US: ManageEngine CVE-2023-6883 (The Easy Social Feed plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-6699 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6630 (The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-6520 (The WP 2FA \u2013 Two-factor authentication for WordPress plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2023-6506 (The WP 2FA \u2013 Two-factor authentication for WordPress plugin for W ...) NOT-FOR-US: WordPress plugin CVE-2023-6446 (The Calculated Fields Form plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2023-6223 (The LearnPress plugin for WordPress is vulnerable to Insecure Direct O ...) NOT-FOR-US: WordPress plugin CVE-2023-5448 (The WP Register Profile With Shortcode plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-52274 (member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via th ...) NOT-FOR-US: YzmCMS CVE-2023-52064 (Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Wuzhicms CVE-2023-51127 (FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulner ...) NOT-FOR-US: FLIR AX8 thermal sensor cameras CVE-2023-51126 (Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to ...) NOT-FOR-US: FLIR AX8 CVE-2023-51123 (An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote a ...) NOT-FOR-US: D-Link CVE-2023-51073 (An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to exe ...) NOT-FOR-US: Buffalo CVE-2023-49295 (quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, ...) - golang-github-lucas-clemente-quic-go 0.38.2-1 [bookworm] - golang-github-lucas-clemente-quic-go (Minor issue) [bullseye] - golang-github-lucas-clemente-quic-go (Minor issue) NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf NOTE: https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a (v0.40.1) NOTE: https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49 (v0.40.1) NOTE: https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4 (v0.39.4) NOTE: https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e (v0.39.4) NOTE: https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc (v0.38.2) NOTE: https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc (v0.38.2) NOTE: https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8 (v0.37.7) NOTE: https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965 (v0.37.7) CVE-2023-45175 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-45173 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-45171 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-45169 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-42941 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42934 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2023-42933 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-42929 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42876 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-42872 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-42871 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42870 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-42869 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42866 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42865 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-42862 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-42833 (A correctness issue was addressed with improved checks. This issue is ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2024-0001.html CVE-2023-42832 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2023-42831 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-42830 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-42829 (The issue was addressed with additional restrictions on the observabil ...) NOT-FOR-US: Apple CVE-2023-42828 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-42826 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41994 (A logic issue was addressed with improved checks This issue is fixed i ...) NOT-FOR-US: Apple CVE-2023-41987 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-41974 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-41075 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2023-41069 (This issue was addressed by improving Face ID anti-spoofing models. Th ...) NOT-FOR-US: Apple CVE-2023-41060 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2023-40529 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-40439 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40438 (An issue was addressed with improved handling of temporary files. This ...) NOT-FOR-US: Apple CVE-2023-40437 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40433 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-40430 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-40414 (A use-after-free issue was addressed with improved memory management. ...) {DSA-5527-1} - webkit2gtk 2.42.1-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2024-0001.html CVE-2023-40411 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2023-40394 (The issue was addressed with improved validation of environment variab ...) NOT-FOR-US: Apple CVE-2023-40393 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-40385 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-40383 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2023-38612 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-38610 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2023-38607 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-38267 (IBM Security Access Manager Appliance (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-37644 (SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allo ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/202 CVE-2023-32436 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32424 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-32401 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2023-32383 (This issue was addressed by forcing hardened runtime on the affected b ...) NOT-FOR-US: Apple CVE-2023-32378 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32366 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-48577 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2022-48504 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2022-47965 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-47915 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-4001 (An authentication bypass flaw was found in GRUB due to the way that GR ...) - grub2 (Specific to a downstream patch in Red Hat) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224951 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2223437 NOTE: https://www.openwall.com/lists/oss-security/2024/01/15/3 CVE-2024-20715 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20714 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20713 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20712 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20711 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-20710 (Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2024-0395 REJECTED CVE-2024-0389 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Student Attendance System CVE-2024-0310 (A content-security-policy vulnerability in ENS Control browser extensi ...) NOT-FOR-US: ENS Control browser extension CVE-2023-6158 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-5455 (A Cross-site request forgery vulnerability exists in ipa/session/login ...) - freeipa (bug #1060415; unimportant) NOTE: https://www.freeipa.org/release-notes/4-10-3.html#highlights-in-4-10-3 NOTE: https://www.freeipa.org/release-notes/4-9-14.html#highlights-in-4-9-14 NOTE: Fixed by: https://pagure.io/freeipa/c/363fd5de98e883800ac08b2760e8c3150783e7e2 (release-4-10-3) NOTE: Fixed by: https://pagure.io/freeipa/c/9b1a65fe3936c4d3fe237775e54f0249b740f23e (release-4-9-14) NOTE: freeipa-server packages only built with 4.10.2-2+exp1/experimental CVE-2023-51972 (Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vu ...) NOT-FOR-US: Tenda CVE-2023-51971 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) NOT-FOR-US: Tenda CVE-2023-51970 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) NOT-FOR-US: Tenda CVE-2023-51969 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) NOT-FOR-US: Tenda CVE-2023-51968 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) NOT-FOR-US: Tenda CVE-2023-51967 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) NOT-FOR-US: Tenda CVE-2023-51966 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) NOT-FOR-US: Tenda CVE-2023-51965 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) NOT-FOR-US: Tenda CVE-2023-51964 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) NOT-FOR-US: Tenda CVE-2023-51963 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) NOT-FOR-US: Tenda CVE-2023-51962 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) NOT-FOR-US: Tenda CVE-2023-51961 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) NOT-FOR-US: Tenda CVE-2023-51960 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) NOT-FOR-US: Tenda CVE-2023-51959 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) NOT-FOR-US: Tenda CVE-2023-51958 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) NOT-FOR-US: Tenda CVE-2023-51957 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) NOT-FOR-US: Tenda CVE-2023-51956 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan ...) NOT-FOR-US: Tenda CVE-2023-51955 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbal ...) NOT-FOR-US: Tenda CVE-2023-51954 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port ...) NOT-FOR-US: Tenda CVE-2023-51953 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) NOT-FOR-US: Tenda CVE-2023-51952 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpv ...) NOT-FOR-US: Tenda CVE-2023-51252 (PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because fil ...) NOT-FOR-US: PublicCMS CVE-2023-51195 REJECTED CVE-2023-50916 (Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposu ...) NOT-FOR-US: Kyocera Device Manager CVE-2023-50172 (A recovery notification bypass vulnerability exists in the userRecover ...) NOT-FOR-US: WWBN AVideo CVE-2023-50120 (MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to ...) - gpac (bug #1060696) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2698 NOTE: https://github.com/gpac/gpac/commit/b655955b840ccd7c7198bb15375aa510e76208eb CVE-2023-49864 (An information disclosure vulnerability exists in the aVideoEncoderRec ...) NOT-FOR-US: WWBN AVideo CVE-2023-49863 (An information disclosure vulnerability exists in the aVideoEncoderRec ...) NOT-FOR-US: WWBN AVideo CVE-2023-49862 (An information disclosure vulnerability exists in the aVideoEncoderRec ...) NOT-FOR-US: WWBN AVideo CVE-2023-49810 (A login attempt restriction bypass vulnerability exists in the checkLo ...) NOT-FOR-US: WWBN AVideo CVE-2023-49738 (An information disclosure vulnerability exists in the image404Raw.php ...) NOT-FOR-US: WWBN AVideo CVE-2023-49715 (A unrestricted php file upload vulnerability exists in the import.json ...) NOT-FOR-US: WWBN AVideo CVE-2023-49599 (An insufficient entropy vulnerability exists in the salt generation fu ...) NOT-FOR-US: WWBN AVideo CVE-2023-49589 (An insufficient entropy vulnerability exists in the userRecoverPass.ph ...) NOT-FOR-US: WWBN AVideo CVE-2023-49471 (Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus B ...) NOT-FOR-US: karlomikus Bar Assistant CVE-2023-49427 (Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remot ...) NOT-FOR-US: Tenda CVE-2023-49394 (Zentao versions 4.1.3 and before has a URL redirect vulnerability, whi ...) NOT-FOR-US: Zentao CVE-2023-48783 (AnAuthorization Bypass Through User-Controlled Key vulnerability [CWE- ...) NOT-FOR-US: PortiPortal CVE-2023-48730 (A cross-site scripting (xss) vulnerability exists in the navbarMenuAnd ...) NOT-FOR-US: WWBN AVideo CVE-2023-48728 (A cross-site scripting (xss) vulnerability exists in the functiongetOp ...) NOT-FOR-US: WWBN AVideo CVE-2023-48266 (The vulnerability allows an unauthenticated remote attacker to perform ...) NOT-FOR-US: Bosch CVE-2023-48265 (The vulnerability allows an unauthenticated remote attacker to perform ...) NOT-FOR-US: Bosch CVE-2023-48264 (The vulnerability allows an unauthenticated remote attacker to perform ...) NOT-FOR-US: Bosch CVE-2023-48263 (The vulnerability allows an unauthenticated remote attacker to perform ...) NOT-FOR-US: Bosch CVE-2023-48262 (The vulnerability allows an unauthenticated remote attacker to perform ...) NOT-FOR-US: Bosch CVE-2023-48261 (The vulnerability allows a remote unauthenticated attacker to read arb ...) NOT-FOR-US: Bosch CVE-2023-48260 (The vulnerability allows a remote unauthenticated attacker to read arb ...) NOT-FOR-US: Bosch CVE-2023-48259 (The vulnerability allows a remote unauthenticated attacker to read arb ...) NOT-FOR-US: Bosch CVE-2023-48258 (The vulnerability allows a remote attacker to delete arbitrary files o ...) NOT-FOR-US: Bosch CVE-2023-48257 (The vulnerability allows a remote attacker to access sensitive data in ...) NOT-FOR-US: Bosch CVE-2023-48256 (The vulnerability allows a remote attacker to inject arbitrary HTTP re ...) NOT-FOR-US: Bosch CVE-2023-48255 (The vulnerability allows an unauthenticated remote attacker to send ma ...) NOT-FOR-US: Bosch CVE-2023-48254 (The vulnerability allows a remote attacker to inject and execute arbit ...) NOT-FOR-US: Bosch CVE-2023-48253 (The vulnerability allows a remote authenticated attacker to read or up ...) NOT-FOR-US: Bosch CVE-2023-48252 (The vulnerability allows an authenticated remote attacker to perform a ...) NOT-FOR-US: Bosch CVE-2023-48251 (The vulnerability allows a remote attacker to authenticate to the SSH ...) NOT-FOR-US: Bosch CVE-2023-48250 (The vulnerability allows a remote attacker to authenticate to the web ...) NOT-FOR-US: Bosch CVE-2023-48249 (The vulnerability allows an authenticated remote attacker to list arbi ...) NOT-FOR-US: Bosch CVE-2023-48248 (The vulnerability allows an authenticated remote attacker to upload a ...) NOT-FOR-US: Bosch CVE-2023-48247 (The vulnerability allows an unauthenticated remote attacker to read ar ...) NOT-FOR-US: Bosch CVE-2023-48246 (The vulnerability allows a remote attacker to download arbitrary files ...) NOT-FOR-US: Bosch CVE-2023-48245 (The vulnerability allows an unauthenticated remote attacker to upload ...) NOT-FOR-US: Bosch CVE-2023-48244 (The vulnerability allows a remote attacker to inject and execute arbit ...) NOT-FOR-US: Bosch CVE-2023-48243 (The vulnerability allows a remote attacker to upload arbitrary files i ...) NOT-FOR-US: Bosch CVE-2023-48242 (The vulnerability allows an authenticated remote attacker to download ...) NOT-FOR-US: Bosch CVE-2023-47862 (A local file inclusion vulnerability exists in the getLanguageFromBrow ...) NOT-FOR-US: WWBN AVideo CVE-2023-47861 (A cross-site scripting (xss) vulnerability exists in the channelBody.p ...) NOT-FOR-US: WWBN AVideo CVE-2023-47171 (An information disclosure vulnerability exists in the aVideoEncoder.js ...) NOT-FOR-US: WWBN AVideo CVE-2023-46712 (A improper access control in Fortinet FortiPortal version 7.0.0 throug ...) NOT-FOR-US: FortiGuard CVE-2023-45139 (fontTools is a library for manipulating fonts, written in Python. The ...) - fonttools 4.46.0-1 [bookworm] - fonttools (Minor issue) [bullseye] - fonttools (Vulnerable code not present) [buster] - fonttools (Vulnerable code not present) NOTE: https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5 NOTE: Fixed by: https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c (4.43.0) NOTE: https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/ CVE-2023-44250 (An improper privilege management vulnerability [CWE-269] in a Fortinet ...) NOT-FOR-US: FortiGuard CVE-2023-41603 (D-Link R15 before v1.08.02 was discovered to contain no firewall restr ...) NOT-FOR-US: D-Link CVE-2023-37934 (An allocation of resources without limits or throttling vulnerability ...) NOT-FOR-US: FortiGuard CVE-2023-37932 (An improper limitation of a pathname to a restricted directory ('path ...) NOT-FOR-US: FortiGuard CVE-2023-31488 (Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.264 ...) NOT-FOR-US: Cisco CVE-2023-49619 (Concurrent Execution using Shared Resource with Improper Synchronizati ...) NOT-FOR-US: Apache Answer CVE-2024-21643 (IdentityModel Extensions for .NET provide assemblies for web developer ...) NOT-FOR-US: IdentityModel Extensions for .NET CVE-2024-0364 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0363 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0362 (A vulnerability classified as critical was found in PHPGurukul Hospita ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0361 (A vulnerability classified as critical has been found in PHPGurukul Ho ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0360 (A vulnerability was found in PHPGurukul Hospital Management System 1.0 ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0359 (A vulnerability was found in code-projects Simple Online Hotel Reserva ...) NOT-FOR-US: code-projects Simple Online Hotel Reservation System CVE-2024-0358 (A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been cl ...) NOT-FOR-US: DeShang DSO2O CVE-2024-0357 (A vulnerability was found in coderd-repos Eva 1.0.0 and classified as ...) NOT-FOR-US: coderd-repos Eva CVE-2024-0356 (A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and class ...) NOT-FOR-US: Mandelo ssm_shiro_blog CVE-2024-0355 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2024-0354 (A vulnerability, which was classified as critical, has been found in u ...) NOT-FOR-US: unknown-o download-station CVE-2024-0352 (A vulnerability classified as critical was found in Likeshop up to 2.5 ...) NOT-FOR-US: Likeshop CVE-2024-0351 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0350 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0349 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0348 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0347 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2024-0346 (A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 ...) NOT-FOR-US: CodeAstro Vehicle Booking System CVE-2024-0345 (A vulnerability, which was classified as problematic, was found in Cod ...) NOT-FOR-US: CodeAstro Vehicle Booking System CVE-2024-0344 (A vulnerability, which was classified as critical, has been found in s ...) NOT-FOR-US: soxft TimeMail CVE-2023-5770 (Proofpoint Enterprise Protection contains a vulnerability in the email ...) NOT-FOR-US: Proofpoint Enterprise Protection CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows att ...) NOT-FOR-US: JFinalcms CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: SEMCMS CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...) - freeimage (bug #1060691) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47997.patch CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...) - freeimage (bug #1060691) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996 CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in BitmapAccess ...) - freeimage (bug #1060862) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47995.patch CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...) - freeimage (bug #1060691) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994 CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in Fre ...) - freeimage (bug #1060691) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993 CVE-2023-47992 (An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc ...) - freeimage (bug #1060691) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) [buster] - freeimage (Revisit when fixed upstream) NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992 CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE MF258. Due t ...) NOT-FOR-US: ZTE CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-38827 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...) NOT-FOR-US: Follet School Solutions Destiny CVE-2023-37297 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-37296 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-37295 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-37294 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-37293 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-34333 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-34332 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...) NOT-FOR-US: AMI CVE-2023-31446 (In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.23 ...) NOT-FOR-US: Cassia Gateway firmware CVE-2023-6476 (A flaw was found in CRI-O that involves an experimental annotation lea ...) - cri-o (bug #979702) CVE-2024-0333 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) {DSA-5598-1} - chromium 120.0.6099.216-1 [buster] - chromium (see DSA 5046) CVE-2024-22370 (In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was ...) NOT-FOR-US: JetBrains YouTrack CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter ...) {DLA-3723-1} - libspreadsheet-parsexlsx-perl 0.29-1 [bookworm] - libspreadsheet-parsexlsx-perl 0.27-3+deb12u1 [bullseye] - libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u1 NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md NOTE: Fixed by: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/39b25b91fcb939a9c8ea807fdc80386c1ae5be0c (0.28) NOTE: Minor rewrite followup: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/47ff82d74fbd014b8ec3cab80fa4fd25db9e8242 NOTE: Unit test: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/0bb6830c71f442cea6d1a0fae2455cd704292e88 CVE-2024-22165 (In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attac ...) NOT-FOR-US: Splunk Enterprise Security (ES) CVE-2024-22164 (In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker c ...) NOT-FOR-US: Splunk Enterprise Security (ES) CVE-2024-21668 (react-native-mmkv is a library that allows easy use of MMKV inside Rea ...) NOT-FOR-US: react-native-mmkv CVE-2024-21664 (jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, othe ...) NOT-FOR-US: jwx CVE-2024-21325 (Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution V ...) NOT-FOR-US: Microsoft CVE-2024-21320 (Windows Themes Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21319 (Microsoft Identity Denial of service vulnerability) NOT-FOR-US: Microsoft CVE-2024-21318 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21316 (Windows Server Key Distribution Service Security Feature Bypass) NOT-FOR-US: Microsoft CVE-2024-21314 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21313 (Windows TCP/IP Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21312 (.NET Framework Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21311 (Windows Cryptographic Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21310 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2024-21309 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21307 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21306 (Microsoft Bluetooth Driver Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21305 (Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vul ...) NOT-FOR-US: Microsoft CVE-2024-20700 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20699 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20697 (Windows libarchive Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20696 (Windows libarchive Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20694 (Windows CoreMessaging Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20692 (Microsoft Local Security Authority Subsystem Service Information Discl ...) NOT-FOR-US: Microsoft CVE-2024-20691 (Windows Themes Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20690 (Windows Nearby Sharing Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20687 (Microsoft AllJoyn API Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20686 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20683 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20682 (Windows Cryptographic Services Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20681 (Windows Subsystem for Linux Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20680 (Windows Message Queuing Client (MSMQC) Information Disclosure) NOT-FOR-US: Microsoft CVE-2024-20677 (A security vulnerability exists in FBX that could lead to remote code ...) NOT-FOR-US: Microsoft CVE-2024-20676 (Azure Storage Mover Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20674 (Windows Kerberos Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20672 (.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2024-20666 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20664 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20663 (Windows Message Queuing Client (MSMQC) Information Disclosure) NOT-FOR-US: Microsoft CVE-2024-20662 (Windows Online Certificate Status Protocol (OCSP) Information Disclosu ...) NOT-FOR-US: Microsoft CVE-2024-20661 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20660 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20658 (Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20657 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20656 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20655 (Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execut ...) NOT-FOR-US: Microsoft CVE-2024-20654 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20653 (Microsoft Common Log File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-20652 (Windows HTML Platforms Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-0343 (A vulnerability classified as problematic was found in CodeAstro Simpl ...) NOT-FOR-US: CodeAstro Simple House Rental System CVE-2024-0342 (A vulnerability classified as critical has been found in Inis up to 2. ...) NOT-FOR-US: Inis CVE-2024-0341 (A vulnerability was found in Inis up to 2.0.1. It has been rated as pr ...) NOT-FOR-US: Inis CVE-2024-0340 (A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in ...) {DSA-5681-1} - linux 6.4.4-1 [bookworm] - linux 6.1.82-1 NOTE: https://git.kernel.org/linus/4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 (6.4-rc6) CVE-2024-0228 REJECTED CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored ...) NOT-FOR-US: Synopsys CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for MacOS prior ...) NOT-FOR-US: Trellix CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix Anti-Malware Eng ...) NOT-FOR-US: Trellix CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnera ...) NOT-FOR-US: Microsoft .NET CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider S ...) NOT-FOR-US: Microsoft CVE-2023-7223 (A vulnerability classified as problematic has been found in Totolink T ...) NOT-FOR-US: Totolink CVE-2023-7222 (A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It ...) NOT-FOR-US: Totolink CVE-2023-7221 (A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It ha ...) NOT-FOR-US: Totolink CVE-2023-7032 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...) NOT-FOR-US: Schneider-Electric CVE-2023-6149 (Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 wa ...) NOT-FOR-US: Qualys Jenkins Plugin CVE-2023-6148 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...) NOT-FOR-US: Qualys Jenkins Plugin CVE-2023-6147 (Qualys Jenkins Plugin for Policy Compliance prior to version and inclu ...) NOT-FOR-US: Qualys Jenkins Plugin CVE-2023-5376 (An Improper Authentication vulnerability in Korenix JetNet TFTP allows ...) NOT-FOR-US: Korenix JetNet TFTP CVE-2023-5347 (An Improper Verification of Cryptographic Signature vulnerability in t ...) NOT-FOR-US: Korenix JetNet Series CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) NOT-FOR-US: Siemens CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) NOT-FOR-US: Siemens CVE-2023-51744 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) NOT-FOR-US: Siemens CVE-2023-51439 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) NOT-FOR-US: Siemens CVE-2023-51438 (A vulnerability has been identified in SIMATIC IPC1047E (All versions ...) NOT-FOR-US: Siemens CVE-2023-50974 (In Appwrite CLI before 3.0.0, when using the login command, the creden ...) NOT-FOR-US: Appwrite CLI CVE-2023-50585 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-49722 (Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 product ...) NOT-FOR-US: WiFi firmware of BCC101/BCC102/BCC50 products CVE-2023-49621 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-49252 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-49251 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-49237 (An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. ...) NOT-FOR-US: TRENDnet CVE-2023-49236 (A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5 ...) NOT-FOR-US: TRENDnet CVE-2023-49235 (An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5. ...) NOT-FOR-US: TRENDnet CVE-2023-49132 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49131 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49130 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49129 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49128 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49127 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49126 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49124 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49123 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49122 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-49121 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-44120 (A vulnerability has been identified in Spectrum Power 7 (All versions ...) NOT-FOR-US: Siemens CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2022-48618 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41056 (Redis is an in-memory database that persists on disk. Redis incorrectl ...) {DSA-5610-1} - redis 5:7.0.15-1 (bug #1060316) [bullseye] - redis (Vulnerable code not present) [buster] - redis (Vulnerable code not present) NOTE: Introduced with changes from: https://github.com/redis/redis/pull/11766 (which landed NOTE: in 7.2, but which also got backported to the 7.0. branch) NOTE: https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224 (7.0.15) CVE-2024-22125 (Under certain conditions the Microsoft Edge browser extension (SAP GUI ...) NOT-FOR-US: SAP CVE-2024-22124 (Under certain conditions,Internet Communication Manager (ICM) orSAP We ...) NOT-FOR-US: SAP CVE-2024-21738 (SAP NetWeaver ABAP Application Server and ABAP Platform do not suffici ...) NOT-FOR-US: SAP CVE-2024-21737 (In SAP Application Interface Framework File Adapter - version 702, ahi ...) NOT-FOR-US: SAP CVE-2024-21736 (SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSC ...) NOT-FOR-US: SAP CVE-2024-21735 (SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105 ...) NOT-FOR-US: SAP CVE-2024-21734 (SAP Marketing (Contacts App) - version 160, allows an attacker with lo ...) NOT-FOR-US: SAP CVE-2024-21663 (Discord-Recon is a Discord bot created to automate bug bounty recon, a ...) NOT-FOR-US: Discord-Recon CVE-2024-21651 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2024-21648 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2024-21646 (Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP lib ...) - azure-uamqp-python 1.6.8-1 NOTE: https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv NOTE: https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe NOTE: https://github.com/Azure/azure-uamqp-python/issues/372 NOTE: https://github.com/Azure/azure-uamqp-python/commit/c85efcd12c249999eb8a1064b7d4fd8c7715c780 (v1.6.7) CVE-2023-7220 (A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 an ...) NOT-FOR-US: Totolink CVE-2023-7219 (A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 ...) NOT-FOR-US: Totolink CVE-2023-7218 (A vulnerability, which was classified as critical, was found in Totoli ...) NOT-FOR-US: Totolink CVE-2023-6842 (The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calcu ...) NOT-FOR-US: WordPress plugin CVE-2023-6830 (The Formidable Forms plugin for WordPress is vulnerable to HTML inject ...) NOT-FOR-US: WordPress plugin CVE-2023-6788 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-6594 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-52202 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...) NOT-FOR-US: WordPress plugin CVE-2023-52198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52142 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52074 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: FlyCms CVE-2023-52073 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: FlyCms CVE-2023-52072 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: FlyCms CVE-2023-51717 (Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that ...) NOT-FOR-US: Dataiku DSS CVE-2023-51490 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51408 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51406 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-50932 (An issue was discovered in savignano S/Notify before 4.0.2 for Conflue ...) NOT-FOR-US: savignano S/Notify CVE-2023-50931 (An issue was discovered in savignano S/Notify before 2.0.1 for Bitbuck ...) NOT-FOR-US: savignano S/Notify CVE-2023-50930 (An issue was discovered in savignano S/Notify before 4.0.2 for Jira. W ...) NOT-FOR-US: savignano S/Notify CVE-2023-50643 (An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote atta ...) NOT-FOR-US: Evernote CVE-2023-50162 (SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers ...) NOT-FOR-US: EmpireCMS CVE-2023-49961 (WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x an ...) NOT-FOR-US: WALLIX Access Manager CVE-2023-49238 (In Gradle Enterprise before 2023.1, a remote attacker may be able to g ...) NOT-FOR-US: Gradle Enterprise CVE-2023-46906 (juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in ...) NOT-FOR-US: juzaweb CVE-2023-39336 (An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager ...) NOT-FOR-US: Ivanti CVE-2023-36629 (The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W0 ...) NOT-FOR-US: ST ST54-android-packages-apps-Nfc package for Android CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-21744 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-21650 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2024-21647 (Puma is a web server for Ruby/Rack applications built for parallelism. ...) - puma 6.4.2-1 (bug #1060345) [bookworm] - puma (Minor issue) [bullseye] - puma (Minor issue) [buster] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 NOTE: https://github.com/puma/puma/commit/bbb880ffb6debbfdea535b4b3eb2204d49ae151d (v5.6.8) CVE-2024-21645 (pyLoad is the free and open-source Download Manager written in pure Py ...) - pyload (bug #1001980) CVE-2024-21644 (pyLoad is the free and open-source Download Manager written in pure Py ...) - pyload (bug #1001980) CVE-2024-0322 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1060409) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec/ NOTE: https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1060409) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/ NOTE: https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been rated as cr ...) NOT-FOR-US: Inis CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management System u ...) NOT-FOR-US: Kashipara Dynamic Lab Management System CVE-2024-0306 (A vulnerability was found in Kashipara Dynamic Lab Management System u ...) NOT-FOR-US: Kashipara Dynamic Lab Management System CVE-2024-0305 (A vulnerability was found in Guangzhou Yingke Electronic Technology Nc ...) NOT-FOR-US: Guangzhou Yingke Electronic Technology Ncast CVE-2023-7224 (OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users ...) NOT-FOR-US: OpenVPN Connect CVE-2023-6921 (Blind SQL Injection vulnerability in PrestaShow Google Integrator (Pre ...) NOT-FOR-US: PrestaShop module CVE-2023-6845 (The CommentTweets WordPress plugin through 0.6 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-6750 (The Clone WordPress plugin before 2.4.3 uses buffer files to store in- ...) NOT-FOR-US: WordPress plugin CVE-2023-6631 (PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnera ...) NOT-FOR-US: PowerSYSTEM Center CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.2 ...) NOT-FOR-US: WordPress plugin CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-6552 (Lack of "current" GET parameter validation during the action of changi ...) NOT-FOR-US: TasmoAdmin CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation and CS ...) NOT-FOR-US: WordPress plugin CVE-2023-6528 (The Slider Revolution WordPress plugin before 6.6.19 does not prevent ...) NOT-FOR-US: WordPress plugin CVE-2023-6505 (The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 ...) NOT-FOR-US: WordPress plugin CVE-2023-6383 (The Debug Log Manager WordPress plugin before 2.3.0 contains a Directo ...) NOT-FOR-US: WordPress plugin CVE-2023-6161 (The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-6141 (The Essential Real Estate WordPress plugin before 4.4.0 does not apply ...) NOT-FOR-US: WordPress plugin CVE-2023-6140 (The Essential Real Estate WordPress plugin before 4.4.0 does not preve ...) NOT-FOR-US: WordPress plugin CVE-2023-6139 (The Essential Real Estate WordPress plugin before 4.4.0 does not apply ...) NOT-FOR-US: WordPress plugin CVE-2023-6042 (Any unauthenticated user may send e-mail from the site with any title ...) NOT-FOR-US: WordPress plugin CVE-2023-5957 (The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2 ...) NOT-FOR-US: WordPress plugin CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin throu ...) NOT-FOR-US: WordPress plugin CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not li ...) NOT-FOR-US: WordPress plugin CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allo ...) NOT-FOR-US: Arm CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-pr ...) NOT-FOR-US: Topaz Antifraud CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox Tagbox \u201 ...) NOT-FOR-US: WordPress plugin CVE-2023-52222 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-52219 (Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms T ...) NOT-FOR-US: WordPress plugin CVE-2023-52218 (Deserialization of Untrusted Data vulnerability in Anton Bond Woocomme ...) NOT-FOR-US: WordPress plugin CVE-2023-52216 (Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi ...) NOT-FOR-US: WordPress plugin CVE-2023-52215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52208 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52207 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...) NOT-FOR-US: WordPress plugin CVE-2023-52206 (Deserialization of Untrusted Data vulnerability in Live Composer Team ...) NOT-FOR-US: WordPress plugin CVE-2023-52205 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...) NOT-FOR-US: WordPress plugin CVE-2023-52204 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52203 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52201 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52200 (Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data v ...) NOT-FOR-US: WordPress plugin CVE-2023-52190 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51701 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...) NOT-FOR-US: fastify-reply-from CVE-2023-51508 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51246 (A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exi ...) NOT-FOR-US: GetSimple CMS CVE-2023-50982 (Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executab ...) NOT-FOR-US: Stud.IP CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.) - pyload (bug #1001980) CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib functional ...) NOT-FOR-US: ManageEngine OpManager CVE-2023-41710 (User-defined script code could be stored for a upsell related shop URL ...) NOT-FOR-US: Open-Xchange CVE-2023-39444 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 CVE-2023-39443 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1826 CVE-2023-39414 (Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_i ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824 CVE-2023-39413 (Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_i ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1824 CVE-2023-39317 (Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_e ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820 CVE-2023-39316 (Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_e ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1820 CVE-2023-39275 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39274 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39273 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39272 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39271 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39270 (Multiple integer overflow vulnerabilities exist in the LXT2 facgeometr ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1818 CVE-2023-39235 (Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_p ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817 CVE-2023-39234 (Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_p ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1817 CVE-2023-38657 (An out-of-bounds write vulnerability exists in the LXT2 zlib block dec ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1823 CVE-2023-38653 (Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_bloc ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815 CVE-2023-38652 (Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_bloc ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815 CVE-2023-38651 (Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_bloc ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 CVE-2023-38650 (Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_bloc ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814 CVE-2023-38649 (Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_g ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 CVE-2023-38648 (Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_g ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813 CVE-2023-38623 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38622 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38621 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38620 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38619 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38618 (Multiple integer overflow vulnerabilities exist in the VZT facgeometry ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812 CVE-2023-38583 (A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1827 CVE-2023-37923 (Multiple arbitrary write vulnerabilities exist in the VCD sorted bsear ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 CVE-2023-37922 (Multiple arbitrary write vulnerabilities exist in the VCD sorted bsear ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 CVE-2023-37921 (Multiple arbitrary write vulnerabilities exist in the VCD sorted bsear ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1807 CVE-2023-37578 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37577 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37576 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37575 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37574 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37573 (Multiple use-after-free vulnerabilities exist in the VCD get_vartoken ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1806 CVE-2023-37447 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37446 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37445 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37444 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37443 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37442 (Multiple out-of-bounds read vulnerabilities exist in the VCD var defin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1805 CVE-2023-37420 (Multiple out-of-bounds write vulnerabilities exist in the VCD parse_va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 CVE-2023-37419 (Multiple out-of-bounds write vulnerabilities exist in the VCD parse_va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 CVE-2023-37418 (Multiple out-of-bounds write vulnerabilities exist in the VCD parse_va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 CVE-2023-37417 (Multiple out-of-bounds write vulnerabilities exist in the VCD parse_va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 CVE-2023-37416 (Multiple out-of-bounds write vulnerabilities exist in the VCD parse_va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1804 CVE-2023-37282 (An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1810 CVE-2023-36916 (Multiple integer overflow vulnerabilities exist in the FST fstReaderIt ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 CVE-2023-36915 (Multiple integer overflow vulnerabilities exist in the FST fstReaderIt ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1798 CVE-2023-36864 (An integer overflow vulnerability exists in the fstReaderIterBlocks2 t ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1797 CVE-2023-36861 (An out-of-bounds write vulnerability exists in the VZT LZMA_read_varin ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1811 CVE-2023-36747 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793 CVE-2023-36746 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1793 CVE-2023-35997 (Multiple improper array index validation vulnerabilities exist in the ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 CVE-2023-35996 (Multiple improper array index validation vulnerabilities exist in the ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 CVE-2023-35995 (Multiple improper array index validation vulnerabilities exist in the ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 CVE-2023-35994 (Multiple improper array index validation vulnerabilities exist in the ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1791 CVE-2023-35992 (An integer overflow vulnerability exists in the FST fstReaderIterBlock ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1790 CVE-2023-35989 (An integer overflow vulnerability exists in the LXT2 zlib block alloca ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1822 CVE-2023-35970 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 CVE-2023-35969 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1789 CVE-2023-35964 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35963 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35962 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35961 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35960 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35959 (Multiple OS command injection vulnerabilities exist in the decompressi ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1786 CVE-2023-35958 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 CVE-2023-35957 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 CVE-2023-35956 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 CVE-2023-35955 (Multiple heap-based buffer overflow vulnerabilities exist in the fstRe ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1785 CVE-2023-35704 (Multiple stack-based buffer overflow vulnerabilities exist in the FST ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 CVE-2023-35703 (Multiple stack-based buffer overflow vulnerabilities exist in the FST ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 CVE-2023-35702 (Multiple stack-based buffer overflow vulnerabilities exist in the FST ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1783 CVE-2023-35128 (An integer overflow vulnerability exists in the fstReaderIterBlocks2 t ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1792 CVE-2023-35057 (An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace val ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1821 CVE-2023-35004 (An integer overflow vulnerability exists in the VZT longest_len value ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1816 CVE-2023-34436 (An out-of-bounds write vulnerability exists in the LXT2 num_time_table ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1819 CVE-2023-34087 (An improper array index validation vulnerability exists in the EVCD va ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1803 CVE-2023-32650 (An integer overflow vulnerability exists in the FST_BL_GEOM parsing ma ...) {DSA-5653-1 DLA-3785-1} - gtkwave 3.3.118-0.1 (bug #1060407) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1777 CVE-2018-25095 (The Duplicator WordPress plugin before 1.3.0 does not properly escape ...) NOT-FOR-US: WordPress plugin CVE-2024-22216 (In default installations of Microchip maxView Storage Manager (for Ada ...) NOT-FOR-US: Microchip CVE-2024-0304 (A vulnerability has been found in Youke365 up to 1.5.3 and classified ...) NOT-FOR-US: Youke365 CVE-2024-0303 (A vulnerability, which was classified as critical, was found in Youke3 ...) NOT-FOR-US: Youke365 CVE-2024-0302 (A vulnerability, which was classified as critical, has been found in f ...) NOT-FOR-US: fhs-opensource CVE-2024-0301 (A vulnerability classified as critical was found in fhs-opensource ipa ...) NOT-FOR-US: fhs-opensource CVE-2024-0300 (A vulnerability was found in Byzoro Smart S150 Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform CVE-2024-0299 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2024-0298 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2024-0297 (A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and ...) NOT-FOR-US: Totolink CVE-2024-0296 (A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B2020121 ...) NOT-FOR-US: Totolink CVE-2024-0295 (A vulnerability, which was classified as critical, was found in Totoli ...) NOT-FOR-US: Totolink CVE-2024-0294 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2024-0293 (A vulnerability classified as critical was found in Totolink LR1200GB ...) NOT-FOR-US: Totolink CVE-2024-0292 (A vulnerability classified as critical has been found in Totolink LR12 ...) NOT-FOR-US: Totolink CVE-2024-0291 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...) NOT-FOR-US: Totolink CVE-2024-0290 (A vulnerability, which was classified as critical, has been found in K ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0289 (A vulnerability classified as critical was found in Kashipara Food Man ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0288 (A vulnerability classified as critical has been found in Kashipara Foo ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0287 (A vulnerability was found in Kashipara Food Management System 1.0. It ...) NOT-FOR-US: Kashipara Food Management System CVE-2023-7215 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Chanzhaoyu chatgpt-web CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credent ...) NOT-FOR-US: IBM CVE-2023-47140 (IBM CICS Transaction Gateway 9.3 could allow a user to transfer or vie ...) NOT-FOR-US: IBM CVE-2024-0286 (A vulnerability, which was classified as problematic, was found in PHP ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2024-0284 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0283 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0282 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0281 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0280 (A vulnerability has been found in Kashipara Food Management System up ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0279 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0278 (A vulnerability, which was classified as critical, has been found in K ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0277 (A vulnerability classified as critical was found in Kashipara Food Man ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0276 (A vulnerability classified as critical has been found in Kashipara Foo ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0275 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0274 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0273 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0272 (A vulnerability was found in Kashipara Food Management System up to 1. ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0271 (A vulnerability has been found in Kashipara Food Management System up ...) NOT-FOR-US: Kashipara Food Management System CVE-2023-7214 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2023-7213 (A vulnerability classified as critical was found in Totolink N350RT 9. ...) NOT-FOR-US: Totolink CVE-2023-7212 (A vulnerability classified as critical has been found in DeDeCMS up to ...) NOT-FOR-US: DeDeCMS CVE-2023-7211 (A vulnerability was found in Uniway Router 2.0. It has been declared a ...) NOT-FOR-US: Uniway Router CVE-2023-7210 (A vulnerability was found in OneNav up to 0.9.33. It has been classifi ...) NOT-FOR-US: OneNav CVE-2023-7209 (A vulnerability was found in Uniway Router up to 2.0. It has been rate ...) NOT-FOR-US: Uniway Router CVE-2023-47145 (IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 ...) NOT-FOR-US: IBM CVE-2024-0270 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara Food Management System CVE-2024-0268 (A vulnerability, which was classified as critical, has been found in K ...) NOT-FOR-US: Kashipara Hospital Management System CVE-2024-0267 (A vulnerability classified as critical was found in Kashipara Hospital ...) NOT-FOR-US: Kashipara Hospital Management System CVE-2024-0266 (A vulnerability classified as problematic has been found in Project Wo ...) NOT-FOR-US: Project Worlds Online Lawyer Management System CVE-2024-0265 (A vulnerability was found in SourceCodester Clinic Queuing System 1.0. ...) NOT-FOR-US: SourceCodester Clinic Queuing System CVE-2024-0264 (A vulnerability was found in SourceCodester Clinic Queuing System 1.0. ...) NOT-FOR-US: SourceCodester Clinic Queuing System CVE-2024-0263 (A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been c ...) NOT-FOR-US: ACME Ultra Mini HTTPd CVE-2024-0262 (A vulnerability was found in Online Job Portal 1.0 and classified as p ...) NOT-FOR-US: Online Job Portal CVE-2024-0261 (A vulnerability has been found in Sentex FTPDMIN 0.96 and classified a ...) NOT-FOR-US: Sentex FTPDMIN CVE-2024-0260 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-7208 (A vulnerability classified as critical was found in Totolink X2000R_V2 ...) NOT-FOR-US: Totolink CVE-2023-6801 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2023-6798 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...) NOT-FOR-US: WordPress plugin CVE-2024-21642 (D-Tale is a visualizer for Pandas data structures. Users hosting versi ...) NOT-FOR-US: D-Tale CVE-2024-21641 (Flarum is open source discussion platform software. Prior to version 1 ...) NOT-FOR-US: Flarum CVE-2023-50612 (Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite ve ...) NOT-FOR-US: fit2cloud Cloud Explorer Lite CVE-2023-50609 (Cross Site Scripting (XSS) vulnerability in AVA teaching video applica ...) NOT-FOR-US: AVA teaching video application service platform CVE-2023-50121 (Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerab ...) NOT-FOR-US: Autel EVO NANO drone flight control firmware CVE-2023-46953 (SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attacker ...) NOT-FOR-US: ABO.CMS CVE-2023-39853 (SQL Injection vulnerability in Dzzoffice version 2.01, allows remote a ...) NOT-FOR-US: Dzzoffice CVE-2024-0247 (A vulnerability classified as critical was found in CodeAstro Online F ...) NOT-FOR-US: CodeAstro Online Food Ordering System CVE-2024-0246 (A vulnerability classified as problematic has been found in IceWarp 12 ...) NOT-FOR-US: IceWarp CVE-2023-52151 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52149 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floatin ...) NOT-FOR-US: WordPress plugin CVE-2023-52148 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52146 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52145 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou R ...) NOT-FOR-US: WordPress plugin CVE-2023-52143 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52136 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...) NOT-FOR-US: WordPress plugin CVE-2023-52130 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) NOT-FOR-US: WordPress plugin CVE-2023-52129 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) NOT-FOR-US: WordPress plugin CVE-2023-52128 (Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label ...) NOT-FOR-US: WordPress plugin CVE-2023-52127 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Produc ...) NOT-FOR-US: WordPress plugin CVE-2023-52126 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52125 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52123 (Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Test ...) NOT-FOR-US: WordPress plugin CVE-2023-52122 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) NOT-FOR-US: WordPress plugin CVE-2023-52121 (Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. Nitr ...) NOT-FOR-US: WordPress plugin CVE-2023-52120 (Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-52119 (Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Eng ...) NOT-FOR-US: WordPress plugin CVE-2023-51678 (Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder ...) NOT-FOR-US: WordPress plugin CVE-2023-51673 (Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish P ...) NOT-FOR-US: WordPress plugin CVE-2023-51668 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Imag ...) NOT-FOR-US: WordPress plugin CVE-2023-51539 (Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apol ...) NOT-FOR-US: WordPress plugin CVE-2023-51538 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...) NOT-FOR-US: WordPress plugin CVE-2023-51535 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...) NOT-FOR-US: WordPress plugin CVE-2023-50991 (Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1 ...) NOT-FOR-US: Tenda CVE-2023-50027 (SQL Injection vulnerability in Buy Addons baproductzoommagnifier modul ...) NOT-FOR-US: PrestaShop module CVE-2023-47560 (An OS command injection vulnerability has been reported to affect QuMa ...) NOT-FOR-US: QNAP CVE-2023-47559 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2023-47219 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) NOT-FOR-US: QNAP CVE-2023-45044 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45043 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45042 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45041 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45040 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-45039 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-41289 (An OS command injection vulnerability has been reported to affect Qcal ...) NOT-FOR-US: QNAP CVE-2023-41288 (An OS command injection vulnerability has been reported to affect Vide ...) NOT-FOR-US: QNAP CVE-2023-41287 (A SQL injection vulnerability has been reported to affect Video Statio ...) NOT-FOR-US: QNAP CVE-2023-39296 (A prototype pollution vulnerability has been reported to affect severa ...) NOT-FOR-US: QNAP CVE-2023-39294 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2024-22088 (Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in ...) NOT-FOR-US: Lotos WebServer CVE-2024-22087 (route in main.c in Pico HTTP Server in C through f3b69a6 has an sprint ...) NOT-FOR-US: Pico HTTP Server CVE-2024-22086 (handle_request in http.c in cherry through 4b877df has an sscanf stack ...) NOT-FOR-US: cherry HTTP server CVE-2024-22075 (Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Inject ...) NOT-FOR-US: Firefly CVE-2024-22050 (Path traversal in the static file service in Iodine less than 0.7.33 a ...) NOT-FOR-US: Iodine (not the same as src:iodine) CVE-2024-22049 (httparty before 0.21.0 is vulnerable to an assumed-immutable web param ...) {DLA-3716-1} - ruby-httparty 0.21.0-1 NOTE: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 NOTE: https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e (v0.21.0) CVE-2024-22048 (govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to ...) NOT-FOR-US: govuk_tech_docs ruby gem CVE-2024-21636 (view_component is a framework for building reusable, testable, and enc ...) NOT-FOR-US: view_component framework CVE-2024-0241 (encoded_id-rails versions before 1.0.0.beta2 are affected by an uncont ...) NOT-FOR-US: encoded_id-rails CVE-2023-6493 (The Depicter Slider \u2013 Responsive Image Slider, Video Slider & Pos ...) NOT-FOR-US: WordPress plugin CVE-2023-52323 (PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakag ...) - pycryptodome 3.20.0+dfsg-1 (bug #1060059) [bookworm] - pycryptodome (Minor issue) [bullseye] - pycryptodome (Minor issue) [buster] - pycryptodome (Minor issue) NOTE: https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd (v3.19.1) CVE-2023-52184 (Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Jo ...) NOT-FOR-US: WordPress plugin CVE-2023-52178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-52150 (Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dyna ...) NOT-FOR-US: WordPress plugin CVE-2023-51502 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-51277 (nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-ta ...) NOT-FOR-US: nbviewer-app (aka Jupyter Notebook Viewer) CVE-2023-41782 (There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacke ...) NOT-FOR-US: ZTE CVE-2024-22051 (CommonMarker versions prior to 0.23.4 are at risk of an integer overfl ...) - ruby-commonmarker 0.23.4-1 [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x NOTE: https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf NOTE: https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 (v0.23.4) NOTE: This is a specific CVE assignment for the issue covered in CVE-2022-24724 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256887 CVE-2024-22047 (A race condition exists in Audited 4.0.0 to 5.3.3 that can result in a ...) NOT-FOR-US: audited ruby gem CVE-2024-21625 (SideQuest is a place to get virtual reality applications for Oculus Qu ...) NOT-FOR-US: SideQuest CVE-2023-7044 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) NOT-FOR-US: WordPress plugin CVE-2023-6992 (Cloudflare version of zlib library was found to be vulnerable to memor ...) NOT-FOR-US: Cloudflare specific modification of zlib library CVE-2023-6551 (As a simple library, class.upload.php does not perform an in-depth che ...) NOT-FOR-US: class.upload.php library CVE-2023-6270 (A flaw was found in the ATA over Ethernet (AoE) driver in the Linux ke ...) {DSA-5681-1} - linux [bookworm] - linux 6.1.82-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-22236 NOTE: https://git.kernel.org/linus/f98364e926626c678fb4b9004b75cacf92ff0662 (6.9-rc1) CVE-2023-5619 REJECTED CVE-2023-5442 REJECTED CVE-2023-51812 (Tenda AX3 v16.03.12.11 was discovered to contain a remote code executi ...) NOT-FOR-US: Tenda CVE-2023-51154 (Jizhicms v2.5 was discovered to contain an arbitrary file download vul ...) NOT-FOR-US: Jizhicms CVE-2023-50867 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50866 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50865 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50864 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50863 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50862 (Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Inje ...) NOT-FOR-US: Travel Website CVE-2023-50760 (Online Notice Board System v1.0 is vulnerable to an Insecure File Uplo ...) NOT-FOR-US: Online Notice Board System CVE-2023-50753 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Notice Board System CVE-2023-50752 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Notice Board System CVE-2023-50743 (Online Notice Board System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Notice Board System CVE-2023-49666 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49665 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49658 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49639 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49633 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49625 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49624 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-49622 (Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL In ...) NOT-FOR-US: Billing Software CVE-2023-3726 (OCSInventory allow stored email template with special characters that ...) - ocsinventory-server (unimportant; bug #1060863) NOTE: https://fluidattacks.com/advisories/creed/ NOTE: https://github.com/OCSInventory-NG/OCSInventory-ocsreports/pull/1545 NOTE: https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/78b5545b0a2e3e484605d9364424d6b924897aaf (2.12.1) NOTE: https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/91780aefb904c9eac114e99246b3bef0d4e7d83c (2.12.1) NOTE: Only supported behind an authenticated HTTP zone CVE-2024-21634 (Amazon Ion is a Java implementation of the Ion data notation. Prior to ...) NOT-FOR-US: Amazon Ion CVE-2024-20809 (Improper access control vulnerability in Nearby device scanning prior ...) NOT-FOR-US: Samsung CVE-2024-20808 (Improper access control vulnerability in Nearby device scanning prior ...) NOT-FOR-US: Samsung CVE-2024-20807 (Implicit intent hijacking vulnerability in Samsung Email prior to vers ...) NOT-FOR-US: Samsung CVE-2024-20806 (Improper access control in Notification service prior to SMR Jan-2024 ...) NOT-FOR-US: Samsung CVE-2024-20805 (Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR ...) NOT-FOR-US: Samsung CVE-2024-20804 (Path traversal vulnerability in FileUriConverter of MyFiles prior to S ...) NOT-FOR-US: Samsung CVE-2024-20803 (Improper authentication vulnerability in Bluetooth pairing process pri ...) NOT-FOR-US: Samsung CVE-2024-20802 (Improper access control vulnerability in Samsung DeX prior to SMR Jan- ...) NOT-FOR-US: Samsung CVE-2023-6738 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-6733 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6540 (A vulnerability was reported in the Lenovo Browser Mobile and Lenovo B ...) NOT-FOR-US: Lenovo CVE-2023-6498 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-6338 (Uncontrolled search path vulnerabilities were reported in the Lenovo U ...) NOT-FOR-US: Lenovo CVE-2023-5138 (Glitch detection is not enabled by default for the CortexM33 core in S ...) NOT-FOR-US: Silabs CVE-2023-52141 REJECTED CVE-2023-52140 REJECTED CVE-2023-50630 (Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 al ...) NOT-FOR-US: xiweicheng TMS CVE-2023-50256 (Froxlor is open source server administration software. Prior to versio ...) - froxlor (bug #581792) CVE-2023-50082 (Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Con ...) NOT-FOR-US: pbootcms CVE-2023-49442 (Deserialization of Untrusted Data in jeecgFormDemoController in JEECG ...) NOT-FOR-US: JEECG CVE-2023-41784 (Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro) NOT-FOR-US: ZTE CVE-2024-0225 (Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allo ...) {DSA-5595-1} - chromium 120.0.6099.199-1 [buster] - chromium (see DSA 5046) CVE-2024-0224 (Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 al ...) {DSA-5595-1} - chromium 120.0.6099.199-1 [buster] - chromium (see DSA 5046) CVE-2024-0223 (Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 ...) {DSA-5595-1} - chromium 120.0.6099.199-1 [buster] - chromium (see DSA 5046) CVE-2024-0222 (Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allow ...) {DSA-5595-1} - chromium 120.0.6099.199-1 [buster] - chromium (see DSA 5046) CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scripting ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...) NOT-FOR-US: PeterO.Cbor CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) NOT-FOR-US: Newtonsoft.Json CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) - apktool 2.7.0+dfsg-7 (bug #1060013) [bookworm] - apktool 2.7.0+dfsg-6+deb12u1 [bullseye] - apktool (Minor issue) [buster] - apktool (Minor issue) NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w NOTE: https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) NOT-FOR-US: Vapor CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) NOT-FOR-US: Craft CMS CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) - packagekit (bug #1060016) [bookworm] - packagekit (Minor issue) [bullseye] - packagekit (Minor issue) [buster] - packagekit (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256624 NOTE: Reducing impact via: https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 (v1.2.7) CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) NOT-FOR-US: WordPress plugin CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) NOT-FOR-US: WordPress plugin CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...) NOT-FOR-US: Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...) NOT-FOR-US: Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...) NOT-FOR-US: Genie Company Aladdin Connect Mobile Application CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...) NOT-FOR-US: PaddlePaddle CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...) NOT-FOR-US: PaddlePaddle CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...) NOT-FOR-US: PaddlePaddle CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...) NOT-FOR-US: PaddlePaddle CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...) NOT-FOR-US: PaddlePaddle CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...) NOT-FOR-US: PaddlePaddle CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a ...) NOT-FOR-US: PaddlePaddle CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...) NOT-FOR-US: PaddlePaddle CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a ...) NOT-FOR-US: PaddlePaddle CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a ...) NOT-FOR-US: PaddlePaddle CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...) NOT-FOR-US: PaddlePaddle CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...) NOT-FOR-US: PaddlePaddle CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...) NOT-FOR-US: PaddlePaddle CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...) NOT-FOR-US: GL.iNet devices CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...) NOT-FOR-US: Laf CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...) NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7 CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...) NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7 CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...) NOT-FOR-US: ureport CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...) - gpac (bug #1060043) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2662 NOTE: https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...) NOT-FOR-US: CubeFS CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) NOT-FOR-US: CubeFS CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system. Prior to ve ...) NOT-FOR-US: CubeFS CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) NOT-FOR-US: CubeFS CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A security ...) NOT-FOR-US: CubeFS CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...) NOT-FOR-US: Tamaki_hamanoki Line CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...) NOT-FOR-US: couch-auth Node.js module CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...) NOT-FOR-US: PaddlePaddle CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...) NOT-FOR-US: PaddlePaddle CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw can cause ...) NOT-FOR-US: PaddlePaddle CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This fl ...) NOT-FOR-US: PaddlePaddle CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can ca ...) NOT-FOR-US: PaddlePaddle CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows ...) NOT-FOR-US: Automatic Systems SOC FL9600 FastLine v.lego_T04E00 CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E ...) NOT-FOR-US: Automatic-Systems SOC FL9600 FastLine lego_T04E00 CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) NOT-FOR-US: Apache InLong CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache InLong CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...) NOT-FOR-US: omniauth-microsoft_graph CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a ...) NOT-FOR-US: Rust EVM CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...) NOT-FOR-US: PrestaShop CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...) NOT-FOR-US: PrestaShop CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) NOT-FOR-US: OTCLient CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) - wireshark 4.2.2-1 (bug #1059925) [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19557 CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...) - wireshark 4.2.2-1 (bug #1059925) [bookworm] - wireshark (Zigbee TLV dissector introduced in 4.2) [bullseye] - wireshark (Zigbee TLV dissector introduced in 4.2) [buster] - wireshark (Zigbee TLV dissector introduced in 4.2) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-04.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19504 CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...) - wireshark 4.2.2-1 (bug #1059925) [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19501 NOTE: The bug references two crashes, this is for the one labelled "BUG log 2", NOTE: the more severe "Bug log 1" only affected unreleased versions CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...) {DLA-3746-1} - wireshark 4.2.2-1 (bug #1059925) [bookworm] - wireshark (Minor issue) [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19496 CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...) - wireshark 4.2.2-1 (bug #1059925) [bookworm] - wireshark (Vulnerable code introduced later) [bullseye] - wireshark (Vulnerable code introduced later) [buster] - wireshark (Vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19502 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/80f9a28921acfa1fb9fe29a25468451faad2b6f2 (v4.2.0rc0) CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...) NOT-FOR-US: Magic-Api CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...) NOT-FOR-US: spider-flow CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) NOT-FOR-US: WordPress plugin CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) NOT-FOR-US: WordPress plugin CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) NOT-FOR-US: WordPress plugin CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise) NOT-FOR-US: WordPress plugin CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers wh ...) NOT-FOR-US: GL.iNet devices CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotati ...) NOT-FOR-US: HCL CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic ...) NOT-FOR-US: HCL CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error handling vulner ...) NOT-FOR-US: HCL CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure vulnera ...) NOT-FOR-US: HCL CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability wh ...) NOT-FOR-US: HCL CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control (Unauthen ...) NOT-FOR-US: HCL CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Contr ...) NOT-FOR-US: HCL CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Referen ...) NOT-FOR-US: HCL CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...) NOT-FOR-US: HCL CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...) NOT-FOR-US: Open5GS CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) NOT-FOR-US: Open5GS CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) NOT-FOR-US: Google Pixel Watch CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - yasm (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/252 CVE-2023-49557 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - yasm (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/253 CVE-2023-49556 (Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote a ...) - yasm (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/250 CVE-2023-49555 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - yasm (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/248 CVE-2023-49554 (Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote at ...) - yasm (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/yasm/yasm/issues/249 CVE-2023-49553 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) NOT-FOR-US: Cesenta MJS CVE-2023-49552 (An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker ...) NOT-FOR-US: Cesenta MJS CVE-2023-49551 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) NOT-FOR-US: Cesenta MJS CVE-2023-49550 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) NOT-FOR-US: Cesenta MJS CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) NOT-FOR-US: Cesenta MJS CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) NOT-FOR-US: Android CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...) NOT-FOR-US: fuwushe.org iFair CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...) NOT-FOR-US: SpringBlade CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...) NOT-FOR-US: Plotly.js CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in ...) NOT-FOR-US: Floorsight Customer Portal CVE-2023-45892 (An issue discovered in the Order and Invoice pages in Floorsight Insig ...) NOT-FOR-US: Floorsight Insights CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated file uplo ...) NOT-FOR-US: HCL CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal vulnerability whic ...) NOT-FOR-US: HCL CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file rea ...) NOT-FOR-US: HCL CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers ...) NOT-FOR-US: A-WORLD OIRASE BEER_waiting Line CVE-2023-42358 (An issue was discovered in O-RAN Software Community ric-plt-e2mgr in t ...) NOT-FOR-US: ric-plt-e2mgr in G-Release environment CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due ...) NOT-FOR-US: ZTE CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due ...) NOT-FOR-US: ZTE CVE-2023-41779 (There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI ...) NOT-FOR-US: ZTE CVE-2023-41776 (There is a local privilege escalation vulnerability of ZTE's ZXCLOUD i ...) NOT-FOR-US: ZTE CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of the Linu ...) - linux 6.6.11-1 [bookworm] - linux 6.1.69-1 [bullseye] - linux 5.10.205-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255653 CVE-2024-0192 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0191 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0190 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0189 (A vulnerability has been found in RRJ Nueva Ecija Engineer Online Port ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0188 (A vulnerability, which was classified as problematic, was found in RRJ ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2023-6752 REJECTED CVE-2023-6436 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ekol Informatics Website Template CVE-2023-51652 (OWASP AntiSamy .NET is a library for performing cleansing of HTML comi ...) NOT-FOR-US: OWASP AntiSamy .NET library CVE-2023-50711 (vmm-sys-util is a collection of modules that provides helpers and util ...) - rust-vmm-sys-util 0.12.1-1 (bug #1060860) NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0002.html NOTE: https://github.com/advisories/GHSA-875g-mfp6-g7f9 NOTE: https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167 (v0.12.1) CVE-2023-50333 (Mattermost fails to update the permissions of the current session for ...) - mattermost-server (bug #823556) CVE-2023-4280 (An unvalidated input in Silicon Labs TrustZone implementation in v4.3. ...) NOT-FOR-US: Silicon Labs TrustZone CVE-2023-49794 (KernelSU is a Kernel-based root solution for Android devices. In versi ...) NOT-FOR-US: KernelSU for Android CVE-2023-48732 (Mattermost fails to scope the WebSocket response around notified users ...) - mattermost-server (bug #823556) CVE-2023-48721 REJECTED CVE-2023-48419 (An attacker in the wifi vicinity of a target Google Home can spy on th ...) NOT-FOR-US: Google Home CVE-2023-47858 (Mattermost fails to properly verify the permissions needed for viewing ...) - mattermost-server (bug #823556) CVE-2018-25097 (A vulnerability, which was classified as problematic, was found in Acu ...) NOT-FOR-US: Acumos Design Studio CVE-2017-20188 (A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and class ...) NOT-FOR-US: Zimbra CVE-2015-10128 (A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-6693 (A stack based buffer overflow was found in the virtio-net device of QE ...) - qemu 1:8.2.0+ds-3 [bookworm] - qemu 1:7.2+dfsg-7+deb12u4 [bullseye] - qemu (Minor issue) [buster] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254580 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/e22f0603fb2fc274920a9e3a1d1306260b9a4cc4 (v5.1.0-rc0) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg00045.html CVE-2024-0186 (A vulnerability classified as problematic has been found in HuiRan Hos ...) NOT-FOR-US: HuiRan Host Reseller System CVE-2024-0185 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0184 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0183 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2024-0182 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-49142 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-49135 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-48360 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-47857 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-47216 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-43514 (Memory corruption while invoking IOCTLs calls from user space for inte ...) NOT-FOR-US: Qualcomm CVE-2023-43512 (Transient DOS while parsing GATT service data when the total amount of ...) NOT-FOR-US: Qualcomm CVE-2023-43511 (Transient DOS while parsing IPv6 extension header when WLAN firmware r ...) NOT-FOR-US: Qualcomm CVE-2023-33120 (Memory corruption in Audio when memory map command is executed consecu ...) NOT-FOR-US: Qualcomm CVE-2023-33118 (Memory corruption while processing Listen Sound Model client payload b ...) NOT-FOR-US: Qualcomm CVE-2023-33117 (Memory corruption when HLOS allocates the response payload buffer to c ...) NOT-FOR-US: Qualcomm CVE-2023-33116 (Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver ...) NOT-FOR-US: Qualcomm CVE-2023-33114 (Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_ ...) NOT-FOR-US: Qualcomm CVE-2023-33113 (Memory corruption when resource manager sends the host kernel a reply ...) NOT-FOR-US: Qualcomm CVE-2023-33112 (Transient DOS when WLAN firmware receives "reassoc response" frame inc ...) NOT-FOR-US: Qualcomm CVE-2023-33110 (The session index variable in PCM host voice audio driver initialized ...) NOT-FOR-US: Qualcomm CVE-2023-33109 (Transient DOS while processing a WMI P2P listen start command (0xD00A) ...) NOT-FOR-US: Qualcomm CVE-2023-33108 (Memory corruption in Graphics Driver when destroying a context with KG ...) NOT-FOR-US: Qualcomm CVE-2023-33094 (Memory corruption while running VK synchronization with KASAN enabled.) NOT-FOR-US: Qualcomm CVE-2023-33085 (Memory corruption in wearables while processing data from AON.) NOT-FOR-US: Qualcomm CVE-2023-33062 (Transient DOS in WLAN Firmware while parsing a BTM request.) NOT-FOR-US: Qualcomm CVE-2023-33040 (Transient DOS in Data Modem during DTLS handshake.) NOT-FOR-US: Qualcomm CVE-2023-33038 (Memory corruption while receiving a message in Bus Socket Transport Se ...) NOT-FOR-US: Qualcomm CVE-2023-33037 (Cryptographic issue in Automotive while unwrapping the key secs2d and ...) NOT-FOR-US: Qualcomm CVE-2023-33036 (Permanent DOS in Hypervisor while untrusted VM without PSCI support ma ...) NOT-FOR-US: Qualcomm CVE-2023-33033 (Memory corruption in Audio during playback with speaker protection.) NOT-FOR-US: Qualcomm CVE-2023-33032 (Memory corruption in TZ Secure OS while requesting a memory allocation ...) NOT-FOR-US: Qualcomm CVE-2023-33030 (Memory corruption in HLOS while running playready use-case.) NOT-FOR-US: Qualcomm CVE-2023-33025 (Memory corruption in Data Modem when a non-standard SDP body, during a ...) NOT-FOR-US: Qualcomm CVE-2023-33014 (Information disclosure in Core services while processing a Diag comman ...) NOT-FOR-US: Qualcomm CVE-2023-32891 (In bluetooth service, there is a possible out of bounds write due to i ...) NOT-FOR-US: Mediatek CVE-2023-32890 (In modem EMM, there is a possible system crash due to improper input v ...) NOT-FOR-US: Mediatek CVE-2023-32889 (In Modem IMS Call UA, there is a possible out of bounds write due to a ...) NOT-FOR-US: Mediatek CVE-2023-32888 (In Modem IMS Call UA, there is a possible out of bounds write due to a ...) NOT-FOR-US: Mediatek CVE-2023-32887 (In Modem IMS Stack, there is a possible system crash due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-32886 (In Modem IMS SMS UA, there is a possible out of bounds write due to a ...) NOT-FOR-US: Mediatek CVE-2023-32885 (In display drm, there is a possible memory corruption due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-32884 (In netdagent, there is a possible information disclosure due to an inc ...) NOT-FOR-US: Mediatek CVE-2023-32883 (In Engineer Mode, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Mediatek CVE-2023-32882 (In battery, there is a possible memory corruption due to a missing bou ...) NOT-FOR-US: Mediatek CVE-2023-32881 (In battery, there is a possible information disclosure due to an integ ...) NOT-FOR-US: Mediatek CVE-2023-32880 (In battery, there is a possible information disclosure due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-32879 (In battery, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Mediatek CVE-2023-32878 (In battery, there is a possible information disclosure due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-32877 (In battery, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Mediatek CVE-2023-32876 (In keyInstall, there is a possible information disclosure due to a mis ...) NOT-FOR-US: Mediatek CVE-2023-32875 (In keyInstall, there is a possible information disclosure due to a mis ...) NOT-FOR-US: Mediatek CVE-2023-32874 (In Modem IMS Stack, there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2023-32872 (In keyInstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-32831 (In wlan driver, there is a possible PIN crack due to use of insufficie ...) NOT-FOR-US: Mediatek CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...) NOT-FOR-US: RRJ Nueva Ecija Engineer Online Portal CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-6421 (The Download Manager WordPress plugin before 3.2.83 does not protect f ...) NOT-FOR-US: WordPress plugin CVE-2023-6271 (The Backup Migration WordPress plugin before 1.3.6 stores in-progress ...) NOT-FOR-US: WordPress plugin CVE-2023-6113 (The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro ...) NOT-FOR-US: WordPress plugin CVE-2023-6064 (The PayHere Payment Gateway WordPress plugin before 2.2.12 automatical ...) NOT-FOR-US: WordPress plugin CVE-2023-6037 (The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-6000 (The Popup Builder WordPress plugin before 4.2.3 does not prevent simpl ...) NOT-FOR-US: WordPress plugin CVE-2023-5877 (The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorizatio ...) NOT-FOR-US: WordPress plugin CVE-2023-50096 (STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code ...) NOT-FOR-US: STMicroelectronics STSAFE-A1xx middleware CVE-2023-50094 (reNgine through 2.0.2 allows OS Command Injection if an adversary has ...) NOT-FOR-US: reNgine CVE-2024-21732 (FlyCms through abbaa5a allows XSS via the permission management featur ...) NOT-FOR-US: FlyCms CVE-2023-7193 (A vulnerability was found in MTab Bookmark up to 1.2.6 and classified ...) NOT-FOR-US: MTab Bookmark CVE-2023-7191 (A vulnerability, which was classified as critical, was found in S-CMS ...) NOT-FOR-US: S-CMS CVE-2023-7190 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: S-CMS CVE-2023-7189 (A vulnerability classified as critical was found in S-CMS up to 2.0_bu ...) NOT-FOR-US: S-CMS CVE-2023-7188 (A vulnerability classified as critical has been found in Shipping 100 ...) NOT-FOR-US: Shipping 100 Fahuo100 CVE-2023-7187 (A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It ...) NOT-FOR-US: Totolink CVE-2023-7186 (A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. I ...) NOT-FOR-US: 7-card Fakabao CVE-2023-7185 (A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. I ...) NOT-FOR-US: 7-card Fakabao CVE-2023-7184 (A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 an ...) NOT-FOR-US: 7-card Fakabao CVE-2023-7183 (A vulnerability has been found in 7-card Fakabao up to 1.0_build202308 ...) NOT-FOR-US: 7-card Fakabao CVE-2023-7130 (A vulnerability has been found in code-projects College Notes Gallery ...) NOT-FOR-US: code-projects College Notes Gallery CVE-2023-6094 (A vulnerability has been identified in OnCell G3150A-LTE Series firmwa ...) NOT-FOR-US: OnCell G3150A-LTE Series firmware CVE-2023-6093 (A clickjacking vulnerability has been identified in OnCell G3150A-LTE ...) NOT-FOR-US: OnCell G3150A-LTE Series firmware CVE-2023-52185 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-52182 (Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream ...) NOT-FOR-US: WordPress plugin CVE-2023-52181 (Deserialization of Untrusted Data vulnerability in Presslabs Theme per ...) NOT-FOR-US: WordPress plugin CVE-2023-52180 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52134 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52132 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-52131 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-51547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-51503 (Authorization Bypass Through User-Controlled Key vulnerability in Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-51469 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-51423 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49777 (Deserialization of Untrusted Data vulnerability in YITH YITH WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2023-39157 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-52286 (Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attack ...) NOT-FOR-US: Tencent tdsqlpcloud CVE-2023-52284 (Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or ...) NOT-FOR-US: wasm-micro-runtime CVE-2023-52277 (Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of se ...) NOT-FOR-US: Royal RoyalTSX CVE-2023-52275 (Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden ...) NOT-FOR-US: Gallery3d on Tecno Camon X CA7 devices CVE-2023-52269 (MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message ...) NOT-FOR-US: MDaemon SecurityGateway CVE-2023-52267 (ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-rea ...) NOT-FOR-US: ehttp CVE-2023-52266 (ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after ...) NOT-FOR-US: ehttp CVE-2023-52265 (IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATC ...) NOT-FOR-US: IDURAR (aka idurar-erp-crm) CVE-2023-52264 (The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees al ...) NOT-FOR-US: beesblog (aka Bees Blog) component for thirty bees CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5 ...) NOT-FOR-US: CETIC-6LBR (aka 6lbr) CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain security ...) - sympa 6.2.66~dfsg-1 [bullseye] - sympa (Minor issue) [buster] - sympa (Minor issue) NOTE: https://www.sympa.community/security/2021-001.html NOTE: https://github.com/sympa-community/sympa/issues/1091 CVE-2023-7192 (A memory leak problem was found in ctnetlink_create_conntrack in net/n ...) - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/ac4893980bbe79ce383daf9a0885666a30fe4c83 (6.3-rc1) CVE-2023-7181 (A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified ...) NOT-FOR-US: Muyun DedeBIZ CVE-2023-7180 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and classi ...) NOT-FOR-US: Tongda OA CVE-2023-7179 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7178 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7177 (A vulnerability classified as critical was found in Campcodes Online C ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7176 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7175 (A vulnerability was found in Campcodes Online College Library System 1 ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7173 (A vulnerability, which was classified as problematic, was found in PHP ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2023-7172 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2023-6998 (Improper privilege management vulnerability in CoolKit Technology eWeL ...) NOT-FOR-US: CoolKit Technology eWeLink on Android and iOS CVE-2023-52263 (Brave Browser before 1.59.40 does not properly restrict the schema for ...) - brave-browser (bug #864795) CVE-2023-52262 (outdoorbits little-backup-box (aka Little Backup Box) before f39f91c a ...) NOT-FOR-US: outdoorbits little-backup-box (aka Little Backup Box) CVE-2023-51136 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-51135 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-51133 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-50651 (TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-50589 (Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL i ...) NOT-FOR-US: Grupo Embras GEOSIAP ERP CVE-2023-50578 (Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Mingsoft MCMS CVE-2023-50550 (layui up to v2.74 was discovered to contain a cross-site scripting (XS ...) NOT-FOR-US: layui CVE-2023-50110 (TestLink through 1.9.20 allows type juggling for authentication bypass ...) NOT-FOR-US: TestLink CVE-2023-49299 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...) NOT-FOR-US: Apache DolphinScheduler CVE-2018-25096 (A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/ ...) NOT-FOR-US: MdAlAmin-aol Own Health Record CVE-2023-52257 (LogoBee 0.2 allows updates.php?id= XSS.) NOT-FOR-US: LogoBee CVE-2023-52252 (Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua ...) NOT-FOR-US: Unified Remote CVE-2023-52240 (The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 f ...) NOT-FOR-US: Kantega SAML SSO OIDC Kerberos Single Sign-on apps CVE-2023-50559 (An issue was discovered in XiangShan v2.1, allows local attackers to o ...) NOT-FOR-US: XiangShan CVE-2023-50071 (Sourcecodester Customer Support System 1.0 has multiple SQL injection ...) NOT-FOR-US: Sourcecodester Customer Support System CVE-2023-50070 (Sourcecodester Customer Support System 1.0 has multiple SQL injection ...) NOT-FOR-US: Sourcecodester Customer Support System CVE-2023-50069 (WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to s ...) NOT-FOR-US: WireMock CVE-2023-50035 (PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users l ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2023-41544 (SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remot ...) NOT-FOR-US: jeecg-boot CVE-2023-41543 (SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attack ...) NOT-FOR-US: jeecg-boot CVE-2023-41542 (SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote ...) NOT-FOR-US: jeecg-boot CVE-2023-38023 (An issue was discovered in SCONE Confidential Computing Platform befor ...) NOT-FOR-US: SCONE Confidential Computing Platform CVE-2023-38022 (An issue was discovered in Fortanix EnclaveOS Confidential Computing M ...) NOT-FOR-US: Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform CVE-2023-38021 (An issue was discovered in Fortanix EnclaveOS Confidential Computing M ...) NOT-FOR-US: Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform CVE-2023-7171 (A vulnerability was found in Novel-Plus up to 4.2.0. It has been decla ...) NOT-FOR-US: Novel-Plus CVE-2023-7166 (A vulnerability classified as problematic has been found in Novel-Plus ...) NOT-FOR-US: Novel-Plus CVE-2023-7114 (Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths ...) - mattermost-server (bug #823556) CVE-2023-7113 (Mattermost version 8.1.6 and earlier fails to sanitize channel mention ...) - mattermost-server (bug #823556) CVE-2023-7080 (The V8 inspector intentionally allows arbitrary code execution within ...) NOT-FOR-US: Cloudflare Workers CVE-2023-7079 (Sending specially crafted HTTP requests and inspector messages to Wran ...) NOT-FOR-US: Cloudflare Workers CVE-2023-7078 (Sending specially crafted HTTP requests to Miniflare's server could re ...) NOT-FOR-US: Cloudflare Workers CVE-2023-52139 (Misskey is an open source, decentralized social media platform. Third- ...) NOT-FOR-US: Misskey CVE-2023-52137 (The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/ ...) NOT-FOR-US: verify-changed-files tj-actions Github actions CVE-2023-52135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-51688 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51687 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51676 (Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addon ...) NOT-FOR-US: WordPress plugin CVE-2023-51675 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...) NOT-FOR-US: WordPress plugin CVE-2023-51663 (Hail is an open-source, general-purpose, Python-based data analysis to ...) NOT-FOR-US: Hail CVE-2023-51545 (Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data v ...) NOT-FOR-US: WordPress plugin CVE-2023-51541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51527 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-51517 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-51505 (Deserialization of Untrusted Data vulnerability in realmag777 Active P ...) NOT-FOR-US: WordPress plugin CVE-2023-51475 (Unrestricted Upload of File with Dangerous Type vulnerability in IOSS ...) NOT-FOR-US: WordPress plugin CVE-2023-51473 (Unrestricted Upload of File with Dangerous Type vulnerability in Pixel ...) NOT-FOR-US: WordPress plugin CVE-2023-51470 (Deserialization of Untrusted Data vulnerability in Jacques Malgrange R ...) NOT-FOR-US: WordPress plugin CVE-2023-51468 (Unrestricted Upload of File with Dangerous Type vulnerability in Jacqu ...) NOT-FOR-US: WordPress plugin CVE-2023-51422 (Deserialization of Untrusted Data vulnerability in Saleswonder Team We ...) NOT-FOR-US: WordPress plugin CVE-2023-51421 (Unrestricted Upload of File with Dangerous Type vulnerability in Soft8 ...) NOT-FOR-US: WordPress plugin CVE-2023-51420 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-51419 (Unrestricted Upload of File with Dangerous Type vulnerability in Berth ...) NOT-FOR-US: WordPress plugin CVE-2023-51417 (Unrestricted Upload of File with Dangerous Type vulnerability in Joris ...) NOT-FOR-US: WordPress plugin CVE-2023-51414 (Deserialization of Untrusted Data vulnerability in EnvialoSimple Env\x ...) NOT-FOR-US: WordPress plugin CVE-2023-51412 (Unrestricted Upload of File with Dangerous Type vulnerability in Piotn ...) NOT-FOR-US: WordPress plugin CVE-2023-51411 (Unrestricted Upload of File with Dangerous Type vulnerability in Shabt ...) NOT-FOR-US: WordPress plugin CVE-2023-51410 (Unrestricted Upload of File with Dangerous Type vulnerability in WPVib ...) NOT-FOR-US: WordPress plugin CVE-2023-51402 (Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force U ...) NOT-FOR-US: WordPress plugin CVE-2023-51399 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51396 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51378 (Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Bl ...) NOT-FOR-US: WordPress plugin CVE-2023-51374 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51373 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51372 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-51358 (Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Bloc ...) NOT-FOR-US: WordPress plugin CVE-2023-51354 (Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appoin ...) NOT-FOR-US: WordPress plugin CVE-2023-50902 (Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New Use ...) NOT-FOR-US: WordPress plugin CVE-2023-50901 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50896 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50893 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50892 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50891 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50881 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50879 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50878 (Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore AP ...) NOT-FOR-US: WordPress plugin CVE-2023-50837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 ...) - jline3 (bug #1059726) [bookworm] - jline3 (Minor issue) [bullseye] - jline3 (Minor issue) - jline2 (Only affects 3.x) - jline (Only affects 3.x) NOTE: https://github.com/jline/jline3/issues/909 NOTE: https://github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb (jline-parent-3.25.0) CVE-2023-50571 (easy-rules-mvel v4.1.0 was discovered to contain a remote code executi ...) NOT-FOR-US: easy-rules-mvel CVE-2023-50570 (An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 le ...) NOT-FOR-US: IPAddress Java library CVE-2023-4675 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: GM Information Technologies MDO CVE-2023-4674 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Yaztek Software Technologies and Computer Systems E-Commerce Software CVE-2023-4541 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ween Software Admin Panel CVE-2023-4468 (A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. I ...) NOT-FOR-US: Poly Trio 8800 and Trio C60 CVE-2023-4467 (A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified ...) NOT-FOR-US: Poly Trio 8800 CVE-2023-4466 (A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and ...) NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60 CVE-2023-4465 (A vulnerability, which was classified as problematic, was found in Pol ...) NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60 CVE-2023-4464 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60 CVE-2023-4463 (A vulnerability classified as problematic was found in Poly CCX 400, C ...) NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60 CVE-2023-4462 (A vulnerability classified as problematic has been found in Poly Trio ...) NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60 CVE-2023-49830 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-47840 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-47804 (Apache OpenOffice documents can contain links that call internal macro ...) NOT-FOR-US: Apache OpenOffice CVE-2023-46623 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-45751 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-44089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-44088 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Pandora FMS CVE-2023-41815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-40606 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-32517 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) NOT-FOR-US: WordPress plugin CVE-2023-32101 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) NOT-FOR-US: WordPress plugin CVE-2023-32095 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-7161 (A vulnerability classified as critical has been found in Netentsec NS- ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-7160 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-7159 (A vulnerability was found in gopeak MasterLab up to 3.3.10. It has bee ...) NOT-FOR-US: gopeak MasterLab CVE-2023-7158 (A vulnerability was found in MicroPython up to 1.21.0. It has been cla ...) NOT-FOR-US: MicroPython CVE-2023-7157 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System CVE-2023-7156 (A vulnerability has been found in Campcodes Online College Library Sys ...) NOT-FOR-US: Campcodes Online College Library System CVE-2023-7155 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System CVE-2023-7152 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: MicroPython CVE-2023-7150 (A vulnerability classified as critical was found in Campcodes Chic Bea ...) NOT-FOR-US: Chic Beauty Salon CVE-2023-7149 (A vulnerability was found in code-projects QR Code Generator 1.0. It h ...) NOT-FOR-US: code-projects QR Code Generator CVE-2023-7148 (A vulnerability has been found in ShifuML shifu 0.12.0 and classified ...) NOT-FOR-US: ShifuML shifu CVE-2023-7147 (A vulnerability, which was classified as critical, was found in gopeak ...) NOT-FOR-US: gopeak MasterLab CVE-2023-7146 (A vulnerability, which was classified as critical, has been found in g ...) NOT-FOR-US: gopeak MasterLab CVE-2023-7145 (A vulnerability classified as critical was found in gopeak MasterLab u ...) NOT-FOR-US: gopeak MasterLab CVE-2023-7144 (A vulnerability classified as critical has been found in gopeak Master ...) NOT-FOR-US: gopeak MasterLab CVE-2023-7143 (A vulnerability was found in code-projects Client Details System 1.0. ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7142 (A vulnerability was found in code-projects Client Details System 1.0. ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7141 (A vulnerability was found in code-projects Client Details System 1.0. ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7140 (A vulnerability was found in code-projects Client Details System 1.0 a ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7139 (A vulnerability has been found in code-projects Client Details System ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7138 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7137 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Client Details System CVE-2023-7136 (A vulnerability classified as problematic was found in code-projects R ...) NOT-FOR-US: code-projects Record Management System CVE-2023-7135 (A vulnerability classified as problematic has been found in code-proje ...) NOT-FOR-US: code-projects Record Management System CVE-2023-6939 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-52174 (XnView Classic before 2.51.3 on Windows has a Write Access Violation a ...) NOT-FOR-US: XnView CVE-2023-52173 (XnView Classic before 2.51.3 on Windows has a Write Access Violation a ...) NOT-FOR-US: XnView CVE-2023-52152 (mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read ...) NOT-FOR-US: mUPNP CVE-2023-52085 (Winter is a free, open-source content management system. Users with ac ...) NOT-FOR-US: Winter CMS CVE-2023-52084 (Winter is a free, open-source content management system. Prior to 1.2. ...) NOT-FOR-US: Winter CMS CVE-2023-52083 (Winter is a free, open-source content management system. Prior to 1.2 ...) NOT-FOR-US: Winter CMS CVE-2023-51437 (Observable timing discrepancy vulnerability in Apache Pulsar SASL Auth ...) NOT-FOR-US: Apache Pulsar CVE-2023-51435 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-51434 (Some Honor products are affected by buffer overflow vulnerability, suc ...) NOT-FOR-US: Honor CVE-2023-51433 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-51432 (Some Honor products are affected by out of bounds read vulnerability, ...) NOT-FOR-US: Honor CVE-2023-51431 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-51430 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-51429 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-51428 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-51427 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-51426 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-50448 (In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue a ...) NOT-FOR-US: ActiveAdmin (aka Active Admin) CVE-2023-50104 (ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index. ...) NOT-FOR-US: ZZCMS CVE-2023-31302 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31301 (Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31300 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31299 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31298 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31296 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31295 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31294 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31293 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-31292 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...) NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO) CVE-2023-7163 (A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that co ...) NOT-FOR-US: D-Link CVE-2023-7134 (A vulnerability was found in SourceCodester Medicine Tracking System 1 ...) NOT-FOR-US: SourceCodester Medicine Tracking System CVE-2023-7133 (A vulnerability was found in y_project RuoYi 4.7.8. It has been declar ...) NOT-FOR-US: y_project RuoYi CVE-2023-7132 (A vulnerability was found in code-projects Intern Membership Managemen ...) NOT-FOR-US: code-projects Intern Membership Management System CVE-2023-7131 (A vulnerability was found in code-projects Intern Membership Managemen ...) NOT-FOR-US: code-projects Intern Membership Management System CVE-2023-7129 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: code-projects Voting System CVE-2023-7128 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Voting System CVE-2023-7127 (A vulnerability classified as critical was found in code-projects Auto ...) NOT-FOR-US: code-projects Automated Voting System CVE-2023-7126 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Automated Voting System CVE-2023-52082 (Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vul ...) NOT-FOR-US: Lychee photo-management tool (not the same as src:lychee from #993913) CVE-2023-52081 (ffcss is a CLI interface to apply and configure Firefox CSS themes. Pr ...) NOT-FOR-US: ffcss CVE-2023-52079 (msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior ...) NOT-FOR-US: msgpackr Node.js module CVE-2023-51501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress theme CVE-2023-50874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50873 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou A ...) NOT-FOR-US: WordPress plugin CVE-2023-50860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50858 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disabl ...) NOT-FOR-US: WordPress plugin CVE-2023-50857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50856 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50855 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50853 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50848 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50847 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50846 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50845 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50844 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50842 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50841 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50840 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50839 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50838 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-50836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50470 (A cross-site scripting (XSS) vulnerability in the component admin_ Vid ...) NOT-FOR-US: SeaCMS CVE-2023-50267 (MeterSphere is a one-stop open source continuous testing platform. Pri ...) NOT-FOR-US: MeterSphere CVE-2023-4672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Talent Software ECOP CVE-2023-4671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Talent Software ECOP CVE-2023-46987 (SeaCMS v12.9 was discovered to contain a remote code execution (RCE) v ...) NOT-FOR-US: SeaCMS CVE-2023-36381 (Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt G ...) NOT-FOR-US: WordPress plugin CVE-2023-32795 (Deserialization of Untrusted Data vulnerability in WooCommerce Product ...) NOT-FOR-US: WordPress plugin CVE-2023-32513 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u201 ...) NOT-FOR-US: WordPress plugin CVE-2023-7124 (A vulnerability, which was classified as problematic, was found in cod ...) NOT-FOR-US: code-projects E-Commerce Site CVE-2023-7123 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Medicine Tracking System CVE-2023-6879 (Increasing the resolution of video frames, while performing a multi-th ...) - aom 3.7.1-1 [bookworm] - aom (Minor issue) [bullseye] - aom (Minor issue) [buster] - aom (Minor issue) NOTE: https://crbug.com/aomedia/3491 NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/7ae7bef246e85c8f349513d668b4571c79a43c5c (v3.7.1-rc1) NOTE: Followup: https://aomedia.googlesource.com/aom/+/24467e8ac3b0f6f5d09457d342327393b8e3da3d (v3.7.1-rc1) NOTE: Tests: https://aomedia.googlesource.com/aom/+/8b9ea452396a00f2d019b8b11b8876d363d62659 (v3.7.1-rc1) CVE-2023-51084 (hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ...) NOT-FOR-US: hyavijava CVE-2023-51080 (The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discover ...) NOT-FOR-US: Hutool CVE-2023-51079 (A long execution time can occur in the ParseTools.subCompileExpression ...) NOT-FOR-US: mvel2 CVE-2023-51075 (hutool-core v5.8.23 was discovered to contain an infinite loop in the ...) NOT-FOR-US: Hutool CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...) - jayway-jsonpath [bookworm] - jayway-jsonpath (Minor issue) [bullseye] - jayway-jsonpath (Minor issue) [buster] - jayway-jsonpath (Minor issue) NOTE: https://github.com/json-path/JsonPath/issues/973 CVE-2023-51010 (An issue in the export component AdSdkH5Activity of com.sdjictec.qdmet ...) NOT-FOR-US: com.sdjictec.qdmetro CVE-2023-51006 (An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 a ...) NOT-FOR-US: Chinese Perpetual Calendar CVE-2023-50692 (File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to ...) NOT-FOR-US: JIZHICMS CVE-2023-50445 (Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT ...) NOT-FOR-US: GL.iNet CVE-2023-50038 (There is an arbitrary file upload vulnerability in the background of t ...) - textpattern CVE-2023-49469 (Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, ...) - shaarli 0.13.0+dfsg-1 [bookworm] - shaarli (Minor issue) NOTE: https://github.com/shaarli/Shaarli/issues/2038 NOTE: https://github.com/shaarli/Shaarli/commit/326870f216ba52d80488cb4ba3fadcf1247d7cf8 (v0.13.0) CVE-2023-49230 (An issue was discovered in Peplink Balance Two before 8.4.0. A missing ...) NOT-FOR-US: Peplink Balance Two CVE-2023-49229 (An issue was discovered in Peplink Balance Two before 8.4.0. A missing ...) NOT-FOR-US: Peplink Balance Two CVE-2023-49228 (An issue was discovered in Peplink Balance Two before 8.4.0. Console p ...) NOT-FOR-US: Peplink Balance Two CVE-2023-49003 (An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker ...) NOT-FOR-US: simplemobiletools Simple Dialer CVE-2023-49002 (An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer ...) NOT-FOR-US: Phone Dialer-voice Call Dialer CVE-2023-49001 (An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker ...) NOT-FOR-US: Indi Browser (aka kvbrowser) CVE-2023-49000 (An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an att ...) NOT-FOR-US: ArtistScope ArtisBrowser CVE-2023-47883 (The com.altamirano.fabricio.tvbrowser TV browser application through 4 ...) NOT-FOR-US: com.altamirano.fabricio.tvbrowser TV browser application CVE-2023-47882 (The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9 ...) NOT-FOR-US: Kami Vision YI IoT com.yunyi.smartcamera application CVE-2023-46989 (SQL Injection vulnerability in the Innovadeluxe Quick Order module for ...) NOT-FOR-US: PrestaShop module CVE-2023-46919 (Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlo ...) NOT-FOR-US: Phlox CVE-2023-46918 (Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1- ...) NOT-FOR-US: Phlox CVE-2023-45702 (An HCL UrbanCode Deploy Agent installed as a Windows service in a non- ...) NOT-FOR-US: HCL CVE-2023-45701 (HCL Launch could allow a remote attacker to obtain sensitive informati ...) NOT-FOR-US: HCL CVE-2023-43955 (The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Androi ...) NOT-FOR-US: com.phlox.tvwebbrowser TV Bro application CVE-2023-43481 (An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browse ...) NOT-FOR-US: Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) CVE-2023-34829 (Incorrect access control in TP-Link Tapo before v3.1.315 allows attack ...) NOT-FOR-US: TP-Link CVE-2023-7116 (A vulnerability, which was classified as critical, has been found in W ...) NOT-FOR-US: WeiYe-Jing datax-web CVE-2023-6531 (A use-after-free flaw was found in the Linux Kernel due to a race prob ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1} - linux 6.6.8-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5) CVE-2023-6190 (Improper Input Validation vulnerability in \u0130zmir Katip \xc7elebi ...) NOT-FOR-US: Izmir Katip Celebi University University Information Management System CVE-2023-52077 (Nexkey is a lightweight fork of Misskey v12 optimized for small to med ...) NOT-FOR-US: Nexkey CVE-2023-52075 (ReVanced API proxies requests needed to feed the ReVanced Manager and ...) NOT-FOR-US: ReVanced CVE-2023-51700 (Unofficial Mobile BankID Integration for WordPress lets users employ M ...) NOT-FOR-US: WordPress plugin CVE-2023-51697 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) NOT-FOR-US: Audiobookshelf CVE-2023-51665 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) NOT-FOR-US: Audiobookshelf CVE-2023-51664 (tj-actions/changed-files is a Github action to retrieve all files and ...) NOT-FOR-US: tj-actions changed-files Github action CVE-2023-50255 (Deepin-Compressor is the default archive manager of Deepin Linux OS. P ...) - deepin-compressor (bug #977582) CVE-2023-40038 (Arris DG860A and DG1670A devices have predictable default WPA2 PSKs th ...) NOT-FOR-US: Arris DG860A and DG1670A devices CVE-2023-52096 (SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps su ...) NOT-FOR-US: SteVe Community ocpp-jaxb CVE-2023-49438 (An open redirect vulnerability in the python package Flask-Security-To ...) NOT-FOR-US: Flask-Security-Too CVE-2023-48003 (An open redirect through HTML injection in user messages in Asp.Net Ze ...) NOT-FOR-US: Asp.Net Zero CVE-2023-6268 (The JSON Content Importer WordPress plugin before 1.5.4 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-6250 (The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses ...) NOT-FOR-US: WordPress plugin CVE-2023-6166 (The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generat ...) NOT-FOR-US: WordPress plugin CVE-2023-6155 (The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately aut ...) NOT-FOR-US: WordPress plugin CVE-2023-6114 (The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-5991 (The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-5980 (The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-5939 (The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2023-5931 (The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2023-5674 (The WP Mail Log WordPress plugin before 1.1.3 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-5673 (The WP Mail Log WordPress plugin before 1.1.3 does not properly valida ...) NOT-FOR-US: WordPress plugin CVE-2023-5672 (The WP Mail Log WordPress plugin before 1.1.3 does not properly valida ...) NOT-FOR-US: WordPress plugin CVE-2023-5645 (The WP Mail Log WordPress plugin before 1.1.3 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-5644 (The WP Mail Log WordPress plugin before 1.1.3 does not correctly autho ...) NOT-FOR-US: WordPress plugin CVE-2023-5203 (The WP Sessions Time Monitoring Full Automatic WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-5180 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-52086 (resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 ...) NOT-FOR-US: PHP backend for resumable.js CVE-2023-51107 (A floating point exception (divide-by-zero) vulnerability was discover ...) - mupdf (unimportant) NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#3-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-compute_color-of-jquant2c-in-line-533 NOTE: Negligible security impact, crash in CLI tool CVE-2023-51106 (A floating point exception (divide-by-zero) vulnerability was discover ...) - mupdf (unimportant) NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#4-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-pnm_binary_read_image-of-load-pnmc-in-line-519 NOTE: Negligible security impact, crash in CLI tool CVE-2023-51105 (A floating point exception (divide-by-zero) vulnerability was discover ...) - mupdf (unimportant) NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#1-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-bmp_decompress_rle4-of-load-bmpc-in-line-541 NOTE: Negligible security impact, crash in CLI tool CVE-2023-51104 (A floating point exception (divide-by-zero) vulnerability was discover ...) - mupdf (unimportant) NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#5-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-pnm_binary_read_image-of-load-pnmc-in-line-527 NOTE: Negligible security impact, crash in CLI tool CVE-2023-51103 (A floating point exception (divide-by-zero) vulnerability was discover ...) - mupdf (unimportant) NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md NOTE: https://github.com/dongyuma/sox-defects/blob/main/mupdf-defects.md#2-a-floating-point-exception-divide-by-zero-issue-was-discovered-in-mupdf-in-functon-fz_new_pixmap_from_float_data-of-pixmapc-in-line-1330 NOTE: Negligible security impact, crash in CLI tool CVE-2023-51102 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-51101 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-51100 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injecti ...) NOT-FOR-US: Tenda CVE-2023-51099 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injecti ...) NOT-FOR-US: Tenda CVE-2023-51098 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injecti ...) NOT-FOR-US: Tenda CVE-2023-51097 (Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-51095 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-51094 (Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution ...) NOT-FOR-US: Tenda CVE-2023-51093 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-51092 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-51091 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-51090 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-49949 (Passwork before 6.2.0 allows remote authenticated users to bypass 2FA ...) NOT-FOR-US: Passwork CVE-2023-45251 REJECTED CVE-2023-43851 REJECTED CVE-2015-10127 (A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPre ...) NOT-FOR-US: WordPress plugin CVE-2014-125109 (A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. ...) NOT-FOR-US: WordPress plugin CVE-2012-10017 (A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 o ...) NOT-FOR-US: WordPress plugin CVE-2023-51467 (The vulnerability permits attackers to circumvent authentication proce ...) NOT-FOR-US: Apache OFBiz CVE-2023-50968 (Arbitrary file properties reading vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache OFBiz CVE-2023-7111 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: code-projects Library Management System CVE-2023-7110 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: code-projects Library Management System CVE-2023-7109 (A vulnerability classified as critical was found in code-projects Libr ...) NOT-FOR-US: code-projects Library Management System CVE-2023-7108 (A vulnerability classified as problematic has been found in code-proje ...) NOT-FOR-US: code-projects E-Commerce Website CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...) NOT-FOR-US: code-projects E-Commerce Website CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...) NOT-FOR-US: code-projects E-Commerce Website CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...) NOT-FOR-US: code-projects E-Commerce Website CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...) - sqlite3 3.43.1-1 [bookworm] - sqlite3 (Minor issue) [bullseye] - sqlite3 (Minor issue) [buster] - sqlite3 (Minor issue) NOTE: https://sqlite.org/forum/forumpost/5bcbf4571c NOTE: Fixed by: https://sqlite.org/src/info/0e4e7a05c4204b47 CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...) - libjose4j-java NOTE: https://bitbucket.org/b_c/jose4j/issues/212 NOTE: https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3 CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...) - ruby-json-jwt [bookworm] - ruby-json-jwt (Revisit when addressed upstream) [bullseye] - ruby-json-jwt (Revisit when addressed upstream) [buster] - ruby-json-jwt (Revisit when addressed upstream) NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md NOTE: https://github.com/nov/json-jwt/issues/113 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read ...) NOT-FOR-US: BACnet Stack CVE-2023-51654 (Improper link resolution before file access ('Link Following') issue e ...) NOT-FOR-US: iPrint&Scan Desktop for Windows CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unau ...) NOT-FOR-US: VR-S1000 firmware CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to cause a ...) - golang-github-dvsekhvalnov-jose2go (bug #1059507) [bookworm] - golang-github-dvsekhvalnov-jose2go (Minor issue) [bullseye] - golang-github-dvsekhvalnov-jose2go (Minor issue) [buster] - golang-github-dvsekhvalnov-jose2go (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317 (v1.6.0) CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User Managemen ...) NOT-FOR-US: GROWI CVE-2023-50332 (Improper authorization vulnerability exists in the User Management (/a ...) NOT-FOR-US: GROWI CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Ser ...) NOT-FOR-US: PowerCMS CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 s ...) NOT-FOR-US: GROWI CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App Settings ( ...) NOT-FOR-US: GROWI CVE-2023-49807 (Stored cross-site scripting vulnerability when processing the MathJax ...) NOT-FOR-US: GROWI CVE-2023-49779 (Stored cross-site scripting vulnerability exists in the anchor tag of ...) NOT-FOR-US: GROWI CVE-2023-49598 (Stored cross-site scripting vulnerability exists in the event handlers ...) NOT-FOR-US: GROWI CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags exists in G ...) NOT-FOR-US: GROWI CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-si ...) NOT-FOR-US: PowerCMS CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting a behavi ...) NOT-FOR-US: GROWI CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographi ...) NOT-FOR-US: VR-S1000 firmware CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the User set ...) NOT-FOR-US: GROWI CVE-2023-46681 (Improper neutralization of argument delimiters in a command ('Argument ...) NOT-FOR-US: VR-S1000 firmware CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access ...) NOT-FOR-US: VR-S1000 firmware CVE-2023-45740 (Stored cross-site scripting vulnerability when processing profile imag ...) NOT-FOR-US: GROWI CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App Settings ( ...) NOT-FOR-US: GROWI CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the presentation f ...) NOT-FOR-US: GROWI CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl i ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1 DLA-3710-1} - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6) CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1 DLA-3710-1} - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6) CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1 DLA-3710-1} - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6) CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel th ...) {DSA-5593-1} - linux 6.6.9-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7) CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...) NOT-FOR-US: Concrete CMS CVE-2023-48653 (Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Reques ...) NOT-FOR-US: Concrete CMS CVE-2023-48651 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forger ...) NOT-FOR-US: Concrete CMS CVE-2023-48650 (Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admi ...) NOT-FOR-US: Concrete CMS CVE-2023-41165 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7. ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...) NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102) CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...) {DSA-5592-1 DLA-3702-1} - libspreadsheet-parseexcel-perl 0.6500-4 (bug #1059450) NOTE: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc NOTE: https://github.com/runrig/spreadsheet-parseexcel/issues/33 NOTE: Fixed by: https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc (CPAN_0.66) CVE-2023-7100 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Restaurant Table Booking System CVE-2023-7099 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System CVE-2023-7098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: icret EasyImages CVE-2023-7097 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Water Billing System CVE-2023-7096 (A vulnerability was found in code-projects Faculty Management System 1 ...) NOT-FOR-US: code-projects Faculty Management System CVE-2023-7095 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Totolink CVE-2023-7094 (A vulnerability classified as problematic was found in Netentsec NS-AS ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-7093 (A vulnerability classified as critical has been found in KylinSoft kyl ...) NOT-FOR-US: KylinSoft kylin-system-updater CVE-2023-7092 (A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as ...) NOT-FOR-US: Uniway UW-302VP CVE-2023-7091 (A vulnerability was found in Dreamer CMS 4.1.3. It has been declared a ...) NOT-FOR-US: Dreamer CMS CVE-2023-51772 (One Identity Password Manager before 5.13.1 allows Kiosk Escape. This ...) NOT-FOR-US: One Identity Password Manager CVE-2023-51771 (In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHead ...) NOT-FOR-US: MicroHttpServer CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt before 5.15. ...) {DLA-3805-1} - qt6-base 6.4.2+dfsg-21 (bug #1060693) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src 5.15.10+dfsg-6 (bug #1060694) [bookworm] - qtbase-opensource-src (Minor issue) [bullseye] - qtbase-opensource-src (Minor issue) - qtbase-opensource-src-gles 5.15.10+dfsg-4 (bug #1060695) [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/524864 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/524865/3 CVE-2023-49954 (The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 ...) NOT-FOR-US: 3CX CVE-2023-49944 (The Challenge Response feature of BeyondTrust Privilege Management for ...) NOT-FOR-US: BeyondTrust CVE-2023-49880 (In the Message Entry and Repair (MER) facility of IBM Financial Transa ...) NOT-FOR-US: IBM CVE-2023-49328 (On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, ...) NOT-FOR-US: Wolters Kluwer B.POINT CVE-2023-49226 (An issue was discovered in Peplink Balance Two before 8.4.0. Command i ...) NOT-FOR-US: Peplink Balance Two CVE-2023-48654 (One Identity Password Manager before 5.13.1 allows Kiosk Escape. This ...) NOT-FOR-US: One Identity Password Manager CVE-2023-48652 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forger ...) NOT-FOR-US: Concrete CMS CVE-2023-47247 (In SysAid On-Premise before 23.3.34, there is an edge case in which an ...) NOT-FOR-US: SysAid CVE-2023-47091 (An issue was discovered in Stormshield Network Security (SNS) SNS 4.3. ...) NOT-FOR-US: Stormshield Network Security (SNS) SNS CVE-2023-43064 (Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local ...) NOT-FOR-US: IBM CVE-2023-40236 (In Pexip VMR self-service portal before 3, the same SSH host key is us ...) NOT-FOR-US: Pexip CVE-2023-38826 (A Cross Site Scripting (XSS) vulnerability exists in Follet Learning S ...) NOT-FOR-US: Follet Learning Solutions Destiny CVE-2023-37225 (Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.) NOT-FOR-US: Pexip CVE-2023-37188 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...) NOT-FOR-US: C-blosc2 CVE-2023-37187 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...) NOT-FOR-US: C-blosc2 CVE-2023-37186 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...) NOT-FOR-US: C-blosc2 CVE-2023-37185 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer derefer ...) NOT-FOR-US: C-blosc2 CVE-2023-36486 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remot ...) NOT-FOR-US: ILIAS CVE-2023-36485 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remot ...) NOT-FOR-US: ILIAS CVE-2023-31455 (Pexip Infinity before 31.2 has Improper Input Validation for RTCP, all ...) NOT-FOR-US: Pexip CVE-2023-31297 (An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transpo ...) NOT-FOR-US: SESAMI planfocus CPTO (Cash Point & Transport Optimizer) CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might allow r ...) - openssh (bug #1059393; unimportant) NOTE: https://arxiv.org/abs/2309.02545 NOTE: Upstream does not consider CVE-2023-51767 a bug underlying in OpenSSH and NOTE: does not intent to address it in OpenSSH. To todays knowledge (2024-03-13) NOTE: it has not been demonstrated that the issue is exploitable in any real NOTE: software configuration. CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...) {DSA-5597-1 DLA-3708-1} - exim4 4.97-3 (bug #1059387) NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6 NOTE: https://bugs.exim.org/show_bug.cgi?id=3063 NOTE: https://exim.org/static/doc/security/CVE-2023-51766.txt NOTE: https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5 NOTE: https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4 NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configuration ...) - sendmail 8.18.1-1 (bug #1059386) [bookworm] - sendmail (Minor issue) [bullseye] - sendmail (Minor issue) NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6 NOTE: https://www.openwall.com/lists/oss-security/2023/12/26/5 CVE-2023-51764 (Postfix through 3.8.5 allows SMTP smuggling unless configured with smt ...) {DLA-3725-1} - postfix 3.8.4-1 (bug #1059230) [bookworm] - postfix 3.7.9-0+deb12u1 [bullseye] - postfix 3.5.23-0+deb11u1 NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6 NOTE: https://www.postfix.org/smtp-smuggling.html NOTE: https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html NOTE: https://lists.debian.org/debian-stable-announce/2023/12/msg00004.html NOTE: Short-term Mitigation: smtpd_forbid_unauth_pipelining = yes NOTE: Long-term fix with new (optional) feature that is disabled by default: NOTE: New setting: smtpd_forbid_bare_newline = yes NOTE: https://www.openwall.com/lists/oss-security/2023/12/22/3 NOTE: Fixes for older releases: https://www.postfix.org/smtp-smuggling.html#back-ports CVE-2023-51763 (csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows C ...) NOT-FOR-US: ActiveAdmin (aka Active Admin) CVE-2023-7090 (A flaw was found in sudo in the handling of ipa_hostname, where ipa_ho ...) {DLA-3732-1} - sudo 1.8.28p1-1 NOTE: https://github.com/sudo-project/sudo/commit/e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c (SUDO_1_8_28p1) NOTE: https://www.sudo.ws/repos/sudo/rev/b4f31dbe3109 NOTE: https://www.sudo.ws/releases/legacy/#1.8.28 NOTE: https://www.sudo.ws/pipermail/sudo-workers/2019-August/001248.html NOTE: https://www.sudo.ws/pipermail/sudo-workers/2019-August/001249.html CVE-2023-6744 (The Divi theme for WordPress is vulnerable to Stored Cross-Site Script ...) NOT-FOR-US: WordPress theme CVE-2023-5962 (A weak cryptographic algorithm vulnerability has been identified in io ...) NOT-FOR-US: ioLogik E1200 Series firmware CVE-2023-5961 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...) NOT-FOR-US: ioLogik E1200 Series firmware CVE-2023-49594 (An information disclosure vulnerability exists in the challenge functi ...) NOT-FOR-US: instipod DuoUniversalKeycloakAuthenticator CVE-2020-36769 (The Widget Settings Importer/Exporter Plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2016-15036 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Work ...) NOT-FOR-US: Deis Workflow Manager CVE-2014-125108 (A vulnerability was found in w3c online-spellchecker-py up to 20140130 ...) NOT-FOR-US: w3c online-spellchecker-py CVE-2023-51443 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) CVE-2023-7002 (The Backup Migration plugin for WordPress is vulnerable to OS Command ...) NOT-FOR-US: WordPress plugin CVE-2023-6972 (The Backup Migration plugin for WordPress is vulnerable to Path Traver ...) NOT-FOR-US: WordPress plugin CVE-2023-6971 (The Backup Migration plugin for WordPress is vulnerable to Remote File ...) NOT-FOR-US: WordPress plugin CVE-2023-51651 (AWS SDK for PHP is the Amazon Web Services software development kit fo ...) - aws-sdk-for-php NOTE: https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m NOTE: https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2 (3.288.1) CVE-2023-51650 (Hertzbeat is an open source, real-time monitoring system. Prior to ver ...) NOT-FOR-US: Hertzbeat CVE-2023-51451 (Symbolicator is a service used in Sentry. Starting in Symbolicator ver ...) NOT-FOR-US: Symbolicator service in Sentry CVE-2023-51449 (Gradio is an open-source Python package that allows you to quickly bui ...) NOT-FOR-US: Gradio CVE-2023-51387 (Hertzbeat is an open source, real-time monitoring system. Hertzbeat us ...) NOT-FOR-US: Hertzbeat CVE-2023-51386 (Sandbox Accounts for Events provides multiple, temporary AWS accounts ...) NOT-FOR-US: Sandbox Accounts for Events CVE-2023-50928 ("Sandbox Accounts for Events" provides multiple, temporary AWS account ...) NOT-FOR-US: Sandbox Accounts for Events CVE-2023-50924 (Englesystem is a shift planning system for chaos events. Engelsystem p ...) NOT-FOR-US: Englesystem CVE-2023-50731 (MindsDB is a SQL Server for artificial intelligence. Prior to version ...) NOT-FOR-US: MindsDB CVE-2023-50730 (Grackle is a GraphQL server written in functional Scala, built on the ...) NOT-FOR-US: Grackle CVE-2023-50727 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...) NOT-FOR-US: Resque CVE-2023-6937 (wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS recor ...) [experimental] - wolfssl 5.6.6-1 - wolfssl 5.6.6-1.2 (bug #1059357) [bookworm] - wolfssl (Minor issue) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities CVE-2023-6936 (In wolfSSL prior to 5.6.6, if callback functions are enabled (via the ...) [experimental] - wolfssl 5.6.6-1 - wolfssl 5.6.6-1.2 (bug #1059357) [bookworm] - wolfssl (Minor issue) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities CVE-2023-6935 (wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Att ...) [experimental] - wolfssl 5.6.6-1 - wolfssl 5.6.6-1.2 (bug #1059357) [bookworm] - wolfssl (Minor issue) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been ...) NOT-FOR-US: slawkens MyAAC CVE-2023-7075 (A vulnerability was found in code-projects Point of Sales and Inventor ...) NOT-FOR-US: code-projects Point of Sales and Inventory Management System CVE-2023-51662 (The Snowflake .NET driver provides an interface to the Microsoft .NET ...) NOT-FOR-US: Snowflake connector for .NET CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run anywher ...) NOT-FOR-US: Wasmer (WebAssembly runtime) CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2023-51448 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.26+ds1-1 [bookworm] - cacti (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied) [bullseye] - cacti (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied) [buster] - cacti (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594 NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/7b1ae5bcab3caca020da0080e19ac51c2743adfe (release/1.2.25, CVE-2023-30534) NOTE: Probably duplicate of CVE-2023-46490 CVE-2023-51035 (TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...) NOT-FOR-US: TOTOLINK CVE-2023-51034 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...) NOT-FOR-US: TOTOLINK CVE-2023-51033 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...) NOT-FOR-US: TOTOLINK CVE-2023-51028 (TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51027 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51025 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthori ...) NOT-FOR-US: TOTOLINK CVE-2023-51024 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51023 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...) NOT-FOR-US: TOTOLINK CVE-2023-51022 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51021 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51020 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51019 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51018 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51017 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51016 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51015 (TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...) NOT-FOR-US: TOTOLINK CVE-2023-51014 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51013 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51012 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-51011 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...) NOT-FOR-US: TOTOLINK CVE-2023-50725 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...) NOT-FOR-US: Resque CVE-2023-50714 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...) NOT-FOR-US: ii2-authclient extension for Yii framework CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident responder ...) NOT-FOR-US: Iris CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...) NOT-FOR-US: ii2-authclient extension for Yii framework CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...) - cacti 1.2.26+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u2 [bullseye] - cacti (Vulnerable code introduced later) [buster] - cacti (Vulnerable code introduced later) NOTE: https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf NOTE: Introduced by: https://github.com/Cacti/cacti/commit/27a36d48e1cea172b0750c970324208b39d2bec5 (release/1.2.23) NOTE: Exact same text as GHSA-xwqc-7jc4-xm73 / CVE-2023-50250. NOTE: Duplicate reported at MITRE 2024-01-18 (CVE Request 1589347) CVE-2023-50259 (Medusa is an automatic video library manager for TV shows. Versions pr ...) NOT-FOR-US: Medusa (not same as src:medusa) CVE-2023-50258 (Medusa is an automatic video library manager for TV shows. Versions pr ...) NOT-FOR-US: Medusa (not same as src:medusa) CVE-2023-50254 (Deepin Linux's default document reader `deepin-reader` software suffer ...) - deepin-reader (bug #970218) CVE-2023-50250 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.26+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u2 [bullseye] - cacti (Vulnerable code introduced later) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b (release/1.2.26) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/27a36d48e1cea172b0750c970324208b39d2bec5 (release/1.2.23) CVE-2023-50147 (There is an arbitrary command execution vulnerability in the setDiagno ...) NOT-FOR-US: TOTOLINK CVE-2023-49792 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-49791 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-49790 (The Nextcloud iOS Files app allows users of iOS to interact with Nextc ...) NOT-FOR-US: Nextcloud iOS Files app CVE-2023-49391 (An issue was discovered in free5GC version 3.3.0, allows remote attack ...) NOT-FOR-US: free5GC CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an atta ...) - mp3gain 1.6.2-2 NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md NOTE: Likely the same and duplicate of CVE-2018-10777 and covered by the same fixes applied CVE-2023-49088 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.26+ds1-1 NOTE: Caused by an incomplete fix for CVE-2023-39515 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h (CVE-2023-39515) NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/73d9a60e24d6d826e6343b94d833b48c28b68643 (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x) CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.26+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855 NOTE: https://github.com/Cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 (release/1.2.26) NOTE: Requires multi-pollers setup CVE-2023-48704 (ClickHouse is an open-source column-oriented database management syste ...) - clickhouse (bug #1059367) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-5rmf-5g48-xv63 NOTE: https://github.com/ClickHouse/ClickHouse/pull/57107 CVE-2023-48670 (Dell SupportAssist for Home PCs version 3.14.1 and prior versions cont ...) NOT-FOR-US: Dell CVE-2023-45957 (A stored cross-site scripting (XSS) vulnerability in the component adm ...) NOT-FOR-US: thirty bees CVE-2023-45165 (IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit ...) NOT-FOR-US: IBM CVE-2023-43741 (A time-of-check-time-of-use race condition vulnerability in Buildkite ...) NOT-FOR-US: Buildkite Elastic CI for AWS CVE-2023-43116 (A symbolic link following vulnerability in Buildkite Elastic CI for AW ...) NOT-FOR-US: Buildkite Elastic CI for AWS CVE-2023-43088 (Dell Client BIOS contains a pre-boot direct memory access (DMA) vulner ...) NOT-FOR-US: Dell CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker to uplo ...) NOT-FOR-US: IBM CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-52322 (ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2 ...) {DLA-3761-1} - spip 4.1.13+dfsg-1 (bug #1059331) [bookworm] - spip 4.1.9+dfsg-1+deb12u4 [bullseye] - spip 3.2.11-3+deb11u10 NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html?lang=fr NOTE: https://git.spip.net/spip/spip/commit/e90f5344b8c82711053053e778d38a35e42b7bcb CVE-2023-7059 (A vulnerability was found in SourceCodester School Visitor Log e-Book ...) NOT-FOR-US: SourceCodester School Visitor Log e-Book CVE-2023-7058 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-7057 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: code-projects Faculty Management System CVE-2023-7056 (A vulnerability classified as problematic was found in code-projects F ...) NOT-FOR-US: code-projects Faculty Management System CVE-2023-7055 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-7054 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-7053 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-7052 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-7051 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-7050 (A vulnerability has been found in PHPGurukul Online Notes Sharing Syst ...) NOT-FOR-US: PHPGurukul Online Notes Sharing System CVE-2023-6847 (An improper authentication vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-6804 (Improper privilege management allowed arbitrary workflows to be commit ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-6803 (A race condition in GitHub Enterprise Server allows an outside collabo ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-6802 (An insertion of sensitive information into the log file in the audit l ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-6746 (An insertion of sensitive information into log file vulnerability was ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-6690 (A race condition in GitHub Enterprise Server allowed an existing admin ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...) - proftpd-dfsg 1.3.8.a+dfsg-1 [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u3 [bullseye] - proftpd-dfsg (Minor issue) [buster] - proftpd-dfsg (Minor issue) NOTE: https://github.com/proftpd/proftpd/issues/1683 NOTE: https://github.com/proftpd/proftpd/commit/1376d8ccc0966d1ce9a1c76b32c6a9ca61bbe67f (v1.3.9rc1) NOTE: https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 (v1.3.8a) CVE-2023-51708 (Bentley eB System Management Console applications within Assetwise Int ...) NOT-FOR-US: Bentley eB System Management Console CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...) NOT-FOR-US: MotionPro CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...) {DLA-3796-1} - mediawiki 1:1.39.6-1 [bookworm] - mediawiki 1:1.39.7-1~deb12u1 [bullseye] - mediawiki (Minor issue, fix along in next update) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ NOTE: https://phabricator.wikimedia.org/T347726 CVE-2023-51380 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-51379 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-49690 REJECTED CVE-2023-49689 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...) NOT-FOR-US: Job Portal CVE-2023-49688 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...) NOT-FOR-US: Job Portal CVE-2023-49687 REJECTED CVE-2023-49686 REJECTED CVE-2023-49685 REJECTED CVE-2023-49684 REJECTED CVE-2023-49683 REJECTED CVE-2023-49682 REJECTED CVE-2023-49681 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...) NOT-FOR-US: Job Portal CVE-2023-49680 REJECTED CVE-2023-49679 REJECTED CVE-2023-49678 REJECTED CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...) NOT-FOR-US: Job Portal CVE-2023-49086 (Cacti is a robust performance and fault management framework and a fro ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.26+ds1-1 (bug #1059254) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr NOTE: https://github.com/Cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 (1.2.x) CVE-2023-49084 (Cacti is a robust performance and fault management framework and a fro ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.26+ds1-1 (bug #1059254) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp NOTE: https://github.com/Cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 (release/1.2.26) NOTE: https://github.com/Cacti/cacti/commit/c3a647e9867ae8e2982e26342630ba9edb2d94b7 (release/1.2.26) NOTE: Mitigated in Debian by not shipping or creating 'include/content/' CVE-2023-48723 REJECTED CVE-2023-48722 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...) NOT-FOR-US: Student Result Management System CVE-2023-48720 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...) NOT-FOR-US: Student Result Management System CVE-2023-48719 REJECTED CVE-2023-48718 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...) NOT-FOR-US: Student Result Management System CVE-2023-48717 REJECTED CVE-2023-48716 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...) NOT-FOR-US: Student Result Management System CVE-2023-48690 REJECTED CVE-2023-48689 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Railway Reservation System CVE-2023-48688 REJECTED CVE-2023-48687 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Railway Reservation System CVE-2023-48686 REJECTED CVE-2023-48685 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Railway Reservation System CVE-2023-48308 (Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain ...) NOT-FOR-US: Nextcloud calendar app CVE-2023-48298 (ClickHouse\xae is an open-source column-oriented database management s ...) - clickhouse (bug #1059261) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938 NOTE: https://github.com/ClickHouse/ClickHouse/pull/56795 CVE-2023-46649 (A race condition in GitHub Enterprise Server was identified that could ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-46648 (An insufficient entropy vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-46647 (Improper privilege management in all versions of GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-46646 (Improper access control in all versions of GitHub Enterprise Server al ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-46645 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2023-41097 (An Observable Timing Discrepancy, Covert Timing Channel vulnerability ...) NOT-FOR-US: Silicon Labs CVE-2023-37520 (UnauthenticatedStored Cross-Site Scripting (XSS) vulnerability identif ...) NOT-FOR-US: HCL CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This ...) NOT-FOR-US: HCL CVE-2023-42465 (Sudo before 1.9.15 might allow row hammer attacks (for authentication ...) - sudo 1.9.15p2-2 [bookworm] - sudo (Minor issue) [bullseye] - sudo (Minor issue) [buster] - sudo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9 NOTE: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f (SUDO_1_9_15p1) NOTE: it is more an hardening against hardware bug (rowhammer) than a security fix per se NOTE: part of the code in the fix commit are not built because debian use PAM: plugins/sudoers/auth/sudo_auth.[ch] NOTE: plugins/sudoers/lookup.c part was added in version 1.9.15 NOTE: plugins/sudoers/match.c, part was added in 1.8.21 CVE-2023-7047 (Inadequate validation of permissions when employing remote tools and ...) NOT-FOR-US: Devolutions CVE-2023-7042 (A null pointer dereference vulnerability was found in ath10k_wmi_tlv_o ...) {DSA-5681-1} - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/ CVE-2023-7041 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2023-7040 (A vulnerability classified as problematic was found in codelyfe Stupid ...) NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2023-7039 (A vulnerability classified as critical has been found in Byzoro S210 u ...) NOT-FOR-US: Beijing Baichuo S210 CVE-2023-7038 (A vulnerability was found in automad up to 1.10.9. It has been rated a ...) NOT-FOR-US: automad CVE-2023-7037 (A vulnerability was found in automad up to 1.10.9. It has been declare ...) NOT-FOR-US: automad CVE-2023-7036 (A vulnerability was found in automad up to 1.10.9. It has been classif ...) NOT-FOR-US: automad CVE-2023-7035 (A vulnerability was found in automad up to 1.10.9 and classified as pr ...) NOT-FOR-US: automad CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in the Linu ...) - linux 6.4.13-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.197-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3c4f8333b582487a2d1e02171f1465531cde53e3 (6.5-rc7) CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...) - openssl 3.1.5-1 (bug #1060347) [bookworm] - openssl (Minor issue; can be fixed later along with other issues) [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2024/01/09/1 NOTE: https://www.openssl.org/news/secadv/20240109.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f3fc5808fe9ff74042d639839610d03b8fdcc015 (openssl-3.1) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=050d26383d4e264966fb83428e72d5d48f402d35 (openssl-3.0) CVE-2023-6122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company Softomi Software CVE-2023-5989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: LioXERP CVE-2023-5988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: LioXERP CVE-2023-5594 (Improper validation of the server\u2019s certificate chain in secure t ...) NOT-FOR-US: ESET CVE-2023-51655 (In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible ...) - intellij-idea (bug #747616) CVE-2023-51442 (Navidrome is an open source web-based music collection server and stre ...) NOT-FOR-US: Navidrome CVE-2023-51052 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: S-CMS CVE-2023-51051 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: S-CMS CVE-2023-51050 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: S-CMS CVE-2023-51049 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: S-CMS CVE-2023-51048 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: S-CMS CVE-2023-50834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50832 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50826 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50825 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50824 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50822 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library for creati ...) NOT-FOR-US: Resque CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows remote att ...) NOT-FOR-US: blinksocks CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows remote att ...) NOT-FOR-US: nos client CVE-2023-50475 (An issue was discovered in bcoin-org bcoin version 2.2.0, allows remot ...) NOT-FOR-US: bcoin-org bcoin CVE-2023-50473 (Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI vers ...) NOT-FOR-US: bill-ahmed qbit-matUI CVE-2023-50377 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50119 REJECTED CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...) - tcpreplay (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/813 NOTE: Crash in CLI tool, no security impact CVE-2023-4255 (An out-of-bounds write issue has been discovered in the backspace hand ...) - w3m (bug #1059265) [bookworm] - w3m (Minor issue) [bullseye] - w3m (Minor issue) [buster] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 NOTE: https://github.com/tats/w3m/issues/268 NOTE: https://github.com/tats/w3m/pull/273 CVE-2023-49826 (Deserialization of Untrusted Data vulnerability in PenciDesign Soledad ...) NOT-FOR-US: WordPress plugin CVE-2023-49778 (Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa ...) NOT-FOR-US: WordPress plugin CVE-2023-49765 (Authorization Bypass Through User-Controlled Key vulnerability in Blaz ...) NOT-FOR-US: WordPress plugin CVE-2023-49762 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-49162 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-48288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-48116 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2023-48115 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored D ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2023-48114 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2023-47527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47191 (Authorization Bypass Through User-Controlled Key vulnerability in Kain ...) NOT-FOR-US: WordPress plugin CVE-2023-46791 REJECTED CVE-2023-45127 REJECTED CVE-2023-45126 REJECTED CVE-2023-45125 REJECTED CVE-2023-45124 REJECTED CVE-2023-45123 REJECTED CVE-2023-45122 REJECTED CVE-2023-45121 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45120 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45119 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45118 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45117 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45116 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-45115 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...) NOT-FOR-US: Online Examination System CVE-2023-44482 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) NOT-FOR-US: Leave Management System Project CVE-2023-44481 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) NOT-FOR-US: Leave Management System Project CVE-2023-40058 (Sensitive data was added to our public-facing knowledgebase that, if e ...) NOT-FOR-US: SolarWinds CVE-2023-32799 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-32747 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-32242 (Deserialization of Untrusted Data vulnerability in xtemos WoodMart - M ...) NOT-FOR-US: WordPress plugin CVE-2023-2487 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-48291 (Apache Airflow, in versions prior to 2.8.0, contains a security vulner ...) - airflow (bug #819700) CVE-2023-47265 (Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerab ...) - airflow (bug #819700) CVE-2023-49920 (Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that ...) - airflow (bug #819700) CVE-2023-50783 (Apache Airflow, versions before 2.8.0, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-51656 (Deserialization of Untrusted Data vulnerability in Apache IoTDB.This i ...) NOT-FOR-US: Apache IoTDB CVE-2023-XXXX [RUSTSEC-2023-0075] - rust-unsafe-libyaml 0.2.10-1 (bug #1059234) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0075.html NOTE: https://github.com/dtolnay/unsafe-libyaml/issues/21 CVE-2023-7026 (A vulnerability was found in Lightxun IPTV Gateway up to 20231208. It ...) NOT-FOR-US: Lightxun IPTV Gateway CVE-2023-7025 (A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0. ...) NOT-FOR-US: KylinSoft hedron-domain-hook CVE-2023-7024 (Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.12 ...) {DSA-5585-1} - chromium 120.0.6099.129-1 [buster] - chromium (see DSA 5046) CVE-2023-7023 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been ra ...) NOT-FOR-US: Tongda OA CVE-2023-7022 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been de ...) NOT-FOR-US: Tongda OA CVE-2023-7021 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been cl ...) NOT-FOR-US: Tongda OA CVE-2023-7020 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-51390 (journalpump is a daemon that takes log messages from journald and pump ...) NOT-FOR-US: journalpump CVE-2023-50993 (Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 ...) NOT-FOR-US: Ruijie CVE-2023-50992 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-50990 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50989 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection ...) NOT-FOR-US: Tenda CVE-2023-50988 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50987 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50986 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50985 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50984 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2023-50983 (Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection ...) NOT-FOR-US: Tenda CVE-2023-50639 (Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 a ...) NOT-FOR-US: CuteHttpFileServer CVE-2023-49032 (An issue in LTB Self Service Password before v.1.5.4 allows a remote a ...) NOT-FOR-US: LTB Self Service Password CVE-2023-48434 (Online Voting System Project v1.0 is vulnerable to multiple Unauthenti ...) NOT-FOR-US: Online Voting System Project CVE-2023-48433 (Online Voting System Project v1.0 is vulnerable to multiple Unauthenti ...) NOT-FOR-US: Online Voting System Project CVE-2023-47093 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2023-46131 (Grails is a framework used to build web applications with the Groovy p ...) - grails (bug #473213) CVE-2023-45703 (HCL Launch may mishandle input validation of an uploaded archive file ...) NOT-FOR-US: HCL CVE-2023-45700 (HCL Launch is vulnerable to HTML injection. This vulnerability may all ...) NOT-FOR-US: HCL CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...) NOT-FOR-US: Transformers CVE-2023-7008 (A vulnerability was found in systemd-resolved. This issue may allow sy ...) - systemd 255.1-3 (bug #1059278) [bookworm] - systemd 252.21-1~deb12u1 [bullseye] - systemd (Minor issue) [buster] - systemd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222672 NOTE: https://github.com/systemd/systemd/issues/25676 NOTE: systemd-resolved defaults to DNSSEC=no (disabled) everywhere, and is affected only NOTE: when manually enabled. NOTE: First observed in v241-rc1 NOTE: Fixed by: https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 (v256) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/6da5ca9dd69c0e3340d4439413718ad4963252de (v255.2) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/029272750fe451aeaac87a8c783cfb067f001e16 (v254.8) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/5c149c77cbf7b3743fa65ce7dc9d2b5a58351968 (v253.15) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb78da7f955c0102047319c55fff9d853ab7c87a (v252.21) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/f58fc88678b893162f2d6d4b2db094e7b1646386 (v251.20) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/4ada1290584745ab6643eece9e1756a8c0e079ca (v250.14) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/c8578cef7f0f1e8cb8193c29e5e77daf4e3a1c9f (v249.17) NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/3a409b210396c6a0bef621349f4caa3a865940f2 (v248.13) CVE-2023-6912 (Lack of protection against brute force attacks in M-Files Server befor ...) NOT-FOR-US: M-Files Server CVE-2023-6910 (A vulnerable API method in M-Files Server before 23.12.13195.0 allows ...) NOT-FOR-US: M-Files Server CVE-2023-6784 (A malicious user could potentially use the Sitefinity system for the d ...) NOT-FOR-US: Sitefinity CMS CVE-2023-6769 (Stored XSS vulnerability in Amazing Little Poll, affecting versions 1. ...) NOT-FOR-US: Amazing Little Poll CVE-2023-6768 (Authentication bypass vulnerability in Amazing Little Poll affecting v ...) NOT-FOR-US: Amazing Little Poll CVE-2023-6562 (JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an att ...) NOT-FOR-US: Kakadu CVE-2023-5011 (Student Information System v1.0 is vulnerable to multiple Authenticate ...) NOT-FOR-US: Student Information System CVE-2023-5010 (Student Information System v1.0 is vulnerable to multiple Authenticate ...) NOT-FOR-US: Student Information System CVE-2023-5007 (Student Information System v1.0 is vulnerable to multiple Authenticate ...) NOT-FOR-US: Student Information System CVE-2023-51462 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51461 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51460 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51459 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51458 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-51457 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-50628 (Buffer Overflow vulnerability in libming version 0.4.8, allows attacke ...) - ming CVE-2023-50249 (Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Reg ...) NOT-FOR-US: Sentry-Javascript CVE-2023-50044 (Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if ...) NOT-FOR-US: Cesenta MJS CVE-2023-49825 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49814 (Unrestricted Upload of File with Dangerous Type vulnerability in Symbi ...) NOT-FOR-US: WordPress plugin CVE-2023-49776 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49773 (Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp ...) NOT-FOR-US: WordPress plugin CVE-2023-49772 (Deserialization of Untrusted Data vulnerability in Phpbits Creative St ...) NOT-FOR-US: WordPress plugin CVE-2023-49752 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49272 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...) NOT-FOR-US: Hotel Management CVE-2023-49271 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...) NOT-FOR-US: Hotel Management CVE-2023-49270 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...) NOT-FOR-US: Hotel Management CVE-2023-49269 (Hotel Management v1.0 is vulnerable to multiple authenticated Reflecte ...) NOT-FOR-US: Hotel Management CVE-2023-49166 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49161 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47990 (SQL Injection vulnerability in components/table_manager/html/edit_admi ...) NOT-FOR-US: CuppaCMS CVE-2023-47852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47784 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...) NOT-FOR-US: WordPress plugin CVE-2023-47507 (Deserialization of Untrusted Data vulnerability in Master Slider Maste ...) NOT-FOR-US: WordPress plugin CVE-2023-47236 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47118 (ClickHouse\xae is an open-source column-oriented database management s ...) - clickhouse (bug #1059261) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-g22g-p6q2-x39v CVE-2023-46311 (Authorization Bypass Through User-Controlled Key vulnerability in gVec ...) NOT-FOR-US: WordPress plugin CVE-2023-46149 (Unrestricted Upload of File with Dangerous Type vulnerability in Themi ...) NOT-FOR-US: WordPress plugin CVE-2023-46147 (Deserialization of Untrusted Data vulnerability in Themify Themify Ult ...) NOT-FOR-US: WordPress plugin CVE-2023-45603 (Unrestricted Upload of File with Dangerous Type vulnerability in Jeff ...) NOT-FOR-US: WordPress plugin CVE-2023-41796 (Authorization Bypass Through User-Controlled Key vulnerability in WP S ...) NOT-FOR-US: WordPress plugin CVE-2023-40555 (Deserialization of Untrusted Data vulnerability in UX-themes Flatsome ...) NOT-FOR-US: WordPress plugin CVE-2023-40204 (Unrestricted Upload of File with Dangerous Type vulnerability in Premi ...) NOT-FOR-US: WordPress plugin CVE-2023-40010 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-3742 (Insufficient policy enforcement in ADB in Google Chrome on ChromeOS pr ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-38519 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-38513 (Authorization Bypass Through User-Controlled Key vulnerability in Jord ...) NOT-FOR-US: WordPress plugin CVE-2023-37871 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-36520 (Authorization Bypass Through User-Controlled Key vulnerability in Mark ...) NOT-FOR-US: WordPress plugin CVE-2023-35916 (Authorization Bypass Through User-Controlled Key vulnerability in Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-35915 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-35914 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-35895 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code e ...) NOT-FOR-US: IBM CVE-2023-35876 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...) NOT-FOR-US: WordPress plugin CVE-2023-34385 (Unrestricted Upload of File with Dangerous Type vulnerability in Aksha ...) NOT-FOR-US: WordPress plugin CVE-2023-34007 (Unrestricted Upload of File with Dangerous Type vulnerability in WPChi ...) NOT-FOR-US: WordPress plugin CVE-2023-33330 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-33318 (Unrestricted Upload of File with Dangerous Type vulnerability in WooCo ...) NOT-FOR-US: WordPress plugin CVE-2023-33209 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32743 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-37544 (Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy ...) NOT-FOR-US: Apache Pulsar CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on ...) NOT-FOR-US: mlflow CVE-2023-6976 (This vulnerability is capable of writing arbitrary files into arbitrar ...) NOT-FOR-US: mlflow CVE-2023-6975 (A malicious user could use this issue to get command execution on the ...) NOT-FOR-US: mlflow CVE-2023-6974 (A malicious user could use this issue to access internal HTTP(s) serve ...) NOT-FOR-US: mlflow CVE-2023-6930 (EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthentica ...) NOT-FOR-US: EuroTel ETL3100 CVE-2023-6929 (EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure ...) NOT-FOR-US: EuroTel ETL3100 CVE-2023-6928 (EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number o ...) NOT-FOR-US: EuroTel ETL3100 CVE-2023-6689 (A successful CSRF attack could force the user to perform state changin ...) NOT-FOR-US: EFACEC CVE-2023-50835 (Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Adv ...) NOT-FOR-US: WordPress plugin CVE-2023-50707 (Through the exploitation of active user sessions, an attacker could se ...) NOT-FOR-US: EFACEC CVE-2023-50706 (A user without administrator permissions with access to the UC500 wind ...) NOT-FOR-US: UC500 windows system CVE-2023-50705 (An attacker could create malicious requests to obtain sensitive inform ...) NOT-FOR-US: UC500 windows system CVE-2023-50704 (An attacker could construct a URL within the application that causes a ...) NOT-FOR-US: UC500 windows system CVE-2023-50703 (An attacker with network access could perform a man-in-the-middle (Mit ...) NOT-FOR-US: UC500 windows system CVE-2023-50466 (An authenticated command injection vulnerability in Weintek cMT2078X e ...) NOT-FOR-US: Weintek cMT2078X easyweb Web CVE-2023-49812 (Authorization Bypass Through User-Controlled Key vulnerability in J.N. ...) NOT-FOR-US: WordPress plugin CVE-2023-49764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-49164 (Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra ...) NOT-FOR-US: WordPress plugin CVE-2023-49147 (An issue was discovered in PDF24 Creator 11.14.0. The configuration of ...) NOT-FOR-US: PDF24 Creator CVE-2023-49004 (An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker t ...) NOT-FOR-US: D-Link CVE-2023-48764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-48741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-48738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-48327 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47707 (IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2023-47706 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...) NOT-FOR-US: IBM CVE-2023-47705 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...) NOT-FOR-US: IBM CVE-2023-47704 (IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text ha ...) NOT-FOR-US: IBM CVE-2023-47703 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...) NOT-FOR-US: IBM CVE-2023-47702 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...) NOT-FOR-US: IBM CVE-2023-47267 (An issue discovered in TheGreenBow Windows Enterprise Certified VPN Cl ...) NOT-FOR-US: TheGreenBow CVE-2023-47161 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) NOT-FOR-US: IBM CVE-2023-47146 (IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive ...) NOT-FOR-US: IBM CVE-2023-46624 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) NOT-FOR-US: WordPress plugin CVE-2023-45887 (DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 ...) NOT-FOR-US: DS Wireless Communication (DWC) CVE-2023-45172 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-42940 (A session rendering issue was addressed with improved session tracking ...) NOT-FOR-US: Apple CVE-2023-42013 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) NOT-FOR-US: IBM CVE-2023-42012 (An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3 ...) NOT-FOR-US: IBM CVE-2023-38126 (Softing edgeAggregator Restore Configuration Directory Traversal Remot ...) NOT-FOR-US: Softing edgeAggregator CVE-2023-37982 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) NOT-FOR-US: WordPress plugin CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...) NOT-FOR-US: SourceCodester Online Student Management System CVE-2023-6944 (A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-impo ...) NOT-FOR-US: Red Hat Developer Hub (RHDH) CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 6.6.8-1 [bookworm] - linux 6.1.66-1 NOTE: https://git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4) CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Perform ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1 DLA-3710-1} - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/382c27f4ed28f803b1f1473ac2d8db0afc795a1b (6.7-rc5) CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...) NOT-FOR-US: Imou Life application CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...) NOT-FOR-US: Transformers CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 th ...) NOT-FOR-US: Hitachi CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in 52Nort ...) NOT-FOR-US: 52North WPS CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50272 (A potential security vulnerability has been identified in HPE Integrat ...) NOT-FOR-US: HPE CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...) NOT-FOR-US: LinOTP CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer ver ...) NOT-FOR-US: kalcaddle KodExplorer CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...) - phpsysinfo 3.4.3-1 [bookworm] - phpsysinfo (Minor issue) [bullseye] - phpsysinfo (Minor issue) NOTE: https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/ NOTE: https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45 (v3.4.3) CVE-2023-46804 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46803 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46266 (An attacker can send a specially crafted request which could lead to l ...) NOT-FOR-US: Avalanche CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the Smart Device ...) NOT-FOR-US: Avalanche CVE-2023-46264 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Avalanche CVE-2023-46263 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Avalanche CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted web requ ...) NOT-FOR-US: Ivanti CVE-2023-46261 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46260 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46259 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46258 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46257 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46225 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46224 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46223 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46222 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46221 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46220 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46217 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-46216 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) NOT-FOR-US: WordPress plugin CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-43870 (When installing the Net2 software a root certificate is installed into ...) NOT-FOR-US: Paxton CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure that value ...) - guacamole-client NOTE: https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 CVE-2023-41727 (An attacker sending specially crafted data packets to the Mobile Devic ...) NOT-FOR-US: Avalanche CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) NOT-FOR-US: WordPress plugin CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) NOT-FOR-US: WordPress plugin CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat Themesfl ...) NOT-FOR-US: WordPress plugin CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora Recen ...) NOT-FOR-US: WordPress plugin CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...) NOT-FOR-US: pedroetb tts-api CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...) {DSA-5582-1 DLA-3698-1} - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762 CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...) {DSA-5582-1 DLA-3698-1} - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761 CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862 CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...) {DSA-5582-1 DLA-3698-1} - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873 CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864 CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...) {DSA-5581-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863 CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...) - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872 CVE-2023-6871 (Under certain conditions, Firefox did not display a warning when a use ...) - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871 CVE-2023-6870 (Applications which spawn a Toast notification in a background thread m ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870 CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint content o ...) - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869 CVE-2023-6868 (In some instances, the user-agent would allow push requests which lack ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868 CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861 CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...) {DSA-5581-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867 CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860 CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling. This ...) - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866 CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859 CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858 CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857 CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...) {DSA-5581-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865 CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...) {DSA-5582-1 DSA-5581-1 DLA-3698-1 DLA-3697-1} - firefox 121.0-1 - firefox-esr 115.6.0esr-1 - thunderbird 1:115.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856 CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel attack kno ...) - nss 2:3.95-1 (bug #1059054) - firefox 121.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1853908 (not public) NOTE: Fixed via: https://bugzilla.mozilla.org/show_bug.cgi?id=1861728 NOTE: https://hg.mozilla.org/projects/nss/rev/e68b42b773657000078d104aaccbe26e71a1e0be NOTE: Fixed via: https://bugzilla.mozilla.org/show_bug.cgi?id=1863605 NOTE: https://hg.mozilla.org/projects/nss/rev/39f0db972e9d4803f386585bc4d8858ad6f019b8 CVE-2023-49734 (An authenticated Gamma user has the ability to create a dashboard and ...) NOT-FOR-US: Apache Superset CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which combined ...) NOT-FOR-US: Apache Superset CVE-2024-23952 (This is a duplicate for CVE-2023-46104. With correct CVE version range ...) NOT-FOR-US: Apache Superset CVE-2023-46104 (Uncontrolled resource consumption can be triggered by authenticated at ...) NOT-FOR-US: Apache Superset CVE-2023-XXXX [RUSTSEC-2023-0074] - rust-zerocopy 0.7.32-1 [bookworm] - rust-zerocopy (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0074.html NOTE: https://github.com/google/zerocopy/issues/716 CVE-2023-6940 (with only one user interaction(download a malicious config), attackers ...) NOT-FOR-US: mlflow CVE-2023-6488 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6355 (Incorrect selection of fuse values in the Controller 7000 platform all ...) NOT-FOR-US: Gallagher CVE-2023-6315 (Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all p ...) NOT-FOR-US: FPWin Pro CVE-2023-6314 (Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previ ...) NOT-FOR-US: FPWin Pro CVE-2023-5432 (The Jquery news ticker plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-5413 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-49821 (Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \ ...) NOT-FOR-US: WordPress plugin CVE-2023-49819 (Deserialization of Untrusted Data vulnerability in Gordon B\xf6hme, An ...) NOT-FOR-US: WordPress plugin CVE-2023-49763 (Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSp ...) NOT-FOR-US: WordPress plugin CVE-2023-49761 (Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Prod ...) NOT-FOR-US: WordPress plugin CVE-2023-49760 (Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas ...) NOT-FOR-US: WordPress plugin CVE-2023-49759 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDi ...) NOT-FOR-US: WordPress plugin CVE-2023-49163 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) NOT-FOR-US: WordPress plugin CVE-2023-49155 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...) NOT-FOR-US: WordPress plugin CVE-2023-49153 (Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to ...) NOT-FOR-US: WordPress plugin CVE-2023-49148 (Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affili ...) NOT-FOR-US: WordPress plugin CVE-2023-48781 (Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkR ...) NOT-FOR-US: WordPress plugin CVE-2023-48778 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product ...) NOT-FOR-US: WordPress plugin CVE-2023-48773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2023-48772 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Preve ...) NOT-FOR-US: WordPress plugin CVE-2023-48769 (Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bub ...) NOT-FOR-US: WordPress plugin CVE-2023-48768 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team ...) NOT-FOR-US: WordPress plugin CVE-2023-48751 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-47754 (Missing Authorization vulnerability in Clever plugins Delete Duplicate ...) NOT-FOR-US: WordPress plugin CVE-2023-47558 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-47506 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-46686 (A reliance on untrusted inputs in a security decision could be exploit ...) NOT-FOR-US: Gallagher CVE-2023-46212 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-46154 (Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-44982 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-42015 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) NOT-FOR-US: IBM CVE-2023-41967 (Sensitive information uncleared after debug/power state transition in ...) NOT-FOR-US: Gallagher CVE-2023-40691 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) NOT-FOR-US: IBM CVE-2023-34168 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been classified a ...) NOT-FOR-US: Ethex Contracts CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified a ...) NOT-FOR-US: Corveda PHPSandbox CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker to stea ...) NOT-FOR-US: Keycloak CVE-2023-6920 REJECTED CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due to impro ...) NOT-FOR-US: WSO2 CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DSA-5594-1 DSA-5593-1 DLA-3711-1} - linux 6.6.8-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5) NOTE: https://www.openwall.com/lists/oss-security/2023/12/22/6 CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/cle ...) NOT-FOR-US: ClearML Open Source Server CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code inje ...) NOT-FOR-US: Cambium ePMP Force CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-6289 (The Swift Performance Lite WordPress plugin before 2.3.6.15 does not p ...) NOT-FOR-US: WordPress plugin CVE-2023-6272 (The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit ...) NOT-FOR-US: WordPress plugin CVE-2023-6222 (IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6203 (The Events Calendar WordPress plugin before 6.2.8.1 discloses the cont ...) NOT-FOR-US: WordPress plugin CVE-2023-6077 (The Slider WordPress plugin before 3.5.12 does not ensure that posts t ...) NOT-FOR-US: WordPress plugin CVE-2023-6065 (The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn' ...) NOT-FOR-US: WordPress plugin CVE-2023-5949 (The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthor ...) NOT-FOR-US: WordPress plugin CVE-2023-5886 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-5882 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 ...) NOT-FOR-US: WordPress plugin CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...) {DSA-5586-1 DLA-3694-1} - openssh 1:9.6p1-1 NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2 NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1) NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...) - openssh 1:9.6p1-1 [bookworm] - openssh 1:9.2p1-2+deb12u2 [bullseye] - openssh (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9) [buster] - openssh (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9) NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2 NOTE: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (V_9_6_P1) CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) NOT-FOR-US: WordPress plugin CVE-2023-4724 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-4311 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-49855 (Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Men ...) NOT-FOR-US: WordPress plugin CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive C ...) NOT-FOR-US: WordPress plugin CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR \xd6deme ve E ...) NOT-FOR-US: WordPress plugin CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerf ...) NOT-FOR-US: WordPress plugin CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First O ...) NOT-FOR-US: WordPress plugin CVE-2023-49840 (Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Curr ...) NOT-FOR-US: WordPress plugin CVE-2023-48766 (Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-48762 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetEleme ...) NOT-FOR-US: WordPress plugin CVE-2023-48755 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) NOT-FOR-US: WordPress plugin CVE-2023-47806 (Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disab ...) NOT-FOR-US: WordPress plugin CVE-2023-47789 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada ...) NOT-FOR-US: WordPress plugin CVE-2023-47787 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) NOT-FOR-US: WordPress plugin CVE-2023-47741 (IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser cl ...) NOT-FOR-US: IBM CVE-2023-46617 (Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-46177 (IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2023-39509 (A command injection vulnerability exists in Bosch IP cameras that allo ...) NOT-FOR-US: Bosch IP cameras CVE-2023-35867 (An improper handling of a malformed API answer packets to API clients ...) NOT-FOR-US: Bosch CVE-2023-33214 (Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox \u201 ...) NOT-FOR-US: WordPress plugin CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize its param ...) - zabbix 1:6.0.24+dfsg-1 [bullseye] - zabbix (Vulnerable code introduced later) [buster] - zabbix (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23858 NOTE: https://github.com/zabbix/zabbix/commit/51ee1af626f93c1656ee2e37aa3d611b0292c1d8 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/f4557473616f455eefe8f303721b4cec473ece4c (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/8c651bb7e026b9eaafea17719293d2073ae31c93 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/225c46f7c93884514cb0af0066c7e3f501d30967 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/09fa80bb16b094e4c17c036868c817f411efe4a0 (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/7c00b48ab998066962e5275efa50007cb72ea1ac (6.0.24rc1) NOTE: https://github.com/zabbix/zabbix/commit/245fbae6039ebfbd720ab33c0349c82bae242fc9 (6.0.24rc1) NOTE: Vulnerable feature introduced with versions 5.0.9rc1, 5.3.5rc1 and 5.4.0alpha2: NOTE: https://support.zabbix.com/browse/ZBXNEXT-6339 CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items can use fu ...) - zabbix 1:6.0.23+dfsg-1 [buster] - zabbix (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23857 NOTE: https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 (6.0.23rc1) NOTE: https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5 (6.0.23rc1) NOTE: introduced in https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/57abe5a1f2c208d05cc59029026098c2f13ed464 (4.4.0alpha3) CVE-2023-32726 (The vulnerability is caused by improper check for check if RDLENGTH do ...) {DLA-3717-1} - zabbix 1:6.0.24+dfsg-1 NOTE: https://support.zabbix.com/browse/ZBX-23855 NOTE: https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 (6.0.24rc1) CVE-2023-32725 (The website configured in the URL widget will receive a session cookie ...) - zabbix 1:6.0.23+dfsg-1 [bullseye] - zabbix (Vulnerable code not present) [buster] - zabbix (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23854 NOTE: https://github.com/zabbix/zabbix/commit/89e0cd6ea93a097671d6bcfbfa674047a3096b26 (6.0.22rc1) NOTE: report_manager introduced with: https://github.com/zabbix/zabbix/commit/a06a08111546081e8256267bc0062cbd74dc3309 (6.0.0alpha1) CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...) NOT-FOR-US: Bosch CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...) {DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1} - dropbear 2022.83-4 (bug #1059001) [bookworm] - dropbear 2022.83-1+deb12u1 [bullseye] - dropbear 2020.81-3+deb11u1 [buster] - dropbear (ChaCha20-Poly1305 support introduced in 2020.79; *-EtM not supported as of 2022.83) - erlang 1:25.3.2.8+dfsg-1 (bug #1059002) [bookworm] - erlang (Minor issue) [bullseye] - erlang (Minor issue) [buster] - erlang (Minor issue) - filezilla 3.66.4-1 [bookworm] - filezilla 3.63.0-1+deb12u3 [bullseye] - filezilla 3.52.2-3+deb11u1 [buster] - filezilla (OpenSSH extension in question not implemented) - golang-go.crypto 1:0.17.0-1 (bug #1059003) [bookworm] - golang-go.crypto (Minor issue) [bullseye] - golang-go.crypto (Minor issue) [buster] - golang-go.crypto (Limited support, minor issue, follow bullseye DSAs/point-releases) - jsch (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58) - libssh 0.10.6-1 (bug #1059004) - libssh2 1.11.0-4 (bug #1059005) [bookworm] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) [bullseye] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) [buster] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) - openssh 1:9.6p1-1 - paramiko 3.4.0-1 (bug #1059006) [bookworm] - paramiko (Minor issue) [bullseye] - paramiko (Minor issue) [buster] - paramiko (ChaCha20-Poly1305 and CBC-EtM support not present) - phpseclib 1.0.22-1 - php-phpseclib 2.0.46-1 - php-phpseclib3 3.0.35-1 - proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144) [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u3 [bullseye] - proftpd-dfsg (Minor issue) [buster] - proftpd-dfsg (Minor issue) - proftpd-mod-proxy 0.9.3-1 (bug #1059290) [bookworm] - proftpd-mod-proxy 0.9.2-1+deb12u1 [bullseye] - proftpd-mod-proxy (Minor issue) - putty 0.80-1 - python-asyncssh (bug #1059007) - tinyssh 20230101-4 (bug #1059058; unimportant) - trilead-ssh2 (bug #1059294) [bookworm] - trilead-ssh2 (Minor issue) [bullseye] - trilead-ssh2 (Minor issue) [buster] - trilead-ssh2 (Minor issue) NOTE: https://terrapin-attack.com/ NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3 NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 NOTE: Erlang/OTP: https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa (OTP-24.3.4.15, OTP-25.3.2.8, OTP-26.2.1) NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11047 NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11048 NOTE: filezilla: https://svn.filezilla-project.org/filezilla?view=revision&revision=11049 NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784 NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0) NOTE: jsch: https://github.com/mwiede/jsch/issues/457 NOTE: jsch: https://github.com/norrisjeremy/jsch/commit/6214da974286a8b94a95f4cf6cec96e972ffd370 (jsch-0.2.15) NOTE: libssh: https://www.libssh.org/security/advisories/CVE-2023-48795.txt NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c (libssh-0.10.6) NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd (libssh-0.10.6) NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6 (libssh-0.10.6) NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d (libssh-0.10.6) NOTE: libssh2: https://github.com/libssh2/libssh2/issues/1290 NOTE: libssh2: https://github.com/libssh2/libssh2/pull/1291 NOTE: libssh2: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2 NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1) NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337 NOTE: phpseclib: https://github.com/phpseclib/phpseclib/issues/1972 NOTE: phpseclib: https://github.com/phpseclib/phpseclib/commit/c8e3ab9317abae80d7f58fd9acd9214b57572b32 (1.0.22, 2.0.46, 3.0.35) NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760 NOTE: proftpd: https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682 (v1.3.9rc2) NOTE: proftpd: https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b (v1.3.8b) NOTE: proftpd-mod-proxy: https://github.com/Castaglia/proftpd-mod_proxy/issues/257 NOTE: proftpd-mod-proxy: https://github.com/Castaglia/proftpd-mod_proxy/commit/54612735629231de2242d6395d334539604872fb (v0.9.3) NOTE: PuTTY: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62 (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=244be5412728a7334a2d457fbac4e0a2597165e5 (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=58fc33a155ad496bdcf380fa6193302240a15ae9 (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367 (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb (0.80) NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46 (0.80) NOTE: asyncssh: https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 NOTE: asyncssh: https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b (v2.14.2) NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81 NOTE: tinyssh: https://github.com/janmojzis/tinyssh/commit/ebaa1bd23c2c548af70cc8151e85c74f4c8594bb NOTE: tinyssh: 20230101-4 implements kex-strict-s-v00@openssh.com for the strict kex support. But NOTE: tinyssh: since there is no support for EXT_INFO in tinyssh, even with the present NOTE: tinyssh: chacha20-poly1305@openssh.com encryption algorith, there is no downgrade of the NOTE: tinyssh: connection security. CVE-2023-41314 (The api /api/snapshot and /api/get_log_file would allow unauthenticate ...) NOT-FOR-US: Apache Doris CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow CVE-2023-6908 (A vulnerability, which was classified as problematic, was found in DFI ...) NOT-FOR-US: DFIRKuiper Kuiper CVE-2023-6907 (A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2 ...) NOT-FOR-US: codelyfe Stupid Simple CMS CVE-2023-6906 (A vulnerability, which was classified as critical, was found in Totoli ...) NOT-FOR-US: Totolink CVE-2023-6905 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Jahastech NxFilter CVE-2023-6904 (A vulnerability classified as problematic was found in Jahastech NxFil ...) NOT-FOR-US: Jahastech NxFilter CVE-2023-6903 (A vulnerability classified as critical has been found in Netentsec NS- ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as ...) NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service) CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows atta ...) - libcrypto++ (bug #1059312) [bookworm] - libcrypto++ (Minor issue) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1249 CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to ...) - libcrypto++ (bug #1059311) [bookworm] - libcrypto++ (Minor issue) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1248 CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...) - libcrypto++ (bug #1059310) [bookworm] - libcrypto++ (Minor issue) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/1247 CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...) NOT-FOR-US: Redpanda CVE-2023-6902 (A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2 ...) NOT-FOR-US: Stupid Simple CMS CVE-2023-6901 (A vulnerability, which was classified as critical, was found in codely ...) NOT-FOR-US: Stupid Simple CMS CVE-2023-6900 (A vulnerability, which was classified as critical, has been found in r ...) NOT-FOR-US: rmountjoy92 DashMachine CVE-2023-6899 (A vulnerability classified as problematic was found in rmountjoy92 Das ...) NOT-FOR-US: rmountjoy92 DashMachine CVE-2023-6898 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-6896 (A vulnerability was found in SourceCodester Simple Image Stack Website ...) NOT-FOR-US: SourceCodester Simple Image Stack Website CVE-2023-50271 (A potential security vulnerability has been identified with HP-UX Syst ...) NOT-FOR-US: HP-UX System Management Homepage (SMH) CVE-2023-49834 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX \u20 ...) NOT-FOR-US: WooCommerce plugin CVE-2023-49824 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Produ ...) NOT-FOR-US: WordPress plugin CVE-2023-49816 (Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solution ...) NOT-FOR-US: WordPress plugin CVE-2023-49775 (Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV I ...) NOT-FOR-US: WordPress plugin CVE-2023-49769 (Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate G ...) NOT-FOR-US: WordPress plugin CVE-2023-49751 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Blo ...) NOT-FOR-US: WordPress plugin CVE-2023-6895 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) NOT-FOR-US: Hikvision Intercom Broadcasting System CVE-2023-6894 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) NOT-FOR-US: Hikvision Intercom Broadcasting System CVE-2023-6893 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) NOT-FOR-US: Hikvision Intercom Broadcasting System CVE-2023-6891 (A vulnerability has been found in PeaZip 9.4.0 and classified as probl ...) NOT-FOR-US: PeaZip CVE-2023-6888 (A vulnerability classified as critical was found in PHZ76 RtspServer 1 ...) NOT-FOR-US: PHZ76 RtspServer CVE-2023-6887 (A vulnerability classified as critical has been found in saysky Forest ...) NOT-FOR-US: ForestBlog CVE-2023-6886 (A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as ...) NOT-FOR-US: xnx3 wangmarket CVE-2023-6885 (A vulnerability was found in Tongda OA 2017 up to 11.10. It has been d ...) NOT-FOR-US: Tongda OA CVE-2023-50965 (In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStati ...) NOT-FOR-US: MicroHttpServer CVE-2023-50784 (A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 befo ...) - unrealircd (bug #515130) CVE-2023-6890 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-6889 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-6853 (A vulnerability classified as critical was found in kalcaddle KodExplo ...) NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6852 (A vulnerability classified as critical has been found in kalcaddle Kod ...) NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6851 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6850 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) NOT-FOR-US: kalcaddle KodExplorer CVE-2023-6559 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file de ...) NOT-FOR-US: WordPress plugin CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) NOT-FOR-US: kalcaddle kodbox CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) NOT-FOR-US: kalcaddle kodbox CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for Node.js. Start ...) NOT-FOR-US: octokit/webhooks (GitHub webhook events toolset for Node.js) CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discov ...) NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the proxy me ...) NOT-FOR-US: Bazarr CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swagg ...) NOT-FOR-US: Bazarr CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contain ...) NOT-FOR-US: Bazarr CVE-2023-4020 (An unvalidated input in a library function responsible for communicati ...) NOT-FOR-US: Silicon Labs CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) NOT-FOR-US: Ivanti CVE-2023-31813 REJECTED CVE-2023-6839 (Due to improper error handling, a REST API resource could expose a ser ...) NOT-FOR-US: WSO2 CVE-2023-6838 (Reflected XSS vulnerability can be exploited by tampering a request pa ...) NOT-FOR-US: WSO2 CVE-2023-6837 (Multiple WSO2 products have been identified as vulnerable to perform u ...) NOT-FOR-US: WSO2 CVE-2023-6836 (Multiple WSO2 products have been identified as vulnerable due to an XM ...) NOT-FOR-US: WSO2 CVE-2023-6835 (Multiple WSO2 products have been identified as vulnerable due to lack ...) NOT-FOR-US: WSO2 CVE-2023-6553 (The Backup Migration plugin for WordPress is vulnerable to Remote Code ...) NOT-FOR-US: WordPress plugin CVE-2023-5310 (A denial of service vulnerability exists in all Silicon Labs Z-Wave co ...) NOT-FOR-US: Silicon Labs Z-Wavecontroller and endpoint devices running Z-Wave SDK CVE-2023-50918 (app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandl ...) NOT-FOR-US: MISP CVE-2023-50917 (MajorDoMo (aka Major Domestic Module) before 0662e5e allows command ex ...) NOT-FOR-US: MajorDoMo (aka Major Domestic Module) CVE-2023-50871 (In JetBrains YouTrack before 2023.3.22268 authorization check for inli ...) NOT-FOR-US: JetBrains YouTrack CVE-2023-50870 (In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible) NOT-FOR-US: JetBrains TeamCity CVE-2023-50723 (XWiki Platform is a generic wiki platform. Starting in 2.3 and prior t ...) NOT-FOR-US: XWiki CVE-2023-50722 (XWiki Platform is a generic wiki platform. Starting in 2.3 and prior t ...) NOT-FOR-US: XWiki CVE-2023-50721 (XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and pr ...) NOT-FOR-US: XWiki CVE-2023-50720 (XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, ...) NOT-FOR-US: XWiki CVE-2023-50719 (XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 ...) NOT-FOR-US: XWiki CVE-2023-50089 (A Command Injection vulnerability exists in NETGEAR WNR2000v4 version ...) NOT-FOR-US: NETGEAR CVE-2023-49829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Themeum Tutor LMS CVE-2023-49823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49749 (Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTr ...) NOT-FOR-US: WordPress plugin CVE-2023-49747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49744 (Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gif ...) NOT-FOR-US: WordPress plugin CVE-2023-49197 (Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasio ...) NOT-FOR-US: WordPress plugin CVE-2023-49191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49190 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49187 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49176 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49175 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49174 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49165 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49159 (Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital So ...) NOT-FOR-US: WordPress plugin CVE-2023-48765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48624 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48623 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48622 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48621 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48620 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48619 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48618 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48617 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48616 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48615 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48614 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48613 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48612 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48611 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48610 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48609 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48608 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48607 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48606 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48605 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48604 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48603 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48602 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48601 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48600 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48599 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48598 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48597 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48596 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48595 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48594 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48593 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48592 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48591 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48590 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48589 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48588 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48587 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48586 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48585 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48584 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48583 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48582 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48581 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48580 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48579 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48578 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48577 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48576 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48575 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48574 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48573 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48572 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48571 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48570 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48569 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48568 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48567 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48566 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48565 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48564 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48563 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48562 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48561 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48560 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48559 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48558 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48557 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48556 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48555 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48554 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48553 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48552 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48551 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48550 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48549 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48548 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48547 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48546 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48545 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48544 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48543 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48542 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48541 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48540 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48539 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48538 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48537 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48536 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48535 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48534 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48533 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48532 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48531 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48530 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48529 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48528 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48527 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48526 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48525 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48524 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48523 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48522 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48521 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48520 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48519 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48518 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48517 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48516 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48515 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48514 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48513 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48512 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48511 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48510 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48509 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48508 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48507 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48506 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48505 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48504 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48503 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48502 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48501 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48500 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48499 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48498 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48497 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48496 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48495 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48494 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48493 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48492 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48491 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48490 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48489 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48488 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48487 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48486 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48485 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48484 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48483 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48482 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48481 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48480 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48479 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48478 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48477 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48476 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48475 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48474 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48473 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48472 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48471 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48470 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48469 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48468 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48467 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48466 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48465 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48464 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48463 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48462 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48461 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48460 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48459 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48458 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48457 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48456 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48455 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48454 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48453 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48452 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48451 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48450 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48449 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48448 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48447 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48446 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48445 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48444 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48443 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48442 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48441 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48440 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-48395 (Kaifa Technology WebITR is an online attendance system, it has insuffi ...) NOT-FOR-US: Kaifa Technology WebITR CVE-2023-48394 (Kaifa Technology WebITR is an online attendance system, its file uploa ...) NOT-FOR-US: Kaifa Technology WebITR CVE-2023-48393 (Kaifa Technology WebITR is an online attendance system. A remote attac ...) NOT-FOR-US: Kaifa Technology WebITR CVE-2023-48392 (Kaifa Technology WebITR is an online attendance system, it has a vulne ...) NOT-FOR-US: Kaifa Technology WebITR CVE-2023-48390 (Multisuns EasyLog web+ has a code injection vulnerability. An unauthen ...) NOT-FOR-US: Multisuns EasyLog web+ CVE-2023-48389 (Multisuns EasyLog web+ has a path traversal vulnerability within its p ...) NOT-FOR-US: Multisuns EasyLog web+ CVE-2023-48388 (Multisuns EasyLog web+ has a vulnerability of using hard-coded credent ...) NOT-FOR-US: Multisuns EasyLog web+ CVE-2023-48387 (TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website an ...) NOT-FOR-US: TAIWAN-CA(TWCA) JCICSecurityTool CVE-2023-48384 (ArmorX Global Technology Corporation ArmorX Spam has insufficient vali ...) NOT-FOR-US: ArmorX Global Technology Corporation ArmorX Spam CVE-2023-48382 (Softnext Mail SQR Expert is an email management platform, it has a Loc ...) NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48381 (Softnext Mail SQR Expert is an email management platform, it has a Loc ...) NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48380 (Softnext Mail SQR Expert is an email management platform, it has insuf ...) NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-47065 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-47064 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-46116 (Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows u ...) NOT-FOR-US: Tutanota (Tuta Mail) CVE-2023-33222 (When handling contactless cards, usage of a specific function to get a ...) NOT-FOR-US: Idemia producs CVE-2023-33221 (When reading DesFire keys, the function that reads the card isn't prop ...) NOT-FOR-US: Idemia producs CVE-2023-33220 (During the retrofit validation process, the firmware doesn't properly ...) NOT-FOR-US: Idemia producs CVE-2023-33219 (The handler of the retrofit validation command doesn't properly check ...) NOT-FOR-US: Idemia producs CVE-2023-33218 (The Parameter Zone Read and Parameter Zone Write command handlers allo ...) NOT-FOR-US: Idemia producs CVE-2023-33217 (By abusing a design flaw in the firmware upgrade mechanism of the impa ...) NOT-FOR-US: Idemia producs CVE-2023-46279 (Deserialization of Untrusted Data vulnerability in Apache Dubbo.This i ...) NOT-FOR-US: Apache Dubbo CVE-2023-49898 (In streampark, there is a project module that integrates Maven's compi ...) NOT-FOR-US: Apache StreamPark CVE-2023-6832 (Business Logic Errors in GitHub repository microweber/microweber prior ...) NOT-FOR-US: microweber CVE-2023-6831 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow CVE-2023-6827 (The Essential Real Estate plugin for WordPress is vulnerable to arbitr ...) NOT-FOR-US: WordPress plugin CVE-2023-6826 (The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads ...) NOT-FOR-US: WordPress plugin CVE-2023-50715 (Home Assistant is open source home automation software. Prior to versi ...) NOT-FOR-US: Home assistant CVE-2023-4489 (The first S0 encryption key is generated with an uninitialized PRNG in ...) NOT-FOR-US: Silicon Labs CVE-2023-48379 (Softnext Mail SQR Expert is an email management platform, it has inade ...) NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48378 (Softnext Mail SQR Expert has a path traversal vulnerability within its ...) NOT-FOR-US: Softnext Mail SQR Expert CVE-2023-48376 (SmartStar Software CWS is a web-based integration platform, its file u ...) NOT-FOR-US: SmartStar Software CWS CVE-2023-48375 (SmartStar Software CWS is a web-based integration platform, it has a v ...) NOT-FOR-US: SmartStar Software CWS CVE-2023-48374 (SmartStar Software CWS is a web-base integration platform, it has a vu ...) NOT-FOR-US: SmartStar Software CWS CVE-2023-48373 (ITPison OMICARD EDM has a path traversal vulnerability within its para ...) NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48372 (ITPison OMICARD EDM 's SMS-related function has insufficient validatio ...) NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48371 (ITPison OMICARD EDM\u2019s file uploading function does not restrict u ...) NOT-FOR-US: ITPison OMICARD EDM CVE-2023-48050 (SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biom ...) NOT-FOR-US: Cams Biometrics Zkteco CVE-2023-48049 (A SQL injection vulnerability in Cybrosys Techno Solutions Website Blo ...) NOT-FOR-US: Cybrosys Techno Solutions CVE-2023-42183 (lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post- ...) NOT-FOR-US: Classic LOCKSS Daemon CVE-2023-40954 (A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress ...) NOT-FOR-US: Grzegorz Marczynski Dynamic Progress Bar CVE-2023-36878 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6572 (Command Injection in GitHub repository gradio-app/gradio prior to main ...) NOT-FOR-US: gradio CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow) NOT-FOR-US: kubeflow CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow) NOT-FOR-US: kubeflow CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3) NOT-FOR-US: h2oai/h2o-3 CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...) NOT-FOR-US: Keycloak CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...) NOT-FOR-US: authelia-bhf as included in Beckhoffs TwinCAT/BSD CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6367 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6366 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6365 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) NOT-FOR-US: WhatsUp Gold CVE-2023-6364 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) NOT-FOR-US: WhatsUp Gold CVE-2023-5769 (A vulnerability exists in the webserver that affects the RTU500 serie ...) NOT-FOR-US: Hitachi CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) NOT-FOR-US: PHOENIX CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...) NOT-FOR-US: Speckle Server CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...) NOT-FOR-US: Hono CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...) NOT-FOR-US: EyouCMS CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...) NOT-FOR-US: RPCMS CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/modules_i ...) NOT-FOR-US: Pluck CMS CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: Semcms CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) - cjson 1.7.17-1 (unimportant; bug #1059287) [buster] - cjson (Vulnerable code introduced later) NOTE: https://github.com/DaveGamble/cJSON/issues/803 NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 NOTE: Seems bogus, this isn't a DoS but only a broken use of an API CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) {DLA-3700-1} - cjson 1.7.17-1 (bug #1059287) [bookworm] - cjson (Minor issue) [bullseye] - cjson (Minor issue) NOTE: https://github.com/DaveGamble/cJSON/issues/802 NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...) {DSA-5637-1 DLA-3709-1} - squid 6.6-1 (bug #1058721) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...) NOT-FOR-US: JFinalcms CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: JFinalcms CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label ...) NOT-FOR-US: JFinalcms CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carous ...) NOT-FOR-US: JFinalcms CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: EmpireCMS CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command execution in t ...) NOT-FOR-US: PopojiCMS CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...) NOT-FOR-US: HP CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49786 (Asterisk is an open source private branch exchange and telephony toolk ...) {DSA-5596-1 DLA-3696-1} - asterisk 1:20.5.1~dfsg+~cs6.13.40431414-1 (bug #1059033) NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq NOTE: https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05 NOTE: https://www.openwall.com/lists/oss-security/2023/12/15/7 CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) NOT-FOR-US: WordPress plugin CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.) NOT-FOR-US: Starshop component for Joomla CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.) NOT-FOR-US: Joomla module CVE-2023-49294 (Asterisk is an open source private branch exchange and telephony toolk ...) {DSA-5596-1 DLA-3696-1} - asterisk 1:20.5.1~dfsg+~cs6.13.40431414-1 (bug #1059032) NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f NOTE: https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before version 1. ...) NOT-FOR-US: PrestaShop module CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48676 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an information di ...) NOT-FOR-US: Dell CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) NOT-FOR-US: Dell CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) NOT-FOR-US: Dell CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) NOT-FOR-US: Dell CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) NOT-FOR-US: Dell CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) NOT-FOR-US: Dell CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) NOT-FOR-US: Dell CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file ...) NOT-FOR-US: Dell CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file ...) NOT-FOR-US: Dell CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to ...) NOT-FOR-US: Dokmee ECM CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...) - shiro (bug #1059288) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...) NOT-FOR-US: PrestaShop module CVE-2023-46144 (A download of code without integrity check vulnerability in PLCnext pr ...) NOT-FOR-US: PLCnext CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) NOT-FOR-US: PHOENIX CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerability ...) NOT-FOR-US: PLCnext CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: PHOENIX CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...) NOT-FOR-US: Parallels CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) NOT-FOR-US: IBM CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) NOT-FOR-US: IBM CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) NOT-FOR-US: Dell CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) NOT-FOR-US: Dell CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) NOT-FOR-US: Dell CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) NOT-FOR-US: Dell CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) NOT-FOR-US: Dell CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) NOT-FOR-US: Dell CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...) NOT-FOR-US: Moonlight-common-c CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...) NOT-FOR-US: Moonlight-common-c CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...) NOT-FOR-US: Moonlight-common-c CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...) NOT-FOR-US: OPC UA C++ SDK CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...) NOT-FOR-US: Joomla module CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky Analytics D ...) NOT-FOR-US: Joomla module CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc component ...) NOT-FOR-US: Joomla module CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform componen ...) NOT-FOR-US: Joomla module CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms Basic com ...) NOT-FOR-US: Joomla module CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.) NOT-FOR-US: Joomla module CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.) NOT-FOR-US: Joomla module CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer componen ...) NOT-FOR-US: Joomla module CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord compone ...) NOT-FOR-US: Joomla module CVE-2023-37457 (Asterisk is an open source private branch exchange and telephony toolk ...) {DSA-5596-1 DLA-3696-1} - asterisk (bug #1059303) NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh NOTE: https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa CVE-2023-3904 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-3511 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-3907 (A privilege escalation vulnerability in GitLab EE affecting all versio ...) - gitlab (Specific to EE) CVE-2023-5061 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-5512 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.4.4+ds2-2 CVE-2023-6051 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 16.4.4+ds2-2 CVE-2023-6680 (An improper certificate validation issue in Smartcard authentication i ...) - gitlab (Specific to EE) CVE-2023-6564 (An issue has been discovered in GitLab EE Premium and Ultimate affecti ...) - gitlab (Specific to EE) CVE-2023-49347 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 (unimportant) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1) NOTE: Neutralised by kernel hardening CVE-2023-49346 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 [bookworm] - budgie-extras (Minor issue) [bullseye] - budgie-extras (Minor issue) [buster] - budgie-extras (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/0092025ef25b48c287a75946c0ee797d3c142760 (v1.7.1) CVE-2023-49345 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 [bookworm] - budgie-extras (Minor issue) [bullseye] - budgie-extras (Minor issue) [buster] - budgie-extras (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1) CVE-2023-49344 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 [bookworm] - budgie-extras (Minor issue) [bullseye] - budgie-extras (Minor issue) [buster] - budgie-extras (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/11b02011ad2f6d46485b292713af09f7314843a5 (v1.7.1) CVE-2023-49343 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 [bookworm] - budgie-extras (Minor issue) [bullseye] - budgie-extras (Minor issue) [buster] - budgie-extras (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/e75c94af249191bdbd33eebf7a62d4234a0d8be5 (v1.7.1) CVE-2023-49342 (Temporary data passed between application components by Budgie Extras ...) - budgie-extras 1.7.1-1 [bookworm] - budgie-extras (Minor issue) [bullseye] - budgie-extras (Minor issue) [buster] - budgie-extras (Minor issue) NOTE: https://bugs.launchpad.net/bugs/2044373 NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/d03083732569126d2f21c8810d5a69554ccc5900 (v1.7.1) CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) NOT-FOR-US: CodeAstro POS and Inventory Management System CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...) NOT-FOR-US: Schneider Electric CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...) NOT-FOR-US: Schneider Electric CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...) NOT-FOR-US: Cube CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...) NOT-FOR-US: PRIMX CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...) NOT-FOR-US: PRIMX CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...) NOT-FOR-US: PRIMX CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) NOT-FOR-US: PRIMX CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) NOT-FOR-US: PRIMX CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...) - jq 1.7.1-1 (bug #1058763) [bookworm] - jq (Introduced in 1.7) [bullseye] - jq (Introduced in 1.7) [buster] - jq (Introduced in 1.7) NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j NOTE: https://github.com/jqlang/jq/pull/2804 NOTE: Fixed by: https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b (jq-1.7.1) CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...) - php-dompdf 2.0.4+dfsg-1 (bug #1058793) [buster] - php-dompdf (SVG images are rejected by default) NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2 NOTE: https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593 (v2.0.4) TODO: check sources embedding php-dompdf if affected CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...) NOT-FOR-US: CKAN CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...) - jq 1.7.1-1 (bug #1058763) [bookworm] - jq (Introduced in 1.7) [bullseye] - jq (Introduced in 1.7) [buster] - jq (Introduced in 1.7) NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc NOTE: Fixed by: https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 (jq-1.7.1) CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) NOT-FOR-US: IBM CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) NOT-FOR-US: IBM CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...) NOT-FOR-US: Zoom CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...) - jellyfin (bug #994189) CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...) NOT-FOR-US: Nagios XI CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...) NOT-FOR-US: Nagios XI CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) NOT-FOR-US: Audiobookshelf CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...) NOT-FOR-US: Scrypted CVE-2023-47620 (Scrypted is a home video integration and automation platform. In versi ...) NOT-FOR-US: Scrypted CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) NOT-FOR-US: Audiobookshelf CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) NOT-FOR-US: IBM CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to ...) NOT-FOR-US: IBM CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...) NOT-FOR-US: PlutoSVG CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...) NOT-FOR-US: Zoom CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...) NOT-FOR-US: Zoom CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for ...) NOT-FOR-US: Zoom CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...) NOT-FOR-US: IBM CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) NOT-FOR-US: Ivanti CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) NOT-FOR-US: Ivanti CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...) NOT-FOR-US: Emlog Pro CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...) NOT-FOR-US: Emlog Pro CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...) NOT-FOR-US: Common Services soliberte CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...) NOT-FOR-US: DedeBIZ CVE-2023-50782 (A flaw was found in the python-cryptography package. This issue may al ...) - python-cryptography (bug #1059308) [bookworm] - python-cryptography (Minor issue, fix relies on OpenSSL 3.2 interfaces) [bullseye] - python-cryptography (Minor issue, fix relies on OpenSSL 3.2 interfaces) [buster] - python-cryptography (Minor issue; it's an incomplete fix of CVE-2020-25659) NOTE: https://github.com/pyca/cryptography/issues/9785 NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/openssl/openssl/pull/13817 NOTE: CVE is for incomplete fix of CVE-2020-25659 NOTE: The fix relies on OpenSSL 3.2, we can mark this as fixed when openssl 3.2 lands NOTE: in unstable CVE-2023-50781 (A flaw was found in m2crypto. This issue may allow a remote attacker t ...) - m2crypto (bug #1059292) [bookworm] - m2crypto (Minor issue) [bullseye] - m2crypto (Minor issue) [buster] - m2crypto (Minor issue; it's an incomplete fix of CVE-2020-25657) NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342 NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/openssl/openssl/pull/13817 NOTE: CVE is for incomplete fix of CVE-2020-25657 CVE-2023-49934 (An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injecti ...) - slurm-wlm (Vulnerable code introduced in 23.11 series) - slurm-llnl (Vulnerable code introduced in 23.11 series) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) {DSA-5609-1} - slurm-wlm 23.11.3-1 (bug #1058720) - slurm-llnl [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) {DSA-5609-1} - slurm-wlm 23.11.3-1 (bug #1058720) - slurm-llnl [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) {DSA-5609-1} - slurm-wlm 23.11.3-1 (bug #1058720) - slurm-llnl [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is ...) {DSA-5609-1} - slurm-wlm 23.11.3-1 (bug #1058720) - slurm-llnl [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is ...) - slurm-wlm 23.11.3-1 (bug #1058720) [bookworm] - slurm-wlm (Vulnerable code introduced later) [bullseye] - slurm-wlm (Vulnerable code introduced later) - slurm-llnl (Vulnerable code introduced later) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks PAN-OS sof ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS so ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6793 (An improper privilege management vulnerability in Palo Alto Networks P ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6792 (An OS command injection vulnerability in the XML API of Palo Alto Netw ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6791 (A credential disclosure vulnerability in Palo Alto Networks PAN-OS sof ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6790 (A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Netw ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6789 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) NOT-FOR-US: Palo Alto Networks CVE-2023-6774 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) NOT-FOR-US: CodeAstro POS and Inventory Management System CVE-2023-6773 (A vulnerability has been found in CodeAstro POS and Inventory Manageme ...) NOT-FOR-US: CodeAstro POS and Inventory Management System CVE-2023-6772 (A vulnerability, which was classified as critical, was found in OTCMS ...) NOT-FOR-US: OTCMS CVE-2023-6771 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6767 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Wedding Guest e-Book CVE-2023-6766 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul CVE-2023-6765 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-6762 (A vulnerability, which was classified as critical, was found in Thecos ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6761 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6760 (A vulnerability classified as critical was found in Thecosy IceCMS up ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6759 (A vulnerability classified as problematic has been found in Thecosy Ic ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6758 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6757 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6756 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classif ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6755 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...) NOT-FOR-US: DedeBIZ CVE-2023-6723 (An unrestricted file upload vulnerability has been identified in Repbo ...) NOT-FOR-US: Repox CVE-2023-6722 (A path traversal vulnerability has been detected in Repox, which allow ...) NOT-FOR-US: Repox CVE-2023-6721 (An XEE vulnerability has been found in Repox, which allows a remote at ...) NOT-FOR-US: Repox CVE-2023-6720 (An XSS vulnerability stored in Repox has been identified, which allows ...) NOT-FOR-US: Repox CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an attac ...) NOT-FOR-US: Repox CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...) NOT-FOR-US: Repox CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...) NOT-FOR-US: FreeBSD CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...) NOT-FOR-US: FreeBSD CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...) NOT-FOR-US: Newsletter Software SuperMailer CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...) NOT-FOR-US: Open CMS CVE-2023-6379 (Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, ...) NOT-FOR-US: Open CMS CVE-2023-50779 (Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 an ...) NOT-FOR-US: Jenkins PaaSLane Estimate Plugin CVE-2023-50778 (A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane ...) NOT-FOR-US: Jenkins PaaSLane Estimate Plugin CVE-2023-50777 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSL ...) NOT-FOR-US: Jenkins PaaSLane Estimate Plugin CVE-2023-50776 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane aut ...) NOT-FOR-US: Jenkins PaaSLane Estimate Plugin CVE-2023-50775 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...) NOT-FOR-US: Jenkins Deployment Dashboard Plugin CVE-2023-50774 (A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResou ...) NOT-FOR-US: Jenkins HTMLResource Plugin CVE-2023-50773 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask acce ...) NOT-FOR-US: Jenkins Dingding JSON Pusher Plugin CVE-2023-50772 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access toke ...) NOT-FOR-US: Jenkins Dingding JSON Pusher Plugin CVE-2023-50771 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperl ...) NOT-FOR-US: Jenkins OpenId Connect Authentication Plugin CVE-2023-50770 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a ...) NOT-FOR-US: Jenkins OpenId Connect Authentication Plugin CVE-2023-50769 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) NOT-FOR-US: Jenkins Nexus Platform Plugin CVE-2023-50768 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) NOT-FOR-US: Jenkins Nexus Platform Plugin CVE-2023-50767 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) NOT-FOR-US: Jenkins Nexus Platform Plugin CVE-2023-50766 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) NOT-FOR-US: Jenkins Nexus Platform Plugin CVE-2023-50765 (A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f ...) NOT-FOR-US: Jenkins Scriptler Plugin CVE-2023-50764 (Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restr ...) NOT-FOR-US: Jenkins Scriptler Plugin CVE-2023-50441 (Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.20 ...) NOT-FOR-US: PRIMX ZONECENTRAL CVE-2023-49363 (Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in th ...) NOT-FOR-US: Rockoa CVE-2023-49296 (The Arduino Create Agent allows users to use the Arduino Create applic ...) NOT-FOR-US: Arduino Create Agent CVE-2023-48639 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) NOT-FOR-US: Adobe CVE-2023-48638 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) NOT-FOR-US: Adobe CVE-2023-48637 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) NOT-FOR-US: Adobe CVE-2023-48636 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) NOT-FOR-US: Adobe CVE-2023-48635 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) NOT-FOR-US: Adobe CVE-2023-48634 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) NOT-FOR-US: Adobe CVE-2023-48633 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) NOT-FOR-US: Adobe CVE-2023-48632 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) NOT-FOR-US: Adobe CVE-2023-48630 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-48629 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-48628 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-48627 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-48626 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-48625 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) NOT-FOR-US: Adobe CVE-2023-47327 (The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for ...) NOT-FOR-US: Silverpeas Core CVE-2023-47326 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSR ...) NOT-FOR-US: Silverpeas Core CVE-2023-47325 (Silverpeas Core 6.3.1 administrative "Bin" feature is affected by brok ...) NOT-FOR-US: Silverpeas Core CVE-2023-47324 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Silverpeas Core CVE-2023-47323 (The notification/messaging feature of Silverpeas Core 6.3.1 does not e ...) NOT-FOR-US: Silverpeas Core CVE-2023-47322 (The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cro ...) NOT-FOR-US: Silverpeas Core CVE-2023-47321 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via th ...) NOT-FOR-US: Silverpeas Core CVE-2023-47320 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An at ...) NOT-FOR-US: Silverpeas Core CVE-2023-47081 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-47080 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-47079 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-47078 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-47077 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-47076 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-47075 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47074 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47063 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47062 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-47061 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-46727 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr NOTE: https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46 CVE-2023-46726 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95 NOTE: https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2 CVE-2023-46247 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2023-44362 (Adobe Prelude versions 22.6 and earlier are affected by an Access of U ...) NOT-FOR-US: Adobe CVE-2023-44252 (** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerabilit ...) NOT-FOR-US: FortiGuard CVE-2023-44251 (** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to ...) NOT-FOR-US: FortiGuard CVE-2023-43813 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362 NOTE: https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...) NOT-FOR-US: Dasan Networks W-Web CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) {DLA-3701-1} - tinyxml 2.6.2-6.1 (bug #1059315) [bookworm] - tinyxml 2.6.2-6+deb12u1 [bullseye] - tinyxml 2.6.2-4+deb11u2 NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities NOTE: Debian (non upstream) patch: https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6706 (Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allow ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6705 (Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allo ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6704 (Use after free in libavif in Google Chrome prior to 120.0.6099.109 all ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6703 (Use after free in Blink in Google Chrome prior to 120.0.6099.109 allow ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6702 (Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed ...) {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium (see DSA 5046) CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.) NOT-FOR-US: mlflow CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) {DSA-5642-1} - php-dompdf-svg-lib 0.5.1-1 (bug #1058641) NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030 (0.5.1) TODO: check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) {DSA-5642-1} - php-dompdf-svg-lib 0.5.1-1 (bug #1058641) NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2 NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0 (0.5.1) TODO: check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked CVE-2023-48791 (An improper neutralization of special elements used in a command ('Com ...) NOT-FOR-US: FortiGuard CVE-2023-48782 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2023-48225 (Laf is a cloud development platform. Prior to version 1.0.0-beta.13, t ...) NOT-FOR-US: Laf CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfigur ...) NOT-FOR-US: Relyum RELY-PCIe CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to ...) NOT-FOR-US: Relyum RELY-PCIe and RELY-REC CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 all ...) NOT-FOR-US: Relyum CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) NOT-FOR-US: Relyum CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) NOT-FOR-US: Relyum CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) NOT-FOR-US: Relyum CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorizat ...) NOT-FOR-US: Relyum CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS version ...) NOT-FOR-US: FortiGuard CVE-2023-46713 (An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 ...) NOT-FOR-US: FortiGuard CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive information may b ...) - kibana (bug #700337) CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor Exynos 9 ...) NOT-FOR-US: Samsung CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows Informatio ...) NOT-FOR-US: Nadatel CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Hanbiro CVE-2023-45725 (Design document functions which receive a user http request object may ...) - couchdb CVE-2023-45587 (An improper neutralization of input during web page generation ('cross ...) NOT-FOR-US: FortiGuard CVE-2023-43122 (Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080 ...) NOT-FOR-US: Samsung CVE-2023-42483 (A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exyno ...) NOT-FOR-US: Samsung CVE-2023-41844 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2023-41678 (A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiP ...) NOT-FOR-US: FortiGuard CVE-2023-41673 (An improper authorization vulnerability [CWE-285] in Fortinet FortiADC ...) NOT-FOR-US: FortiGuard CVE-2023-40716 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2023-3517 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 9 ...) NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics CVE-2023-36639 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) NOT-FOR-US: FortiGuard CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. This i ...) - libapache2-mod-cluster (bug #731410) CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...) - undertow (bug #1059055) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099 CVE-2023-49921 - elasticsearch CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...) NOT-FOR-US: Elastic whereby Elastic Agent CVE-2023-50247 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...) - h2o (Vulnerable code introduced later) NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-2ch5-p59c-7mv6 NOTE: Fixed by: https://github.com/h2o/h2o/commit/d67e81d03be12a9d53dc8271af6530f40164cd35 CVE-2023-49923 (An issue was discovered by Elastic whereby the Documents API of App Se ...) NOT-FOR-US: Elastic whereby the Documents API of App Search CVE-2023-49922 (An issue was discovered by Elastic whereby Beats and Elastic Agent wou ...) NOT-FOR-US: Elastic whereby Beats and Elastic Agent CVE-2023-49279 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-49278 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-49274 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-49273 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-49089 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-48313 (Umbraco is an ASP.NET content management system (CMS). Starting in 10 ...) NOT-FOR-US: Umbraco CVE-2023-48227 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-43364 (main.py in Searchor before 2.4.2 uses eval on CLI input, which may cau ...) NOT-FOR-US: Searchor CVE-2023-41337 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In ...) - h2o (bug #1059413) NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-5v5r-rghf-rm6q NOTE: Fixed by: https://github.com/h2o/h2o/commit/35760540337a47e5150da0f4a66a609fad2ef0ab CVE-2023-38694 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) NOT-FOR-US: Umbraco CVE-2023-36696 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-36391 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2023-36020 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36019 (Microsoft Power Platform Connector Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36012 (DHCP Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36011 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36010 (Microsoft Defender Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36009 (Microsoft Word Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-36005 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36004 (Windows DPAPI (Data Protection Application Programming Interface) Spoo ...) NOT-FOR-US: Microsoft CVE-2023-36003 (XAML Diagnostics Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35644 (Windows Sysmain Service Elevation of Privilege) NOT-FOR-US: Microsoft CVE-2023-35643 (DHCP Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35642 (Internet Connection Sharing (ICS) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35641 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35639 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35638 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35636 (Microsoft Outlook Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35635 (Windows Kernel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35634 (Windows Bluetooth Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35633 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35632 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2023-35631 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35630 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35629 (Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35628 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35625 (Azure Machine Learning Compute Instance for SDK Users Information Disc ...) NOT-FOR-US: Microsoft CVE-2023-35624 (Azure Connected Machine Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35622 (Windows DNS Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35621 (Microsoft Dynamics 365 Finance and Operations Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2023-35619 (Microsoft Outlook for Mac Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-34064 (Workspace ONE Launcher contains a Privilege Escalation Vulnerability.A ...) NOT-FOR-US: VMware CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...) - mattermost-server (bug #823556) CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-6547 (Mattermost fails to validate team membership when a user attempts to a ...) - mattermost-server (bug #823556) CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unb ...) NOT-FOR-US: Cloudflare quiche CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...) - ncurses 6.4+20230625-1 [bookworm] - ncurses (Minor issue) [bullseye] - ncurses (Minor issue) [buster] - ncurses (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html NOTE: Fixed in ncurses-6.4-20230424 patchlevel CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). ...) NOT-FOR-US: SAS CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...) - espeak-ng 1.51+dfsg-12 (bug #1059060) [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1 [bullseye] - espeak-ng (Minor issue) [buster] - espeak-ng (Minor issue) NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823 NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...) - espeak-ng 1.51+dfsg-12 (bug #1059060) [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1 [bullseye] - espeak-ng (Minor issue) [buster] - espeak-ng (Minor issue) NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826 NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow v ...) - espeak-ng 1.51+dfsg-12 (bug #1059060) [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1 [bullseye] - espeak-ng (Minor issue) [buster] - espeak-ng (Minor issue) NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827 NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow ...) - espeak-ng 1.51+dfsg-12 (bug #1059060) [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1 [bullseye] - espeak-ng (Minor issue) [buster] - espeak-ng (Minor issue) NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825 NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...) - espeak-ng 1.51+dfsg-12 (bug #1059060) [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1 [bullseye] - espeak-ng (Minor issue) [buster] - espeak-ng (Minor issue) NOTE: https://github.com/espeak-ng/espeak-ng/issues/1824 NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c CVE-2023-49874 (Mattermost fails to check whether a user is a guest when updating the ...) - mattermost-server (bug #823556) CVE-2023-49809 (Mattermost fails to handle a null request body in the /add endpoint, a ...) - mattermost-server (bug #823556) CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI ...) NOT-FOR-US: NetBIOS service of HMI GC-A2 series NOT-FOR-US: JTEKT ELECTRONICS CORPORATION CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...) NOT-FOR-US: ELECOM CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...) NOT-FOR-US: Siemens CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...) NOT-FOR-US: Siemens CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body request p ...) - mattermost-server (bug #823556) CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allow ...) NOT-FOR-US: Voltronic Power SNMP Web Pro CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC- ...) NOT-FOR-US: JTEKT ELECTRONICS CORPORATION CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link service ...) NOT-FOR-US: JTEKT ELECTRONICS CORPORATION CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) NOT-FOR-US: Acronis CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2023-48430 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2023-48429 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2023-48428 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2023-48427 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2023-46701 (Mattermost fails to perform authorization checks in the /plugins/play ...) - mattermost-server (bug #823556) CVE-2023-46456 (In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inj ...) NOT-FOR-US: GL.iNET GL-AR300M routers CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to wr ...) NOT-FOR-US: GL.iNET GL-AR300M routers CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to i ...) NOT-FOR-US: GL.iNET GL-AR300M routers CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Siemens CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Siemens CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Siemens CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Siemens CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All versions ...) NOT-FOR-US: Siemens CVE-2023-46156 (Affected devices improperly handle specially crafted packets sent to p ...) NOT-FOR-US: Siemens CVE-2023-45847 (Mattermost fails to to check the length when setting the title in a ru ...) - mattermost-server (bug #823556) CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in /plugins/ ...) - mattermost-server (bug #823556) CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC- ...) NOT-FOR-US: JTEKT ELECTRONICS CORPORATION CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: EMlog CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...) NOT-FOR-US: Siemens CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: mlflow CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for Android, ...) NOT-FOR-US: Emarsys SDK for Android CVE-2023-5536 (A feature in LXD (LP#1829071), affects the default configuration of Ub ...) NOT-FOR-US: Ubuntu server configuration CVE-2023-50424 (SAPBTPSecurity Services Integration Library ([Golang] github.com/sap/c ...) NOT-FOR-US: SAP CVE-2023-50423 (SAPBTPSecurity Services Integration Library ([Python]sap-xssec) - vers ...) NOT-FOR-US: SAP CVE-2023-50422 (SAPBTPSecurity Services Integration Library ([Java] cloud-security-ser ...) NOT-FOR-US: SAP CVE-2023-50245 (OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata pr ...) NOT-FOR-US: OpenEXR-viewer CVE-2023-49805 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...) NOT-FOR-US: Uptime Kuma CVE-2023-49804 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...) NOT-FOR-US: Uptime Kuma CVE-2023-49803 (@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a ...) NOT-FOR-US: Node @koa/cors CVE-2023-49802 (The LinkedCustomFields plugin for MantisBT allows users to link values ...) NOT-FOR-US: LinkedCustomFields plugin for MantisBT CVE-2023-49796 (MindsDB connects artificial intelligence models to real time data. Ver ...) NOT-FOR-US: MindsDB CVE-2023-49587 (SAP Solution Manager - version 720, allows an authorized attacker to e ...) NOT-FOR-US: SAP CVE-2023-49584 (SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP ...) NOT-FOR-US: SAP CVE-2023-49583 (SAPBTPSecurity Services Integration Library ([Node.js] @sap/xssec - ve ...) NOT-FOR-US: SAP CVE-2023-49581 (SAP GUI for WindowsandSAP GUI for Javaallow an unauthenticated attacke ...) NOT-FOR-US: SAP CVE-2023-49580 (SAP GUI for WindowsandSAP GUI for Java - versions SAP_BASIS 755, SAP_B ...) NOT-FOR-US: SAP CVE-2023-49578 (SAP Cloud Connector - version 2.0, allows an authenticated user with l ...) NOT-FOR-US: SAP CVE-2023-49577 (The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 6 ...) NOT-FOR-US: SAP CVE-2023-49494 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: DedeCMS CVE-2023-49490 (XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: XunRuiCMS CVE-2023-49488 (A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 al ...) NOT-FOR-US: Openfiler ESA CVE-2023-49058 (SAP Master Data Governance File Upload applicationallows an attacker t ...) NOT-FOR-US: SAP CVE-2023-48642 (Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticate ...) NOT-FOR-US: Archer CVE-2023-48641 (Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecu ...) NOT-FOR-US: Archer CVE-2023-45292 (When using the default implementation of Verify to check a Captcha, ve ...) NOT-FOR-US: base64Captcha CVE-2023-42932 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42927 REJECTED CVE-2023-42926 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42924 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42923 (This issue was addressed through improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-42922 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42919 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-42914 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42912 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42911 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42910 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42909 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42908 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42907 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42906 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42905 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42904 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42903 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42902 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42901 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2023-42900 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42899 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42898 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42897 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42894 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42891 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-42890 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5527-1} - webkit2gtk 2.42.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.0-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0012.html CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-42884 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42883 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5580-1} - webkit2gtk 2.42.4-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.4-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0012.html CVE-2023-42882 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42874 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-42481 (In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, ...) NOT-FOR-US: SAP CVE-2023-42479 (An unauthenticated attacker can embed a hidden access to a Biller Dire ...) NOT-FOR-US: SAP CVE-2023-42478 (SAP Business ObjectsBusiness Intelligence Platform is vulnerable to st ...) NOT-FOR-US: SAP CVE-2023-42476 (SAP Business Objects Web Intelligence - version 420, allows an authen ...) NOT-FOR-US: SAP CVE-2023-41120 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41119 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41118 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41117 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41116 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41115 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41114 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-41113 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) NOT-FOR-US: EnterpriseDB Postgres Advanced Server CVE-2023-40446 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-36654 (Directory traversal in the log-download REST API endpoint in ProLion C ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36652 (A SQL Injection in the users searching REST API endpoint in ProLion Cr ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36651 (Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allo ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36650 (A missing integrity check in the update system in ProLion CryptoSpike ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36649 (Insertion of sensitive information in the centralized (Grafana) loggin ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36648 (Missing authentication in the internal data streaming system in ProLio ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36647 (A hard-coded cryptographic private key used to sign JWT authentication ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-36646 (Incorrect user role checking in multiple REST API endpoints in ProLion ...) NOT-FOR-US: ProLion CryptoSpike CVE-2022-48616 (A Huawei data communication product has a command injection vulnerabil ...) NOT-FOR-US: Huawei CVE-2022-48615 (An improper access control vulnerability exists in a Huawei datacom pr ...) NOT-FOR-US: Huawei CVE-2024-31211 (WordPress is an open publishing platform for the Web. Unserialization ...) - wordpress 6.4.2+dfsg1-1 [bookworm] - wordpress (Vulnerable code not present) [bullseye] - wordpress (Vulnerable code not present) [buster] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m257-q4m5-j653 NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/ CVE-2023-6536 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254052 NOTE: https://git.kernel.org/linus/0849a5441358cef02586fb2d60f707c0db195628 (6.8-rc1) CVE-2023-6535 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254053 NOTE: https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1) NOTE: https://git.kernel.org/linus/0849a5441358cef02586fb2d60f707c0db195628 (6.8-rc1) NOTE: https://git.kernel.org/linus/9a1abc24850eb759e36a2f8869161c3b7254c904 (6.8-rc1) CVE-2023-6356 (A flaw was found in the Linux kernel's NVMe driver. This issue may all ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054 CVE-2023-39804 (In GNU tar before 1.35, mishandled extension attributes in a PAX archi ...) {DLA-3755-1} - tar 1.34+dfsg-1.3 (bug #1058079) [bookworm] - tar 1.34+dfsg-1.2+deb12u1 [bullseye] - tar 1.34+dfsg-1+deb11u1 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 (v1.35) CVE-2023-6679 (A null pointer dereference vulnerability was found in dpll_pin_parent_ ...) - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/ CVE-2023-6671 (A vulnerability has been discovered on OJS, that consists in a CSRF (C ...) NOT-FOR-US: OJS (OPEN JOURNAL SYSTEMS) CVE-2023-6538 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...) NOT-FOR-US: Hitachi CVE-2023-6194 (In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition X ...) NOT-FOR-US: Eclipse Memory Analyzer CVE-2023-6035 (The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize ...) NOT-FOR-US: WordPress plugin CVE-2023-5955 (The Contact Form Email WordPress plugin before 1.3.44 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-5940 (The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-5907 (The File Manager WordPress plugin before 6.3 does not restrict the fil ...) NOT-FOR-US: WordPress plugin CVE-2023-5757 (The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-5750 (The EmbedPress WordPress plugin before 3.9.2 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-5749 (The EmbedPress WordPress plugin before 3.9.2 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-49795 (MindsDB connects artificial intelligence models to real time data. Ver ...) NOT-FOR-US: MindsDB CVE-2023-49418 (TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerabili ...) NOT-FOR-US: TOTOLink CVE-2023-49417 (TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerabil ...) NOT-FOR-US: TOTOLink CVE-2023-48715 (Tuleap is an open source suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2023-6185 (Improper Input Validation vulnerability in GStreamer integration of Th ...) {DSA-5574-1 DLA-3703-1} - libreoffice 4:7.6.3-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185/ CVE-2023-6186 (Insufficient macro permission validation of The Document Foundation Li ...) {DSA-5574-1 DLA-3703-1} - libreoffice 4:7.6.4~rc1-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186/ CVE-2023-6659 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Web-Based Student Clearance System CVE-2023-6658 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6657 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6656 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...) NOT-FOR-US: DeepFaceLab CVE-2023-6181 (An oversight in BCB handling of reboot reason that allows for persiste ...) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2023-5500 (This vulnerability allows an remote attacker with low privileges to mi ...) NOT-FOR-US: Frauscher Sensortechnik products CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in Monica (ak ...) NOT-FOR-US: MonicaHQ CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, whe ...) NOT-FOR-US: caddy-geo-ip CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition through 7 ...) NOT-FOR-US: Hyland Alfresco Community Edition CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ...) - jq 1.7.1-1 [bookworm] - jq (Vulnerable code not present) [bullseye] - jq (Vulnerable code not present) [buster] - jq (Vulnerable code not present) NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md NOTE: Duplicate of CVE-2023-50246 and requested to be rejected CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation in a prod ...) NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and Manipul ...) NOT-FOR-US: Android CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: Hongjing e-HR 2020 CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x ...) NOT-FOR-US: PHPEMS CVE-2023-6653 (A vulnerability was found in PHPGurukul Teacher Subject Allocation Man ...) NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System CVE-2023-6652 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) NOT-FOR-US: code-projects Matrimonial Site CVE-2023-6651 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) NOT-FOR-US: code-projects Matrimonial Site CVE-2023-6650 (A vulnerability was found in SourceCodester Simple Invoice Generator S ...) NOT-FOR-US: SourceCodester Simple Invoice Generator System CVE-2023-6649 (A vulnerability has been found in PHPGurukul Teacher Subject Allocatio ...) NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System CVE-2023-6648 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System CVE-2023-50457 (An issue was discovered in Zammad before 6.2.0. When listing tickets l ...) - zammad (bug #841355) CVE-2023-50456 (An issue was discovered in Zammad before 6.2.0. An attacker can trigge ...) - zammad (bug #841355) CVE-2023-50455 (An issue was discovered in Zammad before 6.2.0. Due to lack of rate li ...) - zammad (bug #841355) CVE-2023-50454 (An issue was discovered in Zammad before 6.2.0. In several subsystems, ...) - zammad (bug #841355) CVE-2023-50453 (An issue was discovered in Zammad before 6.2.0. It uses the public end ...) - zammad (bug #841355) CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Di ...) NOT-FOR-US: JFinalCMS CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1 ...) NOT-FOR-US: Mullvad VPN Windows app CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.) NOT-FOR-US: Semantik MediaWiki CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...) NOT-FOR-US: AMTT HiBOS CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...) NOT-FOR-US: linkding CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) - linux 6.6.15-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html CVE-2023-50430 (The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computer ...) NOT-FOR-US: Goodix Fingerprint Device (as shipped in Dell Inspiron 15 computers) CVE-2023-50429 (IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensembl ...) NOT-FOR-US: IzyBat Orange casiers CVE-2023-50428 (In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots202311 ...) - bitcoin CVE-2021-46899 (SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote de ...) NOT-FOR-US: SyncTrayzor CVE-2023-6394 (A flaw was found in Quarkus. This issue occurs when receiving a reques ...) NOT-FOR-US: Quarkus CVE-2023-6337 (HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable t ...) NOT-FOR-US: HashiCorp Vault CVE-2023-6120 (The Welcart e-Commerce plugin for WordPress is vulnerable to Directory ...) NOT-FOR-US: WordPress plugin CVE-2023-5756 (The Digital Publications by Supsystic plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-49800 (`nuxt-api-party` is an open source module to proxy API requests. The l ...) NOT-FOR-US: nuxt-api-party CVE-2023-49799 (`nuxt-api-party` is an open source module to proxy API requests. nuxt- ...) NOT-FOR-US: nuxt-api-party CVE-2023-49798 (OpenZeppelin Contracts is a library for smart contract development. A ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-49797 (PyInstaller bundles a Python application and all its dependencies into ...) NOT-FOR-US: PyInstaller CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user servers in Doc ...) NOT-FOR-US: dockerspawner CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in bro ...) NOT-FOR-US: IBM CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...) - gpac (bug #1059056) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2652 NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49 NOTE: https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521 CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 versi ...) NOT-FOR-US: DrayTek Vigor167 CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...) - gpac (bug #1059056) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2669 NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...) {DSA-5593-1} - linux 6.6.8-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3701cd390fd731ee7ae8b8006246c8db82c72bea CVE-2023-6619 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6618 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6617 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6616 (A vulnerability was found in SourceCodester Simple Student Attendance ...) NOT-FOR-US: SourceCodester Simple Student Attendance System CVE-2023-6615 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Typecho CVE-2023-6614 (A vulnerability classified as problematic was found in Typecho 1.2.1. ...) NOT-FOR-US: Typecho CVE-2023-6613 (A vulnerability classified as problematic has been found in Typecho 1. ...) NOT-FOR-US: Typecho CVE-2023-6612 (A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. I ...) NOT-FOR-US: Totolink CVE-2023-6611 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been de ...) NOT-FOR-US: Tongda OA CVE-2023-6610 (An out-of-bounds read vulnerability was found in smb2_dump_detail in f ...) - linux 6.6.13-1 (unimportant) [bookworm] - linux 6.1.76-1 NOTE: CONFIG_CIFS_DEBUG2 not enabled in Debian NOTE: https://git.kernel.org/linus/567320c46a60a3c39b69aa1df802d753817a3f86 CVE-2023-6609 (A vulnerability was found in osCommerce 4. It has been classified as p ...) NOT-FOR-US: osCommerce CVE-2023-6608 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-6607 (A vulnerability has been found in Tongda OA 2017 up to 11.10 and class ...) NOT-FOR-US: Tongda OA CVE-2023-6606 (An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb ...) {DLA-3710-1} - linux 6.6.9-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux 5.10.209-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=218218 NOTE: https://git.kernel.org/linus/b35858b3786ddbb56e1c35138ba25d6adf8d0bef CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...) - python3.12 3.12.1-1 - python3.11 (Vulnerable code not present) - python3.10 (Vulnerable code not present) - python3.9 (Vulnerable code not present) - python3.7 (Vulnerable code not present) - python2.7 (Vulnerable code not present) NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ NOTE: https://github.com/python/cpython/issues/112334 NOTE: https://github.com/python/cpython/pull/112617 CVE-2023-6245 (The Candid library causes a Denial of Service while parsing a special ...) NOT-FOR-US: Candid CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability ...) NOT-FOR-US: Qualys CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2023-49782 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: JFinalCMS CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: JFinalCMS CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: JFinalCMS CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: Dreamer CMS CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attacke ...) NOT-FOR-US: DoraCMS CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for verification ...) NOT-FOR-US: DoraCMS CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-bas ...) NOT-FOR-US: Netgear CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) NOT-FOR-US: Android CVE-2023-48420 (there is a possible use after free due to a race condition. This could ...) NOT-FOR-US: Android CVE-2023-48416 (In multiple locations, there is a possible null dereference due to a m ...) NOT-FOR-US: Android CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free due to ...) NOT-FOR-US: Android CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...) NOT-FOR-US: Android CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapt ...) NOT-FOR-US: Android CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) NOT-FOR-US: Android CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is ...) NOT-FOR-US: Android CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset due to a ...) NOT-FOR-US: Android CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot unverif ...) NOT-FOR-US: Android CVE-2023-48405 (there is a possible way for the secure world to write to NS memory due ...) NOT-FOR-US: Android CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.c ...) NOT-FOR-US: Android CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing p ...) NOT-FOR-US: Android CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, th ...) NOT-FOR-US: Android CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnet ...) NOT-FOR-US: Android CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-47565 (An OS command injection vulnerability has been found to affect legacy ...) NOT-FOR-US: QNAP CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) NOT-FOR-US: EverShop NPM CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote ...) NOT-FOR-US: EverShop NPM CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) NOT-FOR-US: EverShop NPM CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) NOT-FOR-US: EverShop NPM CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) NOT-FOR-US: EverShop NPM CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) NOT-FOR-US: EverShop NPM CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) NOT-FOR-US: EverShop NPM CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest p ...) NOT-FOR-US: MGT CloudPanel CVE-2023-32975 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-32968 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...) NOT-FOR-US: microweber CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...) NOT-FOR-US: D-Link CVE-2023-6580 (A vulnerability, which was classified as critical, was found in D-Link ...) NOT-FOR-US: D-Link CVE-2023-6579 (A vulnerability, which was classified as critical, has been found in o ...) NOT-FOR-US: osCommerce CVE-2023-6578 (A vulnerability classified as critical has been found in Software AG W ...) NOT-FOR-US: Software AG WebMethods CVE-2023-6577 (A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. ...) NOT-FOR-US: Beijing Baichuo PatrolFlow 2530Pro CVE-2023-6576 (A vulnerability was found in Byzoro S210 up to 20231123. It has been d ...) NOT-FOR-US: Beijing Baichuo S210 CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL ...) NOT-FOR-US: Iconics SCADA Suite CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...) NOT-FOR-US: Phoenix CVE-2023-5008 (Student Information System v1.0 is vulnerable to an unauthenticated SQ ...) NOT-FOR-US: Student Information System CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure File Uplo ...) NOT-FOR-US: Student Information System CVE-2023-48929 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...) NOT-FOR-US: Franklin Fueling Systems System Sentinel AnyWare (SSA) CVE-2023-48928 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...) NOT-FOR-US: Franklin Fueling Systems System Sentinel AnyWare (SSA) CVE-2023-48122 (An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote at ...) NOT-FOR-US: microweber CVE-2023-46693 (Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allo ...) NOT-FOR-US: FormaLMS CVE-2023-43744 (An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, ...) NOT-FOR-US: Zultys products firmware CVE-2023-43743 (A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virt ...) NOT-FOR-US: Zultys products firmware CVE-2023-43742 (An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, ...) NOT-FOR-US: Zultys products firmware CVE-2023-43305 (An issue in studio kent mini-app on Line v13.6.1 allows attackers to s ...) NOT-FOR-US: studio kent mini-app on Line CVE-2023-38174 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36880 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...) NOT-FOR-US: Dell CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...) {DSA-5584-1 DLA-3689-1} [experimental] - bluez 5.70-1.1~exp0 - bluez 5.70-1.1 (bug #1057914) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 NOTE: The fix for CVE-2020-0556 allows to set manually the "ClassicBondedOnly" NOTE: configuration options but defaulted to false. CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) NOT-FOR-US: Devolutions Server CVE-2023-6575 (A vulnerability was found in Byzoro S210 up to 20231121. It has been c ...) NOT-FOR-US: Beijing Baichuo S210 CVE-2023-6574 (A vulnerability was found in Byzoro Smart S20 up to 20231120 and class ...) NOT-FOR-US: Beijing Baichuo Smart S20 CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...) NOT-FOR-US: ControlByWeb Relay CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...) - libstruts1.2-java NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066 CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-50000 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-4486 (Under certain circumstances, invalid authentication credentials could ...) NOT-FOR-US: Johnson Controls Metasys NAE55, SNE, and SNC engines CVE-2023-49999 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) NOT-FOR-US: Tenda CVE-2023-49967 (Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blo ...) NOT-FOR-US: Typecho CVE-2023-49958 (An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (O ...) NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49957 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49956 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49955 (An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Op ...) NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49787 REJECTED CVE-2023-49746 (Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team S ...) NOT-FOR-US: Softaculous Team SpeedyCache CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: DedeCMS CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: DedeCMS CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) {DLA-3699-1} - libde265 1.0.15-1 (bug #1059275) [bookworm] - libde265 1.0.11-1+deb12u2 [bullseye] - libde265 1.0.11-0+deb11u3 NOTE: https://github.com/strukturag/libde265/issues/432 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb (v1.0.15) CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) {DLA-3699-1} - libde265 1.0.15-1 (bug #1059275) [bookworm] - libde265 1.0.11-1+deb12u2 [bullseye] - libde265 1.0.11-0+deb11u3 NOTE: https://github.com/strukturag/libde265/issues/434 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/7e4faf254bbd2e52b0f216cb987573a2cce97b54 (v1.0.15) CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) {DLA-3699-1} - libde265 1.0.15-1 (bug #1059275) [bookworm] - libde265 1.0.11-1+deb12u2 [bullseye] - libde265 1.0.11-0+deb11u3 NOTE: https://github.com/strukturag/libde265/issues/435 NOTE: Fixed by: https://github.com/strukturag/libde265/commit/1475c7d2f0a6dc35c27e18abc4db9679bfd32568 (v1.0.15) CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif 1.17.6-1 (bug #1059151) [bookworm] - libheif (Minor issue) [bullseye] - libheif (Minor issue) [buster] - libheif (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1044 NOTE: https://github.com/strukturag/libheif/pull/1049 NOTE: https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 (v1.17.6) CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif 1.17.6-1 (bug #1059151) [bookworm] - libheif (Minor issue) [bullseye] - libheif (Minor issue) [buster] - libheif (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1042 NOTE: https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf (v1.17.6) CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif 1.17.6-1 (bug #1059151) [bookworm] - libheif (Minor issue) [bullseye] - libheif (Minor issue) [buster] - libheif (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1043 NOTE: https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878cc67f3889969 (v1.17.6) CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif 1.17.6-1 (bug #1059151) [bookworm] - libheif (Minor issue) [bullseye] - libheif (Minor issue) [buster] - libheif (Vulnerable code not present) NOTE: https://github.com/strukturag/libheif/issues/1046 NOTE: https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76 (v1.17.6) CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) NOT-FOR-US: Tenda CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) NOT-FOR-US: Tenda CVE-2023-49435 (Tenda AX9 V22.03.01.46 is vulnerable to command injection.) NOT-FOR-US: Tenda CVE-2023-49434 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) NOT-FOR-US: Tenda CVE-2023-49433 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) NOT-FOR-US: Tenda CVE-2023-49432 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) NOT-FOR-US: Tenda CVE-2023-49431 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) NOT-FOR-US: Tenda CVE-2023-49430 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) NOT-FOR-US: Tenda CVE-2023-49429 (Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injecti ...) NOT-FOR-US: Tenda CVE-2023-49428 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) NOT-FOR-US: Tenda CVE-2023-49426 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-49425 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-49424 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-49411 (Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability v ...) NOT-FOR-US: Tenda CVE-2023-49410 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-49409 (Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution v ...) NOT-FOR-US: Tenda CVE-2023-49408 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-49406 (Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execu ...) NOT-FOR-US: Tenda CVE-2023-49405 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-49404 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) NOT-FOR-US: Tenda CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_ ...) - gpac (bug #1059056) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2689 NOTE: Fixed by: https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4 CVE-2023-48325 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) NOT-FOR-US: WordPress plugin CVE-2023-47779 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-47548 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) NOT-FOR-US: WordPress plugin CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversa ...) NOT-FOR-US: Gladys Assistant CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management System v ...) NOT-FOR-US: Best Courier Management System CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a mem ...) - gpac (bug #1059056) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2658 NOTE: Fixed by: https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery ...) NOT-FOR-US: WordPress plugin CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) NOT-FOR-US: WordPress plugin CVE-2023-41905 (NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scr ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41804 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) NOT-FOR-US: WordPress plugin CVE-2023-41172 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41171 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41170 (NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scr ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41169 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-41168 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) NOT-FOR-US: NETSCOUT nGeniusONE CVE-2023-40302 (NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability) NOT-FOR-US: NETSCOUT nGeniusPULSE CVE-2023-40301 (NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.) NOT-FOR-US: NETSCOUT nGeniusPULSE CVE-2023-40300 (NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.) NOT-FOR-US: NETSCOUT nGeniusPULSE CVE-2023-39909 (Ericsson Network Manager before 23.2 mishandles Access Control and thu ...) NOT-FOR-US: Ericsson Network Manager CVE-2023-39172 (The affected devices transmit sensitive information unencrypted allowi ...) NOT-FOR-US: SENEC Home CVE-2023-39171 (SENEC Storage Box V1,V2 and V3 accidentially expose a management UI ac ...) NOT-FOR-US: SENEC Storage Box CVE-2023-39170 REJECTED CVE-2023-39169 (The affected devices use publicly available default credentials with a ...) NOT-FOR-US: SENEC Home CVE-2023-39168 REJECTED CVE-2023-39167 (InSENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker ca ...) NOT-FOR-US: SENEC Storage Box CVE-2023-35909 (Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninj ...) NOT-FOR-US: WordPress plugin CVE-2023-35039 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-33413 (The configuration functionality in the Intelligent Platform Management ...) NOT-FOR-US: Supermicro CVE-2023-33412 (The web interface in the Intelligent Platform Management Interface (IP ...) NOT-FOR-US: Supermicro CVE-2023-33411 (A web server in the Intelligent Platform Management Interface (IPMI) b ...) NOT-FOR-US: Supermicro CVE-2023-6568 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlf ...) NOT-FOR-US: mlflow CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...) NOT-FOR-US: microweber CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) NOT-FOR-US: Ruckus CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) NOT-FOR-US: TTplayer CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) NOT-FOR-US: TOTOLINK CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...) NOT-FOR-US: Appointment Scheduler CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3 ...) NOT-FOR-US: Appointment Scheduler CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site ...) NOT-FOR-US: Appointment Scheduler CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection iss ...) NOT-FOR-US: Appointment Scheduler CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues ...) NOT-FOR-US: Car Rental Script CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scri ...) NOT-FOR-US: Car Rental Script CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > ...) NOT-FOR-US: Car Rental Script CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows ...) NOT-FOR-US: Car Rental Script CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Cale ...) NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability Booking Ca ...) NOT-FOR-US: Availability Booking Calendar CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Lan ...) NOT-FOR-US: Shuttle Booking Software CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross ...) NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injecti ...) NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the ...) NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injec ...) NOT-FOR-US: Availability Booking Calendar CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...) NOT-FOR-US: BoidCMS CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) NOT-FOR-US: GaatiTrack Courier Management System CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) NOT-FOR-US: Availability Booking Calendar CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) NOT-FOR-US: Availability Booking Calendar CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...) NOT-FOR-US: GaatiTrack CourierManagement System CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...) NOT-FOR-US: Jorani Leave Management System CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...) NOT-FOR-US: Shuttle Booking Software CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...) NOT-FOR-US: Maxima Max Pro Power CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...) NOT-FOR-US: PrestaShop module CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) NOT-FOR-US: PrestaShop module CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) NOT-FOR-US: etcd-browser CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) NOT-FOR-US: PARK DANDAN mini-app on Line CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) NOT-FOR-US: craftbeer bar canvas mini-app on Line CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...) NOT-FOR-US: sanTas mini-app on Line CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...) NOT-FOR-US: DARTS SHOP MAXIM mini-app on Line CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows attackers to ...) NOT-FOR-US: urban_project mini-app on Line CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to s ...) NOT-FOR-US: DA BUTCHERS mini-app on Line CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows attacker ...) NOT-FOR-US: SCOL Members Card mini-app on Line CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra Collaboration ...) NOT-FOR-US: Zimbra CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. A ...) NOT-FOR-US: Zimbra CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. A ...) NOT-FOR-US: Zimbra CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O w ...) NOT-FOR-US: Insyde CVE-2023-6560 (An out-of-bounds memory access flaw was found in the io_uring SQ/CQ ri ...) - linux 6.6.8-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/820d070feb668aab5bc9413c285a1dda2a70e076 (6.7-rc4) CVE-2023-5384 (A flaw was found in Infinispan. When serializing the configuration for ...) NOT-FOR-US: Infinispan CVE-2023-6514 (The Bluetooth module of some Huawei Smart Screen products has an ident ...) NOT-FOR-US: Huawei CVE-2023-6459 (Mattermost is grouping calls inthe /metrics endpoint by id and reports ...) - mattermost-server (bug #823556) CVE-2023-6458 (Mattermost webapp fails to validateroute parameters in//cha ...) - mattermost-server (bug #823556) CVE-2023-6393 (A flaw was found in the Quarkus Cache Runtime. When request processing ...) NOT-FOR-US: Quarkus CVE-2023-6291 (A flaw was found in the redirect_uri validation logic in Keycloak. Thi ...) NOT-FOR-US: Keycloak CVE-2023-6288 (Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on mac ...) NOT-FOR-US: Devolutions CVE-2023-6273 (Permission management vulnerability in the module for disabling Sound ...) NOT-FOR-US: Huawei CVE-2023-49248 (Vulnerability of unauthorized file access in the Settings app. Success ...) NOT-FOR-US: Huawei CVE-2023-49247 (Permission verification vulnerability in distributed scenarios. Succes ...) NOT-FOR-US: Huawei CVE-2023-49246 (Unauthorized access vulnerability in the card management module. Succe ...) NOT-FOR-US: Huawei CVE-2023-49245 (Unauthorized access vulnerability in the Huawei Share module. Successf ...) NOT-FOR-US: Huawei CVE-2023-49244 (Permission management vulnerability in the multi-user module. Successf ...) NOT-FOR-US: Huawei CVE-2023-49243 (Vulnerability of unauthorized access to email attachments in the email ...) NOT-FOR-US: Huawei CVE-2023-49242 (Free broadcast vulnerability in the running management module. Success ...) NOT-FOR-US: Huawei CVE-2023-49241 (API permission control vulnerability in the network management module. ...) NOT-FOR-US: Huawei CVE-2023-49240 (Unauthorized access vulnerability in the launcher module. Successful e ...) NOT-FOR-US: Huawei CVE-2023-49239 (Unauthorized access vulnerability in the card management module. Succe ...) NOT-FOR-US: Huawei CVE-2023-49096 (Jellyfin is a Free Software Media System for managing and streaming me ...) - jellyfin (bug #994189) CVE-2023-48859 (TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authenticatio ...) NOT-FOR-US: TOTOLINK CVE-2023-48123 (An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v ...) NOT-FOR-US: Netgate pfSense Plus CVE-2023-46773 (Permission management vulnerability in the PMS module. Successful expl ...) NOT-FOR-US: Huawei CVE-2023-46751 (An issue was discovered in the function gdev_prn_open_printer_seekable ...) {DSA-5578-1} - ghostscript 10.02.1~dfsg-1 [bullseye] - ghostscript (Vulnerable code introduced later) [buster] - ghostscript (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707264 (restricted) NOTE: Introduced with: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e1a3956f252404f07d93be47f7845b23e4a2c4de NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13c9d11d235702dff46bb74c80f7698 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d2da96e81c7455338302c71a291088a8396245a (ghostpdl-10.02.1) CVE-2023-46688 (Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows ...) NOT-FOR-US: Pleasanter CVE-2023-45210 (Pleasanter 1.3.47.0 and earlier contains an improper access control vu ...) NOT-FOR-US: Pleasanter CVE-2023-44113 (Vulnerability of missing permission verification for APIs in the Desig ...) NOT-FOR-US: Huawei CVE-2023-44099 (Vulnerability of data verification errors in the kernel module. Succes ...) NOT-FOR-US: Huawei CVE-2023-39539 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...) NOT-FOR-US: AMI AptioV CVE-2023-39538 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...) NOT-FOR-US: AMI AptioV CVE-2023-36655 (The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Activ ...) NOT-FOR-US: ProLion CryptoSpike CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting ...) NOT-FOR-US: Pleasanter CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated administ ...) NOT-FOR-US: Microfocus CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super cookies" in cur ...) {DSA-5587-1 DLA-3692-1} - curl 8.5.0-1 (bug #1057646) NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0) NOTE: Fixed by: https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb (curl-8_5_0) NOTE: https://curl.se/docs/CVE-2023-46218.html CVE-2023-46219 (When saving HSTS data to an excessively long file name, curl could end ...) - curl 8.5.0-1 (bug #1057645) [bookworm] - curl 7.88.1-10+deb12u5 [bullseye] - curl (curl is not built with HSTS support) [buster] - curl (Not affected by CVE-2022-32207) NOTE: Introduced by: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0) NOTE: The issue is introduced with the fix for CVE-2022-32207. NOTE: Fixed by: https://github.com/curl/curl/commit/73b65e94f3531179de45c6f3c836a610e3d0a846 (curl-8_5_0) NOTE: https://curl.se/docs/CVE-2023-46219.html CVE-2023-6527 (The Email Subscription Popup plugin for WordPress is vulnerable to Ref ...) NOT-FOR-US: WordPress plugin CVE-2023-5970 (Improper authentication in the SMA100 SSL-VPN virtual office portal al ...) NOT-FOR-US: SonicWall CVE-2023-49897 (An OS command injection vulnerability exists in AE1021PE firmware vers ...) NOT-FOR-US: AE1021PE firmware CVE-2023-49297 (PyDrive2 is a wrapper library of google-api-python-client that simplif ...) - pydrive2 (bug #1057647) NOTE: https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5 NOTE: https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 (1.16.2) CVE-2023-49283 (microsoft-graph-core the Microsoft Graph Library for PHP. The Microsof ...) NOT-FOR-US: microsoft-graph-core CVE-2023-49282 (msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft ...) NOT-FOR-US: msgraph-sdk-php CVE-2023-48940 (A stored cross-site scripting (XSS) vulnerability in /admin.php of Dai ...) NOT-FOR-US: DaiCuo CVE-2023-48930 (xinhu xinhuoa 2.2.1 contains a File upload vulnerability.) NOT-FOR-US: xinhu xinhuoa CVE-2023-48849 (Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows un ...) NOT-FOR-US: Ruijie EG Series Routers CVE-2023-46736 (EspoCRM is an Open Source CRM (Customer Relationship Management) softw ...) NOT-FOR-US: EspoCRM CVE-2023-44221 (Improper neutralization of special elements in the SMA100 SSL-VPN mana ...) NOT-FOR-US: SonicWall CVE-2023-41268 (Improper input validation vulnerability in Samsung Open Source Escargo ...) NOT-FOR-US: Samsung CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that allows an ...) NOT-FOR-US: SolarWinds CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome prior ...) {DSA-5573-1} - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6511 (Inappropriate implementation in Autofill in Google Chrome prior to 120 ...) {DSA-5573-1} - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6510 (Use after free in Media Capture in Google Chrome prior to 120.0.6099.6 ...) {DSA-5573-1} - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 120.0.60 ...) {DSA-5573-1} - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 ...) {DSA-5573-1} - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-39326 (A malicious HTTP sender can use chunk extensions to cause a receiver r ...) - golang-1.21 1.21.5-1 - golang-1.20 1.20.12-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/64433 NOTE: https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5) NOTE: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12) CVE-2023-45285 (Using go get to fetch a module with the ".git" suffix may unexpectedly ...) - golang-1.21 1.21.5-1 - golang-1.20 1.20.12-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/63845 NOTE: https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3 (go1.21.5) NOTE: https://github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd (go1.20.12) CVE-2023-6448 (Unitronics VisiLogic before version 9.9.00, used in Vision and Samba P ...) NOT-FOR-US: Unitronics Vision CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...) NOT-FOR-US: CODESYS CVE-2023-6180 (The tokio-boring library in version 4.0.0 is affected by a memory leak ...) NOT-FOR-US: tokio-boring Rust library CVE-2023-49448 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49447 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49446 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49398 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49397 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49396 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49395 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49383 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49382 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49381 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49380 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49379 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49378 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49377 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49376 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49375 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49374 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49373 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...) NOT-FOR-US: Elasticsearch-hadoop CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package hash chec ...) NOT-FOR-US: Buildroot CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...) - golang-1.20 (Fixed before initial upload to Debian) - golang-1.19 [bookworm] - golang-1.19 (Minor issue; intrusive backport) - golang-1.15 [bullseye] - golang-1.15 (Minor issue; intrusive backport) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/20654 NOTE: https://go.dev/cl/326012/26 NOTE: https://groups.google.com/g/golang-announce/c/QMK8IQALDvA NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://pkg.go.dev/vuln/GO-2023-2375 NOTE: Fixed by: https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035 (go1.20rc1) CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may come on ...) NOT-FOR-US: SoftIron HyperCloud CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy removal and r ...) NOT-FOR-US: SoftIron HyperCloud CVE-2023-45083 (An Improper Privilege Management vulnerability exists in HyperCloud th ...) NOT-FOR-US: SoftIron HyperCloud CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) NOT-FOR-US: Dell CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) NOT-FOR-US: Dell CVE-2023-43628 (An integer underflow vulnerability exists in the NTRIP Stream Parsing ...) - gpsd (Vulnerable code introduced later, cf bug #1057667) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860 NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/6ccd477f5e21a45f6c52a21ad323c93e59aa2461 NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/c1c1c2706c4f5b9bf3be437d0a8f0106ef00c5e7 NOTE: Fixed by: https://gitlab.com/gpsd/gpsd/-/commit/3e5c6c28c422102dd453e31912e1e79d1f7ff7f2 CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...) NOT-FOR-US: Buildroot CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...) - libstruts1.2-java NOTE: https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft NOTE: https://cwiki.apache.org/confluence/display/WW/S2-065 CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPCno longer m ...) NOT-FOR-US: Apache OFBiz CVE-2023-6269 (An argument injection vulnerability has been identified in the admini ...) NOT-FOR-US: Atos CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2023-5990 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...) NOT-FOR-US: WordPress plugin CVE-2023-5979 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.2 ...) NOT-FOR-US: WordPress plugin CVE-2023-5953 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-5952 (The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user ...) NOT-FOR-US: WordPress plugin CVE-2023-5951 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-5944 (Delta ElectronicsDOPSoft is vulnerable to a stack-based buffer overflo ...) NOT-FOR-US: Delta Electronics CVE-2023-5884 (The Word Balloon WordPress plugin before 4.20.3 does not protect some ...) NOT-FOR-US: WordPress plugin CVE-2023-5874 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5809 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5808 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...) NOT-FOR-US: Hitachi CVE-2023-5762 (The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Re ...) NOT-FOR-US: WordPress plugin CVE-2023-5210 (The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-5188 (The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is u ...) NOT-FOR-US: WagoAppRTU CVE-2023-5141 (The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-5137 (The Simply Excerpts WordPress plugin through 1.4 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin through 1.0.4 does not pr ...) NOT-FOR-US: WordPress plugin CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has a vu ...) NOT-FOR-US: WordPress plugin CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...) NOT-FOR-US: WordPress plugin CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation ...) NOT-FOR-US: Vite CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 ...) NOT-FOR-US: ecies CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...) NOT-FOR-US: Github action CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/J ...) NOT-FOR-US: lestrrat-go/jwx CVE-2023-49289 (Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP ...) NOT-FOR-US: Ajax.NET Professional CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS, Linux, ...) - fish 3.6.4-1 (bug #1057455) [bookworm] - fish 3.6.0-3.1+deb12u1 [bullseye] - fish (Minor issue) [buster] - fish (Minor issue) NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f NOTE: https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 (3.6.2) CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to request chang ...) NOT-FOR-US: XWiki CVE-2023-49080 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...) - jupyter-server (unimportant; bug #1057454) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r NOTE: https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652 (v2.11.2) NOTE: Path disclosure has no security impact as packaged in Debian CVE-2023-48698 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2023-48697 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2023-48696 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2023-48695 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2023-48694 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2023-48693 (Azure RTOS ThreadX is an advanced real-time operating system (RTOS) de ...) NOT-FOR-US: Azure RTOS CVE-2023-48692 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) NOT-FOR-US: Azure RTOS CVE-2023-48691 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) NOT-FOR-US: Azure RTOS CVE-2023-48316 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) NOT-FOR-US: Azure RTOS CVE-2023-48315 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) NOT-FOR-US: Azure RTOS CVE-2023-47633 (Traefik is an open source HTTP reverse proxy and load balancer. The tr ...) - traefik (bug #983289) CVE-2023-47304 (An issue was discovered in Vonage Box Telephone Adapter VDV23 version ...) NOT-FOR-US: Vonage Box Telephone Adapter VDV23 CVE-2023-47124 (Traefik is an open source HTTP reverse proxy and load balancer. When T ...) - traefik (bug #983289) CVE-2023-47106 (Traefik is an open source HTTP reverse proxy and load balancer. When a ...) - traefik (bug #983289) CVE-2023-45781 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2023-45779 (In the APEX module framework of AOSP, there is a possible malicious up ...) NOT-FOR-US: Android CVE-2023-45777 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...) NOT-FOR-US: Android CVE-2023-45776 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-45775 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-45774 (In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-45773 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-44295 (Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an imp ...) NOT-FOR-US: Dell CVE-2023-44288 (Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper c ...) NOT-FOR-US: Dell CVE-2023-43472 (An issue in MLFlow versions 2.8.1 and before allows a remote attacker ...) NOT-FOR-US: mlflow CVE-2023-42581 (Improper URL validation from InstantPlay deeplink in Galaxy Store prio ...) NOT-FOR-US: Samsung CVE-2023-42580 (Improper URL validation from MCSLaunch deeplink in Galaxy Store prior ...) NOT-FOR-US: Samsung CVE-2023-42579 (Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese ...) NOT-FOR-US: Samsung CVE-2023-42578 (Improper handling of insufficient permissions or privileges vulnerabil ...) NOT-FOR-US: Samsung CVE-2023-42577 (Improper Access Control in Samsung Voice Recorder prior to versions 21 ...) NOT-FOR-US: Samsung CVE-2023-42576 (Improper Authentication vulnerability in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2023-42575 (Improper Authentication vulnerability in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2023-42574 (Improper access control vulnerablility in GameHomeCN prior to version ...) NOT-FOR-US: Samsung CVE-2023-42573 (PendingIntent hijacking vulnerability in Search Widget prior to versio ...) NOT-FOR-US: Samsung CVE-2023-42572 (Implicit intent hijacking vulnerability in Samsung Account Web SDK pri ...) NOT-FOR-US: Samsung CVE-2023-42571 (Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 all ...) NOT-FOR-US: Samsung CVE-2023-42570 (Improper access control vulnerability in KnoxCustomManagerService prio ...) NOT-FOR-US: Samsung CVE-2023-42569 (Improper authorization verification vulnerability in AR Emoji prior to ...) NOT-FOR-US: Samsung CVE-2023-42568 (Improper access control vulnerability in SmartManagerCN prior to SMR D ...) NOT-FOR-US: Samsung CVE-2023-42567 (Improper size check vulnerability in softsimd prior to SMR Dec-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-42566 (Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-42565 (Improper input validation vulnerability in Smart Clip prior to SMR Dec ...) NOT-FOR-US: Samsung CVE-2023-42564 (Improper access control in knoxcustom service prior to SMR Dec-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-42563 (Integer overflow vulnerability in landmarkCopyImageToNative of libFace ...) NOT-FOR-US: Samsung CVE-2023-42562 (Integer overflow vulnerability in detectionFindFaceSupportMultiInstanc ...) NOT-FOR-US: Samsung CVE-2023-42561 (Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec- ...) NOT-FOR-US: Samsung CVE-2023-42560 (Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.s ...) NOT-FOR-US: Samsung CVE-2023-42559 (Improper exception management vulnerability in Knox Guard prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-42558 (Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 ...) NOT-FOR-US: Samsung CVE-2023-42557 (Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-42556 (Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-40465 (Several versions of ALEOS, including ALEOS 4.16.0, include an opensour ...) NOT-FOR-US: ALEOS CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded ...) NOT-FOR-US: ALEOS CVE-2023-40463 (When configured in debugging mode by an authenticated user with adm ...) NOT-FOR-US: ALEOS CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not perform ...) NOT-FOR-US: TinyXML use in ACEManager component of ALEOS (relates to CVE-2023-34194 in src:tinyxml) CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an authen ...) NOT-FOR-US: ALEOS CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not validat ...) NOT-FOR-US: ALEOS CVE-2023-40459 (The ACEManager component of ALEOS 4.16 and earlier does not adequately ...) NOT-FOR-US: ALEOS CVE-2023-40103 (In multiple locations, there is a possible way to corrupt memory due t ...) NOT-FOR-US: Android CVE-2023-40098 (In mOnDone of NotificationConversationInfo.java, there is a possible w ...) NOT-FOR-US: Android CVE-2023-40097 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...) NOT-FOR-US: Android CVE-2023-40096 (In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is ...) NOT-FOR-US: Android CVE-2023-40095 (In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, th ...) NOT-FOR-US: Android CVE-2023-40094 (In keyguardGoingAway of ActivityTaskManagerService.java, there is a po ...) NOT-FOR-US: Android CVE-2023-40092 (In verifyShortcutInfoPackage of ShortcutService.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-40091 (In onTransact of IncidentService.cpp, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-40090 (In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to by ...) NOT-FOR-US: Android CVE-2023-40089 (In getCredentialManagerPolicy of DevicePolicyManagerService.java, ther ...) NOT-FOR-US: Android CVE-2023-40088 (In callback_thread_event of com_android_bluetooth_btservice_AdapterSer ...) NOT-FOR-US: Android CVE-2023-40087 (In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2023-40084 (In run of MDnsSdListener.cpp, there is a possible memory corruption du ...) NOT-FOR-US: Android CVE-2023-40083 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2023-40082 (In modify_for_next_stage of fdt.rs, there is a possible way to render ...) NOT-FOR-US: Android CVE-2023-40081 (In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a p ...) NOT-FOR-US: Android CVE-2023-40080 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-40079 (In injectSendIntentSender of ShortcutService.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-40078 (In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder. ...) NOT-FOR-US: Android CVE-2023-40077 (In multiple functions of MetaDataBase.cpp, there is a possible UAF wri ...) NOT-FOR-US: Android CVE-2023-40076 (In createPendingIntent of CredentialManagerUi.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-40075 (In forceReplaceShortcutInner of ShortcutPackage.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-40074 (In saveToXml of PersistableBundle.java, invalid data could lead to loc ...) NOT-FOR-US: Android CVE-2023-40073 (In visitUris of Notification.java, there is a possible cross-user medi ...) NOT-FOR-US: Android CVE-2023-39248 (Dell OS10 Networking Switches running 10.5.2.x and above contain an Un ...) NOT-FOR-US: Dell CVE-2023-37572 (Softing OPC Suite version 5.25 and before has Incorrect Access Control ...) NOT-FOR-US: Softing OPC Suite CVE-2023-35690 (In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code ...) NOT-FOR-US: Android CVE-2023-35668 (In visitUris of Notification.java, there is a possible way to display ...) NOT-FOR-US: Android CVE-2023-33107 (Memory corruption in Graphics Linux while assigning shared virtual mem ...) NOT-FOR-US: Qualcomm CVE-2023-33106 (Memory corruption while submitting a large list of sync points in an A ...) NOT-FOR-US: Qualcomm CVE-2023-33098 (Transient DOS while parsing WPA IES, when it is passed with length mor ...) NOT-FOR-US: Qualcomm CVE-2023-33097 (Transient DOS in WLAN Firmware while processing a FTMR frame.) NOT-FOR-US: Qualcomm CVE-2023-33092 (Memory corruption while processing pin reply in Bluetooth, when pin co ...) NOT-FOR-US: Qualcomm CVE-2023-33089 (Transient DOS when processing a NULL buffer while parsing WLAN vdev.) NOT-FOR-US: Qualcomm CVE-2023-33088 (Memory corruption when processing cmd parameters while parsing vdev.) NOT-FOR-US: Qualcomm CVE-2023-33087 (Memory corruption in Core while processing RX intent request.) NOT-FOR-US: Qualcomm CVE-2023-33083 (Memory corruption in WLAN Host while processing RRM beacon on the AP.) NOT-FOR-US: Qualcomm CVE-2023-33082 (Memory corruption while sending an Assoc Request having BTM Query or B ...) NOT-FOR-US: Qualcomm CVE-2023-33081 (Transient DOS while converting TWT (Target Wake Time) frame parameters ...) NOT-FOR-US: Qualcomm CVE-2023-33080 (Transient DOS while parsing a vender specific IE (Information Element) ...) NOT-FOR-US: Qualcomm CVE-2023-33079 (Memory corruption in Audio while running invalid audio recording from ...) NOT-FOR-US: Qualcomm CVE-2023-33071 (Memory corruption in Automotive OS whenever untrusted apps try to acce ...) NOT-FOR-US: Qualcomm CVE-2023-33070 (Transient DOS in Automotive OS due to improper authentication to the s ...) NOT-FOR-US: Qualcomm CVE-2023-33063 (Memory corruption in DSP Services during a remote call from HLOS to DS ...) NOT-FOR-US: Qualcomm CVE-2023-33054 (Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS ...) NOT-FOR-US: Qualcomm CVE-2023-33053 (Memory corruption in Kernel while parsing metadata.) NOT-FOR-US: Qualcomm CVE-2023-33044 (Transient DOS in Data modem while handling TLB control messages from t ...) NOT-FOR-US: Qualcomm CVE-2023-33043 (Transient DOS in Modem when a Beam switch request is made with a non-c ...) NOT-FOR-US: Qualcomm CVE-2023-33042 (Transient DOS in Modem after RRC Setup message is received.) NOT-FOR-US: Qualcomm CVE-2023-33041 (Under certain scenarios the WLAN Firmware will reach an assertion due ...) NOT-FOR-US: Qualcomm CVE-2023-33024 (Memory corruption while sending SMS from AP firmware.) NOT-FOR-US: Qualcomm CVE-2023-33022 (Memory corruption in HLOS while invoking IOCTL calls from user-space.) NOT-FOR-US: Qualcomm CVE-2023-33018 (Memory corruption while using the UIM diag command to get the operator ...) NOT-FOR-US: Qualcomm CVE-2023-33017 (Memory corruption in Boot while running a ListVars test in UEFI Menu d ...) NOT-FOR-US: Qualcomm CVE-2023-4503 (An improper initialization vulnerability was found in Galleon. When us ...) NOT-FOR-US: Red Hat EAP-Galleon CVE-2023-6484 (A log injection flaw was found in Keycloak. A text string may be injec ...) NOT-FOR-US: Keycloak CVE-2023-6481 (A serialization vulnerability in logback receiver component part of l ...) - logback (Incomplte fix not applied) NOTE: https://logback.qos.ch/news.html#1.3.14 NOTE: https://logback.qos.ch/news.html#1.2.13 CVE-2023-6460 (A potential logging of the firestore key via logging within nodejs-fir ...) NOT-FOR-US: nodejs-firestore CVE-2023-5768 (A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU ...) NOT-FOR-US: Hitachi CVE-2023-5767 (A vulnerability exists in the webserver that affects the RTU500 serie ...) NOT-FOR-US: Hitachi CVE-2023-48967 (Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untru ...) NOT-FOR-US: Ssolon CVE-2023-48966 (An arbitrary file upload vulnerability in the component /admin/api.upl ...) NOT-FOR-US: ThinkAdmin CVE-2023-48965 (An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.5 ...) NOT-FOR-US: ThinkAdmin CVE-2023-48910 (Microcks up to 1.17.1 was discovered to contain a Server-Side Request ...) NOT-FOR-US: Microcks CVE-2023-48866 (A Cross-Site Scripting (XSS) vulnerability in the recipe preparation c ...) - grocy (bug #969056) CVE-2023-48863 (SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security ...) NOT-FOR-US: SEMCMS CVE-2023-48815 (kkFileView v4.3.0 is vulnerable to Incorrect Access Control.) NOT-FOR-US: kkFileView CVE-2023-48800 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...) NOT-FOR-US: TOTOLINK CVE-2023-48799 (TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Comma ...) NOT-FOR-US: TOTOLINK CVE-2023-44306 (Dell DM5500 contains a path traversal vulnerability in the appliance. ...) NOT-FOR-US: Dell CVE-2023-44305 (Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerabi ...) NOT-FOR-US: Dell CVE-2023-44304 (Dell DM5500 contains a privilege escalation vulnerability in the appli ...) NOT-FOR-US: Dell CVE-2023-44302 (Dell DM5500 5.14.0.0 and prior contain an improper authentication vuln ...) NOT-FOR-US: Dell CVE-2023-44301 (Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scriptin ...) NOT-FOR-US: Dell CVE-2023-44300 (Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerabil ...) NOT-FOR-US: Dell CVE-2023-44291 (Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in ...) NOT-FOR-US: Dell CVE-2023-41613 (EzViz Studio v2.2.0 is vulnerable to DLL hijacking.) NOT-FOR-US: EzViz Studio CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Dri ...) NOT-FOR-US: Arm CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-checks' to ...) - consul [bullseye] - consul (Minor issue) [buster] - consul (Minor issue) NOTE: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 NOTE: https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer overflows ...) - falcosecurity-libs 0.14.1-1 (bug #1059256) [bookworm] - falcosecurity-libs (Minor issue) - gemmi 0.6.4+ds-1 (bug #1059257) [bookworm] - gemmi (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1 NOTE: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf NOTE: https://github.com/cxong/tinydir/commit/8124807260735a837226fa151493536591f6715d (1.2.6) NOTE: https://github.com/hnsecurity/vulns/blob/main/HNS-2023-04-tinydir.txt NOTE: gemmi: https://github.com/project-gemmi/gemmi/issues/292 NOTE: gemmi: https://github.com/project-gemmi/gemmi/commit/e142eff1fec1475b62b2ab5e88d3a50b4d7450b5 (v0.6.4) NOTE: lwip embeds a copy of tinydir, but it's unused, see bug #1059259 CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0. ...) NOT-FOR-US: RakRak Document Plus CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerab ...) - jenkins-htmlunit-core-js - htmlunit NOTE: https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 NOTE: Fixed by: https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab (3.9.0) NOTE: Related: https://github.com/HtmlUnit/htmlunit/commit/641325bbc84702dc9800ec7037aec061ce21956b (3.0.0) CVE-2023-47701 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-46167 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-42751 (In gnss service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2023-42749 (In enginnermode service, there is a possible way to write permission u ...) NOT-FOR-US: Unisoc CVE-2023-42748 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42747 (In camera service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42746 (In power manager, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2023-42745 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42744 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42743 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42742 (In sysui, there is a possible missing permission check. This could lea ...) NOT-FOR-US: Unisoc CVE-2023-42741 (In telecom service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42740 (In telecom service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42739 (In engineermode service, there is a possible way to write permission u ...) NOT-FOR-US: Unisoc CVE-2023-42738 (In telocom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42737 (In telecom service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42736 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42735 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42734 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42733 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42732 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42731 (In Gnss service, there is a possible out of bounds read due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-42730 (In IMS service, there is a possible way to write permission usage reco ...) NOT-FOR-US: Unisoc CVE-2023-42729 (In ril service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-42728 (In phasecheckserver, there is a possible out of bounds read due to a m ...) NOT-FOR-US: Unisoc CVE-2023-42727 (In gpu driver, there is a possible out of bounds write due to a incorr ...) NOT-FOR-US: Unisoc CVE-2023-42726 (In TeleService, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-42725 (In gpu driver, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-42724 (In gpu driver, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-42723 (In camera service, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-42722 (In camera service, there is a possible use after free due to a logic e ...) NOT-FOR-US: Unisoc CVE-2023-42721 (In flv extractor, there is a possible missing verification incorrect i ...) NOT-FOR-US: Unisoc CVE-2023-42720 (In video service, there is a possible out of bounds read due to a miss ...) NOT-FOR-US: Unisoc CVE-2023-42719 (In video service, there is a possible out of bounds read due to a inco ...) NOT-FOR-US: Unisoc CVE-2023-42718 (In dialer, there is a possible way to write permission usage records o ...) NOT-FOR-US: Unisoc CVE-2023-42717 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42716 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42715 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-42714 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42713 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42712 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42711 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42710 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42709 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42708 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42707 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42706 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42705 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42704 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42703 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42702 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42701 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42700 (In firewall service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-42699 (In omacp service, there is a possible way to write permission usage re ...) NOT-FOR-US: Unisoc CVE-2023-42698 (In omacp service, there is a possible way to write permission usage re ...) NOT-FOR-US: Unisoc CVE-2023-42697 (In omacp service, there is a possible way to write permission usage re ...) NOT-FOR-US: Unisoc CVE-2023-42696 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42695 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42694 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42693 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42692 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42691 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42690 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42689 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42688 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42687 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42686 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42685 (In wifi service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42684 (In gsp driver, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-42683 (In gsp driver, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-42682 (In gsp driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-42681 (In ion service, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2023-42680 (In gpu driver, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-42679 (In gpu driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2023-42678 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42677 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42676 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42675 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42674 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42673 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42672 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-42671 (In imsservice, there is a possible way to write permission usage recor ...) NOT-FOR-US: Unisoc CVE-2023-40692 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-40687 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-38727 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-38003 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-32870 (In display drm, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-32869 (In display drm, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-32868 (In display drm, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-32867 (In display drm, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-32866 (In mmp, there is a possible memory corruption due to an incorrect boun ...) NOT-FOR-US: MediaTek CVE-2023-32865 (In display drm, there is a possible out of bounds write due to an inco ...) NOT-FOR-US: MediaTek CVE-2023-32864 (In display drm, there is a possible out of bounds write due to an inco ...) NOT-FOR-US: MediaTek CVE-2023-32863 (In display drm, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-32862 (In display, there is a possible out of bounds read due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2023-32861 (In display, there is a possible out of bounds read due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2023-32860 (In display, there is a possible classic buffer overflow due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-32859 (In meta, there is a possible classic buffer overflow due to a missing ...) NOT-FOR-US: MediaTek CVE-2023-32858 (In GZ, there is a possible information disclosure due to a missing dat ...) NOT-FOR-US: MediaTek CVE-2023-32857 (In display, there is a possible out of bounds read due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2023-32856 (In display, there is a possible out of bounds read due to an incorrect ...) NOT-FOR-US: MediaTek CVE-2023-32855 (In aee, there is a possible escalation of privilege due to a missing p ...) NOT-FOR-US: MediaTek CVE-2023-32854 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-32853 (In rpmb, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-32852 (In cameraisp, there is a possible information disclosure due to improp ...) NOT-FOR-US: MediaTek CVE-2023-32851 (In decoder, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediaTek CVE-2023-32850 (In decoder, there is a possible out of bounds write due to an integer ...) NOT-FOR-US: MediaTek CVE-2023-32849 (In cmdq, there is a possible out of bounds write due to type confusion ...) NOT-FOR-US: MediaTek CVE-2023-32848 (In vdec, there is a possible out of bounds write due to type confusion ...) NOT-FOR-US: MediaTek CVE-2023-32847 (In audio, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-32846 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-32845 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-32844 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-32843 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-32842 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-32841 (In 5G Modem, there is a possible system crash due to improper error ha ...) NOT-FOR-US: MediaTek CVE-2023-49948 (Forgejo before 1.20.5-1 allows remote attackers to test for the existe ...) NOT-FOR-US: Forgejo CVE-2023-49947 (Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic ...) NOT-FOR-US: Forgejo CVE-2023-49946 (In Forgejo before 1.20.5-1, certain endpoints do not check whether an ...) NOT-FOR-US: Forgejo CVE-2023-45178 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2022-4957 (A vulnerability was found in librespeed speedtest up to 5.2.4. It has ...) - librespeed-speedtest (bug #970554) CVE-2020-36768 (A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It ...) NOT-FOR-US: rl-institut NESP2 CVE-2018-25094 (A vulnerability was found in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0 ...) NOT-FOR-US: some PHP Online Accounting System CVE-2023-6474 (A vulnerability has been found in PHPGurukul Nipah Virus Testing Manag ...) NOT-FOR-US: PHPGurukul CVE-2023-6473 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online Quiz System CVE-2023-49926 (app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS ...) NOT-FOR-US: MISP CVE-2023-47100 (In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write t ...) NOTE: Duplicate of CVE-2023-47038 (MITRE CNA contacted) CVE-2023-6472 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: PHPEMS CVE-2023-6467 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6466 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-6465 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) NOT-FOR-US: PHPGurukul CVE-2023-6464 (A vulnerability was found in SourceCodester User Registration and Logi ...) NOT-FOR-US: SourceCodester User Registration and Login System CVE-2023-6463 (A vulnerability has been found in SourceCodester User Registration and ...) NOT-FOR-US: SourceCodester User Registration and Login System CVE-2023-6462 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester User Registration and Login System CVE-2023-49914 (InteraXon Muse 2 devices allow remote attackers to cause a denial of s ...) NOT-FOR-US: InteraXon Muse 2 devices CVE-2023-49281 (Calendarinho is an open source calendaring application to manage large ...) NOT-FOR-US: Calendarinho CVE-2023-49277 (dpaste is an open source pastebin application written in Python using ...) NOT-FOR-US: dpaste, different from src:dpaste CVE-2023-49276 (Uptime Kuma is an open source self-hosted monitoring tool. In affected ...) NOT-FOR-US: Uptime Kuma CVE-2023-48887 (A deserialization vulnerability in Jupiter v1.3.1 allows attackers to ...) NOT-FOR-US: Jupiter CVE-2023-48886 (A deserialization vulnerability in NettyRpc v1.2 allows attackers to e ...) NOT-FOR-US: NettyRpc CVE-2023-48801 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...) NOT-FOR-US: TOTOLINK CVE-2023-48314 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2023-46746 (PostHog provides open-source product analytics, session recording, fea ...) NOT-FOR-US: PostHog CVE-2023-46174 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-44402 (Electron is an open source framework for writing cross-platform deskto ...) - electron (bug #842420) CVE-2023-44382 (October is a Content Management System (CMS) and web platform to assis ...) NOT-FOR-US: October CMS CVE-2023-44381 (October is a Content Management System (CMS) and web platform to assis ...) NOT-FOR-US: October CMS CVE-2023-43021 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2023-42022 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-42019 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2023-42009 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-40699 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2023-39257 (Dell Rugged Control Center, version prior to 4.7, contains an Improper ...) NOT-FOR-US: Dell CVE-2023-39256 (Dell Rugged Control Center, version prior to 4.7, contains an improper ...) NOT-FOR-US: Dell CVE-2023-6461 (Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/m ...) NOT-FOR-US: minipaint CVE-2023-6449 (The Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...) NOT-FOR-US: WordPress plugin CVE-2023-5637 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...) NOT-FOR-US: ArslanSoft Education Portal CVE-2023-5636 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...) NOT-FOR-US: ArslanSoft Education Portal CVE-2023-5635 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: ArslanSoft Education Portal CVE-2023-5634 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: ArslanSoft Education Portal CVE-2023-5427 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE messages ...) NOT-FOR-US: Hitachi CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: RuoYi CVE-2023-48893 (SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows adm ...) NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) NOT-FOR-US: D-Link CVE-2023-48813 (Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerab ...) NOT-FOR-US: Senayan Library Management Systems (Slims) 9 Bulian CVE-2023-45168 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2023-43015 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-42006 (IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could a ...) NOT-FOR-US: IBM CVE-2023-38268 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) NOT-FOR-US: IBM CVE-2023-6396 - gitlab (Specific to EE) CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) NOT-FOR-US: PHPGurukul CVE-2023-6440 (A vulnerability was found in SourceCodester Book Borrower System 1.0 a ...) NOT-FOR-US: SourceCodester CVE-2023-6033 (Improper neutralization of input in Jira integration configuration in ...) - gitlab 16.4.4+ds2-2 CVE-2023-5995 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-5915 (A vulnerability of Uncontrolled Resource Consumption has been identifi ...) NOT-FOR-US: Yokogawa Electric Corporation STARDOM CVE-2023-5909 (KEPServerEX does not properly validate certificates from clients which ...) NOT-FOR-US: KEPServerEX CVE-2023-5908 (KEPServerEX is vulnerable to a buffer overflow which may allow an atta ...) NOT-FOR-US: KEPServerEX CVE-2023-5226 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 16.4.4+ds2-2 CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-4317 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-49735 (** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleRes ...) - tiles (unimportant; bug #1057315) NOTE: https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p NOTE: Negligible security impact as packaged in Debian CVE-2023-48894 (Incorrect Access Control vulnerability in jshERP V3.3 allows attackers ...) NOT-FOR-US: jshERP CVE-2023-48016 (Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in ...) NOT-FOR-US: Restaurant Table Booking System CVE-2023-47454 (An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 fo ...) NOT-FOR-US: NetEase CloudMusic CVE-2023-47453 (An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 a ...) NOT-FOR-US: Sohu Video Player CVE-2023-47452 (An Untrusted search path vulnerability in notepad++ 6.5 allows local u ...) NOT-FOR-US: notepad++ CVE-2023-47307 (Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Techno ...) NOT-FOR-US: Shenzhen Libituo CVE-2023-47279 (In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability ...) NOT-FOR-US: Delta Electronics CVE-2023-47207 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) NOT-FOR-US: Delta Electronics CVE-2023-46956 (SQL injection vulnerability in Packers and Movers Management System v. ...) NOT-FOR-US: Packers and Movers Management System CVE-2023-46690 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) NOT-FOR-US: Delta Electronics CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware ...) NOT-FOR-US: LOYTEC CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerab ...) NOT-FOR-US: LOYTEC CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware ...) NOT-FOR-US: LOYTEC CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware ...) NOT-FOR-US: LOYTEC CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...) NOT-FOR-US: LOYTEC CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...) NOT-FOR-US: LOYTEC CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authe ...) NOT-FOR-US: LOYTEC CVE-2023-46326 (ZStack Cloud version 3.10.38 and before allows unauthenticated API acc ...) NOT-FOR-US: ZStack Cloud CVE-2023-45253 (An issue was discovered in Huddly HuddlyCameraService before version 8 ...) NOT-FOR-US: Huddly HuddlyCameraService CVE-2023-45252 (DLL Hijacking vulnerability in Huddly HuddlyCameraService before versi ...) NOT-FOR-US: Huddly HuddlyCameraService CVE-2023-43455 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) NOT-FOR-US: TOTOLINK CVE-2023-43454 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) NOT-FOR-US: TOTOLINK CVE-2023-43453 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) NOT-FOR-US: TOTOLINK CVE-2023-43089 (Dell Rugged Control Center, version prior to 4.7, contains insufficien ...) NOT-FOR-US: Dell CVE-2023-42917 (A memory corruption vulnerability was addressed with improved locking. ...) {DSA-5575-1} - webkit2gtk 2.42.3-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.3-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0011.html CVE-2023-42916 (An out-of-bounds read was addressed with improved input validation. Th ...) {DSA-5575-1} - webkit2gtk 2.42.3-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.3-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0011.html CVE-2023-3964 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3949 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3443 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-39226 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) NOT-FOR-US: Delta Electronics CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao PMS 18.8 ...) NOT-FOR-US: ZenTao PMS CVE-2023-6438 (A vulnerability classified as problematic has been found in Thecosy Ic ...) NOT-FOR-US: IceCMS CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6434 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6433 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6432 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6431 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6430 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6429 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6428 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6427 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6426 (A vulnerability has been discovered in BigProf Online Invoicing System ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2023-6425 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) NOT-FOR-US: BigProf Online Clinic Management System CVE-2023-6424 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) NOT-FOR-US: BigProf Online Clinic Management System CVE-2023-6423 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) NOT-FOR-US: BigProf Online Clinic Management System CVE-2023-6422 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) NOT-FOR-US: BigProf Online Clinic Management System CVE-2023-6420 (A vulnerability has been reported in Voovi Social Networking Script ve ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6419 (A vulnerability has been reported in Voovi Social Networking Script ve ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6418 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6417 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6416 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6415 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6414 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6413 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6412 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6411 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6410 (A vulnerability has been reported in Voovi Social Networking Script th ...) NOT-FOR-US: Voovi Social Networking Script CVE-2023-6402 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul CVE-2023-6401 (A vulnerability classified as problematic was found in NotePad++ up to ...) NOT-FOR-US: NotePad++ CVE-2023-6376 (Henschen & Associates court document management software does not suff ...) NOT-FOR-US: Henschen & Associates court document management software CVE-2023-6375 (Tyler Technologies Court Case Management Plus may store backups in a l ...) NOT-FOR-US: Tyler Technologies Court Case Management Plus CVE-2023-6360 (The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an ...) NOT-FOR-US: WordPress Plugin CVE-2023-6354 (Tyler Technologies Magistrate Court Case Management Plus allows an una ...) NOT-FOR-US: Tyler Technologies Magistrate Court Case Management Plus CVE-2023-6353 (Tyler Technologies Civil and Criminal Electronic Filing allows an unau ...) NOT-FOR-US: Tyler Technologies Civil and Criminal Electronic Filing CVE-2023-6352 (The default configuration of Aquaforest TIFF Server allows access to a ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2023-6344 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...) NOT-FOR-US: Tyler Technologies Court Case Management Plus CVE-2023-6343 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...) NOT-FOR-US: Tyler Technologies Court Case Management Plus CVE-2023-6342 (Tyler Technologies Court Case Management Plus allows a remote attacker ...) NOT-FOR-US: Tyler Technologies Court Case Management Plus CVE-2023-6341 (Catalis (previously Icon Software) CMS360 allows a remote, unauthentic ...) NOT-FOR-US: Catalis (previously Icon Software) CMS360 CVE-2023-6137 (Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post ...) NOT-FOR-US: finnj Frontier Post CVE-2023-6136 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Bowo Debug Log Manager CVE-2023-6071 (An Improper Neutralization of Special Elements used in a command vulne ...) NOT-FOR-US: Trellix CVE-2023-6027 (A critical flaw has been identified in elijaa/phpmemcachedadmin affect ...) - phpmemcachedadmin (bug #776613) CVE-2023-6026 (A Path traversal vulnerability has been reported in elijaa/phpmemcache ...) - phpmemcachedadmin (bug #776613) CVE-2023-5966 (An authenticated privileged attacker could upload a specially crafted ...) NOT-FOR-US: EspoCRM CVE-2023-5965 (An authenticated privileged attacker could upload a specially crafted ...) NOT-FOR-US: EspoCRM CVE-2023-5803 (Cross-Site Request Forgery (CSRF) vulnerability in Business Directory ...) NOT-FOR-US: WordPress plugin CVE-2023-4770 (An uncontrolled search path element vulnerability has been found on 4D ...) NOT-FOR-US: 4D.exe and 4D Server.exe CVE-2023-48964 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/W ...) NOT-FOR-US: Tenda CVE-2023-48963 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/w ...) NOT-FOR-US: Tenda CVE-2023-48914 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-48913 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-48912 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-48812 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48811 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48810 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48808 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48807 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48806 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48805 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48804 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48803 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48802 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) NOT-FOR-US: TOTOLINK CVE-2023-48754 (Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Po ...) NOT-FOR-US: WordPress plugin CVE-2023-48752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48744 (Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master ...) NOT-FOR-US: WordPress plugin CVE-2023-48743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48742 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-48737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48336 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48334 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table ...) NOT-FOR-US: WordPress plugin CVE-2023-48333 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-48331 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyB ...) NOT-FOR-US: WordPress plugin CVE-2023-48330 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Co ...) NOT-FOR-US: WordPress plugin CVE-2023-48329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...) NOT-FOR-US: WordPress plugin CVE-2023-48326 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48323 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...) NOT-FOR-US: WordPress plugin CVE-2023-48322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48321 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48317 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-48284 (Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator ...) NOT-FOR-US: WordPress plugin CVE-2023-48283 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) NOT-FOR-US: WordPress plugin CVE-2023-48282 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Tax ...) NOT-FOR-US: WordPress plugin CVE-2023-48281 (Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broke ...) NOT-FOR-US: WordPress plugin CVE-2023-48279 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutio ...) NOT-FOR-US: WordPress plugin CVE-2023-48278 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP For ...) NOT-FOR-US: WordPress plugin CVE-2023-48272 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47876 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47875 (Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows ...) NOT-FOR-US: WordPress plugin CVE-2023-47872 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47870 (Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-47854 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47850 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47844 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47827 (Incorrect Authorization vulnerability in NicheAddons Events Addon for ...) NOT-FOR-US: WordPress plugin CVE-2023-47777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47645 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic R ...) NOT-FOR-US: WordPress plugin CVE-2023-47521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-46820 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-46086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-45834 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-45609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-45066 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-45050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-44150 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-44143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-41735 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-41136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-41128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-41127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-40680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-40674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-40662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-40600 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-40211 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-39921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-38474 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-38400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-37972 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-37890 (Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-37868 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-37867 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Yet ...) NOT-FOR-US: WordPress plugin CVE-2023-36685 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...) NOT-FOR-US: WordPress plugin CVE-2023-36682 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...) NOT-FOR-US: WordPress plugin CVE-2023-36523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-36507 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-34390 (An input validation vulnerability in the Schweitzer Engineering Labora ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-34389 (An allocation of resources without limits or throttling vulnerability ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-34388 (AnImproper Authentication vulnerability in the Schweitzer Engineering ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-34030 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-34018 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-33333 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-32291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-49620 (Before DolphinScheduler version 3.1.0, the login user could delete UDF ...) NOT-FOR-US: Apache DolphinScheduler CVE-2023-49733 (Improper Restriction of XML External Entity Reference vulnerability in ...) NOT-FOR-US: Apache Cocoon CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control of File ...) NOT-FOR-US: Mitsubishi CVE-2023-4474 (The improper neutralization of special elements in the WSGI server of ...) NOT-FOR-US: Zyxel CVE-2023-4473 (A command injection vulnerability in the web server of the Zyxel NAS32 ...) NOT-FOR-US: Zyxel CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init) NOT-FOR-US: USIMPhase2init CVE-2023-49700 (Security best practices violations, a string operation in Streamingmed ...) NOT-FOR-US: ASR Falcon CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia Interface) NOT-FOR-US: ASR Falcon CVE-2023-49694 (A low-privileged OS user with access to a Windows host where NETGEAR P ...) NOT-FOR-US: NETGEAR CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol ...) NOT-FOR-US: NETGEAR CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the notific ...) NOT-FOR-US: ZITADEL CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of Activit ...) NOT-FOR-US: nexkey CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces and min ...) NOT-FOR-US: Symbolicator CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...) NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security) CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp 3.9.1-1 (bug #1057164) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue, limited request smuggling) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx NOTE: https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc (master) NOTE: https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a (v3.9.0b1) CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp 3.9.1-1 (bug #1057163) [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue, limited request smuggling) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2 NOTE: https://github.com/aio-libs/aiohttp/pull/7835 NOTE: https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b (master) NOTE: https://github.com/aio-libs/aiohttp/commit/53476dfd4ef4fb1bb74a267714bbc39eda71b403 (v3.9.0rc0) CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite based on d ...) NOT-FOR-US: Mailcow CVE-2023-49076 (Customer-data-framework allows management of customer data within Pimc ...) NOT-FOR-US: Pimcore CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a remote attack ...) NOT-FOR-US: microweber CVE-2023-48952 (An issue in the box_deserialize_reusing function in openlink virtuoso- ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1175 CVE-2023-48951 (An issue in the box_equal function in openlink virtuoso-opensource v7. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1177 NOTE: https://github.com/openlink/virtuoso-opensource/commit/fe7d70667a1f0e7d0f6787754a0b766e24537444 (v7.2.12) CVE-2023-48950 (An issue in the box_col_len function in openlink virtuoso-opensource v ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1174 NOTE: https://github.com/openlink/virtuoso-opensource/commit/696600b5634290e7a5d02bf14f39fbce4a592663 (v7.2.12) CVE-2023-48949 (An issue in the box_add function in openlink virtuoso-opensource v7.2. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1173 CVE-2023-48948 (An issue in the box_div function in openlink virtuoso-opensource v7.2. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1176 CVE-2023-48947 (An issue in the cha_cmp function of openlink virtuoso-opensource v7.2. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1179 NOTE: https://github.com/openlink/virtuoso-opensource/commit/36e7592269366e8f0e3637e5ddb828ed5363ccbe (v7.2.12) CVE-2023-48946 (An issue in the box_mpy function of openlink virtuoso-opensource v7.2. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1178 NOTE: https://github.com/openlink/virtuoso-opensource/commit/36e7592269366e8f0e3637e5ddb828ed5363ccbe (v7.2.12) CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 allows attack ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1059062) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1172 NOTE: https://github.com/openlink/virtuoso-opensource/commit/a7de776fdf7518d74522168f1c0960241f18e110 (v7.2.12) CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...) NOT-FOR-US: GL.iNet AX1800 CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...) NOT-FOR-US: GL.iNet AX1800 CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...) NOT-FOR-US: p2pa CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) NOT-FOR-US: ALEOS (ALEOS specific fixing of CVE-2021-42260/TinyXML issue with unique CVE id as ALEOS does not contain full TinyXML code) CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...) NOT-FOR-US: NEC CVE-2023-37928 (A post-authentication command injection vulnerability in the WSGI serv ...) NOT-FOR-US: Zyxel CVE-2023-37927 (The improper neutralization of special elements in the CGI program of ...) NOT-FOR-US: Zyxel CVE-2023-35138 (A command injection vulnerability in the \u201cshow_zysync_server_cont ...) NOT-FOR-US: Zyxel CVE-2023-35137 (An improper authentication vulnerability in the authentication module ...) NOT-FOR-US: Zyxel CVE-2023-6378 (A serialization vulnerability in logback receiver component part of l ...) - logback 1:1.2.11-5 (bug #1057423) [bookworm] - logback (Minor issue) [bullseye] - logback (Minor issue) [buster] - logback (Minor issue, DoS) NOTE: https://logback.qos.ch/news.html#1.3.12 NOTE: Fixed by: https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731 (v_1.3.12) NOTE: Fixed by: https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3 (v_1.2.13) NOTE: Only exploitable if logback receiver component is deployed: NOTE: https://logback.qos.ch/manual/receivers.html NOTE: When fixing the issue make sure to to not introduce CVE-2023-6481 which is NOTE: assigned for an incomplete fix for CVE-2023-6378. CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-6070 (A server-side request forgery vulnerability in ESM prior to version 11 ...) NOT-FOR-US: Trellix CVE-2023-49091 (Cosmos provides users the ability self-host a home server by acting as ...) NOT-FOR-US: Cosmos CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) - ruby-carrierwave (bug #1068150) NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5 (v2.2.5) NOTE: Fixed by: https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3 (v3.0.5) NOTE: Fixing this issue incompletely opens up CVE-2024-29034 and so apply complete set NOTE: of fixes. CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives ...) - python-cryptography (bug #1057108) [bookworm] - python-cryptography (Minor issue) [bullseye] - python-cryptography (Minor issue) [buster] - python-cryptography (Vulnerable code introduced later) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 NOTE: https://github.com/pyca/cryptography/pull/9926 NOTE: https://github.com/pyca/cryptography/commit/1e7b4d074e14c4e694d3ce69ad6754a6039fd6ff (main) NOTE: https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a (41.0.6) CVE-2023-49079 (Misskey is an open source, decentralized social media platform. Misske ...) NOT-FOR-US: Misskey CVE-2023-48882 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) NOT-FOR-US: EyouCMS CVE-2023-48881 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) NOT-FOR-US: EyouCMS CVE-2023-48880 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) NOT-FOR-US: EyouCMS CVE-2023-44383 (October is a Content Management System (CMS) and web platform to assis ...) NOT-FOR-US: October CMS CVE-2023-40626 (The language file parsing process could be manipulated to expose envir ...) NOT-FOR-US: Joomla! CVE-2023-49674 (A missing permission check in Jenkins NeuVector Vulnerability Scanner ...) NOT-FOR-US: Jenkins plugin CVE-2023-49673 (A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector ...) NOT-FOR-US: Jenkins plugin CVE-2023-49656 (Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2023-49655 (A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Pl ...) NOT-FOR-US: Jenkins plugin CVE-2023-49654 (Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-49653 (Jenkins Jira Plugin 3.11 and earlier does not set the appropriate cont ...) NOT-FOR-US: Jenkins plugin CVE-2023-49652 (Incorrect permission checks in Jenkins Google Compute Engine Plugin 4. ...) NOT-FOR-US: Jenkins plugin CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a ...) - rust-rsa (bug #1057096) NOTE: https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr NOTE: https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0071.html NOTE: https://people.redhat.com/~hkario/marvin/ CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows ...) NOT-FOR-US: JumpServer CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and befor ...) NOT-FOR-US: GL.iNet AX1800 CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an attacker to ex ...) NOT-FOR-US: GitKraken GitLens CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management office ...) NOT-FOR-US: Dreamer CMS CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. ...) NOT-FOR-US: Dreamer CMS CVE-2023-45484 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-45483 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-45482 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-45481 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) NOT-FOR-US: Tenda CVE-2023-6351 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6350 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowe ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 al ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allo ...) {DSA-5569-1} - chromium 119.0.6045.199-1 [buster] - chromium (see DSA 5046) CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LM ...) NOT-FOR-US: Alumne LMS CVE-2023-6239 (Under rare conditions, the effective permissions of an object might be ...) NOT-FOR-US: M-Files CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Univera Computer System Panorama CVE-2023-6151 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...) NOT-FOR-US: ESKOM Computer e-municipality module CVE-2023-6150 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...) NOT-FOR-US: ESKOM Computer e-municipality module CVE-2023-49314 (Asana Desktop 2.1.0 on macOS allows code injection because of specific ...) NOT-FOR-US: Asana Desktop CVE-2023-49313 (A dylib injection vulnerability in XMachOViewer 0.04 allows attackers ...) NOT-FOR-US: XMachOViewer CVE-2023-49078 (raptor-web is a CMS for game server communities that can be used to ho ...) NOT-FOR-US: raptor-web CMS CVE-2023-49062 (Katran could disclose non-initialized kernel memory as part of an IP h ...) NOT-FOR-US: Katran CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a remote ...) NOT-FOR-US: ureport CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...) NOT-FOR-US: Direct Connection Module in Ezviz CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...) NOT-FOR-US: Amazzing Filter for Prestashop CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...) {DSA-5590-1 DLA-3688-1} - haproxy 2.6.15-1 NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3) NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=832b672eee54866c7a42a1d46078cc9ae0d544d9 (v2.6.15) NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=178cea76b1c9d9413afa6961b6a4576fcb5b26fa (v2.2.31) CVE-2023-45286 (A race condition in go-resty can result in HTTP request body disclosur ...) - golang-github-go-resty-resty (bug #1057226) [bookworm] - golang-github-go-resty-resty (Minor issue) [bullseye] - golang-github-go-resty-resty (Minor issue) NOTE: https://github.com/go-resty/resty/issues/743 NOTE: https://github.com/go-resty/resty/issues/739 NOTE: https://github.com/go-resty/resty/pull/745 CVE-2023-42505 (An authenticated user with read permissions on database connections me ...) NOT-FOR-US: Apache Superset CVE-2023-42504 (An authenticated malicious user could initiate multiple concurrent req ...) NOT-FOR-US: Apache Superset CVE-2023-42502 (An authenticated attacker with update datasets permission could change ...) NOT-FOR-US: Apache Superset CVE-2023-42004 (IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable t ...) NOT-FOR-US: IBM CVE-2023-41264 (Netwrix Usercube before 6.0.215, in certain misconfigured on-premises ...) NOT-FOR-US: Netwrix Usercube CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWinds Pl ...) NOT-FOR-US: SolarWinds CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, ...) NOT-FOR-US: Spring Boot CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...) {DSA-5667-1 DSA-5665-1 DLA-3707-1} - tomcat10 10.1.16-1 (bug #1057082) - tomcat9 9.0.70-2 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2023/11/28/2 NOTE: https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08 (10.1.16) NOTE: https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd (9.0.83) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-0070 REJECTED CVE-2024-0069 REJECTED CVE-2023-6226 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6225 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-6219 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) NOT-FOR-US: WordPress plugin CVE-2023-5960 (An improper privilege management vulnerability in the hotspot feature ...) NOT-FOR-US: Zyxel CVE-2023-5885 (The discontinued FFS Colibri product allows a remote user to access fi ...) NOT-FOR-US: FFS Colibri CVE-2023-5797 (An improper privilege management vulnerability in the debug CLI comman ...) NOT-FOR-US: Zyxel CVE-2023-5773 REJECTED CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of the Zyxe ...) NOT-FOR-US: Zyxel CVE-2023-4667 (The web interface of the PAC Device allows the device administrator us ...) NOT-FOR-US: SIGMA CVE-2023-4398 (An integer overflow vulnerability in the source code of the QuickSec I ...) NOT-FOR-US: Zyxel CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) NOT-FOR-US: Zyxel CVE-2023-4226 (Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo ...) NOT-FOR-US: Chamilo LMS CVE-2023-4225 (Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Cham ...) NOT-FOR-US: Chamilo LMS CVE-2023-4224 (Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chami ...) NOT-FOR-US: Chamilo LMS CVE-2023-4223 (Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Cham ...) NOT-FOR-US: Chamilo LMS CVE-2023-4222 (Command injection in `main/lp/openoffice_text_document.class.php` in C ...) NOT-FOR-US: Chamilo LMS CVE-2023-4221 (Command injection in `main/lp/openoffice_presentation.class.php` in Ch ...) NOT-FOR-US: Chamilo LMS CVE-2023-4220 (Unrestricted file upload in big file upload functionality in `/main/in ...) NOT-FOR-US: Chamilo LMS CVE-2023-49145 (Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Process ...) NOT-FOR-US: Apache NiFi CVE-2023-49075 (The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBund ...) NOT-FOR-US: Admin Classic Bundle for Pimcore CVE-2023-49044 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) NOT-FOR-US: Tenda CVE-2023-49030 (SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows ...) NOT-FOR-US: in32ns KLive CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and serving ...) NOT-FOR-US: Knative CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4 ...) NOT-FOR-US: PrestaShop opartdevis CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker ...) NOT-FOR-US: Acer CVE-2023-48023 (Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor' ...) NOT-FOR-US: Anyscale Ray CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbit ...) NOT-FOR-US: Anyscale Ray CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to exec ...) NOT-FOR-US: jflyfox jfinalCMS CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing an authen ...) NOT-FOR-US: Pachno CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitr ...) NOT-FOR-US: Owncast CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for P ...) NOT-FOR-US: PrestaShop module CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...) NOT-FOR-US: PrestaShop module CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...) - busybox (bug #1059053) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874 CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...) - busybox (bug #1059052) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871 CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...) - busybox (bug #1059051) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868 CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf function in ...) - busybox (bug #1059050) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865 CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo ...) NOT-FOR-US: Chamilo LMS CVE-2023-3533 (Path traversal in file upload functionality in `/main/webservices/addi ...) NOT-FOR-US: Chamilo LMS CVE-2023-3368 (Command injection in `/main/webservices/additional_webservices.php` in ...) NOT-FOR-US: Chamilo LMS CVE-2023-37926 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) NOT-FOR-US: Zyxel CVE-2023-37925 (An improper privilege management vulnerability in the debug CLI comman ...) NOT-FOR-US: Zyxel CVE-2023-35139 (A cross-site scripting (XSS) vulnerability in the CGI program of the Z ...) NOT-FOR-US: Zyxel CVE-2023-35136 (An improper input validation vulnerability in the \u201cQuagga\u201d p ...) NOT-FOR-US: Zyxel CVE-2023-34054 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...) NOT-FOR-US: Reactor Netty HTTP Server CVE-2023-34053 (In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...) - libspring-java (Only affects 6.x) CVE-2023-32065 (OroCommerce is an open-source Business to Business Commerce applicatio ...) NOT-FOR-US: OroCommerce CVE-2023-32064 (OroCommerce package with customer portal and non authenticated visitor ...) NOT-FOR-US: OroCommerce CVE-2023-32063 (OroCalendarBundle enables a Calendar feature and related functionality ...) NOT-FOR-US: OroCalendarBundle CVE-2023-32062 (OroPlatform is a package that assists system and user calendar managem ...) NOT-FOR-US: OroPlatform CVE-2023-6329 (An authentication bypass vulnerability exists in Control iD iDSecure v ...) NOT-FOR-US: Control iD iDSecure CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...) - check-mk CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface allows th ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-6202 (Mattermost fails to perform proper authorization in the /plugins/focal ...) - mattermost-server (bug #823556) CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to server ...) NOT-FOR-US: WordPress plugin CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape ema ...) NOT-FOR-US: WordPress plugin CVE-2023-5942 (The Medialist WordPress plugin before 1.4.1 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5906 (The Job Manager & Career WordPress plugin before 1.4.4 contains a vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-5845 (The Simple Social Media Share Buttons WordPress plugin before 5.1.1 le ...) NOT-FOR-US: WordPress plugin CVE-2023-5738 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-5737 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-5653 (The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does not pre ...) NOT-FOR-US: WordPress plugin CVE-2023-5616 [gnome-control-center incorrectly claims remote login is off] - gnome-control-center (bug #1058624) [bookworm] - gnome-control-center (Minor issue) [bullseye] - gnome-control-center (Minor issue) [buster] - gnome-control-center (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 NOTE: https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092 NOTE: TODO: check, potentially same incorrect checking of service and socket status in budgie-control-center CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32 does not h ...) NOT-FOR-US: WordPress plugin CVE-2023-5607 (An improper limitation of a path name to a restricted directory (path ...) NOT-FOR-US: Trellix CVE-2023-5604 (The Asgaros Forum WordPress plugin before 2.7.1 allows forum administr ...) NOT-FOR-US: WordPress plugin CVE-2023-5560 (The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-5559 (The 10Web Booster WordPress plugin before 2.24.18 does not validate th ...) NOT-FOR-US: WordPress plugin CVE-2023-5525 (The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is m ...) NOT-FOR-US: WordPress plugin CVE-2023-5325 (The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-5239 (The Security & Malware scan by CleanTalk WordPress plugin before 2.121 ...) NOT-FOR-US: WordPress plugin CVE-2023-5209 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-4931 (Uncontrolled search path element vulnerability in Plesk Installer affe ...) NOT-FOR-US: Plesk Installer CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to a loca ...) NOT-FOR-US: WordPress plugin CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not implement a ...) NOT-FOR-US: WordPress plugin CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting version 1 ...) NOT-FOR-US: Frhed CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price of a ...) NOT-FOR-US: WordPress plugin CVE-2023-49316 (In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...) - php-phpseclib3 3.0.34-1 (bug #1057008) [bookworm] - php-phpseclib3 3.0.19-1+deb12u1 NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f (3.0.34) TODO: check if affecting ldap-account-manager or unused path CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parame ...) NOT-FOR-US: Tenda CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) NOT-FOR-US: Tenda CVE-2023-49043 (Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remot ...) NOT-FOR-US: Tenda CVE-2023-49042 (Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) NOT-FOR-US: Tenda CVE-2023-49040 (An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute ...) NOT-FOR-US: Tenda CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) NOT-FOR-US: smpn1smg absis CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) NOT-FOR-US: smpn1smg absis CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing an atta ...) - mattermost-server (bug #823556) CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from compressed ...) - mattermost-server (bug #823556) CVE-2023-47865 (Mattermost fails to check if hardened mode is enabled when overriding ...) - mattermost-server (bug #823556) CVE-2023-47168 (Mattermost fails to properly check a redirect URL parameter allowing f ...) - mattermost-server (bug #823556) CVE-2023-45223 (Mattermost fails to properly validate the "Show Full Name" option in a ...) - mattermost-server (bug #823556) CVE-2023-43754 (Mattermost fails to check whether the \u201cAllow users to view archiv ...) - mattermost-server (bug #823556) CVE-2023-42000 (Arcserve UDP prior to 9.2 contains a path traversal vulnerability in c ...) NOT-FOR-US: Arcserve CVE-2023-41999 (An authentication bypass exists in Arcserve UDP prior to version 9.2. ...) NOT-FOR-US: Arcserve CVE-2023-41998 (Arcserve UDP prior to 9.2 contained a vulnerability in thecom.ca.arcfl ...) NOT-FOR-US: Arcserve CVE-2023-41257 (A type confusion vulnerability exists in the way Foxit Reader 12.1.2.1 ...) NOT-FOR-US: Foxit Reader CVE-2023-40703 (Mattermost fails to properly limit the characters allowed in different ...) - mattermost-server (bug #823556) CVE-2023-40194 (An arbitrary file creation vulnerability exists in the Javascript expo ...) NOT-FOR-US: Foxit Reader CVE-2023-39542 (A code execution vulnerability exists in the Javascript saveAs API of ...) NOT-FOR-US: Foxit Reader CVE-2023-38573 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) NOT-FOR-US: Foxit Reader CVE-2023-35985 (An arbitrary file creation vulnerability exists in the Javascript expo ...) NOT-FOR-US: Foxit Reader CVE-2023-35075 (Mattermost fails to use innerText /textContentwhen setting the channel ...) - mattermost-server (bug #823556) CVE-2023-32616 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) NOT-FOR-US: Foxit Reader CVE-2023-31275 (An uninitialized pointer use vulnerability exists in the functionality ...) NOT-FOR-US: WPS Office CVE-2023-2707 (The gAppointments WordPress plugin through 1.9.5.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-43701 (Improper payload validation and an improper REST API response type, ma ...) NOT-FOR-US: Apache Superset CVE-2023-42501 (Unnecessary read permissions within the Gamma role would allow authent ...) NOT-FOR-US: Apache Superset CVE-2023-40610 (Improper authorization check and possible privilege escalation on Apac ...) NOT-FOR-US: Apache Superset CVE-2023-6313 (A vulnerability was found in SourceCodester URL Shortener 1.0. It has ...) NOT-FOR-US: SourceCodester URL Shortener CVE-2023-6312 (A vulnerability was found in SourceCodester Loan Management System 1.0 ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2023-6311 (A vulnerability was found in SourceCodester Loan Management System 1.0 ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2023-6310 (A vulnerability has been found in SourceCodester Loan Management Syste ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2023-6309 (A vulnerability, which was classified as critical, was found in moses- ...) NOT-FOR-US: Moses CVE-2023-6308 (A vulnerability, which was classified as critical, has been found in X ...) NOT-FOR-US: Xiamen Four-Faith Video Surveillance Management System CVE-2023-6307 (A vulnerability classified as critical was found in jeecgboot JimuRepo ...) NOT-FOR-US: jeecgboot JimuReport CVE-2023-6306 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System CVE-2023-6305 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System CVE-2023-6304 (A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-R ...) NOT-FOR-US: Tecno 4G Portable WiFi TR118 CVE-2023-6303 (A vulnerability was found in CSZCMS 1.3.0. It has been classified as p ...) NOT-FOR-US: CSZCMS CVE-2023-6302 (A vulnerability was found in CSZCMS 1.3.0 and classified as critical. ...) NOT-FOR-US: CSZCMS CVE-2023-6301 (A vulnerability has been found in SourceCodester Best Courier Manageme ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-6300 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-6299 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Apryse iText CVE-2023-6298 (A vulnerability classified as problematic was found in Apryse iText 8. ...) NOT-FOR-US: Apryse iText CVE-2023-6297 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul CVE-2023-6296 (A vulnerability was found in osCommerce 4. It has been rated as proble ...) NOT-FOR-US: osCommerce CVE-2023-49322 (Certain WithSecure products allow a Denial of Service because there is ...) NOT-FOR-US: WithSecure CVE-2023-49321 (Certain WithSecure products allow a Denial of Service because scanning ...) NOT-FOR-US: WithSecure CVE-2023-49312 (Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3 ...) NOT-FOR-US: Precision Bridge CVE-2023-47039 (A vulnerability was found in Perl. This security issue occurs while Pe ...) - perl (Windows specific issue) CVE-2023-47038 (A vulnerability was found in perl. This issue occurs when a crafted re ...) - perl 5.36.0-10 (bug #1056746) [bookworm] - perl 5.36.0-7+deb12u1 [bullseye] - perl 5.32.1-4+deb11u3 [buster] - perl (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 (v5.34.2) NOTE: Fixed by: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 (v5.36.2) NOTE: Fixed by: https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 (v5.38.1) NOTE: Fixed by: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 (bleed) CVE-2023-46671 (An issue was discovered by Elastic whereby sensitive information may b ...) - kibana (bug #700337) CVE-2023-6293 (Prototype Pollution in GitHub repository robinbuschmann/sequelize-type ...) NOT-FOR-US: sequelize-typescript CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted tiff fil ...) - tiff 4.5.1+git230720-2 (bug #1056751) [bookworm] - tiff (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) [bullseye] - tiff (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) [buster] - tiff (Minor issue; OOM DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/614 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/545 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a NOTE: Updating with fix for CVE-2023-6277 will cause a regression in libimager-perl, cf. NOTE: https://bugs.debian.org/1057270 CVE-2023-6276 (A vulnerability classified as critical has been found in Tongda OA 201 ...) NOT-FOR-US: Tongda OA CVE-2023-6275 (A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1. ...) NOT-FOR-US: TOTVS Fluig Platform CVE-2023-6274 (A vulnerability was found in Byzoro Smart S80 up to 20231108. It has b ...) NOT-FOR-US: Beijing Baichuo Smart S80 CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, < ...) - check-mk CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios i ...) {DLA-3766-1} - zfs-linux 2.1.14-1 (bug #1056752) [bookworm] - zfs-linux (contrib not supported) [bullseye] - zfs-linux (contrib not supported) NOTE: https://github.com/openzfs/zfs/issues/15526 NOTE: https://github.com/openzfs/zfs/pull/15571 CVE-2023-48712 (Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux ...) NOT-FOR-US: Warpgate CVE-2023-48711 (google-translate-api-browser is an npm package which interfaces with t ...) NOT-FOR-US: google-translate-api-browser Node.js module CVE-2023-48708 (CodeIgniter Shield is an authentication and authorization provider for ...) NOT-FOR-US: CodeIgniter Shield CVE-2023-48707 (CodeIgniter Shield is an authentication and authorization provider for ...) NOT-FOR-US: CodeIgniter Shield CVE-2023-48312 (capsule-proxy is a reverse proxy for the capsule operator project. Aff ...) NOT-FOR-US: capsule-proxy (reverse proxy for Capsule) CVE-2023-46575 (A SQL injection vulnerability exists in Meshery prior to version v0.6. ...) NOT-FOR-US: Meshery CVE-2023-38914 REJECTED CVE-2023-49068 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache DolphinScheduler CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.) NOT-FOR-US: Usedesk CVE-2023-49215 (Usedesk before 1.7.57 allows filter reflected XSS.) NOT-FOR-US: Usedesk CVE-2023-49214 (Usedesk before 1.7.57 allows chat template injection.) NOT-FOR-US: Usedesk CVE-2023-49213 (The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 ...) NOT-FOR-US: Ironman PowerShell Universal CVE-2023-48796 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache DolphinScheduler CVE-2023-47529 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: ThemeIsle Cloud Templates & Patterns collection CVE-2023-47244 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Omnisend Email Marketing for WooCommerce by Omnisend CVE-2023-44303 (RVTools, Version 3.9.2 and above, contain a sensitive data exposure vu ...) NOT-FOR-US: Dell CVE-2023-33706 (SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks ...) NOT-FOR-US: SysAid CVE-2023-6118 (Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allow ...) NOT-FOR-US: Neutron IP Camera CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c functiona ...) - linux 6.5.10-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/505ce0630ad5d31185695f8a29dde8d29f28faa7 (6.6-rc7) NOTE: https://git.kernel.org/linus/52177bbf19e6e9398375a148d2e13ed492b40b80 (6.6-rc7) CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is trivial ...) NOT-FOR-US: Pandora FMS Console CVE-2023-4595 (An information exposure vulnerability has been found, the exploitation ...) NOT-FOR-US: SLmail CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an attacker t ...) NOT-FOR-US: SLmail CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an authent ...) NOT-FOR-US: SLmail CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: KC Group E-Commerce Software CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was character ...) NOT-FOR-US: malicious node module CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible b ...) - glewlwyd 2.7.6+ds-1 [bookworm] - glewlwyd (Minor issue) [bullseye] - glewlwyd (Minor issue) [buster] - glewlwyd (Vulnerable code not present) NOTE: https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812 (v2.7.6) CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) NOT-FOR-US: Pandora FMS CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) NOT-FOR-US: Pandora FMS CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) NOT-FOR-US: Pandora FMS CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) NOT-FOR-US: Pandora FMS CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all ...) NOT-FOR-US: Pandora FMS CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...) NOT-FOR-US: Pandora FMS CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) NOT-FOR-US: Pandora FMS CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...) NOT-FOR-US: Pandora FMS CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Pandora FMS CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Medart Health Services Medart Notification Panel CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Veribilim Software Computer Veribase CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial of Serv ...) - bouncycastle 1.77-1 (bug #1056754) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) [buster] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33202 NOTE: Fixed by https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c (r1rv73) CVE-2023-43123 (On unix-like systems, the temporary directory is shared between all us ...) NOT-FOR-US: Apache Storm CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...) NOT-FOR-US: dom-sanitizer CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because the una ...) NOT-FOR-US: NZBGet CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...) - zlib-ng (bug #1002056) CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode alliance was ...) NOT-FOR-US: wasm-micro-runtime CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47816 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47809 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47808 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47790 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2023-47786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47773 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47668 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-44290 (Dell Command | Monitor versions prior to 10.10.0, contain an improper ...) NOT-FOR-US: Dell CVE-2023-44289 (Dell Command | Configure versions prior to 4.11.0, contain an improper ...) NOT-FOR-US: Dell CVE-2023-43086 (Dell Command | Configure, versions prior to 4.11.0, contains an improp ...) NOT-FOR-US: Dell CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk AutoCAD 20 ...) NOT-FOR-US: Autodesk CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk AutoCAD 20 ...) NOT-FOR-US: Autodesk CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WooCommerce plugin CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...) NOT-FOR-US: Dell CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-a ...) - vim 2:9.0.2189-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q NOTE: Fixed by: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121) NOTE: Crash in CLI tool, no security impact CVE-2023-6265 (** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1. ...) NOT-FOR-US: Draytek Vigor2960 CVE-2023-6264 (Information leak in Content-Security-Policy header in Devolutions Serv ...) NOT-FOR-US: Devolutions Server CVE-2023-6263 (An issue was discovered by IPVM team in Network Optix NxCloud before 2 ...) NOT-FOR-US: Network Optix NxCloud CVE-2023-6253 (A saved encryption key in the Uninstaller in Digital Guardian's Agent ...) NOT-FOR-US: Digital Guardian's Agent CVE-2023-6252 (Path traversal vulnerability in Chalemelon Power framework, affecting ...) NOT-FOR-US: Chalemelon Power framework CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore 23.11.1 ...) NOT-FOR-US: M-Files CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites M ...) NOT-FOR-US: WordPress plugin CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-6157 (Improper neutralization of livestatus command delimiters in ajax_searc ...) - check-mk CVE-2023-6156 (Improper neutralization of livestatus command delimiters in the availa ...) - check-mk CVE-2023-6117 (A possibility of unwanted server memory consumption was detected throu ...) NOT-FOR-US: M-Files CVE-2023-6011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: DECE Software Geodi CVE-2023-6009 (The UserPro plugin for WordPress is vulnerable to privilege escalation ...) NOT-FOR-US: WordPress plugin CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...) {DSA-5591-1} - libssh 0.10.6-1 (bug #1059059) NOTE: https://www.libssh.org/security/advisories/CVE-2023-6918.txt NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6) CVE-2023-6004 (A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...) {DSA-5591-1} - libssh 0.10.6-1 (bug #1059061) NOTE: https://www.libssh.org/security/advisories/CVE-2023-6004.txt NOTE: https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921 (libssh-0.10.6) NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6) NOTE: Original patchset introduces a regression (with IPv6 parsing in ssh_options_set API): NOTE: https://gitlab.com/libssh/libssh-mirror/-/issues/227 CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Botanik Software Pharmacy Automation CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in DECE Soft ...) NOT-FOR-US: DECE Software Geodi CVE-2023-5822 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-5815 (The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blo ...) NOT-FOR-US: WordPress plugin CVE-2023-5742 (The EasyRotator for WordPress plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2023-5715 (The Website Optimization \u2013 Plerdy plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-5708 (The WP Post Columns plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-5706 (The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5704 (The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2023-5667 (The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2023-5664 (The Garden Gnome Package plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5662 (The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2023-5537 (The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site R ...) NOT-FOR-US: WordPress plugin CVE-2023-5469 (The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-5466 (The Wp anything slider plugin for WordPress is vulnerable to SQL Injec ...) NOT-FOR-US: WordPress plugin CVE-2023-5465 (The Popup with fancybox plugin for WordPress is vulnerable to SQL Inje ...) NOT-FOR-US: WordPress plugin CVE-2023-5419 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5417 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5416 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5415 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5411 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5387 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5386 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5385 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-5383 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5382 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5338 (The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5314 (The WP EXtra plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-5234 (The Related Products for WooCommerce plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2023-5163 (The Weather Atlas Widget plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5128 (The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-5096 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: DRD Fleet Leasing DRDrive CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to Sensitiv ...) NOT-FOR-US: WordPress plugin CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation Platform ...) NOT-FOR-US: Nautobot CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...) - zlib-ng (bug #1002056) CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra pl ...) NOT-FOR-US: WordPress plugin CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages \ ...) NOT-FOR-US: WordPress plugin CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy ...) NOT-FOR-US: WordPress plugin CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Bi ...) NOT-FOR-US: WordPress plugin CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...) NOT-FOR-US: WordPress plugin CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...) NOT-FOR-US: WordPress plugin CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comme ...) NOT-FOR-US: WordPress plugin CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's ...) NOT-FOR-US: WordPress plugin CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...) NOT-FOR-US: WordPress plugin CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remot ...) NOT-FOR-US: jeecgboot jeecg-boot CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Admidio CVE-2023-47350 (Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content ...) NOT-FOR-US: SwiftyEdit Content Management System CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: Headwind MDM Web panel CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: Headwind MDM Web panel CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (X ...) NOT-FOR-US: Headwind MDM Web panel CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. Th ...) NOT-FOR-US: Headwind MDM Web panel CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: Headwind MDM Web panel CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a ...) NOT-FOR-US: TightGate-Pro Server CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, b ...) NOT-FOR-US: TightGate-Pro Server CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester St ...) NOT-FOR-US: Sourcecodester Sticky Notes App CVE-2023-46673 (It was identified that malformed scripts used in the script processor ...) - elasticsearch CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 f ...) NOT-FOR-US: PrestaShop module CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for PrestaShop, a gue ...) NOT-FOR-US: PrestaShop module CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability i ...) NOT-FOR-US: Dell CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior, contains a ...) NOT-FOR-US: Dell CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local user is ...) NOT-FOR-US: Unitree Robotics A1 CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which could a ...) NOT-FOR-US: Unitree Robotics A1 CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Com ...) NOT-FOR-US: WordPress plugin CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Veon Computer Service Tracking Software CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized passwor ...) NOT-FOR-US: WordPress plugin CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to authentication bypas ...) NOT-FOR-US: WordPress plugin CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL injection vulne ...) NOT-FOR-US: Apache Submarine CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to download a ...) NOT-FOR-US: Syrus4 IoT gateway CVE-2023-5299 (A user with a standard account in Fuji Electric Tellus Lite may overwr ...) NOT-FOR-US: Fuji Electric Tellus Lite CVE-2023-49105 (An issue was discovered in ownCloud owncloud/core before 10.13.1. An a ...) - owncloud CVE-2023-49104 (An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when ...) NOT-FOR-US: Owncloud addon CVE-2023-49103 (An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2 ...) NOT-FOR-US: Owncloud addon CVE-2023-48701 (Statamic CMS is a Laravel and Git powered content management system (C ...) NOT-FOR-US: Statamic CMS CVE-2023-48700 (The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libr ...) NOT-FOR-US: Nautobot Device Onboarding plugin CVE-2023-48699 (fastbots is a library for fast bot and scraper development using selen ...) NOT-FOR-US: fastbots CVE-2023-48307 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...) NOT-FOR-US: Nextcloud Mail app CVE-2023-48306 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48305 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48304 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48303 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48302 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in product ...) NOT-FOR-US: TorchServe CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based RPC syst ...) - capnproto 1.0.1-3 (bug #1056615) [bookworm] - capnproto (Vulnerable code not present) [bullseye] - capnproto (Vulnerable code not present) [buster] - capnproto (Vulnerable code not present) NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3 NOTE: https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59 (v2-branch) NOTE: https://github.com/capnproto/capnproto/commit/5d5d734b0350c6f2e36c3155753e6a19fbfeda9a (v1.0.1.1) CVE-2023-48228 (authentik is an open-source identity provider. When initialising a oau ...) NOT-FOR-US: authentik CVE-2023-48161 (Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows ...) - giflib 5.2.2-1 (unimportant) NOTE: https://sourceforge.net/p/giflib/bugs/167/ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact CVE-2023-47393 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...) NOT-FOR-US: Mercedes me IOS APP CVE-2023-47392 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...) NOT-FOR-US: Mercedes me IOS APP CVE-2023-47016 (radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in l ...) - radare2 5.9.0+dfsg-1 (bug #1056930) NOTE: https://github.com/radareorg/radare2/issues/22349 NOTE: https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd CVE-2023-46814 (A binary hijacking vulnerability exists within the VideoLAN VLC media ...) - vlc (Windows-specific) NOTE: https://www.videolan.org/security/sb-vlc3019.html CVE-2023-41146 (Autodesk Customer Support Portal allows cases created by users under a ...) NOT-FOR-US: Autodesk Customer Support Portal CVE-2023-41145 (Autodesk users who no longer have an active license for an account can ...) NOT-FOR-US: Autodesk CVE-2023-40152 (When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted ...) NOT-FOR-US: Fuji Electric Tellus Lite V-Simulator CVE-2023-35127 (Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V ...) NOT-FOR-US: Fuji Electric Tellus Lite V-Simulator CVE-2023-2447 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: WordPress plugin CVE-2023-2446 (The UserPro plugin for WordPress is vulnerable to sensitive informatio ...) NOT-FOR-US: WordPress plugin CVE-2023-6238 (A buffer overflow vulnerability was found in the NVM Express (NVMe) dr ...) - linux [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...) NOT-FOR-US: Duet Display for Windows CVE-2023-6228 (An issue was found in the tiffcp utility distributed by the libtiff pa ...) - tiff (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/606 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a NOTE: Crash in CLI tool, no security impact CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...) - firefox 120.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213 CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6212 CVE-2023-6211 (If an attacker needed a user to load an insecure http: page and knew t ...) - firefox 120.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6211 CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:" URL, tha ...) - firefox 120.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210 CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed, and ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6209 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209 CVE-2023-6208 (When using X11, text selected by the page using the Selection API was ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208 CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteStreams ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207 CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the length ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206 CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had already ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6205 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205 CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drivers\u2 ...) {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} - firefox 120.0-1 - firefox-esr 115.5.0esr-1 - thunderbird 1:115.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6204 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204 CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...) NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in ...) NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.) NOT-FOR-US: zephyr-rtos CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...) - firefox (Only affects Firefox for iOS) CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...) - firefox (Only affects Firefox for iOS) CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...) NOT-FOR-US: OpenReplay CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...) NOT-FOR-US: SUP Online Shopping CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...) NOT-FOR-US: SuiteCRM CVE-2023-46377 REJECTED CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...) NOT-FOR-US: bookstack CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...) NOT-FOR-US: Nessus Agent CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the "user" ...) NOT-FOR-US: Dev blog CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted file up ...) NOT-FOR-US: Dev blog CVE-2023-6062 (An arbitrary file write vulnerability exists where an authenticated, r ...) NOT-FOR-US: Nessus CVE-2023-5553 (During internal Axis Security Development Model (ASDM) threat-modellin ...) NOT-FOR-US: AXIS OS CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of GX W ...) NOT-FOR-US: Mitsubishi CVE-2023-5274 (Improper Input Validation vulnerability in simulation function of GX W ...) NOT-FOR-US: Mitsubishi CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending malformed ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4149 (A vulnerability in the web-based management allows an unauthenticated ...) NOT-FOR-US: Wago CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security Standards. ...) NOT-FOR-US: TestingPlatform CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local att ...) NOT-FOR-US: TOTOlink CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote at ...) NOT-FOR-US: WebsiteGuide CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to dec ...) NOT-FOR-US: upydev CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcomma ...) NOT-FOR-US: Yamcs CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. This aff ...) NOT-FOR-US: WithSecure CVE-2023-46935 (eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lea ...) NOT-FOR-US: eyoucms CVE-2023-46471 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...) NOT-FOR-US: Yamcs CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...) NOT-FOR-US: Yamcs CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote ...) NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users en ...) NOT-FOR-US: Red Lion CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...) NOT-FOR-US: Red Lion CVE-2023-6134 (A flaw was found in Keycloak that prevents certain schemes in redirect ...) NOT-FOR-US: Keycloak CVE-2023-5764 (A template injection flaw was found in Ansible where a user's controll ...) - ansible-core 2.14.13-1 (bug #1057427) [bookworm] - ansible-core (Minor issue) - ansible 5.4.0-1 [bullseye] - ansible (Minor issue) NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629 NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16) NOTE: https://github.com/ansible/ansible/pull/82294 (stable-2.15) NOTE: https://github.com/ansible/ansible/pull/82295 (stable-2.14) NOTE: https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a (v2.14.12rc1) CVE-2023-41913 (strongSwan before 5.9.12 has a buffer overflow and possible unauthenti ...) {DSA-5560-1 DLA-3663-1} - strongswan 5.9.12-1 NOTE: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html NOTE: Patches: https://download.strongswan.org/security/CVE-2023-41913/ CVE-2023-6197 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2023-6196 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2023-6045 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2023-5799 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have prope ...) NOT-FOR-US: WordPress plugin CVE-2023-5652 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) NOT-FOR-US: WordPress plugin CVE-2023-5651 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) NOT-FOR-US: WordPress plugin CVE-2023-5640 (The Article Analytics WordPress plugin does not properly sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-5610 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not va ...) NOT-FOR-US: WordPress plugin CVE-2023-5609 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-5593 (The out-of-bounds write vulnerability in the Windows-based SecuExtende ...) NOT-FOR-US: SecuExtender SSL VPN Client CVE-2023-5509 (The myStickymenu WordPress plugin before 2.6.5 does not adequately aut ...) NOT-FOR-US: WordPress plugin CVE-2023-5343 (The Popup box WordPress plugin before 3.7.9 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5340 (The Five Star Restaurant Menu and Food Ordering WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2023-5140 (The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-5119 (The Forminator WordPress plugin before 1.27.0 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place ...) NOT-FOR-US: WooHoo Newspaper Magazine theme CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...) NOT-FOR-US: NextAuth.js CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of ...) NOT-FOR-US: WordPress plugin CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the administr ...) NOT-FOR-US: XWiki Admin Tools Application CVE-2023-48292 (The XWiki Admin Tools Application provides tools to help the administr ...) NOT-FOR-US: XWiki Admin Tools Application CVE-2023-48241 (XWiki Platform is a generic wiki platform. Starting in version 6.3-mil ...) NOT-FOR-US: XWiki CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff in XWiki ...) NOT-FOR-US: XWiki CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to v ...) NOT-FOR-US: fast-jwt CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...) NOT-FOR-US: wire-avs CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...) NOT-FOR-US: Strapi Protected Populate Plugin CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) NOT-FOR-US: Tenda CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) NOT-FOR-US: Tenda CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...) - gpac (bug #1059056) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2680 CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...) - gpac (bug #1059056) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2679 CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...) NOT-FOR-US: WordPress plugin CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...) NOT-FOR-US: DZSlides CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...) NOT-FOR-US: PublicCMS CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...) NOT-FOR-US: OpenHarmony CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...) NOT-FOR-US: OpenHarmony CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) NOT-FOR-US: OpenHarmony CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) NOT-FOR-US: OpenHarmony CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...) NOT-FOR-US: OpenSIS CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...) NOT-FOR-US: OpenSIS CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) NOT-FOR-US: OpenSIS CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) NOT-FOR-US: OpenSIS CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) NOT-FOR-US: OpenSIS CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has a bro ...) NOT-FOR-US: OpenSIS CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...) NOT-FOR-US: OpenSIS CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...) NOT-FOR-US: Tenda CVE-2023-36013 (PowerShell Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...) NOT-FOR-US: INEA ME RTU firmware CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...) NOT-FOR-US: INEA ME RTU firmware CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...) NOT-FOR-US: Wago CVE-2023-46302 (Apache Software Foundation Apache Submarine has a bug when serializing ...) NOT-FOR-US: Apache Submarine CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) NOT-FOR-US: WordPress plugin CVE-2023-47672 (Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Categor ...) NOT-FOR-US: WordPress plugin CVE-2023-47671 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Verti ...) NOT-FOR-US: WordPress plugin CVE-2023-47670 (Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Kore ...) NOT-FOR-US: WordPress plugin CVE-2023-47667 (Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Ful ...) NOT-FOR-US: WordPress plugin CVE-2023-47666 (Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro C ...) NOT-FOR-US: WordPress plugin CVE-2023-47664 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Pl ...) NOT-FOR-US: WordPress plugin CVE-2023-47655 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC X ...) NOT-FOR-US: WordPress plugin CVE-2023-47651 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Li ...) NOT-FOR-US: WordPress plugin CVE-2023-47650 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add ...) NOT-FOR-US: WordPress plugin CVE-2023-47649 (Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Res ...) NOT-FOR-US: WordPress plugin CVE-2023-47644 (Cross-Site Request Forgery (CSRF) vulnerability in profilegrid Profile ...) NOT-FOR-US: WordPress plugin CVE-2023-47556 (Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Devi ...) NOT-FOR-US: WordPress plugin CVE-2023-47553 (Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc User ...) NOT-FOR-US: WordPress plugin CVE-2023-47552 (Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image H ...) NOT-FOR-US: WordPress plugin CVE-2023-47551 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-47531 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit D ...) NOT-FOR-US: WordPress plugin CVE-2023-47519 (Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-47243 (Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop \ucf54\ub ...) NOT-FOR-US: WordPress plugin CVE-2023-41129 (Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-32514 (Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar G ...) NOT-FOR-US: WordPress plugin CVE-2023-32504 (Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.Th ...) NOT-FOR-US: WordPress plugin CVE-2023-32245 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essenti ...) NOT-FOR-US: WordPress plugin CVE-2023-48736 (In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-40363 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2023-38361 (IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algo ...) NOT-FOR-US: IBM CVE-2023-6187 (The Paid Memberships Pro plugin for WordPress is vulnerable to arbitra ...) NOT-FOR-US: WordPress plugin CVE-2023-4214 (The AppPresser plugin for WordPress is vulnerable to unauthorized pass ...) NOT-FOR-US: WordPress plugin CVE-2023-48295 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) NOT-FOR-US: LibreNMS CVE-2023-48294 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) NOT-FOR-US: LibreNMS CVE-2023-48238 (joaquimserafim/json-web-token is a javascript library use to interact ...) NOT-FOR-US: Node json-web-token CVE-2023-48028 (kodbox 1.46.01 has a security flaw that enables user enumeration. This ...) NOT-FOR-US: kodbox CVE-2023-48017 (Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) v ...) NOT-FOR-US: Dreamer CMS CVE-2023-46745 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) NOT-FOR-US: LibreNMS CVE-2023-46402 (git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in ...) NOT-FOR-US: git-urls CVE-2023-44796 (Cross Site Scripting (XSS) vulnerability in LimeSurvey before version ...) - limesurvey (bug #472802) CVE-2023-43177 (CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modifi ...) NOT-FOR-US: CrushFTP CVE-2023-40817 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product ...) NOT-FOR-US: OpenCRX CVE-2023-40816 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Mil ...) NOT-FOR-US: OpenCRX CVE-2023-40815 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category ...) NOT-FOR-US: OpenCRX CVE-2023-40814 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts ...) NOT-FOR-US: OpenCRX CVE-2023-40813 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Sav ...) NOT-FOR-US: OpenCRX CVE-2023-40812 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts ...) NOT-FOR-US: OpenCRX CVE-2023-40810 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name ...) NOT-FOR-US: OpenCRX CVE-2023-40809 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity ...) NOT-FOR-US: OpenCRX CVE-2023-6188 (A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been r ...) NOT-FOR-US: GetSimpleCMS CVE-2023-6179 (Honeywell ProWatch, 4.5, including all Service Pack versions, contain ...) NOT-FOR-US: Honeywell ProWatch CVE-2023-5445 (An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 ...) NOT-FOR-US: ePolicy Orchestrator CVE-2023-5444 (A Cross Site Request Forgery vulnerability in ePolicy Orchestrator pri ...) NOT-FOR-US: ePolicy Orchestrator CVE-2023-48185 (Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.29 ...) NOT-FOR-US: TerraMaster CVE-2023-48029 (Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with ...) NOT-FOR-US: Corebos CVE-2023-48025 (Liblisp through commit 4c65969 was discovered to contain a out-of-boun ...) NOT-FOR-US: Liblisp CVE-2023-48024 (Liblisp through commit 4c65969 was discovered to contain a use-after-f ...) NOT-FOR-US: Liblisp CVE-2023-47757 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-47073 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47072 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47071 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47070 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47069 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47068 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47067 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47066 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44355 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-44353 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-44352 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-44351 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-44350 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-44326 (Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-44325 (Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-44324 (Adobe FrameMaker Publishing Server versions 2022 and earlier are affec ...) NOT-FOR-US: Adobe CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...) NOT-FOR-US: Ray CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow bypassi ...) NOT-FOR-US: mlflow CVE-2023-48659 (An issue was discovered in MISP before 2.4.176. app/Controller/AppCont ...) NOT-FOR-US: MISP CVE-2023-48658 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) NOT-FOR-US: MISP CVE-2023-48657 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) NOT-FOR-US: MISP CVE-2023-48656 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) NOT-FOR-US: MISP CVE-2023-48655 (An issue was discovered in MISP before 2.4.176. app/Controller/Compone ...) NOT-FOR-US: MISP CVE-2023-48649 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on t ...) NOT-FOR-US: Concrete CMS CVE-2023-48648 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized ac ...) NOT-FOR-US: Concrete CMS CVE-2023-48237 (Vim is an open source command line text editor. In affected versions w ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 NOTE: https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e (v9.0.2112) NOTE: Self-inflicted crash, no security impact CVE-2023-48236 (Vim is an open source command line text editor. When using the z= comm ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 NOTE: https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 (v9.0.2111) NOTE: Self-inflicted crash, no security impact CVE-2023-48235 (Vim is an open source command line text editor. When parsing relative ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g NOTE: https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 (v9.0.2110) NOTE: Self-inflicted crash, no security impact CVE-2023-48234 (Vim is an open source command line text editor. When getting the count ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq NOTE: https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca (v9.0.2109) NOTE: Self-inflicted crash, no security impact CVE-2023-48233 (Vim is an open source command line text editor. If the count after the ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj NOTE: https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 (v9.0.2108) NOTE: Self-inflicted crash, no security impact CVE-2023-48232 (Vim is an open source command line text editor. A floating point excep ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw NOTE: https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce (v9.0.2107) NOTE: Self-inflicted crash, no security impact CVE-2023-48231 (Vim is an open source command line text editor. When closing a window, ...) - vim 2:9.0.2116-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 NOTE: https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a (v9.0.2106) NOTE: Self-inflicted crash, no security impact CVE-2023-48222 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD Functionality v1 ...) NOT-FOR-US: Simple CRUD Functionality CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with ...) NOT-FOR-US: OpenSupports CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a content page\u ...) NOT-FOR-US: Liferay Portal CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Spe ...) NOT-FOR-US: WordPress plugin# CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Cust ...) NOT-FOR-US: WordPress plugin# CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...) NOT-FOR-US: WordPress plugin# CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker with an ...) NOT-FOR-US: CubeCart CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was discovered by ...) NOT-FOR-US: Zulip CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...) NOT-FOR-US: CubeCart CVE-2023-47112 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial ...) NOT-FOR-US: Free5gc CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise ...) NOT-FOR-US: Splunk CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escap ...) NOT-FOR-US: Splunk CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...) NOT-FOR-US: PrestaShop addon CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from ...) NOT-FOR-US: PrestaShop addon CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...) NOT-FOR-US: CubeCart CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...) - opennds 10.2.0+dfsg-1 (bug #1059452) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3) CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...) - opennds 10.2.0+dfsg-1 (bug #1059452) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3) CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS ...) NOT-FOR-US: OpenNMS CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) NOT-FOR-US: CLUSTERPRO CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) NOT-FOR-US: CLUSTERPRO CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) NOT-FOR-US: CLUSTERPRO CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) NOT-FOR-US: CLUSTERPRO CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) NOT-FOR-US: CLUSTERPRO CVE-2023-38324 (An issue was discovered in OpenNDS before 10.1.2. It allows users to s ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38323 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...) - opennds 10.2.0+dfsg-1 NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: From v10 onwards, statuspath configuration value is urlencoded, marking first 10.x upload as fixed for sid CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...) - opennds NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38319 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...) - opennds 10.2.0+dfsg-1 NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: From v10 onwards, faskey configuration value is urlencoded, marking first 10.x upload as fixed for sid CVE-2023-38318 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...) - opennds 10.2.0+dfsg-1 NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: From v10 onwards, gatewayfqdn configuration value is urlencoded, marking first 10.x upload as fixed for sid CVE-2023-38317 (An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...) - opennds 10.2.0+dfsg-1 NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: From v10 onwards, gateway interface configuration value is urlencoded, marking first 10.x upload as fixed for sid CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...) - opennds 10.2.0+dfsg-1 (bug #1059451) NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2) CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...) NOT-FOR-US: CubeCart CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for ...) - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2) CVE-2023-6175 (NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to ...) {DSA-5559-1 DLA-3746-1} - wireshark 4.0.11-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404 CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...) {DSA-5559-1} - wireshark 4.0.11-1 [bullseye] - wireshark (Only affects 4.x) [buster] - wireshark (Only affects 4.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19369 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/a2f6b079f16e0dfa10a1eab82b13b52d8e173199 (v3.7.0) CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsy ...) {DSA-5594-1 DLA-3711-1} - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/ NOTE: https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/ NOTE: https://git.kernel.org/linus/1c22e0295a5eb571c27b53c7371f95699ef705ff (6.7-rc3) CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...) NOT-FOR-US: Trellix CVE-2023-6038 (A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST AP ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...) NOT-FOR-US: ModelDB CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code ...) NOT-FOR-US: Prefect CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...) NOT-FOR-US: Ray's log API endpoint CVE-2023-6019 (A command injection existed in Ray's cpu_profile URL parameter allowin ...) NOT-FOR-US: Ray CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...) NOT-FOR-US: mlflow CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed allowi ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-6016 (An attacker is able to gain remote code execution on a server hosting ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.) NOT-FOR-US: mlflow CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...) NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...) - ckeditor (unimportant) NOTE: Seems bogus, only affects an example CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...) NOT-FOR-US: nagayama_copabowl CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chai ...) NOT-FOR-US: PyPinkSign CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption ...) NOT-FOR-US: SuperAGI CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows attacke ...) NOT-FOR-US: localstack.cloud CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...) NOT-FOR-US: Archery CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...) - httpie (unimportant) [bullseye] - httpie (remote version check introduced in 3.2.0) [buster] - httpie (remote version check introduced in 3.2.0) NOTE: https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md NOTE: The httpie tools do validate SSL certificates for user-provided URLs, and fail if invalid. NOTE: Only its internal version check (update_warnings.py) makes a verify=False call to a NOTE: https://packages.httpie.io/latest.json URL, with no security impact besides displaying the information. NOTE: Introduced by: https://github.com/httpie/cli/commit/003f2095d4e98b26220802f016a56be38bf9bd8d (v3.2.0) CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrence ...) NOT-FOR-US: WordPress plugin CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity ...) NOT-FOR-US: WordPress plugin CVE-2023-47511 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO W ...) NOT-FOR-US: WordPress plugin CVE-2023-47509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup ...) NOT-FOR-US: WordPress plugin CVE-2023-47508 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta M ...) NOT-FOR-US: WordPress plugin CVE-2023-47245 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-47242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47240 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47239 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47060 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47059 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47058 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47057 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47056 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47055 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-47054 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47053 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47052 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47051 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47050 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47049 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47048 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47047 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47046 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-47044 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47043 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47042 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47041 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-47040 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44372 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44371 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44367 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44366 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44365 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44361 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44360 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44359 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44358 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44357 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44356 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44348 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44347 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44346 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44345 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44344 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44343 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44342 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44341 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-44340 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44339 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44338 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44337 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44336 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-44335 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44334 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44333 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44332 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44331 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44330 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-44329 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-44328 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-44327 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-44292 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...) NOT-FOR-US: Dell CVE-2023-44282 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...) NOT-FOR-US: Dell CVE-2023-39926 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Unde ...) NOT-FOR-US: WordPress plugin CVE-2023-39259 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...) NOT-FOR-US: Dell CVE-2023-39246 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...) NOT-FOR-US: Dell CVE-2023-36026 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36008 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-34375 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SE ...) NOT-FOR-US: WordPress plugin CVE-2023-32957 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazz ...) NOT-FOR-US: WordPress plugin CVE-2023-32796 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommer ...) NOT-FOR-US: WordPress plugin CVE-2023-32469 (Dell Precision Tower BIOS contains an Improper Input Validation vulner ...) NOT-FOR-US: Dell CVE-2023-6105 (An information disclosure vulnerability exists in multiple ManageEngin ...) NOT-FOR-US: ManageEngine CVE-2023-5381 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2023-4723 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WordPress plugin CVE-2023-4690 (The Elementor Addon Elements plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-4689 (The Elementor Addon Elements plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-48365 (Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows un ...) NOT-FOR-US: Qlik Sense Enterprise for Windows CVE-2023-48224 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-48204 (An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtai ...) NOT-FOR-US: PublicCMS CVE-2023-48200 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...) - grocy (bug #969056) CVE-2023-48199 (HTML Injection vulnerability in the 'manageApiKeys' component in Grocy ...) - grocy (bug #969056) CVE-2023-48198 (A Cross-Site Scripting (XSS) vulnerability in the 'product description ...) - grocy (bug #969056) CVE-2023-48197 (Cross-Site Scripting (XSS) vulnerability in the \u2018manageApiKeys\u2 ...) - grocy (bug #969056) CVE-2023-47674 (Missing authentication for critical function vulnerability in First Co ...) NOT-FOR-US: First Corporation CVE-2023-47638 REJECTED CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer overflows v ...) {DLA-3676-1} - libde265 1.0.13-1 [bookworm] - libde265 1.0.11-1+deb12u1 [bullseye] - libde265 1.0.11-0+deb11u2 NOTE: https://github.com/strukturag/libde265/issues/418 NOTE: https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133 (v1.0.13) CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a ...) {DLA-3676-1} - libde265 1.0.13-1 (bug #1056187) [bookworm] - libde265 1.0.11-1+deb12u1 [bullseye] - libde265 1.0.11-0+deb11u2 NOTE: https://github.com/strukturag/libde265/issues/426 NOTE: https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7 (v1.0.13) CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456574705 ...) - ffmpeg (Vulnerable code not in any Debian released version) NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/ NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg NOTE: Introduced in: https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819 (n6.1) NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1) CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...) NOT-FOR-US: OpenCart CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...) NOT-FOR-US: free5GC CVE-2023-47345 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...) NOT-FOR-US: free5GC CVE-2023-47335 (Insecure permissions in the setNFZEnable function of Autel Robotics EV ...) NOT-FOR-US: Autel Robotics EVO Nano drone CVE-2023-47264 (Certain WithSecure products have a buffer over-read whereby processing ...) NOT-FOR-US: WithSecure CVE-2023-47263 (Certain WithSecure products allow a Denial of Service (DoS) in the ant ...) NOT-FOR-US: WithSecure CVE-2023-47213 (First Corporation's DVRs use a hard-coded password, which may allow a ...) NOT-FOR-US: First Corporation CVE-2023-47003 (An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitra ...) NOT-FOR-US: RedisGraph CVE-2023-44296 (Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vu ...) NOT-FOR-US: Dell CVE-2023-43757 (Inadequate encryption strength vulnerability in multiple routers provi ...) NOT-FOR-US: ELECOM CVE-2023-43752 (OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier ...) NOT-FOR-US: ELECOM CVE-2023-43275 (Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 ...) NOT-FOR-US: DedeCMS CVE-2023-41442 (An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1 ...) NOT-FOR-US: Kloudq Technologies Limited Tor Equip CVE-2023-6079 REJECTED CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...) NOT-FOR-US: Quarkus CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts each f ...) NOT-FOR-US: mleap CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...) - tinymce NOTE: https://github.com/tinymce/tinymce/commit/751e35f1419a6a060ded397dda1b2945bacaa711 CVE-2023-48089 (xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via / ...) NOT-FOR-US: XXL-Job CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /x ...) NOT-FOR-US: XXL-Job CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...) NOT-FOR-US: XXL-Job CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...) - gpac (bug #1056282) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2613 NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...) - gpac (bug #1056282) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2612 NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) - gpac (bug #1056282) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2611 NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) NOT-FOR-US: Pimcore CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Fu ...) NOT-FOR-US: Pimcore Admin Classic Bundle CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) NOT-FOR-US: Payara CVE-2023-34982 (This external control vulnerability, if exploited, could allow a local ...) NOT-FOR-US: AVEVA CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...) NOT-FOR-US: Reactor Netty HTTP Server CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud allow a l ...) NOT-FOR-US: AVEVA CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...) NOT-FOR-US: WordPress plugin CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2023-5987 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Schneider Electric CVE-2023-5986 (A CWE-601 URL Redirection to Untrusted Site vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2023-5985 (A CWE-79 Improper Neutralization of Input During Web Page Generation v ...) NOT-FOR-US: Schneider Electric CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...) NOT-FOR-US: Schneider Electric CVE-2023-5981 (A vulnerability was found that the response times to malformed ciphert ...) {DLA-3660-1} - gnutls28 3.8.2-1 (bug #1056188) [bookworm] - gnutls28 3.7.9-2+deb12u1 [bullseye] - gnutls28 3.7.1-5+deb11u4 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1511 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d (3.8.2) NOTE: Fixing this issue incompletely opens up CVE-2024-0553 CVE-2023-4889 (The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed for build ...) NOT-FOR-US: Statamic CMS CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all versio ...) NOT-FOR-US: ASUSTeK CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp 3.8.1-1 [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j NOTE: https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 (v3.8.0b0) CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC signature for Da ...) NOT-FOR-US: DataHub CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing technol ...) NOT-FOR-US: vantage6 CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...) NOT-FOR-US: Kyverno CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp 3.8.6-1 [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (Minor issue) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg NOTE: https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d (v3.8.6) CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in V-Server ...) NOT-FOR-US: FUJI CVE-2023-47585 (Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earl ...) NOT-FOR-US: FUJI CVE-2023-47584 (Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and ear ...) NOT-FOR-US: FUJI CVE-2023-47583 (Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator ...) NOT-FOR-US: FUJI CVE-2023-47582 (Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17 ...) NOT-FOR-US: FUJI CVE-2023-47581 (Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlie ...) NOT-FOR-US: FUJI CVE-2023-47580 (Multiple improper restriction of operations within the bounds of a mem ...) NOT-FOR-US: FUJI CVE-2023-47549 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on302 respo ...) NOT-FOR-US: WordPress plugin CVE-2023-47547 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) NOT-FOR-US: WordPress plugin CVE-2023-47546 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Walte ...) NOT-FOR-US: WordPress plugin CVE-2023-47545 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fat ...) NOT-FOR-US: WordPress plugin CVE-2023-47544 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visu ...) NOT-FOR-US: WordPress plugin CVE-2023-47533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) NOT-FOR-US: WordPress plugin CVE-2023-47532 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum ...) NOT-FOR-US: WordPress plugin CVE-2023-47528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajj ...) NOT-FOR-US: WordPress plugin CVE-2023-47524 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requiresPH ...) NOT-FOR-US: WordPress plugin CVE-2023-47522 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Fe ...) NOT-FOR-US: WordPress plugin CVE-2023-47520 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) NOT-FOR-US: WordPress plugin CVE-2023-47518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew ...) NOT-FOR-US: WordPress plugin CVE-2023-47517 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPres ...) NOT-FOR-US: WordPress plugin CVE-2023-47446 (Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: Pre-School Enrollment CVE-2023-47445 (Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via t ...) NOT-FOR-US: Pre-School Enrollment version CVE-2023-47309 (Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripti ...) NOT-FOR-US: Nukium nkmgls CVE-2023-47308 (In the module "Newsletter Popup PRO with Voucher/Coupon code" (newslet ...) NOT-FOR-US: PrestaShop addon CVE-2023-47130 (Yii is an open source PHP web framework. yiisoft/yii before version 1. ...) - yii (bug #597899) CVE-2023-47125 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: TYPO3 CVE-2023-46672 (An issue was identified by Elastic whereby sensitive information is re ...) - logstash (bug #664841) CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...) NOT-FOR-US: Inventory Management CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...) NOT-FOR-US: Inventory Management CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 ...) NOT-FOR-US: Inventory Management CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed ledger f ...) NOT-FOR-US: Hyperledger Fabric CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and fixes. The Ge ...) - yt-dlp 2023.11.16-1 (bug #1055996) [bookworm] - yt-dlp (Minor issue) NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x NOTE: https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb (2023.11.14) CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul ...) NOT-FOR-US: phpgurukul CVE-2023-46025 (SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher ...) NOT-FOR-US: phpgurukul CVE-2023-46024 (SQL Injection vulnerability in index.php in phpgurukul Teacher Subject ...) NOT-FOR-US: phpgurukul CVE-2023-46023 (SQL injection vulnerability in addTask.php in Code-Projects Simple Tas ...) NOT-FOR-US: Code-Projects Simple Task List CVE-2023-46022 (SQL Injection vulnerability in delete.php in Code-Projects Blood Bank ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-45627 (An authenticated Denial-of-Service (DoS) vulnerability exists in the C ...) NOT-FOR-US: Aruba CVE-2023-45626 (An authenticated vulnerability has been identified allowing an attacke ...) NOT-FOR-US: Aruba CVE-2023-45625 (Multiple authenticated command injection vulnerabilities exist in the ...) NOT-FOR-US: Aruba CVE-2023-45624 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) NOT-FOR-US: Aruba CVE-2023-45623 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the W ...) NOT-FOR-US: Aruba CVE-2023-45622 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the B ...) NOT-FOR-US: Aruba CVE-2023-45621 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...) NOT-FOR-US: Aruba CVE-2023-45620 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...) NOT-FOR-US: Aruba CVE-2023-45619 (There is an arbitrary file deletion vulnerability in the RSSI service ...) NOT-FOR-US: Aruba CVE-2023-45618 (There are arbitrary file deletion vulnerabilities in the AirWave clien ...) NOT-FOR-US: Aruba CVE-2023-45617 (There are arbitrary file deletion vulnerabilities in the CLI service a ...) NOT-FOR-US: Aruba CVE-2023-45616 (There is a buffer overflow vulnerability in the underlying AirWave cli ...) NOT-FOR-US: Aruba CVE-2023-45615 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) NOT-FOR-US: Aruba CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) NOT-FOR-US: Aruba CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: ETS Soft ybc_blog CVE-2023-43591 (Improper privilege management in Zoom Rooms for macOS before version ...) NOT-FOR-US: Zoom CVE-2023-43590 (Link following in Zoom Rooms for macOS before version 5.16.0 may allo ...) NOT-FOR-US: Zoom CVE-2023-43588 (Insufficient control flow management in some Zoom clients may allow an ...) NOT-FOR-US: Zoom CVE-2023-43582 (Improper authorization in some Zoom clients may allow an authorized us ...) NOT-FOR-US: Zoom CVE-2023-41718 (When a particular process flow is initiated, an attacker may be able t ...) NOT-FOR-US: Ivanti CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected cross-site script ...) NOT-FOR-US: EyouCms CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect acc ...) NOT-FOR-US: MikroTik CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to contain mul ...) NOT-FOR-US: MyPrestaModules ordersexport CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) NOT-FOR-US: AMI CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) NOT-FOR-US: AMI CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) NOT-FOR-US: AMI CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older a ...) NOT-FOR-US: Ivanti CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions 11.10, 1 ...) NOT-FOR-US: Ivanti CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...) NOT-FOR-US: Zoom CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients may allow ...) NOT-FOR-US: Zoom CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...) NOT-FOR-US: Zoom CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop C ...) NOT-FOR-US: Zoom CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Cl ...) NOT-FOR-US: Zoom CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom clients may al ...) NOT-FOR-US: Zoom CVE-2023-38544 (A logged in user can modify specific files that may lead to unauthoriz ...) NOT-FOR-US: Ivanti CVE-2023-38543 (A vulnerability exists on all versions of the Ivanti Secure Access Cli ...) NOT-FOR-US: Ivanti CVE-2023-38043 (A vulnerability exists on all versions of the Ivanti Secure Access Cli ...) NOT-FOR-US: Ivanti CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...) NOT-FOR-US: Microsoft CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulner ...) NOT-FOR-US: Microsoft CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure Access Window ...) NOT-FOR-US: Ivanti CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication bypass vuln ...) NOT-FOR-US: VMware CVE-2023-44444 (GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. ...) {DSA-5564-1 DLA-3659-1} - gimp 2.10.36-1 (bug #1055984) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1 NOTE: Backport to gimp-2.10: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10071 (restricted) CVE-2023-44443 (GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerabi ...) {DSA-5564-1} - gimp 2.10.36-1 (bug #1055984) [buster] - gimp (Vulnerable code introduced in 2.10.22) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1593/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/96f536a33590bb9811da5b5639e1d6c25aaf2e01 NOTE: Backport to gimp-2.10: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 (restricted) NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gimp/-/commit/bf66a07d207bc09f222e56c398760478a3a057fa (GIMP_2_10_22) CVE-2023-44442 (GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution ...) {DSA-5564-1 DLA-3659-1} - gimp 2.10.36-1 (bug #1055984) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1594/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10101 (restricted) CVE-2023-44441 (GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution ...) {DSA-5564-1 DLA-3677-1} - gimp 2.10.36-1 (bug #1055984) [buster] - gimp (DDS plugin added in 2.10.10) - gimp-dds NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1592/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/7db71cd0b6e36c454aa0d2d3efeec7e636db4dbc (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703 (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe (GIMP_2_10_36) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10069 (restricted) CVE-2023-6112 (Use after free in Navigation in Google Chrome prior to 119.0.6045.159 ...) {DSA-5556-1} - chromium 119.0.6045.159-1 [buster] - chromium (see DSA 5046) CVE-2023-5997 (Use after free in Garbage Collection in Google Chrome prior to 119.0.6 ...) {DSA-5556-1} - chromium 119.0.6045.159-1 [buster] - chromium (see DSA 5046) CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) NOT-FOR-US: suitecrm CVE-2023-6130 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) NOT-FOR-US: suitecrm CVE-2023-6128 (Cross-site Scripting (XSS) - Reflected in GitHub repository salesagili ...) NOT-FOR-US: suitecrm CVE-2023-6127 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...) NOT-FOR-US: suitecrm CVE-2023-6126 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) NOT-FOR-US: suitecrm CVE-2023-6125 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) NOT-FOR-US: suitecrm CVE-2023-6124 (Server-Side Request Forgery (SSRF) in GitHub repository salesagility/s ...) NOT-FOR-US: suitecrm CVE-2023-6111 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) - linux 6.5.13-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 (6.7-rc1) CVE-2023-48094 (A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows a ...) NOT-FOR-US: CesiumJS CVE-2023-48021 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-48020 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-47660 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP W ...) NOT-FOR-US: WordPress plugin CVE-2023-47659 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47658 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47656 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mar ...) NOT-FOR-US: WordPress plugin CVE-2023-47654 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47653 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu ...) NOT-FOR-US: WordPress plugin CVE-2023-47646 (Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK ...) NOT-FOR-US: WordPress plugin CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...) - gpac (bug #1056282) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2672 CVE-2023-47262 (The startup process and device configurations of the Abbott ID NOW dev ...) NOT-FOR-US: Abbott ID NOW CVE-2023-47127 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2023-47126 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2023-46601 (A vulnerability has been identified in COMOS (All versions). The affec ...) NOT-FOR-US: Siemens CVE-2023-46590 (A vulnerability has been identified in Siemens OPC UA Modelling Editor ...) NOT-FOR-US: Siemens CVE-2023-46099 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) NOT-FOR-US: Siemens CVE-2023-46098 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) NOT-FOR-US: Siemens CVE-2023-46097 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) NOT-FOR-US: Siemens CVE-2023-46096 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) NOT-FOR-US: Siemens CVE-2023-45794 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2023-45684 (Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. ...) - cfengine3 (Only affects CFEngine Enterprise) NOTE: https://cfengine.com/blog/2023/cve-2023-45684/ CVE-2023-45585 (An insertion of sensitive information into log file vulnerability [CWE ...) NOT-FOR-US: FortiGuard CVE-2023-45582 (An improper restriction of excessive authentication attempts vulnerabi ...) NOT-FOR-US: FortiGuard CVE-2023-44374 (Affected devices allow to change the password, but insufficiently chec ...) NOT-FOR-US: Siemens CVE-2023-44373 (Affected devices do not properly sanitize an input field. This could ...) NOT-FOR-US: Siemens CVE-2023-44322 (Affected devices can be configured to send emails when certain events ...) NOT-FOR-US: Siemens CVE-2023-44321 (Affected devices do not properly validate the length of inputs when pe ...) NOT-FOR-US: Siemens CVE-2023-44320 (Affected devices do not properly validate the authentication when perf ...) NOT-FOR-US: Siemens CVE-2023-44319 (Affected devices use a weak checksum algorithm to protect the configur ...) NOT-FOR-US: Siemens CVE-2023-44318 (Affected devices use a hardcoded key to obfuscate the configuration ba ...) NOT-FOR-US: Siemens CVE-2023-44317 (Affected products do not properly validate the content of uploaded X50 ...) NOT-FOR-US: Siemens CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...) NOT-FOR-US: FortiGuard CVE-2023-43505 (A vulnerability has been identified in COMOS (All versions). The affec ...) NOT-FOR-US: Siemens CVE-2023-43504 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...) NOT-FOR-US: Siemens CVE-2023-43503 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...) NOT-FOR-US: Siemens CVE-2023-42783 (A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8 ...) NOT-FOR-US: FortiGuard CVE-2023-41840 (A untrusted search path vulnerability in Fortinet FortiClientWindows 7 ...) NOT-FOR-US: FortiGuard CVE-2023-41676 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) NOT-FOR-US: FortiGuard CVE-2023-40719 (A use of hard-coded credentials vulnerability in Fortinet FortiAnalyze ...) NOT-FOR-US: FortiGuard CVE-2023-40540 (Non-Transparent Sharing of Microarchitectural Resources in some Intel( ...) NOT-FOR-US: Intel CVE-2023-40220 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...) NOT-FOR-US: Intel CVE-2023-39412 (Cross-site request forgery in some Intel Unison software may allow an ...) NOT-FOR-US: Intel CVE-2023-39411 (Improper input validationation for some Intel Unison software may allo ...) NOT-FOR-US: Intel CVE-2023-39230 (Insecure inherited permissions in some Intel Rapid Storage Technology ...) NOT-FOR-US: Intel CVE-2023-39228 (Improper access control for some Intel Unison software may allow an un ...) NOT-FOR-US: Intel CVE-2023-39221 (Improper access control for some Intel Unison software may allow an au ...) NOT-FOR-US: Intel CVE-2023-38570 (Access of memory location after end of buffer for some Intel Unison so ...) NOT-FOR-US: Intel CVE-2023-38411 (Improper access control in the Intel Smart Campus android application ...) NOT-FOR-US: Intel CVE-2023-38177 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38151 (Microsoft Host Integration Server 2020 Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-38131 (Improper input validationation for some Intel Unison software may allo ...) NOT-FOR-US: Intel CVE-2023-36860 (Improper input validation for some Intel Unison software may allow an ...) NOT-FOR-US: Intel CVE-2023-36719 (Microsoft Speech Application Programming Interface (SAPI) Elevation of ...) NOT-FOR-US: Microsoft CVE-2023-36705 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36641 (A numeric truncation error in Fortinet FortiProxy version 7.2.0 throug ...) NOT-FOR-US: FortiGuard CVE-2023-36633 (An improper authorization vulnerability [CWE-285] in FortiMail webmail ...) NOT-FOR-US: FortiGuard CVE-2023-36560 (ASP.NET Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36553 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2023-36439 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36428 (Microsoft Local Security Authority Subsystem Service Information Discl ...) NOT-FOR-US: Microsoft CVE-2023-36427 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36425 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-36424 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-36423 (Microsoft Remote Registry Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36422 (Microsoft Windows Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36410 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36408 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36407 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36406 (Windows Hyper-V Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36405 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36404 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36403 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36402 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-36401 (Microsoft Remote Registry Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36400 (Windows HMAC Key Derivation Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36399 (Windows Storage Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36398 (Windows NTFS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36397 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-36396 (Windows Compressed Folder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36395 (Windows Deployment Services Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36394 (Windows Search Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36393 (Windows User Interface Application Core Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-36392 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36052 (Azure CLI REST Command Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36050 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36047 (Windows Authentication Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36046 (Windows Authentication Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36045 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36043 (Open Management Infrastructure Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36042 (Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36041 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36039 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36037 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-36035 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36031 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36030 (Microsoft Dynamics 365 Sales Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36028 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) NOT-FOR-US: Microsoft CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36021 (Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36018 (Visual Studio Code Jupyter Extension Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36017 (Windows Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36016 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-34997 (Insecure inherited permissions in the installer for some Intel Server ...) NOT-FOR-US: Intel CVE-2023-34991 (A improper neutralization of special elements used in an sql command ( ...) NOT-FOR-US: FortiGuard CVE-2023-34431 (Improper input validation in some Intel(R) Server Board BIOS firmware ...) NOT-FOR-US: Intel CVE-2023-34430 (Uncontrolled search path in some Intel Battery Life Diagnostic Tool so ...) NOT-FOR-US: Intel CVE-2023-34350 (Uncontrolled search path element in some Intel(R) XTU software before ...) NOT-FOR-US: Intel CVE-2023-34314 (Insecure inherited permissions in some Intel(R) Simics Simulator softw ...) NOT-FOR-US: Intel CVE-2023-33878 (Path transversal in some Intel(R) NUC P14E Laptop Element Audio Instal ...) NOT-FOR-US: Intel CVE-2023-33874 (Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - ...) NOT-FOR-US: Intel CVE-2023-33872 (Improper access control in the Intel Support android application all v ...) NOT-FOR-US: Intel CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet FortiClient ...) NOT-FOR-US: FortiGuard CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP version(s ...) NOT-FOR-US: QNX SDP CVE-2023-32666 (On-chip debug and test interface with improper access control in some ...) NOT-FOR-US: Intel CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic Tool inst ...) NOT-FOR-US: Intel CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJY ...) NOT-FOR-US: Intel CVE-2023-32660 (Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbol ...) NOT-FOR-US: Intel CVE-2023-32658 (Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC ...) NOT-FOR-US: Intel CVE-2023-32655 (Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NU ...) NOT-FOR-US: Intel CVE-2023-32641 (Improper input validation in firmware for Intel(R) QAT before version ...) NOT-FOR-US: Intel CVE-2023-32638 (Incorrect default permissions in some Intel Arc RGB Controller softwar ...) NOT-FOR-US: Intel CVE-2023-32283 (Insertion of sensitive information into log file in some Intel(R) On D ...) NOT-FOR-US: Intel CVE-2023-32279 (Improper access control in user mode driver for some Intel(R) Connecti ...) NOT-FOR-US: Intel CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel ...) NOT-FOR-US: Intel CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...) NOT-FOR-US: Intel CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver ...) NOT-FOR-US: Intel CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...) NOT-FOR-US: Intel CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-31203 (Improper input validation in some OpenVINO Model Server software befor ...) NOT-FOR-US: Intel CVE-2023-29161 (Uncontrolled search path in some Intel(R) OFU software before version ...) NOT-FOR-US: Intel CVE-2023-29157 (Improper access control in some Intel(R) OFU software before version 1 ...) NOT-FOR-US: Intel CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware ...) NOT-FOR-US: Intel CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products before ...) NOT-FOR-US: Intel CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that can cr ...) - kubernetes (Windows-specific) CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...) {DSA-5563-1 DLA-3690-1} - intel-microcode 3.20231114.1 (bug #1055962) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114 NOTE: https://lock.cmpxchg8b.com/reptar.html NOTE: https://github.com/google/security-research/tree/master/pocs/cpus/reptar NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/redundant-prefix-issue.html CVE-2023-6115 REJECTED CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race condition in ...) NOT-FOR-US: WordPress plugin CVE-2023-6107 REJECTED CVE-2023-6106 REJECTED CVE-2023-6092 REJECTED CVE-2023-6089 REJECTED CVE-2023-6088 REJECTED CVE-2023-6087 REJECTED CVE-2023-6086 REJECTED CVE-2023-6085 REJECTED CVE-2023-6083 REJECTED CVE-2023-6034 REJECTED CVE-2023-6010 REJECTED CVE-2023-6006 (This vulnerability potentially allows local attackers to escalate priv ...) NOT-FOR-US: PaperCut NG CVE-2023-5977 REJECTED CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event ...) NOT-FOR-US: WordPress plugin CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin Gravity Mast ...) NOT-FOR-US: WordPress plugin CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...) NOT-FOR-US: WordPress plugin CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bo ...) NOT-FOR-US: WordPress plugin CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePun ...) NOT-FOR-US: WordPress plugin CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano ...) NOT-FOR-US: WordPress plugin CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_p ...) NOT-FOR-US: WordPress plugin CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gold ...) NOT-FOR-US: WordPress plugin CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47629 (DataHub is an open-source metadata platform. In affected versions sign ...) NOT-FOR-US: DataHub CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub Frontend's sessio ...) NOT-FOR-US: DataHub CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In affected ver ...) NOT-FOR-US: PX4 autopilot CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 ...) NOT-FOR-US: OSS Calendar CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2 ...) NOT-FOR-US: free5GC CVE-2023-47117 (Label Studio is an open source data labeling tool. In all current vers ...) - label-studio (bug #1026232) CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control the rem ...) - python-asyncssh (bug #1055999) [bookworm] - python-asyncssh (Minor issue) [bullseye] - python-asyncssh (Minor issue) [buster] - python-asyncssh (Minor issue) NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm NOTE: https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e (v2.14.1) NOTE: https://terrapin-attack.com/ CVE-2023-46445 (An issue in AsyncSSH before 2.14.1 allows attackers to control the ext ...) - python-asyncssh (bug #1056000) [bookworm] - python-asyncssh (Minor issue) [bullseye] - python-asyncssh (Minor issue) [buster] - python-asyncssh (Minor issue) NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 NOTE: https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e (v2.14.1) NOTE: https://terrapin-attack.com/ CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects B ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in Code-Projects Blood ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in Code-Projects Bloo ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in Code-Projects Bloo ...) NOT-FOR-US: Code-Projects Blood Bank CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resour ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME el ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write ...) NOT-FOR-US: GibbonEdu Gibbon CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to send cra ...) NOT-FOR-US: Yasukawa memberscard CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted notificat ...) NOT-FOR-US: Golden CVE-2023-43902 (Incorrect access control in the Forgot Your Password function of EMSig ...) NOT-FOR-US: EMSigner CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of EMSigner v ...) NOT-FOR-US: EMSigner CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow atta ...) NOT-FOR-US: EMSigner CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) NOT-FOR-US: Kyverno CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) NOT-FOR-US: Kyverno CVE-2023-42814 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) NOT-FOR-US: Kyverno CVE-2023-42813 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) NOT-FOR-US: Kyverno CVE-2023-42480 (The unauthenticated attacker in NetWeaver AS Java Logon application - ...) NOT-FOR-US: SAP CVE-2023-42327 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...) NOT-FOR-US: pfSense CVE-2023-42326 (An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execut ...) NOT-FOR-US: pfSense CVE-2023-42325 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...) NOT-FOR-US: pfSense CVE-2023-41366 (Under certain condition SAP NetWeaver Application Server ABAP - versio ...) NOT-FOR-US: SAP CVE-2023-31754 (Optimizely CMS UI before v12.16.0 was discovered to contain a cross-si ...) NOT-FOR-US: Optimizely CMS UI CVE-2023-31403 (SAP Business One installation - version 10.0, does not perform proper ...) NOT-FOR-US: SAP CVE-2023-6104 REJECTED CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and classifi ...) NOT-FOR-US: Intelbras CVE-2023-6102 (A vulnerability, which was classified as problematic, was found in Mai ...) NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6101 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6100 (A vulnerability classified as problematic was found in Maiwei Safety P ...) NOT-FOR-US: Maiwei Safety Production Control Platform CVE-2023-6099 (A vulnerability classified as critical has been found in Shenzhen Youk ...) NOT-FOR-US: Shenzhen Youkate Industrial Facial Love Cloud Payment System CVE-2023-6098 (An XSS vulnerability has been discovered in ICS Business Manager affec ...) NOT-FOR-US: ICS Business Manager CVE-2023-6097 (A SQL injection vulnerability has been found in ICS Business Manager, ...) NOT-FOR-US: ICS Business Manager CVE-2023-5999 REJECTED CVE-2023-48068 (DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vu ...) NOT-FOR-US: DedeCMS CVE-2023-48063 (An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerab ...) NOT-FOR-US: dreamer_cms NOT-FOR-US: Dreamer CMS CVE-2023-48060 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-48058 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-47801 (An issue was discovered in Click Studios Passwordstate before 9811. Ex ...) NOT-FOR-US: Click Studios Passwordstate CVE-2023-47621 (Guest Entries is a php library which allows users to create, update & ...) NOT-FOR-US: Guest Entries CVE-2023-46092 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Web ...) NOT-FOR-US: LionScripts.Com Webmaster Tools CVE-2023-40335 (Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cl ...) NOT-FOR-US: Jeremy O'Connell Cleverwise Daily Quotes CVE-2023-39166 (Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Compo ...) NOT-FOR-US: WordPress plugin CVE-2023-35877 (Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User ...) NOT-FOR-US: WordPress plugin CVE-2023-32123 (Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 al ...) NOT-FOR-US: WordPress plugin CVE-2023-XXXX [tor TROVE-2023-006] - tor 0.4.8.9-1 [bookworm] - tor (Vulnerable code introduced with 0.4.8.1-alpha) [bullseye] - tor (Vulnerable code introduced with 0.4.8.1-alpha) [buster] - tor (Vulnerable code introduced with 0.4.8.1-alpha) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/e62b8bce5a88f8fa38a62ab503df7f0eecfb1d22 (tor-0.4.8.9) NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/83aecca561e5c284a7279e1fc5784871abe5304b (tor-0.4.8.9) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40883 (non public ATM) CVE-2023-XXXX [tor TROVE-2023-004] - tor 0.4.8.8-1 [bookworm] - tor 0.4.7.16-1 [bullseye] - tor (see DSA 5562) [buster] - tor (see DLA 3685) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) CVE-2023-XXXX [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] - rust-self-cell 1.0.2-1 (bug #1055895) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html NOTE: https://github.com/Voultapher/self_cell/issues/49 CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) NOT-FOR-US: Hanwha Vision PNV-A6081R CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2023-5037 REJECTED CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) NOT-FOR-US: WordPress plugin CVE-2023-47652 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-47516 (Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Categ ...) NOT-FOR-US: WordPress plugin CVE-2023-47230 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...) NOT-FOR-US: WordPress plugin CVE-2023-47163 (Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence ...) NOT-FOR-US: Remarshal CVE-2023-46638 (Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWe ...) NOT-FOR-US: WordPress plugin CVE-2023-46636 (Cross-Site Request Forgery (CSRF) vulnerability in David St\xf6ckl Cus ...) NOT-FOR-US: WordPress plugin CVE-2023-46634 (Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My ...) NOT-FOR-US: WordPress plugin CVE-2023-46629 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remov ...) NOT-FOR-US: WordPress plugin CVE-2023-46625 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Man ...) NOT-FOR-US: WordPress plugin CVE-2023-46620 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) NOT-FOR-US: WordPress plugin CVE-2023-46619 (Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialW ...) NOT-FOR-US: WordPress plugin CVE-2023-46618 (Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Serge ...) NOT-FOR-US: WordPress plugin CVE-2023-46207 (Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Mot ...) NOT-FOR-US: WordPress plugin CVE-2023-46201 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) NOT-FOR-US: WordPress plugin CVE-2023-41239 (Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress ...) NOT-FOR-US: WordPress plugin CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church ...) NOT-FOR-US: WordPress plugin CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2023-38363 (IBM CICS TX Advanced 10.1 does not set the secure attribute on authori ...) NOT-FOR-US: IBM CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) NOT-FOR-US: WordPress plugin CVE-2023-35041 (Cross-Site Request Forgery (CSRF) vulnerability leading to Local File ...) NOT-FOR-US: WordPress plugin CVE-2023-34384 (Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter F ...) NOT-FOR-US: WordPress plugin CVE-2023-34378 (Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP H ...) NOT-FOR-US: WordPress plugin CVE-2023-34013 (Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Po ...) NOT-FOR-US: WordPress plugin CVE-2023-33207 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\xf ...) NOT-FOR-US: WordPress plugin CVE-2023-32588 (Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Pos ...) NOT-FOR-US: WordPress plugin CVE-2023-32583 (Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP A ...) NOT-FOR-US: WordPress plugin CVE-2023-6084 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-47037 (We failed to applyCVE-2023-40611 in 2.7.1 and this vulnerability was m ...) - airflow (bug #819700) CVE-2023-5959 (A vulnerability, which was classified as problematic, was found in Byz ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform V31R02B10-01 CVE-2023-47390 (Headscale through 0.22.3 writes bearer tokens to info-level logs.) NOT-FOR-US: Headscale CVE-2023-43057 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) NOT-FOR-US: IBM CVE-2023-4804 (Anunauthorized user could access debug features in Quantum HD Unity pr ...) NOT-FOR-US: Quantum HD Unity CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In version ...) - gitsign (bug #1019518) CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...) {DSA-5555-1} - openvpn 2.6.7-1 (bug #1055805) [bullseye] - openvpn (Vulnerable code not present) [buster] - openvpn (Vulnerable code not present) NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/9a7b95fda56127df6de6fe7c60e08fb5b67a9919 (v2.6_beta1) NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/57a5cd1e12f193927c9b7429f8778fec7e04c50a (v2.6.7) CVE-2023-46849 (Using the --fragment option in certain configuration setups OpenVPN ve ...) {DSA-5555-1} - openvpn 2.6.7-1 (bug #1055805) [bullseye] - openvpn (Vulnerable code not present) [buster] - openvpn (Vulnerable code not present) NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/1cfca659244e362f372d9843351257f456392a2f (v2.6.7) CVE-2023-6076 (A vulnerability classified as problematic was found in PHPGurukul Rest ...) NOT-FOR-US: PHPGurukul CVE-2023-6075 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...) NOT-FOR-US: PHPGurukul CVE-2023-4949 (An attacker with local access to a system (either through a disk or ex ...) - grub (unimportant) NOTE: https://xenbits.xenproject.org/xsa/advisory-443.html NOTE: grub-legancy has not secure boot support. The CVE is specific for the src:grub NOTE: issue "An attacker with local access to a system (either through a disk or external NOTE: drive) can present a modified XFS partition to grub-legacy in such a way to exploit NOTE: a memory corruption in grub's XFS file system implementation." CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Telit Cinterion CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists in Telit ...) NOT-FOR-US: Telit Cinterion CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier all ...) - hoteldruid 3.0.6-1 (bug #1055772) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-47129 (Statmic is a core Laravel content management system Composer package. ...) NOT-FOR-US: Statmic CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...) NOT-FOR-US: Piccolo ORM (not the same as src:piccolo) CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-47120 (Discourse is an open source platform for community discussion. In vers ...) NOT-FOR-US: Discourse CVE-2023-47119 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) NOT-FOR-US: OpenTelemetry-Go Contrib CVE-2023-46735 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code introduced later in v6.3.0) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr NOTE: https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962 (v6.3.8) CVE-2023-46734 (Symfony is a PHP framework for web and console applications and a set ...) {DLA-3664-1} - symfony 5.4.31+dfsg-1 (bug #1055774) [bookworm] - symfony 5.4.23+dfsg-1+deb12u1 [bullseye] - symfony 4.4.19+dfsg-2+deb11u4 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3 NOTE: https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c (v4.4.51, v5.4.31, v6.3.8) CVE-2023-46733 (Symfony is a PHP framework for web and console applications and a set ...) - symfony 5.4.31+dfsg-1 (bug #1055775) [bookworm] - symfony 5.4.23+dfsg-1+deb12u1 [bullseye] - symfony (Vulnerable code introduced later) [buster] - symfony (Vulnerable code introduced later) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx NOTE: https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74 (v5.4.31, v6.3.8) CVE-2023-46130 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-45816 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-45806 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2023-41285 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) NOT-FOR-US: QNAP CVE-2023-41284 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) NOT-FOR-US: QNAP CVE-2023-39295 (An OS command injection vulnerability has been reported to affect QuMa ...) NOT-FOR-US: QNAP CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-5870 (A flaw was found in PostgreSQL involving the pg_cancel_backend role th ...) {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/ NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ CVE-2023-5869 (A flaw was found in PostgreSQL that allows authenticated database user ...) {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/ NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ CVE-2023-5868 (A memory disclosure vulnerability was found in PostgreSQL that allows ...) {DSA-5554-1 DSA-5553-1 DLA-3651-1} - postgresql-16 16.1-1 - postgresql-15 (bug #1056283) - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/ NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the ICAS 3 IV ...) NOT-FOR-US: Volkswagen CVE-2023-6069 (Improper Link Resolution Before File Access in GitHub repository froxl ...) - froxlor (bug #581792) CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests triggerin ...) NOT-FOR-US: HashiCorp Vault CVE-2023-4379 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default pass ...) NOT-FOR-US: Natus NeuroWorks and SleepWorks CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal vulnerability le ...) NOT-FOR-US: SysAid CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized ...) NOT-FOR-US: sentry-javascript CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 ...) NOT-FOR-US: WBCE CMS CVE-2023-36024 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36014 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-34031 (Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPre ...) NOT-FOR-US: WordPress plugin CVE-2023-34025 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login ...) NOT-FOR-US: WordPress plugin CVE-2023-34024 (Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP ...) NOT-FOR-US: WordPress plugin CVE-2023-32794 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) NOT-FOR-US: WordPress plugin CVE-2023-32745 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...) NOT-FOR-US: WordPress plugin CVE-2023-32744 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) NOT-FOR-US: WordPress plugin CVE-2023-32739 (Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custo ...) NOT-FOR-US: WordPress plugin CVE-2023-32602 (Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NO ...) NOT-FOR-US: WordPress plugin CVE-2023-32594 (Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej ...) NOT-FOR-US: WordPress plugin CVE-2023-32592 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edwa ...) NOT-FOR-US: WordPress plugin CVE-2023-32587 (Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC W ...) NOT-FOR-US: WordPress plugin CVE-2023-32579 (Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forg ...) NOT-FOR-US: WordPress plugin CVE-2023-32512 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) NOT-FOR-US: WordPress plugin CVE-2023-32502 (Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro M ...) NOT-FOR-US: WordPress plugin CVE-2023-32501 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...) NOT-FOR-US: WordPress plugin CVE-2023-32500 (Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - M ...) NOT-FOR-US: WordPress Theme CVE-2023-32125 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...) NOT-FOR-US: WordPress plugin CVE-2023-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Red ...) NOT-FOR-US: WordPress plugin CVE-2023-32092 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) NOT-FOR-US: WordPress plugin CVE-2023-6054 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2023-6053 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tongda OA CVE-2023-6052 (A vulnerability classified as critical has been found in Tongda OA 201 ...) NOT-FOR-US: Tongda OA CVE-2023-6039 (A use-after-free flaw was found in lan78xx_disconnect in drivers/net/u ...) - linux 6.4.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 (6.5-rc5) CVE-2023-4612 (Improper Authentication vulnerability in Apereo CAS injakarta.servlet. ...) NOT-FOR-US: Apereo CAS CVE-2023-4218 (In Eclipse IDE versions < 2023-09 (4.29) some files with xml content a ...) - eclipse CVE-2023-47616 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Telit Cinterion CVE-2023-47615 (A CWE-526: Exposure of Sensitive Information Through Environmental Var ...) NOT-FOR-US: Telit Cinterion CVE-2023-47612 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...) NOT-FOR-US: Telit Cinterion CVE-2023-47610 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Telit Cinterion CVE-2023-47373 (The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allow ...) NOT-FOR-US: DRAGON FAMILY Line CVE-2023-47372 (The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6. ...) NOT-FOR-US: UPDATESALON C-LOUNGE Line CVE-2023-47370 (The leakage of channel access token in bluetrick Line 13.6.1 allows re ...) NOT-FOR-US: bluetrick Line CVE-2023-47369 (The leakage of channel access token in best_training_member Line 13.6. ...) NOT-FOR-US: best_training_member Line CVE-2023-47368 (The leakage of channel access token in taketorinoyu Line 13.6.1 allows ...) NOT-FOR-US: taketorinoyu Line CVE-2023-47367 (The leakage of channel access token in platinum clinic Line 13.6.1 all ...) NOT-FOR-US: platinum clinic Line CVE-2023-47366 (The leakage of channel access token in craft_members Line 13.6.1 allow ...) NOT-FOR-US: craft_members Line CVE-2023-47365 (The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 ...) NOT-FOR-US: Lil.OFF-PRICE STORE Line CVE-2023-47364 (The leakage of channel access token in nagaoka taxi Line 13.6.1 allows ...) NOT-FOR-US: nagaoka taxi Line CVE-2023-47363 (The leakage of channel access token in F.B.P members Line 13.6.1 allow ...) NOT-FOR-US: F.B.P members Line CVE-2023-47238 (Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 \ ...) NOT-FOR-US: WordPress plugin CVE-2023-47237 (Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-47110 (blockreassurance adds an information block aimed at offering helpful i ...) NOT-FOR-US: blockreassurance CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view sensitiv ...) NOTE: Bogus issue reported for esptool, also see NOTE: https://github.com/espressif/esptool/issues/926 NOTE: Old revisions of one of the supported chipsets were using AES ECB for secure NOTE: boot and flash encryption, but newer ones have switched to newer cryptographic NOTE: algorithms. esptool keeps support for the older algorithms, in order to keep NOTE: the ability to work with older revisions of the hardware. CVE-2023-46743 (application-collabora is an integration of Collabora Online in XWiki. ...) NOT-FOR-US: XWiki CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...) NOT-FOR-US: WordPress plugin CVE-2023-45885 (Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct ...) NOT-FOR-US: NASA Open MCT (aka openmct) CVE-2023-45884 (Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka ...) NOT-FOR-US: NASA Open MCT (aka openmct) CVE-2023-43791 (Label Studio is a multi-type data labeling and annotation tool with st ...) - label-studio (bug #1026232) CVE-2023-41138 (The AppsAnywhere macOS client-privileged helper can be tricked into ex ...) NOT-FOR-US: AppsAnywhere macOS client-privileged helper CVE-2023-41137 (Symmetric encryption used to protect messages between the AppsAnywhere ...) NOT-FOR-US: AppsAnywhere CVE-2023-40055 (The Network Configuration Manager was susceptible to a Directory Trave ...) NOT-FOR-US: SolarWinds CVE-2023-40054 (The Network Configuration Manager was susceptible to a Directory Trave ...) NOT-FOR-US: SolarWinds CVE-2023-39198 (A race condition was found in the QXL driver in the Linux kernel. The ...) - linux 6.4.13-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.209-1 NOTE: https://git.kernel.org/linus/c611589b4259ed63b9b77be6872b1ce07ec0ac16 (6.5-rc7) CVE-2023-39197 (An out-of-bounds read vulnerability was found in Netfilter Connection ...) - linux 6.4.4-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30 (6.5-rc1) CVE-2023-36688 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) NOT-FOR-US: WordPress plugin CVE-2023-34386 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart ...) NOT-FOR-US: WordPress plugin CVE-2023-34371 (Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo Spa ...) NOT-FOR-US: WordPress plugin CVE-2023-34182 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Passw ...) NOT-FOR-US: WordPress plugin CVE-2023-34181 (Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2023-34178 (Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Gro ...) NOT-FOR-US: WordPress plugin CVE-2023-34177 (Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagstr\xf6m W ...) NOT-FOR-US: WordPress plugin CVE-2023-34171 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Repor ...) NOT-FOR-US: WordPress plugin CVE-2023-34169 (Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc ...) NOT-FOR-US: WordPress plugin CVE-2023-34033 (Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagina ...) NOT-FOR-US: WordPress plugin CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manage ...) NOT-FOR-US: WordPress plugin CVE-2023-46857 (Squidex before 7.9.0 allows XSS via an SVG document to the Upload Asse ...) NOT-FOR-US: Squidex CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...) NOT-FOR-US: Lenovo CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could allow a ...) NOT-FOR-US: Lenovo CVE-2023-5075 (A buffer overflow was reported in the FmpSipoCapsuleDriver driver in t ...) NOT-FOR-US: Lenovo CVE-2023-4891 (A potential use-after-free vulnerability was reported in the Lenovo Vi ...) NOT-FOR-US: Lenovo CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo preloaded ...) NOT-FOR-US: Lenovo CVE-2023-4632 (An uncontrolled search path vulnerability was reported in Lenovo Syste ...) NOT-FOR-US: Lenovo CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinter ...) NOT-FOR-US: Telit Cinterion CVE-2023-47489 (CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows ...) NOT-FOR-US: Combodo iTop CVE-2023-47488 (Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 all ...) NOT-FOR-US: Combodo iTop CVE-2023-47114 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-47113 (BleachBit cleans files to free disk space and to maintain privacy. Ble ...) NOT-FOR-US: BleachBit CVE-2023-47111 (ZITADEL provides identity infrastructure. ZITADEL provides administrat ...) NOT-FOR-US: ZITADEL CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at offerin ...) NOT-FOR-US: PrestaShop blockreassurance CVE-2023-47008 REJECTED CVE-2023-47007 REJECTED CVE-2023-47006 REJECTED CVE-2023-47005 REJECTED CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a ...) NOT-FOR-US: MLDB.ai CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in ...) - jbig2enc (bug #1059285) NOTE: https://github.com/agl/jbig2enc/issues/85 CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbi ...) - jbig2enc (bug #1059284) NOTE: https://github.com/agl/jbig2enc/issues/84 CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private ...) NOT-FOR-US: Couchbase Server CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...) - node-axios 1.6.2+dfsg-1 (bug #1056099) [bookworm] - node-axios (Minor issue) [bullseye] - node-axios (Minor issue) [buster] - node-axios (Minor issue) NOTE: https://github.com/axios/axios/issues/6006 NOTE: https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0 (v1.6.0) CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm SMM drive ...) NOT-FOR-US: Lenovo CVE-2023-45078 (A memory leakage vulnerability was reported in the DustFilterAlertSmm ...) NOT-FOR-US: Lenovo CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740 DXE driver ...) NOT-FOR-US: Lenovo CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140 DXE driver ...) NOT-FOR-US: Lenovo CVE-2023-45075 (A memory leakage vulnerability was reported in the SWSMI_Shadow DXE dr ...) NOT-FOR-US: Lenovo CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in some Lenovo ...) NOT-FOR-US: Lenovo CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in some Leno ...) NOT-FOR-US: Lenovo CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo ...) NOT-FOR-US: Lenovo CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some Lenovo D ...) NOT-FOR-US: Lenovo CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some Lenovo De ...) NOT-FOR-US: Lenovo CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some Lenovo D ...) NOT-FOR-US: Lenovo CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable module in som ...) NOT-FOR-US: Lenovo CVE-2023-43574 (A buffer over-read was reported in the LEMALLDriversConnectedEventHook ...) NOT-FOR-US: Lenovo CVE-2023-43573 (A buffer overflow was reported in the LEMALLDriversConnectedEventHook ...) NOT-FOR-US: Lenovo CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader module in s ...) NOT-FOR-US: Lenovo CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader module in so ...) NOT-FOR-US: Lenovo CVE-2023-43570 (A potential vulnerability was reported in the SMI callback function of ...) NOT-FOR-US: Lenovo CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some Lenovo Des ...) NOT-FOR-US: Lenovo CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey module in ...) NOT-FOR-US: Lenovo CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey module in ...) NOT-FOR-US: Lenovo CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) NOT-FOR-US: Zavio CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an ...) NOT-FOR-US: Jaspersoft Clarity PPM CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site scripting (XSS) ...) NOT-FOR-US: HCL CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Dire ...) NOT-FOR-US: Couchbase Server CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...) NOT-FOR-US: Lanaccess ONSAFE MonitorHM CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...) NOT-FOR-US: FreeBSD (cap_net libcasper service) CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...) NOT-FOR-US: FreeBSD CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...) NOT-FOR-US: Microfocus opentext CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) NOT-FOR-US: Norton CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) NOT-FOR-US: Helix Core CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) NOT-FOR-US: opoGrafix DataPlugin for GPX CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) NOT-FOR-US: WeBid CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...) NOT-FOR-US: microweber CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) NOT-FOR-US: WordPress plugin CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) NOT-FOR-US: WordPress plugin CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) NOT-FOR-US: WordPress plugin CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...) NOT-FOR-US: WordPress plugin CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) NOT-FOR-US: WordPress plugin CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...) NOT-FOR-US: PILOS CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) NOT-FOR-US: Huawei CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...) NOT-FOR-US: Huawei CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) NOT-FOR-US: Huawei CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) NOT-FOR-US: Huawei CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) NOT-FOR-US: Huawei CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...) NOT-FOR-US: Huawei CVE-2023-46763 (Vulnerability of background app permission management in the framework ...) NOT-FOR-US: Huawei CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) NOT-FOR-US: Huawei CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) NOT-FOR-US: Huawei CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) NOT-FOR-US: Huawei CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...) NOT-FOR-US: Huawei CVE-2023-46758 (Permission management vulnerability in the multi-screen interaction mo ...) NOT-FOR-US: Huawei CVE-2023-46757 (The remote PIN module has a vulnerability that causes incorrect inform ...) NOT-FOR-US: Huawei CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...) NOT-FOR-US: Huawei CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...) NOT-FOR-US: Huawei CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...) NOT-FOR-US: WordPress plugin CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...) NOT-FOR-US: WordPress plugin CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...) NOT-FOR-US: WordPress plugin CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...) NOT-FOR-US: WordPress plugin CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...) NOT-FOR-US: WordPress plugin CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...) NOT-FOR-US: Helix Core CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) NOT-FOR-US: Helix Core CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...) NOT-FOR-US: Bastion CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...) NOT-FOR-US: Huawei CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) NOT-FOR-US: Palo Alto Networks CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...) NOT-FOR-US: Apache UIMA CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) NOT-FOR-US: Helix Core CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...) NOT-FOR-US: WordPress plugin CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...) NOT-FOR-US: Huawei CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers in PyArro ...) - apache-arrow (bug #970021) CVE-2023-40114 (In multiple functions of MtpFfsHandle.cpp , there is a possible out of ...) NOT-FOR-US: Android CVE-2023-40111 (In setMediaButtonReceiver of MediaSessionRecord.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-40110 (In multiple functions of MtpPacket.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-40109 (In createFromParcel of UsbConfiguration.java, there is a possible back ...) NOT-FOR-US: Android CVE-2023-40107 (In ARTPWriter of ARTPWriter.cpp, there is a possible use after free du ...) NOT-FOR-US: Android CVE-2023-40106 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-40105 (In backupAgentCreated of ActivityManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-40124 (In multiple locations, there is a possible cross-user read due to a co ...) NOT-FOR-US: Android CVE-2023-40115 (In readLogs of StatsService.cpp, there is a possible memory corruption ...) NOT-FOR-US: Android CVE-2023-40100 (In discovery_thread of Dns64Configuration.cpp, there is a possible mem ...) NOT-FOR-US: Android CVE-2023-40104 (In ca-certificates, there is a possible way to read encrypted TLS data ...) NOT-FOR-US: Android CVE-2023-40113 (In multiple locations, there is a possible way for apps to access cros ...) NOT-FOR-US: Android CVE-2023-40112 (In ippSetValueTag of ipp.c, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...) NOT-FOR-US: YugabyteDB CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) NOT-FOR-US: YugabyteDB CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...) NOT-FOR-US: Huawei CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46799 REJECTED CVE-2023-46798 REJECTED CVE-2023-46797 REJECTED CVE-2023-46796 REJECTED CVE-2023-46795 REJECTED CVE-2023-46794 REJECTED CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46792 REJECTED CVE-2023-46790 REJECTED CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46786 REJECTED CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) NOT-FOR-US: Online Matrimonial Project CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module. Successful ex ...) NOT-FOR-US: Huawei CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2023-46680 REJECTED CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) NOT-FOR-US: Online Job Portal CVE-2023-46678 REJECTED CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) NOT-FOR-US: Online Job Portal CVE-2023-46676 REJECTED CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) NOT-FOR-US: timetec AWDMS CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) - gpac (bug #1056282) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2629 NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) NOT-FOR-US: PrestaShop addon CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...) NOT-FOR-US: Huawei CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before v4.4.7 allow ...) NOT-FOR-US: Smart Soft advancedexport CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF Exporte ...) NOT-FOR-US: Midori-global Better PDF Exporter for Jira Server CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: Samsung CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) NOT-FOR-US: Samsung CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) NOT-FOR-US: Samsung CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reserved de ...) - golang-1.21 1.21.4-1 (unimportant) - golang-1.20 1.20.11-1 (unimportant) - golang-1.19 (unimportant) - golang-1.15 (unimportant) - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY NOTE: https://github.com/golang/go/issues/63713 NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...) - golang-1.21 1.21.5-1 (unimportant) - golang-1.20 1.20.12-1 (unimportant) - golang-1.19 (unimportant) - golang-1.15 (unimportant) - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY NOTE: https://github.com/golang/go/issues/63713 NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) NOTE: Requires a followup: https://www.openwall.com/lists/oss-security/2023/12/05/2 NOTE: https://go.dev/issue/64028 NOTE: https://github.com/golang/go/commit/8caf4bb3e78d0bc2d5598645b89ed8f0e9bd68f2 (go1.21.5) NOTE: https://github.com/golang/go/commit/1b59b017db1ac4a63ed08173c00d7f08d47530be (go1.20.12) NOTE: No security impact for Debian packages, only affects code running on Windows CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac (bug #1056282) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 al ...) {DSA-5551-1} - chromium 119.0.6045.123-1 [buster] - chromium (see DSA 5046) CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-5819 (The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5818 (The Amazonify plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2023-5743 (The Telephone Number Linker plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-5709 (The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WordPress plugin CVE-2023-5703 (The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-5669 (The Featured Image Caption plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2023-5661 (The Social Feed plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-5660 (The SendPress Newsletters plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5659 (The Interact: Embed A Quiz On Your Site plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2023-5658 (The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2023-5577 (The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-5567 (The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-5532 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-5507 (The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-5506 (The ImageMapper plugin for WordPress is vulnerable to unauthorized los ...) NOT-FOR-US: WordPress plugin CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5contain a fl ...) NOT-FOR-US: Puppet Enterprise CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-4295 (A local non-privileged user can make improper GPU memory processing op ...) NOT-FOR-US: Arm CVE-2023-4272 (A local non-privileged user can make GPU processing operations that ex ...) NOT-FOR-US: Arm CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSoluti ...) NOT-FOR-US: WordPress plugin CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in funct ...) NOT-FOR-US: Tenda CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...) NOT-FOR-US: Tenda CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In ...) NOT-FOR-US: Squidex CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...) NOT-FOR-US: Cosign CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...) NOT-FOR-US: Group-Office CRM CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...) NOT-FOR-US: BoltWire CVE-2023-46253 (Squidex is an open source headless CMS and content management hub. Aff ...) NOT-FOR-US: Squidex CVE-2023-46252 (Squidex is an open source headless CMS and content management hub. Aff ...) NOT-FOR-US: Squidex CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-46242 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-42659 (In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted fi ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 ...) NOT-FOR-US: Wonder CMS CVE-2023-3889 (A local non-privileged user can make improper GPU memory processing op ...) NOT-FOR-US: Arm CVE-2023-37835 REJECTED CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-33481 (RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection att ...) NOT-FOR-US: RemoteClinic CVE-2023-33480 (RemoteClinic 2.0 contains a critical vulnerability chain that can be e ...) NOT-FOR-US: RemoteClinic CVE-2023-33479 (RemoteClinic version 2.0 contains a SQL injection vulnerability in the ...) NOT-FOR-US: RemoteClinic CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter ...) NOT-FOR-US: RemoteClinic CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups ...) NOT-FOR-US: WordPress plugin CVE-2021-4431 (A vulnerability classified as problematic has been found in msyk FMDat ...) NOT-FOR-US: msyk FMDataAPI CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict URL val ...) NOT-FOR-US: Apache Allura CVE-2023-46819 (Missing Authentication in Apache Software Foundation Apache OFBiz when ...) NOT-FOR-US: Apache OFBiz CVE-2023-5976 (Improper Access Control in GitHub repository microweber/microweber pri ...) NOT-FOR-US: microweber CVE-2023-5605 (The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-5601 (The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1. ...) NOT-FOR-US: WordPress plugin CVE-2023-5530 (The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-5454 (The Templately WordPress plugin before 2.2.6 does not properly authori ...) NOT-FOR-US: WordPress plugin CVE-2023-5355 (The Awesome Support WordPress plugin before 6.1.5 does not sanitize fi ...) NOT-FOR-US: WordPress plugin CVE-2023-5354 (The Awesome Support WordPress plugin before 6.1.5 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-5352 (The Awesome Support WordPress plugin before 6.1.5 does not correctly a ...) NOT-FOR-US: WordPress plugin CVE-2023-5228 (The User Registration WordPress plugin before 3.0.4.2 does not sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2023-5181 (The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-5082 (The History Log by click5 WordPress plugin before 1.0.13 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-5076 (The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-4930 (The Front End PM WordPress plugin before 11.4.3 does not block listing ...) NOT-FOR-US: WordPress plugin CVE-2023-4858 (The Simple Table Manager WordPress plugin through 1.5.6 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-4810 (The Responsive Pricing Table WordPress plugin before 5.1.8 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user accounts ...) NOT-FOR-US: UrBackup Server CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...) NOT-FOR-US: RedisGraph CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...) - libjs-bootbox (bug #1055612) [bookworm] - libjs-bootbox (Minor issue) [bullseye] - libjs-bootbox (Minor issue) [buster] - libjs-bootbox (Minor issue, reflected XSS) NOTE: https://github.com/bootboxjs/bootbox/issues/661 CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...) NOT-FOR-US: EC-CUBE CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...) NOT-FOR-US: MyBB CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03 ...) NOT-FOR-US: Tenda CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda RX9 Pro F ...) NOT-FOR-US: Tenda CVE-2023-42555 (Use of implicit intent for sensitive communication vulnerability in Ea ...) NOT-FOR-US: Samsung CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2023-42553 (Improper authorization verification vulnerability in Samsung Email pri ...) NOT-FOR-US: Samsung CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall application prior ...) NOT-FOR-US: Samsung CVE-2023-42551 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42550 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42549 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42548 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42547 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42546 (Use of implicit intent for sensitive communication vulnerability in st ...) NOT-FOR-US: Samsung CVE-2023-42545 (Use of implicit intent for sensitive communication vulnerability in Ph ...) NOT-FOR-US: Samsung CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to 13.5.52. ...) NOT-FOR-US: Samsung CVE-2023-42543 (Improper verification of intent by broadcast receiver vulnerability in ...) NOT-FOR-US: Samsung CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service prior to ...) NOT-FOR-US: Samsung CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push Service p ...) NOT-FOR-US: Samsung CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior to vers ...) NOT-FOR-US: Samsung CVE-2023-42539 (PendingIntent hijacking vulnerability in ChallengeNotificationManager ...) NOT-FOR-US: Samsung CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped prior to ...) NOT-FOR-US: Samsung CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to SMR Nov ...) NOT-FOR-US: Samsung CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Releas ...) NOT-FOR-US: Samsung CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity prior to SM ...) NOT-FOR-US: Samsung CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to SMR Nov-2 ...) NOT-FOR-US: Samsung CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Rel ...) NOT-FOR-US: Samsung CVE-2023-42531 (Improper access control vulnerability in SmsController prior to SMR No ...) NOT-FOR-US: Samsung CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to SMR Nov- ...) NOT-FOR-US: Samsung CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 R ...) NOT-FOR-US: Samsung CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering of libse ...) NOT-FOR-US: Samsung CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of libsec- ...) NOT-FOR-US: Samsung CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway version 5. ...) NOT-FOR-US: Tyk Gateway CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 a ...) NOT-FOR-US: Tyk Gateway CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Onl ...) NOT-FOR-US: Veeam CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) NOT-FOR-US: Veeam CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) NOT-FOR-US: Veeam CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to gain in ...) NOT-FOR-US: Veeam CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel GS1900-24 ...) NOT-FOR-US: Zyxel CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after music pla ...) NOT-FOR-US: Qualcomm CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-resp ...) NOT-FOR-US: Qualcomm CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet data from A ...) NOT-FOR-US: Qualcomm CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon including ...) NOT-FOR-US: Qualcomm CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in driver ...) NOT-FOR-US: Qualcomm CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.) NOT-FOR-US: Qualcomm CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.) NOT-FOR-US: Qualcomm CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN management fram ...) NOT-FOR-US: Qualcomm CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from ADSP sha ...) NOT-FOR-US: Qualcomm CVE-2019-25156 (A vulnerability classified as problematic was found in dstar2018 Agenc ...) NOT-FOR-US: dstar2018 Agency CVE-2023-5969 (Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...) - mattermost-server (bug #823556) CVE-2023-5968 (Mattermost fails to properly sanitize the user object when updating th ...) - mattermost-server (bug #823556) CVE-2023-5967 (Mattermost fails to properly validate requests to the Calls plugin, al ...) - mattermost-server (bug #823556) CVE-2023-5964 (The 1E-Exchange-DisplayMessageinstruction that is part of the End-User ...) NOT-FOR-US: 1E-Exchange-DisplayMessageinstruction CVE-2023-5963 (An issue has been discovered in GitLab EE with Advanced Search affecti ...) - gitlab (Specific to EE) CVE-2023-5950 (Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2023-5823 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Googl ...) NOT-FOR-US: WordPress plugin CVE-2023-5777 (Weintek EasyBuilder Pro contains a vulnerability that, even when the p ...) NOT-FOR-US: Weintek EasyBuilder Pro CVE-2023-5771 (Proofpoint Enterprise Protection contains a stored XSS vulnerability i ...) NOT-FOR-US: Proofpoint Enterprise Protection CVE-2023-5719 (The Crimson 3.2 Windows-based configuration tool allows users with adm ...) NOT-FOR-US: Crimson CVE-2023-4996 (Netskope was made aware of a security vulnerability in its NSClient pr ...) NOT-FOR-US: Netskope CVE-2023-4535 (An out-of-bounds read vulnerability was found in OpenSC packages withi ...) - opensc 0.23.0-2 (bug #1055520) [bookworm] - opensc 0.23.0-0.3+deb12u1 [bullseye] - opensc (vulnerable code introduced later) [buster] - opensc (vulnerable code introduced later) NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-4535 NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 (0.24.0-rc1) NOTE: Introduced by: https://github.com/OpenSC/OpenSC/commit/c852236e8368b47b38d89b1b7fb2dbd78753e109 (0.23.0-rc1) CVE-2023-47186 (Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence ...) NOT-FOR-US: WordPress plugin CVE-2023-47185 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Te ...) NOT-FOR-US: WordPress plugin CVE-2023-47184 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prop ...) NOT-FOR-US: WordPress plugin CVE-2023-47182 (Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2023-47177 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yaki ...) NOT-FOR-US: WordPress plugin CVE-2023-46824 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om A ...) NOT-FOR-US: WordPress plugin CVE-2023-46823 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-46822 (Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs ...) NOT-FOR-US: WordPress plugin CVE-2023-46821 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-46783 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-46782 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-46781 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current ...) NOT-FOR-US: WordPress plugin CVE-2023-46780 (Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=1.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-46779 (Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin < ...) NOT-FOR-US: WordPress plugin CVE-2023-46778 (Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-46777 (Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | ...) NOT-FOR-US: WordPress plugin CVE-2023-46776 (Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto E ...) NOT-FOR-US: WordPress plugin CVE-2023-46775 (Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts ...) NOT-FOR-US: WordPress plugin CVE-2023-46732 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-46731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-46254 (capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy ...) NOT-FOR-US: capsule-proxy (reverse proxy for Capsule) CVE-2023-46251 (MyBB is a free and open source forum software. Custom MyCode (BBCode) ...) NOT-FOR-US: MyBB CVE-2023-46084 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45827 (Dot diver is a lightweight, powerful, and dependency-free TypeScript u ...) NOT-FOR-US: Dot diver CVE-2023-45657 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45163 (The 1E-Exchange-CommandLinePing instruction that is part of the Networ ...) NOT-FOR-US: 1E-Exchange-CommandLinePing CVE-2023-45161 (The 1E-Exchange-URLResponseTime instruction that is part of the Networ ...) NOT-FOR-US: 1E-Exchange-URLResponseTime CVE-2023-45074 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45069 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45055 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-45001 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-44398 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) - exiv2 (Vulnerable code introduced in 0.28.0) NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d8f82d5db1fed05a18aa0f84f1cc8899d011a18b (v0.28.1) NOTE: Regression test: https://github.com/Exiv2/exiv2/commit/6ca8fcd9526ad509a64b71c818b7ddc099b54583 CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), a ...) NOT-FOR-US: Calico Typha CVE-2023-40661 (Several memory vulnerabilities were identified within the OpenSC packa ...) {DLA-3668-1} - opensc 0.23.0-2 (bug #1055522) [bookworm] - opensc 0.23.0-0.3+deb12u1 [bullseye] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40661 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2240913#c1 CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN bypass. ...) {DLA-3668-1} - opensc 0.23.0-2 (bug #1055521) [bookworm] - opensc 0.23.0-0.3+deb12u1 [bullseye] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40660 NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 (0.24.0-rc1) CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to 4.13.1 did no ...) NOT-FOR-US: strapi CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...) NOT-FOR-US: Mitsubishi CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: Mitsubishi CVE-2023-47271 (PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, ...) NOT-FOR-US: PKP-WAL (aka PKP Web Application Library or pkp-lib) CVE-2023-47253 (Qualitor through 8.20 allows remote attackers to execute arbitrary cod ...) NOT-FOR-US: Qualitor CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts XML exte ...) NOT-FOR-US: e-Tax software CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...) {DLA-3797-1} - frr 9.1-0.1 (bug #1055852) NOTE: https://github.com/FRRouting/frr/pull/12951 NOTE: https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0) NOTE: https://github.com/FRRouting/frr/pull/12956 NOTE: https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5) CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri ...) {DLA-3797-1} - frr 8.4.4-1 [bookworm] - frr 8.4.4-1.1~deb12u1 NOTE: https://github.com/FRRouting/frr/pull/12884 NOTE: https://github.com/FRRouting/frr/pull/12892 (backport for stable/8.4) NOTE: https://github.com/FRRouting/frr/commit/8a4e6637fc0621e90daa4decb4ee887a0af8ee24 (frr-8.4.3) CVE-2023-38382 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-33924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32840 (In modem CCCI, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-32839 (In dpe, there is a possible out of bounds write due to a missing valid ...) NOT-FOR-US: Mediatek CVE-2023-32838 (In dpe, there is a possible out of bounds write due to a missing valid ...) NOT-FOR-US: Mediatek CVE-2023-32837 (In video, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: Mediatek CVE-2023-32836 (In display, there is a possible out of bounds write due to an integer ...) NOT-FOR-US: Mediatek CVE-2023-32835 (In keyinstall, there is a possible memory corruption due to type confu ...) NOT-FOR-US: Mediatek CVE-2023-32834 (In secmem, there is a possible memory corruption due to type confusion ...) NOT-FOR-US: Mediatek CVE-2023-32832 (In video, there is a possible memory corruption due to a race conditio ...) NOT-FOR-US: Mediatek CVE-2023-32825 (In bluethooth service, there is a possible out of bounds reads due to ...) NOT-FOR-US: Mediatek CVE-2023-32818 (In vdec, there is a possible out of bounds write due to type confusion ...) NOT-FOR-US: Mediatek CVE-2021-4430 (A vulnerability classified as problematic has been found in Ortus Solu ...) NOT-FOR-US: Ortus Solutions ColdBox Elixir CVE-2018-25093 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...) NOT-FOR-US: Vaerys-Dawn DiscordSailv2 CVE-2018-25092 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...) NOT-FOR-US: Vaerys-Dawn DiscordSailv2 CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium ...) NOT-FOR-US: Magnesium-PHP CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...) - redmine (bug #1055474) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories CVE-2023-47259 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile ...) - redmine (bug #1055474) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories CVE-2023-47258 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown ...) - redmine (bug #1055474) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories CVE-2023-47249 (In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayTy ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-46981 (SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote atta ...) NOT-FOR-US: Novel-Plus CVE-2023-46964 (Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation ...) NOT-FOR-US: Hillstone Next Generation FireWall SG-6000-e3960 CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learni ...) NOT-FOR-US: Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) NOT-FOR-US: LOYTEC electronics GmbH CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) NOT-FOR-US: LOYTEC electronics GmbH CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) NOT-FOR-US: LOYTEC electronics GmbH CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: kerawen CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ...) {DSA-5572-1 DLA-3683-1} - roundcube 1.6.5+dfsg-1 (bug #1055421) NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5) CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) {DLA-3797-1} - frr 9.1-0.1 (bug #1055852) NOTE: https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b NOTE: https://github.com/FRRouting/frr/pull/14716 NOTE: https://github.com/FRRouting/frr/pull/14861 (backport to 9.0) NOTE: https://github.com/FRRouting/frr/pull/14735 (backport to 9.1) CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) {DLA-3797-1} - frr 9.1-0.1 (bug #1055852) NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...) {DSA-5681-1 DSA-5658-1} - linux NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216702 CVE-2023-45189 (A vulnerability in IBM Robotic Process Automation and IBM Robotic Proc ...) NOT-FOR-US: IBM CVE-2023-40215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-38391 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-36677 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-35910 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-5946 (The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...) {DLA-3759-1} - qemu 1:8.1.1+ds-2 [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 [bullseye] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247283 NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/471a9310fd92b3e1a33d06dba2e0cf0f0b5590e0 (v7.2.7) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e (v8.2.0-rc0) CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop Central af ...) NOT-FOR-US: ManageEngine Desktop Central CVE-2023-4768 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...) NOT-FOR-US: ManageEngine Desktop Central CVE-2023-4767 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...) NOT-FOR-US: ManageEngine Desktop Central CVE-2023-4592 (A Cross-Site Scripting vulnerability has been detected in WPN-XM Serve ...) NOT-FOR-US: WPN-XM Serverstack CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM Serverst ...) NOT-FOR-US: WPN-XM Serverstack CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from ...) NOT-FOR-US: Eclipse Parsson CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a remote attac ...) NOT-FOR-US: Best Courier Management System CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in the back ...) NOT-FOR-US: Subrion CVE-2023-46404 (PCRS <= 3.11 (d0de1e) \u201cQuestions\u201d page and \u201cCode editor ...) NOT-FOR-US: PCRS CVE-2023-41726 (Ivanti Avalanche Incorrect Default Permissions allows Local Privilege ...) NOT-FOR-US: Ivanti CVE-2023-41725 (Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Loc ...) NOT-FOR-US: Ivanti CVE-2023-41652 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: David F. Carr RSVPMaker rsvpmaker CVE-2023-3277 (The MStore API plugin for WordPress is vulnerable to Unauthorized Acco ...) NOT-FOR-US: WordPress plugin CVE-2023-39301 (A server-side request forgery (SSRF) vulnerability has been reported t ...) NOT-FOR-US: QNAP CVE-2023-39299 (A path traversal vulnerability has been reported to affect Music Stati ...) NOT-FOR-US: QNAP CVE-2023-36529 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress theme CVE-2023-34383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: weDevs WP Project Manager wedevs-project-manager CVE-2023-34179 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Groundhogg CVE-2023-32508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-32121 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-5948 (Improper Authorization in GitHub repository teamamaze/amazefileutiliti ...) NOT-FOR-US: amazefileutilities CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower t ...) NOT-FOR-US: Eclipse Glassfish CVE-2023-46958 (An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrar ...) NOT-FOR-US: lmxcms CVE-2023-46954 (SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1 ...) NOT-FOR-US: Relativity ODA LLC RelativityOne CVE-2023-46817 (An issue was discovered in phpFox before 4.8.14. The url request param ...) NOT-FOR-US: phpFox CVE-2023-46517 REJECTED CVE-2023-46352 (In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook ...) NOT-FOR-US: PrestaShop module CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated ...) NOT-FOR-US: IBM CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...) {DLA-3768-1} - pillow 10.0.0-1 [bookworm] - pillow (Minor issue) [bullseye] - pillow (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/7244 NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0) CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...) NOT-FOR-US: Bon Presta boninstagramcarousel CVE-2023-43194 (Submitty before v22.06.00 is vulnerable to Incorrect Access Control. A ...) NOT-FOR-US: Submitty CVE-2023-43018 (IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operatio ...) NOT-FOR-US: IBM CVE-2023-42299 (Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a ...) - openimageio 2.4.13.0+dfsg-1 [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3840 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) CVE-2023-42029 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...) NOT-FOR-US: IBM CVE-2023-42027 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...) NOT-FOR-US: IBM CVE-2023-41357 (Galaxy Software Services Corporation Vitals ESP is an online knowledge ...) NOT-FOR-US: Galaxy Software Services Corporation Vitals ESP CVE-2023-41356 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...) NOT-FOR-US: NCSIST ManageEngine Mobile Device Manager(MDM) APP CVE-2023-41355 (Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q Firewall CVE-2023-41354 (Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q Firewall CVE-2023-41353 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password r ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q CVE-2023-41352 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient fi ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q CVE-2023-41351 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q CVE-2023-41350 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient me ...) NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q CVE-2023-41348 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) NOT-FOR-US: ASUS CVE-2023-41347 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) NOT-FOR-US: ASUS CVE-2023-41346 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) NOT-FOR-US: ASUS CVE-2023-41345 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) NOT-FOR-US: ASUS CVE-2023-41344 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...) NOT-FOR-US: NCSIST ManageEngine Mobile Device Manager(MDM) APP CVE-2023-41343 (Rogic No-Code Database Builder's file uploading function has insuffici ...) NOT-FOR-US: Rogic No-Code Database Builder CVE-2023-39284 (An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with k ...) NOT-FOR-US: Insyde InsydeH2O CVE-2023-39283 (An SMM memory corruption vulnerability in the SMM driver (SMRAM write) ...) NOT-FOR-US: Insyde InsydeH2O CVE-2023-39057 (An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to ...) NOT-FOR-US: hirochanKAKIwaiting CVE-2023-39054 (An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to ...) NOT-FOR-US: Tokudaya.ekimae_mc CVE-2023-39053 (An information leak in Hattoriya v13.6.1 allows attackers to obtain th ...) NOT-FOR-US: Hattoriya CVE-2023-39051 (An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 ...) NOT-FOR-US: VISION MEAT WORKS Track Diner 10/10mbl CVE-2023-39050 (An information leak in Daiky-value.Fukueten v13.6.1 allows attackers t ...) NOT-FOR-US: Daiky-value.Fukueten CVE-2023-39048 (An information leak in Tokudaya.honten v13.6.1 allows attackers to obt ...) NOT-FOR-US: Tokudaya.honten CVE-2023-39047 (An information leak in shouzu sweets oz v13.6.1 allows attackers to ob ...) NOT-FOR-US: shouzu sweets oz CVE-2023-39042 (An information leak in Gyouza-newhushimi v13.6.1 allows attackers to o ...) NOT-FOR-US: Gyouza-newhushimi CVE-2023-38965 (Lost and Found Information System 1.0 allows account takeover via user ...) NOT-FOR-US: Lost and Found Information System CVE-2023-36621 (An issue was discovered in the Boomerang Parental Control application ...) NOT-FOR-US: Boomerang Parental Control CVE-2023-36620 (An issue was discovered in the Boomerang Parental Control application ...) NOT-FOR-US: Boomerang Parental Control CVE-2023-36034 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36029 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36022 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35896 (IBM Content Navigator 3.0.13 is vulnerable to server-side request forg ...) NOT-FOR-US: IBM CVE-2023-34261 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identi ...) NOT-FOR-US: Kyocera TASKalfa 4053ci printers CVE-2023-34260 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a deni ...) NOT-FOR-US: Kyocera TASKalfa 4053ci printers CVE-2023-34259 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmde ...) NOT-FOR-US: Kyocera TASKalfa 4053ci printers CVE-2023-31579 (Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cry ...) NOT-FOR-US: Dromara Lamp-Cloud CVE-2023-5930 (A vulnerability was found in Campcodes Simple Student Information Syst ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5929 (A vulnerability was found in Campcodes Simple Student Information Syst ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5928 (A vulnerability was found in Campcodes Simple Student Information Syst ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5927 (A vulnerability has been found in Campcodes Simple Student Information ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5926 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5925 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5924 (A vulnerability classified as critical was found in Campcodes Simple S ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5923 (A vulnerability classified as critical has been found in Campcodes Sim ...) NOT-FOR-US: Campcodes Simple Student Information System CVE-2023-5920 (Mattermost Desktop for MacOS fails to utilize the secure keyboard inpu ...) NOT-FOR-US: Mattermost Desktop for MacOS CVE-2023-5919 (A vulnerability was found in SourceCodester Company Website CMS 1.0 an ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2023-5918 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Visitor Management System CVE-2023-5917 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: phpBB CVE-2023-5916 (A vulnerability classified as critical has been found in Lissy93 Dashy ...) NOT-FOR-US: Lissy93 Dashy CVE-2023-5876 (Mattermost fails to properly validate a RegExp built off the server UR ...) - mattermost-server (bug #823556) CVE-2023-5875 (Mattermost Desktop fails to correctlyhandle permissions or prompt the ...) NOT-FOR-US: Mattermost Desktop CVE-2023-5860 (The Icons Font Loader plugin for WordPress is vulnerable to arbitrary ...) NOT-FOR-US: WordPress plugin CVE-2023-5846 (Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulne ...) NOT-FOR-US: Franklin Fueling System TS-550 CVE-2023-5606 (The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2023-5035 (A vulnerability has been identified in PT-G503 Series firmware version ...) NOT-FOR-US: PT-G503 Series firmware CVE-2023-4217 (A vulnerability has been identified in PT-G503 Series versions prior t ...) NOT-FOR-US: Moxa PT-G503 Series CVE-2023-46925 (Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Reportico CVE-2023-46725 (FoodCoopShop is open source software for food coops and local shops. V ...) NOT-FOR-US: FoodCoopShop CVE-2023-46475 (A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 1 ...) NOT-FOR-US: ZenTao CVE-2023-45347 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45346 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45345 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45344 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45343 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45342 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45341 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45340 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45339 REJECTED CVE-2023-45338 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45337 REJECTED CVE-2023-45336 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45335 REJECTED CVE-2023-45334 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45333 REJECTED CVE-2023-45332 REJECTED CVE-2023-45331 REJECTED CVE-2023-45330 REJECTED CVE-2023-45329 REJECTED CVE-2023-45328 REJECTED CVE-2023-45327 REJECTED CVE-2023-45326 REJECTED CVE-2023-45325 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-45324 REJECTED CVE-2023-45323 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) NOT-FOR-US: Online Food Ordering System CVE-2023-43336 (Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and ...) NOT-FOR-US: Sangoma FreePBX CVE-2023-43193 (Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). ...) NOT-FOR-US: Submitty CVE-2023-43087 (Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper hand ...) NOT-FOR-US: Dell CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-servi ...) NOT-FOR-US: Dell CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...) {DSA-5545-1 DLA-3679-1} - vlc 3.0.20-1 NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...) {DSA-5545-1 DLA-3679-1} - vlc 3.0.20-1 NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as problem ...) NOT-FOR-US: PopojiCMS CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...) NOT-FOR-US: transmute-core CVE-2023-46595 (Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow edito ...) NOT-FOR-US: Fireflow CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...) NOT-FOR-US: dmpop Mejiro CVE-2023-46428 (An arbitrary file upload vulnerability in HadSky v7.12.10 allows attac ...) NOT-FOR-US: HadSky CVE-2023-46327 (Multiple MFPs (multifunction printers) provided by FUJIFILM Business I ...) NOT-FOR-US: FUJIFILM CVE-2023-45203 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) NOT-FOR-US: Online Examination System CVE-2023-45202 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) NOT-FOR-US: Online Examination System CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) NOT-FOR-US: Online Examination System CVE-2023-45114 REJECTED CVE-2023-45113 REJECTED CVE-2023-45112 REJECTED CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) NOT-FOR-US: Online Examination System CVE-2023-45019 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) NOT-FOR-US: Online Examination System CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) NOT-FOR-US: Online Examination System CVE-2023-45017 REJECTED CVE-2023-45016 REJECTED CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) NOT-FOR-US: Online Examination System CVE-2023-45014 REJECTED CVE-2023-45013 REJECTED CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) NOT-FOR-US: Online Examination System CVE-2023-44954 (Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a rem ...) NOT-FOR-US: BigTree CMS CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and befo ...) NOT-FOR-US: Addifyfreegifts CVE-2023-39281 (A stack buffer overflow vulnerability discovered in AsfSecureBootDxe i ...) NOT-FOR-US: Insyde InsydeH2O CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allow ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5847 (Under certain conditions, a low privileged attacker could load a speci ...) NOT-FOR-US: Tenable CVE-2023-5766 (A remote code execution vulnerability in Remote Desktop Manager 2023.2 ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-5765 (Improper access control in the password analyzer feature in Devolution ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-5627 (A vulnerability has been identified in NPort 6000 Series, making the a ...) NOT-FOR-US: Moxa CVE-2023-5358 (Improper access control in Report log filters feature in Devolutions S ...) NOT-FOR-US: Devolutions CVE-2023-4452 (A vulnerability has been identified in the EDR-810, EDR-G902, and EDR- ...) NOT-FOR-US: Moxa CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) - gpac (bug #1055298) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2664 NOTE: https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) - gpac (bug #1055298) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2666 NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8 CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) - gpac (bug #1055298) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2661 NOTE: https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1 CVE-2023-46927 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) - gpac (bug #1055298) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2657 NOTE: https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817 CVE-2023-46911 (There is a Cross Site Scripting (XSS) vulnerability in the choose_styl ...) NOT-FOR-US: Jspxcms CVE-2023-46482 (SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attack ...) NOT-FOR-US: wuzhicms CVE-2023-42750 (In gnss service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2023-42655 (In sim service, there is a possible way to write permission usage reco ...) NOT-FOR-US: Unisoc CVE-2023-42654 (In dm service, there is a possible missing permission check. This coul ...) NOT-FOR-US: Unisoc CVE-2023-42653 (In faceid service, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2023-42652 (In engineermode, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42651 (In engineermode, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42650 (In engineermode, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42649 (In engineermode, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42648 (In engineermode, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42647 (In Ifaa service, there is a possible way to write permission usage rec ...) NOT-FOR-US: Unisoc CVE-2023-42646 (In Ifaa service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2023-42645 (In sim service, there is a possible way to write permission usage reco ...) NOT-FOR-US: Unisoc CVE-2023-42644 (In dm service, there is a possible missing permission check. This coul ...) NOT-FOR-US: Unisoc CVE-2023-42643 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42642 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42641 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42640 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42639 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42638 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42637 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42636 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42635 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42634 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42633 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42632 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-42631 (In validationtools, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-40062 (SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code E ...) NOT-FOR-US: SolarWinds CVE-2023-40061 (Insecure job execution mechanism vulnerability. This vulnerability ca ...) NOT-FOR-US: SolarWinds CVE-2023-3972 (A vulnerability was found in insights-client. This security issue occu ...) NOT-FOR-US: Red Hat insights-client CVE-2023-33228 (The SolarWinds Network Configuration Manager was susceptible to the Ex ...) NOT-FOR-US: SolarWinds CVE-2023-33227 (The Network Configuration Manager was susceptible to a Directory Trave ...) NOT-FOR-US: SolarWinds CVE-2023-33226 (The Network Configuration Manager was susceptible to a Directory Trave ...) NOT-FOR-US: SolarWinds CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...) - python-django (Only an issue on windows) NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions from ...) - gitlab (Specific to EE) CVE-2023-5600 - gitlab (Specific to EE) CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab 16.4.4+ds2-2 CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) NOT-FOR-US: pkp-lib CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) NOT-FOR-US: pkp-lib CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) NOT-FOR-US: pkp-lib CVE-2023-5901 (Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-1 ...) NOT-FOR-US: pkp-lib CVE-2023-5900 (Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3 ...) NOT-FOR-US: pkp-lib CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) NOT-FOR-US: pkp-lib CVE-2023-5898 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) NOT-FOR-US: pkp-lib CVE-2023-5897 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocal ...) NOT-FOR-US: pkp-lib CVE-2023-5896 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) NOT-FOR-US: pkp-lib CVE-2023-5895 (Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prio ...) NOT-FOR-US: pkp-lib CVE-2023-5894 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior ...) NOT-FOR-US: Open Journal System CVE-2023-5893 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) NOT-FOR-US: pkp-lib CVE-2023-5892 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) NOT-FOR-US: pkp-lib CVE-2023-5891 (Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-li ...) NOT-FOR-US: pkp-lib CVE-2023-5890 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) NOT-FOR-US: pkp-lib CVE-2023-5889 (Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior ...) NOT-FOR-US: pkp-lib CVE-2023-5516 (Poorly constructed webap requests and URI components with special char ...) NOT-FOR-US: Hitachi CVE-2023-5515 (The responses for web queries with certain parameters disclose interna ...) NOT-FOR-US: Hitachi CVE-2023-5514 (The response messages received from the eSOMS report generation using ...) NOT-FOR-US: Hitachi CVE-2023-5306 REJECTED CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unaut ...) - dolibarr CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...) - dolibarr CVE-2023-47099 (A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtua ...) NOT-FOR-US: Virtualmin CVE-2023-47098 (A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra ...) NOT-FOR-US: Virtualmin CVE-2023-47097 (A Stored Cross-Site Scripting (XSS) vulnerability in the Server Templa ...) NOT-FOR-US: Virtualmin CVE-2023-47096 (A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin S ...) NOT-FOR-US: Virtualmin CVE-2023-47095 (A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields ...) NOT-FOR-US: Virtualmin CVE-2023-47094 (A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans ...) NOT-FOR-US: Virtualmin CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...) NOT-FOR-US: TOTOLINK CVE-2023-46484 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...) NOT-FOR-US: TOTOLINK CVE-2023-46378 (Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allow ...) NOT-FOR-US: MiniCMS CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...) NOT-FOR-US: Cybozu CVE-2023-44486 REJECTED CVE-2023-44485 REJECTED CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to a Stored ...) NOT-FOR-US: Online Blood Donation Management System CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd ...) NOT-FOR-US: Click Studios (SA) Pty Ltd Passwordstate CVE-2023-39695 (Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 ...) NOT-FOR-US: Elenos CVE-2023-39610 (An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) an ...) NOT-FOR-US: TP-Link CVE-2023-37833 (Improper access control in Elenos ETG150 FM transmitter v3.12 allows a ...) NOT-FOR-US: Elenos CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN Computer sy ...) NOT-FOR-US: Hitachi CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is susceptib ...) NOT-FOR-US: Hitachi CVE-2023-5859 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5858 (Inappropriate implementation in WebApp Provider in Google Chrome prior ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5857 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5856 (Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5855 (Use after free in Reading Mode in Google Chrome prior to 119.0.6045.10 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5854 (Use after free in Profiles in Google Chrome prior to 119.0.6045.105 al ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5853 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5852 (Use after free in Printing in Google Chrome prior to 119.0.6045.105 al ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5851 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5850 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5482 (Insufficient data validation in USB in Google Chrome prior to 119.0.60 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5480 (Inappropriate implementation in Payments in Google Chrome prior to 119 ...) {DSA-5546-1} - chromium 119.0.6045.105-1 [buster] - chromium (see DSA 5046) CVE-2023-5873 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: Pimcore CVE-2023-5739 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...) NOT-FOR-US: HP CVE-2023-5519 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2023-5464 (The Jquery accordion slideshow plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2023-5458 (The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2023-5439 (The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2023-5438 (The wp image slideshow plugin for WordPress is vulnerable to SQL Injec ...) NOT-FOR-US: WordPress plugin CVE-2023-5437 (The WP fade in text news plugin for WordPress is vulnerable to SQL Inj ...) NOT-FOR-US: WordPress plugin CVE-2023-5436 (The Vertical marquee plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WordPress plugin CVE-2023-5435 (The Up down image slideshow gallery plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5434 (The Superb slideshow gallery plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2023-5433 (The Message ticker plugin for WordPress is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2023-5431 (The Left right image slideshow gallery plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-5430 (The Jquery news ticker plugin for WordPress is vulnerable to SQL Injec ...) NOT-FOR-US: WordPress plugin CVE-2023-5429 (The Information Reel plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WordPress plugin CVE-2023-5428 (The Image vertical reel scroll slideshow plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-5412 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-5360 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.7 ...) NOT-FOR-US: WordPress plugin CVE-2023-5307 (The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 ...) NOT-FOR-US: WordPress plugin CVE-2023-5243 (The Login Screen Manager WordPress plugin through 3.5.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-5238 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-5237 (The Memberlite Shortcodes WordPress plugin before 1.3.9 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-5229 (The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-5211 (The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escap ...) NOT-FOR-US: WordPress plugin CVE-2023-5116 (The Live updates from Excel plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-5114 (The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2023-5099 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5098 (The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 ...) NOT-FOR-US: WordPress plugin CVE-2023-5073 (The iframe forms plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2023-4836 (The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-4823 (The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an ...) NOT-FOR-US: WordPress plugin CVE-2023-4390 (The Popup box WordPress plugin before 3.7.2 does not sanitize and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-4251 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2023-4250 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-46993 (In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg ...) NOT-FOR-US: TOTOLINK CVE-2023-46992 (TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Acc ...) NOT-FOR-US: TOTOLINK CVE-2023-46979 (TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46978 (TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Acce ...) NOT-FOR-US: TOTOLINK CVE-2023-46977 (TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a s ...) NOT-FOR-US: TOTOLINK CVE-2023-46976 (TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection vi ...) NOT-FOR-US: TOTOLINK CVE-2023-46723 (lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and ...) NOT-FOR-US: lte-pic32-writer CVE-2023-46722 (The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Pr ...) NOT-FOR-US: Pimcore Admin Classic Bundle CVE-2023-46622 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...) NOT-FOR-US: WordPress plugin CVE-2023-46313 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) NOT-FOR-US: WordPress plugin CVE-2023-46312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech ...) NOT-FOR-US: WordPress plugin CVE-2023-46256 (PX4-Autopilot provides PX4 flight control solution for drones. In vers ...) NOT-FOR-US: PX4-Autopilot CVE-2023-46255 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...) NOT-FOR-US: SpiceDB CVE-2023-46250 (pypdf is a free and open-source pure-python PDF library. An attacker w ...) - pypdf (Vulnerable code not yet present) - pypdf2 (Vulnerable code not yet present) NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f NOTE: https://github.com/py-pdf/pypdf/pull/2264 NOTE: https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d (3.17.0) CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to versions 2023. ...) NOT-FOR-US: authentik CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The Cody AI ...) NOT-FOR-US: Cody CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions pr ...) NOT-FOR-US: Kimai CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 v ...) - codeigniter (bug #471583) CVE-2023-46239 (quic-go is an implementation of the QUIC protocol in Go. Starting in v ...) - golang-github-lucas-clemente-quic-go (Vulnerable version never in a unstable release; only affects 0.37.x) NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h NOTE: https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617 (v0.37.3) CVE-2023-46237 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) NOT-FOR-US: FOG CVE-2023-46236 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) NOT-FOR-US: FOG CVE-2023-46235 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) NOT-FOR-US: FOG CVE-2023-45955 (An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers t ...) NOT-FOR-US: Nanoleaf Light strip CVE-2023-43796 (Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 a ...) - matrix-synapse 1.95.1-1 (bug #1055255) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 NOTE: https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f (v1.95.1) CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow loca ...) NOT-FOR-US: Chef InSpec CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote at ...) NOT-FOR-US: Turing Video Turing Edge+ EVC5FD CVE-2023-41377 REJECTED CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...) NOT-FOR-US: WordPress plugin CVE-2023-40050 (Upload profile either through API or user interface in Chef Automate p ...) NOT-FOR-US: Chef Automate CVE-2023-38994 (The 'check_univention_joinstatus' prometheus monitoring script (and ot ...) NOT-FOR-US: Univention CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Solwin Infotech CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows a ...) NOT-FOR-US: Elenos CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attac ...) NOT-FOR-US: Elenos CVE-2023-37243 (The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availabil ...) NOT-FOR-US: Atera CVE-2023-36508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-35879 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WooCommerce plugin CVE-2023-33927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: phpmyfaq CVE-2023-5865 (Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq ...) NOT-FOR-US: phpmyfaq CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...) NOT-FOR-US: hamza417/inure CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...) NOT-FOR-US: Thorn SFTP gateway CVE-2023-46502 (An issue in openCRX v.5.2.2 allows a remote attacker to read internal ...) NOT-FOR-US: OpenCRX CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute arbitra ...) NOT-FOR-US: minCal CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross Site Script ...) NOT-FOR-US: Best Courier Management System CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulne ...) - jbig2dec (bug #1055387) [bookworm] - jbig2dec (Minor issue) [bullseye] - jbig2dec (Minor issue) [buster] - jbig2dec (Minor issue) NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707308 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=705041 NOTE: Fixed by: https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules ...) NOT-FOR-US: PrestaShop module CVE-2023-46210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebC ...) NOT-FOR-US: WordPress plugin CVE-2023-46139 (KernelSU is a Kernel based root solution for Android. Starting in vers ...) NOT-FOR-US: KernelSU (Kernel based root solution for Android) CVE-2023-46138 (JumpServer is an open source bastion host and maintenance security aud ...) NOT-FOR-US: JumpServer CVE-2023-46040 (Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a r ...) NOT-FOR-US: GetSimpleCMS CVE-2023-45996 (SQL injection vulnerability in Senayan Library Management Systems Slim ...) NOT-FOR-US: Senayan Library Management Systems CVE-2023-45956 (An issue discovered in Govee LED Strip v3.00.42 allows attackers to ca ...) NOT-FOR-US: Govee LED Strip CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController:init() ...) NOT-FOR-US: PrestaShop module CVE-2023-45804 REJECTED CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...) NOT-FOR-US: Frigate CVE-2023-45671 (Frigate is an open source network video recorder. Prior to version 0.1 ...) NOT-FOR-US: Frigate CVE-2023-45670 (Frigate is an open source network video recorder. Prior to version 0.1 ...) NOT-FOR-US: Frigate CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and before from ...) NOT-FOR-US: PrestaShop module CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud management pla ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) NOT-FOR-US: BigBlueButton CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to versions 2 ...) NOT-FOR-US: BigBlueButton CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote attacker to ex ...) NOT-FOR-US: PrestaShop module CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 all ...) NOT-FOR-US: DouHaocms CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL In ...) NOT-FOR-US: PrestaShop module CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in the c ...) - mupdf 1.22.1+ds1-1 (unimportant) NOTE: Hang in enduser tool, no security impact NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706506 NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=c0015401693b58e2deb5d75c39f27bc1216e47c6 (1.22.0-rc1) CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...) - dompurify.js NOTE: https://github.com/cure53/DOMPurify/pull/337 CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...) NOT-FOR-US: JHipster generator-jhipster CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] - salt (bug #1055179) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) NOT-FOR-US: Pimcore admin-ui-classic-bundle CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote ...) NOT-FOR-US: WordPress plugin CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...) NOT-FOR-US: AnythingLLM CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...) NOT-FOR-US: AnythingLLM CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...) NOT-FOR-US: WordPress plugin CVE-2023-5566 (The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-5565 (The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2023-5362 (The Carousel, Recent Post Slider and Banner Slider plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-5335 (The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5315 (The Google Maps made Simple plugin for WordPress is vulnerable to SQL ...) NOT-FOR-US: WordPress plugin CVE-2023-5252 (The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5251 (The Grid Plus plugin for WordPress is vulnerable to unauthorized modif ...) NOT-FOR-US: WordPress plugin CVE-2023-5250 (The Grid Plus plugin for WordPress is vulnerable to Local File Inclusi ...) NOT-FOR-US: WordPress plugin CVE-2023-5199 (The PHP to Page plugin for WordPress is vulnerable Local File Inclusio ...) NOT-FOR-US: WordPress plugin CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress plugin CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...) NOT-FOR-US: Microfocus opentext CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...) NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs) CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...) NOT-FOR-US: Securepoint SSL VPN Client CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...) NOT-FOR-US: Android CVE-2023-44323 (Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2023-44078 REJECTED CVE-2023-43792 (baserCMS is a website development framework. In versions 4.6.0 through ...) NOT-FOR-US: baserCMS CVE-2023-43649 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) NOT-FOR-US: baserCMS CVE-2023-43648 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) NOT-FOR-US: baserCMS CVE-2023-43647 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) NOT-FOR-US: baserCMS CVE-2023-42804 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) NOT-FOR-US: BigBlueButton CVE-2023-42803 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) NOT-FOR-US: BigBlueButton CVE-2023-42431 (Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension ...) NOT-FOR-US: BlueSpiceAvatars extension of BlueSpice CVE-2023-41891 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) NOT-FOR-US: FlyteAdmin CVE-2023-41605 REJECTED CVE-2023-40943 REJECTED CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) NOT-FOR-US: SAP CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...) NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs) CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...) - dolibarr NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 NOTE: https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c CVE-2023-4393 (HTML and SMTP injections on the registration page of LiquidFiles versi ...) NOT-FOR-US: LiquidFiles CVE-2023-46867 (In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixT ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-46866 (In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-46865 (/api/v1/company/upload-logo in CompanyController.php in crater through ...) NOT-FOR-US: Crater CVE-2023-46864 (Peppermint Ticket Management through 0.2.4 allows remote attackers to ...) NOT-FOR-US: Peppermint Ticket Management CVE-2023-46863 (Peppermint Ticket Management before 0.2.4 allows remote attackers to r ...) NOT-FOR-US: Peppermint Ticket Management CVE-2023-45799 (In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability e ...) NOT-FOR-US: MLSoft TCO!stream CVE-2023-45798 (In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists ...) NOT-FOR-US: Yettiesoft VestCert CVE-2023-45797 (A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions ...) NOT-FOR-US: DreamSecurity MagicLine4NX CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series allows a rem ...) - movabletype-opensource CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a code inje ...) NOT-FOR-US: Inkdrop CVE-2023-44002 REJECTED CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: WordPress plugin CVE-2005-10002 (A vulnerability, which was classified as critical, was found in almost ...) NOT-FOR-US: WordPress plugin CVE-2023-5840 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) NOT-FOR-US: LinkStack CVE-2023-5839 (Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8 ...) NOT-FOR-US: Hestia Control Panel CVE-2023-5838 (Insufficient Session Expiration in GitHub repository linkstackorg/link ...) NOT-FOR-US: LinkStack CVE-2023-5837 (A vulnerability classified as problematic was found in AlexanderLivano ...) NOT-FOR-US: AlexanderLivanov FotosCMS2 CVE-2023-5836 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9. During a ra ...) {DSA-5594-1 DLA-3711-1} - linux 6.5.10-1 [bookworm] - linux 6.1.64-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4 NOTE: https://git.kernel.org/linus/7644b1a1c9a7ae8ab99175989bfc8676055edb46 CVE-2023-46858 (Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...) - moodle CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxm ...) NOT-FOR-US: Proxmox proxmox-widget-toolkit CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...) - exfatprogs 1.2.2-1 [bookworm] - exfatprogs 1.2.0-1+deb12u1 [bullseye] - exfatprogs (Minor issue) NOTE: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf (1.2.2) NOTE: https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 (1.2.2) NOTE: https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae (1.2.2) CVE-2023-43041 (IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a d ...) NOT-FOR-US: IBM CVE-2023-40686 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...) NOT-FOR-US: IBM CVE-2023-40685 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...) NOT-FOR-US: IBM CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t hu60wap6. ...) NOT-FOR-US: hu60t hu60wap6 CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2023-46129 (NATS.io is a high performance open source pub-sub distributed communic ...) - golang-github-nats-io-nkeys 0.4.6-1 (bug #1055010) [bookworm] - golang-github-nats-io-nkeys (Vulnerable code not present) [bullseye] - golang-github-nats-io-nkeys (Vulnerable code not present) [buster] - golang-github-nats-io-nkeys (Vulnerable code not present) - nats-server 2.10.4-1 (bug #1055011) [bookworm] - nats-server (Vulnerable code not present) NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9 CVE-2023-47090 (NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authent ...) - nats-server 2.10.3-1 [bookworm] - nats-server (Minor issue) NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 CVE-2023-5056 (A flaw was found in the Skupper operator, which may permit a certain c ...) NOT-FOR-US: Skupper CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) NOT-FOR-US: HashiCorp Vagrant's Windows installer CVE-2023-5830 (A vulnerability classified as critical has been found in ColumbiaSoft ...) NOT-FOR-US: ColumbiaSoft Document Locator CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...) NOT-FOR-US: XnView CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) - radare2 5.9.0+dfsg-1 (bug #1054908) NOTE: https://github.com/radareorg/radare2/issues/22333 NOTE: Fixed by: https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8 CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) - radare2 5.9.0+dfsg-1 (bug #1054908) NOTE: https://github.com/radareorg/radare2/issues/22334 NOTE: Fixed by: https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2 CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...) NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...) NOT-FOR-US: Contec SolarView Compact CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...) - cacti 1.2.26+ds1-1 (bug #1059286) [bookworm] - cacti (Revisit when more details are available) [bullseye] - cacti (Revisit when more details are available) [buster] - cacti (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet) NOTE: https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53 NOTE: Checking the above link, this is probably a duplicate of CVE-2023-51448, hence related to CVE-2023-30534 NOTE: Duplicate reported at MITRE 2024-02-20 (CVE Request 1607585) NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc (release/1.2.26) CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote attacker to ex ...) NOT-FOR-US: juzawebCMS CVE-2023-46467 (Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allo ...) NOT-FOR-US: juzawebCMS CVE-2023-46215 (Insertion of Sensitive Information into Log File vulnerability in Apac ...) NOT-FOR-US: Apache Airflow Celery provider CVE-2023-46211 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-46209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme ...) NOT-FOR-US: WordPress plugin CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stylemix ...) NOT-FOR-US: WordPress plugin CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) NOT-FOR-US: WordPress plugin CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) NOT-FOR-US: Leave Management System Project CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...) NOT-FOR-US: ZPE Systems CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...) NOT-FOR-US: Android CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...) NOT-FOR-US: Android CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...) NOT-FOR-US: Android CVE-2023-40137 (In multiple functions of DialogFillUi.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-40136 (In setHeader of DialogFillUi.java, there is a possible way to view ano ...) NOT-FOR-US: Android CVE-2023-40135 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) NOT-FOR-US: Android CVE-2023-40134 (In isFullScreen of FillUi.java, there is a possible way to view anothe ...) NOT-FOR-US: Android CVE-2023-40133 (In multiple locations of DialogFillUi.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after free du ...) NOT-FOR-US: Android CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...) NOT-FOR-US: Android CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...) NOT-FOR-US: Android CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...) NOT-FOR-US: Android CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...) NOT-FOR-US: Android CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...) NOT-FOR-US: Android CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...) NOT-FOR-US: Android CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) NOT-FOR-US: Cassia Access Controller CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...) NOT-FOR-US: WordPress plugin CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...) NOT-FOR-US: code-projects Admission Management System CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...) NOT-FOR-US: Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System CVE-2023-5827 (A vulnerability was found in Shanghai CTI Navigation CTI Monitoring an ...) NOT-FOR-US: Shanghai CTI Navigation CTI Monitoring and Early Warning System CVE-2023-5826 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5821 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-5820 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5817 (The Neon text plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: TRtek Software Education Portal CVE-2023-5774 (The Animated Counters plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-5705 (The VK Filter Search plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-5570 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: Inohom Home Manager Gateway CVE-2023-5443 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: EDM Informatics E-invoice CVE-2023-4967 (Denial of Service in NetScaler ADC and NetScaler Gateway when configur ...) NOT-FOR-US: Citrix CVE-2023-46853 (In Memcached before 1.6.22, an off-by-one error exists when processing ...) - memcached 1.6.22-1 [bookworm] - memcached (Minor issue) [bullseye] - memcached (Minor issue) [buster] - memcached (The vulnerable code was introduced later) NOTE: https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa (1.6.22) CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when processing m ...) - memcached 1.6.22-1 [bookworm] - memcached (Minor issue) [bullseye] - memcached (Minor issue) [buster] - memcached (The vulnerable code was introduced later) NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22) CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ...) {DLA-3657-1} - activemq 5.17.6+dfsg-1 (bug #1054909) NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5 CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out of bound ...) - ffmpeg (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3 NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/ NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/ CVE-2023-46394 (A stored cross-site scripting (XSS) vulnerability in /home/user/edit_s ...) NOT-FOR-US: gougucms CVE-2023-46393 (gougucms v4.08.18 was discovered to contain a password reset poisoning ...) NOT-FOR-US: gougucms CVE-2023-46290 (Due to inadequate code logic, a previously unauthenticated threat acto ...) NOT-FOR-US: Rockwell Automation CVE-2023-46289 (Rockwell Automation FactoryTalk View Site Edition insufficiently valid ...) NOT-FOR-US: Rockwell Automation CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. Heap-use-af ...) - vim 2:9.0.2087-1 (unimportant) NOTE: https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm NOTE: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a (v9.0.2068) NOTE: Crash in CLI tool, no security impact CVE-2023-44377 REJECTED CVE-2023-44376 REJECTED CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-5812 (A vulnerability has been found in flusity CMS and classified as critic ...) NOT-FOR-US: flusity CMS CVE-2023-5811 (A vulnerability, which was classified as problematic, was found in flu ...) NOT-FOR-US: flusity CMS CVE-2023-5810 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: flusity CMS CVE-2023-5805 (A vulnerability was found in SourceCodester Simple Real Estate Portal ...) NOT-FOR-US: SourceCodester Simple Real Estate Portal System CVE-2023-5051 (The CallRail Phone Call Tracking plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-46818 (An issue was discovered in ISPConfig before 3.2.11p1. PHP code injecti ...) NOT-FOR-US: ISPConfig CVE-2023-46816 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...) NOT-FOR-US: SugarCRM CVE-2023-46815 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...) NOT-FOR-US: SugarCRM CVE-2023-46665 (Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerabi ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-46505 (Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacke ...) NOT-FOR-US: FanCMS CVE-2023-46504 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...) NOT-FOR-US: PwnCYN YXBOOKCMS CVE-2023-46503 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...) NOT-FOR-US: PwnCYN YXBOOKCMS CVE-2023-46491 (ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) v ...) NOT-FOR-US: ZenTao Biz CVE-2023-46376 (Zentao Biz version 8.7 and before is vulnerable to Information Disclos ...) NOT-FOR-US: ZenTao Biz CVE-2023-46375 (ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Reques ...) NOT-FOR-US: ZenTao Biz CVE-2023-46374 (ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cr ...) NOT-FOR-US: ZenTao CVE-2023-46199 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Trib ...) NOT-FOR-US: WordPress plugin CVE-2023-46194 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teu ...) NOT-FOR-US: WordPress plugin CVE-2023-46192 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Inte ...) NOT-FOR-US: WordPress plugin CVE-2023-46153 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...) NOT-FOR-US: WordPress plugin CVE-2023-46093 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lion ...) NOT-FOR-US: WordPress plugin CVE-2023-46091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala ...) NOT-FOR-US: WordPress plugin CVE-2023-45499 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...) NOT-FOR-US: VinChin Backup & Recovery CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...) NOT-FOR-US: VinChin Backup & Recovery CVE-2023-44375 REJECTED CVE-2023-44268 REJECTED CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and ...) NOT-FOR-US: SonicWall CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall Directory Serv ...) NOT-FOR-US: SonicWall CVE-2023-44162 REJECTED CVE-2023-43738 REJECTED CVE-2023-43737 REJECTED CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute ...) NOT-FOR-US: CMSmadesimple CVE-2023-42406 (SQL injection vulnerability in D-Link Online behavior audit gateway DA ...) NOT-FOR-US: D-Link CVE-2023-42188 (IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: IceCMS CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker to exec ...) NOT-FOR-US: Mintty CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An Improper Passw ...) - egroupware CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability in the v ...) {DSA-5543-1 DLA-3646-1} - open-vm-tools 2:12.3.5-1 (bug #1054666) NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/2 NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/3 CVE-2023-34058 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...) {DSA-5543-1 DLA-3646-1} - open-vm-tools 2:12.3.5-1 (bug #1054666) NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/1 NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch CVE-2023-34057 (VMware Tools contains a local privilege escalation vulnerability.A mal ...) NOT-FOR-US: WMware CVE-2023-33559 (A local file inclusion vulnerability via the lang parameter in OcoMon ...) NOT-FOR-US: OcoMon CVE-2023-33558 (An information disclosure vulnerability in the component users-grid-da ...) NOT-FOR-US: OcoMon CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9, exploitable ...) {DSA-5594-1 DLA-3711-1} - linux 6.5.10-1 [bookworm] - linux 6.1.64-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/63e44bc52047f182601e7817da969a105aa1f721 (6.6-rc7) NOTE: https://git.kernel.org/linus/b9cb9c45583b911e0db71d09caa6b56469eb2bdf (6.6-rc7) NOTE: https://git.kernel.org/linus/a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba (6.6-rc7) CVE-2023-5804 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) NOT-FOR-US: PHPGurukul CVE-2023-5802 (Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-5798 (The Assistant WordPress plugin before 1.4.4 does not validate a parame ...) NOT-FOR-US: WordPress plugin CVE-2023-5796 (A vulnerability was found in CodeAstro POS System 1.0. It has been rat ...) NOT-FOR-US: CodeAstro POS System CVE-2023-5795 (A vulnerability was found in CodeAstro POS System 1.0. It has been dec ...) NOT-FOR-US: CodeAstro POS System CVE-2023-5794 (A vulnerability was found in PHPGurukul Online Railway Catering System ...) NOT-FOR-US: PHPGurukul CVE-2023-5793 (A vulnerability was found in flusity CMS and classified as problematic ...) NOT-FOR-US: flusity CMS CVE-2023-5792 (A vulnerability has been found in SourceCodester Sticky Notes App 1.0 ...) NOT-FOR-US: SourceCodester Sticky Notes App CVE-2023-5791 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Sticky Notes App CVE-2023-5790 (A vulnerability classified as critical was found in SourceCodester Fil ...) NOT-FOR-US: SourceCodester File Manager App CVE-2023-5789 (A vulnerability classified as problematic has been found in Dragon Pat ...) NOT-FOR-US: Dragon Path CVE-2023-5787 (A vulnerability was found in Shaanxi Chanming Education Technology Sco ...) NOT-FOR-US: Shaanxi Chanming Education Technology Score Query System CVE-2023-5786 (A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It ha ...) NOT-FOR-US: GeoServer CVE-2023-5785 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5784 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5783 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and classi ...) NOT-FOR-US: Tongda OA CVE-2023-5782 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2023-5781 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tongda OA CVE-2023-5780 (A vulnerability classified as critical was found in Tongda OA 2017 11. ...) NOT-FOR-US: Tongda OA CVE-2023-5754 (Sielco PolyEco1000 uses a weak set of default administrative credentia ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-5624 (Under certain conditions, Nessus Network Monitor was found to not prop ...) NOT-FOR-US: Nessus Network Monitor CVE-2023-5623 (NNM failed to properly set ACLs on its installation directory, which c ...) NOT-FOR-US: Nessus Network Monitor CVE-2023-5622 (Under certain conditions, Nessus Network Monitor could allow a low pri ...) NOT-FOR-US: Nessus Network Monitor CVE-2023-46748 (An authenticated SQL injection vulnerability exists in the BIG-IP Conf ...) NOT-FOR-US: F5 BIG-IP CVE-2023-46747 (Undisclosed requests may bypass configuration utility authentication, ...) NOT-FOR-US: F5 BIG-IP CVE-2023-46666 (An issue was discovered when using Document Level Security and the SPO ...) NOT-FOR-US: Elastic Sharepoint Online Python Connector CVE-2023-46664 (Sielco PolyEco1000 is vulnerable to an improper access control vulnera ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-46663 (Sielco PolyEco1000 is vulnerable to an attacker bypassing authorizatio ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-46662 (Sielco PolyEco1000 is vulnerable to an information disclosure vulnerab ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-46661 (Sielco PolyEco1000 is vulnerable to an attacker escalating their privi ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-46450 (Sourcecodester Free and Open Source inventory management system 1.0 is ...) NOT-FOR-US: Sourcecodester Free and Open Source inventory management system CVE-2023-46449 (Sourcecodester Free and Open Source inventory management system v1.0 i ...) NOT-FOR-US: Sourcecodester Free and Open Source inventory management system CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vulnerable ...) NOT-FOR-US: Sourcecodester Packers and Movers Management System CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...) NOT-FOR-US: ZITADEL CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's ...) {DSA-5539-1 DLA-3635-1} - node-browserify-sign 4.2.2-1 (bug #1054667) NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2) CVE-2023-46094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversi ...) NOT-FOR-US: WordPress plugin CVE-2023-46090 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...) NOT-FOR-US: WordPress plugin CVE-2023-46088 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) NOT-FOR-US: WordPress plugin CVE-2023-46081 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode La ...) NOT-FOR-US: WordPress plugin CVE-2023-46077 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...) NOT-FOR-US: WordPress plugin CVE-2023-46076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao W ...) NOT-FOR-US: WordPress plugin CVE-2023-46075 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...) NOT-FOR-US: WordPress plugin CVE-2023-46074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis M ...) NOT-FOR-US: WordPress plugin CVE-2023-46072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) NOT-FOR-US: WordPress plugin CVE-2023-45869 (ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbit ...) - ilias (bug #195688) CVE-2023-45868 (The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attac ...) - ilias (bug #195688) CVE-2023-45867 (ILIAS (2013-09-12 release) contains a medium-criticality Directory Tra ...) - ilias (bug #195688) CVE-2023-45317 (The application interface allows users to perform certain actions via ...) NOT-FOR-US: Sielco CVE-2023-45228 (The application suffers from improper access control when editing user ...) NOT-FOR-US: Sielco CVE-2023-44267 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) NOT-FOR-US: Online Art Gallery CVE-2023-43208 (NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to ...) NOT-FOR-US: NextGen Healthcare Mirth Connect CVE-2023-42769 (The cookie session ID is of insufficient length and can be exploited b ...) NOT-FOR-US: Sielco CVE-2023-41966 (The application suffers from a privilege escalation vulnerability. A ...) NOT-FOR-US: Sielco CVE-2023-41096 (Missing Encryption of Security Keys vulnerability in Silicon Labs Embe ...) NOT-FOR-US: Silabs CVE-2023-41095 (Missing Encryption of Security Keys vulnerability in Silicon Labs Open ...) NOT-FOR-US: Silabs CVE-2023-39936 (In Ashlar-Vellum Graphite v13.0.48, the affected application lacks pro ...) NOT-FOR-US: Ashlar-Vellum CVE-2023-39427 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 S ...) NOT-FOR-US: Ashlar-Vellum CVE-2023-32116 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tota ...) NOT-FOR-US: WordPress plugin CVE-2023-31419 (A flaw was discovered in Elasticsearch, affecting the _search API that ...) - elasticsearch CVE-2023-31418 (An issue has been identified with how Elasticsearch handled incoming r ...) - elasticsearch CVE-2023-31416 (Secret token configuration is never applied when using ECK <2.8 with A ...) NOT-FOR-US: Elastic Cloud on Kubernetes CVE-2023-5139 (Potential buffer overflow vulnerability at the following location in t ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization bypass b ...) NOT-FOR-US: admin panel for Obl.ong CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) {DLA-3797-1} - frr 9.1-0.1 (bug #1055852) NOTE: Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master) NOTE: Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch) CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It mishandles ...) {DLA-3797-1} - frr 9.1-0.1 (bug #1055852) NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master) NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch) CVE-2023-46668 (If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-defa ...) NOT-FOR-US: Elastic Endpoint CVE-2023-46667 (An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where ...) NOT-FOR-US: Elastic Fleet Server CVE-2023-46584 (SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing ...) NOT-FOR-US: PHPGurukul CVE-2023-46583 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (Ni ...) NOT-FOR-US: PHPGurukul CVE-2023-46345 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via ...) - catdoc (unimportant) NOTE: Crash in CLI tool, no security impact CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to versio ...) {DLA-3669-1} - cryptojs 3.1.2+dfsg-4 (bug #1055525) [bookworm] - cryptojs (Minor issue) [bullseye] - cryptojs (Minor issue) NOTE: https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf NOTE: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a (4.2.0) CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...) NOT-FOR-US: era-compiler-vyper CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...) - twisted 23.10.0-1 (bug #1054913) [bookworm] - twisted (Minor issue) [bullseye] - twisted (Minor issue) [buster] - twisted (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...) NOT-FOR-US: D-Tale CVE-2023-46133 (CryptoES is a cryptography algorithms library compatible with ES6 and ...) NOT-FOR-US: CryptoES CVE-2023-45137 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-43906 (Xolo CMS v0.11 was discovered to contain a reflected cross-site script ...) NOT-FOR-US: Xolo CMS CVE-2023-43905 (Incorrect access control in writercms v1.1.0 allows attackers to direc ...) NOT-FOR-US: writercms CVE-2023-38849 (An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtai ...) NOT-FOR-US: tire-sales Line CVE-2023-38848 (An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker ...) NOT-FOR-US: rmc R Beauty CLINIC Line CVE-2023-38847 (An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to ...) NOT-FOR-US: CHRISTINA JAPAN Line CVE-2023-38846 (An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obt ...) NOT-FOR-US: Marbre Lapin Line CVE-2023-38845 (An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote ...) NOT-FOR-US: Anglaise Company Anglaise.Company CVE-2023-31422 (An issue was discovered by Elastic whereby sensitive information is re ...) - kibana (bug #700337) CVE-2023-31421 (It was discovered that when acting as TLS clients, Beats, Elastic Agen ...) NOT-FOR-US: Elastic CVE-2023-45872 - qt6-svg (Doesn't affect any version uploaded to unstable) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067 CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Linux K ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 6.5.10-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7) CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or checking e ...) - openssl 3.0.12-2 (bug #1055473) [bookworm] - openssl (Minor issue; can be fixed along with future update) [bullseye] - openssl (Minor issue; can be fixed along with future update) [buster] - openssl (Minor issue; can be fixed along with future update) NOTE: https://www.openssl.org/news/secadv/20231106.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0.y) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c (for 1.1.1y) CVE-2023-5671 (HP Print and Scan Doctor for Windows may potentially be vulnerable to ...) NOT-FOR-US: HP CVE-2023-46564 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46563 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46562 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46560 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46559 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46558 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46557 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46556 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46555 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46554 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46553 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46552 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46551 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46550 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46549 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46548 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46547 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46546 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46545 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46544 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46543 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46542 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46541 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46540 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) NOT-FOR-US: TOTOLINK CVE-2023-46539 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46538 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46537 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46536 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46535 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46534 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46527 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46526 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46525 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46520 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) NOT-FOR-US: TP-LINK CVE-2023-46518 (Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command ex ...) NOT-FOR-US: Mercury A15 CVE-2023-46424 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46423 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46422 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46421 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46420 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46419 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46418 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46417 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46416 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46415 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46414 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) NOT-FOR-US: TOTOLINK CVE-2023-46413 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46412 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46411 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46410 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46409 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46408 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-46396 (Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex ...) NOT-FOR-US: Audimex CVE-2023-46102 (The Android Client application, when enrolled to the AppHub server, co ...) NOT-FOR-US: Bosch CVE-2023-45851 (The Android Client application, when enrolled to the AppHub server,con ...) NOT-FOR-US: Bosch CVE-2023-45844 (The vulnerability allows a low privileged user that have access to the ...) NOT-FOR-US: Bosch CVE-2023-45321 (The Android Client application, when enrolled with the define method ...) NOT-FOR-US: Bosch CVE-2023-45220 (The Android Client application, when enrolled with the define method 1 ...) NOT-FOR-US: Bosch CVE-2023-45136 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-45135 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-45134 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-43488 (The vulnerability allows a low privileged (untrusted) application to m ...) NOT-FOR-US: Bosch CVE-2023-42861 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-42857 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-42856 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-42852 (A logic issue was addressed with improved checks. This issue is fixed ...) {DSA-5557-1} - webkit2gtk 2.42.2-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.2-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2023-42850 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2023-42849 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42847 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-42846 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-42845 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-42844 (This issue was addressed with improved handling of symlinks. This issu ...) NOT-FOR-US: Apple CVE-2023-42842 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-42841 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42494 (EisBaer Scada - CWE-749: Exposed Dangerous Method or Function) NOT-FOR-US: EisBaer Scada CVE-2023-42493 (EisBaer Scada - CWE-256: Plaintext Storage of a Password) NOT-FOR-US: EisBaer Scada CVE-2023-42492 (EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key) NOT-FOR-US: EisBaer Scada CVE-2023-42491 (EisBaer Scada - CWE-285: Improper Authorization) NOT-FOR-US: EisBaer Scada CVE-2023-42490 (EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unaut ...) NOT-FOR-US: EisBaer Scada CVE-2023-42489 (EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical ...) NOT-FOR-US: EisBaer Scada CVE-2023-42488 (EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restric ...) NOT-FOR-US: EisBaer Scada CVE-2023-42438 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2023-41997 (This issue was addressed by restricting options offered on a locked de ...) NOT-FOR-US: Apple CVE-2023-41989 (The issue was addressed by restricting options offered on a locked dev ...) NOT-FOR-US: Apple CVE-2023-41988 (This issue was addressed by restricting options offered on a locked de ...) NOT-FOR-US: Apple CVE-2023-41983 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5557-1} - webkit2gtk 2.42.2-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.2-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2023-41982 (This issue was addressed by restricting options offered on a locked de ...) NOT-FOR-US: Apple CVE-2023-41977 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-41976 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-41975 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-41960 (The vulnerability allows an unprivileged(untrusted) third-party applic ...) NOT-FOR-US: Bosch CVE-2023-41372 (The vulnerability allows an unprivileged (untrusted) third- party appl ...) NOT-FOR-US: Bosch CVE-2023-41255 (The vulnerability allows an unprivileged user with access to the subne ...) NOT-FOR-US: Bosch CVE-2023-41254 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-41077 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41072 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40449 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40447 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40445 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-40444 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40425 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40423 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40421 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40416 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40413 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-40408 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2023-40405 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40404 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-40401 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-3010 (Grafana is an open-source platform for monitoring and observability. ...) NOT-FOR-US: Grafana plugin CVE-2023-37913 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37912 (XWiki Rendering is a generic Rendering system that converts textual in ...) NOT-FOR-US: XWiki CVE-2023-37911 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37910 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37909 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37908 (XWiki Rendering is a generic Rendering system that converts textual in ...) NOT-FOR-US: XWiki CVE-2023-34447 (iTop is an open source, web-based IT service management platform. Prio ...) NOT-FOR-US: iTop CVE-2023-34446 (iTop is an open source, web-based IT service management platform. Prio ...) NOT-FOR-US: iTop CVE-2023-32359 (This issue was addressed with improved redaction of sensitive informat ...) {DSA-5527-1} - webkit2gtk 2.42.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.0-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time compari ...) NOT-FOR-US: Jenkins plugin CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac ...) NOT-FOR-US: Jenkins plugin CVE-2023-46658 (Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-co ...) NOT-FOR-US: Jenkins plugin CVE-2023-46657 (Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time compar ...) NOT-FOR-US: Jenkins plugin CVE-2023-46656 (Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses ...) NOT-FOR-US: Jenkins plugin CVE-2023-46655 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...) NOT-FOR-US: Jenkins plugin CVE-2023-46654 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...) NOT-FOR-US: Jenkins plugin CVE-2023-46653 (Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATE ...) NOT-FOR-US: Jenkins plugin CVE-2023-46652 (A missing permission check in Jenkins lambdatest-automation Plugin 1.2 ...) NOT-FOR-US: Jenkins plugin CVE-2023-46651 (Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriat ...) NOT-FOR-US: Jenkins plugin CVE-2023-46650 (Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub pr ...) NOT-FOR-US: Jenkins plugin CVE-2023-5043 (Ingress nginx annotation injection causes arbitrary command execution.) NOT-FOR-US: Kubernetes ingress-nginx CVE-2023-5044 (Code injection via nginx.ingress.kubernetes.io/permanent-redirect anno ...) NOT-FOR-US: Kubernetes ingress-nginx CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have caused ...) - firefox (Only affects Firefox on iOS) NOTE: https://www.mozilla.org/security/advisories/mfsa2023-48/ CVE-2023-5752 (When installing a package from a Mercurial VCS URL (ie "pip install ...) - python-pip 23.3+dfsg-1 [bookworm] - python-pip (Minor issue) [bullseye] - python-pip (Minor issue) [buster] - python-pip (Minor issue) NOTE: https://github.com/pypa/pip/pull/12306 NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...) NOT-FOR-US: WordPress plugin CVE-2023-4608 (An authenticated XCC user with elevated privileges can perform blind S ...) NOT-FOR-US: Lenovo CVE-2023-4607 (An authenticated XCC user can change permissions for any user through ...) NOT-FOR-US: Lenovo CVE-2023-4606 (An authenticated XCC user with Read-Only permission can change a diffe ...) NOT-FOR-US: Lenovo CVE-2023-46574 (An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote att ...) NOT-FOR-US: TOTOLINK CVE-2023-46358 (In the module "Referral and Affiliation Program" (referralbyphone) ver ...) NOT-FOR-US: PrestaShop module CVE-2023-46347 (In the module "Step by Step products Pack" (ndk_steppingpack) version ...) NOT-FOR-US: PrestaShop module CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...) NOT-FOR-US: PrestaShop module CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 co ...) NOT-FOR-US: IBM CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...) [experimental] - python-werkzeug 3.0.1-1 - python-werkzeug 3.0.1-2 (bug #1054553) [bookworm] - python-werkzeug (Minor issue) [bullseye] - python-werkzeug (Minor issue) [buster] - python-werkzeug (Minor issue) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1) CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. ...) NOT-FOR-US: rs-stellar-strkey CVE-2023-46126 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-46125 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-46124 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-46123 (jumpserver is an open source bastion machine, professional operation a ...) NOT-FOR-US: JumpServer CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based application ...) NOT-FOR-US: RabbitMQ Java client library CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...) {DSA-5571-1 DLA-3687-1} - rabbitmq-server 3.10.8-3 (bug #1056723) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708 CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) NOT-FOR-US: zzzCMS CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) NOT-FOR-US: zzzCMS CVE-2023-44794 (An issue in Dromara SaToken version 1.36.0 and before allows a remote ...) NOT-FOR-US: Dromara SaToken CVE-2023-44769 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) NOT-FOR-US: Zenario CMS CVE-2023-44767 (A File upload vulnerability in RiteCMS 3.0 allows a local attacker to ...) NOT-FOR-US: RiteCMS CVE-2023-43961 (An issue in Dromara SaToken version 1.3.50RC and before when using Spr ...) NOT-FOR-US: Dromara SaToken CVE-2023-43795 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2023-43360 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-41721 (Instances of UniFi Network Application that (i) are run on a UniFi Gat ...) NOT-FOR-US: UniFi Network Application CVE-2023-41339 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: GeoServer CVE-2023-3112 (A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ...) NOT-FOR-US: Lenovo CVE-2023-39930 (A first-factor authentication bypass vulnerability exists in the PingF ...) NOT-FOR-US: PingFederate CVE-2023-39740 (The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allo ...) NOT-FOR-US: Onigiriya-musubee Line CVE-2023-39739 (The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 a ...) NOT-FOR-US: REGINA SWEETS&BAKERY Line CVE-2023-39737 (The leakage of the client secret in Matsuya Line 13.6.1 allows attacke ...) NOT-FOR-US: Matsuya Line CVE-2023-39736 (The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 a ...) NOT-FOR-US: Fukunaga_memberscard Line CVE-2023-39735 (The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allo ...) NOT-FOR-US: Uomasa_Saiji_news Line CVE-2023-39734 (The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_ ...) NOT-FOR-US: VISION MEAT WORKS TrackDiner10/10_mc Line CVE-2023-39733 (The leakage of the client secret in TonTon-Tei Line v13.6.1 allows att ...) NOT-FOR-US: TonTon-Tei Line CVE-2023-39732 (The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 all ...) NOT-FOR-US: Tokueimaru_waiting Line CVE-2023-39219 (PingFederate Administrative Console dependency contains a weakness whe ...) NOT-FOR-US: PingFederate CVE-2023-38041 (A logged in user may elevate its permissions by abusing a Time-of-Chec ...) NOT-FOR-US: Ivanti CVE-2023-37283 (Under a very specific and highly unrecommended configuration, authenti ...) NOT-FOR-US: PingFederate CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host he ...) NOT-FOR-US: sisqualWFM CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, it is p ...) NOT-FOR-US: AWS CVE-2023-34056 (vCenter Server contains a partial information disclosure vulnerability ...) NOT-FOR-US: VMware CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability in the im ...) NOT-FOR-US: VMware CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration count of ...) - libjose4j-java 0.7.12-2 (bug #1054872) NOTE: https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then NOTE: Fixed by: https://bitbucket.org/b_c/jose4j/commits/1929fe3 (jose4j/0.9.3) CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.) NOT-FOR-US: Dromara Sureness CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any ...) NOT-FOR-US: light-oauth2 CVE-2023-6478 (A flaw was found in xorg-server. A specially crafted request to RRChan ...) {DSA-5576-1 DLA-3686-1} - xorg-server 2:21.1.10-1 - xwayland 2:23.2.3-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button actio ...) {DSA-5576-2 DSA-5576-1 DLA-3686-2 DLA-3686-1} - xorg-server 2:21.1.10-1 - xwayland 2:23.2.3-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...) - xorg-server (bug #1055426) [bookworm] - xorg-server (Minor issue) [bullseye] - xorg-server (Minor issue) [buster] - xorg-server (Minor issue) NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189 CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X server cr ...) {DSA-5534-1 DLA-3631-1} - xorg-server 2:21.1.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7 CVE-2023-5367 (A out-of-bounds write flaw was found in the xorg-x11-server. This issu ...) {DSA-5534-1 DLA-3631-1} - xorg-server 2:21.1.9-1 - xwayland 2:23.2.2-1 [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a CVE-2023-5472 (Use after free in Profiles in Google Chrome prior to 118.0.5993.117 al ...) {DSA-5536-1} - chromium 118.0.5993.117-1 [buster] - chromium (see DSA 5046) CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) NOT-FOR-US: Synology CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...) NOT-FOR-US: TP-Link CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...) NOT-FOR-US: TP-Link CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via ...) NOT-FOR-US: Tenda CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...) NOT-FOR-US: Tenda CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...) NOT-FOR-US: WordPress plugin CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) NOT-FOR-US: WordPress plugin CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...) NOT-FOR-US: WordPress plugin CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing ...) NOT-FOR-US: WordPress plugin CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...) NOT-FOR-US: WordPress plugin CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...) NOT-FOR-US: WordPress plugin CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...) NOT-FOR-US: WordPress plugin CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...) NOT-FOR-US: WordPress plugin CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...) NOT-FOR-US: Nautobot CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...) NOT-FOR-US: WordPress plugin CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...) NOT-FOR-US: WordPress plugin CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...) NOT-FOR-US: WordPress plugin CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...) NOT-FOR-US: SeaCMS CVE-2023-45960 REJECTED CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...) NOT-FOR-US: WordPress plugin CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn L ...) NOT-FOR-US: WordPress plugin CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lead ...) NOT-FOR-US: WordPress plugin CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) NOT-FOR-US: WordPress plugin CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...) NOT-FOR-US: WordPress plugin CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpsp ...) NOT-FOR-US: WordPress plugin CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Rav ...) NOT-FOR-US: WordPress plugin CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) NOT-FOR-US: WordPress plugin CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Woka ...) NOT-FOR-US: WordPress plugin CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-45761 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii S ...) NOT-FOR-US: WordPress plugin CVE-2023-45759 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Ke ...) NOT-FOR-US: WordPress plugin CVE-2023-45758 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider T ...) NOT-FOR-US: WordPress plugin CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Budd ...) NOT-FOR-US: WordPress plugin CVE-2023-45754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH ...) NOT-FOR-US: WordPress plugin CVE-2023-45747 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed ...) NOT-FOR-US: WordPress plugin CVE-2023-45646 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45644 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anur ...) NOT-FOR-US: WordPress plugin CVE-2023-45640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45637 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...) NOT-FOR-US: WordPress plugin CVE-2023-45634 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc ...) NOT-FOR-US: WordPress plugin CVE-2023-43510 (A vulnerability in the ClearPass Policy Manager web-basedmanagement in ...) NOT-FOR-US: Aruba CVE-2023-43509 (A vulnerability in the web-based management interface ofClearPass Poli ...) NOT-FOR-US: Aruba CVE-2023-43508 (Vulnerabilities in the web-based management interface ofClearPass Poli ...) NOT-FOR-US: Aruba CVE-2023-43507 (A vulnerability in the web-based management interface ofClearPass Poli ...) NOT-FOR-US: Aruba CVE-2023-43506 (A vulnerability in the ClearPass OnGuard Linux agent couldallow malici ...) NOT-FOR-US: Aruba CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard C ...) NOT-FOR-US: IBM CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitc ...) NOT-FOR-US: WordPress plugin CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a ...) NOT-FOR-US: Node Email Check module CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...) NOT-FOR-US: PingFederate CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5732 CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs showed e ...) - firefox 119.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox 119.0-1 - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5730 CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneously tr ...) - firefox 119.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729 CVE-2023-5728 (During garbage collection extra operations were performed on a object ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox 119.0-1 - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5728 CVE-2023-5727 (The executable file warning was not presented when downloading .msix, ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5727 CVE-2023-5726 (A website could have obscured the full screen notification by using th ...) - firefox (Only affects Firefox on MacOS) - firefox-esr (Only affects Firefox ESR on MacOS) - thunderbird (Only affects Thunderbird on MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox 119.0-1 - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox 119.0-1 - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5724 CVE-2023-5723 (An attacker with temporary script access to a site could have set a co ...) - firefox 119.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723 CVE-2023-5722 (Using iterative requests an attacker was able to learn the size of an ...) - firefox 119.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...) {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} - firefox 119.0-1 - firefox-esr 115.4.0esr-1 - thunderbird 1:115.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5721 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) NOT-FOR-US: Synology CVE-2023-5363 (Issue summary: A bug has been identified in the processing of key and ...) {DSA-5532-1} - openssl 3.0.12-1 [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) NOTE: https://www.openssl.org/news/secadv/20231024.txt CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) NOT-FOR-US: Geeklog-Core geeklog CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) NOT-FOR-US: Geeklog-Core geeklog CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...) NOT-FOR-US: kodbox CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...) NOT-FOR-US: WenwenaiCMS CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...) NOT-FOR-US: umputun remark42 CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...) NOT-FOR-US: Concrete CMS CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...) NOTE: Duplicate of CVE-2023-45664 CVE-2023-39817 REJECTED CVE-2023-39816 REJECTED CVE-2023-39815 REJECTED CVE-2023-39814 REJECTED CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community ...) NOT-FOR-US: UVDesk Community Skeleton CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...) NOT-FOR-US: UVDesk Community Skeleton CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...) NOT-FOR-US: carRental CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...) - linux 6.5.8-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6) CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data back t ...) NOT-FOR-US: Vue.js Devtools extension CVE-2023-5246 (Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways wi ...) NOT-FOR-US: SICK CVE-2023-46603 (In International Color Consortium DemoIccMAX 79ecb74, there is an out- ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-46602 (In International Color Consortium DemoIccMAX 79ecb74, there is a stack ...) NOT-FOR-US: International Color Consortium DemoIccMAX CVE-2023-46332 (WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataS ...) - wabt (bug #1055299) [bookworm] - wabt (Minor issue) [bullseye] - wabt (Minor issue) [buster] - wabt (Minor issue) NOTE: https://github.com/WebAssembly/wabt/issues/2311 CVE-2023-46331 (WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegm ...) - wabt (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/2310 NOTE: Crash in CLI tool, no security impact CVE-2023-46127 (Frappe is a full-stack web application framework that uses Python and ...) NOT-FOR-US: Frappe Framework CVE-2023-46122 (sbt is a build tool for Scala, Java, and others. Given a specially cra ...) NOT-FOR-US: sbt CVE-2023-43074 (Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A ...) NOT-FOR-US: Dell CVE-2023-43067 (Dell Unity prior to 5.3 contains an XML External Entity injection vuln ...) NOT-FOR-US: Dell CVE-2023-43066 (Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerabili ...) NOT-FOR-US: Dell CVE-2023-43065 (Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. ...) NOT-FOR-US: Dell CVE-2023-43045 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could ...) NOT-FOR-US: IBM CVE-2023-42295 (An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to ex ...) - openimageio 2.4.16.0+dfsg-1 (bug #1054873) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) [buster] - openimageio (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3948 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/15750af31a5d130ea63ac133453eb5448cefa636 (v2.5.3.0-beta1) NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/672ed4c445ebefd5581974c27e28ef717fb6c401 (v2.4.15.0) CVE-2023-38722 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) NOT-FOR-US: IBM CVE-2023-37532 (HCL Commerce Remote Store server could allow a remote attacker, using ...) NOT-FOR-US: HCL CVE-2023-33840 (IBM Security Verify Governance 10.0 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2023-33839 (IBM Security Verify Governance 10.0 could allow a remote authenticated ...) NOT-FOR-US: IBM CVE-2023-33837 (IBM Security Verify Governance 10.0 does not encrypt sensitive or crit ...) NOT-FOR-US: IBM CVE-2023-46288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - airflow (bug #819700) CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scrip ...) - traceroute 1:2.1.3-1 [bookworm] - traceroute (Minor issue) [bullseye] - traceroute (Minor issue) [buster] - traceroute (Minor issue) NOTE: https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ CVE-2023-46586 - weborf 1.0-1 (bug #1054417) [bookworm] - weborf 0.19-2.1+deb12u1 [bullseye] - weborf 0.17-3+deb11u1 [buster] - weborf (Vulnerable code introduced later) NOTE: https://github.com/ltworf/weborf/pull/88 NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0) NOTE: Introduced by: https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991 (0.16) CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and ...) NOT-FOR-US: Viessmann Vitogate 300 CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and classi ...) NOT-FOR-US: vnotex vnote CVE-2023-5700 (A vulnerability, which was classified as critical, was found in Netent ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5699 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5698 (A vulnerability classified as problematic was found in CodeAstro Inter ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5697 (A vulnerability classified as problematic has been found in CodeAstro ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 1.0 and ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is u ...) NOT-FOR-US: free5GC CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) NOT-FOR-US: iTerm2 CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) NOT-FOR-US: iTerm2 CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthen ...) NOT-FOR-US: WALLIX Bastion CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon receiv ...) {DSA-5633-1} - knot-resolver 5.7.0-1 [bullseye] - knot-resolver (Minor issue) [buster] - knot-resolver (Minor issue) NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 NOTE: https://github.com/CZ-NIC/knot-resolver/commit/7aec8ebdf1428afcb7f5bc62764149ffeaf3d3fe (v6.0.6) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/49876a99ba9ee2dc7ca4b4bfb5431891974bdf10 (v5.7.0) CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...) NOT-FOR-US: Stable Diffusion webui Infinite Image Browsing CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth ...) NOT-FOR-US: WordPress plugin CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback U ...) NOT-FOR-US: WordPress plugin CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...) NOT-FOR-US: WordPress plugin CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4 ...) NOT-FOR-US: CX-Designer CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...) NOT-FOR-US: NetModule Router Software CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...) - calibre 6.19.1-1 [bookworm] - calibre 6.13.0+repack-2+deb12u3 [bullseye] - calibre (Minor issue) [buster] - calibre (Minor issue) NOTE: https://github.com/0x1717/ssrf-via-img NOTE: https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b (v6.19.0) CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) before 2.15 ...) NOT-FOR-US: Django Grappelli CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or co ...) NOT-FOR-US: Wagtail CRX CodeRed Extensions CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...) - squid 6.1-1 [bookworm] - squid (unsupported, Gopher support has been removed upstream) [bullseye] - squid (unsupported, Gopher support has been removed upstream) [buster] - squid (unsupported, Gopher support has been removed upstream) NOTE: No code fix, gopher support was removed: NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...) {DSA-5637-1} - squid 6.5-1 (bug #1055252) [buster] - squid (Doesn't build with OpenSSL yet) NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3 NOTE: https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attacker can ...) - squid 6.5-1 (bug #1055251) [bookworm] - squid 5.7-2+deb12u1 [bullseye] - squid (Vulnerable code not present) [buster] - squid (Vulnerable code not present) - squid3 (Vulnerable code not present) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote attacker c ...) {DSA-5637-1 DLA-3709-1} - squid 6.5-1 (bug #1055250) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3 NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and HTTPS ...) - squid 6.5-1 (bug #1055249) [bookworm] - squid (Minor impact, too intrusive to backport to 5.x) [bullseye] - squid (Minor impact, too intrusive to backport to 5.x) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 NOTE: https://megamansec.github.io/Squid-Security-Audit/cache-headers.html CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...) {DSA-5637-1 DLA-3709-1} - squid 6.5-1 (bug #1054537) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh CVE-2023-5178 (A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...) {DSA-5594-1 DLA-3711-1} - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241924 NOTE: https://git.kernel.org/linus/d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd NOTE: https://www.openwall.com/lists/oss-security/2023/10/15/1 CVE-2023-5625 (A regression was introduced in the Red Hat build of python-eventlet du ...) - python-eventlet (Red Hat-specific regression) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2244717 CVE-2023-39333 {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1054892) [bullseye] - nodejs (Only affects 18.x and later) [buster] - nodejs (Only affects 18.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333 NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when performing RS ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1 DLA-3757-1} - firefox 124.0-1 - firefox-esr 115.9.0esr-1 - nss 2:3.98-1 (bug #1056284) [bookworm] - nss (Minor issue) [bullseye] - nss (Minor issue) - thunderbird 1:115.9.0-1 NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: Vendor patch (Rocky Linux, not upstreamed): https://git.rockylinux.org/staging/rpms/nss/-/commit/1f7f7523b61a2ada2f461548c4160fbbf979c5dd NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/196716d8377ab427e326f20bff2d026e90ac69e2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2023-5388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2023-5388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2023-5388 CVE-2023-5551 (Separate Groups mode restrictions were not honoured in the forum summa ...) - moodle CVE-2023-5550 (In a shared hosting environment that has been misconfigured to allow a ...) - moodle CVE-2023-5549 (Insufficient web service capability checks made it possible to move ca ...) - moodle CVE-2023-5548 (Stronger revision number limitations were required on file serving end ...) - moodle CVE-2023-5547 (The course upload preview contained an XSS risk for users uploading un ...) - moodle CVE-2023-5546 (ID numbers displayed in the quiz grading report required additional sa ...) - moodle CVE-2023-5545 (H5P metadata automatically populated the author with the user's userna ...) - moodle CVE-2023-5544 (Wiki comments required additional sanitizing and access restrictions t ...) - moodle CVE-2023-5539 (A remote code execution risk was identified in the Lesson activity. By ...) - moodle CVE-2023-5540 (A remote code execution risk was identified in the IMSCP activity. By ...) - moodle CVE-2023-5541 (The CSV grade import method contained an XSS risk for users importing ...) - moodle CVE-2023-5542 (Students in "Only see own membership" groups could see other students ...) - moodle CVE-2023-5543 (When duplicating a BigBlueButton activity, the original meeting ID was ...) - moodle CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...) NOT-FOR-US: iTerm2 CVE-2023-46300 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...) NOT-FOR-US: iTerm2 CVE-2023-46298 (Next.js before 13.4.20-canary.13 lacks a cache-control header and thus ...) NOT-FOR-US: Next.js CVE-2023-46078 (Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Seria ...) NOT-FOR-US: WordPress plugin CVE-2023-46067 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Fon ...) NOT-FOR-US: WordPress plugin CVE-2023-38735 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...) NOT-FOR-US: IBM CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...) NOT-FOR-US: IBM CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface between Ruby ...) {DLA-3625-1} - ruby-rmagick 5.3.0-1 [bookworm] - ruby-rmagick (Minor issue) [bullseye] - ruby-rmagick (Minor issue) NOTE: https://github.com/rmagick/rmagick/pull/1406 NOTE: https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0) CVE-2023-5684 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-5683 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-5682 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) NOT-FOR-US: Tongda OA CVE-2023-5681 (A vulnerability, which was classified as critical, was found in Netent ...) NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2023-5205 (The Add Custom Body Class plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5132 (The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unau ...) NOT-FOR-US: WordPress plugin CVE-2023-4939 (The SALESmanago plugin for WordPress is vulnerable to Log Injection in ...) NOT-FOR-US: WordPress plugin CVE-2023-4635 (The EventON plugin for WordPress is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-46055 (An issue in ThingNario Photon v.1.0 allows a remote attacker to execut ...) NOT-FOR-US: ThingNario Photon CVE-2023-46054 (Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and befor ...) NOT-FOR-US: WBCE CMS CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: I-doit pro CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 15) NOTE: https://github.com/nothings/stb/pull/1560 CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 14) NOTE: https://github.com/nothings/stb/pull/1559 CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 13) NOTE: https://github.com/nothings/stb/pull/1558 CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 12) NOTE: https://github.com/nothings/stb/pull/1557 CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 11) NOTE: https://github.com/nothings/stb/pull/1556 CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 10) NOTE: https://github.com/nothings/stb/pull/1555 CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 9) NOTE: https://github.com/nothings/stb/pull/1554 CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 8) NOTE: https://github.com/nothings/stb/issues/1552 NOTE: https://github.com/nothings/stb/pull/1553 CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 7) NOTE: https://github.com/nothings/stb/issues/1550 NOTE: https://github.com/nothings/stb/pull/1551 CVE-2023-45666 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 6) NOTE: https://github.com/nothings/stb/issues/1548 NOTE: https://github.com/nothings/stb/pull/1549 CVE-2023-45664 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 4) NOTE: https://github.com/nothings/stb/issues/1542 NOTE: https://github.com/nothings/stb/pull/1545 CVE-2023-45663 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 3) NOTE: https://github.com/nothings/stb/issues/1542 NOTE: https://github.com/nothings/stb/pull/1543 CVE-2023-45662 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 2) NOTE: https://github.com/nothings/stb/issues/1540 NOTE: https://github.com/nothings/stb/pull/1541 CVE-2023-45661 (stb_image is a single file MIT licensed library for processing images. ...) - libstb (bug #1054911) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 1) NOTE: https://github.com/nothings/stb/issues/1538 NOTE: https://github.com/nothings/stb/pull/1539 CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) NOT-FOR-US: opensolution Quick CMS CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keep ...) NOT-FOR-US: SuperWebMailer CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remo ...) NOT-FOR-US: SuperWebMailer CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows supe ...) NOT-FOR-US: SuperWebMailer CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spam ...) NOT-FOR-US: SuperWebMailer CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Expo ...) NOT-FOR-US: SuperWebMailer CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an attacker to f ...) NOT-FOR-US: Langchain CVE-2023-32785 REJECTED CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo ...) NOT-FOR-US: mosparo CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1055854) NOTE: https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 NOTE: https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) - nagvis 1:1.9.38-1 [bookworm] - nagvis (Minor issue) [bullseye] - nagvis (Minor issue) [buster] - nagvis (Minor issue) NOTE: https://github.com/NagVis/nagvis/pull/356 NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38) CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) NOT-FOR-US: reconFTW CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...) - pdm (bug #1054428) [bookworm] - pdm (Minor issue) NOTE: https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) - libxml-security-java (bug #1059313) [bookworm] - libxml-security-java (Minor issue) [bullseye] - libxml-security-java (Minor issue) [buster] - libxml-security-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5 NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...) NOT-FOR-US: FortiGuard CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...) NOT-FOR-US: WordPress theme CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress theme CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress theme CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and ...) NOT-FOR-US: Silicon Labs Gecko Bootloader CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was discovered to ...) NOT-FOR-US: Sitolog sitologapplicationconnect CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Tim ...) NOT-FOR-US: VMware CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege escalation ...) NOT-FOR-US: VMware CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) ...) NOT-FOR-US: VMware CVE-2023-5090 (A flaw was found in KVM. An improper check in svm_set_x2apic_msr_inter ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b65235f6e102354ccafda601eaa1c5bef5284d21 CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5656 REJECTED CVE-2023-5655 REJECTED CVE-2023-5647 REJECTED CVE-2023-5646 REJECTED CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) NOT-FOR-US: WordPress plugin CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...) NOT-FOR-US: M-Files CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...) NOT-FOR-US: M-Files CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...) NOT-FOR-US: WordPress plugin CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2023-4947 (The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable ...) NOT-FOR-US: WooCommerce plugin CVE-2023-4943 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) NOT-FOR-US: WordPress plugin CVE-2023-4942 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4941 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) NOT-FOR-US: WordPress plugin CVE-2023-4940 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4937 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4935 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4926 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4924 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) NOT-FOR-US: WordPress plugin CVE-2023-4923 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4920 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) NOT-FOR-US: WordPress plugin CVE-2023-4919 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2023-4796 (The Booster for WooCommerce for WordPress is vulnerable to Information ...) NOT-FOR-US: WooCommerce plugin CVE-2023-4668 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...) NOT-FOR-US: WordPress plugin CVE-2023-4648 (The WP Customer Reviews plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2023-4598 (The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injec ...) NOT-FOR-US: WordPress plugin CVE-2023-4488 (The Dropbox Folder Share for WordPress is vulnerable to Local File Inc ...) NOT-FOR-US: WordPress plugin CVE-2023-4482 (The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-4402 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2023-4386 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2023-4274 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...) - rust-pleaser (bug #1054289) [bookworm] - rust-pleaser (Minor issue) [bullseye] - rust-pleaser (Minor issue) NOTE: https://gitlab.com/edneville/please/-/issues/13 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html CVE-2023-46267 REJECTED CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2023-45823 (Artifact Hub is a web-based application that enables finding, installi ...) NOT-FOR-US: Artifact Hub CVE-2023-45822 (Artifact Hub is a web-based application that enables finding, installi ...) NOT-FOR-US: Artifact Hub CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, installi ...) NOT-FOR-US: Artifact Hub CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) - tinymce [buster] - tinymce (Minor issue) CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...) - tinymce [buster] - tinymce (Minor issue) CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...) NOT-FOR-US: ArchiveBox CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...) NOT-FOR-US: QAD Search Server CVE-2023-45394 (Stored Cross-Site Scripting (XSS) vulnerability in the Company field i ...) NOT-FOR-US: Small CRM CVE-2023-45280 (Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its p ...) NOT-FOR-US: Yamcs CVE-2023-45279 (Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its p ...) NOT-FOR-US: Yamcs CVE-2023-44690 (Inadequate encryption strength in mycli 1.27.0 allows attackers to vie ...) - mycli (unimportant) NOTE: Negligible security impact CVE-2023-44385 (The Home Assistant Companion for iOS and macOS app up to version 2023. ...) NOT-FOR-US: Home Assistant Companion CVE-2023-43875 (Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of ...) NOT-FOR-US: Subrion CMS CVE-2023-43359 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43345 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) NOT-FOR-US: Quick CMS CVE-2023-43344 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) NOT-FOR-US: Quick CMS CVE-2023-43342 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) NOT-FOR-US: Quick CMS CVE-2023-43341 (Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allo ...) NOT-FOR-US: Evolution CMS CVE-2023-43340 (Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a ...) NOT-FOR-US: Evolution CMS CVE-2023-41899 (Home assistant is an open source home automation. In affected versions ...) NOT-FOR-US: Home assistant CVE-2023-41898 (Home assistant is an open source home automation. The Home Assistant C ...) NOT-FOR-US: Home assistant CVE-2023-41897 (Home assistant is an open source home automation. Home Assistant serve ...) NOT-FOR-US: Home assistant CVE-2023-41896 (Home assistant is an open source home automation. Whilst auditing the ...) NOT-FOR-US: Home assistant CVE-2023-41895 (Home assistant is an open source home automation. The Home Assistant l ...) NOT-FOR-US: Home assistant CVE-2023-41894 (Home assistant is an open source home automation. The assessment verif ...) NOT-FOR-US: Home assistant CVE-2023-41893 (Home assistant is an open source home automation. The audit team\u2019 ...) NOT-FOR-US: Home assistant CVE-2023-40361 (SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the preview ...) NOT-FOR-US: SECUDOS Qiata CVE-2023-3998 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...) NOT-FOR-US: WordPress plugin CVE-2023-3996 (The ARMember Lite - Membership Plugin for WordPress is vulnerable to S ...) NOT-FOR-US: WordPress plugin CVE-2023-3869 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...) NOT-FOR-US: WordPress plugin CVE-2023-39731 (The leakage of the client secret in Kaibutsunosato v13.6.1 allows atta ...) NOT-FOR-US: Kaibutsunosato CVE-2023-39680 (Sollace Unicopia version 1.1.1 and before was discovered to deserializ ...) NOT-FOR-US: Sollace Unicopia CVE-2023-34052 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...) NOT-FOR-US: Vmware CVE-2023-34051 (VMware Aria Operations for Logs contains an authentication bypass vuln ...) NOT-FOR-US: Vmware CVE-2023-2325 (Stored XSS Vulnerability in M-Files Classic Web versions before 23.10a ...) NOT-FOR-US: M-Files CVE-2022-4954 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2021-4418 (The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-4353 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...) NOT-FOR-US: WooCommerce plugin CVE-2020-36759 (The Woody code snippets plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2020-36758 (The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: WordPress plugin CVE-2020-36755 (The Customizr theme for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress theme CVE-2020-36754 (The Paid Memberships Pro plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin CVE-2020-36753 (The Hueman theme for WordPress is vulnerable to Cross-Site Request For ...) NOT-FOR-US: WordPress plugin CVE-2020-36751 (The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2020-36714 (The Brizy plugin for WordPress is vulnerable to authorization bypass d ...) NOT-FOR-US: WordPress plugin CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...) {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802 CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...) {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622 CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...) NOT-FOR-US: React Developer Tools extension CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of user-supplied d ...) NOT-FOR-US: Santesoft Sante FFT Imaging CVE-2023-46227 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute ...) NOT-FOR-US: GetSimpleCMS CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL ...) NOT-FOR-US: D-Link CVE-2023-45992 (A vulnerability in the web-based interface of the RUCKUS Cloudpath pro ...) NOT-FOR-US: Ruckus CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Multicast ...) NOT-FOR-US: Qumu Multicast Extension CVE-2023-45826 (Leantime is an open source project management system. A 'userId' varia ...) NOT-FOR-US: Leantime CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the YDB pla ...) NOT-FOR-US: ydb-go-sdk CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-45809 (Wagtail is an open source content management system built on Django. A ...) NOT-FOR-US: Wagtail CVE-2023-45665 REJECTED CVE-2023-45384 (KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestrict ...) NOT-FOR-US: KnowBand supercheckout CVE-2023-45381 (In the module "Creative Popup" (creativepopup) up to version 1.6.9 fro ...) NOT-FOR-US: PrestaShop module CVE-2023-45379 (In the module "Rotator Img" (posrotatorimg) in versions at least up to ...) NOT-FOR-US: PosThemes for PrestaShop CVE-2023-45376 (In the module "Carousels Pack - Instagram, Products, Brands, Supplier" ...) NOT-FOR-US: PrestaShop module CVE-2023-45281 (An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie ...) NOT-FOR-US: Yamcs CVE-2023-45278 (Directory Traversal vulnerability in the storage functionality of the ...) NOT-FOR-US: Yamcs CVE-2023-45277 (Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The v ...) NOT-FOR-US: Yamcs CVE-2023-43986 (DM Concept configurator before v4.9.4 was discovered to contain a SQL ...) NOT-FOR-US: DM Concept configurator (PrestaShop module) CVE-2023-43492 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi conta ...) NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device CVE-2023-43252 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted i ...) NOT-FOR-US: XNSoft Nconvert CVE-2023-43251 (XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a c ...) NOT-FOR-US: XNSoft Nconvert CVE-2023-42666 (The affected product is vulnerable to an exposure of sensitive informa ...) NOT-FOR-US: DEXMA CVE-2023-42435 (The affected product is vulnerable to a cross-site request forgery vul ...) NOT-FOR-US: DEXMA CVE-2023-41089 (The affected product is vulnerable to an improper authentication vulne ...) NOT-FOR-US: DEXMA CVE-2023-41088 (The affected product is vulnerable to a cleartext transmission of sens ...) NOT-FOR-US: DEXMA CVE-2023-40153 (The affected product is vulnerable to a cross-site scripting vulnerabi ...) NOT-FOR-US: DEXMA CVE-2023-40145 (In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can exe ...) NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device CVE-2023-39431 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...) NOT-FOR-US: Sante DICOM Viewer Pro CVE-2023-38584 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi co ...) NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device CVE-2023-38128 (An out-of-bounds write vulnerability exists in the "HyperLinkFrame" st ...) NOT-FOR-US: Ichitaro CVE-2023-38127 (An integer overflow exists in the "HyperLinkFrame" stream parser of Ic ...) NOT-FOR-US: Ichitaro CVE-2023-35986 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...) NOT-FOR-US: Sante DICOM Viewer Pro CVE-2023-35187 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) NOT-FOR-US: SolarWinds CVE-2023-35186 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2023-35185 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) NOT-FOR-US: SolarWinds CVE-2023-35184 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2023-35183 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...) NOT-FOR-US: SolarWinds CVE-2023-35182 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2023-35181 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...) NOT-FOR-US: SolarWinds CVE-2023-35180 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers for bot ...) NOT-FOR-US: Ichitaro CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...) NOT-FOR-US: Ichitaro CVE-2023-45024 (Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information ...) {DSA-5541-1} - request-tracker5 5.0.5+dfsg-1 (bug #1054517) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) CVE-2023-41260 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...) {DSA-5542-1 DSA-5541-1 DLA-3642-1} - request-tracker5 5.0.5+dfsg-1 (bug #1054517) - request-tracker4 4.4.7+dfsg-1 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7) CVE-2023-41259 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...) {DSA-5542-1 DSA-5541-1 DLA-3642-1} - request-tracker5 5.0.5+dfsg-1 (bug #1054517) - request-tracker4 4.4.7+dfsg-1 (bug #1054516) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7) CVE-2023-5639 (The Team Showcase plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-5638 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2023-5336 (The iPanorama 360 \u2013 WordPress Virtual Tour Builder plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-5254 (The ChatBot plugin for WordPress is vulnerable to Sensitive Informatio ...) NOT-FOR-US: WordPress plugin CVE-2023-5241 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...) NOT-FOR-US: WordPress plugin CVE-2023-5212 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...) NOT-FOR-US: WordPress plugin CVE-2023-5204 (The ChatBot plugin for WordPress is vulnerable to SQL Injection via th ...) NOT-FOR-US: WordPress plugin CVE-2023-4645 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...) NOT-FOR-US: WordPress plugin CVE-2023-46229 (LangChain before 0.0.317 allows SSRF via document_loaders/recursive_ur ...) NOT-FOR-US: LanChain-ai Langchain CVE-2023-46228 (zchunk before 1.3.2 has multiple integer overflows via malformed zchun ...) - zchunk 1.3.2+ds1-1 (bug #1054235) [bookworm] - zchunk (Minor issue) [bullseye] - zchunk (Minor issue) NOTE: https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe (1.3.2) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216268 CVE-2023-45958 (Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-si ...) NOT-FOR-US: Thirty Bees Core CVE-2023-45909 (zzzcms v2.2.0 was discovered to contain an open redirect vulnerability ...) NOT-FOR-US: zzzcms CVE-2023-45814 (Bunkum is an open-source protocol-agnostic request server for custom g ...) NOT-FOR-US: Bunkum CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In affected ve ...) NOT-FOR-US: Torbot CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph router wri ...) NOT-FOR-US: Apollo Router CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...) NOT-FOR-US: XXL-RPC CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...) {DSA-5610-1 DLA-3627-1} - redis 5:7.0.14-1 (bug #1054225) [bullseye] - redis (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable) NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14) CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development. ...) NOT-FOR-US: Arduino Create Agent CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development. ...) NOT-FOR-US: Arduino Create Agent CVE-2023-43801 (Arduino Create Agent is a package to help manage Arduino development. ...) NOT-FOR-US: Arduino Create Agent CVE-2023-43800 (Arduino Create Agent is a package to help manage Arduino development. ...) NOT-FOR-US: Arduino Create Agent CVE-2023-37504 (HCL Compass is vulnerable to failure to invalidate sessions. The appli ...) NOT-FOR-US: HCL CVE-2023-37503 (HCL Compass is vulnerable to insecure password requirements. An attack ...) NOT-FOR-US: HCL CVE-2023-37502 (HCL Compass is vulnerable to lack of file upload security. An attacker ...) NOT-FOR-US: HCL CVE-2023-36857 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware CVE-2023-34441 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware CVE-2023-34437 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware CVE-2023-34050 (In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed l ...) NOT-FOR-US: Spring AMQP CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...) NOT-FOR-US: Advantech R-SeeNet CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a connect ...) - mosquitto 2.0.7-1 [buster] - mosquitto (The vulnerable code was introduced later) NOTE: https://github.com/eclipse/mosquitto/pull/2053 NOTE: https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d (v2.0.6) CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...) {DSA-5531-1 DLA-3630-1} - roundcube 1.6.4+dfsg-1 (bug #1054079) NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4) NOTE: https://www.openwall.com/lists/oss-security/2023/11/01/1 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...) NOT-FOR-US: NI System Configuration CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception (FPE) vulne ...) - gifsicle (unimportant) NOTE: https://github.com/kohler/gifsicle/issues/196 NOTE: Fixed by: https://github.com/kohler/gifsicle/commit/76b1f021dd185ceff7b4a71a9f96a6026aca06af NOTE: Fixed by: https://github.com/kohler/gifsicle/commit/06d533628b1f3a75d06cbb29773dc6aaa2916fc3 NOTE: Crash in CLI tool, no security impact CVE-2023-46007 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Best Courier Management System CVE-2023-46006 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Best Courier Management System CVE-2023-46005 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Best Courier Management System CVE-2023-46004 (Sourcecodester Best Courier Management System 1.0 is vulnerable to Arb ...) NOT-FOR-US: Sourcecodester Best Courier Management System CVE-2023-45912 (WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate ...) NOT-FOR-US: WIPOTEC GmbH ComScale CVE-2023-45911 (An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows ...) NOT-FOR-US: WIPOTEC GmbH ComScale CVE-2023-45727 (Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gatew ...) NOT-FOR-US: Proself CVE-2023-45632 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...) NOT-FOR-US: WordPress plugin CVE-2023-45630 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Ga ...) NOT-FOR-US: WordPress plugin CVE-2023-45628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45608 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45607 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scot ...) NOT-FOR-US: WordPress plugin CVE-2023-45602 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfile ...) NOT-FOR-US: WordPress plugin CVE-2023-45383 (In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2. ...) NOT-FOR-US: PrestaShop plugin CVE-2023-45073 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) NOT-FOR-US: WordPress plugin CVE-2023-45072 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kard ...) NOT-FOR-US: WordPress plugin CVE-2023-45071 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form ...) NOT-FOR-US: WordPress plugin CVE-2023-45070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-45067 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish ...) NOT-FOR-US: WordPress plugin CVE-2023-45064 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke ...) NOT-FOR-US: WordPress plugin CVE-2023-45062 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas S ...) NOT-FOR-US: WordPress plugin CVE-2023-45059 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45057 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hits ...) NOT-FOR-US: WordPress plugin CVE-2023-45056 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100p ...) NOT-FOR-US: WordPress plugin CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME ...) NOT-FOR-US: WordPress plugin CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a Use ...) NOT-FOR-US: XNSoft Nconvert CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2023-32089 (Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with ...) NOT-FOR-US: Pega Platform CVE-2023-32088 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...) NOT-FOR-US: Pega Platform CVE-2023-32087 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...) NOT-FOR-US: Pega Platform CVE-2023-5568 (A heap-based Buffer Overflow flaw was discovered in Samba. It could al ...) - samba 2:4.19.2+dfsg-1 [bookworm] - samba (Vulnerable code introduced later) [bullseye] - samba (Vulnerable code introduced later) [buster] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15491 NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/3310 NOTE: https://github.com/samba-team/samba/commit/3280893ae80507e36653a0c7da03c82b88ece30b CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...) NOT-FOR-US: OJS CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) NOT-FOR-US: Thumbnail Slider With Lightbox plugin for WordPress CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...) NOT-FOR-US: Sophos CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: MpOperationLogs plugin for WordPress CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) NOT-FOR-US: BEAR for WordPress CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__p ...) NOT-FOR-US: Synchrony deobfuscator CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...) NOT-FOR-US: OpenFGA CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...) NOT-FOR-US: WordPress plugin CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...) NOT-FOR-US: OnSinView2 CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...) NOT-FOR-US: OnSinView2 CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...) - golang-github-go-ethereum (bug #890541) CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...) NOT-FOR-US: SonicOS CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyT ...) NOT-FOR-US: SonicOS CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) NOT-FOR-US: SonicOS CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) NOT-FOR-US: SonicOS CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) NOT-FOR-US: eSST Monitoring CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) NOT-FOR-US: eSST Monitoring CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...) NOT-FOR-US: eSST Monitoring CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...) NOT-FOR-US: Widgets for Google Reviews plugin for WordPress CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...) NOT-FOR-US: dotCMS CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...) - nodejs (Only affects 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#path-traversal-through-path-stored-in-uint8array-high---cve-2023-39332 CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...) - nodejs (CVE-2023-30584 not insufficiently patched) NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#permission-model-improperly-protects-against-path-traversal-high---cve-2023-39331 CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...) NOT-FOR-US: SonicOS CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...) NOT-FOR-US: SonicOS CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to Stack-Base ...) NOT-FOR-US: SonicOS CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) NOT-FOR-US: SonicOS CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) NOT-FOR-US: SonicOS CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1054892) [bullseye] - nodejs (Only affects 18.x and later) [buster] - nodejs (Only affects 18.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552 NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...) NOT-FOR-US: COVESA CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...) NOT-FOR-US: Ivanti CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...) NOT-FOR-US: Ivanti CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...) NOT-FOR-US: Mattermost Mobile CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...) NOT-FOR-US: Mattermost Desktop CVE-2023-4896 (A vulnerability exists which allows an authenticated attacker to acces ...) NOT-FOR-US: Aruba Networks CVE-2023-45952 (An arbitrary file upload vulnerability in the component ajax_link.php ...) NOT-FOR-US: lylme_spage CVE-2023-45951 (lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: lylme_spage CVE-2023-45907 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45906 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45905 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45904 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45903 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Dreamer CMS CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...) {DLA-3649-1} - python-urllib3 1.26.18-1 (bug #1054226) [bookworm] - python-urllib3 (Minor issue) [bullseye] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 NOTE: https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 (1.26.18) CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto ...) NOT-FOR-US: WordPress plugin CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsol ...) NOT-FOR-US: WordPress plugin CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos S ...) NOT-FOR-US: WordPress plugin CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty ...) NOT-FOR-US: WordPress plugin CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...) NOT-FOR-US: WordPress plugin CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in real ...) NOT-FOR-US: WordPress plugin CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local attacker to ...) NOT-FOR-US: Expense Management System CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the P ...) NOT-FOR-US: Liferay Portal plugin CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree menu Life ...) NOT-FOR-US: Liferay CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in the frag ...) NOT-FOR-US: Liferay CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged ...) NOT-FOR-US: YeaLinkSIP-T19P-E2 CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected versions of no ...) NOT-FOR-US: nocodb CVE-2023-43777 (Eaton easySoft software is used to program easy controllers and displa ...) NOT-FOR-US: Eaton easySoft software CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection functionality to ...) NOT-FOR-US: Eaton easyE4 PLC CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage vocabula ...) NOT-FOR-US: Liferay CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widget in ...) NOT-FOR-US: Liferay CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...) NOT-FOR-US: Liferay CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...) NOT-FOR-US: NXP CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...) NOT-FOR-US: HCL CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...) - grafana (Specific to Grafana Enterprise) CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...) NOT-FOR-US: Advantech CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...) NOT-FOR-US: Wago CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - opensearch (bug #1054912) NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-72q2-gwwf-6hrv CVE-2023-45659 (Engelsystem is a shift planning system for chaos events. If a users' ...) NOT-FOR-US: Engelsystem CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote ...) NOT-FOR-US: mooSocial CVE-2023-45540 (An issue in Jorani Leave Management System 1.0.3 allows a remote attac ...) NOT-FOR-US: Jorani Leave Management System CVE-2023-45386 (In the module extratabspro before version 2.2.8 from MyPresta.eu for P ...) NOT-FOR-US: PrestaShop module CVE-2023-45375 (In the module "PireosPay" (pireospay) before version 1.7.10 from 01gen ...) NOT-FOR-US: PrestaShop module CVE-2023-45358 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored ...) NOT-FOR-US: Archer CVE-2023-45357 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensiti ...) NOT-FOR-US: Archer CVE-2023-45152 (Engelsystem is a shift planning system for chaos events. A Blind SSRF ...) NOT-FOR-US: Engelsystem CVE-2023-45147 (Discourse is an open source community platform. In affected versions a ...) NOT-FOR-US: Discourse CVE-2023-45144 (com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in buil ...) NOT-FOR-US: com.xwiki.identity-oauth:identity-oauth-ui CVE-2023-45141 (Fiber is an express inspired web framework written in Go. A Cross-Site ...) NOT-FOR-US: Fiber CVE-2023-45131 (Discourse is an open source platform for community discussion. New cha ...) NOT-FOR-US: Discourse CVE-2023-45128 (Fiber is an express inspired web framework written in Go. A Cross-Site ...) NOT-FOR-US: Fiber CVE-2023-44694 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...) NOT-FOR-US: D-Link CVE-2023-44693 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...) NOT-FOR-US: D-Link CVE-2023-44394 (MantisBT is an open source bug tracker. Due to insufficient access-lev ...) - mantis CVE-2023-44391 (Discourse is an open source platform for community discussion. User su ...) NOT-FOR-US: Discourse CVE-2023-44388 (Discourse is an open source platform for community discussion. A malic ...) NOT-FOR-US: Discourse CVE-2023-43814 (Discourse is an open source platform for community discussion. Attacke ...) NOT-FOR-US: Discourse CVE-2023-43659 (Discourse is an open source platform for community discussion. Imprope ...) NOT-FOR-US: Discourse CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platform whi ...) NOT-FOR-US: Discourse plugin CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...) NOT-FOR-US: Liferay Portal CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...) {DSA-5568-1} - fastdds 2.11.2+ds-6 (bug #1054163) [bullseye] - fastdds (Vulnerable code not present) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm NOTE: https://github.com/eProsima/Fast-DDS/issues/3207 NOTE: https://github.com/eProsima/Fast-DDS/pull/3824 NOTE: https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) {DSA-5549-1 DLA-3645-1} - trafficserver 9.2.3+ds-1 (bug #1054427) NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q NOTE: https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.9) NOTE: https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e (9.2.3-rc0) CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & Login an ...) NOT-FOR-US: Phpgurukul CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registrati ...) NOT-FOR-US: Phpgurukul CVE-2023-40374 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-40373 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...) NOT-FOR-US: IBM CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic Server with ...) - trafficserver 9.2.3+ds-1 (bug #1054427) [bookworm] - trafficserver 9.2.3+ds-1+deb12u1 [bullseye] - trafficserver (Vulnerable code not present) [buster] - trafficserver (Vulnerable code not present) NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q NOTE: https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 (9.2.3-rc0) CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11. ...) NOT-FOR-US: IBM CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-38720 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-38719 (IBM Db2 11.5 could allow a local user with special privileges to cause ...) NOT-FOR-US: IBM CVE-2023-34210 (SQL Injection in create customer group function in EasyUse MailHunter ...) NOT-FOR-US: EasyUse MailHunter CVE-2023-34209 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) NOT-FOR-US: EasyUse MailHunter CVE-2023-34208 (Path Traversal in create template function in EasyUse MailHunter Ultim ...) NOT-FOR-US: EasyUse MailHunter CVE-2023-34207 (Unrestricted upload of file with dangerous type vulnerability in creat ...) NOT-FOR-US: EasyUse MailHunter CVE-2012-10016 (A vulnerability classified as problematic has been found in Halulu sim ...) NOT-FOR-US: Halulu CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ...) NOT-FOR-US: WordPress plugin CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac (bug #1055125) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e NOTE: https://github.com/gpac/gpac/issues/2633 NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1 CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...) NOT-FOR-US: Devolutions Server CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...) {DSA-5685-1 DLA-3658-1} - wordpress 6.3.2+dfsg1-1 NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ NOTE: https://core.trac.wordpress.org/changeset/56840/ CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-5421 (An attacker who is logged into OTRS as an user with privileges to crea ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-5177 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the ...) NOT-FOR-US: WordPress plugin CVE-2023-5167 (The User Activity Log Pro WordPress plugin before 2.3.4 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2023-5133 (This user-activity-log-pro WordPress plugin before 2.3.4 retrieves cli ...) NOT-FOR-US: WordPress plugin CVE-2023-5089 (The Defender Security WordPress plugin before 4.1.0 does not prevent r ...) NOT-FOR-US: WordPress plugin CVE-2023-5087 (The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prev ...) NOT-FOR-US: WordPress plugin CVE-2023-5057 (The ActivityPub WordPress plugin before 1.0.0 does not escape user met ...) NOT-FOR-US: WordPress plugin CVE-2023-5003 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2023-4971 (The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserial ...) NOT-FOR-US: WordPress plugin CVE-2023-4950 (The Interactive Contact Form and Multi Step Form Builder WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2023-4933 (The WP Job Openings WordPress plugin before 3.4.3 does not block listi ...) NOT-FOR-US: WordPress plugin CVE-2023-4862 (The File Manager Pro WordPress plugin before 1.8.1 does not adequately ...) NOT-FOR-US: WordPress plugin CVE-2023-4861 (The File Manager Pro WordPress plugin before 1.8.1 allows admin users ...) NOT-FOR-US: WordPress plugin CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myREX24 a ...) NOT-FOR-US: Red Lion CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...) NOT-FOR-US: WordPress plugin CVE-2023-4822 (Grafana is an open-source platform for monitoring and observability. T ...) - grafana CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...) NOT-FOR-US: WooCommerce plugin CVE-2023-4820 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...) NOT-FOR-US: WordPress plugin CVE-2023-4819 (The Shared Files WordPress plugin before 1.7.6 does not return the rig ...) NOT-FOR-US: WordPress plugin CVE-2023-4811 (The WordPress File Upload WordPress plugin before 4.23.3 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2023-4805 (The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-4800 (The DoLogin Security WordPress plugin before 3.7.1 does not restrict t ...) NOT-FOR-US: WordPress plugin CVE-2023-4798 (The User Avatar WordPress plugin before 1.2.2 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-4795 (The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-4783 (The Magee Shortcodes WordPress plugin through 2.1.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-4776 (The School Management System WordPress plugin before 2.2.5 uses the Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-4725 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-4691 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-4687 (The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prev ...) NOT-FOR-US: WordPress plugin CVE-2023-4666 (The Form Maker by 10Web WordPress plugin before 1.15.20 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-4646 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3 unserializes us ...) NOT-FOR-US: WordPress plugin CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2023-4457 (Grafana is an open-source platform for monitoring and observability. ...) NOT-FOR-US: Grafana plugin CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2023-4289 (The WP Matterport Shortcode WordPress plugin before 2.1.8 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-46087 (Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit T ...) NOT-FOR-US: WordPress plugin CVE-2023-46066 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Cod ...) NOT-FOR-US: WordPress plugin CVE-2023-45985 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) NOT-FOR-US: TOTOLINK CVE-2023-45984 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) NOT-FOR-US: TOTOLINK CVE-2023-45836 (Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxo ...) NOT-FOR-US: WordPress plugin CVE-2023-45831 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin ...) NOT-FOR-US: WordPress plugin CVE-2023-45763 (Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <=2. ...) NOT-FOR-US: WordPress plugin CVE-2023-45753 (Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which ...) NOT-FOR-US: WordPress plugin CVE-2023-45752 (Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gal ...) NOT-FOR-US: WordPress plugin CVE-2023-45749 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenk ...) NOT-FOR-US: WordPress plugin CVE-2023-45748 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...) NOT-FOR-US: WordPress plugin CVE-2023-45690 (Default file permissions on South River Technologies' Titan MFT and Ti ...) NOT-FOR-US: South River Technologies CVE-2023-45689 (Lack of sufficient path validation in South River Technologies' Titan ...) NOT-FOR-US: South River Technologies CVE-2023-45688 (Lack of sufficient path validation in South River Technologies' Titan ...) NOT-FOR-US: South River Technologies CVE-2023-45687 (A session fixation vulnerability in South River Technologies' Titan MF ...) NOT-FOR-US: South River Technologies CVE-2023-45686 (Insufficient path validation when writing a file via WebDAV in South R ...) NOT-FOR-US: South River Technologies CVE-2023-45685 (Insufficient path validation when extracting a zip archive in South Ri ...) NOT-FOR-US: South River Technologies CVE-2023-45683 (github.com/crewjam/saml is a saml library for the go language. In affe ...) - golang-github-crewjam-saml (bug #1054223) NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 NOTE: https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 (v0.4.14) CVE-2023-45669 (WebAuthn4J Spring Security provides Web Authentication specification s ...) NOT-FOR-US: WebAuthn4J Spring Security CVE-2023-45660 (Nextcloud mail is an email app for the Nextcloud home server platform. ...) NOT-FOR-US: Nextcloud plugin CVE-2023-45656 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Lo ...) NOT-FOR-US: WordPress plugin CVE-2023-45655 (Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixField ...) NOT-FOR-US: WordPress plugin CVE-2023-45654 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...) NOT-FOR-US: WordPress plugin CVE-2023-45653 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Vid ...) NOT-FOR-US: WordPress plugin CVE-2023-45651 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Att ...) NOT-FOR-US: WordPress plugin CVE-2023-45650 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 ...) NOT-FOR-US: WordPress plugin CVE-2023-45647 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant ...) NOT-FOR-US: WordPress plugin CVE-2023-45645 (Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Str ...) NOT-FOR-US: WordPress plugin CVE-2023-45643 (Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT ...) NOT-FOR-US: WordPress plugin CVE-2023-45642 (Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pix ...) NOT-FOR-US: WordPress plugin CVE-2023-45641 (Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Co ...) NOT-FOR-US: WordPress plugin CVE-2023-45639 (Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort Search ...) NOT-FOR-US: WordPress plugin CVE-2023-45638 (Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gatew ...) NOT-FOR-US: WordPress plugin CVE-2023-45629 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery \u ...) NOT-FOR-US: WordPress plugin CVE-2023-45606 (Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs p ...) NOT-FOR-US: WordPress plugin CVE-2023-45605 (Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke F ...) NOT-FOR-US: WordPress plugin CVE-2023-45274 (Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse ...) NOT-FOR-US: WordPress plugin CVE-2023-45273 (Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout ...) NOT-FOR-US: WordPress plugin CVE-2023-45151 (Nextcloud server is an open source home cloud platform. Affected versi ...) - nextcloud-server (bug #941708) CVE-2023-45150 (Nextcloud calendar is a calendar app for the Nextcloud server platform ...) NOT-FOR-US: Nextcloud plugin CVE-2023-45149 (Nextcloud talk is a chat module for the Nextcloud server platform. In ...) NOT-FOR-US: Nextcloud plugin CVE-2023-45148 (Nextcloud is an open source home cloud server. When Memcached is used ...) - nextcloud-server (bug #941708) CVE-2023-44987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Time ...) NOT-FOR-US: WordPress plugin CVE-2023-44986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tych ...) NOT-FOR-US: WordPress plugin CVE-2023-44985 (Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2023-44984 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-44229 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-43121 (A Directory Traversal vulnerability discovered in Chalet application i ...) NOT-FOR-US: Extreme Networks Switch Engine CVE-2023-43120 (An issue discovered in Extreme Networks Switch Engine (EXOS) before 32 ...) NOT-FOR-US: Extreme Networks Switch Engine CVE-2023-43119 (An Access Control issue discovered in Extreme Networks Switch Engine ( ...) NOT-FOR-US: Extreme Networks Switch Engine CVE-2023-43118 (Cross Site Request Forgery (CSRF) vulnerability in Chalet application ...) NOT-FOR-US: Extreme Networks Switch Engine CVE-2023-40180 (silverstripe-graphql is a package which serves Silverstripe data in Gr ...) NOT-FOR-US: silverstripe-graphql CVE-2023-3991 (An OS command injection vulnerability exists in the httpd iperfrun.cgi ...) NOT-FOR-US: FreshTomato CVE-2023-3746 (The ActivityPub WordPress plugin before 1.0.0 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2023-3707 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...) NOT-FOR-US: WordPress plugin CVE-2023-3706 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...) NOT-FOR-US: WordPress plugin CVE-2023-3392 (The Read More & Accordion WordPress plugin before 3.2.7 unserializes u ...) NOT-FOR-US: WordPress plugin CVE-2023-3279 (The WordPress Gallery Plugin WordPress plugin before 3.39 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-3155 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2023-3154 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2023-38059 (The loading of external images is not blocked, even if configured, if ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...) NOT-FOR-US: Apache InLong CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache InLong CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability in Apache ...) NOT-FOR-US: Apache InLong CVE-2023-5591 (SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.) NOT-FOR-US: LibreNMS CVE-2023-5590 (NULL Pointer Dereference in GitHub repository seleniumhq/selenium prio ...) NOT-FOR-US: Selenium CVE-2023-5589 (A vulnerability was found in SourceCodester Judging Management System ...) NOT-FOR-US: SourceCodester CVE-2023-5588 (A vulnerability was found in kphrx pleroma. It has been classified as ...) NOT-FOR-US: Pleroma CVE-2023-5587 (A vulnerability was found in SourceCodester Free Hospital Management S ...) NOT-FOR-US: SourceCodester CVE-2023-45898 (The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/ext ...) - linux 6.5.6-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/768d612f79822d30a1e7d132a4d4b05337ce42ec (6.6-rc1) CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows ...) NOT-FOR-US: Apache bRPC CVE-2023-45580 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45578 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45577 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45576 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45575 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45574 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45573 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45572 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) NOT-FOR-US: DI-7003GV2.D1 CVE-2023-45158 (An OS command injection vulnerability exists in web2py 2.24.1 and earl ...) - web2py CVE-2023-44809 (D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.) NOT-FOR-US: D-Link CVE-2023-44808 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_ ...) NOT-FOR-US: D-Link CVE-2023-40791 (extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4 ...) - linux 6.4.13-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f443fd5af5dbd531f880d3645d5dd36976cf087f (6.5-rc6) CVE-2023-40790 REJECTED CVE-2023-40377 (Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7. ...) NOT-FOR-US: IBM CVE-2023-38280 (IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 coul ...) NOT-FOR-US: IBM CVE-2023-36955 (TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a st ...) NOT-FOR-US: TOTOLINK CVE-2023-36954 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...) NOT-FOR-US: TOTOLINK CVE-2023-36953 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...) NOT-FOR-US: TOTOLINK CVE-2023-36952 (TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2023-36950 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) NOT-FOR-US: TOTOLINK CVE-2023-36947 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) NOT-FOR-US: TOTOLINK CVE-2023-36340 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...) NOT-FOR-US: TOTOLINK CVE-2023-35018 (IBM Security Verify Governance 10.0 could allow a privileged use to up ...) NOT-FOR-US: IBM CVE-2023-35013 (IBM Security Verify Governance 10.0, Identity Manager could allow a lo ...) NOT-FOR-US: IBM CVE-2023-33836 (IBM Security Verify Governance 10.0 contains hard-coded credentials, s ...) NOT-FOR-US: IBM CVE-2022-48612 (A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink One ...) NOT-FOR-US: ClassLink OneClick Extension CVE-2023-38312 (A directory traversal vulnerability in Valve Counter-Strike 8684 allow ...) NOT-FOR-US: Counter-Strike CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...) {DLA-3610-1} - python-urllib3 1.25.6-4 NOTE: https://github.com/urllib3/urllib3/issues/1510 NOTE: This issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25) CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...) - gpac (bug #1055124) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2632 NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 NOTE: https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle Rental S ...) NOT-FOR-US: SourceCodester CVE-2023-45871 (An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i ...) {DLA-3710-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://git.kernel.org/linus/bb5ed01cd2428cd25b1c88a3a9cba87055eb289f (6.6-rc1) CVE-2023-45863 (An issue was discovered in lib/kobject.c in the Linux kernel before 6. ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 6.1.20-1 NOTE: https://git.kernel.org/linus/3bb2a01caa813d3a1845d378bbe4169ef280d394 (6.3-rc1) CVE-2023-45862 (An issue was discovered in drivers/usb/storage/ene_ub6250.c for the EN ...) - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/ce33e64c1788912976b61314b56935abd4bc97ef (6.3-rc1) CVE-2023-40378 (IBM Directory Server for IBM i contains a local privilege escalation v ...) NOT-FOR-US: IBM CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: zzzcms CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) NOT-FOR-US: yhz66 Sandbox CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) NOT-FOR-US: i-Educar CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) NOT-FOR-US: IBM CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) NOT-FOR-US: IBM CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) NOT-FOR-US: IBM CVE-2023-41914 (SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allow ...) {DSA-5529-1} - slurm-wlm 23.02.6-1 [bullseye] - slurm-wlm (Very intrusive patch and upstream does not release patches for unsupported versions) - slurm-llnl [buster] - slurm-llnl (EOL in buster LTS) NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) NOT-FOR-US: qdPM CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) NOT-FOR-US: qdPM CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) {DLA-3670-1} - zlib 1:1.3.dfsg-2 (bug #1054290) [bookworm] - zlib (contrib/minizip not built and producing binary packages) [bullseye] - zlib (contrib/minizip not built and producing binary packages) [buster] - zlib (contrib/minizip not built and producing binary packages) - minizip (bug #1056718) [bookworm] - minizip 1.1-8+deb12u1 [bullseye] - minizip 1.1-8+deb11u1 NOTE: https://github.com/madler/zlib/pull/843 NOTE: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c NOTE: src:zlib only starts building minizip starting in 1:1.2.13.dfsg-2 CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) NOT-FOR-US: VitogateqdPM CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) NOT-FOR-US: Farmbot-Web-App CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...) NOT-FOR-US: ZPE CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: Vrite CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...) NOT-FOR-US: Vrite CVE-2023-5571 (Improper Input Validation in GitHub repository vriteio/vrite prior to ...) NOT-FOR-US: Vrite CVE-2023-5449 (A potential security vulnerability has been identified in certain HP D ...) NOT-FOR-US: HP CVE-2023-5409 (HP is aware of a potential security vulnerability in HP t430 and t638 ...) NOT-FOR-US: HP CVE-2023-5240 (Improper access control in PAM propagation scripts in Devolutions Serv ...) NOT-FOR-US: Devolutions Server CVE-2023-4995 (The Embed Calendly plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2023-4829 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) - froxlor (bug #581792) CVE-2023-4517 (Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hest ...) NOT-FOR-US: Hestia Control Panel CVE-2023-4499 (A potential security vulnerability has been identified in the HP ThinU ...) NOT-FOR-US: HP CVE-2023-45468 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) NOT-FOR-US: Netis CVE-2023-45467 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-45466 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-45465 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-45464 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) NOT-FOR-US: Netis CVE-2023-45463 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) NOT-FOR-US: Netis CVE-2023-45393 (An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Bu ...) NOT-FOR-US: GRANDING UTime Master CVE-2023-45391 (A stored cross-site scripting (XSS) vulnerability in the Create A New ...) NOT-FOR-US: GRANDING UTime Master CVE-2023-45276 (Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com ...) NOT-FOR-US: WordPress plugin CVE-2023-45270 (Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinp ...) NOT-FOR-US: WordPress plugin CVE-2023-45269 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...) NOT-FOR-US: WordPress plugin CVE-2023-45268 (Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps W ...) NOT-FOR-US: WordPress plugin CVE-2023-45267 (Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou p ...) NOT-FOR-US: WordPress plugin CVE-2023-45162 (Affected 1E Platform versions have a Blind SQL Injection vulnerability ...) NOT-FOR-US: 1T Platform CVE-2023-45130 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) NOT-FOR-US: Frontier CVE-2023-45109 (Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage p ...) NOT-FOR-US: WordPress plugin CVE-2023-45108 (Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2023-45107 (Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin < ...) NOT-FOR-US: WordPress plugin CVE-2023-43079 (Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, con ...) NOT-FOR-US: Dell CVE-2023-41843 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortinet CVE-2023-41836 (An improper neutralization of input during web page generation ('cross ...) NOT-FOR-US: Fortinet CVE-2023-41682 (A improper limitation of a pathname to a restricted directory ('path t ...) NOT-FOR-US: Fortinet CVE-2023-41681 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortinet CVE-2023-41680 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortinet CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...) NOT-FOR-US: OVM CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...) {DSA-5685-1 DLA-3658-1} - wordpress 6.3.2+dfsg1-1 NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ NOTE: https://core.trac.wordpress.org/changeset/56843/ CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...) - wordpress 6.3.2+dfsg1-1 [bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1 [bullseye] - wordpress (Vulnerable code was introduced in 5.9) [buster] - wordpress (Vulnerable code was introduced in 5.9) NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ NOTE: https://plugins.trac.wordpress.org/changeset/2978318/gutenberg/trunk/build/block-library/blocks/post-navigation-link.php CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2023-34976 (A SQL injection vulnerability has been reported to affect Video Statio ...) NOT-FOR-US: QNAP CVE-2023-34975 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 5.0.0 t ...) NOT-FOR-US: Fortinet CVE-2023-32976 (An OS command injection vulnerability has been reported to affect Cont ...) NOT-FOR-US: QNAP CVE-2023-32974 (A path traversal vulnerability has been reported to affect several QNA ...) NOT-FOR-US: QNAP CVE-2023-32973 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...) NOT-FOR-US: QNAP CVE-2023-42663 (Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...) - airflow (bug #819700) CVE-2023-42792 (Apache Airflow, in versions prior to 2.7.2, contains a security vulner ...) - airflow (bug #819700) CVE-2023-45348 (Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerabili ...) - airflow (bug #819700) CVE-2023-42781 (Apache Airflow, versions before 2.7.3, has a vulnerability that allows ...) - airflow (bug #819700) CVE-2023-42780 (Apache Airflow, versions prior to 2.7.2, contains a security vulnerabi ...) - airflow (bug #819700) CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) - froxlor (bug #581792) CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt to rec ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in the sand ...) - tracker-miners 3.4.5-1 (bug #1053881) [bookworm] - tracker-miners (Minor issue) [bullseye] - tracker-miners (Minor issue) [buster] - tracker-miners (Minor issue) NOTE: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277 NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480 CVE-2023-4562 (Improper Authentication vulnerability in Mitsubishi Electric Corporati ...) NOT-FOR-US: Mitsubishi CVE-2023-45511 (A memory leak in tsMuxer version git-2539d07 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2023-45510 (tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc ...) NOT-FOR-US: tsMuxer CVE-2023-41263 (An issue was discovered in Plixer Scrutinizer before 19.3.1. It expose ...) NOT-FOR-US: Plixer Scrutinizer CVE-2023-41262 (An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer ...) NOT-FOR-US: Plixer Scrutinizer CVE-2023-41261 (An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer ...) NOT-FOR-US: Plixer Scrutinizer CVE-2023-38251 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38250 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38249 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38221 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38220 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38219 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-38218 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-45365 NOT-FOR-US: MediaWiki extension Citoid CVE-2023-45366 NOT-FOR-US: MediaWiki extension Wikibase CVE-2023-45368 NOT-FOR-US: MediaWiki extension EntitySchema CVE-2023-5562 (An unsafe default configuration in KNIME Analytics Platform before 5.2 ...) NOT-FOR-US: KNIME CVE-2023-5556 (Cross-site Scripting (XSS) - Reflected in GitHub repository structuriz ...) NOT-FOR-US: structurizr/onpremises CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms p ...) NOT-FOR-US: frappe/lms CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...) NOT-FOR-US: LINE CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...) - libjson-java (bug #1053882) [bookworm] - libjson-java (Minor issue) [bullseye] - libjson-java (Minor issue) [buster] - libjson-java (Minor issue) - jenkins-json (bug #1053883) [bookworm] - jenkins-json (Minor issue) [bullseye] - jenkins-json (Minor issue) [buster] - jenkins-json (Minor issue) - libjettison-java (bug #1053884) [bookworm] - libjettison-java (Minor issue) [bullseye] - libjettison-java (Minor issue) [buster] - libjettison-java (Minor issue) NOTE: https://github.com/stleary/JSON-java/issues/758 NOTE: https://github.com/stleary/JSON-java/issues/771 NOTE: https://github.com/stleary/JSON-java/pull/772/ CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Procost CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Kayisi CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...) - node-undici 5.26.3+dfsg1+~cs23.10.12-1 (bug #1053879) [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp NOTE: https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 (v5.26.2) CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) NOT-FOR-US: OpenTelemetry-Go Contrib CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...) NOT-FOR-US: XWiki addon CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...) {DSA-5528-1 DLA-3618-1} - node-babel - node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880) NOTE: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 NOTE: https://github.com/babel/babel/pull/16033 NOTE: https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 CVE-2023-45106 (Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram ...) NOT-FOR-US: WordPress plugin CVE-2023-45103 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Per ...) NOT-FOR-US: WordPress plugin CVE-2023-45102 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Mana ...) NOT-FOR-US: WordPress plugin CVE-2023-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact F ...) NOT-FOR-US: WordPress plugin CVE-2023-45063 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content W ...) NOT-FOR-US: WordPress plugin CVE-2023-45060 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Intera ...) NOT-FOR-US: WordPress plugin CVE-2023-45058 (Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short ...) NOT-FOR-US: WordPress plugin CVE-2023-45052 (Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map ...) NOT-FOR-US: WordPress plugin CVE-2023-45048 (Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof ...) NOT-FOR-US: WordPress plugin CVE-2023-45047 (Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc Le ...) NOT-FOR-US: WordPress plugin CVE-2023-45011 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Pow ...) NOT-FOR-US: WordPress plugin CVE-2023-44998 (Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy H ...) NOT-FOR-US: WordPress plugin CVE-2023-43149 (SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) th ...) NOT-FOR-US: SPA-Cart CVE-2023-43148 (SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: SPA-Cart CVE-2023-43147 (PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Reque ...) NOT-FOR-US: PHPJabbers Limo Booking Software CVE-2023-41131 (Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Da ...) NOT-FOR-US: WordPress plugin CVE-2023-37637 REJECTED CVE-2023-32634 (An authentication bypass vulnerability exists in the CiRpcServerThread ...) NOT-FOR-US: SoftEther VPN CVE-2023-32275 (An information disclosure vulnerability exists in the CtEnumCa() funct ...) NOT-FOR-US: SoftEther VPN CVE-2023-32124 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publi ...) NOT-FOR-US: WordPress plugin CVE-2023-31192 (An information disclosure vulnerability exists in the ClientConnect() ...) NOT-FOR-US: SoftEther VPN CVE-2023-27516 (An authentication bypass vulnerability exists in the CiRpcAccepted() f ...) NOT-FOR-US: SoftEther VPN CVE-2023-36839 (An Improper Validation of Specified Quantity in Input vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-44204 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44182 (An Unchecked Return Value vulnerability in the user interfaces to the ...) NOT-FOR-US: Juniper CVE-2023-44203 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44202 NOT-FOR-US: Juniper CVE-2023-44198 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44197 (An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (r ...) NOT-FOR-US: Juniper CVE-2023-44196 (An Improper Check for Unusual or Exceptional Conditions in the Packet ...) NOT-FOR-US: Juniper CVE-2023-44195 (An Improper Restriction of Communication Channel to Intended Endpoints ...) NOT-FOR-US: Juniper CVE-2023-44201 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44199 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44184 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) NOT-FOR-US: Juniper CVE-2023-44181 (An Improperly Implemented Security Check for Standard vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-44191 (An Allocation of Resources Without Limits or Throttling vulnerability ...) NOT-FOR-US: Juniper CVE-2023-44192 (An Improper Input Validation vulnerability in the Packet Forwarding En ...) NOT-FOR-US: Juniper CVE-2023-44175 (A Reachable Assertion vulnerability in the routing protocol daemon (rp ...) NOT-FOR-US: Juniper CVE-2023-44178 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) NOT-FOR-US: Juniper CVE-2023-44177 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) NOT-FOR-US: Juniper CVE-2023-44176 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) NOT-FOR-US: Juniper CVE-2023-36841 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-36843 (An Improper Handling of Inconsistent Special Elements vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-44194 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2023-44193 (An Improper Release of Memory Before Removing Last Reference vulnerabi ...) NOT-FOR-US: Juniper CVE-2023-44183 (An Improper Input Validation vulnerability in the VxLAN packet forward ...) NOT-FOR-US: Juniper CVE-2023-44185 (An Improper Input Validation vulnerability in the routing protocol dae ...) NOT-FOR-US: Juniper CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WAF) for ...) NOT-FOR-US: NAXSI CVE-2023-44793 REJECTED CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...) NOT-FOR-US: Juniper CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation of Junipe ...) NOT-FOR-US: Juniper CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) NOT-FOR-US: Juniper CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...) NOT-FOR-US: Juniper CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) - gpac (bug #1053878) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2567 NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06 CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) NOT-FOR-US: Thecosy IceCMS CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...) NOT-FOR-US: Tencent CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) NOT-FOR-US: Android CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) - zabbix 1:6.0.23+dfsg-1 (bug #1053877) [buster] - zabbix (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23391 NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0) NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0) CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) {DLA-3717-1} - zabbix 1:6.0.23+dfsg-1 (bug #1053877) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-23230 NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x) CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) - zabbix 1:6.0.23+dfsg-1 (bug #1053877) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) [buster] - zabbix (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...) {DLA-3717-1} - zabbix 1:6.0.23+dfsg-1 (bug #1053877) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-23389 NOTE: possible upstream fix (4.0.x) https://github.com/zabbix/zabbix/commit/d05854bc0e638bbc0c2077ded09797648dba0911 CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) - vim 2:9.0.2018-1 (unimportant) NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f NOTE: https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d (v9.0.2010) NOTE: Crash in CLI tool, no security impact CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...) NOT-FOR-US: KernelSU CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1053878) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...) NOT-FOR-US: Zebra Technologies ZTC CVE-2023-4936 (It is possible to sideload a compromised DLL during the installation a ...) NOT-FOR-US: Synaptics CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads to even ...) NOT-FOR-US: Insecure Direct Object Reference CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04 and before ...) NOT-FOR-US: Koha CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...) NOT-FOR-US: Koha CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability in AS PAT ...) NOT-FOR-US: Juniper CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel module.Succ ...) NOT-FOR-US: Huawei CVE-2023-44118 (Vulnerability of undefined permissions in the MeeTime module.Successfu ...) NOT-FOR-US: Huawei CVE-2023-44116 (Vulnerability of access permissions not being strictly verified in the ...) NOT-FOR-US: Huawei CVE-2023-44114 (Out-of-bounds array vulnerability in the dataipa module.Successful exp ...) NOT-FOR-US: Huawei CVE-2023-44111 (Vulnerability of brute-force attacks on the device authentication modu ...) NOT-FOR-US: Huawei CVE-2023-44110 (Out-of-bounds access vulnerability in the audio module.Successful expl ...) NOT-FOR-US: Huawei CVE-2023-44109 (Clone vulnerability in the huks ta module.Successful exploitation of t ...) NOT-FOR-US: Huawei CVE-2023-44108 (Type confusion vulnerability in the distributed file module.Successful ...) NOT-FOR-US: Huawei CVE-2023-44107 (Vulnerability of defects introduced in the design process in the scree ...) NOT-FOR-US: Huawei CVE-2023-44106 (API permission management vulnerability in the Fwk-Display module.Succ ...) NOT-FOR-US: Huawei CVE-2023-44105 (Vulnerability of permissions not being strictly verified in the window ...) NOT-FOR-US: Huawei CVE-2023-44104 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) NOT-FOR-US: Huawei CVE-2023-44103 (Out-of-bounds read vulnerability in the Bluetooth module.Successful ex ...) NOT-FOR-US: Huawei CVE-2023-44102 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) NOT-FOR-US: Huawei CVE-2023-44101 (The Bluetooth module has a vulnerability in permission control for bro ...) NOT-FOR-US: Huawei CVE-2023-44100 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) NOT-FOR-US: Huawei CVE-2023-44097 (Vulnerability of the permission to access device SNs being improperly ...) NOT-FOR-US: Huawei CVE-2023-44096 (Vulnerability of brute-force attacks on the device authentication modu ...) NOT-FOR-US: Huawei CVE-2023-44095 (Use-After-Free (UAF) vulnerability in the surfaceflinger module.Succes ...) NOT-FOR-US: Huawei CVE-2023-44094 (Type confusion vulnerability in the distributed file module.Successful ...) NOT-FOR-US: Huawei CVE-2023-44093 (Vulnerability of package names' public keys not being verified in the ...) NOT-FOR-US: Huawei CVE-2023-43960 (An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to e ...) NOT-FOR-US: DLINK CVE-2023-43661 (Cachet, the open-source status page system. Prior to the 2.4 branch, a ...) NOT-FOR-US: Cachet CVE-2023-42138 (Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and ea ...) NOT-FOR-US: KV STUDIO CVE-2023-41882 (vantage6 is privacy preserving federated learning infrastructure. The ...) NOT-FOR-US: vantage6 CVE-2023-41881 (vantage6 is privacy preserving federated learning infrastructure. When ...) NOT-FOR-US: vantage6 CVE-2023-41304 (Parameter verification vulnerability in the window module.Successful e ...) NOT-FOR-US: Huawei CVE-2023-40142 (In TBD of TBD, there is a possible way to bypass carrier restrictions ...) NOT-FOR-US: Android CVE-2023-40141 (In temp_residency_name_store of thermal_metrics.c, there is a possible ...) NOT-FOR-US: Android CVE-2023-38817 (An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attac ...) NOT-FOR-US: Inspect Element Ltd Echo.a CVE-2023-38217 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-38216 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-37538 (HCL Digital Experience is susceptible to cross site scripting (XSS). O ...) NOT-FOR-US: HCL CVE-2023-35968 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...) NOT-FOR-US: Yifan CVE-2023-35967 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...) NOT-FOR-US: Yifan CVE-2023-35966 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...) NOT-FOR-US: Yifan CVE-2023-35965 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...) NOT-FOR-US: Yifan CVE-2023-35662 (there is a possible out of bounds write due to buffer overflow. This c ...) NOT-FOR-US: Android CVE-2023-35661 (In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2023-35660 (In lwis_transaction_client_cleanup of lwis_transaction.c, there is a p ...) NOT-FOR-US: Android CVE-2023-35655 (In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a pos ...) NOT-FOR-US: Android CVE-2023-35654 (In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-35653 (In TBD of TBD, there is a possible way to access location information ...) NOT-FOR-US: Android CVE-2023-35652 (In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cp ...) NOT-FOR-US: Android CVE-2023-35649 (In several functions of Exynos modem files, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-35648 (In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cp ...) NOT-FOR-US: Android CVE-2023-35647 (In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cp ...) NOT-FOR-US: Android CVE-2023-35646 (In TBD of TBD, there is a possible stack buffer overflow due to a miss ...) NOT-FOR-US: Android CVE-2023-35645 (In tbd of tbd, there is a possible memory corruption due to a race con ...) NOT-FOR-US: Android CVE-2023-35194 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-35193 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-35056 (A buffer overflow vulnerability exists in the httpd next_page function ...) NOT-FOR-US: Yifan CVE-2023-35055 (A buffer overflow vulnerability exists in the httpd next_page function ...) NOT-FOR-US: Yifan CVE-2023-34426 (A stack-based buffer overflow vulnerability exists in the httpd manage ...) NOT-FOR-US: Yifan CVE-2023-34365 (A stack-based buffer overflow vulnerability exists in the libutils.so ...) NOT-FOR-US: Yifan CVE-2023-34356 (An OS command injection vulnerability exists in the data.cgi xfer_dns ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-34354 (A stored cross-site scripting (XSS) vulnerability exists in the upload ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-34346 (A stack-based buffer overflow vulnerability exists in the httpd gwcfg. ...) NOT-FOR-US: Yifan CVE-2023-32645 (A leftover debug code vulnerability exists in the httpd debug credenti ...) NOT-FOR-US: Yifan CVE-2023-32632 (A command execution vulnerability exists in the validate.so diag_ping_ ...) NOT-FOR-US: Yifan CVE-2023-31272 (A stack-based buffer overflow vulnerability exists in the httpd do_wds ...) NOT-FOR-US: Yifan CVE-2023-28381 (An OS command injection vulnerability exists in the admin.cgi MVPN_tri ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi USSD_sen ...) NOT-FOR-US: Surf SOHO HW1 CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd nvram.cgi f ...) NOT-FOR-US: Yifan CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...) {DSA-5544-1 DLA-3624-1} - zookeeper 3.9.1-1 (bug #1054224) NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4 NOTE: https://github.com/apache/zookeeper/commit/e2070bed85d8b0c98a5a0045bf92421f473c412e (master) NOTE: https://github.com/apache/zookeeper/commit/96b3172ca249a8580e9a315d589d319286cee4ee (release-3.8.3) NOTE: Introduced by: https://github.com/apache/zookeeper/commit/8a06bd1ccef382461c7b0a63f2012f4aeac90753 (release-3.4.10-rc0) CVE-2023-5511 (Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it ...) - snipe-it (bug #1005172) CVE-2023-4990 (Directory traversal vulnerability in MCL-Net versions prior to 4.6 Upd ...) NOT-FOR-US: MCL-Net CVE-2023-45312 (In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for E ...) NOT-FOR-US: mtproto_proxy component for Erlang CVE-2023-45194 (Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00. ...) NOT-FOR-US: MR-GM2 firmware CVE-2023-44997 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP For ...) NOT-FOR-US: WordPress plugin CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to 2.1.1.0 a ...) NOT-FOR-US: e-Gov Client Application CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remo ...) {DLA-3704-1} - xerces-c 3.2.4+debian-1 [bullseye] - xerces-c 3.2.3+debian-3+deb11u1 NOTE: https://github.com/apache/xerces-c/pull/51 NOTE: https://issues.apache.org/jira/browse/XERCESC-2241 NOTE: Fixed by: https://github.com/apache/xerces-c/commit/1296a40db07308dbaac32494469f609b00cdfaf3 (v3.2.4) CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. ...) NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and immediate ...) - golang-1.21 1.21.3-1 - golang-1.20 1.20.10-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/63417 CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to 118.0.5993.7 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 al ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior to 118 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior to 118. ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5484 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5487 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0.5993. ...) {DSA-5526-1} - chromium 118.0.5993.70-1 [buster] - chromium (see DSA 5046) CVE-2023-4421 (The NSS code used for checking PKCS#1 v1.5 was leaking information use ...) {DLA-3634-1} - nss 2:3.61-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1651411 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677 NOTE: https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a running ...) {DSA-5523-1 DLA-3613-1} - curl 8.3.0-3 NOTE: https://curl.se/docs/CVE-2023-38546.html NOTE: Introduced by: https://github.com/curl/curl/commit/74d5a6fb3b9a96d9fa51ba90996e94c878ebd151 (curl-7_9_1) NOTE: Fixed by: https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8 (curl-8_4_0) CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy ...) {DSA-5523-1} - curl 8.3.0-3 [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2023-38545.html NOTE: Introduced by: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08 (curl-7_69_0) NOTE: Fixed by: https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147 (curl-8_4_0) NOTE: https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/ CVE-2023-5499 (Information exposure vulnerability in Shenzhen Reachfar v28, the explo ...) NOT-FOR-US: Shenzhen Reachfar CVE-2023-5498 (Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding ...) NOT-FOR-US: chiefonboarding CVE-2023-5497 (A vulnerability classified as critical has been found in Tongda OA 201 ...) NOT-FOR-US: Tongda OA CVE-2023-5496 (A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefo ...) NOT-FOR-US: Translator PoqDev CVE-2023-5495 (A vulnerability was found in QDocs Smart School 6.4.1. It has been cla ...) NOT-FOR-US: QDocs Smart School CVE-2023-5494 (A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Ga ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5493 (A vulnerability has been found in Byzoro Smart S45F Multi-Service Secu ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5492 (A vulnerability, which was classified as critical, was found in Byzoro ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5491 (A vulnerability, which was classified as critical, has been found in B ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5490 (A vulnerability classified as critical was found in Byzoro Smart S45F ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5489 (A vulnerability classified as critical has been found in Byzoro Smart ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5488 (A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Ga ...) NOT-FOR-US: Beijing Baichuo Smart CVE-2023-5450 (An insufficient verification of data vulnerability exists in BIG-IP Ed ...) NOT-FOR-US: F5 CVE-2023-4966 (Sensitive information disclosurein NetScaler ADC and NetScaler Gateway ...) NOT-FOR-US: Citrix CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request Forgery, that could be use ...) NOT-FOR-US: SmodBIPx CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is vulnerable to ...) NOT-FOR-US: Election Services Co. (ESC) Internet Election Service CVE-2023-45648 (Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...) {DSA-5522-1 DSA-5521-1 DLA-3617-1} - tomcat10 10.1.14-1 - tomcat9 9.0.70-2 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/10 NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-45601 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) NOT-FOR-US: Parasolid CVE-2023-45226 (The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5 ...) NOT-FOR-US: F5 CVE-2023-45219 (Exposure of Sensitive Information vulnerability exist in an undisclose ...) NOT-FOR-US: F5 CVE-2023-45205 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...) NOT-FOR-US: Siemens CVE-2023-45204 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-45129 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.94.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4 NOTE: https://github.com/matrix-org/synapse/pull/16360 CVE-2023-44996 (Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post ...) NOT-FOR-US: WordPress plugin CVE-2023-44995 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2023-44994 (Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCod ...) NOT-FOR-US: WordPress plugin CVE-2023-44763 (Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerabil ...) NOT-FOR-US: Concrete CMS CVE-2023-44476 (Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea ...) NOT-FOR-US: WordPress plugin CVE-2023-44475 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add ...) NOT-FOR-US: WordPress plugin CVE-2023-44471 (Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backen ...) NOT-FOR-US: WordPress plugin CVE-2023-44470 (Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMC ...) NOT-FOR-US: WordPress plugin CVE-2023-44399 (ZITADEL provides identity infrastructure. In versions 2.37.2 and prior ...) NOT-FOR-US: ZITADEL CVE-2023-44315 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...) NOT-FOR-US: Siemens CVE-2023-44261 (Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block ...) NOT-FOR-US: WordPress plugin CVE-2023-44259 (Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine ...) NOT-FOR-US: WordPress plugin CVE-2023-44257 (Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board ...) NOT-FOR-US: WordPress plugin CVE-2023-44249 (An authorization bypass through user-controlled key[CWE-639] vulnerabi ...) NOT-FOR-US: Fortinet CVE-2023-44241 (Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing P ...) NOT-FOR-US: WordPress plugin CVE-2023-44087 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44086 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44085 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44084 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44083 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44082 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-44081 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Tecnomatix Plant Simulation CVE-2023-43896 (A buffer overflow in Macrium Reflect 8.1.7544 and below allows attacke ...) NOT-FOR-US: Macrium Reflect CVE-2023-43746 (When running in Appliance mode, an authenticated user assigned the Adm ...) NOT-FOR-US: F5 CVE-2023-43625 (A vulnerability has been identified in Simcenter Amesim (All versions ...) NOT-FOR-US: Siemens CVE-2023-43623 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...) NOT-FOR-US: Siemens CVE-2023-43611 (The BIG-IP Edge Client Installer on macOS does not follow best practic ...) NOT-FOR-US: F5 CVE-2023-43485 (When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system ...) NOT-FOR-US: F5 CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...) {DSA-5522-1 DSA-5521-1 DLA-3617-1} - tomcat10 10.1.14-1 - tomcat9 9.0.70-2 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/9 NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-42794 (Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...) - tomcat10 (Windows-specific) - tomcat9 (Windows-specific) - tomcat8 (Windows-specific) NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/8 CVE-2023-42788 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: Fortinet CVE-2023-42787 (A client-side enforcement of server-side security [CWE-602] vulnerabil ...) NOT-FOR-US: Fortinet CVE-2023-42782 (A insufficient verification of data authenticity vulnerability [CWE-34 ...) NOT-FOR-US: Fortinet CVE-2023-42768 (When a non-admin user has been assigned an administrator role via an i ...) NOT-FOR-US: F5 CVE-2023-41964 (The BIG-IP and BIG-IQ systems do not encrypt some sensitive informatio ...) NOT-FOR-US: F5 CVE-2023-41876 (Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP ...) NOT-FOR-US: WordPress plugin CVE-2023-41858 (Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order De ...) NOT-FOR-US: WordPress plugin CVE-2023-41854 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. Wp ...) NOT-FOR-US: WordPress plugin CVE-2023-41853 (Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-41852 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch ...) NOT-FOR-US: WordPress plugin CVE-2023-41851 (Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custo ...) NOT-FOR-US: WordPress plugin CVE-2023-41850 (Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Rube ...) NOT-FOR-US: WordPress plugin CVE-2023-41841 (An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7. ...) NOT-FOR-US: Fortinet CVE-2023-41838 (An improper neutralization of special elements used in an os command ( ...) NOT-FOR-US: Fortinet CVE-2023-41774 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41773 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41772 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41771 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41770 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41769 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41768 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41767 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41766 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2023-41765 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41763 (Skype for Business Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41679 (An improper access control vulnerability [CWE-284] in FortiManager man ...) NOT-FOR-US: Fortinet CVE-2023-41675 (A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 thro ...) NOT-FOR-US: Fortinet CVE-2023-41373 (A directory traversal vulnerability exists in the BIG-IP Configuration ...) NOT-FOR-US: F5 CVE-2023-41253 (When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, an ...) NOT-FOR-US: F5 CVE-2023-41085 (When IPSec is configured on a Virtual Server, undisclosed traffic can ...) NOT-FOR-US: F5 CVE-2023-40718 (A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 ...) NOT-FOR-US: Fortinet CVE-2023-40542 (When TCP Verified Accept is enabled on a TCP profile that is configure ...) NOT-FOR-US: F5 CVE-2023-40537 (An authenticated user's session cookie may remain valid for a limited ...) NOT-FOR-US: F5 CVE-2023-40534 (When a client-side HTTP/2 profile and the HTTP MRF Router option are e ...) NOT-FOR-US: F5 CVE-2023-39447 (When BIG-IP APM Guided Configurations are configured, undisclosed sens ...) NOT-FOR-US: F5 CVE-2023-38640 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...) NOT-FOR-US: Siemens CVE-2023-38171 (Microsoft QUIC Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38166 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38159 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-37939 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortinet CVE-2023-37935 (A use of GET request method with sensitive query strings vulnerability ...) NOT-FOR-US: Fortinet CVE-2023-37195 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...) NOT-FOR-US: Siemens CVE-2023-37194 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...) NOT-FOR-US: Siemens CVE-2023-36902 (Windows Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36790 (Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36789 (Skype for Business Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36786 (Skype for Business Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36785 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-36780 (Skype for Business Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36778 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36776 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36743 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36737 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36732 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36731 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36730 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-36729 (Named Pipe File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36728 (Microsoft SQL Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36726 (Windows Internet Key Exchange (IKE) Extension Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2023-36725 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36724 (Windows Power Management Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36723 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36722 (Active Directory Domain Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36721 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36720 (Windows Mixed Reality Developer Tools Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36718 (Microsoft Virtual Trusted Platform Module Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-36717 (Windows Virtual Trusted Platform Module Denial of Service Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36713 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-36712 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36711 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-36710 (Windows Media Foundation Core Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36709 (Microsoft AllJoyn API Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36707 (Windows Deployment Services Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36706 (Windows Deployment Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36704 (Windows Setup Files Cleanup Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36703 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36702 (Microsoft DirectMusic Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36701 (Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-36698 (Windows Kernel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36697 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36637 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: Microsoft CVE-2023-36606 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36605 (Windows Named Pipe Filesystem Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36603 (Windows TCP/IP Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36602 (Windows TCP/IP Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36598 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36596 (Remote Procedure Call Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36594 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36593 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36592 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36591 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36585 (Windows upnphost.dll Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36583 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36582 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36581 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36579 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36578 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36577 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-36576 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36575 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36574 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36573 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36572 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36571 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36570 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36569 (Microsoft Office Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36568 (Microsoft Office Click-To-Run Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36567 (Windows Deployment Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36566 (Microsoft Common Data Model SDK Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36565 (Microsoft Office Graphics Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36564 (Windows Search Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36563 (Microsoft WordPad Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36561 (Azure DevOps Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36557 (PrintHTML API Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36556 (An incorrect authorization vulnerability [CWE-863] in FortiMail webmai ...) NOT-FOR-US: Fortinet CVE-2023-36555 (An improper neutralization of script-related html tags in a web page ( ...) NOT-FOR-US: Fortinet CVE-2023-36550 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-36549 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-36548 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...) {DSA-5540-1 DLA-3641-1} - jetty9 9.4.53-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r NOTE: https://github.com/eclipse/jetty.project/pull/9634 CVE-2023-36438 (Windows TCP/IP Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36436 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36435 (Microsoft QUIC Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36434 (Windows IIS Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36433 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-36431 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-36420 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privi ...) NOT-FOR-US: Microsoft CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36415 (Azure Identity SDK Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36414 (Azure Identity SDK Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36380 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-35796 (A vulnerability has been identified in SINEMA Server V14 (All versions ...) NOT-FOR-US: Siemens CVE-2023-35349 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-34993 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34992 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34989 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34988 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34987 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34986 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-34985 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2023-33301 (An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7 ...) NOT-FOR-US: Fortinet CVE-2023-42670 (A flaw was found in Samba. It is susceptible to a vulnerability where ...) {DSA-5525-1} - samba 2:4.19.1+dfsg-1 [bullseye] - samba (Vulnerable code not present) [buster] - samba (Vulnerable code not present) NOTE: https://www.samba.org/samba/security/CVE-2023-42670.html CVE-2023-42669 (A vulnerability was found in Samba's "rpcecho" development server, a n ...) {DSA-5525-1} - samba 2:4.19.1+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2023-42669.html CVE-2023-4091 (A vulnerability was discovered in Samba, where the flaw allows SMB cli ...) {DSA-5647-1 DSA-5525-1 DLA-3792-1} - samba 2:4.19.1+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2023-4091.html NOTE: In scope for continued Samba support NOTE: Fixed by: https://git.samba.org/?p=samba.git;a=commit;h=b08a60160e6ab8d982d31844bcbf7ab67ff3a8de (samba-4.17.12) NOTE: Fixed by: https://git.samba.org/?p=samba.git;a=commit;h=8b26f634372f11edcbea33dfd68a3d57889dfcc5 (samba-4.17.12) CVE-2023-4154 (A design flaw was found in Samba's DirSync control implementation, whi ...) {DSA-5525-1} - samba 2:4.19.1+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2023-4154.html CVE-2023-3961 (A path traversal vulnerability was identified in Samba when processing ...) {DSA-5525-1} - samba 2:4.19.1+dfsg-1 [bullseye] - samba (Vulnerable code not present) [buster] - samba (Vulnerable code not present) NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html NOTE: In scope for continued Samba support CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...) {DSA-5570-1 DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3656-1 DLA-3645-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1} - tomcat9 9.0.70-2 - tomcat10 10.1.14-1 - trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427) - grpc [bookworm] - grpc (Minor issue) [bullseye] - grpc (Minor issue) [buster] - grpc (Minor issue) - h2o 2.2.5+dfsg2-8 (bug #1054232) - haproxy 1.8.13-1 - nginx 1.24.0-2 (unimportant; bug #1053770) - nghttp2 1.57.0-1 (bug #1053769) - jetty9 9.4.53-1 - netty 1:4.1.48-8 (bug #1054234) - dnsdist 1.8.2-2 [buster] - dnsdist (HTTP/2 support was added later) - varnish (bug #1056156) [bookworm] - varnish (Minor issue, too intrusive to backport) [bullseye] - varnish (Minor issue, too intrusive to backport) NOTE: Tomcat: https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49 (10.1.14) NOTE: Tomcat: https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a (9.0.81) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version NOTE: ATS: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0) NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.9) NOTE: grpc: https://github.com/grpc/grpc/pull/34763 NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe NOTE: dnsdist: h2o change breaks the ABI, hence dnsdist switched to a vendored fix in 1.8.2-2 NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1) NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44134.html NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44136.html NOTE: nginx: https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html NOTE: nginx: https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9 NOTE: nghttp2: https://github.com/nghttp2/nghttp2/pull/1961 NOTE: nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg NOTE: nghttp2: https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832 (v1.57.0) NOTE: jetty9: https://github.com/eclipse/jetty.project/issues/10679 NOTE: jetty9: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009 NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/6 NOTE: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ NOTE: Go uses CVE-2023-39325 to track this NOTE: netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p NOTE: netty: https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 (netty-4.1.100.Final) NOTE: varnish: https://varnish-cache.org/security/VSV00013.html NOTE: varnish: https://github.com/varnishcache/varnish-cache/issues/3996 NOTE: https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#cve-2023-44487 NOTE: Unaffected implementations not requiring code changes: NOTE: - rust-hyper: https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected NOTE: - apache2: https://chaos.social/@icing/111210915918780532 NOTE: - lighttpd: https://www.openwall.com/lists/oss-security/2023/10/13/9 CVE-2023-34324 (Closing of an event channel in the Linux kernel can result in a deadlo ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://xenbits.xen.org/xsa/advisory-441.html NOTE: https://git.kernel.org/linus/87797fad6cce28ec9be3c13f031776ff4f104cfc (6.6-rc6) CVE-2023-46837 (Arm provides multiple helpers to clean & invalidate the cache for a gi ...) - xen 4.17.3+10-g091466ba55-1 [bookworm] - xen 4.17.3+10-g091466ba55-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-447.html CVE-2023-46836 (The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative ...) - xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928) [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-446.html CVE-2023-46835 (The current setup of the quarantine page tables assumes that the quara ...) - xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928) [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-445.html CVE-2023-34328 ([This CNA information record relates to multiple CVEs; the text explai ...) - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34327 ([This CNA information record relates to multiple CVEs; the text explai ...) - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-444.html CVE-2023-34325 ([This CNA information record relates to multiple CVEs; the text explai ...) - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-443.html CVE-2023-34326 (The caching invalidation guidelines from the AMD-Vi specification (488 ...) - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-442.html CVE-2023-34323 (When a transaction is committed, C Xenstored will first check the quot ...) - xen 4.17.2+55-g0b56bed864-1 (unimportant) [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-440.html NOTE: Debian uses the ocaml-based xenstored CVE-2023-5471 (A vulnerability, which was classified as critical, was found in codepr ...) NOT-FOR-US: codeprojects Farmacia CVE-2023-5468 (The Slick Contact Forms plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2023-5467 (The GEO my WordPress plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-5463 (A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been r ...) NOT-FOR-US: XINJE CVE-2023-5462 (A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been decl ...) NOT-FOR-US: XINJE CVE-2023-45208 (A command injection in the parsing_xml_stasurvey function inside libcg ...) NOT-FOR-US: D-Link CVE-2023-44959 (An issue found in D-Link DSL-3782 v.1.03 and before allows remote auth ...) NOT-FOR-US: D-Link CVE-2023-44848 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) NOT-FOR-US: SeaCMS CVE-2023-44847 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) NOT-FOR-US: SeaCMS CVE-2023-44846 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) NOT-FOR-US: SeaCMS CVE-2023-44827 (An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8 ...) NOT-FOR-US: ZenTao CVE-2023-44826 (Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local ...) NOT-FOR-US: ZenTao CVE-2023-44813 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...) NOT-FOR-US: mooSocial CVE-2023-43899 (hansun CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: hansun CMS CVE-2023-43271 (Incorrect access control in 70mai a500s v1.2.119 allows attackers to d ...) NOT-FOR-US: 70mai a500s CVE-2023-42477 (SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50,allo ...) NOT-FOR-US: SAP CVE-2023-42475 (The Statutory Reporting application has a vulnerable file storage loca ...) NOT-FOR-US: SAP CVE-2023-42474 (SAP BusinessObjects Web Intelligence - version 420, has a URL with par ...) NOT-FOR-US: SAP CVE-2023-42473 (S/4HANA Manage (Withholding Tax Items) - version 106,does not perform ...) NOT-FOR-US: SAP CVE-2023-42189 (Insecure Permissions vulnerability in Connectivity Standards Alliance ...) NOT-FOR-US: Connectivity Standards Alliance Matter Official SDK CVE-2023-41730 (Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newslette ...) NOT-FOR-US: WordPress plugin CVE-2023-41697 (Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP ...) NOT-FOR-US: WordPress plugin CVE-2023-41694 (Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbi ...) NOT-FOR-US: WordPress plugin CVE-2023-41684 (Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS H ...) NOT-FOR-US: WordPress plugin CVE-2023-41365 (SAP Business One (B1i) - version 10.0, allows an authorized attacker t ...) NOT-FOR-US: SAP CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently validate ...) NOT-FOR-US: SAP CVE-2023-45360 (An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1. ...) {DSA-5520-1} - mediawiki 1:1.39.5-1 [buster] - mediawiki (Minor issue, prior to 1.32 any sysop could edit sitewide CSS/JS anyway) NOTE: https://phabricator.wikimedia.org/T340221 CVE-2023-45362 (An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...) {DSA-5520-1 DLA-3671-1} - mediawiki 1:1.39.5-1 NOTE: https://phabricator.wikimedia.org/T341529 CVE-2023-45361 - mediawiki 1:1.39.5-1 [bookworm] - mediawiki 1:1.39.5-1~deb12u1 [bullseye] - mediawiki (Vulnerable code not present) [buster] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T340220 CVE-2023-45359 - mediawiki 1:1.39.5-1 [bookworm] - mediawiki 1:1.39.5-1~deb12u1 [bullseye] - mediawiki (Vulnerable code not present) [buster] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T340217 CVE-2023-5461 (A vulnerability was found in Delta Electronics WPLSoft 2.51. It has be ...) NOT-FOR-US: Delta Electronics CVE-2023-5460 (A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and ...) NOT-FOR-US: Delta Electronics CVE-2023-5459 (A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 ...) NOT-FOR-US: Delta Electronics CVE-2023-5365 (HP LIFE Android Mobile application is potentially vulnerable to escala ...) NOT-FOR-US: HP CVE-2023-5333 (Mattermost fails to deduplicate input IDs allowing asimple user to cau ...) - mattermost-server (bug #823556) CVE-2023-5331 (Mattermost fails to properly check the creator of an attached file whe ...) - mattermost-server (bug #823556) CVE-2023-5330 (Mattermost fails toenforce a limit for the size of the cache entry for ...) - mattermost-server (bug #823556) CVE-2023-5103 (Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK ...) NOT-FOR-US: SICK CVE-2023-5102 (Insufficient Control Flow Management in RDT400 in SICK APU allows an u ...) NOT-FOR-US: SICK CVE-2023-5101 (Files or Directories Accessible to External Parties in RDT400 in SICK ...) NOT-FOR-US: SICK CVE-2023-5100 (Cleartext Transmission of Sensitive Information in RDT400 in SICK APU ...) NOT-FOR-US: SICK CVE-2023-45613 (In JetBrains Ktor before 2.3.5 server certificates were not verified) NOT-FOR-US: JetBrains Ktor CVE-2023-45612 (In JetBrains Ktor before 2.3.5 default configuration of ContentNegotia ...) NOT-FOR-US: JetBrains Ktor CVE-2023-45248 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) NOT-FOR-US: Acronis CVE-2023-45247 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-44993 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...) NOT-FOR-US: QuantumCloud CVE-2023-44821 (Gifsicle through 1.94, if deployed in a way that allows untrusted inpu ...) - gifsicle (unimportant) NOTE: Memory leak in CLI tool, no security impact NOTE: https://github.com/kohler/gifsicle/issues/195 CVE-2023-44812 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...) NOT-FOR-US: mooSocial CVE-2023-44811 (Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 a ...) NOT-FOR-US: mooSocial CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table ...) NOT-FOR-US: WordPress plugin CVE-2023-44467 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...) NOT-FOR-US: langchain_experimental CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, ...) NOT-FOR-US: Uptime Kuma CVE-2023-44393 (Piwigo is an open source photo gallery application. Prior to version 1 ...) - piwigo CVE-2023-44392 (Garden provides automation for Kubernetes development and testing. Pri ...) NOT-FOR-US: Garden CVE-2023-44378 (gnark is a zk-SNARK library that offers a high-level API to design cir ...) NOT-FOR-US: gnark CVE-2023-44260 (Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, ...) NOT-FOR-US: WordPress plugin CVE-2023-44246 (Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly ...) NOT-FOR-US: WordPress plugin CVE-2023-44240 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthu ...) NOT-FOR-US: WordPress plugin CVE-2023-44238 (Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove ...) NOT-FOR-US: WordPress plugin CVE-2023-44237 (Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site ...) NOT-FOR-US: WordPress plugin CVE-2023-44236 (Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Ca ...) NOT-FOR-US: WordPress plugin CVE-2023-44232 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...) NOT-FOR-US: WordPress plugin CVE-2023-44231 (Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact ...) NOT-FOR-US: WordPress plugin CVE-2023-43700 (Missing Authorization in RDT400 in SICK APU allows an unprivileged rem ...) NOT-FOR-US: SICK CVE-2023-43699 (Improper Restriction of Excessive Authentication Attempts in RDT400 in ...) NOT-FOR-US: SICK CVE-2023-43698 (Improper Neutralization of Input During Web Page Generation (\u2019Cro ...) NOT-FOR-US: SICK CVE-2023-43697 (Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU al ...) NOT-FOR-US: SICK CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged remote atta ...) NOT-FOR-US: SICK CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansing of H ...) - libowasp-antisamy-java 1.7.4-1 (bug #1054164) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 NOTE: https://github.com/nahsra/antisamy/commit/05c52b98bb845b8175b8406bd2f391ce334a05d6 (v1.7.4) CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open source ...) NOT-FOR-US: Wazuh CVE-2023-41672 (Cross-Site Request Forgery (CSRF) vulnerability in R\xe9mi Leclercq Hi ...) NOT-FOR-US: WordPress plugin CVE-2023-41670 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in per ...) NOT-FOR-US: WordPress plugin CVE-2023-41669 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plu ...) NOT-FOR-US: WordPress plugin CVE-2023-41668 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...) NOT-FOR-US: WordPress plugin CVE-2023-41667 (Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP ...) NOT-FOR-US: WordPress plugin CVE-2023-41660 (Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchr ...) NOT-FOR-US: WordPress plugin CVE-2023-41047 (OctoPrint is a web interface for 3D printers. OctoPrint versions up un ...) - octoprint (bug #718591) CVE-2023-3589 (A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork C ...) NOT-FOR-US: Teamwork Cloudt CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel. The n ...) {DLA-3710-1} - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://git.kernel.org/linus/f4f8a7803119005e87b716874bec07c751efafec (6.6-rc1) CVE-2023-36820 (Micronaut Security is a security solution for applications. Prior to v ...) NOT-FOR-US: Micronaut Security CVE-2023-43641 (libcue provides an API for parsing and extracting data from CUE sheets ...) {DSA-5524-1 DLA-3615-1} - libcue 2.2.1-4.1 NOTE: https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj NOTE: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ NOTE: Fixed by: https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e (v2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2023/10/09/3 CVE-2023-45374 (An issue was discovered in the SportsTeams extension for MediaWiki bef ...) NOT-FOR-US: MediaWiki extension SportsTeams CVE-2023-45373 (An issue was discovered in the ProofreadPage extension for MediaWiki b ...) NOT-FOR-US: MediaWiki extension ProofreadPage CVE-2023-45372 (An issue was discovered in the Wikibase extension for MediaWiki before ...) NOT-FOR-US: MediaWiki extension Wikibase CVE-2023-45371 (An issue was discovered in the Wikibase extension for MediaWiki before ...) NOT-FOR-US: MediaWiki extension Wikibase CVE-2023-45370 (An issue was discovered in the SportsTeams extension for MediaWiki bef ...) NOT-FOR-US: MediaWiki extension SportsTeams CVE-2023-45369 (An issue was discovered in the PageTriage extension for MediaWiki befo ...) NOT-FOR-US: MediaWiki extension PageTriage CVE-2023-45367 (An issue was discovered in the CheckUser extension for MediaWiki befor ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-45364 (An issue was discovered in includes/page/Article.php in MediaWiki 1.36 ...) - mediawiki 1:1.39.5-1 [bookworm] - mediawiki 1:1.39.5-1~deb12u1 [bullseye] - mediawiki (Vulnerable code not present) [buster] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T264765 CVE-2023-45363 (An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, ...) {DSA-5520-1 DLA-3671-1} - mediawiki 1:1.39.5-1 NOTE: https://phabricator.wikimedia.org/T333050 CVE-2023-45356 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 40 ...) NOT-FOR-US: Atos CVE-2023-45355 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 an ...) NOT-FOR-US: Atos CVE-2023-45354 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) NOT-FOR-US: Atos CVE-2023-45353 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) NOT-FOR-US: Atos CVE-2023-45352 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) NOT-FOR-US: Atos CVE-2023-45351 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 As ...) NOT-FOR-US: Atos CVE-2023-45350 (Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 M ...) NOT-FOR-US: Atos CVE-2023-45349 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 As ...) NOT-FOR-US: Atos CVE-2023-39854 (The web interface of ATX Ucrypt through 3.5 allows authenticated users ...) NOT-FOR-US: ATX Ucrypt CVE-2023-40654 (In FW-PackageManager, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-40653 (In FW-PackageManager, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-40652 (In jpg driver, there is a possible out of bounds write due to improper ...) NOT-FOR-US: Unisoc CVE-2023-40651 (In urild service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-40650 (In Telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-40649 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40648 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40647 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40646 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40645 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40644 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40643 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40642 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40641 (In Messaging, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40640 (In SoundRecorder service, there is a possible missing permission check ...) NOT-FOR-US: Unisoc CVE-2023-40639 (In SoundRecorder service, there is a possible missing permission check ...) NOT-FOR-US: Unisoc CVE-2023-40638 (In Telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-40637 (In telecom service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2023-40636 (In telecom service, there is a possible way to write permission usage ...) NOT-FOR-US: Unisoc CVE-2023-40635 (In linkturbo, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-40634 (In phasechecksercer, there is a possible missing permission check. Thi ...) NOT-FOR-US: Unisoc CVE-2023-40633 (In phasecheckserver, there is a possible missing permission check. Thi ...) NOT-FOR-US: Unisoc CVE-2023-40632 (In jpg driver, there is a possible use after free due to a logic error ...) NOT-FOR-US: Unisoc CVE-2023-40631 (In Dialer, there is a possible missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...) NOT-FOR-US: Subiquity CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - libxml2 (bug #1053629) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue, very hard/unlikely to trigger) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5 CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...) - mbedtls (Vulnerable code introduced later) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...) NOT-FOR-US: NETIS SYSTEMS CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) NOT-FOR-US: File Upload vulnerability in Simple and Nice Shopping Cart Script CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.) - mbedtls (unimportant) NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ NOTE: Vulnerability not present in default build and only present if compile-time NOTE: configuration enables vulnerable cipher suites. Debian does not enable NOTE: MBEDTLS_CIPHER_NULL_CIPHER and MBEDTLS_ARC4_C. CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...) NOT-FOR-US: Hex-Dragon Plain Craft Launcher 2 CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) - snipe-it (bug #1005172) CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges ...) NOT-FOR-US: Puppet Bolt CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Turna Advertising Administration Panel CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is vulner ...) NOT-FOR-US: WordPress plugin CVE-2023-45311 (fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us- ...) NOT-FOR-US: fsevents CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if users ...) NOT-FOR-US: ThingsBoard CVE-2023-45282 (In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can o ...) NOT-FOR-US: NASA Open MCT (aka openmct) CVE-2023-45246 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2023-45245 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-45244 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit 4fdf178 ...) NOT-FOR-US: tac_plus CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the canc ...) NOT-FOR-US: D-Link CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) NOT-FOR-US: Zenario CMS CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) NOT-FOR-US: Zenario CMS CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...) NOT-FOR-US: Concrete CMS CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8. ...) NOT-FOR-US: Concrete CMS CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2. ...) NOT-FOR-US: Concrete CMS CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versio ...) NOT-FOR-US: Concrete CMS CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS ve ...) NOT-FOR-US: Concrete CMS CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerabil ...) NOT-FOR-US: GDidees CMS CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects, issue types ...) NOT-FOR-US: Discourse plugin CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Inst ...) NOT-FOR-US: WordPress plugin CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Che ...) NOT-FOR-US: WordPress plugin CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...) NOT-FOR-US: OpenTelemetry CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...) NOT-FOR-US: IBM CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (bug #1055176) [bookworm] - gradle (Minor issue) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8 CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...) NOT-FOR-US: WordPress plugin CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) NOT-FOR-US: WordPress plugin CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Block ...) NOT-FOR-US: WordPress plugin CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM R ...) NOT-FOR-US: WordPress plugin CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authL ...) NOT-FOR-US: WordPress plugin CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hi ...) NOT-FOR-US: WordPress plugin CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0wp DX-a ...) NOT-FOR-US: WordPress plugin CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, ...) NOT-FOR-US: WordPress plugin CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...) NOT-FOR-US: WordPress plugin CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus subsyste ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-38703 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5596-1 DLA-3696-1} - asterisk (bug #1059303) - pjproject - ring (bug #1059307; unimportant) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 NOTE: https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d (2.14) NOTE: According to https://bugs.debian.org/1059307#12 Jami's use of pjsip is not affected NOTE: by this issue. CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) NOT-FOR-US: Decidim CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for Virtual Enviro ...) NOT-FOR-US: IBM CVE-2023-32972 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-5408 (A privilege escalation flaw was found in the node restriction admissio ...) NOT-FOR-US: OpenShift CVE-2023-4061 (A flaw was found in wildfly-core. A management user could use the reso ...) NOT-FOR-US: Red Hat Enterprise Application Platform CVE-2023-3171 (A flaw was found in EAP-7 during deserialization of certain classes, w ...) NOT-FOR-US: Red Hat Enterprise Application Platform CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...) - vim 2:9.0.2018-1 (unimportant) NOTE: https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2 NOTE: https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 (v9.0.1992) NOTE: Crash in CLI tool, no security impact CVE-2023-5312 REJECTED CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-45242 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-45241 (Sensitive information leak through log files. The following products a ...) NOT-FOR-US: Acronis CVE-2023-45240 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-44214 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-44213 (Sensitive information disclosure due to excessive collection of system ...) NOT-FOR-US: Acronis CVE-2023-44212 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-44211 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) NOT-FOR-US: Quick CMS CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file upload vu ...) NOT-FOR-US: pigcms CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule ...) NOT-FOR-US: WordPress plugin CVE-2023-39323 (Line directives ("//line") can be used to bypass the restrictions on " ...) - golang-1.21 1.21.2-1 - golang-1.20 1.20.9-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/63211 NOTE: https://go.dev/cl/533215 NOTE: https://groups.google.com/g/golang-announce/c/XBa1oHDevAo NOTE: https://pkg.go.dev/vuln/GO-2023-2095 NOTE: https://github.com/golang/go/commit/2ddfc04d12da7028334ab4f8effbc3a78b92d9d2 (go1.21.2) NOTE: https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49 (go1.20.9) CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map Photos Pl ...) NOT-FOR-US: WordPress plugin CVE-2015-10125 (A vulnerability classified as problematic has been found in WP Ultimat ...) NOT-FOR-US: WordPress plugin CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: ourceCodester Online Pizza Ordering System CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...) NOT-FOR-US: NI MeasurementLink Python services CVE-2023-4401 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...) NOT-FOR-US: Dell CVE-2023-45160 (In the affected version of the 1E Client, an ordinary user could subve ...) NOT-FOR-US: 1E Client CVE-2023-45159 (1E Client installer can perform arbitrary file deletion on protected f ...) NOT-FOR-US: 1E Client CVE-2023-44839 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44838 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44837 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44836 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44835 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44834 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44833 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44832 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44831 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44830 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44829 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44828 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) NOT-FOR-US: D-Link CVE-2023-44390 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...) NOT-FOR-US: HtmlSanitizer .NET library CVE-2023-44387 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (bug #1055177) [bookworm] - gradle (Minor issue) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue, requires local access to build machine) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9 NOTE: https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 CVE-2023-44386 (Vapor is an HTTP web framework for Swift. There is a denial of service ...) NOT-FOR-US: Vapor CVE-2023-44024 (SQL injection vulnerability in KnowBand Module One Page Checkout, Soci ...) NOT-FOR-US: supercheckout CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to contain a S ...) NOT-FOR-US: Presto Changeo attributegrid CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a ...) NOT-FOR-US: Presto Changeo testsitecreator CVE-2023-43284 (D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail ...) NOT-FOR-US: D-Link CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovere ...) NOT-FOR-US: Milesight CVE-2023-43073 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an Impro ...) NOT-FOR-US: Dell CVE-2023-43072 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an impro ...) NOT-FOR-US: Dell CVE-2023-43071 (Dell SmartFabric Storage Software v1.4 (and earlier) contains possible ...) NOT-FOR-US: Dell CVE-2023-43070 (Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path T ...) NOT-FOR-US: Dell CVE-2023-43069 (Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS ...) NOT-FOR-US: Dell CVE-2023-43068 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...) NOT-FOR-US: Dell CVE-2023-40920 (Prixan prixanconnect up to v1.62 was discovered to contain a SQL injec ...) NOT-FOR-US: Prixan CVE-2023-32485 (Dell SmartFabric Storage Software version 1.3 and lower contain an imp ...) NOT-FOR-US: Dell CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...) NOT-FOR-US: NetBSD ftpd CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...) NOT-FOR-US: Zope CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...) NOT-FOR-US: Rite CMS CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. Prior t ...) NOT-FOR-US: Soft Serve CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized social medi ...) NOT-FOR-US: Nexkey CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL ...) NOT-FOR-US: Altair CVE-2023-43793 (Misskey is an open source, decentralized social media platform. Prior ...) NOT-FOR-US: Misskey CVE-2023-43321 (File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3. ...) NOT-FOR-US: Digital China Networks DCFW-1800-SDC CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and a ...) NOT-FOR-US: Kong Insomnia CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...) NOT-FOR-US: Atos Unify OpenScape Session Border Controller CVE-2023-36618 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...) NOT-FOR-US: Atos Unify OpenScape Session Border Controller CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Ove ...) NOT-FOR-US: IQ Engine CVE-2023-3430 (A vulnerability was found in OpenImageIO, where a heap buffer overflow ...) - openimageio 2.4.13.0+dfsg-1 [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3840 NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) - avahi (bug #1054880) [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/451 NOTE: https://github.com/lathiat/avahi/pull/486 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) - avahi (bug #1054879) [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/452 NOTE: https://github.com/lathiat/avahi/pull/490 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) - avahi (bug #1054878) [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/453 NOTE: https://github.com/lathiat/avahi/pull/494 NOTE: https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) - avahi (bug #1054877) [bookworm] - avahi (Minor issue) [bullseye] - avahi (Minor issue) [buster] - avahi (Minor issue; re-evaluate when fixed upstream) NOTE: https://github.com/lathiat/avahi/issues/454 NOTE: https://github.com/lathiat/avahi/pull/457 NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-38469 (A vulnerability was found in Avahi, where a reachable assertion exists ...) - avahi (bug #1054876) [bookworm] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) [bullseye] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) [buster] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) NOTE: https://github.com/lathiat/avahi/issues/455 NOTE: https://github.com/lathiat/avahi/pull/500 NOTE: Fixed by: https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf NOTE: Tests: https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 CVE-2023-5402 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2023-5399 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2023-5391 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.) - gpac (bug #1055122) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2606 NOTE: https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce NOTE: https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf CVE-2023-5375 (Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.) NOT-FOR-US: mosparo CVE-2023-5374 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...) {DSA-5559-1} - wireshark 4.0.10-1 [bullseye] - wireshark (Vulnerable code introduced later) [buster] - wireshark (Vulnerable code introduced later) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/b46d244a9ba55daaed1ebbb15f5ea56231658d3d (v3.5.0) CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) NOT-FOR-US: HP CVE-2023-4997 (Improper authorisation of regular users in ProIntegra Uptime DC softwa ...) NOT-FOR-US: ProIntegra Uptime DC software CVE-2023-4497 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) NOT-FOR-US: Easy Chat Server CVE-2023-4496 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) NOT-FOR-US: Easy Chat Server CVE-2023-4495 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) NOT-FOR-US: Easy Chat Server CVE-2023-4494 (Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 vers ...) NOT-FOR-US: Easy Chat Server CVE-2023-4493 (Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 versio ...) NOT-FOR-US: Easy Address Book Web Server CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 1.6 version, affecting t ...) NOT-FOR-US: Easy Address Book Web Server CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server 1.6 vers ...) NOT-FOR-US: Easy Address Book Web Server CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand until ...) NOT-FOR-US: Widestand CMS CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interfac ...) NOT-FOR-US: Conacwin CVE-2023-44210 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-44209 (Local privilege escalation due to improper soft link handling. The fol ...) NOT-FOR-US: Acronis CVE-2023-44208 (Sensitive information disclosure and manipulation due to missing autho ...) NOT-FOR-US: Acronis CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a ...) NOT-FOR-US: Small CRM in PHP CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management System v ...) NOT-FOR-US: Personal Management System CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...) {DLA-3610-1} - python-urllib3 1.26.17-1 (bug #1053626) [bookworm] - python-urllib3 (Minor issue) [bullseye] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f NOTE: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb (1.26.17) CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...) NOT-FOR-US: Milesight CVE-2023-42824 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. Prior t ...) NOT-FOR-US: Redisson CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a platform for c ...) NOT-FOR-US: Mozilla Common Voice CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior to vers ...) NOT-FOR-US: Hydra CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...) NOT-FOR-US: Hydra CVE-2023-41094 (TouchLink packets processed after timeout or out of range due to Opera ...) NOT-FOR-US: TouchLink CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOn ...) NOT-FOR-US: IBM CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhance ...) NOT-FOR-US: WordPress plugin CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic ...) NOT-FOR-US: WordPress plugin CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7. ...) NOT-FOR-US: IBM CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path trave ...) NOT-FOR-US: Aqua Drive CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 releas ...) NOT-FOR-US: Trellix CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...) {DSA-5567-1 DLA-3758-1} - tiff 4.5.1~rc3-1 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a (v4.5.1rc1) CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's ConacWin C ...) NOT-FOR-US: Conacwin CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting version 1. ...) NOT-FOR-US: HelpDezk Community CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...) NOT-FOR-US: HelpDezk Community CVE-2023-39194 (A flaw was found in the XFRM subsystem in the Linux kernel. The specif ...) {DLA-3710-1} - linux 6.4.13-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux 5.10.197-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1492/ NOTE: https://git.kernel.org/linus/dfa73c17d55b921e1d4e154976de35317e43a93a (6.5-rc7) CVE-2023-39193 (A flaw was found in the Netfilter subsystem in the Linux kernel. The s ...) {DLA-3710-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1491/ NOTE: https://git.kernel.org/linus/e99476497687ef9e850748fe6d232264f30bc8f9 (6.6-rc1) CVE-2023-39192 (A flaw was found in the Netfilter subsystem in the Linux kernel. The x ...) {DLA-3710-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1490/ NOTE: https://git.kernel.org/linus/69c5d284f67089b4750d28ff6ac6f52ec224b330 (6.6-rc1) CVE-2023-39191 (An improper input validation flaw was found in the eBPF subsystem in t ...) - linux 6.3.7-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1489/ NOTE: Debian sets BPF_UNPRIV_DEFAULT_OFF=y CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users of the ...) NOT-FOR-US: Hydra CVE-2023-38538 (A race condition in an event subsystem led to a heap use-after-free is ...) NOT-FOR-US: Whatsapp CVE-2023-38537 (A race condition in a network transport subsystem led to a heap use-af ...) NOT-FOR-US: Whatsapp CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...) NOT-FOR-US: Chetan Gole WP-Copy CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 ...) NOT-FOR-US: Sage CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...) NOT-FOR-US: FreeBSD CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the ...) NOT-FOR-US: FreeBSD CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls u ...) NOT-FOR-US: FreeBSD CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Instagram for WordPress plugin for WordPress CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: Blog Filter plugin for WordPress CVE-2023-44974 (An arbitrary file upload vulnerability in the component /admin/plugin. ...) NOT-FOR-US: emlog CVE-2023-44973 (An arbitrary file upload vulnerability in the component /content/templ ...) NOT-FOR-US: emlog CVE-2023-44272 (A cross-site scripting vulnerability exists in Citadel versions prior ...) - webcit [buster] - webcit (Minor issue) NOTE: https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e (v994) CVE-2023-43953 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: SSCMS CVE-2023-43952 (SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (X ...) NOT-FOR-US: SSCMS CVE-2023-43951 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: SSCMS CVE-2023-43898 (Nothings stb 2.28 was discovered to contain a Null Pointer Dereference ...) - libstb (bug #1053627) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue, DoS / clean crash) NOTE: https://github.com/nothings/stb/issues/1452 NOTE: Proposed fixes: https://github.com/nothings/stb/pull/1454 NOTE: https://github.com/nothings/stb/issues/1521 CVE-2023-43176 (A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allo ...) NOT-FOR-US: Afterlogic Aurora Files CVE-2023-40519 (A cross-site scripting (XSS) vulnerability in the bpk-common/auth/logi ...) NOT-FOR-US: Broadpeak Centralized Accounts Management Auth Agent CVE-2023-3213 (The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Mail SMTP Pro plugin for WordPress CVE-2023-39651 (Improper neutralization of SQL parameter in Theme Volty CMS BrandList ...) NOT-FOR-US: PrestaShop module CVE-2023-39649 (Improper neutralization of SQL parameter in Theme Volty CMS Category S ...) NOT-FOR-US: PrestaShop module CVE-2023-39648 (Improper neutralization of SQL parameter in Theme Volty CMS Testimonia ...) NOT-FOR-US: PrestaShop module CVE-2023-39647 (Improper neutralization of SQL parameter in Theme Volty CMS Category P ...) NOT-FOR-US: PrestaShop module CVE-2023-39646 (Improper neutralization of SQL parameter in Theme Volty CMS Category C ...) NOT-FOR-US: PrestaShop module CVE-2023-39645 (Improper neutralization of SQL parameter in Theme Volty CMS Payment Ic ...) NOT-FOR-US: PrestaShop module CVE-2023-37404 (IBM Observability with Instana 1.0.243 through 1.0.254 could allow an ...) NOT-FOR-US: IBM CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...) NOT-FOR-US: DTS Monitoring CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The parameter ip wit ...) NOT-FOR-US: DTS Monitoring CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The parameter common ...) NOT-FOR-US: DTS Monitoring CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...) NOT-FOR-US: DTS Monitoring CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter option ...) NOT-FOR-US: DTS Monitoring CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...) NOT-FOR-US: DTS Monitoring CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...) {DSA-5640-1 DLA-3734-1} - openvswitch 3.1.2-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347 NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2) NOTE: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c (v3.2.0) CVE-2023-4610 REJECTED CVE-2023-5353 (Improper Access Control in GitHub repository salesagility/suitecrm pri ...) NOT-FOR-US: suitecrm CVE-2023-5351 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) NOT-FOR-US: suitecrm CVE-2023-5350 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14 ...) NOT-FOR-US: suitecrm CVE-2023-5255 (For certificates that utilize the auto-renew feature in Puppet Server, ...) - puppet (Introduced in Puppet Server 8.2) - puppetserver (Introduced in Puppet Server 8.2) NOTE: https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates CVE-2023-4929 (All firmware versions of the NPort 5000 Series are affected by an impr ...) NOT-FOR-US: Moxa CVE-2023-4886 (A sensitive information exposure vulnerability was found in foreman. C ...) - foreman (bug #663101) CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker to inte ...) NOT-FOR-US: Open5GS CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint and retr ...) NOT-FOR-US: Open5GS CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this vulnerabil ...) NOT-FOR-US: Open5GS CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new VNF ( ...) NOT-FOR-US: Open5GS CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...) NOT-FOR-US: ICP DAS CVE-2023-4732 (A flaw was found in pfn_swap_entry_to_page in memory management subsys ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2236982 NOTE: https://git.kernel.org/linus/8f34f1eac3820fc2722e5159acceb22545b30b0d (5.14-rc1) CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious JavaSc ...) NOT-FOR-US: Capensis CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability. It has b ...) NOT-FOR-US: QSige CVE-2023-4102 (QSige login SSO does not have an access control mechanism to verify wh ...) NOT-FOR-US: QSige CVE-2023-4101 (The QSige login SSO does not have an access control mechanism to verif ...) NOT-FOR-US: QSige CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain resources. ...) NOT-FOR-US: QSige CVE-2023-4099 (The QSige Monitor application does not have an access control mechanis ...) NOT-FOR-US: QSige CVE-2023-4098 (It has been identified that the web application does not correctly fil ...) NOT-FOR-US: QSige CVE-2023-4097 (The file upload functionality is not implemented correctly and allows ...) NOT-FOR-US: QSige CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to ...) NOT-FOR-US: CatoNetworks CatoClient CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to specific en ...) NOT-FOR-US: JFrog Artifactory CVE-2023-41693 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview My ...) NOT-FOR-US: WordPress plugin CVE-2023-41244 (Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize ...) NOT-FOR-US: WordPress plugin CVE-2023-40830 (Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index p ...) NOT-FOR-US: Tenda CVE-2023-40558 (Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouT ...) NOT-FOR-US: WordPress plugin CVE-2023-40212 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product ...) NOT-FOR-US: WordPress plugin CVE-2023-40210 (Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoi ...) NOT-FOR-US: WordPress plugin CVE-2023-40202 (Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer ...) NOT-FOR-US: WordPress plugin CVE-2023-40201 (Cross-Site Request Forgery (CSRF) vulnerability inFuturioWP Futurio Ex ...) NOT-FOR-US: WordPress plugin CVE-2023-40199 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like But ...) NOT-FOR-US: WordPress plugin CVE-2023-40198 (Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Coo ...) NOT-FOR-US: WordPress plugin CVE-2023-40009 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes ...) NOT-FOR-US: WordPress plugin CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) NOT-FOR-US: cashIT! CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, ...) NOT-FOR-US: IBERMATICA CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019, which explo ...) NOT-FOR-US: IBERMATICA CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious JavaSc ...) NOT-FOR-US: Capensis CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Foo ...) NOT-FOR-US: WordPress plugin CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...) NOT-FOR-US: WordPress plugin CVE-2023-39917 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team ...) NOT-FOR-US: WordPress plugin CVE-2023-39165 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) NOT-FOR-US: WordPress plugin CVE-2023-39159 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud P ...) NOT-FOR-US: WordPress plugin CVE-2023-39158 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner ...) NOT-FOR-US: WordPress plugin CVE-2023-38398 (Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=2. ...) NOT-FOR-US: WordPress plugin CVE-2023-38396 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plug ...) NOT-FOR-US: WordPress plugin CVE-2023-38390 (Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile ...) NOT-FOR-US: WordPress plugin CVE-2023-38381 (Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyB ...) NOT-FOR-US: WordPress plugin CVE-2023-37998 (Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allow ...) NOT-FOR-US: WordPress plugin CVE-2023-37996 (Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix f ...) NOT-FOR-US: WordPress plugin CVE-2023-37992 (Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertain ...) NOT-FOR-US: WordPress plugin CVE-2023-37991 (Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emo ...) NOT-FOR-US: WordPress plugin CVE-2023-37990 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro p ...) NOT-FOR-US: WordPress plugin CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: ...) NOT-FOR-US: WordPress plugin CVE-2023-34970 (A local non-privileged user can make improper GPU processing operation ...) NOT-FOR-US: Arm CVE-2023-33200 (A local non-privileged user can make improper GPU processing operation ...) NOT-FOR-US: Arm CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...) NOT-FOR-US: NXLog Manager CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...) NOT-FOR-US: NXLog Manager CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 ver ...) NOT-FOR-US: NXLog Manager CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss Platform affect ...) NOT-FOR-US: BuddyBoss CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , whi ...) NOT-FOR-US: BuddyBoss CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exp ...) NOT-FOR-US: BuddyBoss CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=0 ...) NOT-FOR-US: WordPress plugin CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Te ...) NOT-FOR-US: WordPress plugin CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1.0.0. ...) NOT-FOR-US: Jorani CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...) NOT-FOR-US: UPV PEIX CVE-2023-4693 (An out-of-bounds read flaw was found on grub2's NTFS filesystem driver ...) {DSA-5519-1 DLA-3605-1} - grub2 2.12~rc1-11 NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/ CVE-2023-4692 (An out-of-bounds write flaw was found in grub2's NTFS filesystem drive ...) {DSA-5519-1 DLA-3605-1} - grub2 2.12~rc1-11 NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/ CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic loader ...) {DSA-5514-1} - glibc 2.37-12 [buster] - glibc (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/2 NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0004 CVE-2023-43789 (A vulnerability was found in libXpm where a vulnerability exists due t ...) {DSA-5516-1 DLA-3603-1} - libxpm 1:3.5.17-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 CVE-2023-43788 (A vulnerability was found in libXpm due to a boundary condition within ...) {DSA-5516-1 DLA-3603-1} - libxpm 1:3.5.17-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 CVE-2023-43787 (A vulnerability was found in libX11 due to an integer overflow within ...) {DSA-5517-1 DLA-3602-1} - libx11 2:1.8.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0 NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/91f887b41bf75648df725a4ed3be036da02e911e NOTE: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/ NOTE: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/ CVE-2023-43786 (A vulnerability was found in libX11 due to an infinite loop within the ...) {DSA-5517-1 DLA-3602-1} - libx11 2:1.8.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86 NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/84fb14574c039f19ad7face87eb9acc31a50701c NOTE: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/ NOTE: https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/ CVE-2023-43785 (A vulnerability was found in libX11 due to a boundary condition within ...) {DSA-5517-1 DLA-3602-1} - libx11 2:1.8.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f CVE-2023-5346 (Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed ...) {DSA-5515-1} - chromium 117.0.5938.149-1 [buster] - chromium (see DSA 5046) CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705 NOTE: https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705 CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.2018-1 (bug #1053694) [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue, 1-byte overflow) NOTE: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04 NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf CVE-2023-5341 (A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.) {DSA-5628-1 DLA-3737-1} - imagemagick 8:6.9.12.98+dfsg1-2 NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 (7.1.1-19) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0 (6.9.12-97) CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...) NOT-FOR-US: WP Responsive header image slider plugin for WordPress CVE-2023-5290 REJECTED CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v4/tea ...) - mattermost-server (bug #823556) CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affecting ...) - gitlab (Specific to EE) CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...) NOT-FOR-US: free5GC CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim ...) NOT-FOR-US: WordPress plugin CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...) NOT-FOR-US: WordPress plugin CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...) NOT-FOR-US: pretix CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...) NOT-FOR-US: WordPress plugin CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riya ...) NOT-FOR-US: WordPress plugin CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renz ...) NOT-FOR-US: WordPress plugin CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Con ...) NOT-FOR-US: WordPress plugin CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) NOT-FOR-US: WordPress plugin CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobi ...) NOT-FOR-US: WordPress plugin CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature enables an u ...) NOT-FOR-US: SonicWall CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net Extender M ...) NOT-FOR-US: SonicWall CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesw ...) NOT-FOR-US: WordPress plugin CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox ...) NOT-FOR-US: WordPress plugin CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a re ...) NOT-FOR-US: mojoPortal CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute a ...) NOT-FOR-US: mojoPortal CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) NOT-FOR-US: mojoPortal CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) NOT-FOR-US: mojoPortal CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to contain ...) NOT-FOR-US: Presto Changeo testsitecreator CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) NOT-FOR-US: Netis CVE-2023-43836 (There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, ...) NOT-FOR-US: Jizhicms CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to authenticated Arbitr ...) NOT-FOR-US: Super Store Finder CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earl ...) NOT-FOR-US: ACERA firmware CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...) - vorbis-tools (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/xiph/vorbis-tools/issues/41 NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send crafted no ...) NOT-FOR-US: animal-art-lab CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to contain ...) NOT-FOR-US: Deyue Remote Vehicle Management System CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish article func ...) NOT-FOR-US: emlog CVE-2023-42771 (Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 a ...) NOT-FOR-US: ACERA firmware CVE-2023-41859 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Asho ...) NOT-FOR-US: WordPress plugin CVE-2023-41856 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToT ...) NOT-FOR-US: WordPress plugin CVE-2023-41855 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regp ...) NOT-FOR-US: WordPress plugin CVE-2023-41847 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-41800 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniC ...) NOT-FOR-US: WordPress plugin CVE-2023-41797 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-41580 (Phpipam before v1.5.2 was discovered to contain a LDAP injection vulne ...) - phpipam (bug #731713) CVE-2023-41086 (Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTE ...) NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices CVE-2023-40744 REJECTED CVE-2023-3967 (Allocation of Resources Without Limits or Throttling vulnerability in ...) NOT-FOR-US: Hitachi CVE-2023-3770 (Incorrect validation vulnerability of the data entered, allowing an at ...) NOT-FOR-US: Ingeteam CVE-2023-3769 (Incorrect data input validation vulnerability, which could allow an at ...) NOT-FOR-US: Ingeteam CVE-2023-3768 (Incorrect data input validation vulnerability, which could allow an at ...) NOT-FOR-US: Ingeteam CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version 9.6.0. This ...) NOT-FOR-US: SLiMS CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) NOT-FOR-US: cashIT! CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) NOT-FOR-US: cashIT! CVE-2023-3440 (Incorrect Default Permissions vulnerability in Hitachi JP1/Performance ...) NOT-FOR-US: IBM CVE-2023-3335 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN acce ...) NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless LAN acce ...) NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices CVE-2023-37605 (Weak Exception Handling vulnerability in baramundi software GmbH EMM A ...) NOT-FOR-US: baramundi CVE-2023-36628 (A flaw exists in VASA which allows users with access to a vSphere/ESXi ...) NOT-FOR-US: VASA CVE-2023-36627 (A flaw exists in FlashBlade Purity whereby a user with access to an ad ...) NOT-FOR-US: FlashBlade Purity CVE-2023-33039 (Memory corruption in Automotive Display while destroying the image han ...) NOT-FOR-US: Qualcomm CVE-2023-33035 (Memory corruption while invoking callback function of AFE from ADSP.) NOT-FOR-US: Qualcomm CVE-2023-33034 (Memory corruption while parsing the ADSP response command.) NOT-FOR-US: Qualcomm CVE-2023-33029 (Memory corruption in DSP Service during a remote call from HLOS to DSP ...) NOT-FOR-US: Qualcomm CVE-2023-33028 (Memory corruption in WLAN Firmware while doing a memory copy of pmk ca ...) NOT-FOR-US: Qualcomm CVE-2023-33027 (Transient DOS in WLAN Firmware while parsing rsn ies.) NOT-FOR-US: Qualcomm CVE-2023-33026 (Transient DOS in WLAN Firmware while parsing a NAN management frame.) NOT-FOR-US: Qualcomm CVE-2023-32572 (A flaw exists in FlashArray Purity wherein under limited circumstances ...) NOT-FOR-US: FlashArray Purity CVE-2015-10124 (A vulnerability was found in Most Popular Posts Widget Plugin up to 0. ...) NOT-FOR-US: WordPress plugin CVE-2023-5329 (A vulnerability classified as problematic was found in Field Logic Dat ...) NOT-FOR-US: Field Logic DataCube4 CVE-2023-5328 (A vulnerability classified as critical has been found in SATO CL4NX-J ...) NOT-FOR-US: SATO CL4NX-J Plus CVE-2023-5327 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...) NOT-FOR-US: SATO CL4NX-J Plus CVE-2023-5326 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...) NOT-FOR-US: SATO CL4NX-J Plus CVE-2023-5324 (A vulnerability has been found in eeroOS up to 6.16.4-11 and classifie ...) NOT-FOR-US: eeroOS CVE-2023-4211 (A local non-privileged user can make improper GPU memory processing op ...) NOT-FOR-US: Arm CVE-2023-42132 (FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly ...) NOT-FOR-US: FD Application Apr. 2022 Edition CVE-2023-41737 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...) NOT-FOR-US: WordPress plugin CVE-2023-41736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-41734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in niga ...) NOT-FOR-US: WordPress plugin CVE-2023-41733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin YYDev ...) NOT-FOR-US: WordPress plugin CVE-2023-41731 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) NOT-FOR-US: WordPress plugin CVE-2023-41729 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Send ...) NOT-FOR-US: WordPress plugin CVE-2023-41728 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-41692 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennesse ...) NOT-FOR-US: WordPress theme CVE-2023-32830 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: Mediatek CVE-2023-32829 (In apusys, there is a possible out of bounds write due to an integer o ...) NOT-FOR-US: Mediatek CVE-2023-32828 (In vpu, there is a possible out of bounds write due to an integer over ...) NOT-FOR-US: Mediatek CVE-2023-32827 (In camera middleware, there is a possible out of bounds write due to a ...) NOT-FOR-US: Mediatek CVE-2023-32826 (In camera middleware, there is a possible out of bounds write due to a ...) NOT-FOR-US: Mediatek CVE-2023-32824 (In rpmb , there is a possible double free due to improper locking. Thi ...) NOT-FOR-US: Mediatek CVE-2023-32823 (In rpmb , there is a possible memory corruption due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-32822 (In ftm, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-32821 (In video, there is a possible out of bounds write due to a permissions ...) NOT-FOR-US: Mediatek CVE-2023-32820 (In wlan firmware, there is a possible firmware assertion due to improp ...) NOT-FOR-US: Mediatek CVE-2023-32819 (In display, there is a possible information disclosure due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-5323 (Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dol ...) - dolibarr CVE-2023-5322 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2023-5112 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-5111 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43907 (OptiPNG v0.7.7 was discovered to contain a global buffer overflow via ...) - optipng 0.7.8+ds-1 (unimportant; bug #1055668) NOTE: https://sourceforge.net/p/optipng/bugs/87/ NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md NOTE: Crash in CLI tool, no security impact CVE-2023-43735 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43734 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43733 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43732 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43731 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43730 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43729 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43728 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43727 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43726 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43725 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43724 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43723 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43722 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43721 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43720 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43719 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43718 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43717 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43716 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43715 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43714 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43713 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43712 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-5321 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...) NOT-FOR-US: hamza417/inure CVE-2023-5313 (A vulnerability classified as problematic was found in phpkobo Ajax Po ...) NOT-FOR-US: phpkobo Ajax Poll Script CVE-2023-5305 (A vulnerability was found in Online Banquet Booking System 1.0 and cla ...) NOT-FOR-US: Online Banquet Booking System CVE-2023-5304 (A vulnerability has been found in Online Banquet Booking System 1.0 an ...) NOT-FOR-US: Online Banquet Booking System CVE-2023-5303 (A vulnerability, which was classified as problematic, was found in Onl ...) NOT-FOR-US: Online Banquet Booking System CVE-2023-5302 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.111. T ...) NOT-FOR-US: DedeCMS CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...) NOT-FOR-US: TTSPlanning CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...) - gitlab 16.4.4+ds2-2 CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...) {DSA-5518-1 DLA-3598-1} - libvpx 1.12.0-1.2 NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main) NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4 CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...) NOT-FOR-US: Caphyon Advanced Installer CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) NOT-FOR-US: phpmyfaq CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-5318 (Use of Hard-coded Credentials in GitHub repository microweber/microweb ...) NOT-FOR-US: microweber CVE-2023-5317 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-5316 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) NOT-FOR-US: phpmyfaq CVE-2023-5298 (A vulnerability was found in Tongda OA 2017. It has been rated as crit ...) NOT-FOR-US: Tongda OA CVE-2023-5297 (A vulnerability was found in Xinhu RockOA 2.3.2. It has been classifie ...) NOT-FOR-US: Xinhu RockOA CVE-2023-5296 (A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and clas ...) NOT-FOR-US: Xinhu RockOA CVE-2023-5295 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: Blog Filter plugin for WordPress CVE-2023-5294 (A vulnerability has been found in ECshop 4.1.1 and classified as criti ...) NOT-FOR-US: ECshop CVE-2023-5293 (A vulnerability, which was classified as critical, was found in ECshop ...) NOT-FOR-US: ECshop CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub repository t ...) NOT-FOR-US: phpmyfaq CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...) NOT-FOR-US: OpenHook plugin for WordPress CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) - node-postcss 8.4.31+~cs8.0.26-1 (bug #1053282) [bookworm] - node-postcss (Minor issue) [bullseye] - node-postcss (Minor issue) [buster] - node-postcss (Minor issue) NOTE: https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 (8.4.31) CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43710 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43709 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43708 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43707 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43706 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43705 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43704 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43703 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) NOT-FOR-US: Os Commerce CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...) NOT-FOR-US: SICK SIM1012 CVE-2023-5287 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: BEECMS CVE-2023-5286 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Expense Tracker App CVE-2023-5285 (A vulnerability classified as critical was found in Tongda OA 2017. Af ...) NOT-FOR-US: Tongda OA CVE-2023-5284 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5283 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5282 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5281 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5280 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5279 (A vulnerability has been found in SourceCodester Engineers Online Port ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5278 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5277 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5276 (A vulnerability classified as critical was found in SourceCodester Eng ...) NOT-FOR-US: SourceCodester Engineers Online Portal CVE-2023-5273 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5272 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5271 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5270 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5269 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) NOT-FOR-US: SourceCodester Best Courier Management System CVE-2023-5268 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...) NOT-FOR-US: DedeBIZ CVE-2023-5267 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) NOT-FOR-US: Tongda OA CVE-2023-5266 (A vulnerability, which was classified as critical, was found in DedeBI ...) NOT-FOR-US: DedeBIZ CVE-2023-5265 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Tongda OA CVE-2023-5264 (A vulnerability classified as critical was found in huakecms 3.0. Affe ...) NOT-FOR-US: huakecms CVE-2023-5263 (A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. ...) NOT-FOR-US: ZZZCMS CVE-2023-5262 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classif ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5261 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2023-5260 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Membership System CVE-2023-5259 (A vulnerability classified as problematic was found in ForU CMS. This ...) NOT-FOR-US: ForU CMS CVE-2023-5258 (A vulnerability classified as critical has been found in OpenRapid Rap ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It ...) NOT-FOR-US: WhiteHSBG JNDIExploit CVE-2023-5196 (Mattermost fails to enforce character limits in all possible notificat ...) - mattermost-server (bug #823556) CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft deleti ...) - mattermost-server (bug #823556) CVE-2023-5194 (Mattermost fails to properly validate permissions when demoting and de ...) - mattermost-server (bug #823556) CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving a post ...) - mattermost-server (bug #823556) CVE-2023-5159 (Mattermost fails to properly verify the permissions when managing/upda ...) - mattermost-server (bug #823556) CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in SourceC ...) NOT-FOR-US: SourceCodester Task Management System CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...) NOT-FOR-US: Hospital Management System CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...) {DLA-3777-1} - composer 2.6.4-1 [bookworm] - composer (Minor issue) [bullseye] - composer (Minor issue) NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27) NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22) NOTE: https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c (2.6.4) CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay ...) NOT-FOR-US: WordPress plugin CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-41666 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-41663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovamba ...) NOT-FOR-US: WordPress plugin CVE-2023-41662 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benj ...) NOT-FOR-US: WordPress plugin CVE-2023-41661 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pres ...) NOT-FOR-US: WordPress plugin CVE-2023-41658 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...) NOT-FOR-US: WordPress plugin CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...) NOT-FOR-US: WordPress plugin CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...) NOT-FOR-US: Silabs CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...) NOT-FOR-US: Apache Avro CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...) NOT-FOR-US: WordPress plugin CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 16.4.4+ds2-2 CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...) NOT-FOR-US: Gym Management System Project CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...) NOT-FOR-US: HashiCorp Vault CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authentica ...) NOT-FOR-US: Hospital management system CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...) NOT-FOR-US: Hospital management system CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-4316 (Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker t ...) NOT-FOR-US: Zod CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...) {DLA-3612-1} - lemonldap-ng 2.17.1+ds-1 [bookworm] - lemonldap-ng 2.16.1+ds-deb12u2 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998 NOTE: https://security.lauritz-holtmann.de/post/sso-security-ssrf/ CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...) - linux 6.4.11-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a282a2f10539dce2aa619e71e1817570d557fc97 (6.5-rc2) CVE-2023-44464 (pretix before 2023.7.2 allows Pillow to parse EPS files.) NOT-FOR-US: pretix CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...) NOT-FOR-US: Online Movie Ticket Booking System CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...) NOT-FOR-US: Online Movie Ticket Booking System CVE-2023-44168 REJECTED CVE-2023-44167 REJECTED CVE-2023-44166 (The 'age' parameter of the process_registration.php resource does not ...) NOT-FOR-US: Online Movie Ticket Booking System CVE-2023-44165 REJECTED CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does not vali ...) NOT-FOR-US: Online Movie Ticket Booking System CVE-2023-44163 (The 'search' parameter of the process_search.php resource does not va ...) NOT-FOR-US: Online Movie Ticket Booking System CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File Uploa ...) NOT-FOR-US: Online Book Store Project CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...) NOT-FOR-US: Online Book Store Project CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ...) - python-django 3:4.2.6-1 (bug #1053475) [bookworm] - python-django (Minor issue, fix along in future update) [bullseye] - python-django (Minor issue, fix along in future update) [buster] - python-django (Minor issue, fix along in future update) NOTE: https://www.openwall.com/lists/oss-security/2023/10/04/6 NOTE: https://www.djangoproject.com/weblog/2023/oct/04/security-releases/ NOTE: https://github.com/django/django/commit/17b51094d778b421bb2b3aae0c270894b050455d (main) NOTE: https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473 (4.2.6) NOTE: https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5 (3.2.22) CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...) NOT-FOR-US: ShokoServer CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...) NOT-FOR-US: TorchServe CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an Authenticated SQL In ...) NOT-FOR-US: Asset Management System CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an unauthenticated SQL ...) NOT-FOR-US: Asset Management System CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...) - gitlab 16.4.4+ds2-2 CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...) - gitlab (Specific to EE) CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...) - gitlab (Specific to EE) CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...) NOT-FOR-US: HashiCorp Vault CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...) - gitlab (Specific to EE) CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...) NOT-FOR-US: Dell CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...) - drupal7 CVE-2023-5871 (A flaw was found in libnbd, due to a malicious Network Block Device (N ...) - libnbd 1.18.1-1 (bug #1055170) [bookworm] - libnbd (Vulnerable code not present) [bullseye] - libnbd (Vulnerable code not present) NOTE: https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/ NOTE: Introduced by: https://gitlab.com/nbdkit/libnbd/-/commit/20dadb0e10fc7236c763e3cf8c55fcc92ef28623 (v1.17.4) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/177308adb17e81fce7c0f2b2fcf655c5c0b6a4d6 (master) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701 (stable-1.18) CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...) - libnbd 1.16.5-1 [bookworm] - libnbd (Minor issue) [bullseye] - libnbd (Minor issue) NOTE: https://listman.redhat.com/archives/libguestfs/2023-September/032635.html NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/0f8ee8c6bd6dd93de771e6d4da87ec5a59504aae (v1.18.0) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/f03330181229360a1a97a264aa956fea54c657de (v1.16.5) CVE-2023-43884 (A Cross-site scripting (XSS) vulnerability in Reference ID from the pa ...) NOT-FOR-US: Subrion CMS CVE-2023-43879 (Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allow ...) NOT-FOR-US: Rite CMS CVE-2023-43878 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...) NOT-FOR-US: Rite CMS CVE-2023-43876 (A Cross-Site Scripting (XSS) vulnerability in installation of October ...) NOT-FOR-US: October CMS CVE-2023-43874 (Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 ...) NOT-FOR-US: e017 CMS CVE-2023-43873 (A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows ...) NOT-FOR-US: e017 CMS CVE-2023-43872 (A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local a ...) NOT-FOR-US: CMSmadesimple CVE-2023-43871 (A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to ...) NOT-FOR-US: WBCE CVE-2023-43869 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) NOT-FOR-US: D-Link CVE-2023-43868 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVa ...) NOT-FOR-US: D-Link CVE-2023-43867 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) NOT-FOR-US: D-Link CVE-2023-43866 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) NOT-FOR-US: D-Link CVE-2023-43865 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) NOT-FOR-US: D-Link CVE-2023-43864 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) NOT-FOR-US: D-Link CVE-2023-43863 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) NOT-FOR-US: D-Link CVE-2023-43862 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLangu ...) NOT-FOR-US: D-Link CVE-2023-43861 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) NOT-FOR-US: D-Link CVE-2023-43860 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) NOT-FOR-US: D-Link CVE-2023-43664 (PrestaShop is an Open Source e-commerce web application. In the Presta ...) NOT-FOR-US: PrestaShop CVE-2023-43663 (PrestaShop is an Open Source e-commerce web application. In affected v ...) NOT-FOR-US: PrestaShop CVE-2023-43657 (discourse-encrypt is a plugin that provides a secure communication cha ...) NOT-FOR-US: discourse-encrypt plugin CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction on post ...) NOT-FOR-US: mooSocial CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php in DedeCM ...) NOT-FOR-US: DedeCMS CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to traverse ...) NOT-FOR-US: IBM CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 ...) NOT-FOR-US: Samsung CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contain ...) NOT-FOR-US: IBM CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...) NOT-FOR-US: SAP CVE-2023-39196 (Improper Authentication vulnerability in Apache Ozone. The vulnerabil ...) NOT-FOR-US: Apache Ozone CVE-2023-39195 REJECTED CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: Font Awesome Integration plugin for WordPress CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Font Awesome More Icons plugin for WordPress CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerab ...) NOT-FOR-US: TM WooCommerce Compare & Wishlist plugin for WordPress CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence parameter ...) NOT-FOR-US: OPNsense CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php column_count param ...) NOT-FOR-US: OPNsense CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature Malleability. T ...) NOT-FOR-US: Consensys gnark-crypto CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attack ...) NOT-FOR-US: PGYER codefever CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...) NOT-FOR-US: Warpgate CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external services li ...) NOT-FOR-US: matrix-hookshot CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user can e ...) NOT-FOR-US: JumpServer CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...) NOT-FOR-US: Proxmox CVE-2023-43314 (** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in th ...) NOT-FOR-US: ZYXEL CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the cms/content/e ...) NOT-FOR-US: YZNCMS CVE-2023-43192 (SQL injection can exist in a newly created part of the SpringbootCMS 1 ...) NOT-FOR-US: JFinalcms CVE-2023-43191 (SpringbootCMS 1.0 foreground message can be embedded malicious code sa ...) NOT-FOR-US: JFinalCMS CVE-2023-42818 (JumpServer is an open source bastion host. When users enable MFA and u ...) NOT-FOR-US: JumpServer CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebC ...) NOT-FOR-US: WebCatalog CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1. ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) NOT-FOR-US: phpkobo AjaxNewTicker CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attac ...) NOT-FOR-US: Binalyze IREC.sys CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for Kubernete ...) NOT-FOR-US: Argo CD CVE-2023-38877 (A host header injection vulnerability exists in gugoan's Economizzer v ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure file uploa ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-38873 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-38872 (An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Eco ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commit 3730 ...) NOT-FOR-US: gugoan's Economizzer CVE-2023-42119 (Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. Th ...) - exim4 4.97~RC2-2 [bookworm] - exim4 4.96-15+deb12u3 [bullseye] - exim4 (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) [buster] - exim4 (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3033 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42118 (Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. Th ...) - libspf2 (bug #1053870) [bookworm] - libspf2 (Revisit once upstream and ZDI status is clarfied) [bullseye] - libspf2 (Revisit once upstream and ZDI status is clarfied) [buster] - libspf2 (Revisit once upstream and ZDI status is clarfied) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3032 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt NOTE: https://lists.exim.org/lurker/message/20231004.080103.8c98192c.en.html NOTE: Potentially same issue as: https://github.com/shevek/libspf2/issues/45 NOTE: https://github.com/shevek/libspf2/pull/44 NOTE: The potentially related (but unknown if exploitable) integer overflow flaw from pull/44 NOTE: is fixed with libspf2/1.2.10-8. There have been 1. no proofs it is exploitable, and the NOTE: finder clarifies as "ut I haven't been able to get it to do anything after that because NOTE: another buffer fills up." and 2. that this is the same issue as CVE-2023-42118 . CVE-2023-42117 (Exim Improper Neutralization of Special Elements Remote Code Execution ...) - exim4 4.97~RC2-2 [bookworm] - exim4 4.96-15+deb12u3 [bullseye] - exim4 (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) [buster] - exim4 (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1471/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3031 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42116 (Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution ...) {DSA-5512-1 DLA-3599-1} - exim4 4.97~RC1-2 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3000 NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/936e342d560e218c2aee5cb2295be925c27c2106 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42115 (Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. Thi ...) {DSA-5512-1} - exim4 4.97~RC1-2 [buster] - exim4 (External authenticator support was introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ NOTE: https://bugs.exim.org/show_bug.cgi?id=2999 NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/955f1203c15be96fa84b5331fa2a5cb2e556b9a9 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42114 (Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerab ...) {DSA-5512-1 DLA-3599-1} - exim4 4.97~RC1-2 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3001 NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/ccf9816f54fb04ab5508eb8c7f00b08bc3531297 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-50186 (GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Ex ...) {DSA-5583-1} - gst-plugins-bad1.0 1.22.8-1 [bullseye] - gst-plugins-bad1.0 (Vulnerable code not present) [buster] - gst-plugins-bad1.0 (Vulnerable code not present) - gst-plugins-bad0.10 (Vulnerable code not present) NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0011.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5823 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/890d59e97e291fe848147ebf4d5884bcec1101c9 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5 (1.22.8) CVE-2023-44446 (GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulner ...) {DSA-5565-1 DLA-3673-1} - gst-plugins-bad1.0 1.22.7-1 (bug #1056101) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0010.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/274551d450e443a8c71baa95e3f8d5dad212737f NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f17ffe824bd8988bb71ae11353 (1.22.7) CVE-2023-44429 (GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Exe ...) {DSA-5565-1} - gst-plugins-bad1.0 1.22.7-1 (bug #1056102) [buster] - gst-plugins-bad1.0 (Vulnerable code was introduced later) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0009.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1db83d3f745332cbda6adf954b2c53a10caa205e NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b76a801f57353b893c344025cac56413140fca6d (1.22.7) CVE-2023-40476 (GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Executi ...) {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 1.22.7-1 (bug #1053259) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 (1.22.6) CVE-2023-40475 (GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vuln ...) {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 1.22.7-1 (bug #1053260) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 (1.22.6) CVE-2023-40474 (GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vuln ...) {DSA-5533-1 DLA-3633-1} - gst-plugins-bad1.0 1.22.7-1 (bug #1053261) - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce (1.22.6) CVE-2023-5236 (A flaw was found in Infinispan, which does not detect circular object ...) NOT-FOR-US: Infinispan CVE-2023-5223 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: HimitZH HOJ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vitogate ...) NOT-FOR-US: Viessmann Vitogate CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...) NOT-FOR-US: ForU CMS CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...) {DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3601-1 DLA-3598-1 DLA-3591-1} - chromium 117.0.5938.132-1 [buster] - chromium (see DSA 5046) - firefox (unimportant) - firefox-esr (unimportant) - thunderbird 1:115.3.1-1 (unimportant) - libvpx 1.12.0-1.1 (bug #1053182) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/#CVE-2023-5217 NOTE: https://www.openwall.com/lists/oss-security/2023/09/28/5 NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282 NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 NOTE: https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2 NOTE: src:firefox, src:firefox-esr and src:thunderbird use the system libvpx starting in bookworm NOTE: and above. For older releases still needs the fixes in src:firefox-esr and src:thunderbird. CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to 117.0.5938.132 ...) {DSA-5508-1} - chromium 117.0.5938.132-1 [buster] - chromium (see DSA 5046) CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to 117.0.5938.132 a ...) {DSA-5508-1} - chromium 117.0.5938.132-1 [buster] - chromium (see DSA 5046) CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer overflow ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4523 (Real Time Automation 460 Series products with versions prior to v8.9.8 ...) NOT-FOR-US: Real Time Automation 460 Series products CVE-2023-4066 (A flaw was found in Red Hat's AMQ Broker, which stores certain passwor ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2023-4129 (Dell Data Protection Central, version 19.9, contains an Inadequate Enc ...) NOT-FOR-US: Dell CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An unauthenticated atta ...) NOT-FOR-US: One Identity Password Manager CVE-2023-2585 (Keycloak's device authorization grant does not correctly validate the ...) NOT-FOR-US: Keycloak CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to support ...) NOT-FOR-US: Keycloak CVE-2023-44207 (Stored cross-site scripting (XSS) vulnerability in protection plan nam ...) NOT-FOR-US: Acronis CVE-2023-44206 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2023-44205 (Sensitive information disclosure due to improper authorization. The fo ...) NOT-FOR-US: Acronis CVE-2023-44161 (Sensitive information manipulation due to cross-site request forgery. ...) NOT-FOR-US: Acronis CVE-2023-44160 (Sensitive information manipulation due to cross-site request forgery. ...) NOT-FOR-US: Acronis CVE-2023-44159 (Sensitive information disclosure due to cleartext storage of sensitive ...) NOT-FOR-US: Acronis CVE-2023-44158 (Sensitive information disclosure due to insufficient token field maski ...) NOT-FOR-US: Acronis CVE-2023-44157 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis CVE-2023-44156 (Sensitive information disclosure due to spell-jacking. The following p ...) NOT-FOR-US: Acronis CVE-2023-44155 (Sensitive information leak through log files. The following products a ...) NOT-FOR-US: Acronis CVE-2023-44154 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2023-44153 (Sensitive information disclosure due to cleartext storage of sensitive ...) NOT-FOR-US: Acronis CVE-2023-44152 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2023-44129 (The vulnerability is that the Messaging ("com.android.mms") app patche ...) NOT-FOR-US: LG CVE-2023-44128 (he vulnerability is to delete arbitrary files in LGInstallService ("co ...) NOT-FOR-US: LG CVE-2023-44127 (he vulnerability is that the Call management ("com.android.server.tele ...) NOT-FOR-US: LG CVE-2023-44126 (The vulnerability is that the Call management ("com.android.server.tel ...) NOT-FOR-US: LG CVE-2023-44125 (The vulnerability is the use of implicit PendingIntents without the Pe ...) NOT-FOR-US: LG CVE-2023-44124 (The vulnerability is to theft of arbitrary files with system privilege ...) NOT-FOR-US: LG CVE-2023-44123 (The vulnerability is the use of implicit PendingIntents with the Pendi ...) NOT-FOR-US: LG CVE-2023-44122 (The vulnerability is to theft of arbitrary files with system privilege ...) NOT-FOR-US: LG CVE-2023-44121 (The vulnerability is an intent redirection in LG ThinQ Service ("com.l ...) NOT-FOR-US: LG CVE-2023-44048 (Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scri ...) NOT-FOR-US: Sourcecodester Expense Tracker App CVE-2023-44047 (Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Inje ...) NOT-FOR-US: Sourcecodester Toll Tax Management System CVE-2023-44023 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44022 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44021 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44020 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44019 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44018 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44017 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44016 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44015 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44014 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-44013 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) NOT-FOR-US: Tenda CVE-2023-43830 (A Cross-site scripting (XSS) vulnerability in /panel/configuration/fin ...) NOT-FOR-US: Subrion CMS CVE-2023-43828 (A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Sub ...) NOT-FOR-US: Subrion CMS CVE-2023-43652 (JumpServer is an open source bastion host. As an unauthenticated user, ...) NOT-FOR-US: JumpServer CVE-2023-43650 (JumpServer is an open source bastion host. The verification code for r ...) NOT-FOR-US: JumpServer CVE-2023-43125 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note ...) NOT-FOR-US: F5 BIG-IP CVE-2023-43124 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel.Note: ...) NOT-FOR-US: F5 BIG-IP CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to the f ...) [experimental] - xrdp 0.9.24-1 - xrdp 0.9.24-2 (bug #1053284) [bookworm] - xrdp (Minor issue) [bullseye] - xrdp (Minor issue) [buster] - xrdp (Minor issue) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-42487 (Soundminer \u2013 CWE-22: Improper Limitation of a Pathname to a Restr ...) NOT-FOR-US: Soundminer CVE-2023-42486 (Fortect - CWE-428: Unquoted Search Path or Element, may be used by loc ...) NOT-FOR-US: Fortect CVE-2023-41653 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus S ...) NOT-FOR-US: WordPress plugin CVE-2023-41242 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hass ...) NOT-FOR-US: WordPress plugin CVE-2023-41241 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sure ...) NOT-FOR-US: WordPress plugin CVE-2023-41238 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ultimate ...) NOT-FOR-US: WordPress plugin CVE-2023-41237 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-41236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy ad ...) NOT-FOR-US: WordPress plugin CVE-2023-41235 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-40333 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Int ...) NOT-FOR-US: WordPress plugin CVE-2023-40049 (In WS_FTP Server version prior to 8.8.2, an unauthenticated user cou ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-40048 (In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager i ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-40047 (In WS_FTP Server version prior to 8.8.2,a stored cross-site scripting ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-40046 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-40045 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cros ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticate ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework, compatible ...) - scylladb (bug #824509) CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack relea ...) NOT-FOR-US: Dell CVE-2023-XXXX [code execution via malformed XTGETTCAP] - foot 1.15.3-2 (bug #1053115) [bookworm] - foot 1.13.1-2+deb12u1 [bullseye] - foot (Minor issue) NOTE: https://codeberg.org/dnkl/foot/commit/8a5f2915e9d327d1517d1da49ce7e2303fe61d36 CVE-2023-5183 (Unsafe deserialization of untrusted JSON allows execution of arbitrary ...) NOT-FOR-US: Illumio CVE-2023-4934 (Authorization Bypass Through User-Controlled Key vulnerability in Usta ...) NOT-FOR-US: Usta" AYBS CVE-2023-4737 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Hedef Tracking Admin Panel CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...) NOT-FOR-US: WordPress plugin CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU de ...) NOT-FOR-US: Imagination GPUs CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a SQL inje ...) NOT-FOR-US: Super Store Finder CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in /install/index ...) NOT-FOR-US: Black Cat CMS CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...) NOT-FOR-US: Black Cat CMS CVE-2023-43825 (Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and ...) NOT-FOR-US: Shihonkanri Plus CVE-2023-43645 (OpenFGA is an authorization/permission engine built for developers and ...) NOT-FOR-US: OpenFGA CVE-2023-43381 (SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote a ...) NOT-FOR-US: Tianchoy Blog CVE-2023-43331 (A cross-site scripting (XSS) vulnerability in the Add User function of ...) NOT-FOR-US: Small CRM CVE-2023-43291 (Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier al ...) NOT-FOR-US: emlog CVE-2023-43263 (A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 al ...) NOT-FOR-US: Froala Editor CVE-2023-43232 (A stored cross-site scripting (XSS) vulnerability in the Website colum ...) NOT-FOR-US: DedeBIZ CVE-2023-43187 (A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint ...) NOT-FOR-US: NodeBB CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loos ...) NOT-FOR-US: Macrob7 Macs Framework Content Management System (CMS) CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability is due t ...) NOT-FOR-US: JumpServer CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can access ...) NOT-FOR-US: JumpServer CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w NOTE: Only supported behind an authenticated HTTP zone CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.93.0-1 (bug #1053283) NOTE: https://github.com/matrix-org/synapse/pull/16327 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x CVE-2023-41996 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41995 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-41986 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-41984 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-41981 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-41980 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-41979 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-41968 (This issue was addressed with improved validation of symlinks. This is ...) NOT-FOR-US: Apple CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing platform, cov ...) NOT-FOR-US: MeterSphere CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.93.0-1 (bug #1053283) NOTE: https://github.com/matrix-org/synapse/pull/16272 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 CVE-2023-41333 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-41332 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-41174 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-41079 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2023-41078 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixed in t ...) {DSA-5527-1} - webkit2gtk 2.42.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.0-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-41073 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2023-41071 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-41070 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-41068 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2023-41067 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-41066 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-41065 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-41063 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jaso ...) NOT-FOR-US: WordPress plugin CVE-2023-40675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...) NOT-FOR-US: WordPress plugin CVE-2023-40669 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-40668 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...) NOT-FOR-US: WordPress plugin CVE-2023-40667 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Si ...) NOT-FOR-US: WordPress plugin CVE-2023-40665 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...) NOT-FOR-US: WordPress plugin CVE-2023-40664 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...) NOT-FOR-US: WordPress plugin CVE-2023-40663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme ...) NOT-FOR-US: WordPress plugin CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digi ...) NOT-FOR-US: WordPress plugin CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes ...) NOT-FOR-US: WordPress plugin CVE-2023-40541 (This issue was addressed by adding an additional prompt for user conse ...) NOT-FOR-US: Apple CVE-2023-40520 (The issue was addressed with improved checks. This issue is fixed in t ...) NOT-FOR-US: Apple CVE-2023-40456 (The issue was addressed with improved checks. This issue is fixed in t ...) NOT-FOR-US: Apple CVE-2023-40455 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40454 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40452 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-40450 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-40448 (The issue was addressed with improved handling of protocols. This issu ...) NOT-FOR-US: Apple CVE-2023-40443 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-40441 (A resource exhaustion issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2023-40436 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40434 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple CVE-2023-40432 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40431 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40429 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2023-40428 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-40427 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-40426 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40424 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-40422 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40420 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40419 (The issue was addressed with improved checks. This issue is fixed in t ...) NOT-FOR-US: Apple CVE-2023-40418 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-40417 (A window management issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2023-40412 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40410 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-40409 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40402 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-40400 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-40399 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40395 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-40391 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-40388 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-40386 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-40384 (A permissions issue was addressed with improved redaction of sensitive ...) NOT-FOR-US: Apple CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...) NOT-FOR-US: WordPress plugin CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-39233 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-38615 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38596 (The issue was addressed with improved handling of protocols. This issu ...) NOT-FOR-US: Apple CVE-2023-38586 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2023-37448 (A lock screen issue was addressed with improved state management. This ...) NOT-FOR-US: Apple CVE-2023-35990 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixed in t ...) NOT-FOR-US: Apple CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) NOT-FOR-US: Cassia Access Controller CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5396-1} - webkit2gtk 2.40.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MRV Tech Logging Administration Panel CVE-2023-32421 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-32396 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-32377 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-32361 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...) {DLA-3629-1} - ceph 16.2.11+ds-5 (bug #1053690) [bookworm] - ceph (Minor issue) [bullseye] - ceph (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10 NOTE: https://tracker.ceph.com/issues/63004 NOTE: https://github.com/ceph/ceph/pull/53714 NOTE: Fixed by: https://github.com/ceph/ceph/commit/100d81aa060f061271499f1fa28dbdc06de443fd (main) CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DSA-5594-1 DLA-3711-1} - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f15f29fd4779be8a418b66e9d52979bb6d6c2325 (6.6-rc3) NOTE: https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325 CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting tarba ...) NOT-FOR-US: Ansible Automation Hub CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...) - galera-4 26.4.13-1 [bullseye] - galera-4 (Minor issue; can be fixed via point release) - galera-3 (vulnerable code not backported to galera-3) NOTE: https://jira.mariadb.org/browse/MDEV-25068 NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8) NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12) CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automation pla ...) {DLA-3695-1} - ansible-core 2.14.11-1 (bug #1053693) [bookworm] - ansible-core (Minor issue) [bullseye] - ansible-core (Minor issue) - ansible 5.4.0-1 [bullseye] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810 NOTE: https://github.com/ansible/ansible/pull/81780 NOTE: https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28 NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsy ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts are dis ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4261 NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4260 (Potential off-by-one buffer overflow vulnerability in the Zephyr fuse ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4065 (A flaw was found in Red Hat AMQ Broker Operator, where it displayed a ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2023-44172 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) NOT-FOR-US: SeaCMS CVE-2023-44171 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) NOT-FOR-US: SeaCMS CVE-2023-44170 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) NOT-FOR-US: SeaCMS CVE-2023-44169 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) NOT-FOR-US: SeaCMS CVE-2023-43857 (Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Dreamer CMS CVE-2023-43856 (Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vu ...) NOT-FOR-US: Dreamer CMS CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP Gat ...) NOT-FOR-US: Eaton CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...) - node-get-func-name 2.0.2-1 (bug #1053262) [bookworm] - node-get-func-name (Minor issue) [bullseye] - node-get-func-name (Minor issue) [buster] - node-get-func-name (Minor issue, ReDoS) NOTE: https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5 NOTE: https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69 (v2.0.1) CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of Welcart ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-43610 (SQL injection vulnerability in Order Data Edit page of Welcart e-Comme ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-43493 (SQL injection vulnerability in Item List page of Welcart e-Commerce ve ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-43484 (Cross-site scripting vulnerability in Item List page of Welcart e-Comm ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-43234 (DedeBIZ v6.2.11 was discovered to contain multiple remote code executi ...) NOT-FOR-US: DedeBIZ CVE-2023-43222 (SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g ...) NOT-FOR-US: SeaCMS CVE-2023-43216 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) NOT-FOR-US: SeaCMS CVE-2023-42460 (Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_dec ...) NOT-FOR-US: Vyper CVE-2023-41962 (Cross-site scripting vulnerability in Credit Card Payment Setup page o ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-41904 (Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for Au ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-41233 (Cross-site scripting vulnerability in Item List page registration proc ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-40532 (Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8 ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-40219 (Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or ...) NOT-FOR-US: Welcart e-Commerce CVE-2023-39378 (SiberianCMS - CWE-89: Improper Neutralization of Special Elements used ...) NOT-FOR-US: SiberianCMS CVE-2023-39377 (SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type ...) NOT-FOR-US: SiberianCMS CVE-2023-39376 (SiberianCMS - CWE-284 Improper Access Control Authorized user may disa ...) NOT-FOR-US: SiberianCMS CVE-2023-39375 (SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges) NOT-FOR-US: SiberianCMS CVE-2023-39347 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vulnerabi ...) NOT-FOR-US: VMware CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of ...) NOT-FOR-US: Hancom Office 2020 HWord CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...) {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} - firefox 118.0-1 - firefox-esr 115.3.0esr-1 - thunderbird 1:115.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5176 CVE-2023-5175 (During process shutdown, it was possible that an `ImageBitmap` was cre ...) - firefox 118.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5175 CVE-2023-5174 (If Windows failed to duplicate a handle during process creation, the s ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5174 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5174 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5174 CVE-2023-5173 (In a non-standard configuration of Firefox, an integer overflow could ...) - firefox 118.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5173 CVE-2023-5172 (A hashtable in the Ion Engine could have been mutated while there was ...) - firefox 118.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172 CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a ...) {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} - firefox 118.0-1 - firefox-esr 115.3.0esr-1 - thunderbird 1:115.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5171 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5171 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5171 CVE-2023-5170 (In canvas rendering, a compromised content process could have caused a ...) - firefox 118.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170 CVE-2023-5169 (A compromised content process could have provided malicious data in a ...) {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} - firefox 118.0-1 - firefox-esr 115.3.0esr-1 - thunderbird 1:115.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5169 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5169 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5169 CVE-2023-5168 (A compromised content process could have provided malicious data to `F ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5168 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5168 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5168 CVE-2023-5192 (Excessive Data Query Operations in a Large Data Table in GitHub reposi ...) NOT-FOR-US: Pimcore CVE-2023-5162 (The Options for Twenty Seventeen plugin for WordPress is vulnerable to ...) NOT-FOR-US: Options for Twenty Seventeen plugin for WordPress CVE-2023-5161 (The Modal Window plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Modal Window plugin for WordPress CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to ...) NOT-FOR-US: Simple Cloudflare Turnstile plugin for WordPress CVE-2023-5129 REJECTED CVE-2023-4565 (Broadcast permission control vulnerability in the framework module. Su ...) NOT-FOR-US: Huawei CVE-2023-4506 (The Active Directory Integration / LDAP Integration plugin for WordPre ...) NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress CVE-2023-4505 (The Staff / Employee Business Directory for Active Directory plugin fo ...) NOT-FOR-US: Staff / Employee Business Directory for Active Directory plugin for WordPress CVE-2023-4259 (Two potential buffer overflow vulnerabilities at the following locatio ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key that ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...) NOT-FOR-US: Service Provider Management System CVE-2023-43326 (A reflected cross-site scripting (XSS) vulnerability exisits in multip ...) NOT-FOR-US: mooSocial CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the data[redir ...) NOT-FOR-US: mooSocial CVE-2023-43278 (A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up ...) NOT-FOR-US: Seacms CVE-2023-43132 (szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remo ...) NOT-FOR-US: szvone vmqphp CVE-2023-42426 (Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1 ...) NOT-FOR-US: Froala Froala Editor CVE-2023-41861 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict ...) NOT-FOR-US: WordPress plugin CVE-2023-41860 (Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin < ...) NOT-FOR-US: WordPress plugin CVE-2023-41312 (Permission control vulnerability in the audio module. Successful explo ...) NOT-FOR-US: Huawei CVE-2023-41311 (Permission control vulnerability in the audio module. Successful explo ...) NOT-FOR-US: Huawei CVE-2023-41310 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...) NOT-FOR-US: Huawei CVE-2023-41309 (Permission control vulnerability in the MediaPlaybackController module ...) NOT-FOR-US: Huawei CVE-2023-41308 (Screenshot vulnerability in the input module. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2023-41307 (Memory overwriting vulnerability in the security module. Successful ex ...) NOT-FOR-US: Huawei CVE-2023-41306 (Vulnerability of mutex management in the bone voice ID trusted applica ...) NOT-FOR-US: Huawei CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted in a V ...) NOT-FOR-US: Huawei CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP Webse ...) NOT-FOR-US: EasyPHP Webserver CVE-2023-38907 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...) NOT-FOR-US: TP-Link CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...) NOT-FOR-US: Huawei CVE-2023-5166 (Docker Desktop before 4.23.0 allows Access Token theft via a crafted e ...) NOT-FOR-US: Docker Desktop CVE-2023-5165 (Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enh ...) NOT-FOR-US: Docker Desktop CVE-2023-5158 (A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in t ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/virtualization/20230925103057.104541-1-sgarzare@redhat.com/T/#u CVE-2023-5156 (A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 ...) - glibc 2.37-11 (bug #1053002) [bookworm] - glibc (Fix for CVE-2023-4806 not applied alone in released version) [bullseye] - glibc (Fix for CVE-2023-4806 not applied alone in released version) [buster] - glibc (Fix for CVE-2023-4806 not applied alone in released version) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2240541 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30884 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 NOTE: https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0005 CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows events ...) NOT-FOR-US: Teedy CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers such as ...) NOT-FOR-US: WordPress plugin CVE-2023-4549 (The DoLogin Security WordPress plugin before 3.7 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2023-4521 (The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a ...) NOT-FOR-US: WordPress plugin CVE-2023-4502 (The Translate WordPress with GTranslate WordPress plugin before 3.0.4 ...) NOT-FOR-US: WordPress plugin CVE-2023-4490 (The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4476 (The Locatoraid Store Locator WordPress plugin before 3.9.24 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-4300 (The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not fi ...) NOT-FOR-US: WordPress plugin CVE-2023-4281 (This Activity Log WordPress plugin before 2.8.8 retrieves client IP ad ...) NOT-FOR-US: WordPress plugin CVE-2023-4238 (The Prevent files / folders access WordPress plugin before 2.5.2 does ...) NOT-FOR-US: WordPress plugin CVE-2023-4148 (The Ditty WordPress plugin before 3.1.25 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-43644 (Sing-box is an open source proxy system. Affected versions are subject ...) NOT-FOR-US: sing-box CVE-2023-43642 (snappy-java is a Java port of the snappy, a fast C++ compresser/decomp ...) - snappy-java 1.1.10.5-1 (bug #1053474) [bookworm] - snappy-java (Minor issue) [bullseye] - snappy-java (Minor issue) [buster] - snappy-java (Minor issue) NOTE: https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 (v1.1.10.4) NOTE: https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv CVE-2023-43458 (Cross Site Scripting (XSS) vulnerability in Resort Reservation System ...) NOT-FOR-US: Resort Reservation System CVE-2023-43456 (Cross Site Scripting vulnerability in Service Provider Management Syst ...) NOT-FOR-US: Service Provider Management System CVE-2023-43382 (Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allo ...) NOT-FOR-US: itechyou dreamer CMS CVE-2023-43339 (Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 all ...) NOT-FOR-US: cmsmadesimple CVE-2023-43319 (Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWar ...) NOT-FOR-US: IceWarp WebClient CVE-2023-43256 (A path traversal in Gladys Assistant v4.26.1 and below allows authenti ...) NOT-FOR-US: Gladys Assistant CVE-2023-43141 (TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulner ...) NOT-FOR-US: TOTOLINK CVE-2023-43131 (General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.) NOT-FOR-US: General Device Manager CVE-2023-42817 (Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The ...) NOT-FOR-US: Pimcore CVE-2023-41871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Mak ...) NOT-FOR-US: WordPress plugin CVE-2023-41868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Rata ...) NOT-FOR-US: WordPress plugin CVE-2023-41867 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMaili ...) NOT-FOR-US: WordPress plugin CVE-2023-41863 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. ...) NOT-FOR-US: WordPress plugin CVE-2023-41419 (An issue in Gevent before version 23.9.0 allows a remote attacker to e ...) NOT-FOR-US: Gevent Gevent CVE-2023-41303 (Command injection vulnerability in the distributed file system module. ...) NOT-FOR-US: Huawei CVE-2023-41302 (Redirection permission verification vulnerability in the home screen m ...) NOT-FOR-US: Huawei CVE-2023-41301 (Vulnerability of unauthorized API access in the PMS module. Successful ...) NOT-FOR-US: Huawei CVE-2023-41300 (Vulnerability of parameters not being strictly verified in the PMS mod ...) NOT-FOR-US: Huawei CVE-2023-41299 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) NOT-FOR-US: Huawei CVE-2023-41298 (Vulnerability of permission control in the window module. Successful e ...) NOT-FOR-US: Huawei CVE-2023-41297 (Vulnerability of defects introduced in the design process in the Hivie ...) NOT-FOR-US: Huawei CVE-2023-41296 (Vulnerability of missing authorization in the kernel module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-41295 (Vulnerability of improper permission management in the displayengine m ...) NOT-FOR-US: Huawei CVE-2023-41294 (The DP module has a service hijacking vulnerability.Successful exploit ...) NOT-FOR-US: Huawei CVE-2023-41293 (Data security classification vulnerability in the DDMP module. Success ...) NOT-FOR-US: Huawei CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buffer_for ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not restrict fun ...) NOT-FOR-US: WordPress plugin CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML files. The ...) {DSA-5520-1 DLA-3671-1} - mediawiki 1:1.39.5-1 NOTE: https://phabricator.wikimedia.org/T341565 CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...) NOT-FOR-US: WordPress plugin CVE-2023-3226 (The Popup Builder WordPress plugin before 4.2.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-39640 (UpLight cookiebanner before 1.5.1 was discovered to contain a SQL inje ...) NOT-FOR-US: UpLight cookiebanner CVE-2023-39453 (A use-after-free vulnerability exists in the tif_parse_sub_IFD functio ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-39409 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) NOT-FOR-US: Huawei CVE-2023-39408 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) NOT-FOR-US: Huawei CVE-2023-39407 (The Watchkit has a risk of unauthorized file access.Successful exploit ...) NOT-FOR-US: Huawei CVE-2023-35002 (A heap-based buffer overflow vulnerability exists in the pictwread fun ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-32653 (An out-of-bounds write vulnerability exists in the dcm_pixel_data_deco ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-32614 (A heap-based buffer overflow vulnerability exists in the create_png_ob ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-32284 (An out-of-bounds write vulnerability exists in the tiff_planar_adobe f ...) NOT-FOR-US: Accusoft ImageGear CVE-2022-48605 (Input verification vulnerability in the fingerprint module. Successful ...) NOT-FOR-US: Huawei CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel. A rac ...) {DLA-3623-1} - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2 NOTE: https://git.kernel.org/linus/7433b6d2afd512d04398c73aa984d1e285be125b (6.6-rc3) CVE-2023-42755 (A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) clas ...) {DLA-3710-1 DLA-3623-1} - linux 6.3.7-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://lore.kernel.org/all/CADW8OBtkAf+nGokhD9zCFcmiebL1SM8bJp_oo=pE02BknG9qnQ@mail.gmail.com/ NOTE: https://git.kernel.org/linus/265b4da82dbf5df04bee5a5d46b7474b1aaf326a (6.3-rc1) CVE-2023-40581 (yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp ...) - yt-dlp (Windows-specific) NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg CVE-2023-5154 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) NOT-FOR-US: D-Link CVE-2023-5153 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2023-5152 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2023-5151 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: D-Link CVE-2023-5150 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: D-Link CVE-2023-5149 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2023-5148 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2023-5147 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2023-5146 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) NOT-FOR-US: D-Link CVE-2023-5145 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) NOT-FOR-US: D-Link CVE-2023-5144 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2023-5143 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: D-Link CVE-2023-5142 (A vulnerability classified as problematic was found in H3C GR-1100-P, ...) NOT-FOR-US: H3C CVE-2023-41949 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFo ...) NOT-FOR-US: WordPress plugin CVE-2023-41948 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) NOT-FOR-US: WordPress plugin CVE-2023-41874 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche So ...) NOT-FOR-US: WordPress plugin CVE-2023-41872 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos W ...) NOT-FOR-US: WordPress plugin CVE-2023-5134 (The Easy Registration Forms for WordPress is vulnerable to Information ...) NOT-FOR-US: WordPress plugin CVE-2023-5125 (The Contact Form by FormGet plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Contact Form by FormGet plugin for WordPress CVE-2023-43470 (SQL injection vulnerability in janobe Online Voting System v.1.0 allow ...) NOT-FOR-US: janobe Online Voting System CVE-2023-43469 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) NOT-FOR-US: janobe Online Job Portal CVE-2023-43468 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) NOT-FOR-US: janobe Online Job Portal CVE-2023-43338 (Cesanta mjs v2.20.0 was discovered to contain a function pointer hijac ...) NOT-FOR-US: Cesanta mjs CVE-2023-43130 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) NOT-FOR-US: D-Link CVE-2023-43129 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) NOT-FOR-US: D-Link CVE-2023-43640 (TaxonWorks is a web-based workbench designed for taxonomists and biodi ...) NOT-FOR-US: TaxonWorks CVE-2023-43270 (dst-admin v1.5.0 was discovered to contain a remote command execution ...) NOT-FOR-US: dst-admin CVE-2023-43144 (Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQ ...) NOT-FOR-US: Projectworldsl Assets-management-system-in-php CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...) - golang-github-gomarkdown-markdown 0.0~git20231115.a660076-1 [bookworm] - golang-github-gomarkdown-markdown (Minor issue) NOTE: https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940 NOTE: https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2 CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis. Prior to ver ...) NOT-FOR-US: Galaxy CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting in vers ...) NOT-FOR-US: Rust crate aes-gcm CVE-2023-42798 (AutomataCI is a template git repository equipped with a native built-i ...) NOT-FOR-US: AutomataCI CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions V1.0.2,V1.0 ...) NOT-FOR-US: Juplink RX4-1500 CVE-2023-41029 (Command injection vulnerability in thehomemng.htm endpointinJuplink RX ...) NOT-FOR-US: Juplink RX4-1500 CVE-2023-41027 (Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplin ...) NOT-FOR-US: Juplink RX4-1500 CVE-2023-40989 (SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that a ...) NOT-FOR-US: jeecgboot jeecg-boot CVE-2023-38346 (An issue was discovered in Wind River VxWorks 6.9 and 7. The function ...) NOT-FOR-US: Wind River VxWorks CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an allocated bu ...) NOT-FOR-US: Delta Electronics CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerabl ...) NOT-FOR-US: WP-Matomo Integration (WP-Piwik) plugin for WordPress CVE-2023-4716 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2023-43784 (Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are ...) NOT-FOR-US: Plesk Onyx CVE-2023-43783 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasi ...) NOT-FOR-US: Cadence CVE-2023-43782 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop- ...) NOT-FOR-US: Cadence CVE-2023-43771 (In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets rec ...) NOT-FOR-US: nqptp CVE-2023-43767 (Certain WithSecure products allow Denial of Service via the aepack arc ...) NOT-FOR-US: WithSecure CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation via the l ...) NOT-FOR-US: WithSecure CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the aeelf compo ...) NOT-FOR-US: WithSecure CVE-2023-43764 REJECTED CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated parameter in ...) NOT-FOR-US: WithSecure CVE-2023-43762 (Certain WithSecure products allow Unauthenticated Remote Code Executio ...) NOT-FOR-US: WithSecure CVE-2023-43761 (Certain WithSecure products allow Denial of Service (infinite loop). T ...) NOT-FOR-US: WithSecure CVE-2023-43760 (Certain WithSecure products allow Denial of Service via a fuzzed PE32 ...) NOT-FOR-US: WithSecure CVE-2023-43128 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) NOT-FOR-US: D-Link CVE-2023-42261 (Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insec ...) NOT-FOR-US: Mobile Security Framework (MobSF) CVE-2023-41616 (A reflected cross-site scripting (XSS) vulnerability in the Search Stu ...) NOT-FOR-US: Student Management System CVE-2023-41614 (A stored cross-site scripting (XSS) vulnerability in the Add Animal De ...) NOT-FOR-US: Zoo Management System CVE-2023-38344 (An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A ...) NOT-FOR-US: Ivanti CVE-2023-38343 (An XXE (XML external entity injection) vulnerability exists in the CSE ...) NOT-FOR-US: Ivanti CVE-2023-31719 (FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.) NOT-FOR-US: FUXA CVE-2023-31718 (FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.) NOT-FOR-US: FUXA CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confid ...) NOT-FOR-US: FUXA CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa. ...) NOT-FOR-US: FUXA CVE-2023-5002 (A flaw was found in pgAdmin. This issue occurs when the pgAdmin server ...) - pgadmin4 (bug #834129) CVE-2023-3629 (A flaw was found in Infinispan's REST, Cache retrieval endpoints do no ...) NOT-FOR-US: Infinispan CVE-2023-3628 (A flaw was found in Infinispan's REST. Bulk read endpoints do not prop ...) NOT-FOR-US: Infinispan CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb prior to ...) NOT-FOR-US: nocodb CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a system call function usage ...) NOT-FOR-US: OpenHarmony CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to version 7.10, ...) NOT-FOR-US: EVE OS CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of PCRs is us ...) NOT-FOR-US: EVE OS CVE-2023-43633 (On boot, the Pillar eve container checks for the existence and content ...) NOT-FOR-US: EVE OS CVE-2023-43632 (As noted in the \u201cVTPM.md\u201d file in the eve documentation, \u2 ...) NOT-FOR-US: EVE OS CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and content ...) NOT-FOR-US: EVE OS CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in Webmin 2 ...) - webmin CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via th ...) NOT-FOR-US: Phpjabbers CVE-2023-43242 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43241 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...) NOT-FOR-US: D-Link CVE-2023-43240 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43239 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43238 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43237 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...) NOT-FOR-US: D-Link CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...) NOT-FOR-US: Node systeminformation CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...) NOT-FOR-US: Frappe Framework CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...) NOT-FOR-US: Hydra CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport protocol. Prior ...) - rust-quinn-proto 0.10.5-2 (bug #1052546) [bookworm] - rust-quinn-proto (Minor issue) NOTE: https://github.com/quinn-rs/quinn/pull/1667 NOTE: https://github.com/quinn-rs/quinn/pull/1668 NOTE: https://github.com/quinn-rs/quinn/pull/1669 NOTE: https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0063.html CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.) NOT-FOR-US: Samsung CVE-2023-42458 (Zope is an open-source web application server. Prior to versions 4.8.1 ...) NOT-FOR-US: Zope CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELE ...) NOT-FOR-US: plone.rest CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to ...) - rust-sudo-rs (Fixed with first upload to Debian in unstable) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0069.html NOTE: https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354 NOTE: https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d (v0.2.1) NOTE: https://www.openwall.com/lists/oss-security/2023/11/02/1 NOTE: https://ferrous-systems.com/blog/sudo-rs-audit/ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...) NOT-FOR-US: mee-admin CVE-2023-42279 (Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Dreamer CMS CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in m ...) {DSA-5527-1} - webkit2gtk 2.42.1-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.1-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...) NOT-FOR-US: plone.namedfile CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...) NOT-FOR-US: DataEase CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and ...) NOT-FOR-US: Prestashop opartplannedpopup CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop opartfaq th ...) NOT-FOR-US: PrestaShop opartfaq CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote ...) NOT-FOR-US: Eclipse RAP CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi CVE-2023-4152 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi CVE-2023-43669 (The Tungstenite crate before 0.20.1 for Rust allows remote attackers t ...) - rust-tungstenite 0.20.1-1 (bug #1052415) NOTE: https://github.com/snapview/tungstenite-rs/issues/376 NOTE: https://github.com/snapview/tungstenite-rs/commit/f916b332a97f78f4d54d942b9e008a1af57ff938 (v0.20.1) NOTE: https://github.com/snapview/tungstenite-rs/commit/2e5029284b8bef3e59df0c9d3920c0ed6c7da7a9 (v0.20.1) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0065.html NOTE: https://github.com/advisories/GHSA-9mcr-873m-xcxp CVE-2023-43135 (There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2 ...) NOT-FOR-US: TP-LINK CVE-2023-42322 (Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a r ...) NOT-FOR-US: icmsdev iCMS CVE-2023-42321 (Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.1 ...) NOT-FOR-US: icmsdev iCMS CVE-2023-39677 (MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop ...) NOT-FOR-US: MyPrestaModules Prestashop Module CVE-2023-39675 (SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain ...) NOT-FOR-US: Prestashop Module CVE-2023-39252 (Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic al ...) NOT-FOR-US: Dell CVE-2023-38876 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...) NOT-FOR-US: msaad1999's PHP-Login-System CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...) NOT-FOR-US: msaad1999's PHP-Login-System CVE-2023-37279 (Faktory is a language-agnostic persistent background job server. Prior ...) NOT-FOR-US: Faktory CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attac ...) - netbox (bug #1017079) CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, allows remot ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5080 CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 ...) NOT-FOR-US: PrestaShop opartsavecart CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) NOT-FOR-US: Hestia Control Panel CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...) NOT-FOR-US: D-Link CVE-2023-5042 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromi ...) NOT-FOR-US: EVE OS CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot solution imple ...) NOT-FOR-US: EVE OS CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201 ...) NOT-FOR-US: EVE OS CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) NOT-FOR-US: Jenkins plugin CVE-2023-43501 (A missing permission check in Jenkins Build Failure Analyzer Plugin 2. ...) NOT-FOR-US: Jenkins plugin CVE-2023-43500 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) NOT-FOR-US: Jenkins plugin CVE-2023-43499 (Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2023-43498 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) - jenkins CVE-2023-43497 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) - jenkins CVE-2023-43496 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary ...) - jenkins CVE-2023-43495 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the ...) - jenkins CVE-2023-43494 (Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414. ...) - jenkins CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), fi ...) NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra ...) NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_c ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vul ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) - hoteldruid 3.0.6-1 (bug #1052572) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) NOT-FOR-US: D-Link CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) NOT-FOR-US: D-Link CVE-2023-43204 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) NOT-FOR-US: D-Link CVE-2023-43203 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack ov ...) NOT-FOR-US: D-Link CVE-2023-43202 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) NOT-FOR-US: D-Link CVE-2023-43201 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) NOT-FOR-US: D-Link CVE-2023-43200 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) NOT-FOR-US: D-Link CVE-2023-43199 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) NOT-FOR-US: D-Link CVE-2023-43198 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) NOT-FOR-US: D-Link CVE-2023-43197 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) NOT-FOR-US: D-Link CVE-2023-43196 (D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack ove ...) NOT-FOR-US: D-Link CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) NOT-FOR-US: TP-Link CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) NOT-FOR-US: TP-Link CVE-2023-43134 (There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3 ...) NOT-FOR-US: Netis CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-42335 (Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and f ...) NOT-FOR-US: Fl3xx Dispatch CVE-2023-42334 (An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3x ...) NOT-FOR-US: Fl3xx Dispatch CVE-2023-42331 (A file upload vulnerability in EliteCMS v1.01 allows a remote attacker ...) NOT-FOR-US: EliteCMS CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sens ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...) NOT-FOR-US: CoreCode MacUpdater CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...) NOT-FOR-US: imgcat CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...) NOT-FOR-US: KostacKostac PLC Programming Software CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...) NOT-FOR-US: Kostac PLC Programming Software CVE-2023-40930 (An issue in the directory /system/bin/blkid of Skyworth v3.0 allows at ...) NOT-FOR-US: Skyworth CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...) {DLA-3644-1} - phppgadmin 7.14.7+dfsg-1 (bug #1053004) NOTE: https://github.com/phppgadmin/phppgadmin/issues/174 NOTE: https://github.com/hestiacp/phppgadmin/pull/4 CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...) NOT-FOR-US: OpenKnowledgeMaps Head Start CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged ...) NOT-FOR-US: IBM CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-39052 (An information leak in Earthgarden_waiting 13.6.1 allows attackers to ...) NOT-FOR-US: Earthgarden_waiting CVE-2023-39045 (An information leak in kokoroe_members card Line 13.6.1 allows attacke ...) NOT-FOR-US: kokoroe_members card Line CVE-2023-39044 (An information leak in ajino-Shiretoko Line v13.6.1 allows attackers t ...) NOT-FOR-US: ajino-Shiretoko Line CVE-2023-39041 (An information leak in KUKURUDELI Line v13.6.1 allows attackers to obt ...) NOT-FOR-US: KUKURUDELI Line CVE-2023-38718 (IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose ...) NOT-FOR-US: IBM CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a loc ...) NOT-FOR-US: IBM CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 a ...) NOT-FOR-US: Spring for GraphQL CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...) NOT-FOR-US: PaperCutNG CVE-2023-4504 (Due to failure in validating the length provided by an attacker-crafte ...) {DLA-3594-1} - cups 2.4.2-6 [bookworm] - cups 2.4.2-3+deb12u2 [bullseye] - cups 2.3.3op2-3+deb11u4 - libppd (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/09/20/3 NOTE: https://takeonme.org/cves/CVE-2023-4504.html NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 (v2.4.7) NOTE: Introduced after: https://github.com/OpenPrinting/libppd/commit/fae71641faa2d778e79245b788a90c0cd5d2cb4b (2.0b1) NOTE: Fixed by: https://github.com/OpenPrinting/libppd/commit/262c909ac5b8676d1c221584c5a760e5e83fae66 CVE-2023-4236 (A flaw in the networking code handling DNS-over-TLS queries may cause ...) - bind9 1:9.19.17-1 (bug #1052417) [bookworm] - bind9 1:9.18.19-1~deb12u1 [bullseye] - bind9 (Vulnerable code introduced later) [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2023-4236 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d (v9.18.19) CVE-2023-3341 (The code that processes control channel messages sent to `named` calls ...) {DSA-5504-1 DLA-3726-1} - bind9 1:9.19.17-1 (bug #1052416) NOTE: https://kb.isc.org/docs/cve-2023-3341 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19) NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71 (v9.16.44) CVE-2023-5063 (The Widget Responsive for Youtube plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete fix to a ...) NOT-FOR-US: Mitsubishi CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared secret, loca ...) - croc (bug #1017956) CVE-2023-43620 (An issue was discovered in Croc through 9.6.5. A sender may place ANSI ...) - croc (bug #1017956) CVE-2023-43619 (An issue was discovered in Croc through 9.6.5. A sender may send dange ...) - croc (bug #1017956) CVE-2023-43618 (An issue was discovered in Croc through 9.6.5. The protocol requires a ...) - croc (bug #1017956) CVE-2023-43617 (An issue was discovered in Croc through 9.6.5. When a custom shared se ...) - croc (bug #1017956) CVE-2023-43616 (An issue was discovered in Croc through 9.6.5. A sender can cause a re ...) - croc (bug #1017956) CVE-2023-40934 (A SQL injection vulnerability in Nagios XI 5.11.1 and below allows aut ...) NOT-FOR-US: Nagios XI CVE-2023-40933 (A SQL injection vulnerability in Nagios XI v5.11.1 and below allows au ...) NOT-FOR-US: Nagios XI CVE-2023-40932 (A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 ...) NOT-FOR-US: Nagios XI CVE-2023-40931 (A SQL injection vulnerability in Nagios XI from version 5.11.0 up to a ...) NOT-FOR-US: Nagios XI CVE-2023-39575 (A reflected cross-site scripting (XSS) vulnerability in the url_str UR ...) NOT-FOR-US: ISL ARP Guard CVE-2023-38888 (Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and be ...) - dolibarr CVE-2023-38887 (File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allo ...) - dolibarr CVE-2023-38886 (An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privi ...) - dolibarr CVE-2023-36319 (File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote ...) NOT-FOR-US: Openupload Stable CVE-2023-4376 (The Serial Codes Generator and Validator with WooCommerce Support Word ...) NOT-FOR-US: WordPress plugin CVE-2023-4096 (Weak password recovery mechanism vulnerability in Fujitsu Arconte \xc1 ...) NOT-FOR-US: Fujitsu CVE-2023-4095 (User enumeration vulnerability in Arconte \xc1urea 1.5.0.0 version. Th ...) NOT-FOR-US: Fujitsu CVE-2023-4094 (ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could a ...) NOT-FOR-US: Fujitsu CVE-2023-4093 (Reflected and persistent XSS vulnerability in Arconte \xc1urea, in its ...) NOT-FOR-US: Fujitsu CVE-2023-4092 (SQL injection vulnerability in Arconte \xc1urea, in its 1.5.0.0 versio ...) NOT-FOR-US: Fujitsu CVE-2023-43566 (In JetBrains TeamCity before 2023.05.4 stored XSS was possible during ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-42793 (In JetBrains TeamCity before 2023.05.4 authentication bypass leading t ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-42452 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-42451 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-42450 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-42447 (blurhash-rs is a pure Rust implementation of Blurhash, software for en ...) NOT-FOR-US: Rust crate blurhash CVE-2023-42444 (phonenumber is a library for parsing, formatting and validating intern ...) NOT-FOR-US: Rust crate phonenumber CVE-2023-41890 (Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, all ...) NOT-FOR-US: Sustainsys.Saml2 CVE-2023-41834 (Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Fl ...) NOT-FOR-US: Apache Flink CVE-2023-41387 (A SQL injection in the flutter_downloader component through 1.11.1 for ...) NOT-FOR-US: flutter_downloader CVE-2023-41179 (A vulnerability in the 3rd party AV uninstaller module contained in Tr ...) NOT-FOR-US: Trend Micro CVE-2023-3892 (Improper Restriction of XML External Entity Reference vulnerability in ...) NOT-FOR-US: MIM Assistant and Client DICOM RTst Loading modules CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure installation pr ...) NOT-FOR-US: MiniTool Power Data Recovery CVE-2023-38355 (MiniTool Movie Maker 7.0 contains an insecure installation process tha ...) NOT-FOR-US: MiniTool Movie Maker CVE-2023-38354 (MiniTool Shadow Maker version 4.1 contains an insecure installation pr ...) NOT-FOR-US: MiniTool Movie Maker CVE-2023-38353 (MiniTool Power Data Recovery version 11.6 and before contains an insec ...) NOT-FOR-US: MiniTool Power Data Recovery CVE-2023-38352 (MiniTool Partition Wizard 12.8 contains an insecure update mechanism t ...) NOT-FOR-US: MiniTool Partition Wizard CVE-2023-38351 (MiniTool Partition Wizard 12.8 contains an insecure installation mecha ...) NOT-FOR-US: MiniTool Partition Wizard CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian an ...) NOT-FOR-US: Nozomi Networks CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling vulnerability i ...) NOT-FOR-US: SUSE RKE2 CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link Following') vulne ...) NOT-FOR-US: config_postfix (SUSE specific script) CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard ...) NOT-FOR-US: Technicolor CVE-2023-2995 (The Leyka WordPress plugin before 3.30.4 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...) NOT-FOR-US: Nozomi Networks Guardian and CMC CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...) NOT-FOR-US: Nozomi Networks Guardian and CMC CVE-2023-4998 - gitlab 16.4.4+ds2-2 CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) NOT-FOR-US: LibreNMS CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...) NOT-FOR-US: WordPress plugin CVE-2023-5009 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-42454 (SQLpage is a SQL-only webapp builder. Someone using SQLpage versions p ...) NOT-FOR-US: SQLpage CVE-2023-42446 (Pow is a authentication and user management solution for Phoenix and P ...) NOT-FOR-US: Pow CVE-2023-42443 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2023-42441 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2023-42399 (Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0- ...) NOT-FOR-US: Jodit Editor CVE-2023-41599 (An issue in the component /common/DownController.java of JFinalCMS v5. ...) NOT-FOR-US: JFinalCMS CVE-2023-41443 (SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote atta ...) NOT-FOR-US: Novel-Plus CVE-2023-40788 (SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to ...) NOT-FOR-US: SpringBlade CVE-2023-39058 (An information leak in THE_B_members card v13.6.1 allows attackers to ...) NOT-FOR-US: THE_B_members CVE-2023-39056 (An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain ...) NOT-FOR-US: Coffee-jumbo CVE-2023-39049 (An information leak in youmart-tokunaga v13.6.1 allows attackers to ob ...) NOT-FOR-US: youmart-tokunaga CVE-2023-39046 (An information leak in TonTon-Tei_waiting Line v13.6.1 allows attacker ...) NOT-FOR-US: TonTon-Tei_waiting Line CVE-2023-39043 (An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows at ...) NOT-FOR-US: YKC Tokushima_awayokocho Line CVE-2023-39040 (An information leak in Cheese Cafe Line v13.6.1 allows attackers to ob ...) NOT-FOR-US: Cheese Cafe Line CVE-2023-39039 (An information leak in Camp Style Project Line v13.6.1 allows attacker ...) NOT-FOR-US: Camp Style Project Line CVE-2023-38582 (Persistent cross-site scripting (XSS) in the web application of MOD3GP ...) NOT-FOR-US: MODULYS GP CVE-2023-38255 (A potential attacker with or without (cookie theft) access to the devi ...) NOT-FOR-US: MODULYS GP CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a re ...) NOT-FOR-US: Neos CMS CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...) - ansible 9.4.0+dfsg-1 (bug #1055300) [bookworm] - ansible (Minor issue) [bullseye] - ansible (Minor issue) [buster] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979 NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv NOTE: https://github.com/ansible-collections/amazon.aws/pull/1704 NOTE: Fixed by: https://github.com/ansible-collections/amazon.aws/commit/1a077fb3a15241db8964dc086d3b15370bbd1e4a (7.0.0) CVE-2023-42754 (A NULL pointer dereference flaw was found in the Linux kernel ipv4 sta ...) {DLA-3710-1} - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/02/8 NOTE: https://git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3) CVE-2023-42753 (An array indexing vulnerability was found in the netfilter subsystem o ...) {DLA-3710-1 DLA-3623-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://www.openwall.com/lists/oss-security/2023/09/22/10 NOTE: https://git.kernel.org/linus/050d91c03b28ca479df13dfb02bcd2c60dd6a878 (6.6-rc1) CVE-2023-42752 (An integer overflow flaw was found in the Linux kernel. This issue lea ...) - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/09/18/3 NOTE: https://git.kernel.org/linus/915d975b2ffa58a14bfcf16fafe00c41315949ff (6.6-rc1) NOTE: https://git.kernel.org/linus/c3b704d4a4a265660e665df51b129e8425216ed1 (6.6-rc1) CVE-2023-42387 (An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a rem ...) NOT-FOR-US: TDSQL Chitu management platform CVE-2023-42371 (Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0. ...) NOT-FOR-US: Summernote Rich Text Editor CVE-2023-42359 (SQL injection vulnerability in Exam Form Submission in PHP with Source ...) NOT-FOR-US: Exam Form Submission in PHP with Source Code CVE-2023-42328 (An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remo ...) NOT-FOR-US: PeppermintLabs Peppermint CVE-2023-42320 (Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.1 ...) NOT-FOR-US: Tenda CVE-2023-42253 (Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Code-Projects Vehicle Management CVE-2023-41965 (Sending some requests in the web application of the vulnerable device ...) NOT-FOR-US: MODULYS GP CVE-2023-41929 (A DLL hijacking vulnerability in Samsung Memory Card & UFD Authenticat ...) NOT-FOR-US: Samsung CVE-2023-41595 (An issue in xui-xray v1.8.3 allows attackers to obtain sensitive infor ...) NOT-FOR-US: xui-xray CVE-2023-41084 (Session management within the web application is incorrect and allows ...) NOT-FOR-US: MODULYS GP CVE-2023-41030 (Hard-coded credentials inJuplink RX4-1500 versions V1.0.2 through V1.0 ...) NOT-FOR-US: Juplink RX4-1500 CVE-2023-40221 (The absence of filters when loading some sections in the web applicati ...) NOT-FOR-US: MODULYS GP CVE-2023-39452 (The web application that owns the device clearly stores the credential ...) NOT-FOR-US: MODULYS GP CVE-2023-39446 (Thanks to the weaknesses that the web application has at the user mana ...) NOT-FOR-US: MODULYS GP CVE-2023-34999 (A command injection vulnerability exists in RTS VLink Virtual Matrix S ...) NOT-FOR-US: RTS VLink Virtual Matrix Software CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyd ...) NOT-FOR-US: Insyde InsydeH2O CVE-2023-33831 (A remote command execution (RCE) vulnerability in the /api/runscript e ...) NOT-FOR-US: FUXA CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling vulnerability ...) NOT-FOR-US: SUSE k3s CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1) CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ...) {DLA-3577-1} - roundcube 1.6.3+dfsg-1 (bug #1052059) [bookworm] - roundcube 1.6.3+dfsg-1~deb12u1 [bullseye] - roundcube 1.4.14+dfsg.1-1~deb11u1 NOTE: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b (1.6.3) CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: Memos CVE-2023-5034 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester My Food Recipe CVE-2023-5033 (A vulnerability classified as critical has been found in OpenRapid Rap ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5032 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rat ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5031 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been dec ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-5030 (A vulnerability has been found in Tongda OA up to 11.10 and classified ...) NOT-FOR-US: Tongda OA CVE-2023-5029 (A vulnerability, which was classified as critical, was found in mccms ...) NOT-FOR-US: mccms CVE-2023-43115 (In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead ...) - ghostscript 10.02.0~dfsg-1 [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u2 [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u6 [buster] - ghostscript (Minor issue; documented risks, have done refactoring in later versions) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707051 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe (ghostpdl-10.02.0rc2) CVE-2023-43114 (An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6 ...) - qt6-base (Windows-specific) - qtbase-opensource-src-gles (Windows-specific) - qtbase-opensource-src (Windows-specific) - qt4-x11 (Windows-specific) CVE-2023-42526 (Certain WithSecure products allow a remote crash of a scanning engine ...) NOT-FOR-US: WithSecure CVE-2023-42525 (Certain WithSecure products allow an infinite loop in a scanning engin ...) NOT-FOR-US: WithSecure CVE-2023-42524 (Certain WithSecure products allow an infinite loop in a scanning engin ...) NOT-FOR-US: WithSecure CVE-2023-42523 (Certain WithSecure products allow a remote crash of a scanning engine ...) NOT-FOR-US: WithSecure CVE-2023-42522 (Certain WithSecure products allow a remote crash of a scanning engine ...) NOT-FOR-US: WithSecure CVE-2023-42521 (Certain WithSecure products allow a remote crash of a scanning engine ...) NOT-FOR-US: WithSecure CVE-2023-42520 (Certain WithSecure products allow a remote crash of a scanning engine ...) NOT-FOR-US: WithSecure CVE-2023-41349 (ASUS router RT-AX88U has a vulnerability of using externally controlla ...) NOT-FOR-US: ASUS CVE-2023-35851 (SUNNET WMPro portal's FAQ function has insufficient validation for use ...) NOT-FOR-US: SUNNET WMPro CVE-2023-35850 (SUNNET WMPro portal's file management function has a vulnerability of ...) NOT-FOR-US: SUNNET WMPro CVE-2023-5028 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: China Unicom TEWA-800G CVE-2023-5027 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple Membership System CVE-2023-5026 (A vulnerability classified as problematic has been found in Tongda OA ...) NOT-FOR-US: Tongda OA CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been declared ...) NOT-FOR-US: KOHA CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been classified a ...) NOT-FOR-US: Planno CVE-2023-5023 (A vulnerability was found in Tongda OA 2017 and classified as critical ...) NOT-FOR-US: Tongda OA CVE-2023-5022 (A vulnerability has been found in DedeCMS up to 5.7.100 and classified ...) NOT-FOR-US: DedeCMS CVE-2023-5021 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-5020 (A vulnerability, which was classified as critical, has been found in 0 ...) NOT-FOR-US: 07FLY CRM CVE-2023-5019 (A vulnerability classified as critical was found in Tongda OA. This vu ...) NOT-FOR-US: Tongda OA CVE-2023-5018 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been rated as c ...) NOT-FOR-US: lmxcms CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has been decl ...) NOT-FOR-US: spider-flow CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified as pro ...) NOT-FOR-US: UCMS CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and ...) NOT-FOR-US: Sakshi2610 Food Ordering Website CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and classified as p ...) NOT-FOR-US: Pluck CMS CVE-2023-5012 (A vulnerability, which was classified as problematic, was found in Top ...) NOT-FOR-US: Topaz OFD CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earl ...) NOT-FOR-US: Revive Adserver CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to Server- ...) NOT-FOR-US: Dropbox Folder Share plugin for WordPress CVE-2023-43091 [Code injection via service.json file] - gnome-maps 45~rc-1 [bookworm] - gnome-maps (Minor issue) [bullseye] - gnome-maps (Vulnerable code not present) [buster] - gnome-maps (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588 NOTE: Introduced with merge: https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea (v45.rc) CVE-2023-43090 (A vulnerability was found in GNOME Shell. GNOME Shell's lock screen al ...) {DSA-5501-1} - gnome-shell 44.5-1 (bug #1052067) [bullseye] - gnome-shell (Vulnerable code introduced in 42.beta) [buster] - gnome-shell (Vulnerable code introduced in 42.beta) NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1 NOTE: Introduced around: https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for WordPre ...) NOT-FOR-US: Horizontal scrolling announcement for WordPress plugin for WordPress CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to ...) NOT-FOR-US: Allow PHP in Posts and Pages plugin for WordPress CVE-2023-42442 (JumpServer is an open source bastion host and a professional operation ...) NOT-FOR-US: JumpServer CVE-2023-42439 (GeoNode is an open source platform that facilitates the creation, shar ...) NOT-FOR-US: GeoNode CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attack ...) NOT-FOR-US: NETIS SYSTEMS WF2409Ev4 CVE-2023-41901 REJECTED CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...) {DSA-5507-1} - jetty9 9.4.52-1 [buster] - jetty9 (The vulnerable code was introduced in 9.4.21) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 NOTE: https://github.com/eclipse/jetty.project/pull/9528 (10.0.16, 11.0.16) NOTE: https://github.com/eclipse/jetty.project/pull/9660 (9.4.52) CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Gradio CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local at ...) NOT-FOR-US: CSZCMS CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) NOT-FOR-US: Usermin CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin Control Panel ...) NOT-FOR-US: vBulletin CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23 ...) NOT-FOR-US: FileBrowser CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_S ...) NOT-FOR-US: Qubo CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...) NOT-FOR-US: NextBX QWAlerter CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...) NOT-FOR-US: Bettershop LaikeTui CVE-2023-4987 (A vulnerability, which was classified as critical, has been found in i ...) NOT-FOR-US: infinitietech taskhub CVE-2023-4986 (A vulnerability classified as problematic was found in Supcon InPlant ...) NOT-FOR-US: Supcon InPlant SCADA CVE-2023-4985 (A vulnerability classified as critical has been found in Supcon InPlan ...) NOT-FOR-US: Supcon InPlant SCADA CVE-2023-4984 (A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has bee ...) NOT-FOR-US: didi KnowSearch CVE-2023-4983 (A vulnerability was found in app1pro Shopicial up to 20230830. It has ...) NOT-FOR-US: app1pro Shopicial CVE-2023-4982 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2023-4981 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) NOT-FOR-US: LibreNMS CVE-2023-4980 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) NOT-FOR-US: LibreNMS CVE-2023-4979 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) NOT-FOR-US: LibreNMS CVE-2023-4978 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) NOT-FOR-US: LibreNMS CVE-2023-4977 (Code Injection in GitHub repository librenms/librenms prior to 23.9.0.) NOT-FOR-US: LibreNMS CVE-2023-4974 (A vulnerability was found in Academy LMS 6.2. It has been rated as cri ...) NOT-FOR-US: Academy LMS CVE-2023-4973 (A vulnerability was found in Academy LMS 6.2 on Windows. It has been d ...) NOT-FOR-US: Academy LMS CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for WordPress is ...) NOT-FOR-US: WS Facebook Like Box Widget for WordPress plugin for WordPress CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF) attacks fo ...) NOT-FOR-US: Quay CVE-2023-4956 (A flaw was found in Quay. Clickjacking is when an attacker uses multip ...) NOT-FOR-US: Quay CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: CF Software Oil Management Software CVE-2023-4833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Besttem Network Marketing Software CVE-2023-4831 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ncode Ncep CVE-2023-4830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Tura Signalix CVE-2023-4680 (HashiCorp Vault and Vault Enterprise transit secrets engine allowed au ...) NOT-FOR-US: HashiCorp Vault CVE-2023-4673 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Sanalogy Turasistan CVE-2023-4670 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Innosa Probbys CVE-2023-4665 (Incorrect Execution-Assigned Permissions vulnerability in Saphira Saph ...) NOT-FOR-US: Saphira Saphira Connect CVE-2023-4664 (Incorrect Default Permissions vulnerability in Saphira Saphira Connect ...) NOT-FOR-US: Saphira Saphira Connect CVE-2023-4663 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: Saphira Saphira Connect CVE-2023-4662 (Execution with Unnecessary Privileges vulnerability in Saphira Saphira ...) NOT-FOR-US: Saphira Saphira Connect CVE-2023-4661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Saphira Saphira Connect CVE-2023-4231 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Cevik Informatics Online Payment System CVE-2023-42405 (SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attac ...) NOT-FOR-US: FIT2CLOUD RackShift CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary ...) NOT-FOR-US: zzCMS CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allow ...) NOT-FOR-US: Teller Web App CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: Grocy CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHI ...) NOT-FOR-US: SHIRASAGI CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working with messy ...) - openrefine 3.7.5-1 [bookworm] - openrefine 3.6.2-2+deb12u2 NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5 NOTE: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 (3.7.5) CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working with messy ...) - openrefine 3.7.5-1 [bookworm] - openrefine 3.6.2-2+deb12u2 NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m NOTE: https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d (master) NOTE: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 (3.7.5) CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions fr ...) NOT-FOR-US: Wasmtime CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site ...) NOT-FOR-US: Froala Editor CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...) - optee-os (Fixed before initial upload) NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm NOTE: https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) NOT-FOR-US: Usermin CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...) NOT-FOR-US: Usermin CVE-2023-41156 (A Stored Cross-Site Scripting (XSS) vulnerability in the filter and fo ...) NOT-FOR-US: Usermin CVE-2023-41043 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-41042 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-40986 (A stored cross-site scripting (XSS) vulnerability in the Usermin Confi ...) - webmin CVE-2023-40985 (An issue was discovered in Webmin 2.100. The File Manager functionalit ...) - webmin CVE-2023-40984 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...) - webmin CVE-2023-40983 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...) - webmin CVE-2023-40982 (A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 all ...) - webmin CVE-2023-40958 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) CVE-2023-40957 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) CVE-2023-40956 (A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 ...) NOT-FOR-US: Cloudroits Website Job Search CVE-2023-40955 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) CVE-2023-40869 (Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1 ...) NOT-FOR-US: mooSocial CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial Softwa ...) NOT-FOR-US: mooSocial CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...) {DSA-5507-1 DLA-3592-1} - jetty9 9.4.52-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 NOTE: https://github.com/eclipse/jetty.project/pull/10329 NOTE: https://github.com/eclipse/jetty.project/commit/e4d596eafc887bcd813ae6e28295b5ce327def47 CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) CVE-2023-3891 (Race condition in Lapce v0.2.8 allows an attacker to elevate privilege ...) NOT-FOR-US: Lapce CVE-2023-3378 REJECTED CVE-2023-39643 (Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL inje ...) NOT-FOR-US: Bl Modules xmlfeeds CVE-2023-39642 (Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL inje ...) NOT-FOR-US: Carts Guru cartsguru CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was discovered to contain a SQ ...) NOT-FOR-US: Active Design psaffiliate CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injectio ...) NOT-FOR-US: LeoTheme leoblog CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain ...) NOT-FOR-US: D-Link CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script v.3.6 all ...) NOT-FOR-US: Super Store Finder PHP Script CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote auth ...) NOT-FOR-US: Vtiger CRM CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-38507 (Strapi is the an open-source headless content management system. Prior ...) NOT-FOR-US: Strapi CVE-2023-37459 (Contiki-NG is an operating system for internet-of-things devices. In v ...) NOT-FOR-US: Contiki-NG CVE-2023-37281 (Contiki-NG is an operating system for internet-of-things devices. In v ...) NOT-FOR-US: Contiki-NG CVE-2023-37263 (Strapi is the an open-source headless content management system. Prior ...) NOT-FOR-US: Strapi CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long ...) NOT-FOR-US: OPSWAT MetaDefender KIOSK CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It ha ...) NOT-FOR-US: OPSWAT MetaDefender KIOSK CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...) NOT-FOR-US: OPSWAT MetaDefender KIOSK CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...) {DSA-5507-1 DLA-3592-1} - jetty9 9.4.52-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j NOTE: https://github.com/eclipse/jetty.project/pull/9888 NOTE: Jetty 9.x, 10.x, and 11.x the org.eclipse.jetty.servlets.CGI has been deprecated NOTE: and in Jetty 12 entirely removed. CVE-2023-36472 (Strapi is an open-source headless content management system. Prior to ...) NOT-FOR-US: Strapi CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow ...) NOT-FOR-US: Dell CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that some s ...) NOT-FOR-US: StackRox CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...) NOT-FOR-US: Yepas Digital Yepas CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated as probl ...) - phpipam (bug #731713) CVE-2023-4951 (A cross site scripting issue was discovered with the pagination functi ...) NOT-FOR-US: GreenRADIUS web admin interface CVE-2023-4832 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Aceka Company Management CVE-2023-4766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Movus CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) NOT-FOR-US: Yepas Digital Yepas CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Yordam MedasPro CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability in Exaga ...) NOT-FOR-US: Exagate SYSGuard 3001 CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2023-42180 (An arbitrary file upload vulnerability in the /user/upload component o ...) NOT-FOR-US: lenosp CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query mo ...) NOT-FOR-US: lenosp CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.1 ...) NOT-FOR-US: Time to SLA plugin CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications China M ...) NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communicat ...) NOT-FOR-US: China Telecom Tianyi Home Gateway CVE-2023-40779 (An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remo ...) NOT-FOR-US: IceWarp CVE-2023-39286 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) NOT-FOR-US: Mitel CVE-2023-39285 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) NOT-FOR-US: Mitel CVE-2023-38558 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...) NOT-FOR-US: Siemens CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All versions ...) NOT-FOR-US: Siemens CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ weak passw ...) NOT-FOR-US: I-doit pro CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configured wi ...) NOT-FOR-US: I-doit pro CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...) NOT-FOR-US: I-doit pro CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...) - hamster-time-tracker (unimportant; bug #1059296) NOTE: https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md NOTE: https://github.com/projecthamster/hamster/issues/750 NOTE: No security impact, responsibility lies within application opening the NOTE: resultulting TSV file CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...) NOT-FOR-US: Movim CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...) NOT-FOR-US: WooCommerce CVR Payment Gateway plugin for WordPress CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Booster for WooCommerce plugin for WordPress CVE-2023-4944 (The Awesome Weather Widget for WordPress plugin for WordPress is vulne ...) NOT-FOR-US: Awesome Weather Widget for WordPress plugin for WordPress CVE-2023-4841 (The Feeds for YouTube for WordPress plugin for WordPress is vulnerable ...) NOT-FOR-US: Feeds for YouTube for WordPress plugin for WordPress CVE-2023-4814 (A Privilege escalation vulnerability exists in Trellix Windows DLP end ...) NOT-FOR-US: Trellix CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run by de ...) NOT-FOR-US: PaperCut CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...) - libcommons-compress-java 1.24.0-1 (bug #1052065) [bookworm] - libcommons-compress-java (Minor issue) [bullseye] - libcommons-compress-java (Vulnerable code introduced later) [buster] - libcommons-compress-java (Vulnerable code introduced later) NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c NOTE: Introduced due: https://issues.apache.org/jira/browse/COMPRESS-612 (1.22) CVE-2023-41267 (In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a docume ...) NOT-FOR-US: Apache Airflow HDFS Provider CVE-2023-41162 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...) NOT-FOR-US: Usermin CVE-2023-41158 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...) NOT-FOR-US: Usermin CVE-2023-41155 (A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwardi ...) - webmin CVE-2023-41154 (A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cro ...) NOT-FOR-US: Usermin CVE-2023-41152 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...) NOT-FOR-US: Usermin CVE-2023-40617 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...) NOT-FOR-US: OpenKnowledgeMaps Head Start CVE-2023-38206 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-4910 (A flaw was found In 3Scale Admin Portal. If a user logs out from the p ...) NOT-FOR-US: 3scale-admin-portal CVE-2023-38039 (When curl retrieves an HTTP response, it stores the incoming headers s ...) - curl 8.3.0-1 [bookworm] - curl 7.88.1-10+deb12u3 [bullseye] - curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/09/13/1 NOTE: https://curl.se/docs/CVE-2023-38039.html NOTE: Introduced by: https://github.com/curl/curl/commit/7c8c723682d524ac9580b9ca3b71419163cb5660 (curl-7_83_0) NOTE: Experimental tag removed in: https://github.com/curl/curl/commit/4d94fac9f0d1dd02b8308291e4c47651142dc28b (curl-7_84_0) NOTE: Fixed by: https://github.com/curl/curl/commit/3ee79c1674fd6f99e8efca52cd7510e08b766770 (curl-8_3_0) CVE-2023-4828 (An improper check for an exceptional condition in the Insider Threat M ...) NOT-FOR-US: Insider Threat Management (ITM) Server CVE-2023-4803 (A reflected cross-site scripting vulnerability in the WriteWindowTitle ...) NOT-FOR-US: Insider Threat Management (ITM) Server CVE-2023-4802 (A reflected cross-site scripting vulnerability in the UpdateInstalledS ...) NOT-FOR-US: Insider Threat Management (ITM) Server CVE-2023-4801 (An improper certification validation vulnerability in the Insider Thre ...) NOT-FOR-US: Insider Threat Management (ITM) Server CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC starting ver ...) - grpc (bug #1059281) [bookworm] - grpc (Minor issue) [bullseye] - grpc (Minor issue) [buster] - grpc (Minor issue) NOTE: https://github.com/grpc/grpc/pull/33656 NOTE: https://github.com/grpc/grpc/pull/33667 NOTE: https://github.com/grpc/grpc/pull/33669 NOTE: https://github.com/grpc/grpc/pull/33670 NOTE: https://github.com/grpc/grpc/pull/33672 CVE-2023-4701 REJECTED CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through 1.0.1 for ...) NOT-FOR-US: com.full.dialer.top.secure.encrypted application CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for Android ...) NOT-FOR-US: com.cutestudio.colordialer application CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This is a hi ...) NOT-FOR-US: Craft CMS CVE-2023-41081 (Important: Authentication Bypass CVE-2023-41081 The mod_jk component ...) {DLA-3580-1} - libapache-mod-jk 1:1.2.49-1 (bug #1051956) [bookworm] - libapache-mod-jk 1:1.2.48-2+deb12u1 [bullseye] - libapache-mod-jk 1:1.2.48-1+deb11u1 NOTE: https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b NOTE: http://www.openwall.com/lists/oss-security/2023/09/13/2 NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49 NOTE: https://github.com/apache/tomcat-connectors/commit/0095b6cb84f41313ee4c0364b49c766168790792 CVE-2023-40850 (netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There ...) NOT-FOR-US: netentsec NS-ASG CVE-2023-40717 (A use of hard-coded credentials vulnerability [CWE-798] inFortiTester2 ...) NOT-FOR-US: FortiGuard CVE-2023-40715 (A cleartext storage of sensitive information vulnerability [CWE-312] i ...) NOT-FOR-US: FortiGuard CVE-2023-3935 (A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network ...) NOT-FOR-US: Wibu CodeMeter Runtime CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork C ...) NOT-FOR-US: 3ds CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) NOT-FOR-US: Palo Alto Networks CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API of Webk ...) {DSA-5527-1} - webkit2gtk 2.42.0-1 [buster] - webkit2gtk (EOL in buster LTS) - wpewebkit 2.42.0-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0009.html CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains ...) - routinator (bug #929024) CVE-2023-39915 (NLnet Labs\u2019 Routinator up to and including version 0.12.1 may cra ...) - routinator (bug #929024) CVE-2023-39914 (NLnet Labs\u2019 bcder library up to and including version 0.7.2 panic ...) - rust-bcder 0.7.3-1 (bug #1052176) [bookworm] - rust-bcder (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0062.html NOTE: https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt NOTE: https://github.com/NLnetLabs/bcder/pull/74 CVE-2023-38215 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-38214 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...) NOT-FOR-US: Adobe CVE-2023-36642 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2023-36638 (An improper privilege management vulnerability [CWE-269] in FortiManag ...) NOT-FOR-US: FortiGuard CVE-2023-36634 (An incomplete filtering of one or more instances of special elements v ...) NOT-FOR-US: FortiGuard CVE-2023-36551 (A exposure of sensitive information to an unauthorized actor in Fortin ...) NOT-FOR-US: FortiGuard CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2. ...) NOT-FOR-US: FortiGuard CVE-2023-4039 (**DISPUTED**A failure in the -fstack-protector feature in GCC-based to ...) - gcc-13 13.2.0-4 - gcc-12 12.3.0-9 [bookworm] - gcc-12 (Minor issue) - gcc-11 11.4.0-4 [bookworm] - gcc-11 (Minor issue) - gcc-10 10.5.0-3 [bullseye] - gcc-10 (Minor issue) - gcc-9 9.5.0-6 [bullseye] - gcc-9 (Minor issue) - gcc-8 [buster] - gcc-8 (Minor issue) - gcc-7 [buster] - gcc-7 (Minor issue) NOTE: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf CVE-2023-4928 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.) NOT-FOR-US: icms2 CVE-2023-4917 (The Leyka plugin for WordPress is vulnerable to Sensitive Information ...) NOT-FOR-US: Leyka plugin for WordPress CVE-2023-4916 (The Login with phone number plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: Login with phone number plugin for WordPress CVE-2023-4915 (The WP User Control plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WP User Control plugin for WordPress CVE-2023-4400 (A password management vulnerability in Skyhigh Secure Web Gateway (SWG ...) NOT-FOR-US: Skyhigh Secure Web Gateway (SWG) CVE-2023-4213 (The Simplr Registration Form Plus+ plugin for WordPress is vulnerable ...) NOT-FOR-US: Simplr Registration Form Plus+ plugin for WordPress CVE-2023-4153 (The BAN Users plugin for WordPress is vulnerable to privilege escalati ...) NOT-FOR-US: BAN Users plugin for WordPress CVE-2023-41423 (Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 a ...) NOT-FOR-US: WP Githuber MD plugin CVE-2023-39073 (An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arb ...) NOT-FOR-US: SNMP Web Pro CVE-2023-3867 [ksmbd: add missing compound request handing in some commands] - linux 6.4.11-1 [bookworm] - linux 6.1.52-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-981/ NOTE: https://git.kernel.org/linus/7b7d709ef7cf285309157fb94c33f625dd22c5e1 (6.5-rc1) CVE-2023-3866 [ksmbd: validate session id and tree id in the compound request] - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-979/ NOTE: https://git.kernel.org/linus/5005bcb4219156f1bf7587b185080ec1da08518e (6.4) CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write] - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/ NOTE: https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4) CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...) - glibc 2.36-3 [bullseye] - glibc (Minor issue) [buster] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36) CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...) - glibc 2.37-10 [bookworm] - glibc 2.36-9+deb12u3 [bullseye] - glibc (Minor issue) [buster] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994 NOTE: When fixing this issue in older releases make sure to not open CVE-2023-5156. NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0003 CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...) - glibc 2.37-9 (bug #1051958) [bookworm] - glibc 2.36-9+deb12u3 [bullseye] - glibc (Vulnerable code not present) [buster] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30842 NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f282cdbe7f436c75864e5640a409a10485e9abb2 (glibc-2.36) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f (release/2.36/master branch) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7529346025a130fee483d42178b5c118da971bb (release/2.37/master branch) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch) NOTE: https://www.openwall.com/lists/oss-security/2023/09/25/1 NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0002 CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...) {DLA-3710-1 DLA-3623-1} - linux 6.5.6-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://kernel.dance/#8fc134fee27f2263988ae38920bc03da416b03d8 NOTE: https://git.kernel.org/linus/8fc134fee27f2263988ae38920bc03da416b03d8 (6.6-rc1) CVE-2023-4918 (A flaw was found in the Keycloak package, more specifically org.keyclo ...) NOT-FOR-US: Keycloak CVE-2023-4914 (Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7 ...) NOT-FOR-US: cecil.app CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/c ...) NOT-FOR-US: cecil.app CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, al ...) - jgit 6.7.0-1 (bug #1055853) [bookworm] - jgit (Minor issue) [bullseye] - jgit (Minor issue) [buster] - jgit (Minor issue. Only case-insensitive filesystems are affected) NOTE: https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r) NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 CVE-2023-4501 (User authentication with username and password credentials is ineffect ...) NOT-FOR-US: Micro Focus CVE-2023-41885 (Piccolo is an ORM and query builder which supports asyncio. In version ...) NOT-FOR-US: Piccolo CVE-2023-41846 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-41764 (Microsoft Office Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-41331 (SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerab ...) NOT-FOR-US: SOFARPC CVE-2023-41036 (Macvim is a text editor for MacOS. Prior to version 178, Macvim makes ...) NOT-FOR-US: Macvim CVE-2023-41033 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-41032 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-41013 (Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allow ...) NOT-FOR-US: IceWarp CVE-2023-40834 (OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on ...) NOT-FOR-US: OpenCart CVE-2023-40784 (DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modul ...) NOT-FOR-US: DedeCMS CVE-2023-40732 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40731 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40730 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40729 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40728 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40727 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40726 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40725 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40724 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: Siemens CVE-2023-40712 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-40611 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-40218 (An issue was discovered in the NPU kernel driver in Samsung Exynos Mob ...) NOT-FOR-US: Samsung CVE-2023-3712 (Files or Directories Accessible to External Parties vulnerability in H ...) NOT-FOR-US: Honeywell CVE-2023-3711 (Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Print ...) NOT-FOR-US: Honeywell CVE-2023-3710 (Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, A ...) NOT-FOR-US: Honeywell CVE-2023-39637 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injecti ...) NOT-FOR-US: D-Link CVE-2023-39215 (Improper authentication in Zoom clients may allow an authenticated use ...) NOT-FOR-US: Zoom CVE-2023-39208 (Improper input validation in Zoom Desktop Client for Linux before vers ...) NOT-FOR-US: Zoom CVE-2023-39201 (Untrusted search path in CleanZoom before file date 07/24/2023 may all ...) NOT-FOR-US: Zoom CVE-2023-39150 (ConEmu before commit 230724 does not sanitize title responses correctl ...) NOT-FOR-US: ConEmu CVE-2023-38164 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-38163 (Windows Defender Attack Surface Reduction Security Feature Bypass) NOT-FOR-US: Microsoft CVE-2023-38162 (DHCP Server Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38161 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38160 (Windows TCP/IP Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38156 (Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2023-38155 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38152 (DHCP Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38150 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38149 (Windows TCP/IP Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38148 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38147 (Windows Miracast Wireless Display Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38146 (Windows Themes Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38144 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-38143 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-38142 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38141 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38140 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38139 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38076 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38075 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38074 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38073 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38072 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38071 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-38070 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) NOT-FOR-US: Siemens CVE-2023-37881 (Weak access control in Wing FTP Server (Admin Web Client) allows for p ...) NOT-FOR-US: Wing FTP Server CVE-2023-37879 (Insecure storage of sensitive information in Wing FTP Server (User Web ...) NOT-FOR-US: Wing FTP Server CVE-2023-37878 (Insecure default permissions in Wing FTP Server (Admin Web Client) all ...) NOT-FOR-US: Wing FTP Server CVE-2023-37875 (Improper encoding or escaping of output in Wing FTP Server (User Web C ...) NOT-FOR-US: Wing FTP Server CVE-2023-36886 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-36805 (Windows MSHTML Platform Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36804 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36803 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36802 (Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36801 (DHCP Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36800 (Dynamics Finance and Operations Cross-site Scripting Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36799 (.NET Core and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36796 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36794 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36793 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36792 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36788 (.NET Framework Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-36777 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36773 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36772 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36771 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36770 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36767 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36766 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36765 (Microsoft Office Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36764 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36763 (Microsoft Outlook Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36762 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36761 (Microsoft Word Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36760 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36759 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36758 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36757 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36756 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36745 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36744 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36742 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36740 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36739 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36736 (Microsoft Identity Linux Broker Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35355 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-34470 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) NOT-FOR-US: AMI AptioV CVE-2023-34469 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) NOT-FOR-US: AMI AptioV CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-XXXX [receiving with Lightning: partial MPP might be accepted] - electrum 4.4.6+dfsg-1 (bug #1052200) [bookworm] - electrum 4.3.4+dfsg1-1+deb12u1 [bullseye] - electrum (Vulnerable code introduced in 4.1.0 release) NOTE: https://github.com/spesmilo/electrum/security/advisories/GHSA-8r85-vp7r-hjxf NOTE: https://github.com/spesmilo/electrum/issues/8588 NOTE: https://github.com/spesmilo/electrum/commit/11fba68126f82d05de90efd67f2b43dfd1b8f22c CVE-2023-31417 (Elasticsearch generally filters out sensitive information and credenti ...) - elasticsearch CVE-2023-XXXX [RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer] - rust-users (bug #1051808) [bookworm] - rust-users (Minor issue) [bullseye] - rust-users (Minor issue) [buster] - rust-users (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0059.html NOTE: https://github.com/ogham/rust-users/issues/55 NOTE: Proposed patch: https://github.com/dhruvkb/rust-users/commit/e6ba8a88e0127f0d17ddd99f80f85d2c1722b227 CVE-2023-XXXX [RUSTSEC-2023-0058: Exposes reference to non-Sync data to an arbitrary thread] - rust-inventory (Fixed before initial upload to the archive) NOTE: https://github.com/dtolnay/inventory/commit/762b5ce107a9f0d80121e614cad2d33c89c88584 (0.2.0) NOTE: https://github.com/dtolnay/inventory/pull/42 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0058.html CVE-2023-XXXX [RUSTSEC-2023-0057: Fails to prohibit standard library access prior to initialization of Rust standard library runtime] - rust-inventory (Fixed before initial upload to the archive) NOTE: https://github.com/dtolnay/inventory/commit/b499293ff75e4f65e8cdcb50280a9247d8df814a (0.2.0) NOTE: https://github.com/dtolnay/inventory/pull/43 NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0057.html CVE-2023-4899 (SQL Injection in GitHub repository mintplex-labs/anything-llm prior to ...) NOT-FOR-US: anything-llm CVE-2023-4898 (Authentication Bypass by Primary Weakness in GitHub repository mintple ...) NOT-FOR-US: anything-llm CVE-2023-4897 (Relative Path Traversal in GitHub repository mintplex-labs/anything-ll ...) NOT-FOR-US: anything-llm CVE-2023-4893 (The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Se ...) NOT-FOR-US: Crayon Syntax Highlighter plugin for WordPress CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPress is ...) NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for WordPress CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress ...) NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome prior t ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on Android pr ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google Chrome on ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 117.0. ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) {DSA-5499-1} - chromium 117.0.5938.62-1 [buster] - chromium (see DSA 5046) CVE-2023-4863 (Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.1 ...) {DSA-5497-2 DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3570-1 DLA-3569-1 DLA-3568-1} - chromium 117.0.5938.62-1 (unimportant) [buster] - chromium (see DSA 5046) - firefox 117.0.1-1 - firefox-esr 115.2.1esr-1 - thunderbird 1:115.2.2-1 - libwebp 1.2.4-0.3 (bug #1051787) NOTE: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html NOTE: src:chromium builds against the system libwebp library NOTE: Fixed by: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/ NOTE: Followup: https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/#CVE-2023-4863 CVE-2023-4840 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) NOT-FOR-US: MapPress Maps for WordPress plugin for WordPress CVE-2023-42472 (Due to insufficient file type validation, SAP BusinessObjectsBusiness ...) NOT-FOR-US: SAP CVE-2023-41990 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-41879 (Magento LTS is the official OpenMage LTS codebase. Guest orders may be ...) NOT-FOR-US: Magento LTS / OpenMage LTS CVE-2023-41369 (The Create Single Payment application of SAP S/4HANA- versions 100, 10 ...) NOT-FOR-US: SAP CVE-2023-41368 (The OData service of the S4 HANA (Manage checkbook apps) - versions 10 ...) NOT-FOR-US: SAP CVE-2023-41367 (Due to missing authentication check in webdynpro application, an unaut ...) NOT-FOR-US: SAP CVE-2023-40625 (S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, ...) NOT-FOR-US: SAP CVE-2023-40624 (SAP NetWeaver AS ABAP (applications based on Unified Rendering)- versi ...) NOT-FOR-US: SAP CVE-2023-40623 (SAP BusinessObjects SuiteInstaller - version 420, 430, allows an attac ...) NOT-FOR-US: SAP CVE-2023-40622 (SAP BusinessObjects Business Intelligence Platform (Promotion Manageme ...) NOT-FOR-US: SAP CVE-2023-40621 (SAP PowerDesigner Client - version 16.7, allows an unauthenticated att ...) NOT-FOR-US: SAP CVE-2023-40442 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-40440 (This issue was addressed with improved state management of S/MIME encr ...) NOT-FOR-US: Apple CVE-2023-40309 (SAP CommonCryptoLib does not perform necessary authentication checks, ...) NOT-FOR-US: SAP CVE-2023-40308 (SAP CommonCryptoLiballows an unauthenticated attacker to craft a reque ...) NOT-FOR-US: SAP CVE-2023-3039 (SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access C ...) NOT-FOR-US: Dell CVE-2023-39069 (An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 al ...) NOT-FOR-US: StrangeBee TheHive CVE-2023-38878 (A reflected cross-site scripting (XSS) vulnerability in DevCode OpenST ...) NOT-FOR-US: DevCode OpenSTAManager CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business Intelligen ...) NOT-FOR-US: SAP CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible memory corru ...) NOT-FOR-US: Android CVE-2023-35684 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2023-35683 (In bindSelection of DatabaseUtils.java, there is a possible way to acc ...) NOT-FOR-US: Android CVE-2023-35682 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...) NOT-FOR-US: Android CVE-2023-35681 (In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible o ...) NOT-FOR-US: Android CVE-2023-35680 (In multiple locations, there is a possible way to import contacts belo ...) NOT-FOR-US: Android CVE-2023-35679 (In MtpPropertyValue of MtpProperty.h, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-35677 (In onCreate of DeviceAdminAdd.java, there is a possible way to forcibl ...) NOT-FOR-US: Android CVE-2023-35676 (In createQuickShareAction of SaveImageInBackgroundTask.java, there is ...) NOT-FOR-US: Android CVE-2023-35675 (In loadMediaResumptionControls of MediaResumeListener.kt, there is a p ...) NOT-FOR-US: Android CVE-2023-35674 (In onCreate of WindowState.java, there is a possible way to launch a b ...) NOT-FOR-US: Android CVE-2023-35673 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2023-35671 (In onHostEmulationData of HostEmulationManager.java, there is a possib ...) NOT-FOR-US: Android CVE-2023-35670 (In computeValuesFromData of FileUtils.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-35669 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...) NOT-FOR-US: Android CVE-2023-35667 (In updateList of NotificationAccessSettings.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-35666 (In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free ...) NOT-FOR-US: Android CVE-2023-35665 (In multiple files, there is a possible way to import a contact from an ...) NOT-FOR-US: Android CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible priv ...) NOT-FOR-US: Android CVE-2023-4881 REJECTED CVE-2023-4318 (The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when ...) NOT-FOR-US: WordPress plugin CVE-2023-4314 (The wpDataTables WordPress plugin before 2.1.66 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2023-4307 (The Lock User Account WordPress plugin through 1.0.3 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2023-4294 (The URL Shortify WordPress plugin before 1.7.6 does not properly escap ...) NOT-FOR-US: WordPress plugin CVE-2023-4278 (The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 do ...) NOT-FOR-US: WordPress plugin CVE-2023-4270 (The Min Max Control WordPress plugin before 4.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4060 (The WP Adminify WordPress plugin before 3.1.6 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-4022 (The Herd Effects WordPress plugin before 5.2.3 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-41609 (An open redirect vulnerability in the sanitize_url() parameter of Couc ...) NOT-FOR-US: CouchCMS CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop ...) NOT-FOR-US: Dairy Farm Shop Management System CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for Symfony ...) NOT-FOR-US: ux-autocomplete CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in ...) NOT-FOR-US: Interact CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function ...) - gpac (bug #1051955) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2550 NOTE: Fixed by: https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...) NOT-FOR-US: Schoolmate CVE-2023-40945 (Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Inje ...) NOT-FOR-US: Sourcecodester Doctor Appointment System CVE-2023-40944 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schooln ...) NOT-FOR-US: Schoolmate CVE-2023-40786 (HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowi ...) NOT-FOR-US: HKcms CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check and pe ...) NOT-FOR-US: Softneta MedDream PACS CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...) - vips 8.14.4-1 [bookworm] - vips 8.14.1-3+deb12u1 [bullseye] - vips (Vulnerable code not present) [buster] - vips (Vulnerable code not present) NOTE: https://github.com/libvips/libvips/pull/3604 NOTE: Introduced by: https://github.com/libvips/libvips/commit/b2527da53143a38bca96f4a3371ccd0856c0268b (v8.12.0-rc1) NOTE: Fixed by: https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b (v8.14.4) CVE-2023-3612 (Govee Home app has unprotected access to WebView component which can b ...) NOT-FOR-US: Govee Home app CVE-2023-3510 (The FTP Access WordPress plugin through 1.0 does not have authorisatio ...) NOT-FOR-US: WordPress plugin CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...) NOT-FOR-US: WordPress plugin CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...) NOT-FOR-US: WordPress plugin CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authentic ...) NOT-FOR-US: ASUS CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...) NOT-FOR-US: Softneta MedDream PACS CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...) - cppcheck (unimportant) NOTE: https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...) NOT-FOR-US: NBD80S09S-KLC CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allo ...) NOT-FOR-US: ZLMediaKiet CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local at ...) NOT-FOR-US: RaidenFTPD CVE-2023-38829 (An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker ...) NOT-FOR-US: NETIS SYSTEMS WF2409E CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows admin users ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balanc ...) NOT-FOR-US: Ethereum Blockchain CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_ ...) NOT-FOR-US: Qubo CVE-2023-36140 (In PHPJabbers Cleaning Business Software 1.0, there is no encryption o ...) NOT-FOR-US: PHPJabbers CVE-2023-31468 (An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime ...) NOT-FOR-US: Inosoft CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, when c ...) NOT-FOR-US: Hitachi CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android allows a re ...) NOT-FOR-US: wave.ai.browser application CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through 6.8.0 fo ...) NOT-FOR-US: Imou Life com.mm.android.smartlifeiot application CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ...) - qemu 1:8.1.1+ds-1 (bug #1051899) [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1813 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/356c4c441ec01910314c5867c680bef80d1dd373 (v7.1.0-rc0) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/55794c904df723109b228da28b5db778e0df3110 (v7.1.0-rc2) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c (v8.2.0-rc0) CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" ...) NOT-FOR-US: MyCrops HiGrade "THC Testing & Cannabi" application CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. ...) NOT-FOR-US: ARRIS TG852G, TG862G, and TG1672G devices CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certifica ...) NOT-FOR-US: Anaconda Python CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) NOT-FOR-US: icms2 CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...) NOT-FOR-US: icms2 CVE-2023-4877 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: hamza417/inure CVE-2023-4876 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: hamza417/inure CVE-2023-4873 (A vulnerability, which was classified as critical, was found in Byzoro ...) NOT-FOR-US: eijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform CVE-2023-4872 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Contact Manager App CVE-2023-4871 (A vulnerability classified as critical was found in SourceCodester Con ...) NOT-FOR-US: SourceCodester Contact Manager App CVE-2023-4870 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Contact Manager App CVE-2023-4869 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...) NOT-FOR-US: SourceCodester Contact Manager App CVE-2023-4868 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...) NOT-FOR-US: SourceCodester Contact Manager App CVE-2023-4867 (A vulnerability was found in Xintian Smart Table Integrated Management ...) NOT-FOR-US: Xintian Smart Table Integrated Management System CVE-2023-4866 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-4865 (A vulnerability has been found in SourceCodester Take-Note App 1.0 and ...) NOT-FOR-US: SourceCodester Take-Note App CVE-2023-4864 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Take-Note App CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to ...) {DSA-5547-1 DLA-3643-1} - pmix 5.0.1-1 (bug #1051729) NOTE: https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f (v4.2.6) NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1) CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...) {DSA-5494-1 DLA-3574-1} - mutt 2.2.12-0.1 (bug #1051563) NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) NOTE: https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6 (mutt-2-2-12-rel) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email in Mut ...) {DSA-5494-1 DLA-3574-1} - mutt 2.2.12-0.1 (bug #1051563) NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) NOTE: https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0 (mutt-2-2-12-rel) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 CVE-2023-4852 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) NOT-FOR-US: IBOS OA CVE-2023-4851 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) NOT-FOR-US: IBOS OA CVE-2023-4850 (A vulnerability, which was classified as critical, was found in IBOS O ...) NOT-FOR-US: IBOS OA CVE-2023-4849 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: IBOS OA CVE-2023-4848 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple Book Catalog App CVE-2023-4847 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Simple Book Catalog App CVE-2023-4846 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) NOT-FOR-US: SourceCodester Simple Membership System CVE-2023-4845 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) NOT-FOR-US: SourceCodester Simple Membership System CVE-2023-4844 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) NOT-FOR-US: SourceCodester Simple Membership System CVE-2023-4838 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: Simple Download Counter plugin for WordPress CVE-2023-42278 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) NOT-FOR-US: Hutool CVE-2023-42277 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) NOT-FOR-US: Hutool CVE-2023-42276 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) NOT-FOR-US: Hutool CVE-2023-41564 (An arbitrary file upload vulnerability in the Upload Asset function of ...) NOT-FOR-US: Cockpit CMS CVE-2023-40306 (SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps ...) NOT-FOR-US: SAP CVE-2023-4853 (A flaw was found in Quarkus where HTTP security policies are not sanit ...) NOT-FOR-US: Quarkus CVE-2023-4843 (Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection ...) NOT-FOR-US: Pega Platform CVE-2023-4782 (Terraform version 1.0.8 through 1.5.6 allows arbitrary file write duri ...) - terraform (bug #808940) CVE-2023-4777 (An incorrect permission check in Qualys Container Scanning Connector P ...) NOT-FOR-US: Qualys Container Scanning Connector Plugin CVE-2023-42268 (Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: JeecgBoot CVE-2023-41578 (Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file re ...) NOT-FOR-US: JeecgBoot CVE-2023-41575 (Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/s ...) NOT-FOR-US: Blood Bank & Donor Management CVE-2023-41338 (Fiber is an Express inspired web framework built in the go language. V ...) NOT-FOR-US: Fiber CVE-2023-41318 (matrix-media-repo is a highly customizable multi-domain media reposito ...) NOT-FOR-US: matrix-media-repo CVE-2023-40924 (SolarView Compact < 6.00 is vulnerable to Directory Traversal.) NOT-FOR-US: SolarView Compact CVE-2023-39712 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39676 (FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contai ...) NOT-FOR-US: SimpleImportProduct Prestashop Module CVE-2023-39584 (Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file re ...) NOT-FOR-US: Hexo CVE-2023-39076 (Injecting random data into the USB memory area on a General Motors (GM ...) NOT-FOR-US: General Motors (GM) Chevrolet Equinox CVE-2023-38736 (IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run ...) NOT-FOR-US: IBM CVE-2023-32332 (IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management ...) NOT-FOR-US: IBM CVE-2023-4807 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...) - openssl (Windows-specific) NOTE: https://www.openssl.org/news/secadv/20230908.txt CVE-2023-41775 (Improper access control vulnerability in 'direct' Desktop App for macO ...) NOT-FOR-US: direct Desktop App for macOS CVE-2023-41646 (Buttercup v2.20.3 allows attackers to obtain the hash of the master pa ...) NOT-FOR-US: Buttercup CVE-2023-41615 (Zoo Management System v1.0 was discovered to contain multiple SQL inje ...) NOT-FOR-US: Zoo Management System CVE-2023-41594 (Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discove ...) NOT-FOR-US: Dairy Farm Shop Management System CVE-2023-41161 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) NOT-FOR-US: Usermin CVE-2023-40953 (icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: icms CVE-2023-40584 (Argo CD is a declarative continuous deployment for Kubernetes. All ver ...) NOT-FOR-US: Argo CD CVE-2023-40353 (An issue was discovered in Exynos Mobile Processor 980 and 2100. An in ...) NOT-FOR-US: Samsung CVE-2023-40271 (In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate ...) NOT-FOR-US: Trusted Firmware-M (TF-M) CVE-2023-40029 (Argo CD is a declarative continuous deployment for Kubernetes. Argo CD ...) NOT-FOR-US: Argo CD CVE-2023-39620 (An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru ...) NOT-FOR-US: Buffalo CVE-2023-37759 (Incorrect access control in the User Registration page of Crypto Curre ...) NOT-FOR-US: Crypto Currency Tracker CVE-2023-37377 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) NOT-FOR-US: Samsung CVE-2023-37368 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-37367 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-36184 (CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack o ...) NOT-FOR-US: CMysten Labs Sui CVE-2023-34041 (Cloud foundry routing release versions prior to 0.278.0 are vulnerable ...) NOT-FOR-US: Cloud foundry routing CVE-2023-32470 (Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure O ...) NOT-FOR-US: Dell CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0. ...) NOT-FOR-US: Delta Electronics CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior to2023.1.9 ...) NOT-FOR-US: JSCAPE MFT Server CVE-2023-41316 (Tolgee is an open-source localization platform. Due to lack of validat ...) NOT-FOR-US: Tolgee CVE-2023-41064 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-41061 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-40942 (Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow ...) NOT-FOR-US: Tenda CVE-2023-40060 (A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix ...) NOT-FOR-US: SolarWinds Serv-U CVE-2023-3747 (Zero Trust Administrators have the ability to disallow end users from ...) NOT-FOR-US: Cloudflare Warp CVE-2023-39711 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39424 (A vulnerability inRDPngFileUpload.dll, as used in theIRM Next Generati ...) NOT-FOR-US: IRM Next Generation booking system CVE-2023-39423 (The RDPData.dll file exposes the/irmdata/api/common endpoint that hand ...) NOT-FOR-US: Bitdefender CVE-2023-39422 (The/irmdata/api/ endpoints exposed by theIRM Next Generation booking e ...) NOT-FOR-US: Bitdefender CVE-2023-39421 (The RDPWin.dll component as used in the IRM Next Generation booking en ...) NOT-FOR-US: Bitdefender CVE-2023-39420 (The RDPCore.dll component as used in the IRM Next Generation booking e ...) NOT-FOR-US: Bitdefender CVE-2023-37798 (A stored cross-site scripting (XSS) vulnerability in the new REDCap pr ...) NOT-FOR-US: Vanderbilt REDCap CVE-2023-36635 (An improper access control in Fortinet FortiSwitchManager version 7.2. ...) NOT-FOR-US: FortiGuard CVE-2023-4815 (Missing Authentication for Critical Function in GitHub repository answ ...) NOT-FOR-US: answerdev/answer CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPress i ...) NOT-FOR-US: Duplicate Post Page Menu & Custom Post Type plugin for WordPress CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Newsletter plugin for WordPress CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of WireMo ...) NOT-FOR-US: WireMock CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...) NOT-FOR-US: WireMock CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...) {DSA-5610-1} - redis 5:7.0.13-1 (bug #1051512) [bullseye] - redis (Vulnerable code introduced later) [buster] - redis (Vulnerable code introduced later) NOTE: Introduced after: https://github.com/redis/redis/commit/55c81f2cd3da82f9f570000875e006b9046ddef3 (7.0-rc1) NOTE: Fixed by: https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 (7.2.1) NOTE: Fixed by: https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 (7.0.13) NOTE: https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0008.html CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain request URL ...) NOT-FOR-US: WireMock CVE-2023-39956 (Electron is a framework which lets you write cross-platform desktop ap ...) - electron (bug #842420) CVE-2023-39240 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...) NOT-FOR-US: ASUS CVE-2023-39239 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...) NOT-FOR-US: ASUS CVE-2023-39238 (It is identified a format string vulnerability in ASUS RT-AX56U V2. Th ...) NOT-FOR-US: ASUS CVE-2023-39237 (ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficie ...) NOT-FOR-US: ASUS CVE-2023-39236 (ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient f ...) NOT-FOR-US: ASUS CVE-2023-38616 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2023-38605 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-38033 (ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has in ...) NOT-FOR-US: ASUS CVE-2023-38032 (ASUS RT-AC86U AiProtection security- related function has insufficient ...) NOT-FOR-US: ASUS CVE-2023-38031 (ASUS RT-AC86U Adaptive QoS - Web History function has insufficient fil ...) NOT-FOR-US: ASUS CVE-2023-34357 (Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for F ...) NOT-FOR-US: Soar Cloud Ltd. HR Portal CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule, a pac ...) NOT-FOR-US: FreeBSD CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_hf ...) {DLA-3710-1 DLA-3623-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://git.kernel.org/linus/b3d26c5702c7d6c45456326e56d2ccf3f103e60f CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...) {DSA-5492-1 DLA-3710-1 DLA-3623-1} - linux 6.4.13-1 [bullseye] - linux 5.10.197-1 NOTE: https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c CVE-2023-4621 REJECTED CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in Deline ...) NOT-FOR-US: Delinea Secret Server CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its v10. ...) NOT-FOR-US: Delinea Secret Server CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...) NOT-FOR-US: Tenda CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DLA-3710-1 DLA-3623-1} - linux 6.4.13-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/ NOTE: https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/ NOTE: https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...) {DSA-5492-1 DLA-3710-1} - linux 6.4.11-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5) CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...) {DSA-5492-1 DLA-3710-1} - linux 6.4.11-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5) CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_ro ...) {DSA-5492-1 DLA-3710-1} - linux 6.4.11-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5) CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in install/index.p ...) NOT-FOR-US: CSZ CMS CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PD ...) NOT-FOR-US: knplabs/knp-snappy CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...) NOT-FOR-US: Frappe Framework CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...) NOT-FOR-US: F-RevoCRM CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...) NOT-FOR-US: F-RevoCRM CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...) NOT-FOR-US: Zope CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...) NOT-FOR-US: WordPress plugin CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg ...) NOT-FOR-US: WordPress plugin CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Soc ...) NOT-FOR-US: WordPress plugin CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausibl ...) NOT-FOR-US: WordPress plugin CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurc ...) NOT-FOR-US: WordPress plugin CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 B ...) NOT-FOR-US: Archer AX6000 firmware CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...) NOT-FOR-US: TP-Link CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZe ...) NOT-FOR-US: WordPress plugin CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carr ...) NOT-FOR-US: WordPress plugin CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 2023061 ...) NOT-FOR-US: Deco M4 firmware CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwo ...) NOT-FOR-US: WordPress plugin CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' a ...) NOT-FOR-US: Archer C5400 firmware CVE-2023-39511 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/9d3495abdc86f40bc7fa9767fcf0136db5b6179a (release/1.2.20) CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...) NOT-FOR-US: Apache Superset CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...) NOT-FOR-US: Apache Superset CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware versions prior ...) NOT-FOR-US: Archer CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' a ...) NOT-FOR-US: Archer CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allow ...) NOT-FOR-US: Archer CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' a ...) NOT-FOR-US: Archer CVE-2023-38486 (A vulnerability in the secure boot implementation on affectedAruba 920 ...) NOT-FOR-US: Aruba CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...) NOT-FOR-US: Aruba CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...) NOT-FOR-US: Aruba CVE-2023-37941 (If an attacker gains write access to the Apache Superset metadata data ...) NOT-FOR-US: Apache Superset CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware versions ...) NOT-FOR-US: Archer CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...) NOT-FOR-US: TP-Link CVE-2023-36388 (Improper REST API permission in Apache Superset up to and including 2. ...) NOT-FOR-US: Apache Superset CVE-2023-36387 (An improper default REST API permission for Gamma users in Apache Supe ...) NOT-FOR-US: Apache Superset CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset versions ...) NOT-FOR-US: Apache Superset CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and A ...) NOT-FOR-US: Archer CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...) NOT-FOR-US: TP-Link CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 1.1 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Te ...) NOT-FOR-US: Jenkins plugin CVE-2023-41945 (Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the ...) NOT-FOR-US: Jenkins plugin CVE-2023-41944 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2023-41943 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perf ...) NOT-FOR-US: Jenkins plugin CVE-2023-41942 (A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeC ...) NOT-FOR-US: Jenkins plugin CVE-2023-41941 (A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3. ...) NOT-FOR-US: Jenkins plugin CVE-2023-41940 (Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, ...) NOT-FOR-US: Jenkins plugin CVE-2023-41939 (Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissi ...) NOT-FOR-US: Jenkins plugin CVE-2023-41938 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2023-41937 (Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (bo ...) NOT-FOR-US: Jenkins plugin CVE-2023-41936 (Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time c ...) NOT-FOR-US: Jenkins plugin CVE-2023-41935 (Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380. ...) NOT-FOR-US: Jenkins plugin CVE-2023-41934 (Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-41933 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-41932 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-41931 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-41930 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: User Submitted Posts plugin for WordPress CVE-2023-4773 (The WordPress Social Login plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: WordPress Social Login plugin for WordPress CVE-2023-4719 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: Simple Membership plugin for WordPress CVE-2023-4705 REJECTED CVE-2023-4487 (GE CIMPLICITY 2023 is by a process control vulnerability, which could ...) NOT-FOR-US: GE CIMPLICITY CVE-2023-4485 (ARDEREGSistema SCADA Central versions 2.203 and prior login page are v ...) NOT-FOR-US: ARDEREG Sistema SCADA Central CVE-2023-4310 (BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) ver ...) NOT-FOR-US: BeyondTrust CVE-2023-41508 (A hard coded password in Super Store Finder v3.6 allows attackers to a ...) NOT-FOR-US: Super Store Finder CVE-2023-41507 (Super Store Finder v3.6 was discovered to contain multiple SQL injecti ...) NOT-FOR-US: Super Store Finder CVE-2023-3472 (Use after free vulnerability in Panasonic KW Watcher versions 1.00 thr ...) NOT-FOR-US: Panasonic CVE-2023-3471 (Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 th ...) NOT-FOR-US: Panasonic CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient Verification ...) NOT-FOR-US: ManageEngine ADSelfService Plus GINA Client CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFl ...) NOT-FOR-US: IsarNet AG IsarFlow CVE-2023-34352 (A permissions issue was addressed with improved redaction of sensitive ...) NOT-FOR-US: Apple CVE-2023-32438 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2023-32432 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-32428 (This issue was addressed with improved file handling. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-32426 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-32425 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...) {DSA-5396-1} - webkit2gtk 2.40.1-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0008.html CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...) NOT-FOR-US: Apple CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege Escalation Vu ...) NOT-FOR-US: Wacom CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local Privil ...) NOT-FOR-US: Wacom CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) {DLA-3588-1} - vim 2:9.0.1894-1 [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/ NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873) CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845. ...) {DSA-5491-1} - chromium 116.0.5845.180-1 [buster] - chromium (see DSA 5046) CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 116.0.5845.179 al ...) {DSA-5491-1} - chromium 116.0.5845.180-1 [buster] - chromium (see DSA 5046) CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed ...) {DSA-5491-1} - chromium 116.0.5845.180-1 [buster] - chromium (see DSA 5046) CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5 ...) {DSA-5491-1} - chromium 116.0.5845.180-1 [buster] - chromium (see DSA 5046) CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mestav Software E-commerce Software CVE-2023-4480 (Due to an out-of-date dependency in the \u201cFusion File Manager\u201 ...) NOT-FOR-US: PHP-Fusion CVE-2023-4178 (Authentication Bypass by Spoofing vulnerability in Neutron Neutron Sma ...) NOT-FOR-US: Neutron Smart VMS CVE-2023-4034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Digita Information Technology Smartrise Document Management System CVE-2023-41317 (The Apollo Router is a configurable, high-performance graph router wri ...) NOT-FOR-US: Apollo Router CVE-2023-41108 (TEF portal 2023-07-17 is vulnerable to authenticated remote code execu ...) NOT-FOR-US: TEF portal CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site scripti ...) NOT-FOR-US: TEF portal CVE-2023-41012 (An issue in China Mobile Communications China Mobile Intelligent Home ...) NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway CVE-2023-41009 (File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote a ...) NOT-FOR-US: bolo-solo CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unautho ...) NOT-FOR-US: KnowStreaming CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mava Software Hotel Management System CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Unisi ...) NOT-FOR-US: Bookreen CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen ...) NOT-FOR-US: Bookreen CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Cuppa CMS CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: abupy CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...) NOT-FOR-US: IceWarp CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h NOTE: Fixed by: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) NOTE: Applying incomplete fix for CVE-2023-39515 opens up CVE-2023-49088 CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17) CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 NOTE: Initial fix (partially reverted): https://github.com/Cacti/cacti/commit/976f44dd8dfb2410e0dba00de9c4bbca17ee8910 (release/1.2.25) NOTE: General fix: https://github.com/Cacti/cacti/commit/f66ed84ee2dfd22581e831db97afd2bb145312ef (release/1.2.25) NOTE: Actual fix: https://github.com/Cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 (release/1.2.25) CVE-2023-39512 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17) CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 (release/1.2.25) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20) CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 (release/1.2.25) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/befc9005e99fdb44aa4b09b87fadced2f21539a6 (release/1.2.20) CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/ NOTE: https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e (release/1.2.25) CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x NOTE: https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da (release/1.2.25) CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp NOTE: https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056 (release/1.2.25) NOTE: https://github.com/Cacti/cacti/commit/4c26f39fa3567553192823a5e8096b187bbaddde (release/1.2.25) NOTE: snmp_escape_string broken and non-exploitable until https://github.com/Cacti/cacti/commit/c66d5815b8381eaa7ef679abc8d041f23105ef34 (release/1.2.23) NOTE: Requires php-snmp be disabled. CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg NOTE: https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822 (release/1.2.25) NOTE: Introduced by: https://github.com/cacti/cacti/commit/36269461cb9b03581ad5d7f6ddbc085a28fb9c37 (release/1.2.17) NOTE: but the patch still fixes multiple similar issues including one present in earlier versions. NOTE: Additional hardening with CVE-2023-39365. CVE-2023-39360 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5646-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 NOTE: Initial fix: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25) NOTE: Final fix: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa (release/1.2.25) NOTE: PoC doesn't seem to trigger without https://github.com/Cacti/cacti/commit/137340264ac550d060ef17c4d0794fa4abae1c26 (release/1.2.23) CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1} - cacti 1.2.25+ds1-1 [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h NOTE: https://github.com/cacti/cacti/commit/7459ff57abcd97ab8bc7a19de9e308ca62c17d38 (release/1.2.25) NOTE: Introduced by: https://github.com/cacti/cacti/commit/518800fdb0bd25f311a530d78bab635b3c96c500 (release/1.2.7) CVE-2023-39358 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g NOTE: https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d (release/1.2.25) NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82 (release/1.2.25) NOTE: Introduced by: https://github.com/cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20) CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1 DLA-3765-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg NOTE: https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d (release/1.2.25) CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Audimexee CVE-2023-35124 (An information disclosure vulnerability exists in the OAS Engine confi ...) NOT-FOR-US: OAS Engine CVE-2023-35072 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Coyav Travel Proagent CVE-2023-35068 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: BMA Personnel Tracking System CVE-2023-35065 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Paint Production Management CVE-2023-34998 (An authentication bypass vulnerability exists in the OAS Engine functi ...) NOT-FOR-US: OAS Engine CVE-2023-34994 (An improper resource allocation vulnerability exists in the OAS Engine ...) NOT-FOR-US: OAS Engine CVE-2023-34353 (An authentication bypass vulnerability exists in the OAS Engine authen ...) NOT-FOR-US: OAS Engine CVE-2023-34317 (An improper input validation vulnerability exists in the OAS Engine Us ...) NOT-FOR-US: OAS Engine CVE-2023-32615 (A file write vulnerability exists in the OAS Engine configuration func ...) NOT-FOR-US: OAS Engine CVE-2023-32271 (An information disclosure vulnerability exists in the OAS Engine confi ...) NOT-FOR-US: OAS Engine CVE-2023-32086 REJECTED CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine functi ...) NOT-FOR-US: OAS Engine CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...) NOT-FOR-US: PHP-Fusion CVE-2023-51441 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) - axis (bug #1060169) [bookworm] - axis (Minor issue) [bullseye] - axis (Minor issue) [buster] - axis (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2024/01/05/2 NOTE: Fixed by: https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...) {DLA-3622-1} - axis 1.4-29 (bug #1051288) [bookworm] - axis 1.4-28+deb12u1 [bullseye] - axis 1.4-28+deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1 NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 CVE-2023-34322 (For migration as well as to work around kernels unaware of L1TF (see X ...) - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-438.html CVE-2023-34321 (Arm provides multiple helpers to clean & invalidate the cache for a gi ...) - xen 4.17.2+55-g0b56bed864-1 (bug #1051954) [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-437.html CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.) {DLA-3588-1} - vim 2:9.0.1894-1 [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/ NOTE: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 (v9.0.1858) CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.) - vim 2:9.0.1894-1 (unimportant) NOTE: https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea/ NOTE: https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed (v9.0.1857) NOTE: Crash in CLI tool, no security impact CVE-2023-4748 (A vulnerability, which was classified as critical, has been found in Y ...) NOT-FOR-US: Yongyou UFIDA-NC CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.) - vim 2:9.0.1894-1 (unimportant) NOTE: https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ NOTE: https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c (v9.0.1840) NOTE: Crash in CLI tool, no security impact CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is vulnerable t ...) NOT-FOR-US: WordPress File Sharing Plugin plugin for WordPress CVE-2023-4616 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: LG CVE-2023-4615 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: LG CVE-2023-4614 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: LG CVE-2023-4613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: LG CVE-2023-4587 (An IDOR vulnerability has been found in ZKTeco ZEM800 product affectin ...) NOT-FOR-US: ZKTeco ZEM800 product CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in Daurnimat ...) - lua-http (bug #1051511) [bookworm] - lua-http (Minor issue) [bullseye] - lua-http (Minor issue) [buster] - lua-http (Minor issue) NOTE: Fixed by: https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6 CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-4284 (The Post Timeline WordPress plugin before 2.2.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4279 (This User Activity Log WordPress plugin before 1.6.7 retrieves client ...) NOT-FOR-US: WordPress plugin CVE-2023-4269 (The User Activity Log WordPress plugin before 1.6.6 lacks proper autho ...) NOT-FOR-US: WordPress plugin CVE-2023-4254 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-4253 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-4216 (The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 does ...) NOT-FOR-US: WordPress plugin CVE-2023-4151 (The Store Locator WordPress plugin before 1.4.13 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisation ...) NOT-FOR-US: WordPress plugin CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...) NOT-FOR-US: WordPress plugin CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU ...) {DSA-5505-1 DLA-3578-1} - lldpd 1.0.17-1 NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b (1.0.17) CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...) {DLA-3573-1} - frr 8.4.4-1 NOTE: https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (frr-9.0) NOTE: https://github.com/FRRouting/frr/commit/cc1a551cb007cc8ed8b1ea0605a7ab46c16de12b (frr-8.5.1) NOTE: https://github.com/FRRouting/frr/commit/0a12b878082f77b67ad5d9b4782846ac738575a2 (frr-8.4.4) CVE-2023-41908 (Cerebrate before 1.15 lacks the Secure attribute for the session cooki ...) NOT-FOR-US: Cerebrate CVE-2023-41058 (Parse Server is an open source backend server. In affected versions th ...) NOT-FOR-US: Node parse-server CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version in proje ...) NOT-FOR-US: hyper-bump-it CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...) NOT-FOR-US: LibreY CVE-2023-41054 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...) NOT-FOR-US: LibreY CVE-2023-41052 (Vyper is a Pythonic Smart Contract Language. In affected versions the ...) NOT-FOR-US: Vyper CVE-2023-40937 REJECTED CVE-2023-40936 REJECTED CVE-2023-40705 (Stored cross-site scripting vulnerability in Map setting page of VI We ...) NOT-FOR-US: VI Web Client CVE-2023-40535 (Stored cross-site scripting vulnerability in View setting page of VI W ...) NOT-FOR-US: VI Web Client CVE-2023-40214 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes ...) NOT-FOR-US: WordPress theme CVE-2023-40208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksand ...) NOT-FOR-US: WordPress plugin CVE-2023-40206 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk- ...) NOT-FOR-US: WordPress plugin CVE-2023-40205 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgra ...) NOT-FOR-US: WordPress plugin CVE-2023-40197 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...) NOT-FOR-US: WordPress plugin CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following (probab ...) NOT-FOR-US: Vyper CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does not adequ ...) NOT-FOR-US: WordPress plugin CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password Recovery ...) NOT-FOR-US: Roundcube plugin CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2 version ...) NOT-FOR-US: Roundcube plugin CVE-2023-39992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Co ...) NOT-FOR-US: WordPress plugin CVE-2023-39991 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindsid ...) NOT-FOR-US: WordPress plugin CVE-2023-39988 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-39987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...) NOT-FOR-US: WordPress plugin CVE-2023-39938 (Reflected cross-site scripting vulnerability in VI Web Client prior to ...) NOT-FOR-US: VI Web Client CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maen ...) NOT-FOR-US: WordPress plugin CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...) NOT-FOR-US: WordPress plugin CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...) NOT-FOR-US: SHIRASAGI CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...) NOT-FOR-US: WordPress plugin CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugin ...) NOT-FOR-US: WordPress plugin CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a r ...) NOT-FOR-US: VI Web Client CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18. ...) NOT-FOR-US: SHIRASAGI CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atar ...) NOT-FOR-US: WordPress plugin CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1. ...) NOT-FOR-US: SHIRASAGI CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) NOT-FOR-US: WordPress plugin CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...) - golang-github-disintegration-imaging (bug #1069062) [bookworm] - golang-github-disintegration-imaging (Minor issue) [bullseye] - golang-github-disintegration-imaging (Minor issue) [buster] - golang-github-disintegration-imaging (Minor issue) NOTE: https://github.com/disintegration/imaging/issues/165 CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...) NOT-FOR-US: ZPLGFA CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...) NOT-FOR-US: IBM CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...) NOT-FOR-US: IBM CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...) NOT-FOR-US: Qualcomm CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...) NOT-FOR-US: Qualcomm CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch announcement (CS ...) NOT-FOR-US: Qualcomm CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link operation ...) NOT-FOR-US: Qualcomm CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a recei ...) NOT-FOR-US: Qualcomm CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...) NOT-FOR-US: IBM CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...) NOT-FOR-US: WordPress plugin CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...) NOT-FOR-US: WordPress theme CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, ...) {DLA-3558-1} - python-django 3:3.2.21-1 (bug #1051226) [bookworm] - python-django (Minor issue, fix along in future update) [bullseye] - python-django (Minor issue, fix along in future update) NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1 NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/ NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main) NOTE: https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9 (4.2.5) NOTE: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e (3.2.21) CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DSA-5492-1} - linux 6.4.11-1 [bullseye] - linux (Vulnerable code not in a Debian released version) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4) CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DSA-5492-1} - linux 6.4.11-1 [bullseye] - linux 5.10.191-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 (6.5-rc3) CVE-2023-4749 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4747 (A vulnerability classified as critical was found in DedeCMS 5.7.110. T ...) NOT-FOR-US: DedeCMS CVE-2023-4746 (A vulnerability classified as critical has been found in TOTOLINK N200 ...) NOT-FOR-US: TOTOLINK CVE-2023-4745 (A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Ga ...) NOT-FOR-US: Beijing Baichuo Smart S45F Multi-Service ecure Gateway Intelligent Management Platform CVE-2023-4744 (A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has be ...) NOT-FOR-US: Tenda CVE-2023-4743 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been clas ...) NOT-FOR-US: Dreamer CMS CVE-2023-4742 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) NOT-FOR-US: IBOS OA CVE-2023-4741 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) NOT-FOR-US: IBOS OA CVE-2023-38554 (In wcn bsp driver, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2023-38553 (In gnss service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2023-38468 (In urild service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-38467 (In urild service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2023-38466 (In ims service, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2023-38465 (In ims service, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2023-38464 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38463 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38462 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38461 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38460 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38459 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38458 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38457 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38456 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38455 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38454 (In vowifi service, there is a possible missing permission check.This c ...) NOT-FOR-US: Unisoc CVE-2023-38453 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38452 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38451 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38450 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38449 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38448 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38447 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38446 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38445 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38444 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38443 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38442 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38441 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38440 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38439 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38438 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38437 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-38436 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-33918 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-33917 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-33916 (In vowifiservice, there is a possible missing permission check.This co ...) NOT-FOR-US: Unisoc CVE-2023-33915 (In LTE protocol stack, there is a possible missing permission check. T ...) NOT-FOR-US: Unisoc CVE-2023-33914 (In NIA0 algorithm in Security Mode Command, there is a possible missin ...) NOT-FOR-US: Unisoc CVE-2023-32817 (In gnss service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: Unisoc CVE-2023-32816 (In gnss service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: Unisoc CVE-2023-32815 (In gnss service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: Unisoc CVE-2023-32814 (In gnss service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: Unisoc CVE-2023-32813 (In gnss service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: Unisoc CVE-2023-32812 (In gnss service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: Unisoc CVE-2023-32811 (In connectivity system driver, there is a possible out of bounds write ...) NOT-FOR-US: MediaTek CVE-2023-32810 (In bluetooth driver, there is a possible out of bounds read due to imp ...) NOT-FOR-US: MediaTek CVE-2023-32809 (In bluetooth driver, there is a possible read and write access to regi ...) NOT-FOR-US: MediaTek CVE-2023-32808 (In bluetooth driver, there is a possible read and write access to regi ...) NOT-FOR-US: MediaTek CVE-2023-32807 (In wlan service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: MediaTek CVE-2023-32806 (In wlan driver, there is a possible out of bounds write due to imprope ...) NOT-FOR-US: MediaTek CVE-2023-32805 (In power, there is a possible out of bounds write due to an insecure d ...) NOT-FOR-US: MediaTek CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1894-1 (unimportant) NOTE: https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b (v9.0.1331) NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378 NOTE: Crash in CLI tool, no security impact CVE-2023-4740 (A vulnerability, which was classified as critical, was found in IBOS O ...) NOT-FOR-US: IBOS OA CVE-2023-4739 (A vulnerability, which was classified as critical, has been found in B ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-3703 (Proscend Advice ICR Series routers FW version 1.76- CWE-1392: Use of D ...) NOT-FOR-US: Proscend Advice ICR Series routers FW CVE-2023-39374 (ForeScout NAC SecureConnector version 11.2 -CWE-427: Uncontrolled Sear ...) NOT-FOR-US: ForeScout NAC SecureConnector CVE-2023-39373 (A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-rep ...) NOT-FOR-US: Hyundai CVE-2023-39372 (StarTrinity Softswitch version 2023-02-16 -Multiple CSRF (CWE-352)) NOT-FOR-US: StarTrinity Softswitch CVE-2023-39371 (StarTrinity Softswitch version 2023-02-16 -Open Redirect (CWE-601)) NOT-FOR-US: StarTrinity Softswitch CVE-2023-39370 (StarTrinity Softswitch version 2023-02-16 -Persistent XSS (CWE-79)) NOT-FOR-US: StarTrinity Softswitch CVE-2023-39369 (StarTrinity Softswitch version 2023-02-16- Multiple Reflected XSS (CWE ...) NOT-FOR-US: StarTrinity Softswitch CVE-2023-38521 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exif ...) NOT-FOR-US: WordPress plugin CVE-2023-38518 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visu ...) NOT-FOR-US: WordPress plugin CVE-2023-38517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Real ...) NOT-FOR-US: WordPress plugin CVE-2023-38516 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-38482 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qual ...) NOT-FOR-US: WordPress plugin CVE-2023-38476 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Suit ...) NOT-FOR-US: WordPress plugin CVE-2023-38387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elas ...) NOT-FOR-US: WordPress plugin CVE-2023-37222 (Farsight Tech Nordic AB ProVide version 14.5- Multiple XSS vulnerabili ...) NOT-FOR-US: Farsight Tech Nordic AB ProVide CVE-2023-37221 (7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page ...) NOT-FOR-US: 7Twenty BOT CVE-2023-37220 (Synel Terminals - CWE-494: Download of Code Without Integrity Check) NOT-FOR-US: Synel Terminals CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C ...) NOT-FOR-US: Apache NiFi CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1894-1 [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) [buster] - vim (Minor issue; intrusive and hard to backport and will need a rewrite) NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/ NOTE: https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 (v9.0.1848) CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.) - vim (Windows-specific) NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/ NOTE: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c (v9.0.1833) CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.) - vim 2:9.0.1894-1 (unimportant) NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/ NOTE: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 (v9.0.1847) NOTE: Crash in CLI tool, no security impact CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) - vim 2:9.0.1894-1 (unimportant) NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/ NOTE: https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (v9.0.1846) NOTE: Crash in CLI tool, no security impact CVE-2023-39983 (A vulnerability that poses a potential risk of polluting the MXsecurit ...) NOT-FOR-US: MXsecurity CVE-2023-39982 (A vulnerability has been identified in MXsecurity versions prior to v1 ...) NOT-FOR-US: MXsecurity CVE-2023-39981 (A vulnerability that allows for unauthorized access has been discovere ...) NOT-FOR-US: MXsecurity CVE-2023-39980 (A vulnerability that allows the unauthorized disclosure of authenticat ...) NOT-FOR-US: MXsecurity CVE-2023-39979 (There is a vulnerability in MXsecurity versions prior to 1.0.1 that ca ...) NOT-FOR-US: MXsecurity CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...) - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as problema ...) NOT-FOR-US: PlayTube CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) NOT-FOR-US: IBOS OA CVE-2023-4712 (A vulnerability, which was classified as critical, was found in Xintia ...) NOT-FOR-US: Xintian Smart Table Integrated Management System CVE-2023-4711 (A vulnerability, which was classified as critical, has been found in D ...) NOT-FOR-US: D-Link CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 12.1. ...) NOT-FOR-US: TOTVS RM CVE-2023-4709 (A vulnerability classified as problematic has been found in TOTVS RM 1 ...) NOT-FOR-US: TOTVS RM CVE-2023-4708 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been r ...) NOT-FOR-US: Infosoftbd Clcknshop CVE-2023-4707 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been d ...) NOT-FOR-US: Infosoftbd Clcknshop CVE-2023-4704 (External Control of System or Configuration Setting in GitHub reposito ...) NOT-FOR-US: icms2 CVE-2023-41633 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via ...) - catdoc (unimportant) NOTE: https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference/ NOTE: https://gist.github.com/rycbar77/3da455382f88cfb6d6798572f34378bd NOTE: Crash in CLI tool, no security impact CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows attackers to ...) NOT-FOR-US: O-RAN CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the ...) NOT-FOR-US: O-RAN CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the /index.php e ...) NOT-FOR-US: Tine groupware CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several component ...) - rust-vm-memory 0.12.2-1 (bug #1051101) [bookworm] - rust-vm-memory (Minor issue) [bullseye] - rust-vm-memory (Minor issue) NOTE: https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g NOTE: https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8 (v0.12.2) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0056.html CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which deals w ...) NOT-FOR-US: Node @dcl/single-sign-on-client CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before ...) NOT-FOR-US: DWSurvey DWSurvey-OSS CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerabl ...) NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...) NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allow ...) - timg 1.5.2-1 (bug #1051231) [bookworm] - timg 1.4.5-1+deb12u1 NOTE: https://github.com/hzeller/timg/issues/115 NOTE: https://github.com/hzeller/timg/commit/2e9414e668144bbe0afc074dac17b74ef4acfdcf (v1.5.2) CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote attac ...) NOT-FOR-US: DataEase CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...) NOT-FOR-US: Lexmark CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Editor comp ...) NOT-FOR-US: Typora CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...) NOT-FOR-US: hjson-java CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...) NOT-FOR-US: LanChain-ai Langchain CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...) NOT-FOR-US: Chamilo LMS CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh ...) NOT-FOR-US: WordPress plugin CVE-2023-37994 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-37986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...) NOT-FOR-US: WordPress plugin CVE-2023-37893 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Cho ...) NOT-FOR-US: WordPress plugin CVE-2023-37830 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement CVE-2023-37829 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement CVE-2023-37828 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before ...) - libtommath 1.2.1-1 (bug #1051100) [bookworm] - libtommath (Minor issue) [bullseye] - libtommath (Minor issue) [buster] - libtommath (Minor issue) NOTE: https://github.com/libtom/libtommath/pull/546 NOTE: https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 (v1.2.1) CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...) NOT-FOR-US: RELIC CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...) NOT-FOR-US: RELIC CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...) NOT-FOR-US: NETGEAR CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...) NOT-FOR-US: IceCMS CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...) NOT-FOR-US: NebulaGraph Studio CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...) NOT-FOR-US: smanga CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) NOT-FOR-US: WordPress plugin CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-4638 - gitlab 16.4.4+ds2-2 CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...) - gitlab (Specific to EE) CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-40325 - moodle CVE-2023-40324 - moodle CVE-2023-40323 - moodle CVE-2023-40322 - moodle CVE-2023-40321 - moodle CVE-2023-40320 - moodle CVE-2023-40319 - moodle CVE-2023-40318 - moodle CVE-2023-40317 - moodle CVE-2023-40316 - moodle CVE-2023-38037 [Active Support Possibly Discloses Locally Encrypted Files] - rails (bug #1051057) [bookworm] - rails (Minor issue) [bullseye] - rails (Minor issue) NOTE: https://github.com/advisories/GHSA-cr5q-6q9f-rq6q NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml NOTE: https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731 (v7.0.7.1) NOTE: https://github.com/rails/rails/commit/c85cc667ebfd3c270df37c7575d580ea6462e12f (v6.1.7.5) CVE-2023-4698 (Improper Input Validation in GitHub repository usememos/memos prior to ...) NOT-FOR-US: Memos CVE-2023-4697 (Improper Privilege Management in GitHub repository usememos/memos prio ...) NOT-FOR-US: Memos CVE-2023-4696 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: Memos CVE-2023-4695 (Use of Predictable Algorithm in Random Number Generator in GitHub repo ...) NOT-FOR-US: pkp-lib CVE-2023-4688 (Sensitive information leak through log files. The following products a ...) NOT-FOR-US: Acronis CVE-2023-4299 (Digi RealPort Protocol is vulnerable to a replay attack that may allow ...) NOT-FOR-US: Digi RealPort CVE-2023-41751 (Sensitive information disclosure due to improper token expiration vali ...) NOT-FOR-US: Acronis CVE-2023-41750 (Sensitive information disclosure due to missing authorization. The fol ...) NOT-FOR-US: Acronis CVE-2023-41749 (Sensitive information disclosure due to excessive collection of system ...) NOT-FOR-US: Acronis CVE-2023-39912 (Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technici ...) NOT-FOR-US: Zoho CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c NOTE: https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07 NOTE: https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877 CVE-2023-41748 (Remote command execution due to improper input validation. The followi ...) NOT-FOR-US: Acronis CVE-2023-41747 (Sensitive information disclosure due to improper input validation. The ...) NOT-FOR-US: Acronis CVE-2023-41746 (Remote command execution due to improper input validation. The followi ...) NOT-FOR-US: Acronis CVE-2023-41745 (Sensitive information disclosure due to excessive collection of system ...) NOT-FOR-US: Acronis CVE-2023-41744 (Local privilege escalation due to unrestricted loading of unsigned lib ...) NOT-FOR-US: Acronis CVE-2023-41743 (Local privilege escalation due to insecure driver communication port p ...) NOT-FOR-US: Acronis CVE-2023-41742 (Excessive attack surface due to binding to an unrestricted IP address. ...) NOT-FOR-US: Acronis CVE-2023-41741 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: Synology CVE-2023-41740 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Functionality ...) NOT-FOR-US: Synology CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...) NOT-FOR-US: Zscaler Proxy CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41638 (An arbitrary file upload vulnerability in the Gestione Documentale mod ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41637 (An arbitrary file upload vulnerability in the Carica immagine function ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal parameter of G ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...) NOT-FOR-US: GruppoSCAI RealGimm CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use ...) - graylog2 (bug #652273) CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...) - graylog2 (bug #652273) CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...) NOT-FOR-US: Eclipse Leshan CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x NOTE: https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 (3.0.0-beta3) NOTE: https://github.com/FreeRDP/FreeRDP/commit/c659973bb4cd65c065f2fe1a807dbc6805c684c6 (2.11.0) CVE-2023-39356 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m NOTE: https://github.com/FreeRDP/FreeRDP/commit/889348a86e49bc8f1351ed6496d847b32db5f86e (2.11.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/23db2f4e6ba71f1c10c543f24de595d7340adb46 (2.11.1) CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6f9d33a7db0b346195b6a15b5b99944ba41beee (3.0.0-beta3) CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6 NOTE: https://github.com/FreeRDP/FreeRDP/commit/82ac0164f330c08ddd9a6ef6f3dbf846c4b79def (2.11.0) CVE-2023-39353 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f NOTE: https://github.com/FreeRDP/FreeRDP/commit/efa0567c027239b901ccdc590b9e229e0111c68b (2.11.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/9ed6d6baede27d5006e0e4c9bec8e506f695cb6a (2.11.0) CVE-2023-39352 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj NOTE: https://github.com/FreeRDP/FreeRDP/commit/7daaba3c1411f71ac7260d01216ab8f8d3687c65 (3.0.0-beta1) NOTE: https://github.com/FreeRDP/FreeRDP/commit/856ecaa463e963ecfebc9734423d69139e7b3916 (2.11.0) CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq NOTE: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5 (2.11.0) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0) CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822 (2.11.0) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0) CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability in the Sc ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer Engineering ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software CVE-2023-33835 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) NOT-FOR-US: IBM CVE-2023-33834 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) NOT-FOR-US: IBM CVE-2023-33833 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensiti ...) NOT-FOR-US: IBM CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) NOT-FOR-US: icms2 CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: icms2 CVE-2023-4653 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) NOT-FOR-US: icms2 CVE-2023-4652 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) NOT-FOR-US: icms2 CVE-2023-4651 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...) NOT-FOR-US: icms2 CVE-2023-4650 (Improper Access Control in GitHub repository instantsoft/icms2 prior t ...) NOT-FOR-US: icms2 CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16. ...) NOT-FOR-US: icms2 CVE-2023-4641 (A flaw was found in shadow-utils. When asking for a new password, shad ...) - shadow 1:4.13+dfsg1-2 (bug #1051062) [bookworm] - shadow (Minor issue) [bullseye] - shadow (Minor issue) [buster] - shadow (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2215945 NOTE: https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 (4.14.0-rc1) CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: Order Tracking Pro plugin for WordPress CVE-2023-4471 (The Order Tracking Pro plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: Order Tracking Pro plugin for WordPress CVE-2023-4315 (The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-4245 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to una ...) NOT-FOR-US: WordPress plugin CVE-2023-4163 (In Brocade Fabric OS before v9.2.0a, a local authenticated privileged ...) NOT-FOR-US: Brocade CVE-2023-4162 (A segmentation fault can occur in Brocade Fabric OS after Brocade Fab ...) NOT-FOR-US: Brocade CVE-2023-4161 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cro ...) NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress CVE-2023-4160 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress CVE-2023-4000 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...) NOT-FOR-US: Usermin CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...) - graylog2 (bug #652273) CVE-2023-41040 (GitPython is a python library used to interact with Git repositories. ...) {DLA-3589-1} - python-git 3.1.36-1 [bookworm] - python-git 3.1.30-1+deb12u2 [bullseye] - python-git (Minor issue; can be fixed via point release) NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c NOTE: Fixed by: https://github.com/gitpython-developers/GitPython/commit/64ebb9fcdfbe48d5d61141a557691fd91f1e88d6 (3.1.35) NOTE: Testcase: https://github.com/gitpython-developers/GitPython/commit/65b8c6a2ccacdf26e751cd3bc3c5a7c9e5796b56 (3.1.35) CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress CVE-2023-3677 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress CVE-2023-3636 (The WP Project Manager plugin for WordPress is vulnerable to privilege ...) NOT-FOR-US: WP Project Manager plugin for WordPress CVE-2023-3489 (The firmwaredownload command on Brocade Fabric OS v9.2.0 could log th ...) NOT-FOR-US: Brocade CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized dec ...) NOT-FOR-US: ProfileGrid plugin for WordPress CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...) NOT-FOR-US: archive Dart library CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...) NOT-FOR-US: ZIPFoundation CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...) NOT-FOR-US: archive Dart library CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...) NOT-FOR-US: SSZipArchive CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...) NOT-FOR-US: Zip Swift CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) NOT-FOR-US: Badaso CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication ...) NOT-FOR-US: Brocade CVE-2023-31714 (Chitor-CMS before v1.1.2 was discovered to contain multiple SQL inject ...) NOT-FOR-US: Chitor-CMS CVE-2023-31424 (Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a ...) NOT-FOR-US: Brocade CVE-2023-31423 (Possible information exposure through log file vulnerability where se ...) NOT-FOR-US: Brocade CVE-2023-2354 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: CHP Ads Block Detector plugin for WordPress CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: CHP Ads Block Detector plugin for WordPress CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: CHP Ads Block Detector plugin for WordPress CVE-2023-4640 (The controller responsible for setting the logging level does not incl ...) NOT-FOR-US: YugabyteDB CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/b ...) NOT-FOR-US: bookstack CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...) NOT-FOR-US: AffiliateWP for WordPress CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, ...) NOT-FOR-US: Splunk CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...) NOT-FOR-US: WordPress plugin CVE-2023-4150 (The User Activity Tracking and Log WordPress plugin before 4.0.9 does ...) NOT-FOR-US: WordPress plugin CVE-2023-4109 (The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-4036 (The Simple Blog Card WordPress plugin before 1.32 does not ensure that ...) NOT-FOR-US: WordPress plugin CVE-2023-4035 (The Simple Blog Card WordPress plugin before 1.31 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-4023 (The All Users Messenger WordPress plugin through 1.24 does not prevent ...) NOT-FOR-US: WordPress plugin CVE-2023-4013 (The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2023-41563 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) NOT-FOR-US: Tenda CVE-2023-41562 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) NOT-FOR-US: Tenda CVE-2023-41561 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) NOT-FOR-US: Tenda CVE-2023-41560 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...) NOT-FOR-US: Tenda CVE-2023-41559 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) NOT-FOR-US: Tenda CVE-2023-41558 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-41557 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were di ...) NOT-FOR-US: Tenda CVE-2023-41556 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) NOT-FOR-US: Tenda CVE-2023-41555 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-41554 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...) NOT-FOR-US: Tenda CVE-2023-41553 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) NOT-FOR-US: Tenda CVE-2023-41552 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were ...) NOT-FOR-US: Tenda CVE-2023-41539 (phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injectio ...) NOT-FOR-US: PHPJabbers CVE-2023-41538 (phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: PHPJabbers CVE-2023-41537 (phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site S ...) NOT-FOR-US: PHPJabbers CVE-2023-41039 (RestrictedPython is a restricted execution environment for Python to r ...) - restrictedpython 6.2-1 [bookworm] - restrictedpython (Minor issue) [bullseye] - restrictedpython (Minor issue) [buster] - restrictedpython (Minor issue, no rdeps) NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40845 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40844 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40843 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40842 (Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to B ...) NOT-FOR-US: Tenda CVE-2023-40841 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40840 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40839 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C ...) NOT-FOR-US: Tenda CVE-2023-40838 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0 ...) NOT-FOR-US: Tenda CVE-2023-40837 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50 ...) NOT-FOR-US: Tenda CVE-2023-40598 (In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attac ...) NOT-FOR-US: Splunk CVE-2023-40597 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) NOT-FOR-US: Splunk CVE-2023-40596 (In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a ...) NOT-FOR-US: Splunk CVE-2023-40595 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) NOT-FOR-US: Splunk CVE-2023-40594 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) NOT-FOR-US: Splunk CVE-2023-40593 (In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious ...) NOT-FOR-US: Splunk CVE-2023-40592 (In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attac ...) NOT-FOR-US: Splunk CVE-2023-40582 (find-exec is a utility to discover available shell commands. Versions ...) NOT-FOR-US: Node find-exec CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq NOTE: Upstream mentioned on #freerdp that the advisory title/summary NOTE: should reference `nsc_rle_decode` instead of `general_LumaToYUV444`. NOTE: https://github.com/FreeRDP/FreeRDP/commit/9a1ee1bae5a9561f5031a7b69129f10458b62d4a (2.11.0) CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 (Vulnerable code introduced in 3.0.0-beta1) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/f34679397024a67ce6d568aad9ede19a8858b6f3 (3.0.0-beta1) NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ab31e8ba6ab3b4dd0183929cfb00bd5e797c402c (3.0.0-beta3) CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0) CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...) [experimental] - xrdp 0.9.24-1 - xrdp 0.9.24-2 (bug #1051061) [bookworm] - xrdp (Minor issue) [bullseye] - xrdp (Minor issue) [buster] - xrdp (Minor issue) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq NOTE: https://github.com/neutrinolabs/xrdp/commit/25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 NOTE: https://github.com/FreeRDP/FreeRDP/commit/c23cbdc4a5756bd723223c7139654de7439fdcc0 (2.11.0) CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...) NOT-FOR-US: WordPress plugin CVE-2023-3720 (The Upload Media By URL WordPress plugin before 1.0.8 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2023-3501 (The FormCraft WordPress plugin before 1.2.7 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-3356 (The Subscribers Text Counter WordPress plugin before 1.7.1 does not ha ...) NOT-FOR-US: WordPress plugin CVE-2023-3136 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: MailArchiver plugin for WordPress CVE-2023-35094 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-35092 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abha ...) NOT-FOR-US: WordPress plugin CVE-2023-34372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didi ...) NOT-FOR-US: WordPress plugin CVE-2023-34187 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan ...) NOT-FOR-US: WordPress plugin CVE-2023-34184 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik P ...) NOT-FOR-US: WordPress plugin CVE-2023-34183 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vali ...) NOT-FOR-US: WordPress plugin CVE-2023-34180 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugin ...) NOT-FOR-US: WordPress plugin CVE-2023-34176 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpr ...) NOT-FOR-US: WordPress plugin CVE-2023-34175 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSla ...) NOT-FOR-US: WordPress plugin CVE-2023-34174 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Th ...) NOT-FOR-US: WordPress plugin CVE-2023-34173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-34172 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mile ...) NOT-FOR-US: WordPress plugin CVE-2023-34032 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal C ...) NOT-FOR-US: WordPress plugin CVE-2023-34023 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-34022 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Ha ...) NOT-FOR-US: WordPress plugin CVE-2023-34008 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs W ...) NOT-FOR-US: WordPress plugin CVE-2023-34004 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-33929 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaq ...) NOT-FOR-US: WordPress plugin CVE-2023-33325 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa ...) NOT-FOR-US: WordPress plugin CVE-2023-33320 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad ...) NOT-FOR-US: WordPress plugin CVE-2023-33317 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-33210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuaj ...) NOT-FOR-US: WordPress plugin CVE-2023-33208 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmi ...) NOT-FOR-US: WordPress plugin CVE-2023-32962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasT ...) NOT-FOR-US: WordPress plugin CVE-2023-32802 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-32801 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-32793 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-32746 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-32742 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLa ...) NOT-FOR-US: WordPress plugin CVE-2023-32740 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Na ...) NOT-FOR-US: WordPress plugin CVE-2023-32597 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-32294 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radi ...) NOT-FOR-US: WordPress plugin CVE-2023-4609 REJECTED CVE-2023-4599 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: Slimstat Analytics plugin for WordPress CVE-2023-4597 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: Slimstat Analytics plugin for WordPress CVE-2023-4596 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...) NOT-FOR-US: Forminator plugin for WordPress CVE-2023-4526 REJECTED CVE-2023-4525 REJECTED CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 16.4.4+ds2-2 CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...) NOT-FOR-US: PTC Codebeamer CVE-2023-41269 REJECTED CVE-2023-41266 (A path traversal vulnerability found in Qlik Sense Enterprise for Wind ...) NOT-FOR-US: Qlik CVE-2023-41265 (An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise ...) NOT-FOR-US: Qlik CVE-2023-41153 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) - webmin CVE-2023-39559 (AudimexEE 15.0 was discovered to contain a full path disclosure vulner ...) NOT-FOR-US: AudimexEE CVE-2023-39558 (AudimexEE v15.0 was discovered to contain multiple reflected cross-sit ...) NOT-FOR-US: AudimexEE CVE-2023-38975 (* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote atta ...) NOT-FOR-US: qdrant CVE-2023-38971 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) NOT-FOR-US: Badaso CVE-2023-32241 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDevelo ...) NOT-FOR-US: WordPress plugin CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory manage ...) - linux 6.4.11-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6c21e066f9256ea1df6f88768f6ae1080b7cf509 (6.5-rc4) CVE-2023-4481 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...) {DSA-5487-1} - chromium 116.0.5845.140-1 [buster] - chromium (see DSA 5046) CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) NOT-FOR-US: KNX devices CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...) NOT-FOR-US: Nokia Service Router Operating System (SR OS) and SR Linux CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...) NOT-FOR-US: MyBB CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...) - node-openpgp (bug #787774) CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...) {DSA-5614-1 DLA-3675-1} - zbar 0.23.92-9 (bug #1051724) NOTE: https://hackmd.io/@cspl/H1PxPAUnn NOTE: https://github.com/mchehab/zbar/issues/263 NOTE: https://github.com/mchehab/zbar/pull/276 NOTE: https://github.com/mchehab/zbar/commit/012a030250a203e5529d09caedea7ad7173dacfd CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...) {DSA-5614-1 DLA-3675-1} - zbar 0.23.92-9 (bug #1051724) NOTE: https://hackmd.io/@cspl/B1ZkFZv23 NOTE: https://github.com/mchehab/zbar/issues/263 NOTE: https://github.com/mchehab/zbar/pull/276 NOTE: https://github.com/mchehab/zbar/commit/f8f8f5ccf1e8d68c3700e0f0b3d895cdf03ce679 CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) NOT-FOR-US: SpringBlade CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) NOT-FOR-US: Arista CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...) NOT-FOR-US: Nessus CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...) NOT-FOR-US: Nessus CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote attack ...) NOT-FOR-US: Nessus CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...) NOT-FOR-US: BDCOM OLT P3310D-2AC CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...) - mathjax (bug #1059304) [bookworm] - mathjax (Minor issue) [bullseye] - mathjax (Minor issue) [buster] - mathjax (Minor issue) NOTE: https://github.com/mathjax/MathJax/issues/3074 CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...) [experimental] - aom 3.7.0-1~exp1 - aom 3.7.0-1 [bookworm] - aom (Minor issue) [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/55318e3c27fbcff4b4888e6b413ca1e34e4fb8a1 (3.4.0_rc1) NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/35254736d9753447ac9bccf8e0062bdb74b0bdb7 (3.7.0_rc2) NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/cbce06167ac7adc945786320ae3ea6e39b11e1d1 (3.7.0_rc2) NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/54e4b8fffababa02c31674b3b37dc0c26dd0a898 (3.7.0_rc2) NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/df38eb169193f169bb4a81edd7b54d15cd5afc2a (3.7.0_rc2) NOTE: Testcase: https://aomedia.googlesource.com/aom/+/7c3bcc8fa57ffda7f128f3cea9e8bb31c83fe4b7 (3.7.0_rc2) NOTE: Testcase: https://aomedia.googlesource.com/aom/+/d90659acbb1487949195006d46c4582c62f1b90f (3.7.0_rc2) NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue. CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...) [experimental] - libxml2 2.12.3+dfsg-0exp1 - libxml2 (bug #1051230) [bookworm] - libxml2 (Minor issue) [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 (v2.12.0) NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129 (v2.12.0) CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...) NOT-FOR-US: authentik CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...) NOT-FOR-US: Aruba CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...) NOT-FOR-US: Aruba CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...) NOT-FOR-US: Aruba CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...) {DSA-5495-1 DLA-3573-1} - frr 8.4.4-1.1 NOTE: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling NOTE: https://github.com/FRRouting/frr/pull/14290 NOTE: https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186 NOTE: Backport for stable/8.4: https://github.com/FRRouting/frr/pull/14295 NOTE: https://github.com/FRRouting/frr/commit/46817adab03802355c3cce7b753c7a735bdcc5ae CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...) - openbgpd 8.1-1 [bookworm] - openbgpd (Minor issue) NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...) NOT-FOR-US: VMware CVE-2023-4586 (A vulnerability was found in the Hot Rod client. This security issue o ...) NOT-FOR-US: Infinispan CVE-2023-4585 (Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ...) - firefox 117.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585 CVE-2023-4584 (Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ...) {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} - firefox-esr 115.2.0esr-1 - firefox 117.0-1 - thunderbird 1:115.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4584 CVE-2023-4583 (When checking if the Browsing Context had been discarded in `HttpBaseC ...) - firefox 117.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4583 CVE-2023-4582 (Due to large allocation checks in Angle for glsl shaders being too len ...) - firefox-esr (MacOS-specific) - firefox (MacOS-specific) - thunderbird (MacOS-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582 CVE-2023-4581 (Excel `.xll` add-in files did not have a blocklist entry in Firefox's ...) {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} - firefox-esr 115.2.0esr-1 - firefox 117.0-1 - thunderbird 1:115.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4581 CVE-2023-4580 (Push notifications stored on disk in private browsing mode were not be ...) - firefox 117.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4580 CVE-2023-4579 (Search queries in the default search engine could appear to have been ...) - firefox 117.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 CVE-2023-4578 (When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ...) - firefox 117.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4578 CVE-2023-4577 (When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ...) - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - firefox 117.0-1 - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4577 CVE-2023-4576 (On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ...) - firefox-esr (Windows-specific) - firefox (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576 CVE-2023-4575 (When creating a callback over IPC for showing the File Picker window, ...) {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} - firefox-esr 115.2.0esr-1 - firefox 117.0-1 - thunderbird 1:115.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575 CVE-2023-4574 (When creating a callback over IPC for showing the Color Picker window, ...) {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} - firefox-esr 115.2.0esr-1 - firefox 117.0-1 - thunderbird 1:115.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574 CVE-2023-4573 (When receiving rendering data over IPC `mStream` could have been destr ...) {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} - firefox-esr 115.2.0esr-1 - firefox 117.0-1 - thunderbird 1:115.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4573 CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) NOT-FOR-US: Cerebrate CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) {DLA-3573-1} - frr 9.1-0.1 (bug #1055852) [bullseye] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14241 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) {DLA-3573-1} - frr 8.4.4-1.1 [bookworm] - frr 8.4.4-1.1~deb12u1 [bullseye] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14245 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702 NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14249 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7 CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/pull/14232 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f96201e104892e18493f24cf67bb713678e8237b NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e NOTE: Introduced in: https://github.com/FRRouting/frr/commit/97a52c82a569f4a2ba792fbd734f5e635a057e6f (frr-8.5-rc) CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) {DSA-5495-1 DLA-3573-1} - frr 8.4.4-1.1 NOTE: https://github.com/FRRouting/frr/pull/14260 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38 NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14270 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f291f1ee9434f56d4b185db0652794a92e313b00 CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) NOT-FOR-US: Pagekit CMS CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948 CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/pull/537 NOTE: https://github.com/pf4j/pf4j/pull/538 NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 NOTE: https://github.com/pf4j/pf4j/pull/537 NOTE: https://github.com/pf4j/pf4j/pull/538 NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) [bookworm] - libpf4j-java (Minor issue) NOTE: https://github.com/pf4j/pf4j/issues/536 NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526 NOTE: https://github.com/pf4j/pf4j/pull/538 NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) NOT-FOR-US: PerfreeBlog CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) - ming CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) [experimental] - jupyter-server 2.9.1-1 - jupyter-server (bug #1057739) [bookworm] - jupyter-server (Minor issue) [bullseye] - jupyter-server (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3 NOTE: https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925 (v2.7.2) CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...) NOT-FOR-US: Theme Volty CMS Blog CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...) NOT-FOR-US: Ansible Semaphore CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...) NOT-FOR-US: Badaso CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) NOT-FOR-US: TechView CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53 ...) NOT-FOR-US: TechView CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...) NOT-FOR-US: Dell CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...) {DSA-5492-1} - linux 6.4.13-1 NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) CVE-2023-4567 REJECTED CVE-2023-4563 REJECTED CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...) NOT-FOR-US: SmartNode SN200 (aka SN200) CVE-2023-40846 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) NOT-FOR-US: Tenda CVE-2023-40767 (User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. ...) NOT-FOR-US: PHPJabbers CVE-2023-40766 (User enumeration is found in in PHPJabbers Ticket Support Script v3.2. ...) NOT-FOR-US: PHPJabbers CVE-2023-40765 (User enumeration is found in PHPJabbers Event Booking Calendar v4.0. T ...) NOT-FOR-US: PHPJabbers CVE-2023-40764 (User enumeration is found in PHP Jabbers Car Rental Script v3.0. This ...) NOT-FOR-US: PHPJabbers CVE-2023-40763 (User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This ...) NOT-FOR-US: PHPJabbers CVE-2023-40762 (User enumeration is found in PHPJabbers Fundraising Script v1.0. This ...) NOT-FOR-US: PHPJabbers CVE-2023-40761 (User enumeration is found in PHPJabbers Yacht Listing Script v2.0. Thi ...) NOT-FOR-US: PHPJabbers CVE-2023-40760 (User enumeration is found in PHP Jabbers Hotel Booking System v4.0. Th ...) NOT-FOR-US: PHPJabbers CVE-2023-40759 (User enumeration is found in PHP Jabbers Restaurant Booking Script v3. ...) NOT-FOR-US: PHPJabbers CVE-2023-40758 (User enumeration is found in PHPJabbers Document Creator v1.0. This is ...) NOT-FOR-US: PHPJabbers CVE-2023-40757 (User enumeration is found in PHPJabbers Food Delivery Script v3.1. Thi ...) NOT-FOR-US: PHPJabbers CVE-2023-40756 (User enumeration is found in PHPJabbers Callback Widget v1.0. This iss ...) NOT-FOR-US: PHPJabbers CVE-2023-40755 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) NOT-FOR-US: PHPJabbers CVE-2023-40754 (In PHPJabbers Car Rental Script 3.0, lack of verification when changin ...) NOT-FOR-US: PHPJabbers CVE-2023-40753 (There is a Cross Site Scripting (XSS) vulnerability in the message par ...) NOT-FOR-US: PHPJabbers CVE-2023-40752 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) NOT-FOR-US: PHPJabbers CVE-2023-40751 (PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripti ...) NOT-FOR-US: PHPJabbers CVE-2023-40750 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) NOT-FOR-US: PHPJabbers CVE-2023-40749 (PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in ...) NOT-FOR-US: PHPJabbers CVE-2023-40748 (PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnera ...) NOT-FOR-US: PHPJabbers CVE-2023-40590 (GitPython is a python library used to interact with Git repositories. ...) - python-git (Only affects python-git on Windows) CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Improper c ...) [experimental] - jupyter-server 2.9.1-1 - jupyter-server (bug #1057097) [bookworm] - jupyter-server (Minor issue) [bullseye] - jupyter-server (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974 NOTE: https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd (v2.7.2) CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...) - busybox (bug #1055307) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL ...) NOT-FOR-US: theme volty tvcmsvideotab CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...) NOT-FOR-US: Zenario CMS CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2537 NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: ECTouch v2 CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) NOT-FOR-US: Spinnaker CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 al ...) NOT-FOR-US: Spipu HTML2PDF CVE-2023-38289 REJECTED CVE-2023-38288 REJECTED CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) NOT-FOR-US: Samsung CVE-2023-35785 (Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudi ...) NOT-FOR-US: Zoho CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...) NOT-FOR-US: Slive CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki ...) NOT-FOR-US: glb Meetup Tag Extension CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ...) NOT-FOR-US: nikooo777 ckSurf CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: Omeka S CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...) NOT-FOR-US: Omeka S CVE-2023-4559 (A vulnerability, which was classified as critical, has been found in B ...) NOT-FOR-US: Bettershop LaikeTui CVE-2023-4558 (A vulnerability classified as critical was found in SourceCodester Inv ...) NOT-FOR-US: SourceCodester CVE-2023-4557 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2023-40195 (Deserialization of Untrusted Data, Inclusion of Functionality from Unt ...) NOT-FOR-US: Apache Airflow Spark Provider CVE-2023-38730 (IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker ...) NOT-FOR-US: IBM CVE-2023-38030 (Saho\u2019s attendance devices ADM100 and ADM-100FP have a vulnerabili ...) NOT-FOR-US: Saho CVE-2023-38029 (Saho\u2019s attendance devices ADM100 and ADM-100FP has insufficient f ...) NOT-FOR-US: Saho CVE-2023-38028 (Saho\u2019s attendance devices ADM100 and ADM-100FP have insufficient ...) NOT-FOR-US: Saho CVE-2023-38027 (SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vu ...) NOT-FOR-US: SpotCam CVE-2023-38026 (SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-code ...) NOT-FOR-US: SpotCam CVE-2023-38025 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...) NOT-FOR-US: SpotCam CVE-2023-38024 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...) NOT-FOR-US: SpotCam CVE-2023-33852 (IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote at ...) NOT-FOR-US: IBM CVE-2016-15035 (A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified ...) NOT-FOR-US: Doc2k RE-Chat CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory Management ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4548 (A vulnerability classified as critical has been found in SPA-Cart eCom ...) NOT-FOR-US: SPA-Cart eCommerce CMS CVE-2023-4547 (A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has be ...) NOT-FOR-US: SPA-Cart eCommerce CMS CVE-2023-4546 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Plattform CVE-2023-4545 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...) NOT-FOR-US: IBOS OA CVE-2023-4544 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4543 (A vulnerability was found in IBOS OA 4.5.5. It has been declared as cr ...) NOT-FOR-US: IBOS OA CVE-2023-4542 (A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has ...) NOT-FOR-US: D-Link CVE-2023-4524 REJECTED CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote attacker ...) NOT-FOR-US: Array AG OS CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) {DSA-5522-1 DSA-5521-1 DLA-3617-1} - tomcat10 10.1.13-1 - tomcat9 9.0.70-2 - tomcat8 NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f NOTE: https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13) NOTE: https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b (9.0.80) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal vulne ...) - python-pyramid (bug #1050740) [bookworm] - python-pyramid (Minor issue) [bullseye] - python-pyramid (Python version in Bullseye is not affected) [buster] - python-pyramid (Python version in Buster is not affected) NOTE: https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 NOTE: https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 (2.0.2) NOTE: Underlying issue fixed in Python 3.11 and 3.12. CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...) NOT-FOR-US: OWASP Coraza WAF CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...) NOT-FOR-US: ironic-image container image CVE-2023-40583 (libp2p is a networking stack and library modularized out of The IPFS P ...) NOT-FOR-US: go-libp2p CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic vulnerabilities. V ...) NOT-FOR-US: weblogic-framework CVE-2023-40166 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) NOT-FOR-US: Notepad++ CVE-2023-40164 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) NOT-FOR-US: Notepad++ CVE-2023-39291 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...) NOT-FOR-US: MiVoice Connect CVE-2023-39290 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) NOT-FOR-US: MiVoice Connect CVE-2023-39289 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) NOT-FOR-US: MiVoice Connect CVE-2023-39288 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) NOT-FOR-US: MiVoice Connect CVE-2023-39287 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) NOT-FOR-US: MiVoice Connect CVE-2023-36741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) NOT-FOR-US: TechView LA-5570 Wireless Gateway CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...) {DSA-5559-1} - wireshark 4.0.8-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Vulnerable code introduced in 3.0.0) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19229 NOTE: Introduced by https://gitlab.com/wireshark/wireshark/-/commit/4ff777d5ce1d9951a1edbf7ffa914a12a00bb2b3 (v2.9.0) CVE-2023-4534 (A vulnerability, which was classified as problematic, was found in Neo ...) NOT-FOR-US: NeoMind Fusion Platform CVE-2023-4520 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2023-4508 (A user able to control file input to Gerbv, between versions 2.4.0 and ...) {DLA-3593-1} - gerbv 2.10.0-1 (bug #1050560) [bookworm] - gerbv (Minor issue) [bullseye] - gerbv (Minor issue) NOTE: https://github.com/gerbv/gerbv/issues/191 NOTE: https://github.com/gerbv/gerbv/pull/192 NOTE: https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a (v2.10.0-rc.1) CVE-2023-4478 (Mattermost fails to restrict which parameters' values it takes from th ...) - mattermost-server (bug #823556) CVE-2023-41250 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-41249 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-41248 (In JetBrains TeamCity before 2023.05.3 stored XSS was possible during ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-41173 (AdGuard DNS before 2.2 allows remote attackers to cause a denial of se ...) NOT-FOR-US: AdGuard CVE-2023-41167 (@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by c ...) NOT-FOR-US: Webiny CVE-2023-40915 (Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detec ...) NOT-FOR-US: Tenda CVE-2023-40802 (The get_parentControl_list_Info function does not verify the parameter ...) NOT-FOR-US: Tenda CVE-2023-40801 (The sub_451784 function does not validate the parameters entered by th ...) NOT-FOR-US: Tenda CVE-2023-40800 (The compare_parentcontrol_time function does not authenticate user inp ...) NOT-FOR-US: Tenda CVE-2023-40799 (Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_4 ...) NOT-FOR-US: Tenda CVE-2023-40798 (In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanPar ...) NOT-FOR-US: Tenda CVE-2023-40797 (In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not valida ...) NOT-FOR-US: Tenda CVE-2023-40796 (Phicomm k2 v22.6.529.216 was discovered to contain a command injection ...) NOT-FOR-US: Phicomm CVE-2023-40599 (Regular expression Denial-of-Service (ReDoS) exists in multiple add-on ...) NOT-FOR-US: multiple addons for Mailform Pro CGI CVE-2023-40580 (Freighter is a Stellar chrome extension. It may be possible for a mali ...) NOT-FOR-US: Freighter Stellar chrome extension CVE-2023-40579 (OpenFGA is an authorization/permission engine built for developers and ...) NOT-FOR-US: OpenFGA CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...) {DLA-3609-1} - prometheus-alertmanager 0.26.0+ds-1 (unimportant; bug #1050558) NOTE: https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j NOTE: https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72 (v0.25.1) NOTE: Debian package doesn't ship the UI CVE-2023-40576 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2 CVE-2023-40575 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v CVE-2023-40574 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 (Vulnerable code not present) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publishing da ...) NOT-FOR-US: Datasette CVE-2023-40569 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp NOTE: https://github.com/FreeRDP/FreeRDP/commit/23c3daeca1598393f8c93f563f7847a4d67919f1 (2.11.0) CVE-2023-40568 REJECTED CVE-2023-40567 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3606-1} - freerdp2 2.11.2+dfsg1-1 (bug #1051638) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp NOTE: https://github.com/FreeRDP/FreeRDP/commit/bacb8c016ef72aa767760b6b01d15500aee9d59a (2.11.0) CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...) NOT-FOR-US: 'Skylark' App CVE-2023-40182 (Silverware Games is a premium social network where people can play gam ...) NOT-FOR-US: Silverware Games CVE-2023-40179 (Silverware Games is a premium social network where people can play gam ...) NOT-FOR-US: Silverware Games CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) NOT-FOR-US: Notepad++ CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) NOT-FOR-US: Notepad++ CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...) - cargo (bug #1059305) [bookworm] - cargo (Minor issue) [bullseye] - cargo (Minor issue) [buster] - cargo (Minor issue) - rust-cargo (bug #1059306) [bookworm] - rust-cargo (Minor issue) [bullseye] - rust-cargo (Minor issue) [buster] - rust-cargo (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p NOTE: https://github.com/rust-lang/cargo/pull/12291 NOTE: https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 (0.75.0) CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...) NOT-FOR-US: GeoNode CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...) NOT-FOR-US: M-Files CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...) NOT-FOR-US: M-Files CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...) - giflib (unimportant) NOTE: https://sourceforge.net/p/giflib/bugs/166/ NOTE: Crash in CLI, negligible security impact CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) NOT-FOR-US: Free and Open Source Inventory Management System CVE-2023-39700 (IceWarp Mail Server v10.4.5 was discovered to contain a reflected cros ...) NOT-FOR-US: IceWarp CVE-2023-39699 (IceWarp Mail Server v10.4.5 was discovered to contain a local file inc ...) NOT-FOR-US: IceWarp CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: IceWarp CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...) NOT-FOR-US: Cloud Explorer Lite CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...) NOT-FOR-US: Badaso CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...) NOT-FOR-US: Badaso CVE-2023-38508 (Tuleap is an open source suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...) NOT-FOR-US: Keylime CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...) NOT-FOR-US: CasaOS CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...) NOT-FOR-US: Infoblox NIOS CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...) NOT-FOR-US: skalenetwork sgxwallet CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...) NOT-FOR-US: skalenetwork sgxwallet CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not restrict ...) NOT-FOR-US: e-Excellence U-Office Force file uploading function CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability within ...) NOT-FOR-US: e-Excellence U-Office Force CVE-2023-32755 (e-Excellence U-Office Force generates an error message in webiste serv ...) NOT-FOR-US: e-Excellence U-Office Force CVE-2023-32678 (Zulip is an open-source team collaboration tool with topic-based threa ...) NOT-FOR-US: Zulip CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...) NOT-FOR-US: WordPress plugin CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jo ...) NOT-FOR-US: WordPress plugin CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolf ...) NOT-FOR-US: WordPress plugin CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pala ...) NOT-FOR-US: WordPress plugin CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Clou ...) NOT-FOR-US: WordPress plugin CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John ...) NOT-FOR-US: WordPress plugin CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji ...) NOT-FOR-US: WordPress plugin CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Pla ...) NOT-FOR-US: WordPress plugin CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Ooga ...) NOT-FOR-US: WordPress plugin CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment vulnerabilit ...) NOT-FOR-US: Netmaker CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Object Refe ...) NOT-FOR-US: Netmaker CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...) NOT-FOR-US: Netmaker CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...) {DLA-3614-1 DLA-3575-1} - python3.12 3.12.0~rc1-2 - python3.11 3.11.5-1 [bookworm] - python3.11 (Minor issue) - python3.10 3.10.13-1 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.13+dfsg-1 [bookworm] - pypy3 (Minor issue) [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ NOTE: https://github.com/python/cpython/issues/108310 NOTE: https://github.com/python/cpython/pull/108315 NOTE: https://github.com/python/cpython/commit/0cb0c238d520a8718e313b52cffc356a5a7561bf (main) NOTE: https://github.com/python/cpython/commit/256586ab8776e4526ca594b4866b9a3492e628f1 (3.12) NOTE: https://github.com/python/cpython/commit/75a875e0df0530b75b1470d797942f90f4a718d3 (v3.11.5) NOTE: https://github.com/python/cpython/commit/37d7180cb647f0bed0c1caab0037f3bc82e2af96 (v3.10.13) NOTE: https://github.com/python/cpython/commit/264b1dacc67346efa0933d1e63f622676e0ed96b (v3.9.18) NOTE: Additional patches to stabilize the test suite may also be applied to all versions: NOTE: 1. https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3 NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47 CVE-2023-4380 (A logic flaw exists in Ansible Automation platform. Whenever a private ...) NOT-FOR-US: automation-eda-controller CVE-2023-4420 (A remote unprivileged attacker can intercept the communication via e.g ...) NOT-FOR-US: SICK LMS5xx CVE-2023-4419 (The LMS5xx uses hard-coded credentials, which potentially allow low-sk ...) NOT-FOR-US: SICK LMS5xx CVE-2023-4418 (A remote unprivileged attacker can sent multiple packages to the LMS5x ...) NOT-FOR-US: SICK LMS5xx CVE-2023-4320 (An arithmetic overflow flaw was found in Satellite when creating a new ...) NOT-FOR-US: Red Hat Satellite CVE-2023-40904 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-40902 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-40901 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-40900 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40899 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40898 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40897 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40896 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40895 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40894 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40893 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40892 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40891 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-40877 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) NOT-FOR-US: DedeCMS CVE-2023-40876 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) NOT-FOR-US: DedeCMS CVE-2023-40875 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...) NOT-FOR-US: DedeCMS CVE-2023-40874 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...) NOT-FOR-US: DedeCMS CVE-2023-40710 (An adversary could cause a continuous restart loop to the entire devic ...) NOT-FOR-US: SNAP PAC S1 Firmware CVE-2023-40709 (An adversary could crash the entire device by sending a large quantity ...) NOT-FOR-US: SNAP PAC S1 Firmware CVE-2023-40708 (The File Transfer Protocol (FTP) port is open by default in the SNAP P ...) NOT-FOR-US: SNAP PAC S1 Firmware CVE-2023-40707 (There are no requirements for setting a complex password in the built- ...) NOT-FOR-US: SNAP PAC S1 Firmware CVE-2023-40706 (There is no limit on the number of login attempts in the web server fo ...) NOT-FOR-US: SNAP PAC S1 Firmware CVE-2023-40371 (IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non- ...) NOT-FOR-US: IBM CVE-2023-39834 (PbootCMS below v3.2.0 was discovered to contain a command injection vu ...) NOT-FOR-US: PbootCMS CVE-2023-39801 (A lack of exception handling in the Renault Easy Link Multimedia Syste ...) NOT-FOR-US: Renault Easy Link Multimedia System Software CVE-2023-34973 (An insufficient entropy vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2023-34972 (A cleartext transmission of sensitive information vulnerability has be ...) NOT-FOR-US: QNAP CVE-2023-34971 (An inadequate encryption strength vulnerability has been reported to a ...) NOT-FOR-US: QNAP CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and e ...) NOT-FOR-US: Spring for Kafka CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFo ...) NOT-FOR-US: WordPress plugin CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking ...) NOT-FOR-US: WordPress plugin CVE-2023-32510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...) NOT-FOR-US: WordPress plugin CVE-2023-31412 (The LMS5xx uses weak hash generation methods, resulting in the creatio ...) NOT-FOR-US: SICK LMS5xx CVE-2023-XXXX [tryton-server lack of record validation] - tryton-server 6.0.34-1 [bookworm] - tryton-server 6.0.29-2+deb12u1 [bullseye] - tryton-server 5.0.33-2+deb11u2 [buster] - tryton-server 5.0.4-2+deb10u2 NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428 CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...) {DSA-5559-1 DLA-3746-1} - wireshark 4.0.8-1 [bullseye] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...) {DSA-5559-1} - wireshark 4.0.8-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...) {DSA-5559-1 DLA-3746-1} - wireshark 4.0.8-1 [bullseye] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) NOT-FOR-US: Moxa CVE-2023-4229 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) NOT-FOR-US: Moxa CVE-2023-4228 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) NOT-FOR-US: Moxa CVE-2023-4227 (A vulnerability has been identified in the ioLogik 4000 Series (ioLogi ...) NOT-FOR-US: Moxa CVE-2023-4042 (A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostsc ...) - ghostscript (Red Hat specific packaging issue not including fix for CVE-2020-16305) CVE-2023-41126 REJECTED CVE-2023-41125 REJECTED CVE-2023-41124 REJECTED CVE-2023-41123 REJECTED CVE-2023-41122 REJECTED CVE-2023-41028 (A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi route ...) NOT-FOR-US: Juplink router CVE-2023-40612 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file e ...) NOT-FOR-US: OpenMNS CVE-2023-40573 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-40572 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-40273 (The session fixation vulnerability allowed the authenticated user to c ...) - airflow (bug #819700) CVE-2023-40270 REJECTED CVE-2023-40185 (shescape is simple shell escape library for JavaScript. This may impac ...) NOT-FOR-US: Node shescape CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks that runs ...) NOT-FOR-US: Node saml CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-40035 (Craft is a CMS for creating custom digital experiences on the web and ...) NOT-FOR-US: Craft CMS CVE-2023-40025 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-3705 (The vulnerability exists in CP-Plus NVR due to an improper input handl ...) NOT-FOR-US: CP-Plus NVR CVE-2023-3704 (The vulnerability exists in CP-Plus DVR due to an improper input valid ...) NOT-FOR-US: CP-Plus DVR CVE-2023-3453 (ETIC Telecom RAS versions 4.7.0 and prior the web management portal au ...) NOT-FOR-US: ETIC Telecom RAS CVE-2023-39583 REJECTED CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provide ...) NOT-FOR-US: Apache Airflow SMTP Provider CVE-2023-40477 (RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remot ...) {DLA-3653-1 DLA-3543-1 DLA-3542-1} - rar 2:6.23-1 [bookworm] - rar 2:6.23-1~deb12u1 [bullseye] - rar 2:6.23-1~deb11u1 - unrar-nonfree 1:6.2.10-1 [bookworm] - unrar-nonfree 1:6.2.6-1+deb12u1 [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u3 - libclamunrar 1.0.3-1 [bookworm] - libclamunrar 1.0.3-1~deb12u1 [bullseye] - libclamunrar 0.103.10-1~deb11u1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ NOTE: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa NOTE: https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html CVE-2023-38831 (RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code w ...) NOTE: RARLabs WinRAR CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are missing authe ...) NOT-FOR-US: Walchem Intuition 9 firmware CVE-2023-37379 (Apache Airflow, in versions prior to 2.7.0, contains a security vulner ...) - airflow (bug #819700) CVE-2023-36317 (Cross Site Scripting (XSS) vulnerability in sourcecodester Student Stu ...) NOT-FOR-US: sourcecodester Student Study Center Desk Management System CVE-2023-32509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...) NOT-FOR-US: WordPress plugin CVE-2023-32505 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arsh ...) NOT-FOR-US: WordPress plugin CVE-2023-32499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeo ...) NOT-FOR-US: WordPress plugin CVE-2023-32498 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy ...) NOT-FOR-US: WordPress plugin CVE-2023-32497 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supe ...) NOT-FOR-US: WordPress plugin CVE-2023-32496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill ...) NOT-FOR-US: WordPress plugin CVE-2023-32300 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yo ...) NOT-FOR-US: WordPress plugin CVE-2023-32236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking ...) NOT-FOR-US: WordPress plugin CVE-2023-32202 (Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to ...) NOT-FOR-US: Walchem Intuition 9 firmware CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | ...) NOT-FOR-US: WordPress plugin CVE-2023-3893 (A security issue was discovered in Kubernetes where a user that can c ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2023-3955 (A security issue was discovered in Kubernetes where a user that can c ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2023-3676 (A security issue was discovered in Kubernetes where a user that can c ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2023-3899 (A vulnerability was found in subscription-manager that allows local pr ...) NOT-FOR-US: Red Hat Licence Manager CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...) NOT-FOR-US: Donation Forms by Charitable plugin for WordPress CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...) - python3.12 3.12.0~rc1-2 - python3.11 3.11.5-1 [bookworm] - python3.11 (Minor issue) - python3.10 (Vulnerable code introduced in 3.11.y) - python3.9 (Vulnerable code introduced in 3.11.y) - python3.7 (Vulnerable code introduced in 3.11.y) - python2.7 (Vulnerable code introduced in 3.11.y) NOTE: https://github.com/python/cpython/issues/106242 NOTE: https://github.com/python/cpython/pull/107983 NOTE: Backport for 3.12: https://github.com/python/cpython/pull/107981 NOTE: Backport for 3.11: https://github.com/python/cpython/pull/107982 CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x befor ...) NOT-FOR-US: libvmod-digest CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) ex ...) NOT-FOR-US: TYPO3 extension CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsC ...) NOT-FOR-US: MISP CVE-2023-40370 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vuln ...) NOT-FOR-US: IBM CVE-2023-40282 (Improper authentication vulnerability in Rakuten WiFi Pocket all versi ...) NOT-FOR-US: Rakuten WiFi Pocket CVE-2023-40158 (Hidden functionality vulnerability in the CBC products allows a remote ...) NOT-FOR-US: CBC digital video recorders CVE-2023-40144 (OS command injection vulnerability in the CBC products allows a remote ...) NOT-FOR-US: CBC digital video recorders CVE-2023-3495 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...) NOT-FOR-US: Hitachi CVE-2023-39986 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hi ...) NOT-FOR-US: Hitachi CVE-2023-39985 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...) NOT-FOR-US: Hitachi CVE-2023-39984 (** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations wit ...) NOT-FOR-US: Hitachi CVE-2023-39026 (Directory Traversal vulnerability in FileMage Gateway Windows Deployme ...) NOT-FOR-US: FileMage Gateway Windows Deployments CVE-2023-38734 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) NOT-FOR-US: IBM CVE-2023-38733 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) NOT-FOR-US: IBM CVE-2023-38585 (Improper authentication vulnerability in the CBC products allows a rem ...) NOT-FOR-US: CBC digital video recorders CVE-2023-33850 (IBM GSKit-Crypto could allow a remote attacker to obtain sensitive inf ...) NOT-FOR-US: IBM CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR Data Mas ...) NOT-FOR-US: ASUSTOR CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error m ...) NOT-FOR-US: Jenkins Fortify Plugin CVE-2023-4212 (A command injection vulnerability exists in Trane XL824, XL850, XL1050 ...) NOT-FOR-US: Trane and Pivot thermostats CVE-2023-3699 (An Improper Privilege Management vulnerability was found in ASUSTOR Da ...) NOT-FOR-US: ASUSTOR CVE-2023-39599 (Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows att ...) NOT-FOR-US: CSZ CMS CVE-2023-39141 (webui-aria2 commit 4fe2e was discovered to contain a path traversal vu ...) NOT-FOR-US: webui-aria2 CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local authenticated ...) NOT-FOR-US: Douran DSGate CVE-2023-38909 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...) NOT-FOR-US: TPLink CVE-2023-38908 (An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E bef ...) NOT-FOR-US: TPLink CVE-2023-38906 (An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L63 ...) NOT-FOR-US: TPLink CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allo ...) NOT-FOR-US: IBM CVE-2023-38668 (Stack-based buffer over-read in disasm in nasm 2.16 allows attackers t ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392811 NOTE: Crash in CLI tool, no security impact CVE-2023-38667 (Stack-based buffer over-read in function disasm in nasm 2.16 allows at ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392812 NOTE: Crash in CLI tool, no security impact CVE-2023-38666 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Bento4 CVE-2023-38665 (Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows att ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392818 NOTE: Crash in CLI tool, no security impact CVE-2023-37440 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) NOT-FOR-US: Aruba CVE-2023-37439 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37438 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37437 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37436 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37435 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37434 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37433 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37432 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37431 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37430 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37429 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) NOT-FOR-US: Aruba CVE-2023-37428 (A vulnerability in the EdgeConnect SD-WAN Orchestratorweb-based manage ...) NOT-FOR-US: Aruba CVE-2023-37427 (A vulnerability in the web-based management interface ofEdgeConnect SD ...) NOT-FOR-US: Aruba CVE-2023-37426 (EdgeConnect SD-WAN Orchestrator instances prior to theversions resolve ...) NOT-FOR-US: Aruba CVE-2023-37425 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) NOT-FOR-US: Aruba CVE-2023-37424 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) NOT-FOR-US: Aruba CVE-2023-37423 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) NOT-FOR-US: Aruba CVE-2023-37422 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) NOT-FOR-US: Aruba CVE-2023-37421 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) NOT-FOR-US: Aruba CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to execute ar ...) NOT-FOR-US: langchain CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b ...) NOT-FOR-US: Supermicro motherboard X12DPG-QR CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uploads in ...) {DLA-3557-1} - memcached 1.6.8+dfsg-1 NOTE: Fixed by: https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966 (1.6.8) CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA signature ...) - libcrypto++ (bug #1059309) [bookworm] - libcrypto++ (Minor issue) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) NOTE: Related issue: https://github.com/weidai11/cryptopp/issues/992 NOTE: This issue exists because the CVE-2019-14318 fix was intentionally removed for NOTE: functionality reasons. To fix the issue a rewrite of the rewrite the Integer class NOTE: is required. CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...) {DLA-3614-1 DLA-3575-1} - python3.9 3.9.1~rc1-1 - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue40791 NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2) NOTE: https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1) NOTE: https://github.com/python/cpython/commit/db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe (v3.7.10) NOTE: https://github.com/python/cpython/commit/8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a (v3.6.13) NOTE: https://github.com/python/cpython/issues/84968 CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...) {DLA-3614-1 DLA-3575-1} - python3.9 3.9.1~rc1-1 - python3.7 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue42051 NOTE: https://github.com/python/cpython/issues/86217 NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2) NOTE: https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe (v3.9.1rc1) NOTE: https://github.com/python/cpython/commit/65894cac0835cb8f469f649e20aa1be8bf89f5ae (v3.8.7rc1) NOTE: https://github.com/python/cpython/commit/e512bc799e3864fe3b1351757261762d63471efc (v3.7.10) NOTE: https://github.com/python/cpython/commit/a158fb9c5138db94adf24fbc5690467cda811163 (v3.6.13) CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...) {DLA-3614-1} - python3.9 3.9.1~rc1-1 - python3.7 - python2.7 (In 2.7, the plistlib parser only supports XML and not the affected binary format) - pypy3 7.3.5+dfsg-2 NOTE: https://bugs.python.org/issue42103 NOTE: https://github.com/python/cpython/issues/86269 NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2) NOTE: https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1) NOTE: https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1) NOTE: https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10) NOTE: https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13) CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in heapq ...) {DLA-3614-1 DLA-3575-1} - python3.9 (Fixed before initial upload to the archive) - python3.7 3.7.7-1 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 NOTE: https://bugs.python.org/issue39421 NOTE: https://github.com/python/cpython/issues/83602 NOTE: https://github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861 (v3.9.0a3) NOTE: https://github.com/python/cpython/commit/993811ffe75c2573f97fb3fd1414b34609b8c8db (v3.8.2rc1) NOTE: https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1) NOTE: https://github.com/python/cpython/commit/c563f409ea30bcb0623d785428c9257917371b76 (v3.6.11rc1) CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in file_copystr i ...) {DSA-5489-1} - file 1:5.44-1 [buster] - file (vulnerable code introduced later) NOTE: https://bugs.astron.com/view.php?id=310 NOTE: Fixed by: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 (FILE5_42) CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g a ...) - cacti 0.8.7i-1 NOTE: https://github.com/Cacti/cacti/issues/1882 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h) NOTE: Duplicate CVE assignment for CVE-2021-26247 CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause denial of s ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...) {DLA-3767-1} - imagemagick 8:6.9.11.57+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/004194253242af71adf5b70e151a7e89bb776eee (6.9.11-46) CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web login fu ...) - cacti 1.2.23+ds1-1 (unimportant) NOTE: https://github.com/Cacti/cacti/issues/5189 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9b53889c340031be67b62006a516e847b3793dcb (release/1.2.23) NOTE: Only an issue when running with PHP8.2. CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...) - perl 5.36.0-4 (unimportant) [bullseye] - perl (Vulnerable code introduced later) [buster] - perl (Vulnerable code introduced later) NOTE: Might be related to https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 NOTE: which is just a infinite recursion exhausting the stack, with negligible security NOTE: impact. NOTE: https://github.com/Perl/perl5/issues/19147 NOTE: Fixed by: https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6 (v5.35.5) CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building] - rust-rustls-webpki 0.104.4-1 (bug #1050298) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0053.html NOTE: https://github.com/briansmith/webpki/issues/69 CVE-2023-XXXX [RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building] - rust-webpki 0.22.1-1 (bug #1050299) [bookworm] - rust-webpki (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0052.html NOTE: https://github.com/briansmith/webpki/issues/69 CVE-2023-32184 (A Insecure Storage of Sensitive Information vulnerability in openSUSE ...) NOT-FOR-US: OpenSUSE-welcome CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used for cach ...) NOT-FOR-US: LokiStack CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) NOT-FOR-US: Wallabag CVE-2023-4454 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) NOT-FOR-US: Wallabag CVE-2023-4453 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-4417 (Improper access controls in the entry duplication component in Devolut ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-4373 (Inadequate validation of permissions when employing remote tools and m ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-40735 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: BUTTERFLY BUTTON CVE-2023-40352 (McAfee Safe Connect before 2.16.1.126 may allow an adversary with syst ...) NOT-FOR-US: McAfee CVE-2023-40068 (Cross-site scripting vulnerability in Advanced Custom Fields versions ...) NOT-FOR-US: WordPress plugin CVE-2023-3954 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) NOT-FOR-US: WordPress plugin CVE-2023-3936 (The Blog2Social WordPress plugin before 7.2.1 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-3667 (The Bit Assist WordPress plugin before 1.1.9 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-3604 (The Change WP Admin Login WordPress plugin before 1.1.4 discloses the ...) NOT-FOR-US: WordPress plugin CVE-2023-3481 (Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, w ...) NOT-FOR-US: Critters CVE-2023-3366 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) NOT-FOR-US: WordPress plugin CVE-2023-39939 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (My ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-39660 (An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a rem ...) NOT-FOR-US: Gaberiele Venturi pandasai CVE-2023-39543 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) NOT-FOR-US: LuxCal Web Calendar CVE-2023-39106 (An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows ...) NOT-FOR-US: Nacos Group Nacos Spring Project CVE-2023-39094 (Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 all ...) NOT-FOR-US: ZeroWdd studentmanager CVE-2023-39061 (Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru ...) NOT-FOR-US: Chamilo LMS CVE-2023-38976 (An issue in weaviate v.1.20.0 allows a remote attacker to cause a deni ...) NOT-FOR-US: weaviate CVE-2023-38961 (Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0 ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5092 CVE-2023-38899 (SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local ...) NOT-FOR-US: berkaygediz O_Blog CVE-2023-38836 (File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker ...) NOT-FOR-US: BoidCMS CVE-2023-38158 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38035 (A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sen ...) NOT-FOR-US: Ivanti CVE-2023-36787 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-31447 (user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all ...) NOT-FOR-US: Draytek Vigor2620 devices CVE-2023-4459 (A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in dri ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd (5.18) CVE-2023-4450 (A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has ...) NOT-FOR-US: jeecgboot JimuReport CVE-2023-4449 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) NOT-FOR-US: SourceCodester CVE-2023-4448 (A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified a ...) NOT-FOR-US: RapidCMS CVE-2023-4447 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classif ...) NOT-FOR-US: RapidCMS CVE-2023-4446 (A vulnerability, which was classified as critical, was found in OpenRa ...) NOT-FOR-US: RapidCMS CVE-2023-4445 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: Mini-Tmall CVE-2023-4444 (A vulnerability classified as critical was found in SourceCodester Fre ...) NOT-FOR-US: SourceCodester CVE-2023-4443 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2023-4442 (A vulnerability was found in SourceCodester Free Hospital Management S ...) NOT-FOR-US: SourceCodester CVE-2023-4441 (A vulnerability was found in SourceCodester Free Hospital Management S ...) NOT-FOR-US: SourceCodester CVE-2023-4440 (A vulnerability was found in SourceCodester Free Hospital Management S ...) NOT-FOR-US: SourceCodester CVE-2023-4439 (A vulnerability was found in SourceCodester Card Holder Management Sys ...) NOT-FOR-US: SourceCodester CVE-2023-4438 (A vulnerability has been found in SourceCodester Inventory Management ...) NOT-FOR-US: SourceCodester CVE-2023-4437 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2023-4436 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2023-39809 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a comm ...) NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG CVE-2023-39808 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hard ...) NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG CVE-2023-39807 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL ...) NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG CVE-2023-39786 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-39785 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-39784 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2023-39751 (TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via ...) NOT-FOR-US: TP-Link CVE-2023-39750 (D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via ...) NOT-FOR-US: D-Link CVE-2023-39749 (D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via ...) NOT-FOR-US: D-Link CVE-2023-39748 (An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N ...) NOT-FOR-US: TP-Link CVE-2023-39747 (TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discov ...) NOT-FOR-US: TP-Link CVE-2023-39745 (TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 w ...) NOT-FOR-US: TP-Link CVE-2023-39618 (TOTOLINK X5000R B20210419 was discovered to contain a remote code exec ...) NOT-FOR-US: TOTOLINK CVE-2023-39617 (TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B2023 ...) NOT-FOR-US: TOTOLINK CVE-2023-4451 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4435 (Improper Input Validation in GitHub repository hamza417/inure prior to ...) NOT-FOR-US: hamza417/inure CVE-2023-4434 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...) NOT-FOR-US: hamza417/inure CVE-2023-40711 (Veilid before 0.1.9 does not check the size of uncompressed data durin ...) NOT-FOR-US: Veilid CVE-2023-37250 (Unity Parsec has a TOCTOU race condition that permits local attackers ...) NOT-FOR-US: Unity Parsec CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4431 (Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5 ...) {DSA-5483-1} - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-4430 (Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allo ...) {DSA-5483-1} - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-4429 (Use after free in Loader in Google Chrome prior to 116.0.5845.110 allo ...) {DSA-5483-1} - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-4428 (Out of bounds memory access in CSS in Google Chrome prior to 116.0.584 ...) {DSA-5483-1} - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...) {DSA-5483-1} - chromium 116.0.5845.110-1 [buster] - chromium (see DSA 5046) CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...) - puma 5.6.7-1 (bug #1050079) [bookworm] - puma (Minor issue) [bullseye] - puma (Minor issue) [buster] - puma (invasive to backport) NOTE: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8 NOTE: https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a (master) NOTE: https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1 (v6.3.1) NOTE: https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662 (v5.6.7) CVE-2023-40174 (Social media skeleton is an uncompleted/framework social media project ...) NOT-FOR-US: social-media-skeleton CVE-2023-40173 (Social media skeleton is an uncompleted/framework social media project ...) NOT-FOR-US: social-media-skeleton CVE-2023-40172 (Social media skeleton is an uncompleted/framework social media project ...) NOT-FOR-US: social-media-skeleton CVE-2023-40037 (Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in ...) NOT-FOR-US: Apache NiFi CVE-2023-38839 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote ...) NOT-FOR-US: Kidus Minimati CVE-2023-2971 (Improper path handling in Typora before 1.7.0-dev on Windows and Linux ...) NOT-FOR-US: Typora CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has b ...) NOT-FOR-US: Ruijie CVE-2023-4414 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4413 REJECTED CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) NOT-FOR-US: TOTOLINK CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 ...) NOT-FOR-US: TOTOLINK CVE-2023-4410 (A vulnerability, which was classified as critical, was found in TOTOLI ...) NOT-FOR-US: TOTOLINK CVE-2023-4409 (A vulnerability, which was classified as critical, has been found in N ...) NOT-FOR-US: NBS&HappySoftWeChat CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon Credit ...) NOT-FOR-US: Codecanyon Credit Lite CVE-2023-40072 (OS command injection vulnerability in ELECOM network devices allows an ...) NOT-FOR-US: WAB-S600-PS CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) NOT-FOR-US: ELECOM wireless LAN routers CVE-2023-39944 (OS command injection vulnerability in WRC-F1167ACF all versions, and W ...) NOT-FOR-US: WRC-F1167ACF CVE-2023-39455 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) NOT-FOR-US: ELECOM wireless LAN routers CVE-2023-39454 (Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC- ...) NOT-FOR-US: WRC-X1800GS-B CVE-2023-39445 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) NOT-FOR-US: LAN-WH300N/RE CVE-2023-39416 (Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gatew ...) NOT-FOR-US: Proself Enterprise/Standard Edition CVE-2023-39415 (Improper authentication vulnerability in Proself Enterprise/Standard E ...) NOT-FOR-US: Proself Enterprise/Standard Edition CVE-2023-38911 (A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows att ...) NOT-FOR-US: CSZ CMS CVE-2023-38910 (CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allow ...) NOT-FOR-US: CSZ CMS CVE-2023-38890 (Online Shopping Portal Project 3.1 allows remote attackers to execute ...) NOT-FOR-US: Online Shopping Portal Project CVE-2023-38576 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) NOT-FOR-US: LAN-WH300N/RE CVE-2023-38132 (LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an i ...) NOT-FOR-US: LAN-W451NGR CVE-2023-35991 (Hidden functionality vulnerability in LOGITEC wireless LAN routers all ...) NOT-FOR-US: LOGITEC wireless LAN routers CVE-2023-32626 (Hidden functionality vulnerability in LAN-W300N/RS all versions, and L ...) NOT-FOR-US: LAN-W300N/PR5 CVE-2023-32130 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dani ...) NOT-FOR-US: WordPress plugin CVE-2023-32122 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy P ...) NOT-FOR-US: WordPress plugin CVE-2023-32109 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) NOT-FOR-US: WordPress plugin CVE-2023-32108 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) NOT-FOR-US: WordPress plugin CVE-2023-32107 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Ga ...) NOT-FOR-US: WordPress plugin CVE-2023-32106 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-32105 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...) NOT-FOR-US: WordPress plugin CVE-2023-32103 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress CVE-2023-40171 (Dispatch is an open source security incident management tool. The serv ...) NOT-FOR-US: Netflix Dispatch CVE-2023-39674 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) NOT-FOR-US: D-Link CVE-2023-39673 (Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-39672 (Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via ...) NOT-FOR-US: Tenda CVE-2023-39671 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) NOT-FOR-US: D-Link CVE-2023-39670 (Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffe ...) NOT-FOR-US: Tenda CVE-2023-39669 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer ...) NOT-FOR-US: D-Link CVE-2023-39668 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) NOT-FOR-US: D-Link CVE-2023-39667 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) NOT-FOR-US: D-Link CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contai ...) NOT-FOR-US: D-Link CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) NOT-FOR-US: D-Link CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...) NOT-FOR-US: NTSC-CRT CVE-2023-31492 (Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9ea0106a7a3d8116860712e3f17cd52ce99f6707 (6.0-rc3) CVE-2023-4030 (A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen ...) NOT-FOR-US: Lenovo CVE-2023-4029 (A buffer overflow has been identified in the BoardUpdateAcpiDxe driver ...) NOT-FOR-US: Lenovo CVE-2023-4028 (A buffer overflow has been identified in the SystemUserMasterHddPwdDxe ...) NOT-FOR-US: Lenovo CVE-2023-40315 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related ...) NOT-FOR-US: OpenMNS CVE-2023-40313 (A BeanShell interpreter in remote server mode runs in OpenMNS Horizon ...) NOT-FOR-US: OpenMNS CVE-2023-40272 (Apache Airflow Spark Provider, versions before 4.1.3, is affected by a ...) NOT-FOR-US: Apache Airflow Spark Provider CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch projects to J ...) NOT-FOR-US: TurboWarp CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library) hosting ser ...) NOT-FOR-US: rubygems/rubygems.org CVE-2023-3698 (Printer service fails to adequately handle user input, allowing an rem ...) NOT-FOR-US: ASUSTOR CVE-2023-3697 (Printer service fails to adequately handle user input, allowing an rem ...) NOT-FOR-US: ASUSTOR CVE-2023-3078 (An uncontrolled search path vulnerability was reported in the Lenovo U ...) NOT-FOR-US: Lenovo CVE-2023-39974 (Exposure of Sensitive Information vulnerability in AcyMailing Enterpri ...) NOT-FOR-US: Joomla component CVE-2023-39973 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...) NOT-FOR-US: Joomla component CVE-2023-39972 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...) NOT-FOR-US: Joomla component CVE-2023-39971 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) NOT-FOR-US: Joomla component CVE-2023-39970 (Unrestricted Upload of File with Dangerous Type vulnerability in AcyMa ...) NOT-FOR-US: Joomla component CVE-2023-39743 (lrzip-next LZMA v23.01 was discovered to contain an access violation v ...) - lrzip-next (bug #1042088) CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the libzpaq ...) - lrzip 0.651-3 (bug #1059293) [bookworm] - lrzip (Minor issue) [bullseye] - lrzip (Minor issue) [buster] - lrzip (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/246 CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a ...) NOT-FOR-US: JeecgBoot CVE-2023-38902 (A command injection vulnerability in RG-EW series home routers and rep ...) NOT-FOR-US: RG-EW CVE-2023-38843 (An issue in Atlos v.1.0 allows an authenticated attacker to execute ar ...) NOT-FOR-US: Atlos CVE-2023-38838 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote ...) NOT-FOR-US: Kidus Minimati CVE-2023-37914 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-36847 (A Missing Authentication for Critical Function vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2023-36846 (A Missing Authentication for Critical Function vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2023-36845 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...) NOT-FOR-US: Juniper CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...) NOT-FOR-US: Juniper CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2 and earlie ...) NOT-FOR-US: powerjob CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility driver in so ...) NOT-FOR-US: Lenovo CVE-2023-34412 (A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX ...) NOT-FOR-US: Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices CVE-2023-31946 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31945 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31944 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31943 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31942 (Cross Site Scripting vulnerability found in Online Travel Agency Syste ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31941 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31940 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31939 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-31938 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) NOT-FOR-US: Online Travel Agency System CVE-2023-2917 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) NOT-FOR-US: Rockwell Automation CVE-2023-2915 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) NOT-FOR-US: Rockwell Automation CVE-2023-2914 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) NOT-FOR-US: Rockwell Automation CVE-2023-2910 (Improper neutralization of special elements used in a command ('Comman ...) NOT-FOR-US: ASUSTOR CVE-2023-4395 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and classifi ...) NOT-FOR-US: Control iD Gerencia Web CVE-2023-40281 (EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerabili ...) NOT-FOR-US: EC-CUBE CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Genians CVE-2023-40251 (Missing Encryption of Sensitive Data vulnerability in Genians Genian N ...) NOT-FOR-US: Genians CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...) NOT-FOR-US: Woodpecker CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...) NOT-FOR-US: Flarum CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...) NOT-FOR-US: Oppia CVE-2023-3244 (The Comments Like Dislike plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WordPress plugin CVE-2023-39846 (An issue in Konga v0.14.9 allows attackers to bypass authentication vi ...) NOT-FOR-US: Konga CVE-2023-38894 (A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before all ...) NOT-FOR-US: Cronvel Tree-kit CVE-2023-35893 (IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote ...) NOT-FOR-US: IBM CVE-2023-35011 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to serve ...) NOT-FOR-US: IBM CVE-2023-35009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote a ...) NOT-FOR-US: IBM CVE-2023-34217 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) NOT-FOR-US: Moxa CVE-2023-34216 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) NOT-FOR-US: Moxa CVE-2023-34215 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to the ...) NOT-FOR-US: Moxa CVE-2023-34214 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) NOT-FOR-US: Moxa CVE-2023-34213 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to comm ...) NOT-FOR-US: Moxa CVE-2023-33239 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) NOT-FOR-US: Moxa CVE-2023-33238 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) NOT-FOR-US: Moxa CVE-2023-33237 (TN-5900 Series firmware version v3.3 and prior is vulnerable to improp ...) NOT-FOR-US: Moxa CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the bt ...) - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/168a2f776b9762f4021421008512dd7ab7474df1 (5.18-rc3) CVE-2023-4387 (A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/ ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/9e7fef9521e73ca8afd7da9e58c14654b02dfad8 (5.18) CVE-2023-4385 (A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap ...) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/0d4837fdb796f99369cf7691d33de1b856bcaf1f (5.19-rc1) CVE-2023-4384 (A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.1 ...) NOT-FOR-US: MaximaTech Portal Executivo CVE-2023-4383 (A vulnerability, which was classified as critical, was found in MicroW ...) NOT-FOR-US: MicroWorld eScan Anti-Virus CVE-2023-4382 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Hyip Rio CVE-2023-4381 (Unverified Password Change in GitHub repository instantsoft/icms2 prio ...) NOT-FOR-US: icms2 CVE-2023-4241 (lol-html can cause panics on certain HTML inputs. Anyone processing ar ...) NOT-FOR-US: lol-html CVE-2023-4204 (NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected ...) NOT-FOR-US: NPort IAW5000A-I/O Series firmware CVE-2023-39975 (kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...) - krb5 (Vulnerable code not present) NOTE: https://github.com/krb5/krb5/pull/1312 NOTE: Introduced by: https://github.com/krb5/krb5/commit/a9705a1e0b2cf0cde3e6f8dee14c25ffc074c00a (krb5-1.21-beta1) NOTE: Fixed by: https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 CVE-2023-39507 (Improper authorization in the custom URL scheme handler in "Rikunabi N ...) NOT-FOR-US: "Rikunabi NEXT" App for Android CVE-2023-39250 (Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSp ...) NOT-FOR-US: Dell CVE-2023-39115 (install/aiz-uploader/upload in Campcodes Online Matrimonial Website Sy ...) NOT-FOR-US: Campcodes Online Matrimonial Website System CVE-2023-38904 (A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 a ...) NOT-FOR-US: Netlify CMS CVE-2023-38737 (IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is ...) NOT-FOR-US: IBM CVE-2023-33663 (In the module \u201cCustomization fields fee for your store\u201d (aic ...) NOT-FOR-US: PrestaShop module CVE-2023-32495 (Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive i ...) NOT-FOR-US: Dell CVE-2023-32494 (Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of i ...) NOT-FOR-US: Dell CVE-2023-32493 (Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass ...) NOT-FOR-US: Dell CVE-2023-32492 (Dell PowerScale OneFS 9.5.0.x contains an incorrect default permission ...) NOT-FOR-US: Dell CVE-2023-32491 (Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive info ...) NOT-FOR-US: Dell CVE-2023-32490 (Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege manage ...) NOT-FOR-US: Dell CVE-2023-32489 (Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulne ...) NOT-FOR-US: Dell CVE-2023-32488 (Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosu ...) NOT-FOR-US: Dell CVE-2023-32487 (Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privi ...) NOT-FOR-US: Dell CVE-2023-32486 (Dell PowerScale OneFS 9.5.x version contain a privilege escalation vul ...) NOT-FOR-US: Dell CVE-2023-32453 (Dell BIOS contains an improper authentication vulnerability. A malicio ...) NOT-FOR-US: Dell CVE-2023-2737 (Improper log permissions in SafeNet Authentication ServiceVersion 3.4. ...) NOT-FOR-US: SafeNet Authentication ServiceVersion CVE-2023-4302 (A missing permission check in Jenkins Fortify Plugin 22.1.38 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-4301 (A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify P ...) NOT-FOR-US: Jenkins plugin CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite ...) NOT-FOR-US: Jenkins plugin CVE-2023-40350 (Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values re ...) NOT-FOR-US: Jenkins plugin CVE-2023-40349 (Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an optio ...) NOT-FOR-US: Jenkins plugin CVE-2023-40348 (The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provide ...) NOT-FOR-US: Jenkins plugin CVE-2023-40347 (Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earl ...) NOT-FOR-US: Jenkins plugin CVE-2023-40346 (Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortc ...) NOT-FOR-US: Jenkins plugin CVE-2023-40345 (Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate ...) NOT-FOR-US: Jenkins plugin CVE-2023-40344 (A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-40343 (Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-con ...) NOT-FOR-US: Jenkins plugin CVE-2023-40342 (Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JU ...) NOT-FOR-US: Jenkins plugin CVE-2023-40341 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...) NOT-FOR-US: Jenkins plugin CVE-2023-40340 (Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., ...) NOT-FOR-US: Jenkins plugin CVE-2023-40339 (Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier d ...) NOT-FOR-US: Jenkins plugin CVE-2023-40338 (Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an err ...) NOT-FOR-US: Jenkins plugin CVE-2023-40337 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...) NOT-FOR-US: Jenkins plugin CVE-2023-40336 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...) NOT-FOR-US: Jenkins plugin CVE-2023-4374 (The WP Remote Users Sync plugin for WordPress is vulnerable to unautho ...) NOT-FOR-US: WP Remote Users Sync plugin for WordPress CVE-2023-3958 (The WP Remote Users Sync plugin for WordPress is vulnerable to Server ...) NOT-FOR-US: WP Remote Users Sync plugin for WordPress CVE-2023-39852 (Doctormms v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Doctormms CVE-2023-39851 (webchess v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: webchess CVE-2023-39850 (Schoolmate v1.3 was discovered to contain multiple SQL injection vulne ...) NOT-FOR-US: Schoolmate CVE-2023-39849 REJECTED CVE-2023-39848 REJECTED CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...) NOT-FOR-US: phpRecDB CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...) NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4344 (Broadcom RAID Controller web interface is vulnerable to insufficient r ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4343 (Broadcom RAID Controller web interface is vulnerable due to exposure o ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4342 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4341 (Broadcom RAID Controller is vulnerable to Privilege escalation to root ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4340 (Broadcom RAID Controller is vulnerable to Privilege escalation by taki ...) NOT-FOR-US: Broadcom RAID Controller CVE-2023-4339 (Broadcom RAID Controller web interface is vulnerable to exposure of pr ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4338 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4337 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4336 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4335 (Broadcom RAID Controller Web server (nginx) is serving private server- ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4334 (Broadcom RAID Controller Web server (nginx) is serving private files w ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4333 (Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4332 (Broadcom RAID Controller web interface is vulnerable due to Improper p ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4330 REJECTED CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4328 (Broadcom RAID Controller web interface is vulnerable to exposure of s ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4327 (Broadcom RAID Controller web interface is vulnerable to exposure of se ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4326 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4325 (Broadcom RAID Controller web interface is vulnerable due to usage of L ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4324 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4323 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...) NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-40028 (Ghost is an open source content management system. Versions prior to 5 ...) NOT-FOR-US: Ghost CMS CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 built with ...) NOT-FOR-US: Keystone CMS CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1 ...) NOT-FOR-US: Suleve 5-in-1 Smart Door Lock CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Securit ...) NOT-FOR-US: Digoo DG-HAMB Smart Home Security CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock ...) NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote attacker t ...) NOT-FOR-US: llama_index CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote attacker to e ...) NOT-FOR-US: pandas-ai CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows a remot ...) NOT-FOR-US: langchain-ai CVE-2023-39438 (A missing authorization check allows an arbitrary authenticated user t ...) NOT-FOR-US: cla-assistant CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote ...) NOT-FOR-US: eVotingSystem-PHP CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...) NOT-FOR-US: Wolf-leo EasyAdmin8 CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...) - python3.12 3.12.0~b4-1 - python3.11 (Vulnerable code not present) - python3.10 (Vulnerable code not present) - python3.9 (Vulnerable code not present) - python3.7 (Vulnerable code not present) - python2.7 (Vulnerable code not present) NOTE: Introduced in https://github.com/python/cpython/commit/a474e04388c2ef6aca75c26cb70a1b6200235feb (v3.12.0b1) NOTE: https://github.com/python/cpython/commit/9e6f8d46150c1a0af09d68ce63c603cf321994aa (v3.12.0b4) NOTE: https://github.com/python/cpython/issues/105987 CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...) NOT-FOR-US: Harrison Chase langchain CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...) NOT-FOR-US: Alluxio CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...) NOT-FOR-US: COMFAST CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...) NOT-FOR-US: COMFAST CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) NOT-FOR-US: COMFAST CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) NOT-FOR-US: COMFAST CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) NOT-FOR-US: COMFAST CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote a ...) NOT-FOR-US: Wavlink CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to execute ar ...) NOT-FOR-US: LangChain CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...) - faad2 2.11.0-1 (bug #1050095) [bookworm] - faad2 (Minor issue) [bullseye] - faad2 (Minor issue) [buster] - faad2 (recheck when fixed upstream) NOTE: https://github.com/knik0/faad2/issues/173 NOTE: Fixed by: https://github.com/knik0/faad2/commit/c65ae2904192965e7c9fcafe8c1ae5fa0649eea4 (2.11.0) CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...) - faad2 2.11.0-1 (bug #1050094) [bookworm] - faad2 (Minor issue) [bullseye] - faad2 (Minor issue) [buster] - faad2 (recheck when fixed upstream) NOTE: https://github.com/knik0/faad2/issues/171 NOTE: Fixed by: https://github.com/knik0/faad2/commit/b02a9ee5bf071fa92563536c076a69dbec814e7e (2.11.0) CVE-2023-38856 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#4) NOTE: Negligible security impact CVE-2023-38855 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#6) NOTE: Negligible security impact CVE-2023-38854 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#5) NOTE: Negligible security impact CVE-2023-38853 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#1) NOTE: Negligible security impact CVE-2023-38852 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#3) NOTE: Negligible security impact CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) - r-cran-readxl (unimportant) NOTE: https://github.com/libxls/libxls/issues/124 (#2) NOTE: Negligible security impact CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...) NOT-FOR-US: Codedoc CVE-2023-38840 (Bitwarden Desktop 2023.7.0 and below allows an attacker with local acc ...) NOT-FOR-US: Bitwarden CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...) NOT-FOR-US: HPE CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...) NOT-FOR-US: HPE CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, ...) NOT-FOR-US: Ivanti CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) NOT-FOR-US: LibreNMS CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP ...) NOT-FOR-US: LiteSpeed OpenLiteSpeed CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...) NOT-FOR-US: Docker Machine CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...) NOT-FOR-US: SVG Loader CVE-2023-39829 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in Svelte ...) NOT-FOR-US: Svelecte CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) NOT-FOR-US: Android CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1051898) NOTE: https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd NOTE: https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) NOT-FOR-US: Cockpit CMS CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ...) - qemu 1:8.0.4+dfsg-2 (bug #1050140) [bookworm] - qemu (Vulnerable code intoduced later) [bullseye] - qemu (Vulnerable code intoduced later) [buster] - qemu (Vulnerable code intoduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1815 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 (v8.1.0-rc3) CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set names even ...) - xterm 382-2 (unimportant) NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380 NOTE: ReGIS support not enabled in Debian builds CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...) NOT-FOR-US: Maxscale CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with unsaniti ...) NOT-FOR-US: OpenMNS CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...) NOT-FOR-US: OpenMNS CVE-2023-40024 (ScanCode.io is a server to script and automate software composition an ...) NOT-FOR-US: ScanCode.io CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. The Yak ...) NOT-FOR-US: yaklang CVE-2023-40020 (PrivateUploader is an open source image hosting server written in Vue ...) NOT-FOR-US: PrivateUploader CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-3601 (The Simple Author Box WordPress plugin before 2.52 does not verify a u ...) NOT-FOR-US: WordPress plugin CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not correctly ...) NOT-FOR-US: WordPress plugin CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse ESET\u2019s ...) NOT-FOR-US: ESET CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not proper ...) NOT-FOR-US: YubiHSM 2 SDK CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiVoice O ...) NOT-FOR-US: Mitel CVE-2023-39292 (A SQL Injection vulnerability has been identified in the MiVoice Offic ...) NOT-FOR-US: Mitel CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a d ...) NOT-FOR-US: IBM CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...) NOT-FOR-US: IBM CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: novel-plus CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to Cross S ...) NOT-FOR-US: Code Projects Hospital Information System CVE-2023-33013 (A post-authentication command injection vulnerability in the NTP featu ...) NOT-FOR-US: Zyxel CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect through 19.3 S ...) NOT-FOR-US: Mitel CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...) NOT-FOR-US: WordPress plugin CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...) NOT-FOR-US: WordPress plugin CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 does not f ...) NOT-FOR-US: WordPress plugin CVE-2023-39950 (efibootguard is a simple UEFI boot loader with support for safely swit ...) - efibootguard 0.15-1 (bug #1049436) [bookworm] - efibootguard 0.13-2+deb12u1 NOTE: https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414 (v0.15) NOTE: https://github.com/siemens/efibootguard/commit/53dee61dc8b3a83c882e4bc9a0cfe7d6d73610c4 (v0.15) CVE-2023-40305 (GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in ...) - indent 2.2.13-3 (bug #1049366) [bookworm] - indent 2.2.12-4+deb12u2 [bullseye] - indent (Minor issue) [buster] - indent (Minor issue) NOTE: https://savannah.gnu.org/bugs/index.php?64503 CVE-2023-40303 (GNU inetutils before 2.5 may allow privilege escalation because of unc ...) {DLA-3611-1} - inetutils 2:2.4-3 (bug #1049365) [bookworm] - inetutils 2:2.4-2+deb12u1 [bullseye] - inetutils 2:2.0-1+deb11u2 NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in R ...) NOT-FOR-US: async-sockets-cpp CVE-2023-40295 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInit ...) NOT-FOR-US: libboron CVE-2023-40294 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBl ...) NOT-FOR-US: libboron CVE-2023-40293 (Harman Infotainment 20190525031613 and later allows command injection ...) NOT-FOR-US: Harman Infotainment CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP address ...) NOT-FOR-US: Harman Infotainment CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH over a U ...) NOT-FOR-US: Harman Infotainment CVE-2023-40283 (An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_s ...) {DSA-5492-1 DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.4.11-1 NOTE: https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1) CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...) - zola (bug #976052) CVE-2023-3267 (When adding a remote backup location, an authenticated user can pass a ...) NOT-FOR-US: Trellix CVE-2023-3266 (A non-feature complete authentication mechanism exists in the producti ...) NOT-FOR-US: Trellix CVE-2023-3265 (An authentication bypass exists on CyberPower PowerPanel Enterprise by ...) NOT-FOR-US: Trellix CVE-2023-3264 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-3263 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-3262 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-3261 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-3260 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-3259 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) NOT-FOR-US: Trellix CVE-2023-39406 (Permission control vulnerability in the XLayout component. Successful ...) NOT-FOR-US: Huawei CVE-2023-39405 (Vulnerability of out-of-bounds parameter read/write in the Wi-Fi modul ...) NOT-FOR-US: Huawei CVE-2023-39404 (Vulnerability of input parameter verification in certain APIs in the w ...) NOT-FOR-US: Huawei CVE-2023-39403 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39402 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39401 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39400 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39399 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39398 (Parameter verification vulnerability in the installd module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39397 (Input parameter verification vulnerability in the communication system ...) NOT-FOR-US: Huawei CVE-2023-39396 (Deserialization vulnerability in the input module. Successful exploita ...) NOT-FOR-US: Huawei CVE-2023-39395 (Mismatch vulnerability in the serialization process in the communicati ...) NOT-FOR-US: Huawei CVE-2023-39394 (Vulnerability of API privilege escalation in the wifienhance module. S ...) NOT-FOR-US: Huawei CVE-2023-39393 (Vulnerability of insecure signatures in the ServiceWifiResources modul ...) NOT-FOR-US: Huawei CVE-2023-39392 (Vulnerability of insecure signatures in the OsuLogin module. Successfu ...) NOT-FOR-US: Huawei CVE-2023-39391 (Vulnerability of system file information leakage in the USB Service mo ...) NOT-FOR-US: Huawei CVE-2023-39390 (Vulnerability of input parameter verification in certain APIs in the w ...) NOT-FOR-US: Huawei CVE-2023-39389 (Vulnerability of input parameters being not strictly verified in the P ...) NOT-FOR-US: Huawei CVE-2023-39388 (Vulnerability of input parameters being not strictly verified in the P ...) NOT-FOR-US: Huawei CVE-2023-39387 (Vulnerability of permission control in the window management module. S ...) NOT-FOR-US: Huawei CVE-2023-39386 (Vulnerability of input parameters being not strictly verified in the P ...) NOT-FOR-US: Huawei CVE-2023-39385 (Vulnerability of configuration defects in the media module of certain ...) NOT-FOR-US: Huawei CVE-2023-39384 (Vulnerability of incomplete permission verification in the input metho ...) NOT-FOR-US: Huawei CVE-2023-39383 (Vulnerability of input parameters being not strictly verified in the A ...) NOT-FOR-US: Huawei CVE-2023-39382 (Input verification vulnerability in the audio module. Successful explo ...) NOT-FOR-US: Huawei CVE-2023-39381 (Input verification vulnerability in the storage module. Successful exp ...) NOT-FOR-US: Huawei CVE-2023-39380 (Permission control vulnerability in the audio module. Successful explo ...) NOT-FOR-US: Huawei CVE-2021-46895 (Vulnerability of defects introduced in the design process in the Multi ...) NOT-FOR-US: Huawei CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following locations: ...) NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-3452 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) NOT-FOR-US: Canto plugin for WordPress CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software Lice ...) NOT-FOR-US: Snow Software CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...) NOT-FOR-US: Snow Software CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg NOTE: https://github.com/eProsima/Fast-DDS/issues/3236 NOTE: https://github.com/eProsima/Fast-DDS/commit/3aa3ee0259deaebe3d578e0ec200947bdfe7d06f (v2.10.0) NOTE: https://github.com/eProsima/Fast-DDS/commit/6bc2f8048eb9760dcbd148bdb73492e58da8eb1e (v2.9.2) CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) {DSA-5481-1} - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp NOTE: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0 NOTE: https://github.com/eProsima/Fast-DDS/pull/3343 CVE-2023-32267 (A potential vulnerability has been identified in OpenText / Micro Focu ...) NOT-FOR-US: Micro Focus CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) - froxlor (bug #581792) CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging result ...) - mattermost-server (bug #823556) CVE-2023-4107 (Mattermost fails to properly validate the requesting user permissions ...) - mattermost-server (bug #823556) CVE-2023-4106 (Mattermost fails to check if the requesting user is a guest before per ...) - mattermost-server (bug #823556) CVE-2023-4105 (Mattermost fails to delete the attachments when deleting a message in ...) - mattermost-server (bug #823556) CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi options in c ...) {DLA-3502-1} - python-git 3.1.36-1 (bug #1043503) [bookworm] - python-git 3.1.30-1+deb12u2 [bullseye] - python-git (Minor issue) NOTE: https://github.com/gitpython-developers/GitPython/pull/1609 NOTE: https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed (3.1.32) CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi ...) NOT-FOR-US: EmpowerID CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot Manager b ...) NOT-FOR-US: Veritas CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in Genians Geni ...) NOT-FOR-US: Genians CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0, Geni ...) NOT-FOR-US: Genians CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...) NOT-FOR-US: ArchiMate Archi CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.) NOT-FOR-US: MISP CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) {DSA-5661-1 DSA-5660-1 DLA-3555-1} - php8.2 8.2.10-1 (bug #1043477) [bookworm] - php8.2 (Fix along in future update) - php7.4 - php7.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) {DSA-5661-1 DSA-5660-1 DLA-3555-1} - php8.2 8.2.10-1 (bug #1043477) [bookworm] - php8.2 (Fix along in future update) - php7.4 - php7.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30) NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow Drill Provider CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows reflected ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-37513 (When the app is put to the background and the user goes to the task sw ...) NOT-FOR-US: HCL CVE-2023-37512 (When the app is put to the background and the user goes to the task sw ...) NOT-FOR-US: HCL CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a certain ...) NOT-FOR-US: HCL CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, if exploi ...) NOT-FOR-US: SolarWinds Serv-U CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) NOT-FOR-US: Intel CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID softwar ...) NOT-FOR-US: Intel CVE-2023-34355 (Uncontrolled search path element for some Intel(R) Server Board M10JNP ...) NOT-FOR-US: Intel CVE-2023-34349 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) NOT-FOR-US: Intel CVE-2023-34086 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Int ...) NOT-FOR-US: Intel CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) NOT-FOR-US: Intel CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in v ...) NOT-FOR-US: Intel CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) NOT-FOR-US: Intel CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NU ...) NOT-FOR-US: Intel CVE-2023-32609 (Improper access control in the Intel Unite(R) android application befo ...) NOT-FOR-US: Intel CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software for Inte ...) NOT-FOR-US: Intel CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware before versi ...) NOT-FOR-US: Intel CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may allow a ...) NOT-FOR-US: Intel CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool software befor ...) NOT-FOR-US: Intel CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Inte ...) NOT-FOR-US: Intel CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) NUCs may ...) NOT-FOR-US: Intel CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID software for ...) NOT-FOR-US: Intel CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before versi ...) NOT-FOR-US: Intel CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...) NOT-FOR-US: Intel CVE-2023-38104 (GStreamer RealMedia File Parsing Integer Overflow Remote Code Executio ...) {DSA-5476-1 DLA-3552-1} - gst-plugins-ugly1.0 1.22.5-1 (bug #1043501) - gst-plugins-ugly0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0005.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/67e38cf47b7683586c24de18d8253029042dc72f NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eb89e0a13eeb59fc5bab787ded50faf6a50087e3 (1.22.5) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1008/ CVE-2023-38103 (GStreamer RealMedia File Parsing Integer Overflow Remote Code Executio ...) {DSA-5476-1 DLA-3552-1} - gst-plugins-ugly1.0 1.22.5-1 (bug #1043501) - gst-plugins-ugly0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b268b27cd8ff0dda1fda71890cd414f4cb2096db NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/ CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...) {DSA-5590-1} - haproxy 2.6.15-1 (bug #1043502) [buster] - haproxy (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/2237 NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=e8ba5e106444fc78558f4ff26e9ce946f89216f4 (v2.2.31) NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=d17c50010d591d1c070e1cb0567a06032d8869e9 (v2.6.15) CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: EmbedPress plugin for WordPress CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized loss ...) NOT-FOR-US: EmbedPress plugin for WordPress CVE-2023-4275 REJECTED CVE-2023-4128 REJECTED CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count bounds chec ...) NOT-FOR-US: OpenBSD CVE-2023-39966 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-39965 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-39964 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-39963 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39962 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39961 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio calls thr ...) NOT-FOR-US: Nextcloud Talk Android CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...) NOT-FOR-US: Notes app for NextCloud CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...) NOT-FOR-US: Nextcloud OIDC backend CVE-2023-39953 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...) NOT-FOR-US: Nextcloud OIDC backend CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) - nextcloud-server (bug #941708) CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: iCMS CVE-2023-39805 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: iCMS CVE-2023-39776 (A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 a ...) NOT-FOR-US: PHPJabbers CVE-2023-39314 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa ...) NOT-FOR-US: WordPress plugin CVE-2023-38830 (An information leak in PHPJabbers Yacht Listing Script v1.0 allows att ...) NOT-FOR-US: PHPJabbers CVE-2023-38397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Egge ...) NOT-FOR-US: WordPress plugin CVE-2023-38248 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38247 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38246 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38245 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38244 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38243 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38242 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38241 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38240 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38239 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38238 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38237 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38236 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38235 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38234 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38233 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38232 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38231 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38230 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38229 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38228 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38227 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38226 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38225 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38224 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38223 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38222 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-38210 (Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resou ...) NOT-FOR-US: Adobe CVE-2023-38034 (A command injection vulnerability in the DHCP Client function of all U ...) NOT-FOR-US: UniFi CVE-2023-37988 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative ...) NOT-FOR-US: WordPress plugin CVE-2023-37983 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-37734 (EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a ...) NOT-FOR-US: EZ softmagic MP3 Audio Converter CVE-2023-37625 (A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 all ...) - netbox (bug #1017079) CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for ...) - cacti 1.2.6+ds1-1 [buster] - cacti (Unclear issue; can only be reproduced by reverting CVE-2019-16723 fixes; probably a different vector of the same vulnerability) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj (404) NOTE: https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed NOTE: https://github.com/Cacti/cacti/issues/5523 NOTE: Not possible to pinpoint exact fix, but upstream confirms that the fix is in NOTE: 1.2.6 upstream, cf. https://github.com/Cacti/cacti/issues/5523#issuecomment-1768240843 NOTE: and surrounding questions. CVE-2023-37388 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudi ...) NOT-FOR-US: WordPress plugin CVE-2023-37069 (Code-Projects Online Hospital Management System V1.0 is vulnerable to ...) NOT-FOR-US: Code-Projects Online Hospital Management System CVE-2023-36530 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smar ...) NOT-FOR-US: WordPress plugin CVE-2023-36315 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) NOT-FOR-US: PHPJabbers CVE-2023-36314 (There is a Cross Site Scripting (XSS) vulnerability in the value-text- ...) NOT-FOR-US: PHPJabbers CVE-2023-36313 (PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: PHPJabbers CVE-2023-36312 (There is a Cross Site Scripting (XSS) vulnerability in the value-enum- ...) NOT-FOR-US: PHPJabbers CVE-2023-36311 (There is a SQL injection (SQLi) vulnerability in the "column" paramete ...) NOT-FOR-US: PHPJabbers CVE-2023-36310 (There is a Cross Site Scripting (XSS) vulnerability in the "column" pa ...) NOT-FOR-US: PHPJabbers CVE-2023-36309 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) NOT-FOR-US: PHPJabbers CVE-2023-35085 (An integer overflow vulnerability in all UniFi Access Points and Switc ...) NOT-FOR-US: UniFi CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rah ...) NOT-FOR-US: WordPress plugin CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in ...) NOT-FOR-US: Ivanti CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...) NOT-FOR-US: Ivanti CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...) NOT-FOR-US: Ivanti CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Ivanti CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...) NOT-FOR-US: Ivanti CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Ivanti CVE-2023-32561 (A previously generated artifact by an administrator could be accessed ...) NOT-FOR-US: Ivanti CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...) NOT-FOR-US: Ivanti CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERGE comm ...) {DSA-5553-1} - postgresql-15 15.4-1 - postgresql-13 (Only affects 15.x) - postgresql-11 (Only affects 15.x) NOTE: https://www.postgresql.org/support/security/CVE-2023-39418/ NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4) CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...) {DSA-5554-1 DSA-5553-1 DLA-3600-1} - postgresql-15 15.4-1 - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2023-39417/ NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=de494ec14f6bd7f2676623a5934723a6c8ba51c2 (REL_15_4) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b1b585e0fc3dd195bc2e338c80760bede08de5f1 (REL_13_12) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=919ebb023e74546c6293352556365091c5402366 (REL_11_21) CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: Realia plugin for WordPress CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: Absolute Privacy plugin for WordPress CVE-2023-36673 (An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. ...) NOT-FOR-US: Avira Phantom VPN CVE-2023-36672 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...) NOT-FOR-US: Clario VPN client CVE-2023-36671 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...) NOT-FOR-US: Clario VPN client CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures the operat ...) NOT-FOR-US: WireGuard client on Windows CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might allow an ...) NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow ...) NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental policy ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) [bullseye] - nodejs (Only affects experimental policy manifests) [buster] - nodejs (v10.x doesn't support policy manifests) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 NOTE: https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d (v18.x) NOTE: https://github.com/nodejs/node/commit/4aa0eff787c14f14a239cf2f44bf751a0151e3eb (main) CVE-2023-32558 (The use of the deprecated API `process.binding()` can bypass the permi ...) - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558 CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the policy ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) [bullseye] - nodejs (Only affects experimental policy manifests) [buster] - nodejs (v10.x doesn't support policy manifests) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x) NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main) CVE-2023-32005 (A vulnerability has been identified in Node.js version 20, affecting u ...) - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005 CVE-2023-32004 (A vulnerability has been discovered in Node.js version 20, specificall ...) - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-highcve-2023-32004 CVE-2023-32003 (`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permis ...) - nodejs (Only affects 20.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003 CVE-2023-32002 (The use of `Module._load()` can bypass the policy mechanism and requir ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) [bullseye] - nodejs (Only affects experimental policy manifests) [buster] - nodejs (v10.x doesn't support policy manifests) NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x) NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main) CVE-2023-38712 (An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an ...) - libreswan 4.12-1 NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.patch CVE-2023-38711 (An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick ...) - libreswan 4.12-1 [bullseye] - libreswan (Vulnerable code not present) [buster] - libreswan (Vulnerable code not present) NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.txt NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.patch CVE-2023-38710 (An issue was discovered in Libreswan before 4.12. When an IKEv2 Child ...) - libreswan 4.12-1 NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5) NOTE: https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/ CVE-2023-40012 (uthenticode is a small cross-platform library for partially verifying ...) NOT-FOR-US: uthenticode CVE-2023-3953 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider Electric CVE-2023-3518 (HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for ...) - consul (Only affects 16.0) CVE-2023-39969 (uthenticode is a small cross-platform library for partially verifying ...) NOT-FOR-US: uthenticode CVE-2023-39531 (Sentry is an error tracking and performance monitoring platform. Start ...) NOT-FOR-US: Sentry CVE-2023-39008 (A command injection vulnerability in the component /api/cron/settings/ ...) NOT-FOR-US: OPNsense CVE-2023-39007 (/ui/cron/item/open in the Cron component of OPNsense Community Edition ...) NOT-FOR-US: OPNsense CVE-2023-39006 (The Crash Reporter (crash_reporter.php) component of OPNsense Communit ...) NOT-FOR-US: OPNsense CVE-2023-39005 (Insecure permissions exist for configd.socket in OPNsense Community Ed ...) NOT-FOR-US: OPNsense CVE-2023-39004 (Insecure permissions in the configuration directory (/conf/) of OPNsen ...) NOT-FOR-US: OPNsense CVE-2023-39003 (OPNsense Community Edition before 23.7 and Business Edition before 23. ...) NOT-FOR-US: OPNsense CVE-2023-39002 (A cross-site scripting (XSS) vulnerability in the act parameter of sys ...) NOT-FOR-US: OPNsense CVE-2023-39001 (A command injection vulnerability in the component diag_backup.php of ...) NOT-FOR-US: OPNsense CVE-2023-39000 (A reflected cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: OPNsense CVE-2023-38999 (A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/ha ...) NOT-FOR-US: OPNsense CVE-2023-38998 (An open redirect in the Login page of OPNsense Community Edition befor ...) NOT-FOR-US: OPNsense CVE-2023-38997 (A directory traversal vulnerability in the Captive Portal templates of ...) NOT-FOR-US: OPNsense CVE-2023-38348 (A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.) NOT-FOR-US: LWsystems Benno MailArchiv CVE-2023-38347 (An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attacker ...) NOT-FOR-US: LWsystems Benno MailArchiv CVE-2023-38213 (Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vul ...) NOT-FOR-US: Adobe CVE-2023-38212 (Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overf ...) NOT-FOR-US: Adobe CVE-2023-38211 (Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerab ...) NOT-FOR-US: Adobe CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers to ex ...) NOT-FOR-US: Code-Projects Gym Management System CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers ...) NOT-FOR-US: CSZCMS CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...) - grpc (bug #1059279) [bookworm] - grpc (Minor issue) [bullseye] - grpc (Minor issue) [buster] - grpc (recheck when upstream patch is available/published) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890 NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022 CVE-2023-33469 (In instances where the screen is visible and remote mouse connection i ...) NOT-FOR-US: KramerAV CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior t ...) NOT-FOR-US: KramerAV CVE-2023-32782 (A command injection was identified in PRTG 23.2.84.1566 and earlier ve ...) NOT-FOR-US: PRTG Network Monitor CVE-2023-32781 (A command injection vulnerability was identified in PRTG 23.2.84.1566 ...) NOT-FOR-US: PRTG Network Monitor CVE-2023-31452 (A cross-site request forgery (CSRF) token bypass was identified in PRT ...) NOT-FOR-US: PRTG Network Monitor CVE-2023-31450 (A path traversal vulnerability was identified in the SQL v2 sensors in ...) NOT-FOR-US: PRTG Network Monitor CVE-2023-31449 (A path traversal vulnerability was identified in the WMI Custom sensor ...) NOT-FOR-US: PRTG Network Monitor CVE-2023-31448 (A path traversal vulnerability was identified in the HL7 sensor in PRT ...) NOT-FOR-US: PRTG Network Monitor CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging export\u201d ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48603 (A SQL injection vulnerability exists in the \u201cmessage viewer ifram ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48602 (A SQL injection vulnerability exists in the \u201cmessage viewer print ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48601 (A SQL injection vulnerability exists in the \u201cnetwork print report ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48600 (A SQL injection vulnerability exists in the \u201cnotes view\u201d fea ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48599 (A SQL injection vulnerability exists in the \u201creporter events type ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48598 (A SQL injection vulnerability exists in the \u201creporter events type ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48597 (A SQL injection vulnerability exists in the \u201cticket event report\ ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48596 (A SQL injection vulnerability exists in the \u201cticket queue watcher ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48595 (A SQL injection vulnerability exists in the \u201cticket template watc ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48594 (A SQL injection vulnerability exists in the \u201cticket watchers emai ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48593 (A SQL injection vulnerability exists in the \u201ctopology data servic ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48592 (A SQL injection vulnerability exists in the vendor_country parameter o ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48591 (A SQL injection vulnerability exists in the vendor_state parameter of ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48590 (A SQL injection vulnerability exists in the \u201cadmin dynamic app mi ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48589 (A SQL injection vulnerability exists in the \u201creporting job editor ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48588 (A SQL injection vulnerability exists in the \u201cschedule editor deco ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48587 (A SQL injection vulnerability exists in the \u201cschedule editor\u201 ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48586 (A SQL injection vulnerability exists in the \u201cjson walker\u201d fe ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48585 (A SQL injection vulnerability exists in the \u201cadmin brand portal\u ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48584 (A command injection vulnerability exists in the download and convert r ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48583 (A command injection vulnerability exists in the dashboard scheduler fe ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48582 (A command injection vulnerability exists in the ticket report generate ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48581 (A command injection vulnerability exists in the \u201cdash export\u201 ...) NOT-FOR-US: ScienceLogic SL1 CVE-2022-48580 (A command injection vulnerability exists in the ARP ping device tool f ...) NOT-FOR-US: ScienceLogic SL1 CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to Arbitrary Fi ...) NOT-FOR-US: WordPress plugin CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to Information ...) NOT-FOR-US: WordPress plugin CVE-2023-4239 (The Real Estate Manager plugin for WordPress is vulnerable to privileg ...) NOT-FOR-US: WordPress plugin CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Educati ...) NOT-FOR-US: Sifir Bes Education and Informatics Kunduz Homework Helper App CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrum ...) NOT-FOR-US: OpenTelemetry Java Instrumentation CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin ...) NOT-FOR-US: Libbitcoin Explorer CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM pro ...) NOT-FOR-US: FFRI yarai CVE-2023-39214 (Exposure of sensitive information in Zoom Client SDK's before 5.15.5 m ...) NOT-FOR-US: Zoom CVE-2023-39213 (Improper neutralization of special elements in Zoom Desktop Client for ...) NOT-FOR-US: Zoom CVE-2023-39212 (Untrusted search path in Zoom Rooms for Windows before version 5.15.5 ...) NOT-FOR-US: Zoom CVE-2023-39211 (Improper privilege management in Zoom Desktop Client for Windows and Z ...) NOT-FOR-US: Zoom CVE-2023-39210 (Cleartext storage of sensitive information in Zoom Client SDK for Wind ...) NOT-FOR-US: Zoom CVE-2023-39209 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) NOT-FOR-US: Zoom CVE-2023-38752 (Improper authorization vulnerability in Special Interest Group Network ...) NOT-FOR-US: Special Interest Group Network for Analysis and Liaison CVE-2023-38751 (Improper authorization vulnerability in Special Interest Group Network ...) NOT-FOR-US: Special Interest Group Network for Analysis and Liaison CVE-2023-38209 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-38208 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-38207 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-37864 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37863 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37862 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37861 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37860 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37859 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37858 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37857 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Foundation ...) {DSA-5549-1 DLA-3595-1} - trafficserver 9.2.2+ds-1 (bug #1043430) NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...) NOT-FOR-US: Cesanta Mongoose CVE-2023-3223 (A flaw was found in undertow. Servlets annotated with @MultipartConfig ...) - undertow (bug #1054893) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689 NOTE: https://github.com/undertow-io/undertow/pull/1521 (2.3.9.Final) NOTE: https://github.com/undertow-io/undertow/pull/1523 (backport, 2.2.27.Final) NOTE: https://issues.redhat.com/browse/UNDERTOW-2271 CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) NOT-FOR-US: Advantech CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) NOT-FOR-US: Advantech CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...) NOT-FOR-US: MongoDB Ops Manager CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) NOT-FOR-US: TOTOLINK CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) NOT-FOR-US: TOTOLINK CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: mAyaNet E-Commerce Software CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...) NOT-FOR-US: jackson-dataformats-text CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Farmakom Remote Administration Console CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Oduyo Online Collection Software CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Digital Ant E-Commerce Software CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: a2 License Portal System CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: a2 Camera Trap Tracking System CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens Solid Edge CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...) NOT-FOR-US: go-libp2p CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...) NOT-FOR-US: SES CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...) NOT-FOR-US: social-media-skeleton CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) NOT-FOR-US: Dangerzone CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...) NOT-FOR-US: Zoom CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...) NOT-FOR-US: Zoom CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) NOT-FOR-US: Zoom CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...) NOT-FOR-US: ASUS CVE-2023-38815 REJECTED CVE-2023-38814 REJECTED CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) NOT-FOR-US: ChurchCRM CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) NOT-FOR-US: ChurchCRM CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) NOT-FOR-US: ChurchCRM CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...) NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) NOT-FOR-US: wger Project wger Workout Manager CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) NOT-FOR-US: Siemens CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) NOT-FOR-US: Siemens CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) NOT-FOR-US: Siemens CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...) NOT-FOR-US: Siemens CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38169 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Online Nurse Hiring System CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Online Nurse Hiring System CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Online Nurse Hiring System CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Online Nurse Hiring System CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Online Nurse Hiring System CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...) NOT-FOR-US: Bitberry File Opener CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) NOT-FOR-US: ESDS Emagic Data Center Management Suit CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...) NOT-FOR-US: Microsoft CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36911 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36910 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...) NOT-FOR-US: Microsoft CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...) NOT-FOR-US: Microsoft CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...) NOT-FOR-US: Microsoft CVE-2023-36873 (.NET Framework Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) NOT-FOR-US: WordPress plugin CVE-2023-36546 REJECTED CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client ...) NOT-FOR-US: Zoom CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...) NOT-FOR-US: Zoom CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...) NOT-FOR-US: Zoom CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...) NOT-FOR-US: Zoom CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...) NOT-FOR-US: Zoom CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...) NOT-FOR-US: Zoom CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...) NOT-FOR-US: Samsung CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...) NOT-FOR-US: Diebold Nixdorf Vynamic View Console CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...) NOT-FOR-US: Adiscon Aiscon LogAnalyzer CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...) NOT-FOR-US: PHPJabbers CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft .NET CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35385 (Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of ...) NOT-FOR-US: Microsoft CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...) NOT-FOR-US: WordPress plugin CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...) NOT-FOR-US: WordPress plugin CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...) NOT-FOR-US: Rockwell Automation CVE-2023-34319 (The fix for XSA-423 added logic to Linux'es netback driver to deal wit ...) {DSA-5492-1 DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.4.11-1 NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576 NOTE: https://xenbits.xen.org/xsa/advisory-432.html CVE-2023-3573 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-3572 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-3571 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-3570 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) NOT-FOR-US: PHOENIX CVE-2023-3569 (In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to ...) NOT-FOR-US: PHOENIX CVE-2023-3526 (In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to ...) NOT-FOR-US: PHOENIX CVE-2023-39978 (ImageMagick before 6.9.12-91 allows attackers to cause a denial of ser ...) - imagemagick (Vulnerable code not present) NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf (6.9.12-78) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 (6.9.12-91) CVE-2023-39977 REJECTED CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long ...) - libqb 2.0.8-1 [bookworm] - libqb (Minor issue) [bullseye] - libqb (Minor issue) [buster] - libqb (Vulnerable code introduced later) NOTE: https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 (v2.0.8) NOTE: https://github.com/ClusterLabs/libqb/pull/490 CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-39529 (PrestaShop is an open source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-39528 (PrestaShop is an open source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-39527 (PrestaShop is an open source e-commerce web application. Versions prio ...) NOT-FOR-US: PrestaShop CVE-2023-39526 (PrestaShop is an open source e-commerce web application. Versions prio ...) NOT-FOR-US: PrestaShop CVE-2023-39525 (PrestaShop is an open source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-39523 (ScanCode.io is a server to script and automate software composition an ...) NOT-FOR-US: ScanCode.io CVE-2023-39440 (In SAP BusinessObjects Business Intelligence - version 420, If a user ...) NOT-FOR-US: SAP CVE-2023-39439 (SAP Commerce Cloud may accept an empty passphrase for user ID and pass ...) NOT-FOR-US: SAP CVE-2023-39437 (SAP business One allows - version 10.0, allows an attacker to insert m ...) NOT-FOR-US: SAP CVE-2023-39436 (SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605 ...) NOT-FOR-US: SAP CVE-2023-37569 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) NOT-FOR-US: ESDS Emagic Data Center Management Suit CVE-2023-37492 (SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP ...) NOT-FOR-US: SAP CVE-2023-37491 (The ACL (AccessControlList) of SAP Message Server - versions KERNEL 7. ...) NOT-FOR-US: SAP CVE-2023-37490 (SAP Business Objects Installer - versions 420, 430, allows an authenti ...) NOT-FOR-US: SAP CVE-2023-37488 (In SAP NetWeaverProcess Integration - versions SAP_XIESR 7.50, SAP_XIT ...) NOT-FOR-US: SAP CVE-2023-37487 (SAP Business One (Service Layer) - version 10.0, allows an authenticat ...) NOT-FOR-US: SAP CVE-2023-37486 (Under certain conditionsSAP Commerce(OCC API) - versions HY_COM 2105, ...) NOT-FOR-US: SAP CVE-2023-37484 (SAP PowerDesigner - version 16.7, queries all password hashes in the b ...) NOT-FOR-US: SAP CVE-2023-37483 (SAP PowerDesigner - version 16.7, has improper access control which mi ...) NOT-FOR-US: SAP CVE-2023-36926 (Due to missing authentication check in SAP Host Agent - version 7.22, ...) NOT-FOR-US: SAP CVE-2023-36923 (SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 ...) NOT-FOR-US: SAP CVE-2023-33993 (B1i module of SAP Business One - version 10.0, application allows an a ...) NOT-FOR-US: SAP CVE-2023-4205 REJECTED CVE-2023-4201 (A vulnerability was found in SourceCodester Inventory Management Syste ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Management ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4155 (A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in t ...) {DSA-5492-1} - linux 6.4.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3) - vim 2:9.0.1894-1 (unimportant) [buster] - vim (Vulnerable code introduced later) NOTE: https://github.com/vim/vim/issues/12528 NOTE: https://github.com/vim/vim/pull/12540 NOTE: Introduced by: https://github.com/vim/vim/commit/361895d2a15b4b0bbbb4c009261eab5b3d69ebf1 (v9.0.0908) NOTE: https://github.com/vim/vim/commit/8154e642aa476e1a5d3de66c34e8289845b2b797 (v9.0.1664) NOTE: https://github.com/vim/vim/commit/e42989374144a63d986b878618aeac328e35ac3b (v9.0.1667) NOTE: Crash in CLI tool, no security impact CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) NOT-FOR-US: WordPress plugin CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2023-3575 (The Quiz And Survey Master WordPress plugin before 8.1.11 does not pro ...) NOT-FOR-US: WordPress plugin CVE-2023-3524 (The WPCode WordPress plugin before 2.0.13.1 does not escape generated ...) NOT-FOR-US: WordPress plugin CVE-2023-3492 (The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2023-3365 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...) NOT-FOR-US: WordPress plugin CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...) NOT-FOR-US: Netgear CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...) NOT-FOR-US: Cryptomator CVE-2023-39363 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyer CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...) NOT-FOR-US: Sentry CVE-2023-38940 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were di ...) NOT-FOR-US: Tenda CVE-2023-38939 (Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-38938 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...) NOT-FOR-US: Tenda CVE-2023-38937 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...) NOT-FOR-US: Tenda CVE-2023-38936 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06. ...) NOT-FOR-US: Tenda CVE-2023-38935 (Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, ...) NOT-FOR-US: Tenda CVE-2023-38934 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was dis ...) NOT-FOR-US: Tenda CVE-2023-38933 (Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC ...) NOT-FOR-US: Tenda CVE-2023-38932 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...) NOT-FOR-US: Tenda CVE-2023-38931 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...) NOT-FOR-US: Tenda CVE-2023-38930 (Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC ...) NOT-FOR-US: Tenda CVE-2023-38929 (Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via th ...) NOT-FOR-US: Tenda CVE-2023-38928 (Netgear R7100LG 1.0.0.78 was discovered to contain a command injection ...) NOT-FOR-US: Netgear CVE-2023-38926 (Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow v ...) NOT-FOR-US: Netgear CVE-2023-38925 (Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were disc ...) NOT-FOR-US: Netgear CVE-2023-38924 (Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow ...) NOT-FOR-US: Netgear CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...) NOT-FOR-US: Netgear CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain ...) NOT-FOR-US: Netgear CVE-2023-38704 (import-in-the-middle is a module loading interceptor specifically for ...) NOT-FOR-US: Node import-in-the-middle CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer o ...) NOT-FOR-US: Netgear CVE-2023-38412 (Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer ov ...) NOT-FOR-US: Netgear CVE-2023-38392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki ...) NOT-FOR-US: WordPress plugin CVE-2023-38157 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Joomla advcomsys.com oneVote component CVE-2023-38044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Jooma extension CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer over ...) NOT-FOR-US: Netgear CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a r ...) - textpattern CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...) {DLA-3626-1} - krb5 1.20.1-3 (bug #1043431) [bookworm] - krb5 1.20.1-2+deb12u1 [bullseye] - krb5 1.18.3-6+deb11u4 NOTE: https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Joomla extension CVE-2023-34476 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Joomla extension CVE-2023-32783 (The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 a ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-32090 (Pega platform clients who are using versions 6.1 through 7.3.1 may be ...) NOT-FOR-US: Pega CVE-2023-2843 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...) NOT-FOR-US: WordPress plugin CVE-2023-4193 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-4192 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-4191 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-39903 (An issue was discovered in Fujitsu Software Infrastructure Manager (IS ...) NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM) CVE-2023-33913 (In DRM/oemcrypto, there is a possible out of bounds write due to an in ...) NOT-FOR-US: Unisoc CVE-2023-33912 (In Contacts service, there is a possible missing permission check.This ...) NOT-FOR-US: Unisoc CVE-2023-33911 (In vowifi service, there is a possible missing permission check.This c ...) NOT-FOR-US: Unisoc CVE-2023-33910 (In Contacts Service, there is a possible missing permission check.This ...) NOT-FOR-US: Unisoc CVE-2023-33909 (In Contacts service, there is a possible missing permission check.This ...) NOT-FOR-US: Unisoc CVE-2023-33908 (In ims service, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2023-33907 (In Contacts Service, there is a possible missing permission check. Thi ...) NOT-FOR-US: Unisoc CVE-2023-33906 (In Contacts Service, there is a possible missing permission check.This ...) NOT-FOR-US: Unisoc CVE-2022-48579 (UnRAR before 6.2.3 allows extraction of files outside of the destinati ...) {DLA-3535-1} - unrar-nonfree 1:6.2.3-1 (bug #1050080) [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u2 NOTE: https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) NOT-FOR-US: Cockpit CMS CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...) NOT-FOR-US: Cockpit CMS CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...) NOT-FOR-US: SourceCodester Pharmacy Management System CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...) NOT-FOR-US: SourceCodester Online Hospital Management System CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory Management Syste ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory Management ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4182 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Inventory Management System CVE-2023-4181 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4179 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices CVE-2023-4177 (A vulnerability was found in EmpowerID up to 7.205.0.0. It has been ra ...) NOT-FOR-US: EmpowerID CVE-2023-4176 (A vulnerability was found in SourceCodester Hospital Management System ...) NOT-FOR-US: SourceCodester Hospital Management System CVE-2023-4175 (A vulnerability was found in mooSocial mooTravel 3.1.8 and classified ...) NOT-FOR-US: mooSocial mooTravel CVE-2023-4174 (A vulnerability has been found in mooSocial mooStore 3.1.6 and classif ...) NOT-FOR-US: mooSocial mooStore CVE-2023-4173 (A vulnerability, which was classified as problematic, was found in moo ...) NOT-FOR-US: mooSocial mooStore CVE-2023-4172 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System CVE-2023-4171 (A vulnerability classified as problematic was found in Chengdu Flash F ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System CVE-2023-37874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Dimit ...) NOT-FOR-US: WordPress plugin CVE-2023-37873 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-37581 (Insufficient input validation and sanitation in Weblog Category name, ...) NOT-FOR-US: Apache Roller CVE-2023-36689 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) NOT-FOR-US: WordPress plugin CVE-2023-36686 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlow ...) NOT-FOR-US: WordPress plugin CVE-2023-36678 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-b ...) NOT-FOR-US: WordPress plugin CVE-2023-34377 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jose ...) NOT-FOR-US: WordPress plugin CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insubmodule ...) NOT-FOR-US: WordPress plugin CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) NOT-FOR-US: icms2 CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...) NOT-FOR-US: icms2 CVE-2023-4187 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) NOT-FOR-US: icms2 CVE-2023-4170 (A vulnerability was found in DedeBIZ 6.2.10. It has been rated as prob ...) NOT-FOR-US: DedeBIZ CVE-2023-4169 (A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been ...) NOT-FOR-US: Ruijie RG-EW1200G CVE-2023-4168 (A vulnerability was found in Templatecookie Adlisting 2.14.0. It has b ...) NOT-FOR-US: Templatecookie Adlisting CVE-2023-4167 (A vulnerability was found in Media Browser Emby Server 4.7.13.0 and cl ...) NOT-FOR-US: Media Browser Emby Server CVE-2023-4166 (A vulnerability has been found in Tongda OA and classified as critical ...) NOT-FOR-US: Tongda OA CVE-2023-4165 (A vulnerability, which was classified as critical, was found in Tongda ...) NOT-FOR-US: Tongda OA CVE-2023-39508 (Execution with Unnecessary Privileges, : Exposure of Sensitive Informa ...) - airflow (bug #819700) CVE-2023-39346 (LinuxASMCallGraph is software for drawing the call graph of the progra ...) NOT-FOR-US: LinuxASMCallGraph CVE-2023-38943 (ShuiZe_0x727 v1.0 was discovered to contain a remote command execution ...) NOT-FOR-US: ShuiZe_0x727 CVE-2023-36095 (An issue in Harrison Chase langchain v.0.0.194 allows an attacker to e ...) NOT-FOR-US: Harrison Chase langchain CVE-2023-33367 (A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 a ...) NOT-FOR-US: Control ID IDSecure CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) NOT-FOR-US: omeka-s CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: omeka-s CVE-2023-4157 (CWE-74 Improper Neutralization of Special Elements in Output Used by a ...) NOT-FOR-US: omeka-s CVE-2023-4156 (A heap out-of-bounds read flaw was found in builtin.c in the gawk pack ...) - gawk 1:5.2.1-1 [bullseye] - gawk (Minor issue) [buster] - gawk (Minor issue, OOB read) NOTE: https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html NOTE: https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html NOTE: https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0) CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual nvme de ...) - qemu 1:8.0.4+dfsg-2 (bug #1050142) [bookworm] - qemu (Vulnerable code not present) [bullseye] - qemu (Vulnerable code not present) [buster] - qemu (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229101 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf (v8.1.0-rc4) CVE-2023-39552 REJECTED CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...) NOT-FOR-US: PHPGurukul Online Security Guards Hiring System CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive informa ...) NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM) CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. A SQL in ...) NOT-FOR-US: social-media-skeleton CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traver ...) NOT-FOR-US: PaperCut CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...) NOT-FOR-US: ECShop CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free Edition an ...) NOT-FOR-US: NoMachine Free Edition CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a cross-site s ...) NOT-FOR-US: Creative Item Academy LMS CVE-2023-38707 REJECTED CVE-2023-38702 (Knowage is an open source analytics and business intelligence suite. S ...) NOT-FOR-US: Knowage CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...) NOT-FOR-US: matrix-appservice-irc CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any AI/ML m ...) NOT-FOR-US: MindsDB AI Virtual Database CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...) NOT-FOR-US: Ethereum Name Service (ENS) CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...) - ruby-protocol-http1 (bug #1043432) [bookworm] - ruby-protocol-http1 (Minor issue) [bullseye] - ruby-protocol-http1 (Minor issue) NOTE: https://github.com/socketry/protocol-http1/pull/20 NOTE: https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding NOTE: https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj NOTE: https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd (v0.15.1) CVE-2023-38696 REJECTED CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress with jest-i ...) NOT-FOR-US: cypress-image-snapshot CVE-2023-38692 (CloudExplorer Lite is an open source, lightweight cloud management pla ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up bridges. Start ...) NOT-FOR-US: matrix-appservice-bridge CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...) NOT-FOR-US: matrix-appservice-irc CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the computer game M ...) NOT-FOR-US: Logistics Pipes CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, ...) NOT-FOR-US: twitch-tui CVE-2023-38686 (Sydent is an identity server for the Matrix communications protocol. P ...) - matrix-sydent (bug #1043162) NOTE: https://github.com/matrix-org/sydent/pull/574 NOTE: https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 (v2.5.6) NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g CVE-2023-38494 (MeterSphere is an open-source continuous testing platform. Prior to ve ...) NOT-FOR-US: MeterSphere CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative markdown not ...) NOT-FOR-US: HedgeDoc CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow authenticated user ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security ...) NOT-FOR-US: Nuclei CVE-2023-37470 (Metabase is an open-source business intelligence and analytics platfor ...) NOT-FOR-US: Metabase CVE-2023-36480 (The Aerospike Java client is a Java application that implements a netw ...) NOT-FOR-US: Aerospike Java client CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnerability ...) NOT-FOR-US: VMware CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...) NOT-FOR-US: VMware CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their MQTT bro ...) NOT-FOR-US: Connected IO CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...) NOT-FOR-US: Connected IO CVE-2023-33377 (Connected IO v2.1.0 and prior has an OS command injection vulnerabilit ...) NOT-FOR-US: Connected IO CVE-2023-33376 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...) NOT-FOR-US: Connected IO CVE-2023-33375 (Connected IO v2.1.0 and prior has a stack-based buffer overflow vulner ...) NOT-FOR-US: Connected IO CVE-2023-33374 (Connected IO v2.1.0 and prior has a command as part of its communicati ...) NOT-FOR-US: Connected IO CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials in clear ...) NOT-FOR-US: Connected IO CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded username/password pair ...) NOT-FOR-US: Connected IO CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior to 108 ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress CVE-2023-4140 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to pri ...) NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress CVE-2023-4139 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sen ...) NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi CVE-2023-39343 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2023-38991 (An issue in the delete function in the ActModelController class of jee ...) NOT-FOR-US: jeesite CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticate ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-38951 (A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attacke ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco BioTime v8. ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticat ...) NOT-FOR-US: ZKTeco BioTime CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote command ex ...) NOT-FOR-US: django-sspanel CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...) NOT-FOR-US: Pimcore CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain field o ...) NOT-FOR-US: Unica Campaign CVE-2023-37500 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...) NOT-FOR-US: Unica Platform CVE-2023-37499 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...) NOT-FOR-US: Unica Platform CVE-2023-37498 (A user is capable of assigning him/herself to arbitrary groups by reus ...) NOT-FOR-US: HCL CVE-2023-37497 (The Unica application exposes an API which accepts arbitrary XML input ...) NOT-FOR-US: Unica application CVE-2023-36159 (Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Fo ...) NOT-FOR-US: Sourcecodester Lost and Found Information System CVE-2023-36158 (Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Ma ...) NOT-FOR-US: sourcecodester Toll Tax Management System CVE-2023-36141 (User enumeration is found in in PHPJabbers Cleaning Business Software ...) NOT-FOR-US: PHPJabbers CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0, lack of verification whe ...) NOT-FOR-US: PHPJabbers CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site ...) NOT-FOR-US: PHPJabbers CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) NOT-FOR-US: PHPJabbers Class Scheduling System CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling System v1. ...) NOT-FOR-US: PHPJabbers CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of verification when ...) NOT-FOR-US: PHPJabbers CVE-2023-36133 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Acc ...) NOT-FOR-US: PHPJabbers CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorre ...) NOT-FOR-US: PHPJabbers CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrec ...) NOT-FOR-US: PHPJabbers CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL injection ...) NOT-FOR-US: ai-dev aitable CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...) - cargo (bug #1043553) [bookworm] - cargo (Minor issue) [bullseye] - cargo (Minor issue) [buster] - cargo (Minor issue, hard to exploit) - rust-cargo (bug #1043554) [bookworm] - rust-cargo (Minor issue) [bullseye] - rust-cargo (Minor issue) [buster] - rust-cargo (Minor issue, hard to exploit) NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2 NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 CVE-2023-3995 REJECTED CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4) CVE-2023-4145 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/custo ...) NOT-FOR-US: pimcore/customer-data-framework CVE-2023-4138 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2023-4136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: CrafterCMS CVE-2023-4134 [Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()] - linux 6.4.4-1 (unimportant) NOTE: https://git.kernel.org/linus/dbe836576f12743a7d2d170ad4ad4fd324c4d47a (6.5-rc1) NOTE: TOUCHSCREEN_CYTTSP4_CORE not enabled in Debian CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in the Li ...) - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3) CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb module in ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.4-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221707 NOTE: https://git.kernel.org/linus/ebad8e731c1c06adf04621d6fd327b860c0861b5 (6.3-rc1) NOTE: https://git.kernel.org/linus/6f489a966fbeb0da63d45c2c66a8957eab604bf6 (6.5-rc1) CVE-2023-4127 (Race Condition within a Thread in GitHub repository answerdev/answer p ...) NOT-FOR-US: answerdev/answer CVE-2023-4126 (Insufficient Session Expiration in GitHub repository answerdev/answer ...) NOT-FOR-US: answerdev/answer CVE-2023-4125 (Weak Password Requirements in GitHub repository answerdev/answer prior ...) NOT-FOR-US: answerdev/answer CVE-2023-4124 (Missing Authorization in GitHub repository answerdev/answer prior to v ...) NOT-FOR-US: answerdev/answer CVE-2023-4121 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4120 (A vulnerability was found in Byzoro Smart S85F Management Platform up ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and classified as pr ...) NOT-FOR-US: Academy LMS CVE-2023-4118 (A vulnerability, which was classified as problematic, was found in Cut ...) NOT-FOR-US: Cute HTTP File Server CVE-2023-4117 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: PHP Jabbers Rental Property Booking CVE-2023-4116 (A vulnerability classified as problematic was found in PHP Jabbers Tax ...) NOT-FOR-US: PHP Jabbers Taxi Booking CVE-2023-4115 (A vulnerability classified as problematic has been found in PHP Jabber ...) NOT-FOR-US: PHP Jabbers Cleaning Business CVE-2023-4114 (A vulnerability was found in PHP Jabbers Night Club Booking Software 1 ...) NOT-FOR-US: PHP Jabbers Night Club Booking Software CVE-2023-4113 (A vulnerability was found in PHP Jabbers Service Booking Script 1.0. I ...) NOT-FOR-US: PHP Jabbers Service Booking Script CVE-2023-4112 (A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. ...) NOT-FOR-US: PHP Jabbers Shuttle Booking Software CVE-2023-4111 (A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 an ...) NOT-FOR-US: PHP Jabbers Bus Reservation System CVE-2023-4110 (A vulnerability has been found in PHP Jabbers Availability Booking Cal ...) NOT-FOR-US: PHP Jabbers Availability Booking Calendar CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that stems fr ...) NOT-FOR-US: odoh-rs Rust crate CVE-2023-3749 (A local user could edit the VideoEdge configuration file and interfere ...) NOT-FOR-US: VideoEdge CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System prior t ...) NOT-FOR-US: Codesys CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before 3.5.1 ...) NOT-FOR-US: Codesys CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...) NOT-FOR-US: Codesys CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) ...) NOT-FOR-US: Wrangler CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Mitsubishi CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...) NOT-FOR-US: SpiderControl SCADA Webserver CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while handling data ...) {DLA-3604-1} - qemu 1:8.0.4+dfsg-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/04b9b37edda85964cca033a48dcc0298036782f2 (v2.8.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 (master) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f (v8.0.4) CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was discovered to s ...) NOT-FOR-US: Element55 CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: emlog CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation violatio ...) NOT-FOR-US: ngiflib CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation violatio ...) NOT-FOR-US: ngiflib CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) v ...) NOT-FOR-US: WebBoss.io CMS CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) v ...) NOT-FOR-US: WebBoss.io CMS CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions 283C35202R ...) NOT-FOR-US: Renault CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthen ...) NOT-FOR-US: ZKTeco BioAccess CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows u ...) NOT-FOR-US: ZKTeco BioAccess CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain ...) NOT-FOR-US: ZKTeco BioAccess CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection ...) NOT-FOR-US: ZKTeco BioAccess CVE-2023-38948 (An arbitrary file download vulnerability in the /c/PluginsController.p ...) NOT-FOR-US: jizhi CMS CVE-2023-38947 (An arbitrary file upload vulnerability in the /languages/install.php c ...) NOT-FOR-US: WBCE CMS CVE-2023-38942 (Dango-Translator v4.5.5 was discovered to contain a remote command exe ...) NOT-FOR-US: Dango-Translator CVE-2023-38812 REJECTED CVE-2023-38748 (Use after free vulnerability exists in CX-Programmer Included in CX-On ...) NOT-FOR-US: CX-One CXONE-AL[][]D-V4 CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in CX-Programmer Inclu ...) NOT-FOR-US: CX-One CXONE-AL[][]D-V4 CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer Include ...) NOT-FOR-US: CX-One CXONE-AL[][]D-V4 CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation of sp ...) NOT-FOR-US: OMRON CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...) NOT-FOR-US: NextGen Mirth Connect CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...) NOT-FOR-US: Codesys CVE-2023-37558 (After successful authentication as a user in multiple Codesys products ...) NOT-FOR-US: Codesys CVE-2023-37557 (After successful authentication as a user in multiple Codesys products ...) NOT-FOR-US: Codesys CVE-2023-37556 (In multiple versions of multiple Codesys products, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37555 (In multiple versions of multiple Codesys products, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37554 (In multiple versions of multiple Codesys products, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37553 (In multiple versions of multiple Codesys products, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37552 (In multiple versions of multiple Codesys products, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37551 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37550 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37549 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37548 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37547 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37546 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37545 (In multiple Codesys products in multiple versions, after successful au ...) NOT-FOR-US: Codesys CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...) NOT-FOR-US: WS-Inc J WBEM Server CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...) NOT-FOR-US: typecho CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...) NOT-FOR-US: DedeCMS CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise and Community edition v.3 ...) NOT-FOR-US: Eramba Limited Eramba Enterprise CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remo ...) NOT-FOR-US: Xoops CMS CVE-2023-36213 (SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacke ...) NOT-FOR-US: MotoCMS CVE-2023-36212 (File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacke ...) NOT-FOR-US: Total CMS CVE-2023-36082 (An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a ...) NOT-FOR-US: GatesAIr Flexiva FM Transmitter/Exiter Fax 150W CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.1 ...) NOT-FOR-US: Ivanti CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate distributi ...) NOT-FOR-US: Keyfactor EJBCA CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain ...) NOT-FOR-US: ai-dev aioptimizedcombinations CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic ...) NOT-FOR-US: Control ID IDSecure CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID IDSecure 4.7. ...) NOT-FOR-US: Control ID IDSecure CVE-2023-33369 (A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 ...) NOT-FOR-US: Control ID IDSecure CVE-2023-33368 (Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfi ...) NOT-FOR-US: Control ID IDSecure CVE-2023-33366 (A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1 ...) NOT-FOR-US: Suprema BioStar CVE-2023-33365 (A path traversal vulnerability exists in Suprema BioStar 2 before 2.9. ...) NOT-FOR-US: Suprema BioStar CVE-2023-33364 (An OS Command injection vulnerability exists in Suprema BioStar 2 befo ...) NOT-FOR-US: Suprema BioStar CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema BioStar 2 bef ...) NOT-FOR-US: Suprema BioStar CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate ...) NOT-FOR-US: Fabasoft Cloud Enterprise Client CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...) NOT-FOR-US: Cloudflare WARP client for Windows CVE-2023-4104 (An invalid Polkit Authentication check and missing authentication requ ...) - mozillavpn (bug #1043004) NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1 NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055 NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/commit/6933a07164cd69636889403c959ac2c2b115e0f6 CVE-2023-3971 (An HTML injection flaw was found in Controller in the user interface s ...) NOT-FOR-US: Red Hat Ansible Automation Controller CVE-2023-34320 (Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where ...) - xen 4.17.2-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1 NOTE: https://xenbits.xen.org/xsa/advisory-436.html CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allo ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowe ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior to 115. ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to 115.0. ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.1 ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) {DSA-5467-1} - chromium 115.0.5790.170-1 [buster] - chromium (see DSA 5046) CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for WordPress is v ...) NOT-FOR-US: Bus Ticket Booking with Seat Reservation plugin for WordPress CVE-2023-3978 (Text nodes not in the HTML namespace are incorrectly literally rendere ...) - golang-golang-x-net 1:0.14.0-1 (bug #1043163) [bookworm] - golang-golang-x-net (Minor issue) [bullseye] - golang-golang-x-net (Minor issue) - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/cl/514896 NOTE: https://go.dev/issue/61615 NOTE: https://pkg.go.dev/vuln/GO-2023-1988 NOTE: https://github.com/golang/net/commit/8ffa475fbdb33da97e8bf79cc5791ee8751fca5e (v0.13.0) CVE-2023-3470 (Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generat ...) NOT-FOR-US: F5 BIG-IP CVE-2023-3426 (The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, ...) NOT-FOR-US: Liferay CVE-2023-38423 (A cross-site scripting (XSS) vulnerability exists in an undisclosed pa ...) NOT-FOR-US: F5 BIG-IP CVE-2023-38419 (An authenticated attacker with guest privileges or higher can cause th ...) NOT-FOR-US: F5 BIG-IP CVE-2023-38418 (The BIG-IP Edge Client Installer on macOS does not follow best practic ...) NOT-FOR-US: F5 BIG-IP CVE-2023-38330 (OXID eShop Enterprise Edition 6.5.0 \u2013 6.5.2 before 6.5.3 allows u ...) NOT-FOR-US: OXID eShop Enterprise Edition CVE-2023-38138 (A reflected cross-site scripting (XSS) vulnerability exists in an undi ...) NOT-FOR-US: F5 BIG-IP CVE-2023-36858 (An insufficient verification of data vulnerability exists in BIG-IP Ed ...) NOT-FOR-US: F5 BIG-IP CVE-2023-36494 (Audit logs on F5OS-A may contain undisclosed sensitive information. No ...) NOT-FOR-US: F5 BIG-IP CVE-2023-36081 (Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/ ...) NOT-FOR-US: GatesAIr Flexiva FM Transmitter CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to ...) NOT-FOR-US: Shelly 4PM Pro four-channel smart switch CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML ...) NOT-FOR-US: Verint Engagement Management CVE-2023-4016 (Under some circumstances, this weakness allows a user who has access t ...) - procps 2:4.0.4-1 (bug #1042887) [bookworm] - procps (Minor issue) [bullseye] - procps (Minor issue) [buster] - procps (Minor issue, DoS, rare conditions) NOTE: https://gitlab.com/procps-ng/procps/-/issues/297 NOTE: https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 CVE-2023-3739 (Insufficient validation of untrusted input in Chromad in Google Chrome ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3731 (Use after free in Diagnostics in Google Chrome on ChromeOS prior to 11 ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-3729 (Use after free in Splitscreen in Google Chrome on ChromeOS prior to 11 ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-3494 (The fwctl driver implements a state machine which is executed when a b ...) NOT-FOR-US: bhyve CVE-2023-3107 (A set of carefully crafted ipv6 packets can trigger an integer overflo ...) NOT-FOR-US: FreeBSD CVE-2023-38990 (An issue in the delete function in the MenuController class of jeesite ...) NOT-FOR-US: jeesite CVE-2023-38556 (Improper input validation vulnerability in SEIKO EPSON printer Web Con ...) NOT-FOR-US: SEIKO CVE-2023-36351 (An issue in Viatom Health ViHealth for Android v.2.74.58 and before al ...) NOT-FOR-US: Viatom Health ViHealth for Android CVE-2023-36121 (Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote att ...) NOT-FOR-US: e107 CVE-2023-36118 (Cross Site Scripting vulnerability in Faculty Evaulation System using ...) NOT-FOR-US: Faculty Evaulation System CVE-2023-34869 (PHPJabbers Catering System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: PHPJabbers Catering System CVE-2023-33564 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) NOT-FOR-US: PHPJabbers Time Slots Booking Calendar CVE-2023-33563 (In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification ...) NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar CVE-2023-33562 (User enumeration is found in in PHP Jabbers Time Slots Booking Calenda ...) NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar CVE-2023-33561 (Improper input validation of password parameter in PHP Jabbers Time Sl ...) NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar CVE-2023-33560 (There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter ...) NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar CVE-2023-31928 (A reflected cross-site scripting (XSS) vulnerability exists in Brocade ...) NOT-FOR-US: Brocade CVE-2023-31927 (An information disclosure in the web interface of Brocade Fabric OS ve ...) NOT-FOR-US: Brocade CVE-2023-31926 (System files could be overwritten using the less command in Brocade Fa ...) NOT-FOR-US: Brocade CVE-2023-31432 (Through manipulation of passwords or other variables, using commands s ...) NOT-FOR-US: Brocade CVE-2023-31431 (A buffer overflow vulnerability in \u201cdiagstatus\u201d command in B ...) NOT-FOR-US: Brocade CVE-2023-31430 (A buffer overflow vulnerability in \u201csecpolicydelete\u201d command ...) NOT-FOR-US: Brocade CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...) NOT-FOR-US: Brocade CVE-2023-31428 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...) NOT-FOR-US: Brocade CVE-2023-31427 (Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2. ...) NOT-FOR-US: Brocade CVE-2023-31426 (The Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconf ...) NOT-FOR-US: Brocade CVE-2023-31425 (A vulnerability in the fosexec command of Brocade Fabric OS after Broc ...) NOT-FOR-US: Brocade CVE-2023-4008 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.0.8+ds1-1 CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all versions from ...) - gitlab (Specific to EE) CVE-2023-4002 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-3993 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-3994 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.0.8+ds1-1 CVE-2023-3900 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-3500 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.0.8+ds1-1 CVE-2023-3401 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 16.0.8+ds1-1 CVE-2023-3385 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.0.8+ds1-1 CVE-2023-3364 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.0.8+ds1-1 CVE-2023-3301 (A flaw was found in QEMU. The async nature of hot-unplug enables a rac ...) - qemu 1:8.0.3+dfsg-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 [buster] - qemu (vhost-vdpa introduced in v5.1) NOTE: https://github.com/qemu/qemu/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 (v8.1.0-rc0) NOTE: https://github.com/qemu/qemu/commit/aab37b2002811f112d5c26337473486d7d585881 (v8.0.3) NOTE: https://github.com/qemu/qemu/commit/3d12598b74ed4bcc6db8b50818a95c4b770d4487 (v7.2.4) CVE-2023-3718 (An authenticated command injection vulnerability exists in the AOS-CX ...) NOT-FOR-US: Aruba CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attacker ...) NOT-FOR-US: Uvdesk CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) NOT-FOR-US: rConfig CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) NOT-FOR-US: rConfig CVE-2023-39108 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) NOT-FOR-US: rConfig CVE-2023-38560 (An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_ ...) - ghostscript 10.02.0~dfsg-1 (unimportant) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706898 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174cb25a0cd44a1c0706c2ed73fc95bef (ghostpdl-10.02.0rc1) NOTE: Issue in PCL support shipped sourcewise in src:ghostscript CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_w ...) {DLA-3519-1} - ghostscript 10.02.0~dfsg-1 (bug #1043033) [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u2 [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u6 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706897 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (ghostpdl-10.02.0rc1) CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a low entrop ...) NOT-FOR-US: RWS WorldServer CVE-2023-37478 (pnpm is a package manager. It is possible to construct a tarball that, ...) NOT-FOR-US: pnpm CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting ...) NOT-FOR-US: Barebones CMS CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered to contai ...) NOT-FOR-US: MotoCMS CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution because .NE ...) NOT-FOR-US: Greenshot CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in mulicas ...) NOT-FOR-US: EZVIZ CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in netClientSetW ...) NOT-FOR-US: EZVIZ CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type vulnerability in th ...) NOT-FOR-US: Prestashop addon CVE-2023-32302 REJECTED CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1. ...) NOT-FOR-US: TP-Link CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs showed e ...) - firefox 116.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4058 CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ...) - firefox 116.0-1 - firefox-esr 115.1.0esr-1 [bookworm] - firefox-esr (Only affects Firefox ESR 115.1) [bullseye] - firefox-esr (Only affects Firefox ESR 115.1) [buster] - firefox-esr (Only affects Firefox ESR 115.1) - thunderbird 1:115.1.0-1 [bookworm] - thunderbird (Only affects Thunderbird 115.1) [bullseye] - thunderbird (Only affects Thunderbird 115.1) [buster] - thunderbird (Only affects Thunderbird 115.1) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4057 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4055 CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that these ...) - firefox (Affects only Firefox on Windows) - firefox-esr (Affects only Firefox on Windows) - thunderbird (Affects only Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4054 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4054 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054 CVE-2023-4053 (A website could have obscured the full screen notification by using a ...) - firefox 116.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4053 CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...) - firefox (Affects only Firefox on Windows) - firefox-esr (Affects only Firefox ESR 115.0.1 on Windows) - thunderbird (Affects only Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4052 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4052 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4052 CVE-2023-4051 (A website could have obscured the full screen notification by using th ...) - firefox 116.0-1 - firefox-esr 115.2.0esr-1 [bookworm] - firefox-esr (ESR 102 not affected) [bullseye] - firefox-esr (ESR 102 not affected) [buster] - firefox-esr (ESR 102 not affected) - thunderbird 1:115.2.0-1 [bookworm] - thunderbird (ESR 102 not affected) [bullseye] - thunderbird (ESR 102 not affected) [buster] - thunderbird (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4051 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4051 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4050 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4049 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049 CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4048 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048 CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4047 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047 CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4046 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046 CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 - firefox-esr 115.1.0esr-1 - thunderbird 1:115.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4045 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4045 CVE-2023-36325 [Attackers can de-anonymize i2p hidden services with a message replay attack] - i2p (bug #1043161) NOTE: https://xeiaso.net/blog/CVE-2023-36325 NOTE: https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0 NOTE: https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f (i2p-2.3.0) CVE-2023-4033 (OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0 ...) NOT-FOR-US: mlflow CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to bein ...) NOT-FOR-US: PTC KEPServerEX CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user enumerat ...) NOT-FOR-US: HashiCorp Vault CVE-2023-39122 (BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Serv ...) NOT-FOR-US: BMC Control-M Software CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain a SQL in ...) NOT-FOR-US: Online Shopping Portal Project CVE-2023-37496 (HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulner ...) NOT-FOR-US: HCL CVE-2023-36984 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.) NOT-FOR-US: LavaLite CMS CVE-2023-36983 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.) NOT-FOR-US: LavaLite CMS CVE-2023-34960 (A command injection vulnerability in the wsConvertPpt component of Cha ...) NOT-FOR-US: Chamilo CMS CVE-2023-4026 REJECTED CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in the Li ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726 NOTE: https://github.com/wanrenmi/a-usb-kernel-bug CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected by a pot ...) NOT-FOR-US: Splunk SOAR CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...) NOT-FOR-US: Advantech iView CVE-2023-3817 (Issue summary: Checking excessively long DH keys or parameters may be ...) {DLA-3530-1} - openssl 3.0.10-1 [bookworm] - openssl 3.0.10-1~deb12u1 [bullseye] - openssl 1.1.1v-0~deb11u1 NOTE: https://www.openssl.org/news/secadv/20230731.txt NOTE: https://www.openwall.com/lists/oss-security/2023/07/31/1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1c16253f3c3a8d1e25918c3f404aae6a5b0893de (master) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 (openssl-3.1.2) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f (openssl-3.0.10) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 (OpenSSL_1_1_1v) CVE-2023-3508 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed ...) NOT-FOR-US: WordPress plugin CVE-2023-3507 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed ...) NOT-FOR-US: WordPress plugin CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2023-3292 (The grid-kit-premium WordPress plugin before 2.2.0 does not escape som ...) NOT-FOR-US: WordPress plugin CVE-2023-3134 (The Forminator WordPress plugin before 1.24.4 does not properly escape ...) NOT-FOR-US: WordPress plugin CVE-2023-3130 (The Short URL WordPress plugin before 1.6.5 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-38989 (An issue in the delete function in the UserController class of jeesite ...) NOT-FOR-US: jeesite CVE-2023-38750 (In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 ...) NOT-FOR-US: Zimbra CVE-2023-38311 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) - webmin CVE-2023-38310 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) - webmin CVE-2023-38309 (An issue was discovered in Webmin 2.021. A Reflected Cross-Site Script ...) - webmin CVE-2023-38308 (An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) ...) - webmin CVE-2023-38307 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) - webmin CVE-2023-38306 (An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) ...) - webmin CVE-2023-38305 (An issue was discovered in Webmin 2.021. The download functionality al ...) - webmin CVE-2023-38304 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) - webmin CVE-2023-38303 (An issue was discovered in Webmin 2.021. One can exploit a stored Cros ...) - webmin CVE-2023-37771 (Art Gallery Management System v1.0 contains a SQL injection vulnerabil ...) NOT-FOR-US: Art Gallery Management System CVE-2023-37647 (SEMCMS v1.5 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: SEMCMS CVE-2023-37580 (Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the ...) NOT-FOR-US: Zimbra CVE-2023-36092 (Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows ...) NOT-FOR-US: D-Link CVE-2023-36091 (Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows ...) NOT-FOR-US: D-Link CVE-2023-36090 (Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows ...) NOT-FOR-US: D-Link CVE-2023-36089 (Authentication Bypass vulnerability in D-Link DIR-645 firmware version ...) NOT-FOR-US: D-Link CVE-2023-35861 (A shell-injection vulnerability in email notifications on Supermicro m ...) NOT-FOR-US: Supermicro CVE-2023-35792 (Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scrip ...) NOT-FOR-US: Vound Intella Connect CVE-2023-35791 (Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.) NOT-FOR-US: Vound Intella Connect CVE-2023-34917 (Fuge CMS v1.0 contains an Open Redirect vulnerability in member/Regist ...) NOT-FOR-US: Fuge CMS CVE-2023-34916 (Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/Proce ...) NOT-FOR-US: Fuge CMS CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a re ...) [experimental] - poppler 23.08.0-1 - poppler 24.02.0-2 (bug #1042811) [bookworm] - poppler (Minor issue) [bullseye] - poppler (Vulnerable code introduced later) [buster] - poppler (Vulnerable code introduced later) NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/fa494b780ab69ef04ba7447ab6d8fc3b46373e59 (poppler-21.08.0) NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe (poppler-23.06.0) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows ...) NOT-FOR-US: DedeCMS CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks Product: RG-EW ...) NOT-FOR-US: Ruijie CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injec ...) NOT-FOR-US: Wifi Soft Unibox Administration CVE-2023-33534 (A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intellig ...) NOT-FOR-US: Guanzhou Tozed Kangwei CVE-2020-36763 (Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote a ...) NOT-FOR-US: DuxCMS CVE-2023-4007 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-4006 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: phpmyfaq CVE-2023-4005 (Insufficient Session Expiration in GitHub repository fossbilling/fossb ...) NOT-FOR-US: fossbilling CVE-2023-35019 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...) NOT-FOR-US: IBM CVE-2023-35016 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...) NOT-FOR-US: IBM CVE-2023-34360 (A stored cross-site scripting (XSS) issue was discovered within the Cu ...) NOT-FOR-US: ASUS CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...) NOT-FOR-US: ASUS CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...) NOT-FOR-US: ASUS CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3) CVE-2023-3976 NOT-FOR-US: Red Hat OpenStack Platform CVE-2023-37219 (Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formul ...) NOT-FOR-US: Tadiran Telecom Composit CVE-2023-37218 (Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a ...) NOT-FOR-US: Tadiran Telecom Aeonix CVE-2023-37217 (Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy) NOT-FOR-US: Tadiran Telecom Aeonix CVE-2023-37216 (AnaSystem SensMini M4 \u2013 Using the configuration tool, an authenti ...) NOT-FOR-US: AnaSystem SensMini M4 CVE-2023-37215 (JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials) NOT-FOR-US: JBL soundbar multibeam CVE-2023-37214 (Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.) NOT-FOR-US: Heights Telecom ERO1xS-Pro Dual-Band FW CVE-2023-37213 (Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection') NOT-FOR-US: Synel SYnergy Fingerprint Terminals CVE-2023-32227 (Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Crede ...) NOT-FOR-US: Synel SYnergy Fingerprint Terminals CVE-2023-32226 (Sysaid - CWE-552: Files or Directories Accessible to External Parties ...) NOT-FOR-US: SysAid CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A ...) NOT-FOR-US: SysAid CVE-2023-4012 (ntpd will crash if the server is not NTS-enabled (no certificate) and ...) {DSA-5466-1} - ntpsec 1.2.2+dfsg1-2 (bug #1038422) [bullseye] - ntpsec (Vulnerable code introduced later) [buster] - ntpsec (Vulnerable code introduced later) NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/794 NOTE: https://blog.ntpsec.org/2023/08/03/version-1.2.2a.html CVE-2023-38988 (An issue in the delete function in the OaNotifyController class of jee ...) NOT-FOR-US: jeesite CVE-2023-3598 (Out of bounds read and write in ANGLE in Google Chrome prior to 114.0. ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-3488 (Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and ear ...) NOT-FOR-US: GBL parser in Silicon Labs GSDK CVE-2023-39190 REJECTED CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain a code i ...) NOT-FOR-US: university compass CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code injection vul ...) NOT-FOR-US: oscore CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain a code i ...) NOT-FOR-US: wix-embedded-mysql CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a code inje ...) NOT-FOR-US: stanford-parser CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code injection vuln ...) NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code injection ...) NOTE: Disputed Quartz issue NOTE: https://github.com/quartz-scheduler/quartz/issues/943 CVE-2023-39016 (bboss-persistent v6.0.9 and below was discovered to contain a code inj ...) NOT-FOR-US: bboss-persistent CVE-2023-39015 (webmagic-extension v0.9.0 and below was discovered to contain a code i ...) NOT-FOR-US: webmagic-extension CVE-2023-39013 (Duke v1.2 and below was discovered to contain a code injection vulnera ...) NOT-FOR-US: Duke CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection vulnerability v ...) NOT-FOR-US: BoofCV CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: jeecg-boot CVE-2023-38685 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-38684 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-38498 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-37906 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-37904 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-37754 (PowerJob v4.3.3 was discovered to contain a remote command execution ( ...) NOT-FOR-US: PowerJob CVE-2023-37467 (Discourse is an open source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-31937 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) NOT-FOR-US: Rail Pass Management System CVE-2023-31936 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) NOT-FOR-US: Rail Pass Management System CVE-2023-31935 (Cross Site Scripting vulnerability found in Rail Pass Management Syste ...) NOT-FOR-US: Rail Pass Management System CVE-2023-31934 (Cross Site Scripting vulnerability found in Rail Pass Management Syste ...) NOT-FOR-US: Rail Pass Management System CVE-2023-31933 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) NOT-FOR-US: Rail Pass Management System CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) NOT-FOR-US: Rail Pass Management System CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned above. A ...) NOT-FOR-US: ABB AO-OPC CVE-2023-3990 (A vulnerability classified as problematic has been found in Mingsoft M ...) NOT-FOR-US: Mingsoft MCMS CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store System 1.0. ...) NOT-FOR-US: SourceCodester Jewelry Store System CVE-2023-3988 (A vulnerability was found in Cafe Billing System 1.0. It has been decl ...) NOT-FOR-US: Cafe Billing System CVE-2023-3987 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...) NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System CVE-2023-3986 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...) NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System CVE-2023-3985 (A vulnerability has been found in SourceCodester Online Jewelry Store ...) NOT-FOR-US: SourceCodester Online Jewelry Store CVE-2023-3984 (A vulnerability, which was classified as critical, was found in phpscr ...) NOT-FOR-US: phpscriptpoint CVE-2023-3977 (Several plugins for WordPress by Inisev are vulnerable to Cross-Site R ...) NOT-FOR-US: WordPress plugin CVE-2023-3774 (An unhandled error in Vault Enterprise's namespace creation may cause ...) NOT-FOR-US: HashiCorp Vault CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4 ...) NOT-FOR-US: CODESYS CVE-2023-38609 (An injection issue was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...) NOT-FOR-US: Apple CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-36495 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2023-34425 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper P ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard- ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper A ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Stor ...) NOT-FOR-US: TeleAdapt RoomCast TA-2400 CVE-2023-32654 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32445 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-32444 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over ...) NOT-FOR-US: Apple CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before ...) {DLA-3805-1 DLA-3539-1} - qt6-base 6.4.2+dfsg-20 (bug #1059302) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src-gles 5.15.10+dfsg-2 [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) - qtbase-opensource-src 5.15.10+dfsg-3 [bookworm] - qtbase-opensource-src (Minor issue) [bullseye] - qtbase-opensource-src (Minor issue) - qt4-x11 NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027 CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: omeka-s CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s ...) NOT-FOR-US: omeka-s CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) NOT-FOR-US: omeka-s CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.5. ...) NOT-FOR-US: jgraph/drawio CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.4. ...) NOT-FOR-US: jgraph/drawio CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/dra ...) NOT-FOR-US: jgraph/drawio CVE-2023-3970 (A vulnerability, which was classified as problematic, was found in GZ ...) NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP CVE-2023-3969 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream \ ...) NOT-FOR-US: WordPress plugin CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in version 3. ...) NOT-FOR-US: Tolgee CVE-2023-38509 (XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki ...) NOT-FOR-US: XWiki CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system DietPi. T ...) NOT-FOR-US: DietPi-Dashboard CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps prior to ...) NOT-FOR-US: sails.js CVE-2023-38495 (Crossplane is a framework for building cloud native control planes wit ...) NOT-FOR-US: Crossplane CVE-2023-38492 (Kirby is a content management system. A vulnerability in versions prio ...) NOT-FOR-US: Kirby CMS CVE-2023-38491 (Kirby is a content management system. A vulnerability in versions prio ...) NOT-FOR-US: Kirby CMS CVE-2023-38490 (Kirby is a content management system. A vulnerability in versions prio ...) NOT-FOR-US: Kirby CMS CVE-2023-38489 (Kirby is a content management system. A vulnerability in versions prio ...) NOT-FOR-US: Kirby CMS CVE-2023-38488 (Kirby is a content management system. A vulnerability in versions prio ...) NOT-FOR-US: Kirby CMS CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De ...) NOT-FOR-US: WordPress plugin CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube A ...) NOT-FOR-US: WordPress plugin CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grav ...) NOT-FOR-US: WordPress plugin CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday ...) NOT-FOR-US: WordPress plugin CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnel ...) NOT-FOR-US: WordPress plugin CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...) NOT-FOR-US: WordPress plugin CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-37900 (Crossplane is a framework for building cloud native control planes wit ...) NOT-FOR-US: Crossplane CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...) NOT-FOR-US: WooCommerce plugin CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...) NOT-FOR-US: PHPGurukul Online Fire Reporting System CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...) NOT-FOR-US: PHPGurukul Online Fire Reporting System CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...) NOT-FOR-US: WordPress plugin CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2023-3451 REJECTED CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-38425 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38424 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38421 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...) - modsecurity 3.0.10-1 (bug #1042475) [bookworm] - modsecurity 3.0.9-1+deb12u1 [bullseye] - modsecurity (Minor issue) [buster] - modsecurity (Minor issue) NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38259 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/233 NOTE: https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 NOTE: Crash in CLI tool, no security impact CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4 allows at ...) NOT-FOR-US: October CMS CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) NOT-FOR-US: Apple CVE-2023-36854 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-35993 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-35983 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2023-32734 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access C ...) NOT-FOR-US: Dell CVE-2023-32443 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32442 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2023-32441 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-32437 (The issue was addressed with improvements to the file handling protoco ...) NOT-FOR-US: Apple CVE-2023-32433 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32429 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-32418 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-32416 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2023-32381 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32364 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...) NOT-FOR-US: SolarWinds CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...) NOT-FOR-US: B&R Industrial Automation CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...) - intellij-idea (bug #747616) CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...) NOT-FOR-US: PaddlePaddle CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause ...) NOT-FOR-US: PaddlePaddle CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Thi ...) NOT-FOR-US: PaddlePaddle CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. ...) NOT-FOR-US: PaddlePaddle CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This r ...) NOT-FOR-US: PaddlePaddle CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open redirect v ...) NOT-FOR-US: Netdisco CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a cross-site scrip ...) NOT-FOR-US: Netdisco CVE-2023-37049 (emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\templat ...) NOT-FOR-US: emlog CVE-2023-33802 (A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to caus ...) NOT-FOR-US: SumatraPDF Reader CVE-2023-33308 (A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS ver ...) NOT-FOR-US: FortiGuard CVE-2023-33229 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...) NOT-FOR-US: SolarWinds CVE-2023-33225 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-33224 (The SolarWinds Platform was susceptible to the Incorrect Behavior Orde ...) NOT-FOR-US: SolarWinds CVE-2023-31466 (An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Conf ...) NOT-FOR-US: FSMLabs TimeKeeper CVE-2023-31465 (An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. B ...) NOT-FOR-US: FSMLabs TimeKeeper CVE-2023-3442 (A missing authorization vulnerability exists in versions of the Jenkin ...) NOT-FOR-US: Jenkins plugin CVE-2023-3414 (A cross-site request forgery vulnerability exists in versions of the J ...) NOT-FOR-US: Jenkins plugin CVE-2023-39156 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Pl ...) NOT-FOR-US: Jenkins plugin CVE-2023-39155 (Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user. ...) NOT-FOR-US: Jenkins plugin CVE-2023-39154 (Incorrect permission checks in Jenkins Qualys Web App Scanning Connect ...) NOT-FOR-US: Jenkins plugin CVE-2023-39153 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Au ...) NOT-FOR-US: Jenkins plugin CVE-2023-39152 (Always-incorrect control flow implementation in Jenkins Gradle Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize o ...) - jenkins CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress CVE-2023-3946 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...) NOT-FOR-US: ePO CVE-2023-3945 (A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been cl ...) NOT-FOR-US: phpscriptpoint CVE-2023-3944 (A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified ...) NOT-FOR-US: phpscriptpoint CVE-2023-3897 (Username enumeration is possible through Bypassing CAPTCHA in On-premi ...) NOT-FOR-US: On-premise SureMDM Solution CVE-2023-3890 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3548 (An unauthorized user could gain account access to IQ Wifi 6 versions p ...) NOT-FOR-US: IQ Wifi CVE-2023-3486 (An authentication bypass exists in PaperCut NG versions 22.0.12 and pr ...) NOT-FOR-US: PaperCut NG CVE-2023-39175 (In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integr ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-39174 (In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-39173 (In JetBrains TeamCity before 2023.05.2 a token with limited permission ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-39130 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap bu ...) - gdb (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30641 NOTE: Crash in CLI tool, no security impact CVE-2023-39129 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap us ...) - gdb (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30640 NOTE: Crash in CLI tool, no security impact CVE-2023-39128 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack o ...) - gdb (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 NOTE: Crash in CLI tool, no security impact CVE-2023-38555 (Authentication bypass vulnerability in Fujitsu network devices Si-R se ...) NOT-FOR-US: Fujitsu network devices CVE-2023-38503 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-38502 (TDengine is an open source, time-series database optimized for Interne ...) - tdengine (bug #992514) CVE-2023-38501 (copyparty is file server software. Prior to version 1.8.7, the applica ...) NOT-FOR-US: copyparty CVE-2023-38500 (TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to p ...) NOT-FOR-US: TYPO3 HTML Sanitizer CVE-2023-38499 (TYPO3 is an open source PHP based web content management system. Start ...) NOT-FOR-US: Typo3 CVE-2023-38496 (Apptainer is an open source container platform. Version 1.2.0-rc.2 int ...) NOT-FOR-US: Apptainer NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx NOTE: Specific to Apptainer and not in singularity-container CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix variables. ...) NOT-FOR-US: Armeria CVE-2023-38435 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Apache Felix Healthcheck Webconsole Plugin CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded c ...) NOT-FOR-US: Fujitsu CVE-2023-37920 (Certifi is a curated collection of Root Certificates for validating th ...) - python-certifi (unimportant) NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability allows act ...) NOT-FOR-US: Cal.com CVE-2023-37907 (Cryptomator is data encryption software for users who store their file ...) NOT-FOR-US: Cryptomator CVE-2023-37902 (Vyper is a Pythonic programming language that targets the Ethereum Vir ...) NOT-FOR-US: Vyper CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a re ...) NOT-FOR-US: Pligg CMS CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create archive ...) NOT-FOR-US: Plexis Archiver CVE-2023-37258 (DataEase is an open source data visualization analysis tool. Prior to ...) NOT-FOR-US: DataEase CVE-2023-37257 (DataEase is an open source data visualization analysis tool. Prior to ...) NOT-FOR-US: DataEase CVE-2023-36826 (Sentry is an error tracking and performance monitoring platform. Start ...) NOT-FOR-US: Sentry CVE-2023-36806 (Contao is an open source content management system. Starting in versio ...) NOT-FOR-US: Contao CMS CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max F ...) NOT-FOR-US: WordPress plugin CVE-2023-36502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-36501 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) NOT-FOR-US: WordPress plugin CVE-2023-36385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo Po ...) NOT-FOR-US: WordPress plugin CVE-2023-35982 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2023-35981 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2023-35980 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2023-35944 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-35943 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-35942 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-35941 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-35929 (Tuleap is a free and open source suite to improve management of softwa ...) NOT-FOR-US: Tuleap CVE-2023-35043 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel R ...) NOT-FOR-US: WordPress plugin CVE-2023-34798 (An arbitrary file upload vulnerability in eoffice before v9.5 allows a ...) NOT-FOR-US: eoffice CVE-2023-34369 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gran ...) NOT-FOR-US: WordPress plugin CVE-2023-34235 (Strapi is an open-source headless content management system. Prior to ...) NOT-FOR-US: Strapi CVE-2023-34093 (Strapi is an open-source headless content management system. Prior to ...) NOT-FOR-US: Strapi CVE-2023-34017 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStar ...) NOT-FOR-US: WordPress plugin CVE-2023-33925 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginFo ...) NOT-FOR-US: WordPress plugin CVE-2023-32629 (Local privilege escalation vulnerability in Ubuntu Kernels overlayfs o ...) - linux (Ubuntu-specific issue) CVE-2023-32468 (Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of ...) NOT-FOR-US: Dell CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability d ...) NOT-FOR-US: NodeBB CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...) - linux (Ubuntu-specific issue) CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...) NOT-FOR-US: OpenThread CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...) {DSA-5492-1 DLA-3623-1} - linux 6.4.13-1 [bullseye] - linux 5.10.197-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...) {DSA-5492-1 DLA-3710-1 DLA-3623-1} - linux 6.4.13-1 [bullseye] - linux 5.10.197-1 NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/ NOTE: https://www.openwall.com/lists/oss-security/2023/08/10/1 CVE-2023-37895 (Java object deserialization issue in Jackrabbit webapp/standalone on a ...) - jackrabbit 2.20.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2023/07/25/8 NOTE: standalone and webapp modules are not enabled in Debian packages CVE-2023-3888 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3887 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3886 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3885 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3884 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3883 (A vulnerability, which was classified as problematic, was found in Cam ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3882 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3881 (A vulnerability classified as critical was found in Campcodes Beauty S ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3880 (A vulnerability classified as critical has been found in Campcodes Bea ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3879 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3878 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3877 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3876 (A vulnerability was found in Campcodes Beauty Salon Management System ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3875 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3874 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3873 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3872 (A vulnerability classified as critical was found in Campcodes Beauty S ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3871 (A vulnerability classified as critical has been found in Campcodes Bea ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Biltay Technology Scienta CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be triggered ...) - pandoc (Incomplete fixes for CVE-2023-35936 not applied) NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via schedu ...) NOT-FOR-US: REDCap CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL Command ('S ...) NOT-FOR-US: Apache InLong CVE-2023-35078 (An authentication bypass vulnerability in Ivanti EPMM allows unauthori ...) NOT-FOR-US: Ivanti CVE-2023-35067 (Plaintext Storage of a Password vulnerability in Infodrom Software E-I ...) NOT-FOR-US: Infodrom CVE-2023-35066 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Infodrom CVE-2023-34434 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-34189 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) NOT-FOR-US: Apache InLong CVE-2023-33777 (An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.2 ...) NOT-FOR-US: Prestashop CVE-2023-32639 (Applicant Programme Ver.7.06 and earlier improperly restricts XML exte ...) NOT-FOR-US: Applicant Programme CVE-2023-32637 (GBrowse accepts files with any formats uploaded and places them in the ...) - gbrowse 2.56+dfsg-1 NOTE: Fairly silly CVE assignment, possibly fixed earlier than 2.56, simply marking that as fixed NOTE: https://jvn.jp/en/jp/JVN35897618/ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) NOT-FOR-US: Vasion CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) NOT-FOR-US: Vasion CVE-2023-41175 (A vulnerability was found in libtiff due to multiple potential integer ...) {DSA-5567-1 DLA-3513-1} - tiff 4.5.1+git230720-1 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 CVE-2023-40745 (LibTIFF is vulnerable to an integer overflow. This flaw allows remote ...) {DSA-5567-1 DLA-3513-1} - tiff 4.5.1+git230720-1 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235265 CVE-2023-3870 REJECTED CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.4-1 NOTE: https://git.kernel.org/linus/6709d4b7bc2e079241fdef15d1160581c5261c10 (6.5-rc1) CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2023-3324 (A vulnerability exists by allowing low-privileged users to read and up ...) NOT-FOR-US: ABB CVE-2023-3323 (A vulnerability exists by allowing low-privileged users to read and up ...) NOT-FOR-US: ABB CVE-2023-3322 (A vulnerability exists by allowing low-privileged users to read and up ...) NOT-FOR-US: ABB CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read and up ...) NOT-FOR-US: ABB CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) {DLA-3551-1} - znuny 6.5.3-1 [bookworm] - znuny (Minor issue) - otrs2 [bullseye] - otrs2 (Minor issue) NOTE: https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836 (rel-6_5_3) CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey modules allo ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via OTRS Sy ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly Software Trialw ...) NOT-FOR-US: Assembly Software Trialworks CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-3862 (A vulnerability was found in Travelmate Travelable Trek Management Sol ...) NOT-FOR-US: Travelmate Travelable Trek Management Solution CVE-2023-3861 (A vulnerability was found in phpscriptpoint Insurance 1.2. It has been ...) NOT-FOR-US: phpscriptpoint Insurance CVE-2023-3860 (A vulnerability was found in phpscriptpoint Insurance 1.2. It has been ...) NOT-FOR-US: phpscriptpoint Insurance CVE-2023-3859 (A vulnerability was found in phpscriptpoint Car Listing 1.6 and classi ...) NOT-FOR-US: phpscriptpoint Car Listing CVE-2023-3858 (A vulnerability has been found in phpscriptpoint Car Listing 1.6 and c ...) NOT-FOR-US: phpscriptpoint Car Listing CVE-2023-3857 (A vulnerability, which was classified as problematic, was found in php ...) NOT-FOR-US: phpscriptpoint Ecommerce CVE-2023-3856 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: phpscriptpoint Ecommerce CVE-2023-3855 (A vulnerability classified as problematic was found in phpscriptpoint ...) NOT-FOR-US: phpscriptpoint JobSeeker CVE-2023-3854 (A vulnerability classified as critical has been found in phpscriptpoin ...) NOT-FOR-US: phpscriptpoint BloodBank CVE-2023-3853 (A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been ...) NOT-FOR-US: phpscriptpoint BloodBank CVE-2023-3852 (A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has be ...) NOT-FOR-US: OpenRapid RapidCMS CVE-2023-3850 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-3849 (A vulnerability, which was classified as problematic, was found in moo ...) NOT-FOR-US: mooSocial mooDating CVE-2023-3848 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: mooDating CVE-2023-3847 (A vulnerability classified as problematic was found in mooSocial mooDa ...) NOT-FOR-US: mooDating CVE-2023-3846 (A vulnerability classified as problematic has been found in mooSocial ...) NOT-FOR-US: mooDating CVE-2023-3845 (A vulnerability was found in mooSocial mooDating 1.2. It has been rate ...) NOT-FOR-US: mooDating CVE-2023-3844 (A vulnerability was found in mooSocial mooDating 1.2. It has been decl ...) NOT-FOR-US: mooDating CVE-2023-3843 (A vulnerability was found in mooSocial mooDating 1.2. It has been clas ...) NOT-FOR-US: mooDating CVE-2023-3842 (A vulnerability was found in Pointware EasyInventory 1.0.12.0 and clas ...) NOT-FOR-US: Pointware EasyInventory CVE-2023-3841 (A vulnerability has been found in NxFilter 4.3.2.5 and classified as p ...) NOT-FOR-US: NxFilter CVE-2023-3840 (A vulnerability, which was classified as problematic, was found in NxF ...) NOT-FOR-US: NxFilter CVE-2023-3839 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: DedeBIZ CVE-2023-3838 (A vulnerability classified as problematic was found in DedeBIZ 6.2.10. ...) NOT-FOR-US: DedeBIZ CVE-2023-3837 (A vulnerability classified as problematic has been found in DedeBIZ 6. ...) NOT-FOR-US: DedeBIZ CVE-2023-3836 (A vulnerability classified as critical was found in Dahua Smart Park M ...) NOT-FOR-US: Dahua Smart Park Management CVE-2023-3835 (A vulnerability classified as problematic has been found in Bug Finder ...) NOT-FOR-US: Bug Finder CVE-2023-3834 (A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated ...) NOT-FOR-US: Bug Finder CVE-2023-3833 (A vulnerability was found in Bug Finder Montage 1.0. It has been decla ...) NOT-FOR-US: Bug Finder CVE-2023-3832 (A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has be ...) NOT-FOR-US: Bug Finder CVE-2023-3831 (A vulnerability was found in Bug Finder Finounce 1.0 and classified as ...) NOT-FOR-US: Bug Finder CVE-2023-3830 (A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been r ...) NOT-FOR-US: Bug Finder CVE-2023-3829 (A vulnerability was found in Bug Finder ICOGenie 1.0. It has been decl ...) NOT-FOR-US: Bug Finder CVE-2023-3828 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...) NOT-FOR-US: Bug Finder CVE-2023-3827 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...) NOT-FOR-US: Bug Finder CVE-2023-38633 (A directory traversal problem in the URL decoder of librsvg before 2.5 ...) {DSA-5484-1} - librsvg 2.54.7+dfsg-1 (bug #1041810) [buster] - librsvg (The vulnerable code was introduced later) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1213502 NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/15293f1243e1dd4756ffc1d13d5a8ea49167174f (2.54.6) NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/d1f066bf2198bd46c5ba80cb5123b768ec16e37d (2.50.8) NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/22bcb919c8b39133370c7fc0eb27176fb09aa4fb (2.46.6) NOTE: https://www.openwall.com/lists/oss-security/2023/07/27/1 NOTE: https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/ CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows insertion of sensitive informat ...) NOT-FOR-US: Datalust Seq CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) NOT-FOR-US: IBOS OA CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...) {DSA-5492-1 DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.4.4-2 NOTE: https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2) CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sched: ...) {DSA-5492-1 DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.4.4-2 NOTE: https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2) CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) {DSA-5461-1 DLA-3512-1} - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4bedf9eee016286c835e3d8fa981ddece5338795 (6.4) CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...) {DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 NOTE: https://git.kernel.org/linus/04c55383fa5689357bcdd2c8036725a55ed632bc (6.4-rc7) CVE-2023-37918 (Dapr is a portable, event-driven, runtime for building distributed app ...) NOT-FOR-US: Dapr CVE-2023-37917 (KubePi is an opensource kubernetes management panel. A normal user has ...) NOT-FOR-US: KubePi CVE-2023-37916 (KubePi is an opensource kubernetes management panel. The endpoint /kub ...) NOT-FOR-US: KubePi CVE-2023-35077 (An out-of-bounds write vulnerability on windows operating systems caus ...) NOT-FOR-US: Ivanti CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.) NOT-FOR-US: pimcore CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: pimcore CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...) - gitlab (Specific to EE) CVE-2023-38647 (An attacker can use SnakeYAML to deserialize java.net.URLClassLoader a ...) NOT-FOR-US: Apache Helix CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...) NOT-FOR-US: Metabase CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object Management ...) NOT-FOR-US: OpenDDS CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEdi ...) NOT-FOR-US: ckeditor plugin CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up t ...) NOT-FOR-US: Node vm2 CVE-2023-37901 (Indico is an open source a general-purpose, web based event management ...) NOT-FOR-US: CERN Indico CVE-2023-37742 (WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected c ...) NOT-FOR-US: WebBoss.io CMS CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to ...) NOT-FOR-US: WebBoss.io CMS CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-3815 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: y_project RuoYi CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to arbitrary fil ...) NOT-FOR-US: WordPress plugin CVE-2023-3811 (A vulnerability was found in Hospital Management System 1.0. It has be ...) NOT-FOR-US: Hospital Management System CVE-2023-3810 (A vulnerability was found in Hospital Management System 1.0. It has be ...) NOT-FOR-US: Hospital Management System CVE-2023-3809 (A vulnerability was found in Hospital Management System 1.0. It has be ...) NOT-FOR-US: Hospital Management System CVE-2023-3808 (A vulnerability was found in Hospital Management System 1.0 and classi ...) NOT-FOR-US: Hospital Management System CVE-2023-3807 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3806 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2023-3805 (A vulnerability, which was classified as critical, has been found in X ...) NOT-FOR-US: Xiamen Four Letter Video Surveillance Management System CVE-2023-3804 (A vulnerability classified as problematic was found in Chengdu Flash F ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitor CVE-2023-3803 (A vulnerability classified as problematic has been found in Chengdu Fl ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitor CVE-2023-3802 (A vulnerability was found in Chengdu Flash Flood Disaster Monitoring a ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitor CVE-2023-3801 (A vulnerability was found in IBOS OA 4.5.5. It has been declared as cr ...) NOT-FOR-US: IBOS OS CVE-2023-3800 (A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classifie ...) NOT-FOR-US: EasyAdmin8 CVE-2023-3799 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) NOT-FOR-US: IBOS OS CVE-2023-3798 (A vulnerability has been found in Chengdu Flash Flood Disaster Monitor ...) NOT-FOR-US: Chengdu Flash Flood Disaster Monitor CVE-2023-3797 (A vulnerability, which was classified as critical, was found in Gen Te ...) NOT-FOR-US: Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early WArning System CVE-2023-3796 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Bug Finder Foody Friend CVE-2023-3795 (A vulnerability classified as critical was found in Bug Finder ChainCi ...) NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform CVE-2023-38632 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in t ...) NOT-FOR-US: async-sockets-cpp CVE-2023-37645 (eyoucms v1.6.3 was discovered to contain an information disclosure vul ...) NOT-FOR-US: eyoucms CVE-2023-37292 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: HGiga CVE-2023-37291 (Galaxy Software Services Vitals ESP is vulnerable to using a hard-code ...) NOT-FOR-US: Galaxy Software Services Vitals ESP CVE-2023-35087 (It is identified a format string vulnerability in ASUS RT-AX56U V2 & R ...) NOT-FOR-US: ASUS CVE-2023-35086 (It is identified a format string vulnerability in ASUS RT-AX56U V2 & R ...) NOT-FOR-US: ASUS CVE-2023-32625 (Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAK ...) NOT-FOR-US: SAKURA CVE-2023-32624 (Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and ...) NOT-FOR-US: SAKURA CVE-2023-32478 (Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sens ...) NOT-FOR-US: Dell CVE-2023-3812 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...) - linux 6.0.8-1 [bullseye] - linux 5.10.158-1 [buster] - linux 4.19.269-1 NOTE: https://git.kernel.org/linus/363a5328f4b0517e59572118ccfb7c626d81dca9 (6.1-rc4) CVE-2023-3794 (A vulnerability classified as problematic has been found in Bug Finder ...) NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform CVE-2023-3793 (A vulnerability was found in Weaver e-cology. It has been rated as cri ...) NOT-FOR-US: Weaver e-cology CVE-2023-3792 (A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been cl ...) NOT-FOR-US: Beijing Netcon NS-ASG CVE-2023-3791 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) NOT-FOR-US: IBOS OA CVE-2023-3790 (A vulnerability has been found in Boom CMS 8.0.7 and classified as pro ...) NOT-FOR-US: Boom CMS CVE-2023-3789 (A vulnerability, which was classified as problematic, was found in Pau ...) NOT-FOR-US: PaulPrinting CMS CVE-2023-3788 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ActiveITzone Active Super Shop CMS CVE-2023-3787 (A vulnerability classified as problematic was found in Codecanyon Tiva ...) NOT-FOR-US: Codecanyon Tiva Events Calender CVE-2023-3786 (A vulnerability classified as problematic has been found in Aures Kome ...) NOT-FOR-US: Aures Komet CVE-2023-3785 (A vulnerability was found in PaulPrinting CMS 2018. It has been rated ...) NOT-FOR-US: PaulPrinting CMS CVE-2023-38617 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...) NOT-FOR-US: Office Suite Premium CVE-2023-38523 (The web interface on multiple Samsung Harman AMX N-Series devices allo ...) NOT-FOR-US: Samsung CVE-2023-38335 (Omnis Studio 10.22.00 has incorrect access control. It advertises a fe ...) NOT-FOR-US: Omnis Studio CVE-2023-38334 (Omnis Studio 10.22.00 has incorrect access control. It advertises an i ...) NOT-FOR-US: Omnis Studio CVE-2023-38203 (Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-37728 (IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) v ...) NOT-FOR-US: Icewarp Icearp CVE-2023-37650 (A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS ...) NOT-FOR-US: Cockpit CMS CVE-2023-37649 (Incorrect access control in the component /models/Content of Cockpit C ...) NOT-FOR-US: Cockpit CMS CVE-2023-37602 (An arbitrary file upload vulnerability in the component /workplace#!ex ...) NOT-FOR-US: Alkacon OpenCMS CVE-2023-37601 (Office Suite Premium v10.9.1.42602 was discovered to contain a local f ...) NOT-FOR-US: Office Suite Premium CVE-2023-37600 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...) NOT-FOR-US: Office Suite Premium CVE-2023-37471 (Open Access Management (OpenAM) is an access management solution that ...) NOT-FOR-US: Open Access Management (OpenAM) CVE-2023-37290 (InfoDoc Document On-line Submission and Approval System lacks sufficie ...) NOT-FOR-US: InfoDoc Document On-line Submission and Approval System CVE-2023-37165 (Millhouse-Project v1.414 was discovered to contain a remote code execu ...) NOT-FOR-US: Millhouse-Project CVE-2023-37164 (Diafan CMS v6.0 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: Diafan CMS CVE-2023-34625 (ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication B ...) NOT-FOR-US: ShowMojo MojoBox Digital Lockbox CVE-2023-32483 (Wyse Management Suite versions prior to 4.0 contain a sensitive inform ...) NOT-FOR-US: Wyse Management Suite CVE-2023-32482 (Wyse Management Suite versions prior to 4.0 contain an improper author ...) NOT-FOR-US: Wyse Management Suite CVE-2023-32481 (Wyse Management Suite versions prior to 4.0 contain a denial-of-servic ...) NOT-FOR-US: Wyse Management Suite CVE-2023-32476 (Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vuln ...) NOT-FOR-US: Dell CVE-2023-32455 (Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive ...) NOT-FOR-US: Dell CVE-2023-32447 (Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive ...) NOT-FOR-US: Dell CVE-2023-32446 (Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive ...) NOT-FOR-US: Dell CVE-2023-32265 (A potential security vulnerability has been identified in the Enterpri ...) NOT-FOR-US: Micro Focus CVE-2023-31753 (SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an ...) NOT-FOR-US: eNdonesia CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker can chan ...) NOT-FOR-US: SteelSeries CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to ...) NOT-FOR-US: SteelSeries CVE-2023-37450 (The issue was addressed with improved checks. This issue is fixed in i ...) {DSA-5457-1} - webkit2gtk 2.40.4-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.4-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0006.html NOTE: https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07 CVE-2023-38200 (A flaw was found in Keylime. Due to their blocking nature, the Keylime ...) NOT-FOR-US: Keylime CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has ...) NOT-FOR-US: Dooblou WiFi File Explorer CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been classified as p ...) NOT-FOR-US: Webile CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and surfing to ...) NOT-FOR-US: BrotliInterceptor CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...) - nomad (Specific to Nomad Enterprise) CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL ...) - nomad NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270 CVE-2023-37362 (Weintek Weincloud v0.13.6 could allow an attacker to abuse the reg ...) NOT-FOR-US: Weincloud CVE-2023-37289 (It is identified a vulnerability of Unrestricted Upload of File with D ...) NOT-FOR-US: InfoDoc CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low privileged atta ...) NOT-FOR-US: Keysight Geolocation Server CVE-2023-35134 (Weintek Weincloud v0.13.6 could allow an attacker to reset a passwor ...) NOT-FOR-US: Weincloud CVE-2023-34478 (Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...) - shiro (bug #1051228) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4 CVE-2023-34429 (Weintek Weincloud v0.13.6 could allow an attacker to cause a denia ...) NOT-FOR-US: Weincloud CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker could upl ...) NOT-FOR-US: Keysight Geolocation Server CVE-2023-32657 (Weintek Weincloud v0.13.6 could allow an attacker to efficiently d ...) NOT-FOR-US: Weincloud CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...) {DLA-3532-1} - openssh 1:9.3p2-1 (bug #1042460) [bookworm] - openssh 1:9.2p1-2+deb12u1 [bullseye] - openssh 1:8.4p1-5+deb11u2 NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9 NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a NOTE: https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77 NOTE: https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755 NOTE: Exploitation requires the presence of specific libraries on the victim system. NOTE: Remote exploitation requires that the agent was forwarded to an attacker-controlled NOTE: system. CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) NOT-FOR-US: mlflow CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been declared ...) NOT-FOR-US: Intergard SGS CVE-2023-3762 (A vulnerability was found in Intergard SGS 8.7.0. It has been classifi ...) NOT-FOR-US: Intergard SGS CVE-2023-3761 (A vulnerability was found in Intergard SGS 8.7.0 and classified as pro ...) NOT-FOR-US: Intergard SGS CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and classified a ...) NOT-FOR-US: Intergard SGS CVE-2023-3759 (A vulnerability, which was classified as critical, was found in Interg ...) NOT-FOR-US: Intergard SGS CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Scripts ...) NOT-FOR-US: GZ Script Car Rental Script CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business Directory Lis ...) NOT-FOR-US: Creativeitem Atlas Business Directory Listing CVE-2023-3755 (A vulnerability has been found in Creativeitem Atlas Business Director ...) NOT-FOR-US: Creativeitem Atlas Business Directory Listing CVE-2023-3754 (A vulnerability, which was classified as problematic, was found in Cre ...) NOT-FOR-US: Creativeitem Ekushey Project Manager CRM CVE-2023-3753 (A vulnerability classified as problematic has been found in Creativeit ...) NOT-FOR-US: Creativeitem Mastery LMS CVE-2023-3752 (A vulnerability was found in Creativeitem Academy LMS 5.15. It has bee ...) NOT-FOR-US: Creativeitem Academy LMS CVE-2023-3751 (A vulnerability was found in Super Store Finder 3.6. It has been decla ...) NOT-FOR-US: Super Store Finder CVE-2023-3722 (An OS command injection vulnerability was found in the Avaya Aura Devi ...) NOT-FOR-US: Avaya CVE-2023-3638 (In GeoVision GV-ADR2701 cameras, an attacker could edit the login resp ...) NOT-FOR-US: GeoVision CVE-2023-3527 (A CSV injection vulnerability was found in theAvaya Call Management Sy ...) NOT-FOR-US: Avaya CVE-2023-3519 (Unauthenticated remote code execution) NOT-FOR-US: Citrix CVE-2023-3467 (Privilege Escalation to root administrator (nsroot)) NOT-FOR-US: Citrix CVE-2023-3466 (Reflected Cross-Site Scripting (XSS)) NOT-FOR-US: Citrix CVE-2023-3463 (All versions of GE Digital CIMPLICITY that are not adhering to SDG gui ...) NOT-FOR-US: GE Digital CIMPLICITY CVE-2023-37899 (Feathersjs is a framework for creating web APIs and real-time applicat ...) NOT-FOR-US: Feathersjs CVE-2023-37897 (Grav is a file-based Web-platform built in PHP. Grav is subject to a s ...) NOT-FOR-US: Grav CMS CVE-2023-37748 (ngiflib commit 5e7292 was discovered to contain an infinite loop via t ...) NOT-FOR-US: ngiflib CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 allows a ...) NOT-FOR-US: Grav CMStduck-platform CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) - python-aiohttp 3.8.5-1 [bookworm] - python-aiohttp (Minor issue) [bullseye] - python-aiohttp (Minor issue) [buster] - python-aiohttp (doesn't use llhttp, PoC is rejected with Bad Request) NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w NOTE: https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 (v3.8.5) NOTE: https://hackerone.com/reports/2001873 NOTE: http-parser->llhttp switch: https://github.com/aio-libs/aiohttp/commit/485a5fc49050f8f8bf0d7eec8a85b4d9b450386c (v3.8.0a4) CVE-2023-35900 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 a ...) NOT-FOR-US: IBM CVE-2023-35898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2023-34034 (Using "**" as a pattern in Spring Security configuration for WebFlux ...) - libspring-security-2.0-java CVE-2023-33876 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) NOT-FOR-US: Foxit Reader CVE-2023-33866 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit Reader CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user ...) NOT-FOR-US: IBM CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...) NOT-FOR-US: Foxit Reader CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...) NOT-FOR-US: XBRL data create application CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...) NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2023-3347 (A vulnerability was found in Samba's SMB2 packet signing mechanism. Th ...) {DSA-5477-1} - samba 2:4.18.5+dfsg-1 [bullseye] - samba (Vulnerable code not present) [buster] - samba (Vulnerable code not present) NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of the Spo ...) {DSA-5647-1 DSA-5477-1} - samba 2:4.18.5+dfsg-1 [buster] - samba (spotlight enabled in 4.13.13+dfsg-1 - bullseye) NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html NOTE: severity:unimportant for buster backwards, but we don't have suite-specific severity annotations CVE-2023-42464 (A Type Confusion vulnerability was found in the Spotlight RPC function ...) {DSA-5503-1 DLA-3584-1} - netatalk 3.1.17~ds-1 (bug #1052087) NOTE: https://github.com/Netatalk/netatalk/issues/486 NOTE: https://github.com/Netatalk/netatalk/pull/485 NOTE: Fixed by: https://github.com/Netatalk/netatalk/commit/a0ee3c246ee9e082436192290610a4d812fc0b7f (main) NOTE: Fixed by: https://github.com/Netatalk/netatalk/commit/f6364ef0e5f1b7de88c5e837434af8a5df4c4c75 (netatalk-3-1-17) CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC service ...) {DSA-5647-1 DSA-5477-1} - samba 2:4.18.5+dfsg-1 [buster] - samba (spotlight enabled in 4.13.13+dfsg-1 - bullseye) NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html NOTE: severity:unimportant for buster backwards, but we don't have suite-specific severity annotations CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC service ...) {DSA-5647-1 DSA-5477-1} - samba 2:4.18.5+dfsg-1 [buster] - samba (spotlight enabled in 4.13.13+dfsg-1 - bullseye) NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html NOTE: severity:unimportant for buster backwards, but we don't have suite-specific severity annotations CVE-2023-3750 (A flaw was found in libvirt. The virStoragePoolObjListSearch function ...) - libvirt 9.6.0-1 (bug #1041811) [bookworm] - libvirt (Minor issue) [bullseye] - libvirt (Vulnerable code not present) [buster] - libvirt (Vulnerable code not present) NOTE: https://listman.redhat.com/archives/libvir-list/2023-July/240776.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222210 NOTE: Introduced with: https://gitlab.com/libvirt/libvirt/-/commit/0c4b391e2a90c3e0f8a8721cb539e03f14eb1d5e (v8.3.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098 (v9.6.0-rc1) CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld unicast hell ...) - frr 9.1-0.1 (bug #1042473) [bullseye] - frr (The vulnerable code was introduced later) [buster] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/issues/11808 NOTE: https://github.com/FRRouting/frr/pull/12950 NOTE: https://github.com/FRRouting/frr/pull/12952 NOTE: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085 (frr-8.5) CVE-2023-3745 (A heap-based buffer overflow issue was found in ImageMagick's PushChar ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (vulnerable code was introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73 (6.9.11-0) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b (6.9.11-0) CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters may be ...) {DLA-3530-1} - openssl 3.0.10-1 (bug #1041817) [bookworm] - openssl 3.0.10-1~deb12u1 [bullseye] - openssl 1.1.1v-0~deb11u1 NOTE: https://www.openssl.org/news/secadv/20230719.txt NOTE: https://github.com/openssl/openssl/commit/9e0094e2aa1b3428a12d5095132f133c078d3c3d (master) NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0.10) NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1v) CVE-2023-32001 REJECTED CVE-2023-3740 (Insufficient validation of untrusted input in Themes in Google Chrome ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3738 (Inappropriate implementation in Autofill in Google Chrome prior to 115 ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3737 (Inappropriate implementation in Notifications in Google Chrome prior t ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3736 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3735 (Inappropriate implementation in Web API Permission Prompts in Google C ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3734 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3733 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3732 (Out of bounds memory access in Mojo in Google Chrome prior to 115.0.57 ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3730 (Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 a ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3728 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allow ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3727 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allow ...) {DSA-5456-1} - chromium 115.0.5790.98-1 [buster] - chromium (see DSA 5046) CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote ...) NOT-FOR-US: Ap Page Builder CVE-2023-38326 REJECTED CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insec ...) NOT-FOR-US: Iagona ScrutisWeb CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Repla ...) NOT-FOR-US: WordPress plugin CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - Plug ...) NOT-FOR-US: WordPress plugin CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS ...) NOT-FOR-US: WordPress plugin CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead to a De ...) - golang-github-elazarl-goproxy 1.1+git20231117.7cc037d+dfsg-1 (bug #1042474) [bookworm] - golang-github-elazarl-goproxy (Minor issue) [bullseye] - golang-github-elazarl-goproxy (Minor issue) [buster] - golang-github-elazarl-goproxy (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/elazarl/goproxy/issues/502 CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: D-Link CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...) NOT-FOR-US: Fides CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...) NOT-FOR-US: Fides CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...) NOT-FOR-US: WordPress plugin CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...) NOT-FOR-US: WordPress plugin CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...) NOT-FOR-US: Node matrix-react-sdk CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) NOT-FOR-US: Microsoft CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) NOT-FOR-US: Microsoft CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) NOT-FOR-US: Microsoft CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) NOT-FOR-US: Microsoft CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a stack overf ...) NOT-FOR-US: Microsoft CVE-2023-36670 (A remotely exploitable command injection vulnerability was found on th ...) NOT-FOR-US: Kratos NGC-IDU CVE-2023-36669 (Missing Authentication for a Critical Function within the Kratos NGC I ...) NOT-FOR-US: Kratos NGC-IDU CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeop ...) NOT-FOR-US: WordPress plugin CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mag ...) NOT-FOR-US: WordPress plugin CVE-2023-36120 REJECTED CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a crypto ...) NOT-FOR-US: Iagona ScrutisWeb CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...) NOT-FOR-US: Iagona ScrutisWeb CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a user may inject co ...) NOT-FOR-US: AMI SPx CVE-2023-34329 (AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cau ...) NOT-FOR-US: AMI SPx CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...) - libspring-security-2.0-java CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...) NOT-FOR-US: Iagona ScrutisWeb CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...) NOT-FOR-US: WordPress plugin CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Ea ...) NOT-FOR-US: WordPress plugin CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) - hazelcast (bug #745640) CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient input valida ...) NOT-FOR-US: SolarWinds CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab ...) NOT-FOR-US: WordPress plugin CVE-2023-31441 (In NATO Communications and Information Agency anet (aka Advisor Networ ...) NOT-FOR-US: NATO Communications and Information Agency anet CVE-2023-2913 (An executable used in Rockwell Automation ThinManager ThinServer can b ...) NOT-FOR-US: Rockwell Automation CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) NOT-FOR-US: YARPP plugin for WordPress CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin up to ...) NOT-FOR-US: WordPress plugin CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection Instrument up ...) NOT-FOR-US: ONS Digital RAS Collection Instrument CVE-2018-25088 (A vulnerability, which was classified as critical, was found in Blue Y ...) NOT-FOR-US: Blue Yonder postgraas_server CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor ...) - wolfssl 5.5.4-2.1 (bug #1041699) [bookworm] - wolfssl 5.5.4-2+deb12u1 [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/pull/6412 NOTE: https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa (v5.6.2-stable) CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) NOT-FOR-US: WordPress plugin CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) NOT-FOR-US: WordPress plugin CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to Reflected ...) NOT-FOR-US: WordPress themes CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server certificate whi ...) NOT-FOR-US: Mattermost iOS app CVE-2023-3614 (Mattermost fails to properly validate a gif image file, allowing an at ...) - mattermost-server (bug #823556) CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the membership statu ...) NOT-FOR-US: Mattermost plugin CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an attacker t ...) - mattermost-server (bug #823556) CVE-2023-3591 (Mattermost fails to invalidate previously generated password reset tok ...) - mattermost-server (bug #823556) CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing an atta ...) - mattermost-server (bug #823556) CVE-2023-3587 (Mattermost fails to properly show information in the UI, allowing a sy ...) - mattermost-server (bug #823556) CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable Publicly-Sh ...) - mattermost-server (bug #823556) CVE-2023-3585 (Mattermost Boards fail to properly validate a board link, allowing an ...) - mattermost-server (bug #823556) CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST /api/v4/te ...) - mattermost-server (bug #823556) CVE-2023-3582 (Mattermost fails to verify channel membership when linking a board to ...) - mattermost-server (bug #823556) CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket connec ...) - mattermost-server (bug #823556) CVE-2023-3577 (Mattermost fails to properly restrict requests tolocalhost/intranet du ...) - mattermost-server (bug #823556) CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2023-3418 REJECTED CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) NOT-FOR-US: WordPress plugin CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype ...) NOT-FOR-US: WordPress plugin CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...) NOT-FOR-US: WordPress plugin CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 1.1.7 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c via a m ...) NOT-FOR-US: xHTTP CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. fs/smb/serv ...) - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (6.4) CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...) - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (6.4-rc6) CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. ksmbd does n ...) - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (6.4-rc6) CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/con ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3) CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (6.4-rc3) CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...) - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (6.4-rc6) CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3) CVE-2023-38409 (An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/ ...) - linux 6.1.25-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (6.3-rc7) CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, crafting and ...) NOT-FOR-US: Creston CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...) NOT-FOR-US: Veritas InfoScale CVE-2023-7250 (A flaw was found in iperf, a utility for testing network performance u ...) - iperf3 3.15-1 [bookworm] - iperf3 (Minor issue) [bullseye] - iperf3 (Minor issue) [buster] - iperf3 (Minor issue) NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0002.txt.asc NOTE: https://github.com/esnet/iperf/commit/5e3704dd850a5df2fb2b3eafd117963d017d07b4 (3.15) CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow and heap ...) {DSA-5455-1 DLA-3506-1} - iperf3 3.14-1 (bug #1040830) NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 (3.14) CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Res ...) NOT-FOR-US: WordPress themes CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Soc ...) NOT-FOR-US: WordPress themes CVE-2023-37968 (Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multi ...) NOT-FOR-US: WordPress themes CVE-2023-37850 REJECTED CVE-2023-37791 (D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow v ...) NOT-FOR-US: D-Link CVE-2023-37781 (An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to exec ...) NOT-FOR-US: EMQX CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow via th ...) - faust (unimportant) NOTE: https://github.com/grame-cncm/faust/issues/922 NOTE: Negligible security impact CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...) - pixman (unimportant) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 NOTE: Crash in test tool, no security impact CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) NOT-FOR-US: Open Enclave CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...) - openrefine 3.6.2-3 (bug #1041422) [bookworm] - openrefine 3.6.2-2+deb12u1 NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e (master) NOTE: https://github.com/OpenRefine/OpenRefine/commit/c40c84d8170c4d61c6a0926531b552a50caa5651 (3.7.4) CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...) NOT-FOR-US: Hamba avro CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded to Mete ...) NOT-FOR-US: Metersphere CVE-2023-37266 (CasaOS is an open-source Personal Cloud system. Unauthenticated attack ...) NOT-FOR-US: CasaOS CVE-2023-37265 (CasaOS is an open-source Personal Cloud system. Due to a lack of IP ad ...) NOT-FOR-US: CasaOS CVE-2023-36656 (Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI be ...) NOT-FOR-US: Jaegertracing UI CVE-2023-36514 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shippin ...) NOT-FOR-US: WooCommerce plugin CVE-2023-36513 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...) NOT-FOR-US: WooCommerce plugin CVE-2023-36511 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) NOT-FOR-US: WooCommerce plugin CVE-2023-35880 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) NOT-FOR-US: WooCommerce plugin CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devi ...) NOT-FOR-US: Expressif CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=2.5 ...) NOT-FOR-US: WordPress plugin CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-35038 (Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF ...) NOT-FOR-US: WordPress plugin CVE-2023-34669 (TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability ...) NOT-FOR-US: TOTOLINK CVE-2023-34143 (Improper Validation of Certificate with Host Mismatch vulnerability in ...) NOT-FOR-US: Hitachi CVE-2023-34142 (Cleartext Transmission of Sensitive Information vulnerability in Hitac ...) NOT-FOR-US: Hitachi CVE-2023-34141 (A command injection vulnerability in the access point (AP) management ...) NOT-FOR-US: Zyxel CVE-2023-34140 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) NOT-FOR-US: Zyxel CVE-2023-34139 (A command injection vulnerability in the Free Time WiFi hotspot featur ...) NOT-FOR-US: Zyxel CVE-2023-34138 (A command injection vulnerability in the hotspot management feature of ...) NOT-FOR-US: Zyxel CVE-2023-34036 (Reactive web applications that use Spring HATEOAS to produce hypermedi ...) NOT-FOR-US: Spring HATEOAS CVE-2023-34005 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design F ...) NOT-FOR-US: Etoile Web Design CVE-2023-33012 (A command injection vulnerability in the configuration parser of the Z ...) NOT-FOR-US: Zyxel CVE-2023-33011 (A format string vulnerability in the Zyxel ATP series firmware version ...) NOT-FOR-US: Zyxel CVE-2023-31998 (A heap overflow vulnerability found in EdgeRouters and Aircubes allows ...) NOT-FOR-US: Ubiquiti CVE-2023-31853 (Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin ...) NOT-FOR-US: Cudy LT400 CVE-2023-31852 (Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-b ...) NOT-FOR-US: Cudy LT400 CVE-2023-31851 (Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Cudy LT400 CVE-2023-2963 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Oliva Expertise CVE-2023-2960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Oliva Expertise CVE-2023-2959 (Authentication Bypass by Primary Weakness vulnerability in Oliva Exper ...) NOT-FOR-US: Oliva Expertise CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability in Orig ...) NOT-FOR-US: Origin Software ATS Pro CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded allows Ob ...) NOT-FOR-US: Secomea SiteManager Embedded CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape genera ...) NOT-FOR-US: WordPress plugin CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not properly sani ...) NOT-FOR-US: WordPress plugin CVE-2023-2579 (The InventoryPress WordPress plugin through 1.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-2330 (The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 ...) NOT-FOR-US: WordPress plugin CVE-2023-2329 (The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 d ...) NOT-FOR-US: WordPress plugin CVE-2020-36695 (Incorrect Default Permissions vulnerability in Hitachi Device Manager ...) NOT-FOR-US: Hitachi CVE-2015-10122 (A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. ...) NOT-FOR-US: WordPress plugin CVE-2023-3700 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: easyappointments CVE-2023-3696 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...) NOT-FOR-US: Mongoose CVE-2023-3695 (A vulnerability classified as critical has been found in Campcodes Bea ...) NOT-FOR-US: Campcodes Beauty Salon Management System CVE-2023-3694 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2023-3693 (A vulnerability classified as critical was found in SourceCodester Lif ...) NOT-FOR-US: SourceCodester CVE-2023-3496 REJECTED CVE-2023-35901 (IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 thro ...) NOT-FOR-US: IBM CVE-2023-35012 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-33857 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2023-2760 (An SQL injection vulnerability exists in TapHome core HandleMessageUpd ...) NOT-FOR-US: TapHome CVE-2023-2759 (A hidden API exists in TapHome's core platform before version 2023.2 t ...) NOT-FOR-US: TapHome CVE-2022-4952 (A vulnerability has been found in OmniSharp csharp-language-server-pro ...) NOT-FOR-US: OmniSharp CVE-2023-3691 (A vulnerability, which was classified as problematic, was found in lay ...) NOT-FOR-US: layui CVE-2023-3690 (A vulnerability, which was classified as critical, has been found in B ...) NOT-FOR-US: Bylancer QuickOrder CVE-2023-3689 (A vulnerability classified as critical was found in Bylancer QuickQR 6 ...) NOT-FOR-US: Bylancer QuickQR CVE-2023-3688 (A vulnerability classified as critical has been found in Bylancer Quic ...) NOT-FOR-US: Bylancer QuickJob CVE-2023-3687 (A vulnerability was found in Bylancer QuickVCard 2.1. It has been rate ...) NOT-FOR-US: Bylancer QuickVCard CVE-2023-3686 (A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has bee ...) NOT-FOR-US: Bylancer QuickAI CVE-2023-3685 (A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1 ...) NOT-FOR-US: Nesote Inout Search Engine AI Edition CVE-2023-3684 (A vulnerability was found in LivelyWorks Articart 2.0.1 and classified ...) NOT-FOR-US: LivelyWorks Articart CVE-2023-3674 (A flaw was found in the keylime attestation verifier, which fails to f ...) NOT-FOR-US: Keylime CVE-2023-38379 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) NOT-FOR-US: RIGOL CVE-2023-38378 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) NOT-FOR-US: RIGOL CVE-2023-3692 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...) NOT-FOR-US: admidio CVE-2023-3683 (A vulnerability has been found in LivelyWorks Articart 2.0.1 and class ...) NOT-FOR-US: LivelyWorks Articart CVE-2023-37811 REJECTED CVE-2023-37810 REJECTED CVE-2023-37809 REJECTED CVE-2023-37808 REJECTED CVE-2023-37807 REJECTED CVE-2023-37806 REJECTED CVE-2023-37805 REJECTED CVE-2023-37804 REJECTED CVE-2023-37803 REJECTED CVE-2023-37802 REJECTED CVE-2023-37801 REJECTED CVE-2023-37800 REJECTED CVE-2023-36169 REJECTED CVE-2023-36168 REJECTED CVE-2023-36166 REJECTED CVE-2023-36165 REJECTED CVE-2023-3682 (A vulnerability, which was classified as critical, was found in Nesote ...) NOT-FOR-US: Nesote Inout Blockchain CVE-2023-3681 (A vulnerability classified as problematic was found in Campcodes Retro ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3680 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2023-3679 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester CVE-2023-2507 (CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to exe ...) NOT-FOR-US: CleverTap Cordova Plugin CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via t ...) - pnp4nagios NOTE: https://github.com/pnp4nagios/pnp4nagios/pull/16 CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controlle ...) - pnp4nagios NOTE: https://github.com/pnp4nagios/pnp4nagios/pull/17 CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JSON and ...) NOT-FOR-US: rswag CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...) - netkit-rsh (bug #1039689) [bookworm] - netkit-rsh (Minor issue) [bullseye] - netkit-rsh (Minor issue) [buster] - netkit-rsh (Minor issue) CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...) NOT-FOR-US: WAYOS CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow v ...) NOT-FOR-US: WAYOS CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...) NOT-FOR-US: Knowage CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...) {DSA-5472-1 DLA-3515-1} - cjose 0.6.2.2-1 (bug #1041423) NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2) CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn' ...) NOT-FOR-US: Warpgate CVE-2023-36818 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2023-36811 (borgbackup is an opensource, deduplicating archiver with compression a ...) - borgbackup 1.2.5-1 [bookworm] - borgbackup (Minor issue) [bullseye] - borgbackup (Minor issue) [buster] - borgbackup (Minor issue) NOTE: https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99 NOTE: https://github.com/borgbackup/borg/commit/a2ee13fd341dcd004b4a06b17d6f2fc759327861 NOTE: https://github.com/borgbackup/borg/commit/bfead4b288833f890523d8881797ff6b345edaf9 NOTE: https://github.com/borgbackup/borg/commit/462c1bdf2e597bd2e276c8fea82c84fabc0b7244 NOTE: https://github.com/borgbackup/borg/commit/277b0b81a860f4518d7bf0cc0951e77f9c99336d NOTE: https://github.com/borgbackup/borg/commit/b23e6cb73da01df038f7bd10c34a91c7187817b0 NOTE: https://github.com/borgbackup/borg/commit/95b560442284eda3ffae403c3086d549f6e121b8 NOTE: https://github.com/borgbackup/borg/commit/5cd2060345f38f2e0324ab178f847c2f45598b12 NOTE: https://github.com/borgbackup/borg/commit/56da3987111eb80b4ca38ac3e6aaa7953c61d2e3 NOTE: https://github.com/borgbackup/borg/commit/449cd51b73b0710a940af8cefe74793ce81563f4 NOTE: https://github.com/borgbackup/borg/commit/f334ef1b4de2f8a359ededa41ce13358b81e63c1 NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811 NOTE: Requires significant work to check and repair a repo after the upgrade. CVE-2023-36466 (Discourse is an open source discussion platform. When editing a topic, ...) NOT-FOR-US: Discourse CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Ove ...) NOT-FOR-US: Extreme Network AP devices CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is a contr ...) NOT-FOR-US: Weave GitOps Terraform Controller CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.) NOT-FOR-US: pimcore CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...) NOT-FOR-US: plaidweb/webmention.js CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on Windows ...) NOT-FOR-US: Bitdefender CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation inSavoir-fai ...) NOT-FOR-US: Savoir-faire Linux's Jami CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami application is s ...) NOT-FOR-US: Savoir-faire Linux's Jami CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles SSH certi ...) - python-cryptography (Vulnerable code not present) NOTE: https://github.com/pyca/cryptography/issues/9207 NOTE: https://github.com/pyca/cryptography/pull/9208 NOTE: Introduced after: https://github.com/pyca/cryptography/commit/aca8de845e751dd45fe4e48f8492f357d34d1861 (40.0.0) NOTE: Fixed by: https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3 (main) NOTE: Fixed by: https://github.com/pyca/cryptography/commit/e190ef190525999d1f599cf8c3aef5cb7f3a8bc4 (41.0.2) CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str fun ...) - w3m (unimportant) NOTE: https://github.com/tats/w3m/issues/271 NOTE: Crash in CLI tool, no security impact CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the Strnew_size functi ...) - w3m (unimportant) NOTE: https://github.com/tats/w3m/issues/270 NOTE: Crash in CLI tool, no security impact CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are subje ...) NOT-FOR-US: copyparty CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...) NOT-FOR-US: zenstruck/collections CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) NOT-FOR-US: Archer CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6 ...) NOT-FOR-US: Archer CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...) NOT-FOR-US: Juniper CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the periodic ...) NOT-FOR-US: Juniper CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) o ...) NOT-FOR-US: Juniper CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing daemon (flo ...) NOT-FOR-US: Juniper CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the routing protoc ...) NOT-FOR-US: Juniper CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the packet f ...) NOT-FOR-US: Juniper CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine (PFE) o ...) NOT-FOR-US: Juniper CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in packet ...) NOT-FOR-US: Juniper CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-36119 REJECTED CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...) NOT-FOR-US: Android CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer Platform bef ...) NOT-FOR-US: Archer CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) NOT-FOR-US: Archer CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6. ...) NOT-FOR-US: Archer CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug that c ...) - openssl 3.0.10-1 (bug #1041818) [bookworm] - openssl 3.0.10-1~deb12u1 [bullseye] - openssl (Vulnerable code not present, only affects 3.x) [buster] - openssl (Vulnerable code not present, only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230714.txt NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598 (openssl-3.0.10) CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...) - froxlor (bug #581792) CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...) {DSA-5559-1} - wireshark 4.0.7-1 (bug #1041101) [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164 CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...) {DSA-5559-1} - wireshark 4.0.7-1 (bug #1041101) [bullseye] - wireshark (Vulnerable code not present) [buster] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19105 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/f8d308e9affefea9cca4bd5f2672f4c09688d4e0 (master) NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/b6c69cc5a996a665b3b86112ff38ff026e4c3994 (backport to 4.0.2) NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/e0bd9d312c362318fd19e41c6c0e23fc81d42253 (backport to 3.6.10) CVE-2023-3514 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer ...) NOT-FOR-US: Razer CVE-2023-3513 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer ...) NOT-FOR-US: Razer CVE-2023-38286 (Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spr ...) NOT-FOR-US: thymeleaf CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows prior ...) NOT-FOR-US: thymeleafPanda Security VPN CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) NOT-FOR-US: Dede CMS CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...) - libjpeg (bug #1041103) [bookworm] - libjpeg (Minor issue) [bullseye] - libjpeg (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0 NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...) - libjpeg (bug #1041103) [bookworm] - libjpeg (Minor issue) [bullseye] - libjpeg (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1 NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37721 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37719 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37718 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37717 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, ...) NOT-FOR-US: Tenda CVE-2023-37716 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, ...) NOT-FOR-US: Tenda CVE-2023-37715 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37714 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) NOT-FOR-US: Tenda CVE-2023-37599 (An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain s ...) NOT-FOR-US: issabel-pbx CVE-2023-37598 (A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0 ...) NOT-FOR-US: issabel-pbx CVE-2023-37468 (Feedbacksystem is a personalized feedback system for students using ar ...) NOT-FOR-US: Feedbacksystem CVE-2023-37466 (vm2 is an advanced vm/sandbox for Node.js. The library contains critic ...) NOT-FOR-US: Node vm2 CVE-2023-37278 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-37275 (Auto-GPT is an experimental open-source application showcasing the cap ...) NOT-FOR-US: Auto-GPT CVE-2023-37274 (Auto-GPT is an experimental open-source application showcasing the cap ...) NOT-FOR-US: Auto-GPT CVE-2023-37273 (Auto-GPT is an experimental open-source application showcasing the cap ...) NOT-FOR-US: Auto-GPT CVE-2023-37272 (JS7 is an Open Source Job Scheduler. Users specify file names when upl ...) NOT-FOR-US: JS7 CVE-2023-36473 (Discourse is an open source discussion platform. A CSP (Content Securi ...) NOT-FOR-US: Discourse CVE-2023-35945 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...) - envoyproxy (bug #987544) CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3659 (A vulnerability has been found in SourceCodester AC Repair and Service ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3658 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-3657 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-37787 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...) NOT-FOR-US: Geeklog CVE-2023-37786 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...) NOT-FOR-US: Geeklog CVE-2023-37785 (A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and be ...) NOT-FOR-US: ImpressCMS CVE-2023-37746 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37745 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a cross-s ...) NOT-FOR-US: Maid Hiring Management System CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Allocati ...) NOT-FOR-US: Teacher Subject Allocation System CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of ...) - cmark-gfm (bug #1041097) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1041098) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1041099) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1041100) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5 CVE-2023-37267 (Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco c ...) NOT-FOR-US: Umbraco CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When mo ...) NOT-FOR-US: YSoft SAFEQ 6 Server CVE-2023-35070 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: VegaGroup Web Collection CVE-2023-34458 (mx-chain-go is the official implementation of the MultiversX blockchai ...) NOT-FOR-US: mx-chain-go CVE-2023-33768 (Incorrect signature verification of the firmware during the Device Fir ...) NOT-FOR-US: Belkin CVE-2023-31825 (An issue found in Inageya v.13.4.1 allows a remote attacker to gain ac ...) NOT-FOR-US: Inageya CVE-2023-31824 (An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote at ...) NOT-FOR-US: DERICIA CVE-2023-31823 (An issue found in Marui Co Marui Official app v.13.6.1 allows a remote ...) NOT-FOR-US: Marui Co Marui Official app CVE-2023-31822 (An issue found in Entetsu Store v.13.4.1 allows a remote attacker to g ...) NOT-FOR-US: Entetsu Store CVE-2023-31821 (An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to ...) NOT-FOR-US: ALBIS CVE-2023-31820 (An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker t ...) NOT-FOR-US: Shizutetsu Store CVE-2023-31819 (An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a ...) NOT-FOR-US: KEISEI Store CVE-2023-31705 (A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester ...) NOT-FOR-US: Sourcecodester CVE-2023-31704 (Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to I ...) NOT-FOR-US: Sourcecodester Online Computer and Laptop Store CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-3363 (An information disclosure issue in Gitlab CE/EE affecting all versions ...) - gitlab 15.11.11+ds1-1 CVE-2023-3362 (An information disclosure issue in GitLab CE/EE affecting all versions ...) - gitlab 16.0.7+ds1-2 CVE-2023-3343 (The User Registration plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: WordPress plugin CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbitrary ...) NOT-FOR-US: WordPress plugin CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: PlatPlay DSr CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...) - modsecurity-crs 3.3.5-1 (bug #1041109) [bookworm] - modsecurity-crs (Minor issue) [bullseye] - modsecurity-crs (Minor issue) [buster] - modsecurity-crs (Minor issue) NOTE: https://github.com/coreruleset/coreruleset/issues/3191 NOTE: https://github.com/coreruleset/coreruleset/pull/3237 CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via ...) NOT-FOR-US: acme.sh CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...) {DLA-3805-1 DLA-3539-1} - qt6-base (bug #1041104) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src-gles 5.15.10+dfsg-3 (bug #1041106) [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) - qtbase-opensource-src 5.15.10+dfsg-3 (bug #1041105) [bookworm] - qtbase-opensource-src (Minor issue) [bullseye] - qtbase-opensource-src (Minor issue) - qt4-x11 NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader-1 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/488960 CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC- ...) NOT-FOR-US: ELECOM CVE-2023-37567 (Command injection vulnerability in ELECOM and LOGITEC wireless LAN rou ...) NOT-FOR-US: ELECOM CVE-2023-37566 (Command injection vulnerability in ELECOM and LOGITEC wireless LAN rou ...) NOT-FOR-US: ELECOM CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers allows a n ...) NOT-FOR-US: ELECOM CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) NOT-FOR-US: ELECOM CVE-2023-37563 (ELECOM wireless LAN routers are vulnerable to sensitive information ex ...) NOT-FOR-US: ELECOM CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167 ...) NOT-FOR-US: ELECOM CVE-2023-37561 (Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM ...) NOT-FOR-US: ELECOM CVE-2023-37560 (Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, a ...) NOT-FOR-US: ELECOM CVE-2023-37415 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow Apache Hive Provider CVE-2023-35694 (In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a pos ...) NOT-FOR-US: Android kernel (samsung_slsi) CVE-2023-35693 (In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corrupt ...) - linux (Android-specific incfs) CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check. ...) NOT-FOR-US: Android CVE-2023-35069 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Bullwark CVE-2023-34137 (SonicWall GMS and Analytics CAS Web Services application use static va ...) NOT-FOR-US: SonicWall CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthenticated at ...) NOT-FOR-US: SonicWall CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics allows a r ...) NOT-FOR-US: SonicWall CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: SonicWall CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: SonicWall CVE-2023-34132 (Use of password hash instead of password for authentication vulnerabil ...) NOT-FOR-US: SonicWall CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: SonicWall CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TE ...) NOT-FOR-US: SonicWall CVE-2023-34129 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: SonicWall CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS and Anal ...) NOT-FOR-US: SonicWall CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: SonicWall CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an authenticated a ...) NOT-FOR-US: SonicWall CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an authentica ...) NOT-FOR-US: SonicWall CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics Web Servic ...) NOT-FOR-US: SonicWall CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, So ...) NOT-FOR-US: SonicWall CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains ...) NOT-FOR-US: PowerShield SNMP Web Pro CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Florist Site CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...) NOT-FOR-US: Boss Mini CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 an ...) NOT-FOR-US: GZ Scripts Vacation Rental Website CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...) NOT-FOR-US: khodakhah NodCMS CVE-2023-3640 (A possible unauthorized memory access flaw was found in the Linux kern ...) - linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2217523 CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...) - okio (Doesn't ship Kotlin variant yet) NOTE: https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/ NOTE: https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b CVE-2023-3596 (Where this vulnerability exists in the Rockwell Automation 1756-EN4* E ...) NOT-FOR-US: Rockwell Automation CVE-2023-3595 (Where this vulnerability exists in the Rockwell Automation 1756 EN2* a ...) NOT-FOR-US: Rockwell Automation CVE-2023-3106 (A NULL pointer dereference vulnerability was found in netlink_dump. Th ...) - linux 4.8.5-1 NOTE: https:/git.kernel.org/linus/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 (4.8-rc7) CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be sup ...) - intellij-idea (bug #747616) CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not properly val ...) NOT-FOR-US: JetBrains YouTrack CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the "passwo ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38066 (In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer h ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38065 (In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the bu ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38064 (In JetBrains TeamCity before 2023.05.1 build chain parameters of the " ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38063 (In JetBrains TeamCity before 2023.05.1 stored XSS while running custom ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38062 (In JetBrains TeamCity before 2023.05.1 parameters of the "password" ty ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38061 (In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-38046 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2023-37630 (Online Piggery Management System 1.0 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Online Piggery Management System CVE-2023-37629 (Online Piggery Management System 1.0 is vulnerable to File Upload. An ...) NOT-FOR-US: Online Piggery Management System CVE-2023-37628 (Online Piggery Management System 1.0 is vulnerable to SQL Injection.) NOT-FOR-US: Online Piggery Management System CVE-2023-37627 (Code-projects Online Restaurant Management System 1.0 is vulnerable to ...) NOT-FOR-US: Code-projects Online Restaurant Management System CVE-2023-37582 (The RocketMQ NameServer component still has a remote command execution ...) NOT-FOR-US: Apache RocketMQ CVE-2023-37456 (The session restore helper crashed whenever there was no parameter sen ...) - firefox (Only affects Firefox on iOS) CVE-2023-37455 (The permission request prompt from the site in the background tab was ...) - firefox (Only affects Firefox on iOS) CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop version ...) NOT-FOR-US: Keeper Password Manager for Desktop CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Unisoc CVE-2023-33903 (In FM service, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2023-33902 (In bluetooth service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33901 (In bluetooth service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33900 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33899 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33898 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2023-33895 (In fastDial service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2023-33894 (In fastDial service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2023-33893 (In fastDial service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2023-33892 (In fastDial service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2023-33891 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33890 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33889 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33888 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33887 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33886 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33885 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33884 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33883 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33882 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33881 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-33880 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2023-33879 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native modules, allo ...) NOT-FOR-US: DigiExam CVE-2023-32789 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: DigiExam CVE-2023-32788 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: DigiExam CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and e ...) NOT-FOR-US: Jenkins plugin CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBo ...) NOT-FOR-US: Jenkins plugin CVE-2023-37963 (A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 ...) NOT-FOR-US: Jenkins plugin CVE-2023-37962 (A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark ...) NOT-FOR-US: Jenkins plugin CVE-2023-37961 (A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla ...) NOT-FOR-US: Jenkins plugin CVE-2023-37960 (Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers ...) NOT-FOR-US: Jenkins plugin CVE-2023-37959 (A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 ...) NOT-FOR-US: Jenkins plugin CVE-2023-37958 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic ...) NOT-FOR-US: Jenkins plugin CVE-2023-37957 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...) NOT-FOR-US: Jenkins plugin CVE-2023-37956 (A missing permission check in Jenkins Test Results Aggregator Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2023-37955 (A cross-site request forgery (CSRF) vulnerability in Jenkins Test Resu ...) NOT-FOR-US: Jenkins plugin CVE-2023-37954 (A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder ...) NOT-FOR-US: Jenkins plugin CVE-2023-37953 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2023-37952 (A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plug ...) NOT-FOR-US: Jenkins plugin CVE-2023-37951 (Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate co ...) NOT-FOR-US: Jenkins plugin CVE-2023-37950 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2023-37949 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 a ...) NOT-FOR-US: Jenkins plugin CVE-2023-37948 (Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-37947 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier i ...) NOT-FOR-US: Jenkins plugin CVE-2023-37946 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier d ...) NOT-FOR-US: Jenkins plugin CVE-2023-37945 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2023-37944 (A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require ...) NOT-FOR-US: Jenkins plugin CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...) NOT-FOR-US: Jenkins plugin CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 (bug #1040945) [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (v4.5.1rc1) CVE-2023-3603 (A missing allocation check in sftp server processing read requests may ...) - libssh (Vulnerable code not present in 0.10.5/any released version) NOTE: https://www.libssh.org/security/advisories/CVE-2023-3603.txt NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=fe80f47b0ae8902d229ef9b8a1b4fa949b92e720 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221791 CVE-2023-3525 (The Getnet Argentina para Woocommerce plugin for WordPress is vulnerab ...) NOT-FOR-US: Getnet Argentina para Woocommerce plugin for WordPress CVE-2023-3369 (The About Me 3000 widget plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: About Me 3000 widget plugin for WordPress CVE-2023-3202 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3199 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3168 (The WP Reroute Email plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WP Reroute Email plugin for WordPress CVE-2023-3167 (The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Mail Queue plugin for WordPress CVE-2023-3166 (The Lana Email Logger plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: Lana Email Logger plugin for WordPress CVE-2023-3158 (The Mail Control plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Mail Control plugin for WordPress CVE-2023-3135 (The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: Mailtree Log Mail plugin for WordPress CVE-2023-3127 (An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iS ...) NOT-FOR-US: iSTAR CVE-2023-3122 (The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: GD Mail Queue plugin for WordPress CVE-2023-3105 (The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direc ...) NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2023-3093 (The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: YaySMTP plugin for WordPress CVE-2023-3092 (The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: SMTP Mail plugin for WordPress CVE-2023-3088 (The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WP Mail Log plugin for WordPress CVE-2023-3087 (The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: FluentSMTP plugin for WordPress CVE-2023-3082 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Post SMTP plugin for WordPress CVE-2023-3081 (The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WP Mail Logging plugin for WordPress CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: WP Mail Catcher plugin for WordPress CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...) NOT-FOR-US: WP EasyCart plugin for WordPress CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...) [experimental] - qemu 1:8.1.0+ds-1~exp1 - qemu 1:8.2.0+ds-1 (bug #1041102) [bookworm] - qemu 1:7.2+dfsg-7+deb12u4 [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9050f976e447444ea6ee2ba12c9f77e4b0dc54bc (v8.2.0-rc1) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/3c0463a650008aec7de29cf84540652730510921 (v7.2.8) CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: ARMember plugin for WordPress CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac (bug #1041421) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2514 NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345 CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac (bug #1041421) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2516 NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac (bug #1041421) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2515 NOTE: https://github.com/gpac/gpac/commit/36e1b9900ff638576cb88636bbbe2116ed06dfdc CVE-2023-37200 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) NOT-FOR-US: Schneider Electric CVE-2023-37199 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Schneider Electric CVE-2023-37198 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Schneider Electric CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) NOT-FOR-US: Schneider Electric CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) NOT-FOR-US: Schneider Electric CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) - gpac (bug #1041421) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2505 NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483 CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...) - apache-jena 4.9.0-1 (bug #1041108) [bookworm] - apache-jena (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11 CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WP-Members Membership plugin for WordPress CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vul ...) NOT-FOR-US: SOLIDWORKS CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure exists ...) NOT-FOR-US: SOLIDWORKS CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized modifi ...) NOT-FOR-US: WordPress plugin CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPres ...) NOT-FOR-US: Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress CVE-2021-4426 (The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: Absolute Reviews plugin for WordPress CVE-2021-4425 (The Defender Security plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: Defender Security plugin for WordPress CVE-2021-4424 (The Slider Hero plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: Slider Hero plugin for WordPress CVE-2021-4423 (The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: RAYS Grid plugin for WordPress CVE-2021-4422 (The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: POST SMTP Mailer plugin for WordPress CVE-2021-4421 (The Advanced Popups plugin for WordPress is vulnerable to Cross-Site R ...) NOT-FOR-US: Advanced Popups plugin for WordPress CVE-2021-4420 (The Sell Media plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Sell Media plugin for WordPress CVE-2021-4419 (The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: WP-Backgrounds Lite plugin for WordPress CVE-2021-4417 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) NOT-FOR-US: Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress CVE-2021-4416 (The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request F ...) NOT-FOR-US: wp-mpdf plugin for WordPress CVE-2021-4415 (The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: Sunshine Photo Cart plugin for WordPress CVE-2021-4414 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress CVE-2021-4413 (The Process Steps Template Designer plugin for WordPress is vulnerable ...) NOT-FOR-US: Process Steps Template Designer plugin for WordPress CVE-2021-4412 (The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WP Prayer plugin for WordPress CVE-2021-4411 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...) NOT-FOR-US: WP EasyPay – Square for WordPress plugin for WordPress CVE-2021-4410 (The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site R ...) NOT-FOR-US: Qtranslate Slug plugin for WordPress CVE-2021-4409 (The WooCommerce Etsy Integration plugin for WordPress is vulnerable to ...) NOT-FOR-US: WooCommerce Etsy Integration plugin for WordPress CVE-2021-4408 (The DW Question & Answer plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: DW Question & Answer plugin for WordPress CVE-2021-4407 (The Custom Banners plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Custom Banners plugin for WordPress CVE-2020-36761 (The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: Top 10 plugin for WordPress CVE-2020-36760 (The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: Ocean Extra plugin for WordPress CVE-2020-36757 (The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Hotel Booking plugin for WordPress CVE-2020-36756 (The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: 10WebAnalytics plugin for WordPress CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...) NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: EWWW Image Optimizer plugin for WordPress CVE-2023-37579 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...) NOT-FOR-US: SuiteCRM core CVE-2023-3626 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System CVE-2023-3625 (A vulnerability classified as critical was found in Suncreate Mountain ...) NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System CVE-2023-3624 (A vulnerability classified as critical has been found in Nesote Inout ...) NOT-FOR-US: Nesote Inout Blockchain FiatExchanger CVE-2023-3623 (A vulnerability was found in Suncreate Mountain Flood Disaster Prevent ...) NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System CVE-2023-3621 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...) NOT-FOR-US: IBOS OA CVE-2023-3620 (Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarte ...) NOT-FOR-US: amauric/tarteaucitron.js CVE-2023-3619 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-3617 (A vulnerability was found in SourceCodester Best POS Management System ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2023-37659 (xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).) NOT-FOR-US: xalpha CVE-2023-37658 (fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File ...) NOT-FOR-US: fast-poster CVE-2023-37657 (TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: TwoNav CVE-2023-37656 (WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via ...) NOT-FOR-US: WebsiteGuide CVE-2023-37597 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...) NOT-FOR-US: issabel-pbx CVE-2023-37596 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...) NOT-FOR-US: issabel-pbx CVE-2023-37391 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-37376 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-37375 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-37374 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-37280 (Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based o ...) NOT-FOR-US: Pimcore Admin Classic Bundle CVE-2023-37271 (RestrictedPython is a tool that helps to define a subset of the Python ...) - restrictedpython 6.2-1 (bug #1041429) [bookworm] - restrictedpython (Minor issue) [bullseye] - restrictedpython (Minor issue) [buster] - restrictedpython (Minor issue, no rdeps) NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh NOTE: https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 (master) NOTE: https://github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002 (5.3) CVE-2023-37248 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-37247 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-37246 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) NOT-FOR-US: Siemens CVE-2023-36884 (Windows Search Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36874 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36872 (VP9 Video Extensions Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36871 (Azure Active Directory Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36868 (Azure Service Fabric on Windows Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36867 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...) NOT-FOR-US: Microsoft CVE-2023-36825 (Orchid is a Laravel package that allows application development of bac ...) NOT-FOR-US: Decidim CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...) {DSA-5610-1} - redis 5:7.0.12-1 (bug #1040879) [bullseye] - redis (Vulnerable code introduced later) [buster] - redis (Vulnerable code introduced later) NOTE: https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3 CVE-2023-36755 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36754 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36753 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36752 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36751 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36750 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36749 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36748 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36693 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP R ...) NOT-FOR-US: WordPress plugin CVE-2023-36690 (Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS th ...) NOT-FOR-US: WordPress theme CVE-2023-36687 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Me ...) NOT-FOR-US: WordPress plugin CVE-2023-36538 (Improper access control in Zoom Rooms for Windows before version 5.15. ...) NOT-FOR-US: Zoom CVE-2023-36537 (Improper privilege management in Zoom Rooms for Windows before version ...) NOT-FOR-US: Zoom CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...) NOT-FOR-US: Zoom CVE-2023-36522 (Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert ...) NOT-FOR-US: WordPress plugin CVE-2023-36521 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) NOT-FOR-US: Siemens CVE-2023-36390 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36389 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36386 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2023-36293 (SQL injection vulnerability in wmanager v.1.0.7 and before allows a re ...) NOT-FOR-US: wmanager CVE-2023-36167 REJECTED CVE-2023-36164 REJECTED CVE-2023-36163 (Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 ...) NOT-FOR-US: BuildaGate CVE-2023-35921 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) NOT-FOR-US: Siemens CVE-2023-35920 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) NOT-FOR-US: Siemens CVE-2023-35913 (Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Ant ...) NOT-FOR-US: WordPress plugin CVE-2023-35780 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleri ...) NOT-FOR-US: WordPress plugin CVE-2023-35778 (Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Po ...) NOT-FOR-US: WordPress plugin CVE-2023-35773 (Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - Chu ...) NOT-FOR-US: WordPress plugin CVE-2023-35374 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35373 (Mono Authenticode Validation Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35367 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-35366 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-35365 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-35364 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35363 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35362 (Windows Clip Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35361 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35360 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35358 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35357 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35356 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35353 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2023-35352 (Windows Remote Desktop Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35351 (Windows Active Directory Certificate Services (AD CS) Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2023-35350 (Windows Active Directory Certificate Services (AD CS) Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2023-35348 (Active Directory Federation Service Security Feature Bypass Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-35347 (Microsoft Install Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35346 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35345 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35344 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35343 (Windows Geolocation Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35342 (Windows Image Acquisition Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35341 (Microsoft DirectMusic Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35340 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35339 (Windows CryptoAPI Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35338 (Windows Peer Name Resolution Protocol Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35337 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35336 (Windows MSHTML Platform Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35335 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-35333 (MediaWiki PandocUpload Extension Remote Code Execution Vulnerability) NOT-FOR-US: MediaWiki extension PandocUpload CVE-2023-35332 (Windows Remote Desktop Protocol Security Feature Bypass) NOT-FOR-US: Microsoft CVE-2023-35331 (Windows Local Security Authority (LSA) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35330 (Windows Extended Negotiation Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35329 (Windows Authentication Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35328 (Windows Transaction Manager Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35326 (Windows CDP User Components Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35325 (Windows Print Spooler Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35324 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-35323 (Windows OLE Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35322 (Windows Deployment Services Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35321 (Windows Deployment Services Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35320 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2023-35319 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35318 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35317 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-35316 (Remote Procedure Call Runtime Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35315 (Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-35314 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35313 (Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code E ...) NOT-FOR-US: Microsoft CVE-2023-35312 (Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35311 (Microsoft Outlook Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35310 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35309 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35308 (Windows MSHTML Platform Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35306 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-35305 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35304 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35303 (USB Audio Class System Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35302 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-35300 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35299 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-35298 (HTTP.sys Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-35297 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-35296 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-35091 (Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Man ...) NOT-FOR-US: WooCommerce addon CVE-2023-35047 (Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap ...) NOT-FOR-US: WordPress plugin CVE-2023-35044 (Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Secur ...) NOT-FOR-US: WordPress plugin CVE-2023-34561 (A buffer overflow in the level parsing code of RobTop Games AB Geometr ...) NOT-FOR-US: WordPress plugin CVE-2023-34185 (Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms for Windowsbef ...) NOT-FOR-US: Zoom CVE-2023-34118 (Improper privilege management in Zoom Rooms for Windows before version ...) NOT-FOR-US: Zoom CVE-2023-34117 (Relative path traversal in the Zoom Client SDK before version 5.15.0 m ...) NOT-FOR-US: Zoom CVE-2023-34116 (Improper input validation in the Zoom Desktop Client for Windows befor ...) NOT-FOR-US: Zoom CVE-2023-34090 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) NOT-FOR-US: Decidim CVE-2023-34089 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) NOT-FOR-US: Decidim CVE-2023-34029 (Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable ...) NOT-FOR-US: WordPress plugin CVE-2023-34015 (Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Cond ...) NOT-FOR-US: WordPress plugin CVE-2023-33174 (Windows Cryptographic Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33173 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33172 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33171 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-33170 (ASP.NET and Visual Studio Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33169 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33168 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33167 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33166 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33165 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33164 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33163 (Windows Network Load Balancing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33162 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33161 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33160 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33159 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33158 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33157 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33156 (Microsoft Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33155 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-33154 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-33153 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33152 (Microsoft ActiveX Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33151 (Microsoft Outlook Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33150 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33149 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33148 (Microsoft Office Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33134 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33127 (.NET and Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32693 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) NOT-FOR-US: Decidim CVE-2023-32104 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurato ...) NOT-FOR-US: WordPress plugin CVE-2023-32085 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-32084 (HTTP.sys Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32083 (Microsoft Failover Cluster Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32057 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32056 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-32055 (Active Template Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32052 (Microsoft Power Apps (online) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32050 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32049 (Windows SmartScreen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32047 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32046 (Windows MSHTML Platform Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32045 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32044 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32043 (Windows Remote Desktop Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32042 (OLE Automation Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32041 (Windows Update Orchestrator Service Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-32040 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-32039 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-32038 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32037 (Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-32035 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32034 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32033 (Microsoft Failover Cluster Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-31818 (An issue found in Marukyu Line v.13.4.1 allows a remote attacker to ga ...) NOT-FOR-US: Marukyu Line CVE-2023-31191 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...) NOT-FOR-US: DroneScout CVE-2023-31190 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...) NOT-FOR-US: DroneScout CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains an API that t ...) NOT-FOR-US: Rockwell CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis affect ...) NOT-FOR-US: Rockwell CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...) {DLA-3680-1} - opendkim 2.11.0~beta2-9 (bug #1041107) [bookworm] - opendkim 2.11.0~beta2-8+deb12u1 [bullseye] - opendkim 2.11.0~beta2-4+deb11u1 NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) - airflow (bug #819700) CVE-2023-36542 (Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Ser ...) NOT-FOR-US: Apache NiFi CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...) NOT-FOR-US: Ruijie CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared as crit ...) NOT-FOR-US: kodbox CVE-2023-3606 (A vulnerability was found in TamronOS up to 20230703. It has been clas ...) NOT-FOR-US: TamronOS CVE-2023-37191 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) NOT-FOR-US: Issabel CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) NOT-FOR-US: Issabel CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) NOT-FOR-US: Issabel CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...) NOT-FOR-US: SAP CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...) NOT-FOR-US: SAP CVE-2023-36922 (Due to programming error in function module and report, IS-OIL compone ...) NOT-FOR-US: SAP CVE-2023-36921 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an att ...) NOT-FOR-US: SAP CVE-2023-36919 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) NOT-FOR-US: SAP CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) NOT-FOR-US: SAP CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...) NOT-FOR-US: SAP CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...) NOT-FOR-US: Kevon CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...) NOT-FOR-US: SAP CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...) NOT-FOR-US: SAP CVE-2023-35872 (TheMessage Display Tool (MDT) of SAP NetWeaver Process Integration- ve ...) NOT-FOR-US: SAP CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP ...) NOT-FOR-US: SAP CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal ...) NOT-FOR-US: SAP CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin ...) NOT-FOR-US: LWS CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...) NOT-FOR-US: LWS CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP ...) NOT-FOR-US: SAP CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...) NOT-FOR-US: SAP CVE-2023-33989 (An attacker with non-administrative authorizations in SAP NetWeaver (B ...) NOT-FOR-US: SAP CVE-2023-33988 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) NOT-FOR-US: SAP CVE-2023-33987 (An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7 ...) NOT-FOR-US: SAP CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, ...) NOT-FOR-US: SAP CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) NOT-FOR-US: PHPGurukul Online Shopping Portal CVE-2023-3417 (Thunderbird allowed the Text Direction Override Unicode Character in f ...) {DSA-5463-1 DLA-3510-1} - thunderbird 1:102.13.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/#CVE-2023-3417 CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could have occ ...) - firefox 115.0.2-1 - thunderbird (Only affected version ever only in experimental) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3600 CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) NOT-FOR-US: SourceCodester Best Fee Management System CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub repository s ...) NOT-FOR-US: squidex CVE-2023-3579 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: HadSky CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS 5.7.109. A ...) NOT-FOR-US: DedeCMS CVE-2023-3574 (Improper Authorization in GitHub repository pimcore/customer-data-fram ...) NOT-FOR-US: pimcore customer-data-framework CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) NOT-FOR-US: SICK CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK ICR890-4 c ...) NOT-FOR-US: SICK CVE-2023-3271 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) NOT-FOR-US: SICK CVE-2023-3270 (Exposure of Sensitive Information to an Unauthorized Actor in the SICK ...) NOT-FOR-US: SICK CVE-2023-3225 (The Float menu WordPress plugin before 5.0.3 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-3219 (The EventON WordPress plugin before 2.1.2 does not validate that the e ...) NOT-FOR-US: WordPress plugin CVE-2023-3209 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) NOT-FOR-US: WordPress plugin CVE-2023-3175 (The AI ChatBot WordPress plugin before 4.6.1 does not adequately escap ...) NOT-FOR-US: WordPress plugin CVE-2023-3131 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) NOT-FOR-US: WordPress plugin CVE-2023-3129 (The URL Shortify WordPress plugin before 1.7.0 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-3118 (The Export All URLs WordPress plugin before 4.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-3077 (The MStore API WordPress plugin before 3.9.8 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-3076 (The MStore API WordPress plugin before 3.9.9 does not prevent visitors ...) NOT-FOR-US: WordPress plugin CVE-2023-37712 (Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20( ...) NOT-FOR-US: Tenda CVE-2023-37711 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) NOT-FOR-US: Tenda CVE-2023-37710 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) NOT-FOR-US: Tenda CVE-2023-37707 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37706 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37705 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37704 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37703 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37702 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37701 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37700 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dum ...) NOT-FOR-US: WordPress plugin CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-37154 - monitoring-plugins (unimportant) NOTE: Fix in nagios-plugins project: https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6 NOTE: monitoring-plugins upstream does not plan to make an upstream change similar to NOTE: nagios-plugins because there are valid usecases to execute stuff locally via NOTE: check_by_ssh (although not commonly known and used). NOTE: Documentation for expected behaviour in monitoring-plugins/check_by_ssh: NOTE: https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4 NOTE: https://joshua.hu/nagios-hacking-cve-2023-37154 CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: KodExplorer CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...) NOT-FOR-US: Projectworlds Online Art Gallery Project CVE-2023-37151 REJECTED CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scri ...) NOT-FOR-US: Sourcecodester Online Pizza Ordering System CVE-2023-36940 (Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Rep ...) NOT-FOR-US: PHPGurukul Online Fire Reporting System CVE-2023-36939 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) NOT-FOR-US: Hostel Management System CVE-2023-36936 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security ...) NOT-FOR-US: PHPGurukul Online Security Guards Hiring System CVE-2023-36691 (Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar Webw ...) NOT-FOR-US: WordPress plugin CVE-2023-36376 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) NOT-FOR-US: Hostel Management System CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System v2.1 al ...) NOT-FOR-US: Hostel Management System CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Dona ...) NOT-FOR-US: WordPress plugin CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could allow a rem ...) NOT-FOR-US: SICK CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the SICK ...) NOT-FOR-US: SICK CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) NOT-FOR-US: SICK CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) - sox 14.4.2+git20190427-3.2 (bug #1041110) [bullseye] - sox 14.4.2+git20190427-2+deb11u1 [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 NOTE: https://sourceforge.net/p/sox/bugs/367/ NOTE: Same fix as for CVE-2021-23159 CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) - sox 14.4.2+git20190427-3.2 (bug #1041111) [bullseye] - sox 14.4.2+git20190427-2+deb11u1 [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283 NOTE: https://sourceforge.net/p/sox/bugs/368/ NOTE: Same fix as for CVE-2021-23159 CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) {DLA-3527-1} - sox 14.4.2+git20190427-4 (bug #1041112) [bookworm] - sox (Minor issue) [bullseye] - sox (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 NOTE: https://sourceforge.net/p/sox/bugs/369/ NOTE: POC posted upstream is masked by fix of CVE-2021-3643, however sampling rate == 0, NOTE: thus FPE is not fixed by CVE-2021-3643 NOTE: Proposed patch: https://sourceforge.net/p/sox/bugs/_discuss/thread/e759e37389/2ead/attachment/0026-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-2964 (The Simple Iframe WordPress plugin before 1.2.0 does not properly vali ...) NOT-FOR-US: WordPress plugin CVE-2023-2796 (The EventON WordPress plugin before 2.1.2 lacks authentication and aut ...) NOT-FOR-US: WordPress plugin CVE-2023-2709 (The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-2635 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-2578 (The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-2529 (The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not implemen ...) NOT-FOR-US: WordPress plugin CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) - sox 14.4.2+git20190427-3.1 (bug #1041113) [bullseye] - sox 14.4.2+git20190427-2+deb11u1 [buster] - sox 14.4.2+git20190427-1+deb10u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 NOTE: https://sourceforge.net/p/sox/bugs/370/ NOTE: Same fix as for CVE-2022-31650 CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) NOT-FOR-US: Dynacase CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) NOT-FOR-US: Beeliked CVE-2015-10120 (A vulnerability, which was classified as problematic, was found in WDS ...) NOT-FOR-US: WordPress plugin CVE-2015-10119 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session] - spip 4.1.11+dfsg-1 [bookworm] - spip 4.1.9+dfsg-1+deb12u2 [bullseye] - spip 3.2.11-3+deb11u9 [buster] - spip 3.2.4-1+deb10u12 NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-4-SPIP-4-1-11.html CVE-2023-3568 (Open Redirect in GitHub repository alextselegidis/easyappointments pri ...) NOT-FOR-US: fossbilling CVE-2023-37288 (SmartBPM.NET component has a vulnerability of path traversal within it ...) NOT-FOR-US: SmartBPM.NET CVE-2023-37287 (SmartBPM.NET has a vulnerability of using hard-coded authentication ke ...) NOT-FOR-US: SmartBPM.NET CVE-2023-37286 (SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine ...) NOT-FOR-US: SmartBPM.NET CVE-2021-4406 (An administrator is able to execute commands as root via the alerts ma ...) NOT-FOR-US: QuantaStor CVE-2023-3045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Tise Technology Parking Web Report CVE-2023-36935 REJECTED CVE-2023-36360 REJECTED CVE-2023-34682 REJECTED CVE-2023-2853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Softmed SelfPatron CVE-2023-2852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Softmed SelfPatron CVE-2023-3567 (A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_scree ...) - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/226fae124b2dac217ea5436060d623ff3385bc34 (6.2-rc7) CVE-2023-3566 (A vulnerability was found in wallabag 2.5.4. It has been declared as p ...) NOT-FOR-US: Wallabag CVE-2023-3565 (Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampass ...) - teampass (bug #730180) CVE-2023-3564 (A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System ...) NOT-FOR-US: GZ Scripts GZ Multi Hotel Booking System CVE-2023-3563 (A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and ...) NOT-FOR-US: GZ Scripts GZ E Learning Platform CVE-2023-3562 (A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and ...) NOT-FOR-US: GZ Scripts PHP CRM Platform CVE-2023-3561 (A vulnerability, which was classified as problematic, was found in GZ ...) NOT-FOR-US: GZ Scripts PHP GZ Hotel Booking Script CVE-2023-3560 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: GZ Scripts Ticket Booking Script CVE-2023-3559 (A vulnerability classified as problematic was found in GZ Scripts PHP ...) NOT-FOR-US: GZ Scripts PHP GZ Appointment Scheduling Script CVE-2023-3558 (A vulnerability classified as problematic has been found in GZ Scripts ...) NOT-FOR-US: GZ Scripts Event Booking Calendar CVE-2023-3557 (A vulnerability was found in GZ Scripts Property Listing Script 1.0. I ...) NOT-FOR-US: GZ Scripts Property Listing Script CVE-2023-3556 (A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It ...) NOT-FOR-US: GZ Scripts Car Listing Script PHP CVE-2023-3555 (A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8 ...) NOT-FOR-US: GZ Scripts PHP Vacation Rental Script CVE-2023-3554 (A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classi ...) NOT-FOR-US: GZ Scripts GZ Forum Script CVE-2023-3553 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) - teampass (bug #730180) CVE-2023-3552 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...) - teampass (bug #730180) CVE-2023-3551 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...) - teampass (bug #730180) CVE-2023-37270 (Piwigo is open source photo gallery software. Prior to version 13.8.0, ...) - piwigo CVE-2023-37269 (Winter is a free, open-source content management system (CMS) based on ...) NOT-FOR-US: Winter CVE-2023-37262 (CC: Tweaked is a mod for Minecraft which adds programmable computers, ...) NOT-FOR-US: Tweaked mod for Minecraft CVE-2023-37261 (OpenComputers is a Minecraft mod that adds programmable computers and ...) NOT-FOR-US: OpenComputers mod for Minecraft CVE-2023-32000 (A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Ver ...) NOT-FOR-US: UniFi Network CVE-2023-3544 (A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP ...) NOT-FOR-US: GZ Scripts CVE-2023-3543 (A vulnerability was found in GZ Scripts Availability Booking Calendar ...) NOT-FOR-US: GZ Scripts CVE-2023-3542 (A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as ...) NOT-FOR-US: ThinuCMS CVE-2023-3541 (A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classifie ...) NOT-FOR-US: ThinuCMS CVE-2023-3540 (A vulnerability, which was classified as problematic, was found in Sim ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3539 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3538 (A vulnerability classified as problematic was found in SimplePHPscript ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3537 (A vulnerability classified as problematic has been found in SimplePHPs ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3536 (A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3535 (A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It h ...) NOT-FOR-US: SimplePHPscripts CVE-2023-3534 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) NOT-FOR-US: SourceCodester CVE-2023-37308 (Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username ...) NOT-FOR-US: Zoho CVE-2023-37264 (Tekton Pipelines project provides k8s-style resources for declaring CI ...) NOT-FOR-US: Tekton Pipelines CVE-2023-37173 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-37172 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-37171 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-37170 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...) NOT-FOR-US: TOTOLINK CVE-2023-37149 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2023-37148 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2023-37146 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2023-37145 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2023-37144 (Tenda AC10 v15.03.06.26 was discovered to contain a command injection ...) NOT-FOR-US: Tenda CVE-2023-37067 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37066 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37065 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37064 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37063 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37062 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) NOT-FOR-US: Chamilo LMS CVE-2023-37061 (Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege acco ...) NOT-FOR-US: Chamilo LMS CVE-2023-36994 (In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installat ...) NOT-FOR-US: TravianZ CVE-2023-36993 (The cryptographically insecure random number generator being used in T ...) NOT-FOR-US: TravianZ CVE-2023-36992 (PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the ...) NOT-FOR-US: TravianZ CVE-2023-36256 (The Online Examination System Project 1.0 version is vulnerable to Cro ...) NOT-FOR-US: Online Examination System Project CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5026 CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho CVE-2023-33715 REJECTED CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a S ...) NOT-FOR-US: ai-dev aicombinationsonfly CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed ...) NOT-FOR-US: hawk2 as packaged by SuSE CVE-2023-34442 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache Camel JIRA CVE-2023-35887 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache Mina SSHD CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache Johnzon CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) NOT-FOR-US: Outline CVE-2023-37192 (Memory management and protection issues in Bitcoin Core v22 allows att ...) - bitcoin (bug #1041427) CVE-2023-36859 (PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user inp ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-36829 (Sentry is an error tracking and performance monitoring platform. Start ...) NOT-FOR-US: Sentry CVE-2023-35987 (PiiGAB M-Bus contains hard-coded credentials which it uses for authent ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-35890 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) NOT-FOR-US: IBM CVE-2023-35765 (PiiGAB M-Bus stores credentials in a plaintext file, which could allow ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-35120 (PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-34995 (There are no requirements for setting a complex passwordfor PiiGAB M-B ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-34433 (PiiGAB M-Bus stores passwords using a weak hash algorithm.) NOT-FOR-US: PiiGAB M-Bus CVE-2023-33868 (The number of login attempts is not limited. This could allow an attac ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-32652 (PiiGAB M-Busdoes not validate identification strings before processing ...) NOT-FOR-US: PiiGAB M-Bus CVE-2023-31277 (PiiGAB M-Bus transmits credentials in plaintext format.) NOT-FOR-US: PiiGAB M-Bus CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...) NOT-FOR-US: Rotem Dynamics Rotem CRM CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...) NOT-FOR-US: ThinuTech ThinuCMS CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1041421) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/ NOTE: https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96 CVE-2023-3456 (Vulnerability of kernel raw address leakage in the hang detector modu ...) NOT-FOR-US: Huawei CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...) - linux CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...) - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 [bullseye] - linux 5.10.197-1 NOTE: https://git.kernel.org/linus/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b (6.6-rc1) CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...) NOT-FOR-US: league/oauth2-server CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful ...) NOT-FOR-US: Huawei CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...) NOT-FOR-US: Huawei CVE-2023-37241 (Input verification vulnerability in the WMS API. Successful exploitati ...) NOT-FOR-US: Huawei CVE-2023-37240 (Vulnerability of missing input length verification in the distributed ...) NOT-FOR-US: Huawei CVE-2023-37239 (Format string vulnerability in the distributed file system. Attackers ...) NOT-FOR-US: Huawei CVE-2023-37238 (Vulnerability of apps' permission to access a certain API being incomp ...) NOT-FOR-US: Huawei CVE-2023-37136 (A stored cross-site scripting (XSS) vulnerability in the Basic Website ...) NOT-FOR-US: EyouCMS CVE-2023-37135 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...) NOT-FOR-US: EyouCMS CVE-2023-37134 (A stored cross-site scripting (XSS) vulnerability in the Basic Informa ...) NOT-FOR-US: EyouCMS CVE-2023-37133 (A stored cross-site scripting (XSS) vulnerability in the Column manage ...) NOT-FOR-US: EyouCMS CVE-2023-37132 (A stored cross-site scripting (XSS) vulnerability in the custom variab ...) NOT-FOR-US: EyouCMS CVE-2023-37131 (A Cross-Site Request Forgery (CSRF) in the component /public/admin/pro ...) NOT-FOR-US: YznCMS CVE-2023-37125 (A stored cross-site scripting (XSS) vulnerability in the Management Cu ...) NOT-FOR-US: SEACMS CVE-2023-37124 (A stored cross-site scripting (XSS) vulnerability in the Site Setup mo ...) NOT-FOR-US: SEACMS CVE-2023-37122 (A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 al ...) NOT-FOR-US: Bagecms CVE-2023-36995 (TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the stati ...) NOT-FOR-US: TravianZ CVE-2023-36970 (A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 ...) NOT-FOR-US: CMS Made Simple CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via ...) NOT-FOR-US: CMS Made Simple CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...) NOT-FOR-US: Food Ordering System CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...) - sqlfluff 2.3.5-1 (bug #1041428) [bookworm] - sqlfluff (Minor issue) NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925 CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...) {DSA-5616-1 DLA-3652-1} - ruby-sanitize 6.0.2-1 (bug #1041430) NOTE: https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2) NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 CVE-2023-36462 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-36461 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-36460 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-36459 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...) NOT-FOR-US: authentik CVE-2023-36189 (SQL injection vulnerability in langchain before v0.0.247 allows a remo ...) NOT-FOR-US: langchain CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...) NOT-FOR-US: langchain CVE-2023-35948 (Novu provides an API for sending notifications through multiple channe ...) NOT-FOR-US: Novu CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...) NOT-FOR-US: Metersphere CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites. ...) - yt-dlp 2023.07.06-1 (bug #1040595) [bookworm] - yt-dlp (Minor issue) [bullseye] - yt-dlp (Minor issue) NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj NOTE: https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729 NOTE: https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07 NOTE: https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641 CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...) NOT-FOR-US: Zimbra CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...) NOT-FOR-US: Zimbra CVE-2023-34164 (Vulnerability of incomplete input parameter verification in the commun ...) NOT-FOR-US: Huawei CVE-2022-48520 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) NOT-FOR-US: Huawei CVE-2022-48519 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) NOT-FOR-US: Huawei CVE-2022-48518 (Vulnerability of signature verification in the iaware system being ini ...) NOT-FOR-US: Huawei CVE-2022-48517 (Unauthorized service access vulnerability in the DSoftBus module. Succ ...) NOT-FOR-US: Huawei CVE-2022-48516 (Vulnerability that a unique value can be obtained by a third-party app ...) NOT-FOR-US: Huawei CVE-2022-48515 (Vulnerability of inappropriate permission control in Nearby. Successfu ...) NOT-FOR-US: Huawei CVE-2022-48514 (The Sepolicy module has inappropriate permission control on the use of ...) NOT-FOR-US: Huawei CVE-2022-48513 (Vulnerability of identity verification being bypassed in the Gallery m ...) NOT-FOR-US: Huawei CVE-2022-48512 (Use After Free (UAF) vulnerability in the Vdecoderservice service. Suc ...) NOT-FOR-US: Huawei CVE-2022-48511 (Use After Free (UAF) vulnerability in the audio PCM driver module unde ...) NOT-FOR-US: Huawei CVE-2022-48510 (Input verification vulnerability in the AMS module. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-48509 (Race condition vulnerability due to multi-thread access to mutually ex ...) NOT-FOR-US: Huawei CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Successf ...) NOT-FOR-US: Huawei CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...) NOT-FOR-US: Huawei CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...) NOT-FOR-US: PX4-Autopilot CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...) NOT-FOR-US: Huawei CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...) NOT-FOR-US: Huawei CVE-2023-32258 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/ NOTE: https://git.kernel.org/linus/abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 (6.4-rc1) CVE-2023-32257 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/ NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) CVE-2023-32252 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/ NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) CVE-2023-32248 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/ NOTE: https://git.kernel.org/linus/3ac00a2ab69b34189942afa9e862d5170cdcb018 (6.4-rc1) CVE-2023-32247 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/ NOTE: https://git.kernel.org/linus/ea174a91893956450510945a0c5d1a10b5323656 (6.4-rc1) CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository fossbillin ...) NOT-FOR-US: fossbilling CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: openitcockpit CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content management s ...) NOT-FOR-US: Statamic CVE-2023-36827 (Fides is an open-source privacy engineering platform for managing the ...) NOT-FOR-US: Fides CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulne ...) NOT-FOR-US: Uptime Kuma CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authenticated at ...) NOT-FOR-US: Uptime Kuma CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users to uploa ...) NOT-FOR-US: Kiwi TCMS CVE-2023-36808 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm NOTE: Only supported behind an authenticated HTTP zone CVE-2023-36458 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-36457 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2023-35940 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qrh8-rg45-45fw NOTE: Only supported behind an authenticated HTTP zone CVE-2023-35939 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c NOTE: Only supported behind an authenticated HTTP zone CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup format to a ...) {DLA-3507-1} - pandoc 2.17.1.1-2 (bug #1041976) [bookworm] - pandoc 2.17.1.1-2~deb12u1 [bullseye] - pandoc 2.9.2.1-1+deb11u1 - haskell-pandoc 3.0.1-2 NOTE: https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g NOTE: Fixed by: https://github.com/jgm/pandoc/commit/5e381e3878b5da87ee7542f7e51c3c1a7fd84b89 (3.1.4) NOTE: Regression: https://github.com/jgm/pandoc/commit/54561e9a6667b36a8452b01d2def9e3642013dd6 (3.1.4) NOTE: Regression: https://github.com/jgm/pandoc/commit/df4f13b262f7be5863042f8a5a1c365282c81f07 (3.1.4) NOTE: Tests: https://github.com/jgm/pandoc/commit/fe62da61dfd33e6b4c0c03895c528a47a0405bf7 NOTE: Tests: https://github.com/jgm/pandoc/commit/5246f02f0bb9c176a6d2f6e3d0c03407d8a67445 NOTE: Followup (to avoid introduction of CVE-2023-38745): NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.) - gitea CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...) NOT-FOR-US: Huawei CVE-2023-3336 (TN-5900 Series version 3.3 and prior versions is vulnearble to user en ...) NOT-FOR-US: Moxa CVE-2023-3089 (A compliance problem was found in the Red Hat OpenShift Container Plat ...) NOT-FOR-US: Red Hat OpenShift Container Platform CVE-2023-36934 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-36665 ("protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows P ...) NOT-FOR-US: protobuf.js CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated o ...) NOT-FOR-US: Loxone Miniserver Go CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before 14.2 is cal ...) NOT-FOR-US: Loxone Miniserver Go CVE-2023-36622 (The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 ...) NOT-FOR-US: Loxone Miniserver Go CVE-2023-35979 (There is an unauthenticated buffer overflow vulnerabilityin the proces ...) NOT-FOR-US: Aruba CVE-2023-35978 (A vulnerability in ArubaOS could allow an unauthenticatedremote attack ...) NOT-FOR-US: Aruba CVE-2023-35977 (Vulnerabilities exist which allow an authenticated attackerto access s ...) NOT-FOR-US: Aruba CVE-2023-35976 (Vulnerabilities exist which allow an authenticated attackerto access s ...) NOT-FOR-US: Aruba CVE-2023-35975 (An authenticated path traversal vulnerability exists in theArubaOS com ...) NOT-FOR-US: Aruba CVE-2023-35974 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...) NOT-FOR-US: Aruba CVE-2023-35973 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...) NOT-FOR-US: Aruba CVE-2023-35972 (An authenticated remote command injection vulnerabilityexists in the A ...) NOT-FOR-US: Aruba CVE-2023-35971 (A vulnerability in the ArubaOS web-based management interface could al ...) NOT-FOR-US: Aruba CVE-2023-35924 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm NOTE: Only supported behind an authenticated HTTP zone CVE-2023-35863 (In MADEFORNET HTTP Debugger through 9.12, the Windows service does not ...) NOT-FOR-US: MADEFORNET HTTP Debugger CVE-2023-34654 (taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Taocms CVE-2023-34473 (AMI SPx contains a vulnerability in the BMC where a valid user may cau ...) NOT-FOR-US: AMI SPx CVE-2023-34472 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...) NOT-FOR-US: AMI SPx CVE-2023-34471 (AMI SPx contains a vulnerability in the BMC where a user may cause a m ...) NOT-FOR-US: AMI SPx CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction with web ...) - python-mechanicalsoup 1.3.0-1 (bug #1041814) [bookworm] - python-mechanicalsoup (Minor issue) [bullseye] - python-mechanicalsoup (Minor issue) [buster] - python-mechanicalsoup (Minor issue; invasive backport required) NOTE: https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4 NOTE: https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e (v1.3.0) CVE-2023-34338 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...) NOT-FOR-US: AMI SPx CVE-2023-34337 (AMI SPx contains a vulnerability in the BMC where a user may cause an ...) NOT-FOR-US: AMI SPx CVE-2023-34244 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p93p-pwg9-w95w NOTE: Only supported behind an authenticated HTTP zone CVE-2023-34107 (GLPI is a free asset and IT management software package. Versions of t ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-966h-xrf5-pmj4 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-34106 (GLPI is a free asset and IT management software package. Versions of t ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-923r-hqh4-wj7c NOTE: Only supported behind an authenticated HTTP zone CVE-2023-33335 (Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was Decembe ...) NOT-FOR-US: Sophos CVE-2023-2880 (Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all prev ...) NOT-FOR-US: Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi CVE-2023-2538 (A CWE-552 "Files or Directories Accessible to External Parties\u201d i ...) NOT-FOR-US: Tyan S5552 BMC CVE-2021-46893 (Vulnerability of unstrict data verification and parameter check. Succe ...) NOT-FOR-US: Huawei CVE-2021-46891 (Vulnerability of incomplete read and write permission verification in ...) NOT-FOR-US: Huawei CVE-2021-46890 (Vulnerability of incomplete read and write permission verification in ...) NOT-FOR-US: Huawei CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...) {DSA-5453-1 DLA-3710-1 DLA-3512-1} - linux 6.4.4-1 [bookworm] - linux 6.1.38-1 NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-900/ CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...) {DSA-5453-1 DLA-3512-1} - linux 6.4.4-1 [bookworm] - linux 6.1.38-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-899/ CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin users to exp ...) NOT-FOR-US: Zoho CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in Apache A ...) NOT-FOR-US: Apache Any23 CVE-2023-3255 (A flaw was found in the QEMU built-in VNC server while processing Clie ...) - qemu 1:8.0.4+dfsg-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 [bullseye] - qemu (Vulnerable code not present) [buster] - qemu (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486 NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/35720b3d90866ed4c174eb35762e04a1b9e533d1 (v8.0.4) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/0bf41cab93e5c72dcda717abd625698b59d9ba3e (v6.1.0-rc0) CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs showed e ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...) {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211 CVE-2023-37210 (A website could prevent a user from exiting full-screen mode via alert ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` where a ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...) {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...) {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207 CVE-2023-37206 (Uploading files which contain symlinks may have allowed an attacker to ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 CVE-2023-37205 (The use of RTL Arabic characters in the address bar may have allowed f ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205 CVE-2023-37204 (A website could have obscured the fullscreen notification by using an ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204 CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction with s ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...) {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...) {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201 CVE-2023-3482 (When Firefox is configured to block storage of all cookies, it was sti ...) - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) NOT-FOR-US: Active It Zone Active eCommerce CMS CVE-2023-3505 (A vulnerability was found in Onest CRM 1.0. It has been classified as ...) NOT-FOR-US: Onest CRM CVE-2023-3504 (A vulnerability was found in SmartWeb Infotech Job Board 1.0 and class ...) NOT-FOR-US: SmartWeb Infotech Job Board CVE-2023-3503 (A vulnerability has been found in SourceCodester Shopping Website 1.0 ...) NOT-FOR-US: SourceCodester Shopping Website CVE-2023-3502 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Shopping Website CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated state para ...) NOT-FOR-US: @fastify/oauth2 CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) NOT-FOR-US: WordPress plugin CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) NOT-FOR-US: WordPress plugin CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...) NOT-FOR-US: WordPress plugin CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...) NOT-FOR-US: WordPress plugin CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...) NOT-FOR-US: WordPress plugin CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...) NOT-FOR-US: WordPress plugin CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...) {DSA-5454-1} - kanboard 1.2.31+ds-1 (bug #1040265) NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx NOTE: https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...) NOT-FOR-US: Chrome OS CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...) NOT-FOR-US: TWinSoft Configuration Tool CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...) {DLA-3483-1} - nsis 3.09-1 (bug #1040880) [bookworm] - nsis (Minor issue) [bullseye] - nsis (Minor issue) NOTE: https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 (v309) NOTE: https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 (v309) NOTE: https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 (v309) NOTE: http://sf.net/p/nsis/bugs/1296 CVE-2023-36819 (Knowage is the professional open source suite for modern business anal ...) NOT-FOR-US: Knowage CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's Temple Church ...) NOT-FOR-US: tktchurch/website CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) accounts an ...) NOT-FOR-US: Bubka 2FAuth CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing cloud-native ...) NOT-FOR-US: Sealos CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope Content M ...) NOT-FOR-US: Products.CMFCore CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access software se ...) NOT-FOR-US: TBox CVE-2023-36610 (The affected TBox RTUs generate software security tokens using insuffi ...) NOT-FOR-US: TBox CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can run us ...) NOT-FOR-US: TBox CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...) NOT-FOR-US: TBox CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...) {DLA-3693-1} - osslsigncode 2.3.0-1 (bug #1035875) [bullseye] - osslsigncode (Minor issue) NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3 CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...) NOT-FOR-US: Maxsite CMS CVE-2023-36262 REJECTED CVE-2023-36258 (An issue in LangChain before 0.0.236 allows an attacker to execute arb ...) NOT-FOR-US: Langchain CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) NOT-FOR-US: mlogclub bbs-go CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) NOT-FOR-US: mlogclub bbs-go CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...) {DLA-3518-1} - openimageio 2.4.13.0+dfsg-1 [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/issues/3871 NOTE: https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 (master) NOTE: https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e (v2.4.13.0) CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier a ...) NOT-FOR-US: ZZCMS CVE-2023-35935 REJECTED CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) NOT-FOR-US: CometBFT CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) NOT-FOR-US: CometBFT CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...) {DSA-5465-1 DLA-3500-1} - python-django 3:3.2.20-1 (bug #1040225) NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1 NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/ NOTE: https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd (main) NOTE: https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 (3.2.20) CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Hive provider for Apache Airflow CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...) NOT-FOR-US: Trellix CVE-2023-3370 REJECTED CVE-2023-3314 (A vulnerability arises out of a failure to comprehensively sanitize th ...) NOT-FOR-US: Trellix CVE-2023-3313 (An OS common injection vulnerability exists in the ESM certificate API ...) NOT-FOR-US: Trellix CVE-2023-36001 REJECTED CVE-2023-35999 REJECTED CVE-2023-35700 REJECTED CVE-2023-35073 REJECTED CVE-2023-34211 REJECTED CVE-2023-36674 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) {DSA-5447-1} - mediawiki 1:1.39.4-1 [buster] - mediawiki (BadFileLookup was introduced in version 1.35) NOTE: https://phabricator.wikimedia.org/T335612 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/ CVE-2023-37252 NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-37253 NOT-FOR-US: MediaWiki extension ProofreadPage CVE-2023-3493 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: fossbilling CVE-2023-3491 (Unrestricted Upload of File with Dangerous Type in GitHub repository f ...) NOT-FOR-US: fossbilling CVE-2023-3490 (SQL Injection in GitHub repository fossbilling/fossbilling prior to 0. ...) NOT-FOR-US: fossbilling CVE-2023-3117 REJECTED CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series Database ...) NOT-FOR-US: OpenTSDB CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. ...) NOT-FOR-US: Intelbras CVE-2023-35947 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (bug #1041424) [bookworm] - gradle (Minor issue) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 NOTE: https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 (v8.2.0-RC3) NOTE: https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 (v8.2.0-RC3) CVE-2023-35946 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (bug #1041424) [bookworm] - gradle (Minor issue) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v NOTE: https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d (v8.2.0-RC3) NOTE: https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 (v8.2.0-RC3) CVE-2023-33298 (com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allow ...) NOT-FOR-US: Perimeter81 CVE-2023-31997 (UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi N ...) NOT-FOR-US: UniFi OS CVE-2023-29241 (Improper Information in Cybersecurity Guidebook in Bosch Building Inte ...) NOT-FOR-US: Bosch CVE-2021-4405 (The ElasticPress plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: ElasticPress plugin for WordPress CVE-2021-4404 (The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Event Espresso 4 Decaf plugin for WordPress CVE-2021-4403 (The Remove Schema plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: Remove Schema plugin for WordPress CVE-2021-4402 (The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Multiple Roles plugin for WordPress CVE-2021-4401 (The Style Kits plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Style Kits plugin for WordPress CVE-2021-4400 (The Better Search plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: Better Search plugin for WordPress CVE-2021-4399 (The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Edwiser Bridge plugin for WordPress CVE-2021-4398 (The Amministrazione Trasparente plugin for WordPress is vulnerable to ...) NOT-FOR-US: Amministrazione Trasparente plugin for WordPress CVE-2021-4397 (The Staff Directory Plugin plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Staff Directory Plugin plugin for WordPress CVE-2021-4396 (The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forg ...) NOT-FOR-US: Rucy plugin for WordPress CVE-2021-4395 (The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vu ...) NOT-FOR-US: Abandoned Cart Recovery for WooCommerce plugin for WordPress CVE-2021-4394 (The Locations plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: Locations plugin for WordPress CVE-2021-4393 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...) NOT-FOR-US: eCommerce Product Catalog Plugin for WordPress plugin for WordPress CVE-2021-4392 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...) NOT-FOR-US: eCommerce Product Catalog Plugin for WordPress plugin for WordPress CVE-2021-4391 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulner ...) NOT-FOR-US: Ultimate Gift Cards for WooCommerce plugin for WordPress CVE-2021-4390 (The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: Contact Form 7 Style plugin for WordPress CVE-2021-4389 (The WP Travel plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WP Travel plugin for WordPress CVE-2021-4388 (The Opal Estate plugin for WordPress is vulnerable to featured propert ...) NOT-FOR-US: Opal Estate plugin for WordPress CVE-2021-4387 (The Opal Estate plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: Opal Estate plugin for WordPress CVE-2021-4386 (The WP Security Question plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: WP Security Question plugin for WordPress CVE-2021-4385 (The WP Private Content Plus plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WP Private Content Plus plugin for WordPress CVE-2021-4384 (The WordPress Photo Gallery \u2013 Image Gallery plugin for WordPress ...) NOT-FOR-US: WordPress Photo Gallery – Image Gallery plugin for WordPress CVE-2020-36749 (The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: Easy Testimonials plugin for WordPress CVE-2020-36748 (The Dokan plugin for WordPress is vulnerable to Cross-Site Request For ...) NOT-FOR-US: Dokan plugin for WordPress CVE-2020-36747 (The Lightweight Sidebar Manager plugin for WordPress is vulnerable to ...) NOT-FOR-US: Lightweight Sidebar Manager plugin for WordPress CVE-2020-36746 (The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: Menu Swapper plugin for WordPress CVE-2020-36745 (The WP Project Manager plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: WP Project Manager plugin for WordPress CVE-2020-36744 (The NotificationX plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: NotificationX plugin for WordPress CVE-2020-36743 (The Product Catalog Simple plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Product Catalog Simple plugin for WordPress CVE-2020-36742 (The Custom Field Template plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: Custom Field Template plugin for WordPress CVE-2020-36741 (The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: MultiVendorX plugin for WordPress CVE-2020-36740 (The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to ...) NOT-FOR-US: Radio Buttons for Taxonomies plugin for WordPress CVE-2020-36739 (The Feed Them Social \u2013 Page, Post, Video, and Photo Galleries plu ...) NOT-FOR-US: Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress CVE-2020-36738 (The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPres ...) NOT-FOR-US: Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress CVE-2020-36737 (The Import / Export Customizer Settings plugin for WordPress is vulner ...) NOT-FOR-US: Import / Export Customizer Settings plugin for WordPress CVE-2020-36736 (The WooCommerce Checkout & Funnel Builder by CartFlows plugin for Word ...) NOT-FOR-US: WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress CVE-2020-36735 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) NOT-FOR-US: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 1.20 o ...) NOT-FOR-US: Temporal Server CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) NOT-FOR-US: Hestia Control Panel CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...) NOT-FOR-US: IBOS OA CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...) - hnswlib 0.7.0-1 (bug #1041426) [bookworm] - hnswlib 0.6.2-2+deb12u1 [bullseye] - hnswlib 0.4.0-3+deb11u1 NOTE: https://github.com/nmslib/hnswlib/issues/467 CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) - pacparser 1.4.3-1 (bug #1041425) [bookworm] - pacparser (Minor issue) [bullseye] - pacparser (Minor issue) [buster] - pacparser (Minor issue) NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9 NOTE: https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2) CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in ...) NOT-FOR-US: MISP CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...) NOT-FOR-US: MISP CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...) NOT-FOR-US: MediaWiki extension ProofreadPage CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for MediaWiki thro ...) NOT-FOR-US: MediaWiki extension DoubleWiki CVE-2023-37303 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-37302 (An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki ...) NOT-FOR-US: MediaWiki extension WikiBase CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki ...) NOT-FOR-US: MediaWiki extension WikiBase CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.) NOT-FOR-US: Joplin CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.) NOT-FOR-US: Joplin CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) {DLA-3497-1} - pypdf2 1.27.9-1 [bullseye] - pypdf2 (Minor issue) NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw NOTE: https://github.com/py-pdf/pypdf/issues/582 NOTE: https://github.com/py-pdf/pypdf/pull/808 NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/c6c56f550bb384e05f0139c796ba1308837d6373 (1.27.9) CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) - pypdf2 2.10.7-1 [bullseye] - pypdf2 (only version 2.10.5 is affected) [buster] - pypdf2 (only version 2.10.5 is affected) NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m NOTE: https://github.com/py-pdf/pypdf/issues/1329 NOTE: https://github.com/py-pdf/pypdf/pull/1331 NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/e6531a25325e7e0174b6a1ba03b57320b5227f6b (2.10.6) CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) NOT-FOR-US: HP CVE-2023-35177 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...) NOT-FOR-US: HP CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) NOT-FOR-US: HP CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...) NOT-FOR-US: HP CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...) NOT-FOR-US: angular-ui-notification CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...) - python-pipreqs (bug #1028550) CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...) NOT-FOR-US: RocketSoft Rocket LMS CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It ...) NOT-FOR-US: SimplePHPscripts GuestBook Script CVE-2023-3475 (A vulnerability was found in SimplePHPscripts Event Script 2.1 and cla ...) NOT-FOR-US: SimplePHPscripts Event Script CVE-2023-3474 (A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and ...) NOT-FOR-US: SimplePHPscripts Simple Blog CVE-2023-3473 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3469 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-3465 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...) NOT-FOR-US: SimplePHPscripts Classified Ads Script CVE-2023-3464 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...) NOT-FOR-US: SimplePHPscripts Classified Ads Script CVE-2023-3249 (The Web3 \u2013 Crypto wallet Login & NFT token gating plugin for Word ...) NOT-FOR-US: Web3 Crypto wallet Login & NFT token gating plugin for WordPress CVE-2023-3063 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...) NOT-FOR-US: SP Project & Document Manager plugin for WordPress CVE-2023-36607 (The affected TBox RTUs are missing authorization for running some API ...) NOT-FOR-US: Ovarro CVE-2023-36539 (Exposure of information intended to be encrypted by some Zoom clients ...) NOT-FOR-US: Zoom CVE-2023-36470 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-36469 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-36468 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-36347 (A broken authentication mechanism in the endpoint excel.php of POS Cod ...) NOT-FOR-US: POS Codekop CVE-2023-36146 (A Stored Cross-Site Scripting (XSS) vulnerability was found in Multila ...) NOT-FOR-US: Multilaser RE 170 CVE-2023-36143 (Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerabil ...) NOT-FOR-US: Maxprint Maxlink 1200G CVE-2023-33336 (Reflected cross site scripting (XSS) vulnerability was discovered in S ...) NOT-FOR-US: Sophos Web Appliance CVE-2023-32622 (Improper neutralization of special elements in WL-WN531AX2 firmware ve ...) NOT-FOR-US: WL-WN531AX2 firmware CVE-2023-32621 (WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with ...) NOT-FOR-US: WL-WN531AX2 firmware CVE-2023-32620 (Improper authentication vulnerability in WL-WN531AX2 firmware versions ...) NOT-FOR-US: WL-WN531AX2 firmware CVE-2023-32613 (Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmw ...) NOT-FOR-US: WL-WN531AX2 firmware CVE-2023-32612 (Client-side enforcement of server-side security issue exists in WL-WN5 ...) NOT-FOR-US: WL-WN531AX2 firmware CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community Edition and ...) NOT-FOR-US: Pleasanter CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter (Community Edi ...) NOT-FOR-US: Pleasanter CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) NOT-FOR-US: Mitsubishi CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication bypass ...) NOT-FOR-US: BookIt plugin for WordPress CVE-2023-2974 (A vulnerability was found in quarkus-core. This vulnerability occurs b ...) NOT-FOR-US: Quarkus CVE-2023-3458 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) NOT-FOR-US: SourceCodester Shopping Website CVE-2023-3457 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) NOT-FOR-US: SourceCodester Shopping Website CVE-2023-37256 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension Cargo CVE-2023-37255 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-37254 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension Cargo CVE-2023-37251 (An issue was discovered in the GoogleAnalyticsMetrics extension for Me ...) NOT-FOR-US: MediaWiki extension GoogleAnalyticsMetrics CVE-2023-36617 (A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...) - rubygems (Incomplete fix never applied) - ruby3.1 (Incomplete fix never applied) - ruby2.7 (Incomplete fix never applied) - ruby2.5 [buster] - ruby2.5 (Minor issue, ReDoS) - jruby (Incomplete fix not applied, covered by CVE-2023-28755) [buster] - jruby (Minor issue, ReDoS) NOTE: https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/ NOTE: https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1 NOTE: https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8 CVE-2023-36488 (ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Sit ...) - ilias (bug #195688) CVE-2023-36487 (The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_be ...) - ilias (bug #195688) CVE-2023-36484 (ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross- ...) - ilias (bug #195688) CVE-2023-36471 (Xwiki commons is the common modules used by other XWiki top level proj ...) NOT-FOR-US: Xwiki CVE-2023-35938 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2023-35830 (STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module Deploymen ...) NOT-FOR-US: STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity CVE-2023-34849 (An unauthorized command injection vulnerability exists in the ActionLo ...) NOT-FOR-US: Ikuai router OS CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode ...) NOT-FOR-US: Play With Docker CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...) NOT-FOR-US: Property Cloud Platform Management Center CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical information o ...) NOT-FOR-US: Telegram on iOS CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communi ...) NOT-FOR-US: Xiamen Si Xin Communication Technology Video management system CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been identifi ...) NOT-FOR-US: Gibbon CMS CVE-2023-34598 (Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it' ...) NOT-FOR-US: Gibbon CMS CVE-2023-34487 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...) NOT-FOR-US: itsourcecode Online Hotel Management System Project CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...) NOT-FOR-US: itsourcecode Online Hotel Management System Project CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...) {DSA-5473-1 DLA-3562-1} - orthanc 1.12.1+dfsg-1 (bug #1040597) NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568 NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled configuration and NOTE: a check in ExportInstanceFile (OrthancRestResources.cpp); the default value NOTE: could/work break behaviour. CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on ...) NOT-FOR-US: Sealos CVE-2023-37329 (GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Exec ...) {DSA-5444-1 DLA-3503-1} - gst-plugins-bad1.0 1.22.4-1 - gst-plugins-bad0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d CVE-2023-37327 (GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vul ...) {DSA-5445-1 DLA-3505-1} - gst-plugins-good1.0 1.22.4-1 - gst-plugins-good0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556 CVE-2023-37328 (GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Exec ...) {DSA-5443-1 DLA-3504-1} - gst-plugins-base1.0 1.22.4-1 - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/518ecba8f960137715f776dac6c93e4c4e4179d1 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d9b360708115d4acc3fd4bf13cde066391ed057 CVE-2023-3447 (The Active Directory Integration / LDAP Integration plugin for WordPre ...) NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authentica ...) NOT-FOR-US: Honeywell CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permission ...) NOT-FOR-US: Veritas NetBackup Appliance CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and modules for ...) NOT-FOR-US: calamares-nixos-extensions CVE-2023-36475 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band interactio ...) NOT-FOR-US: Interactsh CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted ...) NOT-FOR-US: Traggo Server CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...) NOT-FOR-US: MCL-Net CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is a ...) NOT-FOR-US: "Submission Web Form" of Turnitin LTI tool/plugin CVE-2023-34738 (Chemex through 3.7.1 is vulnerable to arbitrary file upload.) NOT-FOR-US: Chemex CVE-2023-34736 (Guantang Equipment Management System version 4.12 is vulnerable to Arb ...) NOT-FOR-US: Guantang Equipment Management System CVE-2023-34734 (Annet AC Centralized Management Platform 1.02.040 is vulnerable to Sto ...) NOT-FOR-US: Annet AC Centralized Management Platform CVE-2023-34652 (PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site S ...) NOT-FOR-US: PHPgurukl Hostel Management System CVE-2023-34651 (PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site ...) NOT-FOR-US: PHPgurukl Hostel Management System CVE-2023-34650 (PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: PHPgurukl Small CRM CVE-2023-34648 (A Cross Site Scripting vulnerability in PHPgurukl User Registration Lo ...) NOT-FOR-US: PHPgurukl User Registration Login and User Management System CVE-2023-34647 (PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site S ...) NOT-FOR-US: PHPgurukl Hostel Management System CVE-2023-33661 (Multiple cross-site scripting (XSS) vulnerabilities were discovered in ...) NOT-FOR-US: Church CRM CVE-2023-32610 (Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated a ...) NOT-FOR-US: Mailform Pro CGI CVE-2023-32224 (D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction o ...) NOT-FOR-US: D-Link CVE-2023-32223 (D-Link DSL-224 firmware version 3.0.10 allows post authentication comm ...) NOT-FOR-US: D-Link CVE-2023-32222 (D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows ...) NOT-FOR-US: D-Link CVE-2023-2982 (The WordPress Social Login and Register (Discord, Google, Twitter, Lin ...) NOT-FOR-US: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress CVE-2023-3450 (A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as ...) NOT-FOR-US: Ruijie RG-BCR860 CVE-2023-3449 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) NOT-FOR-US: IBOS OA CVE-2023-3445 (Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spin ...) NOT-FOR-US: Spina CMS CVE-2023-3439 (A flaw was found in the MCTP protocol in the Linux kernel. The functio ...) - linux 5.17.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5) NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1 CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's netfilt ...) {DSA-5461-1 DSA-5448-1 DLA-3710-1 DLA-3512-1} - linux 6.3.11-1 NOTE: https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7) NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97 CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...) {DSA-5480-1 DLA-3623-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8 NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663 CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan ne ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2) CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...) NOT-FOR-US: NTRIP Professional Caster CVE-2023-36467 (AWS data.all is an open source development framework to help users bui ...) NOT-FOR-US: AWS data.all CVE-2023-34937 (A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 ...) NOT-FOR-US: H3C CVE-2023-34936 (A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R ...) NOT-FOR-US: H3C CVE-2023-34935 (A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R ...) NOT-FOR-US: H3C CVE-2023-34934 (A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV1 ...) NOT-FOR-US: H3C CVE-2023-34933 (A stack overflow in the UpdateWanParams function of H3C Magic B1STV100 ...) NOT-FOR-US: H3C CVE-2023-34932 (A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R0 ...) NOT-FOR-US: H3C CVE-2023-34931 (A stack overflow in the EditWlanMacList function of H3C Magic B1STV100 ...) NOT-FOR-US: H3C CVE-2023-34930 (A stack overflow in the EditMacList function of H3C Magic B1STV100R012 ...) NOT-FOR-US: H3C CVE-2023-34929 (A stack overflow in the AddMacList function of H3C Magic B1STV100R012 ...) NOT-FOR-US: H3C CVE-2023-34928 (A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R ...) NOT-FOR-US: H3C CVE-2023-34761 (An unauthenticated attacker within BLE proximity can remotely connect ...) NOT-FOR-US: 7-Eleven LED Message Cup CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Lost and Found Information System CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).) NOT-FOR-US: Bagisto CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated clien ...) NOT-FOR-US: ABB CoreTec CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in coders/tiff.c ...) {DSA-5628-1} [experimental] - imagemagick 8:6.9.12.98+dfsg1-1 - imagemagick 8:6.9.12.98+dfsg1-2 [buster] - imagemagick (code is introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13) NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 (6.9.12-91) CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: Salon Booking System plugin for WordPress CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Subscribe2 plugin for WordPress CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS Command vuln ...) NOT-FOR-US: NEC CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) NOT-FOR-US: NEC CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) NOT-FOR-US: NEC CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) NOT-FOR-US: NEC CVE-2023-3327 REJECTED CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...) - pypdf 3.17.4-1 (bug #1040338) [bookworm] - pypdf 3.4.1-1+deb12u1 - pypdf2 2.12.1-4 (bug #1040339) [bookworm] - pypdf2 2.12.1-3+deb12u1 [bullseye] - pypdf2 (Vulnerable code not present) [buster] - pypdf2 (Vulnerable code not present) NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8 NOTE: Introduced with: https://github.com/py-pdf/pypdf/pull/969 (2.2.0) NOTE: Fixed with: https://github.com/py-pdf/pypdf/pull/1828 NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932 (3.9.0) CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earl ...) NOT-FOR-US: Snow Monkey Forms CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-48503 (The issue was addressed with improved bounds checks. This issue is fix ...) {DSA-5241-1 DSA-5240-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2023-0005.html CVE-2023-3397 (A race condition occurred between the functions lmLogClose and txEnd i ...) - linux NOTE: https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz.wz@163.com/ CVE-2023-3355 (A NULL pointer dereference flaw was found in the Linux kernel's driver ...) - linux 6.1.20-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d839f0811a31322c087a859c2b181e2383daa7be (6.3-rc1) CVE-2023-3354 (A flaw was found in the QEMU built-in VNC server. When a client connec ...) {DLA-3759-1} - qemu 1:8.0.4+dfsg-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62 (v8.0.4) CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...) - plantuml (bug #1040000) [bookworm] - plantuml (Minor issue) [bullseye] - plantuml (Minor issue) [buster] - plantuml (Minor issue) NOTE: https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/ NOTE: https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 (v1.2023.9) CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml prior t ...) - plantuml (bug #1039999) [bookworm] - plantuml (Minor issue) [bullseye] - plantuml (Minor issue) [buster] - plantuml (Minor issue) NOTE: https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/ NOTE: https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e (v1.2023.9) CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 23.6.12 ...) NOT-FOR-US: M-Files CVE-2023-36463 (Meldekarten generator is an open source project to create a program, r ...) NOT-FOR-US: Meldekarten generator CVE-2023-36002 (A missing authorization check in multiple URL validation endpoints of ...) NOT-FOR-US: Insider Threat Management Server CVE-2023-36000 (A missing authorization check in the MacOS agent configuration endpoin ...) NOT-FOR-US: Insider Threat Management Server CVE-2023-35998 (A missing authorization check in multiple SOAP endpoints of the Inside ...) NOT-FOR-US: Insider Threat Management Server CVE-2023-35800 (Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecu ...) NOT-FOR-US: Stormshield Endpoint Security Evolution CVE-2023-35799 (Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecu ...) NOT-FOR-US: Stormshield Endpoint Security Evolution CVE-2023-34839 (A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-p ...) NOT-FOR-US: Issabel CVE-2023-34838 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) NOT-FOR-US: Microworld Technologies eScan Management console CVE-2023-34837 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) NOT-FOR-US: Microworld Technologies eScan Management console CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) NOT-FOR-US: Microworld Technologies eScan Management console CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) NOT-FOR-US: Microworld Technologies eScan Management console CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: i-doit Open CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack. Weak passwo ...) NOT-FOR-US: Cloudexplorer-lite CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validation in ...) NOT-FOR-US: Shopware CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...) NOT-FOR-US: Shopware CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 Foxy ...) NOTE: Duplicate of CVE-2021-38425 CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...) NOTE: Duplicate of CVE-2021-38425 CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) NOT-FOR-US: WordPress plugin CVE-2023-2861 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...) {DLA-3759-1} - qemu 1:8.0.3+dfsg-1 [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 [bullseye] - qemu (Minor issue) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6 implement ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511/ NOTE: https://git.kernel.org/linus/84a53580c5d2138c7361c7c3eea5b31827e63b35 (6.0-rc5) CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequately ...) NOT-FOR-US: WordPress plugin CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...) NOT-FOR-US: Insider Threat Management Agent for Windows CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and escape th ...) NOT-FOR-US: WordPress plugin CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks ( ...) NOT-FOR-US: WordPress plugin CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF a ...) NOT-FOR-US: WordPress plugin CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict the infor ...) NOT-FOR-US: WordPress plugin CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5 ...) NOT-FOR-US: WordPress plugin CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation Apache Ai ...) NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) NOT-FOR-US: Apache Airflow ODBC Provider CVE-2023-3423 (Weak Password Requirements in GitHub repository cloudexplorer-dev/clou ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-3412 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images ...) NOT-FOR-US: WordPress plugin CVE-2023-3411 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images ...) NOT-FOR-US: WordPress plugin CVE-2023-3371 (The User Registration plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: User Registration plugin for WordPress CVE-2023-3132 (The MainWP Child plugin for WordPress is vulnerable to Sensitive Infor ...) NOT-FOR-US: MainWP Child plugin for WordPress CVE-2023-35695 (A remote attacker could leverage a vulnerability in Trend Micro Mobile ...) NOT-FOR-US: Trend Micro CVE-2023-35168 (DataEase is an open source data visualization analysis tool to analyze ...) NOT-FOR-US: DataEase CVE-2023-35164 (DataEase is an open source data visualization analysis tool to analyze ...) NOT-FOR-US: DataEase CVE-2023-34924 (H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflo ...) NOT-FOR-US: H3C CVE-2023-34463 (DataEase is an open source data visualization analysis tool to analyze ...) NOT-FOR-US: DataEase CVE-2023-34148 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-34147 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-34146 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-34145 (An untrusted search path vulnerability in the Trend Micro Apex One and ...) NOT-FOR-US: Trend Micro CVE-2023-34144 (An untrusted search path vulnerability in the Trend Micro Apex One and ...) NOT-FOR-US: Trend Micro CVE-2023-32605 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) NOT-FOR-US: Trend Micro CVE-2023-32604 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) NOT-FOR-US: Trend Micro CVE-2023-32557 (A path traversal vulnerability in the Trend Micro Apex One and Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-32556 (A link following vulnerability in the Trend Micro Apex One and Apex On ...) NOT-FOR-US: Trend Micro CVE-2023-32555 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2023-32554 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2023-32553 (An Improper access control vulnerability in Trend Micro Apex One and A ...) NOT-FOR-US: Trend Micro CVE-2023-32552 (An Improper access control vulnerability in Trend Micro Apex One and A ...) NOT-FOR-US: Trend Micro CVE-2023-32537 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) NOT-FOR-US: Trend Micro CVE-2023-32536 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) NOT-FOR-US: Trend Micro CVE-2023-32535 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-32534 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-32533 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-32532 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-32531 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) NOT-FOR-US: Trend Micro CVE-2023-32530 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...) NOT-FOR-US: Trend Micro CVE-2023-32529 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...) NOT-FOR-US: Trend Micro CVE-2023-32528 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...) NOT-FOR-US: Trend Micro CVE-2023-32527 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...) NOT-FOR-US: Trend Micro CVE-2023-32526 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...) NOT-FOR-US: Trend Micro CVE-2023-32525 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...) NOT-FOR-US: Trend Micro CVE-2023-32524 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 ...) NOT-FOR-US: Trend Micro CVE-2023-32523 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 ...) NOT-FOR-US: Trend Micro CVE-2023-32522 (A path traversal exists in a specific dll of Trend Micro Mobile Securi ...) NOT-FOR-US: Trend Micro CVE-2023-32521 (A path traversal exists in a specific service dll of Trend Micro Mobil ...) NOT-FOR-US: Trend Micro CVE-2023-3361 (A flaw was found in Red Hat OpenShift Data Science. When exporting a p ...) NOT-FOR-US: OpenShift Data CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to 114.0.5735.198 ...) {DSA-5440-1} - chromium 114.0.5735.198-1 [buster] - chromium (see DSA 5046) CVE-2023-3421 (Use after free in Media in Google Chrome prior to 114.0.5735.198 allow ...) {DSA-5440-1} - chromium 114.0.5735.198-1 [buster] - chromium (see DSA 5046) CVE-2023-3420 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed ...) {DSA-5440-1} - chromium 114.0.5735.198-1 [buster] - chromium (see DSA 5046) CVE-2023-3398 (Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.) NOT-FOR-US: jgraph/drawio CVE-2023-3113 (An unauthenticated XML external entity injection (XXE) vulnerability e ...) NOT-FOR-US: Lenovo CVE-2023-36631 (Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Fir ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control CVE-2023-36301 (Talend Data Catalog before 8.0-20230221 contain a directory traversal ...) NOT-FOR-US: Talend Data Catalog CVE-2023-36252 (An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote ...) NOT-FOR-US: Ateme Flamingo XL CVE-2023-35933 (OPenFGA is an open source authorization/permission engine built for de ...) NOT-FOR-US: OPenFGA CVE-2023-35930 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...) NOT-FOR-US: SpiceDB CVE-2023-35170 REJECTED CVE-2023-34422 (A valid, authenticated LXCA user with elevated privileges may be able ...) NOT-FOR-US: Lenovo CVE-2023-34421 (A valid, authenticated LXCA user with elevated privileges may be able ...) NOT-FOR-US: Lenovo CVE-2023-34420 (A valid, authenticated LXCA user with elevated privileges may be able ...) NOT-FOR-US: Lenovo CVE-2023-34418 (A valid, authenticated LXCA user may be able to gain unauthorized acce ...) NOT-FOR-US: Lenovo CVE-2023-33580 (Phpgurukul Student Study Center Management System V1.0 is vulnerable t ...) NOT-FOR-US: Phpgurukul Student Study Center Management System CVE-2023-33404 (An Unrestricted Upload vulnerability, due to insufficient validation o ...) NOT-FOR-US: BlogEngine.Net CVE-2023-33176 (BigBlueButton is an open source virtual classroom designed to help tea ...) NOT-FOR-US: BigBlueButton CVE-2023-2993 (A valid, authenticated user with limited privileges may be able to use ...) NOT-FOR-US: Lenovo CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...) NOT-FOR-US: Lenovo CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) {DSA-5447-1} - mediawiki 1:1.39.4-1 [buster] - mediawiki (partial blocking was introduced in 1.33) NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 NOTE: https://phabricator.wikimedia.org/T332889 CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) NOT-FOR-US: INEX IXP-Manager CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...) {DSA-5446-1} - ghostscript 10.01.2~dfsg-1 [buster] - ghostscript (Vulnerable code not present; no path validation at all) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706761 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706778 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea (ghostpdl-10.01.2) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb342fdb60391073a69147cb71af1ac416a81099 (ghostpdl-10.01.2) CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows ...) NOT-FOR-US: it-novum openITCOCKPIT (aka open IT COCKPIT) CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...) NOT-FOR-US: Atlassian CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory ...) - nettle (Only affects 3.9.x and experimental is fixed) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1212112 NOTE: Introduced with: https://git.lysator.liu.se/nettle/nettle/-/commit/9cf0e2d2675268a403194d85a78a44e8cbdf562b (nettle_3.9_release_20230514) NOTE: Fixed by: https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f (nettle_3.9.1_release_20230601) CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...) NOTE: Disputed Python issue CVE-2023-36630 (In CloudPanel before 2.3.1, insecure file upload leads to privilege es ...) NOT-FOR-US: CloudPanel CVE-2015-20109 (end_pattern (called from internal_fnmatch) in the GNU C Library (aka g ...) - glibc 2.22-1 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18036 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61 (glibc-2.22) CVE-2023-36612 (Directory traversal can occur in the Basecamp com.basecamp.bc3 applica ...) NOT-FOR-US: Basecamp CVE-2023-3388 (The Beautiful Cookie Consent Banner for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2023-3387 (The Lana Text to Image plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: Lana Text to Image plugin for WordPress CVE-2023-3197 (The MStore API plugin for WordPress is vulnerable to Unauthenticated B ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-35932 (jcvi is a Python library to facilitate genome assembly, annotation, an ...) NOT-FOR-US: jcvi CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a self-host ...) - nextcloud-server (bug #941708) CVE-2023-35927 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) - nextcloud-server (bug #941708) CVE-2023-35173 (Nextcloud End-to-end encryption app provides all the necessary APIs to ...) NOT-FOR-US: Nextcloud End-to-end encryption app CVE-2023-35172 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) - nextcloud-server (bug #941708) CVE-2023-35171 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) - nextcloud-server (bug #941708) CVE-2023-35169 (PHP-IMAP is a wrapper for common IMAP communication without the need t ...) NOT-FOR-US: PHP-Imap NOTE: src:ldap-account-manager bundles it, but not relevant for it CVE-2023-35165 (AWS Cloud Development Kit (AWS CDK) is an open-source software develop ...) NOT-FOR-US: AWS Cloud Development Kit CVE-2023-35163 (Vega is a decentralized trading platform that allows pseudo-anonymous ...) NOT-FOR-US: Vega CVE-2023-35154 (Knowage is an open source analytics and business intelligence suite. S ...) NOT-FOR-US: Knowage CVE-2023-34254 (The GLPI Agent is a generic management agent. Prior to version 1.5, if ...) - glpi NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465 CVE-2023-3394 (Session Fixation in GitHub repository fossbilling/fossbilling prior to ...) NOT-FOR-US: fossbilling CVE-2023-3393 (Code Injection in GitHub repository fossbilling/fossbilling prior to 0 ...) NOT-FOR-US: fossbilling CVE-2023-3391 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2023-3384 (A flaw was found in the Quay registry. While the image labels created ...) NOT-FOR-US: Quay CVE-2023-3383 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Game Result Matrix System CVE-2023-3382 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Game Result Matrix System CVE-2023-3381 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online School Fees System CVE-2023-3380 (A vulnerability classified as critical has been found in Wavlink WN579 ...) NOT-FOR-US: WAVLINK CVE-2023-3304 (Improper Access Control in GitHub repository admidio/admidio prior to ...) NOT-FOR-US: admidio CVE-2023-3303 (Improper Access Control in GitHub repository admidio/admidio prior to ...) NOT-FOR-US: admidio CVE-2023-3302 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: admidio CVE-2023-36348 (POS Codekop v2.0 was discovered to contain an authenticated remote cod ...) NOT-FOR-US: POS Codekop CVE-2023-36346 (POS Codekop v2.0 was discovered to contain a reflected cross-site scri ...) NOT-FOR-US: POS Codekop CVE-2023-36345 (A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attacke ...) NOT-FOR-US: POS Codekop CVE-2023-36289 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) NOT-FOR-US: Webkul QloApps CVE-2023-36288 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) NOT-FOR-US: Webkul QloApps CVE-2023-36287 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) NOT-FOR-US: Webkul QloApps CVE-2023-36284 (An unauthenticated Time-Based SQL injection found in Webkul QloApps 1. ...) NOT-FOR-US: Webkul QloApps CVE-2023-36274 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) - libredwg (bug #595191) CVE-2023-36273 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) - libredwg (bug #595191) CVE-2023-36272 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) - libredwg (bug #595191) CVE-2023-36271 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) - libredwg (bug #595191) CVE-2023-35931 (Shescape is a simple shell escape library for JavaScript. An attacker ...) NOT-FOR-US: Shescape CVE-2023-35925 (FastAsyncWorldEdit (FAWE) is designed for efficient world editing. Thi ...) NOT-FOR-US: FastAsyncWorldEdit CVE-2023-35759 (In Progress WhatsUp Gold before 23.0.0, an SNMP-related application en ...) NOT-FOR-US: Progress WhatsUp Gold CVE-2023-35167 (Remult is a CRUD framework for full-stack TypeScript. If you used the ...) NOT-FOR-US: Remult CVE-2023-35162 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35161 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35160 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35159 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35158 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35157 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35156 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35155 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35153 (XWiki Platform is a generic wiki platform. Starting in version 5.4.4 a ...) NOT-FOR-US: XWiki CVE-2023-35152 (XWiki Platform is a generic wiki platform. Starting in version 12.9-rc ...) NOT-FOR-US: XWiki CVE-2023-35151 (XWiki Platform is a generic wiki platform. Starting in version 7.3-mil ...) NOT-FOR-US: XWiki CVE-2023-35150 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35048 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mage ...) NOT-FOR-US: WordPress plugin CVE-2023-34673 (Elenos ETG150 FM transmitter running on version 3.12 was discovered to ...) NOT-FOR-US: Elenos ETG150 FM transmitter CVE-2023-34672 (Improper Access Control leads to adding a high-privilege user affectin ...) NOT-FOR-US: Elenos ETG150 FM transmitter CVE-2023-34671 (Improper Access Control leads to privilege escalation affecting Elenos ...) NOT-FOR-US: Elenos ETG150 FM transmitter CVE-2023-34467 (XWiki Platform is a generic wiki platform. Starting in version 3.5-mil ...) NOT-FOR-US: XWiki CVE-2023-34466 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-34465 (XWiki Platform is a generic wiki platform. Starting in version 11.8-rc ...) NOT-FOR-US: XWiki CVE-2023-34464 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-34460 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2023-34203 (In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explo ...) NOT-FOR-US: Progress OpenEdge OEM CVE-2023-34188 (The HTTP server in Mongoose before 7.10 accepts requests containing ne ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...) NOT-FOR-US: WordPress plugin CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium ...) NOT-FOR-US: WordPress plugin CVE-2023-33565 (ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYT ...) NOTE: Duplicate of CVE-2021-38425 CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...) NOT-FOR-US: WordPress plugin CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...) NOT-FOR-US: Dell CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue ...) {DSA-5449-1} - webkit2gtk 2.40.3-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.3-1 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0005.html CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...) {DSA-5396-1} - webkit2gtk 2.40.0-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0005.html CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2023-32423 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-32422 (This issue was addressed by adding additional SQLite logging restricti ...) NOT-FOR-US: Apple CVE-2023-32420 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32419 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32417 (This issue was addressed by restricting options offered on a locked de ...) NOT-FOR-US: Apple CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informa ...) NOT-FOR-US: Apple CVE-2023-32414 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-32413 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2023-32412 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32411 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32410 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32408 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-32407 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32405 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-32404 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informa ...) NOT-FOR-US: Apple CVE-2023-32402 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32400 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-32399 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-32398 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32397 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32395 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-32393 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5396-1} - webkit2gtk 2.40.0-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0006.html CVE-2023-32392 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-32391 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-32390 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informa ...) NOT-FOR-US: Apple CVE-2023-32388 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-32387 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-32386 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-32385 (A denial-of-service issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2023-32384 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2023-32382 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32380 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2023-32376 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32375 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32372 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32371 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-32369 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32368 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32367 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-32365 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-32363 (A permissions issue was addressed by removing vulnerable code and addi ...) NOT-FOR-US: Apple CVE-2023-32360 (An authentication issue was addressed with improved state management. ...) {DLA-3594-1} - cups 2.4.2-6 (bug #1051953) [bookworm] - cups 2.4.2-3+deb12u2 [bullseye] - cups 2.3.3op2-3+deb11u4 NOTE: https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 (v2.4.3) CVE-2023-32357 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2023-32355 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-32354 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-32353 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-32352 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-32351 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim. On ...) - grafana CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...) NOT-FOR-US: Terraform Enterprise CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via t ...) - gifsicle 1.94-1 (unimportant; bug #1038976) NOTE: https://github.com/kohler/gifsicle/issues/191 NOTE: https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb (v1.94) NOTE: Crash in CLI tool, no security impact CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...) - sngrep 1.7.0-2 (unimportant; bug #1038975) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/irontec/sngrep/issues/438 NOTE: https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc CVE-2023-36191 REJECTED CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME Server before ...) NOT-FOR-US: Safe Software FME Server CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...) - moodle CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO access con ...) - moodle CVE-2023-35131 (Content on the groups page required additional sanitizing to prevent a ...) - moodle CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attacke ...) NOT-FOR-US: WAFU Keyless Smart Lock CVE-2023-34462 (Netty is an asynchronous event-driven network application framework fo ...) {DSA-5558-1} - netty 1:4.1.48-8 (bug #1038947) [buster] - netty (SslClientHelloHandler introduced in v4.1.46) NOTE: https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 NOTE: https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32 (netty-4.1.94.Final) CVE-2023-34110 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (bug #1038948) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3 NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626 (v4.3.2) CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, ...) NOT-FOR-US: Fortinet CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability) NOT-FOR-US: Yet Another Reverse Proxy CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper certificat ...) NOT-FOR-US: Dell CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-servic ...) NOT-FOR-US: Dell CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a self-hosted ...) - nextcloud-server (bug #941708) CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was ...) NOT-FOR-US: Apache StreamPipes CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with the pa ...) - libpam-krb5 (unimportant) NOTE: Documented shortcoming of Linux pam-krb NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/2 CVE-2023-3256 (Advantech R-SeeNet versions 2.4.22 allows low-level users to access ...) NOT-FOR-US: Advantech R-SeeNet CVE-2023-36371 (An issue in the GDKfree component of MonetDB Server v11.45.17 and v11. ...) NOT-FOR-US: MonetDB Server CVE-2023-36370 (An issue in the gc_col component of MonetDB Server v11.45.17 and v11.4 ...) NOT-FOR-US: MonetDB Server CVE-2023-36369 (An issue in the list_append component of MonetDB Server v11.45.17 and ...) NOT-FOR-US: MonetDB Server CVE-2023-36368 (An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and ...) NOT-FOR-US: MonetDB Server CVE-2023-36367 (An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11. ...) NOT-FOR-US: MonetDB Server CVE-2023-36366 (An issue in the log_create_delta component of MonetDB Server v11.45.17 ...) NOT-FOR-US: MonetDB Server CVE-2023-36365 (An issue in the sql_trans_copy_key component of MonetDB Server v11.45. ...) NOT-FOR-US: MonetDB Server CVE-2023-36364 (An issue in the rel_deps component of MonetDB Server v11.45.17 and v11 ...) NOT-FOR-US: MonetDB Server CVE-2023-36363 (An issue in the __nss_database_lookup component of MonetDB Server v11. ...) NOT-FOR-US: MonetDB Server CVE-2023-36362 (An issue in the rel_sequences component of MonetDB Server v11.45.17 an ...) NOT-FOR-US: MonetDB Server CVE-2023-36359 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND ...) NOT-FOR-US: TP-Link CVE-2023-36358 (TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR8 ...) NOT-FOR-US: TP-Link CVE-2023-36357 (An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL ...) NOT-FOR-US: TP-Link CVE-2023-36356 (TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N ...) NOT-FOR-US: TP-Link CVE-2023-36355 (TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: TP-Link CVE-2023-36354 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/ ...) NOT-FOR-US: TP-Link CVE-2023-36243 (FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml ...) - flvmeta (unimportant; bug #1038977) NOTE: https://github.com/noirotm/flvmeta/issues/19 NOTE: https://github.com/noirotm/flvmeta/commit/7b91e5656e27b16639c8de156878c7624346cbd4 (v1.2.2) NOTE: Crash in CLI tool, no security impact CVE-2023-36239 (libming listswf 0.4.7 was discovered to contain a buffer overflow in t ...) - ming NOTE: https://github.com/libming/libming/issues/273 CVE-2023-36097 (funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via ...) NOT-FOR-US: funadmin CVE-2023-36093 (There is a storage type cross site scripting (XSS) vulnerability in th ...) NOT-FOR-US: EyouCMS CVE-2023-35926 (Backstage is an open platform for building developer portals. The Back ...) NOT-FOR-US: Backstage CVE-2023-35918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WordPress plugin CVE-2023-35917 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal ...) NOT-FOR-US: WordPress plugin CVE-2023-35174 (Livebook is a web application for writing interactive and collaborativ ...) NOT-FOR-US: Livebook CVE-2023-35093 (Broken Access Control vulnerability in StylemixThemes MasterStudy LMS ...) NOT-FOR-US: WordPress plugin CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-34939 (Onlyoffice Community Server before v12.5.2 was discovered to contain a ...) NOT-FOR-US: Onlyoffice Community Server CVE-2023-34927 (Casdoor v1.331.0 and below was discovered to contain a Cross-Site Requ ...) NOT-FOR-US: Casdoor CVE-2023-34923 (XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in T ...) NOT-FOR-US: TOPdesk CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashb ...) NOT-FOR-US: dmarcts-report-viewer CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL injectio ...) NOT-FOR-US: Jeesite CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) NOT-FOR-US: WordPress plugin CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP O ...) NOT-FOR-US: WordPress plugin CVE-2023-34028 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) NOT-FOR-US: WordPress plugin CVE-2023-34006 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-33997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wi ...) NOT-FOR-US: WordPress plugin CVE-2023-33387 (A reflected cross-site scripting (XSS) vulnerability in DATEV eG Perso ...) NOT-FOR-US: DATEV CVE-2023-33323 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...) NOT-FOR-US: WordPress plugin CVE-2023-32960 (Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, Da ...) NOT-FOR-US: WordPress plugin CVE-2023-32571 (Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to ...) NOT-FOR-US: Dynamic Linq CVE-2023-32239 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress theme CVE-2023-31868 (Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XS ...) NOT-FOR-US: Sage X3 CVE-2023-31867 (Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.) NOT-FOR-US: Sage X3 CVE-2023-2991 (Fortra Globalscape EFT's administration server suffers from an informa ...) NOT-FOR-US: Fortra Globalscape CVE-2023-2990 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial o ...) NOT-FOR-US: Fortra Globalscape CVE-2023-2989 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of ...) NOT-FOR-US: Fortra Globalscape CVE-2023-2611 (Advantech R-SeeNet versions 2.4.22 is installed with a hidden root- ...) NOT-FOR-US: Advantech R-SeeNet CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...) NOT-FOR-US: jmarsden/jsonij CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...) NOT-FOR-US: IBM CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.) NOT-FOR-US: Blogengine.net CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...) NOT-FOR-US: Dell CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for Woo ...) NOT-FOR-US: WordPress plugin CVE-2023-3359 (An issue was discovered in the Linux kernel brcm_nvram_parse in driver ...) - linux 6.1.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b0576ade3aaf24b376ea1a4406ae138e2a22b0c0 (6.2-rc7) CVE-2023-3358 (A null pointer dereference was found in the Linux kernel's Integrated ...) - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8 (6.2-rc5) CVE-2023-3357 (A NULL pointer dereference flaw was found in the Linux kernel AMD Sens ...) - linux 6.1.4-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/53ffa6a9f83b2170c60591da1ead8791d5a42e81 (6.2-rc1) CVE-2023-3351 REJECTED CVE-2023-3110 (Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier ...) NOT-FOR-US: SiLabs Unify Gateway CVE-2023-34981 (A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1 ...) - tomcat10 10.1.10-1 [bookworm] - tomcat10 (Issue introduced in 10.1.8) - tomcat9 (Vulnerable code introduced in 9.0.74) NOTE: https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz NOTE: Introduced due to fix for: https://bz.apache.org/bugzilla/show_bug.cgi?id=66512 NOTE: Fixed by: https://bz.apache.org/bugzilla/show_bug.cgi?id=66591 CVE-2023-33725 (Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovere ...) NOT-FOR-US: Broadleaf CVE-2023-33591 (User Registration & Login and User Management System v1.0 was discover ...) NOT-FOR-US: User Registration & Login and User Management System CVE-2023-33584 (Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Enrollment System Project CVE-2023-33289 (The urlnorm crate through 0.1.4 for Rust allows Regular Expression Den ...) NOT-FOR-US: Rust crate urlnorm CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recursive ...) - bind9 (Only affects BIND Supported Preview Edition) NOTE: https://kb.isc.org/docs/cve-2023-2829 CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...) {DSA-5439-1} - bind9 1:9.18.16-1 [buster] - bind9 (Vulnerable code not present; libns added in 9.19.14) NOTE: https://kb.isc.org/docs/cve-2023-2911 NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch CVE-2023-2828 (Every `named` instance configured to run as a recursive resolver maint ...) {DSA-5439-1 DLA-3498-1} - bind9 1:9.18.16-1 NOTE: https://kb.isc.org/docs/cve-2023-2828 NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch CVE-2023-XXXX [RUSTSEC-2023-0045] - rust-memoffset 0.6.4-1 [bullseye] - rust-memoffset (Minor issue) [buster] - rust-memoffset (Minor issue, Undefined Behavior) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0045.html NOTE: https://github.com/Gilnaa/memoffset/issues/24 CVE-2023-3339 (A vulnerability has been found in code-projects Agro-School Management ...) NOT-FOR-US: Agro-School Management System CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Accumulo CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...) NOT-FOR-US: SourceCodester Online School Fees System CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's DECnet ...) {DSA-5480-1 DLA-3623-1 DLA-3508-1} - linux 6.1.4-1 NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3 NOTE: https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1) CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping System Adv ...) NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced CVE-2023-3220 (An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_ ...) - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/93340e10b9c5fc86730d149636e0aa8b47bb5a34 (6.3-rc1) CVE-2023-35885 (CloudPanel 2 before 2.3.1 has insecure file-manager cookie authenticat ...) NOT-FOR-US: CloudPanel CVE-2023-35854 (Zoho ManageEngine ADSelfService Plus through 6113 has an authenticatio ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-35166 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-35098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Bri ...) NOT-FOR-US: WordPress plugin CVE-2023-35097 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet ...) NOT-FOR-US: WordPress plugin CVE-2023-35095 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flot ...) NOT-FOR-US: WordPress plugin CVE-2023-34600 (Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.) NOT-FOR-US: Adiscon LogAnalyzer CVE-2023-34597 (A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers ...) NOT-FOR-US: Fibaro Motion Sensor firmware CVE-2023-34596 (A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attacke ...) NOT-FOR-US: Aeotec WallMote Switch firmware CVE-2023-34563 (netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overfl ...) NOT-FOR-US: Netgear CVE-2023-34541 (Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_pr ...) NOT-FOR-US: Langchain CVE-2023-33869 (Enphase Envoy versions D7.0.88 is vulnerable to a command injection ex ...) NOT-FOR-US: Enphase Envoy CVE-2023-33495 (Craft CMS through 4.4.9 is vulnerable to HTML Injection.) NOT-FOR-US: Craft CMS CVE-2023-32274 (Enphase Installer Toolkit versions 3.27.0 has hard coded credentials e ...) NOT-FOR-US: Enphase Installer Toolkit CVE-2023-2533 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...) NOT-FOR-US: PaperCut CVE-2023-2400 (Improper deletion of resource in the user management feature in Devolu ...) NOT-FOR-US: Devolutions Server CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: CMS Commander plugin for WordPress CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Sticky Social plugin for WordPress CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...) NOT-FOR-US: EventPrime plugin CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vady ...) NOT-FOR-US: WordPress plugin CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross- ...) NOT-FOR-US: SUBNET PowerSYSTEM Center CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable t ...) NOT-FOR-US: SUBNET PowerSYSTEM Center CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management System 1 ...) NOT-FOR-US: SourceCodester Resort Management System CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capability in ...) - linux (Vulnerable code never in released version in unstable) NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6) CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 (v4.5.1rc1) CVE-2023-3312 (A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpuf ...) - linux (Vulnerable code never present in released version) NOTE: https://git.kernel.org/linus/ba5e770c9698782bc203bbf5cf3b36a77720bdbe (6.4-rc1) CVE-2023-35843 (NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability ...) NOT-FOR-US: NocoDB CVE-2023-35779 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed ...) NOT-FOR-US: WordPress plugin CVE-2023-35776 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-35775 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backu ...) NOT-FOR-US: WordPress plugin CVE-2023-35772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Go ...) NOT-FOR-US: WordPress plugin CVE-2023-34461 (PyBB is an open source bulletin board. A manual code review of the PyB ...) NOT-FOR-US: PyBB CVE-2023-34373 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr ...) NOT-FOR-US: WordPress plugin CVE-2023-34167 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) NOT-FOR-US: Huawei CVE-2023-34166 (Vulnerability of system restart triggered by abnormal callbacks passed ...) NOT-FOR-US: Huawei CVE-2023-34163 (Permission control vulnerability in the window management module.Succe ...) NOT-FOR-US: Huawei CVE-2023-34162 (Version update determination vulnerability in the user profile module. ...) NOT-FOR-US: Huawei CVE-2023-34161 (nappropriate authorization vulnerability in the SettingsProvider modul ...) NOT-FOR-US: Huawei CVE-2023-34160 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) NOT-FOR-US: Huawei CVE-2023-34159 (Improper permission control vulnerability in the Notepad app.Successfu ...) NOT-FOR-US: Huawei CVE-2023-34158 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) NOT-FOR-US: Huawei CVE-2023-34156 (Vulnerability of services denied by early fingerprint APIs on HarmonyO ...) NOT-FOR-US: Huawei CVE-2023-34155 (Vulnerability of unauthorized calling on HUAWEI phones and tablets.Suc ...) NOT-FOR-US: Huawei CVE-2023-33213 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...) NOT-FOR-US: WordPress plugin CVE-2023-31411 (A remote unprivileged attacker can modify and access configuration set ...) NOT-FOR-US: SICK CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...) NOT-FOR-US: SICK CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c file ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1) NOTE: Introduced by the fix for CVE-2022-3599/CVE-2022-4645/CVE-2023-30086/CVE-2023-30774: NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 (v4.5.0rc1) CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Marksoft CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not escape a ...) NOT-FOR-US: WordPress plugin CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user input on c ...) NOT-FOR-US: WordPress plugin CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not check f ...) NOT-FOR-US: WordPress plugin CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting Systems Imag ...) NOT-FOR-US: Dominion Voting Systems CVE-2022-48501 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48500 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48499 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48498 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48497 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48496 (Vulnerability of lax app identity verification in the pre-authorizatio ...) NOT-FOR-US: Huawei CVE-2022-48495 (Vulnerability of unauthorized access to foreground app information.Suc ...) NOT-FOR-US: Huawei CVE-2022-48494 (Vulnerability of lax app identity verification in the pre-authorizatio ...) NOT-FOR-US: Huawei CVE-2022-48493 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48492 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48491 (Vulnerability of missing authentication on certain HUAWEI phones.Succe ...) NOT-FOR-US: Huawei CVE-2022-48490 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48489 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48488 (Vulnerability of bypassing the default desktop security controls.Succe ...) NOT-FOR-US: Huawei CVE-2022-48487 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48486 (Configuration defects in the secure OS module.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2023-3311 (A vulnerability, which was classified as problematic, was found in Pun ...) NOT-FOR-US: PuneethReddyHC online-shopping-system-advanced CVE-2023-3310 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: Agro-School Management System CVE-2023-3309 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-3308 (A vulnerability classified as problematic has been found in whaleal Ic ...) NOT-FOR-US: whaleal IceFrog CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as criti ...) NOT-FOR-US: miniCal CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...) NOTE: Disputed KeePassXC issue CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...) NOT-FOR-US: libcoap CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active even af ...) NOT-FOR-US: Siren Investigate CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...) NOT-FOR-US: Nintendo Mario Kart Wii CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game server ...) NOT-FOR-US: Counter-Strike CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an external sourc ...) - suricata 1:6.0.13-1 [bookworm] - suricata (Minor issue) [bullseye] - suricata (Minor issue) [buster] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who controls an ...) - suricata 1:6.0.13-1 [bookworm] - suricata (Minor issue) [bullseye] - suricata (Minor issue) [buster] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335 NOTE: https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17 CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly c ...) NOT-FOR-US: picoTCP CVE-2023-35848 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size ...) NOT-FOR-US: picoTCP CVE-2023-35847 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MS ...) NOT-FOR-US: picoTCP CVE-2023-35846 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the ...) NOT-FOR-US: picoTCP CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has insecure ...) NOT-FOR-US: Lightdash CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder befor ...) NOT-FOR-US: elFinder CVE-2023-35839 (A bypass in the component sofa-hessian of Solon before v2.3.3 allows a ...) NOT-FOR-US: Solon CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3228cec23b8b29215e18090c6ba635840190993d (6.4-rc1) NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-34657 (A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 al ...) NOT-FOR-US: Eyoucms CVE-2023-34642 (KioWare for Windows through v8.33 was discovered to contain an incompl ...) NOT-FOR-US: KioWare for Windows CVE-2023-34641 (KioWare for Windows through v8.33 was discovered to contain an incompl ...) NOT-FOR-US: KioWare for Windows CVE-2023-34603 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: JeecgBoot CVE-2023-34602 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: JeecgBoot CVE-2023-32542 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...) NOT-FOR-US: TELLUS CVE-2023-32538 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) NOT-FOR-US: TELLUS CVE-2023-32288 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...) NOT-FOR-US: TELLUS CVE-2023-32276 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) NOT-FOR-US: TELLUS CVE-2023-32273 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) NOT-FOR-US: TELLUS CVE-2023-32270 (Access of memory location after end of buffer issue exists in TELLUS v ...) NOT-FOR-US: TELLUS CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) NOT-FOR-US: TELLUS CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V- ...) NOT-FOR-US: FUJI CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX ...) NOT-FOR-US: Ricoh CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) {DLA-3508-1} - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1) NOTE: USB_RENESAS_USB3 not enabled in Debian NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-35827 (An issue was discovered in the Linux kernel through 6.3.8. A use-after ...) {DSA-5594-1 DLA-3711-1} - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/ CVE-2023-35826 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/50d0a7aea4809cef87979d4669911276aa23b71f (6.4-rc1) NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-35825 REJECTED CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) {DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1) NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) {DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1) NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-35005 (In Apache Airflow, some potentially sensitive values were being shown ...) - airflow (bug #819700) CVE-2023-3306 (A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It ha ...) NOT-FOR-US: Ruijie CVE-2023-3305 (A vulnerability was found in C-DATA Web Management System up to 202306 ...) NOT-FOR-US: C-DATA Web Management System CVE-2023-35813 (Multiple Sitecore products allow remote code execution. This affects E ...) NOT-FOR-US: Sitecore CVE-2023-35811 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) NOT-FOR-US: SugarCRM CVE-2023-35810 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) NOT-FOR-US: SugarCRM CVE-2023-35809 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) NOT-FOR-US: SugarCRM CVE-2023-35808 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) NOT-FOR-US: SugarCRM CVE-2014-125106 (Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec ...) - nanopb (Fixed before initial upload to Debian) NOTE: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168 (nanopb-0.3.1) CVE-2023-3297 (In Ubuntu's accountsservice an unprivileged local attacker can trigger ...) - accountsservice (Ubuntu specific 0010-set-language.patch not applied in Debian) NOTE: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) NOT-FOR-US: WordPress plugin CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...) [experimental] - jpeg-xl 0.8.2-1 - jpeg-xl (bug #1055306) [bookworm] - jpeg-xl (Minor issue) NOTE: https://github.com/libjxl/libjxl/pull/2551 NOTE: https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226 CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbitmq-c) ...) - librabbitmq (bug #1037322) [bookworm] - librabbitmq (Minor issue) [bullseye] - librabbitmq (Minor issue) [buster] - librabbitmq (Minor issue) NOTE: https://github.com/alanxz/rabbitmq-c/issues/575 NOTE: https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0 CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract development. St ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer Te ...) NOT-FOR-US: Wolters Kluwer TeamMate+ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...) NOT-FOR-US: saleor/react-storefront CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) NOT-FOR-US: salesagility/suitecrm-core CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1 NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5) CVE-2023-35784 (A double free or use after free could occur after SSL_clear in OpenBSD ...) - libressl (bug #754513) CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x throu ...) NOT-FOR-US: Typo3 extension CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL ...) NOT-FOR-US: Typo3 extension CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer ...) NOT-FOR-US: TP-Link CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitial ...) NOT-FOR-US: xlsxio CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media Infotain ...) NOT-FOR-US: Volkswagen Discover Media Infotainment System Software CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg ...) NOT-FOR-US: jjeecg-boot CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id p ...) NOT-FOR-US: jeecg-boot CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.) NOT-FOR-US: jfinal CMS CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Simple Customer Relationship Management CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5 and before ...) NOT-FOR-US: FortiGuard CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7 ...) NOT-FOR-US: FortiGuard CVE-2023-2918 REJECTED CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a memory-efficient wa ...) - mattermost-server (bug #823556) CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an attacker to ...) - mattermost-server (bug #823556) CVE-2023-2793 (Mattermost fails to validate links on external websites when construct ...) - mattermost-server (bug #823556) CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing an att ...) - mattermost-server (bug #823556) CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost fails to ...) - mattermost-server (bug #823556) CVE-2023-2788 (Mattermost fails to check if an admin user account active after an oau ...) - mattermost-server (bug #823556) CVE-2023-2787 (Mattermost fails to check channel membership when accessing message th ...) - mattermost-server (bug #823556) CVE-2023-2786 (Mattermost fails to properly check thepermissions when executing comma ...) - mattermost-server (bug #823556) CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log message o ...) - mattermost-server (bug #823556) CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not, befo ...) - mattermost-server (bug #823556) CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...) - mattermost-server (bug #823556) CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...) {DSA-5452-1} - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf CVE-2023-3269 (A vulnerability exists in the memory management subsystem of the Linux ...) {DSA-5448-1} - linux 6.3.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://github.com/lrh2000/StackRot NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1 NOTE: https://www.openwall.com/lists/oss-security/2023/07/28/1 CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1) CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...) NOT-FOR-US: MOVEit CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Bludit CVE-2023-34800 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) NOT-FOR-US: D-Link CVE-2023-34797 (Broken access control in the Registration page (/Registration.aspx) of ...) NOT-FOR-US: Termenos CWX CVE-2023-34165 (Unauthorized access vulnerability in the Save for later feature provid ...) NOT-FOR-US: Huawei CVE-2023-34157 (Vulnerability of HwWatchHealth being hijacked.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2023-34154 (Vulnerability of undefined permissions in HUAWEI VR screen projection. ...) NOT-FOR-US: Huawei CVE-2023-32754 (Thinking Software Efence login function has insufficient validation fo ...) NOT-FOR-US: Thinking Software Efence CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict upload of ...) NOT-FOR-US: OMICARD CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s file uploa ...) NOT-FOR-US: L7 Networks InstantScan CVE-2023-32028 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 NOTE: https://github.com/kubernetes/kubernetes/issues/118690 CVE-2023-2728 (Users may be able to launch containers that bypass the mountable secre ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-2727 (Users may be able to launch containers using images that are restricte ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 NOTE: https://github.com/kubernetes/kubernetes/issues/118640 CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Dromara HuTool CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) NOT-FOR-US: PHPGurukul Rail Pass Management System CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Supplier Management System CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...) NOT-FOR-US: cmseasy CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.) NOT-FOR-US: PublicCMS CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...) NOT-FOR-US: ThinkAdmin CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...) NOT-FOR-US: Phpgurukul Cyber Cafe Management System CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.) - piwigo CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of ...) NOT-FOR-US: snappy-java CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) NOT-FOR-US: snappy-java CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) NOT-FOR-US: snappy-java CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing system fo ...) {DLA-3476-1} - cups 2.4.2-5 (bug #1038885) [bookworm] - cups 2.4.2-3+deb12u1 [bullseye] - cups 2.3.3op2-3+deb11u3 NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/4 NOTE: https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 NOTE: Introduced by: https://github.com/OpenPrinting/cups/commit/996acce8760c538b9fee69c99f274ffc27744386#diff-ea18088a3c3df78fec37244a94c58754b6e5cb7fbfd7066f6124de51a73c284d (v2.2b1) CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...) NOT-FOR-US: STARFACE CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...) NOT-FOR-US: Bosch CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...) NOT-FOR-US: PrestaShop CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...) NOT-FOR-US: silabs SGDK CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...) NOT-FOR-US: Silicon Labs Gecko SDK CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...) NOT-FOR-US: silabs Bluetooth SDK CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic] - rust-sequoia-openpgp 1.16.0-1 [bookworm] - rust-sequoia-openpgp (Minor issue) [bullseye] - rust-sequoia-openpgp (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...) NOT-FOR-US: Liferay CVE-2023-3138 (A vulnerability was found in libX11. The security flaw occurs because ...) {DSA-5433-1 DLA-3472-1} - libx11 2:1.8.6-1 (bug #1038133) NOTE: https://www.openwall.com/lists/oss-security/2023/06/15/2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c CVE-2023-35030 (Cross-site request forgery (CSRF) vulnerability in the Layout module's ...) NOT-FOR-US: Liferay CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO configuration i ...) NOT-FOR-US: Liferay CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Creat ...) - netbox (bug #1017079) CVE-2023-34452 (Grav is a flat-file content management system. In versions 1.7.42 and ...) NOT-FOR-US: Grav CMS CVE-2023-34449 (ink! is an embedded domain specific language to write smart contracts ...) NOT-FOR-US: ink! CVE-2023-34448 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) NOT-FOR-US: Grav CMS CVE-2023-34253 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) NOT-FOR-US: Grav CMS CVE-2023-34252 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) NOT-FOR-US: Grav CMS CVE-2023-34251 (Grav is a flat-file content management system. Versions prior to 1.7.4 ...) NOT-FOR-US: Grav CMS CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: SoftExpert Excellence Suite CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router ...) NOT-FOR-US: adslr VW2100 router CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...) NOT-FOR-US: ESET CVE-2023-2820 (An information disclosure vulnerability in the faye endpoint in Proofp ...) NOT-FOR-US: Proofpoint CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...) NOT-FOR-US: Proofpoint CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...) NOT-FOR-US: OTCMS CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...) NOT-FOR-US: OTCMS CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...) NOT-FOR-US: OTCMS CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...) NOT-FOR-US: lua-resty-json CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...) NOT-FOR-US: cfnts CVE-2023-35116 (jackson-databind through 2.15.2 allows attackers to cause a denial of ...) NOTE: Disputed jackson-databind issue NOTE: https://github.com/FasterXML/jackson-databind/issues/3972 NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091 CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...) NOT-FOR-US: jjson CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...) NOT-FOR-US: Ujcms CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5083 CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5084 CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows attackers to m ...) NOT-FOR-US: ujcms CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer overflow i ...) - fdkaac (unimportant; bug #1038951) NOTE: https://github.com/nu774/fdkaac/issues/55 NOTE: https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8 (v1.0.5) NOTE: Crash in CLI tool, no security impact CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow in read ...) - fdkaac (unimportant; bug #1038951) NOTE: https://github.com/nu774/fdkaac/issues/55 NOTE: https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8 (v1.0.5) NOTE: Crash in CLI tool, no security impact CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: bloofox CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...) NOT-FOR-US: ujcms CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...) {DSA-5471-1 DLA-3520-1} - libhtmlcleaner-java 2.29-1 NOTE: https://github.com/amplafi/htmlcleaner/issues/13 CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...) - jtidy (bug #1038663) [bookworm] - jtidy (Minor issue) [bullseye] - jtidy (Minor issue) [buster] - jtidy (Minor issue, DoS) NOTE: https://github.com/trajano/jtidy/issues/4 CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...) NOT-FOR-US: hjson CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...) NOT-FOR-US: genson CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...) NOT-FOR-US: jbjson CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...) NOT-FOR-US: JSONUtil CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...) NOT-FOR-US: sojo CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...) NOT-FOR-US: ph-json CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...) NOT-FOR-US: mjson CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...) NOT-FOR-US: json-io CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to cause a ...) NOT-FOR-US: flexjson CVE-2023-34585 REJECTED CVE-2023-34540 (Langchain before v0.0.225 was discovered to contain a remote code exec ...) NOT-FOR-US: Langchain CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...) NOT-FOR-US: Microsoft CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...) NOT-FOR-US: Contiki-NG CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...) NOT-FOR-US: Dell CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via P ...) NOT-FOR-US: PrestaShop postfinance CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...) - guava-libraries 32.0.1-1 (bug #1038979) [bookworm] - guava-libraries (Minor issue) [bullseye] - guava-libraries (Minor issue) [buster] - guava-libraries (Minor issue) NOTE: https://github.com/google/guava/releases/tag/v32.0.0 NOTE: https://github.com/google/guava/issues/2575 CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...) NOT-FOR-US: Jenkins plugin CVE-2023-35148 (A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.a ...) NOT-FOR-US: Jenkins plugin CVE-2023-35147 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not rest ...) NOT-FOR-US: Jenkins plugin CVE-2023-35146 (Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2023-35145 (Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2023-32262 (A potential vulnerability has been identified in the Micro Focus Dimen ...) NOT-FOR-US: Jenkins plugin CVE-2023-32261 (A potential vulnerability has been identified in the Micro Focus Dimen ...) NOT-FOR-US: Jenkins plugin CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validat ...) NOT-FOR-US: Jenkins plugin CVE-2023-35141 (In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests a ...) - jenkins CVE-2023-3238 (A vulnerability, which was classified as critical, has been found in O ...) NOT-FOR-US: OTCMS CVE-2023-3237 (A vulnerability classified as critical was found in OTCMS up to 6.62. ...) NOT-FOR-US: OTCMS CVE-2023-3236 (A vulnerability classified as critical has been found in mccms up to 2 ...) NOT-FOR-US: mccms CVE-2023-3235 (A vulnerability was found in mccms up to 2.6.5. It has been rated as c ...) NOT-FOR-US: mccms CVE-2023-3234 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...) NOT-FOR-US: Zhong Bang CRMEB CVE-2023-3233 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...) NOT-FOR-US: Zhong Bang CRMEB CVE-2023-3232 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classifi ...) NOT-FOR-US: Zhong Bang CRMEB CVE-2023-3231 (A vulnerability has been found in UJCMS up to 6.0.2 and classified as ...) NOT-FOR-US: UJCMS CVE-2023-3230 (Missing Authorization in GitHub repository fossbilling/fossbilling pri ...) NOT-FOR-US: fossbilling CVE-2023-3229 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...) NOT-FOR-US: fossbilling CVE-2023-3228 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...) NOT-FOR-US: fossbilling CVE-2023-3227 (Insufficient Granularity of Access Control in GitHub repository fossbi ...) NOT-FOR-US: fossbilling CVE-2023-3203 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3201 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3200 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3198 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-3189 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online School Fees System CVE-2023-3001 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...) NOT-FOR-US: Schneider Electric CVE-2023-34944 (An arbitrary file upload vulnerability in the /fileUpload.lib.php comp ...) NOT-FOR-US: Chamilo LMS CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacke ...) - hoteldruid 3.0.6-1 (bug #1038251) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) NOTE: https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 CVE-2023-34396 (Allocation of Resources Without Limits or Throttling vulnerability in ...) - libstruts1.2-java CVE-2023-34250 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerability in ...) - libstruts1.2-java CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...) NOT-FOR-US: WordPress plugin CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) {DSA-5435-1 DLA-3475-1} - trafficserver 9.2.1+ds-1 (bug #1038248) NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs NOTE: https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec (master) NOTE: https://github.com/apache/trafficserver/commit/726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 (9.2.1-rc0) NOTE: https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0 (8.1.7) CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) - hoteldruid 3.0.6-1 (bug #1038251) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) NOTE: https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5 CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33145 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33144 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33142 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33140 (Microsoft OneNote Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33139 (Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33137 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33135 (.NET and Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33133 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33132 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33131 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33130 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33129 (Microsoft SharePoint Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33128 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-33126 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32301 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-32061 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-32032 (.NET and Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: .NET CVE-2023-32029 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32022 (Windows Server Service Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32021 (Windows SMB Witness Service Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32020 (Windows DNS Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32019 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32018 (Windows Hello Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32017 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-32016 (Windows Installer Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32015 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-32014 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-32013 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32012 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32011 (Windows iSCSI Discovery Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32010 (Windows Bus Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32009 (Windows Collaborative Translation Framework Elevation of Privilege Vul ...) NOT-FOR-US: Microsoft CVE-2023-32008 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-2778 (A denial-of-service vulnerability exists in Rockwell Automation Factor ...) NOT-FOR-US: Rockwell Automation CVE-2023-2639 (The underlying feedback mechanism of Rockwell Automation'sFactoryTal ...) NOT-FOR-US: Rockwell Automation CVE-2023-2638 (Rockwell Automation's FactoryTalk System Services does not verify that ...) NOT-FOR-US: Rockwell Automation CVE-2023-2637 (Rockwell Automation's FactoryTalk System Services uses a hard-coded cr ...) NOT-FOR-US: Rockwell Automation CVE-2023-2570 (A CWE-129: Improper Validation of Array Index vulnerability exists tha ...) NOT-FOR-US: Schneider Electric CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could cause l ...) NOT-FOR-US: Schneider Electric CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.) NOT-FOR-US: Nuxt CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...) NOT-FOR-US: openitcockpit CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...) NOT-FOR-US: TMT Lockcell CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...) NOT-FOR-US: TMT Lockcell CVE-2023-3048 (Authorization Bypass Through User-Controlled Key vulnerability in TMT ...) NOT-FOR-US: TMT Lockcell CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: TMT Lockcell CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Satos Satos Mobile CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...) NOT-FOR-US: SSPanel-Uim CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...) NOT-FOR-US: benjjvi/PyBB CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...) NOT-FOR-US: Keystone CMS CVE-2023-34122 (Improper input validation in the installer for Zoom for Windows clien ...) NOT-FOR-US: Zoom CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...) NOT-FOR-US: Zoom CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...) NOT-FOR-US: Zoom CVE-2023-34115 (Buffer copy without checking size of input in Zoom Meeting SDK befor ...) NOT-FOR-US: Zoom CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoom for ...) NOT-FOR-US: Zoom CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for Windows cl ...) NOT-FOR-US: Zoom CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...) NOT-FOR-US: Hutool CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...) NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...) NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware CVE-2023-33568 (An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers ...) - dolibarr CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...) NOT-FOR-US: FortiGuard CVE-2023-33124 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) NOT-FOR-US: Siemens CVE-2023-33123 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) NOT-FOR-US: Siemens CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) NOT-FOR-US: Siemens CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) NOT-FOR-US: Siemens CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...) NOT-FOR-US: WPS Office CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...) NOT-FOR-US: Chatwork Desktop Application CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...) NOT-FOR-US: Redmine plugin CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...) - systemd (unimportant) NOTE: Disputed by upstream NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...) - systemd (unimportant) NOTE: Disputed by upstream NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...) - systemd (unimportant) NOTE: Disputed by upstream NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...) NOT-FOR-US: Wi-Fi AP UNIT CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...) NOT-FOR-US: Wi-Fi AP UNIT CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...) NOT-FOR-US: ASUS Router RT-AX3000 Firmware CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...) NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...) NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...) NOT-FOR-US: KB-AHR/KB-IRIP CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...) NOT-FOR-US: Pandora FMS CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...) NOT-FOR-US: Jiyu Kukan Toku-Toku coupon App for iOS CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) NOT-FOR-US: FRENIC RHC Loader CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. ...) NOT-FOR-US: FRENIC RHC Loader CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader ...) NOT-FOR-US: FRENIC RHC Loader CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...) {DSA-5432-1 DLA-3464-1} - xmltooling 3.2.4-1 (bug #1037948) NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=6080f6343f98fec085bc0fd746913ee418cc9d30 CVE-2023-33991 (SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 7 ...) NOT-FOR-US: SAP CVE-2023-33986 (SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, ...) NOT-FOR-US: SAP CVE-2023-33985 (SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently ...) NOT-FOR-US: SAP CVE-2023-33984 (SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfa ...) NOT-FOR-US: SAP CVE-2023-32674 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...) NOT-FOR-US: HP CVE-2023-32673 (Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assis ...) NOT-FOR-US: HP CVE-2023-32221 (EaseUS Todo Backup version 20220111.390 - An omission during installat ...) NOT-FOR-US: EaseUS Todo Backup CVE-2023-32220 (Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass ...) NOT-FOR-US: Milesight NCR/camera CVE-2023-32219 (A Mazda model (2015-2016) can be unlocked via an unspecified method.) NOT-FOR-US: Mazda CVE-2023-32115 (An attacker can exploit MDS COMPARE TOOL and use specially crafted inp ...) NOT-FOR-US: SAP CVE-2023-32114 (SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, ...) NOT-FOR-US: SAP CVE-2023-2876 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 P ...) NOT-FOR-US: ABB CVE-2023-2827 (SAP Plant Connectivity - version 15.5 (PCo) or the Production Connecto ...) NOT-FOR-US: SAP CVE-2023-2729 (Use of insufficiently random values vulnerability in User Management F ...) NOT-FOR-US: Synology CVE-2023-2673 (Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUAR ...) NOT-FOR-US: PHOENIX CONTACT CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress Contact Forms by Cimatti plugin for WordPress CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file system in ...) {DSA-5480-1 DSA-5448-1 DLA-3710-1 DLA-3623-1} - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2) CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: RoadFlow Visual Process Engine .NET Core Mvc CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...) NOT-FOR-US: Chengdu VEC40G CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6) CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...) NOT-FOR-US: JetBrains YouTrack CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...) NOT-FOR-US: JetBrains YouTrack CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...) NOT-FOR-US: GeoServer CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) NOT-FOR-US: Asus CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...) NOT-FOR-US: Asus CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) NOT-FOR-US: Asus CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...) NOT-FOR-US: Youxun Electronic Equipment CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...) NOT-FOR-US: Sourcecodester Service Provider Management System CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...) NOT-FOR-US: NanoMQ CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's ReplaceXmp ...) - imagemagick (Vulnerable code not present) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) CVE-2023-34474 (A heap-based buffer overflow issue was discovered in ImageMagick's Rea ...) - imagemagick (Vulnerable code not present) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...) NOT-FOR-US: NanoMQ CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...) NOT-FOR-US: Apache NiFi CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...) NOT-FOR-US: AMI BMC CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...) NOT-FOR-US: AMI BMC CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) {DLA-3494-1} [experimental] - ruby-doorkeeper 5.6.6-1 - ruby-doorkeeper 5.6.6-2 (bug #1038950) [bookworm] - ruby-doorkeeper (Minor issue) [bullseye] - ruby-doorkeeper (Minor issue) NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/1589 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1646 NOTE: Fixed by: https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907 (v5.6.6) CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) NOT-FOR-US: Apache NiFi CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) NOT-FOR-US: SRS video server CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) NOT-FOR-US: WordPress plugin CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) NOT-FOR-US: D-Link CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) NOT-FOR-US: D-Link CVE-2023-33624 REJECTED CVE-2023-33623 REJECTED CVE-2023-33622 REJECTED CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: EyouCMS CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...) NOT-FOR-US: git-url-parse Rust crate CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...) NOT-FOR-US: LabCollector CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) NOT-FOR-US: WordPress plugin CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...) NOT-FOR-US: WordPress plugin CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2023-2398 (The Icegram Engage WordPress plugin before 3.1.12 does not escape a pa ...) NOT-FOR-US: WordPress plugin CVE-2023-2362 (The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress pl ...) NOT-FOR-US: WordPress plugin CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2023-35034 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2023-35033 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) NOT-FOR-US: Unify CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) NOT-FOR-US: Node crypto-js CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) NOT-FOR-US: WordPress plugin CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick 8:6.9.12.98+dfsg1-2 [bookworm] - imagemagick (regression introduced by some backport of CVE-2023-1906, debian patch does not include the regression) [bullseye] - imagemagick (regression introduced by some backport of CVE-2023-1906, debian patch does not include the regression) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c (7.1.0-11) NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea (6.9.12-20) NOTE: ReIntroduced (regression) by 6.9.12-55 https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.) - froxlor (bug #581792) CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3190 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...) - teampass (bug #730180) CVE-2023-3188 (Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncas ...) NOT-FOR-US: Owncast CVE-2023-3187 (A vulnerability, which was classified as critical, has been found in P ...) NOT-FOR-US: PHPGurukul Teachers Record Management System CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) NOT-FOR-US: SourceCodester Performance Indicator System CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...) {DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1) NOTE: Only "exploitable" by removing the module which needs root privileges CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) NOT-FOR-US: D-Link CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...) NOT-FOR-US: @udecode/plate-link CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) NOT-FOR-US: Contiki-NG CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Fuel CMS CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...) - grpc (bug #1059280) [bookworm] - grpc (Minor issue) [bullseye] - grpc (Minor issue) [buster] - grpc (Minor issue; request smuggling; recheck whether fixed or introduced by #32309 when CVE description is updated) NOTE: https://github.com/grpc/grpc/pull/32309 NOTE: CVE description and fix are sensible, but there seem to be confusion: https://github.com/grpc/grpc/pull/32309#issuecomment-1589703522 CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...) - grpc (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/grpc/grpc/pull/32309#issuecomment-1589561295 (v1.53.0-pre1) NOTE: Fixed by: https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946 (v1.56.0-pre1) CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...) NOT-FOR-US: UmbracoIdentityExtensions CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) NOT-FOR-US: SourceCodester CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2023-3173 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) - froxlor (bug #581792) CVE-2023-3172 (Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.) - froxlor (bug #581792) CVE-2023-34364 (A buffer overflow was discovered in Progress DataDirect Connect for OD ...) NOT-FOR-US: Progress DataDirect Connect for ODBC CVE-2023-34363 (An issue was discovered in Progress DataDirect Connect for ODBC before ...) NOT-FOR-US: Progress DataDirect Connect for ODBC CVE-2023-34243 (TGstation is a toolset to manage production BYOND servers. In affected ...) NOT-FOR-US: TGstation CVE-2023-34233 (The Snowflake Connector for Python provides an interface for developin ...) NOT-FOR-US: Snowflake connector for Python CVE-2023-34232 (snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerab ...) NOT-FOR-US: Snowflake connector for NodeJS CVE-2023-34230 (snowflake-connector-net, the Snowflake Connector for .NET, is vulnerab ...) NOT-FOR-US: Snowflake connector for .NET CVE-2023-34112 (JavaCPP Presets is a project providing Java distributions of native C+ ...) NOT-FOR-US: JavaCPP Presents CVE-2023-32751 (Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the downl ...) NOT-FOR-US: Pydio Cells CVE-2023-2897 (The Brizy Page Builder plugin for WordPress is vulnerable to IP Addres ...) NOT-FOR-US: WordPress plugin CVE-2023-2896 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2895 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2894 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2893 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2892 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2891 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2023-2767 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2764 (The Draw Attention plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2023-2688 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2607 (The Multiple Page Generator Plugin for WordPress is vulnerable to time ...) NOT-FOR-US: WordPress plugin CVE-2023-2604 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-2599 (The Active Directory Integration plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-2584 (The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2023-2558 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2557 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2556 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2555 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2526 (The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-2484 (The Active Directory Integration plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-2452 (The Advanced Woo Search plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-2450 (The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is v ...) NOT-FOR-US: Woocommerce plugin CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-3164 (A heap-buffer-overflow vulnerability was found in LibTIFF, in extractI ...) - tiff (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542 NOTE: Crash in CLI tool, no security impact CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Management ...) NOT-FOR-US: SourceCodester Life Insurance Management System CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It has been ...) NOT-FOR-US: y_project RuoYi CVE-2023-3161 (A flaw was found in the Framebuffer Console (fbcon) in the Linux Kerne ...) - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/2b09d5d364986f724f17001ccfe4126b9b43a0be (6.2-rc7) CVE-2023-34962 (Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a st ...) NOT-FOR-US: Chamilo LMS CVE-2023-34961 (Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site ...) NOT-FOR-US: Chamilo LMS CVE-2023-34959 (An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute ...) NOT-FOR-US: Chamilo LMS CVE-2023-34958 (Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a stud ...) NOT-FOR-US: Chamilo LMS CVE-2023-34571 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34570 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34569 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34568 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34567 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34566 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) NOT-FOR-US: Tenda CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a ...) NOT-FOR-US: Snowflake connector for GO CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...) NOT-FOR-US: Thruk CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...) - cpdb-libs 1.2.0-3 (bug #1038253) [bookworm] - cpdb-libs 1.2.0-2+deb12u1 NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7 NOTE: 1.2.x version predate the upstream commit 3f66d47252d5 ("print_frontend: Use NOTE: larger and more easily adjustable string buffers") and only using buffers of NOTE: 100 characters of length. CVE-2023-33660 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) NOT-FOR-US: NanoMQ CVE-2023-33658 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) NOT-FOR-US: NanoMQ CVE-2023-33657 (A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerabil ...) NOT-FOR-US: NanoMQ CVE-2023-33443 (Incorrect access control in the administrative functionalities of BES- ...) NOT-FOR-US: BES VideoPlayTool CVE-2023-32750 (Pydio Cells through 4.1.2 allows SSRF. For longer running processes, P ...) NOT-FOR-US: Pydio Cells CVE-2023-32749 (Pydio Cells allows users by default to create so-called external users ...) NOT-FOR-US: Pydio Cells CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...) {DLA-3628-1} [experimental] - dbus 1.15.6-1 - dbus 1.14.8-1 (bug #1037151) [bookworm] - dbus 1.14.8-1~deb12u1 [bullseye] - dbus 1.12.28-0+deb11u1 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine ...) NOT-FOR-US: Gradio CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby ...) - gatsby (bug #922188) CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) NOT-FOR-US: IBM CVE-2023-33848 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) NOT-FOR-US: IBM CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) NOT-FOR-US: IBM CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) NOT-FOR-US: IBM CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...) NOT-FOR-US: xxl-rpc CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 ...) NOT-FOR-US: HID SAFE CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...) NOT-FOR-US: Advantech CVE-2023-3153 (A flaw was found in Open Virtual Network where the service monitor MAC ...) - ovn 23.09.0-1 (bug #1043598) [bookworm] - ovn (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 NOTE: https://github.com/ovn-org/ovn/issues/198 NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html NOTE: https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd (v23.03.1) CVE-2023-3152 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3150 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3149 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3148 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3147 (A vulnerability has been found in SourceCodester Online Discussion For ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3146 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3145 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3144 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3143 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2023-3142 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNI ...) NOT-FOR-US: KNIME Business Hub CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A design fla ...) - sabnzbdplus 4.0.2+dfsg-1 (bug #1038949) [bookworm] - sabnzbdplus (Minor issue) [bullseye] - sabnzbdplus (Minor issue) [buster] - sabnzbdplus (Minor issue; simple workaround exists) NOTE: https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc (4.0.2RC2) NOTE: https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429 (4.0.2RC2) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract development. By ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator written in typ ...) NOT-FOR-US: zxcvbn-ts CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and other ope ...) NOT-FOR-US: mailcow CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...) - python3.11 (Vulnerable code not present) - python3.10 (Vulnerable code not present) - python3.9 (Vulnerable code not present) - python3.7 (Vulnerable code not present) - python2.7 (Vulnerable code not present) NOTE: https://github.com/python/cpython/issues/103824 NOTE: Introduced by: https://github.com/python/cpython/commit/1ef61cf71a218c71860ff6aecf0fd51edb8b65dc (v3.12.0b1) NOTE: Fixed by: https://github.com/python/cpython/commit/d5a97074d24cd14cb2a35a2b1ad3074863cde264 (v3.12.0b1) CVE-2023-33556 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attacker ...) NOT-FOR-US: Planet Technologies WDRT-1800AX CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary file ...) NOT-FOR-US: Jeecg P3 Biz Chat CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privileg ...) NOT-FOR-US: alist CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution ...) NOT-FOR-US: Marval MSM CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key for secr ...) NOT-FOR-US: Marval MSM CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account with de ...) NOT-FOR-US: Marval MSM CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...) - puppet (Specific to Puppet Enterprise) CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...) NOT-FOR-US: Pinterest Automatic plugin for WordPress CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...) NOT-FOR-US: WooCommerce Multi Currency plugin for WordPress CVE-2021-4337 (Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-46889 (The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to file dele ...) NOT-FOR-US: Adning Advertising plugin for WordPress CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...) NOT-FOR-US: Adning Advertising plugin for WordPress CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink ...) {DLA-3501-1} - renderdoc (bug #1037208) [bookworm] - renderdoc (Minor issue) [bullseye] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...) {DLA-3501-1} - renderdoc (bug #1037208) [bookworm] - renderdoc (Minor issue) [bullseye] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...) {DLA-3501-1} - renderdoc (bug #1037208) [bookworm] - renderdoc (Minor issue) [bullseye] - renderdoc (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) CVE-2023-3126 (The B2BKing plugin for WordPress is vulnerable to unauthorized access ...) NOT-FOR-US: B2BKing plugin for WordPress CVE-2023-3125 (The B2BKing plugin for WordPress is vulnerable to unauthorized modific ...) NOT-FOR-US: B2BKing plugin for WordPress CVE-2023-3124 (The Elementor Pro plugin for WordPress is vulnerable to unauthorized d ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2023-33782 (D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection ...) NOT-FOR-US: D-Link CVE-2023-33781 (An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2023-33604 (Imperial CMS v7.5 was discovered to contain an arbitrary file deletion ...) NOT-FOR-US: Imperial CMS CVE-2023-33601 (An arbitrary file upload vulnerability in /admin.php?c=upload of phpok ...) NOT-FOR-US: phpok CVE-2023-33538 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) NOT-FOR-US: TP-Link CVE-2023-33537 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) NOT-FOR-US: TP-Link CVE-2023-33536 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) NOT-FOR-US: TP-Link CVE-2023-2541 (The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthen ...) NOT-FOR-US: KNIME Business Hub CVE-2022-4950 (Several WordPress plugins developed by Cool Plugins are vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2022-4949 (The AdSanity plugin for WordPress is vulnerable to arbitrary file uplo ...) NOT-FOR-US: AdSanity plugin for WordPress CVE-2022-4948 (The FlyingPress plugin for WordPress is vulnerable to authorization by ...) NOT-FOR-US: FlyingPress plugin for WordPress CVE-2021-4383 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to pag ...) NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4382 (The Recently plugin for WordPress is vulnerable to arbitrary file uplo ...) NOT-FOR-US: Recently plugin for WordPress CVE-2021-4381 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4378 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4377 (The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: Doneren met Mollie plugin for WordPress CVE-2021-4376 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to M ...) NOT-FOR-US: WooCommerce Multi Currency plugin for WordPress CVE-2021-4375 (The Welcart e-Commerce plugin for WordPress is vulnerable to authoriza ...) NOT-FOR-US: Welcart e-Commerce plugin for WordPress CVE-2021-4374 (The WordPress Automatic Plugin for WordPress is vulnerable to arbitrar ...) NOT-FOR-US: WordPress plugin CVE-2021-4373 (The Better Search plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: Better Search plugin for WordPress CVE-2021-4372 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...) NOT-FOR-US: WooCommerce Dynamic Pricing and Discounts plugin for WordPress CVE-2021-4371 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Set ...) NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4370 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4369 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4368 (The Frontend File Manager plugin for WordPress is vulnerable to Authen ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4367 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPres ...) NOT-FOR-US: Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress CVE-2021-4366 (The PWA for WP & AMP plugin for WordPress is vulnerable to authorizati ...) NOT-FOR-US: PWA for WP & AMP plugin for WordPress CVE-2021-4365 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4364 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) NOT-FOR-US: JobSearch WP Job Board plugin for WordPress CVE-2021-4363 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Ref ...) NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress CVE-2021-4362 (The Kiwi Social Share plugin for WordPress is vulnerable to authorizat ...) NOT-FOR-US: Kiwi Social Share plugin for WordPress CVE-2021-4361 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) NOT-FOR-US: JobSearch WP Job Board plugin for WordPress CVE-2021-4360 (The Controlled Admin Access plugin for WordPress is vulnerable to Priv ...) NOT-FOR-US: Controlled Admin Access plugin for WordPress CVE-2021-4359 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4358 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WP DSGVO Tools (GDPR) plugin for WordPress CVE-2021-4357 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4356 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4355 (The Welcart e-Commerce plugin for WordPress is vulnerable to authoriza ...) NOT-FOR-US: Welcart e-Commerce plugin for WordPress CVE-2021-4354 (The PWA for WP & AMP for WordPress is vulnerable to arbitrary file upl ...) NOT-FOR-US: WordPress plugin CVE-2021-4352 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) NOT-FOR-US: JobSearch WP Job Board plugin for WordPress CVE-2021-4351 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4350 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4349 (The Process Steps Template Designer plugin for WordPress is vulnerable ...) NOT-FOR-US: Process Steps Template Designer plugin for WordPress CVE-2021-4348 (The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthe ...) NOT-FOR-US: Ultimate GDPR & CCPA plugin for WordPress CVE-2021-4347 (The function update_shipment_status_email_status_fun in the plugin Adv ...) NOT-FOR-US: WooCommerce plugin CVE-2021-4346 (The uListing plugin for WordPress is vulnerable to Unauthenticated Arb ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4345 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4344 (The Frontend File Manager plugin for WordPress is vulnerable to Privil ...) NOT-FOR-US: Frontend File Manager plugin for WordPress CVE-2021-4343 (The Unauthenticated Account Creation plugin for WordPress is vulnerabl ...) NOT-FOR-US: Unauthenticated Account Creation plugin for WordPress CVE-2021-4342 REJECTED CVE-2021-4341 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4340 (The uListing plugin for WordPress is vulnerable to generic SQL Injecti ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4339 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) NOT-FOR-US: uListing plugin for WordPress CVE-2021-4338 (The 404 to 301 plugin for WordPress is vulnerable to authorization byp ...) NOT-FOR-US: 404 to 301 plugin for WordPress CVE-2020-36731 (The Flexible Checkout Fields for WooCommerce plugin for WordPress is ...) NOT-FOR-US: Flexible Checkout Fields for WooCommerce plugin for WordPress CVE-2020-36730 (The CMP for WordPress is vulnerable to authorization bypass due to a m ...) NOT-FOR-US: WordPress plugin CVE-2020-36729 (The 2J-SlideShow Plugin for WordPress is vulnerable to authorization b ...) NOT-FOR-US: WordPress plugin CVE-2020-36727 (The Newsletter Manager plugin for WordPress is vulnerable to insecure ...) NOT-FOR-US: Newsletter Manager plugin for WordPress CVE-2020-36726 (The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: Ultimate Reviews plugin for WordPress CVE-2020-36725 (The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins fo ...) NOT-FOR-US: WooCommerce plugin CVE-2020-36724 (The Wordable plugin for WordPress is vulnerable to authentication bypa ...) NOT-FOR-US: Wordable plugin for WordPress CVE-2020-36723 (The ListingPro - WordPress Directory & Listing Theme for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2020-36722 (The Visual Composer plugin for WordPress is vulnerable to Cross-Site S ...) NOT-FOR-US: Visual Composer plugin for WordPress CVE-2020-36721 (The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 ...) NOT-FOR-US: WordPress plugin CVE-2020-36720 (The Kali Forms plugin for WordPress is vulnerable to Authenticated Opt ...) NOT-FOR-US: Kali Forms plugin for WordPress CVE-2020-36719 (The ListingPro - WordPress Directory & Listing Theme for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2020-36718 (The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to ...) NOT-FOR-US: GDPR CCPA Compliance Support plugin for WordPress CVE-2020-36717 (The Kali Forms plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Kali Forms plugin for WordPress CVE-2020-36716 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) NOT-FOR-US: WP Activity Log plugin for WordPress CVE-2020-36715 (The Login/Signup Popup plugin for WordPress is vulnerable to authoriza ...) NOT-FOR-US: Login/Signup Popup plugin for WordPress CVE-2020-36713 (The MStore API plugin for WordPress is vulnerable to authentication by ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2020-36712 (The Kali Forms plugin for WordPress is vulnerable to Unauthenticated A ...) NOT-FOR-US: Kali Forms plugin for WordPress CVE-2020-36711 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) NOT-FOR-US: Avada theme for WordPress CVE-2020-36710 (The WPS Hide Login plugin for WordPress is vulnerable to login page di ...) NOT-FOR-US: WPS Hide Login plugin for WordPress CVE-2020-36709 (The Page Builder: KingComposer plugin for WordPress is vulnerable to S ...) NOT-FOR-US: Page Builder: KingComposer plugin for WordPress CVE-2020-36708 (The following themes for WordPress are vulnerable to Function Injectio ...) NOT-FOR-US: WordPress theme CVE-2020-36707 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...) NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress CVE-2020-36704 (The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress theme CVE-2020-36703 (The Elementor Website Builder plugin for WordPress is vulnerable to St ...) NOT-FOR-US: Elementor Website Builder plugin for WordPress CVE-2020-36702 (The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable t ...) NOT-FOR-US: Ultimate Addons for Gutenberg plugin for WordPress CVE-2020-36701 (The Page Builder: KingComposer plugin for WordPress is vulnerable to A ...) NOT-FOR-US: Page Builder: KingComposer plugin for WordPress CVE-2020-36700 (The Page Builder: KingComposer plugin for WordPress is vulnerable to a ...) NOT-FOR-US: Page Builder: KingComposer plugin for WordPress CVE-2020-36699 (The Quick Page/Post Redirect Plugin for WordPress is vulnerable to aut ...) NOT-FOR-US: WordPress plugin CVE-2020-36697 (The WP GDPR plugin for WordPress is vulnerable to authorization bypass ...) NOT-FOR-US: WP GDPR plugin for WordPress CVE-2020-36696 (The Product Input Fields for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: Product Input Fields for WooCommerce plugin for WordPress CVE-2019-25151 (The Funnel Builder plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Funnel Builder plugin for WordPress CVE-2019-25150 (The Email Templates plugin for WordPress is vulnerable to HTML Injecti ...) NOT-FOR-US: Email Templates plugin for WordPress CVE-2019-25149 (The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary ...) NOT-FOR-US: Gallery Images Ape plugin for WordPress CVE-2019-25148 (The WP HTML Mail plugin for WordPress is vulnerable to HTML injection ...) NOT-FOR-US: WP HTML Mail plugin for WordPress CVE-2019-25147 (The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Pretty Links plugin for WordPress CVE-2019-25146 (The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: DELUCKS SEO plugin for WordPress CVE-2019-25145 (The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is ...) NOT-FOR-US: Contact Form & SMTP Plugin by PirateForms plugin for WordPress CVE-2019-25144 (The WP HTML Mail plugin for WordPress is vulnerable to HTML injection ...) NOT-FOR-US: WP HTML Mail plugin for WordPress CVE-2019-25143 (The GDPR Cookie Compliance plugin for WordPress is vulnerable to autho ...) NOT-FOR-US: GDPR Cookie Compliance plugin for WordPress CVE-2019-25142 (The Mesmerize & Materialis themes for WordPress are vulnerable to auth ...) NOT-FOR-US: WordPress themes CVE-2019-25141 (The Easy WP SMTP plugin for WordPress is vulnerable to authorization b ...) NOT-FOR-US: Easy WP SMTP plugin for WordPress CVE-2019-25140 (The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress ...) NOT-FOR-US: WordPress Coming Soon Page & Maintenance Mode plugin for WordPress CVE-2019-25139 (The Coming Soon Page & Maintenance Mode plugin for WordPress is vulner ...) NOT-FOR-US: Coming Soon Page & Maintenance Mode plugin for WordPress CVE-2019-25138 (The User Submitted Posts plugin for WordPress is vulnerable to arbitra ...) NOT-FOR-US: User Submitted Posts plugin for WordPress CVE-2016-15033 (The Delete All Comments plugin for WordPress is vulnerable to arbitrar ...) NOT-FOR-US: Delete All Comments plugin for WordPress CVE-2023-3123 REJECTED CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking Management up to ...) NOT-FOR-US: Dahua Smart Parking Management CVE-2023-3120 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...) NOT-FOR-US: taosdata/grafanaplugin CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...) - node-webfont (Vulnerable code not present) NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw NOTE: Introduced by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/a4bdced80369892ee413bf08e28b78795a2b0d5b (v4.1.3) NOTE: Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3) CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...) NOT-FOR-US: Kiwi TCMS CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container ...) NOT-FOR-US: notation CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container ...) NOT-FOR-US: notation CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...) NOT-FOR-US: notation CVE-2023-33952 (A double-free vulnerability was found in handling vmw_buffer_object ob ...) - linux 6.1.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292/ NOTE: https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c (6.4-rc1) CVE-2023-33951 (A race condition vulnerability was found in the vmwgfx driver in the L ...) - linux 6.1.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ NOTE: https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c (6.4-rc1) CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.) NOT-FOR-US: CloudPanel CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...) NOT-FOR-US: DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware CVE-2023-33659 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) NOT-FOR-US: NanoMQ CVE-2023-33653 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...) NOT-FOR-US: Sitecore Experience Platform (XP) CVE-2023-33652 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...) NOT-FOR-US: Sitecore Experience Platform (XP) CVE-2023-33651 (An issue in the MVC Device Simulator of Sitecore Experience Platform ( ...) NOT-FOR-US: Sitecore Experience Platform (XP) CVE-2023-33613 (axTLS v2.1.5 was discovered to contain a heap buffer overflow in the b ...) - axtls CVE-2023-33569 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-33533 (Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Vers ...) NOT-FOR-US: Netgear CVE-2023-33532 (There is a command injection vulnerability in the Netgear R6250 router ...) NOT-FOR-US: Netgear CVE-2023-33530 (There is a command injection vulnerability in the Tenda G103 Gigabit G ...) NOT-FOR-US: Tenda CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user can obta ...) NOT-FOR-US: Harmonic NSG 9000-6G devices CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...) {DLA-3492-1 DLA-3478-1} - yajl 2.1.0-5 (bug #1039984) [bookworm] - yajl 2.1.0-3+deb12u2 [bullseye] - yajl 2.1.0-3+deb11u2 NOTE: https://github.com/lloyd/yajl/issues/250 NOTE: Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0) NOTE: The original fix uploaded as 2.1.0-3.1 was incomplete. - epics-base (bug #1059316) [bookworm] - epics-base (Minor issue) [buster] - epics-base (Minor issue; fix only after newer releases got a fix) - r-cran-jsonlite (bug #1059317) [bookworm] - r-cran-jsonlite (Minor issue) [bullseye] - r-cran-jsonlite (Minor issue) [buster] - r-cran-jsonlite (Minor issue; fix only after newer releases got a fix) - ruby-yajl (Vulnerable code not present; embeds not-affected old yajl version) NOTE: ruby-yajl embeds yajl version 1.0.12 (https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h) CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) NOT-FOR-US: Sogou Workflow CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) NOT-FOR-US: MitraStar CVE-2023-32683 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...) - matrix-synapse 1.90.0-1 (bug #1037207) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...) - matrix-synapse 1.90.0-1 (bug #1037207) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p CVE-2023-32551 (Landscape allowed URLs which caused open redirection.) NOT-FOR-US: Landscape CVE-2023-32550 (Landscape's server-status page exposed sensitive system information. T ...) NOT-FOR-US: Landscape CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...) NOT-FOR-US: Landscape CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-32289 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-32281 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-32203 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) {DLA-3480-1} - ruby-redcloth 4.3.3-1 (bug #1040488) [bookworm] - ruby-redcloth (Minor issue) [bullseye] - ruby-redcloth (Minor issue) NOTE: https://github.com/jgarber/redcloth/issues/73 NOTE: https://github.com/jgarber/redcloth/pull/75 NOTE: https://github.com/jgarber/redcloth/commit/8b1327688fef8e6617792054ef299d7bc74c0a1e (v4.3.3) NOTE: https://github.com/e23e/CVE-2023-31606#readme CVE-2023-31569 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-31278 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-31244 (The affected product does not properly validate user-supplied data. If ...) NOT-FOR-US: Horner Automation CVE-2023-2833 (The ReviewX plugin for WordPress is vulnerable to privilege escalation ...) NOT-FOR-US: ReviewX plugin for WordPress CVE-2023-2801 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-29503 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-28653 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-27916 (The affected application lacks proper validation of user-supplied data ...) NOT-FOR-US: Horner Automation CVE-2023-34417 (Memory safety bugs present in Firefox 113. Some of these bugs showed e ...) - firefox 114.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417 CVE-2023-34416 (Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thu ...) {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1} - firefox 114.0-1 - firefox-esr 102.12.0esr-1 - thunderbird 1:102.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34416 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416 CVE-2023-34415 (When choosing a site-isolated process for a document loaded from a dat ...) - firefox 114.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415 CVE-2023-34414 (The error page for sites with invalid TLS certificates was missing the ...) {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1} - firefox 114.0-1 - firefox-esr 102.12.0esr-1 - thunderbird 1:102.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34414 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34414 CVE-2023-XXXX [RUSTSEC-2023-0041] - rust-trust-dns-server [bookworm] - rust-trust-dns-server (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0041.html NOTE: https://github.com/bluejekyll/trust-dns/pull/1952 NOTE: https://github.com/bluejekyll/trust-dns/commit/217974c0544483efe0c648befabb25bf88242716 CVE-2023-3027 (The grc-policy-propagator allows security escalation within the cluste ...) NOT-FOR-US: grc-policy-propagator CVE-2023-34103 (Avo is an open source ruby on rails admin panel creation framework. In ...) NOT-FOR-US: Avo CVE-2023-34102 (Avo is an open source ruby on rails admin panel creation framework. Th ...) NOT-FOR-US: Avo CVE-2023-33410 (Minical 1.0.0 and earlier contains a CSV injection vulnerability which ...) NOT-FOR-US: Minical CVE-2023-33409 (Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via m ...) NOT-FOR-US: Minical CVE-2023-33408 (Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnera ...) NOT-FOR-US: Minical CVE-2023-32628 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) NOT-FOR-US: Advantech WebAccss/SCADA CVE-2023-32540 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) NOT-FOR-US: Advantech WebAccss/SCADA CVE-2023-2546 (The WP User Switch plugin for WordPress is vulnerable to authenticatio ...) NOT-FOR-US: WP User Switch plugin for WordPress CVE-2023-22450 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) NOT-FOR-US: Advantech WebAccss/SCADA CVE-2018-25087 (A vulnerability classified as problematic was found in Arborator Serve ...) NOT-FOR-US: Arborator CVE-2017-20185 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWM ...) NOT-FOR-US: Fuzzy SWMP CVE-2015-10117 (A vulnerability, which was classified as problematic, was found in Gra ...) NOT-FOR-US: WordPress plugin CVE-2015-10116 (A vulnerability classified as problematic has been found in RealFavico ...) NOT-FOR-US: WordPress plugin CVE-2013-10030 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box Lite P ...) NOT-FOR-US: WordPress plugin CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...) {DSA-5480-1 DLA-3623-1 DLA-3508-1} - linux 5.19.6-1 NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2) CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...) NOT-FOR-US: admidio CVE-2023-3108 (A flaw was found in the subsequent get_user_pages_fast in the Linux ke ...) - linux 4.0.2-1 NOTE: https://git.kernel.org/linus/9399f0c51489ae8c16d6559b82a452fdc1895e91 (4.0-rc1) CVE-2023-3066 (Incorrect Authorization vulnerability in Mobatime mobile application A ...) NOT-FOR-US: Mobatime mobile application CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile application A ...) NOT-FOR-US: Mobatime mobile application CVE-2023-3064 (Anonymous user may get the list of existing users managed by the appli ...) NOT-FOR-US: Mobatime mobile application CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versions pr ...) NOT-FOR-US: hoppscotch CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) [bookworm] - kanboard 1.2.26+ds-2+deb12u1 NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 NOTE: https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f (v1.2.30) CVE-2023-33969 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) [bookworm] - kanboard 1.2.26+ds-2+deb12u1 NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 NOTE: https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c (v1.2.30) CVE-2023-33968 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) [bookworm] - kanboard 1.2.26+ds-2+deb12u1 NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr NOTE: https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053 (v1.2.30) CVE-2023-33956 (Kanboard is open source project management software that focuses on th ...) - kanboard 1.2.26+ds-4 (bug #1037167) [bookworm] - kanboard 1.2.26+ds-2+deb12u1 NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2 NOTE: https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd (v1.2.30) CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...) - python-reportlab 3.6.13-1 [buster] - python-reportlab (Vulnerable code not present) NOTE: https://docs.reportlab.com/releases/notes/whats-new-3613/ NOTE: https://github.com/c53elyas/CVE-2023-33733 NOTE: Introduced by: https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3 (3.5.34) NOTE: This was introduced when fixing CVE-2019-17626. The version in Debian Buster NOTE: uses a simpler fix in 3.5.13-1+deb10u1 and is not affected. NOTE: Fixed by: https://hg.reportlab.com/hg-public/reportlab/rev/1c39d2db15bb (3.6.13) CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 al ...) NOT-FOR-US: EasyPlayerPro-Win CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an authenticated path ...) NOT-FOR-US: SonicJS CVE-2023-33524 (Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal ...) NOT-FOR-US: Advent/SSC Inc. Tamale RMS CVE-2023-33518 (emoncms v11 and later was discovered to contain an information disclos ...) NOT-FOR-US: emoncms CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interf ...) NOT-FOR-US: MarsCTF CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can occur for s ...) NOT-FOR-US: Gitpod CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vul ...) NOT-FOR-US: Telefnica Brasil Vivo Play (IPTV) Firmware CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-2572 (The Survey Maker WordPress plugin before 3.4.7 does not escape some pa ...) NOT-FOR-US: WordPress plugin CVE-2023-2571 (The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some pa ...) NOT-FOR-US: WordPress plugin CVE-2023-2503 (The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2023-2489 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-2488 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-2472 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) NOT-FOR-US: WordPress plugin CVE-2023-2337 (The ConvertKit WordPress plugin before 2.2.1 does not escape a paramet ...) NOT-FOR-US: WordPress plugin CVE-2022-4946 (The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does ...) NOT-FOR-US: WordPress plugin CVE-2015-10115 (A vulnerability, which was classified as problematic, was found in Woo ...) NOT-FOR-US: WordPress plugin CVE-2015-10114 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2015-10113 (A vulnerability classified as problematic was found in WooFramework Tw ...) NOT-FOR-US: WordPress plugin CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: IBOS CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...) NOT-FOR-US: KylinSoft CVE-2023-3098 (A vulnerability classified as critical has been found in KylinSoft you ...) NOT-FOR-US: KylinSoft CVE-2023-3097 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...) NOT-FOR-US: KylinSoft CVE-2023-3096 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...) NOT-FOR-US: KylinSoft CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of se ...) - rust-xml-rs (Vulnerable code not present) NOTE: https://github.com/netvl/xml-rs/pull/226 NOTE: Introduced by: https://github.com/netvl/xml-rs/commit/014d808be900c85a0afc5ccdfe668be040d175aa (0.8.9) NOTE: Fixed by: https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c (0.8.14) CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...) {DLA-3539-1} - qt6-base 6.4.2+dfsg-11 (bug #1037209) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210) [bookworm] - qtbase-opensource-src (Minor issue) [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Minor issue) - qtbase-opensource-src-gles 5.15.10+dfsg-2 [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) - qt4-x11 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477560 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/480002 CVE-2023-34407 (OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows ...) NOT-FOR-US: Harbinger Offline Player CVE-2023-32334 (IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Applicatio ...) NOT-FOR-US: IBM CVE-2015-10112 (A vulnerability classified as problematic has been found in WooFramewo ...) NOT-FOR-US: WordPress plugin CVE-2014-125105 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 o ...) NOT-FOR-US: WordPress plugin CVE-2023-3095 (Improper Access Control in GitHub repository nilsteampassnet/teampass ...) - teampass (bug #730180) CVE-2023-3094 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: code-projects Agro-School Management System CVE-2015-10111 (A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress ...) NOT-FOR-US: WordPress plugin CVE-2013-10028 (A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. ...) NOT-FOR-US: WordPress plugin CVE-2013-10027 (A vulnerability was found in Blogger Importer Plugin up to 0.5 on Word ...) NOT-FOR-US: WordPress plugin CVE-2023-3091 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura u ...) NOT-FOR-US: Captura CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: X-RT luci CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle ...) NOT-FOR-US: WordPress plugin CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: Page Builder by AZEXO plugin for WordPress CVE-2023-3053 (The Page Builder by AZEXO plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: Page Builder by AZEXO plugin for WordPress CVE-2023-3052 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: Page Builder by AZEXO plugin for WordPress CVE-2023-3051 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: Page Builder by AZEXO plugin for WordPress CVE-2023-3044 (An excessively large PDF page size (found in fuzz testing, unlikely in ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-33143 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-2816 (Consul and Consul Enterprise allowed any user with service:write permi ...) - consul (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525 CVE-2023-2781 (The User Email Verification for WooCommerce plugin for WordPress is vu ...) NOT-FOR-US: User Email Verification for WooCommerce plugin for WordPress CVE-2023-2416 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress CVE-2023-2415 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress CVE-2023-2407 (The Event Registration Calendar By vcita plugin, versions up to and in ...) NOT-FOR-US: WordPress plugin CVE-2023-2406 (The Event Registration Calendar By vcita plugin, versions up to and in ...) NOT-FOR-US: WordPress plugin CVE-2023-2405 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...) NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress CVE-2023-2404 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...) NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress CVE-2023-3075 (Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebo ...) NOT-FOR-US: Corebos CVE-2023-3074 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) NOT-FOR-US: Corebos CVE-2023-3073 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) NOT-FOR-US: Corebos CVE-2023-3071 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) NOT-FOR-US: Corebos CVE-2023-3070 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) NOT-FOR-US: Corebos CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos prior ...) NOT-FOR-US: Corebos CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) NOT-FOR-US: Trilium Notes CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...) NOT-FOR-US: Agro-School Management System CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...) NOT-FOR-US: Agro-School Management System CVE-2023-3060 (A vulnerability has been found in code-projects Agro-School Management ...) NOT-FOR-US: Agro-School Management System CVE-2023-3059 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Exam Form Submission CVE-2023-3058 (A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declar ...) NOT-FOR-US: 07FLY CRM CVE-2023-3057 (A vulnerability was found in YFCMF up to 3.0.4. It has been rated as p ...) NOT-FOR-US: YFCMF CVE-2023-3056 (A vulnerability was found in YFCMF up to 3.0.4. It has been declared a ...) NOT-FOR-US: YFCMF CVE-2023-3033 (Incorrect Authorization vulnerability in Mobatime web application allo ...) NOT-FOR-US: Mobatime web application CVE-2023-3032 (Unrestricted Upload of File with Dangerous Type vulnerability in Mobat ...) NOT-FOR-US: Mobatime web application CVE-2023-3031 (Improper Limitation of a Pathname leads to a Path Traversal vulnerabil ...) NOT-FOR-US: Prestashop CVE-2023-34362 (In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2023-34094 (ChuanhuChatGPT is a graphical user interface for ChatGPT and many larg ...) NOT-FOR-US: ChuanhuChatGPT CVE-2023-33763 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33762 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33761 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33731 (Reflected Cross Site Scripting (XSS) in the view dashboard detail feat ...) NOT-FOR-US: Microworld Technologies eScan management console CVE-2023-33717 (mp4v2 v2.1.3 was discovered to contain a memory leak when a method cal ...) - mp4v2 CVE-2023-33675 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33673 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33672 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33671 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33670 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33669 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2023-33476 (ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable t ...) {DSA-5434-1 DLA-3465-1} - minidlna 1.3.2+dfsg-1.1 (bug #1037052) NOTE: https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html NOTE: Fixed by: https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/ (v1_3_3) CVE-2023-2687 (Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4 ...) NOT-FOR-US: Silicon Labs Gecko SDK CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Erikoglu Technology ErMon CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2016-15032 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: mback2k mh_httpbl Extension on TYPO3 CVE-2015-10110 (A vulnerability classified as problematic was found in ruddernation Ti ...) NOT-FOR-US: WordPress plugin CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...) NOT-FOR-US: Guangdong Pythagorean OA Office System CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data ...) NOT-FOR-US: JetBrains Ktor CVE-2023-34092 (Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5 ...) NOT-FOR-US: Vite CVE-2023-34091 (Kyverno is a policy engine designed for Kubernetes. In versions of Kyv ...) NOT-FOR-US: Kyverno CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy` serv ...) NOT-FOR-US: Brook CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...) NOT-FOR-US: DataEase CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...) NOT-FOR-US: OpenProject CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) NOT-FOR-US: eMedia Consulting simpleRedak CVE-2023-33756 (An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and belo ...) - foswiki (bug #509864) CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...) NOT-FOR-US: Inpiazza Cloud WiFi CVE-2023-33552 (Heap Buffer Overflow in the erofs_read_one_data function at data.c in ...) - erofs-utils 1.6-2 (bug #1037092) [bookworm] - erofs-utils (Minor issue) [bullseye] - erofs-utils (Vulnerable code not present) NOTE: https://github.com/lometsj/blog_repo/issues/1 NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=2145dff03dd3f3f74bcda3b52160fbad37f7fcfe CVE-2023-33551 (Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/mai ...) - erofs-utils 1.6-2 (bug #1037092) [bookworm] - erofs-utils (Minor issue) [bullseye] - erofs-utils (Vulnerable code not present) NOTE: https://github.com/lometsj/blog_repo/issues/2 NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=27aeef179bf17d5f1d98f827e93d24839a6d4176 CVE-2023-33546 (Janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...) - janino (unimportant) NOTE: https://github.com/janino-compiler/janino/issues/201 NOTE: Bug fixed in 3.1.10, but not considered a security issue by upstream CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...) NOT-FOR-US: hawtio CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) NOT-FOR-US: Splunk Enterprise CVE-2023-32716 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...) NOT-FOR-US: Splunk Enterprise CVE-2023-32715 (In the Splunk App for Lookup File Editing versions below 4.0.1, a user ...) NOT-FOR-US: Splunk CVE-2023-32714 (In the Splunk App for Lookup File Editing versions below 4.0.1, a low- ...) NOT-FOR-US: Splunk CVE-2023-32713 (In Splunk App for Stream versions below 8.1.1, a low-privileged user c ...) NOT-FOR-US: Splunk CVE-2023-32712 (In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an ...) NOT-FOR-US: Splunk CVE-2023-32711 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splun ...) NOT-FOR-US: Splunk CVE-2023-32710 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) NOT-FOR-US: Splunk CVE-2023-32709 (In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Spl ...) NOT-FOR-US: Splunk CVE-2023-32708 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...) NOT-FOR-US: Splunk CVE-2023-32707 (In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and ...) NOT-FOR-US: Splunk CVE-2023-32706 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unau ...) NOT-FOR-US: Splunk CVE-2023-32690 (libspdm is a sample implementation that follows the DMTF SPDM specific ...) NOT-FOR-US: libspdm CVE-2023-32310 (DataEase is an open source data visualization and analysis tool. The A ...) NOT-FOR-US: DataEase CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...) - libeconf 0.5.2+dfsg1-1 (bug #1037333) [bookworm] - libeconf (Minor issue) [bullseye] - libeconf (Minor issue) NOTE: https://github.com/openSUSE/libeconf/issues/178 NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2) CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin up to 1 ...) NOT-FOR-US: WordPress plugin CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-XXXX [RUSTSEC-2023-0039] - rust-buffered-reader 1.2.0-1 (bug #1037018) [bookworm] - rust-buffered-reader (Minor issue) [bullseye] - rust-buffered-reader (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0039.html NOTE: https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/ NOTE: https://gitlab.com/sequoia-pgp/sequoia/-/commit/f6307652fb2cbf4e0fbd3f897b1ec70863fcfa61 CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...) {DLA-3440-1} - cups 2.4.2-4 [bookworm] - cups 2.4.2-3+deb12u1 [bullseye] - cups 2.3.3op2-3+deb11u3 NOTE: https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e CVE-2023-3029 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...) NOT-FOR-US: Guangdong Pythagorean OA Office System CVE-2023-3028 (Insufficient authentication in the MQTT backend (broker) allows an att ...) NOT-FOR-US: HopeChart HQT-401 telematics unit CVE-2023-3026 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2023-34312 (In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProte ...) NOT-FOR-US: Tencent QQ TIM CVE-2023-33778 (Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Poin ...) NOT-FOR-US: Draytek Vigor Routers firmware CVE-2023-33719 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::R ...) - mp4v2 CVE-2023-33716 (mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4 ...) - mp4v2 CVE-2023-33643 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33642 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33641 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33640 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33639 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33638 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33637 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33636 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33635 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33634 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33633 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33632 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33631 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33630 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33629 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33628 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33627 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) NOT-FOR-US: H3C Magic R300 CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in function i ...) - iniparser 4.1-7 (unimportant) NOTE: https://github.com/ndevilla/iniparser/issues/144 NOTE: Negligible security impact CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier ...) NOT-FOR-US: Pleasanter CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 and lat ...) - starlette 0.28.0-1 [bookworm] - starlette (Minor issue) [bullseye] - starlette (Minor issue) NOTE: https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px NOTE: https://github.com/encode/starlette/commit/1797de464124b090f10cf570441e8292936d63e3 (0.27.0) CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) v ...) NOT-FOR-US: CONPROSYS CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded cryptogr ...) NOT-FOR-US: DataSpider CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS HMI Syst ...) NOT-FOR-US: CONPROSYS CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System (CHS) v ...) NOT-FOR-US: CONPROSYS CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI System ( ...) NOT-FOR-US: CONPROSYS CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS ...) NOT-FOR-US: CONPROSYS CVE-2023-28399 (Incorrect permission assignment for critical resource exists in CONPRO ...) NOT-FOR-US: CONPROSYS CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has ...) NOT-FOR-US: sea75300 FanPress CM CVE-2010-10010 (A vulnerability classified as problematic has been found in Stars Alli ...) NOT-FOR-US: Stars Alliance PsychoStats CVE-2023-3022 (A flaw was found in the IPv6 module of the Linux kernel. The arg.resul ...) - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/a65120bae4b7425a39c5783aa3d4fc29677eef0e CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...) NOT-FOR-US: mkucej/i-librarian-free CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...) NOT-FOR-US: mkucej/i-librarian-free CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-3016 (A vulnerability was found in yiwent Vip Video Analysis 1.0 and classif ...) NOT-FOR-US: yiwent Vip Video Analysis CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0 and cl ...) NOT-FOR-US: yiwent Vip Video Analysis CVE-2023-3014 (A vulnerability, which was classified as problematic, was found in Bei ...) NOT-FOR-US: BeipyVideoResolution CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.) - gpac (bug #1051740) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) {DSA-5452-1} - gpac (bug #1051740) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 CVE-2023-3009 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-3008 (A vulnerability classified as critical has been found in ningzichun St ...) NOT-FOR-US: ningzichun Student Management System CVE-2023-3007 (A vulnerability was found in ningzichun Student Management System 1.0. ...) NOT-FOR-US: ningzichun Student Management System CVE-2023-3006 (A known cache speculation vulnerability, known as Branch History Injec ...) - linux 6.0.7-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Too difficult and risky to backport) NOTE: https://git.kernel.org/linus/0e5d5ae837c8ce04d2ddb874ec5f920118bd9d31 (6.1-rc1) CVE-2023-3005 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Local Service Search Engine Management System CVE-2023-3004 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Chat System CVE-2023-3003 (A vulnerability classified as critical was found in SourceCodester Tra ...) NOT-FOR-US: SourceCodester Train Station Ticketing System CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent's conf ...) NOT-FOR-US: BMC Patrol CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...) NOT-FOR-US: BMC Patrol CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...) {DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2) NOTE: Exploitable only when modifying block device while beeing mounted. CVE-2023-34255 REJECTED CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection p ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks were missin ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerabl ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the Subscription ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during oAuth config ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the "password" type ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status P ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission checks allowe ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks allow ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...) NOT-FOR-US: Collabora Online CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...) NOT-FOR-US: gpt_academicmkucej/i-librarian-free CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and ...) NOT-FOR-US: GLPI plugin CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...) NOT-FOR-US: EaseProbe CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...) NOT-FOR-US: Deno CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain protocol ...) NOT-FOR-US: mx-chain-go CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...) NOT-FOR-US: Dcat-Admin CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...) NOT-FOR-US: D-Link CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...) NOT-FOR-US: Microworld CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...) NOT-FOR-US: Microworld Technologies eScan Management Console CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...) NOT-FOR-US: EDIMAX CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::Read ...) - mp4v2 CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL Injection.) NOT-FOR-US: KramerAV VIA GO CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to unauthenticated file ...) NOT-FOR-US: KramerAV VIA GO CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to Unauthenticated arbi ...) NOT-FOR-US: KramerAV VIA GO CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) NOT-FOR-US: TOTOLINK CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) NOT-FOR-US: TOTOLINK CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) NOT-FOR-US: TOTOLINK CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table ...) NOT-FOR-US: Atlassian Confluence CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...) NOT-FOR-US: IdentityIQ CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...) NOT-FOR-US: ChurchCRM CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...) NOT-FOR-US: EZ Sync CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...) NOT-FOR-US: CONPROSYS CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...) NOT-FOR-US: ASUSTOR CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.52-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1) NOTE: NTFS3 driver not enabled in Debian CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet Viewer P ...) NOT-FOR-US: Inline Google Spreadsheet Viewer CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...) NOT-FOR-US: JStachio CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...) NOT-FOR-US: Leantime CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password when shar ...) NOT-FOR-US: Macrovideo CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers to access ...) NOT-FOR-US: luowice CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: BlueCMS CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 3.0.0 a ...) NOT-FOR-US: Xibo CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) NOT-FOR-US: Xibo CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) NOT-FOR-US: Xibo CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive informatio ...) NOT-FOR-US: IBM CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...) NOT-FOR-US: Wordapp plugin for WordPress CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-20.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19100 CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: CRM Perks Forms plugin for WordPress CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...) NOT-FOR-US: shiftfs (part of Ubuntu kernels, not not upstream) CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: Feather Login Page plugin for WordPress CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) NOT-FOR-US: Feather Login Page plugin for WordPress CVE-2023-2545 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) NOT-FOR-US: Feather Login Page plugin for WordPress CVE-2023-2436 (The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Blog-in-Blog plugin for WordPress CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is vulnerable to Local File Incl ...) NOT-FOR-US: Blog-in-Blog plugin for WordPress CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to unauthorized lo ...) NOT-FOR-US: Nested Pages plugin for WordPress CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ Plugin up ...) NOT-FOR-US: WordPress plugin CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on ...) NOT-FOR-US: Twitter plugin CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on ...) NOT-FOR-US: Twitter plugin CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...) NOT-FOR-US: NanoMQ CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...) NOT-FOR-US: Apache Airflow CNCF Kubernetes Provider CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) NOT-FOR-US: Xibo CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal vulnerabil ...) NOT-FOR-US: Xibo CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Version 2.9 ...) NOT-FOR-US: MeterSphere CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...) NOT-FOR-US: CKAN CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running ...) NOT-FOR-US: Lima CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key St ...) NOT-FOR-US: PowerPath CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection ...) NOT-FOR-US: Avaya CVE-2023-2994 REJECTED CVE-2023-2985 (A use after free flaw was found in hfsplus_put_super in fs/hfsplus/sup ...) - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/07db5e247ab5858439b14dd7cc1fe538b9efcf32 (6.3-rc1) CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore pr ...) NOT-FOR-US: pimcore CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository pimcore/pim ...) NOT-FOR-US: pimcore CVE-2023-2981 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Abstrium Pydio Cells CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium Pydio Cel ...) NOT-FOR-US: Abstrium Pydio Cells CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium Pydi ...) NOT-FOR-US: Abstrium Pydio Cells CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...) NOT-FOR-US: Abstrium Pydio Cells CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer ...) {DLA-3463-1} - opensc 0.23.0-0.3 (bug #1037021) [bullseye] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/issues/2785 NOTE: https://github.com/OpenSC/OpenSC/pull/2787 NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a CVE-2023-2973 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.) NOT-FOR-US: antfu/utils CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...) NOT-FOR-US: JFROG CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...) {DSA-5417-1 DLA-3449-1} - openssl 3.0.9-1 NOTE: https://www.openssl.org/news/secadv/20230530.txt NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u) NOTE: https://github.com/openssl/openssl/commit/423a2bc737a908ad0c77bda470b2b59dc879936b (openssl-3.0.9) CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as received) can ...) NOT-FOR-US: Moov signedxml CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and /var/tmp ...) - imapsync NOTE: https://github.com/imapsync/imapsync/issues/399 CVE-2023-33955 (Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEF ...) - minio (bug #859207) CVE-2023-33245 (Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arb ...) NOT-FOR-US: Minecraft CVE-2023-33198 (tgstation-server is a production scale tool for BYOND server managemen ...) NOT-FOR-US: tgstation-server CVE-2023-33193 (Emby Server is a user-installable home media server which stores and o ...) NOT-FOR-US: Emby Server CVE-2023-33191 (Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp co ...) NOT-FOR-US: Kyverno CVE-2023-33189 (Pomerium is an identity and context-aware access proxy. With specially ...) NOT-FOR-US: Pomerium CVE-2023-33186 (Zulip is an open-source team collaboration tool with unique topic-base ...) NOT-FOR-US: Zulip CVE-2023-33183 (Calendar app for Nextcloud easily sync events from various devices wit ...) NOT-FOR-US: Nextcloud addon CVE-2023-33182 (Contacts app for Nextcloud easily syncs contacts from various devices ...) NOT-FOR-US: Nextcloud addon CVE-2023-33175 (ToUI is a Python package for creating user interfaces (websites and de ...) NOT-FOR-US: ToUI CVE-2023-32698 (nFPM is an alternative to fpm. The file permissions on the checked-in ...) NOT-FOR-US: nFPM CVE-2023-32692 (CodeIgniter is a PHP full-stack web framework. This vulnerability allo ...) - codeigniter (bug #471583) CVE-2023-32691 (gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitiv ...) NOT-FOR-US: GO Simple Tunnel CVE-2023-32687 (tgstation-server is a toolset to manage production BYOND servers. Star ...) NOT-FOR-US: tgstation-server CVE-2023-32072 (Tuleap is an open source tool for end to end traceability of applicati ...) NOT-FOR-US: Tuleap CVE-2023-2970 (A vulnerability classified as problematic was found in MindSpore 2.0.0 ...) NOT-FOR-US: MindSpore CVE-2023-2962 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2023-2961 (A segmentation fault flaw was found in the Advancecomp package. This m ...) - advancecomp 2.5-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2210768 NOTE: Fixed by: https://github.com/amadvance/advancecomp/commit/cfca0f6e589cd46151d067c6723752ff17038b2a (v2.5) NOTE: Crash in CLI tool, no security impact CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...) - mattermost-server (bug #823556) CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...) NOT-FOR-US: WordPress plugin CVE-2023-2953 (A vulnerability was found in openldap. This security flaw causes a nul ...) [experimental] - openldap 2.6.4+dfsg-1~exp1 - openldap 2.5.16+dfsg-1 (bug #1036995) [bookworm] - openldap (Minor issue) [bullseye] - openldap (Minor issue) [buster] - openldap (Minor issue) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9904 NOTE: https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f (OPENLDAP_REL_ENG_2_6_4) NOTE: https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4) NOTE: https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14) NOTE: https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14) CVE-2023-34153 (A vulnerability was found in ImageMagick. This security flaw causes a ...) - imagemagick (Vulnerable code introduced later in ImageMagick7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6338 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 (7.1.1-10) NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/8fdb81b3c551a37f41a6370fe7d1634406eb1cef NOTE: introduces the vsync and pix_fmt features, without introducing the vulnerability. CVE-2023-34152 (A vulnerability was found in ImageMagick. This security flaw cause a r ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339 NOTE: Only an issue when configured with --enable-pipes. Enabling pipes are NOTE: a security risk per se and user needs to take precautions accordingly NOTE: when enabled. NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339#issuecomment-1559698800 NOTE: CVE might get rejected or disputed CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate and /p ...) NOT-FOR-US: ebankIT CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...) NOT-FOR-US: Yank Note (YN) CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted file is op ...) NOT-FOR-US: Gin Markdown Editor CVE-2023-2955 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Students Online Internship Timesheet System CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/ ...) NOT-FOR-US: djangoblog CVE-2021-4336 (A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. ...) NOT-FOR-US: ITRS Group monitor-ninja CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu You ...) NOT-FOR-US: WordPress plugin CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) NOT-FOR-US: WordPress plugin CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WooCommerce plugin CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...) NOT-FOR-US: WordPress plugin CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in Ev ...) NOT-FOR-US: EventPrime plugin CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) NOT-FOR-US: WooCommerce plugin CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) NOT-FOR-US: WooCommerce plugin CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, ...) NOT-FOR-US: WordPress plugin CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plu ...) NOT-FOR-US: WordPress plugin CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP ...) NOT-FOR-US: WordPress plugin CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome ...) NOT-FOR-US: WordPress plugin CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...) NOT-FOR-US: WooCommerce plugin CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormB ...) NOT-FOR-US: WordPress plugin CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...) NOT-FOR-US: WordPress plugin CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose ...) NOT-FOR-US: WordPress plugin CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank ...) NOT-FOR-US: WordPress plugin CVE-2015-10106 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: Typo3 extension CVE-2014-125101 (A vulnerability classified as critical has been found in Portfolio Gal ...) NOT-FOR-US: WordPress plugin CVE-2023-2951 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: Bus Dispatch and Information System CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr prior to 7 ...) NOT-FOR-US: OpenEMR CVE-2023-2949 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) NOT-FOR-US: OpenEMR CVE-2023-2948 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...) NOT-FOR-US: OpenEMR CVE-2023-2947 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: OpenEMR CVE-2023-2946 (Improper Access Control in GitHub repository openemr/openemr prior to ...) NOT-FOR-US: OpenEMR CVE-2023-2945 (Missing Authorization in GitHub repository openemr/openemr prior to 7. ...) NOT-FOR-US: OpenEMR CVE-2023-2944 (Improper Access Control in GitHub repository openemr/openemr prior to ...) NOT-FOR-US: OpenEMR CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.1.) NOT-FOR-US: OpenEMR CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...) {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium (see DSA 5046) CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...) {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium (see DSA 5046) CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...) {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium (see DSA 5046) CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...) {DSA-5428-1} - chromium 114.0.5735.133-1 [buster] - chromium (see DSA 5046) CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...) {DSA-5420-1} - chromium 114.0.5735.106-1 [buster] - chromium (see DSA 5046) CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...) {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium (see DSA 5046) CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...) NOT-FOR-US: DedeCMS CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been classified as ...) NOT-FOR-US: JIZHICMS CVE-2023-2926 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...) NOT-FOR-US: SeaCMS CVE-2023-2925 (A vulnerability, which was classified as problematic, was found in Web ...) NOT-FOR-US: Webkul krayin crm CVE-2015-20108 (xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPat ...) - ruby-saml 1.0.0-1 NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448 (v1.0.0) NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/225 CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant ledger of m ...) - rekor (bug #990249) CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross site scr ...) NOT-FOR-US: Craft CMS CVE-2023-33195 (Craft is a CMS for creating custom digital experiences on the web. A m ...) NOT-FOR-US: Craft CMS CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the web.The ...) NOT-FOR-US: Craft CMS CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not val ...) NOT-FOR-US: ntpd-rs CVE-2023-33188 (Omni-notes is an open source note-taking application for Android. The ...) NOT-FOR-US: Omni-notes CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform. Highlight ...) NOT-FOR-US: Highlight (different from src:highlight) CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed ...) NOT-FOR-US: Nextcloud Mail CVE-2023-32688 (parse-server-push-adapter is the official Push Notification adapter fo ...) NOT-FOR-US: parse-server-push-adapter CVE-2023-32686 (Kiwi TCMS is an open source test management system for both manual and ...) NOT-FOR-US: Kiwi TCMS CVE-2023-32676 (Autolab is a course management service that enables auto-graded progra ...) NOT-FOR-US: Autolab CVE-2023-32325 (PostHog-js is a library to interface with the PostHog analytics tool. ...) NOT-FOR-US: PostHog-js CVE-2023-32321 (CKAN is an open-source data management system for powering data hubs a ...) NOT-FOR-US: CKAN CVE-2023-32319 (Nextcloud server is an open source personal cloud implementation. Miss ...) - nextcloud-server (bug #941708) CVE-2023-32317 (Autolab is a course management service that enables auto-graded progra ...) NOT-FOR-US: Autolab CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In affecte ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) {DSA-5431-1 DLA-3441-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c NOTE: https://github.com/freeswitch/sofia-sip/pull/214 NOTE: Fixed by: https://github.com/freeswitch/sofia-sip/commit/c3bbc50c88d168065de34ca01b9b1d98c1b0e810 (v1.13.15) CVE-2023-2924 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: Supcon SimField CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6 US_AC6V1 ...) NOT-FOR-US: Tenda CVE-2023-2922 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Comment System CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...) - gitlab (Only affects 16.x) CVE-2023-2898 (There is a null-pointer-dereference flaw found in f2fs_write_end_io in ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.4-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/ NOTE: https://git.kernel.org/linus/d8189834d4348ae608083e1f1f53792cfcc2a9bc (6.5-rc1) CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi Design smart ...) NOT-FOR-US: TFDi Design smartCARS CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows ...) NOT-FOR-US: XXL-Job CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4 ...) - mp4v2 CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...) NOT-FOR-US: skycaiji CVE-2023-33255 (An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input ...) NOT-FOR-US: Papaya Viewer CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...) NOT-FOR-US: Talend CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...) NOT-FOR-US: Craft CMS CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...) NOT-FOR-US: Django-SES CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...) NOT-FOR-US: WordPress plugin CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...) - nextcloud-server (bug #941708) CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...) NOT-FOR-US: Craft CMS CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (vulnerable code introduced later) [buster] - wireshark (vulnerable code introduced in 4.0) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-17.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0) CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...) {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083 CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081 CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...) {DSA-5429-1 DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068 CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Vulnerable code introduced later) [buster] - wireshark (BLF support added in 3.6) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-13.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063 NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0) CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...) {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Candump support added in 3.2) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19062 CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...) NOT-FOR-US: Nextcloud app CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...) NOT-FOR-US: NFine Rapid Development Platform CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) NOT-FOR-US: NFine Rapid Development Platform CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) NOT-FOR-US: NFine Rapid Development Platform CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) NOT-FOR-US: NFine Rapid Development Platform CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) NOT-FOR-US: mipjz CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) NOT-FOR-US: mipjz CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: IceCMS CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...) NOT-FOR-US: IceCMS CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...) NOT-FOR-US: PrestaShop CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...) NOT-FOR-US: PrestaShop CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...) NOT-FOR-US: PrestaShop CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...) NOT-FOR-US: WFTPD CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...) NOT-FOR-US: Amazon Alexa CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...) NOT-FOR-US: Saleor CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.) NOT-FOR-US: ZLMediaKit CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: IC Realtime ICIP-P2012T CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) NOT-FOR-US: Mitel CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...) NOT-FOR-US: PHPOK CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2885 (Improper Enforcement of Message Integrity During Transmission in a Com ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...) NOT-FOR-US: pimcore CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: AGT Tech Ceppatron CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...) - jenkins-htmlunit-core-js - htmlunit NOTE: Fixed by: https://github.com/HtmlUnit/htmlunit/commit/940dc7fd8af9f46ca448c1e548b8f6d064a64290 (2.70.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613 CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-2733 (The MStore API plugin for WordPress is vulnerable to authentication by ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authentication by ...) NOT-FOR-US: MStore API plugin for WordPress CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...) NOT-FOR-US: M-Files CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...) - python-tornado 6.3.2-1 (bug #1036875) [bookworm] - python-tornado (Minor issue) [bullseye] - python-tornado (Minor issue) [buster] - python-tornado (Minor issue) - salt (bug #1059297) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2) CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) NOT-FOR-US: Wacom Tablet Driver installer CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data] - wordpress 6.2.2+dfsg1-1 (bug #1036689) [bookworm] - wordpress (Minor issue, fix along in future update) [bullseye] - wordpress (Block template support was introduced later) [buster] - wordpress (Block template support was introduced later) NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/ NOTE: https://github.com/WordPress/WordPress/commit/6a077b35f15590a843ff8a6c97a135f3a34872dd NOTE: Upstream reverted the change because it broke countless wordpress installations NOTE: https://github.com/WordPress/WordPress/commit/2bb3a5169548d16173cf48ca9da1111efc428f86 CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...) - briar (bug #1019932) CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward ...) - briar (bug #1019932) CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users' messages in ...) - briar (bug #1019932) CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows a ...) - briar (bug #1019932) CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Lif ...) NOT-FOR-US: Liferay CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier t ...) NOT-FOR-US: Liferay CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Lifera ...) NOT-FOR-US: Liferay CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Life ...) NOT-FOR-US: Liferay CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Life ...) NOT-FOR-US: Liferay CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL Server in L ...) NOT-FOR-US: Liferay CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in Liferay P ...) NOT-FOR-US: Liferay CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module in Life ...) NOT-FOR-US: Liferay CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content Display wi ...) NOT-FOR-US: Liferay CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for ...) NOT-FOR-US: Liferay CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in ...) NOT-FOR-US: Liferay CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet widget ...) NOT-FOR-US: Liferay CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder module's c ...) NOT-FOR-US: Liferay CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget configu ...) NOT-FOR-US: Liferay CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM ...) NOT-FOR-US: Cloudogu GmbH SCM Manager CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the Create Region ...) - netbox (bug #1017079) CVE-2023-33799 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) - netbox (bug #1017079) CVE-2023-33798 (A stored cross-site scripting (XSS) vulnerability in the Create Rack ( ...) - netbox (bug #1017079) CVE-2023-33797 (A stored cross-site scripting (XSS) vulnerability in the Create Sites ...) - netbox (bug #1017079) CVE-2023-33796 (A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to e ...) - netbox (bug #1017079) CVE-2023-33795 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) - netbox (bug #1017079) CVE-2023-33794 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...) - netbox (bug #1017079) CVE-2023-33793 (A stored cross-site scripting (XSS) vulnerability in the Create Power ...) - netbox (bug #1017079) CVE-2023-33792 (A stored cross-site scripting (XSS) vulnerability in the Create Site G ...) - netbox (bug #1017079) CVE-2023-33791 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...) - netbox (bug #1017079) CVE-2023-33790 (A stored cross-site scripting (XSS) vulnerability in the Create Locati ...) - netbox (bug #1017079) CVE-2023-33789 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) - netbox (bug #1017079) CVE-2023-33788 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...) - netbox (bug #1017079) CVE-2023-33787 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...) - netbox (bug #1017079) CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the Create Circui ...) - netbox (bug #1017079) CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the Create Rack R ...) - netbox (bug #1017079) CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function in Zyxel ...) NOT-FOR-US: Zyxel CVE-2023-33009 (A buffer overflow vulnerability in the notification function in Zyxel ...) NOT-FOR-US: Zyxel CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to escala ...) NOT-FOR-US: MobileTrans CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) NOT-FOR-US: IC Realtime ICIP-P2012T CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...) NOT-FOR-US: Mitel CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) NOT-FOR-US: Mitel CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice ...) NOT-FOR-US: Mitel CVE-2023-2878 (Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses ...) NOT-FOR-US: secrets-store-csi-driver CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...) NOT-FOR-US: eScan Antivirus CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Twister Antivirus CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antivirus ...) NOT-FOR-US: Twister Antivirus CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...) NOT-FOR-US: FlexiHub CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...) NOT-FOR-US: FabulaTech USB for Remote Desktop CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...) NOT-FOR-US: EnTech Monitor Asset Manager CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...) NOT-FOR-US: Barracuda CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park Ticketing Syste ...) NOT-FOR-US: SourceCodester Theme Park Ticketing System CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry Store 1.0 a ...) NOT-FOR-US: SourceCodester Online Jewelry Store CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 1.012.GP ...) NOT-FOR-US: Simple Design Daily Journal CVE-2023-2862 (A vulnerability, which was classified as problematic, was found in Sit ...) NOT-FOR-US: SiteServer CMS CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Cityboss E-municipality CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions, there ...) NOT-FOR-US: Apache RocketMQ CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...) - xerial-sqlite-jdbc 3.42.0.0+dfsg-1 (bug #1036706) [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 NOTE: Fixed by: https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242 (3.41.2.2) CVE-2023-32685 (Kanboard is project management software that focuses on the Kanban met ...) - kanboard 1.2.26+ds-3 (bug #1036874) [bookworm] - kanboard 1.2.26+ds-2+deb12u1 NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...) {DLA-3456-1} - requests 2.31.0+dfsg-1 (bug #1036693) [bookworm] - requests (Minor issue) [bullseye] - requests (Minor issue) NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0) CVE-2023-31763 (Weak security in the transmitter of AGShome Smart Alarm v1.0 allows at ...) NOT-FOR-US: AGShome Smart Alarm CVE-2023-31762 (Weak security in the transmitter of Digoo DG-HAMB Smart Home Security ...) NOT-FOR-US: Digoo DG-HAMB Smart Home Security System CVE-2023-31761 (Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Secur ...) NOT-FOR-US: Blitzwolf BW-IS22 Smart Home Security Alarm CVE-2023-31759 (Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allo ...) NOT-FOR-US: Kerui W18 Alarm System CVE-2023-31747 (Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain a ...) NOT-FOR-US: Wondershare Filmora 12 CVE-2023-31726 (AList 3.15.1 is vulnerable to Incorrect Access Control, which can be e ...) NOT-FOR-US: AList CVE-2023-2859 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...) - teampass (bug #730180) CVE-2023-2498 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress CVE-2023-2496 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress CVE-2023-2494 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress CVE-2023-32695 (socket.io parser is a socket.io encoder and decoder written in JavaScr ...) - node-socket.io-parser 4.2.1+~3.1.0-2 [bullseye] - node-socket.io-parser (Vulnerable code introduced later) [buster] - node-socket.io-parser (Vulnerable code introduced later) NOTE: https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9 NOTE: Fixed by: https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced (3.4.3) NOTE: Introduced by: https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9 (4.0.4) NOTE: Fixed by: https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 (4.2.3) CVE-2023-33617 (An OS Command Injection vulnerability in Parks Fiberlink 210 firmware ...) NOT-FOR-US: Parks Fiberlink 210 firmware CVE-2023-33599 (EasyImages2.0 \u2264 2.8.1 is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: EasyImages2.0 CVE-2023-33362 (Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" func ...) - piwigo CVE-2023-33361 (Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php ...) - piwigo CVE-2023-33359 (Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in th ...) - piwigo CVE-2023-33338 (Old Age Home Management 1.0 is vulnerable to SQL Injection via the use ...) NOT-FOR-US: Old Age Home Management CVE-2023-31860 (Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend o ...) NOT-FOR-US: Wuzhi CMS CVE-2023-31752 (SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is v ...) NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dyl ...) - wabt 1.0.33-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/2165 NOTE: https://github.com/WebAssembly/wabt/pull/2166 NOTE: Crash in CLI tool, no security impact CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem of tee ...) - teeworlds (bug #1036703) [bookworm] - teeworlds (Minor issue) [bullseye] - teeworlds (Minor issue) [buster] - teeworlds (Minor issue) NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b NOTE: https://github.com/teeworlds/teeworlds/issues/2970 CVE-2023-31517 (A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 all ...) - teeworlds (bug #1036703) [bookworm] - teeworlds (Minor issue) [bullseye] - teeworlds (Minor issue) [buster] - teeworlds (Minor issue) NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...) NOT-FOR-US: Finex Media Competition Management System CVE-2023-2702 (Authorization Bypass Through User-Controlled Key vulnerability in Fine ...) NOT-FOR-US: Finex Media Competition Management System CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection ...) NOT-FOR-US: Hanwha CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Script ...) NOT-FOR-US: Hanwha CVE-2023-31994 (Certain Hanwha products are vulnerable to Denial of Service (DoS). ck ...) NOT-FOR-US: Hanwha CVE-2023-31826 (Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security ch ...) NOT-FOR-US: Skyscreamer Open Source Nevado JMS CVE-2023-31816 (IT Sourcecode Content Management System Project In PHP and MySQL With ...) NOT-FOR-US: IT Sourcecode Content Management System Project CVE-2023-31814 (D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to Fil ...) NOT-FOR-US: D-Link CVE-2023-31741 (There is a command injection vulnerability in the Linksys E2000 router ...) NOT-FOR-US: Linksys CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000 router ...) NOT-FOR-US: Linksys CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...) NOT-FOR-US: EyouCMS CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...) - wabt 1.0.33-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/2199 NOTE: Crash in CLI tool, no security impact CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...) NOT-FOR-US: WSO2 CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...) NOT-FOR-US: Cloudexplorer CVE-2023-2844 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Cloudexplorer CVE-2023-2505 (The affected products have a CSRF vulnerability that could allow an at ...) NOT-FOR-US: Birddog CVE-2023-2504 (Files present on firmware images could allow an attacker to gain unaut ...) NOT-FOR-US: Birddog CVE-2023-27388 (Improper authentication vulnerability in T&D Corporation and ESPEC MIC ...) NOT-FOR-US: T&D Corporation CVE-2023-27387 (Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC COR ...) NOT-FOR-US: T&D Corporation CVE-2023-23545 (Missing authentication for critical function exists in T&D Corporation ...) NOT-FOR-US: T&D Corporation CVE-2023-22654 (Client-side enforcement of server-side security issue exists in T&D Co ...) NOT-FOR-US: T&D Corporation CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwe ...) NOT-FOR-US: KaiOS CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...) NOT-FOR-US: KaiOS CVE-2023-32409 (The issue was addressed with improved bounds checks. This issue is fix ...) - webkit2gtk 2.42.0-1 (unimportant) - wpewebkit 2.42.0-1 (unimportant) NOTE: Affects the GPU process which is not supported by the GTK and WPE ports NOTE: https://bugs.webkit.org/show_bug.cgi?id=255350 NOTE: https://github.com/WebKit/WebKit/pull/12660 NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856 CVE-2023-32373 (A use-after-free issue was addressed with improved memory management. ...) {DSA-5427-1} - webkit2gtk 2.40.2-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://bugs.webkit.org/show_bug.cgi?id=254840 NOTE: https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c NOTE: https://webkitgtk.org/security/WSA-2023-0004.html CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firm ...) NOT-FOR-US: Teltonika CVE-2023-32349 (Version 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware c ...) NOT-FOR-US: Teltonika CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) NOT-FOR-US: Teltonika CVE-2023-32347 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 use ...) NOT-FOR-US: Teltonika CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) NOT-FOR-US: Teltonika CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A v ...) NOT-FOR-US: Suprema BioStar CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). A ...) NOT-FOR-US: Wekan CVE-2023-31742 (There is a command injection vulnerability in the Linksys WRT54GL rout ...) NOT-FOR-US: Linksys CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vulnerabl ...) NOT-FOR-US: Wcms CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...) NOT-FOR-US: cu/silicon CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) {DSA-5411-1} - gpac (bug #1036701) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) {DSA-5411-1} - gpac (bug #1036701) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) {DSA-5411-1} - gpac (bug #1036701) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) {DSA-5411-1} - gpac (bug #1036701) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 CVE-2023-2832 (SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.) NOT-FOR-US: unilogies/bumsys CVE-2023-2597 (In Eclipse Openj9 before version 0.38.0, in the implementation of the ...) NOT-FOR-US: Eclipse Openj9 CVE-2023-2588 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 hav ...) NOT-FOR-US: Teltonika CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) NOT-FOR-US: Teltonika CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...) NOT-FOR-US: Teltonika CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...) {DSA-5419-1 DLA-3471-1} [experimental] - c-ares 1.19.1-1 - c-ares 1.18.1-3 NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc NOTE: https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae (cares-1_19_1) CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...) - bitcoin (bug #1036647) NOTE: https://github.com/bitcoin/bitcoin/issues/27586 NOTE: https://github.com/bitcoin/bitcoin/issues/27623 NOTE: https://github.com/bitcoin/bitcoin/pull/27610 CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...) - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/47c29d69212911f50bdcdd0564b5999a559010d4 (6.3-rc4) CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...) {DLA-3805-1} - qt6-base 6.4.2+dfsg-10 (bug #1036848) [bookworm] - qt6-base (Minor issue) - qtbase-opensource-src 5.15.8+dfsg-11 [bullseye] - qtbase-opensource-src (Minor issue) - qtbase-opensource-src-gles 5.15.10+dfsg-2 [bookworm] - qtbase-opensource-src-gles (Minor issue) [bullseye] - qtbase-opensource-src-gles (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644 CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...) NOT-FOR-US: Nissan Sylphy Classic 2021 CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) NOT-FOR-US: Kazelcast CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deployment ...) NOT-FOR-US: KACE CVE-2023-33252 (iden3 snarkjs through 0.6.11 allows double spending because there is n ...) NOT-FOR-US: iden3 snarkjs CVE-2023-33251 (When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDi ...) NOT-FOR-US: Akka HTTP CVE-2023-33250 (The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in ...) - linux 6.4.4-1 [bookworm] - linux (Vulnerable code introduced later) [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) NOTE: https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ NOTE: https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/ CVE-2023-33236 (MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerabi ...) NOT-FOR-US: MXsecurity CVE-2023-33235 (MXsecurity version 1.0 is vulnearble to command injection vulnerabilit ...) NOT-FOR-US: MXsecurity CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is affected by a remote code ex ...) NOT-FOR-US: IBM CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel before 5.10. ...) - linux CVE-2023-31454 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...) NOT-FOR-US: Apache InLong CVE-2023-31453 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...) NOT-FOR-US: Apache InLong CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored Cross-Site Sc ...) NOT-FOR-US: hledger CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) NOT-FOR-US: WordPress plugin CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone ...) NOT-FOR-US: Obsidian CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability in "Re ...) NOT-FOR-US: Rental Module for Ideasoft's E-commerce Platform CVE-2023-2712 (Unrestricted Upload of File with Dangerous Type vulnerability in "Ren ...) NOT-FOR-US: Rental Module for Ideasoft's E-commerce Platform CVE-2023-32677 (Zulip is an open-source team collaboration tool with unique topic-base ...) NOT-FOR-US: Zulip CVE-2023-2824 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System CVE-2023-2823 (A vulnerability was found in SourceCodester Class Scheduling System 1. ...) NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-2822 (A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It ...) NOT-FOR-US: Ellucian Ethos Identity CVE-2023-2736 (The Groundhogg plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2735 (The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2717 (The Groundhogg plugin for WordPress is vulnerable to Cross-Site Reques ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2716 (The Groundhogg plugin for WordPress is vulnerable to unauthorized acce ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2715 (The Groundhogg plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-2714 (The Groundhogg plugin for WordPress is vulnerable to unauthorized modi ...) NOT-FOR-US: Groundhogg plugin for WordPress CVE-2023-32700 (LuaTeX before 1.17.0 allows execution of arbitrary shell commands when ...) {DSA-5406-1 DLA-3427-1} - texlive-bin 2022.20220321.62855-5.1 NOTE: https://tug.org/~mseven/luatex.html NOTE: Introduced by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/4d8b815d3b53ae72bce12b535d86bdce51834d50 (1.0.4) NOTE: Fixed by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/5650c067de62cb7d4aaca44f30c8e9115c51bfc6 (1.17.0) NOTE: Fixed by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/b8b71a256664d17a8b6c81481a835813c61aa661 (1.17.0) CVE-2023-32679 (Craft CMS is an open source content management system. In affected ver ...) NOT-FOR-US: Craft CMS CVE-2023-32675 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-31862 (jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The conte ...) NOT-FOR-US: jizhicms CVE-2023-31757 (DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parame ...) NOT-FOR-US: DedeCMS CVE-2023-31756 (A command injection vulnerability exists in the administrative web por ...) NOT-FOR-US: TP-Link CVE-2023-31707 (SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.) NOT-FOR-US: SEMCMS CVE-2023-2815 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Jewelry Store CVE-2023-2814 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Class Scheduling System CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...) NOT-FOR-US: Weaver e-cology CVE-2023-2804 (A heap-based buffer overflow issue was discovered in libjpeg-turbo in ...) - libjpeg-turbo (Vulnerable code not present) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...) NOT-FOR-US: Foxit CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...) NOT-FOR-US: Metabase CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authentica ...) NOT-FOR-US: WordPress plugin CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) NOT-FOR-US: WordPress plugin CVE-2023-32323 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.74.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...) NOT-FOR-US: Ombi CVE-2023-32100 (Compiler removal of buffer clearing in sli_se_driver_mac_compute in ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-32099 (Compiler removal of buffer clearing in sli_se_sign_hashin Sili ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-32098 (Compiler removal of buffer clearing in sli_se_sign_message ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-32097 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-32096 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2023-31655 (redis v7.0.10 was discovered to contain a segmentation violation. This ...) NOTE: Bogus issue, see https://github.com/RedisLabs/redisraft/issues/608 CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...) - zammad (bug #841355) CVE-2023-2800 (Insecure Temporary File in GitHub repository huggingface/transformers ...) NOT-FOR-US: Transformers CVE-2023-2799 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: OA CVE-2023-2790 (A vulnerability classified as problematic has been found in TOTOLINK N ...) NOT-FOR-US: TOTOLINK CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated as probl ...) - cflow (unimportant) NOTE: https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md NOTE: Crash in CLI tool, no security impact CVE-2023-2782 (Sensitive information disclosure due to improper authorization. The fo ...) NOT-FOR-US: Acronis Cyber Infrastructure (ACI) CVE-2023-2481 (Compiler removal of buffer clearing in sli_se_opaque_import_key ...) NOT-FOR-US: Silicon Labs Gecko Platform SDK CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...) {DLA-3434-1} - sysstat 12.6.1-2 (bug #1036294) [bookworm] - sysstat (Minor issue) [bullseye] - sysstat (Incomplete fix for CVE-2022-39377 not applied) NOTE: https://github.com/sysstat/sysstat/pull/360 NOTE: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...) - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75 (6.3-rc4) CVE-2023-33201 (Bouncy Castle For Java before 1.74 is affected by an LDAP injection vu ...) {DLA-3514-1} - bouncycastle 1.77-1 (bug #1040050) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 NOTE: https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via / ...) NOT-FOR-US: TOTOLINK CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Exe ...) NOT-FOR-US: Umbraco CMS CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...) {DLA-3805-1 DLA-3539-1} - qt6-base 6.4.2+dfsg-8 - qtbase-opensource-src 5.15.8+dfsg-10 [bullseye] - qtbase-opensource-src (Minor issue) - qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702) [bullseye] - qtbase-opensource-src-gles (Minor issue) - qt4-x11 NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000413.html NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff NOTE: https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/476490 NOTE: https://bugreports.qt.io/browse/QTBUG-113337 CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6. ...) {DLA-3805-1} - qt6-base 6.4.2+dfsg-9 - qtbase-opensource-src 5.15.8+dfsg-10 [bullseye] - qtbase-opensource-src (Minor issue) - qtbase-opensource-src-gles (Not built in GLES variant) NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.) - dokuwiki 0.0.20220731.a-2 (bug #1036279) [bullseye] - dokuwiki (Minor issue) [buster] - dokuwiki (Minor issue) NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967 NOTE: https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de NOTE: https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/ CVE-2023-32767 (The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05 ...) NOT-FOR-US: Symcon CVE-2023-31904 (savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File In ...) NOT-FOR-US: savysoda Wifi HD Wireless Disk Drive CVE-2023-31903 (GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allo ...) NOT-FOR-US: GuppY CMS CVE-2023-31902 (RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execu ...) NOT-FOR-US: RPA Technology Mobile Mouse CVE-2023-31725 (yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free v ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/221 NOTE: Crash in CLI tool, no security impact CVE-2023-31724 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/222 NOTE: Crash in CLI tool, no security impact CVE-2023-31723 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/220 NOTE: Crash in CLI tool, no security impact CVE-2023-31722 (There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1 NOTE: Crash in CLI tool, no security impact CVE-2023-31703 (Cross Site Scripting (XSS) in the edit user form in Microworld Technol ...) NOT-FOR-US: Microworld Technologies eScan management console CVE-2023-31702 (SQL injection in the View User Profile in MicroWorld eScan Management ...) NOT-FOR-US: Microworld Technologies eScan management console CVE-2023-31701 (TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable ...) NOT-FOR-US: TP-Link CVE-2023-31700 (TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable ...) NOT-FOR-US: TP-Link CVE-2023-31699 (ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) ...) NOT-FOR-US: ChurchCRM CVE-2023-31698 (Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via ...) NOT-FOR-US: Bludit CVE-2023-2776 (A vulnerability was found in code-projects Simple Photo Gallery 1.0. I ...) NOT-FOR-US: code-projects Simple Photo Gallery CVE-2023-2775 (A vulnerability was found in code-projects Bus Dispatch and Informatio ...) NOT-FOR-US: code-projects Bus Dispatch and Information System CVE-2023-2774 (A vulnerability was found in code-projects Bus Dispatch and Informatio ...) NOT-FOR-US: code-projects Bus Dispatch and Information System CVE-2023-2773 (A vulnerability has been found in code-projects Bus Dispatch and Infor ...) NOT-FOR-US: code-projects Bus Dispatch and Information System CVE-2023-2772 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Budget and Expense Tracker System CVE-2023-2771 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2770 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2769 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2768 (A vulnerability was found in Sucms 1.0. It has been rated as problemat ...) NOT-FOR-US: Sucms CVE-2023-2766 (A vulnerability was found in Weaver OA 9.5 and classified as problemat ...) NOT-FOR-US: Weaver OA CVE-2023-2765 (A vulnerability has been found in Weaver OA up to 9.5 and classified a ...) NOT-FOR-US: Weaver OA CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framework pri ...) NOT-FOR-US: pimcore CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...) {DSA-5685-1 DLA-3462-1} - wordpress 6.2.1+dfsg1-1 (bug #1036296) NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765 NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/ CVE-2023-2679 (Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows ...) NOT-FOR-US: Snow Software CVE-2023-31848 (davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).) NOT-FOR-US: davinci CVE-2023-31847 (In davinci 0.3.0-rc after logging in, the user can connect to the mysq ...) NOT-FOR-US: davinci CVE-2023-31679 (Incorrect access control in Videogo v6.8.1 allows attackers to access ...) NOT-FOR-US: Videogo CVE-2023-31678 (Incorrect access control in Videogo v6.8.1 allows attackers to bind sh ...) NOT-FOR-US: Videogo CVE-2023-31677 (Insecure permissions in luowice 3.5.18 allow attackers to view informa ...) NOT-FOR-US: luowice CVE-2023-31544 (A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v ...) NOT-FOR-US: alkacon-OpenCMS CVE-2023-2753 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2752 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2706 (The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vuln ...) NOT-FOR-US: OTP Login Woocommerce & Gravity Forms plugin for WordPress CVE-2023-2608 (The Multiple Page Generator Plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-2528 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...) NOT-FOR-US: Contact Form by Supsystic plugin for WordPress CVE-2023-2509 (A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood ...) NOT-FOR-US: ASUSTOR CVE-2023-2469 REJECTED CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0 allows an ...) NOT-FOR-US: glazedlists CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricte ...) NOT-FOR-US: Sourcecodester Online Computer and Laptop Store CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in the fun ...) NOT-FOR-US: TOTOLINK CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a remote code ...) NOT-FOR-US: Tenda CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows ...) - serendipity CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change ...) NOT-FOR-US: Bludit CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2023-2740 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Guest Management System CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeServer ...) NOT-FOR-US: Gira HomeServer CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...) NOT-FOR-US: Tongda CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...) - tiff 4.5.0-6 (bug #1036282) [bullseye] - tiff (Vulnerable code introduced later) [buster] - tiff (Vulnerable code introduced later) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b (v4.5.1rc1) NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to 113.0.5672.126 ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to 113.0.5672.126 al ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior to 113 ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to 113.0.5672.126 ...) {DSA-5404-1} - chromium 113.0.5672.126-1 [buster] - chromium (see DSA 5046) CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to Insecure D ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2023-2499 (The RegistrationMagic plugin for WordPress is vulnerable to authentica ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2023-2633 (Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server ...) NOT-FOR-US: Jenkins plugin CVE-2023-2632 (Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API key ...) NOT-FOR-US: Jenkins plugin CVE-2023-2631 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-33007 (Jenkins LoadComplete support Plugin 1.0 and earlier does not escape th ...) NOT-FOR-US: Jenkins plugin CVE-2023-33006 (A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oaut ...) NOT-FOR-US: Jenkins plugin CVE-2023-33005 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the prev ...) NOT-FOR-US: Jenkins plugin CVE-2023-33004 (A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earl ...) NOT-FOR-US: Jenkins plugin CVE-2023-33003 (A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profi ...) NOT-FOR-US: Jenkins plugin CVE-2023-33002 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2023-33001 (Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2023-33000 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and e ...) NOT-FOR-US: Jenkins plugin CVE-2023-32999 (A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earl ...) NOT-FOR-US: Jenkins plugin CVE-2023-32998 (A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider ...) NOT-FOR-US: Jenkins plugin CVE-2023-32997 (Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous ...) NOT-FOR-US: Jenkins plugin CVE-2023-32996 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2023-32995 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) NOT-FOR-US: Jenkins plugin CVE-2023-32994 (Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditiona ...) NOT-FOR-US: Jenkins plugin CVE-2023-32993 (Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not per ...) NOT-FOR-US: Jenkins plugin CVE-2023-32992 (Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2 ...) NOT-FOR-US: Jenkins plugin CVE-2023-32991 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) NOT-FOR-US: Jenkins plugin CVE-2023-32990 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) NOT-FOR-US: Jenkins plugin CVE-2023-32989 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM ...) NOT-FOR-US: Jenkins plugin CVE-2023-32988 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) NOT-FOR-US: Jenkins plugin CVE-2023-32987 (A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse P ...) NOT-FOR-US: Jenkins plugin CVE-2023-32986 (Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2023-32985 (Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the pa ...) NOT-FOR-US: Jenkins plugin CVE-2023-32984 (Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2023-32983 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask ex ...) NOT-FOR-US: Jenkins plugin CVE-2023-32982 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra var ...) NOT-FOR-US: Jenkins plugin CVE-2023-32981 (An arbitrary file write vulnerability in Jenkins Pipeline Utility Step ...) NOT-FOR-US: Jenkins plugin CVE-2023-32980 (A cross-site request forgery (CSRF) vulnerability in Jenkins Email Ext ...) NOT-FOR-US: Jenkins plugin CVE-2023-32979 (Jenkins Email Extension Plugin does not perform a permission check in ...) NOT-FOR-US: Jenkins plugin CVE-2023-32978 (A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plug ...) NOT-FOR-US: Jenkins plugin CVE-2023-32977 (Jenkins Pipeline: Job Plugin does not escape the display name of the b ...) NOT-FOR-US: Jenkins plugin CVE-2023-32956 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2023-32955 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2023-32309 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...) NOT-FOR-US: PyMdown Extensions CVE-2023-32308 (anuko timetracker is an open source time tracking system. Boolean-base ...) NOT-FOR-US: Anuko Time Tracker CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is vulner ...) NOT-FOR-US: video carousel slider with lightbox plugin for WordPress CVE-2023-2708 (The Video Gallery plugin for WordPress is vulnerable to Reflected Cros ...) NOT-FOR-US: Video Gallery plugin for WordPress CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to blo ...) NOT-FOR-US: OPC UA Legacy Java Stack CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) NOT-FOR-US: Node vm2 CVE-2023-32313 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) NOT-FOR-US: Node vm2 CVE-2023-31986 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 CVE-2023-31845 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-31844 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-31843 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137 NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09 (v7.2.10) CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138 NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830 (v7.2.10) CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139 NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec (v7.2.10) CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 (v7.2.10) CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140 NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494 (v7.2.10) CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129 NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131 (v7.2.10) CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 (v7.2.10) CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134 NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526 (v7.2.10) CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 (v7.2.10) CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135 NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc (v7.2.10) CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1130 NOTE: https://github.com/openlink/virtuoso-opensource/commit/ec54f1c7b50df944ae4a8d3e29cd7eaf1cc97b21 (v7.2.10) CVE-2023-31620 (An issue in the dv_compare component of openlink virtuoso-opensource v ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1128 NOTE: https://github.com/openlink/virtuoso-opensource/commit/a4997ed2499c4de8c95e2de9e2a07b60384fbbec (v7.2.10) CVE-2023-31619 (An issue in the sch_name_to_object component of openlink virtuoso-open ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1133 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 (v7.2.10) CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink virtuoso-open ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1136 NOTE: https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df (v7.2.10) CVE-2023-31617 (An issue in the dk_set_delete component of openlink virtuoso-opensourc ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1127 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f (v7.2.10) CVE-2023-31616 (An issue in the bif_mod component of openlink virtuoso-opensource v7.2 ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1122 NOTE: https://github.com/openlink/virtuoso-opensource/commit/25fff0eaa85898004bb14909e9f29d16b2918792 (v7.2.10) CVE-2023-31615 (An issue in the chash_array component of openlink virtuoso-opensource ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1124 NOTE: https://github.com/openlink/virtuoso-opensource/commit/d02925b18e3ad0244ae7c52acf92bfa686738eb2 (v7.2.10) CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink virtuos ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1117 NOTE: https://github.com/openlink/virtuoso-opensource/commit/7c488ae70803b208a94bf12fee792195caddbf7d (v7.2.10) CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink virtuoso-o ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1121 NOTE: https://github.com/openlink/virtuoso-opensource/commit/171718c844530864cb375213c8b9cbc8ba079efc (v7.2.10) CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink virtuoso-opensourc ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1125 CVE-2023-31611 (An issue in the __libc_longjmp component of openlink virtuoso-opensour ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1119 NOTE: https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74 (v7.2.10) CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink virtuoso-open ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1118 NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 (v7.2.10) CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink virtuoso-opens ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1126 CVE-2023-31608 (An issue in the artm_div_int component of openlink virtuoso-opensource ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1123 NOTE: https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094 (v7.2.10) CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-opensourc ...) [experimental] - virtuoso-opensource 7.2.12+dfsg-0.1 - virtuoso-opensource 7.2.12+dfsg-0.2 (bug #1036467) [bookworm] - virtuoso-opensource (Minor issue) [bullseye] - virtuoso-opensource (Minor issue) [buster] - virtuoso-opensource (Minor issue) NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120 NOTE: https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe (v7.2.10) CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...) NOT-FOR-US: SICK CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSO ...) NOT-FOR-US: SICK CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleartext ma ...) - keepass2 (unimportant) NOTE: https://github.com/vdohney/keepass-password-dumper NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ NOTE: Negligible security impact CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5. ...) NOT-FOR-US: git-url-parse CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...) [experimental] - libvirt 9.3.0-1 - libvirt 9.0.0-4 (bug #1036297) [bullseye] - libvirt (Vulnerable code not present) [buster] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 NOTE: Introduced in: https://gitlab.com/libvirt/libvirt/-/commit/c97518d9b833a607f29b9bb02e3fbe74c011c088 (v7.7.0-rc1) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2698 (A vulnerability classified as critical was found in SourceCodester Los ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2697 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2696 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2695 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2694 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2693 (A vulnerability was found in SourceCodester Online Exam System 1.0 and ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2692 (A vulnerability has been found in SourceCodester ICT Laboratory Manage ...) NOT-FOR-US: SourceCodester ICT Laboratory Management System CVE-2023-2691 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Personnel Property Equipment System CVE-2023-2690 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Personnel Property Equipment System CVE-2023-2689 (A vulnerability classified as critical was found in SourceCodester Bil ...) NOT-FOR-US: SourceCodester Billing Management System CVE-2023-32303 (Planet is software that provides satellite data. The secret file store ...) NOT-FOR-US: Planet CVE-2023-32306 (Time Tracker is an open source time tracking system. A time-based blin ...) NOT-FOR-US: Time Tracker CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contai ...) NOT-FOR-US: aiven-extras CVE-2023-32081 (Vert.x STOMP is a vert.x implementation of the STOMP specification tha ...) NOT-FOR-US: Vert.x STOMP CVE-2023-32073 (WWBN AVideo is an open source video platform. In versions 12.4 and pri ...) NOT-FOR-US: AVideo CVE-2023-31985 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 CVE-2023-31983 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 CVE-2023-31922 (QuickJS commit 2788d71 was discovered to contain a stack-overflow via ...) NOT-FOR-US: QuickJS CVE-2023-31921 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) - iotjs (Vulnerable code not present) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5068 CVE-2023-31920 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5070 CVE-2023-31919 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5069 CVE-2023-31918 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5064 CVE-2023-31916 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5062 CVE-2023-31914 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memo ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5071 CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertio ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5061 CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and classifie ...) NOT-FOR-US: Caton Live CVE-2023-2680 (This CVE exists because of an incomplete fix for CVE-2021-3750. More s ...) - qemu (Red Hat specific incomplete fix for CVE-2021-3750) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203387 CVE-2023-2678 (A vulnerability has been found in SourceCodester File Tracker Manager ...) NOT-FOR-US: SourceCodester File Tracker Manager System CVE-2023-2677 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Covid-19 Contact Tracing System CVE-2023-2676 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: H3C CVE-2023-2675 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: linagora twake CVE-2023-2672 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2671 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _libcap_ ...) - libcap2 1:2.66-4 (bug #1036114) [bullseye] - libcap2 (Minor issue) [buster] - libcap2 (Vulnerable code introduced later) NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4 NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18 (libcap-2.69) CVE-2023-2602 (A vulnerability was found in the pthread_create() function in libcap. ...) - libcap2 1:2.66-4 (bug #1036114) [bullseye] - libcap2 (Minor issue) [buster] - libcap2 (Vulnerable code introduced later) NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4 NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb (libcap-2.69) CVE-2023-2515 (Mattermost fails to restrict a user with permissions to edit other use ...) - mattermost-server (bug #823556) CVE-2023-2514 (Mattermost Sever fails to redact the DB username and password before e ...) - mattermost-server (bug #823556) CVE-2023-2512 (Prior to version v1.20230419.0, the FormData API implementation was su ...) NOT-FOR-US: Cloudflare workerd CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior t ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...) NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-32254 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) {DSA-5448-1} - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/ CVE-2023-32250 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) {DSA-5448-1} - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-698/ CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential Addons ...) NOT-FOR-US: WordPress plugin CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-32058 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-31531 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) NOT-FOR-US: Motorola CVE-2023-31530 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) NOT-FOR-US: Motorola CVE-2023-31529 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) NOT-FOR-US: Motorola CVE-2023-31528 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) NOT-FOR-US: Motorola CVE-2023-31508 REJECTED CVE-2023-31502 (Altenergy Power Control Software C1.2.5 was discovered to contain a re ...) NOT-FOR-US: Altenergy Power Control Software CVE-2023-31497 (Incorrect access control in Quick Heal Technologies Limited Seqrite En ...) NOT-FOR-US: Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) CVE-2023-2674 (Improper Access Control in GitHub repository openemr/openemr prior to ...) NOT-FOR-US: OpenEMR CVE-2023-2670 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2669 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2668 (A vulnerability was found in SourceCodester Lost and Found Information ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2667 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2666 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - froxlor (bug #581792) CVE-2023-2665 (Storage of Sensitive Data in a Mechanism without Access Control in Git ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2023-2664 (In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tre ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-2663 (In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree l ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-2662 (In Xpdf 4.04 (and earlier), a bad color space object in the input PDF ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-2511 REJECTED CVE-2023-2510 REJECTED CVE-2023-2502 REJECTED CVE-2023-2501 REJECTED CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...) - etcd 3.4.30-1 (bug #1036295) [bookworm] - etcd (Minor issue) [bullseye] - etcd (Minor issue) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/pull/15656 NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298 CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...) NOT-FOR-US: Pimcore CVE-2023-31498 (A privilege escalation issue was found in PHP Gurukul Hospital Managem ...) NOT-FOR-US: PHP Gurukul Hospital Management System CVE-2023-31475 (An issue was discovered on GL.iNet devices before 3.216. The function ...) NOT-FOR-US: GL.iNet devices CVE-2023-31473 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...) NOT-FOR-US: GL.iNet devices CVE-2023-31445 (Cassia Access controller before 2.1.1.2203171453, was discovered to ha ...) NOT-FOR-US: Cassia Access controller CVE-2023-2661 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2660 (A vulnerability has been found in SourceCodester Online Computer and L ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2659 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2658 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2657 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2656 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2653 (A vulnerability classified as critical was found in SourceCodester Los ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2652 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Lost and Found Information System CVE-2023-2490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fern ...) NOT-FOR-US: WordPress plugin CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Automati ...) NOT-FOR-US: Rockwell Automation CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...) NOT-FOR-US: Rockwell Automation CVE-2023-2455 (Row security policies disregard user ID changes after inlining; Postgr ...) {DSA-5401-1 DLA-3422-1} - postgresql-15 15.3-0+deb12u1 - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=473626cf00babd829eb15c36b51dfb358d32bc95 (REL_11_20) CVE-2023-2454 (schema_element defeats protective search_path changes; It was found th ...) {DSA-5401-1 DLA-3422-1} - postgresql-15 15.3-0+deb12u1 - postgresql-13 - postgresql-11 NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=23cb8eaeb97df350273cb8902e55842a955339c8 (REL_11_20) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=766e061404c2159dccebad4d19e496d8ced8b2c4 (REL_11_20) CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...) - texlive-bin 2022.20220321.62855-6 (bug #1036470) [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1 [bullseye] - texlive-bin (Minor issue) [buster] - texlive-bin (Minor issue) NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/b266ef076c96b382cd23a4c93204e247bb98626a NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/e7df9234420973a2f69aac1b10cbb5f00b0cda4d NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/da4492c789e25f05255d54e45447d3da79098967 CVE-2023-32080 (Wings is the server control plane for Pterodactyl Panel. A vulnerabili ...) NOT-FOR-US: Pterodactyl panel CVE-2023-31477 (A path traversal issue was discovered on GL.iNet devices before 3.216. ...) NOT-FOR-US: GL.iNet devices CVE-2023-31442 (In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discov ...) NOT-FOR-US: Lightbend Akka CVE-2023-2649 (A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been de ...) NOT-FOR-US: Tenda CVE-2023-2648 (A vulnerability was found in Weaver E-Office 9.5. It has been classifi ...) NOT-FOR-US: Weaver E-Office CVE-2023-2647 (A vulnerability was found in Weaver E-Office 9.5 and classified as cri ...) NOT-FOR-US: Weaver E-Office CVE-2023-2646 (A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 ...) NOT-FOR-US: TP-Link Archer CVE-2023-2645 (A vulnerability, which was classified as critical, was found in USR US ...) NOT-FOR-US: USR USR-G806 CVE-2023-2644 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: DigitalPersona CVE-2023-2643 (A vulnerability classified as critical was found in SourceCodester Fil ...) NOT-FOR-US: SourceCodester File Tracker Manager System CVE-2023-2642 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Exam System CVE-2023-2641 (A vulnerability was found in SourceCodester Online Internship Manageme ...) NOT-FOR-US: SourceCodester Online Internship Management System CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto ...) - in-toto (bug #1035934) [bookworm] - in-toto (Minor issue) [bullseye] - in-toto (Minor issue) NOTE: https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf NOTE: https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59 (v2.0.0) NOTE: https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325 (v2.0.0) CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, ...) NOT-FOR-US: XWiki CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5076 CVE-2023-31908 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5067 CVE-2023-31907 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5073 CVE-2023-31906 (Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buf ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5066 CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...) - libpodofo (Vulnerable code not present) NOTE: https://github.com/podofo/podofo/issues/72 NOTE: Fixed by: https://github.com/podofo/podofo/commit/29d59f604b37159e938a2f46acd4856cfd1e7bac NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...) - libpodofo (bug #1036278) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) NOTE: https://github.com/podofo/podofo/issues/71 CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...) - libpodofo (bug #1036278) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) NOTE: https://github.com/podofo/podofo/issues/70 CVE-2023-31557 REJECTED CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...) - libpodofo (Vulnerable code not present) NOTE: https://github.com/podofo/podofo/issues/66 NOTE: Fixed by: https://github.com/podofo/podofo/commit/8d3e9104ea10f8b53a0b5a2a806e6388acd41a40 NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 CVE-2023-31555 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...) - libpodofo (Vulnerable code not present) NOTE: https://github.com/podofo/podofo/issues/67 NOTE: Fixed by: https://github.com/podofo/podofo/commit/3759eb6aae7c01f2d8670f16ac46f5e116c7f468 NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 CVE-2023-31554 REJECTED CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...) NOT-FOR-US: GL.iNet devices CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: pimcore CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x thro ...) {DLA-3539-1} - qt6-svg 6.4.2-2 - qtsvg-opensource-src 5.15.8-3 [bullseye] - qtsvg-opensource-src (Minor issue) [buster] - qtsvg-opensource-src (Minor issue) - qt4-x11 NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/474093 NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000411.html NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...) [experimental] - dav1d 1.2.0-1 - dav1d 1.2.1-2 (bug #1035950) [bookworm] - dav1d (Minor issue) [bullseye] - dav1d (Minor issue) NOTE: https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0) CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) NOT-FOR-US: Veritas InfoScale Operations Manager CVE-2023-32568 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) NOT-FOR-US: Veritas InfoScale Operations Manager CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API endpoi ...) NOT-FOR-US: GL.iNet devices CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...) - opencv 4.6.0+dfsg-12 (bug #1035954) [bullseye] - opencv (Vulnerable code not present) [buster] - opencv (Vulnerable code not present) NOTE: https://github.com/opencv/opencv_contrib/pull/3484 NOTE: https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6 CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...) - opencv 4.6.0+dfsg-12 (bug #1035954) [bullseye] - opencv (Vulnerable code not present) [buster] - opencv (Vulnerable code not present) NOTE: https://github.com/opencv/opencv_contrib/pull/3480 NOTE: https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) NOT-FOR-US: pimcore CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) NOT-FOR-US: pimcore CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) {DLA-3453-1} - vim 2:9.0.1658-1 (bug #1035955) [bookworm] - vim (Minor issue) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532) CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs showed ...) - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216 CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215 CVE-2023-32214 (Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32214 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32214 CVE-2023-32213 (When reading a file, an uninitialized value could have been used as re ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213 CVE-2023-32212 (An attacker could have positioned a datalist element to o ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32212 CVE-2023-32211 (A type checking bug would have led to invalid code being compiled. Thi ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32211 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32211 CVE-2023-32210 (Documents were incorrectly assuming an ordering of principal objects w ...) - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32210 CVE-2023-32209 (A maliciously crafted favicon could have led to an out of memory crash ...) - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32209 CVE-2023-32208 (Service workers could reveal script base URL due to dynamic `import()` ...) - firefox 113.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208 CVE-2023-32207 (A missing delay in popup notifications could have made it possible for ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32207 CVE-2023-32206 (An out-of-bound read could have led to a crash in the RLBox Expat driv ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32206 CVE-2023-32205 (In multiple cases browser prompts could have been obscured by popups c ...) {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} - firefox 113.0-1 - firefox-esr 102.11.0esr-1 - thunderbird 1:102.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32205 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32205 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32205 CVE-2023-32071 (XWiki Platform is a generic wiki platform. Starting in versions 2.2-mi ...) NOT-FOR-US: XWiki CVE-2023-32069 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...) NOT-FOR-US: XWiki CVE-2023-32066 (Time Tracker is an open source time tracking system. The week view plu ...) NOT-FOR-US: Time Tracker CVE-2023-32060 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) NOT-FOR-US: DHIS2 CVE-2023-31982 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...) - sngrep 1.7.0-1 (unimportant) NOTE: https://github.com/irontec/sngrep/issues/431 NOTE: https://github.com/irontec/sngrep/commit/f39fa0b59b4d693f1997bc0cbf8b3b0772018563 (v1.7.0) NOTE: Crash in CLI tool, no security impact CVE-2023-31981 (Sngrep v1.6.0 was discovered to contain a stack buffer overflow via th ...) - sngrep 1.7.0-1 (unimportant) NOTE: https://github.com/irontec/sngrep/issues/430 NOTE: https://github.com/irontec/sngrep/commit/038a65883551fdccc0bb86600309bb85d2251f98 (v1.7.0) NOTE: Crash in CLI tool, no security impact CVE-2023-31979 (Catdoc v0.95 was discovered to contain a global buffer overflow via th ...) - catdoc (unimportant) NOTE: https://github.com/petewarden/catdoc/issues/9 NOTE: Crash in CLI tool, no security impact CVE-2023-31976 (libming v0.4.8 was discovered to contain a stack buffer overflow via t ...) - ming CVE-2023-31975 (yasm v1.3.0 was discovered to contain a memory leak via the function y ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/210 NOTE: Memory leak in CLI tool, no security impact CVE-2023-31974 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/208 NOTE: Crash in CLI tool, no security impact CVE-2023-31973 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/207 NOTE: Crash in CLI tool, no security impact CVE-2023-31972 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/209 NOTE: Crash in CLI tool, no security impact CVE-2023-31807 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31806 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31805 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31804 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31803 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31802 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31801 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31800 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) NOT-FOR-US: Chamilo LMS CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...) {DSA-5495-1 DLA-3573-1} - frr 8.4.4-1 (bug #1036062) NOTE: https://github.com/FRRouting/frr/issues/13099 NOTE: https://github.com/FRRouting/frr/pull/12454 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802 CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...) - frr 8.4.4-1 (bug #1036061) [bullseye] - frr (The vulnerable code was introduced later) [buster] - frr (The vulnerable code was introduced later) NOTE: https://github.com/FRRouting/frr/issues/13098 NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...) NOT-FOR-US: GL.iNet devices CVE-2023-31474 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...) NOT-FOR-US: GL.iNet devices CVE-2023-31472 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...) NOT-FOR-US: GL.iNet devices CVE-2023-2609 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.153 ...) - vim 2:9.0.1658-1 (unimportant) NOTE: https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 NOTE: https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad (v9.0.1531) NOTE: Crash in CLI tool, no security impact CVE-2023-2598 (A flaw was found in the fixed buffer registration code for io_uring (i ...) - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/3 NOTE: https://git.kernel.org/linus/776617db78c6d208780e7c69d4d68d1fa82913de (6.4-rc1) CVE-2023-2596 (A vulnerability was found in SourceCodester Online Reviewer System 1.0 ...) NOT-FOR-US: SourceCodester Online Reviewer System CVE-2023-2595 (A vulnerability has been found in SourceCodester Billing Management Sy ...) NOT-FOR-US: SourceCodester Billing Management System CVE-2023-2594 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Food Ordering Management System CVE-2023-2591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - teampass (bug #730180) CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...) NOT-FOR-US: SAP CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APP ...) NOT-FOR-US: SAP CVE-2023-32111 (In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a cr ...) NOT-FOR-US: SAP CVE-2023-31407 (SAP Business Planning and Consolidation - versions 740, 750, allows an ...) NOT-FOR-US: SAP CVE-2023-31406 (Due to insufficient input validation, SAP BusinessObjects Business Int ...) NOT-FOR-US: SAP CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligence Pla ...) NOT-FOR-US: SAP CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...) NOT-FOR-US: answerdev/answer CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) NOT-FOR-US: jsreport CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) NOT-FOR-US: Strikingly CMS CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) NOT-FOR-US: Advantech CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) NOT-FOR-US: Advantech CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) NOT-FOR-US: Advantech CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: OpenEMR CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language Hotel ...) NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs prior to v2 ...) NOT-FOR-US: scanservjs (SANE scanner nodejs web ui) CVE-2023-32290 (The myMail app through 14.30 for iOS sends cleartext credentials in a ...) NOT-FOR-US: myMail app for iOS CVE-2023-2560 (A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has ...) NOT-FOR-US: jja8 NewBingGoGo CVE-2016-15031 (A vulnerability was found in PHP-Login 1.0. It has been declared as cr ...) NOT-FOR-US: PHP-Login CVE-2023-2554 (External Control of File Name or Path in GitHub repository unilogies/b ...) NOT-FOR-US: unilogies/bumsys CVE-2023-2553 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...) NOT-FOR-US: unilogies/bumsys CVE-2023-2552 (Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsy ...) NOT-FOR-US: unilogies/bumsys CVE-2023-2551 (PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior ...) NOT-FOR-US: unilogies/bumsys CVE-2023-2550 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2540 REJECTED CVE-2023-2539 REJECTED CVE-2023-2537 REJECTED CVE-2023-2536 REJECTED CVE-2023-2516 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-2427 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In net/netr ...) - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/611792920925fb088ddccbe2783c7f92fdfb6b64 (6.2-rc7) CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...) NOT-FOR-US: Ghost CMS CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_ta ...) {DSA-5402-1 DLA-3508-1 DLA-3446-1} - linux 6.1.27-1 NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4 NOTE: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1) NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/5 CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution flaw. An att ...) - kibana (bug #700337) CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...) - kibana (bug #700337) CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...) NOT-FOR-US: Filebeat CVE-2023-2535 REJECTED CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: azuracast CVE-2017-20183 (A vulnerability was found in External Media without Import Plugin up t ...) NOT-FOR-US: WordPress plugin CVE-2023-2524 (A vulnerability classified as critical has been found in Control iD RH ...) NOT-FOR-US: Control iD RHiD CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been rated as ...) NOT-FOR-US: Weaver E-Office CVE-2023-2522 (A vulnerability was found in Chengdu VEC40G 3.0. It has been declared ...) NOT-FOR-US: Chengdu VEC40G CVE-2023-2521 (A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been class ...) NOT-FOR-US: NEXTU NEXT-7004N CVE-2023-2520 (A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031 ...) NOT-FOR-US: Caton Prime CVE-2023-2519 (A vulnerability has been found in Caton CTP Relay Server 1.2.9 and cla ...) NOT-FOR-US: Caton CTP Relay Server CVE-2023-2513 (A use-after-free vulnerability was found in the Linux kernel's ext4 fi ...) - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/67d7d8ad99beccd9fe92d585b87f1760dc9018e3 (6.0-rc1) CVE-2017-20184 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Carlo Gavazzi Powersoft CVE-2023-2468 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2467 (Inappropriate implementation in Prompts in Google Chrome on Android pr ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2466 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2465 (Inappropriate implementation in CORS in Google Chrome prior to 113.0.5 ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2464 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2463 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2462 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2461 (Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113. ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2460 (Insufficient validation of untrusted input in Extensions in Google Chr ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-2459 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) {DSA-5398-1} - chromium 113.0.5672.63-1 [buster] - chromium (see DSA 5046) CVE-2023-32007 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibi ...) - apache-spark (bug #802194) CVE-2023-31435 (Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Te ...) NOT-FOR-US: evasys CVE-2023-31434 (The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user prof ...) NOT-FOR-US: evasys CVE-2023-31433 (A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9 ...) NOT-FOR-US: evasys CVE-2023-2483 REJECTED CVE-2023-2479 (OS Command Injection in GitHub repository appium/appium-desktop prior ...) NOT-FOR-US: Appium CVE-2023-2477 (A vulnerability was found in Funadmin up to 3.2.3. It has been declare ...) NOT-FOR-US: Funadmin CVE-2023-2476 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been ...) NOT-FOR-US: Dromara J2eeFAST CVE-2023-2475 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classifi ...) NOT-FOR-US: Dromara J2eeFAST CVE-2023-2474 (A vulnerability has been found in Rebuild 3.2 and classified as proble ...) NOT-FOR-US: Rebuild CVE-2023-2473 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been decl ...) NOT-FOR-US: Dreamer CMS CVE-2023-2445 (Improper access control in Subscriptions Folder path filter in Devolut ...) NOT-FOR-US: Devolutions CVE-2022-48483 (3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthentica ...) NOT-FOR-US: 3CX CVE-2022-48482 (3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows all ...) NOT-FOR-US: 3CX CVE-2014-125100 (A vulnerability classified as problematic was found in BestWebSoft Job ...) NOT-FOR-US: WordPress plugin CVE-2013-10026 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ Management Syste ...) NOT-FOR-US: SourceCodester Online DJ Management System CVE-2018-25085 (A vulnerability classified as problematic was found in Responsive Menu ...) NOT-FOR-US: Responsive Menus on Drupal CVE-2015-10105 (A vulnerability, which was classified as critical, was found in IP Bla ...) NOT-FOR-US: WordPress plugin CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-2430 (A vulnerability was found due to missing lock for IOPOLL flaw in io_cq ...) {DSA-5492-1} - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d (6.2-rc5) CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) NOT-FOR-US: phpmyfaq CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - vim 2:9.0.1378-2 (bug #1035323) [bullseye] - vim (Minor issue) [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499) CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...) - libgitlab-api-v4-perl 0.27-1 (bug #954051) [bookworm] - libgitlab-api-v4-perl (Minor issue) [bullseye] - libgitlab-api-v4-perl (Minor issue) [buster] - libgitlab-api-v4-perl (Minor issue) NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57 NOTE: https://github.com/bluefeet/GitLab-API-v4/commit/02a2862cba323fe37e10afba8183d14847866fd2 (0.27) CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading ...) [experimental] - perl 5.38.0~rc2-1 - perl 5.38.2-2 (bug #1035109) [bookworm] - perl (Minor issue) [bullseye] - perl (Minor issue) [buster] - perl (Minor issue) NOTE: https://github.com/andk/cpanpm/pull/175 NOTE: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL) CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a di ...) NOT-FOR-US: Cauldron cbang CVE-2023-2425 (A vulnerability was found in SourceCodester Simple Student Information ...) NOT-FOR-US: SourceCodester Simple Student Information System CVE-2023-2424 (A vulnerability was found in DedeCMS 5.7.106 and classified as critica ...) NOT-FOR-US: DedeCMS CVE-2023-2421 (A vulnerability classified as problematic has been found in Control iD ...) NOT-FOR-US: Control iD RHiD CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It has been rated as critical ...) NOT-FOR-US: MLECMS CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been decla ...) NOT-FOR-US: Zhong Bang CRMEB CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been classifi ...) NOT-FOR-US: Konga CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 ...) NOT-FOR-US: ks-soft Advanced Host Monitor CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2412 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2411 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2410 (A vulnerability has been found in SourceCodester AC Repair and Service ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2409 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2408 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester AC Repair and Services System CVE-2023-2397 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Simple Mobile Comparison Website CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear SRX5308 ...) NOT-FOR-US: Netgear CVE-2023-2395 (A vulnerability classified as problematic has been found in Netgear SR ...) NOT-FOR-US: Netgear CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...) - libhttp-tiny-perl 0.088-1 (bug #962407; unimportant) [experimental] - perl 5.38.0~rc2-1 - perl 5.38.2-2 (unimportant; bug #954089) NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14 NOTE: https://github.com/chansen/p5-http-tiny/issues/134 NOTE: https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ NOTE: https://hackeriet.github.io/cpan-http-tiny-overview/ NOTE: Applications need to explicitly opt in to enable verification. CVE-2023-31470 (SmartDNS through 41 before 56d0332 allows an out-of-bounds write becau ...) NOT-FOR-US: SmartDNS CVE-2023-31444 (In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, ...) NOT-FOR-US: Talend Studio CVE-2023-2394 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2393 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2392 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2391 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classif ...) NOT-FOR-US: Netgear CVE-2023-2390 (A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and cl ...) NOT-FOR-US: Netgear CVE-2023-2389 (A vulnerability, which was classified as problematic, was found in Net ...) NOT-FOR-US: Netgear CVE-2023-2388 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Netgear CVE-2023-2387 (A vulnerability classified as problematic was found in Netgear SRX5308 ...) NOT-FOR-US: Netgear CVE-2023-2386 (A vulnerability classified as problematic has been found in Netgear SR ...) NOT-FOR-US: Netgear CVE-2023-2385 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2384 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2383 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) NOT-FOR-US: Netgear CVE-2023-2382 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classif ...) NOT-FOR-US: Netgear CVE-2023-2381 (A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and cl ...) NOT-FOR-US: Netgear CVE-2023-2380 (A vulnerability, which was classified as problematic, was found in Net ...) NOT-FOR-US: Netgear CVE-2023-2379 (A vulnerability classified as critical has been found in Ubiquiti Edge ...) NOT-FOR-US: Ubiquiti CVE-2023-2378 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) NOT-FOR-US: Ubiquiti CVE-2023-2377 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) NOT-FOR-US: Ubiquiti CVE-2023-2376 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) NOT-FOR-US: Ubiquiti CVE-2023-2375 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) NOT-FOR-US: Ubiquiti CVE-2023-2374 (A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-ho ...) NOT-FOR-US: Ubiquiti CVE-2023-2373 (A vulnerability, which was classified as critical, was found in Ubiqui ...) NOT-FOR-US: Ubiquiti CVE-2023-2372 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Online DJ Management System CVE-2023-2371 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online DJ Management System CVE-2023-2370 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online DJ Management System CVE-2023-2369 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) NOT-FOR-US: SourceCodester Faculty Evaluation System CVE-2023-2368 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) NOT-FOR-US: SourceCodester Faculty Evaluation System CVE-2023-2367 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) NOT-FOR-US: SourceCodester Faculty Evaluation System CVE-2023-2366 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) NOT-FOR-US: SourceCodester Faculty Evaluation System CVE-2023-2365 (A vulnerability has been found in SourceCodester Faculty Evaluation Sy ...) NOT-FOR-US: SourceCodester Faculty Evaluation System CVE-2023-2364 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-2363 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Resort Reservation System CVE-2023-2361 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2360 (Sensitive information disclosure due to CORS misconfiguration. The fol ...) NOT-FOR-US: Acronis CVE-2023-2356 (Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) NOT-FOR-US: mlflow CVE-2023-2355 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...) NOT-FOR-US: Acronis Snap Deploy (Windows) CVE-2023-2350 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2349 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2348 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2347 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2346 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2345 (A vulnerability was found in SourceCodester Service Provider Managemen ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2344 (A vulnerability has been found in SourceCodester Service Provider Mana ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-2343 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) NOT-FOR-US: pimcore CVE-2023-2342 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-2341 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) NOT-FOR-US: pimcore CVE-2023-2340 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2339 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-2338 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.) NOT-FOR-US: pimcore CVE-2023-2336 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.) NOT-FOR-US: pimcore CVE-2023-2335 (Plaintext Password in Registry vulnerability in 42gears surelock win ...) NOT-FOR-US: 42gears CVE-2023-2331 (Unquoted service Path or Element vulnerability in 42Gears Surelock Win ...) NOT-FOR-US: 42Gears CVE-2023-2328 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) NOT-FOR-US: pimcore CVE-2023-2327 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-2322 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-48481 (In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was po ...) NOT-FOR-US: JetBrains Toolbox App CVE-2023-XXXX [RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags! macro can cause undefined behavior] - rust-enumflags2 (Introduced in 0.7.0) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0035.html CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2 ...) {DSA-5402-1 DLA-3446-1} - linux 6.1.27-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3) NOTE: https://kernel.dance/#3037933448f60f9acb705997eae62013ecb81e0d CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser ex ...) NOT-FOR-US: Trust Wallet Core CVE-2023-31289 (Pexip Infinity before 31.2 has Improper Input Validation for signallin ...) NOT-FOR-US: Pexip CVE-2023-31288 RESERVED CVE-2023-31287 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...) NOT-FOR-US: Serenity CVE-2023-31286 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...) NOT-FOR-US: Serenity CVE-2023-31285 (An XSS issue was discovered in Serenity Serene (and StartSharp) before ...) NOT-FOR-US: Serenity CVE-2023-31284 (illumos illumos-gate before 676abcb has a stack buffer overflow in /de ...) NOT-FOR-US: illumos illumos-gate CVE-2023-31283 RESERVED CVE-2023-31282 RESERVED CVE-2023-31281 RESERVED CVE-2023-31280 RESERVED CVE-2023-31279 RESERVED CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...) NOT-FOR-US: Snap One CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...) NOT-FOR-US: Snap One CVE-2023-31240 (Snap One OvrC Pro versions prior to 7.2 have their own locally running ...) NOT-FOR-US: Snap One CVE-2023-31193 (Snap One OvrC Pro versions prior to 7.3 use HTTP connections when down ...) NOT-FOR-US: Snap One CVE-2023-28649 (The Hub in the Snap One OvrC cloud platform is a device used to centra ...) NOT-FOR-US: Snap One CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud servers w ...) NOT-FOR-US: Snap One CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...) NOT-FOR-US: Snap One CVE-2023-25183 (In Snap One OvrC Pro versions prior to 7.2, when logged into the super ...) NOT-FOR-US: Snap One CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...) NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154 CVE-2023-2318 (DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0. ...) NOT-FOR-US: MarkText CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows ...) NOT-FOR-US: Typora CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and Linux all ...) NOT-FOR-US: Typora CVE-2023-2315 (Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authe ...) NOT-FOR-US: OpenCart CVE-2023-31269 RESERVED CVE-2023-31268 RESERVED CVE-2023-31267 RESERVED CVE-2023-31266 RESERVED CVE-2023-31265 RESERVED CVE-2023-31264 RESERVED CVE-2023-31263 RESERVED CVE-2023-31262 RESERVED CVE-2023-31261 RESERVED CVE-2023-31260 RESERVED CVE-2023-31259 RESERVED CVE-2023-31258 RESERVED CVE-2023-31257 RESERVED CVE-2023-31256 RESERVED CVE-2023-31255 RESERVED CVE-2023-31254 RESERVED CVE-2023-31253 RESERVED CVE-2023-31252 RESERVED CVE-2023-31251 RESERVED CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...) - drupal7 NOTE: https://www.drupal.org/sa-core-2023-005 CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2023-31237 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) NOT-FOR-US: WordPress plugin CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...) NOT-FOR-US: WordPress plugin CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) NOT-FOR-US: WordPress plugin CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This issue aff ...) NOT-FOR-US: WordPress plugin CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) NOT-FOR-US: WordPress plugin CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) NOT-FOR-US: WordPress plugin CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...) NOT-FOR-US: WordPress plugin CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...) NOT-FOR-US: Haoqisir Baidu Tongji generator CVE-2023-31229 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) NOT-FOR-US: WordPress plugin CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...) NOT-FOR-US: Huawei CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...) NOT-FOR-US: Huawei CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...) NOT-FOR-US: Huawei CVE-2023-31194 (An improper array index validation vulnerability exists in the GraphPl ...) NOT-FOR-US: Diagon CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequence::Dra ...) NOT-FOR-US: Diagon CVE-2023-2314 (Insufficient data validation in DevTools in Google Chrome prior to 111 ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windows pr ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...) {DSA-5479-1} - chromium 116.0.5845.96-1 [buster] - chromium (see DSA 5046) CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-2309 (The wpForo Forum WordPress plugin before 2.1.9 does not escape some re ...) NOT-FOR-US: WordPress plugin CVE-2023-2308 RESERVED CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...) NOT-FOR-US: builderio/qwik CVE-2023-2306 (Qognify NiceVision versions 3.1 and prior are vulnerable to exposing s ...) NOT-FOR-US: Qognify NiceVision CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Favorites plugin for WordPress CVE-2023-2303 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...) NOT-FOR-US: Contact Form and Calls To Action by vcita plugin for WordPress CVE-2023-2302 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...) NOT-FOR-US: Contact Form and Calls To Action by vcita plugin for WordPress CVE-2023-2301 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...) NOT-FOR-US: Contact Form Builder by vcita plugin for WordPress CVE-2023-2300 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...) NOT-FOR-US: Contact Form Builder by vcita plugin for WordPress CVE-2023-2299 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress CVE-2023-2298 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) NOT-FOR-US: WordPress plugin CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a paramete ...) NOT-FOR-US: WordPress plugin CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...) NOT-FOR-US: Dataprobe CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48479 (The facial recognition TA of some products has the out-of-bounds memor ...) NOT-FOR-US: Huawei CVE-2022-48478 (The facial recognition TA of some products lacks memory length verific ...) NOT-FOR-US: Huawei CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module. Success ...) NOT-FOR-US: Huawei CVE-2021-46886 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2021-46885 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2021-46884 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2021-46883 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2021-46882 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...) NOT-FOR-US: Huawei CVE-2023-31224 (There is broken access control during authentication in Jamf Pro Serve ...) NOT-FOR-US: Jamf Pro CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...) NOT-FOR-US: Dradis CVE-2023-2295 (A vulnerability was found in the libreswan library. This security issu ...) NOTE: RedHat assigned duplicate of CVE-2023-30570, reported to the CNA CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified as pro ...) NOT-FOR-US: UCMS CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order Management ...) NOT-FOR-US: SourceCodester Purchase Order Management System CVE-2023-2292 RESERVED CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...) NOT-FOR-US: Zoho CVE-2023-2290 (A potential vulnerability in the LenovoFlashDeviceInterface SMI handle ...) NOT-FOR-US: Lenovo CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...) NOT-FOR-US: WordPress plugin CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) NOT-FOR-US: WordPress plugin CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: WP Activity Log for WordPress CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WP Activity Log Premium plugin for WordPress CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...) NOT-FOR-US: WP Activity Log Premium plugin for WordPress CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...) NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...) NOT-FOR-US: WordPress plugin CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...) NOT-FOR-US: WordPress plugin CVE-2023-31219 (Server-Side Request Forgery (SSRF) vulnerability in WPChill Download M ...) NOT-FOR-US: WordPress plugin CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...) NOT-FOR-US: WordPress plugin CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability in Amade ...) NOT-FOR-US: WordPress plugin CVE-2023-31214 RESERVED CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-31211 (Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 ...) - check-mk CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...) - check-mk CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...) - check-mk CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the RestAP ...) - check-mk CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...) - check-mk CVE-2023-2283 (A vulnerability was found in libssh, where the authentication check of ...) {DSA-5409-1} - libssh 0.10.5-1 (bug #1035832) [buster] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5) NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5) NOTE: Vulnerable function introduced with: https://git.libssh.org/projects/libssh.git/commit/?id=fd9446553b5e06c95c67945959b228e44c870b73 (libssh-0.9.0) CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...) NOT-FOR-US: Devolutions CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) - mattermost-server (bug #823556) CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-2279 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2023-2278 (The WP Directory Kit plugin for WordPress is vulnerable to Local File ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2023-2277 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Directory Kit plugin for WordPress CVE-2023-2276 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...) NOT-FOR-US: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress CVE-2023-2275 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin for Wor ...) NOT-FOR-US: WooCommerce plugin CVE-2023-2274 RESERVED CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...) NOT-FOR-US: Rapid7 CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) NOT-FOR-US: Apache InLong CVE-2023-31205 RESERVED CVE-2023-31204 RESERVED CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow an atta ...) NOT-FOR-US: PTC Vuforia Studio CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...) NOT-FOR-US: Intel CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...) NOT-FOR-US: Intel CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently P ...) NOT-FOR-US: Avaya CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observ ...) NOT-FOR-US: Avaya CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow information discl ...) NOT-FOR-US: ROZCOM CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials) NOT-FOR-US: ROZCOM CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...) NOT-FOR-US: Cybonet PineApp Mail SecureA CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...) NOT-FOR-US: EasyTor CVE-2023-31181 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Trav ...) NOT-FOR-US: WJJ Software CVE-2023-31180 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-s ...) NOT-FOR-US: WJJ Software CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal -Vulnerability allow ...) NOT-FOR-US: AgilePoint CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File DeleteVulnerabi ...) NOT-FOR-US: AgilePoint CVE-2023-31177 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-451 CVE-2023-31176 (An Insufficient Entropy vulnerability in the Schweitzer Engineering La ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-451 CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer Engineering ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in the Schwe ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL Command ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the Schweitz ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31164 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31163 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31162 (An Improper Input Validation vulnerability in the Schweitzer Engineeri ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31161 (AnImproper Input Validation vulnerability in the Schweitzer Engineerin ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31160 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31159 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31158 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31157 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31156 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31155 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31154 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31153 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31152 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31151 (An Improper Certificate Validation vulnerability in the Schweitzer E ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31150 (A Storing Passwords in a Recoverable Format vulnerability in the Schwe ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31149 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ...) [experimental] - c-ares 1.19.1-1 - c-ares 1.19.1-2 (unimportant) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 NOTE: https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5 (cares-1_19_1) NOTE: Any Debian system/port provides /dev/urandom CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...) NOT-FOR-US: Craft CMS CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...) NOT-FOR-US: mage-ai CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...) - opensearch (bug #1054912) NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h CVE-2023-31140 (OpenProject is open source project management software. Starting with ...) NOT-FOR-US: OpenProject CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) NOT-FOR-US: DHIS2 CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) NOT-FOR-US: DHIS2 CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name System ...) {DSA-5441-1 DLA-3457-1} - maradns 2.0.13-1.5 (bug #1035936) NOTE: https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58 NOTE: https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...) NOT-FOR-US: PostgresNIO CVE-2023-31135 (Dgraph is an open source distributed GraphQL database. Existing Dgraph ...) NOT-FOR-US: Dgraph CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...) NOT-FOR-US: Tauri CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...) NOT-FOR-US: Ghost CMS CVE-2023-31132 (Cacti is an open source operational monitoring and fault management fr ...) - cacti (Only affect Cacti Installer on Windows) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...) NOT-FOR-US: Greenplum Database CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...) {DSA-5419-1 DLA-3471-1} [experimental] - c-ares 1.19.1-1 - c-ares 1.18.1-3 NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v NOTE: https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 (cares-1_19_1) CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...) NOT-FOR-US: Contiki-NG CVE-2023-31128 (NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 o ...) NOT-FOR-US: Nextcloud app CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...) NOT-FOR-US: libspdm CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the op ...) NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...) NOT-FOR-US: Engine.IO CVE-2023-31124 (c-ares is an asynchronous resolver library. When cross-compiling c-are ...) [experimental] - c-ares 1.19.1-1 - c-ares 1.19.1-2 (unimportant) NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 NOTE: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d (cares-1_19_1) NOTE: No impact on binaries shipped by Debian CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...) NOT-FOR-US: effectindex/tripreporter CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT belongin ...) NOT-FOR-US: Intel CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...) NOT-FOR-US: Intel CVE-2023-29502 (Before importing a project into Vuforia, a user could modify the \u20 ...) NOT-FOR-US: Vuforia CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...) NOT-FOR-US: Intel CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and federate ...) NOT-FOR-US: Vuforia CVE-2023-29152 (By changing the filename parameter in the request, an attacker could ...) NOT-FOR-US: Vuforia CVE-2023-28822 RESERVED CVE-2023-28745 (Uncontrolled search path in Intel(R) QSFP+ Configuration Utility softw ...) NOT-FOR-US: Intel CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integr ...) NOT-FOR-US: Intel CVE-2023-28719 RESERVED CVE-2023-28378 (Improper authorization in some Intel(R) QAT drivers for Windows - HW V ...) NOT-FOR-US: Intel CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...) NOT-FOR-US: Vuforia CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...) NOT-FOR-US: Vuforia CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...) NOT-FOR-US: Netskope CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388 CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...) NOT-FOR-US: Plane CVE-2023-2267 (An Improper Input Validation vulnerability in Schweitzer Engineering L ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L CVE-2023-2266 (AnImproper neutralization of input during web page generation in the S ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L CVE-2023-2265 (AnImproper Restriction of Rendered UI Layers or Frames in the Schweitz ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L CVE-2023-2264 (An improper input validation vulnerability in the Schweitzer Engineeri ...) NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...) NOT-FOR-US: Rockwell Automation CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell Automation sele ...) NOT-FOR-US: Rockwell Automation CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) NOT-FOR-US: WP Activity Log plugin for WordPress CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Alf.io CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: Alf.io CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: Alf.io CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...) {DSA-5662-1} - apache2 2.4.58-1 [buster] - apache2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 NOTE: Fixed by: https://github.com/apache/httpd/commit/c41eb3b14a3d1eb2e3c42c4728cc52a22748851a CVE-2023-31121 RESERVED CVE-2023-31120 RESERVED CVE-2023-31119 RESERVED CVE-2023-31118 RESERVED CVE-2023-31117 RESERVED CVE-2023-31116 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) NOT-FOR-US: Samsung CVE-2023-31115 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) NOT-FOR-US: Samsung CVE-2023-31114 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) NOT-FOR-US: Samsung CVE-2023-31113 RESERVED CVE-2023-31112 RESERVED CVE-2023-31111 RESERVED CVE-2023-31110 RESERVED CVE-2023-31109 RESERVED CVE-2023-31108 RESERVED CVE-2023-31107 RESERVED CVE-2023-31106 RESERVED CVE-2023-31105 RESERVED CVE-2023-31104 RESERVED CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...) NOT-FOR-US: Devolutions CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) NOT-FOR-US: WordPress plugin CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...) {DSA-5415-1 DLA-3526-1} - libreoffice 4:7.4.5-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/ CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not properly some ...) NOT-FOR-US: WordPress plugin CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...) {DSA-5414-1 DLA-3473-1} - docker-registry 2.8.2+ds1-1 (bug #1035956) NOTE: Fixed by: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 (v2.8.2-beta.1) NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1 NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw CVE-2023-2252 (The Directorist WordPress plugin before 7.5.4 is vulnerable to Local F ...) NOT-FOR-US: WordPress plugin CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.) - node-yaml 2.1.3-2 (bug #1035580) [bullseye] - node-yaml (Vulnerable code not present) NOTE: https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c NOTE: https://github.com/advisories/GHSA-f9xv-q969-pqx4 NOTE: Introduced by: https://github.com/eemeli/yaml/commit/89119eeec4a305d741b26d1a49ffa1ac67394a8e#diff-55db69e02ff5714d444d8081ec6ecac5d9833fb29fda64d1e829e5766434fdc0R97 (v2.0.0-5) NOTE: Fixed by: https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba (v2.2.2) CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a user have ...) NOT-FOR-US: Open Cluster Management (OCM) CVE-2023-2249 (The wpForo Forum plugin for WordPress is vulnerable to Local File Incl ...) NOT-FOR-US: WordPress plugin CVE-2023-2248 REJECTED CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...) NOT-FOR-US: JetBrains Hub CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...) NOT-FOR-US: JetBrains Ktor CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) NOT-FOR-US: Apache InLong CVE-2023-40481 (7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution ...) - 7zip 23.01+dfsg-1 [bookworm] - 7zip (Minor issue; will be fixed via point release) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ CVE-2023-31102 (Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid ...) - 7zip 23.01+dfsg-1 [bookworm] - 7zip (Minor issue; will be fixed via point release) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...) NOT-FOR-US: Apache InLong CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in Phoenix Secure ...) NOT-FOR-US: Phoenix CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache InLong CVE-2023-31097 RESERVED CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel ...) NOT-FOR-US: Broadcom CVE-2023-31095 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) NOT-FOR-US: WordPress plugin CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...) NOT-FOR-US: WooCommerce plugin CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...) NOT-FOR-US: WordPress plugin CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...) NOT-FOR-US: WordPress plugin CVE-2023-31090 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...) NOT-FOR-US: WordPress plugin CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video ...) NOT-FOR-US: WordPress plugin CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...) NOT-FOR-US: WordPress plugin CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...) NOT-FOR-US: WordPress plugin CVE-2023-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple G ...) NOT-FOR-US: WordPress plugin CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel ...) - linux (unimportant) NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/ NOTE: Negligible security impact CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} - linux 6.3.7-1 NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/ CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...) - linux 6.5.8-1 NOTE: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ CVE-2023-31082 (An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2 ...) - linux NOTE: https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/ CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_brid ...) - linux (unimportant) [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag@mail.gmail.com/ NOTE: CONFIG_DVB_VIDTV (vidtv driver) not enabled in Debian official configuration CVE-2023-31080 RESERVED CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher ...) NOT-FOR-US: WordPress plugin CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Pa ...) NOT-FOR-US: WordPress plugin CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...) NOT-FOR-US: WordPress plugin CVE-2023-31075 (Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Lo ...) NOT-FOR-US: WordPress plugin CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...) NOT-FOR-US: WordPress plugin CVE-2023-31073 RESERVED CVE-2023-31072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen ...) NOT-FOR-US: WordPress plugin CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick ...) NOT-FOR-US: WordPress plugin CVE-2023-31070 RESERVED CVE-2023-31069 (An issue was discovered in TSplus Remote Access through 16.0.2.14. Cre ...) NOT-FOR-US: TSplus CVE-2023-31068 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...) NOT-FOR-US: TSplus CVE-2023-31067 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...) NOT-FOR-US: TSplus CVE-2023-31066 (Files or Directories Accessible to External Parties vulnerability in A ...) NOT-FOR-US: Apache InLong CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache Software Found ...) NOT-FOR-US: Apache InLong CVE-2023-31064 (Files or Directories Accessible to External Parties vulnerability in A ...) NOT-FOR-US: Apache InLong CVE-2023-31063 RESERVED CVE-2023-31062 (Improper Privilege Management Vulnerabilities in Apache Software Found ...) NOT-FOR-US: Apache InLong CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection.) NOT-FOR-US: Repetier Server CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be leverag ...) NOT-FOR-US: Repetier Server CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...) NOT-FOR-US: Repetier Server CVE-2023-31058 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-31057 RESERVED CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in certain si ...) NOT-FOR-US: CloverDX CVE-2023-31055 RESERVED CVE-2023-31054 RESERVED CVE-2023-31053 RESERVED CVE-2023-31052 RESERVED CVE-2023-31051 RESERVED CVE-2023-31050 RESERVED CVE-2023-31049 RESERVED CVE-2023-31048 (The OPC UA .NET Standard Reference Server before 1.4.371.86. places se ...) NOT-FOR-US: OPC UA .NET Standard Reference Server CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...) {DLA-3415-1} - python-django 3:3.2.19-1 (bug #1035467) [bullseye] - python-django 2:2.2.28-1~deb11u2 NOTE: https://www.djangoproject.com/weblog/2023/may/03/security-releases/ NOTE: https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b (main) NOTE: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965 (3.2.19) NOTE: https://www.openwall.com/lists/oss-security/2023/05/03/1 CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and ...) NOT-FOR-US: PaperCut CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and Formats ...) - backdrop (bug #914257) CVE-2023-31044 RESERVED CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...) NOT-FOR-US: EnterpriseDB CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...) NOT-FOR-US: Octopus Deploy CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated user with ...) NOT-FOR-US: FlashBlade Purity CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...) NOT-FOR-US: Insyde CVE-2023-31040 RESERVED CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms allows at ...) NOT-FOR-US: Apache bRPC CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send log mess ...) [experimental] - log4cxx 1.1.0-1~exp1 - log4cxx 1.1.0-1 (unimportant) NOTE: https://lists.apache.org/thread/vgjlpdf353vv91gryspwxrzj6p0fbjd9 NOTE: ODBC appender not enabled in Debian builds CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been declared as ...) NOT-FOR-US: hansunCMS CVE-2023-2244 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-2243 (A vulnerability was found in SourceCodester Complaint Management Syste ...) NOT-FOR-US: SourceCodester Complaint Management System CVE-2023-2242 (A vulnerability has been found in SourceCodester Online Computer and L ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-2241 (A vulnerability, which was classified as critical, was found in PoDoFo ...) - libpodofo (Vulnerable code introduced later) NOTE: https://github.com/podofo/podofo/issues/69 NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 NOTE: Fixed by: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...) NOT-FOR-US: WordPress plugin CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...) NOT-FOR-US: WordPress plugin CVE-2023-31037 (NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ...) NOT-FOR-US: NVIDIA CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...) NOT-FOR-US: NVIDIA Triton Inference Server for Linux and Windows CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may c ...) NOT-FOR-US: NVIDIA CVE-2023-31034 (NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker ...) NOT-FOR-US: NVIDIA CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a ...) NOT-FOR-US: NVIDIA CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...) NOT-FOR-US: NVIDIA CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause ...) NOT-FOR-US: NVIDIA CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...) NOT-FOR-US: NVIDIA CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains a vulne ...) NOT-FOR-US: NVIDIA CVE-2023-31028 (NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerabili ...) NOT-FOR-US: NVIDIA nvJPEG2000 Library (not same as libnvjpeg provided by nvidia-cuda-toolkit) CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability that al ...) NOT-FOR-US: NVIDIA CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...) NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) CVE-2023-31025 (NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cau ...) NOT-FOR-US: NVIDIA CVE-2023-31024 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...) NOT-FOR-US: NVIDIA CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...) NOT-FOR-US: NVIDIA CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 525.147.05-1 (bug #1055136) [bookworm] - nvidia-graphics-drivers 525.147.05-1~deb12u1 [bullseye] - nvidia-graphics-drivers 470.223.02-1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-open-gpu-kernel-modules 525.147.05-1 (bug #1055144) [bookworm] - nvidia-open-gpu-kernel-modules 525.147.05-1~deb12u1 - nvidia-graphics-drivers-tesla 525.147.05-1 (bug #1055143) [bookworm] - nvidia-graphics-drivers-tesla 525.147.05-3~deb12u1 - nvidia-graphics-drivers-tesla-470 470.223.02-1 (bug #1055142) [bookworm] - nvidia-graphics-drivers-tesla-470 470.223.02-1~deb12u1 [bullseye] - nvidia-graphics-drivers-tesla-470 470.223.02-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1055141) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.248.02-4 (bug #1055140) NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1055139) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1055138) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1055137) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491 CVE-2023-31021 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...) NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) CVE-2023-31020 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA CVE-2023-31019 (NVIDIA GPU Display Driver for Windows contains a vulnerability in wksS ...) NOT-FOR-US: NVIDIA CVE-2023-31018 (NVIDIA GPU Driver for Windows and Linux contains a vulnerability in th ...) NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) CVE-2023-31017 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) NOT-FOR-US: NVIDIA CVE-2023-31016 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) NOT-FOR-US: NVIDIA CVE-2023-31015 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31014 (NVIDIA GeForce Now for Android contains a vulnerability in the game la ...) NOT-FOR-US: NVIDIA GeForce Now for Android CVE-2023-31013 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31012 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31011 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31010 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31009 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31008 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-31007 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-31006 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31005 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31004 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31003 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31002 (IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 tempor ...) NOT-FOR-US: IBM CVE-2023-31001 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-31000 RESERVED CVE-2023-30999 (IBM Security Access Manager Container (IBM Security Verify Access Appl ...) NOT-FOR-US: IBM CVE-2023-30998 RESERVED CVE-2023-30997 RESERVED CVE-2023-30996 (IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to ...) NOT-FOR-US: IBM CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) NOT-FOR-US: IBM CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) NOT-FOR-US: IBM CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) NOT-FOR-US: IBM CVE-2023-30992 RESERVED CVE-2023-30991 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...) NOT-FOR-US: IBM CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local pr ...) NOT-FOR-US: IBM CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...) NOT-FOR-US: IBM CVE-2023-30987 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) NOT-FOR-US: Siemens CVE-2023-30984 RESERVED CVE-2023-30983 RESERVED CVE-2023-30982 RESERVED CVE-2023-30981 RESERVED CVE-2023-30980 RESERVED CVE-2023-30979 RESERVED CVE-2023-30978 RESERVED CVE-2023-30977 RESERVED CVE-2023-30976 RESERVED CVE-2023-30975 RESERVED CVE-2023-30974 RESERVED CVE-2023-30973 RESERVED CVE-2023-30972 RESERVED CVE-2023-30971 RESERVED CVE-2023-30970 (Gotham Table service and Forward App were found to be vulnerable to a ...) NOT-FOR-US: Gotham Table service and Forward App CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an API wide ...) NOT-FOR-US: Palantir CVE-2023-30968 (One of Gotham Gaia services was found to be vulnerable to a stored cro ...) NOT-FOR-US: Gotham Gaia services CVE-2023-30967 (Gotham Orbital-Simulator service prior to 0.692.0 was found to be vuln ...) NOT-FOR-US: Gotham Orbital-Simulator service CVE-2023-30966 RESERVED CVE-2023-30965 RESERVED CVE-2023-30964 RESERVED CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...) NOT-FOR-US: Palantir CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...) NOT-FOR-US: Gotham Cerberus CVE-2023-30961 (Palantir Gotham was found to be vulnerable to a bug where under certai ...) NOT-FOR-US: Palantir Gotham CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...) NOT-FOR-US: Palantir CVE-2023-30959 (In Apollo change requests, comments added by users could contain a ja ...) NOT-FOR-US: Apollo CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...) NOT-FOR-US: Palantir CVE-2023-30957 RESERVED CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...) NOT-FOR-US: Palantir CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...) NOT-FOR-US: Palantir CVE-2023-30954 (The Gotham video-application-server service contained a race condition ...) NOT-FOR-US: Gotham video-application-server service CVE-2023-30953 RESERVED CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users ...) NOT-FOR-US: Palantir CVE-2023-30951 (The Foundry Magritte plugin rest-source was found to be vulnerable to ...) NOT-FOR-US: Palantir CVE-2023-30950 (The foundry campaigns service was found to be vulnerable to an unauthe ...) NOT-FOR-US: Palantir CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...) NOT-FOR-US: Palantir CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...) NOT-FOR-US: Palantir CVE-2023-30947 RESERVED CVE-2023-30946 (A security defect was identified in Foundry Issues. If a user was adde ...) NOT-FOR-US: Palantir CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and VCD(Video Clip ...) NOT-FOR-US: Palantir CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...) - moodle CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...) - moodle CVE-2023-30942 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30941 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30940 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30939 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30938 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30937 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30936 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30935 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30934 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30933 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30932 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30931 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30930 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30929 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-30928 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2023-30927 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30926 (In opm service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2023-30925 (In opm service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2023-30924 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30923 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30922 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30921 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30920 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30919 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30918 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30917 (In DMService, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30916 (In DMService, there is a possible missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2023-30913 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...) NOT-FOR-US: microweber CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: microweber CVE-2023-2238 RESERVED CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL Inject ...) NOT-FOR-US: WordPress plugin CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...) - linux 6.0.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7) CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Events ...) - linux 6.1.25-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3) CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute ...) NOT-FOR-US: Zephyr CVE-2023-2233 (An improper authorization issue has been discovered in GitLab CE/EE af ...) - gitlab 16.4.4+ds2-2 CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...) NOT-FOR-US: MAXTECH CVE-2023-2230 REJECTED CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...) NOT-FOR-US: Modoboa CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...) NOT-FOR-US: Rapid7 CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-2222 REJECTED CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: KodExplorer CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...) NOT-FOR-US: Dream Technology mica CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-2218 (A vulnerability has been found in SourceCodester Task Reminder System ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-2217 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-2216 (A vulnerability classified as problematic was found in Campcodes Coffe ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2215 (A vulnerability classified as critical has been found in Campcodes Cof ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2214 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2213 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2212 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2211 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2210 (A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2209 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Coffee Shop POS System CVE-2023-2208 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store CVE-2023-2207 (A vulnerability classified as critical was found in Campcodes Retro Ba ...) NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store CVE-2023-2206 (A vulnerability classified as critical has been found in Campcodes Ret ...) NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...) NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...) NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store CVE-2023-2203 (A flaw was found in the WebKitGTK package. An improper input validatio ...) - webkit2gtk (RHEL-specific backport regression) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188543 CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...) NOT-FOR-US: RosarioSIS CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...) NOT-FOR-US: WordPress plugin CVE-2023-2200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-30912 (A remote code execution issue exists in HPE OneView.) NOT-FOR-US: HPE CVE-2023-30911 (HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest ...) NOT-FOR-US: HPE CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely exploit ...) NOT-FOR-US: HPE CVE-2023-30909 (A remote authentication bypass issue exists in some OneView APIs.) NOT-FOR-US: HPE CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.) NOT-FOR-US: HPE CVE-2023-30907 RESERVED CVE-2023-30906 (The vulnerability could be locally exploited to allow escalation of pr ...) NOT-FOR-US: HPE CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...) NOT-FOR-US: HPE CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...) NOT-FOR-US: HPE CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...) NOT-FOR-US: HPE CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One and A ...) NOT-FOR-US: Trend Micro CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout Browser (All v ...) NOT-FOR-US: Siemens CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) NOT-FOR-US: Siemens CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) NOT-FOR-US: Siemens CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...) NOT-FOR-US: HashiCorp Vault CVE-2023-2196 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-2195 (A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx P ...) NOT-FOR-US: Jenkins plugin CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4) CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...) - mattermost-server (bug #823556) CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...) NOT-FOR-US: Siemens CVE-2023-2192 RESERVED CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...) NOT-FOR-US: azuracast CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2023-30896 RESERVED CVE-2023-30895 RESERVED CVE-2023-30894 RESERVED CVE-2023-30893 RESERVED CVE-2023-30892 RESERVED CVE-2023-30891 RESERVED CVE-2023-30890 RESERVED CVE-2023-30889 RESERVED CVE-2023-30888 RESERVED CVE-2023-30887 RESERVED CVE-2023-30886 RESERVED CVE-2023-30885 RESERVED CVE-2023-30884 RESERVED CVE-2023-30883 RESERVED CVE-2023-30882 RESERVED CVE-2023-30881 RESERVED CVE-2023-30880 RESERVED CVE-2023-30879 RESERVED CVE-2023-30878 RESERVED CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...) NOT-FOR-US: WordPress plugin CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...) NOT-FOR-US: WordPress plugin CVE-2023-30875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All ...) NOT-FOR-US: WordPress plugin CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...) NOT-FOR-US: WordPress plugin CVE-2023-30873 RESERVED CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...) NOT-FOR-US: WordPress plugin CVE-2023-30870 RESERVED CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...) NOT-FOR-US: WordPress plugin CVE-2023-30867 (In the Streampark platform, when users log in to the system and use ce ...) NOT-FOR-US: Apache StreamPark CVE-2023-30866 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2023-30865 (In dialer service, there is a missing permission check. This could lea ...) NOT-FOR-US: Unisoc CVE-2023-30864 (In Connectivity Service, there is a possible missing permission check. ...) NOT-FOR-US: Unisoc CVE-2023-30863 (In Connectivity Service, there is a possible missing permission check. ...) NOT-FOR-US: Unisoc CVE-2023-30862 RESERVED CVE-2023-2187 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...) NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...) NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway CVE-2023-2185 REJECTED CVE-2023-2184 (The WP Responsive Tabs horizontal vertical and accordion Tabs plugin f ...) NOT-FOR-US: WordPress plugin CVE-2023-2183 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 15.10.8+ds1-2 CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...) - linux 5.18.16-1 [bullseye] - linux 5.10.136-1 NOTE: https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/ NOTE: https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19) CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/infiniba ...) - linux 6.3.7-1 [bookworm] - linux 6.1.82-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2022/12/9/178 NOTE: https://www.spinics.net/lists/linux-rdma/msg114749.html NOTE: https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/ NOTE: https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1) CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2023-2175 RESERVED CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized modific ...) NOT-FOR-US: BadgeOS plugin for WordPress CVE-2023-2173 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...) NOT-FOR-US: BadgeOS plugin for WordPress CVE-2023-2172 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...) NOT-FOR-US: BadgeOS plugin for WordPress CVE-2023-2171 (The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: BadgeOS plugin for WordPress CVE-2023-2170 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: TaxoPress plugin for WordPress CVE-2023-2169 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: TaxoPress plugin for WordPress CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: TaxoPress plugin for WordPress CVE-2023-2167 RESERVED CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...) {DSA-5442-1 DLA-3536-1} - flask 2.2.2-3 (bug #1035670) NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5) NOTE: https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d (2.3.2) CVE-2023-30860 (WWBN AVideo is an open source video platform. In AVideo prior to versi ...) NOT-FOR-US: AVideo CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that helps you ...) NOT-FOR-US: Triton Minecraft plugin CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs. Starting in ...) NOT-FOR-US: Denosaurs emoji package CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for JavaScr ...) NOT-FOR-US: support package for Ion CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and pri ...) NOT-FOR-US: eDEX-UI CVE-2023-30855 (Pimcore is an open source data and experience management platform. Ver ...) NOT-FOR-US: Pimcore CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4, an OS ...) NOT-FOR-US: AVideo CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in their Gi ...) NOT-FOR-US: Gradle Build Action CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30851 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30848 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30847 (H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the rev ...) - h2o (Vulnerable code not present before 2.2.6 upstream) NOTE: Fixed by: https://github.com/h2o/h2o/commit/a70af675328dda438ecd9d8a1673c1715fd93cc7 NOTE: Fixed by: https://github.com/h2o/h2o/commit/5f57d505514e937d13787b1f408837cb9197e2b2 NOTE: https://github.com/h2o/h2o/pull/3229 NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...) NOT-FOR-US: typed-rest-client CVE-2023-30845 (ESPv2 is a service proxy that provides API management capabilities usi ...) NOT-FOR-US: ESPv2 CVE-2023-30844 (Mutagen provides real-time file synchronization and flexible network f ...) NOT-FOR-US: mutagen.io (different from src:mutagen) CVE-2023-30843 (Payload is a free and open source headless content management system. ...) NOT-FOR-US: Payload CVE-2023-30842 REJECTED CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...) NOT-FOR-US: Baremetal Operator (BMO) CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset orchestr ...) NOT-FOR-US: Fluid CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...) NOT-FOR-US: PrestaShop CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-30837 (Vyper is a pythonic smart contract language for the EVM. The storage a ...) NOT-FOR-US: Vyper CVE-2023-30836 RESERVED CVE-2023-30835 RESERVED CVE-2023-30834 RESERVED CVE-2023-30833 RESERVED CVE-2023-30832 RESERVED CVE-2023-30831 RESERVED CVE-2023-30830 RESERVED CVE-2023-30829 RESERVED CVE-2023-30828 RESERVED CVE-2023-30827 RESERVED CVE-2023-30826 RESERVED CVE-2023-30825 RESERVED CVE-2023-30824 RESERVED CVE-2023-30823 RESERVED CVE-2023-30822 RESERVED CVE-2023-30821 RESERVED CVE-2023-30820 RESERVED CVE-2023-30819 RESERVED CVE-2023-30818 RESERVED CVE-2023-30817 RESERVED CVE-2023-30816 RESERVED CVE-2023-30815 RESERVED CVE-2023-30814 RESERVED CVE-2023-30813 RESERVED CVE-2023-30812 RESERVED CVE-2023-30811 RESERVED CVE-2023-30810 RESERVED CVE-2023-30809 RESERVED CVE-2023-30808 RESERVED CVE-2023-30807 RESERVED CVE-2023-30806 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) NOT-FOR-US: Sangfor Next-Gen Application Firewall CVE-2023-30805 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) NOT-FOR-US: Sangfor Next-Gen Application Firewall CVE-2023-30804 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) NOT-FOR-US: Sangfor Next-Gen Application Firewall CVE-2023-30803 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) NOT-FOR-US: Sangfor Next-Gen Application Firewall CVE-2023-30802 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) NOT-FOR-US: Sangfor Next-Gen Application Firewall CVE-2023-30801 (All versions of the qBittorrent client through 4.5.5 use default crede ...) - qbittorrent (unimportant) NOTE: https://github.com/qbittorrent/qBittorrent/issues/18731 NOTE: https://github.com/qbittorrent/qBittorrent/pull/18735 NOTE: README.Debian documents that quite clearly for the headless -nox version NOTE: When merged, the patches could still be backported as hardening, but NOTE: there's no need to treat this as a vulnerability by itself CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected by a he ...) NOT-FOR-US: MikroTik CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...) NOT-FOR-US: MikroTik RouterOS CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...) - starlette 0.25.0-1 [bullseye] - starlette (Minor issue) NOTE: https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa (0.25.0) NOTE: https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...) NOT-FOR-US: Netflix Lemur CVE-2023-30796 (A vulnerability has been identified in JT Open (All versions < V11.4), ...) NOT-FOR-US: Siemens CVE-2023-30795 (A vulnerability has been identified in JT Open (All versions < V11.4), ...) NOT-FOR-US: Siemens CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net/can/ ...) - linux 6.1.4-1 [bullseye] - linux 5.10.162-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0acc442309a0a1b01bcdaa135e56e6398a49439c (6.1) CVE-2023-2165 RESERVED CVE-2023-2164 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.0.8+ds1-1 CVE-2023-2163 (Incorrect verifier pruningin BPF in Linux Kernel>=5.4leads to unsafe c ...) - linux 6.1.27-1 [bullseye] - linux 5.10.179-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/71b547f561247897a0a14f3082730156c0533fed (6.3) CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_creat ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6) CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) NOT-FOR-US: Schneider CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...) NOT-FOR-US: modoboa CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...) NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) [bookworm] - imagemagick (Vulnerable code introduced later) [bullseye] - imagemagick (Vulnerable code introduced later) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/issues/5768 NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 (exif feature not present before this commit 6.9.12.72) CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) {DSA-5453-1 DSA-5448-1 DLA-3512-1} - linux 6.3.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/ NOTE: https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death NOTE: https://git.kernel.org/linus/a2f4c143d76b1a47c91ef9bc46907116b111da0b (6.4-rc6) CVE-2023-2155 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-2154 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-2153 (A vulnerability was found in SourceCodester Complaint Management Syste ...) NOT-FOR-US: SourceCodester Complaint Management System CVE-2023-2152 (A vulnerability has been found in SourceCodester Student Study Center ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-2151 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-2150 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-2149 (A vulnerability classified as critical was found in Campcodes Online T ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2148 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2147 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2146 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2145 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) NOT-FOR-US: Campcodes Online Thesis Archiving System CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does ...) NOT-FOR-US: WordPress plugin CVE-2023-2142 RESERVED CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...) NOT-FOR-US: DELMIA Apriso CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso Release ...) NOT-FOR-US: DELMIA Apriso CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso ...) NOT-FOR-US: DELMIA Apriso CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...) NOT-FOR-US: eslint-detailed-reporter CVE-2022-48475 (Buffer Overflow vulnerability in Control de Ciber version 1.650, in th ...) NOT-FOR-US: Control de Ciber CVE-2022-48474 (Control de Ciber, in its 1.650 version, is affected by a Denial of Ser ...) NOT-FOR-US: Control de Ciber CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) NOT-FOR-US: Huawei CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) NOT-FOR-US: Huawei CVE-2022-48470 RESERVED CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...) NOT-FOR-US: Huawei CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...) NOT-FOR-US: I Recommend This Plugin CVE-2023-30794 RESERVED CVE-2023-30793 RESERVED CVE-2023-2138 (Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-mod ...) NOT-FOR-US: nuxtlabs/github-module CVE-2023-2137 (Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.13 ...) {DSA-5393-1} - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2136 (Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allo ...) {DSA-5393-1} - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2135 (Use after free in DevTools in Google Chrome prior to 112.0.5615.137 al ...) {DSA-5393-1} - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2134 (Out of bounds memory access in Service Worker API in Google Chrome pri ...) {DSA-5393-1} - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrome pri ...) {DSA-5393-1} - chromium 112.0.5615.138-1 [buster] - chromium (see DSA 5046) CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...) NOT-FOR-US: INEA ME RTU firmware CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Purchase Order Management System CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: ...) NOT-FOR-US: Facebook lexical text editor CVE-2023-30791 (Plane version 0.7.1-dev allows an attacker to change the avatar of his ...) NOT-FOR-US: Plane CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-30786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benj ...) NOT-FOR-US: WordPress plugin CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-30783 RESERVED CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...) NOT-FOR-US: WordPress plugin CVE-2023-30781 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Bl ...) NOT-FOR-US: WordPress plugin CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan ...) NOT-FOR-US: WordPress plugin CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...) NOT-FOR-US: WordPress plugin CVE-2023-30776 (An authenticated user with specific data permissions could access data ...) NOT-FOR-US: Apache Superset CVE-2023-2129 RESERVED CVE-2023-2128 RESERVED CVE-2023-2127 RESERVED CVE-2023-2126 RESERVED CVE-2023-2125 RESERVED CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...) {DSA-5480-1 DSA-5448-1 DLA-3623-1} - linux 6.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2 NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1) CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...) NOT-FOR-US: HashiCorp Vault CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: Thumbnail carousel slider plugin for WordPress CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress CVE-2023-2118 (Insufficient access controlin support ticket feature in Devolutions Se ...) NOT-FOR-US: Devolutions CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-2116 RESERVED CVE-2023-2115 RESERVED CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...) NOT-FOR-US: WordPress plugin CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...) NOT-FOR-US: M-Files CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2023-2110 (Improper path handling in Obsidian desktop before 1.2.8 on Windows, Li ...) NOT-FOR-US: Obsidian CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...) - tiff 4.5.0-2 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/464 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 (v4.5.0rc1) NOTE: Crash in CLI tool, no security impact CVE-2023-30774 (A vulnerability was found in the libtiff library. This flaw causes a h ...) - tiff 4.4.0-5 [bullseye] - tiff 4.2.0-1+deb11u3 [buster] - tiff 4.1.0+git191117-2~deb10u5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/463 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) NOTE: Same fix as for CVE-2022-3599, CVE-2022-4645 and CVE-2023-30086. NOTE: The fix causes CVE-2023-2908. CVE-2023-2109 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) NOT-FOR-US: chatwoot CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging Management Sy ...) NOT-FOR-US: SourceCodester Judging Management System CVE-2023-30773 RESERVED CVE-2023-30771 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache IoTDB CVE-2015-10103 (A vulnerability, which was classified as problematic, was found in Int ...) NOT-FOR-US: InternalError503 Forget It CVE-2015-10102 (A vulnerability, which was classified as critical, has been found in F ...) NOT-FOR-US: WordPress plugin CVE-2015-10101 (A vulnerability classified as problematic was found in Google Analytic ...) NOT-FOR-US: WordPress plugin CVE-2023-2107 (A vulnerability, which was classified as critical, was found in IBOS 4 ...) NOT-FOR-US: IBOS CVE-2023-2106 (Weak Password Requirements in GitHub repository janeczku/calibre-web p ...) - calibre-web (bug #982690) CVE-2023-2105 (Session Fixation in GitHub repository alextselegidis/easyappointments ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2023-2104 (Improper Access Control in GitHub repository alextselegidis/easyappoin ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2023-2103 (Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidi ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2023-2102 (Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidi ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2023-2101 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: moxi624 Mogu Blog CVE-2023-2100 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2099 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2098 (A vulnerability was found in SourceCodester Vehicle Service Management ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2097 (A vulnerability was found in SourceCodester Vehicle Service Management ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2096 (A vulnerability was found in SourceCodester Vehicle Service Management ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2095 (A vulnerability was found in SourceCodester Vehicle Service Management ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2094 (A vulnerability has been found in SourceCodester Vehicle Service Manag ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2093 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2092 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Vehicle Service Management System CVE-2023-2091 (A vulnerability classified as critical was found in KylinSoft youker-a ...) NOT-FOR-US: KylinSoft youker-assistant CVE-2023-2090 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System CVE-2023-29240 (An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ ...) NOT-FOR-US: F5 BIG-IP CVE-2023-29163 (When UDP profile with idle timeout set to immediate or the value 0 is ...) NOT-FOR-US: F5 BIG-IP CVE-2023-28742 (When DNS is provisioned, an authenticated remote command execution vul ...) NOT-FOR-US: F5 BIG-IP CVE-2023-28724 (NGINX Management Suite default file permissions are set such that an a ...) NOT-FOR-US: F5 BIG-IP CVE-2023-28656 (NGINX Management Suite may allow an authenticated attacker to gain acc ...) NOT-FOR-US: F5 BIG-IP CVE-2023-28406 (A directory traversal vulnerability exists in an undisclosed page of t ...) NOT-FOR-US: F5 BIG-IP CVE-2023-27378 (Multiple reflected cross-site scripting (XSS) vulnerabilities exist in ...) NOT-FOR-US: F5 BIG-IP CVE-2023-24594 (When an SSL profile is configured on a Virtual Server, undisclosed tra ...) NOT-FOR-US: F5 BIG-IP CVE-2023-24461 (An improper certificate validationvulnerability exists in the BIG-IP E ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22372 (In the pre connection stage, an improper enforcement of message integr ...) NOT-FOR-US: F5 BIG-IP CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint Management Syste ...) NOT-FOR-US: SourceCodester Complaint Management System CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cinder a ...) - cinder 2:21.1.0-3 (bug #1035961) [bullseye] - cinder (Minor issue) [buster] - cinder (Minor issue) - python-glance-store 4.1.0-4 (bug #1035962; bug #1035978) [bullseye] - python-glance-store (Minor issue) [buster] - python-glance-store (Minor issue) - nova 2:26.1.0-4 (bug #1035963; bug #1035981) [bullseye] - nova (Minor issue) [buster] - nova (Minor issue) - python-os-brick 4.1.0-3 (bug #1035932) [bullseye] - python-os-brick (Minor issue) [buster] - python-os-brick (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/05/10/5 NOTE: https://bugs.launchpad.net/nova/+bug/2004555 CVE-2023-2087 (The Essential Blocks plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2023-2086 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-2085 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-2081 RESERVED CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Forcepoint CVE-2023-2079 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress CVE-2023-2078 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...) - libressl (bug #754513) CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...) {DLA-3403-1} - linux 6.1.25-1 (unimportant) [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/06615d11cc78162dfd5116efb71f29eb29502d37 (6.3-rc4) NOTE: CONFIG_CHARGER_DA9150 not enabled in Debian. CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASUSTOR D ...) NOT-FOR-US: ASUSTOR Data Master (ADM) CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) communic ...) - dogecoin (bug #1034806) NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...) NOT-FOR-US: Siemens CVE-2023-30756 RESERVED CVE-2023-30755 RESERVED CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly ...) NOT-FOR-US: WordPress plugin CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...) NOT-FOR-US: WordPress plugin CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silv ...) NOT-FOR-US: WordPress plugin CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...) NOT-FOR-US: WordPress plugin CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...) NOT-FOR-US: WordPress plugin CVE-2023-30748 RESERVED CVE-2023-30747 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...) NOT-FOR-US: WordPress plugin CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...) NOT-FOR-US: WordPress plugin CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...) NOT-FOR-US: SAP CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...) NOT-FOR-US: SAP CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4F ...) NOT-FOR-US: SAP CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Business Int ...) NOT-FOR-US: SAP CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) NOT-FOR-US: SAP CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril prior to S ...) NOT-FOR-US: Samsung CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...) NOT-FOR-US: Samsung CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...) NOT-FOR-US: Samsung CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant prior t ...) NOT-FOR-US: Samsung CVE-2023-30735 (Improper Preservation of Permissions vulnerability in SAssistant prior ...) NOT-FOR-US: Samsung CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior to versi ...) NOT-FOR-US: Samsung CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SM ...) NOT-FOR-US: Samsung CVE-2023-30732 (Improper access control in system property prior to SMR Oct-2023 Relea ...) NOT-FOR-US: Samsung CVE-2023-30731 (Logic error in package installation via debugger command prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...) NOT-FOR-US: Samsung CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...) NOT-FOR-US: Samsung CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...) NOT-FOR-US: Samsung CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to SMR Oct- ...) NOT-FOR-US: Samsung CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...) NOT-FOR-US: Samsung CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...) NOT-FOR-US: Samsung CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...) NOT-FOR-US: Samsung CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...) NOT-FOR-US: Samsung CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...) NOT-FOR-US: Samsung CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...) NOT-FOR-US: Samsung CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...) NOT-FOR-US: Samsung CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...) NOT-FOR-US: Samsung CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...) NOT-FOR-US: Samsung CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...) NOT-FOR-US: Samsung CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...) NOT-FOR-US: Samsung CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...) NOT-FOR-US: Samsung CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...) NOT-FOR-US: Samsung CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...) NOT-FOR-US: Samsung CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...) NOT-FOR-US: Samsung CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...) NOT-FOR-US: Samsung CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...) NOT-FOR-US: Samsung CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...) NOT-FOR-US: Samsung CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...) NOT-FOR-US: Samsung CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) NOT-FOR-US: Samsung CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...) NOT-FOR-US: Samsung CVE-2023-30703 (Improper URL validation vulnerability in Samsung Members prior to vers ...) NOT-FOR-US: Samsung CVE-2023-30702 (Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG EL ...) NOT-FOR-US: Samsung CVE-2023-30701 (PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 R ...) NOT-FOR-US: Samsung CVE-2023-30700 (PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in frame ...) NOT-FOR-US: Samsung CVE-2023-30699 (Out-of-bounds write vulnerability in parser_hvcC function of libsimba ...) NOT-FOR-US: Samsung CVE-2023-30698 (Improper access control vulnerability in TelephonyUI prior to SMR Aug- ...) NOT-FOR-US: Samsung CVE-2023-30697 (An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ri ...) NOT-FOR-US: Samsung CVE-2023-30696 (An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior ...) NOT-FOR-US: Samsung CVE-2023-30695 (Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSU ...) NOT-FOR-US: Samsung CVE-2023-30694 (Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SM ...) NOT-FOR-US: Samsung CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec- ...) NOT-FOR-US: Samsung CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to SMR Oct- ...) NOT-FOR-US: Samsung CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release ...) NOT-FOR-US: Samsung CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR Oct-2023 R ...) NOT-FOR-US: Samsung CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-r ...) NOT-FOR-US: Samsung CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR A ...) NOT-FOR-US: Samsung CVE-2023-30687 (Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 ...) NOT-FOR-US: Samsung CVE-2023-30686 (Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 ...) NOT-FOR-US: Samsung CVE-2023-30685 (Improper access control vulnerability in Telecom prior to SMR Aug-2023 ...) NOT-FOR-US: Samsung CVE-2023-30684 (Improper access control in Samsung Telecom prior to SMR Aug-2023 Relea ...) NOT-FOR-US: Samsung CVE-2023-30683 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...) NOT-FOR-US: Samsung CVE-2023-30682 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...) NOT-FOR-US: Samsung CVE-2023-30681 (An improper input validation vulnerability within initialize function ...) NOT-FOR-US: Samsung CVE-2023-30680 (Improper privilege management vulnerability in MMIGroup prior to SMR A ...) NOT-FOR-US: Samsung CVE-2023-30679 (Improper access control in HDCP trustlet prior to SMR Aug-2023 Release ...) NOT-FOR-US: Samsung CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar application pri ...) NOT-FOR-US: Samsung CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2023-30675 (Improper authentication in Samsung Pass prior to version 4.2.03.1 allo ...) NOT-FOR-US: Samsung CVE-2023-30674 (Improper configuration in Samsung Internet prior to version 21.0.0.41 ...) NOT-FOR-US: Samsung CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart Switch P ...) NOT-FOR-US: Samsung CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart Switch fo ...) NOT-FOR-US: Samsung CVE-2023-30671 (Logic error in package installation via adb command prior to SMR Jul-2 ...) NOT-FOR-US: Samsung CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril pr ...) NOT-FOR-US: Samsung CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril ...) NOT-FOR-US: Samsung CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril pri ...) NOT-FOR-US: Samsung CVE-2023-30667 (Improper access control in Audio system service prior to SMR Jul-2023 ...) NOT-FOR-US: Samsung CVE-2023-30666 (Improper input validation vulnerability in DoOemImeiSetPreconfig in li ...) NOT-FOR-US: Samsung CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in libsec- ...) NOT-FOR-US: Samsung CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN prior to S ...) NOT-FOR-US: Samsung CVE-2023-30663 (Improper input validation vulnerability in OemPersonalizationSetLock i ...) NOT-FOR-US: Samsung CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds in UwbAo ...) NOT-FOR-US: Samsung CVE-2023-30661 (Exposure of Sensitive Information vulnerability in getChipInfos in Uwb ...) NOT-FOR-US: Samsung CVE-2023-30660 (Exposure of Sensitive Information vulnerability in getDefaultChipId in ...) NOT-FOR-US: Samsung CVE-2023-30659 (Improper input validation vulnerability in Transaction prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2023-30657 (Improper input validation vulnerability in EnhancedAttestationResult p ...) NOT-FOR-US: Samsung CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2023-30654 (Improper access control vulnerability in SLocationService prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput HAL servic ...) NOT-FOR-US: Samsung CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL se ...) NOT-FOR-US: Samsung CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput HAL servic ...) NOT-FOR-US: Samsung CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL service ...) NOT-FOR-US: Samsung CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior ...) NOT-FOR-US: Samsung CVE-2023-30648 (Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of ...) NOT-FOR-US: Samsung CVE-2023-30647 (Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RIL ...) NOT-FOR-US: Samsung CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of RILD pr ...) NOT-FOR-US: Samsung CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD pr ...) NOT-FOR-US: Samsung CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of RILD prior ...) NOT-FOR-US: Samsung CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service prior to ...) NOT-FOR-US: Samsung CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes Service p ...) NOT-FOR-US: Samsung CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR Jul-202 ...) NOT-FOR-US: Samsung CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService prior t ...) NOT-FOR-US: Samsung CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored ...) NOT-FOR-US: Archer CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...) NOT-FOR-US: Unify CVE-2023-30637 (Baidu braft 1.1.2 has a memory leak related to use of the new operator ...) NOT-FOR-US: Baidu braft CVE-2023-30636 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...) NOT-FOR-US: TiKV CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...) NOT-FOR-US: TiKV CVE-2023-30634 RESERVED CVE-2023-30633 (An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with k ...) NOT-FOR-US: Insyde CVE-2023-30632 RESERVED CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...) {DSA-5435-1 DLA-3475-1} - trafficserver 9.2.1+ds-1 (bug #1038248) NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs NOTE: https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master) NOTE: https://github.com/apache/trafficserver/commit/ee46128fc7099956145be2147e4ddad7fbc7299b (9.2.1-rc0) NOTE: https://github.com/apache/trafficserver/commit/35dd3efde78a73aefa257e12b8fe78d6cd646ba0 (8.1.7) CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...) - dmidecode 3.5-1 (bug #1034483) [bookworm] - dmidecode (Minor issue) [bullseye] - dmidecode (Minor issue) [buster] - dmidecode (Minor issue) NOTE: https://github.com/adamreiser/dmiwrite NOTE: https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206 NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 CVE-2023-30629 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2023-30628 (Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v ...) NOT-FOR-US: Kiwi TCMS CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software media sys ...) NOT-FOR-US: jellyfin-web CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...) - jellyfin (bug #994189) CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...) NOT-FOR-US: rudder-server CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...) NOT-FOR-US: wasmtime CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...) NOT-FOR-US: embano1/wip GitHub Action CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...) NOT-FOR-US: Clusternet CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...) NOT-FOR-US: Gipsy CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...) NOT-FOR-US: mindsdb CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...) NOT-FOR-US: Kitchen-Terraform CVE-2023-30617 (Kruise provides automated management of large-scale applications on Ku ...) NOT-FOR-US: Kruise CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) NOT-FOR-US: WordPress plugin CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...) NOT-FOR-US: Iris CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...) NOT-FOR-US: Pay (payments engine for Ruby on Rails) CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...) NOT-FOR-US: Kiwi TCMS CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...) NOT-FOR-US: Cloud hypervisor CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...) NOT-FOR-US: Discourse-reactions plugin CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...) NOT-FOR-US: aws-sigv4 CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP ...) NOT-FOR-US: Node matrix-react-sdk NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...) {DLA-3425-1} - sqlparse 0.4.4-1 (bug #1034615) [bookworm] - sqlparse (Minor issue) [bullseye] - sqlparse (Minor issue) NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a (0.1.15) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb (0.4.4) CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian Jira. Start ...) NOT-FOR-US: icingaweb2-module-jira CVE-2023-30606 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30604 (It is identified a vulnerability of insufficient authentication in the ...) NOT-FOR-US: Hitron Technologies CVE-2023-30603 (Hitron Technologies CODA-5310 Telnet function with the default account ...) NOT-FOR-US: Hitron Technologies CVE-2023-30602 (Hitron Technologies CODA-5310\u2019s Telnet function transfers sensiti ...) NOT-FOR-US: Hitron Technologies CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...) - cassandra (bug #585905) CVE-2023-30600 RESERVED CVE-2023-30599 RESERVED CVE-2023-30598 RESERVED CVE-2023-30597 RESERVED CVE-2023-30596 RESERVED CVE-2023-30595 RESERVED CVE-2023-30594 RESERVED CVE-2023-30593 RESERVED CVE-2023-30592 RESERVED CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...) NOT-FOR-US: NodeBB CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffieHellm ...) {DSA-5589-1 DLA-3776-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) [bullseye] - nodejs (Minor issue, only updates documentation to clarify an API) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590 NOTE: Fixed by: https://github.com/nodejs/node/commit/1a5c9284ebce5cd71cf7a3c29759a748c373ac85 (v16.x) CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not strictly ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) [bullseye] - nodejs (Minor issue, too intrusive to backport) [buster] - nodejs (llhttp dependency/embedding introduced in 12.x) - llhttp (bug #977716) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#http-request-smuggling-via-empty-headers-separated-by-cr-medium-cve-2023-30589 NOTE: https://hackerone.com/reports/2001873 NOTE: https://github.com/advisories/GHSA-cggh-pq45-6h9x NOTE: Fixed by: https://github.com/nodejs/node/commit/e42ff4b0180f4e0f5712364dd6ea015559640152 (v16.x) CVE-2023-30588 (When an invalid public key is used to create an x509 certificate using ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) [bullseye] - nodejs (Vulnerable code not present) [buster] - nodejs (X509Certificate API introduced later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#process-interuption-due-to-invalid-public-key-information-in-x509-certificates-medium-cve-2023-30588 NOTE: https://hackerone.com/reports/1884159 NOTE: Fixed by: https://github.com/nodejs/node/commit/5a92ea7a3b6210f04c902e177f9dc673ae866393 (v16.x) CVE-2023-30587 RESERVED - nodejs (Vulnerable code introduced in 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#inspector-protocol-bypass-the-experimental-permission-model-high-cve-2023-30587 CVE-2023-30586 (A privilege escalation vulnerability exists in Node.js 20 that allowed ...) - nodejs (Vulnerable code introduced in 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#openssl-engines-can-be-used-to-bypass-the-permission-model-medium-cve-2023-30586 CVE-2023-30585 (A vulnerability has been identified in the Node.js (.msi version) inst ...) - nodejs (Only affects installation process on Windows) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#privilege-escalation-via-malicious-registry-key-manipulation-during-nodejs-installer-repair-process-medium-cve-2023-30585 CVE-2023-30584 RESERVED - nodejs (Vulnerable code introduced in 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#path-traversal-bypass-in-experimental-permission-model-high-cve-2023-30584 CVE-2023-30583 RESERVED - nodejs (Vulnerable code introduced in 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fsopenasblob-bypass-in-experimental-permission-model-medium-cve-2023-30583 CVE-2023-30582 RESERVED - nodejs (Vulnerable code introduced in 20.x) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fswatchfile-bypass-in-experimental-permission-model-medium-cve-2023-30582 CVE-2023-30581 (The use of __proto__ in process.mainModule.__proto__.require() can byp ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) [bullseye] - nodejs (Only affects experimental policy manifests) [buster] - nodejs (v10.x doesn't support policy manifests) NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#mainmoduleproto-bypass-experimental-policy-mechanism-high-cve-2023-30581 NOTE: https://hackerone.com/reports/1877919 NOTE: Fixed by: https://github.com/nodejs/node/commit/a6f4e87bc913ff18c1859b8a350c24f744355e66 (v16.x) CVE-2023-30580 RESERVED CVE-2023-30579 RESERVED CVE-2023-30578 RESERVED CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...) {DLA-3681-1} - amanda 1:3.5.1-11.1 (bug #1055253) [bookworm] - amanda 1:3.5.1-11+deb12u1 [bullseye] - amanda (Minor issue) NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 NOTE: https://github.com/zmanda/amanda/pull/228 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...) - guacamole-client CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths ...) - guacamole-client CVE-2023-30574 RESERVED CVE-2023-30573 RESERVED CVE-2023-30572 RESERVED CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-writable ...) - libarchive (bug #1037093) [bookworm] - libarchive (Minor issue) [bullseye] - libarchive (Minor issue) [buster] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1876 CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM) Dynami ...) NOT-FOR-US: Intel CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...) NOT-FOR-US: Intel CVE-2023-29162 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...) NOT-FOR-US: Intel CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...) NOT-FOR-US: Intel CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware before v ...) NOT-FOR-US: Intel CVE-2023-28407 (Uncontrolled search path in some Intel(R) XTU software before version ...) NOT-FOR-US: Intel CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...) NOT-FOR-US: Intel CVE-2023-27885 RESERVED CVE-2023-27880 RESERVED CVE-2023-27513 (Uncontrolled search path element in some Intel(R) Server Information R ...) NOT-FOR-US: Intel CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...) NOT-FOR-US: SoftEther VPN CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Campcodes Online Traffic Offense Management System CVE-2023-2076 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Traffic Offense Management System CVE-2023-2075 (A vulnerability classified as critical has been found in Campcodes Onl ...) NOT-FOR-US: Campcodes Online Traffic Offense Management System CVE-2023-2074 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...) NOT-FOR-US: Campcodes Online Traffic Offense Management System CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...) NOT-FOR-US: Campcodes Online Traffic Offense Management System CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored cross-site s ...) NOT-FOR-US: Rockwell CVE-2023-2071 (Rockwell Automation FactoryTalk View Machine Edition on the PanelView ...) NOT-FOR-US: Rockwell Automation CVE-2023-2070 RESERVED CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through 2.3.2 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) NOT-FOR-US: WordPress plugin CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...) NOT-FOR-US: Armoli Technology Cargo Tracking System CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Minova Technology eTrace CVE-2023-2063 (Unrestricted Upload of File with Dangerous Type vulnerability in FTP f ...) NOT-FOR-US: Mitsubishi CVE-2023-2062 (Missing Password Field Masking vulnerability in Mitsubishi Electric Co ...) NOT-FOR-US: Mitsubishi CVE-2023-2061 (Use of Hard-coded Password vulnerability in FTP function on Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2023-2060 (Weak Password Requirements vulnerability in FTP function on Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated as prob ...) NOT-FOR-US: DedeCMS CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been declared ...) NOT-FOR-US: EyouCms CVE-2023-2057 (A vulnerability was found in EyouCms 1.5.4. It has been classified as ...) NOT-FOR-US: EyouCms CVE-2023-2056 (A vulnerability was found in DedeCMS up to 5.7.87 and classified as cr ...) NOT-FOR-US: DedeCMS CVE-2023-2055 (A vulnerability has been found in Campcodes Advanced Online Voting Sys ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2054 (A vulnerability, which was classified as critical, was found in Campco ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2053 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2052 (A vulnerability classified as critical was found in Campcodes Advanced ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2051 (A vulnerability classified as critical has been found in Campcodes Adv ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2050 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2049 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2048 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) NOT-FOR-US: Campcodes Advanced Online Voting System CVE-2023-2046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Yontem Informatics Vehicle Tracking System CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ipekyolu Software Auto Damage Tracking Software CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...) NOT-FOR-US: Control iD iDSecure CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...) NOT-FOR-US: Control iD iDSecure CVE-2023-2042 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: DataGear CVE-2023-2041 (A vulnerability classified as critical was found in novel-plus 3.6.2. ...) NOT-FOR-US: novel-plus CVE-2023-2040 (A vulnerability classified as critical has been found in novel-plus 3. ...) NOT-FOR-US: novel-plus CVE-2023-2039 (A vulnerability was found in novel-plus 3.6.2. It has been rated as cr ...) NOT-FOR-US: novel-plus CVE-2023-2038 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...) NOT-FOR-US: Campcodes Video Sharing Website CVE-2023-2037 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...) NOT-FOR-US: Campcodes Video Sharing Website CVE-2023-2036 (A vulnerability was found in Campcodes Video Sharing Website 1.0 and c ...) NOT-FOR-US: Campcodes Video Sharing Website CVE-2023-2035 (A vulnerability has been found in Campcodes Video Sharing Website 1.0 ...) NOT-FOR-US: Campcodes Video Sharing Website CVE-2023-2034 (Unrestricted Upload of File with Dangerous Type in GitHub repository f ...) - froxlor (bug #581792) CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed ...) {DSA-5390-1} - chromium 112.0.5615.121-1 [buster] - chromium (see DSA 5046) CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2023-2030 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.6.5-3 CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2023-2028 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable to aut ...) NOT-FOR-US: ZM Ajax Login & Register plugin for WordPress CVE-2023-2026 (The Image Protector WordPress plugin through 1.1 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 ...) NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...) NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...) NOT-FOR-US: WordPress plugin CVE-2023-2022 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.0.8+ds1-1 CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-2020 (Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2 ...) - check-mk CVE-2023-2019 (A flaw was found in the Linux kernel's netdevsim device driver, within ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/ NOTE: https://git.kernel.org/linus/180a6a3ee60a7cb69ed1232388460644f6a21f00 CVE-2023-2018 RESERVED CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6. ...) NOT-FOR-US: Shopware CVE-2023-2016 RESERVED CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...) NOT-FOR-US: microweber CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-2012 RESERVED CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...) - protobuf-c 1.4.1-1 [bullseye] - protobuf-c (Minor issue) [buster] - protobuf-c (Minor issue) - libsignal-protocol-c 2.3.3-3 [bullseye] - libsignal-protocol-c (Minor issue) [buster] - libsignal-protocol-c (Minor issue) NOTE: https://github.com/protobuf-c/protobuf-c/commit/289f5c18b195aa43d46a619d1188709abbfa9c82 (v1.4.1) NOTE: https://github.com/protobuf-c/protobuf-c/commit/0d1fd124a4e0a07b524989f6e64410ff648fba61 (v1.4.1) NOTE: https://github.com/protobuf-c/protobuf-c/pull/513 NOTE: https://github.com/protobuf-c/protobuf-c/issues/499 CVE-2022-48467 RESERVED CVE-2022-48466 RESERVED CVE-2022-48465 RESERVED CVE-2022-48464 (In wifi service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48463 (In wifi service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48462 (In wifi service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48461 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-48460 (In setting service, there is a possible undefined behavior due to inco ...) NOT-FOR-US: Unisoc CVE-2022-48459 (In TeleService, there is a possible system crash due to improper input ...) NOT-FOR-US: Unisoc CVE-2022-48458 (In TeleService, there is a possible system crash due to improper input ...) NOT-FOR-US: Unisoc CVE-2022-48457 (In TeleService, there is a possible system crash due to improper input ...) NOT-FOR-US: Unisoc CVE-2022-48456 (In camera driver, there is a possible out of bounds write due to a inc ...) NOT-FOR-US: Unisoc CVE-2022-48455 (In wifi service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48454 (In wifi service, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48453 (In camera driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-48452 (In Ifaa service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...) NOT-FOR-US: Unisoc CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...) NOT-FOR-US: Unisoc CVE-2022-48449 RESERVED CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48447 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48446 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48445 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48444 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48443 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48442 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48441 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48440 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48439 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2022-48438 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service (responder S ...) - libreswan 4.11-1 (bug #1035542) [bookworm] - libreswan 4.10-2+deb12u1 [bullseye] - libreswan 4.3-1+deb11u4 [buster] - libreswan (The vulnerable code was introduced in version 3.28) NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt NOTE: https://github.com/libreswan/libreswan/issues/1039 NOTE: Fix return value for aggr_inI1_outR1: https://github.com/libreswan/libreswan/commit/0250b5349145f6ac6b9c58e196489f7d048de305 (v4.11) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/a31bf33593e6a15bf1ad1b79ff6bb177a4d39f2c (v4.11) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/f32feb1dd71e4a69636d9d7efbd1ff441acde9d6 (v4.11) NOTE: For later followup: https://github.com/libreswan/libreswan/commit/ceaabbd3f7f89712d85ec128c42d75d725879ad2 (v4.11) NOTE: Later followup: https://github.com/libreswan/libreswan/commit/b77dc3483996a28703c4ff21225f4f541543f0f1 (v4.11) CVE-2023-30569 RESERVED CVE-2023-30568 RESERVED CVE-2023-30567 RESERVED CVE-2023-30566 RESERVED CVE-2023-30565 (An insecure connection between Systems Manager and CQI Reporter applic ...) NOT-FOR-US: CQI ReporterUnisoc CVE-2023-30564 (Alaris Systems Manager does not perform input validation during the De ...) NOT-FOR-US: Alaris Systems Manager CVE-2023-30563 (A malicious file could be uploaded into a System Manager User Import F ...) NOT-FOR-US: Alaris Systems Manager CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with and dis ...) NOT-FOR-US: Balarisa Systems Manager CVE-2023-30561 (The data flowing between the PCU and its modules is insecure. A threat ...) NOT-FOR-US: Alarisa CVE-2023-30560 (The configuration from the PCU can be modified without authentication ...) NOT-FOR-US: Alarisa CVE-2023-30559 (The firmware update package for the wireless card is not properly sign ...) NOT-FOR-US: Alarisa CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30556 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30555 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30554 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30553 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery project cont ...) NOT-FOR-US: Archery CVE-2023-30551 (Rekor is an open source software supply chain transparency log. Rekor ...) - rekor (bug #990249) CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...) NOT-FOR-US: MeterSphere CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...) - singularity-container 3.11.4+ds1-1 (bug #1035026; unimportant) NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg NOTE: Sylabs and Apptainer projects are in disagreement to track this issue and NOTE: their handling with respect to unpatches filesystem vulnerabilities. Sylanbs NOTE: added a configuration option to disable all mounts of extfs file systems NOTE: as well in 3.11.2 singularity-container version, as similar done by the NOTE: Apptainer project. NOTE: https://github.com/sylabs/singularity/blob/main/CHANGELOG.md#3112-2023-04-27 NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/ CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...) NOT-FOR-US: gatsby-plugin-sharp CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) NOT-FOR-US: Node vm2 CVE-2023-30546 (Contiki-NG is an operating system for Internet of Things devices. An o ...) NOT-FOR-US: Contiki-NG CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) NOT-FOR-US: PrestaShop CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...) NOT-FOR-US: Kiwi TCMS CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...) NOT-FOR-US: @web3-react CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2023-30541 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2023-30540 (Nextcloud Talk is a chat, video & audio call extension for Nextcloud. ...) NOT-FOR-US: Nextcloud Talk CVE-2023-30539 (Nextcloud is a personal home server system. Depending on the set up ta ...) - nextcloud-server (bug #941708) CVE-2023-30538 (Discourse is an open source platform for community discussion. Due to ...) NOT-FOR-US: Discourse CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions p ...) - php-slim-psr7 1.6.1-1 (bug #1034580) NOTE: https://github.com/slimphp/Slim-Psr7/security/advisories/GHSA-q2qj-628g-vhfw NOTE: https://github.com/slimphp/Slim-Psr7/commit/4fea29e910391b1883de5bf6e84b50f6900355fb (1.6.1) CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...) NOT-FOR-US: Snowflake JDBC CVE-2023-30534 (Cacti is an open source operational monitoring and fault management fr ...) - cacti 1.2.25+ds1-1 [bookworm] - cacti (Minor issue; invasive to fix and introduces regressions) [bullseye] - cacti (Minor issue; invasive to fix and introduces regressions) [buster] - cacti (Minor issue; invasive to fix and introduces regressions) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p NOTE: https://github.com/Cacti/cacti/commit/8c6cd77001697f4b82cc55055b945c2f3974976c (release/1.2.24) NOTE: https://github.com/Cacti/cacti/commit/cf1033670af4264a6ba7d687b47fed92e376f18f (release/1.2.25) NOTE: https://github.com/Cacti/cacti/commit/6d22e0623dfbc5d687d8f61e683173d0d625f3a7 (release/1.2.25) NOTE: https://github.com/Cacti/cacti/commit/7b1ae5bcab3caca020da0080e19ac51c2743adfe (release/1.2.25) NOTE: https://github.com/Cacti/cacti/commit/35d76a87d10ffeec483c768663013746624cecbf (release/1.2.25) NOTE: Be careful. Introduces CVE-2023-51448. CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...) NOT-FOR-US: SheetJS CVE-2023-2011 RESERVED CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...) NOT-FOR-US: WordPress plugin CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) - linux 5.18.14-1 [bullseye] - linux 5.10.127-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/ NOTE: https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4) CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver. The iss ...) {DSA-5480-1 DLA-3623-1 DLA-3508-1} - linux 6.0.2-1 NOTE: https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1) CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network protoco ...) - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-439/ NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7) CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security ...) NOT-FOR-US: Tenable CVE-2023-2004 REJECTED CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...) NOT-FOR-US: Vision120 CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...) {DSA-5480-1 DLA-3623-1 DLA-3508-1} - linux 6.1.27-1 NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3 NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18 NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/ NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/ CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...) NOT-FOR-US: Mattermost Desktop App CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker can ...) {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3439-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 - libwebp 1.2.4-0.2 (bug #1035371) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 (not public) NOTE: https://hg.mozilla.org/releases/mozilla-esr102/rev/53b805c752ff23080e100eda2b3b4280d4370b2e NOTE: https://chromium.googlesource.com/webm/libwebp/+/4654e1e7381044717d5d3e0dd7e735633a3ff300 (1.3.0) NOTE: Fixed by: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129 (v1.3.1-rc1) NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1) NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2) CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate ...) NOT-FOR-US: SIMULIA CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...) NOT-FOR-US: 3ds CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2023-30531 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the ...) NOT-FOR-US: Jenkins plugin CVE-2023-30530 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCo ...) NOT-FOR-US: Jenkins plugin CVE-2023-30529 (Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2023-30528 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth ...) NOT-FOR-US: Jenkins plugin CVE-2023-30527 (Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client ...) NOT-FOR-US: Jenkins plugin CVE-2023-30526 (A missing permission check in Jenkins Report Portal Plugin 0.5 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2023-30525 (A cross-site request forgery (CSRF) vulnerability in Jenkins Report Po ...) NOT-FOR-US: Jenkins plugin CVE-2023-30524 (Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPorta ...) NOT-FOR-US: Jenkins plugin CVE-2023-30523 (Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal acces ...) NOT-FOR-US: Jenkins plugin CVE-2023-30522 (A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2023-30521 (A missing permission check in Jenkins Assembla merge request builder P ...) NOT-FOR-US: Jenkins plugin CVE-2023-30520 (Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL sche ...) NOT-FOR-US: Jenkins plugin CVE-2023-30519 (A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and e ...) NOT-FOR-US: Jenkins plugin CVE-2023-30518 (A missing permission check in Jenkins Thycotic Secret Server Plugin 1. ...) NOT-FOR-US: Jenkins plugin CVE-2023-30517 (Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier uncond ...) NOT-FOR-US: Jenkins plugin CVE-2023-30516 (Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option ...) NOT-FOR-US: Jenkins plugin CVE-2023-30515 (Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2023-30514 (Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2023-30513 (Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not prop ...) NOT-FOR-US: Jenkins plugin CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalat ...) NOT-FOR-US: CubeFS CVE-2023-30511 RESERVED CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb manageme ...) NOT-FOR-US: HPE CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) NOT-FOR-US: HPE CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) NOT-FOR-US: HPE CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) NOT-FOR-US: HPE CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) NOT-FOR-US: HPE CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1) NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Serv ...) NOT-FOR-US: Hitachi CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1034721) [bullseye] - wireshark (Minor issue) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html CVE-2023-1991 RESERVED CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1 ...) - libressl (bug #754513) CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms ...) NOT-FOR-US: WordPress plugin CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVis ...) NOT-FOR-US: WordPress Plugin CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...) NOT-FOR-US: WordPress Plugin CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...) NOT-FOR-US: WordPress plugin CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-30495 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...) NOT-FOR-US: WordPress plugin CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...) NOT-FOR-US: WordPress plugin CVE-2023-30492 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...) NOT-FOR-US: WordPress plugin CVE-2023-30490 RESERVED CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-30488 RESERVED CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...) NOT-FOR-US: WordPress plugin CVE-2023-30486 RESERVED CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...) NOT-FOR-US: WordPress plugin CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...) NOT-FOR-US: WordPress plugin CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...) NOT-FOR-US: WordPress plugin CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...) NOT-FOR-US: WordPress plugin CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP Educenter.This issue ...) NOT-FOR-US: WordPress theme CVE-2023-30479 RESERVED CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...) NOT-FOR-US: WordPress plugin CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...) NOT-FOR-US: WordPress plugin CVE-2023-30476 RESERVED CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...) NOT-FOR-US: WordPress plugin CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...) NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...) NOT-FOR-US: WordPress Plugin CVE-2023-30472 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeS ...) NOT-FOR-US: WordPress plugin CVE-2023-30471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel R ...) NOT-FOR-US: WordPress plugin CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...) NOT-FOR-US: Facebook Hermes CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3) NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not NOTE: enabled in Debian CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...) {DSA-5492-1 DLA-3710-1 DLA-3404-1 DLA-3403-1} - linux 6.3.7-1 [bullseye] - linux 5.10.197-1 NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4) CVE-2023-1988 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1987 (A vulnerability has been found in SourceCodester Online Computer and L ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1986 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1985 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1984 (A vulnerability classified as critical was found in SourceCodester Com ...) NOT-FOR-US: SourceCodester Complaint Management System CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-1982 (The Front Editor WordPress plugin through 4.0.4 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...) {DLA-3414-1} - avahi 0.8-10 (bug #1034594) [bullseye] - avahi (Minor issue) NOTE: https://github.com/lathiat/avahi/issues/375 NOTE: https://github.com/lathiat/avahi/pull/407 NOTE: https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remote Des ...) NOT-FOR-US: Devolutions CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...) NOT-FOR-US: WordPress plugin CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not validate U ...) NOT-FOR-US: WordPress plugin CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...) NOT-FOR-US: answer CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...) NOT-FOR-US: answer CVE-2023-1974 (Exposure of Sensitive Information Through Metadata in GitHub repositor ...) NOT-FOR-US: answer CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hit ...) NOT-FOR-US: Hitachi CVE-2023-30468 RESERVED CVE-2023-1973 RESERVED - undertow (bug #1068815) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662 CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...) NOT-FOR-US: Milesight CVE-2023-30466 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...) NOT-FOR-US: Milesight CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache InLong CVE-2023-1972 (A potential heap based buffer overflow was found in _bfd_elf_slurp_ver ...) - binutils 2.41-1 (unimportant) NOTE: https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30285 NOTE: binutils not covered by security support CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: yuan1994 tpAdmin CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: yuan1994 tpAdmin CVE-2023-1969 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-1968 (Instruments with Illumina Universal Copy Service v2.x are vulnerable d ...) NOT-FOR-US: Illumina CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes untrusted data ...) NOT-FOR-US: Keysight N8844A Data Analytics Web Service CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x contain ...) NOT-FOR-US: Illumina CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-30464 RESERVED CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...) NOT-FOR-US: picoTCP CVE-2023-30462 RESERVED CVE-2023-30461 RESERVED CVE-2023-30460 RESERVED CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...) NOT-FOR-US: SmartPTT SCADA CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...) NOT-FOR-US: Medicine Tracker System CVE-2023-30457 RESERVED CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3) CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service attac ...) NOT-FOR-US: ebankIT CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...) NOT-FOR-US: ebankIT CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...) NOT-FOR-US: Jira plugin CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...) NOT-FOR-US: MoroSystems EasyMind CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...) NOT-FOR-US: PHPGurukul Bank Locker Management System CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management System ...) NOT-FOR-US: PHPGurukul Bank Locker Management System CVE-2018-25084 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Ping Identity Self-Service Account Manager CVE-2023-30451 (In TYPO3 11.5.24, the filelist component allows attackers (who have ac ...) NOT-FOR-US: Typo3 CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...) NOT-FOR-US: Redpanda CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30448 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30447 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30446 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30445 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulne ...) NOT-FOR-US: IBM CVE-2023-30443 RESERVED CVE-2023-30442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2023-30441 (IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8 ...) NOT-FOR-US: IBM CVE-2023-30440 (IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW9 ...) NOT-FOR-US: IBM CVE-2023-30439 RESERVED CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM Power9 and Po ...) NOT-FOR-US: IBM CVE-2023-30437 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized ...) NOT-FOR-US: IBM CVE-2023-30436 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-30435 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cro ...) NOT-FOR-US: IBM CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...) NOT-FOR-US: IBM CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...) NOT-FOR-US: IBM CVE-2023-30432 RESERVED CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-30430 RESERVED CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...) NOT-FOR-US: WordPress plugin CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...) NOT-FOR-US: Dart http_server CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...) NOT-FOR-US: BestWebSoft CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Button up ...) NOT-FOR-US: BestWebSoft CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...) NOT-FOR-US: Turante Sandbox Theme CVE-2023-30429 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-30428 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-30427 RESERVED CVE-2023-30426 RESERVED CVE-2023-30425 RESERVED CVE-2023-30424 RESERVED CVE-2023-30423 RESERVED CVE-2023-30422 RESERVED CVE-2023-30421 RESERVED CVE-2023-30420 RESERVED CVE-2023-30419 RESERVED CVE-2023-30418 RESERVED CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2 ...) NOT-FOR-US: Pear-Admin-Boot CVE-2023-30416 RESERVED CVE-2023-30415 (Sourcecodester Packers and Movers Management System v1.0 was discovere ...) NOT-FOR-US: Sourcecodester Packers and Movers Management System CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5051 CVE-2023-30413 RESERVED CVE-2023-30412 RESERVED CVE-2023-30411 RESERVED CVE-2023-30410 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5052 CVE-2023-30409 RESERVED CVE-2023-30408 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5057 CVE-2023-30407 RESERVED CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...) - iotjs [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/5058 CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repea ...) NOT-FOR-US: Aigital CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...) NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router CVE-2023-30403 (An issue in the time-based authentication mechanism of Aigital Aigital ...) NOT-FOR-US: Aigital CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/206 NOTE: Crash in CLI tool, no security impact CVE-2023-30401 RESERVED CVE-2023-30400 (An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. ...) NOT-FOR-US: Anyka Microelectronics AK3918EV300 MCU CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC ...) NOT-FOR-US: GARO Wallbox GLB/GTB/GTC CVE-2023-30398 RESERVED CVE-2023-30397 RESERVED CVE-2023-30396 RESERVED CVE-2023-30395 RESERVED CVE-2023-30394 (Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site ...) NOT-FOR-US: MoveIT CVE-2023-30393 RESERVED CVE-2023-30392 RESERVED CVE-2023-30391 RESERVED CVE-2023-30390 RESERVED CVE-2023-30389 RESERVED CVE-2023-30388 RESERVED CVE-2023-30387 RESERVED CVE-2023-30386 RESERVED CVE-2023-30385 RESERVED CVE-2023-30384 RESERVED CVE-2023-30383 (TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Ar ...) NOT-FOR-US: TP-Link CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life up to 543 ...) NOT-FOR-US: hl.exe of Valve Half-Life CVE-2023-30381 RESERVED CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 ...) NOT-FOR-US: DedeCMS CVE-2023-30379 RESERVED CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...) NOT-FOR-US: Tenda CVE-2023-30377 RESERVED CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a ...) NOT-FOR-US: Tenda CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-ba ...) NOT-FOR-US: Tenda CVE-2023-30374 RESERVED CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a ...) NOT-FOR-US: Tenda CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack ...) NOT-FOR-US: Tenda CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-b ...) NOT-FOR-US: Tenda CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-bas ...) NOT-FOR-US: Tenda CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.) NOT-FOR-US: Tenda CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...) NOT-FOR-US: Tenda CVE-2023-30367 (Multi-Remote Next Generation Connection Manager (mRemoteNG) is free so ...) NOT-FOR-US: mRemoteNG CVE-2023-30366 RESERVED CVE-2023-30365 RESERVED CVE-2023-30364 RESERVED CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype pollution due t ...) NOT-FOR-US: Tencent vConsole CVE-2023-30362 (Buffer Overflow vulnerability in coap_send function in libcoap library ...) - libcoap3 4.3.1-2 (bug #1040594) [bookworm] - libcoap3 (Minor issue) NOTE: https://github.com/obgm/libcoap/issues/1063 NOTE: https://github.com/obgm/libcoap/commit/e242200f0af2a418dc9f69eee543feacc13cd851 CVE-2023-30361 RESERVED CVE-2023-30360 RESERVED CVE-2023-30359 RESERVED CVE-2023-30358 RESERVED CVE-2023-30357 RESERVED CVE-2023-30356 (Missing Support for an Integrity Check in Shenzen Tenda Technology IP ...) NOT-FOR-US: Tenda CVE-2023-30355 RESERVED CVE-2023-30354 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not d ...) NOT-FOR-US: Tenda CVE-2023-30353 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows una ...) NOT-FOR-US: Tenda CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...) NOT-FOR-US: Tenda CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...) NOT-FOR-US: Tenda CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with guest access ...) NOT-FOR-US: FS S3900-24T4S devices CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...) NOT-FOR-US: JFinal CMS CVE-2023-30348 RESERVED CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, ...) NOT-FOR-US: Neox Contact Center CVE-2023-30346 RESERVED CVE-2023-30345 RESERVED CVE-2023-30344 RESERVED CVE-2023-30343 RESERVED CVE-2023-30342 RESERVED CVE-2023-30341 RESERVED CVE-2023-30340 RESERVED CVE-2023-30339 RESERVED CVE-2023-30338 (Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pr ...) NOT-FOR-US: Emlog Pro CVE-2023-30337 RESERVED CVE-2023-30336 RESERVED CVE-2023-30335 RESERVED CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...) NOT-FOR-US: AsmBB CVE-2023-30333 (An arbitrary file upload vulnerability in the component /admin/ThemeCo ...) NOT-FOR-US: PerfreeBlog CVE-2023-30332 RESERVED CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...) NOT-FOR-US: beetl CVE-2023-30330 (SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerab ...) NOT-FOR-US: SoftExpert (SE) Excellence Suite CVE-2023-30329 RESERVED CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for ma ...) NOT-FOR-US: Mailbutler GmbH Shimo VPN Client CVE-2023-30327 RESERVED CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in /WebCont ...) NOT-FOR-US: wliang6 ChatEngine CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in /src/chatbotap ...) NOT-FOR-US: wliang6 ChatEngine CVE-2023-30324 RESERVED CVE-2023-30323 (SQL Injection vulnerability in username field in /src/chatbotapp/chatW ...) NOT-FOR-US: Payatu chatengine CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) NOT-FOR-US: Payatu chatengine CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) NOT-FOR-US: wliang6 ChatEngine CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) NOT-FOR-US: wliang6 ChatEngine CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) NOT-FOR-US: wliang6 ChatEngine CVE-2023-30318 RESERVED CVE-2023-30317 RESERVED CVE-2023-30316 RESERVED CVE-2023-30315 RESERVED CVE-2023-30314 RESERVED CVE-2023-30313 RESERVED CVE-2023-30312 RESERVED CVE-2023-30311 RESERVED CVE-2023-30310 RESERVED CVE-2023-30309 RESERVED CVE-2023-30308 RESERVED CVE-2023-30307 RESERVED CVE-2023-30306 RESERVED CVE-2023-30305 RESERVED CVE-2023-30304 RESERVED CVE-2023-30303 RESERVED CVE-2023-30302 RESERVED CVE-2023-30301 RESERVED CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes an infin ...) - wabt 1.0.33-1 (unimportant; bug #1035686) NOTE: https://github.com/WebAssembly/wabt/issues/2180 NOTE: https://github.com/WebAssembly/wabt/pull/2183 NOTE: https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c NOTE: Hang in CLI tool, no security impact CVE-2023-30299 RESERVED CVE-2023-30298 RESERVED CVE-2023-30297 (An issue found in N-able Technologies N-central Server before 2023.4 a ...) NOT-FOR-US: N-able Technologies N-central Server CVE-2023-30296 RESERVED CVE-2023-30295 RESERVED CVE-2023-30294 RESERVED CVE-2023-30293 RESERVED CVE-2023-30292 RESERVED CVE-2023-30291 RESERVED CVE-2023-30290 RESERVED CVE-2023-30289 RESERVED CVE-2023-30288 RESERVED CVE-2023-30287 RESERVED CVE-2023-30286 RESERVED CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows ...) NOT-FOR-US: Deviniti Issue Sync Synchronization CVE-2023-30284 RESERVED CVE-2023-30283 RESERVED CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...) NOT-FOR-US: PrestaShop scexportcustomers CVE-2023-30281 (Insecure permissions vulnerability was discovered, due to a lack of pe ...) NOT-FOR-US: Prestashop CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...) NOT-FOR-US: Netgear CVE-2023-30279 RESERVED CVE-2023-30278 RESERVED CVE-2023-30277 RESERVED CVE-2023-30276 RESERVED CVE-2023-30275 RESERVED CVE-2023-30274 RESERVED CVE-2023-30273 RESERVED CVE-2023-30272 RESERVED CVE-2023-30271 RESERVED CVE-2023-30270 RESERVED CVE-2023-30269 (CLTPHP <=6.0 is vulnerable to Improper Input Validation via applicatio ...) NOT-FOR-US: CLTPHP CVE-2023-30268 (CLTPHP <=6.0 is vulnerable to Improper Input Validation.) NOT-FOR-US: CLTPHP CVE-2023-30267 (CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via applicati ...) NOT-FOR-US: CLTPHP CVE-2023-30266 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...) NOT-FOR-US: CLTPHP CVE-2023-30265 (CLTPHP <=6.0 is vulnerable to Directory Traversal.) NOT-FOR-US: CLTPHP CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...) NOT-FOR-US: CLTPHP CVE-2023-30263 RESERVED CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...) NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services CVE-2023-30261 (Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote at ...) NOT-FOR-US: OpenWB CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earl ...) NOT-FOR-US: RaspAP CVE-2023-30259 (A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 ...) - librecad 2.2.0.2-1 (unimportant) NOTE: https://github.com/LibreCAD/LibreCAD/issues/1481 NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/ef9e5f84f3179eb2470c5aae82a3371869e6ee11 (2.2.2_alpha) NOTE: Crash in CLI tool, no security impact CVE-2023-30258 (Command Injection vulnerability in MagnusSolution magnusbilling 6.x an ...) NOT-FOR-US: MagnusSolution magnusbilling CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build ...) NOT-FOR-US: FiiO M6 CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 all ...) NOT-FOR-US: Webkil QloApps CVE-2023-30255 RESERVED CVE-2023-30254 RESERVED CVE-2023-30253 (Dolibarr before 17.0.1 allows remote code execution by an authenticate ...) - dolibarr CVE-2023-30252 RESERVED CVE-2023-30251 RESERVED CVE-2023-30250 RESERVED CVE-2023-30249 RESERVED CVE-2023-30248 RESERVED CVE-2023-30247 (File Upload vulnerability found in Oretnom23 Storage Unit Rental Manag ...) NOT-FOR-US: Oretnom23 Storage Unit Rental Management System CVE-2023-30246 (SQL injection vulnerability found in Judging Management System v.1.0 a ...) NOT-FOR-US: Judging Management System CVE-2023-30245 (SQL injection vulnerability found in Judging Management System v.1.0 a ...) NOT-FOR-US: Judging Management System CVE-2023-30244 RESERVED CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable ...) NOT-FOR-US: Beijing Netcon NS-ASG Application Security Gateway CVE-2023-30242 (NS-ASG v6.3 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: Beijing Netcon NS-ASG Application Security Gateway CVE-2023-30241 RESERVED CVE-2023-30240 RESERVED CVE-2023-30239 RESERVED CVE-2023-30238 RESERVED CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to co ...) NOT-FOR-US: CyberGhostVPN CVE-2023-30236 RESERVED CVE-2023-30235 RESERVED CVE-2023-30234 RESERVED CVE-2023-30233 RESERVED CVE-2023-30232 RESERVED CVE-2023-30231 RESERVED CVE-2023-30230 RESERVED CVE-2023-30229 RESERVED CVE-2023-30228 RESERVED CVE-2023-30227 RESERVED CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in rizinorg Rizin ...) NOT-FOR-US: Rizin CVE-2023-30225 RESERVED CVE-2023-30224 RESERVED CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...) NOT-FOR-US: 4D SAS 4D Server CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...) NOT-FOR-US: 4D SAS 4D Server CVE-2023-30221 RESERVED CVE-2023-30220 RESERVED CVE-2023-30219 RESERVED CVE-2023-30218 RESERVED CVE-2023-30217 RESERVED CVE-2023-30216 (Insecure permissions in the updateUserInfo function of newbee-mall bef ...) NOT-FOR-US: newbee-mall CVE-2023-30215 RESERVED CVE-2023-30214 RESERVED CVE-2023-30213 RESERVED CVE-2023-30212 (OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client ...) NOT-FOR-US: OURPHP CVE-2023-30211 (OURPHP <= 7.2.0 is vulnerable to SQL Injection.) NOT-FOR-US: OURPHP CVE-2023-30210 (OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp ...) NOT-FOR-US: OURPHP CVE-2023-30209 RESERVED CVE-2023-30208 RESERVED CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater Software 19.5 a ...) {DLA-3712-1} - kodi 2:20.0~rc2+dfsg-2 (bug #1040593) [bullseye] - kodi (Minor issue) NOTE: https://github.com/xbmc/xbmc/issues/22378 NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73 NOTE: https://github.com/xbmc/xbmc/pull/22391 CVE-2023-30206 RESERVED CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allow ...) NOT-FOR-US: DouPHP CVE-2023-30204 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-30203 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-30202 RESERVED CVE-2023-30201 RESERVED CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, Alt & More ...) NOT-FOR-US: PrestaShop module CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...) NOT-FOR-US: Prestashop CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...) NOT-FOR-US: Prestashop winbizpayment CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...) NOT-FOR-US: Prestashop CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) NOT-FOR-US: Prestashop CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up to 1.1. ...) NOT-FOR-US: Prestashop CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Prestashop CVE-2023-30193 RESERVED CVE-2023-30192 (Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via Po ...) NOT-FOR-US: Prestashop CVE-2023-30191 (PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via Cdesig ...) NOT-FOR-US: PrestaShop CVE-2023-30190 RESERVED CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Prestashop CVE-2023-30188 (Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 th ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2023-30187 (An out of bounds memory access vulnerability in ONLYOFFICE DocumentSer ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2023-30186 (A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 t ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2023-30185 (CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: CRMEB CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 al ...) NOT-FOR-US: Typecho CVE-2023-30183 REJECTED CVE-2023-30182 RESERVED CVE-2023-30181 RESERVED CVE-2023-30180 RESERVED CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...) NOT-FOR-US: Craft CMS CVE-2023-30178 RESERVED CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...) NOT-FOR-US: CraftCMS CVE-2023-30176 RESERVED CVE-2023-30175 RESERVED CVE-2023-30174 RESERVED CVE-2023-30173 RESERVED CVE-2023-30172 (A directory traversal vulnerability in the /get-artifact API method of ...) NOT-FOR-US: mlflow CVE-2023-30171 RESERVED CVE-2023-30170 RESERVED CVE-2023-30169 RESERVED CVE-2023-30168 RESERVED CVE-2023-30167 RESERVED CVE-2023-30166 RESERVED CVE-2023-30165 RESERVED CVE-2023-30164 RESERVED CVE-2023-30163 RESERVED CVE-2023-30162 RESERVED CVE-2023-30161 RESERVED CVE-2023-30160 RESERVED CVE-2023-30159 RESERVED CVE-2023-30158 RESERVED CVE-2023-30157 RESERVED CVE-2023-30156 RESERVED CVE-2023-30155 RESERVED CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...) NOT-FOR-US: PrestaShop module CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) NOT-FOR-US: PrestaShop module CVE-2023-30152 RESERVED CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...) NOT-FOR-US: PrestaShop module CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...) NOT-FOR-US: PrestaShop leocustomajax CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) NOT-FOR-US: PrestaShop module CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...) NOT-FOR-US: PrestaShop module CVE-2023-30147 RESERVED CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 all ...) NOT-FOR-US: Assmann Digitus Plug&View IP Camera CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...) NOT-FOR-US: Camaleon CMS CVE-2023-30144 RESERVED CVE-2023-30143 RESERVED CVE-2023-30142 RESERVED CVE-2023-30141 RESERVED CVE-2023-30140 RESERVED CVE-2023-30139 RESERVED CVE-2023-30138 RESERVED CVE-2023-30137 RESERVED CVE-2023-30136 RESERVED CVE-2023-30135 (Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command ...) NOT-FOR-US: Tenda CVE-2023-30134 RESERVED CVE-2023-30133 RESERVED CVE-2023-30132 (An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attacke ...) NOT-FOR-US: IXP Data EasyInstall CVE-2023-30131 (An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to ...) NOT-FOR-US: IXP Data EasyInstall CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute ...) NOT-FOR-US: CraftCMS CVE-2023-30129 RESERVED CVE-2023-30128 RESERVED CVE-2023-30127 RESERVED CVE-2023-30126 RESERVED CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Eyoucms CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: LavaLite CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...) NOT-FOR-US: wuzhicms CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...) NOT-FOR-US: Online Food Ordering System CVE-2023-30121 RESERVED CVE-2023-30120 RESERVED CVE-2023-30119 RESERVED CVE-2023-30118 RESERVED CVE-2023-30117 RESERVED CVE-2023-30116 RESERVED CVE-2023-30115 RESERVED CVE-2023-30114 RESERVED CVE-2023-30113 RESERVED CVE-2023-30112 (Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.) NOT-FOR-US: Medicine Tracker System in PHP CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Medicine Tracker System CVE-2023-30110 RESERVED CVE-2023-30109 RESERVED CVE-2023-30108 RESERVED CVE-2023-30107 RESERVED CVE-2023-30106 (Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to C ...) NOT-FOR-US: Medicine Tracker System CVE-2023-30105 RESERVED CVE-2023-30104 RESERVED CVE-2023-30103 RESERVED CVE-2023-30102 RESERVED CVE-2023-30101 RESERVED CVE-2023-30100 RESERVED CVE-2023-30099 RESERVED CVE-2023-30098 RESERVED CVE-2023-30097 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) NOT-FOR-US: TotalJS CVE-2023-30096 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) NOT-FOR-US: TotalJS CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) NOT-FOR-US: TotalJS CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 ...) NOT-FOR-US: TotalJS CVE-2023-30093 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-30091 RESERVED CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...) NOT-FOR-US: Semcms Shop CVE-2023-30089 RESERVED CVE-2023-30088 (An issue found in Cesanta MJS v.1.26 allows a local attacker to cause ...) NOT-FOR-US: Cesenta MJS CVE-2023-30087 (Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a loc ...) NOT-FOR-US: Cesenta MJS CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local ...) - tiff 4.4.0-5 [bullseye] - tiff 4.2.0-1+deb11u3 [buster] - tiff 4.1.0+git191117-2~deb10u5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/538 NOTE: Likely fixed by: https://gitlab.com/libtiff/libtiff/-/merge_requests/385 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2023-30085 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) - ming NOTE: https://github.com/libming/libming/issues/267 CVE-2023-30084 (An issue found in libming swftophp v.0.4.8 allows a local attacker to ...) - ming NOTE: https://github.com/libming/libming/issues/268 CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) - ming NOTE: https://github.com/libming/libming/issues/266 CVE-2023-30082 (A denial of service attack might be launched against the server if an ...) NOT-FOR-US: osTicket CVE-2023-30081 RESERVED CVE-2023-30080 RESERVED CVE-2023-30079 REJECTED CVE-2023-30078 REJECTED CVE-2023-30077 (Judging Management System v1.0 by oretnom23 was discovered to vulnerab ...) NOT-FOR-US: Judging Management System CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Judging Management System CVE-2023-30075 RESERVED CVE-2023-30074 RESERVED CVE-2023-30073 RESERVED CVE-2023-30072 RESERVED CVE-2023-30071 RESERVED CVE-2023-30070 RESERVED CVE-2023-30069 RESERVED CVE-2023-30068 RESERVED CVE-2023-30067 RESERVED CVE-2023-30066 RESERVED CVE-2023-30065 (MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was dis ...) NOT-FOR-US: MitraStar CVE-2023-30064 RESERVED CVE-2023-30063 (D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.) NOT-FOR-US: D-Link CVE-2023-30062 RESERVED CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcg ...) NOT-FOR-US: D-Link CVE-2023-30060 RESERVED CVE-2023-30059 RESERVED CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.) NOT-FOR-US: novel-plus CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...) NOT-FOR-US: FICO CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...) NOT-FOR-US: FICO CVE-2023-30055 RESERVED CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnera ...) NOT-FOR-US: TOTOLINK CVE-2023-30053 (TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...) NOT-FOR-US: TOTOLINK CVE-2023-30052 RESERVED CVE-2023-30051 RESERVED CVE-2023-30050 RESERVED CVE-2023-30049 RESERVED CVE-2023-30048 RESERVED CVE-2023-30047 RESERVED CVE-2023-30046 RESERVED CVE-2023-30045 RESERVED CVE-2023-30044 RESERVED CVE-2023-30043 RESERVED CVE-2023-30042 RESERVED CVE-2023-30041 RESERVED CVE-2023-30040 RESERVED CVE-2023-30039 RESERVED CVE-2023-30038 RESERVED CVE-2023-30037 RESERVED CVE-2023-30036 RESERVED CVE-2023-30035 RESERVED CVE-2023-30034 RESERVED CVE-2023-30033 RESERVED CVE-2023-30032 RESERVED CVE-2023-30031 RESERVED CVE-2023-30030 RESERVED CVE-2023-30029 RESERVED CVE-2023-30028 RESERVED CVE-2023-30027 RESERVED CVE-2023-30026 RESERVED CVE-2023-30025 RESERVED CVE-2023-30024 (The MagicJack device, a VoIP solution for internet phone calls, contai ...) NOT-FOR-US: MagicJack CVE-2023-30023 RESERVED CVE-2023-30022 RESERVED CVE-2023-30021 RESERVED CVE-2023-30020 RESERVED CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) ...) NOT-FOR-US: imgproxy CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. via /ph ...) NOT-FOR-US: Judging Management System CVE-2023-30017 RESERVED CVE-2023-30016 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...) NOT-FOR-US: oretnom23 Judging Management System CVE-2023-30015 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...) NOT-FOR-US: oretnom23 Judging Management System CVE-2023-30014 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...) NOT-FOR-US: oretnom23 Judging Management System CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) NOT-FOR-US: TOTOLINK CVE-2023-30012 RESERVED CVE-2023-30011 RESERVED CVE-2023-30010 RESERVED CVE-2023-30009 RESERVED CVE-2023-30008 RESERVED CVE-2023-30007 RESERVED CVE-2023-30006 RESERVED CVE-2023-30005 RESERVED CVE-2023-30004 RESERVED CVE-2023-30003 RESERVED CVE-2023-30002 RESERVED CVE-2023-30001 RESERVED CVE-2023-30000 RESERVED CVE-2023-29999 RESERVED CVE-2023-29998 (A Cross-site scripting (XSS) vulnerability in the content editor in Gi ...) NOT-FOR-US: Gis3W g3w-suite CVE-2023-29997 RESERVED CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occur ...) NOT-FOR-US: NanoMQ CVE-2023-29995 (In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function ...) NOT-FOR-US: NanoMQ CVE-2023-29994 (In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqt ...) NOT-FOR-US: NanoMQ CVE-2023-29993 RESERVED CVE-2023-29992 RESERVED CVE-2023-29991 RESERVED CVE-2023-29990 RESERVED CVE-2023-29989 RESERVED CVE-2023-29988 RESERVED CVE-2023-29987 RESERVED CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...) NOT-FOR-US: spring-boot-actuator-logview CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...) NOT-FOR-US: Sourcecodester CVE-2023-29984 (Null pointer dereference vulnerability exists in multiple vendors MFPs ...) NOT-FOR-US: Fujifilm CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...) NOT-FOR-US: Maximilian Vogt cmaps CVE-2023-29982 RESERVED CVE-2023-29981 RESERVED CVE-2023-29980 RESERVED CVE-2023-29979 RESERVED CVE-2023-29978 RESERVED CVE-2023-29977 RESERVED CVE-2023-29976 RESERVED CVE-2023-29975 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to ch ...) NOT-FOR-US: Pfsense CE CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to co ...) NOT-FOR-US: Pfsense CE CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...) NOT-FOR-US: Pfsense CE CVE-2023-29972 RESERVED CVE-2023-29971 RESERVED CVE-2023-29970 RESERVED CVE-2023-29969 RESERVED CVE-2023-29968 RESERVED CVE-2023-29967 RESERVED CVE-2023-29966 RESERVED CVE-2023-29965 RESERVED CVE-2023-29964 RESERVED CVE-2023-29963 (S-CMS v5.0 was discovered to contain an authenticated remote code exec ...) NOT-FOR-US: S-CMS CVE-2023-29962 (S-CMS v5.0 was discovered to contain an arbitrary file read vulnerabil ...) NOT-FOR-US: S-CMS CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack o ...) NOT-FOR-US: D-Link CVE-2023-29960 RESERVED CVE-2023-29959 RESERVED CVE-2023-29958 RESERVED CVE-2023-29957 RESERVED CVE-2023-29956 RESERVED CVE-2023-29955 RESERVED CVE-2023-29954 RESERVED CVE-2023-29953 RESERVED CVE-2023-29952 RESERVED CVE-2023-29951 RESERVED CVE-2023-29950 (swfrender v0.9.2 was discovered to contain a heap buffer overflow in t ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/198 CVE-2023-29949 RESERVED CVE-2023-29948 RESERVED CVE-2023-29947 RESERVED CVE-2023-29946 RESERVED CVE-2023-29945 RESERVED CVE-2023-29944 (Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Exec ...) NOT-FOR-US: Metersphere CVE-2023-29943 RESERVED CVE-2023-29942 (llvm-project commit a0138390 was discovered to contain a segmentation ...) - llvm-toolchain-13 (unimportant) - llvm-toolchain-14 (unimportant) - llvm-toolchain-15 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59990 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29941 (llvm-project commit a0138390 was discovered to contain a segmentation ...) - llvm-toolchain-13 (unimportant) - llvm-toolchain-14 (unimportant) - llvm-toolchain-15 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59988 NOTE: https://github.com/llvm/llvm-project/commit/9a29d87538842a29b430c6956a4f914896643691 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29940 RESERVED CVE-2023-29939 (llvm-project commit a0138390 was discovered to contain a segmentation ...) - llvm-toolchain-13 1:13.0.1-12 (unimportant) - llvm-toolchain-14 1:14.0.6-13 (unimportant) - llvm-toolchain-15 1:15.0.7-7 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59983 NOTE: https://github.com/llvm/llvm-project/commit/466aa585c6dfb096bf9a7ad9bcbc6ce8cc7abff1 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29938 RESERVED CVE-2023-29937 RESERVED CVE-2023-29936 RESERVED CVE-2023-29935 (llvm-project commit a0138390 was discovered to contain an assertion fa ...) - llvm-toolchain-13 (unimportant) - llvm-toolchain-14 (unimportant) - llvm-toolchain-15 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59182 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29934 (llvm-project commit 6c01b5c was discovered to contain a segmentation f ...) - llvm-toolchain-13 1:13.0.1-12 (unimportant) - llvm-toolchain-14 1:14.0.6-13 (unimportant) - llvm-toolchain-15 1:15.0.7-7 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59136 NOTE: https://github.com/llvm/llvm-project/commit/80d5400d924e543c5420f4e924f5818313605e99 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29933 (llvm-project commit bd456297 was discovered to contain a segmentation ...) - llvm-toolchain-13 (unimportant) - llvm-toolchain-14 (unimportant) - llvm-toolchain-15 1:15.0.7-7 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/59442 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segmentation ...) - llvm-toolchain-13 1:13.0.1-12 (unimportant) - llvm-toolchain-14 1:14.0.6-13 (unimportant) - llvm-toolchain-15 1:15.0.7-7 (unimportant) NOTE: https://github.com/llvm/llvm-project/issues/58745 NOTE: https://github.com/llvm/llvm-project/commit/d35fcf0e97e7bb02381506a71e61ec282b292c50 NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illumi ...) NOT-FOR-US: laravel-s CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...) NOT-FOR-US: Genesys CVE-2023-29929 RESERVED CVE-2023-29928 RESERVED CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...) NOT-FOR-US: Sage CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...) NOT-FOR-US: PowerJob CVE-2023-29925 RESERVED CVE-2023-29924 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows ...) NOT-FOR-US: PowerJob CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...) NOT-FOR-US: PowerJob CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...) NOT-FOR-US: PowerJob CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...) NOT-FOR-US: PowerJob CVE-2023-29920 RESERVED CVE-2023-29919 (SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any fi ...) NOT-FOR-US: SolarView CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...) NOT-FOR-US: RosarioSIS CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29915 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29914 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29913 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29912 (H3C Magic R200 R200V100R004 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2023-29911 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29910 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29909 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29908 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29907 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29906 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29905 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) NOT-FOR-US: H3C CVE-2023-29904 RESERVED CVE-2023-29903 RESERVED CVE-2023-29902 RESERVED CVE-2023-29901 RESERVED CVE-2023-29900 RESERVED CVE-2023-29899 RESERVED CVE-2023-29898 RESERVED CVE-2023-29897 RESERVED CVE-2023-29896 RESERVED CVE-2023-29895 RESERVED CVE-2023-29894 RESERVED CVE-2023-29893 RESERVED CVE-2023-29892 RESERVED CVE-2023-29891 RESERVED CVE-2023-29890 RESERVED CVE-2023-29889 RESERVED CVE-2023-29888 RESERVED CVE-2023-29887 (A Local File inclusion vulnerability in test.php in spreadsheet-reader ...) NOT-FOR-US: spreadsheet-reader CVE-2023-29886 RESERVED CVE-2023-29885 RESERVED CVE-2023-29884 RESERVED CVE-2023-29883 RESERVED CVE-2023-29882 RESERVED CVE-2023-29881 (phpok 6.4.003 is vulnerable to SQL injection in the function index_f() ...) NOT-FOR-US: phpok CVE-2023-29880 RESERVED CVE-2023-29879 RESERVED CVE-2023-29878 RESERVED CVE-2023-29877 RESERVED CVE-2023-29876 RESERVED CVE-2023-29875 RESERVED CVE-2023-29874 RESERVED CVE-2023-29873 RESERVED CVE-2023-29872 RESERVED CVE-2023-29871 RESERVED CVE-2023-29870 RESERVED CVE-2023-29869 RESERVED CVE-2023-29868 (Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Contro ...) - zammad (bug #841355) CVE-2023-29867 (Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. ...) - zammad (bug #841355) CVE-2023-29866 RESERVED CVE-2023-29865 RESERVED CVE-2023-29864 RESERVED CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to ...) NOT-FOR-US: Medical Systems Co. Medisys Weblab Products CVE-2023-29862 (An issue found in Agasio-Camera device version not specified allows a ...) NOT-FOR-US: Agasio-Camera CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a remote att ...) NOT-FOR-US: FLIR-DVTEL CVE-2023-29860 (An insecure permissions in /Taier/API/tenant/listTenant interface in D ...) NOT-FOR-US: Taier CVE-2023-29859 RESERVED CVE-2023-29858 RESERVED CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain sensitive inf ...) NOT-FOR-US: Teslamate CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...) NOT-FOR-US: D-Link CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...) NOT-FOR-US: WBCE CMS CVE-2023-29854 (DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the for ...) NOT-FOR-US: DirCMS CVE-2023-29853 RESERVED CVE-2023-29852 RESERVED CVE-2023-29851 RESERVED CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...) NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...) NOT-FOR-US: Bang Resto CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: Bang Resto CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...) NOT-FOR-US: AeroCMS CVE-2023-29846 RESERVED CVE-2023-29845 REJECTED CVE-2023-29844 RESERVED CVE-2023-29843 RESERVED CVE-2023-29842 (ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQ ...) NOT-FOR-US: ChirchCRm CVE-2023-29841 RESERVED CVE-2023-29840 RESERVED CVE-2023-29839 (A Stored Cross Site Scripting (XSS) vulnerability exists in multiple p ...) - hoteldruid 3.0.5-1 (bug #1035671) [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) NOTE: https://github.com/jichngan/CVE-2023-29839 NOTE: Fixed upstream in 3.0.5 CVE-2023-29838 (Insecure Permission vulnerability found in Botkind/Siber Systems SyncA ...) NOT-FOR-US: Botkind/Siber Systems SyncApp CVE-2023-29837 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...) NOT-FOR-US: Exelysis Unified Communication Solution (EUCS) CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...) NOT-FOR-US: Exelysis Unified Communication Solutions (EUCS) CVE-2023-29835 (Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9. ...) NOT-FOR-US: Wondershare Dr.Fone CVE-2023-29834 RESERVED CVE-2023-29833 RESERVED CVE-2023-29832 RESERVED CVE-2023-29831 RESERVED CVE-2023-29830 RESERVED CVE-2023-29829 RESERVED CVE-2023-29828 RESERVED CVE-2023-29827 (ejs v3.1.9 is vulnerable to server-side template injection. If the ejs ...) - node-ejs (unimportant) NOTE: https://github.com/mde/ejs/issues/720 NOTE: Not considered a security issue by upstream, requires to never give unfiltered NOTE: input to the EJS's render function. CVE-2023-29826 RESERVED CVE-2023-29825 RESERVED CVE-2023-29824 (A use-after-free issue was discovered in Py_FindObjects() function in ...) - scipy 1.8.1-3 [bullseye] - scipy (Minor issue) NOTE: https://github.com/scipy/scipy/issues/14713 NOTE: https://github.com/scipy/scipy/pull/15013 NOTE: http://www.square16.org/achievement/cve-2023-29824/ CVE-2023-29823 RESERVED CVE-2023-29822 RESERVED CVE-2023-29821 RESERVED CVE-2023-29820 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection CVE-2023-29819 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection CVE-2023-29818 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection CVE-2023-29817 RESERVED CVE-2023-29816 RESERVED CVE-2023-29815 (mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: mccms CVE-2023-29814 RESERVED CVE-2023-29813 RESERVED CVE-2023-29812 RESERVED CVE-2023-29811 RESERVED CVE-2023-29810 RESERVED CVE-2023-29809 (SQL injection vulnerability found in Maximilian Vogt companymaps (cmap ...) NOT-FOR-US: Maximilian Vogt companymaps (cmaps) CVE-2023-29808 (Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) ...) NOT-FOR-US: Maximilian Vogt companymaps (cmaps) CVE-2023-29807 RESERVED CVE-2023-29806 RESERVED CVE-2023-29805 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...) NOT-FOR-US: WFS-SR03 CVE-2023-29804 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...) NOT-FOR-US: WFS-SR03 CVE-2023-29803 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) NOT-FOR-US: TOTOLINK CVE-2023-29802 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) NOT-FOR-US: TOTOLINK CVE-2023-29801 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multipl ...) NOT-FOR-US: TOTOLINK CVE-2023-29800 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) NOT-FOR-US: TOTOLINK CVE-2023-29799 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) NOT-FOR-US: TOTOLINK CVE-2023-29798 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) NOT-FOR-US: TOTOLINK CVE-2023-29797 RESERVED CVE-2023-29796 RESERVED CVE-2023-29795 RESERVED CVE-2023-29794 RESERVED CVE-2023-29793 RESERVED CVE-2023-29792 RESERVED CVE-2023-29791 (kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the deb ...) NOT-FOR-US: kodbox CVE-2023-29790 (kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.) NOT-FOR-US: kodbox CVE-2023-29789 RESERVED CVE-2023-29788 RESERVED CVE-2023-29787 RESERVED CVE-2023-29786 RESERVED CVE-2023-29785 RESERVED CVE-2023-29784 RESERVED CVE-2023-29783 RESERVED CVE-2023-29782 RESERVED CVE-2023-29781 RESERVED CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...) NOT-FOR-US: Third Reality Smart Blind CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...) NOT-FOR-US: Sengled Dimmer Switch CVE-2023-29778 (GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection v ...) NOT-FOR-US: GL.iNET CVE-2023-29777 RESERVED CVE-2023-29776 RESERVED CVE-2023-29775 RESERVED CVE-2023-29774 (Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).) NOT-FOR-US: Dreamer CMS CVE-2023-29773 RESERVED CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/General L ...) NOT-FOR-US: ASUS CVE-2023-29771 RESERVED CVE-2023-29770 (In Sentrifugo 3.5, the AssetsController::uploadsaveAction function all ...) NOT-FOR-US: Sentrifugo CVE-2023-29769 RESERVED CVE-2023-29768 RESERVED CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) NOT-FOR-US: CrossX CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) NOT-FOR-US: CrossX CVE-2023-29765 RESERVED CVE-2023-29764 RESERVED CVE-2023-29763 RESERVED CVE-2023-29762 RESERVED CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows unauthorized app ...) NOT-FOR-US: Sleep CVE-2023-29760 RESERVED CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows unauthorized ...) NOT-FOR-US: FlightAware CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) NOT-FOR-US: Blue Light Filter CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) NOT-FOR-US: Blue Light Filter CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) NOT-FOR-US: Twilight CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) NOT-FOR-US: Twilight CVE-2023-29754 RESERVED CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) NOT-FOR-US: Facemoji Emoji Keyboard CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) NOT-FOR-US: Facemoji Emoji Keyboard CVE-2023-29751 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) NOT-FOR-US: Yandex Navigator CVE-2023-29750 RESERVED CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) NOT-FOR-US: Yandex Navigator CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...) NOT-FOR-US: Story Saver for Instragram CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...) NOT-FOR-US: Story Saver for Instragram CVE-2023-29746 (An issue found in The Thaiger v.1.2 for Android allows unauthorized ap ...) NOT-FOR-US: Thaiger CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) NOT-FOR-US: BestWeather CVE-2023-29744 RESERVED CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) NOT-FOR-US: BestWeather CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) NOT-FOR-US: BestWeather CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) NOT-FOR-US: BestWeather CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) NOT-FOR-US: Alarm Clock for Heavy Sleepers CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) NOT-FOR-US: Alarm Clock for Heavy Sleepers CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) NOT-FOR-US: Wave Animated Keyboard Emoji CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) NOT-FOR-US: Wave Animated Keyboard Emoji CVE-2023-29736 (Keyboard Themes 1.275.1.164 for Android contains a dictionary traversa ...) NOT-FOR-US: Keyboard Themes for Android CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...) NOT-FOR-US: edjing Mix CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...) NOT-FOR-US: edjing Mix CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps to modi ...) NOT-FOR-US: Lock Master CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the co ...) NOT-FOR-US: SoLive CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that pr ...) NOT-FOR-US: SoLive CVE-2023-29730 RESERVED CVE-2023-29729 RESERVED CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...) NOT-FOR-US: Call Blocker CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...) NOT-FOR-US: Call Blocker CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...) NOT-FOR-US: Call Blocker CVE-2023-29725 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applic ...) NOT-FOR-US: BT21 x BTS Wallpaper app for Android CVE-2023-29724 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps t ...) NOT-FOR-US: BT21 x BTS Wallpaper app for Android CVE-2023-29723 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...) NOT-FOR-US: Glitter Unicorn Wallpaper app CVE-2023-29722 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...) NOT-FOR-US: Glitter Unicorn Wallpaper app CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...) NOT-FOR-US: SofaWiki CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...) NOT-FOR-US: SofaWiki CVE-2023-29719 RESERVED CVE-2023-29718 RESERVED CVE-2023-29717 RESERVED CVE-2023-29716 RESERVED CVE-2023-29715 RESERVED CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) NOT-FOR-US: Vade Secure Gateway CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) NOT-FOR-US: Vade Secure Gateway CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) NOT-FOR-US: Vade Secure Gateway CVE-2023-29711 (An incorrect access control issue was discovered in Interlink PSG-5124 ...) NOT-FOR-US: Interlink PSG-5124 CVE-2023-29710 RESERVED CVE-2023-29709 (An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE ve ...) NOT-FOR-US: Wildix WSG24POE CVE-2023-29708 (An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter versi ...) NOT-FOR-US: WavLink WavRouter CVE-2023-29707 (Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Cent ...) NOT-FOR-US: GBCOM LAC WEB Control Center CVE-2023-29706 RESERVED CVE-2023-29705 RESERVED CVE-2023-29704 RESERVED CVE-2023-29703 RESERVED CVE-2023-29702 RESERVED CVE-2023-29701 RESERVED CVE-2023-29700 RESERVED CVE-2023-29699 RESERVED CVE-2023-29698 RESERVED CVE-2023-29697 RESERVED CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2023-29695 RESERVED CVE-2023-29694 RESERVED CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2023-29692 RESERVED CVE-2023-29691 RESERVED CVE-2023-29690 RESERVED CVE-2023-29689 (PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that ...) NOT-FOR-US: PyroCMS CVE-2023-29688 RESERVED CVE-2023-29687 RESERVED CVE-2023-29686 RESERVED CVE-2023-29685 RESERVED CVE-2023-29684 RESERVED CVE-2023-29683 RESERVED CVE-2023-29682 RESERVED CVE-2023-29681 (Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware ...) NOT-FOR-US: Tenda CVE-2023-29680 (Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmwar ...) NOT-FOR-US: Tenda CVE-2023-29679 RESERVED CVE-2023-29678 RESERVED CVE-2023-29677 RESERVED CVE-2023-29676 RESERVED CVE-2023-29675 RESERVED CVE-2023-29674 RESERVED CVE-2023-29673 RESERVED CVE-2023-29672 RESERVED CVE-2023-29671 RESERVED CVE-2023-29670 RESERVED CVE-2023-29669 RESERVED CVE-2023-29668 RESERVED CVE-2023-29667 RESERVED CVE-2023-29666 RESERVED CVE-2023-29665 (D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow vi ...) NOT-FOR-US: D-Link CVE-2023-29664 RESERVED CVE-2023-29663 RESERVED CVE-2023-29662 RESERVED CVE-2023-29661 RESERVED CVE-2023-29660 RESERVED CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...) - libheif 1.16.2-1 (bug #1035607) [bookworm] - libheif (Minor issue) [bullseye] - libheif (Minor issue) [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/issues/794 NOTE: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 (v1.15.2) CVE-2023-29658 RESERVED CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in ...) - extplorer CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile app (Andro ...) NOT-FOR-US: Darktrace CVE-2023-29655 RESERVED CVE-2023-29654 RESERVED CVE-2023-29653 RESERVED CVE-2023-29652 RESERVED CVE-2023-29651 RESERVED CVE-2023-29650 RESERVED CVE-2023-29649 RESERVED CVE-2023-29648 RESERVED CVE-2023-29647 RESERVED CVE-2023-29646 RESERVED CVE-2023-29645 RESERVED CVE-2023-29644 RESERVED CVE-2023-29643 (Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows a ...) NOT-FOR-US: PerfreeBlog CVE-2023-29642 RESERVED CVE-2023-29641 (Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5. ...) NOT-FOR-US: pandao editor.md CVE-2023-29640 RESERVED CVE-2023-29639 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...) NOT-FOR-US: ZHENFENG13 My-Blog CVE-2023-29638 (Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before ...) NOT-FOR-US: WinterChenS my-site CVE-2023-29637 (Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows ...) NOT-FOR-US: Qbian61 forum-java CVE-2023-29636 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...) NOT-FOR-US: ZHENFENG13 My-Blog CVE-2023-29635 (File upload vulnerability in Antabot White-Jotter v0.2.2, allows remot ...) NOT-FOR-US: Antabot White-Jotter CVE-2023-29634 RESERVED CVE-2023-29633 RESERVED CVE-2023-29632 (PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_ ...) NOT-FOR-US: PrestaShop jmspagebuilder CVE-2023-29631 (PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control v ...) NOT-FOR-US: PrestaShop jmsslider CVE-2023-29630 (PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection ...) NOT-FOR-US: PrestaShop jmsmegamenu CVE-2023-29629 (PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via aja ...) NOT-FOR-US: PrestaShop jmsthemelayout CVE-2023-29628 RESERVED CVE-2023-29627 (Online Pizza Ordering v1.0 was discovered to contain an arbitrary file ...) NOT-FOR-US: Online Pizza Ordering CVE-2023-29626 (Yoga Class Registration System 1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Yoga Class Registration System CVE-2023-29625 (Employee Performance Evaluation System v1.0 was discovered to contain ...) NOT-FOR-US: Employee Performance Evaluation System CVE-2023-29624 RESERVED CVE-2023-29623 (Purchase Order Management v1.0 was discovered to contain a reflected c ...) NOT-FOR-US: Purchase Order Management CVE-2023-29622 (Purchase Order Management v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Purchase Order Management CVE-2023-29621 (Purchase Order Management v1.0 was discovered to contain an arbitrary ...) NOT-FOR-US: Purchase Order Management CVE-2023-29620 RESERVED CVE-2023-29619 RESERVED CVE-2023-29618 RESERVED CVE-2023-29617 RESERVED CVE-2023-29616 RESERVED CVE-2023-29615 RESERVED CVE-2023-29614 RESERVED CVE-2023-29613 RESERVED CVE-2023-29612 RESERVED CVE-2023-29611 RESERVED CVE-2023-29610 RESERVED CVE-2023-29609 RESERVED CVE-2023-29608 RESERVED CVE-2023-29607 RESERVED CVE-2023-29606 RESERVED CVE-2023-29605 RESERVED CVE-2023-29604 RESERVED CVE-2023-29603 RESERVED CVE-2023-29602 RESERVED CVE-2023-29601 RESERVED CVE-2023-29600 RESERVED CVE-2023-29599 RESERVED CVE-2023-29598 (lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: lmxcms CVE-2023-29597 (bloofox v0.5.2 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: bloofox CVE-2023-29596 (Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an ...) NOT-FOR-US: ByronKnoll Cmix CVE-2023-29595 RESERVED CVE-2023-29594 RESERVED CVE-2023-29593 RESERVED CVE-2023-29592 RESERVED CVE-2023-29591 RESERVED CVE-2023-29590 RESERVED CVE-2023-29589 RESERVED CVE-2023-29588 RESERVED CVE-2023-29587 RESERVED CVE-2023-29586 (Code Sector TeraCopy 3.9.7 does not perform proper access validation o ...) NOT-FOR-US: Code Sector TeraCopy CVE-2023-29585 RESERVED CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...) - mp4v2 CVE-2023-29583 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/218 NOTE: Crash in CLI tool, no security impact CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/217 NOTE: Crash in CLI tool, no security impact CVE-2023-29581 (yasm 1.3.0.55.g101bc has a segmentation violation in the function dele ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/216 NOTE: Crash in CLI tool, no security impact CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/215 NOTE: Crash in CLI tool, no security impact CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) - yasm (bug #1035951) [bookworm] - yasm (Minor issue) [bullseye] - yasm (Minor issue) [buster] - yasm (Minor issue) NOTE: https://github.com/yasm/yasm/issues/214 CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...) - mp4v2 CVE-2023-29577 RESERVED CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Bento4 CVE-2023-29575 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) NOT-FOR-US: Bento4 CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) NOT-FOR-US: Bento4 CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) NOT-FOR-US: Bento4 CVE-2023-29572 RESERVED CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesenta MJS CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesenta MJS CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesenta MJS CVE-2023-29568 RESERVED CVE-2023-29567 RESERVED CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 w ...) NOT-FOR-US: huedawn-tesseract / dawnsparks-node-tesseract CVE-2023-29565 RESERVED CVE-2023-29564 RESERVED CVE-2023-29563 RESERVED CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...) NOT-FOR-US: TP-Link CVE-2023-29561 RESERVED CVE-2023-29560 RESERVED CVE-2023-29559 RESERVED CVE-2023-29558 RESERVED CVE-2023-29557 RESERVED CVE-2023-29556 RESERVED CVE-2023-29555 RESERVED CVE-2023-29554 RESERVED CVE-2023-29553 RESERVED CVE-2023-29552 (The Service Location Protocol (SLP, RFC 2608) allows an unauthenticate ...) NOT-FOR-US: Service Location Protocol NOTE: Might affect src:openslp-dfsg, but removed years ago CVE-2023-29551 (Memory safety bugs present in Firefox 111. Some of these bugs showed e ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551 CVE-2023-29550 (Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29550 CVE-2023-29549 (Under certain circumstances, a call to the bind function ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549 CVE-2023-29548 (A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29548 CVE-2023-29547 (When a secure cookie existed in the Firefox cookie jar an insecure coo ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29547 CVE-2023-29546 (When recording the screen while in Private Browsing on Firefox for And ...) - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29546 CVE-2023-29545 (Similar to CVE-2023-28163, this time when choosing 'Save Link As', sug ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29545 CVE-2023-29544 (If multiple instances of resource exhaustion occurred at the incorrect ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29544 CVE-2023-29543 (An attacker could have caused memory corruption and a potentially expl ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29543 CVE-2023-29542 (A newline in a filename could have been used to bypass the file extens ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542 CVE-2023-29541 (Firefox did not properly handle downloads of files ending in .de ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29541 CVE-2023-29540 (Using a redirect embedded into sourceMappingUrls could al ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540 CVE-2023-29539 (When handling the filename directive in the Content-Disposition header ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29539 CVE-2023-29538 (Under specific circumstances a WebExtension may have received a ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29538 CVE-2023-29537 (Multiple race conditions in the font initialization could have led to ...) - firefox 112.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537 CVE-2023-29536 (An attacker could cause the memory manager to incorrectly free a point ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536 CVE-2023-29535 (Following a Garbage Collector compaction, weak maps may have been acce ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29535 CVE-2023-29534 (Different techniques existed to obscure the fullscreen notification in ...) - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534 CVE-2023-29533 (A website could have obscured the fullscreen notification by using a c ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox 112.0-1 - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29533 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29533 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29533 CVE-2023-29532 (A local attacker can trick the Mozilla Maintenance Service into applyi ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29532 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29532 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29532 CVE-2023-29531 (An attacker could have caused an out of bounds memory access using Web ...) - firefox (Only affects Firefox on macOS) - firefox-esr (Only affects Firefox ESR on macOS) - thunderbird (Only affects Thunderbird on macOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29531 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29531 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29531 CVE-2023-1962 (A vulnerability classified as critical was found in SourceCodester Bes ...) NOT-FOR-US: SourceCodester Best Online News Portal CVE-2023-1961 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1960 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1959 (A vulnerability has been found in SourceCodester Online Computer and L ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1958 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1957 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1956 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1955 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1954 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1953 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1952 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1951 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1950 (A vulnerability has been found in PHPGurukul BP Monitoring Management ...) NOT-FOR-US: PHPGurukul BP Monitoring Management System CVE-2023-1949 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul BP Monitoring Management System CVE-2023-1948 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: PHPGurukul BP Monitoring Management System CVE-2023-1947 (A vulnerability was found in taoCMS 3.0.2. It has been classified as c ...) NOT-FOR-US: taoCMS CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application System ...) NOT-FOR-US: SourceCodester Survey Application System CVE-2023-1945 (Unexpected data returned from the Safe Browsing API could have led to ...) {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} - firefox-esr 102.10.0esr-1 - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945 CVE-2023-1944 (This vulnerability enables ssh access to minikube container using a de ...) NOT-FOR-US: minikube CVE-2023-1943 (Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.) NOT-FOR-US: Kubernetes Operations (kOps) CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...) NOT-FOR-US: WordPress plugin CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. ...) NOT-FOR-US: WordPress plugin CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations. In versio ...) NOT-FOR-US: Laminas Diactoros CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...) NOT-FOR-US: matrix-js-sdk CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29527 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29526 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29525 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29524 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29523 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29522 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29521 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29520 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29519 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29518 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29517 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29516 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29515 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29514 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29513 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29512 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29511 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29510 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29509 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29508 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29507 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29506 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network Configuration Man ...) NOT-FOR-US: Zoho CVE-2023-28393 (A stack-based buffer overflow vulnerability exists in the tif_processi ...) NOT-FOR-US: Accusoft ImageGear CVE-2023-1942 (A vulnerability has been found in SourceCodester Online Computer and L ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1941 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Rem ...) NOT-FOR-US: Devolutions CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...) NOT-FOR-US: zhenfeng13 My-Blog CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on ...) NOT-FOR-US: WordPress plugin CVE-2013-10025 (A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress an ...) NOT-FOR-US: WordPress plugin CVE-2013-10024 (A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPre ...) NOT-FOR-US: WordPress plugin CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It has bee ...) NOT-FOR-US: WordPress plugin CVE-2023-32636 (A flaw was found in glib, where the gvariant deserialization code is v ...) - glib2.0 (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 CVE-2023-32643 (A flaw was found in GLib. The GVariant deserialization code is vulnera ...) - glib2.0 (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 CVE-2023-32665 (A flaw was found in GLib. GVariant deserialization is vulnerable to an ...) {DLA-3583-1} - glib2.0 2.74.4-1 [bullseye] - glib2.0 2.66.8-1+deb11u1 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2121 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) CVE-2023-32611 (A flaw was found in GLib. GVariant deserialization is vulnerable to a ...) {DLA-3583-1} - glib2.0 2.74.4-1 [bullseye] - glib2.0 2.66.8-1+deb11u1 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2797 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) CVE-2023-29499 (A flaw was found in GLib. GVariant deserialization fails to validate t ...) {DLA-3583-1} - glib2.0 2.74.4-1 [bullseye] - glib2.0 2.66.8-1+deb11u1 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2794 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) CVE-2023-29493 RESERVED CVE-2023-29492 (Novi Survey before 8.9.43676 allows remote attackers to execute arbitr ...) NOT-FOR-US: Novi Survey CVE-2023-29491 (ncurses before 6.4 20230408, when used by a setuid application, allows ...) {DLA-3682-1} - ncurses 6.4-3 (bug #1034372) [bullseye] - ncurses 6.2+20201114-2+deb11u2 NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230408 NOTE: http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 NOTE: https://github.com/ThomasDickey/ncurses-snapshots/commit/a6d3f92bb5bba1a71c7c3df39497abbe5fe999ff NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/12 NOTE: 6.4-3 upload configures with "--disable-root-environ" to disallow loading of NOTE: custom terminfo entries in setuid/setgid programs, mitigating the impact of NOTE: the vulnerability. CVE-2023-29490 RESERVED CVE-2023-29489 (An issue was discovered in cPanel before 11.109.9999.116. XSS can occu ...) NOT-FOR-US: cPanel CVE-2023-29488 RESERVED CVE-2023-29487 (An issue was discovered in Heimdal Thor agent versions 3.4.2 and befor ...) NOT-FOR-US: Heimdal Thor CVE-2023-29486 (An issue was discovered in Heimdal Thor agent versions 3.4.2 and befor ...) NOT-FOR-US: Heimdal Thor CVE-2023-29485 (An issue was discovered in Heimdal Thor agent versions 3.4.2 and befor ...) NOT-FOR-US: Heimdal Thor CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are able to lo ...) NOT-FOR-US: Terminalfour CVE-2023-29483 (eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remo ...) - dnspython 2.6.0-1 [bookworm] - dnspython (Minor issue) [bullseye] - dnspython (Minor issue) [buster] - dnspython (Minor issue) NOTE: https://www.dnspython.org/news/2.6.0rc1/ NOTE: https://github.com/rthalley/dnspython/commit/f66e25b5f549acf66d1fb6ead13eb3cff7d09af3 (v2.6.0rc1) NOTE: https://github.com/rthalley/dnspython/commit/e093299a49967696b1c58b68e4767de5031a3e46 (v2.6.0) NOTE: Upstream recommends not backporting fix: NOTE: https://github.com/rthalley/dnspython/issues/1051#issuecomment-1949383928 CVE-2023-29482 RESERVED CVE-2023-29481 RESERVED CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked af ...) - rnp 0.16.3-1 (bug #1034558) NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed.) {DSA-5392-1 DLA-3400-1} - rnp 0.16.3-1 (bug #1034558) - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479 NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ CVE-2023-29478 (BiblioCraft before 2.4.6 does not sanitize path-traversal characters i ...) NOT-FOR-US: BiblioCraft CVE-2023-29477 RESERVED CVE-2023-29476 RESERVED CVE-2023-29475 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...) NOT-FOR-US: Unify CVE-2023-29474 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...) NOT-FOR-US: Unify CVE-2023-29473 (webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Ma ...) NOT-FOR-US: Unify CVE-2023-29472 RESERVED CVE-2023-29471 (Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug i ...) NOT-FOR-US: Lightbend Alpakka Kafka CVE-2023-29470 RESERVED CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...) {DSA-5391-1 DLA-3405-1} - libxml2 2.9.14+dfsg-1.2 (bug #1034437) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4) CVE-2023-29468 (The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the ...) NOT-FOR-US: Texas Instruments CVE-2023-29467 RESERVED CVE-2023-29466 RESERVED CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world ...) - flintqs (unimportant) NOTE: https://github.com/sagemath/FlintQS/issues/3 NOTE: https://github.com/sagemath/sage/pull/35419 NOTE: Neutralised by kernel hardening CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor Hub (ISH ...) NOT-FOR-US: Intel CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...) NOT-FOR-US: Intel CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version ...) NOT-FOR-US: Intel CVE-2023-28715 (Improper access control in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) NOT-FOR-US: Intel CVE-2023-28396 (Improper access control in firmware for some Intel(R) Thunderbol(TM) C ...) NOT-FOR-US: Intel CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...) NOT-FOR-US: Intel CVE-2023-22310 (Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...) NOT-FOR-US: Intel CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.11.11+ds1-1 CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass, ...) NOT-FOR-US: ROC800-Series RTU devices CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...) NOT-FOR-US: PnPSCADA CVE-2023-1933 RESERVED CVE-2023-1932 [rendering of invalid html with SafeHTML leads to HTML injection and XSS] RESERVED - libhibernate-validator-java (bug #1063540) [bookworm] - libhibernate-validator-java (Minor issue) [bullseye] - libhibernate-validator-java (Minor issue) [buster] - libhibernate-validator-java (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1809444 CVE-2023-1931 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1930 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1929 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1928 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1927 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1926 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1925 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1924 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1923 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1922 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1921 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1920 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1919 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-48436 RESERVED CVE-2023-29464 (FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an ...) NOT-FOR-US: Rockwell Automation CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is exposed to ...) NOT-FOR-US: Rockwell Automation CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...) NOT-FOR-US: laola.redbull CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...) - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) [buster] - zabbix (vulnerable code introduced later) NOTE: This appears to be bug in Zabbix's use of duktape, not an issue in src:duktape per se NOTE: https://support.zabbix.com/browse/ZBX-22989 NOTE: duktape library introduced with https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2 (5.0.0alpha1) CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22988 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22987 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22986 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22985 CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...) - zabbix 1:6.0.23+dfsg-1 (unimportant) NOTE: Zabbix in Debian uses Debian Go package CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...) - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (vulnerable code introduced later) [buster] - zabbix (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-22981 NOTE: Patches links: https://support.zabbix.com/browse/ZBX-22720 NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6) CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (5.x not affected) NOTE: https://support.zabbix.com/browse/ZBX-22587 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...) {DLA-3538-1} - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22588 NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4 NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...) - zabbix 1:6.0.23+dfsg-1 (bug #1055175) [bookworm] - zabbix (Minor issue) [bullseye] - zabbix (Minor issue) [buster] - zabbix (vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-22589 NOTE: Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62 NOTE: applied in upstream release/5.0 branch: https://github.com/zabbix/zabbix/commit/c21cf2fa656b75733e3abc09d8f20690735b3f22 NOTE: vulnerable module introduced in https://github.com/zabbix/zabbix/commit/18d2abfc40 (5.0.0alpha1) CVE-2023-29448 RESERVED CVE-2023-29447 (An insufficiently protected credentials vulnerability in KEPServerEX c ...) NOT-FOR-US: KEPServerEX CVE-2023-29446 (An improper input validation vulnerability has been discovered that co ...) NOT-FOR-US: PTC CVE-2023-29445 (An uncontrolled search path element vulnerability (DLL hijacking) has ...) NOT-FOR-US: PTC CVE-2023-29444 (An uncontrolled search path element vulnerability (DLL hijacking) has ...) NOT-FOR-US: PTC CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...) NOT-FOR-US: WordPress plugin CVE-2023-29440 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) NOT-FOR-US: WordPress plugin CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) NOT-FOR-US: FooGallery CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) NOT-FOR-US: WordPress plugin CVE-2023-29437 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-29436 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-29435 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fanc ...) NOT-FOR-US: WordPress plugin CVE-2023-29433 RESERVED CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-29431 RESERVED CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...) NOT-FOR-US: WordPress theme CVE-2023-29429 RESERVED CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb So ...) NOT-FOR-US: WordPress plugin CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...) NOT-FOR-US: WordPress plugin CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd ...) NOT-FOR-US: WordPress plugin CVE-2023-29425 (Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com Shift ...) NOT-FOR-US: WordPress plugin CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...) NOT-FOR-US: WordPress plugin CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-29422 RESERVED CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...) - tiff (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537 NOTE: Crash in CLI tool, no security impact CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-1914 RESERVED CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: Limit Login Attempts plugin for WordPress CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not ensure t ...) NOT-FOR-US: WordPress plugin CVE-2023-1910 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-1909 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul BP Monitoring Management System CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) NOT-FOR-US: SourceCodester Simple Mobile Comparison Website CVE-2023-1907 RESERVED CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...) {DSA-5628-1} - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373) [buster] - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84) CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly escape ...) NOT-FOR-US: WordPress plugin CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 o ...) NOT-FOR-US: WordPress plugin CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6 on Wo ...) NOT-FOR-US: WordPress plugin CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html] - rust-spin 0.9.5-2 (bug #1034374) [bullseye] - rust-spin (Introduced in 0.9.3) [buster] - rust-spin (Introduced in 0.9.3) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0031.html NOTE: https://github.com/mvdnes/spin-rs/issues/148 CVE-2023-29421 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/issues/94 NOTE: https://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d (1.2.3) CVE-2023-29420 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/bb06deb85f1c249838eb938e0dab271d4194f8fa (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29419 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29418 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) [experimental] - bzip3 1.2.3-1 - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d (1.2.3) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29417 (An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_d ...) - bzip3 (unimportant) NOTE: https://github.com/kspalaiologos/bzip3/issues/97 NOTE: Issue between library and example code not correctly using the API CVE-2023-29416 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_dec ...) - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff (1.3.0) NOTE: https://github.com/kspalaiologos/bzip3/issues/92 CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial ...) - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/issues/95 NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 (1.3.0) CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer ...) NOT-FOR-US: Schneider CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...) NOT-FOR-US: Schneider CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider CVE-2023-39322 (QUIC connections do not set an upper bound on the amount of data buffe ...) - golang-1.21 1.21.1-1 NOTE: https://go.dev/issue/62266 NOTE: https://github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1) NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM CVE-2023-39321 (Processing an incomplete post-handshake message for a QUIC connection ...) - golang-1.21 1.21.1-1 NOTE: https://go.dev/issue/62266 NOTE: https://github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1) NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM CVE-2023-39320 (The go.mod toolchain directive, introduced in Go 1.21, can be leverage ...) - golang-1.21 1.21.1-1 NOTE: https://go.dev/issue/62198 NOTE: https://github.com/golang/go/commit/d25a935574efd573668d8ce9ea4cfc530bb63ecb (go1.21.1) NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM CVE-2023-39319 (The html/template package does not apply the proper rules for handling ...) - golang-1.21 1.21.1-1 - golang-1.20 1.20.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/62197 NOTE: https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1) NOTE: https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8) NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM CVE-2023-39318 (The html/template package does not properly handle HTML-like "" commen ...) - golang-1.21 1.21.1-1 - golang-1.20 1.20.8-1 - golang-1.19 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/62196 NOTE: https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1) NOTE: https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8) NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...) - golang-1.20 1.20.7-1 - golang-1.19 1.19.12-1 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI CVE-2023-29408 (The TIFF decoder does not place a limit on the size of compressed tile ...) - golang-golang-x-image 0.11.0-1 (bug #1043159) [bookworm] - golang-golang-x-image (Minor issue) [bullseye] - golang-golang-x-image (Minor issue) [buster] - golang-golang-x-image (Limited support, minor issue, DoS) NOTE: https://go.dev/issue/61582 NOTE: https://go.dev/cl/514897 NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) CVE-2023-29407 (A maliciously-crafted image can cause excessive CPU consumption in dec ...) - golang-golang-x-image 0.11.0-1 (bug #1043159) [bookworm] - golang-golang-x-image (Minor issue) [bullseye] - golang-golang-x-image (Minor issue) [buster] - golang-golang-x-image (Limited support, minor issue, DoS) NOTE: https://go.dev/issue/61581 NOTE: https://go.dev/cl/514897 NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) CVE-2023-29406 (The HTTP/1 client does not fully validate the contents of the Host hea ...) - golang-1.20 1.20.6-1 - golang-1.19 1.19.11-1 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 NOTE: https://github.com/golang/go/issues/60374 NOTE: https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6) NOTE: https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11) CVE-2023-29405 (The go command may execute arbitrary code at build time when using cgo ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 NOTE: https://github.com/golang/go/issues/60306 NOTE: https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 (go1.20.5) NOTE: https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637 (go1.20.5) NOTE: https://github.com/golang/go/commit/44e0fb13e783a44463e95926a674fd580daa3a55 (go1.19.10) NOTE: https://github.com/golang/go/commit/3ba9c890b86dc8c3a54c98d32497b7a8012704f9 (go1.19.10) CVE-2023-29404 (The go command may execute arbitrary code at build time when using cgo ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 NOTE: https://github.com/golang/go/issues/60305 NOTE: https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 (go1.20.5) NOTE: https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828 (go1.19.10) CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently when a b ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 NOTE: https://github.com/golang/go/issues/60272 NOTE: https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5) NOTE: https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10) CVE-2023-29402 (The go command may generate unexpected code at build time when using c ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 NOTE: https://github.com/golang/go/issues/60167 NOTE: https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5) NOTE: https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f (go.1.19.10) CVE-2023-29401 (The filename parameter of the Context.FileAttachment function is not p ...) - golang-github-gin-gonic-gin (bug #1037530) [bookworm] - golang-github-gin-gonic-gin (Minor issue) [bullseye] - golang-github-gin-gonic-gin (Minor issue) [buster] - golang-github-gin-gonic-gin (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/gin-gonic/gin/issues/3555 NOTE: https://github.com/gin-gonic/gin/commit/2d4bbec941551479b1fdf1e54ece03e6e82a7e72 (v1.9.1) CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...) - golang-1.20 1.20.4-1 [experimental] - golang-1.19 1.19.9-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) [bullseye] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU NOTE: https://github.com/golang/go/issues/59722 NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9) NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4) CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...) NOT-FOR-US: Octopus Server CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...) NOT-FOR-US: SAP CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...) NOT-FOR-US: Zephyr CVE-2023-1901 (The bluetooth HCI host layer logic not clearing a global reference to ...) NOT-FOR-US: Zephyr CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...) NOT-FOR-US: Norton CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure connection by ...) NOT-FOR-US: Atlas Copco Power Focus 6000 web server CVE-2023-1898 (Atlas Copco Power Focus 6000 web server uses a small amount of session ...) NOT-FOR-US: Atlas Copco Power Focus 6000 web server CVE-2023-1897 (Atlas Copco Power Focus 6000 web server does not sanitize the login in ...) NOT-FOR-US: Atlas Copco Power Focus 6000 web server CVE-2023-1896 RESERVED CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) - puppet (Limit to Puppet Server 7) - puppetserver 7.9.5-2 (bug #1035541) NOTE: https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos NOTE: https://github.com/puppetlabs/puppetserver/pull/2700 NOTE: https://github.com/puppetlabs/puppetserver/commit/545998b71baf70e35dc60c287f2cb2fc11ef9be2 (7.11.0) NOTE: https://github.com/puppetlabs/puppetserver/commit/9e0239c19bc852b98c1a63fb33998de7eae388dc (7.11.0) CVE-2023-29399 RESERVED CVE-2023-29398 RESERVED CVE-2023-29397 RESERVED CVE-2023-29396 RESERVED CVE-2023-29395 RESERVED CVE-2023-29394 RESERVED CVE-2023-29393 RESERVED CVE-2023-29392 RESERVED CVE-2023-29391 RESERVED CVE-2023-29390 RESERVED CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from other ECUs ...) NOT-FOR-US: Toyota CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCod ...) NOT-FOR-US: WordPress plugin CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-29386 (Unrestricted Upload of File with Dangerous Type vulnerability in Julie ...) NOT-FOR-US: WordPress plugin CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...) NOT-FOR-US: WordPress plugin CVE-2023-29384 (Unrestricted Upload of File with Dangerous Type vulnerability in HM Pl ...) NOT-FOR-US: WordPress plugin CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...) - ruby-sidekiq (Vulnerable code not present) NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777 NOTE: Introduced by: https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73 (v7.0.4) NOTE: Fixed by: https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 (v7.0.8) CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not escape vari ...) NOT-FOR-US: WordPress plugin CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...) NOT-FOR-US: WordPress plugin CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...) NOT-FOR-US: WordPress plugin CVE-2023-1888 (The Directorist plugin for WordPress is vulnerable to an arbitrary use ...) NOT-FOR-US: WordPress plugin CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...) NOT-FOR-US: phpmyfaq CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...) NOT-FOR-US: phpmyfaq CVE-2023-1885 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1884 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) NOT-FOR-US: phpmyfaq CVE-2023-1883 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) NOT-FOR-US: phpmyfaq CVE-2023-1882 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) NOT-FOR-US: phpmyfaq CVE-2023-1881 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2023-1880 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-1879 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...) NOT-FOR-US: microweber CVE-2023-1876 REJECTED CVE-2023-1875 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privilege esc ...) NOT-FOR-US: WP Data Access plugin for WordPress CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Faturamatik Bircard CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...) {DLA-3404-1} - linux 5.17.3-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=08681391b84da27133deefaaddefd0acfa90c2be NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=da24142b1ef9fd5d36b76e36bab328a5b27523e8 CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1869 (The YourChannel plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1868 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1867 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable ...) NOT-FOR-US: FANUC CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Eskom Computer Water Metering Software CVE-2023-1862 (Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a mal ...) NOT-FOR-US: Cloudflare WARP client for Windows CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...) NOT-FOR-US: WCFM Membership plugin for WordPress CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...) NOT-FOR-US: WCFM Membership plugin for WordPress CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...) NOT-FOR-US: WordPress plugin CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: WCFM Frontend Manager plugin for WordPress CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...) NOT-FOR-US: WCFM Frontend Manager plugin for WordPress CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WCFM Marketplace plugin for WordPress CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WCFM Marketplace plugin for WordPress CVE-2021-4335 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...) NOT-FOR-US: WordPress plugin CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...) NOT-FOR-US: phpMiniAdmin CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...) - shadow 1:4.13+dfsg1-2 (bug #1034482) [bookworm] - shadow (Minor issue) [bullseye] - shadow (Minor issue) [buster] - shadow (Minor issue) NOTE: https://github.com/shadow-maint/shadow/pull/687 NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d (4.14.0-rc1) NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an atta ...) NOT-FOR-US: Zimbra CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a rem ...) NOT-FOR-US: Zimbra CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...) NOT-FOR-US: Warpinator CVE-2023-29379 RESERVED CVE-2023-29378 RESERVED CVE-2023-29377 RESERVED CVE-2023-29376 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) NOT-FOR-US: Progress Sitefinity CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) NOT-FOR-US: Progress Sitefinity CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...) NOT-FOR-US: LangChain CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29366 (Windows Geolocation Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-29360 (Microsoft Streaming Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29359 (GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29356 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29348 (Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vul ...) NOT-FOR-US: Microsoft CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29342 RESERVED CVE-2023-29341 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29340 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29339 RESERVED CVE-2023-29338 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) - nuget (bug #1050835) [bookworm] - nuget (Minor issue) [bullseye] - nuget (Minor issue) [buster] - nuget (Can wait for next update) NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29332 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29329 RESERVED CVE-2023-29328 (Microsoft Teams Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29327 RESERVED CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...) - opensmtpd 7.3.0p1-1 (bug #1034178) [bookworm] - opensmtpd (Minor issue) [bullseye] - opensmtpd (Minor issue) [buster] - opensmtpd (Minor issue) NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-29320 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) NOT-FOR-US: Adobe CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-29306 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...) NOT-FOR-US: Adobe CVE-2023-29305 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...) NOT-FOR-US: Adobe CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-29299 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29295 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29294 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29293 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29292 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29291 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29290 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29289 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29288 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29287 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29284 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29283 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29282 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29281 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29280 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29279 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29278 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29277 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29276 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29275 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29274 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-29273 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...) NOT-FOR-US: Keysight IXIA Hawkeye CVE-2023-1859 (A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/tr ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 NOTE: https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/ CVE-2023-1858 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1857 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Management ...) NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-1855 (A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-2 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 (6.3-rc3) CVE-2023-1854 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1853 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1852 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1851 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1850 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll System 1.0 ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll System ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1845 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1844 (The Subscribe2 plugin for WordPress is vulnerable to unauthorized acce ...) NOT-FOR-US: Subscribe2 plugin for WordPress CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: WordPress plugin CVE-2023-1842 REJECTED CVE-2023-1841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Honeywell CVE-2023-29272 RESERVED CVE-2023-29271 RESERVED CVE-2023-29270 RESERVED CVE-2023-29269 RESERVED CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Sta ...) NOT-FOR-US: TIBCO CVE-2023-29267 RESERVED CVE-2023-29266 RESERVED CVE-2023-29265 RESERVED CVE-2023-29264 RESERVED CVE-2023-29263 RESERVED CVE-2023-29262 RESERVED CVE-2023-29261 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user wit ...) NOT-FOR-US: IBM CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...) NOT-FOR-US: IBM CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-29258 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-29256 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-29255 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-29254 RESERVED CVE-2023-29253 RESERVED CVE-2023-29252 RESERVED CVE-2023-29251 RESERVED CVE-2023-29250 RESERVED CVE-2023-29249 RESERVED CVE-2023-29248 RESERVED CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored XSS.Thi ...) - airflow (bug #819700) CVE-2023-29246 (An attacker who has gained access to an admin account can perform RCE ...) NOT-FOR-US: Apache OpenMeetings CVE-2023-29239 RESERVED CVE-2023-29238 (Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate ...) NOT-FOR-US: WordPress plugin CVE-2023-29237 RESERVED CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...) NOT-FOR-US: WordPress theme CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Sw ...) NOT-FOR-US: WordPress plugin CVE-2023-29234 (A deserialization vulnerability existed when decode amalicious package ...) NOT-FOR-US: Apache Dubbo CVE-2023-23581 (A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHe ...) NOT-FOR-US: SoftEther VPN CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...) NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) NOT-FOR-US: WordPress plugin CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...) - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18) CVE-2023-1837 (Missing Authentication for critical function vulnerability in HYPR Ser ...) NOT-FOR-US: HYPR CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...) - gitlab 15.10.8+ds1-2 CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...) NOT-FOR-US: WordPress plugin CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...) NOT-FOR-US: Rockwell Automation CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...) NOT-FOR-US: DTS Electronics Redline Router firmware CVE-2023-1832 (An improper access control flaw was found in Candlepin. An attacker ca ...) NOT-FOR-US: Red Hat Satellite / Candlepin CVE-2023-1831 (Mattermost fails to redact from audit logsthe user password during use ...) - mattermost-server (bug #823556) CVE-2023-1830 RESERVED CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-898/ NOTE: https://git.kernel.org/linus/8c710f75256bb3cf05ac7b1672c82b92c43f3d28 (6.3-rc1) CVE-2023-1828 RESERVED CVE-2023-1827 (A vulnerability has been found in SourceCodester Centralized Covid Vac ...) NOT-FOR-US: SourceCodester Centralized Covid Vaccination Records System CVE-2023-1826 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2023-1825 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-48435 (In JetBrains PhpStorm before 2023.1 source code could be logged in the ...) NOT-FOR-US: JetBrains PhpStorm CVE-2023-29233 RESERVED CVE-2023-29232 RESERVED CVE-2023-29231 RESERVED CVE-2023-29230 RESERVED CVE-2023-29229 RESERVED CVE-2023-29228 RESERVED CVE-2023-29227 RESERVED CVE-2023-29226 RESERVED CVE-2023-29225 RESERVED CVE-2023-29224 RESERVED CVE-2023-29223 RESERVED CVE-2023-29222 RESERVED CVE-2023-29221 RESERVED CVE-2023-29220 RESERVED CVE-2023-29219 RESERVED CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows attackers ...) NOT-FOR-US: Twitter Recommendation Algorithm CVE-2023-29217 RESERVED CVE-2023-29169 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) NOT-FOR-US: mySCADA myPRO CVE-2023-29150 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) NOT-FOR-US: mySCADA myPRO CVE-2023-28716 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) NOT-FOR-US: mySCADA myPRO CVE-2023-28400 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) NOT-FOR-US: mySCADA myPRO CVE-2023-28384 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) NOT-FOR-US: mySCADA myPRO CVE-2023-1824 RESERVED CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...) {DSA-5386-1} - chromium 112.0.5615.49-1 [buster] - chromium (see DSA 5046) CVE-2023-1809 (The Download Manager WordPress plugin before 6.3.0 leaks master key in ...) NOT-FOR-US: WordPress plugin CVE-2023-1808 RESERVED CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effectively f ...) NOT-FOR-US: Apache Linkis CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filtering of pa ...) NOT-FOR-US: Apache Linkis CVE-2023-29214 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29213 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-29212 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29211 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29210 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29209 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29208 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29207 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29206 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29205 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29204 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29203 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29202 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29201 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-29200 (Contao is an open source content management system. Prior to versions ...) NOT-FOR-US: Contao CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...) NOT-FOR-US: Node vm2 CVE-2023-29198 (Electron is a framework which lets you write cross-platform desktop ap ...) - electron (bug #842420) CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...) {DLA-3705-1} - php-guzzlehttp-psr7 2.4.5-1 (bug #1034581) [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u2 - php-nyholm-psr7 1.5.1-2 (bug #1034597) [bullseye] - php-nyholm-psr7 1.3.2-2+deb11u1 NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw NOTE: https://github.com/guzzle/psr7/commit/0454e12ef0cd597ccd2adb036f7bda4e7fface66 (2.4.5) NOTE: https://github.com/Nyholm/psr7/security/advisories/GHSA-wjfc-pgfp-pv9c NOTE: https://github.com/Nyholm/psr7/commit/1029a2671cbdd3e075a21952082c2be7c8018426 (1.6.1) CVE-2023-29196 (Discourse is an open source platform for community discussion. This vu ...) NOT-FOR-US: Discourse CVE-2023-29195 (Vitess is a database clustering system for horizontal scaling of MySQL ...) NOT-FOR-US: Vitess CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...) NOT-FOR-US: Vitess CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...) NOT-FOR-US: Go SpiceDB CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with access to t ...) NOT-FOR-US: SilverwareGames.io CVE-2023-29191 RESERVED CVE-2023-29190 RESERVED CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...) NOT-FOR-US: SAP CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4 ...) NOT-FOR-US: SAP CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...) NOT-FOR-US: SAP CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...) NOT-FOR-US: SAP CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, ...) NOT-FOR-US: SAP CVE-2023-29184 RESERVED CVE-2023-29183 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: FortiGuard CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...) NOT-FOR-US: FortiGuard CVE-2023-29181 (A use of externally-controlled format string in Fortinet FortiOS 7.2.0 ...) NOT-FOR-US: Fortinet CVE-2023-29180 (A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7 ...) NOT-FOR-US: Fortinet CVE-2023-29179 (A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7 ...) NOT-FOR-US: Fortinet CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...) NOT-FOR-US: Fortinet CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic buffer o ...) NOT-FOR-US: FortiGuard CVE-2023-29176 RESERVED CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) NOT-FOR-US: FortiGuard CVE-2023-29174 RESERVED CVE-2023-29173 RESERVED CVE-2023-29172 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...) NOT-FOR-US: WordPress plugin CVE-2023-29171 (Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Po ...) NOT-FOR-US: WordPress plugin CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-1807 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) NOT-FOR-US: WordPress plugin CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) NOT-FOR-US: WordPress plugin CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) NOT-FOR-US: WordPress plugin CVE-2023-1803 (Authentication Bypass by Alternate Name vulnerability in DTS Electroni ...) NOT-FOR-US: DTS Electronics Redline Router firmware CVE-2023-1802 (In Docker Desktop 4.17.x the Artifactory Integration falls back to sen ...) NOT-FOR-US: Docker Desktop CVE-2023-1801 (The SMB protocol decoder in tcpdump version 4.99.3 can perform an out- ...) [experimental] - tcpdump 4.99.4-1 - tcpdump 4.99.4-2 (bug #1034086; unimportant) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501 (master) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bc (tcpdump-4.99.4) NOTE: SMB printer not enabled in Debian builds CVE-2023-1800 (A vulnerability, which was classified as critical, has been found in s ...) NOT-FOR-US: sjqzhang go-fastdfs CVE-2023-1799 (A vulnerability, which was classified as problematic, was found in Eyo ...) NOT-FOR-US: EyouCMS CVE-2023-1798 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: EyouCMS CVE-2023-1797 (A vulnerability classified as critical was found in OTCMS 6.0.1. Affec ...) NOT-FOR-US: OTCMS CVE-2023-1796 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Employee Payslip Generator CVE-2023-1795 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...) NOT-FOR-US: SourceCodester Gadget Works Online Ordering System CVE-2023-1794 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) NOT-FOR-US: SourceCodester Police Crime Record Management System CVE-2023-1793 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) NOT-FOR-US: SourceCodester Police Crime Record Management System CVE-2023-1792 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) NOT-FOR-US: SourceCodester Simple Mobile Comparison Website CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allocatio ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools software ...) - mdadm 4.2~rc2-2 (unimportant) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 (mdadm-4.2-rc2) NOTE: Negligible security impact as the memory leak is after "mdadm --detail" which NOTE: is one shoot action. CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...) - mdadm 4.2-1 [bullseye] - mdadm (Minor issue) [buster] - mdadm (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=ced5fa8b170ad448f4076e24a10c731b5cfb36ce (mdadm-4.2) CVE-2023-28717 RESERVED CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library maintain ...) NOT-FOR-US: Intel CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) ...) NOT-FOR-US: Intel CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon software before ...) NOT-FOR-US: Intel CVE-2023-27883 RESERVED CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...) NOT-FOR-US: Intel CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...) NOT-FOR-US: Intel CVE-2023-24591 (Uncontrolled search path in some Intel(R) Binary Configuration Tool so ...) NOT-FOR-US: Intel CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...) NOT-FOR-US: firefly-iii CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...) NOT-FOR-US: firefly-iii CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...) - cloud-init 23.2-1 (bug #1035023) [bookworm] - cloud-init (Minor issue) [bullseye] - cloud-init (Minor issue) [buster] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/cloud-init/+bug/2013967 NOTE: https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b (23.2) CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...) NOT-FOR-US: jeecg-boot CVE-2023-29149 RESERVED CVE-2023-29148 RESERVED CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the det ...) NOT-FOR-US: Malwarebytes EDR CVE-2023-29146 RESERVED CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...) NOT-FOR-US: Malwarebytes EDR CVE-2023-29144 RESERVED CVE-2023-29143 RESERVED CVE-2023-29142 RESERVED CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...) {DSA-5447-1 DLA-3540-1} - mediawiki 1:1.39.4-1 NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 NOTE: https://phabricator.wikimedia.org/T285159 CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29138 RESERVED NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2023-29136 RESERVED CVE-2023-29135 RESERVED NOT-FOR-US: CheckUser MediaWiki extension CVE-2023-29134 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...) NOT-FOR-US: Cargo MediaWiki extension CVE-2023-29133 RESERVED NOT-FOR-US: Cargo MediaWiki extension CVE-2023-29132 (Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use ...) - irssi 1.4.3-2 (bug #1033785) [bullseye] - irssi (Vulnerable code introduced later) [buster] - irssi (Vulnerable code introduced later) NOTE: https://irssi.org/security/irssi_sa_2023_03.txt NOTE: https://github.com/irssi/irssi/pull/1456 NOTE: https://github.com/irssi/irssi/commit/c554a45738712219c066897b09a44d99afeb4240 CVE-2023-29131 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-29130 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) NOT-FOR-US: Siemens CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29127 RESERVED CVE-2023-29126 RESERVED CVE-2023-29125 RESERVED CVE-2023-29124 RESERVED CVE-2023-29123 RESERVED CVE-2023-29122 RESERVED CVE-2023-29121 RESERVED CVE-2023-29120 RESERVED CVE-2023-29119 RESERVED CVE-2023-29118 RESERVED CVE-2023-29117 RESERVED CVE-2023-29116 RESERVED CVE-2023-29115 RESERVED CVE-2023-29114 RESERVED CVE-2023-29113 RESERVED CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...) NOT-FOR-US: SAP CVE-2023-29111 (The SAP AIF (ODATA service) - versions 755, 756, discloses more detail ...) NOT-FOR-US: SAP CVE-2023-29110 (The SAP Application Interface (Message Dashboard) - versions AIF 703, ...) NOT-FOR-US: SAP CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - versions ...) NOT-FOR-US: SAP CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...) NOT-FOR-US: SAP CVE-2023-29107 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29106 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29105 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29102 (Unrestricted Upload of File with Dangerous Type vulnerability in Olive ...) NOT-FOR-US: WordPress plugin CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...) NOT-FOR-US: Muffingroup CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...) NOT-FOR-US: WordPress plugin CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress theme CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...) NOT-FOR-US: WordPress plugin CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...) NOT-FOR-US: WordPress Plugin CVE-2023-29096 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...) NOT-FOR-US: WordPress plugin CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...) NOT-FOR-US: OrangeScrum CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...) - nomad (Vulnerable code not present; Introduced in 1.5.0) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-13-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375 CVE-2023-1781 RESERVED CVE-2023-1780 (The Companion Sitemap Generator WordPress plugin before 4.5.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-1779 (Exposure of Sensitive Information to an unauthorized actor vulnerabili ...) NOT-FOR-US: MB Connect Lines CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...) NOT-FOR-US: GajShield Data Security Firewall firmware CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...) - mattermost-server (bug #823556) CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...) - mattermost-server (bug #823556) CVE-2023-1775 (When running in a High Availability configuration, Mattermost fails to ...) - mattermost-server (bug #823556) CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...) - mattermost-server (bug #823556) CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...) NOT-FOR-US: Rockoa CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...) NOT-FOR-US: DataGear CVE-2023-1771 (A vulnerability was found in SourceCodester Grade Point Average GPA Ca ...) NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Average G ...) NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p ...) - check-mk CVE-2023-1767 (The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to ...) NOT-FOR-US: Snyk Advisor website CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Akbim Computer Panon CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Akbim Computer Panon CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem for Exyno ...) NOT-FOR-US: Samsung CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29089 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29088 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29087 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) NOT-FOR-US: Samsung CVE-2023-29084 (Zoho ManageEngine ADManager Plus before 7181 allows for authenticated ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-29083 RESERVED CVE-2023-29082 RESERVED CVE-2023-29081 (A vulnerability has been reported in Suite Setups built with versions ...) NOT-FOR-US: InstallShield CVE-2023-29080 RESERVED CVE-2023-29079 REJECTED CVE-2023-29078 REJECTED CVE-2023-29077 RESERVED CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed t ...) NOT-FOR-US: Autodesk CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk AutoCAD 20 ...) NOT-FOR-US: Autodesk CVE-2023-29074 (A maliciously crafted CATPART file when parsed through Autodesk AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk AutoCAD ...) NOT-FOR-US: Autodesk CVE-2023-29072 RESERVED CVE-2023-29071 RESERVED CVE-2023-29070 RESERVED CVE-2023-29069 (A maliciously crafted DLL file can be forced to install onto a non-def ...) NOT-FOR-US: Autodesk CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...) NOT-FOR-US: Autodesk CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-29066 (The FACSChorus software does not properly assign data access privilege ...) NOT-FOR-US: FACSChorus CVE-2023-29065 (The FACSChorus software database can be accessed directly with the pri ...) NOT-FOR-US: FACSChorus CVE-2023-29064 (The FACSChorus software contains sensitive information stored in plain ...) NOT-FOR-US: FACSChorus CVE-2023-29063 (The FACSChorus workstation does not prevent physical access to its PCI ...) NOT-FOR-US: FACSChorus CVE-2023-29062 (The Operating System hosting the FACSChorus application is configured ...) NOT-FOR-US: FACSChorus CVE-2023-29061 (There is no BIOS password on the FACSChorus workstation. A threat acto ...) NOT-FOR-US: FACSChorus CVE-2023-29060 (The FACSChorus workstation operating system does not restrict what dev ...) NOT-FOR-US: FACSChorus CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...) NOT-FOR-US: Canon CVE-2023-1763 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...) NOT-FOR-US: Canon CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...) NOT-FOR-US: phpmyfaq CVE-2023-1761 (Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3 ...) NOT-FOR-US: phpmyfaq CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1758 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) NOT-FOR-US: phpmyfaq CVE-2023-1757 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1756 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) NOT-FOR-US: phpmyfaq CVE-2023-1754 (Improper Neutralization of Input During Web Page Generation in GitHub ...) NOT-FOR-US: phpmyfaq CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2023-1752 (The listed versions of Nexx Smart Home devices could allow any user to ...) NOT-FOR-US: Nexx Smart Home devices CVE-2023-1751 (The listed versions of Nexx Smart Home devices use a WebSocket server ...) NOT-FOR-US: Nexx Smart Home devices CVE-2023-1750 (The listed versions of Nexx Smart Home devices lack proper access cont ...) NOT-FOR-US: Nexx Smart Home devices CVE-2023-1749 (The listed versions of Nexx Smart Home devices lack proper access cont ...) NOT-FOR-US: Nexx Smart Home devices CVE-2023-1748 (The listed versions of Nexx Smart Home devices use hard-coded credenti ...) NOT-FOR-US: Nexx Smart Home devices CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...) NOT-FOR-US: IBOS CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...) NOT-FOR-US: Dreamer CMS CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: KMPlayer (different from src:kmplayer) CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...) NOT-FOR-US: IBOS CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...) NOT-FOR-US: IBOS CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...) NOT-FOR-US: 3CX DesktopApp CVE-2023-29058 (A valid, authenticated XCC user with read-only permissions can modify ...) NOT-FOR-US: Lenovo CVE-2023-29057 (A valid XCC user's local account permissions overrides their active di ...) NOT-FOR-US: Lenovo CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to read-onl ...) NOT-FOR-US: Lenovo CVE-2023-29055 (In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web i ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < V11.3.2 ...) NOT-FOR-US: Siemens CVE-2023-29052 (Users were able to define disclaimer texts for an upsell shop dialog t ...) NOT-FOR-US: Open-Xchange CVE-2023-29051 (User-defined OXMF templates could be used to access a limited part of ...) NOT-FOR-US: Open-Xchange CVE-2023-29050 (The optional "LDAP contacts provider" could be abused by privileged us ...) NOT-FOR-US: Open-Xchange CVE-2023-29049 (The "upsell" widget at the portal page could be abused to inject arbit ...) NOT-FOR-US: Open-Xchange CVE-2023-29048 (A component for parsing OXMF templates could be abused to execute arbi ...) NOT-FOR-US: Open-Xchange CVE-2023-29047 (Imageconverter API endpoints provided methods that were not sufficient ...) NOT-FOR-US: Open-Xchange CVE-2023-29046 (Connections to external data sources, like e-mail autoconfiguration, w ...) NOT-FOR-US: Open-Xchange CVE-2023-29045 (Documents operations, in this case "drawing", could be manipulated to ...) NOT-FOR-US: Open-Xchange CVE-2023-29044 (Documents operations could be manipulated to contain invalid data type ...) NOT-FOR-US: Open-Xchange CVE-2023-29043 (Presentations may contain references to images, which are user-control ...) NOT-FOR-US: Open-Xchange CVE-2023-29042 REJECTED CVE-2023-29041 REJECTED CVE-2023-29040 REJECTED CVE-2023-29039 REJECTED CVE-2023-29038 REJECTED CVE-2023-29037 REJECTED CVE-2023-29036 REJECTED CVE-2023-29035 REJECTED CVE-2023-29034 REJECTED CVE-2023-29033 REJECTED CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...) NOT-FOR-US: jeecg-boot CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...) NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System CVE-2023-1738 (A vulnerability has been found in SourceCodester Young Entrepreneur E- ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1737 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1736 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodester You ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...) - gitlab 15.10.8+ds1-2 CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...) NOT-FOR-US: Cloudflare CIRCL CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration file ...) NOT-FOR-US: LTOS CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...) {DSA-5412-1 DLA-3433-1} - libraw 0.20.2-2.1 (bug #1036281) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240 NOTE: https://github.com/LibRaw/LibRaw/issues/557 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master) NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable) CVE-2023-1728 (Unrestricted Upload of File with Dangerous Type vulnerability in Fernu ...) NOT-FOR-US: Fernus Informatics LMS CVE-2023-1727 RESERVED CVE-2023-1726 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Proliz OBS CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Project M ...) NOT-FOR-US: Infoline Project Management System CVE-2023-1724 (Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent ...) NOT-FOR-US: Faveo Helpdesk Enterprise CVE-2023-1723 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Veragroup Mobile Assistant CVE-2023-1722 (Yoga Class Registration System version 1.0 allows an administrator to ...) NOT-FOR-US: Yoga Class Registration System CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an administrator to ...) NOT-FOR-US: Yoga Class Registration System CVE-2023-1720 (Lack of mime type response header in Bitrix24 22.0.300 allows authenti ...) NOT-FOR-US: Bitrix24 CVE-2023-1719 (Global variable extraction in bitrix/modules/main/tools.php in Bitrix2 ...) NOT-FOR-US: Bitrix24 CVE-2023-1718 (Improper file stream access in /desktop_app/file.ajax.php?action=uploa ...) NOT-FOR-US: Bitrix24 CVE-2023-1717 (Prototype pollution in bitrix/templates/bitrix24/components/bitrix/men ...) NOT-FOR-US: Bitrix24 CVE-2023-1716 (Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitri ...) NOT-FOR-US: Bitrix24 CVE-2023-1715 (A logic error when using mb_strpos() to check for potential XSS payloa ...) NOT-FOR-US: Bitrix24 CVE-2023-1714 (Unsafe variable extraction in bitrix/modules/main/classes/general/user ...) NOT-FOR-US: Bitrix24 CVE-2023-1713 (Insecure temporary file creation in bitrix/modules/crm/lib/order/impor ...) NOT-FOR-US: Bitrix24 CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...) NOT-FOR-US: deepset-ai haystack CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...) NOT-FOR-US: Hitachi CVE-2023-29032 (An attacker that has gained access to certain private information can ...) NOT-FOR-US: Apache OpenMeetings CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29030 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29029 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29028 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29027 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29026 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29025 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29024 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) NOT-FOR-US: Rockwell Automation CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...) - gitlab 15.10.8+ds1-2 CVE-2023-1709 (Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack- ...) NOT-FOR-US: Siemens CVE-2023-29021 RESERVED CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...) NOT-FOR-US: @fastify/passport CVE-2023-29019 (@fastify/passport is a port of passport authentication library for the ...) NOT-FOR-US: @fastify/passport CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...) NOT-FOR-US: open-feature-operator CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) NOT-FOR-US: Node vm2 CVE-2023-29016 (The Goobi viewer is a web application that allows digitised material t ...) NOT-FOR-US: Goobi viewer CVE-2023-29015 (The Goobi viewer is a web application that allows digitised material t ...) NOT-FOR-US: Goobi viewer CVE-2023-29014 (The Goobi viewer is a web application that allows digitised material t ...) NOT-FOR-US: Goobi viewer CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...) - traefik (bug #983289) CVE-2023-29012 (Git for Windows is the Windows port of Git. Prior to version 2.40.1, a ...) NOT-FOR-US: Git for Windows CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executable cal ...) NOT-FOR-US: Git for Windows CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...) NOT-FOR-US: budibase CVE-2023-29009 (baserCMS is a website development framework with WebAPI that runs on P ...) NOT-FOR-US: baserCMS CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...) NOT-FOR-US: SvelteKit CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) - git 1:2.40.1-1 (bug #1034835) [bookworm] - git (Minor issue) [bullseye] - git (Minor issue) [buster] - git (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9) NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a (v2.30.9) NOTE: https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d (v2.30.9) NOTE: https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a (v2.30.9) CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...) NOT-FOR-US: GLPI plugin CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...) - flask-appbuilder (bug #1055181) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv CVE-2023-29004 (hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache ...) NOT-FOR-US: hap-wi/roxy-wi CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framework offe ...) NOT-FOR-US: SvelteKit CVE-2023-29002 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-29001 RESERVED CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop 3.7.0-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/desktop/pull/4949 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534 NOTE: https://hackerone.com/reports/1679267 CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...) - nextcloud-desktop 3.9.0-1 (bug #1034184) [bookworm] - nextcloud-desktop (Minor issue) [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8 NOTE: https://github.com/nextcloud/desktop/pull/5560 CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop 3.7.0-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/desktop/pull/5323 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop 3.7.0-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/desktop/pull/5324 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc CVE-2023-28996 RESERVED CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Confi ...) NOT-FOR-US: WordPress plugin CVE-2023-28994 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-theme ...) NOT-FOR-US: WordPress plugin CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) NOT-FOR-US: WordPress plugin CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...) NOT-FOR-US: WordPress plugin CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-28990 RESERVED CVE-2023-28989 (Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons ...) NOT-FOR-US: WordPress plugin CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-28987 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...) NOT-FOR-US: WordPress plugin CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) NOT-FOR-US: WordPress plugin CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...) NOT-FOR-US: Juniper CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...) NOT-FOR-US: Juniper CVE-2023-28982 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-28981 (An Improper Input Validation vulnerability in the kernel of Juniper Ne ...) NOT-FOR-US: Juniper CVE-2023-28980 (A Use After Free vulnerability in the routing protocol daemon of Junip ...) NOT-FOR-US: Juniper CVE-2023-28979 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28978 (An Insecure Default Initialization of Resource vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2023-28977 RESERVED CVE-2023-28976 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28975 (An Unexpected Status Code or Return Value vulnerability in the kernel ...) NOT-FOR-US: Juniper CVE-2023-28974 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28973 (An Improper Authorization vulnerability in the 'sysmanctl' shell comma ...) NOT-FOR-US: Juniper CVE-2023-28972 (An Improper Link Resolution Before File Access vulnerability in consol ...) NOT-FOR-US: Juniper CVE-2023-28971 (An Improper Restriction of Communication Channel to Intended Endpoints ...) NOT-FOR-US: Juniper CVE-2023-28970 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28969 RESERVED CVE-2023-28968 (An Improperly Controlled Sequential Memory Allocation vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-28967 (A Use of Uninitialized Resource vulnerability in the Border Gateway Pr ...) NOT-FOR-US: Juniper CVE-2023-28966 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2023-28965 (An Improper Check or Handling of Exceptional Conditions within the sto ...) NOT-FOR-US: Juniper CVE-2023-28964 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...) NOT-FOR-US: Juniper CVE-2023-28963 (An Improper Authentication vulnerability in cert-mgmt.php, used by the ...) NOT-FOR-US: Juniper CVE-2023-28962 (An Improper Authentication vulnerability in upload-file.php, used by t ...) NOT-FOR-US: Juniper CVE-2023-28961 (An Improper Handling of Unexpected Data Type vulnerability in IPv6 fir ...) NOT-FOR-US: Juniper CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: Juniper CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...) - gitlab 15.10.8+ds1-2 CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) NOT-FOR-US: HP CVE-2023-1706 REJECTED CVE-2023-1705 (Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agen ...) NOT-FOR-US: Forcepoint CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1703 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) NOT-FOR-US: pimcore CVE-2023-1702 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) NOT-FOR-US: pimcore CVE-2023-1701 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-1700 RESERVED CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsin ...) NOT-FOR-US: Rapid7 Nexpose CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an unauthenticated ...) NOT-FOR-US: WAGO CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packet For ...) NOT-FOR-US: Juniper CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...) NOT-FOR-US: Huawei CVE-2023-1695 (Vulnerability of failures to capture exceptions in the communication f ...) NOT-FOR-US: Huawei CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...) NOT-FOR-US: Huawei CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...) NOT-FOR-US: Huawei CVE-2023-1692 (The window management module lacks permission verification.Successful ...) NOT-FOR-US: Huawei CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...) NOT-FOR-US: Huawei CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...) - ffmpeg 7:5.1.2-1 [bullseye] - ffmpeg (Wait until it lands in 4.3.x) [buster] - ffmpeg (Wait until the backport to 4.x) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db (n4.4.3) CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak thro ...) - intellij-idea (bug #747616) CVE-2022-48432 (In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromi ...) - intellij-idea (bug #747616) CVE-2022-48431 (In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Mav ...) - intellij-idea (bug #747616) CVE-2022-48430 (In JetBrains IntelliJ IDEA before 2023.1 file content could be disclos ...) - intellij-idea (bug #747616) CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong var ...) NOT-FOR-US: Treasure Data Fluent Bit CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous p ...) NOT-FOR-US: Treasure Data Fluent Bit CVE-2023-28958 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially ...) NOT-FOR-US: IBM CVE-2023-28957 RESERVED CVE-2023-28956 (IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 ma ...) NOT-FOR-US: IBM CVE-2023-28955 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an ...) NOT-FOR-US: IBM CVE-2023-28954 RESERVED CVE-2023-28953 (IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker ...) NOT-FOR-US: IBM CVE-2023-28952 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to inje ...) NOT-FOR-US: IBM CVE-2023-28951 RESERVED CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...) NOT-FOR-US: IBM CVE-2023-28949 (IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-28948 RESERVED CVE-2023-28947 RESERVED CVE-2023-28946 RESERVED CVE-2023-28945 RESERVED CVE-2023-28944 RESERVED CVE-2023-28943 RESERVED CVE-2023-28942 RESERVED CVE-2023-28941 RESERVED CVE-2023-28940 RESERVED CVE-2023-28939 RESERVED CVE-2023-28739 (Incorrect default permissions in some Intel(R) Chipset Driver Software ...) NOT-FOR-US: Intel CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware before vers ...) NOT-FOR-US: Intel CVE-2023-28721 RESERVED CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...) NOT-FOR-US: Intel CVE-2023-27517 (Improper access control in some Intel(R) Optane(TM) PMem software befo ...) - ipmctl 03.00.00.0485-1 [bookworm] - ipmctl (Minor issue) [bullseye] - ipmctl (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...) NOT-FOR-US: Intel CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...) NOT-FOR-US: Intel CVE-2023-25945 (Protection mechanism failure in some Intel(R) OFU software before vers ...) NOT-FOR-US: Intel CVE-2023-25778 RESERVED CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...) NOT-FOR-US: Intel CVE-2023-1690 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1689 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1688 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Earnings and Expense Tracker App CVE-2023-1687 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Simple Task Allocation System CVE-2023-1686 (A vulnerability was found in SourceCodester Young Entrepreneur E-Negos ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2023-1685 (A vulnerability was found in HadSky up to 7.11.8. It has been declared ...) NOT-FOR-US: HadSky CVE-2023-1684 (A vulnerability was found in HadSky 7.7.16. It has been classified as ...) NOT-FOR-US: HadSky CVE-2023-1683 (A vulnerability was found in Xunrui CMS 4.61 and classified as problem ...) NOT-FOR-US: Xunrui CMS CVE-2023-1682 (A vulnerability has been found in Xunrui CMS 4.61 and classified as pr ...) NOT-FOR-US: Xunrui CMS CVE-2023-1681 (A vulnerability, which was classified as problematic, was found in Xun ...) NOT-FOR-US: Xunrui CMS CVE-2023-1680 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Xunrui CMS CVE-2023-1679 (A vulnerability classified as critical was found in DriverGenius 9.70. ...) NOT-FOR-US: DriverGenius CVE-2023-1678 (A vulnerability classified as critical has been found in DriverGenius ...) NOT-FOR-US: DriverGenius CVE-2023-1677 (A vulnerability was found in DriverGenius 9.70.0.346. It has been rate ...) NOT-FOR-US: DriverGenius CVE-2023-1676 (A vulnerability was found in DriverGenius 9.70.0.346. It has been decl ...) NOT-FOR-US: DriverGenius CVE-2023-1675 (A vulnerability was found in SourceCodester School Registration and Fe ...) NOT-FOR-US: SourceCodester School Registration and Fee System CVE-2023-1674 (A vulnerability was found in SourceCodester School Registration and Fe ...) NOT-FOR-US: SourceCodester School Registration and Fee System CVE-2023-1673 RESERVED CVE-2023-28936 (Attacker can access arbitrary recording/room Vendor: The Apache Softw ...) NOT-FOR-US: Apache OpenMeetings CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...) NOT-FOR-US: Apache UIMA UICC CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...) {DLA-3648-1} - tang 14-1 (bug #1038119) [bookworm] - tang 11-2+deb12u1 [bullseye] - tang 8-3+deb11u2 NOTE: Fixed by: https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 NOTE: https://census-labs.com/news/2023/06/15/race-tang/ CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed handler ...) NOT-FOR-US: Sophos CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-2 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44 CVE-2023-1669 (The SEOPress WordPress plugin before 6.5.0.3 unserializes user input p ...) NOT-FOR-US: WordPress plugin CVE-2022-4934 (A post-auth command injection vulnerability in the exception wizard of ...) NOT-FOR-US: Sophos CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...) NOT-FOR-US: Sophos CVE-2023-28934 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) NOT-FOR-US: WordPress plugin CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...) NOT-FOR-US: WordPress plugin CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...) NOT-FOR-US: WordPress plugin CVE-2023-28931 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neve ...) NOT-FOR-US: WordPress plugin CVE-2023-28930 (Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobi ...) NOT-FOR-US: WordPress plugin CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to ...) NOT-FOR-US: Trend Micro CVE-2023-28928 RESERVED CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP packet wi ...) {DSA-5387-1 DLA-3410-1} - openvswitch 3.1.0-2 (bug #1034042) NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1 NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1) NOTE: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6 (v2.15.8) CVE-2023-1667 (A NULL pointer dereference was found In libssh during re-keying with a ...) {DSA-5409-1 DLA-3437-1} - libssh 0.10.5-1 (bug #1035832) NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=a30339d7b16da7784413e4a4667feb3604ed0458 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=247a4a761cfa745ed1090290c5107de6321143c9 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=99760776d4552d8e63edd68ba4a7448766517b8c (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=6df2daea040c47daff0a861a30761092886fe748 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=b759ae557d611ba347392c051504de474a8d9b60 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=fc1a8bb4555624f85ba1370721ad2086a4feff8c (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=70565ac43867053871f47378c53e5d90ba9007d8 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=d08f1b2377fead6489aa1d6a102bf65895ecf858 (libssh-0.10.5) NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=dc1254d53e4fc6cbeb4797fc6ca1c9ed2c21f15c (libssh-0.10.5) CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic Question Pa ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: linagora twake CVE-2023-28927 RESERVED CVE-2023-28926 RESERVED CVE-2023-28925 RESERVED CVE-2023-28924 RESERVED CVE-2023-28923 RESERVED CVE-2023-28922 RESERVED CVE-2023-28921 RESERVED CVE-2023-28920 RESERVED CVE-2023-28919 RESERVED CVE-2023-28918 RESERVED CVE-2023-28917 RESERVED CVE-2023-28916 RESERVED CVE-2023-28915 RESERVED CVE-2023-28914 RESERVED CVE-2023-28913 RESERVED CVE-2023-28912 RESERVED CVE-2023-28911 RESERVED CVE-2023-28910 RESERVED CVE-2023-28909 RESERVED CVE-2023-28908 RESERVED CVE-2023-28907 RESERVED CVE-2023-28906 RESERVED CVE-2023-28905 RESERVED CVE-2023-28904 RESERVED CVE-2023-28903 RESERVED CVE-2023-28902 RESERVED CVE-2023-28901 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...) NOT-FOR-US: Skoda CVE-2023-28900 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...) NOT-FOR-US: Skoda CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of Skoda vehicl ...) NOT-FOR-US: Skoda CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3 infotainme ...) NOT-FOR-US: MIB3 infotainment CVE-2023-28897 (The secret value used for access to critical UDS services of the MIB3 ...) NOT-FOR-US: MIB3 infotainment CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the Modular I ...) NOT-FOR-US: Skoda CVE-2023-28895 (The password for access to the debugging console of the PoWer Controll ...) NOT-FOR-US: Skoda CVE-2023-28894 RESERVED CVE-2023-28893 RESERVED CVE-2023-1664 (A flaw was found in Keycloak. This flaw depends on a non-default confi ...) NOT-FOR-US: Keycloak CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...) NOT-FOR-US: Coverity CVE-2023-1662 RESERVED CVE-2023-1661 (The Display post meta, term meta, comment meta, and user meta plugin f ...) NOT-FOR-US: Display post meta, term meta, comment meta, and user meta plugin for WordPress CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) NOT-FOR-US: WordPress plugin CVE-2023-1659 REJECTED CVE-2023-1658 RESERVED CVE-2023-1657 RESERVED CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...) NOT-FOR-US: ForgeRock CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1034187) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 NOTE: https://github.com/gpac/gpac/commit/07a17aa004cfcdbc19ed7820444ec6586c0f980a (v2.2.1) CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da NOTE: https://github.com/gpac/gpac/commit/2dad447d37226a5adcbb1c2f2e3f47d6321c8cbe (v2.2.1) CVE-2023-1653 RESERVED CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4 ...) - linux 6.1.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5) CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) NOT-FOR-US: WordPress plugin CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user input f ...) NOT-FOR-US: WordPress plugin CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-1648 REJECTED CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) NOT-FOR-US: JetBrains Hub CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-48427 (In JetBrains TeamCity before 2022.10.3 stored XSS on \u201cPending cha ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-48426 (In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connecti ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-28892 (Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an in ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2023-28891 RESERVED CVE-2023-28890 RESERVED CVE-2023-28889 RESERVED CVE-2023-28888 RESERVED CVE-2023-28887 RESERVED CVE-2023-28886 RESERVED CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Motors Che ...) NOT-FOR-US: MyLink infotainment system CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in ...) NOT-FOR-US: MISP CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...) NOT-FOR-US: Cerebrate CVE-2023-28882 (Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial ...) - modsecurity 3.0.9-1 (bug #1035083) [bullseye] - modsecurity (Vulnerable code not present) [buster] - modsecurity (Vulnerable code not present) NOTE: https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2886 NOTE: Introduced by: https://github.com/SpiderLabs/ModSecurity/commit/8df35deadb16b19e4cd936e6370688dccf1e18a4 (v3.0.5) NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/db84d8cf771d39db578707cd03ec2b60f74c9785 (v3.0.9) CVE-2023-28881 RESERVED CVE-2023-28880 RESERVED CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...) {DSA-5383-1 DLA-3381-1} - ghostscript 10.0.0~dfsg-11 (bug #1033757) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 NOTE: Future hardening/potentially intrusive impact for older versions (and should not be applied for NOTE: older versions): NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf NOTE: https://www.openwall.com/lists/oss-security/2023/04/12/4 NOTE: https://offsec.almond.consulting/ghostscript-cve-2023-28879.html CVE-2023-28878 RESERVED CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly restric ...) NOT-FOR-US: VTEX apps-graphql@2.x GraphQL API module CVE-2023-28876 (A Broken Access Control issue in comments to uploaded files in Filerun ...) NOT-FOR-US: Filerun CVE-2023-28875 (A Stored XSS issue in shared files download terms in Filerun Update 20 ...) NOT-FOR-US: Filerun CVE-2023-28874 (The next parameter in the /accounts/login endpoint of Seafile 9.0.6 al ...) - seafile-server (bug #865830) CVE-2023-28873 (An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows atta ...) - seafile-server (bug #865830) CVE-2023-28872 (Support Assistant in NCP Secure Enterprise Client before 13.10 allows ...) NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure Enterpris ...) NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client CVE-2023-28869 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client CVE-2023-28868 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a ...) NOT-FOR-US: graphql-java CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out ...) - linux 6.1.20-2 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) CVE-2023-28865 RESERVED CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker to expl ...) - chef [buster] - chef (chef package does not include upstream chef-server) NOTE: https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation NOTE: https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42 NOTE: Fixed by: https://github.com/chef/chef-server/commit/985dfee99044ff477dbc08462b6d69add70f8608 (15.7.0) NOTE: only chef-server removed since 201207 CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of ...) NOT-FOR-US: AMI CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...) {DLA-3496-1} - lemonldap-ng 2.16.1+ds-1 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2896 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/334 CVE-2023-28861 RESERVED CVE-2023-28860 RESERVED CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...) NOT-FOR-US: calcom cal.com CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1644 (A vulnerability was found in IObit Malware Fighter 9.4.0.776 and class ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1643 (A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1642 (A vulnerability, which was classified as problematic, was found in IOb ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1641 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1640 (A vulnerability classified as problematic was found in IObit Malware F ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1639 (A vulnerability classified as problematic has been found in IObit Malw ...) NOT-FOR-US: IObit Malware Fighter CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) NOT-FOR-US: IObit Malware Fighter CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...) NOT-FOR-US: pullit Node.js package CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open ...) - python-redis (Incomplete fix for CVE-2023-28858 not applied) NOTE: https://github.com/redis/redis-py/issues/2665 NOTE: https://github.com/redis/redis-py/pull/2641 CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...) - python-redis (bug #1033754) [bookworm] - python-redis (Minor issue) [bullseye] - python-redis (Vulnerable code not present) [buster] - python-redis (Vulnerable code introduced later) NOTE: https://github.com/redis/redis-py/issues/2624 NOTE: https://github.com/redis/redis-py/pull/2641 NOTE: https://openai.com/blog/march-20-chatgpt-outage NOTE: Async support added in v4.2.0 NOTE: When fixing this issue make sure to apply complete fixes (cf. CVE-2023-28859 NOTE: CVE entry) to not open CVE-2023-28859. CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative execution ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (5.18-rc2) CVE-2023-1636 (A vulnerability was found in OpenStack Barbican containers. This vulne ...) - barbican (Apparently RHOSP-specific, full details never made public) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181765 NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared as probl ...) NOT-FOR-US: OTCMS CVE-2023-1634 (A vulnerability was found in OTCMS 6.72. It has been classified as cri ...) NOT-FOR-US: OTCMS CVE-2023-1633 (A credentials leak flaw was found in OpenStack Barbican. This flaw all ...) - barbican (Apparently RHOSP-specific, full details never made public) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181761 NOTE: https://review.rdoproject.org/r/48529 NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter CVE-2023-1632 REJECTED CVE-2023-1631 (A vulnerability, which was classified as problematic, was found in Jia ...) NOT-FOR-US: Jianming Antivirus CVE-2023-1630 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Jianming Antivirus CVE-2023-1629 (A vulnerability classified as critical was found in JiangMin Antivirus ...) NOT-FOR-US: Jianming Antivirus CVE-2023-1628 (A vulnerability classified as problematic has been found in Jianming A ...) NOT-FOR-US: Jianming Antivirus CVE-2023-1627 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...) NOT-FOR-US: Jianming Antivirus CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...) NOT-FOR-US: Jianming Antivirus CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...) NOT-FOR-US: Apereo CAS CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...) {DLA-3396-1} - redis 5:7.0.11-1 (bug #1034613) [bullseye] - redis (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 NOTE: https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11) NOTE: https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12) NOTE: Requires authenticated access to server. CVE-2023-28855 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...) NOT-FOR-US: GLPI plugin CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...) NOT-FOR-US: nophp CVE-2023-28853 (Mastodon is a free, open-source social network server based on Activit ...) - mastodon (bug #859741) CVE-2023-28852 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...) NOT-FOR-US: Silverstripe CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows ...) NOT-FOR-US: Pimcore Perspective Editor CVE-2023-28849 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...) NOT-FOR-US: user_oidc extension for NextCloud CVE-2023-28847 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...) NOT-FOR-US: Unpoly CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud. In a ...) NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...) - nextcloud-server (bug #941708) CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...) NOT-FOR-US: PrestaShop CVE-2023-28842 (Moby) is an open source container framework developed by Docker Inc. t ...) - docker.io 20.10.24+dfsg1-1 [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 CVE-2023-28841 (Moby is an open source container framework developed by Docker Inc. th ...) - docker.io 20.10.24+dfsg1-1 [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 NOTE: https://github.com/moby/moby/issues/43382 NOTE: https://github.com/moby/moby/pull/45118 CVE-2023-28840 (Moby is an open source container framework developed by Docker Inc. th ...) - docker.io 20.10.24+dfsg1-1 [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 NOTE: https://github.com/moby/moby/issues/43382 NOTE: https://github.com/moby/moby/pull/45118 CVE-2023-28839 (Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platf ...) NOT-FOR-US: PrestaShop addon CVE-2023-28838 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...) NOT-FOR-US: Wagtail CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...) NOT-FOR-US: Wagtail CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. In affec ...) - nextcloud-server (bug #941708) CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcloud Se ...) - nextcloud-server (bug #941708) CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In affec ...) - nextcloud-server (bug #941708) CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-28831 (The OPC UA implementations (ANSI C and C++) in affected products conta ...) NOT-FOR-US: Siemens CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) NOT-FOR-US: Siemens CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...) NOT-FOR-US: Siemens CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2023-28827 RESERVED CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...) NOT-FOR-US: SoftEther VPN CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...) NOT-FOR-US: SoftEther VPN CVE-2023-22308 (An integer underflow vulnerability exists in the vpnserver OvsProcessD ...) NOT-FOR-US: SoftEther VPN CVE-2023-1625 (An information leak was discovered in OpenStack heat. This issue could ...) [experimental] - heat 1:20.0.0~rc1-1 - heat 1:19.0.0-2 (bug #1034186) [bullseye] - heat (Minor issue) [buster] - heat (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621 NOTE: https://review.opendev.org/c/openstack/heat/+/868166 NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1) CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleti ...) NOT-FOR-US: WordPress plugin CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2023-1622 REJECTED CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated ...) NOT-FOR-US: WAGO CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated ...) NOT-FOR-US: WAGO CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...) NOT-FOR-US: Mitsubishi CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...) NOT-FOR-US: B&R Industrial Automation CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...) NOT-FOR-US: XiaoBingBy TeaCMS CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c a ...) - linux 5.8.7-1 NOTE: https://git.kernel.org/linus/7690aa1cdf7c4565ad6b013b324c28b685505e24 (5.8-rc1) CVE-2016-15030 (A vulnerability classified as problematic has been found in Arno0x Two ...) NOT-FOR-US: Arno0x CVE-2015-10097 (A vulnerability was found in grinnellplans-php up to 3.0. It has been ...) NOT-FOR-US: grinnellplans-php CVE-2023-28821 (Concrete CMS (previously concrete5) before 9.1 did not have a rate lim ...) NOT-FOR-US: Concrete CMS CVE-2023-28820 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored ...) NOT-FOR-US: Concrete CMS CVE-2023-28819 (Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 t ...) NOT-FOR-US: Concrete CMS CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...) NOT-FOR-US: Veritas CVE-2023-28817 RESERVED CVE-2023-28816 RESERVED CVE-2023-28815 RESERVED CVE-2023-28814 RESERVED CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted messages ...) NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser plug-in coul ...) NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents CVE-2023-28811 (There is a buffer overflow in the password recovery feature of Hikvisi ...) NOT-FOR-US: hikvison CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...) NOT-FOR-US: hikvison CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...) NOT-FOR-US: hikvision CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...) NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...) NOT-FOR-US: WordPress plugin CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-28807 (In Zscaler Internet Access (ZIA) a mismatch between Connect Host and C ...) NOT-FOR-US: Zscaler CVE-2023-28806 RESERVED CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client Connector ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerability in Z ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler Client Conn ...) NOT-FOR-US: Zscaler Client Connector on Windows CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...) NOT-FOR-US: Zscaler CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...) NOT-FOR-US: Zscaler CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. An atta ...) NOT-FOR-US: Zscaler CVE-2023-28798 (An out-of-bounds write to heap in the pacparser library on Zscaler Cli ...) NOT-FOR-US: Zscaler CVE-2023-28797 (Zscaler Client Connector for Windows before 4.1 writes/deletes a confi ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28796 (Improper Verification of Cryptographic Signature vulnerability in Zsca ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28795 (Origin Validation Error vulnerability in Zscaler Client Connector on L ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28794 (Origin Validation Error vulnerability in Zscaler Client Connector on L ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28793 (Buffer overflow vulnerability in the signelf library used by Zscaler C ...) NOT-FOR-US: Zscaler Client Connector CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...) NOT-FOR-US: WordPress plugin CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...) NOT-FOR-US: WordPress plugin CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...) NOT-FOR-US: WordPress plugin CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-28787 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) NOT-FOR-US: WordPress plugin CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest ...) NOT-FOR-US: WordPress plugin CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress Plugin CVE-2023-28782 (Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. G ...) NOT-FOR-US: WordPress plugin CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...) NOT-FOR-US: WordPress plugin CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...) NOT-FOR-US: WordPress plugin CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...) NOT-FOR-US: WordPress plugin CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) NOT-FOR-US: WordPress plugin CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: Lightbox plugin CVE-2023-28775 RESERVED CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...) NOT-FOR-US: WordPress plugin CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1) CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...) NOT-FOR-US: Zyxel CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI \u201cExpo ...) NOT-FOR-US: Zyxel CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc.so\u2 ...) NOT-FOR-US: Zyxel CVE-2023-28768 (Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80 ...) NOT-FOR-US: Zyxel CVE-2023-28767 (The configuration parser fails to sanitize user-controlled input in th ...) NOT-FOR-US: Zyxel CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...) NOT-FOR-US: Siemens CVE-2023-25180 REJECTED CVE-2023-24593 REJECTED CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...) NOT-FOR-US: Rebuild CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...) NOT-FOR-US: Rebuild CVE-2023-1611 (A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree ...) {DLA-3404-1} - linux 6.1.25-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/ CVE-2023-1610 (A vulnerability, which was classified as critical, has been found in R ...) NOT-FOR-US: Rebuild CVE-2023-1609 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...) NOT-FOR-US: Zhong Bang CRMEB Java CVE-2023-1608 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...) NOT-FOR-US: Zhong Bang CRMEB Java CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classified ...) NOT-FOR-US: novel-plus CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...) NOT-FOR-US: novel-plus CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...) - radare2 5.9.0+dfsg-1 (bug #1034180) NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 NOTE: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f CVE-2023-1604 RESERVED CVE-2023-1603 (Permission bypass when importing or synchronizing entriesin User vault ...) NOT-FOR-US: Devolutions CVE-2023-1602 (The Short URL plugin for WordPress is vulnerable to stored Cross-Site ...) NOT-FOR-US: Short URL plugin for WordPress CVE-2023-1601 REJECTED CVE-2023-1600 RESERVED CVE-2023-1599 RESERVED CVE-2023-1598 REJECTED CVE-2023-1597 (The tagDiv Cloud Library WordPress plugin before 2.7 does not have aut ...) NOT-FOR-US: WordPress plugin CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...) NOT-FOR-US: novel-plus CVE-2023-1594 (A vulnerability, which was classified as critical, was found in novel- ...) NOT-FOR-US: novel-plus CVE-2023-1593 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1592 (A vulnerability classified as critical was found in SourceCodester Aut ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1591 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1590 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-1589 (A vulnerability has been found in SourceCodester Online Tours & Travel ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-XXXX [RUSTSEC-2022-0092] - rust-rmp-serde 1.1.1-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...) NOT-FOR-US: SAP CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information design t ...) NOT-FOR-US: SAP CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) NOT-FOR-US: SAP CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) NOT-FOR-US: SAP CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...) NOT-FOR-US: SAP CVE-2023-28760 RESERVED CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on Windows. A ...) NOT-FOR-US: Veritas CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...) NOT-FOR-US: Veritas CVE-2023-28757 RESERVED CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...) {DLA-3447-1 DLA-3408-1} - ruby3.1 (bug #1038408) [bookworm] - ruby3.1 (Minor issue) - ruby2.7 - ruby2.5 [experimental] - jruby 9.4.3.0+ds-1~exp1 - jruby (bug #1036283) [bookworm] - jruby (Minor issue) NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4) NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2) NOTE: Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2) NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...) {DLA-3447-1 DLA-3408-1} - rubygems 3.4.20-1 [bookworm] - rubygems (Minor issue) [bullseye] - rubygems (Minor issue) - ruby3.1 (bug #1038408) [bookworm] - ruby3.1 (Minor issue) - ruby2.7 - ruby2.5 [experimental] - jruby 9.4.3.0+ds-1~exp1 - jruby (bug #1036283) [bookworm] - jruby (Minor issue) NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4) NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1) NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ NOTE: Incomplete fix, cf. CVE-2023-36617 CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache ShardingSphe ...) NOT-FOR-US: Apache ShardingSphere-Agent CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...) NOT-FOR-US: netconsd CVE-2023-28752 RESERVED CVE-2023-1588 REJECTED CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...) NOT-FOR-US: Norton CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...) NOT-FOR-US: Norton CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...) NOT-FOR-US: Norton CVE-2023-1584 (A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access ...) NOT-FOR-US: Quarkus CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpme ...) NOT-FOR-US: WordPress plugin CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) NOT-FOR-US: WordPress plugin CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...) NOT-FOR-US: CreativeMindsSolutions CM On Demand Search And Replace plugin CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Curren ...) NOT-FOR-US: WordPress plugin CVE-2023-28735 RESERVED CVE-2023-28734 RESERVED CVE-2023-28733 (AnyMailing Joomla Plugin is vulnerable to stored cross site scripting ...) NOT-FOR-US: Joomla Plugin CVE-2023-28732 (Missing access control inAnyMailing Joomla Plugin allows to list and a ...) NOT-FOR-US: Joomla Plugin CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable tounauthenticated remote code e ...) NOT-FOR-US: Joomla Plugin CVE-2023-27882 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in io_uring ...) - linux 6.1.25-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&id=761efd55a0227aca3a69deacdaa112fffd44fe37 CVE-2023-1582 (A race problem was found in fs/proc/task_mmu.c in the memory managemen ...) - linux 5.15.15-1 [bullseye] - linux 5.10.103-1 NOTE: https://git.kernel.org/linus/24d7275ce2791829953ed4e72f68277ceb2571c6 (5.17-rc4) CVE-2023-1581 RESERVED CVE-2023-1580 (Uncontrolled resource consumption in the logging feature in Devolution ...) NOT-FOR-US: Devolutions CVE-2023-1579 (Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29988 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd (binutils-2_40) NOTE: binutils not covered by security support CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.) NOT-FOR-US: pimcore CVE-2023-1577 RESERVED CVE-2023-1576 REJECTED CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: Mega Main Menu plugin for WordPress CVE-2023-1574 (Information disclosure in the user creation feature of a MSSQL data so ...) NOT-FOR-US: Devolutions CVE-2023-1573 (A vulnerability was found in DataGear up to 1.11.1 and classified as p ...) NOT-FOR-US: DataGear CVE-2023-1572 (A vulnerability has been found in DataGear up to 1.11.1 and classified ...) NOT-FOR-US: DataGear CVE-2023-1571 (A vulnerability, which was classified as critical, was found in DataGe ...) NOT-FOR-US: DataGear CVE-2023-1570 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: syoyo tinydng CVE-2023-1569 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester E-Commerce System CVE-2023-1568 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1567 (A vulnerability was found in SourceCodester Student Study Center Desk ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1566 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) NOT-FOR-US: SourceCodester Medical Certificate Generator App CVE-2023-1565 (A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classif ...) NOT-FOR-US: FeiFeiCMS CVE-2023-1564 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) NOT-FOR-US: SourceCodester Air Cargo Management System CVE-2023-1563 (A vulnerability has been found in SourceCodester Student Study Center ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1562 (Mattermost fails to check the "Show Full Name" setting when rendering ...) - mattermost-server (bug #823556) CVE-2023-1561 (A vulnerability, which was classified as critical, was found in code-p ...) NOT-FOR-US: Simple Online Hotel Reservation System CVE-2023-1560 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: TinyTIFF CVE-2023-1559 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Storage Unit Rental Management System CVE-2023-1558 (A vulnerability classified as critical has been found in Simple and Be ...) NOT-FOR-US: Simple and Beautiful Shopping Cart System CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0. It ...) NOT-FOR-US: SourceCodester E-Commerce System CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System ...) NOT-FOR-US: SourceCodester Judging Management System CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro versions ...) NOT-FOR-US: Panasonic CVE-2023-28729 (A type confusion vulnerability in Panasonic Control FPWIN Pro versions ...) NOT-FOR-US: Panasonic CVE-2023-28728 (A stack-based buffer overflow in Panasonic Control FPWIN Pro versions ...) NOT-FOR-US: Panasonic CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...) NOT-FOR-US: Panasonic AiSEG2 CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...) NOT-FOR-US: Panasonic AiSEG2 CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...) NOT-FOR-US: General Bytes Crypto Application Server (CAS) CVE-2023-28723 (Exposure of sensitive information to an unauthorized actor in some Int ...) NOT-FOR-US: Intel CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...) NOT-FOR-US: Intel CVE-2023-28712 (Osprey Pump Controller version 1.01 contains an unauthenticated comman ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28710 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow Spark Provider CVE-2023-28654 (Osprey Pump Controller version 1.01 has a hidden administrative accoun ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28648 (Osprey Pump Controller version 1.01 inputs passed to a GET parameter a ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28411 (Double free in some Intel(R) Server Board BMC firmware before version ...) NOT-FOR-US: Intel CVE-2023-28410 (Improper restriction of operations within the bounds of a memory buffe ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html NOTE: Fixed by: https://git.kernel.org/linus/661412e301e2ca86799aa4f400d1cf0bd38c57c6 (5.19-rc1) NOTE: http://blog.pi3.com.pl/?p=931 NOTE: http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt CVE-2023-28404 (Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQ ...) NOT-FOR-US: Intel CVE-2023-28403 RESERVED CVE-2023-28401 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...) NOT-FOR-US: Intel CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticated use ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...) NOT-FOR-US: Intel CVE-2023-28376 (Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Con ...) NOT-FOR-US: Intel CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an unauthenticated O ...) NOT-FOR-US: Osprey Pump Controller CVE-2023-25071 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...) NOT-FOR-US: Intel CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-1553 RESERVED CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...) NOT-FOR-US: ToolboxST CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...) {DSA-5521-1} [experimental] - tomcat10 10.1.8-1 - tomcat10 10.1.10-1 - tomcat9 (Incomplete fix for CVE-2023-24998 not applied) NOTE: https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc (10.1.8) NOTE: https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861 (9.0.74) CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse ...) {DSA-5381-1 DLA-3384-1} - tomcat10 10.1.6-1 - tomcat9 9.0.70-2 - tomcat8 NOTE: https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=66471 NOTE: https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b (10.1.6) NOTE: https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab (9.0.72) NOTE: https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510 (8.5.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-28707 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow Drill Provider CVE-2023-28706 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: Apache Airflow Hive Provider CVE-2023-28705 (Openfind Mail2000 has insufficient filtering special characters of ema ...) NOT-FOR-US: Openfind CVE-2023-28704 (Furbo dog camera has insufficient filtering for special parameter of d ...) NOT-FOR-US: Furbo CVE-2023-28703 (ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer ov ...) NOT-FOR-US: ASUS CVE-2023-28702 (ASUS RT-AC86U does not filter special characters for parameters in spe ...) NOT-FOR-US: ASUS CVE-2023-28701 (ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. A ...) NOT-FOR-US: ELITE TECHNOLOGY CORP. Web Fax CVE-2023-28700 (OMICARD EDM backend system\u2019s file uploading function does not res ...) NOT-FOR-US: OMICARD CVE-2023-28699 (Wade Graphic Design FANTSY has a vulnerability of insufficient filteri ...) NOT-FOR-US: Wade Graphic Design FANTSY CVE-2023-28698 (Wade Graphic Design FANTSY has a vulnerability of insufficient authori ...) NOT-FOR-US: Wade Graphic Design FANTSY CVE-2023-28697 (Moxa MiiNePort E1 has a vulnerability of insufficient access control. ...) NOT-FOR-US: Moxa CVE-2023-28696 (Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, The ...) NOT-FOR-US: WordPress plugin CVE-2023-28695 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew ...) NOT-FOR-US: WordPress plugin CVE-2023-28694 (Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom ...) NOT-FOR-US: WordPress plugin CVE-2023-28693 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasahe ...) NOT-FOR-US: WordPress plugin CVE-2023-28692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevo ...) NOT-FOR-US: WordPress plugin CVE-2023-28691 RESERVED CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-28689 RESERVED CVE-2023-28688 RESERVED CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-1551 RESERVED CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...) NOT-FOR-US: NGINX Agent CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user input ...) NOT-FOR-US: WordPress plugin CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Schneider CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Elra Parkmatik CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...) NOT-FOR-US: WordPress plugin CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...) - teampass (bug #730180) CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) - qemu 1:8.2.0+ds-1 (bug #1034179) [bookworm] - qemu (Minor issue) [bullseye] - qemu (Minor issue) [buster] - qemu (PVRDMA support not enabled in the binary packages) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/85fc35afa93c7320d1641d344d0c5dfbe341d087 (v8.2.0-rc0) NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4 until 1:4.1-1 NOTE: Not fixed in 1:5.2+dfsg-11+deb11u3 as claimed in the changelog, contains the NOTE: CVE-2022-1050 fix instead. In unstable 1:8.0.2+dfsg-1 disabled support for NOTE: pvrdma (addressing/mitigating) CVE-2023-1544. Sourcewise fixed in v8.2.0 NOTE: upstream. CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...) {DSA-5379-1} - dino-im 0.4.2-1 (bug #1033370) [buster] - dino-im (Vulnerable code added in v0.1.0) NOTE: https://dino.im/security/cve-2023-28686/ NOTE: Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec NOTE: Fixed by: https://github.com/dino/dino/commit/baf96d9d9fac7480fed777ac87d917f8dec8f0f6 (v0.4.2) NOTE: Fixed by: https://github.com/dino/dino/commit/e02a443a4eaf02f0ab860b41d0bc7081d4110ab4 (v0.2.3) NOTE: Bookmark supported added in https://github.com/dino/dino/commit/74c29d4df19f97b9b67bbc3c1a963a8729be69fd (v0.1.0) CVE-2023-28685 (Jenkins AbsInt a\xb3 Plugin 1.1.0 and earlier does not configure its X ...) NOT-FOR-US: Jenkins plugin CVE-2023-28684 (Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not conf ...) NOT-FOR-US: Jenkins plugin CVE-2023-28683 (Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2023-28682 (Jenkins Performance Publisher Plugin 8.09 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin CVE-2023-28681 (Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2023-28680 (Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2023-28679 (Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic ...) NOT-FOR-US: Jenkins plugin CVE-2023-28678 (Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names fr ...) NOT-FOR-US: Jenkins plugin CVE-2023-28677 (Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string c ...) NOT-FOR-US: Jenkins plugin CVE-2023-28676 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convert T ...) NOT-FOR-US: Jenkins plugin CVE-2023-28675 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...) NOT-FOR-US: Jenkins plugin CVE-2023-28674 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf ...) NOT-FOR-US: Jenkins plugin CVE-2023-28673 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...) NOT-FOR-US: Jenkins plugin CVE-2023-28672 (Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2023-28671 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf ...) NOT-FOR-US: Jenkins plugin CVE-2023-28670 (Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2023-28669 (Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and meth ...) NOT-FOR-US: Jenkins plugin CVE-2023-28668 (Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 an ...) NOT-FOR-US: Jenkins plugin CVE-2023-28667 (The Lead Generated WordPress Plugin, version <= 1.23, was affected by ...) NOT-FOR-US: WordPress plugin CVE-2023-28666 (The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected ...) NOT-FOR-US: WordPress plugin CVE-2023-28665 (The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is af ...) NOT-FOR-US: WordPress plugin CVE-2023-28664 (The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1. ...) NOT-FOR-US: WordPress plugin CVE-2023-28663 (The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected b ...) NOT-FOR-US: WordPress plugin CVE-2023-28662 (The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version ...) NOT-FOR-US: WordPress plugin CVE-2023-28661 (The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected b ...) NOT-FOR-US: WordPress plugin CVE-2023-28660 (The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected b ...) NOT-FOR-US: WordPress plugin CVE-2023-28659 (The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, ...) NOT-FOR-US: WordPress plugin CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer ...) NOT-FOR-US: answer CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...) NOT-FOR-US: answer CVE-2023-1541 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...) NOT-FOR-US: answer CVE-2023-1540 (Observable Response Discrepancy in GitHub repository answerdev/answer ...) NOT-FOR-US: answer CVE-2023-1539 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: answer CVE-2023-1538 (Observable Timing Discrepancy in GitHub repository answerdev/answer pr ...) NOT-FOR-US: answer CVE-2023-1537 (Authentication Bypass by Capture-replay in GitHub repository answerdev ...) NOT-FOR-US: answer CVE-2023-1536 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: answer CVE-2023-1535 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: answer CVE-2023-1534 (Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 a ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1533 (Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1532 (Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.1 ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1531 (Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allow ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1530 (Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1529 (Out of bounds memory access in WebHID in Google Chrome prior to 111.0. ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1528 (Use after free in Passwords in Google Chrome prior to 111.0.5563.110 a ...) {DSA-5377-1} - chromium 111.0.5563.110-1 [buster] - chromium (see DSA 5046) CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...) NOT-FOR-US: Corebos CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have risk o ...) NOT-FOR-US: HP CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-1524 (The Download Manager WordPress plugin before 3.2.71 does not adequatel ...) NOT-FOR-US: WordPress plugin CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...) NOT-FOR-US: SAUTER CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...) NOT-FOR-US: SAUTER CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...) NOT-FOR-US: SAUTER CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the nextclo ...) NOT-FOR-US: Nextcloud iOS application CVE-2023-28646 (Nextcloud android is an android app for interfacing with the nextcloud ...) NOT-FOR-US: Nextcloud android application CVE-2023-28645 (Nextcloud richdocuments is a Nextcloud app integrating the office suit ...) NOT-FOR-US: Nextcloud richdocuments CVE-2023-28644 (Nextcloud server is an open source home cloud implementation. In relea ...) - nextcloud-server (bug #941708) CVE-2023-28643 (Nextcloud server is an open source home cloud implementation. In affec ...) - nextcloud-server (bug #941708) CVE-2023-28642 (runc is a CLI tool for spawning and running containers according to th ...) {DLA-3369-1} - runc 1.1.5+ds1-1 [bullseye] - runc (Minor issue) NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c NOTE: https://github.com/opencontainers/runc/pull/3785 NOTE: same fix as CVE-2023-27561 CVE-2023-28641 RESERVED CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...) NOT-FOR-US: Apiman CVE-2023-28639 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...) NOT-FOR-US: Snappier CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...) NOT-FOR-US: DataEase CVE-2023-28636 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28635 (vantage6 is privacy preserving federated learning infrastructure. Prio ...) NOT-FOR-US: vantage6 CVE-2023-28634 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28633 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28632 (GLPI is a free asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...) NOT-FOR-US: comrak CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...) NOT-FOR-US: GoCD CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...) NOT-FOR-US: GoCD CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...) NOT-FOR-US: lambdaisland/uri CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...) NOT-FOR-US: pymedusa CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...) NOT-FOR-US: comrak CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...) {DSA-5405-1 DLA-3409-1} - libapache2-mod-auth-openidc 2.4.12.3-2 (bug #1033916) NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4389182239c0f60cfa4873f9980c826a70047cc4 (v2.4.13.2) NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr CVE-2023-28624 RESERVED CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topic-base ...) NOT-FOR-US: Zulip CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...) NOT-FOR-US: WordPress plugin CVE-2023-28621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress theme CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...) NOT-FOR-US: WordPress plugin CVE-2023-28619 RESERVED CVE-2023-28618 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou E ...) NOT-FOR-US: WordPress plugin CVE-2023-28391 (A memory corruption vulnerability exists in the HTTP Server header par ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...) NOT-FOR-US: SAUTER CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...) NOT-FOR-US: SAUTER CVE-2023-1523 (Using the TIOCLINUX ioctl request, a malicious snap could inject conte ...) - snapd 2.59.5-1 [bookworm] - snapd (Minor issue) [bullseye] - snapd (Minor issue) [buster] - snapd (Minor issue) NOTE: Preparation: https://github.com/snapcore/snapd/commit/e4681c57bd5805c8d2dec5c3ddf7d85ebf1d2c4c (2.59.5) NOTE: Fixed by: https://github.com/snapcore/snapd/commit/dddcfd6ac8daa84feb80eb6fd88f852ced70629c (2.59.5) NOTE: Fixed by: https://github.com/snapcore/snapd/commit/52af545f3c0d8b086500ab86f161703905638951 (2.59.5) NOTE: Tests: https://github.com/snapcore/snapd/commit/e5e823b442aec364e81c9cb805dc2fce34c41b8b (2.59.5) NOTE: Tests: https://github.com/snapcore/snapd/commit/8ad5a73e753828175c9fbbf03e518bb42d773979 (2.59.5) NOTE: Tests: https://github.com/snapcore/snapd/commit/64cf6b0048385d921b25361d55ddfd524880c738 (2.59.5) NOTE: Tests: https://github.com/snapcore/snapd/commit/2e93f91e1350f965a356748a3ddcff275207df12 (2.59.5) NOTE: Tests: https://github.com/snapcore/snapd/commit/390dc62a71884c0463e2411fb13f5bd5abdc7442 (2.59.5) CVE-2023-1522 (SQL Injection in the Hardware Inventory report of Security Center 5.11 ...) NOT-FOR-US: Security Center CVE-2023-1521 RESERVED CVE-2023-1520 RESERVED CVE-2023-1519 RESERVED CVE-2023-1518 (CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to ...) NOT-FOR-US: CP Plus KVMS Pro CVE-2023-1517 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) NOT-FOR-US: pimcore CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain an insecure permission assign ...) NOT-FOR-US: RoboDK CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting interface. Wh ...) NOT-FOR-US: Hitachi CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2) CVE-2023-1512 RESERVED CVE-2023-1511 RESERVED CVE-2023-1510 RESERVED CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site Request For ...) NOT-FOR-US: GMAce plugin for WordPress CVE-2023-1508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Adam Retail Automation Systems Mobilmen Terminal Software CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...) NOT-FOR-US: SourceCodester E-Commerce System CVE-2023-1506 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester E-Commerce System CVE-2023-1505 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester E-Commerce System CVE-2023-1504 (A vulnerability classified as critical was found in SourceCodester Alp ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2023-1503 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2023-1502 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2019-25136 (A compromised child process could have injected XBL Bindings into priv ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/ CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classi ...) NOT-FOR-US: zwczou WeChat SDK Python CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...) NOT-FOR-US: Ydalb mapicoin CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. ...) NOT-FOR-US: WordPress plugin CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...) NOT-FOR-US: RockOA CVE-2023-1500 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Simple Art Gallery CVE-2023-1499 (A vulnerability classified as critical was found in code-projects Simp ...) NOT-FOR-US: Simple Art Gallery CVE-2023-1498 (A vulnerability classified as critical has been found in code-projects ...) NOT-FOR-US: Responsive Hotel Site CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...) NOT-FOR-US: imgproxy CVE-2023-2491 (A flaw was found in the Emacs text editor. Processing a specially craf ...) - emacs (Red Hat specific security regression from CVE-2023-28617 patches) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2192873 CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) {DLA-3616-1 DLA-3416-1} [experimental] - org-mode 9.6.6+dfsg-1~exp1 - org-mode 9.5.2+dfsh-5 (bug #1033341) [bullseye] - org-mode 9.4.0+dfsg-1+deb11u1 - emacs 1:28.2+1-14 (bug #1033342) [bullseye] - emacs (Minor issue) NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 (release_9.6.2) NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 (release_9.6.2) NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages NOTE: making an empty dependency package only thus considered fixed exceptionally in NOTE: that version. CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS) before 4 ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2023-28615 RESERVED CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...) NOT-FOR-US: Freewill iFIS CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and Baseban ...) NOT-FOR-US: Samsung CVE-2023-28612 RESERVED CVE-2023-28611 (Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and ...) NOT-FOR-US: OMICRON CVE-2023-28610 (The update process in OMICRON StationGuard and OMICRON StationScout be ...) NOT-FOR-US: OMICRON CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...) NOT-FOR-US: Ansible Semaphore CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to 3.2. ...) NOT-FOR-US: Rebuild CVE-2023-1494 (A vulnerability classified as critical has been found in IBOS 4.5.5. A ...) NOT-FOR-US: IBOS CVE-2023-1493 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1492 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1491 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1490 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and c ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2023-1489 (A vulnerability has been found in Lespeed WiseCleaner Wise System Moni ...) NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1488 (A vulnerability, which was classified as problematic, was found in Les ...) NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1487 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed WiseCle ...) NOT-FOR-US: Lespeed WiseCleaner Wise Force Deleter CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System CVE-2022-4933 (A vulnerability, which was classified as critical, has been found in A ...) NOT-FOR-US: Dolibarr module CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) NOT-FOR-US: ONLYOFFICE CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...) - jackson-databind 2.13.2.2-1 [bullseye] - jackson-databind (Minor issue) [buster] - jackson-databind (Vulnerable code introduced in 2.10) NOTE: https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw NOTE: https://github.com/FasterXML/jackson-databind/issues/3328 NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6) NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-3.13.1) CVE-2015-10096 (A vulnerability, which was classified as critical, was found in Zarthu ...) NOT-FOR-US: Zarthus IRC Twitter Announcer Bot CVE-2023-28608 RESERVED CVE-2023-28607 (js/event-graph.js in MISP before 2.4.169 allows XSS via the event-grap ...) NOT-FOR-US: MISP CVE-2023-28606 (js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph no ...) NOT-FOR-US: MISP CVE-2023-28605 RESERVED CVE-2023-28604 (The fluid_components (aka Fluid Components) extension before 3.5.0 for ...) NOT-FOR-US: TYPO3 extension CVE-2023-1484 (A vulnerability was found in xzjie cms up to 1.0.3 and classified as c ...) NOT-FOR-US: xzjie cms CVE-2023-1483 (A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and cl ...) NOT-FOR-US: XiaoBingBy TeaCMS CVE-2023-1482 (A vulnerability, which was classified as problematic, was found in HkC ...) NOT-FOR-US: HkCms CVE-2023-1481 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System CVE-2023-1480 (A vulnerability classified as critical was found in SourceCodester Mon ...) NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System CVE-2023-1479 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Music Player CVE-2023-28603 (Zoom VDI client installer prior to 5.14.0 contains an improper access ...) NOT-FOR-US: Zoom CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper verificat ...) NOT-FOR-US: Zoom CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper restricti ...) NOT-FOR-US: Zoom CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper access contr ...) NOT-FOR-US: Zoom CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. ...) NOT-FOR-US: Zoom CVE-2023-28598 (Zoom for Linux clients prior to 5.13.10 contain an HTML injection vul ...) NOT-FOR-US: Zoom CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...) NOT-FOR-US: Zoom CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...) NOT-FOR-US: Zoom CVE-2023-28595 RESERVED CVE-2023-28594 RESERVED CVE-2023-28593 RESERVED CVE-2023-28592 RESERVED CVE-2023-28591 RESERVED CVE-2023-28590 RESERVED CVE-2023-28589 RESERVED CVE-2023-28588 (Transient DOS in Bluetooth Host while rfc slot allocation.) NOT-FOR-US: Qualcomm CVE-2023-28587 (Memory corruption in BT controller while parsing debug commands with s ...) NOT-FOR-US: Qualcomm CVE-2023-28586 (Information disclosure when the trusted application metadata symbol ad ...) NOT-FOR-US: Qualcomm CVE-2023-28585 (Memory corruption while loading an ELF segment in TEE Kernel.) NOT-FOR-US: Qualcomm CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...) NOT-FOR-US: Qualcomm CVE-2023-28583 (Memory corruption when IPv6 prefix timer object`s lifetime expires whi ...) NOT-FOR-US: Qualcomm CVE-2023-28582 (Memory corruption in Data Modem while verifying hello-verify message d ...) NOT-FOR-US: Qualcomm CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...) NOT-FOR-US: Qualcomm CVE-2023-28580 (Memory corruption in WLAN Host while setting the PMK length in PMK len ...) NOT-FOR-US: Qualcomm CVE-2023-28579 (Memory Corruption in WLAN Host while deserializing the input PMK bytes ...) NOT-FOR-US: Qualcomm CVE-2023-28578 (Memory corruption in Core Services while executing the command for rem ...) NOT-FOR-US: Qualcomm CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...) NOT-FOR-US: Qualcomm CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may ...) NOT-FOR-US: Qualcomm CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...) NOT-FOR-US: Qualcomm CVE-2023-28574 (Memory corruption in core services when Diag handler receives a comman ...) NOT-FOR-US: Qualcomm CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.) NOT-FOR-US: Qualcomm CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan descript ...) NOT-FOR-US: Qualcomm CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...) NOT-FOR-US: Qualcomm CVE-2023-28570 (Memory corruption while processing audio effects.) NOT-FOR-US: Qualcomm CVE-2023-28569 (Information disclosure in WLAN HAL while handling command through WMI ...) NOT-FOR-US: Qualcomm CVE-2023-28568 (Information disclosure in WLAN HAL when reception status handler is ca ...) NOT-FOR-US: Qualcomm CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...) NOT-FOR-US: Qualcomm CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI state info c ...) NOT-FOR-US: Qualcomm CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...) NOT-FOR-US: Qualcomm CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...) NOT-FOR-US: Qualcomm CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI command.) NOT-FOR-US: Qualcomm CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.) NOT-FOR-US: Qualcomm CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...) NOT-FOR-US: Qualcomm CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from untrusted ...) NOT-FOR-US: Qualcomm CVE-2023-28559 (Memory corruption in WLAN FW while processing command parameters from ...) NOT-FOR-US: Qualcomm CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx status ...) NOT-FOR-US: Qualcomm CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...) NOT-FOR-US: Qualcomm CVE-2023-28556 (Cryptographic issue in HLOS during key management.) NOT-FOR-US: Qualcomm CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...) NOT-FOR-US: Qualcomm CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values from share ...) NOT-FOR-US: Qualcomm CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event command.) NOT-FOR-US: Qualcomm CVE-2023-28552 RESERVED CVE-2023-28551 (Memory corruption in UTILS when modem processes memory specific Diag c ...) NOT-FOR-US: Qualcomm CVE-2023-28550 (Memory corruption in MPP performance while accessing DSM watermark usi ...) NOT-FOR-US: Qualcomm CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...) NOT-FOR-US: Qualcomm CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...) NOT-FOR-US: Qualcomm CVE-2023-28547 (Memory corruption in SPS Application while requesting for public key i ...) NOT-FOR-US: Qualcomm CVE-2023-28546 (Memory Corruption in SPS Application while exporting public key in sor ...) NOT-FOR-US: Qualcomm CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.) NOT-FOR-US: Qualcomm CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...) NOT-FOR-US: Qualcomm CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...) NOT-FOR-US: Qualcomm CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) NOT-FOR-US: Qualcomm CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) NOT-FOR-US: Qualcomm CVE-2023-28540 (Cryptographic issue in Data Modem due to improper authentication durin ...) NOT-FOR-US: Qualcomm CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes multiple WMI ...) NOT-FOR-US: Qualcomm CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...) NOT-FOR-US: Qualcomm CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...) NOT-FOR-US: Qualcomm CVE-2023-28536 RESERVED CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Pa ...) NOT-FOR-US: WordPress plugin CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...) NOT-FOR-US: WordPress plugin CVE-2023-28532 RESERVED CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...) - openssh 1:9.3p1-1 (bug #1033166) [bookworm] - openssh 1:9.2p1-2+deb12u2 [bullseye] - openssh (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9) [buster] - openssh (Vulnerable code introduced later; per-hop destination constraints support added in OpenSSH 8.9) NOTE: https://github.com/openssh/openssh-portable/commit/54ac4ab2b53ce9fcb66b8250dee91c070e4167ed (V_9_3_P1) CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site ...) NOT-FOR-US: IBM CVE-2023-28529 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) NOT-FOR-US: IBM CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2023-28527 (IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a hea ...) NOT-FOR-US: IBM CVE-2023-28526 (IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-28525 (IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2023-28524 RESERVED CVE-2023-28523 (IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-28522 (IBM API Connect V10 could allow an authenticated user to perform actio ...) NOT-FOR-US: IBM CVE-2023-28521 RESERVED CVE-2023-28520 (IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site sc ...) NOT-FOR-US: IBM CVE-2023-28519 RESERVED CVE-2023-28518 RESERVED CVE-2023-28517 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) NOT-FOR-US: IBM CVE-2023-28516 RESERVED CVE-2023-28515 RESERVED CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive ...) NOT-FOR-US: IBM CVE-2023-28513 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM ...) NOT-FOR-US: IBM CVE-2023-28512 (IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an att ...) NOT-FOR-US: IBM CVE-2023-28511 RESERVED CVE-2023-28510 RESERVED CVE-2023-28509 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28508 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28507 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28506 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28505 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28504 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28503 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) NOT-FOR-US: Rocket Software UniData CVE-2023-28500 (A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 v ...) NOT-FOR-US: Adobe CVE-2023-28499 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in sim ...) NOT-FOR-US: WordPress plugin CVE-2023-28498 (Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Boo ...) NOT-FOR-US: WordPress plugin CVE-2023-28497 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) NOT-FOR-US: WordPress plugin CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP ...) NOT-FOR-US: WordPress plugin CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shor ...) NOT-FOR-US: WordPress plugin CVE-2023-28494 RESERVED CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: Wordpress theme CVE-2023-28492 RESERVED CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...) NOT-FOR-US: WordPress plugin CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...) NOT-FOR-US: WordPress plugin CVE-2023-1477 (Improper Authentication vulnerability in HYPR Keycloak Authenticator E ...) NOT-FOR-US: HYPR Keycloak Authenticator Extension CVE-2023-1476 (A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap m ...) NOT-FOR-US: RedHat specific incomplete Linux kpatch incomplete fix for CVE-2022-41222 CVE-2023-1475 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1473 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29. ...) NOT-FOR-US: WordPress plugin CVE-2023-1472 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1471 (The WP Popup Banners plugin for WordPress is vulnerable to SQL Injecti ...) NOT-FOR-US: WP Popup Banners plugin for WordPress CVE-2023-1470 (The eCommerce Product Catalog plugin for WordPress is vulnerable to St ...) NOT-FOR-US: eCommerce Product Catalog plugin for WordPress CVE-2023-1469 (The WP Express Checkout plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: WP Express Checkout plugin for WordPress CVE-2023-1468 (A vulnerability classified as critical was found in SourceCodester Stu ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...) NOT-FOR-US: SourceCodester Student Study Center Desk Management System CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some genera ...) NOT-FOR-US: WordPress plugin CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Medicine Tracker System CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) - teampass (bug #730180) CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability in Vadi ...) NOT-FOR-US: Vadi Corporate Information Systems DigiKent CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-1459 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2023-1458 (A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 ...) NOT-FOR-US: Ubiquiti EdgeRouter X CVE-2023-1457 (A vulnerability, which was classified as critical, was found in Ubiqui ...) NOT-FOR-US: Ubiquiti EdgeRouter X CVE-2023-1456 (A vulnerability, which was classified as critical, has been found in U ...) NOT-FOR-US: Ubiquiti EdgeRouter X CVE-2023-1455 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-boot 3. ...) NOT-FOR-US: jeecg-boot CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...) NOT-FOR-US: Watchdog Anti-Virus CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2386 NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f NOTE: https://github.com/gpac/gpac/commit/6d6c4533ca7004f76d524129b52bda241dc231b5 (v2.2.1) CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified as pr ...) - mp4v2 CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...) - mp4v2 CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2387 NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 NOTE: https://github.com/gpac/gpac/commit/7c07b1346d64354ba3ac6412097cce1db119eef0 (v2.2.1) CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1034187) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2388 NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 NOTE: https://github.com/gpac/gpac/commit/e76699a83a148345247a02501293b28bc62d6a2e (v2.2.1) CVE-2023-1447 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Medicine Tracker System CVE-2023-1446 (A vulnerability classified as problematic was found in Watchdog Anti-V ...) NOT-FOR-US: Watchdog Anti-Virus CVE-2023-1445 (A vulnerability classified as problematic has been found in Filseclab ...) NOT-FOR-US: Filseclab Twister Antivirus CVE-2023-1444 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...) NOT-FOR-US: Filseclab Twister Antivirus CVE-2023-1443 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...) NOT-FOR-US: Filseclab Twister Antivirus CVE-2023-1442 (A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has be ...) NOT-FOR-US: Meizhou Qingyunke QYKCMS CVE-2023-1441 (A vulnerability has been found in SourceCodester Automatic Question Pa ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1440 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Automatic Question Paper Generator System CVE-2023-1439 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Medicine Tracker System CVE-2023-1438 RESERVED CVE-2023-1437 (All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerabl ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...) - libjettison-java 1.5.4-1 (bug #1033846) [bookworm] - libjettison-java (Minor issue) [bullseye] - libjettison-java (Minor issue) [buster] - libjettison-java (Minor issue, DoS) NOTE: https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ NOTE: https://github.com/jettison-json/jettison/issues/60 NOTE: https://github.com/jettison-json/jettison/pull/62 NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4) NOTE: Introduced by: https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06 (jettison-1.3.1) CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-1434 RESERVED CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...) NOT-FOR-US: SourceCodester Gadget Works Online Ordering System CVE-2023-1432 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sens ...) NOT-FOR-US: WP Simple Shopping Cart plugin for WordPress CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...) - grpc (Vulnerable maxsize handler introduced later) NOTE: Fixed by: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 (v1.54.0-pre1) NOTE: Introduced by: https://github.com/grpc/grpc/commit/b2b70515583fe18e36c7e70b265808fa3154f734 (v1.52.0-pre1) CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...) NOT-FOR-US: WordPress plugin CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...) NOT-FOR-US: WordPress plugin CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Award ...) NOT-FOR-US: WordPress plugin CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by network-adj ...) {DSA-5416-1 DLA-3397-1} - connman 1.41-3 (bug #1034393) NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...) {DLA-3732-1} - sudo 1.9.13p1-1 [bullseye] - sudo (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.) {DLA-3732-1} - sudo 1.9.13p1-1 [bullseye] - sudo (Minor issue) NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca NOTE: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b (fix a regression) CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...) NOT-FOR-US: WeKan CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...) {DSA-5391-1 DLA-3405-1} - libxml2 2.9.14+dfsg-1.2 (bug #1034436) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994 NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4) CVE-2023-28483 (An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query ...) NOT-FOR-US: Tigergraph Enterprise CVE-2023-28482 (An issue was discovered in Tigergraph Enterprise 3.7.0. A single Tiger ...) NOT-FOR-US: Tigergraph Enterprise CVE-2023-28481 (An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsec ...) NOT-FOR-US: Tigergraph Enterprise CVE-2023-28480 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...) NOT-FOR-US: Tigergraph Enterprise CVE-2023-28479 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...) NOT-FOR-US: Tigergraph Enterprise CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...) NOT-FOR-US: TP-Link CVE-2023-28477 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) NOT-FOR-US: Concrete CMS CVE-2023-28476 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...) NOT-FOR-US: Concrete CMS CVE-2023-28475 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and ver ...) NOT-FOR-US: Concrete CMS CVE-2023-28474 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...) NOT-FOR-US: Concrete CMS CVE-2023-28473 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) NOT-FOR-US: Concrete CMS CVE-2023-28472 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) NOT-FOR-US: Concrete CMS CVE-2023-28471 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...) NOT-FOR-US: Concrete CMS CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...) NOT-FOR-US: Couchbase Server CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: ARM CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O w ...) NOT-FOR-US: Insyde InsydeH2O CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...) NOT-FOR-US: MyBB CVE-2023-28465 (The package-decompression feature in HL7 (Health Level 7) FHIR Core Li ...) NOT-FOR-US: HL7 (Health Level 7) FHIR Core Libraries CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...) - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/03/28/2 NOTE: https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/ NOTE: https://git.kernel.org/linus/5dc7d23e167e2882ef118456ceccd57873e876d8 CVE-2023-28463 RESERVED CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara Server 4 ...) NOT-FOR-US: Payara CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...) NOT-FOR-US: Array Networks CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...) NOT-FOR-US: Array Networks CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...) NOT-FOR-US: pretalx CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...) NOT-FOR-US: pretalx CVE-2023-28457 RESERVED CVE-2023-28456 RESERVED CVE-2023-28455 RESERVED CVE-2023-28454 RESERVED CVE-2023-28453 RESERVED CVE-2023-28452 RESERVED CVE-2023-28451 RESERVED CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...) - dnsmasq 2.90-1 (bug #1033165) [bookworm] - dnsmasq (Minor issue) [bullseye] - dnsmasq (Minor issue) [buster] - dnsmasq (Minor issue) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 CVE-2023-1424 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Mitsubishi CVE-2023-1423 RESERVED CVE-2023-1422 RESERVED CVE-2023-1421 (A reflected cross-site scripting vulnerability in the OAuth flow compl ...) - mattermost-server (bug #823556) CVE-2019-25135 RESERVED CVE-2019-25134 RESERVED CVE-2019-25133 RESERVED CVE-2019-25132 RESERVED CVE-2019-25131 RESERVED CVE-2019-25130 RESERVED CVE-2019-25129 RESERVED CVE-2019-25128 RESERVED CVE-2019-25127 RESERVED CVE-2019-25126 RESERVED CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...) {DLA-3404-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Minor issue; CONFIG_TLS not enabled in Debian) NOTE: https://git.kernel.org/linus/49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 CVE-2023-28449 RESERVED CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...) NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures) CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...) - smarty3 3.1.48-1 (bug #1033964) [bookworm] - smarty3 (Minor issue) [bullseye] - smarty3 (Minor issue) [buster] - smarty3 (Minor issue) - smarty4 4.3.1-1 (bug #1033965) [bookworm] - smarty4 4.3.0-1+deb12u1 NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj NOTE: https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72 (v4.3.1) NOTE: https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad (v3.1.48) CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...) NOT-FOR-US: Deno CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) NOT-FOR-US: Deno CVE-2023-28444 (angular-server-side-configuration helps configure an angular applicati ...) NOT-FOR-US: angular-server-side-configuration CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...) NOT-FOR-US: GeoNode CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...) NOT-FOR-US: smartCARS CVE-2023-28440 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.22.1+dfsg-1 (bug #1034481) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1059301) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g NOTE: https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef (4.21.0) CVE-2023-28438 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-28437 (Dataease is an open source data visualization and analysis tool. The b ...) NOT-FOR-US: Dataease CVE-2023-28436 (Tailscale is software for using Wireguard and multi-factor authenticat ...) NOT-FOR-US: Tailscale CVE-2023-28435 (Dataease is an open source data visualization and analysis tool. The p ...) NOT-FOR-US: Dataease CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...) - minio (bug #859207) CVE-2023-28433 (Minio is a Multi-Cloud Object Storage framework. All users on Windows ...) - minio (bug #859207) CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster deployme ...) - minio (bug #859207) CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...) NOT-FOR-US: Frontier CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...) NOT-FOR-US: OneSignal CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...) NOT-FOR-US: Pimcore CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...) - ippsample (bug #1034155) [bookworm] - ippsample (Minor issue) NOTE: https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1) NOTE: https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...) {DSA-5392-1 DLA-3400-1} - node-matrix-js-sdk (bug #1033621) [bullseye] - node-matrix-js-sdk (Minor issue) [buster] - node-matrix-js-sdk (Minor issue) - thunderbird 1:102.9.1-1 NOTE: https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0/ NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/#CVE-2023-28427 CVE-2023-28426 REJECTED CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting in vers ...) - redis 5:7.0.10-1 (bug #1033340) [bullseye] - redis (Vulnerable code not present) [buster] - redis (Vulnerable code not present) NOTE: Fixed by: https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9 NOTE: https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...) NOT-FOR-US: Soko CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pris ...) NOT-FOR-US: WordPress plugin CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...) NOT-FOR-US: WooCommerce plugin CVE-2023-28421 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-28420 (Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom ...) NOT-FOR-US: WordPress plugin CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Fo ...) NOT-FOR-US: WordPress plugin CVE-2023-28418 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress theme CVE-2023-28417 RESERVED CVE-2023-28416 RESERVED CVE-2023-28415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xoot ...) NOT-FOR-US: WordPress plugin CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...) NOT-FOR-US: WordPress plugin CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 ...) NOT-FOR-US: WordPress plugin CVE-2023-28409 (Unrestricted upload of file with dangerous type exists in MW WP Form v ...) NOT-FOR-US: WordPress plugin CVE-2023-28408 (Directory traversal vulnerability in MW WP Form versions v4.4.2 and ea ...) NOT-FOR-US: WordPress plugin CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated ...) NOT-FOR-US: Beekeeper Studio CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 ...) NOT-FOR-US: AC-WAPU-300 CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...) NOT-FOR-US: SR-7100V CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks ...) NOT-FOR-US: "NewsPicks" App CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...) NOT-FOR-US: ESS REC Agent Server Edition CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...) NOT-FOR-US: Brother CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...) NOT-FOR-US: VK All in One Expansion Unit CVE-2023-27926 (Cross-site scripting vulnerability in Profile setting function of VK A ...) NOT-FOR-US: VK All in One Expansion Unit CVE-2023-27925 (Cross-site scripting vulnerability in Post function of VK Blocks 1.53. ...) NOT-FOR-US: VK All in One Expansion Unit CVE-2023-27923 (Cross-site scripting vulnerability in Tag edit function of VK Blocks 1 ...) NOT-FOR-US: VK All in One Expansion Unit CVE-2023-27922 (Cross-site scripting vulnerability in Newsletter versions prior to 7.6 ...) NOT-FOR-US: WordPress plugin CVE-2023-27921 (JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cr ...) NOT-FOR-US: JINS MEME CVE-2023-27920 (Improper access control vulnerability in the system date/time setting ...) NOT-FOR-US: SolarView CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin ...) NOT-FOR-US: NEXT ENGINE Integration Plugin CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...) NOT-FOR-US: WordPress plugin CVE-2023-27889 (Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLO ...) NOT-FOR-US: WordPress plugin CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier ...) NOT-FOR-US: Joruri Gw CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...) NOT-FOR-US: Shinseiyo Sogo Soft CVE-2023-27521 (OS command injection vulnerability in the mail setting page of SolarVi ...) NOT-FOR-US: SolarView CVE-2023-27518 (Buffer overflow vulnerability in the multiple setting pages of SolarVi ...) NOT-FOR-US: SolarView CVE-2023-27514 (OS command injection vulnerability in the download page of SolarView C ...) NOT-FOR-US: SolarView CVE-2023-27512 (Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 ...) NOT-FOR-US: SolarView CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...) NOT-FOR-US: JB Inquiry form CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal ...) NOT-FOR-US: MicroEngine CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine ...) NOT-FOR-US: MicroEngine CVE-2023-27396 (FINS (Factory Interface Network Service) is a message communication pr ...) NOT-FOR-US: FINS (Factory Interface Network Service) CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...) NOT-FOR-US: CX-Drive All CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...) NOT-FOR-US: Cybozu CVE-2023-27304 (Operation restriction bypass vulnerability in Message and Bulletin of ...) NOT-FOR-US: Cybozu CVE-2023-26595 (Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10 ...) NOT-FOR-US: Cybozu CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...) NOT-FOR-US: Yokogawa CVE-2023-25955 (National land numerical information data conversion tool all versions ...) NOT-FOR-US: National land numerical information data conversion tool CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...) NOT-FOR-US: KYOCERA CVE-2023-25953 (Code injection vulnerability in Drive Explorer for macOS versions 3.5. ...) NOT-FOR-US: Drive Explorer for macOS CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...) - haproxy 2.6.8-1 [bullseye] - haproxy (Vulnerable code not present) [buster] - haproxy (Vulnerable code not present) NOTE: https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 (v2.7.1) NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=22b44d5f2c7ce1ed0e4b62c639991d5abbd42a50 (v2.6.8) CVE-2023-25946 (Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware vers ...) NOT-FOR-US: Qrio Lock CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...) NOT-FOR-US: Screen Creator Advance CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...) NOT-FOR-US: Seiko CVE-2023-25072 (Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. ...) NOT-FOR-US: SkyBridge CVE-2023-25070 (Cleartext transmission of sensitive information exists in SkyBridge MB ...) NOT-FOR-US: SkyBridge CVE-2023-24586 (Cleartext storage of sensitive information exists in SkyBridge MB-A100 ...) NOT-FOR-US: SkyBridge CVE-2023-23906 (Missing authentication for critical function exists in SkyBridge MB-A1 ...) NOT-FOR-US: SkyBridge CVE-2023-23901 (Improper following of a certificate's chain of trust exists in SkyBrid ...) NOT-FOR-US: SkyBridge CVE-2023-23578 (Improper access control vulnerability in SkyBridge MB-A200 firmware Ve ...) NOT-FOR-US: SkyBridge CVE-2023-22441 (Missing authentication for critical function exists in Seiko Solutions ...) NOT-FOR-US: Seiko CVE-2023-22361 (Improper privilege management vulnerability in SkyBridge MB-A100/110 f ...) NOT-FOR-US: SkyBridge CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...) NOT-FOR-US: WAB-MAT CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...) NOT-FOR-US: WordPress plugin CVE-2023-1419 RESERVED CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...) NOT-FOR-US: Simple Art Gallery CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...) NOT-FOR-US: Simple Art Gallery CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have authorisation an ...) NOT-FOR-US: WordPress plugin CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...) NOT-FOR-US: Cloudflare WARP CVE-2023-1411 RESERVED CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-1409 (If the MongoDB Server running on Windows or macOS is configured to use ...) - mongodb (Only applies to MacOS and Windows) CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/98bea253aa28ad8be2ce565a9ca21beb4a9419e5 (6.4-rc1) NOTE: NTFS3 driver not enabled in Debian CVE-2022-48424 (In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate t ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f1dc7d9756e66f3f876839ea174df2e656b7f79 (6.2-rc1) NOTE: NTFS3 driver not enabled in Debian CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/54e45702b648b7c0000e90b3e9b890e367e16ea8 (6.2-rc1) NOTE: NTFS3 driver not enabled in Debian CVE-2022-48421 RESERVED CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array administrator by c ...) NOT-FOR-US: FlashArray Purity CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user w ...) NOT-FOR-US: FlashBlade Purity CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...) - stellarium (bug #1034183) [bookworm] - stellarium (Minor issue) [bullseye] - stellarium (Minor issue) [buster] - stellarium (Minor issue) NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7 NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78 NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...) NOT-FOR-US: TP-Link CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...) {DSA-5511-1} - mosquitto 2.0.17-1 [buster] - mosquitto (Minor memory leak which requires rewrite of core functions) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9 (v2.0.16) NOTE: Regression fix: https://github.com/eclipse/mosquitto/commit/bfb373d774d8530e8d6620776304a3e0b0201793 NOTE: Regression fix: https://github.com/eclipse/mosquitto/commit/28d96d8ebca9f6bdb7f272f1095760953e62d828 CVE-2023-28365 (A backup file vulnerability found in UniFi applications (Version 7.3.8 ...) NOT-FOR-US: UniFi CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117, where ...) - brave-browser (bug #864795) CVE-2023-28363 RESERVED CVE-2023-28362 [Possible XSS via User Supplied Values to redirect_to] RESERVED - rails (bug #1051058) [bookworm] - rails (Minor issue) [bullseye] - rails (Minor issue) NOTE: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132 NOTE: https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5 (main) NOTE: https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441 (v6.1.7.4) CVE-2023-28361 (A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi ...) NOT-FOR-US: UniFi OS CVE-2023-28360 (An omission of security-relevant information vulnerability exists in B ...) - brave-browser (bug #864795) CVE-2023-28359 (A NoSQL injection vulnerability has been identified in the listEmojiCu ...) NOT-FOR-US: Rocket.Chat CVE-2023-28358 (A vulnerability has been discovered in Rocket.Chat where a markdown pa ...) NOT-FOR-US: Rocket.Chat CVE-2023-28357 (A vulnerability has been identified in Rocket.Chat, where the ACL chec ...) NOT-FOR-US: Rocket.Chat CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted messag ...) NOT-FOR-US: Rocket.Chat CVE-2023-28355 RESERVED CVE-2023-28354 RESERVED CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...) NOT-FOR-US: Faronics Insight CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...) NOT-FOR-US: Faronics Insight CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...) NOT-FOR-US: Faronics Insight CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...) NOT-FOR-US: Faronics Insight CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) NOT-FOR-US: Faronics Insight CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...) NOT-FOR-US: Faronics Insight CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) NOT-FOR-US: Faronics Insight CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) NOT-FOR-US: Faronics Insight CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) NOT-FOR-US: Faronics Insight CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) NOT-FOR-US: Faronics Insight CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...) NOT-FOR-US: Altenergy Power Control Software CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...) NOT-FOR-US: SourceCodester CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files ...) NOT-FOR-US: WordPress plugin CVE-2022-48420 RESERVED CVE-2022-48419 RESERVED CVE-2022-48418 RESERVED CVE-2022-48417 RESERVED CVE-2022-48416 RESERVED CVE-2022-48415 RESERVED CVE-2022-48414 RESERVED CVE-2022-48413 RESERVED CVE-2022-48412 RESERVED CVE-2022-48411 RESERVED CVE-2020-36690 RESERVED CVE-2020-36689 RESERVED CVE-2020-36688 RESERVED CVE-2020-36687 RESERVED CVE-2020-36686 RESERVED CVE-2020-36685 RESERVED CVE-2020-36684 RESERVED CVE-2020-36683 RESERVED CVE-2020-36682 RESERVED CVE-2020-36681 RESERVED CVE-2019-25125 RESERVED CVE-2019-25124 RESERVED CVE-2019-25123 RESERVED CVE-2019-25122 RESERVED CVE-2019-25121 RESERVED CVE-2019-25120 RESERVED CVE-2019-25119 RESERVED CVE-2019-25118 RESERVED CVE-2019-25117 RESERVED CVE-2019-25116 RESERVED CVE-2023-28342 (Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to cond ...) NOT-FOR-US: Zoho CVE-2023-28341 (Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine A ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-28340 (Zoho ManageEngine Applications Manager through 16320 allows the admin ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...) - doas [bullseye] - doas (Minor issue) - opendoas (bug #1034185) [bookworm] - opendoas (Minor issue, will be addressed via kernel change which isn't in 6.1 yet) NOTE: https://github.com/Duncaen/OpenDoas/issues/106 NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/4 NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been NOTE: posted to kernel-hardening list, and can be mitigated with Linux 6.2, see option NOTE: CONFIG_LEGACY_TIOCSTI. CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web ser ...) NOT-FOR-US: Netgear CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...) NOT-FOR-US: Netgear CVE-2023-28336 (Insufficient filtering of grade report history made it possible for te ...) - moodle CVE-2023-28335 (The link to reset all templates of a database activity did not include ...) - moodle CVE-2023-28334 (Authenticated users were able to enumerate other users' names via the ...) - moodle CVE-2023-28333 (The Mustache pix helper contained a potential Mustache injection risk ...) - moodle CVE-2023-28332 (If the algebra filter was enabled but not functional (eg the necessary ...) - moodle CVE-2023-28331 (Content output by the database auto-linking filter required additional ...) - moodle CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file read r ...) - moodle CVE-2023-28329 (Insufficient validation of profile field availability condition result ...) - moodle CVE-2023-28328 (A NULL pointer dereference flaw was found in the az6027 driver in driv ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.4-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/0ed554fd769a19ea8464bb83e9ac201002ef74ad (6.2-rc1) CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol in net/ ...) - linux 6.1.4-1 [bullseye] - linux 5.10.162-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b3abe42e94900bdd045c472f9c9be620ba5ce553 (6.1) CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apache Open ...) NOT-FOR-US: Apache OpenMeetings CVE-2023-1405 (The Formidable Forms WordPress plugin before 6.2 unserializes user inp ...) NOT-FOR-US: WordPress plugin CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...) NOT-FOR-US: WordPress plugin CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2023-1402 (The course participation report required additional checks to prevent ...) - moodle CVE-2023-1401 (An issue has been discovered in GitLab DAST scanner affecting all vers ...) NOT-FOR-US: GitLab DAST scanner CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...) NOT-FOR-US: N6854A Geolocation Server CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS ...) NOT-FOR-US: XiaoBingBy TeaCMS CVE-2023-1397 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Online Student Management System CVE-2023-1396 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-1395 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-1394 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1393 (A flaw was found in X.Org Server Overlay Window. A Use-After-Free may ...) {DSA-5380-1 DLA-3372-1} - xorg-server 2:21.1.7-2 - xwayland 2:22.1.9-1 NOTE: https://www.openwall.com/lists/oss-security/2023/03/29/1 NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 CVE-2023-1392 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-1391 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-1390 (A remote denial of service vulnerability was found in the Linux kernel ...) - linux 5.10.12-1 [buster] - linux 4.19.171-1 NOTE: https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4) CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 2023 ...) NOT-FOR-US: TP-Link CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 5.7.9 allow ...) NOT-FOR-US: Trellix CVE-2023-1387 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...) - qemu (bug #1055174) [bookworm] - qemu (Minor issue, revisit when fixed upstream) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue) NOTE: https://github.com/v9fs/linux/issues/29 CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...) NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...) NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...) NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...) - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 [buster] - linux 4.19.269-1 NOTE: https://git.kernel.org/linus/a7b42969d63f47320853a802efd879fbdc4e010e (6.1-rc7) CVE-2022-48410 RESERVED CVE-2022-48409 RESERVED CVE-2022-48408 RESERVED CVE-2022-48407 RESERVED CVE-2022-48406 RESERVED CVE-2022-48405 RESERVED CVE-2022-48404 RESERVED CVE-2022-48403 RESERVED CVE-2023-28325 (An improper authorization vulnerability exists in Rocket.Chat <6.0 tha ...) NOT-FOR-US: Rocket.Chat CVE-2023-28324 (A improper input validation vulnerability exists in Ivanti Endpoint Ma ...) NOT-FOR-US: Ivanti CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and all pri ...) NOT-FOR-US: Ivanti CVE-2023-28322 (An information disclosure vulnerability exists in curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2023-28319.html NOTE: Introduced by: https://github.com/curl/curl/commit/3467e89bb97e6c87c77e82a046c59cb4b2d29a74 (curl-7_81_0) NOTE: Fixed by: https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 (curl-8_1_0) CVE-2023-28318 (A vulnerability has been discovered in Rocket.Chat, where messages can ...) NOT-FOR-US: Rocket.Chat CVE-2023-28317 (A vulnerability has been discovered in Rocket.Chat, where editing mess ...) NOT-FOR-US: Rocket.Chat CVE-2023-28316 (A security vulnerability has been discovered in the implementation of ...) NOT-FOR-US: Rocket.Chat CVE-2023-28315 RESERVED CVE-2023-28314 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-28313 (Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-28312 (Azure Machine Learning Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28307 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28306 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28305 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28300 (Azure Service Connector Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28299 (Visual Studio Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28298 (Windows Kernel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28297 (Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28294 RESERVED CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28292 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28291 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28290 (Microsoft Remote Desktop app for Windows Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2023-28289 RESERVED CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28283 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2023-28282 RESERVED CVE-2023-28281 RESERVED CVE-2023-28280 RESERVED CVE-2023-28279 RESERVED CVE-2023-28278 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28277 (Windows DNS Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28276 (Windows Group Policy Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28275 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-28274 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28273 (Windows Clip Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28272 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28271 (Windows Kernel Memory Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28270 (Windows Lock Screen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28269 (Windows Boot Manager Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28268 (Netlogon RPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28267 (Remote Desktop Protocol Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28266 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-28265 RESERVED CVE-2023-28264 RESERVED CVE-2023-28263 (Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28262 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28261 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2023-28259 RESERVED CVE-2023-28258 RESERVED CVE-2023-28257 RESERVED CVE-2023-28256 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28255 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28254 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28253 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28252 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-28251 (Windows Driver Revocation List Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28250 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-28249 (Windows Boot Manager Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28248 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28247 (Windows Network File System Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28246 (Windows Registry Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28245 RESERVED CVE-2023-28244 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28243 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-28242 RESERVED CVE-2023-28241 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...) NOT-FOR-US: Microsoft CVE-2023-28240 (Windows Network Load Balancing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28239 RESERVED CVE-2023-28238 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2023-28237 (Windows Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28236 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28235 (Windows Lock Screen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28234 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28233 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28232 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-28231 (DHCP Server Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28230 RESERVED CVE-2023-28229 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28228 (Windows Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28227 (Windows Bluetooth Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28226 (Windows Enroll Engine Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28225 (Windows NTLM Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28224 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2023-28223 (Windows Domain Name Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28222 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28221 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28220 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28219 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28218 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2023-28217 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-28216 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2023-27917 (OS command injection vulnerability in CONPROSYS IoT Gateway products a ...) NOT-FOR-US: CONPROSYS IoT Gateway products CVE-2023-27389 (Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway ...) NOT-FOR-US: CONPROSYS IoT Gateway products CVE-2023-23575 (Improper access control vulnerability in CONPROSYS IoT Gateway product ...) NOT-FOR-US: CONPROSYS IoT Gateway products CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image ...) NOT-FOR-US: WordPress plugin CVE-2022-48402 RESERVED CVE-2022-48401 RESERVED CVE-2022-48400 RESERVED CVE-2022-48399 RESERVED CVE-2022-48398 RESERVED CVE-2022-48397 RESERVED CVE-2022-48396 RESERVED CVE-2022-48395 RESERVED CVE-2022-48394 RESERVED CVE-2022-48393 RESERVED CVE-2020-36680 RESERVED CVE-2020-36679 RESERVED CVE-2020-36678 RESERVED CVE-2020-36677 RESERVED CVE-2020-36676 RESERVED CVE-2020-36675 RESERVED CVE-2020-36674 RESERVED CVE-2020-36673 RESERVED CVE-2020-36672 RESERVED CVE-2020-36671 RESERVED CVE-2019-25115 RESERVED CVE-2019-25114 RESERVED CVE-2019-25113 RESERVED CVE-2019-25112 RESERVED CVE-2019-25111 RESERVED CVE-2019-25110 RESERVED CVE-2019-25109 RESERVED CVE-2019-25108 RESERVED CVE-2019-25107 RESERVED CVE-2019-25106 RESERVED CVE-2023-28215 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28214 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28213 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28212 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28211 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28210 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28209 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-28208 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-28207 RESERVED CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2023-28205 (A use after free issue was addressed with improved memory management. ...) {DSA-5397-1 DSA-5396-1 DLA-3419-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-28204 (An out-of-bounds read was addressed with improved input validation. Th ...) {DSA-5427-1} - webkit2gtk 2.40.2-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930 NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c NOTE: https://webkitgtk.org/security/WSA-2023-0004.html CVE-2023-28203 (The issue was addressed with improved checks. This issue is fixed in A ...) NOT-FOR-US: Apple CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2023-28198 (A use-after-free issue was addressed with improved memory management. ...) {DSA-5396-1} - webkit2gtk 2.40.1-1 [buster] - webkit2gtk (webkit2gtk EOL in buster) - wpewebkit 2.40.2-2 [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) NOTE: https://webkitgtk.org/security/WSA-2023-0008.html CVE-2023-28197 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2023-28196 RESERVED CVE-2023-28195 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...) NOT-FOR-US: Apple CVE-2023-28193 RESERVED CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2023-28191 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...) NOT-FOR-US: Apple CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-28188 (A denial-of-service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2023-28187 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2023-28186 RESERVED CVE-2023-28185 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2023-28184 RESERVED CVE-2023-28183 RESERVED CVE-2023-28182 (The issue was addressed with improved authentication. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-28181 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2023-28179 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-28177 (Memory safety bugs present in Firefox 110. Some of these bugs showed e ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177 CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 - thunderbird 1:102.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176 CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...) NOT-FOR-US: Bosch CVE-2023-28174 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLig ...) NOT-FOR-US: WordPress plugin CVE-2023-28173 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) NOT-FOR-US: WordPress plugin CVE-2023-28172 (Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress theme CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...) NOT-FOR-US: WordPress plugin CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...) NOT-FOR-US: WordPress plugin CVE-2023-28168 RESERVED CVE-2023-28167 (Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 ...) NOT-FOR-US: WordPress plugin CVE-2023-28166 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Ka ...) NOT-FOR-US: WordPress plugin CVE-2023-28165 RESERVED CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 - thunderbird 1:102.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28164 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28164 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28164 CVE-2023-28163 (When downloading files through the Save As dialog on Windows with sugg ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28163 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28163 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28163 CVE-2023-28162 (While implementing AudioWorklets, some code may have casted one type t ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 - thunderbird 1:102.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28162 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28162 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28162 CVE-2023-28161 (If temporary "one-time" permissions, such as the ability to use the Ca ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28161 CVE-2023-28160 (When following a redirect to a publicly accessible web extension file, ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28160 CVE-2023-28159 (The fullscreen notification could have been hidden on Firefox for Andr ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159 CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...) {DSA-5480-1 DLA-3623-1 DLA-3508-1} - linux 6.1.27-1 NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1 NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u NOTE: https://git.kernel.org/linus/0da40e018fd034d87c9460123fa7f897b69fdee7 (6.4-rc1) CVE-2023-1379 (A vulnerability was found in SourceCodester Friendly Island Pizza Webs ...) NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...) NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System CVE-2023-1377 (The Solidres WordPress plugin through 0.9.4 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-1376 RESERVED CVE-2023-1375 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: Solidres plugin for WordPress CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...) NOT-FOR-US: WordPress plugin CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WH Testimonials plugin for WordPress CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure that pa ...) NOT-FOR-US: WordPress plugin CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...) {DLA-3373-1} - json-smart 2.2-3 (bug #1033474) [bookworm] - json-smart (Minor issue) [bullseye] - json-smart (Minor issue) NOTE: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ NOTE: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9) CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has ...) NOT-FOR-US: TG Soft Vir.IT eXplorer CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...) NOT-FOR-US: XHCMS CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-28158 (Privilege escalation via stored XSS using the file upload service to u ...) NOT-FOR-US: Apache Archiva CVE-2023-28157 RESERVED CVE-2023-28156 RESERVED CVE-2023-28155 (The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...) - node-request (bug #1033250) [bookworm] - node-request (Minor issue) [bullseye] - node-request (Minor issue) [buster] - node-request (Minor issue) NOTE: https://github.com/request/request/issues/3442 CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...) - node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904) [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1 [bullseye] - node-webpack 4.43.0-6+deb11u1 [buster] - node-webpack (vulnerable code vm.runInNewContext(`(function(){return {${value}};})()`); is not present. Introduced latter) NOTE: https://github.com/webpack/webpack/pull/16500 NOTE: Merge commit: https://github.com/webpack/webpack/commit/4b4ca3bb53f36a5b8fc6bc1bd976ed7af161bd80 (v5.76.0) CVE-2023-1363 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2023-1362 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: Bumsys CVE-2023-1361 (SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.) NOT-FOR-US: Bumsys CVE-2022-48392 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48391 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48390 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...) NOT-FOR-US: Unisoc CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-48386 (the apipe driver, there is a possible use after free due to a logic er ...) NOT-FOR-US: Unisoc CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2022-48384 (In srtd service, there is a possible missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-48383 (.In srtd service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48382 (In log service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-48381 (In modem control device, there is a possible out of bounds write due t ...) NOT-FOR-US: Unisoc CVE-2022-48380 (In modem control device, there is a possible out of bounds write due t ...) NOT-FOR-US: Unisoc CVE-2022-48379 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48378 (In engineermode service, there is a possible missing permission check. ...) NOT-FOR-US: Unisoc CVE-2022-48377 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48376 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48375 (In contacts service, there is a possible missing permission check. Thi ...) NOT-FOR-US: Unisoc CVE-2022-48374 (In tee service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-48373 (In tee service, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Unisoc CVE-2022-48371 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48370 (In dialer service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-48369 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48368 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip Generator ...) NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works Online O ...) NOT-FOR-US: SourceCodester Gadget Works Online Ordering System CVE-2023-1358 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Gadget Works Online Ordering System CVE-2023-1357 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Simple Bakery Shop Management System CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental Control a ...) NOT-FOR-US: Kiddoware Kids Place Parental Control CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...) NOT-FOR-US: Independentsoft JWord CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...) NOT-FOR-US: Independentsoft JSpreadsheet CVE-2023-28150 (An issue was discovered in Independentsoft JODF before 1.1.110. The AP ...) NOT-FOR-US: Independentsoft CVE-2023-28149 RESERVED CVE-2023-28148 RESERVED CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: ARM CVE-2023-28146 RESERVED CVE-2023-28145 RESERVED CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configura ...) - hotspot (bug #1033848) [bookworm] - hotspot (Minor issue) [bullseye] - hotspot (Minor issue) [buster] - hotspot (Vulnerable code not present, introduced in 1.3.0) NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8 NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0) NOTE: Opt-In to allow privilege escalation (and disable by default): NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component in IDAtt ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...) - vim 2:9.0.1658-1 (unimportant) NOTE: https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9 NOTE: https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46 (v9.0.1402) NOTE: Crash in CLI tool, no security impact CVE-2022-48367 (An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Acce ...) NOT-FOR-US: Ibexa CVE-2022-48366 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It ...) NOT-FOR-US: Ibexa CVE-2022-48365 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The ...) NOT-FOR-US: Ibexa CVE-2021-46876 (An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. Th ...) NOT-FOR-US: Ibexa CVE-2021-46875 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An ...) NOT-FOR-US: Ibexa CVE-2023-1354 (A vulnerability has been found in SourceCodester Design and Implementa ...) NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System CVE-2023-1353 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System CVE-2023-1352 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System CVE-2023-1351 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critical. A ...) - liferea 1.14.1-1 (bug #1032822) [bullseye] - liferea (Minor issue) [buster] - liferea (Minor issue) NOTE: Introduced by: https://github.com/lwindolf/liferea/commit/b8288389820a3f510ef4b21684b22439c41d95a5 (v1.12.0) NOTE: introduced by: https://github.com/lwindolf/liferea/commit/b67dbba73443ab7b36fcd3c78aa803e974c0f23e (v1.12.0) NOTE: Fixed by: https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 (v1.14.1) NOTE: Followup: https://github.com/lwindolf/liferea/commit/1981e1e161cde4896592ebca40fa3b115f0053ef (v1.14.1) NOTE: Feature is always off-by default and not not advertised in the documentation. CVE-2023-1349 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Hsycms CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been decl ...) NOT-FOR-US: ICEPAY REST-API-NET CVE-2023-28143 (Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer ...) NOT-FOR-US: Qualys CVE-2023-28142 (A Race Condition exists in the Qualys Cloud Agent for Windows platform ...) NOT-FOR-US: Qualys CVE-2023-28141 (An NTFS Junction condition exists in the Qualys Cloud Agent for Window ...) NOT-FOR-US: Qualys CVE-2023-28140 (An Executable Hijacking condition exists in the Qualys Cloud Agent for ...) NOT-FOR-US: Qualys CVE-2023-28139 RESERVED CVE-2023-28138 RESERVED CVE-2023-28137 RESERVED CVE-2023-28136 RESERVED CVE-2023-28135 RESERVED CVE-2023-28134 (Local attacker can escalate privileges on affected installations of Ch ...) NOT-FOR-US: Check Point Harmony Endpoint/ZoneAlarm Extreme Security CVE-2023-28133 (Local privilege escalation in Check Point Endpoint Security Client (ve ...) NOT-FOR-US: Check Point Endpoint Security Client CVE-2023-28132 RESERVED CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...) NOT-FOR-US: expo.io CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...) NOT-FOR-US: Gaia Portal CVE-2023-28129 (DSM 2022.2 SU2 and all prior versions allows a local low privileged ac ...) NOT-FOR-US: Ivanti CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Avalanche CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...) NOT-FOR-US: Avalanche CVE-2023-28126 (An authentication bypass vulnerability exists in Avalanche versions 6. ...) NOT-FOR-US: Avalanche CVE-2023-28125 (An improper authentication vulnerability exists in Avalanche Premise v ...) NOT-FOR-US: Avalanche CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...) NOT-FOR-US: UI Desktop for Windows CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...) NOT-FOR-US: UI Desktop for Windows CVE-2023-28122 (A local privilege escalation (LPE) vulnerability in UI Desktop for Win ...) NOT-FOR-US: UI Desktop for Windows CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...) NOT-FOR-US: WordPress plugin CVE-2023-28120 RESERVED {DSA-5389-1} - rails 2:6.1.7.3+dfsg-1 (bug #1033262) NOTE: https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3) NOTE: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 CVE-2023-1348 RESERVED CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6 unserialize ...) NOT-FOR-US: WordPress plugin CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...) - golang-github-crewjam-saml (bug #1033753) NOTE: https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 (v0.4.13) NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...) NOT-FOR-US: kaml CVE-2023-28117 (Sentry SDK is the official Python SDK for Sentry, real-time crash repo ...) NOT-FOR-US: Sentry Python SDK CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system for inte ...) NOT-FOR-US: Contiki-NG CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF generation ...) - civicrm 5.68.1+dfsg1-1 (bug #1036284) [bullseye] - civicrm (Minor issue) NOTE: https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc NOTE: https://github.com/KnpLabs/snappy/pull/469 NOTE: https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6 (v1.4.2) CVE-2023-28114 (`cilium-cli` is the command line interface to install, manage, and tro ...) NOT-FOR-US: cilium-cli CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in version 0.3 ...) NOT-FOR-US: russh CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) NOT-FOR-US: Discourse CVE-2023-28110 (Jumpserver is a popular open source bastion host, and Koko is a Jumpse ...) NOT-FOR-US: Jumpserver CVE-2023-28109 (Play With Docker is a browser-based Docker playground. Versions 0.0.2 ...) NOT-FOR-US: Play with Docker CVE-2023-28108 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-28106 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...) NOT-FOR-US: go-used-util CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...) NOT-FOR-US: silverstripe/graphql CVE-2023-28103 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. I ...) NOT-FOR-US: Node matrix-react-sdk CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In disco ...) NOT-FOR-US: discordrb CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...) - flatpak 1.14.4-1 (bug #1033098) [bullseye] - flatpak 1.10.8-0+deb11u1 [buster] - flatpak (Minor issue) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8 NOTE: https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 (1.15.4) NOTE: https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c (1.15.4) NOTE: https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c (1.15.4) NOTE: https://github.com/flatpak/flatpak/commit/acd627a2fabe9856947399044dbf7aa79247c75b (1.10.8) NOTE: https://github.com/flatpak/flatpak/commit/e88eedce76f79a5573df4fc38b344bbeaf7af024 (1.10.8) CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed ...) - flatpak 1.14.4-1 (bug #1033099) [bullseye] - flatpak 1.10.8-0+deb11u1 [buster] - flatpak (Minor issue) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp NOTE: https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 (1.15.4) NOTE: https://github.com/flatpak/flatpak/commit/a9bf18040cc075a70657c6090a59d7f6fe78f893 (1.10.8) CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-28097 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementation, h ...) NOT-FOR-US: OpenSIPS CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-28094 (Pega platform clients who are using versions 7.4 through 8.8.x and hav ...) NOT-FOR-US: Pega CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...) NOT-FOR-US: Pegasystems CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...) NOT-FOR-US: HPE CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...) NOT-FOR-US: HPE CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials) NOT-FOR-US: HPE CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...) NOT-FOR-US: HPE CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...) NOT-FOR-US: HPE CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts) NOT-FOR-US: HPE CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings) NOT-FOR-US: HPE CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD ...) NOT-FOR-US: HPE CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...) NOT-FOR-US: HPE CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...) NOT-FOR-US: HPE CVE-2023-28082 RESERVED CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...) NOT-FOR-US: Facebook Hermes CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking ...) NOT-FOR-US: PowerPath CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File ...) NOT-FOR-US: PowerPath CVE-2023-28078 (Dell OS10 Networking Switches running 10.5.2.x and above contain a vul ...) NOT-FOR-US: Dell CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...) NOT-FOR-US: Dell CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...) NOT-FOR-US: Dell CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...) NOT-FOR-US: Dell CVE-2023-28074 RESERVED CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...) NOT-FOR-US: Dell CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0, contain a d ...) NOT-FOR-US: Dell CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...) NOT-FOR-US: Dell CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...) NOT-FOR-US: Alienware CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...) NOT-FOR-US: Dell CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an improper fo ...) NOT-FOR-US: Dell CVE-2023-28067 RESERVED CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...) NOT-FOR-US: Dell CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update versions 4.8. ...) NOT-FOR-US: Dell CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...) NOT-FOR-US: Dell CVE-2023-28063 (Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability ...) NOT-FOR-US: Dell CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...) NOT-FOR-US: Dell CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28060 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28059 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28058 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28057 RESERVED CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28055 (Dell NetWorker, Version 19.7 has an improper authorization vulnerabili ...) NOT-FOR-US: Dell CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28053 (Dell NetWorker Virtual Edition versions 19.8 and below contain the use ...) NOT-FOR-US: Dell CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...) NOT-FOR-US: Dell CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28049 (Dell Command | Monitor, versions prior to 10.9, contain an arbitrary f ...) NOT-FOR-US: Dell CVE-2023-28048 RESERVED CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...) NOT-FOR-US: Dell CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...) NOT-FOR-US: Dell CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...) NOT-FOR-US: Dell CVE-2023-28044 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during ...) NOT-FOR-US: Dell CVE-2023-28042 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28041 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28040 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28039 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28038 RESERVED CVE-2023-28037 RESERVED CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28032 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-28026 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1344 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1343 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1342 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1341 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1340 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1339 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1338 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1337 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1336 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1335 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1334 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress CVE-2023-1332 RESERVED CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...) NOT-FOR-US: WordPress plugin CVE-2023-1329 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...) NOT-FOR-US: Guizhou 115cms CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...) NOT-FOR-US: Netgear CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...) NOT-FOR-US: Apport CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...) NOT-FOR-US: WordPress plugin CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-1323 (The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...) NOT-FOR-US: lmxcms CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as critic ...) NOT-FOR-US: lmxcms CVE-2023-1320 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) NOT-FOR-US: osTicket CVE-2023-1319 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) NOT-FOR-US: osTicket CVE-2023-1318 (Cross-site Scripting (XSS) - Generic in GitHub repository osticket/ost ...) NOT-FOR-US: osTicket CVE-2023-1317 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) NOT-FOR-US: osTicket CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) NOT-FOR-US: osTicket CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) NOT-FOR-US: osTicket CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<= 202 ...) NOT-FOR-US: cloudflared's installer CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-1311 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System CVE-2023-1310 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1309 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1308 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPr ...) NOT-FOR-US: dd32 Debug Bar Plugin CVE-2023-28025 (Due to this vulnerability, the Master operator could potentially incor ...) NOT-FOR-US: HCL CVE-2023-28024 RESERVED CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...) NOT-FOR-US: HCL CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure vulnerabili ...) NOT-FOR-US: HCL CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.) NOT-FOR-US: HCL CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicious use ...) NOT-FOR-US: HCL CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 14 allo ...) NOT-FOR-US: HCL CVE-2023-28018 (HCL Connections is vulnerable to a denial of service, caused by improp ...) NOT-FOR-US: HCL CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...) NOT-FOR-US: HCL CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...) NOT-FOR-US: HCL CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...) NOT-FOR-US: HCL CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...) NOT-FOR-US: HCL CVE-2023-28013 (HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vul ...) NOT-FOR-US: HCL CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack. An auth ...) NOT-FOR-US: HCL CVE-2023-28011 RESERVED CVE-2023-28010 (In some configuration scenarios, the Domino server host name can be ex ...) NOT-FOR-US: HCL CVE-2023-28009 (HCL Workload Automation is vulnerable to an XML External Entity Inject ...) NOT-FOR-US: HCL CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML Ex ...) NOT-FOR-US: HCL CVE-2023-28007 RESERVED CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that is no lo ...) NOT-FOR-US: HCL CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...) NOT-FOR-US: Trend Micro CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...) - froxlor (bug #581792) CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db() access ...) NOT-FOR-US: Rapid7 CVE-2023-1305 (An authenticated attacker can leverage an exposed \u201cbox\u201d obje ...) NOT-FOR-US: Rapid7 CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr() method via ...) NOT-FOR-US: Rapid7 CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...) NOT-FOR-US: UCMS CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester CVE-2023-1301 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...) NOT-FOR-US: SourceCodester CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...) - nomad (Vulnerable code not present; Introduced in 1.5.0) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 CVE-2023-1298 (ServiceNow has released upgrades and patches that address a Reflected ...) NOT-FOR-US: ServiceNow CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability exists ...) NOT-FOR-US: Schneider CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...) NOT-FOR-US: Schneider CVE-2023-28002 (An improper validation of integrity check value vulnerability [CWE-354 ...) NOT-FOR-US: FortiGuard CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 ...) NOT-FOR-US: Fortinet CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2023-27998 (A lack of custom error pages vulnerability [CWE-756] in FortiPresence ...) NOT-FOR-US: FortiGuard CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...) NOT-FOR-US: FortiGuard CVE-2023-27996 RESERVED CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...) NOT-FOR-US: FortiGuard CVE-2023-27994 RESERVED CVE-2023-27993 (A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 ...) NOT-FOR-US: FortiGuard CVE-2023-27992 (The pre-authentication command injection vulnerability in the Zyxel NA ...) NOT-FOR-US: Zyxel CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...) NOT-FOR-US: Zyxel CVE-2023-27990 (The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmw ...) NOT-FOR-US: Zyxel CVE-2023-27989 (A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 ...) NOT-FOR-US: Zyxel CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...) NOT-FOR-US: Zyxel CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...) NOT-FOR-US: Apache Linkis CVE-2023-1297 (Consul and Consul Enterprise's cluster peering implementation containe ...) - consul (Vulnerable code not present) CVE-2023-1296 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correct ...) - nomad (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 CVE-2023-1295 (A time-of-check to time-of-use issue exists in io_uring subsystem's IO ...) - linux 5.14.6-1 [bullseye] - linux 5.10.162-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9eac1904d3364254d622bf2c771c4f85cd435fc2 (5.12-rc1) CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker Manager Syste ...) NOT-FOR-US: SourceCodester File Tracker Manager System CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1292 (A vulnerability has been found in SourceCodester Sales Tracker Managem ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-1291 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-1290 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...) {DSA-5628-1 DLA-3737-1} - imagemagick 8:6.9.12.98+dfsg1-2 NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 (7.1.1-0) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368 (6.9.12-78) CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA Live Co ...) NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE a ...) NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1285 (Signal Handler Race Condition vulnerability in Mitsubishi Electric Ind ...) NOT-FOR-US: Mitsubishi Electric CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...) NOT-FOR-US: Schneider Electric CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider Electric CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider Electric CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...) NOT-FOR-US: Schneider Electric CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider Electric CVE-2023-27976 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...) NOT-FOR-US: Schneider CVE-2023-27975 (CWE-522: Insufficiently Protected Credentials vulnerability exists tha ...) NOT-FOR-US: Schneider Electric CVE-2023-27974 (Bitwarden through 2023.2.1 offers password auto-fill when the second-l ...) NOT-FOR-US: Bitwarden CVE-2023-27973 (Certain HP LaserJet Pro print products are potentially vulnerable to H ...) NOT-FOR-US: HP CVE-2023-27972 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) NOT-FOR-US: HP CVE-2023-27971 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) NOT-FOR-US: HP CVE-2023-1284 RESERVED CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0.) NOT-FOR-US: qwik CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard W ...) NOT-FOR-US: WordPress plugin CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2 NOTE: https://git.kernel.org/linus/ee059170b1f7e94e55fa6cadee544e176a6e59c2 (6.2) NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3 CVE-2023-1280 RESERVED CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: IBOS CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...) NOT-FOR-US: kylin-system-updater CVE-2018-25081 (Bitwarden through 2023.2.1 offers password auto-fill within a cross-do ...) NOT-FOR-US: Bitwarden CVE-2017-20182 (A vulnerability was found in Mobile Vikings Django AJAX Utilities up t ...) NOT-FOR-US: Mobile Vikings Django AJAX Utilities CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin up to 1. ...) NOT-FOR-US: Ad Blocking Detector Plugin CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...) NOT-FOR-US: MMDeveloper CVE-2023-27970 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2023-27969 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-27968 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-27967 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2023-27964 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-27961 (Multiple validation issues were addressed with improved input sanitiza ...) NOT-FOR-US: Apple CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-27959 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27958 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27957 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-27956 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27955 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-27954 (The issue was addressed by removing origin information. This issue is ...) {DSA-5397-1 DSA-5396-1 DLA-3419-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-27953 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27952 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-27950 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27947 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2023-27943 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-27939 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2023-27935 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-27934 (A memory initialization issue was addressed. This issue is fixed in ma ...) NOT-FOR-US: Apple CVE-2023-27933 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-27932 (This issue was addressed with improved state management. This issue is ...) {DSA-5397-1 DSA-5396-1 DLA-3419-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-27930 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-1276 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SUL1SS_shop CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Phone Shop Sales Managements System CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) NOT-FOR-US: WordPress plugin CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...) NOT-FOR-US: WordPress plugin CVE-2023-1272 RESERVED CVE-2023-1271 REJECTED CVE-2023-1270 (Cross-site Scripting in GitHub repository btcpayserver/btcpayserver pr ...) NOT-FOR-US: btcpayserver CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...) NOT-FOR-US: alextselegidis easyappointments CVE-2023-1268 RESERVED CVE-2023-1267 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ulkem Company PtteM Kart CVE-2023-27986 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to E ...) - emacs 1:28.2+1-13 (bug #1032538) [bullseye] - emacs (Vulnerable code not present, introduced in 28.1) [buster] - emacs (Vulnerable code not present, introduced in 28.1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2 NOTE: Introduced by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c (emacs-28.0.90) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc CVE-2023-27985 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to s ...) - emacs 1:28.2+1-13 (bug #1032538) [bullseye] - emacs (Vulnerable code not present, introduced in 28.1) [buster] - emacs (Vulnerable code not present, introduced in 28.1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2 NOTE: Introduced by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c (emacs-28.0.90) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467 NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60204 CVE-2023-XXXX [RUSTSEC-2023-0018] - rust-remove-dir-all 0.8.2-1 [bookworm] - rust-remove-dir-all (Minor issue) [bullseye] - rust-remove-dir-all (Minor issue) [buster] - rust-remove-dir-all (Minor issue, no in-place fix: old API deprecated + new API introduced) NOTE: https://github.com/advisories/GHSA-mc8h-8q98-g5hr NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0018.html CVE-2023-27915 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-27914 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-27913 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-27912 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) NOT-FOR-US: Autodesk CVE-2023-27911 (A user may be tricked into opening a malicious FBX file that may explo ...) NOT-FOR-US: Autodesk CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that may explo ...) NOT-FOR-US: Autodesk CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk\xae FBX\xae SDK versi ...) NOT-FOR-US: Autodesk CVE-2023-27908 (A maliciously crafted DLL file can be forced to write beyond allocated ...) NOT-FOR-US: Autodesk CVE-2023-27907 (A malicious actor may convince a victim to open a malicious USD file t ...) NOT-FOR-US: Autodesk CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD file t ...) NOT-FOR-US: Autodesk CVE-2023-27884 RESERVED CVE-2023-27879 (Improper access control in firmware for some Intel(R) Optane(TM) SSD p ...) NOT-FOR-US: Intel CVE-2023-27519 (Improper input validation in firmware for some Intel(R) Optane(TM) SSD ...) NOT-FOR-US: Intel CVE-2023-27502 (Insertion of sensitive information into log file for some Intel(R) Loc ...) NOT-FOR-US: Intel CVE-2023-27306 (Improper Initialization in firmware for some Intel(R) Optane(TM) SSD p ...) NOT-FOR-US: Intel CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Gr ...) NOT-FOR-US: Intel CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...) NOT-FOR-US: Intel CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in firmware ...) NOT-FOR-US: Intel CVE-2023-24587 (Insufficient control flow management in firmware for some Intel(R) Opt ...) NOT-FOR-US: Intel CVE-2023-22434 RESERVED CVE-2023-1266 RESERVED CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...) - vim 2:9.0.1658-1 (unimportant) NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 NOTE: https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6 (v9.0.1392) NOTE: Crash in CLI tool, no security impact CVE-2023-1263 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-1262 (Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router ...) NOT-FOR-US: WI-SUN CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earli ...) NOT-FOR-US: WI-SUN CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) NOT-FOR-US: OpenShift CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) - jenkins CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) - jenkins CVE-2023-27903 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...) - jenkins CVE-2023-27902 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary dir ...) - jenkins CVE-2023-27901 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...) - jenkins CVE-2023-27900 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...) - jenkins CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...) - jenkins CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.37 ...) - jenkins CVE-2023-27897 (In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is auth ...) NOT-FOR-US: SAP CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - version 420, 4 ...) NOT-FOR-US: SAP CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the screen to be ...) NOT-FOR-US: SAP CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web Services) - ve ...) NOT-FOR-US: SAP CVE-2023-27893 (An attacker authenticated as a user with a non-administrative role and ...) NOT-FOR-US: SAP CVE-2023-1258 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: ABB Flow-X firmware CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...) NOT-FOR-US: Moxa UC Series devices CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...) NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for 64 bit ...) - openssl 3.0.9-1 (bug #1034720) [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb NOTE: https://www.openssl.org/news/secadv/20230420.txt CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Patient ...) NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2023-1253 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2023-1252 (A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File S ...) - linux 5.15.3-3 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1) CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Akinsoft Wolvox CVE-2023-1250 (Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-1249 (A use-after-free flaw was found in the Linux kernel\u2019s core dump s ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1) CVE-2023-1248 (Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Action ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2023-1247 REJECTED CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to information dis ...) NOT-FOR-US: Total Upkeep plugin for WordPress CVE-2022-4931 (The BackupWordPress plugin for WordPress is vulnerable to information ...) NOT-FOR-US: BackupWordPress plugin for WordPress CVE-2021-4333 (The WP Statistics plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: WP Statistics plugin for WordPress CVE-2021-4332 (The Plus Addons for Elementor plugin for WordPress is vulnerable to ar ...) NOT-FOR-US: Plus Addons for Elementor plugin for WordPress CVE-2021-4331 (The Plus Addons for Elementor plugin for WordPress is vulnerable to pr ...) NOT-FOR-US: Plus Addons for Elementor plugin for WordPress CVE-2021-4330 (The Envato Elements & Download and Template Kit \u2013 Import plugins ...) NOT-FOR-US: WordPress plugin CVE-2020-36670 (The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disc ...) NOT-FOR-US: NEX-Forms. plugin for WordPress CVE-2020-36669 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress CVE-2020-36668 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress CVE-2020-36667 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress CVE-2023-27892 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...) NOT-FOR-US: rami.io CVE-2023-27890 (The Export User plugin through 2.0 for MyBB allows XSS during the proc ...) NOT-FOR-US: MyBB CVE-2023-27878 RESERVED CVE-2023-27877 (IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects t ...) NOT-FOR-US: IBM CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE ...) NOT-FOR-US: IBM CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...) NOT-FOR-US: IBM CVE-2023-27874 (IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity inject ...) NOT-FOR-US: IBM CVE-2023-27873 (IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to ...) NOT-FOR-US: IBM CVE-2023-27872 RESERVED CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensit ...) NOT-FOR-US: IBM CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances, could disclo ...) NOT-FOR-US: IBM CVE-2023-27869 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) NOT-FOR-US: IBM CVE-2023-27868 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) NOT-FOR-US: IBM CVE-2023-27867 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) NOT-FOR-US: IBM CVE-2023-27866 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code e ...) NOT-FOR-US: IBM CVE-2023-27865 RESERVED CVE-2023-27864 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML ...) NOT-FOR-US: IBM CVE-2023-27863 (IBM Spectrum Protect Plus Server 10.1.13, under specific configuration ...) NOT-FOR-US: IBM CVE-2023-27862 RESERVED CVE-2023-27861 (IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transm ...) NOT-FOR-US: IBM CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensiti ...) NOT-FOR-US: IBM CVE-2023-27859 (IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbi ...) NOT-FOR-US: IBM CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...) NOT-FOR-US: Rockwell Automation CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...) NOT-FOR-US: Rockwell CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...) NOT-FOR-US: Rockwell CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...) NOT-FOR-US: Rockwell CVE-2023-27854 (An arbitrary code execution vulnerability was reported to Rockwell Aut ...) NOT-FOR-US: Rockwell Automation CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) NOT-FOR-US: OpenHarmony CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) {DSA-5413-1 DLA-3406-1} - sniproxy 0.6.0-2.1 (bug #1033752) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1) CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior vers ...) NOT-FOR-US: OpenHarmony CVE-2023-1246 (Files or Directories Accessible to External Parties vulnerability in S ...) NOT-FOR-US: Saysis Starcities CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1243 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1242 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1241 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1240 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1239 (Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/ ...) NOT-FOR-US: Answer CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-1236 (Inappropriate implementation in Internals in Google Chrome prior to 11 ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1235 (Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 all ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1234 (Inappropriate implementation in Intents in Google Chrome on Android pr ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1233 (Insufficient policy enforcement in Resource Timing in Google Chrome pr ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1232 (Insufficient policy enforcement in Resource Timing in Google Chrome pr ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1231 (Inappropriate implementation in Autofill in Google Chrome on Android p ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1230 (Inappropriate implementation in WebApp Installs in Google Chrome on An ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1229 (Inappropriate implementation in Permission prompts in Google Chrome pr ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1228 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1227 (Use after free in Core in Google Chrome on Lacros prior to 111.0.5563. ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1226 (Insufficient policy enforcement in Web Payments API in Google Chrome p ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1225 (Insufficient policy enforcement in Navigation in Google Chrome on iOS ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1224 (Insufficient policy enforcement in Web Payments API in Google Chrome p ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1223 (Insufficient policy enforcement in Autofill in Google Chrome on Androi ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1222 (Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0. ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1221 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1220 (Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 al ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1219 (Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.6 ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1218 (Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allow ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1217 (Stack buffer overflow in Crash reporting in Google Chrome on Windows p ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1216 (Use after free in DevTools in Google Chrome prior to 111.0.5563.64 all ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1215 (Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1214 (Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1213 (Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 ...) {DSA-5371-1} - chromium 111.0.5563.64-1 [buster] - chromium (see DSA 5046) CVE-2023-1212 (Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpip ...) - phpipam (bug #731713) CVE-2023-1211 (SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.) - phpipam (bug #731713) CVE-2023-1210 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records ...) NOT-FOR-US: ServiceNow CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary dat ...) NOT-FOR-US: WordPress plugin CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...) NOT-FOR-US: WordPress plugin CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...) {DSA-5492-1 DSA-5480-1 DLA-3710-1 DLA-3623-1} - linux 6.4.11-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903 NOTE: https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4) CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format s ...) NOT-FOR-US: NETGEAR CVE-2023-27852 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer o ...) NOT-FOR-US: NETGEAR CVE-2023-27851 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sha ...) NOT-FOR-US: NETGEAR CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sha ...) NOT-FOR-US: NETGEAR CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...) NOT-FOR-US: NETGEAR CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...) NOT-FOR-US: Devolutions CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...) NOT-FOR-US: Devolutions CVE-2023-1201 (Improper access control in the secure messages feature in Devolutions ...) NOT-FOR-US: Devolutions CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as prob ...) NOT-FOR-US: ehuacui bbs CVE-2023-1199 RESERVED CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Saysis Starcities CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...) NOT-FOR-US: UVdesk CVE-2023-1196 (The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x be ...) NOT-FOR-US: WordPress plugin CVE-2023-1195 (A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in ...) - linux 6.1.4-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/153695d36ead0ccc4d0256953c751cabf673e621 (6.1-rc3) CVE-2023-1194 (An out-of-bounds (OOB) memory read flaw was found in parse_lease_state ...) - linux 6.3.11-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154176 CVE-2023-1193 (A use-after-free flaw was found in setup_async_work in the KSMBD imple ...) - linux 6.3.7-1 [bookworm] - linux 6.1.76-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154177 NOTE: https://git.kernel.org/linus/3a9b557f44ea8f216aab515a7db20e23f0eb51b9 (6.3-rc6) CVE-2023-1192 (A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS ...) - linux 6.5.6-1 [bookworm] - linux 6.1.64-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154178 CVE-2023-1191 (A vulnerability classified as problematic has been found in fastcms. T ...) NOT-FOR-US: fastcms CVE-2023-1190 (A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has b ...) NOT-FOR-US: xiaozhuai imageinfo CVE-2023-1189 (A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. ...) NOT-FOR-US: WiseCleaner Wise Folder Hider CVE-2023-1188 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...) NOT-FOR-US: FabulaTech Webcam for Remote Desktop CVE-2023-1187 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...) NOT-FOR-US: FabulaTech Webcam for Remote Desktop CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote Desktop ...) NOT-FOR-US: FabulaTech Webcam for Remote Desktop CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...) NOT-FOR-US: ECshop CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5, final-user-wp-fronten ...) NOT-FOR-US: WordPress plugin CVE-2023-XXXX [Transaction cache overrides the current user] - tryton-server 6.0.29-1 [bullseye] - tryton-server (Vulnerable code not present) [buster] - tryton-server (Vulnerable code not present) NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/12108 NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7 NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0 (trytond-6.0.29) CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote code ex ...) NOT-FOR-US: rails-routes-to-json CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code execut ...) NOT-FOR-US: broccoli-compass CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...) NOT-FOR-US: PrestaShop CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and ...) NOT-FOR-US: PrestaShop module CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...) NOT-FOR-US: PrestaShop CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...) NOT-FOR-US: PrestaShop CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 a ...) NOT-FOR-US: PrestaShop CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...) - extplorer CVE-2023-27841 RESERVED CVE-2023-27840 RESERVED CVE-2023-27839 RESERVED CVE-2023-27838 RESERVED CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) NOT-FOR-US: TP-Link CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) NOT-FOR-US: TP-Link CVE-2023-27835 RESERVED CVE-2023-27834 RESERVED CVE-2023-27833 RESERVED CVE-2023-27832 RESERVED CVE-2023-27831 RESERVED CVE-2023-27830 (TightVNC before v2.8.75 allows attackers to escalate privileges on the ...) - tightvnc (Windows-specific) NOTE: https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce CVE-2023-27829 RESERVED CVE-2023-27828 RESERVED CVE-2023-27827 RESERVED CVE-2023-27826 (SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW ...) NOT-FOR-US: TightVNC CVE-2023-27825 RESERVED CVE-2023-27824 RESERVED CVE-2023-27823 (An authentication bypass in Optoma 1080PSTX C02 allows an attacker to ...) NOT-FOR-US: Optoma 1080PSTX C02 CVE-2023-27822 RESERVED CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...) NOT-FOR-US: Databasir CVE-2023-27820 RESERVED CVE-2023-27819 RESERVED CVE-2023-27818 RESERVED CVE-2023-27817 RESERVED CVE-2023-27816 RESERVED CVE-2023-27815 RESERVED CVE-2023-27814 RESERVED CVE-2023-27813 RESERVED CVE-2023-27812 (bloofox v0.5.2 was discovered to contain an arbitrary file deletion vu ...) NOT-FOR-US: bloofox CVE-2023-27811 RESERVED CVE-2023-27810 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27809 RESERVED CVE-2023-27808 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27807 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27806 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27805 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27804 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27803 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27802 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27801 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) NOT-FOR-US: H3C Magic R100 CVE-2023-27800 RESERVED CVE-2023-27799 RESERVED CVE-2023-27798 RESERVED CVE-2023-27797 RESERVED CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...) NOT-FOR-US: RG-EW1200G PRO Wireless Routers CVE-2023-27795 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local a ...) NOT-FOR-US: IXP Data Easy Install CVE-2023-27794 RESERVED CVE-2023-27793 (An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows loca ...) NOT-FOR-US: IXP Data Easy Install CVE-2023-27792 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attack ...) NOT-FOR-US: IXP Data Easy Install CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...) NOT-FOR-US: IXP Data Easy Install CVE-2023-27790 RESERVED CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/784 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27788 (An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/786 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27787 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/788 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27786 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/782 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27785 (An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker t ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/785 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27784 (An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/787 NOTE: https://github.com/appneta/tcpreplay/pull/783 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27783 (An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacke ...) - tcpreplay 4.4.4-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/780 NOTE: https://github.com/appneta/tcpreplay/pull/781 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/91009a551c2c59fe9079e217437bacbfd50e5450 (v4.4.4) NOTE: Crash in CLI tool, no security impact CVE-2023-27782 RESERVED CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in the opti ...) - jpegoptim (unimportant) NOTE: https://github.com/tjko/jpegoptim/issues/132 NOTE: https://github.com/tjko/jpegoptim/commit/29a073ad297a0954f5e865264e24755d0ffe53ed NOTE: Crash in CLI tool, no security impact CVE-2023-27780 RESERVED CVE-2023-27779 (AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: AM Presencia CVE-2023-27778 RESERVED CVE-2023-27777 (Cross-site scripting (XSS) vulnerability was discovered in Online Jewe ...) NOT-FOR-US: Online Jewelry Shop CVE-2023-27776 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=c ...) NOT-FOR-US: Online Jewelry Shop CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...) NOT-FOR-US: LiveAction LiveSP CVE-2023-27774 RESERVED CVE-2023-27773 RESERVED CVE-2023-27772 (libiec61850 v1.5.1 was discovered to contain a segmentation violation ...) NOT-FOR-US: libIEC61850 CVE-2023-27771 (An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1. ...) NOT-FOR-US: Wondershare CVE-2023-27770 (An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 al ...) NOT-FOR-US: Wondershare CVE-2023-27769 (An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 al ...) NOT-FOR-US: Wondershare CVE-2023-27768 (An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 all ...) NOT-FOR-US: Wondershare CVE-2023-27767 (An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allo ...) NOT-FOR-US: Wondershare CVE-2023-27766 (An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows ...) NOT-FOR-US: Wondershare CVE-2023-27765 (An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 al ...) NOT-FOR-US: Wondershare CVE-2023-27764 (An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allo ...) NOT-FOR-US: Wondershare CVE-2023-27763 (An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 a ...) NOT-FOR-US: Wondershare CVE-2023-27762 (An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 ...) NOT-FOR-US: Wondershare CVE-2023-27761 (An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0. ...) NOT-FOR-US: Wondershare CVE-2023-27760 (An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allo ...) NOT-FOR-US: Wondershare CVE-2023-27759 (An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 al ...) NOT-FOR-US: Wondershare CVE-2023-27758 RESERVED CVE-2023-27757 (An arbitrary file upload vulnerability in the /admin/user/uploadImg co ...) NOT-FOR-US: PerfreeBlog CVE-2023-27756 RESERVED CVE-2023-27755 (go-bbs v1 was discovered to contain an arbitrary file download vulnera ...) NOT-FOR-US: go-bbs CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow ca ...) NOT-FOR-US: vox2mesh CVE-2023-27753 RESERVED CVE-2023-27752 REJECTED CVE-2023-27751 REJECTED CVE-2023-27750 RESERVED CVE-2023-27749 RESERVED CVE-2023-27748 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity ...) NOT-FOR-US: BlackVue DR750-2CH LTE CVE-2023-27747 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticati ...) NOT-FOR-US: BlackVue DR750-2CH LTE CVE-2023-27746 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a ...) NOT-FOR-US: BlackVue DR750-2CH LTE CVE-2023-27745 (An issue in South River Technologies TitanFTP Before v2.0.1.2102 allow ...) NOT-FOR-US: South River Technologies# CVE-2023-27744 (An issue was discovered in South River Technologies TitanFTP NextGen s ...) NOT-FOR-US: South River Technologies# CVE-2023-27743 RESERVED CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: IDURAR CVE-2023-27741 RESERVED CVE-2023-27740 RESERVED CVE-2023-27739 (easyXDM 2.5 allows XSS via the xdm_e parameter.) NOT-FOR-US: easyXDM CVE-2023-27738 RESERVED CVE-2023-27737 RESERVED CVE-2023-27736 RESERVED CVE-2023-27735 RESERVED CVE-2023-27734 (An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker ...) NOT-FOR-US: Eteran edb-debugger CVE-2023-27733 (DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: DedeCMS CVE-2023-27732 RESERVED CVE-2023-27731 RESERVED CVE-2023-27730 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Nginx NJS CVE-2023-27729 (Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the ...) NOT-FOR-US: Nginx NJS CVE-2023-27728 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Nginx NJS CVE-2023-27727 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Nginx NJS CVE-2023-27726 RESERVED CVE-2023-27725 RESERVED CVE-2023-27724 RESERVED CVE-2023-27723 RESERVED CVE-2023-27722 RESERVED CVE-2023-27721 RESERVED CVE-2023-27720 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) NOT-FOR-US: D-Link CVE-2023-27719 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) NOT-FOR-US: D-Link CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) NOT-FOR-US: D-Link CVE-2023-27717 RESERVED CVE-2023-27716 (An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows att ...) NOT-FOR-US: freakchicken kafkaUI-lite CVE-2023-27715 RESERVED CVE-2023-27714 RESERVED CVE-2023-27713 RESERVED CVE-2023-27712 RESERVED CVE-2023-27711 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) NOT-FOR-US: Typecho CVE-2023-27710 RESERVED CVE-2023-27709 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...) NOT-FOR-US: DedeCMS CVE-2023-27708 RESERVED CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...) NOT-FOR-US: DedeCMS CVE-2023-27706 (Bitwarden Windows desktop application versions prior to v2023.4.0 stor ...) NOT-FOR-US: Bitwarden CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...) NOT-FOR-US: APNG Optimizer CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...) NOT-FOR-US: Void Tools CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...) NOT-FOR-US: pikpak CVE-2023-27702 RESERVED CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) NOT-FOR-US: MuYuCMS CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) NOT-FOR-US: MuYuCMS CVE-2023-27699 RESERVED CVE-2023-27698 RESERVED CVE-2023-27697 RESERVED CVE-2023-27696 RESERVED CVE-2023-27695 RESERVED CVE-2023-27694 RESERVED CVE-2023-27693 RESERVED CVE-2023-27692 RESERVED CVE-2023-27691 RESERVED CVE-2023-27690 RESERVED CVE-2023-27689 RESERVED CVE-2023-27688 RESERVED CVE-2023-27687 RESERVED CVE-2023-27686 RESERVED CVE-2023-27685 RESERVED CVE-2023-27684 RESERVED CVE-2023-27683 RESERVED CVE-2023-27682 RESERVED CVE-2023-27681 RESERVED CVE-2023-27680 RESERVED CVE-2023-27679 RESERVED CVE-2023-27678 RESERVED CVE-2023-27677 RESERVED CVE-2023-27676 RESERVED CVE-2023-27675 RESERVED CVE-2023-27674 RESERVED CVE-2023-27673 RESERVED CVE-2023-27672 RESERVED CVE-2023-27671 RESERVED CVE-2023-27670 RESERVED CVE-2023-27669 RESERVED CVE-2023-27668 RESERVED CVE-2023-27667 (Auto Dealer Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Auto Dealer Management System CVE-2023-27666 (Auto Dealer Management System v1.0 was discovered to contain a cross-s ...) NOT-FOR-US: Auto Dealer Management System CVE-2023-27665 RESERVED CVE-2023-27664 RESERVED CVE-2023-27663 RESERVED CVE-2023-27662 RESERVED CVE-2023-27661 RESERVED CVE-2023-27660 RESERVED CVE-2023-27659 RESERVED CVE-2023-27658 RESERVED CVE-2023-27657 RESERVED CVE-2023-27656 RESERVED CVE-2023-27655 REJECTED CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) NOT-FOR-US: WHO CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) NOT-FOR-US: WHO CVE-2023-27652 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...) NOT-FOR-US: Ego Studio SuperClean CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...) NOT-FOR-US: Ego Studio SuperClean CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...) NOT-FOR-US: APUS Group Launcher CVE-2023-27649 (SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0. ...) NOT-FOR-US: Free Music CVE-2023-27648 (Directory Traversal vulnerability found in T-ME Studios Change Color o ...) NOT-FOR-US: T-ME Studios Change Color of Keypad CVE-2023-27647 (An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacke ...) NOT-FOR-US: DUALSPACE Lock Master CVE-2023-27646 RESERVED CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...) NOT-FOR-US: POWERAMP audioplayer CVE-2023-27644 RESERVED CVE-2023-27643 (An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows ...) NOT-FOR-US: POWERAMP CVE-2023-27642 RESERVED CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...) NOT-FOR-US: L-Soft CVE-2023-27640 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) NOT-FOR-US: tshirtecommerce CVE-2023-27639 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) NOT-FOR-US: tshirtecommerce CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) NOT-FOR-US: tshirtecommerce CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) NOT-FOR-US: tshirtecommerce CVE-2023-27636 RESERVED CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ECshop CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an ...) {DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1} - hsqldb 2.7.2-1 - hsqldb1.8.0 1.8.0.10+dfsg-12 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/ NOTE: https://gerrit.libreoffice.org/c/core/+/146905 NOTE: https://sourceforge.net/p/hsqldb/svn/6639/ CVE-2023-1182 RESERVED CVE-2022-48364 (The undo_mark_statuses_as_sensitive method in app/services/approve_app ...) - mastodon (bug #859741) CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...) - debian-goodies (bug #1031267) [bookworm] - debian-goodies (Minor issue; user prompted before execution) [bullseye] - debian-goodies (Minor issue; user prompted before execution) [buster] - debian-goodies (Minor issue; user prompted before execution) CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...) NOT-FOR-US: icret/easyimages2.0 CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...) NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It ...) NOT-FOR-US: Email Registration CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...) NOT-FOR-US: Shingo Intrepidity CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customif ...) NOT-FOR-US: WordPress plugin CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Praye ...) NOT-FOR-US: WordPress plugin CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...) NOT-FOR-US: WordPress plugin CVE-2023-27626 RESERVED CVE-2023-27625 RESERVED CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-27623 (Cross-Site Request Forgery (CSRF) vulnerability in Jens T\xf6rnell WP ...) NOT-FOR-US: WordPress plugin CVE-2023-27622 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel ...) NOT-FOR-US: WordPress plugin CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDe ...) NOT-FOR-US: WordPress plugin CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress theme CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGI ...) NOT-FOR-US: WordPress plugin CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) NOT-FOR-US: WordPress plugin CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...) NOT-FOR-US: WordPress plugin CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP ...) NOT-FOR-US: WordPress plugin CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...) NOT-FOR-US: WordPress plugin CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...) NOT-FOR-US: WordPress plugin CVE-2023-27612 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27611 (Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable B ...) NOT-FOR-US: WordPress plugin CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...) NOT-FOR-US: TransbankDevelopers Transbank Webpay CVE-2023-27609 RESERVED CVE-2023-27608 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...) NOT-FOR-US: WordPress plugin CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...) NOT-FOR-US: WordPress plugin CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...) NOT-FOR-US: WordPress plugin CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 15.10.8+ds1-2 CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a ...) NOT-FOR-US: Apache Airflow Sqoop Provider CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...) NOT-FOR-US: Apache Linkis CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploadsfiles withou ...) NOT-FOR-US: Apache Linkis CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) NOT-FOR-US: mlflow CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) NOT-FOR-US: mlflow CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...) {DLA-3453-1} - vim 2:9.0.1378-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378) CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...) NOT-FOR-US: nuxsmin sysPass CVE-2017-20181 (A vulnerability classified as critical was found in hgzojer Vocable Tr ...) NOT-FOR-US: hgzojer Vocable Trainer CVE-2017-20180 (A vulnerability classified as critical has been found in Zerocoin libz ...) NOT-FOR-US: Zerocoin libzerocoin CVE-2015-10095 (A vulnerability classified as problematic has been found in woo-popup ...) NOT-FOR-US: WordPress plugin CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It ...) NOT-FOR-US: WordPress plugin CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 o ...) NOT-FOR-US: Mark User as Spammer Plugin CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on Wo ...) NOT-FOR-US: Qtranslate Slug Plugin CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt ...) NOT-FOR-US: bywater-koha-xslt CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPre ...) NOT-FOR-US: WordPress plugin CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...) NOT-FOR-US: WordPress plugin CVE-2023-27601 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27600 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27599 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27598 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27597 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27596 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) NOT-FOR-US: OpenSIPS CVE-2023-27595 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-27594 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-27593 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2023-27592 (Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically ...) NOT-FOR-US: Miniflux CVE-2023-27591 (Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated ...) NOT-FOR-US: Miniflux CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...) - minio (bug #859207) CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or REST A ...) NOT-FOR-US: Hasura CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...) NOT-FOR-US: ReadtoMyShoe CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...) {DSA-5382-1} - cairosvg 2.5.2-1.1 (bug #1033295) [buster] - cairosvg (Minor issue; fix would require backporting entire --unsafe mechanism) NOTE: https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 (2.7.0) NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3) CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5438-1 DLA-3549-1 DLA-3394-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697) - pjproject - ring 20230922.0~ds1-1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 NOTE: https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5 CVE-2023-27584 RESERVED CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...) NOT-FOR-US: PanIndex CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...) NOT-FOR-US: maddy CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of GitHub e ...) NOT-FOR-US: github-slug-action CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...) - codeigniter (bug #471583) CVE-2023-27579 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All supported ver ...) NOT-FOR-US: Galaxy CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...) NOT-FOR-US: Flarum CVE-2023-27576 (An issue was discovered in phpList before 3.6.14. Due to an access err ...) - phplist (bug #612288) CVE-2023-27575 RESERVED CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...) NOT-FOR-US: ShadowsocksX-NG CVE-2023-27573 RESERVED CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...) NOT-FOR-US: CommScope Arris DG3450 CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...) NOT-FOR-US: DG3450 Cable Gateway CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...) NOT-FOR-US: PrestaShop CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...) NOT-FOR-US: PrestaShop CVE-2023-27568 (SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for ...) NOT-FOR-US: inSpryker Commerce OS CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...) NOT-FOR-US: OpenBSD CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write ...) NOT-FOR-US: Live2D Cubism Editor CVE-2023-27565 RESERVED CVE-2023-27564 (The n8n package 0.218.0 for Node.js allows Information Disclosure.) NOT-FOR-US: n8n Node module CVE-2023-27563 (The n8n package 0.218.0 for Node.js allows Escalation of Privileges.) NOT-FOR-US: n8n Node module CVE-2023-27562 (The n8n package 0.218.0 for Node.js allows Directory Traversal.) NOT-FOR-US: n8n Node module CVE-2023-27528 RESERVED CVE-2023-27392 (Incorrect default permissions in the Intel(R) Support android applicat ...) NOT-FOR-US: Intel CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...) NOT-FOR-US: Intel CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming Wizard softw ...) NOT-FOR-US: Intel CVE-2023-26586 (Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Kill ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-25951 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...) - firmware-nonfree (bug #1064229) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...) NOT-FOR-US: Intel CVE-2023-25174 (Improper access control in some Intel(R) Chipset Driver Software befor ...) NOT-FOR-US: Intel CVE-2023-24596 RESERVED CVE-2023-22437 RESERVED CVE-2023-1174 (This vulnerability exposes a network port in minikube running on macOS ...) NOT-FOR-US: minikube CVE-2023-1173 REJECTED CVE-2023-1172 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: Bookly plugin for WordPress CVE-2023-1171 RESERVED CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376) NOTE: Crash in CLI tool, no security impact CVE-2023-1169 (The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...) NOT-FOR-US: flame.js CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the ...) NOT-FOR-US: HPE CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from 12.3.0 ...) - gitlab (Specific to EE) CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...) NOT-FOR-US: icplayer CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...) NOT-FOR-US: icplayer CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...) NOT-FOR-US: NEOSDiscovery CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...) NOT-FOR-US: json-logic-js CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...) - ayttm NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046 NOTE: https://sourceforge.net/p/ayttm/mailman/message/34397158/ CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on ...) NOT-FOR-US: WordPress plugin CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPr ...) NOT-FOR-US: WordPress plugin CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It has b ...) NOT-FOR-US: iGamingModules flashgames CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...) NOT-FOR-US: cfire24 ajaxlife CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loo ...) - php-phpseclib3 3.0.19-1 (bug #1032371) NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0) NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440 (3.0.19) CVE-2023-27559 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2023-27558 (IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privile ...) NOT-FOR-US: IBM CVE-2023-27557 (IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1 ...) NOT-FOR-US: IBM CVE-2023-27556 (IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6. ...) NOT-FOR-US: IBM CVE-2023-27555 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2023-27554 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...) NOT-FOR-US: IBM CVE-2023-27553 RESERVED CVE-2023-27552 RESERVED CVE-2023-27551 RESERVED CVE-2023-27550 RESERVED CVE-2023-27549 RESERVED CVE-2023-27548 RESERVED CVE-2023-27547 RESERVED CVE-2023-27546 RESERVED CVE-2023-27545 (IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 ...) NOT-FOR-US: IBM CVE-2023-27544 RESERVED CVE-2023-27543 RESERVED CVE-2023-27542 RESERVED CVE-2023-27541 RESERVED CVE-2023-27540 (IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources ...) NOT-FOR-US: IBM CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been ...) NOT-FOR-US: Zhong Bang CRMEB Java CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation on KylinOS and ...) NOT-FOR-US: KylinSoft CVE-2023-1163 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in Dray ...) NOT-FOR-US: DrayTek Vigor 2960 CVE-2023-1162 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: DrayTek Vigor 2960 CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...) {DSA-5429-1 DLA-3402-1} [experimental] - wireshark 4.0.5-1~exp1 - wireshark 4.0.6-1 (bug #1033756) [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839 NOTE: Only affects ISO 15765 dissector in bullseye and older, NOTE: ISO 10681 support was added in 3.6 CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-1159 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: Bookly plugin for WordPress CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...) NOT-FOR-US: Finixbit elf-parser CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Health Center Patient Record Management System CVE-2021-4328 (A vulnerability has been found in \u72ee\u5b50\u9c7cCMS and classified ...) NOT-FOR-US: 狮子鱼CMS CVE-2020-36665 (A vulnerability was found in Artes\xe3os SEOTools up to 0.17.1 and cla ...) NOT-FOR-US: artesaos SEOTools CVE-2020-36664 (A vulnerability has been found in Artes\xe3os SEOTools up to 0.17.1 an ...) NOT-FOR-US: artesaos SEOTools CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...) NOT-FOR-US: artesaos SEOTools CVE-2023-27539 RESERVED {DSA-5530-1 DLA-3392-1} - ruby-rack 2.2.6.4-1 (bug #1033264) NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1) NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4) NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl prior to v8.0 ...) {DLA-3398-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27538.html NOTE: Fixed by: https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb (curl-8_0_0) CVE-2023-27537 (A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS ...) - curl 7.88.1-7 [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2023-27537.html NOTE: Introduced by: https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a (curl-7_88_0) NOTE: Fixed by: https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b (curl-8_0_0) CVE-2023-27536 (An authentication bypass vulnerability exists libcurl <8.0.0 in the co ...) {DLA-3398-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27536.html NOTE: Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0) NOTE: Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0) CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 in the ...) {DLA-3398-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27535.html NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0) NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0) CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...) {DLA-3763-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27534.html NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0) NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0) NOTE: Regression fix: https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325 (curl-8_1_0) CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0 during communi ...) {DLA-3398-1} - curl 7.88.1-7 [bullseye] - curl 7.74.0-1.3+deb11u8 NOTE: https://curl.se/docs/CVE-2023-27533.html NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2) NOTE: Fixed by: https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684 (curl-8_0_0) CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows encrypted ...) NOT-FOR-US: Veeam CVE-2023-27531 RESERVED NOT-FOR-US: Kredis JSON ruby gem NOTE: https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467 CVE-2023-27530 (A DoS vulnerability exists in Rack (bug #987544) CVE-2023-27495 (@fastify/csrf-protection is a plugin which helps protect Fastify serve ...) NOT-FOR-US: @fastify/csrf-protection CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...) NOT-FOR-US: Streamlit CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-27492 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-27491 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...) NOT-FOR-US: NextAuth.js CVE-2023-27489 (Kiwi TCMS is an open source test management system for both manual and ...) NOT-FOR-US: Kiwi TCMS CVE-2023-27488 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-27487 (Envoy is an open source edge and service proxy designed for cloud-nati ...) - envoyproxy (bug #987544) CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...) NOT-FOR-US: xCAT CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...) NOT-FOR-US: thmmniii/fbs-core CVE-2023-27484 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...) NOT-FOR-US: crossplane-runtime CVE-2023-27483 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...) NOT-FOR-US: crossplane-runtime CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...) - homeassistant (bug #839786) CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-27479 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools ...) - libmemcached 1.1.4-1 (bug #1032479) [bullseye] - libmemcached (Vulnerable code introduced later) [buster] - libmemcached (Vulnerable code introduced later) NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1) NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4) CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...) NOT-FOR-US: wasmtime CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...) {DSA-5426-1 DLA-3470-1} [experimental] - owslib 0.28.1-1~exp1 - owslib 0.27.2-3 (bug #1034182) NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 (0.29.0) NOTE: https://github.com/geopython/OWSLib/commit/b0c687544ddc213d8dcd4a056139b63451938b21 (0.28.1) NOTE: https://github.com/geopython/OWSLib/security/advisories/GHSA-8h9c-r582-mggc NOTE: https://securitylab.github.com/advisories/GHSL-2022-131_OWSLib/ CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...) NOT-FOR-US: Goutil CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-27473 RESERVED CVE-2023-27472 (quickentity-editor-next is an open source, system local, video game as ...) NOT-FOR-US: quickentity-editor-next CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 ...) NOT-FOR-US: N-able Take Control Agent CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...) NOT-FOR-US: Malwarebytes Anti-Exploit CVE-2023-27468 RESERVED CVE-2023-27467 RESERVED CVE-2023-27466 RESERVED CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All versions >= ...) NOT-FOR-US: Siemens CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...) NOT-FOR-US: Siemens CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: RUGGEDCOM CROSSBOW CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: RUGGEDCOM CROSSBOW CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...) NOT-FOR-US: WordPress plugin CVE-2023-27460 RESERVED CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...) NOT-FOR-US: WordPress plugin CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...) NOT-FOR-US: WordPress plugin CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...) NOT-FOR-US: WordPress plugin CVE-2023-27456 RESERVED CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...) NOT-FOR-US: WordPress plugin CVE-2023-27454 RESERVED CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...) NOT-FOR-US: WordPress plugin CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Inst ...) NOT-FOR-US: WordPress plugin CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...) NOT-FOR-US: WordPress plugin CVE-2023-27449 RESERVED CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...) NOT-FOR-US: WordPress plugin CVE-2023-27447 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) NOT-FOR-US: WordPress plugin CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...) NOT-FOR-US: WordPress plugin CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / Per ...) NOT-FOR-US: WordPress plugin CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social ...) NOT-FOR-US: WordPress plugin CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...) NOT-FOR-US: WordPress plugin CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability in OnThe ...) NOT-FOR-US: WordPress plugin CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...) NOT-FOR-US: WordPress plugin CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...) NOT-FOR-US: WordPress plugin CVE-2023-27437 RESERVED CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Eleg ...) NOT-FOR-US: WordPress plugin CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...) NOT-FOR-US: WordPress plugin CVE-2023-27434 (Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Edit ...) NOT-FOR-US: WordPress plugin CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Mak ...) NOT-FOR-US: WordPress plugin CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...) NOT-FOR-US: WordPress plugin CVE-2023-27431 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store ...) NOT-FOR-US: WordPress theme CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...) NOT-FOR-US: WordPress plugin CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-27428 RESERVED CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...) NOT-FOR-US: WordPress plugin CVE-2023-27426 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noti ...) NOT-FOR-US: WordPress plugin CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...) NOT-FOR-US: WordPress plugin CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shr ...) NOT-FOR-US: WordPress plugin CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-27422 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...) NOT-FOR-US: WordPress plugin CVE-2023-27421 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-27418 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Me ...) NOT-FOR-US: WordPress plugin CVE-2023-27417 (Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliat ...) NOT-FOR-US: WordPress plugin CVE-2023-27416 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deco ...) NOT-FOR-US: WordPress plugin CVE-2023-27415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) NOT-FOR-US: WordPress plugin CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...) NOT-FOR-US: WordPress plugin CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-27412 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-27411 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) NOT-FOR-US: Siemens CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) NOT-FOR-US: Siemens CVE-2023-27408 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) NOT-FOR-US: Siemens CVE-2023-27407 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) NOT-FOR-US: Siemens CVE-2023-27406 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27405 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27404 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27403 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27402 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27401 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27400 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27399 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...) NOT-FOR-US: Intel CVE-2023-27307 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2023-27303 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-26596 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-26592 (Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH ...) NOT-FOR-US: Intel CVE-2023-26591 (Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers fo ...) NOT-FOR-US: Intel CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...) NOT-FOR-US: Intel CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...) NOT-FOR-US: Intel CVE-2023-24463 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...) NOT-FOR-US: Intel CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...) NOT-FOR-US: WordPress plugin CVE-2023-1128 RESERVED CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.) - vim 2:9.0.1378-1 (unimportant) [bullseye] - vim (Vulnerable code not present) [buster] - vim (Vulnerable code not present) NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb NOTE: Introduced by: https://github.com/vim/vim/commit/8cf3459878198c5bb4a96f3c63214b2 (v9.0.0701) NOTE: Fixed by: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367) NOTE: Crash in CLI tool, no security impact CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-1125 (The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that ...) NOT-FOR-US: WordPress plugin CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does ...) NOT-FOR-US: WordPress plugin CVE-2023-1123 RESERVED CVE-2023-1122 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-1119 (The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17 NOTE: https://www.openwall.com/lists/oss-security/2023/03/02/1 CVE-2023-1117 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1114 (Missing Authorization vulnerability in Eskom e-Belediye allows Informa ...) NOT-FOR-US: Eskom Bilgisayar e-Belediye CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...) NOT-FOR-US: SourceCodester Simple Payroll System CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...) NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form CVE-2023-1111 RESERVED CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-5328-1} - chromium 109.0.5414.119-1 [buster] - chromium (see DSA 5046) CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as critical ...) NOT-FOR-US: SerenityOS CVE-2023-27381 RESERVED CVE-2023-27377 (Missing authentication in the StudentPopupDetails_EmergencyContactDeta ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27376 (Missing authentication in the StudentPopupDetails_StudentDetails ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27375 (Missing authentication in the StudentPopupDetails_ContactDetails ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27374 RESERVED CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2023-27308 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2023-27302 RESERVED CVE-2023-27301 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-27300 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2023-27299 RESERVED CVE-2023-27297 RESERVED CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...) NOT-FOR-US: Honeywell CVE-2023-26585 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-25948 (Server information leak of configuration data when an error is generat ...) NOT-FOR-US: Honeywell CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...) NOT-FOR-US: Honeywell CVE-2023-25178 (Controller may be loaded with malicious firmware which could enable re ...) NOT-FOR-US: Honeywell CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...) NOT-FOR-US: Honeywell CVE-2023-24589 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...) NOT-FOR-US: Honeywell CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...) NOT-FOR-US: Honeywell CVE-2023-23905 RESERVED CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the handling ...) NOT-FOR-US: Honeywell CVE-2023-22658 RESERVED CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow when hand ...) NOT-FOR-US: Honeywell CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated restric ...) NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service CVE-2023-1108 (A flaw was found in undertow. This issue makes achieving a denial of s ...) [experimental] - undertow 2.3.8-1 - undertow 2.3.8-2 (bug #1033253) NOTE: https://issues.redhat.com/browse/UNDERTOW-2239 NOTE: https://github.com/undertow-io/undertow/pull/1453 CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) NOT-FOR-US: flatpressblog CVE-2023-1106 (Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressb ...) NOT-FOR-US: flatpressblog CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...) NOT-FOR-US: flatpressblog CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) NOT-FOR-US: flatpressblog CVE-2023-1103 REJECTED CVE-2023-1102 RESERVED CVE-2023-1101 (SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerab ...) NOT-FOR-US: SonicOS SSLVPN CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Catering Reservation System CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management ...) NOT-FOR-US: SourceCodester Online Student Management System CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...) {DLA-3374-1} - libmicrohttpd 0.9.75-6 [bullseye] - libmicrohttpd (Minor issue) NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76) NOTE: https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html CVE-2023-27370 (NETGEAR RAX30 Device Configuration Cleartext Storage Information Discl ...) NOT-FOR-US: Netgear CVE-2023-27369 (NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication ...) NOT-FOR-US: Netgear CVE-2023-27368 (NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication ...) NOT-FOR-US: Netgear CVE-2023-27367 (NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulne ...) NOT-FOR-US: Netgear CVE-2023-27366 (Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27365 (Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27364 (Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27363 (Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Ex ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27362 (3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. ...) NOT-FOR-US: 3CX CVE-2023-27361 (NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote ...) NOT-FOR-US: Netgear CVE-2023-27360 (NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerab ...) NOT-FOR-US: Netgear CVE-2023-27359 (TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. Th ...) NOT-FOR-US: TP-Link CVE-2023-27358 (NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnera ...) NOT-FOR-US: Netgear CVE-2023-27357 (NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vu ...) NOT-FOR-US: Netgear CVE-2023-27356 (NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerab ...) NOT-FOR-US: Netgear CVE-2023-27355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Sonos One Speaker CVE-2023-27354 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Sonos One Speaker CVE-2023-27353 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Sonos One Speaker CVE-2023-27352 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Sonos One Speaker CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: PaperCut CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: PaperCut CVE-2023-27349 (BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Co ...) - bluez 5.68-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-386/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 (5.67) CVE-2023-27348 (PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Executi ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27347 (G DATA Total Security Link Following Local Privilege Escalation Vulner ...) NOT-FOR-US: G DATA Total Security CVE-2023-27346 (TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Cod ...) NOT-FOR-US: TP-Link CVE-2023-27345 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27344 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27343 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27342 (PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remo ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27341 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27340 (PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27339 (PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Ex ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27338 (PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclos ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27337 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Exe ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-27336 (Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference D ...) NOT-FOR-US: Softing CVE-2023-27335 (Softing edgeAggregator Client Cross-Site Scripting Remote Code Executi ...) NOT-FOR-US: Softing CVE-2023-27334 (Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Den ...) NOT-FOR-US: Softing CVE-2023-27333 (TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflo ...) NOT-FOR-US: TP-Link CVE-2023-27332 (TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remo ...) NOT-FOR-US: TP-Link CVE-2023-27331 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27330 (Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution V ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27329 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit PDF Reader CVE-2023-27328 (Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vu ...) NOT-FOR-US: Parallels Desktop CVE-2023-27327 (Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege E ...) NOT-FOR-US: Parallels Desktop CVE-2023-27326 (Parallels Desktop Toolgate Directory Traversal Local Privilege Escalat ...) NOT-FOR-US: Parallels Desktop CVE-2023-27325 (Parallels Desktop Updater Improper Initialization Local Privilege Esca ...) NOT-FOR-US: Parallels Desktop CVE-2023-27324 (Parallels Desktop Updater Improper Initialization Local Privilege Esca ...) NOT-FOR-US: Parallels Desktop CVE-2023-27323 (Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Es ...) NOT-FOR-US: Parallels Desktop CVE-2023-27322 (Parallels Desktop Service Improper Initialization Local Privilege Esca ...) NOT-FOR-US: Parallels Desktop CVE-2023-27321 (OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion D ...) NOT-FOR-US: OPC Foundation UA .NET CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...) - sudo 1.9.13p3-1 (bug #1032163) [bullseye] - sudo (Vulnerable code not present) [buster] - sudo (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/28/1 NOTE: https://www.sudo.ws/security/advisories/double_free/ NOTE: https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9 CVE-2023-27319 (ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerabili ...) NOT-FOR-US: NetApp CVE-2023-27318 (StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 1 ...) NOT-FOR-US: StorageGRID CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...) NOT-FOR-US: ONTAP CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerabilit ...) NOT-FOR-US: NetApp CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability ...) NOT-FOR-US: NetApp CVE-2023-27314 (ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12 ...) NOT-FOR-US: NetApp CVE-2023-27313 (SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vul ...) NOT-FOR-US: NetApp CVE-2023-27312 (SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are su ...) NOT-FOR-US: NetApp CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose information v ...) NOT-FOR-US: NetApp Blue XP Connector CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-27309 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) NOT-FOR-US: Siemens CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...) NOT-FOR-US: pg_ivm CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...) NOT-FOR-US: pg_ivm CVE-2023-1098 (An information disclosure vulnerability has been discovered in GitLab ...) - gitlab 15.10.8+ds1-2 CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are v ...) NOT-FOR-US: Baicells EG7035-M11 devices CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susc ...) NOT-FOR-US: SnapCenter (NetAPP) CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...) - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1) CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...) NOT-FOR-US: WordPress plugin CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Alpata Licensed Warehousing Automation System CVE-2023-1090 (The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-1085 RESERVED CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2023-1083 (An unauthenticated remote attacker who is aware of aMQTT topic name c ...) NOT-FOR-US: Welotec CVE-2023-1082 (An remote attacker with low privileges can perform a command injection ...) NOT-FOR-US: Welotec CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...) NOT-FOR-US: OpenCATS CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...) NOT-FOR-US: OpenCATS CVE-2023-27293 (Improper neutralization of input during web page generation allows an ...) NOT-FOR-US: OpenCATS CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template injection ...) NOT-FOR-US: OpenCATS CVE-2023-26594 RESERVED CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2023-25769 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH ...) NOT-FOR-US: Intel CVE-2023-25079 RESERVED CVE-2023-24481 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-24462 RESERVED CVE-2023-24017 RESERVED CVE-2023-24013 RESERVED CVE-2023-22848 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-22390 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: Microweber CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: GN Publisher plugin for WordPress CVE-2023-27291 (IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not en ...) NOT-FOR-US: IBM CVE-2023-27290 (Docker based datastores for IBM Instana (IBM Observability with Instan ...) NOT-FOR-US: IBM CVE-2023-27289 RESERVED CVE-2023-27288 RESERVED CVE-2023-27287 RESERVED CVE-2023-27286 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to ...) NOT-FOR-US: IBM CVE-2023-27285 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2023-27284 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to ...) NOT-FOR-US: IBM CVE-2023-27283 (IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumera ...) NOT-FOR-US: IBM CVE-2023-27282 RESERVED CVE-2023-27281 RESERVED CVE-2023-27280 RESERVED CVE-2023-27279 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a de ...) NOT-FOR-US: IBM CVE-2023-27278 RESERVED CVE-2023-27277 RESERVED CVE-2023-27276 RESERVED CVE-2023-27275 RESERVED CVE-2023-27274 RESERVED CVE-2023-27273 RESERVED CVE-2023-27272 RESERVED CVE-2023-27271 (InSAP BusinessObjects Business Intelligence Platform (Web Services) - ...) NOT-FOR-US: SAP CVE-2023-27270 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) NOT-FOR-US: SAP CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) NOT-FOR-US: SAP CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does ...) NOT-FOR-US: SAP CVE-2023-27267 (Due to missing authentication andinsufficient input validation,the OSC ...) NOT-FOR-US: SAP CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...) - mattermost-server (bug #823556) CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...) - mattermost-server (bug #823556) CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermost allo ...) - mattermost-server (bug #823556) CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...) - mattermost-server (bug #823556) CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4 CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.12-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...) {DLA-3710-1 DLA-3404-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97 NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7 CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.11-1 NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5) NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5) CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...) {DLA-3404-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5 CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectl ...) - linux 6.1.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6 CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1 CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s human in ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3 CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions from 15. ...) - gitlab 15.10.8+ds1-2 CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...) - teampass (bug #730180) CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...) NOT-FOR-US: WordPress plugin CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...) NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-1066 RESERVED CVE-2023-1065 (This vulnerability in the Snyk Kubernetes Monitor can result in irrele ...) NOT-FOR-US: Snyk Kubernetes Monitor CVE-2023-1064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Uzay Baskul Weighbridge Automation CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors Appointment S ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1062 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1061 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1060 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: YKM YKM CRM CVE-2023-1059 (A vulnerability classified as critical was found in SourceCodester Doc ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1058 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1057 (A vulnerability was found in SourceCodester Doctors Appointment System ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment System ...) NOT-FOR-US: SourceCodester Doctors Appointment System CVE-2023-1055 (A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP t ...) - 389-ds-base 2.3.4+dfsg1-1 (bug #1034891) [bookworm] - 389-ds-base (Minor issue) [bullseye] - 389-ds-base (Minor issue) [buster] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2173517 NOTE: https://github.com/389ds/389-ds-base/commit/8483d60de374be78ce3dd423ac7ad7a3cdc5eaca (389-ds-base-2.3.3) NOTE: https://github.com/389ds/389-ds-base/commit/2038989d477d6281463668c91f72649fde880145 (389-ds-base-2.2.8) NOTE: https://github.com/389ds/389-ds-base/commit/92f9d3b9d06c1729e536948c638761c9fa7c962a (389-ds-base-1.4.3.35) CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 1.0 and ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-1052 RESERVED CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Web Report System CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Web Report System CVE-2023-1049 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Schneider CVE-2023-XXXX [RUSTSEC-2023-0015] - rust-ascii 0.9.3-1 [bullseye] - rust-ascii (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0015.html NOTE: https://github.com/tomprogrammer/rust-ascii/commit/dc7e07397ce362487162cb86f92c0bec4645d867 (v0.9.3) NOTE: https://github.com/tomprogrammer/rust-ascii/issues/64 CVE-2023-27262 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27261 (Missing authentication in the DeleteAssignments method in IDAt ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27260 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27259 (Missing authentication in the GetAssignmentsDue method in IDAtten ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27258 (Missing authentication in the GetStudentGroupStudents method in ID ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27257 (Missing authentication in the GetActiveToiletPasses method in IDAtt ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27256 (Missing authentication in the GetLogFiles method in IDAttend\u2019s ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27255 (Unauthenticated SQL injection in the DeleteRoomChanges method in ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27254 (Unauthenticated SQL injection in the GetRoomChanges method in IDA ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-27253 (A command injection vulnerability in the function restore_rrddata() of ...) NOT-FOR-US: pfSense CVE-2023-27252 RESERVED CVE-2023-27251 RESERVED CVE-2023-27250 (Online Book Store Project v1.0 is vulnerable to SQL Injection via /boo ...) NOT-FOR-US: Online Book Store Project CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow in the ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/197 NOTE: Crash in CLI tool, no security implications CVE-2023-27248 RESERVED CVE-2023-27247 (Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rig ...) NOT-FOR-US: Cynet Client Agent CVE-2023-27246 (An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth ...) NOT-FOR-US: Virtual Disk of MK-Auth CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project ...) NOT-FOR-US: File Management Project CVE-2023-27244 RESERVED CVE-2023-27243 (An access control issue in Makves DCAP v3.0.0.122 allows unauthenticat ...) NOT-FOR-US: Makves DCAP CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to contain a c ...) NOT-FOR-US: SourceCodester Water Billing System CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injection v ...) NOT-FOR-US: Tenda CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-27238 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache pois ...) NOT-FOR-US: LavaLite CMS CVE-2023-27237 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header ...) NOT-FOR-US: LavaLite CMS CVE-2023-27236 RESERVED CVE-2023-27235 (An arbitrary file upload vulnerability in the \admin\c\CommonControlle ...) NOT-FOR-US: Jizhicms CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2. ...) NOT-FOR-US: Jizhicms CVE-2023-27233 (Piwigo before 13.6.0 was discovered to contain a SQL injection vulnera ...) - piwigo CVE-2023-27232 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-27231 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-27230 RESERVED CVE-2023-27229 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-27228 RESERVED CVE-2023-27227 RESERVED CVE-2023-27226 RESERVED CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User Registration & Logi ...) NOT-FOR-US: Admin Panel v3 CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...) NOT-FOR-US: NginxProxyManager CVE-2023-27223 RESERVED CVE-2023-27222 RESERVED CVE-2023-27221 RESERVED CVE-2023-27220 RESERVED CVE-2023-27219 RESERVED CVE-2023-27218 RESERVED CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName() function of ...) NOT-FOR-US: Belkin CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...) NOT-FOR-US: D-Link CVE-2023-27215 RESERVED CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...) NOT-FOR-US: Online Student Management System CVE-2023-27213 (Online Student Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Student Management System CVE-2023-27212 (A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of ...) NOT-FOR-US: Online Pizza Ordering System CVE-2023-27211 (A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Onl ...) NOT-FOR-US: Online Pizza Ordering System CVE-2023-27210 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Online Pizza Ordering System CVE-2023-27209 RESERVED CVE-2023-27208 (A cross-site scripting (XSS) vulnerability in /php-opos/login.php of O ...) NOT-FOR-US: Online Pizza Ordering System CVE-2023-27207 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Online Pizza Ordering System CVE-2023-27206 (A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of B ...) NOT-FOR-US: Best POS Management System CVE-2023-27205 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Best POS Management System CVE-2023-27204 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Best POS Management System CVE-2023-27203 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Best POS Management System CVE-2023-27202 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Best POS Management System CVE-2023-27201 RESERVED CVE-2023-27200 RESERVED CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows atta ...) NOT-FOR-US: PAX CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...) NOT-FOR-US: PAX CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...) NOT-FOR-US: PAX CVE-2023-27196 RESERVED CVE-2023-27195 RESERVED CVE-2023-27194 RESERVED CVE-2023-27193 (An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain pr ...) NOT-FOR-US: DUALSPACE CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) NOT-FOR-US: DUALSPACE Super Secuirty CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) NOT-FOR-US: DUALSPACE Super Secuirty CVE-2023-27190 RESERVED CVE-2023-27189 RESERVED CVE-2023-27188 RESERVED CVE-2023-27187 RESERVED CVE-2023-27186 RESERVED CVE-2023-27185 RESERVED CVE-2023-27184 RESERVED CVE-2023-27183 RESERVED CVE-2023-27182 RESERVED CVE-2023-27181 RESERVED CVE-2023-27180 (GDidees CMS v3.9.1 was discovered to contain a source code disclosure ...) NOT-FOR-US: GDidees CMS CVE-2023-27179 (GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary fi ...) NOT-FOR-US: GDidees CMS CVE-2023-27178 (An arbitrary file upload vulnerability in the upload function of GDide ...) NOT-FOR-US: GDidees CMS CVE-2023-27177 RESERVED CVE-2023-27176 RESERVED CVE-2023-27175 RESERVED CVE-2023-27174 RESERVED CVE-2023-27173 RESERVED CVE-2023-27172 (Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT t ...) NOT-FOR-US: Xpand IT Write-back manager CVE-2023-27171 REJECTED CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...) NOT-FOR-US: Xpand IT Write-back manager CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...) NOT-FOR-US: Xpand IT Write-back manager CVE-2023-27168 (An arbitrary file upload vulnerability in Xpand IT Write-back Manager ...) NOT-FOR-US: Xpand IT Write-back Manager CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...) NOT-FOR-US: Suprema BioStar CVE-2023-27166 RESERVED CVE-2023-27165 RESERVED CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...) NOT-FOR-US: Halo CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...) NOT-FOR-US: request-baskets CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...) NOT-FOR-US: openapi-generator CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...) - jellyfin (bug #994189) CVE-2023-27160 (forem up to v2022.11.11 was discovered to contain a Server-Side Reques ...) NOT-FOR-US: forem CVE-2023-27159 (Appwrite up to v1.2.1 was discovered to contain a Server-Side Request ...) NOT-FOR-US: Appwrite CVE-2023-27158 RESERVED CVE-2023-27157 RESERVED CVE-2023-27156 RESERVED CVE-2023-27155 RESERVED CVE-2023-27154 RESERVED CVE-2023-27153 RESERVED CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authentication, a ...) NOT-FOR-US: DECISO OPNsense CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...) NOT-FOR-US: openCRX CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: openCRX CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...) NOT-FOR-US: Enhancesoft osTicket CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...) NOT-FOR-US: Enhancesoft osTicket CVE-2023-27147 RESERVED CVE-2023-27146 RESERVED CVE-2023-27145 RESERVED CVE-2023-27144 RESERVED CVE-2023-27143 RESERVED CVE-2023-27142 RESERVED CVE-2023-27141 RESERVED CVE-2023-27140 RESERVED CVE-2023-27139 RESERVED CVE-2023-27138 RESERVED CVE-2023-27137 RESERVED CVE-2023-27136 RESERVED CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-27134 RESERVED CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .h ...) NOT-FOR-US: TSplus Remote Work CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pa ...) NOT-FOR-US: TSplus Remote Work CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) NOT-FOR-US: Typecho CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) NOT-FOR-US: Typecho CVE-2023-27129 RESERVED CVE-2023-27128 RESERVED CVE-2023-27127 RESERVED CVE-2023-27126 (The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on fi ...) NOT-FOR-US: TP-Link CVE-2023-27125 RESERVED CVE-2023-27124 RESERVED CVE-2023-27123 RESERVED CVE-2023-27122 RESERVED CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component /framework ...) NOT-FOR-US: Pleasant Solutions Pleasant Password Server CVE-2023-27120 RESERVED CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...) - wabt (unimportant; bug #1032669) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/WebAssembly/wabt/issues/1990 CVE-2023-27118 RESERVED CVE-2023-27117 (WebAssembly v1.0.29 was discovered to contain a heap overflow via the ...) - wabt (unimportant; bug #1032669) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/WebAssembly/wabt/issues/1989 CVE-2023-27116 (WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleT ...) - wabt 1.0.33-1 (unimportant; bug #1032669) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/WebAssembly/wabt/issues/1984 NOTE: https://github.com/WebAssembly/wabt/pull/2119 NOTE: https://github.com/WebAssembly/wabt/commit/8a7b7497bdf78f9099f8d5a3a2c9bde87ddd52da CVE-2023-27115 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...) - wabt (unimportant; bug #1032669) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/WebAssembly/wabt/issues/1938 NOTE: https://github.com/WebAssembly/wabt/issues/1992 CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault via the ...) - radare2 5.9.0+dfsg-1 (bug #1032667) NOTE: https://github.com/radareorg/radare2/issues/21363 NOTE: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509 CVE-2023-27113 RESERVED CVE-2023-27112 RESERVED CVE-2023-27111 RESERVED CVE-2023-27110 RESERVED CVE-2023-27109 RESERVED CVE-2023-27108 (An issue was discovered in KaiOS 3.0. The pre-installed Communications ...) NOT-FOR-US: KaiOS CVE-2023-27107 (Incorrect access control in the runReport function of MyQ Solution Pri ...) NOT-FOR-US: MyQ Solution CVE-2023-27106 RESERVED CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...) NOT-FOR-US: Shanling CVE-2023-27104 RESERVED CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...) {DLA-3676-1} - libde265 1.0.12-1 (bug #1033257) [bookworm] - libde265 1.0.11-1+deb12u1 [bullseye] - libde265 1.0.11-0+deb11u2 NOTE: https://github.com/strukturag/libde265/issues/394 NOTE: https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995 (v1.0.12) CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...) {DLA-3676-1} - libde265 1.0.12-1 (bug #1033257) [bookworm] - libde265 1.0.11-1+deb12u1 [bullseye] - libde265 1.0.11-0+deb11u2 NOTE: https://github.com/strukturag/libde265/issues/393 NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1 (v1.0.12) CVE-2023-27101 RESERVED CVE-2023-27100 (Improper restriction of excessive authentication attempts in the SSHGu ...) NOT-FOR-US: Netgate pfSense Plus CVE-2023-27099 RESERVED CVE-2023-27098 (TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access ...) NOT-FOR-US: TP-Link CVE-2023-27097 RESERVED CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) NOT-FOR-US: Hippo4j CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) NOT-FOR-US: Hippo4j CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...) NOT-FOR-US: Hippo4j CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...) NOT-FOR-US: My-Blog CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows attackers ...) NOT-FOR-US: Jbootfly CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...) NOT-FOR-US: XiaoBingby TeaCMS CVE-2023-27090 (Cross Site Scripting vulnerability found in TeaCMS storage allows atta ...) NOT-FOR-US: TeaCMS CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...) NOT-FOR-US: Ehuacui CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...) NOT-FOR-US: feiqu-opensource Background Vertical CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...) NOT-FOR-US: Xuxueli CVE-2023-27086 RESERVED CVE-2023-27085 RESERVED CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allo ...) NOT-FOR-US: Dreamer CMS CVE-2023-27083 (An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-d ...) NOT-FOR-US: Pluck CMS CVE-2023-27082 (Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4. ...) NOT-FOR-US: Pluck CMS CVE-2023-27081 RESERVED CVE-2023-27080 RESERVED CVE-2023-27079 (Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an ...) NOT-FOR-US: Tenda CVE-2023-27078 (A command injection issue was found in TP-Link MR3020 v.1_150921 that ...) NOT-FOR-US: TP-Link CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote attacke ...) NOT-FOR-US: 360 D901 CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...) NOT-FOR-US: Tenda CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component microbin/s ...) NOT-FOR-US: Microbin CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: BP Monitoring Management System CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...) NOT-FOR-US: Online Food Ordering System CVE-2023-27072 RESERVED CVE-2023-27071 RESERVED CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...) NOT-FOR-US: TotalJS OpenPlatform CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...) NOT-FOR-US: TotalJS OpenPlatform CVE-2023-27068 (Deserialization of Untrusted Data in Sitecore Experience Platform thro ...) NOT-FOR-US: Sitecore CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...) NOT-FOR-US: Sitecore CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...) NOT-FOR-US: Sitecore CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...) NOT-FOR-US: Tenda CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2023-27060 (LightCMS v1.3.7 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: LightCMS CVE-2023-27059 (A cross-site scripting (XSS) vulnerability in the Edit Group function ...) NOT-FOR-US: ChurchCRM CVE-2023-27058 RESERVED CVE-2023-27057 RESERVED CVE-2023-27056 RESERVED CVE-2023-27055 (Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access s ...) NOT-FOR-US: Aver Information Inc PTZApp2 CVE-2023-27054 (A cross-site scripting (XSS) vulnerability in MiroTalk P2P before comm ...) NOT-FOR-US: MiroTalk CVE-2023-27053 RESERVED CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...) NOT-FOR-US: E-Commerce System CVE-2023-27051 RESERVED CVE-2023-27050 RESERVED CVE-2023-27049 RESERVED CVE-2023-27048 RESERVED CVE-2023-27047 RESERVED CVE-2023-27046 RESERVED CVE-2023-27045 RESERVED CVE-2023-27044 RESERVED CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-mail ad ...) - python3.12 (bug #1059299) - python3.11 (bug #1059298) [bookworm] - python3.11 (Minor issue, wait until upstream has decided whether to backport to older branches) - python3.10 - python3.9 [bullseye] - python3.9 (Minor issue, wait until upstream has decided whether to backport to older branches) - python3.7 [buster] - python3.7 (Minor issue, wait until upstream has decided whether to backport to older branches) - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) [buster] - python2.7 (Minor issue, wait until upstream has decided whether to backport to older branches) - pypy3 [bookworm] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) [bullseye] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) [buster] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) NOTE: https://github.com/python/cpython/issues/102988 CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) NOT-FOR-US: Tenda CVE-2023-27041 (School Registration and Fee System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: School Registration and Fee System CVE-2023-27040 (Simple Image Gallery v1.0 was discovered to contain a remote code exec ...) NOT-FOR-US: Simple Image Gallery CVE-2023-27039 RESERVED CVE-2023-27038 RESERVED CVE-2023-27037 (Qibosoft QiboCMS v7 was discovered to contain a remote code execution ...) NOT-FOR-US: Qibosoft QiboCMS CVE-2023-27036 RESERVED CVE-2023-27035 (An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers t ...) NOT-FOR-US: Obsidian Canvas CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vul ...) NOT-FOR-US: PrestaShop CVE-2023-27033 (Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code ...) NOT-FOR-US: Prestashop cdesigner CVE-2023-27032 (Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to c ...) NOT-FOR-US: Prestashop advancedpopupcreator CVE-2023-27031 RESERVED CVE-2023-27030 RESERVED CVE-2023-27029 RESERVED CVE-2023-27028 RESERVED CVE-2023-27027 RESERVED CVE-2023-27026 RESERVED CVE-2023-27025 (An arbitrary file download vulnerability in the background management ...) NOT-FOR-US: RuoYi CVE-2023-27024 RESERVED CVE-2023-27023 RESERVED CVE-2023-27022 RESERVED CVE-2023-27021 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27020 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27019 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27018 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27017 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27016 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27015 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27014 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27013 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27012 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) NOT-FOR-US: Tenda CVE-2023-27011 RESERVED CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...) NOT-FOR-US: Wondershare Dr.Fone CVE-2023-27009 RESERVED CVE-2023-27008 (A Cross-site scripting (XSS) vulnerability in the function encrypt_pas ...) NOT-FOR-US: ATutor CVE-2023-27007 RESERVED CVE-2023-27006 RESERVED CVE-2023-27005 RESERVED CVE-2023-27004 RESERVED CVE-2023-27003 RESERVED CVE-2023-27002 RESERVED CVE-2023-27001 (An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to ...) NOT-FOR-US: Egerie Risk Manager CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...) NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...) NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26998 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...) NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26997 RESERVED CVE-2023-26996 RESERVED CVE-2023-26995 RESERVED CVE-2023-26994 RESERVED CVE-2023-26993 RESERVED CVE-2023-26992 RESERVED CVE-2023-26991 (SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in t ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/196 NOTE: Crash in CLI tool, no security impact CVE-2023-26990 RESERVED CVE-2023-26989 RESERVED CVE-2023-26988 RESERVED CVE-2023-26987 (An issue discovered in Konga 0.14.9 allows remote attackers to manipul ...) NOT-FOR-US: Konga CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...) NOT-FOR-US: China Mobile OA Mailbox PC CVE-2023-26985 RESERVED CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...) NOT-FOR-US: Peppermint CVE-2023-26983 RESERVED CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: Trudesk CVE-2023-26981 RESERVED CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...) NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid CVE-2023-26979 (Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 ...) NOT-FOR-US: Bluetens Electrostimulation Device BluetensQ CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-26977 RESERVED CVE-2023-26976 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2023-26975 RESERVED CVE-2023-26974 (Irfanview v4.62 allows a user-mode write access violation via a crafte ...) NOT-FOR-US: Irfanview CVE-2023-26973 RESERVED CVE-2023-26972 RESERVED CVE-2023-26971 RESERVED CVE-2023-26970 RESERVED CVE-2023-26969 (Atropim 1.5.26 is vulnerable to Directory Traversal.) NOT-FOR-US: Atropim CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyph ...) NOT-FOR-US: Atrocore CVE-2023-26967 RESERVED CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1) CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf (v4.5.1rc1) CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...) - rust-h2 0.3.13-2 (bug #1034723) [bookworm] - rust-h2 (Minor issue) [buster] - rust-h2 (Minor issue) NOTE: https://github.com/hyperium/hyper/issues/2877 NOTE: https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0034.html CVE-2023-26963 RESERVED CVE-2023-26962 RESERVED CVE-2023-26961 (Alteryx Server 2022.1.1.42590 does not employ file type verification f ...) NOT-FOR-US: Alteryx CVE-2023-26960 RESERVED CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL I ...) NOT-FOR-US: Phpgurukul Park Ticketing Management System CVE-2023-26958 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: Phpgurukul Park Ticketing Management System CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete ...) NOT-FOR-US: onekeyadmin CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) NOT-FOR-US: onekeyadmin CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26951 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: onekeyadmin CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...) NOT-FOR-US: onekeyadmin CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) NOT-FOR-US: onekeyadmin CVE-2023-26947 RESERVED CVE-2023-26946 RESERVED CVE-2023-26945 RESERVED CVE-2023-26944 RESERVED CVE-2023-26943 (Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allo ...) NOT-FOR-US: Yale Keyless Lock CVE-2023-26942 (Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allo ...) NOT-FOR-US: Yale IA-210 Alarm CVE-2023-26941 (Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allo ...) NOT-FOR-US: Yale Conexis L1 CVE-2023-26940 RESERVED CVE-2023-26939 RESERVED CVE-2023-26938 REJECTED CVE-2023-26937 REJECTED CVE-2023-26936 REJECTED CVE-2023-26935 REJECTED CVE-2023-26934 REJECTED CVE-2023-26933 RESERVED CVE-2023-26932 RESERVED CVE-2023-26931 REJECTED CVE-2023-26930 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker ...) - xpdf (Debian uses poppler, which is not affected) CVE-2023-26929 RESERVED CVE-2023-26928 RESERVED CVE-2023-26927 RESERVED CVE-2023-26926 RESERVED CVE-2023-26925 (An information disclosure vulnerability exists in the Syslog functiona ...) NOT-FOR-US: D-Link CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...) - llvm-toolchain-14 (unimportant) - llvm-toolchain-15 (unimportant) NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that ...) - musescore (unimportant) [buster] - musescore (vulnerability introduced in 3.0) - musescore2 (vulnerability introduced in 3.0) - musescore3 (unimportant) NOTE: https://github.com/musescore/MuseScore/issues/16346 NOTE: Vulnerability triggered only on Windows codepath CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...) NOT-FOR-US: Varisicte CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...) NOT-FOR-US: quectel CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.) NOT-FOR-US: fast-xml-parser CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...) NOT-FOR-US: delight-nashorn-sandbox CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...) NOT-FOR-US: Diasoft File Replication Pro CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...) - libyang2 2.1.148-0.1 (bug #1034724) [bookworm] - libyang2 (Minor issue) [bullseye] - libyang2 (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1987 NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55) CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...) - libyang2 2.1.148-0.1 (bug #1034154) [bookworm] - libyang2 (Minor issue) [bullseye] - libyang2 (Minor issue) NOTE: https://github.com/CESNET/libyang/issues/1979 NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55) CVE-2023-26915 RESERVED CVE-2023-26914 RESERVED CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross ...) NOT-FOR-US: EVOLUCARE ECSIMAGING CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...) NOT-FOR-US: S-mall-ssm CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contain ...) NOT-FOR-US: Asus CVE-2023-26910 RESERVED CVE-2023-26909 RESERVED CVE-2023-26908 RESERVED CVE-2023-26907 RESERVED CVE-2023-26906 RESERVED CVE-2023-26905 (An issue was discovered in Alphaware - Simple E-Commerce System v1.0. ...) NOT-FOR-US: Alphaware CVE-2023-26904 RESERVED CVE-2023-26903 RESERVED CVE-2023-26902 RESERVED CVE-2023-26901 RESERVED CVE-2023-26900 RESERVED CVE-2023-26899 RESERVED CVE-2023-26898 RESERVED CVE-2023-26897 RESERVED CVE-2023-26896 RESERVED CVE-2023-26895 RESERVED CVE-2023-26894 RESERVED CVE-2023-26893 RESERVED CVE-2023-26892 RESERVED CVE-2023-26891 RESERVED CVE-2023-26890 RESERVED CVE-2023-26889 RESERVED CVE-2023-26888 RESERVED CVE-2023-26887 RESERVED CVE-2023-26886 RESERVED CVE-2023-26885 RESERVED CVE-2023-26884 RESERVED CVE-2023-26883 RESERVED CVE-2023-26882 RESERVED CVE-2023-26881 RESERVED CVE-2023-26880 RESERVED CVE-2023-26879 RESERVED CVE-2023-26878 RESERVED CVE-2023-26877 RESERVED CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and before allows ...) - piwigo CVE-2023-26875 RESERVED CVE-2023-26874 RESERVED CVE-2023-26873 RESERVED CVE-2023-26872 RESERVED CVE-2023-26871 RESERVED CVE-2023-26870 RESERVED CVE-2023-26869 RESERVED CVE-2023-26868 RESERVED CVE-2023-26867 RESERVED CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...) NOT-FOR-US: GreenPacket CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...) NOT-FOR-US: PrestaShop bdroppy CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...) NOT-FOR-US: PrestaShop CVE-2023-26863 REJECTED CVE-2023-26862 RESERVED CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 an ...) NOT-FOR-US: PrestaShop module CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...) NOT-FOR-US: PrestaShop Igbudget CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 an ...) NOT-FOR-US: PrestaShop CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...) NOT-FOR-US: prestashop CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2023-26856 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2023-26855 (The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt v ...) NOT-FOR-US: ChurchCRM CVE-2023-26854 RESERVED CVE-2023-26853 RESERVED CVE-2023-26852 (An arbitrary file upload vulnerability in the upload plugin of Textpat ...) NOT-FOR-US: Textpattern CMS plugin CVE-2023-26851 RESERVED CVE-2023-26850 RESERVED CVE-2023-26849 RESERVED CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-26847 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...) NOT-FOR-US: OpenCATS CVE-2023-26846 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...) NOT-FOR-US: OpenCATS CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers ...) NOT-FOR-US: OpenCATS CVE-2023-26844 RESERVED CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...) NOT-FOR-US: ChurchCRM CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...) NOT-FOR-US: ChurchCRM CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) NOT-FOR-US: ChurchCRM CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) NOT-FOR-US: ChurchCRM CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) NOT-FOR-US: ChurchCRM CVE-2023-26838 RESERVED CVE-2023-26837 RESERVED CVE-2023-26836 RESERVED CVE-2023-26835 RESERVED CVE-2023-26834 RESERVED CVE-2023-26833 RESERVED CVE-2023-26832 RESERVED CVE-2023-26831 RESERVED CVE-2023-26830 (An unrestricted file upload vulnerability in the administrative portal ...) NOT-FOR-US: Gladinet CentreStack CVE-2023-26829 (An authentication bypass vulnerability in the Password Reset component ...) NOT-FOR-US: Gladinet CentreStack CVE-2023-26828 RESERVED CVE-2023-26827 RESERVED CVE-2023-26826 RESERVED CVE-2023-26825 RESERVED CVE-2023-26824 RESERVED CVE-2023-26823 REJECTED CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) NOT-FOR-US: D-Link CVE-2023-26821 RESERVED CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulnerabilit ...) NOT-FOR-US: siteproxy CVE-2023-26819 RESERVED CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, ...) NOT-FOR-US: Telegram on MacOS CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...) NOT-FOR-US: codefever CVE-2023-26816 RESERVED CVE-2023-26815 RESERVED CVE-2023-26814 RESERVED CVE-2023-26813 (SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictiona ...) NOT-FOR-US: wangmarket CMS CVE-2023-26812 REJECTED CVE-2023-26811 RESERVED CVE-2023-26810 RESERVED CVE-2023-26809 RESERVED CVE-2023-26808 RESERVED CVE-2023-26807 RESERVED CVE-2023-26806 (Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulner ...) NOT-FOR-US: Tenda CVE-2023-26805 (Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) ...) NOT-FOR-US: Tenda CVE-2023-26804 RESERVED CVE-2023-26803 RESERVED CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...) NOT-FOR-US: DCN (Digital China Networks) DCBI-Netlog-LAB CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...) NOT-FOR-US: LB-LINK CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...) NOT-FOR-US: Ruijie Networks RG-EW1200 Wireless Routers CVE-2023-26799 RESERVED CVE-2023-26798 RESERVED CVE-2023-26797 RESERVED CVE-2023-26796 RESERVED CVE-2023-26795 RESERVED CVE-2023-26794 RESERVED CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in re ...) - libmodbus [bookworm] - libmodbus (Minor issue) [bullseye] - libmodbus (Minor issue) [buster] - libmodbus (Minor issue, no patch) NOTE: https://github.com/stephane/libmodbus/issues/683 CVE-2023-26792 RESERVED CVE-2023-26791 RESERVED CVE-2023-26790 RESERVED CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...) NOT-FOR-US: Veritas CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header Injection attack ...) NOT-FOR-US: Veritas Appliance CVE-2023-26787 RESERVED CVE-2023-26786 RESERVED CVE-2023-26785 RESERVED CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020 ...) NOT-FOR-US: Kirin CVE-2023-26783 RESERVED CVE-2023-26782 (An issue discovered in mccms 2.6.1 allows remote attackers to cause a ...) NOT-FOR-US: mccms CVE-2023-26781 (SQL injection vulnerability in mccms 2.6 allows remote attackers to ru ...) NOT-FOR-US: mccms CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.) NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which ...) NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-26778 RESERVED CVE-2023-26777 (Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1 ...) NOT-FOR-US: Uptime Kuma CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a ...) NOT-FOR-US: Monitorr CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...) NOT-FOR-US: Monitorr CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...) NOT-FOR-US: Sales Tracker Management System CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Management S ...) NOT-FOR-US: Sales Tracker Management System CVE-2023-26772 RESERVED CVE-2023-26771 RESERVED CVE-2023-26770 RESERVED CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...) - liblouis 3.24.0-2 (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/pull/1300 NOTE: https://github.com/liblouis/liblouis/commit/d45430431f8c75941f863328eb3f7fc09f902b2e (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/6f39e88745e8ec602ccc46042c305a6188f28b0a (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/9f6cec9b63c1d9396fcc32fed77267a2815b648f (v3.25.0) NOTE: Negligible security impact in debugging tool CVE-2023-26768 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - liblouis 3.24.0-2 (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/issues/1301 NOTE: https://github.com/liblouis/liblouis/pull/1302 NOTE: https://github.com/liblouis/liblouis/commit/565ac66ec0c187ffb442226487de3db376702958 (v3.25.0) NOTE: https://github.com/liblouis/liblouis/commit/47822bb418fb77564c159469e3be79989b11aced (v3.25.0) NOTE: Negligible security impact CVE-2023-26767 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) - liblouis 3.24.0-2 (bug #1033202; unimportant) NOTE: https://github.com/liblouis/liblouis/issues/1292 NOTE: https://github.com/liblouis/liblouis/pull/1297 NOTE: https://github.com/liblouis/liblouis/commit/f432de31058b5a94874d47405216d07910c18a9a (v3.25.0) NOTE: Negligible security impact CVE-2023-26766 RESERVED CVE-2023-26765 RESERVED CVE-2023-26764 RESERVED CVE-2023-26763 RESERVED CVE-2023-26762 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary fi ...) NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 CVE-2023-26761 RESERVED CVE-2023-26760 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information ...) NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 CVE-2023-26759 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command i ...) NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file d ...) NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 CVE-2023-26757 RESERVED CVE-2023-26756 (The login page of Revive Adserver v5.4.1 is vulnerable to brute force ...) NOT-FOR-US: Revive Adserver CVE-2023-26755 RESERVED CVE-2023-26754 RESERVED CVE-2023-26753 RESERVED CVE-2023-26752 RESERVED CVE-2023-26751 RESERVED CVE-2023-26750 (SQL injection vulnerability found in Yii Framework Yii 2 Framework bef ...) - yii (bug #597899) CVE-2023-26749 RESERVED CVE-2023-26748 RESERVED CVE-2023-26747 RESERVED CVE-2023-26746 RESERVED CVE-2023-26745 RESERVED CVE-2023-26744 RESERVED CVE-2023-26743 RESERVED CVE-2023-26742 RESERVED CVE-2023-26741 RESERVED CVE-2023-26740 RESERVED CVE-2023-26739 RESERVED CVE-2023-26738 RESERVED CVE-2023-26737 RESERVED CVE-2023-26736 RESERVED CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access control ...) - prometheus-blackbox-exporter (unimportant) NOTE: https://github.com/prometheus/blackbox_exporter/issues/1024 NOTE: https://github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1526944617 NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. CVE-2023-26734 RESERVED CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...) NOT-FOR-US: tinyTIFF CVE-2023-26732 RESERVED CVE-2023-26731 RESERVED CVE-2023-26730 RESERVED CVE-2023-26729 RESERVED CVE-2023-26728 RESERVED CVE-2023-26727 RESERVED CVE-2023-26726 RESERVED CVE-2023-26725 RESERVED CVE-2023-26724 RESERVED CVE-2023-26723 RESERVED CVE-2023-26722 RESERVED CVE-2023-26721 RESERVED CVE-2023-26720 RESERVED CVE-2023-26719 RESERVED CVE-2023-26718 RESERVED CVE-2023-26717 RESERVED CVE-2023-26716 RESERVED CVE-2023-26715 RESERVED CVE-2023-26714 RESERVED CVE-2023-26713 RESERVED CVE-2023-26712 RESERVED CVE-2023-26711 RESERVED CVE-2023-26710 RESERVED CVE-2023-26709 RESERVED CVE-2023-26708 RESERVED CVE-2023-26707 RESERVED CVE-2023-26706 RESERVED CVE-2023-26705 RESERVED CVE-2023-26704 RESERVED CVE-2023-26703 RESERVED CVE-2023-26702 RESERVED CVE-2023-26701 RESERVED CVE-2023-26700 RESERVED CVE-2023-26699 RESERVED CVE-2023-26698 RESERVED CVE-2023-26697 RESERVED CVE-2023-26696 RESERVED CVE-2023-26695 RESERVED CVE-2023-26694 RESERVED CVE-2023-26693 RESERVED CVE-2023-26692 (ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Manage ...) NOT-FOR-US: ZCBS Zijper Collectie Beheer Systeem CVE-2023-26691 RESERVED CVE-2023-26690 RESERVED CVE-2023-26689 RESERVED CVE-2023-26688 RESERVED CVE-2023-26687 RESERVED CVE-2023-26686 RESERVED CVE-2023-26685 RESERVED CVE-2023-26684 RESERVED CVE-2023-26683 RESERVED CVE-2023-26682 RESERVED CVE-2023-26681 RESERVED CVE-2023-26680 RESERVED CVE-2023-26679 RESERVED CVE-2023-26678 RESERVED CVE-2023-26677 RESERVED CVE-2023-26676 RESERVED CVE-2023-26675 RESERVED CVE-2023-26674 RESERVED CVE-2023-26673 RESERVED CVE-2023-26672 RESERVED CVE-2023-26671 RESERVED CVE-2023-26670 RESERVED CVE-2023-26669 RESERVED CVE-2023-26668 RESERVED CVE-2023-26667 RESERVED CVE-2023-26666 RESERVED CVE-2023-26665 RESERVED CVE-2023-26664 RESERVED CVE-2023-26663 RESERVED CVE-2023-26662 RESERVED CVE-2023-26661 RESERVED CVE-2023-26660 RESERVED CVE-2023-26659 RESERVED CVE-2023-26658 RESERVED CVE-2023-26657 RESERVED CVE-2023-26656 RESERVED CVE-2023-26655 RESERVED CVE-2023-26654 RESERVED CVE-2023-26653 RESERVED CVE-2023-26652 RESERVED CVE-2023-26651 RESERVED CVE-2023-26650 RESERVED CVE-2023-26649 RESERVED CVE-2023-26648 RESERVED CVE-2023-26647 RESERVED CVE-2023-26646 RESERVED CVE-2023-26645 RESERVED CVE-2023-26644 RESERVED CVE-2023-26643 RESERVED CVE-2023-26642 RESERVED CVE-2023-26641 RESERVED CVE-2023-26640 RESERVED CVE-2023-26639 RESERVED CVE-2023-26638 RESERVED CVE-2023-26637 RESERVED CVE-2023-26636 RESERVED CVE-2023-26635 RESERVED CVE-2023-26634 RESERVED CVE-2023-26633 RESERVED CVE-2023-26632 RESERVED CVE-2023-26631 RESERVED CVE-2023-26630 RESERVED CVE-2023-26629 RESERVED CVE-2023-26628 RESERVED CVE-2023-26627 RESERVED CVE-2023-26626 RESERVED CVE-2023-26625 RESERVED CVE-2023-26624 RESERVED CVE-2023-26623 RESERVED CVE-2023-26622 RESERVED CVE-2023-26621 RESERVED CVE-2023-26620 RESERVED CVE-2023-26619 RESERVED CVE-2023-26618 RESERVED CVE-2023-26617 RESERVED CVE-2023-26616 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...) NOT-FOR-US: D-Link CVE-2023-26615 (D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerab ...) NOT-FOR-US: D-Link CVE-2023-26614 RESERVED CVE-2023-26613 (An OS command injection vulnerability in D-Link DIR-823G firmware vers ...) NOT-FOR-US: D-Link CVE-2023-26612 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...) NOT-FOR-US: D-Link CVE-2023-26611 RESERVED CVE-2023-26610 RESERVED CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to execute arbit ...) NOT-FOR-US: ABUS TVIP 20000-21150 devices CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection and Respo ...) NOT-FOR-US: SOLDR (System of Orchestration, Lifecycle control, Detection and Response) CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr ...) - linux 4.19.37-1 NOTE: https://lkml.org/lkml/2023/2/21/1353 CVE-2023-26606 (In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs i ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2023/2/20/860 NOTE: NTFS3 driver not enabled in Debian. CVE-2023-26605 (In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_mov ...) - linux 6.0.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2023/2/22/3 NOTE: https://git.kernel.org/linus/4e3c51f4e805291b057d12f5dda5aeb50a538dc4 CVE-2023-26604 (systemd before 247 does not adequately block local privilege escalatio ...) {DLA-3377-1} - systemd 247.1-2 NOTE: https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 NOTE: https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/ CVE-2023-26603 (JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory ...) NOT-FOR-US: JumpCloud Agent CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and other plat ...) NOT-FOR-US: MPD as used by Automotive Grade Linux CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to ex ...) NOT-FOR-US: ASUS ASMB8 iKVM firmware CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer throu ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP thro ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-26599 (XSS vulnerability in TripleSign in Tripleplay Platform releases prior ...) NOT-FOR-US: Tripleplay CVE-2023-26598 RESERVED CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...) NOT-FOR-US: Buffalo network devices CVE-2023-26584 (Unauthenticated SQL injection in the GetStudentInconsistencies met ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26583 (Unauthenticated SQL injection in the GetCurrentPeriod method in IDA ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26582 (Unauthenticated SQL injection in the GetExcursionDetails method in I ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26581 (Unauthenticated SQL injection in the GetVisitors method in IDAttend\u ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26580 (Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb appli ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26579 (Missing authentication in the DeleteStaff method in IDAttend\u2019s ID ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26578 (Arbitrary file upload to web root in the IDAttend\u2019s IDWeb applica ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26577 (Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3 ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26576 (Missing authentication in the SearchStudentsRFID method in IDAttend\ ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26575 (Missing authentication in the SearchStudentsStaff method in IDAttend\ ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26574 (Missing authentication in the SearchStudents method in IDAttend\u2019s ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26573 (Missing authentication in the SetDB method in IDAttend\u2019s IDWeb ap ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26572 (Unauthenticated SQL injection in the GetExcursionList method in IDAtte ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26571 (Missing authentication in the SetStudentNotes method in IDAttend\u201 ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26570 (Missing authentication in the StudentPopupDetails_Timetable method in ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26569 (Unauthenticated SQL injection in the StudentPopupDetails_Timetable met ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents method in ...) NOT-FOR-US: IDAttend's IDWeb application CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...) NOT-FOR-US: Sangoma CVE-2023-26566 (Sangoma FreePBX 1805 through 2203 on Linux contains hardcoded credenti ...) TODO: check CVE-2023-26565 RESERVED CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...) NOT-FOR-US: Syncfusion CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...) NOT-FOR-US: Syncfusion CVE-2023-26562 (In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2 ...) NOT-FOR-US: Zimbra CVE-2023-26561 RESERVED CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...) NOT-FOR-US: CFEngine Enterprise CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author before 25 ...) NOT-FOR-US: Oxygen XML Web Author CVE-2023-26558 RESERVED CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a private ...) NOT-FOR-US: io.finnet tss-lib CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side ...) NOT-FOR-US: io.finnet tss-lib CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...) - ntp [bullseye] - ntp (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver) [buster] - ntp (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver) NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555 CVE-2023-26554 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) - ntp (unimportant) NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554 NOTE: Negligible security impact, affects only ntpq CLI and testsuite CVE-2023-26553 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) - ntp (unimportant) NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553 NOTE: Negligible security impact, affects only ntpq CLI and testsuite CVE-2023-26552 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) - ntp (unimportant) NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552 NOTE: Negligible security impact, affects only ntpq CLI and testsuite CVE-2023-26551 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) - ntp (unimportant) NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551 NOTE: Negligible security impact, affects only ntpq CLI and testsuite CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...) NOT-FOR-US: BMC Control-M CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app restart due to ...) NOT-FOR-US: Huawei CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserialization. ...) NOT-FOR-US: Huawei CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...) NOT-FOR-US: Huawei CVE-2023-26546 (European Chemicals Agency IUCLID before 6.27.6 allows remote authentic ...) NOT-FOR-US: European Chemicals Agency IUCLID CVE-2023-24544 (Improper access control vulnerability in Buffalo network devices allow ...) NOT-FOR-US: Buffalo network devices CVE-2023-24464 (Stored-cross-site scripting vulnerability in Buffalo network devices a ...) NOT-FOR-US: Buffalo network devices CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: TechPowerUp Ryzen DRAM Calculator CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...) NOT-FOR-US: TechPowerUp RealTemp CVE-2023-1046 (A vulnerability classified as critical has been found in MuYuCMS 2.2. ...) NOT-FOR-US: MuYuCMS CVE-2023-1045 (A vulnerability was found in MuYuCMS 2.2. It has been rated as problem ...) NOT-FOR-US: MuYuCMS CVE-2023-1044 (A vulnerability was found in MuYuCMS 2.2. It has been declared as prob ...) NOT-FOR-US: MuYuCMS CVE-2023-1043 (A vulnerability was found in MuYuCMS 2.2. It has been classified as pr ...) NOT-FOR-US: MuYuCMS CVE-2023-1042 (A vulnerability has been found in SourceCodester Online Pet Shop We Ap ...) NOT-FOR-US: SourceCodester Online Pet Shop We App CVE-2023-1041 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Responsive Tourism Website CVE-2023-1040 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Graduate Tracer System CVE-2023-1039 (A vulnerability classified as critical was found in SourceCodester Cla ...) NOT-FOR-US: SourceCodester Class and Exam Timetabling System CVE-2023-1038 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Reviewer Management System CVE-2023-1037 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System CVE-2023-1036 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Management ...) NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) NOT-FOR-US: suitecrm CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) - froxlor (bug #581792) CVE-2023-1032 (The Linux kernel io_uring IORING_OP_SOCKET operation contained a doubl ...) - linux 6.1.20-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/2 NOTE: https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067 CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-48361 (The Always On Display (AOD) has a path traversal vulnerability in them ...) NOT-FOR-US: Huawei CVE-2022-48360 (The facial recognition module has a vulnerability in file permission c ...) NOT-FOR-US: Huawei CVE-2022-48359 (The recovery mode for updates has a vulnerability that causes arbitrar ...) NOT-FOR-US: Huawei CVE-2022-48358 (The BatteryHealthActivity has a redirection vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2022-48357 (Some products have the double fetch vulnerability. Successful exploita ...) NOT-FOR-US: Huawei CVE-2022-48356 (The facial recognition module has a vulnerability in input parameter v ...) NOT-FOR-US: Huawei CVE-2022-48355 (The Bluetooth module has a heap out-of-bounds read vulnerability. Succ ...) NOT-FOR-US: Huawei CVE-2022-48354 (The Bluetooth module has a heap out-of-bounds write vulnerability. Suc ...) NOT-FOR-US: Huawei CVE-2022-48353 (Some smartphones have configuration issues. Successful exploitation of ...) NOT-FOR-US: Huawei CVE-2022-48352 (Some smartphones have data initialization issues. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2022-48351 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-48350 (The HUAWEI Messaging app has a vulnerability of unauthorized file acce ...) NOT-FOR-US: Huawei CVE-2022-48349 (The control component has a spoofing vulnerability. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-48348 (The MediaProvider module has a vulnerability of unauthorized data read ...) NOT-FOR-US: Huawei CVE-2022-48347 (The MediaProvider module has a vulnerability in permission verificatio ...) NOT-FOR-US: Huawei CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability. Successful exp ...) NOT-FOR-US: Huawei CVE-2020-36662 REJECTED CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...) NOT-FOR-US: WordPress theme CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...) NOT-FOR-US: OpenCycleCompass CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2) CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in ...) - linux 6.1.4-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2023/2/20/128 NOTE: NTFS3 driver not enabled in Debian. CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) NOT-FOR-US: MonicaHQ CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) NOT-FOR-US: SourceCodester Online BoatReservation System CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1028 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1027 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1026 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized acc ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2019-25105 (A vulnerability, which was classified as problematic, was found in dro ...) NOT-FOR-US: dro.pm CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevit ...) NOT-FOR-US: WordPress plugin CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() W ...) NOT-FOR-US: WordPress plugin CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-26540 RESERVED CVE-2023-26539 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max ...) NOT-FOR-US: WordPress plugin CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...) NOT-FOR-US: WordPress plugin CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nico ...) NOT-FOR-US: WordPress plugin CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...) NOT-FOR-US: WordPress plugin CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP ...) NOT-FOR-US: WordPress plugin CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...) NOT-FOR-US: WordPress plugin CVE-2023-26533 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...) NOT-FOR-US: WordPress plugin CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a ...) NOT-FOR-US: WordPress plugin CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Keh ...) NOT-FOR-US: WordPress plugin CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...) NOT-FOR-US: WordPress plugin CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...) NOT-FOR-US: WordPress plugin CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...) NOT-FOR-US: WordPress plugin CVE-2023-26526 RESERVED CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) NOT-FOR-US: WordPress plugin CVE-2023-26523 RESERVED CVE-2023-26522 RESERVED CVE-2023-26521 RESERVED CVE-2023-26520 RESERVED CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-26518 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...) NOT-FOR-US: WordPress plugin CVE-2023-26517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) NOT-FOR-US: WordPress plugin CVE-2023-26516 (Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assi ...) NOT-FOR-US: WordPress plugin CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko T ...) NOT-FOR-US: WordPress plugin CVE-2023-26514 (Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML ...) NOT-FOR-US: WordPress plugin CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...) NOT-FOR-US: Apache Sling CVE-2023-26512 (CWE-502 Deserialization of Untrusted Dataat therabbitmq-connector plug ...) NOT-FOR-US: Apache EventMesh CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized opt ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...) NOT-FOR-US: WordPress plugin CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...) - libtpms 0.9.2-3.1 (bug #1032420) NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 NOTE: https://kb.cert.org/vuls/id/782720 NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf CVE-2023-1017 (An out-of-bounds write vulnerability exists in TPM2.0's Module Library ...) - libtpms 0.9.2-3.1 (bug #1032420) NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 NOTE: https://kb.cert.org/vuls/id/782720 NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf CVE-2023-1016 (The Intuitive Custom Post Order plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2023-1015 REJECTED CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: Virames Vira-Investing CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: Virames Vira-Investing CVE-2023-1012 RESERVED CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape most of i ...) NOT-FOR-US: WordPress plugin CVE-2023-1010 (A vulnerability classified as critical was found in vox2png 1.0. Affec ...) NOT-FOR-US: vox2png CVE-2023-1009 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: DrayTek Vigor 2960 CVE-2023-1008 (A vulnerability was found in Twister Antivirus 8.17. It has been rated ...) NOT-FOR-US: Twister Antivirus CVE-2023-1007 (A vulnerability was found in Twister Antivirus 8.17. It has been decla ...) NOT-FOR-US: Twister Antivirus CVE-2023-1006 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) NOT-FOR-US: SourceCodester Medical Certificate Generator App CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and classified a ...) NOT-FOR-US: JP1016 Markdown-Electron CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 on Windows and ...) NOT-FOR-US: MarkText CVE-2023-1003 (A vulnerability, which was classified as critical, was found in Typora ...) NOT-FOR-US: Typora CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MuYuCMS CVE-2023-1001 RESERVED CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...) NOT-FOR-US: dcnnt-py CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce System ...) NOT-FOR-US: SourceCodester Moosikay E-Commerce System CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Prop ...) NOT-FOR-US: Propius MachineSelector CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...) NOT-FOR-US: Ghost CMS CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.) NOT-FOR-US: AnyDesk CVE-2023-26508 RESERVED CVE-2023-26507 RESERVED CVE-2023-26506 RESERVED CVE-2023-26505 RESERVED CVE-2023-26504 RESERVED CVE-2023-26503 RESERVED CVE-2023-26502 RESERVED CVE-2023-26501 RESERVED CVE-2023-26500 RESERVED CVE-2023-26499 RESERVED CVE-2023-26498 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) NOT-FOR-US: Samsung CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) NOT-FOR-US: Samsung CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) NOT-FOR-US: Samsung CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior to versi ...) NOT-FOR-US: lorawan-stack CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real-tim ...) NOT-FOR-US: Cocos Engine CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...) NOT-FOR-US: RSSHub CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...) NOT-FOR-US: mailcow CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...) NOT-FOR-US: wasmtime CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...) NOT-FOR-US: Vega CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...) NOT-FOR-US: Vega CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1034171) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1034172) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1034173) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1034174) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5 NOTE: https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 (0.29.0.gfm.10) CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...) NOT-FOR-US: KubeVirt CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...) - golang-github-russellhaering-gosaml2 (bug #948190) CVE-2023-26482 (Nextcloud server is an open source home cloud implementation. In affec ...) - nextcloud-server (bug #941708) CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an insufficient ...) NOT-FOR-US: authentik CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 12.10, ...) NOT-FOR-US: XWiki CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 6.0, us ...) NOT-FOR-US: XWiki CVE-2023-26478 (XWiki Platform is a generic wiki platform. Starting in version 14.3-rc ...) NOT-FOR-US: XWiki CVE-2023-26477 (XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc ...) NOT-FOR-US: XWiki CVE-2023-26476 (XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, ...) NOT-FOR-US: XWiki CVE-2023-26475 (XWiki Platform is a generic wiki platform. Starting in version 2.3-mil ...) NOT-FOR-US: XWiki CVE-2023-26474 (XWiki Platform is a generic wiki platform. Starting in version 13.10, ...) NOT-FOR-US: XWiki CVE-2023-26473 (XWiki Platform is a generic wiki platform. Starting in version 1.3-rc- ...) NOT-FOR-US: XWiki CVE-2023-26472 (XWiki Platform is a generic wiki platform. Starting in version 6.2-mil ...) NOT-FOR-US: XWiki CVE-2023-26471 (XWiki Platform is a generic wiki platform. Starting in version 11.6-rc ...) NOT-FOR-US: XWiki CVE-2023-26470 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2023-26469 (In Jorani 1.0.0, an attacker could leverage path traversal to access f ...) NOT-FOR-US: Jorani CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...) NOT-FOR-US: Cerebrate CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server in a co ...) NOT-FOR-US: RPA: Synchronization Engine CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...) NOT-FOR-US: RPA: Synchronization Engine CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.) NOT-FOR-US: Pega Platform CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...) NOT-FOR-US: Intel CVE-2023-25779 (Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH ...) NOT-FOR-US: Intel CVE-2023-25777 (Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 6.5.3-1 [bookworm] - linux 6.1.55-1 NOTE: https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...) NOT-FOR-US: Intel CVE-2023-25073 (Improper access control in some Intel(R) DSA software before version 2 ...) NOT-FOR-US: Intel CVE-2023-24542 (Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH d ...) NOT-FOR-US: Intel CVE-2023-24541 RESERVED CVE-2023-22342 (Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers ...) NOT-FOR-US: Intel CVE-2023-22293 (Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers fo ...) NOT-FOR-US: Intel CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...) - libheif 1.15.1-1 (bug #1032101) [bullseye] - libheif (Minor issue) [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/pull/759 NOTE: https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...) NOT-FOR-US: Bumsys CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: RosarioSIS CVE-2023-0993 (The Shield Security plugin for WordPress is vulnerable to Missing Auth ...) NOT-FOR-US: WordPress plugin CVE-2023-0992 (The Shield Security plugin for WordPress is vulnerable to stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...) - node-mermaid (bug #1032313) [bullseye] - node-mermaid (Minor issue) NOTE: https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c CVE-2023-26464 (** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppe ...) - apache-log4j1.2 (Only affects legacy Java releases which Debian hasn't shipped since 2015) NOTE: https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t CVE-2023-0991 RESERVED CVE-2023-0990 RESERVED CVE-2023-0989 (An information disclosure issue in GitLab CE/EE affecting all versions ...) - gitlab 16.4.4+ds2-2 CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0985 (An Authorization Bypass vulnerability was found in MB Connect LinesmbC ...) NOT-FOR-US: mbCONNECT24 CVE-2023-0984 RESERVED CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2023-0980 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) NOT-FOR-US: SourceCodester Yoga Class Registration System CVE-2022-48344 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-48343 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on ...) NOT-FOR-US: JetBrains TeamCity CVE-2023-26463 (strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution be ...) - strongswan 5.9.8-4 [bullseye] - strongswan (Vulnerable code not present) [buster] - strongswan (Vulnerable code not present) NOTE: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html NOTE: Introduced by: https://github.com/strongswan/strongswan/commit/63fd718915b5d246dcc5560382db0c30de309040 (5.9.8dr1) CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...) NOT-FOR-US: ThingsBoard CVE-2023-26461 (SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an ...) NOT-FOR-US: SAP CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server for Java ...) NOT-FOR-US: SAP CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP P ...) NOT-FOR-US: SAP CVE-2023-26458 (An information disclosure vulnerability exists in SAP Landscape Manage ...) NOT-FOR-US: SAP CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...) NOT-FOR-US: SAP CVE-2023-26456 (Users were able to set an arbitrary "product name" for OX Guard. The c ...) NOT-FOR-US: Open-Xchange CVE-2023-26455 (RMI was not requiring authentication when calling ChronosRMIService:se ...) NOT-FOR-US: Open-Xchange CVE-2023-26454 (Requests to fetch image metadata could be abused to include SQL querie ...) NOT-FOR-US: Open-Xchange CVE-2023-26453 (Requests to cache an image could be abused to include SQL queries that ...) NOT-FOR-US: Open-Xchange CVE-2023-26452 (Requests to cache an image and return its metadata could be abused to ...) NOT-FOR-US: Open-Xchange CVE-2023-26451 (Functions with insufficient randomness were used to generate authoriza ...) NOT-FOR-US: OX App Suite CVE-2023-26450 (The "OX Count" web service did not specify a media-type when processin ...) NOT-FOR-US: OX App Suite CVE-2023-26449 (The "OX Chat" web service did not specify a media-type when processing ...) NOT-FOR-US: OX App Suite CVE-2023-26448 (Custom log-in and log-out locations are used-defined as jslob but were ...) NOT-FOR-US: OX App Suite CVE-2023-26447 (The "upsell" widget for the portal allows to specify a product descrip ...) NOT-FOR-US: OX App Suite CVE-2023-26446 (The users clientID at "application passwords" was not sanitized or esc ...) NOT-FOR-US: OX App Suite CVE-2023-26445 (Frontend themes are defined by user-controllable jslob settings and co ...) NOT-FOR-US: OX App Suite CVE-2023-26444 RESERVED CVE-2023-26443 (Full-text autocomplete search allows user-provided SQL syntax to be in ...) NOT-FOR-US: OX App Suite CVE-2023-26442 (In case Cacheservice was configured to use a sproxyd object-storage ba ...) NOT-FOR-US: OX App Suite CVE-2023-26441 (Cacheservice did not correctly check if relative cache object were poi ...) NOT-FOR-US: OX App Suite CVE-2023-26440 (The cacheservice API could be abused to indirectly inject parameters w ...) NOT-FOR-US: OX App Suite CVE-2023-26439 (The cacheservice API could be abused to inject parameters with SQL syn ...) NOT-FOR-US: OX App Suite CVE-2023-26438 (External service lookups for a number of protocols were vulnerable to ...) NOT-FOR-US: OX App Suite CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...) - pdns-recursor 4.8.4-1 (bug #1033941) [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) [buster] - pdns-recursor (Minor issue) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html NOTE: https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989 (rec-4.6.6) NOTE: https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8 (rec-4.7.5) NOTE: https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f (rec-4.8.4) CVE-2023-26436 (Attackers with access to the "documentconverterws" API were able to in ...) NOT-FOR-US: OX App Suite CVE-2023-26435 (It was possible to call filesystem and network references using the lo ...) NOT-FOR-US: OX App Suite CVE-2023-26434 (When adding an external mail account, processing of POP3 "capabilities ...) NOT-FOR-US: OX App Suite CVE-2023-26433 (When adding an external mail account, processing of IMAP "capabilities ...) NOT-FOR-US: OX App Suite CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabilities ...) NOT-FOR-US: OX App Suite CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...) NOT-FOR-US: OX App Suite CVE-2023-26430 (Attackers with access to user accounts can inject arbitrary control ch ...) NOT-FOR-US: OX App Suite CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...) NOT-FOR-US: OX App Suite CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...) NOT-FOR-US: OX App Suite CVE-2023-26427 (Default permissions for a properties file were too permissive. Local s ...) NOT-FOR-US: OX App Suite CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26424 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26423 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26422 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26421 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26420 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26419 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26418 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26417 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26416 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26415 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26414 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26413 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26412 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26411 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26410 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26409 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26408 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26407 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26406 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26405 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26404 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26403 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26402 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26401 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26400 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26399 RESERVED CVE-2023-26398 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-26397 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26396 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26395 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2023-26394 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26393 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26392 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26391 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26390 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26389 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26388 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26387 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26386 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26385 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26384 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26383 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2023-26382 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26381 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26380 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26379 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26378 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26377 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26376 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26375 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26374 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26373 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26372 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...) NOT-FOR-US: Adobe CVE-2023-26368 (Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2023-26365 RESERVED CVE-2023-26364 (@adobe/css-tools version 4.3.0 and earlier are affected by an Improper ...) NOT-FOR-US: Adobe CVE-2023-26363 RESERVED CVE-2023-26362 RESERVED CVE-2023-26361 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) NOT-FOR-US: Adobe CVE-2023-26360 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) NOT-FOR-US: Adobe CVE-2023-26359 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) NOT-FOR-US: Adobe CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted ...) NOT-FOR-US: Adobe CVE-2023-26357 RESERVED CVE-2023-26356 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26355 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26354 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26353 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26352 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26351 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26350 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26349 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-26348 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26347 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) NOT-FOR-US: Adobe CVE-2023-26346 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26345 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26344 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...) NOT-FOR-US: Adobe CVE-2023-26343 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26342 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26341 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26340 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26339 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26338 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26337 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-ba ...) NOT-FOR-US: Adobe CVE-2023-26336 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-26335 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26334 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...) NOT-FOR-US: Adobe CVE-2023-26333 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26332 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26331 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26330 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26329 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26328 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26327 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...) NOT-FOR-US: WordPress plugin CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin, is affe ...) NOT-FOR-US: WordPress plugin CVE-2023-26324 RESERVED CVE-2023-26323 RESERVED CVE-2023-26322 RESERVED CVE-2023-26321 RESERVED CVE-2023-26320 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Xiaomi CVE-2023-26319 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Xiaomi CVE-2023-26318 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) NOT-FOR-US: Xiaomi CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could allow ...) NOT-FOR-US: Xiaomi CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...) NOT-FOR-US: Xiaomi CVE-2023-26315 RESERVED CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MedData Informatics MedDataPACS CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...) NOT-FOR-US: Trellix CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...) NOT-FOR-US: Trellix CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to version 5. ...) NOT-FOR-US: Trellix CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...) NOT-FOR-US: Trellix CVE-2023-0974 RESERVED CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...) NOT-FOR-US: STEPTools ifcmesh library CVE-2023-0972 (Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlie ...) NOT-FOR-US: SiLabs CVE-2023-0971 (A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows au ...) NOT-FOR-US: SiLabs CVE-2023-0970 (Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK ve ...) NOT-FOR-US: SiLabs CVE-2023-0969 (A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an a ...) NOT-FOR-US: SiLabs CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: Watu Quiz plugin for WordPress CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal user ...) NOT-FOR-US: Bhima CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-0965 (Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_a ...) NOT-FOR-US: Silabs CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-0962 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-0961 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-0960 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...) NOT-FOR-US: SeaCMS CVE-2023-0959 (Bhima version 1.27.0 allows a remote attacker to update the privileges ...) NOT-FOR-US: Bhima CVE-2023-0958 (Several plugins for WordPress by Inisev are vulnerable to unauthorized ...) NOT-FOR-US: WordPress plugin CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...) NOT-FOR-US: Gitpod CVE-2023-0956 (External input could be used on TEL-STER TelWin SCADA WebInterface to ...) NOT-FOR-US: TEL-STER TelWin SCADA WebInterface CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...) NOT-FOR-US: WordPress plugin CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...) NOT-FOR-US: Sensormatic Electronics Illustra Pro CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...) NOT-FOR-US: Devolutions Server CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3.12 a ...) NOT-FOR-US: Devolutions Server CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...) NOT-FOR-US: Devolutions Server CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...) {DSA-5415-1 DLA-3526-1} - libreoffice 4:7.4.5-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/ CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...) NOT-FOR-US: Modoboa CVE-2023-0948 (The Japanized For WooCommerce WordPress plugin before 2.5.8 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker to achie ...) NOT-FOR-US: ThingsBoard CVE-2021-4326 (A vulnerability in Imperative framework which allows already-privilege ...) NOT-FOR-US: Imperative framework CVE-2023-26313 RESERVED CVE-2023-26312 RESERVED CVE-2023-26311 (A remote code execution vulnerability in the webview component of OPPO ...) NOT-FOR-US: Oppo CVE-2023-26310 (There is a command injection problem in the old version of the mobile ...) NOT-FOR-US: Oppo CVE-2023-26309 (A remote code execution vulnerability in the webview component of OneP ...) NOT-FOR-US: Oppo CVE-2023-26308 RESERVED CVE-2023-26307 RESERVED CVE-2023-26306 RESERVED CVE-2023-26305 RESERVED CVE-2023-26304 RESERVED CVE-2023-26303 (Denial of service could be caused to markdown-it-py, before v2.2.0, if ...) - markdown-it-py 2.1.0-5 (bug #1031764) NOTE: https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 NOTE: https://github.com/executablebooks/markdown-it-py/pull/246 NOTE: https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fdd1280f5b89092d5d49 (v2.2.0) CVE-2023-26302 (Denial of service could be caused to the command line interface of mar ...) - markdown-it-py 2.1.0-5 (bug #1031764) NOTE: https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 NOTE: https://github.com/executablebooks/markdown-it-py/pull/247 NOTE: https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c (v2.2.0) CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...) NOT-FOR-US: HP CVE-2023-26300 (A potential security vulnerability has been identified in the system B ...) NOT-FOR-US: HP CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) NOT-FOR-US: HP CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) NOT-FOR-US: HP CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) NOT-FOR-US: HP CVE-2023-26296 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) NOT-FOR-US: HP CVE-2023-26295 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) NOT-FOR-US: HP CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) NOT-FOR-US: HP CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress prior to 1 ...) NOT-FOR-US: flatpressblog CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Management S ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2023-0945 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2023-0944 (Bhima version 1.27.0 allows an authenticated attacker with regular use ...) NOT-FOR-US: Bhima CVE-2023-0943 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Best POS Management System CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: Japanized For WooCommerce plugin for WordPress CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...) {DLA-3343-1} - mono 6.8.0.105+dfsg-3.3 (bug #972146) [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1 CVE-2023-26293 (A vulnerability has been identified in Totally Integrated Automation P ...) NOT-FOR-US: TIA Portal V15 CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Forcepoint CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Forcepoint CVE-2023-26290 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Forcepoint CVE-2023-26289 RESERVED CVE-2023-26288 RESERVED CVE-2023-26287 RESERVED CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2023-26285 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attac ...) NOT-FOR-US: IBM CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through ...) NOT-FOR-US: IBM CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2023-26282 (IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user wit ...) NOT-FOR-US: IBM CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server could all ...) NOT-FOR-US: IBM CVE-2023-26280 RESERVED CVE-2023-26279 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local us ...) NOT-FOR-US: IBM CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local au ...) NOT-FOR-US: IBM CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local use ...) NOT-FOR-US: IBM CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) NOT-FOR-US: IBM CVE-2023-26275 RESERVED CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) NOT-FOR-US: IBM CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...) NOT-FOR-US: IBM CVE-2023-26272 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) NOT-FOR-US: IBM CVE-2023-26271 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) NOT-FOR-US: IBM CVE-2023-26270 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) NOT-FOR-US: IBM CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...) NOT-FOR-US: Apache James CVE-2023-26268 (Design documents with matching document IDs, from databases on the sam ...) - couchdb CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.177 all ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0940 (The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoin ...) NOT-FOR-US: WordPress plugin CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: NTN Information Technologies Online Services Software CVE-2023-0938 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Music Gallery Site CVE-2023-0937 (The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0936 (A vulnerability was found in TP-Link Archer C50 V2_160801. It has been ...) NOT-FOR-US: TP-Link CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has been decla ...) NOT-FOR-US: DolphinPHP CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary ...) NOT-FOR-US: php-saml-sp CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working director ...) - aflplusplus 4.04c-4 (bug #1033255) [bullseye] - aflplusplus (Minor issue) NOTE: https://github.com/AFLplusplus/AFLplusplus/pull/1643 NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/673a0a3866783bf28e31d14fbd7a9009c7816ec3 CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...) - backdrop (bug #914257) CVE-2023-26264 (All versions of Talend Data Catalog before 8.0-20220907 are potentiall ...) NOT-FOR-US: Talend Data Catalog CVE-2023-26263 (All versions of Talend Data Catalog before 8.0-20230110 are potentiall ...) NOT-FOR-US: Talend Data Catalog CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...) NOT-FOR-US: Sitecore CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...) NOT-FOR-US: UBIKA WAAP Gateway/Cloud CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hi ...) NOT-FOR-US: OXID eShop CVE-2023-26259 RESERVED CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...) NOT-FOR-US: Arcserve CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...) NOT-FOR-US: Connected Vehicle Systems Alliance CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) NOT-FOR-US: Plugin for Jira CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) NOT-FOR-US: Plugin for Jira CVE-2023-26254 RESERVED CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...) - glusterfs 10.3-5 (bug #1031731) [bullseye] - glusterfs (Minor issue) [buster] - glusterfs (Minor issue) NOTE: https://github.com/gluster/glusterfs/issues/3954 CVE-2023-26252 RESERVED CVE-2023-26251 RESERVED CVE-2023-26250 RESERVED CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its resources, ...) - knot-resolver 5.6.0-1 [bullseye] - knot-resolver (Minor issue) [buster] - knot-resolver (Minor issue) NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html CVE-2023-26248 RESERVED CVE-2023-26247 RESERVED CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) NOT-FOR-US: Hyundai CVE-2023-26245 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) NOT-FOR-US: Hyundai CVE-2023-26244 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) NOT-FOR-US: Hyundai CVE-2023-26243 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) NOT-FOR-US: Hyundai CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...) - linux (unimportant) NOTE: https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/ NOTE: FPGA_DFL_AFU not enabled in Debian. CVE-2023-26241 RESERVED CVE-2023-26240 RESERVED CVE-2023-26239 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...) NOT-FOR-US: WatchGuard EPDR CVE-2023-26238 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...) NOT-FOR-US: WatchGuard EPDR CVE-2023-26237 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...) NOT-FOR-US: WatchGuard EPDR CVE-2023-26236 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...) NOT-FOR-US: WatchGuard EPDR CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...) NOT-FOR-US: JD-GUI CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...) NOT-FOR-US: JD-GUI CVE-2023-26233 RESERVED CVE-2023-26232 RESERVED CVE-2023-26231 RESERVED CVE-2023-26230 RESERVED CVE-2023-26229 RESERVED CVE-2023-26228 RESERVED CVE-2023-26227 RESERVED CVE-2023-26226 RESERVED CVE-2023-26225 RESERVED CVE-2023-26224 RESERVED CVE-2023-26223 RESERVED CVE-2023-26222 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...) NOT-FOR-US: TIBCO CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...) NOT-FOR-US: Spotfire Connectors component of TIBCO CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...) NOT-FOR-US: TIBCO CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...) NOT-FOR-US: TIBCO CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...) NOT-FOR-US: TIBCO CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...) NOT-FOR-US: TIBCO CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) NOT-FOR-US: TIBCO CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) NOT-FOR-US: TIBCO CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...) NOT-FOR-US: BusinessConnect UI component of TIBCO CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allow ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0932 (Use after free in WebRTC in Google Chrome on Windows prior to 110.0.54 ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0931 (Use after free in Video in Google Chrome prior to 110.0.5481.177 allow ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0930 (Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0929 (Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allo ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0928 (Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android prior t ...) {DSA-5359-1} - chromium 110.0.5481.177-1 [buster] - chromium (see DSA 5046) CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...) - glusterfs 11.1-1 (bug #1031796) [bookworm] - glusterfs (Minor issue) [bullseye] - glusterfs (Minor issue) [buster] - glusterfs (Minor issue) NOTE: https://github.com/gluster/glusterfs/issues/3732 NOTE: https://github.com/gluster/glusterfs/commit/d2e159d337e17844bf483a7f2aca4c52e37c7c60 (v11.1) CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagPars ...) NOT-FOR-US: Widevine CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVeri ...) NOT-FOR-US: Widevine CVE-2022-48334 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...) NOT-FOR-US: Widevine CVE-2022-48333 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...) NOT-FOR-US: Widevine CVE-2022-48332 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...) NOT-FOR-US: Widevine CVE-2022-48331 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...) NOT-FOR-US: Widevine CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...) {DSA-5360-1 DLA-3416-1} - emacs 1:28.2+1-11 (bug #1031730) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295 CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...) {DSA-5360-1} - emacs 1:28.2+1-11 (bug #1031730) [buster] - emacs (Vulnerable code introduced later) NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268 NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (emacs-27.0.90) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) {DSA-5360-1 DLA-3416-1} - emacs 1:28.2+1-11 (bug #1031730) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817 NOTE: Original fix introduced memory leak: NOTE: https://bugs.debian.org/1031888 NOTE: https://debbugs.gnu.org/61819 NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14 CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui- ...) NOT-FOR-US: Barracuda CVE-2023-26212 RESERVED CVE-2023-26211 RESERVED CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...) NOT-FOR-US: Fortinet CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: FortiGuard CVE-2023-26208 (A improper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: FortiGuard CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...) NOT-FOR-US: Fortinet CVE-2023-26206 (An improper neutralization of input during web page generation ('cross ...) NOT-FOR-US: Fortinet CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...) NOT-FOR-US: FortiGuard CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...) NOT-FOR-US: Fortinet CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...) NOT-FOR-US: FortiGuard CVE-2023-26202 RESERVED CVE-2023-26201 RESERVED CVE-2023-26200 RESERVED CVE-2023-26199 RESERVED CVE-2023-26198 RESERVED CVE-2023-26197 RESERVED CVE-2023-26196 RESERVED CVE-2023-26195 RESERVED CVE-2023-26194 RESERVED CVE-2023-26193 RESERVED CVE-2023-26192 RESERVED CVE-2023-26191 RESERVED CVE-2023-26190 RESERVED CVE-2023-26189 RESERVED CVE-2023-26188 RESERVED CVE-2023-26187 RESERVED CVE-2023-26186 RESERVED CVE-2023-26185 RESERVED CVE-2023-26184 RESERVED CVE-2023-26183 RESERVED CVE-2023-26182 RESERVED CVE-2023-26181 RESERVED CVE-2023-26180 RESERVED CVE-2023-26179 RESERVED CVE-2023-26178 RESERVED CVE-2023-26177 RESERVED CVE-2023-26176 RESERVED CVE-2023-26175 RESERVED CVE-2023-26174 RESERVED CVE-2023-26173 RESERVED CVE-2023-26172 RESERVED CVE-2023-26171 RESERVED CVE-2023-26170 RESERVED CVE-2023-26169 RESERVED CVE-2023-26168 RESERVED CVE-2023-26167 RESERVED CVE-2023-26166 RESERVED CVE-2023-26165 RESERVED CVE-2023-26164 RESERVED CVE-2023-26163 RESERVED CVE-2023-26162 RESERVED CVE-2023-26161 RESERVED CVE-2023-26160 RESERVED CVE-2023-26159 (Versions of the package follow-redirects before 1.15.4 are vulnerable ...) - node-follow-redirects 1.15.6+~1.14.4-1 (bug #1059926) [bookworm] - node-follow-redirects (Minor issue) [bullseye] - node-follow-redirects (Minor issue) [buster] - node-follow-redirects (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 NOTE: https://github.com/follow-redirects/follow-redirects/issues/235 NOTE: https://github.com/follow-redirects/follow-redirects/pull/236 NOTE: https://github.com/follow-redirects/follow-redirects/commit/1cba8e85fa73f563a439fe460cf028688e4358df (v1.15.4) NOTE: https://github.com/follow-redirects/follow-redirects/commit/05629af696588b90d64e738bc2e809a97a5f92fc (v1.15.4) NOTE: https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d (v1.15.4) CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...) NOT-FOR-US: mockjs CVE-2023-26157 (Versions of the package libredwg before 0.12.5.6384 are vulnerable to ...) - libredwg (bug #595191) CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to ...) NOT-FOR-US: chromedriver Node.js module CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...) NOT-FOR-US: node-qpdf CVE-2023-26154 (Versions of the package pubnub before 7.4.0; all versions of the packa ...) NOT-FOR-US: pubnub CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...) NOT-FOR-US: geokit-rails CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory ...) NOT-FOR-US: Node static-server CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...) NOT-FOR-US: asyncua CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...) NOT-FOR-US: asyncua CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...) NOT-FOR-US: Node quill-mention CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...) NOT-FOR-US: ithewei/libhv CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...) NOT-FOR-US: ithewei/libhv CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...) NOT-FOR-US: ithewei/libhv CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of ...) NOT-FOR-US: pydash CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...) - node-graphql 16.8.1-1 [bookworm] - node-graphql (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 NOTE: https://github.com/graphql/graphql-js/pull/3972 NOTE: https://github.com/graphql/graphql-js/issues/3955 NOTE: https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Arbitrar ...) NOT-FOR-US: Node blamer CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...) NOT-FOR-US: Crow CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...) - ruby-sidekiq (bug #1059300) [bookworm] - ruby-sidekiq (Minor issue) [bullseye] - ruby-sidekiq (Minor issue) [buster] - ruby-sidekiq (Minor issue, DoS still possible) NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107 NOTE: https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3) CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...) NOT-FOR-US: excalidraw CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable ...) NOT-FOR-US: Node underscore-keypath CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerable to C ...) NOT-FOR-US: Drogon CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...) NOT-FOR-US: Drogon CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...) {DLA-3488-1} - node-tough-cookie 4.1.3+~4.0.2-1 [bookworm] - node-tough-cookie 4.0.0-2+deb12u1 [bullseye] - node-tough-cookie 4.0.0-2+deb11u1 NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 NOTE: https://github.com/salesforce/tough-cookie/issues/282 NOTE: https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e (v4.1.3) CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node flatnest CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...) NOT-FOR-US: Node git-commit-info CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...) NOT-FOR-US: progressbar.js CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...) - node-dottie 2.0.6+~2.0.5-1 (bug #1040592) [bookworm] - node-dottie 2.0.2-4+deb12u1 [bullseye] - node-dottie 2.0.2-1+deb11u1 NOTE: https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763 NOTE: https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68 (v2.0.4) CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...) NOT-FOR-US: github.com/xyproto/algernon/engine CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...) - cpp-httplib 0.11.4+ds-2 (bug #1037100) [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1 NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194 NOTE: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280 NOTE: https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4) CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...) NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng) CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...) NOT-FOR-US: Node keep-module-latest CVE-2023-26127 (All versions of the package n158 are vulnerable to Command Injection d ...) NOT-FOR-US: Node n158 CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...) NOT-FOR-US: m.static CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...) - golang-github-gin-gonic-gin (bug #1035498) [bookworm] - golang-github-gin-gonic-gin (Minor issue) [bullseye] - golang-github-gin-gonic-gin (Minor issue) [buster] - golang-github-gin-gonic-gin (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/gin-gonic/gin/pull/3500 NOTE: https://github.com/gin-gonic/gin/pull/3503 NOTE: https://github.com/gin-gonic/gin/commit/81ac7d55a09e34013225db0aeac6e70c1ae68928 (v1.9.0) CVE-2023-26124 RESERVED CVE-2023-26123 (Versions of the package raysan5/raylib before 4.5.0 are vulnerable to ...) NOT-FOR-US: raylib CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...) NOT-FOR-US: Node safe-eval CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...) NOT-FOR-US: Node safe-eval CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...) NOT-FOR-US: com.xuxueli:xxl-job CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...) NOT-FOR-US: net.sourceforge.htmlunit:htmlunit CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...) - angular.js (bug #1036694) [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...) - angular.js (bug #1036694) [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular ...) - angular.js (bug #1036694) [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 CVE-2023-26115 (All versions of the package word-wrap are vulnerable to Regular Expres ...) NOT-FOR-US: Node.js word-wrap module CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...) NOT-FOR-US: Node code-server CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...) NOT-FOR-US: collection.js CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...) - configobj 5.0.8-2 (bug #1034152) [bookworm] - configobj (Minor issue) [bullseye] - configobj (Minor issue) [buster] - configobj (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494 NOTE: https://github.com/DiffSK/configobj/issues/232 NOTE: https://github.com/DiffSK/configobj/pull/236 CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...) NOT-FOR-US: @nubosoftware/node-static CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...) NOT-FOR-US: node-bluetooth CVE-2023-26109 (All versions of the package node-bluetooth-serial-port are vulnerable ...) NOT-FOR-US: node-bluetooth-serial-port CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...) NOT-FOR-US: @nestjs/core CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...) NOT-FOR-US: Node sketchsvg CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node dot-lens CVE-2023-26105 (All versions of the package utilities are vulnerable to Prototype Poll ...) NOT-FOR-US: mde JavaScript utilities CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...) NOT-FOR-US: Node lite-web-server CVE-2023-26103 (Versions of the package deno before 1.31.0 are vulnerable to Regular E ...) NOT-FOR-US: Deno CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node rangy CVE-2023-0926 RESERVED CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of Azul ...) NOT-FOR-US: webMethods OneData CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...) NOT-FOR-US: WordPress plugin CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in RHODS, whe ...) NOT-FOR-US: Red Hat OpenShift Data Science CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote L ...) - samba 2:4.17.7+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - gitlab 15.10.8+ds1-2 CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...) NOT-FOR-US: Huawei CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...) NOT-FOR-US: Progress Flowmon Packet Investigator CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...) NOT-FOR-US: Progress Flowmon CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...) NOT-FOR-US: Telindus CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...) NOT-FOR-US: Telindus CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...) NOT-FOR-US: Telindus CVE-2023-26096 RESERVED CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6 ...) NOT-FOR-US: Stormshield Network Security CVE-2023-26094 RESERVED CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injection, ...) NOT-FOR-US: Liima CVE-2023-26092 (Liima before 1.17.28 allows server-side template injection.) NOT-FOR-US: Liima CVE-2023-26091 (The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4. ...) NOT-FOR-US: TYPO3 extension CVE-2023-26090 RESERVED CVE-2023-26089 (European Chemicals Agency IUCLID 6.x before 6.27.6 allows authenticati ...) NOT-FOR-US: European Chemicals Agency IUCLID CVE-2023-26088 (In Malwarebytes before 4.5.23, a symbolic link may be used delete any ...) NOT-FOR-US: Malwarebytes CVE-2023-26087 RESERVED CVE-2023-26086 RESERVED CVE-2023-26085 (A possible out-of-bounds read and write (due to an improper length che ...) NOT-FOR-US: Arm NN Android-NN-Driver CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...) NOT-FOR-US: AArch64cryptolib CVE-2023-26083 (Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Ker ...) NOT-FOR-US: Mali GPU Kernel Driver CVE-2023-26082 RESERVED CVE-2023-26081 (In Epiphany (aka GNOME Web) through 43.0, untrusted web content can tr ...) {DLA-3423-1} - epiphany-browser 43.1-1 (bug #1031727) [bullseye] - epiphany-browser (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/commit/b8f34863485095bc59b97a6c250ed5e976d39dd4 (43.1) CVE-2023-26080 RESERVED CVE-2023-26079 RESERVED CVE-2023-26078 (Privilege escalation vulnerability was discovered in Atera Agent 1.8.4 ...) NOT-FOR-US: Atera Agent CVE-2023-26077 (Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a D ...) NOT-FOR-US: Atera Agent CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26074 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) NOT-FOR-US: Samsung CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...) NOT-FOR-US: MCUBO ICT CVE-2023-26070 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) NOT-FOR-US: Lexmark CVE-2023-26069 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) NOT-FOR-US: Lexmark CVE-2023-26068 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) NOT-FOR-US: Lexmark CVE-2023-26067 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) NOT-FOR-US: Lexmark CVE-2023-26066 (Certain Lexmark devices through 2023-02-19 have Improper Validation of ...) NOT-FOR-US: Lexmark CVE-2023-26065 (Certain Lexmark devices through 2023-02-19 have an Integer Overflow.) NOT-FOR-US: Lexmark CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write ...) NOT-FOR-US: Lexmark CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...) NOT-FOR-US: Lexmark CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web Element ...) NOT-FOR-US: Nokia CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...) NOT-FOR-US: Nokia CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...) NOT-FOR-US: Nokia CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...) NOT-FOR-US: Nokia CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) NOT-FOR-US: Nokia CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) NOT-FOR-US: Nokia CVE-2023-0920 RESERVED CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter, ...) NOT-FOR-US: MISP CVE-2022-48328 (app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.1 ...) NOT-FOR-US: MISP CVE-2021-4325 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: NHN TOAST UI Chart CVE-2017-20179 (A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated a ...) NOT-FOR-US: InSTEDD Pollit CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared as probl ...) NOT-FOR-US: GoPistolet CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and classifie ...) NOT-FOR-US: irontec klear-library CVE-2015-10083 (A vulnerability has been found in harrystech Dynosaur-Rails and classi ...) NOT-FOR-US: harrystech Dynosaur-Rails CVE-2023-0919 (Missing Authentication for Critical Function in GitHub repository kare ...) NOT-FOR-US: Kavita CVE-2023-0918 (A vulnerability has been found in codeprojects Pharmacy Management Sys ...) NOT-FOR-US: codeprojects Pharmacy Management System CVE-2023-0917 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Simple Customer Relationship Management System CVE-2023-0916 (A vulnerability classified as critical was found in SourceCodester Aut ...) NOT-FOR-US: SourceCodester Auto Dealer Management System CVE-2023-0915 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Auto Dealer Management System CVE-2017-20178 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2. ...) NOT-FOR-US: Codiad CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator Plugin 2.1 ...) NOT-FOR-US: meta4creations Post Duplicator Plugin CVE-2015-10082 (A vulnerability classified as problematic has been found in UIKit0 lib ...) NOT-FOR-US: UIKit0 CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...) NOT-FOR-US: arnoldle submitByMailPlugin CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been ...) NOT-FOR-US: cention-chatserver CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...) NOT-FOR-US: pixelfed CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodester Aut ...) NOT-FOR-US: SourceCodester Auto Dealer Management System CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Auto Dealer Management System CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...) - iortcw (Specific to rtcwcoop, also see bug #1031732) NOTE: https://github.com/iortcw/iortcw/issues/174 CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...) NOT-FOR-US: dd-plist CVE-2016-15025 (A vulnerability, which was classified as problematic, was found in gen ...) NOT-FOR-US: generator-hottowel CVE-2015-10080 (A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been ...) NOT-FOR-US: api-umbrella-web CVE-2014-125088 (A vulnerability was found in qt-users-jp silk 0.0.1. It has been decla ...) NOT-FOR-US: qt-users-jp CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been ...) NOT-FOR-US: OAICat CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...) NOT-FOR-US: uakfdotb oneapp CVE-2023-0911 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-0909 (A vulnerability, which was classified as problematic, was found in cxa ...) NOT-FOR-US: cxasm notepad-- CVE-2023-0908 (A vulnerability, which was classified as problematic, was found in Xos ...) NOT-FOR-US: Xoslab Easy File Locker CVE-2023-0907 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Filseclab Twister Antivirus CVE-2023-0906 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-0905 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2023-0904 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2023-0903 (A vulnerability was found in SourceCodester Employee Task Management S ...) NOT-FOR-US: SourceCodester Employee Task Management System CVE-2023-0902 (A vulnerability was found in SourceCodester Simple Food Ordering Syste ...) NOT-FOR-US: SourceCodester Simple Food Ordering System CVE-2016-15024 (A vulnerability was found in doomsider shadow. It has been classified ...) NOT-FOR-US: doomsider shadow CVE-2014-125087 (A vulnerability was found in java-xmlbuilder up to 1.1. It has been ra ...) NOT-FOR-US: java-xmlbuilder CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 ...) NOT-FOR-US: madgicweb BuddyStream Plugin CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3.0-mil ...) NOT-FOR-US: XWiki CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...) NOT-FOR-US: XWiki CVE-2023-26054 (BuildKit is a toolkit for converting source code to build artifacts in ...) NOT-FOR-US: BuildKit CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (The version of Gradle in Debian doesn't support dependency verification yet) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854 CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering personalize ...) NOT-FOR-US: Saleor CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering personalize ...) NOT-FOR-US: Saleor CVE-2023-26050 RESERVED CVE-2023-26049 (Jetty is a java based web server and servlet engine. Nonstandard cooki ...) {DSA-5507-1 DLA-3592-1} [experimental] - jetty9 9.4.51-1 - jetty9 9.4.52-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c NOTE: https://github.com/eclipse/jetty.project/pull/9339 NOTE: https://github.com/eclipse/jetty.project/pull/9352 CVE-2023-26048 (Jetty is a java based web server and servlet engine. In affected versi ...) {DSA-5507-1 DLA-3592-1} [experimental] - jetty9 9.4.51-1 - jetty9 9.4.52-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 NOTE: https://github.com/eclipse/jetty.project/issues/9076 NOTE: https://github.com/eclipse/jetty.project/pull/9344 NOTE: https://github.com/eclipse/jetty.project/pull/9345 CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...) NOT-FOR-US: teler-waf CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...) NOT-FOR-US: teler-waf CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 2.5.0 and ...) NOT-FOR-US: NodeBB CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...) - php-react-http [buster] - php-react-http (Minor issue) NOTE: https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf NOTE: https://github.com/reactphp/http/commit/b3594f7936b92f9fc2d5f9e84dc01bdb95a72167 (v1.9.0) TODO: check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected CVE-2023-26043 (GeoNode is an open source platform that facilitates the creation, shar ...) NOT-FOR-US: GeoNode CVE-2023-26042 (Part-DB is an open source inventory management system for your electro ...) NOT-FOR-US: Part-DB CVE-2023-26041 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) NOT-FOR-US: Nextcloud Talk CVE-2023-26040 (Discourse is an open-source discussion platform. Between versions 3.1. ...) NOT-FOR-US: Discourse CVE-2023-26039 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g NOTE: https://github.com/ZoneMinder/zoneminder/commit/3bd58d8393fba06f17e013c33b3d44442e3e5be2 CVE-2023-26038 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w NOTE: https://github.com/ZoneMinder/zoneminder/commit/6e417c28eac89664afa46b2fc1f7217622d0ef24 CVE-2023-26037 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733 NOTE: https://github.com/ZoneMinder/zoneminder/commit/4f4ddaab3f982890750594c471bd6b8f72d05dbd CVE-2023-26036 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw NOTE: https://github.com/ZoneMinder/zoneminder/commit/3268f95282d4f99d6cec3a6e0a83f341cf48166a CVE-2023-26035 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr NOTE: https://github.com/ZoneMinder/zoneminder/commit/609b22a54d22229a278afe548a32a05a00fc8c13 NOTE: https://github.com/ZoneMinder/zoneminder/commit/6ffd2bda1c04ced6ce38bfe829de6e2bf23b7348 CVE-2023-26034 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx CVE-2023-26033 (Gentoo soko is the code that powers packages.gentoo.org. Versions prio ...) NOT-FOR-US: Gentoo soko CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9 NOTE: https://github.com/ZoneMinder/zoneminder/commit/decf3e307bdadc0a96ffb151d19f4a4605a7cc71 CVE-2023-26031 (Relative library resolution in linux container-executor binary in Apac ...) - hadoop (bug #793644) CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: pixelfed CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0898 (General Electric MiCOM S1 Agile is vulnerable to an attacker achieving ...) NOT-FOR-US: General Electric MiCOM S1 Agile CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due ...) NOT-FOR-US: Sielco PolyEco1000 CVE-2023-26030 RESERVED CVE-2023-26029 RESERVED CVE-2023-26028 RESERVED CVE-2023-26027 RESERVED CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...) NOT-FOR-US: IBM CVE-2023-26025 RESERVED CVE-2023-26024 (IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attack ...) NOT-FOR-US: IBM CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...) NOT-FOR-US: IBM CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...) NOT-FOR-US: IBM CVE-2023-26021 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2023-26020 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: CrafterCMS CVE-2023-26019 RESERVED CVE-2023-26018 RESERVED CVE-2023-26017 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blue ...) NOT-FOR-US: WordPress plugin CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauh ...) NOT-FOR-US: WordPress plugin CVE-2023-26015 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...) NOT-FOR-US: WordPress plugin CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...) NOT-FOR-US: WordPress plugin CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...) NOT-FOR-US: WordPress plugin CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...) NOT-FOR-US: WordPress plugin CVE-2023-26009 RESERVED CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...) NOT-FOR-US: WordPress plugin CVE-2023-26007 RESERVED CVE-2023-26006 RESERVED CVE-2023-26005 RESERVED CVE-2023-26004 RESERVED CVE-2023-26003 RESERVED CVE-2023-26002 RESERVED CVE-2023-26001 RESERVED CVE-2023-26000 RESERVED CVE-2023-25999 RESERVED CVE-2023-25998 RESERVED CVE-2023-25997 RESERVED CVE-2023-25996 RESERVED CVE-2023-25995 RESERVED CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...) NOT-FOR-US: WordPress plugin CVE-2023-25993 RESERVED CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) NOT-FOR-US: WordPress plugin CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...) NOT-FOR-US: WordPress plugin CVE-2023-25990 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...) NOT-FOR-US: WordPress plugin CVE-2023-25988 RESERVED CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u016 ...) NOT-FOR-US: WordPress plugin CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \ ...) NOT-FOR-US: WordPress plugin CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ ...) NOT-FOR-US: WordPress plugin CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...) NOT-FOR-US: WordPress plugin CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | R ...) NOT-FOR-US: WordPress plugin CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...) NOT-FOR-US: WordPress plugin CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...) NOT-FOR-US: WordPress plugin CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...) NOT-FOR-US: WordPress plugin CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) NOT-FOR-US: WordPress plugin CVE-2023-25975 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric Shee ...) NOT-FOR-US: WordPress plugin CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...) NOT-FOR-US: WordPress plugin CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...) NOT-FOR-US: WordPress plugin CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-25970 (Unrestricted Upload of File with Dangerous Type vulnerability in Zendr ...) NOT-FOR-US: WordPress plugin CVE-2023-25969 RESERVED CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...) NOT-FOR-US: WordPress plugin CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) NOT-FOR-US: WordPress plugin CVE-2023-25966 RESERVED CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) NOT-FOR-US: WordPress plugin CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...) NOT-FOR-US: WordPress plugin CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...) NOT-FOR-US: WordPress plugin CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...) NOT-FOR-US: WordPress plugin CVE-2023-25960 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25959 RESERVED CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Just ...) NOT-FOR-US: WordPress plugin CVE-2023-25957 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) NOT-FOR-US: Siemens CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...) NOT-FOR-US: Apache Airflow AWS Provider CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...) NOT-FOR-US: EC-CUBE CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product ...) NOT-FOR-US: EC-CUBE CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential with A ...) NOT-FOR-US: Lenovo CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0 ...) NOT-FOR-US: WordPress plugin CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not have auth ...) NOT-FOR-US: WordPress plugin CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...) NOT-FOR-US: Space Battery Pack SP with Wi-Fi CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...) NOT-FOR-US: phjounin TFTPD64-SE CVE-2023-0886 REJECTED CVE-2023-0885 REJECTED CVE-2023-0884 REJECTED CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-25943 RESERVED CVE-2023-25942 (Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled res ...) NOT-FOR-US: Dell CVE-2023-25941 (Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of p ...) NOT-FOR-US: Dell CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link resolutio ...) NOT-FOR-US: Dell CVE-2023-25939 RESERVED CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-25935 RESERVED CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...) NOT-FOR-US: Dell CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...) NOT-FOR-US: Facebook Hermes CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) Processors m ...) NOT-FOR-US: Intel CVE-2023-25546 RESERVED CVE-2023-23904 RESERVED CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...) NOT-FOR-US: Intel CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme Compute Elemen ...) NOT-FOR-US: Intel CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may allow a ...) NOT-FOR-US: Intel CVE-2023-22351 RESERVED CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...) NOT-FOR-US: Intel CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...) NOT-FOR-US: Kron Tech Single Connect CVE-2023-0881 RESERVED CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) NOT-FOR-US: btcpayserver CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framewo ...) NOT-FOR-US: Nuxt CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.) - froxlor (bug #581792) CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not authorize sever ...) NOT-FOR-US: WordPress plugin CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-25932 RESERVED CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps, which are ...) NOT-FOR-US: Pelvic Health clinician apps CVE-2023-25930 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...) NOT-FOR-US: IBM CVE-2023-25929 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...) NOT-FOR-US: IBM CVE-2023-25926 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25925 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25924 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25923 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25921 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25920 RESERVED CVE-2023-25919 RESERVED CVE-2023-25918 RESERVED CVE-2023-25917 RESERVED CVE-2023-25916 RESERVED CVE-2023-25915 (Due to improper input validation, a remote attacker could execute arbi ...) NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read system ...) NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25913 (Because of an authentication flaw an attacker would be capable of gene ...) NOT-FOR-US: Danfoss AK-SM80A CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions < V ...) NOT-FOR-US: Siemens CVE-2023-0872 (The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0 ...) NOT-FOR-US: OpenMNS CVE-2023-0871 (XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and ver ...) NOT-FOR-US: OpenMNS CVE-2023-0870 (A form can be manipulated with cross-site request forgery in multiple ...) NOT-FOR-US: OpenNMS CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...) NOT-FOR-US: OpenNMS CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versions o ...) NOT-FOR-US: OpenNMS CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...) NOT-FOR-US: OpenNMS CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 NOTE: https://github.com/gpac/gpac/commit/518ae69dbbdb46c8443431dac9e9489aa0b78882 (v2.2.1) CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2023-0864 (Cleartext Transmission of Sensitive Information vulnerability in ABB T ...) NOT-FOR-US: ABB CVE-2023-0863 (Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80 ...) NOT-FOR-US: ABB CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable to path ...) NOT-FOR-US: NetModule NSRW web administration interface CVE-2023-0861 (NetModule NSRW web administration interface executes an OS command con ...) NOT-FOR-US: NetModule NSRW web administration interface CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: Modoboa CVE-2023-0859 (Arbitrary Files can be installed in the Setting Data Import function o ...) NOT-FOR-US: Canon CVE-2023-0858 (Improper Authentication of RemoteUI of Office / Small Office Multifunc ...) NOT-FOR-US: Canon CVE-2023-0857 (Unintentional change of settings during initial registration of system ...) NOT-FOR-US: Canon CVE-2023-0856 (Buffer overflow in IPP sides attribute process of Office / Small Offic ...) NOT-FOR-US: Canon CVE-2023-0855 (Buffer overflow in IPP number-up attribute process of Office / Small O ...) NOT-FOR-US: Canon CVE-2023-0854 (Buffer overflow in NetBIOS QNAME registering and communication process ...) NOT-FOR-US: Canon CVE-2023-0853 (Buffer overflow in mDNS NSEC record registering process of Office / Sm ...) NOT-FOR-US: Canon CVE-2023-0852 (Buffer overflow in the Address Book of Mobile Device function of Offic ...) NOT-FOR-US: Canon CVE-2023-0851 (Buffer overflow in CPCA Resource Download process of Office / Small Of ...) NOT-FOR-US: Canon CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) NOT-FOR-US: Mapos CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) NOT-FOR-US: Mapos CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) NOT-FOR-US: Mapos CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) NOT-FOR-US: Mapos CVE-2021-46874 RESERVED CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...) NOT-FOR-US: HGiga OAKlouds CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-25907 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25906 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25905 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25904 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25903 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer ...) NOT-FOR-US: Adobe CVE-2023-25902 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25901 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2023-25900 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25899 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-25898 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25897 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25896 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-25895 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25894 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-25893 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-25892 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25891 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25890 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25889 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25888 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25887 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25886 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25885 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25884 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25883 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25882 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) NOT-FOR-US: Adobe CVE-2023-25881 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2023-25880 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-25879 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) NOT-FOR-US: Adobe CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-25860 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-25859 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classifie ...) NOT-FOR-US: Netgear CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and clas ...) NOT-FOR-US: Netgear CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...) NOT-FOR-US: Netgear CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulne ...) NOT-FOR-US: DASH 7 Alliance protocol CVE-2023-25858 RESERVED CVE-2023-25857 RESERVED CVE-2023-25856 RESERVED CVE-2023-25855 RESERVED CVE-2023-25854 RESERVED CVE-2023-25853 RESERVED CVE-2023-25852 RESERVED CVE-2023-25851 RESERVED CVE-2023-25850 RESERVED CVE-2023-25849 RESERVED CVE-2023-25848 (ArcGIS Enterprise Server versions 11.0 and below have an information d ...) NOT-FOR-US: ArcGIS Enterprise Server CVE-2023-25847 RESERVED CVE-2023-25846 RESERVED CVE-2023-25845 RESERVED CVE-2023-25844 RESERVED CVE-2023-25843 RESERVED CVE-2023-25842 RESERVED CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Se ...) NOT-FOR-US: Esri CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server in versi ...) NOT-FOR-US: Esri CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...) NOT-FOR-US: Esri ArcGIS CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...) NOT-FOR-US: Esri ArcGIS CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri ArcGIS Enterprise ...) NOT-FOR-US: Esri CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...) NOT-FOR-US: Esri CVE-2023-25835 (There is a stored Cross-site Scripting vulnerabilityin Esri Portal for ...) NOT-FOR-US: Esri CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...) NOT-FOR-US: Esri CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...) NOT-FOR-US: Esri CVE-2023-25832 (There is a cross-site-request forgery vulnerability in Esri Portal for ...) NOT-FOR-US: Esri CVE-2023-25831 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...) NOT-FOR-US: Esri CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...) NOT-FOR-US: Pluck CMS CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...) NOT-FOR-US: OpenTSDB CVE-2023-25826 (Due to insufficient validation of parameters passed to the legacy HTTP ...) NOT-FOR-US: OpenTSDB CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.33+dfsg1-1 (unimportant) NOTE: Only supported for trusted users/behind auth NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v NOTE: https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81 NOTE: https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0 NOTE: https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308 CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions ...) - mod-gnutls (bug #942737) [buster] - mod-gnutls (Minor issue, DoS) NOTE: https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8 NOTE: https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec (mod_gnutls/0.12.1) CVE-2023-25823 (Gradio is an open-source Python library to build machine learning and ...) NOT-FOR-US: Gradio CVE-2023-25822 (ReportPortal is an AI-powered test automation platform. Prior to versi ...) NOT-FOR-US: reportportal CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...) - nextcloud-server (bug #941708) CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...) NOT-FOR-US: Discourse CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In ...) - nextcloud-server (bug #941708) CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In ...) - nextcloud-server (bug #941708) CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...) - nextcloud-server (bug #941708) CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...) - git 1:2.40.1-1 (bug #1034835) [bookworm] - git (Minor issue) [bullseye] - git (Minor issue) [buster] - git (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ NOTE: https://github.com/git/git/commit/c4137be0f5a6edf9a9044e6e43ecf4468c7a4046 (v2.30.9) CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...) NOT-FOR-US: metersphere CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...) NOT-FOR-US: Sequelize CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do ...) - minio (bug #859207) CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...) NOT-FOR-US: Uptime Kuma CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...) NOT-FOR-US: Uptime Kuma CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...) - runc 1.1.5+ds1-1 [bullseye] - runc (Minor issue) [buster] - runc (Vulnerable code not present) NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5) CVE-2023-25808 RESERVED CVE-2023-25807 (DataEase is an open source data visualization and analysis tool. When ...) NOT-FOR-US: DataEase CVE-2023-25806 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...) NOT-FOR-US: OpenSearch Security is a plugin for OpenSearch CVE-2023-25805 (versionn, software for changing version information across multiple fi ...) NOT-FOR-US: Node versionn CVE-2023-25804 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) NOT-FOR-US: Roxy-WI CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) NOT-FOR-US: Roxy-WI CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) NOT-FOR-US: Roxy-WI CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to versi ...) - tensorflow (bug #804612) CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25799 RESERVED CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...) NOT-FOR-US: WordPress plugin CVE-2023-25796 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Incl ...) NOT-FOR-US: WordPress plugin CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...) NOT-FOR-US: WordPress plugin CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...) NOT-FOR-US: WordPress plugin CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...) NOT-FOR-US: WordPress plugin CVE-2023-25792 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xiao ...) NOT-FOR-US: WordPress plugin CVE-2023-25791 RESERVED CVE-2023-25790 (Improper Authentication, Improper Neutralization of Input During Web P ...) NOT-FOR-US: WordPress plugin CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...) NOT-FOR-US: WordPress plugin CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...) NOT-FOR-US: WordPress plugin CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...) NOT-FOR-US: WordPress plugin CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...) NOT-FOR-US: WordPress plugin CVE-2023-25785 (Missing Authorization vulnerability in Shoaib Saleem WP Post Rating al ...) NOT-FOR-US: WordPress plugin CVE-2023-25784 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon ...) NOT-FOR-US: WordPress plugin CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...) NOT-FOR-US: WordPress plugin CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seba ...) NOT-FOR-US: WordPress plugin CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...) NOT-FOR-US: OpenNMS CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...) - consul (Only affects 1.14.x) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197 CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0843 RESERVED CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...) {DLA-3760-1} - node-xml2js 0.4.23+~cs15.4.0+dfsg-7 (bug #1034148) [bullseye] - node-xml2js 0.2.8-1.1+deb11u1 NOTE: https://fluidattacks.com/advisories/myers/ NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663 NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603 NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5 CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...) - gpac (bug #1034890) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...) NOT-FOR-US: PHPCrazy CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) NOT-FOR-US: ProMIS Process Co. InSCADA CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...) - gitlab 15.10.8+ds1-2 CVE-2023-0837 (An improper authorization check of local device settings in TeamViewe ...) NOT-FOR-US: TeamViewer CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...) NOT-FOR-US: Intel CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) NOT-FOR-US: Intel CVE-2023-25773 (Improper access control in the Intel(R) Unite(R) Hub software installe ...) NOT-FOR-US: Intel CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...) NOT-FOR-US: Jenkins plugin CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Cre ...) NOT-FOR-US: Jenkins plugin CVE-2023-25766 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...) NOT-FOR-US: Jenkins plugin CVE-2023-25765 (In Jenkins Email Extension Plugin 2.93 and earlier, templates defined ...) NOT-FOR-US: Jenkins plugin CVE-2023-25764 (Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanit ...) NOT-FOR-US: Jenkins plugin CVE-2023-25763 (Jenkins Email Extension Plugin 2.93 and earlier does not escape variou ...) NOT-FOR-US: Jenkins plugin CVE-2023-25762 (Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape j ...) NOT-FOR-US: Jenkins plugin CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...) NOT-FOR-US: Intel CVE-2023-25182 (Uncontrolled search path element in the Intel(R) Unite(R) Client softw ...) NOT-FOR-US: Intel CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...) NOT-FOR-US: Intel CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) NOT-FOR-US: Intel CVE-2023-24475 (Out of bounds read in some Intel(R) Server Board BMC firmware before v ...) NOT-FOR-US: Intel CVE-2023-22661 (Buffer overflow in some Intel(R) Server Board BMC firmware before vers ...) NOT-FOR-US: Intel CVE-2023-22379 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) NOT-FOR-US: Intel CVE-2023-22297 (Access of memory location after end of buffer in some Intel(R) Server ...) NOT-FOR-US: Intel CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...) {DSA-5388-1} - haproxy 2.6.8-1 [buster] - haproxy (Vulnerable code introduced later) NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=2e6bf0a2722866ae0128a4392fa2375bd1f03ff8 NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5 (v2.6.8) NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27) NOTE: Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2) CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...) NOT-FOR-US: Node markdown-pdf CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: HYPR Workforce Access on MacOS CVE-2023-25181 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-0833 (A flaw was found in Red Hat's AMQ-Streams, which ships a version of th ...) NOT-FOR-US: Red Hat's AMQ-Streams CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: Under Construction plugin for WordPress CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: Under Construction plugin for WordPress CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...) NOT-FOR-US: EasyNAS CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...) NOT-FOR-US: Plesk CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora ...) NOT-FOR-US: Pandora FMS CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-0826 RESERVED CVE-2023-0825 RESERVED CVE-2023-0824 (The User registration & user profile WordPress plugin through 2.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...) NOT-FOR-US: Tripleplay CVE-2023-25759 (OS Command Injection in TripleData Reporting Engine in Tripleplay Plat ...) NOT-FOR-US: Tripleplay CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...) NOT-FOR-US: Onekey CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...) NOT-FOR-US: DIAEnergie CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...) - nomad (bug #1034181) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...) NOT-FOR-US: WordPress plugin CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f NOTE: https://github.com/gpac/gpac/commit/bfcee8d14588d49708d20c27cb8cb6bc9ff8934d (v2.2.1) CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff NOTE: https://github.com/gpac/gpac/commit/cbbc4d343149c07896c4a3bed28849c576510b6c (v2.2.1) CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3 NOTE: https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7 NOTE: https://github.com/gpac/gpac/commit/99dfc2bc443bfb6b80c610c25f98747d358c209d (v2.2.1) CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...) - airflow (bug #819700) CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery) vulnerability locat ...) NOT-FOR-US: Apache ShenYu CVE-2023-25752 (When accessing throttled streams, the count of available bytes needed ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 - thunderbird 1:102.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752 CVE-2023-25751 (Sometimes, when invalidating JIT code while following an iterator, the ...) {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} - firefox 111.0-1 - firefox-esr 102.9.0esr-1 - thunderbird 1:102.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751 CVE-2023-25750 (Under certain circumstances, a ServiceWorker's offline cache may have ...) - firefox 111.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25750 CVE-2023-25749 (Android applications with unpatched vulnerabilities can be launched fr ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25749 CVE-2023-25748 (By displaying a prompt with a long description, the fullscreen notific ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748 CVE-2023-25747 (A potential use-after-free in libaudio was fixed by disabling the AAud ...) - firefox (Specific to Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-08/ CVE-2023-25746 (Memory safety bugs present in Firefox ESR 102.7. Some of these bugs sh ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25746 CVE-2023-25745 (Memory safety bugs present in Firefox 109. Some of these bugs showed e ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745 CVE-2023-25744 (Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25744 CVE-2023-25743 (A lack of in app notification for entering fullscreen mode could have ...) - firefox (Specific to Firefox Focus) - firefox-esr (Specific to Firefox Focus) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743 CVE-2023-25742 (When importing a SPKI RSA public key as ECDSA P-256, the key would be ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25742 CVE-2023-25741 (When dragging and dropping an image cross-origin, the image's size cou ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25741 CVE-2023-25740 (After downloading a Windows .scf script from the local fi ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740 CVE-2023-25739 (Module load requests that failed were not being checked as to whether ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25739 CVE-2023-25738 (Members of the DEVMODEW struct set by the printer device ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738 CVE-2023-25737 (An invalid downcast from nsTextNode to SVGElement.url shortcut from the local ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25734 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25734 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25734 CVE-2023-25733 (The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being ver ...) - firefox 110.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733 CVE-2023-25732 (When encoding data from an inputStream in xpcomrequestFullscreen and then b ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730 CVE-2023-25729 (Permission prompts for opening external schemes were only shown for Content-Security-Policy-Report-Only header could allo ...) {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728 CVE-2023-24585 (An out-of-bounds write vulnerability exists in the HTTP Server functio ...) NOT-FOR-US: Weston Embedded uC-HTTP CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...) NOT-FOR-US: WordPress plugin CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...) NOT-FOR-US: OpenNMS CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress CVE-2023-0813 (A flaw was found in the Network Observability plugin for OpenShift con ...) NOT-FOR-US: Network Observability plugin for OpenShift console CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on the mem ...) NOT-FOR-US: Omron CJ1M CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) NOT-FOR-US: btcpayserver CVE-2023-0809 (In Mosquitto before 2.0.16, excessive memory is allocated based on mal ...) {DSA-5511-1} - mosquitto 2.0.17-1 [buster] - mosquitto (The vulnerable code was introduced later) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad CVE-2023-3592 (In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...) {DSA-5511-1} - mosquitto 2.0.17-1 [buster] - mosquitto (The vulnerable code was introduced later) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa (v2.0.16) CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_540 ...) NOT-FOR-US: Deye/Revolt/Bosswerk Inverter CVE-2023-0807 RESERVED CVE-2023-0806 RESERVED CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...) - phpmyadmin 4:5.2.1+dfsg-1 [bullseye] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/ CVE-2023-25726 RESERVED CVE-2023-25725 (HAProxy before 2.7.3 may allow a bypass of access control because HTTP ...) {DSA-5348-1 DLA-3318-1} - haproxy 2.6.8-2 NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8 (v2.6.9) CVE-2023-25724 REJECTED CVE-2023-25723 REJECTED CVE-2023-25722 (A credential-leak issue was discovered in related Veracode products be ...) NOT-FOR-US: Veracode CVE-2023-25721 (Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using ...) NOT-FOR-US: Veracode CVE-2023-25720 RESERVED CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...) NOT-FOR-US: ConnectWise CVE-2023-25718 (In ConnectWise Control through 22.9.10032 (formerly known as ScreenCon ...) NOT-FOR-US: ConnectWise CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...) NOT-FOR-US: Ruckus Wireless Admin CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu ...) NOT-FOR-US: WordPress plugin CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The ...) NOT-FOR-US: WordPress plugin CVE-2023-25714 RESERVED CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...) NOT-FOR-US: WordPress plugin CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-B ...) NOT-FOR-US: WordPress plugin CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...) NOT-FOR-US: WordPress plugin CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...) NOT-FOR-US: WordPress plugin CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...) NOT-FOR-US: WordPress plugin CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR \u20 ...) NOT-FOR-US: WordPress plugin CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...) NOT-FOR-US: WordPress plugin CVE-2023-25706 (Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Rob ...) NOT-FOR-US: WordPress plugin CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go P ...) NOT-FOR-US: WordPress plugin CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...) NOT-FOR-US: WordPress plugin CVE-2023-25703 RESERVED CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Full ...) NOT-FOR-US: WordPress plugin CVE-2023-25701 RESERVED CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25699 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: WordPress plugin CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...) NOT-FOR-US: WordPress plugin CVE-2023-25697 RESERVED CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...) NOT-FOR-US: Apache Airflow Hive Provider CVE-2023-25695 (Generation of Error Message Containing Sensitive Information vulnerabi ...) - airflow (bug #819700) CVE-2023-25694 REJECTED CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow Sqoop Pr ...) NOT-FOR-US: Apache Airflow Sqoop Provider CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow Google P ...) NOT-FOR-US: Apache Airflow Google Provider CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow Google P ...) NOT-FOR-US: Apache Airflow Google Provider CVE-2023-0805 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/497 CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/501 CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/500 CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_un ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/498 CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/496 CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/494 CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/492 CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_uni ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/495 CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/499 CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) {DSA-5361-1 DLA-3333-1} - tiff 4.5.0-5 (bug #1031632) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493 CVE-2022-4925 (Insufficient validation of untrusted input in QUIC in Google Chrome pr ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4924 (Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4923 (Inappropriate implementation in Omnibox in Google Chrome prior to 99.0 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4922 (Inappropriate implementation in Blink in Google Chrome prior to 99.0.4 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4921 (Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4920 (Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4919 (Use after free in Base Internals in Google Chrome prior to 101.0.4951. ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4918 (Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4917 (Incorrect security UI in Notifications in Google Chrome on Android pri ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4916 (Use after free in Media in Google Chrome prior to 103.0.5060.53 allowe ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-4915 (Inappropriate implementation in URL Formatting in Google Chrome prior ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-4914 (Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-4913 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-4912 (Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-4911 (Insufficient data validation in DevTools in Google Chrome prior to 106 ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-4910 (Inappropriate implementation in Autofill in Google Chrome prior to 107 ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-4909 (Inappropriate implementation in XML in Google Chrome prior to 107.0.53 ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-4908 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-4907 (Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 al ...) {DSA-5552-1 DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) - ffmpeg 7:6.0-4 [bullseye] - ffmpeg (Vulnerable code introduced later) [buster] - ffmpeg (Vulnerable code introduced later) NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e601ec3c1991ee09ff45db3be4d894e5774f6f2b (n6.0) NOTE: Introduced by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c3bf53fab2165f52b3f71412664668dd75e10a0f (n5.1) CVE-2022-4906 (Inappropriate implementation in Blink in Google Chrome prior to 108.0. ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-48323 (Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0. ...) NOT-FOR-US: Sunlogin Sunflower Simplified CVE-2022-48322 (NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stac ...) NOT-FOR-US: NETGEAR CVE-2021-4324 (Insufficient policy enforcement in Google Update in Google Chrome prio ...) - chromium (Not applicable to Debian builds) CVE-2021-4323 (Insufficient validation of untrusted input in Extensions in Google Chr ...) {DSA-4906-1} - chromium 90.0.4430.72-1 (bug #987053) [stretch] - chromium (see DSA 4562) CVE-2021-4322 (Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4321 (Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4320 (Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4319 (Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4318 (Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4317 (Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4316 (Inappropriate implementation in Cast UI in Google Chrome prior to 96.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...) NOT-FOR-US: juju2143 WalrusIRC CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...) {DSA-5376-1 DLA-3401-1} - apache2 2.4.56-1 (bug #1032476) NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690 NOTE: https://github.com/apache/httpd/commit/d78a166fedd9d02c23e4b71d5f53bd9b2c4b9a51 (r1908095) CVE-2023-0794 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0793 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2023-0792 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.) NOT-FOR-US: phpmyfaq CVE-2023-0791 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0790 (Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1 ...) NOT-FOR-US: phpmyfaq CVE-2023-0789 (Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1. ...) NOT-FOR-US: phpmyfaq CVE-2023-0788 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.) NOT-FOR-US: phpmyfaq CVE-2023-0787 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) NOT-FOR-US: phpmyfaq CVE-2023-0786 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) NOT-FOR-US: phpmyfaq CVE-2023-0785 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Best Online News Portal CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Best Online News Portal CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordP ...) NOT-FOR-US: UDX Stateless Media Plugin CVE-2023-25689 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and ...) NOT-FOR-US: IBM CVE-2023-25688 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25687 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25686 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25685 RESERVED CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) NOT-FOR-US: IBM CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...) NOT-FOR-US: IBM CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...) NOT-FOR-US: IBM CVE-2023-25681 (LDAP users on IBM Spectrum Virtualize 8.5 which are configured to requ ...) NOT-FOR-US: IBM CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...) NOT-FOR-US: IBM CVE-2023-25679 RESERVED CVE-2023-0783 (A vulnerability was found in EcShop 4.1.5. It has been classified as c ...) NOT-FOR-US: EcShop CVE-2023-0782 (A vulnerability was found in Tenda AC23 16.03.07.45 and classified as ...) NOT-FOR-US: Tenda CVE-2023-0781 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2020-36661 (A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been d ...) NOT-FOR-US: lua-multipart CVE-2019-25103 (A vulnerability has been found in simple-markdown 0.5.1 and classified ...) NOT-FOR-US: simple-markdown CVE-2019-25102 (A vulnerability, which was classified as problematic, was found in sim ...) NOT-FOR-US: simple-markdown CVE-2015-10078 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Resend Welcome Email Plugin CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-0779 (At the most basic level, an invalid pointer can be input that crashes ...) NOT-FOR-US: Zephyr CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...) - libpod 4.3.1+ds1-7 (bug #1032099) [bullseye] - libpod (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256 NOTE: Introduced with: https://github.com/containers/podman/commit/edddfe8c4f7761b12dc64ea4aa0a83b755aa124f (v3.4.0-rc1) NOTE: Fixed by: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8 (v4.5.0-rc1) CVE-2023-25678 RESERVED CVE-2023-25677 RESERVED CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository modoboa ...) NOT-FOR-US: Modoboa CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...) NOT-FOR-US: Baicells CVE-2023-0775 (An invalid \u2018prepare write request\u2019 command can cause the Blu ...) NOT-FOR-US: GSDK CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...) NOT-FOR-US: SourceCodester Medical Certificate Generator App CVE-2023-0773 (The vulnerability exists in Uniview IP Camera due to identification an ...) NOT-FOR-US: Uniview IP Camera CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...) NOT-FOR-US: WordPress plugin CVE-2023-25676 (TensorFlow is an open source machine learning platform. When running v ...) - tensorflow (bug #804612) CVE-2023-25675 (TensorFlow is an open source machine learning platform. When running v ...) - tensorflow (bug #804612) CVE-2023-25674 (TensorFlow is an open source machine learning platform. Versions prior ...) - tensorflow (bug #804612) CVE-2023-25673 (TensorFlow is an open source platform for machine learning. Versions p ...) - tensorflow (bug #804612) CVE-2023-25672 (TensorFlow is an open source platform for machine learning. The functi ...) - tensorflow (bug #804612) CVE-2023-25671 (TensorFlow is an open source platform for machine learning. There is o ...) - tensorflow (bug #804612) CVE-2023-25670 (TensorFlow is an open source platform for machine learning. Versions p ...) - tensorflow (bug #804612) CVE-2023-25669 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25668 (TensorFlow is an open source platform for machine learning. Attackers ...) - tensorflow (bug #804612) CVE-2023-25667 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25666 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25665 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25664 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25663 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25662 (TensorFlow is an open source platform for machine learning. Versions p ...) - tensorflow (bug #804612) CVE-2023-25661 (TensorFlow is an Open Source Machine Learning Framework. In versions p ...) - tensorflow (bug #804612) CVE-2023-25660 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25659 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25658 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) NOT-FOR-US: Nautobot CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...) NOT-FOR-US: notation-go CVE-2023-25655 (baserCMS is a Content Management system. Prior to version 4.7.5, any f ...) NOT-FOR-US: baserCMS CVE-2023-25654 (baserCMS is a Content Management system. Prior to version 4.7.5, there ...) NOT-FOR-US: baserCMS CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...) NOT-FOR-US: Cisco node-jose (different from src:node-jose) NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) - git 1:2.40.1-1 (bug #1034835) [bookworm] - git (Minor issue) [bullseye] - git (Minor issue) [buster] - git (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9) CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...) NOT-FOR-US: ZTE CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...) NOT-FOR-US: ZTE CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...) NOT-FOR-US: ZTE CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI ...) NOT-FOR-US: ZTE CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...) NOT-FOR-US: ZTE CVE-2023-25646 RESERVED CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...) NOT-FOR-US: ZTE CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...) NOT-FOR-US: ZTE CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...) NOT-FOR-US: ZTE CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...) NOT-FOR-US: ZTE CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...) - ampache CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 CVE-2023-0769 (The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not s ...) NOT-FOR-US: WordPress plugin CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin through 5.0. ...) NOT-FOR-US: WordPress plugin CVE-2023-25641 RESERVED CVE-2023-25640 RESERVED CVE-2023-25639 RESERVED CVE-2023-25638 RESERVED CVE-2023-25637 RESERVED CVE-2023-25636 RESERVED CVE-2023-25635 RESERVED CVE-2023-25634 RESERVED CVE-2023-25633 RESERVED CVE-2023-25632 (The Android Mobile Whale browser app before 3.0.1.2 allows the attacke ...) NOT-FOR-US: Whale browser CVE-2023-25631 RESERVED CVE-2023-25630 RESERVED CVE-2023-25629 RESERVED CVE-2023-25628 RESERVED CVE-2023-25627 RESERVED CVE-2023-25626 RESERVED CVE-2023-25625 RESERVED CVE-2023-25624 RESERVED CVE-2023-25623 RESERVED CVE-2023-25622 RESERVED CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...) NOT-FOR-US: Apache Sling CVE-2023-25620 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2023-25619 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) NOT-FOR-US: SAP CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, allows ...) NOT-FOR-US: SAP CVE-2023-25616 (In some scenario, SAP Business Objects Business Intelligence Platform ...) NOT-FOR-US: SAP CVE-2023-25615 (Due to insufficient input sanitization, SAP ABAP - versions 751, 753, ...) NOT-FOR-US: SAP CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, ...) NOT-FOR-US: SAP CVE-2023-25613 (An LDAP Injection vulnerability exists in theLdapIdentityBackend of Ap ...) NOT-FOR-US: Apache Kerby CVE-2023-0767 (An attacker could construct a PKCS 12 cert bundle in such a way that c ...) {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3327-1 DLA-3324-1 DLA-3319-1} - firefox 110.0-1 - nss 2:3.87.1-1 - firefox-esr 102.8.0esr-1 - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767 NOTE: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad CVE-2023-0766 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...) NOT-FOR-US: WordPress plugin CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...) {DSA-5452-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21 NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2. ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...) NOT-FOR-US: glorylion JFinalOA CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: PHOENIX CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist is missi ...) {DLA-3323-1} - c-ares 1.18.1-2 (bug #1031525) [bullseye] - c-ares 1.17.1-1+deb11u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168631 NOTE: https://github.com/c-ares/c-ares/pull/497 NOTE: https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d (cares-1_19_0) CVE-2022-4903 (A vulnerability was found in CodenameOne 7.0.70. It has been classifie ...) NOT-FOR-US: CodenameOne CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapost-bri ...) NOT-FOR-US: Silverstripe CVE-2023-25612 RESERVED CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) NOT-FOR-US: Delta Electronics CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) NOT-FOR-US: Delta Electronics CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 15.10.8+ds1-2 CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...) NOT-FOR-US: PTC CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...) NOT-FOR-US: PTC CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...) NOT-FOR-US: dimtion Shaarlier CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...) NOT-FOR-US: Fortinet CVE-2023-25610 RESERVED CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...) NOT-FOR-US: Fortinet CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...) NOT-FOR-US: FortiGuard CVE-2023-25607 (An improper neutralization of special elements used in an OS Command ( ...) NOT-FOR-US: Fortinet CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...) NOT-FOR-US: Fortinet CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...) NOT-FOR-US: Fortinet CVE-2023-25604 (An insertion of sensitive information into log file vulnerability in F ...) NOT-FOR-US: Fortinet CVE-2023-25603 (A permissive cross-domain policy with untrusted domains vulnerability ...) NOT-FOR-US: FortiGuard CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...) NOT-FOR-US: FortiGuard CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...) NOT-FOR-US: Apache DolphinScheduler CVE-2023-0753 RESERVED CVE-2023-0752 RESERVED CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse the ...) NOT-FOR-US: FreeBSD GELI CVE-2023-0750 (Yellobrik PEC-1864 implements authentication checks via javascript in ...) NOT-FOR-US: Yellobrik PEC-1864 CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...) NOT-FOR-US: WordPress plugin CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) NOT-FOR-US: btcpayserver CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) NOT-FOR-US: btcpayserver CVE-2023-0746 (The help page in GigaVUE-FM, when using GigaVUE-OS software version 5. ...) NOT-FOR-US: GigaVUE-FM CVE-2023-0745 (The High Availability functionality of Yugabyte Anywhere can be abused ...) - yugabyte-db (bug #989673) CVE-2022-48321 (Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe2 ...) - check-mk CVE-2022-48320 (Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Ch ...) - check-mk CVE-2022-48319 (Sensitive host secret disclosed in cmk-update-agent.log file in Tribe2 ...) - check-mk CVE-2022-48318 (No authorisation controls in the RestAPI documentation for Tribe29's C ...) - check-mk CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for Tribe ...) - check-mk CVE-2023-25600 (An issue was discovered in InsydeH2O. A malicious operating system can ...) NOT-FOR-US: InsydeH2O CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) NOT-FOR-US: Mitel CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) NOT-FOR-US: Mitel CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) NOT-FOR-US: Mitel CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...) NOT-FOR-US: Aruba CVE-2023-25595 (A vulnerability exists in the ClearPass OnGuard Ubuntu agentthat allow ...) NOT-FOR-US: Aruba CVE-2023-25594 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2023-25593 (Vulnerabilities within the web-based management interface of ClearPass ...) NOT-FOR-US: Aruba CVE-2023-25592 (Vulnerabilities within the web-based management interface of ClearPass ...) NOT-FOR-US: Aruba CVE-2023-25591 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2023-25590 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...) NOT-FOR-US: Aruba CVE-2023-25589 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) NOT-FOR-US: Answer CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) NOT-FOR-US: Answer CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) NOT-FOR-US: Answer CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) NOT-FOR-US: Answer CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchronizati ...) NOT-FOR-US: Answer CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...) NOT-FOR-US: OrangeScrum CVE-2023-0737 RESERVED CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) NOT-FOR-US: Wallabag CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) NOT-FOR-US: Wallabag CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) NOT-FOR-US: Wallabag CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) NOT-FOR-US: SourceCodester CVE-2023-25588 (A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct i ...) - binutils 2.39.50.20221208-1 (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 NOTE: binutils not covered by security support NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677 CVE-2023-25587 REJECTED CVE-2023-25586 (A flaw was found in Binutils. A logic fail in the bfd_init_section_dec ...) - binutils 2.39.50.20221208-1 (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502 NOTE: binutils not covered by security support NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29855 CVE-2023-25585 (A flaw was found in Binutils. The use of an uninitialized field in the ...) - binutils 2.39.50.20221224-1 (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 NOTE: binutils not covered by security support NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29892 CVE-2023-25584 (An out-of-bounds read flaw was found in the parse_module function in b ...) - binutils 2.39.50.20221224-1 (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 NOTE: binutils not covered by security support CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) NOT-FOR-US: Milesight UR32L CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) NOT-FOR-US: Milesight UR32L CVE-2023-25581 RESERVED CVE-2023-25580 RESERVED CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affected vers ...) - nextcloud-server (bug #941708) CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...) NOT-FOR-US: Starlite CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...) {DSA-5470-1 DLA-3346-1} - python-werkzeug 2.2.2-3 (bug #1031370) NOTE: https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b (2.2.3) NOTE: https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9 (2.2.3) NOTE: https://github.com/pallets/werkzeug/commit/babc8d9e8c9fa995ef26050698bc9b5a92803664 (2.2.3) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323 CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...) NOT-FOR-US: Fastify plugin CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia ...) NOT-FOR-US: API Platform Core CVE-2023-25574 RESERVED CVE-2023-25573 (metersphere is an open source continuous testing platform. In affected ...) NOT-FOR-US: metersphere CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...) NOT-FOR-US: react-admin CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...) NOT-FOR-US: Backstage CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2.1.0, t ...) NOT-FOR-US: Apollo CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...) NOT-FOR-US: Apollo CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building IPFS app ...) NOT-FOR-US: Boxo CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp (Minor issue) [buster] - gss-ntlmssp (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0) CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp (Vulnerable code not present) [buster] - gss-ntlmssp (Vulnerable code not present) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74 NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0) CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp (Minor issue) [buster] - gss-ntlmssp (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0) CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp (Vulnerable code not present) [buster] - gss-ntlmssp (Vulnerable code not present) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0) CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) - gss-ntlmssp 1.2.0-1 (bug #1031369) [bullseye] - gss-ntlmssp (Minor issue) [buster] - gss-ntlmssp (Minor issue) NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0) CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...) NOT-FOR-US: DataHub CVE-2023-25561 (DataHub is an open-source metadata platform. In the event a system is ...) NOT-FOR-US: DataHub CVE-2023-25560 (DataHub is an open-source metadata platform. The AuthServiceClient whi ...) NOT-FOR-US: DataHub CVE-2023-25559 (DataHub is an open-source metadata platform. When not using authentica ...) NOT-FOR-US: DataHub CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub frontend ...) NOT-FOR-US: DataHub CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...) NOT-FOR-US: DataHub CVE-2023-25556 (A CWE-287: Improper Authentication vulnerability exists that could all ...) NOT-FOR-US: Schneider CVE-2023-25555 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) NOT-FOR-US: Schneider CVE-2023-25554 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) NOT-FOR-US: Schneider CVE-2023-25553 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider CVE-2023-25552 (A CWE-862: Missing Authorization vulnerability exists that could allow ...) NOT-FOR-US: Schneider CVE-2023-25551 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider CVE-2023-25550 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Schneider CVE-2023-25549 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Schneider CVE-2023-25548 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...) NOT-FOR-US: Schneider CVE-2023-25547 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...) NOT-FOR-US: Schneider CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' versi ...) NOT-FOR-US: Dell CVE-2023-25543 (Dell Power Manager, versions prior to 3.14, contain an Improper Author ...) NOT-FOR-US: Dell CVE-2023-25542 (Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an impr ...) NOT-FOR-US: Dell CVE-2023-25541 RESERVED CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...) NOT-FOR-US: Dell CVE-2023-25539 (Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerabilit ...) NOT-FOR-US: Dell CVE-2023-25538 RESERVED CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...) NOT-FOR-US: Dell CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...) NOT-FOR-US: Dell CVE-2023-25535 (Dell SupportAssist for Home PCs Installer Executable file version prio ...) NOT-FOR-US: Dell CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...) NOT-FOR-US: Ichitaro CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: Interactive Geo Maps plugin for WordPress CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0729 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0721 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0714 RESERVED CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2023-XXXX [RUSTSEC-2023-0005] - rust-tokio 1.24.2-1 [bullseye] - rust-tokio (Vulnerable code not present) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0005.html NOTE: https://github.com/tokio-rs/tokio/issues/5372 CVE-2023-25534 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25533 (NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an a ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25532 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25531 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25529 (NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the h ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains a vulne ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25527 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...) NOT-FOR-US: NVIDIA DGX H100 BMC CVE-2023-25526 (NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanag ...) NOT-FOR-US: NVIDIA Cumulus Linux CVE-2023-25525 (NVIDIA Cumulus Linux contains a vulnerability in forwarding where a Vx ...) NOT-FOR-US: NVIDIA Cumulus Linux CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a ...) NOT-FOR-US: NVIDIA CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) - nvidia-cuda-toolkit (unimportant; bug #1042766) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5469 NOTE: Crash in CLI tool, no security impact CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) NOT-FOR-US: NVIDIA CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) NOT-FOR-US: NVIDIA CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...) NOT-FOR-US: NVIDIA CVE-2023-25519 (NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit c ...) NOT-FOR-US: NVIDIA CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) NOT-FOR-US: NVIDIA CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685) [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.248.02-1 (bug #1039682) [bullseye] - nvidia-graphics-drivers-tesla-450 450.248.02-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1039681) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1039680) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1039679) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.125.06-1 (bug #1039678) [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1 [bullseye] - nvidia-graphics-drivers 470.199.02-1 [buster] - nvidia-graphics-drivers (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686) [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685) [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.248.02-1 (bug #1039682) [bullseye] - nvidia-graphics-drivers-tesla-450 450.248.02-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1039681) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1039680) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1039679) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.125.06-1 (bug #1039678) [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1 [bullseye] - nvidia-graphics-drivers 470.199.02-1 [buster] - nvidia-graphics-drivers (Minor issue, revisit when/if fixed upstream) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) - nvidia-cuda-toolkit 12.1.1-1 (unimportant; bug #1034793; bug #1034799) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 NOTE: Crash in CLI tool, no security impact CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) - nvidia-cuda-toolkit 12.0.1-1 (unimportant; bug #1041887) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 NOTE: Crash in CLI tool, no security impact CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) [experimental] - nvidia-cuda-toolkit 12.1.0-1 - nvidia-cuda-toolkit (unimportant; bug #1034799) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 NOTE: Crash in CLI tool, no security impact CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in ...) - nvidia-cuda-toolkit 12.1.1-1 (unimportant; bug #1034793; bug #1034799) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 NOTE: Crash in CLI tool, no security impact CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer ...) - nvidia-cuda-toolkit 12.1.1-1 (unimportant; bug #1034793; bug #1034799) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 NOTE: Crash in CLI tool, no security impact CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to ...) NOT-FOR-US: NVIDIA DGX-1 SBIOS CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where a ...) NOT-FOR-US: NVIDIA DGX-1 BMC CVE-2023-25507 (NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where a ...) NOT-FOR-US: NVIDIA DGX-1 BMC CVE-2023-25506 (NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a pr ...) NOT-FOR-US: NVIDIA DGX-1 CVE-2023-25505 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the A ...) NOT-FOR-US: NVIDIA DGX-1 BMC CVE-2023-25504 (A malicious actor who has been authenticated and granted specific perm ...) NOT-FOR-US: Apache Superset CVE-2023-25503 RESERVED CVE-2023-25502 RESERVED CVE-2023-25501 RESERVED CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to ...) NOT-FOR-US: Vaadin CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...) NOT-FOR-US: Vaadin CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the urvpn_client ...) NOT-FOR-US: Milesight UR32L CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...) {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium (see DSA 5046) CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) NOT-FOR-US: HashiCorp Boundary CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) NOT-FOR-US: XpressEngine CVE-2023-25498 RESERVED CVE-2023-25497 RESERVED CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo Drivers Ma ...) NOT-FOR-US: Lenovo CVE-2023-25495 (A valid, authenticated administrative user can query a web interface A ...) NOT-FOR-US: Lenovo CVE-2023-25494 (A potential vulnerability were reported in the BIOS of some Desktop, S ...) NOT-FOR-US: Lenovo CVE-2023-25493 (A potential vulnerability was reported in the BIOS update tool driver ...) NOT-FOR-US: Lenovo CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of service ...) NOT-FOR-US: Lenovo CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Samue ...) NOT-FOR-US: WordPress plugin CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) NOT-FOR-US: WordPress plugin CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update T ...) NOT-FOR-US: WordPress plugin CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc ...) NOT-FOR-US: WordPress plugin CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...) NOT-FOR-US: WordPress plugin CVE-2023-25486 RESERVED CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...) NOT-FOR-US: WordPress plugin CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) NOT-FOR-US: WordPress plugin CVE-2023-25483 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anki ...) NOT-FOR-US: WordPress plugin CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tile ...) NOT-FOR-US: WordPress plugin CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...) NOT-FOR-US: WordPress plugin CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and P ...) NOT-FOR-US: WordPress plugin CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) NOT-FOR-US: WordPress plugin CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...) NOT-FOR-US: WordPress plugin CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...) NOT-FOR-US: WordPress plugin CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic Am ...) NOT-FOR-US: WordPress plugin CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...) NOT-FOR-US: WordPress plugin CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...) NOT-FOR-US: WordPress plugin CVE-2023-25473 (Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr ...) NOT-FOR-US: WordPress plugin CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...) NOT-FOR-US: WordPress plugin CVE-2023-25471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin ...) NOT-FOR-US: WordPress plugin CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...) NOT-FOR-US: WordPress plugin CVE-2023-25469 RESERVED CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...) NOT-FOR-US: WordPress plugin CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...) NOT-FOR-US: WordPress plugin CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...) NOT-FOR-US: WordPress plugin CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...) NOT-FOR-US: WordPress plugin CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP te ...) NOT-FOR-US: WordPress plugin CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...) NOT-FOR-US: WordPress plugin CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...) NOT-FOR-US: WordPress plugin CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) NOT-FOR-US: WordPress plugin CVE-2023-25459 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Post ...) NOT-FOR-US: WordPress plugin CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO ...) NOT-FOR-US: WordPress plugin CVE-2023-25457 (Missing Authorization vulnerability in Richteam Slider Carousel \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2023-25456 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klav ...) NOT-FOR-US: WordPress plugin CVE-2023-25455 RESERVED CVE-2023-25454 RESERVED CVE-2023-25453 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sado ...) NOT-FOR-US: WordPress plugin CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) NOT-FOR-US: WordPress plugin CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...) NOT-FOR-US: WordPress plugin CVE-2023-25450 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u201 ...) NOT-FOR-US: WordPress plugin CVE-2023-25449 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bast ...) NOT-FOR-US: WordPress plugin CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...) NOT-FOR-US: WordPress plugin CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...) NOT-FOR-US: WordPress theme CVE-2023-25446 RESERVED CVE-2023-25445 RESERVED CVE-2023-25444 RESERVED CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...) NOT-FOR-US: WordPress plugin CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-25441 RESERVED CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...) - civicrm 5.68.1+dfsg1-1 (bug #1036695) [bullseye] - civicrm (Minor issue) NOTE: https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...) NOT-FOR-US: Square Pig FusionInvoice CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...) NOT-FOR-US: MilleGP5 CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...) NOT-FOR-US: vTech CVE-2023-25436 RESERVED CVE-2023-25435 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...) - tiff 4.5.0-5 [bullseye] - tiff 4.2.0-1+deb11u4 [buster] - tiff 4.1.0+git191117-2~deb10u7 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/518 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1) NOTE: Same fix as CVE-2023-0795 CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...) - tiff 4.5.0-5 [bullseye] - tiff 4.2.0-1+deb11u4 [buster] - tiff 4.1.0+git191117-2~deb10u7 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/519 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1) NOTE: Same fix as CVE-2023-0795. CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiff ...) {DLA-3513-1} - tiff 4.5.1~rc3-1 [bookworm] - tiff (Minor issue) [bullseye] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/520 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 (v4.5.1rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 (v4.5.1rc1) CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...) NOT-FOR-US: Online Reviewer Management System CVE-2023-25431 (An issue was discovered in Online Reviewer Management System v1.0. The ...) NOT-FOR-US: Online Reviewer Management System CVE-2023-25430 RESERVED CVE-2023-25429 RESERVED CVE-2023-25428 (A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.2 ...) NOT-FOR-US: Soft-o Free Password Manager CVE-2023-25427 RESERVED CVE-2023-25426 RESERVED CVE-2023-25425 RESERVED CVE-2023-25424 RESERVED CVE-2023-25423 RESERVED CVE-2023-25422 RESERVED CVE-2023-25421 RESERVED CVE-2023-25420 RESERVED CVE-2023-25419 RESERVED CVE-2023-25418 RESERVED CVE-2023-25417 RESERVED CVE-2023-25416 RESERVED CVE-2023-25415 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...) NOT-FOR-US: Aten CVE-2023-25414 (Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).) NOT-FOR-US: Aten CVE-2023-25413 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...) NOT-FOR-US: Aten CVE-2023-25412 RESERVED CVE-2023-25411 (Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF) ...) NOT-FOR-US: Aten CVE-2023-25410 RESERVED CVE-2023-25409 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...) NOT-FOR-US: Aten CVE-2023-25408 RESERVED CVE-2023-25407 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...) NOT-FOR-US: Aten CVE-2023-25406 RESERVED CVE-2023-25405 RESERVED CVE-2023-25404 RESERVED CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass ...) NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is n ...) NOT-FOR-US: CleverStupidDog yf-exam CVE-2023-25401 RESERVED CVE-2023-25400 RESERVED CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovere ...) - scipy 1.10.0-2 [bullseye] - scipy (Minor issue) NOTE: https://github.com/scipy/scipy/issues/16235 NOTE: https://github.com/scipy/scipy/pull/16397 NOTE: Fixed by: https://github.com/scipy/scipy/commit/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 (v1.10.0rc1) NOTE: http://www.square16.org/achievement/cve-2023-25399/ CVE-2023-25398 RESERVED CVE-2023-25397 RESERVED CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) NOT-FOR-US: Caphyon Advanced Installer CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contai ...) NOT-FOR-US: TOTOLINK CVE-2023-25394 (Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Update ...) NOT-FOR-US: Videostream macOS app CVE-2023-25393 RESERVED CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Val ...) NOT-FOR-US: Allegro Tech BigFlow CVE-2023-25391 RESERVED CVE-2023-25390 RESERVED CVE-2023-25389 RESERVED CVE-2023-25388 RESERVED CVE-2023-25387 RESERVED CVE-2023-25386 RESERVED CVE-2023-25385 RESERVED CVE-2023-25384 RESERVED CVE-2023-25383 RESERVED CVE-2023-25382 RESERVED CVE-2023-25381 RESERVED CVE-2023-25380 RESERVED CVE-2023-25379 RESERVED CVE-2023-25378 RESERVED CVE-2023-25377 RESERVED CVE-2023-25376 RESERVED CVE-2023-25375 RESERVED CVE-2023-25374 RESERVED CVE-2023-25373 RESERVED CVE-2023-25372 RESERVED CVE-2023-25371 RESERVED CVE-2023-25370 RESERVED CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial o ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrec ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...) NOT-FOR-US: October CMS CVE-2023-25364 (Opswat Metadefender Core before 5.2.1 does not properly defend against ...) NOT-FOR-US: Opswat Metadefender Core CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=242684 CVE-2023-25362 (A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSe ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=244802 CVE-2023-25361 (A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=244249 CVE-2023-25360 (A use-after-free vulnerability in WebCore::RenderLayer::renderer in We ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=242686 CVE-2023-25359 RESERVED CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild in We ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2023-25357 RESERVED CVE-2023-25356 (CoreDial sipXcom up to and including 21.04 is vulnerable to Improper N ...) NOT-FOR-US: CoreDial sipXcom CVE-2023-25355 (CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure P ...) NOT-FOR-US: CoreDial sipXcom CVE-2023-25354 RESERVED CVE-2023-25353 RESERVED CVE-2023-25352 RESERVED CVE-2023-25351 RESERVED CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the use ...) NOT-FOR-US: Faveo Helpdesk CVE-2023-25349 RESERVED CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...) NOT-FOR-US: ChurchCRM CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, ...) NOT-FOR-US: ChurchCRM CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...) NOT-FOR-US: ChurchCRM CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...) NOT-FOR-US: swig-templates CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...) NOT-FOR-US: swig-templates CVE-2023-25343 RESERVED CVE-2023-25342 RESERVED CVE-2023-25341 (A Directory Traversal vulnerability in ladle dev server 2.5.1 and earl ...) NOT-FOR-US: ladle dev server CVE-2023-25340 RESERVED CVE-2023-25339 RESERVED CVE-2023-25338 RESERVED CVE-2023-25337 RESERVED CVE-2023-25336 RESERVED CVE-2023-25335 RESERVED CVE-2023-25334 RESERVED CVE-2023-25333 RESERVED CVE-2023-25332 RESERVED CVE-2023-25331 RESERVED CVE-2023-25330 (A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows rem ...) NOT-FOR-US: Mybatis CVE-2023-25329 RESERVED CVE-2023-25328 RESERVED CVE-2023-25327 RESERVED CVE-2023-25326 RESERVED CVE-2023-25325 RESERVED CVE-2023-25324 RESERVED CVE-2023-25323 RESERVED CVE-2023-25322 RESERVED CVE-2023-25321 RESERVED CVE-2023-25320 RESERVED CVE-2023-25319 RESERVED CVE-2023-25318 RESERVED CVE-2023-25317 RESERVED CVE-2023-25316 RESERVED CVE-2023-25315 RESERVED CVE-2023-25314 (Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Netwo ...) NOT-FOR-US: AVideo CVE-2023-25313 (OS injection vulnerability in World Wide Broadcast Network AVideo vers ...) NOT-FOR-US: AVideo CVE-2023-25312 RESERVED CVE-2023-25311 RESERVED CVE-2023-25310 RESERVED CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version ...) NOT-FOR-US: Fetlife rollout-ui CVE-2023-25308 RESERVED CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.) NOT-FOR-US: nothub mrpack-install CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.) NOT-FOR-US: MultiMC Launcher CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...) NOT-FOR-US: PolyMC Launcher CVE-2023-25304 (An issue in Prism Launcher up to v6.1 allows attackers to perform a di ...) NOT-FOR-US: Prism Launcher CVE-2023-25303 (ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack ...) NOT-FOR-US: ATLauncher CVE-2023-25302 RESERVED CVE-2023-25301 RESERVED CVE-2023-25300 RESERVED CVE-2023-25299 RESERVED CVE-2023-25298 RESERVED CVE-2023-25297 RESERVED CVE-2023-25296 RESERVED CVE-2023-25295 (A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN ...) NOT-FOR-US: GRN Software Group eVEWA3 Community CVE-2023-25294 RESERVED CVE-2023-25293 RESERVED CVE-2023-25292 (Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office vers ...) NOT-FOR-US: Intermesh BV Group-Office CVE-2023-25291 RESERVED CVE-2023-25290 RESERVED CVE-2023-25289 (Directory Traversal vulnerability in virtualreception Digital Receptie ...) NOT-FOR-US: virtualreception Digital Receptie CVE-2023-25288 RESERVED CVE-2023-25287 RESERVED CVE-2023-25286 RESERVED CVE-2023-25285 RESERVED CVE-2023-25284 RESERVED CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...) NOT-FOR-US: D-Link CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows atta ...) NOT-FOR-US: D-Link CVE-2023-25281 (A stack overflow vulnerability exists in pingV4Msg component in D-Link ...) NOT-FOR-US: D-Link CVE-2023-25280 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) NOT-FOR-US: D-Link CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) NOT-FOR-US: D-Link CVE-2023-25278 RESERVED CVE-2023-25277 RESERVED CVE-2023-25276 RESERVED CVE-2023-25275 RESERVED CVE-2023-25274 RESERVED CVE-2023-25273 RESERVED CVE-2023-25272 RESERVED CVE-2023-25271 RESERVED CVE-2023-25270 RESERVED CVE-2023-25269 RESERVED CVE-2023-25268 RESERVED CVE-2023-25267 (An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 1 ...) NOT-FOR-US: Kerio Connect CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) NOT-FOR-US: Docmosis Tornado CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading ...) NOT-FOR-US: Docmosis Tornado CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) NOT-FOR-US: Docmosis Tornado CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...) NOT-FOR-US: Stimulsoft Designer CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...) NOT-FOR-US: Stimulsoft Designer CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...) NOT-FOR-US: Stimulsoft CVE-2023-25260 (Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusi ...) NOT-FOR-US: Stimulsoft Designer CVE-2023-25259 RESERVED CVE-2023-25258 RESERVED CVE-2023-25257 RESERVED CVE-2023-25256 RESERVED CVE-2023-25255 RESERVED CVE-2023-25254 RESERVED CVE-2023-25253 RESERVED CVE-2023-25252 RESERVED CVE-2023-25251 RESERVED CVE-2023-25250 RESERVED CVE-2023-25249 RESERVED CVE-2023-25248 RESERVED CVE-2023-25247 RESERVED CVE-2023-25246 RESERVED CVE-2023-25245 RESERVED CVE-2023-25244 RESERVED CVE-2023-25243 RESERVED CVE-2023-25242 RESERVED CVE-2023-25241 (bgERP v22.31 was discovered to contain a reflected cross-site scriptin ...) NOT-FOR-US: bgERP CVE-2023-25240 (An improper SameSite Attribute vulnerability in pimCore v10.5.15 allow ...) NOT-FOR-US: Pimcore CVE-2023-25239 RESERVED CVE-2023-25238 RESERVED CVE-2023-25237 RESERVED CVE-2023-25236 RESERVED CVE-2023-25235 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) NOT-FOR-US: Tenda CVE-2023-25234 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) NOT-FOR-US: Tenda CVE-2023-25233 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) NOT-FOR-US: Tenda CVE-2023-25232 RESERVED CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...) NOT-FOR-US: Tenda CVE-2023-25230 (A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attack ...) NOT-FOR-US: loonflow CVE-2023-25229 RESERVED CVE-2023-25228 RESERVED CVE-2023-25227 RESERVED CVE-2023-25226 RESERVED CVE-2023-25225 RESERVED CVE-2023-25224 RESERVED CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.) NOT-FOR-US: CRMEB CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...) - libredwg (bug #595191) CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/388 NOTE: https://github.com/strukturag/libde265/commit/857290982330e82d9e25d9d39527c6737021aa7d (v1.0.11) CVE-2023-25220 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25219 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25218 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25217 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25216 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25215 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25214 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25213 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25212 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25211 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25210 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) NOT-FOR-US: Tenda CVE-2023-25209 RESERVED CVE-2023-25208 RESERVED CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfran ...) NOT-FOR-US: PrestaShop CVE-2023-25206 (PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.) NOT-FOR-US: PrestaShop CVE-2023-25205 RESERVED CVE-2023-25204 RESERVED CVE-2023-25203 RESERVED CVE-2023-25202 RESERVED CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1 CVE-2023-25200 (An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 ...) NOT-FOR-US: MT Safeline X-Ray CVE-2023-25199 (A reflected cross-site scripting (XSS) vulnerability exists in the MT ...) NOT-FOR-US: MT Safeline X-Ray CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been declared ...) NOTE: Not considered a security issue NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29444 NOTE: https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo@yuriev.ru/ CVE-2023-0686 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0683 (A valid, authenticated XCC user with read only access may gain elevate ...) NOT-FOR-US: Lenovo CVE-2023-0682 RESERVED CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...) NOT-FOR-US: Rapid7 CVE-2023-0680 REJECTED CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-48316 RESERVED CVE-2022-48315 RESERVED CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...) NOT-FOR-US: Custom-Content-Width CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been ...) NOT-FOR-US: OpenSeaMap CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth ...) NOT-FOR-US: weblabyrinth CVE-2023-25198 RESERVED CVE-2023-25197 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache Fineract CVE-2023-25196 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache Fineract CVE-2023-25195 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) NOT-FOR-US: Apache Fineract CVE-2022-48314 (The Bluetooth module has a vulnerability of bypassing the user confirm ...) NOT-FOR-US: Huawei CVE-2022-48313 (The Bluetooth module has a vulnerability of bypassing the user confirm ...) NOT-FOR-US: Huawei CVE-2022-48312 (The HwPCAssistant module has the out-of-bounds read/write vulnerabilit ...) NOT-FOR-US: Huawei CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...) - kafka (bug #786460) CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...) NOT-FOR-US: eXo Chat CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...) NOT-FOR-US: paxswill EVE Ship Replacement Program CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WangGuard CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...) NOT-FOR-US: WikiSEO CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...) - harfbuzz 8.0.0-1 (bug #1030612) [bookworm] - harfbuzz (Minor issue) [bullseye] - harfbuzz (Minor issue) [buster] - harfbuzz (Minor issue) NOTE: Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc NOTE: Reverted: https://github.com/harfbuzz/harfbuzz/commit/661050b4659ee490dfe622821bc7fde7d1c40510 NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8 (7.0.0) CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and ...) NOT-FOR-US: Gimmie CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...) NOT-FOR-US: Gimmie CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...) NOT-FOR-US: Gimmie CVE-2023-25192 (AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fi ...) NOT-FOR-US: AMI CVE-2023-25191 (AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The ...) NOT-FOR-US: AMI CVE-2023-25190 RESERVED CVE-2023-0678 (Missing Authorization in GitHub repository phpipam/phpipam prior to v1 ...) - phpipam (bug #731713) CVE-2023-0677 (Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/ph ...) - phpipam (bug #731713) CVE-2023-0676 (Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/ph ...) - phpipam (bug #731713) CVE-2023-0675 (A vulnerability, which was classified as critical, was found in Calend ...) NOT-FOR-US: Calendar Event Management System CVE-2023-0674 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: XXL-JOB CVE-2023-0673 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Eyewear Shop CVE-2017-20176 (A vulnerability classified as problematic was found in ciubotaru share ...) NOT-FOR-US: share-on-diaspora CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSchTour ...) NOT-FOR-US: Mamoto extension for MediaWiki CVE-2023-25189 RESERVED CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) NOT-FOR-US: NOKIA CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) NOT-FOR-US: NOKIA CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) NOT-FOR-US: NOKIA CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) NOT-FOR-US: NOKIA CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...) NOT-FOR-US: Gallagher CVE-2023-24590 (A format string issue in the Controller 6000's optional diagnostic web ...) NOT-FOR-US: Gallagher CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...) NOT-FOR-US: Gallagher CVE-2023-23584 (An observable response discrepancy in the Gallagher Command Centre RES ...) NOT-FOR-US: Gallagher CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could allow priv ...) NOT-FOR-US: Gallagher CVE-2023-23570 (Client-Side enforcement of Server-Side security for the Command Centre ...) NOT-FOR-US: Gallagher CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...) NOT-FOR-US: Gallagher CVE-2023-22439 (Improper input validation of a large HTTP request in the Controller 60 ...) NOT-FOR-US: Gallagher CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...) NOT-FOR-US: Gallagher CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...) NOT-FOR-US: Gallagher CVE-2023-0672 RESERVED CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.) - froxlor (bug #581792) CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an atta ...) NOT-FOR-US: ULearn CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...) NOT-FOR-US: Fortra GoAnywhere MFT CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...) {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (vulnerable code introduced in 3.2) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/254502d765d11f1d97b15bc1c3ff06d38e049ef2 (v3.1.1) CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...) {DSA-5429-1} - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Minor issue) NOTE: https://takeonme.org/cves/CVE-2023-0667.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086 CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...) {DSA-5429-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark 4.0.6-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (vulnerable code introduced in 3.4) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-18.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19085 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/77d94aea243c3eca2be4749fce3145218fdf8b29 (v3.3.0) CVE-2023-0665 (HashiCorp Vault's PKI mount issuer endpoints did not correctly authori ...) NOT-FOR-US: HashiCorp Vault CVE-2023-0664 (A flaw was found in the QEMU Guest Agent service for Windows. A local ...) - qemu (Windows specific issue) CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...) NOT-FOR-US: Calendar Event Management System CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...) NOT-FOR-US: HP CVE-2023-25173 (containerd is an open source container runtime. A bug was found in con ...) - containerd 1.6.18~ds1-1 [bullseye] - containerd 1.4.13~ds1-1~deb11u4 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p CVE-2023-25172 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...) NOT-FOR-US: Kiwi TCMS CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...) NOT-FOR-US: PrestaShop CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...) NOT-FOR-US: Discourse plugin CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...) NOT-FOR-US: Wings CVE-2023-25167 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2023-25166 (formula is a math and string formula parser. In versions prior to 3.0. ...) NOT-FOR-US: @sideway/formula CVE-2023-25165 (Helm is a tool that streamlines installing and managing Kubernetes app ...) - helm-kubernetes (bug #910799) CVE-2023-25164 (Tinacms is a Git-backed headless content management system with suppor ...) NOT-FOR-US: Tinacms CVE-2023-25163 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-25162 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2023-25161 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server platform. ...) NOT-FOR-US: Nextcloud Mail CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...) NOT-FOR-US: GeoTools CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: Geoserver CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...) NOT-FOR-US: Kiwi TCMS CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.9-1 (bug #1032279) [bullseye] - redis (Minor issue) [buster] - redis (Minor issue, DoS) NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9) CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...) NOT-FOR-US: Misskey CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...) - containerd 1.6.18~ds1-1 [bullseye] - containerd 1.4.13~ds1-1~deb11u4 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2 CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...) NOT-FOR-US: Wings CVE-2023-25151 (opentelemetry-go-contrib is a collection of extensions for OpenTelemet ...) NOT-FOR-US: opentelemetry-go-contrib CVE-2023-25150 (Nextcloud office/richdocuments is an office suit for the nextcloud ser ...) NOT-FOR-US: Nextcloud office/richdocuments CVE-2023-25149 (TimescaleDB, an open-source time-series SQL database, has a privilege ...) NOT-FOR-US: Timescale TimescaleDB CVE-2023-25148 (A security agent link following vulnerability in Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2023-25147 (An issue in the Trend Micro Apex One agent could allow an attacker who ...) NOT-FOR-US: Trend Micro CVE-2023-25146 (A security agent link following vulnerability in the Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2023-25145 (A link following vulnerability in the scanning function of Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2023-25144 (An improper access control vulnerability in the Trend Micro Apex One a ...) NOT-FOR-US: Trend Micro CVE-2023-25143 (An uncontrolled search path element vulnerability in the Trend Micro A ...) NOT-FOR-US: Trend Micro CVE-2023-25142 RESERVED CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability ...) NOT-FOR-US: Apache sling-org-apache-sling-jcr-base CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-3247 (In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ...) {DSA-5425-1 DSA-5424-1 DLA-3458-1} - php8.2 8.2.7-1 - php7.4 - php7.3 NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6 (php-8.0.29) NOTE: https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e (php-8.0.29) CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) {DSA-5363-1 DLA-3345-1} - php8.2 8.2.4-1 (bug #1031368) - php7.4 - php7.3 NOTE: Fixed in: 8.2.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv NOTE: https://github.com/php/php-src/commit/716de0cff539f46294ef70fe75d548cd66766370 NOTE: https://github.com/php/php-src/commit/e45850c195dcd5534394cf357a3f776d4916b655 (improvement) CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...) NOT-FOR-US: Devolutions CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...) NOT-FOR-US: BDCOM CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions older t ...) NOT-FOR-US: Sophos CVE-2022-48310 (An information disclosure vulnerability allows sensitive key material ...) NOT-FOR-US: Sophos CVE-2022-48309 (A CSRF vulnerability allows malicious websites to retrieve logs and te ...) NOT-FOR-US: Sophos CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-o ...) - glibc (Vulnerable code introduced in 2.37) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068 NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0 NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2023-0001 CVE-2023-25138 RESERVED CVE-2023-25137 RESERVED CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker t ...) NOT-FOR-US: vBulletin CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with ...) NOT-FOR-US: McAfee CVE-2023-25133 (Improper privilege management vulnerability in default.cmd file in Pow ...) NOT-FOR-US: PowerPanel CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability in defau ...) NOT-FOR-US: PowerPanel CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business Local/Rem ...) NOT-FOR-US: PowerPanel CVE-2023-25130 REJECTED CVE-2023-25129 REJECTED CVE-2023-25128 REJECTED CVE-2023-25127 REJECTED CVE-2023-25126 REJECTED CVE-2023-25125 REJECTED CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) NOT-FOR-US: Milesight UR32L CVE-2023-25069 (TXOne StellarOne has an improper access control privilege escalation v ...) NOT-FOR-US: TXOne StellarOne CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the libzebra.so. ...) NOT-FOR-US: Milesight UR32L CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus tcpdump ...) NOT-FOR-US: Milesight UR32L CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...) NOT-FOR-US: Multilaser RE057 and RE170 CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...) NOT-FOR-US: sls-logging CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...) NOT-FOR-US: Magritte-ftp CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...) NOT-FOR-US: Palantir CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...) NOT-FOR-US: OnShift TurboGears CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MobileDetect CVE-2018-25079 (A vulnerability was found in Segmentio is-url up to 1.2.2. It has been ...) NOT-FOR-US: Node is-url CVE-2015-10072 (A vulnerability classified as problematic was found in NREL api-umbrel ...) NOT-FOR-US: api-umbrella-web CVE-2013-10018 (A vulnerability was found in fanzila WebFinance 0.5. It has been decla ...) NOT-FOR-US: fanzila WebFinance CVE-2013-10017 (A vulnerability was found in fanzila WebFinance 0.5. It has been class ...) NOT-FOR-US: fanzila WebFinance CVE-2013-10016 (A vulnerability was found in fanzila WebFinance 0.5 and classified as ...) NOT-FOR-US: fanzila WebFinance CVE-2013-10015 (A vulnerability has been found in fanzila WebFinance 0.5 and classifie ...) NOT-FOR-US: fanzila WebFinance CVE-2023-25068 RESERVED CVE-2023-25067 RESERVED CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...) NOT-FOR-US: FolioVision CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...) NOT-FOR-US: WordPress plugin CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) NOT-FOR-US: WordPress plugin CVE-2023-25063 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anad ...) NOT-FOR-US: WordPress plugin CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINP ...) NOT-FOR-US: WordPress plugin CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25060 RESERVED CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...) NOT-FOR-US: WordPress plugin CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...) NOT-FOR-US: WordPress plugin CVE-2023-25057 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...) NOT-FOR-US: WordPress plugin CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) NOT-FOR-US: WordPress plugin CVE-2023-25054 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-25053 RESERVED CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...) NOT-FOR-US: WordPress plugin CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...) NOT-FOR-US: WordPress plugin CVE-2023-25050 RESERVED CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...) NOT-FOR-US: WordPress plugin CVE-2023-25048 RESERVED CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) NOT-FOR-US: WordPress plugin CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...) NOT-FOR-US: WordPress plugin CVE-2023-25043 (Incorrect Authorization vulnerability in Supsystic Data Tables Generat ...) NOT-FOR-US: WordPress plugin CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...) NOT-FOR-US: WordPress plugin CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...) NOT-FOR-US: WordPress theme CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-25039 (Missing Authorization vulnerability in CodePeople Google Maps CP.This ...) NOT-FOR-US: WordPress plugin CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...) NOT-FOR-US: WordPress plugin CVE-2023-25037 RESERVED CVE-2023-25036 (Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.An ...) NOT-FOR-US: WordPress plugin CVE-2023-25035 RESERVED CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...) NOT-FOR-US: WordPress plugin CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...) NOT-FOR-US: WordPress plugin CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prin ...) NOT-FOR-US: WordPress plugin CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) NOT-FOR-US: WordPress plugin CVE-2023-25030 RESERVED CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...) NOT-FOR-US: WordPress plugin CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...) NOT-FOR-US: WordPress plugin CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) NOT-FOR-US: WordPress plugin CVE-2023-25026 RESERVED CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...) NOT-FOR-US: WordPress plugin CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...) NOT-FOR-US: WordPress plugin CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sale ...) NOT-FOR-US: WordPress plugin CVE-2023-25022 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) NOT-FOR-US: WordPress plugin CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fare ...) NOT-FOR-US: WordPress plugin CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs ...) NOT-FOR-US: WordPress plugin CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...) NOT-FOR-US: WordPress plugin CVE-2023-6717 (A flaw was found in the SAML client registration in Keycloak that coul ...) NOT-FOR-US: Keycloak CVE-2023-6544 (A flaw was found in the Keycloak package. This issue occurs due to a p ...) NOT-FOR-US: Keycloak CVE-2023-0657 RESERVED NOT-FOR-US: Keycloak CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...) NOT-FOR-US: SonicOS CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...) NOT-FOR-US: SonicWall CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android ...) NOT-FOR-US: WordPress plugin CVE-2023-0653 RESERVED CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the repair ...) NOT-FOR-US: installer (MSI) of WARP Client for Windows CVE-2023-0651 (A vulnerability was found in FastCMS 0.1.0. It has been classified as ...) NOT-FOR-US: FastCMS CVE-2023-0650 (A vulnerability was found in YAFNET up to 3.1.11 and classified as pro ...) NOT-FOR-US: YAFNET CVE-2023-0649 (A vulnerability has been found in dst-admin 1.5.0 and classified as cr ...) NOT-FOR-US: dst-admin CVE-2023-0648 (A vulnerability, which was classified as critical, was found in dst-ad ...) NOT-FOR-US: dst-admin CVE-2023-0647 (A vulnerability, which was classified as critical, has been found in d ...) NOT-FOR-US: dst-admin CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...) NOT-FOR-US: dst-admin CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...) [experimental] - jpeg-xl 0.8.2-1 - jpeg-xl (bug #1034722) [bookworm] - jpeg-xl (Minor issue) NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084 NOTE: https://github.com/libjxl/libjxl/issues/2100 NOTE: https://github.com/libjxl/libjxl/pull/2101 CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...) NOT-FOR-US: squidex CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...) NOT-FOR-US: squidex CVE-2023-0641 (A vulnerability was found in PHPGurukul Employee Leaves Management Sys ...) NOT-FOR-US: PHPGurukul Employee Leaves Management System CVE-2023-0640 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been ...) NOT-FOR-US: TRENDnet CVE-2023-0639 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classifie ...) NOT-FOR-US: TRENDnet CVE-2023-0638 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) NOT-FOR-US: TRENDnet CVE-2023-0637 (A vulnerability, which was classified as critical, was found in TRENDn ...) NOT-FOR-US: TRENDnet CVE-2023-0636 (Improper Input Validation vulnerability in ABB Ltd. ASPECT\xae-Enterpr ...) NOT-FOR-US: ABB CVE-2023-0635 (Improper Privilege Management vulnerability in ABB Ltd. ASPECT\xae-Ent ...) NOT-FOR-US: ABB CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...) - openssh 1:9.2p1-1 [bullseye] - openssh (Vulnerable code not present) [buster] - openssh (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1 CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient filtering f ...) NOT-FOR-US: RIFARTEK IOT Wall CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An a ...) NOT-FOR-US: RIFARTEK IOT Wall CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...) NOT-FOR-US: Couchbase Server CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) NOT-FOR-US: Clockwork Web CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) NOT-FOR-US: TYPO3 extension CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) NOT-FOR-US: TYPO3 extension CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) {DLA-3404-1} - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/ CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...) NOT-FOR-US: PC settings tool CVE-2023-25010 (A malicious actor may convince a victim to open a malicious USD file t ...) NOT-FOR-US: Autodesk CVE-2023-25009 (A malicious actor may convince a user to open a malicious USD file tha ...) NOT-FOR-US: Autodesk CVE-2023-25008 (A malicious actor may convince a user to open a malicious USD file tha ...) NOT-FOR-US: Autodesk CVE-2023-25007 (A malicious actor may convince a user to open a malicious USD file tha ...) NOT-FOR-US: Autodesk CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD file tha ...) NOT-FOR-US: Autodesk CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated ...) NOT-FOR-US: Autodesk CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is used t ...) NOT-FOR-US: Autodesk CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...) NOT-FOR-US: Autodesk CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to trigger ...) NOT-FOR-US: Autodesk CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be ...) NOT-FOR-US: Autodesk CVE-2023-0634 REJECTED CVE-2023-0633 (In Docker Desktop on Windows before 4.12.0 an argument injection to in ...) NOT-FOR-US: Docker Desktop CVE-2023-0632 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does not preve ...) NOT-FOR-US: WordPress plugin CVE-2023-0630 (The Slimstat Analytics WordPress plugin before 4.9.3.3 does not preven ...) NOT-FOR-US: WordPress plugin CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...) NOT-FOR-US: Docker Desktop CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...) NOT-FOR-US: Docker Desktop CVE-2023-0627 (Docker Desktop 4.11.x allows --no-windows-containers flag bypass via I ...) NOT-FOR-US: Docker Desktop CVE-2023-0626 (Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters ...) NOT-FOR-US: Docker Desktop CVE-2023-0625 (Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extens ...) NOT-FOR-US: Docker Desktop CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...) NOT-FOR-US: OrangeScrum CVE-2023-0623 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...) NOT-FOR-US: Cscape Envision RV CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...) NOT-FOR-US: Cscape Envision RV CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...) NOT-FOR-US: Cscape Envision RV CVE-2023-0620 (HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are ...) NOT-FOR-US: HashiCorp Vault CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used preco ...) NOT-FOR-US: HashiCorp Vault CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowe ...) NOT-FOR-US: Vault CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...) {DSA-5522-1 DLA-3617-1} - tomcat10 10.1.5-1 - tomcat9 9.0.70-2 [bullseye] - tomcat9 (Minor issue, fix along with future update) - libcommons-fileupload-java 1.4-2 (bug #1031733) [bullseye] - libcommons-fileupload-java (Minor issue) [buster] - libcommons-fileupload-java (Minor issue) NOTE: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17 (commons-fileupload-1.5) NOTE: Caution: patch is no-op by default, reverse-dependencies would need to provide updated settings NOTE: https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy NOTE: https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce (10.1.5) NOTE: https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74 (9.0.71) NOTE: When fixing the issue make sure to apply complete fixes to not open CVE-2023-28709 NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24994 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24993 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24992 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24991 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24990 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24989 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24988 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24987 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24986 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24985 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24984 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24983 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24982 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24981 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24980 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24979 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-24978 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) NOT-FOR-US: Siemens CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...) NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...) NOT-FOR-US: TRENDnet CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) NOT-FOR-US: TRENDnet CVE-2023-0616 (If a MIME email combines OpenPGP and OpenPGP MIME data in a certain wa ...) {DSA-5355-1 DLA-3324-1} - thunderbird 1:102.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616 CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer overflow w ...) - linux 6.1.4-1 [bullseye] - linux 5.10.158-1 [buster] - linux 4.19.282-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166287 CVE-2023-0614 (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confident ...) - samba 2:4.17.7+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2023-0614.html CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) NOT-FOR-US: TRENDnet CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...) NOT-FOR-US: TRENDnet CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: TRENDnet CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) NOT-FOR-US: Wallabag CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) NOT-FOR-US: Wallabag CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache InLong CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...) NOT-FOR-US: Apache InLong CVE-2023-24976 RESERVED CVE-2023-24975 (IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caus ...) NOT-FOR-US: IBM CVE-2023-24974 RESERVED CVE-2023-24973 RESERVED CVE-2023-24972 RESERVED CVE-2023-24971 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...) NOT-FOR-US: IBM CVE-2023-24970 RESERVED CVE-2023-24969 RESERVED CVE-2023-24968 RESERVED CVE-2023-24967 RESERVED CVE-2023-24966 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2023-24965 (IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts acc ...) NOT-FOR-US: IBM CVE-2023-24964 (IBM InfoSphere Information Server 11.7 could allow a local user to obt ...) NOT-FOR-US: IBM CVE-2023-24963 RESERVED CVE-2023-24962 RESERVED CVE-2023-24961 RESERVED CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2023-24959 (IBM InfoSphere Information Systems 11.7 could expose information about ...) NOT-FOR-US: IBM CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...) NOT-FOR-US: IBM CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...) NOT-FOR-US: IBM CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) NOT-FOR-US: Forget Heart Message Box CVE-2023-24955 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24954 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24953 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24952 RESERVED CVE-2023-24951 RESERVED CVE-2023-24950 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24949 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24948 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24947 (Windows Bluetooth Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24946 (Windows Backup Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24945 (Windows iSCSI Target Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24944 (Windows Bluetooth Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24943 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-24942 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24941 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24940 (Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-24939 (Server for NFS Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24936 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...) NOT-FOR-US: .NET CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24933 RESERVED CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24931 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24929 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24928 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24927 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24926 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24925 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24924 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24922 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-24921 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-24920 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-24919 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-24918 RESERVED CVE-2023-24917 RESERVED CVE-2023-24916 RESERVED CVE-2023-24915 RESERVED CVE-2023-24914 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24913 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24912 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24911 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24910 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24909 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24908 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24907 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24906 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24905 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24904 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24903 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-24902 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24901 (Windows NFS Portmapper Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24900 (Windows NTLM Security Support Provider Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24898 (Windows SMB Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) NOT-FOR-US: .NET CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) NOT-FOR-US: .NET CVE-2023-24894 RESERVED CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24892 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24891 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-24890 (Microsoft OneDrive for iOS Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24889 RESERVED CVE-2023-24888 RESERVED CVE-2023-24887 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24886 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24885 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24884 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24883 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24881 (Microsoft Teams Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24879 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-24878 RESERVED CVE-2023-24877 RESERVED CVE-2023-24876 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24875 RESERVED CVE-2023-24874 RESERVED CVE-2023-24873 RESERVED CVE-2023-24872 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24871 (Windows Bluetooth Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24870 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24869 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24868 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24867 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-24866 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24865 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24864 (Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privil ...) NOT-FOR-US: Microsoft CVE-2023-24863 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24862 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24861 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24860 (Microsoft Defender Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24859 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2023-24858 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24857 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-24016 (Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro ...) NOT-FOR-US: Intel CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...) NOT-FOR-US: Intel CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) NOT-FOR-US: Intel CVE-2023-23569 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...) NOT-FOR-US: Intel CVE-2023-22447 (Insertion of sensitive information into log file in the Open CAS softw ...) NOT-FOR-US: Intel CVE-2023-22446 RESERVED CVE-2023-22443 (Integer overflow in some Intel(R) Server Board BMC firmware before ver ...) NOT-FOR-US: Intel CVE-2023-22442 (Out of bounds write in some Intel(R) Server Board BMC firmware before ...) NOT-FOR-US: Intel CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on software inst ...) NOT-FOR-US: Intel CVE-2023-22276 (Race condition in firmware for some Intel(R) Ethernet Controllers and ...) NOT-FOR-US: Intel CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) NOT-FOR-US: microweber CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) NOT-FOR-US: ProjectSend CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...) - ampache CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0604 (The WP Food Manager WordPress plugin before 1.0.4 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2023-0601 RESERVED CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...) NOT-FOR-US: Qualcomm CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...) NOT-FOR-US: Qualcomm CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...) NOT-FOR-US: Qualcomm CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user while lo ...) NOT-FOR-US: Qualcomm CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) NOT-FOR-US: Qualcomm CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...) NOT-FOR-US: Qualcomm CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an ...) NOT-FOR-US: Qualcomm CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...) NOT-FOR-US: Qualcomm CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.) NOT-FOR-US: Qualcomm CVE-2023-24846 RESERVED CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...) NOT-FOR-US: Qualcomm CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.) NOT-FOR-US: Qualcomm CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...) NOT-FOR-US: HGiga MailSherlock CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...) NOT-FOR-US: HGiga MailSherlock CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of insufficie ...) NOT-FOR-US: HGiga MailSherlock CVE-2023-24839 (HGiga MailSherlock\u2019s specific function has insufficient filtering ...) NOT-FOR-US: HGiga MailSherlock CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. An unau ...) NOT-FOR-US: HGiga PowerStation CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...) NOT-FOR-US: HGiga CVE-2023-24836 (SUNNET CTMS has vulnerability of path traversal within its file upload ...) NOT-FOR-US: SUNNET CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM SQR has a vulnerability of Cod ...) NOT-FOR-US: Softnext CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...) NOT-FOR-US: WisdomGarden Tronclass CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) NOT-FOR-US: Rapid7 CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...) NOT-FOR-US: GE CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...) - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1) CVE-2023-0596 RESERVED CVE-2023-0595 (A CWE-117: Improper Output Neutralization for Logs vulnerability exist ...) NOT-FOR-US: Schneider CVE-2023-0594 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...) NOT-FOR-US: ProjectSendyaffshiv CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...) NOT-FOR-US: jefferson JFFS tool CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...) NOT-FOR-US: UBI reader CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c ...) {DLA-3710-1} - linux 6.0.6-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2) CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...) NOT-FOR-US: WordPress plugin CVE-2022-4900 (A vulnerability was found in PHP where setting the environment variabl ...) - php8.2 (Fixed before initial upload) - php7.4 [bullseye] - php7.4 (Minor issue, fix along in future update) - php7.3 NOTE: https://github.com/php/php-src/issues/8989 NOTE: https://github.com/php/php-src/pull/9000 NOTE: https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 (php-8.0.22RC1) NOTE: Introduced by: https://github.com/php/php-src/commit/82effb3fc7bcab0efcc343b3e03355f5f2f663c9 (php-7.4.0RC1) CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...) - libzstd 1.5.4+dfsg2-1 [bullseye] - libzstd (Minor issue) [buster] - libzstd (Vulnerable code introduced later) NOTE: https://github.com/facebook/zstd/issues/3200 NOTE: https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846 (v1.5.4) NOTE: https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4) NOTE: Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7) CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior to commit ...) NOT-FOR-US: Facebook Hermes CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf ...) NOT-FOR-US: Facebook Hermes CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...) NOT-FOR-US: Trend Micro CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: All in One SEO Pack plugin for WordPress CVE-2023-0585 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: All in One SEO Pack plugin for WordPress CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...) NOT-FOR-US: SiteFusion CVE-2023-24831 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache IoTDB CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...) NOT-FOR-US: Onedev CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) NOT-FOR-US: syft CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1034171) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1034172) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1034173) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1034174) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 (0.29.0.gfm.10) CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...) - ipython (Windows-specific) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 NOTE: https://github.com/ipython/ipython/commit/991849c247fc208628879e7ca2923b3c218a5a75 (8.10.0) CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web applications i ...) NOT-FOR-US: Vert.x-Web CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...) NOT-FOR-US: Typo3 CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...) - php-dompdf 2.0.3+dfsg-1 [bullseye] - php-dompdf (SVG image references validation introduced in v2.0.0) [buster] - php-dompdf (SVG image references validation introduced in v2.0.0) NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75 NOTE: Fixed by: https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa (v2.0.3) NOTE: Introduced by: https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799 (v2.0.0) CVE-2023-24812 (Misskey is an open source, decentralized social media platform. In ver ...) NOT-FOR-US: Misskey CVE-2023-24811 (Misskey is an open source, decentralized social media platform. In ver ...) NOT-FOR-US: Misskey CVE-2023-24810 (Misskey is an open source, decentralized social media platform. Due to ...) NOT-FOR-US: Misskey CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...) - nethack 3.6.7-1 (bug #1031869) [bookworm] - nethack (Minor issue) [bullseye] - nethack (Minor issue) [buster] - nethack (Minor issue) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch NOTE: https://nethack.org/security/CVE-2023-24809.html CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...) - ippsample (unimportant; bug #1033104) NOTE: Crash in CLI tool, no security impact CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...) - node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418) [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w NOTE: https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf (v5.19.1) CVE-2023-24806 REJECTED CVE-2023-24805 (cups-filters contains backends, filters, and other software required t ...) {DSA-5407-1 DLA-3430-1} - cups-filters 1.28.17-3 (bug #1036224) NOTE: https://www.openwall.com/lists/oss-security/2023/05/17/5 NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 (master) NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/93e60d3df358c0ae6f3dba79e1c9684657683d89 (1.x) CVE-2023-24804 (The ownCloud Android app allows ownCloud users to access, share, and e ...) NOT-FOR-US: ownCloud Android app CVE-2023-0584 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...) NOT-FOR-US: VK Blocks plugin for WordPress CVE-2023-0583 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...) NOT-FOR-US: VK Blocks plugin for WordPress CVE-2023-0582 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: ForgeRock CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protection me ...) NOT-FOR-US: PrivateContent plugin for WordPress CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...) NOT-FOR-US: ABB CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: ASOS CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: ASOS CVE-2023-0576 REJECTED CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...) - yugabyte-db (bug #989673) CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...) - yugabyte-db (bug #989673) CVE-2022-48305 (There is an identity authentication bypass vulnerability in Huawei Chi ...) NOT-FOR-US: Huawei CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache IoTDB CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache IoTDB CVE-2023-24803 RESERVED CVE-2023-24802 RESERVED CVE-2023-24801 RESERVED CVE-2023-24800 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) NOT-FOR-US: D-Link CVE-2023-24799 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) NOT-FOR-US: D-Link CVE-2023-24798 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) NOT-FOR-US: D-Link CVE-2023-24797 (D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack over ...) NOT-FOR-US: D-Link CVE-2023-24796 (Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and befo ...) NOT-FOR-US: Vinga CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...) NOT-FOR-US: JHR-N916R CVE-2023-24794 RESERVED CVE-2023-24793 RESERVED CVE-2023-24792 RESERVED CVE-2023-24791 RESERVED CVE-2023-24790 RESERVED CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...) NOT-FOR-US: jeecg-boot CVE-2023-24788 (NotrinosERP v0.7 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: NotrinosERP CVE-2023-24787 REJECTED CVE-2023-24786 RESERVED CVE-2023-24785 (An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a de ...) NOT-FOR-US: Giorgio Tani peazip CVE-2023-24784 RESERVED CVE-2023-24783 RESERVED CVE-2023-24782 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24779 RESERVED CVE-2023-24778 RESERVED CVE-2023-24777 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: Funadmin CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24774 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24773 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Funadmin CVE-2023-24772 RESERVED CVE-2023-24771 RESERVED CVE-2023-24770 RESERVED CVE-2023-24769 (Changedetection.io before v0.40.1.1 was discovered to contain a stored ...) NOT-FOR-US: Changedetection.io CVE-2023-24768 RESERVED CVE-2023-24767 RESERVED CVE-2023-24766 RESERVED CVE-2023-24765 RESERVED CVE-2023-24764 RESERVED CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...) NOT-FOR-US: PrestaShop module CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...) NOT-FOR-US: D-Link CVE-2023-24761 RESERVED CVE-2023-24760 (An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalat ...) NOT-FOR-US: Ofcms CVE-2023-24759 RESERVED CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/383 NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11) CVE-2023-24757 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/385 NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) CVE-2023-24756 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/380 NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) CVE-2023-24755 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/384 NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) CVE-2023-24754 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/382 NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11) CVE-2023-24753 RESERVED CVE-2023-24752 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/378 NOTE: https://github.com/strukturag/libde265/commit/052bacb2535cf0024042eefde58e48df2c778f7c (v1.0.11) CVE-2023-24751 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/379 NOTE: https://github.com/strukturag/libde265/commit/7ea8e3cbb010bc02fa38419e87ed2281d7933850 (v1.0.11) CVE-2023-24750 RESERVED CVE-2023-24749 RESERVED CVE-2023-24748 RESERVED CVE-2023-24747 (Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: Jfinal CMS CVE-2023-24746 RESERVED CVE-2023-24745 RESERVED CVE-2023-24744 (Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus ...) NOT-FOR-US: Rediker Software AdminPlus CVE-2023-24743 RESERVED CVE-2023-24742 RESERVED CVE-2023-24741 RESERVED CVE-2023-24740 RESERVED CVE-2023-24739 RESERVED CVE-2023-24738 RESERVED CVE-2023-24737 (PMB v7.4.6 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: PMB CVE-2023-24736 (PMB v7.4.6 was discovered to contain a remote code execution (RCE) vul ...) NOT-FOR-US: PMB CVE-2023-24735 (PMB v7.4.6 was discovered to contain an open redirect vulnerability vi ...) NOT-FOR-US: PMB CVE-2023-24734 (An arbitrary file upload vulnerability in the camera_upload.php compon ...) NOT-FOR-US: PMB CVE-2023-24733 (PMB v7.4.6 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: PMB CVE-2023-24732 (Simple Customer Relationship Management System v1.0 as discovered to c ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24731 (Simple Customer Relationship Management System v1.0 as discovered to c ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24730 (Simple Customer Relationship Management System v1.0 as discovered to c ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24729 (Simple Customer Relationship Management System v1.0 as discovered to c ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24728 (Simple Customer Relationship Management System v1.0 as discovered to c ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24727 RESERVED CVE-2023-24726 (Art Gallery Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Art Gallery Management System CVE-2023-24725 RESERVED CVE-2023-24724 (A stored cross site scripting (XSS) vulnerability was discovered in th ...) NOT-FOR-US: SAS 9.4 Admin Console CVE-2023-24723 RESERVED CVE-2023-24722 RESERVED CVE-2023-24721 (A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1. ...) NOT-FOR-US: LiveAction LiveSP CVE-2023-24720 (An arbitrary file upload vulnerability in readium-js v0.32.0 allows at ...) NOT-FOR-US: readium-js CVE-2023-24719 RESERVED CVE-2023-24718 RESERVED CVE-2023-24717 RESERVED CVE-2023-24716 RESERVED CVE-2023-24715 RESERVED CVE-2023-24714 RESERVED CVE-2023-24713 RESERVED CVE-2023-24712 RESERVED CVE-2023-24711 RESERVED CVE-2023-24710 RESERVED CVE-2023-24709 (An issue found in Paradox Security Systems IPR512 allows attackers to ...) NOT-FOR-US: Paradox Security Systems IPR512 CVE-2023-24708 RESERVED CVE-2023-24707 RESERVED CVE-2023-24706 RESERVED CVE-2023-24705 RESERVED CVE-2023-24704 RESERVED CVE-2023-24703 RESERVED CVE-2023-24702 RESERVED CVE-2023-24701 RESERVED CVE-2023-24700 RESERVED CVE-2023-24699 RESERVED CVE-2023-24698 (Insufficient parameter validation in the Foswiki::Sandbox component of ...) - foswiki (bug #509864) CVE-2023-24697 RESERVED CVE-2023-24696 RESERVED CVE-2023-24695 RESERVED CVE-2023-24694 RESERVED CVE-2023-24693 RESERVED CVE-2023-24692 RESERVED CVE-2023-24691 RESERVED CVE-2023-24690 (ChurchCRM 4.5.3 and below was discovered to contain a stored cross-sit ...) NOT-FOR-US: ChurchCRM CVE-2023-24689 (An issue in Mojoportal v2.7.0.0 and below allows an authenticated atta ...) NOT-FOR-US: Mojoportal CVE-2023-24688 (An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to ...) NOT-FOR-US: Mojoportal CVE-2023-24687 (Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scri ...) NOT-FOR-US: Mojoportal CVE-2023-24686 (An issue in the CSV Import function of ChurchCRM v4.5.3 and below allo ...) NOT-FOR-US: ChurchCRM CVE-2023-24685 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...) NOT-FOR-US: ChurchCRM CVE-2023-24684 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...) NOT-FOR-US: ChurchCRM CVE-2023-24683 RESERVED CVE-2023-24682 RESERVED CVE-2023-24681 RESERVED CVE-2023-24680 RESERVED CVE-2023-24679 RESERVED CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attac ...) NOT-FOR-US: Centralite Pearl Thermostat CVE-2023-24677 RESERVED CVE-2023-24676 (An issue found in ProcessWire 3.0.210 allows attackers to execute arbi ...) NOT-FOR-US: Processwire CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...) NOT-FOR-US: BluditCMS CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...) NOT-FOR-US: BluditCMS CVE-2023-24673 RESERVED CVE-2023-24672 RESERVED CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an unquoted servic ...) NOT-FOR-US: VX Search CVE-2023-24670 RESERVED CVE-2023-24669 RESERVED CVE-2023-24668 RESERVED CVE-2023-24667 RESERVED CVE-2023-24666 RESERVED CVE-2023-24665 RESERVED CVE-2023-24664 RESERVED CVE-2023-24663 RESERVED CVE-2023-24662 RESERVED CVE-2023-24661 RESERVED CVE-2023-24660 RESERVED CVE-2023-24659 RESERVED CVE-2023-24658 RESERVED CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site scriptin ...) - phpipam (bug #731713) CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24655 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24652 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24651 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24650 RESERVED CVE-2023-24649 RESERVED CVE-2023-24648 (Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: Zstore CVE-2023-24647 (Food Ordering System v2.0 was discovered to contain a SQL injection vu ...) NOT-FOR-US: Food Ordering System CVE-2023-24646 (An arbitrary file upload vulnerability in the component /fos/admin/aja ...) NOT-FOR-US: Food Ordering System CVE-2023-24645 RESERVED CVE-2023-24644 RESERVED CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Judging Management System CVE-2023-24640 RESERVED CVE-2023-24639 RESERVED CVE-2023-24638 RESERVED CVE-2023-24637 RESERVED CVE-2023-24636 RESERVED CVE-2023-24635 RESERVED CVE-2023-24634 RESERVED CVE-2023-24633 RESERVED CVE-2023-24632 RESERVED CVE-2023-24631 RESERVED CVE-2023-24630 RESERVED CVE-2023-24629 RESERVED CVE-2023-24628 RESERVED CVE-2023-24627 RESERVED CVE-2023-24626 (socket.c in GNU Screen through 4.9.0, when installed setuid or setgid ...) - screen 4.9.1-1 (unimportant) NOTE: https://savannah.gnu.org/bugs/?63195 (private) NOTE: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 NOTE: screen in Debian not installed setuid or setgid CVE-2023-24625 (Faveo 5.0.1 allows remote attackers to obtain sensitive information vi ...) NOT-FOR-US: Faveo CVE-2023-24624 RESERVED CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to th ...) NOT-FOR-US: Paranoidhttp CVE-2023-24622 (isInList in the safeurl-python package before 1.2 for Python has an in ...) NOT-FOR-US: safeurl-python CVE-2023-24621 (An issue was discovered in Esoteric YamlBeans through 1.15. It allows ...) NOT-FOR-US: Esoteric YamlBeans CVE-2023-24620 (An issue was discovered in Esoteric YamlBeans through 1.15. A crafted ...) NOT-FOR-US: Esoteric YamlBeans CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...) NOT-FOR-US: Redpanda CVE-2023-24618 RESERVED CVE-2023-24617 RESERVED CVE-2023-24616 RESERVED CVE-2023-24615 RESERVED CVE-2023-24614 RESERVED CVE-2023-24613 (The user interface of Array Networks AG Series and vxAG through 9.4.0. ...) NOT-FOR-US: Array Networks CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allo ...) NOT-FOR-US: MediaWiki PdfBook extension CVE-2023-24611 RESERVED CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...) NOT-FOR-US: NOSH CVE-2023-24609 (Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subt ...) - matrixssl CVE-2023-24608 RESERVED CVE-2023-0573 RESERVED CVE-2023-0572 (Unchecked Error Condition in GitHub repository froxlor/froxlor prior t ...) - froxlor (bug #581792) CVE-2022-4898 (In affected versions of Octopus Server the help sidebar can be customi ...) NOT-FOR-US: Octopus Server CVE-2022-48304 RESERVED CVE-2022-48303 (GNU Tar through 1.34 has a one-byte out-of-bounds read that results in ...) - tar 1.34+dfsg-1.4 (unimportant) [bookworm] - tar 1.34+dfsg-1.2+deb12u1 [bullseye] - tar 1.34+dfsg-1+deb11u1 NOTE: Crash in CLI tool, no security impact NOTE: https://savannah.gnu.org/bugs/?62387 NOTE: https://savannah.gnu.org/patch/?10307 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 (v1.35) CVE-2021-46873 (WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account ...) NOTE: Generic protocol issue in WireGuard CVE-2023-0571 (A vulnerability has been found in SourceCodester Canteen Management Sy ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2023-0570 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0569 (Weak Password Requirements in GitHub repository publify/publify prior ...) NOT-FOR-US: Publify CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) {DSA-5363-1 DLA-3345-1} - php8.2 8.2.4-1 (bug #1031368) - php7.4 - php7.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81746 NOTE: Fixed in: 8.2.3 NOTE: https://github.com/php/php-src/commit/ec10b28d64decbc54aa1e585dce580f0bd7a5953 CVE-2023-0567 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) {DSA-5363-1 DLA-3345-1} - php8.2 8.2.4-1 (bug #1031368) - php7.4 - php7.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81744 NOTE: Fixed in 8.2.3 NOTE: https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 NOTE: https://github.com/php/php-src/commit/c840f71524067aa474c00c3eacfb83bd860bfc8a NOTE: https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5 CVE-2022-48302 (The AMS module has a vulnerability of lacking permission verification ...) NOT-FOR-US: Huawei CVE-2022-48301 (The bundle management module lacks permission verification in some API ...) NOT-FOR-US: Huawei CVE-2022-48300 (The WMS module lacks the authentication mechanism in some APIs. Succes ...) NOT-FOR-US: Huawei CVE-2022-48299 (The WMS module lacks the authentication mechanism in some APIs. Succes ...) NOT-FOR-US: Huawei CVE-2022-48298 (The geofencing kernel code does not verify the length of the input dat ...) NOT-FOR-US: Huawei CVE-2022-48297 (The geofencing kernel code has a vulnerability of not verifying the le ...) NOT-FOR-US: Huawei CVE-2022-48296 (The SystemUI has a vulnerability in permission management. Successful ...) NOT-FOR-US: Huawei CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification. Successf ...) NOT-FOR-US: Huawei CVE-2022-48294 (The IHwAttestationService interface has a defect in authentication. Su ...) NOT-FOR-US: Huawei CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...) NOT-FOR-US: Huawei CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...) NOT-FOR-US: Huawei CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...) NOT-FOR-US: Huawei CVE-2022-48288 (The bundle management module lacks authentication and control mechanis ...) NOT-FOR-US: Huawei CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability. Successful exp ...) NOT-FOR-US: Huawei CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation vulne ...) NOT-FOR-US: Huawei CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string when t ...) {DLA-3805-1} - qtbase-opensource-src 5.15.8+dfsg-3 (bug #1031872) [bullseye] - qtbase-opensource-src (Minor issue) - qt6-base 6.4.2+dfsg-7 (bug #1031871) - qtbase-opensource-src-gles (GLES build only ships libqt5gui5, not the DB modules, see #1031873) NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin NOTE: https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d (6.4) NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff CVE-2023-24606 RESERVED CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all ...) NOT-FOR-US: OX App Suite CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP header le ...) NOT-FOR-US: OX App Suite CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size limits wh ...) NOT-FOR-US: OX App Suite CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the T ...) NOT-FOR-US: OX App Suite CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app dee ...) NOT-FOR-US: OX App Suite CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...) NOT-FOR-US: OX App Suite CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...) NOT-FOR-US: OX App Suite CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information leak in th ...) NOT-FOR-US: OX App Suite CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading (without ...) NOT-FOR-US: OX App Suite CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - froxlor (bug #581792) CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) - froxlor (bug #581792) CVE-2023-0564 (Weak Password Requirements in GitHub repository froxlor/froxlor prior ...) - froxlor (bug #581792) CVE-2023-0563 (A vulnerability classified as problematic has been found in PHPGurukul ...) NOT-FOR-US: PHPGurukul Bank Locker Management System CVE-2022-48285 (loadAsync in JSZip before 3.8.0 allows Directory Traversal via a craft ...) - node-jszip 3.10.0+dfsg-1 [bullseye] - node-jszip (Minor issue) [buster] - node-jszip (Minor issue) NOTE: https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 (v3.8.0) CVE-2023-0562 (A vulnerability was found in PHPGurukul Bank Locker Management System ...) NOT-FOR-US: PHPGurukul Bank Locker Management System CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2016-15022 (A vulnerability was found in mosbth cimage up to 0.7.18. It has been d ...) NOT-FOR-US: mosbth cimage CVE-2009-10003 (A vulnerability was found in capnsquarepants wordcraft up to 0.6. It h ...) NOT-FOR-US: capnsquarepants wordcraft CVE-2023-0559 (The GS Portfolio for Envato WordPress plugin before 1.4.0 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: ContentStudio plugin for WordPress CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to Sensitive Info ...) NOT-FOR-US: ContentStudio plugin for WordPress CVE-2023-0556 (The ContentStudio plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: ContentStudio plugin for WordPress CVE-2023-0555 (The Quick Restaurant Menu plugin for WordPress is vulnerable to author ...) NOT-FOR-US: Quick Restaurant Menu plugin for WordPress CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: Quick Restaurant Menu plugin for WordPress CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: Quick Restaurant Menu plugin for WordPress CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does not ha ...) NOT-FOR-US: WordPress plugin CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...) NOT-FOR-US: Quick Restaurant Menu plugin for WordPress CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...) NOT-FOR-US: Huawei CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...) NOT-FOR-US: Huawei CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...) NOT-FOR-US: NYUCCL psiTurk CVE-2023-24595 (An OS command injection vulnerability exists in the ys_thirdparty syst ...) NOT-FOR-US: Milesight UR32L CVE-2023-24583 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) NOT-FOR-US: Milesight UR32L CVE-2023-24582 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) NOT-FOR-US: Milesight UR32L CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-22365 (An OS command injection vulnerability exists in the ys_thirdparty chec ...) NOT-FOR-US: Milesight UR32L CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus _get_fw ...) NOT-FOR-US: Milesight UR32L CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: YAFNET CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2023-0547 (OCSP revocation status of recipient certificates was not checked when ...) {DSA-5392-1 DLA-3400-1} - thunderbird 1:102.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547 CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2023-0545 (The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...) NOT-FOR-US: WordPress plugin CVE-2023-0542 (The Custom Post Type List Shortcode WordPress plugin through 1.4.4 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2023-0537 (The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 ...) NOT-FOR-US: WordPress plugin CVE-2023-0536 (The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0532 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0531 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0530 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0529 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hiring ...) NOT-FOR-US: PHPGurukul Online Security Guards Hiring System CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...) {DLA-3329-1} - python-django 3:3.2.18-1 (bug #1031290) [bullseye] - python-django 2:2.2.28-1~deb11u2 NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18) CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...) NOT-FOR-US: McAfee CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...) NOT-FOR-US: McAfee CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...) NOT-FOR-US: McAfee CVE-2023-24543 RESERVED CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalab ...) {DSA-5474-1 DLA-3537-1} - intel-microcode 3.20230808.1 (bug #1043305) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...) NOT-FOR-US: Intel CVE-2023-23577 (Uncontrolled search path element for some ITE Tech consumer infrared d ...) NOT-FOR-US: Intel CVE-2023-23544 RESERVED CVE-2023-22841 (Unquoted search path in the software installer for the System Firmware ...) NOT-FOR-US: Intel CVE-2023-22840 (Improper neutralization in software for the Intel(R) oneVPL GPU softwa ...) NOT-FOR-US: Intel CVE-2023-22431 RESERVED CVE-2023-22311 (Improper access control in some Intel(R) Optane(TM) PMem 100 Series Ma ...) - ipmctl (Only affects the Intel Optane PMem 100 Series Managment Software) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric Corpor ...) NOT-FOR-US: PyroCMS CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...) NOT-FOR-US: Tenable CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin through 1 ...) NOT-FOR-US: WordPress plugin CVE-2023-0521 RESERVED CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) NOT-FOR-US: Modoboa CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...) {DLA-3285-1} - libapache-session-browseable-perl 1.3.7-1 NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f (v1.3.6) NOTE: Regression follow-up: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/c73e05c1363cd59e437aa1ea5ea0d260d62d5ee6 (v1.3.7) CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certificate ...) {DLA-3284-1} - libapache-session-ldap-perl 0.5-1 NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5) CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...) NOT-FOR-US: EMC CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, versions p ...) NOT-FOR-US: Dell CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...) NOT-FOR-US: Dell CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...) NOT-FOR-US: Dell CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...) NOT-FOR-US: Dell CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2023-24570 RESERVED CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...) NOT-FOR-US: Dell CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate with Ho ...) NOT-FOR-US: Dell CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version di ...) NOT-FOR-US: Dell CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24565 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24564 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24563 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24562 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24561 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24560 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24559 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24558 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24557 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24556 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24555 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24554 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24553 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24552 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24551 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN configured, malfor ...) NOT-FOR-US: Arista CVE-2023-24547 (On affected platforms running Arista MOS, the configuration of a BGP p ...) NOT-FOR-US: Arista CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...) NOT-FOR-US: Arista CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...) NOT-FOR-US: Arista CVE-2023-0517 RESERVED CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0514 (The Membership Database WordPress plugin through 1.0 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...) NOT-FOR-US: isoftforce Dreamer CMS CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247) NOTE: Crash in CLI tool, no security impact CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Management J ...) NOT-FOR-US: ForgeRock CVE-2023-0510 RESERVED CVE-2023-24540 (Not all valid JavaScript whitespace characters are considered to be wh ...) - golang-1.20 1.20.4-1 [experimental] - golang-1.19 1.19.9-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) [bullseye] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU NOTE: https://github.com/golang/go/issues/59721 NOTE: https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) NOTE: https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) CVE-2023-24539 (Angle brackets (<>) are not considered dangerous characters when inser ...) - golang-1.20 1.20.4-1 [experimental] - golang-1.19 1.19.9-1 - golang-1.19 1.19.10-2 [bookworm] - golang-1.19 (Minor issue) [bullseye] - golang-1.19 (Minor issue) - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU NOTE: https://github.com/golang/go/issues/59720 NOTE: https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9) NOTE: https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4) CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript string ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 - golang-1.19 1.19.8-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 NOTE: https://go.dev/issue/59234 NOTE: https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) NOTE: https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) CVE-2023-24537 (Calling any of the Parse functions on Go source code which contains // ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 - golang-1.19 1.19.8-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 NOTE: https://go.dev/issue/59180 NOTE: https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3) NOTE: https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8) NOTE: Introduced by: https://github.com/golang/go/commit/99c30211b1e0b3ac4e5d32f3ae5eaf759c23195f (go1.11beta1) CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memory whe ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 - golang-1.19 1.19.8-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 NOTE: https://go.dev/issue/59153 NOTE: https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3) NOTE: https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go1.19.8) CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format message whic ...) - golang-google-protobuf (Vulnerable code not in a Debian released version) NOTE: https://go-review.googlesource.com/c/protobuf/+/475995 NOTE: https://github.com/golang/protobuf/issues/1530 NOTE: https://github.com/protocolbuffers/protobuf-go/commit/edaf511a7a37a90db2727b600d699e1e8d2840b4 (v1.29.1) NOTE: https://github.com/advisories/GHSA-hw7c-3rfg-p46j CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 - golang-1.19 1.19.8-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 NOTE: https://go.dev/issue/58975 NOTE: https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3) NOTE: https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8) CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorrect re ...) NOT-FOR-US: filippo.io/nistec (also included in golang, but tracked as CVE-2023-24533 for it) CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...) - golang-1.20 1.20.2-1 [experimental] - golang-1.19 1.19.7-1 - golang-1.19 1.19.8-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://golangtutorial.dev/news/go-1.20.2-and-go-1.19.7-versions-released/ NOTE: https://github.com/golang/go/issues/58647 NOTE: https://go-review.googlesource.com/c/go/+/471256 NOTE: https://github.com/golang/go/commit/602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 (go1.20.2) NOTE: https://github.com/golang/go/commit/639b67ed114151c0d786aa26e7faeab942400703 (go1.19.7) CVE-2023-24531 RESERVED CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::read_t ...) [experimental] - openimageio 2.4.9.0+dfsg-1 - openimageio 2.4.13.0+dfsg-1 (bug #1034150) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/pull/3768 NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707 CVE-2023-24472 (A denial of service vulnerability exists in the FitsOutput::close() fu ...) {DLA-3518-1} [experimental] - openimageio 2.4.9.0+dfsg-1 - openimageio 2.4.13.0+dfsg-1 (bug #1034151) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6 (master) NOTE: https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750 (v2.4.8.1) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709 CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::decode_pix ...) [experimental] - openimageio 2.4.9.0+dfsg-1 - openimageio 2.4.13.0+dfsg-1 (bug #1034150) [bookworm] - openimageio (Minor issue) [bullseye] - openimageio (Minor issue) [buster] - openimageio (Minor issue) NOTE: https://github.com/OpenImageIO/oiio/pull/3768 NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708 CVE-2023-0509 (Improper Certificate Validation in GitHub repository pyload/pyload pri ...) - pyload (bug #1001980) CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...) - uptimed (Gentoo-specific) CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...) - man-db (Gentoo-specific packaging issue) CVE-2023-24530 (SAP BusinessObjects Business Intelligence Platform (CMC) - versions 42 ...) NOT-FOR-US: SAP CVE-2023-24529 (Due to lack of proper input validation, BSP application (CRM_BSP_FRAME ...) NOT-FOR-US: SAP CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - ...) NOT-FOR-US: SAP CVE-2023-24527 (SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perfo ...) NOT-FOR-US: SAP CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - version ...) NOT-FOR-US: SAP CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...) NOT-FOR-US: SAP CVE-2023-24524 (SAP S/4 HANA Map Treasury Correspondence Format Datadoes not perform n ...) NOT-FOR-US: SAP CVE-2023-24523 (An attacker authenticated as a non-admin user with local access to a s ...) NOT-FOR-US: SAP CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Busines ...) NOT-FOR-US: SAP CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...) NOT-FOR-US: SAP CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) NOT-FOR-US: Milesight UR32L CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) NOT-FOR-US: Milesight UR32L CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allow ...) NOT-FOR-US: Pandora FMS CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...) NOT-FOR-US: Pandora FMS File Manager component CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...) NOT-FOR-US: Pandora FMS CVE-2023-24515 (Server-Side Request Forgery (SSRF) vulnerability in API checker of Pan ...) NOT-FOR-US: Pandora FMS CVE-2023-24514 (Cross-site Scripting (XSS) vulnerability in Visual Console Module of P ...) NOT-FOR-US: Pandora FMS CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...) NOT-FOR-US: Milesight UR32L CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...) - grafana CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in its 2.61 ...) NOT-FOR-US: ByDemes Group Airspace CCTV Web Service CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2. ...) NOT-FOR-US: WordPress plugin CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF check wh ...) NOT-FOR-US: WordPress plugin CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF check wh ...) NOT-FOR-US: WordPress plugin CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a danglin ...) {DSA-5342-1 DLA-3310-1} - xorg-server 2:21.1.7-1 (bug #1030777) - xwayland 2:22.1.8-1 NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1 NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the Software ...) NOT-FOR-US: Arista CVE-2023-24512 (On affected platforms running Arista EOS, an authorized attacker with ...) NOT-FOR-US: Arista CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...) NOT-FOR-US: Arista CVE-2023-24510 (On the affected platforms running EOS, a malformed DHCP packet might c ...) NOT-FOR-US: Arista CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with both re ...) NOT-FOR-US: Arista CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...) NOT-FOR-US: Baicells CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload -Vulnerab ...) NOT-FOR-US: AgilePoint CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through a ...) NOT-FOR-US: Milesight CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive informati ...) NOT-FOR-US: Milesight CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) NOT-FOR-US: Electra Central CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) NOT-FOR-US: Electra Central CVE-2023-24502 (Electra Central AC unit \u2013 The unit opens an AP with an easily cal ...) NOT-FOR-US: Electra Central CVE-2023-24501 (Electra Central AC unit \u2013 Hardcoded Credentials in unspecified co ...) NOT-FOR-US: Electra Central CVE-2023-24500 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) NOT-FOR-US: Electra Central CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device. ...) NOT-FOR-US: Butterfly Button plugin CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...) NOT-FOR-US: Netgear CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) NOT-FOR-US: MilesightVPN CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) NOT-FOR-US: MilesightVPN CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...) NOT-FOR-US: btcpayserver CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...) NOT-FOR-US: WordPress plugin CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...) - pyload (bug #1001980) CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...) NOT-FOR-US: VitalPBX CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...) NOT-FOR-US: WordPress plugin CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...) - resteasy (bug #1031728) - resteasy3.0 (bug #1031729) [bookworm] - resteasy3.0 (Minor issue) [bullseye] - resteasy3.0 (Minor issue) [buster] - resteasy3.0 (Minor issue) NOTE: https://github.com/resteasy/resteasy/pull/3409/ NOTE: https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.creat ...) NOT-FOR-US: Quarkus CVE-2023-0480 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...) NOT-FOR-US: VitalPBX CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...) {DSA-5367-1 DLA-3347-1} - spip 4.1.8+dfsg-1 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html NOTE: https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 (v3.2.18) NOTE: https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d (master) NOTE: https://blog.spip.net/Mise-a-jour-sortie-de-SPIP-4-2-2-SPIP-4-1-9-SPIP-4-0-11-et-SPIP-3-2-19.html (regression update) NOTE: https://git.spip.net/spip/svp/commit/d463bc549b13bc45651051f83760e8ce274c98d9 (SVP, regression fix) CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...) NOT-FOR-US: Tenable CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...) NOT-FOR-US: Tenable CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...) NOT-FOR-US: Tenable CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure Access client ...) NOT-FOR-US: Citrix CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure Access client ...) NOT-FOR-US: Citrix CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...) NOT-FOR-US: Citrix CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...) NOT-FOR-US: Citrix CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix Gatewayin a ...) NOT-FOR-US: Citrix CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway) NOT-FOR-US: Citrix CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app for Linux ...) NOT-FOR-US: Citrix CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...) NOT-FOR-US: Citrix CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...) NOT-FOR-US: Citrix CVE-2023-24483 (A vulnerability has been identified that, if exploited, could result i ...) NOT-FOR-US: Citrix CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...) NOT-FOR-US: Siemens CVE-2023-24477 (In certain conditions, depending on timing and the usage of the Chrome ...) NOT-FOR-US: Guardian/CMC CVE-2023-24471 (An access control vulnerability was found, due to the restrictions tha ...) NOT-FOR-US: Nozomi Networks CVE-2023-24015 (A partial DoS vulnerability has been detected in the Reports section, ...) NOT-FOR-US: Nozomi Networks CVE-2023-23903 (An authenticated administrator can upload a SAML configuration file wi ...) NOT-FOR-US: Nozomi Networks CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...) NOT-FOR-US: Nozomi Networks Guardian and CMC CVE-2023-22843 (An authenticated attacker with administrative access to the appliance ...) NOT-FOR-US: Nozomi Networks CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...) NOT-FOR-US: Nozomi Networks CVE-2023-0479 (The Print Invoice & Delivery Notes for WooCommerce WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2023-0478 RESERVED CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...) NOT-FOR-US: Tenable CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...) - golang-github-hashicorp-go-getter (bug #1032100) [bookworm] - golang-github-hashicorp-go-getter (Minor issue) [bullseye] - golang-github-hashicorp-go-getter (Minor issue) [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...) {DSA-5328-1} - chromium 109.0.5414.119-1 [buster] - chromium (see DSA 5046) CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.54 ...) {DSA-5328-1} - chromium 109.0.5414.119-1 [buster] - chromium (see DSA 5046) CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allo ...) {DSA-5328-1} - chromium 109.0.5414.119-1 [buster] - chromium (see DSA 5046) CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.5414.11 ...) {DSA-5328-1} - chromium 109.0.5414.119-1 [buster] - chromium (see DSA 5046) CVE-2023-0470 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) NOT-FOR-US: Modoboa CVE-2023-0469 (A use-after-free flaw was found in io_uring/filetable.c in io_install_ ...) - linux 6.0.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7) CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_check_ev ...) - linux 6.0.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7) NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7) CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...) {DSA-5417-1 DLA-3449-1} - openssl 3.0.9-1 (bug #1034720) NOTE: https://www.openssl.org/news/secadv/20230328.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable) CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...) {DSA-5417-1 DLA-3449-1} - openssl 3.0.9-1 (bug #1034720) NOTE: https://www.openssl.org/news/secadv/20230328.txt NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf (openssl-3.0.9) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dda529ecc2d085488eef60235ef553dc5fd6e6dc (openssl-3.0.9) NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9 (OpenSSL_1_1_1-stable) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38 (OpenSSL_1_1_1-stable) CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...) {DSA-5417-1 DLA-3449-1} - openssl 3.0.9-1 (bug #1034720) NOTE: https://www.openssl.org/news/secadv/20230322.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b (OpenSSL_1_1_1-stable) CVE-2023-0463 (The force offline MFA prompt setting is not respected when switching t ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2023-0462 (An arbitrary code execution flaw was found in Foreman. This issue may ...) - foreman (bug #663101) CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.7-1 [bullseye] - linux 5.10.178-1 NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...) NOT-FOR-US: YouTube Embedded 1.2 SDK CVE-2023-0459 (Copy_from_user on 64-bit versions of the Linux kernel does not impleme ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh NOTE: https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (6.3-rc1) CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Kernel o ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.8-1 [bullseye] - linux 5.10.178-1 NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh NOTE: https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5) CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...) NOT-FOR-US: Mitsubishi CVE-2022-4896 (Cyber Control, in its 1.650 version, is affected by a vulnerabilityin ...) NOT-FOR-US: Cyber Control CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...) NOT-FOR-US: WordPress plugin CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...) NOT-FOR-US: ArcSight CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior to 7. ...) NOT-FOR-US: ArcSight CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...) NOT-FOR-US: NetIQ CVE-2023-24467 RESERVED CVE-2023-24466 RESERVED CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerab ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwo ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-22371 (An os command injection vulnerability exists in the liburvpn.so create ...) NOT-FOR-US: MilesightVPN CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a propri ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-0456 (A flaw was found in APICast, when 3Scale's OIDC module does not proper ...) NOT-FOR-US: Red Hat 3scale API gateway CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...) NOT-FOR-US: unilogies/bumsys CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) NOT-FOR-US: OrangeScrum CVE-2023-0453 (The WP Private Message WordPress plugin (bundled with the Superio them ...) NOT-FOR-US: WordPress plugin CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...) NOT-FOR-US: Jenkins BearyChat Plugin CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat ...) NOT-FOR-US: Jenkins plugin CVE-2023-24457 (A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak ...) NOT-FOR-US: Jenkins plugin CVE-2023-24456 (Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not inva ...) NOT-FOR-US: Jenkins plugin CVE-2023-24455 (Jenkins visualexpert Plugin 1.3 and earlier does not restrict the name ...) NOT-FOR-US: Jenkins plugin CVE-2023-24454 (Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQual ...) NOT-FOR-US: Jenkins plugin CVE-2023-24453 (A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2023-24452 (A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuali ...) NOT-FOR-US: Jenkins plugin CVE-2023-24451 (A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1. ...) NOT-FOR-US: Jenkins plugin CVE-2023-24450 (Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2023-24449 (Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict ...) NOT-FOR-US: Jenkins plugin CVE-2023-24448 (A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and ...) NOT-FOR-US: Jenkins plugin CVE-2023-24447 (A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ ...) NOT-FOR-US: Jenkins plugin CVE-2023-24446 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Pl ...) NOT-FOR-US: Jenkins plugin CVE-2023-24445 (Jenkins OpenID Plugin 2.4 and earlier improperly determines that a red ...) NOT-FOR-US: Jenkins plugin CVE-2023-24444 (Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous ...) NOT-FOR-US: Jenkins plugin CVE-2023-24443 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin CVE-2023-24442 (Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier s ...) NOT-FOR-US: Jenkins plugin CVE-2023-24441 (Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML par ...) NOT-FOR-US: Jenkins plugin CVE-2023-24440 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier t ...) NOT-FOR-US: Jenkins plugin CVE-2023-24439 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier s ...) NOT-FOR-US: Jenkins plugin CVE-2023-24438 (A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.1 ...) NOT-FOR-US: Jenkins plugin CVE-2023-24437 (A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipe ...) NOT-FOR-US: Jenkins plugin CVE-2023-24436 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) NOT-FOR-US: Jenkins plugin CVE-2023-24435 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) NOT-FOR-US: Jenkins plugin CVE-2023-24434 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pu ...) NOT-FOR-US: Jenkins plugin CVE-2023-24433 (Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 an ...) NOT-FOR-US: Jenkins plugin CVE-2023-24432 (A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by M ...) NOT-FOR-US: Jenkins plugin CVE-2023-24431 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 a ...) NOT-FOR-US: Jenkins plugin CVE-2023-24430 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2023-24429 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict ...) NOT-FOR-US: Jenkins plugin CVE-2023-24428 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) NOT-FOR-US: Jenkins plugin CVE-2023-24427 (Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate th ...) NOT-FOR-US: Jenkins plugin CVE-2023-24426 (Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invali ...) NOT-FOR-US: Jenkins plugin CVE-2023-24425 (Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and ...) NOT-FOR-US: Jenkins plugin CVE-2023-24424 (Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Tr ...) NOT-FOR-US: Jenkins plugin CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...) NOT-FOR-US: Jenkins plugin CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compa ...) NOT-FOR-US: WordPress plugin CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...) NOT-FOR-US: WordPress plugin CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...) NOT-FOR-US: WordPress plugin CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Wor ...) NOT-FOR-US: WordPress plugin CVE-2023-24416 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...) NOT-FOR-US: WordPress plugin CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) NOT-FOR-US: WordPress plugin CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) NOT-FOR-US: WordPress plugin CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24410 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24407 RESERVED CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) NOT-FOR-US: WordPress plugin CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) NOT-FOR-US: WordPress plugin CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...) NOT-FOR-US: WordPress plugin CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) NOT-FOR-US: WordPress plugin CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...) NOT-FOR-US: WordPress plugin CVE-2023-24401 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) NOT-FOR-US: WordPress plugin CVE-2023-24400 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-ma ...) NOT-FOR-US: WordPress plugin CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) NOT-FOR-US: WordPress plugin CVE-2023-24397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rese ...) NOT-FOR-US: WordPress plugin CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) NOT-FOR-US: WordPress plugin CVE-2023-24394 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...) NOT-FOR-US: WordPress plugin CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2023-24391 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spid ...) NOT-FOR-US: WordPress plugin CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSe ...) NOT-FOR-US: WordPress plugin CVE-2023-24389 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in bran ...) NOT-FOR-US: WordPress plugin CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking ca ...) NOT-FOR-US: WpDevArt Booking calendar, Appointment Booking System plugin CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) NOT-FOR-US: WordPress plugin CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...) NOT-FOR-US: WordPress plugin CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Dav ...) NOT-FOR-US: WordPress plugin CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...) NOT-FOR-US: WordPress plugin CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) NOT-FOR-US: WordPress plugin CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...) NOT-FOR-US: WordPress plugin CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...) NOT-FOR-US: WordPress plugin CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp ...) NOT-FOR-US: WordPress plugin CVE-2023-24379 RESERVED CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...) NOT-FOR-US: WordPress plugin CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...) NOT-FOR-US: WordPress plugin CVE-2023-24375 RESERVED CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24373 RESERVED CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...) NOT-FOR-US: WordPress plugin CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...) NOT-FOR-US: Datakit CrossCadWare_x64.dll CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) NOT-FOR-US: Datakit CrossCadWare_x64.dll CVE-2023-22354 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) NOT-FOR-US: Datakit CrossCadWare_x64.dll CVE-2023-22321 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) NOT-FOR-US: Datakit CrossCadWare_x64.dll CVE-2023-22295 (Datakit CrossCadWare_x64.dll contains an out of bounds read past the e ...) NOT-FOR-US: Datakit CrossCadWare_x64.dll CVE-2023-0452 (Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for e ...) NOT-FOR-US: Econolite EOS traffic control software CVE-2023-0451 (Econolite EOS versions prior to 3.2.23 lack a password requirement for ...) NOT-FOR-US: Econolite EOS traffic control software CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0449 REJECTED CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GE ...) NOT-FOR-US: WordPress plugin CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...) NOT-FOR-US: My YouTube Channel plugin for WordPress CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: My YouTube Channel plugin for WordPress CVE-2023-0445 RESERVED CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics Infra ...) NOT-FOR-US: Delta Electronics InfraSuite Device Master CVE-2023-0443 (The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freem ...) NOT-FOR-US: WordPress plugin CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...) NOT-FOR-US: WordPress plugin CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...) NOT-FOR-US: healthchecks CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its form n ...) NOT-FOR-US: WordPress plugin CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit cond ...) - mongo-c-driver 1.25.0-1 [bookworm] - mongo-c-driver (Minor issue) [bullseye] - mongo-c-driver (Minor issue) [buster] - mongo-c-driver (Minor issue) NOTE: https://jira.mongodb.org/browse/CDRIVER-4747 CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...) NOT-FOR-US: MongoDB Atlas Kubernetes Operator CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...) NOT-FOR-US: MongoDB .NET/C# Driver CVE-2023-24371 RESERVED CVE-2023-24370 RESERVED CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...) NOT-FOR-US: UJCMS CVE-2023-24368 REJECTED CVE-2023-24367 REJECTED CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...) NOT-FOR-US: rConfig CVE-2023-24365 RESERVED CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...) NOT-FOR-US: Simple Customer Relationship Management System CVE-2023-24363 RESERVED CVE-2023-24362 RESERVED CVE-2023-24361 RESERVED CVE-2023-24360 RESERVED CVE-2023-24359 RESERVED CVE-2023-24358 RESERVED CVE-2023-24357 RESERVED CVE-2023-24356 RESERVED CVE-2023-24355 RESERVED CVE-2023-24354 RESERVED CVE-2023-24353 RESERVED CVE-2023-24352 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24351 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24350 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24349 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24348 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24347 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24346 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24345 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24344 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24343 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2023-24342 RESERVED CVE-2023-24341 RESERVED CVE-2023-24340 RESERVED CVE-2023-24339 RESERVED CVE-2023-24338 RESERVED CVE-2023-24337 RESERVED CVE-2023-24336 RESERVED CVE-2023-24335 RESERVED CVE-2023-24334 (A stack overflow vulnerability in Tenda AC23 with firmware version US_ ...) NOT-FOR-US: Tenda CVE-2023-24333 (A stack overflow vulnerability in Tenda AC21 with firmware version US_ ...) NOT-FOR-US: Tenda CVE-2023-24332 (A stack overflow vulnerability in Tenda AC6 with firmware version US_A ...) NOT-FOR-US: Tenda CVE-2023-24331 (Command Injection vulnerability in D-Link Dir 816 with firmware versio ...) NOT-FOR-US: D-Link CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with firmware versio ...) NOT-FOR-US: D-Link CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...) {DLA-3575-1} - python3.11 3.11.4-1 [bookworm] - python3.11 (Minor issue) - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Cf. related CVE-2022-0391) - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.12+dfsg-1 [bookworm] - pypy3 (Minor issue) [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://pointernull.com/security/python-url-parse-problem.html NOTE: https://github.com/python/cpython/pull/99421 NOTE: https://github.com/python/cpython/pull/99446 (backport for 3.11 branch) NOTE: https://github.com/python/cpython/commit/439b9cfaf43080e91c4ad69f312f21fa098befc7 (v3.12.0a2) NOTE: https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 (v3.11.1) NOTE: The change linked above does not seem to fix the CVE: NOTE: https://github.com/python/cpython/issues/102153 NOTE: https://github.com/python/cpython/pull/104575 (3.11) NOTE: https://github.com/python/cpython/pull/104592 (3.11, 3.10) NOTE: https://github.com/python/cpython/pull/104593 (3.9) NOTE: https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10 (v3.12.0b1) NOTE: https://github.com/python/cpython/commit/610cc0ab1b760b2abaac92bd256b96191c46b941 (v3.11.4) NOTE: https://github.com/python/cpython/commit/f48a96a28012d28ae37a2f4587a780a5eb779946 (v3.10.12) NOTE: https://github.com/python/cpython/commit/d7f8a5fe07b0ff3a419ccec434cc405b21a5a304 (v3.9.17) CVE-2023-24328 RESERVED CVE-2023-24327 RESERVED CVE-2023-24326 RESERVED CVE-2023-24325 RESERVED CVE-2023-24324 RESERVED CVE-2023-24323 (Mojoportal v2.7 was discovered to contain an authenticated XML externa ...) NOT-FOR-US: Mojoportal CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the FileDialog ...) NOT-FOR-US: Mojoportal CVE-2023-24321 RESERVED CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows unauthentic ...) NOT-FOR-US: Axcora POS CVE-2023-24319 RESERVED CVE-2023-24318 RESERVED CVE-2023-24317 (Judging Management System 1.0 was discovered to contain an arbitrary f ...) NOT-FOR-US: Judging Management System CVE-2023-24316 RESERVED CVE-2023-24315 RESERVED CVE-2023-24314 RESERVED CVE-2023-24313 RESERVED CVE-2023-24312 RESERVED CVE-2023-24311 RESERVED CVE-2023-24310 RESERVED CVE-2023-24309 RESERVED CVE-2023-24308 (A potential memory vulnerability due to insufficient input validation ...) NOT-FOR-US: PDF-XChange Editor CVE-2023-24307 RESERVED CVE-2023-24306 RESERVED CVE-2023-24305 RESERVED CVE-2023-24304 (Improper input validation in the PDF.dll plugin of IrfanView v4.60 all ...) NOT-FOR-US: IrfanView CVE-2023-24303 RESERVED CVE-2023-24302 RESERVED CVE-2023-24301 RESERVED CVE-2023-24300 RESERVED CVE-2023-24299 RESERVED CVE-2023-24298 RESERVED CVE-2023-24297 RESERVED CVE-2023-24296 RESERVED CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...) NOT-FOR-US: SoftMaker Software GmbH FlexiPDF CVE-2023-24294 (Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to ...) NOT-FOR-US: Zumtobel Netlink CCD Onboard CVE-2023-24293 RESERVED CVE-2023-24292 RESERVED CVE-2023-24291 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24290 RESERVED CVE-2023-24289 RESERVED CVE-2023-24288 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24287 [A crafted save file can cause a buffer overrun in the Undead puzzle] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24286 [A crafted save file can cause a buffer overrun in the Mosaic puzzle] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles (Vulnerable code introduced later) [buster] - sgt-puzzles (Vulnerable code introduced later) CVE-2023-24285 [A crafted save file can cause a buffer overrun in the Netslide puzzle] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24284 [A crafted save file can cause a buffer overrun in the Guess puzzle] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24283 [A crafted save file can cause a buffer overrun in the Guess puzzle] RESERVED - sgt-puzzles 20230122.806ae71-1 (bug #1028986) [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 [buster] - sgt-puzzles (Games are not supported in LTS) CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...) NOT-FOR-US: Poly Trio 8800 CVE-2023-24281 RESERVED CVE-2023-24280 RESERVED CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...) NOT-FOR-US: Open Networking Foundation ONOS CVE-2023-24278 (Squidex before 7.4.0 was discovered to contain a squid.svg cross-site ...) NOT-FOR-US: Squidex CVE-2023-24277 RESERVED CVE-2023-24276 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-24275 RESERVED CVE-2023-24274 RESERVED CVE-2023-24273 RESERVED CVE-2023-24272 RESERVED CVE-2023-24271 RESERVED CVE-2023-24270 RESERVED CVE-2023-24269 (An arbitrary file upload vulnerability in the plugin upload function o ...) NOT-FOR-US: Textpattern plugin CVE-2023-24268 RESERVED CVE-2023-24267 RESERVED CVE-2023-24266 RESERVED CVE-2023-24265 RESERVED CVE-2023-24264 RESERVED CVE-2023-24263 RESERVED CVE-2023-24262 RESERVED CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows ...) NOT-FOR-US: GL.iNET CVE-2023-24260 RESERVED CVE-2023-24259 RESERVED CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ...) {DSA-5325-1 DLA-3347-1} - spip 4.1.7+dfsg-1 NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92 NOTE: https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md CVE-2023-24257 RESERVED CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6 Aspen be ...) NOT-FOR-US: NIO EC6 Aspen CVE-2023-24255 RESERVED CVE-2023-24254 RESERVED CVE-2023-24253 (Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain ...) NOT-FOR-US: Domotica Labs srl Ikon Server CVE-2023-24252 RESERVED CVE-2023-24251 (WangEditor v5 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: WangEditor CVE-2023-24250 RESERVED CVE-2023-24249 (An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows ...) NOT-FOR-US: laravel-admin CVE-2023-24248 RESERVED CVE-2023-24247 RESERVED CVE-2023-24246 RESERVED CVE-2023-24245 RESERVED CVE-2023-24244 RESERVED CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...) NOT-FOR-US: CData RSB Connect CVE-2023-24242 RESERVED CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) NOT-FOR-US: Forget Heart Message Box CVE-2023-24240 RESERVED CVE-2023-24239 RESERVED CVE-2023-24238 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-24237 RESERVED CVE-2023-24236 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2023-24235 RESERVED CVE-2023-24234 (A stored cross-site scripting (XSS) vulnerability in the component php ...) NOT-FOR-US: Inventory Management System CVE-2023-24233 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) NOT-FOR-US: Inventory Management System CVE-2023-24232 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) NOT-FOR-US: Inventory Management System CVE-2023-24231 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) NOT-FOR-US: Inventory Management System CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the component /fo ...) NOT-FOR-US: Formwork CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with netwo ...) NOT-FOR-US: DrayTek Vigor2960 CVE-2023-24228 RESERVED CVE-2023-24227 RESERVED CVE-2023-24226 RESERVED CVE-2023-24225 RESERVED CVE-2023-24224 RESERVED CVE-2023-24223 RESERVED CVE-2023-24222 RESERVED CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: LuckyframeWEB CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: LuckyframeWEB CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: LuckyframeWEB CVE-2023-24218 RESERVED CVE-2023-24217 (AgileBio Electronic Lab Notebook v4.234 was discovered to contain a lo ...) NOT-FOR-US: AgileBio Electronic Lab Notebook CVE-2023-24216 RESERVED CVE-2023-24215 RESERVED CVE-2023-24214 RESERVED CVE-2023-24213 RESERVED CVE-2023-24212 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2023-24211 RESERVED CVE-2023-24210 RESERVED CVE-2023-24209 RESERVED CVE-2023-24208 RESERVED CVE-2023-24207 RESERVED CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Davinci CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...) NOT-FOR-US: Clash for Windows CVE-2023-24204 (SQL injection vulnerability in SourceCodester Simple Customer Relation ...) TODO: check CVE-2023-24203 (Cross Site Scripting vulnerability in SourceCodester Simple Customer R ...) TODO: check CVE-2023-24202 (Raffle Draw System v1.0 was discovered to contain a local file inclusi ...) NOT-FOR-US: Raffle Draw System CVE-2023-24201 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: Raffle Draw System CVE-2023-24200 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: Raffle Draw System CVE-2023-24199 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: Raffle Draw System CVE-2023-24198 (Raffle Draw System v1.0 was discovered to contain multiple SQL injecti ...) NOT-FOR-US: Raffle Draw System CVE-2023-24197 (Online Food Ordering System v2 was discovered to contain a SQL injecti ...) NOT-FOR-US: Online Food Ordering System CVE-2023-24196 RESERVED CVE-2023-24195 (Online Food Ordering System v2 was discovered to contain a cross-site ...) NOT-FOR-US: Online Food Ordering System CVE-2023-24194 (Online Food Ordering System v2 was discovered to contain a cross-site ...) NOT-FOR-US: Online Food Ordering System CVE-2023-24193 RESERVED CVE-2023-24192 (Online Food Ordering System v2 was discovered to contain a cross-site ...) NOT-FOR-US: Online Food Ordering System CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross-site ...) NOT-FOR-US: Online Food Ordering System CVE-2023-24190 RESERVED CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...) NOT-FOR-US: urule CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...) NOT-FOR-US: ureport CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...) NOT-FOR-US: ureport CVE-2023-24186 RESERVED CVE-2023-24185 RESERVED CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2023-24183 RESERVED CVE-2023-24182 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...) NOT-FOR-US: LuCI openwrt CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...) NOT-FOR-US: LuCI openwrt CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...) - libelfin (bug #1033741) [bookworm] - libelfin (Minor issue) [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/75 CVE-2023-24179 RESERVED CVE-2023-24178 RESERVED CVE-2023-24177 RESERVED CVE-2023-24176 RESERVED CVE-2023-24175 RESERVED CVE-2023-24174 RESERVED CVE-2023-24173 RESERVED CVE-2023-24172 RESERVED CVE-2023-24171 RESERVED CVE-2023-24170 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...) NOT-FOR-US: Tenda CVE-2023-24169 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) NOT-FOR-US: Tenda CVE-2023-24168 RESERVED CVE-2023-24167 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/a ...) NOT-FOR-US: Tenda CVE-2023-24166 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...) NOT-FOR-US: Tenda CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/i ...) NOT-FOR-US: Tenda CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) NOT-FOR-US: Tenda CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...) NOT-FOR-US: Dromara hutool CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...) NOT-FOR-US: Dromara hutool CVE-2023-24161 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24160 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24159 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24158 RESERVED CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in the fun ...) NOT-FOR-US: TOTOLINK CVE-2023-24156 (A command injection vulnerability in the ip parameter in the function ...) NOT-FOR-US: TOTOLINK CVE-2023-24155 (TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password fo ...) NOT-FOR-US: TOTOLINK CVE-2023-24154 (TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2023-24153 (A command injection vulnerability in the version parameter in the func ...) NOT-FOR-US: TOTOLINK CVE-2023-24152 (A command injection vulnerability in the serverIp parameter in the fun ...) NOT-FOR-US: TOTOLINK CVE-2023-24151 (A command injection vulnerability in the ip parameter in the function ...) NOT-FOR-US: TOTOLINK CVE-2023-24150 (A command injection vulnerability in the serverIp parameter in the fun ...) NOT-FOR-US: TOTOLINK CVE-2023-24149 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) NOT-FOR-US: TOTOLINK CVE-2023-24148 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24147 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) NOT-FOR-US: TOTOLINK CVE-2023-24146 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24145 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24144 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24143 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24142 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24141 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24140 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24139 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24138 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2023-24137 RESERVED CVE-2023-24136 RESERVED CVE-2023-24135 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24134 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24133 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24132 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24131 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24130 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24129 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24128 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24127 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24126 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24125 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24124 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24123 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24122 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24121 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24120 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24119 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24118 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24117 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC CVE-2023-24116 RESERVED CVE-2023-24115 RESERVED CVE-2023-24114 (typecho 1.1/17.10.30 was discovered to contain a remote code execution ...) NOT-FOR-US: typecho CVE-2023-24113 RESERVED CVE-2023-24112 RESERVED CVE-2023-24111 RESERVED CVE-2023-24110 RESERVED CVE-2023-24109 RESERVED CVE-2023-24108 (MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to co ...) NOT-FOR-US: MvcTools CVE-2023-24107 (hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459f ...) NOT-FOR-US: hour_of_code_python_2015 CVE-2023-24106 RESERVED CVE-2023-24105 RESERVED CVE-2023-24104 (Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to ...) NOT-FOR-US: Ubiquiti Networks UniFi Dream Machine Pro CVE-2023-24103 RESERVED CVE-2023-24102 RESERVED CVE-2023-24101 RESERVED CVE-2023-24100 RESERVED CVE-2023-24099 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2023-24098 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2023-24097 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2023-24096 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2023-24095 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows ...) NOT-FOR-US: MikroTik RouterOS CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...) NOT-FOR-US: H3C A210-G A210-GV100R005 CVE-2023-24092 RESERVED CVE-2023-24091 RESERVED CVE-2023-24090 RESERVED CVE-2023-24089 RESERVED CVE-2023-24088 RESERVED CVE-2023-24087 RESERVED CVE-2023-24086 (SLIMS v9.5.2 was discovered to contain a reflected cross-site scriptin ...) NOT-FOR-US: SLIMS# CVE-2023-24085 RESERVED CVE-2023-24084 (ChiKoi v1.0 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: ChiKoi CVE-2023-24083 RESERVED CVE-2023-24082 RESERVED CVE-2023-24081 (Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock ...) NOT-FOR-US: Redrock Software TutorTrac CVE-2023-24080 (A lack of rate limiting on the password reset endpoint of Chamberlain ...) NOT-FOR-US: Chamberlain myQ CVE-2023-24079 RESERVED CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...) NOT-FOR-US: Real Time Logic FuguHub CVE-2023-24077 RESERVED CVE-2023-24076 RESERVED CVE-2023-24075 RESERVED CVE-2023-24074 RESERVED CVE-2023-24073 RESERVED CVE-2023-24072 RESERVED CVE-2023-24071 RESERVED CVE-2023-24070 (app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an X ...) NOT-FOR-US: MISP CVE-2023-24069 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) - signal-desktop (bug #842943) CVE-2023-24068 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) - signal-desktop (bug #842943) CVE-2023-24067 RESERVED CVE-2023-24066 RESERVED CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For example, ...) NOT-FOR-US: NOSH CVE-2023-24064 RESERVED CVE-2023-24063 RESERVED CVE-2023-24062 RESERVED CVE-2023-24061 RESERVED CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[u ...) NOT-FOR-US: Haven CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload prior to 0 ...) - pyload (bug #1001980) CVE-2022-4895 (Improper Certificate Validation vulnerability in Hitachi Infrastructur ...) NOT-FOR-US: Hitachi CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has ...) {DSA-5333-1 DLA-3297-1} - tiff 4.5.0-4 (bug #1029653) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488 CVE-2022-48280 RESERVED CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...) {DLA-3313-1} - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770 CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...) {DLA-3313-1} - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737 CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...) {DLA-3313-1} - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796 CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...) - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18779 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/9322 NOTE: Vulnerable dissector introduced with https://gitlab.com/wireshark/wireshark/-/commit/a87e56aa79f62ba8967e63da9d408e464596cd85 (first released with version 3.0.0) CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...) {DLA-3313-1} - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766 CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...) {DLA-3313-1} - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628 CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...) - wireshark 4.0.3-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (Vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2023-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18622 NOTE: introduced by https://gitlab.com/wireshark/wireshark/-/merge_requests/6838 CVE-2023-24059 (Grand Theft Auto V for PC allows attackers to achieve partial remote c ...) NOT-FOR-US: Grand Theft Auto V for PC CVE-2023-24058 (Booked Scheduler 2.5.5 allows authenticated users to create and schedu ...) NOT-FOR-US: Booked Scheduler CVE-2023-24057 (HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers ...) NOT-FOR-US: HL7 (Health Level 7) FHIR Core Libraries CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbounded str ...) - pkgconf 1.8.1-1 [bullseye] - pkgconf (Minor issue) [buster] - pkgconf (Minor issue) NOTE: https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023 (pkgconf-1.9.4, pkgconf-1.8.1) NOTE: https://nullprogram.com/blog/2023/01/18/ CVE-2023-24055 (KeePass through 2.53 (in a default installation) allows an attacker, w ...) NOT-FOR-US: Disputed KeePass issue CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to ...) - pyload (bug #1001980) CVE-2023-24054 REJECTED CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ NOTE: https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b (v9.0.1225) NOTE: Crash in CLI tool, no security impact CVE-2023-24053 RESERVED CVE-2023-24052 (An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows att ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24051 (A client side rate limit issue discovered in Connectize AC21000 G6 641 ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24050 (Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641. ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24049 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24048 (Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24047 (An Insecure Credential Management issue discovered in Connectize AC210 ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24046 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) NOT-FOR-US: Connectize AC21000 G6 CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...) NOT-FOR-US: Dataiku CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...) NOT-FOR-US: Plesk Obsidian CVE-2023-24043 RESERVED CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to achieve ...) NOT-FOR-US: LightFTP CVE-2023-24041 RESERVED CVE-2023-24040 (dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser ...) NOT-FOR-US: Oracle CVE-2023-24039 (A stack-based buffer overflow in ParseColors in libXm in Common Deskto ...) NOT-FOR-US: Oracle CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_ ...) {DSA-5339-1 DLA-3296-1} - libhtml-stripscripts-perl 1.06-4 (bug #1029400) NOTE: https://github.com/clintongormley/perl-html-stripscripts/issues/3 NOTE: https://github.com/clintongormley/perl-html-stripscripts/pull/4 CVE-2023-24037 RESERVED CVE-2023-24036 RESERVED CVE-2023-24035 RESERVED CVE-2023-24034 RESERVED CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...) NOT-FOR-US: Samsung CVE-2023-24032 (In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who ...) NOT-FOR-US: Zimbra CVE-2023-24031 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. ...) NOT-FOR-US: Zimbra CVE-2023-24030 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) NOT-FOR-US: Zimbra CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...) NOT-FOR-US: Progress WS_FTP Server CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...) NOT-FOR-US: MISP CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...) NOT-FOR-US: MISP CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerabilit ...) NOT-FOR-US: MISP CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2 ...) NOT-FOR-US: CRYSTALS-DILITHIUM CVE-2023-24024 RESERVED CVE-2023-24023 (Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connect ...) - linux 6.6.9-1 [bookworm] - linux 6.1.76-1 NOTE: https://git.kernel.org/linus/04a342cc49a8522e99c9b3346371c329d841dcd2 (6.7-rc7) CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...) NOT-FOR-US: Baicells CVE-2023-0432 (The web configuration service of the affected device contains an authe ...) NOT-FOR-US: Delta Electronics CVE-2023-0431 (The File Away WordPress plugin through 3.9.9.0.1 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...) - yii (bug #597899) CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...) {DLA-3283-1} - modsecurity-apache 2.9.7-1 (bug #1029329) [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857 NOTE: https://github.com/SpiderLabs/ModSecurity/commit/4324f0ac59f8225aa44bc5034df60dbeccd1d334 (v2.9.7) CVE-2023-24012 RESERVED CVE-2023-24011 RESERVED CVE-2023-24010 RESERVED CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress theme CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...) NOT-FOR-US: WordPress plugin CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...) NOT-FOR-US: WordPress plugin CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...) NOT-FOR-US: WordPress plugin CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) NOT-FOR-US: WordPress plugin CVE-2023-24004 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) NOT-FOR-US: WordPress plugin CVE-2023-24003 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-24002 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) NOT-FOR-US: WordPress plugin CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yann ...) NOT-FOR-US: WordPress plugin CVE-2023-24000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database ...) NOT-FOR-US: WordPress plugin CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...) NOT-FOR-US: WordPress plugin CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...) NOT-FOR-US: WordPress plugin CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Lio ...) NOT-FOR-US: WordPress plugin CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2023-23990 RESERVED CVE-2023-23989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-23988 RESERVED CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEv ...) NOT-FOR-US: WordPress plugin CVE-2023-23986 RESERVED CVE-2023-23985 (Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This ...) NOT-FOR-US: WordPress plugin CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble ...) NOT-FOR-US: WordPress plugin CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...) NOT-FOR-US: WordPress plugin CVE-2023-23982 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...) NOT-FOR-US: WordPress plugin CVE-2023-23981 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...) NOT-FOR-US: WordPress plugin CVE-2023-23980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mail ...) NOT-FOR-US: WordPress plugin CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...) NOT-FOR-US: WordPress plugin CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23976 (Incorrect Default Permissions vulnerability in Metagauss RegistrationM ...) NOT-FOR-US: WordPress plugin CVE-2023-23975 RESERVED CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Eve ...) NOT-FOR-US: WordPress plugin CVE-2023-23973 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Cont ...) NOT-FOR-US: WordPress plugin CVE-2023-23972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smpl ...) NOT-FOR-US: WordPress plugin CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) NOT-FOR-US: WordPress plugin CVE-2023-23970 (Unrestricted Upload of File with Dangerous Type vulnerability in WooRo ...) NOT-FOR-US: WordPress theme CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...) NOT-FOR-US: MilesightVPN CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...) NOT-FOR-US: Milesight UR32L CVE-2023-23571 (An access violation vulnerability exists in the eventcore functionalit ...) NOT-FOR-US: Milesight UR32L CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io file-export ...) NOT-FOR-US: Milesight UR32L CVE-2023-22844 (An authentication bypass vulnerability exists in the requestHandlers.j ...) NOT-FOR-US: MilesightVPN CVE-2023-22659 (An os command injection vulnerability exists in the libzebra.so change ...) NOT-FOR-US: Milesight UR32L CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js LoginAu ...) NOT-FOR-US: MilesightVPN CVE-2023-22306 (An OS command injection vulnerability exists in the libzebra.so bridge ...) NOT-FOR-US: Milesight UR32L CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...) {DSA-5355-1 DLA-3324-1} - thunderbird 1:102.7.1+1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000 CVE-2023-0429 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-0428 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2023-0427 RESERVED CVE-2023-0426 (ABB is aware of vulnerabilities in the product versions listed below. ...) NOT-FOR-US: ABB CVE-2023-0425 (ABB is aware of vulnerabilities in the product versions listed below. ...) NOT-FOR-US: ABB CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2023-0421 (The Cloud Manager WordPress plugin through 1.0 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4894 (Certain HP and Samsung Printer software packages may potentially be vu ...) NOT-FOR-US: HP CVE-2022-4893 REJECTED CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...) {DLA-3283-1} - modsecurity-apache 2.9.6-1 [bullseye] - modsecurity-apache 2.9.3-3+deb11u2 - modsecurity 3.0.8-1 [bullseye] - modsecurity (Minor issue) [buster] - modsecurity (Minor issue) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2795 NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/d6c10885e08779e99e76efcd5ad65802104cda14 (v3.0.8) NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2797 NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/51a30d7b406af95c4143560d9753cf0b6d2151f5 (v2.9.6) NOTE: Issue relates to CVE-2022-39956 but considered independent change to ModSecurity (C NOTE: language) codebase. CVE-2023-23969 (In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...) {DLA-3306-1} - python-django 3:3.2.17-1 (bug #1030251) [bullseye] - python-django 2:2.2.28-1~deb11u2 NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) CVE-2023-23968 RESERVED CVE-2023-23967 RESERVED CVE-2023-23966 RESERVED CVE-2023-23965 RESERVED CVE-2023-23964 RESERVED CVE-2023-23963 RESERVED CVE-2023-23962 RESERVED CVE-2023-23961 RESERVED CVE-2023-23960 RESERVED CVE-2023-23959 RESERVED CVE-2023-23958 (Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Ha ...) NOT-FOR-US: Symantec Protection Engine CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...) NOT-FOR-US: Symantec Identity Portal CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...) NOT-FOR-US: Symantec CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) NOT-FOR-US: Symantec CVE-2023-23954 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) NOT-FOR-US: Symantec CVE-2023-23953 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) NOT-FOR-US: Symantec CVE-2023-23952 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) NOT-FOR-US: Symantec CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...) NOT-FOR-US: Symantec CVE-2023-23950 (User\u2019s supplied input (usually a CRLF sequence) can be used to sp ...) NOT-FOR-US: Symantec CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...) NOT-FOR-US: Symantec CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...) NOT-FOR-US: ownCloud Android app CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...) {DSA-5357-1 DLA-3338-1} - git 1:2.39.2-1 (bug #1031310) NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5 NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8) CVE-2023-23945 RESERVED CVE-2023-23944 (Nextcloud mail is an email app for the nextcloud home server platform. ...) NOT-FOR-US: Nextcloud mail CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server platform. ...) NOT-FOR-US: Nextcloud mail CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...) - nextcloud-desktop 3.6.4-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg NOTE: https://github.com/nextcloud/desktop/pull/5233 NOTE: https://github.com/nextcloud/desktop/pull/5240 NOTE: https://hackerone.com/reports/1788598 CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...) NOT-FOR-US: SwagPayPal CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...) NOT-FOR-US: Azure/setup-kubectl CVE-2023-23938 (Tuleap is a Free & Source tool for end to end traceability of applicat ...) NOT-FOR-US: Tuleap CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...) NOT-FOR-US: Pimcore CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...) - node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418) [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1) CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...) NOT-FOR-US: Discourse CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...) {DSA-5470-1 DLA-3346-1} - python-werkzeug 2.2.2-3 (bug #1031370) NOTE: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 (2.2.3) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...) NOT-FOR-US: OpenSearch Anomaly Detection CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...) NOT-FOR-US: OpenDDS CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives ...) {DLA-3331-2 DLA-3331-1} - python-cryptography 38.0.4-3 (bug #1031049) [bullseye] - python-cryptography (Minor issue) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 CVE-2023-23930 (vantage6 is privacy preserving federated learning infrastructure. Vers ...) NOT-FOR-US: vantage6 CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...) NOT-FOR-US: vantage6 CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...) NOT-FOR-US: reason-jose CVE-2023-23927 (Craft is a platform for creating digital experiences. When you insert ...) NOT-FOR-US: Craft CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...) NOT-FOR-US: APOC CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...) NOT-FOR-US: Switcher CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...) - php-dompdf (Vulnerable code not in any Debian released version) NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg NOTE: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85 (v2.0.2) CVE-2023-23923 (The vulnerability was found Moodle which exists due to insufficient li ...) - moodle CVE-2023-23922 (The vulnerability was found Moodle which exists due to insufficient sa ...) - moodle CVE-2023-23921 (The vulnerability was found Moodle which exists due to insufficient sa ...) - moodle CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...) NOT-FOR-US: builderio/qwik CVE-2023-0409 RESERVED CVE-2023-0408 RESERVED CVE-2023-0407 RESERVED CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19.6.1, <18 ...) {DSA-5589-1 DSA-5395-1 DLA-3344-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1031834) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920 NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16 ...) {DSA-5589-1} - nodejs 18.13.0+dfsg1-1.1 (bug #1031834) [bullseye] - nodejs (X509Certificate API introduced in v15.6.0) [buster] - nodejs (X509Certificate API introduced in v15.6.0) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919 NOTE: https://hackerone.com/reports/1808596 NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14 ...) {DSA-5589-1} - nodejs 18.19.0+dfsg-2 (bug #1031834) [bullseye] - nodejs (Permissions policy introduced in v16.x) [buster] - nodejs (v10.x doesn't support policy manifests) NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918 NOTE: Only affects users enabling experimental permissions option with --experimental-policy. NOTE: https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba NOTE: https://github.com/nodejs/node/commit/9b7db62276e4a9c97aedf91daf38bf7b7d23fee4 CVE-2023-23917 (A prototype pollution vulnerability exists in Rocket.Chat server <5.2. ...) NOT-FOR-US: Rocket.Chat CVE-2023-23916 (An allocation of resources without limits or throttling vulnerability ...) {DSA-5365-1 DLA-3341-1} - curl 7.88.1-1 (bug #1031371) NOTE: https://curl.se/docs/CVE-2023-23916.html NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0) NOTE: Fixed by: https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 (curl-7_88_0) CVE-2023-23915 (A cleartext transmission of sensitive information vulnerability exists ...) - curl 7.88.1-1 (bug #1031371) [bullseye] - curl (curl is not built with HSTS support) [buster] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2023-23915.html NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) NOTE: https://github.com/curl/curl/pull/10138 CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability exists ...) - curl 7.88.1-1 (bug #1031371) [bullseye] - curl (curl is not built with HSTS support) [buster] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2023-23914.html NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) NOTE: https://github.com/curl/curl/pull/10138 CVE-2023-23913 RESERVED {DSA-5389-1} - rails 2:6.1.7.3+dfsg-1 (bug #1033263) NOTE: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3) NOTE: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468 CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...) NOT-FOR-US: EdgeRouters CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...) NOT-FOR-US: open.rocket.chat CVE-2023-23900 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, I ...) NOT-FOR-US: WordPress plugin CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...) NOT-FOR-US: WordPress plugin CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...) NOT-FOR-US: WordPress plugin CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL Shortener by My ...) NOT-FOR-US: WordPress plugin CVE-2023-23895 RESERVED CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23893 RESERVED CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb R ...) NOT-FOR-US: WordPress plugin CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23888 RESERVED CVE-2023-23887 RESERVED CVE-2023-23886 RESERVED CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) NOT-FOR-US: WordPress plugin CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...) NOT-FOR-US: WordPress plugin CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force Ultimate Addon ...) NOT-FOR-US: WordPress plugin CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...) NOT-FOR-US: WordPress plugin CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...) NOT-FOR-US: WordPress plugin CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...) NOT-FOR-US: WordPress plugin CVE-2023-23877 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hima ...) NOT-FOR-US: WordPress plugin CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23872 RESERVED CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webd ...) NOT-FOR-US: WordPress plugin CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) NOT-FOR-US: WordPress plugin CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) NOT-FOR-US: WordPress plugin CVE-2023-23868 RESERVED CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...) NOT-FOR-US: WordPress plugin CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...) NOT-FOR-US: WordPress plugin CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...) NOT-FOR-US: WordPress plugin CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...) NOT-FOR-US: WordPress plugin CVE-2023-23550 (An OS command injection vulnerability exists in the ys_thirdparty user ...) NOT-FOR-US: Milesight UR32L CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooComm ...) NOT-FOR-US: WordPress plugin CVE-2023-0404 (The Events Made Easy plugin for WordPress is vulnerable to authorizati ...) NOT-FOR-US: Events Made Easy plugin for WordPress CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Social Warfare plugin for WordPress CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Social Warfare plugin for WordPress CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being verified ...) - openssl 3.0.8-1 [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3b6dfd70db844c4499bec6ad6601623a565e674 (openssl-3.0.8) CVE-2023-0400 (The protection bypass vulnerability in DLP for Windows 11.9.x is addre ...) NOT-FOR-US: DLP for Windows CVE-2023-0399 (The Image Over Image For WPBakery Page Builder WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2023-0398 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-23860 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) NOT-FOR-US: SAP CVE-2023-23859 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) NOT-FOR-US: SAP CVE-2023-23858 (Due to insufficient input validation, SAP NetWeaver AS for ABAP and AB ...) NOT-FOR-US: SAP CVE-2023-23857 (Due to missing authentication check, SAP NetWeaver AS for Java - versi ...) NOT-FOR-US: SAP CVE-2023-23856 (In SAP BusinessObjects Business Intelligence (Web Intelligence user in ...) NOT-FOR-US: SAP CVE-2023-23855 (SAP Solution Manager - version 720, allows an authenticated attacker t ...) NOT-FOR-US: SAP CVE-2023-23854 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) NOT-FOR-US: SAP CVE-2023-23853 (An unauthenticated attacker in AP NetWeaver Application Server for ABA ...) NOT-FOR-US: SAP CVE-2023-23852 (SAP Solution Manager (System Monitoring) - version 720, does not suffi ...) NOT-FOR-US: SAP CVE-2023-23851 (SAP Business Planning and Consolidation - versions 200, 300, allows an ...) NOT-FOR-US: SAP CVE-2023-23850 (A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 a ...) NOT-FOR-US: Jenkins plugin CVE-2023-23849 (Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an u ...) NOT-FOR-US: Coverity CVE-2023-23848 (Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 an ...) NOT-FOR-US: Jenkins plugin CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins ...) NOT-FOR-US: Jenkins plugin CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...) NOT-FOR-US: Open5GS CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to the Di ...) NOT-FOR-US: SolarWinds CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...) NOT-FOR-US: SolarWinds CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) NOT-FOR-US: SolarWinds CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...) NOT-FOR-US: SolarWinds CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...) NOT-FOR-US: SolarWinds CVE-2023-23837 (No exception handling vulnerability which revealed sensitive or excess ...) NOT-FOR-US: SolarWinds CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...) NOT-FOR-US: SolarWinds CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...) NOT-FOR-US: Zephyr CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...) NOT-FOR-US: Zephyr CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-0393 RESERVED CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used an unqu ...) NOT-FOR-US: Okta LDAP Agent Update service CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...) NOT-FOR-US: MGT-COMMERCE CVE-2022-48278 RESERVED CVE-2022-48277 RESERVED CVE-2022-48276 RESERVED CVE-2022-48275 RESERVED CVE-2022-48274 RESERVED CVE-2022-48273 RESERVED CVE-2022-48272 RESERVED CVE-2022-48271 RESERVED CVE-2022-48270 RESERVED CVE-2022-48269 RESERVED CVE-2015-10071 (A vulnerability was found in gitter-badger ezpublish-modern-legacy. It ...) NOT-FOR-US: gitter-badger ezpublish-modern-legacy CVE-2023-23835 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2023-23834 RESERVED CVE-2023-23833 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steve ...) NOT-FOR-US: WordPress plugin CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...) NOT-FOR-US: WordPress plugin CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...) NOT-FOR-US: WordPress plugin CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pier ...) NOT-FOR-US: WordPress plugin CVE-2023-23828 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...) NOT-FOR-US: WordPress plugin CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23825 RESERVED CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 versions.) NOT-FOR-US: WordPress plugin CVE-2023-23823 RESERVED CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludw ...) NOT-FOR-US: WordPress plugin CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rola ...) NOT-FOR-US: WordPress plugin CVE-2023-23818 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Avip ...) NOT-FOR-US: WordPress plugin CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...) NOT-FOR-US: WordPress plugin CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...) NOT-FOR-US: WordPress plugin CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23814 RESERVED CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) NOT-FOR-US: WordPress plugin CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...) NOT-FOR-US: WordPress plugin CVE-2023-23811 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil ...) NOT-FOR-US: WordPress plugin CVE-2023-23810 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) NOT-FOR-US: WordPress plugin CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mori ...) NOT-FOR-US: WordPress plugin CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Serg ...) NOT-FOR-US: WordPress plugin CVE-2023-23807 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumo ...) NOT-FOR-US: WordPress plugin CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in Davin ...) NOT-FOR-US: WordPress plugin CVE-2023-23805 RESERVED CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...) NOT-FOR-US: WordPress plugin CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTable ...) NOT-FOR-US: WordPress plugin CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) NOT-FOR-US: WordPress plugin CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...) NOT-FOR-US: WordPress plugin CVE-2023-23800 (Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Sh ...) NOT-FOR-US: WordPress plugin CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...) NOT-FOR-US: WordPress plugin CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...) NOT-FOR-US: WordPress plugin CVE-2023-23796 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder ...) NOT-FOR-US: WordPress plugin CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) NOT-FOR-US: WordPress plugin CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...) NOT-FOR-US: WordPress plugin CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly ...) NOT-FOR-US: WordPress plugin CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu p ...) NOT-FOR-US: WordPress plugin CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...) NOT-FOR-US: WordPress plugin CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...) NOT-FOR-US: WordPress plugin CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...) NOT-FOR-US: WordPress plugin CVE-2023-23787 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...) NOT-FOR-US: WordPress plugin CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...) NOT-FOR-US: WordPress plugin CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...) NOT-FOR-US: WordPress plugin CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...) NOT-FOR-US: FortiGuard CVE-2023-23783 (A use of externally-controlled format string in Fortinet FortiWeb vers ...) NOT-FOR-US: FortiGuard CVE-2023-23782 (A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 throug ...) NOT-FOR-US: FortiGuard CVE-2023-23781 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...) NOT-FOR-US: FortiGuard CVE-2023-23780 (A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 throu ...) NOT-FOR-US: FortiGuard CVE-2023-23779 (Multiple improper neutralization of special elements used in an OS Com ...) NOT-FOR-US: FortiGuard CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb version 7 ...) NOT-FOR-US: FortiGuard CVE-2023-23777 (An improper neutralization of special elements used in an OS command ( ...) NOT-FOR-US: Fortinet CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) NOT-FOR-US: Fortinet CVE-2023-23775 RESERVED CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 ...) - check-mk CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...) - check-mk CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...) - check-mk CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...) - check-mk CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...) - check-mk CVE-2023-22309 (Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Applianc ...) - check-mk CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...) - check-mk CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows ...) - check-mk CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and al ...) - check-mk CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2 NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4) CVE-2023-0390 RESERVED CVE-2023-0389 (The Calculated Fields Form WordPress plugin before 1.1.151 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2023-0387 REJECTED CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...) {DSA-5402-1 DLA-3446-1} - linux 6.1.11-1 NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6) CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Custom 404 Pro plugin for WordPress CVE-2023-0384 (User-controlled operations could have allowed Denial of Service in M-F ...) NOT-FOR-US: M-Files CVE-2023-0383 (User-controlled operations could have allowed Denial of Service in M-F ...) NOT-FOR-US: M-Files CVE-2023-0382 (User-controlled operations could have allowed Denial of Service in M-F ...) NOT-FOR-US: M-Files Server CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...) NOT-FOR-US: WordPress plugin CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0376 (The Qubely WordPress plugin before 1.8.5 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual Compose ...) NOT-FOR-US: WordPress plugin CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...) NOT-FOR-US: MyCMS CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP query h ...) - check-mk CVE-2022-46836 (PHP code injection in watolib auth.php and hosttags.php in Tribe29's C ...) - check-mk CVE-2022-46303 (Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, ...) - check-mk CVE-2022-46302 (Broad access controls could allow site users to directly interact with ...) - check-mk CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk b ...) - check-mk CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...) NOT-FOR-US: Zowe CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions Plugin ...) NOT-FOR-US: bastianallgeier Kirby Webmentions Plugin CVE-2015-10070 (A vulnerability was found in copperwall Twiddit. It has been rated as ...) NOT-FOR-US: copperwall Twiddit CVE-2015-10069 (A vulnerability was found in viakondratiuk cash-machine. It has been d ...) NOT-FOR-US: viakondratiuk cash-machine CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise-connect ...) NOT-FOR-US: Anant Labs google-enterprise-connect CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...) NOT-FOR-US: oktora24 2moons CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled ...) NOT-FOR-US: Motorola CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Th ...) NOT-FOR-US: Motorola CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update authentic ...) NOT-FOR-US: Motorola CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password. The Mot ...) NOT-FOR-US: Motorola CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor password. Th ...) NOT-FOR-US: Motorola CVE-2023-23769 RESERVED CVE-2023-23768 RESERVED CVE-2023-23767 REJECTED CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...) NOT-FOR-US: Facebook fizz CVE-2023-23758 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Joomla extension CVE-2023-23757 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Joomla extension CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Joomla addon CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...) NOT-FOR-US: Joomla! CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input ...) NOT-FOR-US: Joomla! CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) NOT-FOR-US: WordPress plugin CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0363 (The Scheduled Announcements Widget WordPress plugin before 1.0 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...) {DSA-5349-1 DLA-3321-1} - gnutls28 3.7.8-5 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1050 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a (3.8.0) NOTE: Code cleanup: https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558 (3.8.0) CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.) NOT-FOR-US: Zephyr CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355 NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b CVE-2023-0357 (Helpy version 2.8.0 allows an unauthenticated remote attacker to explo ...) NOT-FOR-US: Helpy CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...) NOT-FOR-US: SOCOMEC MODULYS GP Netvision CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...) NOT-FOR-US: Akuvox CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user authenticat ...) NOT-FOR-US: Akuvox CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored passwords and u ...) NOT-FOR-US: Akuvox CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed without authe ...) NOT-FOR-US: Akuvox CVE-2023-0351 (The Akuvox E11 web server backend library allows command injection in ...) NOT-FOR-US: Akuvox CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated with th ...) NOT-FOR-US: Akuvox CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access to the ...) NOT-FOR-US: Akuvox CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is enforced by t ...) NOT-FOR-US: Akuvox CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary identifie ...) NOT-FOR-US: Akuvox CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP connec ...) NOT-FOR-US: Akuvox CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...) NOT-FOR-US: Akuvox CVE-2023-0344 (Akuvox E11 appears to be using a custom version of dropbear SSH server ...) NOT-FOR-US: Akuvox E11 CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are then f ...) NOT-FOR-US: Akuvox E11 CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...) NOT-FOR-US: frioux ptome CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQ ...) NOT-FOR-US: Joomla! extension CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...) NOT-FOR-US: Joomla! CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...) NOT-FOR-US: Joomla! CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...) NOT-FOR-US: Joomla! CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerb ...) NOT-FOR-US: Joomla! extension CVE-2023-23748 RESERVED CVE-2023-23747 RESERVED CVE-2023-23746 RESERVED CVE-2023-23745 RESERVED CVE-2023-23744 RESERVED CVE-2023-23743 RESERVED CVE-2023-23742 RESERVED CVE-2023-23741 RESERVED CVE-2023-23740 RESERVED CVE-2023-23739 RESERVED CVE-2023-23738 RESERVED CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...) NOT-FOR-US: WordPress plugin CVE-2023-23736 RESERVED CVE-2023-23735 RESERVED CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) NOT-FOR-US: WordPress plugin CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...) NOT-FOR-US: WordPress plugin CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...) NOT-FOR-US: WordPress plugin CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...) NOT-FOR-US: WordPress plugin CVE-2023-23730 RESERVED CVE-2023-23729 RESERVED CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...) NOT-FOR-US: WordPress plugin CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...) NOT-FOR-US: WordPress plugin CVE-2023-23726 RESERVED CVE-2023-23725 RESERVED CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Ema ...) NOT-FOR-US: WordPress plugin CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) NOT-FOR-US: WordPress plugin CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) NOT-FOR-US: WordPress plugin CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...) NOT-FOR-US: David Gwyer Admin Log CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetR ...) NOT-FOR-US: WordPress plugin CVE-2023-23719 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...) NOT-FOR-US: Esstat17 CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...) NOT-FOR-US: WordPress plugin CVE-2023-23716 RESERVED CVE-2023-23715 RESERVED CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...) NOT-FOR-US: WordPress plugin CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...) NOT-FOR-US: WordPress plugin CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...) NOT-FOR-US: WordPress plugin CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...) NOT-FOR-US: A2 Hosting CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...) NOT-FOR-US: WordPress plugin CVE-2023-23709 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPres ...) NOT-FOR-US: WordPress plugin CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...) NOT-FOR-US: WordPress plugin CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixe ...) NOT-FOR-US: WordPress plugin CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23700 RESERVED CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...) NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) - editorconfig-core 0.12.6-0.1 [bullseye] - editorconfig-core (Minor issue) [buster] - editorconfig-core (Minor issue) NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87 NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e CVE-2023-0340 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access Management W ...) NOT-FOR-US: ForgeRock CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) NOT-FOR-US: lirantal/daloradius CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) NOT-FOR-US: lirantal/daloradius CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has C ...) NOT-FOR-US: WordPress plugin CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken acces ...) NOT-FOR-US: WordPress plugin CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2020-36654 (A vulnerability classified as problematic has been found in GENI Porta ...) NOT-FOR-US: GENI Portal CVE-2020-36653 (A vulnerability was found in GENI Portal. It has been rated as problem ...) NOT-FOR-US: GENI Portal CVE-2017-20173 (A vulnerability was found in AlexRed contentmap. It has been rated as ...) NOT-FOR-US: AlexRed contentmap CVE-2017-20172 (A vulnerability was found in ridhoq soundslike. It has been classified ...) NOT-FOR-US: ridhoq soundslike CVE-2015-10068 (A vulnerability classified as critical was found in danynab movify-j. ...) NOT-FOR-US: danynab movify-j CVE-2012-10006 (A vulnerability classified as critical has been found in ale7714 sigep ...) NOT-FOR-US: ale7714 CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been declared ...) NOT-FOR-US: iamdroppy phoenixcf CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...) NOT-FOR-US: simplesamlphp-module-openidprovider CVE-2023-XXXX [RUSTSEC-2022-0078] - rust-bumpalo 3.12.0-1 (bug #1032088) [bullseye] - rust-bumpalo (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111 CVE-2023-23698 (Dell Command | Update, Dell Update, and Alienware Update versions befo ...) NOT-FOR-US: Dell CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain ...) NOT-FOR-US: Dell CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...) NOT-FOR-US: Dell CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...) NOT-FOR-US: Dell CVE-2023-23694 (Dell VxRail versions earlier than 7.0.450, contain(s) an OS command in ...) NOT-FOR-US: Dell CVE-2023-23693 (Dell VxRail, versions prior to 7.0.450, contains an OS command injecti ...) NOT-FOR-US: Dell CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection ...) NOT-FOR-US: EMC CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...) NOT-FOR-US: EMC CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...) NOT-FOR-US: EMC CVE-2023-23689 (Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 ...) NOT-FOR-US: Dell CVE-2023-23688 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23687 (Auth.Stored Cross-Site Scripting (XSS) vulnerability inYoutube shortco ...) NOT-FOR-US: WordPress plugin CVE-2023-23686 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23685 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23684 (Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This iss ...) NOT-FOR-US: WordPress plugin CVE-2023-23683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan ...) NOT-FOR-US: WordPress plugin CVE-2023-23682 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) NOT-FOR-US: WordPress plugin CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...) NOT-FOR-US: WordPress plugin CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...) NOT-FOR-US: WordPress plugin CVE-2023-23678 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...) NOT-FOR-US: WordPress plugin CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...) NOT-FOR-US: WordPress plugin CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOL ...) NOT-FOR-US: WordPress plugin CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hari ...) NOT-FOR-US: WordPress plugin CVE-2023-23672 RESERVED CVE-2023-23671 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider ...) NOT-FOR-US: WordPress plugin CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team ...) NOT-FOR-US: WordPress plugin CVE-2023-23669 RESERVED CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23666 RESERVED CVE-2023-23665 RESERVED CVE-2023-23664 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23663 RESERVED CVE-2023-23662 RESERVED CVE-2023-23661 RESERVED CVE-2023-23660 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainW ...) NOT-FOR-US: WordPress plugin CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Exten ...) NOT-FOR-US: MainWP Matomo Extension CVE-2023-23658 RESERVED CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability in MainW ...) NOT-FOR-US: WordPress plugin CVE-2023-23655 RESERVED CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spar ...) NOT-FOR-US: WordPress plugin CVE-2023-23653 RESERVED CVE-2023-23652 RESERVED CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Googl ...) NOT-FOR-US: WordPress plugin CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2023-23649 (Deserialization of Untrusted Data vulnerability in MainWP MainWP Links ...) NOT-FOR-US: WordPress plugin CVE-2023-23648 RESERVED CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...) NOT-FOR-US: WordPress plugin CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gal ...) NOT-FOR-US: WordPress plugin CVE-2023-23645 RESERVED CVE-2023-23644 RESERVED CVE-2023-23643 RESERVED CVE-2023-23642 RESERVED CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23640 RESERVED CVE-2023-23639 RESERVED CVE-2023-23638 (A deserialization vulnerability existed when dubbo generic invoke, whi ...) NOT-FOR-US: Apache Dubbo CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...) NOT-FOR-US: WordPress plugin CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...) {DLA-3604-1} - qemu 1:8.0.2+dfsg-1 (bug #1029155) [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151 NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e49884a90987744ddb54b2fadc770633eb6a4d62 (v8.0.1) NOTE: See also generic re-entrancy ground work at https://gitlab.com/qemu-project/qemu/-/issues/556 CVE-2023-0329 (The Elementor Website Builder WordPress plugin before 3.12.2 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) NOT-FOR-US: Huawei CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi Automation Dire ...) NOT-FOR-US: Hitachi CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and classifi ...) NOT-FOR-US: youngerheart nodeserver CVE-2018-25077 (A vulnerability was found in melnaron mel-spintax. It has been rated a ...) NOT-FOR-US: melnaron mel-spintax CVE-2017-20171 (A vulnerability classified as critical has been found in PrivateSky ap ...) NOT-FOR-US: PrivateSky CVE-2015-10067 (A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has ...) NOT-FOR-US: oznetmaster SSharpSmartThreadPool CVE-2015-10066 (A vulnerability was found in tynx wuersch and classified as critical. ...) NOT-FOR-US: tynx wuersch CVE-2015-10065 (A vulnerability classified as critical was found in AenBleidd FiND. Th ...) NOT-FOR-US: AenBleidd FiND CVE-2014-125082 (A vulnerability was found in nivit redports. It has been declared as c ...) NOT-FOR-US: nivit redports CVE-2014-125081 (A vulnerability, which was classified as critical, has been found in r ...) NOT-FOR-US: risheesh debutsav CVE-2010-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil ...) NOT-FOR-US: lierdakil click-reminder CVE-2010-10006 (A vulnerability, which was classified as problematic, was found in mic ...) NOT-FOR-US: michaelliao jopenid CVE-2023-23637 (IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain te ...) NOT-FOR-US: IMPatienT CVE-2023-23636 (In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerabl ...) - jellyfin (bug #994189) CVE-2023-23635 (In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnera ...) - jellyfin (bug #994189) CVE-2023-23634 (SQL Injection vulnerability in Documize version 5.4.2, allows remote a ...) NOT-FOR-US: Documize CVE-2023-23633 RESERVED CVE-2023-23632 (BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x a ...) NOT-FOR-US: BeyondTrust Privileged Remote Access CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...) NOT-FOR-US: github.com/ipfs/go-unixfsnode CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...) NOT-FOR-US: Eta CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...) NOT-FOR-US: Metabase CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...) NOT-FOR-US: Metabase CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ...) - ruby-sanitize 6.0.0-1.1 (bug #1030047) [bullseye] - ruby-sanitize (Minor issue) [buster] - ruby-sanitize (Minor issue) NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7 NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1) CVE-2023-23626 (go-bitfield is a simple bitfield package for the go language aiming to ...) NOT-FOR-US: go-bitfield CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on top of an ...) NOT-FOR-US: go-unixfs CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-23623 (Electron is a framework which lets you write cross-platform desktop ap ...) - electron (bug #842420) CVE-2023-23622 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-23619 (Modelina is a library for generating data models based on inputs such ...) NOT-FOR-US: Modelina CVE-2023-23618 (Git for Windows is the Windows port of the revision control system Git ...) NOT-FOR-US: Git for Windows CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and ...) NOT-FOR-US: OpenMage LTS CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) NOT-FOR-US: Discourse CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable commen ...) NOT-FOR-US: Discourse CVE-2023-23614 (Pi-hole\xae's Web interface (based off of AdminLTE) provides a central ...) NOT-FOR-US: Pi-Hole CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...) - opensearch (bug #1054912) NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6 CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...) - opensearch (bug #1054912) NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-864v-6qj7-62qj CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...) NOT-FOR-US: LTI CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf NOTE: Only supported behind an authenticated HTTP zone CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API. In v ...) NOT-FOR-US: Spotipy CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...) NOT-FOR-US: Dasherr CVE-2023-23606 (Memory safety bugs present in Firefox 108. Some of these bugs showed e ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606 CVE-2023-23605 (Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605 CVE-2023-23604 (A duplicate SystemPrincipal object could be created when ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604 CVE-2023-23603 (Regular expressions used to filter out forbidden properties and values ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603 CVE-2023-23602 (A mishandled security check when creating a WebSocket in a WebWorker c ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602 CVE-2023-23601 (Navigations were being allowed when dragging a URL from a cross-origin ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601 CVE-2023-23600 (Per origin notification permissions were being stored in a way that di ...) - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23600 CVE-2023-23599 (When copying a network request from the developer tools panel as a cur ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23599 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599 CVE-2023-23598 (Due to the Firefox GTK wrapper code's use of text/plain for drag data ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 109.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598 CVE-2023-23597 (A compromised web child process could disable web security opening res ...) - firefox 109.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23597 CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate privil ...) NOT-FOR-US: WordPress plugin CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...) NOT-FOR-US: saemorris TheRadSystem CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...) NOT-FOR-US: GitLab DAST API scanner CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker to expl ...) NOT-FOR-US: Uvdesk CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2023-0322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: UNIS CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...) NOT-FOR-US: Campbell CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: UBYS CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0318 RESERVED CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateM ...) NOT-FOR-US: Secomea CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...) NOT-FOR-US: Sisimai CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified ...) NOT-FOR-US: ollpu parontalli CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated as crit ...) NOT-FOR-US: nickzren alsdb CVE-2015-10064 (A vulnerability was found in VictorFerraresi pokemon-database-php. It ...) NOT-FOR-US: pokemon-database-php CVE-2015-10063 (A vulnerability was found in saemorris TheRadSystem and classified as ...) NOT-FOR-US: saemorris TheRadSystem CVE-2015-10062 (A vulnerability, which was classified as problematic, was found in gal ...) NOT-FOR-US: galaxy-data-resource CVE-2015-10061 (A vulnerability was found in evandro-machado Trabalho-Web2. It has bee ...) NOT-FOR-US: Trabalho-Web2. CVE-2015-10060 (A vulnerability was found in MNBikeways database and classified as cri ...) NOT-FOR-US: MNBikeways CVE-2015-10059 (A vulnerability has been found in s134328 Webapplication-Veganguide an ...) NOT-FOR-US: Webapplication-Veganguide CVE-2015-10058 (A vulnerability, which was classified as problematic, was found in Wik ...) NOT-FOR-US: Wikisource Category Browser CVE-2013-10013 (A vulnerability was found in Bricco Authenticator Plugin. It has been ...) NOT-FOR-US: Bricco Authenticator Plugin CVE-2023-0316 (Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor pr ...) - froxlor (bug #581792) CVE-2023-0315 (Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.) - froxlor (bug #581792) CVE-2023-0314 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-0313 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0312 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0311 (Improper Authentication in GitHub repository thorsten/phpmyfaq prior t ...) NOT-FOR-US: phpmyfaq CVE-2023-0310 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0309 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0308 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0307 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2023-0306 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2022-4890 (A vulnerability, which was classified as critical, has been found in a ...) NOT-FOR-US: abhilash1985 PredictApp CVE-2021-4313 (A vulnerability was found in NethServer phonenehome. It has been rated ...) NOT-FOR-US: NethServer phonenehome CVE-2018-25076 (A vulnerability classified as critical was found in Events Extension o ...) NOT-FOR-US: BigTree CMS addon CVE-2016-15020 (A vulnerability was found in liftkit database up to 2.13.1. It has bee ...) NOT-FOR-US: liftkit database CVE-2015-10057 (A vulnerability was found in Little Apps Little Software Stats. It has ...) NOT-FOR-US: Little Apps Little Software Stats CVE-2015-10056 (A vulnerability was found in 2071174A vinylmap. It has been classified ...) NOT-FOR-US: 2071174A vinylmap CVE-2015-10055 (A vulnerability was found in PictureThisWebServer and classified as cr ...) NOT-FOR-US: PictureThisWebServer CVE-2015-10054 (A vulnerability, which was classified as critical, was found in githui ...) NOT-FOR-US: P2Manage CVE-2015-10053 (A vulnerability classified as critical has been found in prodigasistem ...) NOT-FOR-US: prodigasistemas curupira CVE-2014-125080 (A vulnerability has been found in frontaccounting faplanet and classif ...) NOT-FOR-US: frontaccounting faplanet CVE-2013-10012 (A vulnerability, which was classified as critical, was found in antonb ...) NOT-FOR-US: antonbolling clan7ups CVE-2010-10005 REJECTED CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. W ...) NOT-FOR-US: jc21 NGINX Proxy Manager CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) NOT-FOR-US: BlueCat Device Registration Portal CVE-2023-23594 (An authentication bypass vulnerability in the web client interface for ...) NOT-FOR-US: CL4NX printer CVE-2023-23593 RESERVED CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...) NOT-FOR-US: WALLIX Access Manager CVE-2023-23591 (The Logback component in Terminalfour before 8.3.14.1 allows OS admini ...) NOT-FOR-US: Terminalfour CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) - radare2 5.9.0+dfsg-1 (bug #1029037) NOTE: https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e/ NOTE: https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/a ...) NOT-FOR-US: Alf.io CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-even ...) NOT-FOR-US: Alf.io CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify prior t ...) NOT-FOR-US: Publify CVE-2022-4889 (A vulnerability classified as critical was found in visegripped Strack ...) NOT-FOR-US: Stracker CVE-2018-25075 (A vulnerability classified as critical has been found in karsany OBrid ...) NOT-FOR-US: OBridge CVE-2016-15019 (A vulnerability was found in tombh jekbox. It has been rated as proble ...) NOT-FOR-US: jekbox CVE-2016-15018 (A vulnerability was found in krail-jpa up to 0.9.1. It has been classi ...) NOT-FOR-US: krail-jpa CVE-2015-10052 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: gibb-modul-151 CVE-2015-10051 (A vulnerability, which was classified as critical, has been found in b ...) NOT-FOR-US: bony2023 Discussion-Board CVE-2015-10050 (A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. ...) NOT-FOR-US: miRNA_Database_by_PHP_MySql CVE-2015-10049 (A vulnerability was found in Overdrive Eletr\xf4nica course-builder up ...) NOT-FOR-US: Overdrive Eletronica course-builder CVE-2015-10048 (A vulnerability was found in bmattoso desafio_buzz_woody. It has been ...) NOT-FOR-US: desafio_buzz_woody CVE-2015-10047 (A vulnerability was found in KYUUBl school-register. It has been class ...) NOT-FOR-US: KYUUBl school-register CVE-2015-10046 (A vulnerability has been found in lolfeedback and classified as critic ...) NOT-FOR-US: lolfeedback CVE-2015-10045 (A vulnerability, which was classified as critical, was found in tutran ...) NOT-FOR-US: tutrantta project_todolist CVE-2015-10044 (A vulnerability classified as critical was found in gophergala sqldump ...) NOT-FOR-US: gophergala sqldump CVE-2014-125079 (A vulnerability was found in agy pontifex.http. It has been declared a ...) NOT-FOR-US: pontifex.http CVE-2014-125078 (A vulnerability was found in yanheven console and classified as proble ...) NOT-FOR-US: yanheven console CVE-2014-125077 (A vulnerability, which was classified as critical, has been found in p ...) NOT-FOR-US: pointhi searx_stats CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers ...) NOT-FOR-US: Mercedes-Benz CVE-2023-0298 (Incorrect Authorization in GitHub repository firefly-iii/firefly-iii p ...) NOT-FOR-US: firefly-iii CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...) - pyload (bug #1001980) CVE-2023-0296 (The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) ...) NOT-FOR-US: OpenShift CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Launchpad plugin for WordPress CVE-2023-0294 (The Mediamatic \u2013 Media Library Folders plugin for WordPress is vu ...) NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress CVE-2023-0293 (The Mediamatic \u2013 Media Library Folders plugin for WordPress is vu ...) NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress CVE-2017-20169 (A vulnerability, which was classified as critical, has been found in G ...) NOT-FOR-US: GGGGGGGG ToN-MasterServer CVE-2015-10043 (A vulnerability, which was classified as critical, was found in abreen ...) NOT-FOR-US: abreen Apollo CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: Dovgalyuk AIBattle CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) NOT-FOR-US: Dovgalyuk AIBattle CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...) NOT-FOR-US: gitlearn CVE-2023-23588 (A vulnerability has been identified in SIMATIC IPC1047 (All versions), ...) NOT-FOR-US: Siemens CVE-2023-23587 RESERVED CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible to le ...) {DLA-3349-1} - linux 5.14.6-1 [bullseye] - linux 5.10.162-1 [buster] - linux (Vulnerable code not present) NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 NOTE: Unclear if this is just a duplicate of CVE-2023-0240. Track it NOTE: as different for now. The only CVE record references available NOTE: are identical, but with different description of the issue. CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Quiz And Survey Master plugin for WordPress CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to authorizatio ...) NOT-FOR-US: Quiz And Survey Master for WordPress CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter ...) NOT-FOR-US: Rapid7 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...) NOT-FOR-US: craigk5n/webcalendar CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3 NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189) NOTE: Crash in CLI tool, no security impact CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...) NOT-FOR-US: ityouknow favorites-web CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...) {DSA-5343-1 DLA-3325-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (OpenSSL_1_1_1t) CVE-2023-0285 (The Real Media Library WordPress plugin before 4.18.29 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...) - check-mk CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Flight Booking Management System CVE-2023-0282 (The YourChannel WordPress plugin before 1.2.2 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...) NOT-FOR-US: SourceCodester Online Flight Booking Management System CVE-2023-0280 (The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...) NOT-FOR-US: WordPress plugin CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...) NOT-FOR-US: WordPress plugin CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-0269 REJECTED CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3. ...) NOT-FOR-US: WordPress plugin CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress plugin throu ...) NOT-FOR-US: WordPress plugin CVE-2022-4888 (The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned C ...) NOT-FOR-US: WordPress plugin CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: Th3-822 Rapidleech CVE-2009-10002 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: dpup fittr-flickr CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...) NOT-FOR-US: jianlinwei cool-php-captcha CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...) {DSA-5320-1 DLA-3286-1} - tor 0.4.7.13-1 NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...) NOT-FOR-US: Axigen CVE-2023-23565 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23564 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23563 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) NOT-FOR-US: Geomatika IsiGeo Web CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...) NOT-FOR-US: Lexmark CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.11-1 [bullseye] - linux 5.10.178-1 NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/ CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...) - eternal-terminal (bug #861635) CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties prior to ...) NOT-FOR-US: Facebook Hermes CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to commit a6dc ...) NOT-FOR-US: Facebook Hermes CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...) NOT-FOR-US: F5 BIG-IP CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting ...) NOT-FOR-US: Control By Web X-400 devices CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...) NOT-FOR-US: F5 BIG-IP CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are vulnerable to co ...) NOT-FOR-US: Control By Web X-600M devices CVE-2023-23543 (The issue was addressed with additional restrictions on the observabil ...) NOT-FOR-US: Apple CVE-2023-23542 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-23541 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23539 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-23536 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-23535 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23534 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-23533 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-23532 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-23531 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23530 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23529 (A type confusion issue was addressed with improved checks. This issue ...) {DSA-5352-1 DSA-5351-1 DLA-3320-1} - webkit2gtk 2.38.5-1 - wpewebkit 2.38.5-1 NOTE: https://webkitgtk.org/security/WSA-2023-0002.html CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-23527 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on files downl ...) NOT-FOR-US: Apple CVE-2023-23525 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2023-23524 (A denial-of-service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2023-23523 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2023-23522 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple CVE-2023-23521 RESERVED CVE-2023-23520 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2023-23519 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2023-23518 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5341-1 DSA-5340-1 DLA-3308-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0001.html CVE-2023-23517 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5341-1 DSA-5340-1 DLA-3308-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0001.html CVE-2023-23516 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23515 RESERVED CVE-2023-23514 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-23513 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-23512 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2023-23511 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23510 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2023-23509 RESERVED CVE-2023-23508 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23507 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2023-23506 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2023-23505 (A privacy issue was addressed with improved private data redaction for ...) NOT-FOR-US: Apple CVE-2023-23504 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23503 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-23502 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2023-23501 (The issue was addressed with improved memory handling This issue is fi ...) NOT-FOR-US: Apple CVE-2023-23500 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23499 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2023-23498 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-23497 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2023-23495 (A permissions issue was addressed with improved redaction of sensitive ...) NOT-FOR-US: Apple CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...) NOT-FOR-US: F5 CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22374 (A format string vulnerability exists in iControl SOAP that allows an a ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vu ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22341 (On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when th ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) NOT-FOR-US: F5 CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22287 REJECTED CVE-2023-22284 REJECTED CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...) NOT-FOR-US: F5 BIG-IP CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) NOT-FOR-US: F5 BIG-IP CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.7-1 NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...) NOT-FOR-US: Uvdesk CVE-2023-0264 (A flaw was found in Keycloaks OpenID Connect user authentication, whic ...) NOT-FOR-US: Keycloak CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2023-0261 (The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0260 (The WP Review Slider WordPress plugin before 12.2 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2023-0259 (The WP Google Review Slider WordPress plugin before 11.8 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) NOT-FOR-US: SourceCodester CVE-2022-48260 (There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. ...) NOT-FOR-US: Huawei CVE-2022-48259 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...) NOT-FOR-US: Huawei CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...) - eternal-terminal (bug #861635) CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...) - eternal-terminal (bug #861635) CVE-2022-48256 (Technitium DNS Server before 10.0 allows a self-CNAME denial-of-servic ...) NOT-FOR-US: Technitium DNS Server CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of the Nim ...) - nim 1.6.2-1 [bullseye] - nim (Minor issue) [buster] - nim (Minor issue) NOTE: https://github.com/nim-lang/Nim/pull/19134 NOTE: https://github.com/nim-lang/Nim/commit/9338aa24977e84a33b9a7802eaff0777fcf4d9c3 CVE-2023-23492 (The Login with Phone Number WordPress Plugin, version < 1.4.2, is affe ...) NOT-FOR-US: WordPress plugin CVE-2023-23491 (The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected ...) NOT-FOR-US: WordPress plugin CVE-2023-23490 (The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an ...) NOT-FOR-US: WordPress plugin CVE-2023-23489 (The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0. ...) NOT-FOR-US: WordPress plugin CVE-2023-23488 (The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affecte ...) NOT-FOR-US: WordPress plugin CVE-2023-23487 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2023-23486 RESERVED CVE-2023-23485 RESERVED CVE-2023-23484 RESERVED CVE-2023-23483 RESERVED CVE-2023-23482 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allo ...) NOT-FOR-US: IBM CVE-2023-23481 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) NOT-FOR-US: IBM CVE-2023-23480 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) NOT-FOR-US: IBM CVE-2023-23479 RESERVED CVE-2023-23478 RESERVED CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...) NOT-FOR-US: IBM CVE-2023-23476 (IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnera ...) NOT-FOR-US: IBM CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2023-23474 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) NOT-FOR-US: IBM CVE-2023-23472 RESERVED CVE-2023-23471 RESERVED CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged a ...) NOT-FOR-US: IBM CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...) NOT-FOR-US: IBM CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) NOT-FOR-US: IBM CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...) NOT-FOR-US: Media CP Media Control Panel CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...) NOT-FOR-US: Media CP Media Control Panel CVE-2023-23465 (Media CP Media Control Panel latest version. CSRF possible through uns ...) NOT-FOR-US: Media CP Media Control Panel CVE-2023-23464 (Media CP Media Control Panel latest version. A Permissive Flash Cross- ...) NOT-FOR-US: Media CP Media Control Panel CVE-2023-23463 (Sunell DVR, latest version, Insufficiently Protected Credentials (CWE- ...) NOT-FOR-US: Sunell DVR CVE-2023-23462 (Libpeconv \u2013 integer overflow, before commit 75b1565 (30/11/2022).) NOT-FOR-US: libpeconv CVE-2023-23461 (Libpeconv \u2013 access violation, before commit b076013 (30/11/2022).) NOT-FOR-US: libpeconv CVE-2023-23460 (Priority Web version 19.1.0.68, parameter manipulation on an unspecifi ...) NOT-FOR-US: Priority Web CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection using a ...) NOT-FOR-US: Priority Windows CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...) NOT-FOR-US: Sunell DVR CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...) - upx-ucl 4.2.2-1 (unimportant; bug #1031874) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382 NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 (v4.0.2) NOTE: https://github.com/upx/upx/issues/631 CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...) - upx-ucl 4.2.2-1 (bug #1033258) [bullseye] - upx-ucl (Minor issue) [buster] - upx-ucl (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381 NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 (v4.0.2) NOTE: https://github.com/upx/upx/issues/632 CVE-2023-0255 (The Enable Media Replace WordPress plugin before 4.0.2 does not preven ...) NOT-FOR-US: WordPress plugin CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vulnerabl ...) NOT-FOR-US: Simple Membership WP user Import plugin for WordPress CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin for ...) NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress CVE-2023-0252 (The Contextual Related Posts WordPress plugin before 3.3.1 does not va ...) NOT-FOR-US: WordPress plugin CVE-2023-0251 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics CVE-2023-0248 (An attacker with physical access to the Kantech Gen1 ioSmart card read ...) NOT-FOR-US: Kantech CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...) NOT-FOR-US: bits-and-blooms/bloom CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...) NOT-FOR-US: earclink ESPCMS CVE-2023-0245 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Online Flight Booking Management System CVE-2023-0244 (A vulnerability classified as critical was found in TuziCMS 2.0.6. Thi ...) NOT-FOR-US: TuziCMS CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS 2.0.6 ...) NOT-FOR-US: TuziCMS CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...) NOT-FOR-US: Rapid7 CVE-2023-0241 (pgAdmin 4 versions prior to v6.19 contains a directory traversal vulne ...) - pgadmin4 (bug #834129) CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...) {DLA-3349-1} - linux 5.14.6-1 [bullseye] - linux 5.10.162-1 [buster] - linux (Vulnerable code not present) NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 CVE-2023-0239 RESERVED CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client (<=6.29) for ...) NOT-FOR-US: WARP Mobile Client CVE-2023-0237 REJECTED CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0235 REJECTED CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user input f ...) NOT-FOR-US: WordPress plugin CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0230 (The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4887 RESERVED CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-system and ...) NOT-FOR-US: aeharding classroom-engagement-system CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...) NOT-FOR-US: manikandan170890 php-form-builder-class CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.7-1 NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.7-1 NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...) NOT-FOR-US: SICK CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...) NOT-FOR-US: SICK CVE-2023-23451 (The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNE ...) NOT-FOR-US: SICK CVE-2023-23450 (Use of Password Hash Instead of Password for Authentication in SICK FT ...) NOT-FOR-US: SICK CVE-2023-23449 (Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Part ...) NOT-FOR-US: SICK CVE-2023-23448 (Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLO ...) NOT-FOR-US: SICK CVE-2023-23447 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...) NOT-FOR-US: SICK CVE-2023-23446 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers ...) NOT-FOR-US: SICK CVE-2023-23445 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers ...) NOT-FOR-US: SICK CVE-2023-23444 (Missing Authentication for Critical Function in SICK Flexi Classic and ...) NOT-FOR-US: SICK CVE-2023-23443 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-23442 (Some Honor products are affected by type confusion vulnerability, succ ...) NOT-FOR-US: Honor CVE-2023-23441 (Some Honor products are affected by out of bounds read vulnerability, ...) NOT-FOR-US: Honor CVE-2023-23440 (Some Honor products are affected by information leak vulnerability, su ...) NOT-FOR-US: Honor CVE-2023-23439 (Some Honor products are affected by information leak vulnerability, su ...) NOT-FOR-US: Honor CVE-2023-23438 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-23437 (Some Honor products are affected by information leak vulnerability, su ...) NOT-FOR-US: Honor CVE-2023-23436 (Some Honor products are affected by signature management vulnerability ...) NOT-FOR-US: Honor CVE-2023-23435 (Some Honor products are affected by signature management vulnerability ...) NOT-FOR-US: Honor CVE-2023-23434 (Some Honor products are affected by information leak vulnerability, su ...) NOT-FOR-US: Honor CVE-2023-23433 (Some Honor products are affected by signature management vulnerability ...) NOT-FOR-US: Honor CVE-2023-23432 (Some Honor products are affected by signature management vulnerability ...) NOT-FOR-US: Honor CVE-2023-23431 (Some Honor products are affected by signature management vulnerability ...) NOT-FOR-US: Honor CVE-2023-23430 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-23429 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-23428 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-23427 (Some Honor products are affected by incorrect privilege assignment vul ...) NOT-FOR-US: Honor CVE-2023-23426 (Some Honor products are affected by file writing vulnerability, succes ...) NOT-FOR-US: Honor CVE-2023-23425 RESERVED CVE-2023-23424 (Some Honor products are affected by file writing vulnerability, succes ...) NOT-FOR-US: Honor CVE-2023-23423 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23422 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23421 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23420 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23419 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-23418 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-23417 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-23416 (Windows Cryptographic Services Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23415 (Internet Control Message Protocol (ICMP) Remote Code Execution Vulnera ...) NOT-FOR-US: Microsoft CVE-2023-23414 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2023-23413 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-23412 (Windows Accounts Picture Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23411 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23410 (Windows HTTP.sys Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23409 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2023-23408 (Azure Apache AmbariSpoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23407 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2023-23406 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-23405 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23404 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-23403 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-23402 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23401 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23400 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23399 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23398 (Microsoft Excel Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23396 (Microsoft Excel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23395 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23394 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2023-23393 (Windows BrokerInfrastructure Service Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-23392 (HTTP Protocol Stack Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23391 (Office for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23390 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23389 (Microsoft Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23388 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23387 RESERVED CVE-2023-23386 RESERVED CVE-2023-23385 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Pri ...) NOT-FOR-US: Microsoft CVE-2023-23384 (Microsoft SQL Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23383 (Service Fabric Explorer Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23382 (Azure Machine Learning Compute Instance Information Disclosure Vulnera ...) NOT-FOR-US: Microsoft CVE-2023-23381 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23380 RESERVED CVE-2023-23379 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23378 (Print 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23377 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23376 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...) NOT-FOR-US: QNAP CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...) NOT-FOR-US: QNAP CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...) NOT-FOR-US: QNAP CVE-2023-23369 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-23368 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-23367 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...) NOT-FOR-US: QNAP CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...) NOT-FOR-US: QNAP CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP CVE-2023-23362 (An OS command injection vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2023-23361 RESERVED CVE-2023-23360 RESERVED CVE-2023-23359 RESERVED CVE-2023-23358 RESERVED CVE-2023-23357 RESERVED CVE-2023-23356 RESERVED CVE-2023-23355 (An OS command injection vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2023-23354 RESERVED CVE-2023-23353 RESERVED CVE-2023-23352 RESERVED CVE-2023-23351 RESERVED CVE-2023-23350 RESERVED CVE-2023-23349 (Kaspersky has fixed a security issue in Kaspersky Password Manager (KP ...) NOT-FOR-US: Kaspersky CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...) NOT-FOR-US: OpenShift CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+ Operatio ...) NOT-FOR-US: ABB CVE-2023-0227 (Insufficient Session Expiration in GitHub repository pyload/pyload pri ...) - pyload (bug #1001980) CVE-2023-0226 RESERVED CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostName a ...) - samba 2:4.17.7+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html CVE-2023-0224 (The GiveWP WordPress plugin before 2.24.1 does not properly escape use ...) NOT-FOR-US: WordPress plugin CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with `log_format` di ...) NOT-FOR-US: Kubernetes ingress-nginx CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...) NOT-FOR-US: Huawei CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0.49(M0 ...) NOT-FOR-US: Huawei CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a ...) NOT-FOR-US: HCL CVE-2023-23347 (HCL DRYiCE iAutomate is affected by the use of a broken cryptographic ...) NOT-FOR-US: HCL CVE-2023-23346 (HCL DRYiCE MyCloud is affected by the use of a broken cryptographic al ...) NOT-FOR-US: HCL CVE-2023-23345 RESERVED CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an ...) NOT-FOR-US: BigFix CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...) NOT-FOR-US: BigFix CVE-2023-23342 (If certain local files are manipulated in a certain manner, the valida ...) NOT-FOR-US: HCL CVE-2023-23341 RESERVED CVE-2023-23340 RESERVED CVE-2023-23339 RESERVED CVE-2023-23338 RESERVED CVE-2023-23337 RESERVED CVE-2023-23336 RESERVED CVE-2023-23335 RESERVED CVE-2023-23334 RESERVED CVE-2023-23333 (There is a command injection vulnerability in SolarView Compact throug ...) NOT-FOR-US: SolarView CVE-2023-23332 RESERVED CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...) NOT-FOR-US: Amano Xoffice CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...) NOT-FOR-US: amano Xparc parking solutions CVE-2023-23329 RESERVED CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...) NOT-FOR-US: AvantFAX CVE-2023-23327 (An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Back ...) NOT-FOR-US: AvantFAX CVE-2023-23326 (A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3 ...) NOT-FOR-US: AvantFAX CVE-2023-23325 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...) NOT-FOR-US: Zumtobel Netlink CCD Onboard CVE-2023-23324 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...) NOT-FOR-US: Zumtobel Netlink CCD Onboard CVE-2023-23323 RESERVED CVE-2023-23322 RESERVED CVE-2023-23321 RESERVED CVE-2023-23320 RESERVED CVE-2023-23319 RESERVED CVE-2023-23318 RESERVED CVE-2023-23317 RESERVED CVE-2023-23316 RESERVED CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a Blind SQ ...) NOT-FOR-US: PrestaShop CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...) NOT-FOR-US: Zdir CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Draytek CVE-2023-23312 RESERVED CVE-2023-23311 RESERVED CVE-2023-23310 RESERVED CVE-2023-23309 RESERVED CVE-2023-23308 RESERVED CVE-2023-23307 RESERVED CVE-2023-23306 (The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 ...) NOT-FOR-US: CIQ API CVE-2023-23305 (The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is v ...) NOT-FOR-US: GarminOS TVM component in CIQ API CVE-2023-23304 (The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allo ...) NOT-FOR-US: GarminOS TVM component in CIQ API CVE-2023-23303 (The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API ...) NOT-FOR-US: CIQ API CVE-2023-23302 (The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API vers ...) NOT-FOR-US: CIQ API CVE-2023-23301 (The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1 ...) NOT-FOR-US: CIQ API CVE-2023-23300 (The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API vers ...) NOT-FOR-US: CIQ API CVE-2023-23299 (The permission system implemented and enforced by the GarminOS TVM com ...) NOT-FOR-US: CIQ API CVE-2023-23298 (The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API ...) NOT-FOR-US: CIQ API CVE-2023-23297 RESERVED CVE-2023-23296 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vu ...) NOT-FOR-US: JetWave CVE-2023-23295 (Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...) NOT-FOR-US: JetWave CVE-2023-23294 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...) NOT-FOR-US: JetWave CVE-2023-23293 RESERVED CVE-2023-23292 RESERVED CVE-2023-23291 RESERVED CVE-2023-23290 RESERVED CVE-2023-23289 RESERVED CVE-2023-23288 RESERVED CVE-2023-23287 RESERVED CVE-2023-23286 (Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows ...) NOT-FOR-US: Provide server CVE-2023-23285 RESERVED CVE-2023-23284 RESERVED CVE-2023-23283 RESERVED CVE-2023-23282 RESERVED CVE-2023-23281 RESERVED CVE-2023-23280 RESERVED CVE-2023-23279 (Canteen Management System 1.0 is vulnerable to SQL Injection via /php_ ...) NOT-FOR-US: Canteen Management System CVE-2023-23278 RESERVED CVE-2023-23277 (Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote ...) NOT-FOR-US: Snippet-box CVE-2023-23276 RESERVED CVE-2023-23275 RESERVED CVE-2023-23274 RESERVED CVE-2023-23273 RESERVED CVE-2023-23272 RESERVED CVE-2023-23271 RESERVED CVE-2023-23270 RESERVED CVE-2023-23269 RESERVED CVE-2023-23268 RESERVED CVE-2023-23267 RESERVED CVE-2023-23266 RESERVED CVE-2023-23265 RESERVED CVE-2023-23264 RESERVED CVE-2023-23263 RESERVED CVE-2023-23262 RESERVED CVE-2023-23261 RESERVED CVE-2023-23260 RESERVED CVE-2023-23259 RESERVED CVE-2023-23258 RESERVED CVE-2023-23257 RESERVED CVE-2023-23256 RESERVED CVE-2023-23255 RESERVED CVE-2023-23254 RESERVED CVE-2023-23253 RESERVED CVE-2023-23252 RESERVED CVE-2023-23251 RESERVED CVE-2023-23250 RESERVED CVE-2023-23249 RESERVED CVE-2023-23248 RESERVED CVE-2023-23247 RESERVED CVE-2023-23246 RESERVED CVE-2023-23245 RESERVED CVE-2023-23244 RESERVED CVE-2023-23243 RESERVED CVE-2023-23242 RESERVED CVE-2023-23241 RESERVED CVE-2023-23240 RESERVED CVE-2023-23239 RESERVED CVE-2023-23238 RESERVED CVE-2023-23237 RESERVED CVE-2023-23236 RESERVED CVE-2023-23235 RESERVED CVE-2023-23234 RESERVED CVE-2023-23233 RESERVED CVE-2023-23232 RESERVED CVE-2023-23231 RESERVED CVE-2023-23230 RESERVED CVE-2023-23229 RESERVED CVE-2023-23228 RESERVED CVE-2023-23227 RESERVED CVE-2023-23226 RESERVED CVE-2023-23225 RESERVED CVE-2023-23224 RESERVED CVE-2023-23223 RESERVED CVE-2023-23222 RESERVED CVE-2023-23221 RESERVED CVE-2023-23220 RESERVED CVE-2023-23219 RESERVED CVE-2023-23218 RESERVED CVE-2023-23217 RESERVED CVE-2023-23216 RESERVED CVE-2023-23215 RESERVED CVE-2023-23214 RESERVED CVE-2023-23213 RESERVED CVE-2023-23212 RESERVED CVE-2023-23211 RESERVED CVE-2023-23210 RESERVED CVE-2023-23209 RESERVED CVE-2023-23208 (Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable ...) NOT-FOR-US: Genesys Administrator Extension (GAX) CVE-2023-23207 RESERVED CVE-2023-23206 RESERVED CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory leak in ...) NOT-FOR-US: lib60870 CVE-2023-23204 RESERVED CVE-2023-23203 RESERVED CVE-2023-23202 RESERVED CVE-2023-23201 RESERVED CVE-2023-23200 RESERVED CVE-2023-23199 RESERVED CVE-2023-23198 RESERVED CVE-2023-23197 RESERVED CVE-2023-23196 RESERVED CVE-2023-23195 RESERVED CVE-2023-23194 RESERVED CVE-2023-23193 RESERVED CVE-2023-23192 (IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass ...) NOT-FOR-US: IS Decisions UserLock MFA CVE-2023-23191 RESERVED CVE-2023-23190 RESERVED CVE-2023-23189 RESERVED CVE-2023-23188 RESERVED CVE-2023-23187 RESERVED CVE-2023-23186 RESERVED CVE-2023-23185 RESERVED CVE-2023-23184 RESERVED CVE-2023-23183 RESERVED CVE-2023-23182 RESERVED CVE-2023-23181 RESERVED CVE-2023-23180 RESERVED CVE-2023-23179 RESERVED CVE-2023-23178 RESERVED CVE-2023-23177 RESERVED CVE-2023-23176 RESERVED CVE-2023-23175 RESERVED CVE-2023-23174 RESERVED CVE-2023-23173 RESERVED CVE-2023-23172 RESERVED CVE-2023-23171 RESERVED CVE-2023-23170 RESERVED CVE-2023-23169 (Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and serve ...) NOT-FOR-US: Synapsoft pdfocus CVE-2023-23168 RESERVED CVE-2023-23167 RESERVED CVE-2023-23166 RESERVED CVE-2023-23165 RESERVED CVE-2023-23164 RESERVED CVE-2023-23163 (Art Gallery Management System Project v1.0 was discovered to contain a ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23162 (Art Gallery Management System Project v1.0 was discovered to contain a ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23161 (A reflected cross-site scripting (XSS) vulnerability in Art Gallery Ma ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23160 RESERVED CVE-2023-23159 RESERVED CVE-2023-23158 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23157 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23156 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23155 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...) NOT-FOR-US: Art Gallery Management System Project CVE-2023-23154 RESERVED CVE-2023-23153 RESERVED CVE-2023-23152 RESERVED CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deleti ...) NOT-FOR-US: bloofoxCMS CVE-2023-23150 (SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to ...) NOT-FOR-US: SA-WR915ND CVE-2023-23149 (DEK-1705 <=Firmware:34.23.1 device was discovered to have a command ex ...) NOT-FOR-US: DEK-1705 CVE-2023-23148 RESERVED CVE-2023-23147 RESERVED CVE-2023-23146 RESERVED CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 CVE-2023-23142 RESERVED CVE-2023-23141 RESERVED CVE-2023-23140 RESERVED CVE-2023-23139 RESERVED CVE-2023-23138 RESERVED CVE-2023-23137 RESERVED CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file deletion vuln ...) NOT-FOR-US: lmxcms CVE-2023-23135 (An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attacker ...) NOT-FOR-US: ftdms CVE-2023-23134 RESERVED CVE-2023-23133 RESERVED CVE-2023-23132 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclos ...) NOT-FOR-US: Selfwealth CVE-2023-23131 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transpor ...) NOT-FOR-US: Selfwealth CVE-2023-23130 (Connectwise Automate 2022.11 is vulnerable to Cleartext authentication ...) NOT-FOR-US: Connectwise CVE-2023-23129 RESERVED CVE-2023-23128 (Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Reso ...) NOT-FOR-US: Connectwise CVE-2023-23127 (In Connectwise Control 22.8.10013.8329, the login page does not implem ...) NOT-FOR-US: Connectwise CVE-2023-23126 (Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login ...) NOT-FOR-US: Connectwise CVE-2023-23125 RESERVED CVE-2023-23124 RESERVED CVE-2023-23123 RESERVED CVE-2023-23122 RESERVED CVE-2023-23121 RESERVED CVE-2023-23120 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...) NOT-FOR-US: TRENDnet CVE-2023-23119 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...) NOT-FOR-US: TRENDnet CVE-2023-23118 RESERVED CVE-2023-23117 RESERVED CVE-2023-23116 RESERVED CVE-2023-23115 RESERVED CVE-2023-23114 RESERVED CVE-2023-23113 RESERVED CVE-2023-23112 RESERVED CVE-2023-23111 RESERVED CVE-2023-23110 (An exploitable firmware modification vulnerability was discovered in c ...) NOT-FOR-US: Netgear CVE-2023-23109 (In crasm 1.8-3, invalid input validation, specific files passed to the ...) - crasm (unimportant) NOTE: https://github.com/colinbourassa/crasm/pull/7 NOTE: Crash in CLI tool, no security impact CVE-2023-23108 (In crasm 1.8-3, invalid input validation, specific files passed to the ...) - crasm (unimportant) NOTE: https://github.com/colinbourassa/crasm/pull/7 NOTE: Crash in CLI tool, no security impact CVE-2023-23107 RESERVED CVE-2023-23106 RESERVED CVE-2023-23105 RESERVED CVE-2023-23104 RESERVED CVE-2023-23103 RESERVED CVE-2023-23102 RESERVED CVE-2023-23101 RESERVED CVE-2023-23100 RESERVED CVE-2023-23099 RESERVED CVE-2023-23098 RESERVED CVE-2023-23097 RESERVED CVE-2023-23096 RESERVED CVE-2023-23095 RESERVED CVE-2023-23094 RESERVED CVE-2023-23093 RESERVED CVE-2023-23092 RESERVED CVE-2023-23091 RESERVED CVE-2023-23090 RESERVED CVE-2023-23089 RESERVED CVE-2023-0222 RESERVED CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3.4 al ...) NOT-FOR-US: Trellix CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0218 RESERVED CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...) - openssl 3.0.8-1 [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8) CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an applic ...) - openssl 3.0.8-1 [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8) CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...) {DSA-5343-1 DLA-3325-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c3829dd8825c654652201e16f8a0a0c46ee3f344 (OpenSSL_1_1_1t) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f040f2577891d2bdb7610566c172233844cf673a (OpenSSL_1_1_1t) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd (openssl-3.0.8) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f596ec8a6f9f5fcfa8e46a73b60f78a609725294 (openssl-3.0.8) NOTE: https://www.openwall.com/lists/oss-security/2023/03/03/1 CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...) NOT-FOR-US: Skyhigh SWG CVE-2023-0213 (Elevation of privilege issue in M-Files Installer versions before 22.6 ...) NOT-FOR-US: M-Files CVE-2023-0212 (The Advanced Recent Posts WordPress plugin through 0.6.14 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-0211 RESERVED CVE-2022-4885 (A vulnerability has been found in sviehb jefferson up to 0.3 and class ...) NOT-FOR-US: sviehb jefferson CVE-2020-36650 (A vulnerability, which was classified as critical, was found in Ionica ...) NOT-FOR-US: gry nodejs module CVE-2020-36649 (A vulnerability was found in mholt PapaParse up to 5.1.x. It has been ...) - mediawiki 1:1.39.4-1 (unimportant) [bookworm] - mediawiki 1:1.39.4-1~deb12u1 [bullseye] - mediawiki 1:1.35.11-1~deb11u1 [buster] - mediawiki (Vulnerable code not present) NOTE: MediaWiki embeds a copy, but negligible security impact NOTE: https://phabricator.wikimedia.org/T326946 NOTE: https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621 (5.2.0) NOTE: Fixed in MediaWiki 1.35.10 / 1.38.6 / 1.39.3 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/ CVE-2018-25074 (A vulnerability was found in Prestaul skeemas and classified as proble ...) NOT-FOR-US: Prestaul skeemas CVE-2018-25073 (A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1. ...) NOT-FOR-US: Newcomer1989 TSN-Ranksystem CVE-2017-20168 (A vulnerability was found in jfm-so piWallet. It has been rated as cri ...) NOT-FOR-US: jfm-so piWallet CVE-2015-10039 (A vulnerability was found in dobos domino. It has been rated as critic ...) NOT-FOR-US: dobos domino CVE-2015-10038 (A vulnerability was found in nym3r0s pplv2. It has been declared as cr ...) NOT-FOR-US: nym3r0s pplv2 CVE-2014-125076 (A vulnerability was found in NoxxieNl Criminals. It has been classifie ...) NOT-FOR-US: NoxxieNl Criminals CVE-2014-125075 (A vulnerability was found in gmail-servlet and classified as critical. ...) NOT-FOR-US: gmail-servlet CVE-2014-125074 (A vulnerability was found in Nayshlok Voyager. It has been declared as ...) NOT-FOR-US: Nayshlok Voyager CVE-2013-10010 (A vulnerability classified as problematic has been found in zerochplus ...) NOT-FOR-US: zerochplus CVE-2023-23088 (Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1 ...) NOT-FOR-US: Barenboim json-parser CVE-2023-23087 (An issue was found in MojoJson v1.2.3 allows attackers to execute arbi ...) NOT-FOR-US: MojoJson CVE-2023-23086 (Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to ...) NOT-FOR-US: MojoJson CVE-2023-23085 RESERVED CVE-2023-23084 RESERVED CVE-2023-23083 RESERVED CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Software up ...) {DLA-3712-1} - kodi 2:20.0+dfsg-2 (bug #1031048) [bullseye] - kodi (Minor issue) NOTE: https://github.com/xbmc/xbmc/issues/22377 NOTE: https://github.com/xbmc/xbmc/commit/00fec1dbdd1df827872c7b55ad93059636dfc076 NOTE: https://github.com/xbmc/xbmc/commit/7e5f9fbf9aaa3540aab35e7504036855b23dcf60 NOTE: https://github.com/xbmc/xbmc/pull/22380 CVE-2023-23081 RESERVED CVE-2023-23080 (Certain Tenda products are vulnerable to command injection. This affec ...) NOT-FOR-US: Tenda CVE-2023-23079 RESERVED CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) NOT-FOR-US: Zoho CVE-2023-23077 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) NOT-FOR-US: Zoho CVE-2023-23076 (OS Command injection vulnerability in Support Center Plus 11 via Execu ...) NOT-FOR-US: Zoho CVE-2023-23075 (Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 vi ...) NOT-FOR-US: Zoho CVE-2023-23074 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) NOT-FOR-US: Zoho CVE-2023-23073 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) NOT-FOR-US: Zoho CVE-2023-23072 RESERVED CVE-2023-23071 RESERVED CVE-2023-23070 RESERVED CVE-2023-23069 RESERVED CVE-2023-23068 RESERVED CVE-2023-23067 RESERVED CVE-2023-23066 RESERVED CVE-2023-23065 RESERVED CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...) NOT-FOR-US: TOTOLINK CVE-2023-23063 (Cellinx NVT v1.0.6.002b was discovered to contain a local file disclos ...) NOT-FOR-US: Cellinx NVT CVE-2023-23062 RESERVED CVE-2023-23061 RESERVED CVE-2023-23060 RESERVED CVE-2023-23059 (An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 ...) NOT-FOR-US: GeoVision GV-Edge Recording Manager CVE-2023-23058 RESERVED CVE-2023-23057 RESERVED CVE-2023-23056 RESERVED CVE-2023-23055 RESERVED CVE-2023-23054 RESERVED CVE-2023-23053 RESERVED CVE-2023-23052 RESERVED CVE-2023-23051 RESERVED CVE-2023-23050 RESERVED CVE-2023-23049 RESERVED CVE-2023-23048 RESERVED CVE-2023-23047 RESERVED CVE-2023-23046 RESERVED CVE-2023-23045 RESERVED CVE-2023-23044 RESERVED CVE-2023-23043 RESERVED CVE-2023-23042 RESERVED CVE-2023-23041 RESERVED CVE-2023-23040 (TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 ...) NOT-FOR-US: TP-Link CVE-2023-23039 (An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers ...) - linux (unimportant) NOTE: https://lore.kernel.org/lkml/20230102010528.2868403-1-yoochan1026@gmail.com/ NOTE: CONFIG_VCC depends on CONFIG_SUN_LDOMS, which is SPARC64 only CVE-2023-23038 RESERVED CVE-2023-23037 RESERVED CVE-2023-23036 RESERVED CVE-2023-23035 RESERVED CVE-2023-23034 RESERVED CVE-2023-23033 RESERVED CVE-2023-23032 RESERVED CVE-2023-23031 RESERVED CVE-2023-23030 RESERVED CVE-2023-23029 RESERVED CVE-2023-23028 RESERVED CVE-2023-23027 RESERVED CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...) NOT-FOR-US: Sourcecodester CVE-2023-23025 RESERVED CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2023-23023 RESERVED CVE-2023-23022 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 e ...) NOT-FOR-US: sourcecodester oretnom23 employee's payroll management system CVE-2023-23021 (Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 p ...) NOT-FOR-US: sourcecodester oretnom23 pos point sale system CVE-2023-23020 RESERVED CVE-2023-23019 (Cross site scripting (XSS) vulnerability in file main.php in sourcecod ...) NOT-FOR-US: sourcecodester oretnom23 Blog Site CVE-2023-23018 RESERVED CVE-2023-23017 RESERVED CVE-2023-23016 RESERVED CVE-2023-23015 (Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username ...) NOT-FOR-US: Kalkun CVE-2023-23014 (Cross Site Scripting (XSS) vulnerability in InventorySystem thru commi ...) NOT-FOR-US: InventorySystem CVE-2023-23013 RESERVED CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...) NOT-FOR-US: craigrodway classroombookings CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...) NOT-FOR-US: InvoicePlane CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2023-23009 (Libreswan 4.9 allows remote attackers to cause a denial of service (as ...) {DSA-5368-1} - libreswan 4.9-2 (bug #1031821) [buster] - libreswan (3.x not vulnerable) NOTE: https://github.com/libreswan/libreswan/issues/954 NOTE: https://libreswan.org/security/CVE-2023-23009/CVE-2023-23009.txt CVE-2023-23008 RESERVED CVE-2023-23007 (An issue was discovered in ESPCMS P8.21120101 after logging in to the ...) NOT-FOR-US: ESPCMS CVE-2023-23006 (In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5 ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerble code not present) NOTE: https://git.kernel.org/linus/6b8b42585886c59a008015083282aae434349094 (5.16-rc8) CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the al ...) - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerble code not present) NOTE: https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1) CVE-2023-23004 (In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c m ...) {DLA-3404-1} - linux 5.19.6-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/15342f930ebebcfe36f2415049736a77d7d2e045 (5.19-rc1) CVE-2023-23003 (In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check ...) - linux 5.16.7-1 (unimportant) NOTE: https://git.kernel.org/linus/0a515a06c5ebfa46fee3ac519e418f801e718da4 (5.16-rc6) NOTE: Negligible security impact CVE-2023-23002 (In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinte ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6845667146a28c09b5dfc401c1ad112374087944 (5.17-rc1) CVE-2023-23001 (In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c mis ...) - linux 5.16.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3ba880a12df5aa4488c18281701b5b1bc3d4531a CVE-2023-23000 (In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles t ...) - linux 5.17.3-1 (unimportant) NOTE: https://git.kernel.org/linus/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f NOTE: Negligible security impact CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misint ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b52fe2dbb3e655eb1483000adfab68a219549e13 CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...) {DLA-3404-1} - linux 6.0.3-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/c24968734abfed81c8f93dc5f44a7b7a9aecadfa (6.0-rc1) NOTE: https://git.kernel.org/linus/64b88afbd92fbf434759d1896a7cf705e1c00e79 (6.0-rc1) CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterp ...) - linux 6.1.4-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/45af1d7aae7d5520d2858f8517a1342646f015db CVE-2023-22996 (In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does n ...) - linux 5.17.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4b41a9d0fe3db5f91078a380f62f0572c3ecf2dd CVE-2023-22995 (In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_regis ...) - linux 5.17.3-1 (unimportant) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2 NOTE: This is a one-time resource leak in device probe, not a security issue CVE-2023-22994 RESERVED CVE-2023-22993 RESERVED CVE-2023-22992 RESERVED CVE-2023-22991 RESERVED CVE-2023-22990 RESERVED CVE-2023-22989 RESERVED CVE-2023-22988 RESERVED CVE-2023-22987 RESERVED CVE-2023-22986 RESERVED CVE-2023-22985 (Sourcecodester Simple Guestbook Management System version 1 is vulnera ...) NOT-FOR-US: Sourcecodester Simple Guestbook Management System CVE-2023-22984 (A Vulnerability was discovered in Axis 207W network camera. There is a ...) NOT-FOR-US: Axis 207W network camera CVE-2023-22983 RESERVED CVE-2023-22982 RESERVED CVE-2023-22981 RESERVED CVE-2023-22980 RESERVED CVE-2023-22979 RESERVED CVE-2023-22978 RESERVED CVE-2023-22977 RESERVED CVE-2023-22976 RESERVED CVE-2023-22975 (A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows ...) NOT-FOR-US: jfinal_cms CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthe ...) NOT-FOR-US: OpenEMR CVE-2023-22973 (A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new. ...) NOT-FOR-US: OpenEMR CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interface/form ...) NOT-FOR-US: OpenEMR CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...) NOT-FOR-US: Hughes CVE-2023-22970 (Bottles before 51.0 mishandles YAML load, which allows remote code exe ...) NOT-FOR-US: Bottles CVE-2023-22969 RESERVED CVE-2023-22968 RESERVED CVE-2023-22967 RESERVED CVE-2023-22966 RESERVED CVE-2023-22965 RESERVED CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13 ...) NOT-FOR-US: Zoho ManageEngine CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...) NOT-FOR-US: Dart language (different from src:dart) CVE-2023-22962 RESERVED CVE-2023-22961 RESERVED CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of Interacti ...) NOT-FOR-US: Lexmark CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.ph ...) NOT-FOR-US: WebChess CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...) NOT-FOR-US: Syracom Secure Login plugin CVE-2023-22957 (An issue was discovered in libac_des3.so on AudioCodes VoIP desk phone ...) NOT-FOR-US: AudioCodes VoIP desk phones CVE-2023-22956 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...) NOT-FOR-US: AudioCodes VoIP desk phones CVE-2023-22955 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...) NOT-FOR-US: AudioCodes VoIP desk phones CVE-2023-22954 RESERVED CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be achieve ...) NOT-FOR-US: ExpressionEngine CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...) NOT-FOR-US: SugarCRM CVE-2023-22951 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It ...) NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22950 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Dat ...) NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22949 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22948 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) NOT-FOR-US: TigerGraph Enterprise Free Edition CVE-2023-22947 (Insecure folder permissions in the Windows installation path of Shibbo ...) - shibboleth-sp (Windows-specific) CVE-2023-22946 (In Apache Spark versions prior to 3.4.0, applications using spark-subm ...) - apache-spark (bug #802194) CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...) NOT-FOR-US: GrowthExperiments extension for MediaWiki CVE-2023-22944 RESERVED CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk Clo ...) NOT-FOR-US: Splunk CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross ...) NOT-FOR-US: Splunk CVE-2023-22941 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an impr ...) NOT-FOR-US: Splunk CVE-2023-22940 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases ...) NOT-FOR-US: Splunk CVE-2023-22939 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) NOT-FOR-US: Splunk CVE-2023-22938 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) NOT-FOR-US: Splunk CVE-2023-22937 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the loo ...) NOT-FOR-US: Splunk CVE-2023-22936 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) NOT-FOR-US: Splunk CVE-2023-22935 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) NOT-FOR-US: Splunk CVE-2023-22934 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) NOT-FOR-US: Splunk CVE-2023-22933 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View ...) NOT-FOR-US: Splunk CVE-2023-22932 (In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cros ...) NOT-FOR-US: Splunk CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018creat ...) NOT-FOR-US: Splunk CVE-2023-22930 RESERVED CVE-2023-22929 RESERVED CVE-2023-22928 RESERVED CVE-2023-22927 RESERVED CVE-2023-22926 RESERVED CVE-2023-22925 RESERVED CVE-2023-22656 RESERVED CVE-2023-22433 RESERVED CVE-2023-22426 RESERVED CVE-2023-22423 RESERVED CVE-2023-22420 RESERVED CVE-2023-22364 RESERVED CVE-2023-22352 RESERVED CVE-2023-22343 RESERVED CVE-2023-22328 RESERVED CVE-2023-22289 RESERVED CVE-2023-0209 (NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, ...) NOT-FOR-US: NVIDIA DGX-1 SBIOS CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...) NOT-FOR-US: NVIDIA DCGM for Linux CVE-2023-0207 (NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modi ...) NOT-FOR-US: NVIDIA DGX-2 SBIOS CVE-2023-0206 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...) NOT-FOR-US: NVIDIA DGX A100 SBIOS CVE-2023-0205 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2023-0204 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2023-0203 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) NOT-FOR-US: NVIDIA CVE-2023-0202 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...) NOT-FOR-US: NVIDIA CVE-2023-0201 (NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with ...) NOT-FOR-US: NVIDIA CVE-2023-0200 (NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high p ...) NOT-FOR-US: NVIDIA CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...) [experimental] - nvidia-cuda-toolkit 12.1.0-1 - nvidia-cuda-toolkit (unimportant; bug #1032668) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446 NOTE: Crash in CLI tool, no security impact CVE-2023-0195 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0194 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...) [experimental] - nvidia-cuda-toolkit 12.1.0-1 - nvidia-cuda-toolkit (unimportant; bug #1032668) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446 NOTE: Crash in CLI tool, no security impact CVE-2023-0192 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0189 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0188 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0187 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0183 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers (non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2023-0181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a kern ...) - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 - nvidia-graphics-drivers-tesla-418 (bug #1033777) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx (bug #1033776) [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1033775) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) [bullseye] - nvidia-graphics-drivers 470.182.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...) {DSA-5324-1 DLA-3349-1} - linux 6.1.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2 NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/ CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-0177 (The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.4 ...) NOT-FOR-US: WordPress plugin CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...) NOT-FOR-US: WordPress plugin CVE-2023-0175 (The Responsive Clients Logo Gallery Plugin for WordPress plugin throug ...) NOT-FOR-US: WordPress plugin CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 ...) NOT-FOR-US: WordPress plugin CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...) NOT-FOR-US: WordPress plugin CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0167 (The GetResponse for WordPress plugin through 5.5.31 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2023-0165 (The Cost Calculator WordPress plugin through 1.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) NOT-FOR-US: OrangeScrum CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...) NOT-FOR-US: Nostromo webserver CVE-2022-48252 (The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote ...) NOT-FOR-US: jokob-sk/Pi.Alert CVE-2015-10037 (A vulnerability, which was classified as critical, was found in ACI_Es ...) NOT-FOR-US: ACI_Escola CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...) NOT-FOR-US: kylebebak dronfelipe CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It ...) NOT-FOR-US: backdrop-contrib Basic Cart CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...) NOT-FOR-US: Zyxel CVE-2023-22923 (A format string vulnerability in a binary of the Zyxel NBG-418N v2 fir ...) NOT-FOR-US: Zyxel CVE-2023-22922 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...) NOT-FOR-US: Zyxel CVE-2023-22921 (A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 fi ...) NOT-FOR-US: Zyxel CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel LTE3316- ...) NOT-FOR-US: Zyxel CVE-2023-22919 (The post-authentication command injection vulnerability in the Zyxel N ...) NOT-FOR-US: Zyxel CVE-2023-22918 (A post-authentication information exposure vulnerability in the CGI pr ...) NOT-FOR-US: Zyxel CVE-2023-22917 (A buffer overflow vulnerability in the \u201csdwan_iface_ipc\u201d bin ...) NOT-FOR-US: Zyxel CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions 5.10 th ...) NOT-FOR-US: Zyxel CVE-2023-22915 (A buffer overflow vulnerability in the \u201cfbwifi_forward.cgi\u201d ...) NOT-FOR-US: Zyxel CVE-2023-22914 (A path traversal vulnerability in the \u201caccount_print.cgi\u201d CG ...) NOT-FOR-US: Zyxel CVE-2023-22913 (A post-authentication command injection vulnerability in the \u201cacc ...) NOT-FOR-US: Zyxel CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) NOT-FOR-US: MediaWiki extension Widgets CVE-2023-22910 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) NOT-FOR-US: MediaWiki extension WikiBase CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) NOT-FOR-US: MediaWiki extension MobileFrontend CVE-2023-22908 RESERVED CVE-2023-0210 (A bug affects the Linux kernel\u2019s ksmbd NTLMv2 authentication and ...) - linux 6.1.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/797805d81baa814f76cf7bdab35f86408a79d707 NOTE: https://www.openwall.com/lists/oss-security/2023/01/04/1 CVE-2023-0163 RESERVED CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: CPO Companion plugin for WordPress CVE-2023-0161 REJECTED CVE-2023-0160 (A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. Th ...) - linux NOTE: https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/ CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...) NOT-FOR-US: NLnet Labs Krill CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-0152 (The WP Multi Store Locator WordPress plugin through 2.4 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0150 (The Cloak Front End Email WordPress plugin before 1.9.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0149 (The WordPrezi WordPress plugin before 0.9 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0148 (The Gallery Factory Lite WordPress plugin through 2.0.0 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0147 (The Flexible Captcha WordPress plugin through 4.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2023-0145 (The Saan World Clock WordPress plugin through 1.8 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...) NOT-FOR-US: Minichan CVE-2016-15017 (A vulnerability has been found in fabarea media_upload on TYPO3 and cl ...) NOT-FOR-US: fabarea media_upload CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated as crit ...) NOT-FOR-US: mapoor voteapp CVE-2023-22907 RESERVED CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with roo ...) NOT-FOR-US: Hero Qubo CVE-2023-22905 RESERVED CVE-2023-22904 RESERVED CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...) NOT-FOR-US: LibrePhotos CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...) NOT-FOR-US: Openfind Mail2000 CVE-2023-22901 (ChangingTec MOTP system has a path traversal vulnerability. A remote a ...) NOT-FOR-US: ChangingTec MOTP CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) NOT-FOR-US: Efence CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) - zip4j 2.11.2-3 (bug #1029038) [bullseye] - zip4j (Minor issue) NOTE: https://github.com/srikanth-lingala/zip4j/issues/485 NOTE: https://github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3 CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...) NOT-FOR-US: Pandora CVE-2023-22897 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...) NOT-FOR-US: SecurePoint UTM CVE-2023-22896 RESERVED CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...) - rust-bzip2 0.4.4-1 (bug #1029158) [bullseye] - rust-bzip2 (Minor issue) [buster] - rust-bzip2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) CVE-2023-22894 (Strapi through 4.5.5 allows attackers (with access to the admin panel) ...) NOT-FOR-US: Strapi CVE-2023-22893 (Strapi through 4.5.5 does not verify the access or ID tokens issued du ...) NOT-FOR-US: Strapi CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...) NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...) NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated user ...) NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...) NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22888 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-22887 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2023-22886 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow JDBC Provider CVE-2023-22885 REJECTED CVE-2023-22884 (Improper Neutralization of Special Elements used in a Command ('Comman ...) - airflow (bug #819700) CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...) NOT-FOR-US: WordPress plugin CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup Management Fu ...) NOT-FOR-US: Synology CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0140 (Inappropriate implementation in in File System API in Google Chrome on ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0139 (Insufficient validation of untrusted input in Downloads in Google Chro ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0138 (Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0 ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0137 (Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS pr ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0136 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0135 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0134 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0133 (Inappropriate implementation in in Permission prompts in Google Chrome ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0132 (Inappropriate implementation in in Permission prompts in Google Chrome ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0131 (Inappropriate implementation in in iframe Sandbox in Google Chrome pri ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0130 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0129 (Heap buffer overflow in Network Service in Google Chrome prior to 109. ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...) {DSA-5317-1} - chromium 109.0.5414.74-1 [buster] - chromium (see DSA 5046) CVE-2023-0127 (A command injection vulnerability in the firmware_update command, in t ...) NOT-FOR-US: Tenable CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000 firmware ve ...) NOT-FOR-US: SonicWall CVE-2023-0125 (A vulnerability was found in Control iD Gerencia Web 1.30. It has been ...) NOT-FOR-US: Control iD Panel CVE-2023-0124 (Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2023-0123 (Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2022-48251 (The AES instructions on the ARMv8 platform do not have an algorithm th ...) NOT-FOR-US: ARM hardware design issue CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows ...) NOT-FOR-US: Phoenix.HTML CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated with the in ...) NOT-FOR-US: Ecto CVE-2015-10035 (A vulnerability was found in gperson angular-test-reporter and classif ...) NOT-FOR-US: angular-test-reporter CVE-2015-10034 (A vulnerability has been found in j-nowak workout-organizer and classi ...) NOT-FOR-US: j-nowak workout-organizer CVE-2015-10033 (A vulnerability, which was classified as problematic, was found in jvv ...) NOT-FOR-US: jvvlee MerlinsBoard CVE-2014-125072 (A vulnerability classified as critical has been found in CherishSin kl ...) NOT-FOR-US: CherishSin CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...) NOT-FOR-US: lukehutch Gribbit CVE-2023-22883 (Zoom Client for IT Admin Windows installers before version 5.13.5 cont ...) NOT-FOR-US: Zoom CVE-2023-22882 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...) NOT-FOR-US: Zoom CVE-2023-22881 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...) NOT-FOR-US: Zoom CVE-2023-22880 (Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows ...) NOT-FOR-US: Zoom CVE-2023-22879 RESERVED CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials in plai ...) NOT-FOR-US: IBM CVE-2023-22877 (IBM InfoSphere Information Server 11.7 is potentially vulnerable to CS ...) NOT-FOR-US: IBM CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) NOT-FOR-US: IBM CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...) NOT-FOR-US: IBM CVE-2023-22874 (IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial ...) NOT-FOR-US: IBM CVE-2023-22873 RESERVED CVE-2023-22872 RESERVED CVE-2023-22871 RESERVED CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext w ...) NOT-FOR-US: IBM CVE-2023-22869 (IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive inf ...) NOT-FOR-US: IBM CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2023-22867 RESERVED CVE-2023-22866 RESERVED CVE-2023-22865 RESERVED CVE-2023-22864 RESERVED CVE-2023-22863 (IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP ...) NOT-FOR-US: IBM CVE-2023-22862 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authenti ...) NOT-FOR-US: IBM CVE-2023-22861 RESERVED CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) NOT-FOR-US: IBM CVE-2023-22859 RESERVED CVE-2023-22459 RESERVED CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...) - linux (Vulnerable code not present in any released Debian version) CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...) - gitlab 15.10.8+ds1-2 CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-0119 (A stored Cross-site scripting vulnerability was found in foreman. The ...) - foreman (bug #663101) CVE-2023-0118 (An arbitrary code execution flaw was found in Foreman. This flaw allow ...) - foreman (bug #663101) CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1 ...) - check-mk CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...) {DLA-3459-1} - libxpm 1:3.5.12-1.1 [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15) NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15) CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...) NOT-FOR-US: Kaltura CVE-2022-48250 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48249 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48248 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48247 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48246 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48245 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48244 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48243 (In audio service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48242 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48241 (In telephony service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-48240 (In camera driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-48239 (In camera driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-48238 (In Image filter, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48237 (In Image filter, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: Unisoc CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-48234 (In FM service , there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-48233 (In FM service , there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-48232 (In FM service , there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-48231 (In soter service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) NOT-FOR-US: Huawei CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...) {DLA-3459-1} - libxpm 1:3.5.12-1.1 [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15) CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...) {DLA-3459-1} - libxpm 1:3.5.12-1.1 [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb287c0030c9913b046643 (libXpm-3.5.15) NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (libXpm-3.5.15) CVE-2021-4311 (A vulnerability classified as problematic was found in Talend Open Stu ...) NOT-FOR-US: Talend CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been ...) NOT-FOR-US: 01-Scripts 01-Artikelsystem CVE-2017-20165 (A vulnerability classified as problematic has been found in debug-js d ...) - node-debug 3.1.0-1 NOTE: https://github.com/debug-js/debug/pull/504 NOTE: https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685 CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared as pr ...) NOT-FOR-US: HealthMateWeb CVE-2010-10004 (A vulnerability was found in Information Cards Module on simpleSAMLphp ...) NOT-FOR-US: Information Cards Module CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...) NOT-FOR-US: BlogEngine.NET CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...) NOT-FOR-US: BlogEngine.NET CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...) NOT-FOR-US: BlogEngine.NET CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks strict ...) NOT-FOR-US: Huawei CVE-2023-0116 (The reminder module lacks an authentication mechanism for broadcasts r ...) NOT-FOR-US: Huawei CVE-2023-0115 REJECTED CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...) NOT-FOR-US: CapsAdmin PAC3 CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: 01-Scripts 01ACP CVE-2021-4308 (A vulnerability was found in WebPA up to 3.1.1. It has been rated as c ...) NOT-FOR-US: WebPA CVE-2020-36648 (A vulnerability, which was classified as critical, was found in pouetn ...) NOT-FOR-US: pouetnet pouet CVE-2020-36647 (A vulnerability classified as critical has been found in YunoHost-Apps ...) NOT-FOR-US: YunoHost-Apps CVE-2019-25100 (A vulnerability was found in happyman twmap. It has been declared as c ...) NOT-FOR-US: happyman twmap CVE-2018-25072 (A vulnerability classified as critical has been found in lojban jbovla ...) NOT-FOR-US: lojban jbovlaste CVE-2016-15016 (A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0 ...) NOT-FOR-US: mrtnmtth joomla_mod_einsatz_stats CVE-2016-15015 (A vulnerability, which was classified as problematic, was found in via ...) NOT-FOR-US: viafintech Barzahlen Payment Module PHP SDK CVE-2015-10031 (A vulnerability classified as critical was found in purpleparrots 491- ...) NOT-FOR-US: purpleparrots 491-Project CVE-2015-10030 (A vulnerability has been found in SUKOHI Surpass and classified as cri ...) NOT-FOR-US: SUKOHI Surpass CVE-2014-125070 (A vulnerability has been found in yanheven console and classified as p ...) NOT-FOR-US: yanheven console CVE-2014-125069 (A vulnerability was found in saxman maps-js-icoads. It has been classi ...) NOT-FOR-US: saxman maps-js-icoads CVE-2014-125068 (A vulnerability was found in saxman maps-js-icoads and classified as c ...) NOT-FOR-US: saxman maps-js-icoads CVE-2014-125067 (A vulnerability classified as critical was found in corincerami curios ...) NOT-FOR-US: corincerami CVE-2014-125066 (A vulnerability was found in emmflo yuko-bot. It has been declared as ...) NOT-FOR-US: emmflo yuko-bot CVE-2007-10002 (A vulnerability, which was classified as critical, has been found in w ...) NOT-FOR-US: web-cyradm CVE-2023-22855 (Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code executio ...) NOT-FOR-US: Kardex CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 ...) NOT-FOR-US: Mitel CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...) - tikiwiki CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to tiki-importe ...) - tikiwiki CVE-2023-22851 (Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php P ...) - tikiwiki CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib ...) - tikiwiki CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has ...) NOT-FOR-US: Yomguithereal Baobab CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea ...) {DLA-3290-1} - libzen 0.4.39-1 [bullseye] - libzen 0.4.38-1+deb11u1 NOTE: https://github.com/MediaArea/ZenLib/pull/119 NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39) CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...) NOT-FOR-US: Symbiote Seed CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 1.x on own ...) NOT-FOR-US: CESNET theme-cesnet CVE-2016-15013 (A vulnerability was found in ForumHulp searchresults. It has been rate ...) NOT-FOR-US: ForumHulp CVE-2015-10029 (A vulnerability classified as problematic was found in kelvinmo simple ...) NOT-FOR-US: kelvinmo CVE-2014-125065 (A vulnerability, which was classified as critical, was found in john52 ...) NOT-FOR-US: bottle-auth CVE-2014-125064 REJECTED CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified as crit ...) NOT-FOR-US: DrAzraelTod pyChao CVE-2023-22849 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Apache Sling CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) NOT-FOR-US: Netis Netcore Router CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. It has ...) NOT-FOR-US: Netis Netcore Router CVE-2022-4880 (A vulnerability was found in stakira OpenUtau. It has been classified ...) NOT-FOR-US: stakira OpenUtau CVE-2022-48229 RESERVED CVE-2021-4306 (A vulnerability classified as problematic has been found in cronvel te ...) NOT-FOR-US: Node terminal-kit CVE-2020-36645 (A vulnerability, which was classified as critical, was found in square ...) NOT-FOR-US: square squalor CVE-2020-36644 (A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 a ...) NOT-FOR-US: jamesmartin Inline SVG CVE-2018-25071 (A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been ...) NOT-FOR-US: roxlukas LMeve CVE-2018-25070 (A vulnerability has been found in polterguy Phosphorus Five up to 8.2 ...) NOT-FOR-US: polterguy Phosphorus Five CVE-2018-25069 (A vulnerability classified as critical has been found in Netis Netcore ...) NOT-FOR-US: Netis Netcore Router CVE-2016-15012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotc ...) NOT-FOR-US: SalesforceMobileSDK-Windows CVE-2015-10028 (A vulnerability has been found in ss15-this-is-sparta and classified a ...) NOT-FOR-US: ss15-this-is-sparta CVE-2015-10027 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: hydrian TTRSS-Auth-LDAP CVE-2015-10026 (A vulnerability was found in tiredtyrant flairbot. It has been declare ...) NOT-FOR-US: tiredtyrant flairbot CVE-2015-10025 (A vulnerability has been found in luelista miniConf up to 1.7.6 and cl ...) NOT-FOR-US: luelista miniConf CVE-2015-10024 (A vulnerability classified as critical was found in hoffie larasync. T ...) NOT-FOR-US: hoffie larasync CVE-2015-10023 (A vulnerability classified as critical has been found in Fumon trello- ...) NOT-FOR-US: Fumon trello-octometric CVE-2015-10022 (A vulnerability was found in IISH nlgis2. It has been declared as crit ...) NOT-FOR-US: IISH nlgis2 CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been classified ...) NOT-FOR-US: ritterim CVE-2015-10020 (A vulnerability has been found in ssn2013 cis450Project and classified ...) NOT-FOR-US: cis450Project CVE-2015-10019 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: MySimplifiedSQL CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified as critic ...) NOT-FOR-US: ada-l0velace Bid CVE-2014-125062 (A vulnerability classified as critical was found in ananich bitstorm. ...) NOT-FOR-US: ananich bitstorm CVE-2014-125061 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel file ...) NOT-FOR-US: peel filebrokerrm CVE-2014-125060 (A vulnerability, which was classified as critical, was found in holden ...) NOT-FOR-US: holdennb CollabCal CVE-2014-125059 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: sternenseemann sternenblog CVE-2014-125058 (A vulnerability was found in LearnMeSomeCodes project3 and classified ...) NOT-FOR-US: LearnMeSomeCodes CVE-2014-125057 (A vulnerability was found in mrobit robitailletheknot. It has been cla ...) NOT-FOR-US: robitailletheknot CVE-2014-125056 (A vulnerability was found in Pylons horus and classified as problemati ...) NOT-FOR-US: Pylons horus CVE-2014-125055 (A vulnerability, which was classified as problematic, was found in agn ...) NOT-FOR-US: agnivade easy-scrypt CVE-2014-125054 (A vulnerability classified as critical was found in koroket RedditOnRa ...) NOT-FOR-US: RedditOnRails CVE-2023-22837 RESERVED CVE-2023-22836 (In cases where a multi-tenant stack user is operating Foundry\u2019s L ...) NOT-FOR-US: Palantir CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...) NOT-FOR-US: Palantir CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...) NOT-FOR-US: Palantir CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...) NOT-FOR-US: Palantir CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...) NOT-FOR-US: Apache NiFi CVE-2023-22831 RESERVED CVE-2023-22830 RESERVED CVE-2023-22829 RESERVED CVE-2023-22828 RESERVED CVE-2023-22827 RESERVED CVE-2023-22826 RESERVED CVE-2023-22825 RESERVED CVE-2023-22824 RESERVED CVE-2023-22823 RESERVED CVE-2023-22822 RESERVED CVE-2023-22821 RESERVED CVE-2023-22820 RESERVED CVE-2023-22819 (An uncontrolled resource consumption vulnerability issue that could ar ...) NOT-FOR-US: Western Digital CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were addressed in the ...) NOT-FOR-US: SanDisk Security Installer for Windows CVE-2023-22817 (Server-side request forgery (SSRF) vulnerability that could allow a ro ...) NOT-FOR-US: Western Digital CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...) NOT-FOR-US: Western Digital CVE-2023-22815 (Post-authentication remote command injection vulnerability in Western ...) NOT-FOR-US: Western Digital CVE-2023-22814 (An authentication bypass issue via spoofing was discovered in the toke ...) NOT-FOR-US: Western Digital CVE-2023-22813 (A device API endpoint was missing access controls on Western Digital M ...) NOT-FOR-US: Western Digital CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...) NOT-FOR-US: SanDisk PrivateAccess CVE-2023-22811 RESERVED CVE-2023-22810 RESERVED CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...) {DSA-5321-1 DLA-3272-1} - sudo 1.9.12p2-1 NOTE: https://www.sudo.ws/security/advisories/sudoedit_any/ NOTE: https://github.com/sudo-project/sudo/commit/0274a4f3b403162a37a10f199c989f3727ed3ad4 NOTE: https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf NOTE: https://www.openwall.com/lists/oss-security/2023/01/19/1 CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A non-privi ...) NOT-FOR-US: Arm Android Gralloc Module CVE-2023-22663 (Improper authentication for some Intel Unison software may allow an au ...) NOT-FOR-US: Intel CVE-2023-22448 (Improper access control for some Intel Unison software may allow a pri ...) NOT-FOR-US: Intel CVE-2023-22445 RESERVED CVE-2023-22430 RESERVED CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) NOT-FOR-US: Intel CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...) NOT-FOR-US: Intel CVE-2023-22337 (Improper input validation for some Intel Unison software may allow an ...) NOT-FOR-US: Intel CVE-2023-22292 (Uncaught exception for some Intel Unison software may allow an authent ...) NOT-FOR-US: Intel CVE-2023-22290 (Uncaught exception for some Intel Unison software may allow an authent ...) NOT-FOR-US: Intel CVE-2023-22285 (Improper access control for some Intel Unison software may allow an un ...) NOT-FOR-US: Intel CVE-2023-0112 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0110 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0109 RESERVED CVE-2023-0108 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0107 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0106 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2023-0105 (A flaw was found in Keycloak. This flaw allows impersonation and locko ...) NOT-FOR-US: Keycloak CVE-2018-25068 (A vulnerability has been found in devent globalpom-utils up to 4.5.0 a ...) NOT-FOR-US: devent globalpom-utils CVE-2018-25067 (A vulnerability, which was classified as critical, was found in JoomGa ...) NOT-FOR-US: JoomGallery CVE-2014-125053 (A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has bee ...) NOT-FOR-US: Piwigo-Guest-Book CVE-2014-125052 (A vulnerability was found in JervenBolleman sparql-identifiers and cla ...) NOT-FOR-US: JervenBolleman sparql-identifiers CVE-2013-10008 (A vulnerability was found in sheilazpy eShop. It has been classified a ...) NOT-FOR-US: sheilazpy eShop CVE-2023-22807 (LS ELECTRIC XBC-DN32U with operating system version 01.80 does not pro ...) NOT-FOR-US: LS ELECTRIC CVE-2023-22806 (LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits se ...) NOT-FOR-US: LS ELECTRIC CVE-2023-22805 (LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper ...) NOT-FOR-US: LS ELECTRIC CVE-2023-22804 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) NOT-FOR-US: LS ELECTRIC CVE-2023-22803 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) NOT-FOR-US: LS ELECTRIC CVE-2023-22802 RESERVED CVE-2023-22801 RESERVED CVE-2023-22800 RESERVED CVE-2023-22799 (A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could all ...) - ruby-globalid 0.6.0-2 (bug #1029851) [bullseye] - ruby-globalid (Minor issue) [buster] - ruby-globalid (Minor issue) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 NOTE: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b (v1.1.0) CVE-2023-22798 (Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://gith ...) NOT-FOR-US: Brave adblock-lists CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ...) - rails (Only affects 7.x) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120 CVE-2023-22796 (A regular expression based DoS vulnerability in Active Support <6.1.7. ...) {DSA-5372-1} - rails 2:6.1.7.3+dfsg-1 (bug #1030050) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116 NOTE: https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable) CVE-2023-22795 (A regular expression based DoS vulnerability in Action Dispatch <6.1.7 ...) {DSA-5372-1} - rails 2:6.1.7.3+dfsg-1 (bug #1030050) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 NOTE: https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable) CVE-2023-22794 (A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ...) {DSA-5372-1} - rails 2:6.1.7.3+dfsg-1 (bug #1030050) [buster] - rails (Only affects 6.x and later) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117 NOTE: https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable) CVE-2023-22793 RESERVED CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch <6.0.6 ...) {DSA-5372-1} - rails 2:6.1.7.3+dfsg-1 (bug #1030050) NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115 NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable) CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where an edge- ...) NOT-FOR-US: HPE CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) NOT-FOR-US: HPE CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) NOT-FOR-US: HPE CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) NOT-FOR-US: HPE CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability exists in a s ...) NOT-FOR-US: HPE CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: HPE CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...) NOT-FOR-US: Aruba CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...) NOT-FOR-US: Aruba CVE-2023-22776 (An authenticated path traversal vulnerability exists in the ArubaOS co ...) NOT-FOR-US: Aruba CVE-2023-22775 (A vulnerability exists which allows an authenticated attacker to acces ...) NOT-FOR-US: Aruba CVE-2023-22774 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...) NOT-FOR-US: Aruba CVE-2023-22773 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...) NOT-FOR-US: Aruba CVE-2023-22772 (An authenticated path traversal vulnerability exists in the ArubaOS we ...) NOT-FOR-US: Aruba CVE-2023-22771 (An insufficient session expiration vulnerability exists in the ArubaOS ...) NOT-FOR-US: Aruba CVE-2023-22770 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22769 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22768 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22767 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22766 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22765 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22764 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22763 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22762 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2023-22761 (Authenticated remote command injection vulnerabilities exist in the Ar ...) NOT-FOR-US: Aruba CVE-2023-22760 (Authenticated remote command injection vulnerabilities exist in the Ar ...) NOT-FOR-US: Aruba CVE-2023-22759 (Authenticated remote command injection vulnerabilities exist in the Ar ...) NOT-FOR-US: Aruba CVE-2023-22758 (Authenticated remote command injection vulnerabilities exist in the Ar ...) NOT-FOR-US: Aruba CVE-2023-22757 (There are buffer overflow vulnerabilities in multiple underlying opera ...) NOT-FOR-US: Aruba CVE-2023-22756 (There are buffer overflow vulnerabilities in multiple underlying opera ...) NOT-FOR-US: Aruba CVE-2023-22755 (There are buffer overflow vulnerabilities in multiple underlying opera ...) NOT-FOR-US: Aruba CVE-2023-22754 (There are buffer overflow vulnerabilities in multiple underlying opera ...) NOT-FOR-US: Aruba CVE-2023-22753 (There are buffer overflow vulnerabilities in multiple underlying opera ...) NOT-FOR-US: Aruba CVE-2023-22752 (There are stack-based buffer overflow vulnerabilities that could lead ...) NOT-FOR-US: Aruba CVE-2023-22751 (There are stack-based buffer overflow vulnerabilities that could lead ...) NOT-FOR-US: Aruba CVE-2023-22750 (There are multiple command injection vulnerabilities that could lead t ...) NOT-FOR-US: Aruba CVE-2023-22749 (There are multiple command injection vulnerabilities that could lead t ...) NOT-FOR-US: Aruba CVE-2023-22748 (There are multiple command injection vulnerabilities that could lead t ...) NOT-FOR-US: Aruba CVE-2023-22747 (There are multiple command injection vulnerabilities that could lead t ...) NOT-FOR-US: Aruba CVE-2023-22746 (CKAN is an open-source DMS (data management system) for powering data ...) NOT-FOR-US: CKAN CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...) - tpm2-tss 3.2.1-3 (bug #1029369) [bullseye] - tpm2-tss (Minor issue) [buster] - tpm2-tss (Minor issue) NOTE: Fixed by: https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 CVE-2023-22744 RESERVED CVE-2023-22743 (Git for Windows is the Windows port of the revision control system Git ...) NOT-FOR-US: Git for Windows CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...) {DLA-3340-1} - libgit2 1.5.1+ds-1 (bug #1029368) [bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u1 NOTE: https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea (v1.4.5) NOTE: https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 (v1.5.1) NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) {DSA-5410-1 DLA-3292-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654) NOTE: https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6 (v1.13.11) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54 CVE-2023-22740 (Discourse is an open source platform for community discussion. Version ...) NOT-FOR-US: Discourse CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...) NOT-FOR-US: Discourse CVE-2023-22738 (vantage6 is a privacy preserving federated learning infrastructure for ...) NOT-FOR-US: vantage6 CVE-2023-22737 (wire-server provides back end services for Wire, a team communication ...) NOT-FOR-US: wire-server CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...) NOT-FOR-US: Zulip CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22732 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22731 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony Framewor ...) NOT-FOR-US: Shopware CVE-2023-22729 (Silverstripe Framework is the Model-View-Controller framework that pow ...) NOT-FOR-US: Silverstripe CVE-2023-22728 (Silverstripe Framework is the Model-View-Controller framework that pow ...) NOT-FOR-US: Silverstripe CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...) NOT-FOR-US: CakePHP CVE-2023-22726 (act is a project which allows for local running of github actions. The ...) NOT-FOR-US: act CVE-2023-22725 (GLPI is a Free Asset and IT Management Software package. Versions 0.6. ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-f5g6-fxrw-pfj7 NOTE: Only supported behind an authenticated HTTP zone CVE-2023-22724 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-x9g4-j85w-cmff NOTE: Only supported behind an authenticated HTTP zone CVE-2023-22723 RESERVED CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package. Versions 9.4. ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-352j-wr38-493c NOTE: Only supported behind an authenticated HTTP zone CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22719 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...) NOT-FOR-US: WordPress plugin CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam A ...) NOT-FOR-US: WordPress plugin CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaM ...) NOT-FOR-US: WordPress plugin CVE-2023-22714 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming So ...) NOT-FOR-US: WordPress plugin CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordP ...) NOT-FOR-US: WordPress plugin CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...) NOT-FOR-US: WordPress plugin CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple H ...) NOT-FOR-US: WordPress plugin CVE-2023-22708 RESERVED CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...) NOT-FOR-US: WordPress plugin CVE-2023-22706 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...) NOT-FOR-US: WordPress plugin CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne I ...) NOT-FOR-US: WordPress plugin CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler ...) NOT-FOR-US: WordPress plugin CVE-2023-22703 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin ...) NOT-FOR-US: WordPress plugin CVE-2023-22702 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMob ...) NOT-FOR-US: WordPress plugin CVE-2023-22701 RESERVED CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...) NOT-FOR-US: PixelYourSite CVE-2023-22699 (Missing Authorization vulnerability in MainWP MainWP Wordfence Extensi ...) NOT-FOR-US: WordPress plugin CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...) NOT-FOR-US: WordPress plugin CVE-2023-22697 RESERVED CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-22695 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) NOT-FOR-US: WordPress plugin CVE-2023-22694 (Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Nor ...) NOT-FOR-US: WordPress plugin CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...) NOT-FOR-US: WordPress plugin CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...) NOT-FOR-US: WordPress plugin CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) NOT-FOR-US: WordPress plugin CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) NOT-FOR-US: WordPress plugin CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs ...) NOT-FOR-US: WordPress plugin CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...) NOT-FOR-US: Jose Mortellaro Freesoul Deactivate CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...) NOT-FOR-US: WordPress plugin CVE-2023-22685 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips ...) NOT-FOR-US: WordPress plugin CVE-2023-22684 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subs ...) NOT-FOR-US: WordPress plugin CVE-2023-22683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) NOT-FOR-US: WordPress plugin CVE-2023-22682 (Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | P ...) NOT-FOR-US: WordPress plugin CVE-2023-22681 (Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech On ...) NOT-FOR-US: WordPress plugin CVE-2023-22680 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alta ...) NOT-FOR-US: WordPress plugin CVE-2023-22679 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico ...) NOT-FOR-US: WordPress plugin CVE-2023-22678 (Cross-Site Request Forgery (CSRF) vulnerability inRafael DerySuperior ...) NOT-FOR-US: WordPress plugin CVE-2023-22677 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2023-22676 (Missing Authorization vulnerability in Anders Thorborg.This issue affe ...) NOT-FOR-US: WordPress plugin CVE-2023-22675 RESERVED CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...) NOT-FOR-US: WordPress plugin CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Mul ...) NOT-FOR-US: WordPress plugin CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...) NOT-FOR-US: Weintek EasyBuilder Pro CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...) NOT-FOR-US: LS ELECTRIC CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) NOT-FOR-US: LS ELECTRIC CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...) NOT-FOR-US: Nessus CVE-2023-0100 (In Eclipse BIRT, starting from version 2.6.2, the default configuratio ...) NOT-FOR-US: Eclipse BIRT CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape some param ...) NOT-FOR-US: WordPress plugin CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2023-0095 (The Page View Count WordPress plugin before 2.6.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4879 (A vulnerability was found in Forged Alliance Forever up to 3746. It ha ...) NOT-FOR-US: Forged Alliance Forever CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS. Affect ...) NOT-FOR-US: JATOS CVE-2020-36643 REJECTED CVE-2020-36642 (A vulnerability was found in trampgeek jobe up to 1.6.x and classified ...) NOT-FOR-US: trampgeek jobe CVE-2019-25099 (A vulnerability classified as critical was found in Arthmoor QSF-Porta ...) NOT-FOR-US: Arthmoor QSF-Portal CVE-2018-25066 (A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has bee ...) NOT-FOR-US: PeterMu nodebatis CVE-2016-15011 (A vulnerability classified as problematic was found in e-Contract dssp ...) NOT-FOR-US: e-Contract dssp CVE-2015-10018 (A vulnerability has been found in DBRisinajumi d2files and classified ...) NOT-FOR-US: DBRisinajumi d2files CVE-2015-10017 (A vulnerability has been found in HPI-Information-Systems ProLOD and c ...) NOT-FOR-US: HPI-Information-Systems ProLOD CVE-2015-10016 (A vulnerability, which was classified as critical, has been found in j ...) NOT-FOR-US: jeff-kelley opensim-utils CVE-2014-125051 (A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. ...) NOT-FOR-US: himiklab yii2-jqgrid-widget CVE-2014-125050 (A vulnerability was found in ScottTZhang voter-js and classified as cr ...) NOT-FOR-US: ScottTZhang voter-js CVE-2014-125049 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) NOT-FOR-US: typcn Blogile CVE-2014-125048 (A vulnerability, which was classified as critical, has been found in k ...) NOT-FOR-US: kassi xingwall CVE-2014-125047 (A vulnerability classified as critical has been found in tbezman schoo ...) NOT-FOR-US: tbezman school-store CVE-2014-125046 (A vulnerability, which was classified as critical, was found in Seiji4 ...) NOT-FOR-US: Seiji42 cub-scout-tracker CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...) - ghidra (bug #923851) CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading procedure ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2023-22668 (Memory Corruption in Audio while invoking IOCTLs calls from the user-s ...) NOT-FOR-US: Qualcomm CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...) NOT-FOR-US: Qualcomm CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...) NOT-FOR-US: Qualcomm CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are ...) NOT-FOR-US: Okta Advanced Server Access Client CVE-2023-0092 RESERVED CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain ...) NOT-FOR-US: Proofpoint CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...) NOT-FOR-US: Proofpoint CVE-2022-48228 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...) NOT-FOR-US: Acuant AsureID Sentinel CVE-2022-48227 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...) NOT-FOR-US: Acuant AsureID Sentinel CVE-2022-48226 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) NOT-FOR-US: Acuant CVE-2022-48225 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...) NOT-FOR-US: Acuant CVE-2022-48224 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...) NOT-FOR-US: Acuant CVE-2022-48223 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) NOT-FOR-US: Acuant CVE-2022-48222 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) NOT-FOR-US: Acuant CVE-2022-48221 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Mult ...) NOT-FOR-US: Acuant CVE-2017-20163 (A vulnerability has been found in Red Snapper NView and classified as ...) NOT-FOR-US: Red Snapper NView CVE-2014-125045 (A vulnerability has been found in meol1 and classified as critical. Af ...) NOT-FOR-US: meol1 CVE-2014-125044 (A vulnerability, which was classified as critical, was found in soshto ...) NOT-FOR-US: soshtolsus wing-tight CVE-2014-125043 REJECTED CVE-2014-125042 REJECTED CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena versions ...) - apache-jena 4.9.0-1 (bug #1035952) [bookworm] - apache-jena (Minor issue) NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...) - libeconf 0.5.2+dfsg1-1 (bug #1037333) [bookworm] - libeconf (Minor issue) [bullseye] - libeconf (Minor issue) NOTE: https://github.com/openSUSE/libeconf/issues/177 NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2) CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...) NOT-FOR-US: Rancher CVE-2023-22650 RESERVED CVE-2023-22649 RESERVED CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...) NOT-FOR-US: Rancher CVE-2023-22647 (An Improper Privilege Management vulnerability in SUSE Rancher allowed ...) NOT-FOR-US: Rancher CVE-2023-22646 RESERVED CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...) NOT-FOR-US: kubewarden CVE-2023-22644 (An Innsertion of Sensitive Information into Log File vulnerability in ...) NOT-FOR-US: SUSE Manager Server Module CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...) NOT-FOR-US: SAP CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...) NOT-FOR-US: Fortinet CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) NOT-FOR-US: Fortinet CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) NOT-FOR-US: FortiGuard CVE-2023-22639 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) NOT-FOR-US: Fortinet CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...) NOT-FOR-US: FortiGuard CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: FortiGuard CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...) NOT-FOR-US: Fortinet CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-494] in ...) NOT-FOR-US: Fortinet CVE-2023-22634 RESERVED CVE-2023-22633 (An improper permissions, privileges, and access controls vulnerability ...) NOT-FOR-US: Fortinet CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within ...) NOT-FOR-US: OpenHarmony CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...) NOT-FOR-US: OpenHarmony CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream parser functi ...) NOT-FOR-US: Ichitaro CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...) NOT-FOR-US: Keycloak CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: Swifty Page Manager plugin for WordPress CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Stored C ...) NOT-FOR-US: Swifty Page Manager plugin for WordPress CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...) NOT-FOR-US: JetWidgets for Elementor plugin for WordPress CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress CVE-2023-0084 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress CVE-2023-0083 (The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior vers ...) NOT-FOR-US: OpenHarmony CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 do ...) NOT-FOR-US: WordPress plugin CVE-2023-0079 (The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 do ...) NOT-FOR-US: WordPress plugin CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...) NOT-FOR-US: Synology CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...) NOT-FOR-US: snoyberg keter CVE-2022-48220 (Potential vulnerabilities have been identified in certain HP Desktop P ...) NOT-FOR-US: HP CVE-2022-48219 (Potential vulnerabilities have been identified in certain HP Desktop P ...) NOT-FOR-US: HP CVE-2022-48218 RESERVED CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...) NOT-FOR-US: Woorank robots-txt-guard CVE-2021-4304 (A vulnerability was found in eprintsug ulcc-core. It has been declared ...) NOT-FOR-US: eprintsug ulcc-core CVE-2021-4303 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: shannah Xataface CVE-2020-36641 (A vulnerability classified as problematic was found in gturri aXMLRPC ...) NOT-FOR-US: gturri aXMLRPC CVE-2020-36640 (A vulnerability, which was classified as problematic, was found in bon ...) NOT-FOR-US: bonitasoft bonita-connector-webservice CVE-2019-25098 (A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has b ...) - extplorer CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12 and class ...) - extplorer CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and ...) - extplorer CVE-2019-25095 (A vulnerability, which was classified as problematic, was found in kak ...) NOT-FOR-US: kakwa LdapCherry CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...) NOT-FOR-US: MediaWiki extension I18nTags CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...) NOT-FOR-US: OSM Lab show-me-the-way CVE-2017-20162 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: vercel ms CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: University of Cambridge django-ucamlookup CVE-2016-15009 (A vulnerability classified as problematic has been found in OpenACS bu ...) NOT-FOR-US: OpenACS bug-tracker CVE-2015-10015 (A vulnerability, which was classified as critical, has been found in g ...) NOT-FOR-US: glidernet ogn-live CVE-2015-10014 (A vulnerability classified as critical has been found in arekk uke. Th ...) NOT-FOR-US: arekk uke CVE-2015-10013 (A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up ...) NOT-FOR-US: WebDevStudios taxonomy-switcher Plugin CVE-2014-125041 (A vulnerability classified as critical was found in Miccighel PR-CWT. ...) NOT-FOR-US: Miccighel PR-CWT CVE-2014-125040 (A vulnerability was found in stevejagodzinski DevNewsAggregator. It ha ...) NOT-FOR-US: stevejagodzinski DevNewsAggregator CVE-2007-10001 (A vulnerability classified as problematic has been found in web-cyradm ...) NOT-FOR-US: web-cyradm CVE-2023-22632 RESERVED CVE-2023-22631 RESERVED CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...) NOT-FOR-US: IzyBat Orange casiers CVE-2023-22629 (An issue was discovered in TitanFTP through 1.94.1205. The move-file f ...) NOT-FOR-US: TitanFTP CVE-2023-22628 RESERVED CVE-2023-22627 RESERVED CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because ...) - ruby-pghero (bug #882288) CVE-2023-22625 RESERVED CVE-2023-22624 (Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers ...) NOT-FOR-US: Zoho CVE-2023-22623 RESERVED CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...) - wordpress (Not an issue for packaged WordPress) CVE-2023-22621 (Strapi through 4.5.5 allows authenticated Server-Side Template Injecti ...) NOT-FOR-US: Strapi CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...) NOT-FOR-US: SecurePoint UTM CVE-2023-22619 RESERVED CVE-2023-0076 (The Download Attachments WordPress plugin before 1.3 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0069 (The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin thr ...) NOT-FOR-US: WordPress plugin CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does ...) NOT-FOR-US: WordPress plugin CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...) NOT-FOR-US: WordPress plugin CVE-2023-0063 (The WordPress Shortcodes WordPress plugin through 1.6.36 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin before 1 ...) NOT-FOR-US: WordPress plugin CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does not val ...) NOT-FOR-US: WordPress plugin CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) - pyload (bug #1001980) CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...) {DSA-5348-1} - haproxy 2.6.8-1 [buster] - haproxy (Vulnerable code introduced later) NOTE: https://github.com/haproxy/haproxy/issues/1972 NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=84f5cba24f59b1c8339bb38323fcb01f434ba8e5 (v2.6.8) NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=038a7e8aeb1c5b90c18c55d2bcfb3aaa476bce89 (v2.2.27) CVE-2023-0055 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) - pyload (bug #1001980) CVE-2022-4876 (A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classi ...) NOT-FOR-US: Kaltura mwEmbed CVE-2022-4875 (A vulnerability has been found in fossology and classified as problema ...) - fossology CVE-2021-4302 (A vulnerability was found in slackero phpwcms up to 1.9.26. It has bee ...) NOT-FOR-US: slackero phpwcms CVE-2021-4301 (A vulnerability was found in slackero phpwcms up to 1.9.26 and classif ...) NOT-FOR-US: slackero phpwcms CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and classified a ...) NOT-FOR-US: ghostlander Halcyon CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia WaveLit ...) NOT-FOR-US: Nokia CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in PowerDN ...) - pdns-recursor 4.8.1-1 (bug #1029367) [bullseye] - pdns-recursor (Vulnerable code introduced later) [buster] - pdns-recursor (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2023/01/20/1 NOTE: https://downloads.powerdns.com/patches/2023-01/ NOTE: https://github.com/PowerDNS/pdns/pull/12442 CVE-2023-22616 (An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5. ...) NOT-FOR-US: Insyde CVE-2023-22615 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) NOT-FOR-US: Insyde CVE-2023-22614 (An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kern ...) NOT-FOR-US: Insyde CVE-2023-22613 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) NOT-FOR-US: Insyde CVE-2023-22612 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) NOT-FOR-US: Insyde CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: EcoStruxure Geo SCADA Expert CVE-2023-22610 (A CWE-863: Incorrect Authorization vulnerability exists that could cau ...) NOT-FOR-US: EcoStruxure Geo SCADA Expert CVE-2023-22609 REJECTED CVE-2023-22608 REJECTED CVE-2023-22607 REJECTED CVE-2023-22606 REJECTED CVE-2023-22605 REJECTED CVE-2023-22604 REJECTED CVE-2023-22603 REJECTED CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.) {DLA-3453-1} - vim 2:9.0.1378-1 (bug #1031875) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145) CVE-2023-0053 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...) NOT-FOR-US: SAUTER Controls Nova CVE-2023-0052 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...) NOT-FOR-US: SAUTER CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9 NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144) NOTE: Crash in CLI tool, no security impact CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.) - vim 2:9.0.1378-1 (unimportant) NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 NOTE: https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c (v9.0.1143) NOTE: Crash in CLI tool, no security impact CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior to maste ...) NOT-FOR-US: lirantal/daloradius CVE-2023-0047 REJECTED CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in GitHub ...) NOT-FOR-US: lirantal/daloradius CVE-2023-0045 (The current implementation of the prctl syscall does not issue an IBPB ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.7-1 [bullseye] - linux 5.10.178-1 NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1 NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245 NOTE: https://git.kernel.org/linus/a664ec9158eeddd75121d39c9a0758016097fa96 (6.2-rc3) NOTE: https://github.com/es0j/CVE-2023-0045 CVE-2023-0044 (If the Quarkus Form Authentication session cookie Path attribute is se ...) NOT-FOR-US: Quarkus CVE-2022-4874 (Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1 ...) NOT-FOR-US: Netcomm CVE-2022-4873 (On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buff ...) NOT-FOR-US: Netcomm CVE-2022-4872 (The Chained Products WordPress plugin before 2.12.0 does not have auth ...) NOT-FOR-US: WordPress plugin CVE-2022-48217 (The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) ...) NOT-FOR-US: ROS tf_remapper_node CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy. This woul ...) NOT-FOR-US: Uniswap Universal Router CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X on Windows a ...) NOT-FOR-US: AlliedModders AMX Mod X CVE-2019-25094 (A vulnerability, which was classified as problematic, was found in inn ...) NOT-FOR-US: innologi appointments Extension CVE-2016-15008 (A vulnerability was found in oxguy3 coebot-www and classified as probl ...) NOT-FOR-US: oxguy3 coebot-www CVE-2014-125039 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: kkokko NeoXplora CVE-2010-10003 (A vulnerability classified as critical was found in gesellix titlelink ...) NOT-FOR-US: gesellix titlelink CVE-2023-22602 (When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, ...) - shiro (bug #1029039) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue, cf. #1029039) NOTE: https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) NOT-FOR-US: InHand Networks InRouter CVE-2023-22600 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) NOT-FOR-US: InHand Networks InRouter CVE-2023-22599 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) NOT-FOR-US: InHand Networks InRouter CVE-2023-22598 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) NOT-FOR-US: InHand Networks InRouter CVE-2023-22597 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) NOT-FOR-US: InHand Networks InRouter CVE-2023-22596 RESERVED CVE-2023-22595 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...) NOT-FOR-US: IBM CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...) NOT-FOR-US: IBM CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) NOT-FOR-US: IBM CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...) NOT-FOR-US: IBM CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 throug ...) NOT-FOR-US: IBM CVE-2023-22590 RESERVED CVE-2023-22589 RESERVED CVE-2023-22588 RESERVED CVE-2023-22587 RESERVED CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...) NOT-FOR-US: IBM CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-22585 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-22584 (The Danfoss AK-EM100 stores login credentials in cleartext.) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-22583 (The Danfoss AK-EM100 web forms allow for SQL injection in the login fo ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-22582 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...) NOT-FOR-US: Danfoss AK-EM100 CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...) NOT-FOR-US: White Rabbit Switch CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...) NOT-FOR-US: DIVD CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...) NOT-FOR-US: DIVD CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a ...) NOT-FOR-US: DIVD CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated user to ...) NOT-FOR-US: White Rabbit Switch CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...) NOT-FOR-US: AsyncHTTPClient CVE-2023-0039 REJECTED CVE-2023-0038 (The "Survey Maker \u2013 Best WordPress Survey Plugin" plugin for Word ...) NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...) NOT-FOR-US: WordPress plugin CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...) NOT-FOR-US: OpenHarmony CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...) NOT-FOR-US: OpenHarmony CVE-2022-4871 (A vulnerability classified as problematic was found in ummmmm nflpick- ...) NOT-FOR-US: ummmmm nflpick-em.com CVE-2022-48215 RESERVED CVE-2022-48214 RESERVED CVE-2022-48213 RESERVED CVE-2022-48212 RESERVED CVE-2022-48211 RESERVED CVE-2022-48210 RESERVED CVE-2015-10012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoder ...) NOT-FOR-US: sumocoders FrameworkUserBundle CVE-2013-10007 (A vulnerability classified as problematic has been found in ethitter W ...) NOT-FOR-US: ethitter WP-Print-Friendly CVE-2012-10003 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ahmyi RivetTracker CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been declared ...) NOT-FOR-US: ahmyi RivetTracker CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin before 1.0.14 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4870 (In affected versions of Octopus Deploy it is possible to discover netw ...) NOT-FOR-US: Octopus Deploy CVE-2015-10011 (A vulnerability classified as problematic has been found in OpenDNS Op ...) NOT-FOR-US: OpenResolve CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been rated as ...) NOT-FOR-US: OpenResolve CVE-2023-22576 RESERVED CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...) NOT-FOR-US: Dell CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...) NOT-FOR-US: Dell CVE-2023-22573 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitiv ...) NOT-FOR-US: Dell CVE-2023-22572 (Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitiv ...) NOT-FOR-US: Dell CVE-2023-0032 RESERVED CVE-2023-0031 RESERVED CVE-2021-4299 (A vulnerability classified as problematic was found in cronvel string- ...) NOT-FOR-US: Node string-kit CVE-2021-4298 (A vulnerability classified as critical has been found in Hesburgh Libr ...) NOT-FOR-US: Sipity CVE-2019-25093 (A vulnerability, which was classified as problematic, was found in dra ...) NOT-FOR-US: Recent Threads On Index CVE-2017-20161 (A vulnerability classified as problematic has been found in rofl0r Mac ...) NOT-FOR-US: MacGeiger CVE-2016-15007 (A vulnerability was found in Centralized-Salesforce-Dev-Framework. It ...) NOT-FOR-US: Centralized-Salesforce-Dev-Framework CVE-2016-15006 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: EnigmaX CVE-2015-10009 (A vulnerability was found in nterchange up to 4.1.0. It has been rated ...) NOT-FOR-US: nterchange CVE-2015-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WE ...) NOT-FOR-US: 82Flex WEIPDCRM CVE-2015-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WE ...) NOT-FOR-US: 82Flex WEIPDCRM CVE-2014-125038 (A vulnerability has been found in IS_Projecto2 and classified as criti ...) NOT-FOR-US: IS_Projecto2 CVE-2014-125037 (A vulnerability, which was classified as critical, was found in Licens ...) NOT-FOR-US: License To Kill CVE-2014-125036 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Ansinle Debops ntp CVE-2014-125035 (A vulnerability classified as problematic was found in Jobs-Plugin. Af ...) NOT-FOR-US: mrbobbybryant/Jobs-Plugin CVE-2014-125034 (A vulnerability has been found in stiiv contact_app and classified as ...) NOT-FOR-US: stiiv/contact_app CVE-2014-125033 (A vulnerability was found in rails-cv-app. It has been rated as proble ...) NOT-FOR-US: rails-cv-app CVE-2014-125032 (A vulnerability was found in porpeeranut go-with-me. It has been decla ...) NOT-FOR-US: porpeeranut go-with-me CVE-2014-125031 (A vulnerability was found in kirill2485 TekNet. It has been classified ...) NOT-FOR-US: kirill2485 TekNet CVE-2023-22571 RESERVED CVE-2023-22570 RESERVED CVE-2023-22569 RESERVED CVE-2023-22568 RESERVED CVE-2023-22567 RESERVED CVE-2023-22566 RESERVED CVE-2023-22565 RESERVED CVE-2023-22564 RESERVED CVE-2023-22563 RESERVED CVE-2023-22562 RESERVED CVE-2023-22561 RESERVED CVE-2023-22560 RESERVED CVE-2023-22559 RESERVED CVE-2023-22558 RESERVED CVE-2023-22557 RESERVED CVE-2023-22556 RESERVED CVE-2023-22555 RESERVED CVE-2023-22554 RESERVED CVE-2023-22553 RESERVED CVE-2023-22552 RESERVED CVE-2022-48209 RESERVED CVE-2022-48208 RESERVED CVE-2022-48207 RESERVED CVE-2022-48206 RESERVED CVE-2022-48205 RESERVED CVE-2022-48204 RESERVED CVE-2022-48203 RESERVED CVE-2022-48202 RESERVED CVE-2022-48201 RESERVED CVE-2022-48200 RESERVED CVE-2023-22551 (The FTP (aka "Implementation of a simple FTP client and server") proje ...) NOT-FOR-US: rovinbhandari FTP CVE-2023-0030 (A use-after-free flaw was found in the Linux kernel\u2019s nouveau dri ...) - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1) CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...) NOT-FOR-US: Multilaser RE708 CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It has been ...) NOT-FOR-US: Evolution Events Artaxerxes CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a m ...) NOT-FOR-US: SoftPerfect CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...) NOT-FOR-US: trampgeek jobe CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...) NOT-FOR-US: Zenoss Dashboard CVE-2018-25062 (A vulnerability classified as problematic has been found in flar2 Elem ...) NOT-FOR-US: flar2 ElementalX CVE-2015-10006 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: admont28 Ingnovarq CVE-2014-125030 (A vulnerability, which was classified as critical, has been found in t ...) NOT-FOR-US: taoeffect Empress CVE-2013-10006 (A vulnerability classified as problematic was found in Ziftr primecoin ...) NOT-FOR-US: Ziftr primecoin CVE-2010-10002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: simplesamlphp-module-openid CVE-2023-22550 RESERVED CVE-2023-22549 RESERVED CVE-2023-22548 RESERVED CVE-2023-22547 RESERVED CVE-2023-22546 RESERVED CVE-2023-22545 RESERVED CVE-2023-22544 RESERVED CVE-2023-22543 RESERVED CVE-2023-22542 RESERVED CVE-2023-22541 RESERVED CVE-2023-22540 RESERVED CVE-2023-22539 RESERVED CVE-2023-22538 RESERVED CVE-2023-22537 RESERVED CVE-2023-22536 RESERVED CVE-2023-22535 RESERVED CVE-2023-22534 RESERVED CVE-2023-22533 RESERVED CVE-2023-22532 RESERVED CVE-2023-22531 RESERVED CVE-2023-22530 RESERVED CVE-2023-22529 RESERVED CVE-2023-22528 RESERVED CVE-2023-22527 (A template injection vulnerability on older versions of Confluence Dat ...) NOT-FOR-US: Atlassian Confluence Data Center and Server CVE-2023-22526 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) NOT-FOR-US: Atlassian Confluence Data Center CVE-2023-22525 REJECTED CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were affecte ...) NOT-FOR-US: Atlassian CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to perform privil ...) NOT-FOR-US: Atlassian CVE-2023-22522 (This Template Injection vulnerability allows an authenticated attacker ...) NOT-FOR-US: Atlassian CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) NOT-FOR-US: Crowd Data Center and Server CVE-2023-22520 REJECTED CVE-2023-22519 RESERVED CVE-2023-22518 (All versions of Confluence Data Center and Server are affected by this ...) NOT-FOR-US: Atlassian CVE-2023-22517 RESERVED CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) NOT-FOR-US: Bamboo Data Center and Server CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...) NOT-FOR-US: Atlassian CVE-2023-22514 REJECTED CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) NOT-FOR-US: Bitbucket Data Center and Server CVE-2023-22512 REJECTED CVE-2023-22511 RESERVED CVE-2023-22510 REJECTED CVE-2023-22509 RESERVED CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability known as ...) NOT-FOR-US: Atlassian CVE-2023-22507 REJECTED CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) vulnerabi ...) NOT-FOR-US: Atlassian CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability known as ...) NOT-FOR-US: Atlassian CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...) NOT-FOR-US: Atlassian CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2023-22502 REJECTED CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...) NOT-FOR-US: Atlassian CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twak ...) NOT-FOR-US: linagora/Twake CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot ...) NOT-FOR-US: ros ntpd driver CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 th ...) NOT-FOR-US: TreeView of YUI2 CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as ...) NOT-FOR-US: rgb2hex CVE-2017-20160 (A vulnerability was found in flitto express-param up to 0.x. It has be ...) NOT-FOR-US: express-param CVE-2014-125029 (A vulnerability was found in ttskch PaginationServiceProvider up to 0. ...) NOT-FOR-US: ttskch/PaginationServiceProvider CVE-2014-125028 (A vulnerability was found in valtech IDP Test Client and classified as ...) NOT-FOR-US: valtech IDP Test Client CVE-2022-4868 (Improper Authorization in GitHub repository froxlor/froxlor prior to 2 ...) - froxlor (bug #581792) CVE-2022-4867 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) - froxlor (bug #581792) CVE-2022-4866 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4865 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2017-20159 (A vulnerability was found in rf Keynote up to 0.x on Rails. It has bee ...) NOT-FOR-US: rf Keynote CVE-2017-20158 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yi ...) NOT-FOR-US: vova07 Yii2 FileAPI Widget CVE-2017-20157 (A vulnerability was found in Ariadne Component Library up to 2.x. It h ...) NOT-FOR-US: Ariadne Component Library CVE-2017-20156 (A vulnerability was found in Exciting Printer and classified as critic ...) NOT-FOR-US: Exciting Printer CVE-2014-125027 (A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and ...) NOT-FOR-US: Yuna Scatari TBDev CVE-2022-4864 (Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0 ...) - froxlor (bug #581792) CVE-2017-20155 (A vulnerability was found in Sterc Google Analytics Dashboard for MODX ...) NOT-FOR-US: Sterc Google Analytics Dashboard for MODX CVE-2017-20154 (A vulnerability was found in ghostlander Phoenixcoin. It has been clas ...) NOT-FOR-US: ghostlander Phoenixcoin CVE-2022-4863 (Improper Handling of Insufficient Permissions or Privileges in GitHub ...) NOT-FOR-US: usememos CVE-2022-4862 (Rendering of HTML provided by another authenticated user is possible i ...) NOT-FOR-US: M-Files Web CVE-2022-4861 (Incorrect implementation in authentication protocol in M-Files Client ...) NOT-FOR-US: M-Files CVE-2022-4860 (A vulnerability was found in KBase Metrics. It has been classified as ...) NOT-FOR-US: KBase Metrics CVE-2022-4859 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Joget CVE-2022-4858 (Insertion of Sensitive Information into Log Files in M-Files Server be ...) NOT-FOR-US: M-Files CVE-2022-4857 (A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and ...) NOT-FOR-US: Modbus Tools Modbus Poll CVE-2022-4856 (A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5. ...) NOT-FOR-US: Modbus Tools Modbus Slave CVE-2022-4855 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Lead Management System CVE-2022-48196 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2020-36638 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de ...) NOT-FOR-US: Chris92de AdminServ CVE-2020-36637 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de ...) NOT-FOR-US: Chris92de AdminServ CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as problemati ...) - golang-github-go-macaron-csrf (bug #1033115) [bullseye] - golang-github-go-macaron-csrf (Minor issue, no reverse deps) [buster] - golang-github-go-macaron-csrf (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c NOTE: https://github.com/go-macaron/csrf/pull/7 CVE-2018-25059 (A vulnerability was found in pastebinit up to 0.2.2 and classified as ...) NOT-FOR-US: jessfraz/pastebinit (Go implementation of pastebinit, different from src:pastebinit) CVE-2017-20153 (A vulnerability has been found in aerouk imageserve and classified as ...) NOT-FOR-US: aerouk imageserve CVE-2017-20152 (A vulnerability, which was classified as problematic, was found in aer ...) NOT-FOR-US: aerouk imageserve CVE-2017-20151 (A vulnerability classified as problematic was found in iText RUPS. Thi ...) NOT-FOR-US: iText RUPS CVE-2022-48195 (An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When ...) NOT-FOR-US: Mellium CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...) NOT-FOR-US: TP-Link CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during ...) NOT-FOR-US: Softing smartLink SW-HT CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1 ...) NOT-FOR-US: Softing smartLink SW-HT CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) whe ...) NOT-FOR-US: Trend Micro CVE-2021-46870 RESERVED CVE-2021-46869 RESERVED CVE-2023-22500 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3ghv-p34r-5ghx NOTE: Only supported behind an authenticated HTTP zone CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) NOT-FOR-US: Deno CVE-2023-22498 REJECTED CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...) - netdata 1.37.0-1 [bullseye] - netdata (Minor issue) [buster] - netdata (Minor issue) NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-jx85-39cw-66f2 CVE-2023-22496 (Netdata is an open source option for real-time infrastructure monitori ...) - netdata 1.37.0-1 [bullseye] - netdata (Minor issue) [buster] - netdata (Minor issue) NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-xg38-3vmw-2978 CVE-2023-22495 (Izanami is a shared configuration service well-suited for micro-servic ...) NOT-FOR-US: Izanami CVE-2023-22494 REJECTED CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is vulnerable to S ...) NOT-FOR-US: RSSHub CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OA ...) NOT-FOR-US: ZITADEL CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...) - gatsby (bug #922188) CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...) {DSA-5357-1 DLA-3338-1} - git 1:2.39.2-1 (bug #1031310) NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5 NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8) NOTE: https://github.com/git/git/commit/cf8f6ce02a13f4d1979a53241afbee15a293fce9 (v2.30.8) NOTE: https://github.com/git/git/commit/bffc762f87ae8d18c6001bf0044a76004245754c (v2.30.8) CVE-2023-22489 (Flarum is a discussion platform for websites. If the first post of a d ...) NOT-FOR-US: Flarum CVE-2023-22488 (Flarum is a forum software for building communities. Using the notific ...) NOT-FOR-US: Flarum CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...) NOT-FOR-US: Flarum CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1033110) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1033111) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1033112) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1033113) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7) CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1033110) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1033111) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1033112) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1033113) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1033110) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1033111) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1033112) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1033113) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm (bug #1033110) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1033111) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - r-cran-commonmark (bug #1033112) [bookworm] - r-cran-commonmark (Minor issue) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) - ruby-commonmarker (bug #1033113) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader ...) NOT-FOR-US: FreshRSS CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...) NOT-FOR-US: KubeOperator CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows ...) NOT-FOR-US: KubePi CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with unauthori ...) NOT-FOR-US: KubePi CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...) NOT-FOR-US: Mercurius CVE-2023-22476 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...) - mantis CVE-2023-0027 (Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerab ...) NOT-FOR-US: Rockwell Automation CVE-2022-4854 REJECTED CVE-2022-4853 REJECTED CVE-2022-4852 REJECTED CVE-2022-4851 (Improper Handling of Values in GitHub repository usememos/memos prior ...) NOT-FOR-US: usememos CVE-2022-4850 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: usememos CVE-2022-4849 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: usememos CVE-2022-4848 (Improper Verification of Source of a Communication Channel in GitHub r ...) NOT-FOR-US: usememos CVE-2022-4847 (Incorrectly Specified Destination in a Communication Channel in GitHub ...) NOT-FOR-US: usememos CVE-2022-4846 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: usememos CVE-2022-4845 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: usememos CVE-2022-4844 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) NOT-FOR-US: usememos CVE-2022-4843 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) - radare2 (Vulnerable code not yet present) NOTE: https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f NOTE: https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24 CVE-2022-4842 (A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver funct ...) - linux 6.1.8-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156927 NOTE: NTFS3 driver not enabled in Debian CVE-2022-4841 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4838 (The Clean Login WordPress plugin before 1.13.7 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4837 (The CPO Companion WordPress plugin before 1.1.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4836 (The Breadcrumb WordPress plugin before 1.5.33 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4835 (The Social Sharing Toolkit WordPress plugin through 2.6 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4834 (The CPT Bootstrap Carousel WordPress plugin through 1.12 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4833 (The YourChannel: Everything you want in a YouTube plugin WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4827 (The WP Tiles WordPress plugin through 1.1.2 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-48190 REJECTED CVE-2022-48189 (An SMM driver input validation vulnerability in the BIOS of some Think ...) NOT-FOR-US: Lenovo CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...) NOT-FOR-US: Lenovo CVE-2022-48187 REJECTED CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying Android a ...) NOT-FOR-US: Baiying Android application CVE-2022-48185 RESERVED CVE-2022-48184 RESERVED CVE-2022-48183 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) NOT-FOR-US: Lenovo CVE-2022-48182 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) NOT-FOR-US: Lenovo CVE-2022-48181 (An ErrorMessage driver stack-based buffer overflow vulnerability in BI ...) NOT-FOR-US: Lenovo CVE-2022-48180 RESERVED CVE-2022-48179 RESERVED CVE-2021-4296 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Unicorn - W3C's Unified Validator CVE-2021-4295 (A vulnerability classified as problematic was found in ONC code-valida ...) NOT-FOR-US: ONC code-validator-api CVE-2018-25058 (A vulnerability classified as problematic has been found in Twitter-Po ...) NOT-FOR-US: Twitter-Post-Fetcher CVE-2023-22475 (Canarytokens is an open source tool which helps track activity and act ...) NOT-FOR-US: canarytokens CVE-2023-22474 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2023-22473 (Talk-Android enables users to have video & audio calls through Nextclo ...) NOT-FOR-US: Talk-Android CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...) NOT-FOR-US: Deck CVE-2023-22471 (Deck is a kanban style organization tool aimed at personal planning an ...) NOT-FOR-US: Deck CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...) NOT-FOR-US: Deck CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...) NOT-FOR-US: Deck CVE-2023-22468 (Discourse is an open source platform for community discussion. Version ...) NOT-FOR-US: Discourse CVE-2023-22467 (Luxon is a library for working with dates and times in JavaScript. On ...) NOT-FOR-US: Luxon CVE-2023-22466 (Tokio is a runtime for writing applications with Rust. Starting with v ...) - rust-tokio 1.24.2-1 (bug #1029157) [bullseye] - rust-tokio (Only affects 1.7.0 and later) NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0001.html NOTE: https://github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7 CVE-2023-22465 (Http4s is a Scala interface for HTTP services. Starting with version 0 ...) NOT-FOR-US: http4s CVE-2023-22463 (KubePi is a k8s panel. The jwt authentication function of KubePi throu ...) NOT-FOR-US: KubePi CVE-2023-22462 (Grafana is an open-source platform for monitoring and observability. O ...) - grafana CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cross-sit ...) NOT-FOR-US: sanitize-svg CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...) NOT-FOR-US: go-ipld-prime CVE-2023-22458 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.8-1 (bug #1029363) [bullseye] - redis (Vulnerable code introduced later) [buster] - redis (Vulnerable code introduced later) NOTE: https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj NOTE: Introduced after: https://github.com/redis/redis/commit/b9a0500f16d0cd016398133cc7ac256ad927b679 (6.2-rc3) NOTE: Fixed by: https://github.com/redis/redis/commit/3f1f02034ce674cad8268f958cf8c39944b240c6 (7.0.8) CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...) NOT-FOR-US: xwiki CKEditor Integration UI CVE-2023-22464 (ViewVC is a browser interface for CVS and Subversion version control r ...) {DLA-3266-1} - viewvc NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216 NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h NOTE: https://github.com/viewvc/viewvc/commit/8c61b87b3e8745ab298e1463e1fce092e5c01026 (1.1.30) CVE-2023-22456 (ViewVC, a browser interface for CVS and Subversion version control rep ...) {DLA-3266-1} - viewvc NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216 NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g NOTE: https://github.com/viewvc/viewvc/commit/2d57d713aa9b64558a9ba3ea187866ce98564c0a (1.1.29) CVE-2023-22455 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2023-22454 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2023-22453 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2023-22452 (kenny2automate is a Discord bot. In the web interface for server setti ...) NOT-FOR-US: kenny2automate CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version 11.6 an ...) NOT-FOR-US: Kiwi TCMS CVE-2022-4823 (A vulnerability, which was classified as problematic, was found in InS ...) NOT-FOR-US: InSTEDD Nuntium CVE-2022-4822 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: FlatPress CVE-2022-4821 (A vulnerability classified as problematic was found in FlatPress. This ...) NOT-FOR-US: FlatPress CVE-2022-4820 (A vulnerability classified as problematic has been found in FlatPress. ...) NOT-FOR-US: FlatPress CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as problematic. ...) NOT-FOR-US: HotCRP CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has been d ...) NOT-FOR-US: Talend Open Studio for MDM CVE-2022-48178 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a st ...) NOT-FOR-US: X2CRM Open Source Sales CRM CVE-2022-48177 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a re ...) NOT-FOR-US: X2CRM Open Source Sales CRM CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7 ...) NOT-FOR-US: Netgear CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...) NOT-FOR-US: Rukovoditel CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...) - busybox (bug #1059049) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=15216 NOTE: https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 CVE-2022-48173 RESERVED CVE-2022-48172 RESERVED CVE-2022-48171 RESERVED CVE-2022-48170 RESERVED CVE-2022-48169 RESERVED CVE-2022-48168 RESERVED CVE-2022-48167 RESERVED CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...) NOT-FOR-US: Wavlink CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) NOT-FOR-US: Wavlink CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) NOT-FOR-US: Wavlink CVE-2022-48163 RESERVED CVE-2022-48162 RESERVED CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...) NOT-FOR-US: Easy Images CVE-2022-48160 RESERVED CVE-2022-48159 RESERVED CVE-2022-48158 RESERVED CVE-2022-48157 RESERVED CVE-2022-48156 RESERVED CVE-2022-48155 RESERVED CVE-2022-48154 RESERVED CVE-2022-48153 RESERVED CVE-2022-48152 (SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to ex ...) NOT-FOR-US: RemoteClinic CVE-2022-48151 RESERVED CVE-2022-48150 (Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Shopware CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...) NOT-FOR-US: Online Student Admission System in PHP Free Source Code CVE-2022-48148 RESERVED CVE-2022-48147 RESERVED CVE-2022-48146 RESERVED CVE-2022-48145 RESERVED CVE-2022-48144 RESERVED CVE-2022-48143 RESERVED CVE-2022-48142 RESERVED CVE-2022-48141 RESERVED CVE-2022-48140 (DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: DedeCMS CVE-2022-48139 RESERVED CVE-2022-48138 REJECTED CVE-2022-48137 REJECTED CVE-2022-48136 RESERVED CVE-2022-48135 RESERVED CVE-2022-48134 RESERVED CVE-2022-48133 RESERVED CVE-2022-48132 RESERVED CVE-2022-48131 RESERVED CVE-2022-48130 (Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflo ...) NOT-FOR-US: Tenda CVE-2022-48129 RESERVED CVE-2022-48128 RESERVED CVE-2022-48127 RESERVED CVE-2022-48126 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48125 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48124 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48123 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48122 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48121 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-48120 (SQL Injection vulnerability in kishan0725 Hospital Management System t ...) NOT-FOR-US: kishan0725 Hospital Management System CVE-2022-48119 RESERVED CVE-2022-48118 (Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: Jorani CVE-2022-48117 RESERVED CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: AyaCMS CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered to be v ...) NOT-FOR-US: jspreadsheet CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: RuoYi CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...) NOT-FOR-US: TOTOLINK CVE-2022-48112 RESERVED CVE-2022-48111 (A cross-site scripting (XSS) vulnerability in the check_login function ...) NOT-FOR-US: SIPE CVE-2022-48110 (CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scri ...) NOT-FOR-US: Disputed ckeditor issue CVE-2022-48109 RESERVED CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...) NOT-FOR-US: D-Link CVE-2022-48107 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...) NOT-FOR-US: D-Link CVE-2022-48106 RESERVED CVE-2022-48105 RESERVED CVE-2022-48104 RESERVED CVE-2022-48103 RESERVED CVE-2022-48102 RESERVED CVE-2022-48101 RESERVED CVE-2022-48100 RESERVED CVE-2022-48099 RESERVED CVE-2022-48098 RESERVED CVE-2022-48097 RESERVED CVE-2022-48096 RESERVED CVE-2022-48095 RESERVED CVE-2022-48094 (lmxcms v1.41 was discovered to contain an arbitrary file read vulnerab ...) NOT-FOR-US: lmxcms CVE-2022-48093 (Seacms v12.7 was discovered to contain a remote code execution (RCE) v ...) NOT-FOR-US: Seacms CVE-2022-48092 RESERVED CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site ...) NOT-FOR-US: Tramyardg hotel-mgmt-system CVE-2022-48090 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Inject ...) NOT-FOR-US: Tramyardg hotel-mgmt-system CVE-2022-48089 RESERVED CVE-2022-48088 RESERVED CVE-2022-48087 RESERVED CVE-2022-48086 RESERVED CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...) NOT-FOR-US: Softr CVE-2022-48084 RESERVED CVE-2022-48083 RESERVED CVE-2022-48082 (Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnera ...) NOT-FOR-US: Easyone CRM CVE-2022-48081 RESERVED CVE-2022-48080 RESERVED CVE-2022-48079 (Monnai aaPanel host system v1.5 contains an access control issue which ...) NOT-FOR-US: Monnai aaPanel host system CVE-2022-48078 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...) NOT-FOR-US: pycdc CVE-2022-48077 (Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vu ...) NOT-FOR-US: Genymotion Desktop CVE-2022-48076 RESERVED CVE-2022-48075 RESERVED CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to execute arbitr ...) NOT-FOR-US: NoMachine CVE-2022-48073 (Phicomm K2G v22.6.3.20 was discovered to store the root and admin pass ...) NOT-FOR-US: Phicomm CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...) NOT-FOR-US: Phicomm CVE-2022-48071 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) NOT-FOR-US: Phicomm CVE-2022-48070 (Phicomm K2 v22.6.534.263 was discovered to contain a command injection ...) NOT-FOR-US: Phicomm CVE-2022-48069 (Totolink A830R V4.1.2cu.5182 was discovered to contain a command injec ...) NOT-FOR-US: TOTOLINK CVE-2022-48068 RESERVED CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R V4.1.2cu.518 ...) NOT-FOR-US: TOTOLINK CVE-2022-48066 (An issue in the component global.so of Totolink A830R V4.1.2cu.5182 al ...) NOT-FOR-US: TOTOLINK CVE-2022-48065 (GNU Binutils before 2.40 was discovered to contain a memory leak vulne ...) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29925 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a (binutils-2_40) NOTE: binutils not covered by security support CVE-2022-48064 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29922 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931 (binutils-2_40) NOTE: binutils not covered by security support CVE-2022-48063 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29924 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd (binutils-2_40) NOTE: binutils not covered by security support CVE-2022-48062 RESERVED CVE-2022-48061 RESERVED CVE-2022-48060 RESERVED CVE-2022-48059 RESERVED CVE-2022-48058 RESERVED CVE-2022-48057 RESERVED CVE-2022-48056 RESERVED CVE-2022-48055 RESERVED CVE-2022-48054 RESERVED CVE-2022-48053 RESERVED CVE-2022-48052 RESERVED CVE-2022-48051 RESERVED CVE-2022-48050 RESERVED CVE-2022-48049 RESERVED CVE-2022-48048 RESERVED CVE-2022-48047 RESERVED CVE-2022-48046 RESERVED CVE-2022-48045 RESERVED CVE-2022-48044 RESERVED CVE-2022-48043 RESERVED CVE-2022-48042 RESERVED CVE-2022-48041 RESERVED CVE-2022-48040 RESERVED CVE-2022-48039 RESERVED CVE-2022-48038 RESERVED CVE-2022-48037 RESERVED CVE-2022-48036 RESERVED CVE-2022-48035 RESERVED CVE-2022-48034 RESERVED CVE-2022-48033 RESERVED CVE-2022-48032 RESERVED CVE-2022-48031 RESERVED CVE-2022-48030 RESERVED CVE-2022-48029 RESERVED CVE-2022-48028 RESERVED CVE-2022-48027 RESERVED CVE-2022-48026 RESERVED CVE-2022-48025 RESERVED CVE-2022-48024 RESERVED CVE-2022-48023 (Insufficient privilege verification in Zammad v5.3.0 allows an authent ...) - zammad (bug #841355) CVE-2022-48022 (An issue in the component /api/v1/mentions of Zammad v5.3.0 allows aut ...) - zammad (bug #841355) CVE-2022-48021 (A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary ...) - zammad (bug #841355) CVE-2022-48020 (Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site sc ...) NOT-FOR-US: Vinteo VCC CVE-2022-48019 (The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3 ...) NOT-FOR-US: Another Eden CVE-2022-48018 RESERVED CVE-2022-48017 RESERVED CVE-2022-48016 RESERVED CVE-2022-48015 RESERVED CVE-2022-48014 RESERVED CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site scriptin ...) NOT-FOR-US: Opencats CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: Opencats CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Opencats CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...) - limesurvey (bug #472802) CVE-2022-48009 RESERVED CVE-2022-48008 (An arbitrary file upload vulnerability in the plugin manager of LimeSu ...) - limesurvey (bug #472802) CVE-2022-48007 (A stored cross-site scripting (XSS) vulnerability in identification.ph ...) - piwigo CVE-2022-48006 (An arbitrary file upload vulnerability in taocms v3.0.2 allows attacke ...) NOT-FOR-US: Taocms CVE-2022-48005 RESERVED CVE-2022-48004 RESERVED CVE-2022-48003 RESERVED CVE-2022-48002 RESERVED CVE-2022-48001 RESERVED CVE-2022-48000 RESERVED CVE-2022-47999 RESERVED CVE-2022-47998 RESERVED CVE-2022-47997 RESERVED CVE-2022-47996 RESERVED CVE-2022-47995 RESERVED CVE-2022-47994 RESERVED CVE-2022-47993 RESERVED CVE-2022-47992 RESERVED CVE-2022-47991 RESERVED CVE-2018-25057 (A vulnerability was found in simple_php_link_shortener. It has been cl ...) NOT-FOR-US: simple_php_link_shortener CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been declar ...) NOT-FOR-US: centic9 jgit-cookbook CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...) NOT-FOR-US: Lenovo CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...) NOT-FOR-US: usememos CVE-2022-4812 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-4811 (Authorization Bypass Through User-Controlled Key vulnerability in usem ...) NOT-FOR-US: usememos CVE-2022-4810 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4809 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4808 (Improper Privilege Management in GitHub repository usememos/memos prio ...) NOT-FOR-US: usememos CVE-2022-4807 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4806 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-4805 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) NOT-FOR-US: usememos CVE-2022-4804 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...) NOT-FOR-US: usememos CVE-2022-4803 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-4802 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository usemem ...) NOT-FOR-US: usememos CVE-2022-4800 (Improper Verification of Source of a Communication Channel in GitHub r ...) NOT-FOR-US: usememos CVE-2022-47990 (IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged loca ...) NOT-FOR-US: IBM CVE-2022-4799 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-47989 RESERVED CVE-2022-47988 RESERVED CVE-2022-47987 RESERVED CVE-2022-47986 (IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote ...) NOT-FOR-US: IBM CVE-2022-47985 RESERVED CVE-2022-47984 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM CVE-2022-47983 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-47982 RESERVED CVE-2022-47981 RESERVED CVE-2022-47980 RESERVED CVE-2022-4798 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-47979 RESERVED CVE-2022-47978 RESERVED CVE-2022-47977 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...) NOT-FOR-US: JT Open CVE-2022-47976 (The DMSDP module of the distributed hardware has a vulnerability that ...) NOT-FOR-US: Huawei CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2022-47974 (The Bluetooth AVRCP module has a vulnerability that can lead to DoS at ...) NOT-FOR-US: Huawei CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: usememos CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) NOT-FOR-US: usememos CVE-2022-4795 (The Galleries by Angie Makes WordPress plugin through 1.67 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted d ...) NOT-FOR-US: WordPress plugin CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4792 (The News & Blog Designer Pack WordPress plugin before 3.3 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-4791 (The Product Slider and Carousel with Category for WooCommerce WordPres ...) NOT-FOR-US: WordPress plugin CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4788 (The Embed PDF WordPress plugin through 1.0.6 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4785 (The Video Sidebar Widgets WordPress plugin through 6.1 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...) NOT-FOR-US: ISOS firmwares CVE-2022-4779 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...) NOT-FOR-US: StreamX applications CVE-2022-4778 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...) NOT-FOR-US: StreamX applications CVE-2021-46868 (The HW_KEYMASTER module has a problem in releasing memory.Successful e ...) NOT-FOR-US: Huawei CVE-2021-46867 (The HW_KEYMASTER module has a problem in releasing memory.Successful e ...) NOT-FOR-US: Huawei CVE-2021-4294 (A vulnerability was found in OpenShift OSIN. It has been classified as ...) NOT-FOR-US: OpenShift OSIN CVE-2021-4293 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: gnuboard youngcart5 CVE-2019-25092 (A vulnerability classified as problematic was found in Nakiami Mellivo ...) NOT-FOR-US: Nakiami Mellivora CVE-2018-25056 (A vulnerability, which was classified as problematic, was found in yol ...) NOT-FOR-US: yolapi CVE-2018-25055 (A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It ha ...) NOT-FOR-US: FarCry Solr Pro Plugin CVE-2018-25054 (A vulnerability was found in shred cilla. It has been classified as pr ...) NOT-FOR-US: cilla CVE-2018-25053 (A vulnerability was found in moappi Json2html up to 1.1.x and classifi ...) NOT-FOR-US: json2html CVE-2018-25052 (A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 a ...) - libcatalyst-plugin-session-perl 0.41-1 NOTE: https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4 (0.41) CVE-2018-25051 (A vulnerability, which was classified as problematic, was found in JmP ...) NOT-FOR-US: JmPotato Pomash CVE-2018-25050 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Harvest Chosen CVE-2017-20150 (A vulnerability was found in challenge website. It has been rated as c ...) NOT-FOR-US: challenge website CVE-2022-XXXX [RUSTSEC-2022-0074] - rust-prettytable-rs 0.10.0-1 (bug #1027282) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html NOTE: https://github.com/phsym/prettytable-rs/issues/145 CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...) NOT-FOR-US: EC-CUBE CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...) - web2py CVE-2023-22429 (Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier ...) NOT-FOR-US: Android App 'Wolt Delivery: Food and more' CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function ...) NOT-FOR-US: SHIRASAGI CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...) NOT-FOR-US: SHIRASAGI CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...) NOT-FOR-US: Kostac CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...) NOT-FOR-US: Kostac CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...) NOT-FOR-US: Kostac CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) NOT-FOR-US: tsClinical CVE-2023-22376 (Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan ...) NOT-FOR-US: Tilt Network Camera CVE-2023-22375 (Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN ...) NOT-FOR-US: Tilt Network Camera CVE-2023-22370 (Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Ti ...) NOT-FOR-US: Tilt Network Camera CVE-2023-22369 REJECTED CVE-2023-22368 (Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 an ...) NOT-FOR-US: ELECOM CVE-2023-22367 (Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Androi ...) NOT-FOR-US: Ichiran CVE-2023-22362 (SUSHIRO App for Android outputs sensitive information to the log file, ...) NOT-FOR-US: SUSHIRO CVE-2023-22360 (Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0. ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22353 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22350 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22349 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22347 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...) NOT-FOR-US: Screen Creator Advance CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...) NOT-FOR-US: SS1 CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...) NOT-FOR-US: SS1 CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...) NOT-FOR-US: SS1 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...) NOT-FOR-US: EasyMail CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...) - pgpool2 4.3.5-1 (bug #1030048) [bullseye] - pgpool2 (Minor issue) [buster] - pgpool2 (Minor issue, restricted system account password hash leak to authentified users) NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5. ...) NOT-FOR-US: CONPROSYS CVE-2023-22322 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) NOT-FOR-US: CX-Motion Pro CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...) NOT-FOR-US: OpenAM Web Policy Agent (different from src:openam) CVE-2023-22316 (Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...) NOT-FOR-US: PIXELA CVE-2023-22304 (OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...) NOT-FOR-US: PIXELA CVE-2023-22303 (TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 2022 ...) NOT-FOR-US: TP-Link CVE-2023-22298 (Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allow ...) - pgadmin4 (bug #834129) CVE-2023-22296 (Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer s ...) NOT-FOR-US: Mahoroba Kobo CVE-2023-22286 (Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevance ...) NOT-FOR-US: Mahoroba Kobo CVE-2023-22280 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...) NOT-FOR-US: Mahoroba Kobo CVE-2023-22279 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...) NOT-FOR-US: Mahoroba Kobo CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver ...) NOT-FOR-US: Digital Arts CVE-2022-47969 RESERVED CVE-2022-4777 (The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the file ty ...) NOT-FOR-US: WordPress plugin CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) NOT-FOR-US: cloudsync CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...) NOT-FOR-US: Widoco CVE-2022-4771 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-4770 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-4769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as ...) NOT-FOR-US: Dropbox merou CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...) {DLA-3303-1} - ruby-git 1.13.1-1 [bullseye] - ruby-git (Minor issue) NOTE: https://github.com/ruby-git/ruby-git/pull/602 NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0) CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...) {DLA-3303-1} - ruby-git 1.13.1-1 [bullseye] - ruby-git (Minor issue) NOTE: https://github.com/ruby-git/ruby-git/pull/602 NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0) CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It h ...) NOT-FOR-US: OpenMRS CVE-2021-4291 (A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It h ...) NOT-FOR-US: OpenMRS CVE-2021-4290 (A vulnerability was found in DHBW Fallstudie. It has been declared as ...) NOT-FOR-US: DHBW Fallstudie CVE-2020-36636 (A vulnerability classified as problematic has been found in OpenMRS Ad ...) NOT-FOR-US: OpenMRS CVE-2020-36635 (A vulnerability was found in OpenMRS Appointment Scheduling Module up ...) NOT-FOR-US: OpenMRS CVE-2019-25091 (A vulnerability classified as problematic has been found in nsupdate.i ...) NOT-FOR-US: nsupdate.info CVE-2023-22417 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22416 (A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos O ...) NOT-FOR-US: Juniper CVE-2023-22415 (An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Netwo ...) NOT-FOR-US: Juniper CVE-2023-22414 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22413 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-22412 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...) NOT-FOR-US: Juniper CVE-2023-22411 (An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) ...) NOT-FOR-US: Juniper CVE-2023-22410 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22409 (An Unchecked Input for Loop Condition vulnerability in a NAT library o ...) NOT-FOR-US: Juniper CVE-2023-22408 (An Improper Validation of Array Index vulnerability in the SIP ALG of ...) NOT-FOR-US: Juniper CVE-2023-22407 (An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rp ...) NOT-FOR-US: Juniper CVE-2023-22406 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22405 (An Improper Preservation of Consistency Between Independent Representa ...) NOT-FOR-US: Juniper CVE-2023-22404 (An Out-of-bounds Write vulnerability in the Internet Key Exchange Prot ...) NOT-FOR-US: Juniper CVE-2023-22403 (An Allocation of Resources Without Limits or Throttling vulnerability ...) NOT-FOR-US: Juniper CVE-2023-22402 (A Use After Free vulnerability in the kernel of Juniper Networks Junos ...) NOT-FOR-US: Juniper CVE-2023-22401 (An Improper Validation of Array Index vulnerability in the Advanced Fo ...) NOT-FOR-US: Juniper CVE-2023-22400 (An Uncontrolled Resource Consumption vulnerability in the PFE manageme ...) NOT-FOR-US: Juniper CVE-2023-22399 (When sFlow is enabled and it monitors a packet forwarded via ECMP, a b ...) NOT-FOR-US: Juniper CVE-2023-22398 (An Access of Uninitialized Pointer vulnerability in the Routing Protoc ...) NOT-FOR-US: Juniper CVE-2023-22397 (An Allocation of Resources Without Limits or Throttling weakness in th ...) NOT-FOR-US: Juniper CVE-2023-22396 (An Uncontrolled Resource Consumption vulnerability in TCP processing o ...) NOT-FOR-US: Juniper CVE-2023-22395 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22394 (An Improper Handling of Unexpected Data Type vulnerability in the hand ...) NOT-FOR-US: Juniper CVE-2023-22393 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2023-22392 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in Juniper ...) NOT-FOR-US: Juniper CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitialized po ...) NOT-FOR-US: CX-Motion-MCH CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, which ma ...) NOT-FOR-US: OMROM CVE-2023-22317 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) NOT-FOR-US: CX-Programmer CVE-2023-22314 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) NOT-FOR-US: CX-Programmer CVE-2023-22277 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) NOT-FOR-US: CX-Programmer CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...) NOT-FOR-US: Heimdall Application Dashboard CVE-2022-47967 (A vulnerability has been identified in Solid Edge (All versions < V202 ...) NOT-FOR-US: Siemens CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to 0.9.1.) NOT-FOR-US: usememos CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. I ...) NOT-FOR-US: dolibarr_project_timesheet CVE-2022-4765 (The Portfolio for Elementor WordPress plugin before 2.3.1 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-4764 (The Simple File Downloader WordPress plugin through 1.0.4 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4761 (The Post Views Count WordPress plugin through 3.0.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...) NOT-FOR-US: FlatPress CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4752 (The Opening Hours WordPress plugin through 2.3.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4750 (The WP Responsive Testimonials Slider And Widget WordPress plugin thro ...) NOT-FOR-US: WordPress plugin CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...) NOT-FOR-US: FlatPress CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin before 1 ...) NOT-FOR-US: WordPress plugin CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...) NOT-FOR-US: OpenMRS CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...) NOT-FOR-US: OpenMRS CVE-2021-4287 (A vulnerability, which was classified as problematic, was found in ReF ...) - binwalk 2.3.3+dfsg1-1 (unimportant) NOTE: https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd (v2.3.3) NOTE: https://github.com/ReFirmLabs/binwalk/pull/556 NOTE: This is not a security vulnerability, but only adds a security-related feature CVE-2021-4286 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: cocagne pysrp CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios NCPA. Th ...) NOT-FOR-US: Nagios NCPA CVE-2021-4284 (A vulnerability classified as problematic has been found in OpenMRS HT ...) NOT-FOR-US: OpenMRS CVE-2021-4283 (A vulnerability was found in FreeBPX voicemail. It has been rated as p ...) NOT-FOR-US: FreeBPX voicemail CVE-2021-4282 (A vulnerability was found in FreePBX voicemail. It has been declared a ...) NOT-FOR-US: FreePBX voicemail CVE-2020-36634 (A vulnerability classified as problematic has been found in Indeed Eng ...) NOT-FOR-US: Indeed Engineering util CVE-2020-36633 (A vulnerability was found in moodle-block_sitenews 1.0. It has been cl ...) NOT-FOR-US: moodle-block_sitenews CVE-2019-25090 (A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and cla ...) NOT-FOR-US: FreePBX arimanager CVE-2019-25089 (A vulnerability has been found in Morgawr Muon 0.1.1 and classified as ...) NOT-FOR-US: Morgawr Muon CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been classified ...) NOT-FOR-US: ytti Oxidized Web CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been rated as ...) NOT-FOR-US: RamseyK httpserver CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It ...) NOT-FOR-US: IET-OU Open Media Player CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...) NOT-FOR-US: email-existence CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...) NOT-FOR-US: Fuji Electric CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Pl ...) NOT-FOR-US: Zoho CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a vis ...) NOT-FOR-US: WordPress plugin CVE-2022-4745 (The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as ...) NOT-FOR-US: Brave UX for-the-badge CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...) NOT-FOR-US: Fuji Electric CVE-2022-4744 (A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device ...) {DLA-3403-1} - linux 5.15.15-1 [bullseye] - linux 5.10.136-1 NOTE: https://git.kernel.org/linus/158b515f703e75e7d68289bf4d98c664e1d632df (5.16-rc7) CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...) {DLA-3314-1} - libsdl2 2.26.0+dfsg-1 [bullseye] - libsdl2 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290 NOTE: https://github.com/libsdl-org/SDL/pull/6269 NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1) CVE-2022-4742 (A vulnerability, which was classified as critical, has been found in j ...) NOT-FOR-US: Node json-pointer module CVE-2022-47317 (Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier al ...) NOT-FOR-US: Fuji Electric CVE-2022-46360 (Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TEL ...) NOT-FOR-US: Fuji Electric CVE-2022-43448 (Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TE ...) NOT-FOR-US: Fuji Electric CVE-2022-41645 (Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier all ...) NOT-FOR-US: Fuji Electric CVE-2022-4741 (A vulnerability was found in docconv up to 1.2.0 and classified as pro ...) NOT-FOR-US: docconv CVE-2022-4740 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: kkFileView CVE-2022-4739 (A vulnerability classified as critical was found in SourceCodester Sch ...) NOT-FOR-US: SourceCodester School Dormitory Management System CVE-2022-4738 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Blood Bank Management System CVE-2022-4737 (A vulnerability was found in SourceCodester Blood Bank Management Syst ...) NOT-FOR-US: SourceCodester Blood Bank Management System CVE-2022-4736 (A vulnerability was found in Venganzas del Pasado and classified as pr ...) NOT-FOR-US: Venganzas del Pasado CVE-2021-4280 (A vulnerability was found in styler_praat_scripts. It has been classif ...) NOT-FOR-US: styler_praat_scripts CVE-2021-4279 (A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3. ...) NOT-FOR-US: Starcounter-Jack JSON-Patch CVE-2020-36632 (A vulnerability, which was classified as critical, was found in hughsk ...) NOT-FOR-US: hughsk flat CVE-2020-36631 (A vulnerability was found in barronwaffles dwc_network_server_emulator ...) NOT-FOR-US: barronwaffles dwc_network_server_emulator CVE-2020-36630 (A vulnerability was found in FreePBX cdr 14.0. It has been classified ...) NOT-FOR-US: FreePBX CVE-2019-25085 (A vulnerability was found in GNOME gvdb. It has been classified as cri ...) - glib2.0 2.66.0-1 [buster] - glib2.0 (Transient vulnerable code not present) - epiphany-browser 3.34.1-1 [buster] - epiphany-browser (vulnerable code introduced later in version 3.33.4) NOTE: Fix in gvdb: https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2019-06-27) NOTE: Introduced by gvdb: https://github.com/GNOME/gvdb/commit/d12c5aaba8f2f6208c3493b42ab15a139c049d58 (2019-06-20) NOTE: Fix in glib2.0: https://github.com/GNOME/glib/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2.65.0) NOTE: Fix in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/-/commit/de54f9b1ad9784b07150eeffa125193d583b3b1c (3.33.4) CVE-2022-4735 (A vulnerability classified as problematic was found in asrashley dash- ...) NOT-FOR-US: asrashley dash-live CVE-2021-4278 (A vulnerability classified as problematic has been found in cronvel tr ...) NOT-FOR-US: cronvel tree-kit CVE-2019-25084 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Hide Files on GitHub Chrome extension CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may al ...) {DLA-3533-1} - lxc 1:5.0.2-1 [bullseye] - lxc 1:4.0.6-2+deb11u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157281 NOTE: https://github.com/MaherAzzouzi/CVE-2022-47952 NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45 NOTE: Different issue than CVE-2018-6556 NOTE: https://github.com/lxc/lxc/commit/80553b5b412365f429aff93cff178e3e952ee6bd CVE-2022-47951 (An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before ...) {DSA-5338-1 DSA-5337-1 DSA-5336-1 DLA-3302-1 DLA-3301-1 DLA-3300-1} - nova 2:26.0.0-6 (bug #1029561) - cinder 2:21.0.0-3 (bug #1029562) - glance 2:25.0.0-2 (bug #1029563) NOTE: https://bugs.launchpad.net/nova/+bug/1996188 CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...) {DSA-5327-1 DLA-3281-1} - swift 2.30.0-4 (bug #1029154) NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1 CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...) NOT-FOR-US: Animal Crossing CVE-2022-47948 RESERVED CVE-2022-47947 RESERVED CVE-2022-4734 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) NOT-FOR-US: usememos CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: OpenEMR CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...) NOT-FOR-US: microweber CVE-2022-4731 (A vulnerability, which was classified as problematic, was found in mya ...) NOT-FOR-US: myapnea CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...) {DLA-3309-1} - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2746 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 CVE-2022-4729 (A vulnerability was found in Graphite Web and classified as problemati ...) {DLA-3309-1} - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2745 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 CVE-2022-4728 (A vulnerability has been found in Graphite Web and classified as probl ...) {DLA-3309-1} - graphite-web 1.1.8-1.1 (bug #1026992) NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 NOTE: https://github.com/graphite-project/graphite-web/issues/2744 NOTE: https://github.com/graphite-project/graphite-web/pull/2785 CVE-2022-4727 (A vulnerability, which was classified as problematic, was found in Ope ...) NOT-FOR-US: OpenMRS CVE-2022-4726 (A vulnerability classified as critical was found in SourceCodester San ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated as crit ...) NOT-FOR-US: aws-sdk-android CVE-2021-4277 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: fredsmith utils CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats ...) NOT-FOR-US: dns-stats hedgehog CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo httpster. T ...) NOT-FOR-US: SimbCo httpster CVE-2020-36628 (A vulnerability classified as critical has been found in Calsign APDE. ...) NOT-FOR-US: Calsign APDE CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been declared as pro ...) - golang-github-go-macaron-i18n [bullseye] - golang-github-go-macaron-i18n (Minor issue, no reverse deps) [buster] - golang-github-go-macaron-i18n (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735 (v0.5.0) CVE-2020-36626 (A vulnerability classified as critical has been found in Modern Tribe ...) NOT-FOR-US: Modern Tribe Panel Builder Plugin CVE-2022-47946 (An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A ...) - linux 5.14.6-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/12/22/2 CVE-2022-47945 (ThinkPHP Framework before 6.0.14 allows local file inclusion via the l ...) NOT-FOR-US: ThinkPHP Framework CVE-2022-47944 RESERVED CVE-2022-4724 (Improper Access Control in GitHub repository ikus060/rdiffweb prior to ...) - rdiffweb (bug #969974) CVE-2022-4723 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-4722 (Authentication Bypass by Primary Weakness in GitHub repository ikus060 ...) - rdiffweb (bug #969974) CVE-2022-4721 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) - rdiffweb (bug #969974) CVE-2022-4720 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.) - rdiffweb (bug #969974) CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...) - rdiffweb (bug #969974) CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4717 (The Strong Testimonials WordPress plugin before 3.0.3 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4713 RESERVED CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to stored cr ...) NOT-FOR-US: WordPress plugin CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-47937 (Improper input validation in the Apache Sling Commons JSON bundle allo ...) NOT-FOR-US: Apache Sling CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...) NOT-FOR-US: JT Open CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) NOT-FOR-US: Siemens CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4709 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4706 (The Genesis Columns Advanced WordPress plugin before 2.0.4 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4703 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4702 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) NOT-FOR-US: Royal Elementor Addons plugin for WordPress CVE-2022-4699 (The MediaElement.js WordPress plugin through 4.2.8 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: ProfilePress plugin for WordPress CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: ProfilePress plugin for WordPress CVE-2022-4696 (There exists a use-after-free vulnerability in the Linux kernel throug ...) {DSA-5324-1 DLA-3349-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4693 (The User Verification WordPress plugin before 1.0.94 was affected by a ...) NOT-FOR-US: WordPress plugin CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4690 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4689 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4688 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...) NOT-FOR-US: usememos CVE-2022-4687 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) NOT-FOR-US: usememos CVE-2022-4686 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: usememos CVE-2022-4685 REJECTED CVE-2022-4684 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: usememos CVE-2022-4682 (The Lightbox Gallery WordPress plugin before 0.9.5 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ac60778b87e45576d7bfdbd6f53df902654e6f09 (6.0-rc1) CVE-2022-47942 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8f0541186e9ad1b62accc9519cc2b7a7240272a7 (6.0-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17771/ CVE-2022-47941 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/aa7253c2393f6dcd6a1468b0792f6da76edad917 (6.0-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17815/ CVE-2022-47940 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/158a66b245739e15858de42c0ba60fcf3de9b8e6 (5.19-rc1) CVE-2022-47939 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c (6.0-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17816 CVE-2022-47938 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/824d4f64c20093275f72fc8101394d75ff6a249e (6.0-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17818/ CVE-2022-47934 (Brave Browser before 1.43.88 allowed a remote attacker to cause a deni ...) - brave-browser (bug #864795) CVE-2022-47933 (Brave Browser before 1.42.51 allowed a remote attacker to cause a deni ...) - brave-browser (bug #864795) CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause a deni ...) - brave-browser (bug #864795) CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values.) NOT-FOR-US: Multi-Party Threshold Signature Scheme CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...) NOT-FOR-US: io.finnet tss-lib CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.7-1 NOTE: https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4) CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...) NOT-FOR-US: MISP CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) {DLA-3489-1} - mediawiki 1:1.39.1-1 [bullseye] - mediawiki 1:1.35.11-1~deb11u1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ NOTE: https://phabricator.wikimedia.org/T322637 CVE-2022-47914 RESERVED CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes user ...) NOT-FOR-US: WordPress plugin CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-4676 (The OSM WordPress plugin through 6.01 does not validate and escape som ...) NOT-FOR-US: WordPress plugin CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-46739 RESERVED CVE-2022-46735 RESERVED CVE-2022-46734 RESERVED CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin before 1.5.23 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4667 (The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4666 (The Markup (JSON-LD) structured in schema.org WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...) - ampache CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2022-46419 RESERVED CVE-2022-45878 RESERVED CVE-2022-45120 RESERVED CVE-2022-43659 RESERVED CVE-2022-43444 RESERVED CVE-2022-42702 RESERVED CVE-2023-0025 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...) NOT-FOR-US: SAP CVE-2023-0024 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...) NOT-FOR-US: SAP CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...) NOT-FOR-US: SAP CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...) NOT-FOR-US: SAP CVE-2023-0021 (Due to insufficient encoding of user input, SAP NetWeaver - versions 7 ...) NOT-FOR-US: SAP CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...) NOT-FOR-US: AyaCMS CVE-2022-4663 (The Members Import plugin for WordPress is vulnerable to Self Cross-Si ...) NOT-FOR-US: Members Import plugin for WordPress CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subsystem ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4) CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2022-4660 RESERVED CVE-2022-4659 REJECTED CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4656 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4649 (The WP Extended Search WordPress plugin before 2.1.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2020-36625 (A vulnerability was found in destiny.gg chat. It has been rated as pro ...) NOT-FOR-US: destiny.gg chat CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...) NOT-FOR-US: text_helpers gem CVE-2022-47925 (The validate JSON endpoint of the Secvisogram csaf-validator-service i ...) NOT-FOR-US: csaf-validator-service CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the validate ...) NOT-FOR-US: csaf-validator-service CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...) {DSA-5333-1} - tiff 4.4.0-5 [buster] - tiff 4.1.0+git191117-2~deb10u5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.) - rdiffweb (bug #969974) CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...) NOT-FOR-US: docconv CVE-2022-4642 (A vulnerability was found in tatoeba2. It has been classified as probl ...) NOT-FOR-US: Tatoeba CVE-2022-4641 (A vulnerability was found in pig-vector and classified as problematic. ...) NOT-FOR-US: pig-vector CVE-2022-4640 (A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified a ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-4639 (A vulnerability, which was classified as critical, has been found in s ...) - sslh (Vulnerable code introduced later) NOTE: https://github.com/yrutschle/sslh/pull/353 NOTE: https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6f CVE-2022-4638 (A vulnerability classified as problematic was found in collective.cont ...) NOT-FOR-US: collective.contact.widget CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs up ...) NOT-FOR-US: ep3-bs CVE-2022-4636 (Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1 ...) NOT-FOR-US: Black Box KVM Firmware CVE-2022-4635 RESERVED CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...) NOT-FOR-US: pyambic-pentameter CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while processing bit ma ...) NOT-FOR-US: Qualcomm CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...) NOT-FOR-US: Qualcomm CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...) NOT-FOR-US: Qualcomm CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...) NOT-FOR-US: Qualcomm CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...) NOT-FOR-US: Qualcomm CVE-2023-22383 (Memory Corruption in camera while installing a fd for a particular DMA ...) NOT-FOR-US: Qualcomm CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...) NOT-FOR-US: Qualcomm CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-47912 RESERVED CVE-2022-47911 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-47896 (In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnera ...) - intellij-idea (bug #747616) CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" act ...) - intellij-idea (bug #747616) CVE-2022-47894 (Improper Input Validation vulnerability in Apache Zeppelin SAP.This is ...) NOT-FOR-US: Apache Zeppelin CVE-2022-47893 (There is a remote code execution vulnerability that affects all versio ...) NOT-FOR-US: NetMan 204 CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated remote attac ...) NOT-FOR-US: NetMan 204 CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the MAC and se ...) NOT-FOR-US: NetMan 204 CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...) NOT-FOR-US: Dataprobe CVE-2022-47311 (A proprietary protocol for iBoot devices is used for control and keepa ...) NOT-FOR-US: Dataprobe CVE-2022-46738 (The affected product exposes multiple sensitive data fields of the aff ...) NOT-FOR-US: Dataprobe CVE-2022-46733 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-46658 (The affected product is vulnerable to a stack-based buffer overflow wh ...) NOT-FOR-US: Dataprobe CVE-2022-4634 (All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 ...) NOT-FOR-US: Delta Electronics CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and classi ...) NOT-FOR-US: WordPress plugin CVE-2022-4632 (A vulnerability has been found in Auto Upload Images up to 3.3.0 and c ...) NOT-FOR-US: WordPress plugin CVE-2022-4631 (A vulnerability, which was classified as problematic, was found in WP- ...) NOT-FOR-US: WordPress plugin CVE-2022-46300 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal ...) NOT-FOR-US: daloRADIUS CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before 2.6.4 does ...) NOT-FOR-US: WordPress plugin CVE-2022-46286 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-4628 (The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and escape so ...) NOT-FOR-US: WordPress plugin CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4623 (The ND Shortcodes WordPress plugin before 7.0 does not validate and es ...) NOT-FOR-US: WordPress plugin CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-45444 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-45127 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-45121 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-43512 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-43483 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-43455 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-41989 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-41696 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) NOT-FOR-US: VISAM VBASE Automation Base CVE-2022-40633 (A malicious actor can clone access cards used to open control cabinets ...) NOT-FOR-US: Rittal CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: bird-lg CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...) NOT-FOR-US: studygolang CVE-2021-4272 (A vulnerability classified as problematic has been found in studygolan ...) NOT-FOR-US: studygolang CVE-2021-4271 (A vulnerability was found in panicsteve w2wiki. It has been rated as p ...) NOT-FOR-US: panicsteve w2wiki CVE-2021-4270 (A vulnerability was found in Imprint CMS. It has been classified as pr ...) NOT-FOR-US: Imprint CMS CVE-2021-4269 (A vulnerability has been found in SimpleRisk and classified as problem ...) NOT-FOR-US: SimpleRisk CVE-2021-4268 (A vulnerability, which was classified as problematic, was found in php ...) NOT-FOR-US: phpRedisAdmin CVE-2021-4267 (A vulnerability classified as problematic was found in tad_discuss. Af ...) NOT-FOR-US: tad_discuss CVE-2021-4266 (A vulnerability classified as problematic has been found in Webdetails ...) NOT-FOR-US: Webdetails cpf CVE-2021-4265 (A vulnerability was found in siwapp-ror. It has been rated as problema ...) NOT-FOR-US: siwapp-ror CVE-2021-4264 (A vulnerability was found in LinkedIn dustjs up to 2.x and classified ...) NOT-FOR-US: dustjs CVE-2021-4263 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: leanote CVE-2020-36623 (A vulnerability was found in Pengu. It has been declared as problemati ...) NOT-FOR-US: Pengu CVE-2020-36622 (A vulnerability was found in sah-comp bienlein and classified as probl ...) NOT-FOR-US: sah-comp bienlein CVE-2020-36621 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: chedabob whatismyudid CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...) NOT-FOR-US: Brondahl EnumStringValues CVE-2023-22381 (A code injection vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...) NOT-FOR-US: CONPROSYS CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...) NOT-FOR-US: CONPROSYS CVE-2023-22334 (Use of password hash instead of password for authentication vulnerabil ...) NOT-FOR-US: CONPROSYS CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI System (CHS) ...) NOT-FOR-US: CONPROSYS CVE-2023-0020 (SAP BusinessObjects Business Intelligence platform - versions 420, 430 ...) NOT-FOR-US: SAP CVE-2023-0019 (In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100 ...) NOT-FOR-US: SAP CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...) NOT-FOR-US: SAP CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...) NOT-FOR-US: SAP CVE-2022-47890 RESERVED CVE-2022-47889 RESERVED CVE-2022-47888 RESERVED CVE-2022-47887 RESERVED CVE-2022-47886 RESERVED CVE-2022-47885 RESERVED CVE-2022-47884 RESERVED CVE-2022-47883 RESERVED CVE-2022-47882 RESERVED CVE-2022-47881 (Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of ...) NOT-FOR-US: Foxit CVE-2022-47880 (An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH J ...) NOT-FOR-US: Jedox CVE-2022-47879 (A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 20 ...) NOT-FOR-US: Jedox CVE-2022-47878 (Incorrect input validation for the default-storage-path in the setting ...) NOT-FOR-US: Jedox CVE-2022-47877 (A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows r ...) NOT-FOR-US: Jedox CVE-2022-47876 (The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticate ...) NOT-FOR-US: Jedox CVE-2022-47875 (A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedo ...) NOT-FOR-US: Jedox CVE-2022-47874 (Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows ...) NOT-FOR-US: Jedox CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...) NOT-FOR-US: Netcad KEOS CVE-2022-47872 (A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allow ...) NOT-FOR-US: maccms10 CVE-2022-47871 RESERVED CVE-2022-47870 (A Cross Site Scripting (XSS) vulnerability in the web SQL monitor logi ...) NOT-FOR-US: Redgate SQL Monitor CVE-2022-47869 RESERVED CVE-2022-47868 RESERVED CVE-2022-47867 RESERVED CVE-2022-47866 (Lead management system v1.0 is vulnerable to SQL Injection via the id ...) NOT-FOR-US: Lead management system CVE-2022-47865 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) NOT-FOR-US: Lead management system CVE-2022-47864 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) NOT-FOR-US: Lead management system CVE-2022-47863 RESERVED CVE-2022-47862 (Lead Management System v1.0 is vulnerable to SQL Injection via the cus ...) NOT-FOR-US: Lead management system CVE-2022-47861 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) NOT-FOR-US: Lead management system CVE-2022-47860 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) NOT-FOR-US: Lead management system CVE-2022-47859 (Lead Management System v1.0 is vulnerable to SQL Injection via the use ...) NOT-FOR-US: Lead management system CVE-2022-47858 RESERVED CVE-2022-47857 RESERVED CVE-2022-47856 RESERVED CVE-2022-47855 RESERVED CVE-2022-47854 (i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplem ...) - i-librarian (bug #649291) CVE-2022-47853 (TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...) NOT-FOR-US: TOTOLINK CVE-2022-47852 RESERVED CVE-2022-47851 RESERVED CVE-2022-47850 RESERVED CVE-2022-47849 RESERVED CVE-2022-47848 (An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09. ...) NOT-FOR-US: Bezeq Vtech CVE-2022-47847 RESERVED CVE-2022-47846 RESERVED CVE-2022-47845 RESERVED CVE-2022-47844 RESERVED CVE-2022-47843 RESERVED CVE-2022-47842 RESERVED CVE-2022-47841 RESERVED CVE-2022-47840 RESERVED CVE-2022-47839 RESERVED CVE-2022-47838 RESERVED CVE-2022-47837 RESERVED CVE-2022-47836 RESERVED CVE-2022-47835 RESERVED CVE-2022-47834 RESERVED CVE-2022-47833 RESERVED CVE-2022-47832 RESERVED CVE-2022-47831 RESERVED CVE-2022-47830 RESERVED CVE-2022-47829 RESERVED CVE-2022-47828 RESERVED CVE-2022-47827 RESERVED CVE-2022-47826 RESERVED CVE-2022-47825 RESERVED CVE-2022-47824 RESERVED CVE-2022-47823 RESERVED CVE-2022-47822 RESERVED CVE-2022-47821 RESERVED CVE-2022-47820 RESERVED CVE-2022-47819 RESERVED CVE-2022-47818 RESERVED CVE-2022-47817 RESERVED CVE-2022-47816 RESERVED CVE-2022-47815 RESERVED CVE-2022-47814 RESERVED CVE-2022-47813 RESERVED CVE-2022-47812 RESERVED CVE-2022-47811 RESERVED CVE-2022-47810 RESERVED CVE-2022-47809 RESERVED CVE-2022-47808 RESERVED CVE-2022-47807 RESERVED CVE-2022-47806 RESERVED CVE-2022-47805 RESERVED CVE-2022-47804 RESERVED CVE-2022-47803 RESERVED CVE-2022-47802 RESERVED CVE-2022-47801 RESERVED CVE-2022-47800 RESERVED CVE-2022-47799 RESERVED CVE-2022-47798 RESERVED CVE-2022-47797 RESERVED CVE-2022-47796 RESERVED CVE-2022-47795 RESERVED CVE-2022-47794 RESERVED CVE-2022-47793 RESERVED CVE-2022-47792 RESERVED CVE-2022-47791 RESERVED CVE-2022-47790 (Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable t ...) NOT-FOR-US: Sourcecodester Dynamic Transaction Queuing System CVE-2022-47789 RESERVED CVE-2022-47788 RESERVED CVE-2022-47787 RESERVED CVE-2022-47786 RESERVED CVE-2022-47785 RESERVED CVE-2022-47784 RESERVED CVE-2022-47783 RESERVED CVE-2022-47782 RESERVED CVE-2022-47781 RESERVED CVE-2022-47780 (SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.) NOT-FOR-US: Bangresto CVE-2022-47779 RESERVED CVE-2022-47778 RESERVED CVE-2022-47777 RESERVED CVE-2022-47776 RESERVED CVE-2022-47775 RESERVED CVE-2022-47774 RESERVED CVE-2022-47773 RESERVED CVE-2022-47772 RESERVED CVE-2022-47771 RESERVED CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...) NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...) NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...) NOT-FOR-US: Serenissima Informatica Fast Checkin CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...) NOT-FOR-US: Solar-Log CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...) NOT-FOR-US: PopojiCMS CVE-2022-47765 RESERVED CVE-2022-47764 RESERVED CVE-2022-47763 RESERVED CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal vul ...) NOT-FOR-US: gin-vue-admin CVE-2022-47761 RESERVED CVE-2022-47760 RESERVED CVE-2022-47759 RESERVED CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowi ...) NOT-FOR-US: Nanoleaf CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability delivered via a ...) NOT-FOR-US: imo.im Android application CVE-2022-47756 RESERVED CVE-2022-47755 RESERVED CVE-2022-47754 RESERVED CVE-2022-47753 RESERVED CVE-2022-47752 RESERVED CVE-2022-47751 RESERVED CVE-2022-47750 RESERVED CVE-2022-47749 RESERVED CVE-2022-47748 RESERVED CVE-2022-47747 (kraken <= 0.1.4 has an arbitrary file read vulnerability via the compo ...) NOT-FOR-US: Kraken CVE-2022-47746 RESERVED CVE-2022-47745 (ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After loggin ...) NOT-FOR-US: ZenTao CVE-2022-47744 RESERVED CVE-2022-47743 RESERVED CVE-2022-47742 RESERVED CVE-2022-47741 RESERVED CVE-2022-47740 (Seltmann GmbH Content Management System 6 is vulnerable to SQL Injecti ...) NOT-FOR-US: Seltmann GmbH Content Management System CVE-2022-47739 RESERVED CVE-2022-47738 RESERVED CVE-2022-47737 RESERVED CVE-2022-47736 RESERVED CVE-2022-47735 RESERVED CVE-2022-47734 RESERVED CVE-2022-47733 RESERVED CVE-2022-47732 (In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthe ...) NOT-FOR-US: Yeastar CVE-2022-47731 RESERVED CVE-2022-47730 RESERVED CVE-2022-47729 RESERVED CVE-2022-47728 RESERVED CVE-2022-47727 RESERVED CVE-2022-47726 RESERVED CVE-2022-47725 RESERVED CVE-2022-47724 RESERVED CVE-2022-47723 RESERVED CVE-2022-47722 RESERVED CVE-2022-47721 RESERVED CVE-2022-47720 RESERVED CVE-2022-47719 RESERVED CVE-2022-47718 RESERVED CVE-2022-47717 (Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CO ...) NOT-FOR-US: Last Yard CVE-2022-47716 RESERVED CVE-2022-47715 (In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted t ...) NOT-FOR-US: Last Yard CVE-2022-47714 (Last Yard 22.09.8-1 does not enforce HSTS headers) NOT-FOR-US: Last Yard CVE-2022-47713 RESERVED CVE-2022-47712 RESERVED CVE-2022-47711 RESERVED CVE-2022-47710 RESERVED CVE-2022-47709 RESERVED CVE-2022-47708 RESERVED CVE-2022-47707 RESERVED CVE-2022-47706 RESERVED CVE-2022-47705 RESERVED CVE-2022-47704 RESERVED CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is present ...) NOT-FOR-US: TIANJIE CVE-2022-47702 RESERVED CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) NOT-FOR-US: COMFAST Router CVE-2022-47700 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) NOT-FOR-US: COMFAST Router CVE-2022-47699 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) NOT-FOR-US: COMFAST Router CVE-2022-47698 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) NOT-FOR-US: COMFAST Router CVE-2022-47697 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) NOT-FOR-US: COMFAST Router CVE-2022-47696 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...) - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 NOTE: binutils not covered by security support CVE-2022-47695 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...) - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29846 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 NOTE: binutils not covered by security support CVE-2022-47694 RESERVED CVE-2022-47693 RESERVED CVE-2022-47692 RESERVED CVE-2022-47691 RESERVED CVE-2022-47690 RESERVED CVE-2022-47689 RESERVED CVE-2022-47688 RESERVED CVE-2022-47687 RESERVED CVE-2022-47686 RESERVED CVE-2022-47685 RESERVED CVE-2022-47684 RESERVED CVE-2022-47683 RESERVED CVE-2022-47682 RESERVED CVE-2022-47681 RESERVED CVE-2022-47680 RESERVED CVE-2022-47679 RESERVED CVE-2022-47678 RESERVED CVE-2022-47677 RESERVED CVE-2022-47676 RESERVED CVE-2022-47675 RESERVED CVE-2022-47674 RESERVED CVE-2022-47673 (An issue was discovered in Binutils addr2line before 2.39.3, function ...) - binutils 2.39.50.20221224-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29876 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 NOTE: binutils not covered by security support CVE-2022-47672 RESERVED CVE-2022-47671 RESERVED CVE-2022-47670 RESERVED CVE-2022-47669 RESERVED CVE-2022-47668 RESERVED CVE-2022-47667 RESERVED CVE-2022-47666 RESERVED CVE-2022-47665 (Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/369 NOTE: https://github.com/strukturag/libde265/commit/2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 (v1.0.10) CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qp ...) {DSA-5346-1 DLA-3352-1} - libde265 1.0.11-1 NOTE: https://github.com/strukturag/libde265/issues/368 NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10) CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2360 NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2359 NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2358 NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0) CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2357 NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0) CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2354 NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0) CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2356 NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0) CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2355 NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0) CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2353 NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0) CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 NOTE: https://github.com/strukturag/libde265/issues/367 NOTE: https://github.com/strukturag/libde265/pull/376 CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2350 NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0) CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2349 NOTE: https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0) CVE-2022-47652 RESERVED CVE-2022-47651 RESERVED CVE-2022-47650 RESERVED CVE-2022-47649 RESERVED CVE-2022-47648 (An Improper Access Control vulnerability allows an attacker to access ...) NOT-FOR-US: Bosch Security Systems B420 firmware CVE-2022-47647 RESERVED CVE-2022-47646 RESERVED CVE-2022-47645 RESERVED CVE-2022-47644 RESERVED CVE-2022-47643 RESERVED CVE-2022-47642 RESERVED CVE-2022-47641 RESERVED CVE-2022-47640 RESERVED CVE-2022-47639 RESERVED CVE-2022-47638 RESERVED CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to write to t ...) NOT-FOR-US: XAMPP installer CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...) NOT-FOR-US: OutSystems Service Studio CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...) NOT-FOR-US: Wildix CMS CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17 ...) NOT-FOR-US: M-Link CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...) NOT-FOR-US: Kyverno CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...) NOT-FOR-US: Razer CVE-2022-47631 (Razer Synapse through 3.7.1209.121307 allows privilege escalation due ...) NOT-FOR-US: Razer CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 ...) - arm-trusted-firmware 2.9.0+dfsg-3 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2023/01/16/8 NOTE: Debian ships an almost unpatched copy, so is not affected by itself NOTE: Still tracking for the purpose of potential downstream providers NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/fd37982a19a4a291 (v2.9-rc0) NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/72460f50e2437a85 (v2.9-rc0) NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/f5c51855d36e399e (v2.9-rc0) NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/abb8f936fd0ad085 (v2.9-rc0) CVE-2022-47628 RESERVED CVE-2022-47627 RESERVED CVE-2022-47626 RESERVED CVE-2022-47625 RESERVED CVE-2022-47624 RESERVED CVE-2022-47623 RESERVED CVE-2022-47622 RESERVED CVE-2022-47621 RESERVED CVE-2022-47620 RESERVED CVE-2022-47619 RESERVED CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator cr ...) NOT-FOR-US: Merit Lilin CVE-2022-47617 (Hitron CODA-5310 has hard-coded encryption/decryption keys in the prog ...) NOT-FOR-US: Hitron CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific parameters in ...) NOT-FOR-US: Hitron CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...) NOT-FOR-US: WordPress plugin CVE-2022-47614 (Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plu ...) NOT-FOR-US: WordPress plugin CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...) NOT-FOR-US: WordPress plugin CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) NOT-FOR-US: WordPress plugin CVE-2022-47611 (Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // c ...) NOT-FOR-US: WordPress plugin CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr D ...) NOT-FOR-US: WordPress plugin CVE-2022-47609 (Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...) NOT-FOR-US: WordPress plugin CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...) NOT-FOR-US: WordPress plugin CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...) NOT-FOR-US: WordPress plugin CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...) NOT-FOR-US: WordPress plugin CVE-2022-47604 (Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX ...) NOT-FOR-US: WordPress plugin CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...) NOT-FOR-US: WordPress plugin CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-47601 RESERVED CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2022-47599 (Deserialization of Untrusted Data vulnerability in File Manager by Bit ...) NOT-FOR-US: WordPress plugin CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...) NOT-FOR-US: WordPress plugin CVE-2022-47597 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) NOT-FOR-US: WordPress plugin CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2022-47594 RESERVED CVE-2022-47593 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad Ra ...) NOT-FOR-US: WordPress plugin CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperma ...) NOT-FOR-US: WordPress plugin CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni ...) NOT-FOR-US: WordPress plugin CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Mai ...) NOT-FOR-US: WordPress plugin CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...) NOT-FOR-US: WordPress plugin CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...) NOT-FOR-US: WordPress plugin CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons ...) NOT-FOR-US: WordPress plugin CVE-2022-47585 RESERVED CVE-2022-47584 RESERVED CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows code execut ...) NOT-FOR-US: Mintty CVE-2022-47582 RESERVED CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDA ...) NOT-FOR-US: Isode M-Vault CVE-2022-47580 RESERVED CVE-2022-4622 (The Login Logout Menu WordPress plugin through 1.3.3 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are ...) NOT-FOR-US: Panasonic CVE-2022-4620 RESERVED CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable t ...) NOT-FOR-US: Sidebar Widgets by CodeLights plugin for WordPress CVE-2022-4618 REJECTED CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-47579 RESERVED CVE-2022-47578 (An issue was discovered in the endpoint protection agent in Zoho Manag ...) NOT-FOR-US: Zoho CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho Manag ...) NOT-FOR-US: Zoho CVE-2022-4616 (The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to ...) NOT-FOR-US: webserver in Delta DX-3021 CVE-2023-22275 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2023-22274 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2023-22273 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2023-22272 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2023-22271 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a W ...) NOT-FOR-US: Adobe CVE-2023-22270 RESERVED CVE-2023-22269 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-22268 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) NOT-FOR-US: Adobe CVE-2023-22267 RESERVED CVE-2023-22266 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22265 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22264 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22263 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22262 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22261 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22260 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22259 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22258 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22257 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22256 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) NOT-FOR-US: Adobe CVE-2023-22255 RESERVED CVE-2023-22254 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe CVE-2023-22248 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) NOT-FOR-US: Adobe CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-22245 RESERVED CVE-2023-22244 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use Aft ...) NOT-FOR-US: Adobe CVE-2023-22243 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-22239 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) NOT-FOR-US: Adobe CVE-2023-22238 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) NOT-FOR-US: Adobe CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) NOT-FOR-US: Adobe CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2023-22235 (InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by ...) NOT-FOR-US: Adobe CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...) NOT-FOR-US: Adobe CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) NOT-FOR-US: Adobe CVE-2023-22232 (Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2023-22231 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22230 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22229 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22228 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22227 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22226 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-22225 RESERVED CVE-2023-22224 RESERVED CVE-2022-47576 RESERVED CVE-2022-47575 RESERVED CVE-2022-47574 RESERVED CVE-2022-47573 RESERVED CVE-2022-47572 RESERVED CVE-2022-47571 RESERVED CVE-2022-47570 RESERVED CVE-2022-47569 RESERVED CVE-2022-47568 RESERVED CVE-2022-47567 RESERVED CVE-2022-47566 RESERVED CVE-2022-47565 RESERVED CVE-2022-47564 RESERVED CVE-2022-47563 RESERVED CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port (111), allowi ...) NOT-FOR-US: ekorCCP CVE-2022-47561 (The web application stores credentials in clear text in the "admin.xml ...) NOT-FOR-US: ekorCCP CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices allows ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47558 (Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP se ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47557 (Vulnerability in ekorCCP and ekorRCI that could allow an attacker with ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47556 (Uncontrolled resource consumption in ekorRCI, allowing an attacker wit ...) NOT-FOR-US: ekorRCI devices CVE-2022-47555 (Operating system command injection in ekorCCP and ekorRCI, which could ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47554 (Exposure of sensitive information in ekorCCP and ekorRCI, potentially ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47553 (Incorrect authorisation in ekorCCP and ekorRCI, which could allow a re ...) NOT-FOR-US: ekorCCP and ekorRCI devices CVE-2022-47552 RESERVED CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read perm ...) NOT-FOR-US: apiman CVE-2022-47550 RESERVED CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware ...) - optee-os (Fixed before initial upload) CVE-2022-47548 RESERVED CVE-2022-47547 (GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a p ...) NOT-FOR-US: GossipSub CVE-2022-47546 RESERVED CVE-2022-47545 RESERVED CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Script var ...) NOT-FOR-US: Siren Investigate CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...) NOT-FOR-US: Siren Investigate CVE-2022-47542 (Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Cont ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) NOT-FOR-US: OpenEMR CVE-2022-4614 (Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znot ...) NOT-FOR-US: znote-app CVE-2022-4613 (A vulnerability was found in Click Studios Passwordstate and Passwords ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-4612 (A vulnerability has been found in Click Studios Passwordstate and Pass ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-4611 (A vulnerability, which was classified as problematic, was found in Cli ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-4610 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-4609 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) NOT-FOR-US: usememos CVE-2022-4608 (A vulnerability exists in HCI IEC 60870-5-104 function included in cer ...) NOT-FOR-US: ABB CVE-2021-4262 (A vulnerability classified as critical was found in laravel-jqgrid. Af ...) NOT-FOR-US: laravel-jqgrid. CVE-2021-4261 (A vulnerability classified as critical has been found in pacman-canvas ...) NOT-FOR-US: pacman-canvas CVE-2021-4260 (A vulnerability was found in oils-js. It has been declared as critical ...) NOT-FOR-US: oils-js CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been c ...) NOT-FOR-US: phpRedisAdmin CVE-2021-4258 (A vulnerability was found in whohas. It has been rated as problematic. ...) - whohas (unimportant) NOTE: https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472 NOTE: No security impact CVE-2020-36619 (A vulnerability was found in multimon-ng. It has been rated as critica ...) - multimon-ng 1.2.0+dfsg-1 [bullseye] - multimon-ng (Minor issue) [buster] - multimon-ng (Minor issue) NOTE: https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07 (1.2.0) NOTE: https://github.com/EliasOenal/multimon-ng/pull/160 CVE-2020-36618 (A vulnerability classified as critical has been found in Furqan node-w ...) NOT-FOR-US: Node whois CVE-2016-20018 (Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability t ...) NOT-FOR-US: Knex CVE-2022-47541 RESERVED CVE-2022-47540 RESERVED CVE-2022-47539 RESERVED CVE-2022-47538 RESERVED CVE-2022-47537 RESERVED CVE-2022-47536 RESERVED CVE-2022-47535 RESERVED CVE-2022-47534 RESERVED CVE-2022-47533 RESERVED CVE-2022-47532 (FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?m ...) NOT-FOR-US: FileRun CVE-2022-47531 (An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versi ...) NOT-FOR-US: Ericsson Evolved Packet Gateway (EPG) CVE-2022-47530 RESERVED CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...) NOT-FOR-US: NetWitness CVE-2022-47528 RESERVED CVE-2022-47527 RESERVED CVE-2022-47526 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path travers ...) NOT-FOR-US: Fox-IT DataDiode CVE-2022-47525 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Ze ...) NOT-FOR-US: Fox-IT DataDiode CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...) NOT-FOR-US: F-Secure SAFE Browser CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...) NOT-FOR-US: Zoho CVE-2022-4607 (A vulnerability was found in 3D City Database OGC Web Feature Service ...) NOT-FOR-US: 3D City Database OGC Web Feature Service CVE-2021-4257 (A vulnerability was found in ctrlo lenio. It has been declared as prob ...) NOT-FOR-US: ctrlo lenio CVE-2021-4256 (A vulnerability was found in ctrlo lenio. It has been classified as pr ...) NOT-FOR-US: ctrlo lenio CVE-2021-4255 (A vulnerability was found in ctrlo lenio and classified as problematic ...) NOT-FOR-US: ctrlo lenio CVE-2021-4254 (A vulnerability has been found in ctrlo lenio and classified as proble ...) NOT-FOR-US: ctrlo lenio CVE-2021-4253 (A vulnerability, which was classified as problematic, was found in ctr ...) NOT-FOR-US: ctrlo lenio CVE-2021-4252 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WP-Ban CVE-2021-4251 (A vulnerability classified as problematic was found in as. This vulner ...) NOT-FOR-US: andrewsauder/as CVE-2021-4250 (A vulnerability classified as problematic has been found in cgriego ac ...) NOT-FOR-US: ActiveAttr CVE-2022-4606 (PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress ...) NOT-FOR-US: flatpressblog CVE-2022-4605 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) NOT-FOR-US: flatpressblog CVE-2022-4604 (A vulnerability classified as problematic was found in wp-english-wp-a ...) NOT-FOR-US: WordPress plugin CVE-2022-4603 (A vulnerability classified as problematic has been found in ppp. Affec ...) [experimental] - ppp 2.5.0-1+1 - ppp (unimportant) NOTE: https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf (ppp-2.5.0) NOTE: No security impact CVE-2022-4602 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rate ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4601 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been decl ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4600 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been clas ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4599 (A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4598 (A vulnerability has been found in Shoplazza LifeStyle 1.1 and classifi ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4597 (A vulnerability, which was classified as problematic, was found in Sho ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4596 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Shoplazza LifeStyle CVE-2022-4595 (A vulnerability classified as problematic has been found in django-ope ...) NOT-FOR-US: django-openipam CVE-2022-4594 (A vulnerability was found in drogatkin TJWS2. It has been declared as ...) NOT-FOR-US: drogatkin TJWS2 CVE-2022-4593 (A vulnerability was found in retra-system. It has been classified as p ...) NOT-FOR-US: retra-system CVE-2022-4592 (A vulnerability was found in luckyshot CRMx and classified as critical ...) NOT-FOR-US: luckyshot CRMx CVE-2021-4249 (A vulnerability was found in xml-conduit. It has been classified as pr ...) - haskell-xml-conduit 1.9.1.1-1 [bullseye] - haskell-xml-conduit (Minor issue) [buster] - haskell-xml-conduit (Minor issue) NOTE: https://github.com/snoyberg/xml/pull/161/commits/2274b3c26fda7406337ce47cdfd862ef187694e2 NOTE: https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea (xml-conduit/1.9.1.0) CVE-2021-4248 (A vulnerability was found in kapetan dns up to 6.1.0. It has been rate ...) NOT-FOR-US: kapetan dns CVE-2021-4247 (A vulnerability has been found in OWASP NodeGoat and classified as pro ...) NOT-FOR-US: NodeGoat CVE-2020-36617 (A vulnerability was found in ewxrjk sftpserver. It has been declared a ...) NOT-FOR-US: ewxrjk sftpserver CVE-2023-22223 RESERVED CVE-2023-22222 RESERVED CVE-2023-22221 RESERVED CVE-2023-22220 RESERVED CVE-2023-22219 RESERVED CVE-2023-22218 RESERVED CVE-2023-22217 RESERVED CVE-2023-22216 RESERVED CVE-2023-22215 RESERVED CVE-2023-22214 RESERVED CVE-2023-22213 RESERVED CVE-2023-22212 RESERVED CVE-2023-22211 RESERVED CVE-2023-22210 RESERVED CVE-2023-22209 RESERVED CVE-2023-22208 RESERVED CVE-2023-22207 RESERVED CVE-2023-22206 RESERVED CVE-2023-22205 RESERVED CVE-2023-22204 RESERVED CVE-2023-22203 RESERVED CVE-2023-22202 RESERVED CVE-2023-22201 RESERVED CVE-2023-22200 RESERVED CVE-2023-22199 RESERVED CVE-2023-22198 RESERVED CVE-2023-22197 RESERVED CVE-2023-22196 RESERVED CVE-2023-22195 RESERVED CVE-2023-22194 RESERVED CVE-2023-22193 RESERVED CVE-2023-22192 RESERVED CVE-2023-22191 RESERVED CVE-2023-22190 RESERVED CVE-2023-22189 RESERVED CVE-2023-22188 RESERVED CVE-2023-22187 RESERVED CVE-2023-22186 RESERVED CVE-2023-22185 RESERVED CVE-2023-22184 RESERVED CVE-2023-22183 RESERVED CVE-2023-22182 RESERVED CVE-2023-22181 RESERVED CVE-2023-22180 RESERVED CVE-2023-22179 RESERVED CVE-2023-22178 RESERVED CVE-2023-22177 RESERVED CVE-2023-22176 RESERVED CVE-2023-22175 RESERVED CVE-2023-22174 RESERVED CVE-2023-22173 RESERVED CVE-2023-22172 RESERVED CVE-2023-22171 RESERVED CVE-2023-22170 RESERVED CVE-2023-22169 RESERVED CVE-2023-22168 RESERVED CVE-2023-22167 RESERVED CVE-2023-22166 RESERVED CVE-2023-22165 RESERVED CVE-2023-22164 RESERVED CVE-2023-22163 RESERVED CVE-2023-22162 RESERVED CVE-2023-22161 RESERVED CVE-2023-22160 RESERVED CVE-2023-22159 RESERVED CVE-2023-22158 RESERVED CVE-2023-22157 RESERVED CVE-2023-22156 RESERVED CVE-2023-22155 RESERVED CVE-2023-22154 RESERVED CVE-2023-22153 RESERVED CVE-2023-22152 RESERVED CVE-2023-22151 RESERVED CVE-2023-22150 RESERVED CVE-2023-22149 RESERVED CVE-2023-22148 RESERVED CVE-2023-22147 RESERVED CVE-2023-22146 RESERVED CVE-2023-22145 RESERVED CVE-2023-22144 RESERVED CVE-2023-22143 RESERVED CVE-2023-22142 RESERVED CVE-2023-22141 RESERVED CVE-2023-22140 RESERVED CVE-2023-22139 RESERVED CVE-2023-22138 RESERVED CVE-2023-22137 RESERVED CVE-2023-22136 RESERVED CVE-2023-22135 RESERVED CVE-2023-22134 RESERVED CVE-2023-22133 RESERVED CVE-2023-22132 RESERVED CVE-2023-22131 RESERVED CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of Oracle Syste ...) NOT-FOR-US: Oracle CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2023-22120 RESERVED CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22116 RESERVED CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 CVE-2023-22114 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22113 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 CVE-2023-22112 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) NOT-FOR-US: Oracle CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) NOT-FOR-US: Oracle CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics (compone ...) NOT-FOR-US: Oracle CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.12-dfsg-1 CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.12-dfsg-1 CVE-2023-22098 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.12-dfsg-1 CVE-2023-22097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22096 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Only affects 8.1) CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...) NOT-FOR-US: Oracle CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) NOT-FOR-US: Oracle CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service Managemen ...) NOT-FOR-US: Oracle CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) NOT-FOR-US: Oracle CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) NOT-FOR-US: Oracle CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-3722-1} - mariadb 1:10.11.6-1 [bookworm] - mariadb 1:10.11.6-0+deb12u1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.23-0+deb11u1 - mariadb-10.3 - mysql-8.0 8.0.35-1 (bug #1055034) NOTE: Fixed in MariaDB: 11.2.2, 11.1.3, 11.0.4, 10.11.6, 10.10.7, 10.6.16, 10.5.23, 10.4.32 NOTE: https://github.com/MariaDB/server/commit/15ae97b1c2c14f1263cdc853673c4129625323de CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5548-1 DSA-5537-1 DLA-3636-1} - openjdk-8 8u392-ga-1 - openjdk-11 11.0.21+9-1 - openjdk-17 17.0.9+9-1 - openjdk-21 21.0.1+12-1 CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...) NOT-FOR-US: Oracle CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) NOT-FOR-US: Oracle CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) NOT-FOR-US: Oracle CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22067 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u392-ga-1 CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 CVE-2023-22064 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22063 RESERVED CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...) NOT-FOR-US: Oracle CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...) NOT-FOR-US: Oracle CVE-2023-22059 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM ...) NOT-FOR-US: Oracle CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) NOT-FOR-US: Oracle CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5458-1 DLA-3571-1} - openjdk-8 8u382-ga-1 - openjdk-11 11.0.20+8-1 - openjdk-17 17.0.8+7-1 CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5458-1 DLA-3571-1} - openjdk-8 8u382-ga-1 - openjdk-11 11.0.20+8-1 - openjdk-17 17.0.8+7-1 CVE-2023-22044 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5458-1} - openjdk-17 17.0.8+7-1 CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The supported v ...) - openjfx 11+26-1 NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as fixed CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5458-1 DLA-3571-1} - openjdk-11 11.0.20+8-1 - openjdk-17 17.0.8+7-1 CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5458-1 DLA-3571-1} - openjdk-11 11.0.20+8-1 - openjdk-17 17.0.8+7-1 CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.35-1 (bug #1055034) CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22030 RESERVED CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...) NOT-FOR-US: Oracle CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) {DSA-5548-1} - openjdk-17 17.0.9+9-1 - openjdk-21 21.0.1+12-1 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...) NOT-FOR-US: Oracle CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...) NOT-FOR-US: Oracle CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 CVE-2023-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) NOT-FOR-US: Oracle CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...) NOT-FOR-US: Oracle CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5458-1 DLA-3571-1} - openjdk-11 11.0.20+8-1 - openjdk-17 17.0.8+7-1 CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of Oracle ...) NOT-FOR-US: Oracle CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-22001 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-22000 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21999 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21998 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21997 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21995 RESERVED CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture product of Or ...) NOT-FOR-US: Oracle CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2023-21991 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21989 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21988 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.8-dfsg-1 CVE-2023-21986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: GraalVM CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21983 (Vulnerability in the Application Express Administration product of Ora ...) NOT-FOR-US: Oracle CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin product of O ...) NOT-FOR-US: Oracle CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin product ...) NOT-FOR-US: Oracle CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...) NOT-FOR-US: Oracle CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration Services p ...) NOT-FOR-US: Oracle CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2023-21958 RESERVED CVE-2023-21957 RESERVED CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21951 RESERVED CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) NOT-FOR-US: Oracle CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) NOT-FOR-US: Oracle CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) NOT-FOR-US: Oracle CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) NOT-FOR-US: Oracle CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) NOT-FOR-US: Oracle CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5478-1 DSA-5430-1 DLA-3571-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2023-21926 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21925 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21924 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21923 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) NOT-FOR-US: Oracle CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...) NOT-FOR-US: Oracle CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 CVE-2023-21916 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21915 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2023-21914 RESERVED CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...) NOT-FOR-US: Oracle CVE-2023-21908 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21907 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21906 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21905 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21904 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21903 (Vulnerability in the Oracle Banking Virtual Account Management product ...) NOT-FOR-US: Oracle CVE-2023-21902 (Vulnerability in the Oracle Financial Services Behavior Detection Plat ...) NOT-FOR-US: Oracle CVE-2023-21901 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2023-21900 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21899 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21898 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21897 RESERVED CVE-2023-21896 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2023-21895 RESERVED CVE-2023-21894 (Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Fr ...) NOT-FOR-US: Oracle CVE-2023-21893 (Vulnerability in the Oracle Data Provider for .NET component of Oracle ...) NOT-FOR-US: Oracle CVE-2023-21892 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21891 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21890 (Vulnerability in the Oracle Communications Converged Application Serve ...) NOT-FOR-US: Oracle CVE-2023-21889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21888 (Vulnerability in the Primavera Gateway product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2023-21887 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.6-dfsg-1 (bug #1029153) CVE-2023-21883 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21882 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21881 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21880 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21879 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21877 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21876 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21875 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21874 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 CVE-2023-21873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21872 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 CVE-2023-21871 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2023-21865 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 CVE-2023-21864 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 CVE-2023-21863 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21862 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...) NOT-FOR-US: Oracle CVE-2023-21861 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2023-21860 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2023-21859 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2023-21858 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...) NOT-FOR-US: Oracle CVE-2023-21857 (Vulnerability in the Oracle HCM Common Architecture product of Oracle ...) NOT-FOR-US: Oracle CVE-2023-21856 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2023-21855 (Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2023-21854 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2023-21853 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2023-21852 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2023-21851 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2023-21850 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21849 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2023-21848 (Vulnerability in the Oracle Communications Convergence product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21847 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2023-21846 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-8 8u362-ga-1 - openjdk-11 11.0.18+10-1 - openjdk-17 17.0.6+10-1 - openjdk-21 21~7ea-1 CVE-2023-21842 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21840 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 CVE-2023-21839 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21838 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.32-1 (bug #1029151) CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-11 11.0.18+10-1 - openjdk-17 17.0.6+10-1 - openjdk-21 21~7ea-1 CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...) NOT-FOR-US: Oracle CVE-2023-21833 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) NOT-FOR-US: Oracle CVE-2023-21830 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 8u362-ga-1 - openjdk-21 21~7ea-1 CVE-2023-21829 (Vulnerability in the Oracle Database RDBMS Security component of Oracl ...) NOT-FOR-US: Oracle CVE-2023-21828 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2023-21827 (Vulnerability in the Oracle Database Data Redaction component of Oracl ...) NOT-FOR-US: Oracle CVE-2023-21826 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2023-21825 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic Charging Engi ...) NOT-FOR-US: Oracle CVE-2022-47522 (The IEEE 802.11 specifications through 802.11ax allow physically proxi ...) NOT-FOR-US: IEEE 802.11 specifications CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) {DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/f9b62f9843c7b0afdaecabbcebf1dbba18599408 (6.1-rc8) CVE-2022-47520 (An issue was discovered in the Linux kernel before 6.0.11. Missing off ...) {DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 (6.1-rc8) CVE-2022-47517 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...) NOT-FOR-US: libsofia-sip fork in drachtio-server NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for src:sofia-sip CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...) {DSA-5410-1 DLA-3334-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-5 (bug #1031792) NOTE: Report in fork: https://github.com/drachtio/drachtio-server/issues/244 NOTE: https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14) CVE-2022-47515 (An issue was discovered in drachtio-server before 0.8.20. It allows re ...) NOT-FOR-US: drachtio-server CVE-2022-47514 (An XML external entity (XXE) injection vulnerability in XML-RPC.NET be ...) NOT-FOR-US: XML-RPC.NET CVE-2022-47519 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) {DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/051ae669e4505abbe05165bebf6be7922de11f41 CVE-2022-47518 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) {DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 CVE-2022-47513 RESERVED CVE-2022-4591 (A vulnerability was found in mschaef toto up to 1.4.20. It has been de ...) NOT-FOR-US: mschaef toto CVE-2022-4590 (A vulnerability was found in mschaef toto up to 1.4.20. It has been cl ...) NOT-FOR-US: mschaef toto CVE-2022-4589 (A vulnerability has been found in cyface Terms and Conditions Module u ...) NOT-FOR-US: cyface Terms and Conditions Module CVE-2022-4588 (A vulnerability, which was classified as problematic, was found in Bos ...) NOT-FOR-US: Boston Sleep slice CVE-2022-4587 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Opencaching Deutschland oc-server3 CVE-2022-4586 (A vulnerability classified as problematic was found in Opencaching Deu ...) NOT-FOR-US: Opencaching Deutschland oc-server3 CVE-2022-4585 (A vulnerability classified as problematic has been found in Opencachin ...) NOT-FOR-US: Opencaching Deutschland oc-server3 CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has ...) NOT-FOR-US: Bento4 CVE-2022-4583 (A vulnerability was found in jLEMS. It has been declared as critical. ...) NOT-FOR-US: jLEMS CVE-2022-4582 (A vulnerability was found in starter-public-edition-4 up to 4.6.10. It ...) NOT-FOR-US: starter-public-edition-4 CVE-2022-4581 (A vulnerability was found in 1j01 mind-map and classified as problemat ...) NOT-FOR-US: 1j01 CVE-2021-4246 (A vulnerability was found in roxlukas LMeve and classified as critical ...) NOT-FOR-US: roxlukas LMeve CVE-2023-21823 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21822 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21821 RESERVED CVE-2023-21820 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-21819 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21818 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21817 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21816 (Windows Active Directory Domain Services API Denial of Service Vulnera ...) NOT-FOR-US: Microsoft CVE-2023-21815 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21814 RESERVED CVE-2023-21813 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21812 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-21811 (Windows iSCSI Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21810 RESERVED CVE-2023-21809 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21808 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21807 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-21806 (Power BI Report Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21805 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21804 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21803 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21802 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21801 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-21800 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21799 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-21798 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21797 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21794 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21792 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21791 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21790 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21789 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21788 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21787 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21786 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21785 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21784 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21783 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21782 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21781 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21780 (3D Builder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21779 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21778 (Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2023-21777 (Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-4580 (The Twenty20 Image Before-After WordPress plugin through 1.5.9 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-4579 REJECTED CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...) NOT-FOR-US: WordPress plugin CVE-2022-4575 (A vulnerability due to improper write protection of UEFI variables was ...) NOT-FOR-US: Lenovo CVE-2022-4574 (An SMI handler input validation vulnerability in the BIOS of some Thin ...) NOT-FOR-US: Lenovo CVE-2022-4573 (An SMI handler input validation vulnerability in the ThinkPad X1 Fold ...) NOT-FOR-US: Lenovo CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: UBI reader CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4569 (A local privilege escalation vulnerability in the ThinkPad Hybrid USB- ...) NOT-FOR-US: Lenovo CVE-2022-4568 (A directory permissions management vulnerability in Lenovo System Upda ...) NOT-FOR-US: Lenovo CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr prior to ...) NOT-FOR-US: OpenEMR CVE-2021-46866 RESERVED CVE-2021-46865 RESERVED CVE-2021-46864 RESERVED CVE-2021-46863 RESERVED CVE-2021-46862 RESERVED CVE-2021-46861 RESERVED CVE-2021-46860 RESERVED CVE-2021-46859 RESERVED CVE-2021-46858 RESERVED CVE-2021-46857 RESERVED CVE-2020-36616 RESERVED CVE-2020-36615 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-36614 RESERVED CVE-2020-36613 RESERVED CVE-2020-36612 RESERVED CVE-2019-25083 REJECTED CVE-2019-25082 REJECTED CVE-2019-25081 REJECTED CVE-2019-25080 REJECTED CVE-2019-25079 REJECTED CVE-2022-4566 (A vulnerability, which was classified as critical, has been found in y ...) NOT-FOR-US: RuoYi CVE-2022-4565 (A vulnerability classified as problematic was found in Dromara HuTool ...) NOT-FOR-US: Dromara HuTool CVE-2022-4564 (A vulnerability classified as problematic has been found in University ...) NOT-FOR-US: University of Central Florida Materia CVE-2022-4563 (A vulnerability was found in Freedom of the Press SecureDrop. It has b ...) NOT-FOR-US: Freedom of the Press SecureDrop CVE-2022-4562 (The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4561 (A vulnerability classified as problematic has been found in SemanticDr ...) NOT-FOR-US: SemanticDrilldown MediaWiki extension CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been rated as ...) NOT-FOR-US: Joget CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been ...) NOT-FOR-US: INEX IPX-Manager CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ...) - sogo 5.8.0-1 [bullseye] - sogo (Minor issue) [buster] - sogo (Minor issue) NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0) CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...) - sogo 5.8.0-1 [bullseye] - sogo (Minor issue) [buster] - sogo (Minor issue) NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0) CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...) NOT-FOR-US: WP Shamsi plugin for WordPress CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...) NOT-FOR-US: B2B Customer Ordering System CVE-2022-4553 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4550 (The User Activity WordPress plugin through 1.0.1 checks headers such a ...) NOT-FOR-US: WordPress plugin CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...) NOT-FOR-US: WordPress plugin CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...) NOT-FOR-US: WordPress plugin CVE-2022-4546 (The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and escape s ...) NOT-FOR-US: WordPress plugin CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...) - linux [bookworm] - linux (Minor issue, revisit when/if fixed upstream) [bullseye] - linux (Minor issue, revisit when/if fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3 NOTE: https://www.willsroot.io/2022/12/entrybleed.html CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...) NOT-FOR-US: SAP CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...) NOT-FOR-US: SAP CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, ...) NOT-FOR-US: SAP CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Server - v ...) NOT-FOR-US: SAP CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...) NOT-FOR-US: SAP CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-4541 RESERVED CVE-2022-4540 RESERVED CVE-2022-4539 RESERVED CVE-2022-4538 RESERVED CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...) NOT-FOR-US: WordPress plugin CVE-2022-4536 RESERVED CVE-2022-4535 RESERVED CVE-2022-4534 RESERVED CVE-2022-4533 RESERVED CVE-2022-4532 RESERVED CVE-2022-4531 REJECTED CVE-2022-4530 RESERVED CVE-2022-4529 RESERVED CVE-2022-4528 RESERVED CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been ...) NOT-FOR-US: collective.task CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and classi ...) NOT-FOR-US: django-photologue CVE-2022-4525 (A vulnerability has been found in National Sleep Research Resource sle ...) NOT-FOR-US: National Sleep Research Resource CVE-2022-4524 (A vulnerability, which was classified as problematic, was found in Roo ...) NOT-FOR-US: WordPress plugin CVE-2022-4523 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Virtual Exim 2 CVE-2022-4522 (A vulnerability classified as problematic was found in CalendarXP up t ...) NOT-FOR-US: CalenderXP CVE-2022-4521 (A vulnerability classified as problematic has been found in WSO2 carbo ...) NOT-FOR-US: WSO carbon-registry CVE-2022-4520 (A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has ...) NOT-FOR-US: WSO carbon-registry CVE-2022-4519 (The WP User plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WP User plugin for WordPress CVE-2022-4518 RESERVED CVE-2022-47512 (Sensitive information was stored in plain text in a file that is acces ...) NOT-FOR-US: SolarWinds CVE-2022-47511 RESERVED CVE-2022-47510 RESERVED CVE-2022-47509 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...) NOT-FOR-US: SolarWinds CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...) NOT-FOR-US: SolarWinds CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...) NOT-FOR-US: SolarWinds CVE-2022-47505 (The SolarWinds Platform was susceptible to the Local Privilege Escalat ...) NOT-FOR-US: SolarWinds CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-47502 (Apache OpenOffice documents can contain links that call internal macro ...) NOT-FOR-US: Apache OpenOffice CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundation Apa ...) NOT-FOR-US: Apache OFBiz CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...) NOT-FOR-US: Apache Helix CVE-2022-47499 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47498 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47497 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47496 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47495 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47494 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47493 (In soter service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-47492 (In soter service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-47491 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47490 (In soter service, there is a possible missing permission check. This c ...) NOT-FOR-US: Unisoc CVE-2022-47489 (In soter service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47487 (In thermal service, there is a possible out of bounds write due to a m ...) NOT-FOR-US: Unisoc CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) NOT-FOR-US: Unisoc CVE-2022-47485 (In modem control device, there is a possible out of bounds write due t ...) NOT-FOR-US: Unisoc CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47482 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47481 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47480 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47479 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47478 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47477 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47476 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47475 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47474 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47473 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47472 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) NOT-FOR-US: Unisoc CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) NOT-FOR-US: Unisoc CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47466 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47465 (In vdsp service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-47464 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47463 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after free. T ...) NOT-FOR-US: Unisoc CVE-2022-47459 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47458 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47457 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47456 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47455 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47454 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47453 (In wcn service, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...) NOT-FOR-US: GE Digital CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...) NOT-FOR-US: GE Digital CVE-2022-46331 (An unauthorized user could possibly delete any file on the system.) NOT-FOR-US: GE Digital CVE-2022-4517 RESERVED CVE-2022-4516 REJECTED CVE-2022-4515 (A flaw was found in Exuberant Ctags in the way it handles the "-o" opt ...) {DLA-3254-1} - exuberant-ctags 1:5.9~svn20110310-18 (bug #1026995) [bullseye] - exuberant-ctags 1:5.9~svn20110310-14+deb11u1 - universal-ctags (Fixed before initial upload to Debian) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153519 NOTE: Fixed by: https://github.com/universal-ctags/ctags/commit/e00c55d7a0204dc1d0ae316141323959e1e16162 CVE-2022-4514 (A vulnerability, which was classified as problematic, was found in Ope ...) NOT-FOR-US: OpenCaching oc-server3 CVE-2022-4513 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: European Environment Agency eionet.contreg CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...) NOT-FOR-US: RainyGao DocSys CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...) {DLA-3339-1} - binwalk 2.3.4+dfsg1-1 [bullseye] - binwalk (Minor issue) NOTE: https://github.com/ReFirmLabs/binwalk/pull/617 NOTE: https://github.com/ReFirmLabs/binwalk/commit/696fe34ed680ffd951bfeca737feb4a0b98dde5c (v2.3.4) CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...) NOT-FOR-US: GE Digital CVE-2022-38469 (An unauthorized user with network access and the decryption key could ...) NOT-FOR-US: GE Digital CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...) NOT-FOR-US: rfc6902 CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...) NOT-FOR-US: WordPress plugin CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - ...) NOT-FOR-US: WordPress plugin CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...) NOT-FOR-US: WordPress plugin CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...) NOT-FOR-US: WordPress plugin CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...) NOT-FOR-US: WordPress plugin CVE-2022-47442 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...) NOT-FOR-US: WordPress plugin CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) NOT-FOR-US: WordPress plugin CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...) NOT-FOR-US: WordPress plugin CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpD ...) NOT-FOR-US: WordPress plugin CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...) NOT-FOR-US: WordPress plugin CVE-2022-47436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) NOT-FOR-US: WordPress plugin CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...) NOT-FOR-US: WordPress plugin CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...) NOT-FOR-US: WordPress plugin CVE-2022-47432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor inter ...) NOT-FOR-US: WordPress plugin CVE-2022-47430 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47429 RESERVED CVE-2022-47428 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) NOT-FOR-US: WordPress plugin CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47425 RESERVED CVE-2022-47424 RESERVED CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf ...) NOT-FOR-US: WordPress plugin CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...) NOT-FOR-US: WordPress plugin CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...) NOT-FOR-US: WordPress plugin CVE-2022-47420 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...) NOT-FOR-US: Mayan EDMS DMS CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) NOT-FOR-US: LogicalDOC CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) NOT-FOR-US: LogicalDOC CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type ...) NOT-FOR-US: LogicalDOC CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) NOT-FOR-US: LogicalDOC CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...) NOT-FOR-US: OpenKM CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is ...) NOT-FOR-US: OpenKM CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...) NOT-FOR-US: ONLYOFFICE CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) NOT-FOR-US: TYPO3 extension CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) NOT-FOR-US: TYPO3 extension CVE-2022-47409 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) NOT-FOR-US: TYPO3 extension CVE-2022-47408 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) NOT-FOR-US: TYPO3 extension CVE-2022-47407 (An issue was discovered in the fp_masterquiz (aka Master-Quiz) extensi ...) NOT-FOR-US: TYPO3 extension CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change password for ...) NOT-FOR-US: TYPO3 extension CVE-2022-4508 (The ConvertKit WordPress plugin before 2.0.5 does not validate and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) NOT-FOR-US: OpenEMR CVE-2022-4505 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: OpenEMR CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR CVE-2022-4503 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...) NOT-FOR-US: OpenEMR CVE-2022-4502 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) NOT-FOR-US: OpenEMR CVE-2022-4501 (The Mega Addons plugin for WordPress is vulnerable to authorization by ...) NOT-FOR-US: Mega Addons plugin for WordPress CVE-2022-47405 RESERVED CVE-2022-47404 RESERVED CVE-2022-47403 RESERVED CVE-2022-47402 RESERVED CVE-2022-47401 RESERVED CVE-2022-47400 RESERVED CVE-2022-47399 RESERVED CVE-2022-47398 RESERVED CVE-2022-47397 RESERVED CVE-2022-47396 RESERVED CVE-2022-4500 RESERVED CVE-2022-4499 (TP-Link routers, Archer C5 and WR710N-V1, using the latest software, t ...) NOT-FOR-US: TP-Link CVE-2022-4498 (In TP-Link routers, Archer C5 and WR710N-V1, running the latest availa ...) NOT-FOR-US: TP-Link CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4496 (The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, S ...) NOT-FOR-US: WordPress plugin CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: collective.dms.basecontent CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...) NOT-FOR-US: MCPMappingViewer CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...) NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output) CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...) [experimental] - undertow 2.3.8-1 - undertow 2.3.8-2 (bug #1032087) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details NOTE: Fixed by https://github.com/undertow-io/undertow/pull/1447 CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4490 RESERVED CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...) NOT-FOR-US: WordPress plugin CVE-2022-4488 (The Widgets on Pages WordPress plugin before 1.8.0 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4486 (The Meteor Slides WordPress plugin before 1.5.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...) NOT-FOR-US: WordPress plugin CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4482 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2 ...) NOT-FOR-US: WordPress plugin CVE-2022-4481 (The Mesmerize Companion WordPress plugin before 1.6.135 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4480 (The Click to Chat WordPress plugin before 3.18.1 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-4478 (The Font Awesome WordPress plugin before 4.3.2 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4477 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4476 (The Download Manager WordPress plugin before 3.2.62 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2023-21773 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21772 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21771 (Windows Local Session Manager (LSM) Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-21770 RESERVED CVE-2023-21769 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21768 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2023-21767 (Windows Overlay Filter Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21766 (Windows Overlay Filter Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21765 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21764 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21763 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21762 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21761 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21760 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21759 (Windows Smart Card Resource Management Server Security Feature Bypass ...) NOT-FOR-US: Microsoft CVE-2023-21758 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21757 (Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2023-21756 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21755 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21754 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21748 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21747 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21746 (Windows NTLM Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21745 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21744 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21743 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21742 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21741 (Microsoft Office Visio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21740 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21739 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21738 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21737 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21736 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21735 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21734 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21733 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21732 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21731 RESERVED CVE-2023-21730 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21729 (Remote Procedure Call Runtime Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21728 (Windows Netlogon Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21727 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21726 (Windows Credential Manager User Interface Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2023-21725 (Windows Malicious Software Removal Tool Elevation of Privilege Vulnera ...) NOT-FOR-US: Microsoft CVE-2023-21724 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-47393 (An authenticated, remote attacker may use a Improper Restriction of Op ...) NOT-FOR-US: CODESYS CVE-2022-47392 (An authenticated, remote attacker may use a improper input validation ...) NOT-FOR-US: CODESYS CVE-2022-47391 (In multiple CODESYS products in multiple versions an unauthorized, rem ...) NOT-FOR-US: CODESYS CVE-2022-47390 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47389 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47388 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47387 (An authenticated remote attacker may use a stack based out-of-bounds w ...) NOT-FOR-US: CODESYS CVE-2022-47386 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47385 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47384 (An authenticated remote attacker may use a stack based out-of-bounds w ...) NOT-FOR-US: CODESYS CVE-2022-47383 (An authenticated, remote attacker may use a stack based out-of-bounds ...) NOT-FOR-US: CODESYS CVE-2022-47382 (An authenticated remote attacker may use a stack based out-of-bounds w ...) NOT-FOR-US: CODESYS CVE-2022-47381 (An authenticated remote attacker may use a stack based out-of-bounds w ...) NOT-FOR-US: CODESYS CVE-2022-47380 (An authenticated remote attacker may use a stack based out-of-bounds w ...) NOT-FOR-US: CODESYS CVE-2022-47379 (An authenticated, remote attacker may use a out-of-bounds write vulner ...) NOT-FOR-US: CODESYS CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a improper ...) NOT-FOR-US: CODESYS CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 w ...) NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 CVE-2022-47376 (The Alaris Infusion Central software, versions 1.1 to 1.3.2, may conta ...) NOT-FOR-US: Alaris Infusion Central CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...) NOT-FOR-US: Squirrel.Windows CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4473 (The Widget Shortcode WordPress plugin through 0.3.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4471 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not validate a ...) NOT-FOR-US: WordPress plugin CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4463 REJECTED CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-4461 RESERVED CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-4458 (The amr shortcode any widget WordPress plugin through 4.0 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App ...) NOT-FOR-US: KDDI +Message App, NTT DOCOMO +Message App and SoftBank +Message App CVE-2023-21723 RESERVED CVE-2023-21722 (.NET Framework Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21721 (Microsoft OneNote Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21718 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21712 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21711 RESERVED CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21709 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21706 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21705 (Microsoft SQL Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21704 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2023-21703 (Azure Data Box Gateway Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21702 (Windows iSCSI Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21701 (Microsoft Protected Extensible Authentication Protocol (PEAP) Denial o ...) NOT-FOR-US: Microsoft CVE-2023-21700 (Windows iSCSI Discovery Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21699 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...) NOT-FOR-US: Microsoft CVE-2023-21698 RESERVED CVE-2023-21697 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...) NOT-FOR-US: Microsoft CVE-2023-21696 RESERVED CVE-2023-21695 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) NOT-FOR-US: Microsoft CVE-2023-21694 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21693 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) NOT-FOR-US: Microsoft CVE-2023-21692 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) NOT-FOR-US: Microsoft CVE-2023-21691 (Microsoft Protected Extensible Authentication Protocol (PEAP) Informat ...) NOT-FOR-US: Microsoft CVE-2023-21690 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) NOT-FOR-US: Microsoft CVE-2023-21689 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) NOT-FOR-US: Microsoft CVE-2023-21688 (NT OS Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21687 (HTTP.sys Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21686 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-21684 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) NOT-FOR-US: Microsoft CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21682 (Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2023-21681 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2023-21680 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21679 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21678 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21677 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21676 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2023-21675 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) NOT-FOR-US: Siemens CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) NOT-FOR-US: Siemens CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...) NOT-FOR-US: Pandora FMS CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section ...) NOT-FOR-US: Pandora FMS CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP client for ...) NOT-FOR-US: Cloudflare Warp CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...) NOT-FOR-US: falling-fruit CVE-2022-4455 (A vulnerability, which was classified as problematic, was found in spr ...) NOT-FOR-US: sproctor php-calendar CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...) NOT-FOR-US: m0ver bible-online CVE-2022-4453 (The 3D FlipBook WordPress plugin through 1.13.2 does not validate or e ...) NOT-FOR-US: WordPress plugin CVE-2022-4452 (Insufficient data validation in crosvm in Google Chrome prior to 107.0 ...) NOT-FOR-US: Android CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ...) {DSA-5343-1 DLA-3325-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b (OpenSSL_1_1_1t) CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4448 (The GiveWP WordPress plugin before 2.24.0 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly sanitize a ...) NOT-FOR-US: WordPress plugin CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior ...) NOT-FOR-US: Corebos CVE-2022-4445 (The FL3R FeelBox WordPress plugin through 8.1 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...) NOT-FOR-US: ipti br.tag CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...) - pacparser 1.3.6-1.4 (bug #1026106) [bullseye] - pacparser (Minor issue) [buster] - pacparser (Minor issue) NOTE: https://github.com/manugarg/pacparser/issues/99 NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0) CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of ...) NOT-FOR-US: Unisoc CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: Unisoc CVE-2022-47362 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...) NOT-FOR-US: Unisoc CVE-2022-47353 (In vdsp device, there is a possible system crash due to improper input ...) NOT-FOR-US: Unisoc CVE-2022-47352 (In camera driver, there is a possible out of bounds read due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-47351 (In camera driver, there is a possible out of bounds read due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-47350 (In camera driver, there is a possible out of bounds read due to a miss ...) NOT-FOR-US: Unisoc CVE-2022-47349 RESERVED CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...) NOT-FOR-US: Unisoc CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47337 (In media service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-47336 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read due to a ...) NOT-FOR-US: Unisoc CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...) NOT-FOR-US: Unisoc CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-47310 RESERVED CVE-2022-47309 RESERVED CVE-2022-47308 RESERVED CVE-2022-47307 RESERVED CVE-2022-47306 RESERVED CVE-2022-47305 RESERVED CVE-2022-47304 RESERVED CVE-2022-47303 RESERVED CVE-2022-47302 RESERVED CVE-2022-47301 RESERVED CVE-2022-47300 RESERVED CVE-2022-47299 RESERVED CVE-2022-47298 RESERVED CVE-2022-47297 RESERVED CVE-2022-47296 RESERVED CVE-2022-47295 RESERVED CVE-2022-47294 RESERVED CVE-2022-47293 RESERVED CVE-2022-47292 RESERVED CVE-2022-47291 RESERVED CVE-2022-47290 RESERVED CVE-2022-47289 RESERVED CVE-2022-47288 RESERVED CVE-2022-47287 RESERVED CVE-2022-47286 RESERVED CVE-2022-47285 RESERVED CVE-2022-47284 RESERVED CVE-2022-47283 RESERVED CVE-2022-47282 RESERVED CVE-2022-47281 RESERVED CVE-2022-47280 RESERVED CVE-2022-47279 RESERVED CVE-2022-47278 RESERVED CVE-2022-47277 RESERVED CVE-2022-47276 RESERVED CVE-2022-47275 RESERVED CVE-2022-47274 RESERVED CVE-2022-47273 RESERVED CVE-2022-47272 RESERVED CVE-2022-47271 RESERVED CVE-2022-47270 RESERVED CVE-2022-47269 RESERVED CVE-2022-47268 RESERVED CVE-2022-47267 RESERVED CVE-2022-47266 RESERVED CVE-2022-47265 RESERVED CVE-2022-47264 RESERVED CVE-2022-47263 RESERVED CVE-2022-47262 RESERVED CVE-2022-47261 RESERVED CVE-2022-47260 RESERVED CVE-2022-47259 RESERVED CVE-2022-47258 RESERVED CVE-2022-47257 RESERVED CVE-2022-47256 RESERVED CVE-2022-47255 RESERVED CVE-2022-47254 RESERVED CVE-2022-47253 RESERVED CVE-2022-47252 RESERVED CVE-2022-47251 RESERVED CVE-2022-47250 RESERVED CVE-2022-47249 RESERVED CVE-2022-47248 RESERVED CVE-2022-47247 RESERVED CVE-2022-47246 RESERVED CVE-2022-47245 RESERVED CVE-2022-47244 RESERVED CVE-2022-47243 RESERVED CVE-2022-47242 RESERVED CVE-2022-47241 RESERVED CVE-2022-47240 RESERVED CVE-2022-47239 RESERVED CVE-2022-47238 RESERVED CVE-2022-47237 RESERVED CVE-2022-47236 RESERVED CVE-2022-47235 RESERVED CVE-2022-47234 RESERVED CVE-2022-47233 RESERVED CVE-2022-47232 RESERVED CVE-2022-47231 RESERVED CVE-2022-47230 RESERVED CVE-2022-47229 RESERVED CVE-2022-47228 RESERVED CVE-2022-47227 RESERVED CVE-2022-47226 RESERVED CVE-2022-47225 RESERVED CVE-2022-47224 RESERVED CVE-2022-47223 RESERVED CVE-2022-47222 RESERVED CVE-2022-47221 RESERVED CVE-2022-47220 RESERVED CVE-2022-47219 RESERVED CVE-2022-47218 RESERVED CVE-2022-47217 RESERVED CVE-2022-47216 RESERVED CVE-2022-47215 RESERVED CVE-2022-47214 RESERVED CVE-2022-47213 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-47212 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-47211 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-47210 (The default console presented to users over telnet (when enabled) is r ...) NOT-FOR-US: Netgear CVE-2022-47209 (A support user exists on the device and appears to be a backdoor for T ...) NOT-FOR-US: Netgear CVE-2022-47208 (The \u201cpuhttpsniff\u201d service, which runs by default, is suscept ...) NOT-FOR-US: Netgear CVE-2022-47207 RESERVED CVE-2022-47206 RESERVED CVE-2022-47205 RESERVED CVE-2022-47204 RESERVED CVE-2022-47203 RESERVED CVE-2022-47202 RESERVED CVE-2022-47201 RESERVED CVE-2022-47200 RESERVED CVE-2022-47199 RESERVED CVE-2022-47198 RESERVED CVE-2022-47197 (An insecure default vulnerability exists in the Post Creation function ...) NOT-FOR-US: Ghost CMS CVE-2022-47196 (An insecure default vulnerability exists in the Post Creation function ...) NOT-FOR-US: Ghost CMS CVE-2022-47195 (An insecure default vulnerability exists in the Post Creation function ...) NOT-FOR-US: Ghost CMS CVE-2022-47194 (An insecure default vulnerability exists in the Post Creation function ...) NOT-FOR-US: Ghost CMS CVE-2022-46736 RESERVED CVE-2022-46729 RESERVED CVE-2022-46655 RESERVED CVE-2022-46296 RESERVED CVE-2022-45125 RESERVED CVE-2022-44454 RESERVED CVE-2022-44450 RESERVED CVE-2022-4441 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) NOT-FOR-US: Hitachi CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to 108.0.5359.124 al ...) {DSA-5302-1} - chromium 108.0.5359.124-1 [buster] - chromium (see DSA 5046) CVE-2022-4439 (Use after free in Aura in Google Chrome on Windows prior to 108.0.5359 ...) {DSA-5302-1} - chromium 108.0.5359.124-1 [buster] - chromium (see DSA 5046) CVE-2022-4438 (Use after free in Blink Frames in Google Chrome prior to 108.0.5359.12 ...) {DSA-5302-1} - chromium 108.0.5359.124-1 [buster] - chromium (see DSA 5046) CVE-2022-4437 (Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 al ...) {DSA-5302-1} - chromium 108.0.5359.124-1 [buster] - chromium (see DSA 5046) CVE-2022-4436 (Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 ...) {DSA-5302-1} - chromium 108.0.5359.124-1 [buster] - chromium (see DSA 5046) CVE-2022-4435 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) NOT-FOR-US: Lenovo CVE-2022-4434 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) NOT-FOR-US: Lenovo CVE-2022-4433 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) NOT-FOR-US: Lenovo CVE-2022-4432 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) NOT-FOR-US: Lenovo CVE-2022-4431 (The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4430 RESERVED CVE-2022-43669 RESERVED CVE-2022-43493 RESERVED CVE-2022-41834 RESERVED CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager ...) NOT-FOR-US: Hitachi CVE-2023-0011 (A flaw in the input validation in TOBY-L2 allows a user to execute arb ...) NOT-FOR-US: TOBY-L2 CVE-2022-47193 RESERVED CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) NOT-FOR-US: Generex UPS CS141 CVE-2022-47191 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) NOT-FOR-US: Generex UPS CS141 CVE-2022-47190 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) NOT-FOR-US: Generex UPS CS141 CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker toupload a fi ...) NOT-FOR-US: Generex UPS CS141 CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...) NOT-FOR-US: Generex UPS CS141 CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below 2.06 v ...) NOT-FOR-US: Generex CS141 CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...) NOT-FOR-US: Generex CS141 CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache ...) {DSA-5549-1 DLA-3595-1} - trafficserver 9.2.2+ds-1 (bug #1043430) NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc NOTE: https://github.com/apache/trafficserver/issues/9265 NOTE: https://github.com/apache/trafficserver/pull/10131 NOTE: https://github.com/apache/trafficserver/commit/5d0835ea5a57003798497d07331fa4f89823c750 (9.2.2-rc0) NOTE: https://github.com/apache/trafficserver/commit/c50ee6c4f2ae32f2c849fccb5b0f367165fe9c20 (8.1.8-rc0) CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) {DSA-5435-1 DLA-3475-1} - trafficserver 9.2.1+ds-1 (bug #1038248) NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs NOTE: https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25 (master) NOTE: https://github.com/apache/trafficserver/commit/c371b7b21a7e774f852af86b85c87d5d877a14bd (9.2.1-rc0) NOTE: https://github.com/apache/trafficserver/commit/b49ae063632b1f40b9bd45aa66524924e2c26600 (8.1.7) CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...) NOT-FOR-US: WordPress plugin CVE-2022-47182 RESERVED CVE-2022-47181 (Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email T ...) NOT-FOR-US: WordPress plugin CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...) NOT-FOR-US: WordPress plugin CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...) NOT-FOR-US: WordPress plugin CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...) NOT-FOR-US: WordPress plugin CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...) NOT-FOR-US: WordPress plugin CVE-2022-47176 RESERVED CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Eleme ...) NOT-FOR-US: WordPress plugin CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...) NOT-FOR-US: WordPress plugin CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...) NOT-FOR-US: WordPress plugin CVE-2022-47172 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) NOT-FOR-US: WordPress plugin CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unli ...) NOT-FOR-US: WordPress plugin CVE-2022-47169 (Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility L ...) NOT-FOR-US: WordPress plugin CVE-2022-47168 RESERVED CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Cray ...) NOT-FOR-US: WordPress plugin CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...) NOT-FOR-US: WordPress plugin CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...) NOT-FOR-US: WordPress plugin CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) NOT-FOR-US: WordPress plugin CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...) NOT-FOR-US: WordPress plugin CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...) NOT-FOR-US: WordPress plugin CVE-2022-47160 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...) NOT-FOR-US: WordPress plugin CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...) NOT-FOR-US: WordPress plugin CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...) NOT-FOR-US: WordPress plugin CVE-2022-47156 RESERVED CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...) NOT-FOR-US: WordPress plugin CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS ...) NOT-FOR-US: WordPress plugin CVE-2022-47153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress theme CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...) NOT-FOR-US: WordPress plugin CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-47150 RESERVED CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...) NOT-FOR-US: WordPress plugin CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...) NOT-FOR-US: WordPress plugin CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempo ...) NOT-FOR-US: WordPress plugin CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) NOT-FOR-US: WordPress plugin CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) NOT-FOR-US: WordPress plugin CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) NOT-FOR-US: WordPress plugin CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...) NOT-FOR-US: WordPress plugin CVE-2022-47140 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute I ...) NOT-FOR-US: WordPress plugin CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...) NOT-FOR-US: WordPress plugin CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...) NOT-FOR-US: WordPress plugin CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...) NOT-FOR-US: WordPress plugin CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...) NOT-FOR-US: WordPress plugin CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...) NOT-FOR-US: WordPress plugin CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...) NOT-FOR-US: WordPress plugin CVE-2022-47133 RESERVED CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) NOT-FOR-US: Academy LMS CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) NOT-FOR-US: Academy LMS CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) NOT-FOR-US: Academy LMS CVE-2022-47129 (PHPOK v6.3 was discovered to contain a remote code execution (RCE) vul ...) NOT-FOR-US: PHPOK CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47127 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47126 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47125 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47124 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47123 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47122 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47121 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47120 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47119 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47118 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47117 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47116 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47115 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-47114 RESERVED CVE-2022-47113 RESERVED CVE-2022-47112 RESERVED CVE-2022-47111 RESERVED CVE-2022-47110 RESERVED CVE-2022-47109 RESERVED CVE-2022-47108 RESERVED CVE-2022-47107 RESERVED CVE-2022-47106 RESERVED CVE-2022-47105 (Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-47104 RESERVED CVE-2022-47103 RESERVED CVE-2022-47102 (A cross-site scripting (XSS) vulnerability in Student Study Center Man ...) NOT-FOR-US: Student Study Center Management System CVE-2022-47101 RESERVED CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to ar ...) NOT-FOR-US: Sengled Smart bulb CVE-2022-47099 RESERVED CVE-2022-47098 RESERVED CVE-2022-47097 RESERVED CVE-2022-47096 RESERVED CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2346 NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0) CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2345 NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0) CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2344 NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0) CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2347 NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0) CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2343 NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0) CVE-2022-47090 RESERVED CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2338 NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0) CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2340 NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2339 NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...) {DSA-5411-1} [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2337 NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0) CVE-2022-47085 (An issue was discovered in ostree before 2022.7 allows attackers to ca ...) - ostree (Rust bindings not included in Debian source package) NOTE: https://github.com/ostreedev/ostree/issues/2775 CVE-2022-47084 RESERVED CVE-2022-47083 (A PHP Object Injection vulnerability in the unserialize() function Spi ...) NOT-FOR-US: Spitfire CMS CVE-2022-47082 RESERVED CVE-2022-47081 RESERVED CVE-2022-47080 RESERVED CVE-2022-47079 RESERVED CVE-2022-47078 RESERVED CVE-2022-47077 RESERVED CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...) NOT-FOR-US: Smart Office Web CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...) NOT-FOR-US: Smart Office Web CVE-2022-47074 RESERVED CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...) NOT-FOR-US: Small CRM CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit a ...) NOT-FOR-US: Enterprise Architect CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...) NOT-FOR-US: NVS365 V01 CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...) NOT-FOR-US: NVS365 V01 CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...) - p7zip (unimportant) NOTE: https://sourceforge.net/p/p7zip/bugs/241/ NOTE: Crash in CLI tool, no security impact CVE-2022-47068 RESERVED CVE-2022-47067 RESERVED CVE-2022-47066 RESERVED CVE-2022-47065 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) NOT-FOR-US: TrendNet CVE-2022-47064 RESERVED CVE-2022-47063 RESERVED CVE-2022-47062 RESERVED CVE-2022-47061 RESERVED CVE-2022-47060 RESERVED CVE-2022-47059 RESERVED CVE-2022-47058 RESERVED CVE-2022-47057 RESERVED CVE-2022-47056 RESERVED CVE-2022-47055 RESERVED CVE-2022-47054 RESERVED CVE-2022-47053 (An arbitrary file upload vulnerability in the Digital Assets Manager m ...) NOT-FOR-US: DotNetNuke CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' i ...) NOT-FOR-US: NETGEAR CVE-2022-47051 RESERVED CVE-2022-47050 RESERVED CVE-2022-47049 RESERVED CVE-2022-47048 RESERVED CVE-2022-47047 RESERVED CVE-2022-47046 RESERVED CVE-2022-47045 RESERVED CVE-2022-47044 RESERVED CVE-2022-47043 RESERVED CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary file wri ...) NOT-FOR-US: MCMS CVE-2022-47041 RESERVED CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 al ...) NOT-FOR-US: ASKEY CVE-2022-47039 RESERVED CVE-2022-47038 RESERVED CVE-2022-47037 (Siklu TG Terragraph devices before 2.1.1 allow attackers to discover v ...) NOT-FOR-US: Siklu TG Terragraph CVE-2022-47036 (Siklu TG Terragraph devices before approximately 2.1.1 have a hardcode ...) NOT-FOR-US: Siklu TG Terragraph CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...) NOT-FOR-US: D-Link CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of PlaySMS ...) NOT-FOR-US: PlaySMS CVE-2022-47033 RESERVED CVE-2022-47032 RESERVED CVE-2022-47031 RESERVED CVE-2022-47030 RESERVED CVE-2022-47029 (An issue was found in Action Launcher v50.5 allows an attacker to esca ...) NOT-FOR-US: Action Launcher CVE-2022-47028 (An issue discovered in Action Launcher for Android v50.5 allows an att ...) NOT-FOR-US: Action Launcher CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...) NOT-FOR-US: Timmystudios Fast Typing Keyboard CVE-2022-47026 RESERVED CVE-2022-47025 RESERVED CVE-2022-47024 (A null pointer dereference issue was discovered in function gui_x11_cr ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 (v9.0.0339) NOTE: Crash in CLI tool, no security impact CVE-2022-47023 RESERVED CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to ca ...) - hwloc 2.9.3-1 [bookworm] - hwloc (Minor issue) [bullseye] - hwloc (Minor issue) [buster] - hwloc (Minor issue) NOTE: https://github.com/open-mpi/hwloc/issues/544 NOTE: https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace (master) NOTE: https://github.com/open-mpi/hwloc/commit/a62b8ba587b225d25d6ee05c705fbc44c55d1986 (hwloc-2.9.3rc1) NOTE: Additionally openmpi and mpich embedd hwloc, but issue seems negligible CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...) - opusfile 0.12-4 (bug #1030049) [bullseye] - opusfile (Minor issue) [buster] - opusfile (Minor issue) NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 NOTE: https://github.com/xiph/opusfile/issues/36 CVE-2022-47020 RESERVED CVE-2022-47019 RESERVED CVE-2022-47018 RESERVED CVE-2022-47017 RESERVED CVE-2022-47016 REJECTED CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of S ...) {DLA-3444-1} [experimental] - mariadb 1:10.11.3-1~exp1 - mariadb 1:10.11.3-1 (bug #1034889) - mariadb-10.6 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.20-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-29644 CVE-2022-47014 RESERVED CVE-2022-47013 RESERVED CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 dynamip ...) NOT-FOR-US: GNS3 CVE-2022-47011 (An issue was discovered function parse_stab_struct_fields in stabs.c i ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29261 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a24927bc8dbf6beac2000593b21235c3796dc35 (binutils-2_39) NOTE: binutils not covered by security support CVE-2022-47010 (An issue was discovered function pr_function_type in prdbg.c in Binuti ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29262 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d02e70b197c786f26175b9a73f94e01d14abdab NOTE: binutils not covered by security support CVE-2022-47009 RESERVED CVE-2022-47008 (An issue was discovered function make_tempdir, and make_tempname in bu ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29255 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682 NOTE: binutils not covered by security support CVE-2022-47007 (An issue was discovered function stab_demangle_v3_arg in stabs.c in Bi ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29254 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb NOTE: binutils not covered by security support CVE-2022-47006 RESERVED CVE-2022-47005 RESERVED CVE-2022-47004 RESERVED CVE-2022-47003 (A vulnerability in the Remember Me function of Mura CMS before v10.0.5 ...) NOT-FOR-US: Mura CMS CVE-2022-47002 (A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and ...) NOT-FOR-US: Mura CMS CVE-2022-47001 RESERVED CVE-2022-47000 RESERVED CVE-2022-46999 (Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: TuziCMS CVE-2022-46998 (An issue in the website background of taocms v3.0.2 allows attackers t ...) NOT-FOR-US: Taocms CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...) NOT-FOR-US: Passhunt CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...) NOT-FOR-US: vSphere_selfuse CVE-2022-46995 RESERVED CVE-2022-46994 RESERVED CVE-2022-46993 RESERVED CVE-2022-46992 RESERVED CVE-2022-46991 RESERVED CVE-2022-46990 RESERVED CVE-2022-46989 RESERVED CVE-2022-46988 RESERVED CVE-2022-46987 RESERVED CVE-2022-46986 RESERVED CVE-2022-46985 RESERVED CVE-2022-46984 RESERVED CVE-2022-46983 RESERVED CVE-2022-46982 RESERVED CVE-2022-46981 RESERVED CVE-2022-46980 RESERVED CVE-2022-46979 RESERVED CVE-2022-46978 RESERVED CVE-2022-46977 RESERVED CVE-2022-46976 RESERVED CVE-2022-46975 RESERVED CVE-2022-46974 RESERVED CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side Request Forger ...) NOT-FOR-US: AJ-Report CVE-2022-46972 RESERVED CVE-2022-46971 RESERVED CVE-2022-46970 RESERVED CVE-2022-46969 RESERVED CVE-2022-46968 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=h ...) NOT-FOR-US: Revenue Collection System CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows unaut ...) NOT-FOR-US: Revenue Collection System CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Revenue Collection System CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was discover ...) NOT-FOR-US: PrestaShop module CVE-2022-46964 RESERVED CVE-2022-46963 RESERVED CVE-2022-46962 RESERVED CVE-2022-46961 RESERVED CVE-2022-46960 RESERVED CVE-2022-46959 (An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allo ...) NOT-FOR-US: Sonic CVE-2022-46958 RESERVED CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable ...) NOT-FOR-US: Sourcecodester.com Online Graduate Tracer System V CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46954 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46953 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46952 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46951 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46950 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-46949 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46948 RESERVED CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read ...) - nagvis 1:1.9.34-1 [bullseye] - nagvis (Minor issue) [buster] - nagvis (Minor issue) NOTE: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a (nagvis-1.9.34) CVE-2022-46944 RESERVED CVE-2022-46943 RESERVED CVE-2022-46942 RESERVED CVE-2022-46941 RESERVED CVE-2022-46940 RESERVED CVE-2022-46939 RESERVED CVE-2022-46938 RESERVED CVE-2022-46937 RESERVED CVE-2022-46936 RESERVED CVE-2022-46935 RESERVED CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site scripting (XS ...) NOT-FOR-US: kkFileView CVE-2022-46933 RESERVED CVE-2022-46932 RESERVED CVE-2022-46931 RESERVED CVE-2022-46930 RESERVED CVE-2022-46929 RESERVED CVE-2022-46928 RESERVED CVE-2022-46927 RESERVED CVE-2022-46926 RESERVED CVE-2022-46925 RESERVED CVE-2022-46924 RESERVED CVE-2022-46923 RESERVED CVE-2022-46922 RESERVED CVE-2022-46921 RESERVED CVE-2022-46920 RESERVED CVE-2022-46919 RESERVED CVE-2022-46918 RESERVED CVE-2022-46917 RESERVED CVE-2022-46916 RESERVED CVE-2022-46915 RESERVED CVE-2022-46914 (An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA80 ...) NOT-FOR-US: TP-Link CVE-2022-46913 RESERVED CVE-2022-46912 (An issue in the firmware update process of TP-Link TL-WR841N / TL-WA84 ...) NOT-FOR-US: TP-Link CVE-2022-46911 RESERVED CVE-2022-46910 (An issue in the firmware update process of TP-Link TL-WA901ND V1 up to ...) NOT-FOR-US: TP-Link CVE-2022-46909 RESERVED CVE-2022-4429 (Avira Security for Windows contains an unquoted service path which all ...) NOT-FOR-US: Avira Security for Windows CVE-2022-4428 (support_uri parameter in the WARP client local settings file (mdm.xml) ...) NOT-FOR-US: Cloudflare Warp CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ...) {DLA-3551-1} - znuny 6.4.5-1 - otrs2 [bullseye] - otrs2 (Non-free not supported) NOTE: https://www.znuny.org/en/advisories/zsa-2022-07 CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-4425 RESERVED CVE-2022-4424 RESERVED CVE-2022-4423 RESERVED CVE-2022-4422 (Call Center System developed by Bulutses Information Technologies befo ...) NOT-FOR-US: BULUTDESK CALLCENTER CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...) NOT-FOR-US: rAthena FluxCP CVE-2022-4420 RESERVED CVE-2022-4419 RESERVED CVE-2022-4418 (Local privilege escalation due to unrestricted loading of unsigned lib ...) NOT-FOR-US: Acronis CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...) NOT-FOR-US: yikes-inc-easy-mailchimp-extender CVE-2021-4243 REJECTED CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...) {DLA-3313-1} - wireshark 4.0.2-1 [bullseye] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f CVE-2022-4344 (Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 t ...) - wireshark 4.0.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (vulernable loop in code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2022-10.html NOTE: likely https://gitlab.com/wireshark/wireshark/-/commit/e0bd9d312c362318fd19e41c6c0e23fc81d42253 CVE-2022-46908 (SQLite through 3.40.0, when relying on --safe for execution of an untr ...) - sqlite3 3.40.0-2 (bug #1026293) [bullseye] - sqlite3 (Vulnerable code introduced later) [buster] - sqlite3 (Vulnerable code introduced later) - sqlite (--safe introduced in v3.36.0) NOTE: https://sqlite.org/forum/forumpost/07beac8056151b2f NOTE: Fixed by: https://sqlite.org/src/info/cefc032473ac5ad2 CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declared as ...) NOT-FOR-US: RainyGao DocSys CVE-2022-4415 (A vulnerability was found in systemd. This security flaw can cause a l ...) - systemd 252.4-1 (bug #1026831) [bullseye] - systemd 247.3-7+deb11u2 [buster] - systemd (Optional feature; disabled by default) NOTE: Preparation (main branch commit only): https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0 NOTE: Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03 NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce (v247.13) NOTE: Affects only v246 and newer (when acl support was enabled by default), and only if building with libacl support NOTE: Optional (disabled by default) faulty behaviour introduced by v215 NOTE: https://www.openwall.com/lists/oss-security/2022/12/21/3 CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...) NOT-FOR-US: nuxt CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...) NOT-FOR-US: nuxt CVE-2022-4412 RESERVED CVE-2022-4411 RESERVED CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...) NOT-FOR-US: Permalink Manager Lite plugin for WordPress CVE-2022-4409 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: phpMyFAQ CVE-2022-4408 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpMyFAQ CVE-2022-4407 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpMyFAQ CVE-2022-4406 RESERVED CVE-2022-4405 RESERVED CVE-2022-4404 RESERVED CVE-2022-4403 (A vulnerability classified as critical was found in SourceCodester Can ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4402 (A vulnerability classified as critical has been found in RainyGao DocS ...) NOT-FOR-US: RainyGao DocSys CVE-2022-4401 (A vulnerability was found in pallidlight online-course-selection-syste ...) NOT-FOR-US: pallidlight online-course-selection-system CVE-2022-4400 (A vulnerability was found in zbl1996 FS-Blog and classified as problem ...) NOT-FOR-US: zbl1996 FS-Blog CVE-2022-46907 (A carefully crafted request on several JSPWiki plugins could trigger a ...) - jspwiki CVE-2022-4399 (A vulnerability was found in TicklishHoneyBee nodau. It has been rated ...) - nodau 0.3.8-5 (unimportant) NOTE: https://github.com/TicklishHoneyBee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2 NOTE: https://github.com/TicklishHoneyBee/nodau/pull/26 NOTE: Negligible security impact CVE-2022-4398 (Integer Overflow or Wraparound in GitHub repository radareorg/radare2 ...) - radare2 5.9.0+dfsg-1 (bug #1027144) NOTE: https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2 NOTE: https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8 CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has been c ...) NOT-FOR-US: morontt zend-blog-number-2 CVE-2022-4396 (A vulnerability was found in RDFlib pyrdfa3 and classified as problema ...) - python-pyrdfa 3.5.2+20220329~ds-1 (bug #1026051) [bullseye] - python-pyrdfa (Minor issue) NOTE: https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e NOTE: https://github.com/RDFLib/pyrdfa3/pull/40 CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) NOT-FOR-US: WebSoft HCM CVE-2022-46905 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) NOT-FOR-US: WebSoft HCM CVE-2022-46904 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) NOT-FOR-US: WebSoft HCM CVE-2022-46903 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) NOT-FOR-US: WebSoft HCM CVE-2022-46902 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46901 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46900 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46899 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46898 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) NOT-FOR-US: Vocera Report Server and Voice Server CVE-2022-46897 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-46896 RESERVED CVE-2022-46895 RESERVED CVE-2022-46894 RESERVED CVE-2022-46893 RESERVED CVE-2022-4395 (The Membership For WooCommerce WordPress plugin before 2.1.7 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...) NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin CVE-2022-46892 (In Ampere AltraMax and Ampere Altra before 2.10c, improper access cont ...) NOT-FOR-US: Ampere CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...) NOT-FOR-US: Arm Mali CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote authenti ...) NOT-FOR-US: NexusPHP CVE-2022-46889 (A persistent cross-site scripting (XSS) vulnerability in NexusPHP befo ...) NOT-FOR-US: NexusPHP CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities in Nexu ...) NOT-FOR-US: NexusPHP CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow ...) NOT-FOR-US: NexusPHP CVE-2022-46886 (There exists an open redirect within the response list update function ...) NOT-FOR-US: ServiceNow CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...) - firefox 106.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885 CVE-2022-46884 (A potential use-after-free vulnerability existed in SVG Images if the ...) - firefox 106.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46884 CVE-2022-46883 (Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight a ...) - firefox 107.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46883 CVE-2022-46882 (A use-after-free in WebGL extensions could have led to a potentially e ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 107.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46882 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882 CVE-2022-46881 (An optimization in WebGL was incorrect in some cases, and could have l ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 106.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46881 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881 CVE-2022-46880 (A missing check related to tex units could have led to a use-after-fre ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 105.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-46880 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46880 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880 CVE-2022-46879 (Mozilla developers and community members Lukas Bernhard, Gabriele Svel ...) - firefox 108.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879 CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 108.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46878 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878 CVE-2022-46877 (By confusing the browser, the fullscreen notification could have been ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - firefox 108.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46877 CVE-2022-46876 RESERVED CVE-2022-46875 (The executable file warning was not presented when downloading .atloc ...) - firefox (Only affects MacOS) - firefox-esr (Only affects MacOS) - thunderbird (Only affects MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46875 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46875 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875 CVE-2022-46874 (A file with a long filename could have had its filename truncated to r ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 108.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46874 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46874 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46874 CVE-2022-46873 (Because Firefox did not implement the unsafe-hashes CSP d ...) - firefox 108.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873 CVE-2022-46872 (An attacker who compromised a content process could have partially esc ...) {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} - firefox 108.0-1 - firefox-esr 102.6.0esr-1 - thunderbird 1:102.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46872 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872 CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...) {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} - libusrsctp 0.9.3.0+20201007-1 [buster] - libusrsctp (Fix too intrusive and risky to to backport for a minor issue) - firefox 108.0-1 - firefox-esr 102.7.0esr-1 - thunderbird 1:102.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871 NOTE: https://bugs.launchpad.net/ubuntu/+source/libusrsctp/+bug/2015448 NOTE: https://github.com/sctplab/usrsctp/commit/939d48f9632d69bf170c7a84514b312b6b42257d (0.9.4.0) NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Apache Zeppelin CVE-2022-46869 (Local privilege escalation during installation due to improper soft li ...) NOT-FOR-US: Acronis CVE-2022-46868 (Local privilege escalation during recovery due to improper soft link h ...) NOT-FOR-US: Acronis CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...) NOT-FOR-US: WordPress plugin CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...) NOT-FOR-US: WordPress plugin CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...) NOT-FOR-US: WordPress plugin CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...) NOT-FOR-US: WordPress plugin CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...) NOT-FOR-US: WordPress plugin CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) NOT-FOR-US: WordPress plugin CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia ...) NOT-FOR-US: WordPress plugin CVE-2022-46860 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...) NOT-FOR-US: WordPress plugin CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...) NOT-FOR-US: WordPress plugin CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...) NOT-FOR-US: WordPress plugin CVE-2022-46853 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...) NOT-FOR-US: WordPress plugin CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP T ...) NOT-FOR-US: WordPress plugin CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force St ...) NOT-FOR-US: WordPress plugin CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to Arbitra ...) NOT-FOR-US: WordPress plugin CVE-2022-46849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-46847 RESERVED CVE-2022-46846 RESERVED CVE-2022-46845 RESERVED CVE-2022-46844 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...) NOT-FOR-US: WordPress plugin CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Build ...) NOT-FOR-US: WordPress plugin CVE-2022-46840 RESERVED CVE-2022-46839 (Unrestricted Upload of File with Dangerous Type vulnerability in JS He ...) NOT-FOR-US: WordPress plugin CVE-2022-46838 RESERVED CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...) NOT-FOR-US: Netgear CVE-2022-4389 RESERVED CVE-2022-4388 RESERVED CVE-2022-4387 RESERVED CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CS ...) NOT-FOR-US: WordPress plugin CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users with l ...) NOT-FOR-US: WordPress plugin CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...) - linux 6.1.8-1 [bullseye] - linux 5.10.178-1 NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1 NOTE: https://git.kernel.org/linus/d18dcfe9860e842f394e37ba01ca9440ab2178f4 (6.2-rc5) CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4380 RESERVED CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/n ...) {DLA-3404-1} - linux 6.1.4-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/12/14/3 NOTE: https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/ CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...) NOT-FOR-US: S-CMS CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 15.10.8+ds1-2 CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1 NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73 NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c CVE-2022-46835 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...) NOT-FOR-US: IdentitylQ CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...) NOT-FOR-US: SICK CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...) NOT-FOR-US: SICK CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmwa ...) NOT-FOR-US: SICK CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-4371 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-4367 REJECTED CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Seq ...) NOT-FOR-US: Zuken Elmic CVE-2022-43460 (Driver Distributor v2.2.3.1 and earlier contains a vulnerability where ...) NOT-FOR-US: Driver Distributor CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpo ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could connect wi ...) NOT-FOR-US: JetBrains JetBrains Gateway CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS wa ...) - intellij-idea (bug #747616) CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF ...) - intellij-idea (bug #747616) CVE-2022-46826 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allow ...) - intellij-idea (bug #747616) CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leake ...) - intellij-idea (bug #747616) CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fs ...) - intellij-idea (bug #747616) CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 compatibl ...) NOT-FOR-US: Siemens CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...) NOT-FOR-US: WordPress plugin CVE-2022-46821 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...) NOT-FOR-US: WordPress plugin CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...) NOT-FOR-US: WordPress plugin CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...) NOT-FOR-US: WordPress plugin CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...) NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...) NOT-FOR-US: WordPress plugin CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...) NOT-FOR-US: WordPress plugin CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) NOT-FOR-US: WordPress plugin CVE-2022-46811 RESERVED CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) NOT-FOR-US: WordPress plugin CVE-2022-46809 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-46807 RESERVED CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All ...) NOT-FOR-US: WordPress plugin CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...) NOT-FOR-US: WordPress plugin CVE-2022-46804 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46803 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46802 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46801 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...) NOT-FOR-US: WordPress plugin CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) NOT-FOR-US: WordPress plugin CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-o ...) NOT-FOR-US: WordPress plugin CVE-2022-46796 RESERVED CVE-2022-46795 RESERVED CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping ...) NOT-FOR-US: WordPress plugin CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product ...) NOT-FOR-US: WordPress plugin CVE-2022-4366 (Missing Authorization in GitHub repository lirantal/daloradius prior t ...) NOT-FOR-US: daloRADIUS CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...) NOT-FOR-US: Teledyne CVE-2022-4363 RESERVED CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4361 (Keycloak, an open-source identity and access management solution, has ...) NOT-FOR-US: Keycloak CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-4358 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-4357 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4356 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4355 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...) NOT-FOR-US: LinZhaoguan pb-cms CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...) NOT-FOR-US: LinZhaoguan pb-cms CVE-2022-4352 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-4351 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...) NOT-FOR-US: CTF-hacker pwn CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been rated ...) NOT-FOR-US: y_project RuoYi-Cloud CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been declared ...) NOT-FOR-US: xiandafu beetl-bbs CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been declared ...) NOT-FOR-US: DuxCMS CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...) NOT-FOR-US: DuxCMS CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...) NOT-FOR-US: Hasura GraphQL CVE-2022-46791 REJECTED CVE-2022-46790 REJECTED CVE-2022-46789 REJECTED CVE-2022-46788 REJECTED CVE-2022-46787 REJECTED CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...) NOT-FOR-US: SquaredUp Dashboard Server CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...) NOT-FOR-US: SquaredUp Dashboard Server CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open re ...) NOT-FOR-US: SquaredUp Dashboard Server CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If ...) NOT-FOR-US: Stormshield SSL VPN Client CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A ...) NOT-FOR-US: Stormshield SSL VPN Client CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: Arm Mali GPU Kernel Driver CVE-2022-46780 RESERVED CVE-2022-46779 RESERVED CVE-2022-46778 RESERVED CVE-2022-46777 RESERVED CVE-2022-46776 RESERVED CVE-2022-46775 RESERVED CVE-2022-46774 (IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application S ...) NOT-FOR-US: IBM CVE-2022-46773 (IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-46772 RESERVED CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7 ...) NOT-FOR-US: IBM CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through ...) NOT-FOR-US: qubes-mirage-firewall CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Apache Sling CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...) NOT-FOR-US: WordPress plugin CVE-2022-4343 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...) NOT-FOR-US: csliuwy coder-chain_gdut CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service Report ...) - zabbix 1:6.0.13+dfsg-1 (bug #1026847) [bullseye] - zabbix (Vulnerable code introduced later) [buster] - zabbix (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-22087 NOTE: Vulnerable service introduced in 5.4.0 https://support.zabbix.com/browse/ZBXNEXT-6478 CVE-2022-46767 RESERVED CVE-2022-46766 RESERVED CVE-2022-46765 RESERVED CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 al ...) NOT-FOR-US: TrueConf Server CVE-2022-46763 (A SQL injection issue in a database stored function in TrueConf Server ...) NOT-FOR-US: TrueConf Server CVE-2022-46762 (The memory management module has a logic bypass vulnerability.Successf ...) NOT-FOR-US: Huawei CVE-2022-46761 (The system has a vulnerability that may cause dynamic hiding and resto ...) NOT-FOR-US: Huawei CVE-2022-46760 RESERVED CVE-2022-46759 RESERVED CVE-2022-46758 RESERVED CVE-2022-46757 RESERVED CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...) NOT-FOR-US: Dell CVE-2022-46755 (Wyse Management Suite 3.8 and below contain an improper access control ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access control ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46753 REJECTED CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...) NOT-FOR-US: Dell CVE-2022-46751 (Improper Restriction of XML External Entity Reference, XML Injection ( ...) NOT-FOR-US: Apache Ivy CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...) NOT-FOR-US: WordPress plugin CVE-2022-4339 REJECTED CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in various ...) {DSA-5319-1 DLA-3253-1} - openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273) NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2 NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html NOTE: https://github.com/openvswitch/ovs/pull/405 NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4 CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in variou ...) {DSA-5319-1 DLA-3253-1} - openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273) NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2 NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html NOTE: https://github.com/openvswitch/ovs/pull/405 NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4 CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability attackers ...) NOT-FOR-US: BAOTA linux panel CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitLab EE ...) - gitlab (Specific to EE) CVE-2022-4334 REJECTED CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher A ...) NOT-FOR-US: Sprecher Automation CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x avulnera ...) NOT-FOR-US: Sprecher Automation CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...) NOT-FOR-US: WordPress plugin CVE-2022-4328 (The WooCommerce Checkout Field Manager WordPress plugin before 18.0 do ...) NOT-FOR-US: WordPress plugin CVE-2022-4327 REJECTED CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...) NOT-FOR-US: Trellix Endpoint Agent (xAgent) CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...) NOT-FOR-US: WordPress plugin CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...) NOT-FOR-US: WordPress plugin CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...) NOT-FOR-US: CODESYS CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...) NOT-FOR-US: Qualcomm CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...) NOT-FOR-US: Qualcomm CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse comparison ...) NOT-FOR-US: Qualcomm CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...) NOT-FOR-US: Qualcomm CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...) NOT-FOR-US: Qualcomm CVE-2023-21668 RESERVED CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to validate t ...) NOT-FOR-US: Qualcomm CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...) NOT-FOR-US: Qualcomm CVE-2023-21665 (Memory corruption in Graphics while importing a file.) NOT-FOR-US: Qualcomm CVE-2023-21664 (Memory Corruption in Core Platform while printing the response buffer ...) NOT-FOR-US: Qualcomm CVE-2023-21663 (Memory Corruption while accessing metadata in Display.) NOT-FOR-US: Qualcomm CVE-2023-21662 (Memory corruption in Core Platform while printing the response buffer ...) NOT-FOR-US: Qualcomm CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.) NOT-FOR-US: Qualcomm CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.) NOT-FOR-US: Qualcomm CVE-2023-21659 (Transient DOS in WLAN Firmware while processing frames with missing he ...) NOT-FOR-US: Qualcomm CVE-2023-21658 (Transient DOS in WLAN Firmware while processing the received beacon or ...) NOT-FOR-US: Qualcomm CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record use cas ...) NOT-FOR-US: Qualcomm CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...) NOT-FOR-US: Qualcomm CVE-2023-21655 (Memory corruption in Audio while validating and mapping metadata.) NOT-FOR-US: Qualcomm CVE-2023-21654 (Memory corruption in Audio during playback session with audio effects ...) NOT-FOR-US: Qualcomm CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration message.) NOT-FOR-US: Qualcomm CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...) NOT-FOR-US: Qualcomm CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...) NOT-FOR-US: Qualcomm CVE-2023-21650 (Memory Corruption in GPS HLOS Driver when injectFdclData receives data ...) NOT-FOR-US: Qualcomm CVE-2023-21649 (Memory corruption in WLAN while running doDriverCmd for an unspecific ...) NOT-FOR-US: Qualcomm CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.) NOT-FOR-US: Qualcomm CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...) NOT-FOR-US: Qualcomm CVE-2023-21646 (Transient DOS in Modem while processing invalid System Information Blo ...) NOT-FOR-US: Qualcomm CVE-2023-21645 RESERVED CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while triggering qcri ...) NOT-FOR-US: Qualcomm CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...) NOT-FOR-US: Qualcomm CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...) NOT-FOR-US: Qualcomm CVE-2023-21641 (An app with non-privileged access can change global system brightness ...) NOT-FOR-US: Qualcomm CVE-2023-21640 (Memory corruption in Linux when the file upload API is called with par ...) NOT-FOR-US: Qualcomm CVE-2023-21639 (Memory corruption in Audio while processing sva_model_serializer using ...) NOT-FOR-US: Qualcomm CVE-2023-21638 (Memory corruption in Video while calling APIs with different instance ...) NOT-FOR-US: Qualcomm CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.) NOT-FOR-US: Qualcomm CVE-2023-21636 (Memory Corruption due to improper validation of array index in Linux w ...) NOT-FOR-US: Qualcomm CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...) NOT-FOR-US: Qualcomm CVE-2023-21634 (Memory Corruption in Radio Interface Layer while sending an SMS or wri ...) NOT-FOR-US: Qualcomm CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...) NOT-FOR-US: Qualcomm CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.) NOT-FOR-US: Qualcomm CVE-2023-21631 (Weak Configuration due to improper input validation in Modem while pro ...) NOT-FOR-US: Qualcomm CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...) NOT-FOR-US: Qualcomm CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the PKCS15 ...) NOT-FOR-US: Qualcomm CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...) NOT-FOR-US: Qualcomm CVE-2023-21627 (Memory corruption in Trusted Execution Environment while calling servi ...) NOT-FOR-US: Qualcomm CVE-2023-21626 (Cryptographic issue in HLOS due to improper authentication while perfo ...) NOT-FOR-US: Qualcomm CVE-2023-21625 (Information disclosure in Network Services due to buffer over-read whi ...) NOT-FOR-US: Qualcomm CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.) NOT-FOR-US: Qualcomm CVE-2022-46750 REJECTED CVE-2022-46749 REJECTED CVE-2022-46748 REJECTED CVE-2022-46747 REJECTED CVE-2022-46746 REJECTED CVE-2022-46745 REJECTED CVE-2022-46744 REJECTED CVE-2022-46743 REJECTED CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...) NOT-FOR-US: PaddlePaddle CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.) NOT-FOR-US: PaddlePaddle CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module of the ...) NOT-FOR-US: Huawei CVE-2022-46728 REJECTED CVE-2022-46727 REJECTED CVE-2022-46726 RESERVED CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue was addre ...) {DSA-5341-1 DSA-5340-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2022-46724 (This issue was addressed by restricting options offered on a locked de ...) NOT-FOR-US: Apple CVE-2022-46723 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-46722 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-46721 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2022-46719 REJECTED CVE-2022-46718 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: APple CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-46715 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: APple CVE-2022-46714 RESERVED CVE-2022-46713 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2022-46712 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-46711 RESERVED CVE-2022-46710 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-46709 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-46708 REJECTED CVE-2022-46707 REJECTED CVE-2022-46706 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was addre ...) {DSA-5341-1 DSA-5340-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-46703 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-46700 (A memory corruption issue was addressed with improved input validation ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-46699 (A memory corruption issue was addressed with improved state management ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-46698 (A logic issue was addressed with improved checks. This issue is fixed ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-46697 (An out-of-bounds access issue was addressed with improved bounds check ...) NOT-FOR-US: Apple CVE-2022-46696 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-46695 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple CVE-2022-46694 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-46693 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-46692 (A logic issue was addressed with improved state management. This issue ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-46691 (A memory consumption issue was addressed with improved memory handling ...) {DSA-5274-1 DSA-5273-1 DLA-3183-1} - webkit2gtk 2.38.1-1 - wpewebkit 2.38.1-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-46690 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-46689 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2022-46688 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Ger ...) NOT-FOR-US: Jenkins plugin CVE-2022-46687 (Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build d ...) NOT-FOR-US: Jenkins plugin CVE-2022-46686 (Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-46685 (In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea ...) NOT-FOR-US: Jenkins plugin CVE-2022-46684 (Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values r ...) NOT-FOR-US: Jenkins plugin CVE-2022-46683 (Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperl ...) NOT-FOR-US: Jenkins plugin CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML pars ...) NOT-FOR-US: Jenkins plugin CVE-2022-46681 REJECTED CVE-2022-46680 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) NOT-FOR-US: Schneider Electric CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...) NOT-FOR-US: Dell CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper access contr ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46677 (Wyse Management Suite 3.8 and below contain an improper access control ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access control ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information ...) NOT-FOR-US: Wyse Management Suite CVE-2022-46656 (Insecure inherited permissions for the Intel(R) NUC Pro Software Suite ...) NOT-FOR-US: Intel CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus Android ...) NOT-FOR-US: Intel CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...) NOT-FOR-US: Intel CVE-2022-45112 (Improper access control in some Intel(R) VROC software before version ...) NOT-FOR-US: Intel CVE-2022-44607 RESERVED CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions prior t ...) NOT-FOR-US: Zenphoto CVE-2022-43502 RESERVED CVE-2022-43498 RESERVED CVE-2022-43474 (Uncontrolled search path for the DSP Builder software installer before ...) NOT-FOR-US: Intel CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...) NOT-FOR-US: maku-boot CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...) NOT-FOR-US: WordPress plugin CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4319 RESERVED CVE-2022-4318 (A vulnerability was found in cri-o. This issue allows the addition of ...) - cri-o (bug #979702) CVE-2022-4317 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...) NOT-FOR-US: Gitlab DAST analyzer CVE-2022-4316 RESERVED CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...) NOT-FOR-US: Gitlab DAST analyzer CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffweb pr ...) - rdiffweb (bug #969974) CVE-2022-4313 (A vulnerability was reported where through modifying the scan variable ...) NOT-FOR-US: Tenable CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...) NOT-FOR-US: PcVue CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...) NOT-FOR-US: PcVue CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...) NOT-FOR-US: Intel CVE-2022-42700 RESERVED CVE-2022-46674 RESERVED CVE-2022-46673 REJECTED CVE-2022-46672 REJECTED CVE-2022-46671 REJECTED CVE-2022-46670 (Rockwell Automation was made aware of a vulnerability by a security re ...) NOT-FOR-US: Rockwell Automation CVE-2022-46669 REJECTED CVE-2022-46668 REJECTED CVE-2022-46667 REJECTED CVE-2022-46666 REJECTED CVE-2022-46665 REJECTED CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (All ve ...) NOT-FOR-US: Siemens CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file path. S ...) NOT-FOR-US: Roxio CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-4308 (Plaintext Storage of a Password vulnerability in Secomea GateManager ( ...) NOT-FOR-US: Secomea CVE-2022-4307 (The \u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062 ...) NOT-FOR-US: WordPress plugin CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...) NOT-FOR-US: WordPress plugin CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...) {DSA-5343-1 DLA-3325-1} - openssl 3.0.8-1 NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8) (reverted in 908eaceb62624f5b5c505b286d904bd3a4e8a64a) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a00d757d9ca212994625d1a02c81cc5edd27e13b (openssl-3.0.9) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t) (reverted in 0372649a943fb23f7f08c7acdbc01464b9df03f0) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae (OpenSSL_1_1_1t) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8daa2616bbe6f7994e0cdd796d3280118c51d8d8 (OpenSSL_1_1_1t) CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...) NOT-FOR-US: WordPress plugin CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...) NOT-FOR-US: WordPress plugin CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...) NOT-FOR-US: FastCMS CVE-2022-4299 (The Metricool WordPress plugin before 1.18 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not have autho ...) NOT-FOR-US: WordPress plugin CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-4296 (A vulnerability classified as problematic has been found in TP-Link TL ...) NOT-FOR-US: TP-Link CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not filte ...) - less 590-1.2 (bug #1030825) [bullseye] - less (Vulnerable code not present) [buster] - less (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/7 NOTE: Introduced by: https://github.com/gwsw/less/commit/0f810ef16781bf0f59690be63af876bddabf68bf (v566) NOTE: Fixed by: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c CVE-2022-46651 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow (bug #819700) CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...) NOT-FOR-US: ALEOS CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...) NOT-FOR-US: ALEOS CVE-2022-46647 (Insertion of sensitive information into log file for some Intel Unison ...) NOT-FOR-US: Intel CVE-2022-46646 (Exposure of sensitive information to an unauthorized actor for some In ...) NOT-FOR-US: Intel CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...) {DLA-3596-1} - firmware-nonfree (bug #1051892) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html NOTE: Fixed upstream in linux-firmware/20230804 CVE-2022-46301 (Improper Initialization for some Intel Unison software may allow a pri ...) NOT-FOR-US: Intel CVE-2022-46299 (Insufficient control flow management for some Intel Unison software ma ...) NOT-FOR-US: Intel CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a privileg ...) NOT-FOR-US: Intel CVE-2022-46283 RESERVED CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...) NOT-FOR-US: CX-Drive CVE-2022-45469 (Improper input validation for some Intel Unison software may allow an ...) NOT-FOR-US: Intel CVE-2022-43666 (Exposure of sensitive system information due to uncleared debug inform ...) NOT-FOR-US: Intel CVE-2022-43496 RESERVED CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the Add UCS ...) NOT-FOR-US: ZoHo ManageEngine CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-46644 RESERVED CVE-2022-46643 RESERVED CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...) NOT-FOR-US: D-Link CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...) NOT-FOR-US: D-Link CVE-2022-46640 (Nanoleaf Desktop App before v1.3.1 was discovered to contain a command ...) NOT-FOR-US: Nanoleaf CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...) NOT-FOR-US: Prestashop CVE-2022-46638 RESERVED CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded credentials ...) NOT-FOR-US: Prolink router CVE-2022-46636 RESERVED CVE-2022-46635 RESERVED CVE-2022-46634 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-46633 RESERVED CVE-2022-46632 RESERVED CVE-2022-46631 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-46630 RESERVED CVE-2022-46629 RESERVED CVE-2022-46628 RESERVED CVE-2022-46627 RESERVED CVE-2022-46626 RESERVED CVE-2022-46625 RESERVED CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate Tracer S ...) NOT-FOR-US: Online Graduate Tracer System CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Judging Management System CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...) NOT-FOR-US: Judging Management System CVE-2022-46621 REJECTED CVE-2022-46620 REJECTED CVE-2022-46619 RESERVED CVE-2022-46618 RESERVED CVE-2022-46617 RESERVED CVE-2022-46616 RESERVED CVE-2022-46615 RESERVED CVE-2022-46614 RESERVED CVE-2022-46613 RESERVED CVE-2022-46612 RESERVED CVE-2022-46611 RESERVED CVE-2022-46610 (72crm v9 was discovered to contain an arbitrary file upload vulnerabil ...) NOT-FOR-US: 72crm CVE-2022-46609 (Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...) NOT-FOR-US: backdoored Python3-RESTfulAPI package CVE-2022-46608 RESERVED CVE-2022-46607 RESERVED CVE-2022-46606 RESERVED CVE-2022-46605 RESERVED CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below allows att ...) NOT-FOR-US: Tecrail Responsive FileManager CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...) NOT-FOR-US: Inkdrop CVE-2022-46602 RESERVED CVE-2022-46601 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46600 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46599 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46598 (TRENDnet TEW755AP 1.13B01 was discovered to contain a command injectio ...) NOT-FOR-US: TRENDnet CVE-2022-46597 (TRENDnet TEW755AP 1.13B01 was discovered to contain a command injectio ...) NOT-FOR-US: TRENDnet CVE-2022-46596 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46595 RESERVED CVE-2022-46594 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46593 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46592 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46591 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46590 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46589 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46588 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46587 RESERVED CVE-2022-46586 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46585 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46584 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46583 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46582 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46581 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46580 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) NOT-FOR-US: TRENDnet CVE-2022-46579 RESERVED CVE-2022-46578 RESERVED CVE-2022-46577 RESERVED CVE-2022-46576 RESERVED CVE-2022-46575 RESERVED CVE-2022-46574 RESERVED CVE-2022-46573 RESERVED CVE-2022-46572 RESERVED CVE-2022-46571 RESERVED CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46567 RESERVED CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46565 RESERVED CVE-2022-46564 RESERVED CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) NOT-FOR-US: D-Link CVE-2022-46559 RESERVED CVE-2022-46558 RESERVED CVE-2022-46557 RESERVED CVE-2022-46556 RESERVED CVE-2022-46555 RESERVED CVE-2022-46554 RESERVED CVE-2022-46553 RESERVED CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote ...) NOT-FOR-US: D-Link CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46549 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46548 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46547 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46546 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46545 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46544 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46543 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46542 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46541 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46540 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46539 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46538 (Tenda F1203 V2.0.1.6 was discovered to contain a command injection vul ...) NOT-FOR-US: Tenda CVE-2022-46537 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46536 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46535 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46534 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46533 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46532 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46531 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46530 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) NOT-FOR-US: Tenda CVE-2022-46529 RESERVED CVE-2022-46528 RESERVED CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow ...) NOT-FOR-US: ELSYS ERS CVE-2022-46526 RESERVED CVE-2022-46525 RESERVED CVE-2022-46524 RESERVED CVE-2022-46523 RESERVED CVE-2022-46522 RESERVED CVE-2022-46521 RESERVED CVE-2022-46520 RESERVED CVE-2022-46519 RESERVED CVE-2022-46518 RESERVED CVE-2022-46517 RESERVED CVE-2022-46516 RESERVED CVE-2022-46515 RESERVED CVE-2022-46514 RESERVED CVE-2022-46513 RESERVED CVE-2022-46512 RESERVED CVE-2022-46511 RESERVED CVE-2022-46510 RESERVED CVE-2022-46509 RESERVED CVE-2022-46508 RESERVED CVE-2022-46507 RESERVED CVE-2022-46506 RESERVED CVE-2022-46505 (An issue in MatrixSSL 4.5.1-open and earlier leads to failure to secur ...) - matrixssl CVE-2022-46504 RESERVED CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...) NOT-FOR-US: Online Student Enrollment System CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Student Enrollment System CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered ...) NOT-FOR-US: Accruent LLC Maintenance Connection CVE-2022-46500 RESERVED CVE-2022-46499 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Hospital Management System CVE-2022-46498 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Hospital Management System CVE-2022-46497 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Hospital Management System CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...) NOT-FOR-US: BTicino Door Entry HOMETOUCH CVE-2022-46495 RESERVED CVE-2022-46494 RESERVED CVE-2022-46493 (Default version of nbnbk was discovered to contain an arbitrary file u ...) NOT-FOR-US: nbnbk CVE-2022-46492 (nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered t ...) NOT-FOR-US: nbnbk CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administr ...) NOT-FOR-US: nbnbk CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2327 NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0) CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) [experimental] - gpac 2.2.1+dfsg1-1 - gpac 2.2.1+dfsg1-2 (bug #1033116) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2328 NOTE: https://github.com/gpac/gpac/commit/44e8616ec6d0c37498cdacb81375b09249fa9daa (v2.2.0) CVE-2022-46488 RESERVED CVE-2022-46487 (Improper initialization of x87 and SSE floating-point configuration re ...) NOT-FOR-US: SCONE CVE-2022-46486 (A lack of pointer-validation logic in the __scone_dispatch component o ...) NOT-FOR-US: SCONE CVE-2022-46485 (Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and be ...) NOT-FOR-US: ngSurvey CVE-2022-46484 (Information disclosure in password protected surveys in Data Illusion ...) NOT-FOR-US: ngSurvey CVE-2022-46483 RESERVED CVE-2022-46482 RESERVED CVE-2022-46481 RESERVED CVE-2022-46480 (Incorrect Session Management and Credential Re-use in the Bluetooth LE ...) NOT-FOR-US: Ultraloq UL3 2nd Gen Smart Lock Firmware CVE-2022-46479 RESERVED CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no ...) NOT-FOR-US: datax-web CVE-2022-46477 RESERVED CVE-2022-46476 (D-Link DIR-859 A1 1.05 was discovered to contain a command injection v ...) NOT-FOR-US: D-Link CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack over ...) NOT-FOR-US: D-Link CVE-2022-46474 RESERVED CVE-2022-46473 RESERVED CVE-2022-46472 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46471 (Online Health Care System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Online Health Care System CVE-2022-46470 RESERVED CVE-2022-46469 RESERVED CVE-2022-46468 RESERVED CVE-2022-46467 RESERVED CVE-2022-46466 RESERVED CVE-2022-46465 RESERVED CVE-2022-46464 REJECTED CVE-2022-46463 (An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to ...) NOT-FOR-US: Harbor CVE-2022-46462 RESERVED CVE-2022-46461 RESERVED CVE-2022-46460 RESERVED CVE-2022-46459 RESERVED CVE-2022-46458 RESERVED CVE-2022-46457 (NASM v2.16 was discovered to contain a segmentation violation in the c ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392809 NOTE: Crash in CLI tool, no security impact CVE-2022-46456 (NASM v2.16 was discovered to contain a global buffer overflow in the c ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392814 NOTE: Crash in CLI tool, no security impact CVE-2022-46455 RESERVED CVE-2022-46454 RESERVED CVE-2022-46453 RESERVED CVE-2022-46452 RESERVED CVE-2022-46451 RESERVED CVE-2022-46450 RESERVED CVE-2022-46449 (An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cau ...) - mpd (Only affects Windows) NOTE: https://github.com/MusicPlayerDaemon/MPD/issues/1676 NOTE: https://github.com/MusicPlayerDaemon/MPD/commit/73b5d0a9b9ace89edcee30d9d83eb16c27c6f9b2 (v0.23.11) CVE-2022-46448 RESERVED CVE-2022-46447 RESERVED CVE-2022-46446 RESERVED CVE-2022-46445 RESERVED CVE-2022-46444 RESERVED CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...) NOT-FOR-US: mesinkasir Bangresto CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n quer ...) NOT-FOR-US: dedecms CVE-2022-46441 RESERVED CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation violation via ...) - swftools CVE-2022-46439 RESERVED CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...) NOT-FOR-US: DouPHP CVE-2022-46437 RESERVED CVE-2022-46436 RESERVED CVE-2022-46435 (An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up ...) NOT-FOR-US: TP-Link CVE-2022-46434 (An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12 ...) NOT-FOR-US: TP-Link CVE-2022-46433 RESERVED CVE-2022-46432 (An exploitable firmware modification vulnerability was discovered on T ...) NOT-FOR-US: TP-Link CVE-2022-46431 RESERVED CVE-2022-46430 (TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated a ...) NOT-FOR-US: TP-Link CVE-2022-46429 RESERVED CVE-2022-46428 (TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attack ...) NOT-FOR-US: TP-Link CVE-2022-46427 RESERVED CVE-2022-46426 RESERVED CVE-2022-46425 RESERVED CVE-2022-46424 (An exploitable firmware modification vulnerability was discovered on t ...) NOT-FOR-US: Netgear CVE-2022-46423 (An exploitable firmware modification vulnerability was discovered on t ...) NOT-FOR-US: Netgear CVE-2022-46422 (An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticate ...) NOT-FOR-US: Netgear CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices allows a ...) NOT-FOR-US: Buffalo network devices CVE-2022-43466 (OS command injection vulnerability in Buffalo network devices allows a ...) NOT-FOR-US: Buffalo network devices CVE-2022-43443 (OS command injection vulnerability in Buffalo network devices allows a ...) NOT-FOR-US: Buffalo network devices CVE-2022-4294 (Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible ...) NOT-FOR-US: Norton CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repository ...) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143 NOTE: https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b (v9.0.0804) NOTE: Crash in CLI tool, no security impact CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882.) - vim 2:9.0.1000-1 (unimportant) NOTE: https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b NOTE: https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 (v9.0.0882) NOTE: Crash in CLI tool, no security impact CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...) NOT-FOR-US: Avast Antivirus CVE-2022-4290 (The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL ...) NOT-FOR-US: WordPress plugin CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-4288 RESERVED CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-4286 (A reflected cross-site scripting (XSS) vulnerability exists in System ...) NOT-FOR-US: B&R Automation Runtime CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...) - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 NOTE: binutils not covered by security support CVE-2022-4284 REJECTED CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c CVE-2022-4282 (A vulnerability was found in SpringBootCMS and classified as critical. ...) NOT-FOR-US: SpringBootCMS CVE-2022-46421 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Airflow Hive provider CVE-2022-4281 (A vulnerability has been found in Facepay 1.0 and classified as critic ...) NOT-FOR-US: Facepay CVE-2022-46288 (Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and e ...) NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...) NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...) NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate term ...) NOT-FOR-US: Parrot Bebop CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent legitimate ter ...) NOT-FOR-US: DJI Spark CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) NOT-FOR-US: Veritas CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) NOT-FOR-US: Veritas CVE-2022-46412 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A ...) NOT-FOR-US: Veritas CVE-2022-46411 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) NOT-FOR-US: Veritas CVE-2022-46410 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A ...) NOT-FOR-US: Veritas CVE-2022-46409 RESERVED CVE-2022-46408 (Ericsson Network Manager (ENM), versions prior to 22.1, contains a vul ...) NOT-FOR-US: Ericsson Network Manager CVE-2022-46407 (Ericsson Network Manager (ENM), versions prior to 22.2, contains a vul ...) NOT-FOR-US: Ericsson Network Manager CVE-2022-46406 RESERVED CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of service ( ...) - mastodon (bug #859741) CVE-2022-46404 (A command injection vulnerability has been identified in Atos Unify Op ...) NOT-FOR-US: Atos Unify OpenScape CVE-2022-46403 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) NOT-FOR-US: Microchip CVE-2022-46402 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) NOT-FOR-US: Microchip CVE-2022-46401 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) NOT-FOR-US: Microchip CVE-2022-46400 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) NOT-FOR-US: Microchip CVE-2022-46399 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) NOT-FOR-US: Microchip CVE-2022-46398 RESERVED CVE-2022-46397 (FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, ...) NOT-FOR-US: FD.io VPP (Vector Packet Processor) IPSec CVE-2022-46396 (An issue was discovered in the Arm Mali Kernel Driver. A non-privilege ...) NOT-FOR-US: Arm Mali CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: Arm Mali CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: Arm Mali CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...) - mbedtls 2.28.2-1 [bullseye] - mbedtls (The vulnerable code was introduced later) [buster] - mbedtls (The vulnerable code was introduced later) NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 NOTE: Fixed by https://github.com/Mbed-TLS/mbedtls/commit/f385fcebee017973cf4137333628a78248f1f443 CVE-2022-46392 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...) - mbedtls 2.28.2-1 [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 NOTE: Issue is most likely related to library/bignum.c and the mbedtls_mpi_exp_mod function. CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...) {DLA-3225-1} - awstats 7.8-3 (bug #1025410) [bullseye] - awstats 7.8-2+deb11u1 NOTE: https://github.com/eldy/AWStats/pull/226 NOTE: Fixed by: https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965 CVE-2022-46390 RESERVED CVE-2022-46389 (There exists a reflected XSS within the logout functionality of Servic ...) NOT-FOR-US: ServiceNow CVE-2022-46388 RESERVED CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...) NOT-FOR-US: ConEmu CVE-2022-46386 RESERVED CVE-2022-46385 RESERVED CVE-2022-46384 RESERVED CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...) NOT-FOR-US: RackN Digital Rebar CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...) NOT-FOR-US: RackN Digital Rebar CVE-2022-46381 (Certain Linear eMerge E3-Series devices are vulnerable to XSS via the ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Dot Tech Smart Campus System CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-4278 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management System. It ...) NOT-FOR-US: Shaoxing Background Management System CVE-2022-4276 (A vulnerability was found in House Rental System and classified as cri ...) NOT-FOR-US: House Rental System CVE-2022-4275 (A vulnerability has been found in House Rental System and classified a ...) NOT-FOR-US: House Rental System CVE-2022-4274 (A vulnerability, which was classified as critical, was found in House ...) NOT-FOR-US: House Rental System CVE-2022-4273 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...) NOT-FOR-US: FeMiner wms CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...) NOT-FOR-US: WellinTech KingHistorian CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena function ...) NOT-FOR-US: Ichitaro CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...) NOT-FOR-US: ESTsoft Alyac CVE-2022-46378 (An out-of-bounds read vulnerability exists in the PORT command paramet ...) NOT-FOR-US: uC-FTPs CVE-2022-46377 (An out-of-bounds read vulnerability exists in the PORT command paramet ...) NOT-FOR-US: uC-FTPs CVE-2022-46376 RESERVED CVE-2022-46375 RESERVED CVE-2022-46374 RESERVED CVE-2022-46373 RESERVED CVE-2022-46372 (Alotcer - AR7088H-A firmware version 16.10.3 Command execution Imprope ...) NOT-FOR-US: Alotcer - AR7088H-A firmware CVE-2022-46371 (Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. U ...) NOT-FOR-US: Alotcer - AR7088H-A firmware CVE-2022-46370 (Rumpus - FTP server version 9.0.7.1 Improper Token Verification\u2013 ...) NOT-FOR-US: Rumpus - FTP server CVE-2022-46369 (Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (P ...) NOT-FOR-US: Rumpus - FTP server CVE-2022-46368 (Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) ...) NOT-FOR-US: Rumpus - FTP server CVE-2022-46367 (Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege ...) NOT-FOR-US: Rumpus - FTP server CVE-2022-46365 (Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs i ...) NOT-FOR-US: Apache StreamPark CVE-2022-46364 (A SSRF vulnerability in parsing thehref attribute of XOP:Include in MT ...) NOT-FOR-US: Apache CXF CVE-2022-46363 (A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows ...) NOT-FOR-US: Apache CXF CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) NOT-FOR-US: osTicket CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...) NOT-FOR-US: M-Files Web CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...) {DSA-5480-1 DLA-3623-1} - linux 6.1.20-2 NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/ CVE-2022-4268 (The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4267 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4266 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not h ...) NOT-FOR-US: WordPress plugin CVE-2022-4265 (The Replyable WordPress plugin before 2.2.10 does not validate the cla ...) NOT-FOR-US: WordPress plugin CVE-2022-4264 (Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files bef ...) NOT-FOR-US: M-Files CVE-2022-4263 RESERVED CVE-2022-XXXX [node-d3-color redos] - node-d3-color 1.2.8-5 [bullseye] - node-d3-color (Minor issue) [buster] - node-d3-color (Minor issue) NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58 NOTE: https://github.com/d3/d3-color/issues/97 NOTE: https://github.com/d3/d3-color/pull/100 CVE-2023-21623 RESERVED CVE-2023-21622 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker CVE-2023-21621 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker CVE-2023-21618 (Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-21617 RESERVED CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-21615 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) NOT-FOR-US: Adobe CVE-2023-21614 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21613 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21612 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21611 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21610 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21609 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21608 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21607 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21606 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21605 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21604 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21603 (Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2023-21602 RESERVED CVE-2023-21601 (Adobe Dimension version 3.4.6 (and earlier) are affected by a Use Afte ...) NOT-FOR-US: Adobe CVE-2023-21600 RESERVED CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21598 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21597 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21596 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) NOT-FOR-US: Adobe CVE-2023-21593 (Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) ...) NOT-FOR-US: Adobe CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21590 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21589 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) NOT-FOR-US: Adobe CVE-2023-21586 RESERVED CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) NOT-FOR-US: FrameMaker CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2023-21582 (Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21580 RESERVED CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) NOT-FOR-US: Adobe CVE-2023-21578 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) NOT-FOR-US: Adobe CVE-2023-21577 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) NOT-FOR-US: Adobe CVE-2023-21576 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) NOT-FOR-US: Adobe CVE-2023-21575 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) NOT-FOR-US: Adobe CVE-2023-21574 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) NOT-FOR-US: Adobe CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...) {DSA-5295-1} - chromium 108.0.5359.94-1 [buster] - chromium (see DSA 5046) CVE-2023-21573 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-21572 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-21569 (Azure DevOps Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2023-21567 (Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21565 (Azure DevOps Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21562 RESERVED CVE-2023-21561 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21560 (Windows Boot Manager Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21559 (Windows Cryptographic Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21558 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21557 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...) NOT-FOR-US: Microsoft CVE-2023-21556 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21554 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21550 (Windows Cryptographic Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21549 (Windows SMB Witness Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21548 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-21547 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21546 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21545 RESERVED CVE-2023-21544 RESERVED CVE-2023-21543 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2023-21542 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21541 (Windows Task Scheduler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21540 (Windows Cryptographic Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21539 (Windows Authentication Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21538 (.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21537 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21536 (Event Tracing for Windows Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21535 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2023-21534 RESERVED CVE-2023-21533 RESERVED CVE-2023-21532 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21530 RESERVED CVE-2023-21529 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21528 (Microsoft SQL Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21526 (Windows Netlogon Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...) NOT-FOR-US: Rapid7 Nexpose and InsightVM CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4259 (Due to improper input validation in the Alerts controller, a SQL injec ...) NOT-FOR-US: Nozomi Networks CVE-2022-4258 (In multiple versions of HIMA PC based Software an unquoted Windows sea ...) NOT-FOR-US: HIMA CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...) NOT-FOR-US: C-DATA Web Management System CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE from 13 ...) - gitlab (Specific to EE) CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...) {DLA-3436-1} - sssd 2.3.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894 NOTE: https://github.com/SSSD/sssd/issues/5135 NOTE: https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 NOTE: https://github.com/SSSD/sssd/commit/918fb32af6a271230bf87db47f78768edb9ca86c (sssd-1-16) CVE-2022-4253 (A vulnerability was found in SourceCodester Canteen Management System. ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4252 (A vulnerability was found in SourceCodester Canteen Management System. ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4251 (A vulnerability was found in Movie Ticket Booking System and classifie ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4250 (A vulnerability has been found in Movie Ticket Booking System and clas ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4249 (A vulnerability, which was classified as problematic, was found in Mov ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4248 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket Booki ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) NOT-FOR-US: Kakao PotPlayer CVE-2022-46366 (Apache Tapestry 3.x allows deserialization of untrusted data, leading ...) NOT-FOR-US: Apache Tapestry CVE-2022-46361 (An attacker having physical access to WDM can plug USB device to gain ...) NOT-FOR-US: Honeywell CVE-2022-43485 (Use of Insufficiently Random Values in Honeywell OneWireless. This vul ...) NOT-FOR-US: Honeywell CVE-2022-4245 (A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml. ...) - plexus-utils2 3.0.24-1 NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-461102 NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de (plexus-utils-3.0.24) NOTE: https://github.com/codehaus-plexus/plexus-utils/issues/3 CVE-2022-4244 (A flaw was found in codeplex-codehaus. A directory traversal attack (a ...) - plexus-utils2 3.0.24-1 NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521 NOTE: https://github.com/codehaus-plexus/plexus-utils/issues/4 NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef (plexus-utils-3.0.24) CVE-2022-4243 (The ImageInject WordPress plugin through 1.17 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4242 (The WP Google Review Slider WordPress plugin before 11.6 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-4241 RESERVED CVE-2022-4240 (Missing Authentication for Critical Function vulnerability in Honeywel ...) NOT-FOR-US: Honeywell CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security Manager ...) NOT-FOR-US: HP CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security Manager ...) NOT-FOR-US: HP CVE-2022-46357 (Potential vulnerabilities have been identified in HP Security Manager ...) NOT-FOR-US: HP CVE-2022-46356 (Potential vulnerabilities have been identified in HP Security Manager ...) NOT-FOR-US: HP CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46353 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46352 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46351 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46350 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) NOT-FOR-US: Siemens CVE-2022-46349 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-46348 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-46347 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-46346 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-46345 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-4239 (The Workreap WordPress theme before 2.6.4 does not verify that an addo ...) NOT-FOR-US: WordPress theme CVE-2022-4238 RESERVED CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4235 (RushBet version 2022.23.1-b490616d allows a remote attacker to steal c ...) NOT-FOR-US: RushBet CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...) NOT-FOR-US: SourceCodester Event Registration System CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Event Registration System CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Tribal Systems Zenario CMS CVE-2022-4230 (The WP Statistics WordPress plugin before 13.2.9 does not escape a par ...) NOT-FOR-US: WordPress plugin CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...) NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-4227 (The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plu ...) NOT-FOR-US: WordPress plugin CVE-2022-4226 (The Simple Basic Contact Form WordPress plugin before 20221201 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-4225 RESERVED CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...) NOT-FOR-US: Sapido CVE-2022-46344 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8 CVE-2022-46343 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900 CVE-2022-46342 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b CVE-2022-46341 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs becuase ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) - xwayland 2:22.1.6-1 NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 CVE-2022-46339 RESERVED CVE-2022-4224 (In multiple products of CODESYS v3 in multiple versions a remote low p ...) NOT-FOR-US: CODESYS CVE-2022-4223 (The pgAdmin server includes an HTTP API that is intended to be used to ...) - pgadmin4 (bug #834129) CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Asus NAS-M25 CVE-2022-4220 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4219 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4218 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4217 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4216 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4215 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4214 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4213 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4212 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4211 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4210 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Chained Quiz plugin for WordPress CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...) NOT-FOR-US: uC-FTPs CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...) - derby 10.14.2.0-3 (bug #1056755) [bookworm] - derby (Minor issue) [bullseye] - derby (Minor issue) [buster] - derby (Minor issue) NOTE: https://issues.apache.org/jira/browse/DERBY-7147 NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3 CVE-2022-46336 REJECTED CVE-2022-46335 REJECTED CVE-2022-46334 (Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability wh ...) NOT-FOR-US: Proofpoint CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) ...) NOT-FOR-US: Proofpoint CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...) NOT-FOR-US: Proofpoint CVE-2022-46328 (Some smartphones have the input validation vulnerability. Successful e ...) NOT-FOR-US: Huawei CVE-2022-46327 (Some smartphones have configuration issues. Successful exploitation of ...) NOT-FOR-US: Huawei CVE-2022-46326 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) NOT-FOR-US: Huawei CVE-2022-46325 (Some smartphones have the out-of-bounds write vulnerability.Successful ...) NOT-FOR-US: Huawei CVE-2022-46324 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) NOT-FOR-US: Huawei CVE-2022-46323 (Some smartphones have the out-of-bounds write vulnerability.Successful ...) NOT-FOR-US: Huawei CVE-2022-46322 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) NOT-FOR-US: Huawei CVE-2022-46321 (The Wi-Fi module has a vulnerability in permission verification. Succe ...) NOT-FOR-US: Huawei CVE-2022-46320 (The kernel module has an out-of-bounds read vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2022-46319 (Fingerprint calibration has a vulnerability of lacking boundary judgme ...) NOT-FOR-US: Huawei CVE-2022-46318 (The HAware module has a function logic error. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-46317 (The power consumption module has an out-of-bounds read vulnerability. ...) NOT-FOR-US: Huawei CVE-2022-46316 (A thread security vulnerability exists in the authentication process. ...) NOT-FOR-US: Huawei CVE-2022-46315 (The ProfileSDK has defects introduced in the design process. Successfu ...) NOT-FOR-US: Huawei CVE-2022-46314 (The IPC module has defects introduced in the design process. Successfu ...) NOT-FOR-US: Huawei CVE-2022-46313 (The sensor privacy module has an authentication vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2022-46312 (The application management module has a vulnerability in permission ve ...) NOT-FOR-US: Huawei CVE-2022-46311 (The contacts component has a free (undefined) provider vulnerability. ...) NOT-FOR-US: Huawei CVE-2022-46310 (The TelephonyProvider module has a vulnerability in obtaining values.S ...) NOT-FOR-US: Huawei CVE-2022-46281 RESERVED CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-4206 (A sensitive information leak issue has been discovered in all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...) - gitlab 15.10.8+ds1-2 CVE-2022-4204 RESERVED CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verificati ...) - openssl 3.0.8-1 [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20230207.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8) CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2333 NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 CVE-2021-46856 (The multi-screen collaboration module has a path traversal vulnerabili ...) NOT-FOR-US: Huawei CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) {DLA-3217-1} - g810-led 0.4.2-3 (bug #1024998) [bullseye] - g810-led 0.4.2-1+deb11u1 NOTE: https://github.com/MatMoul/g810-led/pull/297 NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3) CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability. A remot ...) NOT-FOR-US: Vitals ESP CVE-2022-46308 (SGUDA U-Lock central lock control service\u2019s user management funct ...) NOT-FOR-US: SGUDA U-Lock central lock control service CVE-2022-46307 (SGUDA U-Lock central lock control service\u2019s lock management funct ...) NOT-FOR-US: SGUDA U-Lock central lock control service CVE-2022-46306 (ChangingTec ServiSign component has a path traversal vulnerability due ...) NOT-FOR-US: ChangingTec ServiSign CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerability. An ...) NOT-FOR-US: ChangingTec ServiSign CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...) NOT-FOR-US: ChangingTec ServiSign CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46278 RESERVED CVE-2022-46277 RESERVED CVE-2022-46276 RESERVED CVE-2022-46275 RESERVED CVE-2022-46274 RESERVED CVE-2022-46273 RESERVED CVE-2022-46272 RESERVED CVE-2022-46271 RESERVED CVE-2022-46270 RESERVED CVE-2022-46269 RESERVED CVE-2022-46268 RESERVED CVE-2022-46267 RESERVED CVE-2022-46266 RESERVED CVE-2022-45445 RESERVED CVE-2022-45346 RESERVED CVE-2022-45119 REJECTED CVE-2022-44615 RESERVED CVE-2022-44453 RESERVED CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...) NOT-FOR-US: Ichitaro CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...) NOT-FOR-US: WellinTech KingHistorian CVE-2022-43503 REJECTED CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-42489 RESERVED CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, ...) - gitlab 15.10.8+ds1-2 CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-4196 (The Multi Step Form WordPress plugin before 1.7.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-41795 RESERVED CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2372 CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...) {DSA-5293-1} - chromium 108.0.5359.71-1 [buster] - chromium (see DSA 5046) CVE-2022-4173 (A vulnerability within the malware removal functionality of Avast and ...) NOT-FOR-US: Avast and AVG Antivirus CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the ACPI ...) - qemu 1:7.2+dfsg-1 (bug #1025123) [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1268 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f7e26ffa590ff26b4c6a2c513ad9ba1e6156f5b8 (v7.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/defb70980f6bed36100b74e84220f1764c0dd544 (v7.2.0-rc0) NOTE: https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/ CVE-2022-40973 RESERVED CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2022-46264 RESERVED CVE-2022-46263 RESERVED CVE-2022-46262 RESERVED CVE-2022-46261 RESERVED CVE-2022-46260 RESERVED CVE-2022-46259 RESERVED CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-46254 RESERVED CVE-2022-46253 RESERVED CVE-2022-46252 RESERVED CVE-2022-46251 RESERVED CVE-2022-46250 RESERVED CVE-2022-46249 RESERVED CVE-2022-46248 RESERVED CVE-2022-46247 RESERVED CVE-2022-46246 RESERVED CVE-2022-46245 RESERVED CVE-2022-46244 REJECTED CVE-2022-46243 REJECTED CVE-2022-46242 REJECTED CVE-2022-46241 REJECTED CVE-2022-46240 REJECTED CVE-2022-46239 REJECTED CVE-2022-46238 REJECTED CVE-2022-46237 REJECTED CVE-2022-46236 REJECTED CVE-2022-46235 REJECTED CVE-2022-46234 REJECTED CVE-2022-46233 REJECTED CVE-2022-46232 REJECTED CVE-2022-46231 REJECTED CVE-2022-46230 REJECTED CVE-2022-46229 REJECTED CVE-2022-46228 REJECTED CVE-2022-46227 REJECTED CVE-2022-46226 REJECTED CVE-2022-46225 REJECTED CVE-2022-46224 REJECTED CVE-2022-46223 REJECTED CVE-2022-46222 REJECTED CVE-2022-46221 REJECTED CVE-2022-46220 REJECTED CVE-2022-46219 REJECTED CVE-2022-46218 REJECTED CVE-2022-46217 REJECTED CVE-2022-46216 REJECTED CVE-2022-46215 REJECTED CVE-2022-46214 REJECTED CVE-2022-46213 REJECTED CVE-2022-46212 REJECTED CVE-2022-46211 REJECTED CVE-2022-46210 REJECTED CVE-2022-46209 REJECTED CVE-2022-46208 REJECTED CVE-2022-46207 REJECTED CVE-2022-46206 REJECTED CVE-2022-46205 REJECTED CVE-2022-46204 REJECTED CVE-2022-46203 REJECTED CVE-2022-46202 REJECTED CVE-2022-46201 REJECTED CVE-2022-46200 REJECTED CVE-2022-46199 REJECTED CVE-2022-46198 REJECTED CVE-2022-46197 REJECTED CVE-2022-46196 REJECTED CVE-2022-46195 REJECTED CVE-2022-46194 REJECTED CVE-2022-46193 REJECTED CVE-2022-46192 REJECTED CVE-2022-46191 REJECTED CVE-2022-46190 REJECTED CVE-2022-46189 REJECTED CVE-2022-46188 REJECTED CVE-2022-46187 REJECTED CVE-2022-46186 REJECTED CVE-2022-46185 REJECTED CVE-2022-46184 REJECTED CVE-2022-46183 REJECTED CVE-2022-46182 REJECTED CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...) NOT-FOR-US: Gotify server CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows users of ...) NOT-FOR-US: Discourse CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...) NOT-FOR-US: LiuOS CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...) NOT-FOR-US: MeterSphere CVE-2022-46177 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2022-46176 (Cargo is a Rust package manager. The Rust Security Response WG was not ...) - cargo 0.66.0+ds1-1 [bullseye] - cargo (Minor issue) [buster] - cargo (Minor issue) - rust-cargo 0.66.0-1 [bullseye] - rust-cargo (Minor issue) [buster] - rust-cargo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/01/10/3 NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176 CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be ...) {DLA-3665-1} - node-json5 2.2.3+dfsg-1 (bug #1027145) [bullseye] - node-json5 2.1.3-2+deb11u1 NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h NOTE: https://github.com/json5/json5/issues/199 NOTE: https://github.com/json5/json5/issues/295 NOTE: Fixed by: https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972 (v1.0.2) NOTE: Fixed by: https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8 (v2.2.2) CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...) NOT-FOR-US: AWS efs-utils CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...) NOT-FOR-US: Elrond go CVE-2022-46172 (authentik is an open-source Identity provider focused on flexibility a ...) NOT-FOR-US: authentik CVE-2022-46171 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an application use ...) - codeigniter (bug #471583) CVE-2022-46169 (Cacti is an open source platform which provides a robust and extensibl ...) {DSA-5298-1 DLA-3252-1} - cacti 1.2.22+ds1-3 (bug #1025648) NOTE: Fixed by: https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216 NOTE: Fixup for 1.2.x with PHP < 7.0: https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf CVE-2022-46168 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) NOT-FOR-US: Capsule CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...) NOT-FOR-US: Spring boot admins CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program. ...) - syncthing 1.27.2~ds4-1 (bug #1037432) [bookworm] - syncthing (Minor issue) [bullseye] - syncthing (Minor issue) [buster] - syncthing (Minor issue) NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h NOTE: https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238 (v1.23.5) CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...) NOT-FOR-US: NodeBB CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...) NOT-FOR-US: Travel support program CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...) NOT-FOR-US: BBCode plugin for Discourse CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...) NOT-FOR-US: pdfmake CVE-2022-46160 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...) NOT-FOR-US: Discourse CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...) NOT-FOR-US: PrestaShop CVE-2022-46157 (Akeneo PIM is an open source Product Information Management (PIM). Ake ...) NOT-FOR-US: Akeneo PIM CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...) NOT-FOR-US: Grafana Synthetic Monitoring CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...) NOT-FOR-US: Airtable.js CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and browser b ...) NOT-FOR-US: Kodexplorer CVE-2022-46153 (Traefik is an open source HTTP reverse proxy and load balancer. In aff ...) - traefik (bug #983289) CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...) - optee-os (Fixed before initial upload) CVE-2022-46151 (Querybook is an open source data querying UI. In affected versions use ...) NOT-FOR-US: Querybook CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) [experimental] - capnproto 0.9.2-1 - capnproto 0.9.2-2 [bullseye] - capnproto (Breaks API and requires rebuilds, possibly via point release) [buster] - capnproto (Minor issue; breaks API) - rust-capnp 0.14.11-1.1 (bug #1025821) NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 NOTE: https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) NOT-FOR-US: Drag and Drop XBlock CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build exporters. P ...) - golang-github-prometheus-exporter-toolkit 0.8.2-1 (bug #1025127) [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2 NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1 NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) NOT-FOR-US: authentik CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All versions ...) NOT-FOR-US: Siemens CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This could ...) NOT-FOR-US: Siemens CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in flash memor ...) NOT-FOR-US: Siemens CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...) NOT-FOR-US: Siemens CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the debug zip ...) NOT-FOR-US: Siemens CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...) NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware CVE-2022-44606 (OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...) NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware CVE-2022-43464 (Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...) NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware CVE-2022-4171 (The demon image annotation plugin for WordPress is vulnerable to impro ...) NOT-FOR-US: demon image annotation plugin for WordPress CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code execution, in ...) - rxvt-unicode 9.31-1 (bug #1025489) [bookworm] - rxvt-unicode (Minor issue) [bullseye] - rxvt-unicode (Vulnerable code introduced later) [buster] - rxvt-unicode (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/12/05/1 NOTE: http://cvs.schmorp.de/rxvt-unicode/src/perl/background?r1=1.105&r2=1.109 NOTE: Not exploitable due to a bug since 9.30 upstream CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to authori ...) NOT-FOR-US: Polylang CVE-2022-4168 REJECTED CVE-2022-4167 (Incorrect Authorization check affecting all versions of GitLab EE from ...) - gitlab (Specific to EE) CVE-2022-4166 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4165 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4164 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4163 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4162 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4161 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4160 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4159 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4158 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4157 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4156 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4155 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4154 (The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4153 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4152 (The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pr ...) NOT-FOR-US: WordPress plugin CVE-2022-4151 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) NOT-FOR-US: WordPress plugin CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as NT AUTHO ...) NOT-FOR-US: Netskope CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...) NOT-FOR-US: Quarkus CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers ...) NOT-FOR-US: TP-Link CVE-2022-46138 RESERVED CVE-2022-46137 (AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: ob ...) NOT-FOR-US: AeroCMS CVE-2022-46136 RESERVED CVE-2022-46135 (In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at ...) NOT-FOR-US: AeroCMS CVE-2022-46134 RESERVED CVE-2022-46133 RESERVED CVE-2022-46132 RESERVED CVE-2022-46131 RESERVED CVE-2022-46130 RESERVED CVE-2022-46129 RESERVED CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable ...) NOT-FOR-US: phpgurukul Doctor Appointment Management System V CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46125 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46124 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46123 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46122 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46121 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46120 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46119 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46118 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46117 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) NOT-FOR-US: Helmet Store Showroom Site CVE-2022-46116 RESERVED CVE-2022-46115 RESERVED CVE-2022-46114 RESERVED CVE-2022-46113 RESERVED CVE-2022-46112 RESERVED CVE-2022-46111 RESERVED CVE-2022-46110 RESERVED CVE-2022-46109 (Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-46108 RESERVED CVE-2022-46107 RESERVED CVE-2022-46106 RESERVED CVE-2022-46105 RESERVED CVE-2022-46104 RESERVED CVE-2022-46103 RESERVED CVE-2022-46102 (AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/ad ...) NOT-FOR-US: AyaCMS CVE-2022-46101 (AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php fil ...) NOT-FOR-US: AyaCMS CVE-2022-46100 RESERVED CVE-2022-46099 RESERVED CVE-2022-46098 RESERVED CVE-2022-46097 RESERVED CVE-2022-46096 (A Cross site scripting (XSS) vulnerability in Sourcecodester Online Co ...) NOT-FOR-US: Sourcecodester CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discov ...) NOT-FOR-US: Sourcecodester CVE-2022-46094 RESERVED CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection. Attack ...) NOT-FOR-US: Hospital Management System CVE-2022-46092 RESERVED CVE-2022-46091 (Cross Site Scripting (XSS) vulnerability in the feedback form of Onlin ...) NOT-FOR-US: Online Flight Booking Management System CVE-2022-46090 RESERVED CVE-2022-46089 (Cross Site Scripting (XSS) vulnerability in the add-airline form of On ...) NOT-FOR-US: Online Flight Booking Management System CVE-2022-46088 (Online Flight Booking Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Flight Booking Management System CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...) NOT-FOR-US: CloudSchool CVE-2022-46086 RESERVED CVE-2022-46085 RESERVED CVE-2022-46084 RESERVED CVE-2022-46083 RESERVED CVE-2022-46082 RESERVED CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...) NOT-FOR-US: Garmin CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and comm ...) NOT-FOR-US: Nexxt Nebula CVE-2022-46079 RESERVED CVE-2022-46078 RESERVED CVE-2022-46077 RESERVED CVE-2022-46076 (D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypas ...) NOT-FOR-US: D-Link CVE-2022-46075 RESERVED CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery ...) NOT-FOR-US: Helmet Store Showroom CVE-2022-46073 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Helmet Store Showroom CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection ...) NOT-FOR-US: Helmet Store Showroom CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...) NOT-FOR-US: Helmet Store Showroom CVE-2022-46070 (GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in ...) NOT-FOR-US: GV-ASManager CVE-2022-46069 RESERVED CVE-2022-46068 RESERVED CVE-2022-46067 RESERVED CVE-2022-46066 RESERVED CVE-2022-46065 RESERVED CVE-2022-46064 RESERVED CVE-2022-46063 RESERVED CVE-2022-46062 (Gym Management System v0.0.1 is vulnerable to Cross Site Request Forge ...) NOT-FOR-US: Gym Management System CVE-2022-46061 (AeroCMS v0.0.1 is vulnerable to ClickJacking.) NOT-FOR-US: AeroCMS CVE-2022-46060 RESERVED CVE-2022-46059 (AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: AeroCMS CVE-2022-46058 (AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: AeroCMS CVE-2022-46057 RESERVED CVE-2022-46056 RESERVED CVE-2022-46055 RESERVED CVE-2022-46054 RESERVED CVE-2022-46053 RESERVED CVE-2022-46052 RESERVED CVE-2022-46051 (The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable ...) NOT-FOR-US: AeroCMS CVE-2022-46050 RESERVED CVE-2022-46049 RESERVED CVE-2022-46048 RESERVED CVE-2022-46047 (AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter ...) NOT-FOR-US: AeroCMS CVE-2022-46046 RESERVED CVE-2022-46045 RESERVED CVE-2022-46044 RESERVED CVE-2022-46043 RESERVED CVE-2022-46042 RESERVED CVE-2022-46041 RESERVED CVE-2022-46040 RESERVED CVE-2022-46039 RESERVED CVE-2022-46038 RESERVED CVE-2022-46037 RESERVED CVE-2022-46036 RESERVED CVE-2022-46035 RESERVED CVE-2022-46034 RESERVED CVE-2022-46033 RESERVED CVE-2022-46032 RESERVED CVE-2022-46031 RESERVED CVE-2022-46030 RESERVED CVE-2022-46029 RESERVED CVE-2022-46028 RESERVED CVE-2022-46027 RESERVED CVE-2022-46026 RESERVED CVE-2022-46025 (Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect A ...) NOT-FOR-US: Totolink CVE-2022-46024 RESERVED CVE-2022-46023 RESERVED CVE-2022-46022 RESERVED CVE-2022-46021 (X-Man 1.0 has a SQL injection vulnerability, which can cause data leak ...) NOT-FOR-US: X-Man CVE-2022-46020 (WBCE CMS v1.5.4 can implement getshell by modifying the upload file ty ...) NOT-FOR-US: WBCE CMS CVE-2022-46019 RESERVED CVE-2022-46018 RESERVED CVE-2022-46017 RESERVED CVE-2022-46016 RESERVED CVE-2022-46015 RESERVED CVE-2022-46014 RESERVED CVE-2022-46013 RESERVED CVE-2022-46012 RESERVED CVE-2022-46011 RESERVED CVE-2022-46010 RESERVED CVE-2022-46009 RESERVED CVE-2022-46008 RESERVED CVE-2022-46007 RESERVED CVE-2022-46006 RESERVED CVE-2022-46005 RESERVED CVE-2022-46004 RESERVED CVE-2022-46003 RESERVED CVE-2022-46002 RESERVED CVE-2022-46001 RESERVED CVE-2022-46000 RESERVED CVE-2022-45999 RESERVED CVE-2022-45998 RESERVED CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.) NOT-FOR-US: Tenda CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd ...) NOT-FOR-US: Tenda CVE-2022-45995 (There is an unauthorized buffer overflow vulnerability in Tenda AX12 v ...) NOT-FOR-US: Tenda CVE-2022-45994 RESERVED CVE-2022-45993 RESERVED CVE-2022-45992 RESERVED CVE-2022-45991 RESERVED CVE-2022-45990 (A cross-site scripting (XSS) vulnerability in the component /signup_sc ...) NOT-FOR-US: Ecommerce-Website CVE-2022-45989 RESERVED CVE-2022-45988 (starsoftcomm CooCare 5.304 allows local attackers to escalate privileg ...) NOT-FOR-US: starsoftcomm CooCare CVE-2022-45987 RESERVED CVE-2022-45986 RESERVED CVE-2022-45985 RESERVED CVE-2022-45984 RESERVED CVE-2022-45983 RESERVED CVE-2022-45982 (thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulne ...) NOT-FOR-US: ThinkPHP CVE-2022-45981 RESERVED CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) NOT-FOR-US: Tenda CVE-2022-45979 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-45978 RESERVED CVE-2022-45977 (Tenda AX12 V22.03.01.21_CN was found to have a command injection vulne ...) NOT-FOR-US: Tenda CVE-2022-45976 RESERVED CVE-2022-45975 RESERVED CVE-2022-45974 RESERVED CVE-2022-45973 RESERVED CVE-2022-45972 RESERVED CVE-2022-45971 RESERVED CVE-2022-45970 (Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulle ...) NOT-FOR-US: Alist CVE-2022-45969 (Alist v3.4.0 is vulnerable to Directory Traversal,) NOT-FOR-US: Alist CVE-2022-45968 (Alist v3.4.0 is vulnerable to File Upload. A user with only file uploa ...) NOT-FOR-US: Alist CVE-2022-45967 RESERVED CVE-2022-45966 (here is an arbitrary file upload vulnerability in the file management ...) NOT-FOR-US: Classcms CVE-2022-45965 RESERVED CVE-2022-45964 RESERVED CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.) NOT-FOR-US: h3c firewall CVE-2022-45962 (Open Solutions for Education, Inc openSIS Community Edition v8.0 and e ...) NOT-FOR-US: OpenSIS CVE-2022-45961 RESERVED CVE-2022-45960 RESERVED CVE-2022-45959 RESERVED CVE-2022-45958 RESERVED CVE-2022-45957 (ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 ...) NOT-FOR-US: ZTE CVE-2022-45956 (Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the c ...) - boa CVE-2022-45955 RESERVED CVE-2022-45954 RESERVED CVE-2022-45953 RESERVED CVE-2022-45952 RESERVED CVE-2022-45951 RESERVED CVE-2022-45950 RESERVED CVE-2022-45949 RESERVED CVE-2022-45948 RESERVED CVE-2022-45947 RESERVED CVE-2022-45946 RESERVED CVE-2022-45945 RESERVED CVE-2022-45944 RESERVED CVE-2022-45943 RESERVED CVE-2022-45942 (A Remote Code Execution (RCE) vulnerability was found in includes/baij ...) NOT-FOR-US: baijiacms CVE-2022-45941 RESERVED CVE-2022-45940 RESERVED CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) {DSA-5314-1 DLA-3257-1} - emacs 1:28.2+1-8 (bug #1025009) - xemacs21 21.4.24-11 [bullseye] - xemacs21 (Minor issue) [buster] - xemacs21 (Minor issue) NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies microeisbss th ...) NOT-FOR-US: Comcast Defined Technologies microeisbss CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...) NOT-FOR-US: Siemens CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...) NOT-FOR-US: Siemens CVE-2022-4146 (Expression Language Injection vulnerability in Hitachi Replication Man ...) NOT-FOR-US: Hitachi CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...) NOT-FOR-US: Apache James CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.4-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...) NOT-FOR-US: KubeView CVE-2022-45932 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) NOT-FOR-US: OpenDaylight CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) NOT-FOR-US: OpenDaylight CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) NOT-FOR-US: OpenDaylight CVE-2022-45929 RESERVED CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText Content Su ...) NOT-FOR-US: OpenText CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45926 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45925 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45924 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45923 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) NOT-FOR-US: OpenText CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...) NOT-FOR-US: FusionAuth CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...) NOT-FOR-US: Softing uaToolkit Embedded CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.289-1 NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u NOTE: Negligible security impact, would need physical access to "exploit" NOTE: https://git.kernel.org/linus/280a8ab81733da8bc442253c700a52c4c0886ffd CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or Path.) - ilias (bug #195688) CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect.) - ilias (bug #195688) CVE-2022-45916 (ILIAS before 7.16 allows XSS.) - ilias (bug #195688) CVE-2022-45915 (ILIAS before 7.16 allows OS Command Injection.) - ilias (bug #195688) CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...) NOT-FOR-US: ESL (Electronic Shelf Label) protocol CVE-2022-45913 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) NOT-FOR-US: Zimbra CVE-2022-45912 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...) NOT-FOR-US: Zimbra CVE-2022-45911 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) NOT-FOR-US: Zimbra CVE-2022-4145 (A content spoofing flaw was found in OpenShift's OAuth endpoint. This ...) NOT-FOR-US: OpenShift CVE-2022-45910 (Improper neutralization of special elements used in an LDAP query ('LD ...) NOT-FOR-US: Apache ManifoldCF CVE-2022-45909 (drachtio-server before 0.8.19 has a heap-based buffer over-read via a ...) NOT-FOR-US: drachtio-server CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) NOT-FOR-US: PaddlePaddle CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - pytorch 1.13.1+dfsg-1 (bug #1024903) [bullseye] - pytorch (Minor issue) NOTE: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 NOTE: https://github.com/pytorch/pytorch/commit/74a9ca993bd79f8131829e9c946657fa9a1d05ef (v1.13.1) NOTE: https://github.com/pytorch/pytorch/issues/88868 CVE-2022-45906 RESERVED CVE-2022-45905 RESERVED CVE-2022-45904 RESERVED CVE-2022-45903 RESERVED CVE-2022-45902 RESERVED CVE-2022-45901 RESERVED CVE-2022-45900 RESERVED CVE-2022-45899 RESERVED CVE-2022-45898 RESERVED CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device emulati ...) - qemu 1:7.2+dfsg-1 [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue, DoS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1336 NOTE: Pre-requisite 1: https://gitlab.com/qemu-project/qemu/-/commit/61c34fc194b776ecadc39fb26b061331107e5599 (v7.2.0-rc3) NOTE: Pre-requisite 2: https://gitlab.com/qemu-project/qemu/-/commit/8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f (v7.2.0-rc3) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 (v7.2.0-rc3) CVE-2022-4143 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...) {DLA-3453-1} - vim 2:9.0.1000-1 (bug #1027146) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU ...) {DLA-3244-1} - linux 6.0.10-2 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present, only affects gen12 video and compute engines) NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1 NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550 CVE-2022-45897 (On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attac ...) NOT-FOR-US: Xerox CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload of arbi ...) NOT-FOR-US: Planet eStream CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive information, rela ...) NOT-FOR-US: Planet eStream CVE-2022-45894 (GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory ...) NOT-FOR-US: Planet eStream CVE-2022-45893 (Planet eStream before 6.72.10.07 allows a low-privileged user to gain ...) NOT-FOR-US: Planet eStream CVE-2022-45892 (In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Script ...) NOT-FOR-US: Planet eStream CVE-2022-45891 (Planet eStream before 6.72.10.07 allows attackers to call restricted f ...) NOT-FOR-US: Planet eStream CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting ...) NOT-FOR-US: Planet eStream CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who is a pu ...) NOT-FOR-US: Planet eStream CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...) - linux 6.3.7-1 (unimportant) [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.289-1 NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/ NOTE: Negligible security impact, would need physical access to "exploit" NOTE: https://git.kernel.org/linus/517a281338322ff8293f988771c98aaa7205e457 CVE-2022-45886 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) - linux 6.3.7-1 (unimportant) [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 [buster] - linux 4.19.289-1 NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/ NOTE: Negligible security impact, would need physical access to "exploit" NOTE: https://git.kernel.org/linus/4172385b0c9ac366dcab78eda48c26814b87ed1a CVE-2022-45885 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) - linux (unimportant) NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) - linux (unimportant) NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-45883 REJECTED CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...) NOT-FOR-US: OpenHarmony CVE-2022-45875 (Improper validation of script alert plugin parameters in Apache Dolphi ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization vulnerabil ...) NOT-FOR-US: Huawei CVE-2022-45126 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) NOT-FOR-US: OpenHarmony CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...) NOT-FOR-US: OpenHarmony CVE-2022-44455 (The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prio ...) NOT-FOR-US: OpenHarmony CVE-2022-43662 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) NOT-FOR-US: OpenHarmony CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) NOT-FOR-US: OpenHarmony CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab CE/EE ...) - gitlab 15.10.8+ds1-2 CVE-2022-4137 (A reflected cross-site scripting (XSS) vulnerability was found in the ...) NOT-FOR-US: Keycloak CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...) - systemd 252-1 [bullseye] - systemd (Vulnerable code introduced later) [buster] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553 NOTE: Fixed by: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 (v252-rc3) NOTE: Introduced by: https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 (v250-rc1) CVE-2022-45872 (iTerm2 before 3.4.18 mishandles a DECRQSS response.) NOT-FOR-US: iTerm2 CVE-2022-45871 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...) NOT-FOR-US: WithSecure CVE-2022-45870 RESERVED CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through ...) - linux 6.0.12-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/47b0c2e4c220f2251fd8dcfbb44479819c715e15 (6.1-rc7) CVE-2022-45868 (The web-based admin console in H2 Database Engine before 2.2.220 can b ...) - h2database (unimportant) NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords should never be NOTE: passed on the command line. CVE-2022-45867 (MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages ...) NOT-FOR-US: MyBB CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, as us ...) NOT-FOR-US: qpress CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...) NOT-FOR-US: leadshop CVE-2022-4135 (Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 a ...) {DSA-5289-1} - chromium 107.0.5304.121-1 [buster] - chromium (see DSA 5046) CVE-2022-4134 (A flaw was found in openstack-glance. This issue could allow a remote, ...) NOTE: There's no code fix, just an update on best practices NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147462 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0090 NOTE: https://bugs.launchpad.net/ossn/+bug/1990157 CVE-2022-4133 REJECTED CVE-2022-4132 (A flaw was found in JSS. A memory leak in JSS requires non-standard co ...) - jss (bug #1052575) [bookworm] - jss (Minor issue) [bullseye] - jss (Minor issue) [buster] - jss (The vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147372 NOTE: Triggered by: https://github.com/dogtagpki/jss/pull/928 NOTE: Upstream PR: https://github.com/dogtagpki/jss/pull/970 NOTE: https://github.com/dogtagpki/jss/commit/bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 (v5.5.0-alpha2) CVE-2021-46855 RESERVED CVE-2022-45865 RESERVED CVE-2022-45864 RESERVED CVE-2022-45863 RESERVED CVE-2022-45862 RESERVED CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...) NOT-FOR-US: Fortinet CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...) NOT-FOR-US: FortiGuard CVE-2022-45859 (An insufficiently protected credentials vulnerability [CWE-522] in For ...) NOT-FOR-US: FortiGuard CVE-2022-45858 (A use of a weak cryptographic algorithm vulnerability [CWE-327] in For ...) NOT-FOR-US: FortiGuard CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...) NOT-FOR-US: Fortinet CVE-2022-45856 RESERVED CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...) NOT-FOR-US: Apache Ambari CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...) NOT-FOR-US: Zyxel CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8 firmware ...) NOT-FOR-US: Zyxel CVE-2022-45852 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...) NOT-FOR-US: WordPress plugin CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...) NOT-FOR-US: Nickys Image Map CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...) NOT-FOR-US: WordPress plugin CVE-2022-45847 (Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...) NOT-FOR-US: WordPress plugin CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend Smart Slide ...) NOT-FOR-US: WordPress plugin CVE-2022-45844 RESERVED CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Next ...) NOT-FOR-US: WordPress plugin CVE-2022-45842 (Unauth. Race Condition vulnerability inWP ULike Plugin <= 4.6.4 onWord ...) NOT-FOR-US: WordPress plugin CVE-2022-45841 RESERVED CVE-2022-45840 RESERVED CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...) NOT-FOR-US: WordPress plugin CVE-2022-45837 (Reflected Cross-Site Scripting (XSS) vulnerability in Denis \u5fae\u4f ...) NOT-FOR-US: WordPress plugin CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...) NOT-FOR-US: WordPress plugin CVE-2022-45835 (Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Pa ...) NOT-FOR-US: WordPress plugin CVE-2022-45834 RESERVED CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on ...) NOT-FOR-US: WordPress plugin CVE-2022-45832 RESERVED CVE-2022-45831 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob01 ...) NOT-FOR-US: WordPress plugin CVE-2022-45830 RESERVED CVE-2022-45829 (Auth. Path Traversal vulnerability inEasy WP SMTP plugin <= 1.5.1 atWo ...) NOT-FOR-US: WordPress plugin CVE-2022-45828 (Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timeta ...) NOT-FOR-US: WordPress plugin CVE-2022-45827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gall ...) NOT-FOR-US: WordPress plugin CVE-2022-45826 RESERVED CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...) NOT-FOR-US: WordPress plugin CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability inAdvanced Booking Cal ...) NOT-FOR-US: WordPress plugin CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Vide ...) NOT-FOR-US: WordPress plugin CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...) NOT-FOR-US: WordPress plugin CVE-2022-45821 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013 WordPress LMS P ...) NOT-FOR-US: WordPress plugin CVE-2022-45819 RESERVED CVE-2022-45818 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimo ...) NOT-FOR-US: WordPress plugin CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...) NOT-FOR-US: WordPress plugin CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...) NOT-FOR-US: WordPress plugin CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...) NOT-FOR-US: WordPress plugin CVE-2022-45813 RESERVED CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2022-45811 RESERVED CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ric ...) NOT-FOR-US: WordPress plugin CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <= 1.0. ...) NOT-FOR-US: WordPress plugin CVE-2022-45806 RESERVED CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) NOT-FOR-US: WordPress plugin CVE-2022-45803 RESERVED CVE-2022-45802 (Streampark allows any users to upload a jar as application, but there ...) NOT-FOR-US: Apache StreamPark CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. ...) NOT-FOR-US: Apache StreamPark CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in Satell ...) NOT-FOR-US: Red Hat Satellite server CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...) {DLA-3404-1} - linux 6.1.4-1 [bullseye] - linux 5.10.178-1 NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t NOTE: https://git.kernel.org/linus/b68777d54fac21fc833ec26ea1a2a84f975ab035 (6.1-rc6) NOTE: https://git.kernel.org/linus/af295e854a4e3813ffbdef26dbb6a4d6226c3ea1 (6.1-rc7) CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) - linux 5.18.14-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7) CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) - linux (Vulnerable code only in 5.19-rcX versions) NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6) CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, ...) NOT-FOR-US: ABB RCCMD CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-45800 RESERVED CVE-2022-45799 RESERVED CVE-2022-45798 (A link following vulnerability in the Damage Cleanup Engine component ...) NOT-FOR-US: Trend Micro CVE-2022-4123 (A flaw was found in Buildah. The local path and the lowest subdirector ...) - golang-github-containers-buildah (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144989 NOTE: Negligible security impact CVE-2022-4122 (A vulnerability was found in buildah. Incorrect following of symlinks ...) - golang-github-containers-buildah (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144983 NOTE: Negligible security impact CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...) - proftpd-dfsg 1.3.7c+dfsg-1 (bug #993173) [bullseye] - proftpd-dfsg 1.3.7a+dfsg-12+deb11u1 [buster] - proftpd-dfsg 1.3.6-4+deb10u6 NOTE: https://github.com/proftpd/proftpd/issues/1284 NOTE: https://github.com/proftpd/proftpd/pull/1285 NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 (v1.3.8rc2) NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8 (v1.3.7c) CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup Engine ...) NOT-FOR-US: Trend Micro CVE-2022-45796 (Command injection vulnerability in nw_interface.html in SHARP multifun ...) NOT-FOR-US: SHARP CVE-2022-45795 REJECTED CVE-2022-45794 (An attacker with network access to the affected PLC (CJ-series and CS- ...) NOT-FOR-US: CS/CJ-series Programmable Controllers CVE-2022-45793 (Sysmac Studio installs executables in a directory with poor permission ...) NOT-FOR-US: Omron CVE-2022-45792 (Project files may contain malicious contents which the software will u ...) NOT-FOR-US: Dragos CVE-2022-45791 REJECTED CVE-2022-45790 (The Omron FINS protocol has an authenticated feature to prevent access ...) NOT-FOR-US: Dragos CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...) NOT-FOR-US: Schneider Electric CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...) NOT-FOR-US: Apache James CVE-2022-45786 (There are issues with the AGE drivers for Golang and Python that enabl ...) NOT-FOR-US: Apache AGE CVE-2022-4121 (In libetpan a null pointer dereference in mailimap_mailbox_data_status ...) {DLA-3261-1} - libetpan 1.9.4-3.1 (bug #1025120) [bullseye] - libetpan (Minor issue) NOTE: https://github.com/dinhvh/libetpan/issues/420 NOTE: https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba CVE-2022-4120 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-4118 (The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor st ...) NOT-FOR-US: WordPress plugin CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a parame ...) NOT-FOR-US: WordPress plugin CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...) NOT-FOR-US: Quarkus CVE-2022-4115 (The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [rust-atty: Potential unaligned read] - rust-atty (Windows-specific) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html CVE-2022-45785 RESERVED CVE-2022-45784 RESERVED CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...) NOT-FOR-US: dotCMS CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...) NOT-FOR-US: dotCMS CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...) NOT-FOR-US: WordPress theme CVE-2022-4113 RESERVED CVE-2022-4112 (The Quizlord WordPress plugin through 2.0 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-4111 (Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 ...) NOT-FOR-US: ToolJet CVE-2022-4110 (The Eventify\u2122 WordPress plugin through 2.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-4109 (The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-4108 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlie ...) NOT-FOR-US: Tenda CVE-2022-45780 RESERVED CVE-2022-45779 RESERVED CVE-2022-45778 (https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 ...) NOT-FOR-US: Hillstone Firewall SG-6000 CVE-2022-45777 RESERVED CVE-2022-45776 RESERVED CVE-2022-45775 RESERVED CVE-2022-45774 RESERVED CVE-2022-45773 RESERVED CVE-2022-45772 RESERVED CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows attacker ...) NOT-FOR-US: Pwndoc CVE-2022-45770 (Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windo ...) NOT-FOR-US: Adguard CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...) NOT-FOR-US: ClicShopping_V3 CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...) NOT-FOR-US: Edimax CVE-2022-45767 RESERVED CVE-2022-45766 (Hardcoded credentials in Global Facilities Management Software (GFMS) ...) NOT-FOR-US: Global Facilities Management Software (GFMS) CVE-2022-45765 RESERVED CVE-2022-45764 RESERVED CVE-2022-45763 RESERVED CVE-2022-45762 RESERVED CVE-2022-45761 RESERVED CVE-2022-45760 (SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.) NOT-FOR-US: SENS CVE-2022-45759 (SENS v1.0 has a file upload vulnerability.) NOT-FOR-US: SENS CVE-2022-45758 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzh ...) NOT-FOR-US: SENS CVE-2022-45757 RESERVED CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: SENS CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...) NOT-FOR-US: EyouCMS CVE-2022-45754 RESERVED CVE-2022-45753 RESERVED CVE-2022-45752 RESERVED CVE-2022-45751 RESERVED CVE-2022-45750 RESERVED CVE-2022-45749 RESERVED CVE-2022-45748 (An issue was discovered with assimp 5.1.4, a use after free occurred i ...) - assimp 5.3.1+ds-2 (bug #1029833) [bookworm] - assimp (Minor issue) [bullseye] - assimp (Minor issue) [buster] - assimp (Minor issue) NOTE: https://github.com/assimp/assimp/issues/4286 CVE-2022-45747 RESERVED CVE-2022-45746 RESERVED CVE-2022-45745 RESERVED CVE-2022-45744 RESERVED CVE-2022-45743 RESERVED CVE-2022-45742 RESERVED CVE-2022-45741 RESERVED CVE-2022-45740 RESERVED CVE-2022-45739 RESERVED CVE-2022-45738 RESERVED CVE-2022-45737 RESERVED CVE-2022-45736 RESERVED CVE-2022-45735 RESERVED CVE-2022-45734 RESERVED CVE-2022-45733 RESERVED CVE-2022-45732 RESERVED CVE-2022-45731 RESERVED CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) NOT-FOR-US: Doctor Appointment Management System CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) NOT-FOR-US: Doctor Appointment Management System CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...) NOT-FOR-US: Doctor Appointment Management System CVE-2022-45727 RESERVED CVE-2022-45726 RESERVED CVE-2022-45725 (Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a ...) NOT-FOR-US: Comfast CVE-2022-45724 (Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a ...) NOT-FOR-US: Comfast CVE-2022-45723 RESERVED CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: ezEIP CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) NOT-FOR-US: IP-COM M50 CVE-2022-45719 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45718 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45717 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...) NOT-FOR-US: IP-COM M50 CVE-2022-45716 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45715 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) NOT-FOR-US: IP-COM M50 CVE-2022-45714 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45713 RESERVED CVE-2022-45712 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45711 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...) NOT-FOR-US: IP-COM M50 CVE-2022-45710 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) NOT-FOR-US: IP-COM M50 CVE-2022-45709 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple comma ...) NOT-FOR-US: IP-COM M50 CVE-2022-45708 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45707 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45706 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) NOT-FOR-US: IP-COM M50 CVE-2022-45705 RESERVED CVE-2022-45704 RESERVED CVE-2022-45703 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29799 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69bfd1759db41c8d369f9dcc98a135c5a5d97299 NOTE: binutils not covered by security support CVE-2022-45702 RESERVED CVE-2022-45701 (Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution ...) NOT-FOR-US: Arris TG2482A firmware CVE-2022-45700 RESERVED CVE-2022-45699 (Command injection in the administration interface in APSystems ECU-R v ...) NOT-FOR-US: APSystems CVE-2022-45698 RESERVED CVE-2022-45697 (Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 ...) NOT-FOR-US: Razer Central CVE-2022-45696 RESERVED CVE-2022-45695 RESERVED CVE-2022-45694 RESERVED CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...) {DSA-5312-1 DLA-3259-1} - libjettison-java 1.5.3-1 NOTE: https://github.com/jettison-json/jettison/issues/52 CVE-2022-45692 RESERVED CVE-2022-45691 RESERVED CVE-2022-45690 (A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.ja ...) NOT-FOR-US: hutool-json CVE-2022-45689 (hutool-json v5.8.10 was discovered to contain an out of memory error.) NOT-FOR-US: hutool-json CVE-2022-45688 (A stack overflow in the XML.toJSONObject component of hutool-json v5.8 ...) NOT-FOR-US: hutool-json CVE-2022-45687 RESERVED CVE-2022-45686 RESERVED CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...) {DSA-5312-1 DLA-3259-1} - libjettison-java 1.5.3-1 NOTE: https://github.com/jettison-json/jettison/issues/54 CVE-2022-45684 RESERVED CVE-2022-45683 RESERVED CVE-2022-45682 RESERVED CVE-2022-45681 RESERVED CVE-2022-45680 RESERVED CVE-2022-45679 RESERVED CVE-2022-45678 RESERVED CVE-2022-45677 (SQL Injection Vulnerability in tanujpatra228 Tution Management System ...) NOT-FOR-US: tanujpatra228 Tution Management System (TMS) CVE-2022-45676 RESERVED CVE-2022-45675 RESERVED CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) NOT-FOR-US: Tenda CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) NOT-FOR-US: Tenda CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) NOT-FOR-US: Tenda CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) NOT-FOR-US: Tenda CVE-2022-45666 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45665 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-45662 RESERVED CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-45642 RESERVED CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSe ...) NOT-FOR-US: Tenda CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...) NOT-FOR-US: Tenda CVE-2022-45639 (OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows ...) NOTE: Bogus report on srcsleuthkit: If a malformed parameter is passed, it needs to be NOTE: sanitised in the calling application CVE-2022-45638 RESERVED CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Ap ...) NOT-FOR-US: MEGAFEIS CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) NOT-FOR-US: MEGAFEIS CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) NOT-FOR-US: MEGAFEIS CVE-2022-45634 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) NOT-FOR-US: MEGAFEIS CVE-2022-45633 RESERVED CVE-2022-45632 RESERVED CVE-2022-45631 RESERVED CVE-2022-45630 RESERVED CVE-2022-45629 RESERVED CVE-2022-45628 RESERVED CVE-2022-45627 RESERVED CVE-2022-45626 RESERVED CVE-2022-45625 RESERVED CVE-2022-45624 RESERVED CVE-2022-45623 RESERVED CVE-2022-45622 RESERVED CVE-2022-45621 RESERVED CVE-2022-45620 RESERVED CVE-2022-45619 RESERVED CVE-2022-45618 RESERVED CVE-2022-45617 RESERVED CVE-2022-45616 RESERVED CVE-2022-45615 RESERVED CVE-2022-45614 REJECTED CVE-2022-45613 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2022-45612 RESERVED CVE-2022-45611 (An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows ...) NOT-FOR-US: Fresenius Kabi PharmaHelp CVE-2022-45610 RESERVED CVE-2022-45609 RESERVED CVE-2022-45608 (An issue was discovered in ThingsBoard 3.4.1, allows low privileged at ...) NOT-FOR-US: ThingsBoard CVE-2022-45607 RESERVED CVE-2022-45606 RESERVED CVE-2022-45605 RESERVED CVE-2022-45604 RESERVED CVE-2022-45603 RESERVED CVE-2022-45602 RESERVED CVE-2022-45601 RESERVED CVE-2022-45600 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices imprope ...) NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable t ...) NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...) NOT-FOR-US: Joplin Desktop App CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: t ...) NOT-FOR-US: ComponentSpace.Saml2 CVE-2022-45596 RESERVED CVE-2022-45595 RESERVED CVE-2022-45594 RESERVED CVE-2022-45593 RESERVED CVE-2023-34854 [Authenticated remote code execution via backup/restore in HotelDruid] - hoteldruid 3.0.6-1 [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2022-45592 [(1) Server Side Request Forgery (SSRF), (2) persistant Cross site scripting (XSS), and (3) File upload vulnerability.] RESERVED - hoteldruid 3.0.6-1 [bookworm] - hoteldruid (Minor issue) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) CVE-2022-45591 RESERVED CVE-2022-45590 RESERVED CVE-2022-45589 (All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Tal ...) NOT-FOR-US: Talend CVE-2022-45588 (All versions before R2022-09 of Talend's Remote Engine Gen 2 are poten ...) NOT-FOR-US: Talend CVE-2022-45587 (Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpd ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-45586 (Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-45585 RESERVED CVE-2022-45584 RESERVED CVE-2022-45583 RESERVED CVE-2022-45582 (Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1. ...) {DLA-3678-1} - horizon 3:23.1.0-3 [bookworm] - horizon 3:23.0.0-5+deb12u1 [bullseye] - horizon 3:18.6.2-5+deb11u2 NOTE: https://bugs.launchpad.net/horizon/+bug/1982676 NOTE: https://opendev.org/openstack/horizon/commit/beed6bf6f6f83df9972db5fb539d64175ce12ce9 (19.4.0) NOTE: https://opendev.org/openstack/horizon/commit/2f600272bfffb3024e6f06a369f9b4768dd1a0b0 (20.1.4) NOTE: https://opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735 (23.1.0) CVE-2022-45581 RESERVED CVE-2022-45580 RESERVED CVE-2022-45579 RESERVED CVE-2022-45578 RESERVED CVE-2022-45577 RESERVED CVE-2022-45576 RESERVED CVE-2022-45575 RESERVED CVE-2022-45574 RESERVED CVE-2022-45573 RESERVED CVE-2022-45572 RESERVED CVE-2022-45571 RESERVED CVE-2022-45570 RESERVED CVE-2022-45569 RESERVED CVE-2022-45568 RESERVED CVE-2022-45567 RESERVED CVE-2022-45566 RESERVED CVE-2022-45565 RESERVED CVE-2022-45564 (SQL Injection vulnerability in znfit Home improvement ERP management s ...) NOT-FOR-US: znfit Home improvement ERP management system CVE-2022-45563 RESERVED CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 ...) NOT-FOR-US: Telos Alliance Omnia MPX Node CVE-2022-45561 RESERVED CVE-2022-45560 RESERVED CVE-2022-45559 RESERVED CVE-2022-45558 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) NOT-FOR-US: Hundredrabbits Left CVE-2022-45557 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) NOT-FOR-US: Hundredrabbits Left CVE-2022-45556 RESERVED CVE-2022-45555 RESERVED CVE-2022-45554 RESERVED CVE-2022-45553 (An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Route ...) NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45552 (An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ...) NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45551 (An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router ...) NOT-FOR-US: Shenzhen Zhibotong Electronics CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).) NOT-FOR-US: AyaCMS CVE-2022-45549 RESERVED CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.) NOT-FOR-US: AyaCMS CVE-2022-45547 RESERVED CVE-2022-45546 (Information Disclosure in Authentication Component of ScreenCheck Badg ...) NOT-FOR-US: ScreenCheck BadgeMaker CVE-2022-45545 RESERVED CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...) NOT-FOR-US: Schlix Web Inc SCHLIX CMS CVE-2022-45543 (Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attacke ...) NOT-FOR-US: DiscuzX CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager com ...) NOT-FOR-US: EyouCMS CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribu ...) NOT-FOR-US: EyouCMS CVE-2022-45540 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor ...) NOT-FOR-US: EyouCMS CVE-2022-45539 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager compone ...) NOT-FOR-US: EyouCMS CVE-2022-45538 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish ...) NOT-FOR-US: EyouCMS CVE-2022-45537 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish ...) NOT-FOR-US: EyouCMS CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45534 RESERVED CVE-2022-45533 RESERVED CVE-2022-45532 RESERVED CVE-2022-45531 RESERVED CVE-2022-45530 RESERVED CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45528 RESERVED CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...) NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...) NOT-FOR-US: Future-Depth Institutional Management Website (IMS) CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45523 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45522 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45521 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45520 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45519 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45518 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45517 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45516 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45515 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45514 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45513 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45512 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45511 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45510 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45509 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45508 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45507 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45506 (Tenda W30E v1.0.1.25(633) was discovered to contain a command injectio ...) NOT-FOR-US: Tenda CVE-2022-45505 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-45504 (An issue in the component tpi_systool_handle(0) (/goform/SysToolRestor ...) NOT-FOR-US: Tenda CVE-2022-45503 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-45502 RESERVED CVE-2022-45501 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-45500 RESERVED CVE-2022-45499 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-45498 (An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot ...) NOT-FOR-US: Tenda CVE-2022-45497 (Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection ...) NOT-FOR-US: Tenda CVE-2022-45496 (Buffer overflow vulnerability in function json_parse_string in sheredo ...) NOT-FOR-US: json.h CVE-2022-45495 RESERVED CVE-2022-45494 (Buffer overflow vulnerability in function json_parse_object in sheredo ...) NOT-FOR-US: json.h CVE-2022-45493 (Buffer overflow vulnerability in function json_parse_key in sheredom j ...) NOT-FOR-US: json.h CVE-2022-45492 (Buffer overflow vulnerability in function json_parse_number in sheredo ...) NOT-FOR-US: json.h CVE-2022-45491 (Buffer overflow vulnerability in function json_parse_value in sheredom ...) NOT-FOR-US: json.h CVE-2022-45490 RESERVED CVE-2022-45489 RESERVED CVE-2022-45488 RESERVED CVE-2022-45487 RESERVED CVE-2022-45486 RESERVED CVE-2022-45485 RESERVED CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...) NOT-FOR-US: kiwi Test Plan CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...) NOT-FOR-US: Tenable CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-4101 (The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does ...) NOT-FOR-US: WordPress plugin CVE-2022-4100 RESERVED CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series are prone to ...) NOT-FOR-US: Wiesemann&Theis products of ComServer Series CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...) NOT-FOR-US: WordPress plugin CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...) NOT-FOR-US: appsmith CVE-2022-4095 (A use-after-free flaw was found in Linux kernel before 5.19.2. This is ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/e230a4455ac3e9b112f0367d1b8e255e141afae0 (6.0-rc4) CVE-2022-4094 RESERVED CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...) - dolibarr CVE-2022-4092 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...) NOT-FOR-US: Cybozu CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...) NOT-FOR-US: rickxy Stock Management System CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It has be ...) NOT-FOR-US: rickxy Stock Management System CVE-2022-4088 (A vulnerability was found in rickxy Stock Management System and classi ...) NOT-FOR-US: rickxy Stock Management System CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as problematic ...) - ipxe (Vulnerable code not present) NOTE: Introduced by: https://github.com/ipxe/ipxe/commit/634a86093af9a6d134be8662f25616f4edfec683 NOTE: Fixed by: https://github.com/ipxe/ipxe/commit/186306d6199096b7a7c4b4574d4be8cdb8426729 CVE-2022-4086 REJECTED CVE-2022-4085 REJECTED CVE-2022-4084 REJECTED CVE-2022-4083 REJECTED CVE-2022-4082 REJECTED CVE-2022-4081 REJECTED CVE-2022-4080 REJECTED CVE-2022-4079 REJECTED CVE-2022-4078 REJECTED CVE-2022-4077 REJECTED CVE-2022-4076 REJECTED CVE-2022-4075 REJECTED CVE-2022-4074 REJECTED CVE-2022-4073 REJECTED CVE-2022-4072 REJECTED CVE-2022-4071 REJECTED CVE-2022-4070 (Insufficient Session Expiration in GitHub repository librenms/librenms ...) NOT-FOR-US: LibreNMS CVE-2022-4069 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) NOT-FOR-US: LibreNMS CVE-2022-4068 (A user is able to enable their own account if it was disabled by an ad ...) NOT-FOR-US: LibreNMS CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) - libonion (bug #744119) CVE-2022-4065 (A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It ...) - testng (Vulnerable code introduced later) NOTE: https://github.com/cbeust/testng/pull/2806 NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) - ruby-dalli (Vulnerable code introduced later) NOTE: https://github.com/petergoldstein/dalli/issues/932 NOTE: https://github.com/petergoldstein/dalli/pull/933 NOTE: Introduced after: https://github.com/petergoldstein/dalli/commit/5588d98f79eb04a9abcaeeff3263e08f93468b30 (v3.2.0) NOTE: Fixed by: https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d (v3.2.3) CVE-2022-45483 (Lazy Mouse allows an attacker (in a man in the middle position between ...) NOT-FOR-US: Lazy Mouse CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and doesn't impl ...) NOT-FOR-US: Lazy Mouse CVE-2022-45481 (The default configuration of Lazy Mouse does not require a password, a ...) NOT-FOR-US: Lazy Mouse CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middl ...) NOT-FOR-US: Telepad CVE-2022-45479 (PC Keyboard allows remote unauthenticated users to send instructions t ...) NOT-FOR-US: Telepad CVE-2022-45478 (Telepad allows an attacker (in a man-in-the-middle position between th ...) NOT-FOR-US: Telepad CVE-2022-45477 (Telepad allows remote unauthenticated users to send instructions to th ...) NOT-FOR-US: Telepad CVE-2022-45476 (Tiny File Manager version 2.4.8 executes the code of files uploaded by ...) NOT-FOR-US: Tiny File Manager CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...) NOT-FOR-US: Tiny File Manager CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...) NOT-FOR-US: WordPress plugin CVE-2022-4062 (A CWE-285: Improper Authorization vulnerability exists that could caus ...) NOT-FOR-US: Schneider Electric CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...) NOT-FOR-US: drachtio-server CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...) NOT-FOR-US: drachtio-server CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r patch 6 ...) NOT-FOR-US: CAE LearningSpace Enterprise CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...) NOT-FOR-US: JetBrains Hub CVE-2022-45470 (missing input validation in Apache Hama may cause information disclosu ...) NOT-FOR-US: Apache Hama CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...) NOT-FOR-US: CONPROSYS HMI System (CHS) CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly validat ...) NOT-FOR-US: WordPress plugin CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not limit wha ...) NOT-FOR-US: WordPress plugin CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...) NOT-FOR-US: WordPress plugin CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the Management Co ...) NOT-FOR-US: BlackBerry CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the Management ...) NOT-FOR-US: BlackBerry CVE-2023-21521 (An SQL Injection vulnerability in the Management Console(Operator Audi ...) NOT-FOR-US: BlackBerry CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self Service(Credenti ...) NOT-FOR-US: BlackBerry CVE-2023-21519 RESERVED CVE-2022-45467 RESERVED CVE-2022-45466 RESERVED CVE-2022-45465 RESERVED CVE-2022-45464 RESERVED CVE-2022-45463 RESERVED CVE-2022-4056 RESERVED CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...) - xdg-utils (bug #1027160) [bookworm] - xdg-utils (Minor issue) [bullseye] - xdg-utils (Minor issue) [buster] - xdg-utils (Minor issue) NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58 CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...) NOT-FOR-US: Veritas NetBackup CVE-2022-45460 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...) NOT-FOR-US: Xiongmai CVE-2022-4053 (A vulnerability was found in Student Attendance Management System. It ...) NOT-FOR-US: Student Attendance Management System CVE-2022-4052 (A vulnerability was found in Student Attendance Management System and ...) NOT-FOR-US: Student Attendance Management System CVE-2022-4051 (A vulnerability has been found in Hostel Searching Project and classif ...) NOT-FOR-US: Hostel Searching Project CVE-2022-4050 (The JoomSport WordPress plugin before 5.2.8 does not properly sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-4049 (The WP User WordPress plugin through 7.0 does not properly sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-4048 (Inadequate Encryption Strength in CODESYS Development System V3 versio ...) NOT-FOR-US: CODESYS CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-4046 (In CODESYS Control in multiple versions a improper restriction of oper ...) NOT-FOR-US: CODESYS CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an authenti ...) - mattermost-server (bug #823556) CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...) - mattermost-server (bug #823556) CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...) NOT-FOR-US: WordPress plugin CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) NOT-FOR-US: Hitachi CVE-2022-4040 RESERVED CVE-2022-4039 (A flaw was found in Red Hat Single Sign-On for OpenShift container ima ...) NOT-FOR-US: Keycloak CVE-2022-4038 RESERVED CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...) NOT-FOR-US: Acronis CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...) NOT-FOR-US: Acronis CVE-2022-45457 (Sensitive information disclosure and manipulation due to improper cert ...) NOT-FOR-US: Acronis CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...) NOT-FOR-US: Acronis CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...) NOT-FOR-US: Acronis CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are affecte ...) NOT-FOR-US: Acronis CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis CVE-2022-45451 (Local privilege escalation due to insecure driver communication port p ...) NOT-FOR-US: Acronis CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2022-45449 RESERVED CVE-2022-45448 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) NOT-FOR-US: M4 PDF plugin for Prestashop sites CVE-2022-45447 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) NOT-FOR-US: M4 PDF plugin for Prestashop sites CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...) NOT-FOR-US: Appointment Hour Booking Plugin for WordPress CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...) NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...) NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2022-4031 (The Simple:Press plugin for WordPress is vulnerable to arbitrary file ...) NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4030 (The Simple:Press plugin for WordPress is vulnerable to Path Traversal ...) NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4029 (The Simple:Press plugin for WordPress is vulnerable to Reflected Cross ...) NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4028 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Simple:Press plugin for WordPress CVE-2022-4026 RESERVED CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to 98.0.4 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not have a ...) NOT-FOR-US: WordPress plugin CVE-2022-4023 (The 3DPrint WordPress plugin before 3.5.6.9 does not protect against C ...) NOT-FOR-US: WordPress plugin CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure settings in ...) NOT-FOR-US: SVG Support plugin for WordPress CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Permalink Manager Lite plugin for WordPress CVE-2022-4020 (Vulnerability in theHQSwSmiDxe DXE driver on some consumer Acer Notebo ...) NOT-FOR-US: Acer CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...) NOT-FOR-US: Mattermost plugin CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...) - rdiffweb (bug #969974) CVE-2022-4017 (The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plu ...) NOT-FOR-US: WordPress plugin CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) NOT-FOR-US: WordPress plugin CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...) NOT-FOR-US: Sports Club Management System CVE-2022-4014 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: FeehiCMS CVE-2022-4013 (A vulnerability classified as problematic was found in Hospital Manage ...) NOT-FOR-US: Hospital Management Center CVE-2022-4012 (A vulnerability classified as critical has been found in Hospital Mana ...) NOT-FOR-US: Hospital Management Center CVE-2022-4011 (A vulnerability was found in Simple History Plugin. It has been rated ...) NOT-FOR-US: Simple History Plugin CVE-2022-43468 (External initialization of trusted variables or data stores vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...) NOT-FOR-US: TP-Link CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...) NOT-FOR-US: Octopus Deploy CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) NOT-FOR-US: Octopus Deploy CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...) - gitlab 15.10.8+ds1-2 CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WBCE CMS CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...) NOT-FOR-US: WordPress plugin CVE-2022-4004 (The Donation Button WordPress plugin through 4.0.0 does not properly c ...) NOT-FOR-US: WordPress plugin CVE-2021-4241 (A vulnerability, which was classified as problematic, was found in php ...) NOT-FOR-US: phpservermon CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...) NOT-FOR-US: phpservermon CVE-2022-45442 (Sinatra is a domain-specific language for creating web applications in ...) {DLA-3264-1} - ruby-sinatra 3.0.5-2 (bug #1025125) NOTE: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw NOTE: https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b (v3.0.4) NOTE: https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a (v2.2.3) CVE-2022-45441 (A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmwa ...) NOT-FOR-US: Zyxel CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmwa ...) NOT-FOR-US: Zyxel CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration file o ...) NOT-FOR-US: Zyxel CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...) NOT-FOR-US: Apache Superset CVE-2022-45437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Pandora FMS CVE-2022-4003 RESERVED CVE-2022-4002 RESERVED CVE-2022-4001 RESERVED CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have a ...) NOT-FOR-US: WordPress plugin CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...) NOT-FOR-US: MonikaBrzica scm CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...) NOT-FOR-US: MonikaBrzica scm CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint and pol ...) - openssl 3.0.7-2 (bug #1027102) [bullseye] - openssl (Only affects 3.0.x) [buster] - openssl (Only affects 3.0.x) NOTE: https://www.openssl.org/news/secadv/20221213.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7 CVE-2022-45435 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...) NOT-FOR-US: IdentitylQ CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...) NOT-FOR-US: Dahua CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...) NOT-FOR-US: Dahua CVE-2022-45432 (Some Dahua software products have a vulnerability of unauthenticated s ...) NOT-FOR-US: Dahua CVE-2022-45431 (Some Dahua software products have a vulnerability of unauthenticated r ...) NOT-FOR-US: Dahua CVE-2022-45430 (Some Dahua software products have a vulnerability of unauthenticated e ...) NOT-FOR-US: Dahua CVE-2022-45429 (Some Dahua software products have a vulnerability of server-side reque ...) NOT-FOR-US: Dahua CVE-2022-45428 (Some Dahua software products have a vulnerability of sensitive informa ...) NOT-FOR-US: Dahua CVE-2022-45427 (Some Dahua software products have a vulnerability of unrestricted uplo ...) NOT-FOR-US: Dahua CVE-2022-45426 (Some Dahua software products have a vulnerability of unrestricted down ...) NOT-FOR-US: Dahua CVE-2022-45425 (Some Dahua software products have a vulnerability of using of hard-cod ...) NOT-FOR-US: Dahua CVE-2022-45424 (Some Dahua software products have a vulnerability of unauthenticated r ...) NOT-FOR-US: Dahua CVE-2022-45423 (Some Dahua software products have a vulnerability of unauthenticated r ...) NOT-FOR-US: Dahua CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...) NOT-FOR-US: LG CVE-2022-45122 (Cross-site scripting vulnerability in Movable Type Movable Type 7 r.53 ...) - movabletype-opensource CVE-2022-45113 (Improper validation of syntactic correctness of input vulnerability ex ...) - movabletype-opensource CVE-2022-43660 (Improper neutralization of Server-Side Includes (SSW) within a web pag ...) - movabletype-opensource CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...) NOT-FOR-US: TeraWallet plugin for WordPress CVE-2022-3994 (The Authenticator WordPress plugin before 1.3.1 does not prevent subsc ...) NOT-FOR-US: WordPress plugin CVE-2023-21518 (Improper access control vulnerability in SearchWidget prior to version ...) NOT-FOR-US: Samsung CVE-2023-21517 (Heap out-of-bound write vulnerability in Exynos baseband prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-21516 (XSS vulnerability from InstantPlay in Galaxy Store prior to version 4. ...) NOT-FOR-US: InstantPlay in Galaxy Store CVE-2023-21515 (InstantPlay which included vulnerable script which could execute javas ...) NOT-FOR-US: InstantPlay CVE-2023-21514 (Improper scheme validation from InstantPlay Deeplink in Galaxy Store p ...) NOT-FOR-US: InstantPlay CVE-2023-21513 (Improper privilege management vulnerability in CC Mode prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2023-21512 (Improper Knox ID validation logic in notification framework prior to S ...) NOT-FOR-US: Samsung CVE-2023-21511 (Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_S ...) NOT-FOR-US: Samsung CVE-2023-21510 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SC ...) NOT-FOR-US: Samsung CVE-2023-21509 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_S ...) NOT-FOR-US: Samsung CVE-2023-21508 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...) NOT-FOR-US: Samsung CVE-2023-21507 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESO ...) NOT-FOR-US: Samsung CVE-2023-21506 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...) NOT-FOR-US: Samsung CVE-2023-21505 (Improper access control in Samsung Core Service prior to version 2.1.0 ...) NOT-FOR-US: Samsung CVE-2023-21504 (Potential buffer overflow vulnerability in mm_Plmncoordination.c in Sh ...) NOT-FOR-US: Samsung CVE-2023-21503 (Potential buffer overflow vulnerability in mm_LteInterRatManagement.c ...) NOT-FOR-US: Samsung CVE-2023-21502 (Improper input validation vulnerability in FactoryTest application pri ...) NOT-FOR-US: Samsung CVE-2023-21501 (Improper input validation vulnerability in mPOS fiserve trustlet prior ...) NOT-FOR-US: Samsung CVE-2023-21500 (Double free validation vulnerability in setPinPadImages in mPOS TUI tr ...) NOT-FOR-US: Samsung CVE-2023-21499 (Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin ...) NOT-FOR-US: Samsung CVE-2023-21498 (Improper input validation vulnerability in setPartnerTAInfo in mPOS TU ...) NOT-FOR-US: Samsung CVE-2023-21497 (Use of externally-controlled format string vulnerability in mPOS TUI t ...) NOT-FOR-US: Samsung CVE-2023-21496 (Active Debug Code vulnerability in ActivityManagerService prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-21495 (Improper access control vulnerability in Knox Enrollment Service prior ...) NOT-FOR-US: Samsung CVE-2023-21494 (Potential buffer overflow vulnerability in auth api in mm_Authenticati ...) NOT-FOR-US: Samsung CVE-2023-21493 (Improper access control vulnerability in SemShareFileProvider prior to ...) NOT-FOR-US: Samsung CVE-2023-21492 (Kernel pointers are printed in the log file prior to SMR May-2023 Rele ...) NOT-FOR-US: Samsung CVE-2023-21491 (Improper access control vulnerability in ThemeManager prior to SMR May ...) NOT-FOR-US: Samsung CVE-2023-21490 (Improper access control in GearManagerStub prior to SMR May-2023 Relea ...) NOT-FOR-US: Samsung CVE-2023-21489 (Heap out-of-bounds write vulnerability in bootloader prior to SMR May- ...) NOT-FOR-US: Samsung CVE-2023-21488 (Improper access control vulnerablility in Tips prior to SMR May-2023 R ...) NOT-FOR-US: Samsung CVE-2023-21487 (Improper access control vulnerability in Telephony framework prior to ...) NOT-FOR-US: Samsung CVE-2023-21486 (Improper export of android application components vulnerability in Ima ...) NOT-FOR-US: Samsung CVE-2023-21485 (Improper export of android application components vulnerability in Vid ...) NOT-FOR-US: Samsung CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR May-2023 ...) NOT-FOR-US: Samsung CVE-2023-21483 RESERVED CVE-2023-21482 RESERVED CVE-2023-21481 RESERVED CVE-2023-21480 RESERVED CVE-2023-21479 RESERVED CVE-2023-21478 RESERVED CVE-2023-21477 RESERVED CVE-2023-21476 RESERVED CVE-2023-21475 RESERVED CVE-2023-21474 RESERVED CVE-2023-21473 RESERVED CVE-2023-21472 RESERVED CVE-2023-21471 RESERVED CVE-2023-21470 RESERVED CVE-2023-21469 RESERVED CVE-2023-21468 RESERVED CVE-2023-21467 RESERVED CVE-2023-21466 RESERVED CVE-2023-21465 (Improper access control vulnerability in BixbyTouch prior to version 3 ...) NOT-FOR-US: Samsung CVE-2023-21464 (Improper access control in Samsung Calendar prior to versions 12.4.02. ...) NOT-FOR-US: Samsung CVE-2023-21463 (Improper access control vulnerability in MyFiles application prior to ...) NOT-FOR-US: Samsung CVE-2023-21462 (The sensitive information exposure vulnerability in Quick Share Agent ...) NOT-FOR-US: Samsung CVE-2023-21461 (Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in ...) NOT-FOR-US: Samsung CVE-2023-21460 (Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 ...) NOT-FOR-US: Samsung CVE-2023-21459 (Use after free vulnerability in decon driver prior to SMR Mar-2023 Rel ...) NOT-FOR-US: Samsung CVE-2023-21458 (Improper privilege management vulnerability in PhoneStatusBarPolicy in ...) NOT-FOR-US: Samsung CVE-2023-21457 (Improper access control vulnerability in Bluetooth prior to SMR Mar-20 ...) NOT-FOR-US: Samsung CVE-2023-21456 (Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar ...) NOT-FOR-US: Samsung CVE-2023-21455 (Improper authorization implementation in Exynos baseband prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-21454 (Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Relea ...) NOT-FOR-US: Samsung CVE-2023-21453 (Improper input validation vulnerability in SoftSim TA prior to SMR Mar ...) NOT-FOR-US: Samsung CVE-2023-21452 (Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 R ...) NOT-FOR-US: Samsung CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRI ...) NOT-FOR-US: Samsung CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation + prior to v ...) NOT-FOR-US: Samsung CVE-2023-21449 (Improper access control vulnerability in Call application prior to SMR ...) NOT-FOR-US: Samsung CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.3 ...) NOT-FOR-US: Samsung CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior to vers ...) NOT-FOR-US: Samsung CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09 in Andro ...) NOT-FOR-US: Samsung CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to versions 12. ...) NOT-FOR-US: Samsung CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 ...) NOT-FOR-US: Samsung CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for Android prio ...) NOT-FOR-US: Samsung CVE-2023-21442 (Improper access control vulnerability in Runestone application prior t ...) NOT-FOR-US: Samsung CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability in Routin ...) NOT-FOR-US: Samsung CVE-2023-21440 (Improper access control vulnerability in WindowManagerService prior to ...) NOT-FOR-US: Samsung CVE-2023-21439 (Improper input validation vulnerability in UwbDataTxStatusEvent prior ...) NOT-FOR-US: Samsung CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows ph ...) NOT-FOR-US: Samsung CVE-2023-21437 (Improper access control vulnerability in Phone application prior to SM ...) NOT-FOR-US: Samsung CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Re ...) NOT-FOR-US: Samsung CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint TA prio ...) NOT-FOR-US: Samsung CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior to versi ...) NOT-FOR-US: Samsung CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to version ...) NOT-FOR-US: Samsung CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior to 1.7.9 ...) NOT-FOR-US: Samsung CVE-2023-21431 (Improper input validation in Bixby Vision prior to version 3.7.70.17 a ...) NOT-FOR-US: Samsung CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in libSDKRe ...) NOT-FOR-US: Samsung CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release ...) NOT-FOR-US: Samsung CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior to SMR Ja ...) NOT-FOR-US: Samsung CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR Jan-2023 ...) NOT-FOR-US: Samsung CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Ja ...) NOT-FOR-US: Samsung CVE-2023-21425 (Improper access control vulnerability in telecom application prior to ...) NOT-FOR-US: Samsung CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) NOT-FOR-US: Samsung CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior to SMR J ...) NOT-FOR-US: Samsung CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in WifiSev ...) NOT-FOR-US: Samsung CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) NOT-FOR-US: Samsung CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in STST TA ...) NOT-FOR-US: Samsung CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR Jan-202 ...) NOT-FOR-US: Samsung CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421 CVE-2022-45420 (Use tables inside of an iframe, an attacker could have caused iframe c ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45420 CVE-2022-45419 (If the user added a security exception for an invalid TLS certificate, ...) - firefox 107.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45419 CVE-2022-45418 (If a custom mouse cursor is specified in CSS, under certain circumstan ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418 CVE-2022-45417 (Service Workers did not detect Private Browsing Mode correctly in all ...) - firefox 107.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45417 CVE-2022-45416 (Keyboard events reference strings like "KeyA" that were at fixed, know ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45416 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45416 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45416 CVE-2022-45415 (When downloading an HTML file, if the title of the page was formatted ...) - firefox 107.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45415 CVE-2022-45414 (If a Thunderbird user quoted from an HTML email, for example by replyi ...) {DSA-5303-1} - thunderbird 1:102.5.1-1 [bullseye] - thunderbird (Minor issue, fix along in next ESR update) [buster] - thunderbird (Minor issue) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/#CVE-2022-45414 CVE-2022-45413 (Using the S.browser_fallback_url parameter parameter, an ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45413 CVE-2022-45412 (When resolving a symlink such as file:///proc/self/fd/1, ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45412 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45412 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412 CVE-2022-45411 (Cross-Site Tracing occurs when a server will echo a request back via t ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45411 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45411 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411 CVE-2022-45410 (When a ServiceWorker intercepted a request with FetchEventFontFace() on a backgr ...) - firefox 107.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45407 CVE-2022-45406 (If an out-of-memory condition occurred when creating a JavaScript glob ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406 CVE-2022-45405 (Freeing arbitrary nsIInputStream's on a different thread ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405 CVE-2022-45404 (Through a series of popup and window.print() calls, an at ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45404 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45404 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404 CVE-2022-45403 (Service Workers should not be able to infer information about opaque c ...) {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} - firefox 107.0-1 - firefox-esr 102.5.0esr-1 - thunderbird 1:102.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45403 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45403 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45403 CVE-2022-45402 (In Apache Airflow versions prior to 2.4.3, there was an open redirect ...) - airflow (bug #819700) CVE-2022-45401 (Jenkins Associated Files Plugin 0.2.1 and earlier does not escape name ...) NOT-FOR-US: Jenkins Associated Files Plugin CVE-2022-45400 (Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser ...) NOT-FOR-US: Jenkins JAPEX Plugin CVE-2022-45399 (A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 ...) NOT-FOR-US: Jenkins Cluster Statistics Plugin CVE-2022-45398 (A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster S ...) NOT-FOR-US: Jenkins Cluster Statistics Plugin CVE-2022-45397 (Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does ...) NOT-FOR-US: Jenkins OSF Builder Suite : : XML Linter Plugin CVE-2022-45396 (Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins SourceMonitor Plugin CVE-2022-45395 (Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser ...) NOT-FOR-US: Jenkins CCCC Plugin CVE-2022-45394 (A missing permission check in Jenkins Delete log Plugin 1.0 and earlie ...) NOT-FOR-US: Jenkins Delete log Plugin CVE-2022-45393 (A cross-site request forgery (CSRF) vulnerability in Jenkins Delete lo ...) NOT-FOR-US: Jenkins Delete log Plugin CVE-2022-45392 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...) NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin CVE-2022-45391 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...) NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin CVE-2022-45390 (A missing permission check in Jenkins loader.io Plugin 1.0.1 and earli ...) NOT-FOR-US: Jenkins loader.io Plugin CVE-2022-45389 (A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier al ...) NOT-FOR-US: Jenkins XP-Dev Plugin CVE-2022-45388 (Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a fi ...) NOT-FOR-US: Jenkins Config Rotator Plugin CVE-2022-45387 (Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed conte ...) NOT-FOR-US: Jenkins BART Plugin CVE-2022-45386 (Jenkins Violations Plugin 0.7.11 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins Violations Plugin CVE-2022-45385 (A missing permission check in Jenkins CloudBees Docker Hub/Registry No ...) NOT-FOR-US: CloudBees Docker Hub/Registry Notification Plugin CVE-2022-45384 (Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP ma ...) NOT-FOR-US: Jenkins Reverse Proxy Auth Plugin CVE-2022-45383 (An incorrect permission check in Jenkins Support Core Plugin 1206.v140 ...) NOT-FOR-US: Jenkins Support Core Plugin CVE-2022-45382 (Jenkins Naginator Plugin 1.18.1 and earlier does not escape display na ...) NOT-FOR-US: Jenkins Naginator Plugin CVE-2022-45381 (Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not rest ...) NOT-FOR-US: Jenkins Pipeline Utility Steps Plugin CVE-2022-45380 (Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) ...) NOT-FOR-US: Jenkins JUnit Plugin CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier store ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet is av ...) NOT-FOR-US: Apache SOAP CVE-2022-45377 (Unrestricted Upload of File with Dangerous Type vulnerability in Glen ...) NOT-FOR-US: WordPress plugin CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-45374 RESERVED CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Ga ...) NOT-FOR-US: WordPress plugin CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...) NOT-FOR-US: WordPress plugin CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...) NOT-FOR-US: WordPress plugin CVE-2022-45368 RESERVED CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...) NOT-FOR-US: WordPress plugin CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...) NOT-FOR-US: WordPress plugin CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...) NOT-FOR-US: WordPress plugin CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...) NOT-FOR-US: WordPress plugin CVE-2022-45362 (Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Paymen ...) NOT-FOR-US: WordPress plugin CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...) NOT-FOR-US: WordPress plugin CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability inYITH WooCommerce Gift Ca ...) NOT-FOR-US: WordPress plugin CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45356 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) NOT-FOR-US: WordPress theme CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...) NOT-FOR-US: WordPress plugin CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.) NOT-FOR-US: WordPress theme CVE-2022-45352 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) NOT-FOR-US: WordPress theme CVE-2022-45351 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) NOT-FOR-US: WordPress theme CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45349 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...) NOT-FOR-US: WordPress theme CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...) NOT-FOR-US: Apache ShardingSphere-Proxy CVE-2022-45344 RESERVED CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2315 NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 CVE-2022-45342 RESERVED CVE-2022-45341 RESERVED CVE-2022-45340 RESERVED CVE-2022-45339 RESERVED CVE-2022-45338 (An arbitrary file upload vulnerability in the profile picture upload f ...) NOT-FOR-US: Exact Synergy Enterprise CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-45336 RESERVED CVE-2022-45335 RESERVED CVE-2022-45334 RESERVED CVE-2022-45333 RESERVED CVE-2022-45332 (LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow ...) - libredwg (bug #595191) CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) NOT-FOR-US: AeroCMS CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Church Management System CVE-2022-45327 RESERVED CVE-2022-45326 (An XML external entity (XXE) injection vulnerability in Kwoksys Kwok I ...) NOT-FOR-US: Kwoksys CVE-2022-45325 RESERVED CVE-2022-45324 RESERVED CVE-2022-45323 RESERVED CVE-2022-45322 RESERVED CVE-2022-45321 RESERVED CVE-2022-45320 (Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, ...) NOT-FOR-US: Liferay CVE-2022-45319 RESERVED CVE-2022-45318 RESERVED CVE-2022-45317 RESERVED CVE-2022-45316 RESERVED CVE-2022-45315 (Mikrotik RouterOs before stable v7.6 was discovered to contain an out- ...) NOT-FOR-US: Mikrotik CVE-2022-45314 RESERVED CVE-2022-45313 (Mikrotik RouterOs before stable v7.5 was discovered to contain an out- ...) NOT-FOR-US: Mikrotik CVE-2022-45312 RESERVED CVE-2022-45311 RESERVED CVE-2022-45310 RESERVED CVE-2022-45309 RESERVED CVE-2022-45308 RESERVED CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and below grant ...) NOT-FOR-US: Chocolatey PHP package CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.21 ...) NOT-FOR-US: Chocolatey Azure-Pipelines-Agent package CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and below g ...) NOT-FOR-US: Chocolatey Python3 package CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and below gra ...) NOT-FOR-US: Chocolatey Cmder package CVE-2022-45303 RESERVED CVE-2022-45302 RESERVED CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below gra ...) NOT-FOR-US: Chocolatey Ruby package CVE-2022-45300 RESERVED CVE-2022-45299 (An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allo ...) - rust-webbrowser 0.8.7-1 NOTE: https://github.com/offalltn/CVE-2022-45299 CVE-2022-45298 RESERVED CVE-2022-45297 (EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: EQ CVE-2022-45296 RESERVED CVE-2022-45295 RESERVED CVE-2022-45294 RESERVED CVE-2022-45293 RESERVED CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...) NOT-FOR-US: Funkwhale CVE-2022-45291 (PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 20 ...) NOT-FOR-US: PWS Personal Weather Station Dashboard CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...) NOT-FOR-US: Kbase Doc CVE-2022-45289 RESERVED CVE-2022-45288 RESERVED CVE-2022-45287 (An access control issue in Registration.aspx of Temenos CWX 8.5.6 allo ...) NOT-FOR-US: Temenos CWX CVE-2022-45286 RESERVED CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is ...) NOT-FOR-US: Vsourz Digital Advanced Contact form CVE-2022-45284 RESERVED CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2295 NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df CVE-2022-45282 RESERVED CVE-2022-45281 RESERVED CVE-2022-45280 (A cross-site scripting (XSS) vulnerability in the Url parameter in /lo ...) NOT-FOR-US: EyouCMS CVE-2022-45279 RESERVED CVE-2022-45278 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Jizhicms CVE-2022-45277 RESERVED CVE-2022-45276 (An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 a ...) NOT-FOR-US: YJCMS CVE-2022-45275 (An arbitrary file upload vulnerability in /queuing/admin/ajax.php?acti ...) NOT-FOR-US: Dynamic Transaction Queuing System CVE-2022-45274 RESERVED CVE-2022-45273 RESERVED CVE-2022-45272 RESERVED CVE-2022-45271 RESERVED CVE-2022-45270 RESERVED CVE-2022-45269 (A directory traversal vulnerability in the component SCS.Web.Server.SP ...) NOT-FOR-US: Linx Sphere LINX CVE-2022-45268 RESERVED CVE-2022-45267 RESERVED CVE-2022-45266 RESERVED CVE-2022-45265 RESERVED CVE-2022-45264 RESERVED CVE-2022-45263 RESERVED CVE-2022-45262 RESERVED CVE-2022-45261 RESERVED CVE-2022-45260 RESERVED CVE-2022-45259 RESERVED CVE-2022-45258 RESERVED CVE-2022-45257 RESERVED CVE-2022-45256 RESERVED CVE-2022-45255 RESERVED CVE-2022-45254 RESERVED CVE-2022-45253 RESERVED CVE-2022-45252 RESERVED CVE-2022-45251 RESERVED CVE-2022-45250 RESERVED CVE-2022-45249 RESERVED CVE-2022-45248 RESERVED CVE-2022-45247 RESERVED CVE-2022-45246 RESERVED CVE-2022-45245 RESERVED CVE-2022-45244 RESERVED CVE-2022-45243 RESERVED CVE-2022-45242 RESERVED CVE-2022-45241 RESERVED CVE-2022-45240 RESERVED CVE-2022-45239 RESERVED CVE-2022-45238 RESERVED CVE-2022-45237 RESERVED CVE-2022-45236 RESERVED CVE-2022-45235 RESERVED CVE-2022-45234 RESERVED CVE-2022-45233 RESERVED CVE-2022-45232 RESERVED CVE-2022-45231 RESERVED CVE-2022-45230 RESERVED CVE-2022-45229 RESERVED CVE-2022-45228 (Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross- ...) NOT-FOR-US: Dragino Lora LG01 18ed40 IoT CVE-2022-45227 (The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the director ...) NOT-FOR-US: Dragino Lora LG01 18ed40 IoT CVE-2022-45226 RESERVED CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Book Store Management System CVE-2022-45224 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45223 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45222 RESERVED CVE-2022-45221 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) NOT-FOR-US: Web-Based Student Clearance System CVE-2022-45220 RESERVED CVE-2022-45219 RESERVED CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...) NOT-FOR-US: Human Resource Management System CVE-2022-45217 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) NOT-FOR-US: Book Store Management System CVE-2022-45216 RESERVED CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) NOT-FOR-US: Book Store Management System CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) NOT-FOR-US: Sanitization Management System CVE-2022-45213 (perfSONAR before 4.4.6 inadvertently supports the parse option for a f ...) NOT-FOR-US: perfSONAR CVE-2022-45212 RESERVED CVE-2022-45211 RESERVED CVE-2022-45210 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45209 RESERVED CVE-2022-45208 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45207 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...) - gpac (Vulnerable code not present in any version in the archive) NOTE: https://github.com/gpac/gpac/issues/2307 NOTE: Introduced by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da NOTE: Fixed by: https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f CVE-2022-45203 RESERVED CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2296 NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 NOTE: Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da CVE-2022-45201 RESERVED CVE-2022-45200 RESERVED CVE-2022-3993 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: Kavita CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: Photospace Gallery plugin for WordPress CVE-2022-3990 (HPSFViewer might allow Escalation of Privilege. This potential vulnera ...) NOT-FOR-US: HP CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...) NOT-FOR-US: WordPress plugin CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...) NOT-FOR-US: Frappe Framework CVE-2022-3987 (The Responsive Lightbox2 WordPress plugin before 1.0.4 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-3986 (The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-3985 (The Videojs HTML5 Player WordPress plugin before 1.1.9 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-3984 (The Flowplayer Video Player WordPress plugin before 1.0.5 does not val ...) NOT-FOR-US: WordPress plugin CVE-2022-3983 (The Checkout for PayPal WordPress plugin before 1.0.14 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side request ...) NOT-FOR-US: Sophos CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware version ...) NOT-FOR-US: Aficio SP 4210N firmware CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.) - pillow 9.3.0-1 (bug #1024512) [bullseye] - pillow (Vulnerable code not present, introduced in 9.2.0) [buster] - pillow (Vulnerable code not present, introduced in 9.2.0) NOTE: https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3 (9.3.0) NOTE: https://github.com/python-pillow/Pillow/pull/6700 CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...) - pillow 9.2.0-1 [bullseye] - pillow (Minor issue) [buster] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0) NOTE: https://github.com/python-pillow/Pillow/pull/6402 CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...) - nagvis 1:1.9.34-1 [bullseye] - nagvis (Minor issue) [buster] - nagvis (Minor issue) NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34) CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...) NOT-FOR-US: NodeBB CVE-2022-3977 (A use-after-free flaw was found in the Linux kernel MCTP (Management C ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3a732b46736cd8a29092e4b0b1a9ba83e672bf89 (6.1-rc1) CVE-2022-3976 (A vulnerability has been found in MZ Automation libiec61850 up to 1.4 ...) NOT-FOR-US: libIEC61850 CVE-2022-3975 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: NukeViet CMS CVE-2022-3974 (A vulnerability classified as critical was found in Axiomatic Bento4. ...) NOT-FOR-US: Bento4 CVE-2022-3973 (A vulnerability classified as critical has been found in Pingkon HMS-P ...) NOT-FOR-US: Pingkon HMS-PHP CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated as cri ...) NOT-FOR-US: Pingkon HMS-PHP CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...) NOT-FOR-US: matrix-appservice-irc CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-6 (bug #1024737) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be NOTE: https://oss-fuzz.com/download?testcase_id=5738253143900160 CVE-2022-3969 (A vulnerability was found in OpenKM up to 6.3.11 and classified as pro ...) NOT-FOR-US: OpenKM CVE-2022-3968 (A vulnerability has been found in emlog and classified as problematic. ...) NOT-FOR-US: emlog CVE-2022-3967 (A vulnerability, which was classified as critical, was found in Vesta ...) NOT-FOR-US: Vesta CVE-2022-3966 (A vulnerability, which was classified as critical, has been found in U ...) NOT-FOR-US: Ultimate Member Plugin CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...) [experimental] - ffmpeg 7:6.0-1 - ffmpeg 7:5.1.3-1 [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd (n6.0) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9886e4c3b0880b167dbfdad722fb654c58cdc977 (n5.1.3) CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...) [experimental] - ffmpeg 7:6.0-1 - ffmpeg 7:5.1.3-1 [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 (n6.0) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7c234248f859baa35e55c3dbbb7a359eae1c5257 (n5.1.3) CVE-2022-45197 (Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLS ...) - slixmpp 1.8.3-1 [bullseye] - slixmpp (Minor issue) [buster] - slixmpp (Minor issue) NOTE: https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa (slix-1.8.3) CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...) NOT-FOR-US: Hyperledger Fabric CVE-2022-45195 (SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not a ...) NOT-FOR-US: SimpleXMQ CVE-2022-3963 (A vulnerability was found in gnuboard5. It has been classified as prob ...) NOT-FOR-US: Gnuboard CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML document, le ...) NOT-FOR-US: CBRN-Analysis CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...) NOT-FOR-US: CBRN-Analysis CVE-2022-45192 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) NOT-FOR-US: Microchip CVE-2022-45191 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) NOT-FOR-US: Microchip CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) NOT-FOR-US: Microchip CVE-2022-45189 RESERVED CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1024021) NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/ NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925 NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15) CVE-2022-45187 RESERVED CVE-2022-45186 RESERVED CVE-2022-45185 RESERVED CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x and v2.x ...) NOT-FOR-US: Ironman Software PowerShell Universal CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...) NOT-FOR-US: Ironman CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module ...) NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV) CVE-2022-45181 RESERVED CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...) NOT-FOR-US: LIVEBOX CVE-2022-45179 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...) NOT-FOR-US: LIVEBOX Collaboration vDesk CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...) NOT-FOR-US: LIVEBOX CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...) NOT-FOR-US: LIVEBOX Collaboration vDesk CVE-2022-45176 RESERVED CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) NOT-FOR-US: LIVEBOX CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) NOT-FOR-US: LIVEBOX CVE-2022-45173 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) NOT-FOR-US: LIVEBOX CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...) NOT-FOR-US: LIVEBOX Collaboration vDesk CVE-2022-45171 RESERVED CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) NOT-FOR-US: LIVEBOX CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...) NOT-FOR-US: LIVEBOX Collaboration vDesk CVE-2022-45168 RESERVED CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was discovered ...) NOT-FOR-US: Kiali CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent users w ...) NOT-FOR-US: WordPress plugin CVE-2022-3960 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-45167 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) NOT-FOR-US: Archibus Web Central CVE-2022-45166 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) NOT-FOR-US: Archibus Web Central CVE-2022-45165 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) NOT-FOR-US: Archibus Web Central CVE-2022-45164 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) NOT-FOR-US: Archibus Web Central CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP devices w ...) NOT-FOR-US: NXP devices CVE-2022-45162 RESERVED CVE-2022-45161 RESERVED CVE-2022-45160 RESERVED CVE-2022-45159 RESERVED CVE-2022-45158 RESERVED CVE-2022-45157 RESERVED CVE-2022-45156 RESERVED CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...) NOT-FOR-US: openSUSE Factory CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...) NOT-FOR-US: SuSE supportutils CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...) NOT-FOR-US: SAP CVE-2022-45152 (A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...) - moodle CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which exists due ...) - moodle CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered in Moodl ...) - moodle CVE-2022-45149 (A vulnerability was found in Moodle which exists due to insufficient v ...) - moodle CVE-2022-45148 REJECTED CVE-2022-45147 RESERVED CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Drogon CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...) NOT-FOR-US: BlueSpiceUserSidebar extension of BlueSpice CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...) {DSA-5411-1} - gpac (unimportant) NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb NOTE: Negligible security impact CVE-2022-3956 (A vulnerability classified as critical has been found in tsruban HHIMS ...) NOT-FOR-US: tsruban HHIMS CVE-2022-3955 (A vulnerability was found in tholum crm42. It has been rated as critic ...) NOT-FOR-US: tholum crm42 CVE-2022-3954 RESERVED CVE-2022-3953 REJECTED CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and clas ...) NOT-FOR-US: ManyDesigns Portofino CVE-2022-3951 RESERVED CVE-2022-3950 (A vulnerability, which was classified as problematic, was found in san ...) NOT-FOR-US: sanluan PublicCMS CVE-2022-3949 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Sourcecodester Simple Cashiering System CVE-2022-3948 (A vulnerability classified as critical was found in eolinker goku_lite ...) NOT-FOR-US: eolinker goku_lite CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker goku ...) NOT-FOR-US: eolinker goku_lite CVE-2022-3946 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not have aut ...) NOT-FOR-US: WordPress plugin CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: Kavita CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...) NOT-FOR-US: jerryhanjj ERP CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as probl ...) NOT-FOR-US: ForU CMS CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...) NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle CVE-2022-45145 (egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS comman ...) - chicken (Windows-specific) NOTE: https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html NOTE: https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=a08f8f548d772ef410c672ba33a27108d8d434f3;hp=9c6fb001c25de4390f46ffd7c3c94237f4df92a9 CVE-2022-45144 (Algoo Tracim before 4.4.2 allows XSS via HTML file upload.) NOT-FOR-US: Algoo Tracim CVE-2022-3941 (A vulnerability has been found in Activity Log Plugin and classified a ...) NOT-FOR-US: WordPress plugin CVE-2022-3940 (A vulnerability, which was classified as problematic, was found in lan ...) NOT-FOR-US: lanyulei ferry CVE-2022-3939 (A vulnerability, which was classified as critical, has been found in l ...) NOT-FOR-US: lanyulei ferry CVE-2022-3938 REJECTED CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3934 (The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...) {DSA-5381-1} - tomcat9 9.0.70-1 [buster] - tomcat9 (The vulnerable code was introduced later) - tomcat8 NOTE: https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e (9.0.69) NOTE: https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf (8.5.84) NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1 CVE-2022-45142 (The fix for CVE-2022-3437 included changing memcmp to be constant time ...) {DSA-5344-1 DLA-3311-1} - heimdal 7.8.git20221117.28daf24+dfsg-1.1 (bug #1030849) NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerabili ...) - samba 2:4.16.0+dfsg-2 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html CVE-2022-45140 (The configuration backend allows an unauthenticated user to write arbi ...) NOT-FOR-US: WAGO CVE-2022-45139 (A CORS Misconfiguration in the web-based management allows a malicious ...) NOT-FOR-US: WAGO CVE-2022-45138 (The configuration backend of the web-based management can be used by u ...) NOT-FOR-US: WAGO CVE-2022-45137 (The configuration backend of the web-based management is vulnerable to ...) NOT-FOR-US: WAGO CVE-2022-45136 (Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisa ...) - apache-jena 4.5.0-1 (bug #1024738) NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5 NOTE: The SDB module was removed after 3.17.0, marking 4.5.0 as fixed: https://jena.apache.org/documentation/archive/sdb/ CVE-2022-45135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Apache Cocoon CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize JavaScript ...) NOT-FOR-US: Typora CVE-2022-3932 RESERVED CVE-2022-3931 REJECTED CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...) NOT-FOR-US: WordPress plugin CVE-2022-3929 (Communication between the client and the server application of the aff ...) NOT-FOR-US: Hitachi CVE-2022-3928 (Hardcoded credential is found in affected products' message queue. An ...) NOT-FOR-US: Hitachi CVE-2022-3927 (The affected products store both public and private key that are used ...) NOT-FOR-US: Hitachi CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...) NOT-FOR-US: WordPress plugin CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...) {DSA-5329-1} - bind9 1:9.18.11-1 [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-3924 CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-45134 RESERVED CVE-2022-45133 RESERVED CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, r ...) - lava 2023.01-1 (bug #1024428) [bullseye] - lava (Vulnerable code not present) [buster] - lava (Vulnerable code not present) NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/ NOTE: https://git.lavasoftware.org/lava/lava/-/commit/ab17e8304f10c7c0fe912067f2ed85a4753241c7 (2022.11.1) CVE-2022-45131 RESERVED CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/command ...) NOT-FOR-US: Plesk CVE-2022-45129 (Payara before 2022-11-04, when deployed to the root context, allows at ...) NOT-FOR-US: Payara CVE-2022-45128 (Improper authorization in the Intel(R) EMA software before version 1.9 ...) NOT-FOR-US: Intel CVE-2022-45117 RESERVED CVE-2022-45114 RESERVED CVE-2022-45109 (Improper initialization for some Intel Unison software may allow an au ...) NOT-FOR-US: Intel CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...) NOT-FOR-US: Intel CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...) NOT-FOR-US: Intel CVE-2022-43477 (Incomplete cleanup for some Intel Unison software may allow an authent ...) NOT-FOR-US: Intel CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...) NOT-FOR-US: Intel CVE-2022-41659 (Improper access control for some Intel Unison software may allow a pri ...) NOT-FOR-US: Intel CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...) NOT-FOR-US: Listingo WordPress theme CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...) - consul (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946 CVE-2022-45108 RESERVED CVE-2022-45107 RESERVED CVE-2022-45106 RESERVED CVE-2022-45105 RESERVED CVE-2022-45104 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) NOT-FOR-US: Dell CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) NOT-FOR-US: Dell CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...) NOT-FOR-US: EMC CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...) NOT-FOR-US: Dell CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...) NOT-FOR-US: Dell CVE-2022-45099 (Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding f ...) NOT-FOR-US: Dell CVE-2022-45098 (Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of ...) NOT-FOR-US: Dell CVE-2022-45097 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Manag ...) NOT-FOR-US: Dell CVE-2022-45096 (Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface ...) NOT-FOR-US: Dell CVE-2022-45095 (Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulner ...) NOT-FOR-US: Dell CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2022-45091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45090 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45089 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45088 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...) NOT-FOR-US: WordPress plugin CVE-2022-45083 (Deserialization of Untrusted Data vulnerability in ProfilePress Member ...) NOT-FOR-US: WordPress plugin CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45081 RESERVED CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...) NOT-FOR-US: WordPress plugin CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...) NOT-FOR-US: WordPress plugin CVE-2022-45078 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...) NOT-FOR-US: WordPress plugin CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...) NOT-FOR-US: WordPress plugin CVE-2022-45075 RESERVED CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...) NOT-FOR-US: WordPress plugin CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentica ...) NOT-FOR-US: WordPress plugin CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...) NOT-FOR-US: WordPress plugin CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...) NOT-FOR-US: WordPress plugin CVE-2022-45070 RESERVED CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...) NOT-FOR-US: WordPress plugin CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercad ...) NOT-FOR-US: Mercado CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability inDevsCred Exclusive A ...) NOT-FOR-US: WordPress plugin CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly ...) NOT-FOR-US: WordPress plugin CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the RequestDisp ...) NOT-FOR-US: Apache Sling CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-3918 (A program using FoundationNetworking in swift-corelibs-foundation is p ...) NOT-FOR-US: swift-corelibs-foundation CVE-2022-3917 (Improper access control of bootloader functionwas discovered in Motoro ...) NOT-FOR-US: Motorola CVE-2022-3916 (A flaw was found in the offline_access scope in Keycloak. This issue w ...) NOT-FOR-US: Keycloak CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3914 RESERVED CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to v ...) NOT-FOR-US: Rapid7 CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-3911 (The iubenda WordPress plugin before 3.3.3 does does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...) - linux 5.19.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fc7222c3a9f56271fba02aabbfbae999042f1679 (6.0-rc6) CVE-2022-3909 (The Add Comments WordPress plugin through 1.0.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...) - xterm 375-1 [bullseye] - xterm (Minor issue; mitigated by default in Debian) [buster] - xterm (Minor issue; mitigated by default in Debian) NOTE: https://www.openwall.com/lists/oss-security/2022/11/10/1 NOTE: Debian sets defaults for allowWindowOps and allowFontOps resources to false since NOTE: 238-1, mitigating the issue. CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there i ...) {DSA-5296-1} - xfce4-settings 4.16.4-1 (bug #1023732) [buster] - xfce4-settings (The vulnerable code was introduced later) NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1) NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4) NOTE: Regression from the CVE fix with filenames with spaces: NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403 NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85 CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...) {DLA-3477-1 DLA-3432-1} - python3.11 3.11.1-1 - python3.10 3.10.9-1 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - pypy3 7.3.11+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/issues/98433 NOTE: https://github.com/python/cpython/pull/99092 NOTE: https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15 (v3.11.1) NOTE: https://github.com/python/cpython/commit/9bb8e18ca46fe66fa6802602f8a7228a24dd785f (v3.10.9) NOTE: https://github.com/python/cpython/commit/c09dba57cfbbf74273ce44b1f48f71b46806605c (v3.9.16) NOTE: https://github.com/python/cpython/commit/82ca2839c9ec6bf9a9400e791a52411824df67f3 (v3.8.16) NOTE: https://github.com/python/cpython/commit/b0b590be9597fd5919228d251812dd54145f70a7 (v3.7.16) CVE-2022-45060 (An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...) {DSA-5334-1 DLA-3208-1} - varnish 7.1.1-1.1 (bug #1023751) NOTE: https://varnish-cache.org/security/VSV00011.html NOTE: https://github.com/varnishcache/varnish-cache/commit/515a93df894430767073ccd8265497b6b25b54b5 CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x be ...) - varnish 7.1.1-1.1 (bug #1023750) [bullseye] - varnish (Vulnerable code not present, only affects Varnish 7) [buster] - varnish (Vulnerable code not present, only affects Varnish 7) NOTE: https://varnish-cache.org/security/VSV00010.html NOTE: https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4 CVE-2022-3908 (The Helloprint WordPress plugin before 1.4.7 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...) NOT-FOR-US: WordPress plugin CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3905 REJECTED CVE-2022-3904 (The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or ...) NOT-FOR-US: WordPress plugin CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transceiver U ...) - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute ...) NOT-FOR-US: Visioweb.js CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...) NOT-FOR-US: WordPress plugin CVE-2022-45058 RESERVED CVE-2022-45057 RESERVED CVE-2022-45056 RESERVED CVE-2022-45055 RESERVED CVE-2022-45054 RESERVED CVE-2022-45053 RESERVED CVE-2022-45052 (A Local File Inclusion vulnerability has been found in Axiell Iguana C ...) NOT-FOR-US: Axiell Iguana CMS CVE-2022-45051 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) NOT-FOR-US: Axiell Iguana CMS CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) NOT-FOR-US: Axiell Iguana CMS CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) NOT-FOR-US: Axiell Iguana CMS CVE-2022-45048 (Authenticated users with appropriate privileges can create policies ha ...) NOT-FOR-US: Apache Ranger CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...) NOT-FOR-US: Apache Mina SSHD CVE-2022-45046 REJECTED CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect against C ...) NOT-FOR-US: WordPress plugin CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...) NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to Reflec ...) NOT-FOR-US: WP Affiliate Platform plugin for WordPress CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...) NOT-FOR-US: BlueSpice CVE-2022-3894 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...) NOT-FOR-US: WordPress plugin CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...) NOT-FOR-US: BlueSpice CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...) NOT-FOR-US: WordPress plugin CVE-2022-3891 (The WP FullCalendar WordPress plugin before 1.5 does not ensure that t ...) NOT-FOR-US: WordPress plugin CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...) NOT-FOR-US: Xiongmai CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3889 (Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3888 (Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 a ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3887 (Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3886 (Use after free in Speech Recognition in Google Chrome prior to 107.0.5 ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) {DSA-5275-1} - chromium 107.0.5304.110-1 [buster] - chromium (see DSA 5046) CVE-2022-3884 (Incorrect Default Permissions vulnerability in Hitachi Ops Center Anal ...) NOT-FOR-US: Hitachi CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...) NOT-FOR-US: Siemens CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...) NOT-FOR-US: WordPress plugin CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...) NOT-FOR-US: WordPress plugin CVE-2022-3881 (The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascr ...) NOT-FOR-US: WordPress plugin CVE-2022-3880 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...) NOT-FOR-US: WordPress plugin CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...) NOT-FOR-US: Maxon ERP CVE-2022-3877 (A vulnerability, which was classified as problematic, was found in Cli ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-3876 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-3875 (A vulnerability classified as critical was found in Click Studios Pass ...) NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome CVE-2022-3874 (A command injection flaw was found in foreman. This flaw allows an aut ...) - foreman (bug #663101) CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...) NOT-FOR-US: jgraph/drawio CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of QEMU. ...) - qemu (bug #1024022) [bookworm] - qemu (Minor issue, revisit when fixed upstream) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue, DoS, waiting for sanctioned patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567 NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html NOTE: patch proposal 2: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html NOTE: No sanctioned upstream patch as of 2023-03-09 CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via gofo ...) NOT-FOR-US: Tenda CVE-2022-45042 RESERVED CVE-2022-45041 (SQL Injection exits in xinhu < 2.5.0) NOT-FOR-US: xinhu CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...) NOT-FOR-US: WBCE CMS CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...) NOT-FOR-US: WBCE CMS CVE-2022-45038 (A cross-site scripting (XSS) vulnerability in /admin/settings/save.php ...) NOT-FOR-US: WBCE CMS CVE-2022-45037 (A cross-site scripting (XSS) vulnerability in /admin/users/index.php o ...) NOT-FOR-US: WBCE CMS CVE-2022-45036 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) NOT-FOR-US: WBCE CMS CVE-2022-45035 RESERVED CVE-2022-45034 RESERVED CVE-2022-45033 (A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allo ...) NOT-FOR-US: Expense Tracker CVE-2022-45032 RESERVED CVE-2022-45031 RESERVED CVE-2022-45030 (A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHand ...) NOT-FOR-US: rConfig CVE-2022-45029 RESERVED CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...) NOT-FOR-US: Arris CVE-2022-45027 (perfSONAR before 4.4.6, when performing participant discovery, incorre ...) NOT-FOR-US: perfSONAR CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...) NOT-FOR-US: Markdown Preview Enhanced CVE-2022-45025 (Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was d ...) NOT-FOR-US: Markdown Preview Enhanced CVE-2022-45024 RESERVED CVE-2022-45023 RESERVED CVE-2022-45022 RESERVED CVE-2022-45021 RESERVED CVE-2022-45020 (Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site sc ...) NOT-FOR-US: Rukovoditel CVE-2022-45019 (SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: SLiMS 9 Bulian CVE-2022-45018 RESERVED CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview Page settin ...) NOT-FOR-US: WBCE CMS CVE-2022-45016 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) NOT-FOR-US: WBCE CMS CVE-2022-45015 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) NOT-FOR-US: WBCE CMS CVE-2022-45014 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) NOT-FOR-US: WBCE CMS CVE-2022-45013 (A cross-site scripting (XSS) vulnerability in the Show Advanced Option ...) NOT-FOR-US: WBCE CMS CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page module o ...) NOT-FOR-US: WBCE CMS CVE-2022-45011 RESERVED CVE-2022-45010 (Simple Phone Book/Directory Web App v1.0 was discovered to contain a S ...) NOT-FOR-US: Simple Phone Book/Directory Web App CVE-2022-45009 (Online Leave Management System v1.0 was discovered to contain an arbit ...) NOT-FOR-US: Online Leave Management System CVE-2022-45008 (Online Leave Management System v1.0 was discovered to contain a stored ...) NOT-FOR-US: Online Leave Management System CVE-2022-45007 RESERVED CVE-2022-45006 RESERVED CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) NOT-FOR-US: IP-COM EW9 CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...) NOT-FOR-US: Gophish CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...) NOT-FOR-US: Gophish CVE-2022-45002 RESERVED CVE-2022-45001 RESERVED CVE-2022-45000 RESERVED CVE-2022-44999 RESERVED CVE-2022-44998 RESERVED CVE-2022-44997 RESERVED CVE-2022-44996 RESERVED CVE-2022-44995 RESERVED CVE-2022-44994 RESERVED CVE-2022-44993 RESERVED CVE-2022-44992 RESERVED CVE-2022-44991 RESERVED CVE-2022-44990 RESERVED CVE-2022-44989 RESERVED CVE-2022-44988 RESERVED CVE-2022-44987 RESERVED CVE-2022-44986 RESERVED CVE-2022-44985 RESERVED CVE-2022-44984 RESERVED CVE-2022-44983 RESERVED CVE-2022-44982 RESERVED CVE-2022-44981 RESERVED CVE-2022-44980 RESERVED CVE-2022-44979 RESERVED CVE-2022-44978 RESERVED CVE-2022-44977 RESERVED CVE-2022-44976 RESERVED CVE-2022-44975 RESERVED CVE-2022-44974 RESERVED CVE-2022-44973 RESERVED CVE-2022-44972 RESERVED CVE-2022-44971 RESERVED CVE-2022-44970 RESERVED CVE-2022-44969 RESERVED CVE-2022-44968 RESERVED CVE-2022-44967 RESERVED CVE-2022-44966 RESERVED CVE-2022-44965 RESERVED CVE-2022-44964 RESERVED CVE-2022-44963 RESERVED CVE-2022-44962 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44961 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44960 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44959 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44958 RESERVED CVE-2022-44957 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44956 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44955 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44954 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44953 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: webtareas CVE-2022-44952 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44951 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44950 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44949 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44948 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44947 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44946 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44945 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Rukovoditel CVE-2022-44944 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Rukovoditel CVE-2022-44943 RESERVED CVE-2022-44942 (Casdoor before v1.126.1 was discovered to contain an arbitrary file de ...) NOT-FOR-US: Casdoor CVE-2022-44941 RESERVED CVE-2022-44940 (Patchelf v0.9 was discovered to contain an out-of-bounds read via the ...) - patchelf (unimportant) NOTE: https://github.com/NixOS/patchelf/pull/419 NOTE: https://github.com/NixOS/patchelf/commit/96c8422e374064c3407e73e8b1e4995f95e0a9e0 (0.16.0) NOTE: Crash in CLI tool, no securiy impact CVE-2022-44939 (Efs Software Easy Chat Server Version 3.1 was discovered to contain a ...) NOT-FOR-US: Efs Software Easy Chat Server CVE-2022-44938 (Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attac ...) NOT-FOR-US: SeedDMS CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery ...) NOT-FOR-US: BossCMS CVE-2022-44936 RESERVED CVE-2022-44935 RESERVED CVE-2022-44934 RESERVED CVE-2022-44933 RESERVED CVE-2022-44932 (An access control issue in Tenda A18 v15.13.07.09 allows unauthenticat ...) NOT-FOR-US: Tenda CVE-2022-44931 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command injection ...) NOT-FOR-US: D-Link CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthent ...) NOT-FOR-US: D-Link CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injecti ...) NOT-FOR-US: D-Link CVE-2022-44927 RESERVED CVE-2022-44926 RESERVED CVE-2022-44925 RESERVED CVE-2022-44924 RESERVED CVE-2022-44923 RESERVED CVE-2022-44922 RESERVED CVE-2022-44921 RESERVED CVE-2022-44920 RESERVED CVE-2022-44919 RESERVED CVE-2022-44918 RESERVED CVE-2022-44917 RESERVED CVE-2022-44916 RESERVED CVE-2022-44915 RESERVED CVE-2022-44914 RESERVED CVE-2022-44913 RESERVED CVE-2022-44912 RESERVED CVE-2022-44911 RESERVED CVE-2022-44910 (Binbloom 2.0 was discovered to contain a heap buffer overflow via the ...) NOT-FOR-US: Binbloom CVE-2022-44909 RESERVED CVE-2022-44908 RESERVED CVE-2022-44907 RESERVED CVE-2022-44906 RESERVED CVE-2022-44905 RESERVED CVE-2022-44904 RESERVED CVE-2022-44903 RESERVED CVE-2022-44902 RESERVED CVE-2022-44901 RESERVED CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extractall() f ...) {DSA-5652-1} - py7zr 0.11.3+dfsg-5 (bug #1032091) NOTE: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1) NOTE: https://lessonsec.com/cve/cve-2022-44900/ CVE-2022-44899 RESERVED CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not p ...) NOT-FOR-US: Asus Aura Sync CVE-2022-44897 (A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuild ...) NOT-FOR-US: ApolloTheme AP PageBuilder CVE-2022-44896 RESERVED CVE-2022-44895 RESERVED CVE-2022-44894 RESERVED CVE-2022-44893 RESERVED CVE-2022-44892 RESERVED CVE-2022-44891 RESERVED CVE-2022-44890 RESERVED CVE-2022-44889 RESERVED CVE-2022-44888 RESERVED CVE-2022-44887 RESERVED CVE-2022-44886 RESERVED CVE-2022-44885 RESERVED CVE-2022-44884 RESERVED CVE-2022-44883 RESERVED CVE-2022-44882 RESERVED CVE-2022-44881 RESERVED CVE-2022-44880 RESERVED CVE-2022-44879 RESERVED CVE-2022-44878 RESERVED CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 b ...) NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel) CVE-2022-44876 RESERVED CVE-2022-44875 (KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.All ...) NOT-FOR-US: KioWare CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...) NOT-FOR-US: wasm3 CVE-2022-44873 RESERVED CVE-2022-44872 RESERVED CVE-2022-44871 RESERVED CVE-2022-44870 (A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022 ...) NOT-FOR-US: maccms10 CVE-2022-44869 RESERVED CVE-2022-44868 RESERVED CVE-2022-44867 RESERVED CVE-2022-44866 RESERVED CVE-2022-44865 RESERVED CVE-2022-44864 RESERVED CVE-2022-44863 RESERVED CVE-2022-44862 RESERVED CVE-2022-44861 RESERVED CVE-2022-44860 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44859 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44858 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44857 RESERVED CVE-2022-44856 RESERVED CVE-2022-44855 RESERVED CVE-2022-44854 RESERVED CVE-2022-44853 RESERVED CVE-2022-44852 RESERVED CVE-2022-44851 RESERVED CVE-2022-44850 RESERVED CVE-2022-44849 (A Cross-Site Request Forgery (CSRF) in the Administrator List of MetIn ...) NOT-FOR-US: MetInfo CVE-2022-44848 RESERVED CVE-2022-44847 RESERVED CVE-2022-44846 RESERVED CVE-2022-44845 RESERVED CVE-2022-44844 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-44843 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-44842 RESERVED CVE-2022-44841 RESERVED CVE-2022-44840 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...) - binutils 2.40-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29732 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=28750e3b967da2207d51cbce9fc8be262817ee59 NOTE: binutils not covered by security support CVE-2022-44839 RESERVED CVE-2022-44838 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44837 RESERVED CVE-2022-44836 RESERVED CVE-2022-44835 RESERVED CVE-2022-44834 RESERVED CVE-2022-44833 RESERVED CVE-2022-44832 (D-Link DIR-3040 device with firmware 120B03 was discovered to contain ...) NOT-FOR-US: D-Link CVE-2022-44831 RESERVED CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...) NOT-FOR-US: Sourcecodester Event Registration App CVE-2022-44829 RESERVED CVE-2022-44828 RESERVED CVE-2022-44827 RESERVED CVE-2022-44826 RESERVED CVE-2022-44825 RESERVED CVE-2022-44824 RESERVED CVE-2022-44823 RESERVED CVE-2022-44822 RESERVED CVE-2022-44821 RESERVED CVE-2022-44820 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44819 RESERVED CVE-2022-44818 RESERVED CVE-2022-44817 RESERVED CVE-2022-44816 RESERVED CVE-2022-44815 RESERVED CVE-2022-44814 RESERVED CVE-2022-44813 RESERVED CVE-2022-44812 RESERVED CVE-2022-44811 RESERVED CVE-2022-44810 RESERVED CVE-2022-44809 RESERVED CVE-2022-44808 (A command injection vulnerability has been found on D-Link DIR-823G de ...) NOT-FOR-US: D-Link CVE-2022-44807 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow vi ...) NOT-FOR-US: D-Link CVE-2022-44806 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.) NOT-FOR-US: D-Link CVE-2022-44805 RESERVED CVE-2022-44804 (D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via ...) NOT-FOR-US: D-Link CVE-2022-44803 RESERVED CVE-2022-44802 RESERVED CVE-2022-44801 (D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.) NOT-FOR-US: D-Link CVE-2022-44800 RESERVED CVE-2022-44799 RESERVED CVE-2022-44798 RESERVED CVE-2022-44797 (btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta a ...) NOT-FOR-US: btcd CVE-2022-44796 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Th ...) NOT-FOR-US: Object First CVE-2022-44795 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A ...) NOT-FOR-US: Object First CVE-2022-44794 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Ma ...) NOT-FOR-US: Object First CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...) {DLA-3270-1} - net-snmp 5.9.3+dfsg-2 (bug #1024020) [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/475 NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f NOTE: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP ...) {DLA-3270-1} - net-snmp 5.9.3+dfsg-2 (bug #1024020) [bullseye] - net-snmp (Minor issue) NOTE: https://github.com/net-snmp/net-snmp/issues/474 NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 NOTE: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 CVE-2022-44791 RESERVED CVE-2022-44790 (Interspire Email Marketer through 6.5.1 allows SQL Injection via the s ...) NOT-FOR-US: Interspire Email Marketer CVE-2022-44789 (A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 ...) {DSA-5291-1} - mujs 1.3.2-1 (bug #1024769) NOTE: https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt NOTE: Fixed by: https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f (1.3.2) CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It allows Sessi ...) NOT-FOR-US: Appalti & Contratti CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The web applica ...) NOT-FOR-US: Appalti & Contratti CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) NOT-FOR-US: Appalti & Contratti CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) NOT-FOR-US: Appalti & Contratti CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) NOT-FOR-US: Appalti & Contratti CVE-2022-44619 (Insecure storage of sensitive information in the Intel(R) DCM software ...) NOT-FOR-US: Intel CVE-2022-44610 (Improper authentication in the Intel(R) DCM software before version 5. ...) NOT-FOR-US: Intel CVE-2022-43507 (Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL be ...) NOT-FOR-US: Intel CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM software ...) NOT-FOR-US: Intel CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...) NOT-FOR-US: Intel CVE-2022-43456 (Uncontrolled search path in some Intel(R) RST software before versions ...) NOT-FOR-US: Intel CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...) NOT-FOR-US: Intel CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...) NOT-FOR-US: Intel CVE-2022-41625 RESERVED CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before versi ...) NOT-FOR-US: Intel CVE-2022-3871 RESERVED CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-44783 RESERVED CVE-2022-44782 RESERVED CVE-2022-44781 RESERVED CVE-2022-44780 RESERVED CVE-2022-3869 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2 ...) - froxlor (bug #581792) CVE-2022-3868 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-44779 RESERVED CVE-2022-44778 RESERVED CVE-2022-44777 RESERVED CVE-2022-44776 RESERVED CVE-2022-44775 RESERVED CVE-2022-44774 RESERVED CVE-2022-44773 RESERVED CVE-2022-44772 RESERVED CVE-2022-44771 RESERVED CVE-2022-44770 RESERVED CVE-2022-44769 RESERVED CVE-2022-44768 RESERVED CVE-2022-44767 RESERVED CVE-2022-44766 RESERVED CVE-2022-44765 RESERVED CVE-2022-44764 RESERVED CVE-2022-44763 RESERVED CVE-2022-44762 RESERVED CVE-2022-44761 RESERVED CVE-2022-44760 RESERVED CVE-2022-44759 RESERVED CVE-2022-44758 (BigFix Insights/IVR fixlet uses improper credential handling within ce ...) NOT-FOR-US: HCL CVE-2022-44757 (BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptogr ...) NOT-FOR-US: HCL CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable toimproper ...) NOT-FOR-US: HCL CVE-2022-44755 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) NOT-FOR-US: IBM CVE-2022-44754 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) NOT-FOR-US: IBM CVE-2022-44753 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) NOT-FOR-US: IBM CVE-2022-44752 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) NOT-FOR-US: IBM CVE-2022-44751 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) NOT-FOR-US: IBM CVE-2022-44750 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) NOT-FOR-US: IBM CVE-2022-44747 (Local privilege escalation due to improper soft link handling. The fol ...) NOT-FOR-US: Acronis CVE-2022-44746 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2022-44745 (Sensitive information leak through log files. The following products a ...) NOT-FOR-US: Acronis CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) NOT-FOR-US: Acronis CVE-2022-44743 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Blu ...) NOT-FOR-US: WordPress plugin CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...) NOT-FOR-US: WordPress plugin CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...) NOT-FOR-US: WordPress plugin CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...) NOT-FOR-US: WordPress plugin CVE-2022-44738 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...) NOT-FOR-US: WordPress plugin CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...) NOT-FOR-US: WordPress plugin CVE-2022-44735 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus ...) NOT-FOR-US: WordPress plugin CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) NOT-FOR-US: WordPress plugin CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis CVE-2022-3867 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream su ...) - nomad (Only affects 1.4) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168 CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identi ...) - nomad (Only affects 1.4) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167 CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-3864 (A vulnerability exists in the Relion update package signature validati ...) NOT-FOR-US: Relion CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0.4896 ...) {DSA-5114-1} - chromium 100.0.4896.75-1 [buster] - chromium (see DSA 5046) CVE-2023-21418 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) NOT-FOR-US: AXIS OS CVE-2023-21417 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found tha ...) NOT-FOR-US: AXIS OS CVE-2023-21416 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) NOT-FOR-US: AXIS OS CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) NOT-FOR-US: AXIS OS CVE-2023-21414 (NCC Group has found a flaw during the annual internal penetration test ...) NOT-FOR-US: AXIS OS CVE-2023-21413 (GoSecure on behalf of Genetec Inc. has found a flaw that allows for a ...) NOT-FOR-US: AXIS OS CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate Verifie ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > Access Co ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21410 (User provided input is not sanitized on the AXIS License Plate Verifie ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21409 (Due to insufficient file permissions, unprivileged users could gain ac ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21408 (Due to insufficient file permissions, unprivileged users could gain ac ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21407 (A broken access control was found allowing for privileged escalation o ...) NOT-FOR-US: AXIS License Plate Verifier CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...) NOT-FOR-US: AXIS CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...) NOT-FOR-US: AXIS CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...) NOT-FOR-US: AXIS OS CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...) NOT-FOR-US: KNIME CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...) NOT-FOR-US: KNIME CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All ver ...) NOT-FOR-US: Siemens CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) {DLA-3619-1} - batik 1.17+dfsg-1 [bookworm] - batik 1.16+dfsg-1+deb12u1 [bullseye] - batik 1.12-4+deb11u2 NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1347 CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) {DLA-3619-1} - batik 1.17+dfsg-1 [bookworm] - batik 1.16+dfsg-1+deb12u1 [bullseye] - batik 1.12-4+deb11u2 NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1349 CVE-2022-44728 RESERVED CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for Pres ...) NOT-FOR-US: PrestaShop module CVE-2022-44726 (The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS i ...) NOT-FOR-US: TouchDown Timesheet tracking component for Jira CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses ...) NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...) NOT-FOR-US: Stiltsoft CVE-2022-44723 RESERVED CVE-2022-44722 RESERVED CVE-2022-44721 REJECTED CVE-2022-44720 (An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Inj ...) NOT-FOR-US: Weblib Ucopia CVE-2022-44719 (An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server ...) NOT-FOR-US: Weblib Ucopia CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) NOT-FOR-US: NetScout CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) NOT-FOR-US: NetScout CVE-2022-44716 RESERVED CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allow ...) NOT-FOR-US: NetScout CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...) NOT-FOR-US: Betheme theme for WordPress CVE-2022-3860 (The Visual Email Designer for WooCommerce WordPress plugin before 1.7. ...) NOT-FOR-US: WordPress plugin CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...) NOT-FOR-US: Trellix CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeC ...) NOT-FOR-US: WordPress plugin CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a s ...) NOTE: Unreproducible libpng issue NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600 NOTE: https://sourceforge.net/p/libpng/bugs/300/ CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...) NOT-FOR-US: WordPress plugin CVE-2023-21403 (In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary co ...) NOT-FOR-US: Android CVE-2023-21402 (In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-21401 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...) {DSA-5480-1 DLA-3623-1} - linux 5.18.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/pixel/2023-07-01 NOTE: https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html NOTE: https://www.openwall.com/lists/oss-security/2023/07/14/2 NOTE: https://www.openwall.com/lists/oss-security/2023/07/25/9 NOTE: https://twitter.com/VAR10CK/status/1683303642173153280 CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...) NOT-FOR-US: Android/Pixel kernel CVE-2023-21398 (In sdksandbox, there is a possible strandhogg style overlay attack due ...) NOT-FOR-US: Android CVE-2023-21397 (In Setup Wizard, there is a possible way to save a WiFi network due to ...) NOT-FOR-US: Android CVE-2023-21396 (In Activity Manager, there is a possible background activity launch du ...) NOT-FOR-US: Android CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...) NOT-FOR-US: Android CVE-2023-21394 (In registerPhoneAccount of TelecomServiceImpl.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...) NOT-FOR-US: Android CVE-2023-21392 (In Bluetooth, there is a possible way to corrupt memory due to a use a ...) NOT-FOR-US: Android CVE-2023-21391 (In Messaging, there is a possible way to disable the messaging applica ...) NOT-FOR-US: Android CVE-2023-21390 (In Sim, there is a possible way to evade mobile preference restriction ...) NOT-FOR-US: Android CVE-2023-21389 (In Settings, there is a possible bypass of profile owner restrictions ...) NOT-FOR-US: Android CVE-2023-21388 (In Settings, there is a possible restriction bypass due to a missing p ...) NOT-FOR-US: Android CVE-2023-21387 (In User Backup Manager, there is a possible way to leak a token to byp ...) NOT-FOR-US: Android CVE-2023-21386 RESERVED CVE-2023-21385 (In Whitechapel, there is a possible out of bounds read due to memory c ...) NOT-FOR-US: Android CVE-2023-21384 (In Package Manager, there is a possible possible permissions bypass du ...) NOT-FOR-US: Android CVE-2023-21383 (In Settings, there is a possible way for the user to unintentionally s ...) NOT-FOR-US: Android CVE-2023-21382 (In Content Resolver, there is a possible method to access metadata abo ...) NOT-FOR-US: Android CVE-2023-21381 (In Media Resource Manager, there is a possible local arbitrary code ex ...) NOT-FOR-US: Android CVE-2023-21380 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) NOT-FOR-US: Android CVE-2023-21379 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2023-21378 (In Telecomm, there is a possible way to silence the ring for calls of ...) NOT-FOR-US: Android CVE-2023-21377 (In SELinux Policy, there is a possible restriction bypass due to a per ...) NOT-FOR-US: Android CVE-2023-21376 (In Telephony, there is a possible way to retrieve the ICCID due to a l ...) NOT-FOR-US: Android CVE-2023-21375 (In Sysproxy, there is a possible out of bounds write due to an integer ...) NOT-FOR-US: Android CVE-2023-21374 (In System UI, there is a possible factory reset protection bypass due ...) NOT-FOR-US: Android CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...) NOT-FOR-US: Android CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...) NOT-FOR-US: Android CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2023-21369 (In Usage Access, there is a possible way to display a Settings usage a ...) NOT-FOR-US: Android CVE-2023-21368 (In Audio, there is a possible out of bounds read due to missing bounds ...) NOT-FOR-US: Android CVE-2023-21367 (In Scudo, there is a possible way to exploit certain heap OOB read/wri ...) NOT-FOR-US: Android CVE-2023-21366 (In Scudo, there is a possible way for an attacker to predict heap allo ...) NOT-FOR-US: Android CVE-2023-21365 (In Contacts, there is a possible crash loop due to resource exhaustion ...) NOT-FOR-US: Android CVE-2023-21364 (In ContactsProvider, there is a possible crash loop due to resource ex ...) NOT-FOR-US: Android CVE-2023-21363 RESERVED CVE-2023-21362 (In Usage, there is a possible permanent DoS due to resource exhaustion ...) NOT-FOR-US: Android CVE-2023-21361 (In Bluetooth, there is a possibility of code-execution due to a use af ...) NOT-FOR-US: Android CVE-2023-21360 (In Bluetooth, there is a possible out of bounds write due to improper ...) NOT-FOR-US: Android CVE-2023-21359 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2023-21358 (In UWB Google, there is a possible way for a malicious app to masquera ...) NOT-FOR-US: Android CVE-2023-21357 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2023-21356 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2023-21355 (In libaudioclient, there is a possible out of bounds write due to a us ...) NOT-FOR-US: Android CVE-2023-21354 (In Package Manager Service, there is a possible way to determine wheth ...) NOT-FOR-US: Android CVE-2023-21353 (In NFA, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2023-21352 (In NFA, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2023-21351 (In Activity Manager, there is a possible background activity launch du ...) NOT-FOR-US: Android CVE-2023-21350 (In Media Projection, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2023-21349 (In Package Manager, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2023-21348 (In Window Manager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21347 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2023-21346 (In the Device Idle Controller, there is a possible way to determine wh ...) NOT-FOR-US: Android CVE-2023-21345 (In Game Manager Service, there is a possible way to determine whether ...) NOT-FOR-US: Android CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...) NOT-FOR-US: Android CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...) NOT-FOR-US: Android CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...) NOT-FOR-US: Android CVE-2023-21340 (In Telecomm, there is a possible way to get the call state due to a mi ...) NOT-FOR-US: Android CVE-2023-21339 (In Minikin, there is a possible way to trigger ANR by showing a malici ...) NOT-FOR-US: Android CVE-2023-21338 (In Input Method, there is a possible way to determine whether an app i ...) NOT-FOR-US: Android CVE-2023-21337 (In InputMethod, there is a possible way to determine whether an app is ...) NOT-FOR-US: Android CVE-2023-21336 (In Input Method, there is a possible way to determine whether an app i ...) NOT-FOR-US: Android CVE-2023-21335 (In Settings, there is a possible way to determine whether an app is in ...) NOT-FOR-US: Android CVE-2023-21334 (In App Ops Service, there is a possible disclosure of information abou ...) NOT-FOR-US: Android CVE-2023-21333 (In Text Services, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21332 (In Text Services, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21331 (In InputMethod, there is a possible way to determine whether an app is ...) NOT-FOR-US: Android CVE-2023-21330 (In Overlay Manager, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2023-21329 (In Activity Manager, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2023-21328 (In Package Installer, there is a possible way to determine whether an ...) NOT-FOR-US: Android CVE-2023-21327 (In Permission Manager, there is a possible way to determine whether an ...) NOT-FOR-US: Android CVE-2023-21326 (In Package Manager Service, there is a possible way to determine wheth ...) NOT-FOR-US: Android CVE-2023-21325 (In Settings, there is a possible way to determine whether an app is in ...) NOT-FOR-US: Android CVE-2023-21324 (In Package Installer, there is a possible way to determine whether an ...) NOT-FOR-US: Android CVE-2023-21323 (In Activity Manager, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2023-21322 RESERVED CVE-2023-21321 (In Package Manager, there is a possible cross-user settings disclosure ...) NOT-FOR-US: Android CVE-2023-21320 (In Device Policy, there is a possible way to verify if a particular ad ...) NOT-FOR-US: Android CVE-2023-21319 (In UsageStatsService, there is a possible way to read installed 3rd pa ...) NOT-FOR-US: Android CVE-2023-21318 (In Content, there is a possible way to determine whether an app is ins ...) NOT-FOR-US: Android CVE-2023-21317 (In ContentService, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21316 (In Content, there is a possible way to determine whether an app is ins ...) NOT-FOR-US: Android CVE-2023-21315 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...) NOT-FOR-US: Android CVE-2023-21314 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2023-21313 (In Core, there is a possible way to forward calls without user knowled ...) NOT-FOR-US: Android CVE-2023-21312 (In IntentResolver, there is a possible cross-user media read due to a ...) NOT-FOR-US: Android CVE-2023-21311 (In Settings, there is a possible way to control private DNS settings f ...) NOT-FOR-US: Android CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) NOT-FOR-US: Android CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...) NOT-FOR-US: Android CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...) NOT-FOR-US: Android CVE-2023-21306 (In ContentService, there is a possible way to read installed sync cont ...) NOT-FOR-US: Android CVE-2023-21305 (In Content, there is a possible way to determine whether an app is ins ...) NOT-FOR-US: Android CVE-2023-21304 (In Content Service, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2023-21303 (In Content, here is a possible way to determine whether an app is inst ...) NOT-FOR-US: Android CVE-2023-21302 (In Package Manager, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2023-21301 (In ActivityManagerService, there is a possible way to determine whethe ...) NOT-FOR-US: Android CVE-2023-21300 (In PackageManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2023-21299 (In Package Manager, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2023-21298 (In Slice, there is a possible disclosure of installed applications due ...) NOT-FOR-US: Android CVE-2023-21297 (In SEPolicy, there is a possible way to access the factory MAC address ...) NOT-FOR-US: Android CVE-2023-21296 (In Permission, there is a possible way to determine whether an app is ...) NOT-FOR-US: Android CVE-2023-21295 (In SliceManagerService, there is a possible way to check if a content ...) NOT-FOR-US: Android CVE-2023-21294 (In Slice, there is a possible disclosure of installed packages due to ...) NOT-FOR-US: Android CVE-2023-21293 (In PackageManagerNative, there is a possible way to determine whether ...) NOT-FOR-US: Android CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...) NOT-FOR-US: Android CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...) NOT-FOR-US: Android CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...) NOT-FOR-US: Android CVE-2023-21288 (In visitUris of Notification.java, there is a possible way to reveal i ...) NOT-FOR-US: Android CVE-2023-21287 (In multiple locations, there is a possible code execution due to type ...) NOT-FOR-US: Android CVE-2023-21286 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) NOT-FOR-US: Android CVE-2023-21285 (In setMetadata of MediaSessionRecord.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21284 (In multiple functions of DevicePolicyManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21283 (In multiple functions of StatusHints.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21282 (In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21281 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21280 (In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there i ...) NOT-FOR-US: Android CVE-2023-21279 (In visitUris of RemoteViews.java, there is a possible cross-user media ...) NOT-FOR-US: Android CVE-2023-21278 (In multiple locations, there is a possible way to obscure the micropho ...) NOT-FOR-US: Android CVE-2023-21277 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) NOT-FOR-US: Android CVE-2023-21276 (In writeToParcel of CursorWindow.cpp, there is a possible information ...) NOT-FOR-US: Android CVE-2023-21275 (In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivit ...) NOT-FOR-US: Android CVE-2023-21274 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21273 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2023-21272 (In readFrom of Uri.java, there is a possible bad URI permission grant ...) NOT-FOR-US: Android CVE-2023-21271 (In parseInputs of ShimPreparedModel.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-21270 RESERVED CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...) NOT-FOR-US: Android CVE-2023-21267 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...) NOT-FOR-US: Android CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...) - linux 6.3.7-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/docs/security/bulletin/2023-08-01 NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f CVE-2023-21263 (In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21261 REJECTED CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...) NOT-FOR-US: Android CVE-2023-21259 RESERVED CVE-2023-21258 RESERVED CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there is a p ...) NOT-FOR-US: Android CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...) NOT-FOR-US: Android CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...) {DSA-5480-1 DLA-3623-1} - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4) CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...) NOT-FOR-US: Android CVE-2023-21253 (In multiple locations, there is a possible way to crash multiple syste ...) NOT-FOR-US: Android CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...) NOT-FOR-US: Android CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, there is a ...) NOT-FOR-US: Android CVE-2023-21248 (In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController ...) NOT-FOR-US: Android CVE-2023-21247 (In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceContr ...) NOT-FOR-US: Android CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way for an a ...) NOT-FOR-US: Android CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...) NOT-FOR-US: Android CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass of user ...) NOT-FOR-US: Android CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...) NOT-FOR-US: Android CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...) NOT-FOR-US: Android CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...) NOT-FOR-US: Android CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to leak ima ...) NOT-FOR-US: Android CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of images b ...) NOT-FOR-US: Android CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...) NOT-FOR-US: Android CVE-2023-21235 (In onCreate of LockSettingsActivity.java, there is a possible way set ...) NOT-FOR-US: Android CVE-2023-21234 (In launchConfirmationActivity of ChooseLockSettingsHelper.java, there ...) NOT-FOR-US: Android CVE-2023-21233 (In multiple locations of avrc, there is a possible leak of heap data d ...) NOT-FOR-US: Android CVE-2023-21232 (In multiple locations, there is a possible way to retrieve sensor data ...) NOT-FOR-US: Android CVE-2023-21231 (In getIntentForButton of ButtonManager.java, there is a possible way f ...) NOT-FOR-US: Android CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is a poss ...) NOT-FOR-US: Android CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21228 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...) NOT-FOR-US: Android CVE-2023-21227 (In HTBLogKM of htbserver.c, there is a possible information disclosure ...) NOT-FOR-US: Android CVE-2023-21226 (In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a poss ...) NOT-FOR-US: Android CVE-2023-21225 (there is a possible way to bypass the protected confirmation screen du ...) NOT-FOR-US: Android CVE-2023-21224 (In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a ...) NOT-FOR-US: Android CVE-2023-21223 (In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a p ...) NOT-FOR-US: Android CVE-2023-21222 (In load_dt_data of storage.c, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2023-21221 RESERVED CVE-2023-21220 (there is a possible use of unencrypted transport over cellular network ...) NOT-FOR-US: Android CVE-2023-21219 (there is a possible use of unencrypted transport over cellular network ...) NOT-FOR-US: Android CVE-2023-21218 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...) NOT-FOR-US: Android CVE-2023-21217 (In PMRWritePMPageList of TBD, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2023-21216 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...) NOT-FOR-US: Android CVE-2023-21215 (In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21214 (In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21213 (In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2023-21212 (In multiple files, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2023-21211 (In multiple files, there is a possible out of bounds read due to a hea ...) NOT-FOR-US: Android CVE-2023-21210 (In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2023-21209 (In multiple functions of sta_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21208 (In setCountryCodeInternal of sta_iface.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21207 (In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21206 (In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a poss ...) NOT-FOR-US: Android CVE-2023-21205 (In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21204 (In multiple files, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2023-21203 (In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-21202 (In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a po ...) NOT-FOR-US: Android CVE-2023-21201 (In on_create_record_event of btif_sdp_server.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2023-21200 (In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21199 (In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21198 (In remove_sdp_record of btif_sdp_server.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21197 (In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21196 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android CVE-2023-21195 (In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a pos ...) NOT-FOR-US: Android CVE-2023-21194 (In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21193 (In VideoFrame of VideoFrame.h, there is a possible abort due to an int ...) NOT-FOR-US: Android CVE-2023-21192 (In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java ...) NOT-FOR-US: Android CVE-2023-21191 (In fixNotification of NotificationManagerService.java, there is a poss ...) NOT-FOR-US: Android CVE-2023-21190 (In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a ...) NOT-FOR-US: Android CVE-2023-21189 (In startLockTaskMode of LockTaskController.java, there is a possible b ...) NOT-FOR-US: Android CVE-2023-21188 (In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21187 (In onCreate of UsbAccessoryUriActivity.java, there is a possible way t ...) NOT-FOR-US: Android CVE-2023-21186 (In LogResponse of Dns.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2023-21185 (In multiple functions of WifiNetworkFactory.java, there is a missing p ...) NOT-FOR-US: Android CVE-2023-21184 (In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker ...) NOT-FOR-US: Android CVE-2023-21183 (In ForegroundUtils of ForegroundUtils.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21182 (In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp ...) NOT-FOR-US: Android CVE-2023-21181 (In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21180 (In xmlParseTryOrFinish of parser.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21179 (In parseSecurityParamsFromXml of XmlUtil.java, there is a possible byp ...) NOT-FOR-US: Android CVE-2023-21178 (In installKey of KeyUtil.cpp, there is a possible failure of file encr ...) NOT-FOR-US: Android CVE-2023-21177 (In requestAppKeyboardShortcuts of WindowManagerService.java, there is ...) NOT-FOR-US: Android CVE-2023-21176 (In list_key_entries of utils.rs, there is a possible way to disable us ...) NOT-FOR-US: Android CVE-2023-21175 (In onCreate of DataUsageSummary.java, there is a possible method for a ...) NOT-FOR-US: Android CVE-2023-21174 (In isPageSearchEnabled of BillingCycleSettings.java, there is a possib ...) NOT-FOR-US: Android CVE-2023-21173 (In multiple methods of DataUsageList.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21172 (In multiple functions of WifiCallingSettings.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21171 (In verifyInputEvent of InputDispatcher.cpp, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21170 (In executeSetClientTarget of ComposerCommandEngine.h, there is a possi ...) NOT-FOR-US: Android CVE-2023-21169 (In inviteInternal of p2p_iface.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21168 (In convertCbYCrY of ColorConverter.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-21166 (In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code ...) NOT-FOR-US: Android CVE-2023-21165 (In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitr ...) NOT-FOR-US: Android CVE-2023-21164 (In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrar ...) NOT-FOR-US: Android CVE-2023-21163 (In PMR_ReadBytes of pmr.c, there is a possible arbitrary code executio ...) NOT-FOR-US: Android CVE-2023-21162 (In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary co ...) NOT-FOR-US: Android CVE-2023-21161 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-21160 (In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21159 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-21158 (In encode of miscdata.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2023-21157 (In encode of wlandata.cpp, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2023-21156 (In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible o ...) NOT-FOR-US: Android CVE-2023-21155 (In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible o ...) NOT-FOR-US: Android CVE-2023-21154 (In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21153 (In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21152 (In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, ...) NOT-FOR-US: Android CVE-2023-21151 (In the Google BMS kernel module, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2023-21150 (In handle_set_parameters_ctrl of hal_socket.c, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21149 (In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there ...) NOT-FOR-US: Android CVE-2023-21148 (In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2023-21147 (In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible U ...) NOT-FOR-US: Android CVE-2023-21146 (there is a possible way to corrupt memory due to a use after free. Thi ...) NOT-FOR-US: Android CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...) NOT-FOR-US: Android CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...) NOT-FOR-US: Android CVE-2023-21142 (In multiple files, there is a possible way to access traces in the dev ...) NOT-FOR-US: Android CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...) NOT-FOR-US: Android CVE-2023-21140 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...) NOT-FOR-US: Android CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21137 (In several methods of JobStore.java, uncaught exceptions in job map pa ...) NOT-FOR-US: Android CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way to cau ...) NOT-FOR-US: Android CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...) NOT-FOR-US: Android CVE-2023-21134 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21133 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21132 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...) NOT-FOR-US: Android CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...) NOT-FOR-US: Android CVE-2023-21129 (In getFullScreenIntentDecision of NotificationInterruptStateProviderIm ...) NOT-FOR-US: Android CVE-2023-21128 (In various functions of AppStandbyController.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-21127 (In readSampleData of NuMediaExtractor.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, the ...) NOT-FOR-US: Android CVE-2023-21125 RESERVED CVE-2023-21124 (In run of multiple files, there is a possible escalation of privilege ...) NOT-FOR-US: Android CVE-2023-21123 (In multiple functions of multiple files, there is a possible way to by ...) NOT-FOR-US: Android CVE-2023-21122 (In various functions of various files, there is a possible way to bypa ...) NOT-FOR-US: Android CVE-2023-21121 (In onResume of AppManagementFragment.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21120 (In multiple functions of cdm_engine.cpp, there is a possible use-after ...) NOT-FOR-US: Android CVE-2023-21119 RESERVED CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java, there i ...) NOT-FOR-US: Android CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, there is a ...) NOT-FOR-US: Android CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...) NOT-FOR-US: Android CVE-2023-21114 RESERVED CVE-2023-21113 RESERVED CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21109 (In multiple places of AccessibilityService, there is a possible way to ...) NOT-FOR-US: Android CVE-2023-21108 (In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there is a miss ...) NOT-FOR-US: Android CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible memory corrup ...) - linux 6.1.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5) CVE-2023-21105 (In multiple functions of ChooserActivity.java, there is a possible cro ...) NOT-FOR-US: Android CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing permission ...) NOT-FOR-US: Android CVE-2023-21103 (In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught except ...) NOT-FOR-US: Android CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypas ...) - linux 6.1.8-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/docs/security/bulletin/2023-05-01 NOTE: https://git.kernel.org/linus/ff7a167961d1b97e0e205f245f806e564d3505e7 (6.2-rc1) NOTE: https://git.kernel.org/linus/18bba1843fc7f264f58c9345d00827d082f9c558 (6.2-rc4) CVE-2023-21101 (In multiple functions of WVDrmPlugin.cpp, there is a possible use afte ...) NOT-FOR-US: Android CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...) NOT-FOR-US: Android CVE-2023-21098 (In multiple functions of AccountManagerService.java, there is a possib ...) NOT-FOR-US: Android CVE-2023-21097 (In toUriInner of Intent.java, there is a possible way to launch an arb ...) NOT-FOR-US: Android CVE-2023-21096 (In OnWakelockReleased of attribution_processor.cc, there is a use afte ...) NOT-FOR-US: Android CVE-2023-21095 (In canStartSystemGesture of RecentsAnimationDeviceState.java, there is ...) NOT-FOR-US: Android CVE-2023-21094 (In sanitize of LayerState.cpp, there is a possible way to take over th ...) NOT-FOR-US: Android CVE-2023-21093 (In extractRelativePath of FileUtils.java, there is a possible way to a ...) NOT-FOR-US: Android CVE-2023-21092 (In retrieveServiceLocked of ActiveServices.java, there is a possible w ...) NOT-FOR-US: Android CVE-2023-21091 (In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-21090 (In parseUsesPermission of ParsingPackageUtils.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21089 (In startInstrumentation of ActivityManagerService.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-21088 (In deliverOnFlushComplete of LocationProviderManager.java, there is a ...) NOT-FOR-US: Android CVE-2023-21087 (In PreferencesHelper.java, an uncaught exception may cause the device ...) NOT-FOR-US: Android CVE-2023-21086 (In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceContro ...) NOT-FOR-US: Android CVE-2023-21085 (In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21084 (In buildPropFile of filesystem.go, there is a possible insecure hash d ...) NOT-FOR-US: Android CVE-2023-21083 (In onNullBinding of CallScreeningServiceHelper.java, there is a possib ...) NOT-FOR-US: Android CVE-2023-21082 (In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, t ...) NOT-FOR-US: Android CVE-2023-21081 (In multiple functions of PackageInstallerService.java and related file ...) NOT-FOR-US: Android CVE-2023-21080 (In register_notification_rsp of btif_rc.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21077 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21076 (In createTransmitFollowupRequest of nan.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2023-21075 (In get_svc_hash of nan.cpp, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2023-21074 RESERVED CVE-2023-21073 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21072 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2023-21071 (In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21070 (In add_roam_cache_list of wl_roam.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21069 (In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21068 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) NOT-FOR-US: Android CVE-2023-21067 (Product: AndroidVersions: Android kernelAndroid ID: A-254114726Referen ...) NOT-FOR-US: Android CVE-2023-21066 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2023-21065 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2023-21064 (In DoSetPinControl of miscservice.cpp, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2023-21063 (In ParseWithAuthType of simdata.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21062 (In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2023-21061 (Product: AndroidVersions: Android kernelAndroid ID: A-229255400Referen ...) NOT-FOR-US: Android CVE-2023-21060 (In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21059 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) NOT-FOR-US: Android CVE-2023-21058 (In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21057 (In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible ...) NOT-FOR-US: Android CVE-2023-21056 (In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memo ...) NOT-FOR-US: Android CVE-2023-21055 (In dit_hal_ioctl of dit.c, there is a possible use after free due to a ...) NOT-FOR-US: Android CVE-2023-21054 (In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possi ...) NOT-FOR-US: Android CVE-2023-21053 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible o ...) NOT-FOR-US: Android CVE-2023-21052 (In setToExternal of ril_external_client.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2023-21051 (In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-21050 (In load_png_image of ExynosHWCHelper.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2023-21049 (In append_camera_metadata of camera_metadata.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-21048 (In handleEvent of nan.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2023-21047 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2023-21046 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2023-21045 (When cpif handles probe failures, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2023-21044 (In init of VendorGraphicBufferMeta, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21043 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) NOT-FOR-US: Android CVE-2023-21042 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) NOT-FOR-US: Android CVE-2023-21041 (In append_to_params of param_util.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21040 (In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21039 (In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21038 (In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21037 RESERVED CVE-2023-21036 (In BitmapExport.java, there is a possible failure to truncate images d ...) NOT-FOR-US: Android CVE-2023-21035 (In multiple functions of BackupHelper.java, there is a possible way fo ...) NOT-FOR-US: Android CVE-2023-21034 (In multiple functions of SensorService.cpp, there is a possible access ...) NOT-FOR-US: Android CVE-2023-21033 (In addNetwork of WifiManager.java, there is a possible way to trigger ...) NOT-FOR-US: Android CVE-2023-21032 (In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21031 (In setPowerMode of HWC2.cpp, there is a possible out of bounds read du ...) NOT-FOR-US: Android CVE-2023-21030 (In Confirmation of keystore_cli_v2.cpp, there is a possible way to cor ...) NOT-FOR-US: Android CVE-2023-21029 (In register of UidObserverController.java, there is a missing permissi ...) NOT-FOR-US: Android CVE-2023-21028 (In parse_printerAttributes of ipphelper.c, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21027 (In multiple functions of PasspointXmlUtils.java, there is a possible a ...) NOT-FOR-US: Android CVE-2023-21026 (In updateInputChannel of WindowManagerService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2023-21025 (In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-21024 (In maybeFinish of FallbackHome.java, there is a possible delay of lock ...) NOT-FOR-US: Android CVE-2023-21023 RESERVED CVE-2023-21022 (In BufferBlock of Suballocation.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21021 (In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is ...) NOT-FOR-US: Android CVE-2023-21020 (In registerSignalHandlers of main.c, there is a possible local arbitra ...) NOT-FOR-US: Android CVE-2023-21019 (In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out ...) NOT-FOR-US: Android CVE-2023-21018 (In UnwindingWorker of unwinding.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2023-21017 (In InstallStart of InstallStart.java, there is a possible way to chang ...) NOT-FOR-US: Android CVE-2023-21016 (In AccountTypePreference of AccountTypePreference.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-21015 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) NOT-FOR-US: Android CVE-2023-21014 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21013 (In forceStaDisconnection of hostapd.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-21012 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21011 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21010 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21009 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21008 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21007 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21006 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-21005 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) NOT-FOR-US: Android CVE-2023-21004 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) NOT-FOR-US: Android CVE-2023-21003 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) NOT-FOR-US: Android CVE-2023-21002 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) NOT-FOR-US: Android CVE-2023-21001 (In onContextItemSelected of NetworkProviderSettings.java, there is a p ...) NOT-FOR-US: Android CVE-2023-21000 (In MediaCodec.cpp, there is a possible use after free due to improper ...) NOT-FOR-US: Android CVE-2023-20999 (In multiple locations, there is a possible way to trigger a persistent ...) NOT-FOR-US: Android CVE-2023-20998 (In multiple locations, there is a possible way to trigger a persistent ...) NOT-FOR-US: Android CVE-2023-20997 (In multiple locations, there is a possible way to trigger a persistent ...) NOT-FOR-US: Android CVE-2023-20996 (In multiple locations, there is a possible way to trigger a persistent ...) NOT-FOR-US: Android CVE-2023-20995 (In captureImage of CustomizedSensor.cpp, there is a possible way to by ...) NOT-FOR-US: Android CVE-2023-20994 (In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible ...) NOT-FOR-US: Android CVE-2023-20993 (In multiple functions of SnoozeHelper.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2023-20992 (In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out ...) NOT-FOR-US: Android CVE-2023-20991 (In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_inter ...) NOT-FOR-US: Android CVE-2023-20990 (In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-20989 (In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a pos ...) NOT-FOR-US: Android CVE-2023-20988 (In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-20987 (In btm_read_link_quality_complete of btm_acl.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2023-20986 (In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc ...) NOT-FOR-US: Android CVE-2023-20985 (In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a pos ...) NOT-FOR-US: Android CVE-2023-20984 (In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2023-20983 (In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-20982 (In btm_read_tx_power_complete of btm_acl.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2023-20981 (In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-20980 (In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2023-20979 (In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-20978 RESERVED CVE-2023-20977 (In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a ...) NOT-FOR-US: Android CVE-2023-20976 (In getConfirmationMessage of DefaultAutofillPicker.java, there is a po ...) NOT-FOR-US: Android CVE-2023-20975 (In getAvailabilityStatus of EnableContentCapturePreferenceController.j ...) NOT-FOR-US: Android CVE-2023-20974 (In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, th ...) NOT-FOR-US: Android CVE-2023-20973 (In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible ...) NOT-FOR-US: Android CVE-2023-20972 (In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2023-20971 (In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.j ...) NOT-FOR-US: Android CVE-2023-20970 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-20969 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-20968 (In multiple functions of p2p_iface.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2023-20967 (In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2023-20965 (In processMessageImpl of ClientModeImpl.java, there is a possible cred ...) NOT-FOR-US: Android CVE-2023-20964 (In multiple functions of MediaSessionRecord.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-20963 (In WorkSource, there is a possible parcel mismatch. This could lead to ...) NOT-FOR-US: Android CVE-2023-20962 (In getSliceEndItem of MediaVolumePreferenceController.java, there is a ...) NOT-FOR-US: Android CVE-2023-20961 RESERVED CVE-2023-20960 (In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there ...) NOT-FOR-US: Android CVE-2023-20959 (In AddSupervisedUserActivity, guest users are not prevented from start ...) NOT-FOR-US: Android CVE-2023-20958 (In read_paint of ttcolr.c, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2023-20957 (In onAttach of SettingsPreferenceFragment.java, there is a possible by ...) NOT-FOR-US: Android CVE-2023-20956 (In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2023-20955 (In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a p ...) NOT-FOR-US: Android CVE-2023-20954 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2023-20953 (In onPrimaryClipChanged of ClipboardListener.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-20952 (In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2023-20951 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2023-20950 (In AlarmManagerActivity of AlarmManagerActivity.java, there is a possi ...) NOT-FOR-US: Android CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...) NOT-FOR-US: Linux kernel of the Pixel phone CVE-2023-20948 (In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2023-20947 (In getGroupState of GrantPermissionsViewModel.kt, there is a possible ...) NOT-FOR-US: Android CVE-2023-20946 (In onStart of BluetoothSwitchPreferenceController.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-20945 (In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is ...) NOT-FOR-US: Android CVE-2023-20944 (In run of ChooseTypeAndAccountActivity.java, there is a possible escal ...) NOT-FOR-US: Android CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2023-20942 (In openMmapStream of AudioFlinger.cpp, there is a possible way to reco ...) NOT-FOR-US: Android CVE-2023-20941 (In acc_ctrlrequest_composite of f_accessory.c, there is a possible out ...) - linux (Android-specific kernel patch) NOTE: https://android.googlesource.com/kernel/common/+/f63204236560b6f38b6e015c53eb6304d988 CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...) NOT-FOR-US: Android CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...) NOT-FOR-US: Android CVE-2023-20938 (In binder_transaction_buffer_release of binder.c, there is a possible ...) - linux 5.17.6-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Minor issue) NOTE: https://source.android.com/docs/security/bulletin/2023-02-01 CVE-2023-20937 (In several functions of the Android Linux kernel, there is a possible ...) - linux (Android-specific) NOTE: https://source.android.com/docs/security/bulletin/2023-02-01 CVE-2023-20936 (In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2023-20935 (In deserialize of multiple files, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...) NOT-FOR-US: Android CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...) NOT-FOR-US: Android media framework CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a possible w ...) NOT-FOR-US: Android CVE-2023-20931 (In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2023-20930 (In pushDynamicShortcut of ShortcutPackage.java, there is a possible wa ...) NOT-FOR-US: Android CVE-2023-20929 (In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a ...) NOT-FOR-US: Android CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after free du ...) - linux 5.19.6-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present) NOTE: https://android.googlesource.com/kernel/common/+/201d5f4a3ec1 NOTE: https://source.android.com/docs/security/bulletin/2023-01-01 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2374 CVE-2023-20927 (In permissions of AndroidManifest.xml, there is a possible way to gran ...) NOT-FOR-US: Android CVE-2023-20926 (In onParentVisible of HeaderPrivacyIconsController.kt, there is a poss ...) NOT-FOR-US: Android CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2023-20924 (In (TBD) of (TBD), there is a possible way to bypass the lockscreen du ...) NOT-FOR-US: Android CVE-2023-20923 (In exported content providers of ShannonRcs, there is a possible way t ...) NOT-FOR-US: Android CVE-2023-20922 (In setMimeGroup of PackageManagerService.java, there is a possible cra ...) NOT-FOR-US: Android CVE-2023-20921 (In onPackageRemoved of AccessibilityManagerService.java, there is a po ...) NOT-FOR-US: Android CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt memory ...) NOT-FOR-US: Android CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...) NOT-FOR-US: Android CVE-2023-20918 (In getPendingIntentLaunchFlags of ActivityOptions.java, there is a pos ...) NOT-FOR-US: Android CVE-2023-20917 (In onTargetSelected of ResolverActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-20916 (In getMainActivityLaunchIntent of LauncherAppsService.java, there is a ...) NOT-FOR-US: Android CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a ...) NOT-FOR-US: Android CVE-2023-20914 (In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPer ...) NOT-FOR-US: Android CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related files, th ...) NOT-FOR-US: Android CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a possible ...) NOT-FOR-US: Android CVE-2023-20911 (In addPermission of PermissionManagerServiceImpl.java , there is a pos ...) NOT-FOR-US: Android CVE-2023-20910 (In add of WifiNetworkSuggestionsManager.java, there is a possible way ...) NOT-FOR-US: Android CVE-2023-20909 (In multiple functions of RunningTasks.java, there is a possible privil ...) NOT-FOR-US: Android CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...) NOT-FOR-US: Android CVE-2023-20907 RESERVED CVE-2023-20906 (In onPackageAddedInternal of PermissionManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2023-20905 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2023-20904 (In getTrampolineIntent of SettingsActivity.java, there is a possible l ...) NOT-FOR-US: Android CVE-2022-44714 RESERVED CVE-2022-44713 (Microsoft Outlook for Mac Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44712 RESERVED CVE-2022-44711 RESERVED CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44709 RESERVED CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44706 RESERVED CVE-2022-44705 RESERVED CVE-2022-44704 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2022-44703 RESERVED CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44701 RESERVED CVE-2022-44700 RESERVED CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44697 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44696 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44695 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44694 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44693 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44692 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44691 (Microsoft Office OneNote Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44690 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44689 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2022-44688 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44686 RESERVED CVE-2022-44685 RESERVED CVE-2022-44684 (Windows Local Session Manager (LSM) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44681 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44680 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44679 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44678 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44677 (Windows Projected File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44676 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-44672 RESERVED CVE-2022-44671 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44670 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-44669 (Windows Error Reporting Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44668 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44667 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-44665 RESERVED CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3854 (A flaw was found in Ceph, relating to the URL processing on RGW backen ...) - ceph 16.2.10+ds-5 (bug #1027151) [bullseye] - ceph (Vulnerable code added in Ceph 16.1) [buster] - ceph (Vulnerable code added in Ceph 16.1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025 NOTE: https://tracker.ceph.com/issues/55765 NOTE: https://github.com/ceph/ceph/pull/47025 NOTE: Introduced in https://github.com/ceph/ceph/commit/99f7c4aa1286edfea6961b92bb44bb8fe22bd599 CVE-2022-44664 RESERVED CVE-2022-44663 RESERVED CVE-2022-44662 RESERVED CVE-2022-44661 RESERVED CVE-2022-44660 RESERVED CVE-2022-44659 RESERVED CVE-2022-44658 RESERVED CVE-2022-44657 RESERVED CVE-2022-44656 RESERVED CVE-2022-44655 RESERVED CVE-2022-44654 (Affected builds of Trend Micro Apex One and Apex One as a Service cont ...) NOT-FOR-US: Trend Micro CVE-2022-44653 (A security agent directory traversal vulnerability in Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2022-44652 (An improper handling of exceptional conditions vulnerability in Trend ...) NOT-FOR-US: Trend Micro CVE-2022-44651 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2022-44650 (A memory corruption vulnerability in the Unauthorized Change Preventio ...) NOT-FOR-US: Trend Micro CVE-2022-44649 (An out-of-bounds access vulnerability in the Unauthorized Change Preve ...) NOT-FOR-US: Trend Micro CVE-2022-44648 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) NOT-FOR-US: Trend Micro CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) NOT-FOR-US: Trend Micro CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-44645 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deser ...) NOT-FOR-US: Apache Linkis CVE-2022-44644 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the d ...) NOT-FOR-US: Apache Linkis CVE-2022-3853 (Cross-site Scripting (XSS) is a client-side code injection attack. The ...) NOT-FOR-US: WordPress plugin CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site Reque ...) NOT-FOR-US: VR Calendar plugin for WordPress CVE-2022-3851 RESERVED CVE-2022-3850 (The Find and Replace All WordPress plugin before 1.3 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2022-3849 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-44643 (A vulnerability in the label-based access control of Grafana Labs Graf ...) NOT-FOR-US: Grafana Labs Grafana Enterprise Metrics CVE-2022-44642 RESERVED CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...) {DSA-5318-1 DLA-3276-1} - lava 2023.01-1 (bug #1024429) NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/ NOTE: https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5 (2022.11) CVE-2022-44640 (Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...) {DSA-5287-1 DLA-3206-1} - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) - samba 2:4.17.4+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4 NOTE: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14929 CVE-2022-44639 RESERVED CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds write ...) {DSA-5276-1 DLA-3179-1} - pixman 0.40.0-1.1 (bug #1023427) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 (pixman-0.42.2) NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2345 CVE-2022-44637 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...) - redmine 5.0.4-1 (bug #1026048) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories CVE-2022-44636 (The Samsung TV (2021 and 2022 model) smart remote control allows attac ...) NOT-FOR-US: Samsung CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...) NOT-FOR-US: WordPress theme CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...) - phpipam (bug #731713) CVE-2022-3844 (A vulnerability, which was classified as problematic, was found in Web ...) - webmin CVE-2021-46853 (Alpine before 2.25 allows remote attackers to cause a denial of servic ...) - alpine 2.25+dfsg1-1 [bullseye] - alpine (Minor issue) [buster] - alpine (Minor issue) NOTE: https://nostarttls.secvuln.info NOTE: https://bugs.gentoo.org/807613 NOTE: https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011 (v2.25) CVE-2022-44635 (Apache Fineract allowed an authenticated user to perform remote code e ...) NOT-FOR-US: Apache Fineract CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013 Import ...) NOT-FOR-US: WordPress plugin CVE-2022-44633 (Missing Authorization vulnerability in YITH YITH WooCommerce Gift Card ...) NOT-FOR-US: WordPress plugin CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...) NOT-FOR-US: WordPress plugin CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...) NOT-FOR-US: WordPress plugin CVE-2022-44630 RESERVED CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cata ...) NOT-FOR-US: WordPress plugin CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...) NOT-FOR-US: WordPress plugin CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...) NOT-FOR-US: WordPress plugin CVE-2022-44626 (Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly ...) NOT-FOR-US: WordPress plugin CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...) NOT-FOR-US: WordPress plugin CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access permis ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-44621 (Diagnosis Controller miss parameter validation, so user may attacked b ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-44618 RESERVED CVE-2022-44614 RESERVED CVE-2022-44613 RESERVED CVE-2022-44609 RESERVED CVE-2022-44452 RESERVED CVE-2022-43661 RESERVED CVE-2022-43511 RESERVED CVE-2022-43510 RESERVED CVE-2022-43446 RESERVED CVE-2022-42465 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...) NOT-FOR-US: Intel CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...) NOT-FOR-US: WAGO CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3841 (RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Req ...) NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM) CVE-2022-3840 (The Login for Google Apps WordPress plugin before 3.4.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3836 (The Seed Social WordPress plugin before 2.0.4 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-3832 (The External Media WordPress plugin before 1.0.36 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-3829 (The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...) - centreon-web (bug #913903) CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified as pro ...) NOT-FOR-US: Huaxia ERP CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as critical ...) NOT-FOR-US: Huaxia ERP CVE-2022-3824 (The WP Admin UI Customize WordPress plugin before 1.5.13 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...) {DLA-3474-1} - systemd 251.3-1 [bullseye] - systemd 247.3-7+deb11u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327 NOTE: https://github.com/systemd/systemd/issues/23928 NOTE: https://github.com/systemd/systemd/pull/23933 NOTE: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e (v252-rc1) NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3) CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in GitLab ...) - gitlab 15.10.8+ds1-2 CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...) NOT-FOR-US: Bento4 CVE-2022-3816 (A vulnerability, which was classified as problematic, was found in Axi ...) NOT-FOR-US: Bento4 CVE-2022-3815 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Bento4 CVE-2022-3814 (A vulnerability classified as problematic was found in Axiomatic Bento ...) NOT-FOR-US: Bento4 CVE-2022-3813 (A vulnerability classified as problematic has been found in Axiomatic ...) NOT-FOR-US: Bento4 CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) NOT-FOR-US: Bento4 CVE-2020-36608 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Tribal Systems Zenario CMS CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens ...) NOT-FOR-US: Cloud Foundry CVE-2023-20902 (A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, ...) NOT-FOR-US: Harbor CVE-2023-20901 RESERVED CVE-2023-20900 (A malicious actor that has been granted Guest Operation Privileges ht ...) {DSA-5493-1 DLA-3597-1} - open-vm-tools 2:12.3.0-1 (bug #1050970) NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1 NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16 (stable-12.3.0) CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerability. A ...) NOT-FOR-US: VMware CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...) - salt (bug #1051504) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...) - salt (bug #1051504) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ NOTE: https://github.com/saltstack/salt/issues/64061 CVE-2023-20896 (The VMware vCenter Server contains an out-of-bounds read vulnerability ...) NOT-FOR-US: VMware CVE-2023-20895 (The VMware vCenter Server contains a memory corruption vulnerability i ...) NOT-FOR-US: VMware CVE-2023-20894 (The VMware vCenter Server contains an out-of-bounds write vulnerabilit ...) NOT-FOR-US: VMware CVE-2023-20893 (The VMware vCenter Server contains a use-after-free vulnerability in t ...) NOT-FOR-US: VMware CVE-2023-20892 (The vCenter Server contains a heap overflow vulnerability due to the u ...) NOT-FOR-US: VMware CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation Segment con ...) NOT-FOR-US: VMware CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write vulnerab ...) NOT-FOR-US: VMware CVE-2023-20889 (Aria Operations for Networks contains an information disclosure vulner ...) NOT-FOR-US: VMware CVE-2023-20888 (Aria Operations for Networks contains an authenticated deserialization ...) NOT-FOR-US: VMware CVE-2023-20887 (Aria Operations for Networks contains a command injection vulnerabilit ...) NOT-FOR-US: VMware CVE-2023-20886 (VMware Workspace ONE UEM console contains an open redirect vulnerabili ...) NOT-FOR-US: VMware CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume ...) NOT-FOR-US: Cloud foundry CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager contain an ins ...) NOT-FOR-US: VMware CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...) NOT-FOR-US: Spring Boot CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and prior to 0. ...) NOT-FOR-US: Cloud foundry CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and 1.152.0 ...) NOT-FOR-US: Cloud foundry CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability. ...) NOT-FOR-US: VMware CVE-2023-20879 (VMware Aria Operations contains a Local privilege escalation vulnerabi ...) NOT-FOR-US: VMware CVE-2023-20878 (VMware Aria Operations contains a deserialization vulnerability. A mal ...) NOT-FOR-US: VMware CVE-2023-20877 (VMware Aria Operations contains a privilege escalation vulnerability. ...) NOT-FOR-US: VMware CVE-2023-20876 RESERVED CVE-2023-20875 RESERVED CVE-2023-20874 RESERVED CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsup ...) NOT-FOR-US: Spring Boot CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds read/write vuln ...) NOT-FOR-US: VMware CVE-2023-20871 (VMware Fusion contains a local privilege escalation vulnerability. A m ...) NOT-FOR-US: VMware CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...) NOT-FOR-US: VMware CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-bas ...) NOT-FOR-US: VMware CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...) NOT-FOR-US: VMware CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...) {DSA-5493-1 DLA-3531-1} - open-vm-tools 2:12.2.5-1 (bug #1037546) NOTE: https://www.vmware.com/security/advisories/VMSA-2023-0013.html NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...) NOT-FOR-US: Spring Session CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...) NOT-FOR-US: VMware CVE-2023-20864 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...) NOT-FOR-US: VMware CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2023-20863 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2023-20862 (In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prio ...) NOT-FOR-US: Spring Security CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2023-20861 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...) - libspring-java (unimportant) NOTE: https://spring.io/security/cve-2023-20860 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...) NOT-FOR-US: Spring Vault CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...) NOT-FOR-US: VMware CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...) NOT-FOR-US: VMware CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...) NOT-FOR-US: VMware CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...) NOT-FOR-US: VMware CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability. ...) NOT-FOR-US: VMware CVE-2022-44605 RESERVED CVE-2022-44604 RESERVED CVE-2022-44603 RESERVED CVE-2022-44602 RESERVED CVE-2022-44601 RESERVED CVE-2022-44600 RESERVED CVE-2022-44599 RESERVED CVE-2022-44598 RESERVED CVE-2022-44597 RESERVED CVE-2022-44596 RESERVED CVE-2022-44595 (Improper Authentication vulnerability in Melapress WP 2FA allows Authe ...) NOT-FOR-US: WordPress plugin CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) NOT-FOR-US: WordPress plugin CVE-2022-44593 RESERVED CVE-2022-44592 RESERVED CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anth ...) NOT-FOR-US: WordPress plugin CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-44589 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets Pack Plug ...) NOT-FOR-US: WordPress plugin CVE-2022-44587 RESERVED CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...) NOT-FOR-US: Ayoub Media CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability inMagneticlab S\xe0rlH ...) NOT-FOR-US: Magneticlab CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Appt ...) NOT-FOR-US: WordPress plugin CVE-2022-44581 RESERVED CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...) NOT-FOR-US: WordPress plugin CVE-2022-44579 RESERVED CVE-2022-44578 RESERVED CVE-2022-44577 REJECTED CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...) NOT-FOR-US: WordPress plugin CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-44574 (An improper authentication vulnerability exists in Avalanche version 6 ...) NOT-FOR-US: Ivanti CVE-2022-44573 RESERVED CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...) {DSA-5530-1 DLA-3298-1} - ruby-rack 2.2.4-3 (bug #1029832) NOTE: https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 (v2.0.9.2) NOTE: https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae (v2.1.4.2) NOTE: https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 (v2.2.6.1) CVE-2022-44571 (There is a denial of service vulnerability in the Content-Disposition ...) {DSA-5530-1 DLA-3298-1} - ruby-rack 2.2.4-3 (bug #1029832) NOTE: https://github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (v2.0.9.2) NOTE: https://github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 (v2.1.4.2) NOTE: https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 (v2.2.6.1) CVE-2022-44570 (A denial of service vulnerability in the Range header parsing componen ...) {DSA-5530-1 DLA-3298-1} - ruby-rack 2.2.4-3 (bug #1029832) NOTE: https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2) NOTE: https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2) NOTE: https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 (v2.2.6.2) CVE-2022-44569 (A locally authenticated attacker with low privileges can bypass authen ...) NOT-FOR-US: Ivanti CVE-2022-44568 RESERVED CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.1 ...) NOT-FOR-US: Rocket.Chat-Desktop CVE-2022-44566 (A denial of service vulnerability present in ActiveRecord's PostgreSQL ...) - rails 2:6.1.7.3+dfsg-1 (bug #1030050) NOTE: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119 NOTE: https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable) CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8.7.1 ...) NOT-FOR-US: airMAX CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...) NOT-FOR-US: Huawei CVE-2022-3811 (The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified ...) NOT-FOR-US: Bento4 CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...) NOT-FOR-US: Bento4 CVE-2022-3808 REJECTED CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) NOT-FOR-US: Bento4 CVE-2022-3806 (Inconsistent handling of error cases in bluetooth hci may lead to a do ...) NOT-FOR-US: Zephyr CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...) NOT-FOR-US: Jeg Elementor Kit plugin for WordPress CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has been cl ...) NOT-FOR-US: eolinker apinto-dashboard CVE-2022-3803 (A vulnerability was found in eolinker apinto-dashboard and classified ...) NOT-FOR-US: eolinker apinto-dashboard CVE-2022-3802 (A vulnerability has been found in IBAX go-ibax and classified as criti ...) NOT-FOR-US: IBAX go-ibax CVE-2022-3801 (A vulnerability, which was classified as critical, was found in IBAX g ...) NOT-FOR-US: IBAX go-ibax CVE-2022-3800 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: IBAX go-ibax CVE-2022-3799 (A vulnerability classified as critical was found in IBAX go-ibax. Affe ...) NOT-FOR-US: IBAX go-ibax CVE-2022-3798 (A vulnerability classified as critical has been found in IBAX go-ibax. ...) NOT-FOR-US: IBAX go-ibax CVE-2022-3797 (A vulnerability was found in eolinker apinto-dashboard. It has been ra ...) NOT-FOR-US: eolinker apinto-dashboard CVE-2022-3796 REJECTED CVE-2022-3795 RESERVED CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...) NOT-FOR-US: Jeg Elementor Kit plugin for WordPress CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: GullsEye CVE-2022-3791 REJECTED CVE-2022-3790 REJECTED CVE-2022-3789 (A vulnerability has been found in Tim Campus Confession Wall and class ...) NOT-FOR-US: Tim Campus Confession Wall CVE-2022-3788 REJECTED CVE-2022-3787 (A vulnerability was found in the device-mapper-multipath. The device-m ...) NOT-FOR-US: Red Hat Enterprise Linux specfic regression for CVE-2022-41974 update CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate verification, s ...) - openssl 3.0.7-1 [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20221101.txt NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (openssl-3.0.7) CVE-2022-44563 (There is a race condition vulnerability in SD upgrade mode. Successful ...) NOT-FOR-US: Hauwei CVE-2022-44562 (The system framework layer has a vulnerability of serialization/deseri ...) NOT-FOR-US: Hauwei CVE-2022-44561 (The preset launcher module has a permission verification vulnerability ...) NOT-FOR-US: Hauwei CVE-2022-44560 (The launcher module has an Intent redirection vulnerability. Successfu ...) NOT-FOR-US: Hauwei CVE-2022-44559 (The AMS module has a vulnerability of serialization/deserialization mi ...) NOT-FOR-US: Hauwei CVE-2022-44558 (The AMS module has a vulnerability of serialization/deserialization mi ...) NOT-FOR-US: Hauwei CVE-2022-44557 (The SmartTrimProcessEvent module has a vulnerability of obtaining the ...) NOT-FOR-US: Hauwei CVE-2022-44556 (Missing parameter type validation in the DRM module. Successful exploi ...) NOT-FOR-US: Huawei CVE-2022-44555 (The DDMP/ODMF module has a service hijacking vulnerability. Successful ...) NOT-FOR-US: Hauwei CVE-2022-44554 (The power module has a vulnerability in permission verification. Succe ...) NOT-FOR-US: Hauwei CVE-2022-44553 (The HiView module has a vulnerability of not filtering third-party app ...) NOT-FOR-US: Hauwei CVE-2022-44552 (The lock screen module has defects introduced in the design process. S ...) NOT-FOR-US: Hauwei CVE-2022-44551 (The iaware module has a vulnerability in thread security. Successful e ...) NOT-FOR-US: Hauwei CVE-2022-44550 (The graphics display module has a UAF vulnerability when traversing gr ...) NOT-FOR-US: Hauwei CVE-2022-44549 (The LBS module has a vulnerability in geofencing API access. Successfu ...) NOT-FOR-US: Hauwei CVE-2022-44548 (There is a vulnerability in permission verification during the Bluetoo ...) NOT-FOR-US: Hauwei CVE-2022-44547 (The Display Service module has a UAF vulnerability. Successful exploit ...) NOT-FOR-US: Hauwei CVE-2022-44546 (The kernel module has the vulnerability that the mapping is not cleare ...) NOT-FOR-US: Hauwei CVE-2022-44545 RESERVED CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...) - mahara CVE-2022-44543 (The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before ...) NOT-FOR-US: TYPO3 extension CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...) NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less) CVE-2022-44541 REJECTED CVE-2022-44540 REJECTED CVE-2022-44539 REJECTED CVE-2022-44538 REJECTED CVE-2022-44537 REJECTED CVE-2022-44536 REJECTED CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...) NOT-FOR-US: Aruba CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...) NOT-FOR-US: Aruba CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web management int ...) NOT-FOR-US: Aruba CVE-2022-44532 (An authenticated path traversal vulnerability exists in the Aruba Edge ...) NOT-FOR-US: Aruba CVE-2022-3785 (A vulnerability, which was classified as critical, has been found in A ...) NOT-FOR-US: Bento4 CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic Bento4 5 ...) NOT-FOR-US: Bento4 CVE-2022-3783 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: node-red-dashboard CVE-2022-3782 (keycloak: path traversal via double URL encoding. A flaw was found in ...) NOT-FOR-US: Keycloak CVE-2022-3781 (Dashlane password and Keepass Server password in My Account Settings a ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2021-46852 (The memory management module has the logic bypass vulnerability. Succe ...) NOT-FOR-US: Hauwei CVE-2021-46851 (The DRM module has a vulnerability in verifying the secure memory attr ...) NOT-FOR-US: Hauwei CVE-2022-44531 RESERVED CVE-2022-44530 RESERVED CVE-2022-44529 RESERVED CVE-2022-44528 RESERVED CVE-2022-44527 RESERVED CVE-2022-44526 RESERVED CVE-2022-44525 RESERVED CVE-2022-44524 RESERVED CVE-2022-44523 RESERVED CVE-2022-44522 RESERVED CVE-2022-44521 RESERVED CVE-2022-44520 RESERVED CVE-2022-44519 RESERVED CVE-2022-44518 RESERVED CVE-2022-44517 RESERVED CVE-2022-44516 RESERVED CVE-2022-44515 RESERVED CVE-2022-44514 RESERVED CVE-2022-44513 RESERVED CVE-2022-44512 RESERVED CVE-2022-44511 RESERVED CVE-2022-44510 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44509 RESERVED CVE-2022-44508 RESERVED CVE-2022-44507 RESERVED CVE-2022-44506 RESERVED CVE-2022-44505 RESERVED CVE-2022-44504 RESERVED CVE-2022-44503 RESERVED CVE-2022-44502 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-44501 RESERVED CVE-2022-44500 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-44499 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-44498 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-44497 RESERVED CVE-2022-44496 RESERVED CVE-2022-44495 RESERVED CVE-2022-44494 RESERVED CVE-2022-44493 RESERVED CVE-2022-44492 RESERVED CVE-2022-44491 RESERVED CVE-2022-44490 RESERVED CVE-2022-44489 RESERVED CVE-2022-44488 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44487 RESERVED CVE-2022-44486 RESERVED CVE-2022-44485 RESERVED CVE-2022-44484 RESERVED CVE-2022-44483 RESERVED CVE-2022-44482 RESERVED CVE-2022-44481 RESERVED CVE-2022-44480 RESERVED CVE-2022-44479 RESERVED CVE-2022-44478 RESERVED CVE-2022-44477 RESERVED CVE-2022-44476 RESERVED CVE-2022-44475 RESERVED CVE-2022-44474 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44472 RESERVED CVE-2022-44471 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44470 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44467 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44466 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44465 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44464 RESERVED CVE-2022-44463 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-44461 RESERVED CVE-2022-44460 RESERVED CVE-2022-44459 RESERVED CVE-2022-44458 RESERVED CVE-2022-44457 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) NOT-FOR-US: Siemens CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEn ...) NOT-FOR-US: Delta Electronics CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...) NOT-FOR-US: OpenHarmony CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashxin Delta Electronics ...) NOT-FOR-US: Delta Electronics CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspxin Delta Electronics ...) NOT-FOR-US: Delta Electronics CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...) NOT-FOR-US: OpenHarmony CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...) NOT-FOR-US: OpenHarmony CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspxin Delta Electronics D ...) NOT-FOR-US: Delta Electronics CVE-2022-41775 (SQL Injection in Handler_CFG.ashxin Delta Electronics DIAEnerg ...) NOT-FOR-US: Delta Electronics CVE-2022-3780 (Database connections on deleted users could stay active on MySQL data ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-3779 RESERVED CVE-2022-3778 REJECTED CVE-2022-3777 RESERVED CVE-2022-3776 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...) NOT-FOR-US: WordPress plugin CVE-2022-3775 (When rendering certain unicode sequences, grub2's font code doesn't pr ...) {DSA-5280-1 DLA-3190-2 DLA-3190-1} - grub2 2.06-5 NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...) NOT-FOR-US: SourceCodester Train Scheduler App CVE-2022-3773 REJECTED CVE-2022-3772 REJECTED CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...) NOT-FOR-US: easyii CMS CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...) NOT-FOR-US: Yunjing CMS CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from 1.11.0 ...) - gitlab 15.10.8+ds1-2 CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2022-3764 (The plugin does not filter the "delete_entries" parameter from user re ...) NOT-FOR-US: WordPress plugin CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) NOT-FOR-US: WordPress plugin CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) NOT-FOR-US: WordPress plugin CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect ...) NOT-FOR-US: OpenVPN Connect CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) NOT-FOR-US: aEnrich Technology a+HRD CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) NOT-FOR-US: aEnrich Technology a+HRD CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...) NOT-FOR-US: Unisoc CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44444 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44443 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44442 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-44441 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44440 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44439 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44438 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44437 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44436 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44435 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-44433 (In phoneEx service, there is a possible missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44430 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44429 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44428 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44427 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44426 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44425 (In wlan driver, there is a possible missing bounds check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-44424 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-44423 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-44422 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...) NOT-FOR-US: Unisoc CVE-2022-44420 (In modem, there is a possible missing verification of HashMME value in ...) NOT-FOR-US: Unisoc CVE-2022-44419 (In modem, there is a possible missing verification of NAS Security Mod ...) NOT-FOR-US: Unisoc CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Mia-Med CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-44418 RESERVED CVE-2022-44417 RESERVED CVE-2022-44416 RESERVED CVE-2022-44415 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44414 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44412 RESERVED CVE-2022-44411 (Web Based Quiz System v1.0 transmits user passwords in plaintext durin ...) NOT-FOR-US: Web Based Quiz System CVE-2022-44410 RESERVED CVE-2022-44409 RESERVED CVE-2022-44408 RESERVED CVE-2022-44407 RESERVED CVE-2022-44406 RESERVED CVE-2022-44405 RESERVED CVE-2022-44404 RESERVED CVE-2022-44403 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44402 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44401 (Online Tours & Travels Management System v1.0 contains an arbitrary fi ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-44400 (Purchase Order Management System v1.0 contains a file upload vulnerabi ...) NOT-FOR-US: Purchase Order Management System CVE-2022-44399 (Poultry Farm Management System v1.0 contains a SQL injection vulnerabi ...) NOT-FOR-US: Poultry Farm Management System CVE-2022-44398 RESERVED CVE-2022-44397 RESERVED CVE-2022-44396 RESERVED CVE-2022-44395 RESERVED CVE-2022-44394 RESERVED CVE-2022-44393 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44392 RESERVED CVE-2022-44391 RESERVED CVE-2022-44390 (A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 ...) NOT-FOR-US: EyouCMS CVE-2022-44389 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) NOT-FOR-US: EyouCMS CVE-2022-44388 RESERVED CVE-2022-44387 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) NOT-FOR-US: EyouCMS CVE-2022-44386 RESERVED CVE-2022-44385 RESERVED CVE-2022-44384 (An arbitrary file upload vulnerability in rconfig v3.9.6 allows attack ...) NOT-FOR-US: rConfig CVE-2022-44383 RESERVED CVE-2022-44382 RESERVED CVE-2022-44381 (Snipe-IT through 6.0.14 allows attackers to check whether a user accou ...) - snipe-it (bug #1005172) CVE-2022-44380 (Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for ...) - snipe-it (bug #1005172) CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/ ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44377 RESERVED CVE-2022-44376 RESERVED CVE-2022-44375 RESERVED CVE-2022-44374 RESERVED CVE-2022-44373 (A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upg ...) NOT-FOR-US: TrendNet Wireless AC Easy-Upgrader TEW-820AP CVE-2022-44372 RESERVED CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...) NOT-FOR-US: hope-boot CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in the com ...) - nasm 2.16.01-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392815 NOTE: https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f NOTE: Crash in CLI tool, no security impact CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392819 NOTE: Crash in CLI tool, no security impact CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference in the N ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392820 NOTE: Crash in CLI tool, no security impact CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) NOT-FOR-US: Tenda CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) NOT-FOR-US: Tenda CVE-2022-44365 (Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /gofo ...) NOT-FOR-US: Tenda CVE-2022-44364 RESERVED CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) NOT-FOR-US: Tenda CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) NOT-FOR-US: Tenda CVE-2022-44361 (An issue was discovered in ZZCMS 2022. There is a cross-site scripting ...) NOT-FOR-US: ZZCMS CVE-2022-44360 RESERVED CVE-2022-44359 RESERVED CVE-2022-44358 RESERVED CVE-2022-44357 RESERVED CVE-2022-44356 (WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030 ...) NOT-FOR-US: WAVLINK CVE-2022-44355 (SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via ...) NOT-FOR-US: SolarView Compact CVE-2022-44354 (SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Uploa ...) NOT-FOR-US: SolarView Compact CVE-2022-44353 RESERVED CVE-2022-44352 RESERVED CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vulnerabil ...) NOT-FOR-US: Skycaiji CVE-2022-44350 RESERVED CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scri ...) NOT-FOR-US: NAVBLUE S.A.S N-Ops & Crew CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44346 RESERVED CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44344 RESERVED CVE-2022-44343 (CRMEB 4.4.4 is vulnerable to Any File download.) NOT-FOR-US: CRMEB CVE-2022-44342 RESERVED CVE-2022-44341 RESERVED CVE-2022-44340 RESERVED CVE-2022-44339 RESERVED CVE-2022-44338 RESERVED CVE-2022-44337 RESERVED CVE-2022-44336 RESERVED CVE-2022-44335 RESERVED CVE-2022-44334 RESERVED CVE-2022-44333 RESERVED CVE-2022-44332 RESERVED CVE-2022-44331 RESERVED CVE-2022-44330 RESERVED CVE-2022-44329 RESERVED CVE-2022-44328 RESERVED CVE-2022-44327 RESERVED CVE-2022-44326 RESERVED CVE-2022-44325 RESERVED CVE-2022-44324 RESERVED CVE-2022-44323 RESERVED CVE-2022-44322 RESERVED CVE-2022-44321 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44320 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44319 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44318 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44317 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44316 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44315 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44314 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44313 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) NOT-FOR-US: PicoC CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the ...) NOT-FOR-US: html2xhtml CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an invalid p ...) NOT-FOR-US: Development IL ecdh CVE-2022-44309 RESERVED CVE-2022-44308 RESERVED CVE-2022-44307 RESERVED CVE-2022-44306 RESERVED CVE-2022-44305 RESERVED CVE-2022-44304 RESERVED CVE-2022-44303 (Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting ...) NOT-FOR-US: Resque Scheduler CVE-2022-44302 RESERVED CVE-2022-44301 RESERVED CVE-2022-44300 RESERVED CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability.) NOT-FOR-US: SiteServer CMS CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection.) NOT-FOR-US: SiteServer CMS CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.) NOT-FOR-US: SiteServer CMS CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44293 RESERVED CVE-2022-44292 RESERVED CVE-2022-44291 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: webtareas CVE-2022-44290 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: webtareas CVE-2022-44289 (Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file up ...) NOT-FOR-US: ThinkPHP Framework CVE-2022-44288 RESERVED CVE-2022-44287 RESERVED CVE-2022-44286 RESERVED CVE-2022-44285 RESERVED CVE-2022-44284 (Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Sit ...) NOT-FOR-US: Dinstar FXO Analog VoIP Gateway DAG2000-16O CVE-2022-44283 (AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.) NOT-FOR-US: AVS Audio Converter CVE-2022-44282 RESERVED CVE-2022-44281 RESERVED CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Scripting (X ...) NOT-FOR-US: Garage Management System CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44276 (In Responsive Filemanager < 9.12.0, an attacker can bypass upload rest ...) NOT-FOR-US: Responsive Filemanager CVE-2022-44275 RESERVED CVE-2022-44274 RESERVED CVE-2022-44273 RESERVED CVE-2022-44272 RESERVED CVE-2022-44271 RESERVED CVE-2022-44270 RESERVED CVE-2022-44269 RESERVED CVE-2022-44268 (ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it ...) {DSA-5347-1 DLA-3357-1} - imagemagick 8:6.9.11.60+dfsg-1.6 (bug #1030767) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763 NOTE: https://www.metabaseq.com/imagemagick-zero-days/ NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027 NOTE: https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC CVE-2022-44267 (ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parse ...) {DSA-5347-1 DLA-3357-1} - imagemagick 8:6.9.11.60+dfsg-1.6 (bug #1030767) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763 NOTE: https://www.metabaseq.com/imagemagick-zero-days/ NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027 CVE-2022-44266 RESERVED CVE-2022-44265 RESERVED CVE-2022-44264 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.) NOT-FOR-US: Dentsply Sirona Sidexis CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Contr ...) NOT-FOR-US: Dentsply Sirona Sidexis CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).) NOT-FOR-US: ff4j CVE-2022-44261 (Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Avery Dennison Monarch Printer M9855 CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication bu ...) NOT-FOR-US: TOTOLINK CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) NOT-FOR-US: TOTOLINK CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) NOT-FOR-US: TOTOLINK CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) NOT-FOR-US: TOTOLINK CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) NOT-FOR-US: TOTOLINK CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) NOT-FOR-US: TOTOLINK CVE-2022-44248 RESERVED CVE-2022-44247 RESERVED CVE-2022-44246 RESERVED CVE-2022-44245 RESERVED CVE-2022-44244 (An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalat ...) NOT-FOR-US: Lin-CMS CVE-2022-44243 RESERVED CVE-2022-44242 RESERVED CVE-2022-44241 RESERVED CVE-2022-44240 RESERVED CVE-2022-44239 RESERVED CVE-2022-44238 RESERVED CVE-2022-44237 RESERVED CVE-2022-44236 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...) NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG CVE-2022-44235 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...) NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG CVE-2022-44234 RESERVED CVE-2022-44233 RESERVED CVE-2022-44232 (libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in d ...) - ming CVE-2022-44231 RESERVED CVE-2022-44230 RESERVED CVE-2022-44229 RESERVED CVE-2022-44228 RESERVED CVE-2022-44227 RESERVED CVE-2022-44226 RESERVED CVE-2022-44225 RESERVED CVE-2022-44224 RESERVED CVE-2022-44223 RESERVED CVE-2022-44222 RESERVED CVE-2022-44221 RESERVED CVE-2022-44220 RESERVED CVE-2022-44219 RESERVED CVE-2022-44218 RESERVED CVE-2022-44217 RESERVED CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...) NOT-FOR-US: Gnuboard CVE-2022-44215 (There is an open redirect vulnerability in Titan FTP server 19.0 and b ...) NOT-FOR-US: Titan FTP server CVE-2022-44214 RESERVED CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulne ...) NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio ECO ADMS CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...) NOT-FOR-US: GL.iNet Goodcloud CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...) NOT-FOR-US: GL.iNet Goodcloud CVE-2022-44210 RESERVED CVE-2022-44209 RESERVED CVE-2022-44208 RESERVED CVE-2022-44207 RESERVED CVE-2022-44206 RESERVED CVE-2022-44205 RESERVED CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow ...) NOT-FOR-US: D-Link CVE-2022-44203 RESERVED CVE-2022-44202 (D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.) NOT-FOR-US: D-Link CVE-2022-44201 (D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.) NOT-FOR-US: D-Link CVE-2022-44200 (Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow vi ...) NOT-FOR-US: Netgear CVE-2022-44199 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) NOT-FOR-US: Netgear CVE-2022-44198 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) NOT-FOR-US: Netgear CVE-2022-44197 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) NOT-FOR-US: Netgear CVE-2022-44196 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) NOT-FOR-US: Netgear CVE-2022-44195 RESERVED CVE-2022-44194 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) NOT-FOR-US: Netgear CVE-2022-44193 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) NOT-FOR-US: Netgear CVE-2022-44192 RESERVED CVE-2022-44191 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) NOT-FOR-US: Netgear CVE-2022-44190 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) NOT-FOR-US: Netgear CVE-2022-44189 RESERVED CVE-2022-44188 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) NOT-FOR-US: Netgear CVE-2022-44187 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_ ...) NOT-FOR-US: Netgear CVE-2022-44186 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) NOT-FOR-US: Netgear CVE-2022-44185 RESERVED CVE-2022-44184 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) NOT-FOR-US: Netgear CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44182 RESERVED CVE-2022-44181 RESERVED CVE-2022-44180 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44179 RESERVED CVE-2022-44178 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function ...) NOT-FOR-US: Tenda CVE-2022-44177 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44176 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44175 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44174 (Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44173 RESERVED CVE-2022-44172 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44171 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44170 RESERVED CVE-2022-44169 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44168 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44167 (Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44166 RESERVED CVE-2022-44165 RESERVED CVE-2022-44164 RESERVED CVE-2022-44163 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44162 RESERVED CVE-2022-44161 RESERVED CVE-2022-44160 RESERVED CVE-2022-44159 RESERVED CVE-2022-44158 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44157 RESERVED CVE-2022-44156 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) NOT-FOR-US: Tenda CVE-2022-44155 RESERVED CVE-2022-44154 RESERVED CVE-2022-44153 (Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Rapid Software LLC Rapid SCADA CVE-2022-44152 RESERVED CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Simple Inventory Management System CVE-2022-44150 RESERVED CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2. ...) NOT-FOR-US: Nexxt Amp300 ARN02304U8 CVE-2022-44148 RESERVED CVE-2022-44147 REJECTED CVE-2022-44146 RESERVED CVE-2022-44145 RESERVED CVE-2022-44144 RESERVED CVE-2022-44143 RESERVED CVE-2022-44142 RESERVED CVE-2022-44141 RESERVED CVE-2022-44140 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Jizhicms CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Apartment Visitor Management System CVE-2022-44138 RESERVED CVE-2022-44137 (SourceCodester Sanitization Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).) NOT-FOR-US: Zenario CMS CVE-2022-44135 RESERVED CVE-2022-44134 RESERVED CVE-2022-44133 RESERVED CVE-2022-44132 RESERVED CVE-2022-44131 RESERVED CVE-2022-44130 RESERVED CVE-2022-44129 RESERVED CVE-2022-44128 RESERVED CVE-2022-44127 RESERVED CVE-2022-44126 RESERVED CVE-2022-44125 RESERVED CVE-2022-44124 RESERVED CVE-2022-44123 RESERVED CVE-2022-44122 RESERVED CVE-2022-44121 RESERVED CVE-2022-44120 (dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.) NOT-FOR-US: dedecmdv6 CVE-2022-44119 RESERVED CVE-2022-44118 (dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file ...) NOT-FOR-US: dedecmdv6 CVE-2022-44117 (Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the ...) - boa CVE-2022-44116 RESERVED CVE-2022-44115 RESERVED CVE-2022-44114 RESERVED CVE-2022-44113 RESERVED CVE-2022-44112 RESERVED CVE-2022-44111 RESERVED CVE-2022-44110 RESERVED CVE-2022-44109 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...) NOT-FOR-US: pdftojson CVE-2022-44108 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...) NOT-FOR-US: pdftojson CVE-2022-44107 RESERVED CVE-2022-44106 RESERVED CVE-2022-44105 RESERVED CVE-2022-44104 RESERVED CVE-2022-44103 RESERVED CVE-2022-44102 RESERVED CVE-2022-44101 RESERVED CVE-2022-44100 RESERVED CVE-2022-44099 RESERVED CVE-2022-44098 RESERVED CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain hardcoded ...) NOT-FOR-US: Book Store Management System CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain hardcode ...) NOT-FOR-US: Sanitization Management System CVE-2022-44095 RESERVED CVE-2022-44094 RESERVED CVE-2022-44093 RESERVED CVE-2022-44092 RESERVED CVE-2022-44091 RESERVED CVE-2022-44090 RESERVED CVE-2022-44089 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) NOT-FOR-US: ESPCMS CVE-2022-44088 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) NOT-FOR-US: ESPCMS CVE-2022-44087 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) NOT-FOR-US: ESPCMS CVE-2022-44086 RESERVED CVE-2022-44085 RESERVED CVE-2022-44084 RESERVED CVE-2022-44083 RESERVED CVE-2022-44082 RESERVED CVE-2022-44081 (Lodepng v20220717 was discovered to contain a segmentation fault via t ...) NOT-FOR-US: Lodepng CVE-2022-44080 RESERVED CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...) NOT-FOR-US: pycdc CVE-2022-44078 RESERVED CVE-2022-44077 RESERVED CVE-2022-44076 RESERVED CVE-2022-44075 RESERVED CVE-2022-44074 RESERVED CVE-2022-44073 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Zenario CMS CVE-2022-44072 RESERVED CVE-2022-44071 (Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: Zenario CMS CVE-2022-44070 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Zenario CMS CVE-2022-44069 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Zenario CMS CVE-2022-44068 RESERVED CVE-2022-44067 RESERVED CVE-2022-44066 RESERVED CVE-2022-44065 RESERVED CVE-2022-44064 RESERVED CVE-2022-44063 RESERVED CVE-2022-44062 RESERVED CVE-2022-44061 RESERVED CVE-2022-44060 RESERVED CVE-2022-44059 RESERVED CVE-2022-44058 RESERVED CVE-2022-44057 RESERVED CVE-2022-44056 RESERVED CVE-2022-44055 RESERVED CVE-2022-44054 (The d8s-xml for python, as distributed on PyPI, included a potential c ...) NOT-FOR-US: d8s-xml CVE-2022-44053 (The d8s-networking for python, as distributed on PyPI, included a pote ...) NOT-FOR-US: d8s-networking CVE-2022-44052 (The d8s-dates for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-dates CVE-2022-44051 (The d8s-stats for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-stats CVE-2022-44050 (The d8s-networking for python, as distributed on PyPI, included a pote ...) NOT-FOR-US: d8s-networking CVE-2022-44049 (The d8s-python for python, as distributed on PyPI, included a potentia ...) NOT-FOR-US: d8s-python CVE-2022-44048 (The d8s-urls for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-urls CVE-2022-44047 RESERVED CVE-2022-44046 RESERVED CVE-2022-44045 RESERVED CVE-2022-44044 RESERVED CVE-2022-44043 RESERVED CVE-2022-44042 RESERVED CVE-2022-44041 RESERVED CVE-2022-44040 RESERVED CVE-2022-44039 (Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File s ...) NOT-FOR-US: Franklin Fueling System FFS Colibri CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remo ...) NOT-FOR-US: Russound XSourcePlayer 777D CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...) NOT-FOR-US: APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software CVE-2022-44036 (In b2evolution 7.2.5, if configured with admins_can_manipulate_sensiti ...) NOT-FOR-US: b2evolution CMS CVE-2022-44035 RESERVED CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) - linux 6.4.4-1 (unimportant) NOTE: https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/ NOTE: https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-44033 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) - linux (unimportant) NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ NOTE: https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-44032 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) - linux (unimportant) NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ NOTE: https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/ NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-44031 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...) - redmine 5.0.4-1 (bug #1026048) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments of any ...) - redmine 5.0.4-1 (bug #1026048) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://github.com/redmine/redmine/commit/c02e3bfaec5fb45bd02d840b2306a875cc4f7f88 NOTE: https://github.com/redmine/redmine/commit/eea816ae0825a3d794e650d11a3909ace772152b NOTE: https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc NOTE: https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909 NOTE: https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833 CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) NOT-FOR-US: NetScout CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify disabled ...) NOT-FOR-US: PwnDoc CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify valid us ...) NOT-FOR-US: PwnDoc CVE-2022-44021 RESERVED CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and Vi ...) NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote comm ...) NOT-FOR-US: Total.js CMS CVE-2022-44018 (In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discov ...) NOT-FOR-US: Softing uaToolkit Embedded CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44015 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44014 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. In t ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44012 (An issue was discovered in /DS/LM_API/api/SelectionService/InsertQuery ...) NOT-FOR-US: Simmeth Lieferantenmanager CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An authentic ...) - clickhouse (bug #1059261) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue, DoS) NOTE: https://github.com/ClickHouse/ClickHouse/pull/40241 CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An attacker ...) - clickhouse (bug #1059261) [bookworm] - clickhouse (Minor issue) [bullseye] - clickhouse (Minor issue) [buster] - clickhouse (Minor issue, DoS) NOTE: https://github.com/ClickHouse/ClickHouse/pull/40292 CVE-2022-44009 (Improper access control in Key-Value RBAC in StackStorm version 3.7.0 ...) NOT-FOR-US: StackStorm CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44007 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an un ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44006 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44005 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to the u ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44004 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insec ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44003 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44001 (An issue was discovered in BACKCLICK Professional 5.9.63. User authent ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an ex ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to expos ...) NOT-FOR-US: BACKCLICK Professional CVE-2022-43998 RESERVED CVE-2022-3757 REJECTED CVE-2022-3756 REJECTED CVE-2022-3755 REJECTED CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed Aternity before ...) NOT-FOR-US: Riverbed Aternity CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF d ...) NOT-FOR-US: csaf_provider CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...) - sudo 1.9.12p1-1 (unimportant) NOTE: Fixed by: https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 (SUDO_1_9_12p1) NOTE: Binary packages compiled with PAM support not enabling the plugins/sudoers/auth/passwd.c code CVE-2022-43994 RESERVED CVE-2022-43993 RESERVED CVE-2022-43992 RESERVED CVE-2022-43991 RESERVED CVE-2022-43990 (Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 wit ...) NOT-FOR-US: SICK CVE-2022-43989 (Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 10926 ...) NOT-FOR-US: SICK CVE-2022-43988 RESERVED CVE-2022-43987 RESERVED CVE-2022-43986 RESERVED CVE-2022-43985 (In Apache Airflow versions prior to 2.4.2, there was an open redirect ...) - airflow (bug #819700) CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remotely obt ...) NOT-FOR-US: Browsershot CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...) NOT-FOR-US: Browsershot CVE-2022-3752 (An unauthorized user could use a specially crafted sequence of Etherne ...) NOT-FOR-US: Rockwell CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.) NOT-FOR-US: Owncast CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...) - airflow (bug #819700) CVE-2022-43981 RESERVED CVE-2022-43980 (There is a stored cross-site scripting vulnerability in Pandora FMS v7 ...) NOT-FOR-US: Pandora FMS CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion in Pand ...) NOT-FOR-US: Pandora FMS CVE-2022-43978 (There is an improper authentication vulnerability in Pandora FMS v764. ...) NOT-FOR-US: Pandora FMS CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post witho ...) NOT-FOR-US: WordPress plugin CVE-2022-3749 RESERVED CVE-2022-3748 (Improper Authorization vulnerability in ForgeRock Inc. Access Manageme ...) NOT-FOR-US: ForgeRock CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: Becustom plugin for WordPress CVE-2022-3746 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) NOT-FOR-US: Lenovo CVE-2022-3745 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) NOT-FOR-US: Lenovo CVE-2022-3744 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) NOT-FOR-US: Lenovo CVE-2022-3743 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) NOT-FOR-US: Lenovo CVE-2022-3742 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) NOT-FOR-US: Lenovo CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...) NOT-FOR-US: chatwoot CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-3739 (The WP Best Quiz WordPress plugin through 1.0 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...) NOT-FOR-US: WAGO CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...) NOT-FOR-US: PHOENIX CVE-2023-20851 (In stc, there is a possible out of bounds read due to a race condition ...) NOT-FOR-US: MediaTek CVE-2023-20850 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-20849 (In imgsys_cmdq, there is a possible use after free due to a missing va ...) NOT-FOR-US: MediaTek CVE-2023-20848 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20847 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20846 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20845 (In imgsys, there is a possible out of bounds read due to a missing val ...) NOT-FOR-US: MediaTek CVE-2023-20844 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20843 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20842 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-20841 (In imgsys, there is a possible out of bounds write due to a missing va ...) NOT-FOR-US: MediaTek CVE-2023-20840 (In imgsys, there is a possible out of bounds read and write due to a m ...) NOT-FOR-US: MediaTek CVE-2023-20839 (In imgsys, there is a possible out of bounds read due to a missing val ...) NOT-FOR-US: MediaTek CVE-2023-20838 (In imgsys, there is a possible out of bounds read due to a race condit ...) NOT-FOR-US: MediaTek CVE-2023-20837 (In seninf, there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: MediaTek CVE-2023-20836 (In camsys, there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20835 (In camsys, there is a possible use after free due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2023-20834 (In pda, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek CVE-2023-20833 (In keyinstall, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek CVE-2023-20832 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20831 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20830 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20829 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20828 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20827 (In ims service, there is a possible memory corruption due to a race co ...) NOT-FOR-US: MediaTek CVE-2023-20826 (In cta, there is a possible information disclosure due to a missing pe ...) NOT-FOR-US: MediaTek CVE-2023-20825 (In duraspeed, there is a possible information disclosure due to a miss ...) NOT-FOR-US: MediaTek CVE-2023-20824 (In duraspeed, there is a possible information disclosure due to a miss ...) NOT-FOR-US: MediaTek CVE-2023-20823 (In cmdq, there is a possible out of bounds read due to an incorrect st ...) NOT-FOR-US: MediaTek CVE-2023-20822 (In netdagent, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...) NOT-FOR-US: MediaTek CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write due to a ...) NOT-FOR-US: MediaTek CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: MediaTek CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2023-20816 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2023-20815 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2023-20814 (In wlan service, there is a possible out of bounds write due to improp ...) NOT-FOR-US: MediaTek CVE-2023-20813 (In wlan service, there is a possible out of bounds read due to imprope ...) NOT-FOR-US: MediaTek CVE-2023-20812 (In wlan driver, there is a possible out of bounds write due to imprope ...) NOT-FOR-US: MediaTek CVE-2023-20811 (In IOMMU, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20810 (In IOMMU, there is a possible information disclosure due to improper i ...) NOT-FOR-US: MediaTek CVE-2023-20809 (In vdec, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-20808 (In OPTEE, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20807 (In dpe, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20806 (In hcp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20805 (In imgsys, there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: MediaTek CVE-2023-20804 (In imgsys, there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: MediaTek CVE-2023-20803 (In imgsys, there is a possible memory corruption due to improper input ...) NOT-FOR-US: MediaTek CVE-2023-20802 (In imgsys, there is a possible memory corruption due to improper input ...) NOT-FOR-US: MediaTek CVE-2023-20801 (In imgsys,there is a possible use after free due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2023-20800 (In imgsys, there is a possible system crash due to a mssing ptr check. ...) NOT-FOR-US: MediaTek CVE-2023-20799 RESERVED CVE-2023-20798 (In pda, there is a possible out of bounds read due to an incorrect cal ...) NOT-FOR-US: MediaTek CVE-2023-20797 (In camera middleware, there is a possible out of bounds write due to a ...) NOT-FOR-US: MediaTek CVE-2023-20796 (In power, there is a possible memory corruption due to an incorrect bo ...) NOT-FOR-US: MediaTek CVE-2023-20795 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20794 RESERVED CVE-2023-20793 (In apu, there is a possible memory corruption due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20792 RESERVED CVE-2023-20791 RESERVED CVE-2023-20790 (In nvram, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20789 (In jpeg, there is a possible information disclosure due to a missing b ...) NOT-FOR-US: MediaTek CVE-2023-20788 (In thermal, there is a possible use after free due to a race condition ...) NOT-FOR-US: MediaTek CVE-2023-20787 (In thermal, there is a possible use after free due to a race condition ...) NOT-FOR-US: MediaTek CVE-2023-20786 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20785 (In audio, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20784 (In keyinstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20783 (In keyinstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20782 (In keyinstall, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek CVE-2023-20781 (In keyinstall, there is a possible memory corruption due to a missing ...) NOT-FOR-US: MediaTek CVE-2023-20780 (In keyinstall, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek CVE-2023-20779 RESERVED CVE-2023-20778 RESERVED CVE-2023-20777 RESERVED CVE-2023-20776 RESERVED CVE-2023-20775 (In display, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediatekMediatek CVE-2023-20774 (In display, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Mediatek CVE-2023-20773 (In vow, there is a possible escalation of privilege due to a missing p ...) NOT-FOR-US: Mediatek CVE-2023-20772 (In vow, there is a possible escalation of privilege due to a missing p ...) NOT-FOR-US: Mediatek CVE-2023-20771 (In display, there is a possible memory corruption due to a race condit ...) NOT-FOR-US: Mediatek CVE-2023-20770 RESERVED CVE-2023-20769 RESERVED CVE-2023-20768 (In ion, there is a possible out of bounds read due to type confusion. ...) NOT-FOR-US: Mediatek CVE-2023-20767 (In pqframework, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Mediatek CVE-2023-20766 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20765 RESERVED CVE-2023-20764 RESERVED CVE-2023-20763 RESERVED CVE-2023-20762 RESERVED CVE-2023-20761 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20760 (In apu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20759 (In cmdq, there is a possible memory corruption due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20758 (In cmdq, there is a possible memory corruption due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20757 (In cmdq, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20756 (In keyinstall, there is a possible out of bounds write due to an integ ...) NOT-FOR-US: Mediatek CVE-2023-20755 (In keyinstall, there is a possible out of bounds write due to an integ ...) NOT-FOR-US: Mediatek CVE-2023-20754 (In keyinstall, there is a possible out of bounds write due to an integ ...) NOT-FOR-US: Mediatek CVE-2023-20753 (In rpmb, there is a possible out of bounds write due to a logic error. ...) NOT-FOR-US: Mediatek CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race conditi ...) NOT-FOR-US: Mediatek CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20748 (In display, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Mediatek CVE-2023-20747 (In vcu, there is a possible memory corruption due to type confusion. T ...) NOT-FOR-US: Mediatek CVE-2023-20746 (In vcu, there is a possible out of bounds write due to improper lockin ...) NOT-FOR-US: Mediatek CVE-2023-20745 (In vcu, there is a possible out of bounds write due to improper lockin ...) NOT-FOR-US: Mediatek CVE-2023-20744 (In vcu, there is a possible use after free due to a logic error. This ...) NOT-FOR-US: Mediatek CVE-2023-20743 (In vcu, there is a possible out of bounds write due to improper lockin ...) NOT-FOR-US: Mediatek CVE-2023-20742 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20741 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20740 (In vcu, there is a possible memory corruption due to a logic error. Th ...) NOT-FOR-US: Mediatek CVE-2023-20739 (In vcu, there is a possible memory corruption due to a logic error. Th ...) NOT-FOR-US: Mediatek CVE-2023-20738 (In vcu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20737 (In vcu, there is a possible use after free due to improper locking. Th ...) NOT-FOR-US: Mediatek CVE-2023-20736 (In vcu, there is a possible out of bounds write due to a race conditio ...) NOT-FOR-US: Mediatek CVE-2023-20735 (In vcu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20734 (In vcu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20733 (In vcu, there is a possible use after free due to improper locking. Th ...) NOT-FOR-US: Mediatek CVE-2023-20732 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20731 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20730 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20729 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20728 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20727 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a missing per ...) NOT-FOR-US: Mediatek CVE-2023-20725 (In preloader, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20724 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20723 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20722 (In m4u, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: Mediatek CVE-2023-20721 (In isp, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: Mediatek CVE-2023-20720 (In pqframework, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-20719 (In pqframework, there is a possible out of bounds read due to a missin ...) NOT-FOR-US: Mediatek CVE-2023-20718 (In vcu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race condition ...) NOT-FOR-US: Mediatek CVE-2023-20716 (In wlan, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20715 (In wlan, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20714 RESERVED CVE-2023-20713 RESERVED CVE-2023-20712 (In wlan, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20709 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20708 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20707 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2023-20706 (In apu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20705 (In apu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20704 (In apu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20703 (In apu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Mediatek CVE-2023-20702 (In 5G NRLC, there is a possible invalid memory access due to lack of e ...) NOT-FOR-US: Mediatek CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a logic er ...) NOT-FOR-US: Mediatek CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a logic er ...) NOT-FOR-US: Mediatek CVE-2023-20699 (In adsp, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2023-20698 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20697 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20696 (In preloader, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2023-20693 (In wlan firmware, there is possible system crash due to an uncaught ex ...) NOT-FOR-US: Mediatek CVE-2023-20692 (In wlan firmware, there is possible system crash due to an uncaught ex ...) NOT-FOR-US: Mediatek CVE-2023-20691 (In wlan firmware, there is possible system crash due to an integer ove ...) NOT-FOR-US: Mediatek CVE-2023-20690 (In wlan firmware, there is possible system crash due to an integer ove ...) NOT-FOR-US: Mediatek CVE-2023-20689 (In wlan firmware, there is possible system crash due to an integer ove ...) NOT-FOR-US: Mediatek CVE-2023-20688 (In power, there is a possible out of bounds read due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-20687 (In display drm, there is a possible double free due to a race conditio ...) NOT-FOR-US: MediaTek CVE-2023-20686 (In display drm, there is a possible double free due to a race conditio ...) NOT-FOR-US: MediaTek CVE-2023-20685 (In vdec, there is a possible use after free due to a race condition. T ...) NOT-FOR-US: MediaTek CVE-2023-20684 (In vdec, there is a possible use after free due to a race condition. T ...) NOT-FOR-US: MediaTek CVE-2023-20683 RESERVED CVE-2023-20682 (In wlan, there is a possible out of bounds write due to an integer ove ...) NOT-FOR-US: MediaTek CVE-2023-20681 (In adsp, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: MediaTek CVE-2023-20680 (In adsp, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: MediaTek CVE-2023-20679 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20678 RESERVED CVE-2023-20677 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20676 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20675 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20674 (In wlan, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20673 (In vcu, there is a possible memory corruption due to type confusion. T ...) NOT-FOR-US: Mediatek CVE-2023-20672 RESERVED CVE-2023-20671 RESERVED CVE-2023-20670 (In audio, there is a possible out of bounds write due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20669 RESERVED CVE-2023-20668 RESERVED CVE-2023-20667 RESERVED CVE-2023-20666 (In display drm, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-20665 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20664 (In gz, there is a possible double free due to a use after free. This c ...) NOT-FOR-US: MediaTek CVE-2023-20663 (In wlan, there is a possible out of bounds write due to an integer ove ...) NOT-FOR-US: MediaTek CVE-2023-20662 (In wlan, there is a possible out of bounds write due to an integer ove ...) NOT-FOR-US: MediaTek CVE-2023-20661 (In wlan, there is a possible out of bounds write due to an integer ove ...) NOT-FOR-US: MediaTek CVE-2023-20660 (In wlan, there is a possible out of bounds read due to an integer over ...) NOT-FOR-US: MediaTek CVE-2023-20659 (In wlan, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-20658 (In isp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20657 (In mtee, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek CVE-2023-20656 (In geniezone, there is a possible out of bounds write due to a logic e ...) NOT-FOR-US: MediaTek CVE-2023-20655 (In mmsdk, there is a possible escalation of privilege due to a parcel ...) NOT-FOR-US: MediaTek CVE-2023-20654 (In keyinstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20653 (In keyinstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20652 (In keyinstall, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek CVE-2023-20651 (In apu, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20650 (In apu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20649 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20648 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20647 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20646 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20645 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20644 (In ril, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2023-20643 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20642 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20641 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20640 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20639 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20638 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20637 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20636 (In display drm, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-20635 (In keyinstall, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2023-20634 (In widevine, there is a possible out of bounds write due to improper i ...) NOT-FOR-US: MediaTek CVE-2023-20633 (In usb, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20632 (In usb, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20631 RESERVED CVE-2023-20630 (In usb, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20629 RESERVED CVE-2023-20628 (In thermal, there is a possible memory corruption due to an uncaught e ...) NOT-FOR-US: MediaTek CVE-2023-20627 (In pqframework, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2023-20626 (In msdc, there is a possible out of bounds write due to an incorrect b ...) NOT-FOR-US: MediaTek CVE-2023-20625 (In adsp, there is a possible double free due to a race condition. This ...) NOT-FOR-US: MediaTek CVE-2023-20624 (In vow, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: MediaTek CVE-2023-20623 (In ion, there is a possible escalation of privilege due to improper lo ...) NOT-FOR-US: MediaTek CVE-2023-20622 RESERVED CVE-2023-20621 (In tinysys, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediaTek CVE-2023-20620 (In adsp, there is a possible escalation of privilege due to a logic er ...) NOT-FOR-US: MediaTek CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...) NOT-FOR-US: MediaTek CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...) NOT-FOR-US: MediaTek CVE-2023-20617 RESERVED CVE-2023-20616 (In ion, there is a possible out of bounds read due to type confusion. ...) NOT-FOR-US: MediaTek CVE-2023-20615 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20614 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20613 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20612 (In ril, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20611 (In gpu, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek CVE-2023-20610 (In display drm, there is a possible memory corruption due to a race co ...) NOT-FOR-US: MediaTek CVE-2023-20609 (In ccu, there is a possible out of bounds read due to a logic error. T ...) NOT-FOR-US: MediaTek CVE-2023-20608 (In display drm, there is a possible use after free due to a race condi ...) NOT-FOR-US: MediaTek CVE-2023-20607 (In ccu, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2023-20606 (In apusys, there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: MediaTek CVE-2023-20605 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek CVE-2023-20604 (In ged, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2023-20603 RESERVED CVE-2023-20602 (In ged, there is a possible out of bounds write due to an integer over ...) NOT-FOR-US: MediaTek CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices before 3.7 ...) NOT-FOR-US: GE CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...) NOT-FOR-US: GE CVE-2022-43975 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...) NOT-FOR-US: GE CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...) - matrixssl CVE-2022-43973 (An arbitrary code execution vulnerability exisits in Linksys WRT54GL W ...) NOT-FOR-US: Linksys CVE-2022-43972 (A null pointer dereference vulnerability exists in Linksys WRT54GL Wir ...) NOT-FOR-US: Linksys CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC710 Wir ...) NOT-FOR-US: Linksys CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...) NOT-FOR-US: Linksys CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.) NOT-FOR-US: Ricoh CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43966 RESERVED CVE-2022-43965 RESERVED CVE-2022-43964 RESERVED CVE-2022-43963 RESERVED CVE-2022-43962 RESERVED CVE-2022-43961 RESERVED CVE-2022-43960 RESERVED CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...) NOT-FOR-US: 1C-Bitrix Bitrix24 CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers are enabl ...) {DSA-5329-1} - bind9 1:9.18.11-1 [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-3736 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...) NOT-FOR-US: seccome Ehoney CVE-2022-3734 (A vulnerability was found in a port or fork of Redis. It has been decl ...) NOTE: Bogus report/assignment for Redis CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as critical ...) NOT-FOR-US: seccome Ehoney CVE-2022-3731 (A vulnerability has been found in seccome Ehoney and classified as cri ...) NOT-FOR-US: seccome Ehoney CVE-2022-3730 (A vulnerability, which was classified as critical, was found in seccom ...) NOT-FOR-US: seccome Ehoney CVE-2022-3729 (A vulnerability, which was classified as critical, has been found in s ...) NOT-FOR-US: seccome Ehoney CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) NOT-FOR-US: Lenovo CVE-2023-20601 RESERVED CVE-2023-20600 RESERVED CVE-2023-20599 RESERVED CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...) NOT-FOR-US: AMD CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...) NOT-FOR-US: AMD CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an attacker ...) NOT-FOR-US: AMD CVE-2023-20595 RESERVED CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...) NOT-FOR-US: AMD CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...) {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1} - linux 6.4.4-2 - amd64-microcode 3.20230719.1 (bug #1041863) NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1 NOTE: https://lock.cmpxchg8b.com/zenbleed.html NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8 NOTE: https://xenbits.xen.org/xsa/advisory-433.html NOTE: Technically not an issue in src:linux but track as well the kernel side mitigation NOTE: under the CVE entry. NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further NOTE: CPUs to follow in later releases CVE-2023-20592 (Improper or unexpected behavior of the INVD instruction in some AMD CP ...) - amd64-microcode 3.20230719.1 [bookworm] - amd64-microcode 3.20230719.1~deb12u1 [bullseye] - amd64-microcode 3.20230719.1~deb11u1 [buster] - amd64-microcode 3.20230719.1~deb10u1 NOTE: https://cachewarpattack.com/ NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html CVE-2023-20591 RESERVED CVE-2023-20590 RESERVED CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...) NOT-FOR-US: AMD CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...) {DSA-5492-1 DSA-5480-1 DLA-3623-1} - linux 6.4.13-1 [bullseye] - linux 5.10.197-1 - xen 4.17.2+55-g0b56bed864-1 [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 [bullseye] - xen (EOLed in Bullseye) [buster] - xen (DSA 4677-1) NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921 NOTE: https://git.kernel.org/linus/f58d6fbcb7c848b7f2469be339bc571f2e9d245b NOTE: https://xenbits.xen.org/xsa/advisory-439.html NOTE: https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496 CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may allow an a ...) NOT-FOR-US: AMD CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...) NOT-FOR-US: AMD CVE-2023-20585 RESERVED CVE-2023-20584 RESERVED CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...) NOT-FOR-US: AMD CVE-2023-20582 RESERVED CVE-2023-20581 RESERVED CVE-2023-20580 RESERVED CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a ...) NOT-FOR-US: AMD CVE-2023-20578 RESERVED CVE-2023-20577 NOT-FOR-US: AMD CVE-2023-20576 RESERVED NOT-FOR-US: AMD CVE-2023-20575 (A potential power side-channel vulnerability in some AMD processors ma ...) NOT-FOR-US: AMD CVE-2023-20574 RESERVED CVE-2023-20573 (A privileged attacker can prevent delivery of debug exceptions to SEV- ...) NOT-FOR-US: AMD CVE-2023-20572 RESERVED CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...) NOT-FOR-US: AMD CVE-2023-20570 (Insufficient verification of data authenticity in the configuration st ...) NOT-FOR-US: AMD CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...) {DSA-5475-1 DLA-3525-1} - amd64-microcode 3.20230719.1 [bookworm] - amd64-microcode 3.20230719.1~deb12u1 [bullseye] - amd64-microcode 3.20230719.1~deb11u1 [buster] - amd64-microcode 3.20230719.1~deb10u1 - linux 6.4.4-3 [buster] - linux (Mitigation is too invasive to backport) NOTE: SRSO microcode for Milan (Zen3 EPYC): NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6 NOTE: 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan), NOTE: further update for 4th gen EPYC CPUs to follow in later releases. NOTE: Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and NOTE: Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381): NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f NOTE: 3.20230808.1.1 ships this second batch of fixes for 4th gen EPYC CPUs. NOTE: https://comsec.ethz.ch/research/microarch/inception/ NOTE: https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf NOTE: https://github.com/comsec-group/inception NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005 NOTE: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4 CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) NOT-FOR-US: AMD CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) NOT-FOR-US: AMD CVE-2023-20566 (Improper address validation in ASP with SNP enabled may potentially al ...) NOT-FOR-US: AMD CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code may allo ...) NOT-FOR-US: AMD CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code may allo ...) NOT-FOR-US: AMD CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20560 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a ...) NOT-FOR-US: AMD CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a privi ...) NOT-FOR-US: AMD CVE-2023-20557 RESERVED CVE-2023-20556 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) NOT-FOR-US: AMD CVE-2023-20555 (Insufficient input validation in CpmDisplayFeatureSmm may allow an att ...) NOT-FOR-US: AMD CVE-2023-20554 RESERVED CVE-2023-20553 RESERVED CVE-2023-20552 RESERVED CVE-2023-20551 RESERVED CVE-2023-20550 RESERVED CVE-2023-20549 RESERVED CVE-2023-20548 RESERVED CVE-2023-20547 RESERVED CVE-2023-20546 RESERVED CVE-2023-20545 RESERVED CVE-2023-20544 RESERVED CVE-2023-20543 RESERVED CVE-2023-20542 RESERVED CVE-2023-20541 RESERVED CVE-2023-20540 RESERVED CVE-2023-20539 RESERVED CVE-2023-20538 RESERVED CVE-2023-20537 RESERVED CVE-2023-20536 RESERVED CVE-2023-20535 RESERVED CVE-2023-20534 RESERVED CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) NOT-FOR-US: AMD CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...) NOT-FOR-US: AMD CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...) NOT-FOR-US: AMD CVE-2023-20530 (Insufficient input validation of BIOS mailbox messages in SMU may resu ...) NOT-FOR-US: AMD CVE-2023-20529 (Insufficient bound checks in the SMU may allow an attacker to update t ...) NOT-FOR-US: AMD CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical attacker ...) NOT-FOR-US: AMD CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...) NOT-FOR-US: AMD CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable a privi ...) NOT-FOR-US: AMD CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...) NOT-FOR-US: AMD CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...) NOT-FOR-US: AMD CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...) NOT-FOR-US: AMD CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...) NOT-FOR-US: AMD CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with physical acces ...) NOT-FOR-US: AMD CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...) NOT-FOR-US: AMD CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...) NOT-FOR-US: AMD CVE-2023-20518 RESERVED CVE-2023-20517 RESERVED CVE-2023-20516 RESERVED CVE-2023-20515 RESERVED CVE-2023-20514 RESERVED CVE-2023-20513 RESERVED CVE-2023-20512 RESERVED CVE-2023-20511 RESERVED CVE-2023-20510 RESERVED CVE-2023-20509 RESERVED CVE-2023-20508 RESERVED CVE-2023-20507 RESERVED CVE-2023-20506 RESERVED CVE-2023-20505 RESERVED CVE-2023-20504 RESERVED CVE-2023-20503 RESERVED CVE-2023-20502 RESERVED CVE-2023-20501 RESERVED CVE-2023-20500 RESERVED CVE-2023-20499 RESERVED CVE-2023-20498 RESERVED CVE-2023-20497 RESERVED CVE-2023-20496 RESERVED CVE-2023-20495 RESERVED CVE-2023-20494 RESERVED CVE-2023-20493 RESERVED CVE-2023-20492 RESERVED CVE-2023-20491 RESERVED CVE-2023-20490 RESERVED CVE-2023-20489 RESERVED CVE-2023-20488 RESERVED CVE-2023-20487 RESERVED CVE-2023-20486 RESERVED CVE-2023-20485 RESERVED CVE-2023-20484 RESERVED CVE-2023-20483 RESERVED CVE-2023-20482 RESERVED CVE-2023-20481 RESERVED CVE-2023-20480 RESERVED CVE-2023-20479 RESERVED CVE-2023-20478 RESERVED CVE-2023-20477 RESERVED CVE-2023-20476 RESERVED CVE-2023-20475 RESERVED CVE-2023-20474 RESERVED CVE-2023-20473 RESERVED CVE-2023-20472 RESERVED CVE-2023-20471 RESERVED NOT-FOR-US: Android CVE-2023-20470 RESERVED CVE-2023-20469 RESERVED CVE-2023-20468 RESERVED CVE-2023-20467 RESERVED CVE-2023-20466 RESERVED CVE-2023-20465 RESERVED CVE-2023-20464 RESERVED CVE-2023-20463 RESERVED NOT-FOR-US: Android CVE-2023-20462 RESERVED CVE-2023-20461 RESERVED CVE-2023-20460 RESERVED CVE-2023-20459 RESERVED CVE-2023-20458 RESERVED CVE-2023-20457 RESERVED CVE-2023-20456 RESERVED CVE-2023-20455 RESERVED CVE-2023-20454 RESERVED CVE-2023-20453 RESERVED CVE-2023-20452 RESERVED CVE-2023-20451 RESERVED CVE-2023-20450 RESERVED CVE-2023-20449 RESERVED CVE-2023-20448 RESERVED CVE-2023-20447 RESERVED CVE-2023-20446 RESERVED CVE-2023-20445 RESERVED CVE-2023-20444 RESERVED CVE-2023-20443 RESERVED CVE-2023-20442 RESERVED CVE-2023-20441 RESERVED CVE-2023-20440 RESERVED CVE-2023-20439 RESERVED CVE-2023-20438 RESERVED CVE-2023-20437 RESERVED CVE-2023-20436 RESERVED CVE-2023-20435 RESERVED CVE-2023-20434 RESERVED CVE-2023-20433 RESERVED CVE-2023-20432 RESERVED CVE-2023-20431 RESERVED CVE-2023-20430 RESERVED CVE-2023-20429 RESERVED CVE-2023-20428 RESERVED CVE-2023-20427 RESERVED CVE-2023-20426 RESERVED CVE-2023-20425 RESERVED CVE-2023-20424 RESERVED CVE-2023-20423 RESERVED CVE-2023-20422 RESERVED CVE-2023-20421 RESERVED CVE-2023-20420 RESERVED CVE-2023-20419 RESERVED CVE-2023-20418 RESERVED CVE-2023-20417 RESERVED CVE-2023-20416 RESERVED CVE-2023-20415 RESERVED CVE-2023-20414 RESERVED CVE-2023-20413 RESERVED CVE-2023-20412 RESERVED CVE-2023-20411 RESERVED CVE-2023-20410 RESERVED CVE-2023-20409 RESERVED CVE-2023-20408 RESERVED CVE-2023-20407 RESERVED CVE-2023-20406 RESERVED CVE-2023-20405 RESERVED CVE-2023-20404 RESERVED CVE-2023-20403 RESERVED CVE-2023-20402 RESERVED CVE-2023-20401 RESERVED CVE-2023-20400 RESERVED CVE-2023-20399 RESERVED CVE-2023-20398 RESERVED CVE-2023-20397 RESERVED CVE-2023-20396 RESERVED CVE-2023-20395 RESERVED CVE-2023-20394 RESERVED CVE-2023-20393 RESERVED CVE-2023-20392 RESERVED CVE-2023-20391 RESERVED CVE-2023-20390 RESERVED CVE-2023-20389 RESERVED CVE-2023-20388 RESERVED CVE-2023-20387 RESERVED CVE-2023-20386 RESERVED CVE-2023-20385 RESERVED CVE-2023-20384 RESERVED CVE-2023-20383 RESERVED CVE-2023-20382 RESERVED CVE-2023-20381 RESERVED CVE-2023-20380 RESERVED CVE-2023-20379 RESERVED CVE-2023-20378 RESERVED CVE-2023-20377 RESERVED CVE-2023-20376 RESERVED CVE-2023-20375 RESERVED CVE-2023-20374 RESERVED CVE-2023-20373 RESERVED CVE-2023-20372 RESERVED CVE-2023-20371 RESERVED CVE-2023-20370 RESERVED CVE-2023-20369 RESERVED CVE-2023-20368 RESERVED CVE-2023-20367 RESERVED CVE-2023-20366 RESERVED CVE-2023-20365 RESERVED CVE-2023-20364 RESERVED CVE-2023-20363 RESERVED CVE-2023-20362 RESERVED CVE-2023-20361 RESERVED CVE-2023-20360 RESERVED CVE-2023-20359 RESERVED CVE-2023-20358 RESERVED CVE-2023-20357 RESERVED CVE-2023-20356 RESERVED CVE-2023-20355 RESERVED CVE-2023-20354 RESERVED CVE-2023-20353 RESERVED CVE-2023-20352 RESERVED CVE-2023-20351 RESERVED CVE-2023-20350 RESERVED CVE-2023-20349 RESERVED CVE-2023-20348 RESERVED CVE-2023-20347 RESERVED CVE-2023-20346 RESERVED CVE-2023-20345 RESERVED CVE-2023-20344 RESERVED CVE-2023-20343 RESERVED CVE-2023-20342 RESERVED CVE-2023-20341 RESERVED CVE-2023-20340 RESERVED CVE-2023-20339 RESERVED CVE-2023-20338 RESERVED CVE-2023-20337 RESERVED CVE-2023-20336 RESERVED CVE-2023-20335 RESERVED CVE-2023-20334 RESERVED CVE-2023-20333 RESERVED CVE-2023-20332 RESERVED CVE-2023-20331 RESERVED CVE-2023-20330 RESERVED CVE-2023-20329 RESERVED CVE-2023-20328 RESERVED CVE-2023-20327 RESERVED CVE-2023-20326 RESERVED CVE-2023-20325 RESERVED CVE-2023-20324 RESERVED CVE-2023-20323 RESERVED CVE-2023-20322 RESERVED CVE-2023-20321 RESERVED CVE-2023-20320 RESERVED CVE-2023-20319 RESERVED CVE-2023-20318 RESERVED CVE-2023-20317 RESERVED CVE-2023-20316 RESERVED CVE-2023-20315 RESERVED CVE-2023-20314 RESERVED CVE-2023-20313 RESERVED CVE-2023-20312 RESERVED CVE-2023-20311 RESERVED CVE-2023-20310 RESERVED CVE-2023-20309 RESERVED CVE-2023-20308 RESERVED CVE-2023-20307 RESERVED CVE-2023-20306 RESERVED CVE-2023-20305 RESERVED CVE-2023-20304 RESERVED CVE-2023-20303 RESERVED CVE-2023-20302 RESERVED CVE-2023-20301 RESERVED CVE-2023-20300 RESERVED CVE-2023-20299 RESERVED CVE-2023-20298 RESERVED CVE-2023-20297 RESERVED CVE-2023-20296 RESERVED CVE-2023-20295 RESERVED CVE-2023-20294 RESERVED CVE-2023-20293 RESERVED CVE-2023-20292 RESERVED CVE-2023-20291 RESERVED CVE-2023-20290 RESERVED CVE-2023-20289 RESERVED CVE-2023-20288 RESERVED CVE-2023-20287 RESERVED CVE-2023-20286 RESERVED CVE-2023-20285 RESERVED CVE-2023-20284 RESERVED CVE-2023-20283 RESERVED CVE-2023-20282 RESERVED CVE-2023-20281 RESERVED CVE-2023-20280 RESERVED CVE-2023-20279 RESERVED CVE-2023-20278 RESERVED CVE-2023-20277 RESERVED CVE-2023-20276 RESERVED CVE-2023-20275 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...) NOT-FOR-US: Cisco CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...) NOT-FOR-US: Cisco CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...) NOT-FOR-US: Cisco CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...) NOT-FOR-US: Cisco CVE-2023-20268 (A vulnerability in the packet processing functionality of Cisco access ...) NOT-FOR-US: Cisco CVE-2023-20267 (A vulnerability in the IP geolocation rules of Snort 3 could allow an ...) NOT-FOR-US: Cisco CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2023-20265 (A vulnerability in the web-based management interface of a small subse ...) NOT-FOR-US: Cisco CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...) NOT-FOR-US: Cisco CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...) NOT-FOR-US: Cisco CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager co ...) NOT-FOR-US: Cisco CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...) NOT-FOR-US: Cisco CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime Infrastructure a ...) NOT-FOR-US: Cisco CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...) NOT-FOR-US: Cisco CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) NOT-FOR-US: Cisco CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...) NOT-FOR-US: Cisco CVE-2023-20254 (A vulnerability in the session management system of the Cisco Catalyst ...) NOT-FOR-US: Cisco CVE-2023-20253 (A vulnerability in the command line interface (cli) management interfa ...) NOT-FOR-US: Cisco CVE-2023-20252 (A vulnerability in the Security Assertion Markup Language (SAML) APIs ...) NOT-FOR-US: Cisco CVE-2023-20251 (A vulnerability in the memory buffer of Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20249 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2023-20248 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...) - snort (Vulnerable code only in 3.x series) NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) NOT-FOR-US: Cisco CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco Firepower T ...) NOT-FOR-US: Cisco CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...) NOT-FOR-US: Cisco CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...) NOT-FOR-US: Cisco CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...) NOT-FOR-US: Cisco CVE-2023-20239 RESERVED CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...) NOT-FOR-US: Cisco CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...) NOT-FOR-US: Cisco CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...) NOT-FOR-US: Cisco CVE-2023-20235 (A vulnerability in the on-device application development workflow feat ...) NOT-FOR-US: Cisco CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco FXOS Software CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...) NOT-FOR-US: Cisco CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...) NOT-FOR-US: Cisco CVE-2023-20231 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2023-20230 (A vulnerability in the restricted security domain implementation of Ci ...) NOT-FOR-US: Cisco CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...) NOT-FOR-US: Cisco CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2023-20227 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Ci ...) NOT-FOR-US: Cisco CVE-2023-20226 (A vulnerability in Application Quality of Experience (AppQoE) and Unif ...) NOT-FOR-US: Cisco CVE-2023-20225 RESERVED CVE-2023-20224 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...) NOT-FOR-US: Cisco CVE-2023-20223 (A vulnerability in Cisco DNA Center could allow an unauthenticated, re ...) NOT-FOR-US: Cisco CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco CVE-2023-20220 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20219 (Multiple vulnerabilities in the web management interface of Cisco Fire ...) NOT-FOR-US: Cisco CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...) NOT-FOR-US: Cisco CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...) NOT-FOR-US: Cisco CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...) NOT-FOR-US: Cisco CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...) NOT-FOR-US: Cisco CVE-2023-20214 (A vulnerability in the request authentication validation for the REST ...) NOT-FOR-US: Cisco CVE-2023-20213 (A vulnerability in the CDP processing feature of Cisco ISE could allow ...) NOT-FOR-US: Cisco CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an unauthen ...) - clamav 1.0.2+dfsg-1 (bug #1050057) [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 [bullseye] - clamav (only affects v1.0.0 and v1.0.1) [buster] - clamav (only affects v1.0.0 and v1.0.1) NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...) NOT-FOR-US: Cisco CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...) NOT-FOR-US: Cisco CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco ISE cou ...) NOT-FOR-US: Cisco CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...) NOT-FOR-US: Cisco CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2023-20203 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20202 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...) NOT-FOR-US: Cisco CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP) servi ...) NOT-FOR-US: Cisco CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...) NOT-FOR-US: Cisco CVE-2023-20198 (Cisco is providing an update for the ongoing investigation into observ ...) NOT-FOR-US: Cisco CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) {DLA-3544-1} - clamav 1.0.2+dfsg-1 (bug #1050057) [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 [bullseye] - clamav 0.103.9+dfsg-0+deb11u1 NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html CVE-2023-20196 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...) NOT-FOR-US: Cisco CVE-2023-20195 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...) NOT-FOR-US: Cisco CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an authenticat ...) NOT-FOR-US: Cisco CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco ISE coul ...) NOT-FOR-US: Cisco CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) NOT-FOR-US: Cisco CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on MPLS in ...) NOT-FOR-US: Cisco CVE-2023-20190 (A vulnerability in the classic access control list (ACL) compression f ...) NOT-FOR-US: Cisco CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20187 (A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) featu ...) NOT-FOR-US: Cisco CVE-2023-20186 (A vulnerability in the Authentication, Authorization, and Accounting ( ...) NOT-FOR-US: Cisco CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec encryption featur ...) NOT-FOR-US: Cisco CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) NOT-FOR-US: Cisco CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) NOT-FOR-US: Cisco CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) NOT-FOR-US: Cisco CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) NOT-FOR-US: Cisco CVE-2023-20179 (A vulnerability in the web-based management interface of Cisco Catalys ...) NOT-FOR-US: Cisco CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...) NOT-FOR-US: Cisco CVE-2023-20177 (A vulnerability in the SSL file policy implementation of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2023-20176 (A vulnerability in the networking component of Cisco access point (AP) ...) NOT-FOR-US: Cisco CVE-2023-20175 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...) NOT-FOR-US: Cisco CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20170 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...) NOT-FOR-US: Cisco CVE-2023-20169 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...) NOT-FOR-US: Cisco CVE-2023-20168 (A vulnerability in TACACS+ and RADIUS remote authentication for Cisco ...) NOT-FOR-US: Cisco CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20165 RESERVED CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management Center ...) NOT-FOR-US: Cisco CVE-2023-20154 RESERVED CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20151 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20150 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20149 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20148 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20147 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20146 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20145 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20144 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20143 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20142 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20141 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20140 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20139 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20138 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could allow an ...) NOT-FOR-US: Cisco CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification checks cou ...) NOT-FOR-US: Cisco CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) NOT-FOR-US: Cisco CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20130 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20129 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20128 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco SPA112 ...) NOT-FOR-US: Cisco CVE-2023-20125 RESERVED CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo Two-Factor Aut ...) NOT-FOR-US: Cisco CVE-2023-20122 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...) NOT-FOR-US: Cisco CVE-2023-20121 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...) NOT-FOR-US: Cisco CVE-2023-20120 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20119 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20116 (A vulnerability in the Administrative XML Web Service (AXL) API of Cis ...) NOT-FOR-US: Cisco CVE-2023-20115 (A vulnerability in the SFTP server implementation for Cisco Nexus 3000 ...) NOT-FOR-US: Cisco CVE-2023-20114 (A vulnerability in the file download feature of Cisco Firepower Manage ...) NOT-FOR-US: Cisco CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...) NOT-FOR-US: Cisco CVE-2023-20111 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2023-20109 (A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) f ...) NOT-FOR-US: Cisco CVE-2023-20108 (A vulnerability in the XCP Authentication Service of the Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...) NOT-FOR-US: Cisco CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco CVE-2023-20105 (A vulnerability in the change password functionality of Cisco Expressw ...) NOT-FOR-US: Cisco CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...) NOT-FOR-US: Cisco CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an authe ...) NOT-FOR-US: Cisco CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure ...) NOT-FOR-US: Cisco CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...) NOT-FOR-US: Cisco CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...) NOT-FOR-US: Cisco CVE-2023-20099 RESERVED CVE-2023-20098 (A vulnerability in the CLI of Cisco SDWAN vManage Software could allow ...) NOT-FOR-US: Cisco CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...) NOT-FOR-US: Cisco CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...) NOT-FOR-US: Cisco CVE-2023-20094 RESERVED CVE-2023-20093 RESERVED CVE-2023-20092 RESERVED CVE-2023-20091 RESERVED CVE-2023-20090 RESERVED CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...) NOT-FOR-US: Cisco CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...) NOT-FOR-US: Cisco CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive Security Applia ...) NOT-FOR-US: Cisco CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure Endpoint for ...) NOT-FOR-US: Cisco CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the Snort 2 ...) NOT-FOR-US: Cisco CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...) NOT-FOR-US: Cisco CVE-2023-20081 (A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adapt ...) NOT-FOR-US: Cisco CVE-2023-20080 (A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server f ...) NOT-FOR-US: Cisco CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...) NOT-FOR-US: Cisco CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...) NOT-FOR-US: Cisco CVE-2023-20074 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20073 (A vulnerability in the web-based management interface of Cisco RV340, ...) NOT-FOR-US: Cisco CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol ...) NOT-FOR-US: Cisco CVE-2023-20071 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2023-20070 (A vulnerability in the TLS 1.3 implementation of the Cisco Firepower T ...) NOT-FOR-US: Cisco CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20068 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of Cisco IO ...) NOT-FOR-US: Cisco CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...) NOT-FOR-US: Cisco's use of GRUB CVE-2023-20063 (A vulnerability in the inter-device communication mechanisms between d ...) NOT-FOR-US: Cisco CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) NOT-FOR-US: Cisco CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) NOT-FOR-US: Cisco CVE-2023-20060 RESERVED CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...) NOT-FOR-US: Cisco CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco CVE-2023-20056 (A vulnerability in the management CLI of Cisco access point (AP) softw ...) NOT-FOR-US: Cisco CVE-2023-20055 (A vulnerability in the management API of Cisco DNA Center could allow ...) NOT-FOR-US: Cisco CVE-2023-20054 RESERVED CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco Nexus D ...) NOT-FOR-US: Cisco CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...) {DLA-3328-1} - clamav 1.0.1+dfsg-1 (bug #1031509) [bullseye] - clamav 0.103.8+dfsg-0+deb11u1 NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html CVE-2023-20051 (A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet D ...) NOT-FOR-US: Cisco CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...) NOT-FOR-US: Cisco CVE-2023-20048 (A vulnerability in the web services interface of Cisco Firepower Manag ...) NOT-FOR-US: Cisco CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...) NOT-FOR-US: Cisco CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of Cisco S ...) NOT-FOR-US: Cisco CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...) NOT-FOR-US: Cisco CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...) NOT-FOR-US: Cisco CVE-2023-20042 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...) NOT-FOR-US: Cisco CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...) NOT-FOR-US: Cisco CVE-2023-20039 RESERVED CVE-2023-20038 (A vulnerability in the monitoring application of Cisco Industrial Netw ...) NOT-FOR-US: Cisco CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow an au ...) NOT-FOR-US: Cisco CVE-2023-20036 RESERVED CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of Cisco SD-WA ...) - elasticsearch CVE-2023-20033 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and C ...) NOT-FOR-US: Cisco CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...) {DLA-3328-1} - clamav 1.0.1+dfsg-1 (bug #1031509) [bullseye] - clamav 0.103.8+dfsg-0+deb11u1 NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8 CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 Detecti ...) NOT-FOR-US: Cisco CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...) NOT-FOR-US: Cisco CVE-2023-20028 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20027 (A vulnerability in the implementation of the IPv4 Virtual Fragmentatio ...) NOT-FOR-US: Cisco CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) NOT-FOR-US: Cisco CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20021 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2023-20020 (A vulnerability in the Device Management Servlet application of Cisco ...) NOT-FOR-US: Cisco CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco CVE-2023-20017 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...) NOT-FOR-US: Cisco CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS Manag ...) NOT-FOR-US: Cisco CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...) NOT-FOR-US: Cisco CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus Dashboard Soft ...) NOT-FOR-US: Cisco CVE-2023-20013 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...) NOT-FOR-US: Cisco CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...) NOT-FOR-US: Cisco CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco Applica ...) NOT-FOR-US: Cisco CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20009 (A vulnerability in the Web UI and administrative CLI of the Cisco Secu ...) NOT-FOR-US: Cisco CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Softwar ...) NOT-FOR-US: Cisco CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography functionali ...) NOT-FOR-US: Cisco CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2023-20004 RESERVED CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...) NOT-FOR-US: Cisco CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...) NOT-FOR-US: Cisco CVE-2023-20001 RESERVED CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0004 (A local file deletion vulnerability in Palo Alto Networks PAN-OS softw ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...) NOT-FOR-US: Palo Alto Networks CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions < ...) NOT-FOR-US: QMS Automotive CVE-2022-43957 RESERVED CVE-2022-43956 RESERVED CVE-2022-43955 (An improper neutralization of input during web page generation [CWE-79 ...) NOT-FOR-US: Fortinet CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...) NOT-FOR-US: Fortinet CVE-2022-43953 (A use of externally-controlled format string in Fortinet FortiOS versi ...) NOT-FOR-US: Fortinet CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Fortinet CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortinet CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...) NOT-FOR-US: FortiGuard CVE-2022-43949 (A use of a broken or risky cryptographic algorithm [CWE-327] in Forti ...) NOT-FOR-US: Fortinet CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-43947 (Animproper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: Fortinet CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assignment ...) NOT-FOR-US: Fortinet CVE-2022-3727 RESERVED CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...) - gitlab 15.10.8+ds1-2 CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allow ...) - wireshark 4.0.0-1 [bullseye] - wireshark (Vulnerable code not present) [buster] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2022-07.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18378 CVE-2022-3724 (Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 al ...) - wireshark (Only affects Wireshark on Windows) NOTE: https://www.wireshark.org/security/wnpa-sec-2022-08.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18384 NOTE: Crash only triggered on Windows CVE-2022-3723 (Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a ...) {DSA-5263-1} - chromium 107.0.5304.87-1 [buster] - chromium (see DSA 5046) CVE-2022-3722 RESERVED CVE-2022-3721 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.) - froxlor (bug #581792) CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-3719 REJECTED CVE-2022-3718 REJECTED CVE-2022-3717 REJECTED CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Medicine Ordering System CVE-2022-3715 (A flaw was found in the bash package, where a heap-buffer overflow can ...) - bash 5.2-1 (bug #1030355) [bullseye] - bash (Minor issue) [buster] - bash (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720 NOTE: https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html NOTE: Introduced by: http://git.savannah.gnu.org/cgit/bash.git/commit/?id=bdf37a2d4f0f052ffd15d36de3b3a5d28f357000 (5.1) CVE-2022-3714 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Medicine Ordering System CVE-2022-43945 (The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0 ...) - linux 6.0.3-1 NOTE: Merge: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8 CVE-2022-43944 REJECTED CVE-2022-43943 REJECTED CVE-2022-43942 REJECTED CVE-2022-43941 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi CVE-2022-43940 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi CVE-2022-43939 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi CVE-2022-43938 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-43937 RESERVED CVE-2022-43936 RESERVED CVE-2022-43935 RESERVED CVE-2022-43934 RESERVED CVE-2022-43933 RESERVED CVE-2022-3713 (A code injection vulnerability allows adjacent attackers to execute co ...) NOT-FOR-US: Sophos CVE-2022-3712 RESERVED CVE-2022-3711 (A post-auth read-only SQL injection vulnerability allows users to read ...) NOT-FOR-US: Sophos CVE-2022-3710 (A post-auth read-only SQL injection vulnerability allows API clients t ...) NOT-FOR-US: Sophos CVE-2022-3709 (A stored XSS vulnerability allows admin to super-admin privilege escal ...) NOT-FOR-US: Sophos CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side Requ ...) NOT-FOR-US: Web Stories plugin for WordPress CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Intel GVT ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.7-1 [bullseye] - linux 5.10.178-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979 NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/ CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...) - gitlab 15.10.8+ds1-2 CVE-2022-43932 (Improper neutralization of special elements in output used by a downst ...) NOT-FOR-US: Synology CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...) NOT-FOR-US: Synology VPN Plus Server CVE-2022-43930 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-43929 (IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to ...) NOT-FOR-US: IBM CVE-2022-43928 (The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a ...) NOT-FOR-US: IBM CVE-2022-43927 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-43926 RESERVED CVE-2022-43925 RESERVED CVE-2022-43924 RESERVED CVE-2022-43923 (IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensit ...) NOT-FOR-US: IBM CVE-2022-43922 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...) NOT-FOR-US: IBM CVE-2022-43921 RESERVED CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...) NOT-FOR-US: IBM CVE-2022-43919 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticat ...) NOT-FOR-US: IBM CVE-2022-43918 RESERVED CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional container use ...) NOT-FOR-US: IBM CVE-2022-43916 RESERVED CVE-2022-43915 RESERVED CVE-2022-43914 (IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2022-43913 RESERVED CVE-2022-43912 RESERVED CVE-2022-43911 RESERVED CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their ...) NOT-FOR-US: IBM CVE-2022-43909 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause ...) NOT-FOR-US: IBM CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2022-43906 (IBM Security Guardium 11.5 could disclose sensitive information due to ...) NOT-FOR-US: IBM CVE-2022-43905 RESERVED CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...) NOT-FOR-US: IBM CVE-2022-43903 (IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticate ...) NOT-FOR-US: IBM CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial ...) NOT-FOR-US: IBM CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...) NOT-FOR-US: IBM CVE-2022-43900 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 coul ...) NOT-FOR-US: IBM CVE-2022-43899 RESERVED CVE-2022-43898 RESERVED CVE-2022-43897 RESERVED CVE-2022-43896 RESERVED CVE-2022-43895 RESERVED CVE-2022-43894 RESERVED CVE-2022-43893 (IBM Security Verify Privilege On-Premises 11.5 could allow a privilege ...) NOT-FOR-US: IBM CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not validate, or i ...) NOT-FOR-US: IBM CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) NOT-FOR-US: IBM CVE-2022-43890 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...) NOT-FOR-US: IBM CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...) NOT-FOR-US: IBM CVE-2022-43888 RESERVED CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...) NOT-FOR-US: IBM CVE-2022-43886 RESERVED CVE-2022-43885 RESERVED CVE-2022-43884 RESERVED CVE-2022-43883 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...) NOT-FOR-US: IBM CVE-2022-43882 RESERVED CVE-2022-43881 RESERVED CVE-2022-43880 (IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileg ...) NOT-FOR-US: IBM CVE-2022-43879 RESERVED CVE-2022-43878 RESERVED CVE-2022-43877 (IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensi ...) NOT-FOR-US: IBM CVE-2022-43876 RESERVED CVE-2022-43875 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2022-43874 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...) NOT-FOR-US: IBM CVE-2022-43873 (An authenticated user can exploit a vulnerability in the IBM Spectrum ...) NOT-FOR-US: IBM CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done ...) NOT-FOR-US: IBM CVE-2022-43871 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...) NOT-FOR-US: IBM CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server ...) NOT-FOR-US: IBM CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) NOT-FOR-US: IBM CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) NOT-FOR-US: IBM CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) NOT-FOR-US: IBM CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2022-43865 RESERVED CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2022-43863 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, all ...) NOT-FOR-US: IBM CVE-2022-43862 RESERVED CVE-2022-43861 RESERVED CVE-2022-43860 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2022-43859 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2022-43858 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user ...) NOT-FOR-US: IBM CVE-2022-43856 RESERVED CVE-2022-43855 (IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to ...) NOT-FOR-US: IBM CVE-2022-43854 RESERVED CVE-2022-43853 RESERVED CVE-2022-43852 RESERVED CVE-2022-43851 RESERVED CVE-2022-43850 RESERVED CVE-2022-43849 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-43848 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-43847 RESERVED CVE-2022-43846 RESERVED CVE-2022-43845 RESERVED CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is v ...) NOT-FOR-US: IBM CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2022-43842 (IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM CVE-2022-43841 RESERVED CVE-2022-43840 RESERVED CVE-2022-43839 RESERVED CVE-2022-43838 RESERVED CVE-2022-43837 RESERVED CVE-2022-43836 RESERVED CVE-2022-43835 RESERVED CVE-2022-43834 RESERVED CVE-2022-43833 RESERVED CVE-2022-43832 RESERVED CVE-2022-43831 (IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1. ...) NOT-FOR-US: IBM CVE-2022-43830 REJECTED CVE-2022-43829 REJECTED CVE-2022-43828 REJECTED CVE-2022-43827 REJECTED CVE-2022-43826 REJECTED CVE-2022-43825 REJECTED CVE-2022-43824 REJECTED CVE-2022-43823 REJECTED CVE-2022-43822 REJECTED CVE-2022-43821 REJECTED CVE-2022-43820 REJECTED CVE-2022-43819 REJECTED CVE-2022-43818 REJECTED CVE-2022-43817 REJECTED CVE-2022-43816 REJECTED CVE-2022-43815 REJECTED CVE-2022-43814 REJECTED CVE-2022-43813 REJECTED CVE-2022-43812 REJECTED CVE-2022-43811 REJECTED CVE-2022-43810 REJECTED CVE-2022-43809 REJECTED CVE-2022-43808 REJECTED CVE-2022-43807 REJECTED CVE-2022-43806 REJECTED CVE-2022-43805 REJECTED CVE-2022-43804 REJECTED CVE-2022-43803 REJECTED CVE-2022-43802 REJECTED CVE-2022-43801 REJECTED CVE-2022-43800 REJECTED CVE-2022-43799 REJECTED CVE-2022-43798 REJECTED CVE-2022-43797 REJECTED CVE-2022-43796 REJECTED CVE-2022-43795 REJECTED CVE-2022-43794 REJECTED CVE-2022-43793 REJECTED CVE-2022-43792 REJECTED CVE-2022-43791 REJECTED CVE-2022-43790 REJECTED CVE-2022-43789 REJECTED CVE-2022-43788 REJECTED CVE-2022-43787 REJECTED CVE-2022-43786 REJECTED CVE-2022-43785 REJECTED CVE-2022-43784 REJECTED CVE-2022-43783 REJECTED CVE-2022-43782 (Affected versions of Atlassian Crowd allow an attacker to authenticate ...) NOT-FOR-US: Atlassian CVE-2022-43781 (There is a command injection vulnerability using environment variables ...) NOT-FOR-US: Atlassian CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to ...) NOT-FOR-US: HP CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) NOT-FOR-US: HP CVE-2022-43778 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-43777 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-43776 (The url parameter of the /api/geojson endpoint in Metabase versions <4 ...) NOT-FOR-US: Metabase CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL ...) NOT-FOR-US: Delta Electronics DIAEnergy CVE-2022-43774 (The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contain ...) NOT-FOR-US: Delta Electronics DIAEnergy CVE-2022-43773 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-43772 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi CVE-2022-43771 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) NOT-FOR-US: Hitachi CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...) NOT-FOR-US: Hitachi CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...) NOT-FOR-US: Apache IoTDB CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn\u2019t process correctly specially ...) NOT-FOR-US: B&R APROL CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...) NOT-FOR-US: B&R APROL CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...) NOT-FOR-US: B&R APROL CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions< R 4.2-07 may ...) NOT-FOR-US: B&R APROL CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL databa ...) NOT-FOR-US: B&R APROL CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...) {DLA-3182-1} - vim 2:9.0.0813-1 (unimportant) NOTE: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805) NOTE: Crash in CLI tool, no security impact CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...) - rails (bug #1024274; unimportant) NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 NOTE: https://github.com/rails/rails/issues/46244 NOTE: https://github.com/rails/rails/issues/46244#issuecomment-1380875153 NOTE: Considered only a bug withouth security impact by the rails team CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo Vantage Hardw ...) NOT-FOR-US: Lenovo CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo Vantage ...) NOT-FOR-US: Lenovo CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in the ...) NOT-FOR-US: Lenovo CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...) NOT-FOR-US: Lenovo CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) NOT-FOR-US: Lenovo CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) {DLA-3695-1} - ansible 7.0.0+dfsg-1 [bullseye] - ansible (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664 NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199 CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...) NOT-FOR-US: Sophos CVE-2022-3695 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) NOT-FOR-US: Hitachi CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...) NOT-FOR-US: WordPress plugin CVE-2022-3693 (Path Traversal vulnerability in Deytek Informatics FileOrbis File Mana ...) NOT-FOR-US: FileOrbis CVE-2022-3692 REJECTED CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.5 dis ...) NOT-FOR-US: WordPress plugin CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly proper ...) NOT-FOR-US: WordPress plugin CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-43760 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Rancher CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher, allows ...) NOT-FOR-US: Rancher CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS Command (' ...) NOT-FOR-US: Rancher CVE-2022-43757 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...) NOT-FOR-US: Rancher CVE-2022-43756 (A Improper Neutralization of Special Elements in Output Used by a Down ...) NOT-FOR-US: Rancher CVE-2022-43755 (A Insufficient Entropy vulnerability in SUSE Rancher allows attackers ...) NOT-FOR-US: Rancher CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Uyuni CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) NOT-FOR-US: Uyuni CVE-2022-43752 (Oracle Solaris version 10 1/13, when using the Common Desktop Environm ...) NOT-FOR-US: Oracle Solaris CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an uncontrol ...) NOT-FOR-US: McAfee CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...) {DLA-3245-1 DLA-3173-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 (6.1-rc1) CVE-2022-43749 (Improper privilege management vulnerability in summary report manageme ...) NOT-FOR-US: Synology CVE-2022-43748 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-43747 (baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2 ...) NOT-FOR-US: baramundi CVE-2022-3687 RESERVED CVE-2022-3686 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...) NOT-FOR-US: ABB SDM600 endpoint CVE-2022-3685 (A vulnerability exists in the SDM600 software. The software operates a ...) NOT-FOR-US: ABB SDM600 endpoint CVE-2022-3684 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...) NOT-FOR-US: ABB SDM600 endpoint CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorization va ...) NOT-FOR-US: ABB SDM600 CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An a ...) NOT-FOR-US: ABB SDM600 CVE-2022-3681 (A vulnerability has been identified in the MR2600 router v1.0.18 and e ...) NOT-FOR-US: MR2600 router CVE-2022-43746 RESERVED CVE-2022-43745 RESERVED CVE-2022-43744 RESERVED CVE-2022-43743 RESERVED CVE-2022-43742 RESERVED CVE-2022-43741 RESERVED CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) NOT-FOR-US: IBM CVE-2022-43739 RESERVED CVE-2022-43738 RESERVED CVE-2022-43737 RESERVED CVE-2022-43736 RESERVED CVE-2022-43735 RESERVED CVE-2022-43734 RESERVED CVE-2022-43733 RESERVED CVE-2022-43732 RESERVED CVE-2022-43731 RESERVED CVE-2022-43730 RESERVED CVE-2022-43729 RESERVED CVE-2022-43728 RESERVED CVE-2022-43727 RESERVED CVE-2022-43726 RESERVED CVE-2022-43725 RESERVED CVE-2022-43724 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) NOT-FOR-US: Siemens CVE-2022-43723 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) NOT-FOR-US: Siemens CVE-2022-43722 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) NOT-FOR-US: Siemens CVE-2022-43721 (An authenticated attacker with update datasets permission could change ...) NOT-FOR-US: Apache Superset CVE-2022-43720 (An authenticated attacker with write CSS template permissions can crea ...) NOT-FOR-US: Apache Superset NOTE: https://github.com/apache/superset/pull/21853 CVE-2022-43719 (Two legacy REST API endpoints for approval and request access are vuln ...) NOT-FOR-US: Apache Superset NOTE: https://github.com/apache/superset/pull/22022 CVE-2022-43718 (Upload data forms do not correctly render user input leading to possib ...) NOT-FOR-US: Apache Superset CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content of mark ...) NOT-FOR-US: Apache Superset NOTE: https://github.com/apache/superset/pull/21895 CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-43715 RESERVED CVE-2022-43714 RESERVED CVE-2022-43713 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 ...) NOT-FOR-US: GX Software XperienCentral CVE-2022-43712 (POST requests to /web/mvc in GX Software XperienCentral version 10.36. ...) NOT-FOR-US: GX Software XperienCentral CVE-2022-43711 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 ...) NOT-FOR-US: GX Software XperienCentral CVE-2022-43710 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 ...) NOT-FOR-US: GX Software XperienCentral CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...) NOT-FOR-US: MyBB CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: MyBB CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visu ...) NOT-FOR-US: MyBB CVE-2022-43706 (Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm v ...) NOT-FOR-US: StackStorm CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses due to ...) - botan 2.19.3+dfsg-1 [bullseye] - botan (Minor issue) [buster] - botan (Minor issue) NOTE: https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w NOTE: https://github.com/randombit/botan/commit/fd83d9e262f63fb673e4c13ca37e5b768e41e812 (2.19.3) NOTE: https://github.com/randombit/botan/commit/4e35073ff356e37c3adcf1ff3522e9d0d48c765f (2.19.3) NOTE: https://github.com/randombit/botan/commit/c2faa88b0281e5017be72e1c85d0c41f686e1928 (2.19.3) NOTE: https://github.com/randombit/botan/commit/5d8d9fbf75c8b814ea609161bee525d520f5cb57 (2.19.3) NOTE: https://github.com/randombit/botan/commit/1829ef9d89614da1eacdf511356bdf98a970f5f5 (2.19.3) NOTE: https://github.com/randombit/botan/commit/991b0159282781f2d5c06ff42a9ff00ee563e96b (2.19.3) NOTE: https://github.com/randombit/botan/commit/a33689613127f319c0047fb96f092de16e7cb350 (2.19.3) NOTE: https://github.com/randombit/botan/commit/909c62717855402e04dbaf8ffc085f444d547aae (2.19.3) CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...) NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat CVE-2022-43703 (An installer that loads or executes files using an unconstrained searc ...) NOT-FOR-US: Arm CVE-2022-43702 (When the directory containing the installer does not have sufficiently ...) NOT-FOR-US: Arm CVE-2022-43701 (When the installation directory does not have sufficiently restrictive ...) NOT-FOR-US: Arm CVE-2022-43700 RESERVED CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...) NOT-FOR-US: OX App Suite CVE-2022-43698 (OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 a ...) NOT-FOR-US: OX App Suite CVE-2022-43697 (OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking a ...) NOT-FOR-US: OX App Suite CVE-2022-43696 (OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.) NOT-FOR-US: OX App Suite CVE-2022-43695 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43693 (Concrete CMS is vulnerable to CSRF due to the lack of "State" paramete ...) NOT-FOR-US: Concrete CMS CVE-2022-43692 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43691 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43690 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43689 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43688 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...) NOT-FOR-US: Concrete CMS CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...) NOT-FOR-US: CKAN CVE-2022-43684 (ServiceNow has released patches and an upgrade that address an Access ...) NOT-FOR-US: ServiceNow CVE-2022-43683 RESERVED CVE-2022-43682 RESERVED CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...) {DLA-3573-1} - frr 8.4.1-1 (bug #1035829) [bullseye] - frr 7.5.1-1.1+deb11u2 NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 NOTE: https://github.com/FRRouting/frr/commit/6c4ca9812976596bf8b5226600269fc4031f1422 (frr-8.4) CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by overeag ...) {DSA-5266-1 DLA-3165-1} - expat 2.5.0-1 (bug #1022743) NOTE: https://github.com/libexpat/libexpat/issues/649 NOTE: https://github.com/libexpat/libexpat/pull/616 NOTE: https://github.com/libexpat/libexpat/pull/650 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0) NOTE: Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0) CVE-2022-43679 (The Docker image of ownCloud Server through 10.11 contains a misconfig ...) NOT-FOR-US: Docker image of ownCloud Server CVE-2022-43678 RESERVED CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP ...) NOT-FOR-US: free5GC CVE-2022-43676 RESERVED CVE-2022-43675 (An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Net ...) NOT-FOR-US: NOKIA CVE-2022-43674 RESERVED CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent messages ...) NOT-FOR-US: Wire CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-43670 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Apache Sling CVE-2022-43667 (Stack-based buffer overflow vulnerability exists in CX-Programmer v.9. ...) NOT-FOR-US: CX-Programmer CVE-2022-43509 (Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and e ...) NOT-FOR-US: CX-Programmer CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77 and earlie ...) NOT-FOR-US: CX-Programmer CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...) {DSA-5279-1} - wordpress 6.0.3+dfsg1-1 (bug #1022575) [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ NOTE: Fixed by: https://core.trac.wordpress.org/changeset/54531 (6.0) NOTE: Follow-up: https://core.trac.wordpress.org/changeset/54533 (6.0) CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...) {DSA-5279-1} - wordpress 6.0.3+dfsg1-1 (bug #1022575) [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...) {DSA-5279-1} - wordpress 6.0.3+dfsg1-1 (bug #1022575) [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system versions pr ...) NOT-FOR-US: Salon booking system CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLU ...) NOT-FOR-US: TERASOLUNA CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U software ...) NOT-FOR-US: +F software CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F FS040U soft ...) NOT-FOR-US: +F software CVE-2022-42486 (Stored cross-site scripting vulnerability in User group management of ...) NOT-FOR-US: baserCMS CVE-2022-41994 (Stored cross-site scripting vulnerability in Permission Settings of ba ...) NOT-FOR-US: baserCMS CVE-2022-41830 (Stored cross-site scripting vulnerability in Kyocera Document Solution ...) NOT-FOR-US: Kyocera Document Solutions CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document Solutio ...) NOT-FOR-US: Kyocera Document Solutions CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyocera D ...) NOT-FOR-US: Kyocera Document Solutions CVE-2022-3680 REJECTED CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...) NOT-FOR-US: WordPress plugin CVE-2022-3678 REJECTED CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...) NOT-FOR-US: Eclipse Openj9 CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...) NOT-FOR-US: Fedora CoreOS grub-password feature CVE-2022-3674 (A vulnerability has been found in SourceCodester Sanitization Manageme ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3673 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3672 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3671 (A vulnerability classified as critical was found in SourceCodester eLe ...) NOT-FOR-US: SourceCodester eLearning System CVE-2022-3670 (A vulnerability was found in Axiomatic Bento4. It has been classified ...) NOT-FOR-US: Bento4 CVE-2022-3669 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...) NOT-FOR-US: Bento4 CVE-2022-3668 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...) NOT-FOR-US: Bento4 CVE-2022-3667 (A vulnerability, which was classified as critical, was found in Axioma ...) NOT-FOR-US: Bento4 CVE-2022-3666 (A vulnerability, which was classified as critical, has been found in A ...) NOT-FOR-US: Bento4 CVE-2022-3665 (A vulnerability classified as critical was found in Axiomatic Bento4. ...) NOT-FOR-US: Bento4 CVE-2022-3664 (A vulnerability classified as critical has been found in Axiomatic Ben ...) NOT-FOR-US: Bento4 CVE-2022-3663 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) NOT-FOR-US: Bento4 CVE-2022-3662 (A vulnerability was found in Axiomatic Bento4. It has been declared as ...) NOT-FOR-US: Bento4 CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel befor ...) NOT-FOR-US: myVesta Control Panel CVE-2021-46849 REJECTED CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...) {DLA-3263-1} - libtasn1-6 4.19.0-2 [bullseye] - libtasn1-6 4.16.0-2+deb11u1 NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0) NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/32 CVE-2021-46847 RESERVED CVE-2022-43657 RESERVED CVE-2022-43656 (Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosur ...) NOT-FOR-US: Bentley CVE-2022-43655 (Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code E ...) NOT-FOR-US: Bentley CVE-2022-43654 (NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerabili ...) NOT-FOR-US: NETGEAR CVE-2022-43653 (Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Executio ...) NOT-FOR-US: Bentley CVE-2022-43652 (Bentley View SKP File Parsing Use-After-Free Information Disclosure Vu ...) NOT-FOR-US: Bentley CVE-2022-43651 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...) NOT-FOR-US: Bentley CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: RARLAB WinRAR CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43648 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43647 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43646 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43645 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43644 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43643 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43642 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43641 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43640 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43637 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-43636 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: TP-Link CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: TP-Link CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1034170) NOTE: https://github.com/Netatalk/Netatalk/pull/186 NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/ NOTE: https://github.com/Netatalk/netatalk/commit/5fcb4ab02aced14484310165b3d754bb2f0820ca NOTE: https://github.com/Netatalk/netatalk/commit/e6a9ce5b8145d0b39851fbf80916035a714e9d59 (netatalk-3-1-15) CVE-2022-43633 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43632 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43630 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43629 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43628 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43627 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43626 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43625 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43624 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43623 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43622 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43621 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2022-43620 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2022-43619 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-43618 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43617 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43616 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43615 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43614 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43612 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43611 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43610 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Corel CorelDRAW Graphics Suite CVE-2022-43609 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: IronCAD CVE-2022-43608 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Canon CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3660 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3659 (Use after free in Accessibility in Google Chrome on Chrome OS prior to ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3658 (Use after free in Feedback service on Chrome OS in Google Chrome on Ch ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3657 (Use after free in Extensions in Google Chrome prior to 107.0.5304.62 a ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3656 (Insufficient data validation in File System in Google Chrome prior to ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3655 (Heap buffer overflow in Media Galleries in Google Chrome prior to 107. ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3654 (Use after free in Layout in Google Chrome prior to 107.0.5304.62 allow ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3653 (Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3652 (Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a ...) {DSA-5261-1} - chromium 107.0.5304.68-1 [buster] - chromium (see DSA 5046) CVE-2022-3651 RESERVED CVE-2022-3650 (A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...) - ceph 16.2.10+ds-4 (bug #1024932) [bullseye] - ceph (Minor issue) [buster] - ceph (ceph-crash service added in Ceph 14) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1 NOTE: https://tracker.ceph.com/issues/57967 NOTE: https://github.com/ceph/ceph/pull/48713 NOTE: https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439 (main) NOTE: https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382 (main) NOTE: Backport to Pacific: https://github.com/ceph/ceph/pull/48804 NOTE: Backport to Quincy: https://github.com/ceph/ceph/pull/48805 CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified as p ...) {DLA-3245-1 DLA-3173-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09 CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...) - openbabel (bug #1059277) [bookworm] - openbabel (Minor issue) [bullseye] - openbabel (Minor issue) [buster] - openbabel (Minor issue, no upstream patch yet) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664 NOTE: https://github.com/openbabel/openbabel/issues/2650 CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeList at ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...) {DSA-5384-1 DLA-3382-1} [experimental] - openimageio 2.4.7.1+dfsg-1 - openimageio 2.4.7.1+dfsg-2 (bug #1027808) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657 NOTE: https://github.com/OpenImageIO/oiio/pull/3670 CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 NOTE: https://github.com/OpenImageIO/oiio/pull/3676 CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 NOTE: https://github.com/OpenImageIO/oiio/pull/3673 CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 NOTE: https://github.com/OpenImageIO/oiio/pull/3672 CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 NOTE: https://github.com/OpenImageIO/oiio/pull/3672 CVE-2022-43591 (A buffer overflow vulnerability exists in the QML QtScript Reflect API ...) - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant) - qtdeclarative-opensource-src (unimportant) - qtdeclarative-opensource-src-gles (unimportant) NOTE: Not considered a security issue, QML only supported from a trusted source NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650 NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos NOTE: https://bugreports.qt.io/browse/QTBUG-107619 NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437789 CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...) NOT-FOR-US: Callback technologies CBFS Filter CVE-2022-43589 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...) NOT-FOR-US: Callback technologies CBFS Filter CVE-2022-43588 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...) NOT-FOR-US: Callback technologies CBFS Filter CVE-2022-43587 REJECTED CVE-2022-43586 REJECTED CVE-2022-43585 REJECTED CVE-2022-43584 REJECTED CVE-2022-43583 REJECTED CVE-2022-43582 RESERVED CVE-2022-43581 (IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, ...) NOT-FOR-US: IBM CVE-2022-43580 RESERVED CVE-2022-43579 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) NOT-FOR-US: IBM CVE-2022-43578 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) NOT-FOR-US: IBM CVE-2022-43577 RESERVED CVE-2022-43576 RESERVED CVE-2022-43575 RESERVED CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21 ...) NOT-FOR-US: IBM CVE-2022-43573 (IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to e ...) NOT-FOR-US: IBM CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43570 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43569 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43568 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View a ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43567 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43566 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43565 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43564 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43563 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43562 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk E ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...) NOT-FOR-US: Splunk Enterprise CVE-2022-43560 RESERVED CVE-2022-43559 RESERVED CVE-2022-43558 RESERVED CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for access throu ...) NOT-FOR-US: BD BodyGuard CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) NOT-FOR-US: Concrete CMS CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication Local P ...) NOT-FOR-US: Ivanti CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication Local Pri ...) NOT-FOR-US: Ivanti CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...) NOT-FOR-US: EdgeRouters CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl can be ask ...) {DSA-5330-1 DLA-3288-1} - curl 7.86.0-3 (bug #1026830) NOTE: https://curl.se/docs/CVE-2022-43552.html NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0) NOTE: Introduced by (smb): https://github.com/curl/curl/commit/aec2e865f06669b9cb5d26cc1148d70bc418b163 (curl-7_40_0) NOTE: Fixed by: https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 (curl-7_87_0) CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that could be bypass ...) - curl 7.86.0-3 (bug #1026829) [bullseye] - curl (curl is not built with HSTS support) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2022-43551.html NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0) NOTE: Fixed by: https://github.com/curl/curl/commit/9e71901634e276dd050481c4320f046bebb1bc28 (curl-7_87_0) CVE-2022-43550 (A command injection vulnerability exists in Jitsi before commit 8aa7be ...) - jitsi CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...) NOT-FOR-US: Veeam CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14.21 ...) {DSA-5326-1 DLA-3344-1} - nodejs 18.12.1+dfsg-1 (bug #1023518) NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 NOTE: https://hackerone.com/reports/1710652 NOTE: Fixed by: https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f (v14.x) CVE-2022-43547 RESERVED CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-43540 (A vulnerability exists in the ClearPass OnGuard macOS agent that allow ...) NOT-FOR-US: Aruba CVE-2022-43539 (A vulnerability exists in the ClearPass Policy Manager cluster communi ...) NOT-FOR-US: Aruba CVE-2022-43538 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-43537 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-43536 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-43535 (A vulnerability in the ClearPass OnGuard Windows agent could allow mal ...) NOT-FOR-US: Aruba CVE-2022-43534 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...) NOT-FOR-US: Aruba CVE-2022-43533 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...) NOT-FOR-US: Aruba CVE-2022-43532 (A vulnerability in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-43531 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-43530 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-43529 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) NOT-FOR-US: Aruba CVE-2022-43528 (Under certain configurations, an attacker can login to Aruba EdgeConne ...) NOT-FOR-US: Aruba CVE-2022-43527 (Multiple vulnerabilities within the web-based management interface of ...) NOT-FOR-US: Aruba CVE-2022-43526 (Multiple vulnerabilities within the web-based management interface of ...) NOT-FOR-US: Aruba CVE-2022-43525 (Multiple vulnerabilities within the web-based management interface of ...) NOT-FOR-US: Aruba CVE-2022-43524 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) NOT-FOR-US: Aruba CVE-2022-43523 (Multiple vulnerabilities in the web-based management interface of Arub ...) NOT-FOR-US: Aruba CVE-2022-43522 (Multiple vulnerabilities in the web-based management interface of Arub ...) NOT-FOR-US: Aruba CVE-2022-43521 (Multiple vulnerabilities in the web-based management interface of Arub ...) NOT-FOR-US: Aruba CVE-2022-43520 (Multiple vulnerabilities in the web-based management interface of Arub ...) NOT-FOR-US: Aruba CVE-2022-43519 (Multiple vulnerabilities in the web-based management interface of Arub ...) NOT-FOR-US: Aruba CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...) NOT-FOR-US: Aruba CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...) NOT-FOR-US: Siemens CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to all progr ...) - zabbix (Specific to Windows) CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the ...) {DLA-3538-1} - zabbix 1:6.0.13+dfsg-1 (bug #1026847) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-22050 NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa58889ba54b2350e211a5f315baabbaf7228045 (4.0.45rc1) NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e (5.0.30rc1) CVE-2022-43514 (A vulnerability has been identified in Automation License Manager V5 ( ...) NOT-FOR-US: Automation License Manager CVE-2022-43513 (A vulnerability has been identified in Automation License Manager V5 ( ...) NOT-FOR-US: Automation License Manager CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI versions prior ...) NOT-FOR-US: SHIRASAGI CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) NOT-FOR-US: WordPress plugin CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) NOT-FOR-US: WordPress plugin CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...) NOT-FOR-US: WordPress plugin CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...) NOT-FOR-US: WordPress plugin CVE-2022-43480 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magn ...) NOT-FOR-US: WordPress plugin CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a r ...) NOT-FOR-US: SHIRASAGI CVE-2022-43476 RESERVED CVE-2022-43472 RESERVED CVE-2022-43471 RESERVED CVE-2022-43469 (Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona ...) NOT-FOR-US: WordPress plugin CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...) NOT-FOR-US: WordPress plugin CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability inAdeel Ahmed'sIP Blacklist C ...) NOT-FOR-US: Adeel Ahmed's IP Blacklist CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) NOT-FOR-US: WordPress plugin CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...) NOT-FOR-US: WordPress plugin CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code ...) NOT-FOR-US: WordPress plugin CVE-2022-43453 RESERVED CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability in XWP ...) NOT-FOR-US: WordPress plugin CVE-2022-43445 RESERVED CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...) {DSA-5373-1} - node-sqlite3 5.1.5+ds1-1 [buster] - node-sqlite3 (Vulnerable code not present) NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5) CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization ...) NOT-FOR-US: EasyTest CVE-2022-43437 (The Download function\u2019s parameter of EasyTest has insufficient va ...) NOT-FOR-US: EasyTest CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering for sp ...) NOT-FOR-US: EasyTest CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP Custom Logi ...) NOT-FOR-US: WordPress plugin CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...) NOT-FOR-US: WordPress plugin CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...) NOT-FOR-US: WordPress plugin CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...) NOT-FOR-US: WordPress plugin CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector pl ...) NOT-FOR-US: WordPress plugin CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...) NOT-FOR-US: WordPress plugin CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...) NOT-FOR-US: WordPress plugin CVE-2022-42479 RESERVED CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inAdeel Ahmed'sI ...) NOT-FOR-US: Adeel Ahmed's IP Blacklist CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...) NOT-FOR-US: WordPress plugin CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2022-42459 (Auth. WordPress Options Change vulnerability in Image Hover Effects Ul ...) NOT-FOR-US: WordPress plugin CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...) NOT-FOR-US: WordPress theme CVE-2022-41995 RESERVED CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format parsin ...) NOT-FOR-US: PowerISO CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Ta ...) NOT-FOR-US: WordPress plugin CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...) NOT-FOR-US: WordPress plugin CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...) NOT-FOR-US: WordPress plugin CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...) NOT-FOR-US: WordPress plugin CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett W ...) NOT-FOR-US: WordPress plugin CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...) NOT-FOR-US: WordPress plugin CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) NOT-FOR-US: WordPress plugin CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...) NOT-FOR-US: WordPress theme CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job Portal \u2 ...) NOT-FOR-US: WordPress plugin CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...) NOT-FOR-US: WordPress plugin CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-41698 (Missing Authorization vulnerability in Layered If Menu.This issue affe ...) NOT-FOR-US: WordPress plugin CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic Manager.This iss ...) NOT-FOR-US: WordPress plugin CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P\ ...) NOT-FOR-US: WordPress plugin CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This issue af ...) NOT-FOR-US: WordPress plugin CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) NOT-FOR-US: WordPress plugin CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...) NOT-FOR-US: WordPress plugin CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz A ...) NOT-FOR-US: WordPress plugin CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirectio ...) NOT-FOR-US: WordPress plugin CVE-2022-40692 (Cross-Site Request Forgery (CSRF) vulnerability inWP Sunshine Sunshine ...) NOT-FOR-US: WordPress plugin CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...) NOT-FOR-US: WordPress plugin CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...) NOT-FOR-US: WordPress plugin CVE-2022-38702 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...) NOT-FOR-US: WordPress plugin CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-3648 RESERVED CVE-2022-3647 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) - redis (unimportant) NOTE: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 NOTE: Crash inside the crash report when redis already crashed due to calling an invalid NOTE: function pointer, negligible security impact CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...) {DLA-3245-1 DLA-3173-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1) CVE-2022-3645 RESERVED CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext inst ...) NOT-FOR-US: Pulp (Red Hat) CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It is p ...) {DLA-3245-1 DLA-3244-1} - linux 6.1.4-1 [bullseye] - linux 5.10.158-1 NOTE: https://xenbits.xen.org/xsa/advisory-423.html NOTE: https://git.kernel.org/linus/ad7f402ae4f466647c3a669b8a6f3e5d4271c84a CVE-2022-3642 REJECTED CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolutions Rem ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-36401 (Cross-Site Request Forgery (CSRF) vulnerability inTeraWallet \u2013 Fo ...) NOT-FOR-US: TeraWallet CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.8-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533 CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3638 REJECTED CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...) - bluez (Vulnerable code introduced and fixed in between 5.64 and 5.65, no Debian release affected) NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65) NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 (5.65) CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux ...) - linux (No vulnerable code in any upstream or Debian released version) NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6 CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/3f4093e2bf4673f218c0bf17d8362337c400e77b (6.0-rc1) CVE-2022-3634 (The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux Kern ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8c21c54a53ab21842f5050fa090f26b03c0313d6 (6.0-rc1) CVE-2022-3632 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3631 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 (6.0-rc1) CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/7e97cfed9929eaabc41829c395eb0d1350fccb9d (6.0-rc1) CVE-2022-3628 (A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.8-1 [bullseye] - linux 5.10.158-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1 CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411 CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426 CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6b4db2e528f650c7fb712961aac36455468d5902 (6.0-rc1) CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as problemati ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1) CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) {DSA-5324-1 DLA-3349-1} - linux 6.0.3-1 [buster] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1) CVE-2022-3622 (The Blog2Social plugin for WordPress is vulnerable to authorization b ...) NOT-FOR-US: WordPress plugin CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...) {DLA-3245-1 DLA-3173-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1) CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...) - exim4 4.96-7 (bug #1022556; unimportant) [bullseye] - exim4 (Vulnerable code not present) [buster] - exim4 (Vulnerable code not present) NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0) NOTE: Fixed by: https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 NOTE: Debian binary packages not built with DMARC support CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...) - linux 6.0.8-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7c9524d929648935bac2bbb4c20437df8f9c3f42 CVE-2022-3618 (The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes ...) NOT-FOR-US: WordPress plugin CVE-2022-3617 RESERVED CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRPKI ex ...) - cfrpki 1.4.4-1 [bullseye] - cfrpki (Minor issue) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc CVE-2022-3615 RESERVED CVE-2022-3614 (In affected versions of Octopus Deploy users of certain browsers using ...) NOT-FOR-US: Octopus Deploy CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2022-3612 RESERVED CVE-2022-3611 (An information disclosure vulnerability has been identified in the Len ...) NOT-FOR-US: Lenovo CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) NOT-FOR-US: phpmyfaq CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) - octoprint (bug #718591) CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - libbpf 1.1.0-1 (bug #1023717) [bullseye] - libbpf (Minor issue) NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2) NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 (v1.1.0) CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...) NOT-FOR-US: WordPress plugin CVE-2022-3604 (The Contact Form Entries WordPress plugin before 1.3.0 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...) NOT-FOR-US: WordPress plugin CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...) - openssl 3.0.7-1 [bullseye] - openssl (Only affects 3.0) [buster] - openssl (Only affects 3.0) NOTE: https://www.openssl.org/news/secadv/20221101.txt NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3 (openssl-3.0.7) NOTE: https://github.com/colmmacc/CVE-2022-3602 CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398 NOTE: Same fix as for CVE-2022-4645, CVE-2023-30086 and CVE-2023-30774. NOTE: The fix causes CVE-2023-2908. CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435 CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413 CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integ ...) NOT-FOR-US: HPE CVE-2020-36607 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...) NOT-FOR-US: D-Link CVE-2016-20016 (MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108 ...) NOT-FOR-US: MVPower CCTV DVR models CVE-2022-43435 (Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disable ...) NOT-FOR-US: Jenkins plugin CVE-2022-43434 (Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier progra ...) NOT-FOR-US: Jenkins plugin CVE-2022-43433 (Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disable ...) NOT-FOR-US: Jenkins plugin CVE-2022-43432 (Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically di ...) NOT-FOR-US: Jenkins plugin CVE-2022-43431 (Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2022-43430 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...) NOT-FOR-US: Jenkins plugin CVE-2022-43429 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...) NOT-FOR-US: Jenkins plugin CVE-2022-43428 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...) NOT-FOR-US: Jenkins plugin CVE-2022-43427 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...) NOT-FOR-US: Jenkins plugin CVE-2022-43426 (Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SEC ...) NOT-FOR-US: Jenkins plugin CVE-2022-43425 (Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2022-43424 (Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier impl ...) NOT-FOR-US: Jenkins plugin CVE-2022-43423 (Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plug ...) NOT-FOR-US: Jenkins plugin CVE-2022-43422 (Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements ...) NOT-FOR-US: Jenkins plugin CVE-2022-43421 (A missing permission check in Jenkins Tuleap Git Branch Source Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2022-43420 (Jenkins Contrast Continuous Application Security Plugin 3.9 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-43419 (Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2022-43418 (A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon P ...) NOT-FOR-US: Jenkins plugin CVE-2022-43417 (Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission ...) NOT-FOR-US: Jenkins plugin CVE-2022-43416 (Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controll ...) NOT-FOR-US: Jenkins plugin CVE-2022-43415 (Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML pars ...) NOT-FOR-US: Jenkins plugin CVE-2022-43414 (Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controlle ...) NOT-FOR-US: Jenkins plugin CVE-2022-43413 (Jenkins Job Import Plugin 3.5 and earlier does not perform a permissio ...) NOT-FOR-US: Jenkins plugin CVE-2022-43412 (Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-c ...) NOT-FOR-US: Jenkins plugin CVE-2022-43411 (Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comp ...) NOT-FOR-US: Jenkins plugin CVE-2022-43410 (Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides inf ...) NOT-FOR-US: Jenkins plugin CVE-2022-43409 (Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earl ...) NOT-FOR-US: Jenkins plugin CVE-2022-43408 (Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctl ...) NOT-FOR-US: Jenkins plugin CVE-2022-43407 (Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier do ...) NOT-FOR-US: Jenkins plugin CVE-2022-43406 (A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy ...) NOT-FOR-US: Jenkins plugin CVE-2022-43405 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries P ...) NOT-FOR-US: Jenkins plugin CVE-2022-43404 (A sandbox bypass vulnerability involving crafted constructor bodies an ...) NOT-FOR-US: Jenkins plugin CVE-2022-43403 (A sandbox bypass vulnerability involving casting an array-like value t ...) NOT-FOR-US: Jenkins plugin CVE-2022-43402 (A sandbox bypass vulnerability involving various casts performed impli ...) NOT-FOR-US: Jenkins plugin CVE-2022-43401 (A sandbox bypass vulnerability involving various casts performed impli ...) NOT-FOR-US: Jenkins plugin CVE-2022-43400 (A vulnerability has been identified in Siveillance Video Mobile Server ...) NOT-FOR-US: Siveillance Video Mobile Server V2022 R2 CVE-2022-3596 (An information leak was found in OpenStack's undercloud. This flaw all ...) NOT-FOR-US: undercloud CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) - linux (Vulnerable code not in any released version in Debian and upstream) NOTE: https://git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.3-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1) CVE-2022-3593 REJECTED CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a user can ...) [experimental] - samba 2:4.17.2+dfsg-1 - samba (Vulnerable code only in 4.17.0 and later) NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html CVE-2022-43399 REJECTED CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-43396 (In the fix for CVE-2022-24697, a blacklist is used to filter user inpu ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789.) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789) NOTE: Crash in CLI tool, no security impact CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...) - wordpress (bug #1033251) [bookworm] - wordpress (Minor issue) [bullseye] - wordpress (Minor issue) [buster] - wordpress (Minor issue) NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) NOT-FOR-US: Miele's "AppWash" MobileApp CVE-2022-3588 RESERVED CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3586 (A flaw was found in the Linux kernel\u2019s networking code. A use-aft ...) {DLA-3173-1} - linux 5.19.11-1 [bullseye] - linux 5.10.148-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/9efd23297cca530bb35e1848665805d3fcdd7889 (6.0-rc5) CVE-2022-3585 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3584 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-3583 (A vulnerability was found in SourceCodester Canteen Management System ...) NOT-FOR-US: SourceCodester Canteen Management System CVE-2022-3582 (A vulnerability has been found in SourceCodester Simple Cold Storage M ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3581 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Cashier Queuing System CVE-2022-3580 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Cashier Queuing System CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodester Cas ...) NOT-FOR-US: SourceCodester Cashier Queuing System CVE-2022-3578 (The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fc4ef9d5724973193bfa5ebed181dba6de3a56db (5.19-rc1) CVE-2022-3576 (A vulnerability regarding out-of-bounds read is found in the session p ...) NOT-FOR-US: Synology DiskStation Manager (DSM) CVE-2022-43395 RESERVED CVE-2022-43394 RESERVED CVE-2022-43393 (An improper check for unusual or exceptional conditions in the HTTP re ...) NOT-FOR-US: Zyxel CVE-2022-43392 (A buffer overflow vulnerability in the parameter of web server in Zyxe ...) NOT-FOR-US: Zyxel CVE-2022-43391 (A buffer overflow vulnerability in the parameter of the CGI program in ...) NOT-FOR-US: Zyxel CVE-2022-43390 (A command injection vulnerability in the CGI program of Zyxel NR7101 f ...) NOT-FOR-US: Zyxel CVE-2022-43389 (A buffer overflow vulnerability in the library of the web server in Zy ...) NOT-FOR-US: Zyxel CVE-2022-43388 RESERVED CVE-2022-43387 RESERVED CVE-2022-43386 RESERVED CVE-2022-43385 RESERVED CVE-2022-43384 RESERVED CVE-2022-43383 RESERVED CVE-2022-43382 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with eleva ...) NOT-FOR-US: IBM CVE-2022-43381 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-43380 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-43379 RESERVED CVE-2022-42496 (OS command injection vulnerability in Nako3edit, editor component of n ...) NOT-FOR-US: Nako3edit CVE-2022-41777 (Improper check or handling of exceptional conditions vulnerability in ...) NOT-FOR-US: Nako3edit CVE-2022-41642 (OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 a ...) NOT-FOR-US: Nako3edit CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to ...) NOT-FOR-US: Frauscher Sensortechnik CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...) NOT-FOR-US: WordPress plugin CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - gitlab 15.10.8+ds1-2 CVE-2022-3571 RESERVED CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-5 (bug #1022555) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/386 CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...) NOT-FOR-US: Zimbra CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to deseriali ...) NOT-FOR-US: WordPress plugin CVE-2022-43378 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) NOT-FOR-US: Schneider CVE-2022-43377 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: Schneider CVE-2022-43376 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider CVE-2022-43375 REJECTED CVE-2022-43374 RESERVED CVE-2022-43373 RESERVED CVE-2022-43372 (Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scri ...) NOT-FOR-US: Emlog Pro CVE-2022-43371 RESERVED CVE-2022-43370 RESERVED CVE-2022-43369 (AutoTaxi Stand Management System v1.0 was discovered to contain a cros ...) NOT-FOR-US: AutoTaxi Stand Management System CVE-2022-43368 RESERVED CVE-2022-43367 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) NOT-FOR-US: IP-COM EW9 CVE-2022-43366 (IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to acces ...) NOT-FOR-US: IP-COM EW9 CVE-2022-43365 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overfl ...) NOT-FOR-US: IP-COM EW9 CVE-2022-43364 (An access control issue in the password reset page of IP-COM EW9 V15.1 ...) NOT-FOR-US: IP-COM EW9 CVE-2022-43363 (Telegram Web 15.3.1 allows XSS via a certain payload derived from a Ta ...) NOT-FOR-US: Telegram Web CVE-2022-43362 (Senayan Library Management System v9.4.2 was discovered to contain a S ...) NOT-FOR-US: Senayan Library Management System CVE-2022-43361 (Senayan Library Management System v9.4.2 was discovered to contain a c ...) NOT-FOR-US: Senayan Library Management System CVE-2022-43360 RESERVED CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered ...) NOT-FOR-US: Gifdec CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...) [experimental] - libsass 3.6.5+20231221-1 - libsass 3.6.5+20231221-2 (bug #1051895) [bookworm] - libsass (Minor issue) [bullseye] - libsass (Minor issue) [buster] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/3178 CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...) [experimental] - libsass 3.6.5+20231221-1 - libsass 3.6.5+20231221-2 (bug #1051895) [bookworm] - libsass (Minor issue) [bullseye] - libsass (Minor issue) [buster] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/3177 CVE-2022-43356 RESERVED CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Sanitization Management System CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Sanitization Management System CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Sanitization Management System CVE-2022-43352 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Sanitization Management System CVE-2022-43351 (Sanitization Management System v1.0 was discovered to contain an arbit ...) NOT-FOR-US: Sanitization Management System CVE-2022-43350 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Sanitization Management System CVE-2022-43349 RESERVED CVE-2022-43348 RESERVED CVE-2022-43347 RESERVED CVE-2022-43346 RESERVED CVE-2022-43345 RESERVED CVE-2022-43344 RESERVED CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer overflow vuln ...) NOT-FOR-US: N-Prolog CVE-2022-43342 (A stored cross-site scripting (XSS) vulnerability in the Add function ...) NOT-FOR-US: Eramba GRC Software CVE-2022-43341 RESERVED CVE-2022-43340 (A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows ...) NOT-FOR-US: dzzoffice CVE-2022-43339 RESERVED CVE-2022-43338 RESERVED CVE-2022-43337 RESERVED CVE-2022-43336 RESERVED CVE-2022-43335 RESERVED CVE-2022-43334 RESERVED CVE-2022-43333 (Telenia Software s.r.l TVox before v22.0.17 was discovered to contain ...) NOT-FOR-US: Telenia Software s.r.l TVox CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows ...) NOT-FOR-US: Wondercms CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43330 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43329 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43328 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43327 RESERVED CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in the passwo ...) NOT-FOR-US: Telos Alliance Omnia MPX Node CVE-2022-43325 (An unauthenticated command injection vulnerability in the product lice ...) NOT-FOR-US: Telos Alliance Omnia MPX Node CVE-2022-43324 RESERVED CVE-2022-43323 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) NOT-FOR-US: EyouCMS CVE-2022-43322 RESERVED CVE-2022-43321 (Shopwind v3.4.3 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: Shopwind CVE-2022-43320 (FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: FeehiCMS CVE-2022-43319 (An information disclosure vulnerability in the component vcs/downloadF ...) NOT-FOR-US: Simple E-Learning System CVE-2022-43318 (Human Resource Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Human Resource Management System CVE-2022-43317 (A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Hu ...) NOT-FOR-US: Human Resource Management System CVE-2022-43316 RESERVED CVE-2022-43315 RESERVED CVE-2022-43314 RESERVED CVE-2022-43313 RESERVED CVE-2022-43312 RESERVED CVE-2022-43311 RESERVED CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released Foxit R ...) NOT-FOR-US: Foxit Reader CVE-2022-43309 (Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to ...) NOT-FOR-US: Supermicro CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers ...) NOT-FOR-US: INTELBRAS CVE-2022-43307 RESERVED CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-timer CVE-2022-43305 (The d8s-python for python, as distributed on PyPI, included a potentia ...) NOT-FOR-US: d8s-python CVE-2022-43304 (The d8s-timer for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-timer CVE-2022-43303 (The d8s-strings for python, as distributed on PyPI, included a potenti ...) NOT-FOR-US: d8s-strings CVE-2022-43302 RESERVED CVE-2022-43301 RESERVED CVE-2022-43300 RESERVED CVE-2022-43299 RESERVED CVE-2022-43298 RESERVED CVE-2022-43297 RESERVED CVE-2022-43296 RESERVED CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the function ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...) NOT-FOR-US: Tasmota CVE-2022-43293 (Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitra ...) NOT-FOR-US: Wacom CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43289 (Deark v.1.6.2 was discovered to contain a stack overflow via the do_pr ...) NOT-FOR-US: Deark CVE-2022-43288 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Rukovoditel CVE-2022-43287 RESERVED CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug c ...) NOT-FOR-US: njs CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...) NOT-FOR-US: njs CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.) - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1985 NOTE: Crash in CLI tool, no security impact CVE-2022-43282 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1983 NOTE: Crash in CLI tool, no security impact CVE-2022-43281 (wasm-interp v1.0.29 was discovered to contain a heap overflow via the ...) - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1981 NOTE: Crash in CLI tool, no security impact CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) - wabt 1.0.30-1 (unimportant) NOTE: https://github.com/WebAssembly/wabt/issues/1982 NOTE: Crash in CLI tool, no security impact CVE-2022-43279 (LimeSurvey before v5.0.4 was discovered to contain a SQL injection vul ...) - limesurvey (bug #472802) CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) NOT-FOR-US: Canteen Management System CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) NOT-FOR-US: Canteen Management System CVE-2022-43274 RESERVED CVE-2022-43273 RESERVED CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...) [experimental] - dcmtk 3.6.8~git20221013.51be018-1 - dcmtk 3.6.7-8 (bug #1027165) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7 NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1 CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...) NOT-FOR-US: Inhabit Systems Pty Ltd Move CRM CVE-2022-43270 RESERVED CVE-2022-43269 RESERVED CVE-2022-43268 RESERVED CVE-2022-43267 RESERVED CVE-2022-43266 RESERVED CVE-2022-43265 (An arbitrary file upload vulnerability in the component /pages/save_us ...) NOT-FOR-US: Canteen Management System CVE-2022-43264 (Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows atta ...) NOT-FOR-US: Arobas Music Guitar Pro for iPad and iPhone CVE-2022-43263 (A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro ...) NOT-FOR-US: Arobas Music Guitar Pro for iPad and iPhone CVE-2022-43262 (Human Resource Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Human Resource Management System CVE-2022-43261 RESERVED CVE-2022-43260 (Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overfl ...) NOT-FOR-US: Tenda CVE-2022-43259 (Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-43258 RESERVED CVE-2022-43257 RESERVED CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: SeaCms CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...) {DSA-5411-1} - gpac (unimportant) NOTE: https://github.com/gpac/gpac/issues/2285 NOTE: https://github.com/gpac/gpac/commit/d82e1340d7fd5ceea205e0f173500102f3237eb4 NOTE: Negligible security impact CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...) - gpac (unimportant) NOTE: https://github.com/gpac/gpac/issues/2284 NOTE: https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6 NOTE: Negligible security impact CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1025816) NOTE: https://github.com/strukturag/libde265/issues/348 CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/347 CVE-2022-43251 RESERVED CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/346 CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.11-1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/345 NOTE: https://github.com/strukturag/libde265/pull/373 CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1025816) NOTE: https://github.com/strukturag/libde265/issues/349 CVE-2022-43247 RESERVED CVE-2022-43246 RESERVED CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violation via ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.11-1 (bug #1029357) NOTE: https://github.com/strukturag/libde265/issues/352 NOTE: https://github.com/strukturag/libde265/commit/ad291690a8c92218b9e86738edd45ed64736b246 (v1.0.10) CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/342 CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1025816) NOTE: https://github.com/strukturag/libde265/issues/339 CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/340 CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/338 CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/335 CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/341 CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/338 CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/344 CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/343 CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.9-1.1 (bug #1027179) NOTE: https://github.com/strukturag/libde265/issues/337 CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments component o ...) NOT-FOR-US: Hoosk CMS CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Canteen Management System CVE-2022-43231 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) NOT-FOR-US: Canteen Management System CVE-2022-43230 (Simple Cold Storage Management System v1.0 was discovered to contain a ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-43229 (Simple Cold Storage Management System v1.0 was discovered to contain a ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Barangay Management System CVE-2022-43227 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43226 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43225 RESERVED CVE-2022-43224 RESERVED CVE-2022-43223 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) NOT-FOR-US: Open5GS CVE-2022-43222 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) NOT-FOR-US: Open5GS CVE-2022-43221 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) NOT-FOR-US: Open5GS CVE-2022-43220 RESERVED CVE-2022-43219 RESERVED CVE-2022-43218 RESERVED CVE-2022-43217 RESERVED CVE-2022-43216 (AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a ...) NOT-FOR-US: AbrhilSoft Employee's Portal CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-43213 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-43211 RESERVED CVE-2022-43210 RESERVED CVE-2022-43209 RESERVED CVE-2022-43208 RESERVED CVE-2022-43207 RESERVED CVE-2022-43206 RESERVED CVE-2022-43205 RESERVED CVE-2022-43204 RESERVED CVE-2022-43203 RESERVED CVE-2022-43202 RESERVED CVE-2022-43201 RESERVED CVE-2022-43200 RESERVED CVE-2022-43199 RESERVED CVE-2022-43198 RESERVED CVE-2022-43197 RESERVED CVE-2022-43196 (dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_man ...) NOT-FOR-US: dedecmdv6 CVE-2022-43195 RESERVED CVE-2022-43194 RESERVED CVE-2022-43193 RESERVED CVE-2022-43192 (An arbitrary file upload vulnerability in the component /dede/file_man ...) NOT-FOR-US: Dedecms CVE-2022-43191 RESERVED CVE-2022-43190 RESERVED CVE-2022-43189 RESERVED CVE-2022-43188 RESERVED CVE-2022-43187 RESERVED CVE-2022-43186 RESERVED CVE-2022-43185 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...) NOT-FOR-US: Rukovoditel CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command in ...) NOT-FOR-US: D-Link CVE-2022-43183 (XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) vi ...) NOT-FOR-US: XXL-Job CVE-2022-43182 RESERVED CVE-2022-43181 RESERVED CVE-2022-43180 RESERVED CVE-2022-43179 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-43178 RESERVED CVE-2022-43177 RESERVED CVE-2022-43176 RESERVED CVE-2022-43175 RESERVED CVE-2022-43174 RESERVED CVE-2022-43173 RESERVED CVE-2022-43172 RESERVED CVE-2022-43171 (A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinf ...) NOT-FOR-US: LIEF CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...) NOT-FOR-US: Rukovoditel CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access ...) NOT-FOR-US: Rukovoditel CVE-2022-43168 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Rukovoditel CVE-2022-43167 (A stored cross-site scripting (XSS) vulnerability in the Users Alerts ...) NOT-FOR-US: Rukovoditel CVE-2022-43166 (A stored cross-site scripting (XSS) vulnerability in the Global Entiti ...) NOT-FOR-US: Rukovoditel CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global Variab ...) NOT-FOR-US: Rukovoditel CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists ...) NOT-FOR-US: Rukovoditel CVE-2022-43163 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43162 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43161 RESERVED CVE-2022-43160 RESERVED CVE-2022-43159 RESERVED CVE-2022-43158 RESERVED CVE-2022-43157 RESERVED CVE-2022-43156 RESERVED CVE-2022-43155 RESERVED CVE-2022-43154 RESERVED CVE-2022-43153 RESERVED CVE-2022-43152 (tsMuxer v2.6.16 was discovered to contain a heap overflow via the func ...) NOT-FOR-US: tsMuxer CVE-2022-43151 (timg v1.4.4 was discovered to contain a memory leak via the function t ...) - timg 1.4.5-1 (unimportant) NOTE: https://github.com/hzeller/timg/issues/92 NOTE: https://github.com/hzeller/timg/commit/e9667ea2c811aa9eb399b631aef9bba0d3711834 (v1.4.5) NOTE: Memory leak in terminal application, no security impact CVE-2022-43150 RESERVED CVE-2022-43149 RESERVED CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the compo ...) NOT-FOR-US: rtf2html CVE-2022-43147 RESERVED CVE-2022-43146 (An arbitrary file upload vulnerability in the image upload function of ...) NOT-FOR-US: Canteen Management System CVE-2022-43145 RESERVED CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...) NOT-FOR-US: Canteen Management System CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 ...) NOT-FOR-US: Beekeeper Studio CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...) NOT-FOR-US: Password Storage Application CVE-2022-43141 RESERVED CVE-2022-43140 (kkFileView v4.1.0 was discovered to contain a Server-Side Request Forg ...) NOT-FOR-US: kkFileView CVE-2022-43139 RESERVED CVE-2022-43138 (Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows atta ...) - dolibarr CVE-2022-43137 RESERVED CVE-2022-43136 RESERVED CVE-2022-43135 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43134 RESERVED CVE-2022-43133 RESERVED CVE-2022-43132 RESERVED CVE-2022-43131 RESERVED CVE-2022-43130 RESERVED CVE-2022-43129 RESERVED CVE-2022-43128 REJECTED CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43126 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43125 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43124 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43123 RESERVED CVE-2022-43122 RESERVED CVE-2022-43121 (A cross-site scripting (XSS) vulnerability in the CMS Field Add page o ...) NOT-FOR-US: Subrion CMS CVE-2022-43120 (A cross-site scripting (XSS) vulnerability in the /panel/fields/add co ...) NOT-FOR-US: Subrion CMS CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 a ...) NOT-FOR-US: Clansphere CMS CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allo ...) NOT-FOR-US: flatCore-CMS CVE-2022-43117 (Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 w ...) NOT-FOR-US: Sourcecodester Password Storage Application in PHP/OOP and MySQL CVE-2022-43116 RESERVED CVE-2022-43115 RESERVED CVE-2022-43114 RESERVED CVE-2022-43113 RESERVED CVE-2022-43112 RESERVED CVE-2022-43111 RESERVED CVE-2022-43110 RESERVED CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command injection vulner ...) NOT-FOR-US: D-Link CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43107 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43106 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43105 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43104 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43103 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43102 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43101 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-43100 RESERVED CVE-2022-43099 RESERVED CVE-2022-43098 RESERVED CVE-2022-43097 (Phpgurukul User Registration & User Management System v3.0 was discove ...) NOT-FOR-US: Phpgurukul User Registration & User Management System CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to gain root a ...) NOT-FOR-US: Mediatrix CVE-2022-43095 RESERVED CVE-2022-43094 RESERVED CVE-2022-43093 RESERVED CVE-2022-43092 RESERVED CVE-2022-43091 RESERVED CVE-2022-43090 RESERVED CVE-2022-43089 RESERVED CVE-2022-43088 RESERVED CVE-2022-43087 RESERVED CVE-2022-43086 (Restaurant POS System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Restaurant POS System CVE-2022-43085 (An arbitrary file upload vulnerability in add_product.php of Restauran ...) NOT-FOR-US: Restaurant POS System CVE-2022-43084 (A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of ...) NOT-FOR-US: Vehicle Booking System CVE-2022-43083 (An arbitrary file upload vulnerability in admin-add-vehicle.php of Veh ...) NOT-FOR-US: Vehicle Booking System CVE-2022-43082 (A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php o ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-43081 (Fast Food Ordering System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-43080 RESERVED CVE-2022-43079 (A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Tr ...) NOT-FOR-US: Train Scheduler App CVE-2022-43078 (A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of We ...) NOT-FOR-US: Web-Based Student Clearance System CVE-2022-43077 RESERVED CVE-2022-43076 (A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of ...) NOT-FOR-US: Web-Based Student Clearance System CVE-2022-43075 RESERVED CVE-2022-43074 (AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulne ...) NOT-FOR-US: AyaCMS CVE-2022-43073 RESERVED CVE-2022-43072 RESERVED CVE-2022-43071 (A stack overflow in the Catalog::readPageLabelTree2(Object*) function ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-43070 RESERVED CVE-2022-43069 RESERVED CVE-2022-43068 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43067 RESERVED CVE-2022-43066 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43065 RESERVED CVE-2022-43064 RESERVED CVE-2022-43063 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43062 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43061 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-43060 RESERVED CVE-2022-43059 RESERVED CVE-2022-43058 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43057 RESERVED CVE-2022-43056 RESERVED CVE-2022-43055 RESERVED CVE-2022-43054 RESERVED CVE-2022-43053 RESERVED CVE-2022-43052 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43051 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-43050 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-43049 (Canteen Management System Project v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Canteen Management System Project CVE-2022-43048 RESERVED CVE-2022-43047 RESERVED CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...) NOT-FOR-US: Food Ordering Management System CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2277 NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2282 NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2276 NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2278 NOTE: https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 CVE-2022-43041 RESERVED CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2280 NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) - gpac (bug #1033116; bug #1051866) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2281 NOTE: https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 CVE-2022-43038 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) NOT-FOR-US: Bento4 CVE-2022-43037 (An issue was discovered in Bento4 1.6.0-639. There is a memory leak in ...) NOT-FOR-US: Bento4 CVE-2022-43036 RESERVED CVE-2022-43035 (An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-o ...) NOT-FOR-US: Bento4 CVE-2022-43034 (An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer o ...) NOT-FOR-US: Bento4 CVE-2022-43033 (An issue was discovered in Bento4 1.6.0-639. There is a bad free in th ...) NOT-FOR-US: Bento4 CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory leak i ...) NOT-FOR-US: Bento4 CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery ...) NOT-FOR-US: DedeCMS CVE-2022-43030 (Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Siyucms CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43028 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43027 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43026 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43025 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43024 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-43023 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: OpenCATS CVE-2022-43022 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: OpenCATS CVE-2022-43021 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: OpenCATS CVE-2022-43020 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: OpenCATS CVE-2022-43019 (OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: OpenCATS CVE-2022-43018 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: OpenCATS CVE-2022-43017 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: OpenCATS CVE-2022-43016 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: OpenCATS CVE-2022-43015 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: OpenCATS CVE-2022-43014 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) NOT-FOR-US: OpenCATS CVE-2022-43013 RESERVED CVE-2022-43012 RESERVED CVE-2022-43011 RESERVED CVE-2022-43010 RESERVED CVE-2022-43009 RESERVED CVE-2022-43008 RESERVED CVE-2022-43007 RESERVED CVE-2022-43006 RESERVED CVE-2022-43005 RESERVED CVE-2022-43004 RESERVED CVE-2022-43003 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) NOT-FOR-US: D-Link CVE-2022-43002 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) NOT-FOR-US: D-Link CVE-2022-43001 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) NOT-FOR-US: D-Link CVE-2022-43000 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) NOT-FOR-US: D-Link CVE-2022-42999 (D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command ...) NOT-FOR-US: D-Link CVE-2022-42998 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) NOT-FOR-US: D-Link CVE-2022-42997 RESERVED CVE-2022-42996 RESERVED CVE-2022-42995 RESERVED CVE-2022-42994 RESERVED CVE-2022-42993 (Password Storage Application v1.0 was discovered to contain a cross-si ...) NOT-FOR-US: Password Storage Application CVE-2022-42992 (Multiple stored cross-site scripting (XSS) vulnerabilities in Train Sc ...) NOT-FOR-US: Train Scheduler App CVE-2022-42991 (A stored cross-site scripting (XSS) vulnerability in Simple Online Pub ...) NOT-FOR-US: Simple Online Public Access Catalog CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Food Ordering Management System CVE-2022-42989 (ERP Sankhya before v4.11b81 was discovered to contain a cross-site scr ...) NOT-FOR-US: ERP Sankhya CVE-2022-42988 RESERVED CVE-2022-42987 RESERVED CVE-2022-3567 (A vulnerability has been found in Linux Kernel and classified as probl ...) - linux 6.1.4-1 NOTE: https://git.kernel.org/linus/364f997b5cfe1db0d63a390fe7c801fa2b3115f6 (6.1-rc1) CVE-2022-3566 (A vulnerability, which was classified as problematic, was found in Lin ...) - linux 6.1.4-1 NOTE: https://git.kernel.org/linus/f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 (6.1-rc1) CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.3-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/2568a7e0832ee30b0a351016d03062ab4e0e0a3f (6.1-rc1) CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.8-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966 CVE-2022-3563 (A vulnerability classified as problematic has been found in Linux Kern ...) - bluez 5.65-1 [bullseye] - bluez (Vulnerable code introduced later) [buster] - bluez (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e (5.65) NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bc3a76f01f461db19381f1922cdaeac222dfd374 (5.56) CVE-2022-3562 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-3561 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) NOT-FOR-US: LibreNMS CVE-2022-3560 (A flaw was found in pesign. The pesign package provides a systemd serv ...) - pesign 116-1 (bug #1030168) [bookworm] - pesign (Minor issue) [bullseye] - pesign (Minor issue) [buster] - pesign (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/01/31/6 NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/2 NOTE: https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998 (116) CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...) - exim4 4.96-4 [bullseye] - exim4 (Minor issue) [buster] - exim4 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2915 NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...) NOT-FOR-US: WordPress plugin CVE-2022-3557 RESERVED CVE-2022-3556 RESERVED CVE-2022-3555 REJECTED CVE-2022-3554 REJECTED CVE-2022-3553 (A vulnerability, which was classified as problematic, was found in X.o ...) - xorg-server 2:21.1.4-1 (unimportant) NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/dfd057996b26420309c324ec844a5ba6dd07eda3 NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component CVE-2022-3552 (Unrestricted Upload of File with Dangerous Type in GitHub repository b ...) NOT-FOR-US: boxbilling CVE-2022-3551 (A vulnerability, which was classified as problematic, has been found i ...) {DSA-5278-1 DLA-3185-1} - xorg-server 2:21.1.4-3 - xwayland 2:22.1.5-1 NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2 CVE-2022-3550 (A vulnerability classified as critical was found in X.org Server. Affe ...) {DSA-5278-1 DLA-3185-1} - xorg-server 2:21.1.4-3 - xwayland 2:22.1.5-1 NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e CVE-2022-3549 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3548 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) NOT-FOR-US: SourceCodester Simple Cold Storage Management System CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.0.2-1 NOTE: https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1) CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c8e2349f2d033f634d046063b704b2ca6c46972 (6.0) CVE-2022-3543 (A vulnerability, which was classified as problematic, has been found i ...) - linux 6.0.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1) CVE-2022-3542 REJECTED CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Kernel. ...) - linux 6.0.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/12aece8b01507a2d357a1861f470e83621fbb6f2 (6.1-rc1) CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before ...) NOT-FOR-US: hunter2 CVE-2022-3539 (The Testimonials WordPress plugin before 2.7, super-testimonial-pro Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-3538 (The Webmaster Tools Verification WordPress plugin through 1.2 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...) NOT-FOR-US: WordPress plugin CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-42986 REJECTED CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not escape v ...) NOT-FOR-US: MediaWiki extension ScratchLogin CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...) NOT-FOR-US: WoWonder Social Network Platform CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...) NOT-FOR-US: anji-plus AJ-Report CVE-2022-42982 (BKG Professional NtripCaster 2.0.39 allows querying information over t ...) NOT-FOR-US: BKG Professional NtripCaster CVE-2022-42981 RESERVED CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...) NOT-FOR-US: go-admin (aka GO Admin) CVE-2022-42979 (Information disclosure due to an insecure hostname validation in the R ...) NOT-FOR-US: RYDE CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...) NOT-FOR-US: Atlassian Confluence addon CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...) NOT-FOR-US: Atlassian Confluence addon CVE-2022-42976 RESERVED CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...) NOT-FOR-US: Phoenix CVE-2022-42974 RESERVED CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...) NOT-FOR-US: Schneider CVE-2022-42971 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) NOT-FOR-US: Schneider CVE-2022-42970 (A CWE-306: Missing Authentication for Critical Function The software d ...) NOT-FOR-US: Schneider CVE-2022-3535 REJECTED CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...) - libbpf 1.1.0-1 (bug #1023717) [bullseye] - libbpf (Minor issue) NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/7ac1547f32f060d84b06c74edbb2c6896cc07949 (v0.2) NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f3aaaa41e2a51ddbcd084 (v1.1.0) CVE-2022-3533 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) - libbpf 1.1.0-1 (bug #1023717) [bullseye] - libbpf (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/557499a13ede6ea86883d070af06621fe990572f (v0.8.0) NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/881a10980b7ded995da5d9cc1919992c36c9d2be (v1.1.0) CVE-2022-3532 REJECTED CVE-2022-3531 REJECTED CVE-2022-3530 REJECTED CVE-2022-3529 REJECTED CVE-2022-3528 REJECTED CVE-2022-3527 REJECTED CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kernel. T ...) - linux 5.17.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e16b859872b87650bb55b12cca5a5fcdc49c1442 CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/libren ...) NOT-FOR-US: LibreNMS CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.7-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11 CVE-2022-3523 (A vulnerability was found in Linux Kernel. It has been classified as p ...) - linux 6.1.4-1 NOTE: https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33 CVE-2022-3522 REJECTED CVE-2022-3521 (A vulnerability has been found in Linux Kernel and classified as probl ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.10-1 (unimportant) [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/ec7eede369fe5b0d085ac51fdbb95184f87bfc6c NOTE: In Debian CONFIG_AF_KCM is not set CVE-2022-42969 (The py library through 1.11.0 for Python allows remote attackers to co ...) - python-py (unimportant) NOTE: https://github.com/pytest-dev/py/issues/287 NOTE: Negligible security impact and disputed upstream NOTE: https://github.com/pytest-dev/py/issues/287#issuecomment-1283784766 CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git backe ...) - gitea CVE-2022-42967 (Caret is vulnerable to an XSS attack when the user opens a crafted Mar ...) NOT-FOR-US: Caret CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) - python-cleo (Vulnerable code introduced later; cf #1024018) NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/ NOTE: https://github.com/python-poetry/cleo/issues/284 NOTE: Introduced with: https://github.com/python-poetry/cleo/commit/de55578da25c6b1736b8b818f21c1bacf7c2475d (1.0.0a1) NOTE: Fixed by: https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455 CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: snowflake-connector-python CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) - pymatgen 2023.06.23+dfsg1-1 (bug #1024017) [bookworm] - pymatgen (Minor issue) NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/ NOTE: https://github.com/materialsproject/pymatgen/issues/2755 CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246 NOTE: https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b (v9.0.0765) NOTE: Crash in CLI tool, no security impact CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-42963 RESERVED CVE-2022-42962 RESERVED CVE-2022-42961 (An issue was discovered in wolfSSL before 5.5.0. A fault injection att ...) - wolfssl 5.5.3-1 (bug #1023574) [bullseye] - wolfssl 4.6.0+p1-0+deb11u2 NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.1 ...) NOT-FOR-US: EqualWeb Accessibility Widget CVE-2022-42959 RESERVED CVE-2022-42958 RESERVED CVE-2022-42957 RESERVED CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...) NOT-FOR-US: PassWork extension for Chrome CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...) NOT-FOR-US: PassWork extension for Chrome CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS.) NOT-FOR-US: Keyfactor EJBCA CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) ...) NOT-FOR-US: ZKTeco CVE-2022-42952 RESERVED CVE-2022-42951 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6 ...) NOT-FOR-US: Couchbase Server CVE-2022-42950 (An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x ...) NOT-FOR-US: Couchbase Server CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...) NOT-FOR-US: Silverstripe CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...) NOT-FOR-US: Mikrotik CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are d ...) NOT-FOR-US: Cobalt Strike CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...) NOT-FOR-US: Autodesk CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...) NOT-FOR-US: Autodesk CVE-2022-42945 (DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerabi ...) NOT-FOR-US: Autodesk CVE-2022-42944 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) NOT-FOR-US: Autodesk CVE-2022-42943 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) NOT-FOR-US: Autodesk CVE-2022-42942 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) NOT-FOR-US: Autodesk CVE-2022-42941 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) NOT-FOR-US: Autodesk CVE-2022-42940 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) NOT-FOR-US: Autodesk CVE-2022-42939 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) NOT-FOR-US: Autodesk CVE-2022-42938 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) NOT-FOR-US: Autodesk CVE-2022-42937 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-42936 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-42935 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-42934 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-42932 (Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported m ...) {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} - firefox 106.0-1 - firefox-esr 102.4.0esr-1 - thunderbird 1:102.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42932 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42932 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42932 CVE-2022-42931 (Logins saved by Firefox should be managed by the Password Manager comp ...) - firefox 106.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42931 CVE-2022-42930 (If two Workers were simultaneously initializing their CacheStorage, a ...) - firefox 106.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930 CVE-2022-42929 (If a website called `window.print()` in a particular way, it could cau ...) {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} - firefox 106.0-1 - firefox-esr 102.4.0esr-1 - thunderbird 1:102.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42929 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42929 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929 CVE-2022-42928 (Certain types of allocations were missing annotations that, if the Gar ...) {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} - firefox 106.0-1 - firefox-esr 102.4.0esr-1 - thunderbird 1:102.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42928 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42928 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928 CVE-2022-42927 (A same-origin policy violation could have allowed the theft of cross-o ...) {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} - firefox 106.0-1 - firefox-esr 102.4.0esr-1 - thunderbird 1:102.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42927 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42927 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42927 CVE-2022-42926 RESERVED CVE-2022-42925 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...) NOT-FOR-US: Forma LMS CVE-2022-42924 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) NOT-FOR-US: Forma LMS CVE-2022-42923 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) NOT-FOR-US: Forma LMS CVE-2022-42922 RESERVED CVE-2022-42921 RESERVED CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally only allo ...) - bcel 6.5.0-2 [bullseye] - bcel 6.5.0-1+deb11u1 [buster] - bcel 6.2-1+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2022/11/04/6 NOTE: https://www.openwall.com/lists/oss-security/2022/11/04/8 NOTE: https://github.com/apache/commons-bcel/pull/147 NOTE: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 NOTE: Duplicate of CVE-2022-34169. But CVE-2022-34169 was assigned for Apache Xalan Java XSLT library, NOTE: whereeas CVE-2022-42920 is associated with bcel itself. CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...) {DLA-3271-1} - node-minimatch 3.0.5+~3.0.5-1 [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1 NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5) NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/e4cd43462340ca6b21212b68c9e314d8cdd9861a CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...) {DSA-5305-1 DLA-3248-1} - libksba 1.6.3-1 NOTE: https://dev.gnupg.org/T6284 NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 (libksba-1.6.3) CVE-2022-3515 (A vulnerability was found in the Libksba library due to an integer ove ...) {DSA-5255-1 DLA-3153-1} - libksba 1.6.2-1 (bug #1021928) NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html NOTE: https://dev.gnupg.org/T6230 NOTE: https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b CVE-2022-3514 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-3513 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...) NOT-FOR-US: Cloudflare CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...) NOT-FOR-US: WordPress plugin CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...) [experimental] - protobuf 3.21.7-1 - protobuf 3.21.9-3 [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) [buster] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...) [experimental] - protobuf 3.21.7-1 - protobuf 3.21.9-3 [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) [buster] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) NOTE: https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 (v21.7, v3.21.7) NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 CVE-2022-3508 RESERVED CVE-2022-3507 RESERVED CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/re ...) NOT-FOR-US: WordPress plugin CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) NOT-FOR-US: SourceCodester CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) NOT-FOR-US: SourceCodester CVE-2022-42919 (Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...) - python3.11 3.11.0-2 - python3.10 3.10.8-2 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Vulnerable functionality backported later in 3.7.8) - python2.7 (Vulnerable code introduced later) - pypy3 7.3.11+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/issues/97514 NOTE: https://github.com/python/cpython/commit/4686d77a04570a663164c03193d9def23c89b122 (3.11-branch) NOTE: https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2 (3.10-branch) NOTE: https://github.com/python/cpython/commit/b43496c01a554cf41ae654a0379efae18609ad39 (3.9-branch) NOTE: The patch for 3.9 and later only removes the default preference for abstract sockets which NOTE: prevents CVE-2022-42919. Versions 3.8.4 and 3.7.8 are not vulnerable by default (but issue present) NOTE: though users would need to make specific uncommon multiprocessing API calls specifying their own NOTE: forkserver control socket path. Earlier 3.x versions are not vulnerable. CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management ...) NOT-FOR-US: SourceCodester CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...) NOT-FOR-US: Human Resource Management System CVE-2022-3501 (Article template contents with sensitive data could be accessed from a ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x CVE-2022-3500 (A vulnerability was found in keylime. This security issue happens in s ...) NOT-FOR-US: keylime CVE-2022-42918 RESERVED CVE-2022-42917 RESERVED CVE-2022-42916 (In curl before 7.86.0, the HSTS check could be bypassed to trick it in ...) - curl 7.86.0-1 [bullseye] - curl (curl is not built with HSTS support) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2022-42916.html NOTE: Introduced with: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0) NOTE: Fixed by: https://github.com/curl/curl/commit/53bcf55b4538067e6dc36242168866becb987bb7 (curl-7_86_0) CVE-2022-42915 (curl before 7.86.0 has a double free. If curl is told to use an HTTP p ...) - curl 7.86.0-1 [bullseye] - curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2022-42915.html NOTE: Introduced by: https://github.com/curl/curl/commit/51c0ebcff2140c38ff389b4fcfb8216f5e9d198c (curl-7_77_0) NOTE: Fixed by: https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89 (curl-7_86_0) CVE-2022-42914 RESERVED CVE-2022-42913 RESERVED CVE-2022-42912 RESERVED CVE-2022-42911 RESERVED CVE-2022-42910 RESERVED CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization to acces ...) NOT-FOR-US: WEPA Print Away CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not properly sa ...) NOT-FOR-US: WEPA Print Away CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...) NOT-FOR-US: Nessus CVE-2022-3498 RESERVED CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public ...) NOT-FOR-US: SourceCodester CVE-2022-3494 (The Complianz WordPress plugin before 6.3.4, and Complianz Premium Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...) NOT-FOR-US: SourceCodester Human Resource Management System CVE-2022-3491 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0813-1 (unimportant) NOTE: https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb NOTE: https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041 (v9.0.0742) NOTE: Crash in CLI tool, no security impact CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...) NOT-FOR-US: WordPress plugin CVE-2022-3488 (Processing of repeated responses to the same query, where both respons ...) - bind9 (Only affects Supported Preview Edition/Subscription Edition) CVE-2022-3487 REJECTED CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...) NOT-FOR-US: IFM Moneo Appliance CVE-2022-3484 (The WPB Show Core WordPress plugin does not sanitize and escape a para ...) NOT-FOR-US: WordPress plugin CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all version ...) - gitlab 15.10.8+ds1-2 CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...) NOT-FOR-US: PHOENIX CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...) - nss 2:3.87-1 (bug #1021786) [bullseye] - nss (Vulnerable code not present) [buster] - nss (The vulnerable code was introduced later) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9 CVE-2022-42907 RESERVED CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled (via the WO ...) - wolfssl 5.5.3-1 [bullseye] - wolfssl 4.6.0+p1-0+deb11u2 NOTE: Fixed in 5.5.2 (https://www.wolfssl.com/docs/security-vulnerabilities/) CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows authenticated adm ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileg ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...) {DSA-5260-1 DLA-3192-1} - lava 2022.10-1 (bug #1021737) NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834 NOTE: https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may be affect ...) NOT-FOR-US: Bentley CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may be affect ...) NOT-FOR-US: Bentley CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be affect ...) NOT-FOR-US: Bentley CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...) {DSA-5287-1 DSA-5286-1 DLA-3213-1 DLA-3206-1} - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) - krb5 1.20.1-1 (bug #1024267) - samba 2:4.17.3+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-42898.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15203 NOTE: samba: only exploitable in 32-bit systems, according to upstream advisory NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 (master) NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/b99de751dd35360c0fccac74a40f4a60dbf1ceea (krb5-1.20.1-final) NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 (krb5-1.19.4-final) NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c NOTE: Heimdal: https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246 (heimdal-7.7.1) NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025 NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...) NOT-FOR-US: Array Networks CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) {DLA-3277-1} - powerline-gitstatus 1.3.2-1 [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1 NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46 CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.10-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4 NOTE: https://git.kernel.org/linus/f937b758a188d6fd328a81367087eddbb2fce50f NOTE: https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4 CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.7-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e NOTE: https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357 CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42893 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42892 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42891 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...) {DSA-5264-1 DLA-3169-1} - batik 1.16+dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1345 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904549 CVE-2022-3477 (The tagDiv Composer WordPress plugin before 3.5, required by the Newsp ...) NOT-FOR-US: WordPress plugin CVE-2022-3476 RESERVED CVE-2022-3475 RESERVED CVE-2022-3474 (A bad credential handling in the remote assets API for Bazel versions ...) - bazel (bug #979846) CVE-2022-3473 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management ...) NOT-FOR-US: SourceCodester CVE-2022-3469 (The WP Attachments WordPress plugin before 5.0.5 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2022-3468 RESERVED CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...) NOT-FOR-US: Jiusi OA CVE-2022-3466 (The version of cri-o as released for Red Hat OpenShift Container Platf ...) - cri-o (bug #979702) CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge Medial ...) NOT-FOR-US: Mediabridge Medialink CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...) NOT-FOR-US: puppyCMS CVE-2022-3463 (The Contact Form Plugin WordPress plugin before 4.3.13 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...) - commons-text 1.10.0-1 (bug #1021787) [bullseye] - commons-text (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4 NOTE: https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ NOTE: https://blogs.apache.org/security/entry/cve-2022-42889 CVE-2022-42878 (Null pointer dereference for some Intel(R) Trace Analyzer and Collecto ...) NOT-FOR-US: Intel CVE-2022-42877 RESERVED CVE-2022-42876 RESERVED CVE-2022-42875 RESERVED CVE-2022-42874 RESERVED CVE-2022-42873 RESERVED CVE-2022-42872 RESERVED CVE-2022-42871 RESERVED CVE-2022-42870 RESERVED CVE-2022-42869 RESERVED CVE-2022-42868 RESERVED CVE-2022-42487 RESERVED CVE-2022-42480 RESERVED CVE-2022-41997 RESERVED CVE-2022-41984 (Protection mechanism failure for some Intel(R) Arc(TM) graphics cards ...) NOT-FOR-US: Intel CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM) Profiler so ...) NOT-FOR-US: Intel CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...) NOT-FOR-US: Intel CVE-2022-41693 (Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition ...) NOT-FOR-US: Intel CVE-2022-41687 (Insecure inherited permissions in the HotKey Services for some Intel(R ...) NOT-FOR-US: Intel CVE-2022-40221 RESERVED CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...) NOT-FOR-US: PHOENIX CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for certain type ...) NOT-FOR-US: Octopus Deploy CVE-2022-3459 RESERVED CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...) NOT-FOR-US: SourceCodester CVE-2022-42867 (A use after free issue was addressed with improved memory management. ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-42866 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42864 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-42863 (A memory corruption issue was addressed with improved state management ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-42860 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...) NOT-FOR-US: Apple CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-42857 REJECTED CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-42855 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-42854 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42853 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2022-42852 (The issue was addressed with improved memory handling. This issue is f ...) {DSA-5309-1 DSA-5308-1 DLA-3274-1} - webkit2gtk 2.38.3-1 - wpewebkit 2.38.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0011.html CVE-2022-42851 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42850 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42849 (An access issue existed with privileged API calls. This issue was addr ...) NOT-FOR-US: Apple CVE-2022-42848 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-42847 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-42846 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42845 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42844 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42843 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-42842 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42841 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2022-42840 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42839 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2022-42838 (An issue with app access to camera data was addressed with improved lo ...) NOT-FOR-US: Apple CVE-2022-42837 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Apple CVE-2022-42836 RESERVED CVE-2022-42835 REJECTED CVE-2022-42834 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2022-42833 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2022-42832 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-42831 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-42830 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42829 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-42828 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42827 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-42826 (A use after free issue was addressed with improved memory management. ...) {DSA-5341-1 DSA-5340-1 DLA-3308-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0001.html CVE-2022-42825 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2022-42824 (A logic issue was addressed with improved state management. This issue ...) {DSA-5274-1 DSA-5273-1 DLA-3183-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-42823 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-5274-1 DSA-5273-1 DLA-3183-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-42822 REJECTED CVE-2022-42821 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-42820 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-42819 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2022-42818 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-42817 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-42816 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-42815 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-42814 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-42813 (A certificate validation issue existed in the handling of WKWebView. T ...) NOT-FOR-US: Apple CVE-2022-42812 RESERVED CVE-2022-42811 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2022-42810 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42809 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42808 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-42807 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-42806 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-42805 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2022-42804 REJECTED CVE-2022-42803 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-42802 REJECTED CVE-2022-42801 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-42800 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-42799 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5274-1 DSA-5273-1 DLA-3183-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-42798 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-42797 (An injection issue was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2022-42796 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2022-42795 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2022-42794 REJECTED CVE-2022-42793 (An issue in code signature validation was addressed with improved chec ...) NOT-FOR-US: Apple CVE-2022-42792 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-42791 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-42790 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-42789 (An issue in code signature validation was addressed with improved chec ...) NOT-FOR-US: Apple CVE-2022-42788 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2022-42787 (Multiple W&T products of the Comserver Series use a small number space ...) NOT-FOR-US: Wiesemann & Theis GmbH products CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XSS atta ...) NOT-FOR-US: Wiesemann & Theis GmbH products CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an authenti ...) NOT-FOR-US: Wiesemann & Theis GmbH products CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All versions >= ...) NOT-FOR-US: Siemens CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...) - rdiffweb (bug #969974) CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3455 RESERVED CVE-2022-3454 RESERVED CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store Management Syst ...) NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store Management Syst ...) NOT-FOR-US: SourceCodester Book Store Management System CVE-2022-42783 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-42782 (In wlan driver, there is a possible missing permission check, This cou ...) NOT-FOR-US: Unisoc CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42780 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42779 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42778 (In windows manager service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-42777 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-42776 (In UscAIEngine service, there is a missing permission check. This coul ...) NOT-FOR-US: Unisoc CVE-2022-42775 (In camera driver, there is a possible memory corruption due to imprope ...) NOT-FOR-US: Unisoc CVE-2022-42774 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42773 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42772 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42771 (In wlan driver, there is a race condition, This could lead to local de ...) NOT-FOR-US: Unisoc CVE-2022-42770 (In wlan driver, there is a race condition, This could lead to local de ...) NOT-FOR-US: Unisoc CVE-2022-42769 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42768 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42767 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42766 (In wlan driver, there is a possible missing permission check, This cou ...) NOT-FOR-US: Unisoc CVE-2022-42765 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42764 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42763 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42762 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42761 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42760 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42759 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42758 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42757 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42756 (In sensor driver, there is a possible buffer overflow due to a missing ...) NOT-FOR-US: Unisoc CVE-2022-42755 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-42754 (In npu driver, there is a memory corruption due to a use after free. T ...) NOT-FOR-US: Unisoc CVE-2022-42753 (SalonERP version 3.0.2 allows an external attacker to steal the cookie ...) NOT-FOR-US: SalonERP CVE-2022-42752 RESERVED CVE-2022-42751 (CandidATS version 3.0.0 allows an external attacker to elevate privile ...) NOT-FOR-US: CandidATS CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal the cooki ...) NOT-FOR-US: CandidATS CVE-2022-42749 (CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows a ...) NOT-FOR-US: CandidATS CVE-2022-42748 (CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, ...) NOT-FOR-US: CandidATS CVE-2022-42747 (CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows ...) NOT-FOR-US: CandidATS CVE-2022-42746 (CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, all ...) NOT-FOR-US: CandidATS CVE-2022-42745 (CandidATS version 3.0.0 allows an external attacker to read arbitrary ...) NOT-FOR-US: CandidATS CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform CRUD op ...) NOT-FOR-US: CandidATS CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to edit or a ...) NOT-FOR-US: deep-parse-json Nodejs module CVE-2022-42742 REJECTED CVE-2022-42741 REJECTED CVE-2022-42740 REJECTED CVE-2022-42739 REJECTED CVE-2022-42738 REJECTED CVE-2022-42737 REJECTED CVE-2022-42736 RESERVED CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Lemon8 App CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-3450 (Use after free in Peer Connection in Google Chrome prior to 106.0.5249 ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-3449 (Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.1 ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-3448 (Use after free in Permissions API in Google Chrome prior to 106.0.5249 ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-3447 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-3446 (Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.11 ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowe ...) {DSA-5253-1} - chromium 106.0.5249.119-1 [buster] - chromium (see DSA 5046) CVE-2022-42735 (Improper Privilege Management vulnerability in Apache Software Foundat ...) NOT-FOR-US: Apache ShenYu CVE-2022-42734 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42733 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-42732 (A vulnerability has been identified in syngo Dynamics (All versions < ...) NOT-FOR-US: syngo Dynamics CVE-2022-3444 (Insufficient data validation in File System API in Google Chrome prior ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html CVE-2022-3443 (Insufficient data validation in File System API in Google Chrome prior ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...) NOT-FOR-US: Crealogix EBICS CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.) - rdiffweb (bug #969974) CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...) NOT-FOR-US: django-mfa2 CVE-2022-42730 RESERVED CVE-2022-42729 RESERVED CVE-2022-42728 RESERVED CVE-2022-42727 RESERVED CVE-2022-42726 RESERVED CVE-2022-42725 (Warpinator through 1.2.14 allows access outside of an intended directo ...) NOT-FOR-US: Warpinator CVE-2022-42724 (app/Controller/UsersController.php in MISP before 2.4.164 allows attac ...) NOT-FOR-US: MISP CVE-2022-42723 RESERVED CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in the Lin ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the mac80211 sta ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSID elem ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown CVE-2022-42718 (Incorrect default permissions in the installation folder for NI LabVIE ...) NOT-FOR-US: NI LabVIEW CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...) NOT-FOR-US: Hashicorp Packer CVE-2022-42716 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...) NOT-FOR-US: Arm Mali GPU Kernel Driver CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the ...) NOT-FOR-US: REDCap CVE-2022-42714 RESERVED CVE-2022-42713 RESERVED CVE-2022-42712 RESERVED CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application ...) NOT-FOR-US: Progress WhatsUp Gold CVE-2022-42710 (Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.3 ...) NOT-FOR-US: Nice Linear eMerge E3-Series CVE-2022-42709 RESERVED CVE-2022-42708 RESERVED CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...) - mahara CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...) {DSA-5358-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6 CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...) {DSA-5358-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2 CVE-2022-42704 (A cross-site scripting (XSS) vulnerability in Employee Service Center ...) NOT-FOR-US: Employee Service Center CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba within t ...) {DSA-5647-1 DSA-5287-1 DLA-3792-1 DLA-3206-1} - samba 2:4.16.6+dfsg-1 - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15134 NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j NOTE: https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3 (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49 (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1) NOTE: https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1) NOTE: In scope for continued Samba support NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 CVE-2021-46845 RESERVED CVE-2020-36606 RESERVED CVE-2019-25077 RESERVED CVE-2022-42703 (mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free relat ...) - linux 5.19.11-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/2555283eb40df89945557273121e9393ef9b542b (6.0-rc4) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2351 NOTE: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html CVE-2022-3436 (A vulnerability classified as critical was found in SourceCodester Web ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing permission valida ...) NOT-FOR-US: OpenHarmony CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...) NOT-FOR-US: OpenHarmony CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication bypass vul ...) NOT-FOR-US: OpenHarmony CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...) NOT-FOR-US: OpenHarmony CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...) {DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 [buster] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern@kernel.org/T/#u CVE-2022-42697 RESERVED CVE-2022-42696 RESERVED CVE-2022-42695 RESERVED CVE-2022-42694 RESERVED CVE-2022-42693 RESERVED CVE-2022-42692 RESERVED CVE-2022-42691 RESERVED CVE-2022-42690 RESERVED CVE-2022-42689 RESERVED CVE-2022-42688 RESERVED CVE-2022-42687 RESERVED CVE-2022-42686 RESERVED CVE-2022-42685 RESERVED CVE-2022-42684 RESERVED CVE-2022-42683 RESERVED CVE-2022-42682 RESERVED CVE-2022-42681 RESERVED CVE-2022-42680 RESERVED CVE-2022-42679 RESERVED CVE-2022-42678 RESERVED CVE-2022-42677 RESERVED CVE-2022-42676 RESERVED CVE-2022-42675 RESERVED CVE-2022-42674 RESERVED CVE-2022-42673 RESERVED CVE-2022-42672 RESERVED CVE-2022-42671 RESERVED CVE-2022-42670 RESERVED CVE-2022-42669 RESERVED CVE-2022-42668 RESERVED CVE-2022-42667 RESERVED CVE-2022-42666 RESERVED CVE-2022-42665 RESERVED CVE-2022-42664 RESERVED CVE-2022-42663 RESERVED CVE-2022-42662 RESERVED CVE-2022-42661 RESERVED CVE-2022-42660 RESERVED CVE-2022-42659 RESERVED CVE-2022-42658 RESERVED CVE-2022-42657 RESERVED CVE-2022-42656 RESERVED CVE-2022-42655 RESERVED CVE-2022-42654 RESERVED CVE-2022-42653 RESERVED CVE-2022-42652 RESERVED CVE-2022-42651 RESERVED CVE-2022-42650 RESERVED CVE-2022-42649 RESERVED CVE-2022-42648 RESERVED CVE-2022-42647 RESERVED CVE-2022-42646 RESERVED CVE-2022-42645 RESERVED CVE-2022-42644 RESERVED CVE-2022-42643 RESERVED CVE-2022-42642 RESERVED CVE-2022-42641 RESERVED CVE-2022-42640 RESERVED CVE-2022-42639 RESERVED CVE-2022-42638 RESERVED CVE-2022-42637 RESERVED CVE-2022-42636 RESERVED CVE-2022-42635 RESERVED CVE-2022-42634 RESERVED CVE-2022-42633 RESERVED CVE-2022-42632 RESERVED CVE-2022-42631 RESERVED CVE-2022-42630 RESERVED CVE-2022-42629 RESERVED CVE-2022-42628 RESERVED CVE-2022-42627 RESERVED CVE-2022-42626 RESERVED CVE-2022-42625 RESERVED CVE-2022-42624 RESERVED CVE-2022-42623 RESERVED CVE-2022-42622 RESERVED CVE-2022-42621 RESERVED CVE-2022-42620 RESERVED CVE-2022-42619 RESERVED CVE-2022-42618 RESERVED CVE-2022-42617 RESERVED CVE-2022-42616 RESERVED CVE-2022-42615 RESERVED CVE-2022-42614 RESERVED CVE-2022-42613 RESERVED CVE-2022-42612 RESERVED CVE-2022-42611 RESERVED CVE-2022-42610 RESERVED CVE-2022-42609 RESERVED CVE-2022-42608 RESERVED CVE-2022-42607 RESERVED CVE-2022-42606 RESERVED CVE-2022-42605 RESERVED CVE-2022-42604 RESERVED CVE-2022-42603 RESERVED CVE-2022-42602 RESERVED CVE-2022-42601 RESERVED CVE-2022-42600 RESERVED CVE-2022-42599 RESERVED CVE-2022-42598 RESERVED CVE-2022-42597 RESERVED CVE-2022-42596 RESERVED CVE-2022-42595 RESERVED CVE-2022-42594 RESERVED CVE-2022-42593 RESERVED CVE-2022-42592 RESERVED CVE-2022-42591 RESERVED CVE-2022-42590 RESERVED CVE-2022-42589 RESERVED CVE-2022-42588 RESERVED CVE-2022-42587 RESERVED CVE-2022-42586 RESERVED CVE-2022-42585 RESERVED CVE-2022-42584 RESERVED CVE-2022-42583 RESERVED CVE-2022-42582 RESERVED CVE-2022-42581 RESERVED CVE-2022-42580 RESERVED CVE-2022-42579 RESERVED CVE-2022-42578 RESERVED CVE-2022-42577 RESERVED CVE-2022-42576 RESERVED CVE-2022-42575 RESERVED CVE-2022-42574 RESERVED CVE-2022-42573 RESERVED CVE-2022-42572 RESERVED CVE-2022-42571 RESERVED CVE-2022-42570 RESERVED CVE-2022-42569 RESERVED CVE-2022-42568 RESERVED CVE-2022-42567 RESERVED CVE-2022-42566 RESERVED CVE-2022-42565 RESERVED CVE-2022-42564 RESERVED CVE-2022-42563 RESERVED CVE-2022-42562 RESERVED CVE-2022-42561 RESERVED CVE-2022-42560 RESERVED CVE-2022-42559 RESERVED CVE-2022-42558 RESERVED CVE-2022-42557 RESERVED CVE-2022-42556 RESERVED CVE-2022-42555 RESERVED CVE-2022-42554 RESERVED CVE-2022-42553 RESERVED CVE-2022-42552 RESERVED CVE-2022-42551 RESERVED CVE-2022-42550 RESERVED CVE-2022-42549 RESERVED CVE-2022-42548 RESERVED CVE-2022-42547 RESERVED CVE-2022-42546 RESERVED CVE-2022-42545 RESERVED CVE-2022-42544 (In getView of AddAppNetworksFragment.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2022-42541 (Remote code execution) NOT-FOR-US: Google Chromecast CVE-2022-42540 (Elevation of privilege) NOT-FOR-US: Google Chromecast CVE-2022-42539 (Information disclosure) NOT-FOR-US: Google Chromecast CVE-2022-42538 (Elevation of privilege) NOT-FOR-US: Google Chromecast CVE-2022-42537 (Remote code execution) NOT-FOR-US: Google Chromecast CVE-2022-42536 (Remote code execution) NOT-FOR-US: Google Chromecast CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access to restr ...) NOT-FOR-US: Android CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible ...) NOT-FOR-US: Android CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a possible out ...) NOT-FOR-US: Google Pixel CVE-2022-42532 (In Pixel firmware, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2022-42531 (In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation by ...) NOT-FOR-US: Android CVE-2022-42530 (In Pixel firmware, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID: A-235292841Referen ...) NOT-FOR-US: Android CVE-2022-42528 (In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic ...) NOT-FOR-US: Android CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a m ...) NOT-FOR-US: Android CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2022-42525 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2022-42524 (In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2022-42523 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2022-42522 (In DoSetCarrierConfig of miscservice.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-42521 (In encode of wlandata.cpp, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2022-42520 (In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a ...) NOT-FOR-US: Android CVE-2022-42519 (In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, ther ...) NOT-FOR-US: Android CVE-2022-42518 (In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a p ...) NOT-FOR-US: Android CVE-2022-42517 (In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2022-42516 (In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderl ...) NOT-FOR-US: Android CVE-2022-42515 (In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there ...) NOT-FOR-US: Android CVE-2022-42514 (In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there ...) NOT-FOR-US: Android CVE-2022-42513 (In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, ...) NOT-FOR-US: Android CVE-2022-42512 (In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible o ...) NOT-FOR-US: Android CVE-2022-42511 (In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2022-42510 (In StringsRequestData::encode of requestdata.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2022-42509 (In CallDialReqData::encode of callreqdata.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2022-42508 (In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, ther ...) NOT-FOR-US: Android CVE-2022-42507 (In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.c ...) NOT-FOR-US: Android CVE-2022-42506 (In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2022-42505 (In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbu ...) NOT-FOR-US: Android CVE-2022-42504 (In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a po ...) NOT-FOR-US: Android CVE-2022-42503 (In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmisc ...) NOT-FOR-US: Android CVE-2022-42502 (In FacilityLock::Parse of simdata.cpp, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of bounds writ ...) NOT-FOR-US: Android CVE-2022-42500 (In OEM_OnRequest of sced.cpp, there is a possible shell command execut ...) NOT-FOR-US: Android CVE-2022-42499 (In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2022-42498 (In Pixel cellular firmware, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON input. ...) - haskell-aeson 2.0.3.0-1 (bug #1009678) [bullseye] - haskell-aeson (Minor issue) [buster] - haskell-aeson (Minor issue) [stretch] - haskell-aeson (Minor issue) NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability NOTE: https://github.com/haskell/aeson/issues/864 NOTE: https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697 (v2.0.1.0) CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing proces ...) NOT-FOR-US: Lenovo CVE-2022-3431 (A potential vulnerability in a driver used during manufacturing proces ...) NOT-FOR-US: Lenovo CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...) NOT-FOR-US: Lenovo CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m binary o ...) NOT-FOR-US: Siretta CVE-2022-42492 (Several OS command injection vulnerabilities exist in the m2m binary o ...) NOT-FOR-US: Siretta CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m binary o ...) NOT-FOR-US: Siretta CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m binary o ...) NOT-FOR-US: Siretta CVE-2022-42484 (An OS command injection vulnerability exists in the httpd logs/view.cg ...) NOT-FOR-US: FreshTomato CVE-2022-42483 RESERVED CVE-2022-42482 RESERVED CVE-2022-42481 RESERVED CVE-2022-42478 (An Improper Restriction of Excessive Authentication Attempts [CWE-307] ...) NOT-FOR-US: Fortinet CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...) NOT-FOR-US: Fortinet CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) NOT-FOR-US: Fortinet CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122]in FortiOS SSL-VPN ...) NOT-FOR-US: FortiOS SSL-VPN CVE-2022-42474 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) NOT-FOR-US: Fortinet CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...) NOT-FOR-US: FortiGuard CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...) NOT-FOR-US: Fortinet CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) NOT-FOR-US: FortiGuard CVE-2022-42470 (A relative path traversal vulnerability in Fortinet FortiClient (Windo ...) NOT-FOR-US: Fortinet CVE-2022-42469 (A permissive list of allowed inputs vulnerability [CWE-183] in FortiGa ...) NOT-FOR-US: Fortinet CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...) {DSA-5384-1 DLA-3382-1} [experimental] - openimageio 2.4.7.1+dfsg-1 - openimageio 2.4.7.1+dfsg-2 (bug #1027808) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635 NOTE: https://github.com/OpenImageIO/oiio/pull/3625 NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...) NOT-FOR-US: Siretta CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643 NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118 NOTE: https://github.com/OpenImageIO/oiio/pull/3632 CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...) {DSA-5384-1 DLA-3518-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41632 RESERVED CVE-2022-41630 RESERVED CVE-2022-41154 (A directory traversal vulnerability exists in the m2m DELETE_FILE cmd ...) NOT-FOR-US: Siretta CVE-2022-40222 (An OS command injection vulnerability exists in the m2m DELETE_FILE cm ...) NOT-FOR-US: Siretta CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.cgi fun ...) NOT-FOR-US: FreshTomato CVE-2022-38091 RESERVED CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...) NOT-FOR-US: Lenovo CVE-2022-3428 RESERVED CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: Corner Ad plugin for WordPress CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...) NOT-FOR-US: WordPress plugin CVE-2022-3424 (A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU dri ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.4-1 (unimportant) [bullseye] - linux 5.10.178-1 NOTE: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/ NOTE: https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc NOTE: SGI_GRU not enabled in any Debian kernel CVE-2022-3423 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: nocodb CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) NOT-FOR-US: ToolJet CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...) NOT-FOR-US: Drive for Desktop MacOS CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 3.4.0 do ...) NOT-FOR-US: WordPress plugin CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote ...) NOT-FOR-US: Apache Flume CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...) NOT-FOR-US: Apache Isis CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...) NOT-FOR-US: Apache Isis CVE-2022-42458 (Authentication bypass using an alternate path or channel vulnerability ...) NOT-FOR-US: bingo!CMS CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...) NOT-FOR-US: Bluespice extension CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...) NOT-FOR-US: Bluespice extension CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKey' ver ...) NOT-FOR-US: Android App 'IIJ SmartKey' CVE-2022-41814 (Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extens ...) NOT-FOR-US: Bluespice extension CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...) NOT-FOR-US: installer of Content Transfer (for Windows) CVE-2022-41789 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...) NOT-FOR-US: Bluespice skin CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...) NOT-FOR-US: Bluespice skin CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...) NOT-FOR-US: WordPress plugin CVE-2022-3417 (The WPtouch WordPress plugin before 4.3.45 unserialises the content of ...) NOT-FOR-US: WordPress plugin CVE-2022-3416 (The WPtouch WordPress plugin before 4.3.45 does not properly validate ...) NOT-FOR-US: WordPress plugin CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) NOT-FOR-US: SourceCodester Web-Based Student Clearance System CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...) - gitlab 15.10.8+ds1-2 CVE-2022-3412 RESERVED CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - gitlab 15.10.8+ds1-2 CVE-2022-3410 RESERVED CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...) NOT-FOR-US: OpenBMC CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and the de ...) NOT-FOR-US: Motorola CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...) NOT-FOR-US: Generex CS141 CVE-2022-42456 RESERVED CVE-2022-42455 (ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b ...) NOT-FOR-US: ASUS CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...) NOT-FOR-US: HCL CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...) NOT-FOR-US: HCL CVE-2022-42452 (HCL Launch is vulnerable to HTML injection. HTML code is stored and in ...) NOT-FOR-US: HCL CVE-2022-42451 (Certain credentials within the BigFix Patch Management Download Plug-i ...) NOT-FOR-US: HCL CVE-2022-42450 RESERVED CVE-2022-42449 RESERVED CVE-2022-42448 RESERVED CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...) NOT-FOR-US: HCL CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...) NOT-FOR-US: HCL CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...) NOT-FOR-US: HCL CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2022-42443 (An undisclosed issue in Trusteer iOS SDK for mobile versions prior to ...) NOT-FOR-US: IBM CVE-2022-42442 (IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 2 ...) NOT-FOR-US: IBM CVE-2022-42441 RESERVED CVE-2022-42440 RESERVED CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...) NOT-FOR-US: IBM CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows ...) NOT-FOR-US: IBM CVE-2022-42437 RESERVED CVE-2022-42436 (IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could a ...) NOT-FOR-US: IBM CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0. ...) NOT-FOR-US: IBM CVE-2022-42433 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-42432 (This vulnerability allows local attackers to disclose sensitive inform ...) - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 (6.0-rc7) CVE-2022-42431 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Tesla vehicles CVE-2022-42430 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Tesla vehicles CVE-2022-42429 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42428 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42427 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42426 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42425 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42424 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-42423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42422 RESERVED CVE-2022-42421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42420 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42419 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42418 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42417 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42416 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42415 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42414 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42413 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42412 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42411 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42410 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42409 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42408 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42407 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42406 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42405 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42404 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42403 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42402 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42401 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42400 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42399 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42398 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42397 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42396 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42395 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42394 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42393 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42392 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42391 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42390 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42389 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42388 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42387 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42386 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42385 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42384 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42383 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42382 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42381 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42380 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42379 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42378 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42377 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42376 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42375 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42374 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42373 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42372 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42371 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42370 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42369 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-42368 RESERVED CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42365 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42364 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42363 RESERVED CVE-2022-42362 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42361 RESERVED CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42359 RESERVED CVE-2022-42358 RESERVED CVE-2022-42357 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42356 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42355 RESERVED CVE-2022-42354 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42353 RESERVED CVE-2022-42352 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42350 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42349 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42348 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42347 RESERVED CVE-2022-42346 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42345 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-42340 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-42339 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-42338 REJECTED CVE-2022-42337 REJECTED CVE-2022-42336 (Mishandling of guest SSBD selection on AMD hardware The current logic ...) - xen 4.17.1+2-gb773c48e36-1 (bug #1036298) [bullseye] - xen (Vulnerable code not present) [buster] - xen (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/05/16/5 NOTE: https://xenbits.xen.org/xsa/advisory-431.html CVE-2022-42335 (x86 shadow paging arbitrary pointer dereference In environments where ...) - xen 4.17.1+2-gb773c48e36-1 (bug #1034842) [bullseye] - xen (Vulnerable code not present) [buster] - xen (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/04/25/1 NOTE: https://xenbits.xen.org/xsa/advisory-430.html CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...) {DSA-5378-1} - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2 NOTE: https://xenbits.xen.org/xsa/advisory-428.html CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...) {DSA-5378-1} - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2 NOTE: https://xenbits.xen.org/xsa/advisory-428.html CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments where ho ...) {DSA-5378-1} - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1 NOTE: https://xenbits.xen.org/xsa/advisory-427.html CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an oversig ...) {DSA-5378-1} - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) [buster] - xen (DSA 4677-1) NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3 NOTE: https://xenbits.xen.org/xsa/advisory-429.html CVE-2022-42330 (Guests can cause Xenstore crash via soft reset When a guest issues a " ...) - xen 4.17.0+24-g2f8851c37f-2 (bug #1029830) [bullseye] - xen (Only affects 4.17) [buster] - xen (Only affects 4.17) NOTE: https://xenbits.xen.org/xsa/advisory-425.html CVE-2022-42329 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://xenbits.xen.org/xsa/advisory-424.html NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5 CVE-2022-42328 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.12-1 [bullseye] - linux 5.10.158-1 NOTE: https://xenbits.xen.org/xsa/advisory-424.html NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5 CVE-2022-42327 (x86: unintended memory sharing between guests On Intel systems that su ...) - xen 4.16.2+90-g0d39a6d1ae-1 [bullseye] - xen (Vulnerable code introduced later in 4.16) [buster] - xen (Vulnerable code introduced later in 4.16) NOTE: https://xenbits.xen.org/xsa/advisory-412.html CVE-2022-42326 (Xenstore: Guests can create arbitrary number of nodes via transactions ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-421.html CVE-2022-42325 (Xenstore: Guests can create arbitrary number of nodes via transactions ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-421.html CVE-2022-42324 (Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-420.html CVE-2022-42323 (Xenstore: Cooperating guests can create arbitrary numbers of nodes T[h ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-419.html CVE-2022-42322 (Xenstore: Cooperating guests can create arbitrary numbers of nodes T[h ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-419.html CVE-2022-42321 (Xenstore: Guests can crash xenstored via exhausting the stack Xenstore ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-418.html CVE-2022-42320 (Xenstore: Guests can get access to Xenstore nodes of deleted domains A ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-417.html CVE-2022-42319 (Xenstore: Guests can cause Xenstore to not free temporary memory When ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-416.html CVE-2022-42318 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42317 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42316 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42315 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42314 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42313 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42312 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42311 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-326.html CVE-2022-42310 (Xenstore: Guests can create orphaned Xenstore nodes By creating multip ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-415.html CVE-2022-42309 (Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-11 ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-414.html CVE-2022-42308 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...) NOT-FOR-US: Veritas CVE-2022-42307 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) NOT-FOR-US: Veritas CVE-2022-42306 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...) NOT-FOR-US: Veritas CVE-2022-42305 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) NOT-FOR-US: Veritas CVE-2022-42304 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) NOT-FOR-US: Veritas CVE-2022-42303 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) NOT-FOR-US: Veritas CVE-2022-42302 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) NOT-FOR-US: Veritas CVE-2022-42301 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) NOT-FOR-US: Veritas CVE-2022-42300 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) NOT-FOR-US: Veritas CVE-2022-42299 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) NOT-FOR-US: Veritas CVE-2022-42298 REJECTED CVE-2022-42297 REJECTED CVE-2022-42296 REJECTED CVE-2022-42295 REJECTED CVE-2022-42294 REJECTED CVE-2022-42293 REJECTED CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the NVContainer ...) NOT-FOR-US: NVIDIA CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the installer, w ...) NOT-FOR-US: NVIDIA CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42288 (NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthor ...) NOT-FOR-US: NVIDIA CVE-2022-42287 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42286 (DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code ...) NOT-FOR-US: NVIDIA CVE-2022-42285 (DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization ...) NOT-FOR-US: NVIDIA CVE-2022-42284 (NVIDIA BMC stores user passwords in an obfuscated form in a database a ...) NOT-FOR-US: NVIDIA CVE-2022-42283 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42282 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42281 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, w ...) NOT-FOR-US: NVIDIA CVE-2022-42280 (NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an ...) NOT-FOR-US: NVIDIA CVE-2022-42279 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42278 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42277 (NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, ...) NOT-FOR-US: NVIDIA CVE-2022-42276 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, whe ...) NOT-FOR-US: NVIDIA CVE-2022-42275 (NVIDIA BMC IPMI handler allows an unauthenticated host to write to a h ...) NOT-FOR-US: NVIDIA CVE-2022-42274 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42273 (NVIDIA BMC contains a vulnerability in libwebsocket, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42272 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42271 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) NOT-FOR-US: NVIDIA CVE-2022-42270 (NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_tas ...) NOT-FOR-US: NVIDIA CVE-2022-42269 (NVIDIA Trusted OS contains a vulnerability in an SMC call handler, whe ...) NOT-FOR-US: NVIDIA CVE-2022-42268 (Omniverse Kit contains a vulnerability in the reference applications C ...) NOT-FOR-US: NVIDIA CVE-2022-42267 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-42266 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-42265 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 515.86.01-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers (Only affects R515) [buster] - nvidia-graphics-drivers (Only affects R515) CVE-2022-42264 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42263 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42262 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) CVE-2022-42261 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) CVE-2022-42260 (NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) CVE-2022-42259 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42258 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42257 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42256 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42255 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42254 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-42253 RESERVED CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...) {DSA-5381-1 DLA-3384-1} - tomcat9 9.0.68-1 - tomcat8 NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq NOTE: https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77 (9.0.68) NOTE: https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a (8.5.83) CVE-2022-3406 RESERVED CVE-2022-3405 (Code execution and sensitive information disclosure due to excessive p ...) NOT-FOR-US: Acronis CVE-2022-3404 REJECTED CVE-2022-3403 REJECTED CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...) NOT-FOR-US: Log HTTP Requests plugin for WordPress CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code execution ...) NOT-FOR-US: Bricks theme for WordPress CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization bypass d ...) NOT-FOR-US: Bricks theme for WordPress CVE-2022-3399 RESERVED CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) NOT-FOR-US: OMRON CX-Programmer CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) NOT-FOR-US: OMRON CX-Programmer CVE-2022-3396 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) NOT-FOR-US: OMRON CX-Programmer CVE-2022-3395 (The WP All Export Pro WordPress plugin before 1.7.9 uses the contents ...) NOT-FOR-US: WordPress plugin CVE-2022-3394 (The WP All Export Pro WordPress plugin before 1.7.9 does not limit som ...) NOT-FOR-US: WordPress plugin CVE-2022-3393 (The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-3392 (The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3391 (The Retain Live Chat WordPress plugin through 0.1 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-42251 RESERVED CVE-2022-42250 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42249 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42248 (QlikView 12.60.2 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: QlikView CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: pfSense CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system adminis ...) NOT-FOR-US: Doufox CVE-2022-42245 (Dreamer CMS 4.0.01 is vulnerable to SQL Injection.) NOT-FOR-US: Dreamer CMS CVE-2022-42244 RESERVED CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42242 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42241 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42240 RESERVED CVE-2022-42239 RESERVED CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online Store v.1. ...) NOT-FOR-US: Merchandise Online Store CVE-2022-42237 (A SQL Injection issue in Merchandise Online Store v.1.0 allows an atta ...) NOT-FOR-US: Merchandise Online Store CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to injecti ...) NOT-FOR-US: Merchandise Online Store CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...) NOT-FOR-US: Student Clearance System CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...) NOT-FOR-US: UCMS CVE-2022-42233 (Tenda 11N with firmware version V5.07.33_cn suffers from an Authentica ...) NOT-FOR-US: Tenda CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42231 RESERVED CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution via pac ...) NOT-FOR-US: Wedding Planner CVE-2022-42228 RESERVED CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/json ...) NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint) CVE-2022-42226 RESERVED CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vu ...) NOT-FOR-US: Jumpserver CVE-2022-42224 RESERVED CVE-2022-42223 RESERVED CVE-2022-42222 RESERVED CVE-2022-42221 (Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, ...) NOT-FOR-US: Netgear CVE-2022-42220 RESERVED CVE-2022-42219 RESERVED CVE-2022-42218 (Open Source SACCO Management System v1.0 vulnerable to SQL Injection v ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-42217 RESERVED CVE-2022-42216 RESERVED CVE-2022-42215 RESERVED CVE-2022-42214 RESERVED CVE-2022-42213 RESERVED CVE-2022-42212 RESERVED CVE-2022-42211 RESERVED CVE-2022-42210 RESERVED CVE-2022-42209 RESERVED CVE-2022-42208 RESERVED CVE-2022-42207 RESERVED CVE-2022-42206 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2022-42205 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2022-42204 RESERVED CVE-2022-42203 RESERVED CVE-2022-42202 (TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to ...) NOT-FOR-US: TP-Link CVE-2022-42201 (Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure ...) NOT-FOR-US: Simple Exam Reviewer Management System CVE-2022-42200 (Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cr ...) NOT-FOR-US: Simple Exam Reviewer Management System CVE-2022-42199 (Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Sit ...) NOT-FOR-US: Simple Exam Reviewer Management System CVE-2022-42198 (In Simple Exam Reviewer Management System v1.0 the User List function ...) NOT-FOR-US: Simple Exam Reviewer Management System CVE-2022-42197 (In Simple Exam Reviewer Management System v1.0 the User List function ...) NOT-FOR-US: Simple Exam Reviewer Management System CVE-2022-42196 RESERVED CVE-2022-42195 RESERVED CVE-2022-42194 RESERVED CVE-2022-42193 RESERVED CVE-2022-42192 RESERVED CVE-2022-42191 RESERVED CVE-2022-42190 RESERVED CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (R ...) NOT-FOR-US: Emlog Pro CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...) NOT-FOR-US: Lavalite CMS CVE-2022-42187 (Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.) NOT-FOR-US: Hustoj CVE-2022-42186 RESERVED CVE-2022-42185 RESERVED CVE-2022-42184 RESERVED CVE-2022-42183 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side ...) NOT-FOR-US: Precisely Spectrum Spatial Analyst CVE-2022-42182 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Tr ...) NOT-FOR-US: Precisely Spectrum Spatial Analyst CVE-2022-42181 RESERVED CVE-2022-42180 RESERVED CVE-2022-42179 RESERVED CVE-2022-42178 RESERVED CVE-2022-42177 RESERVED CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...) NOT-FOR-US: PCTechSoft PCSecure CVE-2022-42175 (Insecure Direct Object Reference vulnerability in WHMCS module SolusVM ...) NOT-FOR-US: WHMCS module SolusVM CVE-2022-42174 RESERVED CVE-2022-42173 RESERVED CVE-2022-42172 RESERVED CVE-2022-42171 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42170 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42169 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42168 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42167 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42166 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42165 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42164 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42163 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) NOT-FOR-US: Tenda CVE-2022-42162 RESERVED CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...) NOT-FOR-US: D-Link CVE-2022-42160 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...) NOT-FOR-US: D-Link CVE-2022-42159 (D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable ...) NOT-FOR-US: D-Link CVE-2022-42158 RESERVED CVE-2022-42157 RESERVED CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command inject ...) NOT-FOR-US: D-Link CVE-2022-42155 RESERVED CVE-2022-42154 (An arbitrary file upload vulnerability in the component /apiadmin/uplo ...) NOT-FOR-US: 74cmsSE CVE-2022-42153 RESERVED CVE-2022-42152 RESERVED CVE-2022-42151 RESERVED CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnera ...) NOT-FOR-US: TinyLab linux-lab CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...) NOT-FOR-US: kkFileView CVE-2022-42148 RESERVED CVE-2022-42147 (kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via control ...) NOT-FOR-US: kkFileView CVE-2022-42146 RESERVED CVE-2022-42145 RESERVED CVE-2022-42144 RESERVED CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arbitra ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-42141 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scrip ...) NOT-FOR-US: Delta Electronics CVE-2022-42140 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injectio ...) NOT-FOR-US: Delta Electronics CVE-2022-42139 (Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injec ...) NOT-FOR-US: Delta Electronics CVE-2022-42138 RESERVED CVE-2022-42137 RESERVED CVE-2022-42136 (Authenticated mail users, under specific circumstances, could add file ...) NOT-FOR-US: MailEnable CVE-2022-42135 RESERVED CVE-2022-42134 RESERVED CVE-2022-42133 RESERVED CVE-2022-42132 (The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4. ...) NOT-FOR-US: Liferay CVE-2022-42131 (Certain Liferay products are affected by: Missing SSL Certificate Vali ...) NOT-FOR-US: Liferay CVE-2022-42130 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3. ...) NOT-FOR-US: Liferay CVE-2022-42129 (An Insecure direct object reference (IDOR) vulnerability in the Dynami ...) NOT-FOR-US: Liferay CVE-2022-42128 (The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3. ...) NOT-FOR-US: Liferay CVE-2022-42127 (The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, an ...) NOT-FOR-US: Liferay CVE-2022-42126 (The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, a ...) NOT-FOR-US: Liferay CVE-2022-42125 (Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 thr ...) NOT-FOR-US: Liferay CVE-2022-42124 (ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Lifera ...) NOT-FOR-US: Liferay CVE-2022-42123 (A Zip slip vulnerability in the Elasticsearch Connector in Liferay Por ...) NOT-FOR-US: Liferay CVE-2022-42122 (A SQL injection vulnerability in the Friendly Url module in Liferay Po ...) NOT-FOR-US: Liferay CVE-2022-42121 (A SQL injection vulnerability in the Layout module in Liferay Portal 7 ...) NOT-FOR-US: Liferay CVE-2022-42120 (A SQL injection vulnerability in the Fragment module in Liferay Portal ...) NOT-FOR-US: Liferay CVE-2022-42119 (Certain Liferay products are vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Liferay CVE-2022-42118 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...) NOT-FOR-US: Liferay CVE-2022-42117 (A Cross-site scripting (XSS) vulnerability in the Frontend Taglib modu ...) NOT-FOR-US: Frontend Taglib module in Liferay CVE-2022-42116 (A Cross-site scripting (XSS) vulnerability in the Frontend Editor modu ...) NOT-FOR-US: Frontend Editor module's integration with CKEditor in Liferay CVE-2022-42115 (Cross-site scripting (XSS) vulnerability in the Object module's edit o ...) NOT-FOR-US: module in Liferay CVE-2022-42114 (A Cross-site scripting (XSS) vulnerability in the Role module's edit r ...) NOT-FOR-US: module in Liferay CVE-2022-42113 (A Cross-site scripting (XSS) vulnerability in Document Library module ...) NOT-FOR-US: module in Liferay CVE-2022-42112 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...) NOT-FOR-US: module in Liferay CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module's use ...) NOT-FOR-US: Liferay CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...) NOT-FOR-US: Liferay CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online-shopping-system-advanced CVE-2022-42108 RESERVED CVE-2022-42107 RESERVED CVE-2022-42106 RESERVED CVE-2022-42105 RESERVED CVE-2022-42104 RESERVED CVE-2022-42103 RESERVED CVE-2022-42102 RESERVED CVE-2022-42101 RESERVED CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) NOT-FOR-US: KLiK SocialMediaWebsit CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) NOT-FOR-US: KLiK SocialMediaWebsit CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...) NOT-FOR-US: KLiK SocialMediaWebsite CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - backdrop (bug #914257) CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - backdrop (bug #914257) CVE-2022-42095 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - backdrop (bug #914257) CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) - backdrop (bug #914257) CVE-2022-42093 RESERVED CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) - backdrop (bug #914257) CVE-2022-42091 RESERVED CVE-2022-42090 RESERVED CVE-2022-42089 RESERVED CVE-2022-42088 RESERVED CVE-2022-42087 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...) NOT-FOR-US: Tenda CVE-2022-42086 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...) NOT-FOR-US: Tenda CVE-2022-42085 RESERVED CVE-2022-42084 RESERVED CVE-2022-42083 RESERVED CVE-2022-42082 RESERVED CVE-2022-42081 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) NOT-FOR-US: Tenda CVE-2022-42080 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) NOT-FOR-US: Tenda CVE-2022-42079 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) NOT-FOR-US: Tenda CVE-2022-42078 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...) NOT-FOR-US: Tenda CVE-2022-42077 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...) NOT-FOR-US: Tenda CVE-2022-42076 RESERVED CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to arbitrary code execution.) NOT-FOR-US: Wedding Planner CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42072 RESERVED CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers from a ...) NOT-FOR-US: Online Birth Certificate Management System CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is vulnerable t ...) NOT-FOR-US: Online Birth Certificate Management System CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers from a ...) NOT-FOR-US: Online Birth Certificate Management System CVE-2022-42068 RESERVED CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers from an ...) NOT-FOR-US: Online Birth Certificate Management System CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross site script ...) NOT-FOR-US: Online Examination System CVE-2022-42065 RESERVED CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote exploit tha ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-42063 RESERVED CVE-2022-42062 RESERVED CVE-2022-42061 RESERVED CVE-2022-42060 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) NOT-FOR-US: Tenda CVE-2022-42059 RESERVED CVE-2022-42058 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) NOT-FOR-US: Tenda CVE-2022-42057 RESERVED CVE-2022-42056 RESERVED CVE-2022-42055 (Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT De ...) NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System CVE-2022-42054 (Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet ...) NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System CVE-2022-42053 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) NOT-FOR-US: Tenda CVE-2022-42052 RESERVED CVE-2022-42051 RESERVED CVE-2022-42050 RESERVED CVE-2022-42049 RESERVED CVE-2022-42048 RESERVED CVE-2022-42047 RESERVED CVE-2022-42046 (wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary ...) NOT-FOR-US: HeavenBurnsRed CVE-2022-42045 (Certain Zemana products are vulnerable to Arbitrary code injection. Th ...) NOT-FOR-US: Zemana CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-asns CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI, included a pot ...) NOT-FOR-US: d8s-xml CVE-2022-42042 (The d8s-networking package for Python, as distributed on PyPI, include ...) NOT-FOR-US: d8s-networking CVE-2022-42041 (The d8s-file-system package for Python, as distributed on PyPI, includ ...) NOT-FOR-US: d8s-file-system CVE-2022-42040 (The d8s-algorithms package for Python, as distributed on PyPI, include ...) NOT-FOR-US: d8s-algorithms CVE-2022-42039 (The d8s-lists package for Python, as distributed on PyPI, included a p ...) NOT-FOR-US: d8s-lists CVE-2022-42038 (The d8s-ip-addresses package for Python, as distributed on PyPI, inclu ...) NOT-FOR-US: d8s-ip-addresses CVE-2022-42037 (The d8s-asns package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-asns CVE-2022-42036 (The d8s-urls package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-urls CVE-2022-42035 RESERVED CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution via use ...) NOT-FOR-US: Wedding Planner CVE-2022-42033 RESERVED CVE-2022-42032 RESERVED CVE-2022-42031 RESERVED CVE-2022-42030 RESERVED CVE-2022-42029 (Chamilo 1.11.16 is affected by an authenticated local file inclusion v ...) NOT-FOR-US: Chamilo LMS CVE-2022-42028 RESERVED CVE-2022-42027 RESERVED CVE-2022-42026 RESERVED CVE-2022-42025 RESERVED CVE-2022-42024 RESERVED CVE-2022-42023 RESERVED CVE-2022-42022 RESERVED CVE-2022-42021 (Best Student Result Management System v1.0 is vulnerable to SQL Inject ...) NOT-FOR-US: Best Student Result Management System CVE-2022-42020 RESERVED CVE-2022-42019 RESERVED CVE-2022-42018 RESERVED CVE-2022-42017 RESERVED CVE-2022-42016 RESERVED CVE-2022-42015 RESERVED CVE-2022-42014 RESERVED CVE-2022-42013 RESERVED CVE-2022-42012 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) {DSA-5250-1 DLA-3142-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44 CVE-2022-42011 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) {DSA-5250-1 DLA-3142-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69 CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) {DSA-5250-1 DLA-3142-1} - dbus 1.14.4-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916 CVE-2022-3390 RESERVED CVE-2022-42009 (SpringEL injection in the server agent in Apache Ambari version 2.7.0 ...) NOT-FOR-US: Apache Ambari CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.) - rdiffweb (bug #969974) CVE-2022-42008 RESERVED CVE-2022-42007 RESERVED CVE-2022-42006 RESERVED CVE-2022-42005 RESERVED CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource exhaustion can o ...) {DSA-5283-1 DLA-3207-1} - jackson-databind 2.14.0-1 NOTE: https://github.com/FasterXML/jackson-databind/issues/3582 NOTE: https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 (jackson-databind-2.13.4) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 CVE-2022-42003 (In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, ...) {DSA-5283-1 DLA-3207-1} - jackson-databind 2.14.0-1 NOTE: https://github.com/FasterXML/jackson-databind/issues/3590 NOTE: https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 (jackson-databind-2.14.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...) NOT-FOR-US: SonicJS CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628 NOTE: Prerequisite: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d NOTE: https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249 CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627 NOTE: https://github.com/OpenImageIO/oiio/pull/3628 CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD thumbnail ...) {DSA-5384-1 DLA-3518-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41684 (A heap out of bounds read vulnerability exists in the OpenImageIO mast ...) {DSA-5384-1 DLA-3518-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling of IPTC ...) {DSA-5384-1 DLA-3518-1} - openimageio 2.4.7.1+dfsg-2 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631 NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 NOTE: https://github.com/OpenImageIO/oiio/pull/3632 CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenImageIO ...) - openimageio 2.4.7.1+dfsg-2 (bug #1027143) [bullseye] - openimageio (The vulnerable code was introduced later) [buster] - openimageio (The vulnerable code was introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 NOTE: https://github.com/OpenImageIO/oiio/pull/3620 CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...) {DSA-5384-1 DLA-3382-1} - openimageio 2.3.21.0+dfsg-1 (bug #1027143) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 NOTE: https://github.com/OpenImageIO/oiio/pull/3624 CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro interface ...) NOT-FOR-US: MicroSCADA CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3384 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-3383 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...) NOT-FOR-US: HIWIN Robot System Software CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 buil ...) NOT-FOR-US: Scada-LTS CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...) NOT-FOR-US: RealVNC CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...) {DSA-5366-1 DLA-3250-1} - multipath-tools 0.9.4-1 (bug #1022742) NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2 NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/9acda0c47b143f2ef6123957d2ccd24ea995dc04 (0.7.0) NOTE: Fix included in https://github.com/opensvc/multipath-tools/pull/46 NOTE: Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2, CVE fix) NOTE: https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2) CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to ...) {DSA-5366-1 DLA-3250-1} - multipath-tools 0.9.4-1 (bug #1022742) NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2 NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/65d0a633e066223d361cd1a254ebdfe36a133a5c (0.7.7) NOTE: Fix included in https://github.com/opensvc/multipath-tools/pull/46 NOTE: Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2) NOTE: https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2, CVE fix) NOTE: https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2) NOTE: The fix for CVE-2022-41973 switches to use /run instead of /dev/shm which is a backward NOTE: incompatible change (which can be overriden but leaving CVE open). CVE-2022-41972 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2022-41971 (Nextcould Talk android is a video and audio conferencing app for Nextc ...) NOT-FOR-US: NextCloud Talk CVE-2022-41970 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) - nextcloud-server (bug #941708) CVE-2022-41969 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) - nextcloud-server (bug #941708) CVE-2022-41968 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) - nextcloud-server (bug #941708) CVE-2022-41967 (Dragonfly is a Java runtime dependency management library. Dragonfly v ...) NOT-FOR-US: Dragonfly CVE-2022-41966 (XStream serializes Java objects to XML and back again. Versions prior ...) {DSA-5315-1 DLA-3267-1} - libxstream-java 1.4.20-1 (bug #1027754) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv NOTE: https://x-stream.github.io/CVE-2022-41966.html NOTE: Fixed by: https://github.com/x-stream/xstream/commit/e9151f221b4969fb15b1e946d5d61dcdd459a391 (XSTREAM_1_4_20) CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...) NOT-FOR-US: Opencast CVE-2022-41964 (BigBlueButton is an open source web conferencing system. This vulnerab ...) NOT-FOR-US: BigBlueButton CVE-2022-41963 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-41962 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-41961 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-41960 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-41959 RESERVED CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...) NOT-FOR-US: super-xray CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...) NOT-FOR-US: Muhammara Nodejs module CVE-2022-41956 (Autolab is a course management service, initially developed by a team ...) NOT-FOR-US: Autolab CVE-2022-41955 (Autolab is a course management service, initially developed by a team ...) NOT-FOR-US: Autolab CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...) NOT-FOR-US: MPXJ CVE-2022-41953 (Git GUI is a convenient graphical tool that comes with Git for Windows ...) NOT-FOR-US: Git for Windows CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...) - matrix-synapse 1.53.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h NOTE: https://github.com/matrix-org/synapse/pull/11784 NOTE: https://github.com/matrix-org/synapse/pull/11936 NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue. CVE-2022-41951 (OroPlatform is a PHP Business Application Platform (BAP) designed to m ...) NOT-FOR-US: OroPlatform CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...) NOT-FOR-US: super-xray CVE-2022-41949 (DHIS 2 is an open source information system for data capture, manageme ...) NOT-FOR-US: DHIS CVE-2022-41948 (DHIS 2 is an open source information system for data capture, manageme ...) NOT-FOR-US: DHIS CVE-2022-41947 (DHIS 2 is an open source information system for data capture, manageme ...) NOT-FOR-US: DHIS CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected versions ...) {DLA-3218-1} - libpgjava 42.5.1-1 [bullseye] - libpgjava (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h NOTE: https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5 (REL42.5.1-rc1) CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...) NOT-FOR-US: super-xray CVE-2022-41944 (Discourse is an open-source discussion platform. In stable versions pr ...) NOT-FOR-US: Discourse CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...) NOT-FOR-US: Sourcegraph CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...) NOT-FOR-US: Sourcegraph CVE-2022-41941 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qqqm-7h6v-7cf4 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...) NOT-FOR-US: Engine.io CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) NOT-FOR-US: knative.dev/func CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) NOT-FOR-US: Flarum CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41935 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41934 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41933 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41932 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-41931 (xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Dir ...) NOT-FOR-US: XWiki CVE-2022-41930 (org.xwiki.platform:xwiki-platform-user-profile-ui is missing authoriza ...) NOT-FOR-US: XWiki CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing authorization in ...) NOT-FOR-US: XWiki CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directives in ...) NOT-FOR-US: XWiki CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...) NOT-FOR-US: XWiki CVE-2022-41926 (Nextcould talk android is the android OS implementation of the nextclo ...) NOT-FOR-US: Nextcould CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...) NOT-FOR-US: Tailscale CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...) NOT-FOR-US: Tailscale CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege escalati ...) NOT-FOR-US: Grails Spring Security Core plugin CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...) - yii (bug #597899) CVE-2022-41921 (Discourse is an open-source discussion platform. Prior to version 2.9. ...) NOT-FOR-US: Discourse CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...) NOT-FOR-US: Lancet CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) NOT-FOR-US: Fastify CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - opensearch (Fixed before initial upload to archive) CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) - opensearch (Fixed before initial upload to archive) CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...) {DSA-5287-1 DLA-3206-1} - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1) CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...) {DSA-5316-1 DLA-3268-1} - netty 1:4.1.48-6 (bug #1027180) NOTE: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp NOTE: Fixed by https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4 (netty-4.1.86.Final) CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...) NOT-FOR-US: Zulip CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...) NOT-FOR-US: Discourse plugin CVE-2022-41912 (The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...) - golang-github-crewjam-saml 0.4.10-1 (bug #1025187) NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g NOTE: https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b (v0.4.9) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2368 CVE-2022-41911 (TensorFlow is an open source platform for machine learning. When print ...) - tensorflow (bug #804612) CVE-2022-41910 (TensorFlow is an open source platform for machine learning. The functi ...) - tensorflow (bug #804612) CVE-2022-41909 (TensorFlow is an open source platform for machine learning. An input ` ...) - tensorflow (bug #804612) CVE-2022-41908 (TensorFlow is an open source platform for machine learning. An input ` ...) - tensorflow (bug #804612) CVE-2022-41907 (TensorFlow is an open source platform for machine learning. When `tf.r ...) - tensorflow (bug #804612) CVE-2022-41906 (OpenSearch Notifications is a notifications plugin for OpenSearch that ...) NOT-FOR-US: OpenSearch plugin CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI. Imple ...) NOT-FOR-US: WsgiDAV CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...) NOT-FOR-US: Element iOS CVE-2022-41903 (Git is distributed revision control system. `git log` can display comm ...) {DSA-5332-1 DLA-3282-1} - git 1:2.39.1-0.1 (bug #1029114) NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4 NOTE: https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2 NOTE: https://github.com/git/git/commit/81dc898df9b4b4035534a927f3234a3839b698bf NOTE: https://github.com/git/git/commit/b49f309aa16febeddb65e82526640a91bbba3be3 NOTE: https://github.com/git/git/commit/f6e0b9f38987ad5e47bab551f8760b70689a5905 NOTE: https://github.com/git/git/commit/1de69c0cdd388b0a5b7bdde0bfa0bda514a354b0 NOTE: https://github.com/git/git/commit/48050c42c73c28b0c001d63d11dffac7e116847b NOTE: https://github.com/git/git/commit/522cc87fdc25449222a5894a428eebf4b8d5eaa9 NOTE: https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d NOTE: https://github.com/git/git/commit/937b71cc8b5b998963a7f9a33312ba3549d55510 NOTE: https://github.com/git/git/commit/81c2d4c3a5ba0e6ab8c348708441fed170e63a82 NOTE: https://github.com/git/git/commit/f930a2394303b902e2973f4308f96529f736b8bc NOTE: https://github.com/git/git/commit/304a50adff6480ede46b68f7545baab542cbfb46 NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf CVE-2022-41902 (TensorFlow is an open source platform for machine learning. The functi ...) - tensorflow (bug #804612) CVE-2022-41901 (TensorFlow is an open source platform for machine learning. An input ` ...) - tensorflow (bug #804612) CVE-2022-41900 (TensorFlow is an open source platform for machine learning. The securi ...) - tensorflow (bug #804612) CVE-2022-41899 (TensorFlow is an open source platform for machine learning. Inputs `de ...) - tensorflow (bug #804612) CVE-2022-41898 (TensorFlow is an open source platform for machine learning. If `Sparse ...) - tensorflow (bug #804612) CVE-2022-41897 (TensorFlow is an open source platform for machine learning. If `Fracti ...) - tensorflow (bug #804612) CVE-2022-41896 (TensorFlow is an open source platform for machine learning. If `Thread ...) - tensorflow (bug #804612) CVE-2022-41895 (TensorFlow is an open source platform for machine learning. If `Mirror ...) - tensorflow (bug #804612) CVE-2022-41894 (TensorFlow is an open source platform for machine learning. The refere ...) - tensorflow (bug #804612) CVE-2022-41893 (TensorFlow is an open source platform for machine learning. If `tf.raw ...) - tensorflow (bug #804612) CVE-2022-41892 (Arches is a web platform for creating, managing, & visualizing geospat ...) NOT-FOR-US: Arches CVE-2022-41891 (TensorFlow is an open source platform for machine learning. If `tf.raw ...) - tensorflow (bug #804612) CVE-2022-41890 (TensorFlow is an open source platform for machine learning. If `BCast: ...) - tensorflow (bug #804612) CVE-2022-41889 (TensorFlow is an open source platform for machine learning. If a list ...) - tensorflow (bug #804612) CVE-2022-41888 (TensorFlow is an open source platform for machine learning. When runni ...) - tensorflow (bug #804612) CVE-2022-41887 (TensorFlow is an open source platform for machine learning. `tf.keras. ...) - tensorflow (bug #804612) CVE-2022-41886 (TensorFlow is an open source platform for machine learning. When `tf.r ...) - tensorflow (bug #804612) CVE-2022-41885 (TensorFlow is an open source platform for machine learning. When `tf.r ...) - tensorflow (bug #804612) CVE-2022-41884 (TensorFlow is an open source platform for machine learning. If a numpy ...) - tensorflow (bug #804612) CVE-2022-41883 (TensorFlow is an open source platform for machine learning. When ops t ...) - tensorflow (bug #804612) CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63 NOTE: https://github.com/nextcloud/desktop/pull/5039 NOTE: https://github.com/nextcloud/server/pull/34559 CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...) {DSA-5316-1 DLA-3268-1} - netty 1:4.1.48-6 (bug #1027180) NOTE: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v NOTE: Fixed by https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2 (netty-4.1.86.Final) CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...) - tensorflow (bug #804612) CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) {DLA-3654-1} - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) NOT-FOR-US: ezplatform-graphql CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows unauthent ...) NOT-FOR-US: Optica CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2022-41872 RESERVED CVE-2022-41871 RESERVED CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...) NOT-FOR-US: Innovaphone CVE-2022-41869 RESERVED CVE-2022-41868 RESERVED CVE-2022-41867 RESERVED CVE-2022-41866 RESERVED CVE-2022-41865 RESERVED CVE-2022-41864 RESERVED CVE-2022-41863 RESERVED CVE-2022-41862 (In PostgreSQL, a modified, unauthenticated server can send an untermin ...) - postgresql-15 15.2-1 - postgresql-13 [bullseye] - postgresql-13 13.10-0+deb11u1 - postgresql-11 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/postgresql-152-147-1310-1214-and-1119-released-2592/ NOTE: Fixed in 15.2, 14.7, 13.10, 12.14 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 (REL_12_14) NOTE: GSSAPI encryption support introduced in https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b0b39f72b9904bcb80f97b35837ccff1578aa4b8 (REL_12_BETA1) CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...) {DLA-3342-1} - freeradius 3.2.0+dfsg-1 [bullseye] - freeradius (Minor issue) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26) NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data") CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...) {DLA-3342-1} - freeradius 3.2.0+dfsg-1 [bullseye] - freeradius (Minor issue) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26) NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM") CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...) {DLA-3342-1} - freeradius 3.2.0+dfsg-1 [bullseye] - freeradius (Minor issue) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937 (release_3_0_26) CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...) - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 (5.18-rc2) CVE-2022-41857 REJECTED CVE-2022-41856 REJECTED CVE-2022-41855 REJECTED CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...) - snakeyaml 1.33-1 (unimportant) [buster] - snakeyaml 1.23-1+deb10u1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355 NOTE: No suitable for parsing untrusted YAML, see README.Debian.security CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...) {DSA-5313-1 DLA-3234-1} - hsqldb 2.7.1-1 (bug #1023573) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control NOTE: https://sourceforge.net/p/hsqldb/svn/6614/ CVE-2022-41852 REJECTED CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions < V11.1.1.0) ...) NOT-FOR-US: JTTK CVE-2022-41836 (When an 'Attack Signature False Positive Mode' enabled security policy ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41835 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41833 (In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::coll ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41832 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41813 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41806 (In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BI ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41800 (In all versions of BIG-IP, when running in Appliance mode, an authenti ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41787 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41780 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41770 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41694 (In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41691 (When a BIG-IP Advanced WAF/ASM security policy is configured on a virt ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41624 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41622 (In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site reque ...) NOT-FOR-US: F5 BIG-IP CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...) NOT-FOR-US: F5 BIG-IP CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...) NOT-FOR-US: WordPress plugin CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...) NOT-FOR-US: Horner Automation's Cscape CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...) NOT-FOR-US: Horner Automation's Cscape CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not proper ...) NOT-FOR-US: Horner Automation's Cscape CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb (bug #969974) CVE-2022-3375 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...) NOT-FOR-US: WordPress plugin CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allo ...) {DSA-5245-1} - chromium 106.0.5249.91-1 [buster] - chromium (see DSA 5046) CVE-2022-3372 (There is a CSRF vulnerability on Netman-204 version 02.05. An attacker ...) NOT-FOR-US: Netman-204 CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to 106.0.5249 ...) {DSA-5245-1} - chromium 106.0.5249.91-1 [buster] - chromium (see DSA 5046) CVE-2022-3369 (An Improper Access Control vulnerability in the bdservicehost.exe comp ...) NOT-FOR-US: Bitdefender CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...) NOT-FOR-US: Avira CVE-2021-46844 RESERVED CVE-2021-46843 RESERVED CVE-2021-46842 RESERVED CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak exists in A ...) NOT-FOR-US: Bento4 CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) NOT-FOR-US: Bento4 CVE-2022-41845 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) NOT-FOR-US: Bento4 CVE-2022-41844 (An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch( ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-41843 (An issue was discovered in Xpdf 4.04. There is a crash in convertToTyp ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-41842 (An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_F ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-41841 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) NOT-FOR-US: Bento4 CVE-2022-41829 RESERVED CVE-2022-41828 (In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or ...) NOT-FOR-US: Amazon AWS Redshift JDBC Driver CVE-2022-41827 RESERVED CVE-2022-41826 RESERVED CVE-2022-41825 RESERVED CVE-2022-41824 RESERVED CVE-2022-41823 RESERVED CVE-2022-41822 RESERVED CVE-2022-41821 RESERVED CVE-2022-41820 RESERVED CVE-2022-41819 RESERVED CVE-2022-41818 RESERVED CVE-2022-41817 RESERVED CVE-2022-41816 RESERVED CVE-2022-41815 RESERVED CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some ...) {DSA-5474-1 DLA-3537-1} - intel-microcode 3.20230808.1 (bug #1043305) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 CVE-2022-41803 RESERVED CVE-2022-41801 (Uncontrolled resource consumption in the Intel(R) Connect M Android ap ...) NOT-FOR-US: Intel CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4 (v5 ser ...) NOT-FOR-US: GROWI CVE-2022-41782 RESERVED CVE-2022-41771 (Incorrect permission assignment for critical resource in some Intel(R) ...) NOT-FOR-US: Intel CVE-2022-41769 (Improper access control in the Intel(R) Connect M Android application ...) NOT-FOR-US: Intel CVE-2022-41699 (Incorrect permission assignment for critical resource in some Intel(R) ...) NOT-FOR-US: Intel CVE-2022-41621 (Improper access control in some Intel(R) QAT drivers for Windows befor ...) NOT-FOR-US: Intel CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for Windows befor ...) NOT-FOR-US: Intel CVE-2022-38973 (Improper access control for some Intel(R) Arc(TM) graphics cards A770 ...) NOT-FOR-US: Intel CVE-2022-3367 RESERVED CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...) NOT-FOR-US: WordPress plugin CVE-2022-3365 RESERVED CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...) - rdiffweb (bug #969974) CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...) - rdiffweb (bug #969974) CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.3-1 [bullseye] - linux 5.10.158-1 NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has ...) {DLA-3245-1 DLA-3244-1} - linux 6.0.3-1 [bullseye] - linux 5.10.158-1 NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/ CVE-2022-41848 (drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 ...) - linux (unimportant) NOTE: https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270 NOTE: Negligible security impact, would need physical access to "exploit" CVE-2022-41812 REJECTED CVE-2022-41811 REJECTED CVE-2022-41810 REJECTED CVE-2022-41809 REJECTED CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41778 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41772 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41697 (A user enumeration vulnerability exists in the login functionality of ...) NOT-FOR-US: Ghost CMS CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41683 RESERVED CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41654 (An authentication bypass vulnerability exists in the newsletter subscr ...) NOT-FOR-US: Ghost CMS CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...) NOT-FOR-US: Daikin CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...) NOT-FOR-US: HEIDENHAIN Controller TNC 640 CVE-2022-41644 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of Haas ...) NOT-FOR-US: Haas Controller CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...) NOT-FOR-US: AliveCor CVE-2022-41613 (Bentley Systems MicroStation Connectversions 10.17.0.209 and prior a ...) NOT-FOR-US: Bentley CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-40981 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) NOT-FOR-US: DIAEnergie CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...) NOT-FOR-US: AliveCor Kardia App CVE-2022-40204 (A cross-site scripting (XSS) vulnerability exists in all current versi ...) NOT-FOR-US: Digital Alert Systems DASDEC software CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Device Ma ...) NOT-FOR-US: Delta Electronics CVE-2022-40201 (Bentley Systems MicroStation Connectversions 10.17.0.209 and prior a ...) NOT-FOR-US: Bentley CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...) NOT-FOR-US: SAUTER Controls moduWeb firmware CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...) NOT-FOR-US: Daikin CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) NOT-FOR-US: Delta Electronics CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directory tr ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...) NOT-FOR-US: WordPress plugin CVE-2022-3359 (The Shortcodes and extra features for Phlox theme WordPress plugin bef ...) NOT-FOR-US: WordPress plugin CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...) - openssl 3.0.7-1 (bug #1021620) [bullseye] - openssl (Only affects 3.x) [buster] - openssl (Only affects 3.x) NOTE: https://www.openssl.org/news/secadv/20221011.txt CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the c ...) NOT-FOR-US: WordPress plugin CVE-2022-3356 RESERVED CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...) NOT-FOR-US: inventree CVE-2022-41768 RESERVED CVE-2022-41767 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) {DSA-5246-1 DLA-3148-1} - mediawiki 1:1.35.8-1 NOTE: https://phabricator.wikimedia.org/T316304 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836891 CVE-2022-41766 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) - mediawiki (Vulnerable code not present, only affects 1.37 and later) NOTE: https://phabricator.wikimedia.org/T307278 CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) {DSA-5246-1 DLA-3148-1} - mediawiki 1:1.35.8-1 NOTE: https://phabricator.wikimedia.org/T309894 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892 CVE-2022-41764 RESERVED CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...) NOT-FOR-US: NOKIA AMS CVE-2022-41762 (An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS v ...) NOT-FOR-US: NOKIA CVE-2022-41761 (An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Travers ...) NOT-FOR-US: NOKIA CVE-2022-41760 (An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal ...) NOT-FOR-US: NOKIA CVE-2022-41759 RESERVED CVE-2022-41758 RESERVED CVE-2022-41757 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: Arm Mali GPU Kernel Driver CVE-2022-41756 RESERVED CVE-2022-41755 RESERVED CVE-2022-41754 RESERVED CVE-2022-41753 RESERVED CVE-2022-41752 RESERVED CVE-2022-41751 (Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by pl ...) {DSA-5294-1 DLA-3219-1} - jhead 1:3.06.0.1-3 (bug #1022028) NOTE: https://github.com/Matthias-Wandel/jhead/pull/57 NOTE: https://github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c NOTE: https://github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530 NOTE: Fixes are insufficient: https://github.com/Matthias-Wandel/jhead/issues/60 NOTE: https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062 NOTE: Further followup (bug #1023303): https://github.com/Matthias-Wandel/jhead/issues/65 CVE-2022-41750 RESERVED CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex One agent ...) NOT-FOR-US: Trend Micro CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex One Data ...) NOT-FOR-US: Trend Micro CVE-2022-41747 (An improper certification validation vulnerability in Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could allow an ...) NOT-FOR-US: Trend Micro CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One could al ...) NOT-FOR-US: Trend Micro CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) NOT-FOR-US: Trend Micro CVE-2022-41700 (Insecure inherited permissions in some Intel(R) NUC Pro Software Suite ...) NOT-FOR-US: Intel CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...) NOT-FOR-US: Intel CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...) NOT-FOR-US: Intel CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event Series A ...) NOT-FOR-US: Intel CVE-2022-40974 (Incomplete cleanup in the Intel(R) IPP Cryptography software before ve ...) NOT-FOR-US: Intel CVE-2022-40685 (Insufficiently protected credentials in the Intel(R) DCM software befo ...) NOT-FOR-US: Intel CVE-2022-40207 (Improper access control in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update ...) NOT-FOR-US: Intel CVE-2022-37410 RESERVED CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP Cryptography ...) NOT-FOR-US: Intel CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...) NOT-FOR-US: NGINX Plus CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...) {DSA-5281-1 DLA-3203-1} - nginx 1.22.1-1 NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1) NOTE: Only affects the nginx-extras binary package CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...) {DSA-5281-1 DLA-3203-1} - nginx 1.22.1-1 NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1) NOTE: Only affects the nginx-extras binary package CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow an att ...) NOT-FOR-US: IBM CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access ...) NOT-FOR-US: IBM CVE-2022-41738 (IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1 ...) NOT-FOR-US: IBM CVE-2022-41737 (IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1. ...) NOT-FOR-US: IBM CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5 ...) NOT-FOR-US: IBM CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through ...) NOT-FOR-US: IBM CVE-2022-41734 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote a ...) NOT-FOR-US: IBM CVE-2022-41733 (IBM InfoSphere Information Server 11.7 could allow a remote attacked t ...) NOT-FOR-US: IBM CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...) NOT-FOR-US: IBM CVE-2022-41731 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-41730 RESERVED CVE-2022-41729 RESERVED CVE-2022-41728 RESERVED CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...) - golang-golang-x-image 0.5.0-1 [bullseye] - golang-golang-x-image (Minor issue) [buster] - golang-golang-x-image (Limited support, minor issue, DoS) CVE-2022-41726 RESERVED CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...) - golang-1.20 1.20.1-1 [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E NOTE: https://go.dev/issue/58006 CVE-2022-41724 (Large handshake records may cause panics in crypto/tls. Both clients a ...) - golang-1.20 1.20.1-1 [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 (Vulnerable code introduced later) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E NOTE: https://go.dev/issue/58001 NOTE: https://github.com/golang/go/commit/66c58b946beaa38de35241c3f64ec358f5ad03f1 (master) NOTE: Introduced by: https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06 (go1.12beta1) NOTE: Introduced by: https://github.com/golang/go/commit/6435d0cfbf72f405f31430e60766add6d6762fe1 (go1.12beta1) CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ...) - golang-1.20 1.20.1-1 [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.7.0+dfsg-1 [bullseye] - golang-golang-x-net (Minor issue) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E NOTE: https://go.dev/issue/57855 CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on Windows. On ...) - golang-1.20 1.20.1-1 (unimportant) [experimental] - golang-1.19 1.19.6-1 - golang-1.19 1.19.6-2 (unimportant) - golang-1.15 (unimportant) - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E NOTE: Only affects code cross compiled on Debian for Windows binaries CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandler. Whe ...) - golang-golang-x-net 1:0.4.0+dfsg-1 [bullseye] - golang-golang-x-net (Vulnerable code not present) [buster] - golang-golang-x-net (Vulnerable code not present) NOTE: https://go-review.googlesource.com/c/net/+/447396 NOTE: https://github.com/golang/go/issues/56352 NOTE: https://pkg.go.dev/vuln/GO-2023-1495 NOTE: Fixed in https://go.googlesource.com/net/+/702349b0e8628371f0e5ba0c10407448d60a67b1 (v0.2.0) NOTE: Introduced in https://go.googlesource.com/net/+/1d687d428aca0546c0ca84160c8700ee521e9fb9 (v0.1.0) CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...) - golang-1.19 1.19.4-1 (unimportant) - golang-1.18 1.18.9-1 (unimportant) - golang-1.15 (unimportant) - golang-1.11 (unimportant) NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU NOTE: https://go.dev/issue/56694 NOTE: Only affects code cross compiled on Debian for Windows binaries CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...) NOT-FOR-US: shamaton/msgpack CVE-2022-41718 RESERVED CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server accepting ...) - golang-1.19 1.19.4-1 - golang-1.18 1.18.9-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.4.0+dfsg-1 [bullseye] - golang-golang-x-net (Minor issue) - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU NOTE: https://go.dev/issue/56350 NOTE: https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) NOTE: https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) NOTE: https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 (v0.4.0) CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to maliciously se ...) - golang-1.19 1.19.3-1 (unimportant) - golang-1.18 1.18.8-1 (unimportant) - golang-1.15 (unimportant) - golang-1.11 (unimportant) NOTE: https://go.dev/issue/56284 NOTE: https://go.dev/cl/446916 NOTE: https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ NOTE: Only affects code cross compiled on Debian for Windows binaries CVE-2022-41715 (Programs which compile regular expressions from untrusted sources may ...) - golang-1.19 1.19.2-1 - golang-1.18 1.18.7-1 - golang-1.17 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/55949 NOTE: https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2) NOTE: https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7) CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to edit or ...) NOT-FOR-US: fastest-json-copy Nodejs module CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to edit or ...) NOT-FOR-US: deep-object-diff Nodejs module CVE-2022-41712 (Frappe version 14.10.0 allows an external attacker to remotely obtain ...) NOT-FOR-US: Frappe Framework CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...) NOT-FOR-US: Badaso CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to remotely obta ...) NOT-FOR-US: Markdownify CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...) NOT-FOR-US: Markdownify CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) NOT-FOR-US: Relatedcode's Messenger CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) NOT-FOR-US: Relatedcode's Messenger CVE-2022-41706 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...) NOT-FOR-US: Browsershot CVE-2022-41705 (Badaso version 2.6.3 allows an unauthenticated remote attacker to exec ...) NOT-FOR-US: Badaso CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...) {DSA-5264-1 DLA-3169-1} - batik 1.16+dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1338 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904320 CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset allows ...) NOT-FOR-US: Apache Superset CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...) NOT-FOR-US: Intel CVE-2022-41689 (Improper access control in some Intel In-Band Manageability software b ...) NOT-FOR-US: Intel CVE-2022-41682 RESERVED CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...) NOT-FOR-US: Forma LMS CVE-2022-41680 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) NOT-FOR-US: Forma LMS CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scri ...) NOT-FOR-US: Forma LMS CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially trigger a ...) - activemq 5.17.6+dfsg-1 (unimportant) NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl NOTE: https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt CVE-2022-41677 (An information disclosure vulnerability was discovered in Bosch IP cam ...) NOT-FOR-US: Bosch CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) Profiler soft ...) NOT-FOR-US: Intel CVE-2022-41637 RESERVED CVE-2022-41626 RESERVED CVE-2022-41341 RESERVED CVE-2022-40689 RESERVED CVE-2022-40688 RESERVED CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...) NOT-FOR-US: Intel CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic Tool sof ...) NOT-FOR-US: Intel CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...) NOT-FOR-US: Open5GS CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack that affec ...) NOT-FOR-US: Hitachi CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614.) {DLA-3204-1} - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60 NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614) NOTE: Crash in CLI tool, no security impact CVE-2022-3351 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Only affects Gitlab EE) CVE-2022-3350 (The Contact Bank WordPress plugin through 3.0.30 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified ...) NOT-FOR-US: Sony CVE-2022-3348 (Just like in the previous report, an attacker could steal the account ...) NOT-FOR-US: ToolJet CVE-2021-46841 (This issue was addressed by using HTTPS when sending information over ...) NOT-FOR-US: Apple CVE-2022-41676 (Raiden MAILD Mail Server website mail field has insufficient filtering ...) NOT-FOR-US: Raiden MAILD Mail Server CVE-2022-41675 (A remote attacker with general user privilege can inject malicious cod ...) NOT-FOR-US: Raiden MAILD Mail Server CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers ...) {DSA-5257-1 DLA-3173-1} - linux 6.0.2-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown CVE-2022-41673 RESERVED CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...) - airflow (bug #819700) CVE-2022-41671 (A CWE-89: Improper Neutralization of Special Elements used in SQL Comm ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41670 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41669 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41668 (A CWE-704: Incorrect Project Conversion vulnerability exists that allo ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) NOT-FOR-US: Siemens CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41656 RESERVED CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...) NOT-FOR-US: WordPress plugin CVE-2022-41650 RESERVED CVE-2022-41647 RESERVED CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...) NOT-FOR-US: WordPress plugin CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...) NOT-FOR-US: WordPress plugin CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...) NOT-FOR-US: WordPress plugin CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) NOT-FOR-US: WordPress plugin CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...) NOT-FOR-US: Villatheme ALD CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability inSeoSamba for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...) NOT-FOR-US: WordPress plugin CVE-2022-41616 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...) NOT-FOR-US: WordPress plugin CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...) NOT-FOR-US: WordPress plugin CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...) - nomad (bug #1021670) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420 CVE-2022-41605 RESERVED CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...) NOT-FOR-US: Check Point ZoneAlarm Extreme Security CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41599 (The system service has a vulnerability that causes incorrect return va ...) NOT-FOR-US: Huawei CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41596 (The system tool has inconsistent serialization and deserialization. Su ...) NOT-FOR-US: Huawei CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) NOT-FOR-US: Huawei CVE-2022-41591 (The backup module has a path traversal vulnerability. Successful explo ...) NOT-FOR-US: Huawei CVE-2022-41590 (Some smartphones have authentication-related (including session manage ...) NOT-FOR-US: Huawei CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...) NOT-FOR-US: Huawei CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...) NOT-FOR-US: Huawei CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful exploitati ...) NOT-FOR-US: Huawei CVE-2022-41586 (The communication framework module has a vulnerability of not truncati ...) NOT-FOR-US: Huawei CVE-2022-41585 (The kernel module has an out-of-bounds read vulnerability.Successful e ...) NOT-FOR-US: Huawei CVE-2022-41584 (The kernel module has an out-of-bounds read vulnerability.Successful e ...) NOT-FOR-US: Huawei CVE-2022-41583 (The storage maintenance and debugging module has an array out-of-bound ...) NOT-FOR-US: Huawei CVE-2022-41582 (The security module has configuration defects.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...) NOT-FOR-US: Huawei CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...) NOT-FOR-US: Huawei CVE-2022-41579 (There is an insufficient authentication vulnerability in some Huawei b ...) NOT-FOR-US: Huawei CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...) NOT-FOR-US: Huawei CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...) NOT-FOR-US: Huawei CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...) NOT-FOR-US: Huawei CVE-2022-41575 (A credential-exposure vulnerability in the support-bundle mechanism in ...) NOT-FOR-US: Gradle Enterprise CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...) NOT-FOR-US: Gradle Enterprise CVE-2022-41573 RESERVED CVE-2022-41572 RESERVED CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local f ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthe ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-41569 RESERVED CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41155 (Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-41134 (Cross-Site Request Forgery (CSRF) inOptinlyHQ Optinly \u2013 Exit Inte ...) NOT-FOR-US: WordPress plugin CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2022-40975 (Missing Authorization vulnerability in Aazztech Post Slider.This issue ...) NOT-FOR-US: WordPress plugin CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...) NOT-FOR-US: Buffalo CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) NOT-FOR-US: WordPress plugin CVE-2022-40700 (Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio ...) NOT-FOR-US: WordPress plugin CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in3com ...) NOT-FOR-US: WordPress plugin CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...) NOT-FOR-US: WordPress plugin CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...) NOT-FOR-US: WordPress plugin CVE-2022-40218 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...) NOT-FOR-US: WordPress plugin CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...) NOT-FOR-US: WordPress plugin CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...) NOT-FOR-US: WordPress plugin CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pric ...) NOT-FOR-US: WordPress plugin CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...) NOT-FOR-US: WordPress plugin CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...) NOT-FOR-US: Buffalo CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability inCRM Perks Forms \ ...) NOT-FOR-US: CRM Perks CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email for Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...) NOT-FOR-US: WordPress plugin CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...) NOT-FOR-US: WordPress plugin CVE-2022-38055 RESERVED CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...) NOT-FOR-US: WordPress plugin CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...) NOT-FOR-US: WordPress plugin CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...) NOT-FOR-US: Buffalo CVE-2022-3347 (DNSSEC validation is not performed correctly. An attacker can cause th ...) NOT-FOR-US: goresolver CVE-2022-3346 (DNSSEC validation is not performed correctly. An attacker can cause th ...) NOT-FOR-US: goresolver CVE-2022-3345 RESERVED CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...) - linux 6.0.12-1 NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/ CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...) NOT-FOR-US: WordPress plugin CVE-2022-3342 (The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserializa ...) NOT-FOR-US: WordPress plugin CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...) {DLA-3454-1} - ffmpeg 7:5.1-1 [bullseye] - ffmpeg (Minor issue, wait until fixed in 4.3.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157054 NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e (n5.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/08f0a18c3488b2fb8297ebba3684792da8a6606e (n4.1.11) CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager prior t ...) NOT-FOR-US: Trellix IPS Manager CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...) NOT-FOR-US: Trellix ePolicy Orchestrator CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...) NOT-FOR-US: Trellix ePolicy Orchestrator CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP mobile cl ...) NOT-FOR-US: Cloudflare CVE-2022-3336 (The Event Monster WordPress plugin before 1.2.0 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...) NOT-FOR-US: WordPress plugin CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...) NOT-FOR-US: WordPress plugin CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...) NOT-FOR-US: WordPress plugin CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Food Ordering Management System CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Only affects EE) CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...) - gitlab 15.10.8+ds1-2 CVE-2022-3329 RESERVED CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa'sOSM \u2013 OpenStreetMap pl ...) NOT-FOR-US: MiKa CVE-2022-27628 (Cross-Site Request Forgery (CSRF) vulnerability inAA-TeamWZone \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) NOT-FOR-US: WordPress plugin CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...) NOT-FOR-US: Huawei CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...) NOT-FOR-US: Huawei CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure ...) NOT-FOR-US: Hitachi CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing an inva ...) NOT-FOR-US: LINE client for iOS CVE-2022-41567 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...) NOT-FOR-US: BusinessConnect UI component of TIBCO CVE-2022-41566 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) NOT-FOR-US: TIBCO CVE-2022-41565 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...) NOT-FOR-US: TIBCO CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIB ...) NOT-FOR-US: TIBCO CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...) NOT-FOR-US: TIBCO CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperRepor ...) NOT-FOR-US: TIBCO CVE-2022-41561 (The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperR ...) NOT-FOR-US: TIBCO CVE-2022-41560 (The Statement Set Upload via the Web Client component of TIBCO Softwar ...) NOT-FOR-US: TIBCO CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...) NOT-FOR-US: TIBCO CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...) NOT-FOR-US: TIBCO CVE-2022-41342 (Improper buffer restrictions in the Intel(R) C++ Compiler Classic befo ...) NOT-FOR-US: Intel CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...) NOT-FOR-US: Intel CVE-2022-40982 (Information exposure through microarchitectural state after transient ...) {DSA-5475-1 DSA-5474-1 DLA-3537-1 DLA-3525-1 DLA-3524-1} - linux 6.4.4-3 - intel-microcode 3.20230808.1 (bug #1043305) NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5 NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 NOTE: https://downfall.page/ CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Update To ...) NOT-FOR-US: Intel CVE-2022-40970 RESERVED CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) {DLA-3596-1} - firmware-nonfree (bug #1051892) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html NOTE: Fixed upstream in linux-firmware/20230804 CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...) NOT-FOR-US: Intel CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...) NOT-FOR-US: Intel CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for ...) NOT-FOR-US: Intel CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Co ...) NOT-FOR-US: Intel CVE-2022-3328 (Race condition in snap-confine's must_mkdir_and_open_with_perms()) {DSA-5292-1 DLA-3215-1} - snapd 2.57.6-1 NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6) NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6) NOTE: https://github.com/snapcore/snapd/commit/d9d8c2f6f6c0310bd10e3061030e8bf9e9e49949 (2.57.6) NOTE: https://github.com/snapcore/snapd/commit/1816f8dd9e33c252b6aa6c7e6205baa9161c2d4c (2.57.6) NOTE: https://github.com/snapcore/snapd/releases/tag/2.57.6 NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/2 CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...) - rdiffweb (bug #969974) CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb (bug #969974) CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) {DLA-3182-1} - vim 2:9.0.0626-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/ NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598) CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. The spe ...) NOT-FOR-US: Advantech iView CVE-2022-41557 RESERVED CVE-2022-41556 (A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 coul ...) {DSA-5243-1} - lighttpd 1.4.67-1 [buster] - lighttpd (vulnerable code inserted in lighttpd-1.4.55-211-gbcddbe18) NOTE: https://github.com/lighttpd/lighttpd1.4/pull/115 NOTE: Introduced by: https://github.com/lighttpd/lighttpd1.4/commit/bcddbe186f010e2964f7551141c0b8350b36817d (lighttpd-1.4.56-rc1) NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67) CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior to v22. ...) NOT-FOR-US: BookStack CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which, when enab ...) NOT-FOR-US: Cloudflare CVE-2022-3321 (It was possible to bypass Lock WARP switch feature https://developers ...) NOT-FOR-US: Cloudflare CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust Secure We ...) NOT-FOR-US: Cloudflare CVE-2022-3319 RESERVED CVE-2022-3318 (Use after free in ChromeOS Notifications in Google Chrome on ChromeOS ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3317 (Insufficient validation of untrusted input in Intents in Google Chrome ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3316 (Insufficient validation of untrusted input in Safe Browsing in Google ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3315 (Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowe ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3314 (Use after free in logging in Google Chrome prior to 106.0.5249.62 allo ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3313 (Incorrect security UI in full screen in Google Chrome prior to 106.0.5 ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3312 (Insufficient validation of untrusted input in VPN in Google Chrome on ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3311 (Use after free in import in Google Chrome prior to 106.0.5249.62 allow ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3310 (Insufficient policy enforcement in custom tabs in Google Chrome on And ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3309 (Use after free in assistant in Google Chrome on ChromeOS prior to 106. ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3308 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3307 (Use after free in media in Google Chrome prior to 106.0.5249.62 allowe ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3306 (Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5 ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3305 (Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5 ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3304 (Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed ...) {DSA-5244-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsystem du ...) {DSA-5257-1 DLA-3173-1} - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5) CVE-2022-3302 (The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...) - rdiffweb (bug #969974) CVE-2022-3300 (The Form Maker by 10Web WordPress plugin before 1.15.6 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2022-41553 (Insertion of Sensitive Information into Temporary File vulnerability i ...) NOT-FOR-US: Hitachi CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastruc ...) NOT-FOR-US: Hitachi CVE-2022-41551 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Garage Management System CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the ...) - libosip2 5.3.0-2.1 (bug #1021662) [bullseye] - libosip2 (Minor issue) [buster] - libosip2 (Minor issue) NOTE: https://savannah.gnu.org/bugs/?63103 NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=f77f16c832c3c37589c2b749f01b644dc44a55b5 CVE-2022-41549 RESERVED CVE-2022-41548 RESERVED CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovered to c ...) NOT-FOR-US: Mobile Security Framework CVE-2022-41546 RESERVED CVE-2022-41545 RESERVED CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...) NOT-FOR-US: GetSimple CMS CVE-2022-41543 RESERVED CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control.) NOT-FOR-US: devhub CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack b ...) NOT-FOR-US: TP-Link CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptog ...) NOT-FOR-US: TP-Link CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...) NOT-FOR-US: Wedding Planner CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...) NOT-FOR-US: Wedding Planner CVE-2022-41537 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41531 RESERVED CVE-2022-41530 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41529 RESERVED CVE-2022-41528 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41527 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41526 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41525 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2022-41524 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41523 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41522 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an u ...) NOT-FOR-US: TOTOLINK CVE-2022-41521 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41520 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) NOT-FOR-US: TOTOLINK CVE-2022-41519 RESERVED CVE-2022-41518 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...) NOT-FOR-US: TOTOLINK CVE-2022-41516 RESERVED CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Open Source SACCO Management System CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-41511 RESERVED CVE-2022-41510 RESERVED CVE-2022-41509 RESERVED CVE-2022-41508 RESERVED CVE-2022-41507 RESERVED CVE-2022-41506 RESERVED CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows physica ...) NOT-FOR-US: TP-Link CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...) NOT-FOR-US: Billing System Project CVE-2022-41503 RESERVED CVE-2022-41502 RESERVED CVE-2022-41501 RESERVED CVE-2022-41500 (EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request F ...) NOT-FOR-US: Eyoucms CVE-2022-41499 RESERVED CVE-2022-41498 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...) NOT-FOR-US: ClipperCMS CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...) NOT-FOR-US: iCMS CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...) NOT-FOR-US: ClipperCMS CVE-2022-41494 RESERVED CVE-2022-41493 RESERVED CVE-2022-41492 RESERVED CVE-2022-41491 RESERVED CVE-2022-41490 RESERVED CVE-2022-41489 (WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request F ...) NOT-FOR-US: WAYOS CVE-2022-41488 RESERVED CVE-2022-41487 RESERVED CVE-2022-41486 RESERVED CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41484 (Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buf ...) NOT-FOR-US: Tenda CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41482 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) NOT-FOR-US: Tenda CVE-2022-41479 (The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ...) NOT-FOR-US: DevExpress CVE-2022-41478 RESERVED CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Reques ...) NOT-FOR-US: WeBid CVE-2022-41476 RESERVED CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: RPCMS CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: RPCMS CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...) NOT-FOR-US: RPCMS CVE-2022-41472 (74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: 74cmsSE CVE-2022-41471 (74cmsSE v3.12.0 allows authenticated attackers with low-level privileg ...) NOT-FOR-US: 74cmsSE CVE-2022-41470 RESERVED CVE-2022-41469 RESERVED CVE-2022-41468 RESERVED CVE-2022-41467 RESERVED CVE-2022-41466 RESERVED CVE-2022-41465 RESERVED CVE-2022-41464 RESERVED CVE-2022-41463 RESERVED CVE-2022-41462 RESERVED CVE-2022-41461 RESERVED CVE-2022-41460 RESERVED CVE-2022-41459 RESERVED CVE-2022-41458 RESERVED CVE-2022-41457 RESERVED CVE-2022-41456 RESERVED CVE-2022-41455 RESERVED CVE-2022-41454 RESERVED CVE-2022-41453 RESERVED CVE-2022-41452 RESERVED CVE-2022-41451 RESERVED CVE-2022-41450 RESERVED CVE-2022-41449 RESERVED CVE-2022-41448 RESERVED CVE-2022-41447 RESERVED CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Management S ...) NOT-FOR-US: Record Management System CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...) NOT-FOR-US: Record Management System CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...) - cacti 1.2.22+ds1-1 [bullseye] - cacti (Minor issue) [buster] - cacti (Vulnerable code introduced later) NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/ccb8b62de0f27f59d5e6073c2ae577a9ca7adaf8 (release/1.2.22) NOTE: Introduced by: https://github.com/Cacti/cacti/commit/572a3654c7efdbf82ad540f163438a1ba7c4b8bf (release/1.2.6) CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...) - phpipam (bug #731713) CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS ...) NOT-FOR-US: PicUploader CVE-2022-41441 (Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 ...) NOT-FOR-US: ReQlogic CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Billing System Project CVE-2022-41438 RESERVED CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote code ex ...) NOT-FOR-US: Billing System Project CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to acc ...) NOT-FOR-US: OXHOO CVE-2022-41435 (OpenWRT LuCI version git-22.140.66206-02913be was discovered to contai ...) NOT-FOR-US: OpenWRT LuCI CVE-2022-41434 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-41433 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-41432 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...) NOT-FOR-US: xzs CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) NOT-FOR-US: Bento4 CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) NOT-FOR-US: Bento4 CVE-2022-41428 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) NOT-FOR-US: Bento4 CVE-2022-41427 (Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_A ...) NOT-FOR-US: Bento4 CVE-2022-41426 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) NOT-FOR-US: Bento4 CVE-2022-41425 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) NOT-FOR-US: Bento4 CVE-2022-41424 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) NOT-FOR-US: Bento4 CVE-2022-41423 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation i ...) NOT-FOR-US: Bento4 CVE-2022-41422 RESERVED CVE-2022-41421 RESERVED CVE-2022-41420 (nasm v2.16 was discovered to contain a stack overflow in the Ndisasm c ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392810 NOTE: Negligible security impact CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) NOT-FOR-US: Bento4 CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...) NOT-FOR-US: BlogEngine.NET CVE-2022-41417 (BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with " ...) NOT-FOR-US: BlogEngine.NET CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...) NOT-FOR-US: Acer CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) NOT-FOR-US: Liferay CVE-2022-41413 (perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Reques ...) NOT-FOR-US: perfSONAR CVE-2022-41412 (An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior ...) NOT-FOR-US: perfSONAR CVE-2022-41411 RESERVED CVE-2022-41410 RESERVED CVE-2022-41409 (Integer overflow vulnerability in pcre2test before 10.41 allows attack ...) - pcre2 10.42-1 (unimportant) NOTE: https://github.com/PCRE2Project/pcre2/issues/141 NOTE: https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 NOTE: Infinite loop in CLI tool, no security impact CVE-2022-41408 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Online Pet Shop CVE-2022-41407 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Online Pet Shop CVE-2022-41406 (An arbitrary file upload vulnerability in the /admin/admin_pic.php com ...) NOT-FOR-US: Church Management System CVE-2022-41405 RESERVED CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.ini4j ...) {DLA-3209-1} - ini4j 0.5.4-1 NOTE: https://sourceforge.net/p/ini4j/bugs/56/ CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL i ...) NOT-FOR-US: OpenCart plugin CVE-2022-41402 RESERVED CVE-2022-41401 (OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vul ...) - openrefine 3.6.1-1 NOTE: https://github.com/ixSly/CVE-2022-41401 NOTE: https://github.com/OpenRefine/OpenRefine/issues/4918 NOTE: https://github.com/OpenRefine/OpenRefine/commit/8cb2fec45dd90fda8ed9608c691f6bb8ed721cd2 (3.6-beta1) CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encryp ...) NOT-FOR-US: Sage CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version 2022 use ...) NOT-FOR-US: Sage CVE-2022-41398 (The optional Global Search feature for Sage 300 through version 2022 u ...) NOT-FOR-US: Sage CVE-2022-41397 (The optional Web Screens and Global Search features for Sage 300 throu ...) NOT-FOR-US: Sage CVE-2022-41396 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) NOT-FOR-US: Tenda CVE-2022-41395 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) NOT-FOR-US: Tenda CVE-2022-41394 RESERVED CVE-2022-41393 RESERVED CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) NOT-FOR-US: TotalJS CMS CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: OcoMon CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: OcoMon CVE-2022-41389 RESERVED CVE-2022-41388 RESERVED CVE-2022-41387 (The d8s-pdfs package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-pdfs CVE-2022-41386 (The d8s-utility package for Python, as distributed on PyPI, included a ...) NOT-FOR-US: d8s-utility CVE-2022-41385 (The d8s-html package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-html CVE-2022-41384 (The d8s-domains package for Python, as distributed on PyPI, included a ...) NOT-FOR-US: d8s-domains CVE-2022-41383 (The d8s-archives package for Python, as distributed on PyPI, included ...) NOT-FOR-US: d8s-archives CVE-2022-41382 (The d8s-json package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-json CVE-2022-41381 (The d8s-utility package for Python, as distributed on PyPI, included a ...) NOT-FOR-US: d8s-utility CVE-2022-41380 (The d8s-yaml package for Python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-yaml CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) NOT-FOR-US: Online Leave Management System CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-41376 (Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross- ...) NOT-FOR-US: Metro UI CVE-2022-41375 RESERVED CVE-2022-41374 RESERVED CVE-2022-41373 RESERVED CVE-2022-41372 RESERVED CVE-2022-41371 RESERVED CVE-2022-41370 RESERVED CVE-2022-41369 RESERVED CVE-2022-41368 RESERVED CVE-2022-41367 RESERVED CVE-2022-41366 RESERVED CVE-2022-41365 RESERVED CVE-2022-41364 RESERVED CVE-2022-41363 RESERVED CVE-2022-41362 RESERVED CVE-2022-41361 RESERVED CVE-2022-41360 RESERVED CVE-2022-41359 RESERVED CVE-2022-41358 (A stored cross-site scripting (XSS) vulnerability in Garage Management ...) NOT-FOR-US: Garage Management System CVE-2022-41357 RESERVED CVE-2022-41356 RESERVED CVE-2022-41355 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-41354 (An access control issue in Argo CD v2.4.12 and below allows unauthenti ...) NOT-FOR-US: ArgoCD CVE-2022-41353 RESERVED CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...) NOT-FOR-US: Zimbra CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, on ...) NOT-FOR-US: Zimbra CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail ...) NOT-FOR-US: Zimbra CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose acce ...) NOT-FOR-US: Zimbra CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) NOT-FOR-US: Zimbra CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...) NOT-FOR-US: Zimbra CVE-2022-41346 RESERVED NOT-FOR-US: Mediawiki extension OAuth CVE-2022-41345 RESERVED NOT-FOR-US: Mediawiki extension Translate CVE-2022-41344 RESERVED NOT-FOR-US: Mediawiki extension PageTriage CVE-2022-40984 (Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from ...) NOT-FOR-US: WTViewerE CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...) NOT-FOR-US: Open5GS CVE-2022-3298 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...) - php-dompdf (Vulnerable code introduced later) NOTE: https://github.com/dompdf/dompdf/issues/2994 NOTE: https://github.com/dompdf/dompdf/pull/2995 NOTE: https://github.com/dompdf/dompdf/releases/tag/v2.0.1 NOTE: https://tantosec.com/blog/cve-2022-41343/ CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the web user i ...) NOT-FOR-US: IPFire CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...) NOT-FOR-US: Node secp256k1-js CVE-2022-41339 (In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, th ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-41338 RESERVED CVE-2022-41337 RESERVED CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579.) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c NOTE: https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (v9.0.0579) NOTE: Crash in CLI tool, no security impact CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577) NOTE: Crash in CLI tool, no security impact CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3294 (Users may have access to secure endpoints in the control plane network ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3293 (Email addresses were leaked in WebHook logs in GitLab EE affecting all ...) - gitlab (Only affects Gitlab EE) CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...) - rdiffweb (bug #969974) CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-41335 (A relative path traversal vulnerability[CWE-23] in Fortinet FortiOS ve ...) NOT-FOR-US: Fortinet CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...) NOT-FOR-US: Fortinet CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...) NOT-FOR-US: Fortinet CVE-2022-41332 RESERVED CVE-2022-41331 (A missing authentication for critical function vulnerability [CWE-306] ...) NOT-FOR-US: Fortinet CVE-2022-41330 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: Fortinet CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortinet CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...) NOT-FOR-US: Fortinet CVE-2022-41327 (A cleartext transmission of sensitive information vulnerability [CWE-3 ...) NOT-FOR-US: Fortinet CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...) - gitlab (Only affects Gitlab EE) CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) - rdiffweb (bug #969974) CVE-2022-3289 RESERVED CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all versions pri ...) - gitlab 15.10.8+ds1-2 CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...) - fwupd 1.8.5-1 [bullseye] - fwupd (Minor issue) [buster] - fwupd (Vulnerable code introduced in 1.7.0) NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5) CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...) - gitlab (Only affects Gitlab EE) CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...) - gitlab 15.10.8+ds1-2 CVE-2022-3284 (Download key for a file in a vault was passed in an insecure way that ...) NOT-FOR-US: M-Files CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...) NOT-FOR-US: Mitel CVE-2022-41325 (An integer overflow in the VNC module in VideoLAN VLC Media Player thr ...) {DSA-5297-1 DLA-3216-1} - vlc 3.0.18-1 NOTE: https://www.videolan.org/security/sb-vlc3018.html NOTE: https://code.videolan.org/videolan/vlc/-/issues/27335 CVE-2022-41324 RESERVED CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...) {DSA-5254-1} - python-django 3:3.2.16-1 [buster] - python-django (Vulnerable code not present) NOTE: https://www.djangoproject.com/weblog/2022/oct/04/security-releases/ NOTE: https://www.openwall.com/lists/oss-security/2022/10/04/2 NOTE: https://github.com/django/django/commit/e5ea2842941967f06cefa10865f303b39c95279f (main) NOTE: https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25 (4.1.2) NOTE: https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924 (3.2.16) CVE-2022-41321 RESERVED CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a network desti ...) NOT-FOR-US: Veritas System Recovery (VSR) CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the Verit ...) NOT-FOR-US: Veritas CVE-2022-41316 (HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth metho ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...) NOT-FOR-US: WAGO CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from 10.1 prio ...) - gitlab 15.10.8+ds1-2 CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...) - gitlab 15.10.8+ds1-2 CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/ NOTE: https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e (v9.0.0552) NOTE: Crash in CLI toool, no security impact CVE-2023-3637 (An uncontrolled resource consumption flaw was found in openstack-neutr ...) - neutron (Fix for CVE-2022-3277 not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222270 CVE-2022-3277 (An uncontrolled resource consumption flaw was found in openstack-neutr ...) - neutron (bug #1027150) [bookworm] - neutron (Minor issue) [bullseye] - neutron (Minor issue) [buster] - neutron (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193 NOTE: When fixing this issue this might open CVE-2023-3637 if fixed incompletely. CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...) - node-hoek 9.0.3+~5.0.0+~4.0.0-1 [buster] - node-hoek (Vulnerable code not present) NOTE: https://github.com/hapijs/hoek/issues/352 NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3) CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to ...) - puppet-module-puppetlabs-mysql 15.0.0-1 (bug #1027154) [bookworm] - puppet-module-puppetlabs-mysql (Minor issue) [bullseye] - puppet-module-puppetlabs-mysql (Minor issue) [buster] - puppet-module-puppetlabs-mysql (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2022-3276 NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0) NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0) NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/6f531ad85c22ceeb5076347e6998e1d25b056dfd (v13.0.0) NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/e70e7fd130aaa2fe1cefe4ccb628b304ad3c180a (v13.0.0) CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module prior to ve ...) - puppet-module-puppetlabs-apt 9.0.1-1 (bug #1023625) [bullseye] - puppet-module-puppetlabs-apt (Minor issue) [buster] - puppet-module-puppetlabs-apt (Minor issue, rare condition, follow buster status) NOTE: https://puppet.com/security/cve/CVE-2022-3275 NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb (v9.0.0) CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3273 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) - rdiffweb (bug #969974) CVE-2022-3271 RESERVED CVE-2022-3270 (In multiple products by Festo a remote unauthenticated attacker could ...) NOT-FOR-US: Festo CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.) - rdiffweb (bug #969974) CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca prior ...) NOT-FOR-US: minarca CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This results ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-3266 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266 CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...) - kitty 0.21.2-2 (bug #1020582) [bullseye] - kitty (Minor issue) [buster] - kitty (Minor issue) NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2) CVE-2022-41318 (A buffer over-read was discovered in libntlmauth in Squid 2.5 through ...) {DSA-5258-1 DLA-3151-1} - squid 5.7-1 (bug #1020586) - squid3 NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7) CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5. ...) {DSA-5258-1 DLA-3151-1} - squid 5.7-1 (bug #1020587) - squid3 NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7) CVE-2022-41313 (A stored cross-site scripting vulnerability exists in the web applicat ...) NOT-FOR-US: Moxa CVE-2022-41312 (A stored cross-site scripting vulnerability exists in the web applicat ...) NOT-FOR-US: Moxa CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web applicat ...) NOT-FOR-US: Moxa CVE-2022-40691 (An information disclosure vulnerability exists in the web application ...) NOT-FOR-US: Moxa CVE-2022-40214 REJECTED CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - gitlab 15.10.8+ds1-2 CVE-2022-3264 RESERVED CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-41309 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) NOT-FOR-US: Autodesk CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) NOT-FOR-US: Autodesk CVE-2022-41306 (A maliciously crafted PCT file when consumed through DesignReview.exe ...) NOT-FOR-US: Autodesk CVE-2022-41305 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) NOT-FOR-US: Autodesk CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version ...) NOT-FOR-US: Autodesk CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. ...) NOT-FOR-US: Autodesk CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) NOT-FOR-US: Autodesk CVE-2022-41300 RESERVED CVE-2022-41299 (IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to ...) NOT-FOR-US: IBM CVE-2022-41298 RESERVED CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...) NOT-FOR-US: IBM CVE-2022-41296 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...) NOT-FOR-US: IBM CVE-2022-41295 RESERVED CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21. ...) NOT-FOR-US: IBM CVE-2022-41293 RESERVED CVE-2022-41292 RESERVED CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) NOT-FOR-US: IBM CVE-2022-41290 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-41289 RESERVED CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) NOT-FOR-US: Siemens CVE-2022-41277 RESERVED CVE-2022-41276 RESERVED CVE-2022-41275 (In SAP SolutionManager (Enterprise Search) -versions 740, and 750, an ...) NOT-FOR-US: SAP CVE-2022-41274 (SAP Disclosure Management - version 10.1, allows an authenticated atta ...) NOT-FOR-US: SAP CVE-2022-41273 (Due to improper input sanitization in SAP Sourcing and SAP Contract Li ...) NOT-FOR-US: SAP CVE-2022-41272 (An unauthenticated attacker over the network can attach to an open int ...) NOT-FOR-US: SAP CVE-2022-41271 (An unauthenticated user can attach to an open interface exposed throug ...) NOT-FOR-US: SAP CVE-2022-41270 RESERVED CVE-2022-41269 RESERVED CVE-2022-41268 (In some SAP standard roles in SAP Business Planning and Consolidation ...) NOT-FOR-US: SAP CVE-2022-41267 (SAP Business Objects Platform - versions 420, and 430, allows an attac ...) NOT-FOR-US: SAP CVE-2022-41266 (Due to a lack of proper input validation, SAP Commerce Webservices 2.0 ...) NOT-FOR-US: SAP CVE-2022-41265 RESERVED CVE-2022-41264 (Due to the unrestricted scope of the RFC function module, SAP BASIS - ...) NOT-FOR-US: SAP CVE-2022-41263 (Due to a missing authentication check, SAP Business Objects Business I ...) NOT-FOR-US: SAP CVE-2022-41262 (Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Prov ...) NOT-FOR-US: SAP CVE-2022-41261 (SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an auth ...) NOT-FOR-US: SAP CVE-2022-41260 (SAP Financial Consolidation - version 1010, does not sufficiently enco ...) NOT-FOR-US: SAP CVE-2022-41259 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...) NOT-FOR-US: SAP CVE-2022-41258 (Due to insufficient input validation, SAP Financial Consolidation - ve ...) NOT-FOR-US: SAP CVE-2022-41257 RESERVED CVE-2022-41256 RESERVED CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...) NOT-FOR-US: Mitel CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...) NOT-FOR-US: OpenText Archive Center Administration CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...) NOT-FOR-US: Moxa CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...) NOT-FOR-US: Measuresoft ScadaPro Server CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...) NOT-FOR-US: OpenShift CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show plain-text pas ...) NOTE: Permission management for logfiles is under the local administrator's purview CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...) NOT-FOR-US: Openshift CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...) NOT-FOR-US: Openshift CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: HYPR Workforce Access CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...) - mattermost-server (bug #823556) CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530.) {DLA-3204-1} - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3 NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530) NOTE: Crash in CLI tool, no security impact CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...) NOT-FOR-US: pimcore CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...) NOT-FOR-US: Jenkins plugin CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-41253 (A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT P ...) NOT-FOR-US: Jenkins plugin CVE-2022-41252 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-41251 (A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-41250 (A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2022-41249 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpC ...) NOT-FOR-US: Jenkins plugin CVE-2022-41248 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the B ...) NOT-FOR-US: Jenkins plugin CVE-2022-41247 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda ...) NOT-FOR-US: Jenkins plugin CVE-2022-41246 (A missing permission check in Jenkins Worksoft Execution Manager Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-41245 (A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft ...) NOT-FOR-US: Jenkins plugin CVE-2022-41244 (Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perfor ...) NOT-FOR-US: Jenkins plugin CVE-2022-41243 (Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname v ...) NOT-FOR-US: Jenkins plugin CVE-2022-41242 (A missing permission check in Jenkins extreme-feedback Plugin 1.7 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-41241 (Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser t ...) NOT-FOR-US: Jenkins plugin CVE-2022-41240 (Jenkins Walti Plugin 1.0.1 and earlier does not escape the information ...) NOT-FOR-US: Jenkins plugin CVE-2022-41239 (Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub us ...) NOT-FOR-US: Jenkins plugin CVE-2022-41238 (A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-41237 (Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML p ...) NOT-FOR-US: Jenkins plugin CVE-2022-41236 (A cross-site request forgery (CSRF) vulnerability in Jenkins Security ...) NOT-FOR-US: Jenkins plugin CVE-2022-41235 (Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functiona ...) NOT-FOR-US: Jenkins plugin CVE-2022-41234 (Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to t ...) NOT-FOR-US: Jenkins plugin CVE-2022-41233 (Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifac ...) NOT-FOR-US: Jenkins plugin CVE-2022-41232 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Pub ...) NOT-FOR-US: Jenkins plugin CVE-2022-41231 (Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with ...) NOT-FOR-US: Jenkins plugin CVE-2022-41230 (Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a per ...) NOT-FOR-US: Jenkins plugin CVE-2022-41229 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and e ...) NOT-FOR-US: Jenkins plugin CVE-2022-41228 (A missing permission check in Jenkins NS-ND Integration Performance Pu ...) NOT-FOR-US: Jenkins plugin CVE-2022-41227 (A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Int ...) NOT-FOR-US: Jenkins plugin CVE-2022-41226 (Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2022-41225 (Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2022-41224 (Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips ...) - jenkins CVE-2022-41220 (md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a d ...) NOT-FOR-US: md2roff CVE-2022-41219 RESERVED CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.4-1 NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/ NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4 NOTE: https://git.kernel.org/linus/fd3d91ab1c6ab0628fe642dd570b56302c30a792 CVE-2022-41217 (Cloudflow contains a unauthenticated file upload vulnerability, which ...) NOT-FOR-US: Cloudflow CVE-2022-41216 (Local File Inclusion vulnerability within Cloudflow allows attackers t ...) NOT-FOR-US: Cloudflow CVE-2022-41215 (SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated ...) NOT-FOR-US: SAP CVE-2022-41214 (Due to insufficient input validation, SAP NetWeaver Application Server ...) NOT-FOR-US: SAP CVE-2022-41213 RESERVED CVE-2022-41212 (Due to insufficient input validation, SAP NetWeaver Application Server ...) NOT-FOR-US: SAP CVE-2022-41211 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41210 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...) NOT-FOR-US: SAP CVE-2022-41209 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...) NOT-FOR-US: SAP CVE-2022-41208 (Due to insufficient input validation, SAP Financial Consolidation - ve ...) NOT-FOR-US: SAP CVE-2022-41207 (SAP Biller Direct allows an unauthenticated attacker to craft a legiti ...) NOT-FOR-US: SAP CVE-2022-41206 (SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) ...) NOT-FOR-US: SAP CVE-2022-41205 (SAP GUI allows an authenticated attacker to execute scripts in the loc ...) NOT-FOR-US: SAP CVE-2022-41204 (An attacker can change the content of an SAP Commerce - versions 1905, ...) NOT-FOR-US: SAP CVE-2022-41203 (In some workflow of SAP BusinessObjects BI Platform (Central Managemen ...) NOT-FOR-US: SAP CVE-2022-41202 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41201 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41200 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41199 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41198 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41197 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41196 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41195 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41194 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41193 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41192 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41191 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41190 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41189 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41188 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41187 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41186 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41185 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41184 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41183 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41182 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41181 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41180 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41179 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41178 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41177 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41176 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41175 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41174 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41173 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41172 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41171 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41170 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41169 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41168 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41167 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-41166 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-41165 RESERVED CVE-2022-41164 RESERVED CVE-2022-41163 RESERVED CVE-2022-41162 RESERVED CVE-2022-41161 RESERVED CVE-2022-41160 RESERVED CVE-2022-41159 RESERVED CVE-2022-41158 (Remote code execution vulnerability can be achieved by using cookie va ...) NOT-FOR-US: eyoom CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution) has a ...) NOT-FOR-US: Kyungrinara CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...) NOT-FOR-US: OndiskPlayerAgent CVE-2022-41153 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange CVE-2022-41152 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41151 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41150 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41149 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41148 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41147 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41146 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange CVE-2022-41145 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange CVE-2022-41144 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41143 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange CVE-2022-41142 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-41141 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Windscribe CVE-2022-41140 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...) - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant) - qtdeclarative-opensource-src (unimportant) - qtdeclarative-opensource-src-gles (unimportant) NOTE: Not considered a security issue, QML only supported from a trusted source NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650 NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos NOTE: https://bugreports.qt.io/browse/QTBUG-107619 NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921 CVE-2022-40693 (A cleartext transmission vulnerability exists in the web application f ...) NOT-FOR-US: Moxa CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...) {DLA-3173-1} - linux 5.14.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2347 NOTE: https://git.kernel.org/linus/97113eb39fa7972722ff490b947d8af023e1f6a2 (5.14-rc1) CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gi ...) NOT-FOR-US: MITRE CALDERA CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...) - zutty 0.13.0.20220910.112547+dfsg1-1 NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13) CVE-2022-41137 RESERVED CVE-2022-40704 (A XSS vulnerability was found in phoromatic_r_add_test_details.php in ...) - phoronix-test-suite CVE-2022-40208 (In Moodle, insufficient limitations in some quiz web services made it ...) - moodle CVE-2022-38066 (An OS command injection vulnerability exists in the httpd SNMP functio ...) NOT-FOR-US: Siretta CVE-2022-3253 RESERVED CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO Extras ...) NOT-FOR-US: Swift (different from src:swift) CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) NOT-FOR-US: minarca CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) - rdiffweb (bug #969974) CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not enforce ...) NOT-FOR-US: OpenShift CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...) NOT-FOR-US: microweber CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not h ...) NOT-FOR-US: WordPress plugin CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not p ...) NOT-FOR-US: WordPress plugin CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...) NOT-FOR-US: microweber CVE-2022-3241 (The Build App Online WordPress plugin before 1.0.19 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on G ...) NOT-FOR-US: ebuild package for Logcheck on Gentoo CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...) NOT-FOR-US: ebuild package for SmokePing on Gentoo CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...) NOT-FOR-US: ebuild package for SmokePing on Gentoo CVE-2022-41131 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Airflow Hive provider CVE-2022-41130 RESERVED CVE-2022-41129 RESERVED CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On ...) NOT-FOR-US: Microsoft CVE-2022-41126 RESERVED CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41124 RESERVED CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41118 (Windows Scripting Languages Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41117 RESERVED CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-41115 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41112 RESERVED CVE-2022-41111 RESERVED CVE-2022-41110 RESERVED CVE-2022-41109 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41108 RESERVED CVE-2022-41107 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41106 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41105 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41104 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41103 (Microsoft Word Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41102 (Windows Overlay Filter Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41101 (Windows Overlay Filter Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41100 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-41099 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41098 (Windows GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41097 (Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vul ...) NOT-FOR-US: Microsoft CVE-2022-41096 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41094 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-41087 RESERVED CVE-2022-41086 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41084 RESERVED CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41075 RESERVED CVE-2022-41074 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41072 RESERVED CVE-2022-41071 RESERVED CVE-2022-41070 RESERVED CVE-2022-41069 RESERVED CVE-2022-41068 RESERVED CVE-2022-41067 RESERVED CVE-2022-41066 (Microsoft Business Central Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41065 RESERVED CVE-2022-41064 (.NET Framework Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41063 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41062 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41061 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41060 (Microsoft Word Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41059 RESERVED CVE-2022-41058 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-41057 (Windows HTTP.sys Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41056 (Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-41055 (Windows Human Interface Device Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41054 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-41053 (Windows Kerberos Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41052 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41050 (Windows Extensible File Allocation Table Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-41049 (Windows Mark of the Web Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41048 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41047 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41046 RESERVED CVE-2022-41045 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-41044 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41041 RESERVED CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41039 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability) - nuget (Vulnerable code not present) NOTE: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032 NOTE: https://github.com/NuGet/NuGet.Client/commit/3c1bf9decc8a114c091a6164c42f524ae2bb1e21 (6.3.1.1) CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2022-41030 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41029 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41028 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41027 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41026 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41025 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41024 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41023 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41022 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41021 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41020 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41019 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41018 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41017 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41016 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41015 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41014 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41013 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41012 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41011 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41010 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41009 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41008 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41007 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41006 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41005 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41004 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41003 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41002 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41001 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-41000 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40999 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40998 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40997 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40996 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40995 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40994 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40993 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40992 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40991 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40990 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40989 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40988 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40987 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40986 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40985 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) NOT-FOR-US: Siretta CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...) NOT-FOR-US: Trend Micro CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables of "pas ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...) NOT-FOR-US: installer of JetBrains IntelliJ IDEA CVE-2022-40977 (A path traversal vulnerability was discovered in Pilz PASvisu Server b ...) NOT-FOR-US: Pilz PASvisu Server CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz product ...) NOT-FOR-US: Pilz CVE-2022-40969 (An os command injection vulnerability exists in the httpd delfile.cgi ...) NOT-FOR-US: Siretta CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40962 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40962 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40962 CVE-2022-40961 (During startup, a graphics driver with an unexpected name could lead t ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961 CVE-2022-40960 (Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960 CVE-2022-40959 (During iframe navigation, certain pages did not have their FeaturePoli ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959 CVE-2022-40958 (By injecting a cookie with certain special characters, an attacker on ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958 CVE-2022-40957 (Inconsistent data in instruction and data cache when creating wasm cod ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40957 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40957 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957 CVE-2022-40956 (When injecting an HTML base element, some requests would ignore the CS ...) {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} - firefox 105.0-1 - firefox-esr 102.3.0esr-1 - thunderbird 1:102.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40956 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40956 CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with sufficie ...) NOT-FOR-US: Apache InLong CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Airflow Spark provider CVE-2022-40701 (A directory traversal vulnerability exists in the httpd delfile.cgi fu ...) NOT-FOR-US: Siretta CVE-2022-40220 (An OS command injection vulnerability exists in the httpd txt/restore. ...) NOT-FOR-US: Siretta CVE-2022-39045 (A file write vulnerability exists in the httpd upload.cgi functionalit ...) NOT-FOR-US: Siretta CVE-2022-38715 (A leftover debug code vulnerability exists in the httpd shell.cgi func ...) NOT-FOR-US: Siretta CVE-2022-38459 (A stack-based buffer overflow vulnerability exists in the httpd downfi ...) NOT-FOR-US: Siretta CVE-2022-38088 (A directory traversal vulnerability exists in the httpd downfile.cgi f ...) NOT-FOR-US: Siretta CVE-2022-36279 (A stack-based buffer overflow vulnerability exists in the httpd delfil ...) NOT-FOR-US: Siretta CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: "Follow Me Plugin" plugin for WordPress CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was found ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/c08eadca1bdfa099e20a32f8fa4b52b2f672236d (5.18-rc1) CVE-2022-3238 (A double-free flaw was found in the Linux kernel\u2019s NTFS3 subsyste ...) - linux (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: NTFS3 driver not enabled in Debian NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927 CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-40953 RESERVED CVE-2022-40952 RESERVED CVE-2022-40951 RESERVED CVE-2022-40950 RESERVED CVE-2022-40949 RESERVED CVE-2022-40948 RESERVED CVE-2022-40947 RESERVED CVE-2022-40946 (On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, i ...) NOT-FOR-US: D-Link CVE-2022-40945 RESERVED CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Dairy Farm Shop Management System CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Dairy Farm Shop Management System CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40941 RESERVED CVE-2022-40940 RESERVED CVE-2022-40939 (In certain Secustation products the administrator account password can ...) NOT-FOR-US: Secustation CVE-2022-40938 RESERVED CVE-2022-40937 RESERVED CVE-2022-40936 RESERVED CVE-2022-40935 (Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_sh ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-40934 (Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_sh ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-40933 (Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injectio ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-40932 (In Zoo Management System v1.0, there is an arbitrary file upload vulne ...) NOT-FOR-US: Zoo Management System CVE-2022-40931 (dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (X ...) NOT-FOR-US: dutchcoders Transfer.sh CVE-2022-40930 RESERVED CVE-2022-40929 (XXL-JOB 2.2.0 has a Command execution vulnerability in background task ...) NOT-FOR-US: XXL-JOB CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Leave Management System CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Leave Management System CVE-2022-40926 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Leave Management System CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) NOT-FOR-US: Zoo Management System CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) NOT-FOR-US: Zoo Management System CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...) NOT-FOR-US: LIEF CVE-2022-40922 (A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse funct ...) NOT-FOR-US: LIEF CVE-2022-40921 (DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: DedeCMS CVE-2022-40920 RESERVED CVE-2022-40919 RESERVED CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 ...) NOT-FOR-US: firmware lewei_cam binary CVE-2022-40917 RESERVED CVE-2022-40916 RESERVED CVE-2022-40915 RESERVED CVE-2022-40914 RESERVED CVE-2022-40913 RESERVED CVE-2022-40912 (ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnera ...) NOT-FOR-US: ETAP Lighting International NV ETAP Safety Manager CVE-2022-40911 RESERVED CVE-2022-40910 RESERVED CVE-2022-40909 RESERVED CVE-2022-40908 RESERVED CVE-2022-40907 RESERVED CVE-2022-40906 RESERVED CVE-2022-40905 RESERVED CVE-2022-40904 RESERVED CVE-2022-40903 (Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 d ...) NOT-FOR-US: Aiphone CVE-2022-40902 RESERVED CVE-2022-40901 RESERVED CVE-2022-40900 RESERVED CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...) - python-future (bug #1031699) [bookworm] - python-future (Minor issue) [bullseye] - python-future (Minor issue) [buster] - python-future (Minor issue) NOTE: https://github.com/PythonCharmers/python-future/pull/610 NOTE: https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f (v0.18.3) CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 ...) - wheel 0.38.0-1 (unimportant) NOTE: https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0 NOTE: https://github.com/pypa/wheel/issues/498 NOTE: Negligible security impact CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remo ...) - setuptools 65.6.3-1 [bullseye] - setuptools (Minor issue) NOTE: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be (v65.5.1) CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments ...) - pygments 2.15.1+dfsg-1 [bookworm] - pygments (Minor issue) [bullseye] - pygments (Minor issue) [buster] - pygments (Minor issue) NOTE: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ NOTE: https://github.com/pygments/pygments/issues/2356 NOTE: https://github.com/pygments/pygments/issues/2355 NOTE: https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04 (2.14.0) NOTE: https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194 (2.15.0) NOTE: https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52 (2.15.1) CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of NeDi login ...) NOT-FOR-US: NeDi CVE-2022-40894 RESERVED CVE-2022-40893 RESERVED CVE-2022-40892 RESERVED CVE-2022-40891 RESERVED CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlie ...) NOT-FOR-US: Open5GS CVE-2022-40889 (Phpok 6.1 has a deserialization vulnerability via framework/phpok_call ...) NOT-FOR-US: Phpok CVE-2022-40888 RESERVED CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...) NOT-FOR-US: SourceCodester Best Student Result Management System CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background.) NOT-FOR-US: DedeCMS CVE-2022-40885 (Bento4 v1.6.0-639 has a memory allocation issue that can cause denial ...) NOT-FOR-US: Bento4 CVE-2022-40884 (Bento4 1.6.0 has memory leaks via the mp4fragment.) NOT-FOR-US: Bento4 CVE-2022-40883 RESERVED CVE-2022-40882 RESERVED CVE-2022-40881 (SolarView Compact 6.00 was discovered to contain a command injection v ...) NOT-FOR-US: SolarView Compact CVE-2022-40880 RESERVED CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the ...) NOT-FOR-US: kkFileView CVE-2022-40878 (In Exam Reviewer Management System 1.0, an authenticated attacker can ...) NOT-FOR-US: Exam Reviewer Management System CVE-2022-40877 (Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Exam Reviewer Management System CVE-2022-40876 (In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetM ...) NOT-FOR-US: Tenda CVE-2022-40875 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the ...) NOT-FOR-US: Tenda CVE-2022-40874 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulner ...) NOT-FOR-US: Tenda CVE-2022-40873 RESERVED CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...) NOT-FOR-US: Sourcecodester Simple E-Learning System CVE-2022-40871 (Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By defaul ...) - dolibarr CVE-2022-40870 (The Web Client of Parallels Remote Application Server v18.0 is vulnera ...) NOT-FOR-US: Parallels CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) NOT-FOR-US: Tenda CVE-2022-40868 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) NOT-FOR-US: Tenda CVE-2022-40867 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) NOT-FOR-US: Tenda CVE-2022-40866 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) NOT-FOR-US: Tenda CVE-2022-40865 (Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnera ...) NOT-FOR-US: Tenda CVE-2022-40864 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) NOT-FOR-US: Tenda CVE-2022-40863 RESERVED CVE-2022-40862 (Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulner ...) NOT-FOR-US: Tenda CVE-2022-40861 (Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2022-40860 (Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability ...) NOT-FOR-US: Tenda CVE-2022-40859 RESERVED CVE-2022-40858 RESERVED CVE-2022-40857 RESERVED CVE-2022-40856 RESERVED CVE-2022-40855 (Tenda W20E router V15.11.0.6 contains a stack overflow in the function ...) NOT-FOR-US: Tenda CVE-2022-40854 (Tenda AC18 router contained a stack overflow vulnerability in /goform/ ...) NOT-FOR-US: Tenda CVE-2022-40853 (Tenda AC15 router V15.03.05.19 contains a stack overflow via the list ...) NOT-FOR-US: Tenda CVE-2022-40852 RESERVED CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a stack overflow via the function fr ...) NOT-FOR-US: Tenda CVE-2022-40850 RESERVED CVE-2022-40849 (ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: ThinkCMF CVE-2022-40848 RESERVED CVE-2022-40847 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a ...) NOT-FOR-US: Tenda CVE-2022-40846 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross ...) NOT-FOR-US: Tenda CVE-2022-40845 (The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by ...) NOT-FOR-US: Tenda CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15E ...) NOT-FOR-US: Tenda CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to im ...) NOT-FOR-US: Tenda CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...) NOT-FOR-US: NdkAdvancedCustomizationFields CVE-2022-40841 (A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomization ...) NOT-FOR-US: NdkAdvancedCustomizationFields CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...) NOT-FOR-US: NdkAdvancedCustomizationFields CVE-2022-40839 (A SQL injection vulnerability in the height and width parameter in Ndk ...) NOT-FOR-US: NdkAdvancedCustomizationFields CVE-2022-40838 RESERVED CVE-2022-40837 RESERVED CVE-2022-40836 RESERVED CVE-2022-40835 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40834 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40833 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40832 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40831 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40830 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40829 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40828 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40827 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40826 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40825 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40824 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) - codeigniter (bug #471583) CVE-2022-40823 RESERVED CVE-2022-40822 RESERVED CVE-2022-40821 RESERVED CVE-2022-40820 RESERVED CVE-2022-40819 RESERVED CVE-2022-40818 RESERVED CVE-2022-40817 (Zammad 5.2.1 has a fine-grained permission model that allows to config ...) - zammad (bug #841355) CVE-2022-40816 (Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset ...) - zammad (bug #841355) CVE-2022-40815 RESERVED CVE-2022-40814 RESERVED CVE-2022-40813 RESERVED CVE-2022-40812 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-pdfs for python CVE-2022-40811 (The d8s-urls for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-urls for python CVE-2022-40810 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-ip-addresses for python CVE-2022-40809 (The d8s-dicts for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-dicts for python CVE-2022-40808 (The d8s-dates for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-dates for python CVE-2022-40807 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) NOT-FOR-US: d8s-domains for python CVE-2022-40806 (The d8s-uuids for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-uuids for python CVE-2022-40805 (The d8s-urls for python 0.1.0, as distributed on PyPI, included a pote ...) NOT-FOR-US: d8s-urls for python CVE-2022-40804 RESERVED CVE-2022-40803 RESERVED CVE-2022-40802 RESERVED CVE-2022-40801 RESERVED CVE-2022-40800 RESERVED CVE-2022-40799 (Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B1 ...) NOT-FOR-US: D-Link CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...) NOT-FOR-US: OcoMon CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...) NOT-FOR-US: Roxy Fileman CVE-2022-40796 RESERVED CVE-2022-40795 RESERVED CVE-2022-40794 RESERVED CVE-2022-40793 RESERVED CVE-2022-40792 RESERVED CVE-2022-40791 RESERVED CVE-2022-40790 RESERVED CVE-2022-40789 RESERVED CVE-2022-40788 RESERVED CVE-2022-40787 RESERVED CVE-2022-40786 RESERVED CVE-2022-40785 (Unsanitized input when setting a locale file leads to shell injection ...) NOT-FOR-US: mIPC camera firmware CVE-2022-40784 (Unlimited strcpy on user input when setting a locale file leads to sta ...) NOT-FOR-US: mIPC camera firmware CVE-2022-40783 RESERVED CVE-2022-40782 RESERVED CVE-2022-40781 RESERVED CVE-2022-40780 RESERVED CVE-2022-40779 RESERVED CVE-2022-40778 (A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefend ...) NOT-FOR-US: OPSWAT MetaDefender ICAP Server CVE-2022-40777 (Interspire Email Marketer through 6.5.0 allows arbitrary file upload v ...) NOT-FOR-US: Interspire Email Marketer CVE-2022-40776 RESERVED CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) NOT-FOR-US: Bento4 CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a NULL p ...) NOT-FOR-US: Bento4 CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...) NOT-FOR-US: profanity (not same as src:profanity) CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local us ...) {DLA-3245-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://www.openwall.com/lists/oss-security/2022/09/09/1 NOTE: https://git.kernel.org/linus/6022f210461fef67e6e676fd8544ca02d1bcfa7a CVE-2022-40767 RESERVED CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page S ...) NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus) CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) NOT-FOR-US: Mitel CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting ...) NOT-FOR-US: Snyk CLI CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...) NOT-FOR-US: Sophos CVE-2022-40763 RESERVED CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490.) {DLA-3204-1} - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af NOTE: https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (v9.0.0490) NOTE: Crash in CLI tool, no security impact CVE-2022-40762 (A Memory Allocation with Excessive Size Value vulnerablity in the TEE_ ...) NOT-FOR-US: Samsung mTower CVE-2022-40761 (The function tee_obj_free in Samsung mTower through 0.3.0 allows a tru ...) NOT-FOR-US: Samsung mTower CVE-2022-40760 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...) NOT-FOR-US: Samsung mTower CVE-2022-40759 (A NULL pointer dereference issue in the TEE_MACCompareFinal function i ...) NOT-FOR-US: Samsung mTower CVE-2022-40758 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_Ci ...) NOT-FOR-US: Samsung mTower CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...) NOT-FOR-US: Samsung mTower CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE Patch U ...) NOT-FOR-US: Actian CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion in the ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/338 CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) {DLA-3182-1} - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/ NOTE: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (v9.0.0483) NOTE: Crash in CLI tool, no security impact CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in t ...) - airflow (bug #819700) CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-40752 (IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vul ...) NOT-FOR-US: IBM CVE-2022-40751 (IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7 ...) NOT-FOR-US: IBM CVE-2022-40750 (IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2022-40749 RESERVED CVE-2022-40748 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-40747 ("IBM InfoSphere Information Server 11.7 is vulnerable to an XML Extern ...) NOT-FOR-US: IBM CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 co ...) NOT-FOR-US: IBM CVE-2022-40745 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...) NOT-FOR-US: IBM CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. ...) NOT-FOR-US: IBM CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...) - trafficserver 9.1.4+ds-1 [bullseye] - trafficserver (Vulnerable code not present) [buster] - trafficserver (Vulnerable code not present) NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 NOTE: https://github.com/apache/trafficserver/commit/eb5efe19e68e51db58a6320b4a99e3fc83336a14 (master) NOTE: https://github.com/apache/trafficserver/commit/20c857a785da93fa0e3263597207b5ef35b65b7c (v9.1.x) CVE-2022-3233 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3232 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3231 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-3230 RESERVED CVE-2022-3229 (Because the web management interface for Unified Intents' Unified Remo ...) NOT-FOR-US: Unified Remote CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...) NOT-FOR-US: Host Engineering CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...) NOT-FOR-US: Mail SQR Expert system CVE-2022-40741 (Mail SQR Expert\u2019s specific function has insufficient filtering fo ...) NOT-FOR-US: Mail SQR Expert system CVE-2022-40740 (Realtek GPON router has insufficient filtering for special characters. ...) NOT-FOR-US: Realtek CVE-2022-40739 (Ragic report generation page has insufficient filtering for special ch ...) NOT-FOR-US: Ragic CVE-2022-3227 RESERVED CVE-2022-3226 (An OS command injection vulnerability allows admins to execute code vi ...) NOT-FOR-US: Sophos CVE-2022-3225 (Improper Control of Dynamically-Managed Code Resources in GitHub repos ...) NOT-FOR-US: budibase CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...) NOT-FOR-US: Node parse-url CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) {DSA-5411-1} - gpac (bug #1033116; bug #1051866) [buster] - gpac (EOL in buster LTS) NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) - rdiffweb (bug #969974) CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) NOT-FOR-US: Bento4 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...) NOT-FOR-US: Bento4 CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) NOT-FOR-US: Bento4 CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...) NOTE: Generic Diffie-Hellman protocol issue CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 al ...) NOT-FOR-US: Laravel Filemanager CVE-2022-40733 RESERVED CVE-2022-40732 RESERVED CVE-2022-40731 RESERVED CVE-2022-40730 RESERVED CVE-2022-40729 RESERVED CVE-2022-40728 RESERVED CVE-2022-40727 RESERVED CVE-2022-40726 RESERVED CVE-2022-40725 (PingID Desktop prior to the latest released version 1.7.4 contains a v ...) NOT-FOR-US: PingID CVE-2022-40724 (The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint ...) NOT-FOR-US: PingID CVE-2022-40723 (The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS ...) NOT-FOR-US: PingID CVE-2022-40722 (A misconfiguration of RSA padding implemented in the PingID Adapter fo ...) NOT-FOR-US: PingID CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader) NOT-FOR-US: php uploader CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-40719 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-40718 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...) - consul (bug #1027161) [bullseye] - consul (Minor issue) [buster] - consul (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (v1.11.9) CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...) NOT-FOR-US: NOKIA CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) NOT-FOR-US: NOKIA CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path ...) NOT-FOR-US: NOKIA CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) NOT-FOR-US: NOKIA CVE-2022-40711 (PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity s ...) NOT-FOR-US: PrimeKey EJBCA CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...) NOT-FOR-US: Trend Micro CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) NOT-FOR-US: Trend Micro CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) NOT-FOR-US: Trend Micro CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) NOT-FOR-US: Trend Micro CVE-2022-3219 (GnuPG can be made to spin on a relatively small input by (for example) ...) - gnupg2 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127010 NOTE: https://dev.gnupg.org/D556 NOTE: https://dev.gnupg.org/T5993 NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/8 NOTE: GnuPG upstream is not implementing this change. CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...) NOT-FOR-US: Necta LLC CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...) NOT-FOR-US: VBASE CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) {DLA-3262-1} - smarty3 3.1.47-1 (bug #1019897) [bullseye] - smarty3 (Minor issue) - smarty4 4.2.1-1 (bug #1019896) NOTE: https://github.com/smarty-php/smarty/issues/454 NOTE: https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47) NOTE: https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9 (v4.2.1) CVE-2022-40706 RESERVED CVE-2022-40705 (An Improper Restriction of XML External Entity Reference vulnerability ...) NOT-FOR-US: Apache SOAP CVE-2022-40696 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...) NOT-FOR-US: FortiGuard CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...) NOT-FOR-US: Fortinet CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...) NOT-FOR-US: Fortinet CVE-2022-40681 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...) NOT-FOR-US: FortiGuard CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: Fortinet CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...) NOT-FOR-US: Fortinet CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...) NOT-FOR-US: Fortinet CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortinet CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...) NOT-FOR-US: Fortinet CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) NOT-FOR-US: WordPress plugin CVE-2022-40312 (Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u20 ...) NOT-FOR-US: WordPress plugin CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...) NOT-FOR-US: WordPress plugin CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP premium plug ...) NOT-FOR-US: WordPress plugin CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...) NOT-FOR-US: WordPress plugin CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...) NOT-FOR-US: WordPress plugin CVE-2022-40215 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-40211 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-40206 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) NOT-FOR-US: WordPress plugin CVE-2022-40205 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) NOT-FOR-US: WordPress plugin CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...) NOT-FOR-US: WordPress plugin CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...) NOT-FOR-US: WordPress plugin CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) NOT-FOR-US: WordPress plugin CVE-2022-38468 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...) NOT-FOR-US: WordPress plugin CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) NOT-FOR-US: WordPress plugin CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...) NOT-FOR-US: WordPress plugin CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...) NOT-FOR-US: WordPress plugin CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin<= 13.2. ...) NOT-FOR-US: WordPress plugin CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-36424 (Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy ...) NOT-FOR-US: WordPress plugin CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forg ...) NOT-FOR-US: WordPress plugin CVE-2022-36404 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in Awesome Filter ...) NOT-FOR-US: WordPress plugin CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...) NOT-FOR-US: Nintendo Game Boy Color CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...) NOT-FOR-US: swift-nio CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...) NOT-FOR-US: Delta CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141) [bookworm] - imagemagick (Minor issue) [bullseye] - imagemagick (Minor issue) [buster] - imagemagick (Vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 (6.9.12-62) CVE-2022-3212 (::from_request would ...) NOT-FOR-US: axum_core rust crate CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-30545 (Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Co ...) NOT-FOR-US: WordPress plugin CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) {DSA-5236-1 DLA-3119-1} - expat 2.4.8-2 (bug #1019761) NOTE: https://github.com/libexpat/libexpat/pull/629 NOTE: https://github.com/libexpat/libexpat/pull/640 NOTE: https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods ...) NOT-FOR-US: KDiskMark CVE-2022-40670 RESERVED CVE-2022-40669 REJECTED CVE-2022-40668 REJECTED CVE-2022-40667 REJECTED CVE-2022-40666 REJECTED CVE-2022-40665 REJECTED CVE-2022-40664 (Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ...) - shiro (bug #1021671) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue, too little detail) NOTE: https://www.openwall.com/lists/oss-security/2022/10/12/1 CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NIKON CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40642 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40641 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40640 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40637 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-40636 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ansys SpaceClaim CVE-2022-3210 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...) NOT-FOR-US: OpenAM (different from src:openam) CVE-2021-46838 RESERVED CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2022-38097 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2022-37332 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2022-32774 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...) NOT-FOR-US: WordPress theme CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...) NOT-FOR-US: WordPress plugin CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...) NOT-FOR-US: WordPress plugin CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat Ansible Au ...) NOT-FOR-US: Red Hat Ansible Automation Controller CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...) {DLA-3371-1} - unbound 1.16.3-1 [bullseye] - unbound 1.13.1-1+deb11u1 NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3) CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...) NOT-FOR-US: ORing net IAP-420(+) CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journal ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1) CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...) {DSA-5244-1 DSA-5230-1} - chromium 106.0.5249.61-1 [buster] - chromium (see DSA 5046) CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3199 (Use after free in Frames in Google Chrome prior to 105.0.5195.125 allo ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3198 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3197 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3196 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.5195.12 ...) {DSA-5230-1} - chromium 105.0.5195.125-1 [buster] - chromium (see DSA 5046) CVE-2022-3194 (The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbit ...) NOT-FOR-US: WordPress plugin CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS) vulnerability w ...) NOT-FOR-US: ovirt-engine CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) NOT-FOR-US: Tacitine Firewall CVE-2022-40629 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) NOT-FOR-US: Tacitine Firewall CVE-2022-40628 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) NOT-FOR-US: Tacitine Firewall CVE-2022-40627 RESERVED CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascript co ...) - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Vulnerable code introduced later) [buster] - zabbix (Vulnerable code introduced later) NOTE: https://support.zabbix.com/browse/ZBX-21350 NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/e4000620f1f427cc8df02914125b3b985ad797dc (6.0.0beta3) NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/56d8343c34c83ac727ab6250c7eb9e6d682b5b1c (6.0.0beta3) NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/55eb14d0a394b362d5df00ed9e06a3918472deec (6.0.7rc1) CVE-2022-40625 RESERVED CVE-2022-40624 (pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execut ...) NOT-FOR-US: pfSense CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...) NOT-FOR-US: WAVLINK CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...) NOT-FOR-US: WAVLINK CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31 ...) NOT-FOR-US: WAVLINK CVE-2022-40620 RESERVED CVE-2022-40619 RESERVED CVE-2022-40618 RESERVED CVE-2022-40617 (strongSwan before 5.9.8 allows remote attackers to cause a denial of s ...) {DSA-5249-1 DLA-3143-1} - strongswan 5.9.8-1 (bug #1021271) NOTE: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html NOTE: Patch: https://download.strongswan.org/security/CVE-2022-40617/ CVE-2022-40616 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow ...) NOT-FOR-US: IBM CVE-2022-40615 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) NOT-FOR-US: IBM CVE-2022-40614 RESERVED CVE-2022-40613 RESERVED CVE-2022-40612 RESERVED CVE-2022-40611 RESERVED CVE-2022-40610 RESERVED CVE-2022-40609 (IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a re ...) NOT-FOR-US: IBM CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...) NOT-FOR-US: IBM CVE-2022-40607 (IBM Spectrum Scale 5.1 could allow users with permissions to create po ...) NOT-FOR-US: IBM CVE-2022-3192 (Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows C ...) NOT-FOR-US: ABB CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...) - wireshark 3.6.8-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (vulernable code not present, poc does not trigger) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html CVE-2022-3189 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3188 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3187 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3186 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3185 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3184 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3183 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) NOT-FOR-US: Dataprobe iBoot-PDU FW CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...) NOT-FOR-US: MITRE CALDERA CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...) NOT-FOR-US: MITRE CALDERA CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...) - airflow (bug #819700) CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ...) NOT-FOR-US: Zyxel CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...) NOT-FOR-US: Zyxel CVE-2022-40601 REJECTED CVE-2022-40600 REJECTED CVE-2022-40599 REJECTED CVE-2022-40598 REJECTED CVE-2022-40597 REJECTED CVE-2022-40596 REJECTED CVE-2022-40595 REJECTED CVE-2022-40594 REJECTED CVE-2022-40593 REJECTED CVE-2022-40592 REJECTED CVE-2022-40591 REJECTED CVE-2022-40590 REJECTED CVE-2022-40589 REJECTED CVE-2022-40588 REJECTED CVE-2022-40587 REJECTED CVE-2022-40586 REJECTED CVE-2022-40585 REJECTED CVE-2022-40584 REJECTED CVE-2022-40583 REJECTED CVE-2022-40582 REJECTED CVE-2022-40581 REJECTED CVE-2022-40580 REJECTED CVE-2022-40579 REJECTED CVE-2022-40578 REJECTED CVE-2022-40577 REJECTED CVE-2022-40576 REJECTED CVE-2022-40575 REJECTED CVE-2022-40574 REJECTED CVE-2022-40573 REJECTED CVE-2022-40572 REJECTED CVE-2022-40571 REJECTED CVE-2022-40570 REJECTED CVE-2022-40569 REJECTED CVE-2022-40568 REJECTED CVE-2022-40567 REJECTED CVE-2022-40566 REJECTED CVE-2022-40565 REJECTED CVE-2022-40564 REJECTED CVE-2022-40563 REJECTED CVE-2022-40562 REJECTED CVE-2022-40561 REJECTED CVE-2022-40560 REJECTED CVE-2022-40559 REJECTED CVE-2022-40558 REJECTED CVE-2022-40557 REJECTED CVE-2022-40556 REJECTED CVE-2022-40555 REJECTED CVE-2022-40554 REJECTED CVE-2022-40553 REJECTED CVE-2022-40552 REJECTED CVE-2022-40551 REJECTED CVE-2022-40550 REJECTED CVE-2022-40549 REJECTED CVE-2022-40548 REJECTED CVE-2022-40547 REJECTED CVE-2022-40546 REJECTED CVE-2022-40545 REJECTED CVE-2022-40544 REJECTED CVE-2022-40543 REJECTED CVE-2022-40542 REJECTED CVE-2022-40541 REJECTED CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...) NOT-FOR-US: Qualcomm CVE-2022-40538 (Transient DOS due to reachable assertion in modem while processing sib ...) NOT-FOR-US: Qualcomm CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_ ...) NOT-FOR-US: Qualcomm CVE-2022-40536 (Transient DOS due to improper authentication in modem while receiving ...) NOT-FOR-US: Qualcomm CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...) NOT-FOR-US: Qualcomm CVE-2022-40534 (Memory corruption due to improper validation of array index in Audio.) NOT-FOR-US: Qualcomm CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core while sendi ...) NOT-FOR-US: Qualcomm CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in WLAN while ...) NOT-FOR-US: Qualcomm CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while sending WMI ...) NOT-FOR-US: Qualcomm CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer overflow i ...) NOT-FOR-US: Qualcomm CVE-2022-40529 (Memory corruption due to improper access control in kernel while proce ...) NOT-FOR-US: Qualcomm CVE-2022-40528 RESERVED CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while processing PEER ...) NOT-FOR-US: Qualcomm CVE-2022-40526 RESERVED CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to unauthorize ...) NOT-FOR-US: Qualcomm CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while processing Se ...) NOT-FOR-US: Qualcomm CVE-2022-40523 (Information disclosure in Kernel due to indirect branch misprediction.) NOT-FOR-US: Qualcomm CVE-2022-40522 (Memory corruption in Linux Networking due to double free while handlin ...) NOT-FOR-US: Qualcomm CVE-2022-40521 (Transient DOS due to improper authorization in Modem) NOT-FOR-US: Qualcomm CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core) NOT-FOR-US: Qualcomm CVE-2022-40519 (Information disclosure due to buffer overread in Core) NOT-FOR-US: Qualcomm CVE-2022-40518 (Information disclosure due to buffer overread in Core) NOT-FOR-US: Qualcomm CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow) NOT-FOR-US: Qualcomm CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow.) NOT-FOR-US: Qualcomm CVE-2022-40515 (Memory corruption in Video due to double free while playing 3gp clip w ...) NOT-FOR-US: Qualcomm CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Snapdragon CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...) NOT-FOR-US: Snapdragon CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while processin ...) NOT-FOR-US: Snapdragon CVE-2022-40511 RESERVED CVE-2022-40510 (Memory corruption due to buffer copy without checking size of input in ...) NOT-FOR-US: Qualcomm CVE-2022-40509 RESERVED CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while processing con ...) NOT-FOR-US: Qualcomm CVE-2022-40507 (Memory corruption due to double free in Core while mapping HLOS addres ...) NOT-FOR-US: Qualcomm CVE-2022-40506 RESERVED CVE-2022-40505 (Information disclosure due to buffer over-read in Modem while parsing ...) NOT-FOR-US: Qualcomm CVE-2022-40504 (Transient DOS due to reachable assertion in Modem when UE received Dow ...) NOT-FOR-US: Qualcomm CVE-2022-40503 (Information disclosure due to buffer over-read in Bluetooth Host while ...) NOT-FOR-US: Qualcomm CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.) NOT-FOR-US: Snapdragon CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...) NOT-FOR-US: Trihedral VTScada CVE-2022-3180 RESERVED CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb (bug #969974) CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.) - gpac (Fix for CVE-2022-30976 not applied) NOTE: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0 NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3 NOTE: Introduced by the fix for CVE-2022-30976. CVE-2022-3177 RESERVED CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel. Signalf ...) {DSA-5257-1 DLA-3173-1} - linux 5.17.3-1 NOTE: https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior ...) - rdiffweb (bug #969974) CVE-2022-3174 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) - rdiffweb (bug #969974) CVE-2022-40501 RESERVED CVE-2022-40500 RESERVED CVE-2022-40499 RESERVED CVE-2022-40498 RESERVED CVE-2022-40497 (Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were disc ...) NOT-FOR-US: Wazuh CVE-2022-40496 RESERVED CVE-2022-40495 RESERVED CVE-2022-40494 (NPS before v0.26.10 was discovered to contain an authentication bypass ...) NOT-FOR-US: NPS (network penetration server) CVE-2022-40493 RESERVED CVE-2022-40492 RESERVED CVE-2022-40491 RESERVED CVE-2022-40490 RESERVED CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CS ...) NOT-FOR-US: ThinkCMF CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...) NOT-FOR-US: ProcessWire CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...) NOT-FOR-US: ProcessWire CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...) NOT-FOR-US: TP Link CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40482 (The authentication method in Laravel 8.x through 9.x before 9.32.0 was ...) NOT-FOR-US: Laravel CVE-2022-40481 RESERVED CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...) NOT-FOR-US: Microchip Technology NRF5340-DK DT100112 CVE-2022-40479 RESERVED CVE-2022-40478 RESERVED CVE-2022-40477 RESERVED CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...) - linux (Vulnerable code never released in Debian unstable) NOTE: https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/ NOTE: https://git.kernel.org/linus/386e4fb6962b9f248a80f8870aea0870ca603e89 (5.19-rc4) CVE-2022-40475 (TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-40474 RESERVED CVE-2022-40473 RESERVED CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...) NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripti ...) NOT-FOR-US: Phpgurukul Blood Donor Management System CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...) NOT-FOR-US: iKuai8 CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...) - tinyproxy 1.11.1-2 (bug #1021015) [bullseye] - tinyproxy (Minor issue) [buster] - tinyproxy (Minor issue) NOTE: https://github.com/tinyproxy/tinyproxy/issues/457 NOTE: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 CVE-2022-40467 RESERVED CVE-2022-40466 RESERVED CVE-2022-40465 RESERVED CVE-2022-40464 RESERVED CVE-2022-40463 RESERVED CVE-2022-40462 RESERVED CVE-2022-40461 RESERVED CVE-2022-40460 RESERVED CVE-2022-40459 RESERVED CVE-2022-40458 RESERVED CVE-2022-40457 RESERVED CVE-2022-40456 RESERVED CVE-2022-40455 RESERVED CVE-2022-40454 RESERVED CVE-2022-40453 RESERVED CVE-2022-40452 RESERVED CVE-2022-40451 RESERVED CVE-2022-40450 RESERVED CVE-2022-40449 RESERVED CVE-2022-40448 RESERVED CVE-2022-40447 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: ZZCMS CVE-2022-40446 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: ZZCMS CVE-2022-40445 RESERVED CVE-2022-40444 (ZZCMS 2022 was discovered to contain a full path disclosure vulnerabil ...) NOT-FOR-US: ZZCMS CVE-2022-40443 (An absolute path traversal vulnerability in ZZCMS 2022 allows attacker ...) NOT-FOR-US: ZZCMS CVE-2022-40442 RESERVED CVE-2022-40441 RESERVED CVE-2022-40440 (mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: mxGraph CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...) NOT-FOR-US: Bento4 CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...) NOT-FOR-US: Bento4 CVE-2022-40437 RESERVED CVE-2022-40436 RESERVED CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to contain ...) NOT-FOR-US: Employee Performance Evaluation System CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection via the N ...) NOT-FOR-US: Softr CVE-2022-40433 REJECTED CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...) NOT-FOR-US: d8s-strings for python CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-pdfs for python CVE-2022-40430 (The d8s-utility for python, as distributed on PyPI, included a potenti ...) NOT-FOR-US: d8s-utility for python CVE-2022-40429 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) NOT-FOR-US: d8s-ip-addresses for python CVE-2022-40428 (The d8s-mpeg for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-mpeg for python CVE-2022-40427 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) NOT-FOR-US: d8s-domains for python CVE-2022-40426 (The d8s-asns for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-asns for python CVE-2022-40425 (The d8s-html for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-html for python CVE-2022-40424 (The d8s-urls for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-urls for python CVE-2022-40423 RESERVED CVE-2022-40422 RESERVED CVE-2022-40421 RESERVED CVE-2022-40420 RESERVED CVE-2022-40419 RESERVED CVE-2022-40418 RESERVED CVE-2022-40417 RESERVED CVE-2022-40416 RESERVED CVE-2022-40415 RESERVED CVE-2022-40414 RESERVED CVE-2022-40413 RESERVED CVE-2022-40412 RESERVED CVE-2022-40411 RESERVED CVE-2022-40410 RESERVED CVE-2022-40409 RESERVED CVE-2022-40408 (FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: FeehiCMS CVE-2022-40407 (A zip slip vulnerability in the file upload function of Chamilo v1.11 ...) NOT-FOR-US: Chamilo LMS CVE-2022-40406 RESERVED CVE-2022-40405 (WoWonder Social Network Platform v4.1.2 was discovered to contain a SQ ...) NOT-FOR-US: WoWonder Social Network Platform CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40402 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-40401 RESERVED CVE-2022-40400 RESERVED CVE-2022-40399 RESERVED CVE-2022-40398 RESERVED CVE-2022-40397 RESERVED CVE-2022-40396 RESERVED CVE-2022-40395 RESERVED CVE-2022-40394 RESERVED CVE-2022-40393 RESERVED CVE-2022-40392 RESERVED CVE-2022-40391 RESERVED CVE-2022-40390 RESERVED CVE-2022-40389 RESERVED CVE-2022-40388 RESERVED CVE-2022-40387 RESERVED CVE-2022-40386 RESERVED CVE-2022-40385 RESERVED CVE-2022-40384 RESERVED CVE-2022-40383 RESERVED CVE-2022-40382 RESERVED CVE-2022-40381 RESERVED CVE-2022-40380 RESERVED CVE-2022-40379 RESERVED CVE-2022-40378 RESERVED CVE-2022-40377 RESERVED CVE-2022-40376 RESERVED CVE-2022-40375 RESERVED CVE-2022-40374 RESERVED CVE-2022-40373 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2022-40372 RESERVED CVE-2022-40371 RESERVED CVE-2022-40370 RESERVED CVE-2022-40369 RESERVED CVE-2022-40368 RESERVED CVE-2022-40367 RESERVED CVE-2022-40366 RESERVED CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...) NOT-FOR-US: ouqiang gocron (not the same as src:golang-github-go-co-op-gocron) CVE-2022-40364 RESERVED CVE-2022-40363 (A buffer overflow in the component nfc_device_load_mifare_ul_data of F ...) NOT-FOR-US: Flipper Devices CVE-2022-40362 RESERVED CVE-2022-40361 (Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacke ...) NOT-FOR-US: Elite CRM CVE-2022-40360 RESERVED CVE-2022-40359 (Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via craf ...) NOT-FOR-US: kfm CVE-2022-40358 (An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause ...) - ajaxplorer (bug #668381) CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side R ...) NOT-FOR-US: Z-BlogPHP CVE-2022-40356 RESERVED CVE-2022-40355 RESERVED CVE-2022-40354 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40353 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40352 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40351 RESERVED CVE-2022-40350 RESERVED CVE-2022-40349 RESERVED CVE-2022-40348 (Cross Site Scripting (XSS) vulnerability in Intern Record System versi ...) NOT-FOR-US: Intern Record System CVE-2022-40347 (SQL Injection vulnerability in Intern Record System version 1.0 in /in ...) NOT-FOR-US: Intern Record System CVE-2022-40346 RESERVED CVE-2022-40345 RESERVED CVE-2022-40344 RESERVED CVE-2022-40343 RESERVED CVE-2022-40342 RESERVED CVE-2022-40341 (mojoPortal v2.7 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: mojoPortal CVE-2022-40340 RESERVED CVE-2022-40339 RESERVED CVE-2022-40338 RESERVED CVE-2022-40337 (OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows ...) NOT-FOR-US: OASES (aka Open Aviation Strategic Engineering System) CVE-2022-40336 RESERVED CVE-2022-40335 RESERVED CVE-2022-40334 RESERVED CVE-2022-40333 RESERVED CVE-2022-40332 RESERVED CVE-2022-40331 RESERVED CVE-2022-40330 RESERVED CVE-2022-40329 RESERVED CVE-2022-40328 RESERVED CVE-2022-40327 RESERVED CVE-2022-40326 RESERVED CVE-2022-40325 (SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, ak ...) NOT-FOR-US: SysAid Help Desk CVE-2022-40324 (SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, a ...) NOT-FOR-US: SysAid Help Desk CVE-2022-40323 (SysAid Help Desk before 22.1.65 allows XSS in the Password Services mo ...) NOT-FOR-US: SysAid Help Desk CVE-2022-40322 (SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.) NOT-FOR-US: SysAid Help Desk CVE-2022-40321 RESERVED CVE-2022-3173 (Improper Authentication in GitHub repository snipe/snipe-it prior to 6 ...) - snipe-it (bug #1005172) CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffe ...) - libconfuse 3.3-3 (bug #1019596) [bullseye] - libconfuse 3.3-2+deb11u1 NOTE: https://github.com/libconfuse/libconfuse/issues/163 NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...) NOT-FOR-US: LISTSERV CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) {DLA-3573-1} - frr 8.4.1-1 (bug #1035829) [bullseye] - frr 7.5.1-1.1+deb11u2 NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 NOTE: https://github.com/FRRouting/frr/commit/1117baca3c592877a4d8a13ed6a1d9bd83977487 (base_8.4) CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: subst ...) NOT-FOR-US: OpenKM CVE-2022-40316 (The H5P activity attempts report did not filter by groups, which in se ...) - moodle CVE-2022-40315 (A limited SQL injection risk was identified in the "browse list of use ...) - moodle CVE-2022-40314 (A remote code execution risk when restoring backup files originating f ...) - moodle CVE-2022-40313 (Recursive rendering of Mustache template helpers containing user input ...) - moodle CVE-2022-40309 (Users with write permissions to a repository can delete arbitrary dire ...) NOT-FOR-US: Apache Archiva CVE-2022-40308 (If anonymous read enabled, it's possible to read the database file dir ...) NOT-FOR-US: Apache Archiva CVE-2022-40199 (Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 t ...) NOT-FOR-US: EC-CUBE CVE-2022-38975 (DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-C ...) NOT-FOR-US: EC-CUBE CVE-2022-37346 (EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 cont ...) NOT-FOR-US: EC-CUBE CVE-2022-3172 (A security issue was discovered in kube-apiserver that allows an aggr ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...) [experimental] - protobuf 3.21.7-1 - protobuf 3.21.9-3 [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring) [buster] - protobuf (Too intrusive to backport, requires significant refactoring) NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 NOTE: https://github.com/protocolbuffers/protobuf/pull/10664 NOTE: https://github.com/protocolbuffers/protobuf/pull/10665 NOTE: https://github.com/protocolbuffers/protobuf/pull/10666 NOTE: https://github.com/protocolbuffers/protobuf/pull/10667 NOTE: https://github.com/protocolbuffers/protobuf/pull/10668 NOTE: CPU DoS in protobuf-java, fixed by significant refactoring CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879 NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4) NOTE: https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4) CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...) {DSA-5257-1 DLA-3173-1 DLA-3131-1} - linux 5.19.11-1 NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...) NOT-FOR-US: ECi Printanista Hub CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 al ...) NOT-FOR-US: Canto Cumulus CVE-2022-40304 (An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ...) {DSA-5271-1 DLA-3172-1} - libxml2 2.9.14+dfsg-1.1 (bug #1022225) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b (v2.10.3) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2335 CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a multi ...) {DSA-5271-1 DLA-3172-1} - libxml2 2.9.14+dfsg-1.1 (bug #1022224) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336 CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) {DLA-3573-1} - frr 8.4.1-1 (bug #1035829) [bullseye] - frr 7.5.1-1.1+deb11u2 NOTE: https://github.com/FRRouting/frr/issues/13427 NOTE: https://github.com/FRRouting/frr/issues/13480 NOTE: https://github.com/FRRouting/frr/commit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) CVE-2022-40301 RESERVED CVE-2022-40300 (Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., b ...) [experimental] - singular 1:4.3.1-p1+ds-1 - singular (unimportant) NOTE: https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c (Release-4-3-1) NOTE: https://github.com/Singular/Singular/issues/1137 NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1) CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited p ...) NOT-FOR-US: Crestron CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...) NOT-FOR-US: UBports Ubuntu Touch CVE-2022-40296 (The application was vulnerable to a Server-Side Request Forgery attack ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40295 (The application was vulnerable to an authenticated information disclos ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40294 (The application was identified to have an CSV injection in data export ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40293 (The application was vulnerable to a session fixation that could be use ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration by intera ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery (CSRF) at ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected Cross-S ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40289 (The application was vulnerable to an authenticated Stored Cross-Site S ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40288 (The application was vulnerable to an authenticated Stored Cross-Site S ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40287 (The application was found to be vulnerable to an authenticated Stored ...) NOT-FOR-US: PHP Point of Sale CVE-2022-40286 RESERVED CVE-2022-40285 RESERVED CVE-2022-40284 (A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted ...) {DSA-5270-1 DLA-3201-1} - ntfs-3g 1:2022.10.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/10/31/2 NOTE: https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 (2022.10.3) NOTE: https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656 (2022.10.3) CVE-2022-40283 RESERVED CVE-2022-40282 (The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authe ...) NOT-FOR-US: Hirschmann BAT-C2 CVE-2022-40281 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) NOT-FOR-US: Samsung TizenRT CVE-2022-40280 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) NOT-FOR-US: Samsung TizenRT CVE-2022-40279 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) NOT-FOR-US: Samsung TizenRT CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) NOT-FOR-US: Samsung TizenRT CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary ...) NOT-FOR-US: Joplin CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely obtain ar ...) NOT-FOR-US: Zettlr CVE-2022-40275 RESERVED CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary ...) NOT-FOR-US: Gridea CVE-2022-40273 REJECTED CVE-2022-40272 REJECTED CVE-2022-40271 REJECTED CVE-2022-40270 REJECTED CVE-2022-40269 (Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric ...) NOT-FOR-US: Mitsubishi CVE-2022-40268 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...) NOT-FOR-US: Mitsubishi CVE-2022-40267 (Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerabilit ...) NOT-FOR-US: Mitsubishi CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...) NOT-FOR-US: Mitsubishi CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...) NOT-FOR-US: Mitsubishi CVE-2022-40264 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Mitsubishi Electric CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...) NOT-FOR-US: BD Totalys MultiProcessor CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the ...) NOT-FOR-US: AMI CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from ...) NOT-FOR-US: AMI CVE-2022-40260 RESERVED CVE-2022-40259 (MegaRAC Default Credentials Vulnerability) NOT-FOR-US: AMI MegaRAC Redfish CVE-2022-40258 (AMI Megarac Weak password hashes for Redfish & API) NOT-FOR-US: AMI CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...) NOT-FOR-US: CERT/CC VINCE CVE-2022-40256 RESERVED CVE-2022-40255 RESERVED CVE-2022-40254 RESERVED CVE-2022-40253 RESERVED CVE-2022-40252 RESERVED CVE-2022-40251 RESERVED CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges from ...) NOT-FOR-US: AMI CVE-2022-40249 RESERVED CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...) NOT-FOR-US: CERT/CC VINCE CVE-2022-40247 RESERVED CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...) NOT-FOR-US: AMI CVE-2022-40245 RESERVED CVE-2022-40244 RESERVED CVE-2022-40243 RESERVED CVE-2022-40242 (MegaRAC Default Credentials Vulnerability) NOT-FOR-US: MegaRAC CVE-2022-40241 RESERVED CVE-2022-40240 RESERVED CVE-2022-40239 RESERVED CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software prior to ...) NOT-FOR-US: CERT software CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...) {DLA-3244-1} - linux 6.0.10-1 [bullseye] - linux 5.10.158-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214771 CVE-2022-3168 REJECTED CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...) - openvswitch (bug #1021740) [bookworm] - openvswitch (Minor issue) [bullseye] - openvswitch (Minor issue) [buster] - openvswitch (Minor issue) NOTE: https://arxiv.org/abs/2011.09107 NOTE: https://sites.google.com/view/tuple-space-explosion NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431 NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28 NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64 CVE-2022-40237 (IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service atta ...) NOT-FOR-US: IBM CVE-2022-40236 RESERVED CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to cause a ...) NOT-FOR-US: IBM CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...) NOT-FOR-US: IBM CVE-2022-40233 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-40232 (IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, ...) NOT-FOR-US: IBM CVE-2022-40231 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) NOT-FOR-US: IBM CVE-2022-40230 ("IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invali ...) NOT-FOR-US: IBM CVE-2022-40229 RESERVED CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) NOT-FOR-US: Siemens CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) NOT-FOR-US: Siemens CVE-2022-40225 REJECTED CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...) NOT-FOR-US: WordPress plugin CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...) NOT-FOR-US: WordPress plugin CVE-2022-40197 RESERVED CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability in Cust ...) NOT-FOR-US: WordPress plugin CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2022-40189 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Airflow Pig provider CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Po ...) NOT-FOR-US: WordPress plugin CVE-2022-38976 RESERVED CVE-2022-38704 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plu ...) NOT-FOR-US: WordPress plugin CVE-2022-38703 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-38470 (Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews fo ...) NOT-FOR-US: WordPress plugin CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) NOT-FOR-US: WordPress plugin CVE-2022-38140 (Auth. (contributor+)Arbitrary File Upload inSEO Plugin by Squirrly SEO ...) NOT-FOR-US: WordPress plugin CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...) NOT-FOR-US: WordPress plugin CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...) NOT-FOR-US: WordPress plugin CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control vulnerability in Cus ...) NOT-FOR-US: WordPress plugin CVE-2022-38098 RESERVED CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced ...) NOT-FOR-US: WordPress plugin CVE-2022-38086 (Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate ...) NOT-FOR-US: WordPress plugin CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam p ...) NOT-FOR-US: WordPress plugin CVE-2022-38077 (Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, E ...) NOT-FOR-US: WordPress plugin CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-36790 RESERVED CVE-2022-36388 (Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket ...) NOT-FOR-US: WordPress plugin CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-36340 (Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOpt ...) NOT-FOR-US: WordPress plugin CVE-2022-36299 RESERVED CVE-2022-36295 RESERVED CVE-2022-3167 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) - rdiffweb (bug #969974) CVE-2022-3166 (Rockwell Automation was made aware that the webservers of the Microlog ...) NOT-FOR-US: Rockwell CVE-2022-3165 (An integer underflow issue was found in the QEMU VNC server while proc ...) - qemu 1:7.2+dfsg-1 (bug #1021019) [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129739 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/0bf41cab93e5c72dcda717abd625698b59d9ba3e (v6.1.0-rc0) NOTE: Proposed fix: https://lists.nongnu.org/archive/html/qemu-devel/2022-09/msg03948.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7 (v7.2.0-rc0) CVE-2022-3164 RESERVED CVE-2022-3163 RESERVED CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a denial o ...) {DLA-3139-1} - knot-resolver 5.5.3-1 [bullseye] - knot-resolver (Minor issue) NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185 (v5.5.3) NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communicati ...) NOT-FOR-US: Foresight GC3 Launch Monitor CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise before ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2022-40185 RESERVED CVE-2022-40184 (Incomplete filtering of JavaScript code in different configuration fie ...) NOT-FOR-US: Bosch CVE-2022-40183 (An error in the URL handler of the VIDEOJET multi 4000 may lead to a r ...) NOT-FOR-US: Bosch CVE-2022-40182 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40181 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40180 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40179 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40178 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40177 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-40176 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-3162 (Users authorized to list or watch one type of namespaced custom resour ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here CVE-2022-3161 (The APDFL.dll contains a memory corruption vulnerability while parsing ...) NOT-FOR-US: Siemens CVE-2022-3160 (The APDFL.dll contains an out-of-bounds write past the fixed-length h ...) NOT-FOR-US: Siemens CVE-2022-3159 (The APDFL.dll contains a stack-based buffer overflow vulnerability tha ...) NOT-FOR-US: Siemens CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...) NOT-FOR-US: Rockwell Automation CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...) NOT-FOR-US: Rockwell CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...) NOT-FOR-US: Rockwell Automation CVE-2022-40175 REJECTED CVE-2022-40174 REJECTED CVE-2022-40173 REJECTED CVE-2022-40172 REJECTED CVE-2022-40171 REJECTED CVE-2022-40170 REJECTED CVE-2022-40169 REJECTED CVE-2022-40168 REJECTED CVE-2022-40167 REJECTED CVE-2022-40166 REJECTED CVE-2022-40165 REJECTED CVE-2022-40164 REJECTED CVE-2022-40163 REJECTED CVE-2022-40162 REJECTED CVE-2022-40161 REJECTED CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...) NOTE: Invalid oss-fuzz report against libcommons-jxpath-java NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053 CVE-2022-40159 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...) NOTE: Invalid oss-fuzz report against libcommons-jxpath-java NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057 CVE-2022-40158 REJECTED CVE-2022-40157 REJECTED CVE-2022-40156 REJECTED CVE-2022-40155 REJECTED CVE-2022-40154 REJECTED CVE-2022-40153 REJECTED CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...) - libwoodstox-java (bug #1032089) [bookworm] - libwoodstox-java (Minor issue) [bullseye] - libwoodstox-java (Minor issue) [buster] - libwoodstox-java (Minor issue) NOTE: https://github.com/x-stream/xstream/issues/304 NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...) - libxstream-java (unimportant) NOTE: https://github.com/x-stream/xstream/issues/304 NOTE: https://github.com/x-stream/xstream/issues/314 NOTE: https://x-stream.github.io/CVE-2022-40151.html NOTE: https://github.com/advisories/GHSA-f8cc-g7j8-xxpm NOTE: Only solution for the issue is to catch the StackOverflowError in the client code NOTE: calling XStream. CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) {DSA-5312-1 DLA-3259-1} - libjettison-java 1.5.3-1 (bug #1022553) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 NOTE: https://github.com/jettison-json/jettison/issues/45 CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) {DSA-5312-1 DLA-3184-1} - libjettison-java 1.5.1-1 (bug #1022554) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 NOTE: https://github.com/jettison-json/jettison/issues/45 NOTE: https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811 (jettison-1.5.1) CVE-2022-40148 REJECTED CVE-2022-40147 (A vulnerability has been identified in Industrial Edge Management (All ...) NOT-FOR-US: Siemens CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) {DLA-3619-1} - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1335 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903910 NOTE: https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading CVE-2022-40145 (This vulnerable is about a potential code injection when an attacker h ...) - apache-karaf (bug #881297) CVE-2022-3155 (When saving or opening an email attachment on macOS, Thunderbird did n ...) - thunderbird (Only affects MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155 CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for ...) NOT-FOR-US: WordPress plugin CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.040 ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a NOTE: https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de (v9.0.0404) NOTE: Crash in CLI toool, no security impact CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...) NOT-FOR-US: PHP-Fusion CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-3150 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...) NOT-FOR-US: jgraph/drawio CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...) NOT-FOR-US: Trend Micro CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...) NOT-FOR-US: Trend Micro CVE-2022-40142 (A security link following local privilege escalation vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...) NOT-FOR-US: Trend Micro CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...) NOT-FOR-US: Trend Micro CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...) NOT-FOR-US: Trend Micro CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, prior to co ...) NOT-FOR-US: Facebook Hermes CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...) - linux 6.1.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res ...) - linux 6.1.7-1 [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...) NOTE: PoC has been removed, original reporter is unresponsive and not reproducible NOTE: It's unclear whether this was a really issue in the first place CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in driver ...) - linux NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072 NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries are public CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.4-1 NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071 NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...) - mattermost-server (bug #823556) CVE-2022-3146 (A flaw was found in tripleo-ansible. Due to an insecure default config ...) NOT-FOR-US: tripleo-ansible CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...) NOT-FOR-US: Okta CVE-2022-3144 (The Wordfence Security \u2013 Firewall & Malware Scan plugin for WordP ...) NOT-FOR-US: WordPress plugin CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe comparator. ...) NOT-FOR-US: WildFly Elytron CVE-2022-40137 (A buffer overflow in the WMI SMI Handler in some Lenovo models may all ...) NOT-FOR-US: Lenovo CVE-2022-40136 (An information leak vulnerability in SMI Handler used to configure pla ...) NOT-FOR-US: Lenovo CVE-2022-40135 (An information leak vulnerability in the Smart USB Protection SMI Hand ...) NOT-FOR-US: Lenovo CVE-2022-40134 (An information leak vulnerability in the SMI Set BIOS Password SMI Han ...) NOT-FOR-US: Lenovo CVE-2022-40127 (A vulnerability in Example Dags of Apache Airflow allows an attacker w ...) - airflow (bug #819700) CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...) NOT-FOR-US: Movable Type plugin CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...) NOT-FOR-US: WordPress plugin CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration ...) {DSA-5252-1 DLA-3368-1} - libreoffice 1:7.4.1~rc2-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140 CVE-2022-3139 (The We\u2019re Open! WordPress plugin before 1.42 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...) NOT-FOR-US: jgraph/drawio CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for ...) NOT-FOR-US: Clash for Windows CVE-2022-40125 RESERVED CVE-2022-40124 RESERVED CVE-2022-40123 (mojoPortal v2.7 was discovered to contain a path traversal vulnerabili ...) NOT-FOR-US: mojoPortal CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40120 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40119 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40118 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40117 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40115 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40114 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40113 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) NOT-FOR-US: TOTOLINK CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the sha ...) NOT-FOR-US: TOTOLINK CVE-2022-40110 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) NOT-FOR-US: TOTOLINK CVE-2022-40109 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) NOT-FOR-US: TOTOLINK CVE-2022-40108 RESERVED CVE-2022-40107 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40106 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40105 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40104 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40103 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40102 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40101 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-40100 (Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection ...) NOT-FOR-US: Tenda CVE-2022-40099 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40098 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40097 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40096 RESERVED CVE-2022-40095 RESERVED CVE-2022-40094 RESERVED CVE-2022-40093 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40092 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to contai ...) NOT-FOR-US: Online Tours & Travels Management System CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...) - tiff 4.5.0-2 [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue, DoS) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1) NOTE: The specific PoC starts triggering with https://gitlab.com/libtiff/libtiff/-/commit/7db4f2b62206b9cba6cda538e0f296df0ac371bd (v4.4.0) NOTE: but the patch mentions this is an older, more general issue, requiring prior incomplete fix from: NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f01c22704826d1587fb8d91b253752b13c6713ba (v4.0.10) NOTE: so let's assume versions < v4.4.0 are vulnerable. CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College Website ...) NOT-FOR-US: Simple College Website CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a reflected cros ...) NOT-FOR-US: Simple College Website CVE-2022-40087 (Simple College Website v1.0 was discovered to contain an arbitrary fil ...) NOT-FOR-US: Simple College Website CVE-2022-40086 RESERVED CVE-2022-40085 RESERVED CVE-2022-40084 (OpenCRX before v5.2.2 was discovered to be vulnerable to password enum ...) NOT-FOR-US: OpenCRX CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...) - golang-github-labstack-echo 4.11.1-1 [bookworm] - golang-github-labstack-echo (Minor issue) - golang-github-labstack-echo.v2 (Vulnerable code not present) - golang-github-labstack-echo.v3 (Vulnerable code not present) NOTE: https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1 (v4.9.0) NOTE: https://github.com/labstack/echo/issues/2259 CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...) NOT-FOR-US: Hertz CVE-2022-40081 RESERVED CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in th ...) NOT-FOR-US: Aspire CVE-2022-40079 RESERVED CVE-2022-40078 RESERVED CVE-2022-40077 RESERVED CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) NOT-FOR-US: Tenda CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...) NOT-FOR-US: Tenda CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...) NOT-FOR-US: Tenda CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) NOT-FOR-US: Tenda CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) NOT-FOR-US: Tenda CVE-2022-40066 RESERVED CVE-2022-40065 RESERVED CVE-2022-40064 RESERVED CVE-2022-40063 RESERVED CVE-2022-40062 RESERVED CVE-2022-40061 RESERVED CVE-2022-40060 RESERVED CVE-2022-40059 RESERVED CVE-2022-40058 RESERVED CVE-2022-40057 RESERVED CVE-2022-40056 RESERVED CVE-2022-40055 (An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows att ...) NOT-FOR-US: GX Group GPON ONT Titanium 2122A T2122-V1.26EXL CVE-2022-40054 RESERVED CVE-2022-40053 RESERVED CVE-2022-40052 RESERVED CVE-2022-40051 RESERVED CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...) NOT-FOR-US: ZFile CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...) NOT-FOR-US: Theme Park Ticketing System CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...) NOT-FOR-US: Flatpress CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...) NOT-FOR-US: Flatpress CVE-2022-40046 RESERVED CVE-2022-40045 RESERVED CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site scripting (X ...) - centreon-web (bug #913903) CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection vulnerabi ...) - centreon-web (bug #913903) CVE-2022-40042 RESERVED CVE-2022-40041 RESERVED CVE-2022-40040 RESERVED CVE-2022-40039 RESERVED CVE-2022-40038 RESERVED CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to ...) NOT-FOR-US: Rawchen blog-ssm CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...) NOT-FOR-US: Rawchen blog-ssm CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing atta ...) NOT-FOR-US: Rawchen blog-ssm CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...) NOT-FOR-US: Rawchen blog-ssm CVE-2022-40033 RESERVED CVE-2022-40032 (SQL Injection vulnerability in Simple Task Managing System version 1.0 ...) NOT-FOR-US: Simple Task Managing System CVE-2022-40031 RESERVED CVE-2022-40030 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-40029 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-40028 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-40027 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-40026 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-40025 RESERVED CVE-2022-40024 RESERVED CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...) {DLA-3116-1} - mako 1.2.2+ds1-1 [bullseye] - mako (Minor issue) NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2) NOTE: https://github.com/sqlalchemy/mako/issues/366 CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...) NOT-FOR-US: Microchip Technology CVE-2022-40021 (QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) ...) NOT-FOR-US: QVidium Technologies Amino A140 CVE-2022-40020 RESERVED CVE-2022-40019 RESERVED CVE-2022-40018 RESERVED CVE-2022-40017 RESERVED CVE-2022-40016 (Use After Free (UAF) vulnerability in ireader media-server before comm ...) NOT-FOR-US: ireader media-server CVE-2022-40015 RESERVED CVE-2022-40014 RESERVED CVE-2022-40013 RESERVED CVE-2022-40012 RESERVED CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...) NOT-FOR-US: typora CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was dis ...) NOT-FOR-US: Tenda CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/190 CVE-2022-40008 (SWFTools commit 772e55a was discovered to contain a heap-buffer overfl ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/188 CVE-2022-40007 RESERVED CVE-2022-40006 RESERVED CVE-2022-40005 (Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command inject ...) NOT-FOR-US: Intelbras WiFiber 120AC inMesh CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows ...) NOT-FOR-US: Things Board CVE-2022-40003 RESERVED CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2022-40001 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2022-40000 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2022-39999 RESERVED CVE-2022-39998 RESERVED CVE-2022-39997 RESERVED CVE-2022-39996 RESERVED CVE-2022-39995 RESERVED CVE-2022-39994 RESERVED CVE-2022-39993 RESERVED CVE-2022-39992 RESERVED CVE-2022-39991 RESERVED CVE-2022-39990 RESERVED CVE-2022-39989 (An issue was discovered in Fighting Cock Information System 1.0, which ...) NOT-FOR-US: Fighting Cock Information System CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows ...) - centreon-web (bug #913903) CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an ...) NOT-FOR-US: RaspAP CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows un ...) NOT-FOR-US: RaspAP CVE-2022-39985 RESERVED CVE-2022-39984 RESERVED CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows at ...) NOT-FOR-US: Instantdeveloper RD3 CVE-2022-39982 RESERVED CVE-2022-39981 RESERVED CVE-2022-39980 RESERVED CVE-2022-39979 RESERVED CVE-2022-39978 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-39977 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...) NOT-FOR-US: Online Pet Shop We App CVE-2022-39976 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Life ...) NOT-FOR-US: Liferay CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...) NOT-FOR-US: WASM3 CVE-2022-39973 RESERVED CVE-2022-39972 RESERVED CVE-2022-39971 RESERVED CVE-2022-39970 RESERVED CVE-2022-39969 RESERVED CVE-2022-39968 RESERVED CVE-2022-39967 RESERVED CVE-2022-39966 RESERVED CVE-2022-39965 RESERVED CVE-2022-39964 RESERVED CVE-2022-39963 RESERVED CVE-2022-39962 RESERVED CVE-2022-39961 RESERVED CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...) NOT-FOR-US: Atlassian CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.) {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389) CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...) NOT-FOR-US: Panini Everest Engine CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) {DLA-3293-1} - modsecurity-crs 3.3.4-1 (bug #1021137) [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) {DLA-3293-1} - modsecurity-crs 3.3.4-1 (bug #1021137) [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) {DLA-3293-1} - modsecurity-crs 3.3.4-1 (bug #1021137) [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf. NOTE: https://bugs.debian.org/1020303 CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) {DLA-3293-1} - modsecurity-crs 3.3.4-1 (bug #1021137) [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...) NOT-FOR-US: Fortinet CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...) NOT-FOR-US: Fortinet CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...) NOT-FOR-US: Fortinet CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...) NOT-FOR-US: FortiGuard CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) NOT-FOR-US: Fortinet CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-39946 (An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 an ...) NOT-FOR-US: Fortinet CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...) NOT-FOR-US: FortiGuard CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deser ...) NOT-FOR-US: Apache Linkis CVE-2022-39943 REJECTED CVE-2022-39942 REJECTED CVE-2022-39941 REJECTED CVE-2022-39940 REJECTED CVE-2022-39939 REJECTED CVE-2022-39938 REJECTED CVE-2022-39937 REJECTED CVE-2022-39936 REJECTED CVE-2022-39935 REJECTED CVE-2022-39934 REJECTED CVE-2022-39933 REJECTED CVE-2022-39932 REJECTED CVE-2022-39931 REJECTED CVE-2022-39930 REJECTED CVE-2022-39929 REJECTED CVE-2022-39928 REJECTED CVE-2022-39927 REJECTED CVE-2022-39926 REJECTED CVE-2022-39925 REJECTED CVE-2022-39924 REJECTED CVE-2022-39923 REJECTED CVE-2022-39922 REJECTED CVE-2022-39921 REJECTED CVE-2022-39920 REJECTED CVE-2022-39919 REJECTED CVE-2022-39918 REJECTED CVE-2022-39917 REJECTED CVE-2022-39916 REJECTED CVE-2022-39915 (Improper access control vulnerability in Calendar prior to versions 11 ...) NOT-FOR-US: Samsung CVE-2022-39914 (Exposure of Sensitive Information from an Unauthorized Actor vulnerabi ...) NOT-FOR-US: Samsung CVE-2022-39913 (Exposure of Sensitive Information to an Unauthorized Actor in Persona ...) NOT-FOR-US: Samsung CVE-2022-39912 (Improper handling of insufficient permissions vulnerability in setSecu ...) NOT-FOR-US: Samsung CVE-2022-39911 (Improper check or handling of exceptional conditions vulnerability in ...) NOT-FOR-US: Samsung CVE-2022-39910 (Improper access control vulnerability in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2022-39909 (Insufficient verification of data authenticity vulnerability in Samsun ...) NOT-FOR-US: Samsung CVE-2022-39908 (TOCTOU vulnerability in Samsung decoding library for video thumbnails ...) NOT-FOR-US: Samsung CVE-2022-39907 (Integer overflow vulnerability in Samsung decoding library for video t ...) NOT-FOR-US: Samsung CVE-2022-39906 (Improper access control vulnerability in SecTelephonyProvider prior to ...) NOT-FOR-US: Samsung CVE-2022-39905 (Implicit intent hijacking vulnerability in Telecom application prior t ...) NOT-FOR-US: Samsung CVE-2022-39904 (Exposure of Sensitive Information vulnerability in Samsung Settings pr ...) NOT-FOR-US: Samsung CVE-2022-39903 (Improper access control vulnerability in RCS call prior to SMR Dec-202 ...) NOT-FOR-US: Samsung CVE-2022-39902 (Improper authorization in Exynos baseband prior to SMR DEC-2022 Releas ...) NOT-FOR-US: Samsung CVE-2022-39901 (Improper authentication in Exynos baseband prior to SMR DEC-2022 Relea ...) NOT-FOR-US: Samsung CVE-2022-39900 (Improper access control vulnerability in Nice Catch prior to SMR Dec-2 ...) NOT-FOR-US: Samsung CVE-2022-39899 (Improper authentication vulnerability in Samsung WindowManagerService ...) NOT-FOR-US: Samsung CVE-2022-39898 (Improper access control vulnerability in IIccPhoneBook prior to SMR De ...) NOT-FOR-US: Samsung CVE-2022-39897 (Exposure of Sensitive Information vulnerability in kernel prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-39896 (Improper access control vulnerabilities in Contacts prior to SMR Dec-2 ...) NOT-FOR-US: Samsung CVE-2022-39895 (Improper access control vulnerability in ContactListUtils in Phone pri ...) NOT-FOR-US: Samsung CVE-2022-39894 (Improper access control vulnerability in ContactListStartActivityHelpe ...) NOT-FOR-US: Samsung CVE-2022-39893 (Sensitive information exposure vulnerability in FmmBaseModel in Galaxy ...) NOT-FOR-US: Samsung CVE-2022-39892 (Improper access control in Samsung Pass prior to version 4.0.05.1 allo ...) NOT-FOR-US: Samsung CVE-2022-39891 (Heap overflow vulnerability in parse_pce function in libsavsaudio.so i ...) NOT-FOR-US: Samsung CVE-2022-39890 (Improper Authorization in Samsung Billing prior to version 5.0.56.0 al ...) NOT-FOR-US: Samsung CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin prior to v ...) NOT-FOR-US: Samsung CVE-2022-39888 RESERVED CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy in MiscPo ...) NOT-FOR-US: Samsung CVE-2022-39886 (Improper access control vulnerability in IpcRxServiceModeBigDataInfo i ...) NOT-FOR-US: Samsung CVE-2022-39885 (Improper access control vulnerability in BootCompletedReceiver_CMCC in ...) NOT-FOR-US: Samsung CVE-2022-39884 (Improper access control vulnerability in IImsService prior to SMR Nov- ...) NOT-FOR-US: Samsung CVE-2022-39883 (Improper authorization vulnerability in StorageManagerService prior to ...) NOT-FOR-US: Samsung CVE-2022-39882 (Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsm ...) NOT-FOR-US: Samsung CVE-2022-39881 (Improper input validation vulnerability for processing SIB12 PDU in Ex ...) NOT-FOR-US: Samsung CVE-2022-39880 (Improper input validation vulnerability in DualOutFocusViewer prior to ...) NOT-FOR-US: Samsung CVE-2022-39879 (Improper authorization vulnerability in?CallBGProvider prior to SMR No ...) NOT-FOR-US: Samsung CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...) NOT-FOR-US: Samsung CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...) NOT-FOR-US: Samsung CVE-2022-39876 (Insertion of Sensitive Information into Log in PushRegIdUpdateClient o ...) NOT-FOR-US: Samsung CVE-2022-39875 (Improper component protection vulnerability in Samsung Account prior t ...) NOT-FOR-US: Samsung CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung Account pri ...) NOT-FOR-US: Samsung CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior to vers ...) NOT-FOR-US: Samsung CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior to vers ...) NOT-FOR-US: Samsung CVE-2022-39871 (Improper access control vulnerability cloudNotificationManager.java in ...) NOT-FOR-US: Samsung CVE-2022-39870 (Improper access control vulnerability in cloudNotificationManager.java ...) NOT-FOR-US: Samsung CVE-2022-39869 (Improper access control vulnerability in cloudNotificationManager.java ...) NOT-FOR-US: Samsung CVE-2022-39868 (Improper access control vulnerability in GedSamsungAccount.kt SmartThi ...) NOT-FOR-US: Samsung CVE-2022-39867 (Improper access control vulnerability in cloudNotificationManager.java ...) NOT-FOR-US: Samsung CVE-2022-39866 (Improper access control vulnerability in RegisteredEventMediator.kt Sm ...) NOT-FOR-US: Samsung CVE-2022-39865 (Improper access control vulnerability in ContentsSharingActivity.java ...) NOT-FOR-US: Samsung CVE-2022-39864 (Improper access control vulnerability in WifiSetupLaunchHelper in Smar ...) NOT-FOR-US: Samsung CVE-2022-39863 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) NOT-FOR-US: Samsung CVE-2022-39862 (Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Rel ...) NOT-FOR-US: Samsung CVE-2022-39861 (Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to ...) NOT-FOR-US: Samsung CVE-2022-39860 (Improper access control vulnerability in QuickShare prior to version 1 ...) NOT-FOR-US: Samsung CVE-2022-39859 (Implicit intent hijacking vulnerability in UPHelper library prior to v ...) NOT-FOR-US: Samsung CVE-2022-39858 (Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera p ...) NOT-FOR-US: Samsung CVE-2022-39857 (Improper access control vulnerability in CameraTestActivity in Factory ...) NOT-FOR-US: Samsung CVE-2022-39856 (Improper access control vulnerability in imsservice application prior ...) NOT-FOR-US: Samsung CVE-2022-39855 (Improper access control vulnerability in FACM application prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-39854 (Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows un ...) NOT-FOR-US: Samsung CVE-2022-39853 (A use after free vulnerability in perf-mgr driver prior to SMR Oct-202 ...) NOT-FOR-US: Samsung CVE-2022-39852 (A heap-based overflow vulnerability in makeContactAGIF in libagifencod ...) NOT-FOR-US: Samsung CVE-2022-39851 (Improper access control vulnerability in CocktailBarService prior to S ...) NOT-FOR-US: Samsung CVE-2022-39850 (Improper access control in mum_container_policy service prior to SMR O ...) NOT-FOR-US: Samsung CVE-2022-39849 (Improper access control in knox_vpn_policy service prior to SMR Oct-20 ...) NOT-FOR-US: Samsung CVE-2022-39848 (Exposure of sensitive information in AT_Distributor prior to SMR Oct-2 ...) NOT-FOR-US: Samsung CVE-2022-39847 (Use after free vulnerability in set_nft_pid and signal_handler functio ...) NOT-FOR-US: Samsung CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22 ...) NOT-FOR-US: Samstung CVE-2022-39845 (Improper validation of integrity check vulnerability in Samsung Kies p ...) NOT-FOR-US: Samsung CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Switch P ...) NOT-FOR-US: Samsung CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...) NOT-FOR-US: jgraph/drawio CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-3131 (The Search Logger WordPress plugin through 0.9 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...) NOT-FOR-US: codeprojects Online Driving School CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...) NOT-FOR-US: codeprojects Online Driving School CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-3126 (The Frontend File Manager Plugin WordPress plugin before 21.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...) NOT-FOR-US: WordPress plugin CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...) NOT-FOR-US: WordPress plugin CVE-2022-3123 (Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ...) - dokuwiki (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345/ NOTE: https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 CVE-2022-3122 (A vulnerability was found in SourceCodester Clinics Patient Management ...) NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave Mana ...) NOT-FOR-US: SourceCodester Online Employee Leave Management System CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...) NOT-FOR-US: Lotus 1-2-3 CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...) {DSA-5257-1 DLA-3173-1 DLA-3131-1} - linux 5.19.6-1 (unimportant) NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4) NOTE: Driver not enabled in Debian configs CVE-2022-39841 RESERVED CVE-2022-39840 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...) NOT-FOR-US: Cotonti Siena CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...) NOT-FOR-US: Cotonti Siena CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...) NOT-FOR-US: Systematic FIX Adapter (ALFAFX) CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...) - gajim 1.5.0-1 [bullseye] - gajim (Minor issue) [buster] - gajim (Minor issue, intrusive to backport) NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0) CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...) NOT-FOR-US: PrimeKey EJBCA CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...) NOT-FOR-US: FileCloud CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) - pspp 1.6.2-2 (bug #1019598) [bullseye] - pspp (Minor issue) [buster] - pspp (Minor issue) NOTE: https://savannah.gnu.org/bugs/index.php?63000 NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) - pspp 1.6.2-2 (bug #1019597) [bullseye] - pspp (Minor issue) [buster] - pspp (Minor issue) NOTE: https://savannah.gnu.org/bugs/?62977 NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...) NOT-FOR-US: Samsung mTower CVE-2022-39829 (There is a NULL pointer dereference in aes256_encrypt in Samsung mTowe ...) NOT-FOR-US: Samsung mTower CVE-2022-39828 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...) NOT-FOR-US: Samsung mTower CVE-2022-39827 RESERVED CVE-2022-39826 RESERVED CVE-2022-39825 RESERVED CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allows rem ...) NOT-FOR-US: Appsmith CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x bef ...) NOT-FOR-US: Softing CVE-2022-39822 (In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin ...) NOT-FOR-US: NOKIA CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...) NOT-FOR-US: NOKIA CVE-2022-39820 (In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storag ...) NOT-FOR-US: NOKIA CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...) NOT-FOR-US: NOKIA CVE-2022-39818 (In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in ...) NOT-FOR-US: NOKIA CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs ...) NOT-FOR-US: NOKIA CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (clearte ...) NOT-FOR-US: NOKIA CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...) NOT-FOR-US: NOKIA CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the ...) NOT-FOR-US: NOKIA CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored ...) NOT-FOR-US: Italtel NetMatch-S CI CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal un ...) NOT-FOR-US: Italtel NetMatch-S CI CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control unde ...) NOT-FOR-US: Italtel NetMatch-S CI CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2022-38701 (OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerabili ...) NOT-FOR-US: OpenHarmony CVE-2022-38700 (OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnera ...) NOT-FOR-US: OpenHarmony CVE-2022-38081 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...) NOT-FOR-US: OpenHarmony CVE-2022-38064 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...) NOT-FOR-US: OpenHarmony CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configuration ...) NOT-FOR-US: OpenHarmony CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...) NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...) NOT-FOR-US: Sourcecodehero ERP System Project CVE-2022-39808 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-39807 (Due to lack of proper memory management, when a victim opens manipulat ...) NOT-FOR-US: SAP CVE-2022-39806 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-39805 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-39804 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-39803 (Due to lack of proper memory management, when a victim opens a manipul ...) NOT-FOR-US: SAP CVE-2022-39802 (SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an att ...) NOT-FOR-US: SAP CVE-2022-39801 (SAP GRC Access control Emergency Access Management allows an authentic ...) NOT-FOR-US: SAP CVE-2022-39800 (SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible t ...) NOT-FOR-US: SAP CVE-2022-39799 (An attacker with no prior authentication could craft and send maliciou ...) NOT-FOR-US: SAP CVE-2022-3117 REJECTED CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...) - heimdal (Vulnerable code introduced in master branch only) NOTE: https://www.kb.cert.org/vuls/id/730793 NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/4fb6a6adc9d5593079e37addb40fd80834df77b4 NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e NOTE: Different issue from CVE-2021-44758 CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 NOTE: https://git.kernel.org/linus/73c3ed7495c67b8fbdc31cf58e6ca8757df31a33 (5.19-rc1) CVE-2022-3114 (An issue was discovered in the Linux kernel through 5.16-rc6. imx_regi ...) - linux 5.19.6-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ed713e2bc093239ccd380c2ce8ae9e4162f5c037 (5.19-rc1) CVE-2022-3113 (An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcod ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e25a89f743b18c029bfbe5e1663ae0c7190912b0 (5.18-rc1) CVE-2022-3112 (An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_s ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c8c80c996182239ff9b05eda4db50184cf3b2e99 (5.18-rc1) CVE-2022-3111 (An issue was discovered in the Linux kernel through 5.16-rc6. free_cha ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/6dee930f6f6776d1e5a7edf542c6863b47d9f078 (5.18-rc1) CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_ini ...) - linux 5.18.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1) CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame ...) {DSA-5394-1 DLA-3454-1} - ffmpeg 7:5.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7694a44baaaa4786995590a8ba2b16acd8ef8177 (n4.3.6) NOTE: https://github.com/FFmpeg/FFmpeg/commit/51efa68ec0b4f42b5b124b8987fb68f60a929c4f (n4.1.11) CVE-2022-3108 (An issue was discovered in the Linux kernel through 5.16-rc6. kfd_pars ...) - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/abfaf0eee97925905e742aa3b0b72e04a918fa9e (5.17-rc1) CVE-2022-3107 (An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_g ...) - linux 5.16.18-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/886e44c9298a6b428ae046e2fa092ca52e822e6a (5.17) CVE-2022-3106 (An issue was discovered in the Linux kernel through 5.16-rc6. ef100_up ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/407ecd1bd726f240123f704620d46e285ff30dd9 (5.16-rc6) CVE-2022-3105 (An issue was discovered in the Linux kernel through 5.16-rc6. uapi_fin ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7694a7de22c53a312ea98960fcafc6ec62046531 (5.16) CVE-2022-3104 (An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_AR ...) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4a9800c81d2f34afb66b4b42e0330ae8298019a2 (5.19-rc1) CVE-2022-3103 (off-by-one in io_uring module.) - linux (Vulnerable code not present, introduced and fixed in 6.0 cycle) NOTE: https://git.kernel.org/linus/47abea041f897d64dbd5777f0cf7745148f85d75 (6.0-rc3) CVE-2022-3102 RESERVED CVE-2022-3101 (A flaw was found in tripleo-ansible. Due to an insecure default config ...) NOT-FOR-US: tripleo-ansible CVE-2022-3100 (A flaw was found in the openstack-barbican component. This issue allow ...) {DSA-5247-1 DLA-3136-1} - barbican 1:15.0.0~rc3-1 (bug #1021139) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 NOTE: https://review.opendev.org/c/openstack/barbican/+/859852 CVE-2022-39798 RESERVED CVE-2022-39797 RESERVED CVE-2022-39796 RESERVED CVE-2022-39795 RESERVED CVE-2022-39794 RESERVED CVE-2022-39793 RESERVED CVE-2022-39792 RESERVED CVE-2022-39791 RESERVED CVE-2022-39790 RESERVED CVE-2022-39789 RESERVED CVE-2022-39788 RESERVED CVE-2022-39787 RESERVED CVE-2022-39786 RESERVED CVE-2022-39785 RESERVED CVE-2022-39784 RESERVED CVE-2022-39783 RESERVED CVE-2022-39782 RESERVED CVE-2022-39781 RESERVED CVE-2022-39780 RESERVED CVE-2022-39779 RESERVED CVE-2022-39778 RESERVED CVE-2022-39777 RESERVED CVE-2022-39776 RESERVED CVE-2022-39775 RESERVED CVE-2022-39774 RESERVED CVE-2022-39773 RESERVED CVE-2022-39772 RESERVED CVE-2022-39771 RESERVED CVE-2022-39770 RESERVED CVE-2022-39769 RESERVED CVE-2022-39768 RESERVED CVE-2022-39767 RESERVED CVE-2022-39766 RESERVED CVE-2022-39765 RESERVED CVE-2022-39764 RESERVED CVE-2022-39763 RESERVED CVE-2022-39762 RESERVED CVE-2022-39761 RESERVED CVE-2022-39760 RESERVED CVE-2022-39759 RESERVED CVE-2022-39758 RESERVED CVE-2022-39757 RESERVED CVE-2022-39756 RESERVED CVE-2022-39755 RESERVED CVE-2022-39754 RESERVED CVE-2022-39753 RESERVED CVE-2022-39752 RESERVED CVE-2022-39751 RESERVED CVE-2022-39750 RESERVED CVE-2022-39749 RESERVED CVE-2022-39748 RESERVED CVE-2022-39747 RESERVED CVE-2022-39746 RESERVED CVE-2022-39745 RESERVED CVE-2022-39744 RESERVED CVE-2022-39743 RESERVED CVE-2022-39742 RESERVED CVE-2022-39741 RESERVED CVE-2022-39740 RESERVED CVE-2022-39739 RESERVED CVE-2022-39738 RESERVED CVE-2022-39737 RESERVED CVE-2022-39736 RESERVED CVE-2022-39735 RESERVED CVE-2022-39734 RESERVED CVE-2022-39733 RESERVED CVE-2022-39732 RESERVED CVE-2022-39731 RESERVED CVE-2022-39730 RESERVED CVE-2022-39729 RESERVED CVE-2022-39728 RESERVED CVE-2022-39727 RESERVED CVE-2022-39726 RESERVED CVE-2022-39725 RESERVED CVE-2022-39724 RESERVED CVE-2022-39723 RESERVED CVE-2022-39722 RESERVED CVE-2022-39721 RESERVED CVE-2022-39720 RESERVED CVE-2022-39719 RESERVED CVE-2022-39718 RESERVED CVE-2022-39717 RESERVED CVE-2022-39716 RESERVED CVE-2022-39715 RESERVED CVE-2022-39714 RESERVED CVE-2022-39713 RESERVED CVE-2022-39712 RESERVED CVE-2022-39711 RESERVED CVE-2022-39710 RESERVED CVE-2022-39709 RESERVED CVE-2022-39708 RESERVED CVE-2022-39707 RESERVED CVE-2022-39706 RESERVED CVE-2022-39705 RESERVED CVE-2022-39704 RESERVED CVE-2022-39703 RESERVED CVE-2022-39702 RESERVED CVE-2022-39701 RESERVED CVE-2022-39700 RESERVED CVE-2022-39699 RESERVED CVE-2022-39698 RESERVED CVE-2022-39697 RESERVED CVE-2022-39696 RESERVED CVE-2022-39695 RESERVED CVE-2022-39694 RESERVED CVE-2022-39693 RESERVED CVE-2022-39692 RESERVED CVE-2022-39691 RESERVED CVE-2022-39690 RESERVED CVE-2022-39689 RESERVED CVE-2022-39688 RESERVED CVE-2022-39687 RESERVED CVE-2022-39686 RESERVED CVE-2022-39685 RESERVED CVE-2022-39684 RESERVED CVE-2022-39683 RESERVED CVE-2022-39682 RESERVED CVE-2022-39681 RESERVED CVE-2022-39680 RESERVED CVE-2022-39679 RESERVED CVE-2022-39678 RESERVED CVE-2022-39677 RESERVED CVE-2022-39676 RESERVED CVE-2022-39675 RESERVED CVE-2022-39674 RESERVED CVE-2022-39673 RESERVED CVE-2022-39672 RESERVED CVE-2022-39671 RESERVED CVE-2022-39670 RESERVED CVE-2022-39669 RESERVED CVE-2022-39668 RESERVED CVE-2022-39667 RESERVED CVE-2022-39666 RESERVED CVE-2022-39665 RESERVED CVE-2022-39664 RESERVED CVE-2022-39663 RESERVED CVE-2022-39662 RESERVED CVE-2022-39661 RESERVED CVE-2022-39660 RESERVED CVE-2022-39659 RESERVED CVE-2022-39658 RESERVED CVE-2022-39657 RESERVED CVE-2022-39656 RESERVED CVE-2022-39655 RESERVED CVE-2022-39654 RESERVED CVE-2022-39653 RESERVED CVE-2022-39652 RESERVED CVE-2022-39651 RESERVED CVE-2022-39650 RESERVED CVE-2022-39649 RESERVED CVE-2022-39648 RESERVED CVE-2022-39647 RESERVED CVE-2022-39646 RESERVED CVE-2022-39645 RESERVED CVE-2022-39644 RESERVED CVE-2022-39643 RESERVED CVE-2022-39642 RESERVED CVE-2022-39641 RESERVED CVE-2022-39640 RESERVED CVE-2022-39639 RESERVED CVE-2022-39638 RESERVED CVE-2022-39637 RESERVED CVE-2022-39636 RESERVED CVE-2022-39635 RESERVED CVE-2022-39634 RESERVED CVE-2022-39633 RESERVED CVE-2022-39632 RESERVED CVE-2022-39631 RESERVED CVE-2022-39630 RESERVED CVE-2022-39629 RESERVED CVE-2022-39628 RESERVED CVE-2022-39627 RESERVED CVE-2022-39626 RESERVED CVE-2022-39625 RESERVED CVE-2022-39624 RESERVED CVE-2022-39623 RESERVED CVE-2022-39622 RESERVED CVE-2022-39621 RESERVED CVE-2022-39620 RESERVED CVE-2022-39619 RESERVED CVE-2022-39618 RESERVED CVE-2022-39617 RESERVED CVE-2022-39616 RESERVED CVE-2022-39615 RESERVED CVE-2022-39614 RESERVED CVE-2022-39613 RESERVED CVE-2022-39612 RESERVED CVE-2022-39611 RESERVED CVE-2022-39610 RESERVED CVE-2022-39609 RESERVED CVE-2022-39608 RESERVED CVE-2022-39607 RESERVED CVE-2022-39606 RESERVED CVE-2022-39605 RESERVED CVE-2022-39604 RESERVED CVE-2022-39603 RESERVED CVE-2022-39602 RESERVED CVE-2022-39601 RESERVED CVE-2022-39600 RESERVED CVE-2022-39599 RESERVED CVE-2022-39598 RESERVED CVE-2022-39597 RESERVED CVE-2022-39596 RESERVED CVE-2022-39595 RESERVED CVE-2022-39594 RESERVED CVE-2022-39593 RESERVED CVE-2022-39592 RESERVED CVE-2022-39591 RESERVED CVE-2022-39590 RESERVED CVE-2022-39589 RESERVED CVE-2022-39588 RESERVED CVE-2022-39587 RESERVED CVE-2022-39586 RESERVED CVE-2022-39585 RESERVED CVE-2022-39584 RESERVED CVE-2022-39583 RESERVED CVE-2022-39582 RESERVED CVE-2022-39581 RESERVED CVE-2022-39580 RESERVED CVE-2022-39579 RESERVED CVE-2022-39578 RESERVED CVE-2022-39577 RESERVED CVE-2022-39576 RESERVED CVE-2022-39575 RESERVED CVE-2022-39574 RESERVED CVE-2022-39573 RESERVED CVE-2022-39572 RESERVED CVE-2022-39571 RESERVED CVE-2022-39570 RESERVED CVE-2022-39569 RESERVED CVE-2022-39568 RESERVED CVE-2022-39567 RESERVED CVE-2022-39566 RESERVED CVE-2022-39565 RESERVED CVE-2022-39564 RESERVED CVE-2022-39563 RESERVED CVE-2022-39562 RESERVED CVE-2022-39561 RESERVED CVE-2022-39560 RESERVED CVE-2022-39559 RESERVED CVE-2022-39558 RESERVED CVE-2022-39557 RESERVED CVE-2022-39556 RESERVED CVE-2022-39555 RESERVED CVE-2022-39554 RESERVED CVE-2022-39553 RESERVED CVE-2022-39552 RESERVED CVE-2022-39551 RESERVED CVE-2022-39550 RESERVED CVE-2022-39549 RESERVED CVE-2022-39548 RESERVED CVE-2022-39547 RESERVED CVE-2022-39546 RESERVED CVE-2022-39545 RESERVED CVE-2022-39544 RESERVED CVE-2022-39543 RESERVED CVE-2022-39542 RESERVED CVE-2022-39541 RESERVED CVE-2022-39540 RESERVED CVE-2022-39539 RESERVED CVE-2022-39538 RESERVED CVE-2022-39537 RESERVED CVE-2022-39536 RESERVED CVE-2022-39535 RESERVED CVE-2022-39534 RESERVED CVE-2022-39533 RESERVED CVE-2022-39532 RESERVED CVE-2022-39531 RESERVED CVE-2022-39530 RESERVED CVE-2022-39529 RESERVED CVE-2022-39528 RESERVED CVE-2022-39527 RESERVED CVE-2022-39526 RESERVED CVE-2022-39525 RESERVED CVE-2022-39524 RESERVED CVE-2022-39523 RESERVED CVE-2022-39522 RESERVED CVE-2022-39521 RESERVED CVE-2022-39520 RESERVED CVE-2022-39519 RESERVED CVE-2022-39518 RESERVED CVE-2022-39517 RESERVED CVE-2022-39516 RESERVED CVE-2022-39515 RESERVED CVE-2022-39514 RESERVED CVE-2022-39513 RESERVED CVE-2022-39512 RESERVED CVE-2022-39511 RESERVED CVE-2022-39510 RESERVED CVE-2022-39509 RESERVED CVE-2022-39508 RESERVED CVE-2022-39507 RESERVED CVE-2022-39506 RESERVED CVE-2022-39505 RESERVED CVE-2022-39504 RESERVED CVE-2022-39503 RESERVED CVE-2022-39502 RESERVED CVE-2022-39501 RESERVED CVE-2022-39500 RESERVED CVE-2022-39499 RESERVED CVE-2022-39498 RESERVED CVE-2022-39497 RESERVED CVE-2022-39496 RESERVED CVE-2022-39495 RESERVED CVE-2022-39494 RESERVED CVE-2022-39493 RESERVED CVE-2022-39492 RESERVED CVE-2022-39491 RESERVED CVE-2022-39490 RESERVED CVE-2022-39489 RESERVED CVE-2022-39488 RESERVED CVE-2022-39487 RESERVED CVE-2022-39486 RESERVED CVE-2022-39485 RESERVED CVE-2022-39484 RESERVED CVE-2022-39483 RESERVED CVE-2022-39482 RESERVED CVE-2022-39481 RESERVED CVE-2022-39480 RESERVED CVE-2022-39479 RESERVED CVE-2022-39478 RESERVED CVE-2022-39477 RESERVED CVE-2022-39476 RESERVED CVE-2022-39475 RESERVED CVE-2022-39474 RESERVED CVE-2022-39473 RESERVED CVE-2022-39472 RESERVED CVE-2022-39471 RESERVED CVE-2022-39470 RESERVED CVE-2022-39469 RESERVED CVE-2022-39468 RESERVED CVE-2022-39467 RESERVED CVE-2022-39466 RESERVED CVE-2022-39465 RESERVED CVE-2022-39464 RESERVED CVE-2022-39463 RESERVED CVE-2022-39462 RESERVED CVE-2022-39461 RESERVED CVE-2022-39460 RESERVED CVE-2022-39459 RESERVED CVE-2022-39458 RESERVED CVE-2022-39457 RESERVED CVE-2022-39456 RESERVED CVE-2022-39455 RESERVED CVE-2022-39454 RESERVED CVE-2022-39453 RESERVED CVE-2022-39452 RESERVED CVE-2022-39451 RESERVED CVE-2022-39450 RESERVED CVE-2022-39449 RESERVED CVE-2022-39448 RESERVED CVE-2022-39447 RESERVED CVE-2022-39446 RESERVED CVE-2022-39445 RESERVED CVE-2022-39444 RESERVED CVE-2022-39443 RESERVED CVE-2022-39442 RESERVED CVE-2022-39441 RESERVED CVE-2022-39440 RESERVED CVE-2022-39439 RESERVED CVE-2022-39438 RESERVED CVE-2022-39437 RESERVED CVE-2022-39436 RESERVED CVE-2022-39435 RESERVED CVE-2022-39434 RESERVED CVE-2022-39433 RESERVED CVE-2022-39432 RESERVED CVE-2022-39431 RESERVED CVE-2022-39430 RESERVED CVE-2022-39429 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2022-39428 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2022-39427 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39426 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39425 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39424 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39423 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.38-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39422 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.38-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39421 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-39420 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-39419 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2022-39418 RESERVED CVE-2022-39417 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-39416 RESERVED CVE-2022-39415 RESERVED CVE-2022-39414 RESERVED CVE-2022-39413 RESERVED CVE-2022-39412 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2022-39411 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-39410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-39409 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-39408 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-39407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-39406 (Vulnerability in the PeopleSoft Enterprise Common Components product o ...) NOT-FOR-US: Oracle CVE-2022-39405 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2022-39404 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...) NOT-FOR-US: Oracle CVE-2022-39403 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) NOT-FOR-US: Oracle (MySQL Shell) CVE-2022-39402 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-11 11.0.17+8-1 - openjdk-17 17.0.5+8-1 CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...) NOT-FOR-US: GLPI plugin CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...) NOT-FOR-US: aliyun-oss-client CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) NOT-FOR-US: Vela CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) NOT-FOR-US: wasmtime CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) NOT-FOR-US: wasmtime CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) NOT-FOR-US: wasmtime CVE-2022-39391 RESERVED CVE-2022-39390 REJECTED CVE-2022-39389 (Lightning Network Daemon (lnd) is an implementation of a lightning bit ...) NOT-FOR-US: Lightning Network Daemon CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...) NOT-FOR-US: XWiki CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...) NOT-FOR-US: @fastify/websocket CVE-2022-39385 (Discourse is the an open source discussion platform. In some rare case ...) NOT-FOR-US: Discourse CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-39383 (KubeVela is an open source application delivery platform. Users using ...) NOT-FOR-US: KubeVela CVE-2022-39382 (Keystone is a headless CMS for Node.js \u2014 built with GraphQL and R ...) NOT-FOR-US: Keystone CMS CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...) NOT-FOR-US: Muhammara Nodejs module CVE-2022-39380 (Wire web-app is part of Wire communications. Versions prior to 2022-11 ...) NOT-FOR-US: Wire webapp CVE-2022-39379 (Fluentd collects events from various data sources and writes them to f ...) - fluentd (bug #926692) CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...) NOT-FOR-US: Discourse CVE-2022-39377 (sysstat is a set of system performance tools for the Linux operating s ...) {DLA-3188-1} - sysstat 12.6.1-1 (bug #1023832) [bullseye] - sysstat (Minor issue) NOTE: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x NOTE: https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540 (v12.7.1) NOTE: The original fix is incomplete and opens up CVE-2023-33204. CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39375 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39374 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.68.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209956 CVE-2022-39373 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cw37-q82c-w546 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39372 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5rj7-95qc-89h2 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39371 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7wc-728f-6mm8 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39370 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6c2p-wgx9-vrjc NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications to ea ...) {DLA-3485-1} - php-cas 1.6.0-1 (bug #1023571) NOTE: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64 NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163 (1.6.0) CVE-2022-39368 (Eclipse Californium is a Java implementation of RFC7252 - Constrained ...) NOT-FOR-US: Eclipse Californium CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery. ...) NOT-FOR-US: QTIWorks CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45, ...) NOT-FOR-US: DataHub CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-39363 RESERVED CVE-2022-39362 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) NOT-FOR-US: Metabase CVE-2022-39361 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) NOT-FOR-US: Metabase CVE-2022-39360 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) NOT-FOR-US: Metabase CVE-2022-39359 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) NOT-FOR-US: Metabase CVE-2022-39358 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) NOT-FOR-US: Metabase CVE-2022-39357 (Winter is a free, open-source content management system based on the L ...) NOT-FOR-US: Winter CVE-2022-39356 (Discourse is a platform for community discussion. Users who receive an ...) NOT-FOR-US: Discourse CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and ...) NOT-FOR-US: Discourse Patreon CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...) NOT-FOR-US: Rust crate evm CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...) {DLA-3260-1} - node-xmldom 0.8.6-1 (bug #1024736) [bullseye] - node-xmldom 0.5.0-1+deb11u2 NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883 NOTE: https://github.com/jindw/xmldom/issues/150 CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine inspired ...) NOT-FOR-US: OpenFGA CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...) NOT-FOR-US: Dependency-Track CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...) NOT-FOR-US: @dependencytrack/frontend CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...) NOT-FOR-US: Tasks.org Android app CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...) {DLA-3212-1} - twisted 22.4.0-4 (bug #1023359) [bullseye] - twisted (Minor issue) NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1) CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) {DLA-3654-1} - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d CVE-2022-39346 (Nextcloud server is an open source personal cloud server. Affected ver ...) - nextcloud-server (bug #941708) CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: Gin-vue-admin CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that\u2019s fully int ...) NOT-FOR-US: Azure RTOS FileX CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) NOT-FOR-US: OpenFGA CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) NOT-FOR-US: OpenFGA CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...) NOT-FOR-US: OpenFGA CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In versions ...) NOT-FOR-US: Nextcloud addon CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...) NOT-FOR-US: Nextcloud addon CVE-2022-39337 (Hertzbeat is an open source, real-time monitoring system with custom-m ...) NOT-FOR-US: Hertzbeat CVE-2022-39336 RESERVED CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.69.0-1 NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which is someti ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv NOTE: https://github.com/nextcloud/desktop/issues/4927 NOTE: https://github.com/nextcloud/desktop/pull/5022 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8 NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1711847 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1668028 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 [bullseye] - nextcloud-desktop (Minor issue) [buster] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5 NOTE: https://github.com/nextcloud/desktop/pull/4944 NOTE: https://hackerone.com/reports/1668028 CVE-2022-39330 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-39329 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-39328 (Grafana is an open-source platform for monitoring and observability. V ...) - grafana CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In versio ...) - azure-cli (Windows-specific vulnerabilities) NOTE: https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 NOTE: https://github.com/Azure/azure-cli/pull/23514 NOTE: https://github.com/Azure/azure-cli/pull/24015 CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for GitHub A ...) NOT-FOR-US: kartverket/github-workflows CVE-2022-39325 (BaserCMS is a content management system with a japanese language focus ...) NOT-FOR-US: BaserCMS CVE-2022-39324 (Grafana is an open-source platform for monitoring and observability. P ...) - grafana CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...) NOT-FOR-US: Keystone CMS CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...) NOT-FOR-US: GitHub Actions Runner CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j NOTE: https://github.com/FreeRDP/FreeRDP/commit/68c6a8c1878b5294aecb04d5e27531a720b3793f (2.9.0) NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/0927d7aa50c76b671b55c33e0f06c950d1f08e9a (2.0.0) CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) {DLA-3654-1} - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 (2.9.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/ff82ae84342f68afc37f289a164d65ee3daefe97 (2.9.0) CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) {DLA-3654-1} - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...) {DLA-3654-1} - freerdp2 2.9.0+dfsg1-1 (bug #1024511) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...) NOT-FOR-US: Kirby CMS CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...) NOT-FOR-US: Kirby CMS CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39312 (Dataease is an open source data visualization analysis tool. Dataease ...) NOT-FOR-US: Dataease CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) NOT-FOR-US: GoCD CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) NOT-FOR-US: GoCD CVE-2022-39309 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) NOT-FOR-US: GoCD CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) NOT-FOR-US: GoCD CVE-2022-39307 (Grafana is an open-source platform for monitoring and observability. W ...) - grafana CVE-2022-39306 (Grafana is an open-source platform for monitoring and observability. V ...) - grafana CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: Gin-vue-admin CVE-2022-39304 (ghinstallation provides transport, which implements http.RoundTripper ...) NOT-FOR-US: ghinstallation CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...) NOT-FOR-US: Ree6 CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...) NOT-FOR-US: Ree6 CVE-2022-39301 (sra-admin is a background rights management system that separates the ...) NOT-FOR-US: sra-admin CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...) NOT-FOR-US: Node saml CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) NOT-FOR-US: Passport-SAML CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...) NOT-FOR-US: MelisFront CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templating ...) NOT-FOR-US: MelisCms CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...) NOT-FOR-US: MelisAssetManager CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...) NOT-FOR-US: Knowage CVE-2022-39294 (conduit-hyper integrates a conduit application with the hyper server. ...) NOT-FOR-US: conduit-hyper CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...) NOT-FOR-US: Azure RTOS USBX CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...) NOT-FOR-US: Slack Morphism CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74 NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 NOTE: https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c NOTE: https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b NOTE: https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408 NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-39290 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. Affecte ...) NOT-FOR-US: Node fastify CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...) NOT-FOR-US: tiny-csrf Nodejs module CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...) {DSA-5422-1 DLA-3195-1} - jupyter-core 4.11.2-1 (bug #1023361) NOTE: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp NOTE: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 (4.11.2) CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...) - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433 NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d NOTE: https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59 NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...) - codeigniter (bug #471583) CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. All Fre ...) {DLA-3654-1} - freerdp2 2.8.1+dfsg1-1 (bug #1021659) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/be793c3bb776c1bbda9156b427408d5a5eb00f70 (not confirmed by upstream) CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...) {DLA-3654-1} - freerdp2 2.8.1+dfsg1-1 (bug #1021659) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe (not confirmed by upstream) CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship ...) NOT-FOR-US: fat_free_crm CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...) NOT-FOR-US: dparse (parser for Python dependency files) CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...) NOT-FOR-US: discourse-chat plugin for Discourse CVE-2022-39278 (Istio is an open platform-independent service mesh that provides traff ...) NOT-FOR-US: Istio CVE-2022-39277 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rhcw-8r7g-8pwc NOTE: https://huntr.dev/bounties/8e047ae1-7a7c-48e0-bee3-d1c36e52ff42/ NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39276 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p NOTE: https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/ NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...) NOT-FOR-US: Saleor CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...) NOT-FOR-US: LoRaMac-node CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...) NOT-FOR-US: FlyteAdmin CVE-2022-39272 (Flux is an open and extensible continuous delivery solution for Kubern ...) NOT-FOR-US: Flux CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...) - traefik (bug #983289) CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...) NOT-FOR-US: DiscoTOC Discourse theme CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3335-1} - asterisk 1:20.3.0~dfsg+~cs6.13.40431413-1 (bug #1032092) - pjproject - ring 20230206.0~ds1-1 [bullseye] - ring (Vulnerable code introduced later) [buster] - ring (Vulnerable code introduced later) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg NOTE: Introduced by: https://github.com/pjsip/pjproject/commit/db4f8f23b9962b4e567faa0784608174376ead8f (2.11) NOTE: Fixed by: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc (2.13) CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...) NOT-FOR-US: orchest/orchest CVE-2022-39267 (Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB ...) NOT-FOR-US: Bifrost CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...) NOT-FOR-US: isolated-vm CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Settings_ \u2 ...) NOT-FOR-US: MyBB CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...) - nheko 0.10.2-1 [bullseye] - nheko (Vulnerable code not present) [buster] - nheko (Vulnerable code not present) NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7 NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2) NOTE: Support for secrets in keychain: https://github.com/Nheko-Reborn/nheko/commit/7b46aa2a6e4fdb71632128a94b6645613631d8d4 (v0.8.0) CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...) NOT-FOR-US: next-auth/upstash-redis-adapter CVE-2022-39262 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-4x48-q2wr-cpg4 NOTE: https://huntr.dev/bounties/54fc907e-6983-4c24-b249-1440aac1643c/ NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...) {DSA-5248-1 DLA-3147-1} - php-twig 3.4.3-1 (bug #1020991) - twig NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33 NOTE: https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b (v1.44.7, v2.15.3, v3.4.3) CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...) {DSA-5332-1 DLA-3239-1} - git 1:2.38.1-1 (bug #1022046) NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u NOTE: https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa (v2.30.6) NOTE: https://github.com/git/git/commit/71ad7fe1bcec2a115bd0ab187240348358aa7f21 (v2.30.6) NOTE: https://github.com/git/git/commit/0ca6ead81edd4fb1984b69aae87c1189e3025530 (v2.30.6) CVE-2022-39259 (jadx is a set of command line and GUI tools for producing Java source ...) NOT-FOR-US: jadx CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions prior to 20 ...) NOT-FOR-US: mailcow CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...) NOT-FOR-US: Matrix iOS SDK CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System. A vuln ...) NOT-FOR-US: Orckestra C1 CMS CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...) NOT-FOR-US: Matrix iOS SDK CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according to sa ...) - python-matrix-nio 0.20.0-1 NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0) CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...) {DSA-5332-1 DLA-3239-1} - git 1:2.38.1-1 (bug #1022046) NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u NOTE: https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 (v2.30.6) NOTE: https://github.com/git/git/commit/7de0c306f7b758d3fb537c18c2751f6250cea7a0 (v2.30.6) NOTE: https://github.com/git/git/commit/8a96dbcb339d25ba1813632319ea4052bc586ddf (v2.30.6) NOTE: https://github.com/git/git/commit/99f4abb8dae4c9c604e5d5cf255958bbe537b928 (v2.30.6) NOTE: https://github.com/git/git/commit/f8d510ed0b357787c8d035d64f240bd82b424dc4 (v2.30.6) NOTE: https://github.com/git/git/commit/ac7e57fa288260341bdbd5e9abcdd24eaf214740 (v2.30.6) NOTE: https://github.com/git/git/commit/225d2d50ccef4baae410a96b9dc9e3978d164826 (v2.30.6) NOTE: https://github.com/git/git/commit/0f21b8f468566b991eea60bb7bdf2fce9265e367 (v2.30.6) NOTE: https://github.com/git/git/commit/0d3beb71dad7906f576b0de9cea32164549163fe (v2.30.6) NOTE: https://github.com/git/git/commit/f4a32a550f9d40471fb42ed1e5c8612dfe4a83b1 (v2.30.6) NOTE: https://github.com/git/git/commit/a1d4f67c12ac172f835e6d5e4e0a197075e2146b (v2.30.6) CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) NOT-FOR-US: matrix-rust-sdk CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) [buster] - node-matrix-js-sdk (Can wait for next update) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...) - node-matrix-js-sdk (bug #1021136) [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) [buster] - node-matrix-js-sdk (Can wait for next update) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) [buster] - node-matrix-js-sdk (Can wait for next update) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061 NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...) NOT-FOR-US: Matrix SDK for Android CVE-2022-39247 RESERVED CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...) NOT-FOR-US: Matrix SDK for Android CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...) NOT-FOR-US: Makedeb Mist CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 - pjproject - ring 20230206.0~ds1-1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj NOTE: https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...) NOT-FOR-US: NuProcess CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...) NOT-FOR-US: Frontier CVE-2022-39241 (Discourse is a platform for community discussion. A malicious admin co ...) NOT-FOR-US: Discourse CVE-2022-39240 (MyGraph is a permission management system. Versions prior to 1.0.4 are ...) NOT-FOR-US: MyGraph CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using ipx. ...) NOT-FOR-US: netlify-ipx CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) NOT-FOR-US: Arvados CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...) - golang-github-sylabs-sif 2.8.3-1 (bug #1023570) [bullseye] - golang-github-sylabs-sif (Minor issue) - singularity-container 3.10.3+ds1-1 NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 NOTE: https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1) NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1) CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) - node-matrix-js-sdk (bug #1021136) [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) [buster] - node-matrix-js-sdk (Minor issue) NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488 CVE-2022-39235 RESERVED CVE-2022-39234 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-pgcx-mc58-3gmg NOTE: Only supported behind an authenticated HTTP zone CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...) NOT-FOR-US: Discourse CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...) NOT-FOR-US: fhir-works-on-aws-authz-smart CVE-2022-39229 (Grafana is an open source data visualization platform for metrics, log ...) - grafana CVE-2022-39228 (vantage6 is a privacy preserving federated learning infrastructure for ...) NOT-FOR-US: vantage6 CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...) NOT-FOR-US: python-jwt (not the same as src:pyjwt) CVE-2022-39226 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-39225 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. Versions prior ...) NOT-FOR-US: arr-pm CVE-2022-39223 RESERVED CVE-2022-39222 (Dex is an identity service that uses OpenID Connect to drive authentic ...) - coreos-dex (bug #879562) CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraft serv ...) NOT-FOR-US: McWebserver CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...) NOT-FOR-US: SFTPGo CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...) NOT-FOR-US: Bifrost CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute@Edge platform provides the ...) NOT-FOR-US: Fastly CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...) NOT-FOR-US: GitHub Advanced Security to CSV CVE-2022-39216 (Combodo iTop is an open source, web-based IT service management platfo ...) NOT-FOR-US: Combodo CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2022-39214 (Combodo iTop is an open source, web-based IT service management platfo ...) NOT-FOR-US: Combodo CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...) NOT-FOR-US: go-cvss CVE-2022-39212 (Nextcloud Talk is an open source chat, video & audio calls client for ...) NOT-FOR-US: Nextcloud Talk CVE-2022-39211 (Nextcloud server is an open source personal cloud platform. In affecte ...) - nextcloud-server (bug #941708) CVE-2022-39210 (Nextcloud android is the official Android client for the Nextcloud hom ...) NOT-FOR-US: Nextcloud android CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm 0.29.0.gfm.6-2 (bug #1020588) [bookworm] - cmark-gfm (Minor issue) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #1034887) [bookworm] - python-cmarkgfm (Minor issue) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - ghostwriter 2.1.6+ds-1 (unimportant) - ruby-commonmarker (bug #1034888) [bookworm] - ruby-commonmarker (Minor issue) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) - r-cran-commonmark 1.8.1-1 [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q NOTE: https://github.com/github/cmark-gfm/commit/cfcaa0068bf319974fdec283416fcee5035c2d70 (0.29.0.gfm.6) NOTE: For ghostwriter just a hang/crash in GUI tool, no security impact CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) NOT-FOR-US: Onedev CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) NOT-FOR-US: Onedev CVE-2022-39206 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) NOT-FOR-US: Onedev CVE-2022-39205 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) NOT-FOR-US: Onedev CVE-2022-39204 RESERVED CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...) NOT-FOR-US: matrix-appservice-irc CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...) NOT-FOR-US: matrix-appservice-irc CVE-2022-39201 (Grafana is an open source observability and data visualization platfor ...) - grafana CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...) NOT-FOR-US: Dendrite CVE-2022-39199 (immudb is a database with built-in cryptographic proof and verificatio ...) NOT-FOR-US: immudb CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 a ...) NOT-FOR-US: Apache Dubbo CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.) {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360) CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-3097 (The Plugin LBstopattack WordPress plugin before 1.1.3 does not use non ...) NOT-FOR-US: WordPress plugin CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...) NOT-FOR-US: WordPress plugin CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...) NOT-FOR-US: Dart language (different from src:dart) CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to allocate l ...) {DSA-5329-1} - bind9 1:9.18.11-1 [buster] - bind9 (Upstream considers this a minor issue before 9.16) NOTE: https://kb.isc.org/docs/cve-2022-3094 CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...) NOT-FOR-US: Cobalt Strike CVE-2022-39196 (Blackboard Learn 1.10.1 allows remote authenticated users to read unin ...) NOT-FOR-US: Blackboard Learn CVE-2022-39195 (A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web inte ...) NOT-FOR-US: LISTSERV CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...) NOT-FOR-US: MediaWiki extension GrowthExperiments CVE-2022-39193 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2022-39192 RESERVED NOT-FOR-US: Mediawiki extension IPInfo CVE-2022-39191 RESERVED NOT-FOR-US: Mediawiki extension OAuth CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the Linux ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/e02f0d3970404bfea385b6edb86f2d936db0ea2b (6.0-rc3) CVE-2022-39187 (Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripti ...) NOT-FOR-US: Rumpus CVE-2022-39186 (EXFO - BV-10 Performance Endpoint Unit misconfiguration. System config ...) NOT-FOR-US: EXFO CVE-2022-39185 (EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. U ...) NOT-FOR-US: EXFO CVE-2022-39184 (EXFO - BV-10 Performance Endpoint Unit authentication bypass User can ...) NOT-FOR-US: EXFO CVE-2022-39183 (Moodle Plugin - SAML Auth may allow Open Redirect through unspecified ...) NOT-FOR-US: Moodle plugin CVE-2022-39182 (H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 i ...) NOT-FOR-US: H C Mingham-Smith Ltd - Tardis 2000 CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...) NOT-FOR-US: GLPI plugin CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...) NOT-FOR-US: College Management System CVE-2022-39179 (College Management System v1.0 - Authenticated remote code execution. ...) NOT-FOR-US: College Management System CVE-2022-39178 (Webvendome - webvendome Internal Server IP Disclosure. Send GET Reques ...) NOT-FOR-US: Webvendome CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...) {DLA-3157-1} - bluez 5.61-1 [bullseye] - bluez (Minor issue) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b (5.59) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a (5.59) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4 (5.60) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37 (5.61) NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 CVE-2022-39176 (BlueZ before 5.59 allows physically proximate attackers to obtain sens ...) {DLA-3157-1} - bluez 5.61-1 [bullseye] - bluez (Minor issue) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b (5.59) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a (5.59) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4 (5.60) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37 (5.61) NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 CVE-2022-39175 RESERVED CVE-2022-39174 RESERVED CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...) - wolfssl 5.5.3-1 (bug #1021021) [bullseye] - wolfssl 4.6.0+p1-0+deb11u2 CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) ...) NOT-FOR-US: mbsupport openVIVA c2 CVE-2022-39171 RESERVED CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...) - dwarfutils (Vulnerable code introduced later) NOTE: https://github.com/davea42/libdwarf-code/issues/132 NOTE: Introduced after: https://github.com/davea42/libdwarf-code/commit/d3ba444c4e4891545552590d9d36c2049197678e NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/428235e3d132fb62faf7732735fdbb034d6264b4 NOTE: https://www.prevanders.net/dwarfbug.html#DW202208-001 CVE-2022-39169 RESERVED CVE-2022-39168 (IBM Robotic Process Automation Clients are vulnerable to proxy credent ...) NOT-FOR-US: IBM CVE-2022-39167 (IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain con ...) NOT-FOR-US: IBM CVE-2022-39166 (IBM Security Guardium 11.4 could allow a privileged user to obtain sen ...) NOT-FOR-US: IBM CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-39164 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-39163 RESERVED CVE-2022-39162 RESERVED CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere ...) NOT-FOR-US: IBM CVE-2022-39160 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2022-3093 (This vulnerability allows physical attackers to execute arbitrary code ...) NOT-FOR-US: Tesla vehicles CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of- ...) NOT-FOR-US: GE CIMPICITY CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function could ...) NOT-FOR-US: RONDS EPM CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...) NOT-FOR-US: Red Lion Controls Crimson CVE-2022-3089 (Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credent ...) NOT-FOR-US: Echelon CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...) NOT-FOR-US: Moxa CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...) NOT-FOR-US: Fuji CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...) NOT-FOR-US: Moxa CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...) NOT-FOR-US: Fuji CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...) NOT-FOR-US: GE CIMPICITY CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable toCWE-784: Rel ...) NOT-FOR-US: Landis+Gyr E850 CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...) {DSA-5480-1 DLA-3623-1} - linux 5.19.6-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2) CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...) {DSA-5257-1 DLA-3173-1 DLA-3131-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 NOTE: https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com/ NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15 CVE-2022-39159 REJECTED CVE-2022-39158 (Affected devices improperly handle partial HTTP requests which makes t ...) NOT-FOR-US: Siemens CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39154 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39153 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39152 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39151 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39150 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39149 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39148 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39147 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39146 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39145 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39144 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39143 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39142 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39141 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39140 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39139 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-39135 (Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRAC ...) NOT-FOR-US: Apache Calcite CVE-2022-39134 (In audio driver, there is a use after free due to a race condition. Th ...) NOT-FOR-US: Unisoc CVE-2022-39133 (In wlan driver, there is a possible missing bounds check, This could l ...) NOT-FOR-US: Unisoc CVE-2022-39132 (In camera driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39131 (In camera driver, there is a possible memory corruption due to imprope ...) NOT-FOR-US: Unisoc CVE-2022-39130 (In face detect driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-39129 (In face detect driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39119 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39118 (In sprd_sysdump driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-39116 (In sprd_sysdump driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39113 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39112 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39111 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39110 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39109 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39108 (In Music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-39104 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39102 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39101 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39100 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39099 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39098 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39097 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39096 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39095 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39094 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39093 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39092 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39091 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39090 (In power management service, there is a missing permission check. This ...) NOT-FOR-US: Unisoc CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-39088 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39087 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39086 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39085 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39084 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39083 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39082 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39081 (In network service, there is a missing permission check. This could le ...) NOT-FOR-US: Unisoc CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...) NOT-FOR-US: WordPress plugin CVE-2022-3081 RESERVED CVE-2022-3080 (By sending specific queries to the resolver, an attacker can cause nam ...) {DSA-5235-1} - bind9 1:9.18.7-1 [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-3080 NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/b9e2f3333d0d29deb3ef932aa7aeb28086f153bd (v9_18_7) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/3f68e2ad838b3c12a725ccb1082a54b0e8b69562 (v9_16_33) CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow ...) NOT-FOR-US: Festo CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e6a21a14106d9718aa4f8e115b1e474888eeba44 (5.18-rc1) CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Intel\u2 ...) - linux 5.18.2-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309 NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1) CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...) NOT-FOR-US: WordPress plugin CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...) {DSA-5225-1} - chromium 105.0.5195.102-1 [buster] - chromium (see DSA 5046) CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...) NOT-FOR-US: WordPress plugin CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2 ...) NOT-FOR-US: Quanos "SCHEMA ST4" example web templates CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2006-20001 (A carefully crafted If: request header can cause a memory read, or wri ...) {DSA-5376-1 DLA-3351-1} - apache2 2.4.55-1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001 CVE-2022-XXXX [wordpress 6.0.3] - wordpress 6.0.3+dfsg1-1 (bug #1022575) [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ NOTE: Some issues covered by CVE-2022-43497, CVE-2022-43500 and CVE-2022-43504 CVE-2022-XXXX [wordpress 6.0.2] - wordpress 6.0.2+dfsg1-1 (bug #1018863) [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 [buster] - wordpress 5.0.17+dfsg1-0+deb10u1 NOTE: https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/ NOTE: https://core.trac.wordpress.org/changeset/53973 (5.0) CVE-2022-39079 RESERVED CVE-2022-39078 RESERVED CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-39077 RESERVED CVE-2022-39076 RESERVED CVE-2022-39075 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) NOT-FOR-US: ZTE CVE-2022-39074 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) NOT-FOR-US: ZTE CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due to insuf ...) NOT-FOR-US: ZTE CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile Internet pro ...) NOT-FOR-US: ZTE CVE-2022-39071 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) NOT-FOR-US: ZTE CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...) NOT-FOR-US: ZTE CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...) NOT-FOR-US: ZTE CVE-2022-39068 RESERVED CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of ...) NOT-FOR-US: ZTE CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to insuffici ...) NOT-FOR-US: ZTE CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\xc5DFRI g ...) NOT-FOR-US: Ikea CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...) NOT-FOR-US: Ikea CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...) NOT-FOR-US: Open5GS UPF CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) NOT-FOR-US: Siemens CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...) NOT-FOR-US: ChangingTech MegaServiSignAdapter CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...) NOT-FOR-US: ChangingTech MegaServiSignAdapter CVE-2022-39059 (ChangingTech MegaServiSignAdapter component has a path traversal vulne ...) NOT-FOR-US: ChangingTech MegaServiSignAdapter CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...) NOT-FOR-US: RAVA certification validation system CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...) NOT-FOR-US: RAVA certification validation system CVE-2022-39056 (RAVA certificate validation system has insufficient validation for use ...) NOT-FOR-US: RAVA certification validation system CVE-2022-39055 (RAVA certificate validation system has inadequate filtering for URL pa ...) NOT-FOR-US: RAVA certification validation system CVE-2022-39054 (Cowell enterprise travel management system has insufficient filtering ...) NOT-FOR-US: Cowell enterprise travel management system CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...) NOT-FOR-US: Heimavista Rpage CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out NOTE: Was also tracked as #1024560 CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipulate cu ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...) NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...) - octoprint (bug #718591) CVE-2022-39048 (A XSS vulnerability was identified in the ServiceNow UI page assessmen ...) NOT-FOR-US: ServiceNow Tokyo CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...) - glibc (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536 NOTE: https://sourceware.org/pipermail/libc-alpha/2022-August/141707.html NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 CVE-2022-3067 (An issue has been discovered in the Import functionality of GitLab CE/ ...) - gitlab 15.10.8+ds1-2 CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...) NOT-FOR-US: jgraph/drawio CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...) {DLA-3479-1} - golang-yaml.v2 2.2.8-1 NOTE: https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 (v2.2.4) CVE-2022-3063 REJECTED CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...) NOT-FOR-US: WordPress plugin CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...) {DSA-5257-1 DLA-3173-1} - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5) CVE-2022-39043 (Juiker app stores debug logs which contains sensitive information to m ...) NOT-FOR-US: Juiker app stores CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-39040 (aEnrich a+HRD log read function has a path traversal vulnerability. An ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-39039 (aEnrich\u2019s a+HRD has inadequate filtering for specific URL paramet ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-39038 (Agentflow BPM enterprise management system has improper authentication ...) NOT-FOR-US: Agentflow BPM enterprise management system CVE-2022-39037 (Agentflow BPM file download function has a path traversal vulnerabilit ...) NOT-FOR-US: Agentflow BPM file download function CVE-2022-39036 (The file upload function of Agentflow BPM has insufficient filtering f ...) NOT-FOR-US: Agentflow BPM CVE-2022-39035 (Smart eVision has insufficient filtering for special characters in the ...) NOT-FOR-US: Smart eVision CVE-2022-39034 (Smart eVision has a path traversal vulnerability in the Report API fun ...) NOT-FOR-US: Smart eVision CVE-2022-39033 (Smart eVision\u2019s file acquisition function has a path traversal vu ...) NOT-FOR-US: Smart eVision CVE-2022-39032 (Smart eVision has an improper privilege management vulnerability. A re ...) NOT-FOR-US: Smart eVision CVE-2022-39031 (Smart eVision has insufficient authorization for task acquisition func ...) NOT-FOR-US: Smart eVision CVE-2022-39030 (smart eVision has inadequate authorization for system information quer ...) NOT-FOR-US: Smart eVision CVE-2022-39029 (Smart eVision has inadequate authorization for the database query func ...) NOT-FOR-US: Smart eVision CVE-2022-39027 (U-Office Force Forum function has insufficient filtering for special c ...) NOT-FOR-US: U-Office Force CVE-2022-39026 (U-Office Force UserDefault page has insufficient filtering for special ...) NOT-FOR-US: U-Office Force CVE-2022-39025 (U-Office Force PrintMessage function has insufficient filtering for sp ...) NOT-FOR-US: U-Office Force CVE-2022-39024 (U-Office Force Bulletin function has insufficient filtering for specia ...) NOT-FOR-US: U-Office Force CVE-2022-39023 (U-Office Force Download function has a path traversal vulnerability. A ...) NOT-FOR-US: U-Office Force CVE-2022-39022 (U-Office Force Download function has a path traversal vulnerability. A ...) NOT-FOR-US: U-Office Force CVE-2022-39021 (U-Office Force login function has an Open Redirect vulnerability. An u ...) NOT-FOR-US: U-Office Force CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in the appl ...) NOT-FOR-US: Schoolbox CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files Hubshare befo ...) NOT-FOR-US: M-Files Hubshare CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare before 3.3. ...) NOT-FOR-US: M-Files Hubshare CVE-2022-39017 (Improper input validation and output encoding in all comments fields, ...) NOT-FOR-US: M-Files Hubshare CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 al ...) NOT-FOR-US: M-Files Hubshare CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...) NOT-FOR-US: Mailform Pro CGI CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...) NOT-FOR-US: PowerCMS CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...) - gitlab 15.10.8+ds1-2 CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...) NOT-FOR-US: Schoolbox CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3057 (Inappropriate implementation in iframe Sandbox in Google Chrome prior ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3056 (Insufficient policy enforcement in Content Security Policy in Google C ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3055 (Use after free in Passwords in Google Chrome prior to 105.0.5195.52 al ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3054 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3053 (Inappropriate implementation in Pointer Lock in Google Chrome on Mac p ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3052 (Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3051 (Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacro ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3050 (Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 1 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3049 (Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros pr ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3048 (Inappropriate implementation in Chrome OS lockscreen in Google Chrome ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3047 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3046 (Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3045 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3044 (Inappropriate implementation in Site Isolation in Google Chrome prior ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3043 (Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS p ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3042 (Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105. ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3041 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3040 (Use after free in Layout in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3039 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0.5195 ...) {DSA-5223-1} - chromium 105.0.5195.52-1 [buster] - chromium (see DSA 5046) CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322.) - vim 2:9.0.0626-1 (bug #1019590; unimportant) [buster] - vim (quickfixtextfunc added in 8.2.0869) NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322) NOTE: Crash in CLI tool, no security impact CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) - snipe-it (bug #1005172) CVE-2022-3034 (When receiving an HTML email that specified to load an iframe (Only affects ESR102) [buster] - thunderbird (Only affects ESR102) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034 CVE-2022-39015 (Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker t ...) NOT-FOR-US: SAP CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) NOT-FOR-US: SAP CVE-2022-39013 (Under certain conditions an authenticated attacker can get access to O ...) NOT-FOR-US: SAP CVE-2022-39012 (Huawei Aslan Children's Watch has an improper input validation vulnera ...) NOT-FOR-US: Huawei CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...) NOT-FOR-US: Huawei CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...) NOT-FOR-US: Huawei CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...) NOT-FOR-US: Huawei CVE-2022-39008 (The NFC module has bundle serialization/deserialization vulnerabilitie ...) NOT-FOR-US: Huawei CVE-2022-39007 (The location module has a vulnerability of bypassing permission verifi ...) NOT-FOR-US: Huawei CVE-2022-39006 (The MPTCP module has the race condition vulnerability. Successful expl ...) NOT-FOR-US: Huawei CVE-2022-39005 (The MPTCP module has the memory leak vulnerability. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-39004 (The MPTCP module has the memory leak vulnerability. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-39003 (Buffer overflow vulnerability in the video framework. Successful explo ...) NOT-FOR-US: Huawei CVE-2022-39002 (Double free vulnerability in the storage module. Successful exploitati ...) NOT-FOR-US: Huawei CVE-2022-39001 (The number identification module has a path traversal vulnerability. S ...) NOT-FOR-US: Huawei CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps.Succe ...) NOT-FOR-US: Huawei CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...) NOT-FOR-US: Huawei CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data transfer ...) NOT-FOR-US: Huawei CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38995 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38994 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38993 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38992 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38991 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38990 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38989 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38988 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of the data ...) NOT-FOR-US: Huawei CVE-2022-38985 (The facial recognition module has a vulnerability in input validation. ...) NOT-FOR-US: Huawei CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data transfer ...) NOT-FOR-US: Huawei CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Succ ...) NOT-FOR-US: Huawei CVE-2022-38982 (The fingerprint module has service logic errors.Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38981 (The HwAirlink module has an out-of-bounds read vulnerability.Successfu ...) NOT-FOR-US: Huawei CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in processing d ...) NOT-FOR-US: Huawei CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...) NOT-FOR-US: Huawei CVE-2022-38977 (The HwAirlink module has a heap overflow vulnerability.Successful expl ...) NOT-FOR-US: Huawei CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...) NOT-FOR-US: ieGeek IG20 hipcam RealServer CVE-2022-38969 RESERVED CVE-2022-38968 RESERVED CVE-2022-38967 RESERVED CVE-2022-38966 RESERVED CVE-2022-38965 RESERVED CVE-2022-38964 RESERVED CVE-2022-38963 RESERVED CVE-2022-38962 RESERVED CVE-2022-38961 RESERVED CVE-2022-38960 RESERVED CVE-2022-38959 RESERVED CVE-2022-38958 RESERVED CVE-2022-38957 RESERVED CVE-2022-38956 (An exploitable firmware downgrade vulnerability was discovered on the ...) NOT-FOR-US: Netgear CVE-2022-38955 (An exploitable firmware modification vulnerability was discovered on t ...) NOT-FOR-US: Netgear CVE-2022-38954 RESERVED CVE-2022-38953 RESERVED CVE-2022-38952 RESERVED CVE-2022-38951 RESERVED CVE-2022-38950 RESERVED CVE-2022-38949 RESERVED CVE-2022-38948 RESERVED CVE-2022-38947 RESERVED CVE-2022-38946 RESERVED CVE-2022-38945 RESERVED CVE-2022-38944 RESERVED CVE-2022-38943 RESERVED CVE-2022-38942 RESERVED CVE-2022-38941 RESERVED CVE-2022-38940 RESERVED CVE-2022-38939 RESERVED CVE-2022-38938 RESERVED CVE-2022-38937 RESERVED CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...) NOT-FOR-US: PBC CVE-2022-38935 (An issue was discovered in NiterForum version 2.5.0-beta in /src/main/ ...) NOT-FOR-US: NiterForum CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...) NOT-FOR-US: readelf in ToaruOS CVE-2022-38933 RESERVED CVE-2022-38932 (readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsi ...) NOT-FOR-US: readelf in ToaruOS CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function ...) NOT-FOR-US: baijiacms CVE-2022-38930 RESERVED CVE-2022-38929 RESERVED CVE-2022-38928 (XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2 ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38927 RESERVED CVE-2022-38926 RESERVED CVE-2022-38925 RESERVED CVE-2022-38924 RESERVED CVE-2022-38923 (BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Head ...) NOT-FOR-US: BluePage CMS CVE-2022-38922 (BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Heade ...) NOT-FOR-US: BluePage CMS CVE-2022-38921 RESERVED CVE-2022-38920 RESERVED CVE-2022-38919 RESERVED CVE-2022-38918 RESERVED CVE-2022-38917 RESERVED CVE-2022-38916 (A file upload vulnerability exists in the storage feature of pagekit 1 ...) NOT-FOR-US: Pagekit CMS CVE-2022-38915 RESERVED CVE-2022-38914 RESERVED CVE-2022-38913 RESERVED CVE-2022-38912 RESERVED CVE-2022-38911 RESERVED CVE-2022-38910 RESERVED CVE-2022-38909 RESERVED CVE-2022-38908 RESERVED CVE-2022-38907 RESERVED CVE-2022-38906 RESERVED CVE-2022-38905 RESERVED CVE-2022-38904 RESERVED CVE-2022-38903 RESERVED CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module - add ne ...) NOT-FOR-US: Liferay CVE-2022-38901 (A Cross-site scripting (XSS) vulnerability in the Document and Media m ...) NOT-FOR-US: Liferay CVE-2022-38900 (decode-uri-component 0.2.0 is vulnerable to Improper Input Validation ...) NOT-FOR-US: Node decode-uri-component CVE-2022-38899 RESERVED CVE-2022-38898 RESERVED CVE-2022-38897 RESERVED CVE-2022-38896 RESERVED CVE-2022-38895 RESERVED CVE-2022-38894 RESERVED CVE-2022-38893 RESERVED CVE-2022-38892 RESERVED CVE-2022-38891 RESERVED CVE-2022-38890 (Nginx NJS v0.7.7 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-38889 RESERVED CVE-2022-38888 RESERVED CVE-2022-38887 (The d8s-python for python, as distributed on PyPI, included a potentia ...) NOT-FOR-US: d8s-python for python CVE-2022-38886 (The d8s-xml for python, as distributed on PyPI, included a potential c ...) NOT-FOR-US: d8s-xml for python CVE-2022-38885 (The d8s-netstrings for python, as distributed on PyPI, included a pote ...) NOT-FOR-US: d8s-netstrings for python CVE-2022-38884 (The d8s-grammars for python, as distributed on PyPI, included a potent ...) NOT-FOR-US: d8s-grammars for python CVE-2022-38883 (The d8s-math for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-math for python CVE-2022-38882 (The d8s-json for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-json for python CVE-2022-38881 (The d8s-archives for python, as distributed on PyPI, included a potent ...) NOT-FOR-US: d8s-archives for python CVE-2022-38880 (The d8s-urls for python, as distributed on PyPI, included a potential ...) NOT-FOR-US: d8s-urls for python CVE-2022-38879 RESERVED CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38877 (Garage Management System v1.0 is vulnerable to Arbitrary code executio ...) NOT-FOR-US: Garage Management System CVE-2022-38876 RESERVED CVE-2022-38875 RESERVED CVE-2022-38874 RESERVED CVE-2022-38873 (D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 an ...) NOT-FOR-US: D-Link CVE-2022-38872 RESERVED CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.) NOT-FOR-US: free5GC CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure.) NOT-FOR-US: free5GC CVE-2022-38869 RESERVED CVE-2022-38868 (SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol ...) NOT-FOR-US: Ehoney CVE-2022-38867 (SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 ...) NOT-FOR-US: rttys CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388) NOTE: Crash in CLI tool, no security impact CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2401 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386) NOTE: Crash in CLI tool, no security impact CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (bug #1021013) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2406 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2405 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393) NOTE: Crash in CLI tool, no security impact CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) NOTE: Unreproducible issue, probably a bug in the reporter's ASAN setup NOTE: https://trac.mplayerhq.hu/ticket/2400 NOTE: https://trac.mplayerhq.hu/ticket/2404 CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (bug #1021013) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2407 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2402 NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47 (r38389) NOTE: Crash in CLI tool, no security impact CVE-2022-38859 RESERVED CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2396 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385) NOTE: Crash in CLI tool, no security impact CVE-2022-38857 RESERVED CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2395 NOTE: Crash in CLI tool, no security impact CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2392 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384) NOTE: Crash in CLI tool, no security impact CVE-2022-38854 RESERVED CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer 2:1.5+svn38408-1 (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2398 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) NOTE: Crash in CLI tool, no security impact CVE-2022-38852 RESERVED CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2393 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382) NOTE: Crash in CLI tool, no security impact CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...) {DLA-3255-1} - mplayer 2:1.5+svn38408-1 (unimportant) [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 NOTE: https://trac.mplayerhq.hu/ticket/2399 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b (r38390) NOTE: Crash in CLI tool, no security impact CVE-2022-38849 RESERVED CVE-2022-38848 RESERVED CVE-2022-38847 RESERVED CVE-2022-38846 (EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing th ...) NOT-FOR-US: EspoCRM CVE-2022-38845 (Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote ...) NOT-FOR-US: EspoCRM CVE-2022-38844 (CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authen ...) NOT-FOR-US: EspoCRM CVE-2022-38843 (EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowi ...) NOT-FOR-US: EspoCRM CVE-2022-38842 RESERVED CVE-2022-38841 (Linksys AX3200 1.1.00 is vulnerable to OS command injection by authent ...) NOT-FOR-US: Linksys CVE-2022-38840 (cgi-bin/xmlstatus.cgi in G\xfcralp MAN-EAM-0003 3.2.4 is vulnerable to ...) NOT-FOR-US: Gueralp MAN-EAM-0003 CVE-2022-38839 RESERVED CVE-2022-38838 RESERVED CVE-2022-38837 RESERVED CVE-2022-38836 RESERVED CVE-2022-38835 RESERVED CVE-2022-38834 RESERVED CVE-2022-38833 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38832 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38831 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) NOT-FOR-US: Tenda CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) NOT-FOR-US: Tenda CVE-2022-38829 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) NOT-FOR-US: Tenda CVE-2022-38828 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection ...) NOT-FOR-US: TOTOLINK CVE-2022-38827 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow vi ...) NOT-FOR-US: TOTOLINK CVE-2022-38826 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary c ...) NOT-FOR-US: TOTOLINK CVE-2022-38825 RESERVED CVE-2022-38824 RESERVED CVE-2022-38823 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password ...) NOT-FOR-US: TOTOLINK CVE-2022-38822 RESERVED CVE-2022-38821 RESERVED CVE-2022-38820 RESERVED CVE-2022-38819 RESERVED CVE-2022-38818 RESERVED CVE-2022-38817 (Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Acces ...) NOT-FOR-US: Dapr Dashboard CVE-2022-38816 RESERVED CVE-2022-38815 RESERVED CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...) NOT-FOR-US: FiberHome CVE-2022-38813 (PHPGurukul Blood Donor Management System 1.0 does not properly restric ...) NOT-FOR-US: PHPGurukul Blood Donor Management System CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.) NOT-FOR-US: AeroCMS CVE-2022-38811 RESERVED CVE-2022-38810 RESERVED CVE-2022-38809 RESERVED CVE-2022-38808 (ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportE ...) NOT-FOR-US: ywoa CVE-2022-38807 RESERVED CVE-2022-38806 RESERVED CVE-2022-38805 RESERVED CVE-2022-38804 RESERVED CVE-2022-38803 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect A ...) NOT-FOR-US: Zkteco BioTime CVE-2022-38802 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect A ...) NOT-FOR-US: Zkteco BioTime CVE-2022-38801 (In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack a ...) NOT-FOR-US: Zkteco BioTime CVE-2022-38800 RESERVED CVE-2022-38799 RESERVED CVE-2022-38798 RESERVED CVE-2022-38797 RESERVED CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an ...) NOT-FOR-US: Feehi CMS CVE-2022-38453 (Multiple binary application files on the CMS8000 device are compiled w ...) NOT-FOR-US: Contec Health CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...) NOT-FOR-US: SmaCam CVE-2022-38138 (The Triangle Microworks IEC 61850 Library (Any client or server using ...) NOT-FOR-US: Triangle Microworks IEC 61850 Library CVE-2022-38100 (The CMS800 device fails while attempting to parse malformed network da ...) NOT-FOR-US: Contec Health CVE-2022-38069 (Multiple globally default credentials exist across all CMS8000 devices ...) NOT-FOR-US: Contec Health CVE-2022-36385 (A threat actor with momentary access to the device can plug in a USB d ...) NOT-FOR-US: Contec Health CVE-2022-3033 (If a Thunderbird user replied to a crafted HTML email containing a (Only affects ESR102) [buster] - thunderbird (Only affects ESR102) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3033 CVE-2022-3032 (When receiving an HTML email that contained an iframe ele ...) - thunderbird 1:102.2.1-1 [bullseye] - thunderbird (Only affects ESR102) [buster] - thunderbird (Only affects ESR102) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032 CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...) - gitlab 15.10.8+ds1-2 CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...) - routinator (bug #929024) CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...) {DLA-3173-1 DLA-3131-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 NOTE: https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ NOTE: https://git.kernel.org/linus/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (6.0-rc3) CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID name ...) NOT-FOR-US: CMS8000 device CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...) NOT-FOR-US: WP Users Exporter plugin for WordPress CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...) NOT-FOR-US: WordPress plugin CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-3023 (Use of Externally-Controlled Format String in GitHub repository pingca ...) NOT-FOR-US: pingcap/tidb CVE-2022-3022 REJECTED CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-3020 RESERVED CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...) NOT-FOR-US: Huawei CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...) NOT-FOR-US: ToolJet CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...) {DLA-3205-1} - inetutils 2:2.3-5 [bullseye] - inetutils 2:2.0-1+deb11u1 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html NOTE: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html CVE-2022-38795 (In Gitea through 1.17.1, repo cloning can occur in the migration funct ...) - gitea CVE-2022-38794 (Zaver through 2020-12-15 allows directory traversal via the GET /.. su ...) NOT-FOR-US: Zaver CVE-2022-38793 RESERVED CVE-2022-38792 (The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code ...) - python-exotel (Vulnerable backdoored version not uploaded to Debian) NOTE: https://github.com/jertel/elastalert2/pull/931 NOTE: https://github.com/sarathsp06/exotel-py/issues/10 CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compr ...) {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-28719 NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9 CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...) NOT-FOR-US: Weave GitOps Enterprise CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It a ...) NOT-FOR-US: Airties Smart Wi-Fi CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...) NOT-FOR-US: Nokia CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE affecting all ...) - gitlab 15.10.8+ds1-2 CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) - froxlor (bug #581792) CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286.) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 NOTE: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 (v9.0.0286) NOTE: Crash in CLI toool, no security impact CVE-2022-3015 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: oretnom23 Fast Food Ordering System CVE-2022-3014 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-3013 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Task Managing System CVE-2022-3012 (A vulnerability was found in oretnom23 Fast Food Ordering System. It h ...) NOT-FOR-US: oretnom23 Fast Food Ordering System CVE-2022-38065 (A privilege escalation vulnerability exists in the oslo.privsep functi ...) - python-oslo.privsep (unimportant; bug #1033114) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1599 NOTE: Deemed as additional hardening, but not a security issue by upstream: NOTE: https://bugs.launchpad.net/oslo.privsep/+bug/1989008 CVE-2022-3011 RESERVED CVE-2022-38785 REJECTED CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...) {DSA-5224-1 DLA-3120-1} - poppler 22.08.0-2.1 (bug #1018971) NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52 (poppler-22.09.0) NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 NOTE: https://www.openwall.com/lists/oss-security/2022/09/02/11 NOTE: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html CVE-2022-38783 RESERVED CVE-2022-38782 RESERVED CVE-2022-38781 RESERVED CVE-2022-38780 RESERVED CVE-2022-38779 (An open redirect issue was discovered in Kibana that could lead to a u ...) - kibana (bug #700337) CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana\u2019s third p ...) - kibana (bug #700337) CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...) NOT-FOR-US: Elastic Endpoint Security CVE-2022-38776 RESERVED CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...) NOT-FOR-US: Elastic Endpoint Security CVE-2022-38774 (An issue was discovered in the quarantine feature of Elastic Endpoint ...) NOT-FOR-US: Elastic Endpoint Security CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...) NOT-FOR-US: Siemens CVE-2022-3010 (The Priva TopControl Suite containspredictable credentials for the SSH ...) NOT-FOR-US: Priva TopControl Suite CVE-2022-3009 RESERVED CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to perform ...) {DSA-5232-1} - tinygltf 2.5.0+dfsg-5 (bug #1019357) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053 NOTE: https://github.com/syoyo/tinygltf/issues/368 NOTE: https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751 CVE-2022-3007 (The vulnerability exists in Syska SW100 Smartwatch due to an improper ...) NOT-FOR-US: Syska CVE-2022-3006 RESERVED CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-3003 RESERVED CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...) NOT-FOR-US: Milesight Video Management Systems (VMS) CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) NOT-FOR-US: Transtek CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) NOT-FOR-US: Transtek CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) NOT-FOR-US: Transtek CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) NOT-FOR-US: Transtek CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a ...) NOT-FOR-US: Wind River VxWorks CVE-2022-38766 (The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MH ...) NOT-FOR-US: Renault CVE-2022-38765 (Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately e ...) NOT-FOR-US: Canon Medical Informatics Vitrea CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...) NOT-FOR-US: Trend Micro CVE-2022-38763 RESERVED CVE-2022-38762 RESERVED CVE-2022-38761 RESERVED CVE-2022-38760 RESERVED CVE-2022-38759 RESERVED CVE-2022-38758 (Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to ve ...) NOT-FOR-US: Micro Focus CVE-2022-38757 (A vulnerability has been identified in Micro Focus ZENworks 2020 Updat ...) NOT-FOR-US: Micro Focus CVE-2022-38756 (A vulnerability has been identified in Micro Focus GroupWise Web in ve ...) NOT-FOR-US: Micro Focus CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versions pr ...) NOT-FOR-US: Micro Focus CVE-2022-38754 (A potential vulnerability has been identified in Micro Focus Operation ...) NOT-FOR-US: Micro Focus CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack) NOT-FOR-US: Micro Focus CVE-2022-2999 RESERVED CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300 CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.) - snipe-it (bug #1005172) CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...) {DLA-3180-1} - python-scciclient 0.12.3-2 (bug #1018213) [bullseye] - python-scciclient (Minor issue) NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12) CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O container ...) - cri-o (bug #979702) CVE-2022-2994 RESERVED CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) - snakeyaml 1.33-1 (bug #1021014; unimportant) NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not public) NOTE: Deemed a false positive by upstream, only added a test CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) {DLA-3132-1} - snakeyaml 1.31-1 [bullseye] - snakeyaml 1.28-1+deb11u1 NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039 NOTE: Fixed by https://bitbucket.org/snakeyaml/snakeyaml/commits/f3ab4e0f54c37ddb10f00b71d04187bb0ef1799c (snakeyaml-1.31) NOTE: Fixed by https://bitbucket.org/snakeyaml/snakeyaml/commits/6aedd33a811f7347c5dae2940e75940966f59466 (snakeyaml-1.31) CVE-2022-38750 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) {DLA-3132-1} - snakeyaml 1.31-1 [bullseye] - snakeyaml 1.28-1+deb11u1 NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027 NOTE: Test case: https://bitbucket.org/snakeyaml/snakeyaml/commits/a8a072311547574274036f4a1b91a751b397a055 (snakeyaml-1.31) CVE-2022-38749 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) {DLA-3132-1} - snakeyaml 1.31-1 [bullseye] - snakeyaml 1.28-1+deb11u1 NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024 NOTE: Also fixed by the patch for CVE-2022-25857. CVE-2022-38748 RESERVED CVE-2022-38747 RESERVED CVE-2022-38746 RESERVED CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...) {DLA-3526-1} - libreoffice 1:7.3.1-1 [bullseye] - libreoffice 1:7.0.4-4+deb11u6 NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745 CVE-2022-2993 (There is an error in the condition of the last if-statement in the fun ...) NOT-FOR-US: zephyr-rtos CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) - linux 5.15.3-1 (unimportant) [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-960/ NOTE: CONFIG_NVM not enabled in Debian CVE-2022-2990 (An incorrect handling of the supplementary groups in the Buildah conta ...) - golang-github-containers-buildah 1.28.0+ds1-2 [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ NOTE: https://github.com/containers/buildah/pull/4200 NOTE: https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255 (v1.28.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453 CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman contai ...) [experimental] - libpod 4.3.1+ds1-1 - libpod 4.3.1+ds1-4 (bug #1019591) [bullseye] - libpod 3.0.1+dfsg1-3+deb11u5 NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445 NOTE: https://github.com/containers/podman/pull/15696 NOTE: https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4 (v4.2.0-rhel) NOTE: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1) CVE-2022-2988 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause s ...) NOT-FOR-US: Schneider CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2022-2986 (Enabling and disabling installed H5P libraries did not include the nec ...) - moodle CVE-2021-46835 (There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Suc ...) NOT-FOR-US: Huawei CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some headset ...) NOT-FOR-US: Huawei CVE-2022-38744 (An unauthenticated attacker with network access to a victim's Rockwell ...) NOT-FOR-US: Rockwell Automation CVE-2022-38743 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...) NOT-FOR-US: Rockwell Automation CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...) NOT-FOR-US: Rockwell Automation CVE-2022-38741 REJECTED CVE-2022-38740 REJECTED CVE-2022-38739 REJECTED CVE-2022-38738 REJECTED CVE-2022-38737 REJECTED CVE-2022-38736 REJECTED CVE-2022-38735 REJECTED CVE-2022-38734 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 ...) NOT-FOR-US: StorageGRID CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an ...) NOT-FOR-US: NetApp CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...) NOT-FOR-US: SnapCenter (NetAPP) CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal ...) NOT-FOR-US: Qaelum CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2022-2983 (The Salat Times WordPress plugin before 3.2.2 does not sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260.) - vim 2:9.0.0626-1 (bug #1019590; unimportant) [buster] - vim (quickfixtextfunc added in 8.2.0869) NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260) NOTE: Crash in CLI tool, no security impact CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not ensure th ...) NOT-FOR-US: WordPress plugin CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.025 ...) - vim 2:9.0.0626-1 (unimportant) NOTE: https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea NOTE: https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1 (9.0.0259) NOTE: Crash in CLI tool, no security impact CVE-2022-2979 (Opening a specially crafted file could cause the affected product to f ...) NOT-FOR-US: Omron CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found ...) {DLA-3245-1} - linux 6.0.2-1 [bullseye] - linux 5.10.148-1 NOTE: https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u CVE-2022-38730 (Docker Desktop for Windows before 4.6 allows attackers to overwrite an ...) NOT-FOR-US: Docker Desktop CVE-2022-38729 RESERVED CVE-2022-38728 RESERVED CVE-2022-38727 RESERVED CVE-2022-38726 RESERVED CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...) {DSA-5369-1 DLA-3348-1} - syslog-ng 3.38.1-1 NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110 CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...) NOT-FOR-US: Gravitee API Management CVE-2022-38722 RESERVED CVE-2022-38721 RESERVED CVE-2022-38720 RESERVED CVE-2022-38719 RESERVED CVE-2022-38718 RESERVED CVE-2022-38717 RESERVED CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/7e0438f83dc769465ee663bb5dcf8cc154940712 (5.18-rc1) CVE-2022-2976 RESERVED CVE-2022-2975 (A vulnerability related to weak permissions was detected in Avaya Aura ...) NOT-FOR-US: Avaya CVE-2022-2974 RESERVED CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...) NOT-FOR-US: Huawei CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...) NOT-FOR-US: Huawei CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive cr ...) NOT-FOR-US: IBM CVE-2022-38713 RESERVED CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services ...) NOT-FOR-US: IBM CVE-2022-38711 RESERVED CVE-2022-38710 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensit ...) NOT-FOR-US: IBM CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...) NOT-FOR-US: IBM CVE-2022-38708 (IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to ...) NOT-FOR-US: IBM CVE-2022-38707 (IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obt ...) NOT-FOR-US: IBM CVE-2022-38706 RESERVED CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2022-38458 (A cleartext transmission vulnerability exists in the Remote Management ...) NOT-FOR-US: Netgear CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-37337 (A command execution vulnerability exists in the access control functio ...) NOT-FOR-US: Netgear CVE-2022-36429 (A command execution vulnerability exists in the ubus backend communica ...) NOT-FOR-US: Netgear CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-2973 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) NOT-FOR-US: libIEC61850 CVE-2022-2972 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) NOT-FOR-US: libIEC61850 CVE-2022-2971 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) NOT-FOR-US: libIEC61850 CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) NOT-FOR-US: libIEC61850 CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 ...) NOT-FOR-US: Delta Industrial Automation DIALink CVE-2022-2968 RESERVED CVE-2022-2967 (Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modb ...) NOT-FOR-US: Prosys OPC UA Simulation Server CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This iss ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: NotrinosERP CVE-2022-2964 (A flaw was found in the Linux kernel\u2019s driver for the ASIX AX8817 ...) - linux 5.16.10-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4) CVE-2022-2963 (A vulnerability found in jasper. This security vulnerability happens b ...) - jasper (unimportant) NOTE: https://github.com/jasper-software/jasper/issues/332 NOTE: https://github.com/jasper-software/jasper/commit/d99636fad60629785efd1ef72da772a8ef68f54c NOTE: memory leak on invalid command line options before exit() CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...) - qemu 1:7.1+dfsg-2 (bug #1018055) [bullseye] - qemu (Vulnerable code not present) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171 NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 (v7.2.0-rc0) NOTE: Introduced by https://gitlab.com/qemu-project/qemu/-/commit/398f9a84ac7132e38caf7b066273734b3bf619ff (v7.0.0-rc0) CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel\u2019s PLP Rose fu ...) - linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595 NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch CVE-2022-2960 RESERVED CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a ...) - linux 5.18.2-1 [bullseye] - linux 5.10.120-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/ NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1) CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) NOT-FOR-US: Noxen CVE-2022-2955 RESERVED CVE-2022-2954 RESERVED CVE-2022-38699 (Armoury Crate Service\u2019s logging function has insufficient validat ...) NOT-FOR-US: Armoury Crate Service CVE-2022-38698 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-38697 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-38696 RESERVED CVE-2022-38695 RESERVED CVE-2022-38694 RESERVED CVE-2022-38693 RESERVED CVE-2022-38692 RESERVED CVE-2022-38691 RESERVED CVE-2022-38690 (In camera driver, there is a possible memory corruption due to imprope ...) NOT-FOR-US: Unisoc CVE-2022-38689 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-38688 (In telephony service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-38687 (In messaging service, there is a missing permission check. This could ...) NOT-FOR-US: Unisoc CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38685 (In bluetooth service, there is a possible missing permission check. Th ...) NOT-FOR-US: Unisoc CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38681 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38680 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Unisoc CVE-2022-38675 (In gpu driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Unisoc CVE-2022-38674 (In wlan driver, there is a possible missing params check. This could l ...) NOT-FOR-US: Unisoc CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to ...) NOT-FOR-US: Unisoc CVE-2022-38671 (In camera driver, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Unisoc CVE-2022-38670 (In soundrecorder service, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-38669 (In soundrecorder service, there is a missing permission check. This co ...) NOT-FOR-US: Unisoc CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...) NOT-FOR-US: CrowCpp CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...) NOT-FOR-US: CrowCpp CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tool ...) {DSA-5333-1} - tiff 4.4.0-6 (unimportant; bug #1024670) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba NOTE: Crash in CLI tool, no security impact CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a ...) NOT-FOR-US: GE CIMPICITY CVE-2022-2951 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) NOT-FOR-US: Altair HyperView Player CVE-2022-2950 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) NOT-FOR-US: Altair HyperView Player CVE-2022-2949 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) NOT-FOR-US: Altair HyperView Player CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based b ...) NOT-FOR-US: GE CIMPICITY CVE-2022-2947 (Altair HyperView Playerversions 2021.1.0.27 and prior perform operatio ...) NOT-FOR-US: Altair HyperView Player CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...) NOT-FOR-US: Jenkins plugin CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ p ...) NOT-FOR-US: Jenkins CollabNet Plugins Plugin CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlie ...) NOT-FOR-US: Jenkins Job Configuration History Plugin CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., re ...) NOT-FOR-US: Jenkins Git Plugin CVE-2022-38662 (In HCL Digital Experience, URLs can be constructed to redirect users t ...) NOT-FOR-US: HCL CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite key syst ...) NOT-FOR-US: HCL CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site Request Forger ...) NOT-FOR-US: HCL CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may be encr ...) NOT-FOR-US: HCL CVE-2022-38658 (BigFix deployments that have installed the Notification Service on Win ...) NOT-FOR-US: HCL CVE-2022-38657 (An open redirect to malicious sites can occur when accessing the "Feed ...) NOT-FOR-US: HCL CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote attacker to ...) NOT-FOR-US: HCL CVE-2022-38655 (BigFix WebUI non-master operators are missing controls that prevent th ...) NOT-FOR-US: HCL CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerability. ...) NOT-FOR-US: HCL CVE-2022-38653 (In HCL Digital Experience, customized XSS payload can be constructed s ...) NOT-FOR-US: HCL CVE-2022-38652 (A remote insecure deserialization vulnerability exixsts in VMWare Hype ...) NOT-FOR-US: VMware CVE-2022-38651 (A security filter misconfiguration exists in VMware Hyperic Server 5.8 ...) NOT-FOR-US: VMware CVE-2022-38650 (A remote unauthenticated insecure deserialization vulnerability exists ...) NOT-FOR-US: VMware CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Airflow Pinot provider CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) {DLA-3619-1} - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4 NOTE: https://issues.apache.org/jira/browse/BATIK-1333 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625 CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246.) {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590; unimportant) NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246) NOTE: Crash in CLI tool, no security impact CVE-2022-2945 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-2944 RESERVED CVE-2022-2943 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for Wordpre ...) NOT-FOR-US: WordPress plugin CVE-2022-2942 RESERVED CVE-2022-2941 (The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site ...) NOT-FOR-US: WP-UserOnline plugin for WordPress CVE-2022-2940 RESERVED CVE-2022-2939 (The WP Cerber Security plugin for WordPress is vulnerable to security ...) NOT-FOR-US: WP Cerber Security plugin for WordPress CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure Stal ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a06247c6804f1a7c86a2e5398a4c1f1db1471848 (5.17-rc2) CVE-2022-2937 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress CVE-2022-2934 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) NOT-FOR-US: WordPress Page Builder CVE-2022-2933 (The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: 0mk Shortener plugin for WordPress CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...) NOT-FOR-US: Mobiledoc Kit CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) - octoprint (bug #718591) CVE-2022-2929 (In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a syst ...) {DSA-5251-1 DLA-3146-1} - isc-dhcp 4.4.3-2.1 (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ NOTE: https://kb.isc.org/docs/cve-2022-2929 CVE-2022-2928 (In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, whe ...) {DSA-5251-1 DLA-3146-1} - isc-dhcp 4.4.3-2.1 (bug #1021320) NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ NOTE: https://kb.isc.org/docs/cve-2022-2928 CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) NOT-FOR-US: NotrinosERP CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-38647 RESERVED CVE-2022-38646 RESERVED CVE-2022-38645 RESERVED CVE-2022-38644 RESERVED CVE-2022-38643 RESERVED CVE-2022-38642 RESERVED CVE-2022-38641 RESERVED CVE-2022-38640 RESERVED CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 al ...) NOT-FOR-US: Markdown-Nice CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file write vuln ...) NOT-FOR-US: Casdoor CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain multiple SQL ...) NOT-FOR-US: Hospital Management System CVE-2022-38636 REJECTED CVE-2022-38635 RESERVED CVE-2022-38634 RESERVED CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vu ...) NOT-FOR-US: Genymotion Desktop CVE-2022-38632 RESERVED CVE-2022-38631 RESERVED CVE-2022-38630 RESERVED CVE-2022-38629 RESERVED CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...) NOT-FOR-US: Nortek Linear eMerge E3-Series CVE-2022-38627 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...) NOT-FOR-US: Nortek Linear eMerge E3-Series CVE-2022-38626 RESERVED CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...) NOT-FOR-US: Patlite NH-FB CVE-2022-38624 RESERVED CVE-2022-38623 RESERVED CVE-2022-38622 RESERVED CVE-2022-38621 (Doufox v0.0.4 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Doufox CVE-2022-38620 RESERVED CVE-2022-38619 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) NOT-FOR-US: SmartVista CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) NOT-FOR-US: SmartVista SVFE2 CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) NOT-FOR-US: SmartVista SVFE2 CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) NOT-FOR-US: SmartVista CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...) NOT-FOR-US: SmartVista CVE-2022-38614 (An issue in the IGB Files and OutfileService features of SmartVista Ca ...) NOT-FOR-US: SmartVista CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows au ...) NOT-FOR-US: SmartVista CVE-2022-38612 RESERVED CVE-2022-38611 (Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attack ...) NOT-FOR-US: Watchdog Anti-Virus CVE-2022-38610 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Garage Management System CVE-2022-38609 RESERVED CVE-2022-38608 RESERVED CVE-2022-38607 RESERVED CVE-2022-38606 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Garage Management System CVE-2022-38605 (Church Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Church Management System CVE-2022-38604 (Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain ...) NOT-FOR-US: Wacom CVE-2022-38603 RESERVED CVE-2022-38602 RESERVED CVE-2022-38601 RESERVED CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...) - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) NOTE: Memory leak in CLI tool, no security impact CVE-2022-38599 (Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was disco ...) NOT-FOR-US: Teleport CVE-2022-38598 RESERVED CVE-2022-38597 RESERVED CVE-2022-38596 RESERVED CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Church Management System CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Church Management System CVE-2022-38593 RESERVED CVE-2022-38592 RESERVED CVE-2022-38591 RESERVED CVE-2022-38590 RESERVED CVE-2022-38589 RESERVED CVE-2022-38588 RESERVED CVE-2022-38587 RESERVED CVE-2022-38586 RESERVED CVE-2022-38585 RESERVED CVE-2022-38584 RESERVED CVE-2022-38583 (On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in ...) NOT-FOR-US: Sage CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of Watchdo ...) NOT-FOR-US: Watchdog Antivirus CVE-2022-38581 RESERVED CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...) NOT-FOR-US: Zalando Skipper CVE-2022-38579 RESERVED CVE-2022-38578 RESERVED CVE-2022-38577 (ProcessMaker before v3.5.4 was discovered to contain insecure permissi ...) NOT-FOR-US: ProcessMaker CVE-2022-38576 (Interview Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Interview Management System CVE-2022-38575 RESERVED CVE-2022-38574 RESERVED CVE-2022-38573 (10-Strike Network Inventory Explorer v9.3 was discovered to contain a ...) NOT-FOR-US: 10-Strike Network Inventory Explorer CVE-2022-38572 RESERVED CVE-2022-38571 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow i ...) NOT-FOR-US: Tenda CVE-2022-38570 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in ...) NOT-FOR-US: Tenda CVE-2022-38569 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in ...) NOT-FOR-US: Tenda CVE-2022-38568 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) NOT-FOR-US: Tenda CVE-2022-38567 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vu ...) NOT-FOR-US: Tenda CVE-2022-38566 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) NOT-FOR-US: Tenda CVE-2022-38565 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) NOT-FOR-US: Tenda CVE-2022-38564 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow v ...) NOT-FOR-US: Tenda CVE-2022-38563 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) NOT-FOR-US: Tenda CVE-2022-38562 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) NOT-FOR-US: Tenda CVE-2022-38561 RESERVED CVE-2022-38560 RESERVED CVE-2022-38559 RESERVED CVE-2022-38558 RESERVED CVE-2022-38557 (D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulner ...) NOT-FOR-US: D-Link CVE-2022-38556 (Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulner ...) NOT-FOR-US: Trendnet CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_ ...) NOT-FOR-US: Linksys CVE-2022-38554 RESERVED CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...) NOT-FOR-US: Academy Learning Management System CVE-2022-38552 RESERVED CVE-2022-38551 RESERVED CVE-2022-38550 (A stored cross-site scripting (XSS) vulnerability in the /weibo/list c ...) NOT-FOR-US: Jeesns CVE-2022-38549 RESERVED CVE-2022-38548 RESERVED CVE-2022-38547 (A post-authentication command injection vulnerability in the CLI comma ...) NOT-FOR-US: Zyxel CVE-2022-38546 (A DNS misconfiguration was found in Zyxel NBG7510 firmware versions pr ...) NOT-FOR-US: Zyxel CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Valine CVE-2022-38544 RESERVED CVE-2022-38543 RESERVED CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...) NOT-FOR-US: Archery CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL inject ...) NOT-FOR-US: Archery CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...) NOT-FOR-US: Archery CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vul ...) NOT-FOR-US: Archery CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vul ...) NOT-FOR-US: Archery CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL inject ...) NOT-FOR-US: Archery CVE-2022-38536 RESERVED CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) NOT-FOR-US: TOTOLINK CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) NOT-FOR-US: TOTOLINK CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...) - binutils 2.39.50.20221208-2 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 NOTE: binutils not covered by security support CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered t ...) NOT-FOR-US: Micro-Star CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...) NOT-FOR-US: FPT router CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2216 NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...) - tinyexr 1.0.1+dfsg-4 [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1 NOTE: https://github.com/syoyo/tinyexr/issues/169 NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72 CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...) - assimp (bug #1021018) [bookworm] - assimp (Minor issue) [bullseye] - assimp (Minor issue) [buster] - assimp (Minor issue) NOTE: https://github.com/assimp/assimp/issues/4662 CVE-2022-38527 (UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: UCMS CVE-2022-38526 RESERVED CVE-2022-38525 RESERVED CVE-2022-38524 RESERVED CVE-2022-38523 RESERVED CVE-2022-38522 RESERVED CVE-2022-38521 RESERVED CVE-2022-38520 RESERVED CVE-2022-38519 RESERVED CVE-2022-38518 RESERVED CVE-2022-38517 RESERVED CVE-2022-38516 RESERVED CVE-2022-38515 RESERVED CVE-2022-38514 RESERVED CVE-2022-38513 RESERVED CVE-2022-38512 (The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, ...) NOT-FOR-US: Liferay CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a comman ...) NOT-FOR-US: TOTOLINK CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow ...) NOT-FOR-US: Tenda CVE-2022-38509 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Wedding Planner CVE-2022-38508 RESERVED CVE-2022-38507 RESERVED CVE-2022-38506 RESERVED CVE-2022-38505 RESERVED CVE-2022-38504 RESERVED CVE-2022-38503 RESERVED CVE-2022-38502 RESERVED CVE-2022-38501 RESERVED CVE-2022-38500 RESERVED CVE-2022-38499 RESERVED CVE-2022-38498 RESERVED CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation violation ...) NOT-FOR-US: LIEF CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable assertion ab ...) NOT-FOR-US: LIEF CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer overflow v ...) NOT-FOR-US: LIEF CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...) - movabletype-opensource CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...) NOT-FOR-US: appwrite CVE-2022-2924 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.024 ...) - vim 2:9.0.0242-1 (unimportant) NOTE: https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 NOTE: https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e (v9.0.0240) NOTE: Crash in CLI tool, no security impact CVE-2022-38494 RESERVED CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA priva ...) - rhonabwy 1.1.7-1 [bullseye] - rhonabwy (Vulnerable code not present) NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399 CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) NOT-FOR-US: EasyVista CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) NOT-FOR-US: EasyVista CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) NOT-FOR-US: EasyVista CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 ...) NOT-FOR-US: EasyVista CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...) NOT-FOR-US: logrocket-oauth2-example CVE-2022-38487 RESERVED CVE-2022-38486 RESERVED CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform ...) NOT-FOR-US: DNNPlatform CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: NotrinosERP CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...) NOT-FOR-US: AgeVolt Portal CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...) NOT-FOR-US: AgeVolt Portal CVE-2022-38483 RESERVED CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...) NOT-FOR-US: Mega HOPEX CVE-2022-38481 (An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The ap ...) NOT-FOR-US: Mega HOPEX CVE-2022-38480 RESERVED CVE-2022-38479 RESERVED CVE-2022-38478 (Members the Mozilla Fuzzing Team reported memory safety bugs present i ...) {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} - firefox 104.0-1 - firefox-esr 102.2.0esr-1 - thunderbird 1:102.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38478 CVE-2022-38477 (Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported m ...) - firefox 104.0-1 - firefox-esr 102.2.0esr-1 [bullseye] - firefox-esr (Vulnerable code not present in the ESR91 version) [buster] - firefox-esr (Vulnerable code not present in the ESR91 version) - thunderbird 1:102.2.0-1 [bullseye] - thunderbird (Vulnerable code not present in the 91.x version) [buster] - thunderbird (Vulnerable code not present in the 91.x version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38477 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38477 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38477 CVE-2022-38476 (A data race could occur in the PK11_ChangePW function, po ...) - firefox-esr 102.2.0esr-1 [bullseye] - firefox-esr (Vulnerable code not present in the ESR91 version) [buster] - firefox-esr (Vulnerable code not present in the ESR91 version) - thunderbird 1:102.2.0-1 [bullseye] - thunderbird (Vulnerable code not present in the 91.x version) [buster] - thunderbird (Vulnerable code not present in the 91.x version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38476 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38476 CVE-2022-38475 (An attacker could have written a value to the first element in a zero- ...) - firefox 104.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38475 CVE-2022-38474 (A website that had permission to access the microphone could record au ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474 CVE-2022-38473 (A cross-origin iframe referencing an XSLT document would inherit the p ...) {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} - firefox 104.0-1 - firefox-esr 102.2.0esr-1 - thunderbird 1:102.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38473 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38473 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38473 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38473 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473 CVE-2022-38472 (An attacker could have abused XSLT error handling to associate attacke ...) {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} - firefox 104.0-1 - firefox-esr 102.2.0esr-1 - thunderbird 1:102.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38472 CVE-2022-38471 RESERVED CVE-2022-38452 (A command execution vulnerability exists in the hidden telnet service ...) NOT-FOR-US: Netgear CVE-2022-2920 RESERVED CVE-2022-2919 RESERVED CVE-2022-2918 RESERVED CVE-2022-2917 RESERVED CVE-2022-2916 RESERVED CVE-2022-2915 (A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 app ...) NOT-FOR-US: SonicWall CVE-2022-2914 RESERVED CVE-2022-2913 (The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't che ...) NOT-FOR-US: WordPress plugin CVE-2022-2912 (The Craw Data WordPress plugin through 1.0.0 does not implement nonce ...) NOT-FOR-US: WordPress plugin CVE-2022-2911 RESERVED CVE-2022-2910 RESERVED CVE-2022-2909 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way Gateway (OWG ...) NOT-FOR-US: CoreShield One-Way Gateway (OWG) CVE-2022-38465 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...) NOT-FOR-US: Exment CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedo ...) NOT-FOR-US: Exment CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5. ...) NOT-FOR-US: Exment CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available memory ...) - bind9 1:9.18.7-1 [bullseye] - bind9 (Vulnerable code introduced later) [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-2906 NOTE: Introduced after: https://gitlab.isc.org/isc-projects/bind9/-/commit/e18777c7582d54d227714882e9e79746ce48e002 (v9_17_20) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197 (v9_18_7) CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's BPF ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1 CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - gitlab 15.10.8+ds1-2 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...) NOT-FOR-US: WordPress plugin CVE-2022-2902 RESERVED CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...) NOT-FOR-US: chatwoot CVE-2022-2900 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...) NOT-FOR-US: Node parse-url CVE-2022-38464 RESERVED CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...) NOT-FOR-US: ServiceNow CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-38448 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38447 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38446 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38445 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38444 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38443 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2022-38442 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) NOT-FOR-US: Adobe CVE-2022-38441 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2022-38440 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-38436 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38435 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38432 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38431 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38430 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38429 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38428 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-38424 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38423 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38422 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38421 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38420 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38419 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38418 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-38415 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-38414 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-38413 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-38412 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2022-38411 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2022-38410 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38409 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38408 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-38407 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38406 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38405 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38404 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38403 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) NOT-FOR-US: Adobe CVE-2022-38102 (Improper Input validation in firmware for some Intel(R) Converged Secu ...) NOT-FOR-US: Intel CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode 3.20230214.1~deb11u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-38084 RESERVED CVE-2022-38083 (Improper initialization in the BIOS firmware for some Intel(R) Process ...) NOT-FOR-US: Intel CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...) NOT-FOR-US: ADMesh CVE-2022-38071 RESERVED CVE-2022-37408 RESERVED CVE-2022-37343 (Improper access control in the BIOS firmware for some Intel(R) Process ...) NOT-FOR-US: Intel CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the TriangleMesh ...) - slic3r (bug #1034848) [bookworm] - slic3r (Minor issue) [bullseye] - slic3r (Minor issue) [buster] - slic3r (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593 CVE-2022-36420 RESERVED CVE-2022-36419 RESERVED CVE-2022-34652 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) NOT-FOR-US: WWBN AVideo CVE-2022-33310 RESERVED CVE-2022-2899 RESERVED CVE-2022-2898 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2022-2897 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2022-2896 (Measuresoft ScadaPro Server (All Versions) allows use after free while ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2022-2893 (RONDS EPM version 1.19.5 does not properly validate the filename para ...) NOT-FOR-US: RONDS EPM CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...) NOT-FOR-US: Huawei CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...) [experimental] - ruby-omniauth 2.0.4-1~exp1 - ruby-omniauth 2.0.4-2 [bullseye] - ruby-omniauth (Minor issue) [buster] - ruby-omniauth (Minor issue) NOTE: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00 (v2.0.0-rc1) CVE-2020-36598 RESERVED CVE-2020-36597 RESERVED CVE-2020-36596 RESERVED CVE-2020-36595 RESERVED CVE-2020-36594 RESERVED CVE-2020-36593 RESERVED CVE-2020-36592 RESERVED CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) {DLA-3619-1} - batik 1.15+dfsg-1 (bug #1020589) [bullseye] - batik (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1331 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462 NOTE: https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading CVE-2022-38397 RESERVED CVE-2022-2891 (The WP 2FA WordPress plugin before 2.3.0 uses comparison operators tha ...) NOT-FOR-US: WordPress plugin CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225.) - vim 2:9.0.0229-1 (unimportant) NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225) NOTE: Crash in CLI tool, no security impact CVE-2022-2888 (If an attacker comes into the possession of a victim's OctoPrint sessi ...) - octoprint (bug #718591) CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...) NOT-FOR-US: WordPress plugin CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...) NOTE: Additional misreport for laravel, likely to be rejected CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-38396 (HP Factory Preinstalled Images on certain systems that shipped with Wi ...) NOT-FOR-US: HP CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...) NOT-FOR-US: HP CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...) NOT-FOR-US: Asus CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...) - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/ CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) NOT-FOR-US: Octopus Deploy CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...) - bind9 1:9.18.7-1 [bullseye] - bind9 (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages) [buster] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-2881 NOTE: Exposed after (but not only requirement): https://gitlab.isc.org/isc-projects/bind9/-/commit/69c1ee1ce9f801aaa082bb3abf5969b46699f70a (v9_17_4) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7) CVE-2022-2880 (Requests forwarded by ReverseProxy include the raw query parameters fr ...) - golang-1.19 1.19.2-1 - golang-1.18 1.18.7-1 - golang-1.17 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/54663 NOTE: https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2) NOTE: https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7) CVE-2022-2879 (Reader.Read does not set a limit on the maximum size of file headers. ...) - golang-1.19 1.19.2-1 - golang-1.18 1.18.7-1 - golang-1.17 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/54853 NOTE: https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2) NOTE: https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7) CVE-2022-2878 RESERVED CVE-2022-2877 (The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester CVE-2022-39047 (Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vu ...) - freeciv 3.0.3-1 (bug #1017579) [bullseye] - freeciv (Minor issue) [buster] - freeciv (Minor issue) NOTE: https://osdn.net/projects/freeciv/ticket/45299 NOTE: https://www.openwall.com/lists/oss-security/2022/08/05/1 CVE-2022-38392 (Certain 5400 RPM hard drives, for laptops and other PCs in approximate ...) NOT-FOR-US: Microsoft CVE-2022-2875 RESERVED CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.022 ...) - vim 2:9.0.0229-1 (unimportant) NOTE: https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79 NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224) NOTE: Crash in CLI tool, no security impact CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...) {DSA-5324-1 DLA-3403-1 DLA-3349-1} - linux 6.1.4-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048 NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/ NOTE: https://git.kernel.org/linus/39244cc754829bf707dccd12e2ce37510f5b1f8d CVE-2022-2872 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) - octoprint (bug #718591) CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...) NOT-FOR-US: NotrinosERP CVE-2022-38391 (IBM Spectrum Control 5.4 uses weaker than expected cryptographic algor ...) NOT-FOR-US: IBM CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...) NOT-FOR-US: IBM CVE-2022-38389 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...) NOT-FOR-US: IBM CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a loc ...) NOT-FOR-US: IBM CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...) NOT-FOR-US: IBM CVE-2022-38386 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...) NOT-FOR-US: IBM CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...) NOT-FOR-US: IBM CVE-2022-38384 RESERVED CVE-2022-38383 RESERVED CVE-2022-38382 RESERVED CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...) NOT-FOR-US: Asus CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...) NOTE: Additional misreport for laravel, likely to be rejected CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0~rc1-1 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0~rc1-1 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0~rc1-1 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of- ...) NOT-FOR-US: FATEK FvDesigner CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: demon image annotation plugin for WordPress CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221.) - vim 2:9.0.0229-1 (unimportant) [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765 NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221) NOTE: Crash in CLI tool, no security impact CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2860 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2859 (Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2858 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.10 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2857 (Use after free in Blink in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2856 (Insufficient validation of untrusted input in Intents in Google Chrome ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2855 (Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2854 (Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2853 (Heap buffer overflow in Downloads in Google Chrome on Android prior to ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allow ...) {DSA-5212-1} - chromium 104.0.5112.101-1 [buster] - chromium (see DSA 5046) CVE-2022-38381 (An improper handling of malformed request vulnerability [CWE-228] exis ...) NOT-FOR-US: FortiGuard CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS version ...) NOT-FOR-US: FortiGuard CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...) NOT-FOR-US: FortiGuard CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...) NOT-FOR-US: Fortinet CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...) NOT-FOR-US: FortiGuard CVE-2022-38376 (Multiple improper neutralization of input during web page generation ( ...) NOT-FOR-US: Fortinet CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC ...) NOT-FOR-US: Fortinet CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3 ...) NOT-FOR-US: FortiGuard CVE-2022-38371 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...) NOT-FOR-US: Apache IoTDB CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users ...) NOT-FOR-US: Apache IoTDB CVE-2022-2851 RESERVED CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...) {DLA-3399-1} - 389-ds-base 2.3.1-1 (bug #1018054) [bullseye] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691 NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979 NOTE: https://github.com/389ds/389-ds-base/issues/5418 NOTE: https://github.com/389ds/389-ds-base/commit/513a763b551848e5532ec22bb0086464aa09252f (main) NOTE: https://github.com/389ds/389-ds-base/commit/19632a4b8de5ba0abe05cdfe514a7ada07d0c299 (389-ds-base-2.0.17) NOTE: https://github.com/389ds/389-ds-base/commit/be599560c9bbb17570f5eeb5aac1919a8d333567 (389-ds-base-1.4.4) NOTE: https://github.com/389ds/389-ds-base/commit/bd566957f85c889f13cd24f903c91c16c955acbd (389-ds-base-1.3.10) NOTE: Results from an incomplete fix for CVE-2021-3514 CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0229-1 (unimportant) NOTE: https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e NOTE: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (v9.0.0220) NOTE: Crash in CLI tool, no security impact CVE-2022-2848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PTC CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Guest Management System CVE-2022-2846 (The Calendar Event Multi View WordPress plugin before 1.4.07 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2845 (Improper Validation of Specified Quantity in Input in GitHub repositor ...) - vim 2:9.0.0229-1 (unimportant) NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445 NOTE: https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (v9.0.0218) NOTE: Crash in CLI tool, no security impact CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress ...) NOT-FOR-US: WordPress plugin CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...) NOT-FOR-US: WordPress plugin CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...) NOT-FOR-US: CrowdStrike Falcon CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-2839 (The Zephyr Project Manager WordPress plugin before 3.2.55 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-2838 (In Eclipse Sphinx\u2122 before version 0.13.1, Apache Xerces XML Parse ...) NOT-FOR-US: Eclipse Sphinx CVE-2022-2837 (A flaw was found in coreDNS. This flaw allows a malicious user to redi ...) - coredns (bug #880676) CVE-2022-2836 RESERVED CVE-2022-2835 (A flaw was found in coreDNS. This flaw allows a malicious user to rero ...) - coredns (bug #880676) CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported logs and ...) NOT-FOR-US: WordPress plugin CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs.) - blender 3.2.2+dfsg-1 (unimportant) NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512 NOTE: https://developer.blender.org/T99711 NOTE: Hang in CLI tool, no security impact CVE-2022-2832 (A flaw was found in Blender 3.3.0. A null pointer dereference exists i ...) - blender (unimportant) NOTE: https://developer.blender.org/T99706 NOTE: https://developer.blender.org/D15463 NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c NOTE: Debian binary packages not build with WITH_HEADLESS CVE-2022-2831 (A flaw was found in Blender 3.3.0. An interger overflow in source/blen ...) - blender 3.2.2+dfsg-1 [bullseye] - blender (Minor issue) [buster] - blender (The vulnerable code is not present) NOTE: https://developer.blender.org/T99705 NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 NOTE: https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 CVE-2022-2830 (Deserialization of Untrusted Data vulnerability in the message process ...) NOT-FOR-US: Bitdefender CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x ...) NOT-FOR-US: Aviatrix Gateway CVE-2022-38367 (The Netic User Export add-on before 2.0.6 for Atlassian Jira does not ...) NOT-FOR-US: Netic User Export add-on for Atlassian Jira CVE-2022-38366 RESERVED CVE-2022-38365 RESERVED CVE-2022-38364 RESERVED CVE-2022-38363 RESERVED CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal inform ...) NOT-FOR-US: Octopus Server CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability) NOT-FOR-US: MegaRAC CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...) - airflow (bug #819700) CVE-2022-38361 RESERVED CVE-2022-38360 RESERVED CVE-2022-38359 (Cross-site request forgery attacks can be carried out against the Eyes ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-38358 (Improper neutralization of input during web page generation leaves the ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-38357 (Improper neutralization of special elements leaves the Eyes of Network ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2022-38354 RESERVED CVE-2022-38353 RESERVED CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...) NOT-FOR-US: ThinkPHP CVE-2022-38351 (A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows att ...) NOT-FOR-US: Suprema Bio Star CVE-2022-38350 RESERVED CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a reachable asser ...) - poppler 22.12.0-2 [bullseye] - poppler (Minor issue) [buster] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28 (poppler-22.09.0) CVE-2022-38348 RESERVED CVE-2022-38347 RESERVED CVE-2022-38346 RESERVED CVE-2022-38345 RESERVED CVE-2022-38344 RESERVED CVE-2022-38343 RESERVED CVE-2022-38342 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) NOT-FOR-US: Safe Software FME Server CVE-2022-38341 (Safe Software FME Server v2021.2.5 and below does not employ server-si ...) NOT-FOR-US: Safe Software FME Server CVE-2022-38340 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) NOT-FOR-US: Safe Software FME Server CVE-2022-38339 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a c ...) NOT-FOR-US: Safe Software FME Server CVE-2022-38338 RESERVED CVE-2022-38337 (When aborting a SFTP connection, MobaXterm before v22.1 sends a hardco ...) NOT-FOR-US: MobaXterm CVE-2022-38336 (An access control issue in MobaXterm before v22.1 allows attackers to ...) NOT-FOR-US: MobaXterm CVE-2022-38335 (Vtiger CRM v7.4.0 was discovered to contain a stored cross-site script ...) NOT-FOR-US: Vtiger CRM CVE-2022-38334 (XPDF v4.04 and earlier was discovered to contain a stack overflow via ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...) NOT-FOR-US: OpenWrt CVE-2022-38332 RESERVED CVE-2022-38331 RESERVED CVE-2022-38330 RESERVED CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnera ...) NOT-FOR-US: Shopxian CMS CVE-2022-38328 RESERVED CVE-2022-38327 RESERVED CVE-2022-38326 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) NOT-FOR-US: Tenda CVE-2022-38325 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) NOT-FOR-US: Tenda CVE-2022-38324 RESERVED CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...) NOT-FOR-US: Event Management System CVE-2022-38322 RESERVED CVE-2022-38321 RESERVED CVE-2022-38320 RESERVED CVE-2022-38319 RESERVED CVE-2022-38318 RESERVED CVE-2022-38317 RESERVED CVE-2022-38316 RESERVED CVE-2022-38315 RESERVED CVE-2022-38314 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38313 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38312 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38311 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a comm ...) NOT-FOR-US: TOTOLink CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...) NOT-FOR-US: LIEF CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...) NOT-FOR-US: LIEF CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...) NOT-FOR-US: Ricoh CVE-2022-2825 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PTC CVE-2022-2824 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: OpenEMR CVE-2022-2823 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2022-2822 (An attacker can freely brute force username and password and can takeo ...) - octoprint (bug #718591) CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository namelessm ...) NOT-FOR-US: NamelessMC/Nameless CVE-2022-2820 (Session Fixation in GitHub repository namelessmc/nameless prior to v2. ...) NOT-FOR-US: NamelessMC/Nameless CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0229-1 (unimportant) [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 NOTE: https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 (v9.0.0211) NOTE: Crash in CLI tool, no security impact CVE-2022-2818 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) NOT-FOR-US: Cockpit-HQ/Cockpit CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: AeroCMS CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which allows at ...) NOT-FOR-US: Onedev CVE-2022-38300 RESERVED CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...) NOT-FOR-US: Appsmith CVE-2022-38298 (Appsmith v1.7.11 was discovered to allow attackers to execute an authe ...) NOT-FOR-US: Appsmith CVE-2022-38297 (UCMS v1.6.0 contains an authentication bypass vulnerability which is e ...) NOT-FOR-US: UCMS CVE-2022-38296 (Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Cuppa CMS CVE-2022-38295 (Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulner ...) NOT-FOR-US: Cuppa CMS CVE-2022-38294 RESERVED CVE-2022-38293 RESERVED CVE-2022-38292 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...) NOT-FOR-US: SLiMS Senayan Library Management System CVE-2022-38291 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...) NOT-FOR-US: SLiMS Senayan Library Management System CVE-2022-38290 RESERVED CVE-2022-38289 REJECTED CVE-2022-38288 RESERVED CVE-2022-38287 REJECTED CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.) NOT-FOR-US: JFinal CMS CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.) NOT-FOR-US: JFinal CMS CVE-2022-38284 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department ...) NOT-FOR-US: JFinal CMS CVE-2022-38283 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.) NOT-FOR-US: JFinal CMS CVE-2022-38282 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/ ...) NOT-FOR-US: JFinal CMS CVE-2022-38281 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.) NOT-FOR-US: JFinal CMS CVE-2022-38280 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.) NOT-FOR-US: JFinal CMS CVE-2022-38279 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/ ...) NOT-FOR-US: JFinal CMS CVE-2022-38278 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylin ...) NOT-FOR-US: JFinal CMS CVE-2022-38277 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollp ...) NOT-FOR-US: JFinal CMS CVE-2022-38276 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotic ...) NOT-FOR-US: JFinal CMS CVE-2022-38275 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/lis ...) NOT-FOR-US: JFinal CMS CVE-2022-38274 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/lis ...) NOT-FOR-US: JFinal CMS CVE-2022-38273 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...) NOT-FOR-US: JFinal CMS CVE-2022-38272 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...) NOT-FOR-US: JFinal CMS CVE-2022-38271 RESERVED CVE-2022-38270 RESERVED CVE-2022-38269 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) NOT-FOR-US: School Activity Updates with SMS Notification CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows attackers to ...) {DLA-3233-1} - leptonlib 1.82.0-1 [bullseye] - leptonlib 1.79.0-1.1+deb11u1 NOTE: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 (1.81.0) NOTE: https://github.com/tesseract-ocr/tesseract/issues/3498 CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Apartment Visitor Management System CVE-2022-38264 RESERVED CVE-2022-38263 RESERVED CVE-2022-38262 RESERVED CVE-2022-38261 RESERVED CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Interview Management System CVE-2022-38259 RESERVED CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 all ...) NOT-FOR-US: D-Link CVE-2022-38257 RESERVED CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...) NOT-FOR-US: TastyIgniter CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Interview Management System CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...) NOT-FOR-US: Nagios XI CVE-2022-38253 RESERVED CVE-2022-38252 RESERVED CVE-2022-38251 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Nagios XI CVE-2022-38250 (Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: Nagios XI CVE-2022-38249 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Nagios XI CVE-2022-38248 (Nagios XI before v5.8.7 was discovered to contain multiple cross-site ...) NOT-FOR-US: Nagios XI CVE-2022-38247 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Nagios XI CVE-2022-38246 RESERVED CVE-2022-38245 RESERVED CVE-2022-38244 RESERVED CVE-2022-38243 RESERVED CVE-2022-38242 RESERVED CVE-2022-38241 RESERVED CVE-2022-38240 RESERVED CVE-2022-38239 RESERVED CVE-2022-38238 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38237 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38236 (XPDF commit ffaf11c was discovered to contain a global-buffer overflow ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38232 RESERVED CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38230 (XPDF commit ffaf11c was discovered to contain a floating point excepti ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38229 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38228 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38227 (XPDF commit ffaf11c was discovered to contain a stack overflow via __a ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38226 RESERVED CVE-2022-38225 RESERVED CVE-2022-38224 RESERVED CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...) {DLA-3541-1} - w3m 0.5.3+git20230121-1 (bug #1019599) [bullseye] - w3m 0.5.3+git20210102-6+deb11u1 NOTE: https://github.com/tats/w3m/issues/242 NOTE: Initial fix: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa NOTE: Follow-up fix: https://github.com/tats/w3m/commit/25fb402cea405b263466c627f32513d186a38ade CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...) NOT-FOR-US: The Isle Evrima CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems Management Appli ...) NOT-FOR-US: Quest KACE Systems Management Appliance (SMA) CVE-2022-38219 RESERVED CVE-2022-38218 RESERVED CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213.) - vim 2:9.0.0229-1 (unimportant) [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f NOTE: https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20 (v9.0.0213) NOTE: Crash in CLI tool, no security impact CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.) - vim 2:9.0.0229-1 (unimportant) NOTE: https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58 NOTE: https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666 (v9.0.0212) NOTE: Crash in CLI tool, no security impact CVE-2022-38217 RESERVED CVE-2022-2815 (Insecure Storage of Sensitive Information in GitHub repository publify ...) NOT-FOR-US: Publify CVE-2022-2814 (A vulnerability has been found in SourceCodester Simple and Nice Shopp ...) NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester CVE-2022-2812 (A vulnerability classified as critical was found in SourceCodester Gue ...) NOT-FOR-US: SourceCodester CVE-2022-2811 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester CVE-2022-2810 RESERVED CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native library ...) NOT-FOR-US: Mapbox CVE-2022-38215 RESERVED CVE-2022-38214 RESERVED CVE-2022-38213 RESERVED CVE-2022-38212 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) NOT-FOR-US: Esri CVE-2022-38211 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) NOT-FOR-US: Esri CVE-2022-38210 (There is a reflected HTML injection vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri CVE-2022-38209 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2022-38208 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...) NOT-FOR-US: Esri CVE-2022-38207 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2022-38206 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2022-38205 (In some non-default installations of Esri Portal for ArcGIS versions 1 ...) NOT-FOR-US: Esri CVE-2022-38204 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri CVE-2022-38203 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) NOT-FOR-US: Esri CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server versions ...) NOT-FOR-US: Esri CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...) NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...) NOT-FOR-US: ArcGIS Server CVE-2022-38199 (A remote file download issue can occur in some capabilities of Esri Ar ...) NOT-FOR-US: ArcGIS Server CVE-2022-38198 (There is a reflected cross site scripting issue in the Esri ArcGIS Ser ...) NOT-FOR-US: Esri ArcGIS Server CVE-2022-38197 (Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redir ...) NOT-FOR-US: Esri ArcGIS Server CVE-2022-38196 (Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vul ...) NOT-FOR-US: Esri ArcGIS Server CVE-2022-38195 (There is as reflected cross site scripting issue in Esri ArcGIS Server ...) NOT-FOR-US: Esri ArcGIS Server CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38185 RESERVED CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) - gitea CVE-2022-38182 RESERVED CVE-2022-38181 (The Arm Mali GPU kernel driver allows unprivileged users to access fre ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...) NOT-FOR-US: OpenBMC CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...) NOT-FOR-US: JetBrains Ktor CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...) NOT-FOR-US: JetBrains Ktor CVE-2022-38178 (By spoofing the target resolver with responses that have a malformed E ...) {DSA-5235-1 DLA-3138-1} - bind9 1:9.18.7-1 NOTE: https://kb.isc.org/docs/cve-2022-38178 NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec (v9_18_7) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d (v9_16_33) CVE-2022-38177 (By spoofing the target resolver with responses that have a malformed E ...) {DSA-5235-1 DLA-3138-1} - bind9 1:9.17.20-1 NOTE: https://kb.isc.org/docs/cve-2022-38177 NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 (v9_16_33) CVE-2022-2808 (Authorization Bypass Through User-Controlled Key vulnerability in Alga ...) NOT-FOR-US: Algan CVE-2022-2807 (SQL Injection vulnerability in Algan Software Prens Student Informatio ...) NOT-FOR-US: Algan CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...) NOT-FOR-US: ovirt-log-collector CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...) NOT-FOR-US: ovirt-engine CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management System and ...) NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-2802 (A vulnerability has been found in SourceCodester Gas Agency Management ...) NOT-FOR-US: SourceCodester Gas Agency Management System CVE-2022-2801 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Automated Beer Parlour Billing System CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2799 (The Affiliates Manager WordPress plugin before 2.9.14 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-2798 (The Affiliates Manager WordPress plugin before 2.9.14 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...) NOT-FOR-US: SourceCodester Student Information System CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-2795 (By flooding the target resolver with queries exploiting this flaw an a ...) {DSA-5235-1 DLA-3138-1} - bind9 1:9.18.7-1 NOTE: https://kb.isc.org/docs/cve-2022-2795 NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7) NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 (v9_16_33) CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect priv ...) NOT-FOR-US: YSoft CVE-2022-38175 RESERVED CVE-2022-38174 RESERVED CVE-2022-38173 RESERVED CVE-2022-38172 (ServiceNow through San Diego Patch 3 allows XSS via the name field dur ...) NOT-FOR-US: ServiceNow CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 d ...) NOT-FOR-US: xpdf (relevant issue for Poppler tracked as CVE-2022-38784) NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a potential deni ...) NOT-FOR-US: HP CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2791 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson Electric's Proficy Machine Edition CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2787 (Schroot before 1.6.13 had too permissive rules on chroot or session na ...) {DSA-5213-1 DLA-3075-1} - schroot 1.6.12-2 NOTE: https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d CVE-2022-38170 (In Apache Airflow prior to 2.3.4, an insecure umask was configured for ...) - airflow (bug #819700) CVE-2022-38082 RESERVED CVE-2022-2786 RESERVED CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF - Co ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/86f44fcec22ce2979507742bc53db8400e454f46 (6.0-rc1) CVE-2022-2784 RESERVED CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...) NOT-FOR-US: Octopus CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...) NOT-FOR-US: Octopus Server CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...) NOT-FOR-US: Octopus CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...) NOT-FOR-US: Octopus CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...) NOT-FOR-US: SourceCodester Gas Agency Management System CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...) NOT-FOR-US: Octopus Deploy CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2775 (The Fast Flow WordPress plugin before 1.2.13 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2772 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Book St ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Online Admission System CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...) NOT-FOR-US: SourceCodester Loan Management System CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved as Und ...) - undertow 2.2.21-1 NOTE: https://issues.redhat.com/browse/UNDERTOW-2048 NOTE: https://github.com/undertow-io/undertow/pull/1382 NOTE: https://github.com/undertow-io/undertow/pull/1386 NOTE: https://github.com/undertow-io/undertow/commit/09d4dc44da0eb7a0cfa5d943de32e06c7cb2f7d2 (2.2.21.Final) NOTE: https://github.com/undertow-io/undertow/commit/05ab8777ed7cc3510acf4550102e5e38fc706fd1 (2.2.21.Final) NOTE: https://github.com/undertow-io/undertow/commit/f60972d29949c6c7c557d591171e89c74013edd0 (2.2.21.Final) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2117506 CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...) NOT-FOR-US: WordPress plugin CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...) NOT-FOR-US: Octopus Deploy CVE-2022-38169 RESERVED CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pathfinde ...) NOT-FOR-US: Avaya Scopia Pathfinder CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.) NOT-FOR-US: Nintex Workflow plugin for SharePoint CVE-2022-38166 (In F-Secure Endpoint Protection for Windows and macOS before channel w ...) NOT-FOR-US: F-Secure CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...) NOT-FOR-US: WithSecure CVE-2022-38164 (A vulnerability affecting F-Secure SAFE browser for Android and iOS wa ...) NOT-FOR-US: WithSecure CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Br ...) NOT-FOR-US: WithSecure CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...) NOT-FOR-US: WithSecure CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...) NOT-FOR-US: Gumstix Overo SBC CVE-2022-38160 RESERVED CVE-2022-38159 RESERVED CVE-2022-38158 RESERVED CVE-2022-38157 RESERVED CVE-2022-38156 (A remote command injection issues exists in the web server of the Krat ...) NOT-FOR-US: Kratos SpectralNet CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...) NOT-FOR-US: Samsung mTower CVE-2022-38154 RESERVED CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...) - wolfssl 5.5.3-1 (bug #1021021) [bullseye] - wolfssl (Vulnerable code not present and session tickets not enabled) NOTE: https://github.com/wolfSSL/wolfssl/pull/5476 CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...) - wolfssl 5.5.3-1 (bug #1021021) [bullseye] - wolfssl (Minor issue) NOTE: https://github.com/wolfSSL/wolfssl/pull/5468 CVE-2022-38151 RESERVED CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose ...) NOT-FOR-US: Consul Template CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection.) NOT-FOR-US: SilverStripe CMS CVE-2022-38147 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 o ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38145 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...) NOT-FOR-US: SilverStripe CMS CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...) NOT-FOR-US: Linksys CVE-2022-38131 (RStudio Connect prior to 2023.01.0 is affected by an Open Redirect iss ...) NOT-FOR-US: RStudio Connect CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...) NOT-FOR-US: Keysight Sensor Management Server CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...) NOT-FOR-US: Keysight Sensor Management Server CVE-2022-38128 REJECTED CVE-2022-38127 REJECTED CVE-2022-38126 REJECTED CVE-2022-38125 (Improper Restriction of Communication Channel to Intended Endpoints vu ...) NOT-FOR-US: Secomea CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...) NOT-FOR-US: Secomea CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...) NOT-FOR-US: Secomea CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...) NOT-FOR-US: UPSMON PRO CVE-2022-38121 (UPSMON PRO configuration file stores user password in plaintext under ...) NOT-FOR-US: UPSMON PRO CVE-2022-38120 (UPSMON PRO\u2019s has a path traversal vulnerability. A remote attacke ...) NOT-FOR-US: UPSMON PRO CVE-2022-38119 (UPSMON Pro login function has insufficient authentication. An unauthen ...) NOT-FOR-US: UPSMON PRO CVE-2022-38118 (OAKlouds Portal website\u2019s Meeting Room has insufficient validatio ...) NOT-FOR-US: OAKlouds CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical attac ...) NOT-FOR-US: Juiker app CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...) NOT-FOR-US: Le-yan Personnel and Salary Management System CVE-2022-38103 (Insecure inherited permissions in the Intel(R) NUC Software Studio Ser ...) NOT-FOR-US: Intel CVE-2022-38092 RESERVED CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...) NOT-FOR-US: Intel CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) {DLA-3596-1} - firmware-nonfree (bug #1051892) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html NOTE: Fixed upstream in linux-firmware/20230804 CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...) - kolla (bug #804128) NOTE: https://bugs.launchpad.net/kolla/+bug/1985784 CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...) NOT-FOR-US: Intel CVE-2022-37336 (Improper input validation in BIOS firmware for some Intel(R) NUC may a ...) NOT-FOR-US: Intel CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...) NOT-FOR-US: Intel CVE-2022-36406 RESERVED CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) {DLA-3596-1} - firmware-nonfree (bug #1051892) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html NOTE: Fixed upstream in linux-firmware/20230804 CVE-2022-33893 RESERVED CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior ...) NOT-FOR-US: Delta Electronics CVE-2022-2758 (Passwords are not adequately encrypted during the communication proces ...) NOT-FOR-US: LS Industrial Systems (LSIS) Co. Ltd CVE-2022-2757 (Due to the lack of adequately implemented access-control rules, all ve ...) NOT-FOR-US: Kingspan TMS300 CS CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...) NOT-FOR-US: Kareadita/Kavita CVE-2022-2755 RESERVED CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-2752 (A vulnerability in the web server of Secomea GateManager allows a loca ...) NOT-FOR-US: Secomea CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2749 (A vulnerability was found in SourceCodester Gym Management System. It ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2748 (A vulnerability was found in SourceCodester Simple Online Book Store S ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2747 (A vulnerability was found in SourceCodester Simple Online Book Store a ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2746 (A vulnerability has been found in SourceCodester Simple Online Book St ...) NOT-FOR-US: SourceCodester Simple Online Book Store System CVE-2022-2745 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2744 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...) - varnish 7.1.1-1 [bullseye] - varnish (Vulnerable code not present) [buster] - varnish (Vulnerable code not present) NOTE: https://varnish-cache.org/security/VSV00009.html NOTE: Introduced by: https://github.com/varnishcache/varnish-cache/commit/f4dffe593b04a33f07423db3f9dc69eb428b2e85 (varnish-7.0.0) NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d (master) NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48 (varnish-7.1.1) CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods are disclo ...) NOT-FOR-US: Solarwinds CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly process ...) NOT-FOR-US: Solarwinds CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...) NOT-FOR-US: Solarwinds CVE-2022-38112 (In DPA 2022.4 and older releases, generated heap memory dumps contain ...) NOT-FOR-US: SolarWinds CVE-2022-38111 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-38110 (In Database Performance Analyzer (DPA) 2022.4 and older releases, cert ...) NOT-FOR-US: SolarWinds CVE-2022-38109 RESERVED CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-38107 (Sensitive information could be displayed when a detailed technical err ...) NOT-FOR-US: SolarWinds CVE-2022-38106 (This vulnerability happens in the web client versions 15.3.0 to Serv-U ...) NOT-FOR-US: Serv-U CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...) NOT-FOR-US: WordPress plugin CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1 ...) NOT-FOR-US: WordPress plugin CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event Calend ...) NOT-FOR-US: WordPress plugin CVE-2022-38062 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...) NOT-FOR-US: WordPress plugin CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export Post Inf ...) NOT-FOR-US: WordPress plugin CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...) NOT-FOR-US: WordPress plugin CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change vulnerability in WP ...) NOT-FOR-US: WordPress plugin CVE-2022-38054 (In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserv ...) - airflow (bug #819700) CVE-2022-37412 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2022-37411 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Cap ...) NOT-FOR-US: WordPress plugin CVE-2022-37407 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2022-37405 (Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better ...) NOT-FOR-US: WordPress plugin CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-37402 (Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...) NOT-FOR-US: WordPress plugin CVE-2022-37339 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-37338 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-37330 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-37328 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-36798 (Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Me ...) NOT-FOR-US: WordPress plugin CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities ...) NOT-FOR-US: WordPress plugin CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-36428 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock ...) NOT-FOR-US: WordPress plugin CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. About Rent ...) NOT-FOR-US: WordPress plugin CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4. ...) NOT-FOR-US: WordPress plugin CVE-2022-36422 (Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP ...) NOT-FOR-US: WordPress plugin CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...) NOT-FOR-US: WordPress plugin CVE-2022-36390 (Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About Me plug ...) NOT-FOR-US: WordPress plugin CVE-2022-36383 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...) NOT-FOR-US: WordPress plugin CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...) NOT-FOR-US: WordPress plugin CVE-2022-36365 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-36352 (Missing Authorization vulnerability in Profilegrid ProfileGrid \u2013 ...) NOT-FOR-US: WordPress plugin CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...) NOT-FOR-US: WordPress plugin CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-35277 (Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-35275 (Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vul ...) NOT-FOR-US: WordPress plugin CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec THE Lead ...) NOT-FOR-US: WordPress plugin CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...) NOT-FOR-US: WordPress plugin CVE-2022-31474 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: WordPress plugin CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...) NOT-FOR-US: WordPress plugin CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2742 (Use after free in Exosphere in Google Chrome on Chrome OS and Lacros p ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2741 (The denial-of-service can be triggered by transmitting a carefully cra ...) NOT-FOR-US: zephyr-rtos CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...) NOT-FOR-US: Red Hat specific release error CVE-2022-2738 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...) NOT-FOR-US: Red Hat specific release error CVE-2022-2737 (The WP STAGING WordPress plugin before 2.9.18 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...) {DSA-5226-1} - pcs 0.11.3-2 (bug #1018930) [buster] - pcs (Vulnerable code not present, see #1018930) NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815 NOTE: https://github.com/ClusterLabs/pcs/commit/de068e2066e377d1cc77edf25aed0198e4c77f7b CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: OpenEMR CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) NOT-FOR-US: OpenEMR CVE-2022-2732 (Missing Authorization in GitHub repository openemr/openemr prior to 7. ...) NOT-FOR-US: OpenEMR CVE-2022-2731 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) NOT-FOR-US: OpenEMR CVE-2022-2730 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: OpenEMR CVE-2022-2729 (Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr ...) NOT-FOR-US: OpenEMR CVE-2022-2728 (A vulnerability was found in SourceCodester Gym Management System. It ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management System. It ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2726 (A vulnerability classified as critical has been found in SEMCMS. This ...) NOT-FOR-US: SEMCMS CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38052 RESERVED CVE-2022-38051 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38045 (Windows Server Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38043 (Windows Security Support Provider Interface Information Disclosure Vul ...) NOT-FOR-US: Microsoft CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38035 RESERVED CVE-2022-38034 (Windows Workstation Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information Disclosur ...) NOT-FOR-US: Microsoft CVE-2022-38032 (Windows Portable Device Enumerator Service Security Feature Bypass Vul ...) NOT-FOR-US: Microsoft CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-38024 RESERVED CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability) - samba 2:4.17.4+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38018 RESERVED CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38009 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38008 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38007 (Azure Guest Configuration and Azure Arc-enabled servers Elevation of P ...) NOT-FOR-US: Microsoft CVE-2022-38006 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38003 (Windows Resilient File System Elevation of Privilege) NOT-FOR-US: Microsoft CVE-2022-38002 RESERVED CVE-2022-38001 (Microsoft Office Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37997 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37985 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature Bypass) NOT-FOR-US: Microsoft CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of Service V ...) NOT-FOR-US: Microsoft CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-37968 (

Microsoft has identified a vulnerability affecting the cluster conn ...) NOT-FOR-US: Microsoft CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability) - samba 2:4.17.4+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability) - samba 2:4.17.4+dfsg-1 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37962 (Microsoft PowerPoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37961 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37960 RESERVED CVE-2022-37959 (Network Device Enrollment Service (NDES) Security Feature Bypass Vulne ...) NOT-FOR-US: Microsoft CVE-2022-37958 (SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2022-37957 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37956 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37955 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37954 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) NOT-FOR-US: GE Gas Power CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) NOT-FOR-US: iHistorian Data Display of WorkstationST CVE-2022-37951 REJECTED CVE-2022-37950 REJECTED CVE-2022-37949 REJECTED CVE-2022-37948 REJECTED CVE-2022-37947 REJECTED CVE-2022-37946 REJECTED CVE-2022-37945 REJECTED CVE-2022-37944 REJECTED CVE-2022-37943 REJECTED CVE-2022-37942 REJECTED CVE-2022-37941 REJECTED CVE-2022-37940 (Potential security vulnerabilities have been identified in the HPE Fle ...) NOT-FOR-US: HPE CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...) NOT-FOR-US: HPE CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...) NOT-FOR-US: HPE CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard) NOT-FOR-US: HPE CVE-2022-37936 (Unauthenticated Java deserialization vulnerability in Serviceguard Man ...) NOT-FOR-US: HPE CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may disclose ...) NOT-FOR-US: HPE OneView for VMware vCenter CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...) NOT-FOR-US: HPE CVE-2022-37933 (A potential security vulnerability has been identified in HPE Superdom ...) NOT-FOR-US: HPE CVE-2022-37932 (A potential security vulnerability has been identified in Hewlett Pack ...) NOT-FOR-US: HPE CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...) NOT-FOR-US: HPE CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) NOT-FOR-US: HPE CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...) NOT-FOR-US: HPE CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in Hewlet ...) NOT-FOR-US: HPE CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...) NOT-FOR-US: HPE CVE-2022-37926 (A vulnerability within the web-based management interface of EdgeConne ...) NOT-FOR-US: Aruba CVE-2022-37925 (A vulnerability within the web-based management interface of Aruba Edg ...) NOT-FOR-US: Aruba CVE-2022-37924 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-37923 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-37922 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-37921 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An ...) NOT-FOR-US: Aruba CVE-2022-37918 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) NOT-FOR-US: Aruba CVE-2022-37917 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) NOT-FOR-US: Aruba CVE-2022-37916 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) NOT-FOR-US: Aruba CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) NOT-FOR-US: Aruba CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...) NOT-FOR-US: Aruba CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...) NOT-FOR-US: Aruba CVE-2022-37912 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37911 (Due to improper restrictions on XML entities multiple vulnerabilities ...) NOT-FOR-US: Aruba CVE-2022-37910 (A buffer overflow vulnerability exists in the ArubaOS command line int ...) NOT-FOR-US: Aruba CVE-2022-37909 (Aruba has identified certain configurations of ArubaOS that can lead t ...) NOT-FOR-US: Aruba CVE-2022-37908 (An authenticated attacker can impact the integrity of the ArubaOS boot ...) NOT-FOR-US: Aruba CVE-2022-37907 (A vulnerability exists in the ArubaOS bootloader on 7xxx series contro ...) NOT-FOR-US: Aruba CVE-2022-37906 (An authenticated path traversal vulnerability exists in the ArubaOS co ...) NOT-FOR-US: Aruba CVE-2022-37905 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...) NOT-FOR-US: Aruba CVE-2022-37904 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...) NOT-FOR-US: Aruba CVE-2022-37903 (A vulnerability exists that allows an authenticated attacker to overwr ...) NOT-FOR-US: Aruba CVE-2022-37902 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37901 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37900 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37899 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37898 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) NOT-FOR-US: Aruba CVE-2022-37897 (There is a command injection vulnerability that could lead to unauthen ...) NOT-FOR-US: Aruba CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...) NOT-FOR-US: Aruba CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) NOT-FOR-US: Aruba CVE-2022-37894 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) NOT-FOR-US: Aruba CVE-2022-37893 (An authenticated command injection vulnerability exists in the Aruba I ...) NOT-FOR-US: Aruba CVE-2022-37892 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...) NOT-FOR-US: Aruba CVE-2022-37891 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...) NOT-FOR-US: Aruba CVE-2022-37890 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...) NOT-FOR-US: Aruba CVE-2022-37889 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2022-37887 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2022-37886 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2022-37885 (There are buffer overflow vulnerabilities in multiple underlying servi ...) NOT-FOR-US: Aruba CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest User Inte ...) NOT-FOR-US: Aruba CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37882 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37881 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37880 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37879 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37878 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-37877 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...) NOT-FOR-US: Aruba CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2022-2723 (A vulnerability was found in SourceCodester Employee Management System ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student Information ...) NOT-FOR-US: SourceCodester Simple Student Information System CVE-2022-2721 (In affected versions of Octopus Server it is possible for target disco ...) NOT-FOR-US: Octopus Server CVE-2022-2720 (In affected versions of Octopus Server it was identified that when a s ...) NOT-FOR-US: Octopus Server CVE-2021-46833 RESERVED CVE-2021-46832 RESERVED CVE-2022-37876 RESERVED CVE-2022-37875 RESERVED CVE-2022-37874 RESERVED CVE-2022-37873 RESERVED CVE-2022-37872 RESERVED CVE-2022-37871 RESERVED CVE-2022-37870 RESERVED CVE-2022-37869 RESERVED CVE-2022-37868 RESERVED CVE-2022-37867 RESERVED CVE-2022-37866 (When Apache Ivy downloads artifacts from a repository it stores them i ...) NOT-FOR-US: Apache Ivy CVE-2022-37865 (With Apache Ivy 2.4.0 an optional packaging attribute has been introdu ...) NOT-FOR-US: Apache Ivy CVE-2022-37864 (A vulnerability has been identified in Solid Edge (All Versions < SE20 ...) NOT-FOR-US: Solid Edge CVE-2022-35733 (Missing authentication for critical function vulnerability in UNIMO Te ...) NOT-FOR-US: Technology digital video recorders firmware CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure when ...) - imagemagick (Specific to IM7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537 NOTE: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49 CVE-2022-2718 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...) NOT-FOR-US: WordPress plugin CVE-2022-2717 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...) NOT-FOR-US: WordPress plugin CVE-2022-2716 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...) NOT-FOR-US: SourceCodester Employee Management System CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...) NOT-FOR-US: Cockpit-HQ/Cockpit CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability ...) - glassfish CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...) NOT-FOR-US: WordPress plugin CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...) NOT-FOR-US: WordPress plugin CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-37863 RESERVED CVE-2022-37862 RESERVED CVE-2022-37861 (There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 ...) NOT-FOR-US: Tenhot TWS-100 router CVE-2022-37860 (The web configuration interface of the TP-Link M7350 V3 with firmware ...) NOT-FOR-US: TP-Link CVE-2022-37859 RESERVED CVE-2022-37858 RESERVED CVE-2022-37857 (bilde2910 Hauk v1.6.1 requires a hardcoded password which by default i ...) NOT-FOR-US: bilde2910 Hauk CVE-2022-37856 RESERVED CVE-2022-37855 RESERVED CVE-2022-37854 RESERVED CVE-2022-37853 RESERVED CVE-2022-37852 RESERVED CVE-2022-37851 RESERVED CVE-2022-37850 RESERVED CVE-2022-37849 RESERVED CVE-2022-37848 RESERVED CVE-2022-37847 RESERVED CVE-2022-37846 RESERVED CVE-2022-37845 RESERVED CVE-2022-37844 RESERVED CVE-2022-37843 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired ...) NOT-FOR-US: TOTOLINK CVE-2022-37842 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat. ...) NOT-FOR-US: TOTOLINK CVE-2022-37841 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded passwo ...) NOT-FOR-US: TOTOLINK CVE-2022-37840 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downlo ...) NOT-FOR-US: TOTOLINK CVE-2022-37839 (TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflo ...) NOT-FOR-US: TOTOLINK CVE-2022-37838 RESERVED CVE-2022-37837 RESERVED CVE-2022-37836 RESERVED CVE-2022-37835 (Torguard VPN 4.8, has a vulnerability that allows an attacker to dump ...) NOT-FOR-US: Torguard VPN CVE-2022-37834 RESERVED CVE-2022-37833 RESERVED CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password.) NOT-FOR-US: Mutiny CVE-2022-37831 RESERVED CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: Interway a.s WebJET CMS CVE-2022-37829 RESERVED CVE-2022-37828 RESERVED CVE-2022-37827 RESERVED CVE-2022-37826 RESERVED CVE-2022-37825 RESERVED CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) NOT-FOR-US: Tenda CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37811 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37810 (Tenda AC1206 V15.03.06.23 was discovered to contain a command injectio ...) NOT-FOR-US: Tenda CVE-2022-37809 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37808 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37807 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37806 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37805 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37804 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37803 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37802 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37801 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37800 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-37797 (In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...) {DSA-5243-1 DLA-3133-1} - lighttpd 1.4.66-1 NOTE: https://redmine.lighttpd.net/issues/3165 NOTE: https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/971773f1fae600074b46ef64f3ca1f76c227985f (lighttpd-1.4.66) CVE-2022-37796 (In Simple Online Book Store System 1.0 in /admin_book.php the Title, A ...) NOT-FOR-US: Simple Online Book Store System CVE-2022-37795 RESERVED CVE-2022-37794 (In Library Management System 1.0 the /card/in-card.php file id_no para ...) NOT-FOR-US: Library Management System CVE-2022-37793 RESERVED CVE-2022-37792 RESERVED CVE-2022-37791 RESERVED CVE-2022-37790 RESERVED CVE-2022-37789 RESERVED CVE-2022-37788 RESERVED CVE-2022-37787 (An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerabil ...) NOT-FOR-US: WeCube CVE-2022-37786 (An issue was discovered in WeCube Platform 3.2.2. There are multiple C ...) NOT-FOR-US: WeCube CVE-2022-37785 (An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords ...) NOT-FOR-US: WeCube CVE-2022-37784 RESERVED CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hash ...) NOT-FOR-US: Craft CMS CVE-2022-37782 RESERVED CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __i ...) - fdkaac (unimportant; bug #1017754) NOTE: https://github.com/nu774/fdkaac/issues/54 NOTE: https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c NOTE: Crash in CLI tool, no security impact CVE-2022-37780 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers CVE-2022-37779 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers CVE-2022-37778 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers CVE-2022-37777 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.1 ...) NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers CVE-2022-37776 RESERVED CVE-2022-37775 (Genesys PureConnect Interaction Web Tools Chat Service (up to at least ...) NOT-FOR-US: Genesys PureConnect Interaction Web Tools Chat Service CVE-2022-37774 (There is a broken access control vulnerability in the Maarch RM 2.8.3 ...) NOT-FOR-US: Maarch RM CVE-2022-37773 (An authenticated SQL Injection vulnerability in the statistics page (/ ...) NOT-FOR-US: Maarch RM CVE-2022-37772 (Maarch RM 2.8.3 solution contains an improper restriction of excessive ...) NOT-FOR-US: Maarch RM CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...) NOT-FOR-US: IObit Malware Fighter CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) - libjpeg 0.0~git20220805.54ec643-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/79 NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 NOTE: Crash in CLI tool, no security impact CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) - libjpeg 0.0~git20220805.54ec643-1 (bug #1025339) [bullseye] - libjpeg (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/78 NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via ...) - libjpeg 0.0~git20220805.54ec643-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/77 NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 NOTE: Hang in CLI tool, no security impact CVE-2022-37767 (Pebble Templates 3.1.5 allows attackers to bypass a protection mechani ...) NOT-FOR-US: Pebble Templates CVE-2022-37766 RESERVED CVE-2022-37765 RESERVED CVE-2022-37764 RESERVED CVE-2022-37763 RESERVED CVE-2022-37762 RESERVED CVE-2022-37761 RESERVED CVE-2022-37760 RESERVED CVE-2022-37759 RESERVED CVE-2022-37758 RESERVED CVE-2022-37757 RESERVED CVE-2022-37756 RESERVED CVE-2022-37755 RESERVED CVE-2022-37754 RESERVED CVE-2022-37753 RESERVED CVE-2022-37752 RESERVED CVE-2022-37751 RESERVED CVE-2022-37750 RESERVED CVE-2022-37749 RESERVED CVE-2022-37748 RESERVED CVE-2022-37747 RESERVED CVE-2022-37746 RESERVED CVE-2022-37745 RESERVED CVE-2022-37744 RESERVED CVE-2022-37743 RESERVED CVE-2022-37742 RESERVED CVE-2022-37741 RESERVED CVE-2022-37740 RESERVED CVE-2022-37739 RESERVED CVE-2022-37738 RESERVED CVE-2022-37737 RESERVED CVE-2022-37736 RESERVED CVE-2022-37735 RESERVED CVE-2022-37734 (graphql-java before19.0 is vulnerable to Denial of Service. An attacke ...) NOT-FOR-US: graphql-java CVE-2022-37733 RESERVED CVE-2022-37732 RESERVED CVE-2022-37731 (ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts mal ...) NOT-FOR-US: ftcms CVE-2022-37730 (In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerabili ...) NOT-FOR-US: ftcms CVE-2022-37729 RESERVED CVE-2022-37728 RESERVED CVE-2022-37727 RESERVED CVE-2022-37726 RESERVED CVE-2022-37725 RESERVED CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary ...) NOT-FOR-US: Project Wonder WebObjects CVE-2022-37723 RESERVED CVE-2022-37722 RESERVED CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when ...) NOT-FOR-US: PyroCMS CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: Orchard CMS CVE-2022-37719 (A Cross-Site Request Forgery (CSRF) in the management portal of JetNex ...) NOT-FOR-US: JetNexus CVE-2022-37718 (The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was di ...) NOT-FOR-US: JetNexus CVE-2022-37717 RESERVED CVE-2022-37716 RESERVED CVE-2022-37715 RESERVED CVE-2022-37714 RESERVED CVE-2022-37713 RESERVED CVE-2022-37712 RESERVED CVE-2022-37711 RESERVED CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ...) NOT-FOR-US: Patterson Dental Eaglesoft CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...) NOT-FOR-US: Tesla CVE-2022-37708 REJECTED CVE-2022-37707 RESERVED CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...) {DSA-5233-1 DLA-3115-1} - e17 0.25.4-1 NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141 CVE-2022-37705 (A privilege escalation flaw was found in Amanda 3.5.1 in which the bac ...) {DLA-3681-1} - amanda 1:3.5.1-10 (bug #1029829) [bullseye] - amanda (Minor issue) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37705 NOTE: https://github.com/zmanda/amanda/issues/192 NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2 NOTE: https://github.com/zmanda/amanda/pull/196 NOTE: https://github.com/zmanda/amanda/commit/43c5b32f46186f3ed78fe6c7503096fa9ad1236c CVE-2022-37704 (Amanda 3.5.1 allows privilege escalation from the regular user backup ...) {DLA-3330-1} - amanda 1:3.5.1-10 (bug #1029829) [bullseye] - amanda (Minor issue) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37704 NOTE: https://github.com/zmanda/amanda/issues/192 NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2 NOTE: https://github.com/zmanda/amanda/pull/197 NOTE: https://github.com/zmanda/amanda/commit/e890d08e16ea0621966a7ae35cce53ccb44a472e NOTE: Followup: https://github.com/zmanda/amanda/pull/202 CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...) {DLA-3681-1} - amanda 1:3.5.1-10 (bug #1021017) [bullseye] - amanda (Minor issue) NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703 NOTE: https://github.com/zmanda/amanda/issues/192 NOTE: https://github.com/zmanda/amanda/pull/198 NOTE: https://github.com/zmanda/amanda/commit/b1dd708728fcab5e3a49ba5c0fb754776242efc3 CVE-2022-37702 RESERVED CVE-2022-37701 RESERVED CVE-2022-37700 (Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obt ...) NOT-FOR-US: Zentao Demo15 CVE-2022-37699 RESERVED CVE-2022-37698 RESERVED CVE-2022-37697 RESERVED CVE-2022-37696 RESERVED CVE-2022-37695 RESERVED CVE-2022-37694 RESERVED CVE-2022-37693 RESERVED CVE-2022-37692 RESERVED CVE-2022-37691 RESERVED CVE-2022-37690 RESERVED CVE-2022-37689 RESERVED CVE-2022-37688 RESERVED CVE-2022-37687 RESERVED CVE-2022-37686 RESERVED CVE-2022-37685 RESERVED CVE-2022-37684 RESERVED CVE-2022-37683 RESERVED CVE-2022-37682 RESERVED CVE-2022-37681 (Hitachi Kokusai Electric Newtork products for monitoring system (Camer ...) NOT-FOR-US: Hitachi Kokusai Electric Inc ISnex HC-IP9100HD CVE-2022-37680 (An improper authentication for critical function issue in Hitachi Koku ...) NOT-FOR-US: Hitachi CVE-2022-37679 (Miniblog.Core v1.0 was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: Miniblog.Core CVE-2022-37678 RESERVED CVE-2022-37677 RESERVED CVE-2022-37676 RESERVED CVE-2022-37675 RESERVED CVE-2022-37674 RESERVED CVE-2022-37673 RESERVED CVE-2022-37672 RESERVED CVE-2022-37671 RESERVED CVE-2022-37670 RESERVED CVE-2022-37669 RESERVED CVE-2022-37668 RESERVED CVE-2022-37667 RESERVED CVE-2022-37666 RESERVED CVE-2022-37665 RESERVED CVE-2022-37664 RESERVED CVE-2022-37663 RESERVED CVE-2022-37662 RESERVED CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remo ...) NOT-FOR-US: SmartRG CVE-2022-37660 RESERVED CVE-2022-37659 RESERVED CVE-2022-37658 RESERVED CVE-2022-37657 RESERVED CVE-2022-37656 RESERVED CVE-2022-37655 RESERVED CVE-2022-37654 RESERVED CVE-2022-37653 RESERVED CVE-2022-37652 RESERVED CVE-2022-37651 RESERVED CVE-2022-37650 RESERVED CVE-2022-37649 RESERVED CVE-2022-37648 RESERVED CVE-2022-37647 RESERVED CVE-2022-37646 RESERVED CVE-2022-37645 RESERVED CVE-2022-37644 RESERVED CVE-2022-37643 RESERVED CVE-2022-37642 RESERVED CVE-2022-37641 RESERVED CVE-2022-37640 RESERVED CVE-2022-37639 RESERVED CVE-2022-37638 RESERVED CVE-2022-37637 RESERVED CVE-2022-37636 RESERVED CVE-2022-37635 RESERVED CVE-2022-37634 RESERVED CVE-2022-37633 RESERVED CVE-2022-37632 RESERVED CVE-2022-37631 RESERVED CVE-2022-37630 RESERVED CVE-2022-37629 RESERVED CVE-2022-37628 RESERVED CVE-2022-37627 RESERVED CVE-2022-37626 RESERVED CVE-2022-37625 RESERVED CVE-2022-37624 RESERVED CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in resolve- ...) NOT-FOR-US: browserify-shim CVE-2022-37622 RESERVED CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...) NOT-FOR-US: browserify-shim CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...) - html-minifier (bug #857108) CVE-2022-37619 RESERVED CVE-2022-37618 RESERVED CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...) NOT-FOR-US: Node browserify-shim CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...) {DLA-3154-1} - node-xmldom 0.8.3-1 (bug #1021618) [bullseye] - node-xmldom 0.5.0-1+deb11u1 NOTE: https://github.com/xmldom/xmldom/issues/436 NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd (0.9.0-beta.2) NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/7c0d4b7fbf74079060a2f135a369adeeccaf4b18 (0.8.3) CVE-2022-37615 RESERVED CVE-2022-37614 (Prototype pollution vulnerability in function enable in mockery.js in ...) NOT-FOR-US: Node mockery CVE-2022-37613 RESERVED CVE-2022-37612 RESERVED CVE-2022-37611 (Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the pa ...) NOT-FOR-US: Node gh-pages CVE-2022-37610 RESERVED CVE-2022-37609 (Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 v ...) NOT-FOR-US: Node js-beautify CVE-2022-37608 RESERVED CVE-2022-37607 RESERVED CVE-2022-37606 RESERVED CVE-2022-37605 RESERVED CVE-2022-37604 RESERVED CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...) - node-loader-utils 2.0.4-1 [bullseye] - node-loader-utils 2.0.0-1+deb11u1 [buster] - node-loader-utils (Vulnerable regex introduced in upstream v1.2.0) NOTE: https://github.com/webpack/loader-utils/issues/213 NOTE: https://github.com/webpack/loader-utils/pull/225 NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4) CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...) NOT-FOR-US: karma-runner grunt-karma CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...) {DLA-3258-1} - node-loader-utils 2.0.3-1 [bullseye] - node-loader-utils 2.0.0-1+deb11u1 NOTE: https://github.com/webpack/loader-utils/issues/212 NOTE: https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c (v2.0.3) CVE-2022-37600 RESERVED CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...) - node-loader-utils 2.0.4-1 [bullseye] - node-loader-utils 2.0.0-1+deb11u1 [buster] - node-loader-utils (Vulnerable regex introduced in upstream v1.2.0) NOTE: https://github.com/webpack/loader-utils/issues/211 NOTE: https://github.com/webpack/loader-utils/pull/225 NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4) CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in ast.js in mis ...) - uglify-js (unimportant) - uglifyjs (unimportant) NOTE: https://github.com/mishoo/UglifyJS/issues/5699 NOTE: Issue is not considered valid from upstream in NOTE: https://github.com/mishoo/UglifyJS/issues/5721#issuecomment-1292849604 CVE-2022-37597 RESERVED CVE-2022-37596 RESERVED CVE-2022-37595 RESERVED CVE-2022-37594 RESERVED CVE-2022-37593 RESERVED CVE-2022-37592 RESERVED CVE-2022-37591 RESERVED CVE-2022-37590 RESERVED CVE-2022-37589 RESERVED CVE-2022-37588 RESERVED CVE-2022-37587 RESERVED CVE-2022-37586 RESERVED CVE-2022-37585 RESERVED CVE-2022-37584 RESERVED CVE-2022-37583 RESERVED CVE-2022-37582 RESERVED CVE-2022-37581 RESERVED CVE-2022-37580 RESERVED CVE-2022-37579 RESERVED CVE-2022-37578 RESERVED CVE-2022-37577 RESERVED CVE-2022-37576 RESERVED CVE-2022-37575 RESERVED CVE-2022-37574 RESERVED CVE-2022-37573 RESERVED CVE-2022-37572 RESERVED CVE-2022-37571 RESERVED CVE-2022-37570 RESERVED CVE-2022-37569 RESERVED CVE-2022-37568 RESERVED CVE-2022-37567 RESERVED CVE-2022-37566 RESERVED CVE-2022-37565 RESERVED CVE-2022-37564 RESERVED CVE-2022-37563 RESERVED CVE-2022-37562 RESERVED CVE-2022-37561 RESERVED CVE-2022-37560 RESERVED CVE-2022-37559 RESERVED CVE-2022-37558 RESERVED CVE-2022-37557 RESERVED CVE-2022-37556 RESERVED CVE-2022-37555 RESERVED CVE-2022-37554 RESERVED CVE-2022-37553 RESERVED CVE-2022-37552 RESERVED CVE-2022-37551 RESERVED CVE-2022-37550 RESERVED CVE-2022-37549 RESERVED CVE-2022-37548 RESERVED CVE-2022-37547 RESERVED CVE-2022-37546 RESERVED CVE-2022-37545 RESERVED CVE-2022-37544 RESERVED CVE-2022-37543 RESERVED CVE-2022-37542 RESERVED CVE-2022-37541 RESERVED CVE-2022-37540 RESERVED CVE-2022-37539 RESERVED CVE-2022-37538 RESERVED CVE-2022-37537 RESERVED CVE-2022-37536 RESERVED CVE-2022-37535 RESERVED CVE-2022-37534 RESERVED CVE-2022-37533 RESERVED CVE-2022-37532 RESERVED CVE-2022-37531 RESERVED CVE-2022-37530 RESERVED CVE-2022-37529 RESERVED CVE-2022-37528 RESERVED CVE-2022-37527 RESERVED CVE-2022-37526 RESERVED CVE-2022-37525 RESERVED CVE-2022-37524 RESERVED CVE-2022-37523 RESERVED CVE-2022-37522 RESERVED CVE-2022-37521 RESERVED CVE-2022-37520 RESERVED CVE-2022-37519 RESERVED CVE-2022-37518 RESERVED CVE-2022-37517 RESERVED CVE-2022-37516 RESERVED CVE-2022-37515 RESERVED CVE-2022-37514 RESERVED CVE-2022-37513 RESERVED CVE-2022-37512 RESERVED CVE-2022-37511 RESERVED CVE-2022-37510 RESERVED CVE-2022-37509 RESERVED CVE-2022-37508 RESERVED CVE-2022-37507 RESERVED CVE-2022-37506 RESERVED CVE-2022-37505 RESERVED CVE-2022-37504 RESERVED CVE-2022-37503 RESERVED CVE-2022-37502 RESERVED CVE-2022-37501 RESERVED CVE-2022-37500 RESERVED CVE-2022-37499 RESERVED CVE-2022-37498 RESERVED CVE-2022-37497 RESERVED CVE-2022-37496 RESERVED CVE-2022-37495 RESERVED CVE-2022-37494 RESERVED CVE-2022-37493 RESERVED CVE-2022-37492 RESERVED CVE-2022-37491 RESERVED CVE-2022-37490 RESERVED CVE-2022-37489 RESERVED CVE-2022-37488 RESERVED CVE-2022-37487 RESERVED CVE-2022-37486 RESERVED CVE-2022-37485 RESERVED CVE-2022-37484 RESERVED CVE-2022-37483 RESERVED CVE-2022-37482 RESERVED CVE-2022-37481 RESERVED CVE-2022-37480 RESERVED CVE-2022-37479 RESERVED CVE-2022-37478 RESERVED CVE-2022-37477 RESERVED CVE-2022-37476 RESERVED CVE-2022-37475 RESERVED CVE-2022-37474 RESERVED CVE-2022-37473 RESERVED CVE-2022-37472 RESERVED CVE-2022-37471 RESERVED CVE-2022-37470 RESERVED CVE-2022-37469 RESERVED CVE-2022-37468 RESERVED CVE-2022-37467 RESERVED CVE-2022-37466 RESERVED CVE-2022-37465 RESERVED CVE-2022-37464 RESERVED CVE-2022-37463 RESERVED CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget i ...) NOT-FOR-US: Upstream Works Agent Desktop for Cisco Finesse CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...) NOT-FOR-US: Canon Medical Vitrea View CVE-2022-37460 REJECTED CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before ...) NOT-FOR-US: Ampere CVE-2022-37458 (Discourse through 2.8.7 allows admins to send invitations to arbitrary ...) NOT-FOR-US: Discourse CVE-2022-37457 RESERVED CVE-2022-37456 RESERVED CVE-2022-37455 RESERVED CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...) {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3243-1 DLA-3175-1 DLA-3174-1} - php8.1 8.1.12-1 - php7.4 - php7.3 - python3.10 3.10.9-1 (unimportant) - python3.9 (unimportant) - python3.7 - python2.7 (Vulnerable code introduced later) - pysha3 1.0.2-5 (bug #1023030) - pypy3 7.3.9+dfsg-5 [buster] - pypy3 (Vulnerable code not present before we switch to the 3.6 branch in 7.1.1+dfsg-1) NOTE: https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 NOTE: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a NOTE: https://mouha.be/sha-3-buffer-overflow/ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81738 NOTE: PHP fixed in: 7.4.33, 8.0.25, 8.1.12 NOTE: For PHP, introduced in: https://github.com/php/php-src/commit/91663a92d1697fc30a7ba4687d73e0f63ec2baa1 (php-7.2.0alpha1) NOTE: Fixed by: https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd (php-8.2.0RC5) NOTE: https://github.com/python/cpython/issues/98517 NOTE: https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (v3.10.9) NOTE: https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (v3.9.16) NOTE: https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (v3.8.16) NOTE: https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (v3.7.16) NOTE: For Python, introduced in: https://github.com/python/cpython/commit/6fe2a75b645044ca2b5dac03e8d850567b547a9a (3.6) NOTE: Versions which have the OpenSSL sha3 delegation are not affected by the issue and only ship NOTE: source-wise the bundled _sha3 XKCP module code. NOTE: OpenSSL sha3 delegation added in https://github.com/python/cpython/commit/d5b3f6b7f9fc74438009af63f1de01bd77be9385 (v3.9.0b1) NOTE: https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html NOTE: pypy3 fix: https://foss.heptapod.net/pypy/pypy/-/commit/860b897b2611a4099ef9c63ce848fdec89c74b31 CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffe ...) NOT-FOR-US: Softing CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...) NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...) NOT-FOR-US: SourceCodester Simple Student Information System CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) NOT-FOR-US: SourceCodester Simple E-Learning System CVE-2022-2696 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...) NOT-FOR-US: WordPress plugin CVE-2022-2695 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) NOT-FOR-US: SourceCodester Company Website CMS CVE-2022-2693 (A vulnerability has been found in SourceCodester Electronic Medical Re ...) NOT-FOR-US: SourceCodester Electronic Medical Records System CVE-2022-2692 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2691 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2690 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2689 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester Wedding Hall Booking System CVE-2022-2688 (A vulnerability was found in SourceCodester Expense Management System. ...) NOT-FOR-US: SourceCodester Expense Management System CVE-2022-37452 (Exim before 4.95 has a heap-based buffer overflow for the alias list i ...) {DLA-3082-1} - exim4 4.94.2-5 NOTE: https://www.openwall.com/lists/oss-security/2022/08/06/8 NOTE: https://github.com/ivd38/exim_overflow NOTE: https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 (exim-4.95-RC0) CVE-2022-37451 (Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...) - exim4 4.95-4 [bullseye] - exim4 (Vulnerable code not present) [buster] - exim4 (Vulnerable code not present) NOTE: https://github.com/ivd38/exim_invalid_free NOTE: https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42 (exim-4.96-RC0) NOTE: Introduced in https://github.com/Exim/exim/commit/1e30b0199daf7a7a882458251a3dc10d45d4c7d1 (exim-4.95-RC0) CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to increase re ...) - golang-github-go-ethereum (bug #890541) CVE-2022-37449 REJECTED CVE-2022-37448 REJECTED CVE-2022-37447 REJECTED CVE-2022-37446 REJECTED CVE-2022-37445 REJECTED CVE-2022-37444 REJECTED CVE-2022-37443 REJECTED CVE-2022-37442 REJECTED CVE-2022-37441 REJECTED CVE-2022-37440 REJECTED CVE-2022-2687 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2686 (A vulnerability, which was classified as problematic, was found in ore ...) NOT-FOR-US: oretnom23 Fast Food Ordering System CVE-2022-2685 (A vulnerability was found in SourceCodester Interview Management Syste ...) NOT-FOR-US: SourceCodester Interview Management System CVE-2022-2684 (A vulnerability has been found in SourceCodester Apartment Visitor Man ...) NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2683 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Simple Food Ordering System CVE-2022-2682 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2022-2681 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: Online Student Admission System CVE-2022-2680 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Church Management System CVE-2022-2679 (A vulnerability was found in SourceCodester Interview Management Syste ...) NOT-FOR-US: SourceCodester Interview Management System CVE-2022-2678 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...) NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System CVE-2022-2677 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) NOT-FOR-US: SourceCodester Apartment Visitor Management System CVE-2022-2676 (A vulnerability was found in SourceCodester Electronic Medical Records ...) NOT-FOR-US: SourceCodester Electronic Medical Records System CVE-2022-37439 (In Splunk Enterprise and Universal Forwarder versions in the following ...) NOT-FOR-US: Splunk CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authenticated ...) NOT-FOR-US: Splunk CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...) NOT-FOR-US: Splunk CVE-2022-37436 (Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ...) {DSA-5376-1 DLA-3351-1} - apache2 2.4.55-1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/7 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436 CVE-2022-37435 (Apache ShenYu Admin has insecure permissions, which may allow low-priv ...) NOT-FOR-US: Apache ShenYu CVE-2022-37433 RESERVED CVE-2022-37432 RESERVED CVE-2022-2675 (Using off-the-shelf commodity hardware, the Unitree Go 1 robotics plat ...) NOT-FOR-US: Unitree Go 1 robotics platform CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...) NOT-FOR-US: SourceCodester CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...) NOT-FOR-US: Rigatur Online Booking and Hotel Management System CVE-2022-2672 (A vulnerability was found in SourceCodester Garage Management System. ...) NOT-FOR-US: SourceCodester CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management System a ...) NOT-FOR-US: SourceCodester CVE-2022-2670 RESERVED CVE-2022-2669 (The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...) NOT-FOR-US: Keycloak CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...) {DSA-5218-1 DLA-3103-1} - zlib 1:1.2.11.dfsg-4.1 (bug #1016710) - libz-mingw-w64 1.2.12+dfsg-2 [bullseye] - libz-mingw-w64 (Minor issue) [buster] - libz-mingw-w64 (Minor issue) NOTE: https://github.com/ivd38/zlib_overflow NOTE: https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 NOTE: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d CVE-2022-37431 (A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS ...) NOT-FOR-US: dotCMS CVE-2022-37430 (Silverstripe silverstripe/framework through 4.11 allows XSS vulnerabil ...) NOT-FOR-US: SilverStripe CMS CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...) NOT-FOR-US: SilverStripe CMS CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...) - pdns-recursor 4.7.2-1 [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) [buster] - pdns-recursor (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1 NOTE: https://downloads.powerdns.com/patches/2022-02/ NOTE: https://github.com/PowerDNS/pdns/commit/21f3d92144bc6a65483a363f6be7237d714c1936 (rec-4.5.10) CVE-2022-37427 RESERVED CVE-2022-37426 (Unrestricted Upload of File with Dangerous Type vulnerability in OpenN ...) - opennebula CVE-2022-37425 (Improper Neutralization of Special Elements used in a Command ('Comman ...) - opennebula CVE-2022-37424 (Files or Directories Accessible to External Parties vulnerability in O ...) - opennebula CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...) NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher) CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...) NOT-FOR-US: Payara CVE-2022-37421 (Silverstripe silverstripe/cms through 4.11.0 allows XSS.) NOT-FOR-US: SilverStripe CMS CVE-2022-37420 RESERVED CVE-2022-37419 RESERVED CVE-2022-37418 (The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, ...) NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Nissan, Kia and Hyundai vehicles CVE-2022-37417 RESERVED CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory ...) NOT-FOR-US: Android CVE-2022-37415 (The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buff ...) NOT-FOR-US: Uniwill SparkIO.sys driver CVE-2022-37414 RESERVED CVE-2022-37413 RESERVED CVE-2022-37401 (Apache OpenOffice supports the storage of passwords for web connection ...) NOT-FOR-US: Apache OpenOffice CVE-2022-37400 (Apache OpenOffice supports the storage of passwords for web connection ...) NOT-FOR-US: Apache OpenOffice CVE-2022-37399 RESERVED CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...) NOT-FOR-US: ASUSTOR Data Master (ADM) CVE-2022-36350 (Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 t ...) NOT-FOR-US: PukiWiki CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...) NOT-FOR-US: SourceCodester CVE-2022-2666 (A vulnerability has been found in SourceCodester Loan Management Syste ...) NOT-FOR-US: SourceCodester CVE-2022-2665 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester CVE-2022-2664 (A vulnerability classified as critical has been found in Private Cloud ...) NOT-FOR-US: Private Cloud Management Platform CVE-2020-36591 RESERVED CVE-2020-36590 RESERVED CVE-2020-36589 RESERVED CVE-2020-36588 RESERVED CVE-2020-36587 RESERVED CVE-2020-36586 RESERVED CVE-2020-36585 RESERVED CVE-2020-36584 RESERVED CVE-2020-36583 RESERVED CVE-2020-36582 RESERVED CVE-2020-36581 RESERVED CVE-2020-36580 RESERVED CVE-2020-36579 RESERVED CVE-2020-36578 RESERVED CVE-2020-36577 RESERVED CVE-2020-36576 RESERVED CVE-2020-36575 RESERVED CVE-2020-36574 RESERVED CVE-2020-36573 RESERVED CVE-2020-36572 RESERVED CVE-2020-36571 RESERVED CVE-2020-36570 RESERVED CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...) {DSA-5257-1 DLA-3173-1 DLA-3131-1} - linux 6.0.2-1 NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1 CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...) NOT-FOR-US: Sequi PortBloque S CVE-2022-2661 (Sequi PortBloque S has an improper authorization vulnerability, which ...) NOT-FOR-US: Sequi PortBloque S CVE-2022-2660 (Delta Industrial Automation DIALink versions 1.4.0.0 and prior arevuln ...) NOT-FOR-US: Delta Industrial Automation CVE-2022-2659 RESERVED CVE-2022-2658 (The WP Spell Check WordPress plugin before 9.13 does not escape ignore ...) NOT-FOR-US: WordPress plugin CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2022-2655 (The Classified Listing Pro WordPress plugin before 2.0.20 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2022-2654 (The Classima WordPress theme before 2.1.11 and some of its required pl ...) NOT-FOR-US: WordPress theme CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...) NOT-FOR-US: plankanban/planka CVE-2022-2652 (Depending on the way the format strings in the card label are crafted ...) - v4l2loopback 0.12.7-1 (unimportant; bug #1016685) NOTE: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 NOTE: https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd (main) NOTE: https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff (v0.12.6) NOTE: Negligible security impact CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...) NOT-FOR-US: BookWyrm CVE-2022-2650 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: wger CVE-2022-2649 RESERVED CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel Manag ...) NOT-FOR-US: SourceCodester Multi Language Hotel Management Software CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as criti ...) NOT-FOR-US: Jeecg-boot CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based ...) NOT-FOR-US: YugabyteDB CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kit ...) NOT-FOR-US: Intel CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro ...) NOT-FOR-US: Intel CVE-2022-37327 (Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) ...) NOT-FOR-US: Intel CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC 10 Perf ...) NOT-FOR-US: Intel CVE-2022-36391 (Incorrect default permissions for the Intel(R) NUC Pro Software Suite ...) NOT-FOR-US: Intel CVE-2022-36339 (Improper input validation in firmware for Intel(R) NUC 8 Compute Eleme ...) NOT-FOR-US: Intel CVE-2022-35400 RESERVED CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8 Compu ...) NOT-FOR-US: Intel CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R) NUC Board ...) NOT-FOR-US: Intel CVE-2022-32766 (Improper input validation for some Intel(R) BIOS firmware may allow a ...) NOT-FOR-US: Intel CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Online Admission System CVE-2022-2645 (A vulnerability has been found in SourceCodester Garage Management Sys ...) NOT-FOR-US: SourceCodester Garage Management System CVE-2022-2644 (A vulnerability was found in SourceCodester Online Admission System an ...) NOT-FOR-US: SourceCodester Online Admission System CVE-2022-2643 (A vulnerability has been found in SourceCodester Online Admission Syst ...) NOT-FOR-US: SourceCodester Online Admission System CVE-2022-2642 (Horner Automation\u2019s RCC 972 firmware version 15.40 contains globa ...) NOT-FOR-US: Horner Automation CVE-2022-2641 (Horner Automation\u2019s RCC 972 with firmware version 15.40 has a sta ...) NOT-FOR-US: Horner Automation CVE-2022-2640 (The Config-files of Horner Automation\u2019s RCC 972 with firmware ver ...) NOT-FOR-US: Horner Automation CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...) NOT-FOR-US: JetBrains CVE-2022-37395 (A Huawei device has an input verification vulnerability. Successful ex ...) NOT-FOR-US: Huawei CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...) - nova 2:26.0.0~rc1-3 (bug #1016980) [bullseye] - nova (Minor issue) [buster] - nova (Minor issue) NOTE: https://bugs.launchpad.net/ossa/+bug/1981813 NOTE: https://review.opendev.org/c/openstack/nova/+/849985 NOTE: https://review.opendev.org/c/openstack/nova/+/850003 CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel module. ...) - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4) CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storag ...) NOT-FOR-US: Hitachi CVE-2022-2636 (Improper Control of Generation of Code ('Code Injection') in GitHub re ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute the zms ...) NOT-FOR-US: Zimbra CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...) NOT-FOR-US: Digi ConnectPort X2D CVE-2022-37392 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...) {DSA-5311-1 DLA-3385-1} - trafficserver 9.1.4+ds-1 NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 NOTE: https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1 (master) NOTE: https://github.com/apache/trafficserver/commit/0ba19c72b70a25e3dfbbc3f507427314ba2afd80 (v9.1.x) CVE-2022-37391 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37390 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37389 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37388 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37387 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37386 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37385 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37384 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37383 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37382 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37381 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37380 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37379 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37378 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37377 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37376 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-37375 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37374 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37373 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37372 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37371 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37370 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37369 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37368 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37367 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37366 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37365 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37364 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37363 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37362 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37361 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37360 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37359 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37358 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37357 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37356 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37355 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37354 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37353 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37352 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37351 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37350 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-37349 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: PDF-XChange Editor CVE-2022-2633 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...) NOT-FOR-US: All-in-One Video Gallery plugin for WordPress CVE-2022-2632 RESERVED CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...) NOT-FOR-US: ToolJet CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all version ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...) NOT-FOR-US: WordPress theme CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...) NOT-FOR-US: Hestia Control Panel CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) NOT-FOR-US: Trend Micro CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) NOT-FOR-US: Trend Micro CVE-2022-37341 RESERVED CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...) NOT-FOR-US: Intel CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to delete (or ...) NOT-FOR-US: Docker Desktop CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...) {DSA-5358-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html CVE-2022-37324 RESERVED CVE-2022-37323 RESERVED CVE-2022-37322 RESERVED CVE-2022-37321 RESERVED CVE-2022-37320 RESERVED CVE-2022-37319 RESERVED CVE-2022-37318 (Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflect ...) NOT-FOR-US: Archer CVE-2022-37317 (Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerabi ...) NOT-FOR-US: Archer CVE-2022-37316 (Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API ...) NOT-FOR-US: Archer CVE-2022-37315 (graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion i ...) NOT-FOR-US: graphql-go CVE-2022-37314 RESERVED CVE-2022-37313 (OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protecti ...) NOT-FOR-US: OX App Suite CVE-2022-37312 (OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via ...) NOT-FOR-US: OX App Suite CVE-2022-37311 (OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via ...) NOT-FOR-US: OX App Suite CVE-2022-37310 (OX App Suite through 7.10.6 allows XSS via a malicious capability to t ...) NOT-FOR-US: OX App Suite CVE-2022-37309 (OX App Suite through 7.10.6 allows XSS via script code within a contac ...) NOT-FOR-US: OX App Suite CVE-2022-37308 (OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail m ...) NOT-FOR-US: OX App Suite CVE-2022-37307 (OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, ...) NOT-FOR-US: OX App Suite CVE-2022-37306 (OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.) NOT-FOR-US: OX App Suite CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicle ...) NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles CVE-2022-36426 RESERVED CVE-2022-36397 (Incorrect default permissions in the software installer for some Intel ...) NOT-FOR-US: Intel CVE-2022-36369 (Improper access control in some QATzip software maintained by Intel(R) ...) NOT-FOR-US: Intel CVE-2022-36353 RESERVED CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before version SPS_E5 ...) NOT-FOR-US: Intel CVE-2022-36291 RESERVED CVE-2022-36281 RESERVED CVE-2022-33940 RESERVED CVE-2022-2625 (A vulnerability was found in PostgreSQL. This attack requires permissi ...) {DLA-3072-1} - postgresql-14 14.5-1 - postgresql-13 [bullseye] - postgresql-13 13.8-0+deb11u1 - postgresql-11 NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/ CVE-2022-2624 (Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 al ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2623 (Use after free in Offline in Google Chrome on Android prior to 104.0.5 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2622 (Insufficient validation of untrusted input in Safe Browsing in Google ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2621 (Use after free in Extensions in Google Chrome prior to 104.0.5112.79 a ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2620 (Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2619 (Insufficient validation of untrusted input in Settings in Google Chrom ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2618 (Insufficient validation of untrusted input in Internals in Google Chro ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2617 (Use after free in Extensions API in Google Chrome prior to 104.0.5112. ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2616 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2615 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2614 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2613 (Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2612 (Side-channel information leakage in Keyboard input in Google Chrome pr ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2611 (Inappropriate implementation in Fullscreen API in Google Chrome on And ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2610 (Insufficient policy enforcement in Background Fetch in Google Chrome p ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2609 (Use after free in Nearby Share in Google Chrome on Chrome OS prior to ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2608 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2607 (Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2606 (Use after free in Managed devices API in Google Chrome prior to 104.0. ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2605 (Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 all ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2604 (Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.7 ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2603 (Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allo ...) {DSA-5201-1} - chromium 104.0.5112.79-1 [buster] - chromium (see DSA 5046) CVE-2022-2602 (io_uring UAF, Unix SCM garbage collection) {DSA-5257-1 DLA-3173-1} - linux 6.0.3-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/4 NOTE: https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/ CVE-2021-46831 RESERVED CVE-2022-37304 REJECTED CVE-2022-37303 REJECTED CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists ...) NOT-FOR-US: Modicon CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340 CVE-2022-2601 (A buffer overflow was found in grub_font_construct_glyph(). A maliciou ...) {DSA-5280-1 DLA-3190-2 DLA-3190-1} - grub2 2.06-5 NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...) NOT-FOR-US: WordPress plugin CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-2598 (Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0 ...) {DLA-3182-1} - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/ NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101) NOTE: Crash in CLI tool, no security impact CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2022-2596 (Inefficient Regular Expression Complexity in GitHub repository node-fe ...) - node-fetch (Vulnerable code not present) NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/ NOTE: Introduced in: https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0 (v3.1.0) NOTE: https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d (v3.2.10) CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...) NOT-FOR-US: Titra CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...) NOT-FOR-US: WordPress plugin CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...) NOT-FOR-US: Shirne CMS CVE-2022-37298 (Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnera ...) NOT-FOR-US: Shinken Solutions Shinken Monitoring CVE-2022-37297 RESERVED CVE-2022-37296 RESERVED CVE-2022-37295 RESERVED CVE-2022-37294 RESERVED CVE-2022-37293 RESERVED CVE-2022-37292 (Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This over ...) NOT-FOR-US: Tenda CVE-2022-37291 RESERVED CVE-2022-37290 (GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename ...) - nautilus 43.2-1 (unimportant) NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376 NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001 NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/commit/75992c6797094413a546c5b4867b13450b2a1959 (43.2) NOTE: Crash in GUI tool, no security impact CVE-2022-37289 RESERVED CVE-2022-37288 RESERVED CVE-2022-37287 RESERVED CVE-2022-37286 RESERVED CVE-2022-37285 RESERVED CVE-2022-37284 RESERVED CVE-2022-37283 RESERVED CVE-2022-37282 RESERVED CVE-2022-37281 RESERVED CVE-2022-37280 RESERVED CVE-2022-37279 RESERVED CVE-2022-37278 RESERVED CVE-2022-37277 RESERVED CVE-2022-37276 RESERVED CVE-2022-37275 RESERVED CVE-2022-37274 RESERVED CVE-2022-37273 RESERVED CVE-2022-37272 RESERVED CVE-2022-37271 RESERVED CVE-2022-37270 RESERVED CVE-2022-37269 RESERVED CVE-2022-37268 RESERVED CVE-2022-37267 RESERVED CVE-2022-37266 (Prototype pollution vulnerability in function extend in babel.js in st ...) NOT-FOR-US: stealjs CVE-2022-37265 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias ...) NOT-FOR-US: stealjs CVE-2022-37264 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the optio ...) NOT-FOR-US: stealjs CVE-2022-37263 RESERVED CVE-2022-37262 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) NOT-FOR-US: stealjs CVE-2022-37261 RESERVED CVE-2022-37260 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) NOT-FOR-US: stealjs CVE-2022-37259 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) NOT-FOR-US: stealjs CVE-2022-37258 (Prototype pollution vulnerability in function convertLater in npm-conv ...) NOT-FOR-US: stealjs CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in npm-conv ...) NOT-FOR-US: stealjs CVE-2022-37256 RESERVED CVE-2022-37255 (TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed vi ...) NOT-FOR-US: TP-Link CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...) NOT-FOR-US: DolphinPHP CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 al ...) NOT-FOR-US: Crime Reporting System CVE-2022-37252 RESERVED CVE-2022-37251 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Draf ...) NOT-FOR-US: Craft CMS CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /a ...) NOT-FOR-US: Craft CMS CVE-2022-37249 REJECTED CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/ ...) NOT-FOR-US: Craft CMS CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...) NOT-FOR-US: Craft CMS CVE-2022-37246 (Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the fil ...) NOT-FOR-US: Craft CMS CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37243 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37242 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulne ...) NOT-FOR-US: MDaemon CVE-2022-37241 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37240 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMediaKit se ...) NOT-FOR-US: ZLMediaKit CVE-2022-37236 RESERVED CVE-2022-37235 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) NOT-FOR-US: Netgear CVE-2022-37234 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) NOT-FOR-US: Netgear CVE-2022-37233 RESERVED CVE-2022-37232 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buff ...) NOT-FOR-US: Netgear CVE-2022-37231 RESERVED CVE-2022-37230 RESERVED CVE-2022-37229 RESERVED CVE-2022-37228 RESERVED CVE-2022-37227 RESERVED CVE-2022-37226 RESERVED CVE-2022-37225 RESERVED CVE-2022-37224 RESERVED CVE-2022-37223 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...) NOT-FOR-US: JFinal CMS CVE-2022-37222 RESERVED CVE-2022-37221 RESERVED CVE-2022-37220 RESERVED CVE-2022-37219 RESERVED CVE-2022-37218 RESERVED CVE-2022-37217 RESERVED CVE-2022-37216 RESERVED CVE-2022-37215 RESERVED CVE-2022-37214 RESERVED CVE-2022-37213 RESERVED CVE-2022-37212 RESERVED CVE-2022-37211 RESERVED CVE-2022-37210 RESERVED CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) NOT-FOR-US: JFinal CMS CVE-2022-37208 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) NOT-FOR-US: JFinal CMS CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) NOT-FOR-US: JFinal CMS CVE-2022-37206 RESERVED CVE-2022-37205 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) NOT-FOR-US: JFinal CMS CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection.) NOT-FOR-US: JFinal CMS CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) NOT-FOR-US: JFinal CMS CVE-2022-37202 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedb ...) NOT-FOR-US: JFinal CMS CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection.) NOT-FOR-US: JFinal CMS CVE-2022-37200 RESERVED CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...) NOT-FOR-US: JFinal CMS CVE-2022-37198 RESERVED CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.) NOT-FOR-US: IOBit CVE-2022-37196 RESERVED CVE-2022-37195 RESERVED CVE-2022-37194 RESERVED CVE-2022-37193 (Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is ...) NOT-FOR-US: Chipolo CVE-2022-37192 RESERVED CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to ...) NOT-FOR-US: CuppaCMS CVE-2022-37190 (CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenti ...) NOT-FOR-US: CuppaCMS CVE-2022-37189 (DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), l ...) NOT-FOR-US: DDMAL MEI2Volpiano CVE-2022-37188 RESERVED CVE-2022-37187 RESERVED CVE-2022-37186 (In LemonLDAP::NG before 2.0.15. some sessions are not deleted when the ...) {DLA-3287-1} - lemonldap-ng 2.0.15+ds-1 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15) CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...) NOT-FOR-US: EMS system of the Office of the Thai Basic Education Commission CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...) NOT-FOR-US: Garage Management System CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/ ...) - piwigo CVE-2022-37182 RESERVED CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability.) NOT-FOR-US: 72crm CVE-2022-37180 RESERVED CVE-2022-37179 RESERVED CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...) NOT-FOR-US: 72crm CVE-2022-37177 (HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cry ...) NOT-FOR-US: HireVue Hiring Platform CVE-2022-37176 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vul ...) NOT-FOR-US: Tenda CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...) NOT-FOR-US: Tenda CVE-2022-37174 RESERVED CVE-2022-37173 (An issue in the installer of gvim 9.0.0000 allows authenticated attack ...) NOT-FOR-US: gvim Windows installer CVE-2022-37172 (Incorrect access control in the install directory (C:\msys64) of Msys2 ...) NOT-FOR-US: Msys2 CVE-2022-37171 RESERVED CVE-2022-37170 RESERVED CVE-2022-37169 RESERVED CVE-2022-37168 RESERVED CVE-2022-37167 RESERVED CVE-2022-37166 RESERVED CVE-2022-37165 RESERVED CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...) NOT-FOR-US: Inoda OnTrack CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...) NOT-FOR-US: Bminusl IHateToBudget CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Claroline CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Claroline CVE-2022-37160 (Claroline 13.5.7 and prior allows an authenticated attacker to elevate ...) NOT-FOR-US: Claroline CVE-2022-37159 (Claroline 13.5.7 and prior is vulnerable to Remote code execution via ...) NOT-FOR-US: Claroline CVE-2022-37158 (RuoYi v3.8.3 has a Weak password vulnerability in the management syste ...) NOT-FOR-US: RuoYi CVE-2022-37157 RESERVED CVE-2022-37156 RESERVED CVE-2022-37155 (RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to ...) {DSA-5190-1} - spip 4.1.5+dfsg-1 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html NOTE: https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ CVE-2022-37154 RESERVED CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...) NOT-FOR-US: Artica Proxy CVE-2022-37152 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnostic Lab ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...) NOT-FOR-US: WAVLINK CVE-2022-37148 RESERVED CVE-2022-37147 RESERVED CVE-2022-37146 (The PlexTrac platform prior to version 1.28.0 allows for username enum ...) NOT-FOR-US: PlexTrac CVE-2022-37145 (The PlexTrac platform prior to version 1.17.0 does not restrict excess ...) NOT-FOR-US: PlexTrac CVE-2022-37144 (The PlexTrac platform prior to API version 1.17.0 does not restrict ex ...) NOT-FOR-US: PlexTrac CVE-2022-37143 RESERVED CVE-2022-37142 RESERVED CVE-2022-37141 RESERVED CVE-2022-37140 (PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). ...) NOT-FOR-US: PayMoney CVE-2022-37139 (Loan Management System version 1.0 suffers from a persistent cross sit ...) NOT-FOR-US: Loan Management System CVE-2022-37138 (Loan Management System 1.0 is vulnerable to SQL Injection at the login ...) NOT-FOR-US: Loan Management System CVE-2022-37137 (PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during ...) NOT-FOR-US: PayMoney CVE-2022-37136 RESERVED CVE-2022-37135 RESERVED CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...) NOT-FOR-US: D-Link CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...) NOT-FOR-US: D-Link CVE-2022-37132 RESERVED CVE-2022-37131 RESERVED CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a comma ...) NOT-FOR-US: D-Link CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection vi ...) NOT-FOR-US: D-Link CVE-2022-37128 (In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized wit ...) NOT-FOR-US: D-Link CVE-2022-37127 RESERVED CVE-2022-37126 RESERVED CVE-2022-37125 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...) NOT-FOR-US: D-Link CVE-2022-37124 RESERVED CVE-2022-37123 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...) NOT-FOR-US: D-Link CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, App ...) NOT-FOR-US: Carel pCOWeb HVAC BACnet Gateway CVE-2022-37121 RESERVED CVE-2022-37120 RESERVED CVE-2022-37119 RESERVED CVE-2022-37118 RESERVED CVE-2022-37117 RESERVED CVE-2022-37116 RESERVED CVE-2022-37115 RESERVED CVE-2022-37114 RESERVED CVE-2022-37113 (Bluecms 1.6 has SQL injection in line 132 of admin/area.php) NOT-FOR-US: Bluecms CVE-2022-37112 (BlueCMS 1.6 has SQL injection in line 55 of admin/model.php) NOT-FOR-US: Bluecms CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php) NOT-FOR-US: Bluecms CVE-2022-37110 RESERVED CVE-2022-37109 (patrickfuller camp up to and including commit bbd53a256ed70e79bd875808 ...) NOT-FOR-US: patrickfuller camp CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration wizard in Se ...) NOT-FOR-US: Securonix Snypr CVE-2022-37107 RESERVED CVE-2022-37106 RESERVED CVE-2022-37105 RESERVED CVE-2022-37104 RESERVED CVE-2022-37103 RESERVED CVE-2022-37102 RESERVED CVE-2022-37101 RESERVED CVE-2022-37100 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37099 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37098 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37097 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37096 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37095 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37094 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37093 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37092 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37091 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37090 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37089 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37088 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37087 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37086 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37085 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) NOT-FOR-US: H3C CVE-2022-37084 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-37083 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37082 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37081 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37080 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-37079 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37078 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37077 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-37076 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-37075 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-37074 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37073 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37072 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37071 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37070 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command in ...) NOT-FOR-US: H3C CVE-2022-37069 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37068 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37067 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37066 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-37065 RESERVED CVE-2022-37064 RESERVED CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and including 1.46. ...) NOT-FOR-US: FLIR AX8 CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...) NOT-FOR-US: FLIR AX8 CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...) NOT-FOR-US: FLIR AX8 CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is ...) NOT-FOR-US: FLIR AX8 CVE-2022-37059 (Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows ...) NOT-FOR-US: Subrion CMS CVE-2022-37058 RESERVED CVE-2022-37057 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) NOT-FOR-US: D-Link CVE-2022-37056 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) NOT-FOR-US: D-Link CVE-2022-37055 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) NOT-FOR-US: D-Link CVE-2022-37054 RESERVED CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htd ...) NOT-FOR-US: Trendnet CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allows atta ...) - poppler 22.08.0-2 [bullseye] - poppler (Minor issue) [buster] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c (poppler-22.08.0) CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...) {DLA-3620-1} - poppler 22.08.0-2 [bullseye] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0) CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...) {DLA-3620-1} - poppler 22.08.0-2 [bullseye] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 (poppler-22.08.0) CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/736 NOTE: https://github.com/appneta/tcpreplay/issues/718 NOTE: Crash in CLI tool, no security impact CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/735 NOTE: Crash in CLI tool, no security impact CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/734 NOTE: Crash in CLI tool, no security impact CVE-2022-37046 RESERVED CVE-2022-37045 RESERVED CVE-2022-37044 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?actio ...) NOT-FOR-US: Zimbra CVE-2022-37043 (An issue was discovered in the webmail component in Zimbra Collaborati ...) NOT-FOR-US: Zimbra CVE-2022-37042 (Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functio ...) NOT-FOR-US: Zimbra CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) NOT-FOR-US: Zimbra CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab CE/EE af ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2591 (A vulnerability classified as critical has been found in TEM FLEX-1085 ...) NOT-FOR-US: TEM CVE-2022-37040 RESERVED CVE-2022-37039 RESERVED CVE-2022-37038 RESERVED CVE-2022-2590 (A race condition was found in the way the Linux kernel's memory subsys ...) - linux 5.18.16-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/linux-mm/20220808073232.8808-1-david@redhat.com/ NOTE: https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2bed92@redhat.com/ NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava 1.23.1-1 (bug #1016971) [bullseye] - fava (Minor issue) [buster] - fava (Minor issue) NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3) CVE-2022-37037 RESERVED CVE-2022-37036 RESERVED CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1016978) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/11698 NOTE: https://github.com/FRRouting/frr/pull/11926 NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee CVE-2022-37034 (In dotCMS 5.x-22.06, it is possible to call the TempResource multiple ...) NOT-FOR-US: dotCMS CVE-2022-37033 (In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary f ...) NOT-FOR-US: dotCMS CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...) {DSA-5362-1 DLA-3211-1} - frr 8.4.1-1 (bug #1021016) NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed CVE-2022-37031 RESERVED CVE-2022-37030 (Weak permissions on the configuration file in the PAM module in Grommu ...) NOT-FOR-US: Gromox CVE-2022-37029 RESERVED CVE-2022-37028 (ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on ...) NOT-FOR-US: ISAMS CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...) NOT-FOR-US: Ahsay AhsayCBS CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...) {DLA-3491-1} - erlang 1:24.3.4.5+dfsg-1 (bug #1024632) [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1 NOTE: https://erlangforums.com/t/otp-25-1-released/1854 NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15) NOTE: Followup: https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 (OTP-23.3.4.17) NOTE: Fixed by: https://github.com/erlang/otp/commit/254f2728902bc7e80a67726ebbc1a0b3ab7742eb (OTP-24.3.4.2) NOTE: Followup: https://github.com/erlang/otp/commit/33e7570e075e0b84efef91b2f307fcf938517b1c (OTP-24.3.4.3) CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...) NOT-FOR-US: McAfee CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-2588 (It was discovered that the cls_route filter implementation in the Linu ...) {DSA-5207-1 DLA-3131-1 DLA-3102-1} - linux 5.18.16-1 NOTE: https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6 CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome on Chro ...) - chromium (Chrome on Chrome OS) CVE-2022-2586 (It was discovered that a nft object or expression could reference a nf ...) {DSA-5207-1 DLA-3131-1 DLA-3102-1} - linux 5.18.16-1 NOTE: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5 NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/5 CVE-2022-2585 (It was discovered that when exec'ing from a non-leader thread, armed P ...) {DSA-5207-1 DLA-3102-1} - linux 5.18.16-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/7 CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks.) NOT-FOR-US: go-codec-dagpb CVE-2022-2583 (A race condition can cause incorrect HTTP request routing.) NOT-FOR-US: ntbosscher/gobase CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...) - golang-github-aws-aws-sdk-go 1.34.22-1 [buster] - golang-github-aws-aws-sdk-go (Limited support, minor issue, hash leak, invasive, follow bullseye DSAs/point-releases) NOTE: https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 (v1.33.0) CVE-2021-4239 (The Noise protocol implementation suffers from weakened cryptographic ...) - golang-github-flynn-noise (Fixed with initial upload to archive) NOTE: https://github.com/flynn/noise/pull/44 NOTE: https://pkg.go.dev/vuln/GO-2022-0425 CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly less ent ...) - golang-github-masterminds-goutils (Fixed in initial upload to the archive) NOTE: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 NOTE: https://pkg.go.dev/vuln/GO-2022-0411 CVE-2021-4237 RESERVED CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...) NOT-FOR-US: ecnepsnai/web CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...) {DLA-3479-1} - golang-yaml.v2 2.2.8-1 NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3) NOTE: https://github.com/go-yaml/yaml/pull/375 NOTE: https://pkg.go.dev/vuln/GO-2021-0061 CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/golang-na ...) NOT-FOR-US: golang-nanoauth CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...) - golang-github-revel-revel 1.0.0-1 [buster] - golang-github-revel-revel (Limited support, minor issue, DoS) NOTE: https://github.com/revel/revel/pull/1427 NOTE: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0) NOTE: https://github.com/revel/revel/issues/1424 NOTE: https://pkg.go.dev/vuln/GO-2020-0003 CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...) - golang-github-gin-gonic-gin 1.6.3-1 [buster] - golang-github-gin-gonic-gin (Limited support, minor issue) NOTE: https://github.com/gin-gonic/gin/pull/2237 NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0) CVE-2020-36566 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: Go whyrusleeping/tar-utils CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...) - golang-github-labstack-echo (Windows-specific) - golang-github-labstack-echo.v2 (Windows-specific) - golang-github-labstack-echo.v3 (Windows-specific) NOTE: https://github.com/labstack/echo/pull/1718 NOTE: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa NOTE: https://pkg.go.dev/vuln/GO-2021-0051 CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...) NOT-FOR-US: nosurf CVE-2020-36563 (XML Digital Signatures generated and validated using this package use ...) NOT-FOR-US: go-saml CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...) NOT-FOR-US: Gravitee API Management CVE-2019-25074 RESERVED CVE-2019-25073 (Improper path sanitization in github.com/goadesign/goa before v3.0.9, ...) NOT-FOR-US: github.com/goadesign/goa CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a cryptographi ...) NOT-FOR-US: github.com/dinever/golf CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a deserializat ...) NOT-FOR-US: Apache Geode CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a dese ...) NOT-FOR-US: Apache Geode CVE-2022-37021 (Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable t ...) NOT-FOR-US: Apache Geode CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b/ NOTE: https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 (v9.0.0105) NOTE: Crash in CLI tool, no security impact CVE-2022-2580 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim (Interpolation introduced in 8.2.4930; no released version in Debian affected) NOTE: https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249/ NOTE: Introduced in: https://github.com/vim/vim/commit/0abc2871c105882ed1c1effb9a7757fad8a395bd (v8.2.4930) NOTE: Fixed by: https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d (v9.0.0104) CVE-2022-2579 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester CVE-2022-2578 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester CVE-2022-2577 (A vulnerability classified as critical was found in SourceCodester Gar ...) NOT-FOR-US: SourceCodester CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS r ...) NOT-FOR-US: Eclipse Californium CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...) NOT-FOR-US: WordPress plugin CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-2573 RESERVED CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...) NOT-FOR-US: shiyanhui/dht CVE-2020-36561 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: github.com/yi-ge/unzip CVE-2020-36560 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: github.com/artdarek/unzip CVE-2020-36559 (Due to improper sanitization of user input, HTTPEngine.Handle allows f ...) NOT-FOR-US: aah framework CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...) - tendermint-go-common [buster] - tendermint-go-common (Limited support, minor issue, DoS) CVE-2018-25046 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: GO code.cloudfoundry.org/archiver CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...) - golang-github-gorilla-handlers 1.3.0-1 NOTE: https://github.com/gorilla/handlers/pull/116 NOTE: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145 (v1.3.0) CVE-2015-10004 (Token validation methods are susceptible to a timing side-channel duri ...) NOT-FOR-US: Go robbert229/jwt CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...) NOT-FOR-US: golz4 (Golang interface to LZ4) CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...) NOT-FOR-US: btcsuite CVE-2022-37020 RESERVED CVE-2022-37019 RESERVED CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...) NOT-FOR-US: HPE CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...) NOT-FOR-US: Symantec Endpoint Protection (Windows) agent CVE-2022-37016 (Symantec Endpoint Protection (Windows) agent may be susceptible to a P ...) NOT-FOR-US: Symantec Endpoint Protection (Windows) agent CVE-2022-37015 (Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4. ...) NOT-FOR-US: Symantec Endpoint Detection and Response (SEDR) Appliance CVE-2022-37014 RESERVED CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...) NOT-FOR-US: Octopus Server CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0135-1 (unimportant) [buster] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/ NOTE: https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (v9.0.0102) NOTE: Crash in CLI tool, no security impact CVE-2022-2570 REJECTED CVE-2022-37013 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: Unified Automation CVE-2022-37012 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: Unified Automation CVE-2022-37011 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) NOT-FOR-US: Siemens CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...) - intellij-idea (bug #747616) CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...) - intellij-idea (bug #747616) CVE-2022-2569 (The affected device stores sensitive information in cleartext, which m ...) NOT-FOR-US: ARC Informatique CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...) NOT-FOR-US: Red Hat Ansible Automation Platform CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-2566 (A heap out-of-bounds memory write exists in FFMPEG since version 5.1. ...) - ffmpeg 7:5.1.1-1 [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d (n5.1.1) NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab77b878f1205225c6de1370fb0e998dbcc8bc69 (n5.1) NOTE: https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin before 4 ...) NOT-FOR-US: WordPress plugin CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...) NOT-FOR-US: Mongoose CVE-2022-2563 (The Tutor LMS WordPress plugin before 2.0.10 does not escape some cour ...) NOT-FOR-US: WordPress plugin CVE-2022-37008 (The recovery module has a vulnerability of bypassing the verification ...) NOT-FOR-US: Huawei CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability. Successfu ...) NOT-FOR-US: Huawei CVE-2022-37006 (Permission control vulnerability in the network module. Successful exp ...) NOT-FOR-US: Huawei CVE-2022-37005 (The Settings application has an argument injection vulnerability. Succ ...) NOT-FOR-US: Huawei CVE-2022-37004 (The Settings application has a vulnerability of bypassing the out-of-b ...) NOT-FOR-US: Huawei CVE-2022-37003 (The AOD module has a vulnerability in permission assignment. Successfu ...) NOT-FOR-US: Huawei CVE-2022-37002 (The SystemUI module has a privilege escalation vulnerability. Successf ...) NOT-FOR-US: Huawei CVE-2022-37001 (The diag-router module has a vulnerability in intercepting excessive l ...) NOT-FOR-US: Huawei CVE-2022-37000 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36999 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36998 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36997 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36996 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36995 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36994 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36993 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36992 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36991 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36990 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36989 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36988 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36987 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36986 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36985 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36984 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) NOT-FOR-US: Veritas CVE-2022-36983 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36982 (This vulnerability allows remote attackers to read arbitrary files on ...) NOT-FOR-US: Ivanti CVE-2022-36981 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ivanti CVE-2022-36980 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36979 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36978 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ivanti CVE-2022-36977 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ivanti CVE-2022-36976 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36975 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36974 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ivanti CVE-2022-36973 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36972 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ivanti CVE-2022-36971 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ivanti CVE-2022-36970 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: AVEVA CVE-2022-36969 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: AVEVA CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within the adm ...) NOT-FOR-US: Progress WS_FTP Server CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...) NOT-FOR-US: Progress WS_FTP Server CVE-2022-36966 (Users with Node Management rights were able to view and edit all nodes ...) NOT-FOR-US: SolarWinds CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...) NOT-FOR-US: Solarwinds CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-36963 (The SolarWinds Platform was susceptible to the Command Injection Vulne ...) NOT-FOR-US: SolarWinds CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...) NOT-FOR-US: SolarWinds CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...) NOT-FOR-US: Solarwinds CVE-2022-36960 (SolarWinds Platform was susceptible to Improper Input Validation. This ...) NOT-FOR-US: SolarWinds CVE-2022-36959 RESERVED CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-36957 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) NOT-FOR-US: SolarWinds CVE-2022-36956 (In Veritas NetBackup, the NetBackup Client allows arbitrary command ex ...) NOT-FOR-US: Veritas CVE-2022-36955 (In Veritas NetBackup, an attacker with unprivileged local access to a ...) NOT-FOR-US: Veritas CVE-2022-36954 (In Veritas NetBackup OpsCenter, under specific conditions, an authenti ...) NOT-FOR-US: Veritas CVE-2022-36953 (In Veritas NetBackup OpsCenter, certain endpoints could allow an unaut ...) NOT-FOR-US: Veritas CVE-2022-36952 (In Veritas NetBackup OpsCenter, a hard-coded credential exists that co ...) NOT-FOR-US: Veritas CVE-2022-36951 (In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may ...) NOT-FOR-US: Veritas CVE-2022-36950 (In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may ...) NOT-FOR-US: Veritas CVE-2022-36949 (In Veritas NetBackup OpsCenter, an attacker with local access to a Net ...) NOT-FOR-US: Veritas CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affec ...) NOT-FOR-US: Veritas CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...) NOT-FOR-US: FastStone Image Viewer CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...) {DSA-5207-1 DLA-3131-1 DLA-3102-1} - linux 5.18.16-1 NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2 NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicle ...) NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Mazda vehicles CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR ...) - scala (Vulnerable code introduced later) NOTE: https://github.com/scala/scala/pull/10118 NOTE: https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f (v2.13.9) CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...) NOT-FOR-US: Intel CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before version ...) NOT-FOR-US: Intel CVE-2022-36792 RESERVED CVE-2022-36421 RESERVED CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...) NOT-FOR-US: Intel CVE-2022-36393 RESERVED CVE-2022-36366 RESERVED CVE-2022-36349 (Insecure default variable initialization in BIOS firmware for some Int ...) NOT-FOR-US: Intel CVE-2022-34653 RESERVED CVE-2022-33145 RESERVED CVE-2022-2562 RESERVED CVE-2022-2561 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: QuickOPC CVE-2022-2560 (This vulnerability allows remote attackers to delete arbitrary files o ...) NOT-FOR-US: EnterpriseDT CompleteFTP Server CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...) NOT-FOR-US: WordPress plugin CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...) NOT-FOR-US: WordPress plugin CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...) NOT-FOR-US: GoAnywhere MFT CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary file write ...) NOT-FOR-US: SSZipArchive CVE-2022-36942 RESERVED CVE-2022-36941 RESERVED CVE-2022-36940 RESERVED CVE-2022-36939 RESERVED CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...) NOT-FOR-US: ReDex (Android Bytecode Optimizer) CVE-2022-36937 (HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections ...) - hhvm CVE-2022-36936 RESERVED CVE-2022-36935 RESERVED CVE-2022-36934 (An integer overflow in WhatsApp could result in remote code execution ...) NOT-FOR-US: WhatsApp CVE-2022-36933 RESERVED CVE-2022-36932 RESERVED CVE-2022-36931 RESERVED CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0 contain a loca ...) NOT-FOR-US: Zoom CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...) NOT-FOR-US: Zoom CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path traversa ...) NOT-FOR-US: Zoom CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...) NOT-FOR-US: Zoom CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...) NOT-FOR-US: Zoom CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an insecure ...) NOT-FOR-US: Zoom CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...) NOT-FOR-US: Zoom CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...) NOT-FOR-US: WordPress plugin CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...) NOT-FOR-US: WordPress plugin CVE-2022-2554 (The Enable Media Replace WordPress plugin before 4.0.0 does not ensure ...) NOT-FOR-US: WordPress plugin CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...) {DSA-5194-1} - booth 1.0-268-gdce51f9-1 NOTE: https://github.com/ClusterLabs/booth/issues/114 CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7 does not authenticate or ...) NOT-FOR-US: WordPress plugin CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...) NOT-FOR-US: WordPress plugin CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...) - gpac 2.0.0+dfsg1-4 (bug #1016142) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) NOTE: https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537 NOTE: https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07 CVE-2022-36922 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2022-36921 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2022-36920 (A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity ...) NOT-FOR-US: Jenkins plugin CVE-2022-36919 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2022-36918 (Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permis ...) NOT-FOR-US: Jenkins plugin CVE-2022-36917 (A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 a ...) NOT-FOR-US: Jenkins plugin CVE-2022-36916 (A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cl ...) NOT-FOR-US: Jenkins plugin CVE-2022-36915 (Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a pe ...) NOT-FOR-US: Jenkins plugin CVE-2022-36914 (Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a ...) NOT-FOR-US: Jenkins plugin CVE-2022-36913 (Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permiss ...) NOT-FOR-US: Jenkins plugin CVE-2022-36912 (A missing permission check in Jenkins Openstack Heat Plugin 1.5 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2022-36911 (A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack ...) NOT-FOR-US: Jenkins plugin CVE-2022-36910 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not pe ...) NOT-FOR-US: Jenkins plugin CVE-2022-36909 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...) NOT-FOR-US: Jenkins plugin CVE-2022-36908 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...) NOT-FOR-US: Jenkins plugin CVE-2022-36907 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...) NOT-FOR-US: Jenkins plugin CVE-2022-36906 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...) NOT-FOR-US: Jenkins plugin CVE-2022-36905 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-36904 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform ...) NOT-FOR-US: Jenkins plugin CVE-2022-36903 (A missing permission check in Jenkins Repository Connector Plugin 2.2. ...) NOT-FOR-US: Jenkins plugin CVE-2022-36902 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...) NOT-FOR-US: Jenkins plugin CVE-2022-36901 (Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passw ...) NOT-FOR-US: Jenkins plugin CVE-2022-36900 (Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restr ...) NOT-FOR-US: Jenkins plugin CVE-2022-36899 (Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not re ...) NOT-FOR-US: Jenkins plugin CVE-2022-36898 (A missing permission check in Jenkins Compuware ISPW Operations Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2022-36897 (A missing permission check in Jenkins Compuware Xpediter Code Coverage ...) NOT-FOR-US: Jenkins plugin CVE-2022-36896 (A missing permission check in Jenkins Compuware Source Code Download f ...) NOT-FOR-US: Jenkins plugin CVE-2022-36895 (A missing permission check in Jenkins Compuware Topaz Utilities Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2022-36894 (An arbitrary file write vulnerability in Jenkins CLIF Performance Test ...) NOT-FOR-US: Jenkins plugin CVE-2022-36893 (Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a per ...) NOT-FOR-US: Jenkins plugin CVE-2022-36892 (Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a per ...) NOT-FOR-US: Jenkins plugin CVE-2022-36891 (A missing permission check in Jenkins Deployer Framework Plugin 85.v1d ...) NOT-FOR-US: Jenkins plugin CVE-2022-36890 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2022-36889 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2022-36888 (A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_8 ...) NOT-FOR-US: Jenkins plugin CVE-2022-36887 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job Confi ...) NOT-FOR-US: Jenkins plugin CVE-2022-36886 (A cross-site request forgery (CSRF) vulnerability in Jenkins External ...) NOT-FOR-US: Jenkins plugin CVE-2022-36885 (Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comp ...) NOT-FOR-US: Jenkins plugin CVE-2022-36884 (The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide ...) NOT-FOR-US: Jenkins plugin CVE-2022-36883 (A missing permission check in Jenkins Git Plugin 4.11.3 and earlier al ...) NOT-FOR-US: Jenkins plugin CVE-2022-36882 (A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host ...) NOT-FOR-US: Jenkins plugin CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows ...) NOT-FOR-US: Webmin module CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfrm_expa ...) {DSA-5207-1 DLA-3131-1 DLA-3102-1} - linux 5.18.16-1 NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8) CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...) NOT-FOR-US: Samsung CVE-2022-36877 (Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsun ...) NOT-FOR-US: Samsung CVE-2022-36876 (Improper authorization in UPI payment in Samsung Pass prior to version ...) NOT-FOR-US: Samsung CVE-2022-36875 (Improper restriction of broadcasting Intent in SaWebViewRelayActivity ...) NOT-FOR-US: Samsung CVE-2022-36874 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) NOT-FOR-US: Samsung CVE-2022-36873 (Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLi ...) NOT-FOR-US: Samsung CVE-2022-36872 (Pending Intent hijacking vulnerability in SpayNotification in Samsung ...) NOT-FOR-US: Samsung CVE-2022-36871 (Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung P ...) NOT-FOR-US: Samsung CVE-2022-36870 (Pending Intent hijacking vulnerability in MTransferNotificationManager ...) NOT-FOR-US: Samsung CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity of?Conta ...) NOT-FOR-US: Samsung CVE-2022-36868 (Improper restriction of broadcasting Intent in MouseNKeyHidDevice prio ...) NOT-FOR-US: Samsung CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to version ...) NOT-FOR-US: Samsung CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group Sharing ...) NOT-FOR-US: Samsung CVE-2022-36865 (Improper access control in Group Sharing prior to versions 13.0.6.15 i ...) NOT-FOR-US: Samsung CVE-2022-36864 (Improper access control and intent redirection in Samsung Email prior ...) NOT-FOR-US: Samsung CVE-2022-36863 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc f ...) NOT-FOR-US: Samsung CVE-2022-36862 (A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct ...) NOT-FOR-US: Samsung CVE-2022-36861 (Custom permission misuse vulnerability in SystemUI prior to SMR Sep-20 ...) NOT-FOR-US: Samsung CVE-2022-36860 (A heap-based overflow vulnerability in LoadEnvironment function in lib ...) NOT-FOR-US: Samsung CVE-2022-36859 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-36858 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() ...) NOT-FOR-US: Samsung CVE-2022-36857 (Improper Authorization vulnerability in Photo Editor prior to SMR Sep- ...) NOT-FOR-US: Samsung CVE-2022-36856 (Improper access control vulnerability in Telecom application prior to ...) NOT-FOR-US: Samsung CVE-2022-36855 (A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 ...) NOT-FOR-US: Samsung CVE-2022-36854 (Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 ...) NOT-FOR-US: Samsung CVE-2022-36853 (Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 all ...) NOT-FOR-US: Samsung CVE-2022-36852 (Improper Authorization vulnerability in Video Editor prior to SMR Sep- ...) NOT-FOR-US: Samsung CVE-2022-36851 (Improper access control vulnerability in Samsung pass prior to version ...) NOT-FOR-US: Samsung CVE-2022-36850 (Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 R ...) NOT-FOR-US: Samsung CVE-2022-36849 (Use after free vulnerability in sdp_mm_set_process_sensitive function ...) NOT-FOR-US: Samsung CVE-2022-36848 (Improper Authorization vulnerability in setDualDARPolicyCmd prior to S ...) NOT-FOR-US: Samsung CVE-2022-36847 (Use after free vulnerability in mtp_send_signal function of MTP driver ...) NOT-FOR-US: Samsung CVE-2022-36846 (A heap-based overflow vulnerability in ConstructDictionary function in ...) NOT-FOR-US: Samsung CVE-2022-36845 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...) NOT-FOR-US: Samsung CVE-2022-36844 (A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() ...) NOT-FOR-US: Samsung CVE-2022-36843 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...) NOT-FOR-US: Samsung CVE-2022-36842 (A heap-based overflow vulnerability in prepareRecogLibrary function in ...) NOT-FOR-US: Samsung CVE-2022-36841 (A heap-based overflow vulnerability in PrepareRecogLibrary_Part functi ...) NOT-FOR-US: Samsung CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...) NOT-FOR-US: Samsung CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...) NOT-FOR-US: Samsung CVE-2022-36838 (Implicit Intent hijacking vulnerability in Galaxy Wearable prior to ve ...) NOT-FOR-US: Samsung CVE-2022-36837 (Intent redirection vulnerability using implicit intent in Samsung emai ...) NOT-FOR-US: Samsung CVE-2022-36836 (Unprotected provider vulnerability in Charm by Samsung prior to versio ...) NOT-FOR-US: Samsung CVE-2022-36835 (Implicit Intent hijacking vulnerability in Samsung Internet Browser pr ...) NOT-FOR-US: Samsung CVE-2022-36834 (Exposure of Sensitive Information vulnerability in Game Launcher prior ...) NOT-FOR-US: Samsung CVE-2022-36833 (Improper Privilege Management vulnerability in Game Optimizing Service ...) NOT-FOR-US: Samsung CVE-2022-36832 (Improper access control vulnerability in WebApp in Cameralyzer prior t ...) NOT-FOR-US: Samsung CVE-2022-36831 (Path traversal vulnerability in UriFileUtils of Samsung Notes prior to ...) NOT-FOR-US: Samsung CVE-2022-36830 (PendingIntent hijacking vulnerability in cancelAlarmManager in Charm b ...) NOT-FOR-US: Samsung CVE-2022-36829 (PendingIntent hijacking vulnerability in releaseAlarm in Charm by Sams ...) NOT-FOR-US: Samsung CVE-2022-36828 RESERVED CVE-2022-36827 REJECTED CVE-2022-36826 RESERVED CVE-2022-36825 RESERVED CVE-2022-36824 RESERVED CVE-2022-36823 RESERVED CVE-2022-36822 RESERVED CVE-2022-36821 RESERVED CVE-2022-36820 RESERVED CVE-2022-36819 RESERVED CVE-2022-36818 RESERVED CVE-2022-36817 RESERVED CVE-2022-36816 REJECTED CVE-2022-36815 RESERVED CVE-2022-36814 RESERVED CVE-2022-36813 RESERVED CVE-2022-36812 RESERVED CVE-2022-36811 RESERVED CVE-2022-36810 RESERVED CVE-2022-36809 RESERVED CVE-2022-36808 RESERVED CVE-2022-36807 RESERVED CVE-2022-36806 RESERVED CVE-2022-36805 RESERVED CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...) NOT-FOR-US: Atlassian CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before version 1 ...) NOT-FOR-US: Atlassian CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before version 10 ...) NOT-FOR-US: Atlassian CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...) NOT-FOR-US: Atlassian CVE-2022-35401 (An authentication bypass vulnerability exists in the get_IFTTTTtoken.c ...) NOT-FOR-US: Asus CVE-2022-2548 RESERVED CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-36787 (webvendome - webvendome SQL Injection. SQL Injection in the Parameter ...) NOT-FOR-US: Webvendome CVE-2022-36786 (DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an inter ...) NOT-FOR-US: DLINK CVE-2022-36785 (D-Link \u2013 G integrated Access Device4 Information Disclosure & Aut ...) NOT-FOR-US: DLINK CVE-2022-36784 (Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo w ...) NOT-FOR-US: Elsight CVE-2022-36783 (AlgoSec \u2013 FireFlow Reflected Cross-Site-Scripting (RXSS) A malici ...) NOT-FOR-US: AlgoSec CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...) NOT-FOR-US: Pal Electronics Systems CVE-2022-36781 (ConnectWise ScreenConnect versions 22.6 and below contained a flaw all ...) NOT-FOR-US: WiseConnect CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...) NOT-FOR-US: Avdor CIS CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...) NOT-FOR-US: PROSCEND CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...) NOT-FOR-US: Synel - eHarmony CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...) NOT-FOR-US: IBM CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and ...) NOT-FOR-US: IBM CVE-2022-36774 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2022-36772 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2022-36770 RESERVED CVE-2022-36769 (IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to up ...) NOT-FOR-US: IBM CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses the wron ...) NOT-FOR-US: WordPress plugin CVE-2022-2545 RESERVED CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...) NOT-FOR-US: WordPress plugin CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...) NOT-FOR-US: WordPress plugin CVE-2022-2542 (The uContext for Clickbank plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: uContext for Clickbank plugin for WordPress CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: uContext for Amazon plugin for WordPress CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: Link Optimizer Lite plugin for WordPress CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [spip: XSS alowing priviledge escalation] - spip 4.1.5+dfsg-1 [bullseye] - spip 3.2.11-3+deb11u5 [buster] - spip 3.2.4-1+deb10u9 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html?lang=fr CVE-2022-36767 RESERVED CVE-2022-36766 RESERVED CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob() function, al ...) - edk2 2023.11-5 (bug #1060408) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ...) - edk2 2023.11-5 (bug #1060408) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118 CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ...) - edk2 2023.11-5 (bug #1060408) [bookworm] - edk2 2022.11-6+deb12u1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4117 CVE-2022-36762 RESERVED CVE-2022-36761 RESERVED CVE-2022-36760 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) {DSA-5376-1 DLA-3351-1} - apache2 2.4.55-1 NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760 CVE-2022-36759 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Online Food Ordering System CVE-2022-36758 RESERVED CVE-2022-36757 REJECTED CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/ ...) NOT-FOR-US: D-Link CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via an AUTHO ...) NOT-FOR-US: D-Link CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Expense Management System CVE-2022-36753 RESERVED CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write via t ...) NOT-FOR-US: png2webp CVE-2022-36751 RESERVED CVE-2022-36750 (Clinic's Patient Management System v1.0 is vulnerable to SQL injection ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36749 (RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection ...) NOT-FOR-US: RPi-Jukebox-RFID CVE-2022-36748 (PicUploader v2.6.3 was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: PicUploader CVE-2022-36747 (Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: Cobub Razor CVE-2022-36746 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: LibreNMS CVE-2022-36745 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: LibreNMS CVE-2022-36744 RESERVED CVE-2022-36743 RESERVED CVE-2022-36742 RESERVED CVE-2022-36741 RESERVED CVE-2022-36740 RESERVED CVE-2022-36739 RESERVED CVE-2022-36738 RESERVED CVE-2022-36737 RESERVED CVE-2022-36736 (Jitsi-2.10.5550 was discovered to contain a vulnerability in its web U ...) NOT-FOR-US: Disputed Jitsi issue CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36733 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36732 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36731 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36730 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36726 RESERVED CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36724 RESERVED CVE-2022-36723 RESERVED CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36721 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36720 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36719 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36718 RESERVED CVE-2022-36717 RESERVED CVE-2022-36716 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36715 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36714 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36713 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36712 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36711 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36710 RESERVED CVE-2022-36709 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36708 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36707 REJECTED CVE-2022-36706 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36705 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36704 (Library Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Library Management System CVE-2022-36703 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36702 RESERVED CVE-2022-36701 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36700 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36699 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36698 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36697 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36696 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36695 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36694 RESERVED CVE-2022-36693 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36692 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36691 RESERVED CVE-2022-36690 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36689 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36688 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36687 (Ingredients Stock Management System v1.0 was discovered to contain an ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36686 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) NOT-FOR-US: Ingredients Stock Management System CVE-2022-36685 RESERVED CVE-2022-36684 RESERVED CVE-2022-36683 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36682 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36681 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36680 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36679 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36677 (Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code vi ...) NOT-FOR-US: Obsidian CVE-2022-36676 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36675 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36674 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-36673 RESERVED CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key locat ...) NOT-FOR-US: Novel-Plus CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file download ...) NOT-FOR-US: Novel-Plus CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamp ...) NOT-FOR-US: PCProtect Endpoint CVE-2022-36669 (Hospital Information System version 1.0 suffers from a remote SQL inje ...) NOT-FOR-US: Hospital Information System CVE-2022-36668 (Garage Management System 1.0 is vulnerable to Stored Cross Site Script ...) NOT-FOR-US: Garage Management System CVE-2022-36667 (Garage Management System 1.0 is vulnerable to the Remote Code Executio ...) NOT-FOR-US: Garage Management System CVE-2022-36666 RESERVED CVE-2022-36665 RESERVED CVE-2022-36664 (Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerab ...) NOT-FOR-US: Password Manager for IIS CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...) NOT-FOR-US: Gluu Oxauth CVE-2022-36662 RESERVED CVE-2022-36661 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...) NOT-FOR-US: xhyve CVE-2022-36660 (xhyve commit dfbe09b was discovered to contain a stack buffer overflow ...) NOT-FOR-US: xhyve CVE-2022-36659 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...) NOT-FOR-US: xhyve CVE-2022-36658 RESERVED CVE-2022-36657 (Library Management System v1.0 was discovered to contain a cross-site ...) NOT-FOR-US: Library Management System CVE-2022-36656 RESERVED CVE-2022-36655 RESERVED CVE-2022-36654 RESERVED CVE-2022-36653 RESERVED CVE-2022-36652 RESERVED CVE-2022-36651 RESERVED CVE-2022-36650 RESERVED CVE-2022-36649 RESERVED CVE-2022-36648 (The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device ...) - qemu (bug #1052670) [bookworm] - qemu (Minor issue, revisit when fixed upstream) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue, revisit when fixed upstream) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overfl ...) - davs2 (bug #1019358) NOTE: https://github.com/pkuvcl/davs2/issues/29 NOTE: Fixed by: https://github.com/pkuvcl/davs2/commit/b41cf117452e2d73d827f02d3e30aa20f1c721ac CVE-2022-36646 RESERVED CVE-2022-36645 RESERVED CVE-2022-36644 RESERVED CVE-2022-36643 RESERVED CVE-2022-36642 (A local file disclosure vulnerability in /appConfig/userDB.json of Tel ...) NOT-FOR-US: Telos Alliance Omnia MPX Node CVE-2022-36641 RESERVED CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication mechanis ...) - influxdb (unimportant) NOTE: If InfluxDB is deployed on publicly accessible endpoint, it is recommended NOTE: to enable authentication. CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in /client.php of Ga ...) NOT-FOR-US: Garage Management System CVE-2022-36638 (An access control issue in the component print.php of Garage Managemen ...) NOT-FOR-US: Garage Management System CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a persistent c ...) NOT-FOR-US: Garage Management System CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Garage Management System CVE-2022-36635 (ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injec ...) NOT-FOR-US: ZKteco CVE-2022-36634 (An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows a ...) NOT-FOR-US: ZKteco CVE-2022-36633 (Teleport 9.3.6 is vulnerable to Command injection leading to Remote Co ...) NOT-FOR-US: Teleport CVE-2022-36632 RESERVED CVE-2022-36631 RESERVED CVE-2022-36630 RESERVED CVE-2022-36629 RESERVED CVE-2022-36628 RESERVED CVE-2022-36627 RESERVED CVE-2022-36626 RESERVED CVE-2022-36625 RESERVED CVE-2022-36624 RESERVED CVE-2022-36623 RESERVED CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...) NOT-FOR-US: Samsung Electronics mTower CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...) NOT-FOR-US: Samsung Electronics mTower CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnera ...) NOT-FOR-US: D-Link CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...) NOT-FOR-US: D-Link CVE-2022-36618 RESERVED CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption passwords using ...) NOT-FOR-US: Arq Backup CVE-2022-36616 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was di ...) NOT-FOR-US: TOTOLINK CVE-2022-36615 (TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a h ...) NOT-FOR-US: TOTOLINK CVE-2022-36614 (TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a har ...) NOT-FOR-US: TOTOLINK CVE-2022-36613 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a har ...) NOT-FOR-US: TOTOLINK CVE-2022-36612 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a ha ...) NOT-FOR-US: TOTOLINK CVE-2022-36611 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a har ...) NOT-FOR-US: TOTOLINK CVE-2022-36610 (TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hard ...) NOT-FOR-US: TOTOLINK CVE-2022-36609 (Clinic's Patient Management System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36608 RESERVED CVE-2022-36607 RESERVED CVE-2022-36606 (Ywoa before v6.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: Ywoa CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: Yimioa CVE-2022-36604 (An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and belo ...) NOT-FOR-US: Canaan Avalon ASIC Miner CVE-2022-36603 (InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contai ...) NOT-FOR-US: InnoSilicon T3T+ t2t+_soc_20190911_151433.swu CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote ...) NOT-FOR-US: InnoSilicon A10 CVE-2022-36601 (The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 ...) NOT-FOR-US: JasMiner-X4-Server-20220621-090907 CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting ( ...) NOT-FOR-US: BlogEngine CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-36598 RESERVED CVE-2022-36597 RESERVED CVE-2022-36596 RESERVED CVE-2022-36595 RESERVED CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: MyBatis Mapper CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file deletion ...) NOT-FOR-US: kkFileView CVE-2022-36592 RESERVED CVE-2022-36591 RESERVED CVE-2022-36590 RESERVED CVE-2022-36589 RESERVED CVE-2022-36588 (In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the fi ...) NOT-FOR-US: D-Link CVE-2022-36587 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...) NOT-FOR-US: Tenda CVE-2022-36586 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...) NOT-FOR-US: Tenda CVE-2022-36585 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the ...) NOT-FOR-US: Tenda CVE-2022-36584 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser ...) NOT-FOR-US: Tenda CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...) NOT-FOR-US: DedeCMS CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...) NOT-FOR-US: Garage Management System CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-36580 (An arbitrary file upload vulnerability in the component /admin/product ...) NOT-FOR-US: Online Ordering System CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: Wellcms CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background.) NOT-FOR-US: jizhicms CVE-2022-36577 (An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerabil ...) NOT-FOR-US: jizhicms CVE-2022-36576 RESERVED CVE-2022-36575 RESERVED CVE-2022-36574 RESERVED CVE-2022-36573 (A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allo ...) NOT-FOR-US: Pagekit CMS CVE-2022-36572 (Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to con ...) NOT-FOR-US: Sinsiu Sinsiu Enterprise Website System CVE-2022-36571 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-36570 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-36569 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-36568 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-36567 RESERVED CVE-2022-36566 (Rengine v1.3.0 was discovered to contain a command injection vulnerabi ...) NOT-FOR-US: Rengine CVE-2022-36565 (Incorrect access control in the install directory (C:\Wamp64) of Wamp ...) NOT-FOR-US: Wamp CVE-2022-36564 (Incorrect access control in the install directory (C:\Strawberry) of S ...) NOT-FOR-US: StrawberryPerl CVE-2022-36563 (Incorrect access control in the install directory (C:\RailsInstaller) ...) NOT-FOR-US: Rubyinstaller2 CVE-2022-36562 (Incorrect access control in the install directory (C:\Ruby31-x64) of R ...) NOT-FOR-US: Rubyinstaller2 CVE-2022-36561 (XPDF v4.0.4 was discovered to contain a segmentation violation via the ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-36560 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...) NOT-FOR-US: Seiko SkyBridge MB-A200 CVE-2022-36559 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...) NOT-FOR-US: Seiko SkyBridge MB-A200 CVE-2022-36558 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded ...) NOT-FOR-US: Seiko SkyBridge MB-A100/A110 CVE-2022-36557 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...) NOT-FOR-US: Seiko SkyBridge MB-A100/A110 CVE-2022-36556 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...) NOT-FOR-US: Seiko SkyBridge MB-A100/A110 CVE-2022-36555 (Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash ...) NOT-FOR-US: Hytec Inter HWL-2511-SS CVE-2022-36554 (A command injection vulnerability in the CLI (Command Line Interface) ...) NOT-FOR-US: Hytec Inter HWL-2511-SS CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a co ...) NOT-FOR-US: Hytec Inter HWL-2511-SS CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...) NOT-FOR-US: Tenda CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...) NOT-FOR-US: Heartex CVE-2022-36550 RESERVED CVE-2022-36549 RESERVED CVE-2022-36548 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stor ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36547 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a refl ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36546 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cros ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36545 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36544 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36543 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36542 (An access control issue in the component /ip/admin/ of Edoc-doctor-app ...) NOT-FOR-US: Edoc-doctor-appointment-system CVE-2022-36541 RESERVED CVE-2022-36540 RESERVED CVE-2022-36539 (WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID ...) NOT-FOR-US: WeDayCare B.V Ouderapp CVE-2022-36538 RESERVED CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...) NOT-FOR-US: ZK Framework CVE-2022-36536 (An issue in the component post_applogin.php of Super Flexible Software ...) NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery CVE-2022-36535 RESERVED CVE-2022-36534 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and ...) NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery CVE-2022-36533 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and ...) NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery CVE-2022-36532 (Bolt CMS contains a vulnerability in version 5.1.12 and below that all ...) NOT-FOR-US: Bolt CMS CVE-2022-36531 RESERVED CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...) NOT-FOR-US: rageframe CVE-2022-36529 (Kensite CMS v1.0 was discovered to contain multiple SQL injection vuln ...) NOT-FOR-US: Kensite CMS CVE-2022-36528 RESERVED CVE-2022-36527 (Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or ...) NOT-FOR-US: Jfinal CMS CVE-2022-36526 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) NOT-FOR-US: D-Link CVE-2022-36525 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) NOT-FOR-US: D-Link CVE-2022-36524 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) NOT-FOR-US: D-Link CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) NOT-FOR-US: D-Link CVE-2022-36522 (Mikrotik RouterOs through stable v6.48.3 was discovered to contain an ...) NOT-FOR-US: Mikrotik CVE-2022-36521 (Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers ...) NOT-FOR-US: cskefu CVE-2022-36520 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36519 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36518 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36517 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36516 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36515 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36514 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36513 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36512 RESERVED CVE-2022-36511 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) NOT-FOR-US: H3C CVE-2022-36510 (H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injec ...) NOT-FOR-US: H3C CVE-2022-36509 (H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injec ...) NOT-FOR-US: H3C CVE-2022-36508 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36507 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36506 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36505 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36504 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36503 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36502 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36501 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36500 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36499 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36498 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36497 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36496 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36495 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36494 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36493 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36492 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36491 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36490 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36489 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) NOT-FOR-US: H3C CVE-2022-36488 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36487 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36486 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36485 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36484 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36483 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36482 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36481 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36480 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36479 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36478 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36477 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36476 RESERVED CVE-2022-36475 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36474 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36473 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36472 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36471 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36470 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36469 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36468 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36467 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-36466 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36465 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36464 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36463 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36462 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-36461 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36460 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36459 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36458 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-36457 RESERVED CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab through 9 ...) NOT-FOR-US: Mitel CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 thr ...) NOT-FOR-US: Mitel CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) NOT-FOR-US: Mitel CVE-2022-36451 (A vulnerability in the MiCollab Client server component of Mitel MiCol ...) NOT-FOR-US: Mitel CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...) NOT-FOR-US: Obsidian CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-36448 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...) NOT-FOR-US: Chia Network CAT1 Standard CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...) - webmin CVE-2022-36445 RESERVED CVE-2022-36444 (An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10 ...) NOT-FOR-US: Atos Unify OpenScape SBC CVE-2022-36443 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The de ...) NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By usi ...) NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...) NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...) {DLA-3573-1} - frr 8.4.1-1 [bullseye] - frr 7.5.1-1.1+deb11u2 NOTE: https://github.com/FRRouting/frr/issues/13202 NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3 ...) NOT-FOR-US: WordPress plugin CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) NOT-FOR-US: Transposh WordPress Translation plugin for WordPress CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-2530 REJECTED CVE-2022-2529 (sflow decode package does not employ sufficient packet sanitisation wh ...) NOT-FOR-US: goflow CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...) NOT-FOR-US: Octopus Deploy CVE-2022-36439 (AsusSoftwareManager.exe in ASUS System Control Interface on ASUS perso ...) NOT-FOR-US: ASUS CVE-2022-36438 (AsusSwitch.exe on ASUS personal computers (running Windows) sets weak ...) NOT-FOR-US: ASUS CVE-2022-36437 (The Connection handler in Hazelcast and Hazelcast Jet allows a remote ...) - hazelcast (bug #745640) CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...) NOT-FOR-US: OSU Open Source Lab VNCAuthProxy CVE-2022-36435 RESERVED CVE-2022-36434 RESERVED CVE-2022-36433 (The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plu ...) NOT-FOR-US: Amasty Blog Pro CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Mag ...) NOT-FOR-US: Amasty Blog Pro plugin for Magento CVE-2022-36431 (An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise ...) NOT-FOR-US: Rocket TRUfusion Enterprise CVE-2022-36430 RESERVED CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...) {DSA-5228-1} - gdk-pixbuf 2.42.8+dfsg-1 [buster] - gdk-pixbuf (Vulnerable code not present; GIF animation support added later) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6976bdc8ee9dd2c2954f91066f7b0f643769a379 (2.42.8) NOTE: https://www.openwall.com/lists/oss-security/2022/07/23/1 NOTE: http://www.openwall.com/lists/oss-security/2022/07/25/1 CVE-2022-2526 (A use-after-free vulnerability was found in systemd. This issue occurs ...) - systemd 240-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2109926 NOTE: https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c (v240) CVE-2022-2525 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) - calibre-web (bug #982690) CVE-2022-2524 RESERVED CVE-2017-20145 (A vulnerability was found in Tecrail Responsive Filemanger up to 9.10. ...) NOT-FOR-US: Tecrail Responsive Filemanger CVE-2017-20144 (A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1. ...) NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC Kit Wir ...) NOT-FOR-US: Intel CVE-2022-36392 (Improper input validation in some firmware for Intel(R) AMT and Intel( ...) NOT-FOR-US: Intel CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...) NOT-FOR-US: Intel CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...) NOT-FOR-US: Intel CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...) NOT-FOR-US: Intel CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards ...) NOT-FOR-US: Intel CVE-2022-36283 RESERVED CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector softwa ...) NOT-FOR-US: Intel CVE-2022-34859 RESERVED CVE-2022-33963 (Incorrect default permissions in the software installer for Intel(R) U ...) NOT-FOR-US: Intel CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) - fava 1.23.1-1 (bug #1016971) [bullseye] - fava (Minor issue) [buster] - fava (Minor issue) NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...) NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...) NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 CVE-2022-35734 ('Hulu / \u30d5\u30fc\u30eb\u30fc' App for Android from version 3.0.47 ...) NOT-FOR-US: Hulu App for Android CVE-2022-34156 ('Hulu / \u30d5\u30fc\u30eb\u30fc' App for iOS versions prior to 3.0.81 ...) NOT-FOR-US: Hulu App for Android CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...) NOT-FOR-US: Scooter Beyond Compare CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) NOT-FOR-US: Scooter Beyond Compare CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a b ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...) NOT-FOR-US: Zoho CVE-2022-36411 RESERVED CVE-2022-36410 RESERVED CVE-2022-36409 RESERVED CVE-2022-36408 REJECTED CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...) NOT-FOR-US: Intel CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) NOT-FOR-US: Intel CVE-2022-36395 RESERVED CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless Adapter Drive ...) NOT-FOR-US: Intel CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) NOT-FOR-US: Intel CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...) NOT-FOR-US: Intel CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...) NOT-FOR-US: Intel CVE-2022-34855 (Path traversal for the Intel(R) NUC Pro Software Suite before version ...) NOT-FOR-US: Intel CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...) NOT-FOR-US: Intel CVE-2022-34147 (Improper input validation in BIOS firmware for some Intel(R) NUC 9 Ext ...) NOT-FOR-US: Intel CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) NOT-FOR-US: Roxy-WI CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0135-1 (unimportant; bug #1016068) NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061) NOTE: Crash in CLI tool, no security impact CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer free ...) {DSA-5333-1} - tiff 4.4.0-6 (unimportant; bug #1024670) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba NOTE: Crash in CLI tool, no security impact CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion f ...) {DSA-5333-1} - tiff 4.4.0-6 (unimportant; bug #1024670) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba NOTE: Crash in CLI tool, no security impact CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop.c:88 ...) {DSA-5333-1} - tiff 4.4.0-6 (unimportant; bug #1024670) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba NOTE: Crash in CLI tool, no security impact CVE-2022-2518 (The Stockists Manager for Woocommerce plugin for WordPress is vulnerab ...) NOT-FOR-US: Stockists Manager for Woocommerce plugin for WordPress CVE-2022-2517 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) NOT-FOR-US: WordPress plugin CVE-2022-2516 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...) NOT-FOR-US: Visual Composer Website Builder plugin for WordPress CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...) {DSA-5186-1} - djangorestframework 3.10.2-1 NOTE: https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8 (3.9.1) CVE-2022-36407 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) NOT-FOR-US: Hitachi CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...) NOT-FOR-US: WordPress plugin CVE-2022-36386 (Authenticated Arbitrary Code Execution vulnerability in Soflyy Import ...) NOT-FOR-US: WordPress plugin CVE-2022-36379 (Cross-Site Request Forgery (CSRF) leading to plugin settings update in ...) NOT-FOR-US: WordPress plugin CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-36371 RESERVED CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilo ...) NOT-FOR-US: WordPress plugin CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...) NOT-FOR-US: WordPress plugin CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...) NOT-FOR-US: JustSystems CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-36341 (Authenticated (subscriber+) plugin settings change leading to Stored C ...) NOT-FOR-US: WordPress plugin CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND pl ...) NOT-FOR-US: JumpDEMAND CVE-2022-36292 (Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery P ...) NOT-FOR-US: WordPress plugin CVE-2022-36288 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden ...) NOT-FOR-US: WordPress plugin CVE-2022-36285 (Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Up ...) NOT-FOR-US: WordPress plugin CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerc ...) NOT-FOR-US: WooCommerce addon CVE-2022-36282 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in YooMoney \u04 ...) NOT-FOR-US: WordPress plugin CVE-2022-34867 (Unauthenticated Sensitive Information Disclosure vulnerability in WP L ...) NOT-FOR-US: WordPress plugin CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...) NOT-FOR-US: WordPress plugin CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpd ...) NOT-FOR-US: WordPress plugin CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-34344 (Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \ ...) NOT-FOR-US: WordPress plugin CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File Upload vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in Biplob018 Shor ...) NOT-FOR-US: WordPress plugin CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob Adhikar ...) NOT-FOR-US: WordPress plugin CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scripting ( ...) NOT-FOR-US: WordPress plugin CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite \u2013 S ...) NOT-FOR-US: MailerLite CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2022-2515 (The Simple Banner plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: Simple Banner plugin for WordPress CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...) - fava 1.23.1-1 (bug #1016971) [bullseye] - fava (Minor issue) [buster] - fava (Minor issue) NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429 NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22) CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device (IED) Conn ...) NOT-FOR-US: Hitachi CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...) NOT-FOR-US: BlueSpice CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...) NOT-FOR-US: BlueSpice CVE-2022-36372 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...) NOT-FOR-US: Intel CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android applicat ...) NOT-FOR-US: Intel CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances based ...) NOT-FOR-US: Apache Calcite CVE-2022-36298 RESERVED CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...) NOT-FOR-US: Intel CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software Suite befor ...) NOT-FOR-US: Intel CVE-2022-34846 RESERVED CVE-2022-34657 (Improper input validation in firmware for some Intel(R) PCSD BIOS befo ...) NOT-FOR-US: Intel CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode 3.20230214.1~deb11u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...) NOT-FOR-US: Intel CVE-2022-32232 RESERVED CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...) {DSA-5203-1 DLA-3070-1} - gnutls28 3.7.7-1 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...) NOT-FOR-US: Octopus Server CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render user s ...) NOT-FOR-US: Octopus Deploy CVE-2022-2506 RESERVED CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: LOGO! CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...) NOT-FOR-US: SolarView Compact SV-CPT-MC310 CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory safety ...) - firefox 103.0-1 - thunderbird 1:102.1.0-1 [bullseye] - thunderbird (Only affects 102 ESR) [buster] - thunderbird (Only affects 102 ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505 CVE-2022-2504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: SDD-Baro CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...) - linux 5.18.2-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 (5.19-rc1) NOTE: https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m CVE-2022-2502 (A vulnerability exists in the HCI IEC 60870-5-104 function included in ...) NOT-FOR-US: HCI CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...) {DSA-5254-1} - python-django 3:3.2.15-1 [buster] - python-django (Vulnerable code introduced in 2.1) NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1 NOTE: https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173 (main) NOTE: https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80 (3.2.15) NOTE: Introduced by: https://github.com/django/django/commit/a177f854c34718e473bcd0a2dc6c4fd935c8e327 CVE-2022-36342 RESERVED CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2022-36297 RESERVED CVE-2022-36286 RESERVED CVE-2022-35732 RESERVED CVE-2022-35731 RESERVED CVE-2022-35727 RESERVED CVE-2022-34852 RESERVED CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows ...) NOT-FOR-US: Intel CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some Intel(R) pla ...) NOT-FOR-US: Intel CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some Intel(R ...) NOT-FOR-US: Intel CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...) - gitlab (Specific to EE) CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - gitlab 15.10.8+ds1-2 CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-2496 RESERVED CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/6cd1ed50efd88261298577cd92a14f2768eddeeb (v5.6-rc3) CVE-2020-36557 (A race condition in the Linux kernel before 5.6.2 between the VT_DISAL ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/ca4463bf8438b403596edd0ec961ca0d4fbe0220 (v5.7-rc1) CVE-2022-36335 RESERVED CVE-2022-36334 RESERVED CVE-2022-36333 RESERVED CVE-2022-36332 RESERVED CVE-2022-36331 (Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDis ...) NOT-FOR-US: Western Digital CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...) NOT-FOR-US: Western Digital CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...) NOT-FOR-US: Western Digital CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Western Digital CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Western Digital CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that could ar ...) NOT-FOR-US: Western Digital CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...) NOT-FOR-US: Siemens CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...) NOT-FOR-US: Siemens CVE-2022-36323 (Affected devices do not properly sanitize an input field. This could ...) NOT-FOR-US: Siemens CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-36320 (Mozilla developers and the Mozilla Fuzzing Team reported memory safety ...) - firefox 103.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320 CVE-2022-36319 (When combining CSS properties for overflow and transform, the mouse cu ...) {DSA-5195-1 DSA-5193-1} - firefox 103.0-1 - firefox-esr 91.12.0esr-1 - thunderbird 1:102.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36319 CVE-2022-36318 (When visiting directory listings for `chrome://` URLs as source text, ...) {DSA-5195-1 DSA-5193-1} - firefox 103.0-1 - firefox-esr 91.12.0esr-1 - thunderbird 1:102.1.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36318 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36318 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36318 CVE-2022-36317 (When visiting a website with an overly long URL, the user interface wo ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36317 CVE-2022-36316 (When using the Performance API, an attacker was able to notice subtle ...) - firefox 103.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36316 CVE-2022-36315 (When loading a script with Subresource Integrity, attackers with an in ...) - firefox 103.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36315 CVE-2022-36314 (When opening a Windows shortcut from the local filesystem, an attacker ...) - firefox (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36314 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36314 CVE-2022-36313 (An issue was discovered in the file-type package before 16.5.4 and 17. ...) NOT-FOR-US: Node file-type CVE-2022-2495 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-2494 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: openemr CVE-2022-2493 (Data Access from Outside Expected Data Manager Component in GitHub rep ...) NOT-FOR-US: openemr CVE-2022-2492 (A vulnerability was found in SourceCodester Library Management System ...) NOT-FOR-US: SourceCodester CVE-2022-2491 (A vulnerability has been found in SourceCodester Library Management Sy ...) NOT-FOR-US: SourceCodester CVE-2022-2490 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester CVE-2022-2489 (A vulnerability was found in SourceCodester Simple E-Learning System 1 ...) NOT-FOR-US: SourceCodester CVE-2022-2488 (A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classifie ...) NOT-FOR-US: WAVLINK CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and clas ...) NOT-FOR-US: WAVLINK CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...) NOT-FOR-US: WAVLINK CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...) {DSA-5200-1 DLA-3071-1} - libtirpc 1.3.2-2.1 (bug #1015873) NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1) NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3) CVE-2022-36312 (Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF pro ...) NOT-FOR-US: Airspan AirVelocity 1500 software CVE-2022-36311 (Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vu ...) NOT-FOR-US: Airspan AirVelocity 1500 software CVE-2022-36310 (Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had N ...) NOT-FOR-US: Airspan AirVelocity 1500 software CVE-2022-36309 (Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have ...) NOT-FOR-US: Airspan AirVelocity 1500 software CVE-2022-36308 (Airspan AirVelocity 1500 web management UI displays SNMP credentials i ...) NOT-FOR-US: Airspan AirVelocity 1500 CVE-2022-36307 (The AirVelocity 1500 prints SNMP credentials on its physically accessi ...) NOT-FOR-US: Airspan AirVelocity 1500 CVE-2022-36306 (An authenticated attacker can enumerate and download sensitive files, ...) NOT-FOR-US: Airspan AirVelocity 1500 CVE-2022-36294 RESERVED CVE-2022-36290 RESERVED CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK software before ...) NOT-FOR-US: Intel CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software before ver ...) NOT-FOR-US: Intel CVE-2022-35274 RESERVED CVE-2022-35237 RESERVED CVE-2022-34860 RESERVED CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector software ...) NOT-FOR-US: Intel CVE-2022-33949 RESERVED CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and Collector softw ...) NOT-FOR-US: Intel CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...) NOT-FOR-US: AutomationDirect CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module version 4 ...) NOT-FOR-US: Nokia CVE-2022-2483 (The bootloader in the Nokia ASIK AirScale system module (versions 4740 ...) NOT-FOR-US: Nokia CVE-2022-2482 (A vulnerability exists in Nokia\u2019s ASIK AirScale system module (ve ...) NOT-FOR-US: Nokia CVE-2022-2481 (Use after free in Views in Google Chrome prior to 103.0.5060.134 allow ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-2480 (Use after free in Service Worker API in Google Chrome prior to 103.0.5 ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-2479 (Insufficient validation of untrusted input in File in Google Chrome on ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-2478 (Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-2477 (Use after free in Guest View in Google Chrome prior to 103.0.5060.134 ...) {DSA-5187-1} - chromium 103.0.5060.134-1 [buster] - chromium (see DSA 5046) CVE-2022-36305 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: Vesta CVE-2022-36304 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: Vesta CVE-2022-36303 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: Vesta CVE-2022-36302 (File path manipulation vulnerability in BF-OS version 3.00 up to and i ...) NOT-FOR-US: BF-OS CVE-2022-36301 (BF-OS version 3.x up to and including 3.83 do not enforce strong passw ...) NOT-FOR-US: BF-OS CVE-2022-36300 RESERVED CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3 allows a r ...) NOT-FOR-US: Booked CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The results ...) - wavpack 5.5.0-1 (bug #1015790) [bullseye] - wavpack (Minor issue) [buster] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/issues/121 NOTE: https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac (5.5.0) CVE-2022-2475 (Haas Controller version 100.20.000.1110 has insufficient granularity o ...) NOT-FOR-US: Haas Controller CVE-2022-2474 (Authentication is currently unsupported in Haas Controller version 100 ...) NOT-FOR-US: Haas Controller CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...) NOT-FOR-US: WP-UserOnline plugin for WordPress CVE-2022-2472 (Improper Initialization vulnerability in the local server component of ...) NOT-FOR-US: EZVIZ CS-C6N-A0-1C2WFR CVE-2022-2471 (Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detectio ...) NOT-FOR-US: EZVIZ Motion Detection in various camera models CVE-2022-2470 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...) {DSA-5189-1} - gsasl 2.0.1-1 NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html NOTE: Reproducing issue: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00002.html NOTE: Fixed by: https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30 (v2.0.1) CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management System 1 ...) NOT-FOR-US: SourceCodester Garage Management CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Management Sys ...) NOT-FOR-US: SourceCodester Garage Management CVE-2016-15004 (A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. I ...) NOT-FOR-US: InfiniteWP CVE-2022-35735 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35728 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35272 (In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35245 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35243 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35241 (In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Insta ...) NOT-FOR-US: F5 CVE-2022-35240 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2022-35236 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34865 (In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and a ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34862 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34851 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34844 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34655 (In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2022-34651 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-33968 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-33962 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-33947 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-33203 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-32455 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-31473 (In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when ...) NOT-FOR-US: F5 BIG-IP CVE-2022-30535 (In versions 2.x before 2.3.0 and all versions of 1.x, An attacker auth ...) NOT-FOR-US: F5 CVE-2022-2466 (It was found that Quarkus 2.10.x does not terminate HTTP requests head ...) NOT-FOR-US: quarkusio/quarkus CVE-2022-2465 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) NOT-FOR-US: Rockwell Automation CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) NOT-FOR-US: Rockwell Automation CVE-2022-2463 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) NOT-FOR-US: Rockwell Automation CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) NOT-FOR-US: Transposh WordPress Translation plugin for WordPress CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) NOT-FOR-US: Transposh WordPress Translation plugin for WordPress CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' pa ...) NOT-FOR-US: TCMAN GIM CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' p ...) NOT-FOR-US: TCMAN GIM CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...) NOT-FOR-US: WordPress plugin CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab (Specific to EE) CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that allows an a ...) NOT-FOR-US: Red Hat Process Automation Manager CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where an atta ...) NOT-FOR-US: Red Hat Process Automation Manager CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2022-36275 RESERVED CVE-2022-36274 RESERVED CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...) NOT-FOR-US: Tenda CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-36271 (Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll ...) NOT-FOR-US: Outbyte PC Repair Installation File CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36269 RESERVED CVE-2022-36268 RESERVED CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...) NOT-FOR-US: Airspan AirSpot CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...) NOT-FOR-US: Airspan AirSpot CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...) NOT-FOR-US: Airspan AirSpot CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...) NOT-FOR-US: Airspan AirSpot CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access ...) NOT-FOR-US: StreamLabs Desktop Application CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website settings that ...) NOT-FOR-US: taocms CVE-2022-36261 (An arbitrary file deletion vulnerability was discovered in taocms 3.0. ...) NOT-FOR-US: taocms CVE-2022-36260 RESERVED CVE-2022-36259 (A SQL injection vulnerability in ConnectionFactory.java in sazanrjb In ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-36258 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-36257 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-36256 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-36255 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-36254 (Multiple persistent cross-site scripting (XSS) vulnerabilities in inde ...) NOT-FOR-US: tramyardg Hotel Management System CVE-2022-36253 RESERVED CVE-2022-36252 RESERVED CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross Site Sc ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36250 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36249 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36248 RESERVED CVE-2022-36247 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36246 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36245 RESERVED CVE-2022-36244 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36243 (Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) NOT-FOR-US: Shop Beat Solutions CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36241 RESERVED CVE-2022-36240 RESERVED CVE-2022-36239 RESERVED CVE-2022-36238 RESERVED CVE-2022-36237 RESERVED CVE-2022-36236 RESERVED CVE-2022-36235 RESERVED CVE-2022-36234 (SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...) NOT-FOR-US: SimpleNetwork TCP Server CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form ...) NOT-FOR-US: Tenda CVE-2022-36232 RESERVED CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby cod ...) NOT-FOR-US: pdf_info gem CVE-2022-36230 RESERVED CVE-2022-36229 RESERVED CVE-2022-36228 (Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Perm ...) NOT-FOR-US: Nokelock Smart padlock CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...) {DLA-3294-1} - libarchive 3.6.2-1 (bug #1024669) [bullseye] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/1754 NOTE: https://github.com/libarchive/libarchive/pull/1759 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5 CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /Si ...) NOT-FOR-US: SiteServerCMS CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...) NOT-FOR-US: Eyoucms CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).) NOT-FOR-US: XunRuiCMS CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS s ...) NOT-FOR-US: Emby Server CVE-2022-36222 (Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped wit ...) NOT-FOR-US: Nokia CVE-2022-36221 (Nokia Fastmile 3tg00118abad52 is affected by an authenticated path tra ...) NOT-FOR-US: Nokia CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows) ...) NOT-FOR-US: Safe Exam Browser CVE-2022-36219 RESERVED CVE-2022-36218 RESERVED CVE-2022-36217 RESERVED CVE-2022-36216 (DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code exec ...) NOT-FOR-US: DedeCMS CVE-2022-36215 (DedeBIZ v6 was discovered to contain a remote code execution vulnerabi ...) NOT-FOR-US: DedeBIZ CVE-2022-36214 RESERVED CVE-2022-36213 RESERVED CVE-2022-36212 RESERVED CVE-2022-36211 RESERVED CVE-2022-36210 RESERVED CVE-2022-36209 RESERVED CVE-2022-36208 RESERVED CVE-2022-36207 RESERVED CVE-2022-36206 RESERVED CVE-2022-36205 RESERVED CVE-2022-36204 RESERVED CVE-2022-36203 (Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: Doctor's Appointment System CVE-2022-36202 (Doctor's Appointment System1.0 is vulnerable to Incorrect Access Contr ...) NOT-FOR-US: Doctor's Appointment System CVE-2022-36201 (Doctor\u2019s Appointment System v1.0 is vulnerable to Blind SQLi via ...) NOT-FOR-US: Doctor's Appointment System CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...) NOT-FOR-US: FiberHome VDSL2 Modem CVE-2022-36199 RESERVED CVE-2022-36198 (Multiple SQL injections detected in Bus Pass Management System 1.0 via ...) NOT-FOR-US: Bus Pass Management System CVE-2022-36197 (BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: BigTree CMS CVE-2022-36196 RESERVED CVE-2022-36195 RESERVED CVE-2022-36194 (Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the ...) - centreon-web (bug #913903) CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote attackers ...) NOT-FOR-US: School Management System CVE-2022-36192 RESERVED CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2218 NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1019595) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2220 NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218 NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 CVE-2022-36189 RESERVED CVE-2022-36188 RESERVED CVE-2022-36187 RESERVED CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...) - gpac 2.0.0+dfsg1-4 (bug #1019595) [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/2223 NOTE: https://github.com/gpac/gpac/commit/b43f9d1a4b4e33d08edaef6d313e6ce4bdf554d3 CVE-2022-36185 RESERVED CVE-2022-36184 RESERVED CVE-2022-36183 RESERVED CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow fo ...) NOT-FOR-US: HashiCorp Boundary CVE-2022-36181 RESERVED CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...) {DLA-3487-1} - fusiondirectory [bullseye] - fusiondirectory (Minor issue) NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ NOTE: https://github.com/fusiondirectory/fusiondirectory/commit/fadebb79b932a0260bdb8723eb23694a3ae62366 (fusiondirectory-1.3.1) CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling.) {DLA-3487-1} - fusiondirectory [bullseye] - fusiondirectory (Minor issue) NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ NOTE: https://github.com/fusiondirectory/fusiondirectory/commit/d84cf05573b52df98418adf3716daf365e8da745 (fusiondirectory-1.3.1) CVE-2022-36178 RESERVED CVE-2022-36177 RESERVED CVE-2022-36176 RESERVED CVE-2022-36175 RESERVED CVE-2022-36174 (FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2 ...) NOT-FOR-US: FreshService CVE-2022-36173 (FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 a ...) NOT-FOR-US: FreshService CVE-2022-36172 RESERVED CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.) NOT-FOR-US: MapGIS IGServer CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end an ...) NOT-FOR-US: MapGIS IGServer CVE-2022-36169 RESERVED CVE-2022-36168 (A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. ...) NOT-FOR-US: Wuzhicms CVE-2022-36167 RESERVED CVE-2022-36166 RESERVED CVE-2022-36165 RESERVED CVE-2022-36164 RESERVED CVE-2022-36163 RESERVED CVE-2022-36162 RESERVED CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Orange Station CVE-2022-36160 RESERVED CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...) NOT-FOR-US: Contec FXA3200 CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...) NOT-FOR-US: Contec FXA3200 CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...) NOT-FOR-US: XXL-JOB CVE-2022-36156 RESERVED CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation issue via ...) NOT-FOR-US: tifig CVE-2022-36154 RESERVED CVE-2022-36153 (tifig v0.2.2 was discovered to contain a segmentation violation via st ...) NOT-FOR-US: tifig CVE-2022-36152 (tifig v0.2.2 was discovered to contain a memory leak via operator new[ ...) NOT-FOR-US: tifig CVE-2022-36151 (tifig v0.2.2 was discovered to contain a segmentation violation via ge ...) NOT-FOR-US: tifig CVE-2022-36150 (tifig v0.2.2 was discovered to contain a heap-buffer overflow via __as ...) NOT-FOR-US: tifig CVE-2022-36149 (tifig v0.2.2 was discovered to contain a heap-use-after-free via temIn ...) NOT-FOR-US: tifig CVE-2022-36148 (fdkaac commit 53fe239 was discovered to contain a floating point excep ...) - fdkaac (unimportant; bug #1017751) NOTE: https://github.com/nu774/fdkaac/issues/52 NOTE: https://github.com/nu774/fdkaac/commit/4ec1422bd951a137225ffa4052da120e2ab0a0f4 (v1.0.3) NOTE: Crash in CLI tool, no security impact CVE-2022-36147 RESERVED CVE-2022-36146 (SWFMill commit 53d7690 was discovered to contain a memory allocation i ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/65 NOTE: Crash in CLI tool, no security impact CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/64 NOTE: Crash in CLI tool, no security impact CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill (bug #1019600) [bullseye] - swfmill (Minor issue) [buster] - swfmill (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/63 CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/62 NOTE: Crash in CLI tool, no security impact CVE-2022-36142 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/61 NOTE: Crash in CLI tool, no security impact CVE-2022-36141 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/58 NOTE: Crash in CLI tool, no security impact CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) - swfmill (unimportant) NOTE: https://github.com/djcsdy/swfmill/issues/57 NOTE: Crash in CLI tool, no security impact CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) - swfmill (bug #1019600) [bullseye] - swfmill (Minor issue) [buster] - swfmill (Minor issue) NOTE: https://github.com/djcsdy/swfmill/issues/56 CVE-2022-36138 RESERVED CVE-2022-36137 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) NOT-FOR-US: ChurchCRM CVE-2022-36136 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) NOT-FOR-US: ChurchCRM CVE-2022-36135 RESERVED CVE-2022-36134 RESERVED CVE-2022-36133 (The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices wit ...) NOT-FOR-US: Epson CVE-2022-36132 RESERVED CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...) NOT-FOR-US: Atlassian addon CVE-2022-36130 (HashiCorp Boundary up to 0.10.1 did not properly perform data integrit ...) NOT-FOR-US: HashiCorp Boundary CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...) NOT-FOR-US: HashiCorp Vault CVE-2022-2455 (A business logic issue in the handling of large repositories in all ve ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-36128 RESERVED CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...) NOT-FOR-US: Apache SkyWalking CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1015788) [buster] - gpac (No longer supported in LTS; Minor issue) NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.) - gpac 2.0.0+dfsg1-4 (bug #1015788) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a NOTE: https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c CVE-2022-2452 RESERVED CVE-2022-2451 RESERVED CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...) NOT-FOR-US: Inductive Automation Ignition CVE-2022-2450 (The reSmush.it : the only free Image Optimizer & compress plugin WordP ...) NOT-FOR-US: WordPress plugin CVE-2022-2449 (The reSmush.it : the only free Image Optimizer & compress plugin WordP ...) NOT-FOR-US: WordPress plugin CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...) - python-keystonemiddleware 10.1.0-4 (bug #1021272) [bullseye] - python-keystonemiddleware (Minor issue) [buster] - python-keystonemiddleware (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419 NOTE: https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: Itech Movie Portal Script CVE-2017-20142 (A vulnerability classified as critical was found in Itech Movie Portal ...) NOT-FOR-US: Itech Movie Portal Script CVE-2017-20141 (A vulnerability classified as critical has been found in Itech Movie P ...) NOT-FOR-US: Itech Movie Portal Script CVE-2017-20140 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...) NOT-FOR-US: Itech Movie Portal Script CVE-2017-20139 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...) NOT-FOR-US: Itech Movie Portal Script CVE-2016-15003 (A vulnerability has been found in FileZilla Client 3.17.0.0 and classi ...) - filezilla (Installer not relevant to Debian) CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...) NOT-FOR-US: FileZilla server CVE-2022-36125 (It is possible to crash (panic) an application by providing a corrupte ...) NOT-FOR-US: Apache Avro CVE-2022-36124 (It is possible for a Reader to consume memory beyond the allowed const ...) NOT-FOR-US: Apache Avro CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation for th ...) - linux 5.18.14-1 [bullseye] - linux (Vulnerability introduced later) [buster] - linux (Vulnerability introduced later) NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md NOTE: https://sick.codes/sick-2022-128 CVE-2022-36122 (The Automox Agent before 40 on Windows incorrectly sets permissions on ...) NOT-FOR-US: Automox CVE-2022-36121 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36120 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36119 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36118 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36117 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) NOT-FOR-US: Blue Prism Enterprise CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...) - cargo 0.63.1-1 (bug #1021142) [bullseye] - cargo (Minor issue) [buster] - cargo (Minor issue) - rust-cargo 0.66.0-1 (bug #1021143) [bullseye] - rust-cargo (Minor issue) [buster] - rust-cargo (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp NOTE: https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a ...) - cargo 0.63.1-1 (bug #1021142) [bullseye] - cargo (Minor issue) [buster] - cargo (Minor issue) - rust-cargo 0.66.0-1 (bug #1021143) [bullseye] - rust-cargo (Minor issue) [buster] - rust-cargo (Minor issue) NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j NOTE: https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-36111 (immudb is a database with built-in cryptographic proof and verificatio ...) NOT-FOR-US: immudb CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...) NOT-FOR-US: Netmaker CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...) - docker.io 20.10.19+dfsg1-1 (bug #1019601) [bullseye] - docker.io (Minor issue) [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 CVE-2022-36108 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2022-36107 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2022-36106 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2022-36105 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2022-36104 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2022-36103 (Talos Linux is a Linux distribution built for Kubernetes deployments. ...) NOT-FOR-US: Talos Linux CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...) NOT-FOR-US: Shopware CVE-2022-36101 (Shopware is an open source e-commerce software. In affected versions t ...) NOT-FOR-US: Shopware CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are tag appl ...) NOT-FOR-US: XWiki CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing subwikis on ...) NOT-FOR-US: XWiki CVE-2022-36098 (XWiki Platform Mentions UI is a user interface for mentioning users in ...) NOT-FOR-US: XWiki CVE-2022-36097 (XWiki Platform Attachment UI provides a macro to easily upload and sel ...) NOT-FOR-US: XWiki CVE-2022-36096 (The XWiki Platform Index UI is an Index of all pages, attachments, orp ...) NOT-FOR-US: XWiki CVE-2022-36095 (XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 a ...) NOT-FOR-US: XWiki CVE-2022-36094 (XWiki Platform Web Parent POM contains Web resources for the XWiki pla ...) NOT-FOR-US: XWiki CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...) NOT-FOR-US: XWiki CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) NOT-FOR-US: XWiki CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...) NOT-FOR-US: XWiki CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) NOT-FOR-US: XWiki CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...) NOT-FOR-US: KubeVela CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...) NOT-FOR-US: GoCD CVE-2022-36087 (OAuthLib is an implementation of the OAuth request-signing logic for P ...) - python-oauthlib 3.2.1-1 (bug #1019710) [bullseye] - python-oauthlib (Vulnerable code introduced later) [buster] - python-oauthlib (Vulnerable code introduced later) NOTE: https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 NOTE: Introduced with: https://github.com/oauthlib/oauthlib/commit/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2 (v3.1.1) NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/e514826eea15f2b62bbc13da407b71552ef5ff4c NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8 CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...) NOT-FOR-US: linked_list_allocator CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...) NOT-FOR-US: Open Policy Agent (OPA) CVE-2022-36084 (cruddl is software for creating a GraphQL API for a database, using th ...) NOT-FOR-US: cruddl CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...) - node-jose 4.9.2-1 NOTE: https://github.com/panva/jose/security/advisories/GHSA-jv3g-j58f-9mq9 NOTE: https://github.com/panva/jose/commit/03d6d013bf6e070e85adfe5731f526978e3e8e4d (v4.9.2) CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga from Mang ...) NOT-FOR-US: mangadex-downloader CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...) NOT-FOR-US: Wikmd CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...) NOT-FOR-US: Wikmd CVE-2022-36079 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...) NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in Borsh and other formats) CVE-2022-36077 (The Electron framework enables writing cross-platform desktop applicat ...) - electron (bug #842420) CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) NOT-FOR-US: NodeBB CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...) NOT-FOR-US: Nextcloud files access control App CVE-2022-36074 (Nextcloud server is an open source personal cloud product. Affected ve ...) - nextcloud-server (bug #941708) CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & email ...) NOT-FOR-US: RubyGems.org is the Ruby community gem host CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...) NOT-FOR-US: SilverwareGames.io CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and Web ...) NOT-FOR-US: SFTPGo CVE-2022-36070 (Poetry is a dependency manager for Python. To handle dependencies that ...) - poetry-core (Windows-specific) NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 NOTE: https://github.com/python-poetry/poetry-core/pull/205 CVE-2022-36069 (Poetry is a dependency manager for Python. When handling dependencies ...) - poetry-core 1.0.7-1 NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw NOTE: https://github.com/python-poetry/poetry-core/pull/202 NOTE: Backport to 1.0 branch: https://github.com/python-poetry/poetry-core/pull/203 NOTE: https://github.com/python-poetry/poetry-core/commit/cc84be60ac9af549664051c2684621db51d05ff1 (1.1.0a7) NOTE: https://github.com/python-poetry/poetry-core/commit/13a13ac7f8f2b596c68830da6fa8c059af59e1ac (1.0.5) CVE-2022-36068 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) NOT-FOR-US: Node vm2 CVE-2022-36066 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...) NOT-FOR-US: GrowthBook CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...) NOT-FOR-US: Shescape CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBx CVE-2022-36062 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...) NOT-FOR-US: Elrond go CVE-2022-36060 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. E ...) NOT-FOR-US: matrix-react-sdk CVE-2022-36059 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...) - node-matrix-js-sdk (bug #1018970) [bullseye] - node-matrix-js-sdk (Minor issue) [buster] - node-matrix-js-sdk (Minor issue) - thunderbird 1:102.2.1-1 [bullseye] - thunderbird (Only affects ESR102) [buster] - thunderbird (Only affects ESR102) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-36059 NOTE: https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0 NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f (v19.4.0) CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protocol. In ...) NOT-FOR-US: Elrond go CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...) NOT-FOR-US: Discourse-Chat CVE-2022-36056 (Cosign is a project under the sigstore organization which aims to make ...) NOT-FOR-US: Cosign CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...) - helm-kubernetes (bug #910799) CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2022-36053 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2022-36052 (Contiki-NG is an open-source, cross-platform operating system for Next ...) NOT-FOR-US: Contiki-NG CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...) NOT-FOR-US: ZITADEL CVE-2022-36050 RESERVED CVE-2022-36049 (Flux2 is a tool for keeping Kubernetes clusters in sync with sources o ...) NOT-FOR-US: Flux project fluxcd CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based threa ...) NOT-FOR-US: Zulip CVE-2022-36047 RESERVED CVE-2022-36046 (Next.js is a React framework that can provide building blocks to creat ...) NOT-FOR-US: Next.js CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) NOT-FOR-US: NodeBB CVE-2022-36044 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36043 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36042 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36041 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36040 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36039 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2022-36038 (CircuitVerse is an open-source platform which allows users to construc ...) NOT-FOR-US: CircuitVerse CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...) NOT-FOR-US: Kirby CMS CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...) NOT-FOR-US: mdx-mermaid CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with sources of ...) NOT-FOR-US: Flux CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS ...) NOT-FOR-US: nitrado.js CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, scrapin ...) - jsoup 1.15.3-1 (bug #1018931) [bullseye] - jsoup (Minor issue, preserveRelativeLinks option is disabled by default) [buster] - jsoup (Minor issue, preserveRelativeLinks option is disabled by default) NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 NOTE: https://github.com/jhy/jsoup/commit/4ea768d96b3d232e63edef9594766d44597b3882 (jsoup-1.15.3) CVE-2022-36032 (ReactPHP HTTP is a streaming HTTP client and server implementation for ...) NOT-FOR-US: ReactPHP HTTP CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...) NOT-FOR-US: Directus CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...) NOT-FOR-US: Project-nexus CVE-2022-36029 (Greenlight is an end-user interface for BigBlueButton servers. Version ...) NOT-FOR-US: Greenlight (end-user interface for BigBlueButton servers) CVE-2022-36028 (Greenlight is an end-user interface for BigBlueButton servers. Version ...) NOT-FOR-US: Greenlight (end-user interface for BigBlueButton servers) CVE-2022-36027 (TensorFlow is an open source platform for machine learning. When conve ...) - tensorflow (bug #804612) CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-36025 (Besu is a Java-based Ethereum client. In versions newer than 22.1.3 an ...) NOT-FOR-US: Hyperledger Besu CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...) NOT-FOR-US: py-cord CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...) NOT-FOR-US: Hyperledger Fabric CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...) NOT-FOR-US: Deeplearning4J CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...) {DLA-3361-1} - redis 5:7.0.9-1 [bullseye] - redis (Minor issue) NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 NOTE: https://github.com/redis/redis/commit/0825552565e5fdab2e87950579c4f0bedded3e3c (7.0.9) CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...) NOT-FOR-US: typo3/html-sanitizer CVE-2022-36019 (TensorFlow is an open source platform for machine learning. If `FakeQu ...) - tensorflow (bug #804612) CVE-2022-36018 (TensorFlow is an open source platform for machine learning. If `Ragged ...) - tensorflow (bug #804612) CVE-2022-36017 (TensorFlow is an open source platform for machine learning. If `Requan ...) - tensorflow (bug #804612) CVE-2022-36016 (TensorFlow is an open source platform for machine learning. When `tens ...) - tensorflow (bug #804612) CVE-2022-36015 (TensorFlow is an open source platform for machine learning. When `Rang ...) - tensorflow (bug #804612) CVE-2022-36014 (TensorFlow is an open source platform for machine learning. When `mlir ...) - tensorflow (bug #804612) CVE-2022-36013 (TensorFlow is an open source platform for machine learning. When `mlir ...) - tensorflow (bug #804612) CVE-2022-36012 (TensorFlow is an open source platform for machine learning. When `mlir ...) - tensorflow (bug #804612) CVE-2022-36011 (TensorFlow is an open source platform for machine learning. When `mlir ...) - tensorflow (bug #804612) CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a ...) NOT-FOR-US: oxyno-zeta CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...) NOT-FOR-US: gomatrixserverlib CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...) NOT-FOR-US: Frontier CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) NOT-FOR-US: Venice CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) NOT-FOR-US: Arvados CVE-2022-36005 (TensorFlow is an open source platform for machine learning. When `tf.q ...) - tensorflow (bug #804612) CVE-2022-36004 (TensorFlow is an open source platform for machine learning. When `tf.r ...) - tensorflow (bug #804612) CVE-2022-36003 (TensorFlow is an open source platform for machine learning. When `Rand ...) - tensorflow (bug #804612) CVE-2022-36002 (TensorFlow is an open source platform for machine learning. When `Unba ...) - tensorflow (bug #804612) CVE-2022-36001 (TensorFlow is an open source platform for machine learning. When `Draw ...) - tensorflow (bug #804612) CVE-2022-36000 (TensorFlow is an open source platform for machine learning. When `mlir ...) - tensorflow (bug #804612) CVE-2022-35999 (TensorFlow is an open source platform for machine learning. When `Conv ...) - tensorflow (bug #804612) CVE-2022-35998 (TensorFlow is an open source platform for machine learning. If `EmptyT ...) - tensorflow (bug #804612) CVE-2022-35997 (TensorFlow is an open source platform for machine learning. If `tf.spa ...) - tensorflow (bug #804612) CVE-2022-35996 (TensorFlow is an open source platform for machine learning. If `Conv2D ...) - tensorflow (bug #804612) CVE-2022-35995 (TensorFlow is an open source platform for machine learning. When `Audi ...) - tensorflow (bug #804612) CVE-2022-35994 (TensorFlow is an open source platform for machine learning. When `Coll ...) - tensorflow (bug #804612) CVE-2022-35993 (TensorFlow is an open source platform for machine learning. When `SetS ...) - tensorflow (bug #804612) CVE-2022-35992 (TensorFlow is an open source platform for machine learning. When `Tens ...) - tensorflow (bug #804612) CVE-2022-35991 (TensorFlow is an open source platform for machine learning. When `Tens ...) - tensorflow (bug #804612) CVE-2022-35990 (TensorFlow is an open source platform for machine learning. When `tf.q ...) - tensorflow (bug #804612) CVE-2022-35989 (TensorFlow is an open source platform for machine learning. When `MaxP ...) - tensorflow (bug #804612) CVE-2022-35988 (TensorFlow is an open source platform for machine learning. When `tf.l ...) - tensorflow (bug #804612) CVE-2022-35987 (TensorFlow is an open source platform for machine learning. `DenseBinc ...) - tensorflow (bug #804612) CVE-2022-35986 (TensorFlow is an open source platform for machine learning. If `Ragged ...) - tensorflow (bug #804612) CVE-2022-35985 (TensorFlow is an open source platform for machine learning. If `LRNGra ...) - tensorflow (bug #804612) CVE-2022-35984 (TensorFlow is an open source platform for machine learning. `Parameter ...) - tensorflow (bug #804612) CVE-2022-35983 (TensorFlow is an open source platform for machine learning. If `Save` ...) - tensorflow (bug #804612) CVE-2022-35982 (TensorFlow is an open source platform for machine learning. If `Sparse ...) - tensorflow (bug #804612) CVE-2022-35981 (TensorFlow is an open source platform for machine learning. `Fractiona ...) - tensorflow (bug #804612) CVE-2022-35980 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...) NOT-FOR-US: OpenSearch Security plugin for OpenSearch CVE-2022-35979 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy modding and ...) - minetest 5.5.0+dfsg+~1.9.0mt4+dfsg-2 (bug #1017548) [bullseye] - minetest (Minor issue) [buster] - minetest (Minor issue) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0) CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) - redis 5:7.0.8-1 [bullseye] - redis (Minor issue; requires authed user) [buster] - redis (Minor issue; requires authed user) NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8) CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) NOT-FOR-US: GitOps Tools Extension for VSCode CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...) NOT-FOR-US: GitOps Tools Extension for VSCode CVE-2022-35974 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35973 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35972 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35971 (TensorFlow is an open source platform for machine learning. If `FakeQu ...) - tensorflow (bug #804612) CVE-2022-35970 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35969 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35968 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35967 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35966 (TensorFlow is an open source platform for machine learning. If `Quanti ...) - tensorflow (bug #804612) CVE-2022-35965 (TensorFlow is an open source platform for machine learning. If `LowerB ...) - tensorflow (bug #804612) CVE-2022-35964 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35963 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35962 (Zulip is an open source team chat and Zulip Mobile is an app for iOS a ...) NOT-FOR-US: Zulip CVE-2022-35961 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-35960 (TensorFlow is an open source platform for machine learning. In `core/k ...) - tensorflow (bug #804612) CVE-2022-35959 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35958 REJECTED CVE-2022-35957 (Grafana is an open-source platform for monitoring and observability. V ...) - grafana CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class that a ...) NOT-FOR-US: Ruby gem activerecord-update-by-case CVE-2022-35955 RESERVED CVE-2022-35954 (The GitHub Actions ToolKit provides a set of packages to make creating ...) NOT-FOR-US: GitHub Actions ToolKit CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking about ...) NOT-FOR-US: BookWyrm CVE-2022-35952 (TensorFlow is an open source platform for machine learning. The `Unbat ...) - tensorflow (bug #804612) CVE-2022-35951 (Redis is an in-memory database that persists on disk. Versions 7.0.0 a ...) - redis 5:7.0.5-1 (bug #1020512) [bullseye] - redis (Vulnerable code not present) [buster] - redis (Vulnerable code not present) NOTE: https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a (7.0.5) CVE-2022-35950 (OroCommerce is an open-source Business to Business Commerce applicatio ...) NOT-FOR-US: OroCommerce CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.`undici ...) - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 NOTE: https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (v5.8.2) CVE-2022-35948 (undici is an HTTP/1.1 client, written from scratch for Node.js.`=< und ...) - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 NOTE: https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2) CVE-2022-35947 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-35944 (October is a self-hosted Content Management System (CMS) platform base ...) NOT-FOR-US: October CMS CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...) - codeigniter (bug #471583) CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...) NOT-FOR-US: PostgreSQL connector for LoopBack CVE-2022-35941 (TensorFlow is an open source platform for machine learning. The `AvgPo ...) - tensorflow (bug #804612) CVE-2022-35940 (TensorFlow is an open source platform for machine learning. The `Ragge ...) - tensorflow (bug #804612) CVE-2022-35939 (TensorFlow is an open source platform for machine learning. The `Scatt ...) - tensorflow (bug #804612) CVE-2022-35938 (TensorFlow is an open source platform for machine learning. The `Gathe ...) - tensorflow (bug #804612) CVE-2022-35937 (TensorFlow is an open source platform for machine learning. The `Gathe ...) - tensorflow (bug #804612) CVE-2022-35936 (Ethermint is an Ethereum library. In Ethermint running versions before ...) NOT-FOR-US: Ethermint CVE-2022-35935 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35934 (TensorFlow is an open source platform for machine learning. The implem ...) - tensorflow (bug #804612) CVE-2022-35933 (This package is a PrestaShop module that allows users to post reviews ...) NOT-FOR-US: PrestaShop CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...) NOT-FOR-US: Nextcloud Talk CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud server ad ...) NOT-FOR-US: Nextcloud Password Policy CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...) NOT-FOR-US: sigstore/policy-controller CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...) NOT-FOR-US: Cosign CVE-2022-35928 (AES Crypt is a file encryption software for multiple platforms. AES Cr ...) NOT-FOR-US: AES Crypt CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) NOT-FOR-US: Contiki-NG CVE-2022-35926 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) NOT-FOR-US: Contiki-NG CVE-2022-35925 (BookWyrm is a social network for tracking reading. Versions prior to 0 ...) NOT-FOR-US: BookWyrm CVE-2022-35924 (NextAuth.js is a complete open source authentication solution for Next ...) NOT-FOR-US: Node NextAuth.js CVE-2022-35923 (v8n is a javascript validation library. Versions of v8n prior to 1.5.1 ...) NOT-FOR-US: Node v8n CVE-2022-35922 (Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In ve ...) NOT-FOR-US: Rust crate websocket CVE-2022-35921 (fof/byobu is a private discussions extension for Flarum forum. Affecte ...) NOT-FOR-US: Sanicfof/byobu (different from src:byobu) CVE-2022-35920 (Sanic is an opensource python web server/framework. Affected versions ...) NOT-FOR-US: Sanic CVE-2022-35919 (MinIO is a High Performance Object Storage released under GNU Affero G ...) - minio (bug #859207) CVE-2022-35918 (Streamlit is a data oriented application development framework for pyt ...) NOT-FOR-US: Streamlit CVE-2022-35917 (Solana Pay is a protocol and set of reference implementations that ena ...) NOT-FOR-US: Solana Pay CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-35914 (/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for ...) NOT-FOR-US: htmlawed module for GLPI CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...) NOT-FOR-US: Samourai Wallet Stonewallx2 CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...) - grails (bug #473213) CVE-2022-35911 (On Patlite NH-FB series devices through 1.46, remote attackers can cau ...) NOT-FOR-US: Patlite NH-FB CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin access to ...) - jellyfin (bug #994189) CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...) - jellyfin (bug #994189) CVE-2022-35908 (Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitiz ...) NOT-FOR-US: Cambium Enterprise Wi-Fi System Software CVE-2022-35907 RESERVED CVE-2022-35906 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35905 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35904 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35903 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35902 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35901 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35900 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) NOT-FOR-US: Bantley MicroStation CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game SDK servi ...) NOT-FOR-US: ASUSTeK CVE-2022-35898 (OpenText BizManager before 16.6.0.1 does not perform proper validation ...) NOT-FOR-US: OpenText BizManager CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code executi ...) NOT-FOR-US: Insyde CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...) NOT-FOR-US: Insyde CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35893 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35892 RESERVED CVE-2022-35891 RESERVED CVE-2022-35890 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...) NOT-FOR-US: Inductive Automation Ignition CVE-2022-35889 RESERVED CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...) NOT-FOR-US: Ampere Altra and Ampere Altra Max devices CVE-2022-35887 (Four format string injection vulnerabilities exist in the web interfac ...) NOT-FOR-US: Abode Systems CVE-2022-35886 (Four format string injection vulnerabilities exist in the web interfac ...) NOT-FOR-US: Abode Systems CVE-2022-35885 (Four format string injection vulnerabilities exist in the web interfac ...) NOT-FOR-US: Abode Systems CVE-2022-35884 (Four format string injection vulnerabilities exist in the web interfac ...) NOT-FOR-US: Abode Systems CVE-2022-35881 (Four format string injection vulnerabilities exist in the UPnP logging ...) NOT-FOR-US: Abode Systems CVE-2022-35880 (Four format string injection vulnerabilities exist in the UPnP logging ...) NOT-FOR-US: Abode Systems CVE-2022-35879 (Four format string injection vulnerabilities exist in the UPnP logging ...) NOT-FOR-US: Abode Systems CVE-2022-35878 (Four format string injection vulnerabilities exist in the UPnP logging ...) NOT-FOR-US: Abode Systems CVE-2022-33938 (A format string injection vulnerability exists in the ghome_process_co ...) NOT-FOR-US: Abode Systems CVE-2022-35877 (Four format string injection vulnerabilities exist in the XCMD testWif ...) NOT-FOR-US: Abode Systems CVE-2022-35876 (Four format string injection vulnerabilities exist in the XCMD testWif ...) NOT-FOR-US: Abode Systems CVE-2022-35875 (Four format string injection vulnerabilities exist in the XCMD testWif ...) NOT-FOR-US: Abode Systems CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD testWif ...) NOT-FOR-US: Abode Systems CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...) NOT-FOR-US: Abode Systems CVE-2022-2446 RESERVED CVE-2022-2445 REJECTED CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to remote co ...) NOT-FOR-US: WordPress plugin CVE-2022-2440 RESERVED CVE-2022-2439 RESERVED CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to deserial ...) NOT-FOR-US: Broken Link Checker plugin for WordPress CVE-2022-2437 (The Feed Them Social \u2013 for Twitter feed, Youtube and more plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-2436 (The Download Manager plugin for WordPress is vulnerable to deserializa ...) NOT-FOR-US: Download Manager plugin for WordPress CVE-2022-2435 (The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2022-2434 (The String Locator plugin for WordPress is vulnerable to deserializati ...) NOT-FOR-US: String Locator plugin for WordPress CVE-2022-2433 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-2432 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...) NOT-FOR-US: Ecwid Ecommerce Shopping Cart plugin for WordPress CVE-2022-2431 (The Download Manager plugin for WordPress is vulnerable to arbitrary f ...) NOT-FOR-US: Download Manager plugin for WordPress CVE-2022-2430 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...) NOT-FOR-US: Visual Composer Website Builder plugin for WordPress CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPress is ...) NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting ...) [experimental] - gitlab 15.2.3+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ CVE-2022-2427 RESERVED CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-2422 (Due to improper input validation in the Feathers js library, it is pos ...) NOT-FOR-US: Feathers js library CVE-2022-2421 (Due to improper type validation in attachment parsing the Socket.io js ...) - node-socket.io (bug #707166) CVE-2022-2420 (A vulnerability was found in URVE Web Manager. It has been rated as cr ...) NOT-FOR-US: URVE Web Manager CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declared as ...) NOT-FOR-US: URVE Web Manager CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been classified ...) NOT-FOR-US: URVE Web Manager CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions from 12 ...) - gitlab 15.10.8+ds1-2 CVE-2022-2416 (In affected versions of Octopus Deploy it is possible for a low privil ...) NOT-FOR-US: Octopus Deploy CVE-2022-2415 (Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) CVE-2022-35873 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ignition CVE-2022-35872 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ignition CVE-2022-35871 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ignition CVE-2022-35870 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Ignition CVE-2022-35869 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Ignition CVE-2022-35868 (A vulnerability has been identified in TIA Multiuser Server V14 (All v ...) NOT-FOR-US: TIA Multiuser Server CVE-2022-35867 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: xhyve CVE-2022-35866 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Vinchin Backup and Recovery CVE-2022-35865 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: BMC Track-It! CVE-2022-35864 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: BMC Track-It! CVE-2022-2414 (Access to external entities when parsing XML documents can lead to XML ...) - dogtag-pki 11.0.6-1 (bug #1014957) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676 NOTE: https://github.com/dogtagpki/pki/pull/4021 NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055 CVE-2022-2413 (The Slide Anything WordPress plugin before 2.3.47 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly escap ...) NOT-FOR-US: WordPress plugin CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...) - mattermost-server (bug #823556) CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some ...) NOT-FOR-US: WordPress plugin CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...) - mattermost-server (bug #823556) CVE-2022-2405 (The WP Popup Builder WordPress plugin before 1.2.9 does not have autho ...) NOT-FOR-US: WordPress plugin CVE-2022-2404 (The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...) NOT-FOR-US: OpenShift CVE-2022-35863 RESERVED CVE-2022-35862 RESERVED CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...) - pyenv (bug #978149) CVE-2022-35860 (Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically ...) NOT-FOR-US: Corsair CVE-2022-35859 RESERVED CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...) NOT-FOR-US: Samsung mTower CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to execute arbitr ...) NOT-FOR-US: kvf-admin CVE-2022-35856 RESERVED CVE-2022-35855 RESERVED CVE-2022-35854 RESERVED CVE-2022-35853 RESERVED CVE-2022-35852 RESERVED CVE-2022-35851 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...) NOT-FOR-US: Fortinet CVE-2022-35849 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2022-35848 RESERVED CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...) NOT-FOR-US: FortiGuard CVE-2022-35846 (An improper restriction of excessive authentication attempts vulnerabi ...) NOT-FOR-US: FortiGuard CVE-2022-35845 (Multiple improper neutralization of special elements used in an OS Com ...) NOT-FOR-US: FortiGuard CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2022-35843 (An authentication bypass by assumed-immutable data vulnerability [CWE- ...) NOT-FOR-US: FortiGuard CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: FortiGuard CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-35840 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-35839 RESERVED CVE-2022-35838 (HTTP V3 Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35837 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35836 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-35835 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-35834 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-35833 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35832 (Windows Event Tracing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...) NOT-FOR-US: Microsoft CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35778 RESERVED CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35770 (Windows NTLM Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35759 (Windows Local Security Authority (LSA) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35758 (Windows Kernel Memory Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35757 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-35756 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35755 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35754 (Unified Write Filter Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35753 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35752 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35751 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35750 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35749 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35748 (HTTP.sys Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35747 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35746 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-35745 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-35742 (Microsoft Outlook Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into ...) NOT-FOR-US: ESET CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...) - mattermost-server (bug #823556) CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...) {DLA-3495-1} - php-dompdf 2.0.2+dfsg-1 (bug #1015874) [bullseye] - php-dompdf (Minor issue) NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allow ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...) NOT-FOR-US: Apache CloudStack CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2022-2397 RESERVED CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: Simple e-Learning System CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended access ...) NOT-FOR-US: dotCMS CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...) NOT-FOR-US: PRTG Network Monitor CVE-2022-35738 RESERVED CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...) - sqlite3 3.39.2-1 (unimportant) - sqlite (unimportant) NOTE: https://sqlite.org/forum/forumpost/3607259d3c NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4 NOTE: https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ CVE-2022-35736 RESERVED CVE-2022-35724 (It is possible to provide data to be read that leads the reader to loo ...) NOT-FOR-US: Apache Avro CVE-2022-35723 RESERVED CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-site scr ...) NOT-FOR-US: IBM CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...) NOT-FOR-US: IBM CVE-2022-35720 (IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Sec ...) NOT-FOR-US: IBM CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...) NOT-FOR-US: IBM CVE-2022-35718 RESERVED CVE-2022-35717 ("IBM InfoSphere Information Server 11.7 could allow a locally authenti ...) NOT-FOR-US: IBM CVE-2022-35716 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7 ...) NOT-FOR-US: IBM CVE-2022-35715 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2022-35714 (IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2022-34861 RESERVED CVE-2022-34842 RESERVED CVE-2022-34649 RESERVED CVE-2022-34489 RESERVED CVE-2022-33979 RESERVED CVE-2022-33966 RESERVED CVE-2022-33144 RESERVED CVE-2022-29870 RESERVED CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK software before ...) NOT-FOR-US: Intel CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...) NOT-FOR-US: Puppet Bolt CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...) NOT-FOR-US: Oxygen XML WebHelp CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-35712 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-35711 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-35710 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35707 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35706 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35705 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35704 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35703 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35702 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35701 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-35695 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-35693 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) NOT-FOR-US: Adobe CVE-2022-35690 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) NOT-FOR-US: Adobe CVE-2022-35689 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-35688 RESERVED CVE-2022-35687 RESERVED CVE-2022-35686 RESERVED CVE-2022-35685 RESERVED CVE-2022-35684 RESERVED CVE-2022-35683 RESERVED CVE-2022-35682 RESERVED CVE-2022-35681 RESERVED CVE-2022-35680 RESERVED CVE-2022-35679 RESERVED CVE-2022-35678 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35677 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-35676 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-35675 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-35674 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-35673 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...) NOT-FOR-US: Adobe CVE-2022-35671 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35670 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) NOT-FOR-US: Adobe CVE-2022-35668 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35667 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) NOT-FOR-US: Adobe CVE-2022-35664 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-35663 RESERVED CVE-2022-35662 RESERVED CVE-2022-35661 RESERVED CVE-2022-35660 RESERVED CVE-2022-35659 RESERVED CVE-2022-35658 RESERVED CVE-2022-35657 RESERVED CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated ...) NOT-FOR-US: Pega Platform CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a m ...) NOT-FOR-US: Pega Platform CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an ...) NOT-FOR-US: Pega Platform CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of Moodle. The ...) - moodle CVE-2022-35652 (An open redirect issue was found in Moodle due to improper sanitizatio ...) - moodle CVE-2022-35651 (A stored XSS and blind SSRF vulnerability was found in Moodle, occurs ...) - moodle CVE-2022-35650 (The vulnerability was found in Moodle, occurs due to input validation ...) - moodle CVE-2022-35649 (The vulnerability was found in Moodle, occurs due to improper input va ...) - moodle CVE-2022-33977 (untangle is a python library to convert XML data to python objects. un ...) - python-untangle 1.2.1-1 NOTE: https://github.com/stchris/untangle/releases/tag/1.2.1 NOTE: https://github.com/stchris/untangle/pull/94 CVE-2022-31471 (untangle is a python library to convert XML data to python objects. un ...) - python-untangle 1.2.1-1 NOTE: https://github.com/stchris/untangle/releases/tag/1.2.1 NOTE: https://github.com/stchris/untangle/pull/94 CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a certif ...) - dogtag-pki (bug #1034802) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046 CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...) NOT-FOR-US: WordPress plugin CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...) NOT-FOR-US: WordPress plugin CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...) NOT-FOR-US: Apps developed with Google Play Services SDK CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newslet ...) NOT-FOR-US: WordPress plugin CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-2387 (The Easy Digital Downloads WordPress plugin before 3.0 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...) NOT-FOR-US: Nautilus treadmills CVE-2022-35647 RESERVED CVE-2022-35646 (IBM Security Verify Governance, Identity Manager 10.0.1 software compo ...) NOT-FOR-US: IBM CVE-2022-35645 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo A ...) NOT-FOR-US: IBM CVE-2022-35644 RESERVED CVE-2022-35643 (IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with syst ...) NOT-FOR-US: IBM CVE-2022-35642 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2022-35641 RESERVED CVE-2022-35640 RESERVED CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...) NOT-FOR-US: IBM CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...) NOT-FOR-US: IBM CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) NOT-FOR-US: IBM CVE-2022-35636 RESERVED CVE-2022-35635 RESERVED CVE-2022-35634 RESERVED CVE-2022-35633 RESERVED CVE-2022-35632 (The Velociraptor GUI contains an editor suggestion feature that can di ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2022-35631 (On MacOS and Linux, it may be possible to perform a symlink attack by ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2022-35630 (A cross-site scripting (XSS) issue in generating a collection report m ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2022-35629 (Due to a bug in the handling of the communication between the client a ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2022-35628 (A SQL injection issue was discovered in the lux extension before 17.6. ...) NOT-FOR-US: TYPO3 extension CVE-2022-35627 RESERVED CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where an allo ...) NOT-FOR-US: Kubernetes aws-iam-authenticator CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before 1.7.4 do ...) NOT-FOR-US: WordPress plugin CVE-2022-2383 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-2382 (The Product Slider for WooCommerce WordPress plugin before 2.5.7 has f ...) NOT-FOR-US: WordPress plugin CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4 is lack ...) NOT-FOR-US: WordPress plugin CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory access in t ...) - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 (5.18-rc1) CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks authoris ...) NOT-FOR-US: WordPress plugin CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...) NOT-FOR-US: WordPress plugin CVE-2022-2376 (The Directorist WordPress plugin before 7.3.1 discloses the email addr ...) NOT-FOR-US: WordPress plugin CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...) NOT-FOR-US: WordPress plugin CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2373 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is mi ...) NOT-FOR-US: WordPress plugin CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...) NOT-FOR-US: WordPress plugin CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) NOT-FOR-US: WordPress plugin CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) NOT-FOR-US: WordPress plugin CVE-2022-2368 (Authentication Bypass by Spoofing in GitHub repository microweber/micr ...) NOT-FOR-US: microweber CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only specific ...) NOT-FOR-US: WordPress plugin CVE-2022-35626 RESERVED CVE-2022-35625 RESERVED CVE-2022-35624 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be ...) NOT-FOR-US: Nordic nRF5 SDK for Mesh CVE-2022-35623 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be ...) NOT-FOR-US: Nordic nRF5 SDK for Mesh CVE-2022-35622 RESERVED CVE-2022-35621 (Access control vulnerability in Evoh NFT EvohClaimable contract with s ...) NOT-FOR-US: Evoh NFT EvohClaimable contract CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...) NOT-FOR-US: D-Link CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...) NOT-FOR-US: D-Link CVE-2022-35618 RESERVED CVE-2022-35617 RESERVED CVE-2022-35616 RESERVED CVE-2022-35615 RESERVED CVE-2022-35614 RESERVED CVE-2022-35613 (Konker v2.3.9 was to discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: Konker CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...) NOT-FOR-US: MQTTRoute CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...) NOT-FOR-US: MQTTRoute CVE-2022-35610 RESERVED CVE-2022-35609 RESERVED CVE-2022-35608 RESERVED CVE-2022-35607 RESERVED CVE-2022-35606 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35605 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35604 REJECTED CVE-2022-35603 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35602 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35601 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35600 RESERVED CVE-2022-35599 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35598 (A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb ...) NOT-FOR-US: sazanrjb InventoryManagementSystem CVE-2022-35597 RESERVED CVE-2022-35596 RESERVED CVE-2022-35595 RESERVED CVE-2022-35594 RESERVED CVE-2022-35593 RESERVED CVE-2022-35592 RESERVED CVE-2022-35591 RESERVED CVE-2022-35590 (A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows ...) NOT-FOR-US: ForkCMS CVE-2022-35589 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...) NOT-FOR-US: ForkCMS CVE-2022-35588 RESERVED CVE-2022-35587 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...) NOT-FOR-US: ForkCMS CVE-2022-35586 RESERVED CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 ...) NOT-FOR-US: ForkCMS CVE-2022-35584 RESERVED CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to g ...) - wkhtmltopdf (unimportant) NOTE: https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249 NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside NOTE: a protected network in an automated way, a malicious actor may access internal NOTE: resources. A user of wkhtmltopdf should restrict such access. CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulner ...) NOT-FOR-US: Penta Security Systems CVE-2022-35581 RESERVED CVE-2022-35580 RESERVED CVE-2022-35579 RESERVED CVE-2022-35578 RESERVED CVE-2022-35577 RESERVED CVE-2022-35576 RESERVED CVE-2022-35575 RESERVED CVE-2022-35574 RESERVED CVE-2022-35573 RESERVED CVE-2022-35572 (On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lowe ...) NOT-FOR-US: Linksys CVE-2022-35571 RESERVED CVE-2022-35570 RESERVED CVE-2022-35569 (Blogifier v3.0 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Blogifier CVE-2022-35568 RESERVED CVE-2022-35567 RESERVED CVE-2022-35566 RESERVED CVE-2022-35565 RESERVED CVE-2022-35564 RESERVED CVE-2022-35563 RESERVED CVE-2022-35562 RESERVED CVE-2022-35561 (A stack overflow vulnerability exists in /goform/WifiMacFilterSet in T ...) NOT-FOR-US: Tenda CVE-2022-35560 (A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda ...) NOT-FOR-US: Tenda CVE-2022-35559 (A stack overflow vulnerability exists in /goform/setAutoPing in Tenda ...) NOT-FOR-US: Tenda CVE-2022-35558 (A stack overflow vulnerability exists in /goform/WifiMacFilterGet in T ...) NOT-FOR-US: Tenda CVE-2022-35557 (A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda ...) NOT-FOR-US: Tenda CVE-2022-35556 RESERVED CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) NOT-FOR-US: Tenda CVE-2022-35554 (Multiple reflected XSS vulnerabilities occur when handling error messa ...) NOT-FOR-US: BPC SmartVista CVE-2022-35553 RESERVED CVE-2022-35552 RESERVED CVE-2022-35551 RESERVED CVE-2022-35550 RESERVED CVE-2022-35549 RESERVED CVE-2022-35548 RESERVED CVE-2022-35547 RESERVED CVE-2022-35546 RESERVED CVE-2022-35545 RESERVED CVE-2022-35544 RESERVED CVE-2022-35543 RESERVED CVE-2022-35542 RESERVED CVE-2022-35541 RESERVED CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attack ...) NOT-FOR-US: AgileConfig CVE-2022-35539 RESERVED CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35537 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35536 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35535 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35534 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35533 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35532 RESERVED CVE-2022-35531 RESERVED CVE-2022-35530 RESERVED CVE-2022-35529 RESERVED CVE-2022-35528 RESERVED CVE-2022-35527 RESERVED CVE-2022-35526 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no ...) NOT-FOR-US: WAVLINK CVE-2022-35525 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35524 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35523 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35522 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35521 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35520 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35519 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) NOT-FOR-US: WAVLINK CVE-2022-35518 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35517 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) NOT-FOR-US: WAVLINK CVE-2022-35516 (DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code exec ...) NOT-FOR-US: DedeCMS CVE-2022-35515 RESERVED CVE-2022-35514 RESERVED CVE-2022-35513 (The Blink1Control2 application <= 2.2.7 uses weak password encryption ...) NOT-FOR-US: Blink1Control2 application CVE-2022-35512 RESERVED CVE-2022-35511 RESERVED CVE-2022-35510 RESERVED CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulne ...) NOT-FOR-US: Eyoucms CVE-2022-35508 (Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are v ...) NOT-FOR-US: Proxmox CVE-2022-35507 (A response-header CRLF injection vulnerability in the Proxmox Virtual ...) NOT-FOR-US: Proxmox CVE-2022-35506 (TripleCross v0.1.0 was discovered to contain a stack overflow which oc ...) NOT-FOR-US: TripleCross CVE-2022-35505 (A segmentation fault in TripleCross v0.1.0 occurs when sending a contr ...) NOT-FOR-US: TripleCross CVE-2022-35504 RESERVED CVE-2022-35503 (Improper verification of a user input in Open Source MANO v7-v12 allow ...) NOT-FOR-US: Open Source MANO CVE-2022-35502 RESERVED CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 ...) NOT-FOR-US: Amasty Blog Pro CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...) NOT-FOR-US: Amasty Blog CVE-2022-35499 RESERVED CVE-2022-35498 RESERVED CVE-2022-35497 RESERVED CVE-2022-35496 RESERVED CVE-2022-35495 RESERVED CVE-2022-35494 RESERVED CVE-2022-35493 (A Cross-site scripting (XSS) vulnerability in json search parse and th ...) NOT-FOR-US: eShop - Multipurpose Ecommerce Store Website CVE-2022-35492 RESERVED CVE-2022-35491 (TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for ro ...) NOT-FOR-US: TOTOLINK CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...) - zammad (bug #841355) CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...) - zammad (bug #841355) CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...) - zammad (bug #841355) CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...) - zammad (bug #841355) CVE-2022-35486 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35480 RESERVED CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35473 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35472 (OTFCC v0.10.4 was discovered to contain a global overflow via /release ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35471 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-35470 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35469 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35468 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-35467 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-35466 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35465 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35464 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35463 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35462 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35461 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35460 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35459 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-35458 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35457 RESERVED CVE-2022-35456 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35455 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35454 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35453 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35452 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35451 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35450 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35449 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35448 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35447 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 CVE-2022-35446 RESERVED CVE-2022-35445 RESERVED CVE-2022-35444 RESERVED CVE-2022-35443 RESERVED CVE-2022-35442 RESERVED CVE-2022-35441 RESERVED CVE-2022-35440 RESERVED CVE-2022-35439 RESERVED CVE-2022-35438 RESERVED CVE-2022-35437 RESERVED CVE-2022-35436 RESERVED CVE-2022-35435 RESERVED CVE-2022-35434 (jpeg-quantsmooth before commit 8879454 contained a floating point exce ...) - jpegqs 1.20210408-3 (bug #1017608) NOTE: https://github.com/ilyakurdyukov/jpeg-quantsmooth/commit/8879454401722ea603c6e3abfafdeb30c0880c8e NOTE: https://github.com/ilyakurdyukov/jpeg-quantsmooth/issues/25 CVE-2022-35433 (ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered ...) NOT-FOR-US: ffjpeg CVE-2022-35432 RESERVED CVE-2022-35431 RESERVED CVE-2022-35430 RESERVED CVE-2022-35429 RESERVED CVE-2022-35428 RESERVED CVE-2022-35427 RESERVED CVE-2022-35426 (UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file P ...) NOT-FOR-US: UCMS CVE-2022-35425 RESERVED CVE-2022-35424 RESERVED CVE-2022-35423 RESERVED CVE-2022-35422 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Web Based Quiz System CVE-2022-35421 (Online Tours And Travels Management System v1.0 was discovered to cont ...) NOT-FOR-US: Online Tours And Travels Management System CVE-2022-35420 RESERVED CVE-2022-35419 RESERVED CVE-2022-35418 RESERVED CVE-2022-35417 RESERVED CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang co ...) NOT-FOR-US: H3C SSL VPN CVE-2022-35415 (An improper input validation in NI System Configuration Manager before ...) NOT-FOR-US: NI CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized r ...) {DLA-3099-1} - qemu 1:7.1+dfsg-1 (unimportant; bug #1014958) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065 NOTE: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c (v7.1.0-rc0) NOTE: https://sick.codes/sick-2022-113 NOTE: Not deemed a security issue per https://www.qemu.org/docs/master/system/security.html#security-requirements CVE-2022-2366 (Incorrect default configuration for trusted IP header in Mattermost ve ...) - mattermost-server (bug #823556) CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) NOT-FOR-US: Trilium Notes CVE-2022-2364 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: Simple Parking Management System CVE-2022-2363 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Simple Parking Management System CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes gettin ...) NOT-FOR-US: WordPress plugin CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account. A threat actor co ...) NOT-FOR-US: Penta Security Systems Inc WAPPLES CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...) NOT-FOR-US: Digital Guardian Agent CVE-2022-2360 RESERVED CVE-2022-2359 RESERVED CVE-2022-2358 RESERVED CVE-2022-2357 (The WSM Downloader WordPress plugin through 1.4.0 allows any visitor t ...) NOT-FOR-US: WordPress plugin CVE-2022-2356 (The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does not imple ...) NOT-FOR-US: WordPress plugin CVE-2022-2354 (The WP-DBManager WordPress plugin before 2.80.8 does not prevent admin ...) NOT-FOR-US: WordPress plugin CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle ...) NOT-FOR-US: rpc.py CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...) {DSA-5185-1} - mat2 0.13.0-1 NOTE: https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385 NOTE: https://0xacab.org/jvoisin/mat2/-/issues/174 NOTE: https://dustri.org/b/mat2-0130.html CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0 ...) {DLA-3249-1} - mbedtls 2.28.1-1 [bullseye] - mbedtls (Minor issue) NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/5e9790353d2d9e41e85262eebe52fd90bb49f1e0/security-advisories/advisories/mbedtls-security-advisory-2022-07.md NOTE: https://github.com/Mbed-TLS/mbedtls/commit/f333dfab4a6c2d8a604a61558a8f783145161de4 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/e5af9fabf7d68e3807b6ea78792794b8352dbba2 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/862acb84033840b7e6376a4155ed5be2a6a4e117 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/a39170bbed1f5a69f108ea19fe3510c3643d53ab (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/33f41a8fa858128d5e9a1d1e1afbd4e63f24d444 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/4353d3d593cda3849a04c676288e0c790fa86a3c (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/3c036f54cc3a25e4d6b8003202b7e640522f4621 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/6b4f062cde84b9df57275676c428508ec6e41211 (v2.28.1) NOTE: https://github.com/Mbed-TLS/mbedtls/commit/719c723afc63930d3472a12c0edb654a7d08d6b9 (v2.28.1) CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...) - burpsuite (bug #832943) CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-35404 (ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 ...) NOT-FOR-US: ManageEngine Password Manager Pro CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-35402 RESERVED CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...) NOT-FOR-US: microweber CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not have au ...) NOT-FOR-US: WordPress plugin CVE-2022-2349 REJECTED CVE-2022-2348 REJECTED CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU implem ...) [experimental] - u-boot 2023.01~rc2+dfsg-1 - u-boot 2023.01~rc4+dfsg-2 (bug #1014959) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2 NOTE: https://source.denx.de/u-boot/u-boot/-/commit/fbce985e28eaca3af82afecc11961aadaf971a7e (v2023.01-rc2) CVE-2022-35399 REJECTED CVE-2022-35398 REJECTED CVE-2022-35397 REJECTED CVE-2022-35396 REJECTED CVE-2022-35395 REJECTED CVE-2022-35394 REJECTED CVE-2022-35393 REJECTED CVE-2022-35392 REJECTED CVE-2022-35391 REJECTED CVE-2022-35390 REJECTED CVE-2022-35389 REJECTED CVE-2022-35388 REJECTED CVE-2022-35387 REJECTED CVE-2022-35386 REJECTED CVE-2022-35385 REJECTED CVE-2022-35384 REJECTED CVE-2022-35383 REJECTED CVE-2022-35382 REJECTED CVE-2022-35381 REJECTED CVE-2022-35380 REJECTED CVE-2022-35379 REJECTED CVE-2022-35378 REJECTED CVE-2022-35377 REJECTED CVE-2022-35376 REJECTED CVE-2022-35375 REJECTED CVE-2022-35374 REJECTED CVE-2022-35373 REJECTED CVE-2022-35372 REJECTED CVE-2022-35371 REJECTED CVE-2022-35370 REJECTED CVE-2022-35369 REJECTED CVE-2022-35368 REJECTED CVE-2022-35367 REJECTED CVE-2022-35366 REJECTED CVE-2022-35365 REJECTED CVE-2022-35364 REJECTED CVE-2022-35363 REJECTED CVE-2022-35362 REJECTED CVE-2022-35361 REJECTED CVE-2022-35360 REJECTED CVE-2022-35359 REJECTED CVE-2022-35358 REJECTED CVE-2022-35357 REJECTED CVE-2022-35356 REJECTED CVE-2022-35355 REJECTED CVE-2022-35354 REJECTED CVE-2022-35353 REJECTED CVE-2022-35352 REJECTED CVE-2022-35351 REJECTED CVE-2022-35350 REJECTED CVE-2022-35349 REJECTED CVE-2022-35348 REJECTED CVE-2022-35347 REJECTED CVE-2022-35346 REJECTED CVE-2022-35345 REJECTED CVE-2022-35344 REJECTED CVE-2022-35343 REJECTED CVE-2022-35342 REJECTED CVE-2022-35341 REJECTED CVE-2022-35340 REJECTED CVE-2022-35339 REJECTED CVE-2022-35338 REJECTED CVE-2022-35337 REJECTED CVE-2022-35336 REJECTED CVE-2022-35335 REJECTED CVE-2022-35334 REJECTED CVE-2022-35333 REJECTED CVE-2022-35332 REJECTED CVE-2022-35331 REJECTED CVE-2022-35330 REJECTED CVE-2022-35329 REJECTED CVE-2022-35328 REJECTED CVE-2022-35327 REJECTED CVE-2022-35326 REJECTED CVE-2022-35325 REJECTED CVE-2022-35324 REJECTED CVE-2022-35323 REJECTED CVE-2022-35322 REJECTED CVE-2022-35321 REJECTED CVE-2022-35320 REJECTED CVE-2022-35319 REJECTED CVE-2022-35318 REJECTED CVE-2022-35317 REJECTED CVE-2022-35316 REJECTED CVE-2022-35315 REJECTED CVE-2022-35314 REJECTED CVE-2022-35313 REJECTED CVE-2022-35312 REJECTED CVE-2022-35311 REJECTED CVE-2022-35310 REJECTED CVE-2022-35309 REJECTED CVE-2022-35308 REJECTED CVE-2022-35307 REJECTED CVE-2022-35306 REJECTED CVE-2022-35305 REJECTED CVE-2022-35304 REJECTED CVE-2022-35303 REJECTED CVE-2022-35302 REJECTED CVE-2022-35301 REJECTED CVE-2022-35300 REJECTED CVE-2022-33939 (CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP45 ...) NOT-FOR-US: Yokogawa CENTUM CS 3000 CVE-2022-2346 (In affected versions of Octopus Deploy it is possible for a low privil ...) NOT-FOR-US: Octopus Deploy CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f NOTE: https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea (v9.0.0047) NOTE: Crash in CLI tool, no security impact CVE-2022-2344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996 NOTE: https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92 (v9.0.0046) NOTE: Crash in CLI tool, no security impact CVE-2020-36556 RESERVED CVE-2020-36555 RESERVED CVE-2020-36554 RESERVED CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5 NOTE: https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 (v9.0.0045) NOTE: Crash in CLI tool, no security impact CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) NOT-FOR-US: outline CVE-2022-2341 (The Simple Page Transition WordPress plugin through 1.4.1 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-2340 (The W-DALIL WordPress plugin through 2.0 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-35299 (SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an ...) NOT-FOR-US: SAP CVE-2022-35298 (SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not suffici ...) NOT-FOR-US: SAP CVE-2022-35297 (The application SAP Enable Now does not sufficiently encode user-contr ...) NOT-FOR-US: SAP CVE-2022-35296 (Under certain conditions, the application SAP BusinessObjects Business ...) NOT-FOR-US: SAP CVE-2022-35295 (In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files ...) NOT-FOR-US: SAP CVE-2022-35294 (An attacker with basic business user privileges could craft and upload ...) NOT-FOR-US: SAP CVE-2022-35293 (Due to insecure session management, SAP Enable Now allows an unauthent ...) NOT-FOR-US: SAP CVE-2022-35292 (In SAP Business One application when a service is created, the executa ...) NOT-FOR-US: SAP CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors attachm ...) NOT-FOR-US: SAP CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...) NOT-FOR-US: SAP CVE-2022-35289 (A write-what-where condition in hermes caused by an integer overflow, ...) NOT-FOR-US: Facebook Hermes CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...) NOT-FOR-US: IBM CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...) NOT-FOR-US: IBM CVE-2022-35286 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sensitive ...) NOT-FOR-US: IBM CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...) NOT-FOR-US: IBM CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maxi ...) NOT-FOR-US: IBM CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...) NOT-FOR-US: IBM CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0 ...) NOT-FOR-US: IBM CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show mal ...) NOT-FOR-US: Apache ActiveMQ Artemis CVE-2022-34850 (An OS command injection vulnerability exists in the web_server /action ...) NOT-FOR-US: Robustel R1510 CVE-2022-34845 (A firmware update vulnerability exists in the sysupgrade functionality ...) NOT-FOR-US: Robustel R1510 CVE-2022-33975 RESERVED CVE-2022-33897 (A directory traversal vulnerability exists in the web_server /ajax/rem ...) NOT-FOR-US: Robustel R1510 CVE-2022-33150 (An OS command injection vulnerability exists in the js_package install ...) NOT-FOR-US: Robustel R1510 CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...) NOT-FOR-US: nocodb CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-2337 (A crafted HTTP packet with a missing HTTP URI can create a denial-of-s ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-2336 (Softing Secure Integration Server, edgeConnector, and edgeAggregator s ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-2335 (A crafted HTTP packet with a -1 content-length header can create a den ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-2334 (The application searches for a library dll that is not found. If an at ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malicious ...) NOT-FOR-US: Honeywell CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...) NOT-FOR-US: Honeywell CVE-2022-35271 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35270 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35269 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35268 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35267 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35266 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35265 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35264 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35263 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35262 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35261 (A denial of service vulnerability exists in the web_server hashFirst f ...) NOT-FOR-US: Robustel R1510 CVE-2022-35260 (curl can be told to parse a `.netrc` file for credentials. If that fil ...) - curl 7.86.0-1 [bullseye] - curl (Vulnerable code not present) [buster] - curl (Vulnerable code not present) NOTE: https://curl.se/docs/CVE-2022-35260.html NOTE: introduced by: https://github.com/curl/curl/commit/eeaae10c0fb27aa066fdc296074edeacfdeb6522 (curl-7_84_0) NOTE: Fixed by: https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c (curl-7_86_0) CVE-2022-35259 (XML Injection with Endpoint Manager 2022. 3 and below causing a downlo ...) NOT-FOR-US: Ivanti CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to the follo ...) NOT-FOR-US: Ivanti CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...) NOT-FOR-US: UI Desktop for Windows CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not correctl ...) {DSA-5326-1} - nodejs 18.10.0+dfsg-1 [buster] - nodejs (llhttp dependency/embedding introduced in 12.x) - llhttp (bug #977716) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256 NOTE: https://hackerone.com/reports/1888760 NOTE: https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44 (main) NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.20.1) CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in Node.js ...) {DSA-5326-1} - nodejs 18.10.0+dfsg-1 [buster] - nodejs (Vulnerable code introduced later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255 NOTE: https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79 (v18.9.1) NOTE: Introduced by https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac (v15.0.0) CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to the follo ...) NOT-FOR-US: Ivanti CVE-2022-35253 REJECTED CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...) {DLA-3288-1} - curl 7.85.0-1 (bug #1018831) [bullseye] - curl 7.74.0-1.3+deb11u3 NOTE: https://curl.se/docs/CVE-2022-35252.html NOTE: Fixed by: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3 (curl-7_85_0) NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2 NOTE: https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/ CVE-2022-35251 (A cross-site scripting vulnerability exists in Rocket.chat (Vulnerable code introduced later) CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) NOT-FOR-US: Trend Micro CVE-2022-35233 RESERVED CVE-2022-35232 RESERVED CVE-2022-35231 RESERVED CVE-2022-33896 (A buffer underflow vulnerability exists in the way Hword of Hancom Off ...) NOT-FOR-US: Hancom Office CVE-2022-2325 (The Invitation Based Registrations WordPress plugin through 2.2.84 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the SonicWall H ...) NOT-FOR-US: SonicWall CVE-2022-2323 (Improper neutralization of special elements used in a user input allow ...) NOT-FOR-US: SonicWall CVE-2022-2322 RESERVED CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) NOT-FOR-US: Nakama CVE-2022-35230 (An authenticated user can create a link with reflected Javascript code ...) {DLA-3390-1} [experimental] - zabbix 1:6.0.6+dfsg-1 - zabbix 1:6.0.7+dfsg-2 (bug #1014994) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-21305 NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae (5.0.25rc1) CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...) {DLA-3390-1} [experimental] - zabbix 1:6.0.6+dfsg-1 - zabbix 1:6.0.7+dfsg-2 (bug #1014992) [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-21306 NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b546c3f10ce98b0c914e5fc4114bd43042880c3c (5.0.25rc1) CVE-2022-35228 (SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve ...) NOT-FOR-US: SAP CVE-2022-35227 (A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, ...) NOT-FOR-US: SAP CVE-2022-35226 (SAP Data Services Management allows an attacker to copy the data from ...) NOT-FOR-US: SAP CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7 ...) NOT-FOR-US: SAP CVE-2022-35223 (EasyUse MailHunter Ultimate\u2019s cookie deserialization function has ...) NOT-FOR-US: EasyUse MailHunter Ultimate CVE-2022-35222 (HiCOS Citizen verification component has a stack-based buffer overflow ...) NOT-FOR-US: HiCOS Citizen verification component CVE-2022-35221 (Teamplus Pro community discussion has an \u2018allocation of resource ...) NOT-FOR-US: Teamplus Pro community discussion CVE-2022-35220 (Teamplus Pro community discussion function has an \u2018allocation of ...) NOT-FOR-US: Teamplus Pro community discussion CVE-2022-35219 (The NHI card\u2019s web service component has a stack-based buffer ove ...) NOT-FOR-US: The NHI card CVE-2022-35218 (The NHI card\u2019s web service component has a heap-based buffer over ...) NOT-FOR-US: The NHI card CVE-2022-35217 (The NHI card\u2019s web service component has a stack-based buffer ove ...) NOT-FOR-US: NHI card CVE-2022-35216 (OMICARD EDM\u2019s mail image relay function has a path traversal vuln ...) NOT-FOR-US: OMICARD EDM CVE-2022-2320 (A flaw was found in the Xorg-x11-server. The specific flaw exists with ...) {DSA-5199-1 DLA-3068-1} - xorg-server 2:21.1.4-1 (bug #1014903) - xwayland 2:22.1.3-1 NOTE: Introduced by: https://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132 (xorg-server-1.5.99.1) NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1 CVE-2022-2319 (A flaw was found in the Xorg-x11-server. An out-of-bounds access issue ...) {DSA-5199-1 DLA-3068-1} - xorg-server 2:21.1.4-1 (bug #1014903) - xwayland 2:22.1.3-1 NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/6907b6ea2b4ce949cb07271f5b678d5966d9df42 NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1 CVE-2022-2317 (The Simple Membership WordPress plugin before 4.1.3 allows user to cha ...) NOT-FOR-US: WordPress plugin CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...) NOT-FOR-US: Devolutions Server CVE-2022-2315 (Database Software Accreditation Tracking/Presentation Module product b ...) NOT-FOR-US: Database Software Accreditation Tracking/Presentation Module product CVE-2022-2314 (The VR Calendar WordPress plugin through 2.3.2 lets any user execute a ...) NOT-FOR-US: WordPress plugin CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...) NOT-FOR-US: MA Smart Installer for Windows CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-2311 (The Find and Replace All WordPress plugin before 1.3 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...) NOT-FOR-US: Skyhigh SWG CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...) - lxml 4.9.1-1 (bug #1014766) [bullseye] - lxml (Minor issue) [buster] - lxml (Minor issue) - libxml2 2.9.14+dfsg-1.3 (bug #1039991) [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1 [bullseye] - libxml2 (Minor issue) [buster] - libxml2 (Minor issue) NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/ NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc (v2.10.0) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2 (v2.10.0) CVE-2022-2308 (A flaw was found in vDPA with VDUSE backend. There are currently no ch ...) - linux 6.0.2-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2103900 NOTE: https://git.kernel.org/linus/46f8a29272e51b6df7393d58fc5cb8967397ef2b (6.0) CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer handler in ne ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2 NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5) CVE-2022-35215 RESERVED CVE-2022-35214 RESERVED CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scr ...) NOT-FOR-US: osCommerce2 CVE-2022-35211 RESERVED CVE-2022-35210 RESERVED CVE-2022-35209 RESERVED CVE-2022-35208 RESERVED CVE-2022-35207 RESERVED CVE-2022-35206 (Null pointer dereference vulnerability in Binutils readelf 2.38.50 via ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29290 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed NOTE: binutils not covered by security support CVE-2022-35205 (An issue was discovered in Binutils readelf 2.38.50, reachable asserti ...) - binutils 2.38.50.20220627-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29289 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5 NOTE: binutils not covered by security support CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...) NOT-FOR-US: Vitejs Vite CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...) NOT-FOR-US: TrendNet TV-IP572PI CVE-2022-35202 RESERVED CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote command exe ...) NOT-FOR-US: Tenda CVE-2022-35200 RESERVED CVE-2022-35199 RESERVED CVE-2022-35198 (Contract Management System v2.0 contains a weak default password which ...) NOT-FOR-US: Contract Management System CVE-2022-35197 RESERVED CVE-2022-35196 (TestLink v1.9.20 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: TestLink CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken access contr ...) NOT-FOR-US: TestLink CVE-2022-35194 (TestLink v1.9.20 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: TestLink CVE-2022-35193 (TestLink v1.9.20 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: TestLink CVE-2022-35192 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...) NOT-FOR-US: D-Link CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...) NOT-FOR-US: D-Link CVE-2022-35190 RESERVED CVE-2022-35189 RESERVED CVE-2022-35188 RESERVED CVE-2022-35187 RESERVED CVE-2022-35186 RESERVED CVE-2022-35185 RESERVED CVE-2022-35184 RESERVED CVE-2022-35183 RESERVED CVE-2022-35182 RESERVED CVE-2022-35181 RESERVED CVE-2022-35180 RESERVED CVE-2022-35179 RESERVED CVE-2022-35178 RESERVED CVE-2022-35177 RESERVED CVE-2022-35176 RESERVED CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Barangay CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's Starterki ...) NOT-FOR-US: Kirby CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a bre ...) NOT-FOR-US: Nginx NJS CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...) NOT-FOR-US: SAP CVE-2022-35170 (SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30 ...) NOT-FOR-US: SAP CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) - versions 42 ...) NOT-FOR-US: SAP CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business One - ...) NOT-FOR-US: SAP CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered ...) NOT-FOR-US: Printix Cloud Print Management CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...) - libjpeg (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/7 NOTE: Hang in CLI tool, no security impact CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows at ...) NOT-FOR-US: Bento4 CVE-2022-35164 (LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a hea ...) - libredwg (bug #595191) CVE-2022-35163 (Complete Online Job Search System v1.0 was discovered to contain a cro ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-35162 (Complete Online Job Search System v1.0 was discovered to contain a cro ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-35161 (GVRET Stable Release as of Aug 15, 2015 was discovered to contain a bu ...) NOT-FOR-US: GVRET CVE-2022-35160 RESERVED CVE-2022-35159 RESERVED CVE-2022-35158 (A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows ...) NOT-FOR-US: TScanCode CVE-2022-35157 RESERVED CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL Injecti ...) NOT-FOR-US: Bus Pass Management System CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a reflected ...) NOT-FOR-US: Bus Pass Management System CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL injection vu ...) NOT-FOR-US: Shopro Mall System CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection vulnerab ...) NOT-FOR-US: FusionPBX CVE-2022-35152 RESERVED CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...) NOT-FOR-US: kkFileview CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload vulnera ...) NOT-FOR-US: Baijicms CVE-2022-35149 RESERVED CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain ...) NOT-FOR-US: maccms10 CVE-2022-35147 (DoraCMS v2.18 and earlier allows attackers to bypass login authenticat ...) NOT-FOR-US: DoraCMS CVE-2022-35146 RESERVED CVE-2022-35145 RESERVED CVE-2022-35144 (Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: gilbitron/Renato CVE-2022-35143 (Renato v0.17.0 employs weak password complexity requirements, allowing ...) NOT-FOR-US: gilbitron/Renato CVE-2022-35142 (An issue in Renato v0.17.0 allows attackers to cause a Denial of Servi ...) NOT-FOR-US: gilbitron/Renato CVE-2022-35141 RESERVED CVE-2022-35140 RESERVED CVE-2022-35139 RESERVED CVE-2022-35138 RESERVED CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...) NOT-FOR-US: DGIOT Lightweight industrial IoT CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticat ...) NOT-FOR-US: Boodskap IoT Platform CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privilege ...) NOT-FOR-US: Boodskap IoT Platform CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) ...) NOT-FOR-US: Boodskap IoT Platform CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allo ...) - cherrytree (No vulnerable version ever uploaded, introduced in 0.99.44 and fixed in 0.99.45) NOTE: https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202513 NOTE: https://github.com/giuspen/cherrytree/issues/2099 CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to execute OS ...) NOT-FOR-US: Usermin CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...) NOT-FOR-US: Joplin CVE-2022-35130 RESERVED CVE-2022-35129 RESERVED CVE-2022-35128 RESERVED CVE-2022-35127 RESERVED CVE-2022-35126 RESERVED CVE-2022-35125 RESERVED CVE-2022-35124 RESERVED CVE-2022-35123 RESERVED CVE-2022-35122 (An access control issue in Ecowitt GW1100 Series Weather Stations <=GW ...) NOT-FOR-US: Ecowitt GW1100 Series Weather Stations CVE-2022-35121 (Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Novel-Plus CVE-2022-35120 (IXPdata EasyInstall 6.6.14725 contains an access control issue.) NOT-FOR-US: IXPdata EasyInstall CVE-2022-35119 RESERVED CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site scripting ( ...) NOT-FOR-US: PyroCMS CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contain a cr ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-35116 RESERVED CVE-2022-35115 (IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to ...) NOT-FOR-US: IceWarp WebClient DC2 CVE-2022-35114 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/185 CVE-2022-35113 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/185 CVE-2022-35112 RESERVED CVE-2022-35111 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/184 CVE-2022-35110 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/184 CVE-2022-35109 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/18 CVE-2022-35108 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/184 CVE-2022-35107 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/184 CVE-2022-35106 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35105 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/183 CVE-2022-35104 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35103 RESERVED CVE-2022-35102 RESERVED CVE-2022-35101 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35100 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35099 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35098 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35097 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35096 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35095 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35094 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35093 (SWFTools commit 772e55a2 was discovered to contain a global buffer ove ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35092 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35091 (SWFTools commit 772e55a2 was discovered to contain a floating point ex ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/182 CVE-2022-35090 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35089 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35088 (SWFTools commit 772e55a2 was discovered to contain a heap buffer-overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35087 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35086 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35085 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/181 CVE-2022-35084 RESERVED CVE-2022-35083 RESERVED CVE-2022-35082 RESERVED CVE-2022-35081 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/183 CVE-2022-35080 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/183 CVE-2022-35079 RESERVED CVE-2022-35078 RESERVED CVE-2022-35077 RESERVED CVE-2022-35076 RESERVED CVE-2022-35075 RESERVED CVE-2022-35074 RESERVED CVE-2022-35073 RESERVED CVE-2022-35072 RESERVED CVE-2022-35071 RESERVED CVE-2022-35070 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35069 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35068 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35067 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35066 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35065 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35064 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35063 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35062 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35061 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35057 RESERVED CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see as well #1019602 CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35038 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35037 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35036 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35035 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35034 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35033 RESERVED CVE-2022-35032 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35031 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35030 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35029 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35028 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35027 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35026 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35025 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35024 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35023 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35022 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35021 (OTFCC commit 617837b was discovered to contain a global buffer overflo ...) - texlive-bin (unimportant) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md NOTE: Crash in CLI tool, no security impact CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault.) - advancecomp 2.4-1 (bug #1019592) [bullseye] - advancecomp (Minor issue) [buster] - advancecomp (Minor issue) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault.) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md NOTE: Crash in CLI tool, no security impact CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow.) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md NOTE: Crash in CLI tool, no security impact CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow.) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md NOTE: Crash in CLI tool, no security impact CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md NOTE: Crash in CLI tool, no security impact CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault.) - advancecomp 2.4-1 (unimportant; bug #1019592) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md NOTE: Crash in CLI tool, no security impact CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35011 (PNGDec commit 8abf6be was discovered to contain a global buffer overfl ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35010 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35009 (PNGDec commit 8abf6be was discovered to contain a memory allocation pr ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35008 (PNGDec commit 8abf6be was discovered to contain a stack overflow via / ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35007 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) NOT-FOR-US: bitbank2/PNGdec CVE-2022-35006 RESERVED CVE-2022-35005 RESERVED CVE-2022-35004 (JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT a ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-35003 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-35002 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-35001 RESERVED CVE-2022-35000 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-34999 (JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-34998 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...) NOT-FOR-US: bitbank2/JPEGDEC CVE-2022-34997 RESERVED CVE-2022-34996 RESERVED CVE-2022-34995 RESERVED CVE-2022-34994 RESERVED CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code ...) NOT-FOR-US: Totolink CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the ...) NOT-FOR-US: viruscamp/luadec CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site ...) NOT-FOR-US: Paymoney CVE-2022-34990 RESERVED CVE-2022-34989 (Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: PaymoneyFruits Bazar CVE-2022-34988 (Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross ...) NOT-FOR-US: Inout Blockchain AltExchanger CVE-2022-34987 RESERVED CVE-2022-34986 RESERVED CVE-2022-34985 RESERVED CVE-2022-34984 RESERVED CVE-2022-34983 (The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execu ...) NOT-FOR-US: scu-captchaC CVE-2022-34982 (The eziod package in PyPI before v0.0.1 included a code execution back ...) NOT-FOR-US: eziod CVE-2022-34981 (The PyCrowdTangle package in PyPI before v0.0.1 included a code execut ...) NOT-FOR-US: PyCrowdTangle CVE-2022-34980 RESERVED CVE-2022-34979 RESERVED CVE-2022-34978 RESERVED CVE-2022-34977 RESERVED CVE-2022-34976 RESERVED CVE-2022-34975 RESERVED CVE-2022-34974 (D-Link DIR810LA1_FW102B22 was discovered to contain a command injectio ...) NOT-FOR-US: D-Link CVE-2022-34973 (D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow ...) NOT-FOR-US: D-Link CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL injec ...) NOT-FOR-US: So Filter Shop CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...) NOT-FOR-US: Feehi CMS CVE-2022-34970 (Crow before 1.0+4 has a heap-based buffer overflow via the function qs ...) NOT-FOR-US: CrowCpp CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereferen ...) NOT-FOR-US: pingcap/tidb CVE-2022-34968 (An issue in the fetch_step function in Percona Server for MySQL v8.0.2 ...) NOT-FOR-US: Percona Server for MySQL v8 CVE-2022-34967 (The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server ...) NOT-FOR-US: MonetDB CVE-2022-34966 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34964 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34963 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) NOT-FOR-US: OpenTeknik CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an attacker ...) NOT-FOR-US: MikroTik RouterOS CVE-2022-34959 RESERVED CVE-2022-34958 RESERVED CVE-2022-34957 RESERVED CVE-2022-34956 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection ...) NOT-FOR-US: Pligg CMS CVE-2022-34955 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection ...) NOT-FOR-US: Pligg CMS CVE-2022-34954 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34953 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34952 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34951 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34950 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34949 (Pharmacy Management System v1.0 was discovered to contain multiple SQL ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34948 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34947 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34946 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Pharmacy Management System CVE-2022-34944 RESERVED CVE-2022-34943 REJECTED CVE-2022-34942 RESERVED CVE-2022-34941 RESERVED CVE-2022-34940 RESERVED CVE-2022-34939 RESERVED CVE-2022-34938 RESERVED CVE-2022-34937 (Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forge ...) NOT-FOR-US: Yuba u5cms CVE-2022-34936 RESERVED CVE-2022-34935 RESERVED CVE-2022-34934 RESERVED CVE-2022-34933 RESERVED CVE-2022-34932 RESERVED CVE-2022-34931 RESERVED CVE-2022-34930 RESERVED CVE-2022-34929 RESERVED CVE-2022-34928 (JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: JFinal CMS CVE-2022-34927 (MilkyTracker v1.03.00 was discovered to contain a stack overflow via t ...) - milkytracker 1.04.00+dfsg-1 (unimportant; bug #1016578) NOTE: https://github.com/milkytracker/MilkyTracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b (v1.04.00) NOTE: https://github.com/milkytracker/MilkyTracker/issues/275 NOTE: Crash in GUI tool, no security impact CVE-2022-34926 RESERVED CVE-2022-34925 RESERVED CVE-2022-34924 (Lanling OA Landray Office Automation (OA) internal patch number #13338 ...) NOT-FOR-US: Lanling OA Landray Office Automation CVE-2022-34923 RESERVED CVE-2022-34922 RESERVED CVE-2022-34921 RESERVED CVE-2022-34920 RESERVED CVE-2022-34919 (The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 ...) NOT-FOR-US: Zengenti Contensis Classic CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A type con ...) {DSA-5191-1} - linux 5.18.14-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3 NOTE: https://www.randorisec.fr/crack-linux-firewall/ CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...) - gitlab 15.10.8+ds1-2 CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka. It affec ...) - kafka (bug #786460) CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...) NOT-FOR-US: Apache Flume CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) NOT-FOR-US: Nakama CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) {DLA-3182-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/ NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035) CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab 15.10.8+ds1-2 CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...) NOT-FOR-US: Lenze CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.) - chafa 1.10.3-1 (unimportant) NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/ NOTE: https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9 (1.12.0) NOTE: https://github.com/hpjansson/chafa/commit/a52325294cc018d4fa9a7f29668faea24362b94c (1.10.3) NOTE: Crash in CLI tool, no security impact CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-2299 (The Allow SVG Files WordPress plugin through 1.1 does not sanitise upl ...) NOT-FOR-US: WordPress plugin CVE-2022-2298 (A vulnerability has been found in SourceCodester Clinics Patient Manag ...) NOT-FOR-US: Clinics Patient Management System CVE-2022-2297 (A vulnerability, which was classified as critical, was found in Source ...) NOT-FOR-US: Clinics Patient Management System CVE-2022-2296 (Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior ...) {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2295 (Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed ...) {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2294 (Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.11 ...) {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - webkit2gtk 2.36.6-1 (unimportant) [bullseye] - webkit2gtk 2.36.6-1~deb11u1 [buster] - webkit2gtk 2.36.6-1~deb10u1 - wpewebkit 2.36.6-1 (unimportant) [bullseye] - wpewebkit 2.36.6-1~deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 NOTE: Debian WebKitGTK and WPE WebKit binary packages are built without LibWebRTC NOTE: https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2294.html CVE-2022-2293 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: Simple Sales Management System CVE-2022-2292 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: Hotel Management System CVE-2022-2291 (A vulnerability was found in SourceCodester Hotel Management System 2. ...) NOT-FOR-US: Hotel Management System CVE-2022-34915 RESERVED CVE-2022-34914 (Webswing before 22.1.3 allows X-Forwarded-For header injection. The cl ...) NOT-FOR-US: Webswing CVE-2022-34913 (md2roff 1.7 has a stack-based buffer overflow via a Markdown file cont ...) NOT-FOR-US: md2roff CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.7-1 NOTE: https://phabricator.wikimedia.org/T308473 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.7-1 NOTE: https://phabricator.wikimedia.org/T308471 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...) NOT-FOR-US: Trilium Notes CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/ NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026) NOTE: Crash in CLI tool, no security impact CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (vulnerable code introduced in 8.2.4763) [buster] - vim (vulnerable code introduced in 8.2.4763) NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/ NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025) CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...) NOT-FOR-US: FileWave CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...) NOT-FOR-US: FileWave CVE-2022-34905 RESERVED CVE-2022-34904 RESERVED CVE-2022-34863 RESERVED CVE-2022-34856 RESERVED CVE-2022-34854 (Improper access control in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK software before ...) NOT-FOR-US: Intel CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...) NOT-FOR-US: Intel CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...) NOT-FOR-US: Intel CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode 3.20230214.1~deb11u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-33197 RESERVED CVE-2022-32581 RESERVED CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows ...) NOT-FOR-US: Intel CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/ NOTE: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774 (v9.0.0021) NOTE: Crash in CLI tool, no security impact CVE-2022-2286 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8/ NOTE: https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c (v9.0.0020) CVE-2022-34902 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34901 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34900 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34899 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34898 RESERVED CVE-2022-34897 RESERVED CVE-2022-34896 RESERVED CVE-2022-34895 RESERVED CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...) NOT-FOR-US: JetBrains Hub CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) {DLA-3182-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/ NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018) NOTE: Crash in CLI tool, no security impact CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/ NOTE: https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (v9.0.0017) NOTE: Crash in CLI tool, no security impact CVE-2022-2283 RESERVED CVE-2022-2282 REJECTED CVE-2022-2281 (An information disclosure vulnerability in GitLab EE affecting all ver ...) - gitlab (Specific to Gitlab EE) CVE-2022-2280 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi pri ...) - libmobi 0.11+dfsg-1 NOTE: https://huntr.dev/bounties/68c249e2-779d-4871-b7e3-851f03aca2de/ NOTE: https://github.com/bfabiszewski/libmobi/commit/c0699c8693c47f14a2e57dec7292e862ac7adf9c (v0.11) CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Energy M ...) NOT-FOR-US: Hitachi CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...) NOT-FOR-US: OpenVPN Access Server CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34890 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2022-34889 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, authentic ...) NOT-FOR-US: Lenovo CVE-2022-34887 (Standard users can directly operate and set printer configuration info ...) NOT-FOR-US: Lenovo CVE-2022-34886 (A remote code execution vulnerability was found in the firmware used i ...) NOT-FOR-US: Lenovo CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola MR2600 ro ...) NOT-FOR-US: Motorola CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem which can po ...) NOT-FOR-US: Lenovo CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager Storage Rep ...) NOT-FOR-US: Hitachi CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in Hitachi ...) NOT-FOR-US: Hitachi CVE-2022-34881 (Generation of Error Message Containing Sensitive Information vulnerabi ...) NOT-FOR-US: Hitachi CVE-2022-34880 RESERVED CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time ...) NOT-FOR-US: VICIdial CVE-2022-34878 (SQL Injection vulnerability in User Stats interface (/vicidial/user_st ...) NOT-FOR-US: VICIdial CVE-2022-34877 (SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicid ...) NOT-FOR-US: VICIdial CVE-2022-34876 (SQL Injection vulnerability in admin interface (/vicidial/admin.php) o ...) NOT-FOR-US: VICIdial CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...) {DSA-5174-1} - gnupg2 2.2.35-3 (bug #1014157) NOTE: https://dev.gnupg.org/T6027 NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b CVE-2022-34875 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-34874 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-34873 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-34872 (This vulnerability allows remote attackers to disclose sensitive infor ...) - centreon-web (bug #913903) CVE-2022-34871 (This vulnerability allows remote attackers to escalate privileges on a ...) - centreon-web (bug #913903) CVE-2022-34870 (Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scri ...) NOT-FOR-US: Apache Geode CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...) NOT-FOR-US: WordPress plugin CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...) NOT-FOR-US: WordPress plugin CVE-2022-34847 RESERVED CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...) NOT-FOR-US: WordPress plugin CVE-2022-34838 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...) NOT-FOR-US: ABB Zenon CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...) NOT-FOR-US: ABB Zenon CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...) NOT-FOR-US: ABB Zenon CVE-2022-34654 (Cross-Site Request Forgery (CSRF) in Virgial Berveling'sManage Notific ...) NOT-FOR-US: WordPress plugin CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...) NOT-FOR-US: WordPress plugin CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...) NOT-FOR-US: WordPress plugin CVE-2022-34155 (Improper Authentication vulnerability in miniOrange OAuth Single Sign ...) NOT-FOR-US: WordPress plugin CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...) NOT-FOR-US: WordPress plugin CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2022-33974 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...) NOT-FOR-US: WordPress plugin CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...) NOT-FOR-US: WordPress plugin CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wasp ...) NOT-FOR-US: WordPress plugin CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...) NOT-FOR-US: WordPress plugin CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...) NOT-FOR-US: WordPress plugin CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) NOT-FOR-US: WordPress plugin CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins ...) NOT-FOR-US: WordPress plugin CVE-2022-32970 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in The ...) NOT-FOR-US: WordPress plugin CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...) NOT-FOR-US: WordPress plugin CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...) NOT-FOR-US: WordPress plugin CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2022-30705 (Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPres ...) NOT-FOR-US: WordPress plugin CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...) NOT-FOR-US: WordPress plugin CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plu ...) NOT-FOR-US: WordPress plugin CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...) NOT-FOR-US: WordPress plugin CVE-2022-26366 (Cross-Site Request Forgery (CSRF) inAdRotate Banner Manager Plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content ...) NOT-FOR-US: WordPress plugin CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in a ...) NOT-FOR-US: WordPress plugin CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ...) - openssl 3.0.4-2 (bug #1013441) [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345 NOTE: https://github.com/openssl/openssl/issues/18625 NOTE: https://www.openssl.org/news/secadv/20220705.txt CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-2272 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Sante PACS Server CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...) NOT-FOR-US: WordPress plugin CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...) NOT-FOR-US: WordPress plugin CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJA ...) NOT-FOR-US: WordPress plugin CVE-2022-2266 (University Library Automation System developed by Yordam Bilgi Teknolo ...) NOT-FOR-US: University Library Automation System CVE-2022-2265 (The Identity and Directory Management System developed by \xc7ekino Bi ...) NOT-FOR-US: Teknolojileri CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/ NOTE: Fixed by: https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05 (v9.0.0011) NOTE: Crash in CLI tool, no security impact CVE-2022-2263 (A vulnerability was found in Online Hotel Booking System 1.0 and class ...) NOT-FOR-US: Online Hotel Booking System CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 1.0 and ...) NOT-FOR-US: Online Hotel Booking System CVE-2022-2261 (The WPIDE WordPress plugin before 3.0 does not sanitize and validate t ...) NOT-FOR-US: WordPress plugin CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place ...) NOT-FOR-US: WordPress plugin CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...) - u-boot 2022.07+dfsg-1 (bug #1014529) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6) CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...) NOT-FOR-US: VERMEG AgileReporter CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...) NOT-FOR-US: VERMEG AgileReporter CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...) NOT-FOR-US: VERMEG AgileReporter CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...) NOT-FOR-US: Keyfactor CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...) NOT-FOR-US: ARM CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-34828 RESERVED CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control.) NOT-FOR-US: Carel Boss Mini CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...) NOT-FOR-US: Couchbase Server CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...) NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER CVE-2022-34824 (Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for ...) NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER CVE-2022-34823 (Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earl ...) NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER CVE-2022-34822 (Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earli ...) NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER CVE-2022-2259 (In affected versions of Octopus Deploy it is possible for a user to vi ...) NOT-FOR-US: Octopus Deploy CVE-2022-2258 (In affected versions of Octopus Deploy it is possible for a user to vi ...) NOT-FOR-US: Octopus Deploy CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89 NOTE: https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (v9.0.0009) NOTE: Crash in CLI tool, no security impact CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...) NOT-FOR-US: Keycloak CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...) {DLA-3111-1} - mod-wsgi 4.9.0-1.1 (bug #1016476) [bullseye] - mod-wsgi 4.7.1-3+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563 NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3) NOTE: WSGITrustedProxies and vulnerable code introduced in https://github.com/GrahamDumpleton/mod_wsgi/commit/543fc33c23b4cb5e623d574b7efbf85c8dedb396 (4.4.10) CVE-2022-34821 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) NOT-FOR-US: Siemens CVE-2022-34820 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-34819 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) NOT-FOR-US: Siemens CVE-2022-34818 (Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perfo ...) NOT-FOR-US: Jenkins plugin CVE-2022-34817 (A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Jo ...) NOT-FOR-US: Jenkins plugin CVE-2022-34816 (Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencry ...) NOT-FOR-US: Jenkins plugin CVE-2022-34815 (A cross-site request forgery (CSRF) vulnerability in Jenkins Request R ...) NOT-FOR-US: Jenkins plugin CVE-2022-34814 (Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not cor ...) NOT-FOR-US: Jenkins plugin CVE-2022-34813 (A missing permission check in Jenkins XPath Configuration Viewer Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-34812 (A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Con ...) NOT-FOR-US: Jenkins plugin CVE-2022-34811 (A missing permission check in Jenkins XPath Configuration Viewer Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-34810 (A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers ...) NOT-FOR-US: Jenkins plugin CVE-2022-34809 (Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in it ...) NOT-FOR-US: Jenkins plugin CVE-2022-34808 (Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unen ...) NOT-FOR-US: Jenkins plugin CVE-2022-34807 (Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password u ...) NOT-FOR-US: Jenkins plugin CVE-2022-34806 (Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2022-34805 (Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unen ...) NOT-FOR-US: Jenkins plugin CVE-2022-34804 (Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain te ...) NOT-FOR-US: Jenkins plugin CVE-2022-34803 (Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2022-34802 (Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login ...) NOT-FOR-US: Jenkins plugin CVE-2022-34801 (Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens ...) NOT-FOR-US: Jenkins plugin CVE-2022-34800 (Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens une ...) NOT-FOR-US: Jenkins plugin CVE-2022-34799 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a passwo ...) NOT-FOR-US: Jenkins plugin CVE-2022-34798 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perfor ...) NOT-FOR-US: Jenkins plugin CVE-2022-34797 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...) NOT-FOR-US: Jenkins plugin CVE-2022-34796 (A missing permission check in Jenkins Deployment Dashboard Plugin 1.0. ...) NOT-FOR-US: Jenkins plugin CVE-2022-34795 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-34794 (Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier all ...) NOT-FOR-US: Jenkins plugin CVE-2022-34793 (Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2022-34792 (A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Pl ...) NOT-FOR-US: Jenkins plugin CVE-2022-34791 (Jenkins Validating Email Parameter Plugin 1.10 and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2022-34790 (Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-34789 (A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Re ...) NOT-FOR-US: Jenkins plugin CVE-2022-34788 (Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the a ...) NOT-FOR-US: Jenkins plugin CVE-2022-34787 (Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-34786 (Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2022-34785 (Jenkins build-metrics Plugin 1.3 and earlier does not perform permissi ...) NOT-FOR-US: Jenkins plugin CVE-2022-34784 (Jenkins build-metrics Plugin 1.3 does not escape the build description ...) NOT-FOR-US: Jenkins plugin CVE-2022-34783 (Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptio ...) NOT-FOR-US: Jenkins plugin CVE-2022-34782 (An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 ...) NOT-FOR-US: Jenkins plugin CVE-2022-34781 (Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0. ...) NOT-FOR-US: Jenkins plugin CVE-2022-34780 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...) NOT-FOR-US: Jenkins plugin CVE-2022-34779 (A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0 ...) NOT-FOR-US: Jenkins plugin CVE-2022-34778 (Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders th ...) NOT-FOR-US: Jenkins plugin CVE-2022-34777 (Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fiel ...) NOT-FOR-US: Jenkins plugin CVE-2022-34776 (Tabit - giftcard stealth. Several APIs on the web system display, with ...) NOT-FOR-US: Tabit CVE-2022-34775 (Tabit - Excessive data exposure. Another endpoint mapped by the tiny u ...) NOT-FOR-US: Tabit CVE-2022-34774 (Tabit - Arbitrary account modification. One of the endpoints mapped by ...) NOT-FOR-US: Tabit CVE-2022-34773 (Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configura ...) NOT-FOR-US: Tabit CVE-2022-34772 (Tabit - password enumeration. Description: Tabit - password enumeratio ...) NOT-FOR-US: Tabit CVE-2022-34771 (Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tab ...) NOT-FOR-US: Tabit CVE-2022-34770 (Tabit - sensitive information disclosure. Several APIs on the web syst ...) NOT-FOR-US: Tabit CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...) NOT-FOR-US: Michlol CVE-2022-34768 (insert HTML / js code inside input how to get to the vulnerable input ...) NOT-FOR-US: Supersmart.me CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...) NOT-FOR-US: ALLNET CVE-2022-34766 RESERVED CVE-2022-2254 (A user with administrative privileges in Distributed Data Systems WebH ...) NOT-FOR-US: Distributed Data Systems WebHMI CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems WebH ...) NOT-FOR-US: Distributed Data Systems WebHMI CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner affecting all v ...) - gitlab 15.10.8+ds1-2 CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2021-46826 RESERVED CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...) NOT-FOR-US: Symantec CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...) - u-boot 2022.07+dfsg-1 [bullseye] - u-boot (Minor issue) [buster] - u-boot (SquashFS support added in 2020.10) NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6) CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya ...) NOT-FOR-US: Avaya CVE-2022-2248 RESERVED CVE-2022-2247 RESERVED CVE-2022-2246 REJECTED CVE-2022-34765 (A CWE-73: External Control of File Name or Path vulnerability exists t ...) NOT-FOR-US: Schneider Electric CVE-2022-34764 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider Electric CVE-2022-34763 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider Electric CVE-2022-34762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2022-34761 (A CWE-476: NULL Pointer Dereference vulnerability exists that could ca ...) NOT-FOR-US: Schneider Electric CVE-2022-34760 (A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vuln ...) NOT-FOR-US: Schneider Electric CVE-2022-34759 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...) NOT-FOR-US: Schneider Electric CVE-2022-34758 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) NOT-FOR-US: Schneider Electric CVE-2022-34757 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) NOT-FOR-US: Schneider Electric CVE-2022-34756 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-34755 (A CWE-427 - Uncontrolled Search Path Element vulnerability exists that ...) NOT-FOR-US: Schneider CVE-2022-34754 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2022-34753 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) NOT-FOR-US: Schneider Electric CVE-2022-34752 RESERVED CVE-2022-34751 RESERVED CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma length ...) NOT-FOR-US: MediaWiki extension WikiBase CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is implemented by u ...) - mistune 2.0.3-1 (bug #1016089) [bullseye] - mistune (Minor issue) [buster] - mistune (Minor issue) NOTE: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 (v2.0.3) CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-34747 (A format string vulnerability in Zyxel NAS326 firmware versions prior ...) NOT-FOR-US: Zyxel CVE-2022-34746 (An insufficient entropy vulnerability caused by the improper use of ra ...) NOT-FOR-US: Zyxel CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerabili ...) NOT-FOR-US: Huawei CVE-2022-34742 (The system module has a read/write vulnerability. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2022-34741 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-34740 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) NOT-FOR-US: Huawei CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in arithmetic a ...) NOT-FOR-US: Huawei CVE-2022-34738 (The SystemUI module has a vulnerability in permission control. If this ...) NOT-FOR-US: Huawei CVE-2022-34737 (The application security module has a vulnerability in permission assi ...) NOT-FOR-US: Huawei CVE-2022-34736 (The frame scheduling module has a null pointer dereference vulnerabili ...) NOT-FOR-US: Huawei CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulnerabili ...) NOT-FOR-US: Huawei CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check wh ...) NOT-FOR-US: WordPress plugin CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...) - gitlab 15.10.8+ds1-2 CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...) NOT-FOR-US: Kuka CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...) NOT-FOR-US: WordPress plugin CVE-2022-2239 (The Request a Quote WordPress plugin before 2.3.9 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...) NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...) NOT-FOR-US: Keycloak CVE-2022-2236 RESERVED CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker affect ...) - gitlab (Specific to EE) CVE-2017-20138 (A vulnerability was found in Itech Auction Script 6.49. It has been cl ...) NOT-FOR-US: Itech CVE-2017-20137 (A vulnerability was found in Itech B2B Script 4.28. It has been rated ...) NOT-FOR-US: Itech CVE-2017-20136 (A vulnerability classified as critical has been found in Itech Classif ...) NOT-FOR-US: Itech CVE-2017-20135 (A vulnerability classified as critical was found in Itech Dating Scrip ...) NOT-FOR-US: Itech CVE-2017-20134 (A vulnerability, which was classified as critical, has been found in I ...) NOT-FOR-US: Itech CVE-2017-20133 (A vulnerability, which was classified as critical, was found in Itech ...) NOT-FOR-US: Itech CVE-2017-20132 (A vulnerability was found in Itech Multi Vendor Script 6.49 and classi ...) NOT-FOR-US: Itech CVE-2017-20131 (A vulnerability was found in Itech News Portal 6.28. It has been class ...) NOT-FOR-US: Itech CVE-2017-20130 (A vulnerability was found in Itech Real Estate Script 3.12. It has bee ...) NOT-FOR-US: Itech CVE-2017-20129 (A vulnerability was found in LogoStore. It has been classified as crit ...) NOT-FOR-US: LogoStore CVE-2017-20128 (A vulnerability has been found in KB Messages PHP Script 1.0 and class ...) NOT-FOR-US: KB Messages PHP Script CVE-2017-20127 (A vulnerability was found in KB Login Authentication Script 1.1 and cl ...) NOT-FOR-US: KB Login Authentication Script CVE-2017-20126 (A vulnerability was found in KB Affiliate Referral Script 1.0. It has ...) NOT-FOR-US: KB Affiliate Referral Script CVE-2022-34745 RESERVED CVE-2022-34744 RESERVED CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...) NOT-FOR-US: mySCADA myPRO CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Req ...) NOT-FOR-US: Banner Cycler plugin for WordPress CVE-2022-2232 RESERVED NOT-FOR-US: Keycloak CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169) NOTE: Crash in CLI tool, no security impact CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...) - gitlab 15.10.8+ds1-2 CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...) - gitlab (Specific to EE) CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...) - gitlab 15.10.8+ds1-2 CVE-2022-2226 (An OpenPGP digital signature includes information about the date when ...) {DSA-5175-1} - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226 CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel Booki ...) NOT-FOR-US: Online Hotel Booking System Pro CVE-2017-20124 (A vulnerability classified as critical has been found in Online Hotel ...) NOT-FOR-US: WordPress plugin CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classified a ...) NOT-FOR-US: Viscosity on Windows and macOS CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...) NOT-FOR-US: Bitrix Site Manager CVE-2022-34734 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34733 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-34732 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34731 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) NOT-FOR-US: Microsoft CVE-2022-34730 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34729 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34728 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34727 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34726 (Microsoft ODBC Driver Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34725 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34724 (Windows DNS Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34723 (Windows DPAPI (Data Protection Application Programming Interface) Info ...) NOT-FOR-US: Microsoft CVE-2022-34722 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2022-34721 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2022-34720 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2022-34719 (Windows Distributed File System (DFS) Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34716 (.NET Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...) NOT-FOR-US: Microsoft CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34698 RESERVED CVE-2022-34697 RESERVED CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34695 RESERVED CVE-2022-34694 RESERVED CVE-2022-34693 RESERVED CVE-2022-34692 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34688 RESERVED CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-34684 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers (Non-free not supported) [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34683 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-34682 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34681 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-34680 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34679 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34678 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2022-34677 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34676 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) NOT-FOR-US: NVIDIA vGPU driver CVE-2022-34675 (NVIDIA Display Driver for Linux contains a vulnerability in the Virtua ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34674 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34673 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 515.86.01-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers (Only affects R515) [buster] - nvidia-graphics-drivers (Only affects R515) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34672 (NVIDIA Control Panel for Windows contains a vulnerability where an una ...) NOT-FOR-US: NVIDIA CVE-2022-34671 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-34670 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) {DLA-3418-1} - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) [bullseye] - nvidia-graphics-drivers 470.161.03-1 [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-340xx (bug #1025280) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) - nvidia-graphics-drivers-tesla-418 (bug #1025282) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) - nvidia-open-gpu-kernel-modules 515.86.01-1 CVE-2022-34669 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability that deseri ...) NOT-FOR-US: NVFLARE CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnera ...) [experimental] - nvidia-cuda-toolkit 11.8.0-1 - nvidia-cuda-toolkit 11.8.0-2 (bug #1021625) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) [buster] - nvidia-cuda-toolkit (Minor issue) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373 CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.141.03-1 [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.154-1 [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 - nvidia-graphics-drivers-tesla-418 [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.203.03-1 [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.141.03-1 [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.141.03-1 [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.154-1 [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 - nvidia-graphics-drivers-tesla-418 [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.203.03-1 [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.141.03-1 [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 CVE-2022-34664 RESERVED CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2022-34662 (When users add resources to the resource center with a relation path w ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-34661 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-34660 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...) NOT-FOR-US: Cloudflare Warp CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2022-2223 (The WordPress plugin Image Slider is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensure th ...) NOT-FOR-US: WordPress plugin CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-2220 REJECTED CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-2218 (Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/p ...) NOT-FOR-US: Node parse-url CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/ ...) NOT-FOR-US: Node parse-url CVE-2022-2216 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...) NOT-FOR-US: Node parse-url CVE-2022-2215 (The GiveWP WordPress plugin before 2.21.3 does not properly sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2020-36553 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) NOT-FOR-US: Multi Restaurant Table Reservation System CVE-2020-36552 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) NOT-FOR-US: Multi Restaurant Table Reservation System CVE-2020-36551 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) NOT-FOR-US: Multi Restaurant Table Reservation System CVE-2020-36550 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) NOT-FOR-US: Multi Restaurant Table Reservation System CVE-2017-20121 (A vulnerability was found in Teradici Management Console 2.2.0. It has ...) NOT-FOR-US: Teradici Management Console CVE-2017-20120 (A vulnerability classified as problematic was found in TrueConf Server ...) NOT-FOR-US: TrueConf Server CVE-2017-20119 (A vulnerability classified as problematic has been found in TrueConf S ...) NOT-FOR-US: TrueConf Server CVE-2017-20118 (A vulnerability was found in TrueConf Server 4.3.7. It has been rated ...) NOT-FOR-US: TrueConf Server CVE-2017-20117 (A vulnerability was found in TrueConf Server 4.3.7. It has been declar ...) NOT-FOR-US: TrueConf Server CVE-2017-20116 (A vulnerability was found in TrueConf Server 4.3.7. It has been classi ...) NOT-FOR-US: TrueConf Server CVE-2017-20115 (A vulnerability was found in TrueConf Server 4.3.7 and classified as p ...) NOT-FOR-US: TrueConf Server CVE-2017-20114 (A vulnerability has been found in TrueConf Server 4.3.7 and classified ...) NOT-FOR-US: TrueConf Server CVE-2017-20113 (A vulnerability, which was classified as problematic, was found in Tru ...) NOT-FOR-US: TrueConf Server CVE-2017-20112 (A vulnerability has been found in IVPN Client 2.6.6120.33863 and class ...) NOT-FOR-US: IVPN Client CVE-2017-20111 (A vulnerability, which was classified as critical, was found in Teleop ...) NOT-FOR-US: Teleopti WFM CVE-2017-20110 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Teleopti WFM CVE-2017-20109 (A vulnerability classified as problematic was found in Teleopti WFM up ...) NOT-FOR-US: Teleopti WFM CVE-2022-34659 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...) NOT-FOR-US: Siemens CVE-2022-34647 RESERVED CVE-2022-34646 RESERVED CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) NOT-FOR-US: Intel CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with I ...) NOT-FOR-US: Intel CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before version ...) NOT-FOR-US: Intel CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before version ...) NOT-FOR-US: Intel CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) NOT-FOR-US: Intel CVE-2022-31476 (Improper access control in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before version ...) NOT-FOR-US: Intel CVE-2022-29514 (Improper access control in the Intel(R) SUR software before version 2. ...) NOT-FOR-US: Intel CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...) NOT-FOR-US: LiteCart CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management System ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-2212 (A vulnerability was found in SourceCodester Library Management System ...) NOT-FOR-US: SourceCodester Library Management System CVE-2022-34645 RESERVED CVE-2022-34644 RESERVED CVE-2022-34643 (RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implemen ...) NOT-FOR-US: RISCV ISA Sim CVE-2022-34642 (The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59 ...) NOT-FOR-US: RISCV ISA Sim CVE-2022-34641 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...) NOT-FOR-US: CVA6 CVE-2022-34640 (The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf ...) NOT-FOR-US: CVA6 CVE-2022-34639 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standa ...) NOT-FOR-US: CVA6 CVE-2022-34638 RESERVED CVE-2022-34637 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an inc ...) NOT-FOR-US: CVA6 CVE-2022-34636 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...) NOT-FOR-US: CVA6 CVE-2022-34635 (The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a9 ...) NOT-FOR-US: CVA6 CVE-2022-34634 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted ...) NOT-FOR-US: CVA6 CVE-2022-34633 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted ...) NOT-FOR-US: CVA6 CVE-2022-34632 (Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discov ...) NOT-FOR-US: Rocket-Chip CVE-2022-34631 RESERVED CVE-2022-34630 RESERVED CVE-2022-34629 RESERVED CVE-2022-34628 RESERVED CVE-2022-34627 RESERVED CVE-2022-34626 RESERVED CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Template Inje ...) NOT-FOR-US: hay-kot/mealie CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a user logs ...) NOT-FOR-US: Mealie CVE-2022-34623 REJECTED CVE-2022-34622 RESERVED CVE-2022-34621 (Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object ...) NOT-FOR-US: Mealie CVE-2022-34620 RESERVED CVE-2022-34619 (A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 all ...) NOT-FOR-US: hay-kot/mealie CVE-2022-34618 (A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 ...) NOT-FOR-US: hay-kot/mealie CVE-2022-34617 RESERVED CVE-2022-34616 RESERVED CVE-2022-34615 (Mealie 1.0.0beta3 employs weak password requirements which allows atta ...) NOT-FOR-US: Mealie CVE-2022-34614 RESERVED CVE-2022-34613 (Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability whic ...) NOT-FOR-US: hay-kot/mealie CVE-2022-34612 (Rizin v0.4.0 and below was discovered to contain an integer overflow v ...) NOT-FOR-US: Rizin CVE-2022-34611 (A cross-site scripting (XSS) vulnerability in /index.php/?p=report of ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34608 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34607 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34606 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34605 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34604 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34603 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34602 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34601 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34600 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34599 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) NOT-FOR-US: H3C Magic CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 por ...) NOT-FOR-US: udpserver in H3C Magic R100 V200R004 and V100R005 CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...) NOT-FOR-US: Tenda CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...) NOT-FOR-US: Tenda CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...) NOT-FOR-US: Tenda CVE-2022-34594 (Advanced School Management System v1.0 was discovered to contain a cro ...) NOT-FOR-US: Advanced School Management System CVE-2022-34593 (DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read ...) NOT-FOR-US: DPTech VPN CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...) NOT-FOR-US: Wavlink CVE-2022-34591 RESERVED CVE-2022-34590 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-34589 RESERVED CVE-2022-34588 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-34587 RESERVED CVE-2022-34586 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-34585 RESERVED CVE-2022-34584 RESERVED CVE-2022-34583 RESERVED CVE-2022-34582 RESERVED CVE-2022-34581 RESERVED CVE-2022-34580 (Advanced School Management System v1.0 was discovered to contain a cro ...) NOT-FOR-US: Advanced School Management System CVE-2022-34579 RESERVED CVE-2022-34578 (Open Source Point of Sale v3.3.7 was discovered to contain an arbitrar ...) NOT-FOR-US: Open Source Point of Sale CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 all ...) NOT-FOR-US: Wavlink CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M ...) NOT-FOR-US: Wavlink CVE-2022-34575 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) NOT-FOR-US: Wavlink CVE-2022-34574 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) NOT-FOR-US: Wavlink CVE-2022-34573 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) NOT-FOR-US: Wavlink CVE-2022-34572 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) NOT-FOR-US: Wavlink CVE-2022-34571 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) NOT-FOR-US: Wavlink CVE-2022-34570 (WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an inf ...) NOT-FOR-US: Wavlink CVE-2022-34569 RESERVED CVE-2022-34568 (SDL v1.2 was discovered to contain a use-after-free via the XFree func ...) - libsdl1.2 1.2.15+dfsg2-8 (bug #1016352) [bullseye] - libsdl1.2 (Minor issue) [buster] - libsdl1.2 (Minor issue) NOTE: https://github.com/libsdl-org/SDL-1.2/issues/863 NOTE: https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b CVE-2022-34567 (An issue in \Roaming\Mango\Plugins of University of Texas Multi-image ...) NOT-FOR-US: Mango CVE-2022-34566 RESERVED CVE-2022-34565 RESERVED CVE-2022-34564 RESERVED CVE-2022-34563 RESERVED CVE-2022-34562 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) NOT-FOR-US: PHPFox CVE-2022-34561 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) NOT-FOR-US: PHPFox CVE-2022-34560 (A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows att ...) NOT-FOR-US: PHPFox CVE-2022-34559 RESERVED CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon ...) NOT-FOR-US: WMCore CVE-2022-34557 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Barangay Management System CVE-2022-34556 (PicoC v3.2.2 was discovered to contain a NULL pointer dereference at v ...) NOT-FOR-US: PicoC CVE-2022-34555 (TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to conta ...) NOT-FOR-US: TP-Link CVE-2022-34554 RESERVED CVE-2022-34553 RESERVED CVE-2022-34552 RESERVED CVE-2022-34551 (Sims v1.0 was discovered to allow path traversal when downloading atta ...) NOT-FOR-US: Sims CVE-2022-34550 (Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulne ...) NOT-FOR-US: Sims CVE-2022-34549 (Sims v1.0 was discovered to contain an arbitrary file upload vulnerabi ...) NOT-FOR-US: Sims CVE-2022-34548 RESERVED CVE-2022-34547 RESERVED CVE-2022-34546 RESERVED CVE-2022-34545 RESERVED CVE-2022-34544 RESERVED CVE-2022-34543 RESERVED CVE-2022-34542 RESERVED CVE-2022-34541 RESERVED CVE-2022-34540 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) NOT-FOR-US: Digital Watchdog CVE-2022-34539 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) NOT-FOR-US: Digital Watchdog CVE-2022-34538 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) NOT-FOR-US: Digital Watchdog CVE-2022-34537 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) NOT-FOR-US: Digital Watchdog CVE-2022-34536 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attacker ...) NOT-FOR-US: Digital Watchdog CVE-2022-34535 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthen ...) NOT-FOR-US: Digital Watchdog CVE-2022-34534 (Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to ac ...) NOT-FOR-US: Digital Watchdog CVE-2022-34533 RESERVED CVE-2022-34532 RESERVED CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: DedeCMS CVE-2022-34530 (An issue in the login and reset password functionality of Backdrop CMS ...) - backdrop (bug #914257) CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...) NOT-FOR-US: WASM3 CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...) NOT-FOR-US: D-Link CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a command in ...) NOT-FOR-US: D-Link CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-4 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990 CVE-2022-34525 RESERVED CVE-2022-34524 RESERVED CVE-2022-34523 RESERVED CVE-2022-34522 RESERVED CVE-2022-34521 RESERVED CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...) - radare2 5.9.0+dfsg-1 (bug #1016979) NOTE: https://github.com/radareorg/radare2/issues/20354 NOTE: https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5 (5.7.4) CVE-2022-34519 RESERVED CVE-2022-34518 RESERVED CVE-2022-34517 RESERVED CVE-2022-34516 RESERVED CVE-2022-34515 RESERVED CVE-2022-34514 RESERVED CVE-2022-34513 RESERVED CVE-2022-34512 RESERVED CVE-2022-34511 RESERVED CVE-2022-34510 RESERVED CVE-2022-34509 (The wikifaces package in PyPI v1.0 included a code execution backdoor ...) NOT-FOR-US: wikifaces CVE-2022-34508 RESERVED CVE-2022-34507 RESERVED CVE-2022-34506 RESERVED CVE-2022-34505 RESERVED CVE-2022-34504 RESERVED CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via the f ...) - qpdf 9.0.0-1 (unimportant) NOTE: https://github.com/qpdf/qpdf/issues/701 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5 NOTE: Negligible security impact CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...) - radare2 5.9.0+dfsg-1 (bug #1016979) NOTE: https://github.com/radareorg/radare2/issues/20336 NOTE: https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4 (5.7.2) CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...) NOT-FOR-US: bin-collection CVE-2022-34500 (The bin-collect package in PyPI before v0.1 included a code execution ...) NOT-FOR-US: bin-collect CVE-2022-34499 RESERVED CVE-2022-34498 RESERVED CVE-2022-34497 RESERVED CVE-2022-34496 (Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upl ...) NOT-FOR-US: Hiby R3 PRO firmware CVE-2022-34495 (rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel be ...) - linux 5.18.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c2eecefec5df1306eafce28ccdf1ca159a552ecc (5.19-rc1) CVE-2022-34494 (rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the L ...) - linux 5.18.5-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1680939e9ecf7764fba8689cfb3429c2fe2bb23c (5.19-rc1) CVE-2022-2211 (A vulnerability was found in libguestfs. This issue occurs while calcu ...) - libguestfs 1:1.46.2-1 [bullseye] - libguestfs (Minor issue) [buster] - libguestfs (Minor issue) - guestfs-tools 1.48.3-4 (bug #1014764) [bookworm] - guestfs-tools 1.48.2-1+deb12u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862 NOTE: In 1:1.46.2-1 of src:libguestfs the tools were split out to src:guestfs-tools, marking that as fixed version NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029274.html NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029277.html NOTE: https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57 NOTE: Documentation: https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53 CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25 NOTE: https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (v8.2.5164) NOTE: Crash in CLI tool, no security impact CVE-2022-2209 REJECTED CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1 NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163) NOTE: Crash in CLI tool, no security impact CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant; bug #1015984) NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9 NOTE: https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162) NOTE: Crash in CLI tool, no security impact CVE-2022-34493 RESERVED CVE-2022-34492 RESERVED CVE-2022-34491 REJECTED CVE-2022-34490 RESERVED CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668 NOTE: https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 (v8.2.5160) NOTE: Crash in CLI tool, no security impact CVE-2022-34486 (Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allow ...) NOT-FOR-US: PukiWiki CVE-2022-27637 (Reflected cross-site scripting vulnerability in PukiWiki versions 1.5. ...) NOT-FOR-US: PukiWiki CVE-2022-2205 RESERVED - firefox 103.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2205 CVE-2022-2204 RESERVED CVE-2017-20108 (A vulnerability classified as problematic has been found in Easy Table ...) NOT-FOR-US: WordPress plugin CVE-2017-20107 (A vulnerability, which was classified as problematic, was found in Sha ...) NOT-FOR-US: ShadeYouVPN.com Client CVE-2017-20106 (A vulnerability, which was classified as critical, has been found in L ...) NOT-FOR-US: Lithium Forum CVE-2017-20105 (A vulnerability was found in Simplessus 3.7.7. It has been rated as cr ...) NOT-FOR-US: Simplessus CVE-2017-20104 (A vulnerability was found in Simplessus 3.7.7. It has been declared as ...) NOT-FOR-US: Simplessus CVE-2017-20103 (A vulnerability classified as critical has been found in Kama Click Co ...) NOT-FOR-US: WordPress plugin CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as critical ...) NOT-FOR-US: Album Lock CVE-2017-20101 (A vulnerability, which was classified as problematic, was found in Pro ...) NOT-FOR-US: ProjectSend CVE-2017-20100 (A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been ra ...) NOT-FOR-US: Air Transfer CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter Statistics Plugin ...) NOT-FOR-US: WordPress plugin CVE-2017-20098 (A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has ...) NOT-FOR-US: WordPress plugin CVE-2022-34150 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...) NOT-FOR-US: MiCODUS CVE-2022-33944 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...) NOT-FOR-US: MiCODUS CVE-2022-2203 RESERVED CVE-2022-2202 RESERVED CVE-2022-2201 RESERVED CVE-2022-2200 (If an object prototype was corrupted by an attacker, they would have b ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-2200 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200 CVE-2022-2199 (The main MiCODUS MV720 GPS tracker web server has a reflected cross-si ...) NOT-FOR-US: MiCODUS CVE-2022-34485 (Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team r ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485 CVE-2022-34484 (The Mozilla Fuzzing Team reported potential vulnerabilities present in ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34484 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34484 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34484 CVE-2022-34483 (An attacker who could have convinced a user to drag and drop an image ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34483 CVE-2022-34482 (An attacker who could have convinced a user to drag and drop an image ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482 CVE-2022-34481 (In the nsTArray_Impl::ReplaceElementsAt() function, an in ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34481 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34481 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34481 CVE-2022-34480 (Within the lg_init() function, if several allocations suc ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480 CVE-2022-34479 (A malicious website that could create a popup could have resized the p ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34479 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34479 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34479 CVE-2022-34478 (The ms-msdt, search, and search-ms (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34478 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34478 CVE-2022-34477 (The MediaError message property should be consistent to avoid leaking ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34477 CVE-2022-34476 (ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP cou ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34476 CVE-2022-34475 (SVG <use> tags that referenced a same-origin docume ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34475 CVE-2022-34474 (Even when an iframe was sandboxed with allow-top-navigation-by-u ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34474 CVE-2022-34473 (The HTML Sanitizer should have sanitized the href attribu ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473 CVE-2022-34472 (If there was a PAC URL set and the server that hosts the PAC was not r ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34472 CVE-2022-34471 (When downloading an update for an addon, the downloaded addon update's ...) - firefox 102.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471 CVE-2022-34470 (Session history navigations may have led to a use-after-free and poten ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34470 CVE-2022-34469 (When a TLS Certificate error occurs on a domain protected by the HSTS ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469 CVE-2022-34468 (An iframe that was not permitted to run scripts could do so if the use ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34468 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34468 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34468 CVE-2022-34467 (A vulnerability has been identified in Mendix Excel Importer Module (M ...) NOT-FOR-US: Siemens CVE-2022-34466 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) NOT-FOR-US: Siemens CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion plug ...) NOT-FOR-US: WordPress plugin CVE-2022-2197 (By using a specific credential string, an attacker with network access ...) NOT-FOR-US: Exemys CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...) {DLA-3404-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 CVE-2022-2195 RESERVED CVE-2022-2194 (The Accept Stripe Payments WordPress plugin before 2.0.64 does not san ...) NOT-FOR-US: WordPress plugin CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has been de ...) NOT-FOR-US: Apple iPhone CVE-2022-34463 RESERVED CVE-2022-34462 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) NOT-FOR-US: EMC CVE-2022-34461 REJECTED CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation vulnerab ...) NOT-FOR-US: Dell CVE-2022-34459 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...) NOT-FOR-US: Dell CVE-2022-34458 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...) NOT-FOR-US: Dell CVE-2022-34457 (Dell command configuration, version 4.8 and prior, contains improper f ...) NOT-FOR-US: Dell CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection ...) NOT-FOR-US: EMC CVE-2022-34455 RESERVED CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buff ...) NOT-FOR-US: Dell CVE-2022-34453 (Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper acc ...) NOT-FOR-US: Dell CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* con ...) NOT-FOR-US: Dell CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) NOT-FOR-US: Dell CVE-2022-34450 (PowerPath Management Appliance with version 3.3 contains Privilege Esc ...) NOT-FOR-US: Dell CVE-2022-34449 (PowerPath Management Appliance with versions 3.3 & 3.2* contains a Har ...) NOT-FOR-US: Dell CVE-2022-34448 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) NOT-FOR-US: Dell CVE-2022-34447 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) NOT-FOR-US: Dell CVE-2022-34446 (PowerPath Management Appliance with versions 3.3 & 3.2* contains Autho ...) NOT-FOR-US: Dell CVE-2022-34445 (Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak enc ...) NOT-FOR-US: Dell CVE-2022-34444 (Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an inf ...) NOT-FOR-US: Dell CVE-2022-34443 (Dell Rugged Control Center, versions prior to 4.5, contain an Improper ...) NOT-FOR-US: Dell CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) NOT-FOR-US: EMC CVE-2022-34441 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) NOT-FOR-US: EMC CVE-2022-34440 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) NOT-FOR-US: EMC CVE-2022-34439 (Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of ...) NOT-FOR-US: Dell CVE-2022-34438 (Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege con ...) NOT-FOR-US: Dell CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command inj ...) NOT-FOR-US: Dell CVE-2022-34436 (Dell iDRAC8 version 2.83.83.83 and prior contain an improper input val ...) NOT-FOR-US: Dell CVE-2022-34435 (Dell iDRAC9 version 6.00.02.00 and prior contain an improper input val ...) NOT-FOR-US: Dell CVE-2022-34434 (Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an ...) NOT-FOR-US: Dell CVE-2022-34433 RESERVED CVE-2022-34432 (Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-34431 (Dell Hybrid Client below 1.8 version contains a guest user profile cor ...) NOT-FOR-US: Dell CVE-2022-34430 (Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability ...) NOT-FOR-US: Dell CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability ...) NOT-FOR-US: Dell CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular Expression ...) NOT-FOR-US: Dell CVE-2022-34427 (Dell Container Storage Modules 1.2 contains an OS Command Injection in ...) NOT-FOR-US: Dell CVE-2022-34426 (Dell Container Storage Modules 1.2 contains an Improper Limitation of ...) NOT-FOR-US: Dell CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vu ...) NOT-FOR-US: Dell CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...) NOT-FOR-US: Dell CVE-2022-34423 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34422 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34421 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34420 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34419 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34418 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34417 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34416 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34415 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34414 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34413 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34412 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34411 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34410 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34409 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34408 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34407 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34406 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34405 (An improper access control vulnerability was identified in the Realtek ...) NOT-FOR-US: Dell CVE-2022-34404 (Dell System Update, version 2.0.0 and earlier, contains an Improper Ce ...) NOT-FOR-US: Dell CVE-2022-34403 (Dell BIOS contains a Stack based buffer overflow vulnerability. A loca ...) NOT-FOR-US: Dell CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...) NOT-FOR-US: Dell CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow vulnerability. A loca ...) NOT-FOR-US: Dell CVE-2022-34400 (Dell BIOS contains a heap buffer overflow vulnerability. A local attac ...) NOT-FOR-US: Dell CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer acc ...) NOT-FOR-US: Dell CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) NOT-FOR-US: Dell CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earli ...) NOT-FOR-US: Dell CVE-2022-34395 REJECTED CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...) NOT-FOR-US: Dell CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-34392 (SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insu ...) NOT-FOR-US: Dell CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...) NOT-FOR-US: Dell CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable vulnerability. A lo ...) NOT-FOR-US: Dell CVE-2022-34389 (Dell SupportAssist contains a rate limit bypass issues in screenmeet A ...) NOT-FOR-US: Dell CVE-2022-34388 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...) NOT-FOR-US: Dell CVE-2022-34387 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Suppor ...) NOT-FOR-US: Dell CVE-2022-34386 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...) NOT-FOR-US: Dell CVE-2022-34385 (SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssis ...) NOT-FOR-US: Dell CVE-2022-34384 (Dell SupportAssist Client Consumer (version 3.11.1 and prior), Support ...) NOT-FOR-US: Dell CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operat ...) NOT-FOR-US: Dell CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions prior t ...) NOT-FOR-US: Dell CVE-2022-34381 (Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell B ...) NOT-FOR-US: Dell CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...) NOT-FOR-US: Dell CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...) NOT-FOR-US: EMC CVE-2022-34378 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...) NOT-FOR-US: Dell CVE-2022-34377 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) NOT-FOR-US: Dell CVE-2022-34376 (Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input ...) NOT-FOR-US: Dell CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vulnerabi ...) NOT-FOR-US: Dell CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...) NOT-FOR-US: Dell CVE-2022-34373 (Dell Command | Integration Suite for System Center, versions prior to ...) NOT-FOR-US: Dell CVE-2022-34372 (Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an ...) NOT-FOR-US: Dell CVE-2022-34371 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) NOT-FOR-US: Dell CVE-2022-34370 RESERVED CVE-2022-34369 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...) NOT-FOR-US: Dell CVE-2022-34368 (Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0. ...) NOT-FOR-US: EMC CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...) NOT-FOR-US: Dell CVE-2022-34366 (Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Ove ...) NOT-FOR-US: Dell CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. An atta ...) NOT-FOR-US: Dell CVE-2022-34364 (Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug ...) NOT-FOR-US: Dell CVE-2022-34363 RESERVED CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...) NOT-FOR-US: HYPR CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 al ...) NOT-FOR-US: HYPR CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...) - jetty9 (Specific to 10.x) NOTE: https://github.com/eclipse/jetty.project/issues/8161 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 CVE-2022-34362 (IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection ...) NOT-FOR-US: IBM CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...) NOT-FOR-US: IBM CVE-2022-34360 RESERVED CVE-2022-34359 RESERVED CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2022-34357 (IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulne ...) NOT-FOR-US: IBM CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-34355 (IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6 ...) NOT-FOR-US: IBM CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage o ...) NOT-FOR-US: IBM CVE-2022-34353 RESERVED CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a ...) NOT-FOR-US: IBM CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allo ...) NOT-FOR-US: IBM CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, ...) NOT-FOR-US: IBM CVE-2022-34349 RESERVED CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...) NOT-FOR-US: IBM CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...) NOT-FOR-US: WordPress plugin CVE-2022-2188 (Privilege escalation vulnerability in DXL Broker for Windows prior to ...) NOT-FOR-US: Trellix CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...) NOT-FOR-US: WordPress plugin CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4 ...) NOT-FOR-US: WordPress plugin CVE-2017-20096 (A vulnerability classified as problematic has been found in WP-SpamFre ...) NOT-FOR-US: WordPress plugin CVE-2017-20095 (A vulnerability classified as critical was found in Simple Ads Manager ...) NOT-FOR-US: WordPress plugin CVE-2017-20094 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2017-20093 (A vulnerability, which was classified as problematic, was found in Dow ...) NOT-FOR-US: WordPress plugin CVE-2017-20092 (A vulnerability classified as problematic was found in Google Analytic ...) NOT-FOR-US: WordPress plugin CVE-2022-34343 RESERVED CVE-2022-34342 RESERVED CVE-2022-34341 RESERVED CVE-2022-34340 RESERVED CVE-2022-34339 ("IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials i ...) NOT-FOR-US: IBM CVE-2022-34338 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclo ...) NOT-FOR-US: IBM CVE-2022-34337 RESERVED CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-34335 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could ...) NOT-FOR-US: IBM CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not invalidate sessio ...) NOT-FOR-US: IBM CVE-2022-34333 (IBM Sterling Order Management 10.0 does not require that users should ...) NOT-FOR-US: IBM CVE-2022-34332 RESERVED CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance operat ...) NOT-FOR-US: IBM CVE-2022-34330 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) NOT-FOR-US: IBM CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive informati ...) NOT-FOR-US: IBM CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...) NOT-FOR-US: PMB CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...) NOT-FOR-US: YOKOGAWA CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...) NOT-FOR-US: WordPress plugin CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975 NOTE: https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa (v8.2.5151) NOTE: Crash in CLI tool, no security impact CVE-2022-2182 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8 NOTE: https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e (v8.2.5150) NOTE: Crash in CLI tool, no security impact CVE-2022-2181 (The Advanced WordPress Reset WordPress plugin before 1.6 does not esca ...) NOT-FOR-US: WordPress plugin CVE-2021-46824 (Cross Site Scripting (XSS) vulnerability in sourcecodester School File ...) NOT-FOR-US: sourcecodester School File Management System CVE-2022-34327 RESERVED CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek R ...) NOT-FOR-US: Realtek CVE-2022-34325 (DMA transactions which are targeted at input buffers used for the Stor ...) NOT-FOR-US: Insyde CVE-2022-34324 (Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow a ...) NOT-FOR-US: Sage CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4 ...) NOT-FOR-US: Sage CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise Intelligence 20 ...) NOT-FOR-US: Sage CVE-2022-34321 (Improper Authentication vulnerability in Apache Pulsar Proxy allows an ...) NOT-FOR-US: Apache Pulsar CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms th ...) NOT-FOR-US: IBM CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...) NOT-FOR-US: IBM CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...) NOT-FOR-US: IBM CVE-2022-34317 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...) NOT-FOR-US: IBM CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web sc ...) NOT-FOR-US: IBM CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...) NOT-FOR-US: IBM CVE-2022-34314 (IBM CICS TX 11.1 could disclose sensitive information to a local user ...) NOT-FOR-US: IBM CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) NOT-FOR-US: IBM CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...) NOT-FOR-US: IBM CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with physica ...) NOT-FOR-US: IBM CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) NOT-FOR-US: IBM CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) NOT-FOR-US: IBM CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) NOT-FOR-US: IBM CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) NOT-FOR-US: IBM CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...) NOT-FOR-US: IBM CVE-2022-34305 (In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ...) - tomcat9 9.0.65-1 (unimportant) - tomcat8 (unimportant) NOTE: https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k NOTE: https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac (9.0.65) NOTE: https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7 (8.5.82) NOTE: Only an issue in the Form authentication example from the examples web application CVE-2022-34304 RESERVED CVE-2022-34303 (A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacke ...) NOT-FOR-US: Eurosoft (UK) shim NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates NOTE: is out of scope for the Debian Security Tracker CVE-2022-34302 (A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. ...) NOT-FOR-US: New Horizon Datasys Inc shim NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates NOTE: is out of scope for the Debian Security Tracker CVE-2022-34301 (A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-0 ...) NOT-FOR-US: CryptoPro Secure Disk shim NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates NOTE: is out of scope for the Debian Security Tracker CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...) - tinyexr 1.0.1+dfsg-4 (bug #1014980) [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1 NOTE: https://github.com/syoyo/tinyexr/issues/167 NOTE: https://github.com/syoyo/tinyexr/pull/175 CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...) - dwarfutils (bug #1014493) [bookworm] - dwarfutils (Minor issue) [bullseye] - dwarfutils (Minor issue) [buster] - dwarfutils (Minor issue) [stretch] - dwarfutils (Minor issue) NOTE: https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162 NOTE: https://github.com/davea42/libdwarf-code/issues/119 NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001 CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...) NOT-FOR-US: OpenAM (different from src:openam) CVE-2022-34297 (Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload in ...) - yii (bug #597899) CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...) NOT-FOR-US: Zalando Skipper CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs.) NOT-FOR-US: totd CVE-2022-34294 (totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DN ...) NOT-FOR-US: totd CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) - wolfssl 5.5.3-1 (bug #1016981) [bullseye] - wolfssl (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 CVE-2022-34292 (Docker Desktop for Windows before 4.6.0 allows attackers to overwrite ...) NOT-FOR-US: Docker Desktop CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34290 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34289 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34288 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34287 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34286 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34285 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34284 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34283 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34282 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34281 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34280 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34279 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34278 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34277 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34276 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34275 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34274 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34273 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34272 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-34271 (A vulnerability in import module of Apache Atlas allows an authenticat ...) NOT-FOR-US: Apache Atlas CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate uploaded cu ...) NOT-FOR-US: WordPress theme CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...) NOT-FOR-US: Rockwell CVE-2022-2178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Saysis Computer Starcities CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...) NOT-FOR-US: Kayrasoft CVE-2022-2176 REJECTED CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55 NOTE: https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e (v8.2.5148) NOTE: Crash in CLI tool, no security impact CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does not e ...) NOT-FOR-US: WordPress plugin CVE-2022-2172 (The LinkWorth WordPress plugin before 3.3.4 does not implement nonce c ...) NOT-FOR-US: WordPress plugin CVE-2022-2171 (The Progressive License WordPress plugin through 1.1.0 is lacking any ...) NOT-FOR-US: WordPress plugin CVE-2022-2170 (The Microsoft Advertising Universal Event Tracking (UET) WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.83 do ...) NOT-FOR-US: WordPress plugin CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...) NOT-FOR-US: WordPress plugin CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...) NOT-FOR-US: WordPress theme CVE-2022-34270 (An issue was discovered in RWS WorldServer before 11.7.3. Regular user ...) NOT-FOR-US: RWS WorldServer CVE-2022-34269 (An issue was discovered in RWS WorldServer before 11.7.3. An authentic ...) NOT-FOR-US: RWS WorldServer CVE-2022-34268 (An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin ...) NOT-FOR-US: RWS WorldServer CVE-2022-34267 (An issue was discovered in RWS WorldServer before 11.7.3. Adding a tok ...) NOT-FOR-US: RWS WorldServer CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 a ...) NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...) {DSA-5254-1 DLA-3164-1} - python-django 2:4.0.6-1 (bug #1014541) NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2 NOTE: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ NOTE: https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c (main) NOTE: https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492 (4.0.6) NOTE: https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e (3.2.14) CVE-2022-34264 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) NOT-FOR-US: Adobe CVE-2022-34263 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-34262 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-34261 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-34260 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-34259 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34258 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34257 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34256 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34255 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34254 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34253 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34252 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe InCopy CVE-2022-34251 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe InCopy CVE-2022-34250 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe InCopy CVE-2022-34249 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe InCopy CVE-2022-34248 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34247 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34246 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34245 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34244 (Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34243 (Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-34242 (Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and ear ...) NOT-FOR-US: Adobe CVE-2022-34241 (Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and ear ...) NOT-FOR-US: Adobe CVE-2022-34240 RESERVED CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) NOT-FOR-US: Adobe CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34235 (Adobe Premiere Elements version 2020v20 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-34234 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34233 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34232 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34231 RESERVED CVE-2022-34230 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34229 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34221 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34220 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34219 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34218 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-34217 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34216 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34215 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) NOT-FOR-US: Adobe CVE-2022-34214 RESERVED CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...) NOT-FOR-US: Jenkins plugin CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize ...) NOT-FOR-US: Jenkins plugin CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix ...) NOT-FOR-US: Jenkins plugin CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 1.10 and e ...) NOT-FOR-US: Jenkins plugin CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker bu ...) NOT-FOR-US: Jenkins plugin CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification Plugin 1.1 ...) NOT-FOR-US: Jenkins plugin CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao ...) NOT-FOR-US: Jenkins plugin CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier al ...) NOT-FOR-US: Jenkins plugin CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Pl ...) NOT-FOR-US: Jenkins plugin CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile Platform Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convertig ...) NOT-FOR-US: Jenkins plugin CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passw ...) NOT-FOR-US: Jenkins plugin CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the na ...) NOT-FOR-US: Jenkins plugin CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape th ...) NOT-FOR-US: Jenkins plugin CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not escape the n ...) NOT-FOR-US: Jenkins plugin CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the n ...) NOT-FOR-US: Jenkins plugin CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape th ...) NOT-FOR-US: Jenkins plugin CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...) NOT-FOR-US: Jenkins plugin CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the na ...) NOT-FOR-US: Jenkins plugin CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not ...) NOT-FOR-US: Jenkins plugin CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controll ...) NOT-FOR-US: Jenkins plugin CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not corr ...) NOT-FOR-US: Jenkins plugin CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specif ...) NOT-FOR-US: Jenkins plugin CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link ...) NOT-FOR-US: Jenkins plugin CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some ...) - jenkins CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...) - jenkins CVE-2022-34173 (In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the bui ...) - jenkins CVE-2022-34172 (In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...) - jenkins CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) - jenkins CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) - jenkins CVE-2022-2166 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) - mastodon (bug #859741) CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...) {DSA-5256-1 DSA-5192-1 DSA-5188-1 DLA-3155-1} - openjdk-8 8u342-b07-1 - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 - bcel 6.5.0-2 (bug #1015860) NOTE: https://www.openwall.com/lists/oss-security/2022/07/19/5 NOTE: https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 NOTE: Bug is most likely only in bcel which libxalan2-java depends on. NOTE: https://github.com/apache/commons-bcel/pull/147 NOTE: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 CVE-2022-34168 RESERVED CVE-2022-34151 (Use of hard-coded credentials vulnerability exists in Machine automati ...) NOT-FOR-US: OMRON Industrial Automation CVE-2022-33971 (Authentication bypass by capture-replay vulnerability exists in Machin ...) NOT-FOR-US: OMRON Industrial Automation CVE-2022-33208 (Authentication bypass by capture-replay vulnerability exists in Machin ...) NOT-FOR-US: OMRON Industrial Automation CVE-2022-2165 (Insufficient data validation in URL formatting in Google Chrome prior ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2164 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2163 (Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0. ...) {DSA-5187-1 DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2162 (Insufficient policy enforcement in File System API in Google Chrome on ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2161 (Use after free in WebApp Provider in Google Chrome prior to 103.0.5060 ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2160 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2159 RESERVED CVE-2022-2158 (Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2157 (Use after free in Interest groups in Google Chrome prior to 103.0.5060 ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed ...) {DSA-5168-1} - chromium 103.0.5060.53-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2155 (A vulnerability exists in the affected versions of Lumada APM\u2019s U ...) NOT-FOR-US: Lumada CVE-2022-2154 REJECTED CVE-2022-2153 (A flaw was found in the Linux kernel\u2019s KVM when attempting to set ...) {DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1} - linux 5.17.3-1 [bullseye] - linux 5.10.140-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736 NOTE: https://git.kernel.org/linus/7ec37d1cbe17d8189d9562178d8b29167fe1c31a (5.18-rc1) NOTE: https://git.kernel.org/linus/00b5f37189d24ac3ed46cb7f11742094778c46ce (5.18-rc1) NOTE: https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1) CVE-2022-2152 (The Duplicate Page and Post WordPress plugin before 2.8 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 3.7.3 do ...) NOT-FOR-US: WordPress plugin CVE-2022-2150 RESERVED CVE-2022-2149 (The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-2148 (The LinkedIn Company Updates WordPress plugin through 1.5.3 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-2147 (Cloudflare Warp for Windows from version 2022.2.95.0 contained an unqu ...) NOT-FOR-US: Cloudflare Warp for Windows CVE-2022-2146 (The Import CSV Files WordPress plugin through 1.0 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed cre ...) NOT-FOR-US: Cloudflare WARP client for Windows CVE-2022-2144 (The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-s ...) NOT-FOR-US: IBM CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-34165 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSph ...) NOT-FOR-US: IBM CVE-2022-34164 (IBM CICS TX 11.1 could allow a local user to impersonate another legit ...) NOT-FOR-US: IBM CVE-2022-34163 (IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by imp ...) NOT-FOR-US: IBM CVE-2022-34162 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...) NOT-FOR-US: IBM CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to cross-site request forgery which cou ...) NOT-FOR-US: IBM CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...) NOT-FOR-US: IBM CVE-2022-34159 RESERVED CVE-2022-34158 (A carefully crafted invocation on the Image plugin could trigger an CS ...) - jspwiki CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...) NOT-FOR-US: iView CVE-2022-2142 (The affected product is vulnerable to a SQL injection with high attack ...) NOT-FOR-US: iView CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...) NOT-FOR-US: MiCODUS CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...) NOT-FOR-US: Elcomplus SmartICS CVE-2022-2139 (The affected product is vulnerable to directory traversal, which may a ...) NOT-FOR-US: iView CVE-2022-2138 (The affected product is vulnerable due to missing authentication, whic ...) NOT-FOR-US: iView CVE-2022-2137 (The affected product is vulnerable to two SQL injections that require ...) NOT-FOR-US: iView CVE-2022-2136 (The affected product is vulnerable to multiple SQL injections that req ...) NOT-FOR-US: iView CVE-2022-2135 (The affected product is vulnerable to multiple SQL injections, which m ...) NOT-FOR-US: iView CVE-2022-2134 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) NOT-FOR-US: inventree CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...) NOT-FOR-US: WordPress plugin CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK. This issue ...) {DSA-5222-1 DLA-3092-1} [experimental] - dpdk 22.11~rc2-1 - dpdk 22.11.1-2 (bug #1019589) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031 NOTE: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main) NOTE: https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717 (main) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=f167022606b5ccca27a627ae599538ce2348ef67 (v21.11.2) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556994d0901c317f6338ed2961185465f (v21.11.2) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f356635f6ac3755df1d04f9f1d097968 (v20.11.6) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375eb8e5394603308d17ee84b551ff369 (v20.11.6) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee2c68887aae166aed57d0b4af91fa60 (v19.11.13) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26a588518bde750f46ac700462a598ed (v19.11.13) NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/4 CVE-2022-2131 (OpenKM Community Edition in its 6.3.10 version and before was using XM ...) NOT-FOR-US: OpenKM CVE-2022-2130 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-XXXX [vlc issues fixed in 3.0.13] - vlc 3.0.16-1 [buster] - vlc 3.0.17.4-0+deb10u1 NOTE: https://www.videolan.org/security/sb-vlc3013.html NOTE: Tracking issues fixed in DSA-5165-1 without CVEs CVE-2022-34146 (Transient DOS due to improper input validation in WLAN Host while pars ...) NOT-FOR-US: Qualcomm CVE-2022-34145 (Transient DOS due to buffer over-read in WLAN Host while parsing frame ...) NOT-FOR-US: Qualcomm CVE-2022-34144 (Transient DOS due to reachable assertion in Modem during OSI decode sc ...) NOT-FOR-US: Qualcomm CVE-2022-34143 RESERVED CVE-2022-34142 RESERVED CVE-2022-34141 RESERVED CVE-2022-34140 (A stored cross-site scripting (XSS) vulnerability in /index.php?r=site ...) NOT-FOR-US: Feehi CMS CVE-2022-34139 RESERVED CVE-2022-34138 (Insecure direct object references (IDOR) in the web server of Biltema ...) NOT-FOR-US: Biltema IP and Baby Camera CVE-2022-34137 RESERVED CVE-2022-34136 RESERVED CVE-2022-34135 RESERVED CVE-2022-34134 (Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Requ ...) NOT-FOR-US: Benjamin BALET Jorani CVE-2022-34133 (Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scri ...) NOT-FOR-US: Benjamin BALET Jorani CVE-2022-34132 (Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Benjamin BALET Jorani CVE-2022-34131 RESERVED CVE-2022-34130 RESERVED CVE-2022-34129 RESERVED CVE-2022-34128 (The Cartography (aka positions) plugin before 6.0.1 for GLPI allows re ...) NOT-FOR-US: GLPI plugin CVE-2022-34127 (The Managentities plugin before 4.0.2 for GLPI allows reading local fi ...) NOT-FOR-US: GLPI plugin CVE-2022-34126 (The Activity plugin before 3.1.1 for GLPI allows reading local files v ...) NOT-FOR-US: GLPI plugin CVE-2022-34125 (front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows at ...) NOT-FOR-US: GLPI plugin CVE-2022-34124 RESERVED CVE-2022-34123 RESERVED CVE-2022-34122 RESERVED CVE-2022-34121 (Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) ...) NOT-FOR-US: Cuppa CMS CVE-2022-34120 (Barangay Management System v1.0 was discovered to contain a remote cod ...) NOT-FOR-US: Barangay Management System CVE-2022-34119 RESERVED CVE-2022-34118 RESERVED CVE-2022-34117 RESERVED CVE-2022-34116 RESERVED CVE-2022-34115 (DataEase v1.11.1 was discovered to contain a arbitrary file write vuln ...) NOT-FOR-US: Dataease CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: Dataease CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...) NOT-FOR-US: Dataease CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...) NOT-FOR-US: Dataease CVE-2022-34111 RESERVED CVE-2022-34110 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...) NOT-FOR-US: Micro-Star CVE-2022-34109 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...) NOT-FOR-US: Micro-Star CVE-2022-34108 (An issue in the Feature Navigator of Micro-Star International MSI Feat ...) NOT-FOR-US: Micro-Star CVE-2022-34107 RESERVED CVE-2022-34106 RESERVED CVE-2022-34105 RESERVED CVE-2022-34104 RESERVED CVE-2022-34103 RESERVED CVE-2022-34102 (Insufficient access control vulnerability was discovered in the Crestr ...) NOT-FOR-US: Crestron CVE-2022-34101 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...) NOT-FOR-US: Crestron CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...) NOT-FOR-US: Crestron CVE-2022-34099 RESERVED CVE-2022-34098 RESERVED CVE-2022-34097 RESERVED CVE-2022-34096 RESERVED CVE-2022-34095 RESERVED CVE-2022-34094 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) NOT-FOR-US: Portal do Software Publico Brasileiro i3geo CVE-2022-34093 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) NOT-FOR-US: Portal do Software Publico Brasileiro i3geo CVE-2022-34092 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) NOT-FOR-US: Portal do Software Publico Brasileiro i3geo CVE-2022-34091 RESERVED CVE-2022-34090 RESERVED CVE-2022-34089 RESERVED CVE-2022-34088 RESERVED CVE-2022-34087 RESERVED CVE-2022-34086 RESERVED CVE-2022-34085 RESERVED CVE-2022-34084 RESERVED CVE-2022-34083 RESERVED CVE-2022-34082 RESERVED CVE-2022-34081 RESERVED CVE-2022-34080 RESERVED CVE-2022-34079 RESERVED CVE-2022-34078 RESERVED CVE-2022-34077 RESERVED CVE-2022-34076 RESERVED CVE-2022-34075 RESERVED CVE-2022-34074 RESERVED CVE-2022-34073 RESERVED CVE-2022-34072 RESERVED CVE-2022-34071 RESERVED CVE-2022-34070 RESERVED CVE-2022-34069 RESERVED CVE-2022-34068 RESERVED CVE-2022-34067 (Warehouse Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Warehouse Management System CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to cont ...) NOT-FOR-US: Texercise package in PyPI CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contai ...) NOT-FOR-US: Rondolu-YT-Concate package in PyPI CVE-2022-34064 (The Zibal package in PyPI v1.0.0 was discovered to contain a code exec ...) NOT-FOR-US: Zibal package in PyPI CVE-2022-34063 RESERVED CVE-2022-34062 RESERVED CVE-2022-34061 (The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to ...) NOT-FOR-US: Catly-Translate package in PyPI CVE-2022-34060 (The Togglee package in PyPI version v0.0.8 was discovered to contain a ...) NOT-FOR-US: Togglee package in PyPI CVE-2022-34059 (The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a c ...) NOT-FOR-US: Sixfab-Tool in PyPI CVE-2022-34058 RESERVED CVE-2022-34057 (The Scoptrial package in PyPI version v0.0.5 was discovered to contain ...) NOT-FOR-US: Scoptrial package in PyPI CVE-2022-34056 (The Watertools package in PyPI v0.0.0 was discovered to contain a code ...) NOT-FOR-US: Watertools package in PyPI CVE-2022-34055 (The drxhello package in PyPI v0.0.1 was discovered to contain a code e ...) NOT-FOR-US: drxhello package in PyPI CVE-2022-34054 (The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain ...) NOT-FOR-US: Perdido package in PyPI CVE-2022-34053 (The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a ...) NOT-FOR-US: DR-Web-Engine package in PyPI CVE-2022-34052 RESERVED CVE-2022-34051 RESERVED CVE-2022-34050 RESERVED CVE-2022-34049 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...) NOT-FOR-US: WAVLINK CVE-2022-34048 (Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflect ...) NOT-FOR-US: WAVLINK CVE-2022-34047 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...) NOT-FOR-US: WAVLINK CVE-2022-34046 (An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows a ...) NOT-FOR-US: WAVLINK CVE-2022-34045 (Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardc ...) NOT-FOR-US: WAVLINK CVE-2022-34044 RESERVED CVE-2022-34043 (Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...) NOT-FOR-US: NoMachine Windows builds CVE-2022-34042 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Barangay Management System CVE-2022-34041 RESERVED CVE-2022-34040 RESERVED CVE-2022-34039 RESERVED CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of service via f ...) - etcd (unimportant) NOTE: https://github.com/etcd-io/etcd/pull/14022 NOTE: https://github.com/etcd-io/etcd/pull/14452 NOTE: Fixed by: https://github.com/etcd-io/etcd/commit/5a315ef88fbfa454e02d27b0b8acb4f89457cd90 NOTE: Negligible (and upstream disputed) security impact CVE-2022-34037 (An out-of-bounds read in the rewrite function at /modules/caddyhttp/re ...) NOT-FOR-US: Caddy CVE-2022-34036 RESERVED CVE-2022-34035 (HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ...) - htmldoc 1.9.12-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/426 NOTE: https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3 (v1.9.12) NOTE: Crash in CLI tool, no security impact CVE-2022-34034 RESERVED CVE-2022-34033 (HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_h ...) - htmldoc 1.9.12-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/425 NOTE: https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e (v1.9.12) CVE-2022-34032 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-34031 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-34030 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-34029 (Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via n ...) NOT-FOR-US: njs CVE-2022-34028 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-34027 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-34026 (ICEcoder v8.1 allows attackers to execute a directory traversal.) NOT-FOR-US: ICEcoder CVE-2022-34025 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: Vesta CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arbitrary ...) NOT-FOR-US: Barangay Management System CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Barangay Management System CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network S ...) NOT-FOR-US: ResIOT IOT Platform CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Plat ...) NOT-FOR-US: ResIOT IOT Platform CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...) NOT-FOR-US: DellResIOT CVE-2022-34019 RESERVED CVE-2022-34018 RESERVED CVE-2022-34017 RESERVED CVE-2022-34016 RESERVED CVE-2022-34015 RESERVED CVE-2022-34014 RESERVED CVE-2022-34013 (OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery ...) NOT-FOR-US: OneBlog CVE-2022-34012 (Insecure permissions in OneBlog v2.3.4 allows low-level administrators ...) NOT-FOR-US: OneBlog CVE-2022-34011 (OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery ...) NOT-FOR-US: OneBlog CVE-2022-34010 RESERVED CVE-2022-34009 (Fossil 2.18 on Windows allows attackers to cause a denial of service ( ...) - fossil (Windows-specific) CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...) NOT-FOR-US: Comodo Antivirus CVE-2022-34007 (EQS Integrity Line Professional through 2022-07-01 allows a stored XSS ...) NOT-FOR-US: EQS Integrity Line CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...) NOT-FOR-US: TitanFTP CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...) NOT-FOR-US: TitanFTP CVE-2022-34004 RESERVED CVE-2022-34003 RESERVED CVE-2022-34002 (The \u2018document\u2019 parameter of PDS Vista 7\u2019s /application/ ...) NOT-FOR-US: PDS Vista CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronousl ...) NOT-FOR-US: Unit4 CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...) - jpeg-xl (Fixed before initial upload to unstable, only affected experimental, bug #1013265) NOTE: https://github.com/libjxl/libjxl/issues/1477 NOTE: https://github.com/libjxl/libjxl/commit/aff17c4a57eb1e4d7ef00ea728d33cdb5b2ca9da CVE-2022-33948 (HOME SPOT CUBE2 V102 contains an OS command injection vulnerability du ...) NOT-FOR-US: HOME SPOT CUBE2 V102 CVE-2022-33999 RESERVED CVE-2022-33998 RESERVED CVE-2022-33997 RESERVED CVE-2022-33996 (Incorrect permission management in Devolutions Server before 2022.2 al ...) NOT-FOR-US: Devolutions Server CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...) NOT-FOR-US: Devolutions CVE-2022-33994 (The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by ...) NOT-FOR-US: Gutenberg plugin for WordPress CVE-2017-20091 (A vulnerability was found in File Manager Plugin 3.0.1. It has been cl ...) NOT-FOR-US: WordPress plugin CVE-2017-20090 (A vulnerability was found in Global Content Blocks Plugin 2.1.5. It ha ...) NOT-FOR-US: WordPress plugin CVE-2017-20089 (A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has bee ...) NOT-FOR-US: WordPress plugin CVE-2017-20088 (A vulnerability classified as problematic has been found in Atahualpa ...) NOT-FOR-US: WordPress theme CVE-2017-20087 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WordPress plugin CVE-2017-20086 (A vulnerability, which was classified as critical, was found in VaultP ...) NOT-FOR-US: WordPress plugin CVE-2017-20085 (A vulnerability has been found in Atahualpa Theme and classified as pr ...) NOT-FOR-US: WordPress theme CVE-2017-20084 (A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.8 ...) NOT-FOR-US: JUNG Smart Visu Server CVE-2017-20083 (A vulnerability, which was classified as critical, was found in JUNG S ...) NOT-FOR-US: JUNG Smart Visu Server CVE-2017-20082 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: JUNG Smart Visu Server CVE-2022-33993 (Misinterpretation of special domain name characters in DNRD (aka Domai ...) NOT-FOR-US: dnrd CVE-2022-33992 (DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS que ...) NOT-FOR-US: dnrd CVE-2022-33991 (dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with ...) NOT-FOR-US: dproxy CVE-2022-33990 (Misinterpretation of special domain name characters in dproxy-nexgen ( ...) NOT-FOR-US: dproxy CVE-2022-33989 (dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selec ...) NOT-FOR-US: dproxy CVE-2022-33988 (dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID ...) NOT-FOR-US: dproxy CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...) - node-got 11.8.3+~cs58.7.37-3 (bug #1013264) [bullseye] - node-got 11.8.1+~cs53.13.17-3+deb11u1 [buster] - node-got (vulnerability introduced later) NOTE: https://github.com/sindresorhus/got/pull/2047 NOTE: Fixed by: https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc (v12.1.0) NOTE: buster tested against CVE here https://salsa.debian.org/js-team/node-got/-/commit/47a15e189e39c29281532131675a998e1c0a9f8e CVE-2022-33986 (DMA attacks on the parameter buffer used by the VariableRuntimeDxe sof ...) NOT-FOR-US: Insyde CVE-2022-33985 (DMA transactions which are targeted at input buffers used for the NvmE ...) NOT-FOR-US: Insyde CVE-2022-33984 (DMA transactions which are targeted at input buffers used for the SdMm ...) NOT-FOR-US: Insyde CVE-2022-33983 (DMA transactions which are targeted at input buffers used for the NvmE ...) NOT-FOR-US: Insyde CVE-2022-33982 (DMA attacks on the parameter buffer used by the Int15ServiceSmm softwa ...) NOT-FOR-US: Insyde CVE-2022-33976 RESERVED CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...) NOT-FOR-US: Intel CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog Timer ins ...) NOT-FOR-US: Intel CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...) NOT-FOR-US: Intel CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...) NOT-FOR-US: Intel CVE-2022-32577 (Improper input validation in BIOS Firmware for some Intel(R) NUC Kits ...) NOT-FOR-US: Intel CVE-2022-32576 (Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before ve ...) NOT-FOR-US: Intel CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...) NOT-FOR-US: Intel CVE-2022-29895 RESERVED CVE-2022-29871 (Improper access control in the Intel(R) CSME software installer before ...) NOT-FOR-US: Intel CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5) CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...) {DSA-5290-1} - commons-configuration2 2.8.0-1 (bug #1014960) [buster] - commons-configuration2 (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) NOT-FOR-US: Trudesk CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to insuffic ...) {DSA-5647-1 DSA-5477-1 DLA-3792-1} - samba 2:4.18.5+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html NOTE: In scope for continued Samba support CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) {DLA-3053-1} - vim 2:9.0.0135-1 (unimportant; bug #1015984) NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123) NOTE: Crash in CLI tool, no security impact CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant; bug #1015984) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122) NOTE: Crash in CLI tool, no security impact CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) {DLA-3053-1} - vim 2:9.0.0135-1 (unimportant; bug #1015984) NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120) NOTE: Crash in CLI tool, no security impact CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...) - python-ldap 3.4.0-1 [bullseye] - python-ldap (Minor issue) [buster] - python-ldap (Minor issue) [stretch] - python-ldap (Minor issue) NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...) - libjpeg-turbo 1:2.1.1-1 [bullseye] - libjpeg-turbo (Minor issue) [buster] - libjpeg-turbo (Minor issue) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 (2.1.0) CVE-2017-20081 (A vulnerability, which was classified as critical, was found in Hindu ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20080 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20079 (A vulnerability classified as critical was found in Hindu Matrimonial ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20078 (A vulnerability classified as critical has been found in Hindu Matrimo ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20077 (A vulnerability was found in Hindu Matrimonial Script. It has been rat ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20076 (A vulnerability was found in Hindu Matrimonial Script. It has been dec ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20075 (A vulnerability was found in Hindu Matrimonial Script. It has been cla ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20074 (A vulnerability was found in Hindu Matrimonial Script and classified a ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20073 (A vulnerability has been found in Hindu Matrimonial Script and classif ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20072 (A vulnerability, which was classified as critical, was found in Hindu ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20071 (A vulnerability, which was classified as critical, has been found in H ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20070 (A vulnerability classified as critical was found in Hindu Matrimonial ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20069 (A vulnerability classified as critical has been found in Hindu Matrimo ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20068 (A vulnerability was found in Hindu Matrimonial Script. It has been rat ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20067 (A vulnerability was found in Hindu Matrimonial Script. It has been dec ...) NOT-FOR-US: Hindu Matrimonial Script CVE-2017-20066 (A vulnerability has been found in Adminer Login 1.4.4 and classified a ...) NOT-FOR-US: WordPress plugin CVE-2017-20065 (A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classifi ...) NOT-FOR-US: Supsystic Popup Plugin CVE-2017-20064 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declar ...) NOT-FOR-US: Elefant CMS CVE-2017-20063 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classi ...) NOT-FOR-US: Elefant CMS CVE-2017-20062 (A vulnerability was found in Elefant CMS 1.3.12-RC and classified as p ...) NOT-FOR-US: Elefant CMS CVE-2017-20061 (A vulnerability has been found in Elefant CMS 1.3.12-RC and classified ...) NOT-FOR-US: Elefant CMS CVE-2017-20060 (A vulnerability, which was classified as problematic, was found in Ele ...) NOT-FOR-US: Elefant CMS CVE-2017-20059 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Elefant CMS CVE-2017-20058 (A vulnerability classified as problematic was found in Elefant CMS 1.3 ...) NOT-FOR-US: Elefant CMS CVE-2017-20057 (A vulnerability classified as problematic has been found in Elefant CM ...) NOT-FOR-US: Elefant CMS CVE-2022-33959 (IBM Sterling Order Management 10.0 could allow a user to bypass valida ...) NOT-FOR-US: IBM CVE-2022-33958 RESERVED CVE-2022-33957 RESERVED CVE-2022-33956 RESERVED CVE-2022-33955 (IBM CICS TX 11.1 could allow allow an attacker with physical access to ...) NOT-FOR-US: IBM CVE-2022-33954 RESERVED CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...) NOT-FOR-US: IBM CVE-2022-33952 RESERVED CVE-2022-33951 RESERVED CVE-2022-33950 RESERVED CVE-2022-33945 (Improper input validation in some Intel(R) Server board and Intel(R) S ...) NOT-FOR-US: Intel CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...) NOT-FOR-US: Intel CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...) NOT-FOR-US: Intel CVE-2022-33899 RESERVED CVE-2022-33895 RESERVED CVE-2022-33894 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...) NOT-FOR-US: Intel CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) NOT-FOR-US: Intel CVE-2022-33200 RESERVED CVE-2022-33188 RESERVED CVE-2022-33176 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Pe ...) NOT-FOR-US: Intel CVE-2022-33143 RESERVED CVE-2022-33141 RESERVED CVE-2022-32762 RESERVED CVE-2022-32584 RESERVED CVE-2022-32580 RESERVED CVE-2022-32578 (Improper access control for the Intel(R) NUC Pro Software Suite before ...) NOT-FOR-US: Intel CVE-2022-32571 RESERVED CVE-2022-32288 RESERVED CVE-2022-32233 RESERVED CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...) NOT-FOR-US: Intel CVE-2022-31477 (Improper initialization for some Intel(R) NUC BIOS firmware may allow ...) NOT-FOR-US: Intel CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...) NOT-FOR-US: Intel CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...) NOT-FOR-US: Intel CVE-2022-30606 RESERVED CVE-2022-30537 RESERVED CVE-2022-30297 (Cross-site scripting in the Intel(R) EMA software before version 1.8.0 ...) NOT-FOR-US: Intel CVE-2022-29924 RESERVED CVE-2022-29921 RESERVED CVE-2022-26084 RESERVED CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...) NOT-FOR-US: WordPress plugin CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompression. In ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234 (1.20.3) CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) - dcmtk 3.6.7-1 (bug #1014044) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/1021 NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7) CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...) - dcmtk 3.6.7-6 (bug #1017743) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/1021 NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...) - dcmtk 3.6.7-6 (bug #1017743) [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/1021 NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and escape it ...) NOT-FOR-US: WordPress plugin CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9dbc13836cd52cda594f819d17af9afa2 (n2.2-rc1) CVE-2014-125024 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee35fdcc5ffdb28782050164b4623c0b (n2.2-rc1) CVE-2014-125023 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2240e2078d53d3cfce8ff1dda64e58fa72038602 (n2.2-rc1) CVE-2014-125022 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1713eec29add37b654ec6bf262b843d139c1ffc6 (n2.2-rc1) CVE-2014-125021 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5430839144c6da0160e8e0cfb0c8db01de432e94 (n2.2-rc1) CVE-2014-125020 (A vulnerability has been found in FFmpeg 2.0 and classified as critica ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f097d168d9cad473dd44010a337c1413a9cd198 (n2.2-rc1) CVE-2014-125019 (A vulnerability, which was classified as problematic, was found in FFm ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b25e84b7399bd91605596b67d761d3464dbe8a6e (n2.2-rc1) CVE-2014-125018 (A vulnerability, which was classified as problematic, has been found i ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa (n2.2-rc1) CVE-2014-125017 (A vulnerability classified as critical was found in FFmpeg 2.0. This v ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599 (n2.2-rc1) CVE-2014-125016 (A vulnerability was found in FFmpeg 2.0. It has been rated as problema ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e5c7229999182ad1cef13b9eca050dba7a5a08da (n2.2-rc1) CVE-2014-125015 (A vulnerability classified as critical has been found in FFmpeg 2.0. A ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8af04f2c02a25a7dec512289feff6517f (n2.2-rc1) CVE-2014-125014 (A vulnerability classified as problematic was found in FFmpeg 2.0. Aff ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d1e6602665d5ec1b7e211ab27b298c26139f82cc (n2.2-rc1) CVE-2014-125013 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2 (n2.2-rc1) CVE-2014-125012 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9 (n2.2-rc1) CVE-2014-125011 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f (n2.2-rc1) CVE-2014-125010 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91253839e14cce9793ee93f184cef609ca8195d5 (n2.2-rc1) CVE-2014-125009 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4 (n2.2-rc1) CVE-2014-125008 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg in unstable) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde (n2.3) CVE-2014-125007 (A vulnerability classified as problematic was found in FFmpeg 2.0. Aff ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg in unstable) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dfefc9097e9b4bb20442e65454a40043bd189b3d (n2.3) CVE-2014-125006 (A vulnerability, which was classified as problematic, has been found i ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58 (n2.2-rc1) CVE-2014-125005 (A vulnerability, which was classified as problematic, was found in FFm ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a (n2.2-rc1) CVE-2014-125004 (A vulnerability has been found in FFmpeg 2.0 and classified as problem ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608d (n2.2-rc1) CVE-2014-125003 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c (n2.2-rc1) CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b (n2.2-rc1) CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerabil ...) NOT-FOR-US: Dell CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...) NOT-FOR-US: EMC CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...) NOT-FOR-US: EMC CVE-2022-33934 (Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple s ...) NOT-FOR-US: Dell CVE-2022-33933 REJECTED CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) NOT-FOR-US: Dell CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33929 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33928 (Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Pass ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33927 (Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33926 (Dell Wyse Management Suite 3.6.1 and below contains an improper access ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33925 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...) NOT-FOR-US: Dell CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folde ...) NOT-FOR-US: Dell CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking ...) NOT-FOR-US: Dell CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path v ...) NOT-FOR-US: Dell CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure ...) NOT-FOR-US: Dell CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure ...) NOT-FOR-US: Dell CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29 ...) NOT-FOR-US: ARM Mali CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...) NOT-FOR-US: WordPress plugin CVE-2022-2116 (The Contact Form DB WordPress plugin before 1.8.0 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-2115 (The Popup Anything WordPress plugin before 2.1.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 ...) NOT-FOR-US: WordPress plugin CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...) NOT-FOR-US: inventree CVE-2022-2112 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: inventree CVE-2022-2111 (Unrestricted Upload of File with Dangerous Type in GitHub repository i ...) NOT-FOR-US: inventree CVE-2022-2110 RESERVED CVE-2022-2109 RESERVED CVE-2022-33916 (OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacke ...) NOT-FOR-US: OPC UA .NET Standard Reference Server CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before log4j- ...) NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package CVE-2022-33914 RESERVED CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, fil ...) - mahara CVE-2022-33912 (A permission issue affects users that deployed the shipped version of ...) NOT-FOR-US: Check MK as packaged by upstream CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4. Field na ...) NOT-FOR-US: Couchbase Server CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...) - mantis CVE-2022-33909 (DMA transactions which are targeted at input buffers used for the HddP ...) NOT-FOR-US: Insyde CVE-2022-33908 (DMA transactions which are targeted at input buffers used for the SdHo ...) NOT-FOR-US: Insyde CVE-2022-33907 (DMA transactions which are targeted at input buffers used for the soft ...) NOT-FOR-US: Insyde CVE-2022-33906 (DMA transactions which are targeted at input buffers used for the FwBl ...) NOT-FOR-US: Insyde CVE-2022-33905 (DMA transactions which are targeted at input buffers used for the Ahci ...) NOT-FOR-US: Insyde CVE-2022-33904 RESERVED CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging ...) - tor 0.4.7.8-1 [bullseye] - tor (Only affects 0.4.7.x) [buster] - tor (Only affects 0.4.7.x) [stretch] - tor (Only affects 0.4.7.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2099227 NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40626 NOTE: https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html NOTE: https://github.com/torproject/tor/commit/b0496d40197dd5b4fb7b694c1410082d4e34dda6 (tor-0.4.7.8) CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via the conf ...) - apache-spark (bug #802194) CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...) NOT-FOR-US: Autodesk CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...) NOT-FOR-US: Autodesk CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...) NOT-FOR-US: Autodesk CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...) NOT-FOR-US: Autodesk CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...) NOT-FOR-US: Autodesk CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 ...) NOT-FOR-US: Autodesk CVE-2022-33883 (A malicious crafted file consumed through Moldflow Synergy, Moldflow A ...) NOT-FOR-US: Autodesk CVE-2022-33882 (Under certain conditions, an attacker could create an unintended spher ...) NOT-FOR-US: Autodesk CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...) NOT-FOR-US: Autodesk CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...) NOT-FOR-US: Cybozu CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) NOT-FOR-US: Cybozu CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of Cybozu Offi ...) NOT-FOR-US: Cybozu CVE-2022-32544 (Operation restriction bypass vulnerability in Project of Cybozu Office ...) NOT-FOR-US: Cybozu CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 ...) NOT-FOR-US: Cybozu CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10 ...) NOT-FOR-US: Cybozu CVE-2022-30693 (Information disclosure vulnerability in the system configuration of Cy ...) NOT-FOR-US: Cybozu CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) NOT-FOR-US: Cybozu CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu Office ...) NOT-FOR-US: Cybozu CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 a ...) NOT-FOR-US: Cybozu CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) NOT-FOR-US: Cybozu CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu Office ...) NOT-FOR-US: Cybozu CVE-2022-2108 (The plugin Wbcom Designs \u2013 BuddyPress Group Reviews for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...) NOT-FOR-US: MiCODUS CVE-2022-2106 (Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficient ...) NOT-FOR-US: Elcomplus SmartICS CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...) NOT-FOR-US: Secheron CVE-2022-2104 (The www-data (Apache web server) account is configured to run sudo wit ...) NOT-FOR-US: Secheron CVE-2022-2103 (An attacker with weak credentials could access the TCP port via an ope ...) NOT-FOR-US: Secheron CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypassed. ...) NOT-FOR-US: Secheron CVE-2022-2101 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-33880 (hms-staff.php in Projectworlds Hospital Management System Mini-Project ...) NOT-FOR-US: Projectworlds Hospital Management System Mini-Project CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...) - tika (bug #1015002) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5 CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: FortiGuard CVE-2022-33877 (An incorrect default permission [CWE-276] vulnerability in FortiClient ...) NOT-FOR-US: Fortinet CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...) NOT-FOR-US: FortiGuard CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command ...) NOT-FOR-US: FortiGuard CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...) NOT-FOR-US: Fortiguard CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...) NOT-FOR-US: Fortiguard CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...) NOT-FOR-US: Fortiguard CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...) NOT-FOR-US: Fortinet CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2022-33869 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: Fortinet CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored ...) NOT-FOR-US: WordPress plugin CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...) NOT-FOR-US: Titra CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson S8. Aff ...) NOT-FOR-US: GE Healthcare CVE-2020-36548 (A vulnerability classified as problematic has been found in GE Voluson ...) NOT-FOR-US: GE Healthcare CVE-2020-36547 (A vulnerability was found in GE Voluson S8. It has been rated as criti ...) NOT-FOR-US: GE Healthcare CVE-2022-33868 RESERVED CVE-2022-33867 RESERVED CVE-2022-33866 RESERVED CVE-2022-33865 RESERVED CVE-2022-33864 RESERVED CVE-2022-33863 RESERVED CVE-2022-33862 RESERVED CVE-2022-33861 RESERVED CVE-2022-33860 RESERVED CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...) NOT-FOR-US: Eaton Foreseer EPMS CVE-2022-33858 RESERVED CVE-2022-33857 RESERVED CVE-2022-33856 RESERVED CVE-2022-33855 RESERVED CVE-2022-33854 RESERVED CVE-2022-33853 RESERVED CVE-2022-33852 RESERVED CVE-2022-33851 RESERVED CVE-2022-33850 RESERVED CVE-2022-33849 RESERVED CVE-2022-33848 RESERVED CVE-2022-33847 RESERVED CVE-2022-33846 RESERVED CVE-2022-33845 RESERVED CVE-2022-33844 RESERVED CVE-2022-33843 RESERVED CVE-2022-33842 RESERVED CVE-2022-33841 RESERVED CVE-2022-33840 RESERVED CVE-2022-33839 RESERVED CVE-2022-33838 RESERVED CVE-2022-33837 RESERVED CVE-2022-33836 RESERVED CVE-2022-33835 RESERVED CVE-2022-33834 RESERVED CVE-2022-33833 RESERVED CVE-2022-33832 RESERVED CVE-2022-33831 RESERVED CVE-2022-33830 RESERVED CVE-2022-33829 RESERVED CVE-2022-33828 RESERVED CVE-2022-33827 RESERVED CVE-2022-33826 RESERVED CVE-2022-33825 RESERVED CVE-2022-33824 RESERVED CVE-2022-33823 RESERVED CVE-2022-33822 RESERVED CVE-2022-33821 RESERVED CVE-2022-33820 RESERVED CVE-2022-33819 RESERVED CVE-2022-33818 RESERVED CVE-2022-33817 RESERVED CVE-2022-33816 RESERVED CVE-2022-33815 RESERVED CVE-2022-33814 RESERVED CVE-2022-33813 RESERVED CVE-2022-33812 RESERVED CVE-2022-33811 RESERVED CVE-2022-33810 RESERVED CVE-2022-33809 RESERVED CVE-2022-33808 RESERVED CVE-2022-33807 RESERVED CVE-2022-33806 RESERVED CVE-2022-33805 RESERVED CVE-2022-33804 RESERVED CVE-2022-33803 RESERVED CVE-2022-33802 RESERVED CVE-2022-33801 RESERVED CVE-2022-33800 RESERVED CVE-2022-33799 RESERVED CVE-2022-33798 RESERVED CVE-2022-33797 RESERVED CVE-2022-33796 RESERVED CVE-2022-33795 RESERVED CVE-2022-33794 RESERVED CVE-2022-33793 RESERVED CVE-2022-33792 RESERVED CVE-2022-33791 RESERVED CVE-2022-33790 RESERVED CVE-2022-33789 RESERVED CVE-2022-33788 RESERVED CVE-2022-33787 RESERVED CVE-2022-33786 RESERVED CVE-2022-33785 RESERVED CVE-2022-33784 RESERVED CVE-2022-33783 RESERVED CVE-2022-33782 RESERVED CVE-2022-33781 RESERVED CVE-2022-33780 RESERVED CVE-2022-33779 RESERVED CVE-2022-33778 RESERVED CVE-2022-33777 RESERVED CVE-2022-33776 RESERVED CVE-2022-33775 RESERVED CVE-2022-33774 RESERVED CVE-2022-33773 RESERVED CVE-2022-33772 RESERVED CVE-2022-33771 RESERVED CVE-2022-33770 RESERVED CVE-2022-33769 RESERVED CVE-2022-33768 RESERVED CVE-2022-33767 RESERVED CVE-2022-33766 RESERVED CVE-2022-33765 RESERVED CVE-2022-33764 RESERVED CVE-2022-33763 RESERVED CVE-2022-33762 RESERVED CVE-2022-33761 RESERVED CVE-2022-33760 RESERVED CVE-2022-33759 RESERVED CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...) {DSA-5343-1 DLA-3325-1} - openssl 3.0.5-1 (bug #1023424) NOTE: https://www.openssl.org/news/secadv/20220705.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=919925673d6c9cfed3c1085497f5dfbbed5fc431 (OpenSSL_1_1_1q) CVE-2022-2096 RESERVED CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...) - gitlab 15.10.8+ds1-2 CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2 ...) NOT-FOR-US: WordPress plugin CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...) NOT-FOR-US: WordPress plugin CVE-2022-2090 (The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-33758 RESERVED CVE-2022-33757 (An authenticated attacker could read Nessus Debug Log file attachments ...) NOT-FOR-US: Nessus CVE-2022-33756 (CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulner ...) NOT-FOR-US: CA Automic Automation CVE-2022-33755 (CA Automic Automation 12.2 and 12.3 contain an insecure input handling ...) NOT-FOR-US: CA Automic Automation CVE-2022-33754 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...) NOT-FOR-US: CA Automic Automation CVE-2022-33753 (CA Automic Automation 12.2 and 12.3 contain an insecure file creation ...) NOT-FOR-US: CA Automic Automation CVE-2022-33752 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...) NOT-FOR-US: CA Automic Automation CVE-2022-33751 (CA Automic Automation 12.2 and 12.3 contain an insecure memory handlin ...) NOT-FOR-US: CA Automic Automation CVE-2022-33750 (CA Automic Automation 12.2 and 12.3 contain an authentication error vu ...) NOT-FOR-US: CA Automic Automation CVE-2022-33749 (XAPI open file limit DoS It is possible for an unauthenticated client ...) - xen-api NOTE: https://xenbits.xen.org/xsa/advisory-413.html CVE-2022-33748 (lock order inversion in transitive grant copy handling As part of XSA- ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-411.html CVE-2022-33747 (Arm: unbounded memory consumption for 2nd-level page tables Certain ac ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-409.html CVE-2022-33746 (P2M pool freeing may take excessively long The P2M pool backing second ...) {DSA-5272-1} - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-410.html CVE-2022-33745 (insufficient TLB flush for x86 PV guests in shadow mode For migration ...) {DSA-5272-1} - xen 4.16.2-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-408.html NOTE: All versions of Xen with the XSA-401 fixes applied are vulnerable CVE-2022-33744 (Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 NOTE: https://xenbits.xen.org/xsa/advisory-406.html CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While addin ...) {DSA-5191-1} - linux 5.18.14-1 [buster] - linux (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-405.html CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 - xen 4.16.2-1 [bullseye] - xen (Too intrusive too backport) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-403.html CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 - xen 4.16.2-1 [bullseye] - xen (Too intrusive too backport) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-403.html CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 - xen 4.16.2-1 [bullseye] - xen (Too intrusive too backport) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-403.html CVE-2022-33739 (CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing v ...) NOT-FOR-US: CA Clarity CVE-2022-33738 (OpenVPN Access Server before 2.11 uses a weak random generator used to ...) NOT-FOR-US: OpenVPN Access Server CVE-2022-33737 (The OpenVPN Access Server installer creates a log file readable for ev ...) NOT-FOR-US: OpenVPN Access Server CVE-2022-33736 (A vulnerability has been identified in Opcenter Quality V13.1 (All ver ...) NOT-FOR-US: Siemens CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of L2Blocker(o ...) NOT-FOR-US: L2Blocker CVE-2022-2088 (An authenticated user with admin privileges may be able to terminate a ...) NOT-FOR-US: Elcomplus SmartICS CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...) NOT-FOR-US: SourceCodester Bank Management System CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Bank Management System CVE-2022-33735 (There is a password verification vulnerability in WS7200-10 11.0.2.13. ...) NOT-FOR-US: Huawei CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...) NOT-FOR-US: Samsung CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...) NOT-FOR-US: Samsung CVE-2022-33732 (Improper access control vulnerability in Samsung Dex for PC prior to S ...) NOT-FOR-US: Samsung CVE-2022-33731 (Improper access control vulnerability in DesktopSystemUI prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-33730 (Heap-based buffer overflow vulnerability in Samsung Dex for PC prior t ...) NOT-FOR-US: Samsung CVE-2022-33729 (Improper restriction of broadcasting Intent in ConfirmConnectActivity ...) NOT-FOR-US: Samsung CVE-2022-33728 (Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 R ...) NOT-FOR-US: Samsung CVE-2022-33727 (A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Au ...) NOT-FOR-US: Samsung CVE-2022-33726 (Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Au ...) NOT-FOR-US: Samsung CVE-2022-33725 (A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 ...) NOT-FOR-US: Samsung CVE-2022-33724 (Exposure of Sensitive Information in Samsung Dialer application?prior ...) NOT-FOR-US: Samsung CVE-2022-33723 (A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug- ...) NOT-FOR-US: Samsung CVE-2022-33722 (Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug ...) NOT-FOR-US: Samsung CVE-2022-33721 (A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-202 ...) NOT-FOR-US: Samsung CVE-2022-33720 (Improper authentication vulnerability in AppLock prior to SMR Aug-2022 ...) NOT-FOR-US: Samsung CVE-2022-33719 (Improper input validation in baseband prior to SMR Aug-2022 Release 1 ...) NOT-FOR-US: Samsung CVE-2022-33718 (An improper access control vulnerability in Wi-Fi Service prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-33717 (A missing input validation before memory read in SEM TA prior to SMR A ...) NOT-FOR-US: Samsung CVE-2022-33716 (An absence of variable initialization in ICCC TA prior to SMR Aug-2022 ...) NOT-FOR-US: Samsung CVE-2022-33715 (Improper access control and path traversal vulnerability in LauncherPr ...) NOT-FOR-US: Samsung CVE-2022-33714 (Improper access control vulnerability in SemWifiApBroadcastReceiver pr ...) NOT-FOR-US: Samsung CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior to vers ...) NOT-FOR-US: Samsung CVE-2022-33712 (Intent redirection vulnerability using implict intent in Camera prior ...) NOT-FOR-US: Samsung CVE-2022-33711 (Improper validation of integrity check vulnerability in Samsung USB Dr ...) NOT-FOR-US: Samsung CVE-2022-33710 (Improper input validation vulnerability in BillingPackageInsraller in ...) NOT-FOR-US: Samsung CVE-2022-33709 (Improper input validation vulnerability in ApexPackageInstaller in Gal ...) NOT-FOR-US: Samsung CVE-2022-33708 (Improper input validation vulnerability in AppsPackageInstaller in Gal ...) NOT-FOR-US: Samsung CVE-2022-33707 (Improper identifier creation logic in Find My Mobile prior to version ...) NOT-FOR-US: Samsung CVE-2022-33706 (Improper access control vulnerability in Samsung Gallery prior to vers ...) NOT-FOR-US: Samsung CVE-2022-33705 (Information exposure in Calendar prior to version 12.3.05.10000 allows ...) NOT-FOR-US: Samsung CVE-2022-33704 (Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior ...) NOT-FOR-US: Samsung CVE-2022-33703 (Improper validation vulnerability in CACertificateInfo prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2022-33702 (Improper authorization vulnerability in Knoxguard prior to SMR Jul-202 ...) NOT-FOR-US: Samsung CVE-2022-33701 (Improper access control vulnerability in KnoxCustomManagerService prio ...) NOT-FOR-US: Samsung CVE-2022-33700 (Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prio ...) NOT-FOR-US: Samsung CVE-2022-33699 (Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prio ...) NOT-FOR-US: Samsung CVE-2022-33698 (Exposure of Sensitive Information in Telecom application prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-33697 (Sensitive information exposure vulnerability in ImsServiceSwitchBase i ...) NOT-FOR-US: Samsung CVE-2022-33696 (Exposure of Sensitive Information in Telephony service prior to SMR Ju ...) NOT-FOR-US: Samsung CVE-2022-33695 (Use of improper permission in InputManagerService prior to SMR Jul-202 ...) NOT-FOR-US: Samsung CVE-2022-33694 (Exposure of Sensitive Information in CSC application prior to SMR Jul- ...) NOT-FOR-US: Samsung CVE-2022-33693 (Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 ...) NOT-FOR-US: Samsung CVE-2022-33692 (Exposure of Sensitive Information in Messaging application prior to SM ...) NOT-FOR-US: Samsung CVE-2022-33691 (A possible race condition vulnerability in score driver prior to SMR J ...) NOT-FOR-US: Samsung CVE-2022-33690 (Improper input validation in Contacts Storage prior to SMR Jul-2022 Re ...) NOT-FOR-US: Samsung CVE-2022-33689 (Improper access control vulnerability in TelephonyUI prior to SMR Jul- ...) NOT-FOR-US: Samsung CVE-2022-33688 (Sensitive information exposure vulnerability in EventType in SecTeleph ...) NOT-FOR-US: Samsung CVE-2022-33687 (Exposure of Sensitive Information in telephony-common.jar prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul- ...) NOT-FOR-US: Samsung CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-33684 (The Apache Pulsar C++ Client does not verify peer TLS certificates whe ...) NOT-FOR-US: Apache Pulsar CVE-2022-33683 (Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Clie ...) NOT-FOR-US: Apache Pulsar CVE-2022-33682 (TLS hostname verification cannot be enabled in the Pulsar Broker's Jav ...) NOT-FOR-US: Apache Pulsar CVE-2022-33681 (Delayed TLS hostname verification in the Pulsar Java Client and the Pu ...) NOT-FOR-US: Apache Pulsar CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33679 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33678 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33677 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33676 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33675 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33674 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33673 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33672 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33670 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33667 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33666 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33665 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33664 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33663 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33662 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33661 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33660 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33659 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33658 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33657 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33656 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33655 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33654 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33653 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33652 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33643 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33642 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33640 (System Center Operations Manager: Open Management Infrastructure (OMI) ...) NOT-FOR-US: Microsoft CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability) NOT-FOR-US: Skype for Business and Lync CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-33630 RESERVED CVE-2022-33629 RESERVED CVE-2022-33628 RESERVED CVE-2022-33627 RESERVED CVE-2022-33626 RESERVED CVE-2022-33625 RESERVED CVE-2022-33624 RESERVED CVE-2022-33623 RESERVED CVE-2022-33622 RESERVED CVE-2022-33621 RESERVED CVE-2022-33620 RESERVED CVE-2022-33619 RESERVED CVE-2022-33618 RESERVED CVE-2022-33617 RESERVED CVE-2022-33616 RESERVED CVE-2022-33615 RESERVED CVE-2022-33614 RESERVED CVE-2022-33613 RESERVED CVE-2022-33612 RESERVED CVE-2022-33611 RESERVED CVE-2022-33610 RESERVED CVE-2022-33609 RESERVED CVE-2022-33608 RESERVED CVE-2022-33607 RESERVED CVE-2022-33606 RESERVED CVE-2022-33605 RESERVED CVE-2022-33604 RESERVED CVE-2022-33603 RESERVED CVE-2022-33602 RESERVED CVE-2022-33601 RESERVED CVE-2022-33600 RESERVED CVE-2022-33599 RESERVED CVE-2022-33598 RESERVED CVE-2022-33597 RESERVED CVE-2022-33596 RESERVED CVE-2022-33595 RESERVED CVE-2022-33594 RESERVED CVE-2022-33593 RESERVED CVE-2022-33592 RESERVED CVE-2022-33591 RESERVED CVE-2022-33590 RESERVED CVE-2022-33589 RESERVED CVE-2022-33588 RESERVED CVE-2022-33587 RESERVED CVE-2022-33586 RESERVED CVE-2022-33585 RESERVED CVE-2022-33584 RESERVED CVE-2022-33583 RESERVED CVE-2022-33582 RESERVED CVE-2022-33581 RESERVED CVE-2022-33580 RESERVED CVE-2022-33579 RESERVED CVE-2022-33578 RESERVED CVE-2022-33577 RESERVED CVE-2022-33576 RESERVED CVE-2022-33575 RESERVED CVE-2022-33574 RESERVED CVE-2022-33573 RESERVED CVE-2022-33572 RESERVED CVE-2022-33571 RESERVED CVE-2022-33570 RESERVED CVE-2022-33569 RESERVED CVE-2022-33568 RESERVED CVE-2022-33567 RESERVED CVE-2022-33566 RESERVED CVE-2022-33565 RESERVED CVE-2022-33564 RESERVED CVE-2022-33563 RESERVED CVE-2022-33562 RESERVED CVE-2022-33561 RESERVED CVE-2022-33560 RESERVED CVE-2022-33559 RESERVED CVE-2022-33558 RESERVED CVE-2022-33557 RESERVED CVE-2022-33556 RESERVED CVE-2022-33555 RESERVED CVE-2022-33554 RESERVED CVE-2022-33553 RESERVED CVE-2022-33552 RESERVED CVE-2022-33551 RESERVED CVE-2022-33550 RESERVED CVE-2022-33549 RESERVED CVE-2022-33548 RESERVED CVE-2022-33547 RESERVED CVE-2022-33546 RESERVED CVE-2022-33545 RESERVED CVE-2022-33544 RESERVED CVE-2022-33543 RESERVED CVE-2022-33542 RESERVED CVE-2022-33541 RESERVED CVE-2022-33540 RESERVED CVE-2022-33539 RESERVED CVE-2022-33538 RESERVED CVE-2022-33537 RESERVED CVE-2022-33536 RESERVED CVE-2022-33535 RESERVED CVE-2022-33534 RESERVED CVE-2022-33533 RESERVED CVE-2022-33532 RESERVED CVE-2022-33531 RESERVED CVE-2022-33530 RESERVED CVE-2022-33529 RESERVED CVE-2022-33528 RESERVED CVE-2022-33527 RESERVED CVE-2022-33526 RESERVED CVE-2022-33525 RESERVED CVE-2022-33524 RESERVED CVE-2022-33523 RESERVED CVE-2022-33522 RESERVED CVE-2022-33521 RESERVED CVE-2022-33520 RESERVED CVE-2022-33519 RESERVED CVE-2022-33518 RESERVED CVE-2022-33517 RESERVED CVE-2022-33516 RESERVED CVE-2022-33515 RESERVED CVE-2022-33514 RESERVED CVE-2022-33513 RESERVED CVE-2022-33512 RESERVED CVE-2022-33511 RESERVED CVE-2022-33510 RESERVED CVE-2022-33509 RESERVED CVE-2022-33508 RESERVED CVE-2022-33507 RESERVED CVE-2022-33506 RESERVED CVE-2022-33505 RESERVED CVE-2022-33504 RESERVED CVE-2022-33503 RESERVED CVE-2022-33502 RESERVED CVE-2022-33501 RESERVED CVE-2022-33500 RESERVED CVE-2022-33499 RESERVED CVE-2022-33498 RESERVED CVE-2022-33497 RESERVED CVE-2022-33496 RESERVED CVE-2022-33495 RESERVED CVE-2022-33494 RESERVED CVE-2022-33493 RESERVED CVE-2022-33492 RESERVED CVE-2022-33491 RESERVED CVE-2022-33490 RESERVED CVE-2022-33489 RESERVED CVE-2022-33488 RESERVED CVE-2022-33487 RESERVED CVE-2022-33486 RESERVED CVE-2022-33485 RESERVED CVE-2022-33484 RESERVED CVE-2022-33483 RESERVED CVE-2022-33482 RESERVED CVE-2022-33481 RESERVED CVE-2022-33480 RESERVED CVE-2022-33479 RESERVED CVE-2022-33478 RESERVED CVE-2022-33477 RESERVED CVE-2022-33476 RESERVED CVE-2022-33475 RESERVED CVE-2022-33474 RESERVED CVE-2022-33473 RESERVED CVE-2022-33472 RESERVED CVE-2022-33471 RESERVED CVE-2022-33470 RESERVED CVE-2022-33469 RESERVED CVE-2022-33468 RESERVED CVE-2022-33467 RESERVED CVE-2022-33466 RESERVED CVE-2022-33465 RESERVED CVE-2022-33464 RESERVED CVE-2022-33463 RESERVED CVE-2022-33462 RESERVED CVE-2022-33461 RESERVED CVE-2022-33460 RESERVED CVE-2022-33459 RESERVED CVE-2022-33458 RESERVED CVE-2022-33457 RESERVED CVE-2022-33456 RESERVED CVE-2022-33455 RESERVED CVE-2022-33454 RESERVED CVE-2022-33453 RESERVED CVE-2022-33452 RESERVED CVE-2022-33451 RESERVED CVE-2022-33450 RESERVED CVE-2022-33449 RESERVED CVE-2022-33448 RESERVED CVE-2022-33447 RESERVED CVE-2022-33446 RESERVED CVE-2022-33445 RESERVED CVE-2022-33444 RESERVED CVE-2022-33443 RESERVED CVE-2022-33442 RESERVED CVE-2022-33441 RESERVED CVE-2022-33440 RESERVED CVE-2022-33439 RESERVED CVE-2022-33438 RESERVED CVE-2022-33437 RESERVED CVE-2022-33436 RESERVED CVE-2022-33435 RESERVED CVE-2022-33434 RESERVED CVE-2022-33433 RESERVED CVE-2022-33432 RESERVED CVE-2022-33431 RESERVED CVE-2022-33430 RESERVED CVE-2022-33429 RESERVED CVE-2022-33428 RESERVED CVE-2022-33427 RESERVED CVE-2022-33426 RESERVED CVE-2022-33425 RESERVED CVE-2022-33424 RESERVED CVE-2022-33423 RESERVED CVE-2022-33422 RESERVED CVE-2022-33421 RESERVED CVE-2022-33420 RESERVED CVE-2022-33419 RESERVED CVE-2022-33418 RESERVED CVE-2022-33417 RESERVED CVE-2022-33416 RESERVED CVE-2022-33415 RESERVED CVE-2022-33414 RESERVED CVE-2022-33413 RESERVED CVE-2022-33412 RESERVED CVE-2022-33411 RESERVED CVE-2022-33410 RESERVED CVE-2022-33409 RESERVED CVE-2022-33408 RESERVED CVE-2022-33407 RESERVED CVE-2022-33406 RESERVED CVE-2022-33405 RESERVED CVE-2022-33404 RESERVED CVE-2022-33403 RESERVED CVE-2022-33402 RESERVED CVE-2022-33401 RESERVED CVE-2022-33400 RESERVED CVE-2022-33399 RESERVED CVE-2022-33398 RESERVED CVE-2022-33397 RESERVED CVE-2022-33396 RESERVED CVE-2022-33395 RESERVED CVE-2022-33394 RESERVED CVE-2022-33393 RESERVED CVE-2022-33392 RESERVED CVE-2022-33391 RESERVED CVE-2022-33390 RESERVED CVE-2022-33389 RESERVED CVE-2022-33388 RESERVED CVE-2022-33387 RESERVED CVE-2022-33386 RESERVED CVE-2022-33385 RESERVED CVE-2022-33384 RESERVED CVE-2022-33383 RESERVED CVE-2022-33382 RESERVED CVE-2022-33381 RESERVED CVE-2022-33380 RESERVED CVE-2022-33379 RESERVED CVE-2022-33378 RESERVED CVE-2022-33377 RESERVED CVE-2022-33376 RESERVED CVE-2022-33375 RESERVED CVE-2022-33374 RESERVED CVE-2022-33373 RESERVED CVE-2022-33372 RESERVED CVE-2022-33371 RESERVED CVE-2022-33370 RESERVED CVE-2022-33369 RESERVED CVE-2022-33368 RESERVED CVE-2022-33367 RESERVED CVE-2022-33366 RESERVED CVE-2022-33365 RESERVED CVE-2022-33364 RESERVED CVE-2022-33363 RESERVED CVE-2022-33362 RESERVED CVE-2022-33361 RESERVED CVE-2022-33360 RESERVED CVE-2022-33359 RESERVED CVE-2022-33358 RESERVED CVE-2022-33357 RESERVED CVE-2022-33356 RESERVED CVE-2022-33355 RESERVED CVE-2022-33354 RESERVED CVE-2022-33353 RESERVED CVE-2022-33352 RESERVED CVE-2022-33351 RESERVED CVE-2022-33350 RESERVED CVE-2022-33349 RESERVED CVE-2022-33348 RESERVED CVE-2022-33347 RESERVED CVE-2022-33346 RESERVED CVE-2022-33345 RESERVED CVE-2022-33344 RESERVED CVE-2022-33343 RESERVED CVE-2022-33342 RESERVED CVE-2022-33341 RESERVED CVE-2022-33340 RESERVED CVE-2022-33339 RESERVED CVE-2022-33338 RESERVED CVE-2022-33337 RESERVED CVE-2022-33336 RESERVED CVE-2022-33335 RESERVED CVE-2022-33334 RESERVED CVE-2022-33333 RESERVED CVE-2022-33332 RESERVED CVE-2022-33331 RESERVED CVE-2022-33330 RESERVED CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript, whi ...) - ghostscript 9.56.0~dfsg-1 [bullseye] - ghostscript (Vulnerable code not present) [buster] - ghostscript (Vulnerable code not present) [stretch] - ghostscript (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704945 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1) NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;h=6f332dd0baee0135ebff0bf25c56e9adff0f944a (ghostpdl-9.55.0rc1) CVE-2022-2084 (Sensitive data could be exposed in world readable logs of cloud-init b ...) - cloud-init 22.2-2 (bug #1014247) [bullseye] - cloud-init (Vulnerable code not present, introduced in 22.2) [buster] - cloud-init (Vulnerable code not present, introduced in 22.2) NOTE: https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c NOTE: https://bugs.launchpad.net/cloud-init/+bug/1978422 CVE-2022-2083 (The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAu ...) NOT-FOR-US: WordPress plugin CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33327 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...) NOT-FOR-US: Robustel R1510 CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...) NOT-FOR-US: Mitsubishi CVE-2022-33323 (Active Debug Code vulnerability in robot controller of Mitsubishi Elec ...) NOT-FOR-US: Mitsubishi CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...) NOT-FOR-US: Mitsubishi Electric CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability due to t ...) NOT-FOR-US: Mitsubishi Electric CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) NOT-FOR-US: ICONICS CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...) NOT-FOR-US: ICONICS CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) NOT-FOR-US: ICONICS CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...) NOT-FOR-US: ICONICS CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) NOT-FOR-US: ICONICS CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) NOT-FOR-US: ICONICS CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...) NOT-FOR-US: Robustel R1510 CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...) NOT-FOR-US: Robustel R1510 CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...) NOT-FOR-US: Robustel R1510 CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while parsing s ...) NOT-FOR-US: Qualcomm CVE-2022-33308 RESERVED CVE-2022-33307 (Memory Corruption due to double free in automotive when a bad HLOS add ...) NOT-FOR-US: Qualcomm CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing an inco ...) NOT-FOR-US: Qualcomm CVE-2022-33305 (Transient DOS due to NULL pointer dereference in Modem while sending i ...) NOT-FOR-US: Qualcomm CVE-2022-33304 (Transient DOS due to NULL pointer dereference in Modem while performin ...) NOT-FOR-US: Qualcomm CVE-2022-33303 (Transient DOS due to uncontrolled resource consumption in Linux kernel ...) NOT-FOR-US: Qualcomm CVE-2022-33302 (Memory corruption due to improper validation of array index in User Id ...) NOT-FOR-US: Qualcomm CVE-2022-33301 (Memory corruption due to incorrect type conversion or cast in audio wh ...) NOT-FOR-US: Qualcomm CVE-2022-33300 (Memory corruption in Automotive Android OS due to improper input valid ...) NOT-FOR-US: Qualcomm CVE-2022-33299 (Transient DOS due to null pointer dereference in Bluetooth HOST while ...) NOT-FOR-US: Qualcomm CVE-2022-33298 (Memory corruption due to use after free in Modem while modem initializ ...) NOT-FOR-US: Qualcomm CVE-2022-33297 (Information disclosure due to buffer overread in Linux sensors) NOT-FOR-US: Qualcomm CVE-2022-33296 (Memory corruption due to integer overflow to buffer overflow in Modem ...) NOT-FOR-US: Qualcomm CVE-2022-33295 (Information disclosure in Modem due to buffer over-read while parsing ...) NOT-FOR-US: Qualcomm CVE-2022-33294 (Transient DOS in Modem due to NULL pointer dereference while receiving ...) NOT-FOR-US: Qualcomm CVE-2022-33293 RESERVED CVE-2022-33292 (Memory corruption in Qualcomm IPC due to use after free while receivin ...) NOT-FOR-US: Qualcomm CVE-2022-33291 (Information disclosure in Modem due to buffer over-read while receivin ...) NOT-FOR-US: Qualcomm CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer dereference when a ...) NOT-FOR-US: Qualcomm CVE-2022-33289 (Memory corruption occurs in Modem due to improper validation of array ...) NOT-FOR-US: Qualcomm CVE-2022-33288 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-33287 (Information disclosure in Modem due to buffer over-read while getting ...) NOT-FOR-US: Qualcomm CVE-2022-33286 (Transient DOS due to buffer over-read in WLAN while processing 802.11 ...) NOT-FOR-US: Qualcomm CVE-2022-33285 (Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA a ...) NOT-FOR-US: Qualcomm CVE-2022-33284 (Information disclosure due to buffer over-read in WLAN while parsing B ...) NOT-FOR-US: Qualcomm CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while WLAN fram ...) NOT-FOR-US: Qualcomm CVE-2022-33282 (Memory corruption in Automotive Multimedia due to integer overflow to ...) NOT-FOR-US: Qualcomm CVE-2022-33281 (Memory corruption due to improper validation of array index in compute ...) NOT-FOR-US: Qualcomm CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Bluetooth ...) NOT-FOR-US: Qualcomm CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...) NOT-FOR-US: Qualcomm CVE-2022-33278 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...) NOT-FOR-US: Qualcomm CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...) NOT-FOR-US: Qualcomm CVE-2022-33275 (Memory corruption due to improper validation of array index in WLAN HA ...) NOT-FOR-US: Qualcomm CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...) NOT-FOR-US: Qualcomm CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...) NOT-FOR-US: Qualcomm CVE-2022-33272 (Transient DOS in modem due to reachable assertion.) NOT-FOR-US: Qualcomm CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...) NOT-FOR-US: Qualcomm CVE-2022-33270 (Transient DOS due to time-of-check time-of-use race condition in Modem ...) NOT-FOR-US: Qualcomm CVE-2022-33269 (Memory corruption due to integer overflow or wraparound in Core while ...) NOT-FOR-US: Qualcomm CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST while ...) NOT-FOR-US: Qualcomm CVE-2022-33267 (Memory corruption in Linux while sending DRM request.) NOT-FOR-US: Qualcomm CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer overflow ...) NOT-FOR-US: Qualcomm CVE-2022-33265 (Memory corruption due to information exposure in Powerline Communicati ...) NOT-FOR-US: Qualcomm CVE-2022-33264 (Memory corruption in modem due to stack based buffer overflow while pa ...) NOT-FOR-US: Qualcomm CVE-2022-33263 (Memory corruption due to use after free in Core when multiple DCI clie ...) NOT-FOR-US: Qualcomm CVE-2022-33262 RESERVED CVE-2022-33261 RESERVED CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core while sen ...) NOT-FOR-US: Qualcomm CVE-2022-33259 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-33258 (Information disclosure due to buffer over-read in modem while reading ...) NOT-FOR-US: Qualcomm CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use race condit ...) NOT-FOR-US: Qualcomm CVE-2022-33256 (Memory corruption due to improper validation of array index in Multi-m ...) NOT-FOR-US: Qualcomm CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...) NOT-FOR-US: Qualcomm CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while processing SIB ...) NOT-FOR-US: Qualcomm CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted ...) NOT-FOR-US: Qualcomm CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling ...) NOT-FOR-US: Qualcomm CVE-2022-33251 (Transient DOS due to reachable assertion in Modem because of invalid n ...) NOT-FOR-US: Qualcomm CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network repeate ...) NOT-FOR-US: Qualcomm CVE-2022-33249 RESERVED CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...) NOT-FOR-US: Qualcomm CVE-2022-33247 RESERVED CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...) NOT-FOR-US: Qualcomm CVE-2022-33245 (Memory corruption in WLAN due to use after free) NOT-FOR-US: Qualcomm CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB reception ...) NOT-FOR-US: Qualcomm CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC.) NOT-FOR-US: Qualcomm CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm IPC while ...) NOT-FOR-US: Qualcomm CVE-2022-33241 RESERVED CVE-2022-33240 (Memory corruption in Audio due to incorrect type cast during audio use ...) NOT-FOR-US: Qualcomm CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in WLAN firm ...) NOT-FOR-US: Snapdragon CVE-2022-33238 (Transient DOS due to loop with unreachable exit condition in WLAN whil ...) NOT-FOR-US: Qualcomm CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while processin ...) NOT-FOR-US: Snapdragon CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while parsing c ...) NOT-FOR-US: Snapdragon CVE-2022-33235 (Information disclosure due to buffer over-read in WLAN firmware while ...) NOT-FOR-US: Qualcomm CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...) NOT-FOR-US: Snapdragon CVE-2022-33233 (Memory corruption due to configuration weakness in modem wile sending ...) NOT-FOR-US: Qualcomm CVE-2022-33232 (Memory corruption due to buffer copy without checking size of input wh ...) NOT-FOR-US: Qualcomm CVE-2022-33231 (Memory corruption due to double free in core while initializing the en ...) NOT-FOR-US: Qualcomm CVE-2022-33230 (Memory corruption in FM Host due to buffer copy without checking the s ...) NOT-FOR-US: Qualcomm CVE-2022-33229 (Information disclosure due to buffer over-read in Modem while using st ...) NOT-FOR-US: Qualcomm CVE-2022-33228 (Information disclosure sue to buffer over-read in modem while processi ...) NOT-FOR-US: Qualcomm CVE-2022-33227 (Memory corruption in Linux android due to double free while calling un ...) NOT-FOR-US: Qualcomm CVE-2022-33226 (Memory corruption due to buffer copy without checking the size of inpu ...) NOT-FOR-US: Qualcomm CVE-2022-33225 (Memory corruption due to use after free in trusted application environ ...) NOT-FOR-US: Qualcomm CVE-2022-33224 (Memory corruption in core due to buffer copy without check9ing the siz ...) NOT-FOR-US: Qualcomm CVE-2022-33223 (Transient DOS in Modem due to null pointer dereference while processin ...) NOT-FOR-US: Qualcomm CVE-2022-33222 (Information disclosure due to buffer over-read while parsing DNS respo ...) NOT-FOR-US: Qualcomm CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...) NOT-FOR-US: Qualcomm CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer over-rea ...) NOT-FOR-US: Qualcomm CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...) NOT-FOR-US: Qualcomm CVE-2022-33218 (Memory corruption in Automotive due to improper input validation.) NOT-FOR-US: Qualcomm CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking ...) NOT-FOR-US: Qualcomm CVE-2022-33216 (Transient Denial-of-service in Automotive due to improper input valida ...) NOT-FOR-US: Qualcomm CVE-2022-33215 RESERVED CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...) NOT-FOR-US: Snapdragon CVE-2022-33213 (Memory corruption in modem due to buffer overflow while processing a P ...) NOT-FOR-US: Qualcomm CVE-2022-33212 RESERVED CVE-2022-33211 (memory corruption in modem due to improper check while calculating siz ...) NOT-FOR-US: Qualcomm CVE-2022-33210 (Memory corruption in automotive multimedia due to use of out-of-range ...) NOT-FOR-US: Snapdragon CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows ...) - web2py CVE-2022-32585 (A command execution vulnerability exists in the clish art2 functionali ...) NOT-FOR-US: Robustel R1510 CVE-2022-28127 (A data removal vulnerability exists in the web_server /action/remove/ ...) NOT-FOR-US: Robustel R1510 CVE-2022-2082 RESERVED CVE-2022-2081 (A vulnerability exists in the HCI Modbus TCP function included in the ...) NOT-FOR-US: Hitachi Energy CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the ...) NOT-FOR-US: WordPress plugin CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...) NOT-FOR-US: nocodb CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...) {DSA-5161-1} - linux 5.18.2-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2096178 NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1 NOTE: https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 (5.19-rc1) CVE-2022-33207 (Four OS command injection vulnerabilities exists in the web interface ...) NOT-FOR-US: Abode Systems CVE-2022-33206 (Four OS command injection vulnerabilities exists in the web interface ...) NOT-FOR-US: Abode Systems CVE-2022-33205 (Four OS command injection vulnerabilities exists in the web interface ...) NOT-FOR-US: Abode Systems CVE-2022-33204 (Four OS command injection vulnerabilities exists in the web interface ...) NOT-FOR-US: Abode Systems CVE-2022-33195 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) NOT-FOR-US: Abode Systems CVE-2022-33194 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) NOT-FOR-US: Abode Systems CVE-2022-33193 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) NOT-FOR-US: Abode Systems CVE-2022-33192 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) NOT-FOR-US: Abode Systems CVE-2022-33189 (An OS command injection vulnerability exists in the XCMD setAlexa func ...) NOT-FOR-US: Abode Systems CVE-2022-32775 (An integer overflow vulnerability exists in the web interface /action/ ...) NOT-FOR-US: Abode Systems CVE-2022-32773 (An OS command injection vulnerability exists in the XCMD doDebug funct ...) NOT-FOR-US: Abode Systems CVE-2022-32586 (An OS command injection vulnerability exists in the web interface /act ...) NOT-FOR-US: Abode Systems CVE-2022-32574 (A double-free vulnerability exists in the web interface /action/ipcamS ...) NOT-FOR-US: Abode Systems CVE-2022-32454 (A stack-based buffer overflow vulnerability exists in the XCMD setIPCa ...) NOT-FOR-US: Abode Systems CVE-2022-30603 (An OS command injection vulnerability exists in the web interface /act ...) NOT-FOR-US: Abode Systems CVE-2022-30541 (An OS command injection vulnerability exists in the XCMD setUPnP funct ...) NOT-FOR-US: Abode Systems CVE-2022-29889 (A hard-coded password vulnerability exists in the telnet functionality ...) NOT-FOR-US: Abode Systems CVE-2022-29520 (An OS command injection vulnerability exists in the console_main_loop ...) NOT-FOR-US: Abode Systems CVE-2022-29472 (An OS command injection vulnerability exists in the web interface util ...) NOT-FOR-US: Abode Systems CVE-2022-27804 (An os command injection vulnerability exists in the web interface util ...) NOT-FOR-US: Abode Systems CVE-2022-2077 REJECTED CVE-2022-2076 REJECTED CVE-2022-2075 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) NOT-FOR-US: Octopus Deploy CVE-2022-2074 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) NOT-FOR-US: Octopus Deploy CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34.) NOT-FOR-US: Grav CMS CVE-2021-46821 RESERVED CVE-2022-33187 (Brocade SANnav before v2.2.1 logs usernames and encoded passwords in ...) NOT-FOR-US: Brocade SANnav CVE-2022-33186 (A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c ...) NOT-FOR-US: Brocade Fabric OS CVE-2022-33185 (Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1 ...) NOT-FOR-US: Brocade CVE-2022-33184 (A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS vers ...) NOT-FOR-US: Brocade CVE-2022-33183 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) NOT-FOR-US: Brocade CVE-2022-33182 (A privilege escalation vulnerability in Brocade Fabric OS CLI before B ...) NOT-FOR-US: Brocade CVE-2022-33181 (An information disclosure vulnerability in Brocade Fabric OS CLI befor ...) NOT-FOR-US: Brocade CVE-2022-33180 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) NOT-FOR-US: Brocade CVE-2022-33179 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) NOT-FOR-US: Brocade CVE-2022-33178 (A vulnerability in the radius authentication system of Brocade Fabric ...) NOT-FOR-US: Brocade CVE-2022-33175 (Power Distribution Units running on Powertek firmware (multiple brands ...) NOT-FOR-US: Powertek CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple brands ...) NOT-FOR-US: Powertek CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase Server before ...) NOT-FOR-US: Couchbase Server CVE-2022-33172 (de.fac2 1.34 allows bypassing the User Presence protection mechanism w ...) NOT-FOR-US: de.fac2 CVE-2022-33171 (The findOne function in TypeORM before 0.3.0 can either be supplied wi ...) NOT-FOR-US: TypeORM CVE-2022-33170 RESERVED CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...) NOT-FOR-US: IBM CVE-2022-33167 RESERVED CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) NOT-FOR-US: IBM CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) NOT-FOR-US: IBM CVE-2022-33162 RESERVED CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) NOT-FOR-US: IBM CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...) NOT-FOR-US: IBM CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...) NOT-FOR-US: Trend Micro CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 a ...) NOT-FOR-US: TYPO3 extension CVE-2022-33156 (The matomo_integration (aka Matomo Integration) extension before 1.3.2 ...) NOT-FOR-US: TYPO3 extension CVE-2022-33155 (The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner ...) NOT-FOR-US: TYPO3 extension CVE-2022-33154 (The schema (aka Embedding schema.org vocabulary) extension before 1.13 ...) NOT-FOR-US: TYPO3 extension CVE-2022-33153 RESERVED CVE-2022-33152 RESERVED CVE-2022-33149 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) NOT-FOR-US: WWBN AVideo CVE-2022-33148 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) NOT-FOR-US: WWBN AVideo CVE-2022-33147 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) NOT-FOR-US: WWBN AVideo CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...) NOT-FOR-US: Apache NiFi CVE-2022-33139 (A vulnerability has been identified in Cerberus DMS (All versions), De ...) NOT-FOR-US: Siemens CVE-2022-33138 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) NOT-FOR-US: Siemens CVE-2022-33137 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) NOT-FOR-US: Siemens CVE-2022-33136 RESERVED CVE-2022-33135 RESERVED CVE-2022-33134 RESERVED CVE-2022-33133 RESERVED CVE-2022-33132 RESERVED CVE-2022-33131 RESERVED CVE-2022-33130 RESERVED CVE-2022-33129 RESERVED CVE-2022-33128 (RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a ...) NOT-FOR-US: RG-EG series gateway EG350 EG_RGOS CVE-2022-33127 (The function that calls the diff tool in Diffy 3.4.1 does not properly ...) - ruby-diffy (Windows-specific) CVE-2022-33126 RESERVED CVE-2022-33125 RESERVED CVE-2022-33124 (AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, whi ...) NOTE: Disputed aiohttp issue CVE-2022-33123 RESERVED CVE-2022-33122 (A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 al ...) NOT-FOR-US: EyouCMS CVE-2022-33121 (A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers ...) NOT-FOR-US: MiniCMS CVE-2022-33120 RESERVED CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...) NOT-FOR-US: NUUO Network Video Recorder NVRsolo CVE-2022-33118 RESERVED CVE-2022-33117 RESERVED CVE-2022-33116 (An issue in the jmpath variable in /modules/mindmap/index.php of GUnet ...) NOT-FOR-US: GUnet Open eClass Platform CVE-2022-33115 RESERVED CVE-2022-33114 (Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jfinal CMS CVE-2022-33113 (Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or ...) NOT-FOR-US: Jfinal CMS CVE-2022-33112 RESERVED CVE-2022-33111 RESERVED CVE-2022-33110 RESERVED CVE-2022-33109 RESERVED CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerability vi ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerabi ...) NOT-FOR-US: ThinkPHP CVE-2022-33106 (WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate ...) NOT-FOR-US: WiJungle NGFW CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...) - redis (No vulnerable version 7.x was uploaded to unstable) NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1) NOTE: https://github.com/redis/redis/pull/10753 NOTE: https://github.com/redis/redis/pull/10829 CVE-2022-33104 RESERVED CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...) - u-boot 2022.07+dfsg-1 (bug #1014528) [bullseye] - u-boot (Minor issue) [buster] - u-boot (SquashFS support added in 2020.10) NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/ NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/ NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/2ac0baab4aff1a0b45067d0b62f00c15f4e86856 (v2022.07-rc5) CVE-2022-33102 RESERVED CVE-2022-33101 RESERVED CVE-2022-33100 RESERVED CVE-2022-33099 (An issue in the component luaG_runerror of Lua v5.4.4 and below leads ...) - lua5.4 5.4.4-3 (bug #1014935) [bullseye] - lua5.4 (Minor issue) - lua5.3 (Specific to 5.4) - lua5.2 (Specific to 5.4) - lua5.1 (Specific to 5.4) - lua50 (Specific to 5.4) NOTE: https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00035.html NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00042.html NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00073.html CVE-2022-33098 (Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting ...) NOT-FOR-US: Magnolia CMS CVE-2022-33097 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33096 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33095 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33094 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33093 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33092 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-33091 RESERVED CVE-2022-33090 RESERVED CVE-2022-33089 RESERVED CVE-2022-33088 RESERVED CVE-2022-33087 (A stack overflow in the function DM_ In fillobjbystr() of TP-Link Arch ...) NOT-FOR-US: TP-Link CVE-2022-33086 RESERVED CVE-2022-33085 (ESPCMS P8 was discovered to contain an authenticated remote code execu ...) NOT-FOR-US: ESPCMS CVE-2022-33084 RESERVED CVE-2022-33083 RESERVED CVE-2022-33082 (An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10 ...) NOT-FOR-US: Open Policy Agent CVE-2022-33081 RESERVED CVE-2022-33080 RESERVED CVE-2022-33079 RESERVED CVE-2022-33078 RESERVED CVE-2022-33077 (An access control issue in nopcommerce v4.50.2 allows attackers to arb ...) NOT-FOR-US: nopcommerce CVE-2022-33076 RESERVED CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...) NOT-FOR-US: Zoo Management System CVE-2022-33074 RESERVED CVE-2022-33073 RESERVED CVE-2022-33072 RESERVED CVE-2022-33071 RESERVED CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...) - protobuf-c 1.4.1-1 [bullseye] - protobuf-c (Minor issue) [buster] - protobuf-c (Minor issue) NOTE: https://github.com/protobuf-c/protobuf-c/issues/506 NOTE: https://github.com/protobuf-c/protobuf-c/pull/508 NOTE: https://github.com/protobuf-c/protobuf-c/commit/6e389ce2c34355d36009a8fb1666bed29fa2d4f4 (v1.4.1) CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...) NOT-FOR-US: Ethereum CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...) - harfbuzz 5.2.0-2 (bug #1013673) [bullseye] - harfbuzz (Minor issue) [buster] - harfbuzz (Minor issue) [stretch] - harfbuzz (Minor issue) NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557 NOTE: https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593 CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...) - lrzip (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/224 NOTE: Crash in CLI tool, no security impact CVE-2022-33066 RESERVED CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in src/au ...) - libsndfile (bug #1051891) [bookworm] - libsndfile (Minor issue) [bullseye] - libsndfile (Minor issue) [buster] - libsndfile (Minor issue) NOTE: https://github.com/libsndfile/libsndfile/issues/833 NOTE: https://github.com/libsndfile/libsndfile/issues/789 NOTE: https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...) - libsndfile (bug #1051890) [bookworm] - libsndfile (Minor issue) [bullseye] - libsndfile (Minor issue) [buster] - libsndfile (Minor issue) NOTE: https://github.com/libsndfile/libsndfile/issues/832 CVE-2022-33063 RESERVED CVE-2022-33062 RESERVED CVE-2022-33061 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33060 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33059 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33058 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33057 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33054 RESERVED CVE-2022-33053 RESERVED CVE-2022-33052 RESERVED CVE-2022-33051 RESERVED CVE-2022-33050 RESERVED CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33047 (OTFCC v0.10.4 was discovered to contain a heap buffer overflow after f ...) - texlive-bin (unimportant; bug #1019602) [bullseye] - texlive-bin (Vulnerable code not present) [buster] - texlive-bin (Vulnerable code not present) NOTE: Affected code not built, see #1019602 CVE-2022-33046 RESERVED CVE-2022-33045 RESERVED CVE-2022-33044 RESERVED CVE-2022-33043 (A cross-site scripting (XSS) vulnerability in the batch add function o ...) NOT-FOR-US: Urtracker Premium CVE-2022-33042 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Online Railway Reservation System CVE-2022-33041 RESERVED CVE-2022-33040 RESERVED CVE-2022-33039 RESERVED CVE-2022-33038 RESERVED CVE-2022-33037 (A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute ar ...) NOT-FOR-US: Orwell-Dev-Cpp CVE-2022-33036 (A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execut ...) NOT-FOR-US: Embarcadero Dev-CPP CVE-2022-33035 (XLPD v7.0.0094 and below contains an unquoted service path vulnerabili ...) NOT-FOR-US: XLPD CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via t ...) - libredwg (bug #595191) CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free via the ...) - libredwg (bug #595191) CVE-2022-33032 (LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow ...) - libredwg (bug #595191) CVE-2022-33031 RESERVED CVE-2022-33030 RESERVED CVE-2022-33029 RESERVED CVE-2022-33028 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) - libredwg (bug #595191) CVE-2022-33027 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) - libredwg (bug #595191) CVE-2022-33026 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) - libredwg (bug #595191) CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) - libredwg (bug #595191) CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...) - libredwg (bug #595191) CVE-2022-33023 (CVA6 commit 909d85a gives incorrect permission to use special multipli ...) NOT-FOR-US: CVA6 CVE-2022-33022 RESERVED CVE-2022-33021 (CVA6 commit 909d85a accesses invalid memory when reading the value of ...) NOT-FOR-US: CVA6 CVE-2022-33020 RESERVED CVE-2022-33019 RESERVED CVE-2022-33018 RESERVED CVE-2022-33017 RESERVED CVE-2022-33016 REJECTED CVE-2022-33015 REJECTED CVE-2022-33014 REJECTED CVE-2022-33013 RESERVED CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to perform an acc ...) NOT-FOR-US: microweber CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...) NOT-FOR-US: Known CVE-2022-33010 REJECTED CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 ...) NOT-FOR-US: LightCMS CVE-2022-33008 RESERVED CVE-2022-33007 (TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discov ...) NOT-FOR-US: TRENDnet Wi-Fi routers CVE-2022-33006 RESERVED CVE-2022-33005 (A cross-site scripting (XSS) vulnerability in the System Settings/IOT ...) NOT-FOR-US: Delta Electronics CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...) NOT-FOR-US: Beginner package in PyPI CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...) NOT-FOR-US: watools package in PyPI CVE-2022-33002 (The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to conta ...) NOT-FOR-US: KGExplore package in PyPI CVE-2022-33001 (The AAmiles package in PyPI v0.1.0 was discovered to contain a code ex ...) NOT-FOR-US: AAmiles package in PyPI CVE-2022-33000 (The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to cont ...) NOT-FOR-US: ML-Scanner package in PyPI CVE-2022-32999 (The cloudlabeling package in PyPI v0.0.1 was discovered to contain a c ...) NOT-FOR-US: cloudlabeling package in PyPI CVE-2022-32998 (The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was d ...) NOT-FOR-US: cryptoasset-data-downloader package in PyPI CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered ...) NOT-FOR-US: RootInteractive package in PyPI CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...) NOT-FOR-US: django-navbar-client CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forger ...) NOT-FOR-US: Halo CMS CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: Halo CMS CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access contro ...) NOT-FOR-US: TOTOLINK CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...) NOT-FOR-US: Online Tours And Travels Management System CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Web Based Quiz System CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allow ...) - gimp 2.10.32-1 (unimportant) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8230 NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/24c962b95e5c740dff7a87a1f0ccdbf6c0a8c21e (master) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/a842869247eb2cae2b40476b5d93f88d8b01aa27 (master) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/22af0bcfe67c1c86381f33975ca7fdbde6b36b39 (master) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7d4b580e514029f28dc9bd59c66187e166db47c (GIMP_2_10_32) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/744959433647bdefcdf00b3f0d575f6812cd0d6d (GIMP_2_10_32) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/6ab90ecbbd7cc95901933f62227fd140c0576d55 (GIMP_2_10_32) NOTE: NOTE: Crash in GUI application, no security impact CVE-2022-32989 RESERVED CVE-2022-32988 (Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1. ...) NOT-FOR-US: Asus CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=man ...) NOT-FOR-US: Simple Bakery Shop Management System CVE-2022-32986 RESERVED CVE-2022-32761 (An information disclosure vulnerability exists in the aVideoEncoderRec ...) NOT-FOR-US: WWBN AVideo CVE-2022-32760 (A denial of service vulnerability exists in the XCMD doDebug functiona ...) NOT-FOR-US: Abode Systems CVE-2022-32572 (An os command injection vulnerability exists in the aVideoEncoder wget ...) NOT-FOR-US: WWBN AVideo CVE-2022-32282 (An improper password check exists in the login functionality of WWBN A ...) NOT-FOR-US: WWBN AVideo CVE-2022-30547 (A directory traversal vulnerability exists in the unzipDirectory funct ...) NOT-FOR-US: WWBN AVideo CVE-2022-30534 (An OS command injection vulnerability exists in the aVideoEncoder chun ...) NOT-FOR-US: WWBN AVideo CVE-2022-29477 (An authentication bypass vulnerability exists in the web interface /ac ...) NOT-FOR-US: Abode Systems CVE-2022-29475 (An information disclosure vulnerability exists in the XFINDER function ...) NOT-FOR-US: Abode Systems CVE-2022-28710 (An information disclosure vulnerability exists in the chunkFile functi ...) NOT-FOR-US: WWBN AVideo CVE-2022-27805 (An authentication bypass vulnerability exists in the GHOME control fun ...) NOT-FOR-US: Abode Systems CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to over ...) NOT-FOR-US: Grandstream CVE-2022-2069 (The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcent ...) NOT-FOR-US: Siemens CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...) {DSA-5169-1} - openssl 3.0.4-1 NOTE: https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa (openssl-3.0.4) NOTE: https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7 (OpenSSL_1_1_1p) NOTE: https://github.com/openssl/openssl/commit/7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9 (not public, 1.0.2zf) NOTE: https://www.openssl.org/news/secadv/20220621.txt CVE-2022-2067 (SQL Injection in GitHub repository francoisjacquet/rosariosis prior to ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-2066 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...) NOT-FOR-US: neorazorx/facturascripts CVE-2022-2065 (Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/fac ...) NOT-FOR-US: neorazorx/facturascripts CVE-2022-2064 (Insufficient Session Expiration in GitHub repository nocodb/nocodb pri ...) NOT-FOR-US: nocodb CVE-2022-2063 (Improper Privilege Management in GitHub repository nocodb/nocodb prior ...) NOT-FOR-US: nocodb CVE-2022-2062 (Generation of Error Message Containing Sensitive Information in GitHub ...) NOT-FOR-US: nocodb CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior ...) - chafa 1.12.1-1 (unimportant) NOTE: https://github.com/hpjansson/chafa/commit/e6ce3746cdcf0836b9dae659a5aed15d73a080d8 NOTE: https://huntr.dev/bounties/365ab61f-9a63-421c-97e6-21d4653021f0/ NOTE: Crash in CLI tool, no security impact CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...) - dolibarr CVE-2022-2059 (In Pandora FMS v7.0NG.761 and below, in the agent creation section, th ...) NOT-FOR-US: Pandora FMS CVE-2021-46820 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...) NOT-FOR-US: XOS-Shop CVE-2020-36546 RESERVED CVE-2020-36545 RESERVED CVE-2017-20056 (A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It ...) NOT-FOR-US: weblizar User Login Log Plugin CVE-2017-20055 (A vulnerability classified as problematic has been found in BestWebSof ...) NOT-FOR-US: BestWebSoft Contact Form Plugin CVE-2017-20054 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...) NOT-FOR-US: XYZScripts Contact Form Manager Plugin CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...) NOT-FOR-US: XYZScripts Contact Form Manager Plugin CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13. ...) NOT-FOR-US: pgadmin on Windows CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) {DSA-5333-1 DLA-3278-1} - tiff 4.4.0-3 (bug #1014494) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab CVE-2022-2055 RESERVED CVE-2022-2054 (Code Injection in GitHub repository nuitka/nuitka prior to 0.9.) - nuitka 0.9+ds-1 (bug #1012762) [bullseye] - nuitka (Minor issue) [buster] - nuitka (Minor issue) [stretch] - nuitka (Minor issue) NOTE: https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/ NOTE: https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad CVE-2022-32985 (libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.0 ...) NOT-FOR-US: Nexans FTTO GigaSwitch CVE-2022-32984 (BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain s ...) NOT-FOR-US: BTCPay Server CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ...) - knot-resolver (unimportant) NOTE: Just a clarifying documentation update: https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968 CVE-2022-32982 RESERVED CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on powerpc ...) - linux 5.18.5-1 (unimportant) [bullseye] - linux 5.10.127-1 [buster] - linux 4.19.249-1 [stretch] - linux (powerpc not supported in LTS) NOTE: https://git.kernel.org/linus/8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/3 NOTE: 32-bit powerpc not a release architecture CVE-2022-32980 RESERVED CVE-2022-32767 RESERVED CVE-2022-32979 RESERVED CVE-2022-32978 (There is an assertion failure in SingleComponentLSScan::ParseMCU in si ...) - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/75 NOTE: https://github.com/thorfdbg/libjpeg/commit/4746b577931e926a49e50de9720a4946de3069a7 NOTE: Crash in CLI tool, no security impact CVE-2022-32977 RESERVED CVE-2022-32976 RESERVED CVE-2022-32975 RESERVED CVE-2022-32974 (An authenticated attacker could read arbitrary files from the underlyi ...) NOT-FOR-US: Nessus CVE-2022-32973 (An authenticated attacker could create an audit file that bypasses Pow ...) NOT-FOR-US: Nessus CVE-2022-32972 (Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injecti ...) NOT-FOR-US: Infoblox BloxOne Endpoint for Windows CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user's sec ...) NOT-FOR-US: MetaTask CVE-2022-32968 RESERVED CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An un ...) NOT-FOR-US: RTL8111EP-CG/RTL8111FP-CGm CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing authorization ...) NOT-FOR-US: RTL8168FP-CG CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...) NOT-FOR-US: OMICARD EDM CVE-2022-32964 (OMICARD EDM\u2019s API function has insufficient validation for user i ...) NOT-FOR-US: OMICARD EDM CVE-2022-32963 (OMICARD EDM\u2019s mail file relay function has a path traversal vulne ...) NOT-FOR-US: OMICARD EDM CVE-2022-32962 (HiCOS\u2019 client-side citizen certificate component has a double fre ...) NOT-FOR-US: HICOS CVE-2022-32961 (HICOS\u2019 client-side citizen digital certificate component has a st ...) NOT-FOR-US: HICOS CVE-2022-32960 (HiCOS\u2019 client-side citizen digital certificate component has a st ...) NOT-FOR-US: HICOS CVE-2022-32959 (HiCOS\u2019 client-side citizen digital certificate component has a st ...) NOT-FOR-US: HICOS CVE-2022-32958 (A remote attacker with general user privilege can send a message to Te ...) NOT-FOR-US: TeamPlus Pro CVE-2022-32588 (An out-of-bounds write vulnerability exists in the PICT parsing pctwre ...) NOT-FOR-US: Accusoft ImageGear CVE-2022-32281 RESERVED CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the max- ...) - undertow 2.2.18-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862 NOTE: https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916 CVE-2022-2052 (Multiple Trumpf Products in multiple versions use default privileged W ...) NOT-FOR-US: TRUMPF CVE-2022-2051 RESERVED CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...) NOT-FOR-US: WordPress plugin CVE-2022-32957 RESERVED CVE-2022-32956 RESERVED CVE-2022-32955 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32954 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32953 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32952 REJECTED CVE-2022-32951 REJECTED CVE-2022-32950 RESERVED CVE-2022-32949 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-32947 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32946 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32945 (An access issue was addressed with additional sandbox restrictions on ...) NOT-FOR-US: Apple CVE-2022-32944 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-32943 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32942 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32941 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32940 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32939 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32938 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2022-32937 RESERVED CVE-2022-32936 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2022-32935 (A lock screen issue was addressed with improved state management. This ...) NOT-FOR-US: Apple CVE-2022-32934 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32933 [A website may be able to track the websites a user visited in Safari private browsing mode] {DSA-5241-1 DSA-5240-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2022-32932 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32931 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-32930 REJECTED CVE-2022-32929 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2022-32928 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32927 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32926 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32925 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-32924 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32923 (A correctness issue in the JIT was addressed with improved checks. Thi ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-32922 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-32921 REJECTED CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...) NOT-FOR-US: Apple Xcode CVE-2022-32919 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5341-1 DSA-5340-1} - webkit2gtk 2.38.4-1 - wpewebkit 2.38.4-1 NOTE: https://webkitgtk.org/security/WSA-2023-0010.html CVE-2022-32918 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-32917 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32916 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2022-32915 (A type confusion issue was addressed with improved checks. This issue ...) NOT-FOR-US: Apple CVE-2022-32914 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-32913 (The issue was addressed with additional restrictions on the observabil ...) NOT-FOR-US: Apple CVE-2022-32912 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - webkit2gtk (only affects macOS) - wpewebkit (only affects macOS) NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2022-32911 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32910 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32909 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2022-32908 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-32907 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32906 (This issue was addressed with using HTTPS when sending information ove ...) NOT-FOR-US: Apple CVE-2022-32905 (This issue was addressed with improved validation of symlinks. This is ...) NOT-FOR-US: Apple CVE-2022-32904 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2022-32903 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-32902 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32901 REJECTED CVE-2022-32900 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32899 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32898 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32897 RESERVED CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32895 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-32893 (An out-of-bounds write issue was addressed with improved bounds checki ...) {DSA-5220-1 DSA-5219-1 DLA-3087-1} - webkit2gtk 2.36.7-1 - wpewebkit 2.36.7-1 NOTE: https://wpewebkit.org/security/WSA-2022-0008.html CVE-2022-32892 (An access issue was addressed with improvements to the sandbox. This i ...) NOT-FOR-US: Apple CVE-2022-32891 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2022-32890 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32889 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32888 (An out-of-bounds write issue was addressed with improved bounds checki ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-32887 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-5241-1 DSA-5240-1 DLA-3124-1} - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2022-32885 (A memory corruption issue was addressed with improved validation. This ...) {DSA-5397-1 DSA-5396-1 DLA-3419-1} - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2022-32884 REJECTED CVE-2022-32883 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32882 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32881 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32880 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32879 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32878 REJECTED CVE-2022-32877 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple CVE-2022-32876 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32875 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32874 REJECTED CVE-2022-32873 REJECTED CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32871 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-32870 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32869 RESERVED CVE-2022-32868 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32867 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-32866 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32865 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32864 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32863 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-32862 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2022-32861 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32860 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2022-32859 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32858 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32857 (This issue was addressed by using HTTPS when sending information over ...) NOT-FOR-US: Apple CVE-2022-32856 REJECTED CVE-2022-32855 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-32852 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-32851 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-32850 REJECTED CVE-2022-32849 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2022-32848 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32847 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32846 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32845 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32844 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-32843 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-32841 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32840 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32839 (The issue was addressed with improved bounds checks. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32838 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32836 (This issue was addressed with improved state management. This issue is ...) NOT-FOR-US: Apple CVE-2022-32835 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...) NOT-FOR-US: Apple CVE-2022-32833 (An issue existed with the file paths used to store website data. The i ...) NOT-FOR-US: Apple CVE-2022-32832 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-32830 (An out-of-bounds read issue was addressed with improved bounds checkin ...) NOT-FOR-US: Apple CVE-2022-32829 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32828 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32827 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-32826 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2022-32825 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32824 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32823 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2022-32822 REJECTED CVE-2022-32821 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-32820 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-32819 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32818 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32817 (An out-of-bounds read issue was addressed with improved bounds checkin ...) NOT-FOR-US: Apple CVE-2022-32816 (The issue was addressed with improved UI handling. This issue is fixed ...) {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 CVE-2022-32815 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32814 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2022-32813 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32812 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32811 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2022-32810 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32809 REJECTED CVE-2022-32808 REJECTED CVE-2022-32807 (This issue was addressed with improved file handling. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-32806 REJECTED CVE-2022-32805 (The issue was addressed with improved handling of caches. This issue i ...) NOT-FOR-US: Apple CVE-2022-32804 REJECTED CVE-2022-32803 RESERVED CVE-2022-32802 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32801 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32800 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32799 (An out-of-bounds read issue was addressed with improved bounds checkin ...) NOT-FOR-US: Apple CVE-2022-32798 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-32797 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32796 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-32795 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32794 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) NOT-FOR-US: Apple CVE-2022-32792 (An out-of-bounds write issue was addressed with improved input validat ...) {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 NOTE: https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/ CVE-2022-32791 REJECTED CVE-2022-32790 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32789 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2022-32787 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-32786 (An issue in the handling of environment variables was addressed with i ...) NOT-FOR-US: Apple CVE-2022-32785 (A null pointer dereference was addressed with improved validation. Thi ...) NOT-FOR-US: Apple CVE-2022-32784 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32783 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32781 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32780 RESERVED CVE-2022-32779 REJECTED CVE-2022-32778 (An information disclosure vulnerability exists in the cookie functiona ...) NOT-FOR-US: WWBN AVideo CVE-2022-32777 (An information disclosure vulnerability exists in the cookie functiona ...) NOT-FOR-US: WWBN AVideo CVE-2022-32772 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) NOT-FOR-US: WWBN AVideo CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) NOT-FOR-US: WWBN AVideo CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) NOT-FOR-US: WWBN AVideo CVE-2022-32763 (A cross-site scripting (xss) sanitization vulnerability bypass exists ...) NOT-FOR-US: Lansweeper CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the image403 func ...) NOT-FOR-US: WWBN AVideo CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the videoAddNew f ...) NOT-FOR-US: WWBN AVideo CVE-2022-26842 (A reflected cross-site scripting (xss) vulnerability exists in the cha ...) NOT-FOR-US: WWBN AVideo CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) NOT-FOR-US: Octopus Deploy CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...) {DSA-5198-1 DLA-3079-1} - jetty9 9.4.48-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j NOTE: https://github.com/eclipse/jetty.project/issues/7935 CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...) {DSA-5198-1 DLA-3079-1} - jetty9 9.4.48-1 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q NOTE: https://github.com/eclipse/jetty.project/pull/8146 CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows administrators to ...) NOT-FOR-US: WordPress plugin CVE-2022-2045 RESERVED CVE-2022-2044 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) NOT-FOR-US: MOXA CVE-2022-2043 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) NOT-FOR-US: MOXA CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba NOTE: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 (v8.2.5072) NOTE: Crash in CLI tool, no security impact CVE-2022-2041 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2022-2040 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...) NOT-FOR-US: WordPress plugin CVE-2021-46819 RESERVED CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...) NOT-FOR-US: Adobe CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the objects id ...) NOT-FOR-US: WWBN AVideo CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...) NOT-FOR-US: WWBN AVideo CVE-2022-32759 RESERVED CVE-2022-32758 RESERVED CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) NOT-FOR-US: IBM CVE-2022-32756 (IBM Security Verify Directory 10.0.0 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...) NOT-FOR-US: IBM CVE-2022-32754 (IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2022-32753 (IBM Security Verify Directory 10.0.0 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...) NOT-FOR-US: IBM CVE-2022-32751 (IBM Security Verify Directory 10.0.0 could disclose sensitive server i ...) NOT-FOR-US: IBM CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...) {DSA-5311-1 DLA-3385-1} - trafficserver 9.1.4+ds-1 NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 NOTE: https://github.com/apache/trafficserver/pull/9243 NOTE: https://github.com/apache/trafficserver/commit/71a80d1abb3fbcb2e30ff850c8bca0a371589b5a (master) NOTE: https://github.com/apache/trafficserver/commit/590f87304b233791169af3d5899c5ba135bb61fa (9.1.x) CVE-2022-32748 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) NOT-FOR-US: Schneider CVE-2022-32747 (A CWE-290: Authentication Bypass by Spoofing vulnerability exists that ...) NOT-FOR-US: Schneider CVE-2022-32746 (A flaw was found in the Samba AD LDAP server. The AD DC database audit ...) {DSA-5205-1} - samba 2:4.16.4+dfsg-1 (bug #1016449) [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-32746.html CVE-2022-32745 (A flaw was found in Samba. Samba AD users can cause the server to acce ...) {DSA-5205-1} - samba 2:4.16.4+dfsg-1 (bug #1016449) [buster] - samba (Only affects 4.13 and later) NOTE: https://www.samba.org/samba/security/CVE-2022-32745.html CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encrypted ...) {DSA-5205-1} - samba 2:4.16.4+dfsg-1 (bug #1016449) [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...) [experimental] - samba 2:4.17.0+dfsg-1 - samba 2:4.17.2+dfsg-3 (bug #1021022) [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833 CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...) {DSA-5205-1 DLA-3792-1} - samba 2:4.16.4+dfsg-1 (bug #1016449) NOTE: https://www.samba.org/samba/security/CVE-2022-32742.html CVE-2022-32741 (Attacker is able to determine if the provided username exists (and it' ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x CVE-2022-32740 (A reply to a forwarded email article by a 3rd party could unintensiona ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x CVE-2022-32739 (When Secure::DisableBanner system configuration has been disabled and ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x CVE-2022-32573 (A directory traversal vulnerability exists in the AssetActions.aspx ad ...) NOT-FOR-US: Lansweeper CVE-2022-30605 (A privilege escalation vulnerability exists in the session id function ...) NOT-FOR-US: WWBN AVideo CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...) NOT-FOR-US: ESTsoft Alyac CVE-2022-29517 (A directory traversal vulnerability exists in the HelpdeskActions.aspx ...) NOT-FOR-US: Lansweeper CVE-2022-29511 (A directory traversal vulnerability exists in the KnowledgebasePageAct ...) NOT-FOR-US: Lansweeper CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in WWBN AVide ...) NOT-FOR-US: WWBN AVideo CVE-2022-28703 (A stored cross-site scripting vulnerability exists in the HdConfigActi ...) NOT-FOR-US: Lansweeper CVE-2022-27498 (A directory traversal vulnerability exists in the TicketTemplateAction ...) NOT-FOR-US: Lansweeper CVE-2022-2039 (The Free Live Chat Support plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2022-2038 RESERVED CVE-2022-2037 (Excessive Attack Surface in GitHub repository tooljet/tooljet prior to ...) NOT-FOR-US: ToolJet CVE-2022-32738 REJECTED CVE-2022-32737 REJECTED CVE-2022-32736 REJECTED CVE-2022-32735 REJECTED CVE-2022-32734 REJECTED CVE-2022-32733 REJECTED CVE-2022-32732 REJECTED CVE-2022-32731 REJECTED CVE-2022-32730 REJECTED CVE-2022-32729 REJECTED CVE-2022-32728 REJECTED CVE-2022-32727 REJECTED CVE-2022-32726 REJECTED CVE-2022-32725 REJECTED CVE-2022-32724 REJECTED CVE-2022-32723 REJECTED CVE-2022-32722 REJECTED CVE-2022-32721 REJECTED CVE-2022-32720 REJECTED CVE-2022-32719 REJECTED CVE-2022-32718 REJECTED CVE-2022-32717 REJECTED CVE-2022-32716 REJECTED CVE-2022-32715 REJECTED CVE-2022-32714 REJECTED CVE-2022-32713 REJECTED CVE-2022-32712 REJECTED CVE-2022-32711 REJECTED CVE-2022-32710 REJECTED CVE-2022-32709 REJECTED CVE-2022-32708 REJECTED CVE-2022-32707 REJECTED CVE-2022-32706 REJECTED CVE-2022-32705 REJECTED CVE-2022-32704 REJECTED CVE-2022-32703 REJECTED CVE-2022-32702 REJECTED CVE-2022-32701 REJECTED CVE-2022-32700 REJECTED CVE-2022-32699 REJECTED CVE-2022-32698 REJECTED CVE-2022-32697 REJECTED CVE-2022-32696 REJECTED CVE-2022-32695 REJECTED CVE-2022-32694 REJECTED CVE-2022-32693 REJECTED CVE-2022-32692 REJECTED CVE-2022-32691 REJECTED CVE-2022-32690 REJECTED CVE-2022-32689 REJECTED CVE-2022-32688 REJECTED CVE-2022-32687 REJECTED CVE-2022-32686 REJECTED CVE-2022-32685 REJECTED CVE-2022-32684 REJECTED CVE-2022-32683 REJECTED CVE-2022-32682 REJECTED CVE-2022-32681 REJECTED CVE-2022-32680 REJECTED CVE-2022-32679 REJECTED CVE-2022-32678 REJECTED CVE-2022-32677 REJECTED CVE-2022-32676 REJECTED CVE-2022-32675 REJECTED CVE-2022-32674 REJECTED CVE-2022-32673 REJECTED CVE-2022-32672 REJECTED CVE-2022-32671 REJECTED CVE-2022-32670 REJECTED CVE-2022-32669 REJECTED CVE-2022-32668 REJECTED CVE-2022-32667 REJECTED CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to misrepresentation ...) NOT-FOR-US: MediaTek CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...) NOT-FOR-US: MediaTek CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...) NOT-FOR-US: MediaTek CVE-2022-32663 (In Wi-Fi driver, there is a possible system crash due to null pointer ...) NOT-FOR-US: MediaTek CVE-2022-32662 RESERVED CVE-2022-32661 RESERVED CVE-2022-32660 RESERVED CVE-2022-32659 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32656 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32655 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32654 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) NOT-FOR-US: MediaTek CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic error. T ...) NOT-FOR-US: MediaTek CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic error. T ...) NOT-FOR-US: MediaTek CVE-2022-32651 (In mtk-aie, there is a possible use after free due to a logic error. T ...) NOT-FOR-US: MediaTek CVE-2022-32650 (In mtk-isp, there is a possible use after free due to a logic error. T ...) NOT-FOR-US: MediaTek CVE-2022-32649 (In jpeg, there is a possible use after free due to a logic error. This ...) NOT-FOR-US: MediaTek CVE-2022-32648 (In disp, there is a possible use after free due to a race condition. T ...) NOT-FOR-US: MediaTek CVE-2022-32647 (In ccu, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: MediaTek CVE-2022-32646 (In gpu drm, there is a possible stack overflow due to a missing bounds ...) NOT-FOR-US: MediaTek CVE-2022-32645 (In vow, there is a possible information disclosure due to a race condi ...) NOT-FOR-US: MediaTek CVE-2022-32644 (In vow, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek CVE-2022-32643 (In ccd, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek CVE-2022-32642 (In ccd, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-32639 (In watchdog, there is a possible out of bounds read due to a missing b ...) NOT-FOR-US: MediaTek CVE-2022-32638 (In isp, there is a possible out of bounds write due to a race conditio ...) NOT-FOR-US: MediaTek CVE-2022-32637 (In hevc decoder, there is a possible out of bounds write due to a miss ...) NOT-FOR-US: MediaTek CVE-2022-32636 (In keyinstall, there is a possible out of bounds write due to an integ ...) NOT-FOR-US: MediaTek CVE-2022-32635 (In gps, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek CVE-2022-32634 (In ccci, there is a possible out of bounds write due to improper input ...) NOT-FOR-US: Mediatek CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a logic e ...) NOT-FOR-US: Mediatek CVE-2022-32632 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...) NOT-FOR-US: Mediatek CVE-2022-32631 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...) NOT-FOR-US: Mediatek CVE-2022-32630 (In throttling, there is a possible out of bounds write due to an incor ...) NOT-FOR-US: Mediatek CVE-2022-32629 (In isp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2022-32628 (In isp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2022-32627 RESERVED CVE-2022-32626 (In display, there is a possible out of bounds write due to an incorrec ...) NOT-FOR-US: Mediatek CVE-2022-32625 (In display, there is a possible out of bounds write due to an incorrec ...) NOT-FOR-US: Mediatek CVE-2022-32624 (In throttling, there is a possible out of bounds write due to an incor ...) NOT-FOR-US: Mediatek CVE-2022-32623 (In mdp, there is a possible out of bounds write due to incorrect error ...) NOT-FOR-US: MediaTek CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing bounds c ...) NOT-FOR-US: Mediatek CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race conditio ...) NOT-FOR-US: Mediatek CVE-2022-32620 (In mpu, there is a possible memory corruption due to a logic error. Th ...) NOT-FOR-US: Mediatek CVE-2022-32619 (In keyinstall, there is a possible out of bounds write due to an incor ...) NOT-FOR-US: Mediatek CVE-2022-32618 (In typec, there is a possible out of bounds write due to an incorrect ...) NOT-FOR-US: Mediatek CVE-2022-32617 (In typec, there is a possible out of bounds write due to an incorrect ...) NOT-FOR-US: Mediatek CVE-2022-32616 (In isp, there is a possible out of bounds write due to uninitialized d ...) NOT-FOR-US: Mediatek CVE-2022-32615 (In ccd, there is a possible out of bounds write due to uninitialized d ...) NOT-FOR-US: Mediatek CVE-2022-32614 (In audio, there is a possible memory corruption due to a logic error. ...) NOT-FOR-US: Mediatek CVE-2022-32613 (In vcu, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: Mediatek CVE-2022-32612 (In vcu, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: Mediatek CVE-2022-32611 (In isp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2022-32610 (In vcu, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: Mediatek CVE-2022-32609 (In vcu, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: Mediatek CVE-2022-32608 (In jpeg, there is a possible use after free due to a race condition. T ...) NOT-FOR-US: Mediatek CVE-2022-32607 (In aee, there is a possible use after free due to a missing bounds che ...) NOT-FOR-US: Mediatek CVE-2022-32606 RESERVED CVE-2022-32605 (In isp, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: Mediatek CVE-2022-32604 RESERVED CVE-2022-32603 (In gpu drm, there is a possible out of bounds write due to improper in ...) NOT-FOR-US: Mediatek CVE-2022-32602 (In keyinstall, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Mediatek CVE-2022-32601 (In telephony, there is a possible permission bypass due to a parcel fo ...) NOT-FOR-US: Mediatek CVE-2022-32600 RESERVED CVE-2022-32599 (In rpmb, there is a possible out of bounds write due to a logic error. ...) NOT-FOR-US: MediaTek CVE-2022-32598 (In widevine, there is a possible out of bounds write due to an incorre ...) NOT-FOR-US: Mediatek CVE-2022-32597 (In widevine, there is a possible out of bounds write due to an incorre ...) NOT-FOR-US: Mediatek CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an incorre ...) NOT-FOR-US: Mediatek CVE-2022-32595 (In widevine, there is a possible out of bounds read due to an incorrec ...) NOT-FOR-US: MediaTek CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an incorre ...) NOT-FOR-US: Mediatek CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Mediatek CVE-2022-32591 (In ril, there is a possible system crash due to an incorrect bounds ch ...) NOT-FOR-US: Mediatek CVE-2022-32590 (In wlan, there is a possible use after free due to an incorrect status ...) NOT-FOR-US: Mediatek CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an ...) NOT-FOR-US: Mediatek CVE-2022-32569 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M1 ...) NOT-FOR-US: Intel CVE-2022-32568 RESERVED CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...) NOT-FOR-US: Appfire Jira Misc Custom Fields (JMCF) app CVE-2022-32566 RESERVED CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...) NOT-FOR-US: Couchbase Server CVE-2022-32564 (An issue was discovered in Couchbase Server before 7.0.4. In couchbase ...) NOT-FOR-US: Couchbase Server CVE-2022-32563 (An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Ad ...) NOT-FOR-US: Couchbase Sync Gateway CVE-2022-32562 (An issue was discovered in Couchbase Server before 7.0.4. Operations m ...) NOT-FOR-US: Couchbase Server CVE-2022-32561 (An issue was discovered in Couchbase Server before 6.6.5 and 7.x befor ...) NOT-FOR-US: Couchbase Server CVE-2022-32560 (An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks r ...) NOT-FOR-US: Couchbase Server CVE-2022-32559 (An issue was discovered in Couchbase Server before 7.0.4. Random HTTP ...) NOT-FOR-US: Couchbase Server CVE-2022-32558 (An issue was discovered in Couchbase Server before 7.0.4. Sample bucke ...) NOT-FOR-US: Couchbase Server CVE-2022-32557 (An issue was discovered in Couchbase Server before 7.0.4. The Index Se ...) NOT-FOR-US: Couchbase Server CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A private ke ...) NOT-FOR-US: Couchbase Server CVE-2022-32555 (Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7 ...) NOT-FOR-US: Unisys Data Exchange Management Studio CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) NOT-FOR-US: Pure Storage FlashArray CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) NOT-FOR-US: Pure Storage FlashArray CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) NOT-FOR-US: Pure Storage FlashArray CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) NOT-FOR-US: Intel CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) NOT-FOR-US: Intel CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R) Processors may a ...) NOT-FOR-US: Intel CVE-2022-29920 RESERVED CVE-2022-29896 RESERVED CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...) NOT-FOR-US: Intel CVE-2022-28699 (Improper input validation for some Intel(R) NUC BIOS firmware may allo ...) NOT-FOR-US: Intel CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...) NOT-FOR-US: Intel CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...) NOT-FOR-US: AgileBits 1Password CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are v ...) NOT-FOR-US: Apache Sling CVE-2022-32289 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...) NOT-FOR-US: WordPress plugin CVE-2022-32280 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) NOT-FOR-US: WordPress plugin CVE-2022-31475 (Authenticated (custom plugin role) Arbitrary File Read via Export func ...) NOT-FOR-US: Sygnoos CVE-2022-30536 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Flore ...) NOT-FOR-US: WordPress plugin CVE-2022-30337 (Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta ...) NOT-FOR-US: WordPress plugin CVE-2022-29923 (Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick ...) NOT-FOR-US: WordPress plugin CVE-2022-28700 (Authenticated Arbitrary File Creation via Export function vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-28666 (Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs ...) NOT-FOR-US: WordPress plugin CVE-2022-28612 (Improper Access Control vulnerability leading to multiple Authenticate ...) NOT-FOR-US: WordPress plugin CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Affiliat ...) NOT-FOR-US: WooCommerce addon CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...) NOT-FOR-US: SCORM Engine CVE-2022-2034 (The Sensei LMS WordPress plugin before 4.5.0 does not have proper perm ...) NOT-FOR-US: WordPress plugin CVE-2022-2033 RESERVED CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section, the ...) NOT-FOR-US: Pandora FMS CVE-2022-2031 (A flaw was found in Samba. The security vulnerability occurs when KDC ...) {DSA-5205-1} - samba 2:4.16.4+dfsg-1 (bug #1016449) [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-2031.html CVE-2022-2030 (A directory traversal vulnerability caused by specific character seque ...) NOT-FOR-US: Zyxel CVE-2022-2029 (Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra ...) NOT-FOR-US: kromitgmbh/titra CVE-2022-2028 (Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/t ...) NOT-FOR-US: kromitgmbh/titra CVE-2022-2027 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: kromitgmbh/titra CVE-2022-2026 (Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/ti ...) NOT-FOR-US: kromitgmbh/titra CVE-2022-2025 (an attacker with knowledge of user/pass of Grandstream GSD3710 in its ...) NOT-FOR-US: Grandstream CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been declared ...) NOT-FOR-US: InnoSetup CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...) NOT-FOR-US: DrayTek Vigor router CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...) {DLA-3429-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813 NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033 NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034 NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45) CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...) {DSA-5628-1 DLA-3737-1} - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 (7.1.1-10) NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512 (6.9.12-88) CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...) {DLA-3429-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985 NOTE: https://github.com/ImageMagick/ImageMagick/pull/4986 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44) CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...) {DLA-3429-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [stretch] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962 NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 (7.1.0-28) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43) CVE-2022-32543 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...) NOT-FOR-US: ESTsoft Alyac CVE-2022-32542 RESERVED CVE-2022-32541 RESERVED CVE-2022-32540 (Information Disclosure in Operator Client application in BVMS 10.1.1, ...) NOT-FOR-US: Information Disclosure in Operator Client application in BVMS nd VIDEOJET Decoder VJD-7513 CVE-2022-32539 RESERVED CVE-2022-32538 RESERVED CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...) NOT-FOR-US: Medtronic CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.) NOT-FOR-US: Go Git Service CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...) NOT-FOR-US: Trudesk CVE-2017-20050 REJECTED CVE-2017-20049 (A vulnerability, was found in legacy Axis devices such as P3225 and M3 ...) NOT-FOR-US: AXIS CVE-2017-20048 REJECTED CVE-2017-20047 REJECTED CVE-2017-20046 REJECTED CVE-2022-32536 (The user access rights validation in the web server of the Bosch Ether ...) NOT-FOR-US: Bosch CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 run ...) NOT-FOR-US: Bosch CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and ...) NOT-FOR-US: Bosch CVE-2022-32533 (Apache Jetspeed-2 does not sufficiently filter untrusted user input by ...) NOT-FOR-US: Apache Portals Jetspeed CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...) - shiro (bug #1014820) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2 CVE-2022-32531 (The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does ...) - bookkeeper (bug #1026233) NOTE: https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9 CVE-2022-2022 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...) NOT-FOR-US: nocodb CVE-2022-2021 RESERVED CVE-2022-2020 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2022-2019 (A vulnerability classified as critical was found in SourceCodester Pri ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2022-2018 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2022-2017 (A vulnerability was found in SourceCodester Prison Management System 1 ...) NOT-FOR-US: SourceCodester Prison Management System CVE-2022-2016 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...) NOT-FOR-US: neorazorx/facturascripts CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.) NOT-FOR-US: jgraph/drawio CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists th ...) NOT-FOR-US: Geo SCADA Mobile CVE-2022-32529 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32528 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider CVE-2022-32527 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32526 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32525 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32524 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32523 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32522 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider CVE-2022-32521 (A CWE 502: Deserialization of Untrusted Data vulnerability exists that ...) NOT-FOR-US: Schneider CVE-2022-32520 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...) NOT-FOR-US: Schneider CVE-2022-32519 (A CWE-257: Storing Passwords in a Recoverable Format vulnerability exi ...) NOT-FOR-US: Schneider CVE-2022-32518 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...) NOT-FOR-US: Schneider CVE-2022-32517 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) NOT-FOR-US: Schneider CVE-2022-32516 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) NOT-FOR-US: Schneider CVE-2022-32515 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: Schneider CVE-2022-32514 (A CWE-287: Improper Authentication vulnerability exists that could all ...) NOT-FOR-US: Schneider CVE-2022-32513 (A CWE-521: Weak Password Requirements vulnerability exists that could ...) NOT-FOR-US: Schneider CVE-2022-32512 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ...) - ruby-jmespath 1.6.1-1 (bug #1014807) [bullseye] - ruby-jmespath (Minor issue) NOTE: https://github.com/jmespath/jmespath.rb/pull/55 NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1) CVE-2022-32510 (An issue was discovered on certain Nuki Home Solutions devices. The HT ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32509 (An issue was discovered on certain Nuki Home Solutions devices. Lack o ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32508 (An issue was discovered on certain Nuki Home Solutions devices. By sen ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32507 (An issue was discovered on certain Nuki Home Solutions devices. Some B ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32506 (An issue was discovered on certain Nuki Home Solutions devices. An att ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32505 (An issue was discovered on certain Nuki Home Solutions devices. It is ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32504 (An issue was discovered on certain Nuki Home Solutions devices. The co ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32503 (An issue was discovered on certain Nuki Home Solutions devices. An att ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32502 (An issue was discovered on certain Nuki Home Solutions devices. There ...) NOT-FOR-US: Nuki Home Solutions CVE-2022-32501 RESERVED CVE-2022-32500 RESERVED CVE-2022-32499 RESERVED CVE-2022-2013 (In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if ...) NOT-FOR-US: Octopus Server CVE-2022-2012 RESERVED CVE-2022-2011 (Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allow ...) {DSA-5163-1} - chromium 102.0.5005.115-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2010 (Out of bounds read in compositing in Google Chrome prior to 102.0.5005 ...) {DSA-5163-1} - chromium 102.0.5005.115-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2009 RESERVED CVE-2022-2008 (Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed ...) {DSA-5163-1} - chromium 102.0.5005.115-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2007 (Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allo ...) {DSA-5163-1} - chromium 102.0.5005.115-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-2006 (AutomationDirect DirectLOGIC has a DLL vulnerability in the install di ...) NOT-FOR-US: AutomationDirect CVE-2022-2005 (AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism ...) NOT-FOR-US: AutomationDirect CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially crafted pa ...) NOT-FOR-US: AutomationDirect CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically crafted s ...) NOT-FOR-US: AutomationDirect CVE-2022-2002 (GE CIMPICITY versions 2022 and prior is vulnerable when data from ...) NOT-FOR-US: GE CIMPICITY CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...) NOT-FOR-US: Dell CVE-2022-32497 REJECTED CVE-2022-32496 REJECTED CVE-2022-32495 REJECTED CVE-2022-32494 REJECTED CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A loc ...) NOT-FOR-US: Dell CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A local aut ...) NOT-FOR-US: Dell CVE-2022-32490 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32482 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...) NOT-FOR-US: Dell CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...) NOT-FOR-US: Dell CVE-2022-32479 REJECTED CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32477 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32476 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32475 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32474 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32473 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32472 REJECTED CVE-2022-32471 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) NOT-FOR-US: Insyde CVE-2022-32470 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32469 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) NOT-FOR-US: Insyde CVE-2022-32468 RESERVED CVE-2022-32467 RESERVED CVE-2022-32466 RESERVED CVE-2022-32465 RESERVED CVE-2022-32464 RESERVED CVE-2022-32463 RESERVED CVE-2022-32462 RESERVED CVE-2022-32461 RESERVED CVE-2022-32460 RESERVED CVE-2022-32459 RESERVED CVE-2022-32458 (Digiwin BPM has a XML External Entity Injection (XXE) vulnerability du ...) NOT-FOR-US: Digiwin CVE-2022-32457 (Digiwin BPM has inadequate filtering for URL parameter. An unauthentic ...) NOT-FOR-US: Digiwin CVE-2022-32456 (Digiwin BPM\u2019s function has insufficient validation for user input ...) NOT-FOR-US: Digiwin CVE-2022-30707 (Violation of secure design principles exists in the communication of C ...) NOT-FOR-US: CAMS for HIS CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of changes ...) NOT-FOR-US: Octopus Deploy CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...) NOT-FOR-US: Octopus Server CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 15.10.8+ds1-2 CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ee12595147ac1fbfb5bcb23837e26dd58d94b15d (5.17-rc3) CVE-2022-1997 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) - golang-github-emicklei-go-restful 3.10.2-1 (bug #1012763) [bullseye] - golang-github-emicklei-go-restful (Minor issue) [buster] - golang-github-emicklei-go-restful (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/ NOTE: https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10 (v3.8.0) CVE-2022-1995 (The Malware Scanner WordPress plugin before 4.5.2 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-1994 (The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator ...) NOT-FOR-US: WordPress plugin CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been d ...) NOT-FOR-US: Navetti PricePoint CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been c ...) NOT-FOR-US: Navetti PricePoint CVE-2017-20043 (A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified ...) NOT-FOR-US: Navetti PricePoint CVE-2017-20042 (A vulnerability has been found in Navetti PricePoint 4.6.0.0 and class ...) NOT-FOR-US: Navetti PricePoint CVE-2017-20041 (A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been ...) NOT-FOR-US: Ucweb UC Browser CVE-2022-32452 RESERVED CVE-2022-32451 RESERVED CVE-2022-32450 (AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symb ...) NOT-FOR-US: AnyDesk CVE-2022-32449 (TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command inj ...) NOT-FOR-US: TOTOLINK CVE-2022-32448 RESERVED CVE-2022-32447 RESERVED CVE-2022-32446 RESERVED CVE-2022-32445 RESERVED CVE-2022-32444 (An issue was discovered in u5cms verion 8.3.5 There is a URL redirecti ...) NOT-FOR-US: u5cms CVE-2022-32443 RESERVED CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When ...) NOT-FOR-US: u5cms CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause ...) NOT-FOR-US: Hex Rays Ida Pro CVE-2022-32440 RESERVED CVE-2022-32439 RESERVED CVE-2022-32438 RESERVED CVE-2022-32437 RESERVED CVE-2022-32436 RESERVED CVE-2022-32435 RESERVED CVE-2022-32434 (EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow ...) NOT-FOR-US: EIPStackGroup OpENer CVE-2022-32433 (itsourcecode Advanced School Management System v1.0 is vulnerable to A ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32432 RESERVED CVE-2022-32431 RESERVED CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers ...) NOT-FOR-US: Lin CMS CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEIP/cgi- ...) NOT-FOR-US: Mega System Technologies Inc MSNSwitch CVE-2022-32428 RESERVED CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows attackers to exe ...) NOT-FOR-US: PrinterLogic Windows Client CVE-2022-32426 RESERVED CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...) NOT-FOR-US: Mealie CVE-2022-32424 RESERVED CVE-2022-32423 RESERVED CVE-2022-32422 RESERVED CVE-2022-32421 RESERVED CVE-2022-32420 (College Management System v1.0 was discovered to contain a remote code ...) NOT-FOR-US: College Management System CVE-2022-32419 RESERVED CVE-2022-32418 RESERVED CVE-2022-32417 (PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE ...) NOT-FOR-US: PbootCMS CVE-2022-32416 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) NOT-FOR-US: Product Show Room Site CVE-2022-32415 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/? ...) NOT-FOR-US: Product Show Room Site CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-32413 (An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers ...) NOT-FOR-US: Dice CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...) NOT-FOR-US: HongCMS CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...) NOT-FOR-US: HongCMS CVE-2022-32410 RESERVED CVE-2022-32409 (A local file inclusion (LFI) vulnerability in the component codemirror ...) NOT-FOR-US: Portal do Software Publico Brasileiro i3geo CVE-2022-32408 RESERVED CVE-2022-32407 (Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vuln ...) NOT-FOR-US: Softr CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the ...) NOT-FOR-US: GtkRadiant CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32404 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32403 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32402 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32401 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32400 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32399 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32398 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32397 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32396 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32395 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32394 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32393 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32392 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32391 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32390 RESERVED CVE-2022-32389 (Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in ...) NOT-FOR-US: Isode SWIFT (different than src:swift) CVE-2022-32388 RESERVED CVE-2022-32387 (In Kentico before 13.0.66, attackers can achieve Denial of Service via ...) NOT-FOR-US: Kentico CVE-2022-32386 (Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow vi ...) NOT-FOR-US: Tenda CVE-2022-32385 (Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allo ...) NOT-FOR-US: Tenda CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-32383 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) NOT-FOR-US: Tenda CVE-2022-32382 RESERVED CVE-2022-32381 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32380 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32379 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32378 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32377 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32376 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32375 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32374 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32373 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32372 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32371 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32370 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32369 RESERVED CVE-2022-32368 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) NOT-FOR-US: itsourcecode Advanced School Management System CVE-2022-32367 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32366 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32365 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32364 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32363 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32362 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32361 RESERVED CVE-2022-32360 RESERVED CVE-2022-32359 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) NOT-FOR-US: Product Show Room Site CVE-2022-32358 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) NOT-FOR-US: Product Show Room Site CVE-2022-32357 RESERVED CVE-2022-32356 RESERVED CVE-2022-32355 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32354 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32353 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) NOT-FOR-US: Product Show Room Site CVE-2022-32352 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32351 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32350 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32349 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32348 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32347 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32346 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32345 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32344 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32343 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32342 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32341 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32340 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32339 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32338 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32337 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Hospital's Patient Records Management System CVE-2022-32336 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32335 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32334 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32333 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32332 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32331 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32330 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32329 RESERVED CVE-2022-32328 (Fast Food Ordering System v1.0 is vulnerable to Delete any file. via / ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32327 RESERVED CVE-2022-32326 RESERVED CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ...) - jpegoptim (unimportant) NOTE: https://github.com/tjko/jpegoptim/issues/107 NOTE: Crash in CLI tool, no security impact CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the ...) NOT-FOR-US: PDFAlto CVE-2022-32323 (AutoTrace v0.40.0 was discovered to contain a heap overflow via the Re ...) - autotrace CVE-2022-32322 RESERVED CVE-2022-32321 RESERVED CVE-2022-32320 (A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium ...) NOT-FOR-US: Ferdi CVE-2022-32319 RESERVED CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a persistent ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-32317 (The MPlayer Project v1.5 was discovered to contain a heap use-after-fr ...) NOTE: PoC file has vanished, but anyway a crash in a GUI is tool is not considered a security issue CVE-2022-32316 RESERVED CVE-2022-32315 RESERVED CVE-2022-32314 RESERVED CVE-2022-32313 RESERVED CVE-2022-32312 RESERVED CVE-2022-32311 (Ingredient Stock Management System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: Ingredient Stock Management System CVE-2022-32310 (An access control issue in Ingredient Stock Management System v1.0 all ...) NOT-FOR-US: Ingredient Stock Management System CVE-2022-32309 RESERVED CVE-2022-32308 (Cross Site Scripting (XSS) vulnerability in uBlock Origin extension be ...) {DLA-3062-1} - ublock-origin 1.42.0+dfsg-1 [bullseye] - ublock-origin 1.42.0+dfsg-1~deb11u1 [buster] - ublock-origin 1.42.0+dfsg-1~deb10u1 NOTE: https://github.com/uBlockOrigin/uBlock-issues/issues/1992 NOTE: https://github.com/gorhill/uBlock/commit/e1e2ba3d5d00112f74464ddcc9f561f065dd3623 (1.41.5b2) NOTE: https://github.com/gorhill/uBlock/commit/60072e7996e58cd7cca5186fde742d83cc6a612c (1.41.7b0) CVE-2022-32307 RESERVED CVE-2022-32306 RESERVED CVE-2022-32305 RESERVED CVE-2022-32304 RESERVED CVE-2022-32303 RESERVED CVE-2022-32302 (Theme Park Ticketing System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Theme Park Ticketing System CVE-2022-32301 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: YoudianCMS CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: YoudianCMS CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: YoudianCMS CVE-2022-32298 (Toybox v0.8.7 was discovered to contain a NULL pointer dereference via ...) - toybox (Vulnerable code not uploaded yet) NOTE: https://github.com/landley/toybox/issues/346 NOTE: Introduced by: https://github.com/landley/toybox/commit/a9d0e2386f5f494bb9b4e9d56f6b95b40d7579d4 (0.8.7) NOTE: Fixed by: https://github.com/landley/toybox/commit/6d4847934fc0fe47a3254ce6c0396d197a780cf4 CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerability v ...) - piwigo CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra refere ...) NOT-FOR-US: Ampere devices CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...) NOT-FOR-US: Zimbra CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...) {DSA-5231-1 DLA-3144-1 DLA-3105-1} - connman 1.41-2 (bug #1016976) NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/ NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...) {DSA-5231-1 DLA-3105-1} - connman 1.41-2 (bug #1016976) NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...) NOT-FOR-US: Real Player CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorre ...) NOT-FOR-US: Northern.tech Mender CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...) NOT-FOR-US: SICUNET Access Controller CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...) NOT-FOR-US: SICUNET Access Controller CVE-2017-20038 (A vulnerability was found in SICUNET Access Controller 0.32-05z and cl ...) NOT-FOR-US: SICUNET Access Controller CVE-2017-20037 (A vulnerability has been found in SICUNET Access Controller 0.32-05z a ...) NOT-FOR-US: SICUNET Access Controller CVE-2017-20036 (A vulnerability, which was classified as problematic, was found in PHP ...) - phplist (bug #612288) CVE-2017-20035 (A vulnerability, which was classified as problematic, has been found i ...) - phplist (bug #612288) CVE-2017-20034 (A vulnerability classified as problematic was found in PHPList 3.2.6. ...) - phplist (bug #612288) CVE-2017-20033 (A vulnerability classified as problematic has been found in PHPList 3. ...) - phplist (bug #612288) CVE-2017-20032 (A vulnerability was found in PHPList 3.2.6. It has been rated as criti ...) - phplist (bug #612288) CVE-2017-20031 (A vulnerability was found in PHPList 3.2.6. It has been declared as pr ...) - phplist (bug #612288) CVE-2017-20030 (A vulnerability was found in PHPList 3.2.6. It has been classified as ...) - phplist (bug #612288) CVE-2017-20029 (A vulnerability was found in PHPList 3.2.6 and classified as critical. ...) - phplist (bug #612288) CVE-2017-20028 (A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been c ...) NOT-FOR-US: HumHub CVE-2017-20027 (A vulnerability was found in HumHub up to 1.0.1 and classified as prob ...) NOT-FOR-US: HumHub CVE-2017-20026 (A vulnerability has been found in HumHub up to 1.0.1 and classified as ...) NOT-FOR-US: HumHub CVE-2017-20025 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20024 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20023 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and cl ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20022 (A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 a ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20021 (A vulnerability, which was classified as critical, was found in Solare ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20020 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20019 (A vulnerability classified as problematic was found in Solare Solar-Lo ...) NOT-FOR-US: Solare Solar-Log CVE-2017-20018 (A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classifie ...) NOT-FOR-US: XAMPP CVE-2016-15002 (A vulnerability, which was classified as critical, was found in MONyog ...) NOT-FOR-US: MONyog Ultimate CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS u ...) NOT-FOR-US: WolfCMS CVE-2019-25069 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Axios Italia Axios RE CVE-2019-25068 (A vulnerability classified as critical was found in Axios Italia Axios ...) NOT-FOR-US: Axios Italia Axios RE CVE-2019-25067 (A vulnerability, which was classified as critical, was found in Podman ...) - libpod 3.0.0+dfsg1-1 NOTE: https://vuldb.com/?id.143949 NOTE: https://www.exploit-db.com/exploits/47500 NOTE: exploit demo script on client uses Python podman code which is not in Debian NOTE: refers to old versions of remote code which never made it to a Debian release NOTE: issue probably present in all versions with varlink, starting 1.6.2+dfsg-1 NOTE: upstream (Fedora/RedHat) refuses to look into it: https://bugzilla.redhat.com/show_bug.cgi?id=2097496 CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified as crit ...) - ajenti (bug #792019) CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...) NOT-FOR-US: OpenNetAdmin CVE-2018-25044 (A vulnerability, which was classified as critical, has been found in u ...) NOT-FOR-US: uTorrent CVE-2018-25043 (A vulnerability classified as critical was found in uTorrent. This vul ...) NOT-FOR-US: uTorrent CVE-2018-25042 (A vulnerability classified as critical has been found in uTorrent. Thi ...) NOT-FOR-US: uTorrent CVE-2018-25041 (A vulnerability was found in uTorrent. It has been rated as critical. ...) NOT-FOR-US: uTorrent CVE-2018-25040 (A vulnerability was found in uTorrent Web. It has been declared as cri ...) NOT-FOR-US: uTorrent CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been de ...) NOT-FOR-US: Thomson TCW710 CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been cl ...) NOT-FOR-US: Thomson TCW710 CVE-2018-25037 (A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified ...) NOT-FOR-US: Thomson TCW710 CVE-2018-25036 (A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classi ...) NOT-FOR-US: Thomson TCW710 CVE-2018-25035 (A vulnerability, which was classified as problematic, was found in Tho ...) NOT-FOR-US: Thomson TCW710 CVE-2018-25034 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Thomson TCW710 CVE-2017-20017 (A vulnerability, which was classified as critical, has been found in T ...) NOT-FOR-US: Genealogy Sitebuilding CVE-2020-36544 (A vulnerability has been found in SialWeb CMS and classified as proble ...) NOT-FOR-US: SialWeb CMS CVE-2020-36543 (A vulnerability, which was classified as critical, was found in SialWe ...) NOT-FOR-US: SialWeb CMS CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) NOT-FOR-US: Demokratian CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) NOT-FOR-US: Demokratian CVE-2020-36540 (A vulnerability, which was classified as critical, was found in Neetai ...) NOT-FOR-US: Neetai Tech CVE-2020-36539 (A vulnerability was found in L\xf3gico y Creativo 1.0 and classified a ...) NOT-FOR-US: Logico y Creativo CVE-2020-36538 (A vulnerability was found in Eatan CMS. It has been declared as critic ...) NOT-FOR-US: Eatan CMS CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classified as ...) NOT-FOR-US: Everywhere CMS CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) NOT-FOR-US: Brandbugle CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) NOT-FOR-US: MINMAX CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) NOT-FOR-US: easyii CMS CVE-2020-36533 (A vulnerability was found in Klapp App and classified as problematic. ...) NOT-FOR-US: Klapp App CVE-2020-36532 (A vulnerability has been found in Klapp App and classified as problema ...) NOT-FOR-US: Klapp App CVE-2020-36531 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SevOne Network Management System CVE-2020-36530 (A vulnerability classified as critical was found in SevOne Network Man ...) NOT-FOR-US: SevOne Network Management System CVE-2020-36529 (A vulnerability classified as critical has been found in SevOne Networ ...) NOT-FOR-US: SevOne Network Management System CVE-2019-25064 (A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has b ...) NOT-FOR-US: CoreHR Core Portal CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been classi ...) NOT-FOR-US: Sricam IP CCTV Camera CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...) NOT-FOR-US: Sricam IP CCTV Camera CVE-2022-32296 (The Linux kernel before 5.17.9 allows TCP servers to identify clients ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.11-1 [bullseye] - linux 5.10.127-1 NOTE: https://git.kernel.org/linus/4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 (5.18-rc6) CVE-2022-32287 (A relative path traversal vulnerability in a FileUtil class used by th ...) NOT-FOR-US: Apache UIMA CVE-2022-32286 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...) NOT-FOR-US: Siemens CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...) NOT-FOR-US: Siemens CVE-2022-32279 RESERVED CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...) {DSA-5164-1 DLA-3056-1} - exo 4.16.4-1 (bug #1013129) NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4) CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Refer ...) NOT-FOR-US: Squiz Matrix CMS CVE-2022-32276 (Grafana 8.4.3 allows unauthenticated access via (for example) a /dashb ...) - grafana CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...) - grafana CVE-2022-31472 (Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4. ...) NOT-FOR-US: Cybozu CVE-2022-29521 RESERVED CVE-2022-29465 (An out-of-bounds write vulnerability exists in the PSD Header processi ...) NOT-FOR-US: Accusoft ImageGear CVE-2022-25958 RESERVED CVE-2022-1993 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.) NOT-FOR-US: Go Git Service CVE-2022-1992 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.) NOT-FOR-US: Go Git Service CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...) NOT-FOR-US: Fast Food Ordering System CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape and sa ...) NOT-FOR-US: WordPress plugin CVE-2022-1989 (All CODESYS Visualization versions before V4.2.0.0 generate a login di ...) NOT-FOR-US: CODESYS Visualization CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...) NOT-FOR-US: neorazorx/facturascripts CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to s ...) NOT-FOR-US: JIRA addon CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...) NOT-FOR-US: OPSWAT MetaDefender Core CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1 ...) NOT-FOR-US: OPSWAT MetaDefender Core CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...) NOT-FOR-US: Real Player CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows do ...) NOT-FOR-US: Real Player CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of unsafe j ...) NOT-FOR-US: Real Player CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A fl ...) NOT-FOR-US: StarWind SAN and NAS CVE-2022-32267 (DMA transactions which are targeted at input buffers used for the SmmR ...) NOT-FOR-US: Insyde CVE-2022-32266 (DMA attacks on the parameter buffer used by a software SMI handler use ...) NOT-FOR-US: Insyde CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...) NOT-FOR-US: qDecoder CVE-2022-32264 (sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-ser ...) NOT-FOR-US: FreeBSD CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32261 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32260 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32259 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32258 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32257 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32256 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32255 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32254 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32253 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32252 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32251 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.18.2-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1 NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd NOTE: Was previously also tracked as CVE-2022-1966 NOTE: https://github.com/theori-io/CVE-2022-32250-exploit NOTE: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/ NOTE: https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ CVE-2022-32249 (Under special integration scenario of SAP Business one and SAP HANA - ...) NOT-FOR-US: SAP CVE-2022-32248 (Due to missing input validation in the Manage Checkbooks component of ...) NOT-FOR-US: SAP CVE-2022-32247 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Difference ...) NOT-FOR-US: SAP CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open Document) - v ...) NOT-FOR-US: SAP CVE-2022-32244 (Under certain conditions an attacker authenticated as a CMS administra ...) NOT-FOR-US: SAP CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...) NOT-FOR-US: SAP CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files r ...) NOT-FOR-US: SAP CVE-2022-32241 (When a user opens manipulated Portable Document Format (.pdf, PDFView. ...) NOT-FOR-US: SAP CVE-2022-32240 (When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) ...) NOT-FOR-US: SAP CVE-2022-32239 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...) NOT-FOR-US: SAP CVE-2022-32238 (When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) ...) NOT-FOR-US: SAP CVE-2022-32237 (When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCor ...) NOT-FOR-US: SAP CVE-2022-32236 (When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files rece ...) NOT-FOR-US: SAP CVE-2022-32235 (When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) fil ...) NOT-FOR-US: SAP CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - libmobi 0.11+dfsg-1 NOTE: https://huntr.dev/bounties/e8197737-7557-443e-a59f-2a86e8dda75f/ NOTE: https://github.com/bfabiszewski/libmobi/commit/612562bc1ea38f1708b044e7a079c47a05b1291d (v0.11) CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.) NOT-FOR-US: Go Git Service CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays, prior t ...) NOT-FOR-US: Facebook Hermes CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2022-29926 REJECTED CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue in mu ...) NOT-FOR-US: Cybozu CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...) NOT-FOR-US: WordPress plugin CVE-2022-1984 (This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Des ...) NOT-FOR-US: HYPR CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions from 10.7 ...) - gitlab (Specific to EE) CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...) - mattermost-server (bug #823556) CVE-2022-1981 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2022-1980 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...) NOT-FOR-US: SourceCodester Product Show Room Site CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...) NOT-FOR-US: SourceCodester Product Show Room Site CVE-2022-1978 RESERVED CVE-2022-1977 (The Import Export All WordPress Images, Users & Post Types WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer dereference in ver ...) NOT-FOR-US: Microsoft CVE-2022-32229 (A information disclosure vulnerability exists in Rockert.Chat (Only affects Windows) NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223 CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in versions o ...) - nodejs (Specific to Node 18 and nodejs-distributed binaries) NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222 NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001 CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use the read c ...) {DSA-5330-1 DLA-3288-1} - curl 7.86.0-1 NOTE: https://curl.se/docs/CVE-2022-32221.html NOTE: https://github.com/curl/curl/issues/9507 NOTE: Fixed by: https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9 (curl-7_86_0) CVE-2022-32220 (An information disclosure vulnerability exists in Rocket.Chat (llhttp dependency/embedding introduced in 12.x) - llhttp (bug #977716) NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-incorrect-parsing-of-multi-line-transfer-encoding-medium-cve-2022-32215 NOTE: https://hackerone.com/reports/1630667 NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215 CVE-2022-32214 (The llhttp parser (llhttp dependency/embedding introduced in 12.x) - llhttp (bug #977716) NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-improper-delimiting-of-header-fields-medium-cve-2022-32214 NOTE: https://hackerone.com/reports/1630669 NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) CVE-2022-32213 (The llhttp parser (llhttp dependency/embedding introduced in 12.x) - llhttp (bug #977716) NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-flawed-parsing-of-transfer-encoding-medium-cve-2022-32213 NOTE: https://hackerone.com/reports/1630668 NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.x) NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#cve-2022-32213-bypass-via-obs-fold-mechanic-medium-cve-2022-32213 CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions <14.20 ...) {DSA-5326-1 DLA-3137-1} - nodejs 18.6.0+dfsg-3 NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) NOTE: https://github.com/nodejs/node/commit/a1121b456c54b16d980881f821cd700c6a4ca537 (14.20.1) (follow-up) NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main) NOTE: https://github.com/nodejs/node/commit/b358fb27a4253c6827378a64163448c04301e19c (main) (follow-up) CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-32207.html NOTE: Introduced by: https://github.com/curl/curl/commit/b834890a3fa3f525cd8ef4e99554cdb4558d7e1b (curl-7_69_0) NOTE: Fixed by: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0) CVE-2022-32206 (curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ...) {DSA-5197-1 DLA-3085-1} - curl 7.84.0-1 NOTE: https://curl.se/docs/CVE-2022-32206.html NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0) NOTE: Fixed by: https://github.com/curl/curl/commit/3a09fbb7f264c67c438d01a30669ce325aa508e2 (curl-7_84_0) CVE-2022-32205 (A malicious server can serve excessive amounts of `Set-Cookie:` header ...) {DSA-5197-1} - curl 7.84.0-1 [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-32205.html NOTE: Introduced by: https://github.com/curl/curl/commit/ed35d6590e72c23c568af1e3b8ac6e4e2d883888 (curl-7_71_0) NOTE: Fixed by: https://github.com/curl/curl/commit/48d7064a49148f03942380967da739dcde1cdc24 (curl-7_84_0) CVE-2022-31734 (Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. co ...) NOT-FOR-US: Cisco CVE-2022-1976 (A flaw was found in the Linux kernel\u2019s implementation of IO-URING ...) - linux 5.18.14-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7 (5.19-rc1) NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/2 CVE-2022-1975 (There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an at ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2 NOTE: https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6) CVE-2022-1974 (A use-after-free flaw was found in the Linux kernel's NFC core functio ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1 NOTE: https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6) CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay in f ...) - linux 5.18.5-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1) CVE-2022-1972 REJECTED CVE-2022-32204 RESERVED CVE-2022-32203 RESERVED CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1970 (keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri p ...) NOT-FOR-US: Keycloak CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...) NOT-FOR-US: Mobile browser color select plugin for WordPress CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050) NOTE: Crash in CLI tool, no security impact CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2022-1966 REJECTED CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...) NOT-FOR-US: CODESYS CVE-2022-1964 (The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise u ...) NOT-FOR-US: WordPress plugin CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...) - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7 NOTE: https://github.com/thorfdbg/libjpeg/issues/74 NOTE: Crash in CLI tool, no security impact CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Component::Sub ...) - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/commit/ea6315164b1649ff932a396b7600eac4bffcfaba NOTE: https://github.com/thorfdbg/libjpeg/issues/73 NOTE: Crash in CLI tool, no security impact CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...) - dwarfutils (bug #1012515) [bookworm] - dwarfutils (Minor issue) [bullseye] - dwarfutils (Minor issue) [buster] - dwarfutils (Minor issue) [stretch] - dwarfutils (Minor issue) NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 NOTE: https://github.com/davea42/libdwarf-code/issues/116 NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001 CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrar ...) NOT-FOR-US: ScriptCase CVE-2022-32198 RESERVED CVE-2022-32197 RESERVED CVE-2022-32196 RESERVED CVE-2022-32195 (Open edX platform before 2022-06-06 allows XSS via the "next" paramete ...) NOT-FOR-US: Open edX CVE-2022-32194 RESERVED CVE-2022-32193 (Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Info ...) NOT-FOR-US: Couchbase Server CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Inform ...) NOT-FOR-US: Couchbase Server CVE-2022-32191 RESERVED CVE-2022-32190 (JoinPath and URL.JoinPath do not remove ../ path elements appended to ...) - golang-1.19 1.19.1-1 - golang-1.18 (Vulnerable code introduced in 1.19) - golang-1.17 (Vulnerable code introduced in 1.19) - golang-1.15 (Vulnerable code introduced in 1.19) - golang-1.11 (Vulnerable code introduced in 1.19) NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s NOTE: https://github.com/golang/go/issues/54385 NOTE: https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec (go1.19.1) CVE-2022-32189 (A too-short encoded message can cause a panic in Float.GobDecode and R ...) - golang-1.19 1.19-1 - golang-1.18 1.18.5-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53871 NOTE: https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU NOTE: https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66 (master, go1.19) NOTE: https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (go1.18.5) NOTE: https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102 (go1.17.13) CVE-2022-32188 RESERVED CVE-2022-32187 RESERVED CVE-2022-32186 RESERVED CVE-2022-32185 RESERVED CVE-2022-32184 RESERVED CVE-2022-32183 RESERVED CVE-2022-32182 RESERVED CVE-2022-32181 RESERVED CVE-2022-32180 RESERVED CVE-2022-32179 RESERVED CVE-2022-32178 RESERVED CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable ...) NOT-FOR-US: Gin-Vue-Admin CVE-2022-32176 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to ...) NOT-FOR-US: Gin-Vue-Admin CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...) NOT-FOR-US: AdGuardHome CVE-2022-32174 (In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cro ...) NOT-FOR-US: Go Git Service CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow ...) NOT-FOR-US: Orchard CMS CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...) NOT-FOR-US: ZincSearch CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...) NOT-FOR-US: ZincSearch CVE-2022-32170 (The \u201cBytebase\u201d application does not restrict low privilege u ...) NOT-FOR-US: Bytebase CVE-2022-32169 (The \u201cBytebase\u201d application does not restrict low privilege u ...) NOT-FOR-US: Bytebase CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking wh ...) NOT-FOR-US: Notepad++ CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...) NOT-FOR-US: Cloudreve CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...) {DLA-3168-1} - openvswitch 2.13.0+dfsg1-1 NOTE: https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 (v2.12.0) CVE-2022-32165 RESERVED CVE-2022-32164 RESERVED CVE-2022-32163 RESERVED CVE-2022-32162 RESERVED CVE-2022-32161 RESERVED CVE-2022-32160 RESERVED CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) NOT-FOR-US: openlibrary CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-4233 RESERVED CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2. ...) NOT-FOR-US: Splunk Enterprise deployment servers CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0 allow unau ...) NOT-FOR-US: Splunk Enterprise deployment servers CVE-2022-32156 (In Splunk Enterprise and Universal Forwarder versions before 9.0, the ...) NOT-FOR-US: Splunk Enterprise and Universal Forwarder CVE-2022-32155 (In universal forwarder versions before 9.0, management services are av ...) NOT-FOR-US: Splunk Enterprise and Universal Forwarder CVE-2022-32154 (Dashboards in Splunk Enterprise versions before 9.0 might let an attac ...) NOT-FOR-US: Dashboards in Splunk Enterprise CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) NOT-FOR-US: Splunk Enterprise CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) NOT-FOR-US: Splunk Enterprise CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...) NOT-FOR-US: Splunk CVE-2022-32150 RESERVED CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...) - golang-golang-x-text 0.3.8-1 (bug #1021785) [bullseye] - golang-golang-x-text (Minor issue) - golang-x-text [buster] - golang-x-text (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package)) NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU NOTE: https://go.dev/issue/56152 NOTE: https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1.17.12 ...) - golang-1.19 1.19~rc1-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/53423 NOTE: https://github.com/golang/go/commit/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a (go1.19rc1) NOTE: https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (go1.18.4) NOTE: https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e (go1.17.12) CVE-2022-32147 RESERVED CVE-2022-32146 RESERVED CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspace V5. ...) NOT-FOR-US: Siemens CVE-2022-32144 RESERVED CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...) NOT-FOR-US: CODESYS CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...) NOT-FOR-US: CODESYS CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A low privi ...) NOT-FOR-US: CODESYS CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A low priv ...) NOT-FOR-US: CODESYS CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker may cra ...) NOT-FOR-US: CODESYS CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a request wh ...) NOT-FOR-US: CODESYS CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker may cra ...) NOT-FOR-US: CODESYS CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...) NOT-FOR-US: CODESYS CVE-2022-30997 (Use of hard-coded credentials vulnerability exists in STARDOM FCN Cont ...) NOT-FOR-US: Yokogawa Electric Corporation CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability exists i ...) NOT-FOR-US: Yokogawa Electric Corporation CVE-2022-1962 (Uncontrolled recursion in the Parse functions in go/parser before Go 1 ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53616 NOTE: https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879 (go1.19rc2) NOTE: https://github.com/golang/go/commit/0d1615b23f9a558aa0a1957b4c81596220eb8ec4 (go1.18.4) NOTE: https://github.com/golang/go/commit/ba8788ebcead55e99e631c6a1157ad7b35535d11 (go1.17.12) CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check in pla ...) NOT-FOR-US: WordPress plugin CVE-2022-1959 (AppLock version 7.9.29 allows an attacker with physical access to the ...) NOT-FOR-US: AppLock CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...) NOT-FOR-US: FileCloud CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...) NOT-FOR-US: oxen-io/session-android CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...) - gitlab 15.10.8+ds1-2 CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...) NOT-FOR-US: WordPress plugin CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1950 (The Youzify WordPress plugin before 1.2.0 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) - 389-ds-base 2.3.1-1 (bug #1016446) [bullseye] - 389-ds-base (Minor issue, too intrusive to backport) [buster] - 389-ds-base (Too intrusive too backport) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781 NOTE: https://github.com/389ds/389-ds-base/issues/5170 NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/a444d3454bd719ac161c30d638983ab0ff66f1b8 (389-ds-base-2.0.16) NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/26a994544d77c088cc548ce408fe7b3c33e37f80 (389-ds-base-2.0.16) NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/00f044f1244a7961636ee16b61e66d884a01c154 (389-ds-base-2.0.16) CVE-2022-32135 RESERVED CVE-2022-32134 RESERVED CVE-2022-32133 RESERVED CVE-2022-32132 RESERVED CVE-2022-32131 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32130 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32129 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32128 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32127 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32126 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32125 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32124 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) NOT-FOR-US: 74cmsSE CVE-2022-32123 RESERVED CVE-2022-32122 RESERVED CVE-2022-32121 RESERVED CVE-2022-32120 RESERVED CVE-2022-32119 (Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary ...) NOT-FOR-US: Arox School ERP Pro CVE-2022-32118 (Arox School ERP Pro v1.0 was discovered to contain a cross-site script ...) NOT-FOR-US: Arox School ERP Pro CVE-2022-32117 (Jerryscript v2.4.0 was discovered to contain a stack buffer overflow v ...) - iotjs (Issue not yet present in bundled jerryscript) CVE-2022-32116 RESERVED CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 allows att ...) NOT-FOR-US: Known CVE-2022-32114 (An unrestricted file upload vulnerability in the Add New Assets functi ...) NOT-FOR-US: Strapi CVE-2022-32113 RESERVED CVE-2022-32112 RESERVED CVE-2022-32111 RESERVED CVE-2022-32110 RESERVED CVE-2022-32109 RESERVED CVE-2022-32108 RESERVED CVE-2022-32107 RESERVED CVE-2022-32106 RESERVED CVE-2022-32105 RESERVED CVE-2022-32104 RESERVED CVE-2022-32103 RESERVED CVE-2022-32102 RESERVED CVE-2022-32101 (kkcms v1.3.7 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: kkcms CVE-2022-32100 RESERVED CVE-2022-32099 RESERVED CVE-2022-32098 RESERVED CVE-2022-32097 RESERVED CVE-2022-32096 (Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via ...) - rhonabwy 1.1.5-1 [bullseye] - rhonabwy (Minor issue) NOTE: https://github.com/babelouest/rhonabwy/commit/b4c2923a1ba4fabf9b55a89244127e153a3e549b (1.1.5) CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...) NOT-FOR-US: D-Link CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...) {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26431 CVE-2022-32090 RESERVED CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26410 CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26419 NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26437 NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26412 NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26407 NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26427 CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26047 NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.5 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26433 CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26420 CVE-2022-32080 RESERVED CVE-2022-32079 RESERVED CVE-2022-32078 RESERVED CVE-2022-32077 RESERVED CVE-2022-32076 RESERVED CVE-2022-32075 RESERVED CVE-2022-32074 (A stored cross-site scripting (XSS) vulnerability in the component aud ...) NOT-FOR-US: osTicket-plugins CVE-2022-32073 (WolfSSH v1.4.7 was discovered to contain an integer overflow via the f ...) - wolfssh (bug #983449) CVE-2022-32072 RESERVED CVE-2022-32071 RESERVED CVE-2022-32070 RESERVED CVE-2022-32069 RESERVED CVE-2022-32068 RESERVED CVE-2022-32067 RESERVED CVE-2022-32066 RESERVED CVE-2022-32065 (An arbitrary file upload vulnerability in the background management mo ...) NOT-FOR-US: RuoYi CVE-2022-32064 RESERVED CVE-2022-32063 RESERVED CVE-2022-32062 RESERVED CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User function und ...) - snipe-it (bug #1005172) CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding Settings ...) - snipe-it (bug #1005172) CVE-2022-32059 RESERVED CVE-2022-32058 (An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-W ...) NOT-FOR-US: TP-Link CVE-2022-32057 RESERVED CVE-2022-32056 (Online Accreditation Management v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Online Accreditation Management CVE-2022-32055 (Inout Homestay v2.2 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: Inout Homestay CVE-2022-32054 (Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to co ...) NOT-FOR-US: Tenda CVE-2022-32053 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32052 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32051 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32050 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32049 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32048 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32047 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32046 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32045 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32044 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) NOT-FOR-US: TOTOLINK CVE-2022-32043 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32042 RESERVED CVE-2022-32041 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32040 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32039 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32038 RESERVED CVE-2022-32037 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32036 (Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow v ...) NOT-FOR-US: Tenda CVE-2022-32035 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32034 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) NOT-FOR-US: Tenda CVE-2022-32033 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-32032 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-32031 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-32030 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-32029 RESERVED CVE-2022-32028 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32027 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32026 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32025 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32024 (Car Rental Management System v1.0 is vulnerable to SQL Injection via c ...) NOT-FOR-US: Car Rental Management System CVE-2022-32023 RESERVED CVE-2022-32022 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32021 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Car Rental Management System CVE-2022-32020 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...) NOT-FOR-US: Car Rental Management System CVE-2022-32019 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...) NOT-FOR-US: Car Rental Management System CVE-2022-32018 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32017 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32016 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32015 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32014 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32013 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32012 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32011 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32010 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32009 RESERVED CVE-2022-32008 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32007 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-32006 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32005 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32004 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32003 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32002 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32001 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-32000 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31999 RESERVED CVE-2022-31998 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31997 RESERVED CVE-2022-31996 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31995 RESERVED CVE-2022-31994 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31993 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31992 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31991 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31990 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31989 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31988 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31987 RESERVED CVE-2022-31986 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31985 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31982 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31981 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31980 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31979 RESERVED CVE-2022-31978 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31977 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31976 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31975 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31974 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31973 (Online Fire Reporting System v1.0 is vulnerable to Delete any file via ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31972 RESERVED CVE-2022-31971 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) NOT-FOR-US: ChatBot App with Suggestion CVE-2022-31970 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) NOT-FOR-US: ChatBot App with Suggestion CVE-2022-31969 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) NOT-FOR-US: ChatBot App with Suggestion CVE-2022-31968 RESERVED CVE-2022-31967 RESERVED CVE-2022-31966 (ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via ...) NOT-FOR-US: ChatBot App with Suggestion CVE-2022-31965 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31964 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31963 RESERVED CVE-2022-31962 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31961 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31960 RESERVED CVE-2022-31959 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31958 RESERVED CVE-2022-31957 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31956 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31955 RESERVED CVE-2022-31954 RESERVED CVE-2022-31953 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31952 (Rescue Dispatch Management System v1.0 is vulnerable to SQL injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31951 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31950 RESERVED CVE-2022-31949 RESERVED CVE-2022-31948 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31947 RESERVED CVE-2022-31946 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete any fil ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31944 RESERVED CVE-2022-31943 (MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnera ...) NOT-FOR-US: MCMS CVE-2022-31942 RESERVED CVE-2022-31941 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-31940 RESERVED CVE-2022-31939 RESERVED CVE-2022-31938 RESERVED CVE-2022-31937 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to con ...) NOT-FOR-US: Netgear CVE-2022-31936 RESERVED CVE-2022-31935 RESERVED CVE-2022-31934 RESERVED CVE-2022-31933 RESERVED CVE-2022-31932 RESERVED CVE-2022-31931 RESERVED CVE-2022-31930 RESERVED CVE-2022-31929 RESERVED CVE-2022-31928 RESERVED CVE-2022-31927 RESERVED CVE-2022-31926 RESERVED CVE-2022-31925 RESERVED CVE-2022-31924 RESERVED CVE-2022-31923 RESERVED CVE-2022-31922 RESERVED CVE-2022-31921 RESERVED CVE-2022-31920 RESERVED CVE-2022-31919 RESERVED CVE-2022-31918 RESERVED CVE-2022-31917 RESERVED CVE-2022-31916 RESERVED CVE-2022-31915 RESERVED CVE-2022-31914 (Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Zoo Management System CVE-2022-31913 (Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: Online Discussion Forum Site CVE-2022-31912 (Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps ...) NOT-FOR-US: Online Tutor Portal Site CVE-2022-31911 (Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via / ...) NOT-FOR-US: Online Discussion Forum Site CVE-2022-31910 (Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (X ...) NOT-FOR-US: Online Tutor Portal Site CVE-2022-31909 RESERVED CVE-2022-31908 (Student Registration and Fee Payment System v1.0 is vulnerable to SQL ...) NOT-FOR-US: Student Registration and Fee Payment System CVE-2022-31907 RESERVED CVE-2022-31906 (Online Fire Reporting System v1.0 is vulnerable to Cross Site Scriptin ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31905 RESERVED CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to ...) NOT-FOR-US: EGT-Kommunikationstechnik UG Mediacenter CVE-2022-31903 RESERVED CVE-2022-31902 (Notepad++ v8.4.1 was discovered to contain a stack overflow via the co ...) NOT-FOR-US: Notepad++ CVE-2022-31901 (Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4 ...) NOT-FOR-US: Notepad++ CVE-2022-31900 RESERVED CVE-2022-31899 RESERVED CVE-2022-31898 (gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were disc ...) NOT-FOR-US: gl-inet GL-MT300N-V2 Mango and GL-AX1800 Flint CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site S ...) NOT-FOR-US: SourceCodester Zoo Management System CVE-2022-31896 RESERVED CVE-2022-31895 RESERVED CVE-2022-31894 RESERVED CVE-2022-31893 RESERVED CVE-2022-31892 RESERVED CVE-2022-31891 RESERVED CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in osTicket osTic ...) NOT-FOR-US: osTicket CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs. ...) NOT-FOR-US: osTicket CVE-2022-31888 (Session Fixation vulnerability in in function login in class.auth.php ...) NOT-FOR-US: osTicket CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...) NOT-FOR-US: Marval MSM CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery ...) NOT-FOR-US: Marval MSM CVE-2022-31885 (Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to ...) NOT-FOR-US: Marval MSM CVE-2022-31884 (Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability ...) NOT-FOR-US: Marval MSM CVE-2022-31883 (Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference ( ...) NOT-FOR-US: Marval MSM CVE-2022-31882 RESERVED CVE-2022-31881 RESERVED CVE-2022-31880 RESERVED CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL Injection via th ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31878 RESERVED CVE-2022-31877 (An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41 ...) NOT-FOR-US: MSI Center CVE-2022-31876 (netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorr ...) NOT-FOR-US: Netgear CVE-2022-31875 (Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnera ...) NOT-FOR-US: Trendnet CVE-2022-31874 (ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in ...) NOT-FOR-US: ASUS CVE-2022-31873 (Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnera ...) NOT-FOR-US: Trendnet CVE-2022-31872 RESERVED CVE-2022-31871 RESERVED CVE-2022-31870 RESERVED CVE-2022-31869 RESERVED CVE-2022-31868 RESERVED CVE-2022-31867 RESERVED CVE-2022-31866 RESERVED CVE-2022-31865 RESERVED CVE-2022-31864 RESERVED CVE-2022-31863 RESERVED CVE-2022-31862 RESERVED CVE-2022-31861 (Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 ...) NOT-FOR-US: ThingsBoard IoT Platform CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows attackers t ...) NOT-FOR-US: OpenRemote CVE-2022-31859 RESERVED CVE-2022-31858 RESERVED CVE-2022-31857 RESERVED CVE-2022-31856 (Newsletter Module v3.x was discovered to contain a SQL injection vulne ...) NOT-FOR-US: OpenCart Newsletter Module CVE-2022-31855 RESERVED CVE-2022-31854 (Codoforum v5.1 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Codoforum CVE-2022-31853 RESERVED CVE-2022-31852 RESERVED CVE-2022-31851 RESERVED CVE-2022-31850 RESERVED CVE-2022-31849 (MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to con ...) NOT-FOR-US: MERCURY CVE-2022-31848 RESERVED CVE-2022-31847 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M ...) NOT-FOR-US: WAVLINK CVE-2022-31846 (A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180 ...) NOT-FOR-US: WAVLINK CVE-2022-31845 (A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.1 ...) NOT-FOR-US: WAVLINK CVE-2022-31844 RESERVED CVE-2022-31843 RESERVED CVE-2022-31842 RESERVED CVE-2022-31841 RESERVED CVE-2022-31840 RESERVED CVE-2022-31839 RESERVED CVE-2022-31838 RESERVED CVE-2022-31837 RESERVED CVE-2022-31836 (The leafInfo.match() function in Beego v2.0.3 and below uses path.join ...) NOT-FOR-US: Beego CVE-2022-31835 RESERVED CVE-2022-31834 RESERVED CVE-2022-31833 RESERVED CVE-2022-31832 RESERVED CVE-2022-31831 RESERVED CVE-2022-31830 (Kity Minder v1.3.5 was discovered to contain a Server-Side Request For ...) NOT-FOR-US: Kity Minder CVE-2022-31829 RESERVED CVE-2022-31828 RESERVED CVE-2022-31827 (MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forg ...) NOT-FOR-US: MonstaFTP CVE-2022-31826 RESERVED CVE-2022-31825 RESERVED CVE-2022-31824 RESERVED CVE-2022-31823 RESERVED CVE-2022-31822 RESERVED CVE-2022-31821 RESERVED CVE-2022-31820 RESERVED CVE-2022-31819 RESERVED CVE-2022-31818 RESERVED CVE-2022-31817 RESERVED CVE-2022-31816 RESERVED CVE-2022-31815 RESERVED CVE-2022-31814 (pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execut ...) NOT-FOR-US: pfSense CVE-2022-1948 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab (Vulnerable code introduced later) NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...) NOT-FOR-US: Trudesk CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813 NOTE: https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305 NOTE: https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html CVE-2022-31812 RESERVED CVE-2022-31811 RESERVED CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All versions ...) NOT-FOR-US: SiPass CVE-2022-31809 RESERVED CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...) NOT-FOR-US: SiPass CVE-2022-31807 RESERVED CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...) NOT-FOR-US: CODESYS CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...) NOT-FOR-US: CODESYS CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size of a requ ...) NOT-FOR-US: CODESYS CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the activity of ...) NOT-FOR-US: CODESYS CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a pa ...) NOT-FOR-US: CODESYS CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...) NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...) NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...) [experimental] - gitlab 14.9.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...) - linux 5.17.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412 NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7) CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) CVE-2022-1941 (A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...) {DLA-3393-1} [experimental] - protobuf 3.20.2-1 - protobuf 3.21.9-3 [bullseye] - protobuf 3.12.4-1+deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2022/09/27/1 NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf NOTE: https://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7 (v3.20.2) NOTE: https://github.com/protocolbuffers/protobuf/commit/7764c864bd5acdf60230a7b8fd29816170d0d04e (main) CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration in Git ...) - gitlab (Vulnerable code introduced later) NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...) NOT-FOR-US: WordPress plugin CVE-2022-1938 (The Awin Data Feed WordPress plugin before 1.8 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1937 (The Awin Data Feed WordPress plugin before 1.8 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [Sanitizing and other XSS protections] - spip 4.1.2+dfsg-1 [bullseye] - spip 3.2.11-3+deb11u4 [buster] - spip 3.2.4-1+deb10u8 NOTE: https://git.spip.net/spip/spip/commit/3b99287c9e1f7b9aee4c7e22b2a233fde5becd86 NOTE: https://git.spip.net/spip/spip/commit/edb6a01c6dd2420ed5e125385252d37b86f93d68 NOTE: https://git.spip.net/spip-team/securite/issues/3597 (not public) NOTE: https://git.spip.net/spip/spip/commit/b28e1f9a39dd54e0f0bbfe3b211160e71d2562b7 NOTE: https://git.spip.net/spip-team/securite/issues/3602 (not public) NOTE: https://git.spip.net/spip/spip/commit/772a4baeda4eed24cbe8953fa60e7c7dcd6859a2 NOTE: https://git.spip.net/spip-team/securite/issues/3698 (not public) NOTE: https://git.spip.net/spip/spip/commit/e9a03a38d5ee606b79d795f8e28c29d4eb74838e NOTE: https://git.spip.net/spip-team/securite/issues/3702 (not public) NOTE: https://git.spip.net/spip/spip/commit/d99890f66906ab52aa18f9df6109e694192bc54e NOTE: https://git.spip.net/spip-team/securite/issues/3703 (not public) NOTE: https://git.spip.net/spip/spip/commit/97845aa30aa8d845d88b86715eab53b1de5e9c6d NOTE: https://git.spip.net/spip-team/securite/issues/3728 (not public) NOTE: https://git.spip.net/spip/spip/commit/754677579b34a1705a83b8d2674baaba17472b4d NOTE: https://git.spip.net/spip/spip/commit/871777b0f56ce92c26fde3a3a53c625eb68dcff6 NOTE: https://git.spip.net/spip-team/securite/issues/4494 (not public) NOTE: https://git.spip.net/spip/spip/commit/901f583021938d4b1b1632cc8ec51950a1f3e988 NOTE: https://git.spip.net/spip/spip/commit/ac67fc5be53e2e085c0599144a217b440dd72fa1 NOTE: https://git.spip.net/spip/spip/commit/2ce34e62ebe457d06339d5b3cb92852d1d80635c NOTE: https://git.spip.net/spip/spip/commit/8283532c94dac9f08c1fd250b433491d3fe22c84 NOTE: https://git.spip.net/spip-team/securite/issues/3733 (not public) NOTE: https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182 NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr CVE-2022-31798 (Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /car ...) NOT-FOR-US: Nortek Linear eMerge E3-Series devices CVE-2022-31797 RESERVED CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) [experimental] - gitlab 14.9.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) [experimental] - gitlab 14.9.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2.) - mruby (Vulnerable code introduced after 3.0) NOTE: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f/ NOTE: https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRe ...) - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/71 NOTE: https://github.com/thorfdbg/libjpeg/commit/187035b9726710b4fe11d565c7808975c930895d NOTE: Crash in CLI tool, no security impact CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...) NOT-FOR-US: Fujitsu CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...) NOT-FOR-US: Fujitsu CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...) NOT-FOR-US: WordPress plugin CVE-2022-1932 (The Rezgo Online Booking WordPress plugin before 4.1.8 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding.) {DSA-5159-1 DLA-3048-1} - python-bottle 0.12.20-1 NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20) CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...) NOT-FOR-US: Trudesk CVE-2022-1930 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: ethereum/eth-account CVE-2022-1929 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: devcert Nodejs module CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gite ...) - gitea CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777 NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037) NOTE: Crash in CLI tool, no security impact CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) NOT-FOR-US: Trudesk CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote attacker ...) NOT-FOR-US: Arris CVE-2022-31792 (A stored cross-site scripting (XSS) vulnerability exists in the manage ...) NOT-FOR-US: WatchGuard Firebox and XTM appliances CVE-2022-31791 (WatchGuard Firebox and XTM appliances allow a local attacker (that has ...) NOT-FOR-US: WatchGuard Firebox and XTM appliances CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...) NOT-FOR-US: WatchGuard Firebox and XTM appliances CVE-2022-31789 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...) NOT-FOR-US: WatchGuard Firebox and XTM appliances CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...) NOT-FOR-US: IdeaLMS CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO) NOT-FOR-US: IdeaLMS CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...) NOT-FOR-US: IdeaLMS CVE-2022-31785 RESERVED CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...) NOT-FOR-US: Mitel CVE-2022-31783 (Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTr ...) - liblouis 3.22.0-1 (bug #1011984) [bullseye] - liblouis (Minor issue) [buster] - liblouis (Minor issue) NOTE: https://github.com/liblouis/liblouis/issues/1214 NOTE: https://github.com/liblouis/liblouis/commit/2e4772befb2b1c37cb4b9d6572945115ee28630a (v3.22.0) CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...) - freetype 2.12.1+dfsg-3 (unimportant) NOTE: https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8 NOTE: Only impact the ftbench in freetype2-demos CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...) NOT-FOR-US: Apache Tapestry CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...) {DSA-5206-1 DLA-3279-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...) {DSA-5206-1 DLA-3385-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31778 (Improper Input Validation vulnerability in handling the Transfer-Encod ...) {DSA-5206-1 DLA-3385-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-31777 (A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2. ...) - apache-spark (bug #802194) CVE-2022-31776 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-31775 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-31774 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-31773 (IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2022-31772 (IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow ...) NOT-FOR-US: IBM CVE-2022-31771 RESERVED CVE-2022-31770 (IBM App Connect Enterprise Certified Container 4.2 could allow a user ...) NOT-FOR-US: IBM CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow ...) NOT-FOR-US: IBM CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) NOT-FOR-US: Siemens CVE-2022-31765 (Affected devices do not properly authorize the change password functio ...) NOT-FOR-US: Siemens CVE-2022-31764 RESERVED NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo decompression ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip decompressio ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib decompressio ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert function ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0d9ce6c9412006c7bf2aefd1992e7d6ba16e93b7 (1.20.3) CVE-2022-1920 (Integer overflow in matroskademux element in gst_matroska_demux_add_wv ...) {DSA-5204-1 DLA-3069-1} - gst-plugins-good1.0 1.20.3-1 NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0004.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0df0dd7fe388174e4835eda4526b47f470a56370 (1.20.3) CVE-2022-1919 (Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allow ...) - firefox 101.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919 CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: ToolBar to Share plugin for WordPress CVE-2022-1917 RESERVED CVE-2022-1916 (The Active Products Tables for WooCommerce. Professional products tabl ...) NOT-FOR-US: WordPress plugin CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2022-1914 (The Clean-Contact WordPress plugin through 1.6 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-1911 (Error in parser function in M-Files Server versions before 22.6.11534. ...) NOT-FOR-US: M-Files Server CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...) NOT-FOR-US: WordPress plugin CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) NOT-FOR-US: organizr CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - libmobi 0.11+dfsg-1 (bug #1011971) NOTE: https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8 NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11) CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - libmobi 0.11+dfsg-1 (bug #1011971) NOTE: https://huntr.dev/bounties/4eb0fa3e-4480-4fb5-8ec0-fbcd71de6012 NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11) CVE-2022-1906 (The Copyright Proof WordPress plugin through 4.16 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-1904 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-1903 (The ARMember WordPress plugin before 3.4.8 is vulnerable to account ta ...) NOT-FOR-US: WordPress plugin CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...) NOT-FOR-US: Platinum Mobile CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array vulnera ...) NOT-FOR-US: Huawei CVE-2022-31762 (The AMS module has a vulnerability in input validation. Successful exp ...) NOT-FOR-US: Huawei CVE-2022-31761 (Configuration defects in the secure OS module. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2022-31760 (Dialog boxes can still be displayed even if the screen is locked in ca ...) NOT-FOR-US: Huawei CVE-2022-31759 (AppLink has a vulnerability of accessing uninitialized pointers. Succe ...) NOT-FOR-US: Huawei CVE-2022-31758 (The kernel module has the race condition vulnerability. Successful exp ...) NOT-FOR-US: Huawei CVE-2022-31757 (The setting module has a vulnerability of improper use of APIs. Succes ...) NOT-FOR-US: Huawei CVE-2022-31756 (The fingerprint sensor module has design defects. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2022-31755 (The communication module has a vulnerability of improper permission pr ...) NOT-FOR-US: Huawei CVE-2022-31754 (Logical defects in code implementation in some products. Successful ex ...) NOT-FOR-US: Huawei CVE-2022-31753 (The voice wakeup module has a vulnerability of using externally-contro ...) NOT-FOR-US: Huawei CVE-2022-31752 (Missing authorization vulnerability in the system components. Successf ...) NOT-FOR-US: Huawei CVE-2022-31751 (The kernel emcom module has multi-thread contention. Successful exploi ...) NOT-FOR-US: Huawei CVE-2022-31750 RESERVED CVE-2022-1902 (A flaw was found in the Red Hat Advanced Cluster Security for Kubernet ...) NOT-FOR-US: StackRox Kubernetes Security Platform CVE-2022-1901 (In affected versions of Octopus Deploy it is possible to unmask sensit ...) NOT-FOR-US: Octopus Deploy CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: Copify plugin for WordPress CVE-2021-46815 REJECTED CVE-2021-46814 (The video framework has an out-of-bounds memory read/write vulnerabili ...) NOT-FOR-US: Huawei CVE-2021-46813 (Vulnerability of residual files not being deleted after an update in t ...) NOT-FOR-US: Huawei CVE-2021-46812 (The Device Manager has a vulnerability in multi-device interaction. Su ...) NOT-FOR-US: Huawei CVE-2021-46811 (HwSEServiceAPP has a vulnerability in permission management. Successfu ...) NOT-FOR-US: Huawei CVE-2020-36527 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Atlassian CVE-2020-36526 (A vulnerability classified as problematic was found in Countdown Timer ...) NOT-FOR-US: Atlassian CVE-2020-36525 (A vulnerability classified as problematic has been found in Linking. T ...) NOT-FOR-US: Linking CVE-2020-36524 (A vulnerability was found in Refined Toolkit. It has been rated as pro ...) NOT-FOR-US: Atlassian CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been declared as pr ...) NOT-FOR-US: Atlassian PlantUML plugin CVE-2022-31749 RESERVED CVE-2022-31748 (Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon ...) - firefox 101.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748 CVE-2022-31747 (Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozil ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747 CVE-2022-31746 (Internal URLs are protected by a secret UUID key, which could have bee ...) - firefox (Specific to Firefox on iOS) NOTE: https://www.mozilla.org/security/advisories/mfsa2022-27/ CVE-2022-31745 (If array shift operations are not used, the Garbage Collector may have ...) - firefox 101.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745 CVE-2022-31744 (An attacker could have injected CSS into stylesheets accessible via in ...) {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 101.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-31744 CVE-2022-31743 (Firefox's HTML parser did not correctly interpret HTML comment tags, r ...) - firefox 101.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743 CVE-2022-31742 (An attacker could have exploited a timing attack by sending a large nu ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 CVE-2022-31741 (A crafted CMS message could have been processed incorrectly, leading t ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 CVE-2022-31740 (On arm64, WASM code could have resulted in incorrect assembly generati ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740 CVE-2022-31739 (When downloading files on Windows, the % character was not escaped, wh ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739 CVE-2022-31738 (When exiting fullscreen mode, an iframe could have confused the browse ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 CVE-2022-31737 (A malicious webpage could have caused an out-of-bounds write in WebGL, ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 CVE-2022-31736 (A malicious website could have learned the size of a cross-origin reso ...) {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} - firefox 101.0-1 - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736 CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024) NOTE: Crash in CLI tool, no security impact CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023) CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanitise o ...) NOT-FOR-US: WordPress plugin CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape and s ...) NOT-FOR-US: WordPress plugin CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) NOT-FOR-US: Zoo Management System CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and starting with ...) NOT-FOR-US: diego-release CVE-2022-31732 RESERVED CVE-2022-31731 RESERVED CVE-2022-31730 RESERVED CVE-2022-31729 RESERVED CVE-2022-31728 RESERVED CVE-2022-31727 RESERVED CVE-2022-31726 RESERVED CVE-2022-31725 RESERVED CVE-2022-31724 RESERVED CVE-2022-31723 RESERVED CVE-2022-31722 RESERVED CVE-2022-31721 RESERVED CVE-2022-31720 RESERVED CVE-2022-31719 RESERVED CVE-2022-31718 RESERVED CVE-2022-31717 RESERVED CVE-2022-31716 RESERVED CVE-2022-31715 RESERVED CVE-2022-31714 RESERVED CVE-2022-31713 RESERVED CVE-2022-31712 RESERVED CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...) NOT-FOR-US: VMware CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...) NOT-FOR-US: VMware CVE-2022-31709 RESERVED CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...) NOT-FOR-US: VMware CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...) NOT-FOR-US: VMware CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...) NOT-FOR-US: VMware CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...) NOT-FOR-US: VMware CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...) NOT-FOR-US: VMware CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...) NOT-FOR-US: VMware CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...) NOT-FOR-US: VMware CVE-2022-31701 (VMware Workspace ONE Access and Identity Manager contain a broken auth ...) NOT-FOR-US: VMware CVE-2022-31700 (VMware Workspace ONE Access and Identity Manager contain an authentica ...) NOT-FOR-US: VMware CVE-2022-31699 (VMware ESXi contains a heap-overflow vulnerability. A malicious local ...) NOT-FOR-US: VMware CVE-2022-31698 (The vCenter Server contains a denial-of-service vulnerability in the c ...) NOT-FOR-US: VMware CVE-2022-31697 (The vCenter Server contains an information disclosure vulnerability du ...) NOT-FOR-US: VMware CVE-2022-31696 (VMware ESXi contains a memory corruption vulnerability that exists in ...) NOT-FOR-US: VMware CVE-2022-31695 RESERVED CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...) NOT-FOR-US: InstallBuilder Qt installers CVE-2022-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...) NOT-FOR-US: VMware CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...) - libspring-security-2.0-java CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode ...) NOT-FOR-US: Spring Tools 4 for Eclipse CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...) - libspring-security-2.0-java CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session fixation ...) NOT-FOR-US: VMware CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross- ...) NOT-FOR-US: VMware CVE-2022-31687 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Co ...) NOT-FOR-US: VMware CVE-2022-31686 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentic ...) NOT-FOR-US: VMware CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentication ...) NOT-FOR-US: VMware CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2022-31683 (Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an ...) NOT-FOR-US: VMware CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...) NOT-FOR-US: VMware CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...) NOT-FOR-US: VMware CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerability in ...) NOT-FOR-US: VMware CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...) NOT-FOR-US: VMware CVE-2022-31678 (VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) ...) NOT-FOR-US: VMware CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...) NOT-FOR-US: Pinniped Supervisor CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...) {DSA-5215-1 DLA-3081-1} - open-vm-tools 2:12.1.0-1 (bug #1018012) NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 (stable-12.1.0) NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch NOTE: https://www.vmware.com/security/advisories/VMSA-2022-0024.html CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass vulnerabi ...) NOT-FOR-US: VMware CVE-2022-31674 (VMware vRealize Operations contains an information disclosure vulnerab ...) NOT-FOR-US: VMware CVE-2022-31673 (VMware vRealize Operations contains an information disclosure vulnerab ...) NOT-FOR-US: VMware CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation vulnerabili ...) NOT-FOR-US: VMware CVE-2022-31671 RESERVED CVE-2022-31670 RESERVED CVE-2022-31669 RESERVED CVE-2022-31668 RESERVED CVE-2022-31667 RESERVED CVE-2022-31666 RESERVED CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31663 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31662 (VMware Workspace ONE Access, Identity Manager, Connectors and vRealize ...) NOT-FOR-US: VMware CVE-2022-31661 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31660 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31659 (VMware Workspace ONE Access and Identity Manager contain a remote code ...) NOT-FOR-US: VMware CVE-2022-31658 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31657 (VMware Workspace ONE Access and Identity Manager contain a URL injecti ...) NOT-FOR-US: VMware CVE-2022-31656 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...) NOT-FOR-US: VMware CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...) NOT-FOR-US: VMware CVE-2022-31653 RESERVED CVE-2022-31652 RESERVED CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.1 (bug #1012516) NOTE: https://sourceforge.net/p/sox/bugs/360/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.1 (bug #1012516) NOTE: https://sourceforge.net/p/sox/bugs/360/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...) - owncloud CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...) NOT-FOR-US: Talend Administration Center CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...) NOT-FOR-US: Docker Desktop CVE-2022-31646 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31645 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31644 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...) NOT-FOR-US: HP CVE-2022-31642 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31641 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31640 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-31637 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-31636 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-31635 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-31634 RESERVED CVE-2022-31633 RESERVED CVE-2022-31632 RESERVED CVE-2022-31631 RESERVED {DSA-5363-1 DLA-3345-1} - php8.2 8.2.1-1 - php8.1 - php7.4 - php7.3 NOTE: Fixed in 8.0.27, 8.1.14, 8.2.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740 NOTE: Fixed by: https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba (php-8.0.27) NOTE: Improvement: https://github.com/php/php-src/commit/a6a80eefe0413c91acd922bc58590a4db7979af0 CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ...) {DSA-5277-1} - php8.1 8.1.12-1 - php7.4 - php7.3 (Vulnerable code introduced later) NOTE: Fixed in 8.1.12, 8.0.25, 7.4.33 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81739 NOTE: Introduced by: https://github.com/php/php-src/commit/88b603768f8e5074ad5cbdccc1e0779089fac9d0 (php-7.4.0alpha2) NOTE: Fixed by: https://github.com/php/php-src/commit/ac45ce85c8750a6fb9745093180674d029acc5bd (PHP-8.1.12) CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...) {DSA-5277-1 DLA-3243-1} - php8.1 8.1.12-1 (bug #1021138) - php7.4 - php7.3 NOTE: Fixed in 8.1.11, 7.4.32 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727 NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...) {DSA-5277-1 DLA-3243-1} - php8.1 8.1.12-1 (bug #1021138) - php7.4 - php7.3 NOTE: Fixed in 8.1.11, 7.4.32 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81726 NOTE: https://github.com/php/php-src/commit/404e8bdb68350931176a5bdc86fc417b34fb583d NOTE: https://github.com/php/php-src/commit/432bf196d59bcb661fcf9cb7029cea9b43f490af CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...) - php8.1 8.1.12-1 (bug #1016972) - php7.4 (Only affects 8.1 and later) - php7.3 (Only affects 8.1 and later) NOTE: Fixed in 8.1.8 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81723 NOTE: https://github.com/php/php-src/commit/ca6d511fa54b34d5b75bf120a86482a1b9e1e686 CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) {DSA-5179-1 DLA-3243-1} - php8.1 8.1.7-1 (bug #1014533) - php7.4 - php7.3 - php7.0 [stretch] - php7.0 (Minor issue; can be fixed in next update) NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81719 NOTE: https://github.com/php/php-src/commit/58006537fc5f133ae8549efe5118cde418b3ace9 (php-7.4.30) CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) {DSA-5179-1 DLA-3243-1} - php8.1 8.1.7-1 (bug #1014533) - php7.4 - php7.3 - php7.0 [stretch] - php7.0 (Minor issue; can be fixed in next update) NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81720 NOTE: https://github.com/php/php-src/commit/55f6895f4b4c677272fd4ee1113acdbd99c4b5ab (php-7.4.30) CVE-2022-31624 (MariaDB Server before 10.7 is vulnerable to Denial of Service. While e ...) - mariadb-10.6 1:10.6.5-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26556 NOTE: https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 (mariadb-10.2.41) CVE-2022-31623 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) - mariadb-10.6 1:10.6.6-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 - mariadb-10.1 NOTE: https://github.com/MariaDB/server/pull/1938 NOTE: https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 (mariadb-10.2.42) CVE-2022-31622 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) - mariadb-10.6 1:10.6.6-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26561 NOTE: https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 (mariadb-10.2.42) CVE-2022-31621 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) - mariadb-10.6 1:10.6.5-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26574 NOTE: https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 (mariadb-10.2.41) CVE-2022-31620 (In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an ...) - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/issues/70 NOTE: https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a NOTE: Crash in CLI tool, no security impact CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lite vers ...) NOT-FOR-US: Modern Events Calendar Lite CVE-2022-1893 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) NOT-FOR-US: Trudesk CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...) NOT-FOR-US: Lenovo CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...) NOT-FOR-US: Lenovo CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...) NOT-FOR-US: Lenovo CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer ...) NOT-FOR-US: Fuji Electric CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...) NOT-FOR-US: angular/angular - replacement for deprecated angularjs NOTE: AngularJS upstream support has officially ended as of January 2022 CVE-2022-31619 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-1887 (The search term could have been specified externally to trigger SQL in ...) - firefox (Only affects Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-23/#CVE-2022-1887 CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a NOTE: https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 (v8.2.5016) NOTE: Crash in CLI tool, no security impact CVE-2022-1885 (The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1884 RESERVED CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...) NOT-FOR-US: camptocamp/terraboard CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel\u2019s pipes funct ...) - linux 5.18.16-1 (unimportant) [bullseye] - linux 5.10.136-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2089701 NOTE: https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel@gmail.com/T/ NOTE: https://ssd-disclosure.com/ssd-advisory-linux-config_watch_queue-lpe/ NOTE: CONFIG_WATCH_QUEUE is not enabled in Debian builds CVE-2022-27176 (Incomplete filtering of special elements vulnerability exists in RevoW ...) NOT-FOR-US: RevoWorks CVE-2022-1881 (In affected versions of Octopus Server an Insecure Direct Object Refer ...) NOT-FOR-US: Octopus Server CVE-2022-1880 RESERVED CVE-2022-1879 RESERVED CVE-2022-1878 RESERVED CVE-2022-1877 RESERVED CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31616 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 - nvidia-graphics-drivers-tesla-418 (bug #1016617) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31611 (NVIDIA GeForce Experience contains an uncontrolled search path vulnera ...) NOT-FOR-US: NVIDIA CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31608 (NVIDIA GPU Display Driver for Linux contains a vulnerability in an opt ...) - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 - nvidia-graphics-drivers-tesla-418 (bug #1016617) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) CVE-2022-31607 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1016615) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 - nvidia-graphics-drivers-tesla-418 (bug #1016617) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) CVE-2022-31606 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its util ...) NOT-FOR-US: NVFLARE CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI ...) NOT-FOR-US: NVFLARE CVE-2022-31603 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...) NOT-FOR-US: NVIDIA CVE-2022-31602 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...) NOT-FOR-US: NVIDIA CVE-2022-31601 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, wh ...) NOT-FOR-US: NVIDIA CVE-2022-31600 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, wher ...) NOT-FOR-US: NVIDIA CVE-2022-31599 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a ...) NOT-FOR-US: NVIDIA CVE-2022-1876 (Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005. ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1875 (Inappropriate implementation in PDF in Google Chrome prior to 102.0.50 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1874 (Insufficient policy enforcement in Safe Browsing in Google Chrome on M ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1873 (Insufficient policy enforcement in COOP in Google Chrome prior to 102. ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1872 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1871 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1870 (Use after free in App Service in Google Chrome prior to 102.0.5005.61 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1869 (Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://securitylab.github.com/advisories/GHSL-2022-043_Chromium/ CVE-2022-1868 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1867 (Insufficient validation of untrusted input in Data Transfer in Google ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1866 (Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 1 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1865 (Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 al ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1864 (Use after free in WebApp Installs in Google Chrome prior to 102.0.5005 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1863 (Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 a ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1862 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1861 (Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1860 (Use after free in UI Foundations in Google Chrome on Chrome OS prior t ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1859 (Use after free in Performance Manager in Google Chrome prior to 102.0. ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1858 (Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1857 (Insufficient policy enforcement in File System API in Google Chrome pr ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1856 (Use after free in User Education in Google Chrome prior to 102.0.5005. ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1855 (Use after free in Messaging in Google Chrome prior to 102.0.5005.61 al ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1854 (Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowe ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1853 (Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 a ...) {DSA-5148-1} - chromium 102.0.5005.61-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1852 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s K ...) {DSA-5161-1} - linux 5.18.2-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9 CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d NOTE: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013) NOTE: Crash in CLI tool, no security impact CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...) NOT-FOR-US: filegator CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior to 7.8 ...) NOT-FOR-US: filegator CVE-2022-1848 (Business Logic Errors in GitHub repository erudika/para prior to 1.45. ...) NOT-FOR-US: erudika/para CVE-2022-1847 (The Rotating Posts WordPress plugin through 1.11 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2022-1846 (The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1845 (The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1844 (The WP Sentry WordPress plugin through 1.0 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-1843 (The MailPress WordPress plugin through 7.2.1 does not have CSRF checks ...) NOT-FOR-US: WordPress plugin CVE-2022-1842 (The OpenBook Book Data WordPress plugin through 3.5.2 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2021-4230 (A vulnerability has been found in Airfield Online and classified as pr ...) NOT-FOR-US: Airfield Online CVE-2021-4229 (A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has b ...) - node-ua-parser-js (Vulnerable versions not uploaded to Debian) NOTE: https://github.com/advisories/GHSA-pjwm-rvh2-c87w NOTE: https://github.com/faisalman/ua-parser-js/issues/536 NOTE: https://vuldb.com/?id.185453 CVE-2014-125001 (A vulnerability classified as critical has been found in Cardo Systems ...) NOT-FOR-US: Cardo Systems Scala Rider Q3 CVE-2013-10004 (A vulnerability classified as critical was found in Telecommunication ...) NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite CVE-2013-10003 (A vulnerability classified as critical has been found in Telecommunica ...) NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite CVE-2013-10002 (A vulnerability was found in Telecommunication Software SAMwin Contact ...) NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects - version 4 ...) NOT-FOR-US: SAP CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAP ...) NOT-FOR-US: SAP CVE-2022-31596 (Under certain conditions, an attacker authenticated as a CMS administr ...) NOT-FOR-US: SAP CVE-2022-31595 (SAP Financial Consolidation - version 1010,\ufffddoes not perform nece ...) NOT-FOR-US: SAP CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...) NOT-FOR-US: SAP CVE-2022-31593 (SAP Business One client - version 10.0 allows an attacker with low pri ...) NOT-FOR-US: SAP CVE-2022-31592 (The application SAP Enterprise Extension Defense Forces & Public Secur ...) NOT-FOR-US: SAP CVE-2022-31591 (SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a s ...) NOT-FOR-US: SAP CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker with low pr ...) NOT-FOR-US: SAP CVE-2022-31589 (Due to improper authorization check, business users who are using Isra ...) NOT-FOR-US: SAP CVE-2022-31588 (The zippies/testplatform repository through 2016-07-19 on GitHub allow ...) NOT-FOR-US: zippies/testplatform CVE-2022-31587 (The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on Gi ...) NOT-FOR-US: yuriyouzhou/KG-fashion-chatbot CVE-2022-31586 (The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 ...) NOT-FOR-US: unizar-30226-2019-06/ChangePop-Back CVE-2022-31585 (The umeshpatil-dev/Home__internet repository through 2020-08-28 on Git ...) NOT-FOR-US: umeshpatil-dev/Home__internet CVE-2022-31584 (The stonethree/s3label repository through 2019-08-14 on GitHub allows ...) NOT-FOR-US: stonethree/s3label CVE-2022-31583 (The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 ...) NOT-FOR-US: sravaniboinepelli/AutomatedQuizEval CVE-2022-31582 (The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows ...) NOT-FOR-US: shaolo1/VideoServer CVE-2022-31581 (The scorelab/OpenMF repository before 2022-05-03 on GitHub allows abso ...) NOT-FOR-US: scorelab/OpenMF CVE-2022-31580 (The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitH ...) NOT-FOR-US: sanojtharindu/caretakerr-api CVE-2022-31579 (The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows ...) NOT-FOR-US: ralphjzhang/iasset CVE-2022-31578 (The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows ...) NOT-FOR-US: piaoyunsoft/bt_lnmp CVE-2022-31577 (The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on G ...) NOT-FOR-US: longmaoteamtf/audio_aligner_app CVE-2022-31576 (The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitH ...) NOT-FOR-US: heidi-luong1109/shackerpanel CVE-2022-31575 (The duducosmos/livro_python repository through 2018-06-06 on GitHub al ...) NOT-FOR-US: duducosmos/livro_python CVE-2022-31574 (The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub ...) NOT-FOR-US: deepaliupadhyay/RealEstate CVE-2022-31573 (The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub al ...) NOT-FOR-US: chainer/chainerrl-visualizer CVE-2022-31572 (The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows ...) NOT-FOR-US: ceee-vip/cockybook CVE-2022-31571 (The akashtalole/python-flask-restful-api repository through 2019-09-16 ...) NOT-FOR-US: akashtalole/python-flask-restful-api CVE-2022-31570 (The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 o ...) NOT-FOR-US: adriankoczuruek/ceneo-web-scrapper CVE-2022-31569 REJECTED CVE-2022-31568 (The Rexians/rex-web repository through 2022-06-05 on GitHub allows abs ...) NOT-FOR-US: Rexians/rex-web CVE-2022-31567 (The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute ...) NOT-FOR-US: DSABenchmark/DSAB CVE-2022-31566 (The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows abs ...) NOT-FOR-US: DSAB-local/DSAB CVE-2022-31565 (The yogson/syrabond repository through 2020-05-25 on GitHub allows abs ...) NOT-FOR-US: yogson/syrabond CVE-2022-31564 (The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows ...) NOT-FOR-US: woduq1414/munhak-moa CVE-2022-31563 (The whmacmac/vprj repository through 2022-04-06 on GitHub allows absol ...) NOT-FOR-US: whmacmac/vprj CVE-2022-31562 (The waveyan/internshipsystem repository through 2018-05-22 on GitHub a ...) NOT-FOR-US: waveyan/internshipsystem CVE-2022-31561 (The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on ...) NOT-FOR-US: varijkapil13/Sphere_ImageBackend CVE-2022-31560 (The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows ...) NOT-FOR-US: uncleYiba/photo_tag CVE-2022-31559 (The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows ...) NOT-FOR-US: tsileo/flask-yeoman CVE-2022-31558 (The tooxie/shiva-server repository through 0.10.0 on GitHub allows abs ...) NOT-FOR-US: tooxie/shiva-server CVE-2022-31557 (The seveas/golem repository through 2016-05-17 on GitHub allows absolu ...) NOT-FOR-US: seveas/golem CVE-2022-31556 (The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHu ...) NOT-FOR-US: rusyasoft/TrainEnergyServer CVE-2022-31555 (The romain20100/nursequest repository through 2018-02-22 on GitHub all ...) NOT-FOR-US: romain20100/nursequest CVE-2022-31554 (The rohitnayak/movie-review-sentiment-analysis repository through 2017 ...) NOT-FOR-US: rohitnayak/movie-review-sentiment-analysis CVE-2022-31553 (The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub a ...) NOT-FOR-US: rainsoupah/sleep-learner CVE-2022-31552 (The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on Gi ...) NOT-FOR-US: project-anuvaad/anuvaad-corpus CVE-2022-31551 (The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub ...) NOT-FOR-US: pleomax00/flask-mongo-skel CVE-2022-31550 (The olmax99/pyathenastack repository through 2019-11-08 on GitHub allo ...) NOT-FOR-US: olmax99/pyathenastack CVE-2022-31549 (The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub a ...) NOT-FOR-US: olmax99/helm-flask-celery CVE-2022-31548 (The nrlakin/homepage repository through 2017-03-06 on GitHub allows ab ...) NOT-FOR-US: nrlakin/homepage CVE-2022-31547 (The noamezekiel/sphere repository through 2020-05-31 on GitHub allows ...) NOT-FOR-US: noamezekiel/sphere CVE-2022-31546 (The nlpweb/glance repository through 2014-06-27 on GitHub allows absol ...) NOT-FOR-US: nlpweb/glance CVE-2022-31545 (The ml-inory/ModelConverter repository through 2021-04-26 on GitHub al ...) NOT-FOR-US: ml-inory/ModelConverter CVE-2022-31544 (The meerstein/rbtm repository through 1.5 on GitHub allows absolute pa ...) NOT-FOR-US: meerstein/rbtm CVE-2022-31543 (The maxtortime/SetupBox repository through 1.0 on GitHub allows absolu ...) NOT-FOR-US: maxtortime/SetupBox CVE-2022-31542 (The mandoku/mdweb repository through 2015-05-07 on GitHub allows absol ...) NOT-FOR-US: mandoku/mdweb CVE-2022-31541 (The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on Git ...) NOT-FOR-US: lyubolp/Barry-Voice-Assistant CVE-2022-31540 (The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on ...) NOT-FOR-US: kumardeepak/hin-eng-preprocessing CVE-2022-31539 (The kotekan/kotekan repository through 2021.11 on GitHub allows absolu ...) NOT-FOR-US: kotekan/kotekan CVE-2022-31538 (The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on Git ...) NOT-FOR-US: joaopedro-fg/mp-m08-interface CVE-2022-31537 (The jmcginty15/Solar-system-simulator repository through 2021-07-26 on ...) NOT-FOR-US: jmcginty15/Solar-system-simulator CVE-2022-31536 (The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub all ...) NOT-FOR-US: jaygarza1982/ytdl-sync CVE-2022-31535 (The freefood89/Fishtank repository through 2015-06-24 on GitHub allows ...) NOT-FOR-US: freefood89/Fishtank CVE-2022-31534 (The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub all ...) NOT-FOR-US: echoleegroup/PythonWeb CVE-2022-31533 (The decentraminds/umbral repository through 2020-01-15 on GitHub allow ...) NOT-FOR-US: decentraminds/umbral CVE-2022-31532 (The dankolbman/travel_blahg repository through 2016-01-16 on GitHub al ...) NOT-FOR-US: dankolbman/travel_blahg CVE-2022-31531 (The dainst/cilantro repository through 0.0.4 on GitHub allows absolute ...) NOT-FOR-US: dainst/cilantro CVE-2022-31530 (The csm-aut/csm repository through 3.5 on GitHub allows absolute path ...) NOT-FOR-US: csm-aut/csm CVE-2022-31529 (The cinemaproject/monorepo repository through 2021-03-03 on GitHub all ...) NOT-FOR-US: cinemaproject/monorepo CVE-2022-31528 (The bonn-activity-maps/bam_annotation_tool repository through 2021-08- ...) NOT-FOR-US: bonn-activity-maps/bam_annotation_tool CVE-2022-31527 (The Wildog/flask-file-server repository through 2020-02-20 on GitHub a ...) NOT-FOR-US: Wildog/flask-file-server CVE-2022-31526 (The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub all ...) NOT-FOR-US: ThundeRatz/ThunderDocs CVE-2022-31525 (The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute p ...) NOT-FOR-US: SummaLabs/DLS CVE-2022-31524 (The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub ...) NOT-FOR-US: PureStorage-OpenConnect/swagger CVE-2022-31523 (The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows abso ...) NOT-FOR-US: PaddlePaddle/Anakin CVE-2022-31522 (The NotVinay/karaokey repository through 2019-12-11 on GitHub allows a ...) NOT-FOR-US: NotVinay/karaokey CVE-2022-31521 (The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows abs ...) NOT-FOR-US: Niyaz-Mohamed/mosaic CVE-2022-31520 (The Luxas98/logstash-management-api repository through 2020-05-04 on G ...) NOT-FOR-US: Luxas98/logstash-management-api CVE-2022-31519 (The Lukasavicus/WindMill repository through 1.0 on GitHub allows absol ...) NOT-FOR-US: Lukasavicus/WindMill CVE-2022-31518 (The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository thr ...) NOT-FOR-US: JustAnotherSoftwareDeveloper/Python-Recipe-Database CVE-2022-31517 (The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows abs ...) NOT-FOR-US: HolgerGraef/MSM CVE-2022-31516 (The Harveyzyh/Python repository through 2022-05-04 on GitHub allows ab ...) NOT-FOR-US: Harveyzyh/Python CVE-2022-31515 (The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute ...) NOT-FOR-US: Delor4/CarceresBE CVE-2022-31514 (The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub ...) NOT-FOR-US: Caoyongqi912/Fan_Platform CVE-2022-31513 (The BolunHan/Krypton repository through 2021-06-03 on GitHub allows ab ...) NOT-FOR-US: BolunHan/Krypton CVE-2022-31512 (The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows ab ...) NOT-FOR-US: Atom02/flask-mvc CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on GitHub allows ...) NOT-FOR-US: AFDudley/equanimity CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub all ...) NOT-FOR-US: sergeKashkin/Simple-RAT CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows ...) NOT-FOR-US: iedadata/usap-dc-website CVE-2022-31508 (The idayrus/evoting repository before 2022-05-08 on GitHub allows abso ...) NOT-FOR-US: idayrus/evoting CVE-2022-31507 (The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolut ...) NOT-FOR-US: ganga-devs/ganga CVE-2022-31506 (The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows ...) NOT-FOR-US: cmusatyalab/opendiamond CVE-2022-31505 (The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub a ...) NOT-FOR-US: cheo0/MercadoEnLineaBack CVE-2022-31504 (The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 ...) NOT-FOR-US: ChangeWeDer/BaiduWenkuSpider_flaskWeb CVE-2022-31503 (The orchest/orchest repository before 2022.05.0 on GitHub allows absol ...) NOT-FOR-US: orchest/orchest CVE-2022-31502 (The operatorequals/wormnest repository through 0.4.7 on GitHub allows ...) NOT-FOR-US: operatorequals/wormnest CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allow ...) NOT-FOR-US: ChaoticOnyx/OnyxForum CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...) NOT-FOR-US: KNIME Analytics Platform CVE-2022-31499 (Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauth ...) NOT-FOR-US: Nortek Linear eMerge E3-Series devices CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialo ...) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31497 (LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigat ...) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31496 (LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_sit ...) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31495 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page ...) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31494 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 ...) NOT-FOR-US: LibreHealth EHR Base CVE-2022-31491 RESERVED CVE-2022-31490 RESERVED CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inouti ...) NOT-FOR-US: Inout Blockchain AltExchanger CVE-2022-31488 (Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_mark ...) NOT-FOR-US: Inout Blockchain AltExchanger CVE-2022-31487 (Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger ...) NOT-FOR-US: Inout Blockchain AltExchanger CVE-2022-31486 (An authenticated attacker can send a specially crafted route to the \u ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31485 (An unauthenticated attacker can send a specially crafted packets to up ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31484 (An unauthenticated attacker can send a specially crafted network packe ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31483 (An authenticated attacker can upload a file with a filename including ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31482 (An unauthenticated attacker can send a specially crafted unauthenticat ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31481 (An unauthenticated attacker can send a specially crafted update file t ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware files to ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...) NOT-FOR-US: HID Mercury Intelligent Controllers CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...) NOT-FOR-US: UserTakeOver plugin for ILIAS CVE-2022-1841 (In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parame ...) NOT-FOR-US: zephyr-rtos CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Home Clean Services Management System CVE-2022-1839 (A vulnerability classified as critical was found in Home Clean Service ...) NOT-FOR-US: Home Clean Services Management System CVE-2022-1838 (A vulnerability classified as critical has been found in Home Clean Se ...) NOT-FOR-US: Home Clean Services Management System CVE-2022-1837 (A vulnerability was found in Home Clean Services Management System 1.0 ...) NOT-FOR-US: Home Clean Services Management System CVE-2022-31470 (An XSS vulnerability in the index_mobile_changepass.hsp reset-password ...) NOT-FOR-US: Axigen Mobile WebMail CVE-2022-31469 (OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrate ...) NOT-FOR-US: OX App Suite CVE-2022-31468 (OX App Suite through 8.2 allows XSS via an attachment or OX Drive cont ...) NOT-FOR-US: OX App Suite CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal Total Se ...) NOT-FOR-US: Quick Heal Total Security CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total ...) NOT-FOR-US: Quick Heal Total Security CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer VX.2.10 (All ...) NOT-FOR-US: Siemens CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...) NOT-FOR-US: Adaware CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...) NOT-FOR-US: Owl Labs Meeting Owl CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...) NOT-FOR-US: Owl Labs Meeting Owl CVE-2022-31461 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passc ...) NOT-FOR-US: Owl Labs Meeting Owl CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering M ...) NOT-FOR-US: Owl Labs Meeting Owl CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcod ...) NOT-FOR-US: Owl Labs Meeting Owl CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning ...) NOT-FOR-US: RTX TRAP CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal via a ...) NOT-FOR-US: RTX TRAP CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...) NOT-FOR-US: Truedesk CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows ...) NOT-FOR-US: Truedesk CVE-2022-31454 (Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) v ...) - yii (bug #597899) CVE-2022-31453 RESERVED CVE-2022-31452 RESERVED CVE-2022-31451 RESERVED CVE-2022-31450 RESERVED CVE-2022-31449 RESERVED CVE-2022-31448 RESERVED CVE-2022-31447 (An XML external entity (XXE) injection vulnerability in Magicpin v3.4 ...) NOT-FOR-US: Magicpin CVE-2022-31446 (Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to cont ...) NOT-FOR-US: Tenda CVE-2022-31445 RESERVED CVE-2022-31444 RESERVED CVE-2022-31443 RESERVED CVE-2022-31442 RESERVED CVE-2022-31441 RESERVED CVE-2022-31440 RESERVED CVE-2022-31439 RESERVED CVE-2022-31438 RESERVED CVE-2022-31437 RESERVED CVE-2022-31436 RESERVED CVE-2022-31435 RESERVED CVE-2022-31434 RESERVED CVE-2022-31433 RESERVED CVE-2022-31432 RESERVED CVE-2022-31431 RESERVED CVE-2022-31430 RESERVED CVE-2022-31429 RESERVED CVE-2022-31428 RESERVED CVE-2022-31427 RESERVED CVE-2022-31426 RESERVED CVE-2022-31425 RESERVED CVE-2022-31424 RESERVED CVE-2022-31423 RESERVED CVE-2022-31422 RESERVED CVE-2022-31421 RESERVED CVE-2022-31420 RESERVED CVE-2022-31419 RESERVED CVE-2022-31418 RESERVED CVE-2022-31417 RESERVED CVE-2022-31416 RESERVED CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...) NOT-FOR-US: Online Fire Reporting System CVE-2022-31414 (D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2022-31413 RESERVED CVE-2022-31412 RESERVED CVE-2022-31411 RESERVED CVE-2022-31410 RESERVED CVE-2022-31409 RESERVED CVE-2022-31408 RESERVED CVE-2022-31407 RESERVED CVE-2022-31406 RESERVED CVE-2022-31405 (MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext ...) NOT-FOR-US: MV iDigital Clinic Enterprise CVE-2022-31404 RESERVED CVE-2022-31403 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: ITOP CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: ITOP CVE-2022-31401 RESERVED CVE-2022-31400 (A cross-site scripting (XSS) vulnerability in /staff/setup/email-addre ...) NOT-FOR-US: Helpdeskz CVE-2022-31399 RESERVED CVE-2022-31398 (A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fiel ...) NOT-FOR-US: Helpdeskz CVE-2022-31397 RESERVED CVE-2022-31396 RESERVED CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware ...) NOT-FOR-US: Algo Communication Products CVE-2022-31394 (Hyperium Hyper before 0.14.19 does not allow for customization of the ...) - rust-hyper 0.14.19-1 CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...) NOT-FOR-US: Jizhicms CVE-2022-31392 RESERVED CVE-2022-31391 RESERVED CVE-2022-31390 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...) NOT-FOR-US: Jizhicms CVE-2022-31389 RESERVED CVE-2022-31388 RESERVED CVE-2022-31387 RESERVED CVE-2022-31386 (A Server-Side Request Forgery (SSRF) in the getFileBinary function of ...) NOT-FOR-US: nbnbk cms CVE-2022-31385 RESERVED CVE-2022-31384 (Directory Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Directory Management System CVE-2022-31383 (Directory Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Directory Management System CVE-2022-31382 (Directory Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Directory Management System CVE-2022-31381 RESERVED CVE-2022-31380 RESERVED CVE-2022-31379 RESERVED CVE-2022-31378 RESERVED CVE-2022-31377 RESERVED CVE-2022-31376 RESERVED CVE-2022-31375 RESERVED CVE-2022-31374 (An arbitrary file upload vulnerability /images/background/1.php in of ...) NOT-FOR-US: SolarView Compact CVE-2022-31373 (SolarView Compact v6.0 was discovered to contain a cross-site scriptin ...) NOT-FOR-US: SolarView Compact CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...) NOT-FOR-US: Wiris Mathtype CVE-2022-31371 RESERVED CVE-2022-31370 RESERVED CVE-2022-31369 RESERVED CVE-2022-31368 RESERVED CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attribute ...) NOT-FOR-US: Strapi CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs function i ...) NOT-FOR-US: EVE-NG CVE-2022-31365 RESERVED CVE-2022-31364 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...) NOT-FOR-US: Cypress CVE-2022-31363 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...) NOT-FOR-US: Cypress CVE-2022-31362 (Docebo Community Edition v4.0.5 and below was discovered to contain an ...) NOT-FOR-US: Docebo CVE-2022-31361 (Docebo Community Edition v4.0.5 and below was discovered to contain a ...) NOT-FOR-US: Docebo CVE-2022-31360 RESERVED CVE-2022-31359 RESERVED CVE-2022-31358 (A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtua ...) NOT-FOR-US: Proxmox Virtual Environment CVE-2022-31357 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-31356 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-31355 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-31354 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31353 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31352 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31351 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31350 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31349 RESERVED CVE-2022-31348 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31347 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31346 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31345 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31344 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31343 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31342 (Online Car Wash Booking System v1.0 is vulnerable to Delete any file v ...) NOT-FOR-US: Online Car Wash Booking System CVE-2022-31341 RESERVED CVE-2022-31340 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) NOT-FOR-US: Simple Inventory System CVE-2022-31339 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) NOT-FOR-US: Simple Inventory System CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) NOT-FOR-US: Online Ordering System CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) NOT-FOR-US: Online Ordering System CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) NOT-FOR-US: Online Ordering System CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) NOT-FOR-US: Online Ordering System CVE-2022-31334 RESERVED CVE-2022-31333 RESERVED CVE-2022-31332 RESERVED CVE-2022-31331 RESERVED CVE-2022-31330 RESERVED CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection ...) NOT-FOR-US: Online Ordering System CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering ...) NOT-FOR-US: Online Ordering System CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection ...) NOT-FOR-US: Online Ordering System CVE-2022-31326 RESERVED CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'Per ...) NOT-FOR-US: ChurchCRM CVE-2022-31324 (An arbitrary file download vulnerability in the downloadAction() funct ...) NOT-FOR-US: Penta Security Systems Inc WAPPLES CVE-2022-31323 RESERVED CVE-2022-31322 (Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attacke ...) NOT-FOR-US: Penta Security Systems Inc WAPPLES CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have incorrec ...) NOT-FOR-US: Bolt CMS CVE-2022-31320 RESERVED CVE-2022-31319 RESERVED CVE-2022-31318 RESERVED CVE-2022-31317 RESERVED CVE-2022-31316 RESERVED CVE-2022-31315 RESERVED CVE-2022-31314 RESERVED CVE-2022-31313 (api-res-py package in PyPI 0.1 is vulnerable to a code execution backd ...) NOT-FOR-US: api-res-py CVE-2022-31312 RESERVED CVE-2022-31311 (An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allow ...) NOT-FOR-US: WAVLINK CVE-2022-31310 RESERVED CVE-2022-31309 (A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5 ...) NOT-FOR-US: WAVLINK CVE-2022-31308 (A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V503 ...) NOT-FOR-US: WAVLINK CVE-2022-31307 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-31306 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-31305 RESERVED CVE-2022-31304 RESERVED CVE-2022-31303 (maccms10 was discovered to contain a stored cross-site scripting (XSS) ...) NOT-FOR-US: maccms10 CVE-2022-31302 (maccms8 was discovered to contain a stored cross-site scripting (XSS) ...) NOT-FOR-US: maccms8 CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...) NOT-FOR-US: Haraj CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...) NOT-FOR-US: Haraj CVE-2022-31299 (Haraj v3.7 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: Haraj CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section of Har ...) NOT-FOR-US: Haraj CVE-2022-31297 RESERVED CVE-2022-31296 (Online Discussion Forum Site 1 was discovered to contain a blind SQL i ...) NOT-FOR-US: Online Discussion Forum Site CVE-2022-31295 (An issue in the delete_post() function of Online Discussion Forum Site ...) NOT-FOR-US: Online Discussion Forum Site CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site ...) NOT-FOR-US: Online Discussion Forum Site CVE-2022-31293 RESERVED CVE-2022-31292 RESERVED CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows atta ...) {DLA-3231-1} - dlt-daemon 2.18.6-2.1 (bug #1014534) [bullseye] - dlt-daemon 2.18.6-1+deb11u1 NOTE: https://github.com/COVESA/dlt-daemon/pull/376 NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2 CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 ...) NOT-FOR-US: Known CVE-2022-31289 REJECTED CVE-2022-31288 RESERVED CVE-2022-31287 (An issue was discovered in Bento4 v1.2. There is an allocation size re ...) NOT-FOR-US: Bento4 CVE-2022-31286 RESERVED CVE-2022-31285 (An issue was discovered in Bento4 1.2. The allocator is out of memory ...) NOT-FOR-US: Bento4 CVE-2022-31284 RESERVED CVE-2022-31283 RESERVED CVE-2022-31282 (Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation ...) NOT-FOR-US: Bento4 CVE-2022-31281 RESERVED CVE-2022-31280 RESERVED CVE-2022-31279 REJECTED CVE-2022-31278 RESERVED CVE-2022-31277 (Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay at ...) NOT-FOR-US: Xiaomi Lamp CVE-2022-31276 RESERVED CVE-2022-31275 RESERVED CVE-2022-31274 RESERVED CVE-2022-31273 (An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smp ...) NOT-FOR-US: TopIDP3000 Topsec Operating System CVE-2022-31272 RESERVED CVE-2022-31271 RESERVED CVE-2022-31270 RESERVED CVE-2022-30540 (The affected product is vulnerable to a heap-based buffer overflow via ...) NOT-FOR-US: Horner Automation CVE-2022-29488 (The affected product is vulnerable to an out-of-bounds read via uninit ...) NOT-FOR-US: Horner Automation CVE-2022-28690 (The affected product is vulnerable to an out-of-bounds write via unini ...) NOT-FOR-US: Horner Automation CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, which ma ...) NOT-FOR-US: Horner Automation CVE-2022-1836 REJECTED CVE-2022-1835 REJECTED CVE-2022-1834 (When displaying the sender of an email, and the sender name contained ...) {DSA-5158-1 DLA-3041-1} - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 CVE-2022-1833 (A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using O ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1831 (The WPlite WordPress plugin through 1.3.1 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-1830 (The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not ha ...) NOT-FOR-US: WordPress plugin CVE-2022-1829 (The Inline Google Maps WordPress plugin through 5.11 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2022-1828 (The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-1827 (The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-1826 (The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository collective ...) NOT-FOR-US: collectiveaccess/providence CVE-2022-1824 (An uncontrolled search path vulnerability in McAfee Consumer Product R ...) NOT-FOR-US: McAfee CVE-2022-1823 (Improper privilege management vulnerability in McAfee Consumer Product ...) NOT-FOR-US: McAfee CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to Refle ...) NOT-FOR-US: Zephyr Project Manager plugin for WordPress CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.9.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Reflected ...) NOT-FOR-US: Keep Backup Daily plugin for WordPress CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...) NOT-FOR-US: Student Information System CVE-2022-1818 (The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1817 (A vulnerability, which was classified as problematic, was found in Bad ...) NOT-FOR-US: Badminton Center Management System CVE-2022-1816 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Zoo Management System CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: jgraph/drawio CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-30549 (Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earl ...) NOT-FOR-US: Fuji CVE-2022-29524 (Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and ear ...) NOT-FOR-US: Fuji CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module contain ...) NOT-FOR-US: Fuji CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to ...) NOT-FOR-US: yogeshojha/rengine CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository publify/publify pr ...) NOT-FOR-US: Publify CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) NOT-FOR-US: Publify CVE-2022-1810 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Publify CVE-2022-31269 (Nortek Linear eMerge E3-Series devices through 0.32-09c place admin cr ...) NOT-FOR-US: Nortek Linear eMerge E3-Series devices CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading we ...) NOT-FOR-US: Gitblit CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Service: ...) NOT-FOR-US: Gitblit CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an email add ...) - ilias (bug #195688) CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...) NOT-FOR-US: client in Wargaming World of Warships CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...) NOT-FOR-US: Solana rBPF CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...) - mastodon (bug #859741) CVE-2022-31262 (An exploitable local privilege escalation vulnerability exists in GOG ...) NOT-FOR-US: GOG Galaxy CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...) NOT-FOR-US: Morpheus CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17 NOTE: https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d CVE-2022-31260 (In Montala ResourceSpace through 9.8 before r19636, csv_export_results ...) NOT-FOR-US: Montala ResourceSpace CVE-2022-31259 (The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 a ...) NOT-FOR-US: Beego CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...) - check-mk CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polonel/tru ...) NOT-FOR-US: Trudesk CVE-2022-31257 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following') vulne ...) - sendmail (Vulnerability in SUSE-specific script used in sentmail-client.service service unit) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1204696 CVE-2022-31255 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) NOT-FOR-US: Uyuni CVE-2022-31254 (A Incorrect Default Permissions vulnerability in rmt-server-regsharing ...) NOT-FOR-US: SAP CVE-2022-31253 (A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...) - openldap (SuSE-specific packaging issue) CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...) NOT-FOR-US: OpenSUSE CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging of the ...) - slurm-wlm (SUSE specific packaging issue) CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...) NOT-FOR-US: keylime CVE-2022-31249 (A Improper Neutralization of Special Elements used in an OS Command (' ...) NOT-FOR-US: Rancher CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...) NOT-FOR-US: Uyuni CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...) NOT-FOR-US: Rancher CVE-2022-1807 (Multiple SQLi vulnerabilities in Webadmin allow for privilege escalati ...) NOT-FOR-US: Sophos CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...) NOT-FOR-US: RTX CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the ...) NOT-FOR-US: Electrum CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...) NOT-FOR-US: mailcow CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows f ...) NOT-FOR-US: Nokia CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...) NOT-FOR-US: Insyde CVE-2022-31242 REJECTED CVE-2022-31241 RESERVED CVE-2022-31240 RESERVED CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by AWS conn ...) NOT-FOR-US: Tera2 CVE-2022-1804 RESERVED CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: Trudesk CVE-2022-1802 (If an attacker was able to corrupt the methods of an Array object in J ...) {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1802 NOTE: https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 CVE-2020-36522 RESERVED CVE-2022-31239 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) NOT-FOR-US: Dell CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) NOT-FOR-US: Dell CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...) NOT-FOR-US: Dell CVE-2022-31236 RESERVED CVE-2022-31235 RESERVED CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive A ...) NOT-FOR-US: Dell CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privilege es ...) NOT-FOR-US: Dell CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...) NOT-FOR-US: SmartFabric storage software CVE-2022-31231 RESERVED CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...) NOT-FOR-US: Dell CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...) NOT-FOR-US: Dell CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vu ...) NOT-FOR-US: Dell CVE-2022-31227 REJECTED CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...) NOT-FOR-US: Dell CVE-2022-31225 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-31224 (Dell BIOS versions contain an Improper Protection Against Voltage and ...) NOT-FOR-US: Dell CVE-2022-31223 (Dell BIOS versions contain an Improper Neutralization of Null Byte vul ...) NOT-FOR-US: Dell CVE-2022-31222 (Dell BIOS versions contain a Missing Release of Resource after Effecti ...) NOT-FOR-US: Dell CVE-2022-31221 (Dell BIOS versions contain an Information Exposure vulnerability. A lo ...) NOT-FOR-US: Dell CVE-2022-31220 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-31219 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) NOT-FOR-US: Drive Composer CVE-2022-31218 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) NOT-FOR-US: Drive Composer CVE-2022-31217 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) NOT-FOR-US: Drive Composer CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) NOT-FOR-US: Drive Composer CVE-2022-1801 (The Very Simple Contact Form WordPress plugin before 11.6 exposes the ...) NOT-FOR-US: WordPress plugin CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-1799 (Incorrect signature trust exists within Google Play services SDK play- ...) NOT-FOR-US: Google Play CVE-2022-1798 (A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0. ...) NOT-FOR-US: KubeVirt CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...) NOT-FOR-US: Goverlan CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...) {DSA-5167-1 DLA-3061-1} - firejail 0.9.68-4 (bug #1012510) NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10 NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 (0.9.70) NOTE: https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86 (0.9.70) NOTE: https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 (0.9.70) NOTE: https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 (0.9.70) NOTE: https://github.com/netblue30/firejail/files/8913178/CVE-2022-31214.zip (0.9.58.2 - 0.9.68 backports) CVE-2022-31213 (An issue was discovered in dbus-broker before 31. Multiple NULL pointe ...) - dbus-broker 30-1 [bullseye] - dbus-broker 26-1+deb11u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094722 NOTE: "CHANGES WITH 30:" mention: Fix NULL-derefs in the XML configuration parser. Empty XML tags could NOTE: have caused NULL-derefs before. CVE-2022-31212 (An issue was discovered in dbus-broker before 31. It depends on c-uitl ...) - dbus-broker 30-1 (bug #1013343) [bullseye] - dbus-broker 26-1+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718 NOTE: Fixed by: https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 (v1.0.0) CVE-2022-31211 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank ...) NOT-FOR-US: Infiray CVE-2022-31210 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file ...) NOT-FOR-US: Infiray CVE-2022-31209 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware con ...) NOT-FOR-US: Infiray CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver co ...) NOT-FOR-US: Infiray CVE-2022-31207 (The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP ...) NOT-FOR-US: Omron CVE-2022-31206 (The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX seri ...) NOT-FOR-US: Omron CVE-2022-31205 (In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, ...) NOT-FOR-US: Omron CVE-2022-31204 (Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use ...) NOT-FOR-US: Omron CVE-2022-31203 RESERVED CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows directo ...) NOT-FOR-US: SoftGuard Web CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.) NOT-FOR-US: SoftGuard Web CVE-2022-31200 (Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELangu ...) NOT-FOR-US: Atmail CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix Auditor Use ...) NOT-FOR-US: Netwrix Auditor CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...) NOT-FOR-US: Rockwell Automation CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to conn ...) {DLA-3140-1} - libpgjava 42.4.1-1 (bug #1016662) [bullseye] - libpgjava (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1) CVE-2022-31196 (Databasir is a database metadata management platform. Databasir <= 1.0 ...) NOT-FOR-US: Databasir CVE-2022-31195 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31194 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31193 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31192 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31191 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31190 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31189 (DSpace open source software is a repository application which provides ...) NOT-FOR-US: DSpace CVE-2022-31188 (CVAT is an opensource interactive video and image annotation tool for ...) NOT-FOR-US: cvat-ai/cvat CVE-2022-31187 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31186 (NextAuth.js is a complete open source authentication solution for Next ...) NOT-FOR-US: NextAuth.js CVE-2022-31185 (mprweb is a hosting platform for the makedeb Package Repository. Email ...) NOT-FOR-US: makedeb/mprweb CVE-2022-31184 (Discourse is the an open source discussion platform. In affected versi ...) NOT-FOR-US: Discourse CVE-2022-31183 (fs2 is a compositional, streaming I/O library for Scala. When establis ...) NOT-FOR-US: typelevel/fs2 CVE-2022-31182 (Discourse is the an open source discussion platform. In affected versi ...) NOT-FOR-US: Discourse CVE-2022-31181 (PrestaShop is an Open Source e-commerce platform. In versions from 1.6 ...) NOT-FOR-US: PrestaShop CVE-2022-31180 (Shescape is a simple shell escape package for JavaScript. Affected ver ...) NOT-FOR-US: Node shescape CVE-2022-31179 (Shescape is a simple shell escape package for JavaScript. Versions pri ...) NOT-FOR-US: Node shescape CVE-2022-31178 (eLabFTW is an electronic lab notebook manager for research teams. A vu ...) NOT-FOR-US: eLabFTW CVE-2022-31177 (Flask-AppBuilder is an application development framework built on top ...) - flask-appbuilder (Fixed with initial upload to Debian) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that handles render ...) NOT-FOR-US: Grafana Image Renderer CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vu ...) NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 packages CVE-2022-31174 RESERVED CVE-2022-31173 (Juniper is a GraphQL server library for Rust. Affected versions of Jun ...) NOT-FOR-US: graphql-rust/juniper CVE-2022-31172 (OpenZeppelin Contracts is a library for smart contract development. Ve ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2022-31171 REJECTED CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract development. Ve ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...) NOT-FOR-US: wasmtime CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...) NOT-FOR-US: Zulip CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs for XWik ...) NOT-FOR-US: XWiki CVE-2022-31166 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) NOT-FOR-US: XWiki CVE-2022-31165 RESERVED CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...) NOT-FOR-US: Tovy CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...) {DLA-3077-1} - ruby-tzinfo 2.0.4-2 NOTE: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx NOTE: https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf (v0.3.61) NOTE: https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7 (v1.2.10) CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...) NOT-FOR-US: Slack Morphism CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...) NOT-FOR-US: Roxy-WI CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...) {DLA-3230-1} - jqueryui 1.13.2+dfsg-1 (bug #1015982) [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u2 NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 NOTE: https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 (1.13.2) CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...) NOT-FOR-US: AWS SDK for Java CVE-2022-31158 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...) NOT-FOR-US: LTI CVE-2022-31157 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...) NOT-FOR-US: LTI CVE-2022-31156 (Gradle is a build tool. Dependency verification is a security feature ...) - gradle (Vulnerable node not yet uploaded; introduced in 6.2) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j CVE-2022-31155 (Sourcegraph is an opensource code search and navigation engine. In Sou ...) NOT-FOR-US: Sourcegraph CVE-2022-31154 (Sourcegraph is an opensource code search and navigation engine. It is ...) NOT-FOR-US: Sourcegraph CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract development ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2022-31152 (Synapse is an open-source Matrix homeserver written and maintained by ...) - matrix-synapse 1.63.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765 NOTE: https://github.com/matrix-org/synapse/pull/13087 NOTE: https://github.com/matrix-org/synapse/pull/13088 CVE-2022-31151 (Authorization headers are cleared on cross-origin redirect. However, c ...) - node-undici 5.8.0+dfsg1+~cs18.9.16-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp NOTE: https://github.com/nodejs/undici/issues/872 NOTE: https://hackerone.com/reports/1635514 CVE-2022-31150 (undici is an HTTP/1.1 client, written from scratch for Node.js. It is ...) - node-undici 5.8.0+dfsg1+~cs18.9.16-1 NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc NOTE: https://hackerone.com/reports/409943 NOTE: https://github.com/nodejs/undici/releases/tag/v5.8.0 CVE-2022-31149 (ActivityWatch open-source automated time tracker. Versions prior to 0. ...) - activitywatch (bug #990173) CVE-2022-31148 (Shopware is an open source e-commerce software. In versions from 5.7.0 ...) NOT-FOR-US: Shopware CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...) NOT-FOR-US: jquery-validation CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...) NOT-FOR-US: wasmtime CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) NOT-FOR-US: FlyteAdmin CVE-2022-31144 (Redis is an in-memory database that persists on disk. A specially craf ...) - redis 5:7.0.4-1 [bullseye] - redis (Only affects 7.x) [buster] - redis (Only affects 7.x) NOTE: https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh NOTE: https://github.com/redis/redis/commit/15ae4e29e537e7ec37f0df1825d9fb2beea67124 CVE-2022-31143 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Authorizati ...) NOT-FOR-US: @fastify/bearer-auth CVE-2022-31141 RESERVED CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...) NOT-FOR-US: Valinor (different from src:valinor) CVE-2022-31139 (UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & s ...) NOT-FOR-US: UnsafeAccessor CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...) NOT-FOR-US: mailcow CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing program. Versi ...) NOT-FOR-US: Bookwyrm CVE-2022-31135 (Akashi is an open source server implementation of the Attorney Online ...) NOT-FOR-US: Akashi CVE-2022-31134 (Zulip is an open-source team collaboration tool. Zulip Server versions ...) NOT-FOR-US: Zulip CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected versions ...) NOT-FOR-US: HumHub CVE-2022-31132 (Nextcloud Mail is an email application for the nextcloud personal clou ...) NOT-FOR-US: Nextcloud Mail CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...) NOT-FOR-US: Nextcloud Mail app CVE-2022-31130 (Grafana is an open source observability and data visualization platfor ...) - grafana CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...) {DLA-3295-1} - node-moment 2.29.4+ds-1 (bug #1014845) [bullseye] - node-moment 2.29.1+ds-2+deb11u2 NOTE: https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 (2.29.4) NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973 NOTE: https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g CVE-2022-31128 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-31127 (NextAuth.js is a complete open source authentication solution for Next ...) NOT-FOR-US: NextAuth.js CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...) NOT-FOR-US: Roxy-wi CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...) NOT-FOR-US: Roxy-wi CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...) NOT-FOR-US: openssh_key_parser CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...) - grafana CVE-2022-31122 (Wire is an encrypted communication and collaboration platform. Version ...) NOT-FOR-US: wire-webapp CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...) NOT-FOR-US: Hyperledger Fabric CVE-2022-31120 (Nextcloud server is an open source personal cloud solution. The audit ...) - nextcloud-server (bug #941708) CVE-2022-31119 (Nextcloud Mail is an email application for the nextcloud personal clou ...) NOT-FOR-US: Nextcloud Mail CVE-2022-31118 (Nextcloud server is an open source personal cloud solution. In affecte ...) - nextcloud-server (bug #941708) CVE-2022-31117 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...) - ujson 5.4.0-1 [bullseye] - ujson (Minor issue) [buster] - ujson (Minor issue) NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff NOTE: https://github.com/ultrajson/ultrajson/commit/9c20de0f77b391093967e25d01fb48671104b15b (5.4.0) CVE-2022-31116 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...) - ujson 5.4.0-1 [bullseye] - ujson (Minor issue) [buster] - ujson (Minor issue) NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r NOTE: https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 (5.4.0) CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...) NOT-FOR-US: opensearch-ruby CVE-2022-31114 RESERVED CVE-2022-31113 (Canarytokens is an open source tool which helps track activity and act ...) NOT-FOR-US: thinkst/canarytokens CVE-2022-31112 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-31111 (Frontier is Substrate's Ethereum compatibility layer. In affected vers ...) NOT-FOR-US: Frontier CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In commits pr ...) NOT-FOR-US: RSSHub CVE-2022-31109 (laminas-diactoros is a PHP package containing implementations of the P ...) NOT-FOR-US: laminas-diactoros CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses ...) - node-mermaid (bug #1014540) [bullseye] - node-mermaid (Minor issue) NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-x3vm-38hw-55wf NOTE: https://github.com/mermaid-js/mermaid/commit/0ae1bdb61adff1cd485caff8c62ec6b8ac57b225 CVE-2022-31107 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operate on n ...) NOT-FOR-US: Underscore.deep CVE-2022-31105 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected versions ...) NOT-FOR-US: wasmtime CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ...) NOT-FOR-US: Node lettersanitizer CVE-2022-31102 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31101 (prestashop/blockwishlist is a prestashop extension which adds a block ...) NOT-FOR-US: prestashop extension CVE-2022-31100 (rulex is a new, portable, regular expression language. When parsing un ...) NOT-FOR-US: rulex-rs/pomsky CVE-2022-31099 (rulex is a new, portable, regular expression language. When parsing un ...) NOT-FOR-US: rulex-rs/pomsky CVE-2022-31098 (Weave GitOps is a simple open source developer platform for people who ...) NOT-FOR-US: Weave GitOps CVE-2022-31097 (Grafana is an open-source platform for monitoring and observability. V ...) - grafana CVE-2022-31096 (Discourse is an open source discussion platform. Under certain conditi ...) NOT-FOR-US: Discourse CVE-2022-31095 (discourse-chat is a chat plugin for the Discourse application. Version ...) NOT-FOR-US: discourse-chat CVE-2022-31094 (ScratchTools is a web extension designed to make interacting with the ...) NOT-FOR-US: ScratchTools CVE-2022-31093 (NextAuth.js is a complete open source authentication solution for Next ...) NOT-FOR-US: NextAuth.js CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platform. Pimco ...) NOT-FOR-US: Pimcore CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...) {DSA-5246-1} - guzzle 7.4.5-1 (bug #1014492) - mediawiki 1:1.35.7-1 [buster] - mediawiki (Embedded Guzzle copy not present) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699 NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...) {DSA-5246-1} - guzzle 7.4.5-1 (bug #1014492) - mediawiki 1:1.35.7-1 [buster] - mediawiki (Embedded Guzzle copy not present) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-31088 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) {DSA-5177-1} - ldap-account-manager 8.0.1-1 NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4 NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) CVE-2022-31087 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) {DSA-5177-1} - ldap-account-manager 8.0.1-1 NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) CVE-2022-31086 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) {DSA-5177-1} - ldap-account-manager 8.0.1-1 NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q9pc-x84w-982x NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) CVE-2022-31085 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) {DSA-5177-1} - ldap-account-manager 8.0.1-1 NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) CVE-2022-31084 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) {DSA-5177-1} - ldap-account-manager 8.0.1-1 NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) CVE-2022-31083 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...) {DLA-3127-1} - libhttp-daemon-perl 6.14-1.1 (bug #1014808) [bullseye] - libhttp-daemon-perl 6.12-1+deb11u1 NOTE: https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf NOTE: Refactoring/renaming prerequisite: https://github.com/libwww-perl/HTTP-Daemon/commit/331d5c1d1f0e48e6b57ef738c2a8509b1eb53376 NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2 NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0 NOTE: Testcase: https://github.com/libwww-perl/HTTP-Daemon/commit/faebad54455c2c2919e234202362570925fb99d1 CVE-2022-31080 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31079 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31078 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31077 (KubeEdge is built upon Kubernetes and extends native containerized app ...) NOT-FOR-US: KubeEdge CVE-2022-31076 (KubeEdge is built upon Kubernetes and extends native containerized app ...) NOT-FOR-US: KubeEdge CVE-2022-31075 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31074 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31073 (KubeEdge is an open source system for extending native containerized a ...) NOT-FOR-US: KubeEdge CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24 ...) - ruby-octokit (No vulnerable version was uploaded to the archive) NOTE: https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6 CVE-2022-31071 (Octopoller is a micro gem for polling and retrying. Version 0.2.0 of t ...) NOT-FOR-US: Octopoller CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...) NOT-FOR-US: NestJS Proxy CVE-2022-31069 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...) NOT-FOR-US: NestJS Proxy CVE-2022-31068 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31067 RESERVED CVE-2022-31066 (EdgeX Foundry is an open source project for building a common open fra ...) NOT-FOR-US: EdgeX Foundry CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affected v ...) NOT-FOR-US: BigBlueButton CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...) NOT-FOR-US: BigBlueButton CVE-2022-31063 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...) NOT-FOR-US: GLPI plugin CVE-2022-31061 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31060 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-source ...) NOT-FOR-US: Discourse Calendar is a calendar plugin for Discourse CVE-2022-31058 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...) NOT-FOR-US: Shopware CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...) NOT-FOR-US: KCTF CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...) NOT-FOR-US: Argo CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...) NOT-FOR-US: Biscuit CVE-2022-31052 (Synapse is an open source home server implementation for the Matrix ch ...) - matrix-synapse 1.61.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 NOTE: https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333 CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...) NOT-FOR-US: Node semantic-release CVE-2022-31050 (TYPO3 is an open source web content management system. Prior to versio ...) NOT-FOR-US: Typo3 CVE-2022-31049 (TYPO3 is an open source web content management system. Prior to versio ...) NOT-FOR-US: Typo3 CVE-2022-31048 (TYPO3 is an open source web content management system. Prior to versio ...) NOT-FOR-US: Typo3 CVE-2022-31047 (TYPO3 is an open source web content management system. Prior to versio ...) NOT-FOR-US: Typo3 CVE-2022-31046 (TYPO3 is an open source web content management system. Prior to versio ...) NOT-FOR-US: Typo3 CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-31044 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...) {DSA-5246-1} - guzzle 7.4.4-1 (bug #1012821) - mediawiki 1:1.35.7-1 [buster] - mediawiki (Embedded Guzzle copy not present) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...) {DSA-5246-1} - guzzle 7.4.4-1 (bug #1012821) - mediawiki 1:1.35.7-1 [buster] - mediawiki (Embedded Guzzle copy not present) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9 NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) CVE-2022-31041 (Open Forms is an application for creating and publishing smart forms. ...) NOT-FOR-US: Open Forms CVE-2022-31040 (Open Forms is an application for creating and publishing smart forms. ...) NOT-FOR-US: Open Forms CVE-2022-31039 (Greenlight is a simple front-end interface for your BigBlueButton serv ...) NOT-FOR-US: Greenlight (front-end interface for your BigBlueButton) CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...) NOT-FOR-US: Go Git Service CVE-2022-31037 (OroCommerce is an open-source Business to Business Commerce applicatio ...) NOT-FOR-US: OroCommerce CVE-2022-31036 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...) - ruby-mechanize 2.8.5-1 (bug #1014809) [bullseye] - ruby-mechanize (Minor issue) [buster] - ruby-mechanize (Minor issue) NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 NOTE: Prerequisite to clear credential headers when redirecting to cross site NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0) NOTE: Fixed by: https://github.com/sparklemotion/mechanize/commit/907c778001625cb9daa686d5019c939cb416e45b (v2.8.5) CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004) - pjproject - ring 20230206.0~ds1-1 (bug #1017005) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj NOTE: https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202 CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...) {DSA-5162-1} - containerd 1.6.6~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf CVE-2022-31029 (AdminLTE is a Pi-hole Dashboard for stats and configuration. In affect ...) NOT-FOR-US: AdminLTE CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...) - minio (bug #859207) CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...) NOT-FOR-US: OAuthenticator CVE-2022-31026 (Trilogy is a client library for MySQL. When authenticating, a maliciou ...) NOT-FOR-US: Trilogy CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...) NOT-FOR-US: Discourse CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...) NOT-FOR-US: richdocuments CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...) NOT-FOR-US: Play Framework CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...) - golang-github-blevesearch-bleve (unimportant) NOTE: https://github.com/blevesearch/bleve/security/advisories/GHSA-9w9f-6mg8-jp7w NOTE: Fix only documents a shortcoming CVE-2022-31021 (Ursa is a cryptographic library for use with blockchains. A weakness i ...) NOT-FOR-US: Ursa CVE-2022-31020 (Indy Node is the server portion of a distributed ledger purpose-built ...) NOT-FOR-US: Indy Node CVE-2022-31019 (Vapor is a server-side Swift HTTP web framework. When using automatic ...) NOT-FOR-US: Vapor CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...) NOT-FOR-US: Play Framework CVE-2022-31017 (Zulip is an open-source team collaboration tool. Versions 2.1.0 throug ...) - zulip-server (bug #800052) CVE-2022-31016 (Argo CD is a declarative continuous deployment for Kubernetes. Argo CD ...) NOT-FOR-US: Argo CD CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) - waitress 2.1.2-1 (bug #1012315) [bullseye] - waitress (Only affects 2.1.x) [buster] - waitress (Only affects 2.1.x) [stretch] - waitress (Vulnerable code not present) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw NOTE: https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48 (v2.1.2) NOTE: https://github.com/Pylons/waitress/issues/374 NOTE: https://github.com/Pylons/waitress/pull/377 CVE-2022-31014 (Nextcloud server is an open source personal cloud server. Affected ver ...) - nextcloud-server (bug #941708) CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...) NOT-FOR-US: chat server for Vartalap CVE-2022-31012 (Git for Windows is a fork of Git that contains Windows-specific patche ...) NOT-FOR-US: Git for Windows CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...) NOT-FOR-US: TiDB CVE-2022-31010 RESERVED CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging application. I ...) NOT-FOR-US: wire-ios CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...) - rabbitmq-server 3.10.8-1 [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Vulnerable code introduced later) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841 NOTE: obfuscation introduced in (built-in) Shovel plugin in: https://github.com/rabbitmq/rabbitmq-server/commit/6dbdc991c3111aa4ffa12a150b1402cf5c5e798e (v3.10.0-beta.2) NOTE: obfuscation introduced in (built-in) Federation plugin in: https://github.com/rabbitmq/rabbitmq-server/commit/c1b5812cee6ac038737d62ca0b32cfd2db537653 (v3.8.10-rc.1) NOTE: set_credentials_obfuscation_secret introduced in: https://github.com/rabbitmq/rabbitmq-server/commit/5ea51050452ea45874e89166090cb825c1277656 (v3.8.10) CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...) NOT-FOR-US: eLabFTW CVE-2022-31006 (indy-node is the server portion of Hyperledger Indy, a distributed led ...) NOT-FOR-US: Indy Node CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior to vers ...) NOT-FOR-US: Vapor CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...) NOT-FOR-US: CVEProject/cve-services CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) {DSA-5410-1 DLA-3091-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) {DSA-5410-1 DLA-3091-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) {DSA-5410-1 DLA-3091-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) [stretch] - sofia-sip (Minor issue) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...) NOT-FOR-US: Solidus e-commerce framework CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...) NOT-FOR-US: FriendsofFlarum CVE-2022-30996 REJECTED CVE-2022-30995 (Sensitive information disclosure due to improper authentication. The f ...) NOT-FOR-US: Acronis CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...) NOT-FOR-US: Acronis CVE-2022-30993 (Cleartext transmission of sensitive information. The following product ...) NOT-FOR-US: Acronis CVE-2022-30992 (Open redirect via user-controlled query parameter. The following produ ...) NOT-FOR-US: Acronis CVE-2022-30991 (HTML injection via report name. The following products are affected: A ...) NOT-FOR-US: Acronis CVE-2022-30990 (Sensitive information disclosure due to insecure folder permissions. T ...) NOT-FOR-US: Acronis CVE-2022-30989 RESERVED CVE-2022-30988 RESERVED CVE-2022-30987 RESERVED CVE-2022-30986 RESERVED CVE-2022-30985 RESERVED CVE-2022-30984 (A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Age ...) NOT-FOR-US: Rubrik CDM CVE-2022-30983 RESERVED CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is stored ...) NOT-FOR-US: Gentics CMS CVE-2022-30981 (An issue was discovered in Gentics CMS before 5.43.1. By uploading a m ...) NOT-FOR-US: Gentics CMS CVE-2022-30980 RESERVED CVE-2022-30979 RESERVED CVE-2022-30978 RESERVED CVE-2022-30977 RESERVED CVE-2022-29496 (A stack-based buffer overflow vulnerability exists in the BlynkConsole ...) NOT-FOR-US: BlynkConsole CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979) NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 CVE-2022-1794 (The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as pla ...) NOT-FOR-US: CODESYS CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1791 (The One Click Plugin Updater WordPress plugin through 2.4.14 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1790 (The New User Email Set Up WordPress plugin through 0.5.2 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call ...) {DSA-5161-1} - linux 5.17.11-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76 CVE-2022-1788 (Due to missing checks the Change Uploaded File Permissions WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2022-1787 (The Sideblog WordPress plugin through 6.0 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel\u2019s io_uring su ...) {DSA-5161-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/4 NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1 NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/ CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.) {DLA-3204-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) [stretch] - vim (Minor issue) NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977) CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1783 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...) NOT-FOR-US: erudika/para CVE-2022-1781 (The postTabs WordPress plugin through 2.10.6 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2022-1778 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X ...) NOT-FOR-US: Hitachi CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...) NOT-FOR-US: WordPress plugin CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...) NOT-FOR-US: WordPress plugin CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2179 NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78 NOTE: When fixing this issue make sure to as well apply (cf. CVE-2022-3178) NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3 NOTE: to not open that issue. CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) {DSA-5291-1} - mujs 1.2.0-3 NOTE: https://github.com/ccxvii/mujs/issues/161 NOTE: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec NOTE: https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) {DSA-5291-1} - mujs 1.2.0-3 NOTE: https://github.com/ccxvii/mujs/issues/162 NOTE: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61 NOTE: https://github.com/ccxvii/mujs/commit/799b62bf065b006e2bcb1c80044eab2b10412ecf CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk prior ...) NOT-FOR-US: Trudesk CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: jgraph/drawio CVE-2022-1773 (The WP Athletics WordPress plugin through 1.1.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-1772 (The Google Places Reviews WordPress plugin before 2.0.0 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb NOTE: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (v8.2.4975) NOTE: Crash in CLI tool, no security impact CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) NOT-FOR-US: bvsatyaram/random_password_generator CVE-2022-30973 (We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the ...) - tika (Affected release which missed the fix was never shipped, issue tracked via CVE-2022-30126) NOTE: http://www.openwall.com/lists/oss-security/2022/05/31/2 CVE-2022-1770 (Improper Privilege Management in GitHub repository polonel/trudesk pri ...) NOT-FOR-US: Trudesk CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974) NOTE: Crash in CLI tool, no security impact CVE-2022-1768 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) NOT-FOR-US: RSVPMaker plugin for WordPress CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1766 (Anchore Enterprise anchorectl version 0.1.4 improperly stored credenti ...) NOT-FOR-US: Anchore CVE-2022-1765 (The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2022-1763 (Due to missing checks the Static Page eXtended WordPress plugin throug ...) NOT-FOR-US: WordPress plugin CVE-2022-1762 (The iQ Block Country WordPress plugin before 1.2.20 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through 2.2.0 ...) NOT-FOR-US: WordPress plugin CVE-2022-1760 (The Core Control WordPress plugin through 1.2.1 does not have CSRF che ...) NOT-FOR-US: WordPress plugin CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check in p ...) NOT-FOR-US: WordPress plugin CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...) NOT-FOR-US: WordPress plugin CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...) NOT-FOR-US: Jenkins plugin CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...) NOT-FOR-US: Jenkins plugin CVE-2022-30970 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropd ...) NOT-FOR-US: Jenkins plugin CVE-2022-30969 (A cross-site request forgery (CSRF) vulnerability in Jenkins Autocompl ...) NOT-FOR-US: Jenkins plugin CVE-2022-30968 (Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name an ...) NOT-FOR-US: Jenkins plugin CVE-2022-30967 (Jenkins Selection tasks Plugin 1.0 and earlier does not escape the nam ...) NOT-FOR-US: Jenkins plugin CVE-2022-30966 (Jenkins Random String Parameter Plugin 1.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-30965 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-30964 (Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin CVE-2022-30963 (Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin CVE-2022-30962 (Jenkins Global Variable String Parameter Plugin 1.2 and earlier does n ...) NOT-FOR-US: Jenkins plugin CVE-2022-30961 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-30960 (Jenkins Application Detector Plugin 1.0.8 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-30959 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) NOT-FOR-US: Jenkins plugin CVE-2022-30958 (A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-30957 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) NOT-FOR-US: Jenkins plugin CVE-2022-30956 (Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL scheme ...) NOT-FOR-US: Jenkins plugin CVE-2022-30955 (Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission ...) NOT-FOR-US: Jenkins plugin CVE-2022-30954 (Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permis ...) NOT-FOR-US: Jenkins plugin CVE-2022-30953 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...) NOT-FOR-US: Jenkins plugin CVE-2022-30952 (Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allo ...) NOT-FOR-US: Jenkins plugin CVE-2022-30951 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) NOT-FOR-US: Jenkins plugin CVE-2022-30950 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) NOT-FOR-US: Jenkins plugin CVE-2022-30949 (Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to config ...) NOT-FOR-US: Jenkins plugin CVE-2022-30948 (Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to con ...) NOT-FOR-US: Jenkins plugin CVE-2022-30947 (Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configu ...) NOT-FOR-US: Jenkins plugin CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Script Se ...) NOT-FOR-US: Jenkins plugin CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allow ...) NOT-FOR-US: Jenkins plugin CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) NOT-FOR-US: Trudesk CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...) NOT-FOR-US: WoWonder CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) NOT-FOR-US: Trudesk CVE-2022-1751 RESERVED CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Si ...) NOT-FOR-US: Sticky Popup plugin for WordPress CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...) NOT-FOR-US: WordPress plugin CVE-2022-1748 (Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnecto ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...) NOT-FOR-US: Dominion CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...) NOT-FOR-US: Dominion CVE-2022-1745 (The authentication mechanism used by technicians on the tested version ...) NOT-FOR-US: Dominion CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems ImageCas ...) NOT-FOR-US: Dominion CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be manipu ...) NOT-FOR-US: Dominion CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X allows for r ...) NOT-FOR-US: Dominion CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a Termin ...) NOT-FOR-US: Dominion CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X\u2019s on-sc ...) NOT-FOR-US: Dominion CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...) NOT-FOR-US: Dominion CVE-2022-1738 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an ou ...) NOT-FOR-US: Fuji Electric CVE-2022-1737 (Pyramid Solutions' affected products, the Developer and DLL kits for E ...) NOT-FOR-US: Pyramid Solutions CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been rated as p ...) NOT-FOR-US: HTC One/Sense CVE-2022-30942 RESERVED CVE-2022-30941 RESERVED CVE-2022-30940 RESERVED CVE-2022-30939 RESERVED CVE-2022-30938 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...) NOT-FOR-US: Siemens CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...) NOT-FOR-US: Siemens CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ...) NOT-FOR-US: CODESYS CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled res ...) NOT-FOR-US: CODESYS CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) NOT-FOR-US: Samsung CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) NOT-FOR-US: Samsung CVE-2022-30755 (Improper authentication vulnerability in AppLock prior to SMR Jul-2022 ...) NOT-FOR-US: Samsung CVE-2022-30754 (Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul- ...) NOT-FOR-US: Samsung CVE-2022-30753 (Improper use of a unique device ID in unprotected SecSoterService prio ...) NOT-FOR-US: Samsung CVE-2022-30752 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) NOT-FOR-US: Samsung CVE-2022-30751 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) NOT-FOR-US: Samsung CVE-2022-30750 (Improper access control vulnerability in updateLastConnectedClientInfo ...) NOT-FOR-US: Samsung CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to 1.7.85. ...) NOT-FOR-US: Samsung CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to version 4.2.0 ...) NOT-FOR-US: Samsung CVE-2022-30747 (PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85. ...) NOT-FOR-US: Samsung CVE-2022-30746 (Missing caller check in Smart Things prior to version 1.7.85.12 allows ...) NOT-FOR-US: Samsung CVE-2022-30745 (Improper access control vulnerability in Quick Share prior to version ...) NOT-FOR-US: Samsung CVE-2022-30744 (DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to ve ...) NOT-FOR-US: Samsung CVE-2022-30743 (Improper privilege management vulnerability in Samsung Account prior t ...) NOT-FOR-US: Samsung CVE-2022-30742 (Sensitive information exposure vulnerability in FmmExtraOperation of F ...) NOT-FOR-US: Samsung CVE-2022-30741 (Sensitive information exposure vulnerability in SimChangeAlertManger o ...) NOT-FOR-US: Samsung CVE-2022-30740 (Improper auto-fill algorithm in Samsung Internet prior to version 17.0 ...) NOT-FOR-US: Samsung CVE-2022-30739 (Improper privilege management vulnerability in Samsung Account prior t ...) NOT-FOR-US: Samsung CVE-2022-30738 (Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows ...) NOT-FOR-US: Samsung CVE-2022-30737 (Implicit Intent hijacking vulnerability in Samsung Account prior to ve ...) NOT-FOR-US: Samsung CVE-2022-30736 (Improper privilege management vulnerability in Samsung Account prior t ...) NOT-FOR-US: Samsung CVE-2022-30735 (Improper privilege management vulnerability in Samsung Account prior t ...) NOT-FOR-US: Samsung CVE-2022-30734 (Sensitive information exposure in Sign-out log in Samsung Account prio ...) NOT-FOR-US: Samsung CVE-2022-30733 (Sensitive information exposure in Sign-in log in Samsung Account prior ...) NOT-FOR-US: Samsung CVE-2022-30732 (Exposure of Sensitive Information vulnerability in Samsung Account pri ...) NOT-FOR-US: Samsung CVE-2022-30731 (Improper access control vulnerability in My Files prior to version 13. ...) NOT-FOR-US: Samsung CVE-2022-30730 (Improper authorization in Samsung Pass prior to 1.0.00.33 allows physi ...) NOT-FOR-US: Samsung CVE-2022-30729 (Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2 ...) NOT-FOR-US: Samsung CVE-2022-30728 (Information exposure vulnerability in ScanPool prior to SMR Jun-2022 R ...) NOT-FOR-US: Samsung CVE-2022-30727 (Improper handling of insufficient permissions vulnerability in addAppP ...) NOT-FOR-US: Samsung CVE-2022-30726 (Unprotected component vulnerability in DeviceSearchTrampoline in SecSe ...) NOT-FOR-US: Samsung CVE-2022-30725 (Broadcasting Intent including the BluetoothDevice object without prope ...) NOT-FOR-US: Samsung CVE-2022-30724 (Broadcasting Intent including the BluetoothDevice object without prope ...) NOT-FOR-US: Samsung CVE-2022-30723 (Broadcasting Intent including the BluetoothDevice object without prope ...) NOT-FOR-US: Samsung CVE-2022-30722 (Implicit Intent hijacking vulnerability in Samsung Account prior to SM ...) NOT-FOR-US: Samsung CVE-2022-30721 (Improper input validation check logic vulnerability in libsmkvextracto ...) NOT-FOR-US: Samsung CVE-2022-30720 (Improper input validation check logic vulnerability in libsmkvextracto ...) NOT-FOR-US: Samsung CVE-2022-30719 (Improper input validation check logic vulnerability in libsmkvextracto ...) NOT-FOR-US: Samsung CVE-2022-30718 RESERVED CVE-2022-30717 (Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allo ...) NOT-FOR-US: Samsung CVE-2022-30716 (Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast pri ...) NOT-FOR-US: Samsung CVE-2022-30715 (Improper access control vulnerability in DofViewer prior to SMR Jun-20 ...) NOT-FOR-US: Samsung CVE-2022-30714 (Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2 ...) NOT-FOR-US: Samsung CVE-2022-30713 (Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 ...) NOT-FOR-US: Samsung CVE-2022-30712 (Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 ...) NOT-FOR-US: Samsung CVE-2022-30711 (Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 R ...) NOT-FOR-US: Samsung CVE-2022-30710 (Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 ...) NOT-FOR-US: Samsung CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL prior to ...) NOT-FOR-US: Samsung CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port 4444 uplo ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-1736 RESERVED - gnome-remote-desktop 42.1.1-2 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3 NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately NOTE: up to the local admin CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969) NOTE: Crash in CLI tool, no security impact CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in driver ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.11-1 (unimportant) [bullseye] - linux 5.10.120-1 NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6) NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968) NOTE: Crash in CLI tool, no security impact CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) NOT-FOR-US: Metasonic Doc WebClient CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1729 (A race condition was found the Linux kernel in perf_event_open() which ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2 NOTE: https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704 CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...) NOT-FOR-US: Trudesk CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to ...) NOT-FOR-US: jgraph/drawio CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...) - zoneminder (unimportant) NOTE: https://huntr.dev/bounties/9b85cc33-0395-4c31-8a42-3a94beb2efea NOTE: src:zoneminder embedds bootstrap-table-export.js in debian/missing-sources/ NOTE: https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9 (1.20.2) NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c NOTE: https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c (v8.2.4959) NOTE: Negligible security impact; crash in CLI tool CVE-2022-1724 (The Simple Membership WordPress plugin before 4.1.1 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...) NOT-FOR-US: jgraph/drawio CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...) {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956) NOTE: Crash in CLI tool, no security impact CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...) NOT-FOR-US: Trudesk CVE-2022-1718 (The trudesk application allows large characters to insert in the input ...) NOT-FOR-US: Trudesk CVE-2022-30936 RESERVED CVE-2022-30935 (An authorization bypass in b2evolution allows remote, unauthenticated ...) NOT-FOR-US: b2evolution CMS CVE-2022-30934 RESERVED CVE-2022-30933 RESERVED CVE-2022-30932 REJECTED CVE-2022-30931 (Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross ...) NOT-FOR-US: Employee Leaves Management System (ELMS) CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross Site Re ...) NOT-FOR-US: Tourism Management System Version CVE-2022-30929 (Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed ...) NOT-FOR-US: Mini-Tmall CVE-2022-30928 RESERVED CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling System ...) NOT-FOR-US: Simple Task Scheduling System CVE-2022-30926 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30925 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30924 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30923 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30922 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30921 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30920 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30919 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30918 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30917 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30916 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30915 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30914 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30913 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30912 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30911 RESERVED CVE-2022-30910 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30909 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) NOT-FOR-US: H3C CVE-2022-30908 RESERVED CVE-2022-30907 RESERVED CVE-2022-30906 RESERVED CVE-2022-30905 RESERVED CVE-2022-30904 (In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vul ...) NOT-FOR-US: Bestechnic Bluetooth Mesh SDK CVE-2022-30903 (Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA ...) NOT-FOR-US: Nokia "G-2425G-A" Bharti Airtel Routers Hardware CVE-2022-30902 RESERVED CVE-2022-30901 RESERVED CVE-2022-30900 RESERVED CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ...) NOT-FOR-US: PartKeepr CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms music porta ...) NOT-FOR-US: Cscms music portal system CVE-2022-30897 RESERVED CVE-2022-30896 RESERVED CVE-2022-30895 RESERVED CVE-2022-30894 RESERVED CVE-2022-30893 RESERVED CVE-2022-30892 RESERVED CVE-2022-30891 RESERVED CVE-2022-30890 RESERVED CVE-2022-30889 RESERVED CVE-2022-30888 RESERVED CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remote cod ...) NOT-FOR-US: Pharmacy Management System CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30885 (The pyesasky for python, as distributed on PyPI, included a code-execu ...) NOT-FOR-US: pyesasky CVE-2022-30884 RESERVED CVE-2022-30883 RESERVED CVE-2022-30882 (pyanxdns package in PyPI version 0.2 is vulnerable to code execution b ...) NOT-FOR-US: pyanxdns CVE-2022-30881 RESERVED CVE-2022-30880 RESERVED CVE-2022-30879 RESERVED CVE-2022-30878 RESERVED CVE-2022-30877 (The keep for python, as distributed on PyPI, included a code-execution ...) NOT-FOR-US: keep (shell command keeper) CVE-2022-30876 RESERVED CVE-2022-30875 (Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Er ...) - dolibarr CVE-2022-30874 (There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet ...) NOT-FOR-US: NukeViet CMS CVE-2022-30873 RESERVED CVE-2022-30872 RESERVED CVE-2022-30871 RESERVED CVE-2022-30870 RESERVED CVE-2022-30869 RESERVED CVE-2022-30868 RESERVED CVE-2022-30867 RESERVED CVE-2022-30866 RESERVED CVE-2022-30865 RESERVED CVE-2022-30864 RESERVED CVE-2022-30863 (FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_ti ...) NOT-FOR-US: FUDForum CVE-2022-30862 RESERVED CVE-2022-30861 (FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in For ...) NOT-FOR-US: FUDForum CVE-2022-30860 (FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload F ...) NOT-FOR-US: FUDForum CVE-2022-30859 RESERVED CVE-2022-30858 (An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnima ...) NOT-FOR-US: ngiflib CVE-2022-30857 RESERVED CVE-2022-30856 RESERVED CVE-2022-30855 RESERVED CVE-2022-30854 RESERVED CVE-2022-30853 RESERVED CVE-2022-30852 (Known v1.3.1 was discovered to contain an Insecure Direct Object Refer ...) NOT-FOR-US: Known CVE-2022-30851 RESERVED CVE-2022-30850 RESERVED CVE-2022-30849 RESERVED CVE-2022-30848 RESERVED CVE-2022-30847 RESERVED CVE-2022-30846 RESERVED CVE-2022-30845 RESERVED CVE-2022-30844 RESERVED CVE-2022-30843 (Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/cl ...) NOT-FOR-US: Room-rent-portal-site CVE-2022-30842 (Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Sit ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30841 RESERVED CVE-2022-30840 RESERVED CVE-2022-30839 (Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Room-rent-portal-site CVE-2022-30838 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: Toll-tax-management-system CVE-2022-30836 (Wedding Management System v1.0 is vulnerable to SQL Injection. via Wed ...) NOT-FOR-US: Wedding Management System CVE-2022-30835 (Wedding Management System v1.0 is vulnerable to SQL Injection. via /We ...) NOT-FOR-US: Wedding Management System CVE-2022-30834 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) NOT-FOR-US: Wedding Management System CVE-2022-30833 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) NOT-FOR-US: Wedding Management System CVE-2022-30832 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) NOT-FOR-US: Wedding Management System CVE-2022-30831 (Wedding Management System v1.0 is vulnerable to SQL Injection via Wedd ...) NOT-FOR-US: Wedding Management System CVE-2022-30830 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30829 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30828 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30827 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30826 (Wedding Management System v1.0 is vulnerable to SQL Injection via admi ...) NOT-FOR-US: Wedding Management System CVE-2022-30825 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30824 RESERVED CVE-2022-30823 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) NOT-FOR-US: Wedding Management System CVE-2022-30822 (In Wedding Management System v1.0, there is an arbitrary file upload v ...) NOT-FOR-US: Wedding Management System CVE-2022-30821 (In Wedding Management System v1.0, the editing function of the "Servic ...) NOT-FOR-US: Wedding Management System CVE-2022-30820 (In Wedding Management v1.0, there is an arbitrary file upload vulnerab ...) NOT-FOR-US: Wedding Management System CVE-2022-30819 (In Wedding Management System v1.0, there is an arbitrary file upload v ...) NOT-FOR-US: Wedding Management System CVE-2022-30818 (Wedding Management System v1.0 is vulnerable to SQL injection via /Wed ...) NOT-FOR-US: Wedding Management System CVE-2022-30817 (Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Simple Bus Ticket Booking System CVE-2022-30816 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.p ...) NOT-FOR-US: elitecms CVE-2022-30815 (elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.ph ...) NOT-FOR-US: elitecms CVE-2022-30814 (elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.p ...) NOT-FOR-US: elitecms CVE-2022-30813 (elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.) NOT-FOR-US: elitecms CVE-2022-30812 RESERVED CVE-2022-30811 RESERVED CVE-2022-30810 (elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.) NOT-FOR-US: elitecms CVE-2022-30809 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php? ...) NOT-FOR-US: elitecms CVE-2022-30808 (elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/man ...) NOT-FOR-US: elitecms CVE-2022-30807 RESERVED CVE-2022-30806 RESERVED CVE-2022-30805 RESERVED CVE-2022-30804 (elitecms v1.01 is vulnerable to Delete any file via /admin/delete_imag ...) NOT-FOR-US: elitecms CVE-2022-30803 RESERVED CVE-2022-30802 RESERVED CVE-2022-30801 RESERVED CVE-2022-30800 RESERVED CVE-2022-30799 (Online Ordering System v1.0 by oretnom23 has SQL injection via store/o ...) NOT-FOR-US: Online Ordering System CVE-2022-30798 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-30797 (Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection ...) NOT-FOR-US: Online Ordering System CVE-2022-30796 RESERVED CVE-2022-30795 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-30794 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) NOT-FOR-US: Online Ordering System CVE-2022-30793 RESERVED CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2 ...) [experimental] - u-boot 2022.07~rc4+dfsg-1 - u-boot 2022.07+dfsg-1 (bug #1014470) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4) CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17) CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17) NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17) CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/fb28eef6f1c26170566187c1ab7dc913a13ea43c (2022.5.17) NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17) NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17) CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/fb28eef6f1c26170566187c1ab7dc913a13ea43c (2022.5.17) NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17) CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/7f81935f32e58e8fec22bc46683b1b067469405f (2022.5.17) NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ CVE-2022-30782 (Openmoney API through 2020-06-29 uses the JavaScript Math.random funct ...) NOT-FOR-US: Openmoney CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote.) - gitea CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a den ...) - lighttpd 1.4.59-1 [buster] - lighttpd (Vulnerable code introduced later) [stretch] - lighttpd (Vulnerable code introduced later) NOTE: https://podalirius.net/en/cves/2022-30780/ NOTE: https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service NOTE: https://redmine.lighttpd.net/issues/3059 NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d (lighttpd-1.4.59) CVE-2022-30779 REJECTED CVE-2022-30778 REJECTED CVE-2022-30777 (Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from param ...) NOT-FOR-US: Parallels H-Sphere CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter ...) - atmailopen CVE-2022-30775 (xpdf 4.04 allocates excessive memory when presented with crafted input ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-30774 (DMA attacks on the parameter buffer used by the PnpSmm driver could ch ...) NOT-FOR-US: Insyde CVE-2022-30773 (DMA attacks on the parameter buffer used by the IhisiSmm driver could ...) NOT-FOR-US: Insyde CVE-2022-30772 (Manipulation of the input address in PnpSmm function 0x52 could be use ...) NOT-FOR-US: Insyde CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM corruption when ...) NOT-FOR-US: Insyde CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...) NOT-FOR-US: Terminalfour CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an attacker c ...) - zoneminder (unimportant) NOTE: https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3 NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows ...) - zoneminder (unimportant) NOTE: https://medium.com/@dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31 NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and throu ...) [experimental] - u-boot 2022.07~rc4+dfsg-1 - u-boot 2022.07+dfsg-1 (bug #1014471) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Incorrect fix for CVE-2019-14196 not applied) [stretch] - u-boot (Incorrect fix for CVE-2019-14196 not applied) NOTE: Introduced by: https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 (v2019.10-rc4) NOTE: https://lists.denx.de/pipermail/u-boot/2022-May/483952.html NOTE: https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/ NOTE: Issue exists because of an incorrect fix for CVE-2019-14196. NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80 (v2022.07-rc4) CVE-2022-30766 RESERVED CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection.) - calibre-web (bug #982690) CVE-2022-30764 RESERVED CVE-2022-30763 (Janet before 1.22.0 mishandles arrays.) - janet (bug #983003) CVE-2022-30762 RESERVED CVE-2022-30761 RESERVED CVE-2022-30760 (An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG F ...) NOT-FOR-US: fn2Web CVE-2022-30759 (In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sud ...) NOT-FOR-US: Nokia CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...) - webmin CVE-2022-1717 (The Custom Share Buttons with Floating Sidebar WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...) NOT-FOR-US: Keep My Notes CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...) NOT-FOR-US: Trend Micro CVE-2022-30702 (Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out- ...) NOT-FOR-US: Trend Micro CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) NOT-FOR-US: Trend Micro CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...) {DLA-3371-1} - unbound 1.16.2-1 (bug #1016493) [bullseye] - unbound 1.13.1-1+deb11u1 NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...) {DLA-3371-1} - unbound 1.16.2-1 (bug #1016493) [bullseye] - unbound 1.13.1-1+deb11u1 NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...) NOT-FOR-US: Acronis CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis CVE-2022-30694 (The login endpoint /FormLogin in affected web services does not apply ...) NOT-FOR-US: Siemens CVE-2022-30543 (A leftover debug code vulnerability exists in the console infct functi ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...) NOT-FOR-US: SHIRASAGI CVE-2022-29481 (A leftover debug code vulnerability exists in the console nvram functi ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-28689 (A leftover debug code vulnerability exists in the console support func ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26023 (A leftover debug code vulnerability exists in the console verify funct ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts prior t ...) NOT-FOR-US: neorazorx/facturascripts CVE-2022-1714 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0 NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An ...) NOT-FOR-US: jgraph/drawio CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1710 (The Appointment Hour Booking WordPress plugin before 1.3.56 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1708 (A vulnerability was found in CRI-O that causes memory or disk space ex ...) - cri-o (bug #979702) CVE-2022-1707 (The Google Tag Manager for WordPress plugin for WordPress is vulnerabl ...) NOT-FOR-US: Google Tag Manager for WordPress plugin for WordPress CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are acces ...) - ignition 2.14.0+ds1-1 (bug #1014716) NOTE: https://github.com/coreos/ignition/issues/1300 NOTE: https://github.com/coreos/ignition/pull/1350 CVE-2021-46279 (Session fixation and insufficient session expiration vulnerabilities a ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2021-45925 (Observable discrepancies in the login process allow an attacker to gue ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2021-44776 (A broken access control vulnerability in the SubNet_handler_func funct ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2021-44769 (An improper input validation vulnerability in the TLS certificate gene ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2021-44467 (A broken access control vulnerability in the KillDupUsr_func function ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2021-4228 (Use of hard-coded TLS certificate by default allows an attacker to per ...) NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) NOT-FOR-US: HashiCorp Vault CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) {DSA-5137-1 DLA-3013-1} - needrestart 3.6-1 (bug #1011154) NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...) NOT-FOR-US: Trend Micro CVE-2022-30686 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30685 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30684 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30683 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30682 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30679 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) NOT-FOR-US: Adobe CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-30676 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30675 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30674 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30673 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30672 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30671 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-30670 (RoboHelp Server earlier versions than RHS 11 Update 3 are affected by ...) NOT-FOR-US: RoboHelp Server CVE-2022-30669 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30668 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30667 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30666 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30665 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30664 (Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2022-30663 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30662 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30661 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30660 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30659 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30658 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-30657 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30656 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30655 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30654 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30653 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30652 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30651 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30650 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-30649 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30648 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30647 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30646 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30645 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30644 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30643 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30642 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30641 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30640 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30639 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30638 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30637 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-30636 RESERVED CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53615 NOTE: https://github.com/golang/go/commit/6fa37e98ea4382bf881428ee0c150ce591500eb7 (go1.19rc2) NOTE: https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (go1.18.4) NOTE: https://github.com/golang/go/commit/cd54600b866db0ad068ab8df06c7f5f6cb55c9b3 (go1.17.12) CVE-2022-30634 (Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 o ...) - golang-1.18 (Only affects Go on Windows) - golang-1.17 (Only affects Go on Windows) - golang-1.15 (Only affects Go on Windows) - golang-1.11 (Only affects Go on Windows) - golang-1.8 (Only affects Go on Windows) - golang-1.7 (Only affects Go on Windows) NOTE: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg NOTE: https://go.dev/issue/52561 NOTE: https://github.com/golang/go/commit/32dedaa69e22f1a058ae90b9484fd4c3b46fbcbf (go1.18.3) NOTE: https://github.com/golang/go/commit/2be03d789de905a4b050ff5f3a51b724e1b09494 (go1.17.11) CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53611 NOTE: https://github.com/golang/go/commit/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 (go1.19rc2) NOTE: https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (go1.18.4) NOTE: https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827 (go1.17.12) CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53416 NOTE: https://github.com/golang/go/commit/ac68c6c683409f98250d34ad282b9e1b0c9095ef (go1.19rc2) NOTE: https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (go1.18.4) NOTE: https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df (go1.17.12) CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17. ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://go.dev/issue/53168 NOTE: https://github.com/golang/go/commit/b2b8872c876201eac2d0707276c6999ff3eb185e (go1.19rc2) NOTE: https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (go1.18.4) NOTE: https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (go1.17.12) CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ...) - golang-1.19 1.19~rc2-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 (Introduced in 1.16) - golang-1.11 (Introduced in 1.16) NOTE: https://go.dev/issue/53415 NOTE: https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 (go1.19rc2) NOTE: https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (go1.18.4) NOTE: https://github.com/golang/go/commit/8c1d8c836270615cfb5b229932269048ef59ac07 (go1.17.12) NOTE: Introduced by https://github.com/golang/go/commit/b64202bc29b9c1cf0118878d1c0acc9cdb2308f6 (go1.16beta1) NOTE: io/fs/Glob.go introduced in 1.16; see CVE-2022-30632 for similar older code in path/filepath/ CVE-2022-30629 (Non-random values for ticket_age_add in session tickets in crypto/tls ...) - golang-1.18 1.18.3-1 - golang-1.17 1.17.11-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) - golang-1.8 [stretch] - golang-1.8 (Vulnerable code - TLS1.3 - introduced later) - golang-1.7 [stretch] - golang-1.7 (Vulnerable code - TLS1.3 - introduced later) NOTE: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg NOTE: https://go.dev/issue/52814 NOTE: https://github.com/golang/go/commit/c838098c327a1b6d63446f4722e943b02d235d78 (go1.18.3) NOTE: https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c (go1.17.11) CVE-2022-30628 (It was possible to download all receipts without authentication. Must ...) NOT-FOR-US: Supersmart.me CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...) NOT-FOR-US: Chcnav CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...) NOT-FOR-US: Chcnav CVE-2022-30625 (Directory listing is a web server function that displays the directory ...) NOT-FOR-US: Chcnav CVE-2022-30624 (Browsing the admin.html page allows the user to reset the admin passwo ...) NOT-FOR-US: Chcnav CVE-2022-30623 (The server checks the user's cookie in a non-standard way, and a value ...) NOT-FOR-US: Chcnav CVE-2022-30622 (Disclosure of information - the system allows you to view usernames an ...) NOT-FOR-US: Chcnav CVE-2022-30621 (Allows a remote user to read files on the camera's OS "GetFileContent. ...) NOT-FOR-US: Cellinx CVE-2022-30620 (On Cellinx Camera with guest enabled, attacker with web access can ele ...) NOT-FOR-US: Cellinx CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the Client-Si ...) NOT-FOR-US: Agile Point CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...) NOT-FOR-US: Strapi CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...) NOT-FOR-US: Strapi CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded cred ...) NOT-FOR-US: Rakuten Casa CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...) NOT-FOR-US: Rakuten Casa CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...) NOT-FOR-US: Rakuten Casa CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ...) - golang-1.19 1.19~rc1-1 - golang-1.18 1.18.4-1 - golang-1.17 1.17.13-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 (Introduced in 1.15) NOTE: https://go.dev/issue/53188 NOTE: https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1) NOTE: https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4) NOTE: https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08 (go1.17.12) NOTE: Introduced by https://github.com/golang/go/commit/d5734d4f2dd1168dc3df94f2b9912299aea0c0ac (go1.15beta1) CVE-2022-1704 (Due to an XML external entity reference, the software parses XML in th ...) NOT-FOR-US: Ignition CVE-2022-1703 (Improper neutralization of special elements in the SonicWall SSL-VPN S ...) NOT-FOR-US: SonicWall CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) NOT-FOR-US: SonicWall CVE-2022-1701 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) NOT-FOR-US: SonicWall CVE-2022-1700 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...) NOT-FOR-US: Forcepoint CVE-2022-30616 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-30615 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2022-30614 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a den ...) NOT-FOR-US: IBM CVE-2022-30613 (IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a ...) NOT-FOR-US: IBM CVE-2022-30612 RESERVED CVE-2022-30611 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) NOT-FOR-US: IBM CVE-2022-30610 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) NOT-FOR-US: IBM CVE-2022-30609 RESERVED CVE-2022-30608 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site re ...) NOT-FOR-US: IBM CVE-2022-30607 (IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 2 ...) NOT-FOR-US: IBM CVE-2022-30546 (Out-of-bounds read vulnerability exists in the simulator module contai ...) NOT-FOR-US: Fuji Electric V-SFT CVE-2022-30538 (Out-of-bounds write vulnerability exists in the simulator module conta ...) NOT-FOR-US: Fuji Electric V-SFT CVE-2022-29925 (Access of uninitialized pointer vulnerability exists in the simulator ...) NOT-FOR-US: Fuji Electric V-SFT CVE-2022-29522 (Use after free vulnerability exists in the simulator module contained ...) NOT-FOR-US: Fuji Electric V-SFT CVE-2022-29482 ('Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 imp ...) NOT-FOR-US: 'Mobaoku-Auction&Flea Market' App for iOS CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...) NOT-FOR-US: WordPress plugin CVE-2022-26302 (Heap-based buffer overflow exists in the simulator module contained in ...) NOT-FOR-US: Fuji Electric V-SFT CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...) NOT-FOR-US: organizr CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...) NOT-FOR-US: organizr CVE-2022-1697 (Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed th ...) NOT-FOR-US: Okta CVE-2022-1696 RESERVED CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...) NOT-FOR-US: WordPress plugin CVE-2022-1694 (The Useful Banner Manager WordPress plugin through 1.6.1 does not perf ...) NOT-FOR-US: WordPress plugin CVE-2022-1693 RESERVED CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...) NOT-FOR-US: WordPress plugin CVE-2022-1691 (The Realty Workstation WordPress plugin before 1.0.15 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...) NOT-FOR-US: facturascripts CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...) NOT-FOR-US: Requarks wiki.js CVE-2022-XXXX [RUSTSEC-2022-0022] - rust-hyper 0.14.19-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0022.html CVE-2022-XXXX [RUSTSEC-2022-0021] - rust-crossbeam-queue 0.3.5-1 [bullseye] - rust-crossbeam-queue (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0021.html CVE-2022-XXXX [RUSTSEC-2022-0019] - rust-crossbeam-channel 0.4.4-1 [bullseye] - rust-crossbeam-channel (Minor issue) [buster] - rust-crossbeam-channel (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0019.html CVE-2022-XXXX [RUSTSEC-2022-0020] - rust-crossbeam 0.8.1-1 [bullseye] - rust-crossbeam (Minor issue) [buster] - rust-crossbeam (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html NOTE: advisory seems wrong about fixed version, should be >= 0.8.0 CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...) - moodle CVE-2022-30599 (A flaw was found in moodle where an SQL injection risk was identified ...) - moodle CVE-2022-30598 (A flaw was found in moodle where global search results could include a ...) - moodle CVE-2022-30597 (A flaw was found in moodle where the description user field was not hi ...) - moodle CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...) - moodle CVE-2022-30595 (libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...) - pillow 9.1.1-1 [bullseye] - pillow (Vulnerable code introduced later) [buster] - pillow (Vulnerable code introduced later) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html#security NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/0d729941a89af9e00d9d01d14ec144ab358410cd (9.1.0) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280 (9.1.1) CVE-2022-30593 RESERVED CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...) NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC) CVE-2022-30591 (quic-go through 0.27.0 allows remote attackers to cause a denial of se ...) NOT-FOR-US: quic-go CVE-2022-30590 RESERVED CVE-2022-30589 RESERVED CVE-2022-30588 RESERVED CVE-2022-30587 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...) NOT-FOR-US: Gradle Enterprise CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...) NOT-FOR-US: Gradle Enterprise CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...) NOT-FOR-US: Archer CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...) NOT-FOR-US: Archer CVE-2022-30583 RESERVED CVE-2022-30582 RESERVED CVE-2022-30581 RESERVED CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 ...) - golang-1.18 (Only affects Go on Windows) - golang-1.17 (Only affects Go on Windows) - golang-1.15 (Only affects Go on Windows) - golang-1.11 (Only affects Go on Windows) - golang-1.8 (Only affects Go on Windows) - golang-1.7 (Only affects Go on Windows) NOTE: https://go.dev/issue/52574 CVE-2022-30579 (The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...) NOT-FOR-US: TIBCO CVE-2022-30578 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons co ...) NOT-FOR-US: TIBCO CVE-2022-30577 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a ...) NOT-FOR-US: TIBCO CVE-2022-30576 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) NOT-FOR-US: TIBCO CVE-2022-30575 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) NOT-FOR-US: TIBCO CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) NOT-FOR-US: TIBCO CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) NOT-FOR-US: TIBCO CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) NOT-FOR-US: TIBCO CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) NOT-FOR-US: TIBCO CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s TIBCO Dat ...) NOT-FOR-US: TIBCO CVE-2022-30569 RESERVED CVE-2022-30568 RESERVED CVE-2022-30567 RESERVED CVE-2022-30566 RESERVED CVE-2022-30565 RESERVED CVE-2022-30564 (Some Dahua embedded products have a vulnerability of unauthorized modi ...) NOT-FOR-US: Dahua CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request ...) NOT-FOR-US: Dahua CVE-2022-30562 (If the user enables the https function on the device, an attacker can ...) NOT-FOR-US: Dahua CVE-2022-30561 (When an attacker uses a man-in-the-middle attack to sniff the request ...) NOT-FOR-US: Dahua CVE-2022-30560 (When an attacker obtaining the administrative account and password, or ...) NOT-FOR-US: Dahua CVE-2022-30559 RESERVED CVE-2022-30558 RESERVED CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion is ...) NOT-FOR-US: Foxit PDF Reader and PDF Editor CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affecting a ...) [experimental] - gitlab 14.9.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel\u2019s Atheros wir ...) {DLA-3173-1 DLA-3131-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125 NOTE: https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/ CVE-2022-1678 (An issue was discovered in the Linux Kernel from 4.18 to 4.19, an impr ...) - linux 5.2.6-1 [buster] - linux 4.19.232-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=61 NOTE: https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a70f118475e037732557796accd0878a00fc25a CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTR ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1) CVE-2022-30556 (Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556 NOTE: https://github.com/apache/httpd/commit/3a561759fcb37af179585adb8478922dc9bc6a85 CVE-2022-30555 RESERVED CVE-2022-30554 RESERVED CVE-2022-30553 RESERVED CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow.) [experimental] - u-boot 2022.07~rc4+dfsg-1 - u-boot 2022.07+dfsg-1 (bug #1014470) [bullseye] - u-boot (Minor issue) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4) CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause ...) NOT-FOR-US: OPC UA Legacy Java Stack CVE-2022-30550 (An issue was discovered in the auth component in Dovecot 2.2 and 2.3 b ...) {DLA-3122-1} - dovecot 1:2.3.19.1+dfsg1-2 (bug #1016351) [bullseye] - dovecot 1:2.3.13+dfsg1-2+deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/9 NOTE: https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 NOTE: https://github.com/dovecot/core/commit/a1022072e2ce36f853873d910287f466165b184b CVE-2022-1677 (In OpenShift Container Platform, a user with permissions to create or ...) NOT-FOR-US: OpenShift CVE-2022-1676 REJECTED CVE-2022-1675 RESERVED CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938) NOTE: Negligible security impact; crash in CLI tool CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-1672 (The Insights from Google PageSpeed WordPress plugin before 4.0.7 does ...) NOT-FOR-US: WordPress plugin CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/r ...) - linux 5.17.3-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2083992 NOTE: Fixed by: https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1) CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...) NOT-FOR-US: Intel CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...) NOT-FOR-US: Intel CVE-2022-30338 (Incorrect default permissions in the Intel(R) VROC software before ver ...) NOT-FOR-US: Intel CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...) NOT-FOR-US: Intel CVE-2022-29919 (Use after free in the Intel(R) VROC software before version 7.7.6.1003 ...) NOT-FOR-US: Intel CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...) NOT-FOR-US: Intel CVE-2022-29887 (Cross-site Scripting (XSS) in some Intel(R) Manageability Commander so ...) NOT-FOR-US: Intel CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...) NOT-FOR-US: Intel CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before version ...) NOT-FOR-US: Intel CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...) NOT-FOR-US: Intel CVE-2022-29478 RESERVED CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before version 8 ...) NOT-FOR-US: Intel CVE-2022-28693 RESERVED NOT-FOR-US: Intel NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html CVE-2022-27877 RESERVED CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet Control ...) NOT-FOR-US: Intel CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...) NOT-FOR-US: Intel CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...) NOT-FOR-US: Intel CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...) {DSA-5207-1 DLA-3131-1 DLA-3102-1} - linux 5.18.16-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3 NOTE: https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47 CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...) NOT-FOR-US: Intel CVE-2022-25976 (Improper input validation in the Intel(R) VROC software before version ...) NOT-FOR-US: Intel CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...) NOT-FOR-US: Octopus Server CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...) NOT-FOR-US: Circutor CVE-2022-1668 (Weak default root user credentials allow remote attackers to easily ob ...) NOT-FOR-US: Secheron SEPCOS CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly running a ...) NOT-FOR-US: Secheron SEPCOS CVE-2022-1666 (The default password for the web application\u2019s root user (the ven ...) NOT-FOR-US: Secheron SEPCOS CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...) NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...) {DSA-5147-1 DLA-3022-1} - dpkg 1.21.8 NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b (1.21.8) NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 (1.20.10) NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 (1.19.8) NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be (1.18.26) CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking through ve ...) NOT-FOR-US: asith-eranga ISIC tour booking CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking through ...) NOT-FOR-US: asith-eranga ISIC tour booking CVE-2022-30527 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...) NOT-FOR-US: Siemens CVE-2022-1662 (In convert2rhel, there's an ansible playbook named ansible/run-convert ...) NOT-FOR-US: Red Hat convert2rhel CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...) NOT-FOR-US: Keysight N6854A and N6841A CVE-2022-1660 (The affected products are vulnerable of untrusted data due to deserial ...) NOT-FOR-US: Keysight N6854A and N6841A CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an ...) NOT-FOR-US: JupiterX Core CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary p ...) NOT-FOR-US: Jupiter Theme CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) ...) NOT-FOR-US: Jupiter Theme CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-i ...) NOT-FOR-US: JupiterX Theme CVE-2022-1655 (An Incorrect Permission Assignment for Critical Resource flaw was foun ...) - horizon (Red Hat-specific packaging issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681 NOTE: Seems to be specific to the way Red Hat distributes Horizon, the Debian NOTE: package defaults to SESSION_COOKIE_HTTPONLY = True CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any au ...) NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin CVE-2022-1653 (The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...) {DSA-5173-1} - linux 5.17.11-1 [bullseye] - linux 5.10.120-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/10/1 CVE-2022-1651 (A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in ...) - linux 5.17.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b (5.18-rc1) CVE-2022-1650 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) {DLA-3235-1} - node-eventsource 2.0.2+~1.1.8-1 [bullseye] - node-eventsource 1.0.7-1+deb11u1 [stretch] - node-eventsource (not covered by security support) NOTE: https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e/ NOTE: https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 (v2.0.2) CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449 NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1 CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path traversal in F ...) NOT-FOR-US: Pandora FMS CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...) NOT-FOR-US: Zyxel CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...) NOT-FOR-US: Zyxel CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-1645 (The Amazon Link WordPress plugin through 3.2.10 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-1644 (The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1643 (The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...) - xpdf (Debian uses poppler, which is not affected) CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...) NOT-FOR-US: Trend Micro CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations with ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522 NOTE: https://github.com/apache/httpd/commit/db47781128e42bd49f55076665b3f6ca4e2bc5e2 NOTE: https://github.com/apache/httpd/commit/96c75bba15b6ce20eb8d34aad717a046c000b233 CVE-2022-1642 (A program using swift-corelibs-foundation is vulnerable to a denial of ...) NOT-FOR-US: swift-corelibs-foundation CVE-2022-1641 (Use after free in Web UI Diagnostics in Google Chrome on Chrome OS pri ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1640 (Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allo ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1639 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowe ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1638 (Heap buffer overflow in V8 Internationalization in Google Chrome prior ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1637 (Inappropriate implementation in Web Contents in Google Chrome prior to ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1636 (Use after free in Performance APIs in Google Chrome prior to 101.0.495 ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1635 (Use after free in Permission Prompts in Google Chrome prior to 101.0.4 ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1634 (Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 a ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1633 (Use after free in Sharesheet in Google Chrome on Chrome OS prior to 10 ...) {DSA-5134-1} - chromium 101.0.4951.64-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1632 (An Improper Certificate Validation attack was found in Openshift. A re ...) NOT-FOR-US: OpenShift CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...) NOT-FOR-US: microweber CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect its log d ...) NOT-FOR-US: WordPress plugin CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository vim/ ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee NOTE: https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd (v8.2.4925) NOTE: Crash in CLI tool, no security impact CVE-2022-1628 (The Simple SEO plugin for WordPress is vulnerable to attribute-based s ...) NOT-FOR-US: Simple SEO plugin for WordPress CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...) NOT-FOR-US: WordPress plugin CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...) NOT-FOR-US: WordPress plugin CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...) NOT-FOR-US: D-Link CVE-2022-30520 RESERVED CVE-2022-30519 (XSS in signing form in Reprise Software RLM License Administration v14 ...) NOT-FOR-US: Reprise Software RLM License Administration CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered to co ...) NOT-FOR-US: ChatBot Application with a Suggestion Feature CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Mogu CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...) NOT-FOR-US: Hospital-Management-System CVE-2022-30515 (ZKTeco BioTime 8.5.4 is missing authentication on folders containing e ...) NOT-FOR-US: ZKTeco BioTime CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: School Dormitory Management System CVE-2022-30509 RESERVED CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...) NOT-FOR-US: DedeCMS CVE-2022-30507 RESERVED CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...) NOT-FOR-US: MCMS CVE-2022-30505 RESERVED CVE-2022-30504 RESERVED CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-30502 RESERVED CVE-2022-30501 RESERVED CVE-2022-30500 (Jfinal cms 5.1.0 is vulnerable to SQL Injection.) NOT-FOR-US: Jfinal cms CVE-2022-30499 RESERVED CVE-2022-30498 RESERVED CVE-2022-30497 RESERVED CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version 1.0, all ...) NOT-FOR-US: IDCE MV's application CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...) NOT-FOR-US: oretnom23 Automotive Shop Management System CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...) NOT-FOR-US: oretnom23 Automotive Shop Management System CVE-2022-30493 (In oretnom23 Automotive Shop Management System v1.0, the product id pa ...) NOT-FOR-US: oretnom23 Automotive Shop Management System CVE-2022-30492 RESERVED CVE-2022-30491 RESERVED CVE-2022-30490 (Badminton Center Management System V1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: WAVLINK CVE-2022-30488 RESERVED CVE-2022-30487 RESERVED CVE-2022-30486 RESERVED CVE-2022-30485 RESERVED CVE-2022-30484 RESERVED CVE-2022-30483 RESERVED CVE-2022-30482 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable ...) NOT-FOR-US: Ecommerce-project-with-php-and-mysqli-Fruits-Bazar CVE-2022-30481 (Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Inje ...) NOT-FOR-US: Food-order-and-table-reservation-system CVE-2022-30480 RESERVED CVE-2022-30479 RESERVED CVE-2022-30478 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable t ...) NOT-FOR-US: Ecommerce-project-with-php-and-mysqli-Fruits-Bazar CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) NOT-FOR-US: Tenda CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) NOT-FOR-US: Tenda CVE-2022-30475 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) NOT-FOR-US: Tenda CVE-2022-30474 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) NOT-FOR-US: Tenda CVE-2022-30473 (Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffe ...) NOT-FOR-US: Tenda CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer ...) NOT-FOR-US: Tenda CVE-2022-30471 RESERVED CVE-2022-30470 (In Afian Filerun 20220202 Changing the "search_tika_path" variable to ...) NOT-FOR-US: Afian Filerun CVE-2022-30469 (In Afian Filerun 20220202, lack of sanitization of the POST parameter ...) NOT-FOR-US: Afian Filerun CVE-2022-30468 RESERVED CVE-2022-30467 (Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of serv ...) NOT-FOR-US: Joy ebike Wolf Manufacturing CVE-2022-30466 (joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authe ...) NOT-FOR-US: joyebike Joy ebike Wolf Manufacturing CVE-2022-30465 RESERVED CVE-2022-30464 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Sit ...) NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP CVE-2022-30463 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-30462 (Water-billing-management-system v1.0 is affected by: Cross Site Script ...) NOT-FOR-US: Water-billing-management-system CVE-2022-30461 (Water-billing-management-system v1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Water-billing-management-system CVE-2022-30460 (Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripti ...) NOT-FOR-US: Simple Social Networking Site CVE-2022-30459 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP CVE-2022-30458 (Automotive Shop Management System v1.0 is vulnerable to Cross Site Scr ...) NOT-FOR-US: Automotive Shop Management System CVE-2022-30457 REJECTED CVE-2022-30456 (Badminton Center Management System 1.0 is vulnerable to Cross Site Scr ...) NOT-FOR-US: Badminton Center Management System CVE-2022-30455 (Badminton Center Management System 1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Badminton Center Management System CVE-2022-30454 (Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vlogg ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30453 (ShopWind <= 3.4.2 has a RCE vulnerability in Database.php) NOT-FOR-US: ShopWind CVE-2022-30452 (ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php) NOT-FOR-US: ShopWind CVE-2022-30451 (An authenticated user could execute code via a SQLi vulnerability in w ...) NOT-FOR-US: waimairenCMS CVE-2022-30450 (A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 vi ...) NOT-FOR-US: waimairenCMS CVE-2022-30449 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...) NOT-FOR-US: Hospital Management System in PHP with Source Code (HMS) CVE-2022-30448 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...) NOT-FOR-US: Hospital Management System in PHP with Source Code (HMS) CVE-2022-30447 RESERVED CVE-2022-30446 RESERVED CVE-2022-30445 RESERVED CVE-2022-30444 RESERVED CVE-2022-30443 RESERVED CVE-2022-30442 RESERVED CVE-2022-30441 RESERVED CVE-2022-30440 RESERVED CVE-2022-30439 RESERVED CVE-2022-30438 RESERVED CVE-2022-30437 RESERVED CVE-2022-30436 RESERVED CVE-2022-30435 RESERVED CVE-2022-30434 RESERVED CVE-2022-30433 RESERVED CVE-2022-30432 RESERVED CVE-2022-30431 RESERVED CVE-2022-30430 RESERVED CVE-2022-30429 (Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow ...) NOT-FOR-US: Neos CMS CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not filtere ...) NOT-FOR-US: ginadmin CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...) NOT-FOR-US: ginadmin CVE-2022-30426 (There is a stack buffer overflow vulnerability, which could lead to ar ...) NOT-FOR-US: Acer CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) NOT-FOR-US: Tenda CVE-2022-30424 RESERVED CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30422 (Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0 ...) NOT-FOR-US: Proietti Tech srl Planet Time Enterprise CVE-2022-30421 (Improper Authentication vulnerability in Toshiba Storage Security Soft ...) NOT-FOR-US: Toshiba CVE-2022-30420 RESERVED CVE-2022-30419 RESERVED CVE-2022-30418 RESERVED CVE-2022-30417 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30416 RESERVED CVE-2022-30415 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30414 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30413 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30412 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30411 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30410 RESERVED CVE-2022-30409 RESERVED CVE-2022-30408 (Covid-19 Travel Pass Management System v1.0 is vulnerable to file dele ...) NOT-FOR-US: Covid-19 Travel Pass Management System CVE-2022-30407 (Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Pharmacy Sales And Inventory System CVE-2022-30406 RESERVED CVE-2022-30405 RESERVED CVE-2022-30404 (College Management System v1.0 is vulnerable to SQL Injection via /Col ...) NOT-FOR-US: College Management System CVE-2022-30403 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30402 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30401 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30400 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30399 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30398 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30397 RESERVED CVE-2022-30396 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30395 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30394 RESERVED CVE-2022-30393 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30392 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30391 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30390 RESERVED CVE-2022-30389 RESERVED CVE-2022-30388 RESERVED CVE-2022-30387 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30386 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30385 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30384 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30383 RESERVED CVE-2022-30382 RESERVED CVE-2022-30381 (Merchandise Online Store v1.0 is vulnerable to file deletion via /vlog ...) NOT-FOR-US: Merchandise Online Store CVE-2022-30380 RESERVED CVE-2022-30379 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Simple Social Networking Site CVE-2022-30378 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Simple Social Networking Site CVE-2022-30377 RESERVED CVE-2022-30376 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) NOT-FOR-US: Sourcecodester Simple Social Networking Site CVE-2022-30375 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to fil ...) NOT-FOR-US: Sourcecodester Simple Social Networking Site CVE-2022-30374 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30373 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30372 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30371 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30370 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30369 RESERVED CVE-2022-30368 RESERVED CVE-2022-30367 (Air Cargo Management System v1.0 is vulnerable to file deletion via /a ...) NOT-FOR-US: Air Cargo Management System CVE-2022-30366 RESERVED CVE-2022-30365 RESERVED CVE-2022-30364 RESERVED CVE-2022-30363 RESERVED CVE-2022-30362 RESERVED CVE-2022-30361 RESERVED CVE-2022-30360 RESERVED CVE-2022-30359 RESERVED CVE-2022-30358 RESERVED CVE-2022-30357 RESERVED CVE-2022-30356 RESERVED CVE-2022-30355 RESERVED CVE-2022-30354 RESERVED CVE-2022-30353 RESERVED CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...) NOT-FOR-US: phpABook CVE-2022-30351 (PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having w ...) NOT-FOR-US: PDFZorro PDFZorro Online CVE-2022-30350 (Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable t ...) NOT-FOR-US: Avanquest Software RAD PDF (PDFEscape Online) CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: siteserver SSCMS CVE-2022-30348 RESERVED CVE-2022-30347 RESERVED CVE-2022-30346 RESERVED CVE-2022-30345 RESERVED CVE-2022-30344 RESERVED CVE-2022-30343 RESERVED CVE-2022-30342 RESERVED CVE-2022-30341 RESERVED CVE-2022-30340 RESERVED CVE-2022-30336 RESERVED CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via ...) NOT-FOR-US: Bonanza Wealth Management System CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allows a r ...) NOT-FOR-US: RCCMD CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) {DSA-5333-1} - tiff 4.4.0~rc1-1 [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) {DSA-5333-1} - tiff 4.4.0~rc1-1 [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...) {DLA-3204-1 DLA-3011-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919) NOTE: Crash in CLI tool, no security impact CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...) {DLA-3019-1} - admesh 0.98.4-2 (bug #1010770) [bullseye] - admesh (Minor issue; can be fixed via point release) [buster] - admesh (Minor issue; can be fixed via point release) NOTE: https://github.com/admesh/admesh/issues/28 NOTE: https://github.com/admesh/admesh/commit/e84d8353f1347e1f26f0a95770d92ba14e6ede38 CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51 NOTE: https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (v8.2.4901) NOTE: Crash in CLI tool, no security impact CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...) {DLA-3204-1 DLA-3011-1} - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899) NOTE: Crash in CLI tool, no security impact CVE-2022-1618 (The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2022-1617 (The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...) - brave-browser (bug #864795) CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...) {DLA-3534-1} - unrar-nonfree 1:6.1.7-1 (bug #1010837) [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u1 [buster] - unrar-nonfree 1:5.6.6-1+deb10u1 [stretch] - unrar-nonfree (Non-free not supported) - rar 2:6.20~b1-0.1 (bug #1012228) [bullseye] - rar 2:6.20-0.1~deb11u1 [stretch] - rar (Non-free not supported) NOTE: 6.12 application version corresponds to 6.1.7 source version: NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7 CVE-2022-30332 (In Talend Administration Center 7.3.1.20200219 before TAC-15950, the F ...) NOT-FOR-US: Talend CVE-2022-30331 (The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows in ...) NOT-FOR-US: TigerGraph CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...) NOT-FOR-US: KeepKey firmware CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...) NOT-FOR-US: TRENDnet CVE-2022-30328 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) NOT-FOR-US: TRENDnet CVE-2022-30327 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) NOT-FOR-US: TRENDnet CVE-2022-30326 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) NOT-FOR-US: TRENDnet CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) NOT-FOR-US: TRENDnet CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...) - nomad (In Debian Nomad doesn't bundle go-getter, but build depends a shared deb) CVE-2022-30323 (go-getter up to 1.5.11 and 2.0.2 panicked when processing password-pro ...) - golang-github-hashicorp-go-getter (bug #1011741) [bookworm] - golang-github-hashicorp-go-getter (Minor issue) [bullseye] - golang-github-hashicorp-go-getter (Minor issue) [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 NOTE: https://github.com/hashicorp/go-getter/pull/359 NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) CVE-2022-30322 (go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustio ...) - golang-github-hashicorp-go-getter (bug #1011741) [bookworm] - golang-github-hashicorp-go-getter (Minor issue) [bullseye] - golang-github-hashicorp-go-getter (Minor issue) [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 NOTE: https://github.com/hashicorp/go-getter/pull/359 NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go- ...) - golang-github-hashicorp-go-getter (bug #1011741) [bookworm] - golang-github-hashicorp-go-getter (Minor issue) [bullseye] - golang-github-hashicorp-go-getter (Minor issue) [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 NOTE: https://github.com/hashicorp/go-getter/pull/359 NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...) {DLA-3182-1 DLA-3011-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 NOTE: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895) CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Ri ...) NOT-FOR-US: Saia Burgess Controls CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authenticati ...) NOT-FOR-US: Saia Burgess Controls CVE-2022-30318 (Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Acco ...) NOT-FOR-US: Honeywell CVE-2022-30317 (Honeywell Experion LX through 2022-05-06 has Missing Authentication fo ...) NOT-FOR-US: Honeywell CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verificati ...) NOT-FOR-US: Honeywell CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 ...) NOT-FOR-US: Honeywell CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials ...) NOT-FOR-US: Honeywell CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing A ...) NOT-FOR-US: Honeywell CVE-2022-30312 (The Trend Controls IC protocol through 2022-05-06 allows Cleartext Tra ...) NOT-FOR-US: Trend Controls IC protocol CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) NOT-FOR-US: Festo CVE-2022-30310 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) NOT-FOR-US: Festo CVE-2022-30309 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) NOT-FOR-US: Festo CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) NOT-FOR-US: Festo CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA SSH h ...) NOT-FOR-US: FortiGuard CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the CA sign f ...) NOT-FOR-US: Fortinet CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...) NOT-FOR-US: FortiGuard CVE-2022-30304 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: Fortinet CVE-2022-30303 (Animproper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...) NOT-FOR-US: Fortinet CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...) NOT-FOR-US: Fortinet CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 thr ...) NOT-FOR-US: Fortinet CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 t ...) NOT-FOR-US: Fortinet CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...) NOT-FOR-US: FortiGuard CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edition ...) NOT-FOR-US: T&D Data Server CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...) NOT-FOR-US: ABB e-Design CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...) NOT-FOR-US: ABB e-Design CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...) [experimental] - samba 2:4.17.0+dfsg-1 - samba 2:4.16.5+dfsg-2 (bug #1021024) [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103 NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644 NOTE: Introduced by: https://gitlab.com/samba-team/samba/-/commit/664eed2e926f8f572b81e6d7c8e09b7ccbafb908 (samba-4.12.0) NOTE: Fixed by: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1) CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...) NOT-FOR-US: WordPress plugin CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...) NOT-FOR-US: WordPress plugin CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...) NOT-FOR-US: WordPress plugin CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...) NOT-FOR-US: WordPress plugin CVE-2022-1609 (The School Management WordPress plugin before 9.9.7 contains an obfusc ...) NOT-FOR-US: WordPress plugin CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...) NOT-FOR-US: ABB CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...) NOT-FOR-US: M-Files Server CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1603 (The Mail Subscribe List WordPress plugin before 2.1.4 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...) - uclibc (unimportant) NOTE: https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/ NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload. CVE-2022-30294 REJECTED CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.1-1 CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...) NOT-FOR-US: Strapi CVE-2022-1602 (A potential security vulnerability has been identified in HP ThinPro 7 ...) NOT-FOR-US: HP CVE-2022-1601 (The User Access Manager WordPress plugin before 2.2.18 prioritizes get ...) NOT-FOR-US: WordPress plugin CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...) NOT-FOR-US: WordPress plugin CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...) NOT-FOR-US: WordPress plugin CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.5 which is a companion to t ...) NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) NOT-FOR-US: WordPress plugin CVE-2022-1596 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: ABB REX640 CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secr ...) NOT-FOR-US: WordPress plugin CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...) NOT-FOR-US: WordPress plugin CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...) NOT-FOR-US: clinical-genomics/scout CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...) NOT-FOR-US: Bludit CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lac ...) - squirrel3 (bug #1014539) [bullseye] - squirrel3 (Minor issue) [buster] - squirrel3 (Minor issue) [stretch] - squirrel3 (Minor issue) NOTE: https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d NOTE: https://github.com/sprushed/CVE-2022-30292 CVE-2022-30291 RESERVED CVE-2022-30290 (In OpenCTI through 5.2.4, a broken access control vulnerability has be ...) NOT-FOR-US: OpenCTI CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified in th ...) NOT-FOR-US: OpenCTI CVE-2022-30288 (Agoo before 2.14.3 does not reject GraphQL fragment spreads that form ...) NOT-FOR-US: Ruby gem agoo CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflection inj ...) {DLA-3090-1} - php-horde-turba 4.2.25-6 (bug #1012279) NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/ NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html NOTE: Possible alternative patch: https://github.com/horde/turba/pull/7 NOTE: Fixed by: https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d (v4.2.26) NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26) CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 ...) NOT-FOR-US: pyscriptjs CVE-2022-30285 (In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash ...) NOT-FOR-US: Quest KACE System Management Appliance CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...) NOTE: Bogus python-libnmap issue CVE-2022-30283 (In UsbCoreDxe, tampering with the contents of the USB working buffer u ...) NOT-FOR-US: Insyde CVE-2022-30282 RESERVED CVE-2022-30281 RESERVED CVE-2022-30280 (/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF ...) NOT-FOR-US: Nokia CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2022-30278 (A vulnerability in Black Duck Hub\u2019s embedded MadCap Flare documen ...) NOT-FOR-US: Black Duck Hub CVE-2022-30277 (BD Synapsys\u2122, versions 4.20, 4.20 SR1, and 4.30, contain an insuf ...) NOT-FOR-US: BD Synapsys CVE-2022-30276 (The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an au ...) NOT-FOR-US: Motorola CVE-2022-30275 (The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cl ...) NOT-FOR-US: Motorola CVE-2022-30274 (The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafe ...) NOT-FOR-US: Motorola CVE-2022-30273 (The Motorola MDLC protocol through 2022-05-02 mishandles message integ ...) NOT-FOR-US: Motorola CVE-2022-30272 (The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integr ...) NOT-FOR-US: Motorola CVE-2022-30271 (The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH ...) NOT-FOR-US: Motorola CVE-2022-30270 (The Motorola ACE1000 RTU through 2022-05-02 has default credentials. I ...) NOT-FOR-US: Motorola CVE-2022-30269 (Motorola ACE1000 RTUs through 2022-05-02 mishandle application integri ...) NOT-FOR-US: Motorola CVE-2022-30268 RESERVED CVE-2022-30267 RESERVED CVE-2022-30266 RESERVED CVE-2022-30265 RESERVED CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...) NOT-FOR-US: Emerson CVE-2022-30263 RESERVED CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mish ...) NOT-FOR-US: Emerson CVE-2022-30261 RESERVED CVE-2022-30260 (Emerson DeltaV Distributed Control System (DCS) has insufficient verif ...) NOT-FOR-US: Emerson DeltaV Distributed Control System (DCS) CVE-2022-1588 REJECTED CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) {DLA-3363-1} - pcre2 10.40-1 (bug #1011954) [bullseye] - pcre2 10.36-2+deb11u1 [stretch] - pcre2 (Minor issue) NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40) CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) {DLA-3363-1} - pcre2 10.40-1 (bug #1011954) [bullseye] - pcre2 10.36-2+deb11u1 [stretch] - pcre2 (Minor issue) NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40) CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-30259 RESERVED CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) NOT-FOR-US: Technitium DNS Server CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) NOT-FOR-US: Technitium DNS Server CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) {DSA-5441-1 DLA-3457-1} - maradns 2.0.13-1.5 (bug #1033252) NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-manylabel-TTL.patch NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-cname-TTL.patch CVE-2022-30255 RESERVED CVE-2022-30254 RESERVED CVE-2022-30253 RESERVED CVE-2022-30252 RESERVED CVE-2022-30251 RESERVED CVE-2022-30250 RESERVED CVE-2022-30249 RESERVED CVE-2022-30248 RESERVED CVE-2022-30247 RESERVED CVE-2022-30246 RESERVED CVE-2022-30245 (Honeywell Alerton Compass Software 1.6.5 allows unauthenticated config ...) NOT-FOR-US: Honeywell CVE-2022-30244 (Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allow ...) NOT-FOR-US: Honeywell CVE-2022-30243 (Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticat ...) NOT-FOR-US: Honeywell CVE-2022-30242 (Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allow ...) NOT-FOR-US: Honeywell CVE-2022-30241 (The jquery.json-viewer library through 1.4.0 for Node.js does not prop ...) NOT-FOR-US: Node jquery.json-viewer CVE-2022-30240 (An argument injection vulnerability in the browser-based authenticatio ...) NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...) NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver CVE-2022-30238 (A CWE-287: Improper Authentication vulnerability exists that could all ...) NOT-FOR-US: Schneider Electric CVE-2022-30237 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists t ...) NOT-FOR-US: Schneider Electric CVE-2022-30236 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...) NOT-FOR-US: Schneider Electric CVE-2022-30235 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: Schneider Electric CVE-2022-30234 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) NOT-FOR-US: Schneider Electric CVE-2022-30231 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) NOT-FOR-US: Siemens CVE-2022-30230 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) NOT-FOR-US: Siemens CVE-2022-30229 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) NOT-FOR-US: Siemens CVE-2022-30228 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) NOT-FOR-US: Siemens CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber CVE-2022-1583 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...) NOT-FOR-US: WordPress plugin CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...) NOT-FOR-US: WordPress plugin CVE-2022-1581 (The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visi ...) NOT-FOR-US: WordPress plugin CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-1579 (The function check_is_login_page() uses headers for the IP check, whic ...) NOT-FOR-US: WordPress plugin CVE-2022-1578 (The My wpdb WordPress plugin before 2.5 is missing CSRF check when run ...) NOT-FOR-US: WordPress plugin CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is ...) NOT-FOR-US: WordPress plugin CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...) NOT-FOR-US: jgraph/drawio CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) NOT-FOR-US: WordPress plugin CVE-2022-1573 (The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-1572 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) NOT-FOR-US: WordPress plugin CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...) NOT-FOR-US: facturascripts CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...) NOT-FOR-US: WordPress plugin CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spa ...) NOT-FOR-US: WordPress plugin CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...) NOT-FOR-US: WordPress plugin CVE-2021-46810 RESERVED CVE-2021-46809 RESERVED CVE-2021-46808 RESERVED CVE-2021-46807 RESERVED CVE-2021-46806 RESERVED CVE-2021-46805 RESERVED CVE-2021-46804 RESERVED CVE-2021-46803 RESERVED CVE-2021-46802 RESERVED CVE-2021-46801 RESERVED CVE-2021-46800 RESERVED CVE-2021-46799 REJECTED CVE-2021-46798 RESERVED CVE-2021-46797 RESERVED CVE-2021-46796 REJECTED CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...) NOT-FOR-US: AMD CVE-2021-46794 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...) NOT-FOR-US: AMD CVE-2021-46793 REJECTED CVE-2021-46792 (Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow a ...) NOT-FOR-US: AMD CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...) NOT-FOR-US: AMD CVE-2022-30227 RESERVED CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30225 (Windows Media Player Network Sharing Service Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-30224 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-30223 (Windows Hyper-V Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30222 (Windows Shell Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30221 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30220 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-30219 RESERVED CVE-2022-30218 RESERVED CVE-2022-30217 RESERVED CVE-2022-30216 (Windows Server Service Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30215 (Active Directory Federation Services Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-30214 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30213 (Windows GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30212 (Windows Connected Devices Platform Service Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2022-30211 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-30210 RESERVED CVE-2022-30209 (Windows IIS Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30208 (Windows Security Account Manager (SAM) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30207 RESERVED CVE-2022-30206 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30205 (Windows Group Policy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30204 RESERVED CVE-2022-30203 (Windows Boot Manager Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30202 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-30201 RESERVED CVE-2022-30200 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30199 RESERVED CVE-2022-30198 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30195 RESERVED CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30191 RESERVED CVE-2022-30190 (

A remote code execution vulnerability exists when MSDT is called us ...) NOT-FOR-US: Microsoft CVE-2022-30189 (Windows Autopilot Device Management and Enrollment Client Spoofing Vul ...) NOT-FOR-US: Microsoft CVE-2022-30188 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30187 (Azure Storage Library Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30186 RESERVED CVE-2022-30185 RESERVED CVE-2022-30184 (.NET and Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-30183 RESERVED CVE-2022-30182 RESERVED CVE-2022-30181 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30180 (Azure RTOS GUIX Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30179 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30173 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30172 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30171 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30170 (Windows Credential Roaming Service Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-30169 RESERVED CVE-2022-30168 (Microsoft Photos App Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30167 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30166 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2022-30165 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30164 (Kerberos AppContainer Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30163 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30162 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30161 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30160 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-30159 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2022-30158 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30157 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30156 RESERVED CVE-2022-30155 (Windows Kernel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30154 (Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Pr ...) NOT-FOR-US: Microsoft CVE-2022-30153 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30152 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-30151 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2022-30150 (Windows Defender Remote Credential Guard Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-30149 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30148 (Windows Desired State Configuration (DSC) Information Disclosure Vulne ...) NOT-FOR-US: Microsoft CVE-2022-30147 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30146 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30142 (Windows File History Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30141 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30140 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30139 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-30138 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30137 (

Executive Summary

An Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30134 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-30130 (.NET Framework Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30128 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...) NOT-FOR-US: WP-JS plugin for WordPress CVE-2022-1566 (The Quotes llama WordPress plugin before 1.0.0 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1565 (The plugin WP All Import is vulnerable to arbitrary file uploads due t ...) NOT-FOR-US: WordPress plugin CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1563 (The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prev ...) NOT-FOR-US: WordPress plugin CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploade ...) NOT-FOR-US: WordPress plugin CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions ...) NOT-FOR-US: Lura Project CVE-2022-1560 (The Amministrazione Aperta WordPress plugin before 3.8 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through 1.2.3 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-1556 (The StaffList WordPress plugin before 3.1.5 does not properly sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/micro ...) NOT-FOR-US: microweber CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...) NOT-FOR-US: clinical-genomics/scout CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class, used ...) - tika (bug #1015002) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3 CVE-2022-1553 (Leaking password protected articles content due to improper access con ...) NOT-FOR-US: Publify CVE-2022-1552 (A flaw was found in PostgreSQL. There is an issue with incomplete effo ...) {DSA-5136-1 DSA-5135-1} - postgresql-14 14.3-1 - postgresql-13 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda (REL_14_3) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=677a494789062ca88e0142a17bedd5415f6ab0aa (REL_14_3) CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict ...) NOT-FOR-US: WordPress plugin CVE-2022-30125 RESERVED CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat Mobile ...) NOT-FOR-US: Rocket.Chat Mobile App CVE-2022-30123 (A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 a ...) {DSA-5530-1 DLA-3095-1} - ruby-rack 2.2.4-1 NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr NOTE: https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 (main) CVE-2022-30122 (A possible denial of service vulnerability exists in Rack <2.0.9.1, <2 ...) {DSA-5530-1 DLA-3095-1} - ruby-rack 2.2.4-1 NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 NOTE: https://github.com/rack/rack/commit/d286516cbd58fbb2ad6944ce9040e9ba96d9371a (3.0.0.beta1) NOTE: https://github.com/rack/rack/commit/a872bcce127a6f4a0f16af8f28b686955ba32814 (2.2.3.1) NOTE: https://github.com/rack/rack/commit/41be3d7f3fd73ccf246ad97c3831d02f99d2ce84 (2.1.4.1) CVE-2022-30121 (The \u201cLANDesk(R) Management Agent\u201d service exposes a socket a ...) NOT-FOR-US: Ivanti CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...) NOT-FOR-US: Concrete CMS CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...) NOT-FOR-US: Concrete CMS CVE-2022-30118 (Title for CVE: XSS in /dashboard/system/express/entities/forms/save_co ...) NOT-FOR-US: Concrete CMS CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow t ...) NOT-FOR-US: Concrete CMS CVE-2022-30116 RESERVED CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS directly i ...) - curl 7.83.1-1 [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/6 NOTE: https://curl.se/docs/CVE-2022-30115.html NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0) NOTE: Fixed by: https://github.com/curl/curl/commit/fae6fea209a2d4db1582f608bd8cc8000721733a (curl-7_83_1) CVE-2022-1551 (The SP Project & Document Manager WordPress plugin before 4.58 uses an ...) NOT-FOR-US: WordPress plugin CVE-2022-1550 REJECTED CVE-2022-1549 (The WP Athletics WordPress plugin through 1.1.7 does not sanitize para ...) NOT-FOR-US: WordPress plugin CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...) NOT-FOR-US: Mattermost Playbooks plugin CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-30114 (A heap-based buffer overflow in a network service in Fastweb FASTGate ...) NOT-FOR-US: Fastweb CVE-2022-30113 (Electronic mall system 1.0_build20200203 is affected vulnerable to SQL ...) NOT-FOR-US: Electronic mall system CVE-2022-30112 RESERVED CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...) NOT-FOR-US: MCK Smartlock CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enabled b ...) NOT-FOR-US: Jirafeau CVE-2022-30109 RESERVED CVE-2022-30108 RESERVED CVE-2022-30107 RESERVED CVE-2022-30106 RESERVED CVE-2022-30105 (In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden ...) NOT-FOR-US: Belkin CVE-2022-30104 RESERVED CVE-2022-30103 RESERVED CVE-2022-30102 RESERVED CVE-2022-30101 RESERVED CVE-2022-30100 RESERVED CVE-2022-30099 RESERVED CVE-2022-30098 RESERVED CVE-2022-30097 RESERVED CVE-2022-30096 RESERVED CVE-2022-30095 RESERVED CVE-2022-30094 RESERVED CVE-2022-30093 RESERVED CVE-2022-30092 RESERVED CVE-2022-30091 RESERVED CVE-2022-30090 RESERVED CVE-2022-30089 RESERVED CVE-2022-30088 RESERVED CVE-2022-30087 RESERVED CVE-2022-30086 RESERVED CVE-2022-30085 RESERVED CVE-2022-30084 RESERVED CVE-2022-30083 (EllieGrid Android Application version 3.4.1 is vulnerable to Code Inje ...) NOT-FOR-US: EllieGrid Android Application CVE-2022-30082 RESERVED CVE-2022-30081 RESERVED CVE-2022-30080 RESERVED CVE-2022-30079 (Command injection vulnerability was discovered in Netgear R6200 v2 fir ...) NOT-FOR-US: Netgear CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...) NOT-FOR-US: Netgear CVE-2022-30077 RESERVED CVE-2022-30076 (ENTAB ERP 1.0 allows attackers to discover users' full names via a bru ...) NOT-FOR-US: ENTAB ERP CVE-2022-30075 (In TP-Link Router AX50 firmware 210730 and older, import of a maliciou ...) NOT-FOR-US: TP-Link CVE-2022-30074 RESERVED CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/ ...) NOT-FOR-US: WBCE CMS CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\ ...) NOT-FOR-US: WBCE CMS CVE-2022-30071 RESERVED CVE-2022-30070 RESERVED CVE-2022-30069 RESERVED CVE-2022-30068 RESERVED CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ...) {DLA-3659-1} - gimp 2.10.32-1 (unimportant) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120 NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6 (master) NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10) NOTE: Crash in GUI application, no security impact CVE-2022-30066 RESERVED CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...) - busybox 1:1.36.1-1 (unimportant) NOTE: https://bugs.busybox.net/show_bug.cgi?id=14781 NOTE: https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e (1_36_0) NOTE: Crash in CLI tool, no security impact CVE-2022-30064 RESERVED CVE-2022-30063 (ftcms <=2.1 was discovered to be vulnerable to code execution attacks ...) NOT-FOR-US: ftcms CVE-2022-30062 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via ...) NOT-FOR-US: ftcms CVE-2022-30061 (ftcms <=2.1 was discovered to be vulnerable to directory traversal att ...) NOT-FOR-US: ftcms CVE-2022-30060 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write vi ...) NOT-FOR-US: ftcms CVE-2022-30059 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vu ...) NOT-FOR-US: Shopwind CVE-2022-30058 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download ...) NOT-FOR-US: Shopwind CVE-2022-30057 (Shopwind <=v3.4.2 was discovered to contain a stored cross-site script ...) NOT-FOR-US: Shopwind CVE-2022-30056 RESERVED CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...) NOT-FOR-US: Prime95 CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...) NOT-FOR-US: Covid 19 Travel Pass Management CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...) NOT-FOR-US: Toll Tax Management System CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...) NOT-FOR-US: Home Clean Service System CVE-2022-30051 RESERVED CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Gnuboard CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attacker ...) NOT-FOR-US: Rebuild CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-30046 RESERVED CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) - mapcache (unimportant; bug #1014389) - scilab (unimportant; bug #1014391) - netcdf 1:4.9.0-1 [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/29/ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2022-30044 RESERVED CVE-2022-30043 RESERVED CVE-2022-30042 RESERVED CVE-2022-30041 RESERVED CVE-2022-30040 (Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulne ...) NOT-FOR-US: Tenda CVE-2022-30039 RESERVED CVE-2022-30038 RESERVED CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP fi ...) NOT-FOR-US: XunRuiCMS CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root account ...) NOT-FOR-US: MA Lighting grandMA2 Light CVE-2022-30035 RESERVED CVE-2022-30034 (Flower, a web UI for the Celery Python RPC framework, all versions as ...) NOT-FOR-US: Flower CVE-2022-30033 (Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the fu ...) NOT-FOR-US: Tenda CVE-2022-30032 RESERVED CVE-2022-30031 RESERVED CVE-2022-30030 RESERVED CVE-2022-30029 RESERVED CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to change an ...) NOT-FOR-US: Dradis CVE-2022-30027 RESERVED CVE-2022-30026 RESERVED CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence ...) NOT-FOR-US: tCredence Analytics iDEAL Wealth and Funds CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...) NOT-FOR-US: TP-Link CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...) NOT-FOR-US: Tenda CVE-2022-30022 RESERVED CVE-2022-30021 RESERVED CVE-2022-30020 RESERVED CVE-2022-30019 RESERVED CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...) NOT-FOR-US: Mobotix Control Center (MxCC) CVE-2022-30017 (Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-30016 (Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Acces ...) NOT-FOR-US: Rescue Dispatch Management System CVE-2022-30015 (In Simple Food Website 1.0, a moderation can put the Cross Site Script ...) NOT-FOR-US: Simple Food Website CVE-2022-30014 (Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site ...) NOT-FOR-US: Lumidek Associates Simple Food Website CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...) NOT-FOR-US: totaljs CMS CVE-2022-30012 (In the POST request of the appointment.php page of HMS v.0, there are ...) NOT-FOR-US: HMS CVE-2022-30011 (In HMS 1.0 when requesting appointment.php through POST, multiple para ...) NOT-FOR-US: HMS CVE-2022-30010 RESERVED CVE-2022-30009 RESERVED CVE-2022-30008 RESERVED CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. The vuln ...) NOT-FOR-US: GXCMS CVE-2022-30006 RESERVED CVE-2022-30005 RESERVED CVE-2022-30004 (Sourcecodester Online Market Place Site v1.0 suffers from an unauthent ...) NOT-FOR-US: Sourcecodester Online Market Place Site CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...) NOT-FOR-US: Sourcecodester Online Market Place Site CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-30000 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-29999 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-29998 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) NOT-FOR-US: Sourcecodester Insurance Management System CVE-2022-29997 RESERVED CVE-2022-29996 RESERVED CVE-2022-29995 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29994 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29993 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29992 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29991 RESERVED CVE-2022-29990 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29989 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29988 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29987 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29986 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29985 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29984 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29983 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29982 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29981 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29980 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29979 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize, ...) - libsixel (bug #1014527) [bookworm] - libsixel (Minor issue) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/libsixel/libsixel/issues/63 NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/166 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...) - libsixel (bug #1014526) [bookworm] - libsixel (Minor issue) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/libsixel/libsixel/issues/62 NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/165 CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC Parameter was d ...) NOT-FOR-US: MDaemon CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC Parameter was di ...) NOT-FOR-US: MDaemon CVE-2022-29974 RESERVED CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...) [experimental] - fuse-exfat 1.4.0-1 - fuse-exfat (bug #1014538) [bookworm] - fuse-exfat (Minor issue) [bullseye] - fuse-exfat (Minor issue) [buster] - fuse-exfat (Minor issue) [stretch] - fuse-exfat (Minor issue) NOTE: https://github.com/relan/exfat/issues/185 NOTE: https://github.com/relan/exfat/commit/d7e780da261d6c74fc7583d987f841c92c468838 (v1.4.0) NOTE: https://github.com/relan/exfat/commit/d8d66f9a651b4223102af982b926043769c9428c (v1.4.0) CVE-2022-29972 (An argument injection vulnerability in the browser-based authenticatio ...) NOT-FOR-US: Magnitude Simba Amazon Redshift ODBC Driver CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...) NOT-FOR-US: Magnitude Simba Amazon Athena ODBC Driver CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...) {DLA-3166-1} - ruby-sinatra 2.2.2-1 (bug #1014717) NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0) CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...) NOT-FOR-US: RSS extension for MediaWiki CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...) - linux 5.17.6-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5) CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...) - gitlab 15.10.8+ds1-2 CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...) {DSA-5160-1 DLA-3055-1} - ntfs-3g 1:2022.5.17-1 (bug #1011770) NOTE: https://github.com/tuxera/ntfs-3g/issues/16 NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 NOTE: https://github.com/tuxera/ntfs-3g/commit/96412e28e5c7ac2d15f1cff8c825330bbb60976e (2022.5.17) CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization of Form ...) NOT-FOR-US: yii-helpers CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6. ...) - glewlwyd 2.7.0-1 [bullseye] - glewlwyd (Minor issue) [buster] - glewlwyd (Minor issue) NOTE: https://github.com/babelouest/glewlwyd/commit/e3f7245c33897bf9b3a75acfcdb8b7b93974bf11 CVE-2022-29966 RESERVED CVE-2022-29965 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) NOT-FOR-US: Emerson CVE-2022-29964 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) NOT-FOR-US: Emerson CVE-2022-29963 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) NOT-FOR-US: Emerson CVE-2022-29962 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) NOT-FOR-US: Emerson CVE-2022-29961 RESERVED CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...) NOT-FOR-US: Emerson CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...) NOT-FOR-US: Emerson CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...) NOT-FOR-US: JTEKT TOYOPUC PLCs CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...) NOT-FOR-US: Emerson CVE-2022-29956 RESERVED CVE-2022-29955 RESERVED CVE-2022-29954 RESERVED CVE-2022-29953 (The Bently Nevada 3700 series of condition monitoring equipment throug ...) NOT-FOR-US: Bently CVE-2022-29952 (Bently Nevada condition monitoring equipment through 2022-04-29 mishan ...) NOT-FOR-US: Bently CVE-2022-29951 (JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They u ...) NOT-FOR-US: JTEKT TOYOPUC PLCs CVE-2022-29950 (Experian Hunter 1.16 allows remote authenticated users to modify assum ...) NOT-FOR-US: Experian Hunter CVE-2022-29949 RESERVED CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive through KP00 ...) NOT-FOR-US: Lepin CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because web/src/com ...) - woodpecker (bug #1008934) CVE-2022-29946 RESERVED CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypted info ...) NOT-FOR-US: DJI drone devices CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29943 (Talend Administration Center has a vulnerability that allows an authen ...) NOT-FOR-US: Talend Administration Center CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an authen ...) NOT-FOR-US: Talend Administration Center CVE-2022-29941 RESERVED CVE-2022-29940 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters f ...) NOT-FOR-US: LibreHealth EHR CVE-2022-29939 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters d ...) NOT-FOR-US: LibreHealth EHR CVE-2022-29938 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter pa ...) NOT-FOR-US: LibreHealth EHR CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated DataCollect ...) NOT-FOR-US: USU Oracle Optimization CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated quantum users ...) NOT-FOR-US: USU Oracle Optimization CVE-2022-29935 (USU Oracle Optimization before 5.17.5 allows attackers to discover the ...) NOT-FOR-US: USU Oracle Optimization CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authentication, whi ...) NOT-FOR-US: USU Oracle Optimization CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who ...) NOT-FOR-US: Craft CMS CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an ...) NOT-FOR-US: PRIMEUR CVE-2022-29931 (The administration interface of the Raytion Custom Security Manager (R ...) NOT-FOR-US: Raytion CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the s ...) NOT-FOR-US: JetBrains Ktor CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a specially ...) NOT-FOR-US: Hitachi CVE-2022-29918 (Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzz ...) - firefox 100.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918 CVE-2022-29917 (Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and t ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29917 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917 CVE-2022-29916 (Firefox behaved slightly differently for already known resources when ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29916 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29916 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29916 CVE-2022-29915 (The Performance API did not properly hide the fact whether a request c ...) - firefox 100.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915 CVE-2022-29914 (When reusing existing popups Firefox would have allowed them to cover ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29914 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29914 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29914 CVE-2022-29913 (The parent process would not properly check whether the Speech Synthes ...) {DSA-5141-1 DLA-3020-1} - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913 CVE-2022-29912 (Requests initiated through reader mode did not properly omit cookies w ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29912 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29912 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29912 CVE-2022-29911 (An improper implementation of the new iframe sandbox keyword all ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29911 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29911 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29911 CVE-2022-29910 (When closed or sent to the background, Firefox for Android would not p ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910 CVE-2022-29909 (Documents in deeply-nested cross-origin browsing contexts could have o ...) {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} - firefox 100.0-1 - firefox-esr 91.9.0esr-1 - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909 CVE-2022-29492 (Improper Input Validation vulnerability in the handling of a malformed ...) NOT-FOR-US: Hitachi CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...) NOT-FOR-US: Workplace X CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...) NOT-FOR-US: scoold CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...) NOT-FOR-US: WordPress plugin CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2022-1538 (Theme Demo Import WordPress plugin before 1.1.1 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...) {DLA-3383-1} - grunt 1.5.3-1 [bullseye] - grunt 1.3.0-1+deb11u2 NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/ NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3) CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...) NOT-FOR-US: automad CVE-2022-1535 RESERVED CVE-2022-1534 (Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszews ...) - libmobi 0.11+dfsg-1 (bug #1011971) NOTE: https://huntr.dev/bounties/9a90ffa1-38f5-4685-9c00-68ba9068ce3d NOTE: https://github.com/bfabiszewski/libmobi/commit/fb1ab50e448ddbed746fd27ae07469bc506d838b (v0.11) CVE-2022-1533 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) - libmobi 0.11+dfsg-1 (bug #1011971) NOTE: https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3 NOTE: https://github.com/bfabiszewski/libmobi/commit/eafc415bc6067e72577f70d6dd5acbf057ce6e6f (v0.11) CVE-2022-1532 (Themify WordPress plugin before 1.3.8 does not sanitise and escape the ...) NOT-FOR-US: WordPress plugin CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in ...) NOT-FOR-US: RTX CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehel ...) NOT-FOR-US: livehelperchat CVE-2022-1529 (An attacker could have sent a message to the parent process where the ...) {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} - firefox 100.0.2-1 - firefox-esr 91.9.1esr-1 - thunderbird 1:91.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529 NOTE: https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 NOTE: https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2 CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) NOT-FOR-US: WordPress plugin CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-4227 (The ark-commenteditor WordPress plugin through 2.15.6 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...) NOT-FOR-US: Fabasoft CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...) NOT-FOR-US: MediaWiki Nimbus skin CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki QuizGame extension CVE-2022-29905 (The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d ...) NOT-FOR-US: MediaWiki FanBoxes extension CVE-2022-29904 (The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e ...) NOT-FOR-US: MediaWiki SemanticDrilldown extension CVE-2022-29903 (The Private Domains extension for MediaWiki through 1.37.2 (before 1ad ...) NOT-FOR-US: MediaWiki Private Domains extension CVE-2022-29902 RESERVED CVE-2022-1526 (A vulnerability, which was classified as problematic, was found in Eml ...) NOT-FOR-US: Emlog Pro CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Spectre ...) {DSA-5207-1 DLA-3245-1 DLA-3102-1} - linux 5.18.14-1 NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow arbit ...) {DSA-5207-1 DSA-5184-1 DLA-3102-1} - linux 5.18.14-1 [buster] - linux (Mitigation is too invasive to backport) - xen 4.16.2-1 [buster] - xen (DSA 4677-1) NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 NOTE: https://xenbits.xen.org/xsa/advisory-407.html CVE-2022-29899 REJECTED CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) NOT-FOR-US: RAD-ISM-900-EN CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) NOT-FOR-US: RAD-ISM-900-EN CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) NOT-FOR-US: Cybozu CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...) {DSA-5265-1 DLA-3160-1} - tomcat9 9.0.63-1 - tomcat8 [stretch] - tomcat8 (Minor issue) NOTE: https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48 (9.0.63) NOTE: https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890 (8.5.79) CVE-2022-29884 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) NOT-FOR-US: Siemens CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29882 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29881 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29880 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29879 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29878 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29875 (A vulnerability has been identified in Biograph Horizon PET/CT Systems ...) NOT-FOR-US: Siemens CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) NOT-FOR-US: Siemens CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...) NOT-FOR-US: Koyo Screen Creator Advance2 CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...) NOT-FOR-US: Cybozu CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...) NOT-FOR-US: Cybozu CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...) NOT-FOR-US: Cybozu CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...) NOT-FOR-US: Cybozu CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...) NOT-FOR-US: Cybozu CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...) NOT-FOR-US: Cybozu CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...) NOT-FOR-US: Cybozu CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) NOT-FOR-US: Cybozu CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...) NOT-FOR-US: Cybozu CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...) NOT-FOR-US: Cybozu CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...) NOT-FOR-US: Cybozu CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...) NOT-FOR-US: Cybozu CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) NOT-FOR-US: Cognex 3D-A1000 Dimensioning System CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...) NOT-FOR-US: LRM CVE-2022-1523 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a wri ...) NOT-FOR-US: Fuji Electric CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) NOT-FOR-US: Cognex 3D-A1000 Dimensioning System CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...) NOT-FOR-US: LRM CVE-2022-1520 (When viewing an email message A, which contains an attached message B, ...) {DSA-5141-1 DLA-3020-1} - thunderbird 1:91.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520 CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded to the a ...) NOT-FOR-US: LRM CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a mali ...) NOT-FOR-US: LRM CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...) NOT-FOR-US: LRM CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s X ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1) NOTE: CONFIG_X25 is not set in Debian CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarRea ...) - libmatio 1.5.22-1 [bullseye] - libmatio (Minor issue) [buster] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/issues/186 NOTE: Fixed by: https://github.com/tbeu/matio/commit/b53b62b756920f4c1509f4ee06427f66c3b5c9c4 (v1.5.22) CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...) NOT-FOR-US: facturascripts CVE-2022-1513 (A potential vulnerability was reported in Lenovo PCManager prior to ve ...) NOT-FOR-US: Lenovo CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-1511 (Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4 ...) - snipe-it (bug #1005172) CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...) NOT-FOR-US: Hestia Control Panel CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...) NOT-FOR-US: 1Password CVE-2022-29867 RESERVED CVE-2022-29866 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaus ...) NOT-FOR-US: OPC UA .NET Standard Stack CVE-2022-29865 (OPC UA .NET Standard Stack allows a remote attacker to bypass the appl ...) NOT-FOR-US: OPC UA .NET Standard Stack CVE-2022-29864 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause ...) NOT-FOR-US: OPC UA .NET Standard Stack CVE-2022-29863 (OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a ...) NOT-FOR-US: OPC UA .NET Standard Stack CVE-2022-29862 (An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remot ...) NOT-FOR-US: OPC UA .NET Standard Stack CVE-2022-29861 RESERVED CVE-2022-29860 RESERVED CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for ...) NOT-FOR-US: SDK for Ameba1 CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 is vulnerable to imprope ...) NOT-FOR-US: Silverstripe CMS CVE-2022-29857 RESERVED CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an attacker t ...) NOT-FOR-US: Automation360 CVE-2022-29855 (Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have " ...) NOT-FOR-US: Mitel CVE-2022-29854 (A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, ...) NOT-FOR-US: Mitel CVE-2022-29853 (OX App Suite through 8.2 allows XSS via a certain complex hierarchy th ...) NOT-FOR-US: OX App Suite CVE-2022-29852 (OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-f ...) NOT-FOR-US: OX App Suite CVE-2022-29851 (documentconverter in OX App Suite through 7.10.6, in a non-default con ...) NOT-FOR-US: OX App Suite CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker who has ...) NOT-FOR-US: Lexmark CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...) NOT-FOR-US: Progress OpenEdge CVE-2022-29848 (In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, i ...) NOT-FOR-US: Progress Ipswitch WhatsUp Gold CVE-2022-29847 (In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, i ...) NOT-FOR-US: Progress Ipswitch WhatsUp Gold CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it ...) NOT-FOR-US: Progress Ipswitch WhatsUp Gold CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...) NOT-FOR-US: Progress Ipswitch WhatsUp Gold CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...) NOT-FOR-US: Western Digital CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...) NOT-FOR-US: Western Digital CVE-2022-29842 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Western Digital CVE-2022-29841 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: Western Digital CVE-2022-29840 (Server-Side Request Forgery (SSRF) vulnerability that could allow a ro ...) NOT-FOR-US: Western Digital CVE-2022-29839 (Insufficiently Protected Credentials vulnerability in the remote backu ...) NOT-FOR-US: Western Digital CVE-2022-29838 (Improper Authentication vulnerability in the encrypted volumes and aut ...) NOT-FOR-US: Western Digital CVE-2022-29837 (A path traversal vulnerability was addressed in Western Digital My Clo ...) NOT-FOR-US: Western Digital CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Western Digital CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...) NOT-FOR-US: WD Discovery software CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: ICONICS CVE-2022-29833 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) NOT-FOR-US: Mitsubishi CVE-2022-29832 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: Mitsubishi CVE-2022-29831 (Use of Hard-coded Password vulnerability in Mitsubishi Electric Corpor ...) NOT-FOR-US: Mitsubishi CVE-2022-29830 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) NOT-FOR-US: Mitsubishi CVE-2022-29829 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) NOT-FOR-US: Mitsubishi CVE-2022-29828 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) NOT-FOR-US: Mitsubishi CVE-2022-29827 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) NOT-FOR-US: Mitsubishi CVE-2022-29826 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2022-29825 (Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Wor ...) NOT-FOR-US: Mitsubishi CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...) {DSA-5142-1 DLA-3012-1} - libxml2 2.9.14+dfsg-1 (bug #1010526) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2272 CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 35 ...) NOT-FOR-US: FUJITSU CVE-2022-29823 (Feather-Sequalize cleanQuery method uses insecure recursive logic to f ...) NOT-FOR-US: Feather js library CVE-2022-29822 (Due to improper parameter filtering in the Feathers js library, which ...) NOT-FOR-US: Feather js library CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via links in ReS ...) NOT-FOR-US: JetBrains Rider CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger port to th ...) - pycharm (bug #742394) CVE-2022-29819 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via link ...) - intellij-idea (bug #747616) CVE-2022-29818 (In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal ...) - intellij-idea (bug #747616) CVE-2022-29817 (In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messa ...) - intellij-idea (bug #747616) CVE-2022-29816 (In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messa ...) - intellij-idea (bug #747616) CVE-2022-29815 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via work ...) - intellij-idea (bug #747616) CVE-2022-29814 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML ...) - intellij-idea (bug #747616) CVE-2022-29813 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via cust ...) - intellij-idea (bug #747616) CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about ...) - intellij-idea (bug #747616) CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...) NOT-FOR-US: JetBrains Hub CVE-2022-1508 (An out-of-bounds read flaw was found in the Linux kernel\u2019s io_uri ...) - linux 5.15.3-1 [bullseye] - linux 5.10.120-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/89c2b3b74918200e46699338d7bcc19b1ea12110 (5.15-rc1) CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_frame ...) - chafa 1.10.2-1 (unimportant) NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/ NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2) NOTE: Crash in CLI tool, no security impact CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) NOT-FOR-US: RSVPMaker plugin for WordPress CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...) NOT-FOR-US: microweber CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 does not redact an SSH k ...) - golang-github-hashicorp-go-getter (Vulnerable code introduced later) NOTE: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc (v1.5.11) NOTE: introduced in https://github.com/hashicorp/go-getter/commit/854150ffed2dc250662096b4309b3510a13e0574 (v1.5.8) CVE-2022-29809 RESERVED CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: GetSimple CMS CVE-2022-1502 (Permissions were not properly verified in the API on projects using ve ...) NOT-FOR-US: Octopus Server CVE-2022-1501 (Inappropriate implementation in iframe in Google Chrome prior to 101.0 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1500 (Insufficient data validation in Dev Tools in Google Chrome prior to 10 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1499 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1498 (Inappropriate implementation in HTML Parser in Google Chrome prior to ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1497 (Inappropriate implementation in Input in Google Chrome prior to 101.0. ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1496 (Use after free in File Manager in Google Chrome prior to 101.0.4951.41 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1495 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1494 (Insufficient data validation in Trusted Types in Google Chrome prior t ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1493 (Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 al ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1492 (Insufficient data validation in Blink Editing in Google Chrome prior t ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1491 (Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 al ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1490 (Use after free in Browser Switcher in Google Chrome prior to 101.0.495 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1489 (Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1488 (Inappropriate implementation in Extensions API in Google Chrome prior ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1487 (Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowe ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1486 (Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1485 (Use after free in File System API in Google Chrome prior to 101.0.4951 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1484 (Heap buffer overflow in Web UI Settings in Google Chrome prior to 101. ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1483 (Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1482 (Inappropriate implementation in WebGL in Google Chrome prior to 101.0. ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1481 (Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951. ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1480 REJECTED CVE-2022-1479 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowe ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1478 (Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1477 (Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allow ...) {DSA-5125-1} - chromium 101.0.4951.41-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1476 (The All-in-One WP Migration plugin for WordPress is vulnerable to arbi ...) NOT-FOR-US: All-in-One WP Migration plugin for WordPress CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions before ...) {DSA-5124-1} - ffmpeg 7:4.4.2-1 [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/9651 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4) CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, contains ...) [experimental] - openssl 3.0.3-1 - openssl (Only affects OpenSSL 3.0) NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3) CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...) NOT-FOR-US: WordPress plugin CVE-2022-1471 (SnakeYaml's Constructor() class does not restrict types which can be i ...) - snakeyaml (unimportant) NOTE: https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-29808 (In Quest KACE Systems Management Appliance (SMA) through 12.0, predict ...) NOT-FOR-US: Quest KACE System Management Appliance CVE-2022-29807 (A SQL injection vulnerability exists within Quest KACE Systems Managem ...) NOT-FOR-US: Quest KACE System Management Appliance CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an invalid ...) - zoneminder 1.36.13+dfsg1-1 (unimportant) NOTE: https://forums.zoneminder.com/viewtopic.php?t=31638 NOTE: https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...) NOT-FOR-US: Fishbowl Inventory CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...) - golang-1.18 (Only affects Go on Windows) - golang-1.17 (Only affects Go on Windows) - golang-1.15 (Only affects Go on Windows) - golang-1.11 (Only affects Go on Windows) - golang-1.8 (Only affects Go on Windows) - golang-1.7 (Only affects Go on Windows) NOTE: https://go.dev/issue/52476 CVE-2022-29803 RESERVED CVE-2022-29802 RESERVED CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...) NOT-FOR-US: F5 BIG-IP CVE-2022-1467 (Windows OS can be configured to overlay a \u201clanguage bar\u201d on ...) NOT-FOR-US: AVEVA CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...) NOT-FOR-US: Red Hat Single Sign-On / Keycloak CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-29800 (A time-of-check-time-of-use (TOCTOU) race condition vulnerability was ...) - networkd-dispatcher 2.2.3-1 (unimportant; bug #1010303) NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133 NOTE: No security impact in Debian, see #1010303 CVE-2022-29799 (A vulnerability was found in networkd-dispatcher. This flaw exists bec ...) - networkd-dispatcher 2.2.3-1 (unimportant; bug #1010303) NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133 NOTE: No security impact in Debian, see #1010303 CVE-2022-29798 (There is a denial of service vulnerability in CV81-WDM FW versions 01. ...) NOT-FOR-US: Huawei CVE-2022-29797 (There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46 ...) NOT-FOR-US: Huawei CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity of the we ...) NOT-FOR-US: Huawei CVE-2022-29795 (The frame scheduling module has a null pointer dereference vulnerabili ...) NOT-FOR-US: Huawei CVE-2022-29794 (The frame scheduling module has a Use After Free (UAF) vulnerability.S ...) NOT-FOR-US: Huawei CVE-2022-29793 (There is a configuration defect in the activation lock of mobile phone ...) NOT-FOR-US: Huawei CVE-2022-29792 (The chip component has a vulnerability of disclosing CPU SNs.Successfu ...) NOT-FOR-US: Huawei CVE-2022-29791 (The HiAIserver has a vulnerability in verifying the validity of the we ...) NOT-FOR-US: Huawei CVE-2022-29790 (The graphics acceleration service has a vulnerability in multi-thread ...) NOT-FOR-US: Huawei CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity of the pr ...) NOT-FOR-US: Huawei CVE-2022-27174 (Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CU ...) NOT-FOR-US: EC-CUBE CVE-2022-1465 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 d ...) NOT-FOR-US: WordPress plugin CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the ...) NOT-FOR-US: Go Git Service CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...) NOT-FOR-US: Booking Calendar plugin for WordPress CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTY ...) {DLA-3131-1} - linux 5.18.14-1 [bullseye] - linux 5.10.136-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466 NOTE: https://www.openwall.com/lists/oss-security/2022/05/27/2 CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...) NOT-FOR-US: OpenEMR CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1459 (Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repos ...) NOT-FOR-US: OpenEMR CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...) NOT-FOR-US: OpenEMR CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & EditProducto ...) NOT-FOR-US: facturascripts CVE-2022-1456 (The Poll Maker WordPress plugin before 4.0.2 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2021-46789 (Configuration defects in the secure OS module. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...) NOT-FOR-US: Huawei CVE-2021-46787 (The AMS module has a vulnerability of improper permission control.Succ ...) NOT-FOR-US: Huawei CVE-2021-46786 (The audio module has a vulnerability in verifying the parameters passe ...) NOT-FOR-US: Huawei CVE-2021-46785 (The Property module has a vulnerability in permission control.This vul ...) NOT-FOR-US: Huawei CVE-2022-29788 (libmobi before v0.10 contains a NULL pointer dereference via the compo ...) - libmobi 0.11+dfsg-1 NOTE: https://github.com/bfabiszewski/libmobi/commit/ce0ab6586069791b1e8e2a42f44318e581c39939 (v0.11) CVE-2022-29787 RESERVED CVE-2022-29786 RESERVED CVE-2022-29785 RESERVED CVE-2022-29784 (PublicCMS V4.0.202204.a and below contains an information leak via the ...) NOT-FOR-US: PublicCMS CVE-2022-29783 RESERVED CVE-2022-29782 RESERVED CVE-2022-29781 RESERVED CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-29778 (D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due ...) NOT-FOR-US: D-Link CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) NOT-FOR-US: Onlyoffice Document Server CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) NOT-FOR-US: Onlyoffice Document Server CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...) NOT-FOR-US: iSpyConnect iSpy CVE-2022-29774 (iSpy v7.2.2.0 is vulnerable to remote command execution via path trave ...) NOT-FOR-US: iSpyConnect iSpy CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...) NOT-FOR-US: AlekSIS CVE-2022-29772 RESERVED CVE-2022-29771 RESERVED CVE-2022-29770 (XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: XXL-Job CVE-2022-29769 RESERVED CVE-2022-29768 RESERVED CVE-2022-29767 (adbyby v2.7 allows external users to make connections via port 8118. T ...) NOT-FOR-US: adbyby CVE-2022-29766 RESERVED CVE-2022-29765 RESERVED CVE-2022-29764 RESERVED CVE-2022-29763 RESERVED CVE-2022-29762 RESERVED CVE-2022-29761 RESERVED CVE-2022-29760 RESERVED CVE-2022-29759 RESERVED CVE-2022-29758 RESERVED CVE-2022-29757 RESERVED CVE-2022-29756 RESERVED CVE-2022-29755 RESERVED CVE-2022-29754 RESERVED CVE-2022-29753 RESERVED CVE-2022-29752 RESERVED CVE-2022-29751 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29750 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29749 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29748 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29747 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2022-29746 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2022-29745 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2022-29744 RESERVED CVE-2022-29743 RESERVED CVE-2022-29742 RESERVED CVE-2022-29741 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2022-29740 RESERVED CVE-2022-29739 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2022-29738 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2022-29737 RESERVED CVE-2022-29736 RESERVED CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows ...) NOT-FOR-US: Delta Controls enteliTOUCH CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 ...) NOT-FOR-US: ICT Protege GX/WX CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) NOT-FOR-US: Delta Controls enteliTOUCH CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) NOT-FOR-US: Delta Controls enteliTOUCH CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to ...) NOT-FOR-US: ICT Protege GX/WX CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...) NOT-FOR-US: USR IOT 4G LTE Industrial Cellular VPN Router CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...) NOT-FOR-US: Verizon 4G LTE Network Extender GA4.38 CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...) NOT-FOR-US: Survey Sparrow Enterprise Survey Software CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...) NOT-FOR-US: Survey Sparrow Enterprise Survey Software CVE-2022-29726 RESERVED CVE-2022-29725 (An arbitrary file upload in the image upload component of wityCMS v0.6 ...) NOT-FOR-US: wityCMS CVE-2022-29724 RESERVED CVE-2022-29723 RESERVED CVE-2022-29722 RESERVED CVE-2022-29721 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: 74cmsSE CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulner ...) NOT-FOR-US: 74cmsSE CVE-2022-29719 RESERVED CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...) - caddy (Fixed before initial upload to Debian to unstable; did affect experimental upload) NOTE: https://github.com/caddyserver/caddy/pull/4499 NOTE: https://github.com/caddyserver/caddy/commit/3fe2c73dd04f7769a9d9673236cb94b79ac45659 (v2.5.0-beta.1) CVE-2022-29717 RESERVED CVE-2022-29716 RESERVED CVE-2022-29715 RESERVED CVE-2022-29714 RESERVED CVE-2022-29713 RESERVED CVE-2022-29712 (LibreNMS v22.3.0 was discovered to contain multiple command injection ...) NOT-FOR-US: LibreNMS CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: LibreNMS CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in uploadConfirm.php of Lim ...) - limesurvey (bug #472802) CVE-2022-29709 (CommuniLink Internet Limited CLink Office v2.0 was discovered to conta ...) NOT-FOR-US: CommuniLink Internet Limited CLink Office CVE-2022-29708 RESERVED CVE-2022-29707 RESERVED CVE-2022-29706 RESERVED CVE-2022-29705 RESERVED CVE-2022-29704 (BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: BrowsBox CMS CVE-2022-29703 RESERVED CVE-2022-29702 RESERVED CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5. ...) - zammad (bug #841355) CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows for the ...) - zammad (bug #841355) CVE-2022-29699 RESERVED CVE-2022-29698 RESERVED CVE-2022-29697 RESERVED CVE-2022-29696 RESERVED CVE-2022-29695 (Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplet ...) NOT-FOR-US: Unicorn Engine CVE-2022-29694 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL p ...) NOT-FOR-US: Unicorn Engine CVE-2022-29693 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory ...) NOT-FOR-US: Unicorn Engine CVE-2022-29692 (Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulne ...) NOT-FOR-US: Unicorn Engine CVE-2022-29691 RESERVED CVE-2022-29690 RESERVED CVE-2022-29689 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29688 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29687 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29686 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29685 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29684 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29683 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29682 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29681 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29680 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29679 RESERVED CVE-2022-29678 RESERVED CVE-2022-29677 RESERVED CVE-2022-29676 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29675 RESERVED CVE-2022-29674 RESERVED CVE-2022-29673 RESERVED CVE-2022-29672 RESERVED CVE-2022-29671 RESERVED CVE-2022-29670 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29669 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29668 RESERVED CVE-2022-29667 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29666 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29665 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29664 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29663 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29662 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29661 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: CSCMS Music Portal System CVE-2022-29659 (Responsive Online Blog v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Responsive Online Blog CVE-2022-29658 RESERVED CVE-2022-29657 RESERVED CVE-2022-29656 (Wedding Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Wedding Management System CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos module of ...) NOT-FOR-US: Wedding Management System CVE-2022-29654 (Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm ...) - nasm 2.16.01-1 (unimportant) NOTE: Duplicate of CVE-2022-44370 CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...) NOT-FOR-US: OFCMS CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...) NOT-FOR-US: Online Food Ordering System CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Online Food Ordering System CVE-2022-29649 (Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: Qsmart Next CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...) NOT-FOR-US: Jfinal CMS CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...) NOT-FOR-US: MCMS CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...) NOT-FOR-US: TOTOLINK CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29644 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29643 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29642 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29641 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29640 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) NOT-FOR-US: TOTOLINK CVE-2022-29637 (An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows at ...) NOT-FOR-US: Mindoc CVE-2022-29636 RESERVED CVE-2022-29635 RESERVED CVE-2022-29634 RESERVED CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to access th ...) NOT-FOR-US: Linglong CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...) NOT-FOR-US: Roncoo Education CVE-2022-29631 (Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vul ...) - jodd (bug #1013270) [buster] - jodd (Minor issue) NOTE: https://github.com/oblac/jodd-http/issues/9 NOTE: Fixed by: https://github.com/oblac/jodd-http/commit/e50f573c8f6a39212ade68c6eb1256b2889fa8a6 (v6.2.1) CVE-2022-29630 RESERVED CVE-2022-29629 RESERVED CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of Online M ...) NOT-FOR-US: Online Market Place Site CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market Place Site ...) NOT-FOR-US: Online Market Place Site CVE-2022-29626 RESERVED CVE-2022-29625 RESERVED CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...) NOT-FOR-US: TPCMS CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...) NOT-FOR-US: expressjs/connect-multiparty CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...) - node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (unimportant; bug #1011341) NOTE: https://github.com/node-formidable/formidable/issues/856 NOTE: https://medium.com/@zsolt.imre/cve-2022-29622-in-vulnerability-analysis-5cf783c3721 CVE-2022-29621 RESERVED CVE-2022-29620 (FileZilla v3.59.0 allows attackers to obtain cleartext passwords of co ...) NOT-FOR-US: Disputed Filezilla issue CVE-2022-29619 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) NOT-FOR-US: SAP CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver Development Infras ...) NOT-FOR-US: SAP CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...) NOT-FOR-US: CLA assistant CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...) NOT-FOR-US: SAP CVE-2022-29615 (SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Ecli ...) NOT-FOR-US: SAP CVE-2022-29614 (SAP startservice - of SAP NetWeaver Application Server ABAP, Applicati ...) NOT-FOR-US: SAP CVE-2022-29613 (Due to insufficient input validation, SAP Employee Self Service allows ...) NOT-FOR-US: SAP CVE-2022-29612 (SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22 ...) NOT-FOR-US: SAP CVE-2022-29611 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not per ...) NOT-FOR-US: SAP CVE-2022-29610 (SAP NetWeaver Application Server ABAP allows an authenticated attacker ...) NOT-FOR-US: SAP CVE-2022-29609 (An issue was discovered in ONOS 2.5.1. An intent with the same source ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29608 (An issue was discovered in ONOS 2.5.1. An intent with a port that is a ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29607 (An issue was discovered in ONOS 2.5.1. Modification of an existing int ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29606 (An issue was discovered in ONOS 2.5.1. An intent with a large port num ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29605 (An issue was discovered in ONOS 2.5.1. IntentManager attempts to insta ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29604 (An issue was discovered in ONOS 2.5.1. An intent with an uppercase let ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS UniverSIS-API throug ...) NOT-FOR-US: UniverSIS CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1, 8.x thro ...) NOT-FOR-US: Typo3 extension CVE-2022-29601 (The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 a ...) NOT-FOR-US: Typo3 extension CVE-2022-29600 (The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO ...) NOT-FOR-US: Typo3 extension CVE-2022-1455 (The Call Now Button WordPress plugin before 1.1.2 does not escape a pa ...) NOT-FOR-US: WordPress plugin CVE-2022-1454 RESERVED CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) NOT-FOR-US: RSVPMaker plugin for WordPress CVE-2022-1452 (Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6 NOTE: https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168 CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new function in G ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7 NOTE: https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529 CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this ...) {DLA-2989-1} - ghostscript 9.27~dfsg-1 NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0 NOTE: Issue exists because of an incomplete fix for CVE-2019-3839 CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...) {DSA-5242-1 DLA-3086-1 DLA-3059-1} - maven-shared-utils 3.3.4-1 (bug #1012314) NOTE: https://github.com/apache/maven-shared-utils/pull/40 NOTE: https://issues.apache.org/jira/browse/MSHARED-297 NOTE: https://github.com/apache/maven-shared-utils/commit/f751e614c09df8de1a080dc1153931f3f68991c9 (maven-shared-utils-3.3.1) CVE-2022-1450 RESERVED CVE-2022-1449 RESERVED CVE-2022-1448 RESERVED CVE-2022-1447 RESERVED CVE-2022-1446 RESERVED CVE-2022-1445 (Stored Cross Site Scripting vulnerability in the checked_out_to parame ...) - snipe-it (bug #1005172) CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5 CVE-2022-1443 RESERVED CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...) NOT-FOR-US: WordPress plugin CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...) NOT-FOR-US: Solutions Atlantic Regulatory Reporting System (RRS CVE-2022-29597 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...) NOT-FOR-US: Solutions Atlantic Regulatory Reporting System (RRS) CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...) NOT-FOR-US: MicroStrategy Enterprise Manager CVE-2022-29595 RESERVED CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...) NOT-FOR-US: eG Agent CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...) NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2175 NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_r ...) NOT-FOR-US: Tenda CVE-2022-29591 (Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer over ...) NOT-FOR-US: Tenda CVE-2022-29590 RESERVED CVE-2022-29589 (Crypt Server before 3.3.0 allows XSS in the index view. This is relate ...) NOT-FOR-US: Crypt Server CVE-2022-29588 (Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext pass ...) NOT-FOR-US: Konica Minolta bizhub MFP devices CVE-2022-29587 (Konica Minolta bizhub MFP devices before 2022-04-14 have an internal C ...) NOT-FOR-US: Konica Minolta bizhub MFP devices CVE-2022-29586 (Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Es ...) NOT-FOR-US: Konica Minolta bizhub MFP devices CVE-2022-29585 (In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using ...) - mahara CVE-2022-29584 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS ...) - mahara CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...) - golang-github-kardianos-service (Windows-specific issue) NOTE: https://github.com/kardianos/service/pull/290 CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched of Linux ...) {DSA-5173-1} - linux 5.17.6-1 [bullseye] - linux 5.10.113-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3db09e762dc79584a69c10d74a6b98f89a9979f8 (5.18-rc4) NOTE: https://www.openwall.com/lists/oss-security/2022/05/18/2 CVE-2022-29580 (There exists a path traversal vulnerability in the Android Google Sear ...) NOT-FOR-US: Android Google Search app CVE-2022-29579 RESERVED CVE-2022-1440 (Command Injection vulnerability in git-interface@2.1.1 in GitHub repos ...) NOT-FOR-US: git-interface Nodejs module CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository ...) NOT-FOR-US: microweber CVE-2022-1438 (A flaw was found in Keycloak. Under specific circumstances, HTML entit ...) NOT-FOR-US: Keycloak CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038 NOTE: https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136 CVE-2022-1436 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1435 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly ...) [experimental] - openssl 3.0.3-1 - openssl (Only affects OpenSSL 3.0) NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3) CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...) - octoprint (bug #718591) CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...) - octoprint (bug #718591) CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...) - octoprint (bug #718591) CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...) {DSA-5127-1} - linux 5.17.3-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4 NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646 NOTE: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...) NOT-FOR-US: Meridian Cooperative Utility Software CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...) - libowasp-antisamy-java (Incomplete fix for CVE-2022-28367 not applied) NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) CVE-2022-29576 RESERVED CVE-2022-29575 RESERVED CVE-2022-29574 RESERVED CVE-2022-29573 RESERVED CVE-2022-29572 RESERVED CVE-2022-29571 RESERVED CVE-2022-29570 RESERVED CVE-2022-29569 RESERVED CVE-2022-29568 RESERVED CVE-2022-29567 (The default configuration of a TreeGrid component uses Object::toStrin ...) NOT-FOR-US: Vaadin CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...) NOT-FOR-US: Bulletproofs CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301 NOTE: https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b CVE-2022-29565 RESERVED CVE-2022-29564 (Jamf Private Access before 2022-05-16 has Incorrect Access Control, in ...) NOT-FOR-US: Jamf CVE-2022-29563 RESERVED CVE-2022-29562 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: RUGGEDCOM CVE-2022-29561 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: RUGGEDCOM CVE-2022-29560 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: RUGGEDCOM CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) NOT-FOR-US: WordPress plugin CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...) NOT-FOR-US: WordPress theme CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...) - gitlab 15.10.8+ds1-2 CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...) NOT-FOR-US: WordPress theme CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...) NOT-FOR-US: WordPress theme CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - vim 2:8.2.4793-1 (unimportant) [buster] - vim (method call operator -> introduced in 8.1.1803) NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774) NOTE: Crash in CLI tool, no security impact CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...) {DSA-5171-1} - squid 5.6-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w NOTE: https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (v4) NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-assert.html CVE-2022-29559 RESERVED CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...) NOT-FOR-US: Realtek CVE-2022-29557 (LexisNexis Firco Compliance Link 3.7 allows CSRF.) NOT-FOR-US: LexisNexis Firco Compliance Link CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise ...) NOT-FOR-US: mendersoftware/iot-manager CVE-2022-29555 (The Deviceconnect microservice through 1.3.0 in Northern.tech Mender E ...) NOT-FOR-US: mendersoftware/deviceconnect CVE-2022-29554 RESERVED CVE-2022-29553 RESERVED CVE-2022-29552 RESERVED CVE-2022-29551 RESERVED CVE-2022-29550 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps ...) NOT-FOR-US: Qualys CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes pr ...) NOT-FOR-US: Qualys CVE-2022-29548 (A reflected XSS issue exists in the Management Console of several WSO2 ...) NOT-FOR-US: WSO2 CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki does not ...) NOT-FOR-US: CreateRedirect MediaWiki extension CVE-2022-29546 (HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of servic ...) NOT-FOR-US: HtmlUnit NekoHtml CVE-2022-29545 RESERVED CVE-2022-29544 RESERVED CVE-2022-29543 RESERVED CVE-2022-29542 RESERVED CVE-2022-29541 RESERVED CVE-2022-29540 (resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issu ...) NOT-FOR-US: RESI Gemini-Net CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...) NOT-FOR-US: RESI Gemini-Net CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...) NOT-FOR-US: RESI Gemini-Net CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2173 NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...) {DSA-5208-1 DLA-3074-1} - epiphany-browser 42.2-1 (bug #1009959) [stretch] - epiphany-browser (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106 NOTE: Introduced by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228 (3.29.2) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL Injection via a ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...) NOT-FOR-US: MISP CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...) NOT-FOR-US: MISP CVE-2022-29532 (An issue was discovered in MISP before 2.4.158. There is XSS in the ce ...) NOT-FOR-US: MISP CVE-2022-29531 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...) NOT-FOR-US: MISP CVE-2022-29530 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...) NOT-FOR-US: MISP CVE-2022-29529 (An issue was discovered in MISP before 2.4.158. There is stored XSS vi ...) NOT-FOR-US: MISP CVE-2022-29528 (An issue was discovered in MISP before 2.4.158. PHAR deserialization c ...) NOT-FOR-US: MISP CVE-2022-1419 (The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_ ...) {DSA-5173-1} - linux 5.5.13-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/21/1 NOTE: Fixed by: https://git.kernel.org/linus/4b848f20eda5974020f043ca14bacf7a7e634fc8 (5.6-rc2) CVE-2022-1418 (The Social Stickers WordPress plugin through 2.2.9 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...) NOT-FOR-US: Amazon AWS amazon-ssm-agent CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...) - golang-1.18 1.18.2-1 - golang-1.17 1.17.10-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 (Vulnerable code introduced later) - golang-1.8 (Vulnerable code introduced later) - golang-1.7 (Vulnerable code introduced later) NOTE: https://go.dev/issue/52313 NOTE: https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU NOTE: Master : https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c NOTE: Branch.go1.17 : https://github.com/golang/go/commit/04781d14d2d33acbaf70f77e3a58ae0f3c90757c (1.17.10) NOTE: Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff (1.18.2) NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1) CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...) - gitlab 15.10.8+ds1-2 CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...) - gitlab 15.10.8+ds1-2 CVE-2022-1415 (A flaw was found where some utility classes in Drools core did not use ...) NOT-FOR-US: drools CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...) NOT-FOR-US: 3scale API Management CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...) NOT-FOR-US: WordPress plugin CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...) NOT-FOR-US: yetiforcecrm CVE-2022-1410 (OS Command Injection vulnerability in the db_optimize component of Dev ...) NOT-FOR-US: Device42 Asset Management Appliance CVE-2022-1409 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) NOT-FOR-US: WordPress plugin CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) NOT-FOR-US: WordPress plugin CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) NOT-FOR-US: WordPress plugin CVE-2022-29510 (Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB B ...) NOT-FOR-US: Intel CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...) NOT-FOR-US: LINE for Windows CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained by In ...) NOT-FOR-US: Intel CVE-2022-29469 RESERVED CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...) NOT-FOR-US: Intel CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board BIOS firmwa ...) NOT-FOR-US: Intel CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...) NOT-FOR-US: Intel CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before version 1 ...) NOT-FOR-US: Intel CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) NOT-FOR-US: Intel CVE-2022-26424 RESERVED CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...) NOT-FOR-US: Intel CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...) - gitlab 15.10.8+ds1-2 CVE-2022-29504 REJECTED CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread linuxthread ...) - uclibc (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1517 NOTE: Just for cross-compiling, not used for actual packages CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly sanitize inpu ...) NOT-FOR-US: CNCSoft CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does not pro ...) NOT-FOR-US: Delta Electronics CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) NOT-FOR-US: ASDA-Soft CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) NOT-FOR-US: ASDA-Soft CVE-2022-1401 (Improper Access Control vulnerability in the /Exago/WrImageResource.ad ...) NOT-FOR-US: Device42 Asset Management Appliance CVE-2022-1400 (Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi ...) NOT-FOR-US: Device42 Asset Management Appliance CVE-2022-1399 (An Argument Injection or Modification vulnerability in the "Change Sec ...) NOT-FOR-US: Device42 CMDB CVE-2022-1398 (The External Media without Import WordPress plugin through 1.1.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easyappoi ...) NOT-FOR-US: alextselegidis/easyappointments CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...) NOT-FOR-US: WordPress plugin CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...) NOT-FOR-US: WordPress plugin CVE-2022-1391 (The Cab fare calculator WordPress plugin before 1.0.4 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate] - snort (bug #1009820) [bullseye] - snort (Minor issue) [buster] - snort (Minor issue) [stretch] - snort (Minor issue) CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) - slurm-wlm 21.08.8.2-1 (bug #1010632) [bullseye] - slurm-wlm (Vulnerable code introduced later; affects only 21.08.x) - slurm-llnl (Vulnerable code introduced later; affects only 21.08.x) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html NOTE: https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e (slurm-21-08-8-1) CVE-2022-29501 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) {DSA-5166-1} - slurm-wlm 21.08.8.2-1 (bug #1010633) - slurm-llnl [buster] - slurm-llnl (Too intrusive to backport) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html NOTE: https://github.com/SchedMD/slurm/commit/ef62acfd2a566afc5187c554e908e4aa975211a1 (slurm-21-08-8-1) NOTE: https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12 (slurm-20-11-9-1) CVE-2022-29500 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) {DSA-5166-1} - slurm-wlm 21.08.8.2-1 (bug #1010634) - slurm-llnl [buster] - slurm-llnl (Too intrusive to backport) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html NOTE: https://github.com/SchedMD/slurm/commit/500787548cf3da22cc69ca2111ce51f77543849b (slurm-21-08-8-1) NOTE: https://github.com/SchedMD/slurm/commit/5b78f713f4b2e390ce80ad754b1240ad36e355ee (slurm-20-11-9-1) CVE-2022-29499 (The Service Appliance component in Mitel MiVoice Connect through 19.2 ...) NOT-FOR-US: Mitel CVE-2022-29498 (Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an ...) NOT-FOR-US: Blazer CVE-2022-29497 RESERVED CVE-2022-29491 (On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29480 (On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29479 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29474 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29473 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29464 (Certain WSO2 products allow unrestricted file upload with resultant re ...) NOT-FOR-US: WSO2 CVE-2022-29463 RESERVED CVE-2022-29462 RESERVED CVE-2022-29461 RESERVED CVE-2022-29460 RESERVED CVE-2022-29459 RESERVED CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...) {DLA-3167-1} - ncurses 6.3+20220423-1 (bug #1009870) [bullseye] - ncurses 6.2+20201114-2+deb11u1 [stretch] - ncurses (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html NOTE: https://invisible-island.net/ncurses/NEWS.html#t20220416 CVE-2022-29457 (Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Ex ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-29263 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28859 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions pri ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28716 (On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28714 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28708 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions pri ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28707 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28706 (On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28705 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28701 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profil ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) NOT-FOR-US: F5 BIG-IP CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plan ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27182 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-27181 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26890 (On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26835 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26517 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26415 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26372 (On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26370 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26340 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may ...) NOT-FOR-US: F5 BIG-IP CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-1388 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) NOT-FOR-US: F5 BIG-IP CVE-2022-29456 RESERVED CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elemen ...) NOT-FOR-US: WordPress plugin CVE-2022-29454 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...) NOT-FOR-US: WordPress plugin CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...) NOT-FOR-US: WordPress plugin CVE-2022-29452 (Authenticated (editor or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...) NOT-FOR-US: WordPress plugin CVE-2022-29450 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Ma ...) NOT-FOR-US: WordPress plugin CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) NOT-FOR-US: WordPress plugin CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion (LFI) v ...) NOT-FOR-US: WordPress plugin CVE-2022-29447 (Authenticated (administrator or higher user role) Local File Inclusion ...) NOT-FOR-US: WordPress plugin CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) NOT-FOR-US: WordPress plugin CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) NOT-FOR-US: WordPress plugin CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2022-29443 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...) NOT-FOR-US: WordPress plugin CVE-2022-29440 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-29439 (Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by Nex ...) NOT-FOR-US: WordPress plugin CVE-2022-29438 (Authenticated (author or higher user role) Persistent Cross-Site Scrip ...) NOT-FOR-US: WordPress plugin CVE-2022-29437 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Sl ...) NOT-FOR-US: WordPress plugin CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) NOT-FOR-US: WordPress plugin CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) NOT-FOR-US: WordPress plugin CVE-2022-29434 (Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...) NOT-FOR-US: WordPress plugin CVE-2022-29432 (Multiple Authenticated (administrator or higher user role) Persistent ...) NOT-FOR-US: WordPress plugin CVE-2022-29431 (Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plug ...) NOT-FOR-US: WordPress plugin CVE-2022-29430 (Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...) NOT-FOR-US: WordPress plugin CVE-2022-29428 (Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-29427 (Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disabl ...) NOT-FOR-US: WordPress plugin CVE-2022-29426 (Authenticated (contributor or higher user role) Reflected Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2022-29425 (Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files U ...) NOT-FOR-US: WordPress plugin CVE-2022-29424 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= ...) NOT-FOR-US: WordPress plugin CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...) NOT-FOR-US: WordPress plugin CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...) NOT-FOR-US: WordPress plugin CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...) NOT-FOR-US: WordPress plugin CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) ...) NOT-FOR-US: WordPress plugin CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adapti ...) NOT-FOR-US: WordPress plugin CVE-2022-29416 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inAfterpay ...) NOT-FOR-US: AfterPay CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2022-29414 (Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WP ...) NOT-FOR-US: WordPress plugin CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit \ ...) NOT-FOR-US: WordPress plugin CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u97f3\u4e50\u64 ...) NOT-FOR-US: WordPress plugin CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u ...) NOT-FOR-US: WordPress plugin CVE-2022-29409 REJECTED CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital' ...) NOT-FOR-US: WordPress plugin CVE-2022-29407 RESERVED CVE-2022-29406 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...) NOT-FOR-US: Rebooter CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...) NOT-FOR-US: Rebooter CVE-2022-1387 (The No Future Posts WordPress plugin through 1.4 does not escape its s ...) NOT-FOR-US: WordPress plugin CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...) NOT-FOR-US: WordPress plugin CVE-2022-29405 (In Apache Archiva, any registered user can reset password for any user ...) NOT-FOR-US: Apache Archiva CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...) - mattermost-server (bug #823556) CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...) - mattermost-server (bug #823556) CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9 NOTE: https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862 CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1 NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44 CVE-2022-29404 (In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404 NOTE: https://github.com/apache/httpd/commit/ce259c4061905bf834f9af51c92456cfe8335ddc CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vim/vim ...) - vim 2:8.2.4793-1 [bullseye] - vim (affects visual range parsing, which was added in 8.2.4633) [buster] - vim (affects visual range parsing, which was added in 8.2.4633) NOTE: https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4/ NOTE: https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 (v8.2.4763) CVE-2022-29403 RESERVED CVE-2022-29402 (TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protecti ...) NOT-FOR-US: TP-Link CVE-2022-29401 RESERVED CVE-2022-29400 RESERVED CVE-2022-29399 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29398 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29397 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29396 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29395 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29394 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29393 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29392 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29391 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2022-29390 RESERVED CVE-2022-29389 RESERVED CVE-2022-29388 RESERVED CVE-2022-29387 RESERVED CVE-2022-29386 RESERVED CVE-2022-29385 RESERVED CVE-2022-29384 RESERVED CVE-2022-29383 (NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovere ...) NOT-FOR-US: Netgear CVE-2022-29382 RESERVED CVE-2022-29381 RESERVED CVE-2022-29380 (Academy-LMS v4.3 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Academy-LMS CVE-2022-29379 (Nginx NJS v0.7.3 was discovered to contain a stack overflow in the fun ...) NOT-FOR-US: njs CVE-2022-29378 RESERVED CVE-2022-29377 (Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a st ...) NOT-FOR-US: TOTOLINK CVE-2022-29376 (Xampp for Windows v8.1.4 and below was discovered to contain insecure ...) NOT-FOR-US: XAMPP for Windows CVE-2022-29375 RESERVED CVE-2022-29374 RESERVED CVE-2022-29373 RESERVED CVE-2022-29372 RESERVED CVE-2022-29371 RESERVED CVE-2022-29370 RESERVED CVE-2022-29369 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation vi ...) NOT-FOR-US: njs CVE-2022-29368 (Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was di ...) NOT-FOR-US: Moddable SDK CVE-2022-29367 RESERVED CVE-2022-29366 RESERVED CVE-2022-29365 RESERVED CVE-2022-29364 RESERVED CVE-2022-29363 (Phpok v6.1 was discovered to contain a deserialization vulnerability v ...) NOT-FOR-US: qinggan phpok CVE-2022-29362 (A cross-site scripting (XSS) vulnerability in /navigation/create?Paren ...) NOT-FOR-US: ZKEACMS CVE-2022-29361 (Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below ...) NOTE: Disputed Werkzeug issue, no security impact NOTE: https://github.com/pallets/werkzeug/issues/2420 CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted em ...) {DLA-3435-1} - rainloop (bug #1004548) NOTE: https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/ NOTE: https://github.com/RainLoop/rainloop-webmail/issues/2142 CVE-2022-29359 (A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs ...) NOT-FOR-US: School Club Application System CVE-2022-29358 (epub2txt2 v2.04 was discovered to contain an integer overflow via the ...) - epub2txt2 (bug #1004115) CVE-2022-29357 RESERVED CVE-2022-29356 RESERVED CVE-2022-29355 RESERVED CVE-2022-29354 (An arbitrary file upload vulnerability in the file upload module of Ke ...) NOT-FOR-US: keystonejs/keystone CVE-2022-29353 (An arbitrary file upload vulnerability in the file upload module of Gr ...) NOT-FOR-US: jaydenseric/graphql-upload CVE-2022-29352 RESERVED CVE-2022-29351 (An arbitrary file upload vulnerability in the file upload module of Ti ...) NOT-FOR-US: tiddlywiki CVE-2022-29350 RESERVED CVE-2022-29349 (kkFileView v4.0.0 was discovered to contain a cross-site scripting (XS ...) NOT-FOR-US: kkFileview CVE-2022-29348 RESERVED CVE-2022-29347 (An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attacke ...) NOT-FOR-US: Web@rchiv CVE-2022-29346 RESERVED CVE-2022-29345 RESERVED CVE-2022-29344 RESERVED CVE-2022-29343 RESERVED CVE-2022-29342 RESERVED CVE-2022-29341 RESERVED CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 NOTE: https://github.com/gpac/gpac/issues/2163 CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f NOTE: https://github.com/gpac/gpac/issues/2165 CVE-2022-29338 RESERVED CVE-2022-29337 (C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command ...) NOT-FOR-US: CDATA CVE-2022-29336 RESERVED CVE-2022-29335 RESERVED CVE-2022-29334 (An issue in H v1.0 allows attackers to bypass authentication via a ses ...) NOT-FOR-US: SiJiDo/H CVE-2022-29333 (A vulnerability in CyberLink Power Director v14 allows attackers to es ...) NOT-FOR-US: CyberLink PowerDirector CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An atta ...) NOT-FOR-US: D-Link CVE-2022-29331 RESERVED CVE-2022-29330 (Missing access control in the backup system of Telesoft VitalPBX befor ...) NOT-FOR-US: Telesoft CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap ...) NOT-FOR-US: D-Link CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack ...) NOT-FOR-US: D-Link CVE-2022-29327 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29326 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29325 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29324 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29323 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29322 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29321 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) NOT-FOR-US: D-Link CVE-2022-29320 (MiniTool Partition Wizard v12.0 contains an unquoted service path whic ...) NOT-FOR-US: MiniTool Partition Wizard CVE-2022-29319 RESERVED CVE-2022-29318 (An arbitrary file upload vulnerability in the New Entry module of Car ...) NOT-FOR-US: Car Rental Management System CVE-2022-29317 (Simple Bus Ticket Booking System v1.0 was discovered to contain multip ...) NOT-FOR-US: Simple Bus Ticket Booking System CVE-2022-29316 (Complete Online Job Search System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Complete Online Job Search System CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...) NOT-FOR-US: Invicti Acunetix CVE-2022-29314 RESERVED CVE-2022-29313 RESERVED CVE-2022-29312 RESERVED CVE-2022-29311 RESERVED CVE-2022-29310 RESERVED CVE-2022-29309 (mysiteforme v2.2.1 was discovered to contain a Server-Side Request For ...) NOT-FOR-US: mysiteforme CVE-2022-29308 RESERVED CVE-2022-29307 (IonizeCMS v1.0.8.1 was discovered to contain a command injection vulne ...) NOT-FOR-US: Ionize CMS CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Ionize CMS CVE-2022-29305 (imgurl v2.31 was discovered to contain a Blind SQL injection vulnerabi ...) NOT-FOR-US: imgURL CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...) NOT-FOR-US: SolarView Compact CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...) NOT-FOR-US: SolarView Compact CVE-2022-29301 REJECTED CVE-2022-29300 RESERVED CVE-2022-29299 REJECTED CVE-2022-29298 (SolarView Compact ver.6.00 allows attackers to access sensitive files ...) NOT-FOR-US: SolarView Compact CVE-2022-29297 RESERVED CVE-2022-29296 (A reflected cross-site scripting (XSS) vulnerability in the login port ...) NOT-FOR-US: Avantune Genialcloud ProJ CVE-2022-29295 RESERVED CVE-2022-29294 RESERVED CVE-2022-29293 RESERVED CVE-2022-29292 RESERVED CVE-2022-29291 RESERVED CVE-2022-29290 RESERVED CVE-2022-29289 RESERVED CVE-2022-29288 RESERVED CVE-2022-29287 (Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vul ...) NOT-FOR-US: Kentico CMS CVE-2022-29286 (Pexip Infinity 27 before 28.0 allows remote attackers to trigger exces ...) NOT-FOR-US: Pexip Infinity CVE-2022-29285 RESERVED CVE-2022-29284 RESERVED CVE-2022-29283 RESERVED CVE-2022-29282 RESERVED CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of ...) NOT-FOR-US: Notable CVE-2022-29280 REJECTED CVE-2022-29279 (Use of a untrusted pointer allows tampering with SMRAM and OS memory i ...) NOT-FOR-US: Insyde CVE-2022-29278 (Incorrect pointer checks within the NvmExpressDxe driver can allow tam ...) NOT-FOR-US: Insyde CVE-2022-29277 (Incorrect pointer checks within the the FwBlockServiceSmm driver can a ...) NOT-FOR-US: Insyde CVE-2022-29276 (SMI functions in AhciBusDxe use untrusted inputs leading to corruption ...) NOT-FOR-US: Insyde CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering ...) NOT-FOR-US: Insyde CVE-2022-29274 RESERVED CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in th ...) NOT-FOR-US: pfSense CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...) NOT-FOR-US: Nagios XI CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...) NOT-FOR-US: Nagios XI CVE-2022-29270 (In Nagios XI through 5.8.5, it is possible for a user without password ...) NOT-FOR-US: Nagios XI CVE-2022-29269 (In Nagios XI through 5.8.5, in the schedule report function, an authen ...) NOT-FOR-US: Nagios XI CVE-2022-29268 REJECTED CVE-2022-29267 RESERVED CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...) - snipe-it (bug #1005172) CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...) - plantuml (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a NOTE: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 (v1.2022.5) NOTE: Introduced in https://github.com/plantuml/plantuml/commit/3192fa218c2ad0420d03de70f57f8521e1de315d (v1.2020.11) CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...) NOT-FOR-US: Apache APISIX CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1377 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1376 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1375 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1374 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1373 (The \u201crestore configuration\u201d feature of Softing Secure Integr ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-1372 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1371 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1370 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1368 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) NOT-FOR-US: Cognex 3D-A1000 Dimensioning System CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: lquixada/cross-fetch CVE-2022-29265 (Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML ...) NOT-FOR-US: Apache NiFi CVE-2022-1364 (Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 ...) {DSA-5121-1} - chromium 100.0.4896.127-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1363 RESERVED CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...) {DSA-5333-1 DLA-3278-1} - tiff 4.3.0-8 (bug #1011160) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2 CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...) {DSA-5333-1 DLA-3278-1} - tiff 4.3.0-7 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/7057734d986001b7fd6d2afde9667da7754ff2cc (v4.0.9) CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17) CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...) - gitlab 15.10.8+ds1-2 CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...) NOT-FOR-US: pimcore CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...) - coreboot (unimportant) NOTE: https://review.coreboot.org/c/coreboot/+/63478 NOTE: Introduced by: https://github.com/coreboot/coreboot/commit/afb7a814783cda12f5b72167163b9109ee1d15a7 (4.13) NOTE: Fixed by: https://github.com/coreboot/coreboot/commit/d7c371619a287a3a74e23fc3fcff4793a12deba6 (4.17) NOTE: src:coreutils builds only the utilities CVE-2022-28719 (Missing authentication for critical function in AssetView prior to Ver ...) NOT-FOR-US: AssetView CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9.55.0 ...) - ghostscript (unimportant) NOTE: https://vuldb.com/?id.197290 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=705156 NOTE: https://bugs.ghostscript.com/attachment.cgi?id=22323 NOTE: Issue is in GhostPCL sourcewise shipped in src:ghostscript NOTE: Upstream report is as per 2022-04-15 not yet public CVE-2022-1349 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) NOT-FOR-US: WordPress plugin CVE-2022-1348 (A vulnerability was found in logrotate in how the state file is create ...) - logrotate 3.20.1-1 (bug #1011644) [bullseye] - logrotate 3.18.0-2+deb11u1 [buster] - logrotate (Vulnerable code introduced later) [stretch] - logrotate (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/25/3 NOTE: Introduced by: https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25 (3.17.0) NOTE: https://github.com/logrotate/logrotate/pull/446 NOTE: Fixed by: https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9 (3.20.0) NOTE: Fixed by: https://github.com/logrotate/logrotate/commit/addbd293242b0b78aa54f054e6c1d249451f137d (3.20.1) NOTE: Packages are built with --with-state-file-path=/var/lib/logrotate/status NOTE: but /var/lib/logrotate has 0755 permissions, allowing a user to aquire a lock on the file. CVE-2022-1347 (Stored XSS in the "Username" & "Email" input fields leads to account t ...) NOT-FOR-US: organizr CVE-2022-1346 (Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1 ...) NOT-FOR-US: organizr CVE-2022-1345 (Stored XSS viva .svg file upload in GitHub repository causefx/organizr ...) NOT-FOR-US: organizr CVE-2022-29261 RESERVED CVE-2022-29260 RESERVED CVE-2022-29259 RESERVED CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert ...) NOT-FOR-US: XWiki CVE-2022-29257 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...) NOT-FOR-US: lovell/sharp CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2022-29254 (silverstripe-omnipay is a SilverStripe integration with Omnipay PHP pa ...) NOT-FOR-US: Silverstripe CMS CVE-2022-29253 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. S ...) NOT-FOR-US: XWiki CVE-2022-29251 (XWiki Platform Flamingo Theme UI is a tool that allows customization a ...) NOT-FOR-US: XWiki CVE-2022-29250 (GLPI is a Free Asset and IT Management Software package, that provides ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw NOTE: Only supported behind an authenticated HTTP zone CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...) NOT-FOR-US: JavaEZLib/JavaEZ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...) {DSA-5246-1} - guzzle 7.4.4-1 (bug #1011636) - mediawiki 1:1.35.7-1 [buster] - mediawiki (Embedded Guzzle copy not present) NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 NOTE: https://phabricator.wikimedia.org/T308473 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ CVE-2022-29247 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Microsoft CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...) NOT-FOR-US: SSH.NET CVE-2022-29244 (npm pack ignores root-level .gitignore and .npmignore file exclusion d ...) NOT-FOR-US: Node pack CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...) - libengine-gost-openssl1.1 (bug #1012512) [bullseye] - libengine-gost-openssl1.1 (Minor issue) [buster] - libengine-gost-openssl1.1 (Minor issue) - libengine-gost-openssl (Fixed with initial upload to the archive) NOTE: https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5 NOTE: https://github.com/gost-engine/engine/commit/7df766124f87768b43b9e8947c5a01e17545772c (v3.0.1) NOTE: https://github.com/gost-engine/engine/commit/b2b4d629f100eaee9f5942a106b1ccefe85b8808 (v3.0.1) NOTE: https://github.com/gost-engine/engine/commit/c6655a0b620a3e31f085cc906f8073fe81b2fad3 (v3.0.1) CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, APIs, and ...) - jupyter-server 1.17.1-1 (bug #1013271) [bullseye] - jupyter-server (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...) NOT-FOR-US: Scylla CVE-2022-29239 RESERVED CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...) - jupyter-notebook 6.4.12-1 (bug #1013272) [bullseye] - jupyter-notebook (Minor issue) [buster] - jupyter-notebook (Minor issue) NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg CVE-2022-29237 (Opencast is a free and open source solution for automated video captur ...) NOT-FOR-US: Opencast CVE-2022-29236 (BigBlueButton is an open source web conferencing system. Starting in v ...) NOT-FOR-US: BigBlueButton CVE-2022-29235 (BigBlueButton is an open source web conferencing system. Starting in v ...) NOT-FOR-US: BigBlueButton CVE-2022-29234 (BigBlueButton is an open source web conferencing system. Starting in v ...) NOT-FOR-US: BigBlueButton CVE-2022-29233 (BigBlueButton is an open source web conferencing system. In BigBlueBut ...) NOT-FOR-US: BigBlueButton CVE-2022-29232 (BigBlueButton is an open source web conferencing system. Starting with ...) NOT-FOR-US: BigBlueButton CVE-2022-29231 RESERVED CVE-2022-29230 (Hydrogen is a React-based framework for building dynamic, Shopify-powe ...) NOT-FOR-US: Shopify/hydrogen CVE-2022-29229 (CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject ...) NOT-FOR-US: cassproject/CASS CVE-2022-29228 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) - envoyproxy (bug #987544) CVE-2022-29227 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) - envoyproxy (bug #987544) CVE-2022-29226 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) - envoyproxy (bug #987544) CVE-2022-29225 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) - envoyproxy (bug #987544) CVE-2022-29224 (Envoy is a cloud-native high-performance proxy. Versions of envoy prio ...) - envoyproxy (bug #987544) CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Microsoft CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) - snowflake 2.2.0-1 (bug #1011458) NOTE: https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh NOTE: https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412 (v2.1.5) NOTE: https://github.com/pion/dtls/releases/tag/v2.1.5 CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation of pr ...) {DSA-5151-1 DLA-3033-1} - smarty4 4.1.1-1 (bug #1011757) - smarty3 3.1.45-1 (bug #1011758) - smarty NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c NOTE: https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1) NOTE: https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45) CVE-2022-29220 (github-action-merge-dependabot is an action that automatically approve ...) NOT-FOR-US: github-action-merge-dependabot CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...) NOT-FOR-US: chainsafe/lodestar CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...) NOT-FOR-US: rubygems/rubygems.org CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...) - pyjwt 2.4.0-1 (bug #1011747) [bullseye] - pyjwt (Vulnerable code not present) [buster] - pyjwt (Vulnerable code not present) [stretch] - pyjwt (Vulnerable code not present) NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 NOTE: https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc (2.4.0) NOTE: https://github.com/jpadilla/pyjwt/releases/tag/2.4.0 CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...) NOT-FOR-US: PocketMine plugin CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication solution for ...) NOT-FOR-US: NextAuth.js CVE-2022-29213 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29212 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29211 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29210 (TensorFlow is an open source platform for machine learning. In version ...) - tensorflow (bug #804612) CVE-2022-29209 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29208 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29207 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29206 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29205 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29204 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29203 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29202 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29201 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29200 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29199 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29198 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29197 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29196 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29195 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29194 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29193 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29192 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29191 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow (bug #804612) CVE-2022-29190 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) - snowflake 2.2.0-1 (bug #1011457) NOTE: https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c NOTE: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf (v2.1.4) NOTE: https://github.com/pion/dtls/releases/tag/v2.1.4 CVE-2022-29189 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) - snowflake 2.2.0-1 (bug #1011457) NOTE: https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j NOTE: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de (v2.1.4) NOTE: https://github.com/pion/dtls/releases/tag/v2.1.4 CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescreen is ...) NOT-FOR-US: Smokescreen CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...) {DSA-5332-1 DLA-3239-1} - git 1:2.37.2-1 (bug #1014848) NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5) NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression) NOTE: https://github.com/git/git/commit/5f1a3fec8c304decaa9af2bf503712050a4a84e0 (v2.30.5) (regression test) NOTE: https://github.com/git/git/commit/b9063afda17a2aa6310423c9f7b776c41f753091 (v2.30.5) (regression test) NOTE: https://github.com/git/git/commit/6b11e3d52e919cce91011f4f9025e6f4b61375f2 (v2.30.5) (regression) NOTE: Relates to CVE-2022-24765. CVE-2022-29186 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...) NOT-FOR-US: Rust crate totp-rs CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21 ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...) - ruby-nokogiri 1.13.7+dfsg-1 (unimportant) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m NOTE: https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7 (v1.13.6) NOTE: Binary package do not contain the Java extension, as the package is built with NOTE: export DH_RUBY_GEM_INSTALL_EXCLUDE = ext/java/* CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests to manipu ...) NOT-FOR-US: charmbracelet/charm CVE-2022-29179 (Cilium is open source software for providing and securing network conn ...) - cilium (bug #858303) CVE-2022-29178 (Cilium is open source software for providing and securing network conn ...) - cilium (bug #858303) CVE-2022-29177 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) - golang-github-go-ethereum (bug #890541) CVE-2022-29176 (Rubygems is a package registry used to supply software for the Ruby la ...) NOT-FOR-US: rubygems/rubygems.org CVE-2022-29175 REJECTED CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...) NOT-FOR-US: countly-server CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...) - golang-github-endophage-gotuf [stretch] - golang-github-endophage-gotuf (Vulnerable code not present) NOTE: upstream location has changed since the version in stretch. NOTE: https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj CVE-2022-29172 (Auth0 is an authentication broker that supports both social and enterp ...) NOT-FOR-US: Auth0 CVE-2022-29171 (Sourcegraph is a fast and featureful code search and navigation engine ...) NOT-FOR-US: Sourcegraph CVE-2022-29170 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana (Specific to Grafana Enterprise) CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Versions star ...) NOT-FOR-US: BigBlueButton CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...) NOT-FOR-US: wire-webapp CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...) {DLA-3246-1} - node-hawk 9.0.1-1 [bullseye] - node-hawk 8.0.1+dfsg-2+deb11u1 NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq NOTE: https://github.com/mozilla/hawk/pull/286 NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3 CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...) NOT-FOR-US: Matrix-appservice-bridge CVE-2022-29165 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-29164 (Argo Workflows is an open source container-native workflow engine for ...) NOT-FOR-US: Argo Workflows CVE-2022-29163 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-29162 (runc is a CLI tool for spawning and running containers on Linux accord ...) {DLA-3369-1} - runc 1.1.3+ds1-1 [bullseye] - runc 1.0.0~rc93+ds1-5+deb11u2 [stretch] - runc (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1 NOTE: https://github.com/opencontainers/runc/commit/364ec0f1b4fa188ad96049c590ecb42fa70ea165 (v1.1.2) NOTE: https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65 (main) CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-29160 (Nextcloud Android is the Android client for Nextcloud, a self-hosted p ...) NOT-FOR-US: Nextcloud Android app CVE-2022-29159 (Nextcloud Deck is a Kanban-style project & personal management tool fo ...) NOT-FOR-US: Nextcloud Deck CVE-2022-29158 (Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expressio ...) NOT-FOR-US: Apache OFBiz CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub repository ...) NOT-FOR-US: organizr CVE-2022-1343 (The function `OCSP_basic_verify` verifies the signer certificate on an ...) [experimental] - openssl 3.0.3-1 - openssl (Only affects OpenSSL 3.0) NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3) CVE-2022-1342 (A lack of password masking in Devolutions Remote Desktop Manager allow ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...) - bwm-ng 0.6.3-1 (unimportant) NOTE: https://github.com/vgropp/bwm-ng/issues/26 NOTE: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17 NOTE: No security impact CVE-2022-1340 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) NOT-FOR-US: yetiforcecrm CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and earlier allo ...) - mattermost-server (bug #823556) CVE-2022-1336 (The Carousel CK WordPress plugin through 1.1.0 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1335 (The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not validate, s ...) NOT-FOR-US: WordPress plugin CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...) NOT-FOR-US: Mattermost Playbooks plugin CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...) {DLA-3477-1 DLA-3432-1} - python3.10 3.10.6-1 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python3.5 [stretch] - python3.5 (Minor issue) - python2.7 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) [stretch] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue24778 NOTE: https://github.com/python/cpython/issues/68966 NOTE: https://github.com/python/cpython/pull/91993 CVE-2022-29157 RESERVED CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16 ...) - linux 5.16.12-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6) CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...) {DSA-5140-1 DLA-3017-1} - openldap 2.5.12+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815 NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/40f3ae4f5c9a8baf75b237220f62c436a571d66e (OPENLDAP_REL_ENG_2_5_12) NOTE: back-sql backend to slapd is enabled but considered experimental upstream. CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malicious re ...) - rsync 3.2.5-1 (bug #1016543) [bullseye] - rsync (Minor issue; for untrusted remote sending hosts additional protective measures can be taken) [buster] - rsync (Minor issue; for untrusted remote sending hosts additional protective measures can be taken. Not backportable without cmdline interface changes.) NOTE: https://www.openwall.com/lists/oss-security/2022/08/02/1 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=b7231c7d02cfb65d291af74ff66e7d8c507ee871 (v3.2.5pre1) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7e5424b806e8eea053016268ad186276e9083b77 (v3.2.5pre1) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3d7015afa223494e3318495c2f5de9cb49229da9 (v3.2.5pre1) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a (v3.2.5pre1) CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...) - consul 1.9.17+dfsg2-1 (bug #1017982) [bullseye] - consul (Minor issue) [buster] - consul (Intrusive to backport) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 NOTE: https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19 (v1.9.17) CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...) NOT-FOR-US: Ericom CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29147 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29146 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-29144 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29141 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29140 (Windows Print Spooler Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29139 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29138 (Windows Clustered Shared Volume Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29137 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29136 RESERVED CVE-2022-29135 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-29134 (Windows Clustered Shared Volume Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29133 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29132 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29131 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29130 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29129 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29128 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-29127 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29126 (Tablet Windows User Interface Application Core Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-29125 (Windows Push Notifications Apps Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29124 RESERVED CVE-2022-29123 (Windows Clustered Shared Volume Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29122 (Windows Clustered Shared Volume Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29121 (Windows WLAN AutoConfig Service Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29120 (Windows Clustered Shared Volume Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29119 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29118 RESERVED CVE-2022-29117 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-29116 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29115 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29114 (Windows Print Spooler Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29113 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29112 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29111 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29110 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29109 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29108 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29107 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29106 (Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-29105 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29104 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29103 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-29102 (Windows Failover Cluster Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-29101 REJECTED CVE-2022-29100 REJECTED CVE-2022-29099 REJECTED CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...) NOT-FOR-US: Dell CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in De ...) NOT-FOR-US: Dell CVE-2022-29096 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) NOT-FOR-US: Dell CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Del ...) NOT-FOR-US: Dell SupportAssist CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...) NOT-FOR-US: Dell SupportAssist CVE-2022-29093 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...) NOT-FOR-US: Dell SupportAssist CVE-2022-29092 (Dell SupportAssist Client Consumer versions (3.11.0 and versions prior ...) NOT-FOR-US: Dell SupportAssist CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...) NOT-FOR-US: Dell CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...) NOT-FOR-US: Dell CVE-2022-29088 REJECTED CVE-2022-29087 REJECTED CVE-2022-29086 REJECTED CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...) NOT-FOR-US: Dell CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...) NOT-FOR-US: Dell CVE-2022-29083 (Prior Dell BIOS versions contain an Improper Authentication vulnerabil ...) NOT-FOR-US: Dell CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...) NOT-FOR-US: EMC CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...) - mattermost-server (bug #823556) CVE-2022-1331 (In four instances DMARS (All versions prior to v2.1.10.24) does not pr ...) NOT-FOR-US: Delta Electronics CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...) NOT-FOR-US: fullpage.js CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...) {DLA-2999-1} - mutt 2.2.3-1 (bug #1009734) [bullseye] - mutt 2.0.5-4.1+deb11u1 [buster] - mutt 1.10.1-2.1+deb10u6 - neomutt 20220429+dfsg1-1 (bug #1009735) [bullseye] - neomutt (Minor issue) [buster] - neomutt (Minor issue) NOTE: https://gitlab.com/muttmua/mutt/-/issues/404 NOTE: https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 NOTE: https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84 CVE-2022-1327 (The Image Gallery WordPress plugin before 1.1.6 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-1325 (A flaw was found in Clmg, where with the help of a maliciously crafted ...) - cimg 3.1.6+dfsg-1 (bug #1018941) [bullseye] - cimg (Minor issue) [buster] - cimg (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2074549 NOTE: https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 (v3.1.0) NOTE: https://github.com/GreycLab/CImg/issues/343 NOTE: https://github.com/GreycLab/CImg/pull/348 NOTE: https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/ CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...) NOT-FOR-US: WordPress theme CVE-2022-1322 (The Coming Soon - Under Construction WordPress plugin through 1.1.9 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...) NOT-FOR-US: WordPress plugin CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pr ...) NOT-FOR-US: ZOHO ManageEngine CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...) NOT-FOR-US: Node npm-dependency-versions CVE-2022-29079 RESERVED CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js ...) - node-ejs 3.1.7-1 (bug #1010359) [bullseye] - node-ejs 2.5.7-3+deb11u1 [buster] - node-ejs 2.5.7-1+deb10u1 [stretch] - node-ejs (Node not covered by security support) NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/ NOTE: https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf (v3.1.7) CVE-2022-29077 (A heap-based buffer overflow exists in rippled before 1.8.5. The vulne ...) NOT-FOR-US: XRP rippled CVE-2022-29076 RESERVED CVE-2022-29075 RESERVED CVE-2022-29074 RESERVED CVE-2022-29073 RESERVED CVE-2022-29072 (7-Zip through 21.07 on Windows allows privilege escalation and command ...) NOT-FOR-US: 7-Zip on Windows CVE-2022-29071 (This advisory documents an internally found vulnerability in the on pr ...) NOT-FOR-US: Arista CVE-2022-29070 RESERVED CVE-2022-29069 RESERVED CVE-2022-29068 RESERVED CVE-2022-29067 RESERVED CVE-2022-29066 RESERVED CVE-2022-29065 RESERVED CVE-2022-29064 RESERVED CVE-2022-1319 (A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improp ...) - undertow 2.2.17-1 (bug #1016448) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2073890 CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...) NOT-FOR-US: Hills ComNav CVE-2022-1317 RESERVED CVE-2022-1316 (Incorrect Permission Assignment for Critical Resource in GitHub reposi ...) NOT-FOR-US: ZeroTierOne CVE-2022-29063 (The Solr plugin of Apache OFBiz is configured by default to automatica ...) NOT-FOR-US: Apache OFBiz CVE-2022-29062 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...) NOT-FOR-US: FortiGuard CVE-2022-29061 (An improper neutralization of special elements used in an OS command ( ...) NOT-FOR-US: FortiGuard CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...) NOT-FOR-US: Fortinet CVE-2022-29059 RESERVED CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in an OS ...) NOT-FOR-US: FortiGuard CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortinet CVE-2022-29056 (A improper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: Fortinet CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...) NOT-FOR-US: FortiGuard CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325]in the functions ...) NOT-FOR-US: Fortinet CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...) NOT-FOR-US: FortiGuard CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...) NOT-FOR-US: Jenkins plugin CVE-2022-29051 (Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-29050 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...) NOT-FOR-US: Jenkins plugin CVE-2022-29049 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...) NOT-FOR-US: Jenkins plugin CVE-2022-29048 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...) NOT-FOR-US: Jenkins plugin CVE-2022-29047 (Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 ...) NOT-FOR-US: Jenkins plugin CVE-2022-29046 (Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin CVE-2022-29045 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...) NOT-FOR-US: Jenkins plugin CVE-2022-29044 (Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2022-29043 (Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin CVE-2022-29042 (Jenkins Job Generator Plugin 1.22 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin CVE-2022-29041 (Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2022-29040 (Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the na ...) NOT-FOR-US: Jenkins plugin CVE-2022-29039 (Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the n ...) NOT-FOR-US: Jenkins plugin CVE-2022-29038 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-29037 (Jenkins CVS Plugin 2.19 and earlier does not escape the name and descr ...) NOT-FOR-US: Jenkins plugin CVE-2022-29036 (Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 108 ...) NOT-FOR-US: Jenkins plugin CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used for n ...) NOT-FOR-US: JetBrains Ktor CVE-2022-29034 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-29033 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-29032 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-29031 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-29030 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-29029 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-29028 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) NOT-FOR-US: JT2Go / Siemens CVE-2022-1315 RESERVED CVE-2022-1314 (Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1313 (Use after free in tab groups in Google Chrome prior to 100.0.4896.88 a ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1312 (Use after free in storage in Google Chrome prior to 100.0.4896.88 allo ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1311 (Use after free in shell in Google Chrome on ChromeOS prior to 100.0.48 ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1310 (Use after free in regular expressions in Google Chrome prior to 100.0. ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1309 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1308 (Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allo ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1307 (Inappropriate implementation in full screen in Google Chrome on Androi ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1306 (Inappropriate implementation in compositing in Google Chrome prior to ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1305 (Use after free in storage in Google Chrome prior to 100.0.4896.88 allo ...) {DSA-5120-1} - chromium 100.0.4896.88-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) - e2fsprogs 1.46.6~rc1-1 (bug #1010263) [bullseye] - e2fsprogs (Minor issue) [buster] - e2fsprogs (Minor issue) [stretch] - e2fsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76 CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...) NOT-FOR-US: MZ Automation LibIEC61850 CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...) NOT-FOR-US: TRUMPF TruTops CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Ta ...) NOT-FOR-US: WordPress plugin CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac NOTE: https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6 CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 NOTE: https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6 CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...) NOT-FOR-US: fullpage.js CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1293 (The embedded neutralization of Script-Related HTML Tag, was by-passed ...) NOT-FOR-US: Ercom citadel CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...) {DSA-5139-1 DLA-3008-1} - openssl 1.1.1o-1 NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 (openssl-3.0.3) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 (OpenSSL_1_1_1o) CVE-2022-29027 RESERVED CVE-2022-29026 RESERVED CVE-2022-29025 RESERVED CVE-2022-29024 RESERVED CVE-2022-29023 (A buffer overflow vulnerability exists in the razermouse driver of Ope ...) - openrazer 3.3.0+dfsg-1 (unimportant) NOTE: https://github.com/openrazer/openrazer/pull/1790 NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) NOTE: Negligible security impact CVE-2022-29022 (A buffer overflow vulnerability exists in the razeraccessory driver of ...) - openrazer 3.3.0+dfsg-1 (unimportant) NOTE: https://github.com/openrazer/openrazer/pull/1790 NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) NOTE: Negligible security impact CVE-2022-29021 (A buffer overflow vulnerability exists in the razerkbd driver of OpenR ...) - openrazer 3.3.0+dfsg-1 (unimportant) NOTE: https://github.com/openrazer/openrazer/pull/1790 NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) NOTE: Negligible security impact CVE-2022-29020 (ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS ...) NOT-FOR-US: ForestBlog CVE-2022-29019 RESERVED CVE-2022-29018 RESERVED CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the ...) NOT-FOR-US: Bento4 CVE-2022-29016 RESERVED CVE-2022-29015 RESERVED CVE-2022-29014 (A local file inclusion vulnerability in Razer Sila Gaming Router v2.0. ...) NOT-FOR-US: Razer Sila Gaming Router CVE-2022-29013 (A command injection in the command parameter of Razer Sila Gaming Rout ...) NOT-FOR-US: Razer Sila Gaming Router CVE-2022-29012 RESERVED CVE-2022-29011 RESERVED CVE-2022-29010 RESERVED CVE-2022-29009 (Multiple SQL injection vulnerabilities via the username and password p ...) NOT-FOR-US: Cyber Cafe Management System Project CVE-2022-29008 (An insecure direct object reference (IDOR) vulnerability in the viewid ...) NOT-FOR-US: Bus Pass Management System CVE-2022-29007 (Multiple SQL injection vulnerabilities via the username and password p ...) NOT-FOR-US: Dairy Farm Shop Management System CVE-2022-29006 (Multiple SQL injection vulnerabilities via the username and password p ...) NOT-FOR-US: Directory Management System CVE-2022-29005 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...) NOT-FOR-US: Online Birth Certificate System CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-site sc ...) NOT-FOR-US: Diary Management System CVE-2022-29003 RESERVED CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers ...) NOT-FOR-US: xxl-job CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not fi ...) NOT-FOR-US: SpringBootMovie CVE-2022-29000 RESERVED CVE-2022-28999 (Insecure permissions in the install directories and binaries of Dev-CP ...) NOT-FOR-US: Bloodshed Dev-C++ CVE-2022-28998 (Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer ove ...) NOT-FOR-US: Xlight FTP CVE-2022-28997 (CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forger ...) NOT-FOR-US: CSZCMS CVE-2022-28996 RESERVED CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: reNgine CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...) NOT-FOR-US: Small HTTP Server CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...) NOT-FOR-US: Multi Store Inventory Management System CVE-2022-28992 (A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v ...) NOT-FOR-US: Online Banquet Booking System CVE-2022-28991 (Multi Store Inventory Management System v1.0 was discovered to contain ...) NOT-FOR-US: Multi Store Inventory Management System CVE-2022-28990 (WASM3 v0.5.0 was discovered to contain a heap overflow via the compone ...) NOT-FOR-US: wasm3 CVE-2022-28989 RESERVED CVE-2022-28988 RESERVED CVE-2022-28987 (Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to p ...) NOT-FOR-US: ZOHO ManageEngine CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: ...) NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the addNewPost co ...) - orangehrm (bug #786622) NOTE: https://github.com/orangehrm/orangehrm/issues/1217 CVE-2022-28984 RESERVED CVE-2022-28983 RESERVED CVE-2022-28982 (A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 th ...) NOT-FOR-US: Liferay CVE-2022-28981 (Path traversal vulnerability in the Hypermedia REST APIs module in Lif ...) NOT-FOR-US: Liferay CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...) NOT-FOR-US: Liferay CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pa ...) NOT-FOR-US: Liferay CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site module's u ...) NOT-FOR-US: Liferay CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Lif ...) NOT-FOR-US: Liferay CVE-2022-28976 RESERVED CVE-2022-28975 (A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8. ...) NOT-FOR-US: Infoblox NIOS CVE-2022-28974 RESERVED CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-28972 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-28971 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-28970 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via th ...) NOT-FOR-US: Tenda CVE-2022-28969 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-28968 RESERVED CVE-2022-28967 RESERVED CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code ...) NOT-FOR-US: wasm3 CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components instup.exe a ...) NOT-FOR-US: avast AV CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium Security before ...) NOT-FOR-US: avast AV CVE-2022-28963 RESERVED CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Sourcecodester Online Sports Complex Booking System CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain multipl ...) {DSA-4798-1} - spip 3.2.8-1 NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf CVE-2022-28960 (A PHP injection vulnerability in Spip before v3.2.8 allows attackers t ...) {DSA-4798-1} - spip 3.2.8-1 NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...) {DSA-4798-1} - spip 3.2.8-1 NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html NOTE: https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ NOTE: https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 (v4.0.0) NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf CVE-2022-28958 REJECTED CVE-2022-28957 RESERVED CVE-2022-28956 (An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows ...) NOT-FOR-US: D-Link CVE-2022-28955 (An access control issue in D-Link DIR816L_FW206b01 allows unauthentica ...) NOT-FOR-US: D-Link CVE-2022-28954 RESERVED CVE-2022-28953 RESERVED CVE-2022-28952 RESERVED CVE-2022-28951 RESERVED CVE-2022-28950 RESERVED CVE-2022-28949 RESERVED CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...) - golang-gopkg-yaml.v3 3.0.1-1 (bug #1011338) [bullseye] - golang-gopkg-yaml.v3 (Minor issue) NOTE: https://github.com/go-yaml/yaml/issues/666 NOTE: https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754 (v3.0.0) CVE-2022-28947 RESERVED CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...) NOT-FOR-US: Open Policy Agent CVE-2022-28945 (An issue in Webbank WeCube v3.2.2 allows attackers to execute a direct ...) NOT-FOR-US: Webbank WeCube CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: Download of C ...) NOT-FOR-US: EMCO CVE-2022-28943 RESERVED CVE-2022-28942 RESERVED CVE-2022-28941 RESERVED CVE-2022-28940 (In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be acc ...) NOT-FOR-US: H3C MagicR100 CVE-2022-28939 RESERVED CVE-2022-28938 RESERVED CVE-2022-28937 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) NOT-FOR-US: FISCO-BCOS CVE-2022-28936 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) NOT-FOR-US: FISCO-BCOS CVE-2022-28935 (Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20 ...) NOT-FOR-US: Totolink CVE-2022-28934 RESERVED CVE-2022-28933 RESERVED CVE-2022-28932 (D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecu ...) NOT-FOR-US: D-Link CVE-2022-28931 RESERVED CVE-2022-28930 (ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: ERP-Pro CVE-2022-28929 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: kabirkhyrul/HMS CVE-2022-28928 RESERVED CVE-2022-28927 (A remote code execution (RCE) vulnerability in Subconverter v0.7.2 all ...) NOT-FOR-US: tindy2013/subconverter CVE-2022-28926 RESERVED CVE-2022-28925 RESERVED CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...) NOT-FOR-US: UniverSIS CVE-2022-28923 (Caddy v2.4.6 was discovered to contain an open redirection vulnerabili ...) - caddy 2.5.2-1 NOTE: https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/ NOTE: https://github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbd (v2.5.0-beta.1) CVE-2022-28922 RESERVED CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...) NOT-FOR-US: BlogEngine.NET CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...) NOT-FOR-US: Baidu Tieba CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...) - dokuwiki 0.0.20220731.a-1 (bug #1011056) [bullseye] - dokuwiki (Minor issue) [buster] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/3651 NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) NOT-FOR-US: GreenCMS CVE-2022-28917 (Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-28916 RESERVED CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...) NOT-FOR-US: D-Link CVE-2022-28914 RESERVED CVE-2022-28913 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28912 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28911 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28910 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28909 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28908 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28907 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28906 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28905 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-28904 RESERVED CVE-2022-28903 RESERVED CVE-2022-28902 RESERVED CVE-2022-28901 (A command injection vulnerability in the component /SetTriggerLEDBlink ...) NOT-FOR-US: D-Link CVE-2022-28900 RESERVED CVE-2022-28899 RESERVED CVE-2022-28898 RESERVED CVE-2022-28897 RESERVED CVE-2022-28896 (A command injection vulnerability in the component /setnetworksettings ...) NOT-FOR-US: D-Link CVE-2022-28895 (A command injection vulnerability in the component /setnetworksettings ...) NOT-FOR-US: D-Link CVE-2022-28894 RESERVED CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xp ...) {DSA-5161-1} - linux 5.17.3-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f00432063db1a0db484e85193eccc6845435b80e (5.18-rc2) CVE-2022-28892 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to ...) - mahara CVE-2022-28891 RESERVED CVE-2022-27629 (Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Pa ...) NOT-FOR-US: MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership CVE-2022-1291 (XSS vulnerability with default `onCellHtmlData` function in GitHub rep ...) NOT-FOR-US: Trudesk CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polo ...) NOT-FOR-US: Trudesk CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...) - furnace (bug #1008592) CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...) - apache-jena 4.5.0-1 (bug #1014982) NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1 CVE-2021-4226 (RSFirewall tries to identify the original IP address by looking at dif ...) NOT-FOR-US: RSFirewall CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...) - druid (bug #825797) CVE-2022-1288 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: School Club Application System CVE-2022-1287 (A vulnerability classified as critical was found in School Club Applic ...) NOT-FOR-US: School Club Application System CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repositor ...) - mruby 3.0.0-4 [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9 NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/ CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution.) NOT-FOR-US: Spryker Commerce OS CVE-2022-28887 (Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Sec ...) NOT-FOR-US: F-Secure CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) NOT-FOR-US: F-Secure CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...) NOT-FOR-US: WithSecure CVE-2022-28884 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) NOT-FOR-US: WithSecure CVE-2022-28883 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & W ...) NOT-FOR-US: F-Secure & WithSecure products CVE-2022-28882 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & W ...) NOT-FOR-US: F-Secure & WithSecure products CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...) NOT-FOR-US: F-Secure CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...) NOT-FOR-US: F-Secure CVE-2022-28877 (This vulnerability allows local user to delete arbitrary file in the s ...) NOT-FOR-US: F-Secure CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...) NOT-FOR-US: F-Secure CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was discovered. An att ...) NOT-FOR-US: F-Secure CVE-2022-28872 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) NOT-FOR-US: F-Secure CVE-2022-28871 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) NOT-FOR-US: F-Secure CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) NOT-FOR-US: F-Secure CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Browser f ...) NOT-FOR-US: F-Secure CVE-2022-28867 (An issue was discovered in Nokia NetAct 22 through the Administration ...) NOT-FOR-US: Nokia CVE-2022-28866 (Multiple Improper Access Control was discovered in Nokia AirFrame BMC ...) NOT-FOR-US: Nokia AirFrame BMC Web GUI CVE-2022-28865 (An issue was discovered in Nokia NetAct 22 through the Site Configurat ...) NOT-FOR-US: Nokia CVE-2022-28864 (An issue was discovered in Nokia NetAct 22 through the Administration ...) NOT-FOR-US: Nokia CVE-2022-28863 (An issue was discovered in Nokia NetAct 22. A remote user, authenticat ...) NOT-FOR-US: Nokia CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2022-28861 (The server in Citilog 8.0 allows an attacker (in a man in the middle p ...) NOT-FOR-US: Citilog CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows an att ...) NOT-FOR-US: Citilog CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...) NOT-FOR-US: Go Git Service CVE-2022-28857 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28856 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28855 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28854 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...) NOT-FOR-US: Adobe CVE-2022-28848 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28847 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28846 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28845 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28844 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28843 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28842 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...) NOT-FOR-US: Adobe CVE-2022-28841 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28840 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28839 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) NOT-FOR-US: Adobe CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033 ...) NOT-FOR-US: Adobe CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...) NOT-FOR-US: Adobe CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) NOT-FOR-US: Adobe CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) NOT-FOR-US: Adobe CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28828 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28827 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28826 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28825 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28824 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28823 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28822 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28821 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) NOT-FOR-US: Adobe CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross ...) NOT-FOR-US: Adobe CVE-2022-28819 (Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and ea ...) NOT-FOR-US: Adobe CVE-2022-28818 (ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected ...) NOT-FOR-US: Adobe CVE-2022-28817 REJECTED CVE-2022-28816 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28815 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28814 (Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in V ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28813 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28812 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28811 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-28809 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2022-28808 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2022-28807 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9 ...) NOT-FOR-US: Fujitsu CVE-2022-28805 (singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) ...) - lua5.4 5.4.4-2 (bug #1010265) [bullseye] - lua5.4 (Minor issue) - lua5.3 (Specific to 5.4, see #1010265) - lua5.2 (Specific to 5.4, see #1010265) - lua5.1 (Specific to 5.4, see #1010265) - lua50 (Specific to 5.4, see #1010265) NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00001.html NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html CVE-2022-28804 RESERVED CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can occur in ...) NOT-FOR-US: Silverstripe CMS CVE-2022-28802 (Code by Zapier before 2022-08-17 allowed intra-account privilege escal ...) NOT-FOR-US: Zapier CVE-2022-28801 RESERVED CVE-2022-28800 RESERVED CVE-2022-28799 (The TikTok application before 23.7.3 for Android allows account takeov ...) NOT-FOR-US: TikTok Android app CVE-2022-28798 RESERVED CVE-2022-28797 RESERVED CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extensions p ...) NOT-FOR-US: Avira Password Manager Browser Extensions CVE-2022-28794 (Sensitive information exposure in low-battery dumpstate log prior to S ...) NOT-FOR-US: Samsung CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper ...) NOT-FOR-US: Samsung CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version ...) NOT-FOR-US: Gear IconX PC Manager CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in Galaxy Stor ...) NOT-FOR-US: Samsung CVE-2022-28790 (Improper authentication in Link to Windows Service prior to version 2. ...) NOT-FOR-US: Samsung CVE-2022-28789 (Unprotected activities in Voice Note prior to version 21.3.51.11 allow ...) NOT-FOR-US: Samsung / Voice Note CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Re ...) NOT-FOR-US: Samsung / Galaxy Themes CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes prior to ...) NOT-FOR-US: Samsung / Galaxy Themes CVE-2022-28782 (Improper access control vulnerability in Contents To Window prior to S ...) NOT-FOR-US: Samsung CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022 Release 1 ...) NOT-FOR-US: Samsung / Settings CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR May-2022 ...) NOT-FOR-US: Samsung / Weather CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung Android USB ...) NOT-FOR-US: Samsung CVE-2022-28778 (Improper access control vulnerability in Samsung Security Supporter pr ...) NOT-FOR-US: Samsung CVE-2022-28777 (Improper access control vulnerability in Samsung Members prior to vers ...) NOT-FOR-US: Samsung CVE-2022-28776 (Improper access control vulnerability in Galaxy Store prior to version ...) NOT-FOR-US: Samsung CVE-2022-28775 (Improper access control vulnerability in Samsung Flow prior to version ...) NOT-FOR-US: Samsung CVE-2022-28774 (Under certain conditions, the SAP Host Agent logfile shows information ...) NOT-FOR-US: SAP CVE-2022-28773 (Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Interne ...) NOT-FOR-US: SAP CVE-2022-28772 (By overlong input values an attacker may force overwrite of the intern ...) NOT-FOR-US: SAP CVE-2022-28771 (Due to missing authentication check, SAP Business one License service ...) NOT-FOR-US: SAP CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - versions 7 ...) NOT-FOR-US: SAP CVE-2022-28769 RESERVED CVE-2022-28768 (The Zoom Client for Meetings Installer for macOS (Standard and for IT ...) NOT-FOR-US: Zoom CVE-2022-28767 RESERVED CVE-2022-28766 (Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 ...) NOT-FOR-US: Zoom CVE-2022-28765 RESERVED CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...) NOT-FOR-US: Zoom CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 ...) NOT-FOR-US: Zoom CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) NOT-FOR-US: Zoom CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) NOT-FOR-US: Zoom CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) NOT-FOR-US: Zoom CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) NOT-FOR-US: Zoom CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) NOT-FOR-US: Zoom CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...) NOT-FOR-US: Zoom CVE-2022-28753 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...) NOT-FOR-US: Zoom CVE-2022-28752 (Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are ...) NOT-FOR-US: Zoom CVE-2022-28751 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) bef ...) NOT-FOR-US: Zoom CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before version ...) NOT-FOR-US: Zoom CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...) NOT-FOR-US: Zoom CVE-2022-28748 REJECTED CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2 ...) NOT-FOR-US: GoSecure Titan Inbox Detection & Response (IDR) CVE-2022-28746 RESERVED CVE-2022-28745 RESERVED CVE-2022-28744 RESERVED CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...) NOT-FOR-US: Foscam R2C IP camera CVE-2022-28742 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ h ...) NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator System ...) NOT-FOR-US: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...) NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...) {DLA-3450-1} - ruby3.0 3.0.4-1 (bug #1009956) - ruby2.7 (bug #1009957) [bullseye] - ruby2.7 (Minor issue, fix with next Ruby security release) - ruby2.5 - ruby2.3 [stretch] - ruby2.3 (Minor issue; fix in next LTS release) NOTE: https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10) NOTE: https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6) NOTE: https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58 (v3_0_4) NOTE: https://github.com/ruby/ruby/commit/8d142ecff9af7d60728b8cfa9138e8623985c428 (v3_1_2) NOTE: https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ CVE-2022-28738 (A double free was found in the Regexp compiler in Ruby 3.x before 3.0. ...) - ruby3.0 3.0.4-1 (bug #1009958) - ruby2.7 (Vulnerable code not present) - ruby2.5 (Vulnerable code not present) - ruby2.3 (Vulnerable code not present) NOTE: https://github.com/ruby/ruby/commit/052ec6d2585c3ace95671013d336f5543624ef3d (v3_0_4) NOTE: https://github.com/ruby/ruby/commit/73f45e5e96ccc13a131f7c0122cf8600ce5b930f (v3_1_2) NOTE: https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/ CVE-2022-28737 (There's a possible overflow in handle_image() when shim tries to load ...) - shim 15.6-1 [bullseye] - shim 15.6-1~deb11u1 [buster] - shim (Fix via point update) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 NOTE: https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 (15.6) NOTE: https://github.com/rhboot/shim/commit/159151b6649008793d6204a34d7b9c41221fb4b0 (15.6) CVE-2022-28736 (There's a use-after-free vulnerability in grub_cmd_chainloader() funct ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28735 (The GRUB2's shim_lock verifier allows non-kernel files to be loaded on ...) - grub2 2.06-3 (bug #1001057) [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28734 (Out-of-bounds write when handling split HTTP headers; When handling sp ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28733 (Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2022-28732 (A carefully crafted request on WeblogPlugin could trigger an XSS vulne ...) - jspwiki CVE-2022-28731 (A carefully crafted request on UserPreferences.jsp could trigger an CS ...) - jspwiki CVE-2022-28730 (A carefully crafted request on AJAXPreview.jsp could trigger an XSS vu ...) - jspwiki CVE-2022-28729 RESERVED CVE-2022-28728 RESERVED CVE-2022-28727 RESERVED CVE-2022-28726 RESERVED CVE-2022-28725 RESERVED CVE-2022-28724 RESERVED CVE-2022-28723 RESERVED CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...) NOT-FOR-US: HP CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...) NOT-FOR-US: HP CVE-2022-28720 RESERVED CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...) NOT-FOR-US: ArduPilot APWeb CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) NOT-FOR-US: Intel CVE-2022-28698 RESERVED CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for Python befor ...) NOT-FOR-US: Intel CVE-2022-28694 RESERVED CVE-2022-28688 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: AVEVA CVE-2022-28687 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: AVEVA CVE-2022-28686 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: AVEVA CVE-2022-28685 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: AVEVA CVE-2022-28684 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: DevExpress CVE-2022-28683 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28682 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28681 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-28680 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28679 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28678 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28677 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28676 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28675 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28674 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28673 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28672 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28671 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28670 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-28669 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-28667 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software be ...) NOT-FOR-US: Intel CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape functio ...) NOT-FOR-US: FreshTomato CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...) NOT-FOR-US: FreshTomato CVE-2022-28611 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...) NOT-FOR-US: Intel CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...) NOT-FOR-US: Intel CVE-2022-27879 (Improper buffer restrictions in the BIOS firmware for some Intel(R) Pr ...) NOT-FOR-US: Intel CVE-2022-27876 RESERVED CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem software b ...) NOT-FOR-US: Intel CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before ...) NOT-FOR-US: Intel CVE-2022-27638 (Uncontrolled search path element in the Intel(R) Advanced Link Analyze ...) NOT-FOR-US: Intel CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...) NOT-FOR-US: DD-WRT CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...) NOT-FOR-US: Intel CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by Intel(R ...) NOT-FOR-US: Intel CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...) NOT-FOR-US: Intel CVE-2022-27173 RESERVED CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...) NOT-FOR-US: Intel CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK software ...) NOT-FOR-US: Intel CVE-2022-26837 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...) NOT-FOR-US: Open Automation Software CVE-2022-26515 RESERVED CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...) NOT-FOR-US: Intel CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may allow a ...) NOT-FOR-US: Intel CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0 ...) NOT-FOR-US: Intel CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...) NOT-FOR-US: Asuswrt CVE-2022-26369 (Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before ...) NOT-FOR-US: Intel CVE-2022-26367 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...) NOT-FOR-US: Intel CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R) AMT SDK b ...) NOT-FOR-US: Intel CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software ...) NOT-FOR-US: Intel CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless WiFi, Inte ...) NOT-FOR-US: Intel CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...) NOT-FOR-US: Intel CVE-2022-25868 RESERVED CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 NOTE: https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6 CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...) NOT-FOR-US: WordPress plugin CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not properly esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...) - linux 5.15.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3 CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in ...) NOT-FOR-US: ebics-java CVE-2022-1278 (A flaw was found in WildFly, where an attacker can see deployment name ...) - wildfly (bug #752018) CVE-2022-1277 (Inavitas Solar Log product has an unauthenticated SQL Injection vulner ...) NOT-FOR-US: Inavitas Solar Log CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby pr ...) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25 NOTE: https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6 CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize or esca ...) NOT-FOR-US: WordPress plugin CVE-2022-1274 (A flaw was found in Keycloak in the execute-actions-email endpoint. Th ...) NOT-FOR-US: Keycloak CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...) NOT-FOR-US: WordPress plugin CVE-2022-1272 RESERVED CVE-2022-1270 (In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.) {DSA-5288-1 DLA-3200-1} - graphicsmagick 1.4+really1.3.38-1 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/664/ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/94f4bcf448ad CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.12 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5. ...) NOT-FOR-US: WordPress plugin CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-1264 (The affected product may allow an attacker with access to the Ignition ...) NOT-FOR-US: Ignition CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...) NOT-FOR-US: D-Link Routers CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...) NOT-FOR-US: MatrikonOPC CVE-2022-1260 REJECTED CVE-2022-1259 (A flaw was found in Undertow. A potential security issue in flow contr ...) - undertow (Incomplete fix not released to any suite) CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...) NOT-FOR-US: McAfee CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for Linu ...) NOT-FOR-US: McAfee CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...) NOT-FOR-US: McAfee CVE-2022-1255 (The Import and export users and customers WordPress plugin before 1.19 ...) NOT-FOR-US: WordPress plugin CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...) NOT-FOR-US: Skyhigh SWG CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...) {DSA-5346-1} - libde265 1.0.8-1.1 (bug #1014977) [buster] - libde265 (Vulnerable code introduced later) [stretch] - libde265 (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/ NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8 CVE-2022-1252 (Use of a Broken or Risky Cryptographic Algorithm in GitHub repository ...) NOT-FOR-US: gnuboard5 CVE-2022-1251 (The Ask me WordPress theme before 6.8.4 does not perform nonce checks ...) NOT-FOR-US: WordPress theme CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...) NOT-FOR-US: SAP CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition in rose_ ...) - linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799 NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch CVE-2022-1246 REJECTED CVE-2022-1245 (A privilege escalation flaw was found in the token exchange feature of ...) NOT-FOR-US: Keycloak CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...) NOT-FOR-US: URI.js CVE-2022-1242 RESERVED CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...) NOT-FOR-US: WordPress theme CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...) - linux (Vulnerable code not present) NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1) CVE-2022-28663 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-1271 (An arbitrary file write vulnerability was found in GNU gzip's zgrep ut ...) {DSA-5123-1 DSA-5122-1 DLA-2977-1 DLA-2976-1} - xz-utils 5.2.5-2.1 (bug #1009167) - gzip 1.12-1 (bug #1009168) NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch NOTE: https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 NOTE: https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c (v1.12) NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=d74a30d45c6834c8e9f87115197370fe86656d81 (v1.12) NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=c99f320d5c0fd98fe88d9cea5407eb7ad9d50e8a (v1.12) NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=6543c09c6ecfb1630085d440b76511953bc5a2cb (v1.12) NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=0e2d07fc2c4393cfb9dbab580d0bee4525b9c9b3 (v1.12) NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=5e1fc8b92c1af9382365aef0f9130341ee1d2c76 (v1.12) NOTE: Improves further the fix: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9 (v1.12) NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-619/ CVE-2022-1263 (A NULL pointer dereference issue was found in KVM when releasing a vCP ...) - linux 5.17.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1 NOTE: https://www.spinics.net/lists/kvm/msg273052.html CVE-2022-1249 (A NULL pointer dereference flaw was found in pesign's cms_set_pw_data( ...) - pesign (Vulnerable code introduced later) NOTE: https://github.com/rhboot/pesign/pull/79 NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114) NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115) CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...) NOT-FOR-US: WordPress plugin CVE-2022-1238 (Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository ra ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 NOTE: https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778 CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40 NOTE: https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6 CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to ...) NOT-FOR-US: GROWI CVE-2022-28660 (The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x b ...) NOT-FOR-US: Grafana Enterprise Logs CVE-2022-28659 RESERVED CVE-2022-28658 RESERVED CVE-2022-28657 RESERVED CVE-2022-28656 RESERVED CVE-2022-28655 RESERVED CVE-2022-28654 RESERVED CVE-2022-28653 RESERVED CVE-2022-28652 RESERVED CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...) NOT-FOR-US: livehelperchat CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...) NOT-FOR-US: livehelperchat CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...) NOT-FOR-US: URI.js CVE-2022-1232 (Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a ...) {DSA-5114-1} - chromium 100.0.4896.75-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get pass ...) - intellij-idea (bug #747616) CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to inject Ja ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to include a ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-28647 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28646 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28645 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2022-28644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28642 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28641 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28640 (A potential local adjacent arbitrary code execution vulnerability that ...) NOT-FOR-US: HPE CVE-2022-28639 (A remote potential adjacent denial of service (DoS) and potential adja ...) NOT-FOR-US: HPE CVE-2022-28638 (An isolated local disclosure of information and potential isolated loc ...) NOT-FOR-US: HPE CVE-2022-28637 (A local Denial of Service (DoS) and local arbitrary code execution vul ...) NOT-FOR-US: HPE CVE-2022-28636 (A potential local arbitrary code execution and a local denial of servi ...) NOT-FOR-US: HPE CVE-2022-28635 (A potential local arbitrary code execution and a local denial of servi ...) NOT-FOR-US: HPE CVE-2022-28634 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28633 (A local disclosure of sensitive information and a local unauthorized d ...) NOT-FOR-US: HPE CVE-2022-28632 (A potential arbitrary code execution and a denial of service (DoS) vul ...) NOT-FOR-US: HPE CVE-2022-28631 (A potential arbitrary code execution and a denial of service (DoS) vul ...) NOT-FOR-US: HPE CVE-2022-28630 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28629 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28628 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28627 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE CVE-2022-28625 (A local disclosure of sensitive information vulnerability was discover ...) NOT-FOR-US: HPE CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...) NOT-FOR-US: HPE CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...) NOT-FOR-US: HPE CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...) NOT-FOR-US: HPE CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: HPE CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...) NOT-FOR-US: HPE CVE-2022-28619 (A potential security vulnerability has been identified in the installe ...) NOT-FOR-US: HPE CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...) NOT-FOR-US: HPE CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...) NOT-FOR-US: HPE OneView CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...) NOT-FOR-US: HPE OneView CVE-2022-28615 (Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615 NOTE: https://github.com/apache/httpd/commit/6503d09ab51047554c384a6d03646ce1a8848120 CVE-2022-28614 (The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614 NOTE: https://github.com/apache/httpd/commit/8c14927162cf3b4f810683e1c5505e9ef9e1f123 CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...) NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware CVE-2022-28610 RESERVED CVE-2022-26838 (Path traversal vulnerability in Importing Mobile Device Data of Cybozu ...) NOT-FOR-US: Cybozu CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...) - plantuml (bug #1039989) [bookworm] - plantuml (Minor issue) [bullseye] - plantuml (Minor issue) [buster] - plantuml (Minor issue) NOTE: https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/ NOTE: https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903 (v1.2022.4) CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary code on ...) NOT-FOR-US: Samsung CVE-2022-1229 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows an a ...) - libpod 3.4.7+ds1-1 [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2 - golang-github-containers-psgo 1.7.1+ds1-1 (bug #1020907) [bullseye] - golang-github-containers-psgo 1.5.2-1+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368 NOTE: https://github.com/containers/psgo/pull/92 NOTE: https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2) CVE-2022-1226 RESERVED CVE-2022-1225 (Incorrect Privilege Assignment in GitHub repository phpipam/phpipam pr ...) - phpipam (bug #731713) CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior to 1 ...) - phpipam (bug #731713) CVE-2022-1223 (Incorrect Authorization in GitHub repository phpipam/phpipam prior to ...) - phpipam (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) NOT-FOR-US: pimcore CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does ...) NOT-FOR-US: WordPress plugin CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1215 (A format string vulnerability was found in libinput) - libinput 1.20.1-1 [bullseye] - libinput (Minor issue) [buster] - libinput (Minor issue) [stretch] - libinput (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/04/20/2 NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28 NOTE: https://lists.x.org/archives/xorg-announce/2022-April/003159.html NOTE: Introduced by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/d4b76be18b9bcbdb497de1040855d80972c3bbb2 (1.9.902 / 1.10 release) CVE-2021-46783 RESERVED CVE-2022-28609 RESERVED CVE-2022-28608 RESERVED CVE-2022-28607 (An issue was discovered in asith-eranga ISIC tour booking through vers ...) NOT-FOR-US: asith-eranga ISIC tour booking CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...) NOT-FOR-US: BossCMS CVE-2022-28605 (Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows rem ...) NOT-FOR-US: LinkPlay Sound Bar CVE-2022-28604 RESERVED CVE-2022-28603 RESERVED CVE-2022-28602 RESERVED CVE-2022-28601 (A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA ...) NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle CVE-2022-28600 RESERVED CVE-2022-28599 (A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1 ...) NOT-FOR-US: FUEL-CMS CVE-2022-28598 (Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does no ...) NOT-FOR-US: Frappe ERPNext CVE-2022-28597 RESERVED CVE-2022-28596 RESERVED CVE-2022-28595 RESERVED CVE-2022-28594 RESERVED CVE-2022-28593 RESERVED CVE-2022-28592 RESERVED CVE-2022-28591 RESERVED CVE-2022-28590 (A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 v ...) NOT-FOR-US: Pixelimity CVE-2022-28589 (A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 al ...) NOT-FOR-US: Pixelimity CVE-2022-28588 (In SpringBootMovie <=1.2 when adding movie names, malicious code can b ...) NOT-FOR-US: SpringBootMovie CVE-2022-28587 RESERVED CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript ...) NOT-FOR-US: Hoosk CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php) NOT-FOR-US: EmpireCMS CVE-2022-28584 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28583 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28582 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28581 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28580 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28579 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28578 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28577 (It is found that there is a command injection vulnerability in the del ...) NOT-FOR-US: TOTOLINK CVE-2022-28576 RESERVED CVE-2022-28575 (It is found that there is a command injection vulnerability in the set ...) NOT-FOR-US: TOTOLINK CVE-2022-28574 RESERVED CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...) NOT-FOR-US: D-Link CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...) NOT-FOR-US: Tenda CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a command injec ...) NOT-FOR-US: D-Link CVE-2022-28570 RESERVED CVE-2022-28569 RESERVED CVE-2022-28568 (Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File U ...) NOT-FOR-US: Sourcecodester Doctor's Appointment System CVE-2022-28567 RESERVED CVE-2022-28566 RESERVED CVE-2022-28565 RESERVED CVE-2022-28564 RESERVED CVE-2022-28563 RESERVED CVE-2022-28562 RESERVED CVE-2022-28561 (There is a stack overflow vulnerability in the /goform/setMacFilterCfg ...) NOT-FOR-US: Tenda CVE-2022-28560 (There is a stack overflow vulnerability in the goform/fast_setting_wif ...) NOT-FOR-US: Tenda CVE-2022-28559 RESERVED CVE-2022-28558 RESERVED CVE-2022-28557 (There is a command injection vulnerability at the /goform/setsambacfg ...) NOT-FOR-US: Tenda CVE-2022-28556 (Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to ...) NOT-FOR-US: Tenda CVE-2022-28555 RESERVED CVE-2022-28554 RESERVED CVE-2022-28553 RESERVED CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the background, ope ...) NOT-FOR-US: Cscms CVE-2022-28551 RESERVED CVE-2022-28550 (Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via ...) - jhead 1:3.08-1 [bookworm] - jhead (Minor issue) [bullseye] - jhead (Minor issue) [buster] - jhead (Minor issue) NOTE: https://github.com/Matthias-Wandel/jhead/issues/51 NOTE: https://github.com/Matthias-Wandel/jhead/commit/9688daa7de7eb7bdc6b2223c33eb9ccc2f668b88 (3.08) CVE-2022-28549 RESERVED CVE-2022-28548 RESERVED CVE-2022-28547 RESERVED CVE-2022-28546 RESERVED CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS.) NOT-FOR-US: FUDforum CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...) NOT-FOR-US: Samsung CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...) NOT-FOR-US: Samsung CVE-2022-28542 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) NOT-FOR-US: Samsung CVE-2022-28541 (Uncontrolled search path element vulnerability in Samsung Update prior ...) NOT-FOR-US: Samsung CVE-2022-28540 RESERVED CVE-2022-28539 RESERVED CVE-2022-28538 RESERVED CVE-2022-28537 RESERVED CVE-2022-28536 RESERVED CVE-2022-28535 RESERVED CVE-2022-28534 RESERVED CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Inj ...) NOT-FOR-US: Sourcecodester Medical Hub Directory Site CVE-2022-28532 RESERVED CVE-2022-28531 (Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerab ...) NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...) NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System CVE-2022-28529 RESERVED CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: bloofoxCMS CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...) NOT-FOR-US: dhcms CVE-2022-28526 RESERVED CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: ED01-CMS CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: ED01-CMS CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...) NOT-FOR-US: HongCMS CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: ZCMS CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...) NOT-FOR-US: ZCMS CVE-2022-28520 RESERVED CVE-2022-28519 RESERVED CVE-2022-28518 RESERVED CVE-2022-28517 RESERVED CVE-2022-28516 RESERVED CVE-2022-28515 RESERVED CVE-2022-28514 RESERVED CVE-2022-28513 RESERVED CVE-2022-28512 (A SQL injection vulnerability exists in Sourcecodester Fantastic Blog ...) NOT-FOR-US: Sourcecodester Fantastic Blog CMS CVE-2022-28511 RESERVED CVE-2022-28510 RESERVED CVE-2022-28509 RESERVED CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...) - mantis CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 versio ...) NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...) - giflib 5.2.2-1 (unimportant) NOTE: https://sourceforge.net/p/giflib/bugs/159/ NOTE: https://sourceforge.net/p/giflib/code/merge-requests/11/ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact CVE-2022-28505 (Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system ...) NOT-FOR-US: Jfinal_cms CVE-2022-28504 RESERVED CVE-2022-28503 RESERVED CVE-2022-28502 RESERVED CVE-2022-28501 RESERVED CVE-2022-28500 RESERVED CVE-2022-28499 RESERVED CVE-2022-28498 RESERVED CVE-2022-28497 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) NOT-FOR-US: TOTOLINK CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a ...) NOT-FOR-US: TOTOLINK CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) NOT-FOR-US: TOTOLINK CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) NOT-FOR-US: TOTOLINK CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start ...) NOT-FOR-US: TOTOLINK CVE-2022-28492 (TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attacke ...) NOT-FOR-US: TOTOLINK CVE-2022-28491 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command inje ...) NOT-FOR-US: TOTOLINK CVE-2022-28490 RESERVED CVE-2022-28489 RESERVED CVE-2022-28488 (The function wav_format_write in libwav.c in libwav through 2017-04-20 ...) NOT-FOR-US: libwav CVE-2022-28487 (Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_che ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/723 NOTE: https://github.com/appneta/tcpreplay/pull/720 NOTE: Crash in CLI tool, no security impact CVE-2022-28486 RESERVED CVE-2022-28485 RESERVED CVE-2022-28484 RESERVED CVE-2022-28483 RESERVED CVE-2022-28482 RESERVED CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters which could ...) NOT-FOR-US: zvory/csv-safe CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...) NOT-FOR-US: ALLMediaServer CVE-2022-28479 (SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored ...) NOT-FOR-US: SeedDMS CVE-2022-28478 (SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The " ...) NOT-FOR-US: SeedDMS CVE-2022-28477 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: WBCE CMS CVE-2022-28476 RESERVED CVE-2022-28475 RESERVED CVE-2022-28474 RESERVED CVE-2022-28473 RESERVED CVE-2022-28472 RESERVED CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c con ...) NOT-FOR-US: ffjpeg CVE-2022-28470 (marcador package in PyPI 0.1 through 0.13 included a code-execution ba ...) NOT-FOR-US: joajfreitas/marcador CVE-2022-28469 RESERVED CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: Payroll Management System CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Online Student Admission CVE-2022-28466 RESERVED CVE-2022-28465 RESERVED CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which ...) NOT-FOR-US: Apifox CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.) {DLA-3429-1 DLA-3007-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680 CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.) NOT-FOR-US: Novel-plus CVE-2022-28461 (mingyuefusu Library Management System all versions as of 03-27-2022 is ...) NOT-FOR-US: mingyuefusu Library Management System CVE-2022-28460 RESERVED CVE-2022-28459 RESERVED CVE-2022-28458 RESERVED CVE-2022-28457 RESERVED CVE-2022-28456 RESERVED CVE-2022-28455 RESERVED CVE-2022-28454 (Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: Limbas CVE-2022-28453 RESERVED CVE-2022-28452 (Red Planet Laundry Management System 1.0 is vulnerable to SQL Injectio ...) NOT-FOR-US: Red Planet Laundry Management System CVE-2022-28451 (nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup ...) NOT-FOR-US: nopCommerce CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...) NOT-FOR-US: nopCommerce CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...) NOT-FOR-US: nopCommerce CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...) NOT-FOR-US: nopCommerce CVE-2022-28447 RESERVED CVE-2022-28446 RESERVED CVE-2022-28445 (KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulner ...) NOT-FOR-US: KiteCMS CVE-2022-28444 (UCMS v1.6 was discovered to contain an arbitrary file read vulnerabili ...) NOT-FOR-US: UCMS CVE-2022-28443 (UCMS v1.6 was discovered to contain an arbitrary file deletion vulnera ...) NOT-FOR-US: UCMS CVE-2022-28442 RESERVED CVE-2022-28441 RESERVED CVE-2022-28440 (An arbitrary file upload vulnerability in UCMS v1.6 allows attackers t ...) NOT-FOR-US: UCMS CVE-2022-28439 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28438 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28437 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28436 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28435 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28434 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28433 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28432 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28431 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28430 RESERVED CVE-2022-28429 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28428 RESERVED CVE-2022-28427 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28426 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28425 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28424 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28423 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28422 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28421 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28420 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) NOT-FOR-US: Baby Care System CVE-2022-28419 RESERVED CVE-2022-28418 RESERVED CVE-2022-28417 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-28416 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-28415 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-28414 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-28413 (Car Driving School Management System v1.0 was discovered to contain a ...) NOT-FOR-US: Car Driving School Management System CVE-2022-28412 (Car Driving School Managment System v1.0 was discovered to contain a S ...) NOT-FOR-US: Car Driving School Managment System CVE-2022-28411 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-28410 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-28409 RESERVED CVE-2022-28408 RESERVED CVE-2022-28407 RESERVED CVE-2022-28406 RESERVED CVE-2022-28405 RESERVED CVE-2022-28404 RESERVED CVE-2022-28403 RESERVED CVE-2022-28402 RESERVED CVE-2022-28401 RESERVED CVE-2022-28400 RESERVED CVE-2022-28399 RESERVED CVE-2022-28398 RESERVED CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload module of Gh ...) NOT-FOR-US: Ghost CMS CVE-2022-28396 REJECTED CVE-2022-28395 RESERVED CVE-2022-28394 (EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) ...) NOT-FOR-US: Trend Micro CVE-2022-28393 RESERVED CVE-2022-28392 RESERVED CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) - busybox (bug #1010264) [bookworm] - busybox (Minor issue) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue) NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1) CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1) CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1) CVE-2022-28387 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-28386 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-28385 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-28384 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-28383 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-28382 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) NOT-FOR-US: Verbatim USB drives CVE-2022-1214 REJECTED CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...) NOT-FOR-US: livehelperchat CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...) - mruby 3.0.0-4 (bug #1009044) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe/ NOTE: https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6 CVE-2022-28381 (Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflo ...) NOT-FOR-US: ALLMediaServer CVE-2022-28380 (The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) all ...) NOT-FOR-US: 9front CVE-2022-28379 (jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item dele ...) NOT-FOR-US: jc21.com Nginx Proxy Manager CVE-2022-28378 (Craft CMS before 3.7.29 allows XSS.) NOT-FOR-US: Craft CMS CVE-2022-1211 (A vulnerability classified as critical has been found in tildearrow Fu ...) - furnace (bug #1008592) CVE-2022-28377 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) NOT-FOR-US: Verizon CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...) NOT-FOR-US: Verizon CVE-2022-28375 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...) NOT-FOR-US: Verizon CVE-2022-28374 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...) NOT-FOR-US: Verizon CVE-2022-28373 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly ...) NOT-FOR-US: Verizon CVE-2022-28372 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) NOT-FOR-US: Verizon CVE-2022-28371 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) NOT-FOR-US: Verizon CVE-2022-28370 (On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the R ...) NOT-FOR-US: Verizon CVE-2022-28369 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate ...) NOT-FOR-US: Verizon CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...) - php-dompdf (Vulnerable code introduced in 0.8.0, fixed in 1.2.1) NOTE: https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/ NOTE: https://positive.security/blog/dompdf-rce NOTE: https://github.com/dompdf/dompdf/issues/2598 NOTE: https://github.com/dompdf/dompdf/pull/2808 NOTE: https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d (v1.2.1) NOTE: Vulnerability introduced by: NOTE: https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e (v0.8.0) CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...) - libowasp-antisamy-java 1.7.4-1 (bug #1010154) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) [stretch] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6) NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577 NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...) - libowasp-antisamy-java 1.7.4-1 (bug #1010154) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) [stretch] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6 NOTE: https://github.com/nahsra/antisamy/issues/174 CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...) NOT-FOR-US: Reprise License Manager CVE-2022-28364 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) NOT-FOR-US: Reprise License Manager CVE-2022-28363 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) NOT-FOR-US: Reprise License Manager CVE-2022-28362 RESERVED CVE-2022-28361 RESERVED CVE-2022-28360 RESERVED CVE-2022-28359 RESERVED CVE-2022-28358 RESERVED CVE-2022-28357 (NATS nats-server 2.2.0 through 2.7.4 allows directory traversal becaus ...) - nats-server (Fixed with initial upload to Debian) NOTE: https://advisories.nats.io/CVE/CVE-2022-28357.txt CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1 CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable values.) NOT-FOR-US: Scala.js CVE-2022-28354 (In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php dat ...) NOT-FOR-US: MyBB plugin CVE-2022-28353 (In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL ...) NOT-FOR-US: MyBB plugin CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0. ...) - tiff (unimportant) [bullseye] - tiff (Minor issue) [buster] - tiff (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402 NOTE: Crash in CLI tool, no security impact CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not escape th ...) NOT-FOR-US: WordPress plugin CVE-2022-28351 RESERVED CVE-2022-28350 (Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 t ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...) {DSA-5254-1} - python-django 2:3.2.13-1 (bug #1009677) [buster] - python-django (Vulnerable code not present) [stretch] - python-django (Vulnerable code not present) NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ NOTE: https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81 (main) NOTE: https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402 (4.0.4) NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13) NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28) CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...) {DSA-5254-1 DLA-3177-1 DLA-2982-1} - python-django 2:3.2.13-1 (bug #1009677) NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main) NOTE: https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60 (4.0.4) NOTE: https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48 (3.2.13) NOTE: https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d (2.2.28) CVE-2022-28345 (The Signal app before 5.34 for iOS allows URI spoofing via RTLO inject ...) NOT-FOR-US: Signal app on iOS CVE-2022-28344 RESERVED CVE-2022-28343 RESERVED CVE-2022-28342 RESERVED CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to arbitrary re ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to Stored Cross ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb NOTE: https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1 CVE-2022-28341 RESERVED CVE-2022-28340 RESERVED CVE-2022-28339 RESERVED CVE-2022-28338 RESERVED CVE-2022-28337 RESERVED CVE-2022-28336 RESERVED CVE-2022-28335 RESERVED CVE-2022-28334 RESERVED CVE-2022-28333 RESERVED CVE-2022-28332 RESERVED CVE-2022-28331 (On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond ...) - apr (Only affects Windows) NOTE: https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r CVE-2022-28330 (Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bound ...) - apache2 (Windows specific) NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330 CVE-2022-28329 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-1206 RESERVED CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s A ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4 CVE-2022-1204 (A use-after-free flaw was found in the Linux kernel\u2019s Amateur Rad ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2 CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-1202 (The WP-CRM WordPress plugin through 1.2.1 does not validate and saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repositor ...) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b NOTE: https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae CVE-2022-28327 (The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1 ...) - golang-1.18 1.18.1-1 - golang-1.17 1.17.9-1 NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 NOTE: https://go.dev/issue/52075 CVE-2022-28326 RESERVED NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2022-28325 RESERVED NOT-FOR-US: MobileFrontend MediaWiki extension CVE-2022-28324 RESERVED NOT-FOR-US: Echo MediaWiki extension CVE-2022-28323 (An issue was discovered in MediaWiki through 1.37.2. The SecurePoll ex ...) NOT-FOR-US: SecurePoll MediaWiki extension CVE-2022-28322 RESERVED NOT-FOR-US: CentralAuth MediaWiki extension CVE-2022-28321 (The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...) - pam (Vulnerability introduced to SUSE-specific patch) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197654 CVE-2022-28320 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28319 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28318 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28317 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28316 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28315 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28314 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28313 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2022-28312 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2022-28311 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28310 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28309 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2022-28308 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2022-28307 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28306 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28305 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28304 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28303 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28302 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28301 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-28300 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4. ...) NOT-FOR-US: CENTUM CVE-2022-26034 (Improper authentication vulnerability in the communication protocol pr ...) NOT-FOR-US: CENTUM CVE-2022-1200 RESERVED CVE-2021-4225 (The SP Project & Document Manager WordPress plugin before 4.24 allows ...) NOT-FOR-US: WordPress plugin CVE-2022-28299 RESERVED CVE-2022-28298 RESERVED CVE-2022-28297 RESERVED CVE-2022-28296 RESERVED CVE-2022-28295 RESERVED CVE-2022-28294 RESERVED CVE-2022-28293 RESERVED CVE-2022-28292 RESERVED CVE-2022-28291 (Insufficiently Protected Credentials: An authenticated user with debug ...) NOT-FOR-US: Nessus CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress Country Sel ...) NOT-FOR-US: WordPress plugin CVE-2022-28289 (Mozilla developers and community members Nika Layzell, Andrew McCreigh ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28289 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28289 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28289 CVE-2022-28288 (Mozilla developers and community members Randell Jesup, Sebastian Heng ...) - firefox 99.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28288 CVE-2022-28287 (In unusual circumstances, selecting text could cause text selection ca ...) - firefox 99.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28287 CVE-2022-28286 (Due to a layout change, iframe contents could have been rendered outsi ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28286 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28286 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286 CVE-2022-28285 (When generating the assembly code for MLoadTypedArrayElementHole ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28285 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28285 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28285 CVE-2022-28284 (SVG's <use> element could have been used to load un ...) - firefox 99.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28284 CVE-2022-28283 (The sourceMapURL feature in devtools was missing security checks that ...) - firefox 99.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28283 CVE-2022-28282 (By using a link with rel="localization" a use-after-free ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28282 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28282 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28282 NOTE: https://github.com/Pwnrin/CVE-2022-28282 CVE-2022-28281 (If a compromised content process sent an unexpected number of WebAuthN ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28281 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28281 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281 CVE-2022-1199 (A flaw was found in the Linux kernel. This flaw allows an attacker to ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 [buster] - linux 4.19.235-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5 CVE-2022-1198 (A use-after-free vulnerabilitity was discovered in drivers/net/hamradi ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3 CVE-2022-1197 (When importing a revoked key that specified key compromise as the revo ...) {DSA-5118-1 DLA-2978-1} - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1197 CVE-2022-1196 (After a VR Process is destroyed, a reference to it may have been retai ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196 CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...) {DSA-5173-1 DSA-5127-1} - linux 5.15.15-1 [buster] - linux 4.19.232-1 [stretch] - linux 4.9.303-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056381 CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...) NOT-FOR-US: WordPress plugin CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...) - gitlab 15.10.8+ds1-2 CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...) NOT-FOR-US: AMD CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...) NOT-FOR-US: AMD CVE-2021-46777 RESERVED CVE-2021-46776 RESERVED CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...) NOT-FOR-US: AMD CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) NOT-FOR-US: AMD CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...) NOT-FOR-US: AMD CVE-2021-46772 RESERVED CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...) NOT-FOR-US: AMD CVE-2021-46770 RESERVED CVE-2021-46769 (Insufficient syscall input validation in the ASP Bootloader may allow ...) NOT-FOR-US: AMD CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...) NOT-FOR-US: AMD CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...) NOT-FOR-US: AMD CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may expose s ...) NOT-FOR-US: AMD CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...) NOT-FOR-US: AMD CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...) NOT-FOR-US: AMD CVE-2021-46763 (Insufficient input validation in the SMU may enable a privileged attac ...) NOT-FOR-US: AMD CVE-2021-46762 (Insufficient input validation in the SMU may allow an attacker to corr ...) NOT-FOR-US: AMD CVE-2021-46761 REJECTED CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed system cal ...) NOT-FOR-US: AMD CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...) NOT-FOR-US: AMD CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure ...) NOT-FOR-US: AMD CVE-2021-46757 (Insufficient checking of memory buffer in ASP Secure OS may allow an a ...) NOT-FOR-US: AMD CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...) NOT-FOR-US: AMD CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...) NOT-FOR-US: AMD CVE-2021-46754 (Insufficient input validation in the ASP (AMD Secure Processor) bootlo ...) NOT-FOR-US: AMD CVE-2021-46753 (Failure to validate the length fields of the ASP (AMD Secure Processor ...) NOT-FOR-US: AMD CVE-2021-46752 RESERVED CVE-2021-46751 RESERVED CVE-2021-46750 RESERVED CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...) NOT-FOR-US: AMD CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...) NOT-FOR-US: AMD CVE-2021-46747 RESERVED CVE-2021-46746 RESERVED CVE-2021-46745 RESERVED CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...) NOT-FOR-US: AMD CVE-2022-28280 RESERVED CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-28269 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28268 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28267 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28266 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28265 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28264 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28263 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28262 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28261 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28260 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28259 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28258 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28257 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28256 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28255 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28254 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28253 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28252 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28251 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28250 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28249 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28248 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28247 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28246 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28245 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28244 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28243 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28242 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28241 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28240 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28239 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) NOT-FOR-US: Adobe CVE-2022-28238 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28237 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28236 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28235 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28234 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28233 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28232 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28231 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28230 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-28229 (The hash functionality in userver before 42059b6319661583b3080cab9b595 ...) NOT-FOR-US: userver CVE-2022-28228 (Out-of-bounds read was discovered in YDB server. An attacker could con ...) NOT-FOR-US: YDB server CVE-2022-28227 RESERVED CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...) NOT-FOR-US: Yandex Browser CVE-2022-28225 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...) NOT-FOR-US: Yandex Browser CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterprise (v ...) NOT-FOR-US: Calico CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...) NOT-FOR-US: livehelperchat CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...) - gitlab 15.10.8+ds1-2 CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information ...) NOT-FOR-US: WordPress plugin CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...) NOT-FOR-US: Tekon KIO devices CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...) NOT-FOR-US: Apache James CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...) - gitlab 15.10.8+ds1-2 CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...) {DSA-5257-1 DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205 NOTE: https://git.kernel.org/linus/65f8ea4cd57dbd46ea13b41dc8bac03176b04233 CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...) - bind9 1:9.18.3-1 [bullseye] - bind9 (Vulnerable code not present) [buster] - bind9 (Vulnerable code not present) [stretch] - bind9 (Vulnerable code not present) NOTE: https://kb.isc.org/v1/docs/cve-2022-1183 CVE-2022-1182 (The Visual Slide Box Builder WordPress plugin through 3.2.9 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1181 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...) NOT-FOR-US: OpenEMR CVE-2022-1180 (Reflected Cross Site Scripting in GitHub repository openemr/openemr pr ...) NOT-FOR-US: OpenEMR CVE-2022-1179 (Non-Privilege User Can Created New Rule and Lead to Stored Cross Site ...) NOT-FOR-US: OpenEMR CVE-2022-1178 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...) NOT-FOR-US: OpenEMR CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub repo ...) NOT-FOR-US: OpenEMR CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...) NOT-FOR-US: livehelperchat CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...) - gitlab 15.10.8+ds1-2 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) - gitlab 15.10.8+ds1-2 CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.) NOT-FOR-US: Grav CMS CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...) - gpac 2.0.0+dfsg1-4 (bug #1016443) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/ NOTE: https://github.com/gpac/gpac/issues/2153 NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8 CVE-2022-1171 (The Vertical scroll recent post WordPress plugin before 14.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there ...) NOT-FOR-US: Wordpress theme CVE-2022-1169 (There is a XSS vulnerability in Careerfy.) NOT-FOR-US: Wordpress theme CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...) NOT-FOR-US: WordPress plugin CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...) NOT-FOR-US: Wordpress theme CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers ...) NOT-FOR-US: WordPress plugin CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...) NOT-FOR-US: Wordpress theme CVE-2022-28219 (Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through ...) NOT-FOR-US: CipherMail Webmail Messenger CVE-2022-28217 (Some part of SAP NetWeaver (EP Web Page Composer) does not sufficientl ...) NOT-FOR-US: SAP CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...) NOT-FOR-US: SAP CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, ...) NOT-FOR-US: SAP CVE-2022-28214 (During an update of SAP BusinessObjects Enterprise, Central Management ...) NOT-FOR-US: SAP CVE-2022-28213 (When a user access SOAP Web services in SAP BusinessObjects Business I ...) NOT-FOR-US: SAP CVE-2022-28212 RESERVED NOT-FOR-US: FlaggedRevs MediaWiki extension CVE-2022-28211 RESERVED NOT-FOR-US: TimedMediaHandler MediaWiki extension CVE-2022-28210 RESERVED NOT-FOR-US: JsonConfig MediaWiki extension CVE-2022-28209 (An issue was discovered in Mediawiki through 1.37.1. The check for the ...) NOT-FOR-US: MediaWiki AntiSpoof extension CVE-2022-28208 RESERVED NOT-FOR-US: WikiBase MediaWiki extension CVE-2022-28207 RESERVED NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidat ...) NOT-FOR-US: MediaWiki FileImporter extension CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...) NOT-FOR-US: MediaWiki CentralAuth extension CVE-2022-28204 (A denial-of-service issue was discovered in MediaWiki 1.37.x before 1. ...) - mediawiki (Only affects 1.37 and later) NOTE: https://phabricator.wikimedia.org/T297754 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1 ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.6-1 [stretch] - mediawiki (Fix along in next security release) NOTE: https://phabricator.wikimedia.org/T297731 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.6-1 [stretch] - mediawiki (Fix along in next security release) NOTE: https://phabricator.wikimedia.org/T297543 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36 ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.6-1 [stretch] - mediawiki (Fix along in next security release) NOTE: https://phabricator.wikimedia.org/T297571 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, ...) NOT-FOR-US: NVIDIA CVE-2022-28199 (NVIDIA\u2019s distribution of the Data Plane Development Kit (MLNX_DPD ...) {DSA-5222-1} [experimental] - dpdk 22.11~rc2-1 - dpdk 22.11.1-2 (bug #1019589) [buster] - dpdk (Vulnerable code introduced later) NOTE: https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa (main) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45 (v21.11.2) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d21b4f68c8ccfc46a00cda7c2a0bf4cc (v20.11.6) NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664e9d014cd8fa0fde90597aaf4349e7e (v19.11.13) NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/3 CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its conf ...) NOT-FOR-US: NVIDIA CVE-2022-28197 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28196 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28195 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) NOT-FOR-US: NVIDIA Jetson Linux Driver Package CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-418 (bug #1011143) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1011141) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.151-1 (bug #1011142) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1 - nvidia-graphics-drivers-tesla-418 (bug #1011143) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (bug #1011141) [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) - nvidia-graphics-drivers-legacy-390xx 390.151-1 (bug #1011142) [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb11u1 [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1 - nvidia-graphics-drivers-tesla-418 (bug #1011143) [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 - nvidia-graphics-drivers-tesla-460 (bug #1011145) [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28180 RESERVED CVE-2022-28179 RESERVED CVE-2022-28178 RESERVED CVE-2022-28177 RESERVED CVE-2022-28176 RESERVED CVE-2022-28175 RESERVED CVE-2022-28174 RESERVED CVE-2022-28173 (The web server of some Hikvision wireless bridge products have an acce ...) NOT-FOR-US: Hikvision CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...) NOT-FOR-US: Hikvision CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...) NOT-FOR-US: Hikvision CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...) NOT-FOR-US: minewebcms CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...) - gitlab 15.10.8+ds1-2 CVE-2022-1161 (An attacker with the ability to modify a user program may change user ...) NOT-FOR-US: Rockwell Automation CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...) - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/ NOTE: Introduced by: https://github.com/vim/vim/commit/85b43c6cb7d56919e245622f4e42db6d8bee4194 (v8.2.4603) NOTE: Fixed by: https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db (v8.2.4647) CVE-2022-28170 (Brocade Fabric OS Web Application services before Brocade Fabric v9.1. ...) NOT-FOR-US: Brocade CVE-2022-28169 (Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric O ...) NOT-FOR-US: Brocade CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1 ...) NOT-FOR-US: Brocade CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2 ...) NOT-FOR-US: Brocade CVE-2022-28166 (In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before ...) NOT-FOR-US: Brocade CVE-2022-28165 (A vulnerability in the role-based access control (RBAC) functionality ...) NOT-FOR-US: Brocade SANnav CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symme ...) NOT-FOR-US: Brocade SANnav CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints asso ...) NOT-FOR-US: Brocade SANnav CVE-2022-28162 (Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentic ...) NOT-FOR-US: Brocade SANnav CVE-2022-28161 (An information exposure through log file vulnerability in Brocade SANN ...) NOT-FOR-US: Brocade SANnav CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are vuln ...) NOT-FOR-US: Rockwell Automation CVE-2022-1158 (A flaw was found in KVM. When updating a guest's page table entry, vm_ ...) {DSA-5127-1} - linux 5.17.3-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1) NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4 CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...) - gitlab 15.10.8+ds1-2 CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...) - snipe-it (bug #1005172) CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 NOTE: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (v8.2.4646) NOTE: Crash in CLI tool, no security impact CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and escape t ...) NOT-FOR-US: WordPress plugin CVE-2022-1151 RESERVED CVE-2022-1150 RESERVED CVE-2022-1149 RESERVED CVE-2022-28160 (Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item ...) NOT-FOR-US: Jenkins plugin CVE-2022-28159 (Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Pr ...) NOT-FOR-US: Jenkins plugin CVE-2022-28158 (A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2022-28157 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...) NOT-FOR-US: Jenkins plugin CVE-2022-28156 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...) NOT-FOR-US: Jenkins plugin CVE-2022-28155 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2022-28154 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2022-28153 (Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sit ...) NOT-FOR-US: Jenkins plugin CVE-2022-28152 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...) NOT-FOR-US: Jenkins plugin CVE-2022-28151 (A missing permission check in Jenkins Job and Node ownership Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2022-28150 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...) NOT-FOR-US: Jenkins plugin CVE-2022-28149 (Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2022-28148 (The file browser in Jenkins Continuous Integration with Toad Edge Plug ...) NOT-FOR-US: Jenkins plugin CVE-2022-28147 (A missing permission check in Jenkins Continuous Integration with Toad ...) NOT-FOR-US: Jenkins plugin CVE-2022-28146 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2022-28145 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier d ...) NOT-FOR-US: Jenkins plugin CVE-2022-28144 (Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission ...) NOT-FOR-US: Jenkins plugin CVE-2022-28143 (A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox P ...) NOT-FOR-US: Jenkins plugin CVE-2022-28142 (Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate ...) NOT-FOR-US: Jenkins plugin CVE-2022-28141 (Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter ...) NOT-FOR-US: Jenkins plugin CVE-2022-28140 (Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2022-28139 (A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.1 ...) NOT-FOR-US: Jenkins plugin CVE-2022-28138 (A cross-site request forgery (CSRF) vulnerability in Jenkins RocketCha ...) NOT-FOR-US: Jenkins plugin CVE-2022-28137 (A missing permission check in Jenkins JiraTestResultReporter Plugin 16 ...) NOT-FOR-US: Jenkins plugin CVE-2022-28136 (A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestR ...) NOT-FOR-US: Jenkins plugin CVE-2022-28135 (Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for ...) NOT-FOR-US: Jenkins plugin CVE-2022-28134 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2022-28132 RESERVED CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...) - golang-1.18 1.18.4-1 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) NOTE: https://github.com/golang/go/issues/53614 NOTE: https://github.com/golang/go/commit/08c46ed43d80bbb67cb904944ea3417989be4af3 (go1.19rc2) NOTE: https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96 (go1.18.4) NOTE: https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae (go1.17.12) CVE-2022-28130 RESERVED CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...) {DSA-5206-1 DLA-3279-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...) - gitlab 15.10.8+ds1-2 CVE-2022-1147 RESERVED CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1145 (Use after free in Extensions in Google Chrome prior to 100.0.4896.60 a ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1144 (Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowe ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1143 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1142 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1141 (Use after free in File Manager in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1140 RESERVED CVE-2022-1139 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1138 (Inappropriate implementation in Web Cursor in Google Chrome prior to 1 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1137 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1136 (Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 al ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1135 (Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.6 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1134 (Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1133 (Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1132 (Inappropriate implementation in Virtual Keyboard in Google Chrome on C ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1131 (Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allo ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1130 (Insufficient validation of trust input in WebOTP in Google Chrome on A ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1129 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1128 (Inappropriate implementation in Web Share API in Google Chrome on Wind ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1127 (Use after free in QR Code Generator in Google Chrome prior to 100.0.48 ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1126 RESERVED CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60 allo ...) {DSA-5112-1} - chromium 100.0.4896.60-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...) - gitlab 15.10.8+ds1-2 CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...) NOT-FOR-US: WordPress plugin CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...) NOT-FOR-US: Firebase PHP-JWT CVE-2020-36521 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and ear ...) NOT-FOR-US: AttacheCase CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and ...) NOT-FOR-US: Zero-channel BBS Plus CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...) NOT-FOR-US: AttacheCase CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...) {DLA-2975-1} - openjpeg2 2.5.0-1 [bullseye] - openjpeg2 (Minor issue) [buster] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1368 NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...) - gitlab 15.10.8+ds1-2 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...) - gitlab 15.10.8+ds1-2 CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File ...) NOT-FOR-US: WordPress plugin CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...) NOT-FOR-US: Rockwell Automation CVE-2022-1117 (A vulnerability was found in fapolicyd. The vulnerability occurs due t ...) NOT-FOR-US: fapolicyd CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...) - linux (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189) CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...) {DSA-5628-1} - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282) [buster] - imagemagick (code is introduced later) [stretch] - imagemagick (code is introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51 (6.9.12-44) NOTE: Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef476 (6.9.10-88) CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInf ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [buster] - imagemagick (Vulnerable code not present, bail out early) [stretch] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.7 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...) - gitlab 15.10.8+ds1-2 CVE-2020-36520 RESERVED CVE-2022-28125 RESERVED CVE-2022-28124 RESERVED CVE-2022-28123 RESERVED CVE-2022-28122 RESERVED CVE-2022-28121 RESERVED CVE-2022-28120 (Beijing Runnier Network Technology Co., Ltd Open virtual simulation ex ...) NOT-FOR-US: Beijing Runnier Network Technology CVE-2022-28119 RESERVED CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...) NOT-FOR-US: SiteServer CMS CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate ...) NOT-FOR-US: Navigate CMS CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Online Sports Complex Booking CVE-2022-28114 (DSCMS v3.0 was discovered to contain an arbitrary file deletion vulner ...) NOT-FOR-US: DSCMS CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...) NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware CVE-2022-28112 RESERVED CVE-2022-28111 (MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was disco ...) NOT-FOR-US: MyBatis PageHelper CVE-2022-28110 (Hotel Management System v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Hotel Management System CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in ...) NOT-FOR-US: Selenium CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits non-JSO ...) NOT-FOR-US: Selenium CVE-2022-28107 RESERVED CVE-2022-28106 (Online Sports Complex Booking System v1.0 was discovered to allow atta ...) NOT-FOR-US: Online Sports Complex Booking System CVE-2022-28105 (Online Sports Complex Booking System v1.0 was discovered to contain a ...) NOT-FOR-US: Online Sports Complex Booking System CVE-2022-28104 (Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file u ...) NOT-FOR-US: Foxit PDF Editor CVE-2022-28103 RESERVED CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...) NOT-FOR-US: PHP MySQL Admin Panel Generator CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the tag during ma ...) NOT-FOR-US: Turtlapp Turtle Note CVE-2022-28100 RESERVED CVE-2022-28099 (Poultry Farm Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Poultry Farm Management System CVE-2022-28098 RESERVED CVE-2022-28097 RESERVED CVE-2022-28096 (Skycaiji v2.4 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Skycaiji CVE-2022-28095 RESERVED CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...) NOT-FOR-US: SCBS Online Sports Venue Reservation System CVE-2022-28093 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...) NOT-FOR-US: SCBS Online Sports Venue Reservation System CVE-2022-28092 RESERVED CVE-2022-28091 RESERVED CVE-2022-28090 (Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forg ...) NOT-FOR-US: Jspxcms CVE-2022-28089 RESERVED CVE-2022-28088 RESERVED CVE-2022-28087 RESERVED CVE-2022-28086 RESERVED CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ...) - htmldoc 1.9.15-2 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u3 [buster] - htmldoc 1.9.3-1+deb10u4 NOTE: https://github.com/michaelrsweet/htmldoc/issues/480 NOTE: https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 NOTE: Crash in CLI tool, no security impact CVE-2022-28084 RESERVED CVE-2022-28083 RESERVED CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...) NOT-FOR-US: Tenda CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component ...) NOT-FOR-US: khaled-alshamaa/ar-php CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Royal Event Management System CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...) NOT-FOR-US: College Management System CVE-2022-28078 (Home Owners Collection Management v1 was discovered to contain a refle ...) NOT-FOR-US: Home Owners Collection Management CVE-2022-28077 (Home Owners Collection Management v1 was discovered to contain a refle ...) NOT-FOR-US: Home Owners Collection Management CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command execution (RCE ...) NOT-FOR-US: Seacms CVE-2022-28075 RESERVED CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...) NOT-FOR-US: Halo CVE-2022-28073 (A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4. ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053 (5.5.0) CVE-2022-28072 (A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4 ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45 (5.5.0) CVE-2022-28071 (A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5 ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (5.5.0) CVE-2022-28070 (A null pointer deference in __core_anal_fcn function in radare2 5.4.2 ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0 (5.5.0) CVE-2022-28069 (A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a (5.5.0) CVE-2022-28068 (A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4. ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992 (5.5.0) CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 allows ...) NOT-FOR-US: Sandboxie Classic CVE-2022-28066 REJECTED CVE-2022-28065 RESERVED CVE-2022-28064 RESERVED CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file disclosure v ...) NOT-FOR-US: Simple Bakery Shop Management System CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload vulnerability ...) NOT-FOR-US: Car Rental System CVE-2022-28061 RESERVED CVE-2022-28060 (SQL Injection vulnerability in Victor CMS v1.0, via the user_name para ...) NOT-FOR-US: Victor CMS CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) NOT-FOR-US: Verydows CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) NOT-FOR-US: Verydows CVE-2022-28057 RESERVED CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system re-install ...) NOT-FOR-US: ShopXO CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection vulnerability vi ...) NOT-FOR-US: Fusionpbx CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke Software VS ...) NOT-FOR-US: VanDyke Software VShell CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: Typemill CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...) NOT-FOR-US: Roothub CVE-2022-28051 (The "Add category" functionality inside the "Global Keywords" menu in ...) NOT-FOR-US: SeedDMS CVE-2022-28050 RESERVED CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...) NOT-FOR-US: njs CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of invalid size i ...) - libstb 0.0~git20230129.5736b15+ds-1 (unimportant) NOTE: https://github.com/nothings/stb/issues/1293 NOTE: https://github.com/nothings/stb/pull/1297 NOTE: Negligible security impact NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d CVE-2022-28047 RESERVED CVE-2022-28046 RESERVED CVE-2022-28045 RESERVED CVE-2022-28044 (Irzip v0.640 was discovered to contain a heap memory corruption via th ...) {DSA-5145-1 DLA-3005-1} - lrzip 0.650-1 NOTE: https://github.com/ckolivas/lrzip/issues/216 NOTE: Fixed by: https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 (v0.650) CVE-2022-28043 RESERVED CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...) {DLA-3305-1} - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/1289 NOTE: https://github.com/nothings/stb/pull/1297 NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer overflow via th ...) {DLA-3305-1} - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/1292 NOTE: https://github.com/nothings/stb/pull/1297 NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d CVE-2022-28040 RESERVED CVE-2022-28039 RESERVED CVE-2022-28038 RESERVED CVE-2022-28037 RESERVED CVE-2022-28036 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_nav ...) NOT-FOR-US: AtomCMS CVE-2022-28035 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_bl ...) NOT-FOR-US: AtomCMS CVE-2022-28034 (AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_lis ...) NOT-FOR-US: AtomCMS CVE-2022-28033 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads ...) NOT-FOR-US: AtomCMS CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pag ...) NOT-FOR-US: AtomCMS CVE-2022-28031 RESERVED CVE-2022-28030 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-28029 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-28028 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-28027 RESERVED CVE-2022-28026 (Student Grading System v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Student Grading System CVE-2022-28025 (Student Grading System v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Student Grading System CVE-2022-28024 (Student Grading System v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Student Grading System CVE-2022-28023 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Purchase Order Management System CVE-2022-28022 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Purchase Order Management System CVE-2022-28021 (Purchase Order Management System v1.0 was discovered to contain a remo ...) NOT-FOR-US: Purchase Order Management System CVE-2022-28020 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28019 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28018 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28017 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28016 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28015 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28014 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28013 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28012 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28011 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28010 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28009 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28008 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management Console pri ...) NOT-FOR-US: 3CX Phone System Management Console CVE-2022-28004 RESERVED CVE-2022-28003 RESERVED CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an unauthenticated ...) NOT-FOR-US: Movie Seat Reservation CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL injection vu ...) NOT-FOR-US: Movie Seat Reservation CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL injection vulne ...) NOT-FOR-US: Car Rental System CVE-2022-27999 RESERVED CVE-2022-27998 RESERVED CVE-2022-27997 RESERVED CVE-2022-27996 RESERVED CVE-2022-27995 RESERVED CVE-2022-27994 RESERVED CVE-2022-27993 RESERVED CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Zoo Management System CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain multiple SQL ...) NOT-FOR-US: Online Banking System in PHP CVE-2022-27990 RESERVED CVE-2022-27989 RESERVED CVE-2022-27988 RESERVED CVE-2022-27987 RESERVED CVE-2022-27986 RESERVED CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: CuppaCMS CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: CuppaCMS CVE-2022-27983 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an ...) NOT-FOR-US: RG-NBR-E Enterprise Gateway RG-NBR2100G-E CVE-2022-27982 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a ...) NOT-FOR-US: RG-NBR-E Enterprise Gateway RG-NBR2100G-E CVE-2022-27981 RESERVED CVE-2022-27980 RESERVED CVE-2022-27979 (A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows at ...) NOT-FOR-US: ToolJet CVE-2022-27978 (Tooljet v1.6 does not properly handle missing values in the API, allow ...) NOT-FOR-US: ToolJet CVE-2022-27977 RESERVED CVE-2022-27976 RESERVED CVE-2022-27975 RESERVED CVE-2022-27974 RESERVED CVE-2022-27973 RESERVED CVE-2022-27972 RESERVED CVE-2022-27971 RESERVED CVE-2022-27970 RESERVED CVE-2022-27969 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) NOT-FOR-US: Cynet 360 Web Portal CVE-2022-27968 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) NOT-FOR-US: Cynet 360 Web Portal CVE-2022-27967 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) NOT-FOR-US: Cynet 360 Web Portal CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack vulnerability whic ...) NOT-FOR-US: NetSarang Xshell CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack vulnerability which ...) NOT-FOR-US: NetSarang Xlpd CVE-2022-27964 (Xmanager v7.0.0096 and below contains a binary hijack vulnerability wh ...) NOT-FOR-US: NetSarang Xmanager CVE-2022-27963 (Xftp 7.0.0088p and below contains a binary hijack vulnerability which ...) NOT-FOR-US: NetSarang Xftp CVE-2022-27962 (Bluecms 1.6 has a SQL injection vulnerability at cooike.) NOT-FOR-US: BlueCMS CVE-2022-27961 (A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in O ...) NOT-FOR-US: OFCMS CVE-2022-27960 (Insecure permissions configured in the user_id parameter at SysUserCon ...) NOT-FOR-US: OFCMS CVE-2022-27959 RESERVED CVE-2022-27958 (Insecure permissions configured in the userid parameter at /user/getus ...) NOT-FOR-US: FEBS-Security CVE-2022-27957 RESERVED CVE-2022-27956 RESERVED CVE-2022-27955 RESERVED CVE-2022-27954 RESERVED CVE-2022-27953 RESERVED CVE-2022-27952 (An arbitrary file upload vulnerability in the file upload module of Pa ...) NOT-FOR-US: PayloadCMS CVE-2022-27951 RESERVED CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory ...) - linux 5.16.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/817b8b9c5396d2b2d92311b46719aad5d3339dbe (5.17-rc5) NOTE: https://www.openwall.com/lists/oss-security/2022/03/13/1 CVE-2022-27949 (A vulnerability in UI of Apache Airflow allows an attacker to view unm ...) - airflow (bug #819700) CVE-2022-27948 (Certain Tesla vehicles through 2022-03-26 allow attackers to open the ...) NOT-FOR-US: Tesla CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...) NOT-FOR-US: Lenovo CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun cloud m ...) NOT-FOR-US: Lenovo CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...) NOT-FOR-US: Lenovo CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...) NOT-FOR-US: Lenovo CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) NOT-FOR-US: NETGEAR CVE-2022-27946 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) NOT-FOR-US: NETGEAR CVE-2022-27945 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) NOT-FOR-US: NETGEAR CVE-2022-27944 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an e ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-27943 (libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in ...) - gcc-12 (unimportant) NOTE: Negligible security impact NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 CVE-2022-27942 (tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_ ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/719 NOTE: Crash in CLI tool, no security impact CVE-2022-27941 (tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/716 NOTE: Crash in CLI tool, no security impact CVE-2022-27940 (tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/718 NOTE: Crash in CLI tool, no security impact CVE-2022-27939 (tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_ ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/717 NOTE: Crash in CLI tool, no security impact CVE-2022-27938 (stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...) - libstb (unimportant) NOTE: Negligible security impact CVE-2022-27937 (Pexip Infinity before 27.3 allows remote attackers to trigger excessiv ...) NOT-FOR-US: Pexip Infinity CVE-2022-27936 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27935 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27934 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27933 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27932 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27931 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-27930 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) NOT-FOR-US: Pexip Infinity CVE-2022-27929 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) NOT-FOR-US: Pexip Infinity CVE-2022-27928 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) NOT-FOR-US: Pexip Infinity CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby prior t ...) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc) CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...) - gitlab 15.10.8+ds1-2 CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any authenti ...) NOT-FOR-US: WordPress plugin CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...) NOT-FOR-US: Microfinance Management System CVE-2022-27926 (A reflected cross-site scripting (XSS) vulnerability in the /public/la ...) NOT-FOR-US: Zimbra CVE-2022-27925 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functiona ...) NOT-FOR-US: Zimbra CVE-2022-27924 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticate ...) NOT-FOR-US: Zimbra CVE-2022-27923 RESERVED CVE-2022-27922 RESERVED CVE-2022-27921 RESERVED CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functi ...) - libkiwix 10.1.0+dfsg-1 (bug #1008483) [bullseye] - libkiwix (Vulnerable code introduced later) [buster] - libkiwix (Vulnerable code introduced later) NOTE: https://github.com/kiwix/libkiwix/issues/728 NOTE: https://github.com/kiwix/libkiwix/pull/721 CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution if the in ...) NOT-FOR-US: Gradle Enterprise CVE-2022-27918 REJECTED CVE-2022-27917 REJECTED CVE-2022-27916 REJECTED CVE-2022-27915 REJECTED CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate fil ...) NOT-FOR-US: Joomla! CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...) NOT-FOR-US: Joomla! CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with pub ...) NOT-FOR-US: Joomla! CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosur ...) NOT-FOR-US: Joomla! CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most vers ...) NOT-FOR-US: Joomla component CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...) NOT-FOR-US: Joomla component jDownloads CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...) NOT-FOR-US: Mendelson OFTP2 CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...) NOT-FOR-US: ControlUp Real-Time Agent CVE-2022-27904 (Automox Agent for macOS before version 39 was vulnerable to a time-of- ...) NOT-FOR-US: Automox Agent installation package on macOS CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...) NOT-FOR-US: EVE-NG Professional CVE-2022-27902 REJECTED CVE-2022-27901 RESERVED CVE-2022-27900 RESERVED CVE-2022-27899 RESERVED CVE-2022-27898 RESERVED CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...) NOT-FOR-US: Palantir CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...) NOT-FOR-US: Foundry Code-Workbooks CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...) NOT-FOR-US: Foundry CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scripting ...) NOT-FOR-US: Foundry Blobster service CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...) NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...) NOT-FOR-US: Palantir CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that listed all a ...) NOT-FOR-US: Palantir CVE-2022-27890 (It was discovered that the sls-logging was not verifying hostnames in ...) NOT-FOR-US: sls-logging CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...) NOT-FOR-US: Palantir CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...) NOT-FOR-US: Foundry Issues service CVE-2022-1102 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...) NOT-FOR-US: SourceCodester CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) - gitlab 15.10.8+ds1-2 CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...) - gitlab 15.10.8+ds1-2 CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...) NOT-FOR-US: Delta Electronics DIAEnergie CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...) NOT-FOR-US: Harmony OS CVE-2021-46741 (The basic framework and setting module have defects, which were introd ...) NOT-FOR-US: Huawei CVE-2021-46740 (The device authentication service module has a defect vulnerability in ...) NOT-FOR-US: Harmony OS CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: Maccms CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: Maccms CVE-2022-27885 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) NOT-FOR-US: Maccms CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) NOT-FOR-US: Maccms CVE-2022-27883 (A link following vulnerability in Trend Micro Antivirus for Mac 11.5 c ...) NOT-FOR-US: Trend Micro CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...) NOT-FOR-US: slaacd from OpenBSD CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buff ...) NOT-FOR-US: slaacd from OpenBSD CVE-2022-27873 (An attacker can force the victim\u2019s device to perform arbitrary HT ...) NOT-FOR-US: Autodesk CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...) NOT-FOR-US: Autodesk CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...) NOT-FOR-US: Autodesk CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...) NOT-FOR-US: Autodesk CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...) NOT-FOR-US: Autodesk CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...) NOT-FOR-US: Autodesk CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...) NOT-FOR-US: Autodesk CVE-2022-27866 (A maliciously crafted TIFF file when consumed through DesignReview.exe ...) NOT-FOR-US: Autodesk CVE-2022-27865 (A maliciously crafted TGA or PCX file may be used to write beyond the ...) NOT-FOR-US: Autodesk CVE-2022-27864 (A Double Free vulnerability allows remote attackers to execute arbitra ...) NOT-FOR-US: Autodesk CVE-2022-27186 RESERVED CVE-2022-27177 (A Python format string issue leading to information disclosure and pot ...) NOT-FOR-US: Netflix ConsoleMe CVE-2022-27171 RESERVED CVE-2022-26371 RESERVED CVE-2022-26064 RESERVED CVE-2022-1097 (NSSToken objects were referenced via direct points, and c ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-1097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1097 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1097 CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a ...) {DSA-5110-1} - chromium 99.0.4844.84-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-1095 (The Mihdan: No External Links WordPress plugin before 5.0.2 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1092 (The myCred WordPress plugin before 2.4.3.1 does not have authorisation ...) NOT-FOR-US: WordPress plugin CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...) NOT-FOR-US: WordPress plugin CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-1089 (The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 ...) NOT-FOR-US: WordPress plugin CVE-2022-1088 (The Page Security & Membership WordPress plugin through 1.5.15 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: htmly CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as ...) NOT-FOR-US: DolphinPHP CVE-2022-1085 (A vulnerability was found in CLTPHP up to 6.0. It has been declared as ...) NOT-FOR-US: CLTPHP CVE-2022-1084 (A vulnerability classified as critical was found in SourceCodester One ...) NOT-FOR-US: SourceCodester CVE-2022-1083 (A vulnerability classified as critical has been found in Microfinance ...) NOT-FOR-US: Microfinance Management System CVE-2022-1082 (A vulnerability was found in SourceCodester Microfinance Management Sy ...) NOT-FOR-US: Microfinance Management System CVE-2022-1081 (A vulnerability was found in SourceCodester Microfinance Management Sy ...) NOT-FOR-US: Microfinance Management System CVE-2022-1080 (A vulnerability was found in SourceCodester One Church Management Syst ...) NOT-FOR-US: SourceCodester CVE-2022-1079 (A vulnerability classified as problematic has been found in SourceCode ...) NOT-FOR-US: SourceCodester CVE-2022-1078 (A vulnerability was found in SourceCodester College Website Management ...) NOT-FOR-US: SourceCodester CVE-2022-1077 (A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has ...) NOT-FOR-US: TEM FLEX-1080 and FLEX-1085 CVE-2022-1076 (A vulnerability was found in Automatic Question Paper Generator System ...) NOT-FOR-US: Automatic Question Paper Generator System CVE-2022-1075 (A vulnerability was found in College Website Management System 1.0 and ...) NOT-FOR-US: College Website Management System CVE-2022-1074 (A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified a ...) NOT-FOR-US: TEM FLEX-1085 CVE-2022-1073 (A vulnerability was found in Automatic Question Paper Generator 1.0. I ...) NOT-FOR-US: Automatic Question Paper Generator CVE-2022-1072 REJECTED CVE-2022-27494 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) NOT-FOR-US: Aethon TUG Home Base Server CVE-2022-26423 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) NOT-FOR-US: Aethon TUG Home Base Server CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3 NOTE: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f CVE-2022-1070 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) NOT-FOR-US: Aethon TUG Home Base Server CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a ...) NOT-FOR-US: Softing Industrial Automation CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...) NOT-FOR-US: Modbus Tools Modbus Slave CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...) NOT-FOR-US: LifePoint Informatics Patient Portal CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking ...) NOT-FOR-US: Vikbooking CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Bo ...) NOT-FOR-US: Vikbooking CVE-2022-27861 (Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <=4 ...) NOT-FOR-US: WordPress plugin CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-27857 RESERVED CVE-2022-27856 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atl ...) NOT-FOR-US: WordPress plugin CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...) NOT-FOR-US: WordPress plugin CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) NOT-FOR-US: WordPress plugin CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-27851 (Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) < ...) NOT-FOR-US: WordPress plugin CVE-2022-27850 (Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-27849 (Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat ...) NOT-FOR-US: WordPress plugin CVE-2022-27848 (Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Moder ...) NOT-FOR-US: WordPress plugin CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...) NOT-FOR-US: WordPress plugin CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...) NOT-FOR-US: WordPress plugin CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...) NOT-FOR-US: WordPress plugin CVE-2022-1066 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) NOT-FOR-US: Aethon TUG Home Base Server CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...) NOT-FOR-US: Abacus ERP CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...) NOT-FOR-US: forkcms CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-1062 (The th23 Social WordPress plugin through 1.2.0 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522 CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...) {DSA-5111-1 DLA-2993-1 DLA-2968-1} - zlib 1:1.2.11.dfsg-4 (bug #1008265) - libz-mingw-w64 1.2.11+dfsg-5 [bullseye] - libz-mingw-w64 (Minor issue) [buster] - libz-mingw-w64 (Minor issue) NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 NOTE: https://www.openwall.com/lists/oss-security/2022/03/24/1 NOTE: Details: https://www.openwall.com/lists/oss-security/2022/03/26/1 NOTE: https://www.openwall.com/lists/oss-security/2022/03/27/1 NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/1 CVE-2022-27843 (DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 all ...) NOT-FOR-US: Samsung CVE-2022-27842 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22 ...) NOT-FOR-US: Samsung CVE-2022-27841 (Improper exception handling in Samsung Pass prior to version 3.7.07.5 ...) NOT-FOR-US: Samsung CVE-2022-27840 (Improper access control vulnerability in SamsungRecovery prior to vers ...) NOT-FOR-US: Samsung CVE-2022-27839 (Improper authentication vulnerability in SecretMode in Samsung Interne ...) NOT-FOR-US: Samsung CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior to versio ...) NOT-FOR-US: Samsung CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to version ...) NOT-FOR-US: Samsung CVE-2022-27836 (Improper access control and path traversal vulnerability in Storage Ma ...) NOT-FOR-US: Samsung CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-27834 (Use after free vulnerability in dsp_context_unload_graph function of D ...) NOT-FOR-US: Samsung CVE-2022-27833 (Improper input validation in DSP driver prior to SMR Apr-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-27832 (Improper boundary check in media.extractor library prior to SMR Apr-20 ...) NOT-FOR-US: Samsung CVE-2022-27831 (Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior ...) NOT-FOR-US: Samsung CVE-2022-27830 (Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 ...) NOT-FOR-US: Samsung CVE-2022-27829 (Improper validation vulnerability in VerifyCredentialResponse prior to ...) NOT-FOR-US: Samsung CVE-2022-27828 (Improper validation vulnerability in MediaMonitorEvent prior to SMR Ap ...) NOT-FOR-US: Samsung CVE-2022-27827 (Improper validation vulnerability in MediaMonitorDimension prior to SM ...) NOT-FOR-US: Samsung CVE-2022-27826 (Improper validation vulnerability in SemSuspendDialogInfo prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-27825 (Improper size check in sapefd_parse_meta_HEADER function of libsapeext ...) NOT-FOR-US: Samsung CVE-2022-27824 (Improper size check of in sapefd_parse_meta_DESCRIPTION function of li ...) NOT-FOR-US: Samsung CVE-2022-27823 (Improper size check in sapefd_parse_meta_HEADER_old function of libsap ...) NOT-FOR-US: Samsung CVE-2022-27822 (Information exposure vulnerability in ril property setting prior to SM ...) NOT-FOR-US: Samsung CVE-2022-27821 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...) NOT-FOR-US: Samsung CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...) - zaproxy (bug #897142) CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...) NOT-FOR-US: SWHKD CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...) NOT-FOR-US: SWHKD CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users. This cou ...) NOT-FOR-US: SWHKD CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...) NOT-FOR-US: SWHKD CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...) NOT-FOR-US: SWHKD CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.) NOT-FOR-US: SWHKD CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured memory prot ...) NOT-FOR-US: Motorola CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2 ...) NOT-FOR-US: Flooding SNS firewall CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...) - ocrfeeder 0.8.5-1 (bug #1008320) [bullseye] - ocrfeeder (Minor issue) [buster] - ocrfeeder (Minor issue) [stretch] - ocrfeeder (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13 NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5) NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5) CVE-2022-27810 (It was possible to trigger an infinite recursion condition in the erro ...) NOT-FOR-US: Facebook Hermes CVE-2022-27809 RESERVED CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27801 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27800 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27799 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27798 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27797 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27796 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27795 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27794 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27793 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27792 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27791 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27790 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27789 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27788 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27787 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27786 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27785 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) NOT-FOR-US: Adobe CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) NOT-FOR-US: Adobe CVE-2022-27660 (A denial of service vulnerability exists in the confctl_set_guest_wlan ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-27633 (An information disclosure vulnerability exists in the confctl_get_gues ...) NOT-FOR-US: TCL LinkHub Mesh Wifi CVE-2022-27630 (An information disclosure vulnerability exists in the confctl_get_mast ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-27185 (A denial of service vulnerability exists in the confctl_set_master_wla ...) NOT-FOR-US: TCL LinkHub Mesh Wifi CVE-2022-27178 (A denial of service vulnerability exists in the confctl_set_wan_cfg fu ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-26346 (A denial of service vulnerability exists in the ucloud_del_node functi ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-1060 RESERVED CVE-2022-27782 (libcurl would reuse a previously created connection even when a TLS or ...) {DSA-5197-1 DLA-3085-1} - curl 7.83.1-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/5 NOTE: https://curl.se/docs/CVE-2022-27782.html NOTE: Fixed by: https://github.com/curl/curl/commit/f18af4f874cecab82a9797e8c7541e0990c7a64c (curl-7_83_1) NOTE: Fixed by: https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5 (curl-7_83_1) CVE-2022-27781 (libcurl provides the `CURLOPT_CERTINFO` option to allow applications t ...) {DSA-5197-1 DLA-3085-1} - curl 7.83.1-1 NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/4 NOTE: https://curl.se/docs/CVE-2022-27781.html NOTE: Introduced by: https://github.com/curl/curl/commit/f6c335d63f2da025a0a3efde1fe59e3bb7189b70 (curl-7_34_0) NOTE: Fixed by: https://github.com/curl/curl/commit/curl-7_83_1) CVE-2022-27780 (The curl URL parser wrongly accepts percent-encoded URL separators lik ...) - curl 7.83.1-1 [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/3 NOTE: https://curl.se/docs/CVE-2022-27780.html NOTE: Introduced by: https://github.com/curl/curl/commit/9a8564a920188e49d5bd8c1c8573ddef97f6e03a (curl-7_80_0) NOTE: Fixed by: https://github.com/curl/curl/commit/914aaab9153764ef8fa4178215b8ad89d3ac263a (curl-7_83_1) CVE-2022-27779 (libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) ...) - curl 7.83.1-1 [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/2 NOTE: https://curl.se/docs/CVE-2022-27779.html NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0) NOTE: Fixed by: https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59 (curl-7_83_1) CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in 7.83.1 might ...) - curl 7.83.1-1 [bullseye] - curl (Vulnerable code introduced later) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/1 NOTE: https://curl.se/docs/CVE-2022-27778.html NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1) CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ...) {DSA-5372-1 DLA-3093-1} - rails 2:6.1.6.1+dfsg-1 (bug #1016982) NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1) NOTE: Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6) NOTE: Fixed by: https://github.com/rails/rails/commit/36a6dad07d572a0098c29d6d96a226638a7caa38 (v6.0.4.8) NOTE: Regression fix: https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3 (v6.0.5) NOTE: Fixed by: https://github.com/rails/rails/commit/1278c0f0b4a18ea199f92b666b8b94954a74c20b (v5.2.7.1) NOTE: Regression fix: https://github.com/rails/rails/commit/a1b8a9b5e5a905d0aeabf532e3f6b74116d5cce6 (v5.2.8) CVE-2022-27776 (A insufficiently protected credentials vulnerability in fixed in curl ...) {DSA-5197-1 DLA-3085-1} - curl 7.83.0-1 (bug #1010252) NOTE: https://curl.se/docs/CVE-2022-27776.html NOTE: Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0) CVE-2022-27775 (An information disclosure vulnerability exists in curl 7.65.0 to 7.82. ...) {DSA-5197-1} - curl 7.83.0-1 (bug #1010253) [buster] - curl (Vulnerable code introduced later) [stretch] - curl (Vulnerable code introduced later) NOTE: https://curl.se/docs/CVE-2022-27775.html NOTE: Introduced by: https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898 (curl-7_65_0) NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0) CVE-2022-27774 (An insufficiently protected credentials vulnerability exists in curl 4 ...) {DSA-5197-1 DLA-3288-1} - curl 7.83.0-1 (bug #1010254) NOTE: https://curl.se/docs/CVE-2022-27774.html NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0) NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0) CVE-2022-27773 (A privilege escalation vulnerability is identified in Ivanti EPM (LAND ...) NOT-FOR-US: Ivanti CVE-2022-27772 (spring-boot versions prior to version v2.2.11.RELEASE was vulnerable t ...) NOT-FOR-US: Spring Boot CVE-2022-27771 RESERVED CVE-2022-27770 RESERVED CVE-2022-27769 RESERVED CVE-2022-27768 RESERVED CVE-2022-27767 RESERVED CVE-2022-27766 RESERVED CVE-2022-27765 RESERVED CVE-2022-27764 RESERVED CVE-2022-27763 RESERVED CVE-2022-27762 RESERVED CVE-2022-27761 RESERVED CVE-2022-27760 RESERVED CVE-2022-27759 RESERVED CVE-2022-27758 RESERVED CVE-2022-27757 RESERVED CVE-2022-27756 RESERVED CVE-2022-27755 RESERVED CVE-2022-27754 RESERVED CVE-2022-27753 RESERVED CVE-2022-27752 RESERVED CVE-2022-27751 RESERVED CVE-2022-27750 RESERVED CVE-2022-27749 RESERVED CVE-2022-27748 RESERVED CVE-2022-27747 RESERVED CVE-2022-27746 RESERVED CVE-2022-27745 RESERVED CVE-2022-27744 RESERVED CVE-2022-27743 RESERVED CVE-2022-27742 RESERVED CVE-2022-27741 RESERVED CVE-2022-27740 RESERVED CVE-2022-27739 RESERVED CVE-2022-27738 RESERVED CVE-2022-27737 RESERVED CVE-2022-27736 RESERVED CVE-2022-27735 RESERVED CVE-2022-27734 RESERVED CVE-2022-27733 RESERVED CVE-2022-27732 RESERVED CVE-2022-27731 RESERVED CVE-2022-27730 RESERVED CVE-2022-27729 RESERVED CVE-2022-27728 RESERVED CVE-2022-27727 RESERVED CVE-2022-27726 RESERVED CVE-2022-27725 RESERVED CVE-2022-27724 RESERVED CVE-2022-27723 RESERVED CVE-2022-27722 RESERVED CVE-2022-27721 RESERVED CVE-2022-27720 RESERVED CVE-2022-27719 RESERVED CVE-2022-27718 RESERVED CVE-2022-27717 RESERVED CVE-2022-27716 RESERVED CVE-2022-27715 RESERVED CVE-2022-27714 RESERVED CVE-2022-27713 RESERVED CVE-2022-27712 RESERVED CVE-2022-27711 RESERVED CVE-2022-27710 RESERVED CVE-2022-27709 RESERVED CVE-2022-27708 RESERVED CVE-2022-27707 RESERVED CVE-2022-27706 RESERVED CVE-2022-27705 RESERVED CVE-2022-27704 RESERVED CVE-2022-27703 RESERVED CVE-2022-27702 RESERVED CVE-2022-27701 RESERVED CVE-2022-27700 RESERVED CVE-2022-27699 RESERVED CVE-2022-27698 RESERVED CVE-2022-27697 RESERVED CVE-2022-27696 RESERVED CVE-2022-27695 RESERVED CVE-2022-27694 RESERVED CVE-2022-27693 RESERVED CVE-2022-27692 RESERVED CVE-2022-27691 RESERVED CVE-2022-27690 RESERVED CVE-2022-27689 RESERVED CVE-2022-27688 RESERVED CVE-2022-27687 RESERVED CVE-2022-27686 RESERVED CVE-2022-27685 RESERVED CVE-2022-27684 RESERVED CVE-2022-27683 RESERVED CVE-2022-27682 RESERVED CVE-2022-27681 RESERVED CVE-2022-27680 RESERVED CVE-2022-27679 RESERVED CVE-2022-27678 RESERVED CVE-2022-27677 (Failure to validate privileges during installation of AMD Ryzen\u2122 ...) NOT-FOR-US: AMD CVE-2022-27676 REJECTED CVE-2022-27675 REJECTED CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD \u03bc ...) NOT-FOR-US: AMD CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...) NOT-FOR-US: AMD CVE-2022-27672 (When SMT is enabled, certain AMD processors may speculatively execute ...) - linux 6.1.12-1 - xen 4.17.0+46-gaaf74a532c-1 (bug #1031567) [bullseye] - xen (Vulnerable code not present) [buster] - xen (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/4 NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045 NOTE: https://xenbits.xen.org/xsa/advisory-426.html NOTE: https://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...) NOT-FOR-US: SAP CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...) NOT-FOR-US: SAP CVE-2022-27669 (An unauthenticated user can use functions of XML Data Archiving Servic ...) NOT-FOR-US: SAP CVE-2022-27668 (Depending on the configuration of the route permission table in file ' ...) NOT-FOR-US: SAP CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...) NOT-FOR-US: SAP CVE-2022-1059 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) NOT-FOR-US: Aethon TUG Home Base Server CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...) - gitea CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...) NOT-FOR-US: WordPress plugin CVE-2021-46739 RESERVED CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) {DSA-5173-1 DSA-5127-1} - linux 5.16.18-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8) CVE-2022-27665 (Reflected XSS (via AngularJS sandbox escape expressions) exists in Pro ...) NOT-FOR-US: Progress Ipswitch WS_FTP Server CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ...) - golang-1.19 1.19.1-1 - golang-1.18 1.18.6-1 - golang-1.17 - golang-1.15 [bullseye] - golang-1.15 (Minor issue) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) - golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1 [bullseye] - golang-golang-x-net (Minor issue) - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s NOTE: https://github.com/golang/go/issues/54658 NOTE: https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) NOTE: https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) NOTE: https://github.com/golang/net/commit/f3363e06e74cdc304618bf31d898b78590103527 (v0.1.0) CVE-2022-27663 RESERVED CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...) NOT-FOR-US: SAP CVE-2022-27657 (A highly privileged remote attacker, can gain unauthorized access to d ...) NOT-FOR-US: SAP CVE-2022-27656 (The Web administration UI of SAP Web Dispatcher and the Internet Commu ...) NOT-FOR-US: SAP CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) receive ...) NOT-FOR-US: SAP CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...) NOT-FOR-US: SAP CVE-2022-26518 (An OS command injection vulnerability exists in the console infactory_ ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26422 RESERVED CVE-2022-26420 (An OS command injection vulnerability exists in the console infactory_ ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26075 (An OS command injection vulnerability exists in the console infactory_ ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...) - tiff 4.4.0~rc1-1 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/307 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c (v4.4.0rc1) NOTE: Crash in CLI tool, no security impact CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4. ...) - weechat 3.4.1-1 [bullseye] - weechat (Vulnerable code introduced later) [buster] - weechat (Vulnerable code introduced later) [stretch] - weechat (Vulnerable code introduced later) NOTE: https://weechat.org/doc/security/WSA-2022-1/ NOTE: https://github.com/weechat/weechat/issues/1763 NOTE: Fixed by: https://github.com/weechat/weechat/commit/710247891cdfd4e66ee6d1715e93626def6871f1 (v3.4.1) NOTE: weechat.network.gnutls_ca_system/gnutls_ca_user introduced by: https://github.com/weechat/weechat/commit/c588ee21bc8fd33678893d5c67616033281032e3 (v3.2-rc1) CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly started w ...) - cri-o (bug #979702) CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started ...) [experimental] - golang-github-containers-buildah 1.27.0+ds1-2 - golang-github-containers-buildah 1.28.0+ds1-2 (bug #1009882) [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...) - crun 1.5+dfsg-1 (bug #1009881) [bullseye] - crun 0.17+dfsg-1+deb11u1 NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4) CVE-2022-27649 (A flaw was found in Podman, where containers were started incorrectly ...) - libpod 3.4.6+ds1-1 (bug #1020906) [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2 NOTE: https://github.com/containers/podman/releases/tag/v4.0.3 NOTE: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main) NOTE: https://github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13 (v4.0.3) CVE-2022-27648 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: KOYO Screen Creator CVE-2022-27647 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2022-27646 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2022-27645 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2022-27644 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2022-27643 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2022-27642 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2022-27641 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2022-27640 (A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versi ...) NOT-FOR-US: Siemens CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3) CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-1053 (Keylime does not enforce that the agent registrar data is the same whe ...) NOT-FOR-US: Keylime CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7 NOTE: https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4 CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) NOT-FOR-US: WordPress plugin CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) {DLA-3362-1} - qemu 1:7.1+dfsg-2 (bug #1014589) [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 [stretch] - qemu (rdma devices introduced in v2.12) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (master, after v7.2.0) NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4 until 1:4.1-1 NOTE: 1:5.2+dfsg-11+deb11u3 changelog incorrectly lists CVE-2023-1544 as fixed instead of CVE-2022-1050. CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...) {DSA-5226-1 DLA-3108-1} - pcs 0.11.3-1 [stretch] - pcs (Vulnerable code introduced later, ./pcs/daemon/ not present) NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5 NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10) CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel\u2019s sound subsy ...) {DSA-5173-1 DSA-5127-1} - linux 5.16.18-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706 NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4 CVE-2022-1047 (The Themify Post Type Builder Search Addon WordPress plugin before 1.4 ...) NOT-FOR-US: WordPress plugin CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...) NOT-FOR-US: Trudesk CVE-2022-1044 (Sensitive Data Exposure Due To Insecure Storage Of Profile Image in Gi ...) NOT-FOR-US: Trudesk CVE-2022-1043 (A flaw was found in the Linux kernel\u2019s io_uring implementation. T ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997328 NOTE: https://git.kernel.org/linus/a30f895ad3239f45012e860d4f94c1a388b36d14 (5.14-rc7) NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-1043.c CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...) NOT-FOR-US: Zyphyr CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...) NOT-FOR-US: Zyphyr CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) {DLA-3596-1} - firmware-nonfree (bug #1051892) [bookworm] - firmware-nonfree (Non-free not supported) [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html NOTE: Fixed upstream in linux-firmware/20230804 CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...) NOT-FOR-US: Synology CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...) NOT-FOR-US: Synology CVE-2022-27624 (A vulnerability regarding improper restriction of operations within th ...) NOT-FOR-US: Synology CVE-2022-27623 (Missing authentication for critical function vulnerability in iSCSI ma ...) NOT-FOR-US: Synology DiskStation Manager (DSM) CVE-2022-27622 (Server-Side Request Forgery (SSRF) vulnerability in Package Center fun ...) NOT-FOR-US: Synology DiskStation Manager (DSM) CVE-2022-27621 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-27620 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-27619 (Cleartext transmission of sensitive information vulnerability in authe ...) NOT-FOR-US: Synology Note Station Client CVE-2022-27618 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-27617 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-27616 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-27615 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: Synology CVE-2022-27613 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2022-27612 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) NOT-FOR-US: Synology CVE-2022-27611 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-27610 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...) NOT-FOR-US: Forcepoint One Endpoint CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...) NOT-FOR-US: Forcepoint One Endpoint CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...) NOT-FOR-US: Bento4 CVE-2022-27606 RESERVED CVE-2022-27605 RESERVED CVE-2022-27604 RESERVED CVE-2022-27603 RESERVED CVE-2022-27602 RESERVED CVE-2022-27601 RESERVED CVE-2022-27600 RESERVED CVE-2022-27599 (An insertion of sensitive information into Log file vulnerability has ...) NOT-FOR-US: QNAP CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating systems. If ...) NOT-FOR-US: QNAP CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating systems. If ...) NOT-FOR-US: QNAP CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...) NOT-FOR-US: QNAP CVE-2022-27595 RESERVED CVE-2022-27594 RESERVED CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...) NOT-FOR-US: QNAP CVE-2022-27592 RESERVED CVE-2022-27591 RESERVED CVE-2022-27590 RESERVED CVE-2022-27589 RESERVED CVE-2022-27588 (We have already fixed this vulnerability in the following versions of ...) NOT-FOR-US: QNAP CVE-2022-27587 RESERVED CVE-2022-27586 (Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 wit ...) NOT-FOR-US: SICK SIM1004 Partnumber 1098148 CVE-2022-27585 (Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 ...) NOT-FOR-US: SICK SIM1000 FX Partnumber 1097816 and 1097817 CVE-2022-27584 (Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 a ...) NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 and 1080579 CVE-2022-27583 (A remote unprivileged attacker can interact with the configuration int ...) NOT-FOR-US: Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 CVE-2022-27582 (Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 10787 ...) NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787 CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmwa ...) NOT-FOR-US: SICK CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...) NOT-FOR-US: SICK CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...) NOT-FOR-US: SICK CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...) NOT-FOR-US: SICK CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...) NOT-FOR-US: SICK CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior to SMR Ap ...) NOT-FOR-US: Samsung CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR April-2 ...) NOT-FOR-US: Samsung CVE-2022-27574 (Improper input validation vulnerability in parser_iloc and sheifd_find ...) NOT-FOR-US: Samsung CVE-2022-27573 (Improper input validation vulnerability in parser_infe and sheifd_find ...) NOT-FOR-US: Samsung CVE-2022-27572 (Heap-based buffer overflow vulnerability in parser_ipma function of li ...) NOT-FOR-US: Samsung CVE-2022-27571 (Heap-based buffer overflow vulnerability in sheifd_get_info_image func ...) NOT-FOR-US: Samsung CVE-2022-27570 (Heap-based buffer overflow vulnerability in parser_single_iref functio ...) NOT-FOR-US: Samsung CVE-2022-27569 (Heap-based buffer overflow vulnerability in parser_infe function in li ...) NOT-FOR-US: Samsung CVE-2022-27568 (Heap-based buffer overflow vulnerability in parser_iloc function in li ...) NOT-FOR-US: Samsung CVE-2022-27567 (Null pointer dereference vulnerability in parser_hvcC function of libs ...) NOT-FOR-US: Samsung CVE-2022-27566 RESERVED CVE-2022-27565 RESERVED CVE-2022-27564 RESERVED CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault Expres ...) NOT-FOR-US: HCL CVE-2022-27562 RESERVED CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...) NOT-FOR-US: HCL CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials.) NOT-FOR-US: HCL CVE-2022-27559 RESERVED CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...) NOT-FOR-US: HCL CVE-2022-27557 RESERVED CVE-2022-27556 RESERVED CVE-2022-27555 RESERVED CVE-2022-27554 RESERVED CVE-2022-27553 RESERVED CVE-2022-27552 RESERVED CVE-2022-27551 (HCL Launch could allow an authenticated user to obtain sensitive infor ...) NOT-FOR-US: HCL CVE-2022-27550 RESERVED CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a plain ...) NOT-FOR-US: HCL CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...) NOT-FOR-US: HCL CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain vulnerabili ...) NOT-FOR-US: HCL CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...) NOT-FOR-US: HCL CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...) NOT-FOR-US: BigFix Web Reports CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear ...) NOT-FOR-US: BigFix Web Reports CVE-2022-27543 RESERVED CVE-2022-27542 RESERVED CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-27540 RESERVED CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) NOT-FOR-US: HP CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) NOT-FOR-US: HP CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...) - golang-1.18 (MacOS-specific) - golang-1.17 (MacOS-specific) NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 NOTE: https://go.dev/issue/51759 CVE-2022-27535 (Kaspersky VPN Secure Connection for Windows version up to 21.5 was vul ...) NOT-FOR-US: Kaspersky VPN Secure Connection for Windows CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...) NOT-FOR-US: Kaspersky CVE-2022-27533 RESERVED CVE-2022-27532 (A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can b ...) NOT-FOR-US: Autodesk CVE-2022-27531 (A maliciously crafted TIF file can be forced to read beyond allocated ...) NOT-FOR-US: Autodesk CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, ...) NOT-FOR-US: Autodesk CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2 ...) NOT-FOR-US: Autodesk CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...) NOT-FOR-US: Autodesk CVE-2022-27527 (A Memory Corruption vulnerability may lead to code execution through m ...) NOT-FOR-US: Autodesk CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) NOT-FOR-US: Autodesk CVE-2022-27525 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) NOT-FOR-US: Autodesk CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...) NOT-FOR-US: Autodesk CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022 may lead ...) NOT-FOR-US: Autodesk CVE-2022-27522 RESERVED CVE-2022-27521 RESERVED CVE-2022-27520 RESERVED CVE-2022-27519 RESERVED CVE-2022-27518 (Unauthenticated remote arbitrary code execution) NOT-FOR-US: Citrix CVE-2022-27517 RESERVED CVE-2022-27516 (User login brute force protection functionality bypass) NOT-FOR-US: Citrix CVE-2022-27515 RESERVED CVE-2022-27514 RESERVED CVE-2022-27513 (Remote desktop takeover via phishing) NOT-FOR-US: Citrix CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...) NOT-FOR-US: Citrix CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...) NOT-FOR-US: Citrix CVE-2022-27510 (Unauthorized access to Gateway user capabilities) NOT-FOR-US: Citrix CVE-2022-27509 (Unauthenticated redirection to a malicious website) NOT-FOR-US: Citrix CVE-2022-27508 (Unauthenticated denial of service) NOT-FOR-US: Citrix CVE-2022-27507 (Authenticated denial of service) NOT-FOR-US: Citrix CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...) NOT-FOR-US: Citrix CVE-2022-27505 (Reflected cross site scripting (XSS)) NOT-FOR-US: Citrix CVE-2022-27504 RESERVED CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...) NOT-FOR-US: Citrix CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privil ...) NOT-FOR-US: RealVNC VNC Server CVE-2022-27501 RESERVED CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...) NOT-FOR-US: Intel CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in the Intel ...) NOT-FOR-US: Intel CVE-2022-27229 (Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7D ...) NOT-FOR-US: Intel CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...) NOT-FOR-US: Splunk CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...) NOT-FOR-US: Intel CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...) NOT-FOR-US: Splunk CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...) NOT-FOR-US: Intel CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and Standard ...) NOT-FOR-US: Intel CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...) NOT-FOR-US: Splunk CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool ...) NOT-FOR-US: Intel CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...) NOT-FOR-US: Intel CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...) NOT-FOR-US: Intel CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...) NOT-FOR-US: Sophos CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...) NOT-FOR-US: Red Lion CVE-2022-1038 (A potential security vulnerability has been identified in the HP Jumps ...) NOT-FOR-US: HP CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code executi ...) NOT-FOR-US: WhatsApp CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...) NOT-FOR-US: FortiGuard CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...) NOT-FOR-US: Fortinet CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise v ...) NOT-FOR-US: FortiGuard CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...) NOT-FOR-US: Fortinet CVE-2022-27486 RESERVED CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...) NOT-FOR-US: Fortinet CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...) NOT-FOR-US: FortiGuard CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-27482 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...) NOT-FOR-US: Siemens CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...) NOT-FOR-US: Apache Superset CVE-2022-27478 (Victor v1.0 was discovered to contain a remote code execution (RCE) vu ...) NOT-FOR-US: Victor CMS CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: Newbee-Mall CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/update in N ...) NOT-FOR-US: Newbee-Mall CVE-2022-27475 (Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-syste ...) NOT-FOR-US: tramyardg hotel-mgmt-system CVE-2022-27474 (SuiteCRM v7.11.23 was discovered to allow remote code execution via a ...) NOT-FOR-US: SuiteCRM CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of Roothub 2.6 ...) NOT-FOR-US: Roothub CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of Roothub 2.6. ...) NOT-FOR-US: Roothub CVE-2022-27471 RESERVED CVE-2022-27470 (SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memor ...) - libsdl2-ttf 2.0.18+dfsg-3 (bug #1010671) [bullseye] - libsdl2-ttf (Vulnerable code not present) [buster] - libsdl2-ttf (Vulnerable code not present) [stretch] - libsdl2-ttf (Vulnerable code not present) NOTE: https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 NOTE: https://github.com/libsdl-org/SDL_ttf/issues/187 NOTE: Introduced in https://github.com/libsdl-org/SDL_ttf/commit/31589bd7316d946d2eb122afaed68bc9b9b0fceb CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...) NOT-FOR-US: Monstaftp CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...) NOT-FOR-US: Monstaftp CVE-2022-27467 RESERVED CVE-2022-27466 (MCMS v5.2.27 was discovered to contain a SQL injection vulnerability i ...) NOT-FOR-US: MCMS CVE-2022-27465 RESERVED CVE-2022-27464 RESERVED CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AVideo t ...) NOT-FOR-US: WWBN AVideo CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...) NOT-FOR-US: WWBN AVideo CVE-2022-27461 (In nopCommerce 4.50.1, an open redirect vulnerability can be triggered ...) NOT-FOR-US: nopCommerce CVE-2022-27460 RESERVED CVE-2022-27459 RESERVED CVE-2022-27458 REJECTED CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28098 CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28093 CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28097 CVE-2022-27454 RESERVED CVE-2022-27453 RESERVED CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28090 CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28094 CVE-2022-27450 RESERVED CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28089 CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below via 'n ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28095 CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-after-f ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28099 CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28082 CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28081 NOTE: https://jira.mariadb.org/browse/MDEV-19398 CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28080 CVE-2022-27443 RESERVED CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...) NOT-FOR-US: TPCMS CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows ...) NOT-FOR-US: TPCMS CVE-2022-27440 RESERVED CVE-2022-27439 RESERVED CVE-2022-27438 (Caphyon Ltd Advanced Installer 19.3 and earlier and many products that ...) NOT-FOR-US: Caphyon Ltd Advanced Installer CVE-2022-27437 RESERVED CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...) NOT-FOR-US: Ecommerce-Website CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...) NOT-FOR-US: ashymuzuro/Full-Ecommece-Website CVE-2022-27434 (UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to cont ...) NOT-FOR-US: UNIT4 CVE-2022-27433 RESERVED CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...) NOT-FOR-US: Pluck CMS CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Wuzhicms CVE-2022-27430 RESERVED CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forger ...) NOT-FOR-US: Jizhicms CVE-2022-27428 (A stored cross-site scripting (XSS) vulnerability in /index.php/album/ ...) NOT-FOR-US: GalleryCMS CVE-2022-27427 REJECTED CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows at ...) NOT-FOR-US: Chamilo LMS CVE-2022-27425 (Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting ...) NOT-FOR-US: Chamilo LMS CVE-2022-27424 RESERVED CVE-2022-27423 (Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Chamilo LMS CVE-2022-27422 (A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1 ...) NOT-FOR-US: Chamilo LMS CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification form, a ...) NOT-FOR-US: Chamilo LMS CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...) [experimental] - rtl-433 21.12+git20220718+ds-1 - rtl-433 21.12+git20220718+ds-2 (bug #1009788) [bullseye] - rtl-433 (Vulnerable code introduced later) NOTE: https://github.com/merbanan/rtl_433/issues/2012 NOTE: Introduced by: https://github.com/merbanan/rtl_433/commit/1a9b05cb1b9af1a639fa765ee4a7939ca7d6dd32 (21.12) NOTE: Fixed by: https://github.com/merbanan/rtl_433/commit/37455483889bd1c641bdaafc493d1cc236b74904 CVE-2022-27418 (Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math ...) - tcpreplay 4.4.1-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/703 NOTE: https://github.com/appneta/tcpreplay/pull/712 NOTE: https://github.com/appneta/tcpreplay/commit/e2ac765a25e902728b6d4a825358aa536e6668c2 (v4.4.1) NOTE: https://github.com/appneta/tcpreplay/commit/7248ddb7ddd363b15b86e65022773f791764c33a (v4.4.1) NOTE: https://github.com/appneta/tcpreplay/commit/b63f1697c9eae73c7880882e14f9a0ec9545f19a (v4.4.1) NOTE: NOTE: Crash in CLI tool, no security impact CVE-2022-27417 RESERVED CVE-2022-27416 (Tcpreplay v4.4.1 was discovered to contain a double-free via __interce ...) - tcpreplay 4.4.1-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/702 NOTE: https://github.com/appneta/tcpreplay/pull/711 NOTE: https://github.com/appneta/tcpreplay/commit/9297ac29af91324e3f94580b8ffc2a40a4d59e98 (v4.4.1) NOTE: https://github.com/appneta/tcpreplay/commit/45cb2ac23213861749d82ad3524f46e347d308a3 (v4.4.1) NOTE: NOTE: Crash in CLI tool, no security impact CVE-2022-27415 RESERVED CVE-2022-27414 RESERVED CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-27412 (Explore CMS v1.0 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: Explore CMS CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a comman ...) NOT-FOR-US: TOTOLINK CVE-2022-27410 RESERVED CVE-2022-27409 RESERVED CVE-2022-27408 RESERVED CVE-2022-27407 RESERVED CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ...) - freetype 2.11.1+dfsg-2 (bug #1010183) [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 [buster] - freetype 2.9.1-3+deb10u3 [stretch] - freetype (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 (VER-2-12-0) CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...) - freetype 2.11.1+dfsg-2 (bug #1010183) [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 [buster] - freetype 2.9.1-3+deb10u3 [stretch] - freetype (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 (VER-2-12-0) CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...) - freetype 2.11.1+dfsg-2 (bug #1010183) [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 [buster] - freetype 2.9.1-3+deb10u3 [stretch] - freetype (Minor issue) NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db (VER-2-12-0) CVE-2022-27403 RESERVED CVE-2022-27402 RESERVED CVE-2022-27401 RESERVED CVE-2022-27400 RESERVED CVE-2022-27399 RESERVED CVE-2022-27398 RESERVED CVE-2022-27397 RESERVED CVE-2022-27396 RESERVED CVE-2022-27395 RESERVED CVE-2022-27394 RESERVED CVE-2022-27393 RESERVED CVE-2022-27392 RESERVED CVE-2022-27391 RESERVED CVE-2022-27390 RESERVED CVE-2022-27389 RESERVED CVE-2022-27388 RESERVED CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a global buff ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26422 CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26406 CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.13-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.5 onwards) - mariadb-10.1 (Only affects MariaDB 10.5 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26415 CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26047 CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-after- ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26323 CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26402 CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26061 CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Server v10. ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26280 CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of MariaD ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26353 CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26423 CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26281 CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an use-afte ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26354 CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) NOT-FOR-US: Tenda CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) NOT-FOR-US: Tenda CVE-2022-27373 (Shanghai Feixun Data Communication Technology Co., Ltd router fir302b ...) NOT-FOR-US: Shanghai Feixun Data Communication Technology Co CVE-2022-27372 RESERVED CVE-2022-27371 RESERVED CVE-2022-27370 RESERVED CVE-2022-27369 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27368 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27367 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27366 (Cscms Music Portal System v4.2 was discovered to contain a blind SQL i ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27365 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27364 RESERVED CVE-2022-27363 RESERVED CVE-2022-27362 RESERVED CVE-2022-27361 RESERVED CVE-2022-27360 (SpringBlade v3.2.0 and below was discovered to contain a SQL injection ...) NOT-FOR-US: SpringBlade CVE-2022-27359 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a th ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-27358 RESERVED CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...) NOT-FOR-US: Ecommerce-Website CVE-2022-27356 RESERVED CVE-2022-27355 RESERVED CVE-2022-27354 RESERVED CVE-2022-27353 RESERVED CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an arbitrary f ...) NOT-FOR-US: Simple House Rental System CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an arbitrary file ...) NOT-FOR-US: Zoo Management System CVE-2022-27350 RESERVED CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: Social Codia SMS CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored cross-site scri ...) NOT-FOR-US: Social Codia SMS CVE-2022-27347 RESERVED CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary file up ...) NOT-FOR-US: Ecommerce-Website CVE-2022-27345 RESERVED CVE-2022-27344 RESERVED CVE-2022-27343 RESERVED CVE-2022-27342 (Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Link-Admin CVE-2022-27341 (JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: JFinalCMS CVE-2022-27340 (MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/sav ...) NOT-FOR-US: MCMS CVE-2022-27339 RESERVED CVE-2022-27338 RESERVED CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...) {DSA-5224-1 DLA-3120-1} - poppler 22.08.0-2 (bug #1010695) [stretch] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74 (poppler-22.04.0) CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution (RCE) v ...) NOT-FOR-US: Seacms CVE-2022-27335 RESERVED CVE-2022-27334 RESERVED CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) NOT-FOR-US: idcCMS CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to write ent ...) - zammad (bug #841355) CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...) - zammad (bug #841355) CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...) NOT-FOR-US: E-Commerce Website CVE-2022-27329 RESERVED CVE-2022-27328 RESERVED CVE-2022-27327 RESERVED CVE-2022-27326 RESERVED CVE-2022-27325 RESERVED CVE-2022-27324 RESERVED CVE-2022-27323 RESERVED CVE-2022-27322 RESERVED CVE-2022-27321 RESERVED CVE-2022-27320 RESERVED CVE-2022-27319 RESERVED CVE-2022-27318 RESERVED CVE-2022-27317 RESERVED CVE-2022-27316 RESERVED CVE-2022-27315 RESERVED CVE-2022-27314 RESERVED CVE-2022-27313 (An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attac ...) - gitea CVE-2022-27312 RESERVED CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a Server-Side Requ ...) NOT-FOR-US: amro/Gibbon CVE-2022-27310 RESERVED CVE-2022-27309 RESERVED CVE-2022-27308 (A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimp ...) NOT-FOR-US: PHProjekt PhpSimplyGest CVE-2022-27307 RESERVED CVE-2022-27306 REJECTED CVE-2022-27305 (Gibbon v23 does not generate a new session ID cookie after a user auth ...) NOT-FOR-US: GibbonEdu/core CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...) NOT-FOR-US: Student Grading System CVE-2022-27303 RESERVED CVE-2022-27302 RESERVED CVE-2022-27301 RESERVED CVE-2022-27300 RESERVED CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-27298 RESERVED CVE-2022-27297 RESERVED CVE-2022-27296 RESERVED CVE-2022-27295 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27294 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27293 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27292 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27291 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27290 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27289 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27288 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27287 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27286 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) NOT-FOR-US: D-Link CVE-2022-27285 RESERVED CVE-2022-27284 RESERVED CVE-2022-27283 RESERVED CVE-2022-27282 RESERVED CVE-2022-27281 RESERVED CVE-2022-27280 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27279 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27278 RESERVED CVE-2022-27277 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27276 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27275 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27274 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27273 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27272 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27271 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27270 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27269 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27268 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router CVE-2022-27267 RESERVED CVE-2022-27266 RESERVED CVE-2022-27265 RESERVED CVE-2022-27264 RESERVED CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload module of St ...) NOT-FOR-US: Strapi CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload module of Sk ...) NOT-FOR-US: Skipper CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload v1.3.1 all ...) NOT-FOR-US: Express-FileUpload CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload component of ...) NOT-FOR-US: ButterCMS CVE-2022-27259 RESERVED CVE-2022-27232 RESERVED CVE-2022-27179 (A malicious actor having access to the exported configuration file may ...) NOT-FOR-US: Red Lion CVE-2022-26519 (There is no limit to the number of attempts to authenticate for the lo ...) NOT-FOR-US: Hills ComNav CVE-2022-26516 (Authorized users may install a maliciously modified package file when ...) NOT-FOR-US: Red Lion CVE-2022-26419 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple ...) NOT-FOR-US: Omron CX-Position CVE-2022-26417 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use af ...) NOT-FOR-US: Omron CX-Position CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-o ...) NOT-FOR-US: Omron CX-Position CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...) NOT-FOR-US: Omron CX-Position CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that images ad ...) NOT-FOR-US: WordPress plugin CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...) NOT-FOR-US: microweber CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1016443) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...) NOT-FOR-US: ShowDoc CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) NOT-FOR-US: Crater CVE-2022-1032 (Insecure deserialization of not validated module file in GitHub reposi ...) NOT-FOR-US: Crater CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457 NOTE: https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 ...) - hubzilla (bug #950399) CVE-2022-27257 (A PHP Local File Inclusion vulneraility in the default Redbasic theme ...) NOT-FOR-US: Redbasic theme for Hubzilla CVE-2022-27256 (A PHP Local File inclusion vulnerability in the Redbasic theme for Hub ...) NOT-FOR-US: Redbasic theme for Hubzilla CVE-2022-27255 (In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function th ...) NOT-FOR-US: Realtek eCos RSDK CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends the same ...) NOT-FOR-US: Honda CVE-2022-27253 RESERVED CVE-2022-27252 RESERVED CVE-2022-27251 RESERVED CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain remot ...) NOT-FOR-US: UNISOC CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to versio ...) NOT-FOR-US: Okta Advanced Server Access Client CVE-2022-1029 (The Limit Login Attempts WordPress plugin before 4.0.72 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-1028 (The WordPress Security Firewall, Malware Scanner, Secure Login and Bac ...) NOT-FOR-US: WordPress plugin CVE-2022-27249 (An unrestricted file upload vulnerability in IdeaRE RefTree before 202 ...) NOT-FOR-US: IdeaRE RefTree CVE-2022-27248 (A directory traversal vulnerability in IdeaRE RefTree before 2021.09.1 ...) NOT-FOR-US: IdeaRE RefTree CVE-2022-27247 (onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an att ...) NOT-FOR-US: cdSoft Winhotel.MX CVE-2022-27246 (An issue was discovered in MISP before 2.4.156. An SVG org logo (which ...) NOT-FOR-US: MISP CVE-2022-27245 (An issue was discovered in MISP before 2.4.156. app/Model/Server.php d ...) NOT-FOR-US: MISP CVE-2022-27244 (An issue was discovered in MISP before 2.4.156. A malicious site admin ...) NOT-FOR-US: MISP CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/terms.c ...) NOT-FOR-US: MISP CVE-2022-27242 (A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G E ...) NOT-FOR-US: OpenV2G / Siemens CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allo ...) NOT-FOR-US: WordPress plugin CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...) NOT-FOR-US: Kyocera printers CVE-2022-1025 (All unpatched versions of Argo CD starting with v1.0.0 are vulnerable ...) NOT-FOR-US: Argo CD CVE-2022-1024 REJECTED CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository chatwoo ...) NOT-FOR-US: chatwoot CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...) - glewlwyd 2.6.1-2 [bullseye] - glewlwyd (Minor issue) [buster] - glewlwyd (Minor issue) NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2) CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an informatio ...) {DSA-5157-1 DLA-3009-1} - cifs-utils 2:6.14-1.1 (bug #1010818) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15026 NOTE: https://github.com/piastry/cifs-utils/pull/7 NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 (cifs-utils-6.15) CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when parsing ...) {DSA-5157-1 DLA-3009-1} - cifs-utils 2:6.14-1.1 (bug #1010818) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216 NOTE: https://github.com/piastry/cifs-utils/pull/7 NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d (cifs-utils-6.15) CVE-2022-27238 (BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross ...) NOT-FOR-US: BigBlueButton CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...) NOT-FOR-US: NI CVE-2022-27236 RESERVED CVE-2022-26887 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26667 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26666 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26514 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26349 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-1019 (Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vu ...) NOT-FOR-US: Automated Logic WebCtrl Server CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...) NOT-FOR-US: Rockwell Automation CVE-2022-27172 (A hard-coded password vulnerability exists in the console infactory fu ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-1017 RESERVED CVE-2022-1016 (A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5 NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d CVE-2022-1015 (A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_ ...) - linux 5.16.18-1 [bullseye] - linux (Vulnerability introduced later in 5.12-rc1) [buster] - linux (Vulnerability introduced later in 5.12-rc1) [stretch] - linux (Vulnerability introduced later in 5.12-rc1) NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5 NOTE: Introduced by: https://git.kernel.org/linus/49499c3e6e18b7677a63316f3ff54a16533dc28f (4.1-rc1) NOTE: Exploitable after: https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/6e1acfa387b9ff82cfc7db8cc3b6959221a95851 CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to proper ...) NOT-FOR-US: WordPress plugin CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to properl ...) NOT-FOR-US: WordPress plugin CVE-2022-1012 (A memory leak problem was found in the TCP source port generation algo ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 [bullseye] - linux 5.10.127-1 NOTE: https://git.kernel.org/linus/b2d057560b8107c633b39aabe517ff9d93f285e3 (5.18-rc6) CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel\u2019s FUSE filesy ...) {DSA-5173-1 DLA-3065-1} - linux 5.16.18-1 [bullseye] - linux 5.10.106-1 NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8) CVE-2022-1010 (The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and escape a ...) NOT-FOR-US: WordPress plugin CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not sanitise the ...) NOT-FOR-US: WordPress plugin CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...) NOT-FOR-US: OTRS NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...) - mattermost-server (bug #823556) CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...) - mattermost-server (bug #823556) CVE-2022-1001 (The WP Downgrade WordPress plugin before 1.2.3 only perform client sid ...) NOT-FOR-US: WordPress plugin CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...) NOT-FOR-US: prasathmani/tinyfilemanager CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...) NOT-FOR-US: Bitrix Site Manager CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and ...) - pdns-recursor 4.6.1-1 [bullseye] - pdns-recursor (No longer supported with security updates in Bullseye) [buster] - pdns-recursor (Minor issue) [stretch] - pdns-recursor (Minor issue) NOTE: https://github.com/PowerDNS/pdns/commit/ff27c8c8e17bd8093e4668d88865b8eb71039b45 (rec-4.4.8) - pdns 4.6.1-1 [bullseye] - pdns (Minor issue) [buster] - pdns (Minor issue) [stretch] - pdns (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/03/25/1 NOTE: https://github.com/PowerDNS/pdns/commit/57312d230d5c01d9aca58cb29ce87e23ccbbefd2 (auth-4.4.3) CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...) NOT-FOR-US: iRZ Mobile Routers CVE-2022-0999 (An authenticated user may be able to misuse parameters to inject arbit ...) NOT-FOR-US: mySCADA myPRO CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel\u2019s virtio d ...) - linux 5.15.15-1 (unimportant) [bullseye] - linux 5.10.92-1 [buster] - linux (ulnerable code not present) [stretch] - linux (ulnerable code not present) NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6) NOTE: CONFIG_VHOST_VDPA not set in Debian CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...) NOT-FOR-US: Fidelis CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...) {DLA-3399-1} - 389-ds-base 2.0.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 NOTE: https://github.com/389ds/389-ds-base/issues/5221 NOTE: https://github.com/389ds/389-ds-base/commit/b7fd028e5e67686afea617beb1791e9f3e7a4cb9 (389-ds-base-2.1.1) NOTE: https://github.com/389ds/389-ds-base/commit/e6431d959bf3cd07160c5b1822802d5f532d956a (389-ds-base-2.0.15) CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...) - linux 5.16.18-1 [bullseye] - linux 5.10.106-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786 CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...) NOT-FOR-US: Gradle Enterprise CVE-2022-27224 (An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6 ...) NOT-FOR-US: Galleon NTS-6002-GPS CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16 ...) {DLA-3065-1} - linux 5.16.12-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/7f14c7227f342d9932f9b918893c8814f86d2a0d (5.17-rc6) CVE-2022-27222 RESERVED CVE-2022-0993 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...) NOT-FOR-US: WordPress plugin CVE-2022-0992 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...) NOT-FOR-US: WordPress plugin CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) NOT-FOR-US: admidio CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) - calibre-web (bug #982690) CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...) NOT-FOR-US: Mimecast Email Security CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-27220 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-27219 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...) NOT-FOR-US: Siemens CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...) NOT-FOR-US: WordPress plugin CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...) NOT-FOR-US: Delta Electronics CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods exposed ...) - packagekit (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315 NOTE: Negligible security impact CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...) NOT-FOR-US: Hestia Control Panel CVE-2022-0985 (Insufficient capability checks could allow users with the moodle/site: ...) - moodle CVE-2022-0984 (Users with the capability to configure badge criteria (teachers and ma ...) - moodle CVE-2022-0983 (An SQL injection risk was identified in Badges code relating to config ...) - moodle CVE-2022-0982 (The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suff ...) NOT-FOR-US: ACCEL-PPP CVE-2022-0981 (A flaw was found in Quarkus. The state and potentially associated perm ...) NOT-FOR-US: Quarkus CVE-2022-27218 (Jenkins incapptic connect uploader Plugin 1.15 and earlier stores toke ...) NOT-FOR-US: Jenkins plugin CVE-2022-27217 (Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passw ...) NOT-FOR-US: Jenkins plugin CVE-2022-27216 (Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passw ...) NOT-FOR-US: Jenkins plugin CVE-2022-27215 (A missing permission check in Jenkins Release Helper Plugin 1.3.3 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-27214 (A cross-site request forgery (CSRF) vulnerability in Jenkins Release H ...) NOT-FOR-US: Jenkins plugin CVE-2022-27213 (Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-27212 (Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2022-27211 (A missing permission check in Jenkins Kubernetes Continuous Deploy Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-27210 (A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernete ...) NOT-FOR-US: Jenkins plugin CVE-2022-27209 (A missing permission check in Jenkins Kubernetes Continuous Deploy Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-27208 (Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows u ...) NOT-FOR-US: Jenkins plugin CVE-2022-27207 (Jenkins global-build-stats Plugin 1.5 and earlier does not escape mult ...) NOT-FOR-US: Jenkins plugin CVE-2022-27206 (Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLa ...) NOT-FOR-US: Jenkins plugin CVE-2022-27205 (A missing permission check in Jenkins Extended Choice Parameter Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2022-27204 (A cross-site request forgery vulnerability in Jenkins Extended Choice ...) NOT-FOR-US: Jenkins plugin CVE-2022-27203 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-27202 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-27201 (Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict ...) NOT-FOR-US: Jenkins plugin CVE-2022-27200 (Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier doe ...) NOT-FOR-US: Jenkins plugin CVE-2022-27199 (A missing permission check in Jenkins CloudBees AWS Credentials Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2022-27198 (A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees ...) NOT-FOR-US: Jenkins plugin CVE-2022-27197 (Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL va ...) NOT-FOR-US: Jenkins plugin CVE-2022-27196 (Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of ...) NOT-FOR-US: Jenkins plugin CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environ ...) NOT-FOR-US: Jenkins plugin CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...) NOT-FOR-US: CVRF-CSAF-Converter CVE-2022-27192 (The Reporting module in Aseco Lietuva document management system DVS A ...) NOT-FOR-US: Aseco CVE-2022-27191 (The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ...) - golang-go.crypto 1:0.0~git20220315.3147a52-1 [bullseye] - golang-go.crypto (Minor issue) [buster] - golang-go.crypto (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ NOTE: https://github.com/golang/crypto/commit/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d CVE-2022-27190 RESERVED CVE-2022-27175 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26839 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...) NOT-FOR-US: Delta Electronics CVE-2022-26836 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26338 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26069 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26065 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26059 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-26013 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-25980 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-25347 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...) NOT-FOR-US: Delta Electronics CVE-2022-0980 (Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0979 (Use after free in Safe Browsing in Google Chrome on Android prior to 9 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0978 (Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0977 (Use after free in Browser UI in Google Chrome on Chrome OS prior to 99 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0976 (Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 all ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0975 (Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0974 (Use after free in Splitscreen in Google Chrome on Chrome OS prior to 9 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0973 (Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0972 (Use after free in Extensions in Google Chrome prior to 99.0.4844.74 al ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0971 (Use after free in Blink Layout in Google Chrome on Android prior to 99 ...) {DSA-5104-1} - chromium 99.0.4844.74-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-46738 RESERVED CVE-2021-46737 RESERVED CVE-2021-46736 RESERVED CVE-2021-46735 RESERVED CVE-2021-46734 RESERVED CVE-2021-46733 RESERVED CVE-2021-46732 RESERVED CVE-2021-46731 RESERVED CVE-2021-46730 RESERVED CVE-2021-46729 RESERVED CVE-2021-46728 RESERVED CVE-2021-46727 RESERVED CVE-2021-46726 RESERVED CVE-2021-46725 RESERVED CVE-2021-46724 RESERVED CVE-2021-46723 RESERVED CVE-2021-46722 RESERVED CVE-2021-46721 RESERVED CVE-2021-46720 RESERVED CVE-2021-46719 RESERVED CVE-2021-46718 RESERVED CVE-2021-46717 RESERVED CVE-2021-46716 RESERVED CVE-2021-46715 RESERVED CVE-2021-46714 RESERVED CVE-2021-46713 RESERVED CVE-2021-46712 RESERVED CVE-2021-46711 RESERVED CVE-2021-46710 RESERVED CVE-2022-27169 (An information disclosure vulnerability exists in the OAS Engine Secur ...) NOT-FOR-US: Open Automation Software CVE-2022-27167 (Privilege escalation vulnerability in Windows products of ESET, spol. ...) NOT-FOR-US: ESET CVE-2022-27166 (A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS ...) - jspwiki CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...) NOT-FOR-US: WPS Presentation CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware checks fu ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26303 (An external config control vulnerability exists in the OAS Engine Secu ...) NOT-FOR-US: Open Automation Software CVE-2022-26082 (A file write vulnerability exists in the OAS Engine SecureTransferFile ...) NOT-FOR-US: Open Automation Software CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely load shcore ...) NOT-FOR-US: WPS Office CVE-2022-26077 (A cleartext transmission of sensitive information vulnerability exists ...) NOT-FOR-US: Open Automation Software CVE-2022-26067 (An information disclosure vulnerability exists in the OAS Engine Secur ...) NOT-FOR-US: Open Automation Software CVE-2022-26043 (An external config control vulnerability exists in the OAS Engine Secu ...) NOT-FOR-US: Open Automation Software CVE-2022-26026 (A denial of service vulnerability exists in the OAS Engine SecureConfi ...) NOT-FOR-US: Open Automation Software CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load VERSIO ...) NOT-FOR-US: WPS Office CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...) NOT-FOR-US: KINGSOFT CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...) NOT-FOR-US: Grav CMS CVE-2022-0969 (The Image optimization & Lazy Load by Optimole WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-0968 (The microweber application allows large characters to insert in the in ...) NOT-FOR-US: microweber CVE-2022-0967 (Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in Gi ...) NOT-FOR-US: ShowDoc CVE-2022-0966 (Stored XSS via File Upload in star7th/showdoc in GitHub repository sta ...) NOT-FOR-US: ShowDoc CVE-2022-0965 (Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc ...) NOT-FOR-US: ShowDoc CVE-2022-0964 (Stored XSS viva .webmv file upload in GitHub repository star7th/showdo ...) NOT-FOR-US: ShowDoc CVE-2022-0963 (Unrestricted XML Files Leads to Stored XSS in GitHub repository microw ...) NOT-FOR-US: microweber CVE-2022-0962 (Stored XSS viva .webma file upload in GitHub repository star7th/showdo ...) NOT-FOR-US: ShowDoc CVE-2022-0961 (The microweber application allows large characters to insert in the in ...) NOT-FOR-US: microweber CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star7th/s ...) NOT-FOR-US: ShowDoc CVE-2022-0959 (A malicious, but authorised and authenticated user can construct an HT ...) - pgadmin4 (bug #834129) CVE-2022-0958 (The Mark Posts WordPress plugin before 2.0.1 does not escape new marke ...) NOT-FOR-US: WordPress plugin CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...) NOT-FOR-US: ShowDoc CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...) NOT-FOR-US: ShowDoc CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data- ...) NOT-FOR-US: pimcore CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...) NOT-FOR-US: microweber CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not have aut ...) NOT-FOR-US: WordPress plugin CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...) NOT-FOR-US: ShowDoc CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...) NOT-FOR-US: ShowDoc CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...) NOT-FOR-US: WordPress plugin CVE-2022-0948 (The Order Listener for WooCommerce WordPress plugin before 3.2.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-XXXX [wordpress 5.9.2] - wordpress 5.9.2+dfsg1-1 (bug #1007145; bug #1007005) [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 [buster] - wordpress 5.0.17+dfsg1-0+deb10u1 [stretch] - wordpress 4.7.23+dfsg-0+deb9u1 NOTE: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/ CVE-2022-27165 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_m ...) NOT-FOR-US: CSZ CMS CVE-2022-27164 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_vi ...) NOT-FOR-US: CSZ CMS CVE-2022-27163 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_ed ...) NOT-FOR-US: CSZ CMS CVE-2022-27162 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...) NOT-FOR-US: CSZ CMS CVE-2022-27161 (Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...) NOT-FOR-US: CSZ CMS CVE-2022-27160 RESERVED CVE-2022-27159 RESERVED CVE-2022-27158 (pearweb < 1.32 suffers from Deserialization of Untrusted Data.) NOT-FOR-US: pearweb CVE-2022-27157 (pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via ...) NOT-FOR-US: pearweb CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.) NOT-FOR-US: Daylight Studio Fuel CMS CVE-2022-27155 RESERVED CVE-2022-27154 RESERVED CVE-2022-27153 RESERVED CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a R ...) NOT-FOR-US: Roku devices CVE-2022-27151 RESERVED CVE-2022-27150 RESERVED CVE-2022-27149 REJECTED CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2067 NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2109 NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0) CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2120 NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/2108 CVE-2022-27144 RESERVED CVE-2022-27143 RESERVED CVE-2022-27142 RESERVED CVE-2022-27141 RESERVED CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of ex ...) NOT-FOR-US: Express FileUpload CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload module of Gh ...) NOT-FOR-US: Ghost CMS CVE-2022-27138 RESERVED CVE-2022-27137 RESERVED CVE-2022-27136 RESERVED CVE-2022-27135 (xpdf 4.03 has heap buffer overflow in the function readXRefTable locat ...) - xpdf (Debian uses poppler, which is not affected) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 CVE-2022-27134 (EOSIO batdappboomx v327c04cf has an Access-control vulnerability in th ...) NOT-FOR-US: EOSIO/eos CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file deletion vulne ...) NOT-FOR-US: zbzcms CVE-2022-27132 RESERVED CVE-2022-27131 (An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzc ...) NOT-FOR-US: zbzcms CVE-2022-27130 RESERVED CVE-2022-27129 (An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1 ...) NOT-FOR-US: zbzcms CVE-2022-27128 (An incorrect access control issue at /admin/run_ajax.php in zbzcms v1. ...) NOT-FOR-US: zbzcms CVE-2022-27127 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: zbzcms CVE-2022-27126 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: zbzcms CVE-2022-27125 (zbzcms v1.0 was discovered to contain a stored cross-site scripting (X ...) NOT-FOR-US: zbzcms CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Insurance Management System CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Employee Performance Evaluation CVE-2022-27122 RESERVED CVE-2022-27121 RESERVED CVE-2022-27120 RESERVED CVE-2022-27119 RESERVED CVE-2022-27118 RESERVED CVE-2022-27117 RESERVED CVE-2022-27116 RESERVED CVE-2022-27115 (In Studio-42 elFinder 2.1.60, there is a vulnerability that causes rem ...) NOT-FOR-US: Studio-42 elFinder CVE-2022-27114 (There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg functio ...) {DLA-3004-1} - htmldoc 1.9.15-2 [bullseye] - htmldoc 1.9.11-4+deb11u3 [buster] - htmldoc 1.9.3-1+deb10u4 NOTE: https://github.com/michaelrsweet/htmldoc/issues/471 NOTE: https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275 CVE-2022-27113 RESERVED CVE-2022-27112 RESERVED CVE-2022-27111 (Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send ...) NOT-FOR-US: Jfinal_CMS CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...) - orangehrm (bug #786622) CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...) - orangehrm (bug #786622) CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...) - orangehrm (bug #786622) CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" sectio ...) - orangehrm (bug #786622) CVE-2022-27106 RESERVED CVE-2022-27105 (InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripti ...) NOT-FOR-US: InMailX Outlook Plugin CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...) NOT-FOR-US: Forma LMS CVE-2022-27103 (element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el- ...) NOT-FOR-US: element-plus CVE-2022-27102 RESERVED CVE-2022-27101 RESERVED CVE-2022-27100 RESERVED CVE-2022-27099 RESERVED CVE-2022-27098 RESERVED CVE-2022-27097 RESERVED CVE-2022-27096 RESERVED CVE-2022-27095 (BattlEye v0.9 contains an unquoted service path which allows attackers ...) NOT-FOR-US: BattlEye CVE-2022-27094 (Sony PlayMemories Home v6.0 contains an unquoted service path which al ...) NOT-FOR-US: Sony PlayMemories Home CVE-2022-27093 RESERVED CVE-2022-27092 REJECTED CVE-2022-27091 RESERVED CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...) NOT-FOR-US: Cscms Music Portal System CVE-2022-27089 (In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PF ...) NOT-FOR-US: Fujitsu PlugFree Network CVE-2022-27088 (Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service p ...) NOT-FOR-US: Ivanti CVE-2022-27087 RESERVED CVE-2022-27086 RESERVED CVE-2022-27085 RESERVED CVE-2022-27084 RESERVED CVE-2022-27083 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27082 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27081 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27080 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27079 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27078 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27077 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27076 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-27075 RESERVED CVE-2022-27074 RESERVED CVE-2022-27073 RESERVED CVE-2022-27072 RESERVED CVE-2022-27071 RESERVED CVE-2022-27070 RESERVED CVE-2022-27069 RESERVED CVE-2022-27068 RESERVED CVE-2022-27067 RESERVED CVE-2022-27066 RESERVED CVE-2022-27065 RESERVED CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file upload vu ...) NOT-FOR-US: Musical World CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: AeroCMS CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) NOT-FOR-US: AeroCMS CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: AeroCMS CVE-2022-27060 RESERVED CVE-2022-27059 RESERVED CVE-2022-27058 RESERVED CVE-2022-27057 RESERVED CVE-2022-27056 RESERVED CVE-2022-27055 (ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage v ...) NOT-FOR-US: ecjia-daojia CVE-2022-27054 RESERVED CVE-2022-27053 RESERVED CVE-2022-27052 (FreeFtpd version 1.0.13 and below contains an unquoted service path vu ...) NOT-FOR-US: FreeFtpd CVE-2022-27051 RESERVED CVE-2022-27050 (BitComet Service for Windows before version 1.8.6 contains an unquoted ...) NOT-FOR-US: BitComet Service for Windows CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move log f ...) NOT-FOR-US: Raidrive CVE-2022-27048 (A vulnerability has been discovered in Moxa MGate which allows an atta ...) NOT-FOR-US: Moxa CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...) NOT-FOR-US: mogu_blog_cms CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...) - libsixel 1.10.3-1 [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/157 NOTE: https://github.com/libsixel/libsixel/issues/27 NOTE: https://github.com/libsixel/libsixel/pull/28 NOTE: Fixed by: https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8 (v1.10.1) CVE-2022-27045 RESERVED CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c: ...) - libsixel 1.10.3-1 [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/156 NOTE: https://github.com/libsixel/libsixel/issues/25 NOTE: https://github.com/libsixel/libsixel/pull/26 NOTE: Fixed by: https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42 (v1.10.0) CVE-2022-27043 (Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Ne ...) NOT-FOR-US: Yearning CVE-2022-27042 RESERVED CVE-2022-27041 (Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 ...) NOT-FOR-US: OpenSIS CVE-2022-27040 RESERVED CVE-2022-27039 RESERVED CVE-2022-27038 RESERVED CVE-2022-27037 RESERVED CVE-2022-27036 RESERVED CVE-2022-27035 RESERVED CVE-2022-27034 RESERVED CVE-2022-27033 RESERVED CVE-2022-27032 RESERVED CVE-2022-27031 RESERVED CVE-2022-27030 RESERVED CVE-2022-27029 RESERVED CVE-2022-27028 RESERVED CVE-2022-27027 RESERVED CVE-2022-27026 RESERVED CVE-2022-27025 RESERVED CVE-2022-27024 RESERVED CVE-2022-27023 RESERVED CVE-2022-27022 (There is a stack overflow vulnerability in the SetSysTimeCfg() functio ...) NOT-FOR-US: Tenda CVE-2022-27021 RESERVED CVE-2022-27020 RESERVED CVE-2022-27019 RESERVED CVE-2022-27018 RESERVED CVE-2022-27017 RESERVED CVE-2022-27016 (There is a stack overflow vulnerability in the SetStaticRouteCfg() fun ...) NOT-FOR-US: Tenda CVE-2022-27015 RESERVED CVE-2022-27014 RESERVED CVE-2022-27013 RESERVED CVE-2022-27012 RESERVED CVE-2022-27011 RESERVED CVE-2022-27010 RESERVED CVE-2022-27009 RESERVED CVE-2022-27008 (nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Arr ...) NOT-FOR-US: njs CVE-2022-27007 (nginx njs 0.7.2 is affected suffers from Use-after-free in njs_functio ...) NOT-FOR-US: njs CVE-2022-27006 RESERVED CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) NOT-FOR-US: TOTOLINK CVE-2022-27004 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) NOT-FOR-US: TOTOLINK CVE-2022-27003 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) NOT-FOR-US: TOTOLINK CVE-2022-27002 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...) NOT-FOR-US: Arris CVE-2022-27001 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...) NOT-FOR-US: Arris CVE-2022-27000 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26999 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26998 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26997 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26996 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26995 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) NOT-FOR-US: Arris CVE-2022-26994 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) NOT-FOR-US: Arris CVE-2022-26993 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) NOT-FOR-US: Arris CVE-2022-26992 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) NOT-FOR-US: Arris CVE-2022-26991 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) NOT-FOR-US: Arris CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) NOT-FOR-US: Arris CVE-2022-26989 RESERVED CVE-2022-26988 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...) NOT-FOR-US: TP-Link CVE-2022-26987 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...) NOT-FOR-US: TP-Link CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers ...) NOT-FOR-US: ImpressCMS CVE-2022-26985 RESERVED CVE-2022-26984 RESERVED CVE-2022-26983 RESERVED CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...) NOT-FOR-US: Simple Machines Forum (SMF) CVE-2022-0947 (A vulnerability in ABB ARG600 Wireless Gateway series that could allow ...) NOT-FOR-US: ABB ARG600 Wireless Gateway CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...) NOT-FOR-US: ShowDoc CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHu ...) NOT-FOR-US: ShowDoc CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub ...) NOT-FOR-US: sqlpad CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...) {DLA-3182-1 DLA-3053-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563) NOTE: Crash in CLI tool, no security impact CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in ...) - liblouis 3.22.0-1 (bug #1008009) [bullseye] - liblouis (Minor issue) [buster] - liblouis (Minor issue) NOTE: https://github.com/liblouis/liblouis/issues/1171 NOTE: https://github.com/liblouis/liblouis/pull/1185 NOTE: https://github.com/liblouis/liblouis/commit/73751be7a5617bfff4a735ae095203a2d3ec50ef (v3.22.0) CVE-2022-26980 (Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.) - teampass (bug #730180) CVE-2022-0942 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) NOT-FOR-US: ShowDoc CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) NOT-FOR-US: ShowDoc CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) NOT-FOR-US: ShowDoc CVE-2022-0939 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) - calibre-web (bug #982690) CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc prior ...) NOT-FOR-US: ShowDoc CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...) - phpliteadmin 1.9.8.2-2 [bullseye] - phpliteadmin 1.9.8.2-1+deb11u1 [buster] - phpliteadmin 1.9.7.1-2+deb10u1 NOTE: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows CVE-2022-26979 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NU ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-26978 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26977 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26976 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26975 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26974 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26973 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26972 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26971 (Barco Control Room Management Suite web application, which is part of ...) NOT-FOR-US: Barco Control Room Management Suite CVE-2022-26970 RESERVED CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS ...) NOT-FOR-US: Directus CVE-2022-26968 RESERVED CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-4 (bug #1007224) [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2138 NOTE: https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0 CVE-2022-26966 (An issue was discovered in the Linux kernel before 5.16.12. drivers/ne ...) {DLA-3065-1} - linux 5.16.12-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/e9da0b56fe27206b49f39805f7dcda8a89379062 (5.17-rc6) CVE-2022-26965 (In Pluck 4.7.16, an admin user can use the theme upload functionality ...) NOT-FOR-US: Pluck CMS CVE-2022-26964 (Weak password derivation for export in Devolutions Remote Desktop Mana ...) NOT-FOR-US: Devolutions Remote Desktop Manager CVE-2022-26963 RESERVED CVE-2022-26962 RESERVED CVE-2022-26961 RESERVED CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...) NOT-FOR-US: std42 elFinder CVE-2022-26959 (There are two full (read/write) Blind/Time-based SQL injection vulnera ...) NOT-FOR-US: Northstar Club Management CVE-2022-26958 RESERVED CVE-2022-26957 RESERVED CVE-2022-26956 RESERVED CVE-2022-26955 RESERVED CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository star7th ...) NOT-FOR-US: ShowDoc CVE-2022-26954 (Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.5 ...) NOT-FOR-US: NopCommerce CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) NOT-FOR-US: Digi Passport Firmware CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) NOT-FOR-US: Digi Passport Firmware CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...) NOT-FOR-US: Archer CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...) NOT-FOR-US: Archer CVE-2022-26949 (Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access co ...) NOT-FOR-US: Archer CVE-2022-26948 (The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1. ...) NOT-FOR-US: Archer CVE-2022-26947 (Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerab ...) NOT-FOR-US: Archer CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autol ...) NOT-FOR-US: Autolab CVE-2022-26946 RESERVED CVE-2022-26945 (go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless r ...) - golang-github-hashicorp-go-getter (bug #1011741) [bookworm] - golang-github-hashicorp-go-getter (Minor issue) [bullseye] - golang-github-hashicorp-go-getter (Minor issue) [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 NOTE: https://github.com/hashicorp/go-getter/pull/359 NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command line to a ...) - percona-xtrabackup NOTE: https://jira.percona.com/browse/PXB-2722 CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA authentication ch ...) NOT-FOR-US: Motorola CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation on argum ...) NOT-FOR-US: Motorola CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000 series firmwa ...) NOT-FOR-US: Motorola CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26938 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26937 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26936 (Windows Server Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26935 (Windows WLAN AutoConfig Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26934 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26933 (Windows NTFS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26932 (Storage Spaces Direct Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26926 (Windows Address Book Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26925 (Windows LSA Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26924 (YARP Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26922 RESERVED CVE-2022-26921 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26920 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26919 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-26918 (Windows Fax Compose Form Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26917 (Windows Fax Compose Form Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26916 (Windows Fax Compose Form Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26915 (Windows Secure Channel Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26914 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26913 (Windows Authentication Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26911 (Skype for Business Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26910 (Skype for Business and Lync Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26907 (Azure SDK for .NET Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26906 RESERVED CVE-2022-26905 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26904 (Windows User Profile Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26903 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26902 RESERVED CVE-2022-26901 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26899 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26898 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26897 (Azure Site Recovery Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26896 (Azure Site Recovery Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26893 RESERVED CVE-2022-26892 RESERVED CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...) - hdf5 (bug #1031726) [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) [buster] - hdf5 (Minor issue, revisit when fixed upstream) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487 CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...) - hdf5 (bug #1031726) [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) [buster] - hdf5 (Minor issue, revisit when fixed upstream) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485 CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...) - hdf5 (bug #1031726) [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) [buster] - hdf5 (Minor issue, revisit when fixed upstream) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486 CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...) NOT-FOR-US: livehelperchat CVE-2022-26886 RESERVED CVE-2022-26885 (When using tasks to read config files, there is a risk of database pas ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler users ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...) - dnsmasq 2.87-1 (bug #1014715) [bullseye] - dnsmasq (Minor issue) [buster] - dnsmasq (Minor issue) [stretch] - dnsmasq (Minor issue) NOTE: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 (v2.87rc1) CVE-2022-0933 RESERVED CVE-2022-0932 (Missing Authorization in GitHub repository saleor/saleor prior to 3.1. ...) NOT-FOR-US: saleor CVE-2022-0931 REJECTED CVE-2022-0930 (File upload filter bypass leading to stored XSS in GitHub repository m ...) NOT-FOR-US: microweber CVE-2022-0929 (XSS on dynamic_text module in GitHub repository microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0928 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-0927 RESERVED CVE-2022-0926 (File upload filter bypass leading to stored XSS in GitHub repository m ...) NOT-FOR-US: microweber CVE-2022-0925 REJECTED CVE-2022-26883 RESERVED CVE-2022-26882 RESERVED CVE-2022-26881 RESERVED CVE-2022-26880 RESERVED CVE-2022-26879 RESERVED CVE-2022-26877 (Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local ...) NOT-FOR-US: Asana Desktop CVE-2022-26876 RESERVED CVE-2022-26875 RESERVED CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the ...) NOT-FOR-US: AMI CVE-2022-26872 (AMI Megarac Password reset interception via API) NOT-FOR-US: AMI CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...) NOT-FOR-US: Trend Micro CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...) NOT-FOR-US: Dell CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...) NOT-FOR-US: Dell CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...) NOT-FOR-US: EMC PowerStore CVE-2022-26867 (PowerStore SW v2.1.1.0 supports the option to export data to either a ...) NOT-FOR-US: Dell CVE-2022-26866 (Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site ...) NOT-FOR-US: Dell CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...) NOT-FOR-US: Dell SupportAssist CVE-2022-26864 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-26863 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-26862 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-26861 (Dell BIOS versions contain an Insecure Automated Optimization vulnerab ...) NOT-FOR-US: Dell CVE-2022-26860 (Dell BIOS versions contain a stack-based buffer overflow vulnerability ...) NOT-FOR-US: Dell CVE-2022-26859 (Dell BIOS contains a race condition vulnerability. A local attacker co ...) NOT-FOR-US: Dell CVE-2022-26858 (Dell BIOS versions contain an Improper Authentication vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...) NOT-FOR-US: Dell OpenManage Enterprise CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...) NOT-FOR-US: EMC CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...) NOT-FOR-US: Dell CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptograph ...) NOT-FOR-US: Dell CVE-2022-26853 REJECTED CVE-2022-26852 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable see ...) NOT-FOR-US: Dell CVE-2022-26851 (Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name f ...) NOT-FOR-US: Dell CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers t ...) {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/278 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/311 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/88d79a45a31c74cba98c697892fed5f7db8b963a CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow a rem ...) - node-swagger-ui (bug #871461) - swagger-ui (bug #895422) CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...) {DSA-5283-1 DLA-3207-1 DLA-2990-1} - jackson-databind 2.13.2.2-1 (bug #1007109) NOTE: https://github.com/FasterXML/jackson-databind/issues/2816 CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...) - node-swagger-ui (bug #871461) - swagger-ui (bug #895422) CVE-2022-26850 (When creating or updating credentials for single-user access, Apache N ...) NOT-FOR-US: Apache NiFi CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) NOT-FOR-US: Delta Electronics CVE-2022-0922 (The software does not perform any authentication for critical system f ...) NOT-FOR-US: Rockwell Automation CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...) NOT-FOR-US: microweber CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.6.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...) {DLA-3399-1} - 389-ds-base 2.0.15-1.1 (bug #1016445) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815 NOTE: https://github.com/389ds/389-ds-base/issues/5242 NOTE: https://github.com/389ds/389-ds-base/commit/caad47ab207d7c5d61521ec4d33091db559c315a (master) NOTE: https://github.com/389ds/389-ds-base/commit/f46ab49c9f06b503f5ec8147f2c01dcacdb6a375 (389-ds-base-2.0.16) CVE-2022-0917 RESERVED CVE-2022-0916 (An issue was discovered in Logitech Options. The OAuth 2.0 state param ...) NOT-FOR-US: Logitech CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...) NOT-FOR-US: Logitech Sync for Windows CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in ...) NOT-FOR-US: WordPress plugin CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...) NOT-FOR-US: microweber CVE-2022-0911 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a ...) - linux 5.16.7-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ad7cb5f6fa5f7ea37208c98a9457dd98025a89ca (5.17-rc1) CVE-2022-26849 RESERVED CVE-2022-26848 RESERVED CVE-2022-26843 (Insufficient visual distinction of homoglyphs presented to user in the ...) NOT-FOR-US: Intel CVE-2022-26832 (.NET Framework Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26831 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...) NOT-FOR-US: Microsoft CVE-2022-26830 (DiskUsage.exe Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26829 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26828 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26827 (Windows File Server Resource Management Service Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-26826 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26825 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26824 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26823 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26822 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26821 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26820 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26819 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26818 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26817 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26816 (Windows DNS Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26815 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26814 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26813 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26812 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26811 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26810 (Windows File Server Resource Management Service Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-26809 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26808 (Windows File Explorer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26807 (Windows Work Folder Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26806 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26805 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26804 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26803 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26802 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26801 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26800 RESERVED CVE-2022-26799 RESERVED CVE-2022-26798 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26797 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26796 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26795 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26794 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26793 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26792 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26791 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26790 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26789 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26788 (PowerShell Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26787 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26786 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26785 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) NOT-FOR-US: Microsoft CVE-2022-26784 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-26783 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) NOT-FOR-US: Microsoft CVE-2022-26512 (Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel ...) NOT-FOR-US: Intel CVE-2022-26425 (Uncontrolled search path element in the Intel(R) oneAPI Collective Com ...) NOT-FOR-US: Intel CVE-2022-26421 (Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Comp ...) NOT-FOR-US: Intel CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv ucloud_set_node_ ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-26076 (Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Ne ...) NOT-FOR-US: Intel CVE-2022-26062 (Uncontrolled search path element in the Intel(R) Trace Analyzer and Co ...) NOT-FOR-US: Intel CVE-2022-26052 (Uncontrolled search path element in the Intel(R) MPI Library before ve ...) NOT-FOR-US: Intel CVE-2022-26032 (Uncontrolled search path element in the Intel(R) Distribution for Pyth ...) NOT-FOR-US: Intel CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the confsrv uclo ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the confsrv addT ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-25987 (Improper handling of Unicode encoding in source code to be compiled by ...) NOT-FOR-US: Intel CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...) NOT-FOR-US: ELECOM LAN routers CVE-2022-25905 (Uncontrolled search path element in the Intel(R) oneAPI Data Analytics ...) NOT-FOR-US: Intel CVE-2022-0910 (A downgrade from two-factor authentication to one-factor authenticatio ...) NOT-FOR-US: Zyxel CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to ...) {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/393 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/310 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function within ...) {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/383 CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libt ...) {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc CVE-2022-26782 (Multiple improper input validation vulnerabilities exists in the libnv ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26781 (Multiple improper input validation vulnerabilities exists in the libnv ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26780 (Multiple improper input validation vulnerabilities exists in the libnv ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random number genera ...) NOT-FOR-US: Apache CloudStack CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...) NOT-FOR-US: microweber CVE-2022-0905 (Missing Authorization in GitHub repository go-gitea/gitea prior to 1.1 ...) - gitea CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Server in ...) - mattermost-server (bug #823556) CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...) - mattermost-server (bug #823556) CVE-2022-0902 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: ABB CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...) NOT-FOR-US: WordPress plugins CVE-2022-0900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: DivvyDrive CVE-2022-0899 (The Header Footer Code Manager WordPress plugin before 1.1.24 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...) {DLA-3778-1} - libvirt 8.2.0-1 (bug #1009075) [bullseye] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36 (v8.2.0-rc1) CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: microweber CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...) NOT-FOR-US: microweber CVE-2022-0894 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0893 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0892 (The Export All URLs WordPress plugin before 4.2 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-46707 RESERVED CVE-2021-46706 RESERVED CVE-2021-46705 (A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE ...) - grub2 (SuSE-specific code change) CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destination p ...) NOT-FOR-US: Veritas CVE-2022-26777 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...) {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/382 CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2 ...) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/ NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa CVE-2022-26776 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26775 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2022-26774 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-26773 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-26772 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-26771 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-26770 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-26769 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-26768 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-26767 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2022-26766 (A certificate parsing issue was addressed with improved checks. This i ...) NOT-FOR-US: Apple CVE-2022-26765 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-26764 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-26763 (An out-of-bounds access issue was addressed with improved bounds check ...) NOT-FOR-US: Apple CVE-2022-26762 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2022-26760 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-26759 RESERVED CVE-2022-26758 RESERVED CVE-2022-26757 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-26755 (This issue was addressed with improved environment sanitization. This ...) NOT-FOR-US: Apple CVE-2022-26754 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26752 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26751 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-26750 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26749 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26748 (An out-of-bounds write issue was addressed with improved input validat ...) NOT-FOR-US: Apple CVE-2022-26747 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26746 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2022-26745 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-26744 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-26743 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26742 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26741 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-26740 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26739 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26738 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26737 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26736 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26735 REJECTED CVE-2022-26734 REJECTED CVE-2022-26733 REJECTED CVE-2022-26732 REJECTED CVE-2022-26731 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-26730 (A memory corruption issue existed in the processing of ICC profiles. T ...) NOT-FOR-US: Apple CVE-2022-26729 REJECTED CVE-2022-26728 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-26727 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-26726 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26725 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-26724 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2022-26723 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-26722 (A memory initialization issue was addressed. This issue is fixed in Se ...) NOT-FOR-US: Apple CVE-2022-26721 (A memory initialization issue was addressed. This issue is fixed in Se ...) NOT-FOR-US: Apple CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26719 (A memory corruption issue was addressed with improved state management ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-26717 (A use after free issue was addressed with improved memory management. ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26716 (A memory corruption issue was addressed with improved state management ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26715 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-26714 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-26713 RESERVED CVE-2022-26712 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2022-26711 (An integer overflow issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-26710 (A use after free issue was addressed with improved memory management. ...) {DSA-5183-1 DSA-5182-1} - webkit2gtk 2.36.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0006.html CVE-2022-26709 (A use after free issue was addressed with improved memory management. ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26708 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26707 (An issue in the handling of environment variables was addressed with i ...) NOT-FOR-US: Apple CVE-2022-26706 (An access issue was addressed with additional sandbox restrictions on ...) NOT-FOR-US: Apple CVE-2022-26705 REJECTED CVE-2022-26704 (A validation issue existed in the handling of symlinks and was address ...) NOT-FOR-US: Apple CVE-2022-26703 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2022-26702 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-26701 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-26700 (A memory corruption issue was addressed with improved state management ...) {DSA-5155-1 DSA-5154-1} - webkit2gtk 2.36.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.3-1 NOTE: https://webkitgtk.org/security/WSA-2022-0005.html CVE-2022-26699 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds checkin ...) NOT-FOR-US: Apple CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-26696 (This issue was addressed with improved environment sanitization. This ...) NOT-FOR-US: Apple CVE-2022-26695 RESERVED CVE-2022-26694 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26693 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-26692 REJECTED CVE-2022-26691 (A logic issue was addressed with improved state management. This issue ...) {DSA-5149-1 DLA-3029-1} - cups 2.4.2-1 (bug #1011769) NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 (v2.4.2) NOTE: Followup (fix comment): https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1 CVE-2022-26690 (Description: A race condition was addressed with additional validation ...) NOT-FOR-US: Apple CVE-2022-26689 REJECTED CVE-2022-26688 (An issue in the handling of symlinks was addressed with improved valid ...) NOT-FOR-US: Apple CVE-2022-26687 RESERVED CVE-2022-26686 RESERVED CVE-2022-26685 RESERVED CVE-2022-26684 RESERVED CVE-2022-26683 RESERVED CVE-2022-26682 RESERVED CVE-2022-26681 RESERVED CVE-2022-26680 RESERVED CVE-2022-26679 RESERVED CVE-2022-26678 RESERVED CVE-2022-26677 RESERVED CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-0886 REJECTED CVE-2022-0885 (The Member Hero WordPress plugin through 1.0.9 lacks authorization che ...) NOT-FOR-US: WordPress plugin CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...) NOT-FOR-US: SnowGlobe Licence Manager CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...) NOT-FOR-US: Google fuchsia CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...) - peertube (bug #950821) CVE-2022-26847 (SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ...) {DSA-5093-1 DLA-2949-1} - spip 4.0.5-1 NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ...) {DSA-5093-1 DLA-2949-1} - spip 4.0.5-1 NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthenticate ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-26674 (ASUS RT-AX88U has a Format String vulnerability, which allows an unaut ...) NOT-FOR-US: ASUS CVE-2022-26673 (ASUS RT-AX88U has insufficient filtering for special characters in the ...) NOT-FOR-US: ASUS CVE-2022-26672 (ASUS WebStorage has a hardcoded API Token in the APP source code. An u ...) NOT-FOR-US: ASUS CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard- ...) NOT-FOR-US: Taiwan Secom Dr.ID Access Control system CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...) NOT-FOR-US: D-Link CVE-2022-26669 (ASUS Control Center is vulnerable to SQL injection. An authenticated r ...) NOT-FOR-US: ASUS CVE-2022-26668 (ASUS Control Center API has a broken access control vulnerability. An ...) NOT-FOR-US: ASUS CVE-2022-26665 (An Insecure Direct Object Reference issue exists in the Tyler Odyssey ...) NOT-FOR-US: Tyler Odyssey platform CVE-2022-26664 RESERVED CVE-2022-26663 RESERVED CVE-2022-26662 (An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ...) {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1} - tryton-proteus 6.0.5-1 - tryton-server 6.0.16-1 NOTE: https://bugs.tryton.org/issue11244 NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Server) 5. ...) {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1} - tryton-proteus 6.0.5-1 - tryton-server 6.0.16-1 NOTE: https://bugs.tryton.org/issue11219 NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key. In posse ...) NOT-FOR-US: RunAsSpc CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0 allows an ...) NOT-FOR-US: Docker Desktop installer on Windows CVE-2022-26658 RESERVED CVE-2022-26657 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-26656 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) NOT-FOR-US: Pexip Infinity CVE-2022-26655 (Pexip Infinity 27.x before 27.3 has Improper Input Validation. The cli ...) NOT-FOR-US: Pexip Infinity CVE-2022-26654 (Pexip Infinity before 27.3 allows remote attackers to force a software ...) NOT-FOR-US: Pexip Infinity CVE-2022-26653 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...) - nats-server (Fixed before initial upload to Debian) NOTE: https://advisories.nats.io/CVE/CVE-2022-26652.txt NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 NOTE: http://www.openwall.com/lists/oss-security/2022/03/10/1 CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...) {DSA-5285-1 DLA-3194-1} - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Fix in next upload) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-003.html CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...) NOT-FOR-US: WPS Office for Windows CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) NOT-FOR-US: ShowDoc CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pat ...) NOT-FOR-US: Apache ShenYu CVE-2022-26649 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2022-26648 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2022-26647 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) NOT-FOR-US: Siemens CVE-2022-26646 (Online Banking System Protect v1.0 was discovered to contain a local f ...) NOT-FOR-US: Sourcecodester Banking System CVE-2022-26645 (A remote code execution (RCE) vulnerability in Online Banking System P ...) NOT-FOR-US: Sourcecodester Banking System CVE-2022-26644 (Online Banking System Protect v1.0 was discovered to contain multiple ...) NOT-FOR-US: Sourcecodester Banking System CVE-2022-26643 (An issue in EasyIO CPT Graphics v0.8 allows attackers to discover vali ...) NOT-FOR-US: EasyIO CPT Graphics CVE-2022-26642 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) NOT-FOR-US: TP-Link CVE-2022-26641 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) NOT-FOR-US: TP-Link CVE-2022-26640 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) NOT-FOR-US: TP-Link CVE-2022-26639 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) NOT-FOR-US: TP-Link CVE-2022-26638 RESERVED CVE-2022-26637 RESERVED CVE-2022-26636 RESERVED CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...) NOTE: Disputed issue, not considered a security issue by upstream: NOTE: https://github.com/php-memcached-dev/php-memcached/issues/519#issuecomment-1259303434 NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ NOTE: https://github.com/php-memcached-dev/php-memcached/issues/519 CVE-2022-26634 (HMA VPN v5.3.5913.0 contains an unquoted service path which allows att ...) NOT-FOR-US: HMA VPN CVE-2022-26633 (Simple Student Quarterly Result/Grade System v1.0 was discovered to co ...) NOT-FOR-US: Simple Student Quarterly Result/Grade System CVE-2022-26632 (Multi-Vendor Online Groceries Management System v1.0 was discovered to ...) NOT-FOR-US: Multi-Vendor Online Groceries Management System CVE-2022-26631 (Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQ ...) NOT-FOR-US: Automatic Question Paper Generator CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...) NOT-FOR-US: Jellycms CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...) NOT-FOR-US: SoroushPlus+ Messenger CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Matrimony CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to contain a ...) NOT-FOR-US: Online Project Time Management System CVE-2022-26626 RESERVED CVE-2022-26625 RESERVED CVE-2022-26624 (Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site sc ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2022-26623 RESERVED CVE-2022-26622 RESERVED CVE-2022-26621 RESERVED CVE-2022-26620 REJECTED CVE-2022-26619 (Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbi ...) NOT-FOR-US: Halo Blog CMS CVE-2022-26618 RESERVED CVE-2022-26617 RESERVED CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...) NOT-FOR-US: PKP Vendor Open Journal System CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Content ...) NOT-FOR-US: SourceCodester Simple College Website CVE-2022-26614 RESERVED CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: PHP-CMS CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava function on W ...) - hadoop (bug #793644) CVE-2022-26611 RESERVED CVE-2022-26610 RESERVED CVE-2022-26609 RESERVED CVE-2022-26608 RESERVED CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 ...) NOT-FOR-US: baigo CMS CVE-2022-26606 RESERVED CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file upload via t ...) NOT-FOR-US: eZiosuite CVE-2022-26604 RESERVED CVE-2022-26603 RESERVED CVE-2022-26602 RESERVED CVE-2022-26601 RESERVED CVE-2022-26600 RESERVED CVE-2022-26599 RESERVED CVE-2022-26598 RESERVED CVE-2022-26597 (Cross-site scripting (XSS) vulnerability in the Layout module's Open G ...) NOT-FOR-US: Liferay CVE-2022-26596 (Cross-site scripting (XSS) vulnerability in Journal module's web conte ...) NOT-FOR-US: Liferay CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...) NOT-FOR-US: Liferay CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...) NOT-FOR-US: Liferay CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...) NOT-FOR-US: Liferay CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...) [experimental] - libsass 3.6.5+20231221-1 - libsass 3.6.5+20231221-2 (bug #1051895) [bookworm] - libsass (Minor issue) [bullseye] - libsass (Minor issue) [buster] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/3174 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...) NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware CVE-2022-26590 RESERVED CVE-2022-26589 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...) NOT-FOR-US: Pluck CMS CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attacke ...) NOT-FOR-US: IceHrm CVE-2022-26587 RESERVED CVE-2022-26586 RESERVED CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...) NOT-FOR-US: Mingsoft MCMS CVE-2022-26584 RESERVED CVE-2022-26583 RESERVED CVE-2022-26582 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo CVE-2022-26580 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo CVE-2022-26579 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo CVE-2022-26578 RESERVED CVE-2022-26577 RESERVED CVE-2022-26576 RESERVED CVE-2022-26575 RESERVED CVE-2022-26574 RESERVED CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) NOT-FOR-US: Maccms CVE-2022-26572 (Xerox ColorQube 8580 was discovered to contain an access control issue ...) NOT-FOR-US: Xerox ColorQube CVE-2022-26571 RESERVED CVE-2022-26570 RESERVED CVE-2022-26569 RESERVED CVE-2022-26568 RESERVED CVE-2022-26567 RESERVED CVE-2022-26566 RESERVED CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs all versions bef ...) NOT-FOR-US: Totaljs CMS CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-site scri ...) - hoteldruid 3.0.4-1 [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) CVE-2022-26563 (An issue was discovered in Tildeslash Monit before 5.31.0, allows remo ...) - monit 1:5.32.0-1 [bullseye] - monit (Minor issue) NOTE: https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11 (release-5-32-0) CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2 ...) {DLA-3354-1} - kopanocore (bug #1016973) NOTE: https://jira.kopano.io/browse/KC-2021 CVE-2022-26561 RESERVED CVE-2022-26560 RESERVED CVE-2022-26559 RESERVED CVE-2022-26558 RESERVED CVE-2022-26557 RESERVED CVE-2022-26556 RESERVED CVE-2022-26555 (A stored cross-site scripting (XSS) vulnerability in the Add a Button ...) NOT-FOR-US: Eova CVE-2022-26554 RESERVED CVE-2022-26553 RESERVED CVE-2022-26552 RESERVED CVE-2022-26551 RESERVED CVE-2022-26550 RESERVED CVE-2022-26549 RESERVED CVE-2022-26548 RESERVED CVE-2022-26547 RESERVED CVE-2022-26546 (Hospital Management System v1.0 was discovered to lack an authorizatio ...) NOT-FOR-US: Hospital Management System CVE-2022-26545 RESERVED CVE-2022-26544 RESERVED CVE-2022-26543 RESERVED CVE-2022-26542 RESERVED CVE-2022-26541 RESERVED CVE-2022-26540 RESERVED CVE-2022-26539 RESERVED CVE-2022-26538 RESERVED CVE-2022-26537 RESERVED CVE-2022-26536 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-26535 RESERVED CVE-2022-26534 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) NOT-FOR-US: FISCO-BCOS CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site scriptin ...) NOT-FOR-US: Alist CVE-2022-25960 RESERVED CVE-2022-0879 (The Caldera Forms WordPress plugin before 1.9.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...) NOT-FOR-US: Combined Charging System CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...) NOT-FOR-US: bookstack CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0875 (The Google Authenticator WordPress plugin before 1.0.5 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-26532 (A argument injection vulnerability in the 'packet-trace' CLI command o ...) NOT-FOR-US: Zyxel CVE-2022-26531 (Multiple improper input validation flaws were identified in some CLI c ...) NOT-FOR-US: Zyxel CVE-2022-26530 (swaylock before 1.6 allows attackers to trigger a crash and achieve un ...) - swaylock 1.6-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066596 NOTE: https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca (1.6) NOTE: https://github.com/swaywm/swaylock/pull/219 CVE-2022-26529 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK CVE-2022-26528 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK CVE-2022-26527 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Min ...) NOT-FOR-US: Anaconda Python CVE-2022-26525 RESERVED CVE-2022-26524 RESERVED CVE-2022-26523 RESERVED CVE-2022-26522 RESERVED CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrators to ...) NOT-FOR-US: Abantecart CVE-2022-0872 RESERVED CVE-2022-26019 (Improper access control vulnerability in pfSense CE and pfSense Plus ( ...) NOT-FOR-US: pfSense CVE-2022-24299 (Improper input validation vulnerability in pfSense CE and pfSense Plus ...) NOT-FOR-US: pfSense CVE-2022-0871 (Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.) NOT-FOR-US: Go Git Service CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...) NOT-FOR-US: Go Git Service CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...) NOT-FOR-US: Spirit forum software CVE-2022-26507 (A heap-based buffer overflow exists in XML Decompression DecodeTreeBlo ...) NOT-FOR-US: Schneider Electric CVE-2022-26506 RESERVED CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 a ...) {DLA-2973-1} - minidlna 1.3.0+dfsg-2.2 (bug #1006798) [bullseye] - minidlna 1.3.0+dfsg-2+deb11u1 [buster] - minidlna 1.2.1+dfsg-2+deb10u3 NOTE: https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/ NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1 CVE-2022-26504 (Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10. ...) NOT-FOR-US: Veeam CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...) NOT-FOR-US: Veeam CVE-2022-26502 REJECTED CVE-2022-26501 (Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control ...) NOT-FOR-US: Veeam CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9.5U3, ...) NOT-FOR-US: Veeam CVE-2022-26499 (An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...) {DSA-5285-1 DLA-3194-1} - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29476 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-002.html CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...) {DSA-5285-1 DLA-3194-1} - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-001.html CVE-2022-26497 (BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have ...) NOT-FOR-US: BigBlueButton CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...) {DSA-5100-1} - nbd 1:3.24-1 (bug #1006915) [stretch] - nbd (NBD_OPT_INFO/NBD_OPT_GO introduced later, in 3.16) NOTE: https://lists.debian.org/nbd/2022/01/msg00036.html NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow with a ...) {DSA-5100-1 DLA-2944-1} - nbd 1:3.24-1 (bug #1006915) NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...) NOT-FOR-US: PrimeKey SignServer CVE-2022-26493 (Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP ...) NOT-FOR-US: Drupal SAML provider CVE-2022-26492 RESERVED CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...) {DLA-3043-1} - pidgin 2.14.9-1 [bullseye] - pidgin (Minor issue) [buster] - pidgin (Minor issue) NOTE: https://pidgin.im/about/security/advisories/cve-2022-26491/ NOTE: https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc CVE-2022-26489 RESERVED CVE-2022-26488 (In Python before 3.10.3 on Windows, local users can gain privileges be ...) - python3.10 (Windows-specific) - python3.9 (Windows-specific) - python3.7 (Windows-specific) - python3.5 (Windows-specific) - python2.7 (Windows-specific) CVE-2022-26487 REJECTED CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to ...) NOT-FOR-US: GenieACS CVE-2021-46703 (In the IsolatedRazorEngine component of Antaris RazorEngine through 4. ...) NOT-FOR-US: Antaris RazorEngine CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System and H ...) NOT-FOR-US: Nabu CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.) NOT-FOR-US: Node urijs CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...) {DSA-5173-1 DSA-5127-1 DLA-3065-1} - linux 5.16.18-1 NOTE: https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1) CVE-2022-26486 (An unexpected message in the WebGPU IPC framework could lead to a use- ...) {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1} - firefox 99.0-1 - firefox-esr 91.6.1esr-1 - thunderbird 1:91.6.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486 CVE-2022-26485 (Removing an XSLT parameter during processing could have lead to an exp ...) {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1} - firefox 99.0-1 - firefox-esr 91.6.1esr-1 - thunderbird 1:91.6.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26485 CVE-2022-26484 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM) CVE-2022-26483 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM) CVE-2022-26482 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. o ...) NOT-FOR-US: Poly CVE-2022-26481 (An issue was discovered in Poly Studio before 3.7.0. Command Injection ...) NOT-FOR-US: Poly CVE-2022-26480 RESERVED CVE-2022-26479 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. E ...) NOT-FOR-US: Poly CVE-2022-26478 RESERVED CVE-2022-26477 (The Security Team noticed that the termination condition of the for lo ...) NOT-FOR-US: Apache SystemDS CVE-2022-0867 (The Pricing Table WordPress plugin before 3.6.1 fails to properly sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller princi ...) - wildfly (bug #752018) CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...) {DSA-5108-1} - tiff 4.3.0-5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/385 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067 CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-26475 (In wlan, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: Mediatek CVE-2022-26474 (In sensorhub, there is a possible out of bounds write due to an incorr ...) NOT-FOR-US: Mediatek CVE-2022-26473 (In vdec fmt, there is a possible use after free due to improper lockin ...) NOT-FOR-US: Mediatek CVE-2022-26472 (In ims, there is a possible escalation of privilege due to a parcel fo ...) NOT-FOR-US: Mediatek CVE-2022-26471 (In telephony, there is a possible escalation of privilege due to a par ...) NOT-FOR-US: Mediatek CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: Mediatek CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...) NOT-FOR-US: Mediatek CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2022-26467 (In rpmb, there is a possible out of bounds write due to an incorrect b ...) NOT-FOR-US: Mediatek CVE-2022-26466 (In audio ipi, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Mediatek CVE-2022-26465 (In audio ipi, there is a possible out of bounds write due to an incorr ...) NOT-FOR-US: Mediatek CVE-2022-26464 (In vow, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: Mediatek CVE-2022-26463 (In vow, there is a possible out of bounds read due to an incorrect bou ...) NOT-FOR-US: Mediatek CVE-2022-26462 (In vow, there is a possible out of bounds read due to an incorrect bou ...) NOT-FOR-US: Mediatek CVE-2022-26461 (In vow, there is a possible undefined behavior due to an API misuse. T ...) NOT-FOR-US: Mediatek CVE-2022-26460 (In vow, there is a possible out of bounds write due to an incorrect bo ...) NOT-FOR-US: Mediatek CVE-2022-26459 (In vow, there is a possible out of bounds read due to an integer overf ...) NOT-FOR-US: Mediatek CVE-2022-26458 (In vow, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2022-26457 (In vow, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2022-26456 (In vow, there is a possible information disclosure due to a symbolic l ...) NOT-FOR-US: Mediatek CVE-2022-26455 (In gz, there is a possible memory corruption due to incorrect error ha ...) NOT-FOR-US: Mediatek CVE-2022-26454 (In teei, there is a possible memory corruption due to an integer overf ...) NOT-FOR-US: Mediatek CVE-2022-26453 (In teei, there is a possible memory corruption due to a use after free ...) NOT-FOR-US: Mediatek CVE-2022-26452 (In isp, there is a possible use after free due to improper locking. Th ...) NOT-FOR-US: Mediatek CVE-2022-26451 (In ged, there is a possible use after free due to improper locking. Th ...) NOT-FOR-US: Mediatek CVE-2022-26450 (In apusys, there is a possible use after free due to a race condition. ...) NOT-FOR-US: Mediatek CVE-2022-26449 (In apusys, there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Mediatek CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Mediatek CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Mediatek CVE-2022-26446 (In Modem 4G RRC, there is a possible system crash due to improper inpu ...) NOT-FOR-US: Mediatek CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26444 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26443 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26442 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26441 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26440 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26439 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26438 (In wifi driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek CVE-2022-26437 (In httpclient, there is a possible out of bounds write due to uninitia ...) NOT-FOR-US: MediaTek CVE-2022-26436 (In emi mpu, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26435 (In mailbox, there is a possible out of bounds write due to type confus ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26434 (In mailbox, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26433 (In mailbox, there is a possible out of bounds write due to type confus ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26432 (In mailbox, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26431 (In mailbox, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26430 (In mailbox, there is a possible out of bounds write due to type confus ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26429 (In cta, there is a possible way to write permission usage records of a ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26428 (In video codec, there is a possible memory corruption due to a race co ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26427 (In camera isp, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-26418 REJECTED CVE-2022-26416 REJECTED CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...) NOT-FOR-US: Zyxel CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...) NOT-FOR-US: Zyxel CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...) NOT-FOR-US: gallagher CVE-2022-26347 REJECTED CVE-2022-26339 REJECTED CVE-2022-26123 REJECTED CVE-2022-26087 REJECTED CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack ...) NOT-FOR-US: Gallagher CVE-2022-26058 REJECTED CVE-2022-26055 REJECTED CVE-2022-26053 REJECTED CVE-2022-26039 REJECTED CVE-2022-26031 REJECTED CVE-2022-26027 REJECTED CVE-2022-25997 REJECTED CVE-2022-25968 REJECTED CVE-2022-25957 REJECTED CVE-2022-25920 REJECTED CVE-2022-25889 REJECTED CVE-2022-21224 REJECTED CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...) NOT-FOR-US: WordPress plugin CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...) NOT-FOR-US: McAfee CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orche ...) NOT-FOR-US: McAfee CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler prior to 3 ...) - cobbler CVE-2022-0859 (McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 a ...) NOT-FOR-US: McAfee CVE-2022-0858 (A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolic ...) NOT-FOR-US: McAfee CVE-2022-0857 (A reflected cross-site scripting (XSS) vulnerability in McAfee Enterpr ...) NOT-FOR-US: McAfee CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which allow ...) - libcaca (unimportant) NOTE: https://github.com/cacalabs/libcaca/issues/65 NOTE: Crash in CLI tool, no security impact CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...) NOT-FOR-US: microweber (whmcs_plugin) CVE-2022-0854 (A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395 NOTE: https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6) NOTE: https://git.kernel.org/linus/901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544 (5.18-rc1) CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to a me ...) NOT-FOR-US: jboss-client CVE-2022-0852 (There is a flaw in convert2rhel. convert2rhel passes the Red Hat accou ...) NOT-FOR-US: Red Hat convert2rhel CVE-2022-0851 (There is a flaw in convert2rhel. When the --activationkey option is us ...) NOT-FOR-US: Red Hat convert2rhel CVE-2022-0850 (A vulnerability was found in linux kernel, where an information leak o ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2060606 CVE-2022-0849 (Use After Free in r_reg_get_name_idx in GitHub repository radareorg/ra ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6 NOTE: https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24 CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior to 0.5 ...) NOT-FOR-US: part-db CVE-2022-26412 RESERVED CVE-2022-26411 RESERVED CVE-2022-26410 RESERVED CVE-2022-26409 RESERVED CVE-2022-26408 RESERVED CVE-2022-26407 RESERVED CVE-2022-26406 RESERVED CVE-2022-26405 RESERVED CVE-2022-26404 RESERVED CVE-2022-26403 RESERVED CVE-2022-26402 RESERVED CVE-2022-26401 RESERVED CVE-2022-26400 RESERVED CVE-2022-26399 RESERVED CVE-2022-26398 RESERVED CVE-2022-26397 RESERVED CVE-2022-26396 RESERVED CVE-2022-26395 RESERVED CVE-2022-26394 (The Baxter Spectrum WBM does not perform mutual authentication with th ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2022-26393 (The Baxter Spectrum WBM is susceptible to format string attacks via ap ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2022-26392 (The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v1 ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2022-26391 RESERVED CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...) NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM) CVE-2022-26389 RESERVED CVE-2022-26388 RESERVED CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe buffer ...) {DSA-5092-1} - linux 5.16.11-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9d2231c5d74e13b2a0546fee6737ee4446017903 (5.17-rc6) NOTE: https://www.openwall.com/lists/oss-security/2022/03/07/1 NOTE: https://dirtypipe.cm4all.com/ NOTE: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ CVE-2022-0846 (The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-lightning ...) NOT-FOR-US: pytorchlightning CVE-2022-26387 (When installing an add-on, Firefox verified the signature before promp ...) {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387 CVE-2022-26386 (Previously Firefox for macOS and Linux would download temporary files ...) {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386 CVE-2022-26385 (In unusual circumstances, an individual thread may outlive the thread' ...) - firefox 98.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385 CVE-2022-26384 (If an attacker could control the contents of an iframe sandboxed with ...) {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26384 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384 CVE-2022-26383 (When resizing a popup after requesting fullscreen access, the popup wo ...) {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26383 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26383 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26383 CVE-2022-26382 (While the text displayed in Autofill tooltips cannot be directly read ...) - firefox 98.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382 CVE-2022-26381 (An attacker could have caused a use-after-free by forcing a text reflo ...) {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26381 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381 CVE-2022-26380 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-26379 RESERVED CVE-2022-26378 RESERVED CVE-2022-26377 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 2.4.54-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377 NOTE: https://github.com/apache/httpd/commit/f7f15f3d8bfe3032926c8c39eb8434529f680bd4 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...) NOT-FOR-US: Anker Eufy Homebase CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...) NOT-FOR-US: Anker Eufy Homebase CVE-2022-0844 REJECTED CVE-2022-0843 (Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup ...) - firefox 98.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843 CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orche ...) NOT-FOR-US: McAfee CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...) NOT-FOR-US: ljharb/npm-lockfile CVE-2022-0840 (The Easy Social Icons WordPress plugin before 3.2.1 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: liquibase CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) NOT-FOR-US: Hestia Control Panel CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...) NOT-FOR-US: WordPress plugin CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 - xen 4.16.2-1 (bug #1014414) [bullseye] - xen (Too intrusive too backport) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-403.html CVE-2022-26364 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...) {DSA-5184-1} - xen 4.16.2-1 (bug #1014414) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-402.html CVE-2022-26363 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...) {DSA-5184-1} - xen 4.16.2-1 (bug #1014414) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-402.html CVE-2022-26362 (x86 pv: Race condition in typeref acquisition Xen maintains a type ref ...) {DSA-5184-1} - xen 4.16.2-1 (bug #1014414) [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-401.html NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2294 CVE-2022-26361 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html CVE-2022-26360 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html CVE-2022-26359 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html CVE-2022-26358 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-400.html CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-399.html CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dirty hyp ...) {DSA-5117-1} - xen 4.16.1-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-397.html CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...) NOT-FOR-US: Citrix CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error, ...) {DSA-5133-1 DLA-3099-1 DLA-2970-1} - qemu 1:7.0+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...) {DSA-5133-1} - qemu 1:7.0+dfsg-1 [buster] - qemu (Original upstream fix for CVE-2021-3748 not applied, new fix applied in DSA) [stretch] - qemu (Original upstream fix for CVE-2021-3748 not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 (v7.0.0-rc0) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0) NOTE: Introduced by the original fix for CVE-2021-3748. CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in cleartext, ...) NOT-FOR-US: AVEVA CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due ...) NOT-FOR-US: WordPress plugin CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...) - webmin CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.34 uses the uniqid ph ...) NOT-FOR-US: WordPress plugin CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...) NOT-FOR-US: WordPress plugin CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...) - webmin CVE-2022-0823 (An improper control of interaction frequency vulnerability in Zyxel GS ...) NOT-FOR-US: Zyxel CVE-2022-26352 (An issue was discovered in the ContentResource API in dotCMS 3.0 throu ...) NOT-FOR-US: dotCMS CVE-2022-26351 REJECTED CVE-2022-26350 RESERVED CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP ...) NOT-FOR-US: Intel CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R) Process ...) NOT-FOR-US: Intel CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 a ...) NOT-FOR-US: Trend Micro CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...) NOT-FOR-US: poi-scratchpad CVE-2022-26335 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-26334 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-26304 RESERVED CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers are susce ...) NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Bo ...) NOT-FOR-US: Intel CVE-2022-26086 (Uncontrolled search path element in the PresentMon software maintained ...) NOT-FOR-US: Intel CVE-2022-26083 RESERVED CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...) NOT-FOR-US: Intel CVE-2022-26072 RESERVED CVE-2022-26056 RESERVED CVE-2022-26038 RESERVED CVE-2022-26037 RESERVED CVE-2022-26028 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler software b ...) NOT-FOR-US: Intel CVE-2022-26006 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) NOT-FOR-US: Intel CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...) NOT-FOR-US: Intel CVE-2022-25992 (Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi- ...) NOT-FOR-US: Intel CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) NOT-FOR-US: Intel CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...) NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers CVE-2022-25917 (Uncaught exception in the firmware for some Intel(R) Server Board M50C ...) NOT-FOR-US: Intel CVE-2022-25909 RESERVED CVE-2022-25870 RESERVED CVE-2022-25864 (Uncontrolled search path in some Intel(R) oneMKL software before versi ...) NOT-FOR-US: Intel CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms ...) NOT-FOR-US: Orchard CMS CVE-2022-0821 (Improper Authorization in GitHub repository orchardcms/orchardcore pri ...) NOT-FOR-US: Orchard CMS CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...) NOT-FOR-US: Orchard CMS CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.) - dolibarr CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0817 (The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0816 RESERVED CVE-2022-0815 (Improper access control vulnerability in McAfee WebAdvisor Chrome and ...) NOT-FOR-US: McAfee CVE-2022-0814 (The Ubigeo de Per\xfa para Woocommerce WordPress plugin before 3.6.4 d ...) NOT-FOR-US: WordPress plugin CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ...) - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) NOTE: https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/ NOTE: https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486 NOTE: Negligible security impact CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for a pod. ...) - cri-o (bug #979702) CVE-2022-26333 REJECTED CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name fie ...) NOT-FOR-US: Cipi CVE-2022-26331 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) NOT-FOR-US: Micro Focus CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) NOT-FOR-US: Micro Focus CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity Manager plug ...) NOT-FOR-US: Micro Focus CVE-2022-26328 RESERVED CVE-2022-26327 RESERVED CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in specif ...) NOT-FOR-US: NetIQ Access Manager CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...) NOT-FOR-US: NetIQ Access Manager CVE-2022-26324 RESERVED CVE-2022-26323 RESERVED CVE-2022-26322 RESERVED CVE-2022-26321 RESERVED CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in cert ...) NOT-FOR-US: Fujifilm CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...) NOT-FOR-US: Trend Micro CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...) NOT-FOR-US: WatchGuard CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix (Siemens) CVE-2022-26316 RESERVED CVE-2022-26315 (qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal vi ...) NOT-FOR-US: qrcp CVE-2022-26314 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix (Siemens) CVE-2022-26313 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix (Siemens) CVE-2022-26312 RESERVED CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to ...) NOT-FOR-US: Couchbase Operator CVE-2022-26310 (Pandora FMS v7.0NG.760 and below allows an improper authorization in U ...) NOT-FOR-US: Pandora FMS CVE-2022-26309 (Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk opera ...) NOT-FOR-US: Pandora FMS CVE-2022-26308 (Pandora FMS v7.0NG.760 and below allows an improper access control in ...) NOT-FOR-US: Pandora FMS CVE-2022-26307 (LibreOffice supports the storage of passwords for web connections in t ...) {DLA-3368-1} - libreoffice 1:7.3.3~rc1-2 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307 CVE-2022-26306 (LibreOffice supports the storage of passwords for web connections in t ...) {DLA-3368-1} - libreoffice 1:7.3.3~rc1-2 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306 CVE-2022-26305 (An Improper Certificate Validation vulnerability in LibreOffice existe ...) {DLA-3368-1} - libreoffice 1:7.3.2~rc2-1 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: TuziCMS CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...) NOT-FOR-US: EOS CVE-2022-26299 RESERVED CVE-2022-26298 RESERVED CVE-2022-26297 RESERVED CVE-2022-26296 (BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was di ...) NOT-FOR-US: BOOM CPU CVE-2022-26295 (A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user ...) NOT-FOR-US: Online Project Time Management System CVE-2022-26294 RESERVED CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to contain a ...) NOT-FOR-US: Online Project Time Management System CVE-2022-26292 RESERVED CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...) {DSA-5145-1 DLA-2981-1} - lrzip 0.650-1 NOTE: https://github.com/ckolivas/lrzip/issues/206 NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650) NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) NOT-FOR-US: Tenda CVE-2022-26288 RESERVED CVE-2022-26287 RESERVED CVE-2022-26286 RESERVED CVE-2022-26285 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Simple Subscription Website CVE-2022-26284 (Simple Client Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Simple Client Management System CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Simple Subscription Website CVE-2022-26282 RESERVED CVE-2022-26281 (BigAnt Server v5.6.06 was discovered to contain an incorrect access co ...) NOT-FOR-US: BigAnt Server CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via ...) - libarchive 3.6.2-1 (bug #1008953) [bullseye] - libarchive (Minor issue) [buster] - libarchive (Vulnerable code not present) [stretch] - libarchive (Vulnerable code not present) NOTE: https://github.com/libarchive/libarchive/issues/1672 NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516 (v3.4.0) NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff (v3.6.1) CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the compone ...) NOT-FOR-US: EyouCMS CVE-2022-26278 (Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-26277 RESERVED CVE-2022-26276 (An issue in index.php of OneNav v0.9.14 allows attackers to perform di ...) NOT-FOR-US: OneNav CVE-2022-26275 RESERVED CVE-2022-26274 RESERVED CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\con ...) NOT-FOR-US: EyouCMS CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows ...) NOT-FOR-US: Ionize CMS CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulner ...) NOT-FOR-US: 74cmsSE CVE-2022-26270 RESERVED CVE-2022-26269 (Suzuki Connect v1.0.15 allows attackers to tamper with displayed messa ...) NOT-FOR-US: Suzuki Connect CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: Xiaohuanxiong CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...) - piwigo CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...) - piwigo CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote comma ...) NOT-FOR-US: Contao Managed Edition CVE-2022-26264 RESERVED CVE-2022-26263 (Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scrip ...) NOT-FOR-US: Yonyou u8 CVE-2022-26262 RESERVED CVE-2022-26261 RESERVED CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...) NOT-FOR-US: Simple-Plist CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...) NOT-FOR-US: Xiongmai CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain remote command execu ...) NOT-FOR-US: D-Link CVE-2022-26257 RESERVED CVE-2022-26256 RESERVED CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary code execu ...) NOT-FOR-US: Clash for Windows CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovere ...) NOT-FOR-US: WoWonder CVE-2022-26253 RESERVED CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory traversal ...) NOT-FOR-US: aaPanel CVE-2022-26251 (The HTTP interface of Synaman v5.1 and below was discovered to allow a ...) NOT-FOR-US: Synaman CVE-2022-26250 (Synaman v5.1 and below was discovered to contain weak file permissions ...) NOT-FOR-US: Synaman CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when exporting excel ...) NOT-FOR-US: Survey King CVE-2022-26248 RESERVED CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via the com ...) NOT-FOR-US: TMS CVE-2022-26246 (TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vul ...) NOT-FOR-US: TMS CVE-2022-26245 (Falcon-plus v0.3 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: Falcon-plus CVE-2022-26244 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) NOT-FOR-US: Hospital Management System CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) NOT-FOR-US: Tenda CVE-2022-26242 RESERVED CVE-2022-26241 RESERVED CVE-2022-26240 (The default privileges for the running service Normand Message Buffer ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26239 (The default privileges for the running service Normand License Manager ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26238 (The default privileges for the running service Normand Service Manager ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26237 (The default privileges for the running service Normand Viewer Service ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26236 (The default privileges for the running service Normand Remisol Advance ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance v2.0.12.1 and be ...) NOT-FOR-US: Beckman Coulter Remisol Advance CVE-2022-26234 RESERVED CVE-2022-26233 (Barco Control Room Management through Suite 2.9 Build 0275 was discove ...) NOT-FOR-US: Barco Control Room Management CVE-2022-26232 RESERVED CVE-2022-26231 RESERVED CVE-2022-26230 RESERVED CVE-2022-26229 RESERVED CVE-2022-26228 RESERVED CVE-2022-26227 RESERVED CVE-2022-26226 RESERVED CVE-2022-26225 RESERVED CVE-2022-26224 RESERVED CVE-2022-26223 RESERVED CVE-2022-26222 RESERVED CVE-2022-26221 RESERVED CVE-2022-26220 RESERVED CVE-2022-26219 RESERVED CVE-2022-26218 RESERVED CVE-2022-26217 RESERVED CVE-2022-26216 RESERVED CVE-2022-26215 RESERVED CVE-2022-26214 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26213 (Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to cont ...) NOT-FOR-US: TOTOLINK CVE-2022-26212 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26211 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26210 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26209 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26208 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26207 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26206 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) NOT-FOR-US: TOTOLINK CVE-2022-26205 (Marky commit 3686565726c65756e was discovered to contain a remote code ...) NOT-FOR-US: Marky CVE-2022-26204 RESERVED CVE-2022-26203 RESERVED CVE-2022-26202 RESERVED CVE-2022-26201 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Victor CMS CVE-2022-26200 REJECTED CVE-2022-26199 RESERVED CVE-2022-26198 (Notable v1.8.4 does not filter text editing, allowing attackers to exe ...) NOT-FOR-US: Notable CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting (XSS) vuln ...) NOT-FOR-US: Joget CVE-2022-26196 RESERVED CVE-2022-26195 RESERVED CVE-2022-26194 RESERVED CVE-2022-26193 RESERVED CVE-2022-26192 RESERVED CVE-2022-26191 RESERVED CVE-2022-26190 RESERVED CVE-2022-26189 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-26188 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-26187 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-26186 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2022-26185 RESERVED CVE-2022-26184 (Poetry v1.1.9 and below was discovered to contain an untrusted search ...) - poetry (Fixed before initial release) CVE-2022-26183 (PNPM v6.15.1 and below was discovered to contain an untrusted search p ...) - pnpm (bug #985669) CVE-2022-26182 RESERVED CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-bu ...) - lepton NOTE: https://github.com/dropbox/lepton/issues/154 CVE-2022-26180 (qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/my ...) NOT-FOR-US: qdPM CVE-2022-26179 RESERVED CVE-2022-26178 RESERVED CVE-2022-26177 RESERVED CVE-2022-26176 RESERVED CVE-2022-26175 RESERVED CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...) NOT-FOR-US: Beekeeper Studio CVE-2022-26173 (JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery ( ...) NOT-FOR-US: JForum2 CVE-2022-26172 RESERVED CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL injection ...) NOT-FOR-US: Bank Management System CVE-2022-26170 (Simple Mobile Comparison Website v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Mobile Comparison Website CVE-2022-26169 (Air Cargo Management System v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Air Cargo Management System CVE-2022-26168 RESERVED CVE-2022-26167 RESERVED CVE-2022-26166 RESERVED CVE-2022-26165 RESERVED CVE-2022-26164 RESERVED CVE-2022-26163 RESERVED CVE-2022-26162 RESERVED CVE-2022-26161 RESERVED CVE-2022-26160 RESERVED CVE-2022-26159 (The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote ...) NOT-FOR-US: Ametys CMS CVE-2022-26158 (An issue was discovered in the web application in Cherwell Service Man ...) NOT-FOR-US: Cherwell Service Management (CSM) CVE-2022-26157 (An issue was discovered in the web application in Cherwell Service Man ...) NOT-FOR-US: Cherwell Service Management (CSM) CVE-2022-26156 (An issue was discovered in the web application in Cherwell Service Man ...) NOT-FOR-US: Cherwell Service Management (CSM) CVE-2022-26155 (An issue was discovered in the web application in Cherwell Service Man ...) NOT-FOR-US: Cherwell Service Management (CSM) CVE-2022-26154 RESERVED CVE-2022-26153 RESERVED CVE-2022-26152 RESERVED CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10. ...) NOT-FOR-US: Citrix XenMobile Server CVE-2022-26150 RESERVED CVE-2022-26080 (Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus S ...) NOT-FOR-US: ABB CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...) NOT-FOR-US: Mind Workbench CVE-2022-0812 (An information leak flaw was found in NFS over RDMA in the net/sunrpc/ ...) {DSA-5173-1 DLA-3065-1} - linux 5.7.10-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058955 NOTE: https://git.kernel.org/linus/912288442cb2f431bf3c8cb097a5de83bc6dbac1 (5.8-rc6) CVE-2022-0810 RESERVED CVE-2022-0809 (Out of bounds memory access in WebXR in Google Chrome prior to 99.0.48 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0808 (Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0807 (Inappropriate implementation in Autofill in Google Chrome prior to 99. ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0806 (Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a r ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0805 (Use after free in Browser Switcher in Google Chrome prior to 99.0.4844 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0804 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0803 (Inappropriate implementation in Permissions in Google Chrome prior to ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0802 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0801 (Inappropriate implementation in HTML parser in Google Chrome prior to ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0800 (Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0799 (Insufficient policy enforcement in Installer in Google Chrome on Windo ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0798 (Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 a ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0797 (Out of bounds memory access in Mojo in Google Chrome prior to 99.0.484 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0796 (Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0795 (Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0794 (Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allo ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0793 (Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0792 (Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 all ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0791 (Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allow ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0790 (Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allow ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 a ...) {DSA-5089-1} - chromium 99.0.4844.51-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...) NOT-FOR-US: WordPress plugin CVE-2022-0786 (The KiviCare WordPress plugin before 2.3.9 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 ...) NOT-FOR-US: WordPress plugin CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...) NOT-FOR-US: WordPress plugin CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate the file ...) NOT-FOR-US: WordPress plugin CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...) {DSA-5103-1 DLA-2953-1 DLA-2952-1} - openssl 1.1.1n-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20220315.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 (OpenSSL_1_1_1n) CVE-2022-0777 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) NOT-FOR-US: microweber CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.j ...) NOT-FOR-US: hakimel/reveal.js CVE-2022-0775 (The WooCommerce WordPress plugin before 6.2.1 does not have proper aut ...) NOT-FOR-US: WordPress plugin CVE-2022-0774 RESERVED CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...) NOT-FOR-US: WordPress plugin CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, ...) NOT-FOR-US: WordPress plugin CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...) NOT-FOR-US: rudloff/alltube CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...) NOT-FOR-US: MODX Revolution CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...) - grafana CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...) NOT-FOR-US: Quectel RG502Q-EA modem CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) NOT-FOR-US: Tricentis qTest CVE-2022-26145 RESERVED CVE-2022-26144 (An XSS issue was discovered in MantisBT before 2.25.3. Improper escapi ...) - mantis CVE-2022-26143 (The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 F ...) NOT-FOR-US: Mitel CVE-2022-26142 RESERVED CVE-2022-26141 RESERVED CVE-2022-26140 RESERVED CVE-2022-26139 RESERVED CVE-2022-26138 (The Atlassian Questions For Confluence app for Confluence Server and D ...) NOT-FOR-US: Atlassian CVE-2022-26137 (A vulnerability in multiple Atlassian products allows a remote, unauth ...) NOT-FOR-US: Atlassian CVE-2022-26136 (A vulnerability in multiple Atlassian products allows a remote, unauth ...) NOT-FOR-US: Atlassian CVE-2022-26135 (A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...) NOT-FOR-US: Atlassian CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) NOT-FOR-US: Atlassian Confluence Server and Data Center CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...) NOT-FOR-US: Atlassian Bitbucket Data Center CVE-2022-26132 RESERVED CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) - calibre-web (bug #982690) CVE-2022-0766 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) - calibre-web (bug #982690) CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...) NOT-FOR-US: Tor Browser (on Windows) CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...) - linux 5.16.7-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884 NOTE: https://git.kernel.org/linus/23f57406b82de51809d5812afd96f210f8b627f3 CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1008010) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/10503 NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26128) CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1008010) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/10502 NOTE: Fixed by https://github.com/FRRouting/frr/issues/10504 (together with CVE-2022-26129) CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1008010) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/10487 NOTE: Fixed by https://github.com/FRRouting/frr/pull/10494 CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1008010) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/10505 NOTE: Fixed by https://github.com/FRRouting/frr/pull/10566 CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) {DLA-3797-1} - frr 8.4.1-1 (bug #1008010) [bullseye] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/10507 NOTE: Fix (8.2): https://github.com/FRRouting/frr/pull/10542 NOTE: Fix (8.3): https://github.com/FRRouting/frr/pull/10517 CVE-2022-26122 (An insufficient verification of data authenticity vulnerability [CWE-3 ...) NOT-FOR-US: FortiGuard CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability [CWE-668] in For ...) NOT-FOR-US: FortiGuard CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...) NOT-FOR-US: Fortinet CVE-2022-26119 (A improper authentication vulnerability in Fortinet FortiSIEM before 6 ...) NOT-FOR-US: FortiGuard CVE-2022-26118 (A privilege chaining vulnerability [CWE-268] in FortiManager and Forti ...) NOT-FOR-US: Fortinet CVE-2022-26117 (An empty password in configuration file vulnerability [CWE-258] in For ...) NOT-FOR-US: Fortinet CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...) NOT-FOR-US: Fortiguard FortiNAC CVE-2022-26115 (A use of password hash with insufficient computational effort vulnerab ...) NOT-FOR-US: Fortinet CVE-2022-26114 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...) NOT-FOR-US: Fortinet CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and ...) NOT-FOR-US: Apache Pinot CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26002 (A stack-based buffer overflow vulnerability exists in the console fact ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-25995 (A command execution vulnerability exists in the console inhand functio ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...) NOT-FOR-US: WordPress plugin CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...) NOT-FOR-US: strapi CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2022-0762 (Incorrect Authorization in GitHub repository microweber/microweber pri ...) NOT-FOR-US: microweber CVE-2021-4224 RESERVED CVE-2022-26111 (The BeanShell components of IRISNext through 9.8.28 allow execution of ...) NOT-FOR-US: IRISNext CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before ...) {DSA-5144-1 DLA-2984-1} - condor 23.2.0+dfsg-1 (bug #1008634) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003 NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16) NOTE: https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16) CVE-2022-26109 (When a user opens a manipulated Portable Document Format (.pdf, PDFVie ...) NOT-FOR-US: SAP CVE-2022-26108 (When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) receiv ...) NOT-FOR-US: SAP CVE-2022-26107 (When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d ...) NOT-FOR-US: SAP CVE-2022-26106 (When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmC ...) NOT-FOR-US: SAP CVE-2022-26105 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-26104 (SAP Financial Consolidation - version 10.1, does not perform necessary ...) NOT-FOR-US: SAP CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging Framework ...) NOT-FOR-US: SAP CVE-2022-26102 (Due to missing authorization check, SAP NetWeaver Application Server f ...) NOT-FOR-US: SAP CVE-2022-26101 (Fiori launchpad - versions 754, 755, 756, does not sufficiently encode ...) NOT-FOR-US: Fiori launchpad CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input validation on ...) NOT-FOR-US: SAPCAR CVE-2022-26099 (Null pointer dereference vulnerability in parser_infe function of libs ...) NOT-FOR-US: Samsung CVE-2022-26098 (Heap-based buffer overflow vulnerability in sheifd_create function of ...) NOT-FOR-US: Samsung CVE-2022-26097 (Null pointer dereference vulnerability in parser_unknown_property func ...) NOT-FOR-US: Samsung CVE-2022-26096 (Null pointer dereference vulnerability in parser_ispe function in libs ...) NOT-FOR-US: Samsung CVE-2022-26095 (Null pointer dereference vulnerability in parser_colr function in libs ...) NOT-FOR-US: Samsung CVE-2022-26094 (Null pointer dereference vulnerability in parser_auxC function in libs ...) NOT-FOR-US: Samsung CVE-2022-26093 (Null pointer dereference vulnerability in parser_irot function in libs ...) NOT-FOR-US: Samsung CVE-2022-26092 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...) NOT-FOR-US: Samsung CVE-2022-26091 (Improper access control vulnerability in Knox Manage prior to SMR Apr- ...) NOT-FOR-US: Samsung CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior to SMR ...) NOT-FOR-US: Samsung CVE-2022-26089 RESERVED CVE-2022-26088 (An issue was discovered in BMC Remedy before 22.1. Email-based Inciden ...) NOT-FOR-US: BMC Remedy CVE-2022-0761 RESERVED CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) NOT-FOR-US: WordPress plugin CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...) - ruby-kubeclient 4.9.3-1 (bug #1014780) [bullseye] - ruby-kubeclient (Minor issue) [buster] - ruby-kubeclient (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404 NOTE: https://github.com/ManageIQ/kubeclient/issues/554 NOTE: https://github.com/ManageIQ/kubeclient/pull/556 NOTE: https://github.com/ManageIQ/kubeclient/issues/555 NOTE: https://github.com/ManageIQ/kubeclient/pull/556 CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...) - pistache (Fixed with initial upload to Debian) NOTE: https://github.com/pistacheio/pistache/pull/1065 NOTE: https://github.com/pistacheio/pistache/commit/4ba6da096611d11849aa37ee342c032a306ee885 (0.0.5) CVE-2022-26066 RESERVED CVE-2022-26063 RESERVED CVE-2022-26060 RESERVED CVE-2022-26050 RESERVED CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before 3.37.2. It ...) NOT-FOR-US: com.diffplug.gradle:goomph CVE-2022-26048 RESERVED CVE-2022-26046 RESERVED CVE-2022-26044 RESERVED CVE-2022-26040 RESERVED CVE-2022-26036 RESERVED CVE-2022-26035 RESERVED CVE-2022-26033 RESERVED CVE-2022-26030 RESERVED CVE-2022-26029 RESERVED CVE-2022-26025 RESERVED CVE-2022-26021 RESERVED CVE-2022-26020 (An information disclosure vulnerability exists in the router configura ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-26018 RESERVED CVE-2022-26016 RESERVED CVE-2022-26015 RESERVED CVE-2022-26014 RESERVED CVE-2022-26012 RESERVED CVE-2022-26011 RESERVED CVE-2022-26010 RESERVED CVE-2022-26008 RESERVED CVE-2022-26005 RESERVED CVE-2022-26004 RESERVED CVE-2022-26003 RESERVED CVE-2022-26001 RESERVED CVE-2022-26000 RESERVED CVE-2022-25998 RESERVED CVE-2022-25994 RESERVED CVE-2022-25993 RESERVED CVE-2022-25991 RESERVED CVE-2022-25988 RESERVED CVE-2022-25985 RESERVED CVE-2022-25984 RESERVED CVE-2022-25983 RESERVED CVE-2022-25982 RESERVED CVE-2022-25981 RESERVED CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to Cross-s ...) NOT-FOR-US: Node jsuites CVE-2022-25978 (All versions of the package github.com/usememos/memos/server are vulne ...) NOT-FOR-US: github.com/usememos/memos/server CVE-2022-25977 RESERVED CVE-2022-25975 RESERVED CVE-2022-25974 RESERVED CVE-2022-25973 (All versions of package mc-kill-port are vulnerable to Arbitrary Comma ...) NOT-FOR-US: Node mc-kill-port CVE-2022-25971 RESERVED CVE-2022-25970 RESERVED CVE-2022-25967 (Versions of the package eta before 2.0.0 are vulnerable to Remote Code ...) NOT-FOR-US: Eta CVE-2022-25965 RESERVED CVE-2022-25964 RESERVED CVE-2022-25963 RESERVED CVE-2022-25962 (All versions of the package vagrant.js are vulnerable to Command Injec ...) NOT-FOR-US: vagrant.js CVE-2022-25961 RESERVED CVE-2022-25956 RESERVED CVE-2022-25955 RESERVED CVE-2022-25954 RESERVED CVE-2022-25953 RESERVED CVE-2022-25951 RESERVED CVE-2022-25950 RESERVED CVE-2022-25948 (The package liquidjs before 10.0.0 are vulnerable to Information Expos ...) NOT-FOR-US: Node liquidjs CVE-2022-25947 RESERVED CVE-2022-25945 RESERVED CVE-2022-25944 RESERVED CVE-2022-25941 RESERVED CVE-2022-25940 (All versions of package lite-server are vulnerable to Denial of Servic ...) NOT-FOR-US: Node lite-server CVE-2022-25939 RESERVED CVE-2022-25938 RESERVED CVE-2022-25937 (Versions of the package glance before 3.0.9 are vulnerable to Director ...) NOT-FOR-US: Node glance CVE-2022-25936 (Versions of the package servst before 2.0.3 are vulnerable to Director ...) NOT-FOR-US: Node servst CVE-2022-25935 RESERVED CVE-2022-25934 RESERVED CVE-2022-25933 RESERVED CVE-2022-25931 (All versions of package easy-static-server are vulnerable to Directory ...) NOT-FOR-US: Node easy-static-server CVE-2022-25930 RESERVED CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to C ...) NOT-FOR-US: Node smoothie CVE-2022-25928 RESERVED CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...) - node-ua-parser-js 0.8.1+ds+~0.7.36-3 [bullseye] - node-ua-parser-js (Minor issue) [buster] - node-ua-parser-js (Minor issue, ReDoS) NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411 NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450 NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3 CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to ...) NOT-FOR-US: Node window-control CVE-2022-25925 RESERVED CVE-2022-25924 RESERVED CVE-2022-25923 (Versions of the package exec-local-bin before 1.2.0 are vulnerable to ...) NOT-FOR-US: Node exec-local-bin CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...) NOT-FOR-US: Node morgan-json CVE-2022-25919 RESERVED CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...) NOT-FOR-US: shescape CVE-2022-25916 (Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to C ...) NOT-FOR-US: Node mt7688-wiscan CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...) NOT-FOR-US: com.google.cloud.tools:jib-core CVE-2022-25913 RESERVED CVE-2022-25912 (The package simple-git before 3.15.0 are vulnerable to Remote Code Exe ...) NOT-FOR-US: Node simple-git CVE-2022-25911 RESERVED CVE-2022-25910 RESERVED CVE-2022-25908 (All versions of the package create-choo-electron are vulnerable to Com ...) NOT-FOR-US: create-choo-electron stability CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Poll ...) NOT-FOR-US: voodoocreation/ts-deepmerge CVE-2022-25906 (All versions of the package is-http2 are vulnerable to Command Injecti ...) NOT-FOR-US: Node is-http2 CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node safe-eval CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...) NOT-FOR-US: Rust crate opcua CVE-2022-25902 RESERVED CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...) {DLA-3561-1} - node-cookiejar 2.1.4+~2.1.2-1 [bullseye] - node-cookiejar 2.1.2-1+deb11u1 NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 NOTE: https://github.com/bmeck/node-cookiejar/pull/39 NOTE: https://github.com/bmeck/node-cookiejar/commit/a9a320c3c49d65df491f5721969cfbf9e128d9af NOTE: https://github.com/bmeck/node-cookiejar/commit/eaa00021caf6ae09449dde826108153b578348e5 NOTE: https://github.com/bmeck/node-cookiejar/commit/ccb012da6dcfd58aaed792824f83d7227df8dea1 CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Injection ...) NOT-FOR-US: Node git-clone CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...) NOT-FOR-US: Node jsrsasign CVE-2022-25897 (The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to ...) NOT-FOR-US: org.eclipse.milo:sdk-server CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs in or ...) - passportjs 0.6.0+~1.0.0-1 (bug #1014385) [bullseye] - passportjs (Minor issue) [buster] - passportjs (Minor issue) NOTE: https://github.com/jaredhanson/passport/commit/42630cbd1ffd44d146ff96f0a4be6f3c12f81d75 (v0.6.0) NOTE: https://github.com/jaredhanson/passport/pull/900 NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to Directory Tr ...) NOT-FOR-US: Node lite-dev-server CVE-2022-25894 (All versions of the package com.bstek.uflo:uflo-core are vulnerable to ...) NOT-FOR-US: com.bstek.uflo:uflo-core CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Executi ...) NOT-FOR-US: Node vm2 CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all v ...) NOT-FOR-US: Muhammara Nodejs module CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...) NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util CVE-2022-25890 (All versions of the package wifey are vulnerable to Command Injection ...) NOT-FOR-US: wifey CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...) NOT-FOR-US: Rust crate opcua CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...) - node-sanitize-html 2.7.1+~2.6.2-1 (bug #1019219) NOTE: https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c (2.7.1) NOTE: https://github.com/apostrophecms/sanitize-html/pull/557 NOTE: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 CVE-2022-25886 RESERVED CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package hummus are ...) NOT-FOR-US: Muhammara Nodejs module CVE-2022-25884 RESERVED CVE-2022-25883 (Versions of the package semver before 7.5.2 are vulnerable to Regular ...) - node-semver 7.5.4+~7.5.0-1 [bookworm] - node-semver (Minor issue) [bullseye] - node-semver (Minor issue) [buster] - node-semver (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 NOTE: https://github.com/npm/node-semver/pull/564 NOTE: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 (v7.5.2) CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to Directory ...) NOT-FOR-US: onnx CVE-2022-25881 (This affects versions of the package http-cache-semantics before 4.1.1 ...) NOT-FOR-US: Node http-cache-semantics CVE-2022-25879 RESERVED CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype Pollu ...) NOT-FOR-US: protobufjs/protobuf.js CVE-2022-25877 RESERVED CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to Server-sid ...) NOT-FOR-US: Node link-preview-js CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site Scriptin ...) NOT-FOR-US: svelte CVE-2022-25874 RESERVED CVE-2022-25873 (The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable ...) NOT-FOR-US: Node vuetify CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out-of-bo ...) NOT-FOR-US: Node fast-string-search CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node querymen CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...) - angular.js (bug #1036694) [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to ...) NOT-FOR-US: socket.io-client-java CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Command I ...) NOT-FOR-US: git-php CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...) NOT-FOR-US: microsoft/workspace-tools CVE-2022-25863 (The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.1 ...) NOT-FOR-US: Node gatsby-plugin-mdx CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tricked ...) NOT-FOR-US: Node sds CVE-2022-25861 RESERVED CVE-2022-25860 (Versions of the package simple-git before 3.16.0 are vulnerable to Rem ...) NOT-FOR-US: Node simple-git CVE-2022-25859 RESERVED CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...) - node-terser 4.8.1-1 [bullseye] - node-terser (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-TERSER-2806366 NOTE: https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2) NOTE: https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1) CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...) {DLA-3132-1} - snakeyaml 1.31-1 (bug #1019218) [bullseye] - snakeyaml 1.28-1+deb11u1 NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525 NOTE: https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...) NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to Command ...) NOT-FOR-US: create-choo-app3 CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...) NOT-FOR-US: Tagify CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...) NOT-FOR-US: Node semver-tags CVE-2022-25852 (All versions of package pg-native; all versions of package libpq are v ...) NOT-FOR-US: Node pgnative CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...) NOT-FOR-US: jpeg-js CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...) NOT-FOR-US: hoppscotch proxyscotch CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site S ...) NOT-FOR-US: joyqi/hyper-down CVE-2022-25848 (This affects all versions of package static-dev-server. This is becaus ...) NOT-FOR-US: static-dev-server CVE-2022-25847 (All versions of the package serve-lite are vulnerable to Cross-site Sc ...) NOT-FOR-US: serve-lite CVE-2022-25846 RESERVED CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...) NOT-FOR-US: com.alibaba:fastjson CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...) - angular.js (bug #1014779) [bookworm] - angular.js (Minor issue) [bullseye] - angular.js (Minor issue) [buster] - angular.js (Minor issue, probably even not-affected) [stretch] - angular.js (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735 CVE-2022-25843 RESERVED CVE-2022-25842 (All versions of package com.alibaba.oneagent:one-java-agent-plugin are ...) NOT-FOR-US: alibaba one-java-agent CVE-2022-25840 RESERVED CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input Valid ...) NOT-FOR-US: Node url-js CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are vulnera ...) NOT-FOR-US: youseries/ureport CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...) NOT-FOR-US: NodeJS ungit CVE-2022-25765 (The package pdfkit from 0.0.0 are vulnerable to Command Injection wher ...) NOT-FOR-US: Node pdfkit CVE-2022-25764 RESERVED CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before ...) - open62541 (bug #985909) CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...) NOT-FOR-US: accesslog Nodejs module CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...) NOT-FOR-US: Node convert-svg-core CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...) - node-scss-tokenizer (bug #885456) CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...) {DLA-3303-1} - ruby-git 1.13.1-1 (bug #1009926) [bullseye] - ruby-git (Minor issue) NOTE: https://github.com/ruby-git/ruby-git/pull/569 NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0) NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270 CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...) {DSA-5227-1 DLA-3100-1 DLA-3001-1} - libgoogle-gson-java 2.9.0-1 (bug #1010670) NOTE: https://github.com/google/gson/pull/1991 NOTE: https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9) NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 CVE-2022-25646 (All versions of package x-data-spreadsheet are vulnerable to Cross-sit ...) NOT-FOR-US: Node x-data-spreadsheet CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...) NOT-FOR-US: Node dset CVE-2022-25644 (All versions of package @pendo324/get-process-by-name are vulnerable t ...) NOT-FOR-US: Node @pendo324/get-process-by-name CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node set-in CVE-2022-25353 RESERVED CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...) NOT-FOR-US: libnested CVE-2022-25351 RESERVED CVE-2022-25350 (All versions of the package puppet-facter are vulnerable to Command In ...) NOT-FOR-US: Node puppet-facter (different from src:facter) CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...) - materialize (bug #1014727) NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498 NOTE: https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800 NOTE: https://github.com/materializecss/materialize/blob/main/js/autocomplete.js#L310 NOTE: https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js#L285 CVE-2022-25346 RESERVED CVE-2022-25345 (All versions of package @discordjs/opus are vulnerable to Denial of Se ...) NOT-FOR-US: @discordjs/opus CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...) NOT-FOR-US: justmoon/node-bignum CVE-2022-25304 (All versions of package opcua; all versions of package asyncua are vul ...) - python-opcua (bug #1021274) [bullseye] - python-opcua (Minor issue) [buster] - python-opcua (Minor issue) NOTE: https://github.com/FreeOpcUa/python-opcua/issues/1466 NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-OPCUA-2988730 CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...) NOT-FOR-US: whoogle-search CVE-2022-25302 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...) NOT-FOR-US: ASNeG/OpcUaStack CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...) NOT-FOR-US: jsgui-lang-essentials CVE-2022-25300 RESERVED CVE-2022-25233 RESERVED CVE-2022-25232 RESERVED CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) NOT-FOR-US: node-opcua/node-opcua CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...) NOT-FOR-US: Node p4 CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort before 1.1. ...) NOT-FOR-US: com.fasterxml.util:java-merge-sort CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...) NOT-FOR-US: github.com/runatlantis/atlantis CVE-2022-24909 RESERVED CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code Injection when ...) NOT-FOR-US: Snyk CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1 ...) NOT-FOR-US: cocoapods-downloader CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote Code Execut ...) {DLA-3502-1} - python-git 3.1.30-1 (bug #1027163) [bullseye] - python-git (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 NOTE: https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30) NOTE: https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30) NOTE: Follow-up fix: https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd (3.1.32, pending CVE request with Snyk) CVE-2022-24438 RESERVED CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...) NOT-FOR-US: Node git-pull-or-clone CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker can s ...) - node-superagent (Vulnerable code only exists in Debian autopkgtest support) NOTE: https://github.com/mscdex/busboy/issues/250 NOTE: https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865 NOTE: https://snyk.io/vuln/SNYK-JS-DICER-2311764 CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...) NOT-FOR-US: simple-git CVE-2022-24431 (All versions of package abacus-ext-cmdline are vulnerable to Command I ...) NOT-FOR-US: abacus-ext-cmdline CVE-2022-24430 RESERVED CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...) NOT-FOR-US: Node convert-svg-core CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...) NOT-FOR-US: ASNeG/OpcUaStack CVE-2022-24377 (The package cycle-import-check before 1.3.2 are vulnerable to Command ...) NOT-FOR-US: cycle-import-check CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...) NOT-FOR-US: Node git-promise CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) NOT-FOR-US: node-opcua/node-opcua CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are vulnerable t ...) NOT-FOR-US: react-native-reanimated CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...) NOT-FOR-US: FreeOpcUa/freeopcua CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...) NOT-FOR-US: madlib-object-utils CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...) NOT-FOR-US: Node convert-svg-core CVE-2022-24068 RESERVED CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...) NOT-FOR-US: simple-git CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...) - cookiecutter 2.6.0-1 (bug #1013279) [bookworm] - cookiecutter (Minor issue) [bullseye] - cookiecutter (Minor issue) [buster] - cookiecutter (Minor issue) [stretch] - cookiecutter (Minor issue) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281 NOTE: https://github.com/cookiecutter/cookiecutter/releases/tag/2.1.1 NOTE: https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77 CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...) NOT-FOR-US: Node jailed CVE-2022-23920 RESERVED CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...) - weblate (bug #745661) CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3. This ...) NOT-FOR-US: Node ipc CVE-2022-23811 RESERVED CVE-2022-22984 (The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2 ...) NOT-FOR-US: Snyk CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node convict CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Denial of ...) NOT-FOR-US: Node fast-string-search CVE-2022-21811 RESERVED CVE-2022-21810 (All versions of the package smartctl are vulnerable to Command Injecti ...) NOT-FOR-US: Node smartctl CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...) NOT-FOR-US: node nconf CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...) NOT-FOR-US: grapejs CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...) {DLA-3193-2} - joblib 1.2.0-1 (bug #1020820) [bullseye] - joblib 0.17.0-4+deb11u1 NOTE: https://github.com/joblib/joblib/issues/1128 NOTE: https://github.com/joblib/joblib/pull/1321 NOTE: Better fix: https://github.com/joblib/joblib/pull/1327 NOTE: Fixed by: https://github.com/joblib/joblib/commit/54f4d21f098591c77b48c9acfffaa4cf0a45282b (1.2.0) NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033 CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...) NOT-FOR-US: github.com/masterminds/vcs CVE-2022-21232 RESERVED CVE-2022-21231 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node deep-get-set CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd. Whenever ...) NOT-FOR-US: NanoHTTPD Java CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Service ( ...) - node-sqlite3 5.0.6+ds1-1 [bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u1 [buster] - node-sqlite3 (Vulnerable code introduced later) [stretch] - node-sqlite3 (Nodejs in stretch not covered by security support) NOTE: https://github.com/advisories/GHSA-9qrh-qjmc-5w2p NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a (v5.0.3) NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645 NOTE: Introduced by: https://github.com/TryGhost/node-sqlite3/commit/dd3ef522088bb5cafede25b9fe661f892b6f10ba (v5.0.0) CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...) NOT-FOR-US: cocoapods-downloader CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...) {DLA-3350-1} - node-css-what 5.0.1-1 (bug #1032188) [bullseye] - node-css-what 4.0.0-3+deb11u1 NOTE: https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 NOTE: ReDoS issue fixed with rewrite of module to TypeScript NOTE: Not fixed in 4.0.0 see https://sources.debian.org/src/node-css-what/4.0.0-3/src/parse.ts/#L84 NOTE: Fixed by https://github.com/fb55/css-what/pull/503/commits/46b0dbd6f38fb375da02208426f93f87f7169b7e CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...) NOT-FOR-US: github.com/valyala/fasthttp CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...) NOT-FOR-US: mout CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...) NOT-FOR-US: Node posix CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) NOT-FOR-US: node-opcua/node-opcua CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...) NOT-FOR-US: AlexFlipnote/url_regex CVE-2022-21192 (All versions of the package serve-lite are vulnerable to Directory Tra ...) NOT-FOR-US: serve-lite CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...) NOT-FOR-US: Node global-modules-path CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...) NOT-FOR-US: Node convict CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...) NOT-FOR-US: dexie CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...) NOT-FOR-US: libvcs CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable ...) NOT-FOR-US: acrontum/filesystem-template CVE-2022-21169 (The package express-xss-sanitizer before 1.1.3 are vulnerable to Proto ...) NOT-FOR-US: express-xss-sanitizer CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary ...) NOT-FOR-US: masuit.tools CVE-2022-21165 (All versions of package font-converter are vulnerable to Arbitrary Com ...) NOT-FOR-US: zgec/node-js-font-converter CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...) NOT-FOR-US: Node lmdb CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core before 6 ...) NOT-FOR-US: s-cart/core CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the libxm ...) NOT-FOR-US: Node libxmljs CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are vulnerable to Com ...) NOT-FOR-US: nemo-appium CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to ...) NOT-FOR-US: com.github.samtools:htsjdk CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...) NOT-FOR-US: Node metacalc CVE-2022-0758 (Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cr ...) NOT-FOR-US: Rapid7 Nexpose CVE-2022-0757 (Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL I ...) NOT-FOR-US: Rapid7 Nexpose CVE-2022-0756 (Missing Authorization in GitHub repository salesagility/suitecrm prior ...) NOT-FOR-US: SuiteCRM CVE-2022-0755 (Missing Authorization in GitHub repository salesagility/suitecrm prior ...) NOT-FOR-US: SuiteCRM CVE-2022-0754 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12 ...) NOT-FOR-US: SuiteCRM CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) NOT-FOR-US: Hestia Control Panel CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hes ...) NOT-FOR-US: Hestia Control Panel CVE-2022-0751 (Inaccurate display of Snippet files containing special characters in a ...) [experimental] - gitlab 14.6.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socket cli ...) NOT-FOR-US: SinGooCMS CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...) NOT-FOR-US: Node post-loader CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...) - dolibarr CVE-2022-0745 (The Like Button Rating WordPress plugin before 2.6.45 allows any logge ...) NOT-FOR-US: WordPress plugin CVE-2022-0744 RESERVED CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...) NOT-FOR-US: Laravel Fortify CVE-2022-25837 (Bluetooth\xae Pairing in Bluetooth Core Specification v1.0B through v5 ...) NOT-FOR-US: Bluetooth protocol issue CVE-2022-25836 (Bluetooth\xae Low Energy Pairing in Bluetooth Core Specification v4.0 ...) NOT-FOR-US: Bluetooth protocol issue CVE-2022-25835 RESERVED CVE-2022-25834 (In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, ...) - percona-xtrabackup CVE-2022-25833 (Improper authentication in ImsService prior to SMR Apr-2022 Release 1 ...) NOT-FOR-US: Samsung CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR Apr-202 ...) NOT-FOR-US: Samsung CVE-2022-25831 (Improper access control vulnerability in S Secure prior to SMR Apr-202 ...) NOT-FOR-US: Samsung CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin prior to ve ...) NOT-FOR-US: Samsung CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin prior to ve ...) NOT-FOR-US: Samsung CVE-2022-25828 (Information Exposure vulnerability in Watch Active Plugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-25827 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-25826 (Information Exposure vulnerability in Galaxy S3 Plugin prior to versio ...) NOT-FOR-US: Samsung CVE-2022-25825 (Improper access control vulnerability in Samsung Account prior to vers ...) NOT-FOR-US: Samsung CVE-2022-25824 (Improper access control vulnerability in BixbyTouch prior to version 2 ...) NOT-FOR-US: Samsung CVE-2022-25823 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-25822 (An use after free vulnerability in sdp driver prior to SMR Mar-2022 Re ...) NOT-FOR-US: Samsung CVE-2022-25821 (Improper use of SMS buffer pointer in Shannon baseband prior to SMR Ma ...) NOT-FOR-US: Samsung CVE-2022-25820 (A vulnerable design in fingerprint matching algorithm prior to SMR Mar ...) NOT-FOR-US: Samsung CVE-2022-25819 (OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Rele ...) NOT-FOR-US: Samsung CVE-2022-25818 (Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 a ...) NOT-FOR-US: Samsung CVE-2022-25817 (Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 ...) NOT-FOR-US: Samsung CVE-2022-25816 (Improper authentication in Samsung Lock and mask apps setting prior to ...) NOT-FOR-US: Samsung CVE-2022-25815 (PendingIntent hijacking vulnerability in Weather application prior to ...) NOT-FOR-US: Samsung CVE-2022-25814 (PendingIntent hijacking vulnerability in Wearable Manager Installer pr ...) NOT-FOR-US: Samsung CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...) NOT-FOR-US: Grav CMS CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the ...) {DLA-2979-1} [experimental] - usbguard 1.1.0+ds-1 - usbguard 1.1.0+ds-2 (bug #1008026) [bullseye] - usbguard (Minor issue) [buster] - usbguard (Minor issue) NOTE: https://github.com/USBGuard/usbguard/issues/273 NOTE: https://github.com/USBGuard/usbguard/issues/403 NOTE: https://github.com/USBGuard/usbguard/pull/531 CVE-2022-25813 (In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as ...) NOT-FOR-US: Apache OFBiz CVE-2022-25812 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...) NOT-FOR-US: WordPress plugin CVE-2022-25811 (The Transposh WordPress Translation WordPress plugin through 1.0.8 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-25810 (The Transposh WordPress Translation WordPress plugin through 1.0.8 exp ...) NOT-FOR-US: WordPress plugin CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...) - linux 5.16.14-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2d3916f3189172d5c69d33065c3c21119fe539fc (5.17-rc7) NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3 CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using sendma ...) [experimental] - gitlab 14.6.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0740 (Incorrect authorization in the Asana integration's branch restriction ...) - gitlab 15.10.8+ds1-2 CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...) NOT-FOR-US: WordPress plugin CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab (Vulnerable code introduced later) NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0737 (The Text Hover WordPress plugin before 4.2 does not sanitize and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...) NOT-FOR-US: mlflow CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.6.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-4223 RESERVED CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th Generation Am ...) NOT-FOR-US: Amazon Echo Dot devices CVE-2022-25808 RESERVED CVE-2022-25807 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) NOT-FOR-US: IGEL UMS CVE-2022-25806 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) NOT-FOR-US: IGEL UMS CVE-2022-25805 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) NOT-FOR-US: IGEL UMS CVE-2022-25804 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) NOT-FOR-US: IGEL UMS CVE-2022-25803 (Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect ...) - request-tracker5 5.0.3+dfsg-1 CVE-2022-25802 (Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 ...) {DSA-5181-1} - request-tracker5 5.0.3+dfsg-1 - request-tracker4 4.4.6+dfsg-1 CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...) NOT-FOR-US: Best Practical RT for Incident Response CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...) NOT-FOR-US: Best Practical RT for Incident Response CVE-2022-25799 (An open redirect vulnerability exists in CERT/CC VINCE software prior ...) NOT-FOR-US: CERT/CC VINCE CVE-2022-25798 RESERVED CVE-2022-25797 (A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) NOT-FOR-US: Autodesk CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to execute ...) NOT-FOR-US: Autodesk CVE-2022-25795 (A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 m ...) NOT-FOR-US: Autodesk CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) NOT-FOR-US: Autodesk CVE-2022-25793 (A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, ...) NOT-FOR-US: Autodesk CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) NOT-FOR-US: Autodesk CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in Autodesk A ...) NOT-FOR-US: Autodesk CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) NOT-FOR-US: Autodesk CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022 ...) NOT-FOR-US: Autodesk CVE-2022-25788 (A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to ...) NOT-FOR-US: Autodesk CVE-2022-25787 (Information Exposure Through Query Strings in GET Request vulnerabilit ...) NOT-FOR-US: Secomea CVE-2022-25786 (Unprotected Alternate Channel vulnerability in debug console of GateMa ...) NOT-FOR-US: Secomea CVE-2022-25785 (Stack-based Buffer Overflow vulnerability in SiteManager allows logged ...) NOT-FOR-US: Secomea CVE-2022-25784 (Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager all ...) NOT-FOR-US: Secomea CVE-2022-25783 (Insufficient Logging vulnerability in web server of Secomea GateManage ...) NOT-FOR-US: Secomea CVE-2022-25782 (Improper Handling of Insufficient Privileges vulnerability in Web UI o ...) NOT-FOR-US: Secomea CVE-2022-25781 (Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateMana ...) NOT-FOR-US: Secomea CVE-2022-25780 (Information Exposure vulnerability in web UI of Secomea GateManager al ...) NOT-FOR-US: Secomea CVE-2022-25779 (Logging of Excessive Data vulnerability in audit log of Secomea GateMa ...) NOT-FOR-US: Secomea CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea G ...) NOT-FOR-US: Secomea CVE-2022-25777 RESERVED CVE-2022-25776 RESERVED CVE-2022-25775 RESERVED CVE-2022-25774 RESERVED CVE-2022-25773 RESERVED CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...) NOT-FOR-US: Mautic CVE-2022-25771 RESERVED CVE-2022-25770 RESERVED CVE-2022-25769 RESERVED CVE-2022-25768 RESERVED CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...) {DSA-5206-1 DLA-3279-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-0734 (A cross-site scripting vulnerability was identified in the CGI program ...) NOT-FOR-US: Zyxel CVE-2022-0733 RESERVED CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monitoring ...) NOT-FOR-US: Various vendors for Mobile device monitoring services CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...) - dolibarr CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...) {DLA-3089-1 DLA-3045-1} - php-horde-mime-viewer 2.2.4+debian0-1 NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/ NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28 NOTE: Fixed by: https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 (2.2.4) CVE-2022-25762 (If a web application sends a WebSocket message concurrently with the W ...) - tomcat9 9.0.22-1 - tomcat8 [stretch] - tomcat8 (Possibly backwards incompatible changes) NOTE: https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c (9.0.21) NOTE: https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc (9.0.21) NOTE: https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015 (9.0.21) NOTE: https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183 (9.0.21) NOTE: https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99 (8.5.76) CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys ...) NOT-FOR-US: Apache APISIX CVE-2022-25756 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25755 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25754 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25753 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25752 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) NOT-FOR-US: Siemens SCALANCE CVE-2022-25750 (Memory corruption in BTHOST due to double free while music playback an ...) NOT-FOR-US: Qualcomm CVE-2022-25749 (Transient Denial-of-Service in WLAN due to buffer over-read while pars ...) NOT-FOR-US: Qualcomm CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer overflow w ...) NOT-FOR-US: Qualcomm CVE-2022-25747 (Information disclosure in modem due to improper input validation durin ...) NOT-FOR-US: Qualcomm CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...) NOT-FOR-US: Qualcomm CVE-2022-25745 (Memory corruption in modem due to improper input validation while hand ...) NOT-FOR-US: Qualcomm CVE-2022-25744 RESERVED CVE-2022-25743 (Memory corruption in graphics due to use-after-free while importing gr ...) NOT-FOR-US: Snapdragon CVE-2022-25742 (Denial of service in modem due to infinite loop while parsing IGMPv2 p ...) NOT-FOR-US: Snapdragon CVE-2022-25741 (Denial of service in WLAN due to potential null pointer dereference wh ...) NOT-FOR-US: Snapdragon CVE-2022-25740 (Memory corruption in modem due to buffer overwrite while building an I ...) NOT-FOR-US: Qualcomm CVE-2022-25739 (Denial of service in modem due to missing null check while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25738 (Information disclosure in modem due to buffer over-red while performin ...) NOT-FOR-US: Qualcomm CVE-2022-25737 (Information disclosure in modem due to missing NULL check while readi ...) NOT-FOR-US: Qualcomm CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...) NOT-FOR-US: Qualcomm CVE-2022-25735 (Denial of service in modem due to missing null check while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25734 (Denial of service in modem due to missing null check while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25733 (Denial of service in modem due to null pointer dereference while proce ...) NOT-FOR-US: Qualcomm CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns client ...) NOT-FOR-US: Qualcomm CVE-2022-25731 (Information disclosure in modem due to buffer over-read while processi ...) NOT-FOR-US: Qualcomm CVE-2022-25730 (Information disclosure in modem due to improper check of IP type while ...) NOT-FOR-US: Qualcomm CVE-2022-25729 (Memory corruption in modem due to improper length check while copying ...) NOT-FOR-US: Qualcomm CVE-2022-25728 (Information disclosure in modem due to buffer over-read while processi ...) NOT-FOR-US: Qualcomm CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...) NOT-FOR-US: Snapdragon CVE-2022-25726 (Information disclosure in modem data due to array out of bound access ...) NOT-FOR-US: Qualcomm CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling) NOT-FOR-US: Qualcomm CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...) NOT-FOR-US: Snapdragon CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...) NOT-FOR-US: Snapdragon CVE-2022-25722 (Information exposure in DSP services due to improper handling of freei ...) NOT-FOR-US: Qualcomm CVE-2022-25721 (Memory corruption in video driver due to type confusion error during v ...) NOT-FOR-US: Qualcomm CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...) NOT-FOR-US: Qualcomm CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...) NOT-FOR-US: Qualcomm CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...) NOT-FOR-US: Qualcomm CVE-2022-25717 (Memory corruption in display due to double free while allocating frame ...) NOT-FOR-US: Qualcomm CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access to the ...) NOT-FOR-US: Qualcomm CVE-2022-25715 (Memory corruption in display driver due to incorrect type casting whil ...) NOT-FOR-US: Qualcomm CVE-2022-25714 RESERVED CVE-2022-25713 (Memory corruption in Automotive due to Improper Restriction of Operati ...) NOT-FOR-US: Qualcomm CVE-2022-25712 (Memory corruption in camera due to buffer copy without checking size o ...) NOT-FOR-US: Snapdragon CVE-2022-25711 (Memory corruption in camera due to improper validation of array index ...) NOT-FOR-US: Snapdragon CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...) NOT-FOR-US: Snapdragon CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer offset w ...) NOT-FOR-US: Qualcomm CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...) NOT-FOR-US: Qualcomm CVE-2022-25707 RESERVED CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...) NOT-FOR-US: Qualcomm CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer overflow ...) NOT-FOR-US: Qualcomm CVE-2022-25704 RESERVED CVE-2022-25703 RESERVED CVE-2022-25702 (Denial of service in modem due to reachable assertion while processing ...) NOT-FOR-US: Snapdragon CVE-2022-25701 RESERVED CVE-2022-25700 RESERVED CVE-2022-25699 RESERVED CVE-2022-25698 (Memory corruption in SPI buses due to improper input validation while ...) NOT-FOR-US: Snapdragon CVE-2022-25697 (Memory corruption in i2c buses due to improper input validation while ...) NOT-FOR-US: Snapdragon CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...) NOT-FOR-US: Qualcomm CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...) NOT-FOR-US: Snapdragon CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range pointer offset ...) NOT-FOR-US: Qualcomm CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...) NOT-FOR-US: Qualcomm CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...) NOT-FOR-US: Snapdragon CVE-2022-25691 (Denial of service in Modem due to reachable assertion while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...) NOT-FOR-US: Qualcomm CVE-2022-25689 (Denial of service in Modem due to reachable assertion in Snapdragon Mo ...) NOT-FOR-US: Qualcomm CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...) NOT-FOR-US: Qualcomm CVE-2022-25687 (memory corruption in video due to buffer overflow while parsing asf cl ...) NOT-FOR-US: Snapdragon CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...) NOT-FOR-US: Qualcomm CVE-2022-25685 (Denial of service in Modem module due to improper authorization while ...) NOT-FOR-US: Snapdragon CVE-2022-25684 RESERVED CVE-2022-25683 RESERVED CVE-2022-25682 (Memory corruption in MODEM UIM due to usage of out of range pointer of ...) NOT-FOR-US: Qualcomm CVE-2022-25681 (Possible memory corruption in kernel while performing memory access du ...) NOT-FOR-US: Qualcomm CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while processin ...) NOT-FOR-US: Snapdragon CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...) NOT-FOR-US: Snapdragon CVE-2022-25678 (Memory correction in modem due to buffer overwrite during coap connect ...) NOT-FOR-US: Qualcomm CVE-2022-25677 (Memory corruption in diag due to use after free while processing dci p ...) NOT-FOR-US: Qualcomm CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...) NOT-FOR-US: Snapdragon CVE-2022-25675 (Denial of service due to reachable assertion in modem while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of the WPA ...) NOT-FOR-US: Snapdragon CVE-2022-25673 (Denial of service in MODEM due to reachable assertion while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25672 (Denial of service in MODEM due to reachable assertion while processing ...) NOT-FOR-US: Qualcomm CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in Snapdragon Mo ...) NOT-FOR-US: Snapdragon CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...) NOT-FOR-US: Qualcomm CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...) NOT-FOR-US: Qualcomm CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...) NOT-FOR-US: Snapdragon CVE-2022-25667 (Information disclosure in kernel due to improper handling of ICMP requ ...) NOT-FOR-US: Snapdragon CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...) NOT-FOR-US: Snapdragon CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...) NOT-FOR-US: Snapdragon CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...) NOT-FOR-US: Snapdragon CVE-2022-25663 (Possible buffer overflow due to lack of buffer length check during man ...) NOT-FOR-US: Snapdragon CVE-2022-25662 (Information disclosure due to untrusted pointer dereference in kernel ...) NOT-FOR-US: Snapdragon CVE-2022-25661 (Memory corruption due to untrusted pointer dereference in kernel in Sn ...) NOT-FOR-US: Snapdragon CVE-2022-25660 (Memory corruption due to double free issue in kernel in Snapdragon Aut ...) NOT-FOR-US: Snapdragon CVE-2022-25659 (Memory corruption due to buffer overflow while parsing MKV clips with ...) NOT-FOR-US: Qualcomm CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attempting ...) NOT-FOR-US: Qualcomm CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing inval ...) NOT-FOR-US: Qualcomm CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...) NOT-FOR-US: Qualcomm CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed in WMI U ...) NOT-FOR-US: Qualcomm CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...) NOT-FOR-US: Qualcomm CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...) NOT-FOR-US: Qualcomm CVE-2022-25652 (Cryptographic issues in BSP due to improper hash verification in Snapd ...) NOT-FOR-US: Qualcomm CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...) NOT-FOR-US: Qualcomm components for Android CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2022-25172 (An information disclosure vulnerability exists in the web interface se ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...) NOT-FOR-US: FATEK Automation CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd parse_ping_result ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...) NOT-FOR-US: FATEK Automation CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi functionalit ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-21238 (A cross-site scripting (xss) vulnerability exists in the info.jsp func ...) NOT-FOR-US: InHand Networks InRouter302 CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...) NOT-FOR-US: FATEK Automation CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...) {DSA-5298-1 DLA-3252-1 DLA-2965-1} - cacti 1.2.20+ds1-1 (bug #1008693) NOTE: https://github.com/Cacti/cacti/issues/4562 NOTE: https://github.com/Cacti/cacti/commit/1386bdbf7f845a32e24ac9415f3ebb7932e77fe7 (1.2.x) NOTE: https://github.com/Cacti/cacti/commit/8694bf28edad723585915a97b95fbf5b1816a02b (1.2.x) NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x) CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440) NOTE: Crash in CLI tool, no security impact CVE-2022-0728 (The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...) - peertube (bug #950821) CVE-2022-0726 (Missing Authorization in GitHub repository chocobozzz/peertube prior t ...) - peertube (bug #950821) CVE-2022-0725 (A flaw was found in keepass. The vulnerability occurs due to logging t ...) NOTE: Non-issue, broken report against keepass2, couldn't be reproduced with NOTE: Debian, Fedora and by upstream, see bug #1008022 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052696 NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/da7546b7e1/ NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/ CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...) NOT-FOR-US: microweber CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-0722 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: Node parse-url CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...) NOT-FOR-US: microweber CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper authori ...) NOT-FOR-US: WordPress plugin CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) NOT-FOR-US: microweber CVE-2022-0718 (A flaw was found in python-oslo-utils. Due to improper parsing, passwo ...) {DLA-3106-1} - python-oslo.utils 4.10.1-1 [bullseye] - python-oslo.utils (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850 NOTE: https://bugs.launchpad.net/oslo.utils/+bug/1949623 NOTE: Fixed by: https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa (4.12.1) NOTE: Fixed by: https://opendev.org/openstack/oslo.utils/commit/5ce8a7f0f8ecec7a85a23ec3d7a7fb1cad14ceba (4.10.1) CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with es ...) - seatd 0.6.4-1 (bug #1006308) NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted ch ...) NOT-FOR-US: Obyte (formerly Byteball) Wallet CVE-2022-25641 (Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and Phant ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...) - wolfssl 5.2.0-1 [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 NOTE: https://github.com/wolfSSL/wolfssl/pull/4831 NOTE: https://github.com/wolfSSL/wolfssl/commit/3cdb1c639da94a9dc8c75590d0ec475e7f27c226 (v5.2.0-stable) NOTE: https://github.com/wolfSSL/wolfssl/commit/b60d2dccce9110fd2b985d99063e524e39bdf6f7 (v5.2.0-stable) CVE-2022-25639 RESERVED CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be bypassed during ...) - wolfssl 5.2.0-1 [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 NOTE: https://github.com/wolfSSL/wolfssl/pull/4813 NOTE: https://github.com/wolfSSL/wolfssl/commit/e13861bcde8015bb99ddb034224afb66e2fb89b8 (v5.2.0-stable) NOTE: https://github.com/wolfSSL/wolfssl/commit/08047b2d959ee5e21a4a2c672308f45fec61f059 (v5.2.0-stable) CVE-2022-25637 RESERVED CVE-2022-25635 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system library files ...) - qt6-base (Vulnerable code specific to Windows platform) - qtbase-opensource-src (Vulnerable code specific to Windows platform) - qtbase-opensource-src-gles (Vulnerable code is specific to Windows platform) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396440 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396689 CVE-2022-25633 RESERVED CVE-2022-25632 RESERVED CVE-2022-25631 (Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may ...) NOT-FOR-US: Symantec CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2022-25628 (An authenticated user can perform XML eXternal Entity injection in Man ...) NOT-FOR-US: Symantec Identity Manager CVE-2022-25627 (An authenticated administrator who has physical access to the environm ...) NOT-FOR-US: Symantec Identity Manager CVE-2022-25626 (An unauthenticated user can access Identity Manager\u2019s management ...) NOT-FOR-US: Symantec Identity Manager CVE-2022-25625 (A malicious unauthorized PAM user can access the administration config ...) NOT-FOR-US: Symantec CVE-2022-25624 RESERVED CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...) NOT-FOR-US: Symantec CVE-2022-25325 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...) NOT-FOR-US: CX-Programmer CVE-2022-25234 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...) NOT-FOR-US: CX-Programmer CVE-2022-25230 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...) NOT-FOR-US: CX-Programmer CVE-2022-21219 (Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier ...) NOT-FOR-US: CX-Programmer CVE-2022-21124 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...) NOT-FOR-US: CX-Programmer CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9 NOTE: https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76 CVE-2022-0716 RESERVED CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that could cau ...) NOT-FOR-US: Schneider Electric CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3 NOTE: https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa (v8.2.4436) NOTE: Crash in CLI tool, no security impact CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c NOTE: https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1 CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...) {DSA-5095-1} - linux 5.16.11-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2 NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31- ...) NOT-FOR-US: Siemens CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...) NOT-FOR-US: UUNIVERGE CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: Profelis IT Consultancy SambaBox CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Profelis IT Consultancy SambaBox CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets pl ...) NOT-FOR-US: WordPress plugin CVE-2022-25616 RESERVED CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom \u2013 Zoom ...) NOT-FOR-US: WordPress plugin CVE-2022-25614 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom \u2013 Zoom ...) NOT-FOR-US: WordPress plugin CVE-2022-25613 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in F ...) NOT-FOR-US: WordPress plugin CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...) NOT-FOR-US: Simple Event Planner plugin CVE-2022-25610 (Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat ...) NOT-FOR-US: Simple Ajax Chat CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider \u2013 Image Slider & ...) NOT-FOR-US: WordPress plugin CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider \u2013 Image Slider & ...) NOT-FOR-US: WordPress plugin CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...) NOT-FOR-US: WordPress plugin CVE-2022-25606 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...) NOT-FOR-US: WordPress plugin CVE-2022-25603 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-25602 (Nonce token leak vulnerability leading to arbitrary file upload, theme ...) NOT-FOR-US: WordPress plugin CVE-2022-25601 (Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter ...) NOT-FOR-US: WordPress plugin CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marke ...) NOT-FOR-US: WordPress plugin CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...) NOT-FOR-US: WordPress plugin CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to Regular exp ...) NOT-FOR-US: Apache DolphinScheduler CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...) {DSA-5102-1} - haproxy 2.4.13-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053666 NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 (v2.6-dev2) NOTE: https://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=86032c309b1f42177826deaa39f7c26903a074ca (v2.4.13) NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=eb1bdcb7cf6e7bd1690f7dcc6d97de3d79b54cdc (v2.2.21) CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-0709 (The Booking Package WordPress plugin before 1.5.29 requires a token fo ...) NOT-FOR-US: WordPress plugin CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...) - mattermost-server (bug #823556) NOTE: MMSA-2022-0082 NOTE: https://mattermost.com/security-updates/ CVE-2022-0707 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-0706 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0703 (The GD Mylist WordPress plugin through 1.1.1 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0702 (The Petfinder Listings WordPress plugin through 1.0.18 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Re ...) NOT-FOR-US: WordPress plugin CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...) - shapelib 1.5.0-3 (bug #1022557) [bullseye] - shapelib (Minor issue) [buster] - shapelib (Minor issue) NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f NOTE: https://github.com/OSGeo/shapelib/issues/39 CVE-2022-25597 (ASUS RT-AC86U\u2019s LPD service has insufficient filtering for specia ...) NOT-FOR-US: ASUS CVE-2022-25596 (ASUS RT-AC56U\u2019s configuration function has a heap-based buffer ov ...) NOT-FOR-US: ASUS CVE-2022-25595 (ASUS RT-AC86U has improper user request handling, which allows an unau ...) NOT-FOR-US: ASUS CVE-2022-25594 (Microprogram\u2019s parking lot management system is vulnerable to sen ...) NOT-FOR-US: Microprogram parking lot management system CVE-2022-25593 RESERVED CVE-2022-25592 RESERVED CVE-2022-25591 (BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file de ...) NOT-FOR-US: BlogEngine.NET CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session cookies afte ...) NOT-FOR-US: SurveyKing CVE-2022-25589 RESERVED CVE-2022-25588 RESERVED CVE-2022-25587 RESERVED CVE-2022-25586 RESERVED CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Unioncms CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...) NOT-FOR-US: FlexWATCH FW3170-PS-E CVE-2022-25583 RESERVED CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...) NOT-FOR-US: ClassCMS CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...) NOT-FOR-US: Classcms CVE-2022-25580 RESERVED CVE-2022-25579 RESERVED CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...) NOT-FOR-US: taocms CVE-2022-25577 (ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password ...) NOT-FOR-US: ALF-BanCO CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Anchor CMS CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...) NOT-FOR-US: Parking Management System CVE-2022-25574 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...) NOT-FOR-US: douphp CVE-2022-25573 RESERVED CVE-2022-25572 RESERVED CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet Access Dete ...) NOT-FOR-US: Bluedon CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...) NOT-FOR-US: Passwordstate CVE-2022-25569 (Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static S ...) NOT-FOR-US: Bettini SGSetup CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...) NOT-FOR-US: MotionEye CVE-2022-25567 RESERVED CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25565 RESERVED CVE-2022-25564 RESERVED CVE-2022-25563 RESERVED CVE-2022-25562 RESERVED CVE-2022-25561 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) NOT-FOR-US: Tenda CVE-2022-25560 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) NOT-FOR-US: Tenda CVE-2022-25559 RESERVED CVE-2022-25558 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25557 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the ...) NOT-FOR-US: Tenda CVE-2022-25556 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) NOT-FOR-US: Tenda CVE-2022-25555 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25554 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25553 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25552 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25551 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25550 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25549 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25548 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25547 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25546 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) NOT-FOR-US: Tenda CVE-2022-25545 RESERVED CVE-2022-25544 RESERVED CVE-2022-25543 RESERVED CVE-2022-25542 RESERVED CVE-2022-25541 RESERVED CVE-2022-25540 RESERVED CVE-2022-25539 RESERVED CVE-2022-25538 RESERVED CVE-2022-25537 RESERVED CVE-2022-25536 RESERVED CVE-2022-25535 RESERVED CVE-2022-25534 RESERVED CVE-2022-25533 RESERVED CVE-2022-25532 RESERVED CVE-2022-25531 RESERVED CVE-2022-25530 RESERVED CVE-2022-25529 RESERVED CVE-2022-25528 RESERVED CVE-2022-25527 RESERVED CVE-2022-25526 RESERVED CVE-2022-25525 RESERVED CVE-2022-25524 RESERVED CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: TypesetterCMS CVE-2022-25522 RESERVED CVE-2022-25521 (NUUO v03.11.00 was discovered to contain access control issue.) NOT-FOR-US: UNNO CVE-2022-25520 RESERVED CVE-2022-25519 RESERVED CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a ...) NOT-FOR-US: CMDBuild CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...) NOT-FOR-US: MyBatis plus CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1287 CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1288 CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. NOTE: https://github.com/nothings/stb/issues/1286 CVE-2022-25513 RESERVED CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...) NOT-FOR-US: FreeTAKServer CVE-2022-25511 (An issue in the ?filename= argument of the route /DataPackageTable in ...) NOT-FOR-US: FreeTAKServer CVE-2022-25510 (FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows ...) NOT-FOR-US: FreeTAKServer CVE-2022-25509 RESERVED CVE-2022-25508 (An access control issue in the component /ManageRoute/postRoute of Fre ...) NOT-FOR-US: FreeTAKServer CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site ...) NOT-FOR-US: FreeTAKServer CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vuln ...) NOT-FOR-US: FreeTAKServer CVE-2022-25505 (Taocms v3.0.2 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Taocms CVE-2022-25504 RESERVED CVE-2022-25503 RESERVED CVE-2022-25502 RESERVED CVE-2022-25501 RESERVED CVE-2022-25500 RESERVED CVE-2022-25499 RESERVED CVE-2022-25498 (CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: CuppaCMS CVE-2022-25497 (CuppaCMS v1.0 was discovered to contain an arbitrary file read via the ...) NOT-FOR-US: CuppaCMS CVE-2022-25496 RESERVED CVE-2022-25495 (The component /jquery_file_upload/server/php/index.php of CuppaCMS v1. ...) NOT-FOR-US: CuppaCMS CVE-2022-25494 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-25493 (HMS v1.0 was discovered to contain a reflected cross-site scripting (X ...) NOT-FOR-US: HMS CVE-2022-25492 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) NOT-FOR-US: HMS CVE-2022-25491 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) NOT-FOR-US: HMS CVE-2022-25490 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) NOT-FOR-US: HMS CVE-2022-25489 (Atom CMS v2.0 was discovered to contain a reflected cross-site scripti ...) NOT-FOR-US: Atom CMS CVE-2022-25488 (Atom CMS v2.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Atom CMS CVE-2022-25487 (Atom CMS v2.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: Atom CMS CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...) NOT-FOR-US: CuppaCMS CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...) NOT-FOR-US: CuppaCMS CVE-2022-25484 (tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet ...) - tcpreplay 4.4.2-1 (unimportant; bug #1018057) NOTE: https://github.com/appneta/tcpreplay/issues/715 NOTE: Crash in CLI tool, no security impact CVE-2022-25483 RESERVED CVE-2022-25482 RESERVED CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...) NOT-FOR-US: ThinkPHP Framework CVE-2022-25480 RESERVED CVE-2022-25479 RESERVED CVE-2022-25478 RESERVED CVE-2022-25477 RESERVED CVE-2022-25476 RESERVED CVE-2022-25475 RESERVED CVE-2022-25474 RESERVED CVE-2022-25473 RESERVED CVE-2022-25472 RESERVED CVE-2022-25471 (An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6. ...) NOT-FOR-US: OpenEMR CVE-2022-25470 RESERVED CVE-2022-25469 RESERVED CVE-2022-25468 RESERVED CVE-2022-25467 RESERVED CVE-2022-25466 RESERVED CVE-2022-25465 (Espruino 2v11 release was discovered to contain a stack buffer overflo ...) NOT-FOR-US: Espruino CVE-2022-25464 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...) NOT-FOR-US: DoraCMS CVE-2022-25463 RESERVED CVE-2022-25462 (Yafu v2.0 contains a segmentation fault via the component /factor/avx- ...) NOT-FOR-US: Yafu CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25459 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25458 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25457 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25456 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25455 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25454 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25453 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25452 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25451 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25450 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25449 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25448 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25447 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25446 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25445 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25444 RESERVED CVE-2022-25443 RESERVED CVE-2022-25442 RESERVED CVE-2022-25441 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) NOT-FOR-US: Tenda CVE-2022-25440 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25439 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25438 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) NOT-FOR-US: Tenda CVE-2022-25437 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25436 RESERVED CVE-2022-25435 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25434 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25433 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25432 RESERVED CVE-2022-25431 (Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflo ...) NOT-FOR-US: Tenda CVE-2022-25430 RESERVED CVE-2022-25429 (Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via ...) NOT-FOR-US: Tenda CVE-2022-25428 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25427 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) NOT-FOR-US: Tenda CVE-2022-25426 RESERVED CVE-2022-25425 RESERVED CVE-2022-25424 RESERVED CVE-2022-25423 RESERVED CVE-2022-25422 RESERVED CVE-2022-25421 RESERVED CVE-2022-25420 (NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerab ...) NOT-FOR-US: NTT Resonant Incorporated goo blog App Web Application CVE-2022-25419 RESERVED CVE-2022-25418 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-25417 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-25416 RESERVED CVE-2022-25415 RESERVED CVE-2022-25414 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) NOT-FOR-US: Tenda CVE-2022-25413 (Maxsite CMS v108 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Maxsite CMS CVE-2022-25412 (Maxsite CMS v180 was discovered to contain multiple arbitrary file del ...) NOT-FOR-US: Maxsite CMS CVE-2022-25411 (A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsi ...) NOT-FOR-US: Maxsite CMS CVE-2022-25410 (Maxsite CMS v180 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Maxsite CMS CVE-2022-25409 (Hospital Management System v1.0 was discovered to contain a stored cro ...) NOT-FOR-US: Hospital Management System CVE-2022-25408 (Hospital Management System v1.0 was discovered to contain a stored cro ...) NOT-FOR-US: Hospital Management System CVE-2022-25407 (Hospital Management System v1.0 was discovered to contain a stored cro ...) NOT-FOR-US: Hospital Management System CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-25404 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-25403 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) NOT-FOR-US: HMS CVE-2022-25402 (An incorrect access control issue in HMS v1.0 allows unauthenticated a ...) NOT-FOR-US: HMS CVE-2022-25401 (The copy function of the file manager in Cuppa CMS v1.0 allows any fil ...) NOT-FOR-US: Cuppa CMS CVE-2022-25400 RESERVED CVE-2022-25399 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Real Estate Portal System CVE-2022-25398 (Auto Spare Parts Management v1.0 was discovered to contain a SQL injec ...) NOT-FOR-US: Auto Spare Parts Management CVE-2022-25397 RESERVED CVE-2022-25396 (Cosmetics and Beauty Product Online Store v1.0 was discovered to conta ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2022-25395 (Cosmetics and Beauty Product Online Store v1.0 was discovered to conta ...) NOT-FOR-US: Cosmetics and Beauty Product Online Store CVE-2022-25394 (Medical Store Management System v1.0 was discovered to contain a SQL i ...) NOT-FOR-US: Medical Store Management System CVE-2022-25393 (Simple Bakery Shop Management v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Simple Bakery Shop Management CVE-2022-25392 RESERVED CVE-2022-25391 RESERVED CVE-2022-25390 (DCN Firewall DCME-520 was discovered to contain a remote command execu ...) NOT-FOR-US: DCN Firewall CVE-2022-25389 (DCN Firewall DCME-520 was discovered to contain an arbitrary file down ...) NOT-FOR-US: DCN Firewall CVE-2022-25388 RESERVED CVE-2022-25387 RESERVED CVE-2022-25386 RESERVED CVE-2022-25385 RESERVED CVE-2022-25384 RESERVED CVE-2022-25383 RESERVED CVE-2022-25382 RESERVED CVE-2022-25381 RESERVED CVE-2022-25380 RESERVED CVE-2022-25379 RESERVED CVE-2022-25378 RESERVED CVE-2022-25377 (The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0. ...) NOT-FOR-US: appwrite CVE-2022-25376 RESERVED CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.16.10-1 NOTE: https://github.com/szymonh/rndis-co NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1 NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4) CVE-2022-25374 (HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v2 ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...) NOT-FOR-US: Pritunl Client CVE-2022-0698 (Microweber version 1.3.1 allows an unauthenticated user to perform an ...) NOT-FOR-US: microweber CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.) NOT-FOR-US: Archivy CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...) {DLA-3204-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/ NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428) NOTE: Crash in CLI tool, no security impact CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea NOTE: https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...) NOT-FOR-US: PreMiD CVE-2022-25371 (Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/b ...) NOT-FOR-US: Apache OFBiz CVE-2022-25370 (Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-webs ...) NOT-FOR-US: Apache OFBiz CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...) NOT-FOR-US: EC-CUBE CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0 does not v ...) NOT-FOR-US: WordPress plugin CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...) NOT-FOR-US: alltube CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) {DLA-3336-1} - node-url-parse 1.5.9+~1.4.8-1 [bullseye] - node-url-parse 1.5.3-1+deb11u1 [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4 NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9) CVE-2022-25369 RESERVED CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code uses th ...) NOTE: https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html NOTE: This is a CVE specific for the impact of Spectre-BHB on Ampere CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...) NOT-FOR-US: microweber CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs into actu ...) NOT-FOR-US: WordPress plugin CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) {DLA-3336-1} - node-url-parse 1.5.9+~1.4.8-1 [bullseye] - node-url-parse 1.5.3-1+deb11u1 [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8) CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782 NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418) NOTE: Crash in CLI tool, no security impact CVE-2022-0684 (The WP Home Page Menu WordPress plugin before 3.1 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...) - libsixel (bug #1014469) [bookworm] - libsixel (Minor issue) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/158 CVE-2021-4222 (The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-25367 RESERVED CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) NOT-FOR-US: Cryptomator CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in build cache ...) NOT-FOR-US: Gradle Enterprise CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard CVE-2022-25362 RESERVED CVE-2022-25361 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...) NOT-FOR-US: WatchGuard CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...) NOT-FOR-US: ICL ScadaFlex II SCADA Controller CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) NOT-FOR-US: awful-salmonella-tar CVE-2022-25357 (Pexip Infinity 27.x before 27.2 has Improper Access Control. An attack ...) NOT-FOR-US: Pexip Infinity CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dl ...) NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2022-25344 (An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.27 ...) NOT-FOR-US: Kyocera CVE-2022-25343 (An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 de ...) NOT-FOR-US: Kyocera CVE-2022-25342 (An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 de ...) NOT-FOR-US: Kyocera CVE-2022-25341 RESERVED CVE-2022-25340 RESERVED CVE-2022-25339 (ownCloud owncloud/android 2.20 has Incorrect Access Control for local ...) NOT-FOR-US: Owncloud client for Android CVE-2022-25338 (ownCloud owncloud/android before 2.20 has Incorrect Access Control for ...) NOT-FOR-US: Owncloud client for Android CVE-2022-24914 RESERVED CVE-2022-24436 (Observable behavioral in power management throttling for some Intel(R) ...) NOT-FOR-US: hardware vulnerability in Intel CPUs NOTE: https://www.hertzbleed.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager software b ...) NOT-FOR-US: Intel CVE-2022-24067 RESERVED CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager software ...) NOT-FOR-US: Intel CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager software b ...) NOT-FOR-US: Intel CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...) NOT-FOR-US: Intel CVE-2022-21225 (Improper neutralization in the Intel(R) Data Center Manager software b ...) NOT-FOR-US: Intel CVE-2022-21198 (Time-of-check time-of-use race condition in the BIOS firmware for some ...) NOT-FOR-US: Intel CVE-2022-21183 RESERVED CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does no ...) - libpam-tacplus (bug #1009966) [buster] - libpam-tacplus (Minor issue) [stretch] - libpam-tacplus (Minor issue) NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab (v1.4.1) CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) NOTE: https://akkadia.org/drepper/SHA-crypt.txt NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ NOTE: https://twitter.com/solardiz/status/795601240151457793 NOTE: Inherent algorithmic flaw, applications can set password limits or instead use a NOTE: different hashing algorithm CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) NOT-FOR-US: Ibexa CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) NOT-FOR-US: Ibexa CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...) NOT-FOR-US: RigoBlock Dragos CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...) NOT-FOR-US: Texas Instruments CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...) NOT-FOR-US: Texas Instruments CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138 (secure vari ...) NOT-FOR-US: Texas Instruments CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro ServerProtect ...) NOT-FOR-US: Trend Micro CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProtect 6. ...) NOT-FOR-US: Trend Micro CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a static cre ...) NOT-FOR-US: Trend Micro CVE-2022-25328 (The bash_completion script for fscrypt allows injection of commands vi ...) - fscrypt 0.3.3-1 (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 NOTE: https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02 CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt metadat ...) - fscrypt 0.3.3-1 (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 NOTE: https://github.com/google/fscrypt/commit/1a47718420317f893831b0223153d56005d5b02b NOTE: https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576 NOTE: https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0 CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by default w ...) - fscrypt 0.3.3-1 (bug #1006485) [bullseye] - fscrypt (Minor issue) [buster] - fscrypt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 NOTE: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41 CVE-2022-23183 (Missing authorization vulnerability in Advanced Custom Fields versions ...) NOT-FOR-US: WordPress plugin CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...) NOT-FOR-US: EC-CUBE CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2022-0682 RESERVED CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-0680 (The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing u ...) NOT-FOR-US: WordPress plugin CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to validat ...) NOT-FOR-US: WordPress plugin CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0677 (Improper Handling of Length Parameter Inconsistency vulnerability in t ...) NOT-FOR-US: Bitdefender CVE-2021-4221 (If a domain name contained a RTL character, it would cause the domain ...) - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-4221 CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS.) NOT-FOR-US: ZEROF Web Server CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.) NOT-FOR-US: ZEROF Web Server CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) NOT-FOR-US: Cerebrate CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) NOT-FOR-US: Cerebrate CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...) NOT-FOR-US: Cerebrate CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...) NOT-FOR-US: Cerebrate CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...) NOT-FOR-US: Cerebrate CVE-2022-25316 RESERVED CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was discovered in ...) NOT-FOR-US: Apache Any23 CVE-2022-21132 (Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg ...) NOT-FOR-US: pfSense CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485 NOTE: https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 CVE-2022-0675 (In certain situations it is possible for an unmanaged rule to exist on ...) - puppet-module-puppetlabs-firewall 3.4.0-1 (bug #1006749) [bullseye] - puppet-module-puppetlabs-firewall (Minor issue) [buster] - puppet-module-puppetlabs-firewall (Minor issue) NOTE: https://github.com/puppetlabs/puppetlabs-firewall/pull/1030/commits/2c0047e09be82dd9e1aa4d93c0cb103f83d2a01e (3.4.0) NOTE: https://puppet.com/security/cve/CVE-2022-0675 NOTE: https://forge.puppet.com/modules/puppetlabs/firewall/3.4.0 CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...) {DSA-5085-1 DLA-2935-1} - expat 2.4.5-1 NOTE: https://github.com/libexpat/libexpat/pull/559 NOTE: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9 CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...) {DSA-5085-1} - expat 2.4.5-1 [stretch] - expat (Vulnerable code introduced later) NOTE: https://github.com/libexpat/libexpat/pull/560 NOTE: https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...) {DSA-5085-1 DLA-2935-1} - expat 2.4.5-1 NOTE: https://github.com/libexpat/libexpat/pull/558 NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...) NOT-FOR-US: Siemens CVE-2022-25310 (A segmentation fault (SEGV) flaw was found in the Fribidi package and ...) {DLA-2974-1} - fribidi 1.0.8-2.1 (bug #1008793) [bullseye] - fribidi 1.0.8-2+deb11u1 [buster] - fribidi 1.0.5-3.1+deb10u2 NOTE: https://github.com/fribidi/fribidi/issues/183 NOTE: https://github.com/fribidi/fribidi/pull/186 NOTE: https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f CVE-2022-25309 (A heap-based buffer overflow flaw was found in the Fribidi package and ...) {DLA-2974-1} - fribidi 1.0.8-2.1 (bug #1008793) [bullseye] - fribidi 1.0.8-2+deb11u1 [buster] - fribidi 1.0.5-3.1+deb10u2 NOTE: https://github.com/fribidi/fribidi/issues/182 NOTE: https://github.com/fribidi/fribidi/pull/185 NOTE: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 CVE-2022-25308 (A stack-based buffer overflow flaw was found in the Fribidi package. T ...) {DLA-2974-1} - fribidi 1.0.8-2.1 (bug #1008793) [bullseye] - fribidi 1.0.8-2+deb11u1 [buster] - fribidi 1.0.5-3.1+deb10u2 NOTE: https://github.com/fribidi/fribidi/issues/181 NOTE: https://github.com/fribidi/fribidi/pull/184 NOTE: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 CVE-2022-25307 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2022-25306 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2022-21158 (A stored cross-site scripting vulnerability in marktext versions prior ...) NOT-FOR-US: marktext CVE-2022-0674 (The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail ...) NOT-FOR-US: WordPress plugin CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...) NOT-FOR-US: LemMinX CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...) NOT-FOR-US: LemMinX CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...) NOT-FOR-US: vscode-xml CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "share ...) - ceph 16.2.10+ds-1 (bug #1016069) [bullseye] - ceph (Minor issue) [buster] - ceph (The volumes manager module was added in Ceph 14) NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/ NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/ NOTE: https://github.com/ceph/ceph/pull/47229 CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...) {DSA-5130-1} - dpdk 20.11.5-1 (bug #1010641) [buster] - dpdk (Vulnerable code introduced later) [stretch] - dpdk (Vulnerable code introduced later) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=922 NOTE: Introduced by: https://github.com/DPDK/dpdk/commit/d87f1a1cb7b666550bb53e39c1d85d9f7b861e6f (v19.11-rc1) NOTE: Fixed by: https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 (v22.03-rc4) CVE-2022-0668 (JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Byp ...) NOT-FOR-US: JFrog Artifactory CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. BIND 9 ...) - bind9 1:9.18.1-1 [bullseye] - bind9 (Vulnerable code introduced later) [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-0667 CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...) NOT-FOR-US: microweber CVE-2022-0665 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.) NOT-FOR-US: pimcore CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...) NOT-FOR-US: Go github.com/gravitl/netmaker CVE-2022-0663 (The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 d ...) NOT-FOR-US: WordPress plugin CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...) NOT-FOR-US: WordPress plugin CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) NOT-FOR-US: microweber CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...) NOT-FOR-US: WordPress plugin CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0657 (The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not v ...) NOT-FOR-US: WordPress plugin CVE-2022-26520 (In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or pro ...) {DSA-5196-1} - libpgjava 42.3.3-1 [stretch] - libpgjava (Requires control over connection properties) NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1) CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...) - phantomjs [buster] - phantomjs (Vulnerable code introduced later) [stretch] - phantomjs (Vulnerable code introduced later) NOTE: https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945 NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180 CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...) NOT-FOR-US: webcc CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...) NOT-FOR-US: drogon CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...) NOT-FOR-US: Node bodymen CVE-2022-25295 (This affects the package github.com/gophish/gophish before 0.12.0. The ...) NOT-FOR-US: gophish CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...) NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox and XTM ap ...) NOT-FOR-US: WatchGuard CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM ap ...) NOT-FOR-US: WatchGuard CVE-2022-25291 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...) NOT-FOR-US: WatchGuard CVE-2022-25290 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) NOT-FOR-US: WatchGuard CVE-2022-25289 RESERVED CVE-2022-25288 RESERVED CVE-2022-25287 RESERVED CVE-2022-25286 RESERVED CVE-2022-25285 RESERVED CVE-2022-25284 RESERVED CVE-2022-25283 RESERVED CVE-2022-25282 RESERVED CVE-2022-25281 RESERVED CVE-2022-25280 RESERVED CVE-2022-25279 RESERVED CVE-2022-25278 (Under certain circumstances, the Drupal core form API evaluates form e ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2022-013 CVE-2022-25277 (Drupal core sanitizes filenames with dangerous extensions upon upload ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2022-014 CVE-2022-25276 (The Media oEmbed iframe route does not properly validate the iframe do ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2022-015 CVE-2022-25275 (In some situations, the Image module does not correctly check access t ...) - drupal7 NOTE: https://www.drupal.org/sa-core-2022-012 CVE-2022-25274 (Drupal 9.3 implemented a generic entity access API for entity revision ...) - drupal7 (Only affects Drupal 9) NOTE: https://www.drupal.org/sa-core-2022-009 CVE-2022-25273 (Drupal core's form API has a vulnerability where certain contributed o ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2022-008 CVE-2022-25272 RESERVED CVE-2022-25270 (The Quick Edit module does not properly check entity access in some ci ...) NOT-FOR-US: Drupal 9.x CVE-2022-25269 (Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.) NOT-FOR-US: Passwork On-Premise CVE-2022-25268 (Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, ...) NOT-FOR-US: Passwork On-Premise CVE-2022-25267 (Passwork On-Premise Edition before 4.6.13 allows migration/uploadExpor ...) NOT-FOR-US: Passwork On-Premise CVE-2022-25266 (Passwork On-Premise Edition before 4.6.13 allows migration/downloadExp ...) NOT-FOR-US: Passwork On-Premise CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may have the ...) - linux (unimportant) NOTE: https://github.com/x0reaxeax/exec-prot-bypass NOTE: Not considered a security flaw. If desired because no need for backward compatibility NOTE: can be mitigated through a LSM. CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...) NOT-FOR-US: JetBrains Hub CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.) NOT-FOR-US: JetBrains TeamCity CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side ...) NOT-FOR-US: JetBrains Hub CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.) NOT-FOR-US: JetBrains Hub CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.16.10-1 NOTE: https://github.com/szymonh/d-os-descriptor NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4) CVE-2022-0655 REJECTED CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: Node request-retry CVE-2022-0653 (The Profile Builder \u2013 User Profile & User Registration Forms Word ...) NOT-FOR-US: WordPress plugin CVE-2022-0652 (Confd log files contain local users', including root\u2019s, SHA512cry ...) NOT-FOR-US: Sophos UTM CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0650 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...) NOT-FOR-US: WordPress plugin CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2022-25257 RESERVED CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...) NOT-FOR-US: SAS Web Report Studio CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) - qt6-base 6.2.4+dfsg-4 - qtbase-opensource-src 5.15.2+dfsg-15 [bullseye] - qtbase-opensource-src (Minor issue) [buster] - qtbase-opensource-src (Breaks existing behaviour and upstream also skipped from 5.12 branch) [stretch] - qtbase-opensource-src (Vulnerable code introduced later) - qtbase-opensource-src-gles 5.15.4+dfsg-2 [bullseye] - qtbase-opensource-src-gles (Minor issue) [buster] - qtbase-opensource-src-gles (Breaks existing behaviour and upstream also skipped from 5.12 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/393113 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/394914 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396020 NOTE: https://github.com/qt/qtbase/commit/ab6915f0efb12cfe48d1f126f4a828212f853ce5 (v6.2.4) NOTE: https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff NOTE: https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff NOTE: https://www.qt.io/blog/security-advisory-qprocess CVE-2022-25254 RESERVED CVE-2022-25253 RESERVED CVE-2022-25252 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) NOT-FOR-US: PTC CVE-2022-25251 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) NOT-FOR-US: PTC CVE-2022-25250 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) NOT-FOR-US: PTC CVE-2022-25249 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) NOT-FOR-US: PTC CVE-2022-25248 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) NOT-FOR-US: PTC CVE-2022-25247 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...) NOT-FOR-US: PTC CVE-2022-25246 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...) NOT-FOR-US: PTC CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) NOT-FOR-US: a-blog cms CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) NOT-FOR-US: a-blog cms CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements Used i ...) NOT-FOR-US: a-blog cms CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...) NOT-FOR-US: a-blog cms CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin before 1.0 ...) NOT-FOR-US: WordPress plugin CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...) - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...) NOT-FOR-US: posthog CVE-2022-0644 REJECTED CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2022-0642 (The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitize and ...) NOT-FOR-US: WordPress plugin CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) {DLA-3336-1} - node-url-parse 1.5.7-1 [bullseye] - node-url-parse (Minor issue) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155 NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7) CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) NOT-FOR-US: microweber CVE-2022-0637 (open redirect in pollbot (pollbot.services.mozilla.com) in versions be ...) NOT-FOR-US: pollbot CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...) NOT-FOR-US: Lenovo CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...) - bind9 1:9.18.1-1 [bullseye] - bind9 (Vulnerable code introduced later) [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-0635 CVE-2022-0634 (The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorizati ...) NOT-FOR-US: WordPress plugin CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...) NOT-FOR-US: WordPress plugin CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b NOTE: https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40 NOTE: https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299 CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32 NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/ NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397) NOTE: Crash in CLI tool, no security impact CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-0626 (The Advanced Admin Search WordPress plugin before 1.1.6 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...) NOT-FOR-US: WordPress plugin CVE-2022-0624 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Node parse-path CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...) {DLA-2925-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2022-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712 CVE-2022-25245 (Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know ...) NOT-FOR-US: Zoho CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform feature can ...) NOT-FOR-US: HashiCorp Vault CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the ...) NOT-FOR-US: HashiCorp Vault CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...) NOT-FOR-US: FileCloud CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...) NOT-FOR-US: FileCloud CVE-2022-25240 RESERVED CVE-2022-25239 RESERVED CVE-2022-25238 (Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside ...) NOT-FOR-US: Silverstripe CMS CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...) NOT-FOR-US: Bonita Web CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...) {DSA-5085-1 DLA-2935-1} - expat 2.4.5-1 (bug #1005895) NOTE: https://github.com/libexpat/libexpat/pull/561 NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71 NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d NOTE: Relaxed fix: https://github.com/libexpat/libexpat/pull/577 NOTE: https://github.com/libexpat/libexpat/commit/2ba6c76fca21397959145e18c5ef376201209020 NOTE: https://github.com/libexpat/libexpat/commit/e0f852db1e3b1e6d34922c68a653c3cc4b85361c NOTE: https://github.com/libexpat/libexpat/commit/5dd52182972a35f2251a07784eda35d3d52d3e07 NOTE: https://github.com/libexpat/libexpat/commit/c57bea96b73eee1c6d5e288f0f57efbf5238e49a CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...) {DSA-5085-1 DLA-2935-1} - expat 2.4.5-1 (bug #1005894) NOTE: https://github.com/libexpat/libexpat/pull/562 NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6 NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379 CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' fiel ...) NOT-FOR-US: Popcorn Time CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQ ...) NOT-FOR-US: CandidATS CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS ...) NOT-FOR-US: Thinfinity VNC CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...) NOT-FOR-US: ThinVNC CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...) NOT-FOR-US: Network Olympus CVE-2022-25224 (Proton v0.2.0 allows an attacker to create a malicious link inside a m ...) NOT-FOR-US: steventhanna/proton CVE-2022-25223 (Money Transfer Management System Version 1.0 allows an authenticated u ...) NOT-FOR-US: Money Transfer Management System CVE-2022-25222 (Money Transfer Management System Version 1.0 allows an unauthenticated ...) NOT-FOR-US: Money Transfer Management System CVE-2022-25221 (Money Transfer Management System Version 1.0 allows an attacker to inj ...) NOT-FOR-US: Money Transfer Management System CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...) NOT-FOR-US: PeteReport CVE-2022-25219 (A null byte interaction error has been discovered in the code that the ...) NOT-FOR-US: Phicomm CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other padding scheme ...) NOT-FOR-US: Phicomm CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the telnetd_startup serv ...) NOT-FOR-US: Phicomm CVE-2022-25216 (An absolute path traversal vulnerability allows a remote attacker to d ...) NOT-FOR-US: DVDFab Player CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface allows an ...) NOT-FOR-US: Phicomm CVE-2022-25214 (Improper access control on the LocalClientList.asp interface allows an ...) NOT-FOR-US: Phicomm CVE-2022-25213 (Improper physical access control and use of hard-coded credentials in ...) NOT-FOR-US: Phicomm CVE-2022-24915 (The absence of filters when loading some sections in the web applicati ...) NOT-FOR-US: IPCOMM CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of ipDIO al ...) NOT-FOR-US: IPCOMM CVE-2022-22985 (The absence of filters when loading some sections in the web applicati ...) NOT-FOR-US: IPCOMM CVE-2022-21146 (Persistent cross-site scripting in the web interface of ipDIO allows a ...) NOT-FOR-US: IPCOMM CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580 CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...) - snipe-it (bug #1005172) CVE-2022-0621 (The dTabs WordPress plugin through 1.4 does not sanitize and escape th ...) NOT-FOR-US: WordPress plugin CVE-2022-0620 (The Delete Old Orders WordPress plugin through 0.2 does not sanitize a ...) NOT-FOR-US: WordPress plugin CVE-2022-0619 (The Database Peek WordPress plugin through 1.2 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins Chef Sinatra Plugin CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...) NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may ...) - tika (bug #1015002) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4 CVE-2022-25168 (Apache Hadoop's FileUtil.unTar(File, File) API does not escape the inp ...) - hadoop (bug #793644) CVE-2022-25167 (Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote c ...) NOT-FOR-US: Apache Flume CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...) NOT-FOR-US: phpUploader CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...) NOT-FOR-US: phpUploader CVE-2022-21159 (A denial of service vulnerability exists in the parseNormalModeParamet ...) NOT-FOR-US: MZ Automation CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...) {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f CVE-2022-0616 (The Amelia WordPress plugin before 1.0.47 does not have CSRF check in ...) NOT-FOR-US: WordPress plugin CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...) NOT-FOR-US: ESET CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879 NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...) - node-urijs (bug #902083) NOTE: https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f (v1.19.8) CVE-2021-4220 REJECTED CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to impro ...) - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [buster] - imagemagick (Vulnerable code introduced later) [stretch] - imagemagick (Vulnerable code introduced later) NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/b51ead044753d771646fe1dfd6fb1db0b562a5f0 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7f1b2b9b816baaa956381ff80c3b120e83faa95 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...) NOT-FOR-US: Jenkins plugin CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...) NOT-FOR-US: Jenkins plugin CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...) NOT-FOR-US: Jenkins plugin CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...) NOT-FOR-US: Jenkins plugin CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...) NOT-FOR-US: Jenkins plugin CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...) NOT-FOR-US: Jenkins plugin CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...) NOT-FOR-US: Jenkins plugin CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...) NOT-FOR-US: Jenkins plugin CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...) NOT-FOR-US: Jenkins plugin CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...) NOT-FOR-US: Jenkins plugin CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...) NOT-FOR-US: Jenkins plugin CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 1.10 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...) NOT-FOR-US: Jenkins plugin CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...) NOT-FOR-US: Jenkins plugin CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...) NOT-FOR-US: Jenkins plugin CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...) NOT-FOR-US: Jenkins plugin CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...) NOT-FOR-US: Jenkins plugin CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) NOT-FOR-US: Jenkins plugin CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...) NOT-FOR-US: Jenkins plugin CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...) NOT-FOR-US: Jenkins plugin CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...) NOT-FOR-US: Jenkins plugin CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...) NOT-FOR-US: Jenkins plugin CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible ...) NOT-FOR-US: Amazon AWS VPN Client CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race ...) NOT-FOR-US: Amazon AWS VPN Client CVE-2022-25164 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC- ...) NOT-FOR-US: Mitsubishi CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) NOT-FOR-US: Mitsubishi CVE-2022-25158 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) NOT-FOR-US: Mitsubishi CVE-2022-25157 (Use of Password Hash Instead of Password for Authentication vulnerabil ...) NOT-FOR-US: Mitsubishi CVE-2022-25156 (Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F seri ...) NOT-FOR-US: Mitsubishi CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vulnerabil ...) NOT-FOR-US: Mitsubishi CVE-2022-25154 (A DLL hijacking vulnerability in Samsung portable SSD T5 PC software b ...) NOT-FOR-US: Samsung portable SSD T5 CVE-2022-25153 (The ITarian Endpoint Manage Communication Client, prior to version 6.4 ...) NOT-FOR-US: ITarian Endpoint Manage Communication Client CVE-2022-25152 (The ITarian platform (SAAS / on-premise) offers the possibility to run ...) NOT-FOR-US: ITarian platform CVE-2022-25151 (Within the Service Desk module of the ITarian platform (SAAS and on-pr ...) NOT-FOR-US: ITarian platform CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-25148 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0611 (Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.) - snipe-it (bug #1005172) CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...) NOT-FOR-US: Corda CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64 functions o ...) {DSA-5364-1 DLA-3332-1} - apr-util 1.6.3-1 NOTE: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 NOTE: http://svn.apache.org/r1904728 CVE-2022-0610 (Inappropriate implementation in Gamepad API in Google Chrome prior to ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0609 (Use after free in Animation in Google Chrome prior to 98.0.4758.102 al ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0608 (Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allow ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0607 (Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0606 (Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowe ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0605 (Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0604 (Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758 ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0603 (Use after free in File Manager in Google Chrome on Chrome OS prior to ...) {DSA-5079-1} - chromium 98.0.4758.102-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tas ...) NOT-FOR-US: TastyIgniter CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...) NOT-FOR-US: WordPress plugin CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin through ...) NOT-FOR-US: WordPress plugin CVE-2022-0598 (The Login with phone number WordPress plugin before 1.3.8 does not san ...) NOT-FOR-US: WordPress plugin CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11.) NOT-FOR-US: microweber CVE-2022-0596 (Improper Validation of Specified Quantity in Input in Packagist microw ...) NOT-FOR-US: microweber CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-0594 (The Professional Social Sharing Buttons, Icons & Related Posts WordPre ...) NOT-FOR-US: WordPress plugin CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...) NOT-FOR-US: WordPress plugin CVE-2022-0592 (The MapSVG WordPress plugin before 6.2.20 does not validate and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate the URL ...) NOT-FOR-US: WordPress plugin CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0588 (Missing Authorization in Packagist librenms/librenms prior to 22.2.0.) NOT-FOR-US: LibreNMS CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0.) NOT-FOR-US: LibreNMS CVE-2021-46687 (JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable t ...) NOT-FOR-US: JFrog Artifactory CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...) NOT-FOR-US: JFrog Artifactory CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...) NOT-FOR-US: JFrog Artifactory CVE-2021-45721 (JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to ...) NOT-FOR-US: JFrog Artifactory CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...) NOT-FOR-US: JFrog Artifactory CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable t ...) NOT-FOR-US: JFrog Artifactory CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable t ...) NOT-FOR-US: JFrog Artifactory CVE-2022-25146 (The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 throug ...) NOT-FOR-US: Liferay CVE-2022-25145 RESERVED CVE-2022-25144 RESERVED CVE-2022-25143 RESERVED CVE-2022-25142 RESERVED CVE-2022-25141 RESERVED CVE-2022-25140 RESERVED CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...) NOT-FOR-US: njs CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored cross-site s ...) NOT-FOR-US: Axelor Open Suite CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...) NOT-FOR-US: TOTOLINK CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...) NOT-FOR-US: TOTOLINK CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...) NOT-FOR-US: TOTOLINK CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...) NOT-FOR-US: TOTOLINK CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...) NOT-FOR-US: TOTOLINK CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...) NOT-FOR-US: TOTOLINK CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...) NOT-FOR-US: TOTOLINK CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...) NOT-FOR-US: TOTOLINK CVE-2022-25129 RESERVED CVE-2022-25128 RESERVED CVE-2022-25127 RESERVED CVE-2022-25126 RESERVED CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-25124 RESERVED CVE-2022-25123 RESERVED CVE-2022-25122 RESERVED CVE-2022-25121 RESERVED CVE-2022-25120 RESERVED CVE-2022-25119 RESERVED CVE-2022-25118 RESERVED CVE-2022-25117 RESERVED CVE-2022-25116 RESERVED CVE-2022-25115 (A remote code execution (RCE) vulnerability in the Avatar parameter un ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25114 (Event Management v1.0 was discovered to contain a reflected cross-site ...) NOT-FOR-US: Event Management CVE-2022-25113 RESERVED CVE-2022-25112 RESERVED CVE-2022-25111 RESERVED CVE-2022-25110 RESERVED CVE-2022-25109 RESERVED CVE-2022-25108 (Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 ...) NOT-FOR-US: Foxit CVE-2022-25107 RESERVED CVE-2022-25106 (D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer ov ...) NOT-FOR-US: D-Link CVE-2022-25105 RESERVED CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file ...) NOT-FOR-US: HorizontCMS CVE-2022-25103 RESERVED CVE-2022-25102 RESERVED CVE-2022-25101 (A vulnerability in the component /templates/install.php of WBCE CMS v1 ...) NOT-FOR-US: WBCE CMS CVE-2022-25100 RESERVED CVE-2022-25099 (A vulnerability in the component /languages/index.php of WBCE CMS v1.5 ...) NOT-FOR-US: WBCE CMS CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insufficient fi ...) NOT-FOR-US: ECTouch CVE-2022-25097 RESERVED CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25093 RESERVED CVE-2022-25092 RESERVED CVE-2022-25091 (Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow a ...) NOT-FOR-US: Infopop Ultimate Bulletin Board CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 creates a tem ...) NOT-FOR-US: Printix Secure Cloud Print Management CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...) NOT-FOR-US: Printix Secure Cloud Print Management CVE-2022-25088 RESERVED CVE-2022-25087 RESERVED CVE-2022-25086 RESERVED CVE-2022-25085 RESERVED CVE-2022-25084 (TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command i ...) NOT-FOR-US: TOTOLink CVE-2022-25083 (TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...) NOT-FOR-US: TOTOLink CVE-2022-25082 (TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were ...) NOT-FOR-US: TOTOLink CVE-2022-25081 (TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command ...) NOT-FOR-US: TOTOLink CVE-2022-25080 (TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a comman ...) NOT-FOR-US: TOTOLink CVE-2022-25079 (TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a com ...) NOT-FOR-US: TOTOLink CVE-2022-25078 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...) NOT-FOR-US: TOTOLink CVE-2022-25077 (TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a co ...) NOT-FOR-US: TOTOLink CVE-2022-25076 (TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a com ...) NOT-FOR-US: TOTOLink CVE-2022-25075 (TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a comm ...) NOT-FOR-US: TOTOLink CVE-2022-25074 (TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a ...) NOT-FOR-US: TP-Link CVE-2022-25073 (TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack ...) NOT-FOR-US: TP-Link CVE-2022-25072 (TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to ...) NOT-FOR-US: TP-Link CVE-2022-25071 RESERVED CVE-2022-25070 RESERVED CVE-2022-25069 (Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scr ...) NOT-FOR-US: MarkText CVE-2022-25068 RESERVED CVE-2022-25067 RESERVED CVE-2022-25066 RESERVED CVE-2022-25065 RESERVED CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote ...) NOT-FOR-US: TP-Link CVE-2022-25063 RESERVED CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...) NOT-FOR-US: TP-Link CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) NOT-FOR-US: TP-Link CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) NOT-FOR-US: TP-Link CVE-2022-25059 RESERVED CVE-2022-25058 RESERVED CVE-2022-25057 RESERVED CVE-2022-25056 RESERVED CVE-2022-25055 RESERVED CVE-2022-25054 RESERVED CVE-2022-25053 RESERVED CVE-2022-25052 RESERVED CVE-2022-25051 (An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when deco ...) [experimental] - rtl-433 21.12+git20220718+ds-1 - rtl-433 21.12+git20220718+ds-2 (bug #1008000) [bullseye] - rtl-433 (Minor issue) NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 NOTE: https://github.com/merbanan/rtl_433/issues/1960 NOTE: https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7/ CVE-2022-25050 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...) [experimental] - rtl-433 21.12+git20220718+ds-1 - rtl-433 21.12+git20220718+ds-2 (bug #1008000) [bullseye] - rtl-433 (Minor issue) NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 NOTE: https://github.com/merbanan/rtl_433/issues/1960 NOTE: https://huntr.dev/bounties/6c9cd35f-a206-4fdf-b6d1-fcd50926c2d9/ CVE-2022-25049 RESERVED CVE-2022-25048 (Command injection vulnerability in CWP v0.9.8.1126 that allows normal ...) NOT-FOR-US: CWP CVE-2022-25047 (The password reset token in CWP v0.9.8.1126 is generated using known o ...) NOT-FOR-US: CWP CVE-2022-25046 (A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows ...) NOT-FOR-US: CWP CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25044 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...) NOT-FOR-US: Espruino CVE-2022-25043 RESERVED CVE-2022-25042 RESERVED CVE-2022-25041 (OpenEMR v6.0.0 was discovered to contain an incorrect access control i ...) NOT-FOR-US: OpenEMR CVE-2022-25040 RESERVED CVE-2022-25039 RESERVED CVE-2022-25038 RESERVED CVE-2022-25037 RESERVED CVE-2022-25036 RESERVED CVE-2022-25035 RESERVED CVE-2022-25034 RESERVED CVE-2022-25033 RESERVED CVE-2022-25032 RESERVED CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an unquoted ...) NOT-FOR-US: Remote Desktop Commander Suite Agent CVE-2022-25030 RESERVED CVE-2022-25029 REJECTED CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25027 (The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2 ...) NOT-FOR-US: Rocket TRUfusion Portal CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2 ...) NOT-FOR-US: Rocket TRUfusion Portal CVE-2022-25025 RESERVED CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error in type ...) NOT-FOR-US: json2xml CVE-2022-25023 (Audio File commit 004065d was discovered to contain a heap-buffer over ...) NOT-FOR-US: AudioFile (different from src:audiofile) CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows atta ...) NOT-FOR-US: Htmly CVE-2022-25021 RESERVED CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows att ...) - pluxml (bug #1008264) [buster] - pluxml (EOL in buster LTS) NOTE: https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf CVE-2022-25019 REJECTED CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary c ...) - pluxml (bug #1008264) [buster] - pluxml (EOL in buster LTS) NOTE: https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf CVE-2022-25017 (Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulner ...) NOT-FOR-US: Hitron CHITA CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered to contai ...) NOT-FOR-US: Home Owners Collection Management System CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS ...) NOT-FOR-US: Ice Hrm CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scr ...) NOT-FOR-US: Ice Hrm CVE-2022-25013 (Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-s ...) NOT-FOR-US: Ice Hrm CVE-2022-25012 (Argus Surveillance DVR v4.0 employs weak password encryption.) NOT-FOR-US: Argus Surveillance DVR CVE-2022-25011 RESERVED CVE-2022-25010 (The component /rootfs in RageFile of Stepmania v5.1b2 and below allows ...) NOT-FOR-US: StepMania CVE-2022-25009 RESERVED CVE-2022-25008 (totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B202 ...) NOT-FOR-US: TOTOLINK CVE-2022-25007 RESERVED CVE-2022-25006 RESERVED CVE-2022-25005 RESERVED CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered to conta ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered to conta ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-25002 RESERVED CVE-2022-25001 RESERVED CVE-2022-25000 RESERVED CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...) {DLA-3299-1} - node-qs 6.10.3+ds+~6.9.7-1 [bullseye] - node-qs 6.9.4+ds-1+deb11u1 NOTE: https://github.com/ljharb/qs/pull/428 NOTE: https://github.com/n8tz/CVE-2022-24999 CVE-2022-24998 RESERVED CVE-2022-24997 RESERVED CVE-2022-24996 RESERVED CVE-2022-24995 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda CVE-2022-24994 RESERVED CVE-2022-24993 RESERVED CVE-2022-24992 (A vulnerability in the component process.php of QR Code Generator v5.2 ...) NOT-FOR-US: QR Code Generator CVE-2022-24991 RESERVED CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...) NOT-FOR-US: TerraMaster NAS CVE-2022-24989 (TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute ...) NOT-FOR-US: TerraMaster NAS CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...) NOT-FOR-US: galois_2p8 CVE-2022-24987 RESERVED CVE-2022-24986 (KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, b ...) - kcron 4:21.12.3-1 [bullseye] - kcron (Minor issue) [buster] - kcron (Minor issue) [stretch] - kcron (Minor issue, too intrusive to backport) NOTE: https://www.openwall.com/lists/oss-security/2022/02/25/3 NOTE: https://invent.kde.org/system/kcron/-/commit/ef4266e3d5ea741c4d4f442a2cb12a317d7502a1 NOTE: https://invent.kde.org/system/kcron/-/merge_requests/14 (followup fix) NOTE: https://kde.org/info/security/advisory-20220216-1.txt CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) NOT-FOR-US: JQueryForm.com CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...) NOT-FOR-US: JQueryForm.com CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...) NOT-FOR-US: JQueryForm.com CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) NOT-FOR-US: JQueryForm.com CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...) NOT-FOR-US: JQueryForm.com CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17829 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17842 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17847 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17855 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17891 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17925 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17926 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17931 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17932 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17933 CVE-2022-0584 RESERVED CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0 ...) NOT-FOR-US: LibreNMS CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...) NOT-FOR-US: TYPO3 extension CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) NOT-FOR-US: TYPO3 extension CVE-2022-24978 (Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privil ...) NOT-FOR-US: Zoho CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) NOT-FOR-US: ImpressCMS CVE-2022-0579 (Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.) - snipe-it (bug #1005172) CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to 9.2.8.) NOT-FOR-US: Publify CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) - atheme-services 7.2.12-1 [bullseye] - atheme-services (Minor issue; can be fixed via point release) [buster] - atheme-services (Minor issue; can be fixed via point release) [stretch] - atheme-services (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4 NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) {DLA-2950-1} - python-scrapy 2.6.1-1 (bug #1008234) [bullseye] - python-scrapy 2.4.1-2+deb11u1 [buster] - python-scrapy 1.5.1-1+deb10u1 NOTE: https://github.com/advisories/GHSA-cjvr-mfj7-j4j8 NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...) NOT-FOR-US: LibreNMS CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify prior to ...) NOT-FOR-US: Publify CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure ...) NOT-FOR-US: JFrog Artifactory CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359) CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...) - phoronix-test-suite CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1 NOTE: https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad CVE-2022-0569 (Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.) - snipe-it (bug #1005172) CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...) - git (unimportant) NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ NOTE: CVE is specifically about --mirror documentation not mentioning the availability NOTE: of deleted content. CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...) NOT-FOR-US: Proofpoint email-isolation CVE-2022-24973 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-24972 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: TP-Link CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24970 RESERVED CVE-2022-24969 (bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, th ...) NOT-FOR-US: Apache Dubbo CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...) NOT-FOR-US: Mellium CVE-2022-24967 (Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting ( ...) NOT-FOR-US: Black Rainbow NIMBUS CVE-2022-24966 RESERVED CVE-2022-24965 RESERVED CVE-2022-24964 RESERVED CVE-2022-24963 (Integer Overflow or Wraparound vulnerability in apr_encode functions o ...) {DSA-5370-1} - apr 1.7.2-1 [buster] - apr (Vulnerable code introduced later) NOTE: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 NOTE: http://svn.apache.org/r1904675 CVE-2022-24962 RESERVED CVE-2022-0568 RESERVED CVE-2022-0567 (A flaw was found in ovn-kubernetes. This flaw allows a system administ ...) NOT-FOR-US: Openshift/ovn-kubernetes CVE-2022-0566 (It may be possible for an attacker to craft an email message that caus ...) {DSA-5086-1 DLA-2930-1} - thunderbird 1:91.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566 CVE-2022-0565 (Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.) NOT-FOR-US: pimcore CVE-2021-22590 RESERVED CVE-2020-22592 RESERVED CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...) NOT-FOR-US: Portainer CVE-2022-24960 (A use after free vulnerability was discovered in PDFTron SDK version 9 ...) NOT-FOR-US: PDFTron CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1} - linux 5.16.7-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2) CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1) NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1) CVE-2022-24957 (DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficie ...) NOT-FOR-US: DHC Vision eQMS CVE-2022-24956 (An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort- ...) NOT-FOR-US: Shopware B2B-Suite CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) NOT-FOR-US: Foxit CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) NOT-FOR-US: Foxit CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent addition ...) - php-crypt-gpg 1.6.7-1 (bug #1005921) [bullseye] - php-crypt-gpg 1.6.4-2+deb11u1 NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7) CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal Terminal pr ...) - eternal-terminal (bug #861635) CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 6.2.0 whi ...) - eternal-terminal (bug #861635) CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...) - eternal-terminal (bug #861635) CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal prior to ver ...) - eternal-terminal (bug #861635) CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...) - jspwiki CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...) - jspwiki CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2022-24945 REJECTED CVE-2022-24944 REJECTED CVE-2022-24943 REJECTED CVE-2022-24942 (Heap based buffer overflow in HTTP Server functionality in Micrium uC- ...) NOT-FOR-US: Micrium uC-HTTP CVE-2022-24941 REJECTED CVE-2022-24940 REJECTED CVE-2022-24939 (A malformed packet containing an invalid destination address, causes a ...) NOT-FOR-US: Ember ZNet CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...) NOT-FOR-US: Ember ZNet CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: Ember ZNet CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader ver ...) NOT-FOR-US: Silicon Labs Gecko Bootloader CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control.) NOT-FOR-US: Lexmark CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...) NOT-FOR-US: Kingsoft WPS Office CVE-2022-24933 RESERVED CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup wizard pr ...) NOT-FOR-US: Samsung CVE-2022-24931 (Improper access control vulnerability in dynamic receiver in ApkInstal ...) NOT-FOR-US: Samsung CVE-2022-24930 (An Improper access control vulnerability in StRetailModeReceiver in We ...) NOT-FOR-US: Samsung CVE-2022-24929 (Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows ...) NOT-FOR-US: Samsung CVE-2022-24928 (Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Relea ...) NOT-FOR-US: Samsung CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...) NOT-FOR-US: Samsung CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...) NOT-FOR-US: Samsung CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...) NOT-FOR-US: Samsung CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...) NOT-FOR-US: Samsung CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...) NOT-FOR-US: Samsung CVE-2022-24922 RESERVED CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...) {DLA-3395-1 DLA-2986-1 DLA-2985-1} - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.8-1 - golang-1.15 [bullseye] - golang-1.15 1.15.15-1~deb11u4 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/51112 NOTE: https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8) NOTE: https://github.com/golang/go/commit/452f24ae94f38afa3704d4361d91d51218405c0a (go1.18rc1) CVE-2022-24920 RESERVED CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...) {DLA-3390-1 DLA-2980-1} - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-20680 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) CVE-2022-24918 (An authenticated user can create a link with reflected Javascript code ...) - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) [buster] - zabbix (The vulnerable code was introduced later) [stretch] - zabbix (The vulnerable code was introduced later) NOTE: https://support.zabbix.com/browse/ZBX-20680 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) CVE-2022-24917 (An authenticated user can create a link with reflected Javascript code ...) {DLA-3390-1 DLA-2980-1} - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-20680 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) CVE-2022-24911 RESERVED CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...) NOT-FOR-US: Qlik Sense Enterprise CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...) NOT-FOR-US: Optimism CVE-2022-24908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-24907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2022-24906 (Nextcloud Deck is a Kanban-style project & personal management tool fo ...) NOT-FOR-US: Nextcloud Deck CVE-2022-24905 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-24904 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules for TCP sy ...) {DSA-5150-1 DLA-3016-1} - rsyslog 8.2204.1-1 (bug #1010619) NOTE: https://www.openwall.com/lists/oss-security/2022/05/05/3 NOTE: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 NOTE: https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f (v8.2204.1) NOTE: Introduced by (plugins/imptcp/imptcp.c): https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2 (v8.27.0, CVE-2018-16881) NOTE: Introduced by (runtime/tcps_sess.c): https://github.com/rsyslog/rsyslog/commit/01feb44bf1d091ec45ff425a096a0169f290da4b (v8.27.0) NOTE: Introduced by (contrib/imhttp/imhttp.c): https://github.com/rsyslog/rsyslog/commit/6102f6083cfa73fe4a91e3d34c4d1dc924465278 (v8.2010.0) CVE-2022-24902 (TkVideoplayer is a simple library to play video files in tkinter. Unco ...) NOT-FOR-US: TkVideoplayer CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple Game Cen ...) NOT-FOR-US: parse-server CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...) NOT-FOR-US: Piano LED Visualizer CVE-2022-24899 (Contao is a powerful open source CMS that allows you to create profess ...) NOT-FOR-US: Contao CMS CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...) NOT-FOR-US: Xwiki CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...) NOT-FOR-US: Xwiki CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developments a ...) NOT-FOR-US: Tuleap CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...) {DLA-3493-1} - symfony 5.4.20+dfsg-1 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...) {DLA-3493-1} - symfony 5.4.20+dfsg-1 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv NOTE: https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...) NOT-FOR-US: ESP-IDF CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...) NOT-FOR-US: Shopware CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...) - libowasp-esapi-java 2.4.0.0-1 (bug #1010339) [bullseye] - libowasp-esapi-java (Minor issue) [buster] - libowasp-esapi-java (Minor issue) [stretch] - libowasp-esapi-java (Minor issue) NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. In ...) NOT-FOR-US: Nextcloud talk app CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-24887 (Nextcloud Talk is a video and audio conferencing app for Nextcloud, a ...) NOT-FOR-US: Nextcloud talk app CVE-2022-24886 (Nextcloud Android app is the Android client for Nextcloud, a self-host ...) NOT-FOR-US: Nextcloud Android app CVE-2022-24885 (Nextcloud Android app is the Android client for Nextcloud, a self-host ...) NOT-FOR-US: Nextcloud Android app CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keygen, si ...) {DSA-5132-1 DLA-2997-1} - ecdsautils 0.4.1-1 NOTE: https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw NOTE: https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 (v0.4.1) CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) {DLA-3654-1} - freerdp2 2.7.0+dfsg1-1 [bullseye] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) - freerdp2 2.7.0+dfsg1-1 [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) NOT-FOR-US: Ballcat Codegen CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) NOT-FOR-US: flask-session-captcha CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...) NOT-FOR-US: Shopware CVE-2022-24878 (Flux is an open and extensible continuous delivery solution for Kubern ...) NOT-FOR-US: Flux project fluxcd CVE-2022-24877 (Flux is an open and extensible continuous delivery solution for Kubern ...) NOT-FOR-US: Flux project fluxcd CVE-2022-24876 (GLPI is a Free Asset and IT Management Software package, that provides ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr NOTE: https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6 NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24875 (The CVEProject/cve-services is an open source project used to operate ...) NOT-FOR-US: CVEProject cve-services CVE-2022-24874 REJECTED CVE-2022-24873 (Shopware is an open source e-commerce software platform. Prior to vers ...) NOT-FOR-US: Shopware CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...) NOT-FOR-US: Shopware CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...) NOT-FOR-US: Shopware CVE-2022-24870 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...) NOT-FOR-US: Combodo iTop CVE-2022-24869 (GLPI is a Free Asset and IT Management Software package, that provides ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24868 (GLPI is a Free Asset and IT Management Software package, that provides ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that provides ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...) NOT-FOR-US: Discourse CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...) NOT-FOR-US: HumHub CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...) NOT-FOR-US: Origin Protocol CVE-2022-24863 (http-swagger is an open source wrapper to automatically generate RESTf ...) NOT-FOR-US: http-swagger CVE-2022-24862 (Databasir is a team-oriented relational database model document manage ...) NOT-FOR-US: Databasir CVE-2022-24861 (Databasir is a team-oriented relational database model document manage ...) NOT-FOR-US: Databasir CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...) NOT-FOR-US: Databasir CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...) {DLA-3451-1 DLA-3039-1} - pypdf2 1.27.9-1 (bug #1009879) [bullseye] - pypdf2 (Minor issue) NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79 NOTE: https://github.com/py-pdf/PyPDF2/issues/329 NOTE: https://github.com/py-pdf/PyPDF2/pull/740 CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth versi ...) NOT-FOR-US: NextAuth.js CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...) NOT-FOR-US: django-mfa3 CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform. FlyteCo ...) NOT-FOR-US: flyteorg/flyteconsole CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...) NOT-FOR-US: Metabase CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...) NOT-FOR-US: Metabase CVE-2022-24853 (Metabase is an open source business intelligence and analytics applica ...) NOT-FOR-US: Metabase CVE-2022-24852 RESERVED CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for managing ...) {DSA-5177-1} - ldap-account-manager 7.9.1-1 [stretch] - ldap-account-manager (Minor issue) NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v NOTE: https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49 NOTE: https://github.com/LDAPAccountManager/lam/issues/170 CVE-2022-24850 (Discourse is an open source platform for community discussion. A categ ...) NOT-FOR-US: Discourse CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5 ...) NOT-FOR-US: DisCatSharp CVE-2022-24848 (DHIS2 is an information system for data capture, management, validatio ...) NOT-FOR-US: DHIS2 CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...) NOT-FOR-US: geoserver CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The GeoWebCa ...) NOT-FOR-US: geowebcache CVE-2022-24845 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2022-24844 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: Gin-vue-admin CVE-2022-24843 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: Gin-vue-admin CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Affero G ...) - minio (bug #859207) CVE-2022-24841 (fleetdm/fleet is an open source device management, built on osquery. A ...) NOT-FOR-US: Fleet CVE-2022-24840 (django-s3file is a lightweight file upload input for Django and Amazon ...) NOT-FOR-US: django-s3file CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork of `org ...) - nekohtml 1.9.22.noko2-0.1 (bug #1021739) [bullseye] - nekohtml (Minor issue) [buster] - nekohtml (Minor issue) [stretch] - nekohtml (Minor issue) NOTE: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv NOTE: https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud framewo ...) NOT-FOR-US: Nextcloud Calendar CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted, collaborative mark ...) NOT-FOR-US: HedgeDoc CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< ...) {DLA-3149-1 DLA-3003-1} - ruby-nokogiri 1.13.5+dfsg-1 (bug #1009787) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 NOTE: https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd CVE-2022-24835 RESERVED CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...) {DSA-5610-1} - redis 5:7.0.12-1 [bullseye] - redis (Minor issue) [buster] - redis (Minor issue) NOTE: https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES NOTE: https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 (7.2-rc3) NOTE: https://github.com/redis/redis/commit/f6a7c9f9ec9354702cc3143310a24bf3d1507b03 (7.0.12) NOTE: https://github.com/redis/redis/pull/12398 CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone where the ...) NOT-FOR-US: PrivateBin CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...) NOT-FOR-US: GoCD CVE-2022-24831 (OpenClinica is an open source software for Electronic Data Capture (ED ...) NOT-FOR-US: OpenClinica CVE-2022-24830 (OpenClinica is an open source software for Electronic Data Capture (ED ...) NOT-FOR-US: OpenClinica CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...) NOT-FOR-US: Garden CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...) - composer 2.2.12-1 (bug #1009960) [bullseye] - composer 2.0.9-2+deb11u1 [buster] - composer 1.8.4-1+deb10u2 [stretch] - composer (Minor issue) NOTE: https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 (2.2.12) NOTE: https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web ...) NOT-FOR-US: Elide CVE-2022-24826 (On Windows, if Git LFS operates on a malicious repository with a `..ex ...) NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The pr ...) NOT-FOR-US: Smokescreen CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2022-24823 (Netty is an open-source, asynchronous event-driven network application ...) - netty (unimportant; bug #1010693) NOTE: https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q NOTE: https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 NOTE: Issue exists because of isufficient fix for CVE-2021-21290 NOTE: Impacts only applications running on Java version 6 and lower. CVE-2022-24822 (Podium is a library for building micro frontends. @podium/layout is a ...) NOT-FOR-US: Podium# CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-24820 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-24819 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-24818 (GeoTools is an open source Java library that provides tools for geospa ...) NOT-FOR-US: GeoTools CVE-2022-24817 (Flux2 is an open and extensible continuous delivery solution for Kuber ...) NOT-FOR-US: Flux project fluxcd CVE-2022-24816 (JAI-EXT is an open-source project which aims to extend the Java Advanc ...) NOT-FOR-US: JAI-EXT CVE-2022-24815 (JHipster is a development platform to quickly generate, develop, & dep ...) NOT-FOR-US: JHipster CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) NOT-FOR-US: Miraheze CreateWiki CVE-2022-24812 (Grafana is an open-source platform for monitoring and observability. W ...) - grafana (Only affects Grafana Enterprise) CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...) NOT-FOR-US: Combodi CVE-2022-24810 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24809 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24808 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24807 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24806 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24805 (net-snmp provides various tools relating to the Simple Network Managem ...) {DSA-5209-1 DLA-3088-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24804 (Discourse is an open source platform for community discussion. In stab ...) NOT-FOR-US: Discourse CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor\u2019s standard include process ...) [experimental] - ruby-asciidoctor-include-ext 0.4.0-1 - ruby-asciidoctor-include-ext 0.4.0-2 (bug #1009035) [bullseye] - ruby-asciidoctor-include-ext (Minor issue) NOTE: https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29 NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155 (v0.4.0) NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee (v0.4.0) CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality to deep m ...) NOT-FOR-US: deepmerge-ts CVE-2022-24801 (Twisted is an event-based framework for internet applications, support ...) {DLA-2991-1} - twisted 22.4.0-1 (bug #1009030) [bullseye] - twisted 20.3.0-7+deb11u1 [buster] - twisted 18.9.0-3+deb10u1 NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq NOTE: https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1 NOTE: https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1) CVE-2022-24800 (October/System is the system module for October CMS, a self-hosted CMS ...) NOT-FOR-US: October CMS CVE-2022-24799 (wire-webapp is the web application interface for the wire messaging se ...) NOT-FOR-US: wire-webapp CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server, ...) NOT-FOR-US: Internet Routing Registry daemon (iird) CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed service mod ...) NOT-FOR-US: Pomerium CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...) NOT-FOR-US: RaspberryMatic CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) {DLA-3516-1 DLA-3492-1} - ruby-yajl 1.4.3-1 (bug #1014803) [bullseye] - ruby-yajl (Minor issue) [buster] - ruby-yajl (Minor issue) [stretch] - ruby-yajl (Minor issue) - yajl 2.1.0-4 (bug #1040036) [bookworm] - yajl 2.1.0-3+deb12u2 [bullseye] - yajl 2.1.0-3+deb11u2 - burp (bug #1040146) [bookworm] - burp (Minor issue) [bullseye] - burp (Minor issue) - epics-base (bug #1040159) [bookworm] - epics-base (Minor issue) - r-cran-jsonlite 1.8.8+dfsg-1 (bug #1040161) [bookworm] - r-cran-jsonlite (Minor issue) [bullseye] - r-cran-jsonlite (Minor issue) [buster] - r-cran-jsonlite (Minor issue) - xqilla (Vulnerable code not present; embeds not-affected ancient yajl version) NOTE: xqilla's embedded yajl is ancient (around 0.2.2), not having the vulnerable code NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 NOTE: https://github.com/lloyd/yajl/issues/239 CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) NOT-FOR-US: Express OpenID Connect CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) [bookworm] - ring (Minor issue) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3194-1 DLA-3036-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (unimportant) NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799 NOTE: https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213 NOTE: should only affect 32bit builds. CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...) NOT-FOR-US: wasmtime CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...) {DSA-5146-1 DLA-3083-1} - puma 5.6.4-1 (bug #1008723) [stretch] - puma (possibly introduces regressions) NOTE: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 NOTE: https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 (5-6-stable) NOTE: https://github.com/puma/puma/commit/6c514e70f5ae0ff14c9b0091fa84bfa39b022025 (v5.6.3) CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (CMS). ...) NOT-FOR-US: C1 CMS CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) NOT-FOR-US: Vyper CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3194-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk (Vulnerable code not present) - pjproject [stretch] - pjproject (Vulnerable code not present) - ring 20230206.0~ds1-1 (unimportant) NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q NOTE: https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 CVE-2022-24785 (Moment.js is a JavaScript date library for parsing, validating, manipu ...) {DLA-3295-1} - node-moment 2.29.2+ds-1 (bug #1009327) [bullseye] - node-moment 2.29.1+ds-2+deb11u1 [stretch] - node-moment (Nodejs in stretch not covered by security support) NOTE: https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 NOTE: https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 (2.29.2) CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and ...) NOT-FOR-US: Statamic CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions of Deno ...) NOT-FOR-US: Deno CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...) NOT-FOR-US: Discourse CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...) NOT-FOR-US: Geon CVE-2022-24780 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodi CVE-2022-24779 RESERVED CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to support ...) NOT-FOR-US: imgcrypt CVE-2022-24777 (grpc-swift is the Swift language implementation of gRPC, a remote proc ...) NOT-FOR-US: grpc-swift CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (Fixed before initial upload to archive) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1804 CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...) - php-guzzlehttp-psr7 1.8.5-1 (bug #1008236) [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u1 [buster] - php-guzzlehttp-psr7 1.4.2-0.1+deb10u1 NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96 CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) repositor ...) NOT-FOR-US: CycloneDX BOM Repository Server CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge 1.3.0~dfsg-1 [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) CVE-2022-24772 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge 1.3.0~dfsg-1 [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge 1.3.0~dfsg-1 [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765 NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) CVE-2022-24770 (`gradio` is an open source framework for building interactive machine ...) NOT-FOR-US: gradio CVE-2022-24769 (Moby is an open-source project created by Docker to enable and acceler ...) {DSA-5162-1} - containerd 1.6.2~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-24767 (GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when ...) NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) - mitmproxy 8.1.1-1 (bug #1008948) [bullseye] - mitmproxy (Minor issue) [buster] - mitmproxy (Minor issue) [stretch] - mitmproxy (Minor issue, intrusive to backport) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3 NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0) CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...) {DSA-5332-1 DLA-3239-1} - git 1:2.35.2-1 [stretch] - git (Minor issue) NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3) NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3) NOTE: https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 (v2.30.3) NOTE: https://github.com/git/git/commit/fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 (v2.30.3) NOTE: https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709 (v2.30.3) (doc) NOTE: https://github.com/git/git/commit/e47363e5a8bdf5144059d664c45c0975243ef05b (v2.30.4) (regression) NOTE: https://github.com/git/git/commit/bb50ec3cc300eeff3aba7a2bea145aabdb477d31 (v2.30.4) (regression) NOTE: https://github.com/git/git/commit/0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 (v2.30.4) (functional change mitigation / opt-out) NOTE: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ NOTE: Limitations of ownership checking for the CVE fix: NOTE: https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rGYTaKQ1i2ihrPmX2Sz3Zxg-y66L+1Qh6g@mail.gmail.com/ NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/ NOTE: See CVE-2022-29187 for further fixes CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4 NOTE: https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...) NOT-FOR-US: sysend.js CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) {DSA-5138-1 DLA-3000-1} - waitress 2.1.1-1 (bug #1008013) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 NOTE: https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (v2.1.1) CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...) NOT-FOR-US: Parse Server CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of noise ...) NOT-FOR-US: chainsafe/libp2p-noise CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for interacti ...) - jupyter-notebook 6.4.12-1 (bug #1014771) [bullseye] - jupyter-notebook (Minor issue) [buster] - jupyter-notebook (Minor issue) NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 NOTE: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e (6.4.10) CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...) - jupyter-server 1.16.0-1 (bug #1008319) [bullseye] - jupyter-server (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a (v1.15.4) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr CVE-2022-24756 (Bareos is open source software for backup, archiving, and recovery of ...) - bareos [buster] - bareos (PAM support not yet present) [stretch] - bareos (PAM support not yet present) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j NOTE: https://github.com/bareos/bareos/pull/1115 NOTE: https://github.com/bareos/bareos/pull/1119 NOTE: https://github.com/bareos/bareos/pull/1121 NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recovery of ...) - bareos [buster] - bareos (PAM support not yet present) [stretch] - bareos (PAM support not yet present) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26 NOTE: https://github.com/bareos/bareos/pull/1115 NOTE: https://github.com/bareos/bareos/pull/1119 NOTE: https://github.com/bareos/bareos/pull/1121 NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/ CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...) {DLA-3549-1 DLA-2962-1} - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 NOTE: https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...) NOT-FOR-US: Stripe CLI CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for Symfony applic ...) NOT-FOR-US: SyliusGridBundle CVE-2022-24751 (Zulip is an open source group chat application. Starting with version ...) - zulip-server (bug #800052) CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...) NOT-FOR-US: UltraVNC CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior to 1.9. ...) NOT-FOR-US: Sylius CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...) NOT-FOR-US: Shopware CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php Framewo ...) NOT-FOR-US: Shopware CVE-2022-24746 (Shopware is an open commerce platform based on the Symfony php Framewo ...) NOT-FOR-US: Shopware CVE-2022-24745 (Shopware is an open commerce platform based on the Symfony php Framewo ...) NOT-FOR-US: Shopware CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php Framewo ...) NOT-FOR-US: Shopware CVE-2022-24743 (Sylius is an open source eCommerce platform. Prior to versions 1.10.11 ...) NOT-FOR-US: Sylius CVE-2022-24742 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...) NOT-FOR-US: Sylius CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style services p ...) - nextcloud-server (bug #941708) CVE-2022-24740 (Volto is a ReactJS-based frontend for the Plone Content Management Sys ...) NOT-FOR-US: Volto CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior to 3.0. ...) NOT-FOR-US: alltube CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) NOT-FOR-US: Evmos CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical concept ...) - httpie 3.2.1-1 (bug #1008011) [bullseye] - httpie (Minor issue) [buster] - httpie (Minor issue) [stretch] - httpie (Minor issue) NOTE: https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0) CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...) [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) [buster] - redis (Minor issue; requires authed user; problematic to backport patch) [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...) [experimental] - redis 5:7.0.0-1 - redis 5:7.0.1-4 [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) [buster] - redis (Minor issue; requires authed user; problematic to backport patch) [stretch] - redis (Minor issue; requires authed user; problematic to backport patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq NOTE: https://github.com/redis/redis/pull/10651 CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...) NOT-FOR-US: MyBB CVE-2022-24733 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...) NOT-FOR-US: Sylius CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email server. Vers ...) NOT-FOR-US: Maddy Mail Server CVE-2022-24731 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) NOT-FOR-US: Argo CD CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1015217) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) [stretch] - ckeditor3 (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) - ckeditor 4.19.0+dfsg-1 [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1015217) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) [stretch] - ckeditor3 (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0) NOTE: MITRE's referenced patch (above) does not seem related CVE-2022-24727 REJECTED CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in version ...) NOT-FOR-US: Node shescape CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference implementati ...) - cmark-gfm 0.29.0.gfm.3-3 (bug #1006756) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - ghostwriter 2.1.6+ds-1 (bug #1006757) [bullseye] - ghostwriter (Vulnerable code not present) [buster] - ghostwriter (Vulnerable code not present) - python-cmarkgfm 0.7.0-1 (bug #1006758) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - ruby-commonmarker 0.23.4-1 (bug #1006759) [bullseye] - ruby-commonmarker (Minor issue) [buster] - ruby-commonmarker (Minor issue) - r-cran-commonmark 1.8.0-1 (bug #1006760) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x NOTE: https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.3 NOTE: https://github.com/github/cmark-gfm/commit/ac80f7b56522ffa158e1f0c14a611ffccacd4027 (0.29.0.gfm.3) NOTE: https://github.com/gjtorikian/commonmarker/26ff69679d1bf53adf43279236a7f74d06013f4c (v0.23.4) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2258 CVE-2022-24723 (URI.js is a Javascript URL mutation library. Before version 1.19.9, wh ...) - node-urijs (bug #902083) NOTE: https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 (v1.19.9) NOTE: https://github.com/medialize/URI.js/releases/tag/v1.19.9 CVE-2022-24722 (VIewComponent is a framework for building view components in Ruby on R ...) NOT-FOR-US: VIewComponent CVE-2022-24721 (CometD is a scalable comet implementation for web messaging. In any ve ...) NOT-FOR-US: CometD CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...) {DSA-5310-1} - ruby-image-processing 1.10.3-2 (bug #1007225) NOTE: https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446 NOTE: https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada (v1.12.2) CVE-2022-24719 (Fluture-Node is a FP-style HTTP and streaming utils for Node based on ...) NOT-FOR-US: Fluture-Node CVE-2022-24718 (ssr-pages is an HTML page builder for the purpose of server-side rende ...) NOT-FOR-US: ssr-pages CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of server-side rende ...) NOT-FOR-US: ssr-pages CVE-2022-24716 (Icinga Web 2 is an open source monitoring web interface, framework and ...) - icingaweb2 2.9.6-1 [bullseye] - icingaweb2 (Vulnerable code not present) [buster] - icingaweb2 (Vulnerable code not present) [stretch] - icingaweb2 (vulnerable code not present) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw NOTE: https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d CVE-2022-24715 (Icinga Web 2 is an open source monitoring web interface, framework and ...) - icingaweb2 2.9.6-1 [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63 NOTE: https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, framework and ...) - icingaweb2 2.9.6-1 [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (vulnerable code not present) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf NOTE: https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293 CVE-2022-24713 (regex is an implementation of regular expressions for the Rust languag ...) {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} - firefox 99.0-1 - firefox-esr 91.8.0esr-1 - thunderbird 1:91.8.0-1 - rust-regex 1.5.5-1 (bug #1007176) [bullseye] - rust-regex (Minor issue) [buster] - rust-regex (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0013.html NOTE: https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 NOTE: https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e (1.5.5) NOTE: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-24713 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-24713 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-24713 CVE-2022-24712 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) - codeigniter (bug #471583) CVE-2022-24711 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) - codeigniter (bug #471583) CVE-2022-24710 (Weblate is a copyleft software web-based continuous localization syste ...) - weblate (bug #745661) CVE-2022-24709 (@awsui/components-react is the main AWS UI package which contains Reac ...) NOT-FOR-US: Node components-react CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2022-24706 (In Apache CouchDB prior to 3.2.2, an attacker can access an improperly ...) - couchdb NOTE: https://www.openwall.com/lists/oss-security/2022/04/26/1 CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...) NOT-FOR-US: ACCEL-PPP CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...) NOT-FOR-US: ACCEL-PPP CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) NOT-FOR-US: WIN-911 CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) NOT-FOR-US: WIN-911 CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...) - util-linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-4 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-4 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11.) NOT-FOR-US: microweber CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...) NOT-FOR-US: microweber CVE-2022-24703 RESERVED CVE-2022-24702 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF ...) NOT-FOR-US: WinAPRS CVE-2022-24701 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in nationa ...) NOT-FOR-US: WinAPRS CVE-2022-24700 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI ad ...) NOT-FOR-US: WinAPRS CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...) NOT-FOR-US: Zyxel CVE-2022-0555 RESERVED CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/ NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327) NOTE: Crash in CLI tool, no security impact CVE-2022-0553 (There is no check to see if slot 0 is being uploaded from the device t ...) NOT-FOR-US: Zephyr CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http CVE-2021 ...) NOT-FOR-US: Red Hat OpenShift Logging elasticsearch6 container CVE-2022-24699 RESERVED CVE-2022-24698 RESERVED CVE-2022-24697 (Kylin's cube designer function has a command injection vulnerability w ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...) NOT-FOR-US: Nozomi Networks CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...) NOT-FOR-US: Nozomi Networks CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) [experimental] - gitlab 14.6.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0548 RESERVED CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...) NOT-FOR-US: Mirametrix Glance CVE-2022-24695 (Bluetooth Classic in Bluetooth Core Specification through 5.3 does not ...) NOT-FOR-US: Bluetooth protocol issue CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) - mahara CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB ...) NOT-FOR-US: Baicells Nova436Q and Neutrino 430 devices CVE-2022-24692 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The n ...) NOT-FOR-US: DSK DSKNet CVE-2022-24691 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL ...) NOT-FOR-US: DSK DSKNet CVE-2022-24690 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A Pre ...) NOT-FOR-US: DSK DSKNet CVE-2022-24689 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mi ...) NOT-FOR-US: DSK DSKNet CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The T ...) NOT-FOR-US: DSK DSKNet CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...) - consul 1.9.17+dfsg2-1 (bug #1006487) [bullseye] - consul (EOL in Bullseye) [buster] - consul (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (v1.9.15) CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561 NOTE: https://github.com/hashicorp/nomad/issues/12038 CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562 NOTE: https://github.com/hashicorp/nomad/issues/12039 NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6) CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) NOT-FOR-US: Zimbra CVE-2022-24681 (Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the we ...) NOT-FOR-US: Zoho CVE-2022-24680 (A security link following local privilege escalation vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-24679 (A security link following local privilege escalation vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-24678 (An security agent resource exhaustion denial-of-service vulnerability ...) NOT-FOR-US: Trend Micro CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...) NOT-FOR-US: HYBBS2 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...) NOT-FOR-US: HYBBS2 CVE-2022-24675 (encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode ...) - golang-1.18 1.18.1-1 - golang-1.17 1.17.9-1 NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 NOTE: https://go.dev/issue/51853 CVE-2022-24674 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Canon CVE-2022-24673 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Canon CVE-2022-24672 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Canon CVE-2022-24383 (The affected product is vulnerable to an out-of-bounds read, which may ...) NOT-FOR-US: Fuji Electric CVE-2022-21228 (The affected product is vulnerable to a stack-based buffer overflow, w ...) NOT-FOR-US: Fuji Electric CVE-2022-21214 (The affected product is vulnerable to a heap-based buffer overflow, wh ...) NOT-FOR-US: Fuji Electric CVE-2022-21202 (The affected product is vulnerable to an out-of-bounds read, which may ...) NOT-FOR-US: Fuji Electric CVE-2022-21168 (The affected product is vulnerable due to an invalid pointer initializ ...) NOT-FOR-US: Fuji Electric CVE-2022-24671 (A link following privilege escalation vulnerability in Trend Micro Ant ...) NOT-FOR-US: Trend Micro CVE-2022-24670 (An attacker can use the unrestricted LDAP queries to determine configu ...) NOT-FOR-US: forgerock CVE-2022-24669 (It may be possible to gain some details of the deployment through a we ...) NOT-FOR-US: forgerock CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...) {DLA-2992-1} - openvpn 2.5.6-1 (bug #1008015) [bullseye] - openvpn (Minor issue) [buster] - openvpn (Minor issue) NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 NOTE: https://github.com/OpenVPN/openvpn/commit/58ec3bb4aac77131118dbbc39a65181e7847adee (v2.4.12) NOTE: https://github.com/OpenVPN/openvpn/commit/af3e382649d96ae77cc5e42be8270f355e5cfec5 (v2.5.6) CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...) {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94572 NOTE: Patch: https://developer.blender.org/D11952 NOTE: https://developer.blender.org/rB77616082f44da5258faf9ec0d53618c721b88c62 (v3.1.0) NOTE: https://developer.blender.org/rB1ee4e6bf31ff32f87f9cd1eafa548d6811794380 (v2.93.9) CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...) {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94629 NOTE: Patch: https://developer.blender.org/D13744 NOTE: https://developer.blender.org/rB82858ca3f4e6dc6f840af9306c350900abd491fc (v3.1.0) NOTE: https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8) NOTE: https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19) CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...) {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94661 NOTE: https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816 (v3.1.0) NOTE: https://developer.blender.org/rBbbad834f1c2a1f7030ed9741c486b23241e8885e (v2.93.8) NOTE: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72 (v2.83.19) CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...) {DSA-5081-1} - redis 5:6.0.16-2 (bug #1005787) [stretch] - redis (Lua support plus packaging issue introduced later) NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) NOT-FOR-US: chatwoot CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...) NOT-FOR-US: WordPress plugin CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...) NOT-FOR-US: Jira Seraph CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...) NOT-FOR-US: beanstalk_console CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...) - jenkins CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a high pr ...) NOT-FOR-US: WordPress plugin CVE-2022-0536 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) - node-follow-redirects 1.14.8+~1.14.0-1 [bullseye] - node-follow-redirects 1.13.1-1+deb11u1 [buster] - node-follow-redirects (Minor issue, too intrusive to backport) NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/ NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8) CVE-2022-0535 (The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...) {DLA-2928-1} - htmldoc 1.9.15-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u2 [buster] - htmldoc 1.9.3-1+deb10u3 NOTE: https://github.com/michaelrsweet/htmldoc/issues/463 NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15) NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15) NOTE: Crash in CLI tool, no security impact CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 ...) NOT-FOR-US: WordPress plugin CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...) - cri-o (bug #979702) CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) {DSA-5202-1 DLA-3118-1} - unzip 6.0-27 (bug #1010355) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 NOTE: https://github.com/ByteHackr/unzip_poc NOTE: Unclear status, checking with upstream CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) {DSA-5202-1 DLA-3118-1} - unzip 6.0-27 (bug #1010355) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 NOTE: https://github.com/ByteHackr/unzip_poc NOTE: Unclear status, checking with upstream CVE-2021-46681 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2021-46680 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2021-46679 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2021-46678 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2021-46677 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2021-46676 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) NOT-FOR-US: Pandora FMS CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-0528 (Server-Side Request Forgery (SSRF) in GitHub repository transloadit/up ...) NOT-FOR-US: Node uppy CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) NOT-FOR-US: chatwoot CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9 NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...) NOT-FOR-US: Publify CVE-2022-0523 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...) NOT-FOR-US: Node radare2.js CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2.) NOT-FOR-US: Node radare2.js CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa CVE-2022-0517 (Mozilla VPN can load an OpenSSL configuration file from an unsecured d ...) NOT-FOR-US: Mozilla VPN CVE-2022-0516 (A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/k ...) {DSA-5092-1} - linux 5.16.10-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2 CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) NOT-FOR-US: PHP Everywhere CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) NOT-FOR-US: PHP Everywhere CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) NOT-FOR-US: PHP Everywhere CVE-2022-24662 RESERVED CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) NOT-FOR-US: Siemens CVE-2022-24660 (The debug interface of Goldshell ASIC Miners v2.2.1 and below was disc ...) NOT-FOR-US: Goldshell ASIC Miners CVE-2022-24659 (Goldshell ASIC Miners v2.2.1 and below was discovered to contain a pat ...) NOT-FOR-US: Goldshell ASIC Miners CVE-2022-24658 RESERVED CVE-2022-24657 (Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded crede ...) NOT-FOR-US: Goldshell ASIC Miners CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...) NOT-FOR-US: HexoEditor CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...) NOT-FOR-US: Netgear CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability in "Fiel ...) NOT-FOR-US: Intelbras ATA 200 CVE-2022-24653 RESERVED CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...) NOT-FOR-US: sentcms CVE-2022-24651 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...) NOT-FOR-US: sentcms CVE-2022-24650 RESERVED CVE-2022-24649 RESERVED CVE-2022-24648 RESERVED CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...) NOT-FOR-US: Cuppa CMS CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-24645 RESERVED CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...) NOT-FOR-US: KeyMouse CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in the OpenEM ...) NOT-FOR-US: OpenEMR CVE-2022-24642 RESERVED CVE-2022-24641 RESERVED CVE-2022-24640 RESERVED CVE-2022-24639 RESERVED CVE-2022-24638 RESERVED CVE-2022-24637 (Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote ...) NOT-FOR-US: Open Web Analytics (OWA) CVE-2022-24636 RESERVED CVE-2022-24635 RESERVED CVE-2022-24634 RESERVED CVE-2022-24633 (All versions of FileCloud prior to 21.3 are vulnerable to user enumera ...) NOT-FOR-US: FileCloud CVE-2022-24632 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24631 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24630 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24629 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24628 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24627 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) NOT-FOR-US: AudioCodes Device Manager Express CVE-2022-24626 RESERVED CVE-2022-24625 RESERVED CVE-2022-24624 RESERVED CVE-2022-24623 RESERVED CVE-2022-24622 RESERVED CVE-2022-24621 RESERVED CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XS ...) - piwigo CVE-2022-24619 RESERVED CVE-2022-24618 (Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and e ...) NOT-FOR-US: Heimdal Premium Security CVE-2022-24617 RESERVED CVE-2022-24616 RESERVED CVE-2022-24615 (zip4j up to v2.10.0 can throw various uncaught exceptions while parsin ...) - zip4j 2.10.0-1 [bullseye] - zip4j (Minor issue) NOTE: https://github.com/srikanth-lingala/zip4j/issues/377 CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor up to 2 ...) - libmetadata-extractor-java (unimportant) NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561 NOTE: Fixed in 2.18.0 but per upstream there's no real security impact: NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784 CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...) - libmetadata-extractor-java (unimportant) NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561 NOTE: Fixed in 2.18.0 but per upstream there's no real security impact: NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784 CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...) NOT-FOR-US: Z-Wave devices CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...) NOT-FOR-US: Alecto CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability. ...) NOT-FOR-US: Luocms CVE-2022-24608 (Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/s ...) NOT-FOR-US: Luocms CVE-2022-24607 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.) NOT-FOR-US: Luocms CVE-2022-24606 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.) NOT-FOR-US: Luocms CVE-2022-24605 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.) NOT-FOR-US: Luocms CVE-2022-24604 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.) NOT-FOR-US: Luocms CVE-2022-24603 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.) NOT-FOR-US: Luocms CVE-2022-24602 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.) NOT-FOR-US: Luocms CVE-2022-24601 (Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.p ...) NOT-FOR-US: Luocms CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.php. An ...) NOT-FOR-US: Luocms CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...) {DLA-3650-1} - audiofile 0.3.6-6 (bug #1008017) [bookworm] - audiofile (Minor issue) [bullseye] - audiofile (Minor issue) [stretch] - audiofile (Minor issue) NOTE: https://github.com/mpruett/audiofile/issues/60 CVE-2022-24598 RESERVED CVE-2022-24597 RESERVED CVE-2022-24596 RESERVED CVE-2022-24595 (Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0. ...) NOT-FOR-US: Automotive Grade Linux Kooky Koi CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using X-Forwarded-For ...) NOT-FOR-US: waline CVE-2022-24593 RESERVED CVE-2022-24592 RESERVED CVE-2022-24591 RESERVED CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...) - backdrop (bug #914257) CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...) NOT-FOR-US: Burden CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: Flatpress CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...) - pluxml (bug #1008264) [buster] - pluxml (EOL in buster LTS) NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) - pluxml (bug #1008264) [buster] - pluxml (EOL in buster LTS) NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) - pluxml (bug #1008264) [buster] - pluxml (EOL in buster LTS) NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the YubiKey ha ...) NOT-FOR-US: yubico.com CVE-2022-24583 RESERVED CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijac ...) NOT-FOR-US: Accounting Journal Management CVE-2022-24581 (ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture v ...) NOT-FOR-US: ACEweb Online Portal CVE-2022-24580 REJECTED CVE-2022-24579 RESERVED CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/ NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0) CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0) CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box.) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2061 NOTE: https://huntr.dev/bounties/011ac07c-6139-4f43-b745-424143e60ac7/ NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0) CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2058 NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/ NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0) CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/ NOTE: https://github.com/gpac/gpac/issues/2055 NOTE: https://github.com/gpac/gpac/commit/9f8510835b97a729baf3646a3171bf51b4a8592e (v2.0.0) CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin interfa ...) NOT-FOR-US: Element-IT CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...) NOT-FOR-US: Car Driving School Management System CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL injection ...) NOT-FOR-US: Car Driving School Management System CVE-2022-24570 RESERVED CVE-2022-24569 RESERVED CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...) NOT-FOR-US: Novel-plus CVE-2022-24567 RESERVED CVE-2022-24566 (In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed i ...) - check-mk CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1 ...) - check-mk CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability ...) - check-mk CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: Genixcms CVE-2022-24562 (In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send G ...) NOT-FOR-US: IOBit CVE-2022-24561 RESERVED CVE-2022-24560 RESERVED CVE-2022-24559 RESERVED CVE-2022-24558 RESERVED CVE-2022-24557 RESERVED CVE-2022-24556 RESERVED CVE-2022-24555 RESERVED CVE-2022-24554 RESERVED CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backgrou ...) NOT-FOR-US: Zfaka CVE-2022-24552 (A flaw was found in the REST API in StarWind Stack. REST command, whic ...) NOT-FOR-US: StarWind CVE-2022-24551 (A flaw was found in StarWind Stack. The endpoint for setting a new pas ...) NOT-FOR-US: StarWind CVE-2022-24550 (Windows Telephony Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24549 (Windows AppX Package Manager Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24548 (Microsoft Defender Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24547 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24546 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24545 (Windows Kerberos Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24544 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24543 (Windows Upgrade Assistant Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24542 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24541 (Windows Server Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24540 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24539 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) NOT-FOR-US: Microsoft CVE-2022-24538 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24537 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24536 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24535 RESERVED CVE-2022-24534 (Win32 Stream Enumeration Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24533 (Remote Desktop Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24532 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24531 RESERVED CVE-2022-24530 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24529 RESERVED CVE-2022-24528 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24527 (Microsoft Endpoint Configuration Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-24526 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24524 RESERVED CVE-2022-24523 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24522 (Skype Extension for Chrome Information Disclosure Vulnerability) NOT-FOR-US: Skype Extension for Chrome CVE-2022-24521 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-24520 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24519 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24514 RESERVED CVE-2022-24513 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24512 (.NET and Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-24511 (Microsoft Office Word Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24510 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24509 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24508 (Win32 File Enumeration Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24507 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2022-24506 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24505 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24504 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-24503 (Remote Desktop Protocol Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24502 (Windows HTML Platforms Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24501 (VP9 Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24500 (Windows SMB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24499 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24498 (Windows iSCSI Target Service Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24497 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24496 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-24495 (Windows Direct Show - Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24494 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2022-24493 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2022-24492 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24491 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24490 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) NOT-FOR-US: Microsoft CVE-2022-24489 (Cluster Client Failover (CCF) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24488 (Windows Desktop Bridge Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24487 (Windows Local Security Authority (LSA) Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-24486 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24485 (Win32 File Enumeration Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24484 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24483 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-24478 RESERVED CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24476 RESERVED CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24474 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24473 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24472 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24471 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24470 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24469 (Azure Site Recovery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24466 (Windows Hyper-V Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-24463 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24462 (Microsoft Word Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24461 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24460 (Tablet Windows User Interface Application Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2022-24459 (Windows Fax and Scan Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24458 RESERVED CVE-2022-24457 (HEIF Image Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24456 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24455 (Windows CD-ROM Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24454 (Windows Security Support Provider Interface Elevation of Privilege Vul ...) NOT-FOR-US: Microsoft CVE-2022-24453 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24452 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24451 (VP9 Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...) - nats-server (Fixed before initial upload to Debian) NOTE: https://advisories.nats.io/CVE/CVE-2022-24450.txt CVE-2022-24449 (Solar appScreener through 3.10.4, when a valid license is not present, ...) NOT-FOR-US: Solar appScreener CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.16.7-1 NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2) CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus before 6 ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-24445 REJECTED CVE-2022-24444 (Silverstripe silverstripe/framework through 4.10 allows Session Fixati ...) NOT-FOR-US: Silverstripe CMS CVE-2022-24443 RESERVED CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-24428 (Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2. ...) NOT-FOR-US: Dell CVE-2022-24427 REJECTED CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 ...) NOT-FOR-US: Dell CVE-2022-24425 REJECTED CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...) NOT-FOR-US: EMC CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service v ...) NOT-FOR-US: EMC CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...) NOT-FOR-US: Dell CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24418 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24417 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2022-24414 (Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is expos ...) NOT-FOR-US: EMC CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...) NOT-FOR-US: EMC CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of privileg ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-24410 (Dell BIOS contains an information exposure vulnerability. An unauthent ...) NOT-FOR-US: Dell CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing channel vuln ...) NOT-FOR-US: Dell CVE-2022-24380 RESERVED CVE-2022-22147 RESERVED CVE-2022-21130 RESERVED CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...) NOT-FOR-US: Crater CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...) NOT-FOR-US: Crater CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) {DLA-3336-1} - node-url-parse 1.5.7-1 [bullseye] - node-url-parse 1.5.3-1+deb11u2 [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6) CVE-2022-0511 (Mozilla developers and community members Gabriele Svelto, Sebastian He ...) - firefox 97.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511 CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...) NOT-FOR-US: pimcore CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...) - peertube (bug #950821) CVE-2022-0507 (Found a potential security vulnerability inside the Pandora API. Affec ...) NOT-FOR-US: Pandora FMS CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) NOT-FOR-US: microweber CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...) NOT-FOR-US: microweber CVE-2022-0503 (The WordPress Multisite Content Copier/Updater WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2021-46675 RESERVED CVE-2021-46674 RESERVED CVE-2021-46673 RESERVED CVE-2021-46672 RESERVED CVE-2013-20004 (A flaw was found in StarWind iSCSI target. StarWind service does not l ...) NOT-FOR-US: StarWind CVE-2007-20001 (A flaw was found in StarWind iSCSI target. An attacker could script st ...) NOT-FOR-US: StarWind CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) NOT-FOR-US: beanstalk_console CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...) - linux 5.16.10-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578 CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-0498 REJECTED CVE-2022-0497 (A vulnerbiility was found in Openscad, where a .scad file with no trai ...) - openscad 2021.01-4 (unimportant; bug #1005641) NOTE: https://github.com/openscad/openscad/issues/4043 NOTE: Crash in CLI tool, no security impact CVE-2022-0496 (A vulnerbiility was found in Openscad, where a DXF-format drawing with ...) - openscad 2021.01-4 (unimportant; bug #1005641) NOTE: https://github.com/openscad/openscad/issues/4037 NOTE: Crash in CLI tool, no security impact CVE-2022-0495 (The library automation system product KOHA developed by Parantez Tekno ...) NOT-FOR-US: KOHA library automation system CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.16.14-1 NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5) CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...) NOT-FOR-US: WordPress plugin CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...) {DLA-3028-1} - atftp 0.7.git20210915-1 (bug #1004974) [bullseye] - atftp 0.7.git20120829-3.3+deb11u2 [buster] - atftp 0.7.git20120829-3.2~deb10u3 NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5) CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does ...) {DSA-5087-1 DLA-2931-1} [experimental] - cyrus-sasl2 2.1.28+dfsg-1 - cyrus-sasl2 2.1.28+dfsg-2 NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28) NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master) NOTE: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because multipart/form-data bo ...) NOT-FOR-US: OX App Suite CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a serializ ...) NOT-FOR-US: OX App Suite CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface encrypted ...) NOT-FOR-US: TETRA CVE-2022-24403 (The TETRA TA61 identity encryption function internally uses a 64-bit v ...) NOT-FOR-US: TETRA TA61 CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register initializ ...) NOT-FOR-US: TETRA CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface encrypted tr ...) NOT-FOR-US: TETRA CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adversary t ...) NOT-FOR-US: TETRA CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...) NOT-FOR-US: Intel CVE-2022-24379 (Improper input validation in some Intel(R) Server System M70KLP Family ...) NOT-FOR-US: Intel CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) NOT-FOR-US: Intel CVE-2022-23917 RESERVED CVE-2022-23914 RESERVED CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for Industrial s ...) NOT-FOR-US: Intel CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler s ...) NOT-FOR-US: Intel CVE-2022-21795 RESERVED CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...) {DLA-3379-1} - intel-microcode 3.20220809.1 [bullseye] - intel-microcode 3.20230214.1~deb11u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809 CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software ...) NOT-FOR-US: Intel CVE-2022-0492 (A vulnerability was found in the Linux kernel\u2019s cgroup_release_ag ...) {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} - linux 5.16.7-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1 NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af CVE-2022-0491 RESERVED CVE-2022-0490 RESERVED CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) [experimental] - gitlab 14.6.5+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520 CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...) NOT-FOR-US: SAP CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2022-24397 (SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, doe ...) NOT-FOR-US: SAP CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does n ...) NOT-FOR-US: SAP CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) NOT-FOR-US: Fidelis CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) NOT-FOR-US: Fidelis CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) NOT-FOR-US: Fidelis CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...) NOT-FOR-US: Fidelis CVE-2022-24390 (Vulnerability in rconfig \u201cremote_text_file\u201d enables an attac ...) NOT-FOR-US: Fidelis CVE-2022-24389 (Vulnerability in rconfig \u201ccert_utils\u201d enables an attacker wi ...) NOT-FOR-US: Fidelis CVE-2022-24388 (Vulnerability in rconfig \u201cdate\u201d enables an attacker with use ...) NOT-FOR-US: Fidelis CVE-2022-24387 (With administrator or admin privileges the application can be tricked ...) NOT-FOR-US: SmarterTrack CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...) NOT-FOR-US: SmarterTrack CVE-2022-24385 (A Direct Object Access vulnerability in SmarterTools SmarterTrack lead ...) NOT-FOR-US: SmarterTrack CVE-2022-24384 (Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack ...) NOT-FOR-US: SmarterTrack CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...) NOT-FOR-US: CSV+ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...) {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} - linux 5.16.10-1 (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516 NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) NOTE: CONFIG_MMC_MOXART is not set in Debian. CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...) NOT-FOR-US: Fidelis CVE-2022-0485 (A flaw was found in the copying tool `nbdcopy` of libnbd. When perform ...) - libnbd 1.10.5-1 (bug #1005307) [bullseye] - libnbd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324 NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb (v1.11.8) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/9219d2e70c770d8efb98d6e8eaf68e8e354631e3 (v1.10.4) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/6c8f2f859926b82094fb5e85c446ea099700fa10 (v1.6.6) NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...) NOT-FOR-US: Mirantis Container Cloud Lens CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis VSS Doctor CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) NOT-FOR-US: easyappointments CVE-2022-24372 (Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary ...) NOT-FOR-US: Linksys CVE-2022-24371 RESERVED CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5. ...) NOT-FOR-US: Insyde CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) NOT-FOR-US: Insyde CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...) {DLA-3390-1 DLA-2980-1} - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-20680 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...) NOT-FOR-US: Argo CD CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via R ...) - intellij-idea (bug #747616) CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (with ...) - intellij-idea (bug #747616) CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could be set ...) NOT-FOR-US: JetBrains YouTrack CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF w ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account to chang ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the c ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.) NOT-FOR-US: JetBrains TeamCity CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.) NOT-FOR-US: JetBrains TeamCity CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull requests wer ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Tim ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call wa ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't remove a R ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication impersona ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an external si ...) NOT-FOR-US: JetBrains TeamCity CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock dependen ...) - kotlin (bug #1007243) NOTE: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/ NOTE: https://youtrack.jetbrains.com/issue/KT-49449 (not public) CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user could perfo ...) NOT-FOR-US: JetBrains Hub CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with JetBrains Accou ...) NOT-FOR-US: JetBrains Hub CVE-2022-24326 RESERVED CVE-2022-24325 RESERVED CVE-2022-23402 (The following Yokogawa Electric products hard-code the password for CA ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-23401 (The following Yokogawa Electric products contain insecure DLL loading ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-22729 (CAMS for HIS Server contained in the following Yokogawa Electric produ ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-22151 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-22148 ('Root Service' service implemented in the following Yokogawa Electric ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-22145 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-22141 ('Long-term Data Archive Package' service implemented in the following ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-21808 (Path traversal vulnerability exists in CAMS for HIS Server contained i ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-21194 (The following Yokogawa Electric products do not change the passwords o ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-21177 (There is a path traversal vulnerability in CAMS for HIS Log Server con ...) NOT-FOR-US: Yokogawa Electric products CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027 NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e CVE-2022-24324 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Schneider Electric CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) NOT-FOR-US: Schneider Electric CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) NOT-FOR-US: Schneider Electric CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...) NOT-FOR-US: Schneider Electric CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...) NOT-FOR-US: Schneider Electric CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...) NOT-FOR-US: Schneider Electric CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...) NOT-FOR-US: Schneider Electric CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...) NOT-FOR-US: Schneider Electric CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider Electric CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...) NOT-FOR-US: Schneider Electric CVE-2022-24309 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2022-0480 (A flaw was found in the filelock_init in fs/locks.c function in the Li ...) - linux 5.15.3-1 [bullseye] - linux (Minor issue) [buster] - linux (Minor issue) [stretch] - linux (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700 NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1) CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d NOTE: https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few translat ...) NOT-FOR-US: OTRS NOTE: Only affects 7.x/8.x, so won't affect znuny fork packaged in Debian CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...) NOT-FOR-US: OTRS NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...) NOT-FOR-US: OTRS NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian CVE-2022-24308 (Automox Agent prior to version 37 on Windows and Linux and Version 36 ...) NOT-FOR-US: Automox CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) - mastodon (bug #859741) CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows account t ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-24304 REJECTED CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spaces in ...) - pillow 9.0.1-1 [bullseye] - pillow (Minor issue) [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1) CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation and chmo ...) {DLA-3104-1 DLA-2959-1} - paramiko 2.10.3-1 (bug #1008012) [bullseye] - paramiko (Minor issue) NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1) CVE-2022-24296 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air ...) NOT-FOR-US: Mitsubishi CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...) NOT-FOR-US: Okta Advanced Server Access Client CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, ...) NOT-FOR-US: Netcommunity OG410X and OG810X series CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...) NOT-FOR-US: jsdecena/laracom CVE-2022-0471 (The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-24294 (A regular expression used in Apache MXNet (incubating) is vulnerable t ...) NOT-FOR-US: Apache MXNet CVE-2022-24293 (Certain HP Print devices may be vulnerable to potential information di ...) NOT-FOR-US: HP CVE-2022-24292 (Certain HP Print devices may be vulnerable to potential information di ...) NOT-FOR-US: HP CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential information di ...) NOT-FOR-US: HP CVE-2022-24290 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Teamcenter /Siemens CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...) NOT-FOR-US: Apache Cayenne CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs did not p ...) - airflow (bug #819700) CVE-2022-24287 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) NOT-FOR-US: Siemens CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...) NOT-FOR-US: ELECOM CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...) NOT-FOR-US: ELECOM CVE-2022-0470 (Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758. ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0469 (Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0468 (Use after free in Payments in Google Chrome prior to 98.0.4758.80 allo ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0467 (Inappropriate implementation in Pointer Lock in Google Chrome on Windo ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0466 (Inappropriate implementation in Extensions Platform in Google Chrome p ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0465 (Use after free in Extensions in Google Chrome prior to 98.0.4758.80 al ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0464 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0463 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0462 (Inappropriate implementation in Scroll in Google Chrome prior to 98.0. ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0461 (Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0460 (Use after free in Window Dialogue in Google Chrome prior to 98.0.4758. ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0459 (Use after free in Screen Capture in Google Chrome prior to 98.0.4758.8 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0458 (Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0457 (Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0456 (Use after free in Web Search in Google Chrome prior to 98.0.4758.80 al ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0455 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0454 (Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 a ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0453 (Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 a ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0452 (Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 ...) {DSA-5068-1} - chromium 98.0.4758.80-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...) NOT-FOR-US: Dart SDK CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...) NOT-FOR-US: WordPress plugin CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0446 (The Simple Banner WordPress plugin before 2.12.0 does not properly san ...) NOT-FOR-US: WordPress plugin CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Conse ...) NOT-FOR-US: WordPress plugin CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281) NOTE: Crash in CLI tool, no security issue CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...) NOT-FOR-US: WordPress plugin CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to validate som ...) NOT-FOR-US: WordPress plugin CVE-2022-0440 (The Catch Themes Demo Import WordPress plugin before 2.1.1 does not va ...) NOT-FOR-US: WordPress plugin CVE-2022-0439 (The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0438 RESERVED CVE-2021-46670 RESERVED CVE-2022-24286 (Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00. ...) NOT-FOR-US: Acer CVE-2022-24285 (Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege ...) NOT-FOR-US: Acer CVE-2022-24284 RESERVED CVE-2022-24283 RESERVED CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.) NOT-FOR-US: Node karma CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.) {DLA-3386-1} [experimental] - grunt 1.5.2-1 - grunt 1.5.2-2 (bug #1009676) [bullseye] - grunt 1.3.0-1+deb11u1 [stretch] - grunt (Minor issue) NOTE: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 (v1.5.0) NOTE: https://github.com/gruntjs/grunt/pull/1740 NOTE: https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...) {DLA-3114-1} - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-25638 CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25787 NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...) - mariadb-10.6 1:10.6.5-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-26350 NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5 CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...) - mariadb-10.6 (Fixed before initial upload to Debian) - mariadb-10.5 1:10.5.11-1 [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25635 NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25636 NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25761 NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-26351 NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...) - mariadb-10.6 1:10.6.5-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25637 NOTE: https://jira.mariadb.org/browse/MDEV-22464 NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5 CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25766 NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 CVE-2021-4218 (A flaw was found in the Linux kernel\u2019s implementation of reading ...) - linux (Vulnerable code not present; specific to CentOS/RHEL) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359 NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always used copy_to_user() NOTE: until the general conversion of sysctls to use a kernel buffer. CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...) NOT-FOR-US: Siemens CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All versions < V1.0. ...) NOT-FOR-US: Siemens CVE-2022-24280 (Improper Input Validation vulnerability in Proxy component of Apache P ...) NOT-FOR-US: Apache Pulsar CVE-2022-24277 RESERVED CVE-2022-24276 RESERVED CVE-2022-24275 RESERVED CVE-2022-24274 RESERVED CVE-2022-24273 RESERVED CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-63968 CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the IGXMPXMLPars ...) NOT-FOR-US: Accusoft ImageGear CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.16.10-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1 NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216 CVE-2022-0434 (The Page View Count WordPress plugin before 2.4.15 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's BPF su ...) - linux (Vulnerable code newer in a supported Debian release; only affected experimental) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259 NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1) CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...) - mastodon (bug #859741) CVE-2022-0431 (The Insights from Google PageSpeed WordPress plugin before 4.0.4 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) - httpie 3.2.1-1 (bug #1014765) [bullseye] - httpie (Minor issue) [buster] - httpie (Minor issue) [stretch] - httpie (Minor issue) NOTE: https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0) CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...) - gitlab 15.10.8+ds1-2 CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) NOT-FOR-US: WordPress plugin CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...) NOT-FOR-US: Irker CVE-2022-0424 (The Popup by Supsystic WordPress plugin before 1.10.9 does not have an ...) NOT-FOR-US: WordPress plugin CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0421 (The Five Star Restaurant Reservations WordPress plugin before 2.4.12 d ...) NOT-FOR-US: WordPress plugin CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-24271 RESERVED CVE-2022-24270 RESERVED CVE-2022-24269 RESERVED CVE-2022-24268 RESERVED CVE-2022-24267 RESERVED CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Cuppa CMS CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) NOT-FOR-US: Hospital Management System CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...) NOT-FOR-US: Voipmonitor CVE-2022-24261 RESERVED CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...) NOT-FOR-US: Voipmonitor CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...) NOT-FOR-US: Voipmonitor CVE-2022-24258 RESERVED CVE-2022-24257 RESERVED CVE-2022-24256 RESERVED CVE-2022-24255 (Extensis Portfolio v4.0 was discovered to contain hardcoded credential ...) NOT-FOR-US: Extensis Portfolio CVE-2022-24254 (An unrestricted file upload vulnerability in the Backup/Restore Archiv ...) NOT-FOR-US: Extensis Portfolio CVE-2022-24253 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...) NOT-FOR-US: Extensis Portfolio CVE-2022-24252 (An unrestricted file upload vulnerability in the FileTransferServlet c ...) NOT-FOR-US: Extensis Portfolio CVE-2022-24251 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...) NOT-FOR-US: Extensis Portfolio CVE-2022-24250 RESERVED CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2081 NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9 (v2.0.0) CVE-2022-24248 (RiteCMS version 3.1.0 and below suffers from an arbitrary file deletio ...) NOT-FOR-US: RiteCMS CVE-2022-24247 (RiteCMS version 3.1.0 and below suffers from an arbitrary file overwri ...) NOT-FOR-US: RiteCMS CVE-2022-24246 RESERVED CVE-2022-24245 RESERVED CVE-2022-24244 RESERVED CVE-2022-24243 RESERVED CVE-2022-24242 RESERVED CVE-2022-24241 (ACEweb Online Portal 3.5.065 was discovered to contain an External Con ...) NOT-FOR-US: ACEweb Online Portal CVE-2022-24240 (ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection ...) NOT-FOR-US: ACEweb Online Portal CVE-2022-24239 (ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted ...) NOT-FOR-US: ACEweb Online Portal CVE-2022-24238 (ACEweb Online Portal 3.5.065 was discovered to contain a cross-site sc ...) NOT-FOR-US: ACEweb Online Portal CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...) NOT-FOR-US: Snapt Aria CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...) NOT-FOR-US: Snapt Aria CVE-2022-24235 (A Cross-Site Request Forgery (CSRF) in the management portal of Snapt ...) NOT-FOR-US: Snapt Aria CVE-2022-24234 RESERVED CVE-2022-24233 RESERVED CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-24231 (Simple Student Information System v1.0 was discovered to contain a SQL ...) NOT-FOR-US: Simple Student Information System CVE-2022-24230 RESERVED CVE-2022-24229 (A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Serv ...) NOT-FOR-US: ONLYOFFICE CVE-2022-24228 RESERVED CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.0 ...) NOT-FOR-US: BoltWire CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...) NOT-FOR-US: Hospital Management System CVE-2022-24225 RESERVED CVE-2022-24224 RESERVED CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...) NOT-FOR-US: AtomCMS CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: eliteCMS CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...) NOT-FOR-US: eliteCMS CVE-2022-24217 RESERVED CVE-2022-24216 RESERVED CVE-2022-24215 RESERVED CVE-2022-24214 RESERVED CVE-2022-24213 RESERVED CVE-2022-24212 RESERVED CVE-2022-24211 RESERVED CVE-2022-24210 RESERVED CVE-2022-24209 RESERVED CVE-2022-24208 RESERVED CVE-2022-24207 RESERVED CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-24205 RESERVED CVE-2022-24204 RESERVED CVE-2022-24203 RESERVED CVE-2022-24202 RESERVED CVE-2022-24201 RESERVED CVE-2022-24200 RESERVED CVE-2022-24199 RESERVED CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...) NOT-FOR-US: iText CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...) NOT-FOR-US: iText CVE-2022-24196 (iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to c ...) NOT-FOR-US: iText CVE-2022-24195 RESERVED CVE-2022-24194 RESERVED CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command injection vul ...) NOT-FOR-US: CasaOS CVE-2022-24192 RESERVED CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can l ...) - htmldoc 1.9.15-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u3 [buster] - htmldoc 1.9.3-1+deb10u4 NOTE: https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077 (v1.9.15) NOTE: https://github.com/michaelrsweet/htmldoc/issues/470 NOTE: Hang in CLI tool, no security impact CVE-2022-24190 (The /device/acceptBind end-point for Ourphoto App version 1.4.1 does n ...) NOT-FOR-US: Ourphoto App CVE-2022-24189 (The user_token authorization header on the Ourphoto App version 1.4.1 ...) NOT-FOR-US: Ourphoto App CVE-2022-24188 (The /device/signin end-point for the Ourphoto App version 1.4.1 disclo ...) NOT-FOR-US: Ourphoto App CVE-2022-24187 (The user_id and device_id on the Ourphoto App version 1.4.1 /device/* ...) NOT-FOR-US: Ourphoto App CVE-2022-24186 RESERVED CVE-2022-24185 RESERVED CVE-2022-24184 RESERVED CVE-2022-24183 RESERVED CVE-2022-24182 RESERVED CVE-2022-24181 (Cross-site scripting (XSS) via Host Header injection in PKP Open Journ ...) NOT-FOR-US: PKP Open Journals System CVE-2022-24180 RESERVED CVE-2022-24179 RESERVED CVE-2022-24178 RESERVED CVE-2022-24177 (A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej ...) NOT-FOR-US: Ex libris ALEPH 500 CVE-2022-24176 RESERVED CVE-2022-24175 RESERVED CVE-2022-24174 RESERVED CVE-2022-24173 RESERVED CVE-2022-24172 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24171 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24170 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24169 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24168 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24167 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24166 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24165 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24164 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2022-24163 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24162 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24161 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) NOT-FOR-US: Tenda routers CVE-2022-24160 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24159 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24158 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24157 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24156 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24155 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) NOT-FOR-US: Tenda routers CVE-2022-24154 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24153 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24152 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24151 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24150 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24149 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24148 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24147 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24146 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) NOT-FOR-US: Tenda routers CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...) NOT-FOR-US: Tenda routers CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) NOT-FOR-US: Tenda routers CVE-2022-24141 (The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to d ...) NOT-FOR-US: iTop VPN CVE-2022-24140 (IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, ...) NOT-FOR-US: IOBit Advanced System Care CVE-2022-24139 (In IOBit Advanced System Care (AscService.exe) 15, an attacker with SE ...) NOT-FOR-US: IOBit Advanced System Care CVE-2022-24138 (IOBit Advanced System Care (Asc.exe) 15 and Action Download Center bot ...) NOT-FOR-US: IOBit Advanced System Care CVE-2022-24137 RESERVED CVE-2022-24136 (Hospital Management System v1.0 is affected by an unrestricted upload ...) NOT-FOR-US: Hospital Management System CVE-2022-24135 (QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability ...) NOT-FOR-US: QingScan CVE-2022-24134 RESERVED CVE-2022-24133 RESERVED CVE-2022-24132 (phpshe V1.8 is affected by a denial of service (DoS) attack in the reg ...) NOT-FOR-US: phpshe CVE-2022-24131 (DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) ...) NOT-FOR-US: DouPHP CVE-2022-21170 (Improper check for certificate revocation in i-FILTER Ver.10.45R01 and ...) NOT-FOR-US: i-FILTER CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3053-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/ NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245) CVE-2022-0416 RESERVED CVE-2022-0415 (Remote Command Execution in uploading repository file in GitHub reposi ...) NOT-FOR-US: Go Git Service CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...) {DLA-2913-1} - xterm 370-2 (bug #1004689) [bullseye] - xterm 366-1+deb11u1 [buster] - xterm 344-1+deb10u2 NOTE: https://twitter.com/nickblack/status/1487731459398025216 NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3 NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...) NOT-FOR-US: Shibboleth identity provider OIDC OP plugin CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege esc ...) NOT-FOR-US: Timescale TimescaleDB CVE-2022-24127 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Pr ...) NOT-FOR-US: REDCap CVE-2022-24126 (A buffer overflow in the NRSessionSearchResult parser in Bandai Namco ...) NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III CVE-2022-24125 (The matchmaking servers of Bandai Namco FromSoftware Dark Souls III th ...) NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...) NOT-FOR-US: Casdoor CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...) NOT-FOR-US: MarkText CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...) NOT-FOR-US: Unified Office CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...) NOT-FOR-US: Signiant Manager+Agents CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25631 NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2 CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...) - mariadb-10.6 (Fixed before initial upload to Debian) - mariadb-10.5 1:10.5.11-1 [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25630 NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3 CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...) - mariadb-10.6 (Fixed before initial upload to Debian) - mariadb-10.5 1:10.5.11-1 [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 NOTE: https://jira.mariadb.org/browse/MDEV-25629 NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 CVE-2022-0414 (Improper Validation of Specified Quantity in Input in Packagist doliba ...) - dolibarr CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253) NOTE: Crash in CLI tool, no security issue CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...) NOT-FOR-US: WordPress plugin CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0410 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...) - linux 5.15.15-2 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1 NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5 CVE-2022-24120 (Certain General Electric Renewable Energy products store cleartext cre ...) NOT-FOR-US: General Electric Renewable Energy products CVE-2022-24119 (Certain General Electric Renewable Energy products have a hidden featu ...) NOT-FOR-US: General Electric Renewable Energy products CVE-2022-24118 (Certain General Electric Renewable Energy products allow attackers to ...) NOT-FOR-US: General Electric Renewable Energy products CVE-2022-24117 (Certain General Electric Renewable Energy products download firmware w ...) NOT-FOR-US: General Electric Renewable Energy products CVE-2022-24116 (Certain General Electric Renewable Energy products have inadequate enc ...) NOT-FOR-US: General Electric Renewable Energy products CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...) NOT-FOR-US: Acronis CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...) NOT-FOR-US: Acronis CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) NOT-FOR-US: ShowDoc CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247) NOTE: Crash in CLI tool, no security issue CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) - vim 2:8.2.4659-1 (unimportant) [buster] - vim (The vulnerable code is not present) [stretch] - vim (The vulnerable code is not present) NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219) NOTE: Crash in CLI tool, no security issue CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...) NOT-FOR-US: Apache APISIX CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web prior ...) - calibre-web (bug #982690) CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...) - calibre-web (bug #982690) CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4 ...) NOT-FOR-US: WordPress plugin CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...) NOT-FOR-US: WordPress plugin CVE-2022-0402 (The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0 ...) NOT-FOR-US: WordPress plugin CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.) NOT-FOR-US: Node w-zip CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux kernel in ...) - linux (unimportant) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public) NOTE: non issue, no security impact CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin before 1. ...) NOT-FOR-US: WordPress plugin CVE-2022-0398 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...) NOT-FOR-US: WordPress plugin CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 d ...) NOT-FOR-US: WordPress plugin CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...) NOT-FOR-US: Mirmay Secure Private Browser and File Manager CVE-2017-20016 (A vulnerability has been found in WEKA INTEREST Security Scanner up to ...) NOT-FOR-US: WEKA INTEREST CVE-2017-20015 (A vulnerability, which was classified as problematic, was found in WEK ...) NOT-FOR-US: WEKA INTEREST CVE-2017-20014 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: WEKA INTEREST CVE-2017-20013 (A vulnerability classified as problematic was found in WEKA INTEREST S ...) NOT-FOR-US: WEKA INTEREST CVE-2017-20012 (A vulnerability classified as problematic has been found in WEKA INTER ...) NOT-FOR-US: WEKA INTEREST CVE-2017-20011 (A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It ha ...) NOT-FOR-US: WEKA INTEREST CVE-2015-10002 (A vulnerability classified as problematic has been found in Kiddoware ...) NOT-FOR-US: Kiddoware Kids Place CVE-2010-10001 (A vulnerability, which was classified as problematic, was found in She ...) NOT-FOR-US: Grabit CVE-2008-10001 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: Pro2col Stingray FTS CVE-2005-10001 (A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and clas ...) NOT-FOR-US: Netegrity SiteMinder CVE-2003-5003 (A vulnerability was found in ISS BlackICE PC Protection. It has been r ...) NOT-FOR-US: ISS BlackICE CVE-2003-5002 (A vulnerability was found in ISS BlackICE PC Protection. It has been d ...) NOT-FOR-US: ISS BlackICE CVE-2003-5001 (A vulnerability was found in ISS BlackICE PC Protection and classified ...) NOT-FOR-US: ISS BlackICE CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...) - mahara CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...) NOT-FOR-US: Kiteworks managed file transfer CVE-2022-24109 (An issue was discovered in ONOS 2.5.1. To attack an intent installed b ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...) NOT-FOR-US: OpenCart plugin CVE-2022-24107 (Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.) - xpdf (Debian uses poppler, which is not affected) CVE-2022-24106 (In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing ...) - poppler (bug #1021669; unimportant) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1297 NOTE: Code only compiled with -DENABLE_DCTDECODER=unmaintained CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-24103 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-24102 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-24101 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) NOT-FOR-US: Adobe CVE-2022-24100 RESERVED CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2022-24090 (Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-24089 RESERVED CVE-2022-24088 RESERVED CVE-2022-24087 RESERVED CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) NOT-FOR-US: Adobe CVE-2022-24085 RESERVED CVE-2022-24084 RESERVED CVE-2022-24083 (Password authentication bypass vulnerability for local accounts can be ...) NOT-FOR-US: Pega CVE-2022-24082 (If an on-premise installation of the Pega Platform is configured with ...) NOT-FOR-US: Pega Platform CVE-2022-24081 RESERVED CVE-2022-24080 RESERVED CVE-2022-24079 RESERVED CVE-2022-24078 RESERVED CVE-2022-24077 (Naver Cloud Explorer Beta allows the attacker to execute arbitrary cod ...) NOT-FOR-US: Naver Cloud Explorer CVE-2022-24076 RESERVED CVE-2022-24075 (Whale browser before 3.12.129.18 allowed extensions to replace JavaScr ...) NOT-FOR-US: Whale browser CVE-2022-24074 (Whale Bridge, a default extension in Whale browser before 3.12.129.18, ...) NOT-FOR-US: Whale Bridge CVE-2022-24073 (The Web Request API in Whale browser before 3.12.129.18 allowed to den ...) NOT-FOR-US: Whale browser CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed extension ...) NOT-FOR-US: Whale browser CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...) NOT-FOR-US: Whale browser CVE-2022-24070 (Subversion's mod_dav_svn is vulnerable to memory corruption. While loo ...) {DSA-5119-1} - subversion 1.14.2-1 [stretch] - subversion (Vulnerable codepaths added in 1.10.0-alpha1) NOTE: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9 ...) - bind9 1:9.18.1-1 [bullseye] - bind9 1:9.16.27-1~deb11u1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-0396 CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) - vim 2:8.2.4659-1 (unimportant) [buster] - vim (The vulnerable code is not present) [stretch] - vim (The vulnerable code is not present) NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) NOTE: Crash in CLI tool, no security impact CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Sante DICOM Viewer CVE-2022-24054 RESERVED CVE-2022-24053 RESERVED CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Es ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/ CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalation Vuln ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/ CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vul ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Sonos One Speaker CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege E ...) - mariadb-10.6 1:10.6.7-1 - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: BMC Track-It! CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Sonos One Speaker CVE-2022-24045 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24044 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24043 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24042 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24041 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All versions < V02 ...) NOT-FOR-US: Siemens CVE-2022-24038 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access v ...) NOT-FOR-US: Karmasis informatics solutions CVE-2022-24037 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access ...) NOT-FOR-US: Karmasis informatics solutions CVE-2022-24036 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vu ...) NOT-FOR-US: Karmasis CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...) NOT-FOR-US: GE CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...) NOT-FOR-US: Advantech CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...) NOT-FOR-US: GE CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP functionali ...) NOT-FOR-US: LeadTools CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.) {DLA-3204-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) [stretch] - vim (vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...) {DLA-3575-1} - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 [buster] - python3.7 (Minor issue, different approach to sanitization; regressions reports) - python3.5 - python3.4 - python2.7 [bullseye] - python2.7 2.7.18-8+deb11u1 - pypy3 7.3.6+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43882 NOTE: Regressions reported for django, boto-core and cloud-init NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1) NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2) NOTE: Fixed by: https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 (v3.9.5) NOTE: Followup for 3.9.x: https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 (v3.9.6) NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11) NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11) NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14) CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2021-4217 (A flaw was found in unzip. The vulnerability occurs due to improper ha ...) - unzip (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583 NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 NOTE: Crash in CLI tool, no security impact CVE-2021-4216 (A Floating point exception (division-by-zero) flaw was found in Mupdf ...) - mupdf 1.20.0+ds1-1 (unimportant) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704834 NOTE: https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf (1.20.0-rc1) NOTE: Negligible security impact, crash in CLI tool CVE-2022-24035 (An issue was discovered in ONOS 2.5.1. The purge-requested intent rema ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2022-24034 RESERVED CVE-2022-24033 RESERVED CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...) NOT-FOR-US: Adenza AxiomSL ControllerView CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...) NOT-FOR-US: Insyde CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24029 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24028 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24027 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24026 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24025 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24024 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24023 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24022 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24021 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24020 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24019 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24018 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24017 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24016 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24015 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24014 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24013 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24012 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24011 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24010 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24009 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24008 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24007 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24006 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-24005 (A buffer overflow vulnerability exists in the GetValue functionality o ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...) NOT-FOR-US: Sophos Mail Manager CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...) NOT-FOR-US: WordPress plugin CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46614 (Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds ...) NOT-FOR-US: Bentley CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley CVE-2022-24004 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Me ...) NOT-FOR-US: REDCap CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...) NOT-FOR-US: Samsung CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...) NOT-FOR-US: Samsung CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...) NOT-FOR-US: Samsung CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...) NOT-FOR-US: Samsung CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...) NOT-FOR-US: Samsung CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...) NOT-FOR-US: Samsung CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...) NOT-FOR-US: Samsung CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...) NOT-FOR-US: Samsung CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...) NOT-FOR-US: Samsung CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...) NOT-FOR-US: Samsung CVE-2022-23993 (/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus bef ...) NOT-FOR-US: pfSense CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...) NOT-FOR-US: XCOM Data Transport CVE-2022-23991 RESERVED CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-3 NOTE: https://github.com/libexpat/libexpat/pull/551 NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4) NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4) CVE-2022-23989 (In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.1 ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...) NOT-FOR-US: WordPress plugin CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...) NOT-FOR-US: WordPress plugin CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) NOT-FOR-US: WordPress plugin CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) NOT-FOR-US: WordPress plugin CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr \u2013 Yet ...) NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-23978 RESERVED CVE-2022-23977 RESERVED CVE-2022-23976 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on ...) NOT-FOR-US: Access Demo Importer CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on ...) NOT-FOR-US: Access Demo Importer CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...) NOT-FOR-US: Apache Pinot CVE-2022-23103 (A stack-based buffer overflow vulnerability exists in the confsrv conf ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...) - linux 5.15.15-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) NOT-FOR-US: microweber CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...) NOT-FOR-US: WordPress plugin CVE-2022-0376 (The User Meta WordPress plugin before 2.4.3 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...) NOT-FOR-US: Crater CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...) NOT-FOR-US: Z-Wave specification CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...) NOT-FOR-US: Z-Wave devices CVE-2022-23973 (ASUS RT-AX56U\u2019s user profile configuration function is vulnerable ...) NOT-FOR-US: Asus RT-AX56U CVE-2022-23972 (ASUS RT-AX56U\u2019s SQL handling function has an SQL injection vulner ...) NOT-FOR-US: Asus RT-AX56U CVE-2022-23971 (ASUS RT-AX56U\u2019s update_PLC/PORT file has a path traversal vulnera ...) NOT-FOR-US: Asus RT-AX56U CVE-2022-23970 (ASUS RT-AX56U\u2019s update_json function has a path traversal vulnera ...) NOT-FOR-US: Asus RT-AX56U CVE-2022-23969 RESERVED CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) NOT-FOR-US: Xerox CVE-2022-23967 REJECTED CVE-2022-23966 RESERVED CVE-2022-23965 RESERVED CVE-2022-23964 RESERVED CVE-2022-23963 RESERVED CVE-2022-23962 RESERVED CVE-2022-23961 RESERVED CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...) {DSA-5173-1 DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb NOTE: https://xenbits.xen.org/xsa/advisory-398.html CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...) {DSA-5088-1 DLA-2920-1} - varnish 7.1.0-5 (bug #1004433) NOTE: https://varnish-cache.org/security/VSV00008.html NOTE: https://docs.varnish-software.com/security/VSV00008/ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master) NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2) NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2) CVE-2022-23958 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23957 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23956 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23955 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for some HP ...) NOT-FOR-US: HP CVE-2022-23952 (In Keylime before 6.3.0, current keylime installer installs the keylim ...) NOT-FOR-US: Keylime CVE-2022-23951 (In Keylime before 6.3.0, quote responses from the agent can contain po ...) NOT-FOR-US: Keylime CVE-2022-23950 (In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path fo ...) NOT-FOR-US: Keylime CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue ag ...) NOT-FOR-US: Keylime CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...) NOT-FOR-US: Keylime CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476 CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0369 (Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Tra ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) NOT-FOR-US: Moxa CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) NOT-FOR-US: Moxa CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...) NOT-FOR-US: Bromite CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) {DSA-5214-1 DLA-3078-1 DLA-2998-1} - kicad 6.0.2+dfsg-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460 NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700 NOTE: https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3 (master) NOTE: https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3 (6.0.2) CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) {DSA-5214-1 DLA-3078-1 DLA-2998-1} - kicad 6.0.2+dfsg-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460 NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700 NOTE: https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3 (master) NOTE: https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3 (6.0.2) CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...) {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 2.4.53-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943 NOTE: Fixed by: https://svn.apache.org/r1898695 NOTE: Fixed by: https://svn.apache.org/r1898772 CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initializ ...) NOT-FOR-US: Apache Doris (different from src:doris) CVE-2022-21184 (An information disclosure vulnerability exists in the License registra ...) NOT-FOR-US: Bachmann Visutec GmbH Atvise CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/ NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217) NOTE: Crash in CLI tool, no security impact CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...) {DLA-3098-1} - libmodbus 3.1.6-2.1 (bug #1021270) [bullseye] - libmodbus (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571 NOTE: https://github.com/stephane/libmodbus/issues/614 NOTE: Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7) CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...) NOT-FOR-US: Sophos CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) NOT-FOR-US: Ricon Mobile CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0363 (The myCred WordPress plugin before 2.4.3.1 does not have any authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.) NOT-FOR-US: ShowDoc CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215) CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214) CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon (virt ...) {DSA-5133-1} - qemu 1:7.0+dfsg-1 [buster] - qemu (Vulnerable code not present) [stretch] - qemu (virtiofsd added in 5.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca CVE-2022-0357 (Unquoted Search Path or Element vulnerability in the Vulnerability Sca ...) NOT-FOR-US: Bitdefender CVE-2022-0356 RESERVED CVE-2021-4215 REJECTED CVE-2021-4214 (A heap overflow flaw was found in libpngs' pngimage.c program. This fl ...) - libpng1.6 (unimportant) NOTE: https://github.com/glennrp/libpng/issues/302 NOTE: Crash in CLI package, not shipped in binary packages CVE-2021-4213 (A flaw was found in JSS, where it did not properly free up all memory. ...) - jss 5.2.0-1 (bug #1014770) [bullseye] - jss (Minor issue) [buster] - jss (Minor issue) [stretch] - jss (revisit when/if fix is complete) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900 NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 (v5.2.0-beta1) NOTE: https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 (v5.2.0-beta1) CVE-2022-23941 RESERVED CVE-2022-23940 (SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execu ...) NOT-FOR-US: SuiteCRM CVE-2022-23939 RESERVED CVE-2022-23938 RESERVED CVE-2022-23937 (In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to ...) NOT-FOR-US: Wind River CVE-2022-23936 RESERVED CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...) - libimage-exiftool-perl 12.38+dfsg-1 [bullseye] - libimage-exiftool-perl (Minor issue) [buster] - libimage-exiftool-perl (Minor issue) [stretch] - libimage-exiftool-perl (Minor issue) NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38) CVE-2022-23934 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23933 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23932 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23931 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23930 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23929 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23928 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23927 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23926 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...) NOT-FOR-US: HP CVE-2022-23919 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-23918 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-23399 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-22144 (A hard-coded password vulnerability exists in the libcommonprod.so pro ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-22140 (An os command injection vulnerability exists in the confsrv ucloud_add ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-21201 (A stack-based buffer overflow vulnerability exists in the confers uclo ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-21178 (An os command injection vulnerability exists in the confsrv ucloud_add ...) NOT-FOR-US: TCL LinkHub Mesh Wi-Fi CVE-2022-0355 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) NOT-FOR-US: simple-get nodejs module CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...) NOT-FOR-US: Lenovo CVE-2022-0353 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) NOT-FOR-US: Lenovo CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...) NOT-FOR-US: Lenovo CVE-2021-4210 (A potential vulnerability in the SMI callback function used in the NVM ...) NOT-FOR-US: Lenovo CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...) NOT-FOR-US: Apache ActiveMQ Artemis CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) NOT-FOR-US: WordPress plugin CVE-2022-23910 RESERVED CVE-2022-23909 (There is an unquoted service path in Sherpa Connector Service (SherpaC ...) NOT-FOR-US: Sherpa Connector Service CVE-2022-23908 RESERVED CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected cross-si ...) NOT-FOR-US: CMS Made Simple CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote Command Exe ...) NOT-FOR-US: CMS Made Simple CVE-2022-23905 RESERVED CVE-2022-23904 (Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request For ...) NOT-FOR-US: Rainworx Auctionworx CVE-2022-23903 (A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-ad ...) NOT-FOR-US: pear-admin-think CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Tongda2000 CVE-2022-23901 (A stack overflow re2c 2.2 exists due to infinite recursion issues in s ...) - re2c 3.0-1 (unimportant) NOTE: https://github.com/skvadrik/re2c/issues/394 NOTE: https://github.com/skvadrik/re2c/commit/a3473fd7be829cb33907cb08612f955133c70a96 (3.0) NOTE: https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca (3.0) NOTE: Crash im CLI tool, no security impact CVE-2022-23900 (A command injection vulnerability in the API of the Wavlink WL-WN531P3 ...) NOT-FOR-US: Wavlink CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-23897 RESERVED CVE-2022-23896 (Admidio 4.1.2 version is affected by stored cross-site scripting (XSS) ...) NOT-FOR-US: Admidio CVE-2022-23895 RESERVED CVE-2022-23894 RESERVED CVE-2022-23893 RESERVED CVE-2022-23892 RESERVED CVE-2022-23891 RESERVED CVE-2022-23890 RESERVED CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...) NOT-FOR-US: YzmCMS CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...) NOT-FOR-US: YzmCMS CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...) NOT-FOR-US: YzmCMS CVE-2022-23886 RESERVED CVE-2022-23885 RESERVED CVE-2022-23884 (Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overf ...) NOT-FOR-US: Mojang Bedrock Dedicated Server CVE-2022-23883 RESERVED CVE-2022-23882 (TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\B ...) NOT-FOR-US: TuziCMS CVE-2022-23881 (ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execut ...) NOT-FOR-US: zzzcms CVE-2022-23880 (An arbitrary file upload vulnerability in the File Management function ...) NOT-FOR-US: taoCMS CVE-2022-23879 RESERVED CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution vulnerability ...) NOT-FOR-US: seacms CVE-2022-23877 RESERVED CVE-2022-23876 RESERVED CVE-2022-23875 RESERVED CVE-2022-23874 RESERVED CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Victor CMS CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...) NOT-FOR-US: Emlog pro CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...) NOT-FOR-US: Gibbon CMS CVE-2022-23870 RESERVED CVE-2022-23869 (In RuoYi v4.7.2 through the WebUI, user test1 does not have permission ...) NOT-FOR-US: RuoYi CVE-2022-23868 (RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admi ...) NOT-FOR-US: RuoYi CVE-2022-23867 RESERVED CVE-2022-23866 RESERVED CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/L ...) NOT-FOR-US: Nyron CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...) - calibre-web (bug #982690) CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206) CVE-2022-0350 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) NOT-FOR-US: vditor CVE-2022-0349 (The NotificationX WordPress plugin before 2.3.9 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 2.0.4 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...) NOT-FOR-US: WordPress plugin CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015 CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...) NOT-FOR-US: Android CVE-2022-0342 (An authentication bypass vulnerability in the CGI program of Zyxel USG ...) NOT-FOR-US: Zyxel CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...) NOT-FOR-US: Issabel CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...) NOT-FOR-US: Vicidial CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46555 RESERVED CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46552 RESERVED CVE-2021-46551 RESERVED CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46536 RESERVED CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46533 RESERVED CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) NOT-FOR-US: Cesanta MJS CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...) NOT-FOR-US: Cesanta MJS CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) NOT-FOR-US: Cesanta MJS CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) NOT-FOR-US: Cesanta MJS CVE-2021-46517 (There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src ...) NOT-FOR-US: Cesanta MJS CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46515 (There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' fai ...) NOT-FOR-US: Cesanta MJS CVE-2021-46514 (There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at ...) NOT-FOR-US: Cesanta MJS CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) NOT-FOR-US: Cesanta MJS CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) NOT-FOR-US: Cesanta MJS CVE-2021-46511 (There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c i ...) NOT-FOR-US: Cesanta MJS CVE-2021-46510 (There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings ...) NOT-FOR-US: Cesanta MJS CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...) NOT-FOR-US: Cesanta MJS CVE-2021-46508 (There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Ces ...) NOT-FOR-US: Cesanta MJS CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...) NOT-FOR-US: Jsish CVE-2021-46506 (There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsi ...) NOT-FOR-US: Jsish CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...) NOT-FOR-US: Jsish CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...) NOT-FOR-US: Jsish CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) NOT-FOR-US: Jsish CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) NOT-FOR-US: Jsish CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...) NOT-FOR-US: Jsish CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...) NOT-FOR-US: Jsish CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) NOT-FOR-US: Jsish CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...) NOT-FOR-US: Jsish CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...) NOT-FOR-US: Jsish CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...) NOT-FOR-US: Jsish CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...) NOT-FOR-US: Jsish CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) NOT-FOR-US: Jsish CVE-2021-46493 RESERVED CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...) NOT-FOR-US: Jsish CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...) NOT-FOR-US: Jsish CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...) NOT-FOR-US: Jsish CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...) NOT-FOR-US: Jsish CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) NOT-FOR-US: Jsish CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...) NOT-FOR-US: Jsish CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) NOT-FOR-US: Jsish CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...) NOT-FOR-US: Jsish CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...) NOT-FOR-US: Jsish CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...) NOT-FOR-US: Jsish CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...) NOT-FOR-US: Jsish CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...) NOT-FOR-US: Jsish CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...) NOT-FOR-US: Jsish CVE-2021-46479 RESERVED CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...) NOT-FOR-US: Jsish CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...) NOT-FOR-US: Jsish CVE-2021-46476 RESERVED CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...) NOT-FOR-US: Jsish CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...) NOT-FOR-US: Jsish CVE-2021-46473 RESERVED CVE-2021-46472 RESERVED CVE-2021-46471 RESERVED CVE-2021-46470 RESERVED CVE-2021-46469 RESERVED CVE-2021-46468 RESERVED CVE-2021-46467 RESERVED CVE-2021-46466 RESERVED CVE-2021-46465 RESERVED CVE-2021-46464 RESERVED CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...) NOT-FOR-US: njs CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...) NOT-FOR-US: njs CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...) NOT-FOR-US: njs CVE-2021-46460 RESERVED CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...) NOT-FOR-US: Victor CMS CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Victor CMS CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...) NOT-FOR-US: Sourcecodester CVE-2021-46450 RESERVED CVE-2021-46449 RESERVED CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) NOT-FOR-US: H.H.G Multistore CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...) NOT-FOR-US: H.H.G Multistore CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) NOT-FOR-US: H.H.G Multistore CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) NOT-FOR-US: H.H.G Multistore CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) NOT-FOR-US: H.H.G Multistore CVE-2021-46443 REJECTED CVE-2021-46442 (In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass auth ...) NOT-FOR-US: D-Link CVE-2021-46441 (In the "webupg" binary of D-Link DIR-825 G1, because of the lack of pa ...) NOT-FOR-US: D-Link CVE-2021-46440 (Storing passwords in a recoverable format in the DOCUMENTATION plugin ...) NOT-FOR-US: Strapi CVE-2021-46439 REJECTED CVE-2021-46438 RESERVED CVE-2021-46437 (An issue was discovered in ZZCMS 2021. There is a cross-site scripting ...) NOT-FOR-US: zzcms CVE-2021-46436 (An issue was discovered in ZZCMS 2021. There is a SQL injection vulner ...) NOT-FOR-US: zzcms CVE-2021-46435 RESERVED CVE-2021-46434 (EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/ap ...) NOT-FOR-US: EMQ X Dashboard CVE-2021-46433 (In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template ...) NOT-FOR-US: fenom CVE-2021-46432 RESERVED CVE-2021-46431 RESERVED CVE-2021-46430 RESERVED CVE-2021-46429 RESERVED CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...) NOT-FOR-US: Sourcecodester CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...) NOT-FOR-US: Sourcecodester CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find ...) - phpipam (bug #731713) CVE-2021-46425 RESERVED CVE-2021-46424 (Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion ...) NOT-FOR-US: Telesquare CVE-2021-46423 (Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file do ...) NOT-FOR-US: Telesquare CVE-2021-46422 (Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vuln ...) NOT-FOR-US: Telesquare CVE-2021-46421 (Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an un ...) NOT-FOR-US: Franklin Fueling Systems CVE-2021-46420 (Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an ...) NOT-FOR-US: Franklin Fueling Systems CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 ...) NOT-FOR-US: Telesquare CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 ...) NOT-FOR-US: Telesquare CVE-2021-46417 (Insecure handling of a download function leads to disclosure of intern ...) NOT-FOR-US: Franklin Fueling Systems CVE-2021-46416 (Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware versio ...) NOT-FOR-US: SMA SUNNY TRIPOWER inverter CVE-2021-46415 RESERVED CVE-2021-46414 RESERVED CVE-2021-46413 RESERVED CVE-2021-46412 RESERVED CVE-2021-46411 RESERVED CVE-2021-46410 RESERVED CVE-2021-46409 RESERVED CVE-2021-46408 (Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overf ...) NOT-FOR-US: Tenda CVE-2021-46407 RESERVED CVE-2021-46406 RESERVED CVE-2021-46405 RESERVED CVE-2021-46404 RESERVED CVE-2022-23864 RESERVED CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-23862 RESERVED CVE-2022-23861 RESERVED CVE-2022-23860 RESERVED CVE-2022-23859 RESERVED CVE-2022-23858 (A flaw was found in the REST API. An improperly handled REST API call ...) NOT-FOR-US: StarWind Command Center CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...) NOT-FOR-US: Navidrome CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) CVE-2022-23854 (AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerabl ...) NOT-FOR-US: AVEVA InTouch Access Anywhere CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...) - kate 4:21.12.2-1 [bullseye] - kate (Minor issue) [buster] - kate (Minor issue) [stretch] - kate (Minor issue) - ktexteditor 5.93.0-1 (bug #1010180) [bullseye] - ktexteditor (Minor issue) [buster] - ktexteditor (Minor issue) [stretch] - ktexteditor (Minor issue) NOTE: https://kde.org/info/security/advisory-20220131-1.txt NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf NOTE: Kate: prerequisites: NOTE: https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2 NOTE: https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5 NOTE: https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9 NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...) {DSA-5073-1 DLA-2935-1 DLA-2904-1} - expat 2.4.3-2 NOTE: https://github.com/libexpat/libexpat/pull/550 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4) NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44 CVE-2022-23851 RESERVED CVE-2022-0341 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) NOT-FOR-US: vditor CVE-2022-0340 RESERVED CVE-2021-4209 (A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash ...) {DLA-3070-1} - gnutls28 3.7.3-2 [bullseye] - gnutls28 3.7.1-5+deb11u1 [stretch] - gnutls28 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044156 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1306 NOTE: https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 (3.7.3) CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...) {DSA-5075-1} - minetest 5.4.1+repack-1 (bug #1004223) [stretch] - minetest (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0) NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included, NOTE: which is not a vulnerability by itself, and won't get a CVE assigned: NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0) CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...) {DSA-5075-1} - minetest 5.4.1+repack-1 [stretch] - minetest (games are not supported in LTS) NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5 NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0) CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...) - epub2txt2 (bug #1004115) CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 ...) NOT-FOR-US: Devolutions Password Hub for iOS CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.) - calibre-web (bug #982690) CVE-2022-0338 (Insertion of Sensitive Information into Log File in Conda loguru prior ...) - loguru (unimportant) NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa NOTE: loguru documents security considerations and best practices to follow CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...) NOT-FOR-US: Alluxio CVE-2022-23847 RESERVED CVE-2022-23846 RESERVED CVE-2022-23845 RESERVED CVE-2022-23844 RESERVED CVE-2022-23843 RESERVED CVE-2022-23842 RESERVED CVE-2022-23841 RESERVED CVE-2022-23840 RESERVED CVE-2022-23839 RESERVED CVE-2022-23838 RESERVED CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...) {DLA-3360-1 DLA-2943-1} - ruby-sidekiq 6.4.1+dfsg-1 (bug #1004193) [bullseye] - ruby-sidekiq (Minor issue) NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0) CVE-2022-23836 RESERVED CVE-2022-23835 (The Visual Voice Mail (VVM) application through 2022-02-24 for Android ...) NOT-FOR-US: Visual Voice Mail (VVM) application CVE-2022-0337 (Inappropriate implementation in File System API in Google Chrome on Wi ...) - chromium (Chrome on Windows) CVE-2022-0336 (The Samba AD DC includes checks when adding service principals names ( ...) [experimental] - samba 2:4.16.0+dfsg-1 - samba 2:4.16.0+dfsg-2 (bug #1004694) [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3 [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) NOTE: https://www.samba.org/samba/security/CVE-2022-0336.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950 CVE-2022-23834 RESERVED CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...) {DSA-5254-1 DLA-3191-1 DLA-2906-1} - python-django 2:3.2.12-1 (bug #1004752) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main) NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2) NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12) NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27) CVE-2022-23832 REJECTED CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcProf ma ...) NOT-FOR-US: AMD CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...) NOT-FOR-US: AMD CVE-2022-23829 RESERVED CVE-2022-23828 RESERVED CVE-2022-23827 REJECTED CVE-2022-23826 RESERVED CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...) {DSA-5184-1} - xen 4.16.2-1 [bullseye] - xen (Fix along in next DSA) [buster] - xen (DSA 4677-1) NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 NOTE: https://xenbits.xen.org/xsa/advisory-407.html NOTE: Followup (which did not got a new CVE allocated by AMD): NOTE: https://xenbits.xen.org/xsa/advisory-422.html NOTE: https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...) {DSA-5378-1} - xen 4.16.2+90-g0d39a6d1ae-1 [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-422.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency scali ...) NOT-FOR-US: hardware vulnerability in AMD CPUs NOTE: https://www.hertzbleed.com/ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038 CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...) NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL) CVE-2022-23821 (Improper access control in System Management Mode (SMM) may allow an a ...) NOT-FOR-US: AMD CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow an atta ...) NOT-FOR-US: AMD CVE-2022-23819 RESERVED CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...) NOT-FOR-US: AMD CVE-2022-23817 RESERVED CVE-2022-23816 REJECTED CVE-2022-23815 RESERVED CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...) NOT-FOR-US: AMD CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory ...) NOT-FOR-US: AMD CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...) NOT-FOR-US: TransmitMail CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) NOT-FOR-US: TransmitMail CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...) - moodle CVE-2022-0331 (An information disclosure vulnerability in Webadmin allows an unauthen ...) NOT-FOR-US: Sophos CVE-2022-0330 (A random memory access flaw was found in the Linux kernel's GPU i915 k ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12 NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c CVE-2022-0329 REJECTED CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-0327 (The Master Addons for Elementor WordPress plugin before 1.8.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-46403 RESERVED CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2022-23809 RESERVED CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...) - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59 NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available) CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...) - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32 NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) NOTE: 2FA support is not packaged in Debian CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) {DLA-3395-1 DLA-2986-1 DLA-2985-1} - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 1.15.15-1~deb11u3 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/50974 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) {DSA-5214-1 DLA-3078-1 DLA-2998-1} - kicad 6.0.2+dfsg-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453 NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719 NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2) NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master) CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) {DSA-5214-1 DLA-3078-1 DLA-2998-1} - kicad 6.0.2+dfsg-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453 NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719 NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2) NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master) CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The ...) NOT-FOR-US: Joomla Guru extension CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...) NOT-FOR-US: Joomla! CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...) NOT-FOR-US: Joomla! CVE-2022-23799 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific ...) NOT-FOR-US: Joomla! CVE-2022-23798 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 throug ...) NOT-FOR-US: Joomla! CVE-2022-23797 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) NOT-FOR-US: Joomla! CVE-2022-23796 (An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input ...) NOT-FOR-US: Joomla! CVE-2022-23795 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 throug ...) NOT-FOR-US: Joomla! CVE-2022-23794 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) NOT-FOR-US: Joomla! CVE-2022-23793 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) NOT-FOR-US: Joomla! CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) - mruby (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc) NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e CVE-2022-0325 RESERVED CVE-2022-0324 (There is a vulnerability in DHCPv6 packet parsing code that could be e ...) NOT-FOR-US: SONiC CVE-2021-46402 RESERVED CVE-2022-23792 RESERVED CVE-2022-23791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager CVE-2022-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager CVE-2022-23789 RESERVED CVE-2022-23788 RESERVED CVE-2022-23787 RESERVED CVE-2022-23786 RESERVED CVE-2022-23785 RESERVED CVE-2022-23784 RESERVED CVE-2022-23783 RESERVED CVE-2022-23782 RESERVED CVE-2022-23781 RESERVED CVE-2022-23780 RESERVED CVE-2022-21147 (An out of bounds read vulnerability exists in the malware scan functio ...) NOT-FOR-US: ESTsoft Alyac CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: Mustache (implementation in PHP) CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6) CVE-2022-0321 (The WP Voting Contest WordPress plugin before 3.0 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2.) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154) NOTE: Crash in CLI tool, no security impact CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2.) {DLA-3204-1} - vim 2:8.2.4659-1 (bug #1004859; unimportant) [stretch] - vim (Fix introduces a test regression) NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) NOTE: Crash in CLI tool, no security impact CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) NOT-FOR-US: go-attestation CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress theme, a ...) NOT-FOR-US: WordPress theme CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to ...) NOT-FOR-US: horovod CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-23778 RESERVED CVE-2022-23777 RESERVED CVE-2022-23776 RESERVED CVE-2022-23775 (TrueStack Direct Connect 1.4.7 has Incorrect Access Control.) NOT-FOR-US: TrueStack CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) NOT-FOR-US: Docker Desktop CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) - golang-1.18 1.18~rc1-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 1.15.15-1~deb11u3 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, requires branching access in hostile repository, intrusive patch, different code) - golang-1.8 [stretch] - golang-1.8 (vgo/modfetch module not present) - golang-1.7 [stretch] - golang-1.7 (vgo/modfetch module not present) NOTE: https://github.com/golang/go/issues/35671 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) {DLA-2986-1 DLA-2985-1} - golang-1.18 1.18~beta2-1 - golang-1.17 1.17.7-1 - golang-1.15 [bullseye] - golang-1.15 1.15.15-1~deb11u3 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, DoS, code is different, importing Rat.SetString from 1.16 causes arm64-specific test suite failures) - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/50699 NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) CVE-2022-23771 (This vulnerability occurs in user accounts creation and deleteion rela ...) NOT-FOR-US: IPTIME NAS products CVE-2022-23770 (This vulnerability could allow a remote attacker to execute remote com ...) NOT-FOR-US: Smart Wing CMS CVE-2022-23769 (Remote code execution vulnerability due to insufficient user privilege ...) NOT-FOR-US: reverseWall-MDS CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...) NOT-FOR-US: NIS-HAP11AC CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...) NOT-FOR-US: SecureGate CVE-2022-23766 (An improper input validation vulnerability leading to arbitrary file e ...) NOT-FOR-US: BigFileAgent CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...) NOT-FOR-US: ipTIME NAS product CVE-2022-23764 (The vulnerability causing from insufficient verification procedures fo ...) NOT-FOR-US: WebCube for Windows CVE-2022-23763 (Origin validation error vulnerability in NeoRS\u2019s ActiveX moudle a ...) NOT-FOR-US: NeoRS for Windows CVE-2022-23762 RESERVED CVE-2022-23761 RESERVED CVE-2022-23760 RESERVED CVE-2022-23759 RESERVED CVE-2022-23758 RESERVED CVE-2022-23757 RESERVED CVE-2022-23756 RESERVED CVE-2022-23755 RESERVED CVE-2022-23754 RESERVED CVE-2022-23753 RESERVED CVE-2022-23752 RESERVED CVE-2022-23751 RESERVED CVE-2022-23750 RESERVED CVE-2022-23749 RESERVED CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable ...) NOT-FOR-US: Zoom CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...) NOT-FOR-US: Sony CVE-2022-23746 (The IPsec VPN blade has a dedicated portal for downloading and connect ...) NOT-FOR-US: IPsec VPN blade CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...) NOT-FOR-US: Checkpoint Harmony Capsule Workspace CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...) NOT-FOR-US: Check Point CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...) NOT-FOR-US: Check Point Enterprise Endpoint CVE-2022-23741 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-23739 (An incorrect authorization vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-23737 (An improper privilege management vulnerability was identified in GitHu ...) NOT-FOR-US: GitHub Enterprise Server CVE-2022-23736 RESERVED CVE-2022-23735 RESERVED CVE-2022-23734 (A deserialization of untrusted data vulnerability was identified in Gi ...) NOT-FOR-US: Github Enterprise Server CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server ...) NOT-FOR-US: Github Enterprise Server CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) NOT-FOR-US: Github Enterprise Server CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...) NOT-FOR-US: LG CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...) NOT-FOR-US: LG CVE-2022-23729 (When the device is in factory state, it can be access the shell withou ...) NOT-FOR-US: LGE CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) NOT-FOR-US: LG CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...) NOT-FOR-US: LG CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring Boot actua ...) NOT-FOR-US: pingidentity CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...) NOT-FOR-US: pingidentity CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...) NOT-FOR-US: pingidentity CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...) NOT-FOR-US: pingidentity CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...) NOT-FOR-US: pingidentity CVE-2022-23721 (PingID integration for Windows login prior to 2.9 does not handle dupl ...) NOT-FOR-US: PingID CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt operation if ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate communication ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable components tha ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...) NOT-FOR-US: Elastic Cloud Enterprise CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...) NOT-FOR-US: Elastic Cloud Enterprise CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...) NOT-FOR-US: Elastic Endpoint Security for Windows CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in the Vega ...) NOT-FOR-US: Kibana addon CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch. Using this v ...) - elasticsearch CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...) - kibana (bug #700337) CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in the Data ...) - kibana (bug #700337) CVE-2022-23709 (A flaw was discovered in Kibana in which users with Read access to the ...) - kibana (bug #700337) CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0\u2019s upgrade assistant ...) - elasticsearch CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...) - kibana (bug #700337) CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) NOT-FOR-US: HPE OneView CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) NOT-FOR-US: HPE CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...) NOT-FOR-US: HPE CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) NOT-FOR-US: HPE CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...) NOT-FOR-US: HPE CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...) NOT-FOR-US: HPE CVE-2022-23700 (A local unauthorized read access to files vulnerability was discovered ...) NOT-FOR-US: HPE CVE-2022-23699 (A local authentication restriction bypass vulnerability was discovered ...) NOT-FOR-US: HPE CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability was d ...) NOT-FOR-US: HPE CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) NOT-FOR-US: HPE CVE-2022-23696 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-23695 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-23694 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-23693 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-23692 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) NOT-FOR-US: Aruba CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which could all ...) NOT-FOR-US: Aruba CVE-2022-23690 (A vulnerability in the web-based management interface of AOS-CX could ...) NOT-FOR-US: Aruba CVE-2022-23689 (Multiple vulnerabilities exist in the processing of packet data by the ...) NOT-FOR-US: Aruba CVE-2022-23688 (Multiple vulnerabilities exist in the processing of packet data by the ...) NOT-FOR-US: Aruba CVE-2022-23687 (Multiple vulnerabilities exist in the processing of packet data by the ...) NOT-FOR-US: Aruba CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet data by the ...) NOT-FOR-US: Aruba CVE-2022-23685 (A vulnerability in the ClearPass Policy Manager web-based management i ...) NOT-FOR-US: Aruba CVE-2022-23684 (A vulnerability in the web-based management interface of AOS-CX could ...) NOT-FOR-US: Aruba CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the AOS-CX Ne ...) NOT-FOR-US: Aruba CVE-2022-23682 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...) NOT-FOR-US: Aruba CVE-2022-23681 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...) NOT-FOR-US: Aruba CVE-2022-23680 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...) NOT-FOR-US: Aruba CVE-2022-23679 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...) NOT-FOR-US: Aruba CVE-2022-23678 (A vulnerability in the Aruba Virtual Intranet Access (VIA) client for ...) NOT-FOR-US: Aruba CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2022-23675 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23674 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23673 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23672 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23671 (A remote authenticated information disclosure vulnerability was discov ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23670 (A remote authenticated information disclosure vulnerability was discov ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23669 (A remote authorization bypass vulnerability was discovered in Aruba Cl ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23668 (A remote authenticated server-side request forgery (ssrf) vulnerabilit ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23667 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23666 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23665 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23664 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23663 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23662 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23661 (A authenticated remote command injection vulnerability was discovered ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23660 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23659 (A remote reflected cross site scripting (xss) vulnerability was discov ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23658 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23657 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23656 (Zulip is an open source team chat app. The `main` development branch o ...) - zulip-server (bug #800052) CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...) NOT-FOR-US: October CMS CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions an authen ...) NOT-FOR-US: Wiki.js CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the backbla ...) NOT-FOR-US: B2 (CLI tool for Backblaze) CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which provides m ...) NOT-FOR-US: capsule-proxy CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage provided by ...) NOT-FOR-US: b2-sdk-python CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...) NOT-FOR-US: Netmaker CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...) NOT-FOR-US: Cosign CVE-2022-23648 (containerd is a container runtime available as a daemon for Linux and ...) {DSA-5091-1} - containerd 1.6.1~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) - node-prismjs 1.27.0+dfsg+~1.26.0-1 [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u2 NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99 NOTE: https://github.com/PrismJS/prism/issues/3340 NOTE: https://github.com/PrismJS/prism/pull/3341 NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0) CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) NOT-FOR-US: next.js CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...) - swtpm 0.7.1-1 NOTE: https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw NOTE: https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) NOT-FOR-US: Sourcegraph CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) NOT-FOR-US: Sourcegraph CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-23640 (Excel-Streaming-Reader is an easy-to-use implementation of a streaming ...) NOT-FOR-US: Excel-Streaming-Reader CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) - rust-crossbeam-utils 0.8.8-1 [bullseye] - rust-crossbeam-utils (Minor issue) [buster] - rust-crossbeam-utils (Minor issue) - rust-crossbeam-utils-0.7 NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926 NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781 CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) NOT-FOR-US: darylldoyle svg-sanitizer CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) NOT-FOR-US: K-Box CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior to ve ...) NOT-FOR-US: wasmtime CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...) {DSA-5146-1 DLA-3083-1 DLA-3023-1} - puma 5.6.4-1 (bug #1005391) NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb (v5.6.3) NOTE: Related issue to CVE-2022-23633 for src:rails CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...) {DSA-5372-1 DLA-3093-1} - rails 2:6.1.4.6+dfsg-1 (bug #1005389) NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5 NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5) NOTE: Followup: https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb (v6.1.4.6) NOTE: Fixed by: https://github.com/rails/rails/commit/e9015f91dd685472f915f8aa1eb18b0e0763e013 (v6.0.4.5) NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6) NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1) NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2) CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) - traefik (bug #983289) CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) NOT-FOR-US: superjson CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...) - gradle (Vulnerable node not yet uploaded; introduced in 6.2) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr NOTE: https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 (v7.4.0-RC2) CVE-2022-23629 RESERVED CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...) NOT-FOR-US: OPA CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) NOT-FOR-US: ArchiSteamFarm CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) NOT-FOR-US: m1k1o/blog CVE-2022-23625 (Wire-ios is a messaging application using the wire protocol on apple's ...) NOT-FOR-US: Wire-ios CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...) NOT-FOR-US: Frourio-express CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...) NOT-FOR-US: Frourio CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) {DSA-5107-1} - php-twig 3.3.8-1 - twig [buster] - twig (The vulnerable code was introduced later) [stretch] - twig (The vulnerable code was introduced later) NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v NOTE: https://github.com/twigphp/Twig/pull/3641 NOTE: https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 (v3.3.8) CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...) - xrdp 0.9.17-2.1 (bug #1005304) [bullseye] - xrdp (Vulnerable code not present) [buster] - xrdp (Vulnerable code not present) [stretch] - xrdp (Vulnerable code not present) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32 NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17) NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giving pr ...) NOT-FOR-US: OpenMRS CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23610 (wire-server provides back end services for Wire, an open source messen ...) NOT-FOR-US: wire-server CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-005.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 NOTE: https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) {DLA-2954-1} - python-treq 22.2.0-0.1 (bug #1005041) [bullseye] - python-treq (Minor issue) [buster] - python-treq (Minor issue) NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0) CVE-2022-23606 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...) NOT-FOR-US: Wire webapp CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...) NOT-FOR-US: x26-Cogs CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) NOT-FOR-US: Nimforum CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code not present; no Debian released version contained the vulnerable code) NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...) NOT-FOR-US: Fleet CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...) NOT-FOR-US: Plone CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) NOT-FOR-US: laminas-form CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...) NOT-FOR-US: Element Desktop CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...) NOT-FOR-US: Junrar CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...) - tensorflow (bug #804612) CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...) - tensorflow (bug #804612) CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...) - tensorflow (bug #804612) CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...) - tensorflow (bug #804612) CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...) - tensorflow (bug #804612) CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...) - tensorflow (bug #804612) CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) - tensorflow (bug #804612) CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) - tensorflow (bug #804612) CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...) - tensorflow (bug #804612) CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) - tensorflow (bug #804612) CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...) - tensorflow (bug #804612) CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...) - tensorflow (bug #804612) CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) - tensorflow (bug #804612) CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...) - tensorflow (bug #804612) CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...) - tensorflow (bug #804612) CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) - tensorflow (bug #804612) CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...) - tensorflow (bug #804612) CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) - tensorflow (bug #804612) CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerability may ...) - codeigniter (bug #471583) CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...) NOT-FOR-US: authentik CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...) NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine) CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...) NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine) CVE-2022-23552 (Grafana is an open-source platform for monitoring and observability. S ...) - grafana CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...) NOT-FOR-US: aad-pod-identity CVE-2022-23550 RESERVED CVE-2022-23549 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...) NOT-FOR-US: Discourse CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) - ring 20230206.0~ds1-1 - pjproject NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5358-1 DLA-3549-1 DLA-3335-1} - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) - ring 20230206.0~ds1-1 - pjproject NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr NOTE: https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36 CVE-2022-23546 (In version 2.9.0.beta14 of Discourse, an open-source discussion platfo ...) NOT-FOR-US: Discourse CVE-2022-23545 RESERVED CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...) NOT-FOR-US: MeterSphere CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...) NOT-FOR-US: Silverware Games CVE-2022-23542 (OpenFGA is an authorization/permission engine built for developers and ...) NOT-FOR-US: OpenFGA CVE-2022-23541 (jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5 ...) NOT-FOR-US: jsonwebtoken node module CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm def ...) NOT-FOR-US: jsonwebtoken node module CVE-2022-23539 (Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so ...) NOT-FOR-US: jsonwebtoken node module CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Singular ...) - singularity-container 3.11.0+ds1-1 NOTE: https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 NOTE: https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa TODO: check details, might as well affect golang-github-apptainer-container-library-client CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...) NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus) CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database. ...) NOT-FOR-US: LiteDB CVE-2022-23534 RESERVED CVE-2022-23533 RESERVED CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j tha ...) NOT-FOR-US: APOC CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...) NOT-FOR-US: GuardDog CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...) NOT-FOR-US: GuardDog CVE-2022-23529 REJECTED CVE-2022-23528 RESERVED CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) {DLA-3499-1} - libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444) [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2 NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 (v2.4.12.2) CVE-2022-23526 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) - helm-kubernetes (bug #910799) CVE-2022-23525 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) - helm-kubernetes (bug #910799) CVE-2022-23524 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) - helm-kubernetes (bug #910799) CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...) NOT-FOR-US: Rust crate linux-loader CVE-2022-23522 (MindsDB is an open source machine learning platform. An unsafe extract ...) NOT-FOR-US: mindsdb CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...) {DSA-5332-1 DLA-3282-1} - git 1:2.39.1-0.1 (bug #1029114) NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4 NOTE: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24 NOTE: https://github.com/git/git/commit/8d0d48cf2157cfb914db1f53b3fe40785b86f3aa NOTE: https://github.com/git/git/commit/24557209500e6ed618f04a8795a111a0c491a29c NOTE: https://github.com/git/git/commit/34ace8bad02bb14ecc5b631f7e3daaa7a9bba7d9 NOTE: https://github.com/git/git/commit/447ac906e189535e77dcb1f4bbe3f1bc917d4c12 NOTE: https://github.com/git/git/commit/e1e12e97ac73ded85f7d000da1063a774b3cc14f NOTE: https://github.com/git/git/commit/a60a66e409c265b2944f18bf43581c146812586d NOTE: https://github.com/git/git/commit/d74b1fd54fdbc45966d12ea907dece11e072fb2b NOTE: https://github.com/git/git/commit/dfa6b32b5e599d97448337ed4fc18dd50c90758f NOTE: https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579 NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) {DLA-3566-1} - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md NOTE: https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d (v1.4.4) NOTE: https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 (v1.4.4) NOTE: https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c (v1.5.0) NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0) NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1. CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) {DLA-3566-1} - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md NOTE: https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d (v1.4.4) NOTE: https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 (v1.4.4) NOTE: https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c (v1.5.0) NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0) NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1. CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) {DLA-3566-1} - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/issues/135 NOTE: https://github.com/rails/rails-html-sanitizer/commit/d1223a29cb3e4151cdcb6ba6c8431708d8ce40a6 (v1.4.4) NOTE: https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48 (v1.5.0) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) {DLA-3566-1} - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...) {DLA-3565-1} - ruby-loofah 2.19.1-1 (bug #1026083) [bullseye] - ruby-loofah (Minor issue) NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040 CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...) {DLA-3565-1} - ruby-loofah 2.19.1-1 (bug #1026083) [bullseye] - ruby-loofah (Minor issue) NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx NOTE: https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...) {DLA-3565-1} - ruby-loofah 2.19.1-1 (bug #1026083) [bullseye] - ruby-loofah (Minor issue) NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143 CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...) NOT-FOR-US: Pi-Hole CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platform. Ver ...) NOT-FOR-US: MeterSphere CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...) NOT-FOR-US: Amazon CloudWatch Agent CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...) NOT-FOR-US: cube-js CVE-2022-23509 (Weave GitOps is a simple open source developer platform for people who ...) NOT-FOR-US: Weave GitOps CVE-2022-23508 (Weave GitOps is a simple open source developer platform for people who ...) NOT-FOR-US: Weave GitOps CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...) NOT-FOR-US: Tendermint CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform ...) NOT-FOR-US: Spinnaker CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...) NOT-FOR-US: Passport-wsfed-saml2 CVE-2022-23504 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo3 CVE-2022-23503 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo3 CVE-2022-23502 (TYPO3 is an open source PHP based web content management system. In ve ...) NOT-FOR-US: Typo3 CVE-2022-23501 (TYPO3 is an open source PHP based web content management system. In ve ...) NOT-FOR-US: Typo3 CVE-2022-23500 (TYPO3 is an open source PHP based web content management system. In ve ...) NOT-FOR-US: Typo3 CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe markup ba ...) NOT-FOR-US: Typo3 extension CVE-2022-23498 (Grafana is an open-source platform for monitoring and observability. W ...) - grafana (Specific to Grafana Enterprise) CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...) NOT-FOR-US: FreshRSS CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...) NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa) CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two ipld n ...) NOT-FOR-US: go-merkledag CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripting (XS ...) - tinymce [buster] - tinymce (Minor issue) NOTE: https://github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e NOTE: https://github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92 CVE-2022-23493 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v NOTE: https://github.com/neutrinolabs/xrdp/commit/030db5524be7616967ae9e7d26b3d4477cf6082d CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...) NOT-FOR-US: go-libp2p CVE-2022-23491 (Certifi is a curated collection of Root Certificates for validating th ...) - python-certifi (unimportant) NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates CVE-2022-23490 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-23489 RESERVED CVE-2022-23488 (BigBlueButton is an open source web conferencing system. Versions prio ...) NOT-FOR-US: BigBlueButton CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p networki ...) NOT-FOR-US: js-libp2p CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the libp2p ...) NOT-FOR-US: libp2p-rust CVE-2022-23485 (Sentry is an error tracking and performance monitoring platform. In ve ...) NOT-FOR-US: Sentry CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6 NOTE: https://github.com/neutrinolabs/xrdp/commit/c2c6efb1d377be6baaa4acbc9d3700490fe92887 CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq NOTE: https://github.com/neutrinolabs/xrdp/commit/35cca701c753db65d3c05b7ea4fff9bd09e76661 CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3375-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm NOTE: https://github.com/neutrinolabs/xrdp/commit/1e42426db59120c6596d673f1bb2dc8b0312e692 CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3375-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq NOTE: https://github.com/neutrinolabs/xrdp/commit/bc6b052959697b205d15108fb88e7c7e38c15bee CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3375-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg NOTE: https://github.com/neutrinolabs/xrdp/commit/ae7c17e1f629156cce21f7f1b568d849c63bdc3f CVE-2022-23479 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh NOTE: https://github.com/neutrinolabs/xrdp/commit/60864014b733c10881c078048560858067fe5d0f CVE-2022-23478 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj NOTE: https://github.com/neutrinolabs/xrdp/commit/6cb54a1c26b53617e1c79a0abc96d03c4add1eb8 CVE-2022-23477 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1} - xrdp 0.9.21.1-1 (bug #1025879) [buster] - xrdp (Code not present) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2 NOTE: https://github.com/neutrinolabs/xrdp/commit/96afae1ec559f9befa1c222f92f0d982e410c864 CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby programmi ...) - ruby-nokogiri 1.13.10+dfsg-1 [bullseye] - ruby-nokogiri (Introduced in 1.13.8) [buster] - ruby-nokogiri (Introduced in 1.13.8) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj NOTE: https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50 (v1.13.10) CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application. daloRa ...) NOT-FOR-US: daloRADIUS CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output. Versions pri ...) NOT-FOR-US: Editor.js CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of software devel ...) NOT-FOR-US: Tuleap CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to ...) NOT-FOR-US: Passeo CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...) - containerd 1.6.12~ds1-1 [bullseye] - containerd 1.4.13~ds1-1~deb11u3 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9 NOTE: https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0 CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrary file ...) NOT-FOR-US: Galaxy CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...) - traefik (bug #983289) CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...) {DSA-5502-1 DLA-3370-1} - xrdp 0.9.21.1-1 (bug #1025879) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6 NOTE: https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382 CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to control Ra ...) - openrazer 3.5.1+dfsg-1 [bullseye] - openrazer (Minor issue) [buster] - openrazer (Minor issue) NOTE: https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h NOTE: https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6 (v3.5.1) CVE-2022-23466 (teler is an real-time intrusion detection and threat alert dashboard. ...) NOT-FOR-US: teler CVE-2022-23465 (SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24 ...) NOT-FOR-US: SwiftTerm CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...) NOT-FOR-US: Nepxion CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...) NOT-FOR-US: Nepxion CVE-2022-23462 (IOWOW is a C utility library and persistent key/value storage engine. ...) NOT-FOR-US: IOWOW CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...) NOT-FOR-US: Jodit Editor CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...) NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp) CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...) NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp) CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...) NOT-FOR-US: Toast UI Grid CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...) - libowasp-esapi-java 2.4.0.0-1 (bug #1010339) [bullseye] - libowasp-esapi-java (Minor issue) [buster] - libowasp-esapi-java (Minor issue) [stretch] - libowasp-esapi-java (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/ NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-0312 RESERVED CVE-2022-0299 RESERVED CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...) NOT-FOR-US: HP CVE-2022-23455 (Potential security vulnerabilities have been identified in HP Support ...) NOT-FOR-US: HP CVE-2022-23454 (Potential security vulnerabilities have been identified in HP Support ...) NOT-FOR-US: HP CVE-2022-23453 (Potential security vulnerabilities have been identified in HP Support ...) NOT-FOR-US: HP CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where anyone wi ...) - barbican 1:14.0.0~rc1-2 [bullseye] - barbican (Minor issue) [buster] - barbican (Minor issue) [stretch] - barbican (Minor issue) NOTE: https://storyboard.openstack.org/#!/story/2009297 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090 CVE-2022-23451 (An authorization flaw was found in openstack-barbican. The default pol ...) - barbican 1:14.0.0~rc1-2 [bullseye] - barbican (Minor issue) [buster] - barbican (Minor issue) [stretch] - barbican (Minor issue) NOTE: https://storyboard.openstack.org/#!/story/2009253 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089 CVE-2022-23450 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) NOT-FOR-US: Siemens SIMATIC CVE-2022-23449 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) NOT-FOR-US: Siemens SIMATIC CVE-2022-23448 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) NOT-FOR-US: Siemens SIMATIC CVE-2022-23447 (An improper limitation of a pathname to a restricted directory ('Path ...) NOT-FOR-US: Fortinet CVE-2022-23446 (A improper control of a resource through its lifetime in Fortinet Fort ...) NOT-FOR-US: Fortinet CVE-2022-23445 RESERVED CVE-2022-23444 RESERVED CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 allows u ...) NOT-FOR-US: FortiGuard CVE-2022-23442 (An improper access control vulnerability [CWE-284] in FortiOS versions ...) NOT-FOR-US: FortiGuard CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...) NOT-FOR-US: Fortinet CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...) NOT-FOR-US: Fortinet CVE-2022-23439 RESERVED CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Fortinet CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - libxerces2-java (bug #1016975) [bookworm] - libxerces2-java (revisit when/if fix is complete) [bullseye] - libxerces2-java (revisit when/if fix is complete) [buster] - libxerces2-java (revisit when/if fix is complete) [stretch] - libxerces2-java (revisit when/if fix is complete) NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3 CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0303 RESERVED {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...) {DSA-5054-1} - chromium 97.0.4692.99-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...) NOT-FOR-US: WordPress plugin CVE-2022-0287 (The myCred WordPress plugin before 2.4.4.1 does not have any authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0284 (A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixel ...) - imagemagick (Specific to IM7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7 CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...) - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422 CVE-2022-0282 (Cross-site Scripting in Packagist microweber/microweber prior to 1.2.1 ...) NOT-FOR-US: microweber CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) NOT-FOR-US: microweber CVE-2022-0280 (A race condition vulnerability exists in the QuickClean feature of McA ...) NOT-FOR-US: McAfee CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...) NOT-FOR-US: WordPress plugin CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0277 (Incorrect Permission Assignment for Critical Resource in Packagist mic ...) NOT-FOR-US: microweber CVE-2021-46401 RESERVED CVE-2021-46400 RESERVED CVE-2022-23436 RESERVED CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) NOT-FOR-US: android-gif-drawable CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...) NOT-FOR-US: Samsung CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...) NOT-FOR-US: Samsung CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...) NOT-FOR-US: Samsung CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-23430 RESERVED CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...) NOT-FOR-US: Samsung CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...) NOT-FOR-US: Samsung CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...) NOT-FOR-US: Samsung CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...) NOT-FOR-US: Samsung CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...) NOT-FOR-US: Samsung CVE-2022-23424 RESERVED CVE-2022-23423 RESERVED CVE-2022-23422 RESERVED CVE-2022-23421 RESERVED CVE-2022-23420 RESERVED CVE-2022-23419 RESERVED CVE-2022-23418 RESERVED CVE-2022-23417 RESERVED CVE-2022-23416 RESERVED CVE-2022-23415 RESERVED CVE-2022-23414 RESERVED CVE-2022-23413 RESERVED CVE-2022-23412 RESERVED CVE-2022-23411 RESERVED CVE-2022-23410 (AXIS IP Utility before 4.18.0 allows for remote code execution and loc ...) NOT-FOR-US: AXIS IP Utility CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...) NOT-FOR-US: Craft CMS CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...) - wolfssl 5.1.1-1 (bug #1004181) [bullseye] - wolfssl (Vulnerable code introduced later) NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022 NOTE: https://github.com/wolfSSL/wolfssl/pull/4710 NOTE: Introduced by: https://github.com/wolfSSL/wolfssl/commit/2871fc670f448e5f7cab7101479cb5b88e4d21f4 (WCv5.0-RC9) NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/73b4cc9476f6355a91138f545f3fd007ce058255 (master) NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/f3038b7aa5512572a04c14becee799ef275a6736 (v5.1.1-stable) CVE-2022-23407 RESERVED CVE-2022-23406 RESERVED CVE-2022-23405 RESERVED CVE-2022-23404 RESERVED CVE-2022-0276 RESERVED CVE-2022-0275 RESERVED CVE-2022-23398 RESERVED CVE-2022-23397 (The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to ...) NOT-FOR-US: Cedar Gate EZ-NET portal CVE-2022-23396 RESERVED CVE-2022-23395 (jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead ...) - jquery-goodies (unimportant) NOTE: https://github.com/advisories/GHSA-gcx5-3p5f-f8vp NOTE: https://security.snyk.io/vuln/SNYK-UBUNTU1804-CHROMIUMBROWSER-2415268 NOTE: https://github.com/js-cookie/js-cookie/issues/766 NOTE: Sanitizing should be dealt with at the application level, non issue for js-cookie CVE-2022-23394 RESERVED CVE-2022-23393 RESERVED CVE-2022-23392 RESERVED CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...) NOT-FOR-US: Pybbs CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...) NOT-FOR-US: BBS Forum CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...) NOT-FOR-US: PublicCMS CVE-2022-23388 RESERVED CVE-2022-23387 (An issue was discovered in taocms 3.0.2. This is a SQL blind injection ...) NOT-FOR-US: taocms CVE-2022-23386 RESERVED CVE-2022-23385 RESERVED CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...) NOT-FOR-US: YzmCMS CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...) NOT-FOR-US: YzmCMS CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170 ...) NOT-FOR-US: Shenzhen Hichip Vision Technology IP Camera Firmware CVE-2022-23381 RESERVED CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...) NOT-FOR-US: taocms CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) NOT-FOR-US: Emlog CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...) NOT-FOR-US: TastyIgniter CVE-2022-23377 (Archeevo below 5.0 is affected by local file inclusion through file=~/ ...) NOT-FOR-US: Archeevo CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...) NOT-FOR-US: WikiDocs CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...) NOT-FOR-US: WikiDocs CVE-2022-23374 RESERVED CVE-2022-23373 RESERVED CVE-2022-23372 RESERVED CVE-2022-23371 RESERVED CVE-2022-23370 RESERVED CVE-2022-23369 RESERVED CVE-2022-23368 RESERVED CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...) NOT-FOR-US: Fulusso CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) NOT-FOR-US: Online Banking System CVE-2022-23362 RESERVED CVE-2022-23361 RESERVED CVE-2022-23360 RESERVED CVE-2022-23359 RESERVED CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...) NOT-FOR-US: EasyCMS CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...) NOT-FOR-US: mozilo CVE-2022-23356 RESERVED CVE-2022-23355 RESERVED CVE-2022-23354 RESERVED CVE-2022-23353 RESERVED CVE-2022-23352 (An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23351 RESERVED CVE-2022-23350 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cros ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23349 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cros ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23348 (BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak p ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23347 (BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23346 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23345 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) NOT-FOR-US: BigAnt Software BigAnt Server CVE-2022-23344 RESERVED CVE-2022-23343 RESERVED CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...) NOT-FOR-US: Hyland Onbase Application Server CVE-2022-23341 RESERVED CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...) NOT-FOR-US: Joplin CVE-2022-23339 RESERVED CVE-2022-23338 RESERVED CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: DedeCMS CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...) NOT-FOR-US: S-CMS CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Metinfo CVE-2022-23334 (The Robot application in Ip-label Newtest before v8.5R0 was discovered ...) NOT-FOR-US: Ip-label Newtest CVE-2022-23333 RESERVED CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) in Shenzh ...) NOT-FOR-US: Ejoin Information Technology CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...) NOT-FOR-US: DataEase CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...) NOT-FOR-US: jpress CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...) NOT-FOR-US: UJCMS Jspxcms CVE-2022-23328 (A design flaw in all versions of Go-Ethereum allows an attacker node t ...) - golang-github-go-ethereum (bug #890541) CVE-2022-23327 (A design flaw in Go-Ethereum 1.10.12 and older versions allows an atta ...) - golang-github-go-ethereum (bug #890541) CVE-2022-23326 RESERVED CVE-2022-23325 RESERVED CVE-2022-23324 RESERVED CVE-2022-23323 RESERVED CVE-2022-23322 RESERVED CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...) NOT-FOR-US: XMPie CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) NOT-FOR-US: XMPie uStore CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >=1.0 ...) - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/5 NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68 NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79 (1.07) NOTE: Crash in CLI tool, no security impact CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker ...) - pcf2bdf 1.07-1 (unimportant) NOTE: https://github.com/ganaware/pcf2bdf/issues/4 NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49 NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694 (1.07) NOTE: Crash in CLI tool, no security impact CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the req ...) NOT-FOR-US: CobaltStrike CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...) NOT-FOR-US: taocms CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...) NOT-FOR-US: MCMS CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...) NOT-FOR-US: MCMS CVE-2022-23313 RESERVED CVE-2022-22137 (A memory corruption vulnerability exists in the ioca_mys_rgb_allocate ...) NOT-FOR-US: Accusoft ImageGear CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...) NOT-FOR-US: Reolink CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...) NOT-FOR-US: Reolink CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16.) - calibre-web (bug #982690) CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: detekt for Kotlin CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...) NOT-FOR-US: bored-agent CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...) NOT-FOR-US: yetiforce-crm CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...) NOT-FOR-US: Grav CMS CVE-2022-0267 (The AdRotate WordPress plugin before 5.8.22 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2021-46399 RESERVED CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.1 ...) NOT-FOR-US: FileBrowser CVE-2021-46397 RESERVED CVE-2021-46396 RESERVED CVE-2021-46395 RESERVED CVE-2021-46394 (There is a stack buffer overflow vulnerability in the formSetPPTPServe ...) NOT-FOR-US: Tenda CVE-2021-46393 (There is a stack buffer overflow vulnerability in the formSetPPTPServe ...) NOT-FOR-US: Tenda CVE-2021-46392 RESERVED CVE-2021-46391 RESERVED CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...) NOT-FOR-US: Lexar CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) NOT-FOR-US: IIPImage High Resolution Streaming Image Server CVE-2021-46388 REJECTED CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross S ...) NOT-FOR-US: ZyXEL CVE-2021-46386 (File upload vulnerability in mingSoft MCMS through 5.2.5, allows remot ...) NOT-FOR-US: MCMS CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injec ...) NOT-FOR-US: MCMS CVE-2021-46384 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The ...) NOT-FOR-US: MCMS CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injec ...) NOT-FOR-US: MCMS CVE-2021-46382 (Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access ...) NOT-FOR-US: Netgear CVE-2021-46381 (Local File Inclusion due to path traversal in D-Link DAP-1620 leads to ...) NOT-FOR-US: D-Link CVE-2021-46380 REJECTED CVE-2021-46379 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...) NOT-FOR-US: D-Link CVE-2021-46378 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...) NOT-FOR-US: D-Link CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...) NOT-FOR-US: cszcms CVE-2021-46376 RESERVED CVE-2021-46375 RESERVED CVE-2021-46374 RESERVED CVE-2021-46373 RESERVED CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When w ...) NOT-FOR-US: Scoold CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) NOT-FOR-US: antd-admin CVE-2021-46370 RESERVED CVE-2021-46369 RESERVED CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...) NOT-FOR-US: TRIGONE Remote System Monitor CVE-2021-46367 (RiteCMS version 3.1.0 and below suffers from a remote code execution v ...) NOT-FOR-US: RiteCMS CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) NOT-FOR-US: Magnolia CMS CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) NOT-FOR-US: Magnolia CMS CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...) NOT-FOR-US: Magnolia CMS CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) NOT-FOR-US: Magnolia CMS CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...) NOT-FOR-US: Magnolia CMS CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...) NOT-FOR-US: Magnolia CMS CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) NOT-FOR-US: Composr-CMS CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) NOT-FOR-US: FISCO-BCOS CVE-2021-46358 RESERVED CVE-2021-46357 RESERVED CVE-2021-46356 RESERVED CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...) NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server) CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...) NOT-FOR-US: Thinfinity VirtualUI CVE-2021-46353 (An information disclosure in web interface in D-Link DIR-X1860 before ...) NOT-FOR-US: D-Link CVE-2021-46352 RESERVED CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940 CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936 CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...) - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937 CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...) - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941 CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938 CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939 CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920 CVE-2021-46344 (There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928 CVE-2021-46343 (There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921 CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934 CVE-2021-46341 RESERVED CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_ST ...) - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924 CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...) NOTE: Not considered a security issue by iotjs project NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935 CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...) - iotjs (bug #1004288) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900 CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930 CVE-2021-46336 (There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' faile ...) - iotjs (Vulnerable code not yet introduced) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927 CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...) NOT-FOR-US: Moddable SDK CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...) NOT-FOR-US: Moddable SDK CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...) NOT-FOR-US: Moddable SDK CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) NOT-FOR-US: Moddable SDK CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) NOT-FOR-US: Moddable SDK CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) NOT-FOR-US: Moddable SDK CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) NOT-FOR-US: Moddable SDK CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) NOT-FOR-US: Moddable SDK CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) NOT-FOR-US: Moddable SDK CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) NOT-FOR-US: Moddable SDK CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...) NOT-FOR-US: Espruino CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...) NOT-FOR-US: Espruino CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...) NOT-FOR-US: Espruino CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...) {DLA-3378-1} - duktape 2.7.0-1 [bullseye] - duktape 2.5.0-2+deb11u1 NOTE: https://github.com/svaarala/duktape/issues/2448 NOTE: https://github.com/svaarala/duktape/pull/2451 NOTE: https://github.com/svaarala/duktape/commit/fc75060165a011ff5ec43bfebea0c37a3d1baca1 NOTE: https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27 (v2.7.0) CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) NOT-FOR-US: Tenda CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked separ ...) NOT-FOR-US: OpenZeppelin CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...) NOT-FOR-US: D-Link DIR-846 Router CVE-2021-46318 RESERVED CVE-2021-46317 RESERVED CVE-2021-46316 RESERVED CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...) NOT-FOR-US: D-Link CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...) NOT-FOR-US: D-Link CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2039 NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0) CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...) - djvulibre (bug #1052669) [bookworm] - djvulibre (Minor issue) [bullseye] - djvulibre (Minor issue) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/344/ CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2038 NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0) CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...) - djvulibre (bug #1052668) [bookworm] - djvulibre (Minor issue) [bullseye] - djvulibre (Minor issue) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/345/ CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) NOT-FOR-US: Sourcecodester CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) NOT-FOR-US: Sourcecodester CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) NOT-FOR-US: Projectworlds Online Examination System CVE-2021-46306 RESERVED CVE-2021-46305 RESERVED CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2022-23311 RESERVED CVE-2022-23310 RESERVED CVE-2022-23309 RESERVED CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...) {DLA-2972-1} - libxml2 2.9.13+dfsg-1 (bug #1006489) [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1 [buster] - libxml2 2.9.4+dfsg1-7+deb10u3 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/327 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e (v2.9.13) CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...) NOT-FOR-US: livehelperchat CVE-2022-0265 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) - hazelcast (bug #745640) NOTE: https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748 (v5.1-DR7) NOTE: https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/ CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 [buster] - apache-log4j1.2 1.2.17-8+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5 CVE-2022-23306 RESERVED CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 [buster] - apache-log4j1.2 1.2.17-8+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) NOT-FOR-US: pimcore CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120) CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0259 REJECTED CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...) NOT-FOR-US: pimcore CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: pimcore CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...) NOT-FOR-US: WordPress plugin CVE-2022-0254 (The WordPress Zero Spam WordPress plugin before 5.2.11 does not proper ...) NOT-FOR-US: WordPress plugin CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...) NOT-FOR-US: WordPress plugin CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...) - gitlab 15.10.8+ds1-2 CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...) NOT-FOR-US: Fuchsia CVE-2022-0246 (The settings of the iQ Block Country WordPress plugin before 1.2.13 ca ...) NOT-FOR-US: WordPress plugin CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...) - wpa 2:2.10-1 [bullseye] - wpa (Minor issue) [buster] - wpa (Minor issue) [stretch] - wpa (Minor issue) NOTE: https://w1.fi/security/2022-1/ NOTE: Issue exists because of an incomplete fix for CVE-2019-9495 CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_supplicant b ...) - wpa 2:2.10-1 [bullseye] - wpa (Minor issue) [buster] - wpa (Minor issue) [stretch] - wpa (CVE-2019-9494 was not applied and is marked as ignored) NOTE: https://w1.fi/security/2022-1/ NOTE: Issue exists because of an incomplete fix for CVE-2019-9494 CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...) - linux 5.15.5-2 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) NOT-FOR-US: livehelperchat CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) NOT-FOR-US: Orchard CMS CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 (bug #1004482) [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 [buster] - apache-log4j1.2 1.2.17-8+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3 CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...) NOT-FOR-US: php_mailform CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...) NOT-FOR-US: php_mailform CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) NOT-FOR-US: Crater CVE-2022-0241 RESERVED CVE-2022-0240 (mruby is vulnerable to NULL Pointer Dereference) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb/ NOTE: https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: corenlp CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) - phoronix-test-suite CVE-2022-23301 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23300 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23299 (Windows PDEV Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23298 (Windows NT OS Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23297 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2022-23296 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23295 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23294 (Windows Event Tracing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23293 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-23292 (Microsoft Power BI Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23291 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23290 (Windows Inking COM Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23289 RESERVED CVE-2022-23288 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23287 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23286 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-23285 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23284 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23283 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23282 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23279 (Windows ALPC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23275 RESERVED CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23270 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23268 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23267 (.NET and Visual Studio Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23264 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23260 RESERVED CVE-2022-23259 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23257 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23253 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-23251 RESERVED CVE-2022-23250 RESERVED CVE-2022-23249 RESERVED CVE-2022-23248 RESERVED CVE-2022-23247 RESERVED CVE-2022-23246 RESERVED CVE-2022-23245 RESERVED CVE-2022-23244 RESERVED CVE-2022-23243 RESERVED CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...) NOT-FOR-US: TeamViewer CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...) NOT-FOR-US: Clustered Data ONTAP CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) NOT-FOR-US: Active IQ Unified Manager CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) NOT-FOR-US: Active IQ Unified Manager CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...) NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale) CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2022-23235 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) NOT-FOR-US: Active IQ Unified Manager / Netapp CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...) NOT-FOR-US: SnapCenter CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...) NOT-FOR-US: StorageGRID Webscale CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...) NOT-FOR-US: StorageGRID Webscale CVE-2022-23231 RESERVED CVE-2022-23230 RESERVED CVE-2022-23229 RESERVED CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...) NOT-FOR-US: Pexip Infinity CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) NOT-FOR-US: NUUO NVRmini2 CVE-2022-23226 RESERVED CVE-2022-23225 RESERVED CVE-2022-23224 RESERVED CVE-2022-23223 (On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that d ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) {DSA-5076-1 DLA-2923-1} - h2database 2.1.210-1 NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8 NOTE: https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050 CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) {DSA-5052-1} - usbview 2.0-21-g6fe2f4f-2.1 [stretch] - usbview (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1) NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2) NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2) CVE-2022-0237 (Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privi ...) NOT-FOR-US: Rapid7 Insight Agent CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...) NOT-FOR-US: WordPress plugin CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) {DLA-3222-1} - node-fetch 2.6.1-7 [bullseye] - node-fetch 2.6.1-5+deb11u1 NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2022-0233 (The ProfileGrid \u2013 User Profiles, Memberships, Groups and Communit ...) NOT-FOR-US: WordPress plugin CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: livehelperchat CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin through 1.4. ...) NOT-FOR-US: WordPress plugin CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2021-46304 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) NOT-FOR-US: Siemens CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1 CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...) {DLA-3152-1} - glibc 2.33-3 [bullseye] - glibc 2.31-13+deb11u3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542 CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...) {DLA-3152-1} - glibc 2.33-3 [bullseye] - glibc 2.31-13+deb11u3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768 CVE-2022-23217 RESERVED CVE-2022-23216 RESERVED CVE-2022-23215 RESERVED CVE-2022-23214 RESERVED CVE-2022-23213 RESERVED CVE-2022-23212 RESERVED CVE-2022-23211 RESERVED CVE-2022-23210 RESERVED CVE-2022-23209 RESERVED CVE-2022-23208 RESERVED CVE-2022-23207 RESERVED CVE-2022-0227 REJECTED CVE-2021-46303 RESERVED CVE-2021-46302 RESERVED CVE-2021-46301 RESERVED CVE-2021-46300 RESERVED CVE-2021-46299 RESERVED CVE-2021-46298 RESERVED CVE-2021-46297 RESERVED CVE-2021-46296 RESERVED CVE-2021-46295 RESERVED CVE-2021-46294 RESERVED CVE-2021-46293 RESERVED CVE-2021-46292 RESERVED CVE-2021-46291 RESERVED CVE-2021-46290 RESERVED CVE-2021-46289 RESERVED CVE-2021-46288 RESERVED CVE-2021-46287 RESERVED CVE-2021-46286 RESERVED CVE-2021-46285 RESERVED CVE-2021-46284 RESERVED CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: livehelperchat CVE-2022-0225 (A flaw was found in Keycloak. This flaw allows a privileged attacker t ...) NOT-FOR-US: Keycloak CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...) - dolibarr CVE-2022-0223 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2022-0222 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) NOT-FOR-US: Modicon CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) NOT-FOR-US: Schneider Electric CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: jadx CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...) NOT-FOR-US: WordPress plugin CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...) {DLA-3362-1} - qemu 1:7.1+dfsg-1 (bug #1014590) [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036953 NOTE: https://starlabs.sg/advisories/22/22-0216/ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/972 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/6c8fa961da5e60f574bb52fd3ad44b1e9e8ad4b8 (v7.1.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc442c56b05611b4224de9a61908f9eac (v7.1.0-rc0) CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) NOT-FOR-US: WordPress plugin CVE-2022-0214 (The Custom Popup Builder WordPress plugin before 1.3.1 autoload data f ...) NOT-FOR-US: WordPress plugin CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) NOTE: Crash in CLI tool, no security impact CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) NOT-FOR-US: WordPress plugin CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...) NOT-FOR-US: WordPress plugin CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) NOT-FOR-US: WordPress plugin CVE-2021-44760 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability disc ...) NOT-FOR-US: WordPress plugin CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...) {DSA-5133-1 DLA-3099-1} - qemu 1:7.0+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966 NOTE: https://starlabs.sg/advisories/21/21-4207/ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4) CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. An integ ...) {DSA-5133-1 DLA-3099-1} - qemu 1:7.0+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998 NOTE: https://starlabs.sg/advisories/21/21-4206/ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fa892e9abb728e76afcf27323ab29c57fb0fe7aa (v7.0.0-rc4) CVE-2021-4205 RESERVED CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...) NOT-FOR-US: WordPress plugin CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) NOT-FOR-US: WordPress plugin CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP ...) NOT-FOR-US: WordPress plugin CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...) NOT-FOR-US: WordPress plugin CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2021-23150 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...) NOT-FOR-US: Adobe CVE-2022-23201 (Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflec ...) NOT-FOR-US: Adobe CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...) NOT-FOR-US: Adobe CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23187 (Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer ...) NOT-FOR-US: Adobe CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-23185 RESERVED CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) NOT-FOR-US: Octopus Server CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) {DSA-5265-1 DLA-3160-1} - tomcat9 9.0.58-1 - tomcat8 [stretch] - tomcat8 (Minor issue; local race condition) NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57) NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74) NOTE: Issue introduced by the fix for CVE-2020-9484 CVE-2022-23180 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-23179 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...) NOT-FOR-US: WordPress plugin CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...) NOT-FOR-US: Reolink CVE-2022-0217 (It was discovered that an internal Prosody library to load XML based o ...) {DSA-5047-1} - prosody 0.11.12-1 (bug #1003696) [stretch] - prosody (websocket module introduced in 0.10.0; internal XML API only used on trusted data) NOTE: https://prosody.im/security/advisory_20220113/ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3 NOTE: Regression: https://issues.prosody.im/1711 NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4 CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-0209 (The Mitsol Social Post Feed WordPress plugin before 1.11 does not esca ...) NOT-FOR-US: Mitsol Social Post Feed plugin for WordPress CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0207 (A race condition was found in vdsm. Functionality to obfuscate sensiti ...) - vdsm (bug #668538) CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0205 (The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2022-0204 (A heap overflow vulnerability was found in bluez in versions prior to ...) {DLA-3157-1} - bluez 5.64-1 (bug #1003712) [bullseye] - bluez (Minor issue) [stretch] - bluez (Minor issue) NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807 CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...) NOT-FOR-US: Crater CVE-2022-0202 RESERVED CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...) NOT-FOR-US: WordPress plugin CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) NOT-FOR-US: Crestron devices CVE-2022-23177 RESERVED CVE-2022-23176 (WatchGuard Firebox and XTM appliances allow a remote attacker with unp ...) NOT-FOR-US: WatchGuard CVE-2022-23175 RESERVED CVE-2022-23174 RESERVED CVE-2022-23173 (this vulnerability affect user that even not allowed to access via the ...) NOT-FOR-US: Priority CVE-2022-23172 (An attacker can access to "Forgot my password" button, as soon as he p ...) NOT-FOR-US: Priority CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...) NOT-FOR-US: AtlasVPN CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...) NOT-FOR-US: SysAid CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...) NOT-FOR-US: Amodat CVE-2022-23168 (The attacker could get access to the database. The SQL injection is in ...) NOT-FOR-US: Amodat CVE-2022-23167 (Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename ...) NOT-FOR-US: Amodat CVE-2022-23166 (Sysaid \u2013 Sysaid Local File Inclusion (LFI) \u2013 An unauthentica ...) NOT-FOR-US: SysAid CVE-2022-23165 (Sysaid \u2013 Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The ...) NOT-FOR-US: SysAid CVE-2022-23164 REJECTED CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-23162 REJECTED CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-ser ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-23160 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Hand ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-23159 (Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of m ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-23158 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...) NOT-FOR-US: Dell CVE-2022-23157 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...) NOT-FOR-US: Dell CVE-2022-23156 (Wyse Device Agent version 14.6.1.4 and below contain an Improper Authe ...) NOT-FOR-US: Dell CVE-2022-23155 (Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unres ...) NOT-FOR-US: Dell CVE-2022-23154 RESERVED CVE-2022-23153 RESERVED CVE-2022-23152 RESERVED CVE-2022-23151 RESERVED CVE-2022-23150 RESERVED CVE-2022-23149 RESERVED CVE-2022-23148 RESERVED CVE-2022-23147 RESERVED CVE-2022-23146 RESERVED CVE-2022-23145 RESERVED CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB product. ...) NOT-FOR-US: ZTE CVE-2022-23143 (ZTE OTCP product is impacted by a permission and access control vulner ...) NOT-FOR-US: ZTE CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could construct and se ...) NOT-FOR-US: ZXEN CG200 CVE-2022-23141 (ZXMP M721 has an information leak vulnerability. Since the serial port ...) NOT-FOR-US: ZXMP M721 CVE-2022-23140 RESERVED CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...) NOT-FOR-US: ZTE ZXMP M721 CVE-2022-23138 (ZTE's MF297D product has cryptographic issues vulnerability. Due to th ...) NOT-FOR-US: ZTE CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...) NOT-FOR-US: ZXCDN CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...) NOT-FOR-US: ZTE CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...) NOT-FOR-US: ZTE CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...) {DLA-2914-1} - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Vulnerable code not present; session data not stored in cookies) [buster] - zabbix (Vulnerable code not present) NOTE: https://support.zabbix.com/browse/ZBX-20384 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2) NOTE: 4.0 and 5.0 are not affected: https://support.zabbix.com/browse/ZBX-20384?focusedCommentId=648239&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-648239 CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...) - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) [buster] - zabbix (Vulnerable code introduced later, and reverted with the fix) [stretch] - zabbix (Vulnerable code introduced later, and reverted with the fix) NOTE: https://support.zabbix.com/browse/ZBX-20388 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1) NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3) CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...) - zabbix 1:6.0.7+dfsg-2 [bullseye] - zabbix (Minor issue) [buster] - zabbix (Not using RPM or DAC_OVERRIDE in Debian installs) [stretch] - zabbix (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present) NOTE: https://support.zabbix.com/browse/ZBX-20341 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18) CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...) - zabbix (Only affects 5.4 and later) NOTE: https://support.zabbix.com/browse/ZBX-20350 NOTE: Only affects 5.4 and later per https://www.zabbix.com/de/security_advisories CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) NOT-FOR-US: Mitsubishi CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) NOT-FOR-US: Mitsubishi CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) NOT-FOR-US: Mitsubishi CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) NOT-FOR-US: Mitsubishi CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...) NOT-FOR-US: TeslaMate CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: corenlp CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) - phoronix-test-suite CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) - phoronix-test-suite CVE-2022-0195 RESERVED CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7) CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression: NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33 NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: Causes a regression: NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: Causes a regression: NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1 CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) NOT-FOR-US: Trend Micro CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) NOT-FOR-US: Trend Micro CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...) NOT-FOR-US: Jenkins plugin CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) NOT-FOR-US: Jenkins plugin CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) NOT-FOR-US: Jenkins plugin CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...) NOT-FOR-US: Jenkins plugin CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...) NOT-FOR-US: Jenkins plugin CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...) NOT-FOR-US: Jenkins plugin CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...) NOT-FOR-US: Jenkins plugin CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...) NOT-FOR-US: Jenkins plugin CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...) NOT-FOR-US: Jenkins plugin CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...) NOT-FOR-US: Jenkins plugin CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...) NOT-FOR-US: Jenkins plugin CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...) NOT-FOR-US: Jenkins plugin CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...) NOT-FOR-US: Jenkins plugin CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...) NOT-FOR-US: Jenkins plugin CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...) NOT-FOR-US: Reolink CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...) NOT-FOR-US: Reolink CVE-2022-21134 (A firmware update vulnerability exists in the "update" firmw ...) NOT-FOR-US: Reolink CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: Causes a regression: NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf NOTE: but not reviewed/merged upstream so far CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) NOT-FOR-US: WordPress plugin CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...) NOT-FOR-US: Lenovo CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 do ...) NOT-FOR-US: WordPress plugin CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) NOT-FOR-US: WordPress plugin CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) NOT-FOR-US: WordPress plugin CVE-2022-0187 RESERVED CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...) {DSA-5050-1} - linux 5.15.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756 NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/7 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/14 NOTE: https://www.willsroot.io/2022/01/cve-2022-0185.html CVE-2022-0184 (Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR59 ...) NOT-FOR-US: TEPRA CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 ...) NOT-FOR-US: MIRUPASS CVE-2020-36515 RESERVED CVE-2022-23101 (OX App Suite through 7.10.6 allows XSS via appHandler in a deep link i ...) NOT-FOR-US: OX App Suite CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via Documentco ...) NOT-FOR-US: OX App Suite CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise read.) NOT-FOR-US: OX App Suite CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DSA-5231-1 DLA-3144-1 DLA-2915-1} - connman 1.36-2.4 (bug #1004935) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5 CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...) {DSA-5231-1 DLA-3144-1 DLA-2915-1} - connman 1.36-2.4 (bug #1004935) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) {DSA-5231-1 DLA-3144-1 DLA-2915-1} - connman 1.36-2.4 (bug #1004935) NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...) {DSA-5048-1} - libreswan 4.6-1 [buster] - libreswan (Vulnerable code introduced in 4.2) NOTE: https://github.com/libreswan/libreswan/issues/585 NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3) NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5) CVE-2022-23093 (ping reads raw IP packets from the network to process responses in the ...) NOT-FOR-US: FreeBSD CVE-2022-23092 (The implementation of lib9p's handling of RWALK messages was missing a ...) NOT-FOR-US: FreeBSD CVE-2022-23091 (A particular case of memory sharing is mishandled in the virtual memor ...) NOT-FOR-US: FreeBSD CVE-2022-23090 (The aio_aqueue function, used by the lio_listio system call, fails to ...) NOT-FOR-US: FreeBSD CVE-2022-23089 (When dumping core and saving process information, proc_getargv() might ...) NOT-FOR-US: FreeBSD CVE-2022-23088 (The 802.11 beacon handling routine failed to validate the length of an ...) NOT-FOR-US: FreeBSD CVE-2022-23087 (The e1000 network adapters permit a variety of modifications to an Eth ...) NOT-FOR-US: FreeBSD CVE-2022-23086 (Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt d ...) NOT-FOR-US: FreeBSD CVE-2022-23085 (A user-provided integer option was passed to nmreq_copyin() without ch ...) NOT-FOR-US: FreeBSD CVE-2022-23084 (The total size of the user-provided nmreq to nmreq_copyin() was first ...) NOT-FOR-US: FreeBSD CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...) NOT-FOR-US: NetMaster CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...) NOT-FOR-US: WhiteSource CureKit CVE-2022-23081 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) NOT-FOR-US: openlibrary CVE-2022-23080 (In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to ser ...) NOT-FOR-US: directus CVE-2022-23079 (In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host he ...) NOT-FOR-US: motor-admin CVE-2022-23078 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to open ...) NOT-FOR-US: habitica CVE-2022-23077 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM X ...) NOT-FOR-US: habitica CVE-2022-23076 RESERVED CVE-2022-23075 RESERVED CVE-2022-23074 (In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cro ...) NOT-FOR-US: Recipes CVE-2022-23073 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) NOT-FOR-US: Recipes CVE-2022-23072 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) NOT-FOR-US: Recipes CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...) NOT-FOR-US: Recipes CVE-2022-23070 RESERVED CVE-2022-23069 RESERVED CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection wh ...) NOT-FOR-US: ToolJet CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via ...) NOT-FOR-US: ToolJet CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Ca ...) NOT-FOR-US: Solana rBPF CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...) NOT-FOR-US: Vendure CVE-2022-23064 (In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Head ...) - snipe-it (bug #1005172) CVE-2022-23063 (In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Ses ...) NOT-FOR-US: Shopizer CVE-2022-23062 RESERVED CVE-2022-23061 (In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently del ...) NOT-FOR-US: Shopizer CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...) NOT-FOR-US: Shopizer CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...) NOT-FOR-US: Shopizer CVE-2022-23058 (ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulne ...) NOT-FOR-US: ERPNext CVE-2022-23057 (In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-S ...) NOT-FOR-US: ERPNext CVE-2022-23056 (In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable t ...) NOT-FOR-US: ERPNext CVE-2022-23055 (In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Mi ...) NOT-FOR-US: ERPNext CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) NOT-FOR-US: Openmct CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) NOT-FOR-US: Openmct CVE-2022-23052 (PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vu ...) NOT-FOR-US: PeteReport CVE-2022-23051 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...) NOT-FOR-US: PeteReport CVE-2022-23050 (ManageEngine AppManager15 (Build No:15510) allows an authenticated adm ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...) NOT-FOR-US: Exponent CMS CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...) NOT-FOR-US: Exponent CMS CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...) NOT-FOR-US: Exponent CMS CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...) - phpipam (bug #731713) CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...) - phpipam (bug #731713) CVE-2022-23044 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...) NOT-FOR-US: Tiny File Manager CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...) NOT-FOR-US: Zenario CMS CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) {DLA-3065-1} - linux 5.16.14-1 [bullseye] - linux 5.10.106-1 [buster] - linux 4.19.235-1 NOTE: https://xenbits.xen.org/xsa/advisory-396.html CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...) {DSA-5117-1} - xen 4.16.0+51-g0941d6cb-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-395.html CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...) {DSA-5117-1} - xen 4.16.0+51-g0941d6cb-1 [buster] - xen (DSA 4677-1) [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-394.html CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...) {DSA-5117-1} - xen 4.16.0+51-g0941d6cb-1 [buster] - xen (Vulnerable code introduced later) [stretch] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-393.html CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23026 (On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x befo ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23007 RESERVED CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on Western Digit ...) NOT-FOR-US: Western Digital CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard that cou ...) NOT-FOR-US: Western Digital CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...) NOT-FOR-US: Western Digital CVE-2022-23003 (When computing a shared secret or point multiplication on the NIST P-2 ...) NOT-FOR-US: Western Digital CVE-2022-23002 (When compressing or decompressing a point on the NIST P-256 elliptic c ...) NOT-FOR-US: Western Digital CVE-2022-23001 (When compressing or decompressing elliptic curve points using the Swee ...) NOT-FOR-US: Western Digital CVE-2022-23000 (The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a ...) NOT-FOR-US: Western Digital CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross side script ...) NOT-FOR-US: Western Digital CVE-2022-22998 (Implemented protections on AWS credentials that were not properly prot ...) NOT-FOR-US: Western Digital CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a command ...) NOT-FOR-US: Western Digital CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected by a ...) NOT-FOR-US: Western Digital Windows setup CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...) {DLA-3706-1} - netatalk 3.1.18~ds-1 (bug #1053545) [bullseye] - netatalk (Minor issue) NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php NOTE: https://github.com/Netatalk/netatalk/pull/509 NOTE: https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...) NOT-FOR-US: Western Digital CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...) NOT-FOR-US: Western Digital CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...) NOT-FOR-US: Western Digital CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...) NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...) NOT-FOR-US: Western Digital CVE-2022-21234 (An SQL injection vulnerability exists in the EchoAssets.aspx functiona ...) NOT-FOR-US: Lansweeper CVE-2022-21210 (An SQL injection vulnerability exists in the AssetActions.aspx functio ...) NOT-FOR-US: Lansweeper CVE-2022-21145 (A stored cross-site scripting vulnerability exists in the WebUserActio ...) NOT-FOR-US: Lansweeper CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0180 (Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Mas ...) NOT-FOR-US: Quiz And Survey Master CVE-2022-0179 (snipe-it is vulnerable to Missing Authorization) - snipe-it (bug #1005172) CVE-2022-0178 (Missing Authorization vulnerability in snipe snipe/snipe-it.This issue ...) - snipe-it (bug #1005172) CVE-2022-0177 REJECTED CVE-2021-4204 (An out-of-bounds (OOB) memory access flaw was found in the Linux kerne ...) - linux 5.17.3-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4 CVE-2022-22983 (VMware Workstation (16.x prior to 16.2.4) contains an unprotected stor ...) NOT-FOR-US: VMware CVE-2022-22982 (The vCenter Server contains a server-side request forgery (SSRF) vulne ...) NOT-FOR-US: VMWare CVE-2022-22981 RESERVED CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL Injection when ...) NOT-FOR-US: Spring Data MongoDB CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...) NOT-FOR-US: Spring Cloud Function CVE-2022-22978 (In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and olde ...) - libspring-security-2.0-java CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...) NOT-FOR-US: VMware CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...) - libspring-security-2.0-java CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...) NOT-FOR-US: vmware-tanzu/pinniped CVE-2022-22974 RESERVED CVE-2022-22973 (VMware Workspace ONE Access and Identity Manager contain a privilege e ...) NOT-FOR-US: VMware CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java (unimportant) NOTE: https://tanzu.vmware.com/security/cve-2022-22971 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) - libspring-java (unimportant) NOTE: https://tanzu.vmware.com/security/cve-2022-22970 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22969 ( Spring Security OAuth versions 2.5.x prior to 2.5. ...) NOT-FOR-US: spring-security-oauth CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...) - libspring-java (unimportant) NOTE: https://tanzu.vmware.com/security/cve-2022-22968 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...) - salt (bug #1013872) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/ NOTE: Fixed by: https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8 (v3004.2) CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...) NOT-FOR-US: VMware CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...) - libspring-java (unimportant) NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html NOTE: https://tanzu.vmware.com/security/cve-2022-22965 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22964 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...) NOT-FOR-US: VMware CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported v ...) NOT-FOR-US: Spring Cloud Function CVE-2022-22962 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...) NOT-FOR-US: VMware CVE-2022-22961 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22960 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22959 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22958 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22957 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) NOT-FOR-US: VMware CVE-2022-22956 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...) NOT-FOR-US: VMware CVE-2022-22955 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...) NOT-FOR-US: VMware CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...) NOT-FOR-US: VMware CVE-2022-22953 (VMware HCX update addresses an information disclosure vulnerability. A ...) NOT-FOR-US: VMware CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...) NOT-FOR-US: VMware CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...) NOT-FOR-US: VMware CVE-2022-22950 (n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...) - libspring-java (unimportant) NOTE: https://tanzu.vmware.com/security/cve-2022-22950 NOTE: Only supported for building applications shipped in Debian, see README.Debian.security CVE-2022-22949 RESERVED CVE-2022-22948 (The vCenter Server contains an information disclosure vulnerability du ...) NOT-FOR-US: VMware CVE-2022-22947 (In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applicat ...) NOT-FOR-US: Spring Cloud Gateway CVE-2022-22946 (In spring cloud gateway versions prior to 3.1.1+ , applications that a ...) NOT-FOR-US: Spring Cloud Gateway CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...) NOT-FOR-US: VMware CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS ...) NOT-FOR-US: VMware CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains ...) NOT-FOR-US: VMware CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerability ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1} - linux 5.15.15-2 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4 NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1 NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942-dc.c NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22940 RESERVED CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...) NOT-FOR-US: VMware CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2022-22937 RESERVED CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) - salt 3004.1+dfsg-1 (bug #1008945) [bullseye] - salt (Scheduled for removal) [buster] - salt (EOL in buster LTS) NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ CVE-2022-22933 RESERVED CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...) - apache-karaf (bug #881297) CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...) NOT-FOR-US: Apache James CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) NOT-FOR-US: MCMS CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...) NOT-FOR-US: MCMS CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...) NOT-FOR-US: MCMS CVE-2022-22927 RESERVED CVE-2022-22926 RESERVED CVE-2022-22925 RESERVED CVE-2022-22924 RESERVED CVE-2022-22923 RESERVED CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...) NOT-FOR-US: TP-Link CVE-2022-22921 RESERVED CVE-2022-22920 RESERVED CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...) NOT-FOR-US: Adenza AxiomSL ControllerView CVE-2022-22918 RESERVED CVE-2022-22917 RESERVED CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...) NOT-FOR-US: O2OA CVE-2022-22915 RESERVED CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...) NOT-FOR-US: Ovidentia CMS CVE-2022-22913 RESERVED CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...) NOT-FOR-US: Node Plist.js CVE-2022-22911 RESERVED CVE-2022-22910 RESERVED CVE-2022-22909 (HotelDruid v3.0.3 was discovered to contain a remote code execution (R ...) - hoteldruid 3.0.4-1 (bug #1006750) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/0z09e/CVE-2022-22909 CVE-2022-22908 (SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, ...) NOT-FOR-US: Sangfor VDI Client CVE-2022-22907 RESERVED CVE-2022-22906 RESERVED CVE-2022-22905 RESERVED CVE-2022-22904 RESERVED CVE-2022-22903 RESERVED CVE-2022-22902 RESERVED CVE-2022-22901 (There is an Assertion in 'context_p->next_scanner_info_p->type == SCAN ...) - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4916 NOTE: https://github.com/jerryscript-project/jerryscript/commit/f3a420b672927037beb4508d7bdd68fb25d2caf6 CVE-2022-22900 RESERVED CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...) NOT-FOR-US: Core FTP / SFTP Server CVE-2022-22898 RESERVED CVE-2022-22897 (A SQL injection vulnerability in the product_all_one_img and image_pro ...) NOT-FOR-US: ApolloTheme AP PageBuilder CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885 CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847 CVE-2022-22889 RESERVED CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - iotjs (bug #1004298) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848 CVE-2022-22887 RESERVED CVE-2022-22886 RESERVED CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL cert ...) NOT-FOR-US: Hutool CVE-2022-22884 RESERVED CVE-2022-22883 RESERVED CVE-2022-22882 RESERVED CVE-2022-22881 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Jeecg-boot CVE-2022-22880 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: Jeecg-boot CVE-2022-22879 RESERVED CVE-2022-22878 RESERVED CVE-2022-22877 RESERVED CVE-2022-22876 RESERVED CVE-2022-22875 RESERVED CVE-2022-22874 RESERVED CVE-2022-22873 RESERVED CVE-2022-22872 RESERVED CVE-2022-22871 RESERVED CVE-2022-22870 RESERVED CVE-2022-22869 RESERVED CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...) NOT-FOR-US: Gibbon CMS CVE-2022-22867 RESERVED CVE-2022-22866 RESERVED CVE-2022-22865 RESERVED CVE-2022-22864 RESERVED CVE-2022-22863 RESERVED CVE-2022-22862 RESERVED CVE-2022-22861 RESERVED CVE-2022-22860 RESERVED CVE-2022-22859 RESERVED CVE-2022-22858 RESERVED CVE-2022-22857 RESERVED CVE-2022-22856 RESERVED CVE-2022-22855 RESERVED CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22849 RESERVED CVE-2022-22149 (A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx ...) NOT-FOR-US: Lansweeper CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...) NOT-FOR-US: WordPress plugin CVE-2022-0175 (A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). ...) - virglrenderer (Introduced in 0.9.0 with refactor) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 NOTE: Code refactored in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/7899e057327848300b18d8f03aa3789e00ed0221 (0.9.0) NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c CVE-2022-0174 (Improper Validation of Specified Quantity in Input vulnerability in do ...) - dolibarr CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...) {DSA-5257-1 DLA-3173-1} - linux 5.18.2-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2038940 CVE-2022-0170 (peertube is vulnerable to Improper Access Control) - peertube (bug #950821) CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not vali ...) NOT-FOR-US: WordPress plugin CVE-2022-0168 (A denial of service (DOS) issue was found in the Linux kernel\u2019s s ...) {DSA-5127-1} - linux 5.17.3-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386 CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...) NOT-FOR-US: McAfee CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) NOT-FOR-US: WordPress plugin CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have authorisa ...) NOT-FOR-US: WordPress plugin CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) NOT-FOR-US: TP-Link CVE-2022-0161 (The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-0160 RESERVED CVE-2021-46269 RESERVED CVE-2021-46268 RESERVED CVE-2021-46267 RESERVED CVE-2021-46266 RESERVED CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) NOT-FOR-US: Tenda CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) NOT-FOR-US: Tenda CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) NOT-FOR-US: Tenda CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) NOT-FOR-US: Tenda CVE-2021-46261 RESERVED CVE-2021-46260 RESERVED CVE-2021-46259 RESERVED CVE-2021-46258 RESERVED CVE-2021-46257 RESERVED CVE-2021-46256 RESERVED CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...) NOT-FOR-US: eyouCMS CVE-2021-46254 RESERVED CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...) NOT-FOR-US: Anchor CMS CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...) NOT-FOR-US: scratch-confirmaccount-v3 CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...) NOT-FOR-US: ScratchOAuth2 CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...) NOT-FOR-US: ScratchOAuth2 CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...) NOT-FOR-US: ScratchOAuth2 CVE-2021-46248 RESERVED CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...) NOT-FOR-US: ASUS CVE-2021-46246 RESERVED CVE-2021-46245 RESERVED CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1327 NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm NOTE: https://github.com/HDFGroup/hdf5/issues/2242 NOTE: https://github.com/HDFGroup/hdf5/pull/2243 NOTE: https://github.com/HDFGroup/hdf5/commit/0b4e9cf976438f0a6df7719518d1b1bb96c2caca NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1326 NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1329 NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf NOTE: https://github.com/HDFGroup/hdf5/pull/2255 NOTE: https://github.com/HDFGroup/hdf5/commit/24700e8f0607e9a3782c843528e2c5a892d4d6f6 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-46241 RESERVED CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2028 NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d (v2.0.0) CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2026 NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4 (v2.0.0) CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2027 NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf (v2.0.0) CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2033 NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00 (v2.0.0) CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2024 NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d (v2.0.0) CVE-2021-46235 RESERVED CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2023 NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5 CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) NOT-FOR-US: D-Link CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...) NOT-FOR-US: libMeshb CVE-2021-46224 RESERVED CVE-2021-46223 RESERVED CVE-2021-46222 RESERVED CVE-2021-46221 RESERVED CVE-2021-46220 RESERVED CVE-2021-46219 RESERVED CVE-2021-46218 RESERVED CVE-2021-46217 RESERVED CVE-2021-46216 RESERVED CVE-2021-46215 RESERVED CVE-2021-46214 RESERVED CVE-2021-46213 RESERVED CVE-2021-46212 RESERVED CVE-2021-46211 RESERVED CVE-2021-46210 RESERVED CVE-2021-46209 RESERVED CVE-2021-46208 RESERVED CVE-2021-46207 RESERVED CVE-2021-46206 RESERVED CVE-2021-46205 RESERVED CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) NOT-FOR-US: taocms CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) NOT-FOR-US: taocms CVE-2021-46202 RESERVED CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) NOT-FOR-US: Sourcecodester Online Resort Management System CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) NOT-FOR-US: Sourcecodester CVE-2021-46199 RESERVED CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) NOT-FOR-US: Sourcecodester CVE-2021-46197 RESERVED CVE-2021-46196 RESERVED CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...) - binutils 2.37.90.20220207-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 NOTE: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab NOTE: binutils not covered by security support CVE-2021-46194 RESERVED CVE-2021-46193 RESERVED CVE-2021-46192 RESERVED CVE-2021-46191 RESERVED CVE-2021-46190 RESERVED CVE-2021-46189 RESERVED CVE-2021-46188 RESERVED CVE-2021-46187 RESERVED CVE-2021-46186 RESERVED CVE-2021-46185 RESERVED CVE-2021-46184 RESERVED CVE-2021-46183 RESERVED CVE-2021-46182 RESERVED CVE-2021-46181 RESERVED CVE-2021-46180 RESERVED CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows attackers ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/545 NOTE: https://github.com/upx/upx/commit/4a9c46253e308d60b550e9f529e7d37daf978be5 (v3.99) NOTE: https://github.com/upx/upx/commit/2d6987252ef4cec9b9051e3e161977ab88b67aac (v3.99) NOTE: https://github.com/upx/upx/commit/fcdf0e92c1a2d89188ec7b50fb9b40ef51362560 (v3.99) NOTE: https://github.com/upx/upx/commit/be23f93ee6853a688fb9a920c9ee5222aa212303 (v3.99) NOTE: Crash in CLI tool, no security impact CVE-2021-46178 RESERVED CVE-2021-46177 RESERVED CVE-2021-46176 RESERVED CVE-2021-46175 RESERVED CVE-2021-46174 (Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump ...) - binutils 2.37.90.20220207-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28753 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97b6962807d33c04ed7e7797788438 (binutils-2_38) NOTE: binutils not covered by security support CVE-2021-46173 RESERVED CVE-2021-46172 RESERVED CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) NOT-FOR-US: Modex CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...) NOT-FOR-US: Modex CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...) NOT-FOR-US: Spin CVE-2021-46167 (An access control issue in the authentication module of wizplat PD065 ...) NOT-FOR-US: wizplat secure flash CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...) NOT-FOR-US: Lens CVE-2021-4203 (A use-after-free read flaw was found in sock_getsockopt() in net/core/ ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 [stretch] - linux 4.9.290-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230 NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4) CVE-2021-4202 (A use-after-free flaw was found in nci_request in net/nfc/nci/core.c i ...) {DSA-5096-1 DLA-2940-1} - linux 5.15.5-1 (unimportant) [bullseye] - linux 5.10.84-1 NOTE: CONFIG_NFC_NCI not enabled in Debian CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...) NOT-FOR-US: Mirantis Container Runtime CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...) NOT-FOR-US: Lens CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...) NOT-FOR-US: orchardcore CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow) - vim 2:8.2.4659-1 (unimportant) [buster] - vim (The vulnerable code was introduced later) [stretch] - vim (The vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/ NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049) NOTE: Crash in CLI tool, no security impact CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input ...) - phoronix-test-suite CVE-2022-22848 RESERVED CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Se ...) NOT-FOR-US: Formpipe Lasernet CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...) - python-dnslib 0.9.18-1 [bullseye] - python-dnslib (Minor issue) [buster] - python-dnslib (Minor issue) NOTE: https://github.com/paulc/dnslib/issues/30 NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...) NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...) {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-3 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 CVE-2022-22843 RESERVED CVE-2022-22842 RESERVED CVE-2022-22841 RESERVED CVE-2022-22840 RESERVED CVE-2022-22839 RESERVED CVE-2022-22838 RESERVED CVE-2022-22837 RESERVED CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...) NOT-FOR-US: CoreFTP CVE-2022-22835 (An issue was discovered in OverIT Geocall before version 8.0. An authe ...) NOT-FOR-US: OverIT Geocall CVE-2022-22834 (An issue was discovered in OverIT Geocall before 8.0. An authenticated ...) NOT-FOR-US: OverIT Geocall CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...) NOT-FOR-US: Servisnet Tessa CVE-2022-22830 RESERVED CVE-2022-22829 RESERVED CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...) NOT-FOR-US: Synametrics CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...) NOT-FOR-US: Kentico Xperience CMS CVE-2022-0156 (vim is vulnerable to Use After Free) - vim 2:8.2.4659-1 (unimportant) [buster] - vim (vim9script functionality not present in buster and earlier) NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040) NOTE: Crash in CLI tool, no security impact CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1003474) NOTE: https://github.com/libexpat/libexpat/pull/539 NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...) NOT-FOR-US: NVIDIA NeMo CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...) NOT-FOR-US: LINE CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55 ...) NOT-FOR-US: NXP CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...) {DSA-5254-1 DLA-3191-1 DLA-2906-1} - python-django 2:3.2.12-1 (bug #1004752) NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main) NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2) NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12) NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27) CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) {DSA-5053-1 DLA-3768-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581 CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) {DSA-5053-1 DLA-2893-1} - pillow 9.0.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) CVE-2022-22814 (The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege ...) NOT-FOR-US: ASUS CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...) - node-follow-redirects 1.14.7+~1.13.1-1 [bullseye] - node-follow-redirects 1.13.1-1+deb11u1 [buster] - node-follow-redirects (Minor issue, too intrusive to backport) NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 NOTE: https://github.com/follow-redirects/follow-redirects/issues/183 NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7) CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...) NOT-FOR-US: Schneider Electric CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: Schneider Electric CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2022-22808 (A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a ...) NOT-FOR-US: Schneider Electric CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) NOT-FOR-US: Schneider Electric CVE-2022-22806 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...) NOT-FOR-US: Schneider Electric CVE-2022-22805 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...) NOT-FOR-US: Schneider Electric CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider Electric CVE-2022-22803 RESERVED CVE-2022-22802 RESERVED CVE-2022-22801 RESERVED CVE-2022-22800 RESERVED CVE-2022-22799 RESERVED CVE-2022-22798 (Sysaid \u2013 Pro Plus Edition, SysAid Help Desk Broken Access Control ...) NOT-FOR-US: SysAid Help Desk CVE-2022-22797 (Sysaid \u2013 sysaid Open Redirect - An Attacker can change the redire ...) NOT-FOR-US: SysAid Help Desk CVE-2022-22796 (Sysaid \u2013 Sysaid System Takeover - An attacker can bypass the auth ...) NOT-FOR-US: SysAid Help Desk CVE-2022-22795 (Signiant - Manager+Agents XML External Entity (XXE) - Extract internal ...) NOT-FOR-US: Signiant Manager+Agents CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...) NOT-FOR-US: Cybonet CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...) NOT-FOR-US: Cybonet CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) NOT-FOR-US: MobiSoft CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into ...) NOT-FOR-US: SYNEL CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) NOT-FOR-US: SYNEL CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover \u2013 An attacker ...) NOT-FOR-US: Charactell - FormStorm Enterprise CVE-2022-22788 (The Zoom Opener installer is downloaded by a user from the Launch meet ...) NOT-FOR-US: Zoom CVE-2022-22787 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-22786 (The Zoom Client for Meetings for Windows before version 5.10.0 and Zoo ...) NOT-FOR-US: Zoom CVE-2022-22785 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-22784 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) NOT-FOR-US: Zoom CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...) NOT-FOR-US: Zoom CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...) NOT-FOR-US: Zoom CVE-2022-22781 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) pri ...) NOT-FOR-US: Zoom CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...) NOT-FOR-US: Zoom CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...) NOT-FOR-US: Keybase on MacOS & Windows CVE-2022-22778 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) NOT-FOR-US: TIBCO CVE-2022-22777 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) NOT-FOR-US: TIBCO CVE-2022-22776 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) NOT-FOR-US: TIBCO CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Ente ...) NOT-FOR-US: TIBCO CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...) NOT-FOR-US: TIBCO CVE-2022-22773 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) NOT-FOR-US: TIBCO CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s ...) NOT-FOR-US: TIBCO Managed File Transfer Platform CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...) - jasperreports [stretch] - jasperreports (cannot be supported due to lack of information) NOTE: https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771 CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...) NOT-FOR-US: TIBCO CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...) NOT-FOR-US: TIBCO CVE-2022-22768 RESERVED CVE-2022-22767 (Specific BD Pyxis\u2122 products were installed with default credentia ...) NOT-FOR-US: BD Pyxis CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...) NOT-FOR-US: BD Pyxis CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...) NOT-FOR-US: BD Viper LT system CVE-2022-22764 (Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported m ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764 CVE-2022-22763 (When a worker is shutdown, it was possible to cause script to run late ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763 CVE-2022-22762 (Under certain circumstances, a JavaScript alert (or prompt) could have ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762 CVE-2022-22761 (Web-accessible extension pages (pages with a moz-extension:// scheme) ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761 CVE-2022-22760 (When importing resources using Web Workers, error messages would disti ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760 CVE-2022-22759 (If a document created a sandboxed iframe without allow-scripts\* (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758 CVE-2022-22757 (Remote Agent, used in WebDriver, did not validate the Host or Origin h ...) - firefox 97.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757 CVE-2022-22756 (If a user was convinced to drag and drop an image to their desktop or ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756 CVE-2022-22755 (By using XSL Transforms, a malicious webserver could have served a use ...) - firefox 97.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755 CVE-2022-22754 (If a user installed an extension of a particular type, the extension c ...) {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} - firefox 97.0-1 - firefox-esr 91.6.0esr-1 - thunderbird 1:91.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754 CVE-2022-22753 (A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753 CVE-2022-22752 (Mozilla developers Christian Holler and Jason Kratzer reported memory ...) - firefox 96.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752 CVE-2022-22751 (Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, J ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751 CVE-2022-22750 (By generally accepting and passing resource handles across processes, ...) - firefox (Only affects Windows and MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750 CVE-2022-22749 (When scanning QR codes, Firefox for Android would have allowed navigat ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749 CVE-2022-22748 (Malicious websites could have confused Firefox into showing the wrong ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748 CVE-2022-22747 (After accepting an untrusted certificate, handling an empty pkcs7 sequ ...) {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1} - nss 2:3.73-1 - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 NOTE: https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0 CVE-2022-22746 (A race condition could have allowed bypassing the fullscreen notificat ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746 CVE-2022-22745 (Securitypolicyviolation events could have leaked cross-origin informat ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745 CVE-2022-22744 (The constructed curl command from the "Copy as curl" feature in DevToo ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744 CVE-2022-22743 (When navigating from inside an iframe while requesting fullscreen acce ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743 CVE-2022-22742 (When inserting text while in edit mode, some characters might have lea ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742 CVE-2022-22741 (When resizing a popup while requesting fullscreen access, the popup wo ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741 CVE-2022-22740 (Certain network request objects were freed too early when releasing a ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740 CVE-2022-22739 (Malicious websites could have tricked users into accepting launching a ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739 CVE-2022-22738 (Applying a CSS filter effect could have accessed out of bounds memory. ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738 CVE-2022-22737 (Constructing audio sinks could have lead to a race condition when play ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737 CVE-2022-22736 (If Firefox was installed to a world-writable directory, a local privil ...) - firefox (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736 CVE-2022-22735 (The Simple Quotation WordPress plugin through 1.3.2 does not have auth ...) NOT-FOR-US: WordPress plugin CVE-2022-22734 (The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.) NOT-FOR-US: forkcms CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) NOT-FOR-US: WordPress plugin CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) NOT-FOR-US: WordPress plugin CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-0146 RESERVED CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkc ...) NOT-FOR-US: forkcms CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2022-22732 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...) NOT-FOR-US: Schneider CVE-2022-22731 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management) - node-shelljs 0.8.5+~cs0.8.10-1 [bullseye] - node-shelljs (Minor issue) [buster] - node-shelljs (Minor issue) [stretch] - node-shelljs (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/ NOTE: https://github.com/shelljs/shelljs/issues/1058 NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5) CVE-2022-0143 (When the LDAP connector is started with StartTLS configured, unauthent ...) NOT-FOR-US: ForgeRock CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...) NOT-FOR-US: WordPress plugin CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not perform ...) NOT-FOR-US: WordPress plugin CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension UniversalLanguageSelector CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension SecurePoll CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension MassEditRegex CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension WikiBaseMediainfo CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...) {DLA-3269-1} - libapreq2 2.17-1 (bug #1018191) [bullseye] - libapreq2 2.13-7+deb11u1 NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3 CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) NOT-FOR-US: Schneider Electric CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...) NOT-FOR-US: Schneider Electric CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) NOT-FOR-US: Schneider Electric CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...) {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 2.4.53-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721 NOTE: Fixed by: https://svn.apache.org/r1898693 CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...) {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 2.4.53-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720 NOTE: Fixed by: https://svn.apache.org/r1898692 CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...) {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 2.4.53-1~deb11u1 [buster] - apache2 2.4.38-3+deb10u8 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719 NOTE: Fixed by: https://svn.apache.org/r1898694 CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22714 RESERVED CVE-2022-22713 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21806 (A use-after-free vulnerability exists in the mips_collector appsrv_ser ...) NOT-FOR-US: Anker Eufy Homebase CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.) - radare2 5.9.0+dfsg-1 (bug #1014478) NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC before 1. ...) - htmldoc 1.9.15-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/461 NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b (v1.9.15) NOTE: Crash in CLI tool, no security impact CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...) {DLA-3232-1} - virglrenderer 0.10.0-1 (bug #1009073) [bullseye] - virglrenderer 0.8.2-5+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec (0.10.0) NOTE: Depends on the fix for CVE-2019-18391 CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-0133 (peertube is vulnerable to Improper Access Control) - peertube (bug #950821) CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF)) - peertube (bug #950821) CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API ...) NOT-FOR-US: Jimoty App for Android CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...) NOT-FOR-US: ForgeRock CVE-2022-22708 RESERVED CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) {DSA-5040-1} - lighttpd 1.4.64-1 [stretch] - lighttpd (Vulnerable code not present; the issue was introduced in later versions) NOTE: https://redmine.lighttpd.net/issues/3134 NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 CVE-2022-22706 (Arm Mali GPU Kernel Driver allows a non-privileged user to achieve wri ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-22705 RESERVED CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...) NOT-FOR-US: zabbix-agent2 package for Alpine CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...) NOT-FOR-US: Stormshield SSO Agent CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...) NOT-FOR-US: PartKeepr CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...) NOT-FOR-US: PartKeepr CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the 'StartAuthe ...) NOT-FOR-US: CyberArk Identity CVE-2022-22699 RESERVED CVE-2022-22698 RESERVED CVE-2022-22697 RESERVED CVE-2022-22696 RESERVED CVE-2022-22695 RESERVED CVE-2022-22694 RESERVED CVE-2022-22693 RESERVED CVE-2022-22692 RESERVED CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...) NOT-FOR-US: Umbraco CMS CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) NOT-FOR-US: Umbraco CMS CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...) NOT-FOR-US: CA Harvest Software Change Manager CVE-2022-22688 (Improper neutralization of special elements used in a command ('Comman ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) NOT-FOR-US: Synology DiskStation Manager CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi component in ...) NOT-FOR-US: Synology CVE-2022-22685 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-22684 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2022-22683 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) NOT-FOR-US: Synology CVE-2022-22682 (Improper neutralization of input during web page generation ('Cross-si ...) NOT-FOR-US: Synology CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...) NOT-FOR-US: Synology CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) NOT-FOR-US: Synology CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...) NOT-FOR-US: Foxit CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...) NOT-FOR-US: Tenable CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 NOTE: https://github.com/libexpat/libexpat/issues/532 NOTE: https://github.com/libexpat/libexpat/pull/538 NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3) CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) {DSA-5063-1 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/122 NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6) NOTE: https://github.com/uriparser/uriparser/pull/124 CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) {DSA-5063-1 DLA-2883-2 DLA-2883-1} - uriparser 0.9.6+dfsg-1 NOTE: https://github.com/uriparser/uriparser/issues/121 NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6) NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6) NOTE: https://github.com/uriparser/uriparser/pull/124 CVE-2022-22678 RESERVED CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...) NOT-FOR-US: McAfee CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read) - vim 2:8.2.4659-1 [bullseye] - vim (Vulnerable code introduced later) [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba NOTE: Introduced by: https://github.com/vim/vim/commit/bdc0f1c6986e5d64f647e0924a4de795b47c549a (v8.2.2806) NOTE: Fixed by: https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (v8.2.4009) CVE-2022-0127 RESERVED CVE-2022-0126 RESERVED CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 15.10.8+ds1-2 CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab 15.10.8+ds1-2 CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher allows w ...) NOT-FOR-US: Rancher CVE-2022-22677 (A logic issue in the handling of concurrent media was addressed with i ...) {DSA-5183-1 DSA-5182-1} - webkit2gtk 2.36.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0006.html CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...) NOT-FOR-US: Apple CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22674 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2022-22673 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22672 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2022-22671 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2022-22669 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22668 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-22667 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22666 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-22665 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2022-22662 (A cookie management issue was addressed with improved state management ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0006.html CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2022-22659 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-22658 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-22657 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2022-22656 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2022-22655 (An access issue was addressed with improvements to the sandbox. This i ...) NOT-FOR-US: Apple CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...) NOT-FOR-US: Apple CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2022-22652 (The GSMA authentication panel could be presented on the lock screen. T ...) NOT-FOR-US: Apple CVE-2022-22651 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22650 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22649 REJECTED CVE-2022-22648 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22646 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2022-22645 REJECTED CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...) NOT-FOR-US: Apple CVE-2022-22643 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22642 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22641 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22640 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-22639 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...) NOT-FOR-US: Apple CVE-2022-22637 (A logic issue was addressed with improved state management. This issue ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22634 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2022-22633 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-22632 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22630 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22629 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22628 (A use after free issue was addressed with improved memory management. ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2022-22624 (A use after free issue was addressed with improved memory management. ...) {DSA-5116-1 DSA-5115-1} - webkit2gtk 2.36.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.36.0-2 NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22623 REJECTED CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22621 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22620 (A use after free issue was addressed with improved memory management. ...) {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.6-1 NOTE: https://webkitgtk.org/security/WSA-2022-0003.html CVE-2022-22619 RESERVED CVE-2022-22618 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2022-22616 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-22613 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22612 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2022-22610 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22607 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22606 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22605 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22604 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22603 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22602 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22601 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22600 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2022-22599 (Description: A permissions issue was addressed with improved validatio ...) NOT-FOR-US: Apple CVE-2022-22598 (An issue with app access to camera metadata was addressed with improve ...) NOT-FOR-US: Apple CVE-2022-22597 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-22596 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-22595 RESERVED CVE-2022-22594 (A cross-origin issue in the IndexDB API was addressed with improved in ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2022-22593 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2022-22591 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2022-22589 (A validation issue was addressed with improved input sanitization. Thi ...) {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.5-1 NOTE: https://webkitgtk.org/security/WSA-2022-0002.html CVE-2022-22588 (A resource exhaustion issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2022-22587 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2022-22586 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22585 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2022-22584 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2022-22583 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2022-22582 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2022-22581 RESERVED CVE-2022-22580 RESERVED CVE-2022-22579 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ...) {DSA-5372-1 DLA-3093-1} - rails 2:6.1.6.1+dfsg-1 (bug #1011941) NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1) NOTE: https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8) NOTE: https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809 (v5.2.7.1) CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) {DSA-5197-1 DLA-3085-1} - curl 7.83.0-1 (bug #1010295) NOTE: https://curl.se/docs/CVE-2022-22576.html NOTE: Fixed by: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425 (curl-7_83_0) CVE-2022-22575 RESERVED CVE-2022-22574 RESERVED CVE-2022-22573 RESERVED CVE-2022-22572 (A non-admin user with user management permission can escalate his priv ...) NOT-FOR-US: Incapptic CVE-2022-22571 (An authenticated high privileged user can perform a stored XSS attack ...) NOT-FOR-US: Incapptic CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader ...) NOT-FOR-US: UniFi Door Access Reader Lite CVE-2022-22569 RESERVED CVE-2022-22568 RESERVED CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: forge CVE-2022-0121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: hoppscotch CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...) NOT-FOR-US: Dell CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...) NOT-FOR-US: Dell CVE-2022-22565 (Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper autho ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22564 (Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptogr ...) NOT-FOR-US: EMC CVE-2022-22563 (Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant informa ...) NOT-FOR-US: EMC CVE-2022-22562 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handli ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22561 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper res ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials ...) NOT-FOR-US: EMC CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22558 (Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 792 ...) NOT-FOR-US: Dell CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...) NOT-FOR-US: Dell CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...) NOT-FOR-US: Dell CVE-2022-22555 (Dell EMC PowerStore, contains an OS command injection Vulnerability. A ...) NOT-FOR-US: Dell CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...) NOT-FOR-US: EMC CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...) NOT-FOR-US: EMC CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...) NOT-FOR-US: EMC CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...) NOT-FOR-US: EMC CVE-2022-22550 (Dell PowerScale OneFS, versions 8.2.2 and above, contain a password di ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22549 (Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Va ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2022-22548 RESERVED CVE-2022-22547 (Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows ...) NOT-FOR-US: SAP CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...) NOT-FOR-US: SAP CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...) NOT-FOR-US: SAP CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...) NOT-FOR-US: SAP CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...) NOT-FOR-US: SAP CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...) NOT-FOR-US: SAP CVE-2022-22541 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) NOT-FOR-US: SAP CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...) NOT-FOR-US: SAP CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...) NOT-FOR-US: SAP CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...) NOT-FOR-US: SAP CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...) NOT-FOR-US: SAP CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...) NOT-FOR-US: SAP CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...) NOT-FOR-US: SAP CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...) NOT-FOR-US: SAP CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...) NOT-FOR-US: SAP CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...) NOT-FOR-US: SAP CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) NOT-FOR-US: SAP CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...) NOT-FOR-US: SAP CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...) NOT-FOR-US: SAP CVE-2022-22527 RESERVED CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0119 RESERVED CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) {DSA-5397-1 DSA-5396-1 DSA-5046-1 DLA-3419-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - webkit2gtk 2.40.1-1 - wpewebkit 2.38.6-1 NOTE: https://webkitgtk.org/security/WSA-2023-0003.html CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2022-0095 REJECTED CVE-2022-0094 REJECTED CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0092 RESERVED CVE-2022-0091 RESERVED CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) - gitlab 15.10.8+ds1-2 CVE-2022-0089 RESERVED CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls p ...) NOT-FOR-US: yourls CVE-2021-46140 RESERVED CVE-2021-46139 RESERVED CVE-2021-46138 RESERVED CVE-2021-46137 RESERVED CVE-2021-46136 RESERVED CVE-2021-46135 RESERVED CVE-2021-46134 RESERVED CVE-2021-46133 RESERVED CVE-2021-46132 RESERVED CVE-2021-46131 RESERVED CVE-2021-45722 RESERVED CVE-2021-45110 RESERVED CVE-2021-45073 RESERVED CVE-2021-44778 RESERVED CVE-2021-44468 RESERVED CVE-2021-44456 RESERVED CVE-2021-44452 RESERVED CVE-2021-43352 RESERVED CVE-2021-4199 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: Bitdefender CVE-2021-4198 (A NULL Pointer Dereference vulnerability in the messaging_ipc.dll comp ...) NOT-FOR-US: Bitdefender CVE-2021-31564 RESERVED CVE-2021-23229 RESERVED CVE-2022-22526 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-22525 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-22524 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-22523 (An improper authentication vulnerability exists in the Carlo Gavazzi U ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-22522 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) NOT-FOR-US: Carlo Gavazzi Controls SpA CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...) NOT-FOR-US: Miele CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users by sendin ...) NOT-FOR-US: mymbCONNECT24 CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...) NOT-FOR-US: CODESYS CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...) NOT-FOR-US: CODESYS CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing communication ...) NOT-FOR-US: CODESYS CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on Microsoft ...) NOT-FOR-US: CODESYS CVE-2022-22515 (A remote, authenticated attacker could utilize the control program of ...) NOT-FOR-US: CODESYS CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferenced po ...) NOT-FOR-US: CODESYS CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...) NOT-FOR-US: CODESYS CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage products in ...) NOT-FOR-US: VARTA Storage products CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...) NOT-FOR-US: VDE CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...) NOT-FOR-US: Codesys CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...) NOT-FOR-US: Phoenix Contact FL SWITCH Series CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3 product ...) NOT-FOR-US: CODESYS CVE-2022-22507 REJECTED CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability that co ...) NOT-FOR-US: IBM CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a v ...) NOT-FOR-US: IBM CVE-2022-22504 RESERVED CVE-2022-22503 (IBM Robotic Process Automation 21.0.0 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2022-22501 RESERVED CVE-2022-22500 RESERVED CVE-2022-22499 RESERVED CVE-2022-22498 RESERVED CVE-2022-22497 (IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due ...) NOT-FOR-US: IBM CVE-2022-22496 (While a user account for the IBM Spectrum Protect Server 8.1.0.000 thr ...) NOT-FOR-US: IBM CVE-2022-22495 (IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attac ...) NOT-FOR-US: IBM CVE-2022-22494 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could ...) NOT-FOR-US: IBM CVE-2022-22493 (IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulne ...) NOT-FOR-US: IBM CVE-2022-22492 RESERVED CVE-2022-22491 RESERVED CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...) NOT-FOR-US: IBM CVE-2022-22488 (IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a d ...) NOT-FOR-US: IBM CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2022-22486 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...) NOT-FOR-US: IBM CVE-2022-22485 (In some cases, an unsuccessful attempt to log into IBM Spectrum Protec ...) NOT-FOR-US: IBM CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a ...) NOT-FOR-US: IBM CVE-2022-22483 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) NOT-FOR-US: IBM CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) NOT-FOR-US: IBM CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...) NOT-FOR-US: IBM CVE-2022-22480 (IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function co ...) NOT-FOR-US: IBM CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...) NOT-FOR-US: IBM CVE-2022-22477 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and ...) NOT-FOR-US: IBM CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...) NOT-FOR-US: IBM CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsv ...) NOT-FOR-US: IBM CVE-2022-22473 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through ...) NOT-FOR-US: IBM CVE-2022-22471 RESERVED CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in plain c ...) NOT-FOR-US: IBM CVE-2022-22469 RESERVED CVE-2022-22468 RESERVED CVE-2022-22467 RESERVED CVE-2022-22466 (IBM Security Verify Governance 10.0 contains hard-coded credentials, s ...) NOT-FOR-US: IBM CVE-2022-22465 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) NOT-FOR-US: IBM CVE-2022-22464 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) NOT-FOR-US: IBM CVE-2022-22463 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) NOT-FOR-US: IBM CVE-2022-22462 (IBM Security Verify Governance, Identity Manager virtual appliance com ...) NOT-FOR-US: IBM CVE-2022-22461 (IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker th ...) NOT-FOR-US: IBM CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive informati ...) NOT-FOR-US: IBM CVE-2022-22459 RESERVED CVE-2022-22458 (IBM Security Verify Governance, Identity Manager 10.0.1 stores user cr ...) NOT-FOR-US: IBM CVE-2022-22457 (IBM Security Verify Governance, Identity Manager 10.0.1 stores sensiti ...) NOT-FOR-US: IBM CVE-2022-22456 (IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable ...) NOT-FOR-US: IBM CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual appliance ...) NOT-FOR-US: IBM CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...) NOT-FOR-US: IBM CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...) NOT-FOR-US: IBM CVE-2022-22452 (IBM Security Verify Identity Manager 10.0 uses an inadequate account l ...) NOT-FOR-US: IBM CVE-2022-22451 RESERVED CVE-2022-22450 (IBM Security Verify Identity Manager 10.0 could allow a privileged use ...) NOT-FOR-US: IBM CVE-2022-22449 (IBM Security Verify Governance, Identity Manager 10.01 could allow a r ...) NOT-FOR-US: IBM CVE-2022-22448 RESERVED CVE-2022-22447 (IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to pote ...) NOT-FOR-US: IBM CVE-2022-22446 RESERVED CVE-2022-22445 (An attacker that gains service access to the FSP (POWER9 only) or gain ...) NOT-FOR-US: IBM CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...) NOT-FOR-US: IBM CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-22442 ("IBM InfoSphere Information Server 11.7 could allow an authenticated u ...) NOT-FOR-US: IBM CVE-2022-22441 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2022-22440 RESERVED CVE-2022-22439 RESERVED CVE-2022-22438 RESERVED CVE-2022-22437 RESERVED CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2022-22434 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-22433 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to Exte ...) NOT-FOR-US: IBM CVE-2022-22432 RESERVED CVE-2022-22431 RESERVED CVE-2022-22430 RESERVED CVE-2022-22429 RESERVED CVE-2022-22428 RESERVED CVE-2022-22427 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-22426 (IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could ...) NOT-FOR-US: IBM CVE-2022-22425 ("IBM InfoSphere Information Server 11.7 is potentially vulnerable to C ...) NOT-FOR-US: IBM CVE-2022-22424 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain s ...) NOT-FOR-US: IBM CVE-2022-22423 (IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7. ...) NOT-FOR-US: IBM CVE-2022-22422 RESERVED CVE-2022-22421 RESERVED CVE-2022-22420 RESERVED CVE-2022-22419 RESERVED CVE-2022-22418 RESERVED CVE-2022-22417 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) NOT-FOR-US: IBM CVE-2022-22416 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) NOT-FOR-US: IBM CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...) NOT-FOR-US: IBM CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user to obta ...) NOT-FOR-US: IBM CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) NOT-FOR-US: IBM CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-22411 (IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an a ...) NOT-FOR-US: IBM CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...) NOT-FOR-US: IBM CVE-2022-22409 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensit ...) NOT-FOR-US: IBM CVE-2022-22408 RESERVED CVE-2022-22407 RESERVED CVE-2022-22406 RESERVED CVE-2022-22405 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensit ...) NOT-FOR-US: IBM CVE-2022-22404 (IBM App Connect Enterprise Certified Container Dashboard UI (IBM App C ...) NOT-FOR-US: IBM CVE-2022-22403 RESERVED CVE-2022-22402 (IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2022-22401 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or per ...) NOT-FOR-US: IBM CVE-2022-22400 RESERVED CVE-2022-22399 (IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injecti ...) NOT-FOR-US: IBM CVE-2022-22398 RESERVED CVE-2022-22397 RESERVED CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum Protect Plus ...) NOT-FOR-US: IBM CVE-2022-22395 RESERVED CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...) NOT-FOR-US: IBM CVE-2022-22393 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , w ...) NOT-FOR-US: IBM CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to upload arb ...) NOT-FOR-US: IBM CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...) NOT-FOR-US: IBM CVE-2022-22390 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 ma ...) NOT-FOR-US: IBM CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) NOT-FOR-US: IBM CVE-2022-22388 RESERVED CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2022-22386 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) NOT-FOR-US: IBM CVE-2022-22385 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...) NOT-FOR-US: IBM CVE-2022-22384 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...) NOT-FOR-US: IBM CVE-2022-22383 RESERVED CVE-2022-22382 RESERVED CVE-2022-22381 RESERVED CVE-2022-22380 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...) NOT-FOR-US: IBM CVE-2022-22379 RESERVED CVE-2022-22378 RESERVED CVE-2022-22377 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) NOT-FOR-US: IBM CVE-2022-22376 RESERVED CVE-2022-22375 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote au ...) NOT-FOR-US: IBM CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...) NOT-FOR-US: IBM CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Information Ser ...) NOT-FOR-US: IBM CVE-2022-22372 RESERVED CVE-2022-22371 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 d ...) NOT-FOR-US: IBM CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...) NOT-FOR-US: IBM CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwri ...) NOT-FOR-US: IBM CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...) NOT-FOR-US: IBM CVE-2022-22367 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 co ...) NOT-FOR-US: IBM CVE-2022-22366 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 st ...) NOT-FOR-US: IBM CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax ...) NOT-FOR-US: IBM CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to exte ...) NOT-FOR-US: IBM CVE-2022-22363 RESERVED CVE-2022-22362 RESERVED CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...) NOT-FOR-US: IBM CVE-2022-22360 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) NOT-FOR-US: IBM CVE-2022-22359 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) NOT-FOR-US: IBM CVE-2022-22358 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) NOT-FOR-US: IBM CVE-2022-22357 RESERVED CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumera ...) NOT-FOR-US: IBM CVE-2022-22355 (IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of serv ...) NOT-FOR-US: IBM CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum C ...) NOT-FOR-US: IBM CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 c ...) NOT-FOR-US: IBM CVE-2022-22352 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) NOT-FOR-US: IBM CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trust ...) NOT-FOR-US: IBM CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...) NOT-FOR-US: IBM CVE-2022-22348 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...) NOT-FOR-US: IBM CVE-2022-22347 RESERVED CVE-2022-22346 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...) NOT-FOR-US: IBM CVE-2022-22345 (IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2022-22344 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) NOT-FOR-US: IBM CVE-2022-22343 RESERVED CVE-2022-22342 RESERVED CVE-2022-22341 RESERVED CVE-2022-22340 RESERVED CVE-2022-22339 (IBM Planning Analytics 2.0 is vulnerable to server-side request forger ...) NOT-FOR-US: IBM CVE-2022-22338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) NOT-FOR-US: IBM CVE-2022-22337 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...) NOT-FOR-US: IBM CVE-2022-22336 (IBM Sterling External Authentication Server and IBM Sterling Secure Pr ...) NOT-FOR-US: IBM CVE-2022-22335 RESERVED CVE-2022-22334 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) NOT-FOR-US: IBM CVE-2022-22333 (IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterli ...) NOT-FOR-US: IBM CVE-2022-22332 (IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker ...) NOT-FOR-US: IBM CVE-2022-22331 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote auth ...) NOT-FOR-US: IBM CVE-2022-22330 (IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensiti ...) NOT-FOR-US: IBM CVE-2022-22329 (IBM Control Desk 7.6.1 does not set the secure attribute on authorizat ...) NOT-FOR-US: IBM CVE-2022-22328 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious u ...) NOT-FOR-US: IBM CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker ...) NOT-FOR-US: IBM CVE-2022-22326 (IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) NOT-FOR-US: IBM CVE-2022-22325 (IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensi ...) NOT-FOR-US: IBM CVE-2022-22324 RESERVED CVE-2022-22323 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...) NOT-FOR-US: IBM CVE-2022-22322 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with ...) NOT-FOR-US: IBM CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...) NOT-FOR-US: IBM CVE-2022-22318 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...) NOT-FOR-US: IBM CVE-2022-22317 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...) NOT-FOR-US: IBM CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and a ...) NOT-FOR-US: IBM CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user w ...) NOT-FOR-US: IBM CVE-2022-22314 (IBM Planning Analytics Local 2.0 allows web pages to be stored locally ...) NOT-FOR-US: IBM CVE-2022-22313 (IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than ...) NOT-FOR-US: IBM CVE-2022-22312 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...) NOT-FOR-US: IBM CVE-2022-22311 (IBM Security Verify Access could allow a user, using man in the middle ...) NOT-FOR-US: IBM CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...) NOT-FOR-US: IBM CVE-2022-22309 (The POWER systems FSP is vulnerable to unauthenticated logins through ...) NOT-FOR-US: IBM CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...) NOT-FOR-US: IBM CVE-2022-22307 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to ...) NOT-FOR-US: IBM CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: KeystoneJS CVE-2021-46130 RESERVED CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) NOT-FOR-US: Fortinet FortiOS CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] inFortiMana ...) NOT-FOR-US: FortiGuard CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: Fortinet CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...) NOT-FOR-US: FortiGuard CVE-2022-22302 (A clear text storage of sensitive information (CWE-312) vulnerability ...) NOT-FOR-US: Fortinet CVE-2022-22301 (An improper neutralization of special elements used in an OS Command v ...) NOT-FOR-US: FortiGuard CVE-2022-22300 (A improper handling of insufficient permissions or privileges in Forti ...) NOT-FOR-US: FortiGuard CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line interprete ...) NOT-FOR-US: FortiNet CVE-2022-22298 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...) NOT-FOR-US: FortiGuard CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) NOT-FOR-US: Sourcecodester CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) NOT-FOR-US: Metinfo CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker ...) NOT-FOR-US: zfaka CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF)) NOT-FOR-US: Node uppy CVE-2022-0085 (Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ...) - php-dompdf (Vulnerable code introduced in 0.7.0, fixed in 2.0.0) NOTE: Fixed by: https://github.com/dompdf/dompdf/commit/bb1ef65011a14730b7cfbe73506b4bb8a03704bd (v2.0.0) NOTE: Introduced by https://github.com/dompdf/dompdf/commit/7454ec8f6f765e3b1d4dbbde72c9dcb38479f37e (v0.7.0-beta) NOTE: https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9f31236 CVE-2022-0084 (A flaw was found in XNIO, specifically in the notifyReadClosed method. ...) - jboss-xnio 3.8.7-2 (bug #1013280) [bullseye] - jboss-xnio (Minor issue) [buster] - jboss-xnio (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064226 NOTE: Fixed by https://github.com/xnio/xnio/commit/b05531de0433f498af26f9aec6c0e944c3c1689c CVE-2021-46129 RESERVED CVE-2021-46128 RESERVED CVE-2021-46127 RESERVED CVE-2021-46126 RESERVED CVE-2021-46125 RESERVED CVE-2021-46124 RESERVED CVE-2021-46123 RESERVED CVE-2021-46122 (Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 ...) NOT-FOR-US: TP-Link TL-WR840N CVE-2021-46121 RESERVED CVE-2021-46120 RESERVED CVE-2021-46119 RESERVED CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) NOT-FOR-US: jpress CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) NOT-FOR-US: jpress CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...) NOT-FOR-US: jpress CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...) NOT-FOR-US: jpress CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...) NOT-FOR-US: jpress CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source CVE-2021-46112 RESERVED CVE-2021-46111 RESERVED CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...) NOT-FOR-US: Online Shopping Portal CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) NOT-FOR-US: ASUS CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) NOT-FOR-US: D-Link CVE-2021-46107 (Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server S ...) NOT-FOR-US: Ligeo Archives Ligeo Basics CVE-2021-46106 RESERVED CVE-2021-46105 RESERVED CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...) NOT-FOR-US: webp_server_go CVE-2021-46103 RESERVED CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...) NOT-FOR-US: Solana rBPF CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...) NOT-FOR-US: Git for Windows CVE-2021-46100 RESERVED CVE-2021-46099 RESERVED CVE-2021-46098 RESERVED CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...) NOT-FOR-US: Dolphinphp CVE-2021-46096 RESERVED CVE-2021-46095 RESERVED CVE-2021-46094 RESERVED CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...) NOT-FOR-US: eliteCMS CVE-2021-46092 RESERVED CVE-2021-46091 RESERVED CVE-2021-46090 RESERVED CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...) NOT-FOR-US: JeecgBoot CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...) NOTE: Zabbix security feature, not a vulnerability per se NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely NOTE: https://github.com/paalbra/zabbix-zbxsec-7 NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ba ...) NOT-FOR-US: jfinal_cms CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front e ...) NOT-FOR-US: xzs-mysql CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level admi ...) NOT-FOR-US: OneBlog CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: uscat CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: uscat CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...) NOT-FOR-US: Moxa CVE-2021-46081 RESERVED CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46077 RESERVED CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...) NOT-FOR-US: Sourcecodester Vehicle Service Management System CVE-2021-46066 RESERVED CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-46064 (IrfanView 4.59 is vulnerable to buffer overflow via the function at ad ...) NOT-FOR-US: IrfanView CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...) NOT-FOR-US: MCMS CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...) NOT-FOR-US: MCMS CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...) NOT-FOR-US: Sourcecodester CVE-2021-46060 REJECTED CVE-2021-46059 REJECTED CVE-2021-46058 REJECTED CVE-2021-46057 RESERVED CVE-2021-46056 RESERVED CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4413 NOTE: Crash in CLI tool, no security impact CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4410 NOTE: Crash in CLI tool, no security impact CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4392 NOTE: Crash in CLI tool, no security impact CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4411 NOTE: Crash in CLI tool, no security impact CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2011 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4391 NOTE: Crash in CLI tool, no security impact CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2013 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) - binaryen (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4412 NOTE: Crash in CLI tool, no security impact CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2008 NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0) CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2005 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2007 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2006 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2001 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2002 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2004 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2003 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1999 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2000 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) NOT-FOR-US: MCMS CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) NOT-FOR-US: MCMS CVE-2021-46035 RESERVED CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) NOT-FOR-US: ForestBlog CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification.) NOT-FOR-US: ForestBlog CVE-2021-46032 RESERVED CVE-2021-46031 RESERVED CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...) NOT-FOR-US: JavaQuarkBBS CVE-2021-46029 RESERVED CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background arti ...) NOT-FOR-US: mblog CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...) NOT-FOR-US: mysiteforme CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...) NOT-FOR-US: mysiteforme CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. ...) NOT-FOR-US: OneBlog CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...) NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php CVE-2021-46023 (An Untrusted Pointer Dereference was discovered in function mrb_vm_exe ...) - mruby 3.1.0-1 [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5613 CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...) - recutils (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html NOTE: Negligible security impact CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...) - recutils (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html NOTE: Negligible security impact CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...) - mruby 3.1.0-1 (bug #1014968) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (revisit when/if fix is complete) NOTE: https://github.com/mruby/mruby/issues/5613 NOTE: https://github.com/mruby/mruby/commit/a137ef12f981b517f1e6b64e39edc7ac15d7e1eb NOTE: https://github.com/mruby/mruby/commit/d3b7601af96c9e0eeba4c89359289661c755a74a CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...) - recutils (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html NOTE: Negligible security impact CVE-2021-46018 RESERVED CVE-2021-46017 RESERVED CVE-2021-46016 RESERVED CVE-2021-46015 RESERVED CVE-2021-46014 RESERVED CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) NOT-FOR-US: Sourcecodester CVE-2021-46012 REJECTED CVE-2021-46011 RESERVED CVE-2021-46010 (Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random V ...) NOT-FOR-US: TOTOLINK CVE-2021-46009 (In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or B ...) NOT-FOR-US: TOTOLINK CVE-2021-46008 (In totolink a3100r V5.9c.4577, the hard-coded telnet password can be d ...) NOT-FOR-US: TOTOLINK CVE-2021-46007 (totolink a3100r V5.9c.4577 is vulnerable to os command injection. The ...) NOT-FOR-US: TOTOLINK CVE-2021-46006 (In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like functio ...) NOT-FOR-US: TOTOLINK CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) NOT-FOR-US: Sourcecodester CVE-2021-46004 RESERVED CVE-2021-46003 RESERVED CVE-2021-46002 RESERVED CVE-2021-46001 RESERVED CVE-2021-46000 RESERVED CVE-2021-45999 RESERVED CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) NOT-FOR-US: D-Link CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) NOT-FOR-US: Tenda routers CVE-2021-45985 (In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ...) - lua5.4 5.4.4-1 [bullseye] - lua5.4 (Minor issue) - lua5.3 (Specific to 5.4) - lua5.2 (Specific to 5.4) - lua5.1 (Specific to 5.4) - lua50 (Specific to 5.4) NOTE: https://www.lua.org/bugs.html#5.4.3-11 NOTE: https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 (v5.4.4) NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00019.html CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...) {DSA-5173-1 DSA-5127-1} - linux 5.15.15-1 NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...) {DSA-5037-1 DLA-2878-1} [experimental] - roundcube 1.6~beta+dfsg-1 - roundcube 1.6.0+dfsg-1 (bug #1003027) NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2) NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13) NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released CVE-2022-0083 (livehelperchat is vulnerable to Generation of Error Message Containing ...) NOT-FOR-US: livehelperchat CVE-2022-0082 RESERVED CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...) - dolibarr CVE-2022-0081 RESERVED CVE-2021-45984 RESERVED CVE-2021-45983 (NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.) NOT-FOR-US: NetScout CVE-2021-45982 (NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged ...) NOT-FOR-US: NetScout CVE-2021-45981 (NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.) NOT-FOR-US: NetScout CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) NOT-FOR-US: Foxit CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) NOT-FOR-US: Foxit CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) NOT-FOR-US: Foxit CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, P ...) - intellij-idea (bug #747616) CVE-2021-45976 RESERVED CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...) NOT-FOR-US: Acer CVE-2021-45974 RESERVED CVE-2021-45973 RESERVED CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...) - giftrans (bug #1002739; unimportant) NOTE: Negligible security impact; crash in CLI tool CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...) NOT-FOR-US: Insyde CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...) NOT-FOR-US: Insyde CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2021-45968 (An issue was discovered in xmppserver jar in the XMPP Server component ...) NOT-FOR-US: Pascom Cloud Phone System CVE-2021-45967 (An issue was discovered in Pascom Cloud Phone System before 7.20.x. A ...) NOT-FOR-US: Pascom Cloud Phone System CVE-2021-45966 (An issue was discovered in Pascom Cloud Phone System before 7.20.x. In ...) NOT-FOR-US: Pascom Cloud Phone System CVE-2021-45965 RESERVED CVE-2021-45964 RESERVED CVE-2021-45963 RESERVED CVE-2021-45962 RESERVED CVE-2021-45961 RESERVED CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow) - mruby 3.0.0-3 [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...) {DSA-5073-1 DLA-2904-1} - expat 2.4.3-1 (bug #1002994) NOTE: https://github.com/libexpat/libexpat/issues/531 NOTE: https://github.com/libexpat/libexpat/pull/534 NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3) CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...) NOT-FOR-US: ShowDoc CVE-2022-0078 RESERVED CVE-2021-45959 REJECTED CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...) {DLA-2929-1} - ujson 5.2.0-1 (bug #1005140) [bullseye] - ujson (Minor issue) [buster] - ujson (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 NOTE: https://github.com/ultrajson/ultrajson/issues/501 NOTE: https://github.com/ultrajson/ultrajson/issues/502 NOTE: https://github.com/ultrajson/ultrajson/pull/504 NOTE: Fixed by: https://github.com/ultrajson/ultrajson/pull/519 CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...) - dnsmasq (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml NOTE: Non issue, result of poorly automated fuzzing effort CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) - libredwg (bug #595191) CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) {DSA-5038-1 DLA-2879-1} - ghostscript 9.55.0~dfsg-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) - assimp 5.1.1~ds0-1 [bullseye] - assimp (Vulnerable code not present) [buster] - assimp (Vulnerable code not present) [stretch] - assimp (M3D format support not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml NOTE: https://github.com/assimp/assimp/pull/4146 NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0) NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1) CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...) NOT-FOR-US: wasm3 CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) NOT-FOR-US: wasm3 CVE-2021-45945 REJECTED CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) {DSA-5038-1 DLA-2879-1} - ghostscript 9.54.0~dfsg-5 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25 CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) {DSA-5239-1 DLA-3129-1 DLA-2877-1} [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1 - gdal 3.4.1+dfsg-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 NOTE: https://github.com/OSGeo/gdal/pull/4944 NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master) NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947 NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...) {DSA-5299-1 DLA-3236-1} [experimental] - openexr 3.1.4-1 - openexr 3.1.5-2 (bug #1014828) [stretch] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) - libbpf 0.7.0-2 [bullseye] - libbpf (No actionable information, revisit when/if more details available) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml NOTE: Fixed in 0.7.0 upstream per identified range of commits NOTE: It's unclear if 0.3 is affected, the introducing commit presented by oss-fuzz is misleading NOTE: since that refers to the first version when oss-fuzz started to test libbpf. If anyone confirms NOTE: via bisecting that 0.3.0 is affected, this can be revisited CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...) - libbpf 0.7.0-2 [bullseye] - libbpf (No actionable information, revisit when/if more details available) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml NOTE: Fixed in 0.7.0 upstream per identified range of commits NOTE: It's unclear if 0.3 is affected, the introducing commit presented by oss-fuzz is misleading NOTE: since that refers to the first version when oss-fuzz started to test libbpf. If anyone confirms NOTE: via bisecting that 0.3.0 is affected, this can be revisited CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) NOT-FOR-US: uWebSockets CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) NOT-FOR-US: wolfMQTT CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) NOT-FOR-US: wolfMQTT CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...) NOT-FOR-US: wolfMQTT CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...) - libgrokj2k 9.7.5-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021 NOTE: Vague oss-fuzzer report and referenced fix isn't in the upstream repo NOTE: Marking 9.7.5-1 as fixed based on identified patch date CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) NOT-FOR-US: wolfMQTT CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...) NOT-FOR-US: wolfMQTT CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...) NOT-FOR-US: wolfMQTT CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...) - harfbuzz (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1) NOTE: introduced in https://github.com/harfbuzz/harfbuzz/commit/f0c3804fa292ef3be41cc8d1cdea8239f00e2295 (2.9.1) NOTE: vulnerable code not present in 2.9.0 git tag, error in CVE description CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...) {DLA-3539-1 DLA-2895-1 DLA-2885-1} - qtsvg-opensource-src 5.15.2-4 (bug #1002991) [bullseye] - qtsvg-opensource-src (Minor issue) [buster] - qtsvg-opensource-src (Minor issue) - qt4-x11 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml NOTE: https://bugreports.qt.io/browse/QTBUG-96044 NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev) NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2) NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12) CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) NOT-FOR-US: wasm3 CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...) - jpeg-xl (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456 NOTE: https://github.com/libjxl/libjxl/issues/360 NOTE: https://github.com/libjxl/libjxl/pull/365 NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6) NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6) CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) NOTE: Apparently an ozz-fuzz false positive NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) NOTE: Apparently an ozz-fuzz false positive NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 CVE-2021-4196 RESERVED CVE-2021-4195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...) NOT-FOR-US: Samsung CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...) NOT-FOR-US: Samsung CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...) NOT-FOR-US: Samsung CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...) NOT-FOR-US: Samsung CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...) NOT-FOR-US: Samsung CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...) NOT-FOR-US: Samsung CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...) NOT-FOR-US: Samsung CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...) NOT-FOR-US: Samsung CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...) NOT-FOR-US: Samsung CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...) NOT-FOR-US: Samsung CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...) NOT-FOR-US: Netgear CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...) NOT-FOR-US: Netgear CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...) NOT-FOR-US: Bitmask Riseup VPN CVE-2021-4194 (bookstack is vulnerable to Improper Access Control) NOT-FOR-US: bookstack CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950) NOTE: Crash in CLI tool, no security impact CVE-2021-4192 (vim is vulnerable to Use After Free) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949) NOTE: Crash in CLI tool, no security impact CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 13.0 t ...) [experimental] - gitlab 14.6.5+ds1 - gitlab 15.10.8+ds1-2 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) NOT-FOR-US: Netgear CVE-2022-22282 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) NOT-FOR-US: SonicWall CVE-2022-22281 (A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender W ...) NOT-FOR-US: SonicWall CVE-2022-22280 (Improper Neutralization of Special Elements used in an SQL Command lea ...) NOT-FOR-US: Sonicwall CVE-2022-22279 (A post-authentication arbitrary file read vulnerability impacting end- ...) NOT-FOR-US: Sonicwall CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service) returns a l ...) NOT-FOR-US: SonicWall CVE-2022-22277 (A vulnerability in SonicOS SNMP service resulting exposure of Wireless ...) NOT-FOR-US: SonicWall CVE-2022-22276 (A vulnerability in SonicOS SNMP service resulting exposure of sensitiv ...) NOT-FOR-US: SonicWall CVE-2022-22275 (Improper Restriction of TCP Communication Channel in HTTP/S inbound tr ...) NOT-FOR-US: SonicWall CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via HTTP re ...) NOT-FOR-US: Sonicwall CVE-2022-22273 (Improper neutralization of Special Elements leading to OS Command Inje ...) NOT-FOR-US: Sonicwall CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...) NOT-FOR-US: Samsung CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...) NOT-FOR-US: Samsung CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...) NOT-FOR-US: Samsung CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...) NOT-FOR-US: Samsung CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...) NOT-FOR-US: Samsung CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...) NOT-FOR-US: Samsung CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...) NOT-FOR-US: Samsung CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...) NOT-FOR-US: Samsung CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...) NOT-FOR-US: Samsung CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...) NOT-FOR-US: Samsung CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.) NOT-FOR-US: Studio 42 elFinder CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...) - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (The vulnerable code is not present) [stretch] - wireshark (The vulnerable code is not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811 CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...) {DLA-3477-1 DLA-3432-1 DLA-2919-1} - python3.10 (Fixed before initial upload to Debian unstable) - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 - python3.5 [stretch] - python3.5 (Minor issue) [experimental] - python2.7 2.7.18-13.1~exp1 - python2.7 2.7.18-13.1 [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43285 NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11) NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020 CVE-2022-22262 (ROG Live Service\u2019s function for deleting temp files created by in ...) NOT-FOR-US: ROG Live CVE-2022-0077 RESERVED CVE-2022-0076 RESERVED CVE-2022-0075 RESERVED CVE-2022-0074 (Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLite ...) NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container CVE-2022-0073 (Improper Input Validation vulnerability in LiteSpeed Technologies Open ...) NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards CVE-2022-0072 (Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSp ...) NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards CVE-2022-0071 (Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mim ...) NOT-FOR-US: Amazon Web Services hotpatch CVE-2022-0070 (Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package st ...) NOT-FOR-US: Amazon Web Services hotpatch CVE-2022-0069 RESERVED CVE-2022-0068 RESERVED CVE-2022-0067 RESERVED CVE-2022-0066 RESERVED CVE-2022-0065 RESERVED CVE-2022-0064 RESERVED CVE-2022-0063 RESERVED CVE-2022-0062 RESERVED CVE-2022-0061 RESERVED CVE-2022-0060 RESERVED CVE-2022-0059 RESERVED CVE-2022-0058 RESERVED CVE-2022-0057 RESERVED CVE-2022-0056 RESERVED CVE-2022-0055 RESERVED CVE-2022-0054 RESERVED CVE-2022-0053 RESERVED CVE-2022-0052 RESERVED CVE-2022-0051 RESERVED CVE-2022-0050 RESERVED CVE-2022-0049 RESERVED CVE-2022-0048 RESERVED CVE-2022-0047 RESERVED CVE-2022-0046 RESERVED CVE-2022-0045 RESERVED CVE-2022-0044 RESERVED CVE-2022-0043 RESERVED CVE-2022-0042 RESERVED CVE-2022-0041 RESERVED CVE-2022-0040 RESERVED CVE-2022-0039 RESERVED CVE-2022-0038 RESERVED CVE-2022-0037 RESERVED CVE-2022-0036 RESERVED CVE-2022-0035 RESERVED CVE-2022-0034 RESERVED CVE-2022-0033 RESERVED CVE-2022-0032 RESERVED CVE-2022-0031 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto Networks PAN-O ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...) NOT-FOR-US: Palo Alto Networks software CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2022-0025 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2022-0024 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...) NOT-FOR-US: Palo Alto Networks CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...) NOT-FOR-US: Palo Alto Networks CVE-2021-45918 (NHI\u2019s health insurance web service component has insufficient val ...) NOT-FOR-US: NHIs health insurance web service component CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...) NOT-FOR-US: Shockwall system CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...) NOT-FOR-US: Shockwall system CVE-2021-45915 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...) NOT-FOR-US: LuxSoft LuxCal CVE-2021-45914 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...) NOT-FOR-US: LuxSoft LuxCal CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference) - mruby (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107691 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/74532a0839b57337cc26ffc66b2884039e68f23b CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...) - odoo (Fixed in initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/107692 CVE-2021-4187 (vim is vulnerable to Use After Free) - vim 2:8.2.3995-1 [bullseye] - vim (Minor issue) [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923) CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) {DLA-2937-1} - gif2apng (bug #1002687) [bullseye] - gif2apng 1.9+srconly-3+deb11u1 [buster] - gif2apng 1.9+srconly-2+deb10u1 CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) {DLA-2937-1} - gif2apng (bug #1002667) [bullseye] - gif2apng 1.9+srconly-3+deb11u1 [buster] - gif2apng 1.9+srconly-2+deb10u1 CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) {DLA-2937-1} - gif2apng (bug #1002668) [bullseye] - gif2apng 1.9+srconly-3+deb11u1 [buster] - gif2apng 1.9+srconly-2+deb10u1 CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) - gif2apng (bug #1002669; unimportant) NOTE: Negligible security impact CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) - gif2apng (bug #1002669; unimportant) NOTE: Negligible security impact CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.) NOT-FOR-US: OpenWrt CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.) NOT-FOR-US: OpenWrt CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.) NOT-FOR-US: OpenWrt CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...) NOT-FOR-US: SuiteCRM CVE-2021-45902 RESERVED CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...) NOT-FOR-US: ServiceNow Orlando CVE-2021-45900 (Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. ...) NOT-FOR-US: Vivoh Webinar Manager CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...) NOT-FOR-US: SuiteCRM CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...) NOT-FOR-US: SuiteCRM CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...) NOT-FOR-US: SuiteCRM CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...) NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...) NOT-FOR-US: Netgen Tags Bundle CVE-2021-45894 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) NOT-FOR-US: Softwarebuero Zauner ARC CVE-2021-45893 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) NOT-FOR-US: Softwarebuero Zauner ARC CVE-2021-45892 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) NOT-FOR-US: Softwarebuero Zauner ARC CVE-2021-45891 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that all ...) NOT-FOR-US: Softwarebuero Zauner ARC CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...) NOT-FOR-US: AuthGuard CVE-2021-45889 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Several ...) NOT-FOR-US: PONTON X/P Messenger CVE-2021-45888 (An issue was discovered in PONTON X/P Messenger before 3.11.2. The nav ...) NOT-FOR-US: PONTON X/P Messenger CVE-2021-45887 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to ...) NOT-FOR-US: PONTON X/P Messenger CVE-2021-45886 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CS ...) NOT-FOR-US: PONTON X/P Messenger CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...) - wireshark 3.6.0-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (The vulnerable code is not present) [stretch] - wireshark (The vulnerable code is not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737 CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745 CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754 CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...) - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (The vulnerable code is not present) [stretch] - wireshark (The vulnerable code is not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755 CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...) - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark (The vulnerable code is not present) [stretch] - wireshark (The vulnerable code is not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801 CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...) {DLA-2967-1} - wireshark 3.6.2-1 [bullseye] - wireshark (Minor issue) [buster] - wireshark 2.6.20-0+deb10u4 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429 CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...) - brave-browser (bug #864795) CVE-2021-45883 RESERVED CVE-2021-45882 RESERVED CVE-2021-45881 RESERVED CVE-2021-45880 RESERVED CVE-2021-45879 RESERVED CVE-2021-45878 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrec ...) NOT-FOR-US: GARO Wallbox CVE-2021-45877 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard cod ...) NOT-FOR-US: GARO Wallbox CVE-2021-45876 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthen ...) NOT-FOR-US: GARO Wallbox CVE-2021-45875 RESERVED CVE-2021-45874 RESERVED CVE-2021-45873 RESERVED CVE-2021-45872 RESERVED CVE-2021-45871 RESERVED CVE-2021-45870 RESERVED CVE-2021-45869 RESERVED CVE-2021-45868 (In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not vali ...) - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.232-1 [stretch] - linux 4.9.303-1 NOTE: https://git.kernel.org/linus/9bf3d20331295b1ecb81f4ed9ef358c51699a050 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214655 NOTE: https://www.openwall.com/lists/oss-security/2022/03/17/1 CVE-2021-45867 RESERVED CVE-2021-45866 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester Student Attendance Management System CVE-2021-45865 (A File Upload vulnerability exists in Sourcecodester Student Attendanc ...) NOT-FOR-US: Sourcecodester Student Attendance Management System CVE-2021-45864 (tsMuxer git-c6a0277 was discovered to contain a segmentation fault via ...) NOT-FOR-US: tsMuxer CVE-2021-45863 (tsMuxer git-2678966 was discovered to contain a heap-based buffer over ...) NOT-FOR-US: tsMuxer CVE-2021-45862 RESERVED CVE-2021-45861 (There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skip ...) NOT-FOR-US: tsMuxer CVE-2021-45860 (An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-267 ...) NOT-FOR-US: tsMuxer CVE-2021-45859 RESERVED CVE-2021-45858 RESERVED CVE-2021-45857 RESERVED CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...) NOT-FOR-US: Accu-Time Systems MAXIMUS CVE-2021-45855 RESERVED CVE-2021-45854 RESERVED CVE-2021-45853 RESERVED CVE-2021-45852 (An issue was discovered in Projectworlds Hospital Management System v1 ...) NOT-FOR-US: Projectworlds Hospital Management System CVE-2021-45851 (A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carri ...) NOT-FOR-US: FUXA CVE-2021-45850 RESERVED CVE-2021-45849 RESERVED CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later all ...) - nicotine-plus (bug #966000) CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...) - slic3r (unimportant) NOTE: https://github.com/slic3r/Slic3r/issues/5118 NOTE: https://github.com/slic3r/Slic3r/issues/5119 NOTE: https://github.com/slic3r/Slic3r/issues/5120 NOTE: Crash in GUI tool, no security impact CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...) - slic3r (unimportant) NOTE: https://github.com/slic3r/Slic3r/issues/5117 NOTE: Crash in GUI tool, no security impact CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...) {DSA-5229-1} - freecad 0.19.4+dfsg1-1 [buster] - freecad (Vulnerable code introduced in 0.19) [stretch] - freecad (Vulnerable code introduced in 0.19) NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306 NOTE: Introduced by: https://github.com/FreeCAD/FreeCAD/commit/dfc4e53f67785841b9bf106a79ccf5a6f7b0d524 NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406 (master) NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4) NOTE: https://tracker.freecad.org/view.php?id=4810 CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...) {DSA-5229-1 DLA-3076-1 DLA-2934-1} - freecad 0.19.4+dfsg1-1 (bug #1005747) NOTE: Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master) NOTE: Fxied by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4) NOTE: https://tracker.freecad.org/view.php?id=4809 CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...) NOT-FOR-US: glFusion CMS CVE-2021-45842 (It is possible to obtain the first administrator's hash set up in Terr ...) NOT-FOR-US: Terramaster CVE-2021-45841 (In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attack ...) NOT-FOR-US: Terramaster CVE-2021-45840 (It is possible to execute arbitrary commands as root in Terramaster F4 ...) NOT-FOR-US: Terramaster CVE-2021-45839 (It is possible to obtain the first administrator's hash set up on the ...) NOT-FOR-US: Terramaster CVE-2021-45838 RESERVED CVE-2021-45837 (It is possible to execute arbitrary commands as root in Terramaster F4 ...) NOT-FOR-US: Terramaster CVE-2021-45836 (An authenticated attacker can execute arbitrary commands as root in Te ...) NOT-FOR-US: Terramaster CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to ...) NOT-FOR-US: Online Admission System CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...) NOT-FOR-US: OpenDocMan CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1313 NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79 NOTE: https://github.com/HDFGroup/hdf5/pull/2241 NOTE: https://github.com/HDFGroup/hdf5/commit/4e0277c35a5a6e8eb84058a905efa06bb3915985 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1315 NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1990 NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 (v2.0.0) CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1314 NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2 NOTE: https://github.com/HDFGroup/hdf5/issues/2228 NOTE: https://github.com/HDFGroup/hdf5/pull/2229 NOTE: https://github.com/HDFGroup/hdf5/commit/659bc99fd139e16fdf47b31b635f158b72e3f5a4 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...) - hdf5 (unimportant) NOTE: https://github.com/HDFGroup/hdf5/issues/1317 NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2021-45828 RESERVED CVE-2021-45827 RESERVED CVE-2021-45826 RESERVED CVE-2021-45825 RESERVED CVE-2021-45824 RESERVED CVE-2021-45823 RESERVED CVE-2021-45822 (A cross-site scripting vulnerability is present in Xbtit 3.1. The stor ...) NOT-FOR-US: Xbtit CVE-2021-45821 (A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid pa ...) NOT-FOR-US: Xbtit CVE-2021-45820 RESERVED CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service ...) NOT-FOR-US: Wordline HIDCCEMonitorSVC CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...) NOT-FOR-US: SAFARI Montage CVE-2021-45817 REJECTED CVE-2021-45816 RESERVED CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...) NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20 CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...) NOT-FOR-US: Nettmp NNT CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...) NOT-FOR-US: SLICAN WebCTI CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...) NOT-FOR-US: NUUO Network Video Recorder NVRsolo CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of "ticket ...) NOT-FOR-US: osTicket CVE-2021-45810 (GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affe ...) NOT-FOR-US: GlobalProtect-openconnect CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected by inco ...) NOT-FOR-US: GlobalProtect-openconnect CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...) NOT-FOR-US: jpress CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...) NOT-FOR-US: jpress CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...) NOT-FOR-US: jpress CVE-2021-45805 RESERVED CVE-2021-45804 RESERVED CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) NOT-FOR-US: MartDevelopers iResturant CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) NOT-FOR-US: MartDevelopers iResturant CVE-2021-45801 RESERVED CVE-2021-45800 RESERVED CVE-2021-45799 RESERVED CVE-2021-45798 RESERVED CVE-2021-45797 RESERVED CVE-2021-45796 RESERVED CVE-2021-45795 RESERVED CVE-2021-45794 (Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/sys ...) NOT-FOR-US: Slims9 Bulian CVE-2021-45793 (Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.ph ...) NOT-FOR-US: Slims9 Bulian CVE-2021-45792 (Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admi ...) NOT-FOR-US: Slims9 Bulian CVE-2021-45791 (Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bib ...) NOT-FOR-US: Slims8 Akasia CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...) NOT-FOR-US: Metersphere CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...) NOT-FOR-US: Metersphere CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...) NOT-FOR-US: Metersphere CVE-2021-45787 (There is a stored Cross Site Scripting (XSS) vulnerability in maccms v ...) NOT-FOR-US: maccms CVE-2021-45786 (In maccms v10, an attacker can log in through /index.php/user/login in ...) NOT-FOR-US: maccms CVE-2021-45785 RESERVED CVE-2021-45784 RESERVED CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory ...) NOT-FOR-US: Bookeen Notea Firmware CVE-2021-45782 REJECTED CVE-2021-45781 REJECTED CVE-2021-45780 REJECTED CVE-2021-45779 REJECTED CVE-2021-45778 REJECTED CVE-2021-45777 RESERVED CVE-2021-45776 RESERVED CVE-2021-45775 REJECTED CVE-2021-45774 REJECTED CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...) NOT-FOR-US: lib60870 CVE-2021-45772 RESERVED CVE-2021-45771 RESERVED CVE-2021-45770 RESERVED CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...) NOT-FOR-US: libiec61850 CVE-2021-45768 RESERVED CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1982 NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0) CVE-2021-45766 RESERVED CVE-2021-45765 RESERVED CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1971 NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1974 NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1978 NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0) CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...) NOT-FOR-US: ROPium CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1966 NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0) CVE-2021-45759 RESERVED CVE-2021-45758 RESERVED CVE-2021-45757 (ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blo ...) NOT-FOR-US: ASUS RT-AC68U CVE-2021-45756 (Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are ...) NOT-FOR-US: ASUS RT-AC68U CVE-2021-45755 RESERVED CVE-2021-45754 RESERVED CVE-2021-45753 RESERVED CVE-2021-45752 RESERVED CVE-2021-45751 RESERVED CVE-2021-45750 RESERVED CVE-2021-45749 RESERVED CVE-2021-45748 RESERVED CVE-2021-45747 RESERVED CVE-2021-45746 (A Directory Traversal vulnerability exists in WeBankPartners wecube-pl ...) NOT-FOR-US: WeBankPartners CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...) NOT-FOR-US: Bludit CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...) NOT-FOR-US: Bludit CVE-2021-45743 RESERVED CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...) NOT-FOR-US: TOTOLINK CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...) NOT-FOR-US: TOTOLINK CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) NOT-FOR-US: TOTOLINK CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) NOT-FOR-US: TOTOLINK CVE-2021-4180 (An information exposure flaw in openstack-tripleo-heat-templates allow ...) - tripleo-heat-templates NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397 CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...) NOT-FOR-US: Rust crate lru CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) NOT-FOR-US: Rust crate rusqlite CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...) NOT-FOR-US: Rust crate rust-embed CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...) NOT-FOR-US: Rust crate simple_asn1 CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...) - rust-tokio 1.15.0-1 [bullseye] - rust-tokio (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html NOTE: https://github.com/tokio-rs/tokio/issues/4225 CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...) NOT-FOR-US: Rust crate crypto2 CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...) NOT-FOR-US: Rust crate abomonation CVE-2021-45707 (An issue was discovered in the nix crate 0.16.0 and later before 0.20. ...) - rust-nix 0.23.0-1 [bullseye] - rust-nix (Minor issue) [buster] - rust-nix (Introduced in 0.16) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...) NOT-FOR-US: Rust crate zeroize_derive CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...) NOT-FOR-US: Rust crate nanorand CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...) NOT-FOR-US: Rust crate metrics-util CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...) NOT-FOR-US: Rust crate tectonic_xdv CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) NOT-FOR-US: Rust crate tremor-script CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) NOT-FOR-US: Rust crate tremor-script CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...) NOT-FOR-US: Rust crate ckb CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...) NOT-FOR-US: Rust crate ckb CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...) NOT-FOR-US: Rust crate ckb CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...) NOT-FOR-US: Rust crate molecule CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...) - rust-sha2 (Only affetced 0.9.7, never uploaded to the archive) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...) NOT-FOR-US: Rust crate mopa CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...) NOT-FOR-US: Rust crate rdiff CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) NOT-FOR-US: Rust crate messagepack-rs CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) NOT-FOR-US: Rust crate messagepack-rs CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) NOT-FOR-US: Rust crate messagepack-rs CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) NOT-FOR-US: Rust crate messagepack-rs CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...) NOT-FOR-US: Rust crate gfx-auxil CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...) NOT-FOR-US: Rust crate ash CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...) NOT-FOR-US: Rust crate raw-cpuid CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...) NOT-FOR-US: Rust crate csv-sniffer CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...) NOT-FOR-US: Rust crate columnar CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...) NOT-FOR-US: Rust crate flumedb CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...) NOT-FOR-US: Rust crate binjs CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...) NOT-FOR-US: Rust crate bronzedb-protocol CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...) NOT-FOR-US: Rust crate derive-com-impl CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...) NOT-FOR-US: Rust crate vec-const CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107683 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/d326153e016f93c22f40ad8fb146bb4108bb94dc CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107697 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/609b6503af97af5cf00ff497760f71cd71860c48 CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 all ...) - odoo (Vulnerable code introduced later) NOTE: https://github.com/odoo/odoo/issues/107696 CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107684 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/be2c857a2e19b0a752555ab377ce5e1cb081a186 CVE-2021-44475 RESERVED CVE-2021-44461 (Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise ...) NOT-FOR-US: Odoo Enterprise Edition CVE-2021-44460 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/107685 CVE-2021-4178 (A arbitrary code execution flaw was found in the Fabric 8 Kubernetes c ...) NOT-FOR-US: fabric8io/kubernetes-client NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388 CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...) NOT-FOR-US: livehelperchat CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107694 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/e451c4fbffa9472cd3686492e8ba41430ab3b235 CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107688 NOTE: https://github.com/odoo/odoo/commit/c1d6d4a1d9148275213c7f3c286658366df03bd7 CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107690 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/5ac55247b576312ea4f1f274c94d955dd23335d1 CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107682 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f166400c7ddd1bc571fcad52d18d2371f2c3fd87 CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107687 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/1f1e03ff29f711dd26cfbcadc60b7d03fdb59ed7 CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) NOT-FOR-US: Rust crate acc_reader CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) NOT-FOR-US: Rust crate acc_reader CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...) NOT-FOR-US: Rust crate buffoon CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...) NOT-FOR-US: Rust crate bite CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...) NOT-FOR-US: Rust crate pnet CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) NOT-FOR-US: Rust crate actix-web CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) NOT-FOR-US: Rust crate actix-web CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) NOT-FOR-US: Rust crate actix-web CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...) - rust-smallvec 1.1.0-1 [buster] - rust-smallvec (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html NOTE: https://github.com/servo/rust-smallvec/issues/126 CVE-2021-4174 RESERVED CVE-2021-4173 (vim is vulnerable to Use After Free) - vim 2:8.2.3995-1 [bullseye] - vim (Minor issue) [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766 NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902) CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) NOT-FOR-US: ShowDoc CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors) - calibre-web (bug #982690) CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) NOT-FOR-US: Netgear CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.) NOT-FOR-US: Netgear CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...) NOT-FOR-US: Netgear CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) NOT-FOR-US: Netgear CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...) NOT-FOR-US: Netgear CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) NOT-FOR-US: Netgear CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) NOT-FOR-US: Netgear CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) NOT-FOR-US: Netgear CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) NOT-FOR-US: Netgear CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) NOT-FOR-US: Netgear CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) NOT-FOR-US: Netgear CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) NOT-FOR-US: Netgear CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) NOT-FOR-US: Netgear CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) NOT-FOR-US: Netgear CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...) NOT-FOR-US: Netgear CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...) NOT-FOR-US: Netgear CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...) NOT-FOR-US: Netgear CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...) NOT-FOR-US: Netgear CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...) NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...) NOT-FOR-US: Netgear CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) NOT-FOR-US: Netgear CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...) NOT-FOR-US: Netgear CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) NOT-FOR-US: Netgear CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) NOT-FOR-US: Netgear CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...) NOT-FOR-US: Netgear CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...) NOT-FOR-US: Netgear CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...) NOT-FOR-US: Netgear CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...) - calibre-web (bug #982690) CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-45492 (In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configu ...) NOT-FOR-US: Sage ERP CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a database ...) NOT-FOR-US: 3CX CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for iOS, and th ...) NOT-FOR-US: 3CX CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...) NOT-FOR-US: NetBSD CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...) NOT-FOR-US: NetBSD CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...) NOT-FOR-US: NetBSD CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...) - linux 5.10.38-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://arxiv.org/pdf/2112.09604.pdf NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1) CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://arxiv.org/pdf/2112.09604.pdf NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1) CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...) NOT-FOR-US: NetBSD CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) {DSA-5096-1 DSA-5050-1 DLA-2941-1} - linux 5.15.15-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 CVE-2021-4167 RESERVED CVE-2021-45479 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) NOT-FOR-US: Yordam Information Technologies Library Automation System CVE-2021-45478 (Improper Handling of Parameters vulnerability in Bordam Information Te ...) NOT-FOR-US: Bordam Information Technologies Library Automation System CVE-2021-45477 (Improper Handling of Parameters vulnerability in Bordam Information Te ...) NOT-FOR-US: Bordam Information Technologies Library Automation System CVE-2021-45476 (Yordam Library Information Document Automation product before version ...) NOT-FOR-US: Yordam Library Information Document Automation CVE-2021-45475 (Yordam Library Information Document Automation product before version ...) NOT-FOR-US: Yordam Library Information Document Automation CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read) - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884) NOTE: Crash in CLI tool, no security impact CVE-2021-4165 RESERVED CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)) - calibre-web (bug #982690) CVE-2021-4163 RESERVED CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: archivy CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...) NOT-FOR-US: FileImporter MediaWiki extension NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e NOTE: https://phabricator.wikimedia.org/T296605 CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...) NOT-FOR-US: WikiBase MediaWiki extension NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d NOTE: https://phabricator.wikimedia.org/T294693 CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...) NOT-FOR-US: WikiBase MediaWiki extension NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd NOTE: https://phabricator.wikimedia.org/T297570 CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...) NOT-FOR-US: EntitySchema MediaWiki extension NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9 NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c NOTE: https://phabricator.wikimedia.org/T296578 CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...) NOT-FOR-US: cve-search CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) NOT-FOR-US: Moxa CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) {DSA-5096-1 DSA-5050-1 DLA-2941-1} - linux 5.15.15-1 [stretch] - linux (Minor issue; f2fs is not supportable) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) NOT-FOR-US: Imperva Web Application Firewall CVE-2021-45467 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...) NOT-FOR-US: CentOS Web Panel CVE-2021-45466 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...) NOT-FOR-US: CentOS Web Panel CVE-2021-45465 (A vulnerability has been identified in syngo fastView (All versions). ...) NOT-FOR-US: syngo fastView CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...) {DSA-5103-1} - openssl 1.1.1m-1 [stretch] - openssl (This is MIPS-specific and we don't support MIPS for stretch-security) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m) NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html NOTE: https://www.openssl.org/news/secadv/20220128.txt CVE-2021-4159 (A vulnerability was found in the Linux kernel's EBPF verifier when han ...) {DLA-3131-1} - linux 5.7.6-1 [stretch] - linux (Too risky to backport, and mitigated by default) NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1) CVE-2021-45464 (kvmtool through 39181fc allows an out-of-bounds write, related to virt ...) - kvmtool (bug #1006290) NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) - gegl 1:0.4.34-1 (bug #1002661) [bullseye] - gegl (Minor issue) [buster] - gegl (Minor issue) [stretch] - gegl (Minor issue; can be fixed later) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34) NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34) CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.) NOT-FOR-US: Open5GS CVE-2021-4158 (A NULL pointer dereference issue was found in the ACPI code of QEMU. A ...) - qemu 1:6.2+dfsg-2 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770 NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...) NOT-FOR-US: FreePBX CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...) NOT-FOR-US: Siemens CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in the Lin ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1) CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...) {DLA-3126-1 DLA-3058-1} - libsndfile 1.1.0-1 (bug #1014713) [bullseye] - libsndfile (Minor issue) NOTE: https://github.com/libsndfile/libsndfile/issues/731 NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) CVE-2021-4155 (A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS ...) {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1 CVE-2020-36510 (The 15Zine WordPress theme before 3.3.0 does not sanitise and escape t ...) NOT-FOR-US: WordPress theme CVE-2022-22261 (The HiAIserver has a vulnerability in verifying the validity of the we ...) NOT-FOR-US: HarmonyOS CVE-2022-22260 (The kernel module has a UAF vulnerability.Successful exploitation of t ...) NOT-FOR-US: HarmonyOS CVE-2022-22259 (There is an improper authentication vulnerability in FLMG-10 10.0.1.0( ...) NOT-FOR-US: Huawei CVE-2022-22258 (The Wi-Fi module has an event notification vulnerability.Successful ex ...) NOT-FOR-US: Harmony OS CVE-2022-22257 (The customization framework has a vulnerability of improper permission ...) NOT-FOR-US: Harmony OS CVE-2022-22256 (The DFX module has an access control vulnerability.Successful exploita ...) NOT-FOR-US: Harmony OS CVE-2022-22255 (The application framework has a common DoS vulnerability.Successful ex ...) NOT-FOR-US: Harmony OS CVE-2022-22254 (A permission bypass vulnerability exists when the NFC CAs access the T ...) NOT-FOR-US: Harmony OS CVE-2022-22253 (The DFX module has a vulnerability of improper validation of integrity ...) NOT-FOR-US: Harmony OS CVE-2022-22252 (The DFX module has a UAF vulnerability.Successful exploitation of this ...) NOT-FOR-US: HarmonyOS CVE-2022-22251 (On cSRX Series devices software permission issues in the container fil ...) NOT-FOR-US: Juniper CVE-2022-22250 (An Improper Control of a Resource Through its Lifetime vulnerability i ...) NOT-FOR-US: Juniper CVE-2022-22249 (An Improper Control of a Resource Through its Lifetime vulnerability i ...) NOT-FOR-US: Juniper CVE-2022-22248 (An Incorrect Permission Assignment vulnerability in shell processing o ...) NOT-FOR-US: Juniper CVE-2022-22247 (An Improper Input Validation vulnerability in ingress TCP segment proc ...) NOT-FOR-US: Juniper CVE-2022-22246 (A PHP Local File Inclusion (LFI) vulnerability in the J-Web component ...) NOT-FOR-US: Juniper CVE-2022-22245 (A Path Traversal vulnerability in the J-Web component of Juniper Netwo ...) NOT-FOR-US: Juniper CVE-2022-22244 (An XPath Injection vulnerability in the J-Web component of Juniper Net ...) NOT-FOR-US: Juniper CVE-2022-22243 (An XPath Injection vulnerability due to Improper Input Validation in t ...) NOT-FOR-US: Juniper CVE-2022-22242 (A Cross-site Scripting (XSS) vulnerability in the J-Web component of J ...) NOT-FOR-US: Juniper CVE-2022-22241 (An Improper Input Validation vulnerability in the J-Web component of J ...) NOT-FOR-US: Juniper CVE-2022-22240 (An Allocation of Resources Without Limits or Throttling and a Missing ...) NOT-FOR-US: Juniper CVE-2022-22239 (An Execution with Unnecessary Privileges vulnerability in Management D ...) NOT-FOR-US: Juniper CVE-2022-22238 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22237 (An Improper Authentication vulnerability in the kernel of Juniper Netw ...) NOT-FOR-US: Juniper CVE-2022-22236 (An Access of Uninitialized Pointer vulnerability in SIP Application La ...) NOT-FOR-US: Juniper CVE-2022-22235 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22234 (An Improper Preservation of Consistency Between Independent Representa ...) NOT-FOR-US: Juniper CVE-2022-22233 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22232 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...) NOT-FOR-US: Juniper CVE-2022-22231 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22230 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2022-22229 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Juniper CVE-2022-22228 (An Improper Validation of Specified Type of Input vulnerability in the ...) NOT-FOR-US: Juniper CVE-2022-22227 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22226 (In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Unc ...) NOT-FOR-US: Juniper CVE-2022-22225 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) NOT-FOR-US: Juniper CVE-2022-22224 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22223 (On QFX10000 Series devices using Juniper Networks Junos OS when config ...) NOT-FOR-US: Juniper CVE-2022-22222 RESERVED CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in the do ...) NOT-FOR-US: Juniper CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in R ...) NOT-FOR-US: Juniper CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the process ...) NOT-FOR-US: Juniper CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or Exceptional Co ...) NOT-FOR-US: Juniper CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22216 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...) NOT-FOR-US: Juniper CVE-2022-22215 (A Missing Release of File Descriptor or Handle after Effective Lifetim ...) NOT-FOR-US: Juniper CVE-2022-22214 (An Improper Input Validation vulnerability in the Packet Forwarding En ...) NOT-FOR-US: Juniper CVE-2022-22213 (A vulnerability in Handling of Undefined Values in the routing protoco ...) NOT-FOR-US: Juniper CVE-2022-22212 (An Allocation of Resources Without Limits or Throttling vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22211 (A limitless resource allocation vulnerability in FPC resources of Juni ...) NOT-FOR-US: Juniper CVE-2022-22210 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...) NOT-FOR-US: Juniper CVE-2022-22209 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22208 (A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of ...) NOT-FOR-US: Juniper CVE-2022-22207 (A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT ...) NOT-FOR-US: Juniper CVE-2022-22206 (A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos O ...) NOT-FOR-US: Juniper CVE-2022-22205 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22204 (An Improper Release of Memory Before Removing Last Reference vulnerabi ...) NOT-FOR-US: Juniper CVE-2022-22203 (An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos ...) NOT-FOR-US: Juniper CVE-2022-22202 (An Improper Handling of Exceptional Conditions vulnerability on specif ...) NOT-FOR-US: Juniper CVE-2022-22201 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...) NOT-FOR-US: Juniper CVE-2022-22200 REJECTED CVE-2022-22199 REJECTED CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP ALG of Jun ...) NOT-FOR-US: Juniper CVE-2022-22197 (An Operation on a Resource after Expiration or Release vulnerability i ...) NOT-FOR-US: Juniper CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the kernel of J ...) NOT-FOR-US: Juniper CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...) NOT-FOR-US: Juniper CVE-2022-22192 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...) NOT-FOR-US: Juniper CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper Networks Parag ...) NOT-FOR-US: Juniper CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper Networks Co ...) NOT-FOR-US: Juniper CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a Heap-base ...) NOT-FOR-US: Juniper CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows Installe ...) NOT-FOR-US: Juniper CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...) NOT-FOR-US: Juniper CVE-2022-22184 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) NOT-FOR-US: Juniper CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...) NOT-FOR-US: Juniper CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Junip ...) NOT-FOR-US: Juniper CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...) NOT-FOR-US: Juniper CVE-2022-22178 (A Stack-based Buffer Overflow vulnerability in the flow processing dae ...) NOT-FOR-US: Juniper CVE-2022-22177 (A release of illegal memory vulnerability in the snmpd daemon of Junip ...) NOT-FOR-US: Juniper CVE-2022-22176 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22175 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...) NOT-FOR-US: Juniper CVE-2022-22174 (A vulnerability in the processing of inbound IPv6 packets in Juniper N ...) NOT-FOR-US: Juniper CVE-2022-22173 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22172 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...) NOT-FOR-US: Juniper CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...) NOT-FOR-US: Juniper CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...) NOT-FOR-US: Juniper CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) NOT-FOR-US: Juniper CVE-2022-22166 (An Improper Validation of Specified Quantity in Input vulnerability in ...) NOT-FOR-US: Juniper CVE-2022-22165 REJECTED CVE-2022-22164 (An Improper Initialization vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2022-22163 (An Improper Input Validation vulnerability in the Juniper DHCP daemon ...) NOT-FOR-US: Juniper CVE-2022-22162 (A Generation of Error Message Containing Sensitive Information vulnera ...) NOT-FOR-US: Juniper CVE-2022-22161 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) NOT-FOR-US: Juniper CVE-2022-22160 (An Unchecked Error Condition vulnerability in the subscriber managemen ...) NOT-FOR-US: Juniper CVE-2022-22159 (A vulnerability in the NETISR network queue functionality of Juniper N ...) NOT-FOR-US: Juniper CVE-2022-22158 REJECTED CVE-2022-22157 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) NOT-FOR-US: Juniper CVE-2022-22156 (An Improper Certificate Validation weakness in the Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handling of ...) NOT-FOR-US: Juniper CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...) NOT-FOR-US: Juniper CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...) NOT-FOR-US: Juniper CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) NOT-FOR-US: Juniper CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...) NOT-FOR-US: Airspan Networks CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) NOT-FOR-US: Airspan Networks CVE-2022-21155 (A specially crafted packet sent to the Fernhill SCADA Server Version 3 ...) NOT-FOR-US: Fernhill SCADA Server CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) NOT-FOR-US: Omron CX-One CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...) NOT-FOR-US: Node windows CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2) CVE-2021-4153 RESERVED CVE-2021-4152 RESERVED CVE-2021-4151 RESERVED CVE-2022-22136 RESERVED CVE-2022-22135 RESERVED CVE-2022-22134 RESERVED CVE-2022-22133 RESERVED CVE-2022-22132 RESERVED CVE-2022-22131 RESERVED CVE-2022-22130 RESERVED CVE-2022-22129 RESERVED CVE-2022-22128 (Tableau discovered a path traversal vulnerability affecting Tableau Se ...) NOT-FOR-US: Tableau Server Administration Agent CVE-2022-22127 (Tableau is aware of a broken access control vulnerability present in T ...) NOT-FOR-US: Tableau Server CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) NOT-FOR-US: Openmct CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) NOT-FOR-US: Halo CVE-2022-22122 REJECTED CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...) NOT-FOR-US: NocoDB CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...) NOT-FOR-US: NocoDB CVE-2022-22119 RESERVED CVE-2022-22118 RESERVED CVE-2022-22117 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted f ...) NOT-FOR-US: Directus CVE-2022-22116 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to st ...) NOT-FOR-US: Directus CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Si ...) NOT-FOR-US: Teedy CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...) NOT-FOR-US: Teedy CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...) NOT-FOR-US: DayByDay CRM CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...) NOT-FOR-US: DayByDay CRM CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...) NOT-FOR-US: DayByDay CRM CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...) NOT-FOR-US: DayByDay CRM CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...) NOT-FOR-US: DayByDay CRM CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) NOT-FOR-US: DayByDay CRM CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) NOT-FOR-US: DayByDay CRM CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...) NOT-FOR-US: Snapdragon CVE-2022-22105 (Memory corruption in bluetooth due to integer overflow while processin ...) NOT-FOR-US: Qualcomm CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages ...) NOT-FOR-US: Snapdragon CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...) NOT-FOR-US: Snapdragon CVE-2022-22102 (Memory corruption in multimedia due to incorrect type conversion while ...) NOT-FOR-US: Snapdragon CVE-2022-22101 (Denial of service in multimedia due to uncontrolled resource consumpti ...) NOT-FOR-US: Snapdragon CVE-2022-22100 (Memory corruption in multimedia due to improper check on received expo ...) NOT-FOR-US: Snapdragon CVE-2022-22099 (Memory corruption in multimedia due to improper validation of array in ...) NOT-FOR-US: Snapdragon CVE-2022-22098 (Memory corruption in multimedia driver due to untrusted pointer derefe ...) NOT-FOR-US: Snapdragon CVE-2022-22097 (Memory corruption in graphic driver due to use after free while callin ...) NOT-FOR-US: Snapdragon CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...) NOT-FOR-US: Qualcomm CVE-2022-22095 (Memory corruption in synx driver due to use-after-free condition in th ...) NOT-FOR-US: Qualcomm CVE-2022-22094 (memory corruption in Kernel due to race condition while getting mappin ...) NOT-FOR-US: Qualcomm CVE-2022-22093 (Memory corruption or temporary denial of service due to improper handl ...) NOT-FOR-US: Qualcomm CVE-2022-22092 (Memory corruption in kernel due to use after free issue in Snapdragon ...) NOT-FOR-US: Qualcomm CVE-2022-22091 (Improper authorization of a replayed LTE security mode command can lea ...) NOT-FOR-US: Qualcomm CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...) NOT-FOR-US: Snapdragon CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...) NOT-FOR-US: Qualcomm CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow while parsi ...) NOT-FOR-US: Qualcomm CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...) NOT-FOR-US: Snapdragon CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...) NOT-FOR-US: Snapdragon CVE-2022-22085 (Memory corruption in video due to buffer overflow while reading the dt ...) NOT-FOR-US: Snapdragon CVE-2022-22084 (Memory corruption when extracting qcp audio file due to lack of check ...) NOT-FOR-US: Snapdragon CVE-2022-22083 (Denial of service due to memory corruption while extracting ape header ...) NOT-FOR-US: Snapdragon CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...) NOT-FOR-US: Snapdragon CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Snapdrago ...) NOT-FOR-US: Qualcomm CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...) NOT-FOR-US: Snapdragon CVE-2022-22079 (Denial of service while processing fastboot flash command on mmc due t ...) NOT-FOR-US: Qualcomm CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...) NOT-FOR-US: Snapdragon CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...) NOT-FOR-US: Snapdragon CVE-2022-22076 (information disclosure due to cryptographic issue in Core during RPMB ...) NOT-FOR-US: Qualcomm CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch.) NOT-FOR-US: Qualcomm CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in ...) NOT-FOR-US: Qualcomm CVE-2022-22073 RESERVED CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...) NOT-FOR-US: Snapdragon CVE-2022-22071 (Possible use after free when process shell memory is freed using IOCTL ...) NOT-FOR-US: Snapdragon CVE-2022-22070 (Memory corruption in audio due to lack of check of invalid routing add ...) NOT-FOR-US: Snapdragon CVE-2022-22069 (Devices with keyprotect off may store unencrypted keybox in RPMB and c ...) NOT-FOR-US: Snapdragon CVE-2022-22068 (kernel event may contain unexpected content which is not generated by ...) NOT-FOR-US: Snapdragon CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...) NOT-FOR-US: Snapdragon CVE-2022-22066 (Memory corruption occurs while processing command received from HLOS d ...) NOT-FOR-US: Qualcomm CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...) NOT-FOR-US: Snapdragon CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...) NOT-FOR-US: Snapdragon CVE-2022-22063 (Memory corruption in Core due to improper configuration in boot remapp ...) NOT-FOR-US: Qualcomm CVE-2022-22062 (An out-of-bounds read can occur while parsing a server certificate due ...) NOT-FOR-US: Snapdragon CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs due to im ...) NOT-FOR-US: Snapdragon CVE-2022-22060 (Assertion occurs while processing Reconfiguration message due to impro ...) NOT-FOR-US: Qualcomm CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file ...) NOT-FOR-US: Snapdragon CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...) NOT-FOR-US: Qualcomm CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...) NOT-FOR-US: Snapdragon CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...) NOT-FOR-US: Le-yan dental management system CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...) NOT-FOR-US: Le-yan dental management system CVE-2022-22054 (ASUS RT-AX56U\u2019s login function contains a path traversal vulnerab ...) NOT-FOR-US: ASUS CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45455 RESERVED CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow info ...) NOT-FOR-US: Ampere Altra CVE-2021-45453 RESERVED CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...) {DLA-3191-1} - python-django 2:3.2.11-1 (bug #1003113) [bullseye] - python-django 2:2.2.26-1~deb11u1 [stretch] - python-django (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11) NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26) CVE-2021-4150 (A use-after-free flaw was found in the add_partition in block/partitio ...) - linux (Vulnerability introduced and fixed in experimental) NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tre ...) {DLA-3065-1} - linux 5.14.16-1 [buster] - linux 4.19.235-1 NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatepage i ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2021/9/17/1037 NOTE: https://lkml.org/lkml/2021/9/12/323 CVE-2021-4147 (A flaw was found in the libvirt libxl driver. A malicious guest could ...) {DLA-3778-1} - libvirt 7.10.0-2 (bug #1002535) [bullseye] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) NOT-FOR-US: pimcore CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0) CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...) NOT-FOR-US: TP-Link CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) - mbedtls (Vulnerable code introduced later) NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0) CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) - mbedtls (Vulnerable code introduced later) NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0) NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0) CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...) NOT-FOR-US: Docker Desktop on Windows CVE-2021-45448 (Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.2 ...) NOT-FOR-US: Pentaho Business Analytics Server CVE-2021-45447 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...) NOT-FOR-US: Hitachi CVE-2021-45446 (A vulnerability in Hitachi Vantara Pentaho Business Analytics Server ...) NOT-FOR-US: Hitachi CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) NOT-FOR-US: Unisys CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) {DSA-5078-1 DLA-2926-1} - zsh 5.8.1-1 NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/ CVE-2021-45443 RESERVED CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...) NOT-FOR-US: BigBlueButton CVE-2017-20010 RESERVED NOT-FOR-US: MODX Revolution CVE-2017-20009 RESERVED NOT-FOR-US: MODX Revolution CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the " CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...) - gitea CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...) - gitea CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...) - gitea CVE-2021-45324 RESERVED CVE-2021-45323 RESERVED CVE-2021-45322 RESERVED CVE-2021-45321 RESERVED CVE-2021-45320 RESERVED CVE-2021-45319 RESERVED CVE-2021-45318 RESERVED CVE-2021-45317 RESERVED CVE-2021-45316 RESERVED CVE-2021-45315 RESERVED CVE-2021-45314 RESERVED CVE-2021-45313 RESERVED CVE-2021-45312 RESERVED CVE-2021-45311 RESERVED CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...) NOT-FOR-US: Sangoma Technologies Corporation Switchvox CVE-2021-45309 RESERVED CVE-2021-45308 RESERVED CVE-2021-45307 RESERVED CVE-2021-45306 RESERVED CVE-2021-45305 RESERVED CVE-2021-45304 RESERVED CVE-2021-45303 RESERVED CVE-2021-45302 RESERVED CVE-2021-45301 RESERVED CVE-2021-45300 RESERVED CVE-2021-45299 RESERVED CVE-2021-45298 RESERVED CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (No longer supported in LTS; Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1973 NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0) CVE-2021-45296 RESERVED CVE-2021-45295 RESERVED CVE-2021-45294 RESERVED CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) - binaryen 104-1 (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4384 NOTE: https://github.com/WebAssembly/binaryen/pull/4388 NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) NOTE: Crash in CLI tool, no security impact CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1958 NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0) CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1955 NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc (v2.0.0) CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) - binaryen 104-1 (unimportant) NOTE: https://github.com/WebAssembly/binaryen/issues/4383 NOTE: https://github.com/WebAssembly/binaryen/pull/4389 NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104) NOTE: Crash in CLI tool, no security impact CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Vulnerable code not present) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1972 NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d (v2.0.0) CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1956 NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 (v2.0.0) CVE-2021-45287 RESERVED CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...) NOT-FOR-US: ZZCMS CVE-2021-45285 RESERVED CVE-2021-45284 RESERVED CVE-2021-45283 RESERVED CVE-2021-45282 RESERVED CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: QuickBox Pro CVE-2021-45280 RESERVED CVE-2021-45279 RESERVED CVE-2021-45278 RESERVED CVE-2021-45277 RESERVED CVE-2021-45276 RESERVED CVE-2021-45275 RESERVED CVE-2021-45274 RESERVED CVE-2021-45273 RESERVED CVE-2021-45272 RESERVED CVE-2021-45271 RESERVED CVE-2021-45270 RESERVED CVE-2021-45269 RESERVED CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...) - backdrop (bug #914257) CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1965 NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 (v2.0.0) CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1985 NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e (v2.0.0) CVE-2021-45265 RESERVED CVE-2021-45264 RESERVED CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1975 NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0) CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1980 NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a (v2.0.0) CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...) - patch (unimportant) NOTE: https://savannah.gnu.org/bugs/?61685 NOTE: Negligible security impact CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1979 NOTE: https://github.com/gpac/gpac/issues/1977 NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04 (v2.0.0) NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979 CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1986 NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29 (v2.0.0) CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1970 NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad (v2.0.0) CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790 NOTE: Negligible security impact CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789 NOTE: Crash in CLI tool, no security impact CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) NOT-FOR-US: Video Sharing Website CVE-2021-45254 RESERVED CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) NOT-FOR-US: Simple Cold Storage Management System CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) NOT-FOR-US: Simple Forum-Discussion System CVE-2021-45251 RESERVED CVE-2021-45250 RESERVED CVE-2021-45249 RESERVED CVE-2021-45248 RESERVED CVE-2021-45247 RESERVED CVE-2021-45246 RESERVED CVE-2021-45245 RESERVED CVE-2021-45244 RESERVED CVE-2021-45243 RESERVED CVE-2021-45242 RESERVED CVE-2021-45241 RESERVED CVE-2021-45240 RESERVED CVE-2021-45239 RESERVED CVE-2021-45238 RESERVED CVE-2021-45237 RESERVED CVE-2021-45236 RESERVED CVE-2021-45235 RESERVED CVE-2021-45234 RESERVED CVE-2021-4142 (The Candlepin component of Red Hat Satellite was affected by an improp ...) NOT-FOR-US: Red Hat Satellite / Candlepin CVE-2021-4141 REJECTED CVE-2021-4140 (It was possible to construct specific XSLT markup that would be able t ...) {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} - firefox 96.0-1 - firefox-esr 91.5.0esr-1 - thunderbird 1:91.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140 CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore CVE-2021-4138 (Improved Host header checks to reject requests not sent to a well-know ...) - geckodriver (bug #989456) CVE-2022-22053 RESERVED CVE-2022-22052 RESERVED CVE-2022-22051 RESERVED CVE-2022-22050 (Windows Fax Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22049 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-22048 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22047 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-22046 RESERVED CVE-2022-22045 (Windows.Devices.Picker.dll Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22044 RESERVED CVE-2022-22043 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-22042 (Windows Hyper-V Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22041 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22040 (Internet Information Services Dynamic Compression Module Denial of Ser ...) NOT-FOR-US: Microsoft CVE-2022-22039 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22038 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22037 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2022-22036 (Performance Counters for Windows Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22035 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-22034 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22033 RESERVED CVE-2022-22032 RESERVED CVE-2022-22031 (Windows Credential Guard Domain-joined Public Key Elevation of Privile ...) NOT-FOR-US: Microsoft CVE-2022-22030 RESERVED CVE-2022-22029 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22028 (Windows Network File System Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22027 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22026 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) NOT-FOR-US: Microsoft CVE-2022-22025 (Windows Internet Information Services Cachuri Module Denial of Service ...) NOT-FOR-US: Microsoft CVE-2022-22024 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22023 (Windows Portable Device Enumerator Service Security Feature Bypass Vul ...) NOT-FOR-US: Microsoft CVE-2022-22022 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22021 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22020 RESERVED CVE-2022-22019 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22018 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22017 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22016 (Windows PlayToManager Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22015 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-22014 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-22013 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-22012 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) NOT-FOR-US: Microsoft CVE-2022-22011 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22008 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2022-21990 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21986 (.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21983 (Win32 Stream Enumeration Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21982 RESERVED CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21979 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21976 RESERVED CVE-2022-21975 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21972 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21968 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21967 (Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21966 RESERVED CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21957 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21956 RESERVED CVE-2022-21955 RESERVED CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-45233 RESERVED CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...) NOT-FOR-US: Apache APISIX Dashboard CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...) NOT-FOR-US: Trend Micro CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...) - airflow (bug #819700) CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...) - airflow (bug #819700) CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. Due to ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due to an i ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...) NOT-FOR-US: COINS Construction Cloud CVE-2021-45221 RESERVED CVE-2021-45220 RESERVED CVE-2021-45219 RESERVED CVE-2021-45218 RESERVED CVE-2021-45217 RESERVED CVE-2021-45216 RESERVED CVE-2021-45215 RESERVED CVE-2021-45214 RESERVED CVE-2021-45213 RESERVED CVE-2021-45212 RESERVED CVE-2021-45211 RESERVED CVE-2021-45210 RESERVED CVE-2021-45209 RESERVED CVE-2021-45208 RESERVED CVE-2021-45207 RESERVED CVE-2021-45206 RESERVED CVE-2021-45205 RESERVED CVE-2021-45204 RESERVED CVE-2021-45203 RESERVED CVE-2021-45202 RESERVED CVE-2021-45201 RESERVED CVE-2021-45200 RESERVED CVE-2021-45199 RESERVED CVE-2021-45198 RESERVED CVE-2021-45197 RESERVED CVE-2021-45196 RESERVED CVE-2021-45195 RESERVED CVE-2021-45194 RESERVED CVE-2021-45193 RESERVED CVE-2021-45192 RESERVED CVE-2021-45191 RESERVED CVE-2021-45190 RESERVED CVE-2021-45189 RESERVED CVE-2021-45188 RESERVED CVE-2021-45187 RESERVED CVE-2021-45186 RESERVED CVE-2021-45185 RESERVED CVE-2021-45184 RESERVED CVE-2021-45183 RESERVED CVE-2021-45182 RESERVED CVE-2021-45181 RESERVED CVE-2021-45180 RESERVED CVE-2021-45179 RESERVED CVE-2021-45178 RESERVED CVE-2021-45177 RESERVED CVE-2021-45176 RESERVED CVE-2021-45175 RESERVED CVE-2021-45174 RESERVED CVE-2021-45173 RESERVED CVE-2021-45172 RESERVED CVE-2021-45171 RESERVED CVE-2021-45170 RESERVED CVE-2021-45169 RESERVED CVE-2021-45168 RESERVED CVE-2021-45167 RESERVED CVE-2021-45166 RESERVED CVE-2021-45165 RESERVED CVE-2021-45164 RESERVED CVE-2021-45163 RESERVED CVE-2021-45162 RESERVED CVE-2021-45161 RESERVED CVE-2021-45160 RESERVED CVE-2021-45159 RESERVED CVE-2021-45158 RESERVED CVE-2021-45157 RESERVED CVE-2021-45156 RESERVED CVE-2021-45155 RESERVED CVE-2021-45154 RESERVED CVE-2021-45153 RESERVED CVE-2021-45152 RESERVED CVE-2021-45151 RESERVED CVE-2021-45150 RESERVED CVE-2021-45149 RESERVED CVE-2021-45148 RESERVED CVE-2021-45147 RESERVED CVE-2021-45146 RESERVED CVE-2021-45145 RESERVED CVE-2021-45144 RESERVED CVE-2021-45143 RESERVED CVE-2021-45142 RESERVED CVE-2021-45141 RESERVED CVE-2021-45140 RESERVED CVE-2021-45139 RESERVED CVE-2021-45138 RESERVED CVE-2021-45137 RESERVED CVE-2021-45136 RESERVED CVE-2021-45135 RESERVED CVE-2021-45134 RESERVED CVE-2021-45133 RESERVED CVE-2021-45132 RESERVED CVE-2021-45131 RESERVED CVE-2021-45130 RESERVED CVE-2021-45129 RESERVED CVE-2021-45128 RESERVED CVE-2021-45127 RESERVED CVE-2021-45126 RESERVED CVE-2021-45125 RESERVED CVE-2021-45124 RESERVED CVE-2021-45123 RESERVED CVE-2021-45122 RESERVED CVE-2021-45121 RESERVED CVE-2021-45120 RESERVED CVE-2021-45119 RESERVED CVE-2021-45118 RESERVED CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...) NOT-FOR-US: OPCFoundation/UA-Nodeset CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) {DLA-3177-1} - python-django 2:3.2.11-1 (bug #1003113) [bullseye] - python-django 2:2.2.26-1~deb11u1 [stretch] - python-django (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11) NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26) CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) {DLA-3177-1} - python-django 2:3.2.11-1 (bug #1003113) [bullseye] - python-django 2:2.2.26-1~deb11u1 [stretch] - python-django (Minor issue; fix in next update) NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11) NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...) NOT-FOR-US: Siemens CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) NOT-FOR-US: Emerson CVE-2021-44462 (This vulnerability can be exploited by parsing maliciously crafted pro ...) NOT-FOR-US: Horner Automation Cscape EnvisionRV CVE-2021-4137 RESERVED CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow) - vim 2:8.2.3995-1 (bug #1002534; unimportant) [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257) NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) NOTE: Crash in CLI tool, no security impact CVE-2021-4135 (A memory leak vulnerability was found in the Linux kernel's eBPF for t ...) {DSA-5096-1 DLA-2941-1} - linux 5.15.15-1 (unimportant) [bullseye] - linux 5.10.92-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) NOTE: CONFIG_NETDEVSIM is not set in Debian CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...) NOT-FOR-US: WordPress plugin CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) NOT-FOR-US: Keycloak CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: livehelperchat CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) - snipe-it (bug #1005172) CVE-2021-4129 (Mozilla developers and community members Julian Hector, Randell Jesup, ...) {DSA-5034-1 DSA-5026-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4129 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-4129 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-4129 CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics object wa ...) - firefox (Only affects MacOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4128 CVE-2021-4127 (An out of date graphics library (Angle) likely contained vulnerabiliti ...) {DSA-4876-1 DSA-4874-1} - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-4127 CVE-2021-4126 (When receiving an OpenPGP/MIME signed email message that contains an a ...) {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...) NOT-FOR-US: DeltaV Distributed Control System Controllers CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...) NOT-FOR-US: Philips CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...) NOT-FOR-US: WECON LeviStudioU CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...) NOT-FOR-US: WECON LeviStudioU CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...) - glewlwyd 2.6.1-1 [bullseye] - glewlwyd 2.5.2-2+deb11u2 [buster] - glewlwyd (Vulnerable code introduced later) NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...) NOT-FOR-US: Rancher CVE-2022-21952 (A Missing Authentication for Critical Function vulnerability in spacew ...) NOT-FOR-US: Uyuni CVE-2022-21951 (A Cleartext Transmission of Sensitive Information vulnerability in SUS ...) NOT-FOR-US: Rancher CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...) NOT-FOR-US: SuSE CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...) - ruby-xmlhash 1.3.6-3.1 (bug #1010667) [bullseye] - ruby-xmlhash (Minor issue) [buster] - ruby-xmlhash (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928 NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8) CVE-2022-21948 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: OpenSuSE paste CVE-2022-21947 (A Exposure of Resource to Wrong Sphere vulnerability in Rancher Deskto ...) NOT-FOR-US: Rancher CVE-2022-21946 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: SUSE cscreen CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...) NOT-FOR-US: SUSE cscreen CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...) NOT-FOR-US: SUSE packaging issue in watchman CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...) {DSA-5024-1 DLA-2852-1} - apache-log4j2 2.17.0-1 (bug #1001891) NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 CVE-2021-31566 (An improper link resolution flaw can occur while extracting an archive ...) {DLA-3202-1 DLA-2987-1} - libarchive 3.5.2-1 (bug #1001990) [bullseye] - libarchive 3.4.3-2+deb11u1 NOTE: https://github.com/libarchive/libarchive/issues/1566 NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) CVE-2021-23177 (An improper link resolution flaw while extracting an archive can lead ...) {DLA-3202-1 DLA-2987-1} - libarchive 3.5.2-1 (bug #1001986) [bullseye] - libarchive 3.4.3-2+deb11u1 NOTE: https://github.com/libarchive/libarchive/issues/1565 NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) CVE-2022-21943 RESERVED CVE-2022-21942 RESERVED CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable ...) NOT-FOR-US: Sensormatic Electronics, LLC CVE-2022-21940 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...) NOT-FOR-US: Johnson Controls CVE-2022-21939 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Cont ...) NOT-FOR-US: Johnson Controls CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...) NOT-FOR-US: Metasys CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...) NOT-FOR-US: Metasys CVE-2022-21936 (On Metasys ADX Server version 12.0 running MVE, an Active Directory us ...) NOT-FOR-US: Metasys ADX Server CVE-2022-21935 (A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and ...) NOT-FOR-US: Metasys CVE-2022-21934 (Under certain circumstances an authenticated user could lock other use ...) NOT-FOR-US: Johnson Controls Metasys CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) - condor (Vulnerable code introduced later) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0002 CVE-2021-45103 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) - condor (Vulnerable code introduced later) NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0001 CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...) - condor (Only affects 9.0.0 and above) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/ CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) - condor 23.2.0+dfsg-1 (bug #1002540) [buster] - condor (Patch is too intrusive to backport) [stretch] - condor (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) CVE-2021-45099 (The addon.stdin service in addon-ssh (aka Home Assistant Community Add ...) NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...) - suricata 1:6.0.4-1 [bullseye] - suricata (Minor issue) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df NOTE: https://redmine.openinfosecfoundation.org/issues/4710 CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...) NOT-FOR-US: NIME Server CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...) NOT-FOR-US: KNIME Analytics Platform CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton Privileged Acces ...) NOT-FOR-US: Imprivata Privileged Access Management CVE-2021-45093 RESERVED CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) NOT-FOR-US: Thinfinity VirtualUI CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) {DSA-5042-1 DLA-3074-1} - epiphany-browser 41.2-1 [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) {DSA-5042-1 DLA-3074-1} - epiphany-browser 41.2-1 [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) {DSA-5042-1} - epiphany-browser 41.2-1 [buster] - epiphany-browser (Embedded PDF viewer introduced later) [stretch] - epiphany-browser (Embedded PDF viewer introduced later) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) {DSA-5042-1 DLA-3074-1} - epiphany-browser 41.2-1 [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 CVE-2021-45084 RESERVED CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...) - cobbler CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...) - cobbler CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...) - cobbler CVE-2021-45080 RESERVED CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...) {DSA-5056-1 DLA-2909-1} - strongswan 5.9.5-1 NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/ CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...) - binutils 2.37.50.20220106-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02 NOTE: binutils not covered by security support CVE-2021-4125 (It was found that the original fix for log4j CVE-2021-44228 and CVE-20 ...) NOT-FOR-US: OpenShift metering hive containers CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...) - logback 1:1.2.8-1 [bullseye] - logback (Minor issue) [buster] - logback (Minor issue) [stretch] - logback (Minor issue) NOTE: https://jira.qos.ch/browse/LOGBACK-1591 NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8) CVE-2021-44771 REJECTED CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) - janus (unimportant) NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190 NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d NOTE: Issues only in janus-demos built from src:janus CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: livehelperchat CVE-2021-4122 (It was found that a specially crafted LUKS header could trick cryptset ...) {DSA-5070-1} - cryptsetup 2:2.4.3-1 (bug #1003686) [buster] - cryptsetup (Vulnerable code not present; does not support online LUKS2 reencryption) [stretch] - cryptsetup (Vulnerable code not present; does not support LUKS2) NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401 NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm CVE-2021-23151 REJECTED CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...) - linux 5.15.15-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://github.com/cifsd-team/ksmbd/issues/550 NOTE: https://github.com/cifsd-team/ksmbd/pull/551 NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-1 NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ CVE-2021-45070 RESERVED CVE-2021-45069 RESERVED CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45066 RESERVED CVE-2021-45065 RESERVED CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...) NOT-FOR-US: Adobe CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...) NOT-FOR-US: Adobe CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...) - snapd 2.54.3-1 [bullseye] - snapd 2.49-1+deb11u1 [buster] - snapd (Minor issue, intrusive backport) NOTE: https://bugs.launchpad.net/snapd/+bug/1949368 NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2 CVE-2021-45050 RESERVED CVE-2021-45049 RESERVED CVE-2021-45048 RESERVED CVE-2021-45047 RESERVED CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...) {DSA-5022-1} - apache-log4j2 2.16.0-1 (bug #1001729) [stretch] - apache-log4j2 (JndiLookup class has been removed) NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4 NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046 NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221 NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ CVE-2021-45045 RESERVED CVE-2021-45044 RESERVED CVE-2021-44768 (Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable t ...) NOT-FOR-US: Delta Electronics CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...) NOT-FOR-US: DIAEnergie CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) NOT-FOR-US: DIAEnergie CVE-2021-4119 (bookstack is vulnerable to Improper Access Control) NOT-FOR-US: bookstack CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data) NOT-FOR-US: pytorch-lightning CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors) NOT-FOR-US: yetiforcecrm CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...) [experimental] - policykit-1 0.120-6 - policykit-1 0.105-32 (bug #1005784) [bullseye] - policykit-1 (Minor issue) [buster] - policykit-1 (Vulnerable code not present, patch introducing issue not backported) [stretch] - policykit-1 (Vulnerable code not present, patch introducing issue not backported) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534 NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7 NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 NOTE: Debian backported 0.113 commits in 0.105-26 CVE-2021-4114 REJECTED CVE-2021-4113 REJECTED CVE-2021-4112 (A flaw was found in ansible-tower where the default installation is vu ...) NOT-FOR-US: Ansible Tower CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors) NOT-FOR-US: yetiforcecrm CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) NOT-FOR-US: DIAEnergie CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...) NOT-FOR-US: DIAEnergie CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) NOT-FOR-US: ASUS CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2022-21923 RESERVED CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21919 (Windows User Profile Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Security Feat ...) NOT-FOR-US: Microsoft CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21911 (.NET Framework Denial of Service Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21909 RESERVED CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...) NOT-FOR-US: Microsoft CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21895 (Windows User Profile Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21890 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21889 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21886 RESERVED CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) NOT-FOR-US: Microsoft CVE-2022-21883 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21878 (Windows Geolocation Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21877 (Storage Spaces Controller Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21876 (Win32k Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21874 (Windows Security Center API Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Priv ...) NOT-FOR-US: Microsoft CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of Privilege ...) NOT-FOR-US: Microsoft CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21867 (Windows Push Notifications Apps Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege Vulnera ...) NOT-FOR-US: Microsoft CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21856 RESERVED CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21854 RESERVED CVE-2022-21853 RESERVED CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21849 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2022-21848 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21843 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial of Serv ...) NOT-FOR-US: Microsoft CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21836 (Windows Certificate Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation of Privi ...) NOT-FOR-US: Microsoft CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...) NOT-FOR-US: HD-Network Real-time Monitoring System CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...) NOT-FOR-US: HashiCorp Vault CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...) NOT-FOR-US: SuiteCRM CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference) - mruby 3.0.0-2 (bug #1001768) [bullseye] - mruby (Minor issue) [buster] - mruby (Minor issue) [stretch] - mruby (revisit when/if fix is complete) NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20 NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34 CVE-2021-4109 RESERVED CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in ABB ...) NOT-FOR-US: ABB CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...) NOT-FOR-US: spatie/laravel-medialibrary CVE-2021-45039 (Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10. ...) NOT-FOR-US: Uniview IP Camera CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1} - mediawiki 1:1.35.5-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T297574 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-45037 RESERVED CVE-2021-45036 (Velneo vClient on its 28.1.3 version, could allow an attacker with kno ...) NOT-FOR-US: Velneo vClient CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check the cer ...) NOT-FOR-US: Velneo vClient CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) NOT-FOR-US: Siemens CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) NOT-FOR-US: Siemens CVE-2021-45032 REJECTED CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in ...) NOT-FOR-US: MEPSAN CVE-2021-45030 RESERVED CVE-2021-45029 (Groovy Code Injection & SpEL Injection which lead to Remote Code Execu ...) NOT-FOR-US: Apache ShenYu CVE-2021-45028 RESERVED CVE-2021-45027 (An arbitrary file download vulnerability in Oliver v5 Library Server V ...) NOT-FOR-US: Oliver Library Server CVE-2021-45026 (ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2 ...) NOT-FOR-US: ASG technologies CVE-2021-45025 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...) NOT-FOR-US: ASG technologies CVE-2021-45024 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...) NOT-FOR-US: ASG technologies CVE-2021-45023 RESERVED CVE-2021-45022 RESERVED CVE-2021-45021 RESERVED CVE-2021-45020 RESERVED CVE-2021-45019 RESERVED CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via ...) NOT-FOR-US: CatFish (not same as src:catfish) CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1 ...) NOT-FOR-US: CatFish (not same as src:catfish) CVE-2021-45016 RESERVED CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...) NOT-FOR-US: taocms CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...) NOT-FOR-US: taocms CVE-2021-45013 RESERVED CVE-2021-45012 RESERVED CVE-2021-45011 RESERVED CVE-2021-45010 (A path traversal vulnerability in the file upload functionality in tin ...) NOT-FOR-US: Tiny File Manager CVE-2021-45009 RESERVED CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...) NOT-FOR-US: Plesk CMS CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: Plesk CVE-2021-45006 RESERVED CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) - mujs 1.1.3-4 [bullseye] - mujs 1.1.0-1+deb11u1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public) NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0) CVE-2021-45004 RESERVED CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...) NOT-FOR-US: Laundry Booking Management System CVE-2021-45002 RESERVED CVE-2021-45001 RESERVED CVE-2021-45000 RESERVED CVE-2021-44999 RESERVED CVE-2021-44998 RESERVED CVE-2021-44997 RESERVED CVE-2021-44996 RESERVED CVE-2021-44995 RESERVED CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...) - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895 CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...) - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...) - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879 CVE-2021-44991 RESERVED CVE-2021-44990 RESERVED CVE-2021-44989 RESERVED CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...) - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2021-44987 RESERVED CVE-2021-44986 RESERVED CVE-2021-44985 RESERVED CVE-2021-44984 RESERVED CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...) NOT-FOR-US: taocms CVE-2021-44982 RESERVED CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...) NOT-FOR-US: QuickBox Pro CVE-2021-44980 RESERVED CVE-2021-44979 RESERVED CVE-2021-44978 (iCMS <= 8.0.0 allows users to add and render a comtom template, which ...) NOT-FOR-US: iCMS CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows an attacke ...) NOT-FOR-US: iCMS CVE-2021-44976 RESERVED CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...) - radare2 5.9.0+dfsg-1 (bug #1014490) NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ NOTE: Fixed in 5.6.0 CVE-2021-44974 (radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ...) - radare2 5.9.0+dfsg-1 (bug #1014490) NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ NOTE: Fixed in 5.5.4 CVE-2021-44973 RESERVED CVE-2021-44972 RESERVED CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...) NOT-FOR-US: Tenda CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: MiniCMS CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: Taocms CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) NOT-FOR-US: IOBit Advanced SystemCare CVE-2021-44967 (A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 ...) - limesurvey (bug #472802) CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) NOT-FOR-US: PHPGURUKUL Employee Record Management System CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...) NOT-FOR-US: PHPGURUKUL Employee Record Management System CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lua inte ...) - lua5.4 5.4.4-1 [bullseye] - lua5.4 (Minor issue, GC/finalizer changes intrusive to backport) NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00186.html NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00007.html NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00015.html NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00030.html NOTE: https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability NOTE: https://github.com/lua/lua/commit/0bfc572e51d9035a615ef6e9523f736c9ffa8e57 NOTE: https://github.com/lua/lua/commit/066e0f93c4901e601d93e31fb700f8f66f95feb8 NOTE: https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 NOTE: https://github.com/lua/lua/commit/86ec152433baf8daf39f03a59c6842cbe33a179d NOTE: https://github.com/lua/lua/commit/597a53bbc681089d85b082b46c2e2428dec43b86 CVE-2021-44963 RESERVED CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...) - slic3r (unimportant) NOTE: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw NOTE: Crash in GUI tool, no security impact CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...) - slic3r (unimportant) NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w NOTE: memory overusage in GUI tool, no security impact CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...) {DLA-3376-1} - svgpp 1.3.0+dfsg1-5 (bug #1014599) [bullseye] - svgpp (Minor issue) NOTE: https://github.com/svgpp/svgpp/issues/101 NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91 CVE-2021-44959 RESERVED CVE-2021-44958 RESERVED CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...) NOT-FOR-US: ffjpeg CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...) NOT-FOR-US: ffjpeg CVE-2021-44955 RESERVED CVE-2021-44954 (In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges ...) NOT-FOR-US: QVIS NVR DVR CVE-2021-44953 RESERVED CVE-2021-44952 RESERVED CVE-2021-44951 RESERVED CVE-2021-44950 RESERVED CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...) NOT-FOR-US: glFusion CMS CVE-2021-44948 REJECTED CVE-2021-44947 RESERVED CVE-2021-44946 RESERVED CVE-2021-44945 RESERVED CVE-2021-44944 RESERVED CVE-2021-44943 RESERVED CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...) NOT-FOR-US: glFusion CMS CVE-2021-44941 RESERVED CVE-2021-44940 RESERVED CVE-2021-44939 RESERVED CVE-2021-44938 RESERVED CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...) NOT-FOR-US: glFusion CMS CVE-2021-44936 RESERVED CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...) NOT-FOR-US: glFusion CMS CVE-2021-44934 RESERVED CVE-2021-44933 RESERVED CVE-2021-44932 RESERVED CVE-2021-44931 RESERVED CVE-2021-44930 RESERVED CVE-2021-44929 RESERVED CVE-2021-44928 RESERVED CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1960 NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 (v2.0.0) CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1961 NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e (v2.0.0) CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1967 NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 (v2.0.0) CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1959 NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 (v2.0.0) CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1962 NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1969 NOTE: https://github.com/gpac/gpac/issues/1968 NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1964 NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 (v2.0.0) CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1957 NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 (v2.0.0) CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1963 NOTE: https://github.com/gpac/gpac/issues/1962 NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1968 NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...) - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539) [bullseye] - gnuplot 5.4.1+dfsg1-1+deb11u1 NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master) NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master) NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master) NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable) NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable) NOTE: Crash in CLI tool, negligible security impact CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...) NOT-FOR-US: Open-AudIT CVE-2021-44915 (Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerabi ...) NOT-FOR-US: taocms CVE-2021-44914 RESERVED CVE-2021-44913 RESERVED CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...) NOT-FOR-US: XE CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...) NOT-FOR-US: XE CVE-2021-44910 RESERVED CVE-2021-44909 RESERVED CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via cont ...) NOT-FOR-US: SailsJS Sails.jsSailsJS Sails.js CVE-2021-44907 REJECTED CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.j ...) - node-minimist 1.2.6+~cs5.3.2-1 [bullseye] - node-minimist 1.2.5+~cs5.3.1-2+deb11u1 [buster] - node-minimist 1.2.0-1+deb10u2 [stretch] - node-minimist (Nodejs in stretch not covered by security support) NOTE: https://github.com/substack/minimist/issues/164 NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey() NOTE: was insufficient. CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD ...) NOT-FOR-US: Fortessa CVE-2021-44904 RESERVED CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to ...) NOT-FOR-US: Micro-Star International (MSI) Center Pro CVE-2021-44902 RESERVED CVE-2021-44901 (Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerabl ...) NOT-FOR-US: Micro-Star International (MSI) Dragon Center CVE-2021-44900 (Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerabl ...) NOT-FOR-US: Micro-Star International (MSI) App Player CVE-2021-44899 (Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to mul ...) NOT-FOR-US: Micro-Star International (MSI) Center CVE-2021-44898 RESERVED CVE-2021-44897 RESERVED CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS.) NOT-FOR-US: DMP Roadmap CVE-2021-44895 RESERVED CVE-2021-44894 RESERVED CVE-2021-44893 RESERVED CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...) NOT-FOR-US: ThinkPHP CVE-2021-44891 RESERVED CVE-2021-44890 RESERVED CVE-2021-44889 RESERVED CVE-2021-44888 RESERVED CVE-2021-44887 RESERVED CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...) - zammad (bug #841355) CVE-2021-44885 RESERVED CVE-2021-44884 RESERVED CVE-2021-44883 RESERVED CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...) NOT-FOR-US: D-Link CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) NOT-FOR-US: D-Link CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...) NOT-FOR-US: D-Link CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...) {DSA-5594-1 DLA-3711-1 DLA-3710-1} - linux 5.16.7-1 [stretch] - linux (Minor issue; f2fs is not supportable) NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1 NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1) CVE-2021-44878 (If an OpenID Connect provider supports the "none" algorithm (i.e., tok ...) NOT-FOR-US: Pac4j CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44873 RESERVED CVE-2021-44872 RESERVED CVE-2021-44871 RESERVED CVE-2021-44870 RESERVED CVE-2021-44869 RESERVED CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...) NOT-FOR-US: ming-soft MCMS CVE-2021-44867 RESERVED CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...) NOT-FOR-US: Online-Movie-Ticket-Booking-System CVE-2021-44865 RESERVED CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...) NOT-FOR-US: TP-Link CVE-2021-44863 RESERVED CVE-2021-44862 (Netskope client is impacted by a vulnerability where an authenticated, ...) NOT-FOR-US: Netskope CVE-2021-44861 RESERVED CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1 DLA-2847-1} - mediawiki 1:1.35.5-1 [buster] - mediawiki 1:1.31.16-1+deb10u2 NOTE: https://phabricator.wikimedia.org/T297322 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1} - mediawiki 1:1.35.5-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T297322 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44856 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5246-1 DLA-3117-1} - mediawiki 1:1.35.5-1 [stretch] - mediawiki (Minor issue) NOTE: https://phabricator.wikimedia.org/T271037 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44855 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5246-1} - mediawiki 1:1.35.5-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T293589 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44854 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5246-1} - mediawiki 1:1.35.5-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T292763 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44853 RESERVED CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) NOT-FOR-US: Biostar RACING GT Evo CVE-2021-44851 RESERVED CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...) NOT-FOR-US: Xilinx Zynq-7000 SoC device CVE-2021-44849 RESERVED CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...) NOT-FOR-US: Cibele Thinfinity VirtualUI CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...) - libtoxcore 0.2.13-1 (bug #1001711) [bullseye] - libtoxcore (Minor issue) [buster] - libtoxcore (Minor issue) NOTE: https://github.com/TokTok/c-toxcore/pull/1718 NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9) NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13) CVE-2021-44846 RESERVED CVE-2021-44845 RESERVED CVE-2021-44844 RESERVED CVE-2021-44843 RESERVED CVE-2021-44842 RESERVED CVE-2021-44841 RESERVED CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) NOT-FOR-US: Delta RM CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...) NOT-FOR-US: Delta RM CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) NOT-FOR-US: Delta RM CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...) NOT-FOR-US: Delta RM CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...) NOT-FOR-US: Delta RM CVE-2021-44835 (An issue was discovered in Active Intelligent Visualization 5. The Vdc ...) NOT-FOR-US: Active Intelligent Visualization CVE-2021-44834 RESERVED CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: yetiforcecrm CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...) NOT-FOR-US: Snow Inventory Java Scanner CVE-2021-4105 (Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewal ...) NOT-FOR-US: BG-TEK CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...) - libtoxcore 0.2.2-1 NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release NOTE: https://github.com/TokTok/c-toxcore/issues/873 NOTE: https://github.com/TokTok/c-toxcore/pull/872 CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the TCP pri ...) - libtoxcore 0.2.8-1 NOTE: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ NOTE: https://github.com/TokTok/c-toxcore/issues/1214 NOTE: https://github.com/TokTok/c-toxcore/pull/1216 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) NOT-FOR-US: CLI for Amazon AWS OpenSearch CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...) {DLA-2905-1} - apache-log4j1.2 1.2.17-11 [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 [buster] - apache-log4j1.2 1.2.17-8+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1 NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default) NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2 CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) NOT-FOR-US: vditor CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...) {DLA-2870-1} - apache-log4j2 2.17.1-1 (bug #1002813) [bullseye] - apache-log4j2 2.17.1-1~deb11u1 [buster] - apache-log4j2 2.17.1-1~deb10u1 NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293 NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1) NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2 CVE-2022-21832 RESERVED CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2.0 ...) {DSA-5372-1 DLA-3093-1} - rails 2:6.1.4.7+dfsg-1 (bug #1011940) NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (v6.1.4.7) NOTE: https://github.com/rails/rails/commit/92f64fec3136baabbebac97073c5213ea055dc53 (v6.0.4.7) NOTE: https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3) CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...) NOT-FOR-US: phpservermon CVE-2021-4096 (The Fancy Product Designer plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: WordPress plugin CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...) NOT-FOR-US: NVIDIA CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in ...) [experimental] - nvidia-cuda-toolkit 11.6.2-1 - nvidia-cuda-toolkit 11.6.2-2 (bug #1008695) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) [buster] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5334 CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network ...) NOT-FOR-US: NVIDIA CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...) NOT-FOR-US: NVIDIA CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) NOT-FOR-US: NVIDIA License System CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...) NOT-FOR-US: NVIDIA CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA vGPU software CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) NOT-FOR-US: NVIDIA GPU Display Driver for Windows CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 [buster] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...) NOT-FOR-US: Single Connect CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...) NOT-FOR-US: Single Connect CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...) NOT-FOR-US: Single Connect CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...) NOT-FOR-US: Kron Single Connect CVE-2021-44791 (In Apache Druid 0.22.1 and earlier, certain specially-crafted links re ...) - druid (bug #825797) CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...) {DSA-5035-1 DLA-2907-1} - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 NOTE: Fixed by: https://svn.apache.org/r1896039 CVE-2021-4095 (A NULL pointer dereference was found in the Linux kernel's KVM when di ...) - linux 5.17.3-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/ NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194 CVE-2021-4094 RESERVED CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...) - linux 5.14.16-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: yetiforcecrm CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...) {DLA-3399-1} - 389-ds-base 2.0.15-1 [stretch] - 389-ds-base (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307 NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4) NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/3553bce44d95e70f2cf13f26bb8866ecde9f7a7b (389-ds-base-2.0.15) NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/a3c298f8140d3e4fa1bd5a670f1bb965a21a9b7b (389-ds-base-2.2.0) CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...) - linux 5.15.5-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101 NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before version 7 ...) NOT-FOR-US: Intel CVE-2022-21804 (Out-of-bounds write in software for the Intel QAT Driver for Windows b ...) NOT-FOR-US: Intel CVE-2022-21794 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards, ...) NOT-FOR-US: Intel CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet 500 Seri ...) NOT-FOR-US: Intel CVE-2022-21239 (Out-of-bounds read in software for the Intel QAT Driver for Windows be ...) NOT-FOR-US: Intel CVE-2022-21229 (Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Ki ...) NOT-FOR-US: Intel CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21206 RESERVED CVE-2022-21188 RESERVED CVE-2022-21185 RESERVED CVE-2022-21175 RESERVED CVE-2022-21171 RESERVED CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R) SGX bef ...) NOT-FOR-US: Intel CVE-2022-21162 (Uncontrolled search path for the Intel(R) HDMI Firmware Update tool fo ...) NOT-FOR-US: Intel CVE-2022-21161 RESERVED CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) NOT-FOR-US: Intel CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) NOT-FOR-US: Intel CVE-2022-21150 RESERVED CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) NOT-FOR-US: Intel CVE-2022-21135 RESERVED CVE-2021-44789 RESERVED CVE-2021-44788 RESERVED CVE-2021-44787 RESERVED CVE-2021-44786 RESERVED CVE-2021-44785 RESERVED CVE-2021-44784 RESERVED CVE-2021-44783 RESERVED CVE-2021-44782 RESERVED CVE-2021-44781 RESERVED CVE-2021-44780 RESERVED CVE-2021-44764 RESERVED CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control) - snipe-it (bug #1005172) CVE-2021-37408 RESERVED CVE-2021-31565 RESERVED CVE-2021-26261 RESERVED CVE-2021-26255 RESERVED CVE-2021-23189 RESERVED CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2021-23171 RESERVED CVE-2021-23170 RESERVED CVE-2021-23148 RESERVED CVE-2021-44759 (Improper Authentication vulnerability in TLS origin validation of Apac ...) {DSA-5153-1} - trafficserver 9.1.0+ds-1 NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6 NOTE: Mark first 9.x version as fixed version, as the issue only affects versions NOTE: 8.x up to 8.1.3. NOTE: https://github.com/apache/trafficserver/commit/d3f36f79820ea10c26573c742b1bbc370c351716 (8.1.x) CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...) NOT-FOR-US: McAfee CVE-2021-4087 RESERVED CVE-2021-4086 RESERVED CVE-2021-4085 RESERVED CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.5-2 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2247 CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: Pimcore CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: Pimcore CVE-2021-44758 (Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...) {DSA-5287-1 DLA-3206-1} - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv NOTE: https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 (heimdal-7.7.1) CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44756 RESERVED CVE-2021-44755 RESERVED CVE-2021-44754 RESERVED CVE-2021-44753 RESERVED CVE-2021-44752 RESERVED CVE-2021-44751 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) NOT-FOR-US: F-Secure CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...) NOT-FOR-US: F-Secure CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...) NOT-FOR-US: F-Secure CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered whereby ...) NOT-FOR-US: F-Secure CVE-2021-44747 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) NOT-FOR-US: F-Secure CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...) NOT-FOR-US: UNIVERGE CVE-2021-44745 RESERVED CVE-2021-44744 RESERVED CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) NOT-FOR-US: Adobe CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 CVE-2021-44457 REJECTED CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) NOT-FOR-US: Intel CVE-2021-43351 REJECTED CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...) NOT-FOR-US: Crater CVE-2021-26946 REJECTED CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) NOT-FOR-US: Intel CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) NOT-FOR-US: Intel CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) NOT-FOR-US: Intel CVE-2021-23145 REJECTED CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] - rainloop 1.14.0-1 (bug #962629) [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) NOT-FOR-US: Lexmark CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) NOT-FOR-US: Lexmark CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) NOT-FOR-US: Lexmark CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) NOT-FOR-US: Lexmark CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) NOT-FOR-US: Lexmark CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) {DSA-5096-1 DLA-2941-1} - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747 CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...) {DLA-3249-1} [experimental] - mbedtls 2.28.0-0.1 - mbedtls 2.28.0-0.3 (bug #1002631) [bullseye] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) {DSA-5080-1} - snapd 2.54.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) {DSA-5080-1} - snapd 2.54.3-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 CVE-2021-44729 RESERVED CVE-2021-44728 RESERVED CVE-2021-44727 RESERVED CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...) NOT-FOR-US: KNIME Server CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...) NOT-FOR-US: KNIME Server CVE-2021-44724 RESERVED CVE-2021-44723 RESERVED CVE-2021-44722 RESERVED CVE-2021-44721 RESERVED CVE-2021-44720 (In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the a ...) NOT-FOR-US: Ivanti CVE-2021-44719 (Docker Desktop 4.3.0 has Incorrect Access Control.) NOT-FOR-US: Docker Desktop on MacOS CVE-2021-44718 (wolfSSL through 5.0.0 allows an attacker to cause a denial of service ...) - wolfssl 5.1.1-1 [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 NOTE: https://github.com/wolfSSL/wolfssl/pull/4629 CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/50057 NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5) NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12) CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 - golang-1.8 - golang-1.7 - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1 [bullseye] - golang-golang-x-net (Minor issue) - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support, minor issue, follow bullseye DSAs/point-releases) [stretch] - golang-golang-x-net-dev (Limited support in stretch) NOTE: https://github.com/golang/go/issues/50058 NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5) NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12) NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70 CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) NOT-FOR-US: Adobe CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) NOT-FOR-US: Adobe CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) NOT-FOR-US: Adobe CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) NOT-FOR-US: Adobe CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) NOT-FOR-US: Adobe CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-44695 (Affected devices don't process correctly certain special crafted packe ...) NOT-FOR-US: Siemens CVE-2021-44694 (Affected devices don't process correctly certain special crafted packe ...) NOT-FOR-US: Siemens CVE-2021-44693 (Affected devices don't process correctly certain special crafted packe ...) NOT-FOR-US: Siemens CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4077 RESERVED CVE-2021-4076 (A flaw exists in tang, a network-based cryptographic binding server, w ...) {DSA-5025-1} - tang 11-1 [buster] - tang (Vulnerable code introduced later) NOTE: https://github.com/latchset/tang/pull/81 NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) NOT-FOR-US: BuddyBoss Platform CVE-2021-44691 RESERVED CVE-2021-44690 RESERVED CVE-2021-44689 RESERVED CVE-2021-44688 RESERVED CVE-2021-44687 RESERVED CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...) - calibre 5.33.0+dfsg-1 [bullseye] - calibre (Minor issue) [buster] - calibre (Minor issue) [stretch] - calibre (Minor issue) NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) NOT-FOR-US: git-it CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) NOT-FOR-US: naholyr github-todos CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due t ...) NOT-FOR-US: DuckDuckGo browser CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF)) - snipe-it (bug #1005172) CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) NOT-FOR-US: WordPress plugin CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) NOT-FOR-US: elgg CVE-2021-4071 RESERVED CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...) NOT-FOR-US: Open-AudIT CVE-2021-44673 (A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via ...) NOT-FOR-US: Croogo CVE-2021-44672 RESERVED CVE-2021-44671 RESERVED CVE-2021-44670 RESERVED CVE-2021-44669 RESERVED CVE-2021-44668 RESERVED CVE-2021-44667 (A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in au ...) NOT-FOR-US: Nacos CVE-2021-44666 RESERVED CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte Project Xerte ...) NOT-FOR-US: Xerte CVE-2021-44664 (An Authenticated Remote Code Exection (RCE) vulnerability exists in Xe ...) NOT-FOR-US: Xerte CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...) NOT-FOR-US: Xerte CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...) NOT-FOR-US: Xerte CVE-2021-44661 RESERVED CVE-2021-44660 RESERVED CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...) NOT-FOR-US: GoCD server CVE-2021-44658 RESERVED CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...) NOT-FOR-US: StackStorm CVE-2021-44656 RESERVED CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...) NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System CVE-2021-44654 RESERVED CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...) NOT-FOR-US: Online Magazine Management System CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...) - python-django-cms (bug #516183) CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...) {DSA-5228-1} - gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600) [buster] - gdk-pixbuf (Vulnerable code introduced later) [stretch] - gdk-pixbuf (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130 NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/76eda67dbc3f48c9dd6815a5aaf6014ea4a16771 (2.42.9) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/0cf97225c9c227d11fc4ddf9cba8e8480672ee1b (2.42.9) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/19ebba03117aefc9d0312f675f3a210ffdcc4907 (2.42.9) NOTE: Tests: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/449441210921c8ed417b0c4d5edbccd2d57e23f8 (2.42.9) CVE-2021-44647 (Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ...) - lua5.4 5.4.4-1 (bug #1004189) [bullseye] - lua5.4 (Minor issue) - lua5.3 (Specific to 5.4) - lua5.2 (Specific to 5.4) - lua5.1 (Specific to 5.4) - lua50 (Specific to 5.4) NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f CVE-2021-44646 RESERVED CVE-2021-44645 RESERVED CVE-2021-44644 RESERVED CVE-2021-44643 RESERVED CVE-2021-44642 RESERVED CVE-2021-44641 RESERVED CVE-2021-44640 RESERVED CVE-2021-44639 RESERVED CVE-2021-44638 RESERVED CVE-2021-44637 RESERVED CVE-2021-44636 RESERVED CVE-2021-44635 RESERVED CVE-2021-44634 RESERVED CVE-2021-44633 RESERVED CVE-2021-44632 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44631 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44630 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44629 (A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2. ...) NOT-FOR-US: TP-Link CVE-2021-44628 (A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44627 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44626 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44625 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44624 RESERVED CVE-2021-44623 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) NOT-FOR-US: TP-Link CVE-2021-44621 RESERVED CVE-2021-44620 (A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu. ...) NOT-FOR-US: TOTOLINK CVE-2021-44619 RESERVED CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...) NOT-FOR-US: Nystudio107 Seomatic CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 ...) NOT-FOR-US: GLPI plugin CVE-2021-44616 RESERVED CVE-2021-44615 RESERVED CVE-2021-44614 RESERVED CVE-2021-44613 RESERVED CVE-2021-44612 RESERVED CVE-2021-44611 RESERVED CVE-2021-44610 (Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0 ...) NOT-FOR-US: bloofoxCMS CVE-2021-44609 RESERVED CVE-2021-44608 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxC ...) NOT-FOR-US: bloofoxCMS CVE-2021-44607 (A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in ...) NOT-FOR-US: FUEL-CMS CVE-2021-44606 RESERVED CVE-2021-44605 RESERVED CVE-2021-44604 RESERVED CVE-2021-44603 RESERVED CVE-2021-44602 RESERVED CVE-2021-44601 RESERVED CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...) NOT-FOR-US: Simple Online Mens Salon Management System (MSMS) CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...) NOT-FOR-US: Online Enrollment Management System CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...) NOT-FOR-US: Attendance Management System CVE-2021-44597 REJECTED CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remot ...) NOT-FOR-US: Wondershare CVE-2021-44595 (Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to ...) NOT-FOR-US: Wondershare CVE-2021-44594 RESERVED CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) NOT-FOR-US: Simple College Website CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) - ming NOTE: https://github.com/libming/libming/issues/235 CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...) - ming NOTE: https://github.com/libming/libming/issues/236 CVE-2021-44589 RESERVED CVE-2021-44588 RESERVED CVE-2021-44587 RESERVED CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...) NOT-FOR-US: dst-admin CVE-2021-44585 (A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in ...) NOT-FOR-US: jeecg-boot CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...) NOT-FOR-US: emlog CVE-2021-44583 RESERVED CVE-2021-44582 (A Privilege Escalation vulnerability exists in Sourcecodester Money Tr ...) NOT-FOR-US: Sourcecodester Money Transfer Management System CVE-2021-44581 (An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the i ...) NOT-FOR-US: Kreado Kreasfero CMS CVE-2021-44580 RESERVED CVE-2021-44579 RESERVED CVE-2021-44578 RESERVED CVE-2021-44577 REJECTED CVE-2021-44576 REJECTED CVE-2021-44575 REJECTED CVE-2021-44574 REJECTED CVE-2021-44573 REJECTED CVE-2021-44572 RESERVED CVE-2021-44571 REJECTED CVE-2021-44570 REJECTED CVE-2021-44569 REJECTED CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...) - libsolv 0.7.17-1 (unimportant) NOTE: https://github.com/openSUSE/libsolv/issues/425 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) NOTE: Issue is fixed in the testcase; negligible security impact CVE-2021-44567 (An unauthenticated SQL Injection vulnerability exists in RosarioSIS be ...) NOT-FOR-US: RosarioSIS CVE-2021-44566 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...) NOT-FOR-US: RosarioSIS CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...) NOT-FOR-US: RosarioSIS CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...) NOT-FOR-US: SYNC2101 CVE-2021-44563 RESERVED CVE-2021-44562 RESERVED CVE-2021-44561 RESERVED CVE-2021-44560 RESERVED CVE-2021-44559 RESERVED CVE-2021-44558 RESERVED CVE-2021-44557 (National Library of the Netherlands multiNER <= c0440948057afc6e3d6b49 ...) NOT-FOR-US: National Library of the Netherlands multiNER CVE-2021-44556 (National Library of the Netherlands digger < 6697d1269d981e35e11f24072 ...) NOT-FOR-US: National Library of the Netherlands digger CVE-2021-44555 RESERVED CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...) NOT-FOR-US: Thinfinity VirtualUI CVE-2021-44553 RESERVED CVE-2021-44552 RESERVED CVE-2021-44551 RESERVED CVE-2021-44550 (An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via ...) NOT-FOR-US: CoreNLP CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0 ...) - golang-v2ray-core 4.34.0-7 (bug #1010377) [bullseye] - golang-v2ray-core (Minor issue) NOTE: https://huntr.dev/bounties/8da19456-4d89-41ef-9781-a41efd6a1877/ NOTE: https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...) NOT-FOR-US: Apache Sling CVE-2021-4069 (vim is vulnerable to Use After Free) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741) NOTE: Crash in CLI tool, no security impact CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...) - lucene-solr (Issue only affects Windows) NOTE: https://issues.apache.org/jira/browse/SOLR-15826 CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4060 RESERVED CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-4051 RESERVED CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...) {DLA-2844-1} - privoxy 3.0.33-1 [bullseye] - privoxy 3.0.32-2+deb11u1 [buster] - privoxy 3.0.28-2+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33) CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors.) - privoxy 3.0.33-1 [bullseye] - privoxy 3.0.32-2+deb11u1 [buster] - privoxy (Vulnerable code introduced in 3.0.29) [stretch] - privoxy (Vulnerable code introduced in 3.0.29) NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33) CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...) - privoxy 3.0.33-1 [bullseye] - privoxy 3.0.32-2+deb11u1 [buster] - privoxy (Vulnerable code introduced in 3.0.29) [stretch] - privoxy (Vulnerable code introduced in 3.0.29) NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33) CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...) {DLA-2844-1} - privoxy 3.0.33-1 [bullseye] - privoxy 3.0.32-2+deb11u1 [buster] - privoxy 3.0.28-2+deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) NOT-FOR-US: WordPress plugin CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) NOT-FOR-US: livehelperchat CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: livehelperchat CVE-2021-44539 RESERVED CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...) {DSA-5034-1 DLA-2874-1} - element-web (bug #866502) - olm 3.2.8~dfsg-1 (bug #1001664) [bullseye] - olm (Minor issue) [buster] - olm (Vulnerable code introduced later) - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538 NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...) - owncloud-client 2.11.0.8354+dfsg-1 (bug #1014810) [buster] - owncloud-client (Minor issue) [stretch] - owncloud-client (OAuth support introduced in 2.4) NOTE: https://owncloud.com/security-advisories/cve-2021-44537/ CVE-2021-44536 RESERVED CVE-2021-44535 RESERVED CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it was n ...) {DSA-5170-1 DLA-3137-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) CVE-2021-44534 RESERVED CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...) {DSA-5170-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533 NOTE: https://hackerone.com/reports/1429694 NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x) CVE-2021-44532 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ...) {DSA-5170-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532 NOTE: https://hackerone.com/reports/1429694 NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x) NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) CVE-2021-44531 (Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...) {DSA-5170-1} - nodejs 12.22.9~dfsg-1 (bug #1004177) [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531 NOTE: https://hackerone.com/reports/1429694 NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x) NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...) NOT-FOR-US: UniFi Network CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...) NOT-FOR-US: Ivanti CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that coul ...) {DSA-5372-1} - rails 2:6.1.4.6+dfsg-1 (bug #1001817) [buster] - rails (Vulnerable code introduced later) [stretch] - rails (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5 NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master) NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2) NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2) NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1) CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...) NOT-FOR-US: UniFi Switch firmware CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) NOT-FOR-US: SiPass CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) NOT-FOR-US: SiPass CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) NOT-FOR-US: SiPass CVE-2021-44477 (GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external ...) NOT-FOR-US: GE Gas Power ToolBoxST CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...) - lapack 3.10.0-2 (bug #1001902) [bullseye] - lapack (Minor issue) [buster] - lapack (Minor issue) [stretch] - lapack (Minor issue) - openblas 0.3.18+ds-1 [bullseye] - openblas (Minor issue) [buster] - openblas (Minor issue) [stretch] - openblas (Minor issue) NOTE: https://github.com/Reference-LAPACK/lapack/pull/625 NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 NOTE: https://github.com/JuliaLang/julia/issues/42415 NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18) NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18) NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18) NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18) CVE-2021-4047 (The release of OpenShift 4.9.6 included four CVE fixes for the haproxy ...) NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242 CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...) - cassandra (bug #585905) CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...) NOT-FOR-US: TCMAN GIM CVE-2021-4045 (TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, ...) NOT-FOR-US: TP-Link CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...) [experimental] - openssl 3.0.1-1 - openssl (Vulnerable code not present) NOTE: https://www.openssl.org/news/secadv/20211214.txt CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (Vulnerable code introduced later, in version 0.7.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47 NOTE: https://github.com/gpac/gpac/issues/2092 NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db (v2.0.0) NOTE: Introduced by https://github.com/gpac/gpac/commit/bc1704db1523eb3161af90da44b8394d4512855f CVE-2021-4042 REJECTED CVE-2021-4041 (A flaw was found in ansible-runner. An improper escaping of the shell ...) - ansible-runner 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074 NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0) CVE-2021-4040 (A flaw was found in AMQ Broker. This issue can cause a partial interru ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...) NOT-FOR-US: Zyxel CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...) NOT-FOR-US: Citrix XenMobile Server CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...) NOT-FOR-US: Citrix CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...) NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android CVE-2021-44517 RESERVED CVE-2021-44516 RESERVED CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...) NOT-FOR-US: ManageEngine CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...) NOT-FOR-US: ManageEngine CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...) - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) [bullseye] - tmate-ssh-server (Minor issue) NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...) - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) [bullseye] - tmate-ssh-server (Minor issue) NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2021-44511 RESERVED CVE-2021-44510 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44509 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44508 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44507 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44506 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44505 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44504 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1034805) [bookworm] - fis-gtm (Minor issue) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44503 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44502 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44501 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44500 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44499 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44498 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44497 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44496 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) - fis-gtm (bug #1034805) [bookworm] - fis-gtm (Minor issue) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44495 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44494 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44493 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44492 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) - fis-gtm 7.0-002-1 (bug #1009900) [bullseye] - fis-gtm (Minor issue) [buster] - fis-gtm (Minor issue) [stretch] - fis-gtm (Minor issue) NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 CVE-2021-44491 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOT-FOR-US: YottaDB CVE-2021-44490 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOT-FOR-US: YottaDB CVE-2021-44489 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOT-FOR-US: YottaDB CVE-2021-44488 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOT-FOR-US: YottaDB CVE-2021-44487 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44486 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) NOT-FOR-US: YottaDB CVE-2021-44485 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44484 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44483 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44482 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44481 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) NOT-FOR-US: YottaDB CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...) NOT-FOR-US: Wokka Lokka Q50 devices CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...) NOT-FOR-US: NXP Kinetis K82 devices CVE-2021-44478 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...) NOT-FOR-US: McAfee CVE-2022-21240 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may ...) NOT-FOR-US: Intel CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may allow a ...) NOT-FOR-US: Intel CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2022-21212 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) NOT-FOR-US: Intel CVE-2022-21197 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) NOT-FOR-US: Intel CVE-2022-21172 (Out of bounds write for some Intel(R) PROSet/Wireless WiFi products ma ...) NOT-FOR-US: Intel CVE-2022-21160 (Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi pr ...) NOT-FOR-US: Intel CVE-2022-21140 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) NOT-FOR-US: Intel CVE-2022-21139 (Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi ...) NOT-FOR-US: Intel CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) NOT-FOR-US: Intel CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...) NOT-FOR-US: Intel CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() functio ...) {DSA-5257-1 DLA-3173-1} - linux 5.14.6-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239 NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1) CVE-2021-4036 RESERVED CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 CVE-2021-37405 REJECTED CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) NOT-FOR-US: Intel CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) NOT-FOR-US: Intel CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control Center sof ...) NOT-FOR-US: Intel CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) NOT-FOR-US: Intel CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...) NOT-FOR-US: Intel CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...) {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 CVE-2021-23179 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) NOT-FOR-US: Intel CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...) NOT-FOR-US: Apache Superset CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...) NOT-FOR-US: Wocu Monitoring CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...) NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) NOT-FOR-US: Fresenius Kabi Agilia Link+ CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) NOT-FOR-US: Fresenius Kabi Vigilant MasterMed CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) NOT-FOR-US: Agilia Link+ CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Pinkie CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...) NOT-FOR-US: Rosario Student Information System CVE-2021-44426 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5 ...) NOT-FOR-US: AnyDesk CVE-2021-44425 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3 ...) NOT-FOR-US: AnyDesk CVE-2021-44424 RESERVED CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44421 (The pointer-validation logic in util/mem_util.rs in Occlum before 0.26 ...) NOT-FOR-US: Occlum CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) - python-django 2:3.2.10-1 [bullseye] - python-django 2:2.2.25-1~deb11u1 [buster] - python-django (Vulnerable code not present; is_endpoint support added later) [stretch] - python-django (Vulnerable code not present; path converters added later) NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1 NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10) NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25) CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44394 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44375 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44366 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) NOT-FOR-US: Reolink CVE-2021-44357 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44356 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44355 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-44354 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) NOT-FOR-US: Reolink CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...) {DSA-5059-1 DLA-2899-1} - policykit-1 0.105-31.1 NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11 CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: kimai2 CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before November ...) NOT-FOR-US: Sage CVE-2021-44353 RESERVED CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...) NOT-FOR-US: Tenda CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...) NOT-FOR-US: NavigateCMS CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the ...) NOT-FOR-US: ThinkPHP5 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) NOT-FOR-US: TuziCMS CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) NOT-FOR-US: TuziCMS CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...) NOT-FOR-US: TuziCMS CVE-2021-44346 RESERVED CVE-2021-44345 (Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated ...) NOT-FOR-US: Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System CVE-2021-44344 RESERVED CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) NOT-FOR-US: ok-file-formats CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) NOT-FOR-US: ok-file-formats CVE-2021-44341 RESERVED CVE-2021-44340 (David Brackeen ok-file-formats dev version is vulnerable to Buffer Ove ...) NOT-FOR-US: ok-file-formats CVE-2021-44339 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) NOT-FOR-US: ok-file-formats CVE-2021-44338 RESERVED CVE-2021-44337 RESERVED CVE-2021-44336 RESERVED CVE-2021-44335 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) NOT-FOR-US: ok-file-formats CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflo ...) NOT-FOR-US: ok-file-formats CVE-2021-44333 RESERVED CVE-2021-44332 RESERVED CVE-2021-44331 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ ...) NOT-FOR-US: ARM astcenc CVE-2021-44330 RESERVED CVE-2021-44329 RESERVED CVE-2021-44328 RESERVED CVE-2021-44327 RESERVED CVE-2021-44326 RESERVED CVE-2021-44325 RESERVED CVE-2021-44324 RESERVED CVE-2021-44323 RESERVED CVE-2021-44322 RESERVED CVE-2021-44321 (Mini-Inventory-and-Sales-Management-System is affected by Cross Site R ...) NOT-FOR-US: Mini-Inventory-and-Sales-Management-System CVE-2021-44320 RESERVED CVE-2021-44319 RESERVED CVE-2021-44318 RESERVED CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...) NOT-FOR-US: Bus Pass Management System CVE-2021-44316 RESERVED CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...) NOT-FOR-US: Bus Pass Management System CVE-2021-44314 RESERVED CVE-2021-44313 RESERVED CVE-2021-44312 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...) NOT-FOR-US: FACT_core CVE-2021-44311 RESERVED CVE-2021-44310 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...) NOT-FOR-US: FACT_core CVE-2021-44309 RESERVED CVE-2021-44308 RESERVED CVE-2021-44307 RESERVED CVE-2021-44306 RESERVED CVE-2021-44305 RESERVED CVE-2021-44304 RESERVED CVE-2021-44303 RESERVED CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...) NOT-FOR-US: BaiCloud-cms CVE-2021-44301 RESERVED CVE-2021-44300 RESERVED CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...) NOT-FOR-US: Navigate CMS CVE-2021-44298 RESERVED CVE-2021-44297 RESERVED CVE-2021-44296 RESERVED CVE-2021-44295 RESERVED CVE-2021-44294 RESERVED CVE-2021-44293 RESERVED CVE-2021-44292 RESERVED CVE-2021-44291 RESERVED CVE-2021-44290 RESERVED CVE-2021-44289 RESERVED CVE-2021-44288 RESERVED CVE-2021-44287 RESERVED CVE-2021-44286 RESERVED CVE-2021-44285 RESERVED CVE-2021-44284 RESERVED CVE-2021-44283 (A buffer overflow in the component /Enclave.cpp of Electronics and Tel ...) NOT-FOR-US: ShieldStore CVE-2021-44282 RESERVED CVE-2021-44281 RESERVED CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...) NOT-FOR-US: attendance management system CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: LibreNMS CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...) NOT-FOR-US: LibreNMS CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: LibreNMS CVE-2021-44276 RESERVED CVE-2021-44275 RESERVED CVE-2021-44274 RESERVED CVE-2021-44273 (e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate va ...) {DLA-3564-1} - e2guardian 5.3.5-3 (bug #1003125) [bullseye] - e2guardian 5.3.4-1+deb11u1 [stretch] - e2guardian (SSL MITM engine not enabled in stretch) NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2 NOTE: https://github.com/e2guardian/e2guardian/issues/707 NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 CVE-2021-44272 RESERVED CVE-2021-44271 RESERVED CVE-2021-44270 RESERVED CVE-2021-44269 (An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV f ...) - wavpack 5.5.0-1 (unimportant) NOTE: https://github.com/dbry/WavPack/issues/110 NOTE: Fixed by: https://github.com/dbry/WavPack/commit/773f9d0803c6888ae7d5391878d7337f24216f4a NOTE: Negligible security impact; only impacts the CLI program CVE-2021-44268 RESERVED CVE-2021-44267 RESERVED CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...) NOT-FOR-US: GUnet Open eClass CVE-2021-44265 RESERVED CVE-2021-44264 RESERVED CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping.) NOT-FOR-US: Gurock TestRail CVE-2021-44262 (A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, vers ...) NOT-FOR-US: Netgear CVE-2021-44261 (A vulnerability is in the 'BRS_top.html' page of the Netgear W104, ver ...) NOT-FOR-US: Netgear CVE-2021-44260 (A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, ...) NOT-FOR-US: WAVLINK CVE-2021-44259 (A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, versio ...) NOT-FOR-US: WAVLINK CVE-2021-44258 RESERVED CVE-2021-44257 RESERVED CVE-2021-44256 RESERVED CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Motione ...) NOT-FOR-US: MotionEye CVE-2021-44254 RESERVED CVE-2021-44253 RESERVED CVE-2021-44252 RESERVED CVE-2021-44251 RESERVED CVE-2021-44250 RESERVED CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...) NOT-FOR-US: Online Motorcycle (Bike) Rental System CVE-2021-44248 RESERVED CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) NOT-FOR-US: TOTOLINK CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) NOT-FOR-US: TOTOLINK CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS) CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System CVE-2021-44243 RESERVED CVE-2021-44242 RESERVED CVE-2021-44241 RESERVED CVE-2021-44240 RESERVED CVE-2021-44239 RESERVED CVE-2021-44238 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/mod ...) NOT-FOR-US: AyaCMS CVE-2021-44237 RESERVED CVE-2021-44236 RESERVED CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) - linux (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) CVE-2021-4031 (Syltek application before its 10.22.00 version, does not correctly che ...) NOT-FOR-US: Syltek CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of the Z ...) NOT-FOR-US: Zyxel CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...) NOT-FOR-US: Zyxel CVE-2021-4028 (A flaw in the Linux kernel's implementation of RDMA communications man ...) - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201 NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4) CVE-2021-4027 RESERVED CVE-2021-4026 (bookstack is vulnerable to Improper Access Control) NOT-FOR-US: bookstack CVE-2021-4025 RESERVED CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...) NOT-FOR-US: SAP CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...) NOT-FOR-US: SAP CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...) NOT-FOR-US: SAP CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...) NOT-FOR-US: SAP CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...) NOT-FOR-US: SAP CVE-2022-21792 (In camera isp, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21791 (In camera isp, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21790 (In camera isp, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21789 (In audio ipi, there is a possible memory corruption due to a race cond ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21788 (In scp, there is a possible undefined behavior due to incorrect error ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21787 (In audio DSP, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21786 (In audio DSP, there is a possible memory corruption due to improper ca ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21785 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21784 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21783 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21782 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21781 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21778 (In vpu, there is a possible information disclosure due to an incorrect ...) NOT-FOR-US: Mediatek CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a missing pe ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21776 (In MDP, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21775 (In sched driver, there is a possible use after free due to improper lo ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21774 (In TEEI driver, there is a possible use after free due to a race condi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21773 (In TEEI driver, there is a possible use after free due to a race condi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21772 (In TEEI driver, there is a possible type confusion due to a race condi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21771 (In GED driver, there is a possible use after free due to a race condit ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21770 (In sound driver, there is a possible information disclosure due to sym ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21769 (In CCCI, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21768 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21767 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21766 (In CCCI, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21765 (In CCCI, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21764 (In telecom service, there is a possible information disclosure due to ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21763 (In telecom service, there is a possible information disclosure due to ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21762 (In apusys driver, there is a possible system crash due to an integer o ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21761 (In apusys driver, there is a possible system crash due to an integer o ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21760 (In apusys driver, there is a possible system crash due to an integer o ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21759 (In power service, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21758 (In ccu, there is a possible memory corruption due to a double free. Th ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21757 (In WIFI Firmware, there is a possible system crash due to a missing co ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21756 (In WLAN driver, there is a possible out of bounds read due to an incor ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21755 (In WLAN driver, there is a possible out of bounds read due to an incor ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21754 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21753 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21752 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21751 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21750 (In WLAN driver, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21749 (In telephony, there is a possible information disclosure due to a miss ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21748 (In telephony, there is a possible information disclosure due to a miss ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21747 (In imgsensor, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21746 (In imgsensor, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21745 (In WIFI Firmware, there is a possible memory corruption due to a use a ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21744 (In Modem 2G RR, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...) NOT-FOR-US: MediaTek driver for Android CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...) - burpsuite (bug #832943) CVE-2021-44229 RESERVED CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...) {DSA-5020-1 DLA-2842-1} - apache-log4j2 2.15.0-1 (bug #1001478) - apache-log4j1.2 (Vulnerable code not present) NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q NOTE: https://github.com/apache/logging-log4j2/pull/608 NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198 NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3 NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence NOTE: the vulnerability can still be triggered using a ParametrizedMessage. CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...) - libpod 3.4.3+ds1-1 (bug #1000844) [bullseye] - libpod (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675 NOTE: https://twitter.com/discordianfish/status/1463462371675066371 NOTE: https://github.com/containers/podman/pull/12283 NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1) NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main) NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3) CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...) {DLA-3049-1} - mailman [buster] - mailman 1:2.1.29-1+deb10u4 NOTE: https://bugs.launchpad.net/mailman/+bug/1952384 NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38) NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39) CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege escalation becau ...) NOT-FOR-US: Razer Synapse CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux kerne ...) - linux 5.15.3-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/713b9825a4c47897f66ad69409581e7734a8728e (5.15-rc1) CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64 binary f ...) NOT-FOR-US: Rizin CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) {DLA-3388-1} - keepalived 1:2.2.4-0.2 [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 [stretch] - keepalived (Minor issue) NOTE: https://github.com/acassen/keepalived/pull/2063 NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...) {DSA-5035-1 DLA-2907-1} - apache2 2.4.52-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 NOTE: Fixed by: https://svn.apache.org/r1895955 NOTE: Fixed by: https://svn.apache.org/r1896044 CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) - wordpress 5.8.1+dfsg1-1 [bullseye] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) [buster] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) [stretch] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation NOTE: options documented in: NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ CVE-2021-44222 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...) NOT-FOR-US: Siemens CVE-2021-44221 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...) NOT-FOR-US: Siemens CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...) - radare2 5.9.0+dfsg-1 (bug #1014490) NOTE: https://github.com/radareorg/radare2/issues/19436 NOTE: https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02 CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) - janus 0.11.5-4 (unimportant; bug #1000831) NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/ NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd NOTE: Issues only in janus-demos built from src:janus CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669) CVE-2021-44220 RESERVED CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database.) NOT-FOR-US: Gin-Vue-Admin CVE-2021-44218 RESERVED CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) NOT-FOR-US: Ericsson CVE-2021-44216 (Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18 ...) NOT-FOR-US: Northern.tech CFEngine Enterprise Hub CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Pe ...) NOT-FOR-US: Northern.tech CFEngine Enterprise Hub CVE-2021-44214 RESERVED CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/a ...) NOT-FOR-US: OX App Suite CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control characte ...) NOT-FOR-US: OX App Suite CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute of an e ...) NOT-FOR-US: OX App Suite CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange ...) NOT-FOR-US: OX App Suite CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as A ...) NOT-FOR-US: OX App Suite CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system message i ...) NOT-FOR-US: OX App Suite CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.) NOT-FOR-US: Acclaim USAHERDS CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...) NOT-FOR-US: Acronis CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) NOT-FOR-US: Acronis CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...) NOT-FOR-US: Acronis CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) NOT-FOR-US: Acronis CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) NOT-FOR-US: Acronis CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...) NOT-FOR-US: Acronis CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...) NOT-FOR-US: Acronis CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...) NOT-FOR-US: Acronis CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...) NOT-FOR-US: Acronis CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: UBIT Information Technologies Student Information Management System CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) NOT-FOR-US: UBIT Information Technologies Student Information Management System CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) NOT-FOR-US: Rapid7 Insight Agent CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-4014 REJECTED CVE-2021-4013 RESERVED CVE-2021-4012 RESERVED CVE-2021-44195 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44194 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44193 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44192 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44191 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44190 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44189 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44188 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-44184 RESERVED CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...) NOT-FOR-US: Adobe CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-44175 RESERVED CVE-2021-44174 RESERVED CVE-2021-44173 RESERVED CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: FortiGuard CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...) NOT-FOR-US: Fortinet CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...) NOT-FOR-US: Fortinet FortiClient CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) NOT-FOR-US: FortiGuard CVE-2021-44167 (An incorrect permission assignment for critical resource vulnerability ...) NOT-FOR-US: FortiGuard FortiClient CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in FortiToken Mobi ...) NOT-FOR-US: FortiGuard CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2021-44164 (Chain Sea ai chatbot system\u2019s file upload function has insufficie ...) NOT-FOR-US: Chain Sea CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...) NOT-FOR-US: Chain Sea CVE-2021-44162 (Chain Sea ai chatbot system\u2019s specific file download function has ...) NOT-FOR-US: Chain Sea CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system\u2019s specific functi ...) NOT-FOR-US: MOTP (Mobile One Time Password) system& CVE-2021-44160 (Carinal Tien Hospital Health Report System\u2019s login page has impro ...) NOT-FOR-US: Carinal Tien Hospital Health Report System& CVE-2021-44159 (4MOSAn GCB Doctor\u2019s file upload function has improper user privil ...) NOT-FOR-US: 4MOSAn GCB Doctor CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...) NOT-FOR-US: ASUS CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) {DSA-5027-1 DLA-2869-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768 CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) {DSA-5027-1} - xorg-server 2:1.20.13-3 [stretch] - xorg-server (Vulnerable code introduced later) - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21 CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) {DSA-5027-1 DLA-2869-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02 CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) {DSA-5027-1 DLA-2869-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...) NOT-FOR-US: Rapid7 Insight Agent CVE-2021-4006 RESERVED CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2022-0009 RESERVED CVE-2022-0008 RESERVED CVE-2022-0007 RESERVED CVE-2022-0006 RESERVED CVE-2021-44157 RESERVED CVE-2021-44156 RESERVED CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...) NOT-FOR-US: Reprise RLM CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...) NOT-FOR-US: Reprise RLM CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...) NOT-FOR-US: Reprise RLM CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...) NOT-FOR-US: Reprise RLM CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...) NOT-FOR-US: Reprise RLM CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) NOT-FOR-US: tusdotnet CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) - optee-os (Fixed before initial upload) NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4pqr-q8rf-8464 CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) NOT-FOR-US: GL.iNet CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) NOT-FOR-US: Claris CVE-2021-44146 RESERVED CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...) NOT-FOR-US: Apache NiFi CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...) NOT-FOR-US: Croatia Control Asterix CVE-2021-4004 RESERVED CVE-2021-4003 RESERVED CVE-2021-4002 (A memory leak flaw in the Linux kernel's hugetlbfs memory usage was fo ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1 NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890 CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...) - isync 1.4.4-1 (bug #999804) [bullseye] - isync (Vulnerable code introduced later) [buster] - isync (Vulnerable code introduced later) [stretch] - isync (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2 CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...) {DSA-5071-1} [experimental] - samba 2:4.16.0+dfsg-1 - samba 2:4.16.0+dfsg-2 (bug #1004693) NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/ CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...) [experimental] - samba 2:4.16.0+dfsg-1 - samba 2:4.16.0+dfsg-2 (bug #1004692) [bullseye] - samba (Minor issue; no backport to older versions, mitigations exists) [buster] - samba (Minor issue; no backport to older versions, mitigations exists) NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911 CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...) - jspwiki CVE-2021-44139 (Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).) NOT-FOR-US: alibaba/Sentinel CVE-2021-44138 (There is a Directory traversal vulnerability in Caucho Resin, as distr ...) NOT-FOR-US: Caucho Technology Resin CVE-2021-44137 RESERVED CVE-2021-44136 RESERVED CVE-2021-44135 (pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection ...) NOT-FOR-US: Pagekit CMS CVE-2021-44134 RESERVED CVE-2021-44133 RESERVED CVE-2021-44132 (A command injection vulnerability in the function formImportOMCIShell ...) NOT-FOR-US: C-DATA ONU4FERW CVE-2021-44131 RESERVED CVE-2021-44130 RESERVED CVE-2021-44129 RESERVED CVE-2021-44128 RESERVED CVE-2021-44127 (In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, ...) NOT-FOR-US: D-Link CVE-2021-44126 RESERVED CVE-2021-44125 RESERVED CVE-2021-44124 (Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Trave ...) NOT-FOR-US: Hiby Music Hiby OS R3 Pro CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...) {DSA-5028-1 DLA-2867-1} - spip 3.2.12-1 NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master) NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1) NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...) {DSA-5028-1 DLA-2867-1} - spip 3.2.12-1 NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12) NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021-44121 REJECTED CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...) {DSA-5028-1 DLA-2867-1} - spip 3.2.12-1 NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12) NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021-44119 RESERVED CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...) {DSA-5028-1 DLA-2867-1} - spip 3.2.12-1 NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html CVE-2021-44117 (A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLigh ...) NOT-FOR-US: TheDayLightStudio Fuel CMS CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 ...) NOT-FOR-US: Anchor CMS CVE-2021-44115 RESERVED CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...) NOT-FOR-US: Sourcecodester CVE-2021-44113 RESERVED CVE-2021-44112 RESERVED CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...) NOT-FOR-US: S-Cart CVE-2021-44110 RESERVED CVE-2021-44109 (A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier al ...) NOT-FOR-US: Open5GS CVE-2021-44108 (A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 ...) NOT-FOR-US: Open5GS CVE-2021-44107 RESERVED CVE-2021-44106 RESERVED CVE-2021-44105 RESERVED CVE-2021-44104 RESERVED CVE-2021-44103 REJECTED CVE-2021-44102 RESERVED CVE-2021-44101 RESERVED CVE-2021-44100 RESERVED CVE-2021-44099 RESERVED CVE-2021-44098 (EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Inje ...) NOT-FOR-US: EgavilanMedia CVE-2021-44097 (EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vuln ...) NOT-FOR-US: EgavilanMedia CVE-2021-44096 (EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 ...) NOT-FOR-US: EgavilanMedia CVE-2021-44095 (A SQL injection vulnerability exists in ProjectWorlds Hospital Managem ...) NOT-FOR-US: projectworldsofficial/hospital-management-system-in-php CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...) NOT-FOR-US: zrlog CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) NOT-FOR-US: zrlog CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) NOT-FOR-US: code-projects Pharmacy Management CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) NOT-FOR-US: Sourcecodester Online Reviewer System CVE-2021-44089 RESERVED CVE-2021-44088 (An SQL Injection vulnerability exists in Sourcecodester Attendance and ...) NOT-FOR-US: Sourcecodester CVE-2021-44087 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester A ...) NOT-FOR-US: Sourcecodester CVE-2021-44086 RESERVED CVE-2021-44085 RESERVED CVE-2021-44084 RESERVED CVE-2021-44083 RESERVED CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /tex ...) - textpattern CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...) NOT-FOR-US: Open5GS CVE-2021-44080 (A Command Injection vulnerability in httpd web server (setup.cgi) in S ...) NOT-FOR-US: SerComm h500s CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53 CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: ShowDoc CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and underflow ...) {DLA-3152-1} - glibc 2.33-4 [bullseye] - glibc 2.31-13+deb11u4 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c CVE-2021-3998 (A flaw was found in glibc. The realpath() function can mistakenly retu ...) - glibc 2.33-4 [bullseye] - glibc (Vulnerable code introduced later) [buster] - glibc (Vulnerable code introduced later) [stretch] - glibc (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 NOTE: introduced in 2.33 by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c6e0b0b5b0b7922cdf0dce2af671e0c7e500df95 CVE-2021-3997 (A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf ...) - systemd 250.2-1 (bug #1003467) [bullseye] - systemd 247.3-7 [buster] - systemd (Minor issue; not exploitable before upstream commit e535840) [stretch] - systemd (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639 NOTE: https://github.com/systemd/systemd/pull/22070 NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2 NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1) NOTE: PoC still crashes on jessie/215-17+deb8u14 NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11 NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69 NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1 CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...) NOT-FOR-US: Wazuh CVE-2021-3996 (A logic error was found in the libmount library of util-linux in the f ...) {DSA-5055-1} - util-linux 2.37.3-1 [buster] - util-linux (Vulnerable code introduced later) [stretch] - util-linux (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3) NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 CVE-2021-3995 (A logic error was found in the libmount library of util-linux in the f ...) {DSA-5055-1} - util-linux 2.37.3-1 [buster] - util-linux (Vulnerable code introduced later) [stretch] - util-linux (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3) NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) NOT-FOR-US: django-helpdesk CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control) NOT-FOR-US: kimai2 CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...) NOT-FOR-US: Unicorn Engine CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3991 RESERVED CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) NOT-FOR-US: ShowDoc CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: ShowDoc CVE-2021-3988 RESERVED CVE-2021-3987 RESERVED CVE-2021-3986 RESERVED CVE-2021-44076 (An issue was discovered in CrushFTP 9. The creation of a new user thro ...) NOT-FOR-US: CrushFTP CVE-2021-44075 RESERVED CVE-2021-44074 RESERVED CVE-2021-44073 RESERVED CVE-2021-44072 RESERVED CVE-2021-44071 RESERVED CVE-2021-44070 RESERVED CVE-2021-44069 RESERVED CVE-2021-44068 RESERVED CVE-2021-44067 RESERVED CVE-2021-44066 RESERVED CVE-2021-44065 RESERVED CVE-2021-44064 RESERVED CVE-2021-44063 RESERVED CVE-2021-44062 RESERVED CVE-2021-44061 RESERVED CVE-2021-44060 RESERVED CVE-2021-44059 RESERVED CVE-2021-44058 RESERVED CVE-2021-44057 (An improper authentication vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-44056 (An improper authentication vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-44055 (An missing authorization vulnerability has been reported to affect QNA ...) NOT-FOR-US: QNAP CVE-2021-44054 (An open redirect vulnerability has been reported to affect QNAP device ...) NOT-FOR-US: QNAP CVE-2021-44053 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-44052 (An improper link resolution before file access ('Link Following') vuln ...) NOT-FOR-US: QNAP CVE-2021-44051 (A command injection vulnerability has been reported to affect QNAP NAS ...) NOT-FOR-US: QNAP CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...) NOT-FOR-US: CA Network Flow Analysis (NFA) CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...) NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM) CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...) NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...) NOT-FOR-US: UiPath CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...) NOT-FOR-US: UiPath CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...) NOT-FOR-US: UiPath CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: kimai2 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (bug #1001896; unimportant) NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625) NOTE: Crash in CLI tool, no security impact CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: kimai2 CVE-2022-21742 (Realtek USB driver has a buffer overflow vulnerability due to insuffic ...) NOT-FOR-US: Realtek CVE-2021-44040 (Improper Input Validation vulnerability in request line parsing of Apa ...) {DSA-5153-1} - trafficserver 9.1.2+ds-1 NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6 NOTE: https://github.com/apache/trafficserver/commit/85c319a7f7c0537bee408ea25df6f1a5ed0a4071 NOTE: https://github.com/apache/trafficserver/commit/c4e6661a5a205b1f60279f0e66aa496023185967 NOTE: https://github.com/apache/trafficserver/commit/8c6f2ed84ba0d8e6255baceb99ee891ebe1ce473 CVE-2021-44039 RESERVED CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...) - quagga [buster] - quagga (Minor issue) [stretch] - quagga (revisit when/if fixed upstream) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890 NOTE: Debian installed systemd unit files install the problematic redhat/*.service NOTE: files with the unsafe chmod/chown calls in the Debian packaging. CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...) NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...) NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...) NOT-FOR-US: Wolters Kluwer TeamMate AM CVE-2021-3982 (Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed ...) - gnome-shell (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known as grub. ...) - grub2 2.06-8 (bug #1001414) [bullseye] - grub2 (Minor issue) [buster] - grub2 (Minor issue) [stretch] - grub2 (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170 NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1) NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html NOTE: Fixed by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0adec29674561034771c13e446069b41ef41e4d4 CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...) - elgg (bug #526197) CVE-2021-3979 (A key length flaw was found in Red Hat Ceph Storage. An attacker can e ...) {DLA-3629-1} - ceph 16.2.9+ds-1 [bullseye] - ceph (Minor issue) [stretch] - ceph (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5 NOTE: https://tracker.ceph.com/issues/54006 NOTE: https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 (main) NOTE: https://github.com/ceph/ceph/commit/f69339e00f582ec64b843ff58b66817975fca0d7 (v16.2.8) CVE-2021-44034 RESERVED CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...) NOT-FOR-US: Ionic Identity Vault CVE-2021-44032 (TP-Link Omada SDN Software Controller before 5.0.15 does not check if ...) NOT-FOR-US: TP-Link CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...) NOT-FOR-US: Quest KACE Desktop Authority CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...) NOT-FOR-US: Quest KACE Desktop Authority CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...) NOT-FOR-US: Quest KACE Desktop Authority CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...) NOT-FOR-US: Quest KACE Desktop Authority CVE-2021-44027 RESERVED CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...) NOT-FOR-US: Trend Micro CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...) NOT-FOR-US: Trend Micro CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...) NOT-FOR-US: Trend Micro CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) NOT-FOR-US: Trend Micro CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) NOT-FOR-US: Trend Micro CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) NOT-FOR-US: Trend Micro CVE-2021-3978 RESERVED CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: invoiceninja CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) NOT-FOR-US: JT2Go / Siemens CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) NOT-FOR-US: JT2Go / Siemens CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44014 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) NOT-FOR-US: Siemens CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44002 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) NOT-FOR-US: Siemens CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) NOT-FOR-US: Siemens CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) NOT-FOR-US: JT2Go / Siemens CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...) - guacamole-client (bug #1015986) [stretch] - guacamole-client (SAML is not supported) NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7 CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: kimai2 CVE-2021-3975 (A use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ...) {DLA-3778-1} - libvirt 7.6.0-1 [bullseye] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) {DSA-5013-1 DLA-2840-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/issues/8193 NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) {DSA-5013-1 DLA-2840-1} - roundcube 1.5.0+dfsg.1-1 (bug #1000156) NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...) NOT-FOR-US: HashiCorp Vault CVE-2021-43997 (FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code ...) NOT-FOR-US: Amazon FreeRTOS CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...) NOT-FOR-US: Laravel Ignition component CVE-2021-43995 RESERVED CVE-2021-43994 RESERVED CVE-2021-43993 RESERVED CVE-2021-43992 RESERVED CVE-2021-43991 (The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to ...) NOT-FOR-US: Kentico Xperience CMS CVE-2021-43990 (The affected product is vulnerable to a network-based attack by threat ...) NOT-FOR-US: FANUC Roboguide CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...) NOT-FOR-US: mySCADA myPRO CVE-2021-43988 (The affected product is vulnerable to a network-based attack by threat ...) NOT-FOR-US: FANUC Roboguide CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...) NOT-FOR-US: mySCADA myPRO CVE-2021-43986 (The setup program for the affected product configures its files and fo ...) NOT-FOR-US: ROBOGUIDE CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...) NOT-FOR-US: mySCADA myPRO CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...) NOT-FOR-US: mySCADA myPRO CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...) NOT-FOR-US: WECON LeviStudioU CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...) NOT-FOR-US: Delta CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...) NOT-FOR-US: mySCADA myPRO CVE-2021-43980 (The simplified implementation of blocking reads and writes introduced ...) {DSA-5265-1 DLA-3160-1} - tomcat9 9.0.62-1 - tomcat8 NOTE: https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 NOTE: https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1 (9.0.61) NOTE: https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb (8.5.78) CVE-2021-43979 (Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles conc ...) NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...) NOT-FOR-US: Allegro WIndows CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...) NOT-FOR-US: SmarterTools CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-2 NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...) {DSA-5096-1 DLA-2941-1} - linux 5.15.5-2 [bullseye] - linux 5.10.84-1 NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/ CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...) NOT-FOR-US: SysAid ITIL CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...) NOT-FOR-US: SysAid ITIL CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...) NOT-FOR-US: SysAid ITIL CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...) NOT-FOR-US: SysAid ITIL CVE-2021-43970 (An arbitrary file upload vulnerability exists in albumimages.jsp in Qu ...) NOT-FOR-US: Digium CVE-2021-43969 (The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected b ...) NOT-FOR-US: Digium CVE-2021-43968 RESERVED CVE-2021-43967 RESERVED CVE-2021-43966 RESERVED CVE-2021-43965 RESERVED CVE-2021-43964 RESERVED CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...) NOT-FOR-US: Couchbase Sync Gateway CVE-2021-43962 RESERVED CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.) NOT-FOR-US: Sonatype CVE-2021-43960 (Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerabili ...) NOT-FOR-US: Lorensbergs Connect2 CVE-2021-3974 (vim is vulnerable to Use After Free) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (bug #1001897; unimportant) NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612) NOTE: Crash in CLI tool, no security impact CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-2947-1} - vim 2:8.2.3995-1 (unimportant; bug #1001899) NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611) NOTE: Crash in CLI tool, no security impact CVE-2021-3972 (A potential vulnerability by a driver used during manufacturing proces ...) NOT-FOR-US: Lenovo CVE-2021-3971 (A potential vulnerability by a driver used during older manufacturing ...) NOT-FOR-US: Lenovo CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...) NOT-FOR-US: Lenovo CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...) NOT-FOR-US: Lenovo CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow) - vim 2:8.2.3995-1 (unimportant; bug #1001900) [buster] - vim (The vulnerable code is not present) [stretch] - vim (The vulnerable code is not present) NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/ NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610) NOTE: Crash in CLI tool, no security impact CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...) - tensorflow (bug #804612) CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) - tensorflow (bug #804612) CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...) - tensorflow (bug #804612) CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...) {DSA-5196-1 DLA-3018-1} - libpgjava 42.3.2-1 NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2) CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) [stretch] - ring (Vulnerable code not present) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-006.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...) NOT-FOR-US: next.js CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-21718 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2022-21717 RESERVED CVE-2022-21716 (Twisted is an event-based framework for internet applications, support ...) {DLA-2938-1} - twisted 22.2.0-1 [bullseye] - twisted 20.3.0-7+deb11u1 [buster] - twisted 18.9.0-3+deb10u1 NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx NOTE: https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1 NOTE: https://twistedmatrix.com/trac/ticket/10284 CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) - codeigniter (bug #471583) CVE-2022-21714 RESERVED CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...) - grafana CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) {DLA-2927-1} - twisted 22.1.0-1 [bullseye] - twisted 20.3.0-7+deb11u1 [buster] - twisted 18.9.0-3+deb10u1 NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1) CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) NOT-FOR-US: elfspirit CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...) NOT-FOR-US: ShortDescription MediaWiki extension CVE-2022-21709 RESERVED CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...) - golang-github-graph-gophers-graphql-go 1.3.0-1 [bullseye] - golang-github-graph-gophers-graphql-go (Minor issue) [buster] - golang-github-graph-gophers-graphql-go (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0) NOTE: https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh NOTE: https://github.com/graph-gophers/graphql-go/pull/492 CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...) NOT-FOR-US: wasmCloud Host Runtime CVE-2022-21706 (Zulip is an open-source team collaboration tool with topic-based threa ...) - zulip-server (bug #800052) CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...) NOT-FOR-US: October CMS CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...) {DLA-3229-1} - node-log4js 6.4.1+~cs8.3.5-1 [bullseye] - node-log4js 6.3.0+~cs8.3.10-1+deb11u1 [stretch] - node-log4js (Nodejs in stretch not covered by security support) NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1) NOTE: https://github.com/log4js-node/streamroller/pull/87 NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640 CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...) - grafana CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) NOT-FOR-US: Micronaut CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) {DSA-5065-1 DLA-2896-1} - ipython 7.31.1-1 (bug #1004122) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9 NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...) - golang-github-prometheus-client-golang 1.11.1-1 (bug #1008008) [bullseye] - golang-github-prometheus-client-golang (Minor issue) [buster] - golang-github-prometheus-client-golang (Limited support, minor issue, DoS in specific conditions, follow bullseye DSAs/point-releases) [stretch] - golang-github-prometheus-client-golang (Minor issue, DoS in specific conditions, requires rebuilding reverse-dependencies; Limited support in stretch) NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p NOTE: https://github.com/prometheus/client_golang/pull/962 NOTE: https://github.com/prometheus/client_golang/pull/987 CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...) NOT-FOR-US: Jupyter Server Proxy CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4 CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (unimportant; bug #1014966) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h NOTE: https://github.com/onionshare/onionshare/issues/1389 NOTE: This isn't a security vulnerability by itself CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6 CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766 CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare 2.2-3+deb11u1 [buster] - onionshare (Vulnerable code introduced later in v2.0) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq NOTE: https://github.com/onionshare/onionshare/commit/8f1e7ac224e54f57e43321bba2c2f9fdb5143bb0 (v2.5) CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare 2.2-3+deb11u1 [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc NOTE: https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 (v2.5) CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...) NOTE: The report against OnionShare is just a stop gap, this needs to be tracked down/fixed in Qt NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...) NOT-FOR-US: GitHub Online Schema CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...) NOT-FOR-US: PrestaShop CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) NOT-FOR-US: Frontier CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) NOT-FOR-US: Discourse CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) NOT-FOR-US: Wagtail CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) {DSA-5049-1} - flatpak 1.12.3-1 [buster] - flatpak (Intrusive and risky to backport) [stretch] - flatpak (Intrusive and risky to backport) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa NOTE: 1.12.4 added further changes to avoid regressions for some workflows CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) - node-marked 4.0.12+ds+~4.0.1-1 [bullseye] - node-marked (Minor issue) [buster] - node-marked (Minor issue) [stretch] - node-marked (Nodejs in stretch not covered by security support) NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5 NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) - node-marked 4.0.12+ds+~4.0.1-1 [bullseye] - node-marked (Minor issue) [buster] - node-marked (Minor issue) [stretch] - node-marked (Nodejs in stretch not covered by security support) NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...) NOT-FOR-US: Istio CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) NOT-FOR-US: Discourse CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...) NOT-FOR-US: Engine.IO CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...) NOT-FOR-US: Bytecode Viewer CVE-2022-21674 RESERVED CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...) NOT-FOR-US: make-ca CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...) NOT-FOR-US: crosis CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...) - node-markdown-it 10.0.0+dfsg-6 [bullseye] - node-markdown-it 10.0.0+dfsg-2+deb11u1 NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2) CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...) NOT-FOR-US: PuddingBot CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...) - pipenv (Vulnerable code not uploaded) NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8 NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8) NOTE: Introduced by: https://github.com/pypa/pipenv/commit/742988169333ba14a4b2b6f527a604d6f0bc9e09 (v2018.10.9) NOTE: Fixed by: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8) CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...) NOT-FOR-US: soketi CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...) NOT-FOR-US: Useful Simple Open-Source CMS (USOC) CVE-2022-21665 RESERVED CVE-2022-21664 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86 NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957 CVE-2022-21663 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h NOTE: https://hackerone.com/reports/541469 CVE-2022-21662 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w NOTE: https://hackerone.com/reports/425342 CVE-2022-21661 (WordPress is a free and open-source content management system written ...) {DSA-5039-1 DLA-2884-1} - wordpress 5.8.3+dfsg1-1 (bug #1003243) NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214 NOTE: https://hackerone.com/reports/1378209 NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...) NOT-FOR-US: Gin-vue-admin CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (Fixed before initial upload to archive) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775 NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe (3.4.4) CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) [experimental] - rustc 1.57.0+dfsg1-1~exp1 - rustc 1.57.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658 NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1 CVE-2022-21657 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2022-21656 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2022-21655 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2022-21654 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...) - jawn (Vulnerable code not uploaded) NOTE: https://github.com/typelevel/jawn/pull/390 NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2) NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2) CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...) NOT-FOR-US: Shopware CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...) NOT-FOR-US: Shopware CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...) NOT-FOR-US: Convos CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...) NOT-FOR-US: Convos CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...) - php-nette [stretch] - php-nette (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.) NOTE: https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j NOTE: https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...) - codeigniter (bug #471583) CVE-2022-21646 (SpiceDB is a database system for managing security-critical applicatio ...) NOT-FOR-US: Go SpiceDB CVE-2022-21645 RESERVED CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) NOT-FOR-US: USOC CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) NOT-FOR-US: USOC CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-43959 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...) NOT-FOR-US: Atlassian CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed remote attac ...) NOT-FOR-US: Atlassian CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before version ...) NOT-FOR-US: Atlassian CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and Crucible bef ...) NOT-FOR-US: Atlassian CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and Crucible before ...) NOT-FOR-US: Atlassian CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-43944 (This issue exists to document that a security improvement in the way t ...) NOT-FOR-US: Atlassian CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian Confluence CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...) NOT-FOR-US: Elcomplus SmartPTT CVE-2021-43938 (Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated us ...) NOT-FOR-US: Elcomplus SmartPTT SCADA Server CVE-2021-43937 (Elcomplus SmartPTT SCADA Server web application does not, or cannot, s ...) NOT-FOR-US: Elcomplus SmartPTT SCADA Server CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...) NOT-FOR-US: Distributed Data Systems CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...) NOT-FOR-US: Hillrom CVE-2021-43934 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...) NOT-FOR-US: Elcomplus SmartPTT CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...) NOT-FOR-US: FANUC Roboguide CVE-2021-43932 (Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript c ...) NOT-FOR-US: Elcomplus SmartPTT CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...) NOT-FOR-US: Distributed Data Systems CVE-2021-43930 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...) NOT-FOR-US: Elcomplus SmartPTT CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...) NOT-FOR-US: Synology CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-43924 RESERVED CVE-2021-43923 RESERVED CVE-2021-43922 RESERVED CVE-2021-43921 RESERVED CVE-2021-43920 RESERVED CVE-2021-43919 RESERVED CVE-2021-43918 RESERVED CVE-2021-43917 RESERVED CVE-2021-43916 RESERVED CVE-2021-43915 RESERVED CVE-2021-43914 RESERVED CVE-2021-43913 RESERVED CVE-2021-43912 RESERVED CVE-2021-43911 RESERVED CVE-2021-43910 RESERVED CVE-2021-43909 RESERVED CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43906 RESERVED CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43904 RESERVED CVE-2021-43903 RESERVED CVE-2021-43902 RESERVED CVE-2021-43901 RESERVED CVE-2021-43900 RESERVED CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-43898 RESERVED CVE-2021-43897 RESERVED CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43895 RESERVED CVE-2021-43894 RESERVED CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43890 (

We have investigated reports of a spoofing vulnerability in AppX in ...) NOT-FOR-US: Microsoft CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43887 RESERVED CVE-2021-43886 RESERVED CVE-2021-43885 RESERVED CVE-2021-43884 RESERVED CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43881 RESERVED CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43879 RESERVED CVE-2021-43878 RESERVED CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: .NET core CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43874 REJECTED CVE-2021-43873 REJECTED CVE-2021-43872 REJECTED CVE-2021-43871 REJECTED CVE-2021-43870 REJECTED CVE-2021-43869 REJECTED CVE-2021-43868 REJECTED CVE-2021-43867 REJECTED CVE-2021-43866 REJECTED CVE-2021-43865 REJECTED CVE-2021-43864 REJECTED CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) NOT-FOR-US: Nextcloud Android app CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...) NOT-FOR-US: jQuery Terminal Emulator CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...) - node-mermaid 8.13.8+~cs10.4.16-1 [bullseye] - node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u2 NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...) {DSA-5049-1} - flatpak 1.12.3-1 [buster] - flatpak (Intrusive and risky to backport) [stretch] - flatpak (Intrusive and risky to backport) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) {DLA-2924-1} - libxstream-java 1.4.19-1 [bullseye] - libxstream-java (Minor issue) [buster] - libxstream-java (Minor issue) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf NOTE: https://x-stream.github.io/CVE-2021-43859.html NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846 CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) - minio (bug #859207) CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) NOT-FOR-US: Gerapy CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...) NOT-FOR-US: Wiki.js CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...) NOT-FOR-US: Wiki.js CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...) - nltk 3.6.7-1 (bug #1002623) [bullseye] - nltk (Minor issue) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x NOTE: https://github.com/nltk/nltk/issues/2866 NOTE: https://github.com/nltk/nltk/pull/2869 NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6) CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...) NOT-FOR-US: Ajax.NET Professional CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...) NOT-FOR-US: OroPlatform CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...) NOT-FOR-US: cordova-plugin-fingerprint-aio CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...) - h2o (Vulnerable code not yet uploaded) NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4 NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060 NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844 CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...) NOT-FOR-US: HumHub Social Network Kit Enterprise CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) NOT-FOR-US: solidus_frontend CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 NOTE: https://github.com/pjsip/pjproject/pull/2924 CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) NOT-FOR-US: MSEdgeRedirect CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) NOT-FOR-US: jsx-slack CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) NOT-FOR-US: Wiki.js CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...) NOT-FOR-US: XWiki CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) NOT-FOR-US: Discourse Message Bus middleware CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) NOT-FOR-US: Cronos CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...) NOT-FOR-US: jsx-slack CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...) NOT-FOR-US: Hashicorp vault-cli CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) NOT-FOR-US: eLabFTW CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) NOT-FOR-US: eLabFTW CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) NOT-FOR-US: Spinnaker CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...) NOT-FOR-US: gradio CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...) NOT-FOR-US: OpenProject CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...) NOT-FOR-US: PatrOwl CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...) NOT-FOR-US: PatrOwl CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...) NOT-FOR-US: discourse-footnote CVE-2021-43826 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2021-43825 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2021-43824 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) - envoyproxy (bug #987544) CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) NOT-FOR-US: Sourcegraph CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...) NOT-FOR-US: Jackalope Doctrine-DBAL CVE-2021-43821 (Opencast is an Open Source Lecture Capture & Video Management for Educ ...) NOT-FOR-US: Opencast CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) - seafile-server (bug #865830) NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 NOTE: https://github.com/haiwen/seafile-server/pull/520 CVE-2021-43819 (Stargate-Bukkit is a mod for the minecraft video game which adds a por ...) NOT-FOR-US: Stargate-Bukkit CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) {DSA-5043-1 DLA-2871-1} - lxml 4.7.1-1 (bug #1001885) NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5) NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5) CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...) NOT-FOR-US: Collabora Online CVE-2021-43816 (containerd is an open source container runtime. On installations using ...) - containerd 1.5.9~ds1-1 [bullseye] - containerd (Vulnerable code introduced in 1.5.0) NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620 CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) NOT-FOR-US: Rizin CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) NOT-FOR-US: Auth0 Next.js SDK CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...) NOT-FOR-US: Sockeye CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...) NOT-FOR-US: Admidio CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...) - rubygems 3.3.5-1 [bullseye] - rubygems (Minor issue) NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43 NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0) NOTE: https://github.com/rubygems/rubygems/pull/5142 CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333) [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1 NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42) CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for Educ ...) NOT-FOR-US: Opencast CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) NOT-FOR-US: Tuleap CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) NOT-FOR-US: Solidus CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...) NOT-FOR-US: next.js CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...) - etherpad-lite (bug #576998) CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...) NOT-FOR-US: Mercurius CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...) NOT-FOR-US: Wiki.js CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...) - zulip-server (bug #800052) CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...) - grafana CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) {DSA-5316-1 DLA-3268-1} - netty 1:4.1.48-6 (bug #1001437) [stretch] - netty (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final) CVE-2021-43796 RESERVED CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...) NOT-FOR-US: Armeria CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...) - zulip-server (bug #800052) CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...) NOT-FOR-US: Lucet CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...) NOT-FOR-US: PrestaShop CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...) NOT-FOR-US: Nodebb CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...) NOT-FOR-US: Nodebb CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...) NOT-FOR-US: Nodebb CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...) NOT-FOR-US: @joeattardi/emoji-button CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...) {DLA-3735-1 DLA-2841-1} - runc 1.0.3+ds1-1 [bullseye] - runc (Minor issue; not exploitable in 1.0.0) NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1 NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...) NOT-FOR-US: @backstage/plugin-scaffolder-backend CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) NOT-FOR-US: Tuleap CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...) NOT-FOR-US: Invenio-Drafts-Resources CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...) NOT-FOR-US: Redash CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...) - glpi (unimportant) NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh NOTE: Only supported behind an authenticated HTTP zone CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...) NOT-FOR-US: GLPI plugin CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) NOT-FOR-US: Redash CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...) NOT-FOR-US: Backstage CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) NOT-FOR-US: Aim CVE-2021-3967 (Improper Access Control in GitHub repository zulip/zulip prior to 4.10 ...) - zulip-server (bug #800052) CVE-2021-3966 (usb device bluetooth class includes a buffer overflow related to imple ...) NOT-FOR-US: Zephyr CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...) NOT-FOR-US: HP CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...) NOT-FOR-US: Fujifilm CVE-2021-43773 RESERVED CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...) NOT-FOR-US: Trend Micro CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...) NOT-FOR-US: Trend Micro CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key) - elgg (bug #526197) CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: kimai2 CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...) - imagemagick (Specific to 7.x) NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446 NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e CVE-2022-21641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-8 8u352-ga-1 - openjdk-11 11.0.17+8-1 - openjdk-17 17.0.5+8-1 CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5331-1 DLA-3307-1} - openjdk-8 8u352-ga-1 - openjdk-11 11.0.17+8-1 CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-8 8u352-ga-1 - openjdk-11 11.0.17+8-1 - openjdk-17 17.0.5+8-1 CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2022-21621 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-21620 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.40-dfsg-1 NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1 DSA-5331-1 DLA-3307-1} - openjdk-8 8u352-ga-1 - openjdk-11 11.0.17+8-1 - openjdk-17 17.0.5+8-1 CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5335-1} - openjdk-17 17.0.5+8-1 CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21614 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21613 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction Server ...) NOT-FOR-US: Oracle CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21601 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...) NOT-FOR-US: Oracle CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21596 (Vulnerability in the Oracle Database - Advanced Queuing component of O ...) NOT-FOR-US: Oracle CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.31-1 (bug #1024016) CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 CVE-2022-21591 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21590 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2022-21589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Fixed before initial uplod to Debian) CVE-2022-21588 RESERVED CVE-2022-21587 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2022-21586 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21585 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21584 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21583 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21582 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21581 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21580 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2022-21579 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21578 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21577 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21576 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21575 (Vulnerability in the Oracle WebCenter Sites Support Tools product of O ...) NOT-FOR-US: Oracle CVE-2022-21574 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21573 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21572 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.36-dfsg-1 NOTE: https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html CVE-2022-21570 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2022-21569 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21568 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2022-21567 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2022-21566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2022-21565 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2022-21564 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21563 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21562 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2022-21561 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21560 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21559 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2022-21558 (Vulnerability in the Oracle Crystal Ball product of Oracle Constructio ...) NOT-FOR-US: Oracle CVE-2022-21557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21556 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21555 (Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL ( ...) NOT-FOR-US: MySQL Shell for VS Code CVE-2022-21554 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.36-dfsg-1 CVE-2022-21553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21552 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2022-21551 (Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate). The ...) NOT-FOR-US: Oracle CVE-2022-21550 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21549 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5192-1} - openjdk-17 17.0.4+8-1 CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21546 RESERVED CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2022-21544 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21543 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21542 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21541 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5192-1 DSA-5188-1} - openjdk-8 8u342-b07-1 - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5192-1 DSA-5188-1} - openjdk-8 8u342-b07-1 - openjdk-11 11.0.16+8-1 - openjdk-17 17.0.4+8-1 CVE-2022-21539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21538 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21536 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21535 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) NOT-FOR-US: MySQL Shell CVE-2022-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21533 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21532 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) NOT-FOR-US: Oracle CVE-2022-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21530 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21529 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21528 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21527 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21526 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21525 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21524 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21523 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2022-21522 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21521 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21520 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21519 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21518 (Vulnerability in the Oracle Health Sciences Data Management Workbench ...) NOT-FOR-US: Oracle CVE-2022-21517 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21516 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21515 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21514 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21513 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21512 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21511 (Vulnerability in the Oracle Database - Enterprise Edition Recovery com ...) NOT-FOR-US: Oracle CVE-2022-21510 (Vulnerability in the Oracle Database - Enterprise Edition Sharding com ...) NOT-FOR-US: Oracle CVE-2022-21509 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21508 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) NOT-FOR-US: Oracle CVE-2022-21507 RESERVED CVE-2022-21506 RESERVED CVE-2022-21505 RESERVED - linux 5.18.16-1 [bullseye] - linux 5.10.136-1 [buster] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2022/07/19/4 NOTE: https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b (v5.19-rc8) CVE-2022-21504 (The code in UEK6 U3 was missing an appropiate file descriptor count to ...) NOT-FOR-US: Oracle CVE-2022-21503 (Vulnerability in the Oracle Cloud Infrastructure product of Oracle Clo ...) NOT-FOR-US: Oracle CVE-2022-21502 RESERVED CVE-2022-21501 RESERVED CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies). ...) NOT-FOR-US: Oracle CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and thus sh ...) {DSA-5161-1} - linux 5.17.11-1 [buster] - linux (kgdb not enabled) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/7 NOTE: https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066 (5.19-rc1) CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...) NOT-FOR-US: Oracle CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5131-1 DSA-5128-1 DLA-3006-1} - openjdk-8 8u332-ga-1 - openjdk-11 11.0.15+10-1 - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21495 RESERVED CVE-2022-21494 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21493 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21492 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2022-21491 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.34-dfsg-1 CVE-2022-21490 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21489 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21488 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.34-dfsg-1 CVE-2022-21487 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.34-dfsg-1 CVE-2022-21486 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21485 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21484 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21483 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21482 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21481 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management product ...) NOT-FOR-US: Oracle CVE-2022-21480 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21479 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5131-1 DSA-5128-1 DLA-3006-1} - openjdk-8 8u332-ga-1 - openjdk-11 11.0.15+10-1 (bug #1010597) - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21475 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2022-21474 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2022-21473 (Vulnerability in the Oracle Banking Treasury Management product of Ora ...) NOT-FOR-US: Oracle CVE-2022-21472 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21471 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.34-dfsg-1 CVE-2022-21470 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21469 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21468 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2022-21467 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2022-21466 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...) NOT-FOR-US: Oracle CVE-2022-21465 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.34-dfsg-1 CVE-2022-21464 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21463 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21462 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21461 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21460 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 - mysql-5.7 CVE-2022-21459 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21458 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21457 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21456 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21455 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.30-1 (bug #1015789) CVE-2022-21454 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21453 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21452 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 - mysql-5.7 CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...) NOT-FOR-US: Oracle CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5128-1} - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2022-21447 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) NOT-FOR-US: Oracle CVE-2022-21446 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21445 (Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middle ...) NOT-FOR-US: Oracle CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 - mysql-5.7 CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5131-1 DSA-5128-1 DLA-3006-1} - openjdk-8 8u332-ga-1 - openjdk-11 11.0.15+10-1 - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21442 (Vulnerability in Oracle GoldenGate (component: OGG Core Library). The ...) NOT-FOR-US: Oracle CVE-2022-21441 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21439 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21438 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5131-1 DSA-5128-1 DLA-3006-1} - openjdk-8 8u332-ga-1 - openjdk-11 11.0.15+10-1 - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21433 RESERVED CVE-2022-21432 (Vulnerability in the Oracle Database - Enterprise Edition RDBMS Securi ...) NOT-FOR-US: Oracle CVE-2022-21431 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21430 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21429 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21428 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-3114-1} - mysql-8.0 8.0.29-1 - mysql-5.7 - mariadb-10.5 1:10.5.8-1 - mariadb-10.3 NOTE: Fixed in MariaDB: 10.5.7, 10.4.25, 10.3.35, 10.2.44 CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5131-1 DSA-5128-1 DLA-3006-1} - openjdk-8 8u332-ga-1 - openjdk-11 11.0.15+10-1 - openjdk-17 17.0.3+7-1 - openjdk-18 18.0.1+10-1 CVE-2022-21425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21424 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21423 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21422 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21421 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2022-21420 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2022-21419 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2022-21418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 - mysql-5.7 CVE-2022-21416 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21415 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21414 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21413 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21411 (Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity compone ...) NOT-FOR-US: Oracle CVE-2022-21410 (Vulnerability in the Oracle Database - Enterprise Edition Sharding com ...) NOT-FOR-US: Oracle CVE-2022-21409 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21408 RESERVED CVE-2022-21407 RESERVED CVE-2022-21406 RESERVED CVE-2022-21405 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...) NOT-FOR-US: Oracle CVE-2022-21404 (Vulnerability in the Helidon product of Oracle Fusion Middleware (comp ...) NOT-FOR-US: Oracle CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.32-dfsg-1 CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...) NOT-FOR-US: Oracle CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21385 (A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivile ...) - linux 4.19.37-1 NOTE: https://git.kernel.org/linus/ea010070d0a7497253d5a6f919f6dd107450b31a (4.20) CVE-2022-21384 RESERVED CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21373 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2022-21372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21371 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21369 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21368 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java [stretch] - mysql-connector-java (MySQL has been replaced with MariaDB) CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21359 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21358 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21357 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21356 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21355 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21354 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2022-21353 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21351 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21350 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21349 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DLA-2917-1} - openjdk-8 8u322-ga-1 CVE-2022-21348 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21347 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21346 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2022-21345 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21344 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21343 RESERVED CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21338 (Vulnerability in the Oracle Communications Convergence product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21337 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21336 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21335 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21334 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21333 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21332 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21331 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21330 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21329 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21328 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21327 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21326 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21325 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21324 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21323 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21322 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21321 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21320 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21319 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21318 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21317 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21316 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21315 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21314 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21313 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21312 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21311 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21310 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21309 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21308 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21303 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21302 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) NOT-FOR-US: Oracle CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (Windows-specific) CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21290 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21289 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21288 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21287 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21286 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21281 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21280 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) NOT-FOR-US: MySQL Cluster CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1} - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21275 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21274 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2022-21273 (Vulnerability in the Oracle Project Costing product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2022-21272 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2022-21271 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) - openjdk-8 (Seems specific to Oracle Java) - openjdk-11 (Seems specific to Oracle Java) CVE-2022-21270 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21269 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21268 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21267 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21266 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) NOT-FOR-US: Oracle CVE-2022-21265 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21264 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21263 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2022-21262 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21261 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21260 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21259 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21258 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21257 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21256 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21255 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2022-21254 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21253 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21252 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2022-21251 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) {DSA-5058-1 DSA-5057-1 DLA-2917-1} - openjdk-8 8u322-ga-1 - openjdk-11 11.0.14+9-1 - openjdk-17 17.0.2+8-1 CVE-2022-21247 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2022-21246 (Vulnerability in the Oracle Communications Operations Monitor product ...) NOT-FOR-US: Oracle CVE-2022-21245 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 - mysql-8.0 8.0.29-1 CVE-2022-21244 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21243 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-43770 RESERVED CVE-2021-43769 RESERVED CVE-2021-43768 RESERVED CVE-2021-43767 (Odyssey passes to client unencrypted bytes from man-in-the-middle When ...) NOT-FOR-US: yandex/odyssey CVE-2021-43766 (Odyssey passes to server unencrypted bytes from man-in-the-middle When ...) NOT-FOR-US: yandex/odyssey CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) NOT-FOR-US: Adobe CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) NOT-FOR-US: Adobe CVE-2021-43760 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43759 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43758 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43757 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bo ...) NOT-FOR-US: Adobe CVE-2021-43753 (Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after ...) NOT-FOR-US: Adobe CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-43751 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) NOT-FOR-US: Adobe CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) NOT-FOR-US: Adobe CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) NOT-FOR-US: Adobe CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) NOT-FOR-US: Adobe CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...) {DLA-3379-1} - intel-microcode 3.20230214.1 (bug #1031334) [bullseye] - intel-microcode 3.20230214.1~deb11u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) NOT-FOR-US: Intel CVE-2022-21200 RESERVED CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...) NOT-FOR-US: Intel CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...) NOT-FOR-US: Intel CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...) NOT-FOR-US: Intel CVE-2022-21151 (Processor optimization removal or modification of security-critical co ...) {DSA-5178-1} - intel-microcode 3.20220510.1 (bug #1010947) [bullseye] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510 CVE-2022-21138 RESERVED CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...) NOT-FOR-US: Intel CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...) NOT-FOR-US: Intel CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Bitdefender CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) NOT-FOR-US: Bitdefender CVE-2021-3958 (Improper Handling of Parameters vulnerability in Ipack Automation Syst ...) NOT-FOR-US: iPack SCADA Automation CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...) NOT-FOR-US: Trilium Notes CVE-2021-43744 RESERVED CVE-2021-43743 RESERVED CVE-2021-43742 (CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file ...) NOT-FOR-US: CMSimple CVE-2021-43741 (CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability e ...) NOT-FOR-US: CMSimple CVE-2021-43740 RESERVED CVE-2021-43739 RESERVED CVE-2021-43738 (An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...) NOT-FOR-US: xiaohuanxiong CMS CVE-2021-43737 (An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...) NOT-FOR-US: xiaohuanxiong CMS CVE-2021-43736 (CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnera ...) NOT-FOR-US: CmsWing CVE-2021-43735 (CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behav ...) NOT-FOR-US: CmsWing CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...) NOT-FOR-US: kkFileview CVE-2021-43733 RESERVED CVE-2021-43732 RESERVED CVE-2021-43731 RESERVED CVE-2021-43730 RESERVED CVE-2021-43729 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...) NOT-FOR-US: Pix-Link MiNi Router CVE-2021-43728 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...) NOT-FOR-US: Pix-Link MiNi Router CVE-2021-43727 RESERVED CVE-2021-43726 RESERVED CVE-2021-43725 (There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...) - spotweb [buster] - spotweb (Minor issue) [stretch] - spotweb (Minor issue) NOTE: https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1 NOTE: https://github.com/spotweb/spotweb/issues/718 CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS throug ...) NOT-FOR-US: Subrion CMS CVE-2021-43723 RESERVED CVE-2021-43722 (D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main ...) NOT-FOR-US: D-Link CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markd ...) NOT-FOR-US: Leanote CVE-2021-43720 RESERVED CVE-2021-43719 RESERVED CVE-2021-43718 RESERVED CVE-2021-43717 RESERVED CVE-2021-43716 RESERVED CVE-2021-43715 RESERVED CVE-2021-43714 RESERVED CVE-2021-43713 RESERVED CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee Daily T ...) NOT-FOR-US: Sourcecodester Employee Daily Task Management System CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) NOT-FOR-US: TOTOLINK CVE-2021-43710 RESERVED CVE-2021-43709 RESERVED CVE-2021-43708 (The Labeling tool in Titus Classification Suite 18.8.1910.140 allows u ...) NOT-FOR-US: Titus Classification Suite CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...) NOT-FOR-US: Maccms CVE-2021-43706 RESERVED CVE-2021-43705 RESERVED CVE-2021-43704 RESERVED CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...) NOT-FOR-US: zzcms CVE-2021-43702 (ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting ( ...) NOT-FOR-US: ASUS CVE-2021-43701 (CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnera ...) NOT-FOR-US: CSZ CMS CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...) NOT-FOR-US: ApiManager CVE-2021-43699 RESERVED CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...) NOT-FOR-US: phpWhois CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...) NOT-FOR-US: Workerman-ThinkPHP-Redis CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...) NOT-FOR-US: twmap CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...) NOT-FOR-US: issabelPBX CVE-2021-43694 RESERVED CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...) NOT-FOR-US: Vesta Control Panel CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...) NOT-FOR-US: youtube-php-mirroring CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...) NOT-FOR-US: tripexpress CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: YurunProxy CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...) NOT-FOR-US: thinkphp manage CVE-2021-43688 RESERVED CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...) NOT-FOR-US: Chamilo LMS CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: nZEDb CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...) - libretime (bug #888687) CVE-2021-43684 RESERVED CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...) NOT-FOR-US: pictshare CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...) NOT-FOR-US: ThinkPHP BJY Blog CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...) NOT-FOR-US: SakuraPanel CVE-2021-43680 RESERVED CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...) NOT-FOR-US: ecshop CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...) NOT-FOR-US: Wechat-php-sdk CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...) NOT-FOR-US: Fluxbb CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...) NOT-FOR-US: matyhtf framework CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: Lychee-v3 CVE-2021-43674 (ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability i ...) NOT-FOR-US: ThinkUp CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...) NOT-FOR-US: dzzoffice CVE-2021-43672 RESERVED CVE-2021-43671 RESERVED CVE-2021-43670 RESERVED CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) NOT-FOR-US: HyperLedger CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...) - golang-github-go-ethereum (bug #890541) NOTE: https://github.com/ethereum/go-ethereum/issues/23866 CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) NOT-FOR-US: HyperLedger CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier ...) {DLA-3249-1} - mbedtls 2.28.0-1 [bullseye] - mbedtls (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/issues/5136 NOTE: Backport 2.16: https://github.com/ARMmbed/mbedtls/pull/5311 CVE-2021-43665 RESERVED CVE-2021-43664 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...) NOT-FOR-US: totolink EX300_v2 CVE-2021-43663 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...) NOT-FOR-US: totolink EX300_v2 CVE-2021-43662 (totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.4 ...) NOT-FOR-US: totolink EX300_v2 CVE-2021-43661 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a re ...) NOT-FOR-US: totolink EX300_v2 CVE-2021-43660 RESERVED CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any file c ...) NOT-FOR-US: Halo CVE-2021-43658 RESERVED CVE-2021-43657 (A Stored Cross-site scripting (XSS) vulnerability via MAster.php in So ...) NOT-FOR-US: Sourcecodetester Simple Client Management System CVE-2021-43656 RESERVED CVE-2021-43655 RESERVED CVE-2021-43654 RESERVED CVE-2021-43653 RESERVED CVE-2021-43652 RESERVED CVE-2021-43651 RESERVED CVE-2021-43650 (WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter u ...) NOT-FOR-US: WebRun - Windows only CVE-2021-43649 RESERVED CVE-2021-43648 RESERVED CVE-2021-43647 RESERVED CVE-2021-43646 RESERVED CVE-2021-43645 RESERVED CVE-2021-43644 RESERVED CVE-2021-43643 RESERVED CVE-2021-43642 RESERVED CVE-2021-43641 RESERVED CVE-2021-43640 RESERVED CVE-2021-43639 RESERVED CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...) NOT-FOR-US: Amazon CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) NOT-FOR-US: Amazon CVE-2021-43636 (Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu ...) NOT-FOR-US: T10 V2_Firmware CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) NOT-FOR-US: Codex CVE-2021-43634 RESERVED CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to stored X ...) NOT-FOR-US: Sourcecodester Messaging Web CVE-2021-43632 RESERVED CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) NOT-FOR-US: Projectworlds Hospital Management System CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) NOT-FOR-US: Projectworlds Hospital Management System CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) NOT-FOR-US: Projectworlds Hospital Management System CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) NOT-FOR-US: Projectworlds Hospital Management System CVE-2021-43627 RESERVED CVE-2021-43626 RESERVED CVE-2021-43625 RESERVED CVE-2021-43624 RESERVED CVE-2021-43623 RESERVED CVE-2021-43622 RESERVED CVE-2021-43621 RESERVED CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...) NOT-FOR-US: Rust crate fruity CVE-2021-43619 (Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in ...) NOT-FOR-US: Trusted Firmware M CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...) {DLA-2837-1} - gmp 2:6.2.1+dfsg-3 (bug #994405) [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1 [buster] - gmp 2:6.1.2+dfsg-4+deb10u1 NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...) - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728) [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1 NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: kimai2 CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) - npm 8.4.1~ds-1 [bullseye] - npm (Minor issue) [buster] - npm (Minor issue) NOTE: https://github.com/npm/cli/issues/2701 NOTE: https://github.com/npm/cli/commit/457e0ae61bbc55846f5af44afa4066921923490f (v8.4.1) CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2021-43614 RESERVED CVE-2021-43613 RESERVED CVE-2021-43612 (In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decod ...) {DLA-3389-1} - lldpd 1.0.13-1 [bullseye] - lldpd 1.0.11-1+deb11u1 [stretch] - lldpd (Minor issue) NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13) CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) NOT-FOR-US: Belledonne Belle-sip CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) NOT-FOR-US: Belledonne Belle-sip CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A ...) NOT-FOR-US: Spiceworks CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...) - php-doctrine-dbal (Vulnerable code introduced in 3.0.0) NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and NOTE: only present in experimental suite. NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622 CVE-2021-43607 RESERVED CVE-2021-43606 RESERVED CVE-2021-43605 RESERVED CVE-2021-43604 RESERVED CVE-2021-43603 RESERVED CVE-2021-43602 RESERVED CVE-2021-43601 RESERVED CVE-2021-43600 RESERVED CVE-2021-43599 RESERVED CVE-2021-43598 RESERVED CVE-2021-43597 RESERVED CVE-2021-43596 RESERVED CVE-2021-43595 RESERVED CVE-2021-43594 RESERVED CVE-2021-43593 RESERVED CVE-2021-43592 RESERVED CVE-2021-43591 RESERVED CVE-2021-43590 (Dell EMC Enterprise Storage Analytics for vRealize Operations, version ...) NOT-FOR-US: EMC CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...) NOT-FOR-US: EMC CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...) NOT-FOR-US: EMC CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) NOT-FOR-US: Dell CVE-2021-43586 RESERVED CVE-2021-43585 RESERVED CVE-2021-43584 (DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' ...) NOT-FOR-US: Nagios NCPA CVE-2021-43583 RESERVED CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...) NOT-FOR-US: Lenovo CVE-2021-3955 RESERVED CVE-2021-3954 RESERVED CVE-2021-3953 RESERVED CVE-2021-3952 RESERVED CVE-2021-3951 RESERVED CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...) NOT-FOR-US: Open Design Alliance PRC SDK CVE-2021-43580 RESERVED CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 ...) {DLA-2928-1} - htmldoc 1.9.13-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u1 [buster] - htmldoc 1.9.3-1+deb10u3 NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13) NOTE: https://github.com/michaelrsweet/htmldoc/issues/453 NOTE: Crash in CLI tool, no security impact CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) NOT-FOR-US: django-helpdesk CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...) NOT-FOR-US: Intel CVE-2022-21207 RESERVED CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...) NOT-FOR-US: Intel CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) NOT-FOR-US: Intel CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) {DLA-3380-1} - firmware-nonfree 20220913-1 [bullseye] - firmware-nonfree (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html NOTE: Fixed upstream in 20220815 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow an au ...) NOT-FOR-US: Intel NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 [bullseye] - intel-microcode (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 [buster] - xen (DSA 4677-1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21127 (Incomplete cleanup in specific special register read operations for so ...) {DSA-5178-1} - intel-microcode 3.20220510.1 [bullseye] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 [bullseye] - intel-microcode (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 [buster] - xen (DSA 4677-1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...) {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} - intel-microcode 3.20220510.1 [bullseye] - intel-microcode (Minor issue) - linux 5.18.5-1 [bullseye] - linux 5.10.127-1 - xen 4.16.2-1 [buster] - xen (DSA 4677-1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 NOTE: https://xenbits.xen.org/xsa/advisory-404.html CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...) NOT-FOR-US: Jenkins plugin CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins plugin CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...) NOT-FOR-US: Philips CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...) NOT-FOR-US: Philips CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...) NOT-FOR-US: Philips CVE-2021-3949 RESERVED CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...) NOT-FOR-US: Migration Toolkit for Containers CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...) - qemu 1:6.2+dfsg-1 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0) NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3) CVE-2021-3946 RESERVED CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) NOT-FOR-US: django-helpdesk CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...) NOT-FOR-US: Diffie Hellmann kex protocol issue CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: bookstack CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle CVE-2021-43575 (KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with ...) NOT-FOR-US: KNX ETS6 CVE-2021-43574 (WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) al ...) - atmailopen CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) NOT-FOR-US: Realtek CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...) NOT-FOR-US: Stark bank libraries CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...) NOT-FOR-US: Stark bank libraries CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java) ...) NOT-FOR-US: Stark bank libraries CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...) NOT-FOR-US: Stark bank libraries CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...) NOT-FOR-US: Stark bank libraries CVE-2021-43567 RESERVED CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...) [experimental] - samba 2:4.16.0+dfsg-1 - samba 2:4.16.0+dfsg-2 (bug #1004691) [bullseye] - samba 2:4.13.13+dfsg-1~deb11u4 [buster] - samba (Minor issue; no backport to older versions, mitigations exists) NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979 CVE-2021-43565 (The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ...) - golang-go.crypto 1:0.0~git20211202.5770296-1 [bullseye] - golang-go.crypto (Minor issue) [buster] - golang-go.crypto (Limited support, minor issue, follow bullseye DSAs/point-releases) [stretch] - golang-go.crypto (Limited support in stretch) NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 NOTE: https://github.com/golang/go/issues/49932 CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...) NOT-FOR-US: TYPO3 extension CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) NOT-FOR-US: TYPO3 extension CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) NOT-FOR-US: TYPO3 extension CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...) NOT-FOR-US: TYPO3 extension CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vulnerab ...) NOT-FOR-US: HP CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...) NOT-FOR-US: Apache Apisix CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...) {DSA-5299-1 DLA-3236-1} [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) [stretch] - openexr (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed CVE-2021-3940 REJECTED CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...) NOT-FOR-US: FATEK WinProladder CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...) NOT-FOR-US: mySCADA myDESIGNER CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...) NOT-FOR-US: FATEK WinProladder CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...) NOT-FOR-US: OSIsoft CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...) NOT-FOR-US: Philips CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...) NOT-FOR-US: OSIsoft CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...) NOT-FOR-US: Philips CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...) NOT-FOR-US: OSIsoft CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...) NOT-FOR-US: Philips CVE-2021-43547 (TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible ...) NOT-FOR-US: TwinOaks Computing CoreDX DDS CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545 CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541 CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...) - firefox 95.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 93.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534 CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...) - firefox 94.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533 CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...) - firefox 94.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532 CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...) - firefox 94.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531 CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...) - firefox 94.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530 CVE-2021-43529 (Thunderbird versions prior to 91.3.0 are vulnerable to the heap overfl ...) {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.3.0-1 NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...) {DSA-5034-1 DLA-2874-1} - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528 CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...) {DSA-5016-1 DLA-2836-1} - nss 2:3.73-1 NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4 NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH) NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html CVE-2021-43526 RESERVED CVE-2021-43525 RESERVED CVE-2021-43524 RESERVED CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...) - uclibc (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1 NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 (v1.0.39) CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...) NOT-FOR-US: Insyde CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...) - accountsservice (Ubuntu specific patch) NOTE: https://ubuntu.com/security/CVE-2021-3939 CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2021-3937 REJECTED CVE-2021-3936 RESERVED CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) {DLA-2922-1} - pgbouncer 1.16.1-1 [bullseye] - pgbouncer (Minor issue; can be fixed via point release) [buster] - pgbouncer (Minor issue; can be fixed via point release) NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1 NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1 NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1) CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...) NOT-FOR-US: ohmyzsh CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...) {DSA-5299-1 DLA-3236-1} [experimental] - openexr 3.1.3-1 - openexr 3.1.5-2 (bug #1014828) [stretch] - openexr (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17 CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_bu ...) NOT-FOR-US: zlog CVE-2021-43520 RESERVED CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...) - lua5.4 5.4.4-1 (bug #1000228) [bullseye] - lua5.4 (Minor issue) - lua5.3 (Vulnerable code not present) - lua5.2 (Vulnerable code not present) - lua5.1 (Vulnerable code not present) - lua50 (Vulnerable code not present) NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html NOTE: Introduced by: https://github.com/lua/lua/commit/287b302acb8d925178e9edb800f0a8d18c7d35f6 (v5.4.2) NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868 (v5.4.4) NOTE: Cf. http://lua-users.org/lists/lua-l/2023-06/msg00059.html NOTE: Cf. http://lua-users.org/lists/lua-l/2023-06/msg00063.html CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...) - teeworlds 0.7.5-2 (bug #1009070) [bullseye] - teeworlds (Minor issue) [buster] - teeworlds (Minor issue) NOTE: https://github.com/teeworlds/teeworlds/issues/2981 NOTE: https://github.com/teeworlds/teeworlds/pull/3018 NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368 NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/ CVE-2021-43517 (FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00 ...) NOT-FOR-US: Xiaongmai CVE-2021-43516 RESERVED CVE-2021-43515 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) NOT-FOR-US: kimai2 CVE-2021-43514 RESERVED CVE-2021-43513 RESERVED CVE-2021-43512 (An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8. ...) NOT-FOR-US: FlightRadar24 for Android CVE-2021-43511 RESERVED CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) NOT-FOR-US: Sourcecodester CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) NOT-FOR-US: Sourcecodester CVE-2021-43508 RESERVED CVE-2021-43507 RESERVED CVE-2021-43506 (An SQL Injection vulnerability exists in Sourcecodester Simple Client ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourceco ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2021-43504 RESERVED CVE-2021-43503 REJECTED CVE-2021-43502 RESERVED CVE-2021-43501 RESERVED CVE-2021-43500 RESERVED CVE-2021-43499 RESERVED CVE-2021-43498 (An Access Control vulnerability exists in ATutor 2.2.4 in password_rem ...) NOT-FOR-US: ATutor CVE-2021-43497 RESERVED CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) NOT-FOR-US: Clustering CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) NOT-FOR-US: AlquistManager CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...) NOT-FOR-US: OpenCV-REST-API CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...) NOT-FOR-US: ServerManagement CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) NOT-FOR-US: AlquistManager CVE-2021-43491 RESERVED CVE-2021-43490 RESERVED CVE-2021-43489 RESERVED CVE-2021-43488 RESERVED CVE-2021-43487 RESERVED CVE-2021-43486 RESERVED CVE-2021-43485 RESERVED CVE-2021-43484 (A Remote Code Execution (RCE) vulnerability exists in Simple Client Ma ...) NOT-FOR-US: Sourcecodester Simple Client Management System CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in ...) NOT-FOR-US: CLARO KAON CVE-2021-43482 RESERVED CVE-2021-43481 (An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier v ...) NOT-FOR-US: webTareas CVE-2021-43480 RESERVED CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2. ...) NOT-FOR-US: The-Secretary CVE-2021-43478 (A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a ...) NOT-FOR-US: Hoosk CVE-2021-43477 RESERVED CVE-2021-43476 RESERVED CVE-2021-43475 RESERVED CVE-2021-43474 (An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B0 ...) NOT-FOR-US: D-Link DIR-823G CVE-2021-43473 RESERVED CVE-2021-43472 RESERVED CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...) NOT-FOR-US: Canon CVE-2021-43470 RESERVED CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...) NOT-FOR-US: VINGA CVE-2021-43468 RESERVED CVE-2021-43467 RESERVED CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...) NOT-FOR-US: thymeleaf-spring5 CVE-2021-43465 RESERVED CVE-2021-43464 (A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2. ...) NOT-FOR-US: Subrion CMS CVE-2021-43463 (An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a s ...) NOT-FOR-US: Ext2 File System Driver for Windows CVE-2021-43462 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...) NOT-FOR-US: Rumble Mail Server CVE-2021-43461 (Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server ...) NOT-FOR-US: Rumble Mail Server CVE-2021-43460 (An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 ...) NOT-FOR-US: System Explorer CVE-2021-43459 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...) NOT-FOR-US: Rumble Mail Server CVE-2021-43458 (An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via ...) NOT-FOR-US: Vembu BDR Suite CVE-2021-43457 (An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a spec ...) NOT-FOR-US: no-free_vpn CVE-2021-43456 (An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0 ...) NOT-FOR-US: Rumble Mail Server CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a spe ...) - freelan (Windows only) NOTE: https://github.com/freelan-developers/freelan/issues/234 NOTE: https://www.exploit-db.com/exploits/49630 CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...) NOT-FOR-US: AnyTXT Searcher for Windows CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754 NOTE: Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f CVE-2021-43452 RESERVED CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...) NOT-FOR-US: PHPGURUKUL CVE-2021-43450 RESERVED CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Inp ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site S ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) NOT-FOR-US: ONLYOFFICE CVE-2021-43443 RESERVED CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc Annexxus Cam ...) NOT-FOR-US: Annexxus Camera CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...) NOT-FOR-US: iOrder CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...) NOT-FOR-US: iOrder CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...) NOT-FOR-US: iResturant CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) NOT-FOR-US: iResturant CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) NOT-FOR-US: sourcecodetester Engineers Online Portal CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...) NOT-FOR-US: MartDevelopers Inc iResturant CVE-2021-43435 RESERVED CVE-2021-43434 RESERVED CVE-2021-43433 RESERVED CVE-2021-43432 (A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admi ...) NOT-FOR-US: Exrick xmall CVE-2021-43431 RESERVED CVE-2021-43430 (An Access Control vulnerability exists in BigAntSoft BigAnt office mes ...) NOT-FOR-US: BigAnt Server CVE-2021-43429 (A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7 ...) NOT-FOR-US: CORTX-S3 Server CVE-2021-43428 RESERVED CVE-2021-43427 RESERVED CVE-2021-43426 RESERVED CVE-2021-43425 RESERVED CVE-2021-43424 RESERVED CVE-2021-43423 RESERVED CVE-2021-43422 RESERVED CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1. ...) NOT-FOR-US: Studio 42 elFinder CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) NOT-FOR-US: Sourcecodester CVE-2021-43419 (An Information Disclosure vulnerability exists in Opay Mobile applicat ...) NOT-FOR-US: Opay Mobile application CVE-2021-43418 RESERVED CVE-2021-43417 RESERVED CVE-2021-43416 RESERVED CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 NOTE: https://github.com/hashicorp/nomad/issues/11542 NOTE: https://github.com/hashicorp/nomad/pull/11554 NOTE: https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285 (v1.2.1) CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...) - hurd 1:0.9.git20210404-9 CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...) - hurd 1:0.9.git20210404-9 CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...) - hurd 1:0.9.git20210404-9 CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...) - hurd 1:0.9.git20210404-9 CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...) NOT-FOR-US: Apache Airavata CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: twill CVE-2021-43409 (The \u201cWPO365 | LOGIN\u201d WordPress plugin (up to and including v ...) NOT-FOR-US: WordPress plugin CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...) NOT-FOR-US: WordPress plugin CVE-2021-43407 RESERVED CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...) NOT-FOR-US: FusionPBX CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...) NOT-FOR-US: FusionPBX CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...) NOT-FOR-US: FusionPBX CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...) NOT-FOR-US: FusionPBX CVE-2021-43402 RESERVED CVE-2021-43401 RESERVED CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) - snipe-it (bug #1005172) CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...) {DLA-3099-1 DLA-2970-1} - qemu 1:6.2+dfsg-1 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546 NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0) CVE-2021-3929 (A DMA reentrancy issue was found in the NVM Express Controller (NVME) ...) - qemu 1:7.0+dfsg-1 [bullseye] - qemu (Minor issue; nvme support preliminary supported) [buster] - qemu (nvme support preliminary supported; PoC doesn't trigger) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556 (generic) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/782 (specific) NOTE: Proposed patchset (generic): https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html NOTE: Proposed patchset (specific): https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg04577.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385063f278fe7cd4ffb5221 (v7.0.0-rc0) CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...) {DLA-3157-1} - bluez 5.62-1 (bug #998626) [bullseye] - bluez (Minor issue; can be fixed in point release) [stretch] - bluez (invasive patch, requires post-stretch revamps) NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40) NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62) CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...) NOT-FOR-US: yubihsm-shell CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...) NOTE: Disputed Crypto++ issue, also see #1000227 NOTE: https://github.com/weidai11/cryptopp/issues/1080 NOTE: As per upstream believed to be the expected behaviour: NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222 CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...) NOT-FOR-US: LiquidFiles CVE-2021-43395 (An issue was discovered in illumos before f859e7171bb5db34321e45585839 ...) NOT-FOR-US: Illumos CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...) NOT-FOR-US: Unisys CVE-2021-43393 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes ...) NOT-FOR-US: STMicroelectronics CVE-2021-43392 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes ...) NOT-FOR-US: STMicroelectronics CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...) - glibc 2.32-5 (unimportant; bug #998622) [bullseye] - glibc 2.31-13+deb11u3 [buster] - glibc (Vulnerable code not present) [stretch] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888 NOTE: No security impact per upstream assessment CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...) {DSA-5096-1 DLA-2941-1 DLA-2843-1} - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1 NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...) NOT-FOR-US: Unisys Cargo Mobile Application CVE-2021-43387 RESERVED CVE-2021-43386 RESERVED CVE-2021-43385 RESERVED CVE-2021-43384 RESERVED CVE-2021-43383 RESERVED CVE-2021-43382 RESERVED CVE-2021-43381 RESERVED CVE-2021-43380 RESERVED CVE-2021-43379 RESERVED CVE-2021-43378 RESERVED CVE-2021-43377 RESERVED CVE-2021-43376 RESERVED CVE-2021-43375 RESERVED CVE-2021-43374 RESERVED CVE-2021-43373 RESERVED CVE-2021-43372 RESERVED CVE-2021-43371 RESERVED CVE-2021-43370 RESERVED CVE-2021-43369 RESERVED CVE-2021-43368 RESERVED CVE-2021-43367 RESERVED CVE-2021-43366 RESERVED CVE-2021-43365 RESERVED CVE-2021-43364 RESERVED CVE-2021-43363 RESERVED CVE-2021-43362 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MedData HBYS software CVE-2021-43361 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: MedData HBYS software CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule\u2019s serialization functio ...) NOT-FOR-US: Sunnet eHRD CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...) NOT-FOR-US: Sunnet eHRD CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) NOT-FOR-US: Sunnet eHRD CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582) NOTE: Crash in CLI tool, no security impact CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (unimportant) NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581) NOTE: Crash in CLI tool, no security impact CVE-2021-43357 RESERVED CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a ...) NOT-FOR-US: Apache Traffic Control CVE-2021-43349 RESERVED CVE-2021-43348 RESERVED CVE-2021-43347 RESERVED CVE-2021-43346 RESERVED CVE-2021-43345 RESERVED CVE-2021-43344 RESERVED CVE-2021-43343 RESERVED CVE-2021-43342 RESERVED CVE-2021-43341 RESERVED CVE-2021-43340 RESERVED CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...) NOT-FOR-US: Ericsson CVE-2021-43338 REJECTED CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...) - slurm-wlm (Affects only 21.08 series; vulnerable code introduced later) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html NOTE: https://www.schedmd.com/news.php?id=256 CVE-2021-42743 (A misconfiguration in the node default path allows for local privilege ...) NOT-FOR-US: Splunk CVE-2021-3926 RESERVED CVE-2021-3925 RESERVED CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames via the ...) NOT-FOR-US: Splunk CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing arbitr ...) NOT-FOR-US: Splunk CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...) NOT-FOR-US: Splunk CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43335 RESERVED CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) NOT-FOR-US: BuddyBoss CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) NOT-FOR-US: Datalogic CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) {DLA-3049-1} - mailman (bug #1000367) [buster] - mailman 1:2.1.29-1+deb10u3 NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ NOTE: https://bugs.launchpad.net/mailman/+bug/1949403 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36) NOTE: Regression fix: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1878 (2.1.37) CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...) {DLA-3049-1} - mailman (bug #1000367) [buster] - mailman 1:2.1.29-1+deb10u3 NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ NOTE: https://bugs.launchpad.net/mailman/+bug/1949401 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1875 (2.1.36) CVE-2021-43330 RESERVED CVE-2021-43329 (A SQL injection vulnerability in license_update.php in Mumara Classic ...) NOT-FOR-US: Mumara Classic CVE-2021-43328 RESERVED CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...) NOT-FOR-US: Renesas CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...) NOT-FOR-US: Automox Agent CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...) NOT-FOR-US: Automox Agent CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title.) NOT-FOR-US: LibreNMS CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2021-43322 RESERVED CVE-2021-43321 RESERVED CVE-2021-43320 REJECTED CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-43318 RESERVED CVE-2021-43317 (A heap-based buffer overflows was discovered in upx, during the generi ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/380 NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 NOTE: Crash in CLI tool, no security impact CVE-2021-43316 (A heap-based buffer overflow was discovered in upx, during the generic ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/381 NOTE: https://github.com/upx/upx/commit/962c35aa08ef3dcee13d3f7ef6e2d845da912f25 NOTE: Crash in CLI tool, no security impact CVE-2021-43315 (A heap-based buffer overflows was discovered in upx, during the generi ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/380 NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 NOTE: Crash in CLI tool, no security impact CVE-2021-43314 (A heap-based buffer overflows was discovered in upx, during the generi ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/380 NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 NOTE: Crash in CLI tool, no security impact CVE-2021-43313 (A heap-based buffer overflow was discovered in upx, during the variabl ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/378 NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6 NOTE: Crash in CLI tool, no security impact CVE-2021-43312 (A heap-based buffer overflow was discovered in upx, during the variabl ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/379 NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6 NOTE: Crash in CLI tool, no security impact CVE-2021-43311 (A heap-based buffer overflow was discovered in upx, during the generic ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/380 NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 NOTE: Crash in CLI tool, no security impact CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a ...) NOT-FOR-US: Keylime CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: Node uri-template-lite CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: Node markdown-link-extractor CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: Node semver-regex CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) NOT-FOR-US: Node jquery-validation CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) {DLA-3176-1} - clickhouse 18.16.1+ds-7.3 (bug #1008216) [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) {DLA-3176-1} - clickhouse 18.16.1+ds-7.3 (bug #1008216) [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) NOT-FOR-US: GoAhead Web Server CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) NOT-FOR-US: Apache Dubbo CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...) NOT-FOR-US: Grav CMS CVE-2021-23222 (A man-in-the-middle attacker can inject false responses to the client' ...) {DSA-5007-1 DSA-5006-1 DLA-2817-1} - postgresql-14 14.1-1 - postgresql-13 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24) CVE-2021-23214 (When the server is configured to use trust authentication with a clien ...) {DSA-5007-1 DSA-5006-1 DLA-2817-1} - postgresql-14 14.1-1 - postgresql-13 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24) CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...) NOT-FOR-US: Sonatype CVE-2021-43292 RESERVED CVE-2021-43291 RESERVED CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. The busine ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) NOT-FOR-US: ThoughtWorks GoCD CVE-2021-43285 RESERVED CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...) NOT-FOR-US: Victure WR1200 devices CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...) NOT-FOR-US: Victure WR1200 devices CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...) NOT-FOR-US: Victure WR1200 devices CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...) NOT-FOR-US: MyBB CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...) NOT-FOR-US: Open Design Alliance PRC SDK CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...) NOT-FOR-US: Open Design Alliance PRC SDK CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...) NOT-FOR-US: Open Design Alliance ODA Viewer CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...) NOT-FOR-US: Open Design Alliance ODA Viewer CVE-2021-43271 (Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0 ...) NOT-FOR-US: Riverbed AppResponse CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...) NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...) NOT-FOR-US: Code42 app CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) NOT-FOR-US: Wind River VxWorks CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) - mahara CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...) - mahara CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...) - mahara CVE-2021-43263 RESERVED CVE-2021-43262 RESERVED CVE-2021-43261 RESERVED CVE-2021-43260 RESERVED CVE-2021-43259 RESERVED CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote co ...) NOT-FOR-US: ChurchInfo CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...) - mantis CVE-2021-3923 (A flaw was found in the Linux kernel's implementation of RDMA over inf ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://git.kernel.org/linus/b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...) NOT-FOR-US: Lenovo CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15) CVE-2022-21121 RESERVED CVE-2022-21120 RESERVED CVE-2022-21119 RESERVED CVE-2022-21118 RESERVED CVE-2022-21117 RESERVED CVE-2022-21116 RESERVED CVE-2022-21115 RESERVED CVE-2022-21114 RESERVED CVE-2022-21113 RESERVED CVE-2022-21112 RESERVED CVE-2022-21111 RESERVED CVE-2022-21110 RESERVED CVE-2022-21109 RESERVED CVE-2022-21108 RESERVED CVE-2022-21107 RESERVED CVE-2022-21106 RESERVED CVE-2022-21105 RESERVED CVE-2022-21104 RESERVED CVE-2022-21103 RESERVED CVE-2022-21102 RESERVED CVE-2022-21101 RESERVED CVE-2022-21100 RESERVED CVE-2022-21099 RESERVED CVE-2022-21098 RESERVED CVE-2022-21097 RESERVED CVE-2022-21096 RESERVED CVE-2022-21095 RESERVED CVE-2022-21094 RESERVED CVE-2022-21093 RESERVED CVE-2022-21092 RESERVED CVE-2022-21091 RESERVED CVE-2022-21090 RESERVED CVE-2022-21089 RESERVED CVE-2022-21088 RESERVED CVE-2022-21087 RESERVED CVE-2022-21086 RESERVED CVE-2022-21085 RESERVED CVE-2022-21084 RESERVED CVE-2022-21083 RESERVED CVE-2022-21082 RESERVED CVE-2022-21081 RESERVED CVE-2022-21080 RESERVED CVE-2022-21079 RESERVED CVE-2022-21078 RESERVED CVE-2022-21077 RESERVED CVE-2022-21076 RESERVED CVE-2022-21075 RESERVED CVE-2022-21074 RESERVED CVE-2022-21073 RESERVED CVE-2022-21072 RESERVED CVE-2022-21071 RESERVED CVE-2022-21070 RESERVED CVE-2022-21069 RESERVED CVE-2022-21068 RESERVED CVE-2022-21067 RESERVED CVE-2022-21066 RESERVED CVE-2022-21065 RESERVED CVE-2022-21064 RESERVED CVE-2022-21063 RESERVED CVE-2022-21062 RESERVED CVE-2022-21061 RESERVED CVE-2022-21060 RESERVED CVE-2022-21059 RESERVED CVE-2022-21058 RESERVED CVE-2022-21057 RESERVED CVE-2022-21056 RESERVED CVE-2022-21055 RESERVED CVE-2022-21054 RESERVED CVE-2022-21053 RESERVED CVE-2022-21052 RESERVED CVE-2022-21051 RESERVED CVE-2022-21050 RESERVED CVE-2022-21049 RESERVED CVE-2022-21048 RESERVED CVE-2022-21047 RESERVED CVE-2022-21046 RESERVED CVE-2022-21045 RESERVED CVE-2022-21044 RESERVED CVE-2022-21043 RESERVED CVE-2022-21042 RESERVED CVE-2022-21041 RESERVED CVE-2022-21040 RESERVED CVE-2022-21039 RESERVED CVE-2022-21038 RESERVED CVE-2022-21037 RESERVED CVE-2022-21036 RESERVED CVE-2022-21035 RESERVED CVE-2022-21034 RESERVED CVE-2022-21033 RESERVED CVE-2022-21032 RESERVED CVE-2022-21031 RESERVED CVE-2022-21030 RESERVED CVE-2022-21029 RESERVED CVE-2022-21028 RESERVED CVE-2022-21027 RESERVED CVE-2022-21026 RESERVED CVE-2022-21025 RESERVED CVE-2022-21024 RESERVED CVE-2022-21023 RESERVED CVE-2022-21022 RESERVED CVE-2022-21021 RESERVED CVE-2022-21020 RESERVED CVE-2022-21019 RESERVED CVE-2022-21018 RESERVED CVE-2022-21017 RESERVED CVE-2022-21016 RESERVED CVE-2022-21015 RESERVED CVE-2022-21014 RESERVED CVE-2022-21013 RESERVED CVE-2022-21012 RESERVED CVE-2022-21011 RESERVED CVE-2022-21010 RESERVED CVE-2022-21009 RESERVED CVE-2022-21008 RESERVED CVE-2022-21007 RESERVED CVE-2022-21006 RESERVED CVE-2022-21005 RESERVED CVE-2022-21004 RESERVED CVE-2022-21003 RESERVED CVE-2022-21002 RESERVED CVE-2022-21001 RESERVED CVE-2022-21000 RESERVED CVE-2022-20999 RESERVED CVE-2022-20998 RESERVED CVE-2022-20997 RESERVED CVE-2022-20996 RESERVED CVE-2022-20995 RESERVED CVE-2022-20994 RESERVED CVE-2022-20993 RESERVED CVE-2022-20992 RESERVED CVE-2022-20991 RESERVED CVE-2022-20990 RESERVED CVE-2022-20989 RESERVED CVE-2022-20988 RESERVED CVE-2022-20987 RESERVED CVE-2022-20986 RESERVED CVE-2022-20985 RESERVED CVE-2022-20984 RESERVED CVE-2022-20983 RESERVED CVE-2022-20982 RESERVED CVE-2022-20981 RESERVED CVE-2022-20980 RESERVED CVE-2022-20979 RESERVED CVE-2022-20978 RESERVED CVE-2022-20977 RESERVED CVE-2022-20976 RESERVED CVE-2022-20975 RESERVED CVE-2022-20974 RESERVED CVE-2022-20973 RESERVED CVE-2022-20972 RESERVED CVE-2022-20971 RESERVED CVE-2022-20970 RESERVED CVE-2022-20969 (A vulnerability in multiple management dashboard pages of Cisco Umbrel ...) NOT-FOR-US: Cisco CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing feature of ...) NOT-FOR-US: Cisco CVE-2022-20967 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20966 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20965 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20964 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco Identity ...) NOT-FOR-US: Cisco CVE-2022-20961 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20960 (A vulnerability in Cisco AsyncOS Software for Cisco Email Security App ...) NOT-FOR-US: Cisco CVE-2022-20959 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...) NOT-FOR-US: Cisco CVE-2022-20958 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2022-20957 RESERVED CVE-2022-20956 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20955 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) NOT-FOR-US: Cisco CVE-2022-20954 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) NOT-FOR-US: Cisco CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) NOT-FOR-US: Cisco CVE-2022-20952 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...) NOT-FOR-US: Cisco CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...) NOT-FOR-US: Cisco CVE-2022-20948 RESERVED CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...) NOT-FOR-US: Cisco CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...) NOT-FOR-US: Cisco CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...) NOT-FOR-US: Cisco CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) NOT-FOR-US: Cisco CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...) NOT-FOR-US: Cisco CVE-2022-20939 RESERVED CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...) NOT-FOR-US: Cisco CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...) NOT-FOR-US: Cisco CVE-2022-20936 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20935 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20934 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...) NOT-FOR-US: Cisco CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20931 RESERVED CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...) NOT-FOR-US: Cisco CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...) NOT-FOR-US: Cisco CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2022-20926 (A vulnerability in the web management interface of the Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2022-20925 (A vulnerability in the web management interface of the Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2022-20924 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...) NOT-FOR-US: Cisco CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...) NOT-FOR-US: Cisco CVE-2022-20922 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) NOT-FOR-US: Cisco CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...) NOT-FOR-US: Cisco CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...) NOT-FOR-US: Cisco CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...) NOT-FOR-US: Cisco CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...) NOT-FOR-US: Cisco CVE-2022-20917 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...) NOT-FOR-US: Cisco CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...) NOT-FOR-US: Cisco CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...) NOT-FOR-US: Cisco CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2022-20912 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20911 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20910 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20909 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20908 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20905 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20902 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20901 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20900 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20899 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20898 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20897 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20896 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20895 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20894 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20893 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20892 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20891 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20890 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20889 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20888 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20887 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20886 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20885 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20884 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20883 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20882 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20881 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20880 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20879 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20878 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20877 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20876 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20875 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20874 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20871 RESERVED CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...) NOT-FOR-US: Cisco CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2022-20868 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2022-20867 (A vulnerability in web-based management interface of the of Cisco Emai ...) NOT-FOR-US: Cisco CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running Cisco A ...) NOT-FOR-US: Cisco CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20864 (A vulnerability in the password-recovery disable feature of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...) NOT-FOR-US: Cisco CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20861 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) NOT-FOR-US: Cisco CVE-2022-20860 (A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard ...) NOT-FOR-US: Cisco CVE-2022-20859 (A vulnerability in the Disaster Recovery framework of Cisco Unified Co ...) NOT-FOR-US: Cisco CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) NOT-FOR-US: Cisco CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) NOT-FOR-US: Cisco CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of Wirel ...) NOT-FOR-US: Cisco CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...) NOT-FOR-US: Cisco CVE-2022-20853 RESERVED CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...) NOT-FOR-US: Cisco CVE-2022-20849 RESERVED CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...) NOT-FOR-US: Cisco CVE-2022-20846 RESERVED CVE-2022-20845 RESERVED CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) NOT-FOR-US: Cisco CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20840 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20839 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20838 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) NOT-FOR-US: Cisco CVE-2022-20836 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20835 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20834 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20833 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20832 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20831 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) NOT-FOR-US: Cisco CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...) NOT-FOR-US: Cisco CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...) NOT-FOR-US: Cisco CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20826 (A vulnerability in the secure boot implementation of Cisco Secure Fire ...) NOT-FOR-US: Cisco CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2022-20823 (A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS ...) NOT-FOR-US: Cisco CVE-2022-20822 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...) NOT-FOR-US: Cisco CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...) NOT-FOR-US: Cisco CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...) NOT-FOR-US: Cisco CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20814 RESERVED CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...) NOT-FOR-US: Cisco CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...) NOT-FOR-US: Cisco CVE-2022-20811 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) NOT-FOR-US: Cisco CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol (SNMP) of Ci ...) NOT-FOR-US: Cisco CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...) NOT-FOR-US: Cisco CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...) NOT-FOR-US: Cisco CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...) NOT-FOR-US: Cisco CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...) NOT-FOR-US: Cisco CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...) NOT-FOR-US: Cisco CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...) NOT-FOR-US: Cisco CVE-2022-20803 (A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) ver ...) - clamav (Only affects 0.104.x) NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat and Emai ...) NOT-FOR-US: Cisco CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20800 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...) NOT-FOR-US: Cisco CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...) {DLA-3042-1} - clamav 0.103.6+dfsg-1 [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 [buster] - clamav 0.103.6+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...) NOT-FOR-US: Cisco CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...) NOT-FOR-US: Cisco CVE-2022-20793 RESERVED CVE-2022-20792 (A vulnerability in the regex module used by the signature database loa ...) {DLA-3042-1} - clamav 0.103.6+dfsg-1 [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 [buster] - clamav 0.103.6+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20791 (A vulnerability in the database user privileges of Cisco Unified Commu ...) NOT-FOR-US: Cisco CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...) NOT-FOR-US: Cisco CVE-2022-20788 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20785 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) {DLA-3042-1} - clamav 0.103.6+dfsg-1 [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 [buster] - clamav 0.103.6+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...) NOT-FOR-US: Cisco CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...) NOT-FOR-US: Cisco CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2022-20780 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) NOT-FOR-US: Cisco CVE-2022-20779 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) NOT-FOR-US: Cisco CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...) NOT-FOR-US: Cisco CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) NOT-FOR-US: Cisco CVE-2022-20776 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) NOT-FOR-US: Cisco CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...) NOT-FOR-US: Cisco CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) NOT-FOR-US: Cisco CVE-2022-20772 (A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secu ...) NOT-FOR-US: Cisco CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) {DLA-3042-1} - clamav 0.103.6+dfsg-1 [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 [buster] - clamav 0.103.6+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) {DLA-3042-1} - clamav 0.103.6+dfsg-1 [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 [buster] - clamav 0.103.6+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco Wireless ...) NOT-FOR-US: Cisco CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...) NOT-FOR-US: Cisco CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...) NOT-FOR-US: Cisco Firepower CVE-2022-20766 RESERVED CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...) NOT-FOR-US: Cisco CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...) NOT-FOR-US: Cisco CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...) NOT-FOR-US: Cisco CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP) packet pr ...) NOT-FOR-US: Cisco CVE-2022-20760 (A vulnerability in the DNS inspection handler of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2022-20759 (A vulnerability in the web services interface for remote access VPN fe ...) NOT-FOR-US: Cisco CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) NOT-FOR-US: Cisco CVE-2022-20757 (A vulnerability in the connection handling function in Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...) NOT-FOR-US: Cisco CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...) NOT-FOR-US: Cisco CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...) NOT-FOR-US: Cisco CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...) NOT-FOR-US: Cisco CVE-2022-20752 (A vulnerability in Cisco Unified Communications Manager (Unified CM), ...) NOT-FOR-US: Cisco CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...) NOT-FOR-US: Cisco Firepower CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...) NOT-FOR-US: Cisco CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20748 (A vulnerability in the local malware analysis process of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage Software co ...) NOT-FOR-US: Cisco CVE-2022-20746 (A vulnerability in the TCP proxy functionality of Cisco Firepower Thre ...) NOT-FOR-US: Cisco CVE-2022-20745 (A vulnerability in the web services interface for remote access VPN fe ...) NOT-FOR-US: Cisco CVE-2022-20744 (A vulnerability in the input protection mechanisms of Cisco Firepower ...) NOT-FOR-US: Cisco Firepower CVE-2022-20743 (A vulnerability in the web management interface of Cisco Firepower Man ...) NOT-FOR-US: Cisco CVE-2022-20742 (A vulnerability in an IPsec VPN library of Cisco Adaptive Security App ...) NOT-FOR-US: Cisco CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...) NOT-FOR-US: Cisco CVE-2022-20740 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) NOT-FOR-US: Cisco CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...) NOT-FOR-US: Cisco CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...) NOT-FOR-US: Cisco CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...) NOT-FOR-US: Cisco CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...) NOT-FOR-US: Cisco CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...) NOT-FOR-US: Cisco CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) NOT-FOR-US: Cisco CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cisco Fir ...) NOT-FOR-US: Cisco Firepower CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...) NOT-FOR-US: Cisco Firepower CVE-2022-20728 (A vulnerability in the client forwarding code of multiple Cisco Access ...) NOT-FOR-US: Cisco CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20725 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20724 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20723 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20722 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20721 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20720 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20719 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20718 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers c ...) NOT-FOR-US: Cisco CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...) NOT-FOR-US: Cisco CVE-2022-20713 (A vulnerability in the VPN web client services component of Cisco Adap ...) NOT-FOR-US: Cisco CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20710 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20709 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20708 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20707 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20706 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20705 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20704 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20703 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20702 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20701 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20700 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20699 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco Small Business RV Series Routers CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) ...) - clamav 0.103.5+dfsg-1 [bullseye] - clamav 0.103.5+dfsg-0+deb11u1 [buster] - clamav 0.103.5+dfsg-0+deb10u1 [stretch] - clamav (Minor issue; clean crash; follow stable updates) NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5) CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS Software an ...) NOT-FOR-US: Cisco CVE-2022-20696 (A vulnerability in the binding configuration of Cisco SD-WAN vManage S ...) NOT-FOR-US: Cisco CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco Wireless ...) NOT-FOR-US: Cisco CVE-2022-20694 (A vulnerability in the implementation of the Resource Public Key Infra ...) NOT-FOR-US: Cisco CVE-2022-20693 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Softwa ...) NOT-FOR-US: Cisco CVE-2022-20691 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2022-20690 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...) NOT-FOR-US: Cisco CVE-2022-20689 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...) NOT-FOR-US: Cisco CVE-2022-20688 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2022-20687 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...) NOT-FOR-US: Cisco CVE-2022-20686 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...) NOT-FOR-US: Cisco CVE-2022-20685 RESERVED CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...) NOT-FOR-US: Cisco CVE-2022-20683 (A vulnerability in the Application Visibility and Control (AVC-FNF) fe ...) NOT-FOR-US: Cisco CVE-2022-20682 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2022-20681 (A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst ...) NOT-FOR-US: Cisco CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...) NOT-FOR-US: Cisco CVE-2022-20679 (A vulnerability in the IPSec decryption routine of Cisco IOS XE Softwa ...) NOT-FOR-US: Cisco CVE-2022-20678 (A vulnerability in the AppNav-XE feature of Cisco IOS XE Software coul ...) NOT-FOR-US: Cisco CVE-2022-20677 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) NOT-FOR-US: Cisco IOx CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...) NOT-FOR-US: Cisco CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...) NOT-FOR-US: Cisco CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...) NOT-FOR-US: Cisco CVE-2022-20663 RESERVED CVE-2022-20662 (A vulnerability in the smart card login authentication of Cisco Duo fo ...) NOT-FOR-US: Cisco CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) NOT-FOR-US: Cisco CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...) NOT-FOR-US: Cisco CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2022-20657 RESERVED CVE-2022-20656 RESERVED CVE-2022-20655 RESERVED CVE-2022-20654 RESERVED CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...) NOT-FOR-US: Cisco CVE-2022-20652 RESERVED CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive Security De ...) NOT-FOR-US: Cisco CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2022-20649 RESERVED CVE-2022-20648 RESERVED CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20634 RESERVED CVE-2022-20633 RESERVED CVE-2022-20632 RESERVED CVE-2022-20631 RESERVED CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...) NOT-FOR-US: Cisco CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco Firepower CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco Firepower CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco Firepower CVE-2022-20626 RESERVED CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature ...) NOT-FOR-US: Cisco CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional Forwarding Detec ...) NOT-FOR-US: Cisco CVE-2022-20622 (A vulnerability in IP ingress packet processing of the Cisco Embedded ...) NOT-FOR-US: Cisco CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43254 RESERVED CVE-2021-43253 RESERVED CVE-2021-43252 RESERVED CVE-2021-43251 RESERVED CVE-2021-43250 RESERVED CVE-2021-43249 RESERVED CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43241 RESERVED CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43228 (SymCrypt Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43218 RESERVED CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-43216 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...) NOT-FOR-US: Microsoft CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43213 RESERVED CVE-2021-43212 RESERVED CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43210 RESERVED CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-43206 (A server-generated error message containing sensitive information in F ...) NOT-FOR-US: FortiGuard CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortiguard FortiClient CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...) NOT-FOR-US: FortiGuard CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...) NOT-FOR-US: Grav CMS CVE-2021-3919 (A potential security vulnerability has been identified in OMEN Gaming ...) NOT-FOR-US: HP CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) NOT-FOR-US: JetBrains Ktor CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible.) NOT-FOR-US: JetBrains TeamCity CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible.) NOT-FOR-US: JetBrains TeamCity CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.) NOT-FOR-US: JetBrains YouTrack CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...) NOT-FOR-US: JetBrains YouTrack CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.) NOT-FOR-US: JetBrains YouTrack CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...) NOT-FOR-US: JetBrains Hub CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...) NOT-FOR-US: JetBrains Hub CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible.) NOT-FOR-US: JetBrains Hub CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...) NOT-FOR-US: JetBrains Hub CVE-2021-43179 REJECTED CVE-2021-43178 REJECTED CVE-2021-43177 (As a result of an incomplete fix for CVE-2015-7225, in versions of dev ...) - ruby-devise-two-factor 4.0.2-1 (bug #1009636) [bullseye] - ruby-devise-two-factor (Minor issue) NOTE: https://github.com/tinfoil/devise-two-factor/security/advisories/GHSA-jm35-h8q2-73mp NOTE: https://github.com/tinfoil/devise-two-factor/pull/108 NOTE: https://github.com/tinfoil/devise-two-factor/commit/64576bb9e7d29800c5f92bb86fb6ecff91ad6105 (v4.0.2) CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) NOT-FOR-US: GOautodial API CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) NOT-FOR-US: GOautodial API CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) {DLA-3228-1} - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1 NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) {DSA-5041-1} - routinator (bug #929024) - cfrpki 1.4.0-1 NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/667 CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...) {DSA-5041-1 DSA-5033-1} - routinator (bug #929024) - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 - rpki-client 7.5-1 [bullseye] - rpki-client (Fixed versions need more recent libretls) NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/666 NOTE: https://github.com/NLnetLabs/routinator/pull/612 CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...) - routinator (bug #929024) - rpki-client 7.5-1 [bullseye] - rpki-client (Fixed versions need more recent libretls) NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt NOTE: https://github.com/NLnetLabs/routinator/pull/665 CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...) NOT-FOR-US: coreos-installer CVE-2021-43171 (Improper verification of applications' cryptographic signatures in the ...) NOT-FOR-US: App Lounge CVE-2021-43170 RESERVED CVE-2021-43169 RESERVED CVE-2021-43168 RESERVED CVE-2021-43167 RESERVED CVE-2021-43166 RESERVED CVE-2021-43165 RESERVED CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) NOT-FOR-US: Ruijie CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...) NOT-FOR-US: ProjectWorlds Online Shopping System PHP CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...) NOT-FOR-US: ProjectWorlds Online Shopping System PHP CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...) NOT-FOR-US: ProjectWorlds Online Book Store PHP CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...) NOT-FOR-US: ProjectWorlds Online Book Store PHP CVE-2021-43154 (Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2 ...) NOT-FOR-US: CMS Made Simple CVE-2021-43153 RESERVED CVE-2021-43152 RESERVED CVE-2021-43151 RESERVED CVE-2021-43150 RESERVED CVE-2021-43149 REJECTED CVE-2021-43148 RESERVED CVE-2021-43147 RESERVED CVE-2021-43146 RESERVED CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...) - zammad (bug #841355) CVE-2021-43144 RESERVED CVE-2021-43143 RESERVED CVE-2021-43142 (An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in ...) NOT-FOR-US: wutka jox CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...) NOT-FOR-US: Sourcecodester CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...) NOT-FOR-US: Sourcecodester CVE-2021-43139 RESERVED CVE-2021-43138 (In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtai ...) - node-async (Vulnerable code introduced later) NOTE: https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d (3.2.2) NOTE: https://github.com/caolan/async/pull/1828 NOTE: https://jsfiddle.net/oz5twjd9/ CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: hostel management system CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker ...) NOT-FOR-US: FormaLMS CVE-2021-43135 RESERVED CVE-2021-43134 RESERVED CVE-2021-43133 RESERVED CVE-2021-43132 RESERVED CVE-2021-43131 RESERVED CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...) NOT-FOR-US: Sourcecodester CVE-2021-43129 (A bypass exists for Desire2Learn/D2L Brightspace\u2019s \u201cDisable ...) NOT-FOR-US: D2L Brightspace LMS CVE-2021-43128 RESERVED CVE-2021-43127 RESERVED CVE-2021-43126 RESERVED CVE-2021-43125 RESERVED CVE-2021-43124 RESERVED CVE-2021-43123 RESERVED CVE-2021-43122 RESERVED CVE-2021-43121 RESERVED CVE-2021-43120 RESERVED CVE-2021-43119 RESERVED CVE-2021-43118 (A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 ...) NOT-FOR-US: DrayTek Vigor2960 devices CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...) NOT-FOR-US: fastadmin CVE-2021-43116 (An Access Control vulnerability exists in Nacos 2.0.3 in the access pr ...) NOT-FOR-US: Nacos CVE-2021-43115 RESERVED CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) {DSA-5033-1} - fort-validator 1.5.2-1 CVE-2021-43113 (iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows comma ...) {DSA-5323-1 DLA-3273-1} - libitext5-java 5.5.13.3-1 (bug #1014597) NOTE: https://github.com/itext/itextpdf/commit/ce8bbacd631e13717a91f02e9cbd9814b9dc2cca (5.5.13.3) CVE-2021-43112 RESERVED CVE-2021-43111 RESERVED CVE-2021-43110 (An Access Conrol vulnerability exists in PuneethReddyHC online-shoppin ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-43109 (An SQL Injection vulnerability exits in PuneethReddyHC online-shopping ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-43108 RESERVED CVE-2021-43107 RESERVED CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...) NOT-FOR-US: Compass Plus TranzWare CVE-2021-43105 (A vulnerability in the bailiwick checking function in Technitium DNS S ...) NOT-FOR-US: Technitium DNS Server CVE-2021-43104 RESERVED CVE-2021-43103 (A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43102 (A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction. ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43101 (A File Upload vulnerability exists in bbs 5.3 is via MembershipCardMan ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43100 (A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43099 (An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43098 (A File Upload vulnerability exists in bbs v5.3 via QuestionManageActio ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43097 (A Server-side Template Injection (SSTI) vulnerability exists in bbs 5. ...) NOT-FOR-US: bbs Patrol Cloud Light Forum CVE-2021-43096 RESERVED CVE-2021-43095 RESERVED CVE-2021-43094 (An SQL Injection vulnerability exists in OpenMRS Reference Application ...) NOT-FOR-US: OpenMRS CVE-2021-43093 RESERVED CVE-2021-43092 RESERVED CVE-2021-43091 (An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via ...) NOT-FOR-US: Yeswiki doryphore CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in soa-model before ...) NOT-FOR-US: soa-model CVE-2021-43089 RESERVED CVE-2021-43088 RESERVED CVE-2021-43087 RESERVED CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...) NOT-FOR-US: ARM astcenc CVE-2021-43085 REJECTED CVE-2021-43084 (An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tab ...) NOT-FOR-US: Dreamer CMS CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) NOT-FOR-US: bookstack CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) NOT-FOR-US: WordPress plugin CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...) NOT-FOR-US: Apache PLC4X CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) - trafficserver 9.1.1+ds-1 [bullseye] - trafficserver (Vulnerable code not present, introduced in 9.x) [buster] - trafficserver (Vulnerable code not present, introduced in 9.x) NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: https://github.com/apache/trafficserver/pull/8475 NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master) NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master: NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0) CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) NOT-FOR-US: bookstack CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) NOT-FOR-US: WordPress plugin CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2021-43081 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2021-43080 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2021-43079 RESERVED CVE-2021-43078 RESERVED CVE-2021-43077 (A improper neutralization of special elements used in an sql command ( ...) NOT-FOR-US: FortiGuard CVE-2021-43076 (An improper privilege management vulnerability [CWE-269] in FortiADC v ...) NOT-FOR-US: FortiGuard CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2021-43074 (An improper verification of cryptographic signature vulnerability [CWE ...) NOT-FOR-US: Fortinet CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2021-43072 (A buffer copy without checking size of input ('classic buffer overflow ...) NOT-FOR-US: Fortinet CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...) NOT-FOR-US: FortiGuard CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM ...) NOT-FOR-US: FortiGuard CVE-2021-43069 RESERVED CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...) NOT-FOR-US: FortiGuard CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...) NOT-FOR-US: FortiGuard CVE-2021-43066 (A external control of file name or path in Fortinet FortiClientWindows ...) NOT-FOR-US: FortiGuard FortiClient CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...) NOT-FOR-US: FortiGuard CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) NOT-FOR-US: FortiGuard CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...) NOT-FOR-US: Jenkins plugin CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) NOT-FOR-US: Jenkins plugin CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...) NOT-FOR-US: Jenkins plugin CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...) NOT-FOR-US: Jenkins plugin CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...) NOT-FOR-US: Jenkins plugin CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...) NOT-FOR-US: Jenkins plugin CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...) NOT-FOR-US: Jenkins plugin CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...) NOT-FOR-US: Jenkins plugin CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...) - jenkins CVE-2021-43061 RESERVED CVE-2021-43060 RESERVED CVE-2021-43059 RESERVED CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...) NOT-FOR-US: Replicated CVE-2021-3914 (It was found that the smallrye health metrics UI component did not pro ...) NOT-FOR-US: SmallRye Health CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...) - linux 5.14.9-1 [bullseye] - linux (Vulnerable code introduced later) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) NOT-FOR-US: TIBCO CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) NOT-FOR-US: TIBCO CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) NOT-FOR-US: TIBCO CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) NOT-FOR-US: TIBCO CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: Spotfire Server component of TIBCO CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...) NOT-FOR-US: TIBCO CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...) NOT-FOR-US: TIBCO CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...) NOT-FOR-US: TIBCO CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...) NOT-FOR-US: TIBCO CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...) NOT-FOR-US: TIBCO CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...) NOT-FOR-US: Apache Avro CVE-2021-3913 REJECTED CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) NOT-FOR-US: Kaseya CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...) {DSA-5041-1} - routinator (bug #929024) - cfrpki 1.4.0-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...) {DSA-5041-1} - cfrpki 1.4.0-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22 CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...) {DSA-5041-1} - cfrpki 1.4.0-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...) {DSA-5041-1 DSA-5033-1} - routinator (bug #929024) - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 - rpki-client 7.5-1 [bullseye] - rpki-client (Fixed versions need more recent libretls) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244 CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...) {DSA-5041-1} - cfrpki 1.4.0-1 - routinator (bug #929024) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...) {DSA-5041-1 DSA-5033-1} - cfrpki 1.4.0-1 - fort-validator 1.5.3-1 NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) NOT-FOR-US: bookstack CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...) - linux 4.17.3-1 NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7) CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) NOT-FOR-US: WordPress plugin CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) NOT-FOR-US: WordPress plugin CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...) NOT-FOR-US: WordPress plugin CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...) NOT-FOR-US: XenForo CVE-2021-43031 RESERVED CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) NOT-FOR-US: Adobe CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43027 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) NOT-FOR-US: Adobe CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-43020 RESERVED CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...) NOT-FOR-US: Adobe CVE-2021-43018 (Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected ...) NOT-FOR-US: Adobe CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...) NOT-FOR-US: Adobe CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-43014 RESERVED CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...) NOT-FOR-US: Adobe CVE-2021-43012 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-43011 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-3905 (A memory leak was found in Open vSwitch (OVS) during userspace IP frag ...) - openvswitch (Vulnerable code introduced later) NOTE: https://github.com/openvswitch/ovs-issues/issues/226 NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1 (v2.16.0) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...) NOT-FOR-US: Grav CMS CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3053-1} - vim 2:8.2.3565-1 (unimportant) NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149) NOTE: Crash in CLI tool, no security impact CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers can bypass this product for SQ ...) NOT-FOR-US: Safedog CVE-2021-43009 (A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon ...) NOT-FOR-US: OpServices OpMon CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in ...) {DLA-3002-1} - adminer 4.6.3-1 NOTE: https://github.com/vrana/adminer/releases/tag/v4.6.3 NOTE: https://podalirius.net/en/cves/2021-43008/ NOTE: https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability CVE-2021-43007 RESERVED CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...) NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools CVE-2021-43005 RESERVED CVE-2021-43004 RESERVED CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...) NOT-FOR-US: Amzetta CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...) NOT-FOR-US: Amzetta CVE-2021-43001 RESERVED CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...) NOT-FOR-US: Amzetta CVE-2021-42999 RESERVED CVE-2021-42998 RESERVED CVE-2021-42997 RESERVED CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...) NOT-FOR-US: Donglify CVE-2021-42995 RESERVED CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...) NOT-FOR-US: Donglify CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...) NOT-FOR-US: FlexiHub For Windows CVE-2021-42992 RESERVED CVE-2021-42991 RESERVED CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...) NOT-FOR-US: FlexiHub For Windows CVE-2021-42989 RESERVED CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...) NOT-FOR-US: Eltima USB Network Gate CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...) NOT-FOR-US: Eltima USB Network Gate CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...) NOT-FOR-US: NoMachine CVE-2021-42985 RESERVED CVE-2021-42984 RESERVED CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...) NOT-FOR-US: NoMachine CVE-2021-42982 RESERVED CVE-2021-42981 RESERVED CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...) NOT-FOR-US: NoMachine CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...) NOT-FOR-US: NoMachine CVE-2021-42978 RESERVED CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...) NOT-FOR-US: NoMachine CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...) NOT-FOR-US: NoMachine CVE-2021-42975 RESERVED CVE-2021-42974 RESERVED CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...) NOT-FOR-US: NoMachine CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...) NOT-FOR-US: NoMachine CVE-2021-42971 RESERVED CVE-2021-42970 (Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the ...) NOT-FOR-US: cxuucms CVE-2021-42969 (Certain Anaconda3 2021.05 are affected by OS command injection. When a ...) NOT-FOR-US: Anaconda Python CVE-2021-42968 RESERVED CVE-2021-42967 (Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/com ...) NOT-FOR-US: Novel-plus CVE-2021-42966 REJECTED CVE-2021-42965 RESERVED CVE-2021-42964 RESERVED CVE-2021-42963 RESERVED CVE-2021-42962 RESERVED CVE-2021-42961 RESERVED CVE-2021-42960 RESERVED CVE-2021-42959 RESERVED CVE-2021-42958 RESERVED CVE-2021-42957 RESERVED CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...) NOT-FOR-US: Zoho CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...) NOT-FOR-US: Zoho CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...) NOT-FOR-US: Zoho CVE-2021-42953 RESERVED CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...) NOT-FOR-US: Zepl Notebooks CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL ...) NOT-FOR-US: Algorithmia MSOL CVE-2021-42950 (Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all ...) NOT-FOR-US: Zepl CVE-2021-42949 (The component controlla_login function in HotelDruid Hotel Management ...) - hoteldruid 3.0.4-1 [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) CVE-2021-42948 (HotelDruid Hotel Management Software v3.0.3 and below was discovered t ...) - hoteldruid 3.0.4-1 [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) CVE-2021-42947 RESERVED CVE-2021-42946 (A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via t ...) NOT-FOR-US: htmly CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...) NOT-FOR-US: ZZCMS CVE-2021-42944 RESERVED CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...) - ipplan CVE-2021-42942 RESERVED CVE-2021-42941 RESERVED CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...) NOT-FOR-US: Projeqtor CVE-2021-42939 RESERVED CVE-2021-42938 RESERVED CVE-2021-42937 RESERVED CVE-2021-42936 RESERVED CVE-2021-42935 RESERVED CVE-2021-42934 RESERVED CVE-2021-42933 RESERVED CVE-2021-42932 RESERVED CVE-2021-42931 RESERVED CVE-2021-42930 RESERVED CVE-2021-42929 RESERVED CVE-2021-42928 RESERVED CVE-2021-42927 RESERVED CVE-2021-42926 RESERVED CVE-2021-42925 RESERVED CVE-2021-42924 RESERVED CVE-2021-42923 (ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If a ...) NOT-FOR-US: ShowMyPC 3606 on Windows CVE-2021-42922 RESERVED CVE-2021-42921 RESERVED CVE-2021-42920 RESERVED CVE-2021-42919 RESERVED CVE-2021-42918 RESERVED CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...) {DLA-3712-1} - kodi 2:19.3+dfsg1-1 (bug #998419) [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1 [stretch] - kodi (no point in fixing this when the more severe CVE-2017-5982 is ignored) - xbmc NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237 NOTE: https://github.com/xbmc/xbmc/issues/20305 NOTE: https://github.com/xbmc/xbmc/pull/20306 CVE-2021-42916 RESERVED CVE-2021-42915 RESERVED CVE-2021-42914 RESERVED CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...) NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...) NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617 CVE-2021-42911 (A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, ...) NOT-FOR-US: DrayTek Vigor2960 devices CVE-2021-42910 RESERVED CVE-2021-42909 RESERVED CVE-2021-42908 RESERVED CVE-2021-42907 RESERVED CVE-2021-42906 RESERVED CVE-2021-42905 RESERVED CVE-2021-42904 RESERVED CVE-2021-42903 RESERVED CVE-2021-42902 RESERVED CVE-2021-42901 RESERVED CVE-2021-42900 RESERVED CVE-2021-42899 RESERVED CVE-2021-42898 RESERVED CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in FeMiner wm ...) NOT-FOR-US: FeMiner/wms CVE-2021-42896 RESERVED CVE-2021-42895 RESERVED CVE-2021-42894 RESERVED CVE-2021-42893 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) NOT-FOR-US: TOTOLINK CVE-2021-42892 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet withou ...) NOT-FOR-US: TOTOLINK CVE-2021-42891 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) NOT-FOR-US: TOTOLINK CVE-2021-42890 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2021-42889 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) NOT-FOR-US: TOTOLINK CVE-2021-42888 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2021-42887 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sen ...) NOT-FOR-US: TOTOLINK CVE-2021-42886 (TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vuln ...) NOT-FOR-US: TOTOLINK CVE-2021-42885 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2021-42884 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2021-42883 RESERVED CVE-2021-42882 RESERVED CVE-2021-42881 RESERVED CVE-2021-42880 RESERVED CVE-2021-42879 RESERVED CVE-2021-42878 RESERVED CVE-2021-42877 (TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerabil ...) NOT-FOR-US: TOTOLINK CVE-2021-42876 RESERVED CVE-2021-42875 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) NOT-FOR-US: TOTOLINK CVE-2021-42874 RESERVED CVE-2021-42873 RESERVED CVE-2021-42872 (TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vuln ...) NOT-FOR-US: TOTOLINK CVE-2021-42871 RESERVED CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...) NOT-FOR-US: accel-ppp CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) NOT-FOR-US: Chikista Patient Management Software CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) NOT-FOR-US: Chikista Patient Management Software CVE-2021-42867 (A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8 ...) NOT-FOR-US: htmly CVE-2021-42866 (A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the S ...) NOT-FOR-US: Pixelimity CVE-2021-42865 RESERVED CVE-2021-42864 RESERVED CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4794 NOTE: https://github.com/jerryscript-project/jerryscript/commit/4e8d6344a8b5cf8f00bd3d5e869147af06d0189e CVE-2021-42862 RESERVED CVE-2021-42861 RESERVED CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) NOTE: Disputed mxml issue CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) NOTE: Disputed mxml issue CVE-2021-42858 RESERVED CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is susceptible to Cro ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-3902 [Improper Restriction of XML External Entity Reference for included svg files] RESERVED - php-dompdf 2.0.2+dfsg-1 [bullseye] - php-dompdf (current code reject svg image. Double checked by testing) [buster] - php-dompdf (current code reject svg image. Double checked by testing) NOTE: https://github.com/dompdf/dompdf/issues/2564 NOTE: https://huntr.dev/bounties/a6071c07-806f-429a-8656-a4742e4191b1 NOTE: https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799 (v2.0.0) CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...) NOT-FOR-US: Lenovo CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...) NOT-FOR-US: Lenovo CVE-2021-42850 (A weak default administrator password for the web interface and serial ...) NOT-FOR-US: Lenovo CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...) NOT-FOR-US: Lenovo CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...) NOT-FOR-US: Lenovo CVE-2021-3899 RESERVED CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...) NOT-FOR-US: Lenovo CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...) NOT-FOR-US: Lenovo CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-42846 RESERVED CVE-2021-42845 RESERVED CVE-2021-42844 RESERVED CVE-2021-42843 RESERVED CVE-2021-42842 RESERVED CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...) NOT-FOR-US: Insta HMS CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...) NOT-FOR-US: SuiteCRM CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...) NOT-FOR-US: Grand Vice info Co. webopac7 file upload function CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...) NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...) NOT-FOR-US: Talend Data Catalog CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) [experimental] - golang-github-tidwall-gjson 1.14.4-1 - golang-github-tidwall-gjson 1.14.4-2 (bug #1000225) [bookworm] - golang-github-tidwall-gjson (Minor issue) [bullseye] - golang-github-tidwall-gjson (Minor issue) [buster] - golang-github-tidwall-gjson (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944 (v1.9.2) NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96 (v1.9.3) NOTE: https://github.com/tidwall/gjson/issues/236 NOTE: https://github.com/tidwall/gjson/issues/237 CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...) NOT-FOR-US: Plex Media Server CVE-2021-42834 RESERVED CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...) NOT-FOR-US: AquaView CVE-2021-42832 RESERVED CVE-2021-42831 RESERVED CVE-2021-42830 RESERVED CVE-2021-42829 RESERVED CVE-2021-42828 RESERVED CVE-2021-42827 RESERVED CVE-2021-42826 RESERVED CVE-2021-42825 RESERVED CVE-2021-42824 RESERVED CVE-2021-42823 RESERVED CVE-2021-42822 RESERVED CVE-2021-42821 RESERVED CVE-2021-42820 RESERVED CVE-2021-42819 RESERVED CVE-2021-42818 RESERVED CVE-2021-42817 RESERVED CVE-2021-42816 RESERVED CVE-2021-42815 RESERVED CVE-2021-42814 RESERVED CVE-2021-42813 RESERVED CVE-2021-3896 REJECTED CVE-2021-42812 RESERVED CVE-2021-42811 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: SafeNet KeySecure CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...) NOT-FOR-US: Thales SafeNet Agent CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...) NOT-FOR-US: ThalesThales Sentinel Protection Installer CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...) NOT-FOR-US: Thales Sentinel Protection Installer CVE-2021-42807 RESERVED CVE-2021-42806 RESERVED CVE-2021-42805 RESERVED CVE-2021-42804 RESERVED CVE-2021-42803 RESERVED CVE-2021-42802 RESERVED CVE-2021-42801 RESERVED CVE-2021-42800 RESERVED CVE-2021-42799 RESERVED CVE-2021-42798 RESERVED CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Stud ...) NOT-FOR-US: AVEVA CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly In ...) NOT-FOR-US: AVEVA CVE-2021-42795 RESERVED CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) v ...) NOT-FOR-US: AVEVA CVE-2021-42793 REJECTED CVE-2021-42792 REJECTED CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...) NOT-FOR-US: VeridiumID CVE-2021-42790 RESERVED CVE-2021-42789 RESERVED CVE-2021-42788 RESERVED CVE-2021-42787 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-42786 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...) NOT-FOR-US: TightVNC Viewer CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...) NOT-FOR-US: D-Link CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...) NOT-FOR-US: D-Link CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...) {DLA-3463-1} - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448 NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0) CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...) {DLA-3463-1} - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439 NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1) CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...) {DLA-3463-1} - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139 CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...) {DLA-3463-1} - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086 CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...) - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [buster] - opensc (Vulnerable code introduced later) [stretch] - opensc (Vulnerable code introduced later) NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083 CVE-2021-42777 (Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mo ...) NOT-FOR-US: Stimulsoft CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...) NOT-FOR-US: CloverDX Server CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...) {DSA-5018-1 DLA-2790-1} - python-babel 2.8.0+dfsg.1-7 (bug #987824) NOTE: https://www.tenable.com/security/research/tra-2021-14 NOTE: https://github.com/python-babel/babel/pull/782 CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...) NOT-FOR-US: OPNsense CVE-2021-42769 RESERVED CVE-2021-42768 RESERVED CVE-2021-42767 (A directory traversal vulnerability in the apoc plugins in Neo4J Graph ...) NOT-FOR-US: neo4j-apoc-procedures CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...) NOT-FOR-US: Couchbase Server CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479 NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q CVE-2021-42761 (A conditionfor sessionfixation vulnerability [CWE-384] in the session ...) NOT-FOR-US: Fortinet CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...) NOT-FOR-US: FortiGuard CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...) NOT-FOR-US: FortiGuard CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...) NOT-FOR-US: FortiGuard CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...) NOT-FOR-US: FortiGuard CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities[CWE-121] in the p ...) NOT-FOR-US: Fortinet CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitc ...) NOT-FOR-US: Fortinet CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...) NOT-FOR-US: Fortiguard CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...) NOT-FOR-US: FortiGuard CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-42751 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) NOT-FOR-US: ThingsBoard CVE-2021-42750 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) NOT-FOR-US: ThingsBoard CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...) NOT-FOR-US: Beaver CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...) NOT-FOR-US: Beaver CVE-2021-42747 RESERVED CVE-2021-42745 RESERVED CVE-2021-3895 RESERVED CVE-2021-23192 (A flaw was found in the way samba implemented DCE/RPC. If a client to ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Vulnerable code introduced later) [stretch] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875 NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...) NOT-FOR-US: SugarCRM CVE-2020-36500 RESERVED CVE-2020-36499 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) NOT-FOR-US: TAO Open Source Assessment Platform CVE-2020-36498 (Macrob7 Macs Framework Content Management System - 1.14f contains a cr ...) NOT-FOR-US: Macrob7 Macs Framework Content Management System CVE-2020-36497 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36496 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36495 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36494 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36493 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36492 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36491 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] - rust-chrono 0.4.22-1 (bug #996913) [bullseye] - rust-chrono (Minor issue) [buster] - rust-chrono (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html NOTE: https://github.com/chronotope/chrono/issues/499 CVE-2021-42742 RESERVED CVE-2021-42741 RESERVED CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...) - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418) NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3) CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...) {DSA-5096-1 DLA-2941-1 DLA-2843-1} - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 NOTE: https://seclists.org/oss-sec/2021/q2/46 NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-42736 RESERVED CVE-2021-42735 (Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by ...) NOT-FOR-US: Adobe CVE-2021-42734 (Adobe Photoshop version 22.5.1 and earlierversionsare affected by an o ...) NOT-FOR-US: Adobe CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...) NOT-FOR-US: Adobe CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788)) NOT-FOR-US: Adobe CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...) NOT-FOR-US: Adobe CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-42729 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-42728 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...) NOT-FOR-US: Adobe CVE-2021-42727 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...) NOT-FOR-US: Adobe CVE-2021-42726 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-42725 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-42724 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-42723 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-42722 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-42721 (Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after ...) NOT-FOR-US: Adobe CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-42718 RESERVED CVE-2021-3894 REJECTED CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...) {DSA-5023-1 DLA-3031-1} - modsecurity 3.0.6-1 [bullseye] - modsecurity (Minor issue; does not have connector packages in Debian) [buster] - modsecurity (Minor issue; does not have connector packages in Debian) - modsecurity-apache 2.9.5-1 NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5) NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6) CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...) - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014532) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Vulnerable code introduced later) [buster] - libstb (Vulnerable code introduced later) NOTE: https://github.com/nothings/stb/issues/1166 NOTE: https://github.com/nothings/stb/issues/1225 NOTE: https://github.com/nothings/stb/pull/1223 NOTE: 16-bin PNM support was added in NOTE: https://github.com/nothings/stb/commit/8befa752b005da174b2429c1ffaafffe452b2997 CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...) {DLA-3305-1} - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014532) [bookworm] - libstb (Minor issue) [bullseye] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/1224 NOTE: https://github.com/nothings/stb/pull/1223 CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...) NOT-FOR-US: Splashtop Remote Client CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...) NOT-FOR-US: Splashtop Remote Client CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...) NOT-FOR-US: Splashtop Streamer CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...) NOT-FOR-US: Barracuda Network Access Client CVE-2021-42710 RESERVED CVE-2021-42709 RESERVED CVE-2021-42708 RESERVED CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...) NOT-FOR-US: PLC Editor CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...) NOT-FOR-US: Advantech CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) NOT-FOR-US: PLC Editor CVE-2021-42704 (Inkscape version 0.91 is vulnerable to an out-of-bounds write, which m ...) - inkscape 1.0-1 (unimportant) NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) NOTE: oob read/crash in GUI tool, no security impact CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) NOT-FOR-US: Advantech CVE-2021-42702 (Inkscape version 0.91 can access an uninitialized pointer, which may a ...) - inkscape 1.0-1 (unimportant) NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) NOTE: oob read/crash in GUI tool, no security impact CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) NOT-FOR-US: AzeoTech CVE-2021-42700 (Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow ...) - inkscape 1.0-1 (unimportant) NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) NOTE: oob read/crash in GUI tool, no security impact CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...) NOT-FOR-US: AzeoTech CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...) NOT-FOR-US: AzeoTech CVE-2021-42697 (Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter ...) NOT-FOR-US: Akka HTTP CVE-2021-42696 RESERVED CVE-2021-42695 RESERVED CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...) NOT-FOR-US: Unicode spec CVE-2021-42693 RESERVED CVE-2021-42692 (There is a stack-overflow vulnerability in tinytoml v0.4 that can caus ...) NOT-FOR-US: mayah/tinytoml CVE-2021-42691 RESERVED CVE-2021-42690 RESERVED CVE-2021-42689 RESERVED CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...) NOT-FOR-US: Accops HyWorks Windows Client CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) NOT-FOR-US: Accops HyWorks Windows Client CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...) NOT-FOR-US: Accops HyWorks Windows Client CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) NOT-FOR-US: Accops HyWorks DVM Tools CVE-2021-42684 RESERVED CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) NOT-FOR-US: Accops HyWorks Windows Client CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) NOT-FOR-US: Accops HyWorks DVM Tools CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...) NOT-FOR-US: Accops HyWorks DVM Tools CVE-2021-42680 RESERVED CVE-2021-42679 RESERVED CVE-2021-42678 RESERVED CVE-2021-42677 RESERVED CVE-2021-42676 RESERVED CVE-2021-42675 (Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the ...) NOT-FOR-US: Kreado Kreasfero CVE-2021-42674 RESERVED CVE-2021-42673 RESERVED CVE-2021-42672 RESERVED CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...) NOT-FOR-US: Sourcecodester CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...) NOT-FOR-US: Sourcecodester CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...) NOT-FOR-US: Sourcecodester CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) NOT-FOR-US: Sourcecodester CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...) NOT-FOR-US: Sourcecodester CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) NOT-FOR-US: Sourcecodester CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...) NOT-FOR-US: Sourcecodester CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...) NOT-FOR-US: Sourcecodester CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...) NOT-FOR-US: Sourcecodester CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester CVE-2021-42661 RESERVED CVE-2021-42660 RESERVED CVE-2021-42659 (There is a buffer overflow vulnerability in the Web server httpd of th ...) NOT-FOR-US: Tenda CVE-2021-42658 RESERVED CVE-2021-42657 RESERVED CVE-2021-42656 (SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vu ...) NOT-FOR-US: SiteServer CMS CVE-2021-42655 (SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.) NOT-FOR-US: SiteServer CMS CVE-2021-42654 (SiteServer CMS < V5.1 is affected by an unrestricted upload of a file ...) NOT-FOR-US: SiteServer CMS CVE-2021-42653 RESERVED CVE-2021-42652 RESERVED CVE-2021-42651 (A Server Side Template Injection (SSTI) vulnerability in Pentest-Colla ...) NOT-FOR-US: Pentest-Collaboration-Framework CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) NOT-FOR-US: Portainer CVE-2021-42649 RESERVED CVE-2021-42648 (Cross-site scripting (XSS) vulnerability exists in Coder Code-Server b ...) NOT-FOR-US: code-server CVE-2021-42647 RESERVED CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based service prov ...) NOT-FOR-US: carbon-identity-framework CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...) NOT-FOR-US: CMSimple CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...) NOT-FOR-US: CmsEasy CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...) NOT-FOR-US: CmsEasy CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42636 RESERVED CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42634 RESERVED CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42632 RESERVED CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42630 RESERVED CVE-2021-42629 RESERVED CVE-2021-42628 RESERVED CVE-2021-42627 (The WAN configuration page "wan.htm" on D-Link DIR-615 devices with fi ...) NOT-FOR-US: D-Link CVE-2021-42626 RESERVED CVE-2021-42625 RESERVED CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...) NOT-FOR-US: Miniftpd CVE-2021-42623 RESERVED CVE-2021-42622 RESERVED CVE-2021-42621 RESERVED CVE-2021-42620 RESERVED CVE-2021-42619 RESERVED CVE-2021-42618 RESERVED CVE-2021-42617 RESERVED CVE-2021-42616 RESERVED CVE-2021-42615 RESERVED CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...) - halibut 1.3-1 [bullseye] - halibut (Minor issue) [buster] - halibut (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...) - halibut 1.3-1 [bullseye] - halibut (Minor issue) [buster] - halibut (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an ...) - halibut 1.3-1 [bullseye] - halibut (Minor issue) [buster] - halibut (Minor issue) NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) CVE-2021-42611 RESERVED CVE-2021-42610 RESERVED CVE-2021-42609 RESERVED CVE-2021-42608 RESERVED CVE-2021-42607 RESERVED CVE-2021-42606 RESERVED CVE-2021-42605 RESERVED CVE-2021-42604 RESERVED CVE-2021-42603 RESERVED CVE-2021-42602 RESERVED CVE-2021-42601 RESERVED CVE-2021-42600 RESERVED CVE-2021-42599 RESERVED CVE-2021-42598 RESERVED CVE-2021-42597 (A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester St ...) NOT-FOR-US: Sourcecodester Storage Unit Rental Management System CVE-2021-42596 RESERVED CVE-2021-42595 RESERVED CVE-2021-42594 RESERVED CVE-2021-42593 RESERVED CVE-2021-42592 RESERVED CVE-2021-42591 RESERVED CVE-2021-42590 RESERVED CVE-2021-42589 RESERVED CVE-2021-42588 RESERVED CVE-2021-42587 RESERVED CVE-2021-42586 (A heap buffer overflow was discovered in copy_bytes in decode_r2007.c ...) - libredwg (bug #595191) CVE-2021-42585 (A heap buffer overflow was discovered in copy_compressed_bytes in deco ...) - libredwg (bug #595191) CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...) NOT-FOR-US: Convos-Chat CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...) NOT-FOR-US: Max Mazurov Maddy CVE-2021-42582 RESERVED CVE-2021-42581 (Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earl ...) NOTE: Disputed issue against Node ramda NOTE: https://github.com/ramda/ramda/pull/3192 NOTE: https://jsfiddle.net/3pomzw5g/2/ NOTE: http://link.fourwindssoft.com/52 NOTE: http://link.fourwindssoft.com/53 CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...) NOT-FOR-US: Sourcecodester CVE-2021-42579 RESERVED CVE-2021-42578 RESERVED CVE-2021-42577 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malfo ...) NOT-FOR-US: Softing OPC UA C++ SDK CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...) - golang-github-microcosm-cc-bluemonday 1.0.16-1 [bullseye] - golang-github-microcosm-cc-bluemonday (Minor issue) NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/ CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...) NOT-FOR-US: OWASP HTML Sanitizer CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...) - rustc 1.57.0+dfsg1-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1 NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1) NOTE: Negligle security impact CVE-2021-42573 RESERVED CVE-2021-42572 RESERVED CVE-2021-42571 RESERVED CVE-2021-42570 RESERVED CVE-2021-42569 RESERVED CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) NOT-FOR-US: Sonatype CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...) NOT-FOR-US: Apereo CAS CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter.) NOT-FOR-US: myfactory.FMS CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter.) NOT-FOR-US: myfactory.FMS CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...) NOT-FOR-US: Cryptshare Server CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) NOT-FOR-US: NI Service Locator CVE-2021-3893 REJECTED CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...) NOT-FOR-US: CALDERA CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...) NOT-FOR-US: CALDERA CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...) NOT-FOR-US: CALDERA CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...) NOT-FOR-US: CALDERA CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...) NOT-FOR-US: CALDERA CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...) NOT-FOR-US: Jeedom CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) NOT-FOR-US: Rasa X CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...) NOT-FOR-US: Pexip Infinity CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...) NOT-FOR-US: Insyde CVE-2021-3892 REJECTED CVE-2021-26247 (As an unauthenticated remote user, visit "http:///auth_c ...) - cacti 0.8.7i-1 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h) NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816 NOTE: https://github.com/Cacti/cacti/issues/1882 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) {DLA-2965-1} - cacti 1.2.1+ds1-1 NOTE: https://github.com/Cacti/cacti/issues/1882 NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection NOTE: input (not output) validation not addressed, malicious username still can be created after fix CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...) NOT-FOR-US: Intel CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...) NOT-FOR-US: Intel CVE-2022-0003 RESERVED CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...) {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} - linux 5.16.12-1 NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html CVE-2022-0001 (Non-transparent sharing of branch predictor selectors between contexts ...) {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} - linux 5.16.12-1 NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html CVE-2021-42553 (A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectro ...) NOT-FOR-US: STMicroelectronics CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient al ...) NOT-FOR-US: ArchivistaBox CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...) NOT-FOR-US: AlCoda NetBiblio WebOPAC CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...) NOT-FOR-US: WordPress plugin CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...) NOT-FOR-US: WordPress plugin CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...) NOT-FOR-US: WordPress plugin CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...) NOT-FOR-US: WordPress plugin CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42543 (The affected application uses specific functions that could be abused ...) NOT-FOR-US: AzeoTech CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) NOT-FOR-US: Emerson CVE-2021-42541 RESERVED CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...) NOT-FOR-US: Emerson CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...) NOT-FOR-US: Emerson CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...) NOT-FOR-US: Emerson CVE-2021-42537 (VISAM VBASE version 11.6.0.6 processes an XML document that can contai ...) NOT-FOR-US: VISAM CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...) NOT-FOR-US: Emerson CVE-2021-42535 (VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutra ...) NOT-FOR-US: VISAM CVE-2021-42534 (The affected product\u2019s web application does not properly neutrali ...) NOT-FOR-US: Trane CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...) NOT-FOR-US: Adobe CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://github.com/adobe/XMP-Toolkit-SDK/compare/v2021.07...v2021.08 CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html NOTE: https://github.com/adobe/XMP-Toolkit-SDK/commit/16e53564ae6c2689387479c04770f492075d5b7b (v2021.08) NOTE: https://cgit.freedesktop.org/exempi/commit/?h=adobe-sdk&id=16e53564ae6c2689387479c04770f492075d5b7b (2.6.0) CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2021-3891 RESERVED CVE-2021-3890 RESERVED CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset) - libmobi (Fixed before initial upload to Debian) NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset) - libmobi (Fixed before initial upload to Debian) NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/ NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8) CVE-2021-3887 REJECTED CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java, there i ...) NOT-FOR-US: Android CVE-2022-20610 (In cellular modem firmware, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2022-20609 (In Pixel cellular firmware, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2022-20608 (In Pixel cellular firmware, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2022-20607 (In the Pixel cellular firmware, there is a possible out of bounds writ ...) NOT-FOR-US: Android CVE-2022-20606 (In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there ...) NOT-FOR-US: Android CVE-2022-20605 (In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20604 (In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possi ...) NOT-FOR-US: Android CVE-2022-20603 (In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2022-20602 (Product: AndroidVersions: Android kernelAndroid ID: A-211081867Referen ...) NOT-FOR-US: Android CVE-2022-20601 (Product: AndroidVersions: Android kernelAndroid ID: A-204541506Referen ...) NOT-FOR-US: Android CVE-2022-20600 (In TBD of TBD, there is a possible out of bounds write due to memory c ...) NOT-FOR-US: Android CVE-2022-20599 (In Pixel firmware, there is a possible exposure of sensitive memory du ...) NOT-FOR-US: Android CVE-2022-20598 (In sec_media_protect of media.c, there is a possible EoP due to an int ...) NOT-FOR-US: Android CVE-2022-20597 (In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer ove ...) NOT-FOR-US: Android CVE-2022-20596 (In sendChunk of WirelessCharger.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2022-20595 (In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a poss ...) NOT-FOR-US: Android CVE-2022-20594 (In updateStart of WirelessCharger.cpp, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2022-20593 (In pop_descriptor_string of BufferDescriptor.h, there is a possible ou ...) NOT-FOR-US: Android CVE-2022-20592 (In ppmp_validate_secbuf of drm_fw.c, there is a possible information d ...) NOT-FOR-US: Android CVE-2022-20591 (In ppmpu_set of ppmpu.c, there is a possible information disclosure du ...) NOT-FOR-US: Android CVE-2022-20590 (In valid_va_sec_mfc_check of drm_access_control.c, there is a possible ...) NOT-FOR-US: Android CVE-2022-20589 (In valid_va_secbuf_check of drm_access_control.c, there is a possible ...) NOT-FOR-US: Android CVE-2022-20588 (In sysmmu_map of sysmmu.c, there is a possible EoP due to a preconditi ...) NOT-FOR-US: Android CVE-2022-20587 (In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to impro ...) NOT-FOR-US: Android CVE-2022-20586 (In valid_out_of_special_sec_dram_addr of drm_access_control.c, there i ...) NOT-FOR-US: Android CVE-2022-20585 (In valid_out_of_special_sec_dram_addr of drm_access_control.c, there i ...) NOT-FOR-US: Android CVE-2022-20584 (In page_number of shared_mem.c, there is a possible code execution in ...) NOT-FOR-US: Android CVE-2022-20583 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20582 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20581 (In the Pixel camera driver, there is a possible use after free due to ...) NOT-FOR-US: Android CVE-2022-20580 (In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-20579 (In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there ...) NOT-FOR-US: Android CVE-2022-20578 (In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there i ...) NOT-FOR-US: Android CVE-2022-20577 (In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2022-20576 (In externalOnRequest of rilapplication.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2022-20575 (In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2022-20574 (In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2022-20573 RESERVED CVE-2022-20572 (In verity_target of dm-verity-target.c, there is a possible way to mod ...) - linux 5.18.2-1 [bullseye] - linux 5.10.120-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 CVE-2022-20571 (In extract_metadata of dm-android-verity.c, there is a possible way to ...) NOT-FOR-US: Android CVE-2022-20570 (Product: AndroidVersions: Android kernelAndroid ID: A-230660904Referen ...) NOT-FOR-US: Android CVE-2022-20569 (In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a ...) NOT-FOR-US: Android CVE-2022-20568 (In (TBD) of (TBD), there is a possible way to corrupt kernel memory du ...) - linux 5.14.6-1 [bullseye] - linux 5.10.120-1 [buster] - linux (Vulnerable code introduced later) CVE-2022-20567 (In pppol2tp_create of l2tp_ppp.c, there is a possible use after free d ...) - linux 4.15.11-1 NOTE: https://git.kernel.org/linus/d02ba2a6110c530a32926af8ad441111774d2893 CVE-2022-20566 (In l2cap_chan_put of l2cap_core, there is a possible use after free du ...) - linux 5.18.16-1 [bullseye] - linux 5.10.136-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/d0be8347c623e0ac4202a1d4e0373882821f56b0 CVE-2022-20565 RESERVED CVE-2022-20564 (In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20563 (In TBD of ufdt_convert, there is a possible out of bounds read due to ...) NOT-FOR-US: Android CVE-2022-20562 (In various functions of ap_input_processor.c, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20561 (In TBD of aud_hal_tunnel.c, there is a possible memory corruption due ...) NOT-FOR-US: Android CVE-2022-20560 (Product: AndroidVersions: Android kernelAndroid ID: A-212623833Referen ...) NOT-FOR-US: Android CVE-2022-20559 (In revokeOwnPermissionsOnKill of PermissionManager.java, there is a po ...) NOT-FOR-US: Android CVE-2022-20558 (In registerReceivers of DeviceCapabilityListener.java, there is a poss ...) NOT-FOR-US: Android CVE-2022-20557 (In MessageQueueBase of MessageQueueBase.h, there is a possible out of ...) NOT-FOR-US: Android CVE-2022-20556 (In launchConfigNewNetworkFragment of NetworkProviderSettings.java, the ...) NOT-FOR-US: Android CVE-2022-20555 (In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2022-20554 (In removeEventHubDevice of InputDevice.cpp, there is a possible OOB re ...) NOT-FOR-US: Android CVE-2022-20553 (In onCreate of LogAccessDialogActivity.java, there is a possible way t ...) NOT-FOR-US: Android CVE-2022-20552 (In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possi ...) NOT-FOR-US: Android CVE-2022-20551 (In createTrack of AudioFlinger.cpp, there is a possible way to record ...) NOT-FOR-US: Android CVE-2022-20550 (In Multiple Locations, there is a possibility to launch arbitrary prot ...) NOT-FOR-US: Android CVE-2022-20549 (In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20548 (In setParameter of EqualizerEffect.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-20547 (In multiple functions of AdapterService.java, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20546 (In getCurrentConfigImpl of Effect.cpp, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2022-20545 (In bindArtworkAndColors of MediaControlPanel.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20544 (In onOptionsItemSelected of ManageApplications.java, there is a possib ...) NOT-FOR-US: Android CVE-2022-20543 (In multiple locations, there is a possible display crash loop due to i ...) NOT-FOR-US: Android CVE-2022-20542 (In parseParamsBlob of types.cpp, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arb ...) NOT-FOR-US: Android CVE-2022-20539 (In parameterToHal of Effect.cpp, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2022-20538 (In getSmsRoleHolder of RoleService.java, there is a possible way to de ...) NOT-FOR-US: Android CVE-2022-20537 (In createDialog of WifiScanModeActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20536 (In registerBroadcastReceiver of RcsService.java, there is a possible w ...) NOT-FOR-US: Android CVE-2022-20535 (In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there i ...) NOT-FOR-US: Android CVE-2022-20534 RESERVED CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connect a ne ...) NOT-FOR-US: Android CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2022-20531 (In Telecom, there is a possible way to determine whether an app is ins ...) NOT-FOR-US: Android CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...) NOT-FOR-US: Android CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20528 (In findParam of HevcUtils.cpp there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2022-20527 (In HalCoreCallback of halcore.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2022-20526 (In CanvasContext::draw of CanvasContext.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2022-20525 (In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there ...) NOT-FOR-US: Android CVE-2022-20524 (In compose of Vibrator.cpp, there is a possible arbitrary code executi ...) NOT-FOR-US: Android CVE-2022-20523 (In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2022-20522 (In getSlice of ProviderModelSlice.java, there is a missing permission ...) NOT-FOR-US: Android CVE-2022-20521 (In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a po ...) NOT-FOR-US: Android CVE-2022-20520 (In onCreate of various files, there is a possible tapjacking/overlay a ...) NOT-FOR-US: Android CVE-2022-20519 (In onCreate of AddAppNetworksActivity.java, there is a possible way fo ...) NOT-FOR-US: Android CVE-2022-20518 (In query of MmsSmsProvider.java, there is a possible access to restric ...) NOT-FOR-US: Android CVE-2022-20517 (In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20516 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible ...) NOT-FOR-US: Android CVE-2022-20515 (In onPreferenceClick of AccountTypePreferenceLoader.java, there is a p ...) NOT-FOR-US: Android CVE-2022-20514 (In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and r ...) NOT-FOR-US: Android CVE-2022-20513 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2022-20512 (In navigateUpTo of Task.java, there is a possible way to launch an int ...) NOT-FOR-US: Android CVE-2022-20511 (In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, the ...) NOT-FOR-US: Android CVE-2022-20510 (In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService. ...) NOT-FOR-US: Android CVE-2022-20509 (In mapGrantorDescr of MessageQueueBase.h, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20508 (In onAttach of ConfigureWifiSettings.java, there is a possible way for ...) NOT-FOR-US: Android CVE-2022-20507 (In onMulticastListUpdateNotificationReceived of UwbEventManager.java, ...) NOT-FOR-US: Android CVE-2022-20506 (In onCreate of WifiDialogActivity.java, there is a missing permission ...) NOT-FOR-US: Android CVE-2022-20505 (In openFile of CallLogProvider.java, there is a possible permission by ...) NOT-FOR-US: Android CVE-2022-20504 (In multiple locations of DreamManagerService.java, there is a missing ...) NOT-FOR-US: Android CVE-2022-20503 (In onCreate of WifiDppConfiguratorActivity.java, there is a possible w ...) NOT-FOR-US: Android CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible us ...) NOT-FOR-US: Android CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is a possib ...) NOT-FOR-US: Android CVE-2022-20500 (In loadFromXml of ShortcutPackage.java, there is a possible crash on b ...) NOT-FOR-US: Android CVE-2022-20499 (In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught e ...) NOT-FOR-US: Android CVE-2022-20498 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-20497 (In updatePublicMode of NotificationLockscreenUserManagerImpl.java, the ...) NOT-FOR-US: Android CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a possibility of ...) NOT-FOR-US: Android CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.java, th ...) NOT-FOR-US: Android CVE-2022-20494 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible pers ...) NOT-FOR-US: Android CVE-2022-20493 (In Condition of Condition.java, there is a possible way to grant notif ...) NOT-FOR-US: Android CVE-2022-20492 (In many functions of AutomaticZenRule.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20490 (In multiple functions of AutomaticZenRule.java, there is a possible fa ...) NOT-FOR-US: Android CVE-2022-20489 (In many functions of AutomaticZenRule.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20487 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20486 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20485 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20484 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20483 (In several functions that parse avrc response in avrc_pars_ct.cc and r ...) NOT-FOR-US: Android CVE-2022-20482 (In createNotificationChannel of NotificationManager.java, there is a p ...) NOT-FOR-US: Android CVE-2022-20481 (In multiple files, there is a possible way to preserve WiFi settings d ...) NOT-FOR-US: Android CVE-2022-20480 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20479 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20478 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20477 (In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt ...) NOT-FOR-US: Android CVE-2022-20476 (In setEnabledSetting of PackageManager.java, there is a possible way t ...) NOT-FOR-US: Android CVE-2022-20475 (In test of ResetTargetTaskHelper.java, there is a possible hijacking o ...) NOT-FOR-US: Android CVE-2022-20474 (In readLazyValue of Parcel.java, there is a possible loading of arbitr ...) NOT-FOR-US: Android CVE-2022-20473 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20472 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20471 (In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20470 (In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a pos ...) NOT-FOR-US: Android CVE-2022-20469 (In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20468 (In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2022-20467 (In isBluetoothShareUri of BluetoothOppUtility.java, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20466 (In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, t ...) NOT-FOR-US: Android CVE-2022-20465 (In dismiss and related functions of KeyguardHostViewController.java an ...) NOT-FOR-US: Android CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20463 REJECTED CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20461 (In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cp ...) NOT-FOR-US: Android CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...) NOT-FOR-US: Google Pixel CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...) NOT-FOR-US: Google Pixel CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier should ...) NOT-FOR-US: Android CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...) NOT-FOR-US: Android CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...) NOT-FOR-US: Android CVE-2022-20455 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible pers ...) NOT-FOR-US: Android CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2022-20453 (In update of MmsProvider.java, there is a possible constriction of dir ...) NOT-FOR-US: Android CVE-2022-20452 (In initializeFromParcelLocked of BaseBundle.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20450 (In restorePermissionState of PermissionManagerServiceImpl.java, there ...) NOT-FOR-US: Android CVE-2022-20449 (In writeApplicationRestrictionsLAr of UserManagerService.java, there i ...) NOT-FOR-US: Android CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a ...) NOT-FOR-US: Android CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a possible ...) NOT-FOR-US: Android CVE-2022-20444 REJECTED CVE-2022-20443 (In hasInputInfo of Layer.cpp, there is a possible bypass of user inter ...) NOT-FOR-US: Android CVE-2022-20442 (In onCreate of ReviewPermissionsActivity.java, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to launch an une ...) NOT-FOR-US: Android CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...) NOT-FOR-US: Android CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local ...) NOT-FOR-US: Android CVE-2022-20438 (In Messaging, There has unauthorized broadcast, this could cause Local ...) NOT-FOR-US: Android CVE-2022-20437 (In Messaging, There has unauthorized broadcast, this could cause Local ...) NOT-FOR-US: Android CVE-2022-20436 (There is an unauthorized service in the system service. Since the comp ...) NOT-FOR-US: Android CVE-2022-20435 (There is a Unauthorized service in the system service, may cause the s ...) NOT-FOR-US: Android CVE-2022-20434 (There is an missing authorization issue in the system service. Since t ...) NOT-FOR-US: Android CVE-2022-20433 (There is an missing authorization issue in the system service. Since t ...) NOT-FOR-US: Android CVE-2022-20432 (There is an missing authorization issue in the system service. Since t ...) NOT-FOR-US: Android CVE-2022-20431 (There is an missing authorization issue in the system service. Since t ...) NOT-FOR-US: Android CVE-2022-20430 (There is an missing authorization issue in the system service. Since t ...) NOT-FOR-US: Android CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...) NOT-FOR-US: Android CVE-2022-20428 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Google Pixel CVE-2022-20427 (In (TBD) of (TBD), there is a possible way to corrupt memory due to im ...) NOT-FOR-US: Google Pixel CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...) NOT-FOR-US: Android CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2022-20424 REJECTED CVE-2022-20423 (In rndis_set_response of rndis.c, there is a possible out of bounds wr ...) - linux 5.16.18-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17) CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a possible w ...) {DLA-3173-1} - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1) CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way to cor ...) {DSA-5257-1 DLA-3173-1} - linux 5.19.11-1 [buster] - linux 4.19.260-1 NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://git.kernel.org/linus/a0e44c64b6061dda7e00b7c458e4523e2331b739 (6.0-rc4) CVE-2022-20420 (In getBackgroundRestrictionExemptionReason of AppRestrictionController ...) NOT-FOR-US: Android CVE-2022-20419 (In setOptions of ActivityRecord.java, there is a possible load any arb ...) NOT-FOR-US: Android CVE-2022-20418 (In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2022-20417 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...) NOT-FOR-US: Android CVE-2022-20414 (In setImpl of AlarmManagerService.java, there is a possible way to put ...) NOT-FOR-US: Android CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...) NOT-FOR-US: Android CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...) NOT-FOR-US: Android CVE-2022-20411 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to corrupt m ...) - linux 5.14.6-1 [bullseye] - linux 5.10.136-1 [buster] - linux (Vulnerable code not present) NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) NOT-FOR-US: Android CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...) NOT-FOR-US: Android CVE-2022-20406 (Product: AndroidVersions: Android kernelAndroid ID: A-184676385Referen ...) NOT-FOR-US: Android CVE-2022-20405 (Product: AndroidVersions: Android kernelAndroid ID: A-216363416Referen ...) NOT-FOR-US: Android CVE-2022-20404 (Product: AndroidVersions: Android kernelAndroid ID: A-205714161Referen ...) NOT-FOR-US: Android CVE-2022-20403 (Product: AndroidVersions: Android kernelAndroid ID: A-207975764Referen ...) NOT-FOR-US: Android CVE-2022-20402 (Product: AndroidVersions: Android kernelAndroid ID: A-218701042Referen ...) NOT-FOR-US: Android CVE-2022-20401 (In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a pos ...) NOT-FOR-US: Android CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possible acce ...) NOT-FOR-US: Android CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...) NOT-FOR-US: Android CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...) NOT-FOR-US: Android CVE-2022-20394 (In getInputMethodWindowVisibleHeight of InputMethodManagerService.java ...) NOT-FOR-US: Android CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...) NOT-FOR-US: Android CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...) NOT-FOR-US: Android CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000) NOT-FOR-US: Android CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002) NOT-FOR-US: Android CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004) NOT-FOR-US: Android CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323) NOT-FOR-US: Android CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324) NOT-FOR-US: Android CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328) NOT-FOR-US: Android CVE-2022-20385 (a function called 'nla_parse', do not check the len of para, it will c ...) NOT-FOR-US: Android CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...) NOT-FOR-US: Android CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...) NOT-FOR-US: Android CVE-2022-20382 (In (TBD) of (TBD), there is a possible out of bounds write due to kern ...) NOT-FOR-US: Android CVE-2022-20381 (Product: AndroidVersions: Android kernelAndroid ID: A-188935887Referen ...) NOT-FOR-US: Android CVE-2022-20380 (Product: AndroidVersions: Android kernelAndroid ID: A-212625740Referen ...) NOT-FOR-US: Android CVE-2022-20379 (In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary c ...) NOT-FOR-US: Android CVE-2022-20378 (Product: AndroidVersions: Android kernelAndroid ID: A-234657153Referen ...) NOT-FOR-US: Android CVE-2022-20377 (In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, ...) NOT-FOR-US: Android CVE-2022-20376 (In trusty_log_seq_start of trusty-log.c, there is a possible use after ...) NOT-FOR-US: Android CVE-2022-20375 (In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out o ...) NOT-FOR-US: Android CVE-2022-20374 REJECTED CVE-2022-20373 (In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible u ...) NOT-FOR-US: Android CVE-2022-20372 (In exynos5_i2c_irq of (TBD), there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2022-20371 (In dm_bow_dtr and related functions of dm-bow.c, there is a possible u ...) NOT-FOR-US: Android CVE-2022-20370 (Product: AndroidVersions: Android kernelAndroid ID: A-215730643Referen ...) NOT-FOR-US: Android CVE-2022-20369 (In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bou ...) {DLA-3245-1} - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 NOTE: https://git.kernel.org/linus/8310ca94075e784bbb06593cd6c068ee6b6e4ca6 (5.18-rc1) CVE-2022-20368 (Product: AndroidVersions: Android kernelAndroid ID: A-224546354Referen ...) - linux 5.16.18-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 NOTE: https://git.kernel.org/linus/c700525fcc06b05adfea78039de02628af79e07a (5.17) CVE-2022-20367 (In construct_transaction of lwis_ioctl.c, there is a possible out of b ...) NOT-FOR-US: Android CVE-2022-20366 (In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID: A-229632566Referen ...) NOT-FOR-US: Android CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds write due to ...) NOT-FOR-US: Android CVE-2022-20363 RESERVED CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerabil ...) NOT-FOR-US: Android CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...) NOT-FOR-US: Android CVE-2022-20359 REJECTED CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...) NOT-FOR-US: Android CVE-2022-20356 (In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, th ...) NOT-FOR-US: Android CVE-2022-20355 (In get of PacProxyService.java, there is a possible system service cra ...) NOT-FOR-US: Android CVE-2022-20354 (In onDefaultNetworkChanged of Vpn.java, there is a possible way to dis ...) NOT-FOR-US: Android CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a possib ...) NOT-FOR-US: Android CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...) NOT-FOR-US: Android CVE-2022-20351 (In queryInternal of CallLogProvider.java, there is a possible access t ...) NOT-FOR-US: Android CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) NOT-FOR-US: Android CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...) NOT-FOR-US: Android CVE-2022-20348 (In updateState of LocationServicesWifiScanningPreferenceController.jav ...) NOT-FOR-US: Android CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) NOT-FOR-US: Android CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, ther ...) NOT-FOR-US: Android CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible way to ...) NOT-FOR-US: Android CVE-2022-20343 RESERVED CVE-2022-20342 (In WiFi, there is a possible disclosure of WiFi password to the end us ...) NOT-FOR-US: Android CVE-2022-20341 (In ConnectivityService, there is a possible bypass of network permissi ...) NOT-FOR-US: Android CVE-2022-20340 (In SELinux policy, there is a possible way of inferring which websites ...) NOT-FOR-US: Android CVE-2022-20339 (In Android, there is a possible access of network neighbor table infor ...) NOT-FOR-US: Android CVE-2022-20338 (In HierarchicalUri.readFrom of Uri.java, there is a possible way to cr ...) NOT-FOR-US: Android CVE-2022-20337 RESERVED CVE-2022-20336 (In Settings, there is a possible installed application disclosure due ...) NOT-FOR-US: Android CVE-2022-20335 (In Wifi Slice, there is a possible way to adjust Wi-Fi settings even w ...) NOT-FOR-US: Android CVE-2022-20334 (In Bluetooth, there are possible process crashes due to dereferencing ...) NOT-FOR-US: Android CVE-2022-20333 (In Bluetooth, there is a possible crash due to a missing null check. T ...) NOT-FOR-US: Android CVE-2022-20332 (In PackageManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20331 (In the Framework, there is a possible way to enable a work profile wit ...) NOT-FOR-US: Android CVE-2022-20330 (In Bluetooth, there is a possible way to connect or disconnect bluetoo ...) NOT-FOR-US: Android CVE-2022-20329 (In Wifi, there is a possible way to enable Wifi without permissions du ...) NOT-FOR-US: Android CVE-2022-20328 (In PackageManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20327 (In Wi-Fi, there is a possible way to retrieve the WiFi SSID without lo ...) NOT-FOR-US: Android CVE-2022-20326 (In Telephony, there is a possible disclosure of SIM identifiers due to ...) NOT-FOR-US: Android CVE-2022-20325 (In Media, there is a possible code execution due to a use after free. ...) NOT-FOR-US: Android CVE-2022-20324 (In Framework, there is a possible way to determine whether an app is i ...) NOT-FOR-US: Android CVE-2022-20323 (In PackageManager, there is a possible package installation disclosure ...) NOT-FOR-US: Android CVE-2022-20322 (In PackageManager, there is a possible installed package disclosure du ...) NOT-FOR-US: Android CVE-2022-20321 (In Settings, there is a possible way for an application without permis ...) NOT-FOR-US: Android CVE-2022-20320 (In ActivityManager, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2022-20319 (In DreamServices, there is a possible way to launch arbitrary protecte ...) NOT-FOR-US: Android CVE-2022-20318 (In PackageInstaller, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2022-20317 (In SystemUI, there is a possible way to unexpectedly enable the extern ...) NOT-FOR-US: Android CVE-2022-20316 (In ContentResolver, there is a possible way to determine whether an ap ...) NOT-FOR-US: Android CVE-2022-20315 (In ActivityManager, there is a possible disclosure of installed packag ...) NOT-FOR-US: Android CVE-2022-20314 (In KeyChain, there is a possible spoof keychain chooser activity reque ...) NOT-FOR-US: Android CVE-2022-20313 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2022-20312 (In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address w ...) NOT-FOR-US: Android CVE-2022-20311 (In Telecomm, there is a possible disclosure of registered self managed ...) NOT-FOR-US: Android CVE-2022-20310 (In Telecomm, there is a possible disclosure of registered self managed ...) NOT-FOR-US: Android CVE-2022-20309 (In PackageInstaller, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2022-20308 (In hostapd, there is a possible insecure configuration due to an insec ...) NOT-FOR-US: Android (treating this android specific even hostapd mentioned, insecure configuration on Android) CVE-2022-20307 (In AlarmManagerService, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20306 (In Camera Provider HAL, there is a possible memory corruption due to a ...) NOT-FOR-US: Android CVE-2022-20305 (In ContentService, there is a possible disclosure of available account ...) NOT-FOR-US: Android CVE-2022-20304 (In Content, there is a possible way to determinate the user's account ...) NOT-FOR-US: Android CVE-2022-20303 (In ContentService, there is a possible way to determine if an account ...) NOT-FOR-US: Android CVE-2022-20302 (In Settings, there is a possible way to bypass factory reset protectio ...) NOT-FOR-US: Android CVE-2022-20301 (In Content, there is a possible way to check if an account exists on t ...) NOT-FOR-US: Android CVE-2022-20300 (In Content, there is a possible way to check if the given account exis ...) NOT-FOR-US: Android CVE-2022-20299 (In ContentService, there is a possible way to check if the given accou ...) NOT-FOR-US: Android CVE-2022-20298 (In ContentService, there is a possible way to check if an account exis ...) NOT-FOR-US: Android CVE-2022-20297 (In Settings, there is a possible way to bypass factory reset protectio ...) NOT-FOR-US: Android CVE-2022-20296 (In ContentService, there is a possible way to check if an account exis ...) NOT-FOR-US: Android CVE-2022-20295 (In ContentService, there is a possible way to check if an account exis ...) NOT-FOR-US: Android CVE-2022-20294 (In Content, there is a possible way to learn about an account present ...) NOT-FOR-US: Android CVE-2022-20293 (In LauncherApps, there is a possible way to determine whether an app i ...) NOT-FOR-US: Android CVE-2022-20292 (In Settings, there is a possible way to bypass factory reset protectio ...) NOT-FOR-US: Android CVE-2022-20291 (In AppOpsService, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20290 (In Midi, there is a possible way to learn about private midi devices d ...) NOT-FOR-US: Android CVE-2022-20289 (In PackageInstaller, there is a possible way to determine whether an a ...) NOT-FOR-US: Android CVE-2022-20288 (In AppSearchManagerService, there is a possible way to determine wheth ...) NOT-FOR-US: Android CVE-2022-20287 (In AppSearchManagerService, there is a possible way to determine wheth ...) NOT-FOR-US: Android CVE-2022-20286 (In Connectivity, there is a possible bypass the restriction of startin ...) NOT-FOR-US: Android CVE-2022-20285 (In PackageManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20284 (In Telephony, there is a possible information disclosure due to a miss ...) NOT-FOR-US: Android CVE-2022-20283 (In Bluetooth, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2022-20282 (In AppWidget, there is a possible way to start an activity from the ba ...) NOT-FOR-US: Android CVE-2022-20281 (In Core, there is a possible way to start an activity from the backgro ...) NOT-FOR-US: Android CVE-2022-20280 (In MMSProvider, there is a possible read of protected data due to impr ...) NOT-FOR-US: Android CVE-2022-20279 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20278 (In Accounts, there is a possible way to write sensitive information to ...) NOT-FOR-US: Android CVE-2022-20277 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20276 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20275 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20274 (In Keyguard, there is a missing permission check. This could lead to l ...) NOT-FOR-US: Android CVE-2022-20273 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...) NOT-FOR-US: Android CVE-2022-20272 (In PermissionController, there is a possible misunderstanding about th ...) NOT-FOR-US: Android CVE-2022-20271 (In PermissionController, there is a possible way to grant some permiss ...) NOT-FOR-US: Android CVE-2022-20270 (In Content, there is a possible way to learn gmail account name on the ...) NOT-FOR-US: Android CVE-2022-20269 (In Bluetooth, there is a possible out of bounds write due to an incorr ...) NOT-FOR-US: Android CVE-2022-20268 (In RestrictionsManager, there is a possible way to send a broadcast th ...) NOT-FOR-US: Android CVE-2022-20267 (In bluetooth, there is a possible way to enable or disable bluetooth c ...) NOT-FOR-US: Android CVE-2022-20266 (In Companion, there is a possible way to keep a service running with e ...) NOT-FOR-US: Android CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...) NOT-FOR-US: Android CVE-2022-20264 (In Usage Stats Service, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...) NOT-FOR-US: Android CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...) NOT-FOR-US: Android CVE-2022-20261 (In LocationManager, there is a possible way to get location informatio ...) NOT-FOR-US: Android CVE-2022-20260 (In the Phone app, there is a possible crash loop due to resource exhau ...) NOT-FOR-US: Android CVE-2022-20259 (In Telephony, there is a possible leak of ICCID and EID due to a missi ...) NOT-FOR-US: Android CVE-2022-20258 (In Bluetooth, there is a possible way to bypass compiler exploit mitig ...) NOT-FOR-US: Android CVE-2022-20257 (In Bluetooth, there is a possible way to pair a display only device wi ...) NOT-FOR-US: Android CVE-2022-20256 (In the Audio HAL, there is a possible out of bounds write due to a rac ...) NOT-FOR-US: Android CVE-2022-20255 (In SettingsProvider, there is a possible way to read or change the def ...) NOT-FOR-US: Android CVE-2022-20254 (In Wi-Fi, there is a permissions bypass. This could lead to local esca ...) NOT-FOR-US: Android CVE-2022-20253 (In Bluetooth, there is a possible cleanup failure due to an uncaught e ...) NOT-FOR-US: Android CVE-2022-20252 (In PackageManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20251 (In LocaleManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20250 (In Messaging, there is a possible way to attach files to a message wit ...) NOT-FOR-US: Android CVE-2022-20249 (In LocaleManager, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2022-20248 (In Settings, there is a possible way to connect to an open network byp ...) NOT-FOR-US: Android CVE-2022-20247 (In Media, there is a possible out of bounds read due to a heap buffer ...) NOT-FOR-US: Android CVE-2022-20246 (In WindowManager, there is a possible bypass of the restrictions for s ...) NOT-FOR-US: Android CVE-2022-20245 (In WindowManager, there is a possible method to create a recording of ...) NOT-FOR-US: Android CVE-2022-20244 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2022-20243 (In Core Utilities, there is a possible log information disclosure. Thi ...) NOT-FOR-US: Android CVE-2022-20242 (In Telephony, there is a possible way to determine whether an app is i ...) NOT-FOR-US: Android CVE-2022-20241 (In Messaging, there is a possible way to attach a private file to an S ...) NOT-FOR-US: Android CVE-2022-20240 (In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a p ...) NOT-FOR-US: Android CVE-2022-20239 (remap_pfn_range' here may map out of size kernel memory (for example, ...) NOT-FOR-US: Unisoc CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...) NOT-FOR-US: Unisoc CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...) NOT-FOR-US: Unisoc CVE-2022-20235 (The PowerVR GPU kernel driver maintains an "Information Page" used by ...) NOT-FOR-US: Android CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...) NOT-FOR-US: Android CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...) NOT-FOR-US: Google Pixel CVE-2022-20232 RESERVED CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible access ...) NOT-FOR-US: Android CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there i ...) NOT-FOR-US: Android CVE-2022-20228 (In various functions of C2DmaBufAllocator.cpp, there is a possible mem ...) NOT-FOR-US: Android CVE-2022-20227 (In USB driver, there is a possible out of bounds read due to a heap bu ...) NOTE: https://source.android.com/security/bulletin/2022-07-01 NOTE: Possibly a duplicate of CVE-2021-39685 and CVE-2022-25375, contacted Android Security Team CVE-2022-20226 (In finishDrawingWindow of WindowManagerService.java, there is a possib ...) NOT-FOR-US: Android CVE-2022-20225 (In getSubscriptionProperty of SubscriptionController.java, there is a ...) NOT-FOR-US: Android CVE-2022-20224 (In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2022-20223 (In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, th ...) NOT-FOR-US: Android CVE-2022-20222 (In read_attr_value of gatt_db.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2022-20221 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2022-20220 (In openFile of CallLogProvider.java, there is a possible permission by ...) NOT-FOR-US: Android CVE-2022-20219 (In multiple functions of StorageManagerService.java and UserManagerSer ...) NOT-FOR-US: Android CVE-2022-20218 (In PermissionController, there is a possible way to get and retain per ...) NOT-FOR-US: Android CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A third ...) NOT-FOR-US: Unisoc CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...) NOT-FOR-US: Unisoc CVE-2022-20215 (In onCreate of MasterClearConfirmFragment.java, there is a possible fa ...) NOT-FOR-US: Android CVE-2022-20214 (In Car Settings app, the toggle button in Modify system settings is vu ...) NOT-FOR-US: Android CVE-2022-20213 (In ApplicationsDetailsActivity of AndroidManifest.xml, there is a poss ...) NOT-FOR-US: Android CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...) NOT-FOR-US: Android CVE-2022-20211 RESERVED CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...) NOT-FOR-US: Unisoc components for Android CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...) NOT-FOR-US: Google Pixel CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...) NOT-FOR-US: Android CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...) NOT-FOR-US: Android CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...) NOT-FOR-US: Android CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...) NOT-FOR-US: Google Pixel CVE-2022-20203 (In multiple locations of the nanopb library, there is a possible way t ...) NOT-FOR-US: Android CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...) NOT-FOR-US: Google Pixel CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...) NOT-FOR-US: Google Pixel CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...) NOT-FOR-US: Android CVE-2022-20199 (In multiple locations of NfcService.java, there is a possible disclosu ...) NOT-FOR-US: Android CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...) NOT-FOR-US: Google Pixel CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to ...) NOT-FOR-US: Google Pixel CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...) NOT-FOR-US: Android CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission ...) NOT-FOR-US: Android CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...) NOT-FOR-US: Google Pixel CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...) NOT-FOR-US: Google Pixel CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20189 RESERVED CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20187 RESERVED CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...) NOT-FOR-US: Google Pixel CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...) NOT-FOR-US: Google Pixel CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...) NOT-FOR-US: Google Pixel CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...) NOT-FOR-US: Google Pixel CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20180 (In several functions of mali_gralloc_reference.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...) NOT-FOR-US: Google Pixel CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...) NOT-FOR-US: Google Pixel CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...) NOT-FOR-US: Google Pixel CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...) NOT-FOR-US: Google Pixel CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of ...) - linux 5.10.4-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1) CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...) NOT-FOR-US: Google Pixel CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20163 RESERVED CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...) NOT-FOR-US: Google Pixel CVE-2022-20161 RESERVED CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...) NOT-FOR-US: Google Pixel CVE-2022-20158 (In bdi_put and bdi_unregister of backing-dev.c, there is a possible me ...) - linux (Vulnerable code not present; specific to Android kernels) NOTE: https://source.android.com/security/bulletin/pixel/2022-08-01 NOTE: https://lore.kernel.org/all/YvYAmmaJgvydex4p@google.com/ CVE-2022-20157 RESERVED CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code ...) NOT-FOR-US: Google Pixel CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...) NOT-FOR-US: Google Pixel CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8) CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...) - linux 5.14.6-1 [bullseye] - linux 5.10.113-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1) CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...) NOT-FOR-US: Google Pixel CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20150 RESERVED CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...) NOT-FOR-US: Google Pixel CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...) - linux 5.15.3-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...) NOT-FOR-US: Google Pixel CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...) NOT-FOR-US: Android CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...) NOT-FOR-US: Android CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...) NOT-FOR-US: Android CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://source.android.com/security/bulletin/2022-06-01 NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1) CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2022-20139 RESERVED NOT-FOR-US: Android CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...) NOT-FOR-US: Android CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...) NOT-FOR-US: Android CVE-2022-20136 RESERVED CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...) NOT-FOR-US: Android CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible ...) NOT-FOR-US: Android CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 [stretch] - linux 4.9.303-1 NOTE: https://source.android.com/security/bulletin/2022-06-01 CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...) NOT-FOR-US: Android CVE-2022-20128 RESERVED [experimental] - android-platform-tools 33.0.3-1~exp1 - android-platform-tools 29.0.6-23 - android-platform-system-core [bullseye] - android-platform-system-core (Minor issue) [buster] - android-platform-system-core (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...) NOT-FOR-US: Android CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...) NOT-FOR-US: Android CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...) NOT-FOR-US: Android CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2022-20122 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...) NOT-FOR-US: Imagination Technologies CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...) NOT-FOR-US: Pixel CVE-2022-20120 (Product: AndroidVersions: Android kernelAndroid ID: A-203213034Referen ...) NOT-FOR-US: Pixel CVE-2022-20119 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...) NOT-FOR-US: Pixel CVE-2022-20118 (In ion_ioctl and related functions of ion.c, there is a possible use a ...) NOT-FOR-US: Pixel CVE-2022-20117 (In (TBD) of (TBD), there is a possible way to decrypt local data encry ...) NOT-FOR-US: Pixel CVE-2022-20116 (In onEntryUpdated of OngoingCallController.kt, it is possible to launc ...) NOT-FOR-US: Android CVE-2022-20115 (In broadcastServiceStateChanged of TelephonyRegistry.java, there is a ...) NOT-FOR-US: Android CVE-2022-20114 (In placeCall of TelecomManager.java, there is a possible way for an ap ...) NOT-FOR-US: Android CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.java, th ...) NOT-FOR-US: Android CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...) NOT-FOR-US: Android CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) - colord 1.4.6-1 (unimportant) NOTE: https://github.com/hughsie/colord/issues/110 NOTE: https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405 (1.4.6) NOTE: Memory leak in a system-local daemon, negligible security impact CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) - anjuta (unimportant) NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 NOTE: Memory leak in GUI application, no security impact CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...) - vtk9 9.1.0+really9.1.0+dfsg2-8 (bug #1031877) [bookworm] - vtk9 (Minor issue) [bullseye] - vtk9 (Minor issue) - vtk7 (bug #1034844) [bullseye] - vtk7 (Minor issue) [buster] - vtk7 (Minor issue) - vtk6 (bug #1034843) [bullseye] - vtk6 (Minor issue) [buster] - vtk6 (Minor issue) NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818 CVE-2021-42520 RESERVED CVE-2021-42519 RESERVED CVE-2021-42518 RESERVED CVE-2021-42517 RESERVED CVE-2021-42516 RESERVED CVE-2021-42515 RESERVED CVE-2021-42514 RESERVED CVE-2021-42513 RESERVED CVE-2021-42512 RESERVED CVE-2021-42511 RESERVED CVE-2021-42510 RESERVED CVE-2021-42509 RESERVED CVE-2021-42508 RESERVED CVE-2021-42507 RESERVED CVE-2021-42506 RESERVED CVE-2021-42505 RESERVED CVE-2021-42504 RESERVED CVE-2021-42503 RESERVED CVE-2021-42502 RESERVED CVE-2021-42501 RESERVED CVE-2021-42500 RESERVED CVE-2021-42499 RESERVED CVE-2021-42498 RESERVED CVE-2021-42497 RESERVED CVE-2021-42496 RESERVED CVE-2021-42495 RESERVED CVE-2021-42494 RESERVED CVE-2021-42493 RESERVED CVE-2021-42492 RESERVED CVE-2021-42491 RESERVED CVE-2021-42490 RESERVED CVE-2021-42489 RESERVED CVE-2021-42488 RESERVED CVE-2021-42487 RESERVED CVE-2021-42486 RESERVED CVE-2021-42485 RESERVED CVE-2021-42484 RESERVED CVE-2021-42483 RESERVED CVE-2021-42482 RESERVED CVE-2021-42481 RESERVED CVE-2021-42480 RESERVED CVE-2021-42479 RESERVED CVE-2021-42478 RESERVED CVE-2021-42477 RESERVED CVE-2021-42476 RESERVED CVE-2021-42475 RESERVED CVE-2021-42474 RESERVED CVE-2021-42473 RESERVED CVE-2021-42472 RESERVED CVE-2021-42471 RESERVED CVE-2021-42470 RESERVED CVE-2021-42469 RESERVED CVE-2021-42468 RESERVED CVE-2021-42467 RESERVED CVE-2021-42466 RESERVED CVE-2021-42465 RESERVED CVE-2021-42464 RESERVED CVE-2021-42463 RESERVED CVE-2021-42462 RESERVED CVE-2021-42461 RESERVED CVE-2021-42460 RESERVED CVE-2021-42459 RESERVED CVE-2021-42458 RESERVED CVE-2021-42457 RESERVED CVE-2021-42456 RESERVED CVE-2021-42455 RESERVED CVE-2021-42454 RESERVED CVE-2021-42453 RESERVED CVE-2021-42452 RESERVED CVE-2021-42451 RESERVED CVE-2021-42450 RESERVED CVE-2021-42449 RESERVED CVE-2021-42448 RESERVED CVE-2021-42447 RESERVED CVE-2021-42446 RESERVED CVE-2021-42445 RESERVED CVE-2021-42444 RESERVED CVE-2021-42443 RESERVED CVE-2021-42442 RESERVED CVE-2021-42441 RESERVED CVE-2021-42440 RESERVED CVE-2021-42439 RESERVED CVE-2021-42438 RESERVED CVE-2021-42437 RESERVED CVE-2021-42436 RESERVED CVE-2021-42435 RESERVED CVE-2021-42434 RESERVED CVE-2021-42433 RESERVED CVE-2021-42432 RESERVED CVE-2021-42431 RESERVED CVE-2021-42430 RESERVED CVE-2021-42429 RESERVED CVE-2021-42428 RESERVED CVE-2021-42427 RESERVED CVE-2021-42426 RESERVED CVE-2021-42425 RESERVED CVE-2021-42424 RESERVED CVE-2021-42423 RESERVED CVE-2021-42422 RESERVED CVE-2021-42421 RESERVED CVE-2021-42420 RESERVED CVE-2021-42419 RESERVED CVE-2021-42418 RESERVED CVE-2021-42417 RESERVED CVE-2021-42416 RESERVED CVE-2021-42415 RESERVED CVE-2021-42414 RESERVED CVE-2021-42413 RESERVED CVE-2021-42412 RESERVED CVE-2021-42411 RESERVED CVE-2021-42410 RESERVED CVE-2021-42409 RESERVED CVE-2021-42408 RESERVED CVE-2021-42407 RESERVED CVE-2021-42406 RESERVED CVE-2021-42405 RESERVED CVE-2021-42404 RESERVED CVE-2021-42403 RESERVED CVE-2021-42402 RESERVED CVE-2021-42401 RESERVED CVE-2021-42400 RESERVED CVE-2021-42399 RESERVED CVE-2021-42398 RESERVED CVE-2021-42397 RESERVED CVE-2021-42396 RESERVED CVE-2021-42395 RESERVED CVE-2021-42394 RESERVED CVE-2021-42393 RESERVED CVE-2020-36489 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...) NOT-FOR-US: Dropouts Technologies LLP Air Share CVE-2020-36488 (An issue in the FTP server of Sky File v2.1.0 allows attackers to perf ...) NOT-FOR-US: Sky File CVE-2020-36487 RESERVED CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...) {DSA-5076-1 DLA-2923-1} - h2database 2.1.210-1 (bug #1003894) NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7 NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when parsing ...) - clickhouse (Vulnerable code introduced later) NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec when pars ...) - clickhouse (Vulnerable code introduced later) NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when parsing a ...) - clickhouse (Vulnerable code introduced later) NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) {DLA-3176-1} - clickhouse 18.16.1+ds-7.3 (bug #1008216) [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) {DLA-3176-1} - clickhouse 18.16.1+ds-7.3 (bug #1008216) [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) - busybox 1:1.35.0-1 (bug #999567) [bullseye] - busybox (Minor issue) [buster] - busybox (Minor issue) [stretch] - busybox (CONFIG_HUSH is not set) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...) - busybox 1:1.35.0-1 (unimportant; bug #999567) [stretch] - busybox (CONFIG_HUSH is not set) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ NOTE: Crash in CLI tool, no security impact CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...) - busybox 1:1.35.0-1 (unimportant; bug #999567) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ NOTE: Crash in CLI tool, no security impact CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...) - busybox 1:1.35.0-1 (unimportant; bug #999567) [stretch] - busybox (Vulnerable code introduced later) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ NOTE: Crash in CLI tool with information leak NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0) NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...) - busybox 1:1.35.0-1 (unimportant; bug #999567) NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ NOTE: Crash in CLI tool, no security impact CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...) NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD ...) NOT-FOR-US: XoruX LPAR2RRD CVE-2021-42370 (A password mismanagement situation exists in XoruX LPAR2RRD and STOR2R ...) NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) NOT-FOR-US: Imagicle Application Suite CVE-2021-42368 RESERVED CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2021-42366 RESERVED CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...) NOT-FOR-US: WordPress plugin CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) NOT-FOR-US: WordPress plugin CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, \u2018admin-dismis ...) NOT-FOR-US: WP DSGVO Tools (GDPR) CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...) NOT-FOR-US: Apache Knox CVE-2021-42356 RESERVED CVE-2021-42355 RESERVED CVE-2021-42354 RESERVED CVE-2021-42353 RESERVED CVE-2021-42352 RESERVED CVE-2021-42351 RESERVED CVE-2021-42350 RESERVED CVE-2021-42349 RESERVED CVE-2021-42348 RESERVED CVE-2021-42347 RESERVED CVE-2020-36485 (Portable Ltd Playable v9.18 was discovered to contain an arbitrary fil ...) NOT-FOR-US: Portable Ltd Playable CVE-2021-42346 RESERVED CVE-2021-42345 RESERVED CVE-2021-42344 RESERVED CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...) - dask.distributed 2021.09.1+ds.1-2 [bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1 [buster] - dask.distributed (Minor issue; unreproducible with <2.0) NOTE: https://github.com/dask/distributed/pull/5427 NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr NOTE: Likely introduced in https://github.com/quasiben/distributed/commit/fd31ecca8017bae845a73d468de0376c02363fab (2.0.0) CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) NOT-FOR-US: Embedthis GoAhead CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) - openrc (Introduced in 0.44) NOTE: https://github.com/OpenRC/openrc/issues/459 NOTE: https://github.com/OpenRC/openrc/pull/462 NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 CVE-2021-3886 REJECTED CVE-2021-3885 REJECTED CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) {DSA-5009-1} - tomcat9 9.0.54-1 [buster] - tomcat9 (Vulnerable code introduced later) - tomcat8 [stretch] - tomcat8 (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1 NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54) NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72) NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak. CVE-2021-3884 REJECTED CVE-2021-3883 REJECTED CVE-2020-36484 RESERVED CVE-2020-36483 RESERVED CVE-2020-36482 RESERVED CVE-2020-36481 RESERVED CVE-2020-36480 RESERVED CVE-2020-36479 RESERVED CVE-2021-42339 RESERVED CVE-2021-42338 (4MOSAn GCB Doctor\u2019s login page has improper validation of Cookie, ...) NOT-FOR-US: 4MOSAn GCB Doctor CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...) NOT-FOR-US: AIFU cashier management salary CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...) NOT-FOR-US: Easytest CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...) NOT-FOR-US: Easytest CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...) NOT-FOR-US: Easytest CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...) NOT-FOR-US: Easytest CVE-2021-42332 (The \u201cList View\u201d function of ShinHer StudyOnline System is no ...) NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42331 (The \u201cStudy Edit\u201d function of ShinHer StudyOnline System does ...) NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42330 (The \u201cTeacher Edit\u201d function of ShinHer StudyOnline System do ...) NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42329 (The \u201cList_Add\u201d function of message board of ShinHer StudyOnl ...) NOT-FOR-US: ShinHer StudyOnline System CVE-2022-20111 (In ion, there is a possible use after free due to incorrect error hand ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20110 (In ion, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20109 (In ion, there is a possible use after free due to improper update of r ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20108 (In voice service, there is a possible out of bounds write due to a sta ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20107 (In subtitle service, there is a possible application crash due to an i ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20106 (In MM service, there is a possible out of bounds write due to a heap-b ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20105 (In MM service, there is a possible out of bounds write due to a stack- ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20104 (In aee daemon, there is a possible information disclosure due to impro ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20103 (In aee daemon, there is a possible information disclosure due to symbo ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20102 (In aee daemon, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20101 (In aee daemon, there is a possible information disclosure due to a pat ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20100 (In aee daemon, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20099 (In aee daemon, there is a possible out of bounds write due to improper ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20098 (In aee daemon, there is a possible information disclosure due to a mis ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20097 (In aee daemon, there is a possible information disclosure due to a rac ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20096 (In camera, there is a possible information disclosure due to uninitial ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20095 (In imgsensor, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20094 (In imgsensor, there is a possible out of bounds write due to an incorr ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20093 (In telephony, there is a possible way to disable receiving SMS message ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20092 (In alac decoder, there is a possible out of bounds read due to a missi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20091 (In aee driver, there is a possible use after free due to a race condit ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20090 (In aee driver, there is a possible use after free due to a race condit ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20089 (In aee driver, there is a possible memory corruption due to active deb ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20088 (In aee driver, there is a possible reference count mistake due to inco ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20087 (In ccu, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20086 RESERVED CVE-2022-20085 (In netdiag, there is a possible symbolic link following due to an impr ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20084 (In telephony, there is a possible way to disable receiving emergency b ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20083 (In Modem 2G/3G CC, there is a possible out of bounds write due to a mi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20082 (In GPU, there is a possible use after free due to a race condition. Th ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20081 (In A-GPS, there is a possible man in the middle attack due to improper ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20080 (In SUB2AF, there is a possible memory corruption due to a race conditi ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20079 (In vow, there is a possible read of uninitialized data due to a improp ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20078 (In vow, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20077 (In vow, there is a possible memory corruption due to a race condition. ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20076 (In ged, there is a possible memory corruption due to an incorrect erro ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20075 (In ged, there is a possible out of bounds write due to an integer over ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20074 (In preloader (partition), there is a possible out of bounds write due ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20073 (In preloader (usb), there is a possible out of bounds write due to a i ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20072 (In search engine service, there is a possible way to change the defaul ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20071 (In ccu, there is a possible escalation of privilege due to a missing c ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20070 (In ssmr, there is a possible out of bounds write due to a missing boun ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20069 (In preloader (usb), there is a possible out of bounds write due to an ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20068 (In mobile_log_d, there is a possible symbolic link following due to an ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20067 (In mdp, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20066 (In atf (hwfde), there is a possible leak of sensitive information due ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20065 (In ccci, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20064 (In ccci, there is a possible leak of kernel pointer due to an incorrec ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20063 (In atf (spm), there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20062 (In mdp, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20061 RESERVED CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due to a mis ...) NOT-FOR-US: Mediatek CVE-2022-20059 (In preloader (usb), there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2022-20058 (In preloader (usb), there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2022-20057 (In btif, there is a possible memory corruption due to incorrect error ...) NOT-FOR-US: Mediatek CVE-2022-20056 (In preloader (usb), there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2022-20055 (In preloader (usb), there is a possible out of bounds write due to a m ...) NOT-FOR-US: Mediatek CVE-2022-20054 (In ims service, there is a possible AT command injection due to a miss ...) NOT-FOR-US: Mediatek CVE-2022-20053 (In ims service, there is a possible escalation of privilege due to a m ...) NOT-FOR-US: Mediatek CVE-2022-20052 (In mdp, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: MediaTek driver for Android CVE-2022-20051 (In ims service, there is a possible unexpected application behavior du ...) NOT-FOR-US: Mediatek CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following due to i ...) NOT-FOR-US: Mediatek CVE-2022-20049 (In vpu, there is a possible escalation of privilege due to a missing p ...) NOT-FOR-US: Mediatek CVE-2022-20048 (In video decoder, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Mediatek CVE-2022-20047 (In video decoder, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Mediatek CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...) NOT-FOR-US: MediaTek CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...) NOT-FOR-US: MediaTek CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...) NOT-FOR-US: MediaTek CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) NOT-FOR-US: MediaTek CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...) NOT-FOR-US: MediaTek CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) NOT-FOR-US: MediaTek CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...) NOT-FOR-US: MediaTek CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...) NOT-FOR-US: MediaTek CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...) NOT-FOR-US: MediaTek CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...) NOT-FOR-US: MediaTek CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...) NOT-FOR-US: MediaTek CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...) NOT-FOR-US: MediaTek CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...) NOT-FOR-US: MediaTek CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...) NOT-FOR-US: MediaTek CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...) NOT-FOR-US: MediaTek CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...) NOT-FOR-US: MediaTek CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: MediaTek CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...) NOT-FOR-US: MediaTek CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...) NOT-FOR-US: MediaTek CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...) NOT-FOR-US: MediaTek CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...) NOT-FOR-US: MediaTek CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...) NOT-FOR-US: MediaTek CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...) NOT-FOR-US: MediaTek CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...) NOT-FOR-US: MediaTek CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...) NOT-FOR-US: MediaTek CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...) NOT-FOR-US: MediaTek CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...) NOT-FOR-US: MediaTek CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...) NOT-FOR-US: MediaTek CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...) NOT-FOR-US: MediaTek CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...) NOT-FOR-US: MediaTek CVE-2021-42328 RESERVED CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) {DLA-2787-1} - redmine 5.0.0-1 (bug #998417) NOTE: https://www.redmine.org/news/133 NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209 CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...) - froxlor (bug #581792) CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...) NOT-FOR-US: DCN S4600 switches CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42318 RESERVED CVE-2021-42317 RESERVED CVE-2021-42316 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42312 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42306 (

An information disclosure vulnerability manifests when a user or an ...) NOT-FOR-US: Microsoft CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42300 (Azure Sphere Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...) NOT-FOR-US: Microsoft CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42290 RESERVED CVE-2021-42289 RESERVED CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...) NOT-FOR-US: Microsoft CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42281 RESERVED CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-42276 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42275 (Microsoft COM for Windows Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vul ...) NOT-FOR-US: Microsoft CVE-2021-42273 RESERVED CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) NOT-FOR-US: Adobe CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...) NOT-FOR-US: Adobe CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...) NOT-FOR-US: Adobe CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) NOT-FOR-US: Adobe CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) NOT-FOR-US: Adobe CVE-2021-42265 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) - ledgersmb (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/ NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read) - libmobi (Fixed before initial upload to Debian) NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) CVE-2021-3880 REJECTED CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2021-42262 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. An inva ...) NOT-FOR-US: Softing OPC UA C++ SDK CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) NOT-FOR-US: Revisor Video Management System (VMS) CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) {DLA-3130-1 DLA-2988-1} - tinyxml 2.6.2-6 [bullseye] - tinyxml 2.6.2-4+deb11u1 NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ CVE-2021-42259 RESERVED CVE-2021-42258 (BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL i ...) NOT-FOR-US: BQE BillQuick Web Suite CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...) NOT-FOR-US: check_smart Icinga plugin CVE-2021-42256 RESERVED CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: CoreNLP CVE-2021-42255 (AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Dir ...) NOT-FOR-US: BeyondTrust AppGuard CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...) NOT-FOR-US: BeyondTrust Privilege Management CVE-2021-42253 RESERVED CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1) CVE-2021-42251 RESERVED CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...) NOT-FOR-US: Apache Superset CVE-2021-42249 RESERVED CVE-2021-42248 REJECTED CVE-2021-42247 RESERVED CVE-2021-42246 RESERVED CVE-2021-42245 (FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in p ...) NOT-FOR-US: FlatCore-CMS CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo ...) NOT-FOR-US: PaquitoSoftware Notimoo CVE-2021-42243 RESERVED CVE-2021-42242 (A command execution vulnerability exists in jfinal_cms 5.0.1 via com.j ...) NOT-FOR-US: jfinal_cms CVE-2021-42241 RESERVED CVE-2021-42240 RESERVED CVE-2021-42239 RESERVED CVE-2021-42238 RESERVED CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...) NOT-FOR-US: Sitecore CVE-2021-42236 RESERVED CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and password ...) NOT-FOR-US: osTicket CVE-2021-42234 RESERVED CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cros ...) NOT-FOR-US: Simple Blog plugin in Wondercms CVE-2021-42232 (TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command inj ...) NOT-FOR-US: TP-Link CVE-2021-42231 RESERVED CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to R ...) NOT-FOR-US: SEOWON 130-SLC CVE-2021-42229 RESERVED CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...) NOT-FOR-US: KindEditor CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) NOT-FOR-US: KindEditor CVE-2021-42226 RESERVED CVE-2021-42225 RESERVED CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) NOT-FOR-US: IFSC Code Finder Project CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) NOT-FOR-US: Online DJ Booking Management System CVE-2021-42222 RESERVED CVE-2021-42221 RESERVED CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...) - dolibarr CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...) - golang-github-go-ethereum (bug #890541) CVE-2021-42218 (OMPL v1.5.2 contains a memory leak in VFRRT.cpp) - ompl (unimportant) [stretch] - ompl (VFRRT introduced in v1.2) NOTE: https://github.com/ompl/ompl/issues/839 NOTE: https://github.com/ompl/ompl/commit/abb4fadcb4e4fe4c9cf41e5e7706143a66948eb7 NOTE: Negligible security impact CVE-2021-42217 RESERVED CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...) NOT-FOR-US: AnonAddy CVE-2021-42215 RESERVED CVE-2021-42214 RESERVED CVE-2021-42213 RESERVED CVE-2021-42212 RESERVED CVE-2021-42211 RESERVED CVE-2021-42210 RESERVED CVE-2021-42209 RESERVED CVE-2021-42208 RESERVED CVE-2021-42207 RESERVED CVE-2021-42206 RESERVED CVE-2021-42205 (ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC ...) NOT-FOR-US: ELAN Miniport touchpad Windows driver CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/169 CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/176 CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/171 CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/175 CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/170 CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/173 CVE-2021-42198 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/168 CVE-2021-42197 (An issue was discovered in swftools through 20201222 through a memory ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/177 CVE-2021-42196 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/172 CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/174 CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...) NOT-FOR-US: Eyoucms CVE-2021-42193 RESERVED CVE-2021-42192 (Konga v0.14.9 is affected by an incorrect access control vulnerability ...) NOT-FOR-US: KONGA CVE-2021-42191 RESERVED CVE-2021-42190 RESERVED CVE-2021-42189 RESERVED CVE-2021-42188 RESERVED CVE-2021-42187 RESERVED CVE-2021-42186 REJECTED CVE-2021-42185 (wdja v2.1 is affected by a SQL injection vulnerability in the foregrou ...) NOT-FOR-US: WDJA CMS CVE-2021-42184 RESERVED CVE-2021-42183 (MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index. ...) NOT-FOR-US: MasaCMS CVE-2021-42182 RESERVED CVE-2021-42181 RESERVED CVE-2021-42180 RESERVED CVE-2021-42179 RESERVED CVE-2021-42178 RESERVED CVE-2021-42177 RESERVED CVE-2021-42176 RESERVED CVE-2021-42175 RESERVED CVE-2021-42174 RESERVED CVE-2021-42173 RESERVED CVE-2021-42172 RESERVED CVE-2021-42171 (Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can ...) NOT-FOR-US: Zenario CMS CVE-2021-42170 RESERVED CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...) NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...) NOT-FOR-US: Sourcecodester CVE-2021-42167 RESERVED CVE-2021-42166 RESERVED CVE-2021-42165 (MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authen ...) NOT-FOR-US: MitraStar CVE-2021-42164 RESERVED CVE-2021-42163 RESERVED CVE-2021-42162 RESERVED CVE-2021-42161 RESERVED CVE-2021-42160 RESERVED CVE-2021-42159 RESERVED CVE-2021-42158 RESERVED CVE-2021-42157 RESERVED CVE-2021-42156 RESERVED CVE-2021-42155 RESERVED CVE-2021-42154 RESERVED CVE-2021-42153 RESERVED CVE-2021-42152 RESERVED CVE-2021-42151 RESERVED CVE-2021-42150 RESERVED CVE-2021-42149 RESERVED CVE-2021-42148 RESERVED CVE-2021-3877 REJECTED CVE-2021-42147 (Buffer over-read vulnerability in the dtls_sha256_update function in C ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42146 (An issue was discovered in Contiki-NG tinyDTLS through master branch 5 ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42145 (An assertion failure discovered in in check_certificate_request() in C ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42144 (Buffer over-read vulnerability in Contiki-NG tinyDTLS through master b ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42143 (An issue was discovered in Contiki-NG tinyDTLS through master branch 5 ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42142 (An issue was discovered in Contiki-NG tinyDTLS through master branch 5 ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42141 (An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One ...) NOT-FOR-US: Contiki-NG tinyDTLS CVE-2021-42140 RESERVED CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...) NOT-FOR-US: Deno CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...) NOT-FOR-US: SafeNet CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...) - zammad (bug #841355) CVE-2021-42136 (A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data ...) NOT-FOR-US: REDCap CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...) NOT-FOR-US: HashiCorp Vault CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...) NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-3876 REJECTED CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow) - vim 2:8.2.3565-1 (bug #996593) [bullseye] - vim (Vulnerable feature and code introduced later) [buster] - vim (Vulnerable feature and code introduced later) [stretch] - vim (Vulnerable feature and code introduced later) NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/ NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110) NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489) CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) NOT-FOR-US: Ivanti CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...) NOT-FOR-US: Ivanti CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...) NOT-FOR-US: Ivanti CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) NOT-FOR-US: Ivanti CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...) NOT-FOR-US: Ivanti CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) NOT-FOR-US: Ivanti CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) NOT-FOR-US: Ivanti CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...) NOT-FOR-US: Ivanti CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...) NOT-FOR-US: Ivanti CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...) NOT-FOR-US: Ivanti CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...) NOT-FOR-US: Business-DNA Solutions CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf NOTE: https://comsec.ethz.ch/research/dram/blacksmith/ CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...) NOT-FOR-US: Insyde CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) - limesurvey (bug #472802) CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...) NOT-FOR-US: RCDevs OpenOTP app CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...) NOT-FOR-US: Allegro Windows CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) NOT-FOR-US: bookstack CVE-2021-3873 REJECTED CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) NOT-FOR-US: VITEC Exterity IPTV products CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...) NOT-FOR-US: Trend Micro CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) NOT-FOR-US: Trend Micro CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) NOT-FOR-US: Trend Micro CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) NOT-FOR-US: Trend Micro CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) NOT-FOR-US: Trend Micro CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) NOT-FOR-US: Trend Micro CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) NOT-FOR-US: Trend Micro CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) NOT-FOR-US: Trend Micro CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3565-1 [bullseye] - vim (Minor issue) NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b CVE-2021-3871 REJECTED CVE-2021-3870 REJECTED CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-4984-1} - flatpak 1.12.1-1 (bug #995935) [buster] - flatpak (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp) [stretch] - flatpak (Difficult to exploit) NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented. NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf NOTE: Regression followups: NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861 CVE-2021-42100 RESERVED CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) NOT-FOR-US: Devolutions CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) {DSA-4991-1 DLA-2791-1} - mailman NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 NOTE: https://bugs.launchpad.net/mailman/+bug/1947640 NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...) {DSA-4991-1 DLA-2791-1} - mailman NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 NOTE: https://bugs.launchpad.net/mailman/+bug/1947639 NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...) NOT-FOR-US: NetSarang Xshell CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...) - zammad (bug #841355) CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...) - zammad (bug #841355) CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...) - zammad (bug #841355) CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...) - zammad (bug #841355) CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...) - zammad (bug #841355) CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...) - zammad (bug #841355) CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...) - zammad (bug #841355) CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...) - zammad (bug #841355) CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...) - zammad (bug #841355) CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...) - zammad (bug #841355) CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) - zammad (bug #841355) CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) NOT-FOR-US: CoreNLP CVE-2021-42083 (An authenticated attacker is able to create alerts that trigger a stor ...) NOT-FOR-US: QuantaStor CVE-2021-42082 (Local users are able to execute scripts under root privileges.) NOT-FOR-US: QuantaStor CVE-2021-42081 (An authenticated administrator is allowed to remotely execute arbitrar ...) NOT-FOR-US: QuantaStor CVE-2021-42080 (An attacker is able to launch a Reflected XSS attack using a crafted U ...) NOT-FOR-US: QuantaStor CVE-2021-42079 (An authenticated administrator is able to prepare an alert that is abl ...) NOT-FOR-US: QuantaStor CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...) NOT-FOR-US: PHP Event Calendar CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...) NOT-FOR-US: PHP Event Calendar CVE-2021-42076 (An issue was discovered in Barrier before 2.3.4. An attacker can cause ...) NOT-FOR-US: Barrier CVE-2021-42075 (An issue was discovered in Barrier before 2.3.4. The barriers componen ...) NOT-FOR-US: Barrier CVE-2021-42074 (An issue was discovered in Barrier before 2.3.4. An unauthenticated at ...) NOT-FOR-US: Barrier CVE-2021-42073 (An issue was discovered in Barrier before 2.4.0. An attacker can enter ...) NOT-FOR-US: Barrier CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers componen ...) NOT-FOR-US: Barrier CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...) NOT-FOR-US: Visual Tools DVR VX16 CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...) NOT-FOR-US: SAP CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...) NOT-FOR-US: SAP CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...) NOT-FOR-US: SAP CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...) NOT-FOR-US: SAP CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...) NOT-FOR-US: SAP CVE-2021-42065 RESERVED CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...) NOT-FOR-US: SAP CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...) NOT-FOR-US: SAP CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...) NOT-FOR-US: SAP CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...) NOT-FOR-US: SAP CVE-2021-3868 REJECTED CVE-2021-3867 REJECTED CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...) - zulip-server (bug #800052) NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...) NOT-FOR-US: Insyde CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...) NOT-FOR-US: Insyde CVE-2021-42058 RESERVED CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...) NOT-FOR-US: Obsidian Dataview CVE-2021-42056 (Thales Safenet Authentication Client (SAC) for Linux and Windows throu ...) NOT-FOR-US: Thales CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...) NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) NOT-FOR-US: ACCEL-PPP CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...) NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-42052 (IPESA e-Flow 3.3.6 allows path traversal for reading any file within t ...) NOT-FOR-US: IPESA e-Flow CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...) NOT-FOR-US: AbanteCart CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...) NOT-FOR-US: AbanteCart CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...) NOT-FOR-US: Translate MediaWiki extension CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) NOT-FOR-US: Growth MediaWiki extension CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) NOT-FOR-US: Growth MediaWiki extension CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...) NOT-FOR-US: GlobalWatchlist MediaWiki extension CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...) NOT-FOR-US: SecurePoll MediaWiki extension CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...) NOT-FOR-US: MediaSearch MediaWiki extension CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...) NOT-FOR-US: GrowthExperiments MediaWiki extension CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...) NOT-FOR-US: CentralAuth MediaWiki extension CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...) NOT-FOR-US: Loops MediaWiki extension CVE-2021-3865 RESERVED CVE-2022-20011 (In getArray of NotificationManagerService.java , there is a possible l ...) - android-platform-frameworks-base (unimportant) NOTE: https://source.android.com/security/bulletin/2022-05-01 NOTE: https://android.googlesource.com/platform/frameworks/base/+/f315ba91df3829d862371fbab9da584ce0a59bc6 NOTE: Not accessible in Debian builds, No security impact for Android as provided in Debian CVE-2022-20010 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2022-20009 (In various functions of the USB gadget subsystem, there is a possible ...) NOTE: CVE-2022-20009 duplicate of CVE-2022-25375 and CVE-2022-25258, Android CNA contacted CVE-2022-20008 (In mmc_blk_read_single of block.c, there is a possible way to read ker ...) - linux 5.16.11-1 [bullseye] - linux 5.10.103-1 [buster] - linux 4.19.232-1 [stretch] - linux (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/2022-05-01 NOTE: https://git.kernel.org/linus/54309fde1a352ad2674ebba004a79f7d20b9f037 (5.17-rc5) CVE-2022-20007 (In startActivityForAttachedApplicationIfNeeded of RootWindowContainer. ...) NOT-FOR-US: Android CVE-2022-20006 (In several functions of KeyguardServiceWrapper.java and related files, ...) NOT-FOR-US: Android CVE-2022-20005 (In validateApkInstallLocked of PackageInstallerSession.java, there is ...) NOT-FOR-US: Android CVE-2022-20004 (In checkSlicePermission of SliceManagerService.java, it is possible to ...) NOT-FOR-US: Android CVE-2022-20003 RESERVED CVE-2022-20002 (In incfs, there is a possible way of mounting on arbitrary paths due t ...) NOT-FOR-US: Android CVE-2021-42039 RESERVED CVE-2021-42038 RESERVED CVE-2021-42037 RESERVED CVE-2021-42036 RESERVED CVE-2021-42035 RESERVED CVE-2021-42034 RESERVED CVE-2021-42033 RESERVED CVE-2021-42032 RESERVED CVE-2021-42031 RESERVED CVE-2021-42030 RESERVED CVE-2021-42029 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 ...) NOT-FOR-US: Siemens CVE-2021-42028 (A vulnerability has been identified in syngo fastView (All versions). ...) NOT-FOR-US: syngo fastView CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions < ...) NOT-FOR-US: Siemens CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) NOT-FOR-US: Siemens CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...) NOT-FOR-US: Siemens CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...) NOT-FOR-US: Siemens CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...) NOT-FOR-US: Siemens CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) NOT-FOR-US: Siemens CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) NOT-FOR-US: Siemens CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens CVE-2021-42014 RESERVED CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...) - apache2 2.4.51-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013 NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3864 (A flaw was found in the way the dumpable flag setting was handled when ...) - linux NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2 CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...) NOT-FOR-US: Trend Micro CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) NOT-FOR-US: Trend Micro CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) - snipe-it (bug #1005172) CVE-2021-42010 (Heron versions <= 0.20.4-incubating allows CRLF log injection because ...) NOT-FOR-US: Apache Heron CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: icecoder CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...) NOT-FOR-US: zephyr-rtos CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) NOT-FOR-US: JFrog Artifactory CVE-2021-3859 (A flaw was found in Undertow that tripped the client-side invocation t ...) - undertow 2.2.16-1 (bug #1015983) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378 NOTE: https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) {DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7) CVE-2021-42007 RESERVED CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...) - libgclib 0.12.7+ds-2 (bug #996591) [bullseye] - libgclib (Minor issue) NOTE: https://github.com/gpertea/gclib/issues/11 CVE-2021-42005 RESERVED CVE-2021-42004 RESERVED CVE-2021-42003 RESERVED CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-42001 (PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption ...) NOT-FOR-US: pingidentity CVE-2021-42000 (When a password reset or password change flow with an authentication p ...) NOT-FOR-US: pingidentity CVE-2021-41999 RESERVED CVE-2021-41998 RESERVED CVE-2021-41997 RESERVED CVE-2021-41996 RESERVED CVE-2021-41995 (A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerab ...) NOT-FOR-US: pingidentity CVE-2021-41994 (A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerabl ...) NOT-FOR-US: pingidentity CVE-2021-41993 (A misconfiguration of RSA in PingID Android app prior to 1.19 is vulne ...) NOT-FOR-US: pingidentity CVE-2021-41992 (A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vuln ...) NOT-FOR-US: pingidentity CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...) {DSA-4989-1 DLA-2788-1} - strongswan 5.9.4-1 NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...) {DSA-4989-1} - strongswan 5.9.4-1 [stretch] - strongswan (The vulnerable code was introduced later in version 5.6.1) NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html CVE-2021-41989 (Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Dire ...) NOT-FOR-US: Qlik CVE-2021-41988 (Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in ...) NOT-FOR-US: Qlik CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products, an attack ...) NOT-FOR-US: Mikrotik CVE-2021-41986 REJECTED CVE-2021-41985 REJECTED CVE-2021-41984 REJECTED CVE-2021-41983 REJECTED CVE-2021-41982 REJECTED CVE-2021-41981 REJECTED CVE-2021-41980 REJECTED CVE-2021-41979 REJECTED CVE-2021-41978 REJECTED CVE-2021-41977 REJECTED CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...) NOT-FOR-US: Tad Uploader CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...) NOT-FOR-US: TadTools CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) NOT-FOR-US: Tad Book3 CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) - snipe-it (bug #1005172) CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: chaskiq CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) NOT-FOR-US: Apache MINA CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) NOT-FOR-US: Apache Superset CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) NOT-FOR-US: Apache Superset CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows read ...) NOT-FOR-US: Keycloak CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Liman MYS CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Glox Technology Useroam Hotspot CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] - rust-nix 0.19.0-2 (bug #995562) [bullseye] - rust-nix (Minor issue) [buster] - rust-nix (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html NOTE: https://github.com/nix-rust/nix/issues/1541 CVE-2021-41970 RESERVED CVE-2021-41969 RESERVED CVE-2021-41968 RESERVED CVE-2021-41967 RESERVED CVE-2021-41966 RESERVED CVE-2021-41965 (A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4 ...) NOT-FOR-US: ChurchCRM CVE-2021-41964 RESERVED CVE-2021-41963 RESERVED CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...) NOT-FOR-US: Sourcecodester CVE-2021-41961 RESERVED CVE-2021-41960 RESERVED CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4166 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4787 CVE-2021-41958 RESERVED CVE-2021-41957 RESERVED CVE-2021-41956 RESERVED CVE-2021-41955 RESERVED CVE-2021-41954 RESERVED CVE-2021-41953 RESERVED CVE-2021-41952 (Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via ...) NOT-FOR-US: Zenario CMS CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...) NOT-FOR-US: ResourceSpace CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...) NOT-FOR-US: ResourceSpace CVE-2021-41949 RESERVED CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contact us" ...) NOT-FOR-US: Subrion CMS plugin CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...) NOT-FOR-US: Subrion CMS CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting ...) NOT-FOR-US: FiberHome VDSL2 Modem CVE-2021-41945 (Encode OSS httpx < 0.23.0 is affected by improper input validation in ...) - httpx 0.23.0-1 (bug #1010336) [bullseye] - httpx (Minor issue) NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571 NOTE: https://github.com/encode/httpx/discussions/1831 NOTE: https://github.com/encode/httpx/issues/2184 NOTE: affected code has moved upstream, from _models.py to a new file, _urls.py NOTE: https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537 CVE-2021-41944 RESERVED CVE-2021-41943 (Logrhythm Web Console 7.4.9 allows for HTML tag injection through Cont ...) NOT-FOR-US: Logrhythm Web Console CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection vulnerability ...) NOT-FOR-US: Magic CMS CVE-2021-41941 RESERVED CVE-2021-41940 RESERVED CVE-2021-41939 RESERVED CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...) NOT-FOR-US: ShopXO CMS CVE-2021-41937 RESERVED CVE-2021-41936 RESERVED CVE-2021-41935 RESERVED CVE-2021-41934 RESERVED CVE-2021-41933 RESERVED CVE-2021-41932 (A blind SQL injection vulnerability in search form in TeamMate+ Audit ...) NOT-FOR-US: TeamMate+ Audit CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...) NOT-FOR-US: Company's Recruitment Management System CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...) NOT-FOR-US: Sourcecodester CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...) NOT-FOR-US: Sourcecodester CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...) NOT-FOR-US: Sourcecodester CVE-2021-41927 REJECTED CVE-2021-41926 RESERVED CVE-2021-41925 RESERVED CVE-2021-41924 (Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting ( ...) NOT-FOR-US: Webkul krayin crm CVE-2021-41923 RESERVED CVE-2021-41922 RESERVED CVE-2021-41921 (novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file ...) NOT-FOR-US: Novel-plus CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...) NOT-FOR-US: webTareas CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...) NOT-FOR-US: webTareas CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...) NOT-FOR-US: webTareas CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...) NOT-FOR-US: webTareas CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...) NOT-FOR-US: webTareas CVE-2021-41915 RESERVED CVE-2021-41914 RESERVED CVE-2021-41913 RESERVED CVE-2021-41912 RESERVED CVE-2021-41911 RESERVED CVE-2021-41910 RESERVED CVE-2021-41909 RESERVED CVE-2021-41908 RESERVED CVE-2021-41907 RESERVED CVE-2021-41906 RESERVED CVE-2021-41905 RESERVED CVE-2021-41904 RESERVED CVE-2021-41903 RESERVED CVE-2021-41902 RESERVED CVE-2021-41901 RESERVED CVE-2021-41900 RESERVED CVE-2021-41899 RESERVED CVE-2021-41898 RESERVED CVE-2021-41897 RESERVED CVE-2021-41896 RESERVED CVE-2021-41895 RESERVED CVE-2021-41894 RESERVED CVE-2021-41893 RESERVED CVE-2021-41892 RESERVED CVE-2021-41891 RESERVED CVE-2021-41890 RESERVED CVE-2021-41889 RESERVED CVE-2021-41888 RESERVED CVE-2021-41887 RESERVED CVE-2021-41886 RESERVED CVE-2021-41885 RESERVED CVE-2021-41884 RESERVED CVE-2021-41883 RESERVED CVE-2021-41882 RESERVED CVE-2021-41881 RESERVED CVE-2021-41880 RESERVED CVE-2021-41879 RESERVED CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...) NOT-FOR-US: i-Panel Administration System CVE-2021-41877 RESERVED CVE-2021-41876 RESERVED CVE-2021-41875 RESERVED CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) NOT-FOR-US: Portainer CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502 CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...) NOT-FOR-US: Socomec CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...) NOT-FOR-US: Socomec CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...) NOT-FOR-US: SuiteCRM CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Issue is an edge case; additionally invasive to fix) [buster] - onionshare (Vulnerable code not present) NOTE: https://github.com/onionshare/onionshare/issues/1396 CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...) - onionshare 2.5-1 (bug #1014966) [bullseye] - onionshare (Vulnerable code not present) [buster] - onionshare (Vulnerable code not present) CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) NOT-FOR-US: MyBB CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) NOT-FOR-US: chaskiq CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...) NOT-FOR-US: GROWI CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) - nomad (Only affects 1.1.x) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311 NOTE: https://github.com/hashicorp/nomad/issues/11243 NOTE: https://github.com/hashicorp/nomad/pull/11257 CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) {DSA-5096-1 DLA-2941-1 DLA-2843-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a CVE-2021-41863 RESERVED CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...) NOT-FOR-US: AviatorScript CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...) NOT-FOR-US: Telegram for Android CVE-2021-41860 REJECTED CVE-2021-41859 REJECTED CVE-2021-41858 REJECTED CVE-2021-41857 REJECTED CVE-2021-41856 REJECTED CVE-2021-41855 REJECTED CVE-2021-41854 REJECTED CVE-2021-41853 REJECTED CVE-2021-41852 REJECTED CVE-2021-41851 REJECTED CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: firefly-iii CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...) {DSA-5101-1 DLA-2912-1} - libphp-adodb 5.21.4-1 (bug #1004376) NOTE: https://github.com/ADOdb/ADOdb/issues/793 NOTE: https://github.com/adodb/adodb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2 (v5.21.4) NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 (v5.20.21) NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf NOTE: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/ CVE-2021-3849 (An authentication bypass vulnerability was discovered in the web inter ...) NOT-FOR-US: Lenovo CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...) NOT-FOR-US: Luna Simo CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...) NOT-FOR-US: Luna Simo CVE-2021-41848 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...) NOT-FOR-US: Luna Simo CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...) NOT-FOR-US: 3xLogic CVE-2021-41846 RESERVED CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...) NOT-FOR-US: ThycoticCentrify Secret Server CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...) NOT-FOR-US: Crocoblock JetEngine CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...) NOT-FOR-US: OpenEMR CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...) NOT-FOR-US: Insyde CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) NOT-FOR-US: Insyde CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...) NOT-FOR-US: Insyde CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) NOT-FOR-US: Insyde CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...) NOT-FOR-US: Trend Micro CVE-2021-3847 (An unauthorized access to the execution of the setuid file with capabi ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) NOT-FOR-US: firefly-iii CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) NOT-FOR-US: Trend Micro CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path) NOT-FOR-US: ws-scrcpy CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...) NOT-FOR-US: Apache OpenOffice CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration when an ...) NOT-FOR-US: Rapid7 InsightVM CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) NOT-FOR-US: Lenovo CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity) - nltk 3.6.7-1 (bug #1003142) [bullseye] - nltk (Minor issue) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/ NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6) CVE-2021-3841 RESERVED CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...) NOT-FOR-US: PlaceOS Authentication Service CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...) NOT-FOR-US: Verint Workforce Optimization (WFO) CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection.) NOT-FOR-US: Craft CMS CVE-2021-41823 (The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows ...) NOT-FOR-US: Kemp LoadMaster CVE-2021-41822 RESERVED CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...) NOT-FOR-US: Wazuh CVE-2021-41820 RESERVED CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...) {DSA-5067-1 DSA-5066-1 DLA-2853-1} - ruby3.0 3.0.3-1 (bug #1002995) - ruby2.7 2.7.5-1 - ruby2.5 - ruby2.3 NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1) CVE-2021-41818 RESERVED CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...) {DSA-5067-1 DSA-5066-1 DLA-2853-1} - ruby3.0 3.0.3-1 (bug #1002995) - ruby2.7 2.7.5-1 - ruby2.5 - ruby2.3 NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2) NOTE: Followups to mimic previous behaviour: NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...) {DSA-5067-1} - ruby3.0 3.0.3-1 (bug #1002995) - ruby2.7 2.7.5-1 - ruby2.5 (Vulnerable code introduced later) - ruby2.3 (Vulnerable code introduced later) NOTE: Fixed in Ruby 3.0.3, 2.7.5 NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0) NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1) CVE-2021-41815 RESERVED CVE-2021-41814 RESERVED CVE-2021-41813 RESERVED CVE-2021-41812 RESERVED CVE-2021-41811 RESERVED CVE-2021-41810 (Admin tool allows storing configuration data with script which may the ...) NOT-FOR-US: M-Files Server CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) NOT-FOR-US: M-Files Server CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) NOT-FOR-US: M-Files Server CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) NOT-FOR-US: M-Files Server CVE-2021-41806 RESERVED CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) - consul (Only affects Consul Enterprise) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 CVE-2021-41804 RESERVED CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...) - consul (bug #1034841) [bullseye] - consul (Minor issue) [buster] - consul (Vulnerable Code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 NOTE: https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b (v1.11.9) CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) NOT-FOR-US: HashiCorp Vault CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...) {DSA-4979-1} - mediawiki 1:1.35.4-1 [stretch] - mediawiki (The vulnerable code was introduced later) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T279090 CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) {DSA-4979-1} - mediawiki 1:1.35.4-1 [stretch] - mediawiki (The vulnerable code was introduced later) NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T284419 NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.4-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T290379 CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.4-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ NOTE: https://phabricator.wikimedia.org/T285515 CVE-2021-41797 REJECTED CVE-2021-41796 REJECTED CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) NOT-FOR-US: 1Password CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...) NOT-FOR-US: Open5GS CVE-2021-41793 RESERVED CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) NOT-FOR-US: Hyland org.alfresco:alfresco-content-services CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...) NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) NOT-FOR-US: Hyland org.alfresco:alfresco-content-services CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...) NOT-FOR-US: Mediatek devices CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...) NOT-FOR-US: Netgear CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) NOT-FOR-US: Antilles CVE-2021-41787 RESERVED CVE-2021-41786 RESERVED CVE-2021-41785 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41784 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41783 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41782 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41781 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41780 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit CVE-2021-41779 RESERVED CVE-2021-41778 RESERVED CVE-2021-41777 RESERVED CVE-2021-41776 RESERVED CVE-2021-41775 RESERVED CVE-2021-41774 RESERVED CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...) - apache2 2.4.50-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773 NOTE: Fixed by: https://svn.apache.org/r1893775 NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2 NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3839 (A flaw was found in the vhost library in DPDK. Function vhost_user_set ...) {DSA-5130-1} - dpdk 20.11.5-1 (bug #1010641) [buster] - dpdk (Vulnerable code introduced later) [stretch] - dpdk (Vulnerable code introduced later) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=657 NOTE: Introduced by: https://github.com/DPDK/dpdk/commit/ad0a4ae491fe3b10338441dfdf11a9b3a1c05798 (v19.11-rc1) NOTE: Fixed by: https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 (v22.03-rc4) CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...) - golang-1.17 1.17.3-1 - golang-1.16 1.16.10-1 - golang-1.15 (Vulnerable code introduced later in go1.16beta1) - golang-1.11 (Vulnerable code introduced later in go1.16beta1) - golang-1.8 (Vulnerable code introduced later in go1.16beta1) - golang-1.7 (Vulnerable code introduced later in go1.16beta1) NOTE: https://github.com/golang/go/issues/48085 NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1) NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3) NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10) CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.17 1.17.3-1 - golang-1.16 1.16.10-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/48990 NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3) NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10) CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...) NOT-FOR-US: Ping Identity PingFederate CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization] RESERVED {DLA-3495-2 DLA-3495-1} - php-dompdf 2.0.2+dfsg-1 [bullseye] - php-dompdf (Minor issue) NOTE: https://github.com/dompdf/dompdf/issues/2564 NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a (v2.0.0) CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...) NOT-FOR-US: Siemens CVE-2021-41768 RESERVED CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...) - guacamole-client (bug #1015986) [stretch] - guacamole-client (unmaintained stretch-only package) NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization) NOT-FOR-US: openwhyd CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...) - apache-karaf (bug #881297) CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) - dbeaver (bug #680987) NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22 CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain ...) NOT-FOR-US: zephyr-rtos CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...) NOT-FOR-US: Integria IMS CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...) NOT-FOR-US: Integria IMS CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...) NOT-FOR-US: Integria IMS CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: gnuboard5 CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...) NOT-FOR-US: ResourceSpace CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...) NOT-FOR-US: Streama CVE-2021-41763 RESERVED CVE-2021-41762 RESERVED CVE-2021-41761 RESERVED CVE-2021-41760 RESERVED CVE-2021-41759 RESERVED CVE-2021-41758 RESERVED CVE-2021-41757 RESERVED CVE-2021-41756 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter ...) NOT-FOR-US: dynamicMarkt CVE-2021-41755 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 paramete ...) NOT-FOR-US: dynamicMarkt CVE-2021-41754 (dynamicMarkt <= 3.10 is affected by SQL injection in the parent parame ...) NOT-FOR-US: dynamicMarkt CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) NOT-FOR-US: D-Link CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779 CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797 NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2 CVE-2021-41750 (A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4. ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2021-41749 (In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible fo ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2021-41748 REJECTED CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) NOT-FOR-US: Csdn APP CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) NOT-FOR-US: Yonyou TurboCRM CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) NOT-FOR-US: ShowDoc CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) NOT-FOR-US: yongyou PLM CVE-2021-41743 RESERVED CVE-2021-41742 RESERVED CVE-2021-41741 RESERVED CVE-2021-41740 RESERVED CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Proxy 4. ...) NOT-FOR-US: Artica Web Proxy CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerb ...) NOT-FOR-US: ZeroShell CVE-2021-41737 RESERVED - faust (bug #1014783) [bookworm] - faust (Minor issue) [bullseye] - faust (Minor issue) [buster] - faust (Minor issue) [stretch] - faust (Minor issue, no patch/acknowledgment yet) NOTE: https://github.com/grame-cncm/faust/issues/653 CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...) - faust (bug #1014783) [bookworm] - faust (Minor issue) [bullseye] - faust (Minor issue) [buster] - faust (Minor issue) [stretch] - faust (Minor issue, no patch/acknowledgment yet) NOTE: https://github.com/grame-cncm/faust/issues/653 CVE-2021-41735 RESERVED CVE-2021-41734 RESERVED CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...) NOT-FOR-US: Oppia CVE-2021-41732 (An issue was discovered in zeek version 4.1.0. There is a HTTP request ...) - zeek (unimportant) NOTE: https://github.com/zeek/zeek/issues/1798 NOTE: Disputed validitity of the security issue CVE-2021-41731 (Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News ...) NOT-FOR-US: Sourcecodester News247 News Magazine (CMS) CVE-2021-41730 RESERVED CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...) NOT-FOR-US: BaiCloud-cms CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...) NOT-FOR-US: Sourcecodester CVE-2021-41727 RESERVED CVE-2021-41726 RESERVED CVE-2021-41725 RESERVED CVE-2021-41724 RESERVED CVE-2021-41723 RESERVED CVE-2021-41722 RESERVED CVE-2021-41721 RESERVED CVE-2021-41720 REJECTED CVE-2021-41719 RESERVED CVE-2021-41718 RESERVED CVE-2021-41717 RESERVED CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...) NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither ...) - libsixel 1.10.3-1 [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8 (1.10.1) NOTE: https://github.com/libsixel/libsixel/pull/28 NOTE: https://github.com/libsixel/libsixel/issues/27 CVE-2021-41714 (In Tipask < 3.5.9, path parameters entered by the user are not validat ...) NOT-FOR-US: sdfsky/tipask CVE-2021-41713 RESERVED CVE-2021-41712 RESERVED CVE-2021-41711 RESERVED CVE-2021-41710 RESERVED CVE-2021-41709 RESERVED CVE-2021-41708 RESERVED CVE-2021-41707 RESERVED CVE-2021-41706 RESERVED CVE-2021-41705 RESERVED CVE-2021-41704 RESERVED CVE-2021-41703 RESERVED CVE-2021-41702 RESERVED CVE-2021-41701 RESERVED CVE-2021-41700 RESERVED CVE-2021-41699 RESERVED CVE-2021-41698 RESERVED CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...) NOT-FOR-US: Premiumdatingscript CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...) NOT-FOR-US: Premiumdatingscript CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...) NOT-FOR-US: Premiumdatingscript CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...) NOT-FOR-US: Premiumdatingscript CVE-2021-41693 RESERVED CVE-2021-41692 RESERVED CVE-2021-41691 RESERVED CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...) - dcmtk 3.6.7-1 [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...) - dcmtk 3.6.7-1 [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7) CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...) - dcmtk 3.6.7-1 [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program ...) - dcmtk 3.6.7-1 [bullseye] - dcmtk (Minor issue) [buster] - dcmtk (Minor issue) NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) CVE-2021-41686 RESERVED CVE-2021-41685 RESERVED CVE-2021-41684 RESERVED CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745 CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...) - iotjs (bug #1015219) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747 NOTE: https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290 CVE-2021-41681 RESERVED CVE-2021-41680 RESERVED CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) NOT-FOR-US: openSIS CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) NOT-FOR-US: openSIS CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) NOT-FOR-US: openSIS CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) NOT-FOR-US: oretnom23 Pharmacy Point of Sale System CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) NOT-FOR-US: Sourcecodester CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) NOT-FOR-US: Sourcecodester CVE-2021-41673 RESERVED CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...) NOT-FOR-US: PEEL Shopping CMS CVE-2021-41671 RESERVED CVE-2021-41670 RESERVED CVE-2021-41669 RESERVED CVE-2021-41668 RESERVED CVE-2021-41667 RESERVED CVE-2021-41666 RESERVED CVE-2021-41665 RESERVED CVE-2021-41664 RESERVED CVE-2021-41663 (A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. T ...) NOT-FOR-US: Mini CMS CVE-2021-41662 (The South Gate Inn Online Reservation System v1.0 contains an SQL inje ...) NOT-FOR-US: South Gate Inn Online Reservation System CVE-2021-41661 (Church Management System version 1.0 is affected by a SQL anjection vu ...) NOT-FOR-US: Church Management System CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...) NOT-FOR-US: Sourcecodester CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...) NOT-FOR-US: Sourcecodester CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...) NOT-FOR-US: Sourcecodester CVE-2021-41657 (SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulne ...) NOT-FOR-US: SmartBear CodeCollaborator CVE-2021-41656 RESERVED CVE-2021-41655 RESERVED CVE-2021-41654 (SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows at ...) NOT-FOR-US: Wuzhicms CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...) NOT-FOR-US: TP-Link CVE-2021-41652 (Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 al ...) NOT-FOR-US: BatFlat CMS CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...) NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system CVE-2021-41650 RESERVED CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) NOT-FOR-US: PuneethReddyHC online-shopping-system CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) NOT-FOR-US: Sourcecodester CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) NOT-FOR-US: Sourcecodester CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) NOT-FOR-US: Sourcecodester CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) NOT-FOR-US: Sourcecodester CVE-2021-41642 RESERVED CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links correctly. W ...) NOT-FOR-US: Deno CVE-2021-41640 RESERVED CVE-2021-41639 (MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in ...) NOT-FOR-US: MELAG CVE-2021-41638 (The authentication checks of the MELAG FTP Server in version 2.2.0.4 a ...) NOT-FOR-US: MELAG CVE-2021-41637 (Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the ...) NOT-FOR-US: MELAG CVE-2021-41636 (MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to ...) NOT-FOR-US: MELAG CVE-2021-41635 (When installed as Windows service MELAG FTP Server 2.2.0.4 is run as S ...) NOT-FOR-US: MELAG CVE-2021-41634 (A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an ...) NOT-FOR-US: MELAG CVE-2021-41633 RESERVED CVE-2021-41632 RESERVED CVE-2021-41631 RESERVED CVE-2021-41630 RESERVED CVE-2021-41629 RESERVED CVE-2021-41628 RESERVED CVE-2021-41627 RESERVED CVE-2021-41626 RESERVED CVE-2021-41625 RESERVED CVE-2021-41624 RESERVED CVE-2021-41623 RESERVED CVE-2021-41622 RESERVED CVE-2021-41621 RESERVED CVE-2021-41620 RESERVED CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41618 RESERVED CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...) NOT-FOR-US: Apache DB DdlUtils CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: btcpayserver CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...) {DLA-3694-1} - openssh 1:8.7p1-1 (bug #995130) [bullseye] - openssh 1:8.4p1-5+deb11u3 [stretch] - openssh (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1 NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy bec ...) NOT-FOR-US: GoAhead Web Server CVE-2021-41614 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...) NOT-FOR-US: OpenRISC mor1kx CVE-2021-41613 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...) NOT-FOR-US: OpenRISC mor1kx CVE-2021-41612 (An issue was discovered in the ALU unit of the OpenRISC mor1kx process ...) NOT-FOR-US: OpenRISC mor1kx CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...) - squid 5.2-1 [bullseye] - squid (Vulnerable code introduced later) [buster] - squid (Vulnerable code introduced later) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: openwhyd CVE-2021-41610 REJECTED CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...) NOT-FOR-US: SelectSurvey.NET CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...) NOT-FOR-US: SelectSurvey.NET CVE-2021-41607 RESERVED CVE-2021-41606 RESERVED CVE-2021-41605 RESERVED CVE-2021-41604 RESERVED CVE-2021-41603 RESERVED CVE-2021-41602 RESERVED CVE-2021-41601 RESERVED CVE-2021-41600 RESERVED CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) NOT-FOR-US: GitHub Enterprise Server CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...) NOT-FOR-US: SuiteCRM CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) NOT-FOR-US: SuiteCRM CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) NOT-FOR-US: SuiteCRM CVE-2021-41594 (In RSA Archer 6.9.SP1 P3, if some application functions are precluded ...) NOT-FOR-US: RSA Archer CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...) NOT-FOR-US: Lightning Labs lnd CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...) NOT-FOR-US: Blockstream c-lightning CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...) NOT-FOR-US: ACINQ Eclair CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) NOT-FOR-US: Gradle Enterprise CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity) - nltk 3.6.5-1 (bug #995226) [bullseye] - nltk (Minor issue) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 NOTE: https://github.com/nltk/nltk/pull/2816 CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...) - trafficserver (Only affects FreeBSD) NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: https://github.com/apache/trafficserver/pull/8456/ NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master) NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x) CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) NOT-FOR-US: Gradle Enterprise CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) NOT-FOR-US: vpn-user-portal CVE-2021-41582 RESERVED CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...) - libressl (bug #754513) NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch CVE-2021-41580 (The passport-oauth2 package before 1.6.1 for Node.js mishandles the er ...) NOT-FOR-US: Node passport-oauth2 CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...) NOT-FOR-US: mySCADA myDESIGNER CVE-2021-41577 RESERVED CVE-2021-41576 REJECTED CVE-2021-41575 REJECTED CVE-2021-41574 REJECTED CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...) NOT-FOR-US: Hitachi CVE-2021-3827 (A flaw was found in keycloak, where the default ECP binding flow allow ...) NOT-FOR-US: Keycloak CVE-2021-41572 RESERVED CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...) NOT-FOR-US: Apache Pulsar CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup ...) NOT-FOR-US: Veritas NetBackup CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...) NOT-FOR-US: SAS/Intrnet CVE-2021-3826 (Heap/stack buffer overflow in the dlang_lname function in d-demangle.c ...) - binutils 2.37.50.20220121-1 (unimportant) - libiberty 20220713-1 [bullseye] - libiberty (Minor issue) [buster] - libiberty (Minor issue) NOTE: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5481040197402be6dfee265bd2ff5a4c88e30505 NOTE: binutils not covered by security support CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...) NOT-FOR-US: Tad Web CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...) NOT-FOR-US: Tad Uploader CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...) NOT-FOR-US: TadTools CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...) NOT-FOR-US: TadTools CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...) NOT-FOR-US: Tad Honor CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...) NOT-FOR-US: Tad Book3 CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...) NOT-FOR-US: Snow Snow Agent for Windows CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...) NOT-FOR-US: Apache Parquet CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...) NOT-FOR-US: LiderAhenk CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) NOT-FOR-US: OpenVPN Access Server CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Bitdefender CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: jsoneditor CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: OpenCATS CVE-2021-41559 (Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...) NOT-FOR-US: SilverStripe CMS CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...) NOT-FOR-US: set_user extension for Postgres CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...) NOT-FOR-US: Sofico CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...) - squirrel3 (bug #1016212) [bullseye] - squirrel3 (Minor issue) [buster] - squirrel3 (Minor issue) NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2) NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/ CVE-2021-41555 (In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs i ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41554 (ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properl ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41553 (In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Appl ...) NOT-FOR-US: ARCHIBUS Web Central CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...) NOT-FOR-US: CommScope CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) NOT-FOR-US: Leostream Connection Broker CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) NOT-FOR-US: Leostream Connection Broker CVE-2021-41549 RESERVED CVE-2021-41548 RESERVED CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) NOT-FOR-US: Siemens CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) NOT-FOR-US: Siemens CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center (All ve ...) NOT-FOR-US: Siemens CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) NOT-FOR-US: Siemens CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) NOT-FOR-US: Siemens CVE-2021-41541 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) NOT-FOR-US: Siemens CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) NOT-FOR-US: Siemens CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...) NOT-FOR-US: Apache Ozone CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...) - routinator (bug #929024) NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...) NOT-FOR-US: Forcepoint NGFW Engine CVE-2021-41529 RESERVED CVE-2021-41528 RESERVED CVE-2021-41527 RESERVED CVE-2021-41526 (A vulnerability has been reported in the windows installer (MSI) built ...) NOT-FOR-US: Flexera CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...) NOT-FOR-US: FlexNet CVE-2021-3821 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: Nodejs inflect NOTE: https://github.com/pksunkara/inflect CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...) - apache2 2.4.50-1 [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524 NOTE: Fixed by: https://svn.apache.org/r1893655 NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1 CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...) NOT-FOR-US: Grav CMS CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...) NOT-FOR-US: wbce_cms CVE-2021-41523 RESERVED CVE-2021-41522 RESERVED CVE-2021-41521 RESERVED CVE-2021-41520 RESERVED CVE-2021-41519 RESERVED CVE-2021-41518 RESERVED CVE-2021-41517 RESERVED CVE-2021-41516 RESERVED CVE-2021-41515 RESERVED CVE-2021-41514 RESERVED CVE-2021-41513 RESERVED CVE-2021-41512 RESERVED CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...) NOT-FOR-US: Lodging Reservation Management System CVE-2021-41510 RESERVED CVE-2021-41509 RESERVED CVE-2021-41508 RESERVED CVE-2021-41507 RESERVED CVE-2021-41506 (Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2 ...) NOT-FOR-US: Xiaongmai CVE-2021-41505 RESERVED CVE-2021-41504 (An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS- ...) NOT-FOR-US: D-Link CVE-2021-41503 (DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect ...) NOT-FOR-US: D-Link CVE-2021-41502 (An issue was discovered in Subrion CMS v4.2.1 There is a stored cross- ...) NOT-FOR-US: Subrion CMS CVE-2021-41501 RESERVED CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop < ...) - cvxopt 1.2.7+dfsg-1 [bullseye] - cvxopt (Minor issue) [buster] - cvxopt (Minor issue) [stretch] - cvxopt (Minor issue) NOTE: https://github.com/cvxopt/cvxopt/issues/193 CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1. ...) - python-pyo 1.0.4-1 [bullseye] - python-pyo (Minor issue) [buster] - python-pyo (Minor issue) [stretch] - python-pyo (Minor issue) NOTE: https://github.com/belangeo/pyo/issues/222 NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4) CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_ ...) - python-pyo 1.0.4-1 [bullseye] - python-pyo (Minor issue) [buster] - python-pyo (Minor issue) [stretch] - python-pyo (Minor issue) NOTE: https://github.com/belangeo/pyo/issues/221 NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4) CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...) NOT-FOR-US: RaRe-Technologies bounter CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...) - numpy (unimportant) NOTE: https://github.com/numpy/numpy/issues/19000 NOTE: https://github.com/numpy/numpy/pull/20630 NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2 CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...) - numpy (unimportant) NOTE: https://github.com/numpy/numpy/issues/19038 CVE-2021-41494 RESERVED CVE-2021-41493 RESERVED CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple ...) NOT-FOR-US: Sourcecodester CVE-2021-41491 RESERVED CVE-2021-41490 (Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavi ...) - ompl (unimportant) NOTE: https://github.com/ompl/ompl/issues/833 NOTE: Negligible security impact CVE-2021-41489 RESERVED CVE-2021-41488 RESERVED CVE-2021-41487 (NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserNam ...) NOT-FOR-US: NOKIA CVE-2021-41486 RESERVED CVE-2021-41485 RESERVED CVE-2021-41484 RESERVED CVE-2021-41483 RESERVED CVE-2021-41482 RESERVED CVE-2021-41481 RESERVED CVE-2021-41480 RESERVED CVE-2021-41479 RESERVED CVE-2021-41478 RESERVED CVE-2021-41477 RESERVED CVE-2021-41476 RESERVED CVE-2021-41475 RESERVED CVE-2021-41474 RESERVED CVE-2021-41473 RESERVED CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...) NOT-FOR-US: Sourcecodester CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...) NOT-FOR-US: Sourcecodester CVE-2021-41470 RESERVED CVE-2021-41469 RESERVED CVE-2021-41468 RESERVED CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...) NOT-FOR-US: JustWriting CVE-2021-41466 RESERVED CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...) NOT-FOR-US: concrete5-legacy CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) NOT-FOR-US: concrete5-legacy CVE-2021-41460 (ECShop 4.1.0 has SQL injection vulnerability, which can be exploited b ...) NOT-FOR-US: ECShop CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1912 NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0) CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1910 NOTE: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1909 NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 (v2.0.0) CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1911 NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) CVE-2021-41455 RESERVED CVE-2021-41454 REJECTED CVE-2021-41453 REJECTED CVE-2021-41452 REJECTED CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...) NOT-FOR-US: TP-Link CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...) NOT-FOR-US: TP-Link CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...) NOT-FOR-US: Netgear CVE-2021-41448 REJECTED CVE-2021-41447 REJECTED CVE-2021-41446 REJECTED CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...) NOT-FOR-US: D-Link CVE-2021-41444 RESERVED CVE-2021-41443 RESERVED CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...) NOT-FOR-US: D-Link CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...) NOT-FOR-US: D-Link CVE-2021-41440 RESERVED CVE-2021-41439 REJECTED CVE-2021-41438 REJECTED CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U ...) NOT-FOR-US: ASUS CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...) NOT-FOR-US: ASUS CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...) NOT-FOR-US: ASUS CVE-2021-41434 (A stored Cross-Site Scripting (XSS) vulnerability exists in version 1. ...) NOT-FOR-US: Expense Management System application CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the Resumes Manag ...) NOT-FOR-US: Resumes Management and Job Application Website application CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress ...) NOT-FOR-US: FlatPress CVE-2021-41431 RESERVED CVE-2021-41430 RESERVED CVE-2021-41429 RESERVED CVE-2021-41428 REJECTED CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: Beeline Smart Box CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...) NOT-FOR-US: Beeline Smart Box CVE-2021-41425 RESERVED CVE-2021-41424 RESERVED CVE-2021-41423 RESERVED CVE-2021-41422 RESERVED CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an a ...) NOT-FOR-US: MaianAffiliate CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...) NOT-FOR-US: MaianAffiliate CVE-2021-41419 (QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution ...) NOT-FOR-US: QVIS NVR DVR CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...) NOT-FOR-US: AriaNg CVE-2021-41417 RESERVED CVE-2021-41416 RESERVED CVE-2021-41415 (Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vu ...) NOT-FOR-US: Subscription-Manager CVE-2021-41414 RESERVED CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...) NOT-FOR-US: ok-file-formats CVE-2021-41412 RESERVED CVE-2021-41411 (drools <=7.59.x is affected by an XML External Entity (XXE) vulnerabil ...) NOT-FOR-US: drools CVE-2021-41410 RESERVED CVE-2021-41409 RESERVED CVE-2021-41408 (VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection t ...) NOT-FOR-US: VoIPmonitor WEB GUI CVE-2021-41407 RESERVED CVE-2021-41406 RESERVED CVE-2021-41405 RESERVED CVE-2021-41404 RESERVED CVE-2021-41403 (flatCore-CMS version 2.0.8 calls dangerous functions, causing server-s ...) NOT-FOR-US: flatCore CMS CVE-2021-41402 (flatCore-CMS v2.0.8 has a code execution vulnerability, which could le ...) NOT-FOR-US: flatCore CMS CVE-2021-41401 RESERVED CVE-2021-41400 RESERVED CVE-2021-41399 RESERVED CVE-2021-41398 RESERVED CVE-2021-41397 RESERVED CVE-2021-41396 (Live555 through 1.08 does not handle socket connections properly. A hu ...) - liblivemedia [buster] - liblivemedia (Minor issue) CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) NOT-FOR-US: Teleport CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) NOT-FOR-US: Teleport CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) NOT-FOR-US: Teleport CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...) NOT-FOR-US: BoostNote CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...) NOT-FOR-US: Ericsson ECM CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...) NOT-FOR-US: Ericsson ECM CVE-2021-41389 RESERVED CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...) NOT-FOR-US: Netskope CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...) - seatd (Vulnerable code introduced later) NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E CVE-2021-41386 RESERVED CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...) NOT-FOR-US: third party intelligence connector in Securonix SNYPR CVE-2021-41384 RESERVED CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...) NOT-FOR-US: Netgear CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) NOT-FOR-US: Plastic SCM CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal.) NOT-FOR-US: Payara Micro Community CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) - cacti 1.2.1+ds1-1 [stretch] - cacti (user_group_admin.php not present, added in 1.0) NOTE: https://github.com/Cacti/cacti/issues/1882 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...) NOT-FOR-US: RealVNC CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41373 (FSLogix Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41372 (

A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: Microsoft CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41369 RESERVED CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...) NOT-FOR-US: Microsoft CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41364 RESERVED CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41362 RESERVED CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41359 RESERVED CVE-2021-41358 RESERVED CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41356 (Windows Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft .NET CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41352 (SCOM Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode) NOT-FOR-US: Microsoft CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41341 RESERVED CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) NOT-FOR-US: Datalust Seq CVE-2021-41328 RESERVED CVE-2021-41327 RESERVED CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) NOT-FOR-US: MISP CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...) NOT-FOR-US: Pydio Cells CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...) NOT-FOR-US: Pydio Cells CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) NOT-FOR-US: Pydio Cells CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...) NOT-FOR-US: Poly VVX 400/410 CVE-2021-41321 RESERVED CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...) NOT-FOR-US: Wallstreet Suite TRM CVE-2021-41319 RESERVED CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) NOT-FOR-US: Progress WhatsUp Gold CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) NOT-FOR-US: XSS Hunter Express CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) NOT-FOR-US: Device42 Main Appliance CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) NOT-FOR-US: Device42 Remote Collector CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...) NOT-FOR-US: fabiocaccamo/utils.js CVE-2021-3814 (It was found that 3scale's APIdocs does not validate the access token, ...) NOT-FOR-US: Red Hat 3scale API Management CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...) NOT-FOR-US: chatwoot CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) NOT-FOR-US: Atlassian CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...) NOT-FOR-US: Atlassian CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...) NOT-FOR-US: Atlassian CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: adminlte CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: adminlte CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: code-server CVE-2021-3809 (Potential security vulnerabilities have been identified in the BIOS (U ...) NOT-FOR-US: HP CVE-2021-3808 (Potential security vulnerabilities have been identified in the BIOS (U ...) NOT-FOR-US: HP CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity) - node-ansi-regex 5.0.1-1 (bug #994568) [bullseye] - node-ansi-regex 5.0.1-1~deb11u1 [buster] - node-ansi-regex 3.0.0-1+deb10u1 [stretch] - node-ansi-regex (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...) NOT-FOR-US: Pardus Software Center CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) {DLA-3291-1} - node-object-path 0.11.8-1 [bullseye] - node-object-path 0.11.5-3+deb11u1 [stretch] - node-object-path (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884 (v0.11.8) CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) - shiro (bug #1014819) [bookworm] - shiro (Minor issue) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) [stretch] - shiro (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41300 (ECOA BAS controller\u2019s special page displays user account and pass ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...) NOT-FOR-US: ECOA BAS controller CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...) NOT-FOR-US: ASUS CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41287 RESERVED CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...) NOT-FOR-US: Omikron MultiCash Desktop CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: NervJS Taro CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) - openssh (unimportant) NOTE: https://github.com/openssh/openssh-portable/pull/270 NOTE: Negligible impact, not treated as a security issue by upstream CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...) NOT-FOR-US: Ballistix MOD Utility CVE-2021-41284 RESERVED CVE-2021-41283 RESERVED CVE-2021-41282 (diag_routes.php in pfSense 2.5.2 allows sed data injection. Authentica ...) NOT-FOR-US: pfSense CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...) - matrix-synapse 1.47.1-1 (bug #1000451) NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...) NOT-FOR-US: Sharetribe Go CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...) NOT-FOR-US: BaserCMS CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) NOT-FOR-US: EdgeX CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) NOT-FOR-US: Metabase CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) NOT-FOR-US: Tuleap CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...) NOT-FOR-US: spree_auth_devise CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...) NOT-FOR-US: solidus_auth_devise CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...) NOT-FOR-US: Hyperledger Besu CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...) - symfony 4.4.19+dfsg-3 [bullseye] - symfony 4.4.19+dfsg-2+deb11u1 [buster] - symfony (Vulnerable code and support for csv_escape_formulas introduced in 4.1) [stretch] - symfony (Vulnerable code and support for csv_escape_formulas introduced in 4.1) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35) NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...) NOT-FOR-US: cron-utils Java library CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...) - symfony (Vulnerable code never in released version in unstable) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12) CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...) - symfony (Vulnerable code never in released version in unstable) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12) CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...) NOT-FOR-US: Minio console CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...) - flask-appbuilder (Fixed before initial upload to archive) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4) CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...) NOT-FOR-US: rails_multisite CVE-2021-41262 (Galette is a membership management web application built for non profi ...) - galette CVE-2021-41261 (Galette is a membership management web application built for non profi ...) - galette CVE-2021-41260 (Galette is a membership management web application built for non profi ...) - galette CVE-2021-41259 REJECTED CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...) NOT-FOR-US: Kirby CVE-2021-41257 RESERVED CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...) NOT-FOR-US: nextcloud news-android App CVE-2021-41255 RESERVED CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...) NOT-FOR-US: kustomize-controller CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...) - zydis 3.2.1-1 (bug #999431) NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master) NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1) CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...) NOT-FOR-US: Kirby CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...) NOT-FOR-US: SAP CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...) NOT-FOR-US: Python discord bot CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...) NOT-FOR-US: GraphQL Playground CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) NOT-FOR-US: GraphiQL CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) - jupyterhub 2.0.0+ds1-1 NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...) NOT-FOR-US: Express OpenID Connect CVE-2021-41245 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) NOT-FOR-US: baserCMS CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...) NOT-FOR-US: OpenOlat CVE-2021-41241 (Nextcloud server is a self hosted system designed to provide cloud sty ...) - nextcloud-server (bug #941708) CVE-2021-41240 RESERVED CVE-2021-41239 (Nextcloud server is a self hosted system designed to provide cloud sty ...) - nextcloud-server (bug #941708) CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...) NOT-FOR-US: Hangfire CVE-2021-41237 RESERVED CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) NOT-FOR-US: OroPlatform CVE-2021-41235 RESERVED CVE-2021-41234 RESERVED CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdown buil ...) NOT-FOR-US: Nextcloud text app CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...) NOT-FOR-US: Thunderdome CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) NOT-FOR-US: OpenMage CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) NOT-FOR-US: Pomerium CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) {DLA-3157-1 DLA-2827-1} - bluez 5.62-2 (bug #1000262) [bullseye] - bluez (Minor issue) NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0) NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0 CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41226 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41225 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41224 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41223 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41222 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41221 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41220 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41219 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41218 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41217 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41216 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41215 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41214 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41213 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41212 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41211 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41210 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41209 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41208 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41207 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41206 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41205 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41204 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41203 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41202 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41201 (TensorFlow is an open source platform for machine learning. In affeced ...) - tensorflow (bug #804612) CVE-2021-41200 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41199 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41198 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41197 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41196 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In affecte ...) - tensorflow (bug #804612) CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...) NOT-FOR-US: FirstUseAuthenticator for JupyterHub CVE-2021-41193 (wire-avs is the audio visual signaling (AVS) component of Wire, an ope ...) NOT-FOR-US: wire-avs CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...) NOT-FOR-US: Redash CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) NOT-FOR-US: Roblox-Purchasing-Hub CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) NOT-FOR-US: OCI Distribution Specification NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10 NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) NOT-FOR-US: DSpace CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) NOT-FOR-US: Shopware CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...) NOT-FOR-US: DHIS CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) - fluentd (bug #926692) CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) NOT-FOR-US: Mycodo CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) {DLA-3551-1 DLA-3230-1} - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui (Minor issue) - otrs2 6.3.1-1 [bullseye] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) {DLA-3551-1 DLA-3230-1 DLA-2889-1} - drupal7 - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui (Minor issue) - otrs2 6.3.1-1 [bullseye] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 NOTE: https://bugs.jqueryui.com/ticket/15284 NOTE: https://github.com/jquery/jquery-ui/pull/1953 NOTE: https://www.drupal.org/sa-core-2022-001 NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) {DLA-3551-1 DLA-3230-1 DLA-2889-1} - drupal7 - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui (Minor issue) - otrs2 6.3.1-1 [bullseye] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce NOTE: https://www.drupal.org/sa-core-2022-002 NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 CVE-2021-41181 (Nextcloud talk is a self hosting messaging service. In versions prior ...) NOT-FOR-US: Nextcloud talk android app CVE-2021-41180 (Nextcloud talk is a self hosting messaging service. In versions prior ...) NOT-FOR-US: Nextcloud talk app CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) - nextcloud-server (bug #941708) CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) - nextcloud-server (bug #941708) CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) - nextcloud-server (bug #941708) CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...) NOT-FOR-US: Pi-hole CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) - golang-github-go-ethereum (bug #890541) CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) NOT-FOR-US: AntSword plugin for Redis CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) NOT-FOR-US: eLabFTW CVE-2021-41170 (neoan3-apps/template is a neoan3 minimal template engine. Versions pri ...) NOT-FOR-US: neoan3-apps/template CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) NOT-FOR-US: Snudown CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) NOT-FOR-US: modern-async CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) NOT-FOR-US: Nextcloud Android app CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) - ckeditor 4.19.0+dfsg-1 (bug #999909) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) - ckeditor3 (bug #1015217) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) [stretch] - ckeditor3 (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) - ckeditor 4.19.0+dfsg-1 (bug #999909) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) - ckeditor3 (Advanced Content Filter introduced in v4.1) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0) CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...) NOT-FOR-US: Combodo iTop CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) {DLA-3654-1} - freerdp2 2.4.1+dfsg1-1 (bug #1001062) [bullseye] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349 NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692 CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) - freerdp2 2.4.1+dfsg1-1 (bug #1001061) [bullseye] - freerdp2 (Minor issue) [buster] - freerdp2 (Patch is too instrusive to backport) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports) NOTE: The RFC gateway parsing code has been completly refactored, backporting to 2.3.x is not feasible. NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) NOT-FOR-US: anuko/timetracker CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of software ...) NOT-FOR-US: Tuleap CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) NOT-FOR-US: Rust evm crate CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) NOT-FOR-US: OpenOlat CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) NOT-FOR-US: Backstage CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...) NOT-FOR-US: Tough CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) NOT-FOR-US: Tough CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...) - qutebrowser (Only affects Windows) NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430 NOTE: Additional hardening for potential similar issues on Linux were added, but NOTE: are not fixing a security vulnerability. CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) NOT-FOR-US: OpenMage CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) NOT-FOR-US: OpenMage CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...) {DLA-2962-1} - pjproject NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196 CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) NOT-FOR-US: Discourse plugin CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) NOT-FOR-US: Frontier CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) - minio (bug #859207) CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) {DSA-5146-1 DLA-3083-1} - puma 5.5.2-1 [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...) NOT-FOR-US: Cosmos-SDK CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...) - nbdime (bug #975509) CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) NOT-FOR-US: OMERO.web CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) - python-tuf (bug #934151) CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) NOT-FOR-US: Extensible Service Proxy CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) NOT-FOR-US: Hygeia CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...) NOT-FOR-US: Rasa CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) NOT-FOR-US: October CMS CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) {DLA-2950-1} - python-scrapy 2.5.1-1 [bullseye] - python-scrapy 2.4.1-2+deb11u1 [buster] - python-scrapy 1.5.1-1+deb10u1 NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 NOTE: Fixed by: https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 (1.8) CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...) NOT-FOR-US: Scrapy-splash CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...) NOT-FOR-US: Survey Solutions CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) NOT-FOR-US: Vyper CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) NOT-FOR-US: Vyper CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...) NOT-FOR-US: sylius/paypal-plugin CVE-2021-41119 (Wire-server is the system server for the wire back-end services. Relea ...) NOT-FOR-US: wire-server CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...) NOT-FOR-US: DynamicPageList3 MediaWiki Extension CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...) NOT-FOR-US: keypair CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...) - composer (Only affects Windows) NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...) - zulip-server (bug #800052) CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 CVE-2021-41112 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-41111 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...) NOT-FOR-US: cwlviewer CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-41108 RESERVED CVE-2021-41107 RESERVED CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...) NOT-FOR-US: PHP lcobucci/jwt CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...) NOT-FOR-US: ESPHome CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...) {DSA-5002-1} - containerd 1.5.7~ds1-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq NOTE: https://github.com/containerd/containerd/commit/403846c9540f5bfdaf1fe5349cce5fd3bc60f507 (v1.4.11) NOTE: https://github.com/containerd/containerd/commit/38532c6ed7bb9dd683ba9eaca62dd7cce0330cbb (v1.4.11) NOTE: https://github.com/containerd/containerd/commit/0b1bde38546a9283a52cf4970e01fd0f09b0ac4a (v1.4.11) CVE-2021-41102 RESERVED CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...) NOT-FOR-US: wire-server CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...) NOT-FOR-US: wire-server CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...) - ruby-nokogiri (jruby implementation not shiped) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...) NOT-FOR-US: Aurelia CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...) NOT-FOR-US: Rucky for Android CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...) NOT-FOR-US: Discourse CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...) NOT-FOR-US: Wire by Bund CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...) NOT-FOR-US: Wire iOS CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) - docker.io 20.10.10+dfsg1-1 (bug #998292) [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 [buster] - docker.io (Minor issue) NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) - docker.io 20.10.10+dfsg1-1 [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64 CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...) NOT-FOR-US: Grafana Agent CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) - docker.io 20.10.10+dfsg1-1 [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 [buster] - docker.io (Minor issue) NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 NOTE: https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) - elvish 0.14.0-1 [buster] - elvish (Minor issue) NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5 CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...) NOT-FOR-US: in-toto Go implementation (different from src:in-toto) CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...) NOT-FOR-US: jsuites CVE-2021-41085 RESERVED CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...) NOT-FOR-US: Http4s CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...) NOT-FOR-US: Dada Mail CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before 125465 is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before 125465 is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...) {DSA-4986-1 DLA-2764-1} - tomcat9 9.0.53-1 - tomcat8 NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity) {DLA-3428-1} - node-nth-check 2.0.1-1 [bullseye] - node-nth-check 2.0.0-1+deb11u1 [stretch] - node-nth-check (Nodejs in stretch not covered by security support) NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1) NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/ NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...) {DLA-3387-1 DLA-2809-1} - udisks2 2.9.4-1 [bullseye] - udisks2 2.9.2-2+deb11u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt NOTE: https://github.com/storaged-project/udisks/commit/38d90a433bda0fc0f2a409f6baa12c3958893571 (udisks-2.9.4) CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...) NOT-FOR-US: Nameko CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity) - node-prismjs 1.25.0+dfsg-1 [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9 CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...) NOT-FOR-US: Travis CI CVE-2021-41076 REJECTED CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-41074 RESERVED CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...) {DSA-4978-1} - linux 5.14.6-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2 NOTE: https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel NOTE: https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/ CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) {DSA-4987-1 DLA-2789-1} - squashfs-tools 1:4.5-3 (bug #994262) NOTE: Prerequisites: NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10 NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 CVE-2021-41071 REJECTED CVE-2021-41070 REJECTED CVE-2021-41069 RESERVED CVE-2021-41068 RESERVED CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...) NOT-FOR-US: Listary CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...) NOT-FOR-US: Listary CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...) NOT-FOR-US: Listary CVE-2021-41064 REJECTED CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...) NOT-FOR-US: Aanderaa GeoView Webservice CVE-2021-41062 RESERVED CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...) NOT-FOR-US: RIOT-OS CVE-2021-41060 RESERVED CVE-2021-41059 RESERVED CVE-2021-41058 RESERVED CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...) NOT-FOR-US: WIBU CVE-2021-41056 RESERVED CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...) {DSA-5064-1} - python-nbxmpp 2.0.4-1 [buster] - python-nbxmpp (Vulnerable code not present) [stretch] - python-nbxmpp (Vulnerable code introduced later (modules added in v1.0.0)) NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638 NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version. CVE-2021-41053 RESERVED CVE-2021-41052 RESERVED CVE-2021-41051 RESERVED CVE-2021-41050 RESERVED CVE-2021-41049 RESERVED CVE-2021-41048 RESERVED CVE-2021-41047 RESERVED CVE-2021-41046 RESERVED CVE-2021-41045 RESERVED CVE-2021-41044 RESERVED CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...) - tcpslice 1.5-1 (bug #1003190) [bullseye] - tcpslice (Minor issue) [buster] - tcpslice (Minor issue) [stretch] - tcpslice (Minor issue) NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11 NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5) CVE-2021-41042 (In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initia ...) NOT-FOR-US: Eclipse Lyo CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...) NOT-FOR-US: Eclipse Wakaama CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) - mosquitto 2.0.11-1.2 (bug #1001028) [bullseye] - mosquitto 2.0.11-1+deb11u1 [buster] - mosquitto (Vulnerable code introduced later) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 NOTE: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637 NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12) CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...) NOT-FOR-US: Eclipse Theia CVE-2021-41037 (In Eclipse p2, installable units are able to alter the Eclipse Platfor ...) NOT-FOR-US: Eclipse p2 CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...) - paho.mqtt.c (Fixed before initial upload to Debian) NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96 CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) NOT-FOR-US: Eclipse Che CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) NOT-FOR-US: Eclipse Equinox CVE-2021-41032 (An improper access control vulnerability [CWE-284] in FortiOS versions ...) NOT-FOR-US: Fortiguard CVE-2021-41031 (A relative path traversal vulnerability [CWE-23] in FortiClient for Wi ...) NOT-FOR-US: Fortinet CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...) NOT-FOR-US: FortiGuard CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...) NOT-FOR-US: FortiGuard CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...) NOT-FOR-US: FortiGuard CVE-2021-41026 (A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...) NOT-FOR-US: FortiGuard CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...) NOT-FOR-US: FortiGuard CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...) NOT-FOR-US: Fortiguard CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...) NOT-FOR-US: Fortiguard CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...) NOT-FOR-US: FortiGuard CVE-2021-41020 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...) NOT-FOR-US: Fortiguard CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...) NOT-FOR-US: Fortiguard CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...) NOT-FOR-US: FortiGuard CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...) NOT-FOR-US: FortiGuard CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...) NOT-FOR-US: FortiGuard CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...) NOT-FOR-US: FortiGuard CVE-2021-41012 RESERVED CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...) NOT-FOR-US: LINE client for iOS CVE-2021-41010 REJECTED CVE-2021-41009 REJECTED CVE-2021-41008 REJECTED CVE-2021-41007 REJECTED CVE-2021-41006 REJECTED CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...) NOT-FOR-US: Aruba Instant On CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...) NOT-FOR-US: Aruba Instant On CVE-2021-41003 (Multiple unauthenticated command injection vulnerabilities were discov ...) NOT-FOR-US: Aruba CVE-2021-41002 (Multiple authenticated remote path traversal vulnerabilities were disc ...) NOT-FOR-US: Aruba CVE-2021-41001 (An authenticated remote code execution vulnerability was discovered in ...) NOT-FOR-US: Aruba CVE-2021-41000 (Multiple authenticated remote code execution vulnerabilities were disc ...) NOT-FOR-US: Aruba CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) NOT-FOR-US: Aruba CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) NOT-FOR-US: Aruba CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: Aruba CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: Aruba CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...) NOT-FOR-US: Aruba CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...) NOT-FOR-US: Aruba CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random charset ...) {DLA-3110-1} - glib2.0 2.64.0-1 NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1 (2.63.6) NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8 CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12, allows attac ...) {DLA-2928-1} - htmldoc 1.9.13-1 (unimportant) [bullseye] - htmldoc 1.9.11-4+deb11u1 [buster] - htmldoc 1.9.3-1+deb10u3 NOTE: https://github.com/michaelrsweet/htmldoc/issues/444 NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13) NOTE: Crash in CLI tool, no security impact CVE-2021-40984 RESERVED CVE-2021-40983 RESERVED CVE-2021-40982 RESERVED CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...) NOT-FOR-US: ASUS ROG Armoury Crate Lite CVE-2021-40980 RESERVED CVE-2021-40979 RESERVED CVE-2021-40978 (The mkdocs 1.2.2 built-in dev-server allows directory traversal using ...) - python-mkdocs (unimportant) NOTE: https://github.com/mkdocs/mkdocs/issues/2601 CVE-2021-40977 RESERVED CVE-2021-40976 RESERVED CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2021-40974 RESERVED CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) - spotweb (unimportant) NOTE: https://github.com/spotweb/spotweb/issues/711 NOTE: Issue only in the installer CVE-2021-40967 RESERVED CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...) NOT-FOR-US: TinyFileManager CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...) NOT-FOR-US: TinyFileManager CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...) NOT-FOR-US: TinyFileManager CVE-2021-40963 RESERVED CVE-2021-40962 RESERVED CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/ ...) NOT-FOR-US: CMS Made Simple CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...) NOT-FOR-US: Galera WebTemplate CVE-2021-40959 RESERVED CVE-2021-40958 RESERVED CVE-2021-40957 RESERVED CVE-2021-40956 (LaiKetui v3.5.0 has SQL injection in the background through the menu m ...) NOT-FOR-US: LaiKetui CVE-2021-40955 (SQL injection exists in LaiKetui v3.5.0 the background administrator l ...) NOT-FOR-US: LaiKetui CVE-2021-40954 (Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability t ...) NOT-FOR-US: LaiKetui CVE-2021-40953 RESERVED CVE-2021-40952 RESERVED CVE-2021-40951 RESERVED CVE-2021-40950 RESERVED CVE-2021-40949 RESERVED CVE-2021-40948 RESERVED CVE-2021-40947 RESERVED CVE-2021-40946 RESERVED CVE-2021-40945 RESERVED CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1906 NOTE: https://github.com/gpac/gpac/commit/44fdc3d972c31c56efe73e1a3b63438d46087652 (v2.0.0) CVE-2021-40943 (In Bento4 1.6.0-638, there is a null pointer reference in the function ...) NOT-FOR-US: Bento4 CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1908 NOTE: https://github.com/gpac/gpac/commit/da37ec8582266983d0ec4b7550ec907401ec441e (v2.0.0) CVE-2021-40941 (In Bento4 1.6.0-638, there is an allocator is out of memory in the fun ...) NOT-FOR-US: Bento4 CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...) NOT-FOR-US: Monstra CMS CVE-2021-40939 RESERVED CVE-2021-40938 RESERVED CVE-2021-40937 RESERVED CVE-2021-40936 RESERVED CVE-2021-40935 RESERVED CVE-2021-40934 RESERVED CVE-2021-40933 RESERVED CVE-2021-40932 RESERVED CVE-2021-40931 RESERVED CVE-2021-40930 RESERVED CVE-2021-40929 RESERVED CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...) NOT-FOR-US: FlexTV CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...) NOT-FOR-US: Spotify-for-Alfred CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...) - php-getid3 1.9.21+dfsg-1 (unimportant) NOTE: https://github.com/JamesHeinrich/getID3/issues/341 NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21) NOTE: XSS issue in demo file CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...) NOT-FOR-US: infaveo-helpdesk CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) NOT-FOR-US: Pixeline Bugs CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...) NOT-FOR-US: Detector CVE-2021-40920 RESERVED CVE-2021-40919 RESERVED CVE-2021-40918 RESERVED CVE-2021-40917 RESERVED CVE-2021-40916 RESERVED CVE-2021-40915 RESERVED CVE-2021-40914 RESERVED CVE-2021-40913 RESERVED CVE-2021-40912 RESERVED CVE-2021-40911 RESERVED CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: PHPCMS CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...) NOT-FOR-US: Sourcecodester CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...) NOT-FOR-US: Sourcecodester CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...) NOT-FOR-US: Sourcecodester CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not saniti ...) - check-mk CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versions 1.5 ...) NOT-FOR-US: CheckMK Enterprise Edition CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...) - check-mk CVE-2021-40903 (A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor ...) NOT-FOR-US: Antminer CVE-2021-40902 (flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) i ...) NOT-FOR-US: flatCore CMS CVE-2021-40901 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node scniro-validator CVE-2021-40900 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Jeyaprakash1206/regexfn CVE-2021-40899 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node repo-git-downloader CVE-2021-40898 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node scaffold-helper CVE-2021-40897 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node split-html-to-chars CVE-2021-40896 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node that-value CVE-2021-40895 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node todo-regex CVE-2021-40894 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: underscore-99xp CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node validate-data CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) NOT-FOR-US: Node validate-color CVE-2021-40891 RESERVED CVE-2021-40890 RESERVED CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...) NOT-FOR-US: CMSUno CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...) NOT-FOR-US: Projectsend CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...) NOT-FOR-US: Projectsend CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...) NOT-FOR-US: Projectsend CVE-2021-40885 RESERVED CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...) NOT-FOR-US: Projectsend CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...) NOT-FOR-US: emlog CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...) - piwigo CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...) NOT-FOR-US: PublicCMS CVE-2021-40880 RESERVED CVE-2021-40879 RESERVED CVE-2021-40878 RESERVED CVE-2021-40877 RESERVED CVE-2021-40876 RESERVED CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resul ...) NOT-FOR-US: Gurock TestRail CVE-2021-40874 (An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. Wh ...) [experimental] - lemonldap-ng 2.0.14~exp+ds-1 - lemonldap-ng 2.0.14+ds-1 (bug #1005302) [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u1 [buster] - lemonldap-ng 2.0.2+ds-7+deb10u7 [stretch] - lemonldap-ng (Vulnerable code introduced in 2.0) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) NOT-FOR-US: Softing Industrial Automation CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...) NOT-FOR-US: Softing Industrial Automation CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) NOT-FOR-US: Softing Industrial Automation CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...) NOT-FOR-US: Aviatrix Controller CVE-2021-40869 RESERVED CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...) NOT-FOR-US: Cloudron CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...) NOT-FOR-US: Netgear CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...) NOT-FOR-US: Netgear CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...) NOT-FOR-US: Grav CMS CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...) {DLA-2820-1} - atftp 0.7.git20210915-1 (bug #994895) [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 [buster] - atftp 0.7.git20120829-3.2~deb10u2 NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ CVE-2021-3798 (A flaw was found in openCryptoki. The openCryptoki Soft token does not ...) - opencryptoki (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 (v3.17.0) CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...) NOT-FOR-US: Apache Storm CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison) NOT-FOR-US: Hestia Control Panel CVE-2021-3796 (vim is vulnerable to Use After Free) {DLA-2876-1} - vim 2:8.2.3455-1 (bug #994497) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim 2:8.1.0875-5+deb10u1 NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...) NOT-FOR-US: Node semver-regex CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: vuelidate for Vue.js CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...) NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server CVE-2021-40863 RESERVED CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...) NOT-FOR-US: Genesys CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...) NOT-FOR-US: Genesys CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...) NOT-FOR-US: Auerswald CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...) NOT-FOR-US: Auerswald COMpact 5500R devices CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...) NOT-FOR-US: Auerswald COMpact 5500R devices CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) NOT-FOR-US: TCMAN GIM CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...) NOT-FOR-US: TCMAN GIM CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...) NOT-FOR-US: TCMAN GIM CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...) NOT-FOR-US: TCMAN GIM CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...) - mahara CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...) - mahara CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...) NOT-FOR-US: Netgear CVE-2021-40846 (An issue was discovered in Rhinode Trading Paints through 2.0.36. TP U ...) NOT-FOR-US: Rhinode Trading Paints CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...) NOT-FOR-US: Zenitel CVE-2021-40844 RESERVED CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) NOT-FOR-US: Proofpoint CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) NOT-FOR-US: Proofpoint CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...) NOT-FOR-US: LiveConfig CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...) NOT-FOR-US: LiveConfig CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) - python-rencode 1.0.6-2 [bullseye] - python-rencode (Minor issue) [buster] - python-rencode (Minor issue) [stretch] - python-rencode (Minor issue) NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 NOTE: https://github.com/aresch/rencode/pull/29 CVE-2021-40838 RESERVED CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...) NOT-FOR-US: F-Secure CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...) NOT-FOR-US: Safe Browser for iOS CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...) NOT-FOR-US: F-secure CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) NOT-FOR-US: AWS IoT Device SDK CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) NOT-FOR-US: AWS IoT Device SDK CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) NOT-FOR-US: AWS IoT Device SDK CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) NOT-FOR-US: AWS IoT Device SDK CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...) - clementine (unimportant) NOTE: https://voidsec.com/advisories/cve-2021-40827/ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but NOTE: regardless just a crash in a CLI tool CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...) - clementine (unimportant) NOTE: https://voidsec.com/advisories/cve-2021-40826/ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but NOTE: regardless just a crash in a CLI tool CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) NOT-FOR-US: matrix-android-sdk2 CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) - element-web (bug #866502) - node-matrix-js-sdk (bug #994213) [bullseye] - node-matrix-js-sdk (Minor issue) [buster] - node-matrix-js-sdk (Minor issue) NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) CVE-2021-40822 (GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the ...) NOT-FOR-US: GeoServer CVE-2021-40821 RESERVED CVE-2021-40820 RESERVED CVE-2021-40819 RESERVED CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...) NOT-FOR-US: Binatone CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...) NOT-FOR-US: Binatone CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...) NOT-FOR-US: Binatone CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...) NOT-FOR-US: Binatone CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...) NOT-FOR-US: Binatone CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...) NOT-FOR-US: Binatone CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...) NOT-FOR-US: Binatone CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...) NOT-FOR-US: Lenovo CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3784 (Garuda Linux performs an insecure user creation and authentication tha ...) NOT-FOR-US: Garuda Linux CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: yourls CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...) - wayland 1.21.0-1 [bullseye] - wayland (Minor issue) [buster] - wayland (Minor issue) NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2 (1.20.91) CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) {DSA-4972-1} - ghostscript 9.53.3~dfsg-8 (bug #994011) [buster] - ghostscript (Vulnerable code introduced later) [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://twitter.com/ducnt_/status/1434534373416574983 NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 CVE-2021-40817 RESERVED CVE-2021-40816 RESERVED CVE-2021-40815 RESERVED CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...) NOT-FOR-US: PrestaShop addon CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) NOT-FOR-US: Element-IT HTTP Commander CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) {DLA-3781-1} - libgd2 2.3.3-1 [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385 NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 CVE-2021-40811 RESERVED CVE-2021-40810 RESERVED CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...) NOT-FOR-US: Jamf Pro CVE-2021-40808 RESERVED CVE-2021-40807 RESERVED CVE-2021-40806 RESERVED CVE-2021-40805 RESERVED CVE-2021-40804 RESERVED CVE-2021-40803 RESERVED CVE-2021-40802 RESERVED CVE-2021-40801 RESERVED CVE-2021-40800 RESERVED CVE-2021-40799 RESERVED CVE-2021-40798 RESERVED CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...) - neutron 2:19.0.0-1 (unimportant; bug #994202) [bullseye] - neutron 2:17.2.1-0+deb11u1 [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 NOTE: https://launchpad.net/bugs/1942179 NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202 NOTE: and so serves the requests and stops the process. CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-40795 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) NOT-FOR-US: Adobe CVE-2021-40791 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-40790 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-40787 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-40786 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-40785 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) NOT-FOR-US: Adobe CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40782 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-40781 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-40780 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40779 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40778 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) NOT-FOR-US: Adobe CVE-2021-40777 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40776 (Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege ...) NOT-FOR-US: Adobe CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-40769 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...) NOT-FOR-US: Adobe CVE-2021-40768 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...) NOT-FOR-US: Adobe CVE-2021-40767 (Adobe Character Animator version 4.4 (and earlier) is affected by an A ...) NOT-FOR-US: Adobe CVE-2021-40766 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...) NOT-FOR-US: Adobe CVE-2021-40765 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) NOT-FOR-US: Adobe CVE-2021-40764 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) NOT-FOR-US: Adobe CVE-2021-40763 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) NOT-FOR-US: Adobe CVE-2021-40762 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...) NOT-FOR-US: Adobe CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) NOT-FOR-US: Adobe CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) NOT-FOR-US: Adobe CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40750 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...) NOT-FOR-US: Adobe CVE-2021-40749 RESERVED CVE-2021-40748 RESERVED CVE-2021-40747 RESERVED CVE-2021-40746 RESERVED CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...) NOT-FOR-US: Adobe CVE-2021-40744 RESERVED CVE-2021-40743 RESERVED CVE-2021-40742 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...) NOT-FOR-US: Adobe CVE-2021-40741 (Adobe Audition version 14.4 (and earlier) is affected by an Access of ...) NOT-FOR-US: Adobe CVE-2021-40740 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40739 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40738 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40737 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...) NOT-FOR-US: Adobe CVE-2021-40736 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40735 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) NOT-FOR-US: Adobe CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) NOT-FOR-US: Adobe CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) NOT-FOR-US: Adobe CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) NOT-FOR-US: Adobe CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) NOT-FOR-US: Adobe CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) NOT-FOR-US: Adobe CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788) NOT-FOR-US: Adobe CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...) NOT-FOR-US: Adobe CVE-2021-40723 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) NOT-FOR-US: Adobe CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...) NOT-FOR-US: Adobe CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...) NOT-FOR-US: Adobe CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) NOT-FOR-US: Adobe CVE-2021-40719 (Adobe Connect version 11.2.3 (and earlier) is affected by a Deserializ ...) NOT-FOR-US: Adobe CVE-2021-40718 RESERVED CVE-2021-40717 RESERVED CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) NOT-FOR-US: Adobe CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...) NOT-FOR-US: Adobe CVE-2021-40707 RESERVED CVE-2021-40706 RESERVED CVE-2021-40705 RESERVED CVE-2021-40704 RESERVED CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-40699 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...) NOT-FOR-US: Adobe CVE-2021-40698 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...) NOT-FOR-US: Adobe CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-40696 REJECTED CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) - moodle CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) - moodle CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) - moodle CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) - moodle CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) - moodle CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) {DSA-5010-1 DLA-2767-1} - libxml-security-java 2.1.7-1 (bug #994569) NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) - peertube (bug #950821) CVE-2021-40689 RESERVED CVE-2021-40688 RESERVED CVE-2021-40687 RESERVED CVE-2021-40686 RESERVED CVE-2021-40685 RESERVED CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...) NOT-FOR-US: Talend ESB Runtime CVE-2021-XXXX [jwe cbc tag computation error] - rhonabwy 0.9.13-4 (bug #993866) [bullseye] - rhonabwy 0.9.13-3+deb11u1 NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0) CVE-2021-XXXX [jws alg:none signature verification issue] - rhonabwy 0.9.13-4 (bug #993866) [bullseye] - rhonabwy 0.9.13-3+deb11u1 NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) - glewlwyd 2.5.2-3 (bug #993867) [bullseye] - glewlwyd 2.5.2-2+deb11u1 [buster] - glewlwyd (Vulnerable code for FIDO2 signature validation introduced later) NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...) NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client CVE-2021-40682 RESERVED CVE-2021-3779 (A malicious MySQL server can request local file content from a client ...) - ruby-mysql CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow) {DLA-2876-1} - vim 2:8.2.3455-1 (bug #994498) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim 2:8.1.0875-5+deb10u1 NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: nodejs-tmpl CVE-2021-40681 RESERVED CVE-2021-40680 (There is a Directory Traversal vulnerability in Artica Proxy (4.30.000 ...) NOT-FOR-US: ArticaTech CVE-2021-40679 RESERVED CVE-2021-40678 (In Piwigo 11.5.0, there exists a persistent cross-site scripting in th ...) - piwigo CVE-2021-40677 RESERVED CVE-2021-40676 RESERVED CVE-2021-40675 RESERVED CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40673 RESERVED CVE-2021-40672 RESERVED CVE-2021-40671 RESERVED CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) NOT-FOR-US: Wuzhi CMS CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by 'slowscrip ...) NOT-FOR-US: Android application HTTP File Server CVE-2021-40667 RESERVED CVE-2021-40666 RESERVED CVE-2021-40665 RESERVED CVE-2021-40664 RESERVED CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Cont ...) NOT-FOR-US: Node deep.assign CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...) NOT-FOR-US: Chamilo LMS CVE-2021-40661 (A remote, unauthenticated, directory traversal vulnerability was ident ...) NOT-FOR-US: IND780 Advanced Weighing Terminals CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ...) NOT-FOR-US: Delight Nashorn Sandbox CVE-2021-40659 RESERVED CVE-2021-40658 (Textpattern 4.8.7 is affected by a HTML injection vulnerability throug ...) - textpattern CVE-2021-40657 RESERVED CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/ ...) - libsixel 1.10.3-1 [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42 (1.10.0) NOTE: https://github.com/libsixel/libsixel/pull/26 NOTE: https://github.com/libsixel/libsixel/issues/25 CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) NOT-FOR-US: D-Link CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) NOT-FOR-US: D-Link CVE-2021-40653 RESERVED CVE-2021-40652 RESERVED CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...) NOT-FOR-US: OS4Ed OpenSIS Community CVE-2021-40650 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the ...) NOT-FOR-US: Connx CVE-2021-40649 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the ...) NOT-FOR-US: Connx CVE-2021-40648 (In man2html 1.6g, a filename can be created to overwrite the previous ...) - man2html (bug #1062069) [bookworm] - man2html (Minor issue) [bullseye] - man2html (Minor issue) [buster] - man2html (Minor issue) NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 CVE-2021-40647 (In man2html 1.6g, a specific string being read in from a file will ove ...) - man2html 1.6g-16 (bug #1021738) [bookworm] - man2html (Minor issue) [bullseye] - man2html (Minor issue) [buster] - man2html (Minor issue) NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 CVE-2021-40646 RESERVED CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/ ...) NOT-FOR-US: glorylion JFinalQA CVE-2021-40644 (An SQL Injection vulnerability exists in oasys oa_system as of 9/7/202 ...) NOT-FOR-US: oasys Office Automation system CVE-2021-40643 (EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerabil ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2021-40642 (Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ...) - textpattern CVE-2021-40641 RESERVED CVE-2021-40640 RESERVED CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...) NOT-FOR-US: Jfinal CMS CVE-2021-40638 RESERVED CVE-2021-40637 (OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCh ...) NOT-FOR-US: openSIS CVE-2021-40636 (OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.p ...) NOT-FOR-US: openSIS CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ...) NOT-FOR-US: openSIS CVE-2021-40634 RESERVED CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5 ...) - giflib 5.2.2-1 (unimportant; bug #1014586) NOTE: https://sourceforge.net/p/giflib/bugs/157/ NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact CVE-2021-40632 RESERVED CVE-2021-40631 RESERVED CVE-2021-40630 RESERVED CVE-2021-40629 RESERVED CVE-2021-40628 RESERVED CVE-2021-40627 RESERVED CVE-2021-40626 RESERVED CVE-2021-40625 RESERVED CVE-2021-40624 RESERVED CVE-2021-40623 RESERVED CVE-2021-40622 RESERVED CVE-2021-40621 RESERVED CVE-2021-40620 RESERVED CVE-2021-40619 RESERVED CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...) NOT-FOR-US: openSIS CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...) NOT-FOR-US: openSIS CVE-2021-40616 (thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can mo ...) NOT-FOR-US: thinkcmf CVE-2021-40615 RESERVED CVE-2021-40614 RESERVED CVE-2021-40613 RESERVED CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...) NOT-FOR-US: Opmantek Open-AudIT CVE-2021-40611 RESERVED CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...) NOT-FOR-US: emlog CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1894 NOTE: https://github.com/gpac/gpac/commit/86c1566f040b2b84c72afcb6cbd444c5aff56cfe (v2.0.0) CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1883 NOTE: https://github.com/gpac/gpac/commit/b09c75dc2d4bf68ac447daa71e72365aa30231a9 (v2.0.0) CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1879 NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0) CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/1885 NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) CVE-2021-40605 RESERVED CVE-2021-40604 (A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Su ...) NOT-FOR-US: IPS Community Suite CVE-2021-40603 RESERVED CVE-2021-40602 RESERVED CVE-2021-40601 RESERVED CVE-2021-40600 RESERVED CVE-2021-40599 RESERVED CVE-2021-40598 RESERVED CVE-2021-40597 (The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Adminis ...) NOT-FOR-US: EDIMAX IC-3140W CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...) NOT-FOR-US: Sourcecodester CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) NOT-FOR-US: Sourcecodester CVE-2021-40594 RESERVED CVE-2021-40593 RESERVED CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1876 CVE-2021-40591 RESERVED CVE-2021-40590 RESERVED CVE-2021-40589 (ZAngband zangband-data 2.7.5 is affected by an integer underflow vulne ...) - zangband (unimportant) NOTE: https://sourceforge.net/p/zangband/bugs/671/ NOTE: Negligible security impact CVE-2021-40588 RESERVED CVE-2021-40587 RESERVED CVE-2021-40586 RESERVED CVE-2021-40585 RESERVED CVE-2021-40584 RESERVED CVE-2021-40583 RESERVED CVE-2021-40582 RESERVED CVE-2021-40581 RESERVED CVE-2021-40580 RESERVED CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...) NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was disc ...) NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) NOT-FOR-US: Sourcecodester CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1904 NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0) CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1905 NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0) CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1897 NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb (v2.0.0) CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1891 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1893 NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0) CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1895 NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0) CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1899 NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0) CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1890 NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1900 NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0) CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1889 NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1887 NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0) CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1902 NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0) CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1898 NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0) CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1892 NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0) CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1901 NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3 (v2.0.0) CVE-2021-40561 RESERVED CVE-2021-40560 RESERVED CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1886 NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7 (v2.0.0) CVE-2021-40558 RESERVED CVE-2021-40557 RESERVED CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in ASUS RT- ...) NOT-FOR-US: ASUS CVE-2021-40555 (Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows ...) NOT-FOR-US: flatCore-CMS CVE-2021-40554 RESERVED CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerabili ...) - piwigo CVE-2021-40552 RESERVED CVE-2021-40551 RESERVED CVE-2021-40550 RESERVED CVE-2021-40549 RESERVED CVE-2021-40548 RESERVED CVE-2021-40547 RESERVED CVE-2021-40546 (Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have ...) NOT-FOR-US: Tenda CVE-2021-40545 RESERVED CVE-2021-40544 RESERVED CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...) NOT-FOR-US: openSIS CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...) NOT-FOR-US: openSIS CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...) NOT-FOR-US: PHP-Fusion CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) - ulfius 2.7.1-2 (bug #993851) [bullseye] - ulfius 2.7.1-1+deb11u1 [buster] - ulfius 2.5.2-4+deb10u1 NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40538 RESERVED CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...) - owncloud CVE-2021-40536 RESERVED CVE-2021-40535 RESERVED CVE-2021-40534 RESERVED CVE-2021-40533 RESERVED CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...) NOT-FOR-US: tweb NOTE: https://github.com/morethanwords/tweb CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...) NOT-FOR-US: Sketch collaborative design (Mac or Web app) NOTE: sketch.com, not the sketch package in Debian. CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...) - libcrypto++ 8.6.0-1 (bug #993841) [bullseye] - libcrypto++ (Minor issue) [buster] - libcrypto++ (Minor issue) [stretch] - libcrypto++ (Minor issue) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://github.com/weidai11/cryptopp/issues/1059 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0) CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...) - botan 2.18.1+dfsg-3 (bug #993840) [bullseye] - botan (Minor issue) [buster] - botan (Minor issue) - botan1.10 [stretch] - botan1.10 (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://github.com/randombit/botan/pull/2790 NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) - libgcrypt20 1.9.4-2 [bullseye] - libgcrypt20 (Minor issue) [buster] - libgcrypt20 (Minor issue) [stretch] - libgcrypt20 (Minor issue) NOTE: https://eprint.iacr.org/2021/923 NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x) NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) NOT-FOR-US: "com.onepeloton.erlich" mobile application CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) NOT-FOR-US: Peleton CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...) NOT-FOR-US: Apache James CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...) NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189897 NOTE: No code changes necessary/needed, firewall rules are reponsibility of local admin CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may be able ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 [buster] - linux 4.19.235-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 CVE-2021-3771 REJECTED CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...) - pure-ftpd 1.0.50-1 (bug #993810) [bullseye] - pure-ftpd (Minor issue) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/pull/158 CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...) NOT-FOR-US: Contiki CVE-2021-40522 RESERVED CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...) NOT-FOR-US: Airangel CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...) NOT-FOR-US: Airangel CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...) NOT-FOR-US: Airangel CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF.) NOT-FOR-US: Airangel CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...) NOT-FOR-US: Airangel CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...) {DLA-2770-1} - weechat 3.2.1-1 (bug #993803) [bullseye] - weechat 3.0-1+deb11u1 [buster] - weechat 2.3-1+deb10u1 NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b CVE-2021-40515 RESERVED CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow) - vim 2:8.2.3455-1 (bug #994076) [bullseye] - vim 2:8.2.2434-3+deb11u1 [buster] - vim 2:8.1.0875-5+deb10u1 NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403) NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...) NOT-FOR-US: ohmyzsh CVE-2021-40514 RESERVED CVE-2021-40513 RESERVED CVE-2021-40512 RESERVED CVE-2021-40511 (OBDA systems\u2019 Mastro 1.0 is vulnerable to XML Entity Expansion (a ...) NOT-FOR-US: OBDA Mastro CVE-2021-40510 (XML eXternal Entity (XXE) in OBDA systems\u2019 Mastro 1.0 allows remo ...) NOT-FOR-US: OBDA Mastro CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.) NOT-FOR-US: JForum2 CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: bookstack CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: bookstack CVE-2021-40508 RESERVED CVE-2021-40507 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...) NOT-FOR-US: OR1200 CVE-2021-40506 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...) NOT-FOR-US: OR1200 CVE-2021-40505 RESERVED CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...) NOT-FOR-US: Node objection.js CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...) - validator.js [stretch] - validator.js (Minor issue, ReDOS, partial fix, no rdeps) NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0) NOTE: partial fix, only applies to chars==null CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...) NOT-FOR-US: SAP CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...) NOT-FOR-US: SAP CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...) NOT-FOR-US: SAP CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...) NOT-FOR-US: SAP CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) NOT-FOR-US: SAP CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) NOT-FOR-US: SAP CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...) NOT-FOR-US: SAP CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...) NOT-FOR-US: SAP CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...) NOT-FOR-US: SAP CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...) NOT-FOR-US: SAP CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...) NOT-FOR-US: AdaptiveScale LXDUI CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...) NOT-FOR-US: Gibbon application CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40463 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...) NOT-FOR-US: Microsoft CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-40459 RESERVED CVE-2021-40458 RESERVED CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40455 (Windows Installer Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40451 RESERVED CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) NOT-FOR-US: Microsoft CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40446 RESERVED CVE-2021-40445 RESERVED CVE-2021-40444 (

Microsoft is investigating reports of a remote code execution vulne ...) NOT-FOR-US: Microsoft CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability) NOT-FOR-US: Microsoft CVE-2021-3764 (A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) CVE-2021-3763 (A flaw was found in the Red Hat AMQ Broker management console in versi ...) NOT-FOR-US: Red Hat AMQ Broker CVE-2021-3762 (A directory traversal vulnerability was found in the ClairCore engine ...) NOT-FOR-US: Quay/clair CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...) NOT-FOR-US: Apache OpenOffice CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438 NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x) NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x) NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x) NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x) CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...) {DLA-3205-1} - inetutils 2:2.2-1 (bug #993476) [bullseye] - inetutils 2:2.0-1+deb11u1 [stretch] - inetutils (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ CVE-2021-40437 RESERVED CVE-2021-40436 RESERVED CVE-2021-40435 RESERVED CVE-2021-40434 RESERVED CVE-2021-40433 RESERVED CVE-2021-40432 RESERVED CVE-2021-40431 RESERVED CVE-2021-40430 RESERVED CVE-2021-40429 RESERVED CVE-2021-40428 RESERVED CVE-2021-40427 RESERVED CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.1 (bug #1012138) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434 NOTE: https://sourceforge.net/p/sox/bugs/362/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) NOT-FOR-US: Webroot CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) NOT-FOR-US: Webroot CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...) NOT-FOR-US: Reolink CVE-2021-40422 (An authentication bypass vulnerability exists in the device password g ...) NOT-FOR-US: Swift Sensors CVE-2021-40421 RESERVED CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) NOT-FOR-US: Reolink CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) NOT-FOR-US: DaVinci Resolve CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...) NOT-FOR-US: DaVinci Resolve CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...) NOT-FOR-US: Reolink CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...) NOT-FOR-US: Reolink CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...) NOT-FOR-US: Reolink CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...) NOT-FOR-US: Reolink CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...) NOT-FOR-US: Reolink CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...) NOT-FOR-US: Reolink CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...) NOT-FOR-US: Reolink CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...) NOT-FOR-US: Reolink CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...) NOT-FOR-US: Reolink CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...) NOT-FOR-US: Reolink CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...) NOT-FOR-US: Reolink CVE-2021-40405 (A denial of service vulnerability exists in the cgiserver.cgi Upgrade ...) NOT-FOR-US: Reolink CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...) NOT-FOR-US: Reolink CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...) {DSA-5306-1 DLA-3210-1} - gerbv 2.9.2-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417 NOTE: https://github.com/gerbv/gerbv/issues/82 NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878 (v2.9.1-rc.1) CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...) - gerbv (unimportant) NOTE: https://github.com/gerbv/gerbv/issues/80 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416 NOTE: Crash in GUI tool, no security impact CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...) {DSA-5306-1 DLA-3210-1} - gerbv 2.9.2-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415 NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 (v2.9.0-rc.1) NOTE: https://github.com/gerbv/gerbv/issues/81 CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...) - gerbv 2.9.2-1 (unimportant) NOTE: https://github.com/gerbv/gerbv/issues/79 NOTE: https://github.com/gerbv/gerbv/pull/124 NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413 NOTE: Crash in GUI tool, no security impact CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS Spreadsheets ...) NOT-FOR-US: WPS Office CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...) NOT-FOR-US: Accusoft ImageGear CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...) NOT-FOR-US: Advantech CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...) NOT-FOR-US: Advantech CVE-2021-40395 REJECTED CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) {DSA-5306-1 DLA-3593-1} - gerbv 2.8.1-1 [stretch] - gerbv (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405 NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28 NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1) CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) {DSA-5306-1 DLA-3593-1} - gerbv 2.8.2-1 [stretch] - gerbv (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1) CVE-2021-40392 (An information disclosure vulnerability exists in the Web Application ...) NOT-FOR-US: Moxa CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...) {DLA-2839-1} - gerbv 2.7.1-1 [bullseye] - gerbv 2.7.0-2+deb11u1 [buster] - gerbv 2.7.0-1+deb10u1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402 NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e NOTE: https://github.com/gerbv/gerbv/issues/30 CVE-2021-40390 (An authentication bypass vulnerability exists in the Web Application f ...) NOT-FOR-US: Moxa CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...) NOT-FOR-US: Advantech CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...) NOT-FOR-US: Advantech CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) NOT-FOR-US: Kaseya Unitrends Backup Software CVE-2021-40386 (Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers t ...) NOT-FOR-US: Kaseya Unitrends Agent CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) NOT-FOR-US: Kaseya Unitrends Backup Software CVE-2021-40384 RESERVED CVE-2021-40383 RESERVED CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) NOT-FOR-US: Compro devices CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...) NOT-FOR-US: SmarterTools CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM acce ...) NOT-FOR-US: otris Update Manager CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the ...) NOT-FOR-US: Apperta Foundation OpenEyes CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was identified in Ap ...) NOT-FOR-US: Apperta Foundation OpenEyes CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) NOT-FOR-US: playSMS CVE-2021-40372 RESERVED CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...) NOT-FOR-US: Gridpro Request Management for Windows Azure Pack CVE-2021-40370 RESERVED CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) - jspwiki CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...) NOT-FOR-US: Siemens CVE-2021-40367 (A vulnerability has been identified in syngo fastView (All versions). ...) NOT-FOR-US: syngo fastView CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) NOT-FOR-US: Siemens CVE-2021-40365 (Affected devices don't process correctly certain special crafted packe ...) NOT-FOR-US: Siemens CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) NOT-FOR-US: Siemens CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) NOT-FOR-US: Siemens CVE-2021-40362 RESERVED CVE-2021-40361 RESERVED CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) NOT-FOR-US: Siemens CVE-2021-40359 (A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), ...) NOT-FOR-US: Siemens CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) NOT-FOR-US: Siemens CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) NOT-FOR-US: Siemens CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) NOT-FOR-US: Siemens CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) {DSA-5041-1} - cfrpki 1.3.0-1 (bug #994572) NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...) {DSA-5096-1 DLA-2941-1 DLA-2843-1} - linux 5.14.16-1 (unimportant) [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2 NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6) NOTE: CONFIG_NFC_NCI is not set in Debian CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) NOT-FOR-US: openSIS CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...) NOT-FOR-US: OpenEMR CVE-2021-40351 RESERVED CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...) NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...) NOT-FOR-US: e7d Speed Test CVE-2021-40348 (Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code inj ...) NOT-FOR-US: Uyuni / Spacewalk (Red Hat) CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...) {DSA-4970-1} - postorius 1.3.5-1 (bug #993746) NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b NOTE: https://phabricator.wikimedia.org/T289798 CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...) {DSA-4968-1} - haproxy 2.2.16-3 [buster] - haproxy (Vulnerable code not present) [stretch] - haproxy (Vulnerable code not present) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...) NOT-FOR-US: Nagios XI CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...) NOT-FOR-US: Nagios XI CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...) NOT-FOR-US: Nagios XI CVE-2021-40342 (In the DES implementation, the affected product versions use a default ...) NOT-FOR-US: Hitachi CVE-2021-40341 (DES cipher, which has inadequate encryption strength, is used Hitachi ...) NOT-FOR-US: Hitachi CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...) NOT-FOR-US: Hitachi CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...) NOT-FOR-US: Hitachi CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...) NOT-FOR-US: Hitachi CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) NOT-FOR-US: Hitachi CVE-2021-40336 (A vulnerability exists in the http web interface where the web interfa ...) NOT-FOR-US: Hitachi CVE-2021-40335 (A vulnerability exists in the HTTP web interface where the web interfa ...) NOT-FOR-US: Hitachi CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...) NOT-FOR-US: Hitachi CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...) NOT-FOR-US: Hitachi CVE-2021-40332 RESERVED CVE-2021-3759 (A memory overflow vulnerability was found in the Linux kernel\u2019s i ...) {DLA-3244-1} - linux 5.15.3-1 [bullseye] - linux 5.10.158-1 NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/ CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF)) NOT-FOR-US: bookstack CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...) NOT-FOR-US: Node immer NOTE: https://github.com/immerjs/immer CVE-2021-40331 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: Apache Ranger CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow) - libmysofa 1.2.1~dfsg0-1 [bullseye] - libmysofa (Minor issue) [buster] - libmysofa (Minor issue) NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/ NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1) CVE-2021-3755 REJECTED CVE-2021-3754 (A flaw was found in keycloak where an attacker is able to register him ...) NOT-FOR-US: Keycloak CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel\u2019s Bluetooth s ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...) {DLA-3145-1} - git 1:2.30.1-1 [bullseye] - git (Minor issue) [stretch] - git (Minor issue) NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...) NOT-FOR-US: Ping Identity PingFederate CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write) - libmobi (Fixed before initial upload to Debian) NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/ NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7) CVE-2021-40328 RESERVED CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...) NOT-FOR-US: Trusted Firmware-M (TF-M) CVE-2021-40326 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...) - cobbler CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...) - cobbler CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...) - cobbler CVE-2021-40322 RESERVED CVE-2021-40321 RESERVED CVE-2021-40320 RESERVED CVE-2021-3750 (A DMA reentrancy issue was found in the USB EHCI controller emulation ...) - qemu 1:7.0+dfsg-1 [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue, follow bullseye updates) [stretch] - qemu (Minor issue, follow bullseye updates) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541 NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556 NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg02356.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9d383ab797f54ae5fa8746117770709921dc529 (v7.0.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/58e74682baf4e1ad26b064d8c02e5bc99c75c5d9 (v7.0.0-rc1) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/3ab6fdc91b72e156da22848f0003ff4225690ced (v7.0.0-rc1) NOTE: Possibly incomplete patch set: https://gitlab.com/qemu-project/qemu/-/issues/541#note_1179940468 NOTE: Final fix: https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380 (v8.1.0-rc0) CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity) - node-axios 0.21.3+dfsg-1 [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 [buster] - node-axios 0.17.1+dfsg-2+deb10u1 NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 NOTE: https://github.com/axios/axios/pull/3980 CVE-2021-3748 (A use-after-free vulnerability was found in the virtio-net device of Q ...) {DSA-4980-1 DLA-3099-1 DLA-2970-1} - qemu 1:6.1+dfsg-6 (bug #993401) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0) NOTE: When fixing this issue make sure to not open CVE-2022-26353 CVE-2021-40319 RESERVED CVE-2021-40318 RESERVED CVE-2021-40317 (Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.p ...) - piwigo CVE-2021-40316 RESERVED CVE-2021-40315 RESERVED CVE-2021-40314 RESERVED CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...) - piwigo CVE-2021-40312 RESERVED CVE-2021-40311 RESERVED CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...) NOT-FOR-US: OpenSIS CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...) NOT-FOR-US: OpenSIS CVE-2021-40308 RESERVED CVE-2021-40307 RESERVED CVE-2021-40306 RESERVED CVE-2021-40305 RESERVED CVE-2021-40304 RESERVED CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clien ...) NOT-FOR-US: perfex crm CVE-2021-40302 RESERVED CVE-2021-40301 RESERVED CVE-2021-40300 RESERVED CVE-2021-40299 RESERVED CVE-2021-40298 RESERVED CVE-2021-40297 RESERVED CVE-2021-40296 RESERVED CVE-2021-40295 RESERVED CVE-2021-40294 RESERVED CVE-2021-40293 RESERVED CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...) NOT-FOR-US: DzzOffice CVE-2021-40291 RESERVED CVE-2021-40290 RESERVED CVE-2021-40289 (mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).) NOT-FOR-US: mm-wki CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) NOT-FOR-US: TP-Link CVE-2021-40287 RESERVED CVE-2021-40286 RESERVED CVE-2021-40285 (htmly v2.8.1 was discovered to contain an arbitrary file deletion vuln ...) NOT-FOR-US: htmly CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...) NOT-FOR-US: D-Link CVE-2021-40283 RESERVED CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...) NOT-FOR-US: zzcms CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) NOT-FOR-US: zzcms CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...) NOT-FOR-US: zzcms CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) NOT-FOR-US: zzcms CVE-2021-40278 RESERVED CVE-2021-40277 RESERVED CVE-2021-40276 RESERVED CVE-2021-40275 RESERVED CVE-2021-40274 RESERVED CVE-2021-40273 RESERVED CVE-2021-40272 (OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site S ...) NOT-FOR-US: OP5 Monitor CVE-2021-40271 RESERVED CVE-2021-40270 RESERVED CVE-2021-40269 RESERVED CVE-2021-40268 RESERVED CVE-2021-40267 RESERVED CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...) - freeimage (bug #1055305) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/bugs/334/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40266.patch CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...) - freeimage (bug #1055304) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/337/ CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...) - freeimage (bug #1055303) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/335/ CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...) - freeimage (bug #1055302) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/bugs/336/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40263.patch CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...) - freeimage (bug #1055301) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Minor issue) NOTE: https://sourceforge.net/p/freeimage/bugs/338/ CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) NOT-FOR-US: SourceCodester CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) NOT-FOR-US: SourceCodester CVE-2021-40259 RESERVED CVE-2021-40258 RESERVED CVE-2021-40257 RESERVED CVE-2021-40256 RESERVED CVE-2021-40255 RESERVED CVE-2021-40254 RESERVED CVE-2021-40253 RESERVED CVE-2021-40252 RESERVED CVE-2021-40251 RESERVED CVE-2021-40250 RESERVED CVE-2021-40249 RESERVED CVE-2021-40248 RESERVED CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) NOT-FOR-US: Sourcecodester CVE-2021-40246 RESERVED CVE-2021-40245 RESERVED CVE-2021-40244 RESERVED CVE-2021-40243 RESERVED CVE-2021-40242 RESERVED CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow.) {DLA-3353-1} - xfig 1:3.2.8a-1 (unimportant; bug #992395) [bullseye] - xfig 1:3.2.8-3+deb11u1 NOTE: https://sourceforge.net/p/mcj/tickets/136/ NOTE: No security impact CVE-2021-40240 RESERVED CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...) NOT-FOR-US: Miniftpd CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...) NOT-FOR-US: Webuzo CVE-2021-40237 RESERVED CVE-2021-40236 RESERVED CVE-2021-40235 RESERVED CVE-2021-40234 RESERVED CVE-2021-40233 RESERVED CVE-2021-40232 RESERVED CVE-2021-40231 RESERVED CVE-2021-40230 RESERVED CVE-2021-40229 RESERVED CVE-2021-40228 RESERVED CVE-2021-40227 RESERVED CVE-2021-40226 (xpdfreader 4.03 is vulnerable to Buffer Overflow.) - poppler (pdftopng not part of Poppler) CVE-2021-40225 RESERVED CVE-2021-40224 RESERVED CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...) NOT-FOR-US: Rittal CMC PU III Web management CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...) NOT-FOR-US: Rittal CMC PU III Web management CVE-2021-40221 RESERVED CVE-2021-40220 RESERVED CVE-2021-40219 (Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme r ...) NOT-FOR-US: Bolt CMS CVE-2021-40218 RESERVED CVE-2021-40217 RESERVED CVE-2021-40216 RESERVED CVE-2021-40215 RESERVED CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...) NOT-FOR-US: GibbonEdu/core CVE-2021-40213 RESERVED CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...) NOT-FOR-US: PotPlayer CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division by zero ...) - imagemagick 8:6.9.11.60+dfsg-1.5 [bullseye] - imagemagick (Minor issue) [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 NOTE: https://github.com/ImageMagick/ImageMagick/issues/4097 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0fb77f2a231038efdc38dcceddae6952ebdfb000 (7.1.0-5) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa#diff-9509dd2616f8c0aab419100d616e5e926099cc61bdfde60f2ae408f02f43472a (6.9.12-43) NOTE: Included in fix for CVE-2022-32545 in 8:6.9.11.60+dfsg-1.5 CVE-2021-40210 RESERVED CVE-2021-40209 RESERVED CVE-2021-40208 RESERVED CVE-2021-40207 RESERVED CVE-2021-40206 RESERVED CVE-2021-40205 RESERVED CVE-2021-40204 RESERVED CVE-2021-40203 RESERVED CVE-2021-40202 RESERVED CVE-2021-40201 RESERVED CVE-2021-40200 RESERVED CVE-2021-40199 RESERVED CVE-2021-40198 RESERVED CVE-2021-40197 RESERVED CVE-2021-40196 RESERVED CVE-2021-40195 RESERVED CVE-2021-40194 RESERVED CVE-2021-40193 RESERVED CVE-2021-40192 RESERVED CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...) NOT-FOR-US: Dzzoffice CVE-2021-40190 RESERVED CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...) NOT-FOR-US: PHP-Fusion CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...) NOT-FOR-US: PHP-Fusion CVE-2021-40187 RESERVED CVE-2021-40186 (The AppCheck research team identified a Server-Side Request Forgery (S ...) NOT-FOR-US: DNN CVE-2021-40185 RESERVED CVE-2021-40184 RESERVED CVE-2021-40183 RESERVED CVE-2021-40182 RESERVED CVE-2021-40181 RESERVED CVE-2021-40180 (In the WeChat application 8.0.10 for Android and iOS, a mini program c ...) NOT-FOR-US: WeChat CVE-2021-40179 RESERVED CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS.) NOT-FOR-US: Zoho ManageEngine CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...) NOT-FOR-US: SecuritasHome home alarm system CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...) NOT-FOR-US: SecuritasHome home alarm system CVE-2021-40169 RESERVED CVE-2021-40168 RESERVED CVE-2021-40167 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) NOT-FOR-US: Autodesk CVE-2021-40166 (A maliciously crafted PNG file in Autodesk Image Processing component ...) NOT-FOR-US: Autodesk CVE-2021-40165 (A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image P ...) NOT-FOR-US: Autodesk CVE-2021-40164 (A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA ...) NOT-FOR-US: Autodesk CVE-2021-40163 (A Memory Corruption vulnerability may lead to code execution through m ...) NOT-FOR-US: Autodesk CVE-2021-40162 (A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image P ...) NOT-FOR-US: Autodesk CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...) NOT-FOR-US: Autodesk CVE-2021-40160 (PDFTron prior to 9.0.7 version may be forced to read beyond allocated ...) NOT-FOR-US: Autodesk CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...) NOT-FOR-US: Autodesk CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...) NOT-FOR-US: Autodesk CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) NOT-FOR-US: Autodesk CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) NOT-FOR-US: Autodesk CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...) NOT-FOR-US: Multipass CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...) NOT-FOR-US: NXP LPC55S69 devices CVE-2021-40152 RESERVED CVE-2021-40151 RESERVED CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...) - libtpms 0.9.1-1 NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6) NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6) NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5) NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5) NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0) NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0) CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...) NOT-FOR-US: flatcore-cms CVE-2021-3744 (A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gc ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627 NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...) {DSA-4967-1 DLA-2752-1} [experimental] - squashfs-tools 1:4.5-1 - squashfs-tools 1:4.5-2 NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5) NOTE: https://github.com/plougher/squashfs-tools/issues/72 CVE-2021-40150 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its c ...) NOT-FOR-US: E1 Zoom camera CVE-2021-40149 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its S ...) NOT-FOR-US: E1 Zoom camera CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...) NOT-FOR-US: Mediatek components for Android CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://lists.openwall.net/netdev/2021/08/17/124 NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117 CVE-2021-3742 RESERVED CVE-2021-3741 RESERVED CVE-2021-3740 RESERVED CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...) NOT-FOR-US: EmTec ZOC CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...) NOT-FOR-US: Apache Any23 CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resource s ...) {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468 NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...) {DLA-3477-1 DLA-3432-1 DLA-2808-1} [experimental] - python3.9 3.9.6-1 - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 - python3.5 - python3.4 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue44022 NOTE: https://github.com/python/cpython/pull/25916 NOTE: https://github.com/python/cpython/pull/26503 NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2) NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6) NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11) NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11) NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14) NOTE: Needs the "Improve the regression test" followup: NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3) NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6) NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch) NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11) NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14 CVE-2021-3736 (A flaw was found in the Linux kernel. A memory leak problem was found ...) - linux 5.14.6-1 (unimportant) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570 CVE-2021-40145 (gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) throu ...) - libgd2 2.3.3-1 (unimportant) NOTE: https://github.com/libgd/libgd/issues/700 NOTE: https://github.com/libgd/libgd/pull/713 NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af NOTE: Negligible security impact CVE-2021-40144 RESERVED CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...) NOT-FOR-US: Sonatype CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...) NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) CVE-2021-40141 RESERVED CVE-2021-40140 RESERVED CVE-2021-40139 RESERVED CVE-2021-40138 RESERVED CVE-2021-40137 RESERVED CVE-2021-40136 RESERVED CVE-2021-40135 RESERVED CVE-2021-40134 RESERVED CVE-2021-40133 RESERVED CVE-2021-40132 RESERVED CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...) NOT-FOR-US: Cisco CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...) NOT-FOR-US: Cisco CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...) NOT-FOR-US: Cisco CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...) NOT-FOR-US: Cisco CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...) NOT-FOR-US: Cisco CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...) NOT-FOR-US: Cisco CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...) NOT-FOR-US: Cisco CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...) NOT-FOR-US: Cisco CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) NOT-FOR-US: Cisco CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...) NOT-FOR-US: Cisco CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...) NOT-FOR-US: Cisco CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...) NOT-FOR-US: Cisco CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...) {DSA-5354-1 DLA-3317-1} - snort (bug #1021276) NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...) NOT-FOR-US: Apache James CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...) NOT-FOR-US: Apache James CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) NOT-FOR-US: Concrete CMS CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...) NOT-FOR-US: Concrete CMS CVE-2021-40107 RESERVED CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...) NOT-FOR-US: Concrete CMS CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...) NOT-FOR-US: Concrete CMS CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...) NOT-FOR-US: Concrete CMS CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) NOT-FOR-US: Concrete CMS CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...) NOT-FOR-US: Concrete CMS CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...) NOT-FOR-US: Concrete CMS CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...) NOT-FOR-US: Concrete CMS CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...) NOT-FOR-US: Concrete CMS CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) NOT-FOR-US: Concrete CMS CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...) NOT-FOR-US: Concrete CMS CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.) NOT-FOR-US: SquaredUp for SCOM CVE-2021-40090 RESERVED CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...) NOT-FOR-US: PrimeKey CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...) NOT-FOR-US: PrimeKey CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...) NOT-FOR-US: PrimeKey CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...) NOT-FOR-US: PrimeKey CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...) {DSA-4983-1 DLA-3027-1} - neutron 2:18.1.0-3 (bug #993398) NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2 NOTE: https://launchpad.net/bugs/1939733 CVE-2021-40082 RESERVED CVE-2021-40081 RESERVED CVE-2021-3739 (A NULL pointer dereference flaw was found in the btrfs_rm_device funct ...) {DSA-4978-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3 CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU. It o ...) - qemu (bug #1014767) [bookworm] - qemu (Minor issue, revisit when fixed upstream) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue, waiting for patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 NOTE: No upstream patch as of 2023-03-09 CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) [experimental] - knot-resolver 5.4.1-1 - knot-resolver 5.4.1-2 (bug #991463) [bullseye] - knot-resolver 5.3.1-1+deb11u1 [buster] - knot-resolver (Vulnerable code introduced later) NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1) CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...) NOT-FOR-US: yourls CVE-2021-40080 RESERVED CVE-2021-40079 RESERVED CVE-2021-40078 RESERVED CVE-2021-40077 RESERVED CVE-2021-40076 RESERVED CVE-2021-40075 RESERVED CVE-2021-40074 RESERVED CVE-2021-40073 RESERVED CVE-2021-40072 RESERVED CVE-2021-40071 RESERVED CVE-2021-40070 RESERVED CVE-2021-40069 RESERVED CVE-2021-40068 RESERVED CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...) NOT-FOR-US: Mobility CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...) NOT-FOR-US: Mobility CVE-2021-40065 (The communication module has a service logic error vulnerability.Succe ...) NOT-FOR-US: Harmony OS CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system componen ...) NOT-FOR-US: Huawei CVE-2021-40063 (There is an improper access control vulnerability in the video module. ...) NOT-FOR-US: Huawei CVE-2021-40062 (There is a vulnerability of copying input buffer without checking its ...) NOT-FOR-US: Huawei CVE-2021-40061 (There is a vulnerability of accessing resources using an incompatible ...) NOT-FOR-US: Huawei CVE-2021-40060 (There is a heap-based buffer overflow vulnerability in the video frame ...) NOT-FOR-US: Huawei CVE-2021-40059 (There is a permission control vulnerability in the Wi-Fi module. Succe ...) NOT-FOR-US: Huawei CVE-2021-40058 (There is a heap-based buffer overflow vulnerability in the video frame ...) NOT-FOR-US: Huawei CVE-2021-40057 (There is a heap-based and stack-based buffer overflow vulnerability in ...) NOT-FOR-US: Huawei CVE-2021-40056 (There is a vulnerability of copying input buffer without checking its ...) NOT-FOR-US: Huawei CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during system update ...) NOT-FOR-US: Huawei CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver module. ...) NOT-FOR-US: Huawei CVE-2021-40053 (There is a permission control vulnerability in the Nearby module.Succe ...) NOT-FOR-US: Huawei CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in the vid ...) NOT-FOR-US: Huawei CVE-2021-40051 (There is an unauthorized access vulnerability in system components. Su ...) NOT-FOR-US: Huawei CVE-2021-40050 (There is an out-of-bounds read vulnerability in the IFAA module. Succe ...) NOT-FOR-US: Huawei CVE-2021-40049 (There is a permission control vulnerability in the PMS module. Success ...) NOT-FOR-US: Huawei CVE-2021-40048 (There is an incorrect buffer size calculation vulnerability in the vid ...) NOT-FOR-US: Huawei CVE-2021-40047 (There is a vulnerability of memory not being released after effective ...) NOT-FOR-US: Huawei CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation vulnerability. ...) NOT-FOR-US: Huawei CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...) NOT-FOR-US: Huawei CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...) NOT-FOR-US: Huawei CVE-2021-40043 (The laser command injection vulnerability exists on AIS-BW80H-00 versi ...) NOT-FOR-US: Huawei CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...) NOT-FOR-US: Huawei CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...) NOT-FOR-US: Huawei CVE-2021-40040 (Vulnerability of writing data to an arbitrary address in the HW_KEYMAS ...) NOT-FOR-US: Huawei CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...) NOT-FOR-US: Huawei CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...) NOT-FOR-US: Huawei CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...) NOT-FOR-US: Huawei CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...) NOT-FOR-US: Huawei CVE-2021-40034 (The video framework has the memory overwriting vulnerability caused by ...) NOT-FOR-US: Huawei CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...) NOT-FOR-US: Huawei CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...) NOT-FOR-US: Huawei CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...) NOT-FOR-US: Huawei CVE-2021-40030 (The My HUAWEI app has a defect in the design. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...) NOT-FOR-US: Huawei CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...) NOT-FOR-US: Huawei CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...) NOT-FOR-US: Huawei CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...) NOT-FOR-US: Huawei CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...) NOT-FOR-US: Huawei CVE-2021-40024 (Implementation of the WLAN module interfaces has the information discl ...) NOT-FOR-US: Huawei CVE-2021-40023 (Configuration defects in the secure OS module. Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...) NOT-FOR-US: Huawei CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...) NOT-FOR-US: Huawei CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...) NOT-FOR-US: Huawei CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Succ ...) NOT-FOR-US: Huawei CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...) NOT-FOR-US: Huawei CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key format. Su ...) NOT-FOR-US: Huawei CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...) NOT-FOR-US: Huawei CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...) NOT-FOR-US: Huawei CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) NOT-FOR-US: Huawei CVE-2021-40013 (Improper permission control vulnerability in the Bluetooth module.Succ ...) NOT-FOR-US: Huawei CVE-2021-40012 (Vulnerability of pointers being incorrectly used during data transmiss ...) NOT-FOR-US: Huawei CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in the dis ...) NOT-FOR-US: Huawei CVE-2021-40010 (The bone voice ID TA has a heap overflow vulnerability.Successful expl ...) NOT-FOR-US: Huawei CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...) NOT-FOR-US: Huawei CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...) NOT-FOR-US: Huawei CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...) NOT-FOR-US: Huawei CVE-2021-40006 (Vulnerability of design defects in the security algorithm component. S ...) NOT-FOR-US: Huawei CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...) NOT-FOR-US: Huawei CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...) NOT-FOR-US: Huawei CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...) NOT-FOR-US: Huawei CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...) NOT-FOR-US: Huawei CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) NOT-FOR-US: Huawei CVE-2021-39999 (There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SP ...) NOT-FOR-US: Huawei CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...) NOT-FOR-US: Huawei CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...) NOT-FOR-US: Huawei CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...) NOT-FOR-US: Huawei CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) NOT-FOR-US: Huawei CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...) NOT-FOR-US: Huawei CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...) NOT-FOR-US: Huawei CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...) NOT-FOR-US: Huawei CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...) NOT-FOR-US: Huawei CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...) NOT-FOR-US: Huawei CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...) NOT-FOR-US: Huawei CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) NOT-FOR-US: Huawei CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) NOT-FOR-US: Huawei CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...) NOT-FOR-US: Huawei CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...) NOT-FOR-US: Huawei CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...) NOT-FOR-US: Huawei CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) NOT-FOR-US: Huawei CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...) NOT-FOR-US: Huawei CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...) NOT-FOR-US: Huawei CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...) NOT-FOR-US: Huawei CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...) NOT-FOR-US: Huawei CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) NOT-FOR-US: Huawei CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...) NOT-FOR-US: Huawei CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...) NOT-FOR-US: Huawei CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...) NOT-FOR-US: Huawei CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...) NOT-FOR-US: Huawei CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...) NOT-FOR-US: Huawei CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...) NOT-FOR-US: Huawei CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) NOT-FOR-US: Huawei CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...) NOT-FOR-US: Huawei CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...) NOT-FOR-US: Huawei CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...) NOT-FOR-US: Huawei CVE-2021-39965 RESERVED CVE-2021-39964 RESERVED CVE-2021-39963 RESERVED CVE-2021-39962 RESERVED CVE-2021-39961 RESERVED CVE-2021-39960 RESERVED CVE-2021-39959 RESERVED CVE-2021-39958 RESERVED CVE-2021-39957 RESERVED CVE-2021-39956 RESERVED CVE-2021-39955 RESERVED CVE-2021-39954 RESERVED CVE-2021-39953 RESERVED CVE-2021-39952 RESERVED CVE-2021-39951 RESERVED CVE-2021-39950 RESERVED CVE-2021-39949 RESERVED CVE-2021-39948 RESERVED CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...) - gitlab-ci-multi-runner 14.10.1-1 (bug #1016138) CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) - gitlab 15.10.8+ds1-2 CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab 15.10.8+ds1-2 CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) - gitlab 15.10.8+ds1-2 CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) - gitlab 15.10.8+ds1-2 CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) - gitlab 15.10.8+ds1-2 CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...) - gitlab-ci-multi-runner (Vulnerable code introduced later) NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630 NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/ CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...) - gitlab 15.10.8+ds1-2 CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...) - gitlab 15.10.8+ds1-2 CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...) - gitlab 15.10.8+ds1-2 CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...) - gitlab 15.10.8+ds1-2 CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...) - gitlab 15.10.8+ds1-2 CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) - gitlab 15.10.8+ds1-2 CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) {DSA-5019-1} - wireshark 3.6.0-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u2 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...) {DSA-5019-1 DLA-2849-1} - wireshark 3.6.0-1 [buster] - wireshark 2.6.20-0+deb10u3 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...) {DSA-5019-1} - wireshark 3.6.0-1 [buster] - wireshark (IPPUSB dissector added in 3.4) [stretch] - wireshark (IPPUSB dissector added in 3.4) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705 NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...) - gitlab 15.10.8+ds1-2 CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...) - gitlab 15.10.8+ds1-2 CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...) - gitlab 15.10.8+ds1-2 CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...) - gitlab 15.10.8+ds1-2 CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...) - gitlab 15.10.8+ds1-2 CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...) - gitlab 15.10.8+ds1-2 CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab 15.10.8+ds1-2 CVE-2021-39911 (An improper access control flaw in all versions of GitLab CE/EE starti ...) - gitlab 15.10.8+ds1-2 CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 15.10.8+ds1-2 CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) - gitlab (Specific to EE) CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all ...) - gitlab 15.10.8+ds1-2 CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab 15.10.8+ds1-2 CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) - gitlab 15.10.8+ds1-2 CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...) - gitlab 15.10.8+ds1-2 CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in all ver ...) - gitlab 15.10.8+ds1-2 CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...) - gitlab 15.10.8+ds1-2 CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...) - gitlab 15.10.8+ds1-2 CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...) - gitlab 15.10.8+ds1-2 CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...) - gitlab 15.10.8+ds1-2 CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...) - gitlab 15.10.8+ds1-2 CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...) - gitlab 15.10.8+ds1-2 CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...) - gitlab 15.10.8+ds1-2 CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...) - gitlab 15.10.8+ds1-2 CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...) - gitlab 15.10.8+ds1-2 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...) - gitlab 15.10.8+ds1-2 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) - gitlab 15.10.8+ds1-2 CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) [experimental] - gitlab 14.6.4+ds1-1 - gitlab 15.10.8+ds1-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) - gitlab 15.10.8+ds1-2 CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) - gitlab 15.10.8+ds1-2 CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before 14.1.7, all ve ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...) - gitlab 15.10.8+ds1-2 CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...) - gitlab 15.10.8+ds1-2 CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of Gitlab ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE starting fr ...) - gitlab (Specific to Enterprise Edition) CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...) - gitlab 15.10.8+ds1-2 CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...) - gitlab 15.10.8+ds1-2 CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...) - gitlab 15.10.8+ds1-2 - ruby-apollo-upload-server 2.1.0-1 [bullseye] - ruby-apollo-upload-server (Minor issue) NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/330561 NOTE: https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486 CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...) - gitlab 15.10.8+ds1-2 CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...) - gitlab 15.10.8+ds1-2 CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) - gitlab 15.10.8+ds1-2 CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...) - gitlab 15.10.8+ds1-2 CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) - gitlab 15.10.8+ds1-2 CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) - gitlab 15.10.8+ds1-2 CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...) - gitlab 15.10.8+ds1-2 CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...) - gitlab 15.10.8+ds1-2 CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...) - gitlab 15.10.8+ds1-2 CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...) - gitlab 15.10.8+ds1-2 CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...) - gitlab 15.10.8+ds1-2 CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...) - gitlab 15.10.8+ds1-2 CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...) - gitlab 15.10.8+ds1-2 CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...) - gitlab 15.10.8+ds1-2 CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...) NOT-FOR-US: Adobe CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...) NOT-FOR-US: Adobe CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39848 RESERVED CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...) NOT-FOR-US: Adobe CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) NOT-FOR-US: Adobe CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) NOT-FOR-US: Adobe CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...) NOT-FOR-US: Adobe CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) NOT-FOR-US: Adobe CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...) NOT-FOR-US: Adobe CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) NOT-FOR-US: Adobe CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...) NOT-FOR-US: Adobe CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39815 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...) NOT-FOR-US: Imagination Technologies CVE-2021-39814 (In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds wr ...) NOT-FOR-US: Pixel CVE-2021-39813 RESERVED CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a use aft ...) NOT-FOR-US: Pixel CVE-2021-39811 RESERVED CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...) NOT-FOR-US: Android CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is ...) NOT-FOR-US: Android CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...) NOT-FOR-US: Android CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...) NOT-FOR-US: Google Pixel CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...) NOT-FOR-US: Android CVE-2021-39803 (In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2021-39802 (In change_pte_range of mprotect.c , there is a possible way to make a ...) - linux (Vulnerability never present in upstream; Android specific) NOTE: https://source.android.com/security/bulletin/2022-04-01 CVE-2021-39801 (In ion_ioctl of ion-ioctl.c, there is a possible use after free due to ...) - linux (Android-specific driver) NOTE: https://source.android.com/security/bulletin/2022-04-01 CVE-2021-39800 (In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel he ...) - linux (Android-specific driver) NOTE: https://source.android.com/security/bulletin/2022-04-01 CVE-2021-39799 (In AttributionSource of AttributionSource.java, there is a possible pe ...) NOT-FOR-US: Android CVE-2021-39798 (In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrar ...) NOT-FOR-US: Android CVE-2021-39797 (In several functions of of LauncherApps.java, there is a possible esca ...) NOT-FOR-US: Android CVE-2021-39796 (In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there ...) - android-platform-frameworks-base (unimportant; bug #1009626) NOTE: https://android.googlesource.com/platform/frameworks/base/+/e74a2a320bf896bc30618ce486203bafe453c469 NOTE: https://source.android.com/security/bulletin/2022-04-01 NOTE: No security impact for Android as provided in Debian, Not accessible in Debian builds CVE-2021-39795 REJECTED CVE-2021-39794 (In broadcastPortInfo of AdbService.java, there is a possible way for a ...) NOT-FOR-US: Android CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possibl ...) NOT-FOR-US: Pixel CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...) NOT-FOR-US: Android kernel patches CVE-2021-39791 (In WallpaperManagerService, there is a possible way to determine wheth ...) NOT-FOR-US: Android CVE-2021-39790 (In Dialer, there is a possible way to manipulate visual voicemail sett ...) NOT-FOR-US: Android CVE-2021-39789 (In Telecom, there is a possible leak of TTY mode change due to a missi ...) NOT-FOR-US: Android CVE-2021-39788 (In TelecomManager, there is a possible way to check if a particular se ...) NOT-FOR-US: Android CVE-2021-39787 (In SystemUI, there is a possible arbitrary Activity launch due to a co ...) NOT-FOR-US: Android CVE-2021-39786 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2021-39785 RESERVED CVE-2021-39784 (In CellBroadcastReceiver, there is a possible path to enable specific ...) NOT-FOR-US: Android CVE-2021-39783 (In rcsservice, there is a possible way to modify TTY mode due to a mis ...) NOT-FOR-US: Android CVE-2021-39782 (In Telephony, there is a possible unauthorized modification of the PLM ...) NOT-FOR-US: Android CVE-2021-39781 (In SmsController, there is a possible information disclosure due to a ...) NOT-FOR-US: Android CVE-2021-39780 (In Traceur, there is a possible bypass of developer settings requireme ...) NOT-FOR-US: Android CVE-2021-39779 (In getCallStateUsingPackage of Telecom Service, there is a missing per ...) NOT-FOR-US: Android CVE-2021-39778 (In Telecomm, there is a possible way to determine whether an app is in ...) NOT-FOR-US: Android CVE-2021-39777 (In Telephony, there is a possible way to determine whether an app is i ...) NOT-FOR-US: Android CVE-2021-39776 (In NFC, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: Android CVE-2021-39775 (In People, there is a possible way to determine whether an app is inst ...) NOT-FOR-US: Android CVE-2021-39774 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2021-39773 (In VpnManagerService, there is a possible disclosure of installed VPN ...) NOT-FOR-US: Android CVE-2021-39772 (In Bluetooth, there is a possible way to access the a2dp audio control ...) NOT-FOR-US: Android CVE-2021-39771 (In Settings, there is a possible way to misrepresent which app wants t ...) NOT-FOR-US: Android CVE-2021-39770 (In Framework, there is a possible disclosure of the device owner packa ...) NOT-FOR-US: Android CVE-2021-39769 (In Device Policy, there is a possible way to determine whether an app ...) NOT-FOR-US: Android CVE-2021-39768 (In Settings, there is a possible way to add an auto-connect WiFi netwo ...) NOT-FOR-US: Android CVE-2021-39767 (In miniadb, there is a possible way to get read/write access to recove ...) NOT-FOR-US: Android CVE-2021-39766 (In Settings, there is a possible way to determine whether an app is in ...) NOT-FOR-US: Android CVE-2021-39765 (In Gallery, there is a possible permission bypass due to a confused de ...) NOT-FOR-US: Android CVE-2021-39764 (In Settings, there is a possible way to display an incorrect app name ...) NOT-FOR-US: Android CVE-2021-39763 (In Settings, there is a possible way to make the user enable WiFi due ...) NOT-FOR-US: Android CVE-2021-39762 (In tremolo, there is a possible out of bounds read due to an integer o ...) NOT-FOR-US: Android CVE-2021-39761 (In Media, there is a possible way to determine whether an app is insta ...) NOT-FOR-US: Android CVE-2021-39760 (In AudioService, there is a possible way to determine whether an app i ...) NOT-FOR-US: Android CVE-2021-39759 (In libstagefright, there is a possible out of bounds write due to an i ...) NOT-FOR-US: Android CVE-2021-39758 (In WindowManager, there is a possible way to start a foreground activi ...) NOT-FOR-US: Android CVE-2021-39757 (In PermissionController, there is a possible permission bypass due to ...) NOT-FOR-US: Android CVE-2021-39756 (In Framework, there is a possible way to determine whether an app is i ...) NOT-FOR-US: Android CVE-2021-39755 (In DevicePolicyManager, there is a possible way to reveal the existenc ...) NOT-FOR-US: Android CVE-2021-39754 (In ContextImpl, there is a possible way to determine whether an app is ...) NOT-FOR-US: Android CVE-2021-39753 (In DomainVerificationService, there is a possible way to access app do ...) NOT-FOR-US: Android CVE-2021-39752 (In Bubbles, there is a possible way to interfere with Bubbles due to a ...) NOT-FOR-US: Android CVE-2021-39751 (In Settings, there is a possible way to read Bluetooth device names wi ...) NOT-FOR-US: Android CVE-2021-39750 (In PackageManager, there is a possible way to change the splash screen ...) NOT-FOR-US: Android CVE-2021-39749 (In WindowManager, there is a possible way to start non-exported and pr ...) NOT-FOR-US: Android CVE-2021-39748 (In InputMethodEditor, there is a possible way to access some files acc ...) NOT-FOR-US: Android CVE-2021-39747 (In Settings Provider, there is a possible way to list values of non-re ...) NOT-FOR-US: Android CVE-2021-39746 (In PermissionController, there is a possible way to delete some local ...) NOT-FOR-US: Android CVE-2021-39745 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2021-39744 (In DevicePolicyManager, there is a possible way to determine whether a ...) NOT-FOR-US: Android CVE-2021-39743 (In PackageManager, there is a possible way to update the last usage ti ...) NOT-FOR-US: Android CVE-2021-39742 (In Voicemail, there is a possible way to retrieve a trackable identifi ...) NOT-FOR-US: Android CVE-2021-39741 (In Keymaster, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2021-39740 (In Messaging, there is a possible way to bypass attachment restriction ...) NOT-FOR-US: Android CVE-2021-39739 (In ArrayMap, there is a possible leak of the content of SMS messages d ...) NOT-FOR-US: Android CVE-2021-39738 (In CarSetings, there is a possible to pair BT device bypassing user's ...) NOT-FOR-US: Android Automotive CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...) NOT-FOR-US: Pixel CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_peri ...) NOT-FOR-US: Pixel CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there is a pos ...) NOT-FOR-US: Pixel CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible w ...) NOT-FOR-US: Pixel CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out ...) NOT-FOR-US: Pixel CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds ...) NOT-FOR-US: Pixel CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) NOT-FOR-US: Pixel CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Pixel CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write due to a m ...) NOT-FOR-US: Pixel CVE-2021-39728 RESERVED CVE-2021-39727 (In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/E ...) NOT-FOR-US: Pixel CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...) NOT-FOR-US: Pixel CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c, there is a ...) NOT-FOR-US: Pixel CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, th ...) NOT-FOR-US: Pixel CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID: A-209014813Referen ...) NOT-FOR-US: Pixel CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) NOT-FOR-US: Pixel CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to memory c ...) NOT-FOR-US: Pixel CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID: A-207433926Referen ...) NOT-FOR-US: Pixel CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a possible out ...) NOT-FOR-US: Pixel CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) NOT-FOR-US: Pixel CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bo ...) NOT-FOR-US: Pixel CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID: A-206977562Referen ...) NOT-FOR-US: Pixel CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of kernel memory ...) NOT-FOR-US: Android kernel patches CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible use-after-free du ...) {DLA-2940-1} - linux 4.12.6-1 NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 CVE-2021-39713 (Product: AndroidVersions: Android kernelAndroid ID: A-173788806Referen ...) {DSA-5096-1 DLA-3065-1 DLA-2941-1} - linux 5.2.6-1 NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 CVE-2021-39712 (In TBD of TBD, there is a possible user after free vulnerability due t ...) NOT-FOR-US: Pixel CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible out of bou ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024 NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID: A-202160245Referen ...) NOT-FOR-US: Pixel CVE-2021-39709 (In sendSipAccountsRemovedNotification of SipAccountRegistry.java, ther ...) NOT-FOR-US: Android CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possible way ...) NOT-FOR-US: Android CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...) NOT-FOR-US: Android CVE-2021-39705 REJECTED CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible unauthori ...) NOT-FOR-US: Android CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a possible way ...) NOT-FOR-US: Android CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt, there is ...) NOT-FOR-US: Android CVE-2021-39700 (In the policies of adbd.te, there was a logic error which caused the C ...) NOT-FOR-US: Android CVE-2021-39699 RESERVED CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory corrupt ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 NOTE: https://source.android.com/security/bulletin/2022-03-01 CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...) NOT-FOR-US: Android CVE-2021-39696 (In Task.java, there is a possible escalation of privilege due to a con ...) NOT-FOR-US: Android CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...) NOT-FOR-US: Android CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...) NOT-FOR-US: Android CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible way to ...) NOT-FOR-US: Android CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...) NOT-FOR-US: Android CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...) NOT-FOR-US: Android CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...) NOT-FOR-US: Android CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...) NOT-FOR-US: Pixel CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...) NOT-FOR-US: Android CVE-2021-39686 (In several functions of binder.c, there is a possible way to represent ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-1 NOTE: https://source.android.com/security/bulletin/2022-03-01 CVE-2021-39685 (In various setup methods of the USB gadget subsystem, there is a possi ...) {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} - linux 5.15.5-2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) NOT-FOR-US: Pixel CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...) NOT-FOR-US: Pixel CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...) NOT-FOR-US: Pixel CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...) NOT-FOR-US: Pixel CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...) NOT-FOR-US: Pixel CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...) NOT-FOR-US: Pixel CVE-2021-39678 (In of , there is a possible bypass of Factory Reset Protect ...) NOT-FOR-US: Pixel CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...) NOT-FOR-US: Android CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...) NOT-FOR-US: Android CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...) NOT-FOR-US: Android CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...) NOT-FOR-US: Android CVE-2021-39673 RESERVED CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...) NOT-FOR-US: Android CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...) NOT-FOR-US: Android CVE-2021-39670 (In setStream of WallpaperManager.java, there is a possible way to caus ...) NOT-FOR-US: Android CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...) NOT-FOR-US: Android CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...) NOT-FOR-US: Android CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possi ...) NOT-FOR-US: Android CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...) NOT-FOR-US: Android CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...) NOT-FOR-US: Android CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...) NOT-FOR-US: Android CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, the ...) NOT-FOR-US: Android CVE-2021-39660 (In TBD of TBD, there is a possible way to archive arbitrary code execu ...) NOT-FOR-US: Android CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...) NOT-FOR-US: Android CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment\u3002ismsEx ser ...) NOT-FOR-US: Android CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...) - linux 5.10.12-1 [buster] - linux 4.19.171-1 [stretch] - linux 4.9.258-1 NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4) CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...) - linux 5.10.24-1 [buster] - linux 4.19.181-1 [stretch] - linux 4.9.272-1 NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3) CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...) NOT-FOR-US: Google Pixel components CVE-2021-39654 RESERVED CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) NOT-FOR-US: Google Pixel components CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...) NOT-FOR-US: Google Pixel components CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...) NOT-FOR-US: Google Pixel components CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) NOT-FOR-US: Google Pixel components CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...) NOT-FOR-US: Google Pixel components CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...) - linux 5.10.9-1 [buster] - linux 4.19.171-1 [stretch] - linux 4.9.258-1 NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870 NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...) NOT-FOR-US: Google Pixel components CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...) NOT-FOR-US: Google Pixel components CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...) NOT-FOR-US: Google Pixel components CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...) NOT-FOR-US: Google Pixel components CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...) NOT-FOR-US: Google Pixel components CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...) NOT-FOR-US: Google Pixel components CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...) NOT-FOR-US: Google Pixel components CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...) NOT-FOR-US: Google Pixel components CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...) NOT-FOR-US: Google Pixel components CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...) NOT-FOR-US: Google Pixel components CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...) NOT-FOR-US: Google Pixel components CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...) - linux 4.16.5-1 NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...) NOT-FOR-US: Android CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...) - linux 5.8.14-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://source.android.com/security/bulletin/2022-01-01 NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8) CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://source.android.com/security/bulletin/2022-01-01 NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14) CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...) NOT-FOR-US: Android CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...) NOT-FOR-US: Android CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...) NOT-FOR-US: Android CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...) NOT-FOR-US: Android CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) NOT-FOR-US: Android CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...) NOT-FOR-US: Android CVE-2021-39624 (In PackageManager, there is a possible permanent denial of service due ...) NOT-FOR-US: Android CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...) NOT-FOR-US: Android CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) NOT-FOR-US: Android CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...) NOT-FOR-US: Android CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...) NOT-FOR-US: Android CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-39617 REJECTED CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438) NOT-FOR-US: Android CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...) {DLA-3477-1 DLA-3432-1 DLA-2808-1} - python3.9 3.9.7-1 [bullseye] - python3.9 (Minor issue) - python3.7 - python3.5 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) - pypy3 7.3.8+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://bugs.python.org/issue43075 NOTE: https://github.com/python/cpython/pull/24391 NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master) NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5) NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10) NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11) NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14) CVE-2021-3732 (A flaw was found in the Linux kernel's OverlayFS subsystem in the way ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631 CVE-2021-39615 (D-Link DSR-500N version 1.02 contains hard-coded credentials for undoc ...) NOT-FOR-US: D-Link CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...) NOT-FOR-US: D-Link CVE-2021-39613 (D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contain ...) NOT-FOR-US: D-Link CVE-2021-39612 RESERVED CVE-2021-39611 RESERVED CVE-2021-39610 RESERVED CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...) NOT-FOR-US: FlatCore-CMS CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...) NOT-FOR-US: FlatCore-CMS CVE-2021-39607 RESERVED CVE-2021-39606 RESERVED CVE-2021-39605 RESERVED CVE-2021-39604 RESERVED CVE-2021-39603 RESERVED CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...) NOT-FOR-US: Miniftpd CVE-2021-39601 RESERVED CVE-2021-39600 RESERVED CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...) NOT-FOR-US: CXUUCMS CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/145 CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/143 CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/146 CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/141 CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/142 CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/139 CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/138 CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/135 CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/137 CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/132 CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/131 CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/129 CVE-2021-39586 RESERVED CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/133 CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/130 CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/136 CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/122 CVE-2021-39581 RESERVED CVE-2021-39580 RESERVED CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/125 CVE-2021-39578 RESERVED CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/121 CVE-2021-39576 RESERVED CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/128 CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/124 CVE-2021-39573 RESERVED CVE-2021-39572 RESERVED CVE-2021-39571 RESERVED CVE-2021-39570 RESERVED CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/114 CVE-2021-39568 RESERVED CVE-2021-39567 RESERVED CVE-2021-39566 RESERVED CVE-2021-39565 RESERVED CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/116 CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/115 CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/98 CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/102 CVE-2021-39560 RESERVED CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/101 CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/106 CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/97 CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/105 CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/99 CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/100 CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) - swftools [stretch] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/103 CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...) NOT-FOR-US: sela CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) NOT-FOR-US: sela CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) NOT-FOR-US: sela CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...) NOT-FOR-US: sela CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) NOT-FOR-US: sela CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...) NOT-FOR-US: sela CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...) NOT-FOR-US: pdftools CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) NOT-FOR-US: pdftools CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...) {DLA-3682-1} - ncurses 6.2+20200912-1 (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html NOTE: Fixed by: https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 NOTE: Negligible security impact CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...) - libxsmm 1.17-1 (bug #996098) NOTE: https://github.com/hfp/libxsmm/issues/402 NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393 NOTE: https://github.com/hfp/libxsmm/commit/3f417e5e0670b066d558052fd32fc8093c81ee94 (1.16.3) CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...) - libxsmm 1.17-1 (bug #996098) NOTE: https://github.com/hfp/libxsmm/issues/398 NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 NOTE: https://github.com/hfp/libxsmm/commit/3f417e5e0670b066d558052fd32fc8093c81ee94 (1.16.3) CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...) - libslax (bug #766210) CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) - libslax (bug #766210) CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...) - libslax (bug #766210) CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) - libslax (bug #766210) CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...) - libredwg (bug #595191) CVE-2021-39529 RESERVED CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...) - libredwg (bug #595191) CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...) - libredwg (bug #595191) CVE-2021-39526 RESERVED CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...) - libredwg (bug #595191) CVE-2021-39524 RESERVED CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) - libredwg (bug #595191) CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...) - libredwg (bug #595191) CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) - libredwg (bug #595191) CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/34 CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/28 CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/35 CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/33 CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/42 CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/37 CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...) - libjpeg 0.0~git20200925.f145908-1 NOTE: https://github.com/thorfdbg/libjpeg/issues/36 CVE-2021-39513 RESERVED CVE-2021-39512 RESERVED CVE-2021-39511 RESERVED CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...) NOT-FOR-US: D-Link CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...) NOT-FOR-US: D-Link CVE-2021-39508 RESERVED CVE-2021-39507 RESERVED CVE-2021-39506 RESERVED CVE-2021-39505 RESERVED CVE-2021-39504 RESERVED CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...) NOT-FOR-US: PHPMyWind CVE-2021-39502 RESERVED CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...) NOT-FOR-US: EyouCMS CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...) NOT-FOR-US: EyouCMS CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...) NOT-FOR-US: EyouCMS CVE-2021-39498 RESERVED CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) NOT-FOR-US: EyouCMS CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) NOT-FOR-US: EyouCMS CVE-2021-39495 RESERVED CVE-2021-39494 RESERVED CVE-2021-39493 RESERVED CVE-2021-39492 RESERVED CVE-2021-39491 (A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgi ...) NOT-FOR-US: reNgine CVE-2021-39490 RESERVED CVE-2021-39489 RESERVED CVE-2021-39488 RESERVED CVE-2021-39487 RESERVED CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...) NOT-FOR-US: Gila CMS CVE-2021-39485 RESERVED CVE-2021-39484 RESERVED CVE-2021-39483 RESERVED CVE-2021-39482 RESERVED CVE-2021-39481 RESERVED CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...) NOT-FOR-US: bingrep CVE-2021-39479 RESERVED CVE-2021-39478 RESERVED CVE-2021-39477 RESERVED CVE-2021-39476 RESERVED CVE-2021-39475 RESERVED CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...) NOT-FOR-US: Docsis UBC1319BA00 Router CVE-2021-39473 (Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) ...) NOT-FOR-US: Saibamen HotelManager CVE-2021-39472 RESERVED CVE-2021-39471 RESERVED CVE-2021-39470 RESERVED CVE-2021-39469 RESERVED CVE-2021-39468 RESERVED CVE-2021-39467 RESERVED CVE-2021-39466 RESERVED CVE-2021-39465 RESERVED CVE-2021-39464 RESERVED CVE-2021-39463 RESERVED CVE-2021-39462 RESERVED CVE-2021-39461 RESERVED CVE-2021-39460 RESERVED CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...) NOT-FOR-US: Yakamara Media Redaxo CMS CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...) NOT-FOR-US: Yakamara Media Redaxo CMS CVE-2021-39457 RESERVED CVE-2021-39456 RESERVED CVE-2021-39455 RESERVED CVE-2021-39454 RESERVED CVE-2021-39453 RESERVED CVE-2021-39452 RESERVED CVE-2021-39451 RESERVED CVE-2021-39450 RESERVED CVE-2021-39449 RESERVED CVE-2021-39448 RESERVED CVE-2021-39447 RESERVED CVE-2021-39446 RESERVED CVE-2021-39445 RESERVED CVE-2021-39444 RESERVED CVE-2021-39443 RESERVED CVE-2021-39442 RESERVED CVE-2021-39441 RESERVED CVE-2021-39440 RESERVED CVE-2021-39439 RESERVED CVE-2021-39438 RESERVED CVE-2021-39437 RESERVED CVE-2021-39436 RESERVED CVE-2021-39435 RESERVED CVE-2021-39434 (A default username and password for an administrator account was disco ...) NOT-FOR-US: ZKTeco ZKTime CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...) NOT-FOR-US: BIQS IT Biqs-drive CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free.) NOT-FOR-US: diplib CVE-2021-39431 RESERVED CVE-2021-39430 RESERVED CVE-2021-39429 RESERVED CVE-2021-39428 (Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 ...) NOT-FOR-US: EyouCMS CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows attacker ...) NOT-FOR-US: 188Jianzhan CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11 ...) NOT-FOR-US: Seacms CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect vulnerabili ...) NOT-FOR-US: SeedDMS CVE-2021-39424 RESERVED CVE-2021-39423 RESERVED CVE-2021-39422 RESERVED CVE-2021-39421 (A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows a ...) NOT-FOR-US: SeedDMS CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...) NOT-FOR-US: VFront CVE-2021-39419 RESERVED CVE-2021-39418 RESERVED CVE-2021-39417 RESERVED CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...) NOT-FOR-US: Remote Clinic CVE-2021-39415 RESERVED CVE-2021-39414 RESERVED CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...) NOT-FOR-US: SEO Panel CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...) NOT-FOR-US: PHPGurukul Shopping CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2021-39410 RESERVED CVE-2021-39409 (A vulnerability exists in Online Student Rate System v1.0 that allows ...) NOT-FOR-US: Online Student Rate System CVE-2021-39408 (Cross Site Scripting (XSS) vulnerability exists in Online Student Rate ...) NOT-FOR-US: Online Student Rate System CVE-2021-39407 RESERVED CVE-2021-39406 RESERVED CVE-2021-39405 RESERVED CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...) NOT-FOR-US: MaianAffiliate CVE-2021-39403 RESERVED CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...) NOT-FOR-US: MaianAffiliate CVE-2021-39401 RESERVED CVE-2021-39400 RESERVED CVE-2021-39399 RESERVED CVE-2021-39398 RESERVED CVE-2021-39397 RESERVED CVE-2021-39396 RESERVED CVE-2021-39395 RESERVED CVE-2021-39394 (mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery ...) NOT-FOR-US: mm-wiki CVE-2021-39393 (mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) ...) NOT-FOR-US: mm-wiki CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...) NOT-FOR-US: MyLittleBackup CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...) NOT-FOR-US: Beego CVE-2021-39390 (Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints v ...) NOT-FOR-US: PartKeepr CVE-2021-39389 RESERVED CVE-2021-39388 RESERVED CVE-2021-39387 RESERVED CVE-2021-39386 RESERVED CVE-2021-39385 RESERVED CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file write vuln ...) NOT-FOR-US: DWSurvey CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command execution ( ...) NOT-FOR-US: DWSurvey CVE-2021-39382 RESERVED CVE-2021-39381 RESERVED CVE-2021-39380 RESERVED CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) NOT-FOR-US: openSIS CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) CVE-2021-39374 RESERVED CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...) NOT-FOR-US: Samsung CVE-2021-39372 RESERVED CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...) {DLA-2754-1} - pywps 4.5.0-1 [bullseye] - pywps (Minor issue) [buster] - pywps (Minor issue) NOTE: https://github.com/geopython/OWSLib/issues/790 NOTE: https://github.com/geopython/pywps/pull/616 CVE-2021-39370 RESERVED CVE-2021-39369 (In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the ...) NOT-FOR-US: Philips (formerly Carestream) Vue MyVue PACS CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...) NOT-FOR-US: Canon Oce Print Exec Workgroup CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.) NOT-FOR-US: Canon Oce Print Exec Workgroup CVE-2021-39366 RESERVED CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...) {DSA-4964-1 DLA-2762-1} - grilo 0.3.13-1.1 (bug #992971) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146 CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...) NOT-FOR-US: Honeywell CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...) NOT-FOR-US: Honeywell CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) {DLA-3249-1 DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/issues/3629 NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development) CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...) [experimental] - mbedtls 2.28.0-0.1 - mbedtls 2.28.0-0.3 [bullseye] - mbedtls (2.16 not affected) [buster] - mbedtls (2.16 not affected) [stretch] - mbedtls (2.4 not affected) NOTE: https://github.com/ARMmbed/mbedtls/issues/3498 NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development) CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...) {DLA-3249-1 DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/commit/a321413807927d6e295cec8677733bbde6aeec34 (development) NOTE: https://github.com/ARMmbed/mbedtls/commit/ef73875913c66767e7a954aa0b68f42f0756d9b2 (mbedtls-2.7) CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) {DLA-3249-1 DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/commit/9246d041500b96fb0694cbda1d833e420696827e CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...) NOT-FOR-US: ReCaptcha Solver CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...) - evolution-rss (bug #996590) [bullseye] - evolution-rss (Minor issue) [buster] - evolution-rss (Minor issue) [stretch] - evolution-rss (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...) - libzapojit (bug #993538) [bullseye] - libzapojit (Minor issue) [buster] - libzapojit (Minor issue) [stretch] - libzapojit (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4 CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...) - libgda5 (bug #993592) [bookworm] - libgda5 (Minor issue) [bullseye] - libgda5 (Minor issue) [buster] - libgda5 (Minor issue) [stretch] - libgda5 (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d (master) CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...) - gfbgraph 0.2.5-1 (bug #993537) [bullseye] - gfbgraph (Minor issue) [buster] - gfbgraph (Minor issue) [stretch] - gfbgraph (Minor issue, revisit when/if fixed upstream) NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17 CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...) NOT-FOR-US: WordPress plugin CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) NOT-FOR-US: WordPress plugin CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) NOT-FOR-US: WordPress plugin CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) NOT-FOR-US: WordPress plugin CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...) NOT-FOR-US: WordPress plugin CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) NOT-FOR-US: WordPress plugin CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39333 (The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained s ...) NOT-FOR-US: WordPress plugin CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39331 RESERVED CVE-2021-39330 REJECTED CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) NOT-FOR-US: WordPress plugin CVE-2021-39326 REJECTED CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2021-39324 REJECTED CVE-2021-39323 RESERVED CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw ...) NOT-FOR-US: WordPress plugin CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the raw ...) NOT-FOR-US: WordPress plugin CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...) NOT-FOR-US: WordPess plugin CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...) NOT-FOR-US: WordPess plugin CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...) NOT-FOR-US: WordPress plugin CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, in ...) NOT-FOR-US: WordPress plugin CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPess plugin CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPess plugin CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...) NOT-FOR-US: WordPess plugin CVE-2021-39312 (The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, ...) NOT-FOR-US: WordPess plugin CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...) NOT-FOR-US: WordPess plugin CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPess plugin CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...) NOT-FOR-US: WordPess plugin CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...) NOT-FOR-US: WordPess plugin CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...) NOT-FOR-US: PDFTron WebViewer UI CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...) NOT-FOR-US: Realtek CVE-2021-39305 RESERVED CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) NOT-FOR-US: Proofpoint CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: firefly-iii CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability.) NOT-FOR-US: SafeCurl CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...) NOT-FOR-US: Jamf Pro CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) NOT-FOR-US: HP CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) NOT-FOR-US: HP CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) NOT-FOR-US: HP CVE-2021-39298 (A potential vulnerability in AMD System Management Mode (SMM) interrup ...) NOT-FOR-US: HP CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) NOT-FOR-US: HP CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) NOT-FOR-US: OpenBMC CVE-2021-39295 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a den ...) NOT-FOR-US: OpenBMC CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...) NOT-FOR-US: ohmyzsh CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...) NOT-FOR-US: ohmyzsh CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...) NOT-FOR-US: ohmyzsh CVE-2021-3724 REJECTED CVE-2021-23161 REJECTED CVE-2021-23156 REJECTED CVE-2021-39294 RESERVED CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.17 1.17.1-1 - golang-1.16 1.16.8-1 - golang-1.15 1.15.15-2 [bullseye] - golang-1.15 1.15.15-1~deb11u1 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/47801 NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1) NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8) CVE-2021-39292 RESERVED CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...) NOT-FOR-US: IBM CVE-2021-3722 (A denial of service vulnerability was reported in Lenovo PCManager pri ...) NOT-FOR-US: Lenovo CVE-2021-3721 (A denial of service vulnerability was reported in Lenovo PCManager pri ...) NOT-FOR-US: Lenovo CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...) NOT-FOR-US: Lenovo CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...) NOT-FOR-US: Lenovo CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...) NOT-FOR-US: Lenovo CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...) NOT-FOR-US: NetModule devices CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...) NOT-FOR-US: NetModule devices CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...) NOT-FOR-US: NetModule devices CVE-2021-39288 RESERVED CVE-2021-39287 RESERVED CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...) NOT-FOR-US: Webrecorder pywb CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...) NOT-FOR-US: Versa CVE-2021-39284 RESERVED CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html CVE-2021-39281 RESERVED CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...) NOT-FOR-US: Korenix JetWave devices CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) NOT-FOR-US: MOXA CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) NOT-FOR-US: MOXA CVE-2021-39277 RESERVED CVE-2021-39276 RESERVED CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275 NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk) NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk) NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk) NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x) NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x) CVE-2021-3717 (A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge l ...) - wildfly (bug #752018) CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...) NOT-FOR-US: XeroSecurity Sn1per CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...) NOT-FOR-US: XeroSecurity Sn1per CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...) - fetchmail 6.4.22-1 (bug #993163) [bullseye] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) [buster] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) [stretch] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...) NOT-FOR-US: OrbiTeam BSCW Classic CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...) NOT-FOR-US: Ping Identity RSA SecurID Integration Kit CVE-2021-39269 RESERVED CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) NOT-FOR-US: SuiteCRM CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) NOT-FOR-US: SuiteCRM CVE-2021-39266 RESERVED CVE-2021-39265 RESERVED CVE-2021-39264 RESERVED CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) NOT-FOR-US: Invision Community CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) NOT-FOR-US: Invision Community CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...) NOT-FOR-US: Open edX CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...) - zint (Introduced and fixed between 2.9.1 and 2.10.0) NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/ NOTE: https://sourceforge.net/p/zint/tickets/232/ NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/ CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...) NOT-FOR-US: Tor Browser CVE-2021-3716 (A flaw was found in nbdkit due to to improperly caching plaintext stat ...) - nbdkit 1.26.5-1 [bullseye] - nbdkit (Minor issue) [buster] - nbdkit (Vulnerable code introduced later) [stretch] - nbdkit (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8) NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html CVE-2021-3715 (A flaw was found in the "Routing decision" classifier in the Linux ker ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1 NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6) CVE-2021-3714 (A flaw was found in the Linux kernels memory deduplication mechanism. ...) - linux (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931327 NOTE: Inherent design limitation, can be avoided by not using KSM CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...) NOT-FOR-US: Altus CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...) NOT-FOR-US: Altus CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...) NOT-FOR-US: Altus CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1 CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) {DSA-4960-1} - haproxy 2.2.16-1 [buster] - haproxy (Vulnerable code introduced later) [stretch] - haproxy (Vulnerable code introduced later) NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) - apache-jena 4.5.0-1 (bug #1014982) NOTE: https://lists.apache.org/thread/qpbfrdty7jt3yfm39hx4p9dp151sd6gm CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...) NOT-FOR-US: HP CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...) NOT-FOR-US: HP CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...) NOT-FOR-US: Apache Ozone CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...) NOT-FOR-US: Apache Ozone CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...) NOT-FOR-US: Apache Ozone CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...) NOT-FOR-US: Apache Ozone CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...) NOT-FOR-US: Apache Ozone CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...) NOT-FOR-US: Apache Ozone CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...) {DSA-4980-1 DLA-3099-1 DLA-2753-1} - qemu 1:6.1+dfsg-2 (bug #992727) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...) NOT-FOR-US: Butter CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...) NOT-FOR-US: Apprise CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) NOT-FOR-US: Tremor event processing (different from Vorbis Tremor) CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) NOT-FOR-US: ZRender CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...) - grafana CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...) NOT-FOR-US: Nextcloud Deck CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud OfficeOnline CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) - nextcloud-server (bug #941708) CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Contacts CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) NOT-FOR-US: Nextcloud Mail CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime be ...) NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...) NOT-FOR-US: wasmtime CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) NOT-FOR-US: OpenMage CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...) NOT-FOR-US: wasmtime CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) - jitsi-meet (bug #760485) CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) - mitmproxy 8.1.1-1 (bug #994570) [bullseye] - mitmproxy (Minor issue) [buster] - mitmproxy (Minor issue) [stretch] - mitmproxy (Minor issue, intrusive to backport) NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...) {DLA-3429-1} - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e NOTE: V6 [1/4] https://github.com/ImageMagick/ImageMagick6/commit/8cd2fcd33460826628a7590dc3ce74d7785e1598 NOTE: V6 [2/4] https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74 NOTE: V6 [3/4] https://github.com/ImageMagick/ImageMagick6/commit/b60e17133b982d28816386b83174c2bc06dd39bd NOTE: V6 [4/4] https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3 CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p NOTE: Only supported behind an authenticated HTTP zone CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...) NOT-FOR-US: SharpCompress CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...) NOT-FOR-US: Facebook ParlAI CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...) - jitsi-meet (bug #760485) CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39203 (WordPress is a free and open-source content management system written ...) - wordpress (Only affects 5.8 beta 1; vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6 CVE-2021-39202 (WordPress is a free and open-source content management system written ...) - wordpress (Vulnerable code introduced later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 CVE-2021-39201 (WordPress is a free and open-source content management system written ...) {DSA-4985-1} - wordpress 5.8.1+dfsg1-1 (bug #994059) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v CVE-2021-39200 (WordPress is a free and open-source content management system written ...) - wordpress 5.8.1+dfsg1-1 (bug #994060) [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1 [buster] - wordpress (Vulnerable code introduced later in 5.2) [stretch] - wordpress (Vulnerable code added later) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) NOT-FOR-US: Node remark-html CVE-2021-39198 (OroCRM is an open source Client Relationship Management (CRM) applicat ...) NOT-FOR-US: OroCRM CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...) - ruby-better-errors (bug #739168) CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...) NOT-FOR-US: pcapture CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...) NOT-FOR-US: Misskey CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...) NOT-FOR-US: kaml CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) NOT-FOR-US: Frontier CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...) NOT-FOR-US: Ghost CMS CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...) {DLA-3499-1} - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648) [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1 [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672 CVE-2021-39190 (The SCCM plugin for GLPI is a plugin to synchronize computers from SCC ...) NOT-FOR-US: SCCM plugin for GLPI CVE-2021-39189 (Pimcore is an open source data & experience management platform. In ve ...) NOT-FOR-US: Pimcore CVE-2021-39188 RESERVED CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...) NOT-FOR-US: Miraheze CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...) NOT-FOR-US: Https4s CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) - electron (bug #842420) CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...) NOT-FOR-US: Owncast CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...) NOT-FOR-US: EnroCrypt CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...) NOT-FOR-US: OpenOlat CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) NOT-FOR-US: OpenOLAT CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) NOT-FOR-US: DHIS 2 CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) NOT-FOR-US: next.js CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) NOT-FOR-US: geyser CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...) NOT-FOR-US: detect-character-encoding NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...) NOT-FOR-US: hedgedoc CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) - cachet (bug #851177) CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...) - cachet (bug #851177) CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) - cachet (bug #851177) CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) NOT-FOR-US: Node passport-saml CVE-2021-39170 (Pimcore is an open source data & experience management platform. Prior ...) NOT-FOR-US: Pimcore CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...) NOT-FOR-US: Misskey CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...) NOT-FOR-US: OpenZeppelin CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...) NOT-FOR-US: OpenZeppelin CVE-2021-39166 (Pimcore is an open source data & experience management platform. Prior ...) NOT-FOR-US: Pimcore CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...) - cachet (bug #851177) CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) - matrix-synapse 1.41.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) - matrix-synapse 1.41.1-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2 NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) NOT-FOR-US: Pomerium CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...) NOT-FOR-US: Discourse CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...) NOT-FOR-US: nbgitpuller CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...) NOT-FOR-US: BinderHub CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...) NOT-FOR-US: NVCaffe CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...) NOT-FOR-US: detect-character-encoding CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...) NOT-FOR-US: Istio CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...) NOT-FOR-US: Istio CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 NOTE: https://x-stream.github.io/CVE-2021-39154.html CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v NOTE: https://x-stream.github.io/CVE-2021-39153.html CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 NOTE: https://x-stream.github.io/CVE-2021-39152.html CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 NOTE: https://x-stream.github.io/CVE-2021-39151.html CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp NOTE: https://x-stream.github.io/CVE-2021-39150.html CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x NOTE: https://x-stream.github.io/CVE-2021-39149.html CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 NOTE: https://x-stream.github.io/CVE-2021-39148.html CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc NOTE: https://x-stream.github.io/CVE-2021-39147.html CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f NOTE: https://x-stream.github.io/CVE-2021-39146.html CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v NOTE: https://x-stream.github.io/CVE-2021-39145.html CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) NOT-FOR-US: Spinnaker CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 NOTE: https://x-stream.github.io/CVE-2021-39141.html CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc NOTE: https://x-stream.github.io/CVE-2021-39140.html CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...) {DSA-5004-1 DLA-2769-1} - libxstream-java 1.4.18-1 (bug #998054) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 NOTE: https://x-stream.github.io/CVE-2021-39139.html CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...) - golang-github-go-ethereum (bug #890541) CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...) NOT-FOR-US: baserCMS CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) [experimental] - npm 7.24.0+ds-1 - npm 7.24.0+ds-2 (bug #993405) [bullseye] - npm (Minor issue) [buster] - npm (Minor issue) NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) [experimental] - npm 7.24.0+ds-1 - npm 7.24.0+ds-2 (bug #993407) [bullseye] - npm (Minor issue) [buster] - npm (Minor issue) NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...) NOT-FOR-US: Rundeck CVE-2021-39131 (ced detects character encoding using Google\u2019s compact_enc_det lib ...) NOT-FOR-US: Node ced CVE-2021-39130 RESERVED CVE-2021-39129 RESERVED CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...) NOT-FOR-US: Atlassian CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...) NOT-FOR-US: Atlassian CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) NOT-FOR-US: Atlassian CVE-2021-39120 RESERVED CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...) NOT-FOR-US: Atlassian CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...) NOT-FOR-US: Atlassian CVE-2021-39114 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian Confluence CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2021-39110 RESERVED CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...) NOT-FOR-US: Atlassian CVE-2021-39108 RESERVED CVE-2021-39107 RESERVED CVE-2021-39106 RESERVED CVE-2021-39105 RESERVED CVE-2021-39104 RESERVED CVE-2021-39103 RESERVED CVE-2021-39102 RESERVED CVE-2021-39101 RESERVED CVE-2021-39100 RESERVED CVE-2021-39099 RESERVED CVE-2021-39098 RESERVED CVE-2021-39097 RESERVED CVE-2021-39096 RESERVED CVE-2021-39095 RESERVED CVE-2021-39094 RESERVED CVE-2021-39093 RESERVED CVE-2021-39092 RESERVED CVE-2021-39091 RESERVED CVE-2021-39090 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...) NOT-FOR-US: IBM CVE-2021-39089 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...) NOT-FOR-US: IBM CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...) NOT-FOR-US: IBM CVE-2021-39087 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) NOT-FOR-US: IBM CVE-2021-39086 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1 ...) NOT-FOR-US: IBM CVE-2021-39085 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) NOT-FOR-US: IBM CVE-2021-39084 RESERVED CVE-2021-39083 RESERVED CVE-2021-39082 (IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2021-39081 RESERVED CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...) NOT-FOR-US: IBM CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...) NOT-FOR-US: IBM CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain clear text ...) NOT-FOR-US: IBM CVE-2021-39077 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 sto ...) NOT-FOR-US: IBM CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptogr ...) NOT-FOR-US: IBM CVE-2021-39075 RESERVED CVE-2021-39074 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-39073 RESERVED CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2021-39071 RESERVED CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...) NOT-FOR-US: IBM CVE-2021-39069 RESERVED CVE-2021-39068 (IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-39067 RESERVED CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...) NOT-FOR-US: IBM CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) NOT-FOR-US: IBM CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...) NOT-FOR-US: IBM CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...) NOT-FOR-US: IBM CVE-2021-39062 RESERVED CVE-2021-39061 RESERVED CVE-2021-39060 RESERVED CVE-2021-39059 (IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, ...) NOT-FOR-US: IBM CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) NOT-FOR-US: IBM CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...) NOT-FOR-US: IBM CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...) NOT-FOR-US: IBM CVE-2021-39055 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) NOT-FOR-US: IBM CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) NOT-FOR-US: IBM CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) NOT-FOR-US: IBM CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) NOT-FOR-US: IBM CVE-2021-39051 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) NOT-FOR-US: IBM CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) NOT-FOR-US: IBM CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) NOT-FOR-US: IBM CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...) NOT-FOR-US: IBM CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, an ...) NOT-FOR-US: IBM CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...) NOT-FOR-US: IBM CVE-2021-39045 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local at ...) NOT-FOR-US: IBM CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...) NOT-FOR-US: IBM CVE-2021-39043 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) NOT-FOR-US: IBM CVE-2021-39042 RESERVED CVE-2021-39041 (IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial ...) NOT-FOR-US: IBM CVE-2021-39040 (IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious ...) NOT-FOR-US: IBM CVE-2021-39039 RESERVED CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Application Ser ...) NOT-FOR-US: IBM CVE-2021-39037 RESERVED CVE-2021-39036 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2021-39035 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) NOT-FOR-US: IBM CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...) NOT-FOR-US: IBM CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) NOT-FOR-US: IBM CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...) NOT-FOR-US: IBM CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...) NOT-FOR-US: IBM CVE-2021-39030 RESERVED CVE-2021-39029 RESERVED CVE-2021-39028 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) NOT-FOR-US: IBM CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structur ...) NOT-FOR-US: IBM CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...) NOT-FOR-US: IBM CVE-2021-39025 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose ...) NOT-FOR-US: IBM CVE-2021-39024 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable t ...) NOT-FOR-US: IBM CVE-2021-39023 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remot ...) NOT-FOR-US: IBM CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-prov ...) NOT-FOR-US: IBM CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...) NOT-FOR-US: IBM CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive ...) NOT-FOR-US: IBM CVE-2021-39019 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) NOT-FOR-US: IBM CVE-2021-39018 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) NOT-FOR-US: IBM CVE-2021-39017 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) NOT-FOR-US: IBM CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) NOT-FOR-US: IBM CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...) NOT-FOR-US: IBM CVE-2021-39014 (IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site s ...) NOT-FOR-US: IBM CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...) NOT-FOR-US: IBM CVE-2021-39012 RESERVED CVE-2021-39011 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores pot ...) NOT-FOR-US: IBM CVE-2021-39010 RESERVED CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credential ...) NOT-FOR-US: IBM CVE-2021-39008 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileg ...) NOT-FOR-US: IBM CVE-2021-39007 RESERVED CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to ...) NOT-FOR-US: IBM CVE-2021-39005 RESERVED CVE-2021-39004 RESERVED CVE-2021-39003 RESERVED CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2021-39001 RESERVED CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...) NOT-FOR-US: IBM CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...) NOT-FOR-US: IBM CVE-2021-38998 RESERVED CVE-2021-38997 (IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1 ...) NOT-FOR-US: IBM CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38993 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38992 RESERVED CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) NOT-FOR-US: IBM CVE-2021-38989 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38988 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) NOT-FOR-US: IBM CVE-2021-38987 RESERVED CVE-2021-38986 (IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after ...) NOT-FOR-US: IBM CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) NOT-FOR-US: IBM CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) NOT-FOR-US: IBM CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) NOT-FOR-US: IBM CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...) NOT-FOR-US: IBM CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) NOT-FOR-US: IBM CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...) NOT-FOR-US: IBM CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...) NOT-FOR-US: IBM CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) NOT-FOR-US: IBM CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...) NOT-FOR-US: IBM CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...) NOT-FOR-US: IBM CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) NOT-FOR-US: IBM CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) NOT-FOR-US: IBM CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) NOT-FOR-US: IBM CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) NOT-FOR-US: IBM CVE-2021-38971 (IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7 ...) NOT-FOR-US: IBM CVE-2021-38970 RESERVED CVE-2021-38969 (IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to a ...) NOT-FOR-US: IBM CVE-2021-38968 RESERVED CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...) NOT-FOR-US: IBM CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...) NOT-FOR-US: IBM CVE-2021-38964 RESERVED CVE-2021-38963 RESERVED CVE-2021-38962 RESERVED CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...) NOT-FOR-US: IBM CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...) NOT-FOR-US: IBM CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) NOT-FOR-US: IBM CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) NOT-FOR-US: IBM CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) NOT-FOR-US: IBM CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) NOT-FOR-US: IBM CVE-2021-38955 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elev ...) NOT-FOR-US: IBM CVE-2021-38954 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) NOT-FOR-US: IBM CVE-2021-38953 RESERVED CVE-2021-38952 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...) NOT-FOR-US: IBM CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...) NOT-FOR-US: IBM CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...) NOT-FOR-US: IBM CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) NOT-FOR-US: IBM CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2021-38945 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote a ...) NOT-FOR-US: IBM CVE-2021-38944 (IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0. ...) NOT-FOR-US: IBM CVE-2021-38943 RESERVED CVE-2021-38942 RESERVED CVE-2021-38941 (IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few container ...) NOT-FOR-US: IBM CVE-2021-38940 RESERVED CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...) NOT-FOR-US: IBM CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and ...) NOT-FOR-US: IBM CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) NOT-FOR-US: IBM CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...) NOT-FOR-US: IBM CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...) NOT-FOR-US: IBM CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to ...) NOT-FOR-US: IBM CVE-2021-38933 (IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cry ...) NOT-FOR-US: IBM CVE-2021-38932 RESERVED CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2021-38930 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...) NOT-FOR-US: IBM CVE-2021-38929 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...) NOT-FOR-US: IBM CVE-2021-38928 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 u ...) NOT-FOR-US: IBM CVE-2021-38927 (IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This v ...) NOT-FOR-US: IBM CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...) NOT-FOR-US: IBM CVE-2021-38924 (IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote a ...) NOT-FOR-US: IBM CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...) NOT-FOR-US: IBM CVE-2021-38922 RESERVED CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...) NOT-FOR-US: IBM CVE-2021-38920 RESERVED CVE-2021-38919 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authoriz ...) NOT-FOR-US: IBM CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...) NOT-FOR-US: IBM CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...) NOT-FOR-US: IBM CVE-2021-38916 RESERVED CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...) NOT-FOR-US: IBM CVE-2021-38914 RESERVED CVE-2021-38913 RESERVED CVE-2021-38912 RESERVED CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...) NOT-FOR-US: IBM CVE-2021-38910 (IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote ...) NOT-FOR-US: IBM CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2021-38908 RESERVED CVE-2021-38907 RESERVED CVE-2021-38906 RESERVED CVE-2021-38905 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authent ...) NOT-FOR-US: IBM CVE-2021-38904 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote a ...) NOT-FOR-US: IBM CVE-2021-38903 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2021-38902 RESERVED CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...) NOT-FOR-US: IBM CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) NOT-FOR-US: IBM CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...) NOT-FOR-US: IBM CVE-2021-38898 RESERVED CVE-2021-38897 RESERVED CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...) NOT-FOR-US: IBM CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) NOT-FOR-US: IBM CVE-2021-38892 REJECTED CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...) NOT-FOR-US: IBM CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...) NOT-FOR-US: IBM CVE-2021-38889 RESERVED CVE-2021-38888 RESERVED CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2021-38886 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2021-38885 RESERVED CVE-2021-38884 RESERVED CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...) NOT-FOR-US: IBM CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...) NOT-FOR-US: IBM CVE-2021-38881 RESERVED CVE-2021-38880 RESERVED CVE-2021-38879 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...) NOT-FOR-US: IBM CVE-2021-38878 (IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to imperson ...) NOT-FOR-US: IBM CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) NOT-FOR-US: IBM CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...) NOT-FOR-US: IBM CVE-2021-38874 (IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access informati ...) NOT-FOR-US: IBM CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...) NOT-FOR-US: IBM CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, a ...) NOT-FOR-US: IBM CVE-2021-38871 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) NOT-FOR-US: IBM CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) NOT-FOR-US: IBM CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatic ...) NOT-FOR-US: IBM CVE-2021-38868 (IBM Engineering Requirements Quality Assistant On-Premises (All versio ...) NOT-FOR-US: IBM CVE-2021-38867 RESERVED CVE-2021-38866 RESERVED CVE-2021-38865 RESERVED CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) NOT-FOR-US: IBM CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) NOT-FOR-US: IBM CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2021-38861 RESERVED CVE-2021-38860 RESERVED CVE-2021-38859 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...) NOT-FOR-US: IBM CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...) {DSA-4963-1 DLA-2774-1 DLA-2766-1} - openssl 1.1.1l-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20210824.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l) CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...) {DSA-4963-1} - openssl 1.1.1l-1 [stretch] - openssl (support for SM2 decryption added in 1.1.1-pre3) - openssl1.0 (Vulnerability does not affect 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20210824.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l) CVE-2021-38858 RESERVED CVE-2021-38857 RESERVED CVE-2021-38856 RESERVED CVE-2021-38855 RESERVED CVE-2021-38854 RESERVED CVE-2021-38853 RESERVED CVE-2021-38852 RESERVED CVE-2021-38851 RESERVED CVE-2021-38850 RESERVED CVE-2021-38849 RESERVED CVE-2021-38848 RESERVED CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...) NOT-FOR-US: S-Cart CVE-2021-38846 RESERVED CVE-2021-38845 RESERVED CVE-2021-38844 RESERVED CVE-2021-38843 RESERVED CVE-2021-38842 RESERVED CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...) NOT-FOR-US: Simple Water Refilling Station Management System CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...) NOT-FOR-US: Simple Water Refilling Station Management System CVE-2021-38839 RESERVED CVE-2021-38838 RESERVED CVE-2021-38837 RESERVED CVE-2021-38836 RESERVED CVE-2021-38835 RESERVED CVE-2021-38834 (easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sand ...) NOT-FOR-US: easy-mock CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...) NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS) CVE-2021-38832 RESERVED CVE-2021-38831 RESERVED CVE-2021-38830 RESERVED CVE-2021-38829 RESERVED CVE-2021-38828 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) NOT-FOR-US: Xiongmai CVE-2021-38827 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) NOT-FOR-US: Xiongmai CVE-2021-38826 RESERVED CVE-2021-38825 RESERVED CVE-2021-38824 RESERVED CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...) NOT-FOR-US: IceHrm CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...) NOT-FOR-US: IceHrm CVE-2021-38821 RESERVED CVE-2021-38820 RESERVED CVE-2021-38819 (A SQL injection vulnerability exits on the Simple Image Gallery System ...) NOT-FOR-US: Simple Image Gallery System CVE-2021-38818 RESERVED CVE-2021-38817 RESERVED CVE-2021-38816 RESERVED CVE-2021-38815 RESERVED CVE-2021-38814 RESERVED CVE-2021-38813 RESERVED CVE-2021-38812 RESERVED CVE-2021-38811 RESERVED CVE-2021-38810 RESERVED CVE-2021-38809 RESERVED CVE-2021-38808 RESERVED CVE-2021-38807 RESERVED CVE-2021-38806 RESERVED CVE-2021-38805 RESERVED CVE-2021-38804 RESERVED CVE-2021-38803 RESERVED CVE-2021-38802 RESERVED CVE-2021-38801 RESERVED CVE-2021-38800 RESERVED CVE-2021-38799 RESERVED CVE-2021-38798 RESERVED CVE-2021-38797 RESERVED CVE-2021-38796 RESERVED CVE-2021-38795 RESERVED CVE-2021-38794 RESERVED CVE-2021-38793 RESERVED CVE-2021-38792 RESERVED CVE-2021-38791 RESERVED CVE-2021-38790 RESERVED CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) NOT-FOR-US: Allwinner Android Q SDK CVE-2021-38782 RESERVED CVE-2021-38781 RESERVED CVE-2021-38780 RESERVED CVE-2021-38779 RESERVED CVE-2021-38778 RESERVED CVE-2021-38777 RESERVED CVE-2021-38776 RESERVED CVE-2021-38775 RESERVED CVE-2021-38774 RESERVED CVE-2021-38773 RESERVED CVE-2021-38772 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) NOT-FOR-US: Tenda CVE-2021-38771 RESERVED CVE-2021-38770 RESERVED CVE-2021-38769 RESERVED CVE-2021-38768 RESERVED CVE-2021-38767 RESERVED CVE-2021-38766 RESERVED CVE-2021-38765 RESERVED CVE-2021-38764 RESERVED CVE-2021-38763 RESERVED CVE-2021-38762 RESERVED CVE-2021-38761 RESERVED CVE-2021-38760 RESERVED CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...) NOT-FOR-US: Raspberry Pi OS CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) NOT-FOR-US: Directory traversal in Online Catering Reservation System CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) NOT-FOR-US: Hospital Management System CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) NOT-FOR-US: Hospital Management System CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...) NOT-FOR-US: Hospital Management System CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...) NOT-FOR-US: Hospital Management System CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...) NOT-FOR-US: Simple Image Gallery Web App CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...) NOT-FOR-US: Online Catering Reservation System CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...) NOT-FOR-US: ExponentCMS CVE-2021-38750 RESERVED CVE-2021-38749 RESERVED CVE-2021-38748 RESERVED CVE-2021-38747 RESERVED CVE-2021-38746 RESERVED CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...) NOT-FOR-US: Chamilo LMS CVE-2021-38744 RESERVED CVE-2021-38743 RESERVED CVE-2021-38742 RESERVED CVE-2021-38741 RESERVED CVE-2021-38740 RESERVED CVE-2021-38739 RESERVED CVE-2021-38738 RESERVED CVE-2021-38737 (SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.) NOT-FOR-US: SEMCMS CVE-2021-38736 (SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.) NOT-FOR-US: SEMCMS CVE-2021-38735 RESERVED CVE-2021-38734 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.) NOT-FOR-US: SEMCMS CVE-2021-38733 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.) NOT-FOR-US: SEMCMS CVE-2021-38732 (SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.) NOT-FOR-US: SEMCMS CVE-2021-38731 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.) NOT-FOR-US: SEMCMS CVE-2021-38730 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.) NOT-FOR-US: SEMCMS CVE-2021-38729 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.) NOT-FOR-US: SEMCMS CVE-2021-38728 (SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_ ...) NOT-FOR-US: SEMCMS CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) NOT-FOR-US: FUEL CMS CVE-2021-38726 RESERVED CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...) NOT-FOR-US: FUEL CMS CVE-2021-38724 RESERVED CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) NOT-FOR-US: FUEL CMS CVE-2021-38722 RESERVED CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...) NOT-FOR-US: FUEL CMS CVE-2021-38720 RESERVED CVE-2021-38719 RESERVED CVE-2021-38718 RESERVED CVE-2021-38717 RESERVED CVE-2021-38716 RESERVED CVE-2021-38715 RESERVED CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...) {DLA-2775-1} - plib 1.8.5-10 (bug #992973) [bullseye] - plib 1.8.5-8+deb11u1 [buster] - plib 1.8.5-8+deb10u1 NOTE: https://sourceforge.net/p/plib/bugs/55/ CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.) NOT-FOR-US: imgURL CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...) NOT-FOR-US: OneNav CVE-2021-38710 (Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas ...) NOT-FOR-US: Yclas CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) NOT-FOR-US: ocProducts Composr CMS CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) NOT-FOR-US: ocProducts Composr CMS CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...) NOT-FOR-US: Apport CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...) NOT-FOR-US: Apport CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...) - gitit 0.15.1.0+dfsg-1 (bug #992297) [bullseye] - gitit (Minor issue) [buster] - gitit (Minor issue) [stretch] - gitit (Minor issue) NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8 CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...) NOT-FOR-US: ClinicCases CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...) NOT-FOR-US: ClinicCases CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...) NOT-FOR-US: ClinicCases CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...) NOT-FOR-US: ClinicCases CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...) NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) NOT-FOR-US: D-Link CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) NOT-FOR-US: D-Link CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...) NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...) NOT-FOR-US: Motorola Solutions Avigilon devices CVE-2021-38700 RESERVED CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...) NOT-FOR-US: TastyIgniter CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) - consul 1.8.7+dfsg1-6 (bug #1015218) [bullseye] - consul (Minor issue) [buster] - consul (Vulnerable code not present) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) NOT-FOR-US: SoftVibe SARABAN for INFOMA CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) NOT-FOR-US: SoftVibe SARABAN for INFOMA CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) NOT-FOR-US: SoftVibe SARABAN for INFOMA CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.) NOT-FOR-US: SoftVibe SARABAN for INFOMA CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...) NOT-FOR-US: UCWeb UC CVE-2021-38693 (A path traversal vulnerability has been reported to affect QNAP device ...) NOT-FOR-US: QNAP CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) NOT-FOR-US: QNAP CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38683 RESERVED CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...) NOT-FOR-US: QNAP CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...) NOT-FOR-US: QNAP CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-38676 RESERVED CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag) NOT-FOR-US: adminlte CVE-2021-38673 RESERVED CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38670 RESERVED CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38668 RESERVED CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38665 (Remote Desktop Protocol Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38664 RESERVED CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38659 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38650 (Microsoft Office Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38643 RESERVED CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38640 RESERVED CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...) NOT-FOR-US: Microsoft CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) NOT-FOR-US: Microsoft CVE-2021-38627 RESERVED CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 CVE-2021-38622 RESERVED CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) NOT-FOR-US: Agora Flat Server CVE-2021-38620 RESERVED CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) NOT-FOR-US: openBaraza HCM CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...) NOT-FOR-US: GFOS Workforce Management CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...) NOT-FOR-US: Eigen CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...) NOT-FOR-US: Eigen CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) NOT-FOR-US: Eigen CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...) NOT-FOR-US: HP CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...) NOT-FOR-US: HP CVE-2021-38614 (Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer ...) - polipo [buster] - polipo (Minor issue) [stretch] - polipo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2 CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...) NOT-FOR-US: NASCENT RemKon Device Manager CVE-2021-38610 RESERVED CVE-2021-38609 RESERVED CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...) NOT-FOR-US: Tranquil WAPT Enterprise CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...) NOT-FOR-US: Crocoblock JetEngine CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name.) NOT-FOR-US: reNgine CVE-2021-38605 RESERVED CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...) - glibc (Vulnerability introduced as side effect of the CVE-2021-33574 fix) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...) - pluxml (bug #1008264) [buster] - pluxml (Minor issue) [stretch] - pluxml (Minor issue) CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...) - pluxml (bug #1008264) [buster] - pluxml (Minor issue) [stretch] - pluxml (Minor issue) CVE-2021-38601 RESERVED CVE-2021-38600 RESERVED CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...) NOT-FOR-US: WAL-G CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...) - neutron 2:18.1.0-2 [bullseye] - neutron 2:17.2.1-0+deb11u1 [buster] - neutron (Minor issue, not backported to rocky branch) [stretch] - neutron (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4 NOTE: https://launchpad.net/bugs/1938670 NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/ CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) - wolfssl 5.0.0-1 (bug #992174) [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 CVE-2021-38596 RESERVED CVE-2021-38595 RESERVED CVE-2021-38594 RESERVED CVE-2021-38593 (Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write ...) - qtbase-opensource-src (Vulnerable code introduced later) - qtbase-opensource-src-gles (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1) NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2) NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev) NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0) CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...) NOT-FOR-US: Wasm3 CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...) NOT-FOR-US: LG mobile devices CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...) NOT-FOR-US: cPanel CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...) NOT-FOR-US: cPanel CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...) NOT-FOR-US: cPanel CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...) NOT-FOR-US: cPanel CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...) NOT-FOR-US: cPanel CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...) NOT-FOR-US: cPanel CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...) NOT-FOR-US: cPanel CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) NOT-FOR-US: openBaraza HCM CVE-2021-38582 RESERVED CVE-2021-38581 RESERVED CVE-2021-38580 RESERVED CVE-2021-38579 RESERVED CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...) - edk2 2022.11-1 (bug #1014468) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387 NOTE: https://edk2.groups.io/g/devel/message/90516 NOTE: https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 CVE-2021-38577 REJECTED CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...) - edk2 (bug #1014468) [bookworm] - edk2 (Minor issue) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private) CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.) - edk2 2021.08-1 [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 NOTE: https://edk2.groups.io/g/devel/message/76198 NOTE: https://github.com/tianocore/edk2/pull/1698 CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) NOT-FOR-US: Foxit Reader CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...) NOT-FOR-US: Foxit CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) NOT-FOR-US: Foxit CVE-2021-3703 (It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-3319 ...) NOT-FOR-US: Red Hat Serverless CVE-2021-3702 (A race condition flaw was found in ansible-runner, where an attacker c ...) - ansible-runner (Vulnerable code introduced later) NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4 NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253 CVE-2021-3701 (A flaw was found in ansible-runner where the default temporary files c ...) - ansible-runner 2.1.1-1 NOTE: https://github.com/ansible/ansible-runner/issues/738 NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions prior ...) {DLA-2958-1} - usbredir 0.11.0-1 [bullseye] - usbredir (Minor issue) [buster] - usbredir (Minor issue) NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0) CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...) {DLA-3057-1} - request-tracker5 5.0.3+dfsg-1 (bug #995167) - request-tracker4 4.4.4+dfsg-3 (bug #995175) [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 [buster] - request-tracker4 4.4.3-2+deb10u1 NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2) NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5) NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) CVE-2021-38561 (golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic ...) - golang-golang-x-text 0.3.7-1 [bullseye] - golang-golang-x-text (Minor issue) - golang-x-text [buster] - golang-x-text (Limited support, minor issue, follow bullseye DSAs/point-releases) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495 CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...) NOT-FOR-US: Ivanti CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...) - hoteldruid 3.0.3-1 [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) CVE-2021-38558 RESERVED CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...) NOT-FOR-US: RaspAP CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...) NOT-FOR-US: RaspAP CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...) NOT-FOR-US: Apache Any23 CVE-2021-38554 (HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and ...) NOT-FOR-US: HashiCorp Vault CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...) NOT-FOR-US: HashiCorp Vault CVE-2021-38552 RESERVED CVE-2021-38551 RESERVED CVE-2021-38550 RESERVED CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...) NOT-FOR-US: MIRACASE MHUB500 USB splitters CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...) NOT-FOR-US: JBL Go 2 devices CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...) NOT-FOR-US: Logitech CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...) NOT-FOR-US: CREATIVE Pebble devices CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...) NOT-FOR-US: Raspberry Pi hardware CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...) NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...) NOT-FOR-US: TP-Link CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...) NOT-FOR-US: Apache James CVE-2021-38541 RESERVED CVE-2021-3699 RESERVED CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...) - optee-os (Fixed before initial upload) NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-pgwr-qmgh-vhmf NOTE: https://github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6 (3.7.0-rc1) CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) - rust-tar 0.4.37-1 (bug #992173) [bullseye] - rust-tar (Minor issue) [buster] - rust-tar (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html NOTE: https://github.com/alexcrichton/tar-rs/issues/238 CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...) - airflow (bug #819700) CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) NOT-FOR-US: Netgear CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...) NOT-FOR-US: Netgear CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...) NOT-FOR-US: Netgear CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...) NOT-FOR-US: Rust crate actix-http CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...) - firefox (Only affects Mac OSX) - firefox-esr (Only affects Mac OSX) - thunderbird (Only affects Mac OSX) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506 CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...) {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503 CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) {DSA-5034-1 DLA-2874-1} [experimental] - thunderbird 1:91.2.0-1 - thunderbird 1:91.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 - thunderbird 1:91.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500 CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...) - firefox 93.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499 CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...) - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498 CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...) - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 - thunderbird 1:91.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496 CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...) - thunderbird (Vulnerable code introduced later) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495 CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...) - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494 CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...) {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1} - firefox 92.0-1 - firefox-esr 78.14.0esr-1 - thunderbird 1:78.14.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493 CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492 CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...) - firefox 92.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491 CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...) NOT-FOR-US: Altova MobileTogether Server CVE-2021-38489 RESERVED CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38487 (RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1. ...) NOT-FOR-US: RTI Connext DDS CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...) NOT-FOR-US: Emerson CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38483 (The affected product is vulnerable to misconfigured binaries, allowing ...) NOT-FOR-US: ROBOGUIDE CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...) NOT-FOR-US: AUVESY CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...) NOT-FOR-US: AUVESY CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...) NOT-FOR-US: AUVESY CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38475 (The database connection to the server is performed by calling a specif ...) NOT-FOR-US: AUVESY CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38473 (The affected product\u2019s code base doesn\u2019t properly control ar ...) NOT-FOR-US: AUVESY CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...) NOT-FOR-US: AUVESY CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38469 (Many of the services used by the affected product do not specify full ...) NOT-FOR-US: AUVESY CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...) NOT-FOR-US: AUVESY CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...) NOT-FOR-US: AUVESY CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38463 (The affected product does not properly control the allocation of resou ...) NOT-FOR-US: AUVESY CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) NOT-FOR-US: InHand Networks IR615 Router CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...) NOT-FOR-US: AUVESY CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...) NOT-FOR-US: AUVESY CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38457 (The server permits communication without any authentication procedure, ...) NOT-FOR-US: AUVESY CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...) NOT-FOR-US: Moxa CVE-2021-38455 (The affected product\u2019s OS Service does not verify any given param ...) NOT-FOR-US: AUVESY CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...) NOT-FOR-US: AUVESY CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...) NOT-FOR-US: Moxa CVE-2021-38451 (The affected product\u2019s proprietary protocol CSC allows for callin ...) NOT-FOR-US: AUVESY CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...) NOT-FOR-US: Trane CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...) NOT-FOR-US: AUVESY CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...) NOT-FOR-US: Trane CVE-2021-38447 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...) NOT-FOR-US: OpenDDS CVE-2021-38446 RESERVED CVE-2021-38445 (OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter ...) NOT-FOR-US: OpenDDS CVE-2021-38444 RESERVED CVE-2021-38443 (Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...) - cyclonedds 0.8.1-2 [bullseye] - cyclonedds (Minor issue) NOTE: No mention of CVE upstream NOTE: https://projects.eclipse.org/projects/iot.cyclonedds NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) NOT-FOR-US: FATEK Automation CVE-2021-38441 (Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...) - cyclonedds 0.8.1-2 [bullseye] - cyclonedds (Minor issue) NOTE: No mention of CVE upstream NOTE: https://projects.eclipse.org/projects/iot.cyclonedds NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...) NOT-FOR-US: FATEK Automation CVE-2021-38439 (All versions of GurumDDS are vulnerable to heap-based buffer overflow, ...) NOT-FOR-US: GurumNetworks CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...) NOT-FOR-US: FATEK Automation CVE-2021-38437 RESERVED CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) NOT-FOR-US: FATEK Automation CVE-2021-38435 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...) NOT-FOR-US: RTI Connext DDS CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) NOT-FOR-US: FATEK Automation CVE-2021-38433 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...) NOT-FOR-US: RTI Connext DDS CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) NOT-FOR-US: FATEK Automation Communication Server CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) NOT-FOR-US: Advantech CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...) NOT-FOR-US: FATEK Automation CVE-2021-38429 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...) NOT-FOR-US: OpenDDS CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38427 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to ...) NOT-FOR-US: RTI Connext DDS CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) NOT-FOR-US: FATEK Automation CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to e ...) - fastdds 2.6.1+ds-1 [bullseye] - fastdds 2.1.0+ds-9+deb11u1 NOTE: https://github.com/eProsima/Fast-DDS/issues/2267 NOTE: https://github.com/eProsima/Fast-DDS/pull/2269 NOTE: https://github.com/eProsima/Fast-DDS/commit/01550cfa1b8313c4cb39529960b41f95e4820312 (v2.6.1) NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38423 (All versions of GurumDDS improperly calculate the size to be used when ...) NOT-FOR-US: GurumNetworks CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38417 (VISAM VBASE version 11.6.0.6 is vulnerable to improper access control ...) NOT-FOR-US: VISAM CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38414 RESERVED CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) NOT-FOR-US: Digi PortServer TS CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38410 (AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4 ...) NOT-FOR-US: AVEVA CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...) NOT-FOR-US: Advantech WebAccess CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38405 (The Datalogics APDFL library used in affected products is vulnerable t ...) NOT-FOR-US: Siemens CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DIALink CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) NOT-FOR-US: Delta Electronic CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) NOT-FOR-US: Fuji Electric CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...) NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120 CVE-2021-38399 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...) NOT-FOR-US: Boston Scientific CVE-2021-38397 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...) NOT-FOR-US: Boston Scientific CVE-2021-38395 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...) NOT-FOR-US: Boston Scientific CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...) NOT-FOR-US: Boston Scientific CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...) NOT-FOR-US: Delta Electronics CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...) NOT-FOR-US: Advantech WebAccess CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...) NOT-FOR-US: Central Dogma CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...) NOT-FOR-US: Contiki CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...) NOT-FOR-US: Contiki CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...) {DSA-4961-1} - tor 0.4.5.10-1 [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2062 NOTE: https://bugs.torproject.org/tpo/core/tor/40078 CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...) NOT-FOR-US: Serverless Offline CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...) NOT-FOR-US: OwnTone CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...) NOT-FOR-US: CFEngine Enterprise CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...) NOT-FOR-US: OX App Suite CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...) NOT-FOR-US: OX App Suite CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...) NOT-FOR-US: OX App Suite CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...) NOT-FOR-US: OX App Suite CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...) NOT-FOR-US: OX App Suite CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...) - ksmtp 21.12.3-2 [bullseye] - ksmtp (Minor issue; Upstream changes change API) [buster] - ksmtp (Minor issue; Upstream changes change API) NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 NOTE: https://nostarttls.secvuln.info NOTE: https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 NOTE: https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...) - trojita (bug #795701) CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) - exim4 4.95~RC2-1 (bug #992172) [bullseye] - exim4 (Minor issue) [buster] - exim4 (Minor issue) [stretch] - exim4 (Minor issue, revisit when fixed upstream) NOTE: https://nostarttls.secvuln.info NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt CVE-2021-38370 (In Alpine before 2.25, untagged responses from an IMAP server are acce ...) - alpine 2.25+dfsg1-1 (bug #992171) [bullseye] - alpine (Minor issue) [buster] - alpine (Minor issue) [stretch] - alpine (Minor issue, revisit when/if fixed upstream) NOTE: https://nostarttls.secvuln.info NOTE: https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011 (v2.25) CVE-2021-38369 RESERVED CVE-2021-38368 RESERVED CVE-2021-38367 RESERVED CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...) NOT-FOR-US: Sitecore CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...) NOT-FOR-US: Winner (aka ToneWinner) desktop speakers CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way it han ...) - cockpit 260-1 [bullseye] - cockpit (Minor issue) [buster] - cockpit (Vulnerable code not present, introduced in 208) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149 NOTE: Needs sssd 2.6.1 NOTE: https://cockpit-project.org/blog/cockpit-260.html CVE-2021-3697 (A crafted JPEG image may lead the JPEG reader to underflow its data po ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-3696 (A heap out-of-bounds write may heppen during the handling of Huffman t ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-3695 (A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ...) - grub2 2.06-3 [bullseye] - grub2 2.06-3~deb11u1 [buster] - grub2 2.06-3~deb10u1 [stretch] - grub2 (No SecureBoot support in stretch) [jessie] - grub2 (No SecureBoot support in jessie) NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) - opensysusers 0.6-3 (bug #992058) [bullseye] - opensysusers (Minor issue; if fixed upstream address via point release) CVE-2021-38364 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2021-38363 (An issue was discovered in ONOS 2.5.1. In IntentManager, the install-r ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2021-38362 (In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker ...) NOT-FOR-US: RSA Archer CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...) NOT-FOR-US: WordPress plugin CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugi ...) NOT-FOR-US: WordPress plugin CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...) NOT-FOR-US: WordPress plugin CVE-2021-38352 (The Feedify \u2013 Web Push Notifications WordPress plugin is vulnerab ...) NOT-FOR-US: WordPress plugin CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...) NOT-FOR-US: WordPress plugin CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenti ...) NOT-FOR-US: WordPress plugin CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrec ...) NOT-FOR-US: WordPress plugin CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable t ...) NOT-FOR-US: WordPress plugin CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open ...) NOT-FOR-US: WordPress plugin CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...) NOT-FOR-US: WordPress plugin CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...) NOT-FOR-US: WordPress plugin CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...) NOT-FOR-US: WordPress plugin CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...) NOT-FOR-US: WordPress plugin CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...) NOT-FOR-US: WordPress plugin CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable to at ...) NOT-FOR-US: WordPress plugin CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for ...) NOT-FOR-US: Gutenberg Template Library CVE-2021-38313 RESERVED CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for ...) NOT-FOR-US: Gutenberg Template Library CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...) NOT-FOR-US: Contiki CVE-2021-38310 RESERVED CVE-2021-38309 RESERVED CVE-2021-38308 RESERVED CVE-2021-38307 RESERVED CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...) NOT-FOR-US: LG CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) NOT-FOR-US: 23andMe Yamale CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) NOT-FOR-US: National Instruments NI-PAL driver CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...) NOT-FOR-US: Sureline SUREedge Migrator CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.) NOT-FOR-US: Newsletter extension for TYPO3 CVE-2021-38301 RESERVED CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [stretch] - linux (mips not supported in LTS) NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5 NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/ CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...) NOT-FOR-US: FIDO2/Webauthn Support for PHP CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...) {DLA-3395-1} - golang-1.17 1.17.2-1 - golang-1.16 1.16.9-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 - golang-1.11 - golang-1.8 (Vulnerable code not present) - golang-1.7 (Vulnerable code not present) NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4 NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A NOTE: https://github.com/golang/go/issues/48797 CVE-2021-38296 (Apache Spark supports end-to-end encryption of RPC connections via "sp ...) - apache-spark (bug #802194) CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...) - couchdb CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...) {DSA-4962-1} - ledgersmb 1.6.9+ds-2.1 (bug #992817) NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...) NOT-FOR-US: Apache Storm CVE-2021-38293 RESERVED CVE-2021-38292 RESERVED CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1 NOTE: https://trac.ffmpeg.org/ticket/9312 NOTE: Negligible security impact CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...) NOT-FOR-US: FUEL CMS CVE-2021-38289 (An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 ...) NOT-FOR-US: Novastar-VNNOX-iCare CVE-2021-38288 RESERVED CVE-2021-38287 RESERVED CVE-2021-38286 RESERVED CVE-2021-38285 RESERVED CVE-2021-38284 RESERVED CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38282 RESERVED CVE-2021-38281 RESERVED CVE-2021-38280 RESERVED CVE-2021-38279 RESERVED CVE-2021-38278 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) NOT-FOR-US: Tenda CVE-2021-38277 RESERVED CVE-2021-38276 RESERVED CVE-2021-38275 RESERVED CVE-2021-38274 RESERVED CVE-2021-38273 RESERVED CVE-2021-38272 RESERVED CVE-2021-38271 RESERVED CVE-2021-38270 RESERVED CVE-2021-38269 (Cross-site scripting (XSS) vulnerability in the Gogo Shell module in L ...) NOT-FOR-US: Liferay CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, ...) NOT-FOR-US: Liferay CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's edit bl ...) NOT-FOR-US: Liferay CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and earlier, and Li ...) NOT-FOR-US: Liferay CVE-2021-38265 (Cross-site scripting (XSS) vulnerability in the Asset module in Lifera ...) NOT-FOR-US: Liferay CVE-2021-38264 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) NOT-FOR-US: Liferay CVE-2021-38263 (Cross-site scripting (XSS) vulnerability in the Server module's script ...) NOT-FOR-US: Liferay CVE-2021-38262 RESERVED CVE-2021-38261 RESERVED CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) NOT-FOR-US: NXP MCUXpresso SDK CVE-2021-38259 RESERVED CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) NOT-FOR-US: NXP MCUXpresso SDK CVE-2021-38257 RESERVED CVE-2021-38256 RESERVED CVE-2021-38255 RESERVED CVE-2021-38254 RESERVED CVE-2021-38253 RESERVED CVE-2021-38252 RESERVED CVE-2021-38251 RESERVED CVE-2021-38250 RESERVED CVE-2021-38249 RESERVED CVE-2021-38248 RESERVED CVE-2021-38247 RESERVED CVE-2021-38246 RESERVED CVE-2021-38245 RESERVED CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...) NOT-FOR-US: cbioportal CVE-2021-38243 (xunruicms up to v4.5.1 was discovered to contain a remote code executi ...) NOT-FOR-US: xunruicms CVE-2021-38242 RESERVED CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows remote a ...) NOT-FOR-US: Ruoyi CVE-2021-38240 RESERVED CVE-2021-38239 (SQL Injection vulnerability in dataease before 1.2.0, allows attackers ...) NOT-FOR-US: DataEase CVE-2021-38238 RESERVED CVE-2021-38237 RESERVED CVE-2021-38236 RESERVED CVE-2021-38235 RESERVED CVE-2021-38234 RESERVED CVE-2021-38233 RESERVED CVE-2021-38232 RESERVED CVE-2021-38231 RESERVED CVE-2021-38230 RESERVED CVE-2021-38229 RESERVED CVE-2021-38228 RESERVED CVE-2021-38227 RESERVED CVE-2021-38226 RESERVED CVE-2021-38225 RESERVED CVE-2021-38224 RESERVED CVE-2021-38223 RESERVED CVE-2021-38222 RESERVED CVE-2021-38221 (bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.) NOT-FOR-US: bbs-go CVE-2021-38220 RESERVED CVE-2021-38219 RESERVED CVE-2021-38218 RESERVED CVE-2021-38217 (SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.) NOT-FOR-US: SEMCMS CVE-2021-38216 RESERVED CVE-2021-38215 RESERVED CVE-2021-38214 RESERVED CVE-2021-38213 RESERVED CVE-2021-38212 RESERVED CVE-2021-38211 RESERVED CVE-2021-38210 RESERVED CVE-2021-3691 REJECTED CVE-2021-3690 (A flaw was found in Undertow. A buffer leak on the incoming WebSocket ...) - undertow 2.2.10-1 NOTE: https://issues.redhat.com/browse/UNDERTOW-1935 CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...) - linux 5.10.46-1 [buster] - linux (Not applicable to any release architecture) [stretch] - linux (Not applicable to any release architecture) NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...) - linux 5.10.46-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) {DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) {DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 (unimportant) [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...) - linux 5.14.6-1 [bullseye] - linux (Vulnerability introduced later) [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6 CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) {DLA-2843-1 DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...) NOT-FOR-US: Go unarr CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...) NOT-FOR-US: Rust crate better macto CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...) NOT-FOR-US: Rust crate libsecp256k1 CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...) NOT-FOR-US: Rust crate ark-r1cs-std CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...) NOT-FOR-US: Rust crate prost-types CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...) NOT-FOR-US: Rust crate nalgebra CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...) NOT-FOR-US: Rust crate lettre CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...) NOT-FOR-US: Rust crate iced-x86 CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...) - rust-anymap (bug #992046) [bullseye] - rust-anymap (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...) NOT-FOR-US: Rust crate comrak CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...) {DLA-3445-1} - cpio 2.13+dfsg-5 (bug #992045) [bullseye] - cpio 2.13+dfsg-7.1~deb11u1 [stretch] - cpio (Minor issue) NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b NOTE: https://github.com/fangqyi/cpiopwn NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html NOTE: Regression: https://bugs.debian.org/992098 NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8 NOTE: Regression #2: https://bugs.debian.org/992192 NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 CVE-2021-38184 RESERVED CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...) NOT-FOR-US: SAP CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...) NOT-FOR-US: Kyma CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...) NOT-FOR-US: SAP CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...) NOT-FOR-US: SAP CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...) NOT-FOR-US: SAP CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...) NOT-FOR-US: SAP CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...) NOT-FOR-US: SAP CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...) NOT-FOR-US: SAP CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...) NOT-FOR-US: SAP CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...) NOT-FOR-US: SAP CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...) NOT-FOR-US: Rust crate max7301 CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust. ...) - rust-generator 0.7.1-1 (bug #992047) [bullseye] - rust-generator (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0151.html CVE-2020-36470 (An issue was discovered in the disrustor crate through 2020-12-17 for ...) NOT-FOR-US: Rust crate disrustor CVE-2020-36469 (An issue was discovered in the appendix crate through 2020-11-15 for R ...) NOT-FOR-US: Rust crate appendix CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...) - rust-generic-array 0.14.4-1 [buster] - rust-generic-array (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0146.html CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...) NOT-FOR-US: Rust crate heapless CVE-2020-36463 (An issue was discovered in the multiqueue crate through 2020-12-25 for ...) NOT-FOR-US: Rust crate multiqueue CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for Rust. T ...) NOT-FOR-US: Rust crate syncpool CVE-2020-36461 (An issue was discovered in the noise_search crate through 2020-12-10 f ...) NOT-FOR-US: Rust crate noise_search CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10 for Rust ...) NOT-FOR-US: Rust crate model CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09 for Rust. ...) NOT-FOR-US: Rust crate dces CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10 for Rust ...) NOT-FOR-US: Rust crate lexer CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for Rust. Atom ...) NOT-FOR-US: Rust crate lever CVE-2020-36456 (An issue was discovered in the toolshed crate through 2020-11-15 for R ...) NOT-FOR-US: Rust crate toolshed CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17 for Rust ...) NOT-FOR-US: Rust crate slock CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14 for Rust. ...) NOT-FOR-US: Rust crate parc CVE-2020-36453 (An issue was discovered in the scottqueue crate through 2020-11-15 for ...) NOT-FOR-US: Rust crate scottqueue CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2 for Rust ...) NOT-FOR-US: Rust crate array-tools CVE-2020-36451 (An issue was discovered in the rcu_cell crate through 2020-11-14 for R ...) NOT-FOR-US: Rust crate rcu_cell CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12 for Rust ...) NOT-FOR-US: Rust crate bunch CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ...) NOT-FOR-US: Rust crate kekbit CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24 for Rust ...) NOT-FOR-US: Rust crate cache CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for Rust. T ...) NOT-FOR-US: Rust crate v9 CVE-2020-36446 (An issue was discovered in the signal-simple crate through 2020-11-15 ...) NOT-FOR-US: Rust crate signal-simple CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24 for Rus ...) NOT-FOR-US: Rust crate convec CVE-2020-36444 (An issue was discovered in the async-coap crate through 2020-12-08 for ...) NOT-FOR-US: Rust crate async-coap CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before 0.27.1 for ...) NOT-FOR-US: Rust crate libp2p-deflate CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for Rust. beef: ...) NOT-FOR-US: Rust crate beef CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for Rust. It im ...) NOT-FOR-US: Rust crate abox CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for Rust. For ...) NOT-FOR-US: Rust crate libsbc CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before 0.3.0 for Ru ...) NOT-FOR-US: Rust crate ticketed_lock CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0 for Rust ...) NOT-FOR-US: Rust crate tiny_future CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for Rust. T ...) NOT-FOR-US: Rust crate conqueue CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for Rust. P ...) NOT-FOR-US: Rust crate unicycle CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before 0.4.1 fo ...) NOT-FOR-US: Rust crate ruspiro-singleton CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for Rust. s ...) NOT-FOR-US: Rust crate sys-info CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25 for Rus ...) NOT-FOR-US: Rust crate chunky CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25 for Rus ...) NOT-FOR-US: Rust crate alg_ds CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...) {DLA-2755-1} - btrbk 0.27.1-2 [bullseye] - btrbk 0.27.1-1.1+deb11u1 [buster] - btrbk 0.27.1-1+deb10u1 NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...) NOT-FOR-US: perM CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 CVE-2021-38170 RESERVED CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...) NOT-FOR-US: Roxy-WI CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...) NOT-FOR-US: Roxy-WI CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...) NOT-FOR-US: Roxy-WI CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...) NOT-FOR-US: SAP CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...) NOT-FOR-US: SAP CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) NOT-FOR-US: SAP CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...) {DSA-5153-1} - trafficserver 9.1.0+ds-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: Mark first 9.x version as the fixed version as workaround, the issue does NOTE: not affect the 9.x series. NOTE: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 (8.1.x) NOTE: but reverted pot 8.1.3 in https://github.com/apache/trafficserver/commit/bbbf80d75105313b51153c7fde0bf0edc8cf7783 CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) {DSA-4978-1} - linux 5.14.6-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2021-38158 RESERVED CVE-2021-38157 (LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated ...) NOT-FOR-US: LeoStream Connection Broker CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...) NOT-FOR-US: Nagios XI CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...) {DLA-3714-1} - keystone 2:19.0.0-3 (bug #992070) [bullseye] - keystone 2:18.0.0-3+deb11u1 [stretch] - keystone (Keystone not supported in stretch) NOTE: https://launchpad.net/bugs/1688137 CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...) {DSA-4953-1 DLA-2736-1} [experimental] - lynx 2.9.0dev.9-1 - lynx 2.9.0dev.6-3 (bug #991971) [bullseye] - lynx 2.9.0dev.6-3~deb11u1 NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9 NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz CVE-2021-38160 (In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, da ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...) NOT-FOR-US: Canon CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...) - kafka (bug #786460) CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...) NOT-FOR-US: SAP CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) NOT-FOR-US: Chikitsa Patient Management System CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) NOT-FOR-US: Obsidian CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) NOT-FOR-US: Form Tools CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...) NOT-FOR-US: Form Tools CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...) NOT-FOR-US: Form Tools CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...) NOT-FOR-US: Barco MirrorOp Windows Sender CVE-2021-38141 RESERVED CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...) NOT-FOR-US: set_user extension for Postgres CVE-2021-38139 RESERVED CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...) NOT-FOR-US: OneNav CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...) NOT-FOR-US: Corero SecureWatch Managed Services CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...) NOT-FOR-US: Corero SecureWatch Managed Services CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...) NOT-FOR-US: Red Hat JBoss Core Services HTTP Server CVE-2021-38135 RESERVED CVE-2021-38134 RESERVED CVE-2021-38133 RESERVED CVE-2021-38132 RESERVED CVE-2021-38131 RESERVED CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...) NOT-FOR-US: Micro Focus CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) NOT-FOR-US: Micro Focus CVE-2021-38128 RESERVED CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) NOT-FOR-US: Micro Focus CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) NOT-FOR-US: Micro Focus CVE-2021-38125 (Unauthenticated remote code execution in Micro Focus Operations Bridge ...) NOT-FOR-US: Micro Focus CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...) NOT-FOR-US: Micro Focus CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...) NOT-FOR-US: Micro Focus CVE-2021-38122 RESERVED CVE-2021-38121 RESERVED CVE-2021-38120 RESERVED CVE-2021-38119 RESERVED CVE-2021-38118 RESERVED CVE-2021-38117 RESERVED CVE-2021-38116 RESERVED CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) {DLA-3781-1} - libgd2 2.3.3-1 (bug #991912) [bullseye] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/issues/697 NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 (gd-2.3.3~1) CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) {DSA-4998-1 DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 CVE-2021-3687 RESERVED CVE-2021-3686 RESERVED CVE-2021-3685 RESERVED CVE-2021-3684 (A vulnerability was found in OpenShift Assisted Installer. During gene ...) NOT-FOR-US: OpenShift CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) NOT-FOR-US: ShowDoc CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...) NOT-FOR-US: Amazon AWS client for Windows CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) NOT-FOR-US: DEF CON 27 badge CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) NOT-FOR-US: Corel WordPerfect CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...) NOT-FOR-US: Corel DrawStandard CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) NOT-FOR-US: Corel WordPerfect CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...) NOT-FOR-US: Corel DrawStandard CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) NOT-FOR-US: Corel Presentations CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) NOT-FOR-US: Corel PhotoPaint Standard CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...) NOT-FOR-US: Corel PDF Fusion CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...) NOT-FOR-US: Planview Spigit CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 NOTE: Negligible security impact CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2021-38089 REJECTED CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...) {DSA-4980-1 DLA-3099-1 DLA-2753-1} - qemu 1:6.0+dfsg-3 (bug #991911) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491 NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2) CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...) NOT-FOR-US: Acronis Cyber Protect CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...) NOT-FOR-US: Canon CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...) - courier (bug #989375) [bookworm] - courier (Minor issue) [bullseye] - courier (Minor issue) [buster] - courier (Minor issue) [stretch] - courier (Minor issue, include in next update) NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/ NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5) CVE-2021-38083 RESERVED CVE-2021-38082 RESERVED CVE-2021-38081 RESERVED CVE-2021-38080 RESERVED CVE-2021-38079 RESERVED CVE-2021-38078 RESERVED CVE-2021-38077 RESERVED CVE-2021-38076 RESERVED CVE-2021-38075 RESERVED CVE-2021-38074 RESERVED CVE-2021-38073 RESERVED CVE-2021-38072 RESERVED CVE-2021-38071 RESERVED CVE-2021-38070 RESERVED CVE-2021-38069 RESERVED CVE-2021-38068 RESERVED CVE-2021-38067 RESERVED CVE-2021-38066 RESERVED CVE-2021-38065 RESERVED CVE-2021-38064 RESERVED CVE-2021-38063 RESERVED CVE-2021-38062 RESERVED CVE-2021-38061 RESERVED CVE-2021-38060 RESERVED CVE-2021-38059 RESERVED CVE-2021-38058 RESERVED CVE-2021-38057 RESERVED CVE-2021-38056 RESERVED CVE-2021-38055 RESERVED CVE-2021-38054 RESERVED CVE-2021-38053 RESERVED CVE-2021-38052 RESERVED CVE-2021-38051 RESERVED CVE-2021-38050 RESERVED CVE-2021-38049 RESERVED CVE-2021-38048 RESERVED CVE-2021-38047 RESERVED CVE-2021-38046 RESERVED CVE-2021-38045 RESERVED CVE-2021-38044 RESERVED CVE-2021-38043 RESERVED CVE-2021-38042 RESERVED CVE-2021-38041 RESERVED CVE-2021-38040 RESERVED CVE-2021-38039 RESERVED CVE-2021-38038 RESERVED CVE-2021-38037 RESERVED CVE-2021-38036 RESERVED CVE-2021-38035 RESERVED CVE-2021-38034 RESERVED CVE-2021-38033 RESERVED CVE-2021-38032 RESERVED CVE-2021-38031 RESERVED CVE-2021-38030 RESERVED CVE-2021-38029 RESERVED CVE-2021-38028 RESERVED CVE-2021-38027 RESERVED CVE-2021-38026 RESERVED CVE-2021-38025 RESERVED CVE-2021-38024 RESERVED CVE-2021-38023 RESERVED CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37960 REJECTED CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...) {DSA-5046-1} - chromium 97.0.4692.71-0.1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-37955 RESERVED CVE-2021-37954 RESERVED CVE-2021-37953 RESERVED CVE-2021-37952 RESERVED CVE-2021-37951 RESERVED CVE-2021-37950 RESERVED CVE-2021-37949 RESERVED CVE-2021-37948 RESERVED CVE-2021-37947 RESERVED CVE-2021-37946 RESERVED CVE-2021-37945 RESERVED CVE-2021-37944 RESERVED CVE-2021-37943 RESERVED CVE-2021-37942 (A local privilege escalation issue was found with the APM Java agent, ...) NOT-FOR-US: Elastic APM Java agent CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...) NOT-FOR-US: Elastic APM Java agent CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...) NOT-FOR-US: Workplace Search GHES integration CVE-2021-37939 (It was discovered that Kibana\u2019s JIRA connector & IBM Resilient co ...) NOT-FOR-US: IBM CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...) - kibana (bug #700337) CVE-2021-37937 (An issue was found with how API keys are created with the Fleet-Server ...) - elasticsearch CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...) - kibana (bug #700337) CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...) NOT-FOR-US: Huntflow Enterprise CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...) NOT-FOR-US: Huntflow Enterprise CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) NOT-FOR-US: Huntflow Enterprise CVE-2021-37932 RESERVED CVE-2021-3681 (A flaw was found in Ansible Galaxy Collections. When collections are b ...) NOT-FOR-US: Ansible Galaxy CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step) NOT-FOR-US: ShowDoc CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) NOT-FOR-US: ShowDoc CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...) NOT-FOR-US: Zoho ManageEngine ADManager Plus CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...) NOT-FOR-US: Zoho ManageEngine ADManager Plus CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37917 RESERVED CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body.) NOT-FOR-US: Joplin CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...) NOT-FOR-US: Grandstream CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...) NOT-FOR-US: Argo Workflows CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...) NOT-FOR-US: HGiga OAKlouds mobile portal CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...) NOT-FOR-US: HGiga OAKlouds mobile portal CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...) NOT-FOR-US: BenQ smart wireless conference projector CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...) NOT-FOR-US: ASUS routers CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...) NOT-FOR-US: TSSServiSignAdapter Windows CVE-2021-37908 RESERVED CVE-2021-37907 RESERVED CVE-2021-37906 RESERVED CVE-2021-37905 RESERVED CVE-2021-37904 RESERVED CVE-2021-37903 RESERVED CVE-2021-37902 RESERVED CVE-2021-37901 RESERVED CVE-2021-37900 RESERVED CVE-2021-37899 RESERVED CVE-2021-37898 RESERVED CVE-2021-37897 RESERVED CVE-2021-37896 RESERVED CVE-2021-37895 RESERVED CVE-2021-37894 RESERVED CVE-2021-37893 RESERVED CVE-2021-37892 RESERVED CVE-2021-37891 RESERVED CVE-2021-37890 RESERVED CVE-2021-37889 RESERVED CVE-2021-37888 RESERVED CVE-2021-37887 RESERVED CVE-2021-37886 RESERVED CVE-2021-37885 RESERVED CVE-2021-37884 RESERVED CVE-2021-37883 RESERVED CVE-2021-37882 RESERVED CVE-2021-37881 RESERVED CVE-2021-37880 RESERVED CVE-2021-37879 RESERVED CVE-2021-37878 RESERVED CVE-2021-37877 RESERVED CVE-2021-37876 RESERVED CVE-2021-37875 RESERVED CVE-2021-37874 RESERVED CVE-2021-37873 RESERVED CVE-2021-37872 RESERVED CVE-2021-37871 RESERVED CVE-2021-37870 RESERVED CVE-2021-37869 RESERVED CVE-2021-37868 RESERVED CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) NOT-FOR-US: Mattermost Boards plugin CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) NOT-FOR-US: Mattermost Boards plugin CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) - mattermost-server (bug #823556) NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081) CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) - mattermost-server (bug #823556) NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076) CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) - mattermost-server (bug #823556) NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075) CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) - mattermost-server (bug #823556) NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074) CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...) - mattermost-server (bug #823556) CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...) - mattermost-server (bug #823556) CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...) - mattermost-server (bug #823556) CVE-2021-37858 REJECTED CVE-2021-37857 REJECTED CVE-2021-37856 REJECTED CVE-2021-37855 REJECTED CVE-2021-37854 REJECTED CVE-2021-37853 REJECTED CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...) NOT-FOR-US: ESET CVE-2021-37851 (Local privilege escalation in Windows products of ESET allows user who ...) NOT-FOR-US: ESET CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...) NOT-FOR-US: ESET CVE-2021-37849 RESERVED CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...) NOT-FOR-US: Pengutronix Barebox CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...) NOT-FOR-US: Pengutronix Barebox CVE-2021-37846 RESERVED CVE-2021-37845 (An issue was discovered in Citadel through webcit-932. A meddler-in-th ...) - citadel [buster] - citadel (Minor issue) [stretch] - citadel (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2021-37844 RESERVED CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can read arbit ...) - postgresql-13 13.4-1 [bullseye] - postgresql-13 13.4-0+deb11u1 - postgresql-11 [buster] - postgresql-11 11.13-0+deb10u1 NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ CVE-2021-3676 REJECTED CVE-2021-3675 (Improper Input Validation vulnerability in synaTEE.signed.dll of Synap ...) NOT-FOR-US: Synaptics Fingerprint Driver CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) NOT-FOR-US: resolution SAML SSO apps for Atlassian products CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...) NOT-FOR-US: Couchbase Server CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...) NOT-FOR-US: Docker Desktop on Windows CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) NOT-FOR-US: aaPanel CVE-2021-37839 (Apache Superset up to 1.5.1 allowed for authenticated users to access ...) NOT-FOR-US: Apache Superset CVE-2021-3674 (A flaw was found in rizin. The create_section_from_phdr function alloc ...) NOT-FOR-US: rizin CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/18923 NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d CVE-2021-37838 RESERVED CVE-2021-37837 RESERVED CVE-2021-37836 RESERVED CVE-2021-37835 RESERVED CVE-2021-37834 RESERVED CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...) - hoteldruid 3.0.3-1 (bug #991910) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/dievus/CVE-2021-37833 CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...) - hoteldruid 3.0.3-1 (bug #991910) [bullseye] - hoteldruid (Minor issue) [buster] - hoteldruid (Minor issue) [stretch] - hoteldruid (Minor issue) NOTE: https://github.com/dievus/CVE-2021-37832 CVE-2021-37831 RESERVED CVE-2021-37830 RESERVED CVE-2021-37829 RESERVED CVE-2021-37828 RESERVED CVE-2021-37827 RESERVED CVE-2021-37826 RESERVED CVE-2021-37825 RESERVED CVE-2021-37824 RESERVED CVE-2021-37823 (OpenCart 3.0.3.7 allows users to obtain database information or read s ...) NOT-FOR-US: OpenCart CVE-2021-37822 RESERVED CVE-2021-37821 RESERVED CVE-2021-37820 RESERVED CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...) - pdftk-java 3.3.2-1 [bullseye] - pdftk-java (Minor issue) [buster] - pdftk-java (Minor issue) - pdftk 2.02-5 - libitext-java 2.1.7-16 (bug #1059318) [bookworm] - libitext-java (Minor issue) [bullseye] - libitext-java (Minor issue) [buster] - libitext-java (Minor issue) - libitext1-java (bug #1059319) [bookworm] - libitext1-java (Minor issue) [bullseye] - libitext1-java (Minor issue) [buster] - libitext1-java (Minor issue) - libitext5-java 5.5.13.3-4 (bug #1059320) [bookworm] - libitext5-java (Minor issue) [bullseye] - libitext5-java (Minor issue) [buster] - libitext5-java (Minor issue) NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21 NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0) NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0) NOTE: Starting with 2.02-5 src:pdftk is just a transition package towards src:pdftk-java CVE-2021-37818 RESERVED CVE-2021-37817 RESERVED CVE-2021-37816 RESERVED CVE-2021-37815 RESERVED CVE-2021-37814 RESERVED CVE-2021-37813 RESERVED CVE-2021-37812 RESERVED CVE-2021-37811 RESERVED CVE-2021-37810 RESERVED CVE-2021-37809 RESERVED CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...) NOT-FOR-US: PHPGurukul CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...) NOT-FOR-US: PHPGurukul CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...) NOT-FOR-US: PHPGurukul CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...) NOT-FOR-US: Sourcecodeste Vehicle Parking Management System CVE-2021-37804 RESERVED CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...) NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System CVE-2021-37802 RESERVED CVE-2021-37801 RESERVED CVE-2021-37800 RESERVED CVE-2021-37799 RESERVED CVE-2021-37798 RESERVED CVE-2021-37797 RESERVED CVE-2021-37796 RESERVED CVE-2021-37795 RESERVED CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...) NOT-FOR-US: FileBrowser CVE-2021-37793 RESERVED CVE-2021-37792 RESERVED CVE-2021-37791 (MyAdmin v1.0 is affected by an incorrect access control vulnerability ...) NOT-FOR-US: cdfan/my-admin CVE-2021-37790 RESERVED CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...) {DLA-3305-1} - libstb 0.0~git20210910.af1a5bc+ds-1 (bug #1023693) [bullseye] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/1178 NOTE: https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40 CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...) NOT-FOR-US: Gurock TestRail CVE-2021-37787 RESERVED CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...) NOT-FOR-US: Covid certificate app in Switzerland. CVE-2021-37785 RESERVED CVE-2021-37784 RESERVED CVE-2021-37783 RESERVED CVE-2021-37782 (Employee Record Management System v 1.2 is vulnerable to SQL Injection ...) NOT-FOR-US: Employee Record Management System CVE-2021-37781 (Employee Record Management System v 1.2 is vulnerable to Cross Site Sc ...) NOT-FOR-US: Employee Record Management System CVE-2021-37780 RESERVED CVE-2021-37779 RESERVED CVE-2021-37778 (There is a buffer overflow in gps-sdr-sim v1.0 when parsing long comma ...) NOT-FOR-US: osqzss/gps-sdr-sim CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...) NOT-FOR-US: Gila CMS CVE-2021-37776 RESERVED CVE-2021-37775 RESERVED CVE-2021-37774 (An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0. ...) NOT-FOR-US: TL-WDR7660 CVE-2021-37773 RESERVED CVE-2021-37772 RESERVED CVE-2021-37771 RESERVED CVE-2021-37770 (Nucleus CMS v3.71 is affected by a file upload vulnerability. In this ...) NOT-FOR-US: Nucleus CMS CVE-2021-37769 RESERVED CVE-2021-37768 RESERVED CVE-2021-37767 RESERVED CVE-2021-37766 RESERVED CVE-2021-37765 RESERVED CVE-2021-37764 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...) NOT-FOR-US: XOS-Shop CVE-2021-37763 RESERVED CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...) - graylog2 (bug #652273) CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...) - graylog2 (bug #652273) CVE-2021-37758 RESERVED CVE-2021-37757 RESERVED CVE-2021-37756 RESERVED CVE-2021-37755 RESERVED CVE-2021-37754 RESERVED CVE-2021-37753 RESERVED CVE-2021-37752 RESERVED CVE-2021-37751 RESERVED CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...) {DLA-2771-1} - krb5 1.18.3-7 (bug #992607) [bullseye] - krb5 1.18.3-6+deb11u1 [buster] - krb5 1.17-3+deb10u3 NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...) NOT-FOR-US: Hexagon GeoMedia WebMap CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...) NOT-FOR-US: Grandstream CVE-2021-37747 RESERVED CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...) - claws-mail 3.18.0-1 (bug #991722) [bullseye] - claws-mail (Minor issue) [buster] - claws-mail (Minor issue) [stretch] - claws-mail (Minor issue) - sylpheed (bug #991723) [bookworm] - sylpheed (Minor issue) [bullseye] - sylpheed (Minor issue) [buster] - sylpheed (Minor issue) [stretch] - sylpheed (Minor issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...) {DSA-4954-1 DLA-2738-1} - c-ares 1.17.1-1.1 (bug #992053) [bullseye] - c-ares 1.17.1-1+deb11u1 NOTE: https://c-ares.haxx.se/adv_20210810.html NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 CVE-2021-37745 RESERVED CVE-2021-37744 RESERVED CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...) NOT-FOR-US: MISP CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...) NOT-FOR-US: MISP CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...) NOT-FOR-US: ManageEngine CVE-2021-37740 (A denial of service vulnerability exists in MDT's firmware for the KNX ...) NOT-FOR-US: MDT SCN-IP100.03 CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...) NOT-FOR-US: Aruba CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) NOT-FOR-US: Aruba CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...) NOT-FOR-US: Aruba CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) NOT-FOR-US: Aruba CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...) NOT-FOR-US: Aruba CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) NOT-FOR-US: Aruba CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...) NOT-FOR-US: Aruba CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...) NOT-FOR-US: Aruba CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...) NOT-FOR-US: Aruba CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...) NOT-FOR-US: Aruba CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) NOT-FOR-US: Aruba CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...) {DSA-5287-1 DLA-3206-1} - heimdal 7.7.0+dfsg-3 (bug #996586) [stretch] - heimdal (Minor issue) - samba 2:4.13.13+dfsg-1 [bullseye] - samba 2:4.13.13+dfsg-1~deb11u1 [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) [stretch] - samba (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770 NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-h9qj-cpmq-3562 NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability. NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5 CVE-2021-3670 (MaxQueryDuration not honoured in Samba AD DC LDAP) - ldb 2:2.2.3-1 [buster] - ldb (Minor issue) [stretch] - ldb (Minor issue) - samba 2:4.16.0+dfsg-2 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) [buster] - samba (Minor issue; affects Samba as AD DC; cf DSA 5015-1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2077533 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14694 NOTE: https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81 NOTE: https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 NOTE: https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049 NOTE: ldb: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f NOTE: https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 NOTE: https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b NOTE: https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 NOTE: Fixed in ldb 2.5.0, 2.4.2 and 2.3.3 CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...) - jsoup 1.14.2-1 (bug #992590) [bullseye] - jsoup (Minor issue) [buster] - jsoup (Minor issue) [stretch] - jsoup (Minor issue) NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) - node-tar (Only affects node-tar on Windows) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) {DSA-5008-1 DLA-3237-1} - node-tar 6.1.11+~cs11.3.10-1 (bug #993981) [stretch] - node-tar (Nodejs in stretch not covered by security support) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...) NOT-FOR-US: Shopware CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230922.0~ds1-1 (bug #1014998; bug #1057379) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 NOTE: Fixed by: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 NOTE: Superseeded by: https://github.com/savoirfairelinux/pjproject/commit/4cea72a4db91c6f0a0984b82edf2f147eda289aa CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) NOT-FOR-US: PhpFastCache CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) NOT-FOR-US: Discourse CVE-2021-37702 (Pimcore is an open source data & experience management platform. Prior ...) NOT-FOR-US: Pimcore CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...) {DSA-5008-1 DLA-3237-1} - node-tar 6.1.7+~cs11.3.10-1 [stretch] - node-tar (Nodejs in stretch not covered by security support) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...) NOT-FOR-US: Node paste-markdown CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...) NOT-FOR-US: next.js CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...) {DLA-2816-1} - icinga2 2.13.1-1 [bullseye] - icinga2 (Minor issue) [buster] - icinga2 (Minor issue) NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2 NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/ NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6) NOTE: https://github.com/Icinga/icinga2/commit/bf535969ac23962b65b72ea3893c6b384e1d3218 (v2.12.6) NOTE: https://github.com/Icinga/icinga2/commit/d7133ae4298d133a088b25c9a71ffeb1f8164a8d (v2.12.6) NOTE: https://github.com/Icinga/icinga2/commit/6db8795ca4b6a853f49615279f068d4cf2b42087 (v2.12.6) NOTE: https://github.com/Icinga/icinga2/commit/b7dd909a30367a4b8389e9362f05a856bbd7b081 (v2.12.6) CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) NOT-FOR-US: tmerc-cogs CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) NOT-FOR-US: tmerc-cogs CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) {DLA-2813-1} - ckeditor 4.16.2+dfsg-1 (bug #992290) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1015217) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) [stretch] - ckeditor3 (EOL'd for stretch) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...) NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...) NOT-FOR-US: Discourse CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...) - tensorflow (bug #804612) CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...) NOT-FOR-US: Leafkit CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...) NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft) CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...) NOT-FOR-US: Nextcloud Deck CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...) NOT-FOR-US: Nextcloud Cirles CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...) NOT-FOR-US: Contao CMS CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...) NOT-FOR-US: Contao CMS CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) NOT-FOR-US: Skytable CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (relevant IPTC parsing added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq NOTE: https://github.com/Exiv2/exiv2/pull/1790 CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DLA-3265-1} - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv NOTE: https://github.com/Exiv2/exiv2/pull/1788 CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DLA-3265-1} - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg NOTE: https://github.com/Exiv2/exiv2/pull/1778 CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DLA-3265-1} - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 NOTE: https://github.com/Exiv2/exiv2/pull/1769 CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (Jp2Image::encodeJp2Header added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v NOTE: https://github.com/Exiv2/exiv2/pull/1752 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (Jp2Image::printStructure added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 NOTE: https://github.com/Exiv2/exiv2/pull/1759 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) - nextcloud-desktop (Doesn't affect Nextcloud client as shipped in Debian) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (resolveLens0x8ff added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (resolveLens0x319 added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w NOTE: https://github.com/Exiv2/exiv2/pull/1758 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) NOT-FOR-US: MOVEit Transfer CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2021-37612 RESERVED CVE-2021-37611 RESERVED CVE-2021-37610 RESERVED CVE-2021-37609 RESERVED CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...) NOT-FOR-US: Apache OFBiz CVE-2021-37607 RESERVED CVE-2021-3669 (A flaw was found in the Linux kernel. Measuring usage of the shared me ...) - linux 5.15.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...) NOT-FOR-US: Meow hash CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...) NOT-FOR-US: Microchip MiWi CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...) NOT-FOR-US: Microchip MiWi CVE-2021-37603 RESERVED CVE-2021-37602 RESERVED CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...) NOT-FOR-US: Nuance CVE-2021-3668 RESERVED CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...) {DLA-3782-1} - util-linux 2.36.1-8 (low; bug #991619) [stretch] - util-linux (Minor issue) NOTE: https://github.com/karelzak/util-linux/issues/1395 NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...) NOT-FOR-US: WordPress plugin CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...) NOT-FOR-US: WordPress plugin CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name.) NOT-FOR-US: Telegram Web K Alpha CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) - freerdp2 (Windows-specific) NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) - freerdp2 (Windows-specific) NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...) NOT-FOR-US: PEEL Shopping CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...) - suricata 1:6.0.4-1 [bullseye] - suricata (Minor issue) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public) CVE-2021-37591 RESERVED CVE-2021-37590 RESERVED CVE-2021-37589 (Virtua Cobranca before 12R allows SQL Injection on the login page.) NOT-FOR-US: Virtua Cobranca CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...) NOT-FOR-US: Charm CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...) NOT-FOR-US: Charm CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...) NOT-FOR-US: Mitel CVE-2021-37585 RESERVED CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37582 RESERVED CVE-2021-37581 RESERVED CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...) NOT-FOR-US: Apache ShenYu Admin CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...) NOT-FOR-US: Apache Dubbo CVE-2021-3667 (An improper locking issue was found in the virStoragePoolLookupByTarge ...) {DLA-3778-1} - libvirt 7.6.0-1 (bug #991594) [bullseye] - libvirt (Minor issue) [stretch] - libvirt (Introduced in 4.1) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1) NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...) NOT-FOR-US: Apache jUDDI CVE-2021-37577 RESERVED CVE-2021-37575 RESERVED CVE-2021-37574 RESERVED CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...) NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS) CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-37559 RESERVED CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...) - centreon-web (bug #913903) CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...) - centreon-web (bug #913903) CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...) - centreon-web (bug #913903) CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) NOT-FOR-US: TX9 Automatic Food Dispenser CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) NOT-FOR-US: JetBrains CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.) NOT-FOR-US: JetBrains CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.) NOT-FOR-US: JetBrains CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) NOT-FOR-US: JetBrains CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) NOT-FOR-US: JetBrains CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) NOT-FOR-US: JetBrains CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) NOT-FOR-US: JetBrains CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) NOT-FOR-US: JetBrains CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) NOT-FOR-US: JetBrains CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) NOT-FOR-US: JetBrains CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) NOT-FOR-US: JetBrains CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) NOT-FOR-US: JetBrains CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible.) NOT-FOR-US: JetBrains CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) NOT-FOR-US: JetBrains CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) NOT-FOR-US: JetBrains CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...) NOT-FOR-US: Node body-parser-xml CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (powerpc architectures not included in LTS) NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3) CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...) NOT-FOR-US: PrestaShop CVE-2021-37537 RESERVED CVE-2021-37536 RESERVED CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...) NOT-FOR-US: SAP CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...) NOT-FOR-US: MISP CVE-2021-37533 (Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host fr ...) {DSA-5307-1 DLA-3251-1} - libcommons-net-java 3.9.0-1 (bug #1025910) NOTE: https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 NOTE: https://issues.apache.org/jira/browse/NET-711 NOTE: https://github.com/apache/commons-net/commit/b0bff89f70cfea70009e22f87639816cc3993974 (commons-net-3.9.0-RC1) CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...) NOT-FOR-US: SAP CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...) NOT-FOR-US: SAP CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...) - fig2dev 1:3.2.8b-1 [bullseye] - fig2dev 1:3.2.8-3+deb11u1 [buster] - fig2dev (Vulnerable code introduced later) [stretch] - fig2dev (Vulnerable code introduced later) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/126/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/ NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/bc3beba96605f9db5a063061ea28077937959ae2/ (3.2.8) CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...) - fig2dev 1:3.2.8b-1 [bullseye] - fig2dev 1:3.2.8-3+deb11u1 [buster] - fig2dev (Vulnerable code introduced later) [stretch] - fig2dev (Vulnerable code introduced later) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/125/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/ NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/bc3beba96605f9db5a063061ea28077937959ae2/ (3.2.8) CVE-2021-37528 RESERVED CVE-2021-37527 RESERVED CVE-2021-37526 RESERVED CVE-2021-37525 RESERVED CVE-2021-37524 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows re ...) NOT-FOR-US: FusionPBX CVE-2021-37523 RESERVED CVE-2021-37522 (SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote ...) NOT-FOR-US: HKing2802 Locke-Bot CVE-2021-37521 RESERVED CVE-2021-37520 RESERVED CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...) - memcached 1.6.10+dfsg-1 [bullseye] - memcached (Minor issue) [buster] - memcached (Vulnerable code not present) NOTE: https://github.com/memcached/memcached/issues/805 NOTE: https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d (1.6.10) CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...) NOT-FOR-US: Vivium CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...) - dolibarr CVE-2021-37516 RESERVED CVE-2021-37515 RESERVED CVE-2021-37514 RESERVED CVE-2021-37513 RESERVED CVE-2021-37512 RESERVED CVE-2021-37511 RESERVED CVE-2021-37510 RESERVED CVE-2021-37509 RESERVED CVE-2021-37508 RESERVED CVE-2021-37507 RESERVED CVE-2021-37506 RESERVED CVE-2021-37505 RESERVED CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr paramete ...) NOT-FOR-US: hayageek/jquery-upload-file CVE-2021-37503 RESERVED CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remot ...) NOT-FOR-US: automad CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1 ...) - hdf5 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006 CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...) NOT-FOR-US: Reprise License Manager CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web interface thro ...) NOT-FOR-US: Reprise License Manager CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM) web inte ...) NOT-FOR-US: Reprise License Manager CVE-2021-37497 (SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote a ...) NOT-FOR-US: PbootCMS CVE-2021-37496 RESERVED CVE-2021-37495 RESERVED CVE-2021-37494 RESERVED CVE-2021-37493 RESERVED CVE-2021-37492 (An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 ...) NOT-FOR-US: Ravencoin CVE-2021-37491 (An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogec ...) - dogecoin (bug #1034806) NOTE: https://github.com/dogecoin/dogecoin/issues/2279 CVE-2021-37490 RESERVED CVE-2021-37489 RESERVED CVE-2021-37488 RESERVED CVE-2021-37487 RESERVED CVE-2021-37486 RESERVED CVE-2021-37485 RESERVED CVE-2021-37484 RESERVED CVE-2021-37483 RESERVED CVE-2021-37482 RESERVED CVE-2021-37481 RESERVED CVE-2021-37480 RESERVED CVE-2021-37479 RESERVED CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...) NOT-FOR-US: NavigateCMS CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...) NOT-FOR-US: NavigateCMS CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) NOT-FOR-US: NavigateCMS CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...) NOT-FOR-US: NavigateCMS CVE-2021-37474 RESERVED CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) NOT-FOR-US: NavigateCMS CVE-2021-37472 RESERVED CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerab ...) NOT-FOR-US: Cradlepoint CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...) NOT-FOR-US: NCH CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...) NOT-FOR-US: NCH CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...) NOT-FOR-US: NCH CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...) NOT-FOR-US: NCH CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...) NOT-FOR-US: NCH CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...) NOT-FOR-US: NCH CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...) NOT-FOR-US: NCH CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...) NOT-FOR-US: NCH CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) NOT-FOR-US: NCH CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...) NOT-FOR-US: NCH CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) NOT-FOR-US: NCH CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) NOT-FOR-US: NCH CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...) NOT-FOR-US: NCH CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...) NOT-FOR-US: NCH CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...) NOT-FOR-US: NCH CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...) NOT-FOR-US: NCH CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...) NOT-FOR-US: NCH CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...) NOT-FOR-US: NCH CVE-2021-37438 REJECTED CVE-2021-37437 RESERVED CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...) NOT-FOR-US: Amazon Echo CVE-2021-37435 RESERVED CVE-2021-37434 RESERVED CVE-2021-37433 RESERVED CVE-2021-37432 RESERVED CVE-2021-37431 RESERVED CVE-2021-37430 RESERVED CVE-2021-37429 RESERVED CVE-2021-37428 RESERVED CVE-2021-37427 RESERVED CVE-2021-37426 RESERVED CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...) NOT-FOR-US: Altova MobileTogether Server CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...) NOT-FOR-US: ManageEngine CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...) NOT-FOR-US: ManageEngine CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...) NOT-FOR-US: ManageEngine CVE-2021-37418 REJECTED CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...) NOT-FOR-US: GRANDCOM DynWEB CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...) NOT-FOR-US: TechRadar app for Confluence Server CVE-2021-37411 RESERVED CVE-2021-3665 RESERVED CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site) {DLA-3336-1} - node-url-parse 1.5.3-1 (bug #991577) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/ NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0 CVE-2021-26250 RESERVED CVE-2021-23208 RESERVED CVE-2021-23183 RESERVED CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...) - prosody 0.11.9-2 [buster] - prosody (Minor issue) [stretch] - prosody (Vulnerable code not present) NOTE: https://prosody.im/security/advisory_20210722/ CVE-2021-37404 (There is a potential heap buffer overflow in Apache Hadoop libhdfs nat ...) - hadoop (bug #793644) CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) NOT-FOR-US: firefly-iii CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) NOT-FOR-US: HP CVE-2021-3661 (A potential security vulnerability has been identified in certain HP W ...) NOT-FOR-US: HP CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) NOT-FOR-US: OX App Suite CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) NOT-FOR-US: OX App Suite CVE-2021-3660 (Cockpit (and its plugins) do not seem to protect itself against clickj ...) - cockpit 254-1 [bullseye] - cockpit (Minor issue) [buster] - cockpit (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688 CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...) NOT-FOR-US: IDEC CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...) NOT-FOR-US: IDEC CVE-2021-37399 RESERVED CVE-2021-37398 RESERVED CVE-2021-37397 RESERVED CVE-2021-37396 RESERVED CVE-2021-37395 RESERVED CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...) NOT-FOR-US: RPCMS CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) NOT-FOR-US: RPCMS CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) NOT-FOR-US: RPCMS CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...) NOT-FOR-US: Chamilo LMS CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...) NOT-FOR-US: Chamilo LMS CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...) NOT-FOR-US: Chamilo LMS CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...) NOT-FOR-US: D-Link CVE-2021-37387 RESERVED CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before ...) NOT-FOR-US: Furukawa CVE-2021-37385 RESERVED CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web interface co ...) NOT-FOR-US: Furukawa CVE-2021-37383 RESERVED CVE-2021-37382 RESERVED CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...) NOT-FOR-US: Southsoft GMIS CVE-2021-37380 RESERVED CVE-2021-37379 (Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmwar ...) NOT-FOR-US: Teradek CVE-2021-37378 (Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro ...) NOT-FOR-US: Teradek CVE-2021-37377 (Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware vers ...) NOT-FOR-US: Teradek CVE-2021-37376 (Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and B ...) NOT-FOR-US: Teradek CVE-2021-37375 (Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini ...) NOT-FOR-US: Teradek CVE-2021-37374 (Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware ...) NOT-FOR-US: Teradek CVE-2021-37373 (Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generati ...) NOT-FOR-US: Teradek CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) NOT-FOR-US: Online Student Admission System CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) NOT-FOR-US: Online Student Admission System CVE-2021-37370 RESERVED CVE-2021-37369 RESERVED CVE-2021-37368 RESERVED CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...) NOT-FOR-US: CTparental CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...) NOT-FOR-US: CTparental CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) NOT-FOR-US: CTparental CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...) NOT-FOR-US: OpenClinic CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...) NOT-FOR-US: Gestionale Open CVE-2021-37362 RESERVED CVE-2021-37361 RESERVED CVE-2021-37360 RESERVED CVE-2021-37359 RESERVED CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...) NOT-FOR-US: SEACMS CVE-2021-37357 RESERVED CVE-2021-37356 RESERVED CVE-2021-37355 RESERVED CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...) NOT-FOR-US: Xerox CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...) NOT-FOR-US: Nagios XI CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...) NOT-FOR-US: Nagios XI CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...) NOT-FOR-US: Nagios XI CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...) NOT-FOR-US: Nagios XI CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...) NOT-FOR-US: Nagios XI CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...) NOT-FOR-US: Nagios XI CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) NOT-FOR-US: Nagios XI CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...) NOT-FOR-US: Nagios XI CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...) NOT-FOR-US: Nagios XI CVE-2021-37342 RESERVED CVE-2021-37341 RESERVED CVE-2021-37340 RESERVED CVE-2021-37339 RESERVED CVE-2021-37338 RESERVED CVE-2021-37337 RESERVED CVE-2021-37336 RESERVED CVE-2021-37335 RESERVED CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...) NOT-FOR-US: Umbraco Forms CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37332 RESERVED CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...) NOT-FOR-US: Laravel Booking System Booking Core CVE-2021-37329 RESERVED CVE-2021-37328 RESERVED CVE-2021-37327 RESERVED CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...) NOT-FOR-US: NetSarang Xshell CVE-2021-37325 RESERVED CVE-2021-37324 RESERVED CVE-2021-37323 RESERVED CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...) - binutils 2.27.51.20161102-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 NOTE: binutils not covered by security support CVE-2021-37321 RESERVED CVE-2021-37320 RESERVED CVE-2021-37319 RESERVED CVE-2021-37318 RESERVED CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U route ...) NOT-FOR-US: ASUS CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firm ...) NOT-FOR-US: ASUS CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68 ...) NOT-FOR-US: ASUS CVE-2021-37314 RESERVED CVE-2021-37313 RESERVED CVE-2021-37312 RESERVED CVE-2021-37311 (Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to caus ...) - fcitx5 5.0.9-1 [bullseye] - fcitx5 (Minor issue) [buster] - fcitx5 (Minor issue) NOTE: https://github.com/fcitx/fcitx5/pull/308 NOTE: https://github.com/fcitx/fcitx5/commit/6393480542178623c0af7a7e76647a401264f227 (5.0.9) CVE-2021-37310 RESERVED CVE-2021-37309 RESERVED CVE-2021-37308 RESERVED CVE-2021-37307 RESERVED CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) NOT-FOR-US: jeecg-boot CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) NOT-FOR-US: jeecg-boot CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticat ...) NOT-FOR-US: jeecg-boot CVE-2021-37303 RESERVED CVE-2021-37302 RESERVED CVE-2021-37301 RESERVED CVE-2021-37300 RESERVED CVE-2021-37299 RESERVED CVE-2021-37298 REJECTED CVE-2021-37297 RESERVED CVE-2021-37296 RESERVED CVE-2021-37295 RESERVED CVE-2021-37294 RESERVED CVE-2021-37293 (A Directory Traversal vulnerability exists in KevinLAB Inc Building En ...) NOT-FOR-US: KevinLAB CVE-2021-37292 (An Access Control vulnerability exists in KevinLAB Inc Building Energy ...) NOT-FOR-US: KevinLAB CVE-2021-37291 (An SQL Injection vulnerability exists in KevinLAB Inc Building Energy ...) NOT-FOR-US: KevinLAB CVE-2021-37290 RESERVED CVE-2021-37289 (Insecure Permissions in administration interface in Planex MZK-DP150N ...) NOT-FOR-US: Planex MZK-DP150N CVE-2021-37288 RESERVED CVE-2021-37287 RESERVED CVE-2021-37286 RESERVED CVE-2021-37285 RESERVED CVE-2021-37284 RESERVED CVE-2021-37283 RESERVED CVE-2021-37282 RESERVED CVE-2021-37281 RESERVED CVE-2021-37280 RESERVED CVE-2021-37279 RESERVED CVE-2021-37278 RESERVED CVE-2021-37277 RESERVED CVE-2021-37276 RESERVED CVE-2021-37275 RESERVED CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...) NOT-FOR-US: Kingdee KIS Professional Edition CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...) NOT-FOR-US: Tianyi Gateway CVE-2021-37272 RESERVED CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...) NOT-FOR-US: UEditor CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...) NOT-FOR-US: CMS Enterprise Website Construction System CVE-2021-37269 RESERVED CVE-2021-37268 RESERVED CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...) NOT-FOR-US: KindEditor CVE-2021-37266 RESERVED CVE-2021-37265 RESERVED CVE-2021-37264 RESERVED CVE-2021-37263 RESERVED CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...) NOT-FOR-US: JFinal_cms CVE-2021-37261 RESERVED CVE-2021-37260 RESERVED CVE-2021-37259 RESERVED CVE-2021-37258 RESERVED CVE-2021-37257 RESERVED CVE-2021-37256 RESERVED CVE-2021-37255 RESERVED CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...) NOT-FOR-US: M-Files CVE-2021-37253 (M-Files Web before 20.10.9524.1 allows a denial of service via overlap ...) NOT-FOR-US: M-Files Web CVE-2021-37252 RESERVED CVE-2021-37251 RESERVED CVE-2021-37250 RESERVED CVE-2021-37249 RESERVED CVE-2021-37248 RESERVED CVE-2021-37247 RESERVED CVE-2021-37246 RESERVED CVE-2021-37245 RESERVED CVE-2021-37244 RESERVED CVE-2021-37243 RESERVED CVE-2021-37242 RESERVED CVE-2021-37241 RESERVED CVE-2021-37240 RESERVED CVE-2021-37239 RESERVED CVE-2021-37238 RESERVED CVE-2021-37237 RESERVED CVE-2021-37236 RESERVED CVE-2021-37235 RESERVED CVE-2021-37234 (Incorrect Access Control vulnerability in Modern Honey Network commit ...) NOT-FOR-US: Modern Honey Network CVE-2021-37233 RESERVED CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) [bullseye] - atomicparsley (Minor issue) [buster] - atomicparsley (Minor issue) [stretch] - atomicparsley (Minor issue) - gtkpod (Vulnerable code not present, cf #993376) NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 NOTE: https://github.com/wez/atomicparsley/issues/32 NOTE: gtkpod does not contain the code supporting tkhd version 1 NOTE: that overflows with 64-bit creation/modified times CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) [bullseye] - atomicparsley (Minor issue) [buster] - atomicparsley (Minor issue) [stretch] - atomicparsley (Minor issue) - gtkpod (bug #993375) [bookworm] - gtkpod (Minor issue) [bullseye] - gtkpod (Minor issue) [buster] - gtkpod (Minor issue) [stretch] - gtkpod (Minor issue) NOTE: https://github.com/wez/atomicparsley/issues/30 NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335 CVE-2021-37230 RESERVED CVE-2021-37229 RESERVED CVE-2021-37228 RESERVED CVE-2021-37227 RESERVED CVE-2021-37226 RESERVED CVE-2021-37225 RESERVED CVE-2021-37224 RESERVED CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Fo ...) NOT-FOR-US: Nagios XI CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...) NOT-FOR-US: RCDCAP CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...) NOT-FOR-US: Sourcecodester Customer Relationship Management System CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) - mupdf 1.17.0+ds1-2 (bug #991402) [buster] - mupdf (Minor issue; can be fixed via point release) [stretch] - mupdf (Vulnerable code not present) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 NOTE: On Stretch, an earlier version of the code exits early instead of crashing. CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...) - consul 1.8.7+dfsg1-6 (bug #1015218) [bullseye] - consul (EOL in Bullseye) [buster] - consul (Minor issue; intrusive to backport) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 NOTE: https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) - nomad (bug #1021273) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 NOTE: https://github.com/hashicorp/nomad/pull/11089 (main) NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4) NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11) CVE-2021-37217 RESERVED CVE-2021-3659 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s I ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8 CVE-2021-3658 (bluetoothd from bluez incorrectly saves adapters' Discoverable status ...) - bluez 5.61-1 (bug #991596) [bullseye] - bluez (Minor issue) [buster] - bluez (Vulnerable code introduced later) [stretch] - bluez (Vulnerable code introduced later) NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51) NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) NOT-FOR-US: QSAN Storage Manager CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...) NOT-FOR-US: Flygo CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...) NOT-FOR-US: Flygo CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...) NOT-FOR-US: Flygo CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...) NOT-FOR-US: Flygo CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...) NOT-FOR-US: Flygo CVE-2021-37210 RESERVED CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM i800 (All versions < ...) NOT-FOR-US: Siemens CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...) NOT-FOR-US: Siemens CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions < ...) NOT-FOR-US: Siemens CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) NOT-FOR-US: Siemens CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) NOT-FOR-US: Siemens CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...) NOT-FOR-US: Digi TransPort Gateway devices CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) NOT-FOR-US: Digi TransPort devices CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) NOT-FOR-US: Digi TransPort devices CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < V ...) NOT-FOR-US: Siemens CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...) NOT-FOR-US: Siemens CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37182 (A vulnerability has been identified in SCALANCE XM408-4C (All versions ...) NOT-FOR-US: Siemens CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...) NOT-FOR-US: Siemens CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) NOT-FOR-US: Siemens CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) NOT-FOR-US: Siemens CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) NOT-FOR-US: Siemens CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) NOT-FOR-US: Siemens CVE-2021-37171 RESERVED CVE-2021-37170 RESERVED CVE-2021-37169 RESERVED CVE-2021-37168 RESERVED CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...) NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) NOT-FOR-US: OpenGamePanel CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) NOT-FOR-US: OpenGamePanel CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...) - redmine (Only affected 4.2.0 and 4.2.1 upstream) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...) - wolfssl 5.0.0-1 (bug #991443) [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 NOTE: https://github.com/wolfSSL/wolfssl/pull/3990 NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...) NOT-FOR-US: ForgeRock Access Management (AM) CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...) NOT-FOR-US: ForgeRock Access Management (AM) CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...) NOT-FOR-US: Sonatype CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) NOT-FOR-US: CyberArk Identity CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...) {DLA-3066-1} - isync 1.4.4-1 [bullseye] - isync 1.3.0-2.2+deb11u1 [buster] - isync 1.3.0-2.2~deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1 CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) {DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) {DSA-5206-1 DLA-3279-1} - trafficserver 9.1.3+ds-1 NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) {DSA-5153-1} - trafficserver 9.1.1+ds-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: https://github.com/apache/trafficserver/pull/8458/ NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master) CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...) {DSA-5153-1} - trafficserver 9.1.1+ds-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: https://github.com/apache/trafficserver/pull/8457/ NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master) NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x) CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...) {DSA-5153-1} - trafficserver 9.1.1+ds-1 NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master) NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x) NOTE: https://github.com/apache/trafficserver/pull/8460 CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) [experimental] - ros-ros-comm 1.15.13+ds1-1 - ros-ros-comm 1.15.13+ds1-2 [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1 [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u3 [stretch] - ros-ros-comm (Minor issue) NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446 NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447 NOTE: https://github.com/ros/ros_comm/pull/2185 NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12) NOTE: https://github.com/ros/ros_comm/pull/2186 NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12) CVE-2021-37145 (A command-injection vulnerability in an authenticated Telnet connectio ...) NOT-FOR-US: Poly (formerly Polycom) CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...) NOT-FOR-US: CSZ CMS CVE-2021-37143 RESERVED CVE-2021-37142 RESERVED CVE-2021-37141 RESERVED CVE-2021-37140 RESERVED CVE-2021-3656 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2021-37139 RESERVED CVE-2021-37138 RESERVED CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...) {DSA-5316-1 DLA-3268-1} - netty 1:4.1.48-6 (bug #1014769) [stretch] - netty (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...) {DSA-5316-1 DLA-3268-1} - netty 1:4.1.48-6 (bug #1014769) [stretch] - netty (Minor issue) NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) CVE-2021-37135 RESERVED CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...) NOT-FOR-US: Huawei CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) NOT-FOR-US: Huawei CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...) NOT-FOR-US: Huawei CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...) NOT-FOR-US: Huawei CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...) NOT-FOR-US: Huawei CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...) NOT-FOR-US: Huawei CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...) NOT-FOR-US: Huawei CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) NOT-FOR-US: Huawei CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) NOT-FOR-US: Huawei CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...) NOT-FOR-US: Huawei CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...) NOT-FOR-US: Hero-CT060 CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...) NOT-FOR-US: Huawei CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...) NOT-FOR-US: Huawei CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) NOT-FOR-US: Huawei CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...) NOT-FOR-US: Huawei CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) NOT-FOR-US: Huawei CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...) NOT-FOR-US: Huawei CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...) NOT-FOR-US: Huawei CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...) NOT-FOR-US: Huawei CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...) NOT-FOR-US: Huawei CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...) NOT-FOR-US: Huawei CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...) NOT-FOR-US: Huawei CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...) NOT-FOR-US: Huawei CVE-2021-37108 RESERVED CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...) NOT-FOR-US: Huawei CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...) NOT-FOR-US: FusionCompute (Huawei) CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...) NOT-FOR-US: FusionCompute (Huawei) CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...) NOT-FOR-US: Huawei CVE-2021-37103 (There is an improper permission management vulnerability in the Wallet ...) NOT-FOR-US: Huawei CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...) NOT-FOR-US: Huawei CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...) NOT-FOR-US: Huawei CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...) NOT-FOR-US: Huawei CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) NOT-FOR-US: Huawei CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) NOT-FOR-US: Huawei CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) NOT-FOR-US: Huawei CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...) NOT-FOR-US: Huawei CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...) NOT-FOR-US: Huawei CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...) NOT-FOR-US: Huawei CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...) NOT-FOR-US: Huawei CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Huawei CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) NOT-FOR-US: Huawei CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Huawei CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...) NOT-FOR-US: Huawei CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...) NOT-FOR-US: Huawei CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...) NOT-FOR-US: Huawei CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37059 (There is a Weaknesses Introduced During Design) NOT-FOR-US: HarmonyOS CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) NOT-FOR-US: Huawei CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...) NOT-FOR-US: Huawei CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...) NOT-FOR-US: Huawei CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...) NOT-FOR-US: Huawei CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...) NOT-FOR-US: Huawei CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...) NOT-FOR-US: Huawei CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...) NOT-FOR-US: Huawei CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) NOT-FOR-US: Huawei CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...) NOT-FOR-US: Huawei CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...) NOT-FOR-US: Huawei CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) NOT-FOR-US: Huawei CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...) NOT-FOR-US: Huawei CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...) NOT-FOR-US: Huawei CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) NOT-FOR-US: Huawei CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...) NOT-FOR-US: Huawei CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...) NOT-FOR-US: Huawei CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful exploitation o ...) NOT-FOR-US: Huawei CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Huawei CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) NOT-FOR-US: Huawei CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...) NOT-FOR-US: Huawei CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...) NOT-FOR-US: Huawei CVE-2021-37000 RESERVED CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...) NOT-FOR-US: Huawei CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...) NOT-FOR-US: Huawei CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) NOT-FOR-US: Huawei CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...) NOT-FOR-US: Huawei CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...) NOT-FOR-US: Huawei CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) NOT-FOR-US: Huawei CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) NOT-FOR-US: Huawei CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...) NOT-FOR-US: Huawei CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...) NOT-FOR-US: Huawei CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) NOT-FOR-US: Huawei CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...) NOT-FOR-US: Huawei CVE-2021-36984 RESERVED CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...) NOT-FOR-US: ReplaySorcery CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...) NOT-FOR-US: SerNet verinice CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) {DLA-2843-1 DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVNC. By ...) - nova 2:23.0.2-3 (bug #991441) [bullseye] - nova (Minor issue) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) NOTE: https://bugs.launchpad.net/nova/+bug/1927677 NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1 CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107693 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/ff1db4a6aea522cf3dfc80ca88e64ffecfb5e07c CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...) {DSA-5399-1} - odoo 16.0.0+dfsg.1-1 (bug #1035953) NOTE: https://github.com/odoo/odoo/issues/107695 NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f2c1ee5a622db33a4411e7f9285f09387d1d7480 CVE-2021-23184 RESERVED CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) - openvswitch 2.15.0+ds1-10 (bug #991308) [bullseye] - openvswitch 2.15.0+ds1-2+deb11u1 [buster] - openvswitch (Vulnerable code not present, introduced in 2.11) [stretch] - openvswitch (Vulnerable code not present, introduced in 2.11) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6 CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) NOT-FOR-US: Unicorn Engine CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) {DLA-3548-1} - qpdf 10.1.0-1 [stretch] - qpdf (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0) CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...) - libmatio (Vulnerable code not yet present) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...) - libarchive 3.6.0-1 (bug #991442) [bullseye] - libarchive (Minor issue) [buster] - libarchive (Vulnerable code introduced by 47bb818 in version 3.4.1) [stretch] - libarchive (Vulnerable code introduced by 47bb818 in version 3.4.1) NOTE: https://github.com/libarchive/libarchive/issues/1554 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 (v3.4.1) NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f (v3.6.0) CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36971 RESERVED CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) NOT-FOR-US: Microsoft CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36961 (Windows Installer Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36958 (

A remote code execution vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36951 RESERVED CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...) NOT-FOR-US: Microsoft CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36944 RESERVED CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36942 (Windows LSA Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36939 RESERVED CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36935 RESERVED CVE-2021-36934 (

An elevation of privilege vulnerability exists because of overly pe ...) NOT-FOR-US: Microsoft CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...) NOT-FOR-US: Microsoft CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...) NOT-FOR-US: WordPress plugin CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2021-36918 RESERVED CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by ...) NOT-FOR-US: WordPress plugin CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...) NOT-FOR-US: WordPress plugin CVE-2021-36915 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...) NOT-FOR-US: WordPress plugin CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...) NOT-FOR-US: WordPress plugin CVE-2021-36913 (Unauthenticated Options Change and Content Injection vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News ...) NOT-FOR-US: WordPress plugin CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in W ...) NOT-FOR-US: WordPress plugin CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...) NOT-FOR-US: WordPress plugin CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP ...) NOT-FOR-US: WordPress plugin CVE-2021-36907 RESERVED CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR) vulnerabilities in E ...) NOT-FOR-US: WordPress plugin CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulner ...) NOT-FOR-US: WordPress plugin CVE-2021-36904 RESERVED CVE-2021-36903 RESERVED CVE-2021-36902 RESERVED CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...) NOT-FOR-US: WordPress plugin CVE-2021-36900 RESERVED CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...) NOT-FOR-US: WordPress plugin CVE-2021-36898 (Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plu ...) NOT-FOR-US: WordPress plugin CVE-2021-36897 RESERVED CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...) NOT-FOR-US: WordPress plugin CVE-2021-36894 RESERVED CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36892 RESERVED CVE-2021-36891 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Su ...) NOT-FOR-US: WordPress plugin CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...) NOT-FOR-US: WordPress plugin CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...) NOT-FOR-US: WordPress plugin CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...) NOT-FOR-US: WordPress plugin CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) NOT-FOR-US: WordPress plugin CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...) NOT-FOR-US: WordPress plugin CVE-2021-36883 RESERVED CVE-2021-36882 RESERVED CVE-2021-36881 RESERVED CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...) NOT-FOR-US: WordPress plugin CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...) NOT-FOR-US: WordPress plugin CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) NOT-FOR-US: WordPress plugin CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) NOT-FOR-US: WordPress plugin CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) NOT-FOR-US: WordPress plugin CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) NOT-FOR-US: WordPress plugin CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...) NOT-FOR-US: WordPress plugin CVE-2021-36868 RESERVED CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) NOT-FOR-US: WordPress plugin CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in ExpressTech ...) NOT-FOR-US: WordPress plugin CVE-2021-36864 (Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2021-36863 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2021-36862 RESERVED CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Sta ...) NOT-FOR-US: WordPress plugin CVE-2021-36860 RESERVED CVE-2021-36859 RESERVED CVE-2021-36858 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) NOT-FOR-US: WordPress plugin CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2021-36856 RESERVED CVE-2021-36855 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...) NOT-FOR-US: WordPress plugin CVE-2021-36854 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking ...) NOT-FOR-US: WordPress plugin CVE-2021-36853 RESERVED CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...) NOT-FOR-US: WordPress plugin CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting (XSS) ...) NOT-FOR-US: WordPress plugin CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...) NOT-FOR-US: WordPress plugin CVE-2021-36849 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36847 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2021-36844 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...) NOT-FOR-US: WordPress plugin CVE-2021-36842 RESERVED CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) NOT-FOR-US: WordPress plugin CVE-2021-36840 RESERVED CVE-2021-36839 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36838 RESERVED CVE-2021-36837 RESERVED CVE-2021-36836 RESERVED CVE-2021-36835 RESERVED CVE-2021-36834 RESERVED CVE-2021-36833 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin \u201 ...) NOT-FOR-US: WordPress plugins CVE-2021-36831 RESERVED CVE-2021-36830 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...) NOT-FOR-US: WordPress plugin CVE-2021-36827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Satu ...) NOT-FOR-US: WordPress plugin CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...) NOT-FOR-US: WordPress plugin CVE-2021-36825 RESERVED CVE-2021-36824 RESERVED CVE-2021-36823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2021-36822 RESERVED CVE-2021-36821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WMPU CVE-2021-36820 REJECTED CVE-2021-36819 REJECTED CVE-2021-36818 REJECTED CVE-2021-36817 REJECTED CVE-2021-36816 REJECTED CVE-2021-36815 REJECTED CVE-2021-36814 REJECTED CVE-2021-36813 REJECTED CVE-2021-36812 REJECTED CVE-2021-36811 REJECTED CVE-2021-36810 REJECTED CVE-2021-36809 (A local attacker can overwrite arbitrary files on the system with VPN ...) NOT-FOR-US: Sophos CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) NOT-FOR-US: Sophos CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...) NOT-FOR-US: Sophos CVE-2021-36806 (A reflected XSS vulnerability allows an open redirect when the victim ...) NOT-FOR-US: Sophos CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.) NOT-FOR-US: Unicorn Engine CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...) - libass 1:0.15.0-2 [buster] - libass (Vulnerable code not present) [stretch] - libass (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml NOTE: Introduced by: https://github.com/libass/libass/commit/910211f1c0078e37546f73e95306724358b89be2 (0.15.0) NOTE: Fixed by: https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 (0.15.1) CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds ...) NOT-FOR-US: open62541 CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...) - libmatio 1.5.22-1 (bug #991370) [bullseye] - libmatio (Minor issue) [buster] - libmatio (Vulnerable code not present, introduced in 1.5.18) [stretch] - libmatio (Vulnerable code not present, introduced in 1.5.18) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...) {DSA-4948-1 DLA-2720-1} - aspell 0.60.8-3 (bug #991307) NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow i ...) - gdal 3.1.0+dfsg-1 [buster] - gdal (Vulnerable code not present) [stretch] - gdal (Vulnerable code not present) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156 CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) NOT-FOR-US: Akaunting CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...) NOT-FOR-US: Akaunting CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) NOT-FOR-US: Akaunting CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...) NOT-FOR-US: Akaunting CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...) NOT-FOR-US: Akaunting CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...) NOT-FOR-US: Akaunting CVE-2021-36799 (KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with ...) NOT-FOR-US: KNX ETS5 CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...) NOT-FOR-US: HelpSystems Cobalt Strike CVE-2021-36797 (In Victron Energy Venus OS through 2.72, root access is granted by def ...) NOT-FOR-US: Victron Energy Venus OS CVE-2021-36796 RESERVED CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) NOT-FOR-US: Cohesity CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...) NOT-FOR-US: Siren Investigate CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...) NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3 CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...) NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3 CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...) NOT-FOR-US: femanager extension for TYPO3 CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher allows u ...) NOT-FOR-US: Rancher CVE-2021-36783 (A Insufficiently Protected Credentials vulnerability in SUSE Rancher a ...) NOT-FOR-US: Rancher CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...) NOT-FOR-US: Rancher CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...) NOT-FOR-US: Parsec CVE-2021-36780 (A Missing Authentication for Critical Function vulnerability in longho ...) NOT-FOR-US: Longhorn CVE-2021-36779 (A Missing Authentication for Critical Function vulnerability in SUSE L ...) NOT-FOR-US: Longhorn CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows adminis ...) NOT-FOR-US: Rancher CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) NOT-FOR-US: OpenSuSE infrastructure CVE-2021-36776 (A Improper Access Control vulnerability in SUSE Rancher allows remote ...) NOT-FOR-US: Rancher CVE-2021-36775 (a Improper Access Control vulnerability in SUSE Rancher allows users t ...) NOT-FOR-US: Rancher CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...) - gthumb 3:3.11.1-0.1 (unimportant) NOTE: https://mail.gnome.org/archives/gthumb-list/2020-September/msg00001.html NOTE: https://github.com/GNOME/gthumb/commit/e79b4519cc6e27388ddd3f095e97d1559cb47616 NOTE: Crash in CLI tool, no security impact CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/issues/3340 NOTE: https://github.com/ARMmbed/mbedtls/pull/3433 CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 [stretch] - mbedtls (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) {DLA-3062-1} - ublock-origin 1.37.0+dfsg-1 (bug #991386) [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 - umatrix (bug #991344) [buster] - umatrix (Minor issue) NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.) NOT-FOR-US: Zoho CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.) NOT-FOR-US: Zoho CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...) - libencode-perl 3.08-2 [bullseye] - libencode-perl 3.08-1+deb11u1 [buster] - libencode-perl (Vulnerable code introduced later) [stretch] - libencode-perl (Vulnerable code introduced later) - perl 5.32.1-5 [bullseye] - perl 5.32.1-4+deb11u1 [buster] - perl (Vulnerable code introduced later) [stretch] - perl (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05) NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12) NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0) NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) [experimental] - telegram-desktop 2.9.0+ds-1 - telegram-desktop 2.9.2+ds-1 (bug #991493) [bullseye] - telegram-desktop (Minor issue) [buster] - telegram-desktop (Minor issue) NOTE: https://mtpsym.github.io/ CVE-2021-36768 RESERVED CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...) {DLA-3399-1} - 389-ds-base 1.4.4.17-1 (bug #991405) [bullseye] - 389-ds-base (Minor issue) [stretch] - 389-ds-base (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...) NOT-FOR-US: Digi RealPort CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) NOT-FOR-US: Concrete5 CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...) NOT-FOR-US: CODESYS EtherNetIP CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...) NOT-FOR-US: CODESYS Gateway CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...) NOT-FOR-US: CODESYS V3 web server CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...) NOT-FOR-US: HCC Embedded InterNiche NicheStack CVE-2021-36761 (The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.) NOT-FOR-US: Qlik CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) NOT-FOR-US: WSO2 CVE-2021-36759 REJECTED CVE-2021-3651 REJECTED CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...) NOT-FOR-US: 1Password CVE-2021-36757 RESERVED CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...) NOT-FOR-US: CFEngine Enterprise CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...) NOT-FOR-US: Nightscout Web Monitor CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...) - pdns (Vulnerable code introduced in 4.5.0) NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2 CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...) NOT-FOR-US: sharkdp BAT CVE-2021-36752 RESERVED CVE-2021-36751 (ENC DataVault 7.2.3 and before, and OEM versions, use an encryption al ...) NOT-FOR-US: ENC DataVault CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...) NOT-FOR-US: ENC CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) - druid (bug #825797) NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 CVE-2021-3650 RESERVED CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity) NOT-FOR-US: chatwoot CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...) NOT-FOR-US: Prestahome Blog CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) NOT-FOR-US: Blackboard Learn CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) NOT-FOR-US: Blackboard Learn CVE-2020-36420 (Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service ...) - polipo [buster] - polipo (Minor issue) [stretch] - polipo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1 CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...) NOT-FOR-US: Trend Micro CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...) NOT-FOR-US: Trend Micro CVE-2021-36743 RESERVED CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...) NOT-FOR-US: Trend Micro CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) NOT-FOR-US: Trend Micro CVE-2021-3648 REJECTED CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site) NOT-FOR-US: URI.js CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) NOT-FOR-US: btcpayserver CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...) NOT-FOR-US: Node viking04/merge CVE-2021-3644 (A flaw was found in wildfly-core in all versions. If a vault expressio ...) - wildfly (bug #752018) CVE-2020-36419 RESERVED CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...) NOT-FOR-US: Apache Pluto MVCBean JSP portlet CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...) NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...) NOT-FOR-US: Apache Pluto UrlTestPortlet CVE-2021-36736 REJECTED CVE-2021-36735 REJECTED CVE-2021-36734 REJECTED CVE-2021-36733 RESERVED CVE-2021-36732 RESERVED CVE-2021-36731 RESERVED CVE-2021-36730 RESERVED CVE-2021-36729 RESERVED CVE-2021-36728 RESERVED CVE-2021-36727 RESERVED CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...) {DSA-5088-1} - varnish 6.5.2-1 (bug #991040) [stretch] - varnish (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different) NOTE: https://varnish-cache.org/security/VSV00007.html NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8) NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2) CVE-2021-36726 RESERVED CVE-2021-36725 RESERVED CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...) NOT-FOR-US: ForeScout - SecureConnector CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...) NOT-FOR-US: Emuse - eServices / eNvoice CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...) NOT-FOR-US: Emuse - eServices / eNvoice CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...) NOT-FOR-US: Sysaid API CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...) NOT-FOR-US: PineApp - Mail Secure CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...) NOT-FOR-US: PineApp - Mail Secure CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...) NOT-FOR-US: SYNEL - eharmonynew / Synel Reports CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...) NOT-FOR-US: Synerion TimeNet CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...) NOT-FOR-US: Node is-email CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.2 (bug #1010374) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626 NOTE: Triggered by same reproducer as for CVE-2021-23210 NOTE: https://sourceforge.net/p/sox/bugs/351/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...) - rust-ammonia 3.1.2-1 (bug #991497) NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515 NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...) - rust-tokio (Introduced in 0.3.0) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html NOTE: https://github.com/tokio-rs/tokio/issues/3929 NOTE: https://github.com/tokio-rs/tokio/pull/3934 NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11 CVE-2021-36715 RESERVED CVE-2021-36714 RESERVED CVE-2021-36713 (Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9 ...) NOT-FOR-US: DataTables CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attacker ...) NOT-FOR-US: yzmcms CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code execution beca ...) NOT-FOR-US: OctoBot CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...) NOT-FOR-US: ToaruOS CVE-2021-36709 RESERVED CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...) NOT-FOR-US: ProLink CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...) NOT-FOR-US: ProLink CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...) NOT-FOR-US: ProLink CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...) NOT-FOR-US: ProLink CVE-2021-36704 RESERVED CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...) NOT-FOR-US: htmly CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...) NOT-FOR-US: htmly CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...) NOT-FOR-US: htmly CVE-2021-36700 RESERVED CVE-2021-36699 RESERVED CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...) NOT-FOR-US: Pandora FMS CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS <=755 ...) NOT-FOR-US: Pandora FMS CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) NOT-FOR-US: Deskpro CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) NOT-FOR-US: Deskpro CVE-2021-36694 RESERVED CVE-2021-36693 RESERVED CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...) - jpeg-xl (Fixed before initial upload to Debian) NOTE: https://github.com/libjxl/libjxl/issues/308 NOTE: https://github.com/libjxl/libjxl/pull/313 NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5) CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...) - jpeg-xl (unimportant) NOTE: https://github.com/libjxl/libjxl/issues/422 NOTE: Special case of https://github.com/libjxl/libjxl/issues/762 NOTE: Negligible security impact CVE-2021-36690 (A segmentation fault can occur in the sqlite3.exe command-line compone ...) - sqlite3 3.36.0-2 (unimportant) [stretch] - sqlite3 (vulnerable code is not present) - sqlite (Vulnerable code is not present) NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17 CVE-2021-36689 (An issue discovered in com.samourai.wallet.PinEntryActivity.java in St ...) NOT-FOR-US: com.samourai.wallet.PinEntryActivity.java CVE-2021-36688 RESERVED CVE-2021-36687 RESERVED CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attacker ...) NOT-FOR-US: yapi CVE-2021-36685 RESERVED CVE-2021-36684 RESERVED CVE-2021-36683 RESERVED CVE-2021-36682 RESERVED CVE-2021-36681 RESERVED CVE-2021-36680 RESERVED CVE-2021-36679 RESERVED CVE-2021-36678 RESERVED CVE-2021-36677 RESERVED CVE-2021-36676 RESERVED CVE-2021-36675 RESERVED CVE-2021-36674 RESERVED CVE-2021-36673 RESERVED CVE-2021-36672 RESERVED CVE-2021-36671 RESERVED CVE-2021-36670 RESERVED CVE-2021-36669 RESERVED CVE-2021-36668 (URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to for ...) NOT-FOR-US: Druva inSync CVE-2021-36667 (Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allow ...) NOT-FOR-US: Druva inSync CVE-2021-36666 (An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to ...) NOT-FOR-US: Druva inSync CVE-2021-36665 (An issue was discovered in Druva 6.9.0 for macOS, allows attackers to ...) NOT-FOR-US: Druva inSync CVE-2021-36664 RESERVED CVE-2021-36663 RESERVED CVE-2021-36662 RESERVED CVE-2021-36661 RESERVED CVE-2021-36660 RESERVED CVE-2021-36659 RESERVED CVE-2021-36658 RESERVED CVE-2021-36657 RESERVED CVE-2021-36656 RESERVED CVE-2021-36655 RESERVED CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...) NOT-FOR-US: CMSuno CVE-2021-36653 RESERVED CVE-2021-36652 RESERVED CVE-2021-36651 RESERVED CVE-2021-36650 RESERVED CVE-2021-36649 RESERVED CVE-2021-36648 RESERVED CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ...) - mbedtls 2.16.11-0.1 [bullseye] - mbedtls (Minor issue) [buster] - mbedtls (Minor issue) NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/ CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows ...) NOT-FOR-US: KodExplorer CVE-2021-36645 RESERVED CVE-2021-36644 RESERVED CVE-2021-36643 RESERVED CVE-2021-36642 RESERVED CVE-2021-36641 RESERVED CVE-2021-36640 RESERVED CVE-2021-36639 RESERVED CVE-2021-36638 RESERVED CVE-2021-36637 RESERVED CVE-2021-36636 RESERVED CVE-2021-36635 RESERVED CVE-2021-36634 RESERVED CVE-2021-36633 RESERVED CVE-2021-36632 RESERVED CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and ...) NOT-FOR-US: Baidunetdisk CVE-2021-36630 (DDOS reflection amplification vulnerability in eAut module of Ruckus W ...) NOT-FOR-US: Ruckus CVE-2021-36629 RESERVED CVE-2021-36628 REJECTED CVE-2021-36627 RESERVED CVE-2021-36626 RESERVED CVE-2021-36625 (An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixe ...) - dolibarr CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...) NOT-FOR-US: Sourcecodester CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...) NOT-FOR-US: Sourcecodester CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...) NOT-FOR-US: Sourcecodester CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...) NOT-FOR-US: Sourcecodester CVE-2021-36620 RESERVED CVE-2021-36619 RESERVED CVE-2021-36618 RESERVED CVE-2021-36617 RESERVED CVE-2021-36616 RESERVED CVE-2021-36615 RESERVED CVE-2021-36614 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-36613 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...) NOT-FOR-US: MikroTik RouterOS CVE-2021-36612 RESERVED CVE-2021-36611 RESERVED CVE-2021-36610 RESERVED CVE-2021-36609 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...) NOT-FOR-US: webTareas CVE-2021-36608 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...) NOT-FOR-US: webTareas CVE-2021-36607 RESERVED CVE-2021-36606 RESERVED CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...) NOT-FOR-US: engineercms CVE-2021-36604 RESERVED CVE-2021-36603 (Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote att ...) NOT-FOR-US: tasmota CVE-2021-36602 RESERVED CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: GetSimpleCMS CVE-2021-36600 RESERVED CVE-2021-36599 RESERVED CVE-2021-36598 RESERVED CVE-2021-36597 RESERVED CVE-2021-36596 RESERVED CVE-2021-36595 RESERVED CVE-2021-36594 REJECTED CVE-2021-36593 REJECTED CVE-2021-36592 RESERVED CVE-2021-36591 RESERVED CVE-2021-36590 RESERVED CVE-2021-36589 RESERVED CVE-2021-36588 RESERVED CVE-2021-36587 RESERVED CVE-2021-36586 RESERVED CVE-2021-36585 RESERVED CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...) - gpac 2.0.0+dfsg1-2 (bug #991965) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1842 NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7 (v2.0.0) CVE-2021-36583 RESERVED CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...) NOT-FOR-US: Kooboo CMS CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...) NOT-FOR-US: Kooboo CMS CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer IceWarp Serve ...) NOT-FOR-US: IceWarp MailServer CVE-2021-36579 RESERVED CVE-2021-36578 RESERVED CVE-2021-36577 RESERVED CVE-2021-36576 RESERVED CVE-2021-36575 RESERVED CVE-2021-36574 RESERVED CVE-2021-36573 (File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to ...) NOT-FOR-US: Feehi CMS CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allow ...) NOT-FOR-US: Feehi CMS CVE-2021-36571 RESERVED CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) NOT-FOR-US: FUEL-CMS CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) NOT-FOR-US: FUEL-CMS CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to ...) - moodle CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) NOT-FOR-US: ThinkPHP CVE-2021-36566 RESERVED CVE-2021-36565 RESERVED CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) NOT-FOR-US: ThinkPHP CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...) - check-mk CVE-2021-36562 RESERVED CVE-2021-36561 RESERVED CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...) NOT-FOR-US: Phone Shop Sales Managements System CVE-2021-36559 RESERVED CVE-2021-36558 RESERVED CVE-2021-36557 RESERVED CVE-2021-36556 RESERVED CVE-2021-36555 RESERVED CVE-2021-36554 RESERVED CVE-2021-36553 RESERVED CVE-2021-36552 RESERVED CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) - tikiwiki CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) - tikiwiki CVE-2021-36549 RESERVED CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) NOT-FOR-US: Monstra CMS CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) NOT-FOR-US: Mara CMS CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote ...) NOT-FOR-US: KiteCMS CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote at ...) NOT-FOR-US: tpcms CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows remote a ...) NOT-FOR-US: tpcms CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...) NOT-FOR-US: SeedDMS CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...) NOT-FOR-US: SeedDMS CVE-2021-36541 RESERVED CVE-2021-36540 RESERVED CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to locked/unpublish ...) NOT-FOR-US: Instructure Canvas LMS CVE-2021-36538 (Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1 ...) NOT-FOR-US: Gurock TestRail CVE-2021-36537 RESERVED CVE-2021-36536 RESERVED CVE-2021-36535 (Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attack ...) NOT-FOR-US: Cesanta mJS CVE-2021-36534 RESERVED CVE-2021-36533 RESERVED CVE-2021-36532 (Race condition vulnerability discovered in portfolioCMS 1.0 allows rem ...) NOT-FOR-US: portfolioCMS CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...) NOT-FOR-US: ngiflib CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...) NOT-FOR-US: ngiflib CVE-2021-36529 RESERVED CVE-2021-36528 RESERVED CVE-2021-36527 RESERVED CVE-2021-36526 RESERVED CVE-2021-36525 RESERVED CVE-2021-36524 RESERVED CVE-2021-36523 RESERVED CVE-2021-36522 RESERVED CVE-2021-36521 RESERVED CVE-2021-36520 (A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a ...) NOT-FOR-US: I-Tech Trainsmart CVE-2021-36519 RESERVED CVE-2021-36518 RESERVED CVE-2021-36517 RESERVED CVE-2021-36516 RESERVED CVE-2021-36515 RESERVED CVE-2021-36514 RESERVED CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...) - freeswitch (bug #389591) CVE-2021-36512 (An issue was discovered in function scanallsubs in src/sbbs3/scansubs. ...) NOT-FOR-US: Synchronet BBS CVE-2021-36511 RESERVED CVE-2021-36510 RESERVED CVE-2021-36509 RESERVED CVE-2021-36508 RESERVED CVE-2021-36507 RESERVED CVE-2021-36506 RESERVED CVE-2021-36505 RESERVED CVE-2021-36504 RESERVED CVE-2021-36503 (SQL injection vulnerability in native-php-cms 1.0 allows remote attack ...) NOT-FOR-US: native-php-cms CVE-2021-36502 RESERVED CVE-2021-36501 RESERVED CVE-2021-36500 RESERVED CVE-2021-36499 RESERVED CVE-2021-36498 RESERVED CVE-2021-36497 RESERVED CVE-2021-36496 RESERVED CVE-2021-36495 RESERVED CVE-2021-36494 RESERVED CVE-2021-36493 (Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attacke ...) - xpdf (Debian uses poppler, which is not affected) CVE-2021-36492 RESERVED CVE-2021-36491 RESERVED CVE-2021-36490 RESERVED CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...) - allegro4.4 (bug #1032670) [bookworm] - allegro4.4 (Minor issue) [bullseye] - allegro4.4 (Minor issue) [buster] - allegro4.4 (Minor issue) - allegro5 2:5.2.8.0-1 [bullseye] - allegro5 (Minor issue) [buster] - allegro5 (Minor issue) NOTE: https://github.com/liballeg/allegro5/issues/1251 NOTE: https://github.com/liballeg/allegro5/pull/1253 NOTE: https://github.com/liballeg/allegro5/commit/3f2dbd494241774d33aaf83910fd05b2a590604a (5.2.8.0) NOTE: https://github.com/liballeg/allegro5/commit/cca179bc16827f358153060cd10ac73d394e758c (5.2.8.0) NOTE: https://github.com/liballeg/allegro5/commit/a2c93939f6997a96ecac1865dbb4fa3f66b5e1b7 (5.2.8.0) NOTE: https://github.com/liballeg/allegro5/commit/0294e28e6135292eab4b2916a7d2223b1bb6843e (5.2.8.0) NOTE: In allegro 4.4, code is in src/[pcx|tga].c instead CVE-2021-36488 RESERVED CVE-2021-36487 RESERVED CVE-2021-36486 RESERVED CVE-2021-36485 RESERVED CVE-2021-36484 (SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run ...) NOT-FOR-US: JIZHICMS CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...) NOT-FOR-US: DevExpress.XtraReports.UI CVE-2021-36482 RESERVED CVE-2021-36481 RESERVED CVE-2021-36480 RESERVED CVE-2021-36479 RESERVED CVE-2021-36478 RESERVED CVE-2021-36477 RESERVED CVE-2021-36476 RESERVED CVE-2021-36475 RESERVED CVE-2021-36474 RESERVED CVE-2021-36473 RESERVED CVE-2021-36472 RESERVED CVE-2021-36471 (Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote atta ...) NOT-FOR-US: AdminLTE CVE-2021-36470 RESERVED CVE-2021-36469 RESERVED CVE-2021-36468 RESERVED CVE-2021-36467 RESERVED CVE-2021-36466 RESERVED CVE-2021-36465 RESERVED CVE-2021-36464 RESERVED CVE-2021-36463 RESERVED CVE-2021-36462 RESERVED CVE-2021-36461 (An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that ...) NOT-FOR-US: microweber CVE-2021-36460 (VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password ...) NOT-FOR-US: VeryFitPro CVE-2021-36459 RESERVED CVE-2021-36458 RESERVED CVE-2021-36457 RESERVED CVE-2021-36456 RESERVED CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...) NOT-FOR-US: Naviwebs Navigate CMS CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...) NOT-FOR-US: Naviwebs Navigate CMS CVE-2021-36453 RESERVED CVE-2021-36452 RESERVED CVE-2021-36451 RESERVED CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...) NOT-FOR-US: Verint CVE-2021-36449 RESERVED CVE-2021-36448 RESERVED CVE-2021-36447 RESERVED CVE-2021-36446 RESERVED CVE-2021-36445 RESERVED CVE-2021-36444 (Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows re ...) NOT-FOR-US: imcat CVE-2021-36443 (Cross Site Request Forgery vulnerability in imcat 5.4 allows remote at ...) NOT-FOR-US: imcat CVE-2021-36442 RESERVED CVE-2021-36441 RESERVED CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...) NOT-FOR-US: ShowDoc CVE-2021-36439 RESERVED CVE-2021-36438 RESERVED CVE-2021-36437 RESERVED CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows attackers to ...) NOT-FOR-US: Mobicint Backend for Credit Unions CVE-2021-36435 RESERVED CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) NOT-FOR-US: jocms CVE-2021-36433 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) NOT-FOR-US: jocms CVE-2021-36432 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) NOT-FOR-US: jocms CVE-2021-36431 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) NOT-FOR-US: jocms CVE-2021-36430 RESERVED CVE-2021-36429 RESERVED CVE-2021-36428 RESERVED CVE-2021-36427 RESERVED CVE-2021-36426 (File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to ...) NOT-FOR-US: phpwcms CVE-2021-36425 (Directory traversal vulnerability in phpcms 1.9.25 allows remote attac ...) NOT-FOR-US: phpcms CVE-2021-36424 (An issue discovered in phpwcms 1.9.25 allows remote attackers to run a ...) NOT-FOR-US: phpwcms CVE-2021-36423 RESERVED CVE-2021-36422 RESERVED CVE-2021-36421 RESERVED CVE-2021-36420 RESERVED CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...) NOT-FOR-US: WildFly Elytron CVE-2021-36419 RESERVED CVE-2021-36418 RESERVED CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1846 NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 (v2.0.0) CVE-2021-36416 RESERVED CVE-2021-36415 RESERVED CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1840 NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 (v2.0.0) CVE-2021-36413 RESERVED CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) {DSA-5411-1} - gpac 2.0.0+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1838 NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0) CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.8-1.1 (bug #1014977) [stretch] - libde265 (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/302 NOTE: https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.8-1.1 (bug #1014977) [stretch] - libde265 (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/301 NOTE: https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355 CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) NOT-FOR-US: Bitdefender CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.8-1.1 (bug #1014977) [stretch] - libde265 (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/300 NOTE: https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.8-1.1 (bug #1014977) [stretch] - libde265 (Minor issue) NOTE: https://github.com/strukturag/libde265/issues/299 NOTE: https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911 CVE-2021-36407 RESERVED CVE-2021-36406 RESERVED CVE-2021-36405 RESERVED CVE-2021-36404 RESERVED CVE-2021-36403 (In Moodle, in some circumstances, email notifications of messages coul ...) - moodle CVE-2021-36402 (In Moodle, Users' names required additional sanitizing in the account ...) - moodle CVE-2021-36401 (In Moodle, ID numbers exported in HTML data formats required additiona ...) - moodle CVE-2021-36400 (In Moodle, insufficient capability checks made it possible to remove o ...) - moodle CVE-2021-36399 (In Moodle, ID numbers displayed in the quiz override screens required ...) - moodle CVE-2021-36398 (In moodle, ID numbers displayed in the web service token list required ...) - moodle CVE-2021-36397 (In Moodle, insufficient capability checks meant message deletions were ...) - moodle CVE-2021-36396 (In Moodle, insufficient redirect handling made it possible to blindly ...) - moodle CVE-2021-36395 (In Moodle, the file repository's URL parsing required additional recur ...) - moodle CVE-2021-36394 (In Moodle, a remote code execution risk was identified in the Shibbole ...) - moodle CVE-2021-36393 (In Moodle, an SQL injection risk was identified in the library fetchin ...) - moodle CVE-2021-36392 (In Moodle, an SQL injection risk was identified in the library fetchin ...) - moodle CVE-2021-36391 RESERVED CVE-2021-36390 RESERVED CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) NOT-FOR-US: Yellowfin CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) NOT-FOR-US: Yellowfin CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) NOT-FOR-US: Yellowfin CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) - fetchmail 6.4.16-4 (unimportant) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20) NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21) NOTE: Negligible security impact CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...) NOT-FOR-US: Cerner Mobile Care CVE-2021-36384 RESERVED CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...) NOT-FOR-US: Xen Orchestra CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...) NOT-FOR-US: Devolutions Server CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...) NOT-FOR-US: Edifecs CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...) NOT-FOR-US: Sunhillo SureLine CVE-2021-36379 REJECTED CVE-2021-36378 RESERVED CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...) - fossil 1:2.15.2-1 [buster] - fossil (Minor issue) [stretch] - fossil (Minor issue) NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...) NOT-FOR-US: dandavison delta CVE-2021-36375 RESERVED CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...) - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 NOTE: Crash in CLI tool, no security impact CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...) - ant 1.10.11-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 NOTE: Crash in CLI tool, no security impact CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...) NOT-FOR-US: Apache Ozone CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...) NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway) CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...) - mc 3:4.8.27-1 (bug #993404) [bullseye] - mc (Minor issue) [buster] - mc (Minor issue) [stretch] - mc (Minor issue) NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f CVE-2021-36369 (An issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ...) {DLA-3187-1} - dropbear 2022.82-1 [bullseye] - dropbear 2020.81-3+deb11u1 NOTE: https://github.com/mkj/dropbear/pull/128 NOTE: https://github.com/mkj/dropbear/commit/210a9833496ed2a93b8da93924874938127ce0b5 (DROPBEAR_2022.82) CVE-2021-36368 (An issue was discovered in OpenSSH before 8.9. If a client is using pu ...) - openssh 1:8.9p1-1 (unimportant) NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316 NOTE: https://docs.ssh-mitm.at/trivialauth.html CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) {DLA-3794-1} - putty 0.75-3 (bug #990901) [bullseye] - putty 0.74-1+deb11u1 [stretch] - putty (Minor issue) NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...) NOT-FOR-US: Nagios XI CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...) NOT-FOR-US: Nagios XI CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.) NOT-FOR-US: Nagios XI CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...) NOT-FOR-US: Nagios XI CVE-2021-36362 RESERVED CVE-2021-36361 RESERVED CVE-2021-36360 RESERVED CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...) NOT-FOR-US: OrbiTeam BSCW Classic CVE-2021-36358 RESERVED CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...) NOT-FOR-US: OpenPOWER firwmware CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...) NOT-FOR-US: KRAMER VIAware CVE-2021-36355 RESERVED CVE-2021-36354 RESERVED CVE-2021-36353 RESERVED CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...) NOT-FOR-US: Care2x Hospital Information Management CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...) NOT-FOR-US: Care2x Open Source Hospital Information Management CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux kern ...) {DSA-5096-1 DLA-2941-1 DLA-2940-1} - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize logout ...) {DLA-3359-1} - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730) [bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1 [stretch] - libapache2-mod-auth-mellon (Minor issue) NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) NOT-FOR-US: Dell CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...) NOT-FOR-US: EMC CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...) NOT-FOR-US: Dell CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...) NOT-FOR-US: Dell CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...) NOT-FOR-US: Dell CVE-2021-36345 RESERVED CVE-2021-36344 RESERVED CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) NOT-FOR-US: Dell CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) NOT-FOR-US: EMC CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...) NOT-FOR-US: EMC CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...) NOT-FOR-US: Unisphere for PowerMax CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...) NOT-FOR-US: Dell CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...) NOT-FOR-US: Dell CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) NOT-FOR-US: EMC CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) NOT-FOR-US: EMC CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...) NOT-FOR-US: EMC CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...) NOT-FOR-US: EMC CVE-2021-36331 RESERVED CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...) NOT-FOR-US: Dell EMC Streaming Data Platform CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...) NOT-FOR-US: Dell EMC Streaming Data Platform CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...) NOT-FOR-US: Dell EMC Streaming Data Platform CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...) NOT-FOR-US: Dell EMC Streaming Data Platform CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...) NOT-FOR-US: Dell EMC Streaming Data Platform CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36322 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a ...) NOT-FOR-US: Dell CVE-2021-36321 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) NOT-FOR-US: Dell CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) NOT-FOR-US: Dell CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...) NOT-FOR-US: Dell CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...) NOT-FOR-US: EMC CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...) NOT-FOR-US: EMC CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...) NOT-FOR-US: EMC CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) NOT-FOR-US: EMC CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) NOT-FOR-US: EMC CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...) NOT-FOR-US: EMC CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...) NOT-FOR-US: EMC CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...) NOT-FOR-US: EMC CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x ...) NOT-FOR-US: Dell CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...) NOT-FOR-US: Dell CVE-2021-36308 (Networking OS10, versions prior to October 2021 with Smart Fabric Serv ...) NOT-FOR-US: Dell CVE-2021-36307 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) NOT-FOR-US: Dell CVE-2021-36306 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) NOT-FOR-US: Dell CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...) NOT-FOR-US: Dell CVE-2021-36304 RESERVED CVE-2021-36303 RESERVED CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...) NOT-FOR-US: EMC CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...) NOT-FOR-US: Dell CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...) NOT-FOR-US: Dell CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...) NOT-FOR-US: Dell CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...) NOT-FOR-US: EMC CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) NOT-FOR-US: SupportAssist Client (Dell) CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) NOT-FOR-US: Dell CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) NOT-FOR-US: Dell CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) NOT-FOR-US: Dell CVE-2021-36293 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege ...) NOT-FOR-US: Dell CVE-2021-36292 RESERVED CVE-2021-36291 RESERVED CVE-2021-36290 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege ...) NOT-FOR-US: Dell CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...) NOT-FOR-US: Dell CVE-2021-36288 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a path trav ...) NOT-FOR-US: Dell CVE-2021-36287 (Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthen ...) NOT-FOR-US: Dell CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...) NOT-FOR-US: Dell SupportAssist Client Consumer CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) NOT-FOR-US: Dell CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) NOT-FOR-US: Dell CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...) NOT-FOR-US: Dell CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...) NOT-FOR-US: EMC CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) NOT-FOR-US: EMC CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain ...) NOT-FOR-US: EMC CVE-2021-36277 (Dell Command | Update, Dell Update, and Alienware Update versions befo ...) NOT-FOR-US: Dell CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...) NOT-FOR-US: Dell CVE-2021-36275 RESERVED CVE-2021-36274 RESERVED CVE-2021-36273 RESERVED CVE-2021-36272 RESERVED CVE-2021-36271 RESERVED CVE-2021-36270 RESERVED CVE-2021-36269 RESERVED CVE-2021-36268 RESERVED CVE-2021-36267 RESERVED CVE-2021-36266 RESERVED CVE-2021-36265 RESERVED CVE-2021-36264 RESERVED CVE-2021-36263 RESERVED CVE-2021-36262 RESERVED CVE-2021-36261 RESERVED CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...) NOT-FOR-US: Hikvision CVE-2021-36259 RESERVED CVE-2021-36258 RESERVED CVE-2021-36257 RESERVED CVE-2021-36256 RESERVED CVE-2021-36255 RESERVED CVE-2021-36254 RESERVED CVE-2021-36253 RESERVED CVE-2021-36252 RESERVED CVE-2021-36251 RESERVED CVE-2021-36250 RESERVED CVE-2021-36249 RESERVED CVE-2021-36248 RESERVED CVE-2021-36247 RESERVED CVE-2021-36246 RESERVED CVE-2021-36245 RESERVED CVE-2021-36244 RESERVED CVE-2021-36243 RESERVED CVE-2021-36242 RESERVED CVE-2021-36241 RESERVED CVE-2021-36240 RESERVED CVE-2021-36239 RESERVED CVE-2021-36238 RESERVED CVE-2021-36237 RESERVED CVE-2021-36236 RESERVED CVE-2020-36418 RESERVED CVE-2020-36417 RESERVED CVE-2021-3638 (An out-of-bounds memory access flaw was found in the ATI VGA device em ...) {DSA-4980-1} - qemu 1:6.1+dfsg-6 (bug #992726) [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) [stretch] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858 NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/584acf34cb05f16e13a46d666196a7583d232616 (v4.1.0-rc0) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643 (v7.2.0-rc0) CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...) NOT-FOR-US: Ivanti CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...) NOT-FOR-US: MIK.starlight CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...) NOT-FOR-US: MIK.starlight CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...) NOT-FOR-US: MIK.starlight CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...) NOT-FOR-US: MIK.starlight CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...) NOT-FOR-US: Terraform Enterprise CVE-2021-36229 RESERVED CVE-2021-36228 RESERVED CVE-2021-36227 RESERVED CVE-2021-36226 (Western Digital My Cloud devices before OS5 do not use cryptographical ...) NOT-FOR-US: Western Digital CVE-2021-36225 (Western Digital My Cloud devices before OS5 allow REST API access by l ...) NOT-FOR-US: Western Digital CVE-2021-36224 (Western Digital My Cloud devices before OS5 have a nobody account with ...) NOT-FOR-US: Western Digital CVE-2021-36223 RESERVED CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...) {DSA-4944-1} - krb5 1.18.3-6 (bug #991365) [stretch] - krb5 (Vulnerable code (k5memdup0()) introduced later) NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007 CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.16 1.16.7-1 - golang-1.15 1.15.15-1 (bug #991961) [bullseye] - golang-1.15 1.15.15-1~deb11u1 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/46866 NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master) NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16) NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15) CVE-2021-36220 RESERVED CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...) NOT-FOR-US: SKALE sgxwallet CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...) NOT-FOR-US: SKALE sgxwallet CVE-2021-36217 REJECTED CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...) NOT-FOR-US: LINE for Windows CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...) NOT-FOR-US: LINE client for iOS CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...) NOT-FOR-US: LINE client for iOS CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...) - consul (Only applies to 1.9 and later) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 NOTE: https://github.com/hashicorp/consul/pull/10619 CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) NOT-FOR-US: MISP CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...) NOT-FOR-US: Keycloak CVE-2021-36211 RESERVED CVE-2021-36210 RESERVED CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) NOT-FOR-US: JetBrains CVE-2021-36208 RESERVED CVE-2021-36207 (Under certain circumstances improper privilege management in Metasys A ...) NOT-FOR-US: Metasys CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently validate us ...) NOT-FOR-US: CEVAS CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...) NOT-FOR-US: Johnson Controls CVE-2021-36204 (Under some circumstances an Insufficiently Protected Credentials vulne ...) NOT-FOR-US: Johnson Controls CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...) NOT-FOR-US: Johnson Controls CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...) NOT-FOR-US: Johnson Controls Metasys CVE-2021-36201 (Under certain circumstances a CCURE Portal user could enumerate user a ...) NOT-FOR-US: CCURE CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...) NOT-FOR-US: Johnson Controls CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...) NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...) NOT-FOR-US: Sensormatic Electronics, LLC CVE-2021-36197 RESERVED CVE-2021-36196 RESERVED CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...) NOT-FOR-US: FortiGuard CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...) NOT-FOR-US: FortiGuard CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...) NOT-FOR-US: FortiGuard CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) NOT-FOR-US: Fortiguard CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) NOT-FOR-US: FortiGuard CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...) NOT-FOR-US: FortiGuard CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...) NOT-FOR-US: FortiGuard CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: FortiGuard CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...) NOT-FOR-US: Fortiguard CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...) NOT-FOR-US: Fortiguard CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...) NOT-FOR-US: Fortiguard CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...) NOT-FOR-US: Fortiguard CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...) NOT-FOR-US: Fortiguard CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...) NOT-FOR-US: FortiGuard CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...) NOT-FOR-US: Fortiguard CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...) NOT-FOR-US: FortiGuard CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...) NOT-FOR-US: FortiGuard CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...) NOT-FOR-US: Fortiguard CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...) NOT-FOR-US: FortiGuard CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) NOT-FOR-US: Fortiguard CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...) NOT-FOR-US: Fortiguard CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...) NOT-FOR-US: Fortiguard CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...) NOT-FOR-US: FortiGuard CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...) NOT-FOR-US: Fortiguard CVE-2021-36171 (The use of a cryptographically weak pseudo-random number generator in ...) NOT-FOR-US: FortiGuard CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...) NOT-FOR-US: Fortiguard CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...) NOT-FOR-US: FortiGuard CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) NOT-FOR-US: Fortinet CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...) NOT-FOR-US: FortiGuard CVE-2021-36166 (An improper authentication vulnerability in FortiMail before 7.0.1 may ...) NOT-FOR-US: FortiGuard CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...) NOT-FOR-US: RICON Industrial Cellular Router CVE-2021-36164 RESERVED CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...) NOT-FOR-US: Apache Dubbo CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...) NOT-FOR-US: Apache Dubbo CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...) NOT-FOR-US: Apache Dubbo CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...) {DSA-4982-1 DLA-2768-1} - apache2 2.4.49-1 [stretch] - apache2 (Vulnerable module not present) - uwsgi (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160 NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x) CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) NOT-FOR-US: libfetch CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) - xrdp (xrdp as packaged in Alpine) CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...) NOT-FOR-US: Grafana Cortex CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...) NOT-FOR-US: Grafana Loki CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...) NOT-FOR-US: gRPC Swift CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...) NOT-FOR-US: gRPC Swift CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...) NOT-FOR-US: gRPC Swift CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...) NOT-FOR-US: Apache Gobblin CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...) NOT-FOR-US: Apache Gobblin CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) NOT-FOR-US: OpenShift CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) - linux 5.4.19-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946 CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...) {DSA-4965-1} - libssh 0.9.6-1 (bug #993046) [buster] - libssh (Vulnerable code not present) [stretch] - libssh (Vulnerable code not present) NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6) CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS.) NOT-FOR-US: SilverStripe CMS CVE-2021-36149 RESERVED CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...) NOT-FOR-US: ACRN CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...) NOT-FOR-US: ACRN CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...) NOT-FOR-US: ACRN CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...) NOT-FOR-US: ACRN CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...) NOT-FOR-US: ACRN CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...) NOT-FOR-US: ACRN CVE-2021-36142 RESERVED CVE-2021-36141 RESERVED CVE-2021-36140 RESERVED CVE-2021-36139 RESERVED CVE-2021-36138 RESERVED CVE-2021-36137 RESERVED CVE-2021-36136 RESERVED CVE-2021-36135 RESERVED CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) NOT-FOR-US: McAfee CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) - optee-os (unimportant) NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-6q85-3ph3-rm47 NOTE: Upstream does not share F-Secure's view (the reporters) on the severity and NOTE: does not consider this to be a security issue. CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) NOT-FOR-US: FileImport MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...) NOT-FOR-US: SportsTeams MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...) NOT-FOR-US: SocialProfile MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...) NOT-FOR-US: Translate MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...) NOT-FOR-US: AbuseFilter MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...) NOT-FOR-US: Echo ShareCare CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...) NOT-FOR-US: Echo ShareCare CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...) NOT-FOR-US: Echo ShareCare CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) NOT-FOR-US: Echo ShareCare CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...) NOT-FOR-US: Lenovo CVE-2021-36120 RESERVED CVE-2021-36119 RESERVED CVE-2021-36118 RESERVED CVE-2021-36117 RESERVED CVE-2021-36116 RESERVED CVE-2021-36115 RESERVED CVE-2021-36114 RESERVED CVE-2021-36113 RESERVED CVE-2021-36112 RESERVED CVE-2021-36111 RESERVED CVE-2021-36110 RESERVED CVE-2021-36109 RESERVED CVE-2021-36108 RESERVED CVE-2021-36107 RESERVED CVE-2021-36106 RESERVED CVE-2021-36105 RESERVED CVE-2021-36104 RESERVED CVE-2021-36103 RESERVED CVE-2021-36102 RESERVED CVE-2021-36101 RESERVED CVE-2021-36100 (Specially crafted string in OTRS system configuration can allow the ex ...) {DLA-3551-1} - znuny (Fixed before initial upload to archive as src:znuny) - otrs2 6.3.2-1 [bullseye] - otrs2 (Non-free not supported) NOTE: https://www.znuny.org/en/releases/znuny-6-3-2 NOTE: https://www.znuny.org/en/advisories/zsa-2022-02 NOTE: https://github.com/znuny/Znuny/commit/309ec536540201a5b2741314e928c54a792bb845 (rel-6_0_41) NOTE: https://github.com/znuny/Znuny/commit/f6fe8ca2e48a18680ace94df0d84eb1e2c26e685 (rel-6_0_41) NOTE: https://github.com/znuny/Znuny/commit/42458dad68f330e3f94294348de29e48cc9432c8 (rel-6_0_41) NOTE: https://github.com/znuny/Znuny/commit/02ac202c624bfccfd97e7f4ea95e0fd4adcf7a07 (rel-6_0_41) CVE-2021-36099 RESERVED CVE-2021-36098 RESERVED CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...) - otrs (OTRS 8.x specific) NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...) NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...) NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...) NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...) NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...) {DLA-3551-1} - otrs2 6.0.32-6 (bug #991593) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/ NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632 (rel-6_1_1) NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) CVE-2021-3632 (A flaw was found in Keycloak. This vulnerability allows anyone to regi ...) NOT-FOR-US: Keycloak CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) - libgrokj2k 9.5.0-1 (bug #990525) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...) NOT-FOR-US: Fluent Bit CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...) - libsepol 3.3-1 (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...) - libsepol 3.3-1 (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - libsepol 3.3-1 (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) - libsepol 3.3-1 (bug #990526) [bullseye] - libsepol (Minor issue) [buster] - libsepol (Minor issue) [stretch] - libsepol (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...) [experimental] - kimageformats 5.83.0-1 - kimageformats 5.78.0-5 (bug #990527) [buster] - kimageformats (Minor issue) [stretch] - kimageformats (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...) - ndpi 4.0-1 (bug #990528) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code added later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) - tesseract 5.1.0-1 (bug #990529) [bullseye] - tesseract (Minor issue) [buster] - tesseract (Minor issue) [stretch] - tesseract (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 (5.0.0-alpha-20210401) CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...) - libredwg (bug #595191) CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...) - libavif 0.8.2-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811 NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...) NOT-FOR-US: uWebSockets CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...) NOT-FOR-US: keystone engine CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl< ...) NOT-FOR-US: keystone engine CVE-2020-36403 (HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_f ...) - htslib 1.11-1 [buster] - htslib (Minor issue) [stretch] - htslib (Vulnerable code added later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml NOTE: https://github.com/samtools/htslib/commit/dcd4b7304941a8832fba2d0fc4c1e716e7a4e72c CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...) NOT-FOR-US: Solidity CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...) - mruby 2.1.2-3 (bug #990540) [buster] - mruby (Vulnerable code not present) [stretch] - mruby (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503 NOTE: Introduced by: https://github.com/mruby/mruby/commit/9cdf439db52b66447b4e37c61179d54fad6c8f33 (2.1.2-rc) CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, ...) - zeromq3 (Never affected a released version) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml NOTE: Introduced by: https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0 (v4.3.3) NOTE: Fixed by: https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 (v4.3.3) CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) - phplist (bug #612288) CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) - phplist (bug #612288) CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the /admin/contac ...) NOT-FOR-US: LavaLite CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the /admin/roles/ ...) NOT-FOR-US: LavaLite CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the /admin/user/t ...) NOT-FOR-US: LavaLite CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...) - libressl (bug #754513) CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...) - libressl (bug #754513) CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) - unrar-nonfree 1:5.6.6-1 (bug #990541) [stretch] - unrar-nonfree (Non-free not supported) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...) - darktable 2.6.0-1 [stretch] - darktable (Vulnerable code added later) - photoflow (Fixed before initial upload to the archive) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256 NOTE: https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml NOTE: darktable 2.6.0 is the first release to bundle rawspeed 3.2 with the fixes CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) - unrar-nonfree 1:5.6.6-1 [stretch] - unrar-nonfree (Non-free not supported) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml CVE-2021-3631 (A flaw was found in libvirt while it generates SELinux MCS category pa ...) {DLA-3778-1} - libvirt 7.6.0-1 (bug #990709) [bullseye] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153 NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0) CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...) NOT-FOR-US: Adobe CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...) NOT-FOR-US: Adobe CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...) NOT-FOR-US: Adobe CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...) NOT-FOR-US: Adobe CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) NOT-FOR-US: Adobe CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) NOT-FOR-US: Adobe CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) NOT-FOR-US: Adobe CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...) NOT-FOR-US: Adobe CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an out-o ...) NOT-FOR-US: Adobe CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) {DLA-3585-1} - exempi 2.6.0-1 [bullseye] - exempi (Minor issue) NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...) NOT-FOR-US: Adobe CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...) NOT-FOR-US: Adobe CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) NOT-FOR-US: Adobe CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) NOT-FOR-US: Adobe CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...) NOT-FOR-US: Adobe CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) NOT-FOR-US: Adobe CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) NOT-FOR-US: Magento CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...) NOT-FOR-US: Adobe CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...) NOT-FOR-US: Adobe CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...) NOT-FOR-US: Adobe CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...) NOT-FOR-US: Adobe CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...) NOT-FOR-US: Adobe CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) NOT-FOR-US: Adobe CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...) NOT-FOR-US: Adobe CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...) NOT-FOR-US: Adobe CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...) NOT-FOR-US: Adobe CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...) NOT-FOR-US: Adobe CVE-2021-35998 RESERVED CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) NOT-FOR-US: Adobe CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...) NOT-FOR-US: Adobe CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) NOT-FOR-US: Adobe CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) NOT-FOR-US: Adobe CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of ...) NOT-FOR-US: Adobe CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) NOT-FOR-US: Adobe CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...) NOT-FOR-US: Digi RealPort CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...) NOT-FOR-US: Digi TransPort devices CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...) NOT-FOR-US: Digi RealPort CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...) NOT-FOR-US: Plesk Obsidian CVE-2021-35975 (Absolute path traversal vulnerability in the Systematica SMTP Adapter ...) NOT-FOR-US: Systematica SMTP Adapter component CVE-2021-35974 RESERVED CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...) NOT-FOR-US: Netgear CVE-2021-35972 RESERVED CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...) NOT-FOR-US: Veeam CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) NOT-FOR-US: Coral CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...) NOT-FOR-US: Pexip Infinity CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...) NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...) NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system CVE-2021-35960 RESERVED CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...) NOT-FOR-US: Plone CVE-2021-35958 (TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files ...) - tensorflow (bug #804612) CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...) NOT-FOR-US: Stormshield Endpoint Security Evolution CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...) NOT-FOR-US: AKCP sensorProbe CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field ...) NOT-FOR-US: Contao CMS CVE-2021-35954 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physic ...) NOT-FOR-US: fastrack Reflex CVE-2021-35953 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...) NOT-FOR-US: fastrack Reflex CVE-2021-35952 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...) NOT-FOR-US: fastrack Reflex CVE-2021-35951 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Una ...) NOT-FOR-US: fastrack Reflex CVE-2021-35950 RESERVED CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...) - owncloud CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...) - owncloud CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...) - owncloud CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...) - owncloud CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...) NOT-FOR-US: Couchbase Server CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...) NOT-FOR-US: Couchbase Server CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...) NOT-FOR-US: Couchbase Server CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) {DLA-3152-1} - glibc 2.31-13 (bug #990542) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011 NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) NOT-FOR-US: Western Digital CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...) {DSA-5032-1 DLA-2702-1} - djvulibre 3.5.27.1-12 NOTE: https://sourceforge.net/p/djvu/bugs/302/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ CVE-2021-3629 (A flaw was found in Undertow. A potential security issue in flow contr ...) - undertow 2.2.12-1 (bug #1016448) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362 NOTE: Make sure to also address followup tracked as CVE-2022-1259: NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2072339 CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...) NOT-FOR-US: OpenKM CVE-2021-3627 REJECTED CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...) - apr 1.7.0-7 (bug #992789) [bullseye] - apr 1.7.0-6+deb11u1 [buster] - apr (Vulnerable code re-introduced in 1.7.0) [stretch] - apr (Vulnerable code re-introduced in 1.7.0) NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3 NOTE: and so vulnerable to the same issue. NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198 NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch CVE-2021-35939 (It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ...) - rpm 4.18.0+dfsg-1 (bug #990543) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129 NOTE: https://github.com/rpm-software-management/rpm/pull/1919 NOTE: https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 CVE-2021-35938 (A symbolic link issue was found in rpm. It occurs when rpm sets the de ...) - rpm 4.18.0+dfsg-1 (bug #990543) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114 NOTE: https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 CVE-2021-35937 (A race condition vulnerability was found in rpm. A local unprivileged ...) - rpm 4.18.0+dfsg-1 (bug #990543) [bookworm] - rpm (Minor issue) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125 CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...) - airflow (bug #819700) CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...) NOT-FOR-US: Multipass CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 co ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-35935 RESERVED CVE-2021-35934 RESERVED CVE-2021-35933 RESERVED CVE-2021-35932 RESERVED CVE-2021-35931 RESERVED CVE-2021-35930 RESERVED CVE-2021-35929 RESERVED CVE-2021-35928 RESERVED CVE-2021-35927 RESERVED CVE-2021-35926 RESERVED CVE-2021-35925 RESERVED CVE-2021-35924 RESERVED CVE-2021-35923 RESERVED CVE-2021-35922 RESERVED CVE-2021-35921 RESERVED CVE-2021-35920 RESERVED CVE-2021-35919 RESERVED CVE-2021-35918 RESERVED CVE-2021-35917 RESERVED CVE-2021-35916 RESERVED CVE-2021-35915 RESERVED CVE-2021-35914 RESERVED CVE-2021-35913 RESERVED CVE-2021-35912 RESERVED CVE-2021-35911 RESERVED CVE-2021-35910 RESERVED CVE-2021-35909 RESERVED CVE-2021-35908 RESERVED CVE-2021-35907 RESERVED CVE-2021-35906 RESERVED CVE-2021-35905 RESERVED CVE-2021-35904 RESERVED CVE-2021-35903 RESERVED CVE-2021-35902 RESERVED CVE-2021-35901 RESERVED CVE-2021-35900 RESERVED CVE-2021-35899 RESERVED CVE-2021-35898 RESERVED CVE-2021-35897 RESERVED CVE-2021-35896 RESERVED CVE-2021-35895 RESERVED CVE-2021-35894 RESERVED CVE-2021-35893 RESERVED CVE-2021-35892 RESERVED CVE-2021-35891 RESERVED CVE-2021-35890 RESERVED CVE-2021-35889 RESERVED CVE-2021-35888 RESERVED CVE-2021-35887 RESERVED CVE-2021-35886 RESERVED CVE-2021-35885 RESERVED CVE-2021-35884 RESERVED CVE-2021-35883 RESERVED CVE-2021-35882 RESERVED CVE-2021-35881 RESERVED CVE-2021-35880 RESERVED CVE-2021-35879 RESERVED CVE-2021-35878 RESERVED CVE-2021-35877 RESERVED CVE-2021-35876 RESERVED CVE-2021-35875 RESERVED CVE-2021-35874 RESERVED CVE-2021-35873 RESERVED CVE-2021-35872 RESERVED CVE-2021-35871 RESERVED CVE-2021-35870 RESERVED CVE-2021-35869 RESERVED CVE-2021-35868 RESERVED CVE-2021-35867 RESERVED CVE-2021-35866 RESERVED CVE-2021-35865 RESERVED CVE-2021-35864 RESERVED CVE-2021-35863 RESERVED CVE-2021-35862 RESERVED CVE-2021-35861 RESERVED CVE-2021-35860 RESERVED CVE-2021-35859 RESERVED CVE-2021-35858 RESERVED CVE-2021-35857 RESERVED CVE-2021-35856 RESERVED CVE-2021-35855 RESERVED CVE-2021-35854 RESERVED CVE-2021-35853 RESERVED CVE-2021-35852 RESERVED CVE-2021-35851 RESERVED CVE-2021-35850 RESERVED CVE-2021-35849 RESERVED CVE-2021-35848 RESERVED CVE-2021-35847 RESERVED CVE-2021-35846 RESERVED CVE-2021-35845 RESERVED CVE-2021-35844 RESERVED CVE-2021-35843 RESERVED CVE-2021-35842 RESERVED CVE-2021-35841 RESERVED CVE-2021-35840 RESERVED CVE-2021-35839 RESERVED CVE-2021-35838 RESERVED CVE-2021-35837 RESERVED CVE-2021-35836 RESERVED CVE-2021-35835 RESERVED CVE-2021-35834 RESERVED CVE-2021-35833 RESERVED CVE-2021-35832 RESERVED CVE-2021-35831 RESERVED CVE-2021-35830 RESERVED CVE-2021-35829 RESERVED CVE-2021-35828 RESERVED CVE-2021-35827 RESERVED CVE-2021-35826 RESERVED CVE-2021-35825 RESERVED CVE-2021-35824 RESERVED CVE-2021-35823 RESERVED CVE-2021-35822 RESERVED CVE-2021-35821 RESERVED CVE-2021-35820 RESERVED CVE-2021-35819 RESERVED CVE-2021-35818 RESERVED CVE-2021-35817 RESERVED CVE-2021-35816 RESERVED CVE-2021-35815 RESERVED CVE-2021-35814 RESERVED CVE-2021-35813 RESERVED CVE-2021-35812 RESERVED CVE-2021-35811 RESERVED CVE-2021-35810 RESERVED CVE-2021-35809 RESERVED CVE-2021-35808 RESERVED CVE-2021-35807 RESERVED CVE-2021-35806 RESERVED CVE-2021-35805 RESERVED CVE-2021-35804 RESERVED CVE-2021-35803 RESERVED CVE-2021-35802 RESERVED CVE-2021-35801 RESERVED CVE-2021-35800 RESERVED CVE-2021-35799 RESERVED CVE-2021-35798 RESERVED CVE-2021-35797 RESERVED CVE-2021-35796 RESERVED CVE-2021-35795 RESERVED CVE-2021-35794 RESERVED CVE-2021-35793 RESERVED CVE-2021-35792 RESERVED CVE-2021-35791 RESERVED CVE-2021-35790 RESERVED CVE-2021-35789 RESERVED CVE-2021-35788 RESERVED CVE-2021-35787 RESERVED CVE-2021-35786 RESERVED CVE-2021-35785 RESERVED CVE-2021-35784 RESERVED CVE-2021-35783 RESERVED CVE-2021-35782 RESERVED CVE-2021-35781 RESERVED CVE-2021-35780 RESERVED CVE-2021-35779 RESERVED CVE-2021-35778 RESERVED CVE-2021-35777 RESERVED CVE-2021-35776 RESERVED CVE-2021-35775 RESERVED CVE-2021-35774 RESERVED CVE-2021-35773 RESERVED CVE-2021-35772 RESERVED CVE-2021-35771 RESERVED CVE-2021-35770 RESERVED CVE-2021-35769 RESERVED CVE-2021-35768 RESERVED CVE-2021-35767 RESERVED CVE-2021-35766 RESERVED CVE-2021-35765 RESERVED CVE-2021-35764 RESERVED CVE-2021-35763 RESERVED CVE-2021-35762 RESERVED CVE-2021-35761 RESERVED CVE-2021-35760 RESERVED CVE-2021-35759 RESERVED CVE-2021-35758 RESERVED CVE-2021-35757 RESERVED CVE-2021-35756 RESERVED CVE-2021-35755 RESERVED CVE-2021-35754 RESERVED CVE-2021-35753 RESERVED CVE-2021-35752 RESERVED CVE-2021-35751 RESERVED CVE-2021-35750 RESERVED CVE-2021-35749 RESERVED CVE-2021-35748 RESERVED CVE-2021-35747 RESERVED CVE-2021-35746 RESERVED CVE-2021-35745 RESERVED CVE-2021-35744 RESERVED CVE-2021-35743 RESERVED CVE-2021-35742 RESERVED CVE-2021-35741 RESERVED CVE-2021-35740 RESERVED CVE-2021-35739 RESERVED CVE-2021-35738 RESERVED CVE-2021-35737 RESERVED CVE-2021-35736 RESERVED CVE-2021-35735 RESERVED CVE-2021-35734 RESERVED CVE-2021-35733 RESERVED CVE-2021-35732 RESERVED CVE-2021-35731 RESERVED CVE-2021-35730 RESERVED CVE-2021-35729 RESERVED CVE-2021-35728 RESERVED CVE-2021-35727 RESERVED CVE-2021-35726 RESERVED CVE-2021-35725 RESERVED CVE-2021-35724 RESERVED CVE-2021-35723 RESERVED CVE-2021-35722 RESERVED CVE-2021-35721 RESERVED CVE-2021-35720 RESERVED CVE-2021-35719 RESERVED CVE-2021-35718 RESERVED CVE-2021-35717 RESERVED CVE-2021-35716 RESERVED CVE-2021-35715 RESERVED CVE-2021-35714 RESERVED CVE-2021-35713 RESERVED CVE-2021-35712 RESERVED CVE-2021-35711 RESERVED CVE-2021-35710 RESERVED CVE-2021-35709 RESERVED CVE-2021-35708 RESERVED CVE-2021-35707 RESERVED CVE-2021-35706 RESERVED CVE-2021-35705 RESERVED CVE-2021-35704 RESERVED CVE-2021-35703 RESERVED CVE-2021-35702 RESERVED CVE-2021-35701 RESERVED CVE-2021-35700 RESERVED CVE-2021-35699 RESERVED CVE-2021-35698 RESERVED CVE-2021-35697 RESERVED CVE-2021-35696 RESERVED CVE-2021-35695 RESERVED CVE-2021-35694 RESERVED CVE-2021-35693 RESERVED CVE-2021-35692 RESERVED CVE-2021-35691 RESERVED CVE-2021-35690 RESERVED CVE-2021-35689 (A potential vulnerability in the Oracle Talent Acquisition Cloud - Tal ...) NOT-FOR-US: Oracle CVE-2021-35688 RESERVED CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2021-35685 RESERVED CVE-2021-35684 RESERVED CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...) NOT-FOR-US: Oracle CVE-2021-35682 RESERVED CVE-2021-35681 RESERVED CVE-2021-35680 RESERVED CVE-2021-35679 RESERVED CVE-2021-35678 RESERVED CVE-2021-35677 RESERVED CVE-2021-35676 RESERVED CVE-2021-35675 RESERVED CVE-2021-35674 RESERVED CVE-2021-35673 RESERVED CVE-2021-35672 RESERVED CVE-2021-35671 RESERVED CVE-2021-35670 RESERVED CVE-2021-35669 RESERVED CVE-2021-35668 RESERVED CVE-2021-35667 RESERVED CVE-2021-35666 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2021-35665 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) NOT-FOR-US: Oracle CVE-2021-35664 RESERVED CVE-2021-35663 RESERVED CVE-2021-35662 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35661 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35660 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35659 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35658 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35657 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35656 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35655 (Vulnerability in the Essbase Administration Services product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-35654 (Vulnerability in the Essbase Administration Services product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-35653 (Vulnerability in the Essbase Administration Services product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-35652 (Vulnerability in the Essbase Administration Services product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-35651 (Vulnerability in the Essbase Administration Services product of Oracle ...) NOT-FOR-US: Oracle CVE-2021-35650 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle Secure Global Desktop CVE-2021-35649 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) NOT-FOR-US: Oracle Secure Global Desktop CVE-2021-35648 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35647 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35646 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35645 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35644 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35642 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35639 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35636 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35630 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35629 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35628 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35626 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 - mysql-5.7 CVE-2021-35623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35622 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-35616 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2021-35615 RESERVED CVE-2021-35614 RESERVED CVE-2021-35613 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35612 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35611 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2021-35610 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35609 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2021-35605 RESERVED CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 - mysql-8.0 8.0.28-1 - mysql-5.7 NOTE: Fixed in MariaDB: 10.5.13, 10.3.32 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35601 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) NOT-FOR-US: Oracle CVE-2021-35600 RESERVED CVE-2021-35599 (Vulnerability in the Zero Downtime DB Migration to Cloud component of ...) NOT-FOR-US: Oracle CVE-2021-35598 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35597 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35596 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35595 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35594 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35593 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35592 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DLA-2814-1} - openjdk-8 8u312-b07-1 CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) NOT-FOR-US: Oracle CVE-2021-35584 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35583 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 (Windows-specific) CVE-2021-35582 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35581 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35579 RESERVED CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35576 (Vulnerability in the Oracle Database Enterprise Edition Unified Audit ...) NOT-FOR-US: Oracle CVE-2021-35575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35574 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35573 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35572 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2021-35571 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) NOT-FOR-US: Oracle CVE-2021-35570 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5000-1 DLA-2814-1} - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35555 RESERVED CVE-2021-35554 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2021-35553 (Vulnerability in the PeopleSoft Enterprise CS Student Records product ...) NOT-FOR-US: Oracle CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5000-1 DLA-2814-1} - openjdk-11 11.0.13+8-1 - openjdk-8 8u312-b07-1 CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-35548 RESERVED CVE-2021-35547 RESERVED CVE-2021-35546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35545 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.28-dfsg-1 CVE-2021-35544 RESERVED CVE-2021-35543 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2021-35542 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.28-dfsg-1 CVE-2021-35541 (Vulnerability in the PeopleSoft Enterprise SCM product of Oracle Peopl ...) NOT-FOR-US: Oracle CVE-2021-35540 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.28-dfsg-1 CVE-2021-35539 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2021-35538 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (Windows-specific) CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.28-1 CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...) NOT-FOR-US: Hitachi CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...) NOT-FOR-US: Hitachi CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...) NOT-FOR-US: Hitachi CVE-2021-35532 (A vulnerability exists in the file upload validation part of Hitachi E ...) NOT-FOR-US: Hitachi CVE-2021-35531 (Improper Input Validation vulnerability in a particular configuration ...) NOT-FOR-US: Hitachi CVE-2021-35530 (A vulnerability in the application authentication and authorization me ...) NOT-FOR-US: Hitachi CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...) NOT-FOR-US: Hitachi CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...) NOT-FOR-US: Hitachi CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...) NOT-FOR-US: Hitachi ABB Power Grids eSOMS CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...) NOT-FOR-US: Hitachi ABB Power Grids System Data Manager CVE-2021-3624 (There is an integer overflow vulnerability in dcraw. When the victim r ...) - dcraw 9.28-3 (bug #984761) [bullseye] - dcraw (Minor issue) [buster] - dcraw (Minor issue) [stretch] - dcraw (Minor issue) CVE-2021-3623 (A flaw was found in libtpms. The flaw can be triggered by specially-cr ...) - libtpms 0.9.1-1 (bug #990522) NOTE: https://github.com/stefanberger/libtpms/pull/223 NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...) - postsrsd 1.10-2 (bug #990439) [buster] - postsrsd 1.5-2+deb10u2 [stretch] - postsrsd (Minor issue) NOTE: https://bugs.gentoo.org/793674 NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 CVE-2021-35524 RESERVED CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) NOT-FOR-US: Securepoint CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) NOT-FOR-US: IDEMIA CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) NOT-FOR-US: IDEMIA CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) NOT-FOR-US: IDEMIA CVE-2021-35519 RESERVED CVE-2021-35518 RESERVED CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789 NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...) - libcommons-compress-java 1.21-1 (bug #991041) [bullseye] - libcommons-compress-java (Minor issue) [buster] - libcommons-compress-java (Minor issue) [stretch] - libcommons-compress-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321 CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) NOT-FOR-US: Narou CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used.) - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449) NOTE: https://github.com/mermaid-js/mermaid/issues/2122 NOTE: https://github.com/mermaid-js/mermaid/pull/2123 CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-35511 RESERVED CVE-2021-35510 RESERVED CVE-2021-35509 RESERVED CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...) NOT-FOR-US: TeraRecon AQNetClient CVE-2021-35507 RESERVED CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...) NOT-FOR-US: Afian FileRun CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) NOT-FOR-US: Afian FileRun CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) NOT-FOR-US: Afian FileRun CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...) NOT-FOR-US: Afian FileRun CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...) NOT-FOR-US: MISP CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...) - hivex 1.3.21-1 (bug #991860) [bullseye] - hivex (Minor issue) [buster] - hivex (Minor issue) [stretch] - hivex (Minor issue) NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255 CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name f ...) NOT-FOR-US: PandoraFMS CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...) {DLA-3436-1 DLA-2758-1} - sssd 2.5.2-1 (bug #992710) [bullseye] - sssd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142 NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7) NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16) NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91) CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...) {DLA-3695-1} - ansible-core 2.12.0-1 - ansible 5.4.0-1 [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) [stretch] - ansible (EOL'd for stretch) - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767 NOTE: https://github.com/ansible/ansible/commit/79e9dae29212a88aa60122ca6bd608947399017f NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...) NOT-FOR-US: TIBCO CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...) NOT-FOR-US: TIBCO CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) NOT-FOR-US: TIBCO CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) NOT-FOR-US: TIBCO CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...) NOT-FOR-US: TIBCO CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) NOT-FOR-US: TIBCO CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...) NOT-FOR-US: WebFOCUS CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) NOT-FOR-US: Rapid7 Velociraptor CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command.) NOT-FOR-US: Thruk CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME] ...) NOT-FOR-US: Thruk CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={T ...) NOT-FOR-US: Thruk CVE-2021-35487 (Nokia Broadcast Message Center through 11.1.0 allows an authenticated ...) NOT-FOR-US: Nokia Broadcast Message Center CVE-2021-35486 RESERVED CVE-2021-35485 RESERVED CVE-2021-35484 RESERVED CVE-2021-35483 RESERVED CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...) NOT-FOR-US: Barco MirrorOp Windows Sender CVE-2021-35481 RESERVED CVE-2021-35480 RESERVED CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...) NOT-FOR-US: Nagios Log Server CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...) NOT-FOR-US: Nagios Log Server CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 [stretch] - linux (Too risky to backport, and mitigated by default) NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-35476 RESERVED CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...) NOT-FOR-US: SAS Environment Manager CVE-2021-3618 (ALPACA is an application layer protocol content confusion attack, expl ...) {DLA-3203-1} - nginx 1.20.2-2 (bug #991328) [bullseye] - nginx 1.18.0-6.1+deb11u2 [stretch] - nginx (Minor issue) - vsftpd (bug #991329) [bookworm] - vsftpd (Minor issue) [bullseye] - vsftpd (Minor issue) [buster] - vsftpd (Minor issue) [stretch] - vsftpd (Minor issue) [experimental] - sendmail 8.16.1-1 - sendmail 8.16.1-2 (bug #991331) [bullseye] - sendmail (Minor issue) [buster] - sendmail (Minor issue) [stretch] - sendmail (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623 NOTE: https://alpaca-attack.com/ NOTE: Generic TLS protocol issue, some applications have released mitigations: NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799 NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4) NOTE: * Close the control connection after 10 unknown commands pre-login. NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'. NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) NOT-FOR-US: Lenovo CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) NOT-FOR-US: Lenovo CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] RESERVED - lemonldap-ng 2.0.11+ds-4 [buster] - lemonldap-ng (OAuth2 Handler introduced later) [stretch] - lemonldap-ng (OAuth2 Handler introduced later) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...) {DSA-4943-1} - lemonldap-ng 2.0.11+ds-4 [stretch] - lemonldap-ng (Vulnerable code not present; updateSession doesn't use in-memory cache) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 CVE-2021-35471 RESERVED CVE-2021-35470 RESERVED CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...) NOT-FOR-US: Lexmark CVE-2021-35468 RESERVED CVE-2021-35467 RESERVED CVE-2021-35466 RESERVED CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...) NOT-FOR-US: ARM CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...) NOT-FOR-US: ForgeRock CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) NOT-FOR-US: Liferay CVE-2021-35462 RESERVED CVE-2021-35461 RESERVED CVE-2021-35460 RESERVED CVE-2021-35459 RESERVED CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...) NOT-FOR-US: Online Pet Shop We App CVE-2021-35457 RESERVED CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...) NOT-FOR-US: Online Pet Shop We App CVE-2021-35455 RESERVED CVE-2021-35454 RESERVED CVE-2021-35453 RESERVED CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.8-1.1 (bug #1014977) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/298 NOTE: https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) NOT-FOR-US: Teradici PCoIP Management Console-Enterprise CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...) NOT-FOR-US: Entando Admin Console CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...) NOT-FOR-US: Lexmark CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...) NOT-FOR-US: Emote Interactive Remote Mouse on Windows CVE-2021-35447 RESERVED CVE-2021-35446 RESERVED CVE-2021-35445 RESERVED CVE-2021-35444 RESERVED CVE-2021-35443 RESERVED CVE-2021-35442 RESERVED CVE-2021-35441 RESERVED CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...) NOT-FOR-US: Smashing CVE-2021-35439 RESERVED CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3351 CVE-2021-35437 (SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute ...) NOT-FOR-US: LMXCMS CVE-2021-35436 RESERVED CVE-2021-35435 RESERVED CVE-2021-35434 RESERVED CVE-2021-35433 RESERVED CVE-2021-35432 RESERVED CVE-2021-35431 RESERVED CVE-2021-35430 RESERVED CVE-2021-35429 RESERVED CVE-2021-35428 RESERVED CVE-2021-35427 RESERVED CVE-2021-35426 RESERVED CVE-2021-35425 RESERVED CVE-2021-35424 RESERVED CVE-2021-35423 RESERVED CVE-2021-35422 RESERVED CVE-2021-35421 RESERVED CVE-2021-35420 RESERVED CVE-2021-35419 RESERVED CVE-2021-35418 RESERVED CVE-2021-35417 RESERVED CVE-2021-35416 RESERVED CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...) NOT-FOR-US: Chamilo LMS CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...) NOT-FOR-US: Chamilo LMS CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...) NOT-FOR-US: Chamilo LMS CVE-2021-35412 RESERVED CVE-2021-35411 RESERVED CVE-2021-35410 RESERVED CVE-2021-35409 RESERVED CVE-2021-35408 RESERVED CVE-2021-35407 RESERVED CVE-2021-35406 RESERVED CVE-2021-35405 RESERVED CVE-2021-35404 RESERVED CVE-2021-35403 RESERVED CVE-2021-35402 RESERVED CVE-2021-35401 RESERVED CVE-2021-35400 RESERVED CVE-2021-35399 RESERVED CVE-2021-35398 RESERVED CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...) NOT-FOR-US: Drogon CVE-2021-35396 RESERVED CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) NOT-FOR-US: Realtek Jungle SDK CVE-2021-35391 (Server Side Request Forgery vulnerability found in Deskpro Support Des ...) NOT-FOR-US: Deskpro Support Desk CVE-2021-35390 RESERVED CVE-2021-35389 RESERVED CVE-2021-35388 (Hospital Management System v 4.0 is vulnerable to Cross Site Scripting ...) NOT-FOR-US: Hospital Management System CVE-2021-35387 (Hospital Management System v 4.0 is vulnerable to SQL Injection via fi ...) NOT-FOR-US: Hospital Management System CVE-2021-35386 RESERVED CVE-2021-35385 RESERVED CVE-2021-35384 RESERVED CVE-2021-35383 RESERVED CVE-2021-35382 RESERVED CVE-2021-35381 RESERVED CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...) NOT-FOR-US: Solari di Udine TermTalk Server (TTServer) CVE-2021-35379 RESERVED CVE-2021-35378 RESERVED CVE-2021-35377 (Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v. ...) NOT-FOR-US: VICIdial CVE-2021-35376 RESERVED CVE-2021-35375 RESERVED CVE-2021-35374 RESERVED CVE-2021-35373 RESERVED CVE-2021-35372 RESERVED CVE-2021-35371 RESERVED CVE-2021-35370 (An issue found in Peacexie Imcat v5.4 allows attackers to execute arbi ...) NOT-FOR-US: Peacexie Imcat CVE-2021-35369 (Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed ...) NOT-FOR-US: Peacexie Imcat CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...) - modsecurity-crs 3.3.2-1 (bug #992000) [bullseye] - modsecurity-crs 3.3.0-1+deb11u1 [buster] - modsecurity-crs 3.1.0-1+deb10u2 [stretch] - modsecurity-crs (Minor issue) NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ NOTE: https://github.com/coreruleset/coreruleset/pull/2143 NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev) NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2) CVE-2021-35367 RESERVED CVE-2021-35366 RESERVED CVE-2021-35365 RESERVED CVE-2021-35364 RESERVED CVE-2021-35363 RESERVED CVE-2021-35362 RESERVED CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...) NOT-FOR-US: dotCMS CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...) NOT-FOR-US: dotCMS CVE-2021-35359 RESERVED CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...) NOT-FOR-US: dotCMS CVE-2021-35357 RESERVED CVE-2021-35356 RESERVED CVE-2021-35355 RESERVED CVE-2021-35354 RESERVED CVE-2021-35353 RESERVED CVE-2021-35352 RESERVED CVE-2021-35351 RESERVED CVE-2021-35350 RESERVED CVE-2021-35349 RESERVED CVE-2021-35348 RESERVED CVE-2021-35347 RESERVED CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) NOT-FOR-US: tsMuxer CVE-2021-35345 RESERVED CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) NOT-FOR-US: tsMuxer CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...) NOT-FOR-US: SeedDMS CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...) NOT-FOR-US: Northern.tech CVE-2021-35341 RESERVED CVE-2021-35340 RESERVED CVE-2021-35339 RESERVED CVE-2021-35338 RESERVED CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...) NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...) NOT-FOR-US: Tieline IP Audio Gateway CVE-2021-35335 RESERVED CVE-2021-35334 RESERVED CVE-2021-35333 RESERVED CVE-2021-35332 RESERVED CVE-2021-35331 (In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow ...) - tcl8.6 (unimportant) NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9 NOTE: Various other sources would embedd a copy as well, but the security impact of NOTE: the issue tself for tcl is disputed in its significance. CVE-2021-35330 RESERVED CVE-2021-35329 RESERVED CVE-2021-35328 RESERVED CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...) NOT-FOR-US: TOTOLINK A720R router firmware CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...) NOT-FOR-US: TOTOLINK A720R A720R_Firmware CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...) NOT-FOR-US: bludit CVE-2021-35322 RESERVED CVE-2021-35321 RESERVED CVE-2021-35320 RESERVED CVE-2021-35319 RESERVED CVE-2021-35318 RESERVED CVE-2021-35317 RESERVED CVE-2021-35316 RESERVED CVE-2021-35315 RESERVED CVE-2021-35314 RESERVED CVE-2021-35313 REJECTED CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) NOT-FOR-US: Amica Prodigy CVE-2021-35311 RESERVED CVE-2021-35310 RESERVED CVE-2021-35309 (An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-201 ...) NOT-FOR-US: Samsung CVE-2021-35308 RESERVED CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) NOT-FOR-US: Bento4 CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) NOT-FOR-US: Bento4 CVE-2021-35305 RESERVED CVE-2021-35304 RESERVED CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) - zammad (bug #841355) CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...) - zammad (bug #841355) CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...) - zammad (bug #841355) CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...) - zammad (bug #841355) CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...) - zammad (bug #841355) CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) - zammad (bug #841355) CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...) NOT-FOR-US: Scalabium dBase Viewer CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...) NOT-FOR-US: PTCL HG150-Ub CVE-2021-35295 RESERVED CVE-2021-35294 RESERVED CVE-2021-35293 RESERVED CVE-2021-35292 RESERVED CVE-2021-35291 RESERVED CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote attacke ...) NOT-FOR-US: balerocms-src CVE-2021-35289 RESERVED CVE-2021-35288 RESERVED CVE-2021-35287 RESERVED CVE-2021-35286 RESERVED CVE-2021-35285 RESERVED CVE-2021-35284 (SQL Injection vulnerability in function get_user in login_manager.php ...) NOT-FOR-US: rizalafani cms-php CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...) NOT-FOR-US: atoms183 CMS CVE-2021-35282 RESERVED CVE-2021-35281 RESERVED CVE-2021-35280 RESERVED CVE-2021-35279 RESERVED CVE-2021-35278 RESERVED CVE-2021-35277 RESERVED CVE-2021-35276 RESERVED CVE-2021-35275 RESERVED CVE-2021-35274 RESERVED CVE-2021-35273 RESERVED CVE-2021-35272 RESERVED CVE-2021-35271 RESERVED CVE-2021-35270 RESERVED CVE-2021-35269 (NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35268 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode i ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35267 (NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when c ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35266 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode p ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...) NOT-FOR-US: MaxSite CMS CVE-2021-35264 RESERVED CVE-2021-35263 RESERVED CVE-2021-35262 RESERVED CVE-2021-35261 (File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153 ...) NOT-FOR-US: Yupoxion BearAdmin CVE-2021-35260 RESERVED CVE-2021-35259 RESERVED CVE-2021-35258 RESERVED CVE-2021-35257 RESERVED CVE-2021-35256 RESERVED CVE-2021-35255 RESERVED CVE-2021-35254 (SolarWinds received a report of a vulnerability related to an input th ...) NOT-FOR-US: SolarWinds CVE-2021-35253 RESERVED CVE-2021-35252 (Common encryption key appears to be used across all deployed instances ...) NOT-FOR-US: Serv-U CVE-2021-35251 (Sensitive information could be displayed when a detailed technical err ...) NOT-FOR-US: Solarwinds CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in Serv-U ...) NOT-FOR-US: Serv-U CVE-2021-35249 (This broken access control vulnerability pertains specifically to a do ...) NOT-FOR-US: Serv-U CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) NOT-FOR-US: SolarWinds CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) NOT-FOR-US: SolarWinds CVE-2021-35246 (The application fails to prevent users from connecting to it over unen ...) NOT-FOR-US: SolarWinds CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...) NOT-FOR-US: SolarWinds CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...) NOT-FOR-US: SolarWinds CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...) NOT-FOR-US: SolarWinds CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...) NOT-FOR-US: SolarWinds CVE-2021-35241 RESERVED CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...) NOT-FOR-US: SolarWinds CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...) NOT-FOR-US: SolarWinds CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) NOT-FOR-US: Solarwinds CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...) NOT-FOR-US: Kiwi Syslog Server CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) NOT-FOR-US: SolarWinds CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...) NOT-FOR-US: Kiwi Syslog Server CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...) NOT-FOR-US: SolarWinds CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7. ...) NOT-FOR-US: Kiwi Syslog Server CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...) NOT-FOR-US: SolarWinds CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi Syslog Server Installation Wizard CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi CatTools Installation Wizard CVE-2021-35229 (Cross-site scripting vulnerability is present in Database Performance ...) NOT-FOR-US: SolarWinds CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...) NOT-FOR-US: Solarwinds CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...) NOT-FOR-US: Solarwinds CVE-2021-35226 (An entity in Network Configuration Manager product is misconfigured an ...) NOT-FOR-US: Solarwinds CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...) NOT-FOR-US: Solarwinds CVE-2021-35224 RESERVED CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...) NOT-FOR-US: SolarWinds CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...) NOT-FOR-US: SolarWinds CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...) NOT-FOR-US: SolarWinds CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...) NOT-FOR-US: SolarWinds CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...) NOT-FOR-US: SolarWinds CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...) NOT-FOR-US: Solarwinds CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...) NOT-FOR-US: Solarwinds CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...) NOT-FOR-US: Solarwinds CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) NOT-FOR-US: Solarwinds CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) NOT-FOR-US: Solarwinds CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) NOT-FOR-US: SolarWinds CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...) NOT-FOR-US: SolarWinds CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...) NOT-FOR-US: SolarWinds CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...) - pam (Vulnerable code introduced and fixed in v1.4.0) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171721 NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5 NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61 CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...) NOT-FOR-US: OpenVPN Connect CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...) NOT-FOR-US: Contao CMS CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) NOT-FOR-US: Zimbra CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...) NOT-FOR-US: Zimbra CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...) NOT-FOR-US: Zimbra CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects.) NOT-FOR-US: Gitpod CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...) NOT-FOR-US: NETSCOUT CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...) NOT-FOR-US: NETSCOUT CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...) NOT-FOR-US: NETSCOUT CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...) NOT-FOR-US: NETSCOUT CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...) NOT-FOR-US: NETSCOUT CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...) NOT-FOR-US: NETSCOUT CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...) NOT-FOR-US: NETSCOUT CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...) NOT-FOR-US: NETSCOUT CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...) {DSA-4979-1 DLA-2779-1} - mediawiki 1:1.35.3-1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ NOTE: https://phabricator.wikimedia.org/T280226 CVE-2021-35196 (Manuskript through 0.12.0 allows remote attackers to execute arbitrary ...) - manuskript 0.14.0-1 (bug #990366) [bullseye] - manuskript (Minor issue) [buster] - manuskript (Minor issue) NOTE: https://github.com/olivierkes/manuskript/issues/891 NOTE: https://github.com/olivierkes/manuskript/pull/895 NOTE: https://github.com/olivierkes/manuskript/commit/6f841f96553fb2549accf2b16a4713871378ddc4 (0.13.1) CVE-2021-35195 RESERVED CVE-2021-35194 RESERVED CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...) NOT-FOR-US: Patterson Eaglesoft CVE-2021-35192 RESERVED CVE-2021-35191 RESERVED CVE-2021-35190 RESERVED CVE-2021-35189 RESERVED CVE-2021-35188 RESERVED CVE-2021-35187 RESERVED CVE-2021-35186 RESERVED CVE-2021-35185 RESERVED CVE-2021-35184 RESERVED CVE-2021-35183 RESERVED CVE-2021-35182 RESERVED CVE-2021-35181 RESERVED CVE-2021-35180 RESERVED CVE-2021-35179 RESERVED CVE-2021-35178 RESERVED CVE-2021-35177 RESERVED CVE-2021-35176 RESERVED CVE-2021-35175 RESERVED CVE-2021-35174 RESERVED CVE-2021-35173 RESERVED CVE-2021-35172 RESERVED CVE-2021-35171 RESERVED CVE-2021-35170 RESERVED CVE-2021-35169 RESERVED CVE-2021-35168 RESERVED CVE-2021-35167 RESERVED CVE-2021-35166 RESERVED CVE-2021-35165 RESERVED CVE-2021-35164 RESERVED CVE-2021-35163 RESERVED CVE-2021-35162 RESERVED CVE-2021-35161 RESERVED CVE-2021-35160 RESERVED CVE-2021-35159 RESERVED CVE-2021-35158 RESERVED CVE-2021-35157 RESERVED CVE-2021-35156 RESERVED CVE-2021-35155 RESERVED CVE-2021-35154 RESERVED CVE-2021-35153 RESERVED CVE-2021-35152 RESERVED CVE-2021-35151 RESERVED CVE-2021-35150 RESERVED CVE-2021-35149 RESERVED CVE-2021-35148 RESERVED CVE-2021-35147 RESERVED CVE-2021-35146 RESERVED CVE-2021-35145 RESERVED CVE-2021-35144 RESERVED CVE-2021-35143 RESERVED CVE-2021-35142 RESERVED CVE-2021-35141 RESERVED CVE-2021-35140 RESERVED CVE-2021-35139 RESERVED CVE-2021-35138 RESERVED CVE-2021-35137 RESERVED CVE-2021-35136 RESERVED CVE-2021-35135 (A null pointer dereference may potentially occur during RSA key import ...) NOT-FOR-US: Snapdragon CVE-2021-35134 (Due to insufficient validation of ELF headers, an Incorrect Calculatio ...) NOT-FOR-US: Snapdragon CVE-2021-35133 (Use after free in the synx driver issue while performing other functio ...) NOT-FOR-US: Snapdragon CVE-2021-35132 (Out of bound write in DSP service due to improper bound check for resp ...) NOT-FOR-US: Snapdragon CVE-2021-35131 RESERVED CVE-2021-35130 (Memory corruption in graphics support layer due to use after free cond ...) NOT-FOR-US: Snapdragon CVE-2021-35129 (Memory corruption in BT controller due to improper length check while ...) NOT-FOR-US: Snapdragon CVE-2021-35128 RESERVED CVE-2021-35127 RESERVED CVE-2021-35126 (Memory corruption in DSP service due to improper validation of input p ...) NOT-FOR-US: Snapdragon CVE-2021-35125 RESERVED CVE-2021-35124 RESERVED CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length check fo ...) NOT-FOR-US: Snapdragon CVE-2021-35122 (Non-secure region can try modifying RG permissions of IO space xPUs du ...) NOT-FOR-US: Snapdragon CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex which can ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35120 (Improper handling between export and release functions on the same han ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35119 (Potential out of Bounds read in FIPS event processing due to improper ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35118 (An out-of-bounds write can occur due to an incorrect input check in th ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35117 (An Out of Bounds read may potentially occur while processing an IBSS b ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35116 (APK can load a crafted model into the CDSP which can lead to a comprom ...) NOT-FOR-US: Snapdragon CVE-2021-35115 (Improper handling of multiple session supported by PVM backend can lea ...) NOT-FOR-US: Qualcomm CVE-2021-35114 (Improper buffer initialization on the backend driver can lead to buffe ...) NOT-FOR-US: Snapdragon CVE-2021-35113 (Possible authentication bypass due to improper order of signature veri ...) NOT-FOR-US: Snapdragon CVE-2021-35112 (A user with user level permission can access graphics protected region ...) NOT-FOR-US: Snapdragon CVE-2021-35111 (Improper validation of tag id while RRC sending tag id to MAC can lead ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35110 (Possible buffer overflow to improper validation of hash segment of fil ...) NOT-FOR-US: Qualcomm CVE-2021-35109 (Possible address manipulation from APP-NS while APP-S is configuring a ...) NOT-FOR-US: Snapdragon CVE-2021-35108 (Improper checking of AP-S lock bit while verifying the secure resource ...) NOT-FOR-US: Snapdragon CVE-2021-35107 RESERVED CVE-2021-35106 (Possible out of bound read due to improper length calculation of WMI m ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35105 (Possible out of bounds access due to improper input validation during ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35104 (Possible buffer overflow due to improper parsing of headers while play ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35103 (Possible out of bound write due to improper validation of number of ti ...) NOT-FOR-US: Qualcomm QCA-WiFi for Android CVE-2021-35102 (Possible buffer overflow due to lack of validation for the length of N ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35101 (Improper handling of writes to virtual GICR control can lead to assert ...) NOT-FOR-US: Snapdragon CVE-2021-35100 (Possible buffer over read due to improper calculation of string length ...) NOT-FOR-US: Snapdragon CVE-2021-35099 RESERVED CVE-2021-35098 (Improper validation of session id in PCM routing process can lead to m ...) NOT-FOR-US: Snapdragon CVE-2021-35097 (Possible authentication bypass due to improper order of signature veri ...) NOT-FOR-US: Snapdragon CVE-2021-35096 (Improper memory allocation during counter check DLM handling can lead ...) NOT-FOR-US: Snapdragon CVE-2021-35095 (Improper serialization of message queue client registration can lead t ...) NOT-FOR-US: Snapdragon CVE-2021-35094 (Improper verification of timeout-based authentication in identity cred ...) NOT-FOR-US: Snapdragon CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...) NOT-FOR-US: Qualcomm CVE-2021-35092 (Processing DCB/AVB algorithm with an invalid queue index from IOCTL re ...) NOT-FOR-US: Snapdragon CVE-2021-35091 (Possible out of bounds read due to improper typecasting while handling ...) NOT-FOR-US: Snapdragon CVE-2021-35090 (Possible hypervisor memory corruption due to TOC TOU race condition wh ...) NOT-FOR-US: Snapdragon CVE-2021-35089 (Possible buffer overflow due to lack of input IB amount validation whi ...) NOT-FOR-US: Qualcomm CVE-2021-35088 (Possible out of bound read due to improper validation of IE length dur ...) NOT-FOR-US: Qualcomm QCA-WiFi for Android CVE-2021-35087 (Possible null pointer access due to improper validation of system info ...) NOT-FOR-US: Snapdragon CVE-2021-35086 (Possible buffer over read due to improper validation of SIB type when ...) NOT-FOR-US: Snapdragon CVE-2021-35085 (Possible buffer overflow due to lack of buffer length check during man ...) NOT-FOR-US: Snapdragon CVE-2021-35084 (Possible out of bound read due to lack of length check of data length ...) NOT-FOR-US: Snapdragon CVE-2021-35083 (Possible out of bound read due to improper validation of certificate c ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-35082 (Improper integrity check can lead to race condition between tasks PDCP ...) NOT-FOR-US: Snapdragon CVE-2021-35081 (Possible buffer overflow due to improper validation of SSID length rec ...) NOT-FOR-US: Snapdragon CVE-2021-35080 (Disabled SMMU from secure side while RPM is assigned a secure stream c ...) NOT-FOR-US: Snapdragon CVE-2021-35079 (Improper validation of permissions for third party application accessi ...) NOT-FOR-US: Snapdragon CVE-2021-35078 (Possible memory leak due to improper validation of certificate chain l ...) NOT-FOR-US: Snapdragon CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...) NOT-FOR-US: Qualcomm CVE-2021-35076 (Possible null pointer dereference due to improper validation of RRC co ...) NOT-FOR-US: Snapdragon CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...) NOT-FOR-US: Qualcomm CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...) NOT-FOR-US: Qualcomm CVE-2021-35073 (Possible assertion due to improper validation of rank restriction fiel ...) NOT-FOR-US: Snapdragon CVE-2021-35072 (Possible buffer overflow due to improper validation of array index whi ...) NOT-FOR-US: Snapdragon CVE-2021-35071 (Possible buffer over read due to lack of size validation while copying ...) NOT-FOR-US: Snapdragon CVE-2021-35070 (RPM secure Stream can access any secure resource due to improper SMMU ...) NOT-FOR-US: Snapdragon CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...) NOT-FOR-US: Qualcomm CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...) NOT-FOR-US: Qualcomm CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...) NOT-FOR-US: Meross MSG100 devices CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) {DLA-2843-1 DLA-2785-1} - linux 5.10.46-3 [buster] - linux 4.19.208-1 NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...) NOT-FOR-US: ConnectWise Automate CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular ...) - node-glob-parent 6.0.2+~5.1.1-1 [bullseye] - node-glob-parent (Minor issue) [buster] - node-glob-parent (Minor issue) NOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1) NOTE: https://github.com/gulpjs/glob-parent/pull/49 CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...) NOT-FOR-US: KramerAV VIAWare CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.") [experimental] - suricata 1:6.0.3-1~exp1 - suricata 1:6.0.1-3 (bug #990835) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...) NOT-FOR-US: DRK Odenwaldkreis Testerfassung CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...) NOT-FOR-US: DRK Odenwaldkreis Testerfassung CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...) NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...) NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35058 RESERVED CVE-2021-35057 RESERVED CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...) NOT-FOR-US: Unisys CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2020-36393 RESERVED CVE-2020-36392 RESERVED CVE-2020-36391 RESERVED CVE-2020-36390 RESERVED CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...) NOT-FOR-US: Greenbone Security Assistant CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...) NOT-FOR-US: Greenbone Security Assistant CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...) NOT-FOR-US: Minecraft CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio device ...) - qemu 1:7.0+dfsg-1 (bug #990562) [bullseye] - qemu (Minor issue, too intrusive to backport) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/qemu/+bug/1907497 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542 NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0) NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511 (v7.0.0-rc1) CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...) {DSA-5628-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090) [buster] - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a NOTE: ImageMagick6 prerequisite for <= 6.9.11-10: https://github.com/ImageMagick/ImageMagick6/commit/7374894385161859ffbb84e280fcc89e7ae257e4 NOTE: ImageMagick6 prerequisite for <= 6.9.11-54: https://github.com/ImageMagick/ImageMagick6/commit/cdb67005376bcc8cbb0b743fb22787794cd30ebc NOTE: ImageMagick6 [1/2]: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6 (6.9.12-14) NOTE: ImageMagick6 [2/2]: https://github.com/ImageMagick/ImageMagick6/commit/c75ae771a00c38b757c5ef4b424b51e761b02552 (6.9.12-14) NOTE: Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2 (6.9.10-88) CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...) NOT-FOR-US: Kaspersky CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...) NOT-FOR-US: Kaspersky CVE-2021-35051 RESERVED CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...) NOT-FOR-US: Fidelis CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) NOT-FOR-US: Fidelis CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...) NOT-FOR-US: Fidelis CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...) NOT-FOR-US: Fidelis CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...) NOT-FOR-US: Ice Hrm CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...) NOT-FOR-US: Ice Hrm CVE-2021-35044 RESERVED CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...) - libowasp-antisamy-java 1.7.4-1 (bug #1014981) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) [stretch] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/pull/87 CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...) - python-django (Vulnerable code introduced in 3.1) NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1 CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...) NOT-FOR-US: FISCO-BCOS CVE-2021-3609 (.A flaw was found in the CAN BCM networking protocol in the Linux kern ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1 CVE-2021-35040 RESERVED CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) {DLA-2785-1} - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3 NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 CVE-2021-35038 RESERVED CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...) NOT-FOR-US: Jamf Pro CVE-2021-35036 (A cleartext storage of information vulnerability in the Zyxel VMG3625- ...) NOT-FOR-US: Zyxel CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...) NOT-FOR-US: Zyxel CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...) NOT-FOR-US: Zyxel CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) NOT-FOR-US: Zyxel CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...) NOT-FOR-US: Zyxel CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...) NOT-FOR-US: Zyxel CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...) NOT-FOR-US: Zyxel CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...) NOT-FOR-US: Zyxel CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...) NOT-FOR-US: Zyxel CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...) NOT-FOR-US: Zyxel CVE-2021-35026 RESERVED CVE-2021-35025 RESERVED CVE-2021-35024 RESERVED CVE-2021-35023 RESERVED CVE-2021-35022 RESERVED CVE-2021-35021 RESERVED CVE-2021-35020 RESERVED CVE-2021-35019 RESERVED CVE-2021-35018 RESERVED CVE-2021-35017 RESERVED CVE-2021-35016 RESERVED CVE-2021-35015 RESERVED CVE-2021-35014 RESERVED CVE-2021-35013 RESERVED CVE-2021-35012 RESERVED CVE-2021-35011 RESERVED CVE-2021-35010 RESERVED CVE-2021-35009 RESERVED CVE-2021-35008 RESERVED CVE-2021-35007 RESERVED CVE-2021-35006 RESERVED CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: TeamViewer CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2021-35002 (BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerabi ...) NOT-FOR-US: BMC Track-It! CVE-2021-35001 (BMC Track-It! GetData Missing Authorization Information Disclosure Vul ...) NOT-FOR-US: BMC Track-It! CVE-2021-35000 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...) NOT-FOR-US: OpenBSD CVE-2021-34999 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...) NOT-FOR-US: OpenBSD CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Panda Security Free Antivirus CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Commvault CommCell CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Commvault CommCell CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Commvault CommCell CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Commvault CommCell CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Commvault CommCell CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Orckestra C1 CMS CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-34990 RESERVED CVE-2021-34989 RESERVED CVE-2021-34988 RESERVED CVE-2021-34987 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2021-34986 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley ContextCapture CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley ContextCapture CVE-2021-34983 (NETGEAR Multiple Routers httpd Missing Authentication for Critical Fun ...) NOT-FOR-US: NETGEAR CVE-2021-34982 (NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code ...) NOT-FOR-US: NETGEAR CVE-2021-34981 (Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vu ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/ NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1) CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2021-34976 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...) NOT-FOR-US: Foxit CVE-2021-34975 (Foxit PDF Reader transitionToState Use-After-Free Remote Code Executio ...) NOT-FOR-US: Foxit CVE-2021-34974 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit CVE-2021-34973 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...) NOT-FOR-US: Foxit CVE-2021-34972 (Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulner ...) NOT-FOR-US: Foxit CVE-2021-34971 (Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remot ...) NOT-FOR-US: Foxit CVE-2021-34970 (Foxit PDF Reader print Method Use of Externally-Controlled Format Stri ...) NOT-FOR-US: Foxit CVE-2021-34969 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) NOT-FOR-US: Foxit CVE-2021-34968 (Foxit PDF Editor transitionToState Use-After-Free Remote Code Executio ...) NOT-FOR-US: Foxit CVE-2021-34967 (Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit CVE-2021-34966 (Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code ...) NOT-FOR-US: Foxit CVE-2021-34965 (Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execut ...) NOT-FOR-US: Foxit CVE-2021-34964 (Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Executi ...) NOT-FOR-US: Foxit CVE-2021-34963 (Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execut ...) NOT-FOR-US: Foxit CVE-2021-34962 (Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit CVE-2021-34961 (Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution V ...) NOT-FOR-US: Foxit CVE-2021-34960 (Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Executio ...) NOT-FOR-US: Foxit CVE-2021-34959 (Foxit PDF Editor Square Annotation Use-After-Free Remote Code Executio ...) NOT-FOR-US: Foxit CVE-2021-34958 (Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit CVE-2021-34957 (Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execu ...) NOT-FOR-US: Foxit CVE-2021-34956 (Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execu ...) NOT-FOR-US: Foxit CVE-2021-34955 (Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution ...) NOT-FOR-US: Foxit CVE-2021-34954 (Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execu ...) NOT-FOR-US: Foxit CVE-2021-34953 (Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code ...) NOT-FOR-US: Foxit CVE-2021-34952 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) NOT-FOR-US: Foxit CVE-2021-34951 (Foxit PDF Reader Annotation Use of Uninitialized Variable Information ...) NOT-FOR-US: Foxit CVE-2021-34950 (Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution V ...) NOT-FOR-US: Foxit CVE-2021-34949 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...) NOT-FOR-US: Foxit CVE-2021-34948 (Foxit PDF Reader Square Annotation Use-After-Free Remote Code Executio ...) NOT-FOR-US: Foxit CVE-2021-34947 (NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulner ...) NOT-FOR-US: Foxit CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley View CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14) CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: D-Link CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TeamViewer CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TeamViewer CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2021-3608 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) {DLA-3099-1} - qemu 1:5.2+dfsg-11 (bug #990563) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3 CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWare's p ...) {DLA-3099-1} - qemu 1:5.2+dfsg-11 (bug #990564) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349 NOTE: upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=32e5703cfea07c91e6e84bcb0313f633bb146534 CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...) - openvpn (Windows-specific) CVE-2021-34826 RESERVED CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...) - quassel 1:0.14.0-1 (bug #990567) [bullseye] - quassel (Minor issue) [buster] - quassel (Minor issue) [stretch] - quassel (Minor issue) NOTE: https://github.com/quassel/quassel/pull/581 NOTE: https://bugs.quassel-irc.org/issues/1728 NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...) NOT-FOR-US: Istio CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...) NOT-FOR-US: ON24 ScreenShare CVE-2021-34822 RESERVED CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...) NOT-FOR-US: AAT Novus Management System CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...) NOT-FOR-US: Novus HTTP Server CVE-2021-34819 RESERVED CVE-2021-34818 RESERVED CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...) - etherpad-lite (bug #576998) CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...) - etherpad-lite (bug #576998) CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) NOT-FOR-US: CheckSec Canopy CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...) - civicrm 5.28.4+dfsg1-1 NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...) - civicrm 5.24.5+dfsg1-1 NOTE: https://civicrm.org/advisory/civi-sa-2020-03 CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) NOT-FOR-US: Elemin CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) NOT-FOR-US: Proofpoint CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) [experimental] - olm 3.2.3~dfsg-1 - olm 3.2.3~dfsg-3 (bug #989997) [bullseye] - olm (Minor issue) [buster] - olm (Minor issue) NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...) NOT-FOR-US: Synology CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...) NOT-FOR-US: Synology CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...) NOT-FOR-US: Synology CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...) NOT-FOR-US: Synology CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...) NOT-FOR-US: Synology CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) NOT-FOR-US: Zimbra CVE-2021-34806 RESERVED CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...) NOT-FOR-US: FAUST iServer CVE-2021-34804 RESERVED CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...) NOT-FOR-US: TeamViewer CVE-2021-34802 (A failure in resetting the security context in some transaction action ...) NOT-FOR-US: Neo4j CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...) NOT-FOR-US: Valine CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...) NOT-FOR-US: Acronis CVE-2021-34799 RESERVED CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...) {DSA-4982-1 DLA-2776-1} - apache2 2.4.49-1 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798 NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1) CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) NOT-FOR-US: Secure 8 (Evalos) CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...) NOT-FOR-US: Apache Geode CVE-2021-34796 RESERVED CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...) NOT-FOR-US: Cisco CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...) NOT-FOR-US: Cisco CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) NOT-FOR-US: Cisco CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) NOT-FOR-US: Cisco CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...) NOT-FOR-US: Cisco CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...) NOT-FOR-US: Cisco CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...) NOT-FOR-US: Cisco CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) NOT-FOR-US: Cisco CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) NOT-FOR-US: Cisco CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) NOT-FOR-US: Cisco CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...) NOT-FOR-US: Cisco CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...) NOT-FOR-US: Cisco CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) NOT-FOR-US: Cisco CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...) NOT-FOR-US: Cisco CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...) NOT-FOR-US: Cisco CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...) NOT-FOR-US: Cisco CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...) NOT-FOR-US: Cisco CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...) NOT-FOR-US: Cisco CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...) NOT-FOR-US: Cisco CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...) NOT-FOR-US: Cisco CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...) NOT-FOR-US: Cisco CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) NOT-FOR-US: Cisco CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) NOT-FOR-US: Cisco CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) NOT-FOR-US: Cisco CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...) NOT-FOR-US: Cisco CVE-2021-34753 RESERVED CVE-2021-34752 RESERVED CVE-2021-34751 RESERVED CVE-2021-34750 RESERVED CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...) {DSA-5354-1 DLA-3317-1} - snort (bug #1021276) NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...) NOT-FOR-US: Cisco CVE-2021-34747 RESERVED CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...) NOT-FOR-US: Cisco CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...) NOT-FOR-US: .NET Agent for Windows CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) NOT-FOR-US: Cisco CVE-2021-34743 (A vulnerability in the application integration feature of Cisco Webex ...) NOT-FOR-US: Cisco CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...) NOT-FOR-US: Cisco CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...) NOT-FOR-US: Cisco CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...) NOT-FOR-US: Cisco CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...) NOT-FOR-US: Cisco CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) NOT-FOR-US: Cisco CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) NOT-FOR-US: Cisco CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...) NOT-FOR-US: Cisco CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...) NOT-FOR-US: Cisco CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...) NOT-FOR-US: Cisco CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...) NOT-FOR-US: Cisco CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) NOT-FOR-US: Cisco CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) NOT-FOR-US: Cisco CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...) NOT-FOR-US: Cisco CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...) NOT-FOR-US: Cisco CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) NOT-FOR-US: Cisco CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...) NOT-FOR-US: Cisco CVE-2021-34717 RESERVED CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...) NOT-FOR-US: Cisco CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...) NOT-FOR-US: Cisco CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) NOT-FOR-US: Cisco CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...) NOT-FOR-US: Cisco CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...) NOT-FOR-US: Cisco CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) NOT-FOR-US: Cisco CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...) NOT-FOR-US: Cisco CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...) NOT-FOR-US: Cisco CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...) NOT-FOR-US: Cisco CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...) NOT-FOR-US: Cisco CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...) NOT-FOR-US: Cisco CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) NOT-FOR-US: Cisco CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...) NOT-FOR-US: Cisco CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...) NOT-FOR-US: Cisco CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...) NOT-FOR-US: Cisco CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...) NOT-FOR-US: Cisco CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...) {DSA-5299-1 DLA-3236-1 DLA-2732-1} - openexr 2.5.7-1 (bug #990899) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5) NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if' CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) - libphp-phpmailer 6.6.3-1 (bug #991666) [bullseye] - libphp-phpmailer (Minor issue) [buster] - libphp-phpmailer (Minor issue) [stretch] - libphp-phpmailer (Minor issue, fix along with next DLA) NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0) CVE-2021-3602 (An information disclosure flaw was found in Buildah, when building con ...) - golang-github-containers-buildah 1.22.3+ds1-1 [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main) NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21) NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19) CVE-2021-34695 RESERVED CVE-2021-34694 RESERVED CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) NOT-FOR-US: iDrive RemotePC CVE-2021-3601 REJECTED CVE-2021-34686 REJECTED CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...) NOT-FOR-US: Hitachi CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...) NOT-FOR-US: Hitachi CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...) NOT-FOR-US: EXCELLENT INFOTEK CORPORATION CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...) NOT-FOR-US: Receita Federal IRPF 2021 1.7 CVE-2021-3600 (It was discovered that the eBPF implementation in the Linux kernel did ...) {DLA-2785-1} - linux 5.10.19-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1 CVE-2021-3599 (A potential vulnerability in the SMI callback function used to access ...) NOT-FOR-US: Lenovo CVE-2021-34681 RESERVED CVE-2021-34680 RESERVED CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...) NOT-FOR-US: Thycotic Password Reset Server CVE-2021-34678 RESERVED CVE-2021-34677 RESERVED CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...) NOT-FOR-US: Basix NEX-Forms CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...) NOT-FOR-US: Basix NEX-Forms CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) {DSA-5299-1 DLA-3236-1 DLA-2701-1} - openexr 2.5.7-1 (bug #990450) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5) NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) CVE-2021-3597 (A flaw was found in undertow. The HTTP2SourceChannel fails to write th ...) - undertow 2.2.10-1 (bug #989861) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930 CVE-2021-34674 RESERVED CVE-2021-34673 RESERVED CVE-2021-34672 RESERVED CVE-2021-34671 RESERVED CVE-2021-34670 RESERVED CVE-2021-34669 RESERVED CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...) NOT-FOR-US: WordPress plugin CVE-2021-34662 RESERVED CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...) NOT-FOR-US: WordPress plugin CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...) NOT-FOR-US: WordPress plugin CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...) NOT-FOR-US: WordPress plugin CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) NOT-FOR-US: WordPress plugin CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...) NOT-FOR-US: WordPress plugin CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...) NOT-FOR-US: WordPress plugin CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) NOT-FOR-US: WordPress plugin CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...) NOT-FOR-US: WordPress plugin CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...) NOT-FOR-US: WordPress plugin CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...) NOT-FOR-US: WordPress plugin CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...) NOT-FOR-US: WordPress plugin CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...) NOT-FOR-US: WordPress plugin CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...) NOT-FOR-US: WordPress plugin CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 allo ...) NOT-FOR-US: WordPress Download Manager CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= 3.1 ...) NOT-FOR-US: WordPress Download Manager CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...) NOT-FOR-US: WordPress plugin CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...) NOT-FOR-US: WordPress plugin CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...) NOT-FOR-US: WordPress plugin CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...) NOT-FOR-US: WordPress plugin CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: WordPress plugin CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtransl ...) NOT-FOR-US: GTranslate (Pro and Enterprise versions) CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...) NOT-FOR-US: WordPress plugin CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...) NOT-FOR-US: WordPress plugin CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...) NOT-FOR-US: WordPress plugin CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...) NOT-FOR-US: WordPress plugin CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...) NOT-FOR-US: WordPress plugin CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...) NOT-FOR-US: WordPress plugin CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...) NOT-FOR-US: WordPress plugin CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...) NOT-FOR-US: WordPress plugin CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...) NOT-FOR-US: WordPress plugin CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cro ...) NOT-FOR-US: WordPress plugin CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...) NOT-FOR-US: WordPress plugin CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...) NOT-FOR-US: Aruba CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...) NOT-FOR-US: Aruba CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) NOT-FOR-US: Aruba CVE-2021-34608 REJECTED CVE-2021-34607 REJECTED CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in versio ...) NOT-FOR-US: XINJE PLC Program Tool CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...) NOT-FOR-US: XINJE PLC Program Tool CVE-2021-34604 REJECTED CVE-2021-34603 REJECTED CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34601 (In Bender/ebee Charge Controllers in multiple versions are prone to Ha ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) NOT-FOR-US: Telenot CompasX CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) NOT-FOR-US: CODESYS CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) NOT-FOR-US: Phoenix CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...) NOT-FOR-US: Phoenix Contact CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...) NOT-FOR-US: CODESYS CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...) NOT-FOR-US: CODESYS CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...) NOT-FOR-US: TwinCAT OPC UA Server in TF6100 and TS6100 CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...) NOT-FOR-US: CODESYS CVE-2021-34592 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34591 (In Bender/ebee Charge Controllers in multiple versions are prone to Lo ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34590 (In Bender/ebee Charge Controllers in multiple versions are prone to Cr ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34589 (In Bender/ebee Charge Controllers in multiple versions are prone to an ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34588 (In Bender/ebee Charge Controllers in multiple versions are prone to un ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34587 (In Bender/ebee Charge Controllers in multiple versions a long URL coul ...) NOT-FOR-US: Bender/ebee Charge Controllers CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) NOT-FOR-US: CODESYS CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) NOT-FOR-US: CODESYS CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...) NOT-FOR-US: CODESYS CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...) NOT-FOR-US: CODESYS CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) NOT-FOR-US: Phoenix CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) NOT-FOR-US: WAGO CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enu ...) NOT-FOR-US: MB connect line CVE-2021-34579 (In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to t ...) NOT-FOR-US: Phoenix Contact CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...) NOT-FOR-US: WAGO CVE-2021-34577 (In the Kaden PICOFLUX AiR water meter an adversary can read the values ...) NOT-FOR-US: Kaden PICOFLUX AiR water meter CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...) NOT-FOR-US: Kaden PICOFLUX Air CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an ...) NOT-FOR-US: MB connect line CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and ...) NOT-FOR-US: MB connect line CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...) NOT-FOR-US: Enbra EWM CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...) NOT-FOR-US: Enbra EWM CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...) NOT-FOR-US: Enbra CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...) NOT-FOR-US: Phoenix Contact PLCnext control devices CVE-2021-34569 (In WAGOI/O-Check Service in multiple products an attacker can send a s ...) NOT-FOR-US: WAGO CVE-2021-34568 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) NOT-FOR-US: WAGO CVE-2021-34567 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) NOT-FOR-US: WAGO CVE-2021-34566 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) NOT-FOR-US: WAGO CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, i ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a passw ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may all ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...) {DLA-3357-1 DLA-3007-1} - imagemagick 8:6.9.11.57+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-3362-1 DLA-2753-1} - libslirp 4.6.1-1 (bug #989996) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-3362-1 DLA-2753-1} - libslirp 4.6.1-1 (bug #989995) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-3362-1 DLA-2970-1} - libslirp 4.6.1-1 (bug #989994) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...) {DLA-3362-1} - libslirp 4.6.1-1 (bug #989993) [bullseye] - libslirp 4.4.0-1+deb11u2 - qemu 1:4.1-2 [stretch] - qemu (Introduces a regression. See Debian bug #994080. Reverted in DLA-2753-2) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0) NOTE: Regression fix: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c9f314f6e315a5518432761fea864196a290f799 (v4.6.1) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: The patch introduced a regression, see Debian bug #994080 for more information. CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...) - golang-1.16 1.16.6-1 - golang-1.15 1.15.9-6 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, DoS) - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/47143 NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) NOTE: key_agreement.go also bundled in various other packages CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) {DLA-2785-1} - linux 5.10.46-4 [buster] - linux 4.19.208-1 [stretch] - linux (Too risky to backport, and mitigated by default) NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001) [buster] - opendmarc (Vulnerable code not present) [stretch] - opendmarc (Vulnerable code (multi-value-From:) introduced later) NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179 NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178 CVE-2021-34554 RESERVED CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) {DLA-2716-1} - pillow 8.1.2+dfsg-0.3 (bug #991293) [buster] - pillow 5.4.1-2+deb10u3 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow NOTE: https://github.com/python-pillow/Pillow/pull/5567 NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0) CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...) - libphp-phpmailer (Windows-specific) CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...) {DSA-4932-1} - tor 0.4.5.9-1 (bug #990000) [stretch] - tor (See DSA 4644) NOTE: https://blog.torproject.org/node/2041 NOTE: https://bugs.torproject.org/tpo/core/tor/40389 CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...) NOT-FOR-US: PRTG Network Monitor CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...) NOT-FOR-US: NetSetMan Pro CVE-2021-34545 RESERVED CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...) NOT-FOR-US: Solar-Log CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...) NOT-FOR-US: Solar-Log CVE-2021-34542 RESERVED CVE-2021-34541 RESERVED CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) NOT-FOR-US: Advantech WebAccess CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) NOT-FOR-US: CubeCoders AMP CVE-2021-34538 (Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does ...) NOT-FOR-US: Apache Hive CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...) NOT-FOR-US: Cerberus FTP Server Enterprise CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34531 RESERVED CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34527 (

A remote code execution vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2021-34526 RESERVED CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34524 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34515 RESERVED CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34506 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34505 RESERVED CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34502 RESERVED CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34495 RESERVED CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2021-34492 (Windows Certificate Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34491 (Win32k Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34482 RESERVED CVE-2021-34481 (

A remote code execution vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34472 RESERVED CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34465 RESERVED CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34463 RESERVED CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34443 RESERVED CVE-2021-34442 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34440 (GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-3591 REJECTED CVE-2021-3590 (A flaw was found in Foreman project. A credential leak was identified ...) - foreman (bug #663101) CVE-2021-3589 (An authorization flaw was found in Foreman Ansible. An authenticated a ...) NOT-FOR-US: Foreman Ansible CVE-2021-34437 RESERVED CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...) NOT-FOR-US: Eclipse Theia CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...) NOT-FOR-US: Eclipse Theia CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...) {DSA-5511-1} - mosquitto 2.0.15-1 (bug #993400) [buster] - mosquitto (Vulnerable code introduced later) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324 NOTE: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/638 NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/32af599c81e63fa38e834b8f1c1f108c49328e95 (v2.0.12) CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...) NOT-FOR-US: Eclipse Californium CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) - mosquitto 2.0.8-1 [buster] - mosquitto (Vulnerable code is not accessible in version 1.x) [stretch] - mosquitto (Vulnerable code is not accessible in version 1.x) NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) - mosquitto 2.0.11-1 [bullseye] - mosquitto (Minor issue) [buster] - mosquitto (Vulnerable code introduced later) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) NOT-FOR-US: Eclipse TinyDTLS CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0. ...) - jetty9 9.4.39-3 (bug #991188) [buster] - jetty9 (Vulnerable code was introduced in version 9.4.37) [stretch] - jetty9 (Vulnerable code was introduced in version 9.4.37) NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exce ...) {DSA-4949-1} - jetty9 9.4.39-2 (bug #990578) [stretch] - jetty9 (vulnerable code is not present) - jetty8 - jetty NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 NOTE: https://github.com/eclipse/jetty.project/issues/6277 NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x) CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...) NOT-FOR-US: Eclipse BIRT CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...) NOT-FOR-US: Keybase Client for Windows CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...) NOT-FOR-US: Zoom CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...) NOT-FOR-US: Zoom CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...) NOT-FOR-US: Zoom CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...) NOT-FOR-US: Keybase Client for Windows CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...) NOT-FOR-US: Keybase Client for Android and iOS CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...) NOT-FOR-US: Zoom Client for Meetings for Windows installer CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...) NOT-FOR-US: Zoom Client for Meetings for Ubuntu Linux CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...) NOT-FOR-US: Zoom CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...) NOT-FOR-US: Zoom CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...) NOT-FOR-US: Zoom on-premise Meeting Connector CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...) NOT-FOR-US: Zoom On-Premise Meeting Connector Controller CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...) NOT-FOR-US: Zoom On-Premise Meeting Connector Controller CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...) NOT-FOR-US: Zoom CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...) NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-34407 REJECTED CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) NOT-FOR-US: NVIDIA CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone\u2019s ...) NOT-FOR-US: NVIDIA CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) NOT-FOR-US: NVIDIA CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) NOT-FOR-US: NVIDIA CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) NOT-FOR-US: NVIDIA CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) NOT-FOR-US: NVIDIA CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) NOT-FOR-US: NVIDIA CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) NOT-FOR-US: NVIDIA CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...) NOT-FOR-US: NVIDIA CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...) NOT-FOR-US: NVIDIA CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...) NOT-FOR-US: NVIDIA CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...) NOT-FOR-US: Trusty CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...) NOT-FOR-US: Trusty CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...) NOT-FOR-US: Trusty CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: Trusty CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) NOT-FOR-US: Trusty CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) NOT-FOR-US: Trusty CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...) NOT-FOR-US: NVIDIA CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...) NOT-FOR-US: NVIDIA CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...) NOT-FOR-US: NVIDIA CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: NVIDIA CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) NOT-FOR-US: Trusty TLK (NVIDIA) CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) NOT-FOR-US: NVIDIA CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) NOT-FOR-US: NVIDIA CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel\u2019s tz ...) NOT-FOR-US: NVIDIA CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...) NOT-FOR-US: NVIDIA CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...) NOT-FOR-US: NVIDIA CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...) NOT-FOR-US: rusty TLK (NVIDIA) CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...) NOT-FOR-US: Trusty CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...) NOT-FOR-US: Neo4j CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...) NOT-FOR-US: Accela Civic Platform CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...) NOT-FOR-US: Accela Civic Platform CVE-2021-34368 REJECTED CVE-2021-34367 REJECTED CVE-2021-34366 REJECTED CVE-2021-34365 REJECTED CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...) NOT-FOR-US: Refined GitHub browser extension CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) - thefuck 3.29-0.3 (bug #989989) [buster] - thefuck (Minor issue) [stretch] - thefuck (Minor issue) NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) NOTE: https://github.com/nvbn/thefuck/pull/1206 CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34360 (A cross-site request forgery (CSRF) vulnerability has been reported to ...) NOT-FOR-US: QNAP CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...) NOT-FOR-US: QNAP CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) NOT-FOR-US: QNAP CVE-2021-34353 RESERVED CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34350 RESERVED CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...) NOT-FOR-US: QNAP CVE-2021-34347 RESERVED CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2022-20001 (fish is a command line shell. fish version 3.1.0 through version 3.3.1 ...) {DSA-5234-1} - fish 3.4.0+ds-1 [buster] - fish (Vulnerable code introduced later) [stretch] - fish (Vulnerable code introduced later) NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-pj5f-6vxj-f5mq NOTE: https://github.com/fish-shell/fish-shell/pull/8589 NOTE: https://github.com/fish-shell/fish-shell/commit/37625053d424c1ab88de2b0c50c7fe71e1468e2c (3.4.0) CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) - bluez 5.55-3.1 (bug #989700) [buster] - bluez (Vulnerable code introduced later) [stretch] - bluez (Vulnerable code introduced later) NOTE: https://github.com/bluez/bluez/issues/70 NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56) CVE-2021-34342 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function new ...) - ming NOTE: https://github.com/libming/libming/issues/205 CVE-2021-34341 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function dec ...) - ming NOTE: https://github.com/libming/libming/issues/204 CVE-2021-34340 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function de ...) - ming NOTE: https://github.com/libming/libming/issues/203 CVE-2021-34339 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function ge ...) - ming NOTE: https://github.com/libming/libming/issues/202 CVE-2021-34338 (Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function ...) - ming NOTE: https://github.com/libming/libming/issues/201 CVE-2021-34337 (An issue was discovered in Mailman Core before 3.3.5. An attacker with ...) - mailman3 3.3.7-1 (bug #1004934) [bullseye] - mailman3 (Minor issue) [buster] - mailman3 (Minor issue; will be fixed via point release) NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1) CVE-2021-34336 RESERVED CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #992707) [bullseye] - exiv2 0.27.3-3+deb11u2 [buster] - exiv2 (resolveLens0xffff added in 0.26) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 NOTE: https://github.com/Exiv2/exiv2/pull/1750 CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DLA-3265-1} - exiv2 0.27.5-1 (bug #992706) [bullseye] - exiv2 0.27.3-3+deb11u2 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p NOTE: https://github.com/Exiv2/exiv2/pull/1766 CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) NOT-FOR-US: JT2Go CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) NOT-FOR-US: JT2Go CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) NOT-FOR-US: JT2Go CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) NOT-FOR-US: JT2Go CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) NOT-FOR-US: JT2Go CVE-2021-3586 (A flaw was found in servicemesh-operator. The NetworkPolicy resources ...) NOT-FOR-US: Maistra CVE-2021-3585 (A flaw was found in openstack-tripleo-heat-templates. Plain passwords ...) - tripleo-heat-templates NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247 CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...) - foreman (bug #663101) CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...) {DLA-3695-1} - ansible 5.4.0-1 [bullseye] - ansible (Minor issue) [stretch] - ansible (EOL'd for stretch) - ansible-core 2.12.0-1 - ansible-base NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412 NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid CVE-2021-34290 RESERVED CVE-2021-34289 RESERVED CVE-2021-34288 RESERVED CVE-2021-34287 RESERVED CVE-2021-34286 RESERVED CVE-2021-34285 RESERVED CVE-2021-34284 RESERVED CVE-2021-34283 RESERVED CVE-2021-34282 RESERVED CVE-2021-34281 RESERVED CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...) NOT-FOR-US: Polaris Office CVE-2021-34279 RESERVED CVE-2021-34278 RESERVED CVE-2021-34277 RESERVED CVE-2021-34276 RESERVED CVE-2021-34275 RESERVED CVE-2021-34274 RESERVED CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...) NOT-FOR-US: BTC2X CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...) NOT-FOR-US: RobotCoin CVE-2021-34271 RESERVED CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...) NOT-FOR-US: Doftcoin CVE-2021-34269 RESERVED CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...) NOT-FOR-US: STMicroelectronics CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...) NOT-FOR-US: STMicroelectronics CVE-2021-34266 RESERVED CVE-2021-34265 RESERVED CVE-2021-34264 RESERVED CVE-2021-34263 RESERVED CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...) NOT-FOR-US: STMicroelectronics CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...) NOT-FOR-US: STMicroelectronics CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...) NOT-FOR-US: STMicroelectronics CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...) NOT-FOR-US: STMicroelectronics CVE-2021-34258 RESERVED CVE-2021-34257 (Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 ...) NOT-FOR-US: WPanel CVE-2021-34256 RESERVED CVE-2021-34255 RESERVED CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...) NOT-FOR-US: Umbraco CMS CVE-2021-34253 RESERVED CVE-2021-34252 RESERVED CVE-2021-34251 RESERVED CVE-2021-34250 REJECTED CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...) NOT-FOR-US: Sourcecodester CVE-2021-34248 REJECTED CVE-2021-34247 RESERVED CVE-2021-34246 RESERVED CVE-2021-34245 RESERVED CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...) NOT-FOR-US: Ice Hrm CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...) NOT-FOR-US: Ice Hrm CVE-2021-34242 RESERVED CVE-2021-34241 RESERVED CVE-2021-34240 RESERVED CVE-2021-34239 RESERVED CVE-2021-34238 RESERVED CVE-2021-34237 RESERVED CVE-2021-34236 (Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows ...) NOT-FOR-US: Netgear CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...) NOT-FOR-US: Tokheim Profleet DiaLOG CVE-2021-34234 RESERVED CVE-2021-34233 RESERVED CVE-2021-34232 RESERVED CVE-2021-34231 RESERVED CVE-2021-34230 RESERVED CVE-2021-34229 RESERVED CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...) NOT-FOR-US: TOTOLINK CVE-2021-34227 RESERVED CVE-2021-34226 RESERVED CVE-2021-34225 RESERVED CVE-2021-34224 RESERVED CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...) NOT-FOR-US: TOTOLINK CVE-2021-34222 RESERVED CVE-2021-34221 RESERVED CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...) NOT-FOR-US: TOTOLINK CVE-2021-34219 RESERVED CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...) NOT-FOR-US: TOTOLINK CVE-2021-34217 RESERVED CVE-2021-34216 RESERVED CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...) NOT-FOR-US: TOTOLINK CVE-2021-34214 RESERVED CVE-2021-34213 RESERVED CVE-2021-34212 RESERVED CVE-2021-34211 RESERVED CVE-2021-34210 RESERVED CVE-2021-34209 RESERVED CVE-2021-34208 RESERVED CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...) NOT-FOR-US: TOTOLINK CVE-2021-34206 RESERVED CVE-2021-34205 RESERVED CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...) NOT-FOR-US: D-Link CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...) NOT-FOR-US: D-Link CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...) NOT-FOR-US: D-Link CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...) NOT-FOR-US: D-Link CVE-2021-34200 RESERVED CVE-2021-34199 RESERVED CVE-2021-34198 RESERVED CVE-2021-34197 RESERVED CVE-2021-34196 RESERVED CVE-2021-34195 RESERVED CVE-2021-34194 RESERVED CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware before 0. ...) - opensc 0.22.0-1 [bullseye] - opensc (Minor issue) [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27719 NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768 NOTE: https://github.com/OpenSC/OpenSC/commit/d353a46d0444bb34ca28a3dcc884afe196f851b6 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855 NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912 NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112 NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800 NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448 NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540 NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32149 NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/715c17c469f6c463dd511a5deb229da4de9ee100 (0.22.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/issues/2841 NOTE: CVE-2021-34193 is containing fixes as well for CVE-2021-42778, CVE-2021-42779, CVE-2021-42780, NOTE: CVE-2021-42781 and CVE-2021-42782 and might get rejected. CVE-2021-34192 RESERVED CVE-2021-34191 RESERVED CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) NOT-FOR-US: Issabel PBX CVE-2021-34189 RESERVED CVE-2021-34188 RESERVED CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...) NOT-FOR-US: Chamilo CVE-2021-34186 RESERVED CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...) NOT-FOR-US: Miniaudio CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...) NOT-FOR-US: Miniaudio CVE-2021-34183 REJECTED CVE-2021-34182 (An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via ...) - ttyd 1.6.3-2 NOTE: This is intended behaviour and since 1.6.3-2 the Debian package ships a README.Debian NOTE: describing the default behaviour CVE-2021-34181 (Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name par ...) NOT-FOR-US: TomExam CVE-2021-34180 RESERVED CVE-2021-34179 RESERVED CVE-2021-34178 RESERVED CVE-2021-34177 RESERVED CVE-2021-34176 RESERVED CVE-2021-34175 RESERVED CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...) NOT-FOR-US: Broadcom CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...) NOT-FOR-US: Espressif CVE-2021-34172 RESERVED CVE-2021-34171 RESERVED CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...) NOT-FOR-US: Bandai CVE-2021-34169 RESERVED CVE-2021-34168 RESERVED CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows ...) NOT-FOR-US: taoCMS CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...) NOT-FOR-US: Sourcecodester CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...) NOT-FOR-US: Sourcecodester CVE-2021-34164 (Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated at ...) NOT-FOR-US: LIZHIFAKA CVE-2021-34163 RESERVED CVE-2021-34162 RESERVED CVE-2021-34161 RESERVED CVE-2021-34160 RESERVED CVE-2021-34159 RESERVED CVE-2021-34158 RESERVED CVE-2021-34157 RESERVED CVE-2021-34156 RESERVED CVE-2021-34155 RESERVED CVE-2021-34154 RESERVED CVE-2021-34153 RESERVED CVE-2021-34152 RESERVED CVE-2021-34151 RESERVED CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...) NOT-FOR-US: Bluetrum CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...) NOT-FOR-US: Texas Instruments CC256XCQFN-EM CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware 1.2-8 (bug #1024356) [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware 1.2-8 (bug #1024356) [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...) - bluez-firmware 1.2-8 (bug #1024356) [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) - bluez-firmware 1.2-8 (bug #1024356) [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-34142 RESERVED CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...) - numpy (unimportant) NOTE: https://github.com/numpy/numpy/issues/18993 NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0) NOTE: Negligible security impact CVE-2021-34140 RESERVED CVE-2021-34139 RESERVED CVE-2021-34138 RESERVED CVE-2021-34137 RESERVED CVE-2021-34136 RESERVED CVE-2021-34135 RESERVED CVE-2021-34134 RESERVED CVE-2021-34133 RESERVED CVE-2021-34132 RESERVED CVE-2021-34131 RESERVED CVE-2021-34130 RESERVED CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...) NOT-FOR-US: LaikeTui CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...) NOT-FOR-US: LaikeTui CVE-2021-34127 RESERVED CVE-2021-34126 RESERVED CVE-2021-34125 (An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and ...) NOT-FOR-US: Yuneec Mantis CVE-2021-34124 RESERVED CVE-2021-34123 (An issue was discovered on atasm, version 1.09. A stack-buffer-overflo ...) NOT-FOR-US: atasm CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NU ...) NOT-FOR-US: ffjpeg CVE-2021-34121 (An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function par ...) - htmldoc 1.9.13-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/433 NOTE: https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab (v1.9.13) CVE-2021-34120 RESERVED CVE-2021-34119 (A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ...) - htmldoc 1.9.12-1 (unimportant) NOTE: https://github.com/michaelrsweet/htmldoc/issues/431 NOTE: https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48 (v1.9.12) CVE-2021-34118 RESERVED CVE-2021-34117 (SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in ...) NOT-FOR-US: SEO Panel CVE-2021-34116 RESERVED CVE-2021-34115 RESERVED CVE-2021-34114 RESERVED CVE-2021-34113 RESERVED CVE-2021-34112 RESERVED CVE-2021-34111 (Thecus 4800Eco was discovered to contain a command injection vulnerabi ...) NOT-FOR-US: Thecus NAS server N4800Eco CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...) NOT-FOR-US: WinWaste.NET CVE-2021-34109 RESERVED CVE-2021-34108 RESERVED CVE-2021-34107 RESERVED CVE-2021-34106 RESERVED CVE-2021-34105 RESERVED CVE-2021-34104 RESERVED CVE-2021-34103 RESERVED CVE-2021-34102 RESERVED CVE-2021-34101 RESERVED CVE-2021-34100 RESERVED CVE-2021-34099 RESERVED CVE-2021-34098 RESERVED CVE-2021-34097 RESERVED CVE-2021-34096 RESERVED CVE-2021-34095 RESERVED CVE-2021-34094 RESERVED CVE-2021-34093 RESERVED CVE-2021-34092 RESERVED CVE-2021-34091 RESERVED CVE-2021-34090 RESERVED CVE-2021-34089 RESERVED CVE-2021-34088 RESERVED CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) NOT-FOR-US: Ultimaker CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) NOT-FOR-US: Ultimaker CVE-2021-34085 (Read access violation in the III_dequantize_sample function in mpglibD ...) - mp3gain 1.6.2-1 NOTE: Vulnerable code removed in https://sourceforge.net/p/mp3gain/code/ci/aea83203960fc6d3237b1ae38e8434ec8681b21a/ (v1.6.0) NOTE: https://drive.google.com/drive/folders/1epm65c4_iC0zE5V_leoet4Jyk1Prz2p5?usp=sharing CVE-2021-34084 (OS command injection vulnerability in Turistforeningen node-s3-uploade ...) NOT-FOR-US: Node s3-uploader CVE-2021-34083 (Google-it is a Node.js package which allows its users to send search q ...) NOT-FOR-US: Node google-it CVE-2021-34082 (OS Command Injection vulnerability in allenhwkim proctree through 0.1. ...) NOT-FOR-US: Node proctree CVE-2021-34081 (OS Command Injection vulnerability in bbultman gitsome through 0.2.3 a ...) NOT-FOR-US: Node bbultman gitsome CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...) NOT-FOR-US: Node ssl-utils CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester through 1.2 ...) NOT-FOR-US: Mintzo Docker-Tester CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...) NOT-FOR-US: Node lifion-verify-deps CVE-2021-34077 RESERVED CVE-2021-34076 (File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to ...) NOT-FOR-US: PHPOK CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is se ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote c ...) NOT-FOR-US: PandoraFMS CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...) NOT-FOR-US: Sourcecodester CVE-2021-34072 RESERVED CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...) NOT-FOR-US: tsMuxer CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...) NOT-FOR-US: tsMuxer CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) NOT-FOR-US: tsMuxer CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...) NOT-FOR-US: EdgeGallery/developer CVE-2021-34065 RESERVED CVE-2021-34064 REJECTED CVE-2021-34063 RESERVED CVE-2021-34062 RESERVED CVE-2021-34061 RESERVED CVE-2021-34060 RESERVED CVE-2021-34059 RESERVED CVE-2021-34058 RESERVED CVE-2021-34057 RESERVED CVE-2021-34056 RESERVED CVE-2021-34055 (jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put ...) {DSA-5294-1 DLA-3219-1} - jhead 1:3.06.0.1-5 (bug #1024272) NOTE: https://github.com/Matthias-Wandel/jhead/issues/36 NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/f0a884210cc46830b176f71fd61569adc8f230a7 CVE-2021-34054 RESERVED CVE-2021-34053 RESERVED CVE-2021-34052 RESERVED CVE-2021-34051 RESERVED CVE-2021-34050 RESERVED CVE-2021-34049 RESERVED CVE-2021-34048 RESERVED CVE-2021-34047 RESERVED CVE-2021-34046 RESERVED CVE-2021-34045 RESERVED CVE-2021-34044 RESERVED CVE-2021-34043 RESERVED CVE-2021-34042 RESERVED CVE-2021-34041 RESERVED CVE-2021-34040 RESERVED CVE-2021-34039 RESERVED CVE-2021-34038 RESERVED CVE-2021-34037 RESERVED CVE-2021-34036 RESERVED CVE-2021-34035 RESERVED CVE-2021-34034 RESERVED CVE-2021-34033 RESERVED CVE-2021-34032 RESERVED CVE-2021-34031 RESERVED CVE-2021-34030 RESERVED CVE-2021-34029 RESERVED CVE-2021-34028 RESERVED CVE-2021-34027 RESERVED CVE-2021-34026 RESERVED CVE-2021-34025 RESERVED CVE-2021-34024 RESERVED CVE-2021-34023 RESERVED CVE-2021-34022 RESERVED CVE-2021-34021 RESERVED CVE-2021-34020 RESERVED CVE-2021-34019 RESERVED CVE-2021-34018 RESERVED CVE-2021-34017 RESERVED CVE-2021-34016 RESERVED CVE-2021-34015 RESERVED CVE-2021-34014 RESERVED CVE-2021-34013 RESERVED CVE-2021-34012 RESERVED CVE-2021-34011 RESERVED CVE-2021-34010 RESERVED CVE-2021-34009 RESERVED CVE-2021-34008 RESERVED CVE-2021-34007 RESERVED CVE-2021-34006 RESERVED CVE-2021-34005 RESERVED CVE-2021-34004 RESERVED CVE-2021-34003 RESERVED CVE-2021-34002 RESERVED CVE-2021-34001 RESERVED CVE-2021-34000 RESERVED CVE-2021-33999 RESERVED CVE-2021-33998 RESERVED CVE-2021-33997 RESERVED CVE-2021-33996 RESERVED CVE-2021-33995 RESERVED CVE-2021-33994 RESERVED CVE-2021-33993 RESERVED CVE-2021-33992 RESERVED CVE-2021-33991 RESERVED CVE-2021-33990 (Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder ...) NOT-FOR-US: Liferay Portal CVE-2021-33989 RESERVED CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...) NOT-FOR-US: Microweber CMS CVE-2021-33987 RESERVED CVE-2021-33986 RESERVED CVE-2021-33985 RESERVED CVE-2021-33984 RESERVED CVE-2021-33983 (Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local ...) NOT-FOR-US: Dvidelabs CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...) NOT-FOR-US: "Fish | Hunt FL" iOS app CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...) NOT-FOR-US: "Fish | Hunt FL" iOS app CVE-2021-33980 RESERVED CVE-2021-33979 RESERVED CVE-2021-33978 RESERVED CVE-2021-33977 RESERVED CVE-2021-33976 RESERVED CVE-2021-33975 (Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 ...) NOT-FOR-US: Qihoo 360 CVE-2021-33974 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...) NOT-FOR-US: Qihoo 360 CVE-2021-33973 (Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v1 ...) NOT-FOR-US: Qihoo 360 CVE-2021-33972 (Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 a ...) NOT-FOR-US: Qihoo 360 CVE-2021-33971 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...) NOT-FOR-US: Qihoo 360 CVE-2021-33970 (Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows ...) NOT-FOR-US: Qihoo 360 CVE-2021-33969 RESERVED CVE-2021-33968 RESERVED CVE-2021-33967 RESERVED CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) - spotweb [buster] - spotweb (Minor issue) [stretch] - spotweb (Minor issue; possible reflected XSS with unconclusive PoC "proof") NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33961 (A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github ...) NOT-FOR-US: enhanced-github browser extension CVE-2021-33960 RESERVED CVE-2021-33959 (Plex media server 1.21 and before is vulnerable to ddos reflection att ...) NOT-FOR-US: Plex CVE-2021-33958 RESERVED CVE-2021-33957 RESERVED CVE-2021-33956 RESERVED CVE-2021-33955 RESERVED CVE-2021-33954 RESERVED CVE-2021-33953 RESERVED CVE-2021-33952 RESERVED CVE-2021-33951 RESERVED CVE-2021-33950 (An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensi ...) NOT-FOR-US: OpenKM CVE-2021-33949 (An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary cod ...) NOT-FOR-US: FeMiner WMS CVE-2021-33948 (SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows ...) NOT-FOR-US: FantasticLBP Hotels Server CVE-2021-33947 RESERVED CVE-2021-33946 RESERVED CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...) NOT-FOR-US: RICOH CVE-2021-33944 RESERVED CVE-2021-33943 RESERVED CVE-2021-33942 RESERVED CVE-2021-33941 RESERVED CVE-2021-33940 RESERVED CVE-2021-33939 RESERVED CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/420 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33937 RESERVED CVE-2021-33936 RESERVED CVE-2021-33935 RESERVED CVE-2021-33934 RESERVED CVE-2021-33933 RESERVED CVE-2021-33932 RESERVED CVE-2021-33931 RESERVED CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...) - libsolv 0.7.17-1 [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) NOTE: https://github.com/openSUSE/libsolv/issues/417 NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) CVE-2021-33927 RESERVED CVE-2021-33926 (An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5. ...) NOT-FOR-US: Plone CVE-2021-33925 (SQL Injection vulnerability in nitinparashar30 cms-corephp through com ...) NOT-FOR-US: nitinparashar30 CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...) NOT-FOR-US: Confluent Ansible CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...) NOT-FOR-US: Confluent Ansible CVE-2021-33922 RESERVED CVE-2021-33921 RESERVED CVE-2021-33920 RESERVED CVE-2021-33919 RESERVED CVE-2021-33918 RESERVED CVE-2021-33917 RESERVED CVE-2021-33916 RESERVED CVE-2021-33915 RESERVED CVE-2021-33914 RESERVED CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...) {DLA-2890-1} - libspf2 1.2.10-7.1 [bullseye] - libspf2 1.2.10-7.1~deb11u1 [buster] - libspf2 1.2.10-7.1~deb10u1 NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure NOTE: https://github.com/shevek/libspf2/pull/35 NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070 CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...) {DLA-2890-1} - libspf2 1.2.10-7.1 [bullseye] - libspf2 1.2.10-7.1~deb11u1 [buster] - libspf2 1.2.10-7.1~deb10u1 NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure NOTE: https://github.com/shevek/libspf2/pull/35 NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...) NOT-FOR-US: Zoho CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...) {DSA-4942-1 DLA-2715-1} - systemd 247.3-6 NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220) NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9 NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix) NOTE: https://github.com/systemd/systemd/pull/20256 CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...) {DSA-4941-1 DLA-2714-1 DLA-2713-1} - linux 5.10.46-2 NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b CVE-2021-33908 RESERVED CVE-2020-36387 (An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring. ...) - linux 5.7.17-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6d816e088c359866f9867057e04f244c608c42fe CVE-2020-36386 (An issue was discovered in the Linux kernel before 5.8.1. net/bluetoot ...) - linux 5.7.17-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/51c19bf3d5cfaa66571e4b88ba2a6f6295311101 CVE-2019-25045 (An issue was discovered in the Linux kernel before 5.0.19. The XFRM su ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. There is a ...) - linux 4.14.17-1 [stretch] - linux 4.9.80-1 NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f CVE-2021-3587 REJECTED CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) {DLA-3099-1} - qemu 1:5.2+dfsg-11 (bug #990565) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html NOTE: Upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=284f191b4abad213aed04cb0458e1600fd18d7c4 CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...) NOT-FOR-US: Zoom Client for Meetings for Windows CVE-2021-33906 RESERVED CVE-2021-33905 RESERVED CVE-2021-33904 (In Accela Civic Platform through 21.1, the security/hostSignon.do para ...) NOT-FOR-US: Accela Civic Platform CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...) NOT-FOR-US: LANCOM CVE-2021-33902 RESERVED CVE-2021-33901 RESERVED CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...) - apache-directory-studio (bug #733044) NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1 CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color settings.) NOT-FOR-US: PageLayer CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size paramete ...) NOT-FOR-US: PageLayer CVE-2021-33899 RESERVED CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...) NOT-FOR-US: Invoice Ninja CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a non-Latin loca ...) NOT-FOR-US: Synthesia CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...) - dino-im 0.2.0-3 [buster] - dino-im (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2 NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master) NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1) CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...) NOT-FOR-US: ETINET CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...) NOT-FOR-US: Progress MOVEit CVE-2021-33893 RESERVED CVE-2021-33892 RESERVED CVE-2021-33891 RESERVED CVE-2021-33890 RESERVED CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...) NOT-FOR-US: OpenThread wpantund CVE-2021-33888 RESERVED CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...) {DLA-2680-1} - nginx 1.13.6-1 NOTE: https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf NOTE: https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b NOTE: https://trac.nginx.org/nginx/ticket/1368 CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...) NOT-FOR-US: Peloton TTR01 CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...) NOT-FOR-US: B. Braun SpaceCom2 CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...) NOT-FOR-US: NXP CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...) - python-websockets 9.1-1 (bug #989561) [bullseye] - python-websockets 8.1-1+deb11u1 [buster] - python-websockets (Vulnerable code introduced in 8.0) [stretch] - python-websockets (Vulnerable code introduced in 8.0) NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...) NOT-FOR-US: Tencent CVE-2021-33878 RESERVED CVE-2021-33877 RESERVED CVE-2021-33876 RESERVED CVE-2021-33875 RESERVED CVE-2021-33874 RESERVED CVE-2021-33873 RESERVED CVE-2021-33872 RESERVED CVE-2021-33871 RESERVED CVE-2021-33870 RESERVED CVE-2021-33869 RESERVED CVE-2021-33868 RESERVED CVE-2021-33867 RESERVED CVE-2021-33866 RESERVED CVE-2021-33865 RESERVED CVE-2021-33864 RESERVED CVE-2021-33863 RESERVED CVE-2021-33862 RESERVED CVE-2021-33861 RESERVED CVE-2021-33860 RESERVED CVE-2021-33859 RESERVED CVE-2021-33858 RESERVED CVE-2021-33857 RESERVED CVE-2021-33856 RESERVED CVE-2021-33855 RESERVED CVE-2021-33854 RESERVED CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascri ...) NOT-FOR-US: X2Engine X2CRM CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...) NOT-FOR-US: post-duplicator-image plugin for WordPress CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...) NOT-FOR-US: customize-login-image plugin for WordPress CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...) NOT-FOR-US: Microsoft CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...) NOT-FOR-US: Zoho CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions > ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...) {DSA-4933-1 DLA-2760-1} - nettle 3.7.3-1 (bug #989631) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983 NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.1 (bug #1021135) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664 NOTE: https://sourceforge.net/p/sox/bugs/349/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) NOT-FOR-US: Circutor SGE-PLC1000 firmware CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...) NOT-FOR-US: SGE-PLC1000 device CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.2 (bug #1010374) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670 NOTE: https://sourceforge.net/p/sox/bugs/351/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.2 (bug #1021134) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666 NOTE: https://sourceforge.net/p/sox/bugs/350/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) {DSA-5356-1 DLA-3315-1} - sox 14.4.2+git20190427-3.2 (bug #1021133) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671 NOTE: https://sourceforge.net/p/sox/bugs/352/ NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) NOT-FOR-US: Luca CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) NOT-FOR-US: Luca CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) NOT-FOR-US: Luca CVE-2021-33837 RESERVED CVE-2021-33836 RESERVED CVE-2021-33835 RESERVED CVE-2021-33834 (An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6. ...) NOT-FOR-US: Insyde CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...) {DLA-2915-1} - connman 1.36-2.2 (bug #989662) [buster] - connman 1.36-2.1~deb10u2 NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c CVE-2021-33832 RESERVED CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...) NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany) CVE-2021-33830 RESERVED CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) {DLA-2813-1} - ckeditor 4.16.0+dfsg-2 [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1015217) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) [buster] - ckeditor3 (No longer supported in LTS) [stretch] - ckeditor3 (EOL'd for stretch) NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...) - owncloud CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...) - owncloud CVE-2021-33826 RESERVED CVE-2021-33825 RESERVED CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) NOT-FOR-US: MOXA CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) NOT-FOR-US: MOXA CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...) NOT-FOR-US: 4GEE ROUTER HH70VB CVE-2021-33821 RESERVED CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) NOT-FOR-US: UniFi Protect G3 FLEX Camera CVE-2021-33819 RESERVED CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) NOT-FOR-US: UniFi Protect G3 FLEX Camera CVE-2021-33817 RESERVED CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...) - dolibarr CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...) [experimental] - ffmpeg - ffmpeg (Vulnerable code not present, introduced in cc85ca1cb34) NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 CVE-2021-33814 RESERVED CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...) {DLA-2712-1 DLA-2696-1} - libjdom2-intellij-java (bug #990673) [bookworm] - libjdom2-intellij-java (Minor issue) [bullseye] - libjdom2-intellij-java (Minor issue) [buster] - libjdom2-intellij-java (Minor issue) - libjdom2-java 2.0.6-2.1 (bug #990671) [buster] - libjdom2-java (Minor issue) - libjdom1-java 1.1.3-2.1 (bug #990672) [buster] - libjdom1-java (Minor issue) NOTE: https://github.com/hunterhacker/jdom/pull/188 NOTE: https://alephsecurity.com/vulns/aleph-2021003 NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011 NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361 NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5 CVE-2021-33812 RESERVED CVE-2021-33811 RESERVED CVE-2021-33810 RESERVED CVE-2021-33809 RESERVED CVE-2021-33808 RESERVED CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...) NOT-FOR-US: Cartadis Gespage CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...) NOT-FOR-US: Bitdefender CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...) {DLA-3066-1} - isync 1.3.0-2.2 (bug #989564) [buster] - isync 1.3.0-2.2~deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1 CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...) NOT-FOR-US: BDew BdLib library CVE-2021-33805 REJECTED CVE-2021-3577 (An unauthenticated remote code execution vulnerability was reported in ...) NOT-FOR-US: Binatone CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...) NOT-FOR-US: Bitdefender CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...) - openjpeg2 (bug #989775) [bookworm] - openjpeg2 (Minor issue) [bullseye] - openjpeg2 (Minor issue) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1347 NOTE: https://github.com/uclouvain/openjpeg/pull/1509 NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf (v2.5.1) CVE-2021-3574 (A vulnerability was found in ImageMagick-7.0.11-5, where executing a c ...) {DLA-3357-1} [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1027164) [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u2 NOTE: https://github.com/ImageMagick/ImageMagick/issues/3540 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792 CVE-2021-33804 RESERVED CVE-2021-33803 RESERVED CVE-2021-33802 RESERVED CVE-2021-33801 RESERVED CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...) NOT-FOR-US: Alibaba Druid CVE-2021-33799 RESERVED CVE-2021-33798 (A null pointer dereference was found in libpano13, version libpano13-2 ...) NOTE: duplicate of CVE-2021-33293, pinged Fedora for reject CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...) - mujs 1.1.3-2 [bullseye] - mujs 1.1.0-1+deb11u3 NOTE: https://github.com/ccxvii/mujs/issues/148 NOTE: https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 (1.1.2) CVE-2021-33796 (In MuJS before version 1.1.2, a use-after-free flaw in the regexp sour ...) - mujs 1.1.3-2 [bullseye] - mujs (Minor issue) NOTE: https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515 (1.1.2) CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2 CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...) NOT-FOR-US: Foxit CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...) NOT-FOR-US: Foxit Reader CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) NOT-FOR-US: Foxit Reader CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) NOT-FOR-US: Foxit CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...) - python-pip 20.3.4-2 [buster] - python-pip (Minor issue) [stretch] - python-pip (Minor issue. Fix along with next DLA) NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957 NOTE: https://github.com/pypa/pip/pull/9827 NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1) CVE-2021-33791 REJECTED CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...) - linuxptp 3.1-2.1 (bug #990749) [buster] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) [stretch] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master) NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...) {DSA-4938-1 DLA-2723-1} - linuxptp 3.1-2.1 (bug #990748) NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master) NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1) NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3) NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1) NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 CVE-2020-36385 (An issue was discovered in the Linux kernel before 5.10. drivers/infin ...) - linux 5.10.4-1 NOTE: https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1 CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigge ...) NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...) NOT-FOR-US: RebornCore CVE-2021-33789 RESERVED CVE-2021-33788 (Windows LSA Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33787 RESERVED CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33779 (Windows AD FS Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33770 RESERVED CVE-2021-33769 RESERVED CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33766 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33765 (Windows Installer Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...) NOT-FOR-US: Microsoft CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33748 RESERVED CVE-2021-33747 RESERVED CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-36381 (An issue was discovered in the singleCrunch function in shenzhim aaptj ...) NOT-FOR-US: aaptjs CVE-2020-36380 (An issue was discovered in the crunch function in shenzhim aaptjs 1.3. ...) NOT-FOR-US: aaptjs CVE-2020-36379 (An issue was discovered in the remove function in shenzhim aaptjs 1.3. ...) NOT-FOR-US: aaptjs CVE-2020-36378 (An issue was discovered in the packageCmd function in shenzhim aaptjs ...) NOT-FOR-US: aaptjs CVE-2020-36377 (An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, ...) NOT-FOR-US: aaptjs CVE-2020-36376 (An issue was discovered in the list function in shenzhim aaptjs 1.3.1, ...) NOT-FOR-US: aaptjs CVE-2020-36375 (Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, all ...) NOT-FOR-US: Cesanta MJS CVE-2020-36374 (Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, a ...) NOT-FOR-US: Cesanta MJS CVE-2020-36373 (Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allow ...) NOT-FOR-US: Cesanta MJS CVE-2020-36372 (Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, a ...) NOT-FOR-US: Cesanta MJS CVE-2020-36371 (Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, ...) NOT-FOR-US: Cesanta MJS CVE-2020-36370 (Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-36369 (Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20. ...) NOT-FOR-US: Cesanta MJS CVE-2020-36368 (Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, al ...) NOT-FOR-US: Cesanta MJS CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...) - libtpms 0.8.2-1 NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0) NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2) CVE-2021-3568 RESERVED CVE-2021-3567 (A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. ...) - caribou 0.4.21-7.1 (bug #980061) [buster] - caribou (Security impact only with cinnamon-screensaver >= 4.2) [stretch] - caribou (Security impact only with cinnamon-screensaver >= 4.2) NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060 NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3 NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6 CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.2 ...) NOT-FOR-US: JT2Go CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...) NOT-FOR-US: Siemens CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) NOT-FOR-US: Siemens CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix Applications CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.1 ...) NOT-FOR-US: JT2Go CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...) NOT-FOR-US: Siemens CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...) NOT-FOR-US: Mendix SAML Module CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) NOT-FOR-US: Siemens CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...) NOT-FOR-US: Kyma CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...) NOT-FOR-US: SAP CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...) NOT-FOR-US: InfraBox CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...) NOT-FOR-US: SAP CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...) NOT-FOR-US: SAP CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...) NOT-FOR-US: NetWeaver CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...) NOT-FOR-US: NetWeaver CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...) NOT-FOR-US: SAP CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...) NOT-FOR-US: SAP CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...) NOT-FOR-US: Android CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...) NOT-FOR-US: SAP CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...) NOT-FOR-US: SAP CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...) NOT-FOR-US: SAP CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...) NOT-FOR-US: SAP CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...) NOT-FOR-US: SAP CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...) NOT-FOR-US: SAP CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...) NOT-FOR-US: SAP CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...) NOT-FOR-US: SAP CVE-2021-33689 (When user with insufficient privileges tries to access any application ...) NOT-FOR-US: SAP CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...) NOT-FOR-US: SAP CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...) NOT-FOR-US: SAP CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...) NOT-FOR-US: SAP CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...) NOT-FOR-US: SAP CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...) NOT-FOR-US: SAP CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...) NOT-FOR-US: SAP CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...) NOT-FOR-US: SAP CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...) NOT-FOR-US: SAP CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...) NOT-FOR-US: SAP CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...) NOT-FOR-US: SAP CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...) NOT-FOR-US: SAP CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...) NOT-FOR-US: SAP CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...) NOT-FOR-US: SAP CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...) NOT-FOR-US: SAP CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...) NOT-FOR-US: SAP CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...) NOT-FOR-US: SAP CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...) NOT-FOR-US: SAP CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...) NOT-FOR-US: SAP CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...) NOT-FOR-US: SAP CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...) NOT-FOR-US: SAP CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...) NOT-FOR-US: SAP CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...) NOT-FOR-US: SAP CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...) NOT-FOR-US: SAP CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...) NOT-FOR-US: SAP CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...) NOT-FOR-US: SAP CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...) NOT-FOR-US: A-Tune OS tuning engine CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple ...) {DLA-3314-1} - libsdl1.2 1.2.15+dfsg2-7 (bug #1014577) [bullseye] - libsdl1.2 (Minor issue) [buster] - libsdl1.2 (Minor issue) [stretch] - libsdl1.2 (Minor issue) - libsdl2 2.0.20+dfsg-2 [bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1 [stretch] - libsdl2 (Minor issue) NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20) CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kernel will ...) {DLA-3131-1} - linux 5.14.6-1 [bullseye] - linux 5.10.127-1 NOTE: https://git.kernel.org/linus/ff2047fb755d4415ec3c70ac799889371151796d (v5.12-rc1) CVE-2021-33655 (When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO, ...) {DSA-5191-1 DLA-3131-1} - linux 5.18.14-1 NOTE: https://git.kernel.org/linus/65a01e601dbba8b7a51a2677811f70f783766682 (5.19-rc7) NOTE: https://git.kernel.org/linus/e64242caef18b4a5840b0e7a9bff37abd4f4f933 (5.19-rc7) NOTE: https://git.kernel.org/linus/6c11df58fd1ac0aefcb3b227f72769272b939e56 (5.19-rc7) CVE-2021-33654 (When performing the initialization operation of the Split operator, if ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33653 (When performing the derivation shape operation of the SpaceToBatch ope ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33652 (When the Reduce operator run operation is executed, if there is a valu ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33651 (When performing the analytical operation of the DepthwiseConv2D operat ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33650 (When performing the inference shape operation of the SparseToDense ope ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33649 (When performing the inference shape operation of the Transpose operato ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33648 (When performing the inference shape operation of Affine, Concat, MatMu ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...) NOT-FOR-US: Mindspore deep learning CVE-2021-33646 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...) NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33645 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...) NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33644 (An attacker who submits a crafted tar file with size in header struct ...) NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...) NOT-FOR-US: Huawei OpenEuler OS CVE-2021-33642 (When a file is processed, an infinite loop occurs in next_inline() of ...) NOT-FOR-US: OpenEuler CVE-2021-33641 (When processing files, malloc stores the data of the current line. Whe ...) NOT-FOR-US: OpenEuler CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer ...) NOT-FOR-US: OpenEuler CVE-2021-33639 (REMAP cmd of SVM driver can be used to remap read only memory as read- ...) NOT-FOR-US: OpenEuler CVE-2021-33638 (When the isula cp command is used to copy files from a container to a ...) NOT-FOR-US: OpenEuler iSulad CVE-2021-33637 (When the isula export command is used to export a container to an imag ...) NOT-FOR-US: OpenEuler iSulad CVE-2021-33636 (When the isula load command is used to load malicious images, attacker ...) NOT-FOR-US: OpenEuler iSulad CVE-2021-33635 (When malicious images are pulled by isula pull, attackers can execute ...) NOT-FOR-US: OpenEuler iSulad CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious images, whi ...) NOT-FOR-US: OpenEuler lcr CVE-2021-33633 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) NOT-FOR-US: openEuler aops-ceres CVE-2021-33632 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in ope ...) NOT-FOR-US: openEuler iSulad CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler kernel on Li ...) - linux 6.1.4-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 NOTE: https://git.kernel.org/linus/5c099c4fdc438014d5893629e70a8ba934433ee8 (6.2-rc1) CVE-2021-33630 (NULL Pointer Dereference vulnerability in openEuler kernel on Linux (n ...) - linux 5.3.7-1 NOTE: https://git.kernel.org/linus/3e8b9bfa110896f95d602d8c98d5f9d67e41d78c (5.4-rc1) CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...) NOT-FOR-US: isula-build CVE-2021-33628 RESERVED CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...) NOT-FOR-US: Insyde CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) NOT-FOR-US: Insyde CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...) NOT-FOR-US: Insyde CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) {DLA-2785-1} - linux 5.10.46-1 [buster] - linux 4.19.208-1 [stretch] - linux (Too risky to backport, and mitigated by default) NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) {DLA-3247-1} - node-trim-newlines 3.0.0+~3.0.0-1 [bullseye] - node-trim-newlines 3.0.0-1+deb11u1 [stretch] - node-trim-newlines (Nodejs in stretch not covered by security support) NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v NOTE: https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91 (v4.0.1) NOTE: https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869 (v3.0.1) CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #990201) NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...) {DLA-3450-1} - ruby3.1 3.1.2-4 (bug #1024799) - ruby3.0 (bug #1024800) - ruby2.7 [bullseye] - ruby2.7 (Minor issue) - ruby2.5 NOTE: https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ NOTE: Fixed by: https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 (v0.3.4) NOTE: Possible followup needed: https://github.com/ruby/cgi/commit/b46d41c36380e04f6388970b5ef05c687f4d1819 (v0.3.5) NOTE: Fixed in Ruby 3.1.3, 3.0.5 and 2.2.7 CVE-2021-33619 RESERVED CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...) - dolibarr CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-33616 (RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.) NOT-FOR-US: RSA Archer CVE-2021-33615 (RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with ...) NOT-FOR-US: RSA Archer CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch NOTE: https://megamansec.github.io/Squid-Security-Audit/range-fatal.html CVE-2021-33614 RESERVED CVE-2021-33613 RESERVED CVE-2021-33612 RESERVED CVE-2021-33611 (Missing output sanitization in test sources in org.webjars.bowergithub ...) NOT-FOR-US: vaadin-menu-bar CVE-2021-33610 RESERVED CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) NOT-FOR-US: Vaadin CVE-2021-33608 RESERVED CVE-2021-33607 RESERVED CVE-2021-33606 RESERVED CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...) NOT-FOR-US: com.vaadin:vaadin-checkbox-flow CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...) NOT-FOR-US: com.vaadin:flow-server CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...) NOT-FOR-US: F-Secure CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...) NOT-FOR-US: F-Secure CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...) NOT-FOR-US: F-Secure CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...) NOT-FOR-US: F-Secure Antivirus CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...) NOT-FOR-US: F-Secure CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...) NOT-FOR-US: F-Secure CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...) NOT-FOR-US: Safe Browser for iOS CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...) NOT-FOR-US: Safe Browser for Android CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...) NOT-FOR-US: Whale browser for iOS CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) NOT-FOR-US: NAVER Toolbar CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) NOT-FOR-US: Naver Comic Viewer CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) NOT-FOR-US: GattLib CVE-2021-33589 (Ribose RNP before 0.15.1 does not implement a required step in a crypt ...) - rnp 0.15.1-1 NOTE: https://open.ribose.com/advisories/ra-2021-05-30/#CVE-2021-33589 CVE-2021-33588 RESERVED CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...) {DLA-3350-1} - node-css-what 5.0.1-1 (bug #989264) [bullseye] - node-css-what 4.0.0-3+deb11u1 [buster] - node-css-what (Minor issue, intrusive to backport fixes to older series) [stretch] - node-css-what (Nodejs in stretch not covered by security support) NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1 CVE-2021-33585 RESERVED CVE-2021-33584 RESERVED CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...) NOT-FOR-US: REINER CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...) {DLA-3052-1} - cyrus-imapd 3.4.2-1 (bug #993433) [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 [buster] - cyrus-imapd 3.0.8-6+deb10u6 - cyrus-imapd-2.4 NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master) CVE-2021-33581 (MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows ...) NOT-FOR-US: Software AG MashZone CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...) NOT-FOR-US: Apache Roller CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) - inspircd 3.8.1-2 (bug #989144) [buster] - inspircd (Vulnerable code not present) [stretch] - inspircd (Vulnerable code not present) NOTE: https://docs.inspircd.org/security/2021-01/ NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) {DSA-5126-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 (4.3) NOTE: https://github.com/FFmpeg/FFmpeg/commit/97ee4a451b5b1eb0010664b4a8c048d6c8c06a8a (4.1.9) CVE-2021-33579 RESERVED CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...) NOT-FOR-US: Echo ShareCare CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) NOT-FOR-US: Cleo LexiCom CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) NOT-FOR-US: Cleo LexiCom CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...) NOT-FOR-US: ruby-jss gem CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...) {DLA-3152-1} [experimental] - glibc 2.32-0experimental0 - glibc 2.32-1 (bug #989147) [bullseye] - glibc 2.31-13+deb11u3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604 NOTE: is not opened, CVE-2021-38604 information: NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 CVE-2021-33573 RESERVED CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) NOT-FOR-US: F-Secure CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...) {DLA-3744-1 DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main) NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24) CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...) NOT-FOR-US: Postbird CVE-2021-33569 RESERVED CVE-2021-33568 RESERVED CVE-2021-33567 RESERVED CVE-2021-33566 RESERVED CVE-2021-33565 RESERVED CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verification wh ...) - libgrss (bug #989149) [bookworm] - libgrss (Minor issue) [bullseye] - libgrss (Minor issue) [buster] - libgrss (Minor issue) [stretch] - libgrss (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647 NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...) - tpm2-tools 5.0-2 (bug #989148) [buster] - tpm2-tools (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427 NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738 NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...) NOT-FOR-US: Dragonfly gem CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...) NOT-FOR-US: Koel CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...) NOT-FOR-US: Shopizer CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) NOT-FOR-US: Shopizer CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) {DLA-2691-1} - libgcrypt20 1.8.7-6 [buster] - libgcrypt20 1.8.4-5+deb10u1 NOTE: https://dev.gnupg.org/T5328 NOTE: https://eprint.iacr.org/2021/923.pdf NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x) NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of NOTE: CVE-2021-40528 and CVE-2021-33560. CVE-2021-33559 RESERVED CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) - boa CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...) - mantis CVE-2021-33556 RESERVED CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) NOT-FOR-US: UDP Technology CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...) NOT-FOR-US: Phoenix CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...) NOT-FOR-US: Phoenix CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...) NOT-FOR-US: Phoenix CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can ...) NOT-FOR-US: MB connect line CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local ...) NOT-FOR-US: MB connect line CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1 CVE-2021-33524 RESERVED CVE-2021-33523 (MashZone NextGen through 10.7 GA allows a remote authenticated user, w ...) NOT-FOR-US: Software AG MashZone CVE-2021-33522 RESERVED CVE-2021-33521 RESERVED CVE-2021-33520 RESERVED CVE-2021-33519 RESERVED CVE-2021-33518 RESERVED CVE-2021-33517 RESERVED CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...) [experimental] - gupnp 1.2.7-1 - gupnp 1.4.0-2 (bug #989098) [bullseye] - gupnp (Minor issue) [buster] - gupnp (Minor issue) [stretch] - gupnp (Minor issue) NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0) NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) {DLA-3122-1} - dovecot 1:2.3.13+dfsg1-2 (bug #990566) [stretch] - dovecot (Vulnerable code (smtp_server_command queue) introduced later) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2 CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...) NOT-FOR-US: Plone CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...) NOT-FOR-US: Plone CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...) NOT-FOR-US: Plone CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...) NOT-FOR-US: Plone CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...) NOT-FOR-US: Plone CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...) NOT-FOR-US: Plone CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...) NOT-FOR-US: Zope Products.CMFCore (as used in Plone) CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...) NOT-FOR-US: jitsi-meet-prosody CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...) - falco (bug #842306) CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control.) NOT-FOR-US: Couchbase Server CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...) - python-urllib3 1.26.5-1~exp1 (bug #989848) [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg NOTE: Introduced around: https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f (1.25.4) NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec (1.26.5) CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) - node-got 11.8.1+~cs53.13.17-3 (bug #989258) [buster] - node-got (Vulnerable code introduced later) NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...) NOT-FOR-US: Overwolf CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...) - putty (Windows-specific) CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...) NOT-FOR-US: Pexip Infinity CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...) NOT-FOR-US: Pexip Infinity CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 characters o ...) {DLA-3714-1} - keystone 2:23.0.0-3 (bug #989998) [bookworm] - keystone (Minor issue) [bullseye] - keystone (Minor issue) [stretch] - keystone (Keystone is not supported in stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.) NOT-FOR-US: Dutchcoders transfer.sh CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message.) NOT-FOR-US: OX App Suite CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...) NOT-FOR-US: OX App Suite CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...) NOT-FOR-US: OX App Suite CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name.) NOT-FOR-US: OX App Suite CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...) NOT-FOR-US: OX App Suite CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...) NOT-FOR-US: OX App Suite CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...) NOT-FOR-US: OX App Suite CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...) NOT-FOR-US: OX App Suite CVE-2021-33487 RESERVED CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...) NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...) NOT-FOR-US: CODESYS Control Runtime CVE-2021-3562 RESERVED CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) NOT-FOR-US: OnyakTech Comments Pro DNN Module CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) NOT-FOR-US: OnyakTech Comments Pro DNN Module CVE-2021-33482 RESERVED CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...) NOT-FOR-US: Broadcom CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) {DLA-2778-1} - fig2dev 1:3.2.8-3 [buster] - fig2dev 1:3.2.7a-5+deb10u4 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/116/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ NOTE: Depends on CVE-2019-19797 fix CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...) - policykit-1 0.105-31 (bug #989429) [buster] - policykit-1 (Vulnerable code introduced later) [stretch] - policykit-1 (Vulnerable code introduced later) NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 NOTE: Debian backported 0.113 commits in 0.105-26 NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119) NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710 NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1 NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ CVE-2021-33476 RESERVED CVE-2021-33475 RESERVED CVE-2021-33474 RESERVED CVE-2021-33473 (An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...) NOT-FOR-US: Dragonfly Ruby Gem CVE-2021-33472 RESERVED CVE-2021-33471 RESERVED CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: COVID19 Testing Management System CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...) NOT-FOR-US: COVID19 Testing Management System CVE-2021-33468 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/162 NOTE: Crash in CLI tool, no security impact CVE-2021-33467 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/163 NOTE: Crash in CLI tool, no security impact CVE-2021-33466 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/172 NOTE: Crash in CLI tool, no security impact CVE-2021-33465 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/173 NOTE: Crash in CLI tool, no security impact CVE-2021-33464 (An issue was discovered in yasm version 1.3.0. There is a heap-buffer- ...) - yasm (bug #1016353) [bookworm] - yasm (Minor issue) [bullseye] - yasm (Minor issue) [buster] - yasm (Minor issue) NOTE: https://github.com/yasm/yasm/issues/164 CVE-2021-33463 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/174 NOTE: Crash in CLI tool, no security impact CVE-2021-33462 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/165 NOTE: Crash in CLI tool, no security impact CVE-2021-33461 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/161 NOTE: Crash in CLI tool, no security impact CVE-2021-33460 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/168 NOTE: Crash in CLI tool, no security impact CVE-2021-33459 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/167 NOTE: Crash in CLI tool, no security impact CVE-2021-33458 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/170 NOTE: Crash in CLI tool, no security impact CVE-2021-33457 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/171 NOTE: Crash in CLI tool, no security impact CVE-2021-33456 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/175 NOTE: Crash in CLI tool, no security impact CVE-2021-33455 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/169 NOTE: Crash in CLI tool, no security impact CVE-2021-33454 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) - yasm (unimportant) NOTE: https://github.com/yasm/yasm/issues/166 NOTE: Crash in CLI tool, no security impact CVE-2021-33453 (An issue was discovered in lrzip version 0.641. There is a use-after-f ...) - lrzip (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/199 NOTE: Crash in CLI tool, no security impact CVE-2021-33452 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392757 NOTE: Memleak in CLI tool, no security impact CVE-2021-33451 (An issue was discovered in lrzip version 0.641. There are memory leaks ...) - lrzip (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/198 NOTE: Memleak in CLI tool, no security impact CVE-2021-33450 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392758 NOTE: Memleak in CLI tool, no security impact CVE-2021-33449 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33448 (An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 ...) NOT-FOR-US: mjs CVE-2021-33447 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33446 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33445 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33444 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33443 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33442 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33441 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33440 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33439 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33438 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33437 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) NOT-FOR-US: mjs CVE-2021-33436 (NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from lo ...) NOT-FOR-US: NoMachine CVE-2021-33435 RESERVED CVE-2021-33434 RESERVED CVE-2021-33433 RESERVED CVE-2021-33432 RESERVED CVE-2021-33431 RESERVED CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) - numpy 1:1.21.4-2 [bullseye] - numpy (Minor issue) NOTE: https://github.com/numpy/numpy/issues/18939 NOTE: https://github.com/numpy/numpy/pull/18989 NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) CVE-2021-33429 RESERVED CVE-2021-33428 RESERVED CVE-2021-33427 RESERVED CVE-2021-33426 RESERVED CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...) NOT-FOR-US: OpenWRT LuCI CVE-2021-33424 RESERVED CVE-2021-33423 RESERVED CVE-2021-33422 RESERVED CVE-2021-33421 RESERVED CVE-2021-33420 (A deserialization issue discovered in inikulin replicator before 1.0.4 ...) NOT-FOR-US: inikulin replicator CVE-2021-33419 RESERVED CVE-2021-33418 RESERVED CVE-2021-33417 RESERVED CVE-2021-33416 RESERVED CVE-2021-33415 RESERVED CVE-2021-33414 RESERVED CVE-2021-33413 RESERVED CVE-2021-33412 RESERVED CVE-2021-33411 RESERVED CVE-2021-33410 RESERVED CVE-2021-33409 RESERVED CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control>Center before ...) NOT-FOR-US: Ab Initio CVE-2021-33407 RESERVED CVE-2021-33406 RESERVED CVE-2021-33405 RESERVED CVE-2021-33404 RESERVED CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...) NOT-FOR-US: Lancer CVE-2021-33402 RESERVED CVE-2021-33401 RESERVED CVE-2021-33400 RESERVED CVE-2021-33399 RESERVED CVE-2021-33398 RESERVED CVE-2021-33397 RESERVED CVE-2021-33396 (Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, al ...) NOT-FOR-US: baijiacms CVE-2021-33395 RESERVED CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...) NOT-FOR-US: Cubecart CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...) NOT-FOR-US: IPFire CVE-2021-33392 RESERVED CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...) - tidy-html5 (bug #1032665) [bookworm] - tidy-html5 (Minor issue) [bullseye] - tidy-html5 (Minor issue) [buster] - tidy-html5 (Minor issue) NOTE: https://github.com/htacg/tidy-html5/issues/946 NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b CVE-2021-33390 (dpic 2021.04.10 has a use-after-free in thedeletestringbox() function ...) - dpic 2021.11.01-1 (unimportant) NOTE: https://gitlab.com/aplevich/dpic/-/issues/10 NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/32c26bb3996511662029c961f5e83fb696c087d4 NOTE: Crash in CLI tool, no security impact CVE-2021-33389 RESERVED CVE-2021-33388 (dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in ...) - dpic 2021.11.01-1 [bullseye] - dpic (Minor issue) NOTE: https://gitlab.com/aplevich/dpic/-/issues/8 NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/32c26bb3996511662029c961f5e83fb696c087d4 CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker t ...) NOT-FOR-US: MiniCMS CVE-2021-33386 RESERVED CVE-2021-33385 RESERVED CVE-2021-33384 RESERVED CVE-2021-33383 RESERVED CVE-2021-33382 RESERVED CVE-2021-33381 RESERVED CVE-2021-33380 RESERVED CVE-2021-33379 RESERVED CVE-2021-33378 RESERVED CVE-2021-33377 RESERVED CVE-2021-33376 RESERVED CVE-2021-33375 RESERVED CVE-2021-33374 RESERVED CVE-2021-33373 RESERVED CVE-2021-33372 RESERVED CVE-2021-33371 (A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.p ...) NOT-FOR-US: Student Management System CVE-2021-33370 RESERVED CVE-2021-33369 RESERVED CVE-2021-33368 RESERVED CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to ...) - freeimage (bug #1032666) [bookworm] - freeimage (Minor issue) [bullseye] - freeimage (Minor issue) [buster] - freeimage (Fix together with some other upload, low severity, DoS in user interactive software) NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-33367.patch CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) {DSA-5411-1} - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf NOTE: https://github.com/gpac/gpac/issues/1785 NOTE: Negligible security impact CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...) {DSA-5411-1} - gpac (unimportant) NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5 NOTE: https://github.com/gpac/gpac/issues/1784 NOTE: Negligible security impact CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...) {DSA-5411-1} - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7 NOTE: https://github.com/gpac/gpac/issues/1783 NOTE: Negligible security impact CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...) {DSA-5411-1} - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9 NOTE: https://github.com/gpac/gpac/issues/1786 NOTE: Negligible security impact CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code introduced later, in version 0.7.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1780 NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57 CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) {DSA-5411-1} - gpac (unimportant) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f NOTE: https://github.com/gpac/gpac/issues/1782 NOTE: Negligible security impact CVE-2021-33360 (An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers ...) NOT-FOR-US: Node gnuplot CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthentic ...) NOT-FOR-US: gowitness CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...) NOT-FOR-US: RaspAP CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...) NOT-FOR-US: RaspAP CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...) NOT-FOR-US: RaspAP CVE-2021-33355 RESERVED CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote ...) NOT-FOR-US: htmly CVE-2021-33353 (Directory Traversal vulnerability in Wyomind Help Desk Magento 2 exten ...) NOT-FOR-US: Wyomind Help Desk Magento CVE-2021-33352 (An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before f ...) NOT-FOR-US: Wyomind Help Desk Magento CVE-2021-33351 (Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 exte ...) NOT-FOR-US: Wyomind Help Desk Magento CVE-2021-33350 RESERVED CVE-2021-33349 RESERVED CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...) NOT-FOR-US: JFinal CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...) NOT-FOR-US: JPress CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...) NOT-FOR-US: D-Link CVE-2021-33345 RESERVED CVE-2021-33344 RESERVED CVE-2021-33343 RESERVED CVE-2021-33342 RESERVED CVE-2021-33341 RESERVED CVE-2021-33340 RESERVED CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...) NOT-FOR-US: Liferay CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...) NOT-FOR-US: Liferay CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...) NOT-FOR-US: Liferay CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...) NOT-FOR-US: Liferay CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...) NOT-FOR-US: Liferay CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) NOT-FOR-US: Liferay CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...) NOT-FOR-US: Liferay CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...) NOT-FOR-US: Liferay CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...) NOT-FOR-US: Liferay CVE-2021-33329 RESERVED CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...) NOT-FOR-US: Liferay CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...) NOT-FOR-US: Liferay CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...) NOT-FOR-US: Liferay CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) NOT-FOR-US: Liferay CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...) NOT-FOR-US: Liferay CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...) NOT-FOR-US: Liferay CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...) NOT-FOR-US: Liferay CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...) NOT-FOR-US: Liferay CVE-2021-33319 RESERVED CVE-2021-33318 (An Input Validation Vulnerability exists in Joel Christner .NET C# pac ...) NOT-FOR-US: jchristn/IpMatcher CVE-2021-33317 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) NOT-FOR-US: TRENDnet CVE-2021-33316 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) NOT-FOR-US: TRENDnet CVE-2021-33315 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) NOT-FOR-US: TRENDnet CVE-2021-33314 RESERVED CVE-2021-33313 RESERVED CVE-2021-33312 RESERVED CVE-2021-33311 RESERVED CVE-2021-33310 RESERVED CVE-2021-33309 RESERVED CVE-2021-33308 RESERVED CVE-2021-33307 RESERVED CVE-2021-33306 RESERVED CVE-2021-33305 RESERVED CVE-2021-33304 (Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP- ...) NOT-FOR-US: picoTCP CVE-2021-33303 RESERVED CVE-2021-33302 RESERVED CVE-2021-33301 RESERVED CVE-2021-33300 RESERVED CVE-2021-33299 RESERVED CVE-2021-33298 RESERVED CVE-2021-33297 RESERVED CVE-2021-33296 RESERVED CVE-2021-33295 (Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before ...) NOT-FOR-US: Joplin Desktop App CVE-2021-33294 (In elfutils 0.183, an infinite loop was found in the function handle_s ...) - elfutils 0.185-2 (unimportant) NOTE: Hang in CLI tool, no security impact NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27501 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55 (elfutils-0.184) CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-b ...) {DLA-2957-1} [experimental] - libpano13 2.9.21~rc1+dfsg-1 - libpano13 2.9.21+dfsg-2 (bug #1008024) [bullseye] - libpano13 (Minor issue) [buster] - libpano13 (Minor issue) NOTE: https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74 NOTE: Fixed by: https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ CVE-2021-33292 RESERVED CVE-2021-33291 RESERVED CVE-2021-33290 RESERVED CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33288 RESERVED CVE-2021-33287 (In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attribute ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33286 (In NTFS-3G versions < 2021.8.22, when a specially crafted unicode stri ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33285 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribu ...) {DSA-4971-1 DLA-2819-1} [experimental] - ntfs-3g 1:2021.8.22-1 - ntfs-3g 1:2021.8.22-2 (bug #988386) NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp CVE-2021-33284 RESERVED CVE-2021-33283 RESERVED CVE-2021-33282 RESERVED CVE-2021-33281 RESERVED CVE-2021-33280 RESERVED CVE-2021-33279 RESERVED CVE-2021-33278 RESERVED CVE-2021-33277 RESERVED CVE-2021-33276 RESERVED CVE-2021-33275 RESERVED CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33273 RESERVED CVE-2021-33272 RESERVED CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) NOT-FOR-US: D-Link CVE-2021-33264 RESERVED CVE-2021-33263 RESERVED CVE-2021-33262 RESERVED CVE-2021-33261 RESERVED CVE-2021-33260 RESERVED CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...) NOT-FOR-US: D-Link CVE-2021-33258 RESERVED CVE-2021-33257 RESERVED CVE-2021-33256 (A CSV injection vulnerability on the login panel of ManageEngine ADSel ...) NOT-FOR-US: ManageEngine CVE-2021-33255 RESERVED CVE-2021-33254 (An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Comm ...) NOT-FOR-US: AppWeb HTTP server CVE-2021-33253 RESERVED CVE-2021-33252 RESERVED CVE-2021-33251 RESERVED CVE-2021-33250 RESERVED CVE-2021-33249 RESERVED CVE-2021-33248 RESERVED CVE-2021-33247 RESERVED CVE-2021-33246 RESERVED CVE-2021-33245 RESERVED CVE-2021-33244 RESERVED CVE-2021-33243 RESERVED CVE-2021-33242 RESERVED CVE-2021-33241 RESERVED CVE-2021-33240 RESERVED CVE-2021-33239 RESERVED CVE-2021-33238 RESERVED CVE-2021-33237 REJECTED CVE-2021-33236 REJECTED CVE-2021-33235 REJECTED CVE-2021-33234 RESERVED CVE-2021-33233 RESERVED CVE-2021-33232 RESERVED CVE-2021-33231 (Cross Site Scripting (XSS) vulnerability in New equipment page in Easy ...) NOT-FOR-US: EasyVista Service Manager CVE-2021-33230 RESERVED CVE-2021-33229 RESERVED CVE-2021-33228 RESERVED CVE-2021-33227 RESERVED CVE-2021-33226 (Buffer Overflow vulnerability in Saltstack v.3003 and before allows at ...) NOT-FOR-US: Disputed Salt issue CVE-2021-33225 RESERVED CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthentica ...) NOT-FOR-US: Umbraco Forms CVE-2021-33223 (An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate p ...) NOT-FOR-US: SeedDMS CVE-2021-33222 RESERVED CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) NOT-FOR-US: CommScope Ruckus IoT Controller CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...) NOT-FOR-US: HMS Ewon eCatcher CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...) NOT-FOR-US: Elements-IT HTTP Commander CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...) NOT-FOR-US: Fimer Aurora CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...) NOT-FOR-US: Fimer Aurora CVE-2021-33208 (The "Register an Ehcache Configuration File" admin feature in MashZone ...) NOT-FOR-US: Software AG MashZone CVE-2021-33207 (The HTTP client in MashZone NextGen through 10.7 GA deserializes untru ...) NOT-FOR-US: Software AG MashZone CVE-2021-33206 RESERVED CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) NOT-FOR-US: Western Digital CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) - libvirt (Vulnerable code never in a released version) NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1) CVE-2021-3558 REJECTED CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...) NOT-FOR-US: Argo CD CVE-2021-3556 REJECTED CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...) - pg-partman 4.5.1-1 (bug #988917) [buster] - pg-partman (Minor issue) [stretch] - pg-partman (Minor issue) NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) {DLA-3744-1 DLA-2676-1} - python-django 2:2.2.24-1 (bug #989394) NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main) NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24) CVE-2021-33202 RESERVED CVE-2021-33201 RESERVED CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...) - linux 5.10.40-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1 NOTE: Issue introduced due to fixes applied for CVE-2021-29155 CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...) NOT-FOR-US: Expression Engine CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue) - golang-1.8 [stretch] - golang-1.8 (Vulnerable code introduced later) - golang-1.7 [stretch] - golang-1.7 (Vulnerable code introduced later) NOTE: https://github.com/golang/go/issues/45910 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1) CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, header corruption in proxy chains) - golang-1.8 [stretch] - golang-1.8 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46313 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15) CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...) {DLA-3395-1 DLA-2892-1 DLA-2891-1} - golang-1.16 1.16.5-1 (bug #989492) - golang-1.15 1.15.9-4 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://github.com/golang/go/issues/46242 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15) NOTE: Incomplete fix, cf. CVE-2021-39293 CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...) - golang-1.16 1.16.5-1 - golang-1.15 1.15.9-5 [bullseye] - golang-1.15 (Minor issue; will be fixed via point release) - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, affects poor validation practice, follow bullseye DSAs/point-releases) - golang-1.8 [stretch] - golang-1.8 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) NOTE: https://github.com/golang/go/issues/46241 NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15) CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...) - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4 - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support) [stretch] - golang-golang-x-net-dev (Limited support in stretch) NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ NOTE: https://github.com/golang/go/issues/46288 CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) {DLA-3351-1} - apache2 2.4.48-4 [bullseye] - apache2 2.4.48-3.1+deb11u1 [stretch] - apache2 (Revisit when a suitable backport is available for 2.4.25) NOTE: https://portswigger.net/research/http2 NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 NOTE: https://git.centos.org/rpms/httpd/blob/c496dea5e0b6e82a9f503e973fc5d5ea93a94180/f/SOURCES/httpd-2.4.37-CVE-2021-33193.patch (2.4.37) NOTE: http://launchpadlibrarian.net/559974735/apache2_2.4.29-1ubuntu4.16_2.4.29-1ubuntu4.17.diff.gz (2.4.29) CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...) - apache-jena 4.5.0-1 (bug #1014982) NOTE: https://lists.apache.org/thread/sq6q94q0prqwr9vdm2wptglcq1kv98k8 CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...) NOT-FOR-US: Apache NiFi CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...) NOT-FOR-US: Apache APISIX Dashboard CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...) NOT-FOR-US: Smartstore (aka SmartStoreNET) CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...) NOT-FOR-US: Smartstore (aka SmartStoreNET) CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/42/ NOTE: Crash in CLI tool, no security impact CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/40/ NOTE: https://sourceforge.net/p/jocr/bugs/41/ NOTE: Crash in CLI tool, no security impact CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) - gocr (unimportant) NOTE: https://sourceforge.net/p/jocr/bugs/39/ NOTE: Crash in CLI tool, no security impact CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...) {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1} - rxvt - rxvt-unicode 9.22-11 (bug #988763) [buster] - rxvt-unicode 9.22-6+deb10u1 - mrxvt - eterm 0.9.6-6.1 (bug #989041) [buster] - eterm 0.9.6-5+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1 NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20 NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585 CVE-2021-33189 RESERVED CVE-2021-33188 RESERVED CVE-2021-33187 RESERVED CVE-2021-3555 (A Buffer Overflow vulnerability in the RSTP server component of Eufy I ...) NOT-FOR-US: Eufy 2K Indoor Camera CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...) NOT-FOR-US: SerenityOS CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...) NOT-FOR-US: SerenityOS CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...) NOT-FOR-US: Synology CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) NOT-FOR-US: Synology CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...) NOT-FOR-US: Synology CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) NOT-FOR-US: Nagios XI CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) - nagvis 1:1.9.29-1 [bullseye] - nagvis (Minor issue) [buster] - nagvis (Minor issue) [stretch] - nagvis (Minor issue) CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) NOT-FOR-US: Nagios XI CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) NOT-FOR-US: VerneMQ MQTT Broker CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) NOT-FOR-US: EMQ X Broker CVE-2021-33174 RESERVED CVE-2021-33173 RESERVED CVE-2021-33172 RESERVED CVE-2021-33171 RESERVED CVE-2021-33170 RESERVED CVE-2021-33169 RESERVED CVE-2021-33168 RESERVED CVE-2021-33167 REJECTED CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...) NOT-FOR-US: Intel CVE-2021-33165 REJECTED CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R) NUCs before ...) NOT-FOR-US: Intel CVE-2021-33163 REJECTED CVE-2021-33162 REJECTED CVE-2021-33161 REJECTED CVE-2021-33160 REJECTED CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before versions ...) NOT-FOR-US: Intel CVE-2021-33158 REJECTED CVE-2021-33157 REJECTED CVE-2021-33156 REJECTED CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...) NOT-FOR-US: Intel CVE-2021-33154 REJECTED CVE-2021-33153 REJECTED CVE-2021-33152 REJECTED CVE-2021-33151 REJECTED CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...) NOT-FOR-US: Intel CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors may allo ...) NOT-FOR-US: Intel CVE-2021-33148 REJECTED CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...) NOT-FOR-US: Intel CVE-2021-33146 REJECTED CVE-2021-33145 REJECTED CVE-2021-33144 REJECTED CVE-2021-33143 REJECTED CVE-2021-33142 REJECTED CVE-2021-33141 REJECTED CVE-2021-33140 REJECTED CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...) NOT-FOR-US: Intel CVE-2021-33138 REJECTED CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...) NOT-FOR-US: Intel CVE-2021-33136 REJECTED CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers for Inte ...) - linux 5.16.18-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/08999b2489b4c9b939d7483dbd03702ee4576d96 (5.17-rc8) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html CVE-2021-33134 REJECTED CVE-2021-33133 REJECTED CVE-2021-33132 REJECTED CVE-2021-33131 REJECTED CVE-2021-33130 (Insecure default variable initialization of Intel(R) RealSense(TM) ID ...) NOT-FOR-US: Intel CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...) NOT-FOR-US: Intel CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) NOT-FOR-US: Intel CVE-2021-33127 REJECTED CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700 and 722 ...) NOT-FOR-US: Intel CVE-2021-33125 REJECTED CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for some Int ...) NOT-FOR-US: Intel CVE-2021-33123 (Improper access control in the BIOS authenticated code module for some ...) NOT-FOR-US: Intel CVE-2021-33122 (Insufficient control flow management in the BIOS firmware for some Int ...) NOT-FOR-US: Intel CVE-2021-33121 REJECTED CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...) - intel-microcode 3.20220207.1 [bullseye] - intel-microcode 3.20220207.1~deb11u1 [buster] - intel-microcode 3.20220207.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...) NOT-FOR-US: Intel CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...) NOT-FOR-US: Intel CVE-2021-33117 (Improper access control for some 3rd Generation Intel(R) Xeon(R) Scala ...) - intel-microcode 3.20220207.1 [bullseye] - intel-microcode 3.20220207.1~deb11u1 [buster] - intel-microcode 3.20220207.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html NOTE: Fixed via m_87_606a6_0d000331.inc: sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 CVE-2021-33116 REJECTED CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...) NOT-FOR-US: Intel CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) NOT-FOR-US: Intel CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) NOT-FOR-US: Intel CVE-2021-33112 REJECTED CVE-2021-33111 REJECTED CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) NOT-FOR-US: Intel CVE-2021-33109 REJECTED CVE-2021-33108 (Improper input validation in the Intel(R) In-Band Manageability softwa ...) NOT-FOR-US: Intel CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...) NOT-FOR-US: Intel CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...) NOT-FOR-US: Intel CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...) NOT-FOR-US: Intel CVE-2021-33104 (Improper access control in the Intel(R) OFU software before version 14 ...) NOT-FOR-US: Intel CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...) NOT-FOR-US: Intel CVE-2021-33102 REJECTED CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...) NOT-FOR-US: Intel CVE-2021-33100 REJECTED CVE-2021-33099 REJECTED CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) NOT-FOR-US: Intel CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...) NOT-FOR-US: Intel CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...) NOT-FOR-US: Intel CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) NOT-FOR-US: Intel CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) NOT-FOR-US: Intel CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...) NOT-FOR-US: Intel CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...) NOT-FOR-US: Intel CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) NOT-FOR-US: Intel CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...) NOT-FOR-US: Intel CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...) NOT-FOR-US: Intel CVE-2021-33085 REJECTED CVE-2021-33084 REJECTED CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel(R) Op ...) NOT-FOR-US: Intel CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...) NOT-FOR-US: Intel CVE-2021-33081 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...) NOT-FOR-US: firmware for some Intel(R) SSD DC Products CVE-2021-33080 (Exposure of sensitive system information due to uncleared debug inform ...) NOT-FOR-US: Intel CVE-2021-33079 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...) NOT-FOR-US: firmware for some Intel(R) SSD DC Products CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R) Optane(TM ...) NOT-FOR-US: Intel CVE-2021-33077 (Insufficient control flow management in firmware for some Intel(R) SSD ...) NOT-FOR-US: Intel CVE-2021-33076 (Improper authentication in firmware for some Intel(R) SSD DC Products ...) NOT-FOR-US: firmware for some Intel(R) SSD DC Products CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) ...) NOT-FOR-US: Intel CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD, Intel( ...) NOT-FOR-US: Intel CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...) NOT-FOR-US: Intel CVE-2021-33072 REJECTED CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...) NOT-FOR-US: Intel CVE-2021-33070 REJECTED CVE-2021-33069 (Improper resource shutdown or release in firmware for some Intel(R) SS ...) NOT-FOR-US: Intel CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...) NOT-FOR-US: Intel CVE-2021-33067 REJECTED CVE-2021-33066 REJECTED CVE-2021-33065 REJECTED CVE-2021-33064 (Uncontrolled search path in the software installer for Intel(R) System ...) NOT-FOR-US: Intel CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...) NOT-FOR-US: Intel CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...) NOT-FOR-US: Intel CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...) - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/008ca35f6e87be1d60b6af3d1ae247c6d5c2531d (5.18-rc1) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html CVE-2021-33060 (Out-of-bounds write in the BIOS firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) NOT-FOR-US: Intel CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...) NOT-FOR-US: Intel CVE-2021-33057 (The QQ application 8.7.1 for Android and iOS does not enforce the perm ...) NOT-FOR-US: QQ CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...) NOT-FOR-US: Belledonne Belle-sip CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...) {DSA-5029-1 DLA-2707-1} - sogo 5.1.1-1 (bug #989479) NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5) NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1) NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage. CVE-2021-33053 RESERVED CVE-2021-33052 RESERVED CVE-2021-33051 RESERVED CVE-2021-33050 RESERVED CVE-2021-33049 RESERVED CVE-2021-33048 RESERVED CVE-2021-33047 RESERVED CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...) NOT-FOR-US: Dahua CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...) NOT-FOR-US: Dahua CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...) NOT-FOR-US: Dahua CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...) NOT-FOR-US: Amazon AWS CloudFront CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...) NOT-FOR-US: Bitdefender CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) NOT-FOR-US: Bitdefender CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) NOT-FOR-US: Bitdefender CVE-2021-33043 RESERVED CVE-2021-33042 RESERVED CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) NOT-FOR-US: vmd CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...) NOT-FOR-US: FuturePress EPub.js CVE-2021-33039 RESERVED CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) {DSA-4922-1} - hyperkitty 1.3.4-4 (bug #989183) NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380 NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...) {DSA-4952-1 DLA-2733-1} - tomcat9 9.0.43-2 (bug #991046) [bullseye] - tomcat9 9.0.43-2~deb11u1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47) NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47) NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47) NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) CVE-2021-33036 (In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...) - hadoop (bug #793644) CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) - libreoffice 1:4.3.1-1 NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56 NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ... CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 CVE-2021-33031 (In LabCup before (Only affects Enterprise version) CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...) {DLA-2940-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08 CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...) - flask-caching (unimportant; bug #988916) NOTE: https://github.com/sh4nks/flask-caching/pull/209 NOTE: Negligible security impact CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated registry keys ...) NOT-FOR-US: xArrow CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) NOT-FOR-US: Advantech WebAccess CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) NOT-FOR-US: xArrow CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) NOT-FOR-US: Delta Electronics CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips Vue PA ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...) NOT-FOR-US: Philips CVE-2021-33016 (An attacker can gain full access (read/write/delete) to sensitive fold ...) NOT-FOR-US: Kuka CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-33014 (An attacker can gain VxWorks Shell after login due to hard-coded crede ...) NOT-FOR-US: Kuka CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) NOT-FOR-US: mySCADA myPRO CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) NOT-FOR-US: Rockwell CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) NOT-FOR-US: JTEKT Corporation CVE-2021-33010 (An exception is thrown from a function in AVEVA System Platform versio ...) NOT-FOR-US: AVEVA CVE-2021-33009 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...) NOT-FOR-US: mySCADA myPRO CVE-2021-33008 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not perfo ...) NOT-FOR-US: AVEVA CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...) NOT-FOR-US: Delta Electronics CVE-2021-33006 RESERVED CVE-2021-33005 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...) NOT-FOR-US: mySCADA myPRO CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) NOT-FOR-US: Delta Electronics CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) NOT-FOR-US: xArrow CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) NOT-FOR-US: Suitelink CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...) NOT-FOR-US: FANUC CVE-2021-32997 (The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, ...) NOT-FOR-US: Baker Hughes Bentley Nevada CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...) NOT-FOR-US: FANUC CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-32994 (Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 t ...) NOT-FOR-US: Softing OPC UA C++ SDK CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...) NOT-FOR-US: Philips CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32989 (When a non-existent resource is requested, the LCDS LAquis SCADA appli ...) NOT-FOR-US: LAquis SCADA CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...) NOT-FOR-US: Suitelink CVE-2021-32986 (After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmwar ...) NOT-FOR-US: AutomationDirect CVE-2021-32985 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not prope ...) NOT-FOR-US: AVEVA CVE-2021-32984 (All programming connections receive the same unlocked privileges, whic ...) NOT-FOR-US: AutomationDirect CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) NOT-FOR-US: Delta Electronics CVE-2021-32982 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...) NOT-FOR-US: AutomationDirect CVE-2021-32981 (AVEVA System Platform versions 2017 through 2020 R2 P01 uses external ...) NOT-FOR-US: AVEVA CVE-2021-32980 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...) NOT-FOR-US: AutomationDirect CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...) NOT-FOR-US: Suitelink CVE-2021-32978 (The programming protocol allows for a previously entered password and ...) NOT-FOR-US: AutomationDirect CVE-2021-32977 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not verif ...) NOT-FOR-US: AVEVA CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort IAW5000 ...) NOT-FOR-US: Moxa CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) NOT-FOR-US: Cscape CVE-2021-32974 (Improper input validation in the built-in web server in Moxa NPort IAW ...) NOT-FOR-US: Moxa CVE-2021-32973 RESERVED CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...) NOT-FOR-US: Panasonic CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...) NOT-FOR-US: Suitelink CVE-2021-32970 (Data can be copied without validation in the built-in web server in Mo ...) NOT-FOR-US: Moxa CVE-2021-32969 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...) NOT-FOR-US: Delta Electronics CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IAW5000A ...) NOT-FOR-US: Moxa CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) NOT-FOR-US: Delta Electronics CVE-2021-32966 (Philips Interoperability Solution XDS versions 2.5 through 3.11 and 20 ...) NOT-FOR-US: Philips Interoperability CVE-2021-32965 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...) NOT-FOR-US: Delta Electronics CVE-2021-32964 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...) NOT-FOR-US: AGG Software CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...) NOT-FOR-US: Suitelink CVE-2021-32962 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...) NOT-FOR-US: AGG Software CVE-2021-32961 (A getfile function in MDT AutoSave versions prior to v6.02.06 enables ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32960 (Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, i ...) NOT-FOR-US: Rockwell Automation FactoryTalk CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...) NOT-FOR-US: Suitelink CVE-2021-32958 (Successful exploitation of this vulnerability on Claroty Secure Remote ...) NOT-FOR-US: Claroty Secure Remote Access (SRA) Site CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used to retri ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...) NOT-FOR-US: Delta Electronics CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2021-32953 (An attacker could utilize SQL commands to create a new user MDT AutoSa ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) NOT-FOR-US: Open Design Alliance CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...) NOT-FOR-US: WebAccess/NMS CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) NOT-FOR-US: Open Design Alliance CVE-2021-32949 (An attacker could utilize a function in MDT AutoSave versions prior to ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...) NOT-FOR-US: Open Design Alliance CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...) NOT-FOR-US: Open Design Alliance CVE-2021-32945 (An attacker could decipher the encryption and gain access to MDT AutoS ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...) NOT-FOR-US: Open Design Alliance CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...) NOT-FOR-US: WebAccess/SCADA CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...) NOT-FOR-US: AVEVA InTouch Runtime CVE-2021-32941 (Annke N48PBB (Network Video Recorder) products of version 3.4.106 buil ...) NOT-FOR-US: Annke N48PBB (Network Video Recorder) products CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...) NOT-FOR-US: Open Design Alliance CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...) NOT-FOR-US: Open Design Alliance CVE-2021-32937 (An attacker can gain knowledge of a session temporary working folder w ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...) NOT-FOR-US: Open Design Alliance CVE-2021-32935 (The affected Cognex product, the In-Sight OPC Server versions v5.7.4 ( ...) NOT-FOR-US: Cognex CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...) NOT-FOR-US: ThroughTek P2P SDK CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...) NOT-FOR-US: Auvesy-MDT CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) NOT-FOR-US: Advantech CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...) NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32930 (The affected product\u2019s configuration is vulnerable due to missing ...) NOT-FOR-US: Advantech CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to perform u ...) NOT-FOR-US: Uffizio GPS Tracker CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...) NOT-FOR-US: Sentinel LDK Run-Time Environment installer CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...) NOT-FOR-US: Uffizio GPS Tracker CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) NOT-FOR-US: Rockwell Automation CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) - dogtag-pki 10.10.6-1 (bug #991665) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548 NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6 NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5 CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) NOT-FOR-US: Microsoft CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...) NOT-FOR-US: Chamilo CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...) NOT-FOR-US: Invision Community (aka IPS Community Suite) CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...) NOT-FOR-US: HashiCorp Vault and Vault Enterprise CVE-2021-32922 RESERVED CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...) {DSA-4916-1 DLA-2687-1} - prosody 0.11.9-1 (bug #988668) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9 NOTE: https://hg.prosody.im/trunk/rev/13b84682518e NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986 CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65 NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7 NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Vulnerable code (=dwd) introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9 CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...) {DSA-4916-1} - prosody 0.11.9-1 (bug #988668) [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5 NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6 NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5 NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...) {DSA-4916-1 DLA-2687-1} - prosody 0.11.9-1 (bug #988668) NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 NOTE: https://prosody.im/security/advisory_20210512.txt NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b CVE-2021-32916 RESERVED CVE-2021-32915 REJECTED CVE-2021-32914 REJECTED CVE-2021-32913 REJECTED CVE-2021-32912 REJECTED CVE-2021-32911 REJECTED CVE-2021-32910 REJECTED CVE-2021-32909 REJECTED CVE-2021-32908 REJECTED CVE-2021-32907 REJECTED CVE-2021-32906 REJECTED CVE-2021-32905 REJECTED CVE-2021-32904 REJECTED CVE-2021-32903 REJECTED CVE-2021-32902 REJECTED CVE-2021-32901 REJECTED CVE-2021-32900 REJECTED CVE-2021-32899 REJECTED CVE-2021-32898 REJECTED CVE-2021-32897 REJECTED CVE-2021-32896 REJECTED CVE-2021-32895 REJECTED CVE-2021-32894 REJECTED CVE-2021-32893 REJECTED CVE-2021-32892 REJECTED CVE-2021-32891 REJECTED CVE-2021-32890 REJECTED CVE-2021-32889 REJECTED CVE-2021-32888 REJECTED CVE-2021-32887 REJECTED CVE-2021-32886 REJECTED CVE-2021-32885 REJECTED CVE-2021-32884 REJECTED CVE-2021-32883 REJECTED CVE-2021-32882 REJECTED CVE-2021-32881 REJECTED CVE-2021-32880 REJECTED CVE-2021-32879 REJECTED CVE-2021-32878 REJECTED CVE-2021-32877 REJECTED CVE-2021-32876 REJECTED CVE-2021-32875 REJECTED CVE-2021-32874 REJECTED CVE-2021-32873 REJECTED CVE-2021-32872 REJECTED CVE-2021-32871 REJECTED CVE-2021-32870 REJECTED CVE-2021-32869 REJECTED CVE-2021-32868 REJECTED CVE-2021-32867 REJECTED CVE-2021-32866 REJECTED CVE-2021-32865 REJECTED CVE-2021-32864 REJECTED CVE-2021-32863 REJECTED CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...) {DLA-3442-1} - nbconvert 6.5.1-1 NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq NOTE: https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/1afcaae89b1cc00a89539863ab91ee04e2240fc1 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/14185eb83c63a764886ea36f63ddd30963de9a8c (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/4b9c5e76bad57eedf1d3cdba244bb05811f64536 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/d2d44d4c69ba0edb3a68b5579138603505d98c19 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/37b152c0ad04fe53e782887b78662c8ffad1034a (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/df5cb60d58e5a159da1b33a9d7e7ea14e8637853 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/48fe71eb3335caf4e03166e56e0d16efcfbeaf44 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/a03cbb8a8d04d47aefec51e7b1b816045682aed5 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/b206470f9ecd71b006a37dd1298dd3d9e3dd46dd (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/0818628718c4a5d3ddd671fbd4881bf176e7d6e2 (6.5.1) NOTE: https://github.com/jupyter/nbconvert/commit/bef65d7ab2a469b01e4aa25f44c0f20326f7c7c5 (6.5.1) NOTE: Follow-up/regression https://github.com/jupyter/nbconvert/commit/c289e0a61660e612920397799169ed2c5ed35516 (6.5.2) NOTE: Follow-up/regression https://github.com/jupyter/nbconvert/commit/1652aa73b0f4900af97c0f1ac08e9573e00155bd (6.5.3) CVE-2021-32861 REJECTED CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vu ...) NOT-FOR-US: jquery plugin CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting both dat ...) NOT-FOR-US: Baremetrics CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document maintenance sof ...) NOT-FOR-US: esdoc-publish-html-plugin CVE-2021-32857 (Cockpit is a content management system that allows addition of content ...) NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2021-32856 (Microweber is a drag and drop website builder and content management s ...) NOT-FOR-US: Microweber CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are ...) NOT-FOR-US: Vditor CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 and prior ...) NOT-FOR-US: textAngular CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of plugins, is ...) NOT-FOR-US: Erxes CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to cross-site scr ...) NOT-FOR-US: Countly CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to version 0.1 ...) NOT-FOR-US: Mind-elixir CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version ...) - jquery-minicolors 2.3.5+dfsg-4 (bug #1031791) [bookworm] - jquery-minicolors (Minor issue) [bullseye] - jquery-minicolors (Minor issue) [buster] - jquery-minicolors (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/ NOTE: https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 (2.3.6) CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...) NOT-FOR-US: Gerapy CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...) NOT-FOR-US: Octobox CVE-2021-32847 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) NOT-FOR-US: HyperKit CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) NOT-FOR-US: HyperKit CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) NOT-FOR-US: HyperKit CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) NOT-FOR-US: HyperKit CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) NOT-FOR-US: HyperKit CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) - mono (Vulnerable code not yet uploaded) NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) - mono (Vulnerable code not yet uploaded) NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...) - mono (Vulnerable code not yet uploaded) NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) NOTE: CVE refers to the commit for the test case: NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) - sqlparse 0.4.2-1 (bug #994841) [bullseye] - sqlparse (Minor issue) [buster] - sqlparse (Vulnerable code introduced later) [stretch] - sqlparse (Vulnerable code introduced later) NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2) CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...) NOT-FOR-US: Flask restx CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...) {DLA-3460-1} - python-mechanize 1:0.4.7-1 [bullseye] - python-mechanize (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/ NOTE: https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6 (v0.4.6) CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...) NOT-FOR-US: ZStack CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) NOT-FOR-US: Eclipse Keti CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) NOT-FOR-US: Eclipse Keti CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...) NOT-FOR-US: Emby Server CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...) NOT-FOR-US: Rocket.Chat CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...) NOT-FOR-US: Total.js CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) NOT-FOR-US: Node @diez/generation CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) NOT-FOR-US: ZStack CVE-2021-32828 (The Nuxeo Platform is an open source content management platform for b ...) NOT-FOR-US: Nuxeo CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) NOT-FOR-US: MockServer CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...) NOT-FOR-US: Proxyee-Down CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...) NOT-FOR-US: bblfshd CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. Versions prio ...) NOT-FOR-US: Apache Dubbo CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...) - ruby-bindata 2.4.14-1 (bug #990577) [bullseye] - ruby-bindata (Minor issue) [buster] - ruby-bindata (Minor issue) [stretch] - ruby-bindata (Minor issue) NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 (v2.4.10) NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...) NOT-FOR-US: Node hbs CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...) - mootools (bug #1032664) [bookworm] - mootools (Minor issue) [bullseye] - mootools (Minor issue) [buster] - mootools (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/ NOTE: No plan to fix this upstream as upstream consider it too low impact. CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...) NOT-FOR-US: Express-handlebars CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...) NOT-FOR-US: Squirrelly CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...) NOT-FOR-US: haml-coffee CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...) NOT-FOR-US: express-hbs CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...) NOT-FOR-US: ProtonMail Web Client CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) {DLA-3265-1} - exiv2 0.27.5-1 (bug #992705) [bullseye] - exiv2 0.27.3-3+deb11u2 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m NOTE: https://github.com/Exiv2/exiv2/pull/1739 CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...) NOT-FOR-US: Skytable CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) - traefik (bug #983289) CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...) NOT-FOR-US: Monkshu CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...) NOT-FOR-US: zope NOTE: only affects specific versions using Python3 with options enabled. CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...) - firefox 93.0-1 - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) - rust-crossbeam-deque 0.7.4-1 (bug #993146) [bullseye] - rust-crossbeam-deque (Minor issue) [buster] - rust-crossbeam-deque (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810 CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) - ckeditor 4.16.2+dfsg-1 (bug #992291) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Minor issue) [stretch] - ckeditor (Minor issue) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2) NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2) CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) - ckeditor 4.16.2+dfsg-1 (bug #992292) [bullseye] - ckeditor (Minor issue) [buster] - ckeditor (Vulnerable code introduced later) [stretch] - ckeditor (Vulnerable code introduced later) NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2) NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0) CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...) NOT-FOR-US: Zope AccessControl CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...) NOT-FOR-US: Plone CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder (Fixed before initial upload to archive) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4 NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2) CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992111) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...) - node-tar 6.1.7+~cs11.3.10-1 (bug #992110) [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 [buster] - node-tar 4.4.6+ds1-3+deb10u1 [stretch] - node-tar (Vulnerable code introduced later) NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...) - nextcloud-server (bug #941708) CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) - nextcloud-server (bug #941708) CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) - nextcloud-server (bug #941708) CVE-2021-32799 RESERVED CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...) - jupyter-notebook 6.4.3-1 (bug #992704) [bullseye] - jupyter-notebook (Minor issue) [buster] - jupyter-notebook (Minor issue) [stretch] - jupyter-notebook (Minor issue) NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...) - jupyterlab (Fixed before initial upload to Debian) NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...) - node-xmldom 0.7.3-1 (bug #991612) [bullseye] - node-xmldom (Minor issue, too intrusive to backport) [buster] - node-xmldom (Minor issue, too intrusive to backport) NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) NOT-FOR-US: ArchiSteamFarm CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) NOT-FOR-US: ArchiSteamFarm CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) NOT-FOR-US: Pi-hole CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...) {DLA-3409-1} - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9) CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...) {DLA-3409-1} - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9) CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...) NOT-FOR-US: Woocommerce CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...) NOT-FOR-US: woocommerce-gutenberg-products-block CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...) NOT-FOR-US: Sourcegraph CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...) {DLA-3409-1} - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...) {DLA-3409-1} - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583) [stretch] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) CVE-2021-32784 RESERVED CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...) NOT-FOR-US: Countour CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...) NOT-FOR-US: Nextcloud Circles CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...) - envoyproxy (bug #987544) CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) NOT-FOR-US: Combodo iTop CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...) NOT-FOR-US: DataDump MediaWiki extension CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...) [experimental] - racket 8.2+dfsg1-1 - racket 7.9+dfsg1-2 (bug #991327) [buster] - racket (Minor issue) [stretch] - racket (Minor issue) NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...) NOT-FOR-US: Poddycast CVE-2021-32771 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) NOT-FOR-US: Contiki-NG CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...) - gatsby (bug #922188) CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...) NOT-FOR-US: Micronaut CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo 3 CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...) NOT-FOR-US: Typo 3 CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...) NOT-FOR-US: Nextcloud Text CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...) {DLA-2783-1} - hiredis 0.14.1-2 (unimportant) NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1) NOTE: Only a hardening for insecure libcs: NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e#commitcomment-57544143 CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...) NOT-FOR-US: Discourse CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...) NOT-FOR-US: OpenProject CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...) {DLA-2717-2 DLA-2717-1} - redis 5:6.0.15-1 (bug #991375) [buster] - redis 5:5.0.14-1+deb10u1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...) - containerd 1.4.5~ds1-2 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...) NOT-FOR-US: Magento CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...) NOT-FOR-US: Magento CVE-2021-32757 RESERVED CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...) NOT-FOR-US: ManageIQ CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...) NOT-FOR-US: FlowDroid CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...) NOT-FOR-US: EdgeX Foundry CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...) NOT-FOR-US: Ether Logs CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...) - gradle (bug #1014778) [bookworm] - gradle (Minor issue) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...) NOT-FOR-US: MuWire CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...) - fail2ban 0.11.2-2 [buster] - fail2ban (Minor issue, can be fixed in point release) [stretch] - fail2ban (Minor issue, can be fixed after fix of regression) NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package: NOTE: https://github.com/fail2ban/fail2ban/issues/3059 CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3) CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) [experimental] - icingaweb2 2.8.3-1~exp1 - icingaweb2 2.8.4-1 (bug #991116) [bullseye] - icingaweb2 (Minor issue) [buster] - icingaweb2 (Minor issue) [stretch] - icingaweb2 (Minor issue) NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3) CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...) NOT-FOR-US: Collabora Online CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...) NOT-FOR-US: Collabora Online CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...) {DLA-2816-1} [experimental] - icinga2 2.12.5-1~exp1 - icinga2 2.12.5-1 (bug #991494) [bullseye] - icinga2 (Minor issue) [buster] - icinga2 (Minor issue) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5) CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...) NOT-FOR-US: Vapor CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...) - ruby-addressable 2.7.0-2 (bug #990791) [buster] - ruby-addressable (Minor issue) [stretch] - ruby-addressable (Minor issue) NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...) {DLA-2816-1} [experimental] - icinga2 2.12.5-1~exp1 - icinga2 2.12.5-1 (bug #991494) [bullseye] - icinga2 (Minor issue) [buster] - icinga2 (Minor issue) NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5) CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) NOT-FOR-US: js-stellar-sdk CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...) NOT-FOR-US: think-helper CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...) NOT-FOR-US: Kirby CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) NOT-FOR-US: Nextcloud Text CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...) NOT-FOR-US: XWiki CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) {DSA-4974-1} - nextcloud-desktop 3.3.1-1 NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 NOTE: https://github.com/nextcloud/desktop/pull/3338 CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...) NOT-FOR-US: Nextcloud Android Client CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...) NOT-FOR-US: Github CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...) NOT-FOR-US: Prism CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...) NOT-FOR-US: GlobalNewFiles MediaWiki extension CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...) NOT-FOR-US: PowerMux CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...) NOT-FOR-US: Sylius CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server 3.9.4-1 (bug #990524) [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Minor issue) [stretch] - rabbitmq-server (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18) CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) - rabbitmq-server 3.9.4-1 (bug #990524) [bullseye] - rabbitmq-server (Minor issue) [buster] - rabbitmq-server (Minor issue) [stretch] - rabbitmq-server (Vulnerable code not present) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1) CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) NOT-FOR-US: Shopware CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) NOT-FOR-US: Shopware CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...) - rust-hyper 0.14.19-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...) - rust-hyper 0.14.19-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9 CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) NOT-FOR-US: Shopware CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) NOT-FOR-US: Shopware CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...) NOT-FOR-US: Shopware CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...) NOT-FOR-US: Shopware CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...) NOT-FOR-US: Shopware CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...) - php-league-flysystem 1.1.3-4 (bug #990288) NOTE: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...) NOT-FOR-US: Nextcloud Mail CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) NOT-FOR-US: Pi-hole CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...) NOT-FOR-US: DHIS 2 CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) NOT-FOR-US: Auth0 Next.js SDK CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...) NOT-FOR-US: ORY Oathkeeper CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...) NOT-FOR-US: Ballerina CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...) NOT-FOR-US: Wings CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...) NOT-FOR-US: eLabFTW CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...) NOT-FOR-US: neos/forms CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...) NOT-FOR-US: Node striptags CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) NOT-FOR-US: Nextcloud Android app CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) NOT-FOR-US: Nextcloud Android app CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...) - symfony (Vulnerable code not present) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2) NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one CVE-2021-32692 (Activity Watch is a free and open-source automated time tracker. Versi ...) NOT-FOR-US: Activity Watch CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...) NOT-FOR-US: Apollo Apps CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...) - helm-kubernetes (bug #910799) CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) NOT-FOR-US: Nextcloud Talk CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) - nextcloud-server (bug #941708) CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...) {DSA-4999-1 DLA-2962-1} - asterisk 1:16.16.1~dfsg-2 (bug #991931) [stretch] - asterisk (Vulnerable code not present) - pjproject - ring 20230206.0~ds1-1 (bug #1014998) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd NOTE: https://github.com/pjsip/pjproject/pull/2716 CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) NOT-FOR-US: tEnvoy CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) NOT-FOR-US: Create Magento app CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...) NOT-FOR-US: wire-webapp CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) NOT-FOR-US: elFinder CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...) NOT-FOR-US: Wagtail CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...) - fastapi 0.70.0-1 (bug #990582) [bullseye] - fastapi (Minor issue) NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2) CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) NOT-FOR-US: Nextcloud Talk CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...) NOT-FOR-US: Zope CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...) NOT-FOR-US: reg-keygen-git-hash-plugin CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...) NOT-FOR-US: Flarum CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...) NOT-FOR-US: Datasette CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...) NOT-FOR-US: Typo 3 CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) NOT-FOR-US: wire-ios (iOS version of Wire) CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...) NOT-FOR-US: Combodo iTop CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...) NOT-FOR-US: Combodo iTop CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...) NOT-FOR-US: Backstage CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...) NOT-FOR-US: Backstage CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...) NOT-FOR-US: Backstage CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...) NOT-FOR-US: Matrix-appservice-bridge CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...) NOT-FOR-US: Nextcloud client for Android CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...) - nextcloud-server (bug #941708) CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) - nextcloud-server (bug #941708) CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) - nextcloud-server (bug #941708) CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...) - nextcloud-server (bug #941708) CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...) NOT-FOR-US: OneDev CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...) NOT-FOR-US: October CMS CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...) NOT-FOR-US: October CMS CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) NOT-FOR-US: October CMS CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...) NOT-FOR-US: Emissary CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...) NOT-FOR-US: Roomer CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...) NOT-FOR-US: Teancy multi-tenant CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...) - ampache CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...) NOT-FOR-US: Http4s CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...) - radsecproxy 1.8.2-4 (unimportant) NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af NOTE: Only affects example script CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...) NOT-FOR-US: auth0-lock CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...) - node-ws 7.4.2+~cs18.0.8-2 [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1 [stretch] - node-ws (Nodejs in stretch not covered by security support) NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...) NOT-FOR-US: NSA Emissary CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...) NOT-FOR-US: Github CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...) NOT-FOR-US: Authelia CVE-2021-32636 RESERVED CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...) - singularity-container (Vulnerable code introduced in 3.7.2) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3 NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440 CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...) NOT-FOR-US: NSA Emissary CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...) NOT-FOR-US: Zope CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...) NOT-FOR-US: Pajbot CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...) NOT-FOR-US: NIMBLE CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...) NOT-FOR-US: Admidio CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...) NOT-FOR-US: Cranelift CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...) {DSA-5001-1} - redis 5:6.0.16-1 [stretch] - redis (Minor issue; invasive patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...) {DSA-5001-1} - redis 5:6.0.16-1 [stretch] - redis (Minor issue; invasive patch) NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...) {DSA-5001-1 DLA-2810-1} - redis 5:6.0.16-1 NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...) - redis 5:6.0.14-1 (bug #989351) [buster] - redis (Vulnerable code not present) [stretch] - redis (Vulnerable code not present) NOTE: https://github.com/redis/redis/pull/9011 NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964 NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq NOTE: CVE is result of incomplete fix by CVE-2021-29477. CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...) NOT-FOR-US: Keystone CMS CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...) NOT-FOR-US: Opencast CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...) NOT-FOR-US: Matrix-React-SDK CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) NOT-FOR-US: Deno CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...) NOT-FOR-US: Flask-Security-Too CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - exiv2 0.27.5-1 (bug #988731) [bullseye] - exiv2 (Minor issue) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj NOTE: https://github.com/Exiv2/exiv2/pull/1657 CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...) NOT-FOR-US: 1CDN CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...) - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 NOTE: binutils not covered by security support CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...) - piwigo CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...) - dmg2img (unimportant; bug #989008) NOTE: https://github.com/Lekensteyn/dmg2img/issues/11 NOTE: Crash in CLI tool, no security impact CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...) - radare2 5.5.0+dfsg-1 (bug #989067) NOTE: https://github.com/radareorg/radare2/issues/18679 NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...) NOT-FOR-US: VeryFitPro CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...) - libexosip2 [buster] - libexosip2 (Minor issue) [stretch] - libexosip2 (Minor issue) NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054 CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...) {DLA-2721-1} - drupal7 - php-pear 1:1.10.13+submodules+notgz-1 (bug #991541) [bullseye] - php-pear (Minor issue) [buster] - php-pear (Minor issue) [stretch] - php-pear (Minor issue) NOTE: https://www.drupal.org/sa-core-2021-004 NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/ NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14) CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...) NOT-FOR-US: Apache Superset CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) NOT-FOR-US: Smartstore CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) NOT-FOR-US: Smartstore CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...) - openvpn3-client (bug #904044) CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...) NOT-FOR-US: zzzcms CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...) NOT-FOR-US: SolarWinds CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...) NOT-FOR-US: FortiGuard CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiGuard CVE-2021-32601 RESERVED CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortiguard CVE-2021-32599 RESERVED CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) NOT-FOR-US: FortiGuard CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...) NOT-FOR-US: Fortiguard CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) NOT-FOR-US: FortiPortal CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) NOT-FOR-US: Fortiguard CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) NOT-FOR-US: FortiPortal CVE-2021-32593 (A use of a broken or risky cryptographic algorithm vulnerability [CWE- ...) NOT-FOR-US: FortiWAN CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...) NOT-FOR-US: FortiGuard CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...) NOT-FOR-US: FortiGuard CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) NOT-FOR-US: FortiPortal CVE-2021-32589 RESERVED CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...) NOT-FOR-US: FortiGuard CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) NOT-FOR-US: Fortiguard CVE-2021-32586 (An improper input validation vulnerability in the web server CGI facil ...) NOT-FOR-US: FortiGuard CVE-2021-32585 (An improper neutralization of input during web page generation vulnera ...) NOT-FOR-US: FortiWAN CVE-2021-32584 RESERVED CVE-2021-32583 RESERVED CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...) NOT-FOR-US: ConnectWise Automate CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...) NOT-FOR-US: Acronis CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...) NOT-FOR-US: Acronis CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) NOT-FOR-US: Acronis CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...) - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16 CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Only minimal support present and not installed in binary packages) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2 CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Only minimal support present and not installed in binary packages) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5 CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...) - dmg2img (unimportant) NOTE: https://github.com/Lekensteyn/dmg2img/issues/9 NOTE: Crash in CLI tool, no security impact CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...) - linux 5.10.38-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 NOTE: nitro_enclaves not enabled in Debian binary builds CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...) - nomad 0.12.10+dfsg1-3 (bug #990581) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...) - consul 1.9.17+dfsg2-1 (bug #991719) [bullseye] - consul (Minor issue) [buster] - consul (Only affects 1.3.0 and later) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 NOTE: https://github.com/hashicorp/consul/pull/10619 CVE-2021-32573 (The express-cart package through 1.1.10 for Node.js allows Reflected X ...) NOT-FOR-US: Node express-cart CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) NOT-FOR-US: Speco Web Viewer CVE-2021-32571 (In OSS-RC systems of the release 18B and older during data migration p ...) NOT-FOR-US: OSS-RC CVE-2021-32570 (In Ericsson Network Manager (ENM) releases before 21.2, users belongin ...) NOT-FOR-US: Ericsson CVE-2021-32569 (In OSS-RC systems of the release 18B and older customer documentation ...) NOT-FOR-US: OSS-RC CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data) NOT-FOR-US: mrdoc CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...) {DSA-4957-1} - trafficserver 8.1.1+ds-1.1 (bug #990303) NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master) NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) CVE-2021-32564 RESERVED CVE-2021-32562 RESERVED CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...) - octoprint (bug #718591) CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) - octoprint (bug #718591) CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) NOT-FOR-US: pywin32 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) {DSA-4999-1 DLA-2729-1} - asterisk 1:16.16.1~dfsg-2 (bug #991710) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) NOT-FOR-US: Apport CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...) NOT-FOR-US: Apport CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...) NOT-FOR-US: Apport CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs before ...) NOT-FOR-US: Go Git Service CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...) NOT-FOR-US: Pexip Infinity CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) NOT-FOR-US: igt+ CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...) NOT-FOR-US: CTS Web transaction system CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...) NOT-FOR-US: CTS Web trading system CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...) NOT-FOR-US: CTS Web transaction system CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...) NOT-FOR-US: 101EIP system CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...) NOT-FOR-US: 101EIP system CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...) NOT-FOR-US: ARTWARE CMS CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...) NOT-FOR-US: Realtek CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) NOT-FOR-US: MCUsystem CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...) NOT-FOR-US: QSAN SANOS CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...) NOT-FOR-US: QSAN SANOS CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...) NOT-FOR-US: QSAN SANOS CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...) NOT-FOR-US: QSAN XEVO CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...) NOT-FOR-US: QSAN XEVO CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...) NOT-FOR-US: QSAN XEVO CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...) NOT-FOR-US: QSAN CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...) NOT-FOR-US: QSAN CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...) NOT-FOR-US: QSAN CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...) NOT-FOR-US: QSAN CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...) NOT-FOR-US: QSAN CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...) NOT-FOR-US: QSAN CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...) NOT-FOR-US: QSAN CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...) NOT-FOR-US: QSAN CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...) NOT-FOR-US: QSAN CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...) NOT-FOR-US: QSAN CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...) NOT-FOR-US: QSAN CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...) NOT-FOR-US: QSAN CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...) NOT-FOR-US: QSAN CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...) NOT-FOR-US: QSAN CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...) NOT-FOR-US: QSAN CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...) NOT-FOR-US: QSAN CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...) NOT-FOR-US: QSAN CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...) NOT-FOR-US: QSAN CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...) NOT-FOR-US: QSAN CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...) NOT-FOR-US: QSAN CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...) NOT-FOR-US: QSAN CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...) NOT-FOR-US: QSAN CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...) NOT-FOR-US: QSAN CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...) NOT-FOR-US: QSAN CVE-2021-32505 REJECTED CVE-2021-32504 (Unauthenticated users can access sensitive web URLs through GET reques ...) NOT-FOR-US: SICK FTMg flow sensors CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through GET reques ...) NOT-FOR-US: SICK FTMg flow sensors CVE-2021-32502 REJECTED CVE-2021-32501 REJECTED CVE-2021-32500 REJECTED CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) NOT-FOR-US: SICK SOPAS ET CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) NOT-FOR-US: SICK SOPAS ET CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...) NOT-FOR-US: SICK SOPAS ET CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...) NOT-FOR-US: SICK Visionary-S CX CVE-2021-32495 (Radare2 has a use-after-free vulnerability in pyc parser's get_none_ob ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/18666 NOTE: https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 (5.3.0) CVE-2021-32494 (Radare2 has a division by zero vulnerability in Mach-O parser's rebase ...) - radare2 5.5.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/18667 NOTE: https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 (5.3.0) CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) NOT-FOR-US: Yubico yubihsm-shell CVE-2021-32488 RESERVED CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) NOT-FOR-US: Cloudera Manager CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...) NOT-FOR-US: Cloudera Manager CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter.) NOT-FOR-US: Cloudera Hue CVE-2021-32480 RESERVED CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...) - thunar 4.16.8-1 (bug #988394) [buster] - thunar (Minor issue) [stretch] - thunar (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2 NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575 CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Only minimal support present and not installed in binary packages) [stretch] - qemu (The vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a CVE-2021-3542 REJECTED CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...) {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12) CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...) {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10) CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...) {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9) CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...) {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8) CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...) {DLA-2669-1} - libxml2 2.9.10+dfsg-6.7 (bug #988603) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private) NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/ CVE-2021-32479 RESERVED CVE-2021-32478 (The redirect URI in the LTI authorization endpoint required extra sani ...) - moodle CVE-2021-32477 (The last time a user accessed the mobile app is displayed on their pro ...) - moodle CVE-2021-32476 (A denial-of-service risk was identified in the draft files area, due t ...) - moodle CVE-2021-32475 (ID numbers displayed in the quiz grading report required additional sa ...) - moodle CVE-2021-32474 (An SQL injection risk existed on sites with MNet enabled and configure ...) - moodle CVE-2021-32473 (It was possible for a student to view their quiz grade before it had b ...) - moodle CVE-2021-32472 (Teachers exporting a forum in CSV format could receive a CSV of forums ...) - moodle CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...) NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability.) NOT-FOR-US: Craft CMS CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) NOT-FOR-US: Netgear CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...) NOT-FOR-US: Trend Micro CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...) NOT-FOR-US: Trend Micro CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...) NOT-FOR-US: Trend Micro CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) NOT-FOR-US: Trend Micro CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) NOT-FOR-US: Trend Micro CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...) NOT-FOR-US: Trend Micro CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...) NOT-FOR-US: Trend Micro CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) NOT-FOR-US: Trend Micro CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) NOT-FOR-US: Trend Micro CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) NOT-FOR-US: SITEL CAP/PRX firmware CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...) NOT-FOR-US: Ivanti MobileIron Core CVE-2021-32452 RESERVED CVE-2021-32451 RESERVED CVE-2021-32450 RESERVED CVE-2021-32449 RESERVED CVE-2021-32448 RESERVED CVE-2021-32447 RESERVED CVE-2021-32446 RESERVED CVE-2021-32445 RESERVED CVE-2021-32444 RESERVED CVE-2021-32443 RESERVED CVE-2021-32442 RESERVED CVE-2021-32441 (SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 all ...) NOT-FOR-US: Exponent-CMS CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1772 CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1774 NOTE: Introduced by https://github.com/gpac/gpac/commit/51dadae6c790af3f639c4d9d660658b2848b51a0 NOTE: The vulnerability affects operations on multiple samples, which rely on a change which was only introduced in 51dadae6c7 CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868 (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1769 CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1770 CVE-2021-32436 (An out-of-bounds read in the function write_title() in subs.c of abcm2 ...) {DLA-2983-1} - abcm2ps 8.14.13-1 (unimportant) NOTE: https://github.com/lewdlime/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 (v8.14.12) NOTE: https://github.com/lewdlime/abcm2ps/issues/85 NOTE: Crash in CLI tool, no security impact CVE-2021-32435 (Stack-based buffer overflow in the function get_key in parse.c of abcm ...) {DLA-2983-1} - abcm2ps 8.14.13-1 [bullseye] - abcm2ps (Minor issue) [buster] - abcm2ps (Minor issue) NOTE: https://github.com/lewdlime/abcm2ps/commit/3169ace6d63f6f517a64e8df0298f44a490c4a15 (v8.14.12) NOTE: https://github.com/lewdlime/abcm2ps/issues/84 CVE-2021-32434 (abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in th ...) {DLA-2983-1} - abcm2ps 8.14.13-1 (unimportant) NOTE: https://github.com/lewdlime/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 (v8.14.12) NOTE: https://github.com/lewdlime/abcm2ps/issues/83 NOTE: Crash in CLI tool, no security impact CVE-2021-32433 RESERVED CVE-2021-32432 RESERVED CVE-2021-32431 RESERVED CVE-2021-32430 RESERVED CVE-2021-32429 RESERVED CVE-2021-32428 (SQL Injection vulnerability in viaviwebtech Android EBook App (Books A ...) NOT-FOR-US: viaviwebtech Android eBook app CVE-2021-32427 RESERVED CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...) NOT-FOR-US: TrendNet TW100-S4W1CA CVE-2021-32425 RESERVED CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...) NOT-FOR-US: TrendNet TW100-S4W1CA CVE-2021-32423 RESERVED CVE-2021-32422 (dpic 2021.01.01 has a Global buffer overflow in theyylex() function in ...) - dpic 2021.11.01-1 (unimportant) NOTE: https://gitlab.com/aplevich/dpic/-/issues/6 NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf NOTE: Crash in CLI tool, no security impact CVE-2021-32421 (dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() func ...) - dpic 2021.11.01-1 (unimportant) NOTE: https://gitlab.com/aplevich/dpic/-/issues/7 NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf NOTE: Crash in CLI tool, no security impact CVE-2021-32420 (dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring fun ...) - dpic 2021.11.01-1 [bullseye] - dpic (Minor issue) NOTE: https://gitlab.com/aplevich/dpic/-/issues/5 NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf CVE-2021-32419 (An issue in Schism Tracker v20200412 fixed in v.20200412 allows attack ...) - schism 2:20210525-2 (unimportant) NOTE: https://github.com/schismtracker/schismtracker/issues/249 NOTE: https://github.com/schismtracker/schismtracker/commit/1e2cc389a2a058fd13d99460c11115a6f7f7a6a4 NOTE: Crash in CLI tool, no security impact CVE-2021-32418 RESERVED CVE-2021-32417 RESERVED CVE-2021-32416 RESERVED CVE-2021-32415 (EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since versio ...) NOT-FOR-US: EXEMSI MSI Wrapper CVE-2021-32414 RESERVED CVE-2021-32413 RESERVED CVE-2021-32412 RESERVED CVE-2021-32411 RESERVED CVE-2021-32410 RESERVED CVE-2021-32409 RESERVED CVE-2021-32408 RESERVED CVE-2021-32407 RESERVED CVE-2021-32406 RESERVED CVE-2021-32405 RESERVED CVE-2021-32404 RESERVED CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) NOT-FOR-US: Intelbras Router RF 301K Firmware CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) NOT-FOR-US: Intelbras Router RF 301K Firmware CVE-2021-32401 RESERVED CVE-2021-32400 RESERVED CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2 CVE-2021-32398 RESERVED CVE-2021-32397 RESERVED CVE-2021-32396 RESERVED CVE-2021-32395 RESERVED CVE-2021-32394 RESERVED CVE-2021-32393 RESERVED CVE-2021-32392 RESERVED CVE-2021-32391 RESERVED CVE-2021-32390 RESERVED CVE-2021-32389 RESERVED CVE-2021-32388 RESERVED CVE-2021-32387 RESERVED CVE-2021-32386 RESERVED CVE-2021-32385 RESERVED CVE-2021-32384 RESERVED CVE-2021-32383 RESERVED CVE-2021-32382 RESERVED CVE-2021-32381 RESERVED CVE-2021-32380 RESERVED CVE-2021-32379 RESERVED CVE-2021-32378 RESERVED CVE-2021-32377 RESERVED CVE-2021-32376 RESERVED CVE-2021-32375 RESERVED CVE-2021-32374 RESERVED CVE-2021-32373 RESERVED CVE-2021-32372 RESERVED CVE-2021-32371 RESERVED CVE-2021-32370 RESERVED CVE-2021-32369 RESERVED CVE-2021-32368 RESERVED CVE-2021-32367 RESERVED CVE-2021-32366 RESERVED CVE-2021-32365 RESERVED CVE-2021-32364 RESERVED CVE-2021-32363 RESERVED CVE-2021-32362 RESERVED CVE-2021-32361 RESERVED CVE-2021-32360 RESERVED CVE-2021-32359 RESERVED CVE-2021-32358 RESERVED CVE-2021-32357 RESERVED CVE-2021-32356 RESERVED CVE-2021-32355 RESERVED CVE-2021-32354 RESERVED CVE-2021-32353 RESERVED CVE-2021-32352 RESERVED CVE-2021-32351 RESERVED CVE-2021-32350 RESERVED CVE-2021-32349 RESERVED CVE-2021-32348 RESERVED CVE-2021-32347 RESERVED CVE-2021-32346 RESERVED CVE-2021-32345 RESERVED CVE-2021-32344 RESERVED CVE-2021-32343 RESERVED CVE-2021-32342 RESERVED CVE-2021-32341 RESERVED CVE-2021-32340 RESERVED CVE-2021-32339 RESERVED CVE-2021-32338 RESERVED CVE-2021-32337 RESERVED CVE-2021-32336 RESERVED CVE-2021-32335 RESERVED CVE-2021-32334 RESERVED CVE-2021-32333 RESERVED CVE-2021-32332 RESERVED CVE-2021-32331 RESERVED CVE-2021-32330 RESERVED CVE-2021-32329 RESERVED CVE-2021-32328 RESERVED CVE-2021-32327 RESERVED CVE-2021-32326 RESERVED CVE-2021-32325 RESERVED CVE-2021-32324 RESERVED CVE-2021-32323 RESERVED CVE-2021-32322 RESERVED CVE-2021-32321 RESERVED CVE-2021-32320 RESERVED CVE-2021-32319 RESERVED CVE-2021-32318 RESERVED CVE-2021-32317 RESERVED CVE-2021-32316 RESERVED CVE-2021-32315 RESERVED CVE-2021-32314 RESERVED CVE-2021-32313 RESERVED CVE-2021-32312 RESERVED CVE-2021-32311 RESERVED CVE-2021-32310 RESERVED CVE-2021-32309 RESERVED CVE-2021-32308 RESERVED CVE-2021-32307 RESERVED CVE-2021-32306 RESERVED CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...) - websvn CVE-2021-32304 RESERVED CVE-2021-32303 RESERVED CVE-2021-32302 (Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router ...) NOT-FOR-US: IRZ Electronics CVE-2021-32301 RESERVED CVE-2021-32300 RESERVED CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...) NOT-FOR-US: pbrt CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...) NOT-FOR-US: libiff CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...) NOT-FOR-US: LIEF CVE-2021-32296 RESERVED CVE-2021-32295 RESERVED CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...) - libgig (bug #1014777) [bookworm] - libgig (Minor issue) [bullseye] - libgig (Minor issue) [buster] - libgig (Minor issue) [stretch] - libgig (Minor issue, revisit when/if fixed upstream) NOTE: https://github.com/drbye78/libgig/issues/1 CVE-2021-32293 RESERVED CVE-2021-32292 (An issue was discovered in json-c from 20200420 (post 0.14 unreleased ...) {DSA-5486-1} - json-c 0.16-1 [buster] - json-c (Vulnerable code was introduced later) NOTE: https://github.com/json-c/json-c/issues/654 NOTE: https://github.com/json-c/json-c/pull/655 NOTE: https://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec (json-c-0.16-20220414) CVE-2021-32291 RESERVED CVE-2021-32290 RESERVED CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) NOT-FOR-US: Nokia HEIF implementation (different from libheif) CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...) - hcxtools 6.2.4-1 (bug #994790) [bullseye] - hcxtools (Minor issue) NOTE: https://github.com/ZerBea/hcxtools/issues/155 NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2) CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) NOT-FOR-US: Gravity CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...) NOT-FOR-US: Gravity CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...) {DLA-3304-1 DLA-2778-1} - fig2dev 1:3.2.7b-5 (bug #960736) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/107/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ CVE-2021-32279 RESERVED CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) {DSA-5109-1 DLA-2792-1} - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/62 NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0) CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) {DSA-5109-1 DLA-2792-1} - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/59 NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...) {DSA-5109-1 DLA-2792-1} - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/58 NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0) CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...) - faust (unimportant) NOTE: https://github.com/grame-cncm/faust/issues/482 NOTE: Negligible security impact CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) {DSA-5109-1 DLA-2792-1} - faad2 2.10.0-1 NOTE: https://github.com/knik0/faad2/issues/60 NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...) {DSA-5109-1} - faad2 2.10.0-1 [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) NOTE: https://github.com/knik0/faad2/issues/56 NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0) CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...) {DSA-5109-1} - faad2 2.10.0-1 [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) NOTE: https://github.com/knik0/faad2/issues/57 NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1) NOTE: https://github.com/gpac/gpac/issues/1575 CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1586 NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1) CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/issues/1574 NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1) CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (EOL in buster LTS) [stretch] - gpac (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/1587 NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1) CVE-2021-32267 RESERVED CVE-2021-32266 RESERVED CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...) NOT-FOR-US: Bento4 CVE-2021-32264 RESERVED CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...) NOT-FOR-US: ok-file-formats CVE-2021-32262 RESERVED CVE-2021-32261 RESERVED CVE-2021-32260 RESERVED CVE-2021-32259 REJECTED CVE-2021-32258 RESERVED CVE-2021-32257 RESERVED CVE-2021-32256 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070 NOTE: binutils not covered by security support CVE-2021-32255 RESERVED CVE-2021-32254 RESERVED CVE-2021-32253 RESERVED CVE-2021-32252 RESERVED CVE-2021-32251 RESERVED CVE-2021-32250 RESERVED CVE-2021-32249 RESERVED CVE-2021-32248 RESERVED CVE-2021-32247 RESERVED CVE-2021-32246 RESERVED CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...) NOT-FOR-US: PageKit CMS CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...) - moodle CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).) NOT-FOR-US: FOGProject CVE-2021-32242 RESERVED CVE-2021-32241 RESERVED CVE-2021-32240 RESERVED CVE-2021-32239 RESERVED CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overfl ...) NOT-FOR-US: Epic Games / Psyonix Rocket League CVE-2021-32237 RESERVED CVE-2021-32236 RESERVED CVE-2021-32235 RESERVED CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...) NOT-FOR-US: SmarterTools CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS.) NOT-FOR-US: SmarterTools SmarterMail CVE-2021-32232 RESERVED CVE-2021-32231 RESERVED CVE-2021-32230 RESERVED CVE-2021-32229 RESERVED CVE-2021-32228 RESERVED CVE-2021-32227 RESERVED CVE-2021-32226 RESERVED CVE-2021-32225 RESERVED CVE-2021-32224 RESERVED CVE-2021-32223 RESERVED CVE-2021-32222 RESERVED CVE-2021-32221 RESERVED CVE-2021-32220 RESERVED CVE-2021-32219 RESERVED CVE-2021-32218 RESERVED CVE-2021-32217 RESERVED CVE-2021-32216 RESERVED CVE-2021-32215 RESERVED CVE-2021-32214 RESERVED CVE-2021-32213 RESERVED CVE-2021-32212 RESERVED CVE-2021-32211 RESERVED CVE-2021-32210 RESERVED CVE-2021-32209 RESERVED CVE-2021-32208 RESERVED CVE-2021-32207 RESERVED CVE-2021-32206 RESERVED CVE-2021-32205 RESERVED CVE-2021-32204 RESERVED CVE-2021-32203 RESERVED CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...) NOT-FOR-US: CS-Cart CVE-2021-32201 RESERVED CVE-2021-32200 RESERVED CVE-2021-32199 RESERVED CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...) NOT-FOR-US: EmTec ZOC CVE-2021-32197 RESERVED CVE-2021-32196 RESERVED CVE-2021-32195 RESERVED CVE-2021-32194 RESERVED CVE-2021-32193 RESERVED CVE-2021-32192 RESERVED CVE-2021-32191 RESERVED CVE-2021-32190 RESERVED CVE-2021-32189 RESERVED CVE-2021-32188 RESERVED CVE-2021-32187 RESERVED CVE-2021-32186 RESERVED CVE-2021-32185 RESERVED CVE-2021-32184 RESERVED CVE-2021-32183 RESERVED CVE-2021-32182 RESERVED CVE-2021-32181 RESERVED CVE-2021-32180 RESERVED CVE-2021-32179 RESERVED CVE-2021-32178 RESERVED CVE-2021-32177 RESERVED CVE-2021-32176 RESERVED CVE-2021-32175 RESERVED CVE-2021-32174 RESERVED CVE-2021-32173 RESERVED CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...) NOT-FOR-US: Maian Cart CVE-2021-32171 RESERVED CVE-2021-32170 RESERVED CVE-2021-32169 RESERVED CVE-2021-32168 RESERVED CVE-2021-32167 RESERVED CVE-2021-32166 RESERVED CVE-2021-32165 RESERVED CVE-2021-32164 RESERVED CVE-2021-32163 (Authentication vulnerability in MOSN v.0.23.0 allows attacker to escal ...) NOT-FOR-US: MOSN CVE-2021-32162 (A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) - webmin CVE-2021-32161 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 thro ...) - webmin CVE-2021-32160 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 thro ...) - webmin CVE-2021-32159 (A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) - webmin CVE-2021-32158 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via ...) - webmin CVE-2021-32157 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via ...) - webmin CVE-2021-32156 (A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) - webmin CVE-2021-32155 RESERVED CVE-2021-32154 RESERVED CVE-2021-32153 RESERVED CVE-2021-32152 RESERVED CVE-2021-32151 RESERVED CVE-2021-32150 RESERVED CVE-2021-32149 RESERVED CVE-2021-32148 RESERVED CVE-2021-32147 RESERVED CVE-2021-32146 RESERVED CVE-2021-32145 RESERVED CVE-2021-32144 RESERVED CVE-2021-32143 RESERVED CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows atta ...) {DSA-5412-1 DLA-3433-1} [experimental] - libraw 0.21.1-1 - libraw 0.20.2-2.1 (bug #1031790) NOTE: https://github.com/LibRaw/LibRaw/issues/400 NOTE: https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 (0.21-Beta1) CVE-2021-32141 RESERVED CVE-2021-32140 RESERVED CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1768 CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (vulnerable code introduced later) [stretch] - gpac (vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1767 NOTE: Vulnerable code introduced in https://github.com/gpac/gpac/commit/d850605fc71e45281a530817ad7705aad98c6b17 NOTE: and https://github.com/gpac/gpac/commit/47e331905ecd6b35de8d362821391ef453e80194 CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (vulnerable code introduced later) [stretch] - gpac (vulnerable code introduced later) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1766 NOTE: Support for vulnerable file type introduced in https://github.com/gpac/gpac/commit/2c65e5604b469d4a4e1a1dc0c6cbe351f2d39a17 NOTE: Confirmed that stretch/buster versions were not affect by building with ASAN and testing POC from GitHub issue NOTE: the stretch/buster versions produce '[iso file] Read Box "free" failed (Invalid IsoMedia File)' CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (vulnerable code introduced later) [stretch] - gpac (vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1765 NOTE: Vulnerable code introduced by https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8 (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1757 CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1756 NOTE: The POC from the GitHub issue produces a SIGSEV in the stretch/buster version of gpac, but in an entirely different call chain; it appears to be a different issue altogether NOTE: It isn't clear if that means this CVE doesn't apply to stretch/buster, or if it is masking the issue with an earlier failure CVE-2021-32133 RESERVED CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) - gpac 2.0.0+dfsg1-2 [bullseye] - gpac (Minor issue) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23 (v2.0.0) NOTE: https://github.com/gpac/gpac/issues/1753 CVE-2021-32131 RESERVED CVE-2021-32130 RESERVED CVE-2021-32129 RESERVED CVE-2021-32128 RESERVED CVE-2021-32127 RESERVED CVE-2021-32126 RESERVED CVE-2021-32125 RESERVED CVE-2021-32124 RESERVED CVE-2021-32123 RESERVED CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...) NOT-FOR-US: Netgear CVE-2021-32121 RESERVED CVE-2021-32120 RESERVED CVE-2021-32119 RESERVED CVE-2021-32118 RESERVED CVE-2021-32117 RESERVED CVE-2021-32116 RESERVED CVE-2021-32115 RESERVED CVE-2021-32114 RESERVED CVE-2021-32113 RESERVED CVE-2021-32112 RESERVED CVE-2021-32111 RESERVED CVE-2021-32110 RESERVED CVE-2021-32109 RESERVED CVE-2021-32108 RESERVED CVE-2021-32107 RESERVED CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...) NOT-FOR-US: ICEcoder CVE-2021-32105 RESERVED CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...) NOT-FOR-US: OpenEMR CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...) NOT-FOR-US: OpenEMR CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...) NOT-FOR-US: OpenEMR CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...) NOT-FOR-US: OpenEMR CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...) NOT-FOR-US: Artica Pandora FMS CVE-2021-32097 RESERVED CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...) NOT-FOR-US: NSA Emissary CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) NOT-FOR-US: NSA Emissary CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) NOT-FOR-US: NSA Emissary CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...) NOT-FOR-US: NSA Emissary CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...) NOT-FOR-US: NSA Emissary CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...) NOT-FOR-US: StackList LocalStack CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...) NOT-FOR-US: StackList LocalStack CVE-2021-32089 (An issue was discovered on Zebra (formerly Motorola Solutions) Fixed R ...) NOT-FOR-US: Zebra CVE-2021-32088 RESERVED CVE-2021-32087 RESERVED CVE-2021-32086 RESERVED CVE-2021-32085 RESERVED CVE-2021-32084 RESERVED CVE-2021-32083 RESERVED CVE-2021-32082 RESERVED CVE-2021-32081 RESERVED CVE-2021-32080 RESERVED CVE-2021-32079 RESERVED CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...) - linux 5.14.6-1 (unimportant) NOTE: https://kirtikumarar.com/CVE-2021-32078.txt NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1) CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...) NOT-FOR-US: EspoCRM CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...) - golang-github-satori-go.uuid (Vulnerable code introduced later and not in any released version) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45 NOTE: https://github.com/satori/go.uuid/issues/73 CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...) NOT-FOR-US: VerityStream MSOW Solutions CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...) NOT-FOR-US: SolarWinds CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.) NOT-FOR-US: Re-Logic Terraria CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...) NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action) CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...) NOT-FOR-US: DedeCMS CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...) NOT-FOR-US: Mitel CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...) NOT-FOR-US: Mitel CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) NOT-FOR-US: Mitel CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) {DSA-5066-1 DLA-3408-1 DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 - ruby2.3 - jruby 9.3.9.0+ds-1 (bug #1014818) [stretch] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) CVE-2021-32065 RESERVED CVE-2021-32064 RESERVED CVE-2021-32063 RESERVED CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...) [experimental] - mapserver 7.6.3-1~exp1 - mapserver 7.6.2-2 (bug #988208) [bullseye] - mapserver (Minor issue; #988224) [buster] - mapserver (Minor issue; will be fixed via point release) [stretch] - mapserver (Minor issue; can be fixed in next update) NOTE: https://github.com/mapserver/mapserver/issues/6313 NOTE: https://github.com/MapServer/MapServer/pull/6314 NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2) NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0) NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3 CVE-2019-25044 (The block subsystem in the Linux kernel before 5.2 has a use-after-fre ...) - linux (Vulnerable code only between 5.2-rc3 and 5.2-rc4) CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...) - modsecurity 3.0.4-1 [buster] - modsecurity (Minor issue) NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2566 NOTE: https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199 CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #988123) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...) - wildfly (bug #752018) CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...) NOT-FOR-US: Rapid7 CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...) NOT-FOR-US: S3Scanner CVE-2021-32060 RESERVED CVE-2021-32059 RESERVED CVE-2021-32058 RESERVED CVE-2021-32057 RESERVED CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...) - cyrus-imapd 3.2.6-2 [buster] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) [stretch] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...) NOT-FOR-US: Firely/Incendi Spark CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...) NOT-FOR-US: HAPI FHIR CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...) - python-django 2:2.2.22-1 (bug #988136; unimportant) NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/ NOTE: Only an issue in combination with python3.9 3.9.5+ CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...) NOT-FOR-US: Hexagon G!nius Auskunftsportal CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing authent ...) - php-mongodb 1.11.1+1.9.2+1.7.5-4 [bullseye] - php-mongodb (Minor issue) [buster] - php-mongodb (Minor issue) - mongo-c-driver 1.18.0-1 [bullseye] - mongo-c-driver (Minor issue) [buster] - mongo-c-driver (Minor issue) - node-mongodb (bug #1052663) [bookworm] - node-mongodb (Minor issue) [bullseye] - node-mongodb (Minor issue) [buster] - node-mongodb (Minor issue) NOTE: https://jira.mongodb.org/browse/PHPC-1869 NOTE: https://github.com/mongodb/mongo-php-driver/pull/1235 NOTE: https://jira.mongodb.org/browse/NODE-3356 NOTE: https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0 NOTE: https://github.com/mongodb/node-mongodb-native/commit/b98f2061de9e8b0a814e3e7d39a0e914245953d0 NOTE: https://jira.mongodb.org/browse/CDRIVER-3797 NOTE: https://github.com/mongodb/mongo-c-driver/commit/6d8fc7eaadea8a0dab163e88b91244af12e0c97a (1.18.0) CVE-2021-32049 RESERVED CVE-2021-32048 RESERVED CVE-2021-32047 RESERVED CVE-2021-32046 RESERVED CVE-2021-32045 RESERVED CVE-2021-32044 RESERVED CVE-2021-32043 RESERVED CVE-2021-32042 RESERVED CVE-2021-32041 RESERVED CVE-2021-32040 (It may be possible to have an extremely long aggregation pipeline in c ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-58203 NOTE: https://jira.mongodb.org/browse/SERVER-59299 NOTE: https://jira.mongodb.org/browse/SERVER-60218 CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...) NOT-FOR-US: MongoDB VSCode Extension CVE-2021-32038 RESERVED CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-59071 CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-59294 CVE-2021-32035 RESERVED CVE-2021-32034 RESERVED CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...) NOT-FOR-US: Protectimus SLIM NFC CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...) NOT-FOR-US: Trusted Firmware-M CVE-2021-32031 RESERVED CVE-2020-36362 RESERVED CVE-2020-36361 RESERVED CVE-2020-36360 RESERVED CVE-2020-36359 RESERVED CVE-2020-36358 RESERVED CVE-2020-36357 RESERVED CVE-2020-36356 RESERVED CVE-2020-36355 RESERVED CVE-2020-36354 RESERVED CVE-2020-36353 RESERVED CVE-2020-36352 RESERVED CVE-2020-36351 RESERVED CVE-2020-36350 RESERVED CVE-2020-36349 RESERVED CVE-2020-36348 RESERVED CVE-2020-36347 RESERVED CVE-2020-36346 RESERVED CVE-2020-36345 RESERVED CVE-2020-36344 RESERVED CVE-2020-36343 RESERVED CVE-2020-36342 RESERVED CVE-2020-36341 RESERVED CVE-2020-36340 RESERVED CVE-2020-36339 RESERVED CVE-2020-36338 RESERVED CVE-2020-36337 RESERVED CVE-2020-36336 RESERVED CVE-2020-36335 RESERVED CVE-2016-20010 (EWWW Image Optimizer before 2.8.5 allows remote command execution beca ...) NOT-FOR-US: EWWW Image Optimizer CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...) - mutt 2.0.5-4.1 (bug #988106) [buster] - mutt (Vulnerable code introduced later) [stretch] - mutt (Vulnerable code introduced later) - neomutt 20201127+dfsg.1-1.2 (bug #988107) [buster] - neomutt (Vulnerable code introduced later) NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc NOTE: imap_qresync not enabled by default and considered an experimental feature CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...) NOT-FOR-US: ASUS CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...) {DSA-4915-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 [stretch] - postgresql-9.6 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3) CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...) {DSA-4915-1 DLA-2662-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3) CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...) {DSA-4915-1 DLA-2662-1} - postgresql-13 13.3-1 - postgresql-11 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3) CVE-2018-25014 (A use of uninitialized value was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 CVE-2021-3534 REJECTED CVE-2021-3533 REJECTED CVE-2021-32026 RESERVED CVE-2021-32025 (An elevation of privilege vulnerability in the QNX Neutrino Kernel of ...) NOT-FOR-US: QNX CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...) NOT-FOR-US: BlackBerry CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...) NOT-FOR-US: BlackBerry CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...) NOT-FOR-US: BlackBerry CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...) NOT-FOR-US: BlackBerry CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...) NOT-FOR-US: kernel in Amazon Web Services FreeRTOS CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...) NOT-FOR-US: OpenWrt CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...) NOT-FOR-US: JUMP AMS CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) NOT-FOR-US: JUMP AMS CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) NOT-FOR-US: JUMP AMS CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...) NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) NOT-FOR-US: SheetJS CVE-2021-3532 REJECTED CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...) {DLA-3629-1} - ceph 14.2.21-1 (bug #988890) [stretch] - ceph (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5 NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7 CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...) - binutils 2.37.90.20220207-1 (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935#c11 NOTE: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab NOTE: binutils not covered by security support CVE-2021-32011 RESERVED CVE-2021-32010 (Inadequate Encryption Strength vulnerability in TLS stack of Secomea S ...) NOT-FOR-US: Secomea CVE-2021-32009 (Cross-site Scripting (XSS) vulnerability in firmware section of Secome ...) NOT-FOR-US: Secomea GateManager CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...) NOT-FOR-US: Secomea GateManager CVE-2021-32007 RESERVED CVE-2021-32006 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...) NOT-FOR-US: Secomea GateManager CVE-2021-32005 (Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteMa ...) NOT-FOR-US: Secomea SiteManager CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...) NOT-FOR-US: Secomea GateManager CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...) NOT-FOR-US: Secomea SiteManager CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) NOT-FOR-US: Secomea SiteManager CVE-2021-32001 (K3s in SUSE Rancher allows any user with direct access to the datastor ...) NOT-FOR-US: Rancher CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...) NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) NOT-FOR-US: Rancher CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (SuSE-specific packaging issue) CVE-2021-31997 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...) - postorius (SuSE-specific packaging issue) CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...) NOT-FOR-US: Rust crate algorithmica CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...) NOT-FOR-US: noobaa CVE-2021-31995 RESERVED CVE-2021-31994 RESERVED CVE-2021-31993 RESERVED CVE-2021-31992 RESERVED CVE-2021-31991 RESERVED CVE-2021-31990 RESERVED CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...) NOT-FOR-US: AXIS CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...) NOT-FOR-US: AXIS CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...) NOT-FOR-US: AXIS CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...) NOT-FOR-US: AXIS CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31984 (Power BI Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31982 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31981 RESERVED CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...) NOT-FOR-US: Microsoft CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31974 (Server for NFS Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31971 (Windows HTML Platforms Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2021-31968 (Windows Remote Desktop ServicesDenial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31957 (ASP.NET Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...) NOT-FOR-US: Microsoft CVE-2021-31937 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...) NOT-FOR-US: OX App Suite CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...) NOT-FOR-US: OX App Suite CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...) NOT-FOR-US: Chamilo CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...) NOT-FOR-US: Nokia CVE-2021-31931 RESERVED CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...) NOT-FOR-US: Concerto CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authent ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authent ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...) NOT-FOR-US: Annex Cloud Loyalty Experience Platform CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) NOT-FOR-US: CubeCoders AMP CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...) NOT-FOR-US: Pexip CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...) - pam-u2f 1.1.0-1.1 (bug #987545) [buster] - pam-u2f (Vulnerable code not present) [stretch] - pam-u2f (Vulnerable code not present) NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03 NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1) NOTE: https://github.com/Yubico/pam-u2f/issues/175 NOTE: Support for PIN verification introduced in 1.1.0. CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...) NOT-FOR-US: Ping Identity PingAccess CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...) NOT-FOR-US: Pulse Secure CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...) NOT-FOR-US: noobaa CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...) {DLA-3099-1 DLA-2753-1} - qemu 1:5.2+dfsg-11 (bug #988157) NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c CVE-2021-3526 REJECTED CVE-2021-3525 REJECTED CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) {DLA-3629-1 DLA-2735-1} - ceph 14.2.21-1 (bug #988889) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674 NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 CVE-2021-3523 (A flaw was found in 3Scale APICast in versions prior to 2.11.0, where ...) NOT-FOR-US: Red Hat 3scale API gateway CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) NOT-FOR-US: Istio CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) NOT-FOR-US: Istio CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) NOT-FOR-US: Rust crate rkyv CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...) NOT-FOR-US: tripleo-ansible CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...) NOT-FOR-US: Infinispan CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1 CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...) NOT-FOR-US: JetBrains CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...) NOT-FOR-US: JetBrains CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...) NOT-FOR-US: JetBrains CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...) NOT-FOR-US: JetBrains CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...) NOT-FOR-US: JetBrains CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...) NOT-FOR-US: JetBrains CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...) NOT-FOR-US: JetBrains CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...) NOT-FOR-US: JetBrains CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...) NOT-FOR-US: JetBrains CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...) NOT-FOR-US: JetBrains CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...) NOT-FOR-US: JetBrains CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...) NOT-FOR-US: JetBrains CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...) NOT-FOR-US: JetBrains CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...) NOT-FOR-US: JetBrains CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...) NOT-FOR-US: JetBrains CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...) NOT-FOR-US: JetBrains CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...) NOT-FOR-US: JetBrains CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...) NOT-FOR-US: JetBrains CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...) NOT-FOR-US: JetBrains CVE-2021-31896 RESERVED CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) NOT-FOR-US: Siemens CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...) NOT-FOR-US: Siemens CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...) NOT-FOR-US: Siemens CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31880 RESERVED CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) - wget (bug #988209) [bookworm] - wget (Minor issue) [bullseye] - wget (Minor issue) [buster] - wget (Minor issue) [stretch] - wget (Minor issue; can be fixed in next update) NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html NOTE: https://savannah.gnu.org/bugs/?56909 CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...) - asterisk (Vulnerability introduced in 16.17.0) NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381 CVE-2021-31877 REJECTED CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...) - bitcoin (bug #1014166) NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876 NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...) NOT-FOR-US: Cesanta MongooseOS mJS CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...) NOT-FOR-US: Zoho CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...) {DLA-2695-1} - klibc 2.0.8-6 (bug #989505) [buster] - klibc 2.0.6-1+deb10u1 NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...) {DSA-4930-1} - libwebp 0.6.1-2.1 [stretch] - libwebp (Patch is too destructive to implement it; Minor issue) NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391 NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109 CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388 NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386 NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01 CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385 NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383 NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5 CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...) - bundler [buster] - bundler (Minor issue) [stretch] - bundler (Invasive change, hard to backport; chances of regression) - rubygems 3.3.5-1 [bullseye] - rubygems (Minor issue, too intrusive to backport) NOTE: https://github.com/rubygems/rubygems/issues/3982 NOTE: https://github.com/rubygems/rubygems/pull/4609 CVE-2021-3521 (There is a flaw in RPM's signature functionality. OpenPGP subkeys are ...) - rpm 4.18.0+dfsg-1 (bug #1014723) [bullseye] - rpm (Minor issue) [buster] - rpm (Minor issue) [stretch] - rpm (Minor issue) NOTE: https://github.com/rpm-software-management/rpm/pull/1788 NOTE: https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...) {DSA-4919-1 DLA-2657-1} - lz4 1.9.3-2 (bug #987856) NOTE: https://github.com/lz4/lz4/pull/972 NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...) NOT-FOR-US: Pimcore CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...) NOT-FOR-US: Rapid7 Nexpose CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...) NOT-FOR-US: Pimcore CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that could ...) NOT-FOR-US: Lenovo CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854 CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946 CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970 CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #990792) NOTE: https://www.redmine.org/news/131 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962 CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...) NOT-FOR-US: SysAid CVE-2021-31861 RESERVED CVE-2021-31860 RESERVED CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...) NOT-FOR-US: Ysoft SafeQ CVE-2021-31858 (DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Script ...) NOT-FOR-US: DotNetNuke CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...) NOT-FOR-US: Zoho ManageEngine Password Manager Pro CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...) NOT-FOR-US: Layer Meshery CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...) - kf5-messagelib 4:20.08.3-5 (bug #989438) [buster] - kf5-messagelib (Minor issue) [stretch] - kf5-messagelib (Minor issue) - kdepim4 [stretch] - kdepim4 (Minor issue) NOTE: https://kde.org/info/security/advisory-20210429-1.txt NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...) NOT-FOR-US: McAfee CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) NOT-FOR-US: McAfee CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) NOT-FOR-US: McAfee CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) NOT-FOR-US: McAfee CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...) NOT-FOR-US: McAfee CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...) NOT-FOR-US: McAfee CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...) NOT-FOR-US: McAfee CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...) NOT-FOR-US: McAfee CVE-2021-31846 RESERVED CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) NOT-FOR-US: McAfee CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) NOT-FOR-US: McAfee CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) NOT-FOR-US: McAfee CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) NOT-FOR-US: McAfee CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...) NOT-FOR-US: McAfee CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) NOT-FOR-US: McAfee CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) NOT-FOR-US: McAfee CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...) NOT-FOR-US: MVISION EDR (MVEDR) CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) NOT-FOR-US: McAfee CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...) NOT-FOR-US: McAfee CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) NOT-FOR-US: McAfee CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...) NOT-FOR-US: McAfee CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...) NOT-FOR-US: McAfee CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...) NOT-FOR-US: McAfee CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...) NOT-FOR-US: McAfee CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: McAfee CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...) - libphp-phpmailer 6.2.0-2 (bug #988732) [buster] - libphp-phpmailer (Regression introduced in 6.1.8) [stretch] - libphp-phpmailer (Regression introduced in 6.1.8) NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8) NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1) NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1) CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987737) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987738) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...) {DLA-2653-1} - libxml2 2.9.10+dfsg-6.6 (bug #987739) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...) - pglogical 2.3.3-3 (bug #988735) [buster] - pglogical (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112 NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...) {DLA-3399-1} - 389-ds-base 1.4.4.11-2 (bug #988727) [stretch] - 389-ds-base (Minor issue) NOTE: https://github.com/389ds/389-ds-base/issues/4711 CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) {DLA-2690-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) NOT-FOR-US: OpenDistro for Elasticsearch CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2021-31825 RESERVED CVE-2021-31824 RESERVED CVE-2021-31823 RESERVED CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...) NOT-FOR-US: Octopus Tentacle CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...) NOT-FOR-US: Octopus Tentacle CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) NOT-FOR-US: Octopus Server CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...) NOT-FOR-US: Octopus CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) NOT-FOR-US: Octopus Server CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...) NOT-FOR-US: Octopus Server CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...) NOT-FOR-US: Octopus Server CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2021-3513 (A flaw was found in keycloak where a brute force attack is possible ev ...) NOT-FOR-US: Keycloak CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...) NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications) CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...) NOT-FOR-US: Stormshield CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...) NOT-FOR-US: Zoho CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...) - libpdfbox2-java 2.0.24-1 (bug #991526) [bullseye] - libpdfbox2-java (Minor issue) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (bug #991527) [bookworm] - libpdfbox-java (Minor issue) [bullseye] - libpdfbox-java (Minor issue) [buster] - libpdfbox-java (Minor issue) [stretch] - libpdfbox-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1 NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...) - libpdfbox2-java 2.0.24-1 (bug #991526) [bullseye] - libpdfbox2-java (Minor issue) [buster] - libpdfbox2-java (Minor issue) - libpdfbox-java (bug #991527) [bookworm] - libpdfbox-java (Minor issue) [bullseye] - libpdfbox-java (Minor issue) [buster] - libpdfbox-java (Minor issue) [stretch] - libpdfbox-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2 NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) {DSA-5066-1 DLA-3408-1 DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 - ruby2.3 - jruby 9.3.9.0+ds-1 (bug #1014818) [stretch] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) CVE-2021-31809 RESERVED CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert-int.html CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch NOTE: https://megamansec.github.io/Squid-Security-Audit/range-uaf.html CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) {DSA-4924-1 DLA-2685-1} - squid 4.13-10 (bug #989043) - squid3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert.html CVE-2021-31805 (The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...) - libstruts1.2-java (Vulnerable code not present; fix for CVE-2020-17530 not applied; specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-062 CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...) - jansson (unimportant) NOTE: https://github.com/akheron/jansson/issues/548 NOTE: Disputed security impact (only if programmer fails to follow API specifications) CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...) {DSA-4905-1} - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608) NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927 NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...) - leocad (unimportant) NOTE: https://github.com/leozide/leocad/issues/645 NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87 NOTE: Crash in CLI tool, no security impact CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...) NOT-FOR-US: cPanel CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...) NOT-FOR-US: Netgear CVE-2021-31801 RESERVED CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...) - impacket 0.9.22-2 (bug #988141) [buster] - impacket (Minor issue) [stretch] - impacket (Minor issue) NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...) {DSA-5066-1 DLA-2780-1} - ruby2.7 2.7.4-1 (bug #990815) - ruby2.5 - ruby2.3 NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11) NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1) NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master) NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...) NOT-FOR-US: CyberArk CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...) NOT-FOR-US: CyberArk CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...) NOT-FOR-US: CyberArk CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...) NOT-FOR-US: PowerVR GPU kernel driver (OOT) CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...) NOT-FOR-US: Directum CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...) NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...) NOT-FOR-US: SuiteCRM CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...) NOT-FOR-US: Sentry KM CVE-2021-31790 RESERVED CVE-2021-31789 RESERVED CVE-2021-31788 RESERVED CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...) NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) NOT-FOR-US: Actions ATS CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) NOT-FOR-US: Actions ATS CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...) NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...) NOT-FOR-US: Piwigo extension CVE-2021-31782 RESERVED CVE-2021-31781 RESERVED CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...) NOT-FOR-US: MISP CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...) NOT-FOR-US: Typo3 extension CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...) NOT-FOR-US: Typo3 extension CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...) NOT-FOR-US: Typo3 extension CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...) NOT-FOR-US: Versa CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...) NOT-FOR-US: Versa CVE-2020-13672 (Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...) {DLA-2637-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2021-002 CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...) NOT-FOR-US: Aviatrix VPN Client CVE-2021-31775 RESERVED CVE-2021-31774 RESERVED CVE-2021-31773 RESERVED CVE-2021-31772 RESERVED CVE-2021-31771 REJECTED CVE-2021-31770 RESERVED CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...) NOT-FOR-US: MyQ CVE-2021-31768 RESERVED CVE-2021-31767 RESERVED CVE-2021-31766 RESERVED CVE-2021-31765 RESERVED CVE-2021-31764 RESERVED CVE-2021-31763 RESERVED CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...) - webmin CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...) - webmin CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...) - webmin CVE-2021-31759 RESERVED CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) NOT-FOR-US: Tenda AC11 devices CVE-2021-31754 RESERVED CVE-2021-31753 RESERVED CVE-2021-31752 RESERVED CVE-2021-31751 RESERVED CVE-2021-31750 RESERVED CVE-2021-31749 RESERVED CVE-2021-31748 RESERVED CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...) NOT-FOR-US: Pluck CMS CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...) NOT-FOR-US: Pluck CMS CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...) NOT-FOR-US: Pluck CMS CVE-2021-31744 RESERVED CVE-2021-31743 RESERVED CVE-2021-31742 RESERVED CVE-2021-31741 RESERVED CVE-2021-31740 (SEPPMail's web frontend, user input is not embedded correctly in the w ...) NOT-FOR-US: SEPPMail CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...) NOT-FOR-US: SEPPmail CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.) NOT-FOR-US: Adiscon LogAnalyzer CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...) NOT-FOR-US: emlog CVE-2021-31736 RESERVED CVE-2021-31735 RESERVED CVE-2021-31734 RESERVED CVE-2021-31733 RESERVED CVE-2021-31732 RESERVED CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...) NOT-FOR-US: KiteCMS CVE-2021-31730 RESERVED CVE-2021-31729 RESERVED CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) NOT-FOR-US: MalwareFox AntiMalware CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) NOT-FOR-US: MalwareFox AntiMalware CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...) NOT-FOR-US: Akuvox CVE-2021-31725 RESERVED CVE-2021-31724 RESERVED CVE-2021-31723 RESERVED CVE-2021-31722 RESERVED CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...) NOT-FOR-US: Chevereto CVE-2021-31720 RESERVED CVE-2021-31719 RESERVED CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...) NOT-FOR-US: npupnp CVE-2021-31717 RESERVED CVE-2021-31716 RESERVED CVE-2021-31715 RESERVED CVE-2021-31714 RESERVED CVE-2021-31713 RESERVED CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...) NOT-FOR-US: react-draft-wysiwyg CVE-2021-31711 (Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanag ...) NOT-FOR-US: Trippo ResponsiveFilemanager CVE-2021-31710 RESERVED CVE-2021-31709 RESERVED CVE-2021-31708 RESERVED CVE-2021-31707 (Permissions vulnerability found in KiteCMS allows a remote attacker to ...) NOT-FOR-US: KiteCMS CVE-2021-31706 RESERVED CVE-2021-31705 RESERVED CVE-2021-31704 RESERVED CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...) NOT-FOR-US: Frontier ichris CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...) NOT-FOR-US: Frontier ichris CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode.) NOT-FOR-US: Mintty CVE-2021-31700 RESERVED CVE-2021-31699 RESERVED CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...) NOT-FOR-US: Quectel EG25-G devices CVE-2021-31697 RESERVED CVE-2021-31696 RESERVED CVE-2021-31695 RESERVED CVE-2021-31694 RESERVED CVE-2021-31693 (The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS ...) NOT-FOR-US: VMware Tools for Windows CVE-2021-31692 RESERVED CVE-2021-31691 RESERVED CVE-2021-31690 RESERVED CVE-2021-31689 RESERVED CVE-2021-31688 RESERVED CVE-2021-31687 RESERVED CVE-2021-31686 RESERVED CVE-2021-31685 RESERVED CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...) {DLA-3373-1} - json-smart (unimportant) NOTE: https://github.com/netplex/json-smart-v2/issues/67 NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5 NOTE: Security impact disputed by upstream CVE-2021-31683 RESERVED CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...) NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3 allows attac ...) NOT-FOR-US: yolo CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5 allows attac ...) NOT-FOR-US: yolo CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) NOT-FOR-US: PESCMS Team CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) NOT-FOR-US: PESCMS Team CVE-2021-31677 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) NOT-FOR-US: PESCMS Team CVE-2021-31676 (A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CS ...) NOT-FOR-US: PESCMS Team CVE-2021-31675 RESERVED CVE-2021-31674 (Cyclos 4 PRO 4.14.7 and before does not validate user input at error i ...) NOT-FOR-US: Cyclos 4 PRO CVE-2021-31673 (A Dom-based Cross-site scripting (XSS) vulnerability at registration a ...) NOT-FOR-US: Cyclos 4 PRO CVE-2021-31672 RESERVED CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...) NOT-FOR-US: pgsync CVE-2021-31670 RESERVED CVE-2021-31669 RESERVED CVE-2021-31668 RESERVED CVE-2021-31667 RESERVED CVE-2021-31666 RESERVED CVE-2021-31665 RESERVED CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...) NOT-FOR-US: RIOT RIOT-OS CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...) NOT-FOR-US: TP-Link CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...) NOT-FOR-US: TP-Link CVE-2021-31657 RESERVED CVE-2021-31656 RESERVED CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...) NOT-FOR-US: TRENDnet CVE-2021-31654 RESERVED CVE-2021-31653 RESERVED CVE-2021-31652 RESERVED CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows r ...) NOT-FOR-US: neofarg-cms CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading System ...) NOT-FOR-US: Sourcecodester Online Grading System CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...) NOT-FOR-US: jfinal CVE-2021-31648 RESERVED CVE-2021-31647 RESERVED CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) NOT-FOR-US: Gestsup CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote attackers t ...) NOT-FOR-US: glFTPd CVE-2021-31644 RESERVED CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) NOT-FOR-US: CHIYU Technology CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...) NOT-FOR-US: CHIYU Technology CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...) NOT-FOR-US: CHIYU Technology CVE-2021-31640 RESERVED CVE-2021-31639 RESERVED CVE-2021-31638 RESERVED CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, ...) NOT-FOR-US: UwAmp CVE-2021-31636 RESERVED CVE-2021-31635 (Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 ...) NOT-FOR-US: jFinal CVE-2021-31634 RESERVED CVE-2021-31633 RESERVED CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...) NOT-FOR-US: b2evolution CMS CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...) NOT-FOR-US: b2evolution CMS CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...) NOT-FOR-US: Open PLC webserver CVE-2021-31629 RESERVED CVE-2021-31628 RESERVED CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) NOT-FOR-US: Tenda CVE-2021-31626 RESERVED CVE-2021-31625 RESERVED CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) NOT-FOR-US: Tenda CVE-2021-31623 RESERVED CVE-2021-31622 RESERVED CVE-2021-31621 RESERVED CVE-2021-31620 RESERVED CVE-2021-31619 RESERVED CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-5 (bug #989562) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4 NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...) NOT-FOR-US: Stormshield Network Security (SNS) CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...) NOTE: Bluetooth protocol issue CVE-2021-31614 RESERVED CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) NOT-FOR-US: Zhuhai Jieli CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...) NOT-FOR-US: Bluetrum CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...) NOT-FOR-US: Silicon Labs Bluetooth CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Se ...) NOT-FOR-US: Proofpoint Enterprise Protection CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) {DLA-2815-1} - salt 3002.6+dfsg1-2 (bug #987496) [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9) NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...) NOT-FOR-US: openvpn-monitor CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...) NOT-FOR-US: openvpn-monitor CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...) NOT-FOR-US: openvpn-monitor CVE-2021-31603 RESERVED CVE-2021-31602 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) NOT-FOR-US: Hitachi CVE-2021-31601 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) NOT-FOR-US: Hitachi CVE-2021-31600 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) NOT-FOR-US: Hitachi CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) NOT-FOR-US: Hitachi CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (unimportant; bug #989363) [stretch] - mapcache (Minor issue) - scilab (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/28/ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) - node-xmlhttprequest-ssl [buster] - node-xmlhttprequest-ssl (Minor issue, should possibly be removed from stable as well) [stretch] - node-xmlhttprequest-ssl (Nodejs in stretch not covered by security support) NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt CVE-2021-31596 RESERVED CVE-2021-31595 RESERVED CVE-2021-31594 RESERVED CVE-2021-31593 RESERVED CVE-2021-31592 RESERVED CVE-2021-31591 RESERVED CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...) NOT-FOR-US: PwnDoc CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...) NOT-FOR-US: BeyondTrust CVE-2021-31588 RESERVED CVE-2021-31587 RESERVED CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...) NOT-FOR-US: Accellion Kiteworks CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...) NOT-FOR-US: Accellion Kiteworks CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...) NOT-FOR-US: Sipwise CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...) NOT-FOR-US: Sipwise CVE-2021-31582 RESERVED CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...) NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) CVE-2021-31578 (In Boa, there is a possible escalation of privilege due to a stack buf ...) NOT-FOR-US: Boa as provided by MediaTek CVE-2021-31577 (In Boa, there is a possible escalation of privilege due to a missing p ...) NOT-FOR-US: Boa as provided by MediaTek CVE-2021-31576 (In Boa, there is a possible information disclosure due to a missing pe ...) NOT-FOR-US: Boa as provided by MediaTek CVE-2021-31575 (In Config Manager, there is a possible command injection due to improp ...) NOT-FOR-US: MediaTek CVE-2021-31574 (In Config Manager, there is a possible command injection due to improp ...) NOT-FOR-US: MediaTek CVE-2021-31573 (In Config Manager, there is a possible command injection due to improp ...) NOT-FOR-US: MediaTek CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...) NOT-FOR-US: Buffalo CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...) NOT-FOR-US: Buffalo CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) NOT-FOR-US: Amazon Web Services FreeRTOS kernel CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) NOT-FOR-US: Amazon Web Services FreeRTOS kernel CVE-2021-31570 RESERVED CVE-2021-31569 RESERVED CVE-2021-31568 RESERVED CVE-2021-31557 RESERVED CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension OAuth CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) NOT-FOR-US: MediaWiki extension OAuth CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension CheckUser CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...) NOT-FOR-US: MediaWiki extension PageForms CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...) NOT-FOR-US: MediaWiki extension CommentBox CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) NOT-FOR-US: MediaWiki extension AbuseFilter CVE-2021-31544 RESERVED CVE-2021-31543 RESERVED CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...) {DLA-3744-1 DLA-2651-1} - python-django 2:2.2.21-1 (bug #988053) NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main) NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21) CVE-2021-31541 RESERVED CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...) NOT-FOR-US: Wowza Streaming Engine CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Re ...) NOT-FOR-US: LANCOM CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...) NOT-FOR-US: SIS-REWE Go CVE-2021-31536 RESERVED CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...) {DSA-4920-1 DLA-2666-1} - libx11 2:1.7.1-1 (bug #988737) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3 NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ CVE-2021-31534 RESERVED CVE-2021-31533 RESERVED CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...) NOT-FOR-US: NXP CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31529 RESERVED CVE-2021-31528 RESERVED CVE-2021-31527 RESERVED CVE-2021-31526 RESERVED CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...) - golang-1.16 1.16.4-1 - golang-1.15 1.15.9-2 - golang-1.11 [buster] - golang-1.11 (Limited support, minor issue, DoS) - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3 - golang-golang-x-net-dev [buster] - golang-golang-x-net-dev (Limited support, minor issue, DoS) [stretch] - golang-golang-x-net-dev (Limited support in stretch) NOTE: https://github.com/golang/go/issues/45710 NOTE: https://github.com/golang/go/issues/45711 (1.15 backport) NOTE: https://github.com/golang/go/issues/45712 (1.16 backport) NOTE: https://go-review.googlesource.com/c/net/+/313069 NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1) NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...) - openexr 3.1.5-2 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 (v3.0.0-beta) NOTE: Only affects exrcheck, which isn't built into the binary packages CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DSA-5299-1 DLA-3236-1 DLA-2701-1} - openexr 2.5.7-1 (bug #992703) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 (v3.0.0-beta) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5) CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) {DSA-5299-1 DLA-3236-1 DLA-2701-1} - openexr 2.5.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5) NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0) CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...) - openexr 2.5.4-2 (bug #988240) [buster] - openexr (Vulnerable code not present) [stretch] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...) NOT-FOR-US: Wikimedia Quarry CVE-2021-31524 RESERVED CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) - ceph 14.2.21-1 (bug #988888) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly NOTE: cookie, introducing the specific CVE-2021-3509 issue. CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) NOT-FOR-US: Trend Micro CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...) NOT-FOR-US: Trend Micro CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...) NOT-FOR-US: Trend Micro CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) NOT-FOR-US: Trend Micro CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) NOT-FOR-US: Trend Micro CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...) - pdfresurrect 0.22-3 (unimportant) NOTE: https://github.com/enferex/pdfresurrect/issues/17 NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370 NOTE: Hang in CLI tool, no security impact CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...) {DLA-3099-1} - qemu 1:7.1+dfsg-1 (bug #987410) [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 [stretch] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/defac5e2fbddf8423a354ff0454283a2115e1367 (v7.1.0-rc0) NOTE: https://gitlab.com/qemu-project/qemu/-/commit/46609b90d9e3a6304def11038a76b58ff43f77bc (v7.1.0-rc0) CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) {DLA-2690-1} - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux (f2fs is not supportable) NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/ CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) - xscreensaver 5.45+dfsg1-2 (bug #989508) [buster] - xscreensaver (Minor issue) [stretch] - xscreensaver (Minor issue, fix along with next dla) NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...) - xscreensaver 5.45+dfsg1-2 (bug #987149) [buster] - xscreensaver (Vulnerability introduced later) [stretch] - xscreensaver (Vulnerability introduced later) NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444 NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst NOTE: and so exposing the vulnerability. CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...) - libtpms 0.8.0~dev1-1 NOTE: https://github.com/stefanberger/libtpms/issues/183 NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0) NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0) CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...) {DSA-4913-1 DLA-2656-1} - hivex 1.3.20-1 (bug #988024) NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381 CVE-2021-3503 (A flaw was found in Wildfly where insufficient RBAC restrictions may l ...) - wildfly (bug #752018) CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...) NOT-FOR-US: Arlo Q Plus CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: GE Reason RPV311 14A03 CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: SolarWinds CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: SolarWinds CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) {DSA-5503-1 DLA-3426-1} - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...) NOT-FOR-US: Parallels Desktop CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...) - linux 5.10.38-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a CVE-2021-31416 RESERVED CVE-2021-31415 RESERVED CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...) NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code CVE-2021-31413 RESERVED CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...) NOT-FOR-US: Vaadin CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...) NOT-FOR-US: Vaadin CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...) NOT-FOR-US: Vaadin CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...) NOT-FOR-US: Vaadin CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...) NOT-FOR-US: Vaadin CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...) NOT-FOR-US: Vaadin CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...) NOT-FOR-US: Vaadin CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...) NOT-FOR-US: Vaadin CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) NOT-FOR-US: Vaadin CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) NOT-FOR-US: Vaadin CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...) - avahi 0.8-6 (bug #986018) [bullseye] - avahi 0.8-5+deb11u1 [buster] - avahi (Vulnerable code introduced later) [stretch] - avahi (Vulnerable code introduced later) NOTE: https://github.com/lathiat/avahi/issues/338 NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...) {DSA-5032-1 DLA-2667-1} - djvulibre 3.5.28-2 (bug #988215) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently) CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...) NOT-FOR-US: dio package for Dart CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...) NOT-FOR-US: On 2N Access Unit devices CVE-2021-31398 RESERVED CVE-2021-31397 RESERVED CVE-2021-31396 RESERVED CVE-2021-31395 RESERVED CVE-2021-31394 RESERVED CVE-2021-31393 RESERVED CVE-2021-31392 RESERVED CVE-2021-31391 RESERVED CVE-2021-31390 RESERVED CVE-2021-31389 RESERVED CVE-2021-31388 RESERVED CVE-2021-31387 RESERVED CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP service ...) NOT-FOR-US: Juniper CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) NOT-FOR-US: Juniper CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient Granularity o ...) NOT-FOR-US: Juniper CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established sessions be ...) NOT-FOR-US: Juniper CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an affected ...) NOT-FOR-US: Juniper CVE-2021-31381 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) NOT-FOR-US: Juniper CVE-2021-31380 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) NOT-FOR-US: Juniper CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E automatic tunne ...) NOT-FOR-US: Juniper CVE-2021-31378 (In broadband environments, including but not limited to Enhanced Subsc ...) NOT-FOR-US: Juniper CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: Juniper CVE-2021-31376 (An Improper Input Validation vulnerability in Packet Forwarding Engine ...) NOT-FOR-US: Juniper CVE-2021-31375 (An Improper Input Validation vulnerability in routing process daemon ( ...) NOT-FOR-US: Juniper CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices processing a ...) NOT-FOR-US: Juniper CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Netwo ...) NOT-FOR-US: Juniper CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...) NOT-FOR-US: Juniper CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in Packet Forwar ...) NOT-FOR-US: Juniper CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources ...) NOT-FOR-US: Juniper CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) NOT-FOR-US: Juniper CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) NOT-FOR-US: Juniper CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd (authentication d ...) NOT-FOR-US: Juniper CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper Networks ...) NOT-FOR-US: Juniper CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit Condition vul ...) NOT-FOR-US: Juniper CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing protocol ...) NOT-FOR-US: Juniper CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Networks ...) NOT-FOR-US: Juniper CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...) NOT-FOR-US: Juniper CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...) NOT-FOR-US: Juniper CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...) NOT-FOR-US: Juniper CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...) NOT-FOR-US: Juniper CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...) NOT-FOR-US: Juniper CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...) NOT-FOR-US: Juniper CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) NOT-FOR-US: Juniper CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC Series d ...) NOT-FOR-US: Juniper CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in packet proc ...) NOT-FOR-US: Juniper CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC framework, ...) NOT-FOR-US: Juniper CVE-2021-31349 (The usage of an internal HTTP header created an authentication bypass ...) NOT-FOR-US: Juniper CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (unimportant; bug #989363) - scilab (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (unimportant; bug #989363) - scilab (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/27/ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) NOT-FOR-US: Siemens CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) NOT-FOR-US: Solid Edge CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) NOT-FOR-US: Solid Edge CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) NOT-FOR-US: Mendix Database Replication CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions > ...) NOT-FOR-US: Siemens CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...) NOT-FOR-US: Mendix Excel Importer Module CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) NOT-FOR-US: SINEMA Remote Connect Client CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...) NOT-FOR-US: Siemens CVE-2021-31336 RESERVED CVE-2021-31335 RESERVED CVE-2021-31334 RESERVED CVE-2021-31333 RESERVED CVE-2021-31332 RESERVED CVE-2021-31331 RESERVED CVE-2021-31330 (A Cross-Site Scripting (XSS) vulnerability exists within Review Board ...) - reviewboard (bug #653113) CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...) NOT-FOR-US: Remote Clinic CVE-2021-31328 RESERVED CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...) NOT-FOR-US: Remote Clinic CVE-2021-31326 (D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitra ...) NOT-FOR-US: D-Link DIR-816 CVE-2021-31325 RESERVED CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) NOT-FOR-US: CentOS Web Panel CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie 0.1+dfsg-2 (bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie 0.1+dfsg-2 (bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) NOT-FOR-US: CentOS Web Panel CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ CVE-2021-31314 (File upload vulnerability in ejinshan v8+ terminal security system all ...) NOT-FOR-US: ejinshan v8+ terminal security system CVE-2021-31313 RESERVED CVE-2021-31312 RESERVED CVE-2021-31311 RESERVED CVE-2021-31310 RESERVED CVE-2021-31309 RESERVED CVE-2021-31308 RESERVED CVE-2021-31307 RESERVED CVE-2021-31306 RESERVED CVE-2021-31305 RESERVED CVE-2021-31304 RESERVED CVE-2021-31303 RESERVED CVE-2021-31302 RESERVED CVE-2021-31301 RESERVED CVE-2021-31300 RESERVED CVE-2021-31299 RESERVED CVE-2021-31298 RESERVED CVE-2021-31297 RESERVED CVE-2021-31296 RESERVED CVE-2021-31295 RESERVED CVE-2021-31294 (Redis before 6cbea7d allows a replica to cause an assertion failure in ...) - redis 5:7.0.1-4 [bullseye] - redis (Minor issue) [buster] - redis (Minor issue) NOTE: Introduced with: https://github.com/redis/redis/pull/8170 (6.2-rc2, but feature partially backported to 6.0.y) NOTE: Fixed by: https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f (6.2.3) NOTE: https://github.com/redis/redis/issues/8712 CVE-2021-31293 RESERVED CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...) {DSA-4958-1 DLA-2750-1} - exiv2 0.27.3-3.1 (bug #991706) [bullseye] - exiv2 0.27.3-3+deb11u1 NOTE: https://github.com/Exiv2/exiv2/issues/1530 NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 NOTE: In older releases affected code is in src/crwimage.cpp NOTE: This is a duplicate of CVE-2021-29458, but mitre finds the evidence unconvincing. CVE-2021-31291 REJECTED CVE-2021-31290 RESERVED CVE-2021-31289 RESERVED CVE-2021-31288 RESERVED CVE-2021-31287 RESERVED CVE-2021-31286 RESERVED CVE-2021-31285 RESERVED CVE-2021-31284 RESERVED CVE-2021-31283 RESERVED CVE-2021-31282 RESERVED CVE-2021-31281 RESERVED CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...) NOT-FOR-US: tp5cms CVE-2021-31279 RESERVED CVE-2021-31278 RESERVED CVE-2021-31277 RESERVED CVE-2021-31276 RESERVED CVE-2021-31275 RESERVED CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the ...) NOT-FOR-US: LibreNMS CVE-2021-31273 RESERVED CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...) NOT-FOR-US: SerenityOS CVE-2021-31271 RESERVED CVE-2021-31270 RESERVED CVE-2021-31269 RESERVED CVE-2021-31268 RESERVED CVE-2021-31267 RESERVED CVE-2021-31266 RESERVED CVE-2021-31265 RESERVED CVE-2021-31264 RESERVED CVE-2021-31263 RESERVED CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 NOTE: https://github.com/gpac/gpac/issues/1738 CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...) - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280) NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 NOTE: https://github.com/gpac/gpac/issues/1737 NOTE: Negligible security impact CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 NOTE: https://github.com/gpac/gpac/issues/1736 CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...) - gpac (Vulnerable code was introduced later) NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 NOTE: https://github.com/gpac/gpac/issues/1735 NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e NOTE: https://github.com/gpac/gpac/issues/1706 CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 NOTE: https://github.com/gpac/gpac/issues/1734 CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...) - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant) NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e NOTE: https://github.com/gpac/gpac/issues/1705 NOTE: Negligible security impact CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...) - gpac 1.0.1+dfsg1-4 (bug #987280) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 NOTE: https://github.com/gpac/gpac/issues/1733 CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...) - gpac (Vulnerable code was introduced later) NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8 NOTE: https://github.com/gpac/gpac/issues/1703 NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) CVE-2021-31253 RESERVED CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...) NOT-FOR-US: CHIYU Technology CVE-2021-31248 RESERVED CVE-2021-31247 RESERVED CVE-2021-31246 RESERVED CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) NOT-FOR-US: openmptcprouter-vps-admin CVE-2021-31244 RESERVED CVE-2021-31243 RESERVED CVE-2021-31242 RESERVED CVE-2021-31241 RESERVED CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to execute a ...) - ming NOTE: https://github.com/libming/libming/issues/218 CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...) - sqlite3 3.36.0-2 [bullseye] - sqlite3 (Minor issue) [buster] - sqlite3 (Minor issue) - sqlite (Vulnerable code not present) NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7 (version-3.36.0) NOTE: Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1a4f7848c1d67324893f4ac9cace8c06eb0 (version-3.22.0, https://sqlite.org/releaselog/3_22_0.html) CVE-2021-31238 RESERVED CVE-2021-31237 RESERVED CVE-2021-31236 RESERVED CVE-2021-31235 RESERVED CVE-2021-31234 RESERVED CVE-2021-31233 (SQL Injection vulnerability found in Fighting Cock Information System ...) NOT-FOR-US: Fighting Cock Information System CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...) NOT-FOR-US: CNCF Cortex CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...) NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise CVE-2021-31230 RESERVED CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (unimportant; bug #989363) - scilab (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/26/ NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) NOT-FOR-US: HCC embedded InterNiche CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...) NOT-FOR-US: SES Evolution CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...) NOT-FOR-US: SES Evolution CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...) NOT-FOR-US: SES Evolution CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...) NOT-FOR-US: SES Evolution CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...) NOT-FOR-US: SES Evolution CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...) NOT-FOR-US: SES Evolution CVE-2021-31219 RESERVED CVE-2021-31218 RESERVED CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...) NOT-FOR-US: SolarWinds CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...) NOT-FOR-US: Siren Investigate CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) {DLA-2886-1} - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439) - slurm-llnl [buster] - slurm-llnl (Minor issue) NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing) NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2 NOTE: for consistency with BTS. CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...) NOT-FOR-US: Openshift/ovn-kubernetes CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...) NOT-FOR-US: Microsoft CVE-2021-31212 RESERVED CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31210 RESERVED CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31203 RESERVED CVE-2021-31202 RESERVED CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) NOT-FOR-US: Microsoft CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31197 RESERVED CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2021-31189 RESERVED CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...) NOT-FOR-US: Microsoft CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31172 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...) NOT-FOR-US: Apache Unomi CVE-2021-31163 RESERVED CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...) - rustc 1.53.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/83618 NOTE: https://github.com/rust-lang/rust/pull/83629 NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5 CVE-2021-31161 RESERVED CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...) NOT-FOR-US: Couchbase Server CVE-2021-31157 RESERVED CVE-2021-31156 (Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader ...) NOT-FOR-US: Allied Telesis AT-S115 devices CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...) - rust-pleaser 0.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) NOT-FOR-US: Multilaser Router AC1200 CVE-2021-31151 REJECTED CVE-2021-31150 REJECTED CVE-2021-31149 REJECTED CVE-2021-31148 REJECTED CVE-2021-31147 REJECTED CVE-2021-31146 REJECTED CVE-2021-31145 REJECTED CVE-2021-31144 REJECTED CVE-2021-31143 REJECTED CVE-2021-31142 REJECTED CVE-2021-31141 REJECTED CVE-2021-31140 REJECTED CVE-2021-31139 REJECTED CVE-2021-31138 REJECTED CVE-2021-31137 REJECTED CVE-2021-31136 REJECTED CVE-2021-31135 REJECTED CVE-2021-31134 REJECTED CVE-2021-31133 REJECTED CVE-2021-31132 REJECTED CVE-2021-31131 REJECTED CVE-2021-31130 REJECTED CVE-2021-31129 REJECTED CVE-2021-31128 REJECTED CVE-2021-31127 REJECTED CVE-2021-31126 REJECTED CVE-2021-31125 REJECTED CVE-2021-31124 REJECTED CVE-2021-31123 REJECTED CVE-2021-31122 REJECTED CVE-2021-31121 REJECTED CVE-2021-31120 REJECTED CVE-2021-31119 REJECTED CVE-2021-31118 REJECTED CVE-2021-31117 REJECTED CVE-2021-31116 REJECTED CVE-2021-31115 REJECTED CVE-2021-31114 REJECTED CVE-2021-31113 REJECTED CVE-2021-31112 REJECTED CVE-2021-31111 REJECTED CVE-2021-31110 REJECTED CVE-2021-31109 REJECTED CVE-2021-31108 REJECTED CVE-2021-31107 REJECTED CVE-2021-31106 REJECTED CVE-2021-31105 REJECTED CVE-2021-31104 REJECTED CVE-2021-31103 REJECTED CVE-2021-31102 REJECTED CVE-2021-31101 REJECTED CVE-2021-31100 REJECTED CVE-2021-31099 REJECTED CVE-2021-31098 REJECTED CVE-2021-31097 REJECTED CVE-2021-31096 REJECTED CVE-2021-31095 REJECTED CVE-2021-31094 REJECTED CVE-2021-31093 REJECTED CVE-2021-31092 REJECTED CVE-2021-31091 REJECTED CVE-2021-31090 REJECTED CVE-2021-31089 REJECTED CVE-2021-31088 REJECTED CVE-2021-31087 REJECTED CVE-2021-31086 REJECTED CVE-2021-31085 REJECTED CVE-2021-31084 REJECTED CVE-2021-31083 REJECTED CVE-2021-31082 REJECTED CVE-2021-31081 REJECTED CVE-2021-31080 REJECTED CVE-2021-31079 REJECTED CVE-2021-31078 REJECTED CVE-2021-31077 REJECTED CVE-2021-31076 REJECTED CVE-2021-31075 REJECTED CVE-2021-31074 REJECTED CVE-2021-31073 REJECTED CVE-2021-31072 REJECTED CVE-2021-31071 REJECTED CVE-2021-31070 REJECTED CVE-2021-31069 REJECTED CVE-2021-31068 REJECTED CVE-2021-31067 REJECTED CVE-2021-31066 REJECTED CVE-2021-31065 REJECTED CVE-2021-31064 REJECTED CVE-2021-31063 REJECTED CVE-2021-31062 REJECTED CVE-2021-31061 REJECTED CVE-2021-31060 REJECTED CVE-2021-31059 REJECTED CVE-2021-31058 REJECTED CVE-2021-31057 REJECTED CVE-2021-31056 REJECTED CVE-2021-31055 REJECTED CVE-2021-31054 REJECTED CVE-2021-31053 REJECTED CVE-2021-31052 REJECTED CVE-2021-31051 REJECTED CVE-2021-31050 REJECTED CVE-2021-31049 REJECTED CVE-2021-31048 REJECTED CVE-2021-31047 REJECTED CVE-2021-31046 REJECTED CVE-2021-31045 REJECTED CVE-2021-31044 REJECTED CVE-2021-31043 REJECTED CVE-2021-31042 REJECTED CVE-2021-31041 REJECTED CVE-2021-31040 REJECTED CVE-2021-31039 REJECTED CVE-2021-31038 REJECTED CVE-2021-31037 REJECTED CVE-2021-31036 REJECTED CVE-2021-31035 REJECTED CVE-2021-31034 REJECTED CVE-2021-31033 REJECTED CVE-2021-31032 REJECTED CVE-2021-31031 REJECTED CVE-2021-31030 REJECTED CVE-2021-31029 REJECTED CVE-2021-31028 REJECTED CVE-2021-31027 REJECTED CVE-2021-31026 REJECTED CVE-2021-31025 REJECTED CVE-2021-31024 REJECTED CVE-2021-31023 REJECTED CVE-2021-31022 REJECTED CVE-2021-31021 REJECTED CVE-2021-31020 REJECTED CVE-2021-31019 REJECTED CVE-2021-31018 REJECTED CVE-2021-31017 REJECTED CVE-2021-31016 REJECTED CVE-2021-31015 REJECTED CVE-2021-31014 REJECTED CVE-2021-31013 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-31012 REJECTED CVE-2021-31011 REJECTED CVE-2021-31010 (A deserialization issue was addressed through improved validation. Thi ...) NOT-FOR-US: Apple CVE-2021-31009 (Multiple issues were addressed by removing HDF5. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2021-31008 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2021-31007 (Description: A permissions issue was addressed with improved validatio ...) NOT-FOR-US: Apple CVE-2021-31006 (Description: A permissions issue was addressed with improved validatio ...) NOT-FOR-US: Apple CVE-2021-31005 (Description: A logic issue was addressed with improved state managemen ...) NOT-FOR-US: Apple CVE-2021-31004 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-31003 REJECTED CVE-2021-31002 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30999 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30998 (A S/MIME issue existed in the handling of encrypted email. This issue ...) NOT-FOR-US: Apple CVE-2021-30997 (A S/MIME issue existed in the handling of encrypted email. This issue ...) NOT-FOR-US: Apple CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30994 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30989 REJECTED CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...) NOT-FOR-US: Apple CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...) NOT-FOR-US: Apple CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30978 REJECTED CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...) NOT-FOR-US: Apple CVE-2021-30974 REJECTED CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30972 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...) NOT-FOR-US: Apple CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...) NOT-FOR-US: Apple CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...) NOT-FOR-US: Apple CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30962 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30956 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30944 (Description: A logic issue was addressed with improved state managemen ...) NOT-FOR-US: Apple CVE-2021-30943 (An issue in the handling of group membership was resolved with improve ...) NOT-FOR-US: Apple CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...) NOT-FOR-US: Apple CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-5061-1 DSA-5060-1} - webkit2gtk 2.34.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.4-1 NOTE: https://webkitgtk.org/security/WSA-2022-0001.html CVE-2021-30933 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30928 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...) NOT-FOR-US: Apple CVE-2021-30925 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...) NOT-FOR-US: Apple CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30922 (Multiple out-of-bounds write issues were addressed with improved bound ...) NOT-FOR-US: Apple CVE-2021-30921 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...) NOT-FOR-US: Apple CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...) NOT-FOR-US: Apple CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30908 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...) NOT-FOR-US: Apple CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30898 (An access issue was addressed with additional sandbox restrictions on ...) NOT-FOR-US: Apple CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...) NOT-FOR-US: Apple CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30893 REJECTED CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...) NOT-FOR-US: Apple CVE-2021-30891 REJECTED CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...) {DSA-5031-1 DSA-5030-1} - webkit2gtk 2.34.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-5031-1 DSA-5030-1} - webkit2gtk 2.34.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30885 REJECTED CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30878 REJECTED CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30872 REJECTED CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...) NOT-FOR-US: Apple CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...) NOT-FOR-US: Apple CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...) NOT-FOR-US: Apple CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0005.html CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30856 (This issue was addressed by adding a new Remote Login option for optin ...) NOT-FOR-US: Apple CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0006.html NOTE: https://bugs.webkit.org/show_bug.cgi?id=227988 NOTE: https://www.openwall.com/lists/oss-security/2021/10/27/4 CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0006.html CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0006.html CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0006.html CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30839 RESERVED CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...) NOT-FOR-US: Apple CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30822 RESERVED CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.34.1-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30812 RESERVED CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...) {DSA-4976-1 DSA-4975-1} - webkit2gtk 2.32.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.4-1 NOTE: https://webkitgtk.org/security/WSA-2021-0007.html CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2021-30806 RESERVED CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30801 RESERVED CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30794 RESERVED CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Apple CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...) NOT-FOR-US: Apple CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30771 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...) NOT-FOR-US: Apple CVE-2021-30763 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...) {DSA-4558-1} - webkit2gtk 2.26.1-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.26.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...) NOT-FOR-US: Apple CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...) {DSA-4945-1} - webkit2gtk 2.32.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.2-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...) NOT-FOR-US: Apple CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...) NOT-FOR-US: Apple CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...) NOT-FOR-US: Apple CVE-2021-30754 RESERVED CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...) NOT-FOR-US: Apple CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...) NOT-FOR-US: Apple CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30747 RESERVED CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30745 RESERVED CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...) NOT-FOR-US: Apple CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...) NOT-FOR-US: Apple CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...) NOT-FOR-US: Apple CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...) NOT-FOR-US: Apple CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30732 RESERVED CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30730 RESERVED CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...) NOT-FOR-US: Apple CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...) NOT-FOR-US: Apple CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30711 RESERVED CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...) NOT-FOR-US: Apple CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30699 (A window management issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...) NOT-FOR-US: Apple CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...) NOT-FOR-US: Apple CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...) NOT-FOR-US: Apple CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...) NOT-FOR-US: Apple CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4923-1} - webkit2gtk 2.32.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.0-2 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...) NOT-FOR-US: Apple CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30670 RESERVED CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...) {DSA-4558-1} - webkit2gtk 2.26.1-2 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.26.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...) {DSA-4945-1} - webkit2gtk 2.32.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.32.3-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...) NOT-FOR-US: Apple CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2021-30651 (A malicious authenticated SMG administrator user can obtain passwords ...) NOT-FOR-US: Symantec CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) NOT-FOR-US: Symantec CVE-2021-30649 RESERVED CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) NOT-FOR-US: Symantec CVE-2021-30647 RESERVED CVE-2021-30646 RESERVED CVE-2021-30645 RESERVED CVE-2021-30644 RESERVED CVE-2021-30643 RESERVED CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...) NOT-FOR-US: Symantec CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...) - rustc 1.53.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/80335 NOTE: https://github.com/rust-lang/rust/pull/81728 CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...) {DSA-5096-1 DLA-2941-1 DLA-2689-1} - linux 5.10.9-1 NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 CVE-2018-25013 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 CVE-2018-25012 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ CVE-2018-25011 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 CVE-2018-25010 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0 CVE-2018-25009 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...) - rustc 1.29.0+dfsg1-1 NOTE: https://github.com/rust-lang/rust/issues/51780 NOTE: https://github.com/rust-lang/rust/pull/52031 CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchronizat ...) - rustc 1.19.0+dfsg3-2 NOTE: https://github.com/rust-lang/rust/issues/41622 NOTE: https://github.com/rust-lang/rust/pull/41624 CVE-2015-20002 REJECTED CVE-2021-XXXX [out of bounds reads in ASF demuxer] - gst-plugins-ugly1.0 1.18.4-2 [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1 [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4) CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...) {DSA-4903-1 DLA-2641-1} - gst-plugins-base1.0 1.18.4-2 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations] - gst-plugins-bad1.0 1.18.4-2 [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2 [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch) CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels] - gst-libav1.0 1.18.4-2 [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1 [stretch] - gst-libav1.0 1.10.4-1+deb9u1 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4) NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92 CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...) {DSA-4900-1} [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 1.18.4-2 (bug #986911) [stretch] - gst-plugins-good1.0 (Vulnerable code introduced later) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0 NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366 CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...) {DSA-4900-1 DLA-2640-1} [experimental] - gst-plugins-good1.0 1.18.4-1 - gst-plugins-good1.0 1.18.4-2 (bug #986910) NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3 CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...) - jhead 1:3.04-6 (bug #986923; unimportant) NOTE: https://github.com/Matthias-Wandel/jhead/issues/33 NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0 NOTE: Crash in CLI tool, no security impact CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238 NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...) {DSA-4952-1 DLA-2733-1} - tomcat9 9.0.43-2 (bug #991046) [bullseye] - tomcat9 9.0.43-2~deb11u1 [buster] - tomcat9 9.0.31-1~deb10u6 - tomcat8 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224 NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46) NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46) NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46) NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66) NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66) NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66) NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66) NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66) NOTE: Fix for CVE-2021-30640 introduced a regression: NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...) - tomcat9 (Vulnerable code introduced later in 9.0.44) - tomcat8 [stretch] - tomcat8 (Vulnerable code was introduced later) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203 NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45) NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65) CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...) NOT-FOR-US: WordPress plugin themegrill-demo-importer CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...) NOT-FOR-US: WordPress plugin themegrill-demo-importer CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...) NOT-FOR-US: Vaadin CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...) NOT-FOR-US: Vaadin CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...) NOT-FOR-US: Vaadin CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...) NOT-FOR-US: Vaadin CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...) NOT-FOR-US: Vaadin CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...) NOT-FOR-US: Vaadin CVE-2017-20003 REJECTED CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...) NOT-FOR-US: Apache Tapestry CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) NOT-FOR-US: htmly CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...) NOT-FOR-US: MediaTek LinkIt SDK CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-30634 RESERVED CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30631 REJECTED CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink) - chromium 93.0.4577.82-1 [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...) NOT-FOR-US: ChromeOS Readiness Tool installer on Windows CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30595 RESERVED CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30570 RESERVED CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...) {DSA-5216-1 DLA-3101-1} - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - libxslt 1.1.35-1 NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1219209 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 (v1.1.35) CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30558 (Insufficient policy enforcement in content security policy in Google C ...) {DSA-5046-1} - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547 CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) - icu 67.1-7 [buster] - icu (Vulnerable code introduced later) [stretch] - icu (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted) NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864 NOTE: Introduced by: https://github.com/unicode-org/icu/commit/596647c0c34bf19d90d7c90d4f3827876fef688f (release-66-preview) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...) - chromium 93.0.4577.82-1 (bug #990079) [buster] - chromium (see DSA 5046) [stretch] - chromium (see DSA 4562) CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...) {DSA-4917-1} - chromium 90.0.4430.212-1 [stretch] - chromium (see DSA 4562) CVE-2021-30505 RESERVED CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...) - intellij-idea (bug #747616) CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...) NOT-FOR-US: GLSL Linting extension for Visual Studio Code CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...) NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...) NOT-FOR-US: kiali-operator CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...) - foreman (bug #663101) CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...) - linux 5.10.38-1 [stretch] - linux (Unprivileged users cannot mount overlayfs) NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/486 NOTE: https://github.com/upx/upx/pull/487 NOTE: https://github.com/upx/upx/commit/bf957f435ee59e3c0d7cc2c4fb27907d2e7829ed (v3.99) CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...) - upx-ucl 4.2.2-1 (unimportant) NOTE: https://github.com/upx/upx/issues/485 NOTE: https://github.com/upx/upx/commit/be050693f229d629f56650f67f612fc68e285600 (v3.99) CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) {DLA-3784-1} - libcaca 0.99.beta19-3 (bug #987278) [bullseye] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/54 NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) {DLA-3784-1} - libcaca 0.99.beta19-3 (bug #987278) [bullseye] - libcaca (Minor issue) [stretch] - libcaca (Minor issue; can be fixed in next update) NOTE: https://github.com/cacalabs/libcaca/issues/53 NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users t ...) NOT-FOR-US: Ivanti CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...) NOT-FOR-US: Telegram for iOS CVE-2021-30495 RESERVED CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...) NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...) NOT-FOR-US: Razer Synapse 3 software suite CVE-2021-30492 RESERVED CVE-2021-30491 RESERVED CVE-2021-30490 (upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21 ...) NOT-FOR-US: ViewPowerHTML CVE-2021-30489 RESERVED CVE-2021-30488 RESERVED CVE-2020-36318 (In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/79808 NOTE: https://github.com/rust-lang/rust/pull/79814 CVE-2020-36317 (In the standard library in Rust before 1.49.0, String::retain() functi ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/78498 NOTE: https://github.com/rust-lang/rust/pull/78499 CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...) - rustc 1.2.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/25842 NOTE: https://github.com/rust-lang/rust/pull/25856 CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...) - zulip-server (bug #800052) CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...) NOT-FOR-US: SysAid CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) {DLA-2705-1} - mapcache (unimportant; bug #989363) - scilab (unimportant; bug #989364) - netcdf 1:4.9.0-1 (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel 1:4.9.0-1 (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/25 NOTE: mapcache only uses ezxml to parse config files which are trusted CVE-2021-30484 RESERVED CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...) NOT-FOR-US: isomorphic-git CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...) NOT-FOR-US: JetBrains CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...) NOT-FOR-US: Valve Steam NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam NOTE: is started, so nothing really to be updated there CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...) - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 NOTE: Debian does not include the (not yet upstream accepted) shiftfs CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13 NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11 CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...) - linux 5.10.38-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10 CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...) NOT-FOR-US: Zoom Chat CVE-2021-3488 REJECTED CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) - zulip-server (bug #800052) CVE-2021-30476 (HashiCorp Terraform\u2019s Vault Provider (terraform-provider-vault) d ...) NOT-FOR-US: HashiCorp Terraform Vault Provider CVE-2021-3487 REJECTED CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...) {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...) {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) {DSA-5490-1 DLA-3556-1} [experimental] - aom 3.2.0-1~exp1 - aom 3.2.0-1 (bug #988211) NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...) - libpodofo (bug #986794) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/132/ CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...) - libpodofo (bug #986793) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/131/ CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...) - libpodofo (bug #986792) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/130/ CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...) - libpodofo (bug #986791) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/129/ CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...) NOT-FOR-US: Apache CXF CVE-2021-30467 RESERVED CVE-2021-30466 RESERVED CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) {DLA-3369-1} - runc 1.0.0~rc93+ds1-5 (bug #988768) [stretch] - runc (Intrusive to backport fix) NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r NOTE: Initial patch in -4, but revised patch was applied only in -5 CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...) NOT-FOR-US: OMICRON StationGuard CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...) NOT-FOR-US: VestaCP CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...) NOT-FOR-US: VestaCP CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...) NOT-FOR-US: VoIPmonitor CVE-2021-30460 RESERVED CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...) NOT-FOR-US: Jazzband Django Debug Toolbar CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...) - mediawiki 1:1.35.2-1 [buster] - mediawiki (Only applies to 1.35 and later) [stretch] - mediawiki (Only applies to 1.35 and later) NOTE: https://phabricator.wikimedia.org/T279451 CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) NOT-FOR-US: Rust crate id-map CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...) NOT-FOR-US: Rust crate outer_cgi CVE-2021-30453 RESERVED CVE-2021-30452 RESERVED CVE-2021-30451 RESERVED CVE-2021-30450 RESERVED CVE-2021-30449 RESERVED CVE-2021-30448 RESERVED CVE-2021-30447 RESERVED CVE-2021-30446 RESERVED CVE-2021-30445 RESERVED CVE-2021-30444 RESERVED CVE-2021-30443 RESERVED CVE-2021-30442 RESERVED CVE-2021-30441 RESERVED CVE-2021-30440 RESERVED CVE-2021-30439 RESERVED CVE-2021-30438 RESERVED CVE-2021-30437 RESERVED CVE-2021-30436 RESERVED CVE-2021-30435 RESERVED CVE-2021-30434 RESERVED CVE-2021-30433 RESERVED CVE-2021-30432 RESERVED CVE-2021-30431 RESERVED CVE-2021-30430 RESERVED CVE-2021-30429 RESERVED CVE-2021-30428 RESERVED CVE-2021-30427 RESERVED CVE-2021-30426 RESERVED CVE-2021-30425 RESERVED CVE-2021-30424 RESERVED CVE-2021-30423 RESERVED CVE-2021-30422 RESERVED CVE-2021-30421 RESERVED CVE-2021-30420 RESERVED CVE-2021-30419 RESERVED CVE-2021-30418 RESERVED CVE-2021-30417 RESERVED CVE-2021-30416 RESERVED CVE-2021-30415 RESERVED CVE-2021-30414 RESERVED CVE-2021-30413 RESERVED CVE-2021-30412 RESERVED CVE-2021-30411 RESERVED CVE-2021-30410 RESERVED CVE-2021-30409 RESERVED CVE-2021-30408 RESERVED CVE-2021-30407 RESERVED CVE-2021-30406 RESERVED CVE-2021-30405 RESERVED CVE-2021-30404 RESERVED CVE-2021-30403 RESERVED CVE-2021-30402 RESERVED CVE-2021-30401 RESERVED CVE-2021-30400 RESERVED CVE-2021-30399 RESERVED CVE-2021-30398 RESERVED CVE-2021-30397 RESERVED CVE-2021-30396 RESERVED CVE-2021-30395 RESERVED CVE-2021-30394 RESERVED CVE-2021-30393 RESERVED CVE-2021-30392 RESERVED CVE-2021-30391 RESERVED CVE-2021-30390 RESERVED CVE-2021-30389 RESERVED CVE-2021-30388 RESERVED CVE-2021-30387 RESERVED CVE-2021-30386 RESERVED CVE-2021-30385 RESERVED CVE-2021-30384 RESERVED CVE-2021-30383 RESERVED CVE-2021-30382 RESERVED CVE-2021-30381 RESERVED CVE-2021-30380 RESERVED CVE-2021-30379 RESERVED CVE-2021-30378 RESERVED CVE-2021-30377 RESERVED CVE-2021-30376 RESERVED CVE-2021-30375 RESERVED CVE-2021-30374 RESERVED CVE-2021-30373 RESERVED CVE-2021-30372 RESERVED CVE-2021-30371 RESERVED CVE-2021-30370 RESERVED CVE-2021-30369 RESERVED CVE-2021-30368 RESERVED CVE-2021-30367 RESERVED CVE-2021-30366 RESERVED CVE-2021-30365 RESERVED CVE-2021-30364 RESERVED CVE-2021-30363 RESERVED CVE-2021-30362 RESERVED CVE-2021-30361 (The Check Point Gaia Portal's GUI Clients allowed authenticated admini ...) NOT-FOR-US: Check Point CVE-2021-30360 (Users have access to the directory where the installation repair occur ...) NOT-FOR-US: Check Point CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...) NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...) NOT-FOR-US: Mobile Access Portal Native Applications CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...) NOT-FOR-US: SSL Network Extender Client CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...) NOT-FOR-US: Check Point Identity Agent CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...) NOT-FOR-US: Amazon Kindle e-reader CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...) NOT-FOR-US: Amazon Kindle e-reader CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...) NOT-FOR-US: Qualcomm CVE-2021-30352 RESERVED CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30350 (Lack of MBN header size verification against input buffer can lead to ...) NOT-FOR-US: Snapdragon CVE-2021-30349 (Improper access control sequence for AC database after memory allocati ...) NOT-FOR-US: Snapdragon CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...) NOT-FOR-US: Qualcomm CVE-2021-30347 (Improper integrity check can lead to race condition between tasks PDCP ...) NOT-FOR-US: Snapdragon CVE-2021-30346 (RPM secure Stream can access any secure resource due to improper SMMU ...) NOT-FOR-US: Snapdragon CVE-2021-30345 (RPM secure Stream can access any secure resource due to improper SMMU ...) NOT-FOR-US: Snapdragon CVE-2021-30344 (Improper authorization of a replayed LTE security mode command can lea ...) NOT-FOR-US: Snapdragon CVE-2021-30343 (Improper integrity check can lead to race condition between tasks PDCP ...) NOT-FOR-US: Snapdragon CVE-2021-30342 (Improper integrity check can lead to race condition between tasks PDCP ...) NOT-FOR-US: Snapdragon CVE-2021-30341 (Improper buffer size validation of DSM packet received can lead to mem ...) NOT-FOR-US: Snapdragon CVE-2021-30340 (Reachable assertion due to improper validation of coreset in PDCCH con ...) NOT-FOR-US: Snapdragon CVE-2021-30339 (Reading PRNG output may lead to improper key generation due to lack of ...) NOT-FOR-US: Snapdragon CVE-2021-30338 (Improper input validation in TrustZone memory transfer interface can l ...) NOT-FOR-US: Snapdragon CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30334 (Possible use after free due to lack of null check of DRM file status a ...) NOT-FOR-US: Snapdragon CVE-2021-30333 (Improper validation of buffer size input to the EFS file can lead to m ...) NOT-FOR-US: Qualcomm CVE-2021-30332 (Possible assertion due to improper validation of OTA configuration in ...) NOT-FOR-US: Qualcomm CVE-2021-30331 (Possible buffer overflow due to improper data validation of external c ...) NOT-FOR-US: Qualcomm CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...) NOT-FOR-US: Qualcomm CVE-2021-30329 (Possible assertion due to improper validation of TCI configuration in ...) NOT-FOR-US: Qualcomm CVE-2021-30328 (Possible assertion due to improper validation of invalid NR CSI-IM res ...) NOT-FOR-US: Qualcomm CVE-2021-30327 (Buffer overflow in sahara protocol while processing commands leads to ...) NOT-FOR-US: Snapdragon CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...) NOT-FOR-US: Qualcomm CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...) NOT-FOR-US: Qualcomm CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...) NOT-FOR-US: Qualcomm CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...) NOT-FOR-US: Qualcomm CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...) NOT-FOR-US: Qualcomm CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...) NOT-FOR-US: Snapdragon CVE-2021-30320 RESERVED CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...) NOT-FOR-US: Qualcomm CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...) NOT-FOR-US: Qualcomm CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...) NOT-FOR-US: Qualcomm CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...) NOT-FOR-US: Snapdragon CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...) NOT-FOR-US: Snapdragon CVE-2021-30314 (Lack of validation for third party application accessing the service c ...) NOT-FOR-US: Qualcomm CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...) NOT-FOR-US: Qualcomm CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...) NOT-FOR-US: Qualcomm CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...) NOT-FOR-US: Qualcomm CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...) NOT-FOR-US: Qualcomm CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...) NOT-FOR-US: Qualcomm CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...) NOT-FOR-US: Snapdragon CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...) NOT-FOR-US: Qualcomm CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...) NOT-FOR-US: Qualcomm CVE-2021-30299 RESERVED CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30296 RESERVED CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...) NOT-FOR-US: Snapdragon CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...) NOT-FOR-US: Qualcomm CVE-2021-30286 RESERVED CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...) NOT-FOR-US: Qualcomm CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30281 (Possible unauthorized access to secure space due to improper check of ...) NOT-FOR-US: Snapdragon CVE-2021-30280 RESERVED CVE-2021-30279 (Possible access control violation while setting current permission for ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30277 RESERVED CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...) NOT-FOR-US: Android CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30264 (Possible use after free due improper validation of reference from call ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...) NOT-FOR-US: Qualcomm components for Android CVE-2021-30253 RESERVED CVE-2021-30252 RESERVED CVE-2021-30251 RESERVED CVE-2021-30250 RESERVED CVE-2021-30249 RESERVED CVE-2021-30248 RESERVED CVE-2021-30247 RESERVED CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...) NOT-FOR-US: Node jsrasign CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...) NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631 CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 ...) NOT-FOR-US: RELIC CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...) NOT-FOR-US: RELIC CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...) NOT-FOR-US: Bitdefender CVE-2021-30244 RESERVED CVE-2021-30243 RESERVED CVE-2021-30242 RESERVED CVE-2021-30241 RESERVED CVE-2021-30240 RESERVED CVE-2021-30239 RESERVED CVE-2021-30238 RESERVED CVE-2021-30237 RESERVED CVE-2021-30236 RESERVED CVE-2021-30235 RESERVED CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...) NOT-FOR-US: emlog CVE-2021-30226 RESERVED CVE-2021-30225 RESERVED CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...) NOT-FOR-US: Rukovoditel CVE-2021-30223 RESERVED CVE-2021-30222 RESERVED CVE-2021-30221 RESERVED CVE-2021-30220 RESERVED CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...) NOT-FOR-US: samurai CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...) NOT-FOR-US: samurai CVE-2021-30217 RESERVED CVE-2021-30216 REJECTED CVE-2021-30215 RESERVED CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...) NOT-FOR-US: Knowage Suite CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...) NOT-FOR-US: Knowage Suite CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30210 RESERVED CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...) - textpattern CVE-2021-30208 RESERVED CVE-2021-30207 RESERVED CVE-2021-30206 RESERVED CVE-2021-30205 (Incorrect access control in the component /index.php?mod=system&op=org ...) NOT-FOR-US: dzzoffice CVE-2021-30204 RESERVED CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the zero param ...) NOT-FOR-US: dzzoffice CVE-2021-30202 RESERVED CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. ...) NOT-FOR-US: Kaseya CVE-2021-30200 RESERVED CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca NOTE: https://github.com/gpac/gpac/issues/1728 CVE-2021-30198 RESERVED CVE-2021-30197 RESERVED CVE-2021-30196 RESERVED CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...) NOT-FOR-US: CODESYS CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.) NOT-FOR-US: CODESYS CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.) NOT-FOR-US: CODESYS CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...) NOT-FOR-US: CODESYS CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...) NOT-FOR-US: CODESYS CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.) NOT-FOR-US: CODESYS CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...) NOT-FOR-US: CODESYS CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...) NOT-FOR-US: CODESYS CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...) NOT-FOR-US: CODESYS CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...) NOT-FOR-US: CODESYS CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) NOT-FOR-US: CERN Indico CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) - gnuchess (bug #986801) [bookworm] - gnuchess (Minor issue) [bullseye] - gnuchess (Minor issue) [buster] - gnuchess (Minor issue) [stretch] - gnuchess (Minor issue in a game; can be fixed in next update) NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...) NOT-FOR-US: Octopus Server CVE-2021-30182 RESERVED CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...) NOT-FOR-US: Apache Dubbo CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...) NOT-FOR-US: Apache Dubbo CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...) NOT-FOR-US: Apache Dubbo CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...) - file-roller 3.38.1-1 [buster] - file-roller (Minor issue) [stretch] - file-roller (Minor issue; can be fixed in next update) NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 CVE-2021-3484 REJECTED CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.28-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) NOT-FOR-US: PHP-Nuke CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...) NOT-FOR-US: ZEROF Expert CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...) NOT-FOR-US: ZEROF Web Server CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...) NOT-FOR-US: RiyaLab CloudISO CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...) NOT-FOR-US: omni-directional communication system CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...) NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users\u201 ...) NOT-FOR-US: ERP POS CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...) NOT-FOR-US: ERP POS CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...) NOT-FOR-US: LILIN CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...) NOT-FOR-US: LILIN CVE-2021-30167 (The manage users profile services of the network camera device allows ...) NOT-FOR-US: LILIN CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...) NOT-FOR-US: LILIN CVE-2021-30165 (The default administrator account & password of the EDIMAX wireless ne ...) NOT-FOR-US: EDIMAX CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #986800) NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975 CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) {DLA-2658-1} - redmine 5.0.0-1 (bug #986800) NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819 CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) NOT-FOR-US: LG mobile devices CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) NOT-FOR-US: LG mobile devices CVE-2021-26948 (Null pointer dereference in the htmldoc v1.9.11 and before may allow a ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/410 NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 NOTE: Crash in CLI tool, no security impact CVE-2021-26259 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/417 NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 NOTE: Crash in CLI tool, no security impact CVE-2021-26252 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_ ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/412 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2021-23206 (A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overf ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/416 NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8 NOTE: Crash in CLI tool, no security impact CVE-2021-23191 (A security issue was found in htmldoc v1.9.12 and before. A NULL point ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/415 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2021-23180 (A flaw was found in htmldoc in v1.9.12 and before. Null pointer derefe ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/418 NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a NOTE: Crash in CLI tool, no security impact CVE-2021-23165 (A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in ps ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/413 NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f CVE-2021-23158 (A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_ ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/414 NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc NOTE: Crash in CLI tool, no security impact CVE-2020-36313 (An issue was discovered in the Linux kernel before 5.7. The KVM subsys ...) - linux (No released version affected by the vulnerability) NOTE: Fixed by: https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219 CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kv ...) - linux 5.8.10-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...) {DSA-4941-1 DLA-2714-1} - linux 5.9.1-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03 CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...) {DSA-5095-1} - linux 5.16.7-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) - libnginx-mod-http-lua (Fixed before initial upload to Debian) - nginx 1.22.0-3 (bug #986787) [bullseye] - nginx (Minor issue, too intrusive to backport, see #986787) [buster] - nginx (Minor issue, too intrusive to backport, see #986787) [stretch] - nginx (Minor issue; can be fixed in next update) NOTE: https://github.com/openresty/lua-nginx-module/pull/1654 NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) {DLA-2658-1} - redmine 4.0.6-1 CVE-2021-30160 RESERVED CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T272386 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T277009 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546 CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1} - mediawiki 1:1.35.2-1 [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T278058 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085 CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) - mediawiki (Not a security issue on release branches, only affected master) NOTE: https://phabricator.wikimedia.org/T276306 NOTE: CVE description is wrong CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T270988 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) {DSA-4889-1} - mediawiki 1:1.35.2-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T278014 NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/ CVE-2021-30153 (An issue was discovered in the VisualEditor extension in MediaWiki bef ...) - mediawiki 1:1.35.2-1 [buster] - mediawiki (Vulnerable code not present) [stretch] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T270453 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...) {DSA-4889-1 DLA-2648-1} - mediawiki 1:1.35.2-1 NOTE: https://phabricator.wikimedia.org/T270713 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) {DLA-3360-1 DLA-2943-1} - ruby-sidekiq 6.3.1+dfsg-1 (bug #987354) [bullseye] - ruby-sidekiq (Minor issue) NOTE: https://github.com/mperham/sidekiq/issues/4852 NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8 (v6.2.1) CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script.) NOT-FOR-US: Composr CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files.) NOT-FOR-US: Composr CVE-2021-30148 RESERVED CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...) NOT-FOR-US: DMA Softlab Radius Manager CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) NOT-FOR-US: seahub NOTE: https://github.com/Security-AVS/CVE-2021-30146 CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...) - mpv 0.32.0-3 (bug #986839) [buster] - mpv (Minor issue) [stretch] - mpv (Minor issue; can be fixed in next update) NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) NOT-FOR-US: GLPI plugin CVE-2021-30143 RESERVED CVE-2021-30142 RESERVED CVE-2021-30141 (Module/Settings/UserExport.php in Friendica through 2021.01 allows set ...) NOT-FOR-US: Friendica CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) NOT-FOR-US: LiquidFiles CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...) NOT-FOR-US: Alpine Linux apk-tools CVE-2021-30138 REJECTED CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...) NOT-FOR-US: Axios Assyst CVE-2021-30136 RESERVED CVE-2021-30135 RESERVED CVE-2021-30134 (php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows ...) NOT-FOR-US: PHP mod-curl CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...) NOT-FOR-US: CloverDX CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) NOT-FOR-US: Cloudera Manager CVE-2021-30131 RESERVED CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) {DLA-3198-1 DLA-3197-1} - phpseclib 1.0.19-3 - php-phpseclib 2.0.30-2 - php-phpseclib3 3.0.7-1 NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890 NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1) NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/05550b9c490bf342bce66de75d127d2f75c48bdd (1.0.20, 2.0.31, 3.0.7) NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/42fc46e9a92c2ce5b10d2fbfb00b630417d6dfbe (3.0.7) NOTE: According to upstream in #1635, "v2.0 does not have a vulnerability" (only non-security bugs). NOTE: However, a lot of identical fixes were applied to all 1.x/2.x/3.x branches upstream. NOTE: They were also backported in bullseye/testing in 1.x/2.x (claimed as a CVE-2021-30130 fix). NOTE: Given the broad scope of this CVE description, let's assume that those fixes are needed in 1.x/2.x. CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...) NOT-FOR-US: Apache Mina SSHD CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version) NOT-FOR-US: Apache OFBiz CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...) NOT-FOR-US: Terramaster CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...) NOT-FOR-US: Lightmeter ControlCenter CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...) NOT-FOR-US: Jamf Pro CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...) NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec th ...) - ffmpeg (Only affects 4.4 development branches) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f NOTE: https://trac.ffmpeg.org/ticket/8845 NOTE: https://trac.ffmpeg.org/ticket/8863 NOTE: CVE description is wrong, this landed in 4.4 only NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2021-30122 RESERVED CVE-2021-30121 (Semi-authenticated local file inclusion The contents of arbitrary file ...) NOT-FOR-US: Kaseya CVE-2021-30120 (Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement ...) NOT-FOR-US: Kaseya CVE-2021-30119 (Authenticated reflective XSS in HelpDeskTab/rcResults.asp The paramete ...) NOT-FOR-US: Kaseya CVE-2021-30118 (An attacker can upload files with the privilege of the Web Server proc ...) NOT-FOR-US: Kaseya CVE-2021-30117 (The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authen ...) NOT-FOR-US: Kaseya CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...) NOT-FOR-US: Kaseya CVE-2021-30115 RESERVED CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) NOT-FOR-US: Web-School ERP CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...) NOT-FOR-US: Web-School ERP CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) NOT-FOR-US: Web-School ERP CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...) NOT-FOR-US: Web-School ERP CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...) NOT-FOR-US: Greyware CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...) NOT-FOR-US: Froala Editor CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...) NOT-FOR-US: Feehi CMS CVE-2021-30107 RESERVED CVE-2021-30106 RESERVED CVE-2021-30105 RESERVED CVE-2021-30104 RESERVED CVE-2021-30103 RESERVED CVE-2021-30102 RESERVED CVE-2021-30101 RESERVED CVE-2021-30100 RESERVED CVE-2021-30099 RESERVED CVE-2021-30098 RESERVED CVE-2021-30097 RESERVED CVE-2021-30096 RESERVED CVE-2021-30095 RESERVED CVE-2021-30094 RESERVED CVE-2021-30093 RESERVED CVE-2021-30092 RESERVED CVE-2021-30091 RESERVED CVE-2021-30090 RESERVED CVE-2021-30089 RESERVED CVE-2021-30088 RESERVED CVE-2021-30087 RESERVED CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...) NOT-FOR-US: KindEditor CVE-2021-30085 RESERVED CVE-2021-30084 RESERVED CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...) NOT-FOR-US: Mediat CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...) NOT-FOR-US: Gris CMS CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...) NOT-FOR-US: emlog CVE-2021-30080 (An issue was discovered in the route lookup process in beego before 1. ...) NOT-FOR-US: Beego CVE-2021-30079 RESERVED CVE-2021-30078 RESERVED CVE-2021-30077 RESERVED CVE-2021-30076 RESERVED CVE-2021-30075 RESERVED CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...) NOT-FOR-US: docsify CVE-2021-30073 RESERVED CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...) NOT-FOR-US: D-Link CVE-2021-30071 (A cross-site scripting (XSS) vulnerability in /admin/list_key.html of ...) NOT-FOR-US: Hestia Control Panel CVE-2021-30070 (An issue was discovered in HestiaCP before v1.3.5. Attackers are able ...) NOT-FOR-US: Hestia Control Panel CVE-2021-30069 RESERVED CVE-2021-30068 RESERVED CVE-2021-30067 RESERVED CVE-2021-30066 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) NOT-FOR-US: Schneider Electric CVE-2021-30065 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) NOT-FOR-US: Schneider Electric CVE-2021-30064 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) NOT-FOR-US: Schneider Electric CVE-2021-30063 (On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 ...) NOT-FOR-US: Schneider Electric CVE-2021-30062 (On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 ...) NOT-FOR-US: Schneider Electric CVE-2021-30061 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) NOT-FOR-US: Schneider Electric CVE-2021-30060 RESERVED CVE-2021-30059 RESERVED CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...) NOT-FOR-US: Knowage Suite CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...) NOT-FOR-US: Knowage Suite CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...) NOT-FOR-US: Knowage Suite CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...) NOT-FOR-US: Knowage Suite CVE-2021-30054 RESERVED CVE-2021-30053 RESERVED CVE-2021-30052 RESERVED CVE-2021-30051 RESERVED CVE-2021-30050 RESERVED CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...) NOT-FOR-US: SysAid CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) NOT-FOR-US: Novel-plus CVE-2021-30047 (VSFTPD 3.0.3 allows attackers to cause a denial of service due to limi ...) NOTE: Nonsense CVE assignment for src:vsftpd CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) NOT-FOR-US: VIGRA Computer Vision Library CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) NOT-FOR-US: SerenityOS CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...) NOT-FOR-US: Remote Clinic CVE-2021-30043 RESERVED CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...) NOT-FOR-US: Remote Clinic CVE-2021-30041 RESERVED CVE-2021-30040 RESERVED CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...) NOT-FOR-US: Remote Clinic CVE-2021-30038 RESERVED CVE-2021-30037 RESERVED CVE-2021-30036 RESERVED CVE-2021-30035 RESERVED CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...) NOT-FOR-US: Remote Clinic CVE-2021-30033 RESERVED CVE-2021-30032 RESERVED CVE-2021-30031 REJECTED CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...) NOT-FOR-US: Remote Clinic CVE-2021-30029 RESERVED CVE-2021-30028 (SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default crede ...) NOT-FOR-US: SOOTEWAY Wi-Fi Range Extender CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...) - md4c 0.4.7-2 (bug #987799) NOTE: https://github.com/mity/md4c/issues/155 NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 CVE-2021-30026 RESERVED CVE-2021-30025 RESERVED CVE-2021-30024 RESERVED CVE-2021-30023 RESERVED CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1720 CVE-2021-30021 RESERVED CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1722 CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc NOTE: https://github.com/gpac/gpac/issues/1723 CVE-2021-30018 RESERVED CVE-2021-30017 RESERVED CVE-2021-30016 RESERVED CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec NOTE: https://github.com/gpac/gpac/issues/1719 CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...) - gpac 1.0.1+dfsg1-4 (bug #987323) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 NOTE: https://github.com/gpac/gpac/issues/1721 CVE-2021-30013 RESERVED CVE-2021-30012 RESERVED CVE-2021-30011 RESERVED CVE-2021-30010 RESERVED CVE-2021-30009 RESERVED CVE-2021-30008 RESERVED CVE-2021-30007 RESERVED CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...) - intellij-idea (bug #747616) CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...) - pycharm (bug #742394) CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...) - wpa (unimportant) NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal) NOTE: but Debian builds with CONFIG_TLS=openssl CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...) NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices CVE-2021-30001 RESERVED CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...) NOT-FOR-US: LATRIX CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...) NOT-FOR-US: Wind River VxWorks CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...) NOT-FOR-US: Wind River VxWorks CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...) NOT-FOR-US: Helix ALM CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) NOT-FOR-US: marktext CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...) NOT-FOR-US: CloverDX CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS.) NOT-FOR-US: Cloudera Hue CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...) - firefox (Specific to Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 CVE-2021-29992 RESERVED CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...) - firefox 91.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991 CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 91.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990 CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989 CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988 CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987 CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986 CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985 CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984 CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983 CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982 CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...) - firefox 91.0-1 - thunderbird (Thunderbird 78.x not affected, only TB91) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981 CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...) {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} - firefox 91.0-1 - firefox-esr 78.13.0esr-1 - thunderbird 1:78.13.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980 CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...) NOT-FOR-US: Hubs Cloud CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...) NOT-FOR-US: Mozilla VPN CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977 CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976 CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975 CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974 CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973 CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...) - firefox 90.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972 CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...) - firefox (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971 CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...) {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} - firefox 90.0-1 - firefox-esr 78.12.0esr-1 - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970 CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...) {DSA-4940-1 DLA-2711-1} - thunderbird 1:78.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969 CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...) - firefox (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968 CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...) {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1} - firefox-esr 78.11.0esr-1 - firefox 89.0-1 - thunderbird 1:78.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967 CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...) - firefox 89.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966 CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965 CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...) - firefox-esr (Only affects Windows) - firefox (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964 CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963 CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962 CVE-2021-29961 (When styling and rendering an oversized ` ...) NOT-FOR-US: NewsOne CMS CVE-2020-21975 RESERVED CVE-2020-21974 RESERVED CVE-2020-21973 RESERVED CVE-2020-21972 RESERVED CVE-2020-21971 RESERVED CVE-2020-21970 RESERVED CVE-2020-21969 RESERVED CVE-2020-21968 RESERVED CVE-2020-21967 (File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 ...) NOT-FOR-US: Prestashop CVE-2020-21966 RESERVED CVE-2020-21965 RESERVED CVE-2020-21964 RESERVED CVE-2020-21963 RESERVED CVE-2020-21962 RESERVED CVE-2020-21961 RESERVED CVE-2020-21960 RESERVED CVE-2020-21959 RESERVED CVE-2020-21958 RESERVED CVE-2020-21957 RESERVED CVE-2020-21956 RESERVED CVE-2020-21955 RESERVED CVE-2020-21954 RESERVED CVE-2020-21953 RESERVED CVE-2020-21952 RESERVED CVE-2020-21951 RESERVED CVE-2020-21950 RESERVED CVE-2020-21949 RESERVED CVE-2020-21948 RESERVED CVE-2020-21947 RESERVED CVE-2020-21946 RESERVED CVE-2020-21945 RESERVED CVE-2020-21944 RESERVED CVE-2020-21943 RESERVED CVE-2020-21942 RESERVED CVE-2020-21941 RESERVED CVE-2020-21940 RESERVED CVE-2020-21939 RESERVED CVE-2020-21938 RESERVED CVE-2020-21937 (An command injection vulnerability in HNAP1/SetWLanApcliSettings of Mo ...) NOT-FOR-US: Motorola CVE-2020-21936 (An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Bui ...) NOT-FOR-US: Motorola CVE-2020-21935 (A command injection vulnerability in HNAP1/GetNetworkTomographySetting ...) NOT-FOR-US: Motorola CVE-2020-21934 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) NOT-FOR-US: Motorola CVE-2020-21933 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) NOT-FOR-US: Motorola CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 2 ...) NOT-FOR-US: Motorola CVE-2020-21931 RESERVED CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...) NOT-FOR-US: Eyoucms CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...) NOT-FOR-US: Eyoucms CVE-2020-21928 RESERVED CVE-2020-21927 RESERVED CVE-2020-21926 RESERVED CVE-2020-21925 RESERVED CVE-2020-21924 RESERVED CVE-2020-21923 RESERVED CVE-2020-21922 RESERVED CVE-2020-21921 RESERVED CVE-2020-21920 RESERVED CVE-2020-21919 RESERVED CVE-2020-21918 RESERVED CVE-2020-21917 RESERVED CVE-2020-21916 RESERVED CVE-2020-21915 RESERVED CVE-2020-21914 RESERVED CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...) {DSA-5014-1 DLA-2784-1} - icu 67.1-2 NOTE: https://github.com/unicode-org/icu/pull/886 NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9 CVE-2020-21912 RESERVED CVE-2020-21911 RESERVED CVE-2020-21910 RESERVED CVE-2020-21909 RESERVED CVE-2020-21908 RESERVED CVE-2020-21907 RESERVED CVE-2020-21906 RESERVED CVE-2020-21905 RESERVED CVE-2020-21904 RESERVED CVE-2020-21903 RESERVED CVE-2020-21902 RESERVED CVE-2020-21901 RESERVED CVE-2020-21900 RESERVED CVE-2020-21899 RESERVED CVE-2020-21898 RESERVED CVE-2020-21897 RESERVED CVE-2020-21896 (A Use After Free vulnerability in svg_dev_text_span_as_paths_defs func ...) - mupdf 1.19.0+ds1-1 [bullseye] - mupdf (Minor issue) [buster] - mupdf (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701294 NOTE: https://git.ghostscript.com/?p=mupdf.git;h=8719e07834d6a72b6b4131539e49ed1e8e2ff79e CVE-2020-21895 RESERVED CVE-2020-21894 RESERVED CVE-2020-21893 RESERVED CVE-2020-21892 RESERVED CVE-2020-21891 RESERVED CVE-2020-21890 (Buffer Overflow vulnerability in clj_media_size function in devices/gd ...) {DLA-3582-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701846 NOTE: Prerequisite for fixing commit: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=dbdb5f8527007b482d4e6037b558dbf3e6a06d3a (ghostpdl-9.51rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=494eeedf73d13fac5710e56f3a8fb2e7e2379d73 (ghostpdl-9.51rc1) CVE-2020-21889 RESERVED CVE-2020-21888 RESERVED CVE-2020-21887 RESERVED CVE-2020-21886 RESERVED CVE-2020-21885 RESERVED CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Seri ...) NOT-FOR-US: UniBox CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Ser ...) NOT-FOR-US: UniBox CVE-2020-21882 RESERVED CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS ...) NOT-FOR-US: DuxCMS CVE-2020-21880 RESERVED CVE-2020-21879 RESERVED CVE-2020-21878 RESERVED CVE-2020-21877 RESERVED CVE-2020-21876 RESERVED CVE-2020-21875 RESERVED CVE-2020-21874 RESERVED CVE-2020-21873 RESERVED CVE-2020-21872 RESERVED CVE-2020-21871 RESERVED CVE-2020-21870 RESERVED CVE-2020-21869 RESERVED CVE-2020-21868 RESERVED CVE-2020-21867 RESERVED CVE-2020-21866 RESERVED CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...) NOT-FOR-US: ThinkPHP50-CMS CVE-2020-21864 RESERVED CVE-2020-21863 RESERVED CVE-2020-21862 (Directory traversal vulnerability in DuxCMS 2.1 allows attackers to de ...) NOT-FOR-US: DuxCMS CVE-2020-21861 (File upload vulnerability in DuxCMS 2.1 allows attackers to execute ar ...) NOT-FOR-US: DuxCMS CVE-2020-21860 RESERVED CVE-2020-21859 RESERVED CVE-2020-21858 RESERVED CVE-2020-21857 RESERVED CVE-2020-21856 RESERVED CVE-2020-21855 RESERVED CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...) NOT-FOR-US: WDScanner CVE-2020-21853 RESERVED CVE-2020-21852 RESERVED CVE-2020-21851 RESERVED CVE-2020-21850 RESERVED CVE-2020-21849 RESERVED CVE-2020-21848 RESERVED CVE-2020-21847 RESERVED CVE-2020-21846 RESERVED CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...) NOT-FOR-US: Codoforum CVE-2020-21844 (GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: ...) - libredwg (bug #595191) CVE-2020-21843 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21842 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21841 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21840 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21839 (An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead ...) - libredwg (bug #595191) CVE-2020-21838 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21837 RESERVED CVE-2020-21836 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21835 (A null pointer deference issue exists in GNU LibreDWG 0.10 via read_20 ...) - libredwg (bug #595191) CVE-2020-21834 (A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ...) - libredwg (bug #595191) CVE-2020-21833 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21832 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21831 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21830 (A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.1 ...) - libredwg (bug #595191) CVE-2020-21829 RESERVED CVE-2020-21828 RESERVED CVE-2020-21827 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21826 RESERVED CVE-2020-21825 RESERVED CVE-2020-21824 RESERVED CVE-2020-21823 RESERVED CVE-2020-21822 RESERVED CVE-2020-21821 RESERVED CVE-2020-21820 RESERVED CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...) - libredwg (bug #595191) CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...) - libredwg (bug #595191) CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21812 RESERVED CVE-2020-21811 RESERVED CVE-2020-21810 RESERVED CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...) NOT-FOR-US: NukeViet CMS module Shops CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...) NOT-FOR-US: NukeViet CMS CVE-2020-21807 RESERVED CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...) NOT-FOR-US: ECTouch CVE-2020-21805 RESERVED CVE-2020-21804 RESERVED CVE-2020-21803 RESERVED CVE-2020-21802 RESERVED CVE-2020-21801 RESERVED CVE-2020-21800 RESERVED CVE-2020-21799 RESERVED CVE-2020-21798 RESERVED CVE-2020-21797 RESERVED CVE-2020-21796 RESERVED CVE-2020-21795 RESERVED CVE-2020-21794 RESERVED CVE-2020-21793 RESERVED CVE-2020-21792 RESERVED CVE-2020-21791 RESERVED CVE-2020-21790 RESERVED CVE-2020-21789 RESERVED CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...) NOT-FOR-US: CRMEB CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...) NOT-FOR-US: CRMEB CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...) NOT-FOR-US: IBOS CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...) NOT-FOR-US: IBOS CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...) NOT-FOR-US: phpwcms CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...) NOT-FOR-US: IBOS CVE-2020-21782 RESERVED CVE-2020-21781 RESERVED CVE-2020-21780 RESERVED CVE-2020-21779 RESERVED CVE-2020-21778 RESERVED CVE-2020-21777 RESERVED CVE-2020-21776 RESERVED CVE-2020-21775 RESERVED CVE-2020-21774 RESERVED CVE-2020-21773 RESERVED CVE-2020-21772 RESERVED CVE-2020-21771 RESERVED CVE-2020-21770 RESERVED CVE-2020-21769 RESERVED CVE-2020-21768 RESERVED CVE-2020-21767 RESERVED CVE-2020-21766 RESERVED CVE-2020-21765 RESERVED CVE-2020-21764 RESERVED CVE-2020-21763 RESERVED CVE-2020-21762 RESERVED CVE-2020-21761 RESERVED CVE-2020-21760 RESERVED CVE-2020-21759 RESERVED CVE-2020-21758 RESERVED CVE-2020-21757 RESERVED CVE-2020-21756 RESERVED CVE-2020-21755 RESERVED CVE-2020-21754 RESERVED CVE-2020-21753 RESERVED CVE-2020-21752 RESERVED CVE-2020-21751 RESERVED CVE-2020-21750 RESERVED CVE-2020-21749 RESERVED CVE-2020-21748 RESERVED CVE-2020-21747 RESERVED CVE-2020-21746 RESERVED CVE-2020-21745 RESERVED CVE-2020-21744 RESERVED CVE-2020-21743 RESERVED CVE-2020-21742 RESERVED CVE-2020-21741 RESERVED CVE-2020-21740 RESERVED CVE-2020-21739 RESERVED CVE-2020-21738 RESERVED CVE-2020-21737 RESERVED CVE-2020-21736 RESERVED CVE-2020-21735 RESERVED CVE-2020-21734 RESERVED CVE-2020-21733 (Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...) NOT-FOR-US: Sagemcom F@ST3686 CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...) NOT-FOR-US: Rukovoditel Project Management app CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...) NOT-FOR-US: Gazie CVE-2020-21730 RESERVED CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: JEECMS CVE-2020-21728 RESERVED CVE-2020-21727 RESERVED CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) NOT-FOR-US: OpenSNS CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) NOT-FOR-US: OpenSNS CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...) - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) [buster] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/ CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...) - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) [buster] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/ CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...) - oggvideotools (bug #1050836) [bookworm] - oggvideotools (Minor issue) [bullseye] - oggvideotools (Minor issue) [buster] - oggvideotools (Minor issue) NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/ CVE-2020-21721 RESERVED CVE-2020-21720 RESERVED CVE-2020-21719 RESERVED CVE-2020-21718 RESERVED CVE-2020-21717 RESERVED CVE-2020-21716 RESERVED CVE-2020-21715 RESERVED CVE-2020-21714 RESERVED CVE-2020-21713 RESERVED CVE-2020-21712 RESERVED CVE-2020-21711 RESERVED CVE-2020-21710 (A divide by zero issue discovered in eps_print_page in gdevepsn.c in A ...) {DLA-3582-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701843 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f70ab2044429fe4b991801476ea3f4b4a5c0cdf4 (ghostpdl-9.51rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925 (ghostpdl-9.51rc1) CVE-2020-21709 RESERVED CVE-2020-21708 RESERVED CVE-2020-21707 RESERVED CVE-2020-21706 RESERVED CVE-2020-21705 RESERVED CVE-2020-21704 RESERVED CVE-2020-21703 RESERVED CVE-2020-21702 RESERVED CVE-2020-21701 RESERVED CVE-2020-21700 RESERVED CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 ...) NOT-FOR-US: Tengine CVE-2020-21698 RESERVED CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) {DSA-5126-1 DSA-4998-1} - ffmpeg 7:4.4-5 [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 (4.4) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=010281ed230454042abf8b88696678c669a0f279 (4.1.9) CVE-2020-21696 RESERVED CVE-2020-21695 RESERVED CVE-2020-21694 RESERVED CVE-2020-21693 RESERVED CVE-2020-21692 RESERVED CVE-2020-21691 RESERVED CVE-2020-21690 REJECTED CVE-2020-21689 RESERVED CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) {DSA-5126-1 DSA-4998-1 DLA-3010-1} - ffmpeg 7:4.4-5 NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570 (4.1.9) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299 (3.2.17) CVE-2020-21687 (Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2. ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392645 NOTE: Crash in CLI tool, no security impact CVE-2020-21686 (A stack-use-after-scope issue discovered in expand_mmac_params functio ...) - nasm 2.15.04-1 [buster] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392643 CVE-2020-21685 (Buffer Overflow vulnerability in hash_findi function in hashtbl.c in n ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392644 NOTE: Crash in CLI tool, no security impact CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/75/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/77/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/72/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/73/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/74/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21679 (Buffer Overflow vulnerability in WritePCXImage function in pcx.c in Gr ...) - graphicsmagick 1.4+really1.3.34+hg16181-1 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/619/ NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bd13b1d335f3 CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/71/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/123 NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...) {DLA-3304-1 DLA-2778-1} - fig2dev 1:3.2.8-1 [stretch] - fig2dev (Vulnerable code introduced later) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/76/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8) NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7) CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u3 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/78/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...) - libarchive (Vulnerable code not present in a released version) NOTE: https://github.com/libarchive/libarchive/issues/1298 NOTE: Introduced (around): https://github.com/libarchive/libarchive/commit/3566a5d6ba2458e68c7e42b23f00a57901c6eafb NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 (v3.4.1) CVE-2020-21673 RESERVED CVE-2020-21672 RESERVED CVE-2020-21671 RESERVED CVE-2020-21670 RESERVED CVE-2020-21669 RESERVED CVE-2020-21668 RESERVED CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...) NOT-FOR-US: fastadmin-tp6 CVE-2020-21666 RESERVED CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...) NOT-FOR-US: fastadmin CVE-2020-21664 RESERVED CVE-2020-21663 RESERVED CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers ...) NOT-FOR-US: yunyecms CVE-2020-21661 RESERVED CVE-2020-21660 RESERVED CVE-2020-21659 RESERVED CVE-2020-21658 (A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attacker ...) NOT-FOR-US: WDJA CMS CVE-2020-21657 RESERVED CVE-2020-21656 (XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: XYHCMS CVE-2020-21655 RESERVED CVE-2020-21654 (emlog v6.0 contains a vulnerability in the component admin\template.ph ...) NOT-FOR-US: emlog CVE-2020-21653 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) NOT-FOR-US: Myucms CVE-2020-21652 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21651 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21650 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21649 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) NOT-FOR-US: Myucms CVE-2020-21648 (WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in t ...) NOT-FOR-US: WDJA CMS CVE-2020-21647 RESERVED CVE-2020-21646 RESERVED CVE-2020-21645 RESERVED CVE-2020-21644 RESERVED CVE-2020-21643 (Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attacke ...) NOT-FOR-US: HongCMS CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...) NOT-FOR-US: ManageEngine Analytics Plus CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...) NOT-FOR-US: ManageEngine Analytics Plus CVE-2020-21640 RESERVED CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) NOT-FOR-US: Ruijie CVE-2020-21638 RESERVED CVE-2020-21637 RESERVED CVE-2020-21636 RESERVED CVE-2020-21635 RESERVED CVE-2020-21634 RESERVED CVE-2020-21633 RESERVED CVE-2020-21632 RESERVED CVE-2020-21631 RESERVED CVE-2020-21630 RESERVED CVE-2020-21629 RESERVED CVE-2020-21628 RESERVED CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...) NOT-FOR-US: Ruijie CVE-2020-21626 RESERVED CVE-2020-21625 RESERVED CVE-2020-21624 RESERVED CVE-2020-21623 RESERVED CVE-2020-21622 RESERVED CVE-2020-21621 RESERVED CVE-2020-21620 RESERVED CVE-2020-21619 RESERVED CVE-2020-21618 RESERVED CVE-2020-21617 RESERVED CVE-2020-21616 RESERVED CVE-2020-21615 RESERVED CVE-2020-21614 RESERVED CVE-2020-21613 RESERVED CVE-2020-21612 RESERVED CVE-2020-21611 RESERVED CVE-2020-21610 RESERVED CVE-2020-21609 RESERVED CVE-2020-21608 RESERVED CVE-2020-21607 RESERVED CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/232 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/234 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/231 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/240 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1004963) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/242 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/241 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1004963) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/243 CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/235 NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9) CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...) {DSA-5346-1 DLA-3280-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1004963) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/237 CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...) {DSA-5346-1 DLA-3280-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/238 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) {DSA-5346-1 DLA-3280-1} - libde265 1.0.11-1 (bug #1029397) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/236 NOTE: https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c (v1.0.10) CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) {DSA-5346-1 DLA-3240-1} - libde265 1.0.9-1 (bug #1014999) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/239 CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...) {DSA-5346-1} - libde265 1.0.3-1 (bug #1029396) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/233 CVE-2020-21593 RESERVED CVE-2020-21592 RESERVED CVE-2020-21591 RESERVED CVE-2020-21590 (Directory traversal in coreframe/app/template/admin/index.php in WUZHI ...) NOT-FOR-US: WUZHI CMS CVE-2020-21589 RESERVED CVE-2020-21588 (Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a ...) NOT-FOR-US: Core FTP CVE-2020-21587 RESERVED CVE-2020-21586 RESERVED CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells via zip ...) NOT-FOR-US: emlog CVE-2020-21584 RESERVED CVE-2020-21583 (An issue was discovered in hwclock.13-v2.27 allows attackers to gain e ...) - util-linux 2.27-1 (bug #786804) CVE-2020-21582 RESERVED CVE-2020-21581 RESERVED CVE-2020-21580 RESERVED CVE-2020-21579 RESERVED CVE-2020-21578 RESERVED CVE-2020-21577 RESERVED CVE-2020-21576 RESERVED CVE-2020-21575 RESERVED CVE-2020-21574 (Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows at ...) NOT-FOR-US: YotsuyaNight c-http CVE-2020-21573 (An issue was discoverered in in abhijitnathwani image-processing v0.1. ...) NOT-FOR-US: abhijitnathwani image-processing CVE-2020-21572 (Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 ...) NOT-FOR-US: trgil gilcc CVE-2020-21571 RESERVED CVE-2020-21570 RESERVED CVE-2020-21569 RESERVED CVE-2020-21568 RESERVED CVE-2020-21567 RESERVED CVE-2020-21566 RESERVED CVE-2020-21565 RESERVED CVE-2020-21564 (An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is ...) NOT-FOR-US: Pluck CMS CVE-2020-21563 RESERVED CVE-2020-21562 RESERVED CVE-2020-21561 RESERVED CVE-2020-21560 RESERVED CVE-2020-21559 RESERVED CVE-2020-21558 RESERVED CVE-2020-21557 RESERVED CVE-2020-21556 RESERVED CVE-2020-21555 RESERVED CVE-2020-21554 (A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_lis ...) NOT-FOR-US: TinyShop CVE-2020-21553 RESERVED CVE-2020-21552 RESERVED CVE-2020-21551 RESERVED CVE-2020-21550 RESERVED CVE-2020-21549 RESERVED CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/116 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/114 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21546 RESERVED CVE-2020-21545 RESERVED CVE-2020-21544 RESERVED CVE-2020-21543 RESERVED CVE-2020-21542 RESERVED CVE-2020-21541 RESERVED CVE-2020-21540 RESERVED CVE-2020-21539 RESERVED CVE-2020-21538 RESERVED CVE-2020-21537 RESERVED CVE-2020-21536 RESERVED CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/62/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/58/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/59/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) {DLA-3304-1 DLA-2778-1} - fig2dev 1:3.2.8-1 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/64/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) {DLA-3304-1 DLA-2778-1} - fig2dev 1:3.2.8-1 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/63/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/61/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) {DLA-3304-1 DLA-2778-1} - fig2dev 1:3.2.8-1 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/65/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8) CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment function in o ...) - nasm 2.16.01-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392637 NOTE: Introduced by: https://github.com/netwide-assembler/nasm/commit/98578071b9d71ecaa2344dd9c185237c1765041e (nasm-2.14rc1) NOTE: Fixed by: https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b (nasm-2.16rc1) NOTE: Crash in CLI tool, no security impact CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...) NOT-FOR-US: Halo CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...) NOT-FOR-US: Halo CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...) NOT-FOR-US: Halo CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...) NOT-FOR-US: Halo CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...) NOT-FOR-US: Halo CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...) NOT-FOR-US: Halo CVE-2020-21521 RESERVED CVE-2020-21520 RESERVED CVE-2020-21519 RESERVED CVE-2020-21518 RESERVED CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...) NOT-FOR-US: MetInfo CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at t ...) NOT-FOR-US: FeehiCMS CVE-2020-21515 RESERVED CVE-2020-21514 (An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2. ...) NOT-FOR-US: Fluentd CVE-2020-21513 RESERVED CVE-2020-21512 RESERVED CVE-2020-21511 RESERVED CVE-2020-21510 RESERVED CVE-2020-21509 RESERVED CVE-2020-21508 RESERVED CVE-2020-21507 RESERVED CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...) NOT-FOR-US: waimai Super Cms CVE-2020-21502 RESERVED CVE-2020-21501 RESERVED CVE-2020-21500 RESERVED CVE-2020-21499 RESERVED CVE-2020-21498 RESERVED CVE-2020-21497 RESERVED CVE-2020-21496 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) NOT-FOR-US: Xiuno BBS CVE-2020-21495 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) NOT-FOR-US: Xiuno BBS CVE-2020-21494 (A cross-site scripting (XSS) vulnerability in the component install\in ...) NOT-FOR-US: Xiuno BBS CVE-2020-21493 (An issue in the component route\user.php of Xiuno BBS v4.0.4 allows at ...) NOT-FOR-US: Xiuno BBS CVE-2020-21492 RESERVED CVE-2020-21491 RESERVED CVE-2020-21490 (An issue was discovered in GNU Binutils 2.34. It is a memory leak when ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25249 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=378fd436405b3051df34ac995b2e03fe1f3d1907 (binutils-2_34) NOTE: binutils not covered by security support CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker ...) NOT-FOR-US: Feehicms CVE-2020-21488 RESERVED CVE-2020-21487 (Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ...) NOT-FOR-US: pfSense CVE-2020-21486 (SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker t ...) NOT-FOR-US: PHPOK CVE-2020-21485 (Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote ...) NOT-FOR-US: Alluxio CVE-2020-21484 RESERVED CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...) NOT-FOR-US: Jizhicms CVE-2020-21482 (A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attac ...) NOT-FOR-US: RGCMS CVE-2020-21481 (An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers ...) NOT-FOR-US: RGCMS CVE-2020-21480 (An arbitrary file write vulnerability in RGCMS v1.06 allows attackers ...) NOT-FOR-US: RGCMS CVE-2020-21479 RESERVED CVE-2020-21478 RESERVED CVE-2020-21477 RESERVED CVE-2020-21476 RESERVED CVE-2020-21475 RESERVED CVE-2020-21474 (File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacke ...) NOT-FOR-US: NucleusCMS CVE-2020-21473 RESERVED CVE-2020-21472 RESERVED CVE-2020-21471 RESERVED CVE-2020-21470 RESERVED CVE-2020-21469 (An issue was discovered in PostgreSQL 12.2 allows attackers to cause a ...) - postgresql-13 (Fixed before initial upload to Debian) - postgresql-11 [buster] - postgresql-11 11.10-0+deb10u1 NOTE: https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com NOTE: Fixed by: https://github.com/postgres/postgres/commit/9abb2bfc046070b22e3be28173a0736da31cab5a (REL_13_BETA1) NOTE: Fixed by: https://github.com/postgres/postgres/commit/8b53dbada4a6a9e5f16548ca2c4d17cff55933d8 (REL_12_5) NOTE: Fixed by: https://github.com/postgres/postgres/commit/85834023a95e16d1d3fe73b0608e1608573753c3 (REL_11_10) CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...) - redis (unimportant) NOTE: https://github.com/redis/redis/issues/6633 NOTE: Negligible security impact; disputed issue upstream and unreproducible. CVE-2020-21467 RESERVED CVE-2020-21466 RESERVED CVE-2020-21465 RESERVED CVE-2020-21464 RESERVED CVE-2020-21463 RESERVED CVE-2020-21462 RESERVED CVE-2020-21461 RESERVED CVE-2020-21460 RESERVED CVE-2020-21459 RESERVED CVE-2020-21458 RESERVED CVE-2020-21457 RESERVED CVE-2020-21456 RESERVED CVE-2020-21455 RESERVED CVE-2020-21454 RESERVED CVE-2020-21453 RESERVED CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...) NOT-FOR-US: uniview ISC2500-S CVE-2020-21451 RESERVED CVE-2020-21450 RESERVED CVE-2020-21449 RESERVED CVE-2020-21448 RESERVED CVE-2020-21447 RESERVED CVE-2020-21446 RESERVED CVE-2020-21445 RESERVED CVE-2020-21444 RESERVED CVE-2020-21443 RESERVED CVE-2020-21442 RESERVED CVE-2020-21441 RESERVED CVE-2020-21440 RESERVED CVE-2020-21439 RESERVED CVE-2020-21438 RESERVED CVE-2020-21437 RESERVED CVE-2020-21436 RESERVED CVE-2020-21435 RESERVED CVE-2020-21434 (Maccms 10 contains a cross-site scripting (XSS) vulnerability in the E ...) NOT-FOR-US: Maccms CVE-2020-21433 RESERVED CVE-2020-21432 RESERVED CVE-2020-21431 (HongCMS v3.0 contains an arbitrary file read and write vulnerability i ...) NOT-FOR-US: HongCMS CVE-2020-21430 RESERVED CVE-2020-21429 RESERVED CVE-2020-21428 (Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in ...) {DSA-5579-1 DLA-3662-1} - freeimage 3.18.0+ds2-10 (bug #1051738) NOTE: https://sourceforge.net/p/freeimage/bugs/299/ NOTE: Fixed with r1877 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/ CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginB ...) {DSA-5579-1 DLA-3662-1} - freeimage 3.18.0+ds2-10 (bug #1051737) NOTE: https://sourceforge.net/p/freeimage/bugs/298/ NOTE: Probably fixed with r1832 and r1836 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/ CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...) - freeimage (bug #1051736) [bookworm] - freeimage (Revisit when patches are available) [bullseye] - freeimage (Revisit when patches are available) [buster] - freeimage (Revisit from patches are available) NOTE: https://sourceforge.net/p/freeimage/bugs/300/ NOTE: it looks like the issue is in openexr. No relevant patches in freeimage are detected CVE-2020-21425 RESERVED CVE-2020-21424 RESERVED CVE-2020-21423 RESERVED CVE-2020-21422 RESERVED CVE-2020-21421 RESERVED CVE-2020-21420 RESERVED CVE-2020-21419 RESERVED CVE-2020-21418 RESERVED CVE-2020-21417 RESERVED CVE-2020-21416 RESERVED CVE-2020-21415 RESERVED CVE-2020-21414 RESERVED CVE-2020-21413 RESERVED CVE-2020-21412 RESERVED CVE-2020-21411 RESERVED CVE-2020-21410 RESERVED CVE-2020-21409 RESERVED CVE-2020-21408 RESERVED CVE-2020-21407 RESERVED CVE-2020-21406 (An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box tha ...) NOT-FOR-US: RK Smart TV Box MAX CVE-2020-21405 (An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attack ...) NOT-FOR-US: H96 Smart TV Box H96 CVE-2020-21404 RESERVED CVE-2020-21403 RESERVED CVE-2020-21402 RESERVED CVE-2020-21401 RESERVED CVE-2020-21400 (SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a rem ...) NOT-FOR-US: PHPMyWind CVE-2020-21399 RESERVED CVE-2020-21398 RESERVED CVE-2020-21397 RESERVED CVE-2020-21396 RESERVED CVE-2020-21395 RESERVED CVE-2020-21394 (SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB ma ...) NOT-FOR-US: CRMEB mall system CVE-2020-21393 RESERVED CVE-2020-21392 RESERVED CVE-2020-21391 RESERVED CVE-2020-21390 RESERVED CVE-2020-21389 RESERVED CVE-2020-21388 RESERVED CVE-2020-21387 (A cross-site scripting (XSS) vulnerability in the parameter type_en of ...) NOT-FOR-US: Maccms CVE-2020-21386 (A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/t ...) NOT-FOR-US: Maccms CVE-2020-21385 RESERVED CVE-2020-21384 RESERVED CVE-2020-21383 RESERVED CVE-2020-21382 RESERVED CVE-2020-21381 RESERVED CVE-2020-21380 RESERVED CVE-2020-21379 RESERVED CVE-2020-21378 (SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id par ...) NOT-FOR-US: SeaCMS CVE-2020-21377 (SQL injection vulnerability in yunyecms V2.0.1 via the selcart paramet ...) NOT-FOR-US: yunyecms CVE-2020-21376 RESERVED CVE-2020-21375 RESERVED CVE-2020-21374 RESERVED CVE-2020-21373 RESERVED CVE-2020-21372 RESERVED CVE-2020-21371 RESERVED CVE-2020-21370 RESERVED CVE-2020-21369 RESERVED CVE-2020-21368 RESERVED CVE-2020-21367 RESERVED CVE-2020-21366 (Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an a ...) NOT-FOR-US: GreenCMS CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows ...) {DLA-3158-1} - wkhtmltopdf 0.12.6-1 NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/commit/2a5f25077895fb075812c0f599326f079a59d6cf (0.12.6) NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536 CVE-2020-21364 RESERVED CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10.) NOT-FOR-US: Maccms10 CVE-2020-21362 (A cross site scripting (XSS) vulnerability in the background search fu ...) NOT-FOR-US: Maccms10 CVE-2020-21361 RESERVED CVE-2020-21360 RESERVED CVE-2020-21359 (An arbitrary file upload vulnerability in the Template Upload function ...) NOT-FOR-US: Maccms10 CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...) NOT-FOR-US: Wage-CMS CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...) NOT-FOR-US: PopojiCMS CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...) NOT-FOR-US: PopojiCMS CVE-2020-21355 RESERVED CVE-2020-21354 RESERVED CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...) NOT-FOR-US: GetSimple CMS CVE-2020-21352 RESERVED CVE-2020-21351 RESERVED CVE-2020-21350 RESERVED CVE-2020-21349 RESERVED CVE-2020-21348 RESERVED CVE-2020-21347 RESERVED CVE-2020-21346 RESERVED CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...) NOT-FOR-US: halo CVE-2020-21344 RESERVED CVE-2020-21343 RESERVED CVE-2020-21342 (Insecure permissions issue in zzcms 201910 via the reset any user pass ...) NOT-FOR-US: zzcms CVE-2020-21341 RESERVED CVE-2020-21340 RESERVED CVE-2020-21339 RESERVED CVE-2020-21338 RESERVED CVE-2020-21337 RESERVED CVE-2020-21336 RESERVED CVE-2020-21335 RESERVED CVE-2020-21334 RESERVED CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...) NOT-FOR-US: PublicCMS CVE-2020-21332 RESERVED CVE-2020-21331 RESERVED CVE-2020-21330 RESERVED CVE-2020-21329 RESERVED CVE-2020-21328 RESERVED CVE-2020-21327 RESERVED CVE-2020-21326 RESERVED CVE-2020-21325 (An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbi ...) NOT-FOR-US: WUZHI CMS CVE-2020-21324 RESERVED CVE-2020-21323 RESERVED CVE-2020-21322 (An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below a ...) NOT-FOR-US: Feehi CMS CVE-2020-21321 (emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/lin ...) NOT-FOR-US: emlog CMS CVE-2020-21320 RESERVED CVE-2020-21319 RESERVED CVE-2020-21318 RESERVED CVE-2020-21317 RESERVED CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the comment secti ...) NOT-FOR-US: zrlog CVE-2020-21315 RESERVED CVE-2020-21314 RESERVED CVE-2020-21313 RESERVED CVE-2020-21312 RESERVED CVE-2020-21311 RESERVED CVE-2020-21310 RESERVED CVE-2020-21309 RESERVED CVE-2020-21308 RESERVED CVE-2020-21307 RESERVED CVE-2020-21306 RESERVED CVE-2020-21305 RESERVED CVE-2020-21304 RESERVED CVE-2020-21303 RESERVED CVE-2020-21302 RESERVED CVE-2020-21301 RESERVED CVE-2020-21300 RESERVED CVE-2020-21299 RESERVED CVE-2020-21298 RESERVED CVE-2020-21297 RESERVED CVE-2020-21296 RESERVED CVE-2020-21295 RESERVED CVE-2020-21294 RESERVED CVE-2020-21293 RESERVED CVE-2020-21292 RESERVED CVE-2020-21291 RESERVED CVE-2020-21290 RESERVED CVE-2020-21289 RESERVED CVE-2020-21288 RESERVED CVE-2020-21287 RESERVED CVE-2020-21286 RESERVED CVE-2020-21285 RESERVED CVE-2020-21284 RESERVED CVE-2020-21283 RESERVED CVE-2020-21282 RESERVED CVE-2020-21281 RESERVED CVE-2020-21280 RESERVED CVE-2020-21279 RESERVED CVE-2020-21278 RESERVED CVE-2020-21277 RESERVED CVE-2020-21276 RESERVED CVE-2020-21275 RESERVED CVE-2020-21274 RESERVED CVE-2020-21273 RESERVED CVE-2020-21272 RESERVED CVE-2020-21271 RESERVED CVE-2020-21270 RESERVED CVE-2020-21269 RESERVED CVE-2020-21268 (Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows ...) NOT-FOR-US: EasySoft ZenTao CVE-2020-21267 RESERVED CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...) NOT-FOR-US: Broadleaf Commerce CVE-2020-21265 RESERVED CVE-2020-21264 RESERVED CVE-2020-21263 RESERVED CVE-2020-21262 RESERVED CVE-2020-21261 RESERVED CVE-2020-21260 RESERVED CVE-2020-21259 RESERVED CVE-2020-21258 RESERVED CVE-2020-21257 RESERVED CVE-2020-21256 RESERVED CVE-2020-21255 RESERVED CVE-2020-21254 RESERVED CVE-2020-21253 RESERVED CVE-2020-21252 (Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows ...) NOT-FOR-US: Neeke HongCMS CVE-2020-21251 RESERVED CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: CSZ CMS CVE-2020-21249 RESERVED CVE-2020-21248 RESERVED CVE-2020-21247 RESERVED CVE-2020-21246 (Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote att ...) NOT-FOR-US: YiiCMS CVE-2020-21245 RESERVED CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...) - frontaccounting CVE-2020-21243 RESERVED CVE-2020-21242 RESERVED CVE-2020-21241 RESERVED CVE-2020-21240 RESERVED CVE-2020-21239 RESERVED CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...) NOT-FOR-US: CSCMS CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...) NOT-FOR-US: LJCMS CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...) NOT-FOR-US: DamiCMS CVE-2020-21235 RESERVED CVE-2020-21234 RESERVED CVE-2020-21233 RESERVED CVE-2020-21232 RESERVED CVE-2020-21231 RESERVED CVE-2020-21230 RESERVED CVE-2020-21229 RESERVED CVE-2020-21228 (JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: JIZHICMS CVE-2020-21227 RESERVED CVE-2020-21226 RESERVED CVE-2020-21225 RESERVED CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...) NOT-FOR-US: Inspur ClusterEngine CVE-2020-21223 RESERVED CVE-2020-21222 RESERVED CVE-2020-21221 RESERVED CVE-2020-21220 RESERVED CVE-2020-21219 (Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Rel ...) NOT-FOR-US: pfSense CVE-2020-21218 RESERVED CVE-2020-21217 RESERVED CVE-2020-21216 RESERVED CVE-2020-21215 RESERVED CVE-2020-21214 RESERVED CVE-2020-21213 RESERVED CVE-2020-21212 RESERVED CVE-2020-21211 RESERVED CVE-2020-21210 RESERVED CVE-2020-21209 RESERVED CVE-2020-21208 RESERVED CVE-2020-21207 RESERVED CVE-2020-21206 RESERVED CVE-2020-21205 RESERVED CVE-2020-21204 RESERVED CVE-2020-21203 RESERVED CVE-2020-21202 RESERVED CVE-2020-21201 RESERVED CVE-2020-21200 RESERVED CVE-2020-21199 RESERVED CVE-2020-21198 RESERVED CVE-2020-21197 RESERVED CVE-2020-21196 RESERVED CVE-2020-21195 RESERVED CVE-2020-21194 RESERVED CVE-2020-21193 RESERVED CVE-2020-21192 RESERVED CVE-2020-21191 RESERVED CVE-2020-21190 RESERVED CVE-2020-21189 RESERVED CVE-2020-21188 RESERVED CVE-2020-21187 RESERVED CVE-2020-21186 RESERVED CVE-2020-21185 RESERVED CVE-2020-21184 RESERVED CVE-2020-21183 RESERVED CVE-2020-21182 RESERVED CVE-2020-21181 RESERVED CVE-2020-21180 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) NOT-FOR-US: koa2-blog CVE-2020-21179 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) NOT-FOR-US: koa2-blog CVE-2020-21178 RESERVED CVE-2020-21177 RESERVED CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...) NOT-FOR-US: ThinkJS CVE-2020-21175 RESERVED CVE-2020-21174 (File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote atta ...) NOT-FOR-US: liufee CMS CVE-2020-21173 RESERVED CVE-2020-21172 RESERVED CVE-2020-21171 RESERVED CVE-2020-21170 RESERVED CVE-2020-21169 RESERVED CVE-2020-21168 RESERVED CVE-2020-21167 RESERVED CVE-2020-21166 RESERVED CVE-2020-21165 RESERVED CVE-2020-21164 RESERVED CVE-2020-21163 RESERVED CVE-2020-21162 RESERVED CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...) NOT-FOR-US: Ruckus CVE-2020-21160 RESERVED CVE-2020-21159 RESERVED CVE-2020-21158 RESERVED CVE-2020-21157 RESERVED CVE-2020-21156 RESERVED CVE-2020-21155 RESERVED CVE-2020-21154 RESERVED CVE-2020-21153 RESERVED CVE-2020-21152 (SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execut ...) NOT-FOR-US: inxedu CVE-2020-21151 RESERVED CVE-2020-21150 RESERVED CVE-2020-21149 RESERVED CVE-2020-21148 RESERVED CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: RockOA CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: Feehi CMS CVE-2020-21145 RESERVED CVE-2020-21144 RESERVED CVE-2020-21143 RESERVED CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire ...) NOT-FOR-US: IPFire CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: iCMS CVE-2020-21140 RESERVED CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...) NOT-FOR-US: EC Cloud E-Commerce System CVE-2020-21138 RESERVED CVE-2020-21137 RESERVED CVE-2020-21136 RESERVED CVE-2020-21135 RESERVED CVE-2020-21134 RESERVED CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...) NOT-FOR-US: Metinfo CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.) NOT-FOR-US: Metinfo CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...) NOT-FOR-US: Metinfo CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...) NOT-FOR-US: HisiPHP CVE-2020-21129 RESERVED CVE-2020-21128 RESERVED CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...) NOT-FOR-US: MetInfo CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...) NOT-FOR-US: MetInfo CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...) NOT-FOR-US: UReport CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...) NOT-FOR-US: UReport CVE-2020-21123 RESERVED CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...) NOT-FOR-US: UReport CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...) NOT-FOR-US: Pligg CMS CVE-2020-21120 (SQL Injection vulnerability in file home\controls\cart.class.php in UQ ...) NOT-FOR-US: UQCMS CVE-2020-21119 (SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_ ...) NOT-FOR-US: Kliqqi-CMS CVE-2020-21118 RESERVED CVE-2020-21117 RESERVED CVE-2020-21116 RESERVED CVE-2020-21115 RESERVED CVE-2020-21114 RESERVED CVE-2020-21113 RESERVED CVE-2020-21112 RESERVED CVE-2020-21111 RESERVED CVE-2020-21110 RESERVED CVE-2020-21109 RESERVED CVE-2020-21108 RESERVED CVE-2020-21107 RESERVED CVE-2020-21106 RESERVED CVE-2020-21105 RESERVED CVE-2020-21104 RESERVED CVE-2020-21103 RESERVED CVE-2020-21102 RESERVED CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...) NOT-FOR-US: Screenly CVE-2020-21100 RESERVED CVE-2020-21099 RESERVED CVE-2020-21098 RESERVED CVE-2020-21097 RESERVED CVE-2020-21096 RESERVED CVE-2020-21095 RESERVED CVE-2020-21094 RESERVED CVE-2020-21093 RESERVED CVE-2020-21092 RESERVED CVE-2020-21091 RESERVED CVE-2020-21090 RESERVED CVE-2020-21089 RESERVED CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...) NOT-FOR-US: X2engine X2CRM CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...) NOT-FOR-US: X2engine X2CRM CVE-2020-21086 RESERVED CVE-2020-21085 RESERVED CVE-2020-21084 RESERVED CVE-2020-21083 RESERVED CVE-2020-21082 (A cross-site scripting (XSS) vulnerability in the background administr ...) NOT-FOR-US: Maccms CVE-2020-21081 (A cross-site request forgery (CSRF) in Maccms 8.0 causes administrator ...) NOT-FOR-US: Maccms CVE-2020-21080 RESERVED CVE-2020-21079 RESERVED CVE-2020-21078 RESERVED CVE-2020-21077 RESERVED CVE-2020-21076 RESERVED CVE-2020-21075 RESERVED CVE-2020-21074 RESERVED CVE-2020-21073 RESERVED CVE-2020-21072 RESERVED CVE-2020-21071 RESERVED CVE-2020-21070 RESERVED CVE-2020-21069 RESERVED CVE-2020-21068 RESERVED CVE-2020-21067 RESERVED CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) NOT-FOR-US: Bento4 CVE-2020-21065 RESERVED CVE-2020-21064 REJECTED CVE-2020-21063 RESERVED CVE-2020-21062 RESERVED CVE-2020-21061 RESERVED CVE-2020-21060 (SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote a ...) NOT-FOR-US: PHPMyWind CVE-2020-21059 RESERVED CVE-2020-21058 (Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote ...) NOT-FOR-US: Typora CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...) NOT-FOR-US: FusionPBX CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...) NOT-FOR-US: FusionPBX CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...) NOT-FOR-US: FusionPBX CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...) NOT-FOR-US: FusionPBX CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...) NOT-FOR-US: FusionPBX CVE-2020-21052 (Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a rem ...) NOT-FOR-US: zrlog CVE-2020-21051 RESERVED CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3) NOTE: https://github.com/saitoha/libsixel/issues/75 CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/74 NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5) CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/73 NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4) NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4) CVE-2020-21047 (The libcpu component which is used by libasm of elfutils version 0.177 ...) {DLA-3579-1} - elfutils 0.180-1 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25068 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8 (elfutils-0.178) CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...) NOT-FOR-US: EagleGet for Windows CVE-2020-21045 RESERVED CVE-2020-21044 RESERVED CVE-2020-21043 RESERVED CVE-2020-21042 RESERVED CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...) {DSA-4990-1 DLA-2742-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [stretch] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/7989 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba CVE-2020-21040 RESERVED CVE-2020-21039 RESERVED CVE-2020-21038 (Open redirect vulnerability in typecho 1.1-17.10.30-release via the re ...) NOT-FOR-US: typecho CVE-2020-21037 RESERVED CVE-2020-21036 RESERVED CVE-2020-21035 RESERVED CVE-2020-21034 RESERVED CVE-2020-21033 RESERVED CVE-2020-21032 RESERVED CVE-2020-21031 RESERVED CVE-2020-21030 RESERVED CVE-2020-21029 RESERVED CVE-2020-21028 RESERVED CVE-2020-21027 RESERVED CVE-2020-21026 RESERVED CVE-2020-21025 RESERVED CVE-2020-21024 RESERVED CVE-2020-21023 RESERVED CVE-2020-21022 RESERVED CVE-2020-21021 RESERVED CVE-2020-21020 RESERVED CVE-2020-21019 RESERVED CVE-2020-21018 RESERVED CVE-2020-21017 RESERVED CVE-2020-21016 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2020-21015 RESERVED CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...) NOT-FOR-US: emlog CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php.) NOT-FOR-US: emlog CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to ...) NOT-FOR-US: Sourcecodester Hotel and Lodge Management System CVE-2020-21011 RESERVED CVE-2020-21010 RESERVED CVE-2020-21009 REJECTED CVE-2020-21008 RESERVED CVE-2020-21007 RESERVED CVE-2020-21006 RESERVED CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...) NOT-FOR-US: WellCMS CVE-2020-21004 RESERVED CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...) NOT-FOR-US: Pbootcms CVE-2020-21002 RESERVED CVE-2020-21001 RESERVED CVE-2020-21000 RESERVED CVE-2020-20999 RESERVED CVE-2020-20998 RESERVED CVE-2020-20997 RESERVED CVE-2020-20996 RESERVED CVE-2020-20995 RESERVED CVE-2020-20994 RESERVED CVE-2020-20993 RESERVED CVE-2020-20992 RESERVED CVE-2020-20991 RESERVED CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...) NOT-FOR-US: DomainMOD CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...) NOT-FOR-US: DomainMOD CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...) NOT-FOR-US: DomainMOD CVE-2020-20987 RESERVED CVE-2020-20986 RESERVED CVE-2020-20985 RESERVED CVE-2020-20984 RESERVED CVE-2020-20983 RESERVED CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...) NOT-FOR-US: shadoweb wdja CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Me ...) NOT-FOR-US: Metinfo CVE-2020-20980 RESERVED CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...) NOT-FOR-US: LJCMS CVE-2020-20978 RESERVED CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...) NOT-FOR-US: UK CMS CVE-2020-20976 RESERVED CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...) NOT-FOR-US: Gxlcms CVE-2020-20974 RESERVED CVE-2020-20973 RESERVED CVE-2020-20972 RESERVED CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via ...) NOT-FOR-US: PbootCMS CVE-2020-20970 RESERVED CVE-2020-20969 (File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacke ...) NOT-FOR-US: PluckCMS CVE-2020-20968 RESERVED CVE-2020-20967 RESERVED CVE-2020-20966 RESERVED CVE-2020-20965 RESERVED CVE-2020-20964 RESERVED CVE-2020-20963 RESERVED CVE-2020-20962 RESERVED CVE-2020-20961 RESERVED CVE-2020-20960 RESERVED CVE-2020-20959 RESERVED CVE-2020-20958 RESERVED CVE-2020-20957 RESERVED CVE-2020-20956 RESERVED CVE-2020-20955 RESERVED CVE-2020-20954 RESERVED CVE-2020-20953 RESERVED CVE-2020-20952 RESERVED CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...) NOT-FOR-US: Pluck CMS CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) NOT-FOR-US: Microchip Libraries for Applications CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...) NOT-FOR-US: STM32 cryptographic firmware library CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...) NOT-FOR-US: jeecg CVE-2020-20947 RESERVED CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: Qibosoft CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&act ...) NOT-FOR-US: Qibosoft CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allow ...) NOT-FOR-US: Qibosoft CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&st ...) NOT-FOR-US: Qibosoft CVE-2020-20942 RESERVED CVE-2020-20941 RESERVED CVE-2020-20940 RESERVED CVE-2020-20939 RESERVED CVE-2020-20938 RESERVED CVE-2020-20937 RESERVED CVE-2020-20936 RESERVED CVE-2020-20935 RESERVED CVE-2020-20934 RESERVED CVE-2020-20933 RESERVED CVE-2020-20932 RESERVED CVE-2020-20931 RESERVED CVE-2020-20930 RESERVED CVE-2020-20929 RESERVED CVE-2020-20928 RESERVED CVE-2020-20927 RESERVED CVE-2020-20926 RESERVED CVE-2020-20925 RESERVED CVE-2020-20924 RESERVED CVE-2020-20923 RESERVED CVE-2020-20922 RESERVED CVE-2020-20921 RESERVED CVE-2020-20920 RESERVED CVE-2020-20919 (File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote a ...) NOT-FOR-US: PluckCMS CVE-2020-20918 (An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacke ...) NOT-FOR-US: PluckCMS CVE-2020-20917 RESERVED CVE-2020-20916 RESERVED CVE-2020-20915 (SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote a ...) NOT-FOR-US: PublicCMS CVE-2020-20914 (SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a ...) NOT-FOR-US: PublicCMS CVE-2020-20913 (SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a r ...) NOT-FOR-US: MCMS CVE-2020-20912 RESERVED CVE-2020-20911 RESERVED CVE-2020-20910 RESERVED CVE-2020-20909 RESERVED CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...) NOT-FOR-US: Akaunting CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...) NOT-FOR-US: MetInfo CVE-2020-20906 RESERVED CVE-2020-20905 RESERVED CVE-2020-20904 RESERVED CVE-2020-20903 RESERVED CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...) {DSA-4722-1 DLA-3010-1} - ffmpeg 7:4.2.2-1 NOTE: https://trac.ffmpeg.org/ticket/8176 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 (4.2.2) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=81672bf00f3b5a3c025034f4b2e33d67b72f3839 (4.2.2) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abf9627f70ed8467b1646d56205e61f965f11468 (4.1.9) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1cff89a11fa051696109565b3bf88c94479374eb (3.2.15) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abf9627f70ed8467b1646d56205e61f965f11468 (3.2.17) CVE-2020-20901 REJECTED CVE-2020-20900 REJECTED CVE-2020-20899 REJECTED CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2020-20897 REJECTED CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) {DSA-5126-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code introduced later) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6fe33489be72eee8010c28165f4b12870df4c600 (4.1.9) NOTE: https://trac.ffmpeg.org/ticket/8273 NOTE: Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8b3ec51de8a04f4442297f2f835e925cab7b0597 (3.4) CVE-2020-20895 REJECTED CVE-2020-20894 REJECTED CVE-2020-20893 REJECTED CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...) {DSA-5126-1 DLA-3010-1} - ffmpeg 7:4.3-2 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374 (3.2.17) NOTE: https://trac.ffmpeg.org/ticket/8265 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...) {DSA-5126-1 DLA-3010-1} - ffmpeg 7:4.3-2 NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab (4.1.9) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f8b4426c10aa65f4c04847a50ebfdcb8782a49b7 (3.2.17) NOTE: https://trac.ffmpeg.org/ticket/8282 CVE-2020-20890 RESERVED CVE-2020-20889 RESERVED CVE-2020-20888 RESERVED CVE-2020-20887 RESERVED CVE-2020-20886 RESERVED CVE-2020-20885 RESERVED CVE-2020-20884 RESERVED CVE-2020-20883 RESERVED CVE-2020-20882 RESERVED CVE-2020-20881 RESERVED CVE-2020-20880 RESERVED CVE-2020-20879 RESERVED CVE-2020-20878 RESERVED CVE-2020-20877 RESERVED CVE-2020-20876 RESERVED CVE-2020-20875 RESERVED CVE-2020-20874 RESERVED CVE-2020-20873 RESERVED CVE-2020-20872 RESERVED CVE-2020-20871 RESERVED CVE-2020-20870 RESERVED CVE-2020-20869 RESERVED CVE-2020-20868 RESERVED CVE-2020-20867 RESERVED CVE-2020-20866 RESERVED CVE-2020-20865 RESERVED CVE-2020-20864 RESERVED CVE-2020-20863 RESERVED CVE-2020-20862 RESERVED CVE-2020-20861 RESERVED CVE-2020-20860 RESERVED CVE-2020-20859 RESERVED CVE-2020-20858 RESERVED CVE-2020-20857 RESERVED CVE-2020-20856 RESERVED CVE-2020-20855 RESERVED CVE-2020-20854 RESERVED CVE-2020-20853 RESERVED CVE-2020-20852 RESERVED CVE-2020-20851 RESERVED CVE-2020-20850 RESERVED CVE-2020-20849 RESERVED CVE-2020-20848 RESERVED CVE-2020-20847 RESERVED CVE-2020-20846 RESERVED CVE-2020-20845 RESERVED CVE-2020-20844 RESERVED CVE-2020-20843 RESERVED CVE-2020-20842 RESERVED CVE-2020-20841 RESERVED CVE-2020-20840 RESERVED CVE-2020-20839 RESERVED CVE-2020-20838 RESERVED CVE-2020-20837 RESERVED CVE-2020-20836 RESERVED CVE-2020-20835 RESERVED CVE-2020-20834 RESERVED CVE-2020-20833 RESERVED CVE-2020-20832 RESERVED CVE-2020-20831 RESERVED CVE-2020-20830 RESERVED CVE-2020-20829 RESERVED CVE-2020-20828 RESERVED CVE-2020-20827 RESERVED CVE-2020-20826 RESERVED CVE-2020-20825 RESERVED CVE-2020-20824 RESERVED CVE-2020-20823 RESERVED CVE-2020-20822 RESERVED CVE-2020-20821 RESERVED CVE-2020-20820 RESERVED CVE-2020-20819 RESERVED CVE-2020-20818 RESERVED CVE-2020-20817 RESERVED CVE-2020-20816 RESERVED CVE-2020-20815 RESERVED CVE-2020-20814 RESERVED CVE-2020-20813 (Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers t ...) NOTE: Unactionable report on OpenVPN CVE-2020-20812 RESERVED CVE-2020-20811 RESERVED CVE-2020-20810 RESERVED CVE-2020-20809 RESERVED CVE-2020-20808 (Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before ...) NOT-FOR-US: Qibosoft CVE-2020-20807 RESERVED CVE-2020-20806 RESERVED CVE-2020-20805 RESERVED CVE-2020-20804 RESERVED CVE-2020-20803 RESERVED CVE-2020-20802 RESERVED CVE-2020-20801 RESERVED CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...) NOT-FOR-US: MetInfo CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: JeeCMS CVE-2020-20798 RESERVED CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability ...) NOT-FOR-US: FlameCMS CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/artic ...) NOT-FOR-US: FlameCMS CVE-2020-20795 RESERVED CVE-2020-20794 RESERVED CVE-2020-20793 RESERVED CVE-2020-20792 RESERVED CVE-2020-20791 RESERVED CVE-2020-20790 RESERVED CVE-2020-20789 RESERVED CVE-2020-20788 RESERVED CVE-2020-20787 RESERVED CVE-2020-20786 RESERVED CVE-2020-20785 RESERVED CVE-2020-20784 RESERVED CVE-2020-20783 RESERVED CVE-2020-20782 RESERVED CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...) NOT-FOR-US: UCMS CVE-2020-20780 RESERVED CVE-2020-20779 RESERVED CVE-2020-20778 RESERVED CVE-2020-20777 RESERVED CVE-2020-20776 RESERVED CVE-2020-20775 RESERVED CVE-2020-20774 RESERVED CVE-2020-20773 RESERVED CVE-2020-20772 RESERVED CVE-2020-20771 RESERVED CVE-2020-20770 RESERVED CVE-2020-20769 RESERVED CVE-2020-20768 RESERVED CVE-2020-20767 RESERVED CVE-2020-20766 RESERVED CVE-2020-20765 RESERVED CVE-2020-20764 RESERVED CVE-2020-20763 RESERVED CVE-2020-20762 RESERVED CVE-2020-20761 RESERVED CVE-2020-20760 RESERVED CVE-2020-20759 RESERVED CVE-2020-20758 RESERVED CVE-2020-20757 RESERVED CVE-2020-20756 RESERVED CVE-2020-20755 RESERVED CVE-2020-20754 RESERVED CVE-2020-20753 RESERVED CVE-2020-20752 RESERVED CVE-2020-20751 RESERVED CVE-2020-20750 RESERVED CVE-2020-20749 RESERVED CVE-2020-20748 RESERVED CVE-2020-20747 RESERVED CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03. ...) NOT-FOR-US: Tenda CVE-2020-20745 RESERVED CVE-2020-20744 RESERVED CVE-2020-20743 RESERVED CVE-2020-20742 RESERVED CVE-2020-20741 (Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 w ...) NOT-FOR-US: Beckhoff CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...) {DLA-2475-1} - pdfresurrect 0.21-1 [buster] - pdfresurrect (Minor issue) NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21) NOTE: https://github.com/enferex/pdfresurrect/issues/14 CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...) {DLA-2473-1} - vips 8.9.0-1 [buster] - vips 8.7.4-1+deb10u1 NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1) NOTE: https://github.com/libvips/libvips/issues/1419 CVE-2020-20738 RESERVED CVE-2020-20737 RESERVED CVE-2020-20736 RESERVED CVE-2020-20735 (File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attack ...) NOT-FOR-US: LJCMS CVE-2020-20734 RESERVED CVE-2020-20733 RESERVED CVE-2020-20732 RESERVED CVE-2020-20731 RESERVED CVE-2020-20730 RESERVED CVE-2020-20729 RESERVED CVE-2020-20728 RESERVED CVE-2020-20727 RESERVED CVE-2020-20726 (Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allo ...) NOT-FOR-US: GilaCMS CVE-2020-20725 (Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 all ...) NOT-FOR-US: taoCMS CVE-2020-20724 RESERVED CVE-2020-20723 RESERVED CVE-2020-20722 RESERVED CVE-2020-20721 RESERVED CVE-2020-20720 RESERVED CVE-2020-20719 RESERVED CVE-2020-20718 (File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a r ...) NOT-FOR-US: PluckCMS CVE-2020-20717 RESERVED CVE-2020-20716 RESERVED CVE-2020-20715 RESERVED CVE-2020-20714 RESERVED CVE-2020-20713 RESERVED CVE-2020-20712 RESERVED CVE-2020-20711 RESERVED CVE-2020-20710 RESERVED CVE-2020-20709 RESERVED CVE-2020-20708 RESERVED CVE-2020-20707 RESERVED CVE-2020-20706 RESERVED CVE-2020-20705 RESERVED CVE-2020-20704 RESERVED CVE-2020-20703 (Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attack ...) - vim 2:8.1.2136-1 [buster] - vim (Vulnerable code not present) NOTE: https://github.com/vim/vim/issues/5041 NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 CVE-2020-20702 RESERVED CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...) NOT-FOR-US: S-CMS PHP CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of ...) NOT-FOR-US: S-CMS PHP CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...) NOT-FOR-US: S-CMS PHP CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...) NOT-FOR-US: S-CMS PHP CVE-2020-20697 (Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a ...) NOT-FOR-US: NodCMS CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...) NOT-FOR-US: GilaCMS CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...) NOT-FOR-US: GilaCMS CVE-2020-20694 RESERVED CVE-2020-20693 (A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenti ...) NOT-FOR-US: GilaCMS CVE-2020-20692 (GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: GilaCMS CVE-2020-20691 (An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary w ...) NOT-FOR-US: Monstra CMS CVE-2020-20690 RESERVED CVE-2020-20689 RESERVED CVE-2020-20688 RESERVED CVE-2020-20687 RESERVED CVE-2020-20686 RESERVED CVE-2020-20685 RESERVED CVE-2020-20684 RESERVED CVE-2020-20683 RESERVED CVE-2020-20682 RESERVED CVE-2020-20681 RESERVED CVE-2020-20680 RESERVED CVE-2020-20679 RESERVED CVE-2020-20678 RESERVED CVE-2020-20677 RESERVED CVE-2020-20676 RESERVED CVE-2020-20675 (Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoods ...) NOT-FOR-US: Nuishop CVE-2020-20674 RESERVED CVE-2020-20673 RESERVED CVE-2020-20672 (An arbitrary file upload vulnerability in /admin/upload/uploadfile of ...) NOT-FOR-US: KiteCMS CVE-2020-20671 (A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers t ...) NOT-FOR-US: KiteCMS CVE-2020-20670 (An arbitrary file upload vulnerability in /admin/media/upload of ZKEAC ...) NOT-FOR-US: ZKEACMS CVE-2020-20669 RESERVED CVE-2020-20668 RESERVED CVE-2020-20667 RESERVED CVE-2020-20666 RESERVED CVE-2020-20665 (rudp v0.6 was discovered to contain a memory leak in the component mai ...) NOT-FOR-US: rudp CVE-2020-20664 (libiec_iccp_mod v1.5 contains a segmentation violation in the componen ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20663 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20662 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20661 RESERVED CVE-2020-20660 RESERVED CVE-2020-20659 RESERVED CVE-2020-20658 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) NOT-FOR-US: fcovatti libiec_iccp_mod CVE-2020-20657 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) NOT-FOR-US: fcovatti libiec_iccp_mod CVE-2020-20656 RESERVED CVE-2020-20655 RESERVED CVE-2020-20654 RESERVED CVE-2020-20653 RESERVED CVE-2020-20652 RESERVED CVE-2020-20651 RESERVED CVE-2020-20650 RESERVED CVE-2020-20649 RESERVED CVE-2020-20648 RESERVED CVE-2020-20647 RESERVED CVE-2020-20646 RESERVED CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the ...) NOT-FOR-US: EyouCMS CVE-2020-20644 RESERVED CVE-2020-20643 RESERVED CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3. ...) NOT-FOR-US: EyouCMS CVE-2020-20641 RESERVED CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...) NOT-FOR-US: ECShop CVE-2020-20639 RESERVED CVE-2020-20638 RESERVED CVE-2020-20637 RESERVED CVE-2020-20636 (SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remo ...) NOT-FOR-US: Joyplus-cms CVE-2020-20635 RESERVED CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...) NOT-FOR-US: WordPress plugin CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...) NOT-FOR-US: WordPress plugin CVE-2020-20632 RESERVED CVE-2020-20631 RESERVED CVE-2020-20630 RESERVED CVE-2020-20629 RESERVED CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...) NOT-FOR-US: WP GDPR plugin CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...) NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...) NOT-FOR-US: Lara Google Analytics plugin for WordPress CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...) NOT-FOR-US: Sliced Invoices plugin for WordPress CVE-2020-20624 RESERVED CVE-2020-20623 RESERVED CVE-2020-20622 RESERVED CVE-2020-20621 RESERVED CVE-2020-20620 RESERVED CVE-2020-20619 RESERVED CVE-2020-20618 RESERVED CVE-2020-20617 RESERVED CVE-2020-20616 RESERVED CVE-2020-20615 RESERVED CVE-2020-20614 RESERVED CVE-2020-20613 RESERVED CVE-2020-20612 RESERVED CVE-2020-20611 RESERVED CVE-2020-20610 RESERVED CVE-2020-20609 RESERVED CVE-2020-20608 RESERVED CVE-2020-20607 RESERVED CVE-2020-20606 RESERVED CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in t ...) NOT-FOR-US: Blog CMS CVE-2020-20604 RESERVED CVE-2020-20603 RESERVED CVE-2020-20602 RESERVED CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbi ...) NOT-FOR-US: ThinkCMF CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerab ...) NOT-FOR-US: MetInfo CVE-2020-20599 RESERVED CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing component of ...) NOT-FOR-US: com.mossle.lemon CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...) NOT-FOR-US: com.mossle.lemon NOTE: https://github.com/xuhuisheng/lemon CVE-2020-20596 RESERVED CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below allows atta ...) NOT-FOR-US: OPMS CVE-2020-20594 RESERVED CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authent ...) NOT-FOR-US: Rockoa CVE-2020-20592 RESERVED CVE-2020-20591 RESERVED CVE-2020-20590 RESERVED CVE-2020-20589 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...) NOT-FOR-US: FeehiCMS CVE-2020-20588 (File upload vulnerability in function upload in action/Core.class.php ...) NOT-FOR-US: zhimengzhe iBarn CVE-2020-20587 RESERVED CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...) NOT-FOR-US: XYHCMS CVE-2020-20585 (A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 ...) NOT-FOR-US: Metinfo CVE-2020-20584 (A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows a ...) NOT-FOR-US: baigo CMS CVE-2020-20583 (A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R ...) NOT-FOR-US: LJCMS CVE-2020-20582 (A server side request forgery (SSRF) vulnerability in /ApiAdminDomainS ...) NOT-FOR-US: MipCMS CVE-2020-20581 RESERVED CVE-2020-20580 RESERVED CVE-2020-20579 RESERVED CVE-2020-20578 RESERVED CVE-2020-20577 RESERVED CVE-2020-20576 RESERVED CVE-2020-20575 RESERVED CVE-2020-20574 RESERVED CVE-2020-20573 RESERVED CVE-2020-20572 RESERVED CVE-2020-20571 RESERVED CVE-2020-20570 RESERVED CVE-2020-20569 RESERVED CVE-2020-20568 RESERVED CVE-2020-20567 RESERVED CVE-2020-20566 RESERVED CVE-2020-20565 RESERVED CVE-2020-20564 RESERVED CVE-2020-20563 RESERVED CVE-2020-20562 RESERVED CVE-2020-20561 RESERVED CVE-2020-20560 RESERVED CVE-2020-20559 RESERVED CVE-2020-20558 RESERVED CVE-2020-20557 RESERVED CVE-2020-20556 RESERVED CVE-2020-20555 RESERVED CVE-2020-20554 RESERVED CVE-2020-20553 RESERVED CVE-2020-20552 RESERVED CVE-2020-20551 RESERVED CVE-2020-20550 RESERVED CVE-2020-20549 RESERVED CVE-2020-20548 RESERVED CVE-2020-20547 RESERVED CVE-2020-20546 RESERVED CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...) NOT-FOR-US: Zhiyuan G6 Government Collaboration System CVE-2020-20544 RESERVED CVE-2020-20543 RESERVED CVE-2020-20542 RESERVED CVE-2020-20541 RESERVED CVE-2020-20540 RESERVED CVE-2020-20539 RESERVED CVE-2020-20538 RESERVED CVE-2020-20537 RESERVED CVE-2020-20536 RESERVED CVE-2020-20535 RESERVED CVE-2020-20534 RESERVED CVE-2020-20533 RESERVED CVE-2020-20532 RESERVED CVE-2020-20531 RESERVED CVE-2020-20530 RESERVED CVE-2020-20529 RESERVED CVE-2020-20528 RESERVED CVE-2020-20527 RESERVED CVE-2020-20526 RESERVED CVE-2020-20525 RESERVED CVE-2020-20524 RESERVED CVE-2020-20523 (Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila ...) NOT-FOR-US: Gila CMS CVE-2020-20522 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...) NOT-FOR-US: KiteCMS CVE-2020-20521 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...) NOT-FOR-US: KiteCMS CVE-2020-20520 RESERVED CVE-2020-20519 RESERVED CVE-2020-20518 RESERVED CVE-2020-20517 RESERVED CVE-2020-20516 RESERVED CVE-2020-20515 RESERVED CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...) NOT-FOR-US: Maccms CVE-2020-20513 RESERVED CVE-2020-20512 RESERVED CVE-2020-20511 RESERVED CVE-2020-20510 RESERVED CVE-2020-20509 RESERVED CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...) NOT-FOR-US: Shopkit CVE-2020-20507 RESERVED CVE-2020-20506 RESERVED CVE-2020-20505 RESERVED CVE-2020-20504 RESERVED CVE-2020-20503 RESERVED CVE-2020-20502 (Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attack ...) NOT-FOR-US: yzCMS CVE-2020-20501 RESERVED CVE-2020-20500 RESERVED CVE-2020-20499 RESERVED CVE-2020-20498 RESERVED CVE-2020-20497 RESERVED CVE-2020-20496 RESERVED CVE-2020-20495 (bludit v3.13.0 contains an arbitrary file deletion vulnerability in th ...) NOT-FOR-US: bludit NOTE: https://github.com/bludit/bludit CVE-2020-20494 RESERVED CVE-2020-20493 RESERVED CVE-2020-20492 RESERVED CVE-2020-20491 (SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a ...) NOT-FOR-US: OpenCart CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...) NOT-FOR-US: libiec_iccp_mod NOTE: https://github.com/fcovatti/libiec_iccp_mod NOTE: IEC 61850 CVE-2020-20489 RESERVED CVE-2020-20488 RESERVED CVE-2020-20487 RESERVED CVE-2020-20486 (IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_S ...) NOT-FOR-US: IEC104 NOTE: https://github.com/airpig2011/IEC104 CVE-2020-20485 RESERVED CVE-2020-20484 RESERVED CVE-2020-20483 RESERVED CVE-2020-20482 RESERVED CVE-2020-20481 RESERVED CVE-2020-20480 RESERVED CVE-2020-20479 RESERVED CVE-2020-20478 RESERVED CVE-2020-20477 RESERVED CVE-2020-20476 RESERVED CVE-2020-20475 RESERVED CVE-2020-20474 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20473 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20472 (White Shark System (WSS) 1.3.2 has a sensitive information disclosure ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20471 (White Shark System (WSS) 1.3.2 has an unauthorized access vulnerabilit ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20470 (White Shark System (WSS) 1.3.2 has web site physical path leakage vuln ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20469 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20468 (White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can us ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20467 (White Shark System (WSS) 1.3.2 is vulnerable to sensitive information ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20466 (White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access vi ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20465 RESERVED CVE-2020-20464 RESERVED CVE-2020-20463 RESERVED CVE-2020-20462 RESERVED CVE-2020-20461 RESERVED CVE-2020-20460 RESERVED CVE-2020-20459 RESERVED CVE-2020-20458 RESERVED CVE-2020-20457 RESERVED CVE-2020-20456 RESERVED CVE-2020-20455 RESERVED CVE-2020-20454 RESERVED CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8003 NOTE: Negligible security impact NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8 CVE-2020-20452 RESERVED CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8094 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb NOTE: Negligible security impact CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...) {DSA-4998-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.4-5 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7993 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3) NOTE: Negligible security impact CVE-2020-20449 RESERVED CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) {DSA-4722-1} - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7990 NOTE: Negligible security impact NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2 CVE-2020-20447 RESERVED CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7995 NOTE: Negligible security impact NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002 CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:5.0.1-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 NOTE: Negligible security impact NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184 (n5.0) CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...) NOT-FOR-US: Jact OpenClinic CVE-2020-20443 RESERVED CVE-2020-20442 RESERVED CVE-2020-20441 RESERVED CVE-2020-20440 RESERVED CVE-2020-20439 RESERVED CVE-2020-20438 RESERVED CVE-2020-20437 RESERVED CVE-2020-20436 RESERVED CVE-2020-20435 RESERVED CVE-2020-20434 RESERVED CVE-2020-20433 RESERVED CVE-2020-20432 RESERVED CVE-2020-20431 RESERVED CVE-2020-20430 RESERVED CVE-2020-20429 RESERVED CVE-2020-20428 RESERVED CVE-2020-20427 RESERVED CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...) NOT-FOR-US: S-CMS Government Station Building System CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...) NOT-FOR-US: S-CMS Government Station Building System CVE-2020-20424 RESERVED CVE-2020-20423 RESERVED CVE-2020-20422 RESERVED CVE-2020-20421 RESERVED CVE-2020-20420 RESERVED CVE-2020-20419 RESERVED CVE-2020-20418 RESERVED CVE-2020-20417 RESERVED CVE-2020-20416 RESERVED CVE-2020-20415 RESERVED CVE-2020-20414 RESERVED CVE-2020-20413 (SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote ...) NOT-FOR-US: WUZHICMS CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...) NOT-FOR-US: StepMania integration of libvorbis CVE-2020-20411 RESERVED CVE-2020-20410 RESERVED CVE-2020-20409 RESERVED CVE-2020-20408 RESERVED CVE-2020-20407 RESERVED CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) NOT-FOR-US: Elementor Page Builder CVE-2020-20405 RESERVED CVE-2020-20404 RESERVED CVE-2020-20403 RESERVED CVE-2020-20402 (Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password ...) NOT-FOR-US: portfolioCMS CVE-2020-20401 RESERVED CVE-2020-20400 RESERVED CVE-2020-20399 RESERVED CVE-2020-20398 RESERVED CVE-2020-20397 RESERVED CVE-2020-20396 RESERVED CVE-2020-20395 RESERVED CVE-2020-20394 RESERVED CVE-2020-20393 RESERVED CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters ...) NOT-FOR-US: imcat CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/sni ...) NOT-FOR-US: GetSimpleCMS CVE-2020-20390 RESERVED CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in adm ...) NOT-FOR-US: GetSimpleCMS CVE-2020-20388 RESERVED CVE-2020-20387 RESERVED CVE-2020-20386 RESERVED CVE-2020-20385 RESERVED CVE-2020-20384 RESERVED CVE-2020-20383 RESERVED CVE-2020-20382 RESERVED CVE-2020-20381 RESERVED CVE-2020-20380 RESERVED CVE-2020-20379 RESERVED CVE-2020-20378 RESERVED CVE-2020-20377 RESERVED CVE-2020-20376 RESERVED CVE-2020-20375 RESERVED CVE-2020-20374 RESERVED CVE-2020-20373 RESERVED CVE-2020-20372 RESERVED CVE-2020-20371 RESERVED CVE-2020-20370 RESERVED CVE-2020-20369 RESERVED CVE-2020-20368 RESERVED CVE-2020-20367 RESERVED CVE-2020-20366 RESERVED CVE-2020-20365 RESERVED CVE-2020-20364 RESERVED CVE-2020-20363 (Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.p ...) NOT-FOR-US: PbootCMS CVE-2020-20362 RESERVED CVE-2020-20361 RESERVED CVE-2020-20360 RESERVED CVE-2020-20359 RESERVED CVE-2020-20358 RESERVED CVE-2020-20357 RESERVED CVE-2020-20356 RESERVED CVE-2020-20355 RESERVED CVE-2020-20354 RESERVED CVE-2020-20353 RESERVED CVE-2020-20352 RESERVED CVE-2020-20351 RESERVED CVE-2020-20350 RESERVED CVE-2020-20349 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20348 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20347 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20346 RESERVED CVE-2020-20345 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) NOT-FOR-US: WTCMS CVE-2020-20344 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) NOT-FOR-US: WTCMS CVE-2020-20343 (WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20342 RESERVED CVE-2020-20341 (YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_ ...) NOT-FOR-US: YzmCMS CVE-2020-20340 (A SQL injection vulnerability in the 4.edu.php\conn\function.php compo ...) NOT-FOR-US: S-CMS CVE-2020-20339 RESERVED CVE-2020-20338 RESERVED CVE-2020-20337 RESERVED CVE-2020-20336 RESERVED CVE-2020-20335 (Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8 ...) NOT-FOR-US: kilo editor CVE-2020-20334 RESERVED CVE-2020-20333 RESERVED CVE-2020-20332 RESERVED CVE-2020-20331 RESERVED CVE-2020-20330 RESERVED CVE-2020-20329 RESERVED CVE-2020-20328 RESERVED CVE-2020-20327 RESERVED CVE-2020-20326 RESERVED CVE-2020-20325 RESERVED CVE-2020-20324 RESERVED CVE-2020-20323 RESERVED CVE-2020-20322 RESERVED CVE-2020-20321 RESERVED CVE-2020-20320 RESERVED CVE-2020-20319 RESERVED CVE-2020-20318 RESERVED CVE-2020-20317 RESERVED CVE-2020-20316 RESERVED CVE-2020-20315 RESERVED CVE-2020-20314 RESERVED CVE-2020-20313 RESERVED CVE-2020-20312 RESERVED CVE-2020-20311 RESERVED CVE-2020-20310 RESERVED CVE-2020-20309 RESERVED CVE-2020-20308 RESERVED CVE-2020-20307 RESERVED CVE-2020-20306 RESERVED CVE-2020-20305 RESERVED CVE-2020-20304 RESERVED CVE-2020-20303 RESERVED CVE-2020-20302 RESERVED CVE-2020-20301 RESERVED CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0.) NOT-FOR-US: WeiPHP CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...) NOT-FOR-US: WeiPHP CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...) NOT-FOR-US: zzzphp CVE-2020-20297 RESERVED CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because the recha ...) NOT-FOR-US: CMSWing CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because the updat ...) NOT-FOR-US: CMSWing CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because the log f ...) NOT-FOR-US: CMSWing CVE-2020-20293 RESERVED CVE-2020-20292 RESERVED CVE-2020-20291 RESERVED CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project. The delete ...) NOT-FOR-US: yccms CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The no_top funct ...) NOT-FOR-US: yccms CVE-2020-20288 RESERVED CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3 project. The x ...) NOT-FOR-US: yccms CVE-2020-20286 RESERVED CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...) NOT-FOR-US: zzcms CVE-2020-20284 RESERVED CVE-2020-20283 RESERVED CVE-2020-20282 RESERVED CVE-2020-20281 RESERVED CVE-2020-20280 RESERVED CVE-2020-20279 RESERVED CVE-2020-20278 RESERVED CVE-2020-20277 (There are multiple unauthenticated directory traversal vulnerabilities ...) NOT-FOR-US: uftpd CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability in common ...) NOT-FOR-US: uftpd CVE-2020-20275 RESERVED CVE-2020-20274 RESERVED CVE-2020-20273 RESERVED CVE-2020-20272 RESERVED CVE-2020-20271 RESERVED CVE-2020-20270 RESERVED CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...) NOT-FOR-US: Caret Editor CVE-2020-20268 RESERVED CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20263 RESERVED CVE-2020-20262 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20261 RESERVED CVE-2020-20260 RESERVED CVE-2020-20259 RESERVED CVE-2020-20258 RESERVED CVE-2020-20257 RESERVED CVE-2020-20256 RESERVED CVE-2020-20255 RESERVED CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) NOT-FOR-US: Mikrotik CVE-2020-20251 RESERVED CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) NOT-FOR-US: Mikrotik CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20245 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20244 RESERVED CVE-2020-20243 RESERVED CVE-2020-20242 RESERVED CVE-2020-20241 RESERVED CVE-2020-20240 RESERVED CVE-2020-20239 RESERVED CVE-2020-20238 RESERVED CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20235 RESERVED CVE-2020-20234 RESERVED CVE-2020-20233 RESERVED CVE-2020-20232 RESERVED CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...) NOT-FOR-US: Mikrotik CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20229 RESERVED CVE-2020-20228 RESERVED CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnera ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20226 RESERVED CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) NOT-FOR-US: Mikrotik CVE-2020-20224 RESERVED CVE-2020-20223 RESERVED CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20221 (Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncon ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20220 (Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20219 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20217 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontroll ...) NOT-FOR-US: Mikrotik CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...) NOT-FOR-US: Mikrotik CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...) NOT-FOR-US: Mikrotik CVE-2020-20210 (Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/a ...) NOT-FOR-US: Bludit CVE-2020-20209 RESERVED CVE-2020-20208 RESERVED CVE-2020-20207 RESERVED CVE-2020-20206 RESERVED CVE-2020-20205 RESERVED CVE-2020-20204 RESERVED CVE-2020-20203 RESERVED CVE-2020-20202 RESERVED CVE-2020-20201 RESERVED CVE-2020-20200 RESERVED CVE-2020-20199 RESERVED CVE-2020-20198 RESERVED CVE-2020-20197 RESERVED CVE-2020-20196 RESERVED CVE-2020-20195 RESERVED CVE-2020-20194 RESERVED CVE-2020-20193 RESERVED CVE-2020-20192 RESERVED CVE-2020-20191 RESERVED CVE-2020-20190 RESERVED CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...) NOT-FOR-US: NewPK CVE-2020-20188 RESERVED CVE-2020-20187 RESERVED CVE-2020-20186 RESERVED CVE-2020-20185 RESERVED CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...) NOT-FOR-US: GateOne CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel\u2019s P1302-T ...) NOT-FOR-US: Zyxel CVE-2020-20182 RESERVED CVE-2020-20181 RESERVED CVE-2020-20180 RESERVED CVE-2020-20179 RESERVED CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest ve ...) NOT-FOR-US: Ethereum CVE-2020-20177 RESERVED CVE-2020-20176 RESERVED CVE-2020-20175 RESERVED CVE-2020-20174 RESERVED CVE-2020-20173 RESERVED CVE-2020-20172 RESERVED CVE-2020-20171 RESERVED CVE-2020-20170 RESERVED CVE-2020-20169 RESERVED CVE-2020-20168 RESERVED CVE-2020-20167 RESERVED CVE-2020-20166 RESERVED CVE-2020-20165 RESERVED CVE-2020-20164 RESERVED CVE-2020-20163 RESERVED CVE-2020-20162 RESERVED CVE-2020-20161 RESERVED CVE-2020-20160 RESERVED CVE-2020-20159 RESERVED CVE-2020-20158 RESERVED CVE-2020-20157 RESERVED CVE-2020-20156 RESERVED CVE-2020-20155 RESERVED CVE-2020-20154 RESERVED CVE-2020-20153 RESERVED CVE-2020-20152 RESERVED CVE-2020-20151 RESERVED CVE-2020-20150 RESERVED CVE-2020-20149 RESERVED CVE-2020-20148 RESERVED CVE-2020-20147 RESERVED CVE-2020-20146 RESERVED CVE-2020-20145 REJECTED CVE-2020-20144 RESERVED CVE-2020-20143 RESERVED CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" compon ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) compone ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report component un ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...) NOT-FOR-US: CMS Made Simple (CMSMS) CVE-2020-20137 RESERVED CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an ...) NOT-FOR-US: QuantConnect Lean CVE-2020-20135 RESERVED CVE-2020-20134 RESERVED CVE-2020-20133 RESERVED CVE-2020-20132 RESERVED CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: LaraCMS CVE-2020-20130 RESERVED CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: LaraCMS CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...) NOT-FOR-US: LaraCMS CVE-2020-20127 RESERVED CVE-2020-20126 RESERVED CVE-2020-20125 (EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: EARCLINK ESPCMS-P8 CVE-2020-20124 (Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability ...) NOT-FOR-US: Wuzhi CMS CVE-2020-20123 RESERVED CVE-2020-20122 (Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitl ...) NOT-FOR-US: Wuzhi CMS CVE-2020-20121 RESERVED CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which ...) NOT-FOR-US: ThinkPHP CVE-2020-20119 RESERVED CVE-2020-20118 (Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows ...) NOT-FOR-US: Avast CVE-2020-20117 RESERVED CVE-2020-20116 RESERVED CVE-2020-20115 RESERVED CVE-2020-20114 RESERVED CVE-2020-20113 RESERVED CVE-2020-20112 RESERVED CVE-2020-20111 RESERVED CVE-2020-20110 RESERVED CVE-2020-20109 RESERVED CVE-2020-20108 RESERVED CVE-2020-20107 RESERVED CVE-2020-20106 RESERVED CVE-2020-20105 RESERVED CVE-2020-20104 RESERVED CVE-2020-20103 RESERVED CVE-2020-20102 RESERVED CVE-2020-20101 RESERVED CVE-2020-20100 RESERVED CVE-2020-20099 RESERVED CVE-2020-20098 RESERVED CVE-2020-20097 RESERVED CVE-2020-20096 (Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user int ...) NOT-FOR-US: WhatsApp CVE-2020-20095 (iMessage (Messages app) iOS 12.4 and prior user interface does not pro ...) NOT-FOR-US: Apple iMessage CVE-2020-20094 (Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user in ...) NOT-FOR-US: Instagram CVE-2020-20093 (The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0 ...) NOT-FOR-US: Facebook Messenger CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the image uploa ...) NOT-FOR-US: ArticleCMS CVE-2020-20091 RESERVED CVE-2020-20090 RESERVED CVE-2020-20089 RESERVED CVE-2020-20088 RESERVED CVE-2020-20087 RESERVED CVE-2020-20086 RESERVED CVE-2020-20085 RESERVED CVE-2020-20084 RESERVED CVE-2020-20083 RESERVED CVE-2020-20082 RESERVED CVE-2020-20081 RESERVED CVE-2020-20080 RESERVED CVE-2020-20079 RESERVED CVE-2020-20078 RESERVED CVE-2020-20077 RESERVED CVE-2020-20076 RESERVED CVE-2020-20075 RESERVED CVE-2020-20074 RESERVED CVE-2020-20073 RESERVED CVE-2020-20072 RESERVED CVE-2020-20071 RESERVED CVE-2020-20070 (Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allow ...) NOT-FOR-US: DWSurvey CVE-2020-20069 RESERVED CVE-2020-20068 RESERVED CVE-2020-20067 (File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to ...) NOT-FOR-US: ebCMS CVE-2020-20066 RESERVED CVE-2020-20065 RESERVED CVE-2020-20064 RESERVED CVE-2020-20063 RESERVED CVE-2020-20062 RESERVED CVE-2020-20061 RESERVED CVE-2020-20060 RESERVED CVE-2020-20059 RESERVED CVE-2020-20058 RESERVED CVE-2020-20057 RESERVED CVE-2020-20056 RESERVED CVE-2020-20055 RESERVED CVE-2020-20054 RESERVED CVE-2020-20053 RESERVED CVE-2020-20052 RESERVED CVE-2020-20051 RESERVED CVE-2020-20050 RESERVED CVE-2020-20049 RESERVED CVE-2020-20048 RESERVED CVE-2020-20047 RESERVED CVE-2020-20046 RESERVED CVE-2020-20045 RESERVED CVE-2020-20044 RESERVED CVE-2020-20043 RESERVED CVE-2020-20042 RESERVED CVE-2020-20041 RESERVED CVE-2020-20040 RESERVED CVE-2020-20039 RESERVED CVE-2020-20038 RESERVED CVE-2020-20037 RESERVED CVE-2020-20036 RESERVED CVE-2020-20035 RESERVED CVE-2020-20034 RESERVED CVE-2020-20033 RESERVED CVE-2020-20032 RESERVED CVE-2020-20031 RESERVED CVE-2020-20030 RESERVED CVE-2020-20029 RESERVED CVE-2020-20028 RESERVED CVE-2020-20027 RESERVED CVE-2020-20026 RESERVED CVE-2020-20025 RESERVED CVE-2020-20024 RESERVED CVE-2020-20023 RESERVED CVE-2020-20022 RESERVED CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier allows atta ...) NOT-FOR-US: MikroTik CVE-2020-20020 RESERVED CVE-2020-20019 RESERVED CVE-2020-20018 RESERVED CVE-2020-20017 RESERVED CVE-2020-20016 RESERVED CVE-2020-20015 RESERVED CVE-2020-20014 RESERVED CVE-2020-20013 RESERVED CVE-2020-20012 (WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.) NOT-FOR-US: WebPlus Pro CVE-2020-20011 RESERVED CVE-2020-20010 RESERVED CVE-2020-20009 RESERVED CVE-2020-20008 RESERVED CVE-2020-20007 RESERVED CVE-2020-20006 RESERVED CVE-2020-20005 RESERVED CVE-2020-20004 RESERVED CVE-2020-20003 RESERVED CVE-2020-20002 RESERVED CVE-2020-20001 RESERVED CVE-2020-20000 RESERVED CVE-2020-19999 RESERVED CVE-2020-19998 RESERVED CVE-2020-19997 RESERVED CVE-2020-19996 RESERVED CVE-2020-19995 RESERVED CVE-2020-19994 RESERVED CVE-2020-19993 RESERVED CVE-2020-19992 RESERVED CVE-2020-19991 RESERVED CVE-2020-19990 RESERVED CVE-2020-19989 RESERVED CVE-2020-19988 RESERVED CVE-2020-19987 RESERVED CVE-2020-19986 RESERVED CVE-2020-19985 RESERVED CVE-2020-19984 RESERVED CVE-2020-19983 RESERVED CVE-2020-19982 RESERVED CVE-2020-19981 RESERVED CVE-2020-19980 RESERVED CVE-2020-19979 RESERVED CVE-2020-19978 RESERVED CVE-2020-19977 RESERVED CVE-2020-19976 RESERVED CVE-2020-19975 RESERVED CVE-2020-19974 RESERVED CVE-2020-19973 RESERVED CVE-2020-19972 RESERVED CVE-2020-19971 RESERVED CVE-2020-19970 RESERVED CVE-2020-19969 RESERVED CVE-2020-19968 RESERVED CVE-2020-19967 RESERVED CVE-2020-19966 RESERVED CVE-2020-19965 RESERVED CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...) NOT-FOR-US: PHPMyWind CVE-2020-19963 RESERVED CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...) NOT-FOR-US: Chaoji CMS CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19958 RESERVED CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19956 RESERVED CVE-2020-19955 RESERVED CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...) NOT-FOR-US: S-CMS CVE-2020-19953 RESERVED CVE-2020-19952 (Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Ma ...) NOT-FOR-US: jbt Markdown Editor CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...) NOT-FOR-US: YzmCMS CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...) NOT-FOR-US: YzmCMS CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...) NOT-FOR-US: YzmCMS CVE-2020-19948 RESERVED CVE-2020-19947 (Cross Site Scripting vulnerability found in Markdown Edit allows a rem ...) NOT-FOR-US: Markdown Edit CVE-2020-19946 RESERVED CVE-2020-19945 RESERVED CVE-2020-19944 RESERVED CVE-2020-19943 RESERVED CVE-2020-19942 RESERVED CVE-2020-19941 RESERVED CVE-2020-19940 RESERVED CVE-2020-19939 RESERVED CVE-2020-19938 RESERVED CVE-2020-19937 RESERVED CVE-2020-19936 RESERVED CVE-2020-19935 RESERVED CVE-2020-19934 RESERVED CVE-2020-19933 RESERVED CVE-2020-19932 RESERVED CVE-2020-19931 RESERVED CVE-2020-19930 RESERVED CVE-2020-19929 RESERVED CVE-2020-19928 RESERVED CVE-2020-19927 RESERVED CVE-2020-19926 RESERVED CVE-2020-19925 RESERVED CVE-2020-19924 (In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS a ...) NOT-FOR-US: Boostnote CVE-2020-19923 RESERVED CVE-2020-19922 RESERVED CVE-2020-19921 RESERVED CVE-2020-19920 RESERVED CVE-2020-19919 RESERVED CVE-2020-19918 RESERVED CVE-2020-19917 RESERVED CVE-2020-19916 RESERVED CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...) NOT-FOR-US: WUZHI CMS CVE-2020-19914 (Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers t ...) NOT-FOR-US: xiunobbs CVE-2020-19913 RESERVED CVE-2020-19912 RESERVED CVE-2020-19911 RESERVED CVE-2020-19910 RESERVED CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a ...) - curl 7.66.0-1 (unimportant) NOTE: https://github.com/curl/curl/pull/4166 NOTE: Fixed by: https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d (curl-7_66_0) NOTE: Crash in CLI tool, no security impact CVE-2020-19908 RESERVED CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...) NOT-FOR-US: Caldera plugin CVE-2020-19906 RESERVED CVE-2020-19905 RESERVED CVE-2020-19904 RESERVED CVE-2020-19903 RESERVED CVE-2020-19902 (Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 all ...) NOT-FOR-US: Cryptoprof WCMS CVE-2020-19901 RESERVED CVE-2020-19900 RESERVED CVE-2020-19899 RESERVED CVE-2020-19898 RESERVED CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...) NOT-FOR-US: Wuzhicms CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...) NOT-FOR-US: MiniCMS CVE-2020-19895 RESERVED CVE-2020-19894 RESERVED CVE-2020-19893 RESERVED CVE-2020-19892 RESERVED CVE-2020-19891 (DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\ ...) NOT-FOR-US: DBHcms CVE-2020-19890 (DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\m ...) NOT-FOR-US: DBHcms CVE-2020-19889 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19888 (DBHcms v1.2.0 has an unauthorized operation vulnerability because ther ...) NOT-FOR-US: DBHcms CVE-2020-19887 (DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19886 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19885 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19884 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19883 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19882 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19881 (DBHcms v1.2.0 has a reflected xss vulnerability as there is no securit ...) NOT-FOR-US: DBHcms CVE-2020-19880 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19879 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19878 (DBHcms v1.2.0 has a sensitive information leaks vulnerability as there ...) NOT-FOR-US: DBHcms CVE-2020-19877 (DBHcms v1.2.0 has a directory traversal vulnerability as there is no d ...) NOT-FOR-US: DBHcms CVE-2020-19876 RESERVED CVE-2020-19875 RESERVED CVE-2020-19874 RESERVED CVE-2020-19873 RESERVED CVE-2020-19872 RESERVED CVE-2020-19871 RESERVED CVE-2020-19870 RESERVED CVE-2020-19869 RESERVED CVE-2020-19868 RESERVED CVE-2020-19867 RESERVED CVE-2020-19866 RESERVED CVE-2020-19865 RESERVED CVE-2020-19864 RESERVED CVE-2020-19863 RESERVED CVE-2020-19862 RESERVED CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...) {DLA-2910-1} - ldns 1.8.1-1 [bullseye] - ldns (Minor issue) [buster] - ldns (Minor issue) NOTE: https://github.com/NLnetLabs/ldns/issues/51 NOTE: https://github.com/NLnetLabs/ldns/commit/136ec420437041fe13f344a2053e774f9050cc38 (1.8.0-rc.1) CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...) {DLA-2910-1} - ldns 1.8.1-1 [bullseye] - ldns (Minor issue) [buster] - ldns (Minor issue) NOTE: https://github.com/NLnetLabs/ldns/issues/50 NOTE: https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 (1.8.0-rc.1) NOTE: https://github.com/NLnetLabs/ldns/commit/4e9861576a600a5ecfa16ec2de853c90dd9ce276 (1.8.0-rc.1) CVE-2020-19859 RESERVED CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...) NOT-FOR-US: Platinum Upnp SDK CVE-2020-19857 RESERVED CVE-2020-19856 RESERVED CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...) NOT-FOR-US: phpwcms CVE-2020-19854 RESERVED CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.) NOT-FOR-US: BlueCMS CVE-2020-19852 RESERVED CVE-2020-19851 RESERVED CVE-2020-19850 (An issue found in Directus API v.2.2.0 allows a remote attacker to cau ...) NOT-FOR-US: Directus API CVE-2020-19849 RESERVED CVE-2020-19848 RESERVED CVE-2020-19847 RESERVED CVE-2020-19846 RESERVED CVE-2020-19845 RESERVED CVE-2020-19844 RESERVED CVE-2020-19843 RESERVED CVE-2020-19842 RESERVED CVE-2020-19841 RESERVED CVE-2020-19840 RESERVED CVE-2020-19839 RESERVED CVE-2020-19838 RESERVED CVE-2020-19837 RESERVED CVE-2020-19836 RESERVED CVE-2020-19835 RESERVED CVE-2020-19834 RESERVED CVE-2020-19833 RESERVED CVE-2020-19832 RESERVED CVE-2020-19831 RESERVED CVE-2020-19830 RESERVED CVE-2020-19829 RESERVED CVE-2020-19828 RESERVED CVE-2020-19827 RESERVED CVE-2020-19826 RESERVED CVE-2020-19825 (Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 i ...) NOT-FOR-US: kevinpapst kimai2 CVE-2020-19824 (An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute ar ...) {DLA-3358-1} - mpv 0.30.0-1 NOTE: https://github.com/mpv-player/mpv/issues/6808 NOTE: https://github.com/mpv-player/mpv/commit/5858e3cdbd6fbae3ed80366912dd5df0af4fa126 (v0.30.0) CVE-2020-19823 RESERVED CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...) NOT-FOR-US: ZZCMS CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...) NOT-FOR-US: DOYOCMS CVE-2020-19820 RESERVED CVE-2020-19819 RESERVED CVE-2020-19818 RESERVED CVE-2020-19817 RESERVED CVE-2020-19816 RESERVED CVE-2020-19815 RESERVED CVE-2020-19814 RESERVED CVE-2020-19813 RESERVED CVE-2020-19812 RESERVED CVE-2020-19811 RESERVED CVE-2020-19810 RESERVED CVE-2020-19809 RESERVED CVE-2020-19808 RESERVED CVE-2020-19807 RESERVED CVE-2020-19806 RESERVED CVE-2020-19805 RESERVED CVE-2020-19804 RESERVED CVE-2020-19803 (Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 ...) NOT-FOR-US: DoyoCMS CVE-2020-19802 (File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remot ...) NOT-FOR-US: DoyoCMS CVE-2020-19801 RESERVED CVE-2020-19800 RESERVED CVE-2020-19799 RESERVED CVE-2020-19798 RESERVED CVE-2020-19797 RESERVED CVE-2020-19796 RESERVED CVE-2020-19795 RESERVED CVE-2020-19794 RESERVED CVE-2020-19793 RESERVED CVE-2020-19792 RESERVED CVE-2020-19791 RESERVED CVE-2020-19790 RESERVED CVE-2020-19789 RESERVED CVE-2020-19788 RESERVED CVE-2020-19787 RESERVED CVE-2020-19786 (File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 al ...) NOT-FOR-US: CSKaza CSZ CMS CVE-2020-19785 RESERVED CVE-2020-19784 RESERVED CVE-2020-19783 RESERVED CVE-2020-19782 RESERVED CVE-2020-19781 RESERVED CVE-2020-19780 RESERVED CVE-2020-19779 RESERVED CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...) NOT-FOR-US: Shopxo CVE-2020-19777 RESERVED CVE-2020-19776 RESERVED CVE-2020-19775 RESERVED CVE-2020-19774 RESERVED CVE-2020-19773 RESERVED CVE-2020-19772 RESERVED CVE-2020-19771 RESERVED CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...) NOT-FOR-US: WUZHI CMS CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...) NOT-FOR-US: Rob The Bank CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...) NOT-FOR-US: ICOVO CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...) NOT-FOR-US: 0xRACER CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...) NOT-FOR-US: PepeAuctionSale CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...) NOT-FOR-US: Ethereum Accounting CVE-2020-19764 RESERVED CVE-2020-19763 RESERVED CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows ...) NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System CVE-2020-19761 RESERVED CVE-2020-19760 RESERVED CVE-2020-19759 RESERVED CVE-2020-19758 RESERVED CVE-2020-19757 RESERVED CVE-2020-19756 RESERVED CVE-2020-19755 RESERVED CVE-2020-19754 RESERVED CVE-2020-19753 RESERVED CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...) - gifsicle 1.93-2 (unimportant) NOTE: https://github.com/kohler/gifsicle/issues/140 NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93) NOTE: Crash in CLI tool, no security impact CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1272 NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20) CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1262 NOTE: https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02 (v0.9.0-preview~20) CVE-2020-19749 RESERVED CVE-2020-19748 RESERVED CVE-2020-19747 RESERVED CVE-2020-19746 RESERVED CVE-2020-19745 RESERVED CVE-2020-19744 RESERVED CVE-2020-19743 RESERVED CVE-2020-19742 RESERVED CVE-2020-19741 RESERVED CVE-2020-19740 RESERVED CVE-2020-19739 RESERVED CVE-2020-19738 RESERVED CVE-2020-19737 RESERVED CVE-2020-19736 RESERVED CVE-2020-19735 RESERVED CVE-2020-19734 RESERVED CVE-2020-19733 RESERVED CVE-2020-19732 RESERVED CVE-2020-19731 RESERVED CVE-2020-19730 RESERVED CVE-2020-19729 RESERVED CVE-2020-19728 RESERVED CVE-2020-19727 RESERVED CVE-2020-19726 (An issue was discovered in binutils libbfd.c 2.36 relating to the auxi ...) - binutils 2.37-3 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26240 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26241 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4fd8d5856435ff84de1f181381fc51754285af6f NOTE: binutils not covered by security support CVE-2020-19725 (There is a use-after-free vulnerability in file pdd_simplifier.cpp in ...) NOT-FOR-US: Z3Prover Z3 CVE-2020-19724 (A memory consumption issue in get_data function in binutils/nm.c in GN ...) - binutils 2.33.50.20200114-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25362 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=805f38bc551de820bcd7b31d3c5731ae27cf853a (binutils-2_34 NOTE: binutils not covered by security support CVE-2020-19723 RESERVED CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) NOT-FOR-US: Bento4 CVE-2020-19721 (A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1 ...) NOT-FOR-US: Bento4 CVE-2020-19720 (An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bent ...) NOT-FOR-US: Bento4 CVE-2020-19719 (A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 ...) NOT-FOR-US: Bento4 CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) NOT-FOR-US: Bento4 CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...) NOT-FOR-US: Bento4 CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...) {DLA-3186-1} - exiv2 0.27.2-6 NOTE: https://github.com/Exiv2/exiv2/issues/980 NOTE: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3 CVE-2020-19715 REJECTED CVE-2020-19714 RESERVED CVE-2020-19713 RESERVED CVE-2020-19712 RESERVED CVE-2020-19711 RESERVED CVE-2020-19710 RESERVED CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows ...) NOT-FOR-US: feehicms CVE-2020-19708 RESERVED CVE-2020-19707 RESERVED CVE-2020-19706 RESERVED CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...) NOT-FOR-US: thinkphp-zcms CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...) NOT-FOR-US: Spring Boot admin NOTE: https://github.com/sail-y/spring-boot-admin CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...) NOT-FOR-US: Dzzoffice CVE-2020-19702 RESERVED CVE-2020-19701 RESERVED CVE-2020-19700 RESERVED CVE-2020-19699 (Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 all ...) NOT-FOR-US: KOHGYLW Kiftd CVE-2020-19698 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...) NOT-FOR-US: Pandao Editor.md CVE-2020-19697 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...) NOT-FOR-US: Pandao Editor.md CVE-2020-19696 RESERVED CVE-2020-19695 (Buffer Overflow found in Nginx NJS allows a remote attacker to execute ...) NOT-FOR-US: Nginx NJS CVE-2020-19694 RESERVED CVE-2020-19693 (An issue found in Espruino Espruino 6ea4c0a allows an attacker to exec ...) NOT-FOR-US: Espruino CVE-2020-19692 (Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a rem ...) NOT-FOR-US: Nginx NJS CVE-2020-19691 RESERVED CVE-2020-19690 RESERVED CVE-2020-19689 RESERVED CVE-2020-19688 RESERVED CVE-2020-19687 RESERVED CVE-2020-19686 RESERVED CVE-2020-19685 RESERVED CVE-2020-19684 RESERVED CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...) NOT-FOR-US: zzzcms CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...) NOT-FOR-US: zzzcms CVE-2020-19681 RESERVED CVE-2020-19680 RESERVED CVE-2020-19679 RESERVED CVE-2020-19678 (Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense ...) NOT-FOR-US: pfSense CVE-2020-19677 RESERVED CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...) NOT-FOR-US: Nacos CVE-2020-19675 RESERVED CVE-2020-19674 RESERVED CVE-2020-19673 RESERVED CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...) NOT-FOR-US: Niushop B2B2C Multi-business basic CVE-2020-19671 RESERVED CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...) NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...) NOT-FOR-US: Eyoucms CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...) - libsixel 1.10.3-1 (bug #990799) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/136 NOTE: https://github.com/libsixel/libsixel/issues/7 NOTE: https://github.com/libsixel/libsixel/pull/8 NOTE: https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 (v1.9.0) NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in ...) {DLA-3357-1 DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1895 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5462fd4725018567764c8f66bed98b7ee3e23006 CVE-2020-19666 RESERVED CVE-2020-19665 RESERVED CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...) NOT-FOR-US: DrayTek Vigor2960 CVE-2020-19663 RESERVED CVE-2020-19662 RESERVED CVE-2020-19661 RESERVED CVE-2020-19660 (Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to ...) NOT-FOR-US: pandao editor.md CVE-2020-19659 RESERVED CVE-2020-19658 RESERVED CVE-2020-19657 RESERVED CVE-2020-19656 RESERVED CVE-2020-19655 RESERVED CVE-2020-19654 RESERVED CVE-2020-19653 RESERVED CVE-2020-19652 RESERVED CVE-2020-19651 RESERVED CVE-2020-19650 RESERVED CVE-2020-19649 RESERVED CVE-2020-19648 RESERVED CVE-2020-19647 RESERVED CVE-2020-19646 RESERVED CVE-2020-19645 RESERVED CVE-2020-19644 RESERVED CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19638 RESERVED CVE-2020-19637 RESERVED CVE-2020-19636 RESERVED CVE-2020-19635 RESERVED CVE-2020-19634 RESERVED CVE-2020-19633 RESERVED CVE-2020-19632 RESERVED CVE-2020-19631 RESERVED CVE-2020-19630 RESERVED CVE-2020-19629 RESERVED CVE-2020-19628 RESERVED CVE-2020-19627 RESERVED CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...) NOT-FOR-US: craftcms CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...) NOT-FOR-US: oria gridx CVE-2020-19624 RESERVED CVE-2020-19623 RESERVED CVE-2020-19622 RESERVED CVE-2020-19621 RESERVED CVE-2020-19620 RESERVED CVE-2020-19619 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signatur ...) NOT-FOR-US: mblog CVE-2020-19618 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post con ...) NOT-FOR-US: mblog CVE-2020-19617 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname ...) NOT-FOR-US: mblog CVE-2020-19616 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post hea ...) NOT-FOR-US: mblog CVE-2020-19615 RESERVED CVE-2020-19614 RESERVED CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function ...) NOT-FOR-US: sunkaifei FlyCMS CVE-2020-19612 RESERVED CVE-2020-19611 (Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...) - racktables (bug #629531) CVE-2020-19610 RESERVED CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) {DLA-2765-1} - mupdf 1.17.0+ds1-2 (bug #991401) [buster] - mupdf (Minor issue; can be fixed via point release) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076 CVE-2020-19608 RESERVED CVE-2020-19607 RESERVED CVE-2020-19606 RESERVED CVE-2020-19605 RESERVED CVE-2020-19604 RESERVED CVE-2020-19603 RESERVED CVE-2020-19602 RESERVED CVE-2020-19601 RESERVED CVE-2020-19600 RESERVED CVE-2020-19599 RESERVED CVE-2020-19598 RESERVED CVE-2020-19597 RESERVED CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a ...) NOT-FOR-US: Core FTP CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a c ...) NOT-FOR-US: Core FTP CVE-2020-19594 RESERVED CVE-2020-19593 RESERVED CVE-2020-19592 RESERVED CVE-2020-19591 RESERVED CVE-2020-19590 RESERVED CVE-2020-19589 RESERVED CVE-2020-19588 RESERVED CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap parameters in Ye ...) NOT-FOR-US: Yellowfin Business Intelligence CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 ...) NOT-FOR-US: Yellowfin Business Intelligence CVE-2020-19585 RESERVED CVE-2020-19584 RESERVED CVE-2020-19583 RESERVED CVE-2020-19582 RESERVED CVE-2020-19581 RESERVED CVE-2020-19580 RESERVED CVE-2020-19579 RESERVED CVE-2020-19578 RESERVED CVE-2020-19577 RESERVED CVE-2020-19576 RESERVED CVE-2020-19575 RESERVED CVE-2020-19574 RESERVED CVE-2020-19573 RESERVED CVE-2020-19572 RESERVED CVE-2020-19571 RESERVED CVE-2020-19570 RESERVED CVE-2020-19569 RESERVED CVE-2020-19568 RESERVED CVE-2020-19567 RESERVED CVE-2020-19566 RESERVED CVE-2020-19565 RESERVED CVE-2020-19564 RESERVED CVE-2020-19563 RESERVED CVE-2020-19562 RESERVED CVE-2020-19561 RESERVED CVE-2020-19560 RESERVED CVE-2020-19559 (An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote at ...) NOT-FOR-US: Diebold Aglis XFS for Opteva CVE-2020-19558 RESERVED CVE-2020-19557 RESERVED CVE-2020-19556 RESERVED CVE-2020-19555 RESERVED CVE-2020-19554 (Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPMana ...) NOT-FOR-US: ManageEngine CVE-2020-19553 (Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and ...) NOT-FOR-US: WUZHI CMS CVE-2020-19552 RESERVED CVE-2020-19551 (Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 i ...) NOT-FOR-US: WUZHI CMS CVE-2020-19550 RESERVED CVE-2020-19549 RESERVED CVE-2020-19548 RESERVED CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...) NOT-FOR-US: PopojiCMS CVE-2020-19546 RESERVED CVE-2020-19545 RESERVED CVE-2020-19544 RESERVED CVE-2020-19543 RESERVED CVE-2020-19542 RESERVED CVE-2020-19541 RESERVED CVE-2020-19540 RESERVED CVE-2020-19539 RESERVED CVE-2020-19538 RESERVED CVE-2020-19537 RESERVED CVE-2020-19536 RESERVED CVE-2020-19535 RESERVED CVE-2020-19534 RESERVED CVE-2020-19533 RESERVED CVE-2020-19532 RESERVED CVE-2020-19531 RESERVED CVE-2020-19530 RESERVED CVE-2020-19529 RESERVED CVE-2020-19528 RESERVED CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-19526 RESERVED CVE-2020-19525 RESERVED CVE-2020-19524 RESERVED CVE-2020-19523 RESERVED CVE-2020-19522 RESERVED CVE-2020-19521 RESERVED CVE-2020-19520 RESERVED CVE-2020-19519 RESERVED CVE-2020-19518 RESERVED CVE-2020-19517 RESERVED CVE-2020-19516 RESERVED CVE-2020-19515 (qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install ...) NOT-FOR-US: qdPM CVE-2020-19514 RESERVED CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...) NOT-FOR-US: FinalWire Ltd AIDA64 Engineer CVE-2020-19512 RESERVED CVE-2020-19511 (Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) clas ...) NOT-FOR-US: Typesetter CMS CVE-2020-19510 (Textpattern 4.7.3 contains an aribtrary file load via the file_insert ...) - textpattern CVE-2020-19509 RESERVED CVE-2020-19508 RESERVED CVE-2020-19507 RESERVED CVE-2020-19506 RESERVED CVE-2020-19505 RESERVED CVE-2020-19504 RESERVED CVE-2020-19503 RESERVED CVE-2020-19502 RESERVED CVE-2020-19501 RESERVED CVE-2020-19500 REJECTED CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in libheif 1 ...) - libheif 1.5.0-1 [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd NOTE: https://github.com/strukturag/libheif/issues/138 CVE-2020-19498 (Floating point exception in function Fraction in libheif 1.4.0, allows ...) - libheif 1.5.0-1 [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/issues/139 NOTE: https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58 CVE-2020-19497 (Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tb ...) - libmatio 1.5.19-2 [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/commit/5fa49ef9fc4368fe3d19b5fdaa36d8fa5e7f4606 (v1.5.18) NOTE: https://github.com/tbeu/matio/issues/121 CVE-2020-19496 RESERVED CVE-2020-19495 RESERVED CVE-2020-19494 RESERVED CVE-2020-19493 RESERVED CVE-2020-19492 (There is a floating point exception in ReadImage that leads to a Segme ...) - sam2p NOTE: https://github.com/pts/sam2p/commit/b953f63307c4a83fa4615a4863e3fb250205cd98 NOTE: https://github.com/pts/sam2p/issues/66 CVE-2020-19491 (There is an invalid memory access bug in cgif.c that leads to a Segmen ...) - sam2p NOTE: https://github.com/pts/sam2p/commit/1d62cf8964bfcafa6561c4c3bb66d4aa4c529a73 NOTE: https://github.com/pts/sam2p/issues/67 CVE-2020-19490 (tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixe ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/syoyo/tinyexr/issues/124 NOTE: https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270 CVE-2020-19489 RESERVED CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) NOTE: https://github.com/gpac/gpac/issues/1263 NOTE: Introduced by: https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf (v0.8.0) NOTE: Fixed by: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 (v0.9.0-preview) CVE-2020-19487 RESERVED CVE-2020-19486 RESERVED CVE-2020-19485 RESERVED CVE-2020-19484 RESERVED CVE-2020-19483 RESERVED CVE-2020-19482 RESERVED CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) NOTE: https://github.com/gpac/gpac/issues/1265 NOTE: https://github.com/gpac/gpac/issues/1266 NOTE: https://github.com/gpac/gpac/issues/1267 NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0) NOTE: Fixed by: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview) CVE-2020-19480 RESERVED CVE-2020-19479 RESERVED CVE-2020-19478 RESERVED CVE-2020-19477 RESERVED CVE-2020-19476 RESERVED CVE-2020-19475 (An issue has been found in function CCITTFaxStream::lookChar in PDF2JS ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19474 (An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 t ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19473 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19472 (An issue has been found in function DCTStream::readHuffSym in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19471 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19470 (An issue has been found in function DCTStream::getChar in PDF2JSON 0.7 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19469 (An issue has been found in function DCTStream::reset in PDF2JSON 0.70 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19468 (An issue has been found in function EmbedStream::getChar in PDF2JSON 0 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19467 (An issue has been found in function DCTStream::transformDataUnit in PD ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19466 (An issue has been found in function DCTStream::transformDataUnit in PD ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19465 (An issue has been found in function ObjectStream::getObject in PDF2JSO ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19464 (An issue has been found in function XRef::fetch in PDF2JSON 0.70 that ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19463 (An issue has been found in function vfprintf in PDF2JSON 0.70 that all ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19462 RESERVED CVE-2020-19461 RESERVED CVE-2020-19460 RESERVED CVE-2020-19459 RESERVED CVE-2020-19458 RESERVED CVE-2020-19457 RESERVED CVE-2020-19456 RESERVED CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19454 RESERVED CVE-2020-19453 RESERVED CVE-2020-19452 RESERVED CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19449 RESERVED CVE-2020-19448 RESERVED CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19446 RESERVED CVE-2020-19445 RESERVED CVE-2020-19444 RESERVED CVE-2020-19443 RESERVED CVE-2020-19442 RESERVED CVE-2020-19441 RESERVED CVE-2020-19440 RESERVED CVE-2020-19439 RESERVED CVE-2020-19438 RESERVED CVE-2020-19437 RESERVED CVE-2020-19436 RESERVED CVE-2020-19435 RESERVED CVE-2020-19434 RESERVED CVE-2020-19433 RESERVED CVE-2020-19432 RESERVED CVE-2020-19431 RESERVED CVE-2020-19430 RESERVED CVE-2020-19429 RESERVED CVE-2020-19428 RESERVED CVE-2020-19427 RESERVED CVE-2020-19426 RESERVED CVE-2020-19425 RESERVED CVE-2020-19424 RESERVED CVE-2020-19423 RESERVED CVE-2020-19422 RESERVED CVE-2020-19421 RESERVED CVE-2020-19420 RESERVED CVE-2020-19419 (Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 ...) NOT-FOR-US: Emerson Smart Wireless Gateway 1420 CVE-2020-19418 RESERVED CVE-2020-19417 (Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users ...) NOT-FOR-US: Emerson Smart Wireless Gateway 1420 CVE-2020-19416 RESERVED CVE-2020-19415 RESERVED CVE-2020-19414 RESERVED CVE-2020-19413 RESERVED CVE-2020-19412 RESERVED CVE-2020-19411 RESERVED CVE-2020-19410 RESERVED CVE-2020-19409 RESERVED CVE-2020-19408 RESERVED CVE-2020-19407 RESERVED CVE-2020-19406 RESERVED CVE-2020-19405 RESERVED CVE-2020-19404 RESERVED CVE-2020-19403 RESERVED CVE-2020-19402 RESERVED CVE-2020-19401 RESERVED CVE-2020-19400 RESERVED CVE-2020-19399 RESERVED CVE-2020-19398 RESERVED CVE-2020-19397 RESERVED CVE-2020-19396 RESERVED CVE-2020-19395 RESERVED CVE-2020-19394 RESERVED CVE-2020-19393 RESERVED CVE-2020-19392 RESERVED CVE-2020-19391 RESERVED CVE-2020-19390 RESERVED CVE-2020-19389 RESERVED CVE-2020-19388 RESERVED CVE-2020-19387 RESERVED CVE-2020-19386 RESERVED CVE-2020-19385 RESERVED CVE-2020-19384 RESERVED CVE-2020-19383 RESERVED CVE-2020-19382 RESERVED CVE-2020-19381 RESERVED CVE-2020-19380 RESERVED CVE-2020-19379 RESERVED CVE-2020-19378 RESERVED CVE-2020-19377 RESERVED CVE-2020-19376 RESERVED CVE-2020-19375 RESERVED CVE-2020-19374 RESERVED CVE-2020-19373 RESERVED CVE-2020-19372 RESERVED CVE-2020-19371 RESERVED CVE-2020-19370 RESERVED CVE-2020-19369 RESERVED CVE-2020-19368 RESERVED CVE-2020-19367 RESERVED CVE-2020-19366 RESERVED CVE-2020-19365 RESERVED CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and execute m ...) NOT-FOR-US: OpenEMR CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files, list dir ...) NOT-FOR-US: Vtiger CRM CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the ...) NOT-FOR-US: Vtiger CRM CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 ...) NOT-FOR-US: Medintux CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper fil ...) NOT-FOR-US: FHEM CVE-2020-19359 RESERVED CVE-2020-19358 RESERVED CVE-2020-19357 RESERVED CVE-2020-19356 RESERVED CVE-2020-19355 RESERVED CVE-2020-19354 RESERVED CVE-2020-19353 RESERVED CVE-2020-19352 RESERVED CVE-2020-19351 RESERVED CVE-2020-19350 RESERVED CVE-2020-19349 RESERVED CVE-2020-19348 RESERVED CVE-2020-19347 RESERVED CVE-2020-19346 RESERVED CVE-2020-19345 RESERVED CVE-2020-19344 RESERVED CVE-2020-19343 RESERVED CVE-2020-19342 RESERVED CVE-2020-19341 RESERVED CVE-2020-19340 RESERVED CVE-2020-19339 RESERVED CVE-2020-19338 RESERVED CVE-2020-19337 RESERVED CVE-2020-19336 RESERVED CVE-2020-19335 RESERVED CVE-2020-19334 RESERVED CVE-2020-19333 RESERVED CVE-2020-19332 RESERVED CVE-2020-19331 RESERVED CVE-2020-19330 RESERVED CVE-2020-19329 RESERVED CVE-2020-19328 RESERVED CVE-2020-19327 RESERVED CVE-2020-19326 RESERVED CVE-2020-19325 RESERVED CVE-2020-19324 RESERVED CVE-2020-19323 (An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta ...) NOT-FOR-US: D-Link CVE-2020-19322 RESERVED CVE-2020-19321 RESERVED CVE-2020-19320 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...) NOT-FOR-US: D-Link CVE-2020-19319 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...) NOT-FOR-US: D-Link CVE-2020-19318 (Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, ...) NOT-FOR-US: D-Link CVE-2020-19317 RESERVED CVE-2020-19316 (OS Command injection vulnerability in function link in Filesystem.php ...) - php-laravel-framework (Fixed before initial upload to Debian) NOTE: http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ NOTE: https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 (5.8.17) CVE-2020-19315 RESERVED CVE-2020-19314 RESERVED CVE-2020-19313 RESERVED CVE-2020-19312 RESERVED CVE-2020-19311 RESERVED CVE-2020-19310 RESERVED CVE-2020-19309 RESERVED CVE-2020-19308 RESERVED CVE-2020-19307 RESERVED CVE-2020-19306 RESERVED CVE-2020-19305 (An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 ...) NOT-FOR-US: Metinfo CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Meti ...) NOT-FOR-US: Metinfo CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...) NOT-FOR-US: hdcms CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...) NOT-FOR-US: vaeThink CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...) NOT-FOR-US: vaeThink CVE-2020-19300 RESERVED CVE-2020-19299 RESERVED CVE-2020-19298 RESERVED CVE-2020-19297 RESERVED CVE-2020-19296 RESERVED CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...) NOT-FOR-US: Jeesns CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...) NOT-FOR-US: Jeesns CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add ...) NOT-FOR-US: Jeesns CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...) NOT-FOR-US: Jeesns CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...) NOT-FOR-US: Jeesns CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...) NOT-FOR-US: Jeesns CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...) NOT-FOR-US: Jeesns CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u ...) NOT-FOR-US: Jeesns CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...) NOT-FOR-US: Jeesns CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...) NOT-FOR-US: Jeesns CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply ...) NOT-FOR-US: Jeesns CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...) NOT-FOR-US: Jeesns CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...) NOT-FOR-US: Jeesns CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...) NOT-FOR-US: Jeesns CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...) NOT-FOR-US: Jeesns CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...) NOT-FOR-US: Jeesns CVE-2020-19279 (Directory Traversal vulnerability found in B3log Wide allows a an atta ...) NOT-FOR-US: B3log CVE-2020-19278 (Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0. ...) NOT-FOR-US: Phachon mm-wiki CVE-2020-19277 (Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 al ...) NOT-FOR-US: Phachon mm-wiki CVE-2020-19276 RESERVED CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...) NOT-FOR-US: dhcms CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 ...) NOT-FOR-US: dhcms CVE-2020-19273 RESERVED CVE-2020-19272 RESERVED CVE-2020-19271 RESERVED CVE-2020-19270 RESERVED CVE-2020-19269 RESERVED CVE-2020-19268 (A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of ...) NOT-FOR-US: Dswjcms CVE-2020-19267 (An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows ...) NOT-FOR-US: Dswjcms CVE-2020-19266 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) NOT-FOR-US: Dswjcms CVE-2020-19265 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) NOT-FOR-US: Dswjcms CVE-2020-19264 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) NOT-FOR-US: MipCMS CVE-2020-19263 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) NOT-FOR-US: MipCMS CVE-2020-19262 RESERVED CVE-2020-19261 RESERVED CVE-2020-19260 RESERVED CVE-2020-19259 RESERVED CVE-2020-19258 RESERVED CVE-2020-19257 RESERVED CVE-2020-19256 RESERVED CVE-2020-19255 RESERVED CVE-2020-19254 RESERVED CVE-2020-19253 RESERVED CVE-2020-19252 RESERVED CVE-2020-19251 RESERVED CVE-2020-19250 RESERVED CVE-2020-19249 RESERVED CVE-2020-19248 RESERVED CVE-2020-19247 RESERVED CVE-2020-19246 RESERVED CVE-2020-19245 RESERVED CVE-2020-19244 RESERVED CVE-2020-19243 RESERVED CVE-2020-19242 RESERVED CVE-2020-19241 RESERVED CVE-2020-19240 RESERVED CVE-2020-19239 RESERVED CVE-2020-19238 RESERVED CVE-2020-19237 RESERVED CVE-2020-19236 RESERVED CVE-2020-19235 RESERVED CVE-2020-19234 RESERVED CVE-2020-19233 RESERVED CVE-2020-19232 RESERVED CVE-2020-19231 RESERVED CVE-2020-19230 RESERVED CVE-2020-19229 (Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016 ...) NOT-FOR-US: Jeesite CVE-2020-19228 (An issue was found in bludit v3.13.0, unsafe implementation of the bac ...) NOT-FOR-US: bludit CVE-2020-19227 RESERVED CVE-2020-19226 RESERVED CVE-2020-19225 RESERVED CVE-2020-19224 RESERVED CVE-2020-19223 RESERVED CVE-2020-19222 RESERVED CVE-2020-19221 RESERVED CVE-2020-19220 RESERVED CVE-2020-19219 RESERVED CVE-2020-19218 RESERVED CVE-2020-19217 (SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9. ...) - piwigo CVE-2020-19216 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...) - piwigo CVE-2020-19215 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...) - piwigo CVE-2020-19214 RESERVED CVE-2020-19213 (SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the ...) - piwigo CVE-2020-19212 (SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, ...) - piwigo CVE-2020-19211 RESERVED CVE-2020-19210 RESERVED CVE-2020-19209 RESERVED CVE-2020-19208 RESERVED CVE-2020-19207 RESERVED CVE-2020-19206 RESERVED CVE-2020-19205 RESERVED CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exis ...) NOT-FOR-US: IPFire CVE-2020-19203 (An authenticated Cross-Site Scripting (XSS) vulnerability was found in ...) NOT-FOR-US: Netgate pfSense Community Edition CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...) NOT-FOR-US: IPFire CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...) NOT-FOR-US: Netgate pfSense CVE-2020-19200 RESERVED CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...) NOT-FOR-US: PHPOK CVE-2020-19198 RESERVED CVE-2020-19197 RESERVED CVE-2020-19196 RESERVED CVE-2020-19195 RESERVED CVE-2020-19194 RESERVED CVE-2020-19193 RESERVED CVE-2020-19192 RESERVED CVE-2020-19191 RESERVED CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:7 ...) - ncurses 6.1+20191019-1 [buster] - ncurses 6.1+20181013-2+deb10u2 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc6.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html NOTE: CVE-2020-19190 seems to be a duplicate of CVE-2019-17594 but keep distinct for now CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...) {DLA-3586-1} - ncurses 6.1+20191019-1 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html CVE-2020-19188 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...) - ncurses 6.1+20191019-1 [buster] - ncurses 6.1+20181013-2+deb10u2 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc4.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html CVE-2020-19187 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...) - ncurses 6.1+20191019-1 [buster] - ncurses 6.1+20181013-2+deb10u2 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html NOTE: CVE-2020-19187 seems to be a duplicate of CVE-2019-17595 but keep distinct for now CVE-2020-19186 (Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp ...) - ncurses 6.1+20191019-1 [buster] - ncurses 6.1+20181013-2+deb10u2 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html CVE-2020-19185 (Buffer Overflow vulnerability in one_one_mapping function in progs/dum ...) - ncurses 6.1+20191019-1 [buster] - ncurses 6.1+20181013-2+deb10u2 NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html CVE-2020-19184 RESERVED CVE-2020-19183 RESERVED CVE-2020-19182 RESERVED CVE-2020-19181 RESERVED CVE-2020-19180 RESERVED CVE-2020-19179 RESERVED CVE-2020-19178 RESERVED CVE-2020-19177 RESERVED CVE-2020-19176 RESERVED CVE-2020-19175 RESERVED CVE-2020-19174 RESERVED CVE-2020-19173 RESERVED CVE-2020-19172 RESERVED CVE-2020-19171 RESERVED CVE-2020-19170 RESERVED CVE-2020-19169 RESERVED CVE-2020-19168 RESERVED CVE-2020-19167 RESERVED CVE-2020-19166 RESERVED CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 ...) NOT-FOR-US: PHPSHE CVE-2020-19164 RESERVED CVE-2020-19163 RESERVED CVE-2020-19162 RESERVED CVE-2020-19161 RESERVED CVE-2020-19160 RESERVED CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...) NOT-FOR-US: LaikeTui CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows ...) NOT-FOR-US: S-CMS CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...) NOT-FOR-US: Wenku CMS CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...) NOT-FOR-US: Wordpress ari-adminer CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19153 RESERVED CVE-2020-19152 RESERVED CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...) NOT-FOR-US: Jfinal CMS CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19149 RESERVED CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...) NOT-FOR-US: Jfinal CMS CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19145 RESERVED CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DLA-2777-1} - tiff 4.0.10+git190814-1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2852 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159 NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) (CVE-2020-18768) CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DSA-4997-1} - tiff 4.1.0+git201212-1 [stretch] - tiff (Vulnerable code introduced later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/158 NOTE: Introduced with: https://gitlab.com/libtiff/libtiff/-/commit/9eacd59fecc4ef593ac17689bc530ab451c8ec14 (v4.0.10) NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/54ce8c522078cd0f39861df71db848648ec28ade (v4.2.0) CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-19141 RESERVED CVE-2020-19140 RESERVED CVE-2020-19139 RESERVED CVE-2020-19138 (Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and e ...) NOT-FOR-US: DotCMS CVE-2020-19137 (Incorrect Access Control in Autumn v1.0.4 and earlier allows remote at ...) NOT-FOR-US: Autumn CVE-2020-19136 RESERVED CVE-2020-19135 RESERVED CVE-2020-19134 RESERVED CVE-2020-19133 RESERVED CVE-2020-19132 RESERVED CVE-2020-19131 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DLA-2777-1} - tiff 4.0.10+git190814-1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2831 NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/61 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9cfa5c469109c207bf3b916c52e618d4400ba2c0 (v4.1.0) CVE-2020-19130 RESERVED CVE-2020-19129 RESERVED CVE-2020-19128 RESERVED CVE-2020-19127 RESERVED CVE-2020-19126 RESERVED CVE-2020-19125 RESERVED CVE-2020-19124 RESERVED CVE-2020-19123 RESERVED CVE-2020-19122 RESERVED CVE-2020-19121 RESERVED CVE-2020-19120 RESERVED CVE-2020-19119 RESERVED CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...) NOT-FOR-US: YzmCMS CVE-2020-19117 RESERVED CVE-2020-19116 RESERVED CVE-2020-19115 RESERVED CVE-2020-19114 (SQL Injection vulnerability in Online Book Store v1.0 via the publishe ...) NOT-FOR-US: Online Book Store CVE-2020-19113 (Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin ...) NOT-FOR-US: Online Book Store CVE-2020-19112 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19111 (Incorrect Access Control vulnerability in Online Book Store v1.0 via a ...) NOT-FOR-US: Online Book Store CVE-2020-19110 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19109 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19108 (SQL Injection vulnerability in Online Book Store v1.0 via the pubid pa ...) NOT-FOR-US: Online Book Store CVE-2020-19107 (SQL Injection vulnerability in Online Book Store v1.0 via the isbn par ...) NOT-FOR-US: Online Book Store CVE-2020-19106 RESERVED CVE-2020-19105 RESERVED CVE-2020-19104 RESERVED CVE-2020-19103 RESERVED CVE-2020-19102 RESERVED CVE-2020-19101 RESERVED CVE-2020-19100 RESERVED CVE-2020-19099 RESERVED CVE-2020-19098 RESERVED CVE-2020-19097 RESERVED CVE-2020-19096 RESERVED CVE-2020-19095 RESERVED CVE-2020-19094 RESERVED CVE-2020-19093 RESERVED CVE-2020-19092 RESERVED CVE-2020-19091 RESERVED CVE-2020-19090 RESERVED CVE-2020-19089 RESERVED CVE-2020-19088 RESERVED CVE-2020-19087 RESERVED CVE-2020-19086 RESERVED CVE-2020-19085 RESERVED CVE-2020-19084 RESERVED CVE-2020-19083 RESERVED CVE-2020-19082 RESERVED CVE-2020-19081 RESERVED CVE-2020-19080 RESERVED CVE-2020-19079 RESERVED CVE-2020-19078 RESERVED CVE-2020-19077 RESERVED CVE-2020-19076 RESERVED CVE-2020-19075 RESERVED CVE-2020-19074 RESERVED CVE-2020-19073 RESERVED CVE-2020-19072 RESERVED CVE-2020-19071 RESERVED CVE-2020-19070 RESERVED CVE-2020-19069 RESERVED CVE-2020-19068 RESERVED CVE-2020-19067 RESERVED CVE-2020-19066 RESERVED CVE-2020-19065 RESERVED CVE-2020-19064 RESERVED CVE-2020-19063 RESERVED CVE-2020-19062 RESERVED CVE-2020-19061 RESERVED CVE-2020-19060 RESERVED CVE-2020-19059 RESERVED CVE-2020-19058 RESERVED CVE-2020-19057 RESERVED CVE-2020-19056 RESERVED CVE-2020-19055 RESERVED CVE-2020-19054 RESERVED CVE-2020-19053 RESERVED CVE-2020-19052 RESERVED CVE-2020-19051 RESERVED CVE-2020-19050 RESERVED CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) NOT-FOR-US: MyBB CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) NOT-FOR-US: MyBB CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatck ...) NOT-FOR-US: iWebShop CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to ex ...) NOT-FOR-US: S-CMS CVE-2020-19045 RESERVED CVE-2020-19044 RESERVED CVE-2020-19043 RESERVED CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via ...) NOT-FOR-US: zzcms CVE-2020-19041 RESERVED CVE-2020-19040 RESERVED CVE-2020-19039 RESERVED CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup.) NOT-FOR-US: Halo CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...) NOT-FOR-US: Halo CVE-2020-19036 RESERVED CVE-2020-19035 RESERVED CVE-2020-19034 RESERVED CVE-2020-19033 RESERVED CVE-2020-19032 RESERVED CVE-2020-19031 RESERVED CVE-2020-19030 RESERVED CVE-2020-19029 RESERVED CVE-2020-19028 (*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a re ...) NOT-FOR-US: EmlogCMS CVE-2020-19027 RESERVED CVE-2020-19026 RESERVED CVE-2020-19025 RESERVED CVE-2020-19024 RESERVED CVE-2020-19023 RESERVED CVE-2020-19022 RESERVED CVE-2020-19021 RESERVED CVE-2020-19020 RESERVED CVE-2020-19019 RESERVED CVE-2020-19018 RESERVED CVE-2020-19017 RESERVED CVE-2020-19016 RESERVED CVE-2020-19015 RESERVED CVE-2020-19014 RESERVED CVE-2020-19013 RESERVED CVE-2020-19012 RESERVED CVE-2020-19011 RESERVED CVE-2020-19010 RESERVED CVE-2020-19009 RESERVED CVE-2020-19008 RESERVED CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...) NOT-FOR-US: Halo blog CVE-2020-19006 RESERVED CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...) NOT-FOR-US: zrlog CVE-2020-19004 RESERVED CVE-2020-19003 (An issue in Gate One 1.2.0 allows attackers to bypass to the verificat ...) NOT-FOR-US: Gate One CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...) NOT-FOR-US: Mezzanine CMS CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...) NOT-FOR-US: Simiki CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote ...) NOT-FOR-US: Simiki CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) NOT-FOR-US: Blog_mini CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) NOT-FOR-US: Blog_mini CVE-2020-18997 RESERVED CVE-2020-18996 RESERVED CVE-2020-18995 RESERVED CVE-2020-18994 RESERVED CVE-2020-18993 RESERVED CVE-2020-18992 RESERVED CVE-2020-18991 RESERVED CVE-2020-18990 RESERVED CVE-2020-18989 RESERVED CVE-2020-18988 RESERVED CVE-2020-18987 RESERVED CVE-2020-18986 RESERVED CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...) NOT-FOR-US: Zimbra CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...) NOT-FOR-US: Zimbra CVE-2020-18983 RESERVED CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...) NOT-FOR-US: Halo CVE-2020-18981 RESERVED CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...) NOT-FOR-US: Halo CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwa ...) NOT-FOR-US: Halo CVE-2020-18978 RESERVED CVE-2020-18977 RESERVED CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...) - tcpreplay 4.3.3-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/556 NOTE: Crash in CLI tool, no security impact CVE-2020-18975 RESERVED CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392568 NOTE: Crash in CLI tool, no security impact CVE-2020-18973 RESERVED CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...) - libpodofo (unimportant) NOTE: https://sourceforge.net/p/podofo/tickets/49/ NOTE: Negligible security impact CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...) - libpodofo (bug #1014858) [bookworm] - libpodofo (Minor issue) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/48/ CVE-2020-18970 RESERVED CVE-2020-18969 RESERVED CVE-2020-18968 RESERVED CVE-2020-18967 RESERVED CVE-2020-18966 RESERVED CVE-2020-18965 RESERVED CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest v ...) NOT-FOR-US: ForestBlog CVE-2020-18963 RESERVED CVE-2020-18962 RESERVED CVE-2020-18961 RESERVED CVE-2020-18960 RESERVED CVE-2020-18959 RESERVED CVE-2020-18958 RESERVED CVE-2020-18957 RESERVED CVE-2020-18956 RESERVED CVE-2020-18955 RESERVED CVE-2020-18954 RESERVED CVE-2020-18953 RESERVED CVE-2020-18952 RESERVED CVE-2020-18951 RESERVED CVE-2020-18950 RESERVED CVE-2020-18949 RESERVED CVE-2020-18948 RESERVED CVE-2020-18947 RESERVED CVE-2020-18946 RESERVED CVE-2020-18945 RESERVED CVE-2020-18944 RESERVED CVE-2020-18943 RESERVED CVE-2020-18942 RESERVED CVE-2020-18941 RESERVED CVE-2020-18940 RESERVED CVE-2020-18939 RESERVED CVE-2020-18938 RESERVED CVE-2020-18937 RESERVED CVE-2020-18936 RESERVED CVE-2020-18935 RESERVED CVE-2020-18934 RESERVED CVE-2020-18933 RESERVED CVE-2020-18932 RESERVED CVE-2020-18931 RESERVED CVE-2020-18930 RESERVED CVE-2020-18929 RESERVED CVE-2020-18928 RESERVED CVE-2020-18927 RESERVED CVE-2020-18926 RESERVED CVE-2020-18925 RESERVED CVE-2020-18924 RESERVED CVE-2020-18923 RESERVED CVE-2020-18922 RESERVED CVE-2020-18921 RESERVED CVE-2020-18920 RESERVED CVE-2020-18919 RESERVED CVE-2020-18918 RESERVED CVE-2020-18917 (The plus/search.php component in DedeCMS 5.7 SP2 allows remote attacke ...) NOT-FOR-US: DedeCMS CVE-2020-18916 RESERVED CVE-2020-18915 RESERVED CVE-2020-18914 RESERVED CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: EARCLINK ESPCMS-P8 CVE-2020-18912 (An issue found in Earcms Ear App v.20181124 allows a remote attacker t ...) NOT-FOR-US: Earcms Ear App CVE-2020-18911 RESERVED CVE-2020-18910 RESERVED CVE-2020-18909 RESERVED CVE-2020-18908 RESERVED CVE-2020-18907 RESERVED CVE-2020-18906 RESERVED CVE-2020-18905 RESERVED CVE-2020-18904 RESERVED CVE-2020-18903 RESERVED CVE-2020-18902 RESERVED CVE-2020-18901 RESERVED CVE-2020-18900 (A heap-based buffer overflow in the libexe_io_handle_read_coff_optiona ...) NOT-FOR-US: libyal CVE-2020-18899 (An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...) - exiv2 0.27.2-6 [buster] - exiv2 (jp2image::printStructure added in 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/742 NOTE: https://github.com/Exiv2/exiv2/commit/051b5d9df1f4669117937b7a40104404cc252993 (0.27.1) CVE-2020-18898 (A stack exhaustion issue in the printIFDStructure function of Exiv2 0. ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/741 NOTE: Negligible security impact, issue in debugging only function CVE-2020-18897 (An use-after-free vulnerability in the libpff_item_tree_create_node fu ...) - libpff 20180714-1 [stretch] - libpff (Minor issue) NOTE: https://github.com/libyal/libpff/issues/61 NOTE: https://github.com/libyal/libpff/issues/62 NOTE: https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c CVE-2020-18896 RESERVED CVE-2020-18895 RESERVED CVE-2020-18894 RESERVED CVE-2020-18893 RESERVED CVE-2020-18892 RESERVED CVE-2020-18891 RESERVED CVE-2020-18890 (Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insec ...) NOT-FOR-US: puppyCMS CVE-2020-18889 (Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that ...) NOT-FOR-US: puppyCMS CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote m ...) NOT-FOR-US: puppyCMS CVE-2020-18887 RESERVED CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to ...) NOT-FOR-US: PHPMyWind CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...) NOT-FOR-US: PHPMyWind CVE-2020-18884 RESERVED CVE-2020-18883 RESERVED CVE-2020-18882 RESERVED CVE-2020-18881 RESERVED CVE-2020-18880 RESERVED CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...) NOT-FOR-US: Bludit CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...) NOT-FOR-US: Skycaiji CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...) NOT-FOR-US: Wuzhi CMS CVE-2020-18876 RESERVED CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...) NOT-FOR-US: DotCMS CVE-2020-18874 RESERVED CVE-2020-18873 RESERVED CVE-2020-18872 RESERVED CVE-2020-18871 RESERVED CVE-2020-18870 RESERVED CVE-2020-18869 RESERVED CVE-2020-18868 RESERVED CVE-2020-18867 RESERVED CVE-2020-18866 RESERVED CVE-2020-18865 RESERVED CVE-2020-18864 RESERVED CVE-2020-18863 RESERVED CVE-2020-18862 RESERVED CVE-2020-18861 RESERVED CVE-2020-18860 RESERVED CVE-2020-18859 RESERVED CVE-2020-18858 RESERVED CVE-2020-18857 RESERVED CVE-2020-18856 RESERVED CVE-2020-18855 RESERVED CVE-2020-18854 RESERVED CVE-2020-18853 RESERVED CVE-2020-18852 RESERVED CVE-2020-18851 RESERVED CVE-2020-18850 RESERVED CVE-2020-18849 RESERVED CVE-2020-18848 RESERVED CVE-2020-18847 RESERVED CVE-2020-18846 RESERVED CVE-2020-18845 RESERVED CVE-2020-18844 RESERVED CVE-2020-18843 RESERVED CVE-2020-18842 RESERVED CVE-2020-18841 RESERVED CVE-2020-18840 RESERVED CVE-2020-18839 (Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 ...) - poppler 0.85.0-2 [buster] - poppler 0.71.0-5+deb10u1 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0) NOTE: Duplicate issue of CVE-2020-27778 (assigning CNA contacted) CVE-2020-18838 RESERVED CVE-2020-18837 RESERVED CVE-2020-18836 RESERVED CVE-2020-18835 RESERVED CVE-2020-18834 RESERVED CVE-2020-18833 RESERVED CVE-2020-18832 RESERVED CVE-2020-18831 (Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cp ...) - exiv2 0.27.2-6 [buster] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/828 NOTE: https://github.com/Exiv2/exiv2/pull/862 NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/4617dc37284bb14c15fb884a7252de7c2b8b8854 NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6068df4c01ce915befb763bd0fd718d16a5df130 (v0.27.2-RC1) CVE-2020-18830 RESERVED CVE-2020-18829 RESERVED CVE-2020-18828 RESERVED CVE-2020-18827 RESERVED CVE-2020-18826 RESERVED CVE-2020-18825 RESERVED CVE-2020-18824 RESERVED CVE-2020-18823 RESERVED CVE-2020-18822 RESERVED CVE-2020-18821 RESERVED CVE-2020-18820 RESERVED CVE-2020-18819 RESERVED CVE-2020-18818 RESERVED CVE-2020-18817 RESERVED CVE-2020-18816 RESERVED CVE-2020-18815 RESERVED CVE-2020-18814 RESERVED CVE-2020-18813 RESERVED CVE-2020-18812 RESERVED CVE-2020-18811 RESERVED CVE-2020-18810 RESERVED CVE-2020-18809 RESERVED CVE-2020-18808 RESERVED CVE-2020-18807 RESERVED CVE-2020-18806 RESERVED CVE-2020-18805 RESERVED CVE-2020-18804 RESERVED CVE-2020-18803 RESERVED CVE-2020-18802 RESERVED CVE-2020-18801 RESERVED CVE-2020-18800 RESERVED CVE-2020-18799 RESERVED CVE-2020-18798 RESERVED CVE-2020-18797 RESERVED CVE-2020-18796 RESERVED CVE-2020-18795 RESERVED CVE-2020-18794 RESERVED CVE-2020-18793 RESERVED CVE-2020-18792 RESERVED CVE-2020-18791 RESERVED CVE-2020-18790 RESERVED CVE-2020-18789 RESERVED CVE-2020-18788 RESERVED CVE-2020-18787 RESERVED CVE-2020-18786 RESERVED CVE-2020-18785 RESERVED CVE-2020-18784 RESERVED CVE-2020-18783 RESERVED CVE-2020-18782 RESERVED CVE-2020-18781 (Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in a ...) - audiofile 0.3.6-4 NOTE: https://github.com/mpruett/audiofile/issues/56 NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2020-18780 (A Use After Free vulnerability in function new_Token in asm/preproc.c ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392634 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392711 NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88 (nasm-2.15.04rc6) CVE-2020-18779 RESERVED CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1155 CVE-2020-18777 RESERVED CVE-2020-18776 (In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1153 CVE-2020-18775 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_ ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1152 CVE-2020-18774 (A float point exception in the printLong function in tags_int.cpp of E ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/759 NOTE: Negligible security impact CVE-2020-18773 (An invalid memory access in the decode function in iptc.cpp of Exiv2 0 ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/760 NOTE: Negligible security impact CVE-2020-18772 RESERVED CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...) {DLA-3265-1} - exiv2 0.27.2-6 [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/756 CVE-2020-18770 (An issue was discovered in function zzip_disk_entry_to_file_header in ...) - zziplib (bug #1054910) [bookworm] - zziplib (Minor issue) [bullseye] - zziplib (Minor issue) [buster] - zziplib (Minor issue) NOTE: https://github.com/gdraheim/zziplib/issues/69 CVE-2020-18769 RESERVED CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in ...) {DLA-2777-1} - tiff 4.0.10+git190814-1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2848 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/72 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) CVE-2020-18767 RESERVED CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...) NOT-FOR-US: AntSword CVE-2020-18765 RESERVED CVE-2020-18764 RESERVED CVE-2020-18763 RESERVED CVE-2020-18762 RESERVED CVE-2020-18761 RESERVED CVE-2020-18760 RESERVED CVE-2020-18759 (An information disclosure vulnerability exists in the EPA protocol of ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18758 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18757 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18756 (An arbitrary memory access vulnerability in the EPA protocol of Dut Co ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18755 RESERVED CVE-2020-18754 (An information disclosure vulnerability exists within Dut Computer Con ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18753 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18752 RESERVED CVE-2020-18751 RESERVED CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...) NOT-FOR-US: pdf2json CVE-2020-18749 RESERVED CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...) NOT-FOR-US: Typora CVE-2020-18747 RESERVED CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...) NOT-FOR-US: AiteCMS CVE-2020-18745 RESERVED CVE-2020-18744 RESERVED CVE-2020-18743 RESERVED CVE-2020-18742 RESERVED CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...) NOT-FOR-US: ThinkSAAS CVE-2020-18740 RESERVED CVE-2020-18739 RESERVED CVE-2020-18738 RESERVED CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...) NOT-FOR-US: Typora CVE-2020-18736 RESERVED CVE-2020-18735 (A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS ...) NOT-FOR-US: Eclipse IOT Cyclone CVE-2020-18734 (A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS ...) NOT-FOR-US: Eclipse IOT Cyclone CVE-2020-18733 RESERVED CVE-2020-18732 RESERVED CVE-2020-18731 (A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC ...) NOT-FOR-US: IEC104 CVE-2020-18730 (A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 ...) NOT-FOR-US: IEC104 CVE-2020-18729 RESERVED CVE-2020-18728 RESERVED CVE-2020-18727 RESERVED CVE-2020-18726 RESERVED CVE-2020-18725 RESERVED CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) NOT-FOR-US: MDaemon webmail CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) NOT-FOR-US: MDaemon webmail CVE-2020-18722 RESERVED CVE-2020-18721 RESERVED CVE-2020-18720 RESERVED CVE-2020-18719 RESERVED CVE-2020-18718 RESERVED CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...) NOT-FOR-US: ZZZCMS CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18715 REJECTED CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18712 RESERVED CVE-2020-18711 RESERVED CVE-2020-18710 RESERVED CVE-2020-18709 RESERVED CVE-2020-18708 RESERVED CVE-2020-18707 RESERVED CVE-2020-18706 RESERVED CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...) NOT-FOR-US: Django-Widgy CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...) NOT-FOR-US: Quokka CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18700 RESERVED CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18697 RESERVED CVE-2020-18696 RESERVED CVE-2020-18695 RESERVED CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...) NOT-FOR-US: IgnitedCMS CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...) NOT-FOR-US: MineWebCMS CVE-2020-18692 RESERVED CVE-2020-18691 RESERVED CVE-2020-18690 RESERVED CVE-2020-18689 RESERVED CVE-2020-18688 RESERVED CVE-2020-18687 RESERVED CVE-2020-18686 RESERVED CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) NOT-FOR-US: Floodlight CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...) NOT-FOR-US: Floodlight CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) NOT-FOR-US: Floodlight CVE-2020-18682 RESERVED CVE-2020-18681 RESERVED CVE-2020-18680 RESERVED CVE-2020-18679 RESERVED CVE-2020-18678 RESERVED CVE-2020-18677 RESERVED CVE-2020-18676 RESERVED CVE-2020-18675 RESERVED CVE-2020-18674 RESERVED CVE-2020-18673 RESERVED CVE-2020-18672 RESERVED CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via ...) - roundcube 1.4.5+dfsg.1-1 [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) NOTE: https://github.com/roundcube/roundcubemail/issues/7406 NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...) - roundcube 1.4.5+dfsg.1-1 [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) NOTE: https://github.com/roundcube/roundcubemail/issues/7406 NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 CVE-2020-18669 RESERVED CVE-2020-18668 (Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the ...) NOT-FOR-US: WebPort CVE-2020-18667 (SQL Injection vulnerability in WebPort <=1.19.1 via the new connection ...) NOT-FOR-US: WebPort CVE-2020-18666 REJECTED CVE-2020-18665 (Directory Traversal vulnerability in WebPort <=1.19.1 in tags of syste ...) NOT-FOR-US: WebPort CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the co ...) NOT-FOR-US: WebPort CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via t ...) NOT-FOR-US: gnuboard5 CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_pref ...) NOT-FOR-US: gnuboard5 CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via t ...) NOT-FOR-US: gnuboard5 CVE-2020-18660 (GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1 ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18656 RESERVED CVE-2020-18655 RESERVED CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers ...) NOT-FOR-US: Wuzhi CMS CVE-2020-18653 RESERVED CVE-2020-18652 (Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and ...) {DLA-3585-1} - exempi 2.5.1-1 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/12 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/acee2894ceb91616543927c2a6e45050c60f98f7 (2.5.1) CVE-2020-18651 (Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::get ...) {DLA-3585-1} - exempi 2.5.1-1 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/13 NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/fdd4765a699f9700850098b43b9798b933acb32f (2.5.1) CVE-2020-18650 RESERVED CVE-2020-18649 RESERVED CVE-2020-18648 (Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote atta ...) NOT-FOR-US: JuQingCMS CVE-2020-18647 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) NOT-FOR-US: NoneCMS CVE-2020-18646 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) NOT-FOR-US: NoneCMS CVE-2020-18645 RESERVED CVE-2020-18644 RESERVED CVE-2020-18643 RESERVED CVE-2020-18642 RESERVED CVE-2020-18641 RESERVED CVE-2020-18640 RESERVED CVE-2020-18639 RESERVED CVE-2020-18638 RESERVED CVE-2020-18637 RESERVED CVE-2020-18636 RESERVED CVE-2020-18635 RESERVED CVE-2020-18634 RESERVED CVE-2020-18633 RESERVED CVE-2020-18632 RESERVED CVE-2020-18631 RESERVED CVE-2020-18630 RESERVED CVE-2020-18629 RESERVED CVE-2020-18628 RESERVED CVE-2020-18627 RESERVED CVE-2020-18626 RESERVED CVE-2020-18625 RESERVED CVE-2020-18624 RESERVED CVE-2020-18623 RESERVED CVE-2020-18622 RESERVED CVE-2020-18621 RESERVED CVE-2020-18620 RESERVED CVE-2020-18619 RESERVED CVE-2020-18618 RESERVED CVE-2020-18617 RESERVED CVE-2020-18616 RESERVED CVE-2020-18615 RESERVED CVE-2020-18614 RESERVED CVE-2020-18613 RESERVED CVE-2020-18612 RESERVED CVE-2020-18611 RESERVED CVE-2020-18610 RESERVED CVE-2020-18609 RESERVED CVE-2020-18608 RESERVED CVE-2020-18607 RESERVED CVE-2020-18606 RESERVED CVE-2020-18605 RESERVED CVE-2020-18604 RESERVED CVE-2020-18603 RESERVED CVE-2020-18602 RESERVED CVE-2020-18601 RESERVED CVE-2020-18600 RESERVED CVE-2020-18599 RESERVED CVE-2020-18598 RESERVED CVE-2020-18597 RESERVED CVE-2020-18596 RESERVED CVE-2020-18595 RESERVED CVE-2020-18594 RESERVED CVE-2020-18593 RESERVED CVE-2020-18592 RESERVED CVE-2020-18591 RESERVED CVE-2020-18590 RESERVED CVE-2020-18589 RESERVED CVE-2020-18588 RESERVED CVE-2020-18587 RESERVED CVE-2020-18586 RESERVED CVE-2020-18585 RESERVED CVE-2020-18584 RESERVED CVE-2020-18583 RESERVED CVE-2020-18582 RESERVED CVE-2020-18581 RESERVED CVE-2020-18580 RESERVED CVE-2020-18579 RESERVED CVE-2020-18578 RESERVED CVE-2020-18577 RESERVED CVE-2020-18576 RESERVED CVE-2020-18575 RESERVED CVE-2020-18574 RESERVED CVE-2020-18573 RESERVED CVE-2020-18572 RESERVED CVE-2020-18571 RESERVED CVE-2020-18570 RESERVED CVE-2020-18569 RESERVED CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a ...) NOT-FOR-US: D-Link CVE-2020-18567 RESERVED CVE-2020-18566 RESERVED CVE-2020-18565 RESERVED CVE-2020-18564 RESERVED CVE-2020-18563 RESERVED CVE-2020-18562 RESERVED CVE-2020-18561 RESERVED CVE-2020-18560 RESERVED CVE-2020-18559 RESERVED CVE-2020-18558 RESERVED CVE-2020-18557 RESERVED CVE-2020-18556 RESERVED CVE-2020-18555 RESERVED CVE-2020-18554 RESERVED CVE-2020-18553 RESERVED CVE-2020-18552 RESERVED CVE-2020-18551 RESERVED CVE-2020-18550 RESERVED CVE-2020-18549 RESERVED CVE-2020-18548 RESERVED CVE-2020-18547 RESERVED CVE-2020-18546 RESERVED CVE-2020-18545 RESERVED CVE-2020-18544 (SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: WMS CVE-2020-18543 RESERVED CVE-2020-18542 RESERVED CVE-2020-18541 RESERVED CVE-2020-18540 RESERVED CVE-2020-18539 RESERVED CVE-2020-18538 RESERVED CVE-2020-18537 RESERVED CVE-2020-18536 RESERVED CVE-2020-18535 RESERVED CVE-2020-18534 RESERVED CVE-2020-18533 RESERVED CVE-2020-18532 RESERVED CVE-2020-18531 RESERVED CVE-2020-18530 RESERVED CVE-2020-18529 RESERVED CVE-2020-18528 RESERVED CVE-2020-18527 RESERVED CVE-2020-18526 RESERVED CVE-2020-18525 RESERVED CVE-2020-18524 RESERVED CVE-2020-18523 RESERVED CVE-2020-18522 RESERVED CVE-2020-18521 RESERVED CVE-2020-18520 RESERVED CVE-2020-18519 RESERVED CVE-2020-18518 RESERVED CVE-2020-18517 RESERVED CVE-2020-18516 RESERVED CVE-2020-18515 RESERVED CVE-2020-18514 RESERVED CVE-2020-18513 RESERVED CVE-2020-18512 RESERVED CVE-2020-18511 RESERVED CVE-2020-18510 RESERVED CVE-2020-18509 RESERVED CVE-2020-18508 RESERVED CVE-2020-18507 RESERVED CVE-2020-18506 RESERVED CVE-2020-18505 RESERVED CVE-2020-18504 RESERVED CVE-2020-18503 RESERVED CVE-2020-18502 RESERVED CVE-2020-18501 RESERVED CVE-2020-18500 RESERVED CVE-2020-18499 RESERVED CVE-2020-18498 RESERVED CVE-2020-18497 RESERVED CVE-2020-18496 RESERVED CVE-2020-18495 RESERVED CVE-2020-18494 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) - hdf5 (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul12 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-18493 RESERVED CVE-2020-18492 RESERVED CVE-2020-18491 RESERVED CVE-2020-18490 RESERVED CVE-2020-18489 RESERVED CVE-2020-18488 RESERVED CVE-2020-18487 RESERVED CVE-2020-18486 RESERVED CVE-2020-18485 RESERVED CVE-2020-18484 RESERVED CVE-2020-18483 RESERVED CVE-2020-18482 RESERVED CVE-2020-18481 RESERVED CVE-2020-18480 RESERVED CVE-2020-18479 RESERVED CVE-2020-18478 RESERVED CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...) NOT-FOR-US: Hucart CMS CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...) NOT-FOR-US: Hucart CMS CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is ...) NOT-FOR-US: Hucart CMS CVE-2020-18474 RESERVED CVE-2020-18473 RESERVED CVE-2020-18472 RESERVED CVE-2020-18471 RESERVED CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...) NOT-FOR-US: Rukovoditel CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text ...) NOT-FOR-US: Rukovoditel CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...) NOT-FOR-US: qdPM CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...) NOT-FOR-US: BigTree-CMS CVE-2020-18466 RESERVED CVE-2020-18465 RESERVED CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...) NOT-FOR-US: AikCms CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...) NOT-FOR-US: AikCms CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...) NOT-FOR-US: AikCms CVE-2020-18461 RESERVED CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...) NOT-FOR-US: 711cms CVE-2020-18459 RESERVED CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...) NOT-FOR-US: DamiCMS CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...) NOT-FOR-US: bycms CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...) NOT-FOR-US: PbootCMS CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...) NOT-FOR-US: bycms CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...) NOT-FOR-US: bycms CVE-2020-18453 RESERVED CVE-2020-18452 RESERVED CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...) NOT-FOR-US: DamiCMS CVE-2020-18450 RESERVED CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...) NOT-FOR-US: UKCMS CVE-2020-18448 RESERVED CVE-2020-18447 RESERVED CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) NOT-FOR-US: YUNUCMS CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) NOT-FOR-US: YUNUCMS CVE-2020-18444 RESERVED CVE-2020-18443 RESERVED CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...) {DLA-2859-1} - zziplib 0.13.72+dfsg.1-1 [bullseye] - zziplib 0.13.62-3.3+deb11u1 [buster] - zziplib 0.13.62-3.2+deb10u1 NOTE: https://github.com/gdraheim/zziplib/issues/68 NOTE: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 NOTE: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e NOTE: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a NOTE: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e NOTE: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d NOTE: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c NOTE: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 CVE-2020-18441 RESERVED CVE-2020-18440 (Buffer overflow vulnerability in framework/init.php in qinggan phpok 5 ...) NOT-FOR-US: qinggan phpok CVE-2020-18439 (An issue was discoverered in in function edit_save_f in framework/admi ...) NOT-FOR-US: qinggan phpok CVE-2020-18438 (Directory traversal vulnerability in qinggan phpok 5.1, allows attacke ...) NOT-FOR-US: qinggan phpok CVE-2020-18437 RESERVED CVE-2020-18436 RESERVED CVE-2020-18435 RESERVED CVE-2020-18434 RESERVED CVE-2020-18433 RESERVED CVE-2020-18432 (File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to ...) NOT-FOR-US: SEMCMS PHP CVE-2020-18431 RESERVED CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error in the ti ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18430-out-of-memory-in-function-tinyexrdecodeexrimage-tinyexrh11046 NOTE: https://github.com/syoyo/tinyexr/issues/108 CVE-2020-18429 RESERVED CVE-2020-18428 (tinyexr commit 0.9.5 was discovered to contain an array index error in ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18428-out-of-range-in-function-tinyexrsaveexr-tinyexrh13107 NOTE: https://github.com/syoyo/tinyexr/issues/109 CVE-2020-18427 RESERVED CVE-2020-18426 RESERVED CVE-2020-18425 RESERVED CVE-2020-18424 RESERVED CVE-2020-18423 RESERVED CVE-2020-18422 RESERVED CVE-2020-18421 RESERVED CVE-2020-18420 RESERVED CVE-2020-18419 RESERVED CVE-2020-18418 (A Cross site request forgery (CSRF) vulnerability was discovered in Fe ...) NOT-FOR-US: FeiFeiCMS CVE-2020-18417 RESERVED CVE-2020-18416 (An cross site request forgery (CSRF) vulnerability discovered in Jymus ...) NOT-FOR-US: Jymusic CVE-2020-18415 RESERVED CVE-2020-18414 (Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 th ...) NOT-FOR-US: Chaoji CMS CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in /index.php?admin-ma ...) NOT-FOR-US: Chaoji CMS CVE-2020-18412 RESERVED CVE-2020-18411 RESERVED CVE-2020-18410 (A stored cross site scripting (XSS) vulnerability in /index.php?admin- ...) NOT-FOR-US: Chaoji CMS CVE-2020-18409 (Cross Site Request Forgery (CSRF) vulnerability was discovered in Catf ...) NOT-FOR-US: CatfishCMS CVE-2020-18408 RESERVED CVE-2020-18407 RESERVED CVE-2020-18406 (An issue was discovered in cmseasy v7.0.0 that allows user credentials ...) NOT-FOR-US: cmseasy CVE-2020-18405 RESERVED CVE-2020-18404 (An issue was discovered in espcms version P8.18101601. There is a cros ...) NOT-FOR-US: espcms CVE-2020-18403 RESERVED CVE-2020-18402 RESERVED CVE-2020-18401 RESERVED CVE-2020-18400 RESERVED CVE-2020-18399 RESERVED CVE-2020-18398 RESERVED CVE-2020-18397 RESERVED CVE-2020-18396 RESERVED CVE-2020-18395 (A NULL-pointer deference issue was discovered in GNU_gama::set() in el ...) NOT-FOR-US: GNU Gama CVE-2020-18394 RESERVED CVE-2020-18393 RESERVED CVE-2020-18392 (Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-18391 RESERVED CVE-2020-18390 RESERVED CVE-2020-18389 RESERVED CVE-2020-18388 RESERVED CVE-2020-18387 RESERVED CVE-2020-18386 RESERVED CVE-2020-18385 RESERVED CVE-2020-18384 RESERVED CVE-2020-18383 RESERVED CVE-2020-18382 (Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryB ...) - binaryen 68-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1900 CVE-2020-18381 RESERVED CVE-2020-18380 RESERVED CVE-2020-18379 RESERVED CVE-2020-18378 (A NULL pointer dereference was discovered in SExpressionWasmBuilder::m ...) - binaryen 68-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1900 CVE-2020-18377 RESERVED CVE-2020-18376 RESERVED CVE-2020-18375 RESERVED CVE-2020-18374 RESERVED CVE-2020-18373 RESERVED CVE-2020-18372 RESERVED CVE-2020-18371 RESERVED CVE-2020-18370 RESERVED CVE-2020-18369 RESERVED CVE-2020-18368 RESERVED CVE-2020-18367 RESERVED CVE-2020-18366 RESERVED CVE-2020-18365 RESERVED CVE-2020-18364 RESERVED CVE-2020-18363 RESERVED CVE-2020-18362 RESERVED CVE-2020-18361 RESERVED CVE-2020-18360 RESERVED CVE-2020-18359 RESERVED CVE-2020-18358 RESERVED CVE-2020-18357 RESERVED CVE-2020-18356 RESERVED CVE-2020-18355 RESERVED CVE-2020-18354 RESERVED CVE-2020-18353 RESERVED CVE-2020-18352 RESERVED CVE-2020-18351 RESERVED CVE-2020-18350 RESERVED CVE-2020-18349 RESERVED CVE-2020-18348 RESERVED CVE-2020-18347 RESERVED CVE-2020-18346 RESERVED CVE-2020-18345 RESERVED CVE-2020-18344 RESERVED CVE-2020-18343 RESERVED CVE-2020-18342 RESERVED CVE-2020-18341 RESERVED CVE-2020-18340 RESERVED CVE-2020-18339 RESERVED CVE-2020-18338 RESERVED CVE-2020-18337 RESERVED CVE-2020-18336 (Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allo ...) NOT-FOR-US: Typora CVE-2020-18335 RESERVED CVE-2020-18334 RESERVED CVE-2020-18333 RESERVED CVE-2020-18332 RESERVED CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...) NOT-FOR-US: ChinaMobile CVE-2020-18330 (An issue was discovered in the default configuration of ChinaMobile PL ...) NOT-FOR-US: ChinaMobile CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...) NOT-FOR-US: Rehau CVE-2020-18328 RESERVED CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco C ...) NOT-FOR-US: Alfresco CVE-2020-18326 (Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants ...) NOT-FOR-US: Subrion CMS CVE-2020-18325 (Multilple Cross Site Scripting (XSS) vulnerability exists in Intellian ...) NOT-FOR-US: Subrion CMS CVE-2020-18324 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 v ...) NOT-FOR-US: Subrion CMS CVE-2020-18323 RESERVED CVE-2020-18322 RESERVED CVE-2020-18321 RESERVED CVE-2020-18320 RESERVED CVE-2020-18319 RESERVED CVE-2020-18318 RESERVED CVE-2020-18317 RESERVED CVE-2020-18316 RESERVED CVE-2020-18315 RESERVED CVE-2020-18314 RESERVED CVE-2020-18313 RESERVED CVE-2020-18312 RESERVED CVE-2020-18311 RESERVED CVE-2020-18310 RESERVED CVE-2020-18309 RESERVED CVE-2020-18308 RESERVED CVE-2020-18307 RESERVED CVE-2020-18306 RESERVED CVE-2020-18305 (Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered t ...) TODO: check CVE-2020-18304 RESERVED CVE-2020-18303 RESERVED CVE-2020-18302 RESERVED CVE-2020-18301 RESERVED CVE-2020-18300 RESERVED CVE-2020-18299 RESERVED CVE-2020-18298 RESERVED CVE-2020-18297 RESERVED CVE-2020-18296 RESERVED CVE-2020-18295 RESERVED CVE-2020-18294 RESERVED CVE-2020-18293 RESERVED CVE-2020-18292 RESERVED CVE-2020-18291 RESERVED CVE-2020-18290 RESERVED CVE-2020-18289 RESERVED CVE-2020-18288 RESERVED CVE-2020-18287 RESERVED CVE-2020-18286 RESERVED CVE-2020-18285 RESERVED CVE-2020-18284 RESERVED CVE-2020-18283 RESERVED CVE-2020-18282 (Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remot ...) NOT-FOR-US: NoneCms CVE-2020-18281 RESERVED CVE-2020-18280 (Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a ...) NOT-FOR-US: Phodal CMD CVE-2020-18279 RESERVED CVE-2020-18278 RESERVED CVE-2020-18277 RESERVED CVE-2020-18276 RESERVED CVE-2020-18275 RESERVED CVE-2020-18274 RESERVED CVE-2020-18273 RESERVED CVE-2020-18272 RESERVED CVE-2020-18271 RESERVED CVE-2020-18270 RESERVED CVE-2020-18269 RESERVED CVE-2020-18268 (Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers ...) NOT-FOR-US: Z-BlogPHP CVE-2020-18267 RESERVED CVE-2020-18266 RESERVED CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) NOT-FOR-US: Simple-Log CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) NOT-FOR-US: Simple-Log CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...) NOT-FOR-US: PHP-CMS CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...) NOT-FOR-US: ED01-CMS CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...) NOT-FOR-US: ED01-CMS CVE-2020-18260 RESERVED CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...) NOT-FOR-US: ED01-CMS CVE-2020-18258 RESERVED CVE-2020-18257 RESERVED CVE-2020-18256 RESERVED CVE-2020-18255 RESERVED CVE-2020-18254 RESERVED CVE-2020-18253 RESERVED CVE-2020-18252 RESERVED CVE-2020-18251 RESERVED CVE-2020-18250 RESERVED CVE-2020-18249 RESERVED CVE-2020-18248 RESERVED CVE-2020-18247 RESERVED CVE-2020-18246 RESERVED CVE-2020-18245 RESERVED CVE-2020-18244 RESERVED CVE-2020-18243 RESERVED CVE-2020-18242 RESERVED CVE-2020-18241 RESERVED CVE-2020-18240 RESERVED CVE-2020-18239 RESERVED CVE-2020-18238 RESERVED CVE-2020-18237 RESERVED CVE-2020-18236 RESERVED CVE-2020-18235 RESERVED CVE-2020-18234 RESERVED CVE-2020-18233 RESERVED CVE-2020-18232 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) - hdf5 (unimportant) NOTE: https://github.com/winson2004aa/PAAFS/tree/master/vul2 NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-18231 RESERVED CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) NOT-FOR-US: PHPMyWind CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) NOT-FOR-US: PHPMyWind CVE-2020-18228 RESERVED CVE-2020-18227 RESERVED CVE-2020-18226 RESERVED CVE-2020-18225 RESERVED CVE-2020-18224 RESERVED CVE-2020-18223 RESERVED CVE-2020-18222 RESERVED CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...) NOT-FOR-US: Typora CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...) NOT-FOR-US: DoraCMS CVE-2020-18219 RESERVED CVE-2020-18218 RESERVED CVE-2020-18217 RESERVED CVE-2020-18216 RESERVED CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...) NOT-FOR-US: PHPSHE CVE-2020-18214 RESERVED CVE-2020-18213 RESERVED CVE-2020-18212 RESERVED CVE-2020-18211 RESERVED CVE-2020-18210 RESERVED CVE-2020-18209 RESERVED CVE-2020-18208 RESERVED CVE-2020-18207 RESERVED CVE-2020-18206 RESERVED CVE-2020-18205 RESERVED CVE-2020-18204 RESERVED CVE-2020-18203 RESERVED CVE-2020-18202 RESERVED CVE-2020-18201 RESERVED CVE-2020-18200 RESERVED CVE-2020-18199 RESERVED CVE-2020-18198 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) NOT-FOR-US: Pluck CMS CVE-2020-18197 RESERVED CVE-2020-18196 RESERVED CVE-2020-18195 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) NOT-FOR-US: Pluck CMS CVE-2020-18194 (Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to ...) NOT-FOR-US: emlog CVE-2020-18193 RESERVED CVE-2020-18192 RESERVED CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...) NOT-FOR-US: GetSimple CMS CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...) NOT-FOR-US: Bludit CVE-2020-18189 RESERVED CVE-2020-18188 RESERVED CVE-2020-18187 RESERVED CVE-2020-18186 RESERVED CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...) - pluxml (unimportant; bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/321 NOTE: The attack vector is a little unusual but it would be quite expected that NOTE: the admin can execute arbitrary php code. CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...) - pluxml (unimportant; bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/320 NOTE: One could question whether this is a vulnerability at all. The NOTE: developer documentation describes this as expected behavior. CVE-2020-18183 RESERVED CVE-2020-18182 RESERVED CVE-2020-18181 RESERVED CVE-2020-18180 RESERVED CVE-2020-18179 RESERVED CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...) NOT-FOR-US: HongCMS CVE-2020-18177 RESERVED CVE-2020-18176 RESERVED CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...) NOT-FOR-US: Metinfo CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...) NOT-FOR-US: AutoHotkey CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...) NOT-FOR-US: 1Password CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...) NOT-FOR-US: Trezor Bridge CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) w ...) NOT-FOR-US: TechSmith Snagit CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...) NOT-FOR-US: Abloy Key Manager CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of TechSmit ...) NOT-FOR-US: TechSmith Snagit CVE-2020-18168 RESERVED CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) NOT-FOR-US: LAOBANCMS CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to ...) NOT-FOR-US: LAOBANCMS CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) NOT-FOR-US: LAOBANCMS CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...) NOT-FOR-US: tp-shop CVE-2020-18163 RESERVED CVE-2020-18162 RESERVED CVE-2020-18161 RESERVED CVE-2020-18160 RESERVED CVE-2020-18159 RESERVED CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname ...) NOT-FOR-US: HuCart CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...) NOT-FOR-US: MetInfo CVE-2020-18156 RESERVED CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...) NOT-FOR-US: Subrion CMS CVE-2020-18154 RESERVED CVE-2020-18153 RESERVED CVE-2020-18152 RESERVED CVE-2020-18151 (Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, wh ...) NOT-FOR-US: ThinkCMF CVE-2020-18150 RESERVED CVE-2020-18149 RESERVED CVE-2020-18148 RESERVED CVE-2020-18147 RESERVED CVE-2020-18146 RESERVED CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /publi ...) NOT-FOR-US: umeditor CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min paramet ...) NOT-FOR-US: ECTouch CVE-2020-18143 RESERVED CVE-2020-18142 RESERVED CVE-2020-18141 RESERVED CVE-2020-18140 RESERVED CVE-2020-18139 RESERVED CVE-2020-18138 RESERVED CVE-2020-18137 RESERVED CVE-2020-18136 RESERVED CVE-2020-18135 RESERVED CVE-2020-18134 RESERVED CVE-2020-18133 RESERVED CVE-2020-18132 (Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attack ...) NOT-FOR-US: MIPCMS CVE-2020-18131 (Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scr ...) NOT-FOR-US: Bluethrust Clan Scripts CVE-2020-18130 RESERVED CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...) NOT-FOR-US: Eyoucms CVE-2020-18128 RESERVED CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...) NOT-FOR-US: Indexhibit CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...) NOT-FOR-US: Indexhibit CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...) NOT-FOR-US: Indexhibit CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) NOT-FOR-US: Indexhibit CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) NOT-FOR-US: Indexhibit CVE-2020-18122 RESERVED CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...) NOT-FOR-US: Indexhibit CVE-2020-18120 RESERVED CVE-2020-18119 RESERVED CVE-2020-18118 RESERVED CVE-2020-18117 RESERVED CVE-2020-18116 (A lack of filtering for searched keywords in the search bar of YouDian ...) NOT-FOR-US: YouDianCMS CVE-2020-18115 RESERVED CVE-2020-18114 (An arbitrary file upload vulnerability in the /uploads/dede component ...) NOT-FOR-US: DedeCMS CVE-2020-18113 RESERVED CVE-2020-18112 RESERVED CVE-2020-18111 RESERVED CVE-2020-18110 RESERVED CVE-2020-18109 RESERVED CVE-2020-18108 RESERVED CVE-2020-18107 RESERVED CVE-2020-18106 (The GET parameter "id" in WMS v1.0 is passed without filtering, which ...) NOT-FOR-US: WMS NOTE: https://github.com/FeMiner/wms CVE-2020-18105 RESERVED CVE-2020-18104 RESERVED CVE-2020-18103 RESERVED CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attacke ...) NOT-FOR-US: Hotels_Server CVE-2020-18101 RESERVED CVE-2020-18100 RESERVED CVE-2020-18099 RESERVED CVE-2020-18098 RESERVED CVE-2020-18097 RESERVED CVE-2020-18096 RESERVED CVE-2020-18095 RESERVED CVE-2020-18094 RESERVED CVE-2020-18093 RESERVED CVE-2020-18092 RESERVED CVE-2020-18091 RESERVED CVE-2020-18090 RESERVED CVE-2020-18089 RESERVED CVE-2020-18088 RESERVED CVE-2020-18087 RESERVED CVE-2020-18086 RESERVED CVE-2020-18085 RESERVED CVE-2020-18084 (Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to e ...) NOT-FOR-US: yzmCMS CVE-2020-18083 RESERVED CVE-2020-18082 RESERVED CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...) NOT-FOR-US: SEMCMS CVE-2020-18080 RESERVED CVE-2020-18079 RESERVED CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...) NOT-FOR-US: SEMCMS CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...) NOT-FOR-US: FTPShell Server CVE-2020-18076 RESERVED CVE-2020-18075 RESERVED CVE-2020-18074 RESERVED CVE-2020-18073 RESERVED CVE-2020-18072 RESERVED CVE-2020-18071 RESERVED CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...) NOT-FOR-US: iCMS CVE-2020-18069 RESERVED CVE-2020-18068 RESERVED CVE-2020-18067 RESERVED CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...) NOT-FOR-US: Zrlog CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in ...) NOT-FOR-US: PopojiCMS CVE-2020-18064 RESERVED CVE-2020-18063 RESERVED CVE-2020-18062 RESERVED CVE-2020-18061 RESERVED CVE-2020-18060 RESERVED CVE-2020-18059 RESERVED CVE-2020-18058 RESERVED CVE-2020-18057 RESERVED CVE-2020-18056 RESERVED CVE-2020-18055 RESERVED CVE-2020-18054 RESERVED CVE-2020-18053 RESERVED CVE-2020-18052 RESERVED CVE-2020-18051 RESERVED CVE-2020-18050 RESERVED CVE-2020-18049 RESERVED CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...) NOT-FOR-US: CraigMS NOTE: https://github.com/bertanddip/CraigMS CVE-2020-18047 RESERVED CVE-2020-18046 RESERVED CVE-2020-18045 RESERVED CVE-2020-18044 RESERVED CVE-2020-18043 RESERVED CVE-2020-18042 RESERVED CVE-2020-18041 RESERVED CVE-2020-18040 RESERVED CVE-2020-18039 RESERVED CVE-2020-18038 RESERVED CVE-2020-18037 RESERVED CVE-2020-18036 RESERVED CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...) NOT-FOR-US: Jeesns CVE-2020-18034 RESERVED CVE-2020-18033 RESERVED CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...) {DSA-4914-1 DLA-2659-1} - graphviz 2.42.2-5 (bug #988000) NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700 NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b CVE-2020-18031 RESERVED CVE-2020-18030 RESERVED CVE-2020-18029 RESERVED CVE-2020-18028 RESERVED CVE-2020-18027 RESERVED CVE-2020-18026 RESERVED CVE-2020-18025 RESERVED CVE-2020-18024 RESERVED CVE-2020-18023 RESERVED CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...) NOT-FOR-US: Qibosoft QiboCMS CVE-2020-18021 RESERVED CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...) NOT-FOR-US: PHPSHE Mall System CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...) NOT-FOR-US: Xinhu OA System CVE-2020-18018 RESERVED CVE-2020-18017 RESERVED CVE-2020-18016 RESERVED CVE-2020-18015 RESERVED CVE-2020-18014 RESERVED CVE-2020-18013 (SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter ...) NOT-FOR-US: Whatsns CVE-2020-18012 RESERVED CVE-2020-18011 RESERVED CVE-2020-18010 RESERVED CVE-2020-18009 RESERVED CVE-2020-18008 RESERVED CVE-2020-18007 RESERVED CVE-2020-18006 RESERVED CVE-2020-18005 RESERVED CVE-2020-18004 RESERVED CVE-2020-18003 RESERVED CVE-2020-18002 RESERVED CVE-2020-18001 RESERVED CVE-2020-18000 RESERVED CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...) NOT-FOR-US: MiniCMS CVE-2020-17998 RESERVED CVE-2020-17997 RESERVED CVE-2020-17996 RESERVED CVE-2020-17995 RESERVED CVE-2020-17994 RESERVED CVE-2020-17993 RESERVED CVE-2020-17992 RESERVED CVE-2020-17991 RESERVED CVE-2020-17990 RESERVED CVE-2020-17989 RESERVED CVE-2020-17988 RESERVED CVE-2020-17987 RESERVED CVE-2020-17986 RESERVED CVE-2020-17985 RESERVED CVE-2020-17984 RESERVED CVE-2020-17983 RESERVED CVE-2020-17982 RESERVED CVE-2020-17981 RESERVED CVE-2020-17980 RESERVED CVE-2020-17979 RESERVED CVE-2020-17978 RESERVED CVE-2020-17977 RESERVED CVE-2020-17976 RESERVED CVE-2020-17975 RESERVED CVE-2020-17974 RESERVED CVE-2020-17973 RESERVED CVE-2020-17972 RESERVED CVE-2020-17971 RESERVED CVE-2020-17970 RESERVED CVE-2020-17969 RESERVED CVE-2020-17968 RESERVED CVE-2020-17967 RESERVED CVE-2020-17966 RESERVED CVE-2020-17965 RESERVED CVE-2020-17964 RESERVED CVE-2020-17963 RESERVED CVE-2020-17962 RESERVED CVE-2020-17961 RESERVED CVE-2020-17960 RESERVED CVE-2020-17959 RESERVED CVE-2020-17958 RESERVED CVE-2020-17957 RESERVED CVE-2020-17956 RESERVED CVE-2020-17955 RESERVED CVE-2020-17954 RESERVED CVE-2020-17953 RESERVED CVE-2020-17952 (A remote code execution (RCE) vulnerability in /library/think/App.php ...) NOT-FOR-US: Twothink CVE-2020-17951 RESERVED CVE-2020-17950 RESERVED CVE-2020-17949 RESERVED CVE-2020-17948 RESERVED CVE-2020-17947 RESERVED CVE-2020-17946 RESERVED CVE-2020-17945 RESERVED CVE-2020-17944 RESERVED CVE-2020-17943 RESERVED CVE-2020-17942 RESERVED CVE-2020-17941 RESERVED CVE-2020-17940 RESERVED CVE-2020-17939 RESERVED CVE-2020-17938 RESERVED CVE-2020-17937 RESERVED CVE-2020-17936 RESERVED CVE-2020-17935 RESERVED CVE-2020-17934 RESERVED CVE-2020-17933 RESERVED CVE-2020-17932 RESERVED CVE-2020-17931 RESERVED CVE-2020-17930 RESERVED CVE-2020-17929 RESERVED CVE-2020-17928 RESERVED CVE-2020-17927 RESERVED CVE-2020-17926 RESERVED CVE-2020-17925 RESERVED CVE-2020-17924 RESERVED CVE-2020-17923 RESERVED CVE-2020-17922 RESERVED CVE-2020-17921 RESERVED CVE-2020-17920 RESERVED CVE-2020-17919 RESERVED CVE-2020-17918 RESERVED CVE-2020-17917 RESERVED CVE-2020-17916 RESERVED CVE-2020-17915 RESERVED CVE-2020-17914 RESERVED CVE-2020-17913 RESERVED CVE-2020-17912 RESERVED CVE-2020-17911 RESERVED CVE-2020-17910 RESERVED CVE-2020-17909 RESERVED CVE-2020-17908 RESERVED CVE-2020-17907 RESERVED CVE-2020-17906 RESERVED CVE-2020-17905 RESERVED CVE-2020-17904 RESERVED CVE-2020-17903 RESERVED CVE-2020-17902 RESERVED CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers t ...) NOT-FOR-US: PbootCMS CVE-2020-17900 RESERVED CVE-2020-17899 RESERVED CVE-2020-17898 RESERVED CVE-2020-17897 RESERVED CVE-2020-17896 RESERVED CVE-2020-17895 RESERVED CVE-2020-17894 RESERVED CVE-2020-17893 RESERVED CVE-2020-17892 RESERVED CVE-2020-17891 (TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 ...) NOT-FOR-US: TP-Link CVE-2020-17890 RESERVED CVE-2020-17889 RESERVED CVE-2020-17888 RESERVED CVE-2020-17887 RESERVED CVE-2020-17886 RESERVED CVE-2020-17885 RESERVED CVE-2020-17884 RESERVED CVE-2020-17883 RESERVED CVE-2020-17882 RESERVED CVE-2020-17881 RESERVED CVE-2020-17880 RESERVED CVE-2020-17879 RESERVED CVE-2020-17878 RESERVED CVE-2020-17877 RESERVED CVE-2020-17876 RESERVED CVE-2020-17875 RESERVED CVE-2020-17874 RESERVED CVE-2020-17873 RESERVED CVE-2020-17872 RESERVED CVE-2020-17871 RESERVED CVE-2020-17870 RESERVED CVE-2020-17869 RESERVED CVE-2020-17868 RESERVED CVE-2020-17867 RESERVED CVE-2020-17866 RESERVED CVE-2020-17865 RESERVED CVE-2020-17864 RESERVED CVE-2020-17863 RESERVED CVE-2020-17862 RESERVED CVE-2020-17861 RESERVED CVE-2020-17860 RESERVED CVE-2020-17859 RESERVED CVE-2020-17858 RESERVED CVE-2020-17857 RESERVED CVE-2020-17856 RESERVED CVE-2020-17855 RESERVED CVE-2020-17854 RESERVED CVE-2020-17853 RESERVED CVE-2020-17852 RESERVED CVE-2020-17851 RESERVED CVE-2020-17850 RESERVED CVE-2020-17849 RESERVED CVE-2020-17848 RESERVED CVE-2020-17847 RESERVED CVE-2020-17846 RESERVED CVE-2020-17845 RESERVED CVE-2020-17844 RESERVED CVE-2020-17843 RESERVED CVE-2020-17842 RESERVED CVE-2020-17841 RESERVED CVE-2020-17840 RESERVED CVE-2020-17839 RESERVED CVE-2020-17838 RESERVED CVE-2020-17837 RESERVED CVE-2020-17836 RESERVED CVE-2020-17835 RESERVED CVE-2020-17834 RESERVED CVE-2020-17833 RESERVED CVE-2020-17832 RESERVED CVE-2020-17831 RESERVED CVE-2020-17830 RESERVED CVE-2020-17829 RESERVED CVE-2020-17828 RESERVED CVE-2020-17827 RESERVED CVE-2020-17826 RESERVED CVE-2020-17825 RESERVED CVE-2020-17824 RESERVED CVE-2020-17823 RESERVED CVE-2020-17822 RESERVED CVE-2020-17821 RESERVED CVE-2020-17820 RESERVED CVE-2020-17819 RESERVED CVE-2020-17818 RESERVED CVE-2020-17817 RESERVED CVE-2020-17816 RESERVED CVE-2020-17815 RESERVED CVE-2020-17814 RESERVED CVE-2020-17813 RESERVED CVE-2020-17812 RESERVED CVE-2020-17811 RESERVED CVE-2020-17810 RESERVED CVE-2020-17809 RESERVED CVE-2020-17808 RESERVED CVE-2020-17807 RESERVED CVE-2020-17806 RESERVED CVE-2020-17805 RESERVED CVE-2020-17804 RESERVED CVE-2020-17803 RESERVED CVE-2020-17802 RESERVED CVE-2020-17801 RESERVED CVE-2020-17800 RESERVED CVE-2020-17799 RESERVED CVE-2020-17798 RESERVED CVE-2020-17797 RESERVED CVE-2020-17796 RESERVED CVE-2020-17795 RESERVED CVE-2020-17794 RESERVED CVE-2020-17793 RESERVED CVE-2020-17792 RESERVED CVE-2020-17791 RESERVED CVE-2020-17790 RESERVED CVE-2020-17789 RESERVED CVE-2020-17788 RESERVED CVE-2020-17787 RESERVED CVE-2020-17786 RESERVED CVE-2020-17785 RESERVED CVE-2020-17784 RESERVED CVE-2020-17783 RESERVED CVE-2020-17782 RESERVED CVE-2020-17781 RESERVED CVE-2020-17780 RESERVED CVE-2020-17779 RESERVED CVE-2020-17778 RESERVED CVE-2020-17777 RESERVED CVE-2020-17776 RESERVED CVE-2020-17775 RESERVED CVE-2020-17774 RESERVED CVE-2020-17773 RESERVED CVE-2020-17772 RESERVED CVE-2020-17771 RESERVED CVE-2020-17770 RESERVED CVE-2020-17769 RESERVED CVE-2020-17768 RESERVED CVE-2020-17767 RESERVED CVE-2020-17766 RESERVED CVE-2020-17765 RESERVED CVE-2020-17764 RESERVED CVE-2020-17763 RESERVED CVE-2020-17762 RESERVED CVE-2020-17761 RESERVED CVE-2020-17760 RESERVED CVE-2020-17759 (An issue was found in the Evernote client for Windows 10, 7, and 2008 ...) NOT-FOR-US: Evernote CVE-2020-17758 RESERVED CVE-2020-17757 RESERVED CVE-2020-17756 RESERVED CVE-2020-17755 RESERVED CVE-2020-17754 RESERVED CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart contract im ...) NOT-FOR-US: some Ethereum token CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart contract ...) NOT-FOR-US: some Ethereum token CVE-2020-17751 RESERVED CVE-2020-17750 RESERVED CVE-2020-17749 RESERVED CVE-2020-17748 RESERVED CVE-2020-17747 RESERVED CVE-2020-17746 RESERVED CVE-2020-17745 RESERVED CVE-2020-17744 RESERVED CVE-2020-17743 RESERVED CVE-2020-17742 RESERVED CVE-2020-17741 RESERVED CVE-2020-17740 RESERVED CVE-2020-17739 RESERVED CVE-2020-17738 RESERVED CVE-2020-17737 RESERVED CVE-2020-17736 RESERVED CVE-2020-17735 RESERVED CVE-2020-17734 RESERVED CVE-2020-17733 RESERVED CVE-2020-17732 RESERVED CVE-2020-17731 RESERVED CVE-2020-17730 RESERVED CVE-2020-17729 RESERVED CVE-2020-17728 RESERVED CVE-2020-17727 RESERVED CVE-2020-17726 RESERVED CVE-2020-17725 RESERVED CVE-2020-17724 RESERVED CVE-2020-17723 RESERVED CVE-2020-17722 RESERVED CVE-2020-17721 RESERVED CVE-2020-17720 RESERVED CVE-2020-17719 RESERVED CVE-2020-17718 RESERVED CVE-2020-17717 RESERVED CVE-2020-17716 RESERVED CVE-2020-17715 RESERVED CVE-2020-17714 RESERVED CVE-2020-17713 RESERVED CVE-2020-17712 RESERVED CVE-2020-17711 RESERVED CVE-2020-17710 RESERVED CVE-2020-17709 RESERVED CVE-2020-17708 RESERVED CVE-2020-17707 RESERVED CVE-2020-17706 RESERVED CVE-2020-17705 RESERVED CVE-2020-17704 RESERVED CVE-2020-17703 RESERVED CVE-2020-17702 RESERVED CVE-2020-17701 RESERVED CVE-2020-17700 RESERVED CVE-2020-17699 RESERVED CVE-2020-17698 RESERVED CVE-2020-17697 RESERVED CVE-2020-17696 RESERVED CVE-2020-17695 RESERVED CVE-2020-17694 RESERVED CVE-2020-17693 RESERVED CVE-2020-17692 RESERVED CVE-2020-17691 RESERVED CVE-2020-17690 RESERVED CVE-2020-17689 RESERVED CVE-2020-17688 RESERVED CVE-2020-17687 RESERVED CVE-2020-17686 RESERVED CVE-2020-17685 RESERVED CVE-2020-17684 RESERVED CVE-2020-17683 RESERVED CVE-2020-17682 RESERVED CVE-2020-17681 RESERVED CVE-2020-17680 RESERVED CVE-2020-17679 RESERVED CVE-2020-17678 RESERVED CVE-2020-17677 RESERVED CVE-2020-17676 RESERVED CVE-2020-17675 RESERVED CVE-2020-17674 RESERVED CVE-2020-17673 RESERVED CVE-2020-17672 RESERVED CVE-2020-17671 RESERVED CVE-2020-17670 RESERVED CVE-2020-17669 RESERVED CVE-2020-17668 RESERVED CVE-2020-17667 RESERVED CVE-2020-17666 RESERVED CVE-2020-17665 RESERVED CVE-2020-17664 RESERVED CVE-2020-17663 RESERVED CVE-2020-17662 RESERVED CVE-2020-17661 RESERVED CVE-2020-17660 RESERVED CVE-2020-17659 RESERVED CVE-2020-17658 RESERVED CVE-2020-17657 RESERVED CVE-2020-17656 RESERVED CVE-2020-17655 RESERVED CVE-2020-17654 RESERVED CVE-2020-17653 RESERVED CVE-2020-17652 RESERVED CVE-2020-17651 RESERVED CVE-2020-17650 RESERVED CVE-2020-17649 RESERVED CVE-2020-17648 RESERVED CVE-2020-17647 RESERVED CVE-2020-17646 RESERVED CVE-2020-17645 RESERVED CVE-2020-17644 RESERVED CVE-2020-17643 RESERVED CVE-2020-17642 RESERVED CVE-2020-17641 RESERVED CVE-2020-17640 RESERVED CVE-2020-17639 RESERVED CVE-2020-17638 RESERVED CVE-2020-17637 RESERVED CVE-2020-17636 RESERVED CVE-2020-17635 RESERVED CVE-2020-17634 RESERVED CVE-2020-17633 RESERVED CVE-2020-17632 RESERVED CVE-2020-17631 RESERVED CVE-2020-17630 RESERVED CVE-2020-17629 RESERVED CVE-2020-17628 RESERVED CVE-2020-17627 RESERVED CVE-2020-17626 RESERVED CVE-2020-17625 RESERVED CVE-2020-17624 RESERVED CVE-2020-17623 RESERVED CVE-2020-17622 RESERVED CVE-2020-17621 RESERVED CVE-2020-17620 RESERVED CVE-2020-17619 RESERVED CVE-2020-17618 RESERVED CVE-2020-17617 RESERVED CVE-2020-17616 RESERVED CVE-2020-17615 RESERVED CVE-2020-17614 RESERVED CVE-2020-17613 RESERVED CVE-2020-17612 RESERVED CVE-2020-17611 RESERVED CVE-2020-17610 RESERVED CVE-2020-17609 RESERVED CVE-2020-17608 RESERVED CVE-2020-17607 RESERVED CVE-2020-17606 RESERVED CVE-2020-17605 RESERVED CVE-2020-17604 RESERVED CVE-2020-17603 RESERVED CVE-2020-17602 RESERVED CVE-2020-17601 RESERVED CVE-2020-17600 RESERVED CVE-2020-17599 RESERVED CVE-2020-17598 RESERVED CVE-2020-17597 RESERVED CVE-2020-17596 RESERVED CVE-2020-17595 RESERVED CVE-2020-17594 RESERVED CVE-2020-17593 RESERVED CVE-2020-17592 RESERVED CVE-2020-17591 RESERVED CVE-2020-17590 RESERVED CVE-2020-17589 RESERVED CVE-2020-17588 RESERVED CVE-2020-17587 RESERVED CVE-2020-17586 RESERVED CVE-2020-17585 RESERVED CVE-2020-17584 RESERVED CVE-2020-17583 RESERVED CVE-2020-17582 RESERVED CVE-2020-17581 RESERVED CVE-2020-17580 RESERVED CVE-2020-17579 RESERVED CVE-2020-17578 RESERVED CVE-2020-17577 RESERVED CVE-2020-17576 RESERVED CVE-2020-17575 RESERVED CVE-2020-17574 RESERVED CVE-2020-17573 RESERVED CVE-2020-17572 RESERVED CVE-2020-17571 RESERVED CVE-2020-17570 RESERVED CVE-2020-17569 RESERVED CVE-2020-17568 RESERVED CVE-2020-17567 RESERVED CVE-2020-17566 RESERVED CVE-2020-17565 RESERVED CVE-2020-17564 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) NOT-FOR-US: FeiFeiCMS CVE-2020-17563 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) NOT-FOR-US: FeiFeiCMS CVE-2020-17562 RESERVED CVE-2020-17561 RESERVED CVE-2020-17560 RESERVED CVE-2020-17559 RESERVED CVE-2020-17558 RESERVED CVE-2020-17557 RESERVED CVE-2020-17556 RESERVED CVE-2020-17555 RESERVED CVE-2020-17554 RESERVED CVE-2020-17553 RESERVED CVE-2020-17552 RESERVED CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which ...) NOT-FOR-US: ImpressCMS CVE-2020-17550 RESERVED CVE-2020-17549 RESERVED CVE-2020-17548 RESERVED CVE-2020-17547 RESERVED CVE-2020-17546 RESERVED CVE-2020-17545 RESERVED CVE-2020-17544 RESERVED CVE-2020-17543 RESERVED CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to ...) NOT-FOR-US: dotCMS CVE-2020-17541 (Libjpeg-turbo all version have a stack-based buffer overflow in the "t ...) - libjpeg-turbo 1:2.0.5-1 (unimportant) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 CVE-2020-17540 RESERVED CVE-2020-17539 RESERVED CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #1, see also CVE-2020-16296 CVE-2020-17537 REJECTED CVE-2020-17536 REJECTED CVE-2020-17535 REJECTED CVE-2020-17534 (There exists a race condition between the deletion of the temporary fi ...) NOT-FOR-US: netbeans-html4j CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...) NOT-FOR-US: Apache Accumulo CVE-2020-17532 (When handler-router component is enabled in servicecomb-java-chassis, ...) NOT-FOR-US: servicecomb-java-chassis CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...) NOT-FOR-US: Apache Tapestry CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...) - libstruts1.2-java (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061 CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...) NOT-FOR-US: Apache NuttX CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...) NOT-FOR-US: Apache NuttX CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...) {DSA-4835-1 DLA-2495-1} - tomcat9 9.0.40-1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40) NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60) CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...) - airflow (bug #819700) CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...) {DSA-4851-1 DLA-2646-1} - subversion 1.14.1-1 (bug #982464) NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt CVE-2020-17524 REJECTED CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...) - shiro (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3 NOTE: https://issues.apache.org/jira/browse/SHIRO-797 CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in Apache ...) NOT-FOR-US: Apache Traffic Control CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...) - groovy 2.4.21-1 (bug #977399) [buster] - groovy (Minor issue) [stretch] - groovy (Minor issue) - groovy2 NOTE: https://issues.apache.org/jira/browse/GROOVY-9824 NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1 NOTE: https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21) CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be able to b ...) NOT-FOR-US: Apache Pulsar CVE-2020-17519 (A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and ...) NOT-FOR-US: Apache Flink CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to write ...) NOT-FOR-US: Apache Flink CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must be inacc ...) NOT-FOR-US: Apache Ozone CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...) - cassandra (bug #585905) CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) - airflow (bug #819700) CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...) NOT-FOR-US: Apache Fineract CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...) - airflow (bug #819700) CVE-2020-17512 RESERVED CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...) - airflow (bug #819700) CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...) {DLA-2726-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning attack. I ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7359 NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7358 NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) {DLA-2377-1 DLA-2376-1} - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4 - qt4-x11 (bug #970308) [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch) CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...) NOT-FOR-US: Barco CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...) NOT-FOR-US: Barco CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). ...) NOT-FOR-US: Barco CVE-2020-17501 RESERVED CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...) NOT-FOR-US: Barco CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) - wireshark 3.2.6-1 [buster] - wireshark (Vulnerable compose_tvb code not present) [stretch] - wireshark (Vulnerable compose_tvb code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...) - iwd 1.9-1 (bug #968996) [buster] - iwd (Minor issue) NOTE: https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/ NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...) NOT-FOR-US: vBulletin CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) - python-django-celery-results (unimportant; bug #968305) NOTE: https://github.com/celery/django-celery-results/issues/142 NOTE: Disputed upstream as security vulnerablity, as it is up to the developers who uses NOTE: sensitive information when calling celery tasks to provide suitable replacement argument NOTE: through argsrepr and kwargsrepr as described in: NOTE: https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270 CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords.) NOT-FOR-US: Untangle Firewall NG CVE-2020-17493 RESERVED CVE-2020-17492 RESERVED CVE-2020-17491 RESERVED CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates certificates ...) {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x) NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x) CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...) {DLA-2374-1} - gnome-shell 3.36.5-1 (bug #968311) [buster] - gnome-shell 3.30.2-11~deb10u2 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04 CVE-2020-17488 RESERVED CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/17431 CVE-2020-17486 RESERVED CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker a ...) NOT-FOR-US: Uffizio CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS Tracker all ...) NOT-FOR-US: Uffizio CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's GPS Track ...) NOT-FOR-US: Uffizio CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...) - pdns 4.3.1-1 (bug #970737) [buster] - pdns 4.1.6-3+deb10u1 [stretch] - pdns (Minor issue) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html CVE-2020-17481 RESERVED CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) - tinymce (bug #972642) [buster] - tinymce (Minor issue) [stretch] - tinymce (Minor issue) NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) NOT-FOR-US: jpv CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...) - libcrypt-perl-perl (bug #907353) CVE-2020-17477 (Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school befor ...) NOT-FOR-US: ucs-school-ldap-acls-master in UCS@school CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name.) NOT-FOR-US: Mibew Messenger CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...) NOT-FOR-US: MEGVII Koala CVE-2020-17474 (A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiose ...) NOT-FOR-US: ZKTeco FaceDepot 7B and ZKBiosecurity Server CVE-2020-17473 (Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBio ...) NOT-FOR-US: ZKTeco FaceDepot and ZKBiosecurity Server CVE-2020-17472 RESERVED CVE-2020-17471 RESERVED CVE-2020-17470 (An issue was discovered in FNET through 4.6.4. The code that initializ ...) NOT-FOR-US: FNET CVE-2020-17469 (An issue was discovered in FNET through 4.6.4. The code for IPv6 fragm ...) NOT-FOR-US: FNET CVE-2020-17468 (An issue was discovered in FNET through 4.6.4. The code for processing ...) NOT-FOR-US: FNET CVE-2020-17467 (An issue was discovered in FNET through 4.6.4. The code for processing ...) NOT-FOR-US: FNET CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...) NOT-FOR-US: Turcom TRCwifiZone CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...) NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager CVE-2020-17464 REJECTED CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...) NOT-FOR-US: FUEL CMS CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...) NOT-FOR-US: CMS Made Simple CVE-2020-17461 RESERVED CVE-2020-17460 RESERVED CVE-2020-17459 RESERVED CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...) NOT-FOR-US: MultiUx CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...) NOT-FOR-US: Fujitsu CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...) NOT-FOR-US: SEOWON INTECH CVE-2020-17455 RESERVED CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...) NOT-FOR-US: WSO2 API Manager CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the carbon/admin/l ...) NOT-FOR-US: WSO2 Management Console CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...) NOT-FOR-US: flatCore CMS CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...) NOT-FOR-US: flatCore CMS CVE-2020-17450 (PHP-Fusion 9.03 allows XSS on the preview page.) NOT-FOR-US: PHP-Fusion CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file.) NOT-FOR-US: PHP-Fusion CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) - telegram-desktop 2.2.0+ds-1 [buster] - telegram-desktop (Minor issue) CVE-2020-17447 REJECTED CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) {DLA-2363-1} - asyncpg 0.21.0-1 NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0 CVE-2020-17445 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) NOT-FOR-US: picoTCP CVE-2020-17444 (An issue was discovered in picoTCP 1.7.0. The routine for processing t ...) NOT-FOR-US: picoTCP CVE-2020-17443 (An issue was discovered in picoTCP 1.7.0. The code for creating an ICM ...) NOT-FOR-US: picoTCP CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing the hop ...) NOT-FOR-US: picoTCP CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) NOT-FOR-US: picoTCP CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Foxit CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Foxit Reader CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: NEC CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Microhard Bullet-LTE CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Microhard Bullet-LTE CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Senstar Symphony CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through ...) NOT-FOR-US: Telos Z/IP ONE Broadcast CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...) NOT-FOR-US: MSI AmbientLink MsIo64 driver CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...) NOT-FOR-US: Ghisler Total Commander CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...) {DLA-3362-1 DLA-2623-1} - qemu 1:5.2+dfsg-10 (bug #970937) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 NOTE: confusion with CVE-2020-25085, see RH bug; re-submitted as CVE-2021-3409 CVE-2020-17379 RESERVED CVE-2020-17378 RESERVED CVE-2020-17377 RESERVED CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...) - nova 2:21.1.0-1 (bug #969052) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) NOTE: https://launchpad.net/bugs/1890501 NOTE: https://www.openwall.com/lists/oss-security/2020/08/25/4 CVE-2020-17375 RESERVED CVE-2020-17374 RESERVED CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.) NOT-FOR-US: SugarCRM CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS.) NOT-FOR-US: SugarCRM CVE-2020-17371 RESERVED CVE-2020-17370 RESERVED CVE-2020-17369 RESERVED CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...) {DSA-4767-1 DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://phabricator.wikimedia.org/T258763 NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...) {DSA-4767-1 DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://phabricator.wikimedia.org/T258763 NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...) - routinator (bug #929024) NOTE: https://github.com/NLnetLabs/routinator/issues/319 CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...) NOT-FOR-US: Hotspot Shield VPN client for Windows CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.) NOT-FOR-US: User-friendly SVN CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...) NOT-FOR-US: User-friendly SVN CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...) NOT-FOR-US: Nova Lite theme for WordPress CVE-2020-17361 (An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy me ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17360 (An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy me ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17359 RESERVED CVE-2020-17358 RESERVED CVE-2020-17357 RESERVED CVE-2020-17356 RESERVED CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) NOT-FOR-US: Arista CVE-2020-17354 (LilyPond before 2.24 allows attackers to bypass the -dsafe protection ...) - lilypond 2.22.1-1 [bullseye] - lilypond (Unfixable, marked as insecure in later uploads) [buster] - lilypond (Unfixable, marked as insecure in later uploads) NOTE: https://phabricator.wikimedia.org/T259210 NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory NOTE: 2.22.1-1 adds a note about Lilypond security status, using that the "fixed" version CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...) {DSA-4756-1} - lilypond 2.20.0-2 (bug #968993) NOTE: https://phabricator.wikimedia.org/T258547 NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...) NOT-FOR-US: Sophos CVE-2020-17351 RESERVED CVE-2020-17350 RESERVED CVE-2020-17349 RESERVED CVE-2020-17348 RESERVED CVE-2020-17347 RESERVED CVE-2020-17346 RESERVED CVE-2020-17345 RESERVED CVE-2020-17344 RESERVED CVE-2020-17343 RESERVED CVE-2020-17342 RESERVED CVE-2020-17341 RESERVED CVE-2020-17340 RESERVED CVE-2020-17339 RESERVED CVE-2020-17338 RESERVED CVE-2020-17337 RESERVED CVE-2020-17336 RESERVED CVE-2020-17335 RESERVED CVE-2020-17334 RESERVED CVE-2020-17333 RESERVED CVE-2020-17332 RESERVED CVE-2020-17331 RESERVED CVE-2020-17330 RESERVED CVE-2020-17329 RESERVED CVE-2020-17328 RESERVED CVE-2020-17327 RESERVED CVE-2020-17326 RESERVED CVE-2020-17325 RESERVED CVE-2020-17324 RESERVED CVE-2020-17323 RESERVED CVE-2020-17322 RESERVED CVE-2020-17321 RESERVED CVE-2020-17320 RESERVED CVE-2020-17319 RESERVED CVE-2020-17318 RESERVED CVE-2020-17317 RESERVED CVE-2020-17316 RESERVED CVE-2020-17315 RESERVED CVE-2020-17314 RESERVED CVE-2020-17313 RESERVED CVE-2020-17312 RESERVED CVE-2020-17311 RESERVED CVE-2020-17310 RESERVED CVE-2020-17309 RESERVED CVE-2020-17308 RESERVED CVE-2020-17307 RESERVED CVE-2020-17306 RESERVED CVE-2020-17305 RESERVED CVE-2020-17304 RESERVED CVE-2020-17303 RESERVED CVE-2020-17302 RESERVED CVE-2020-17301 RESERVED CVE-2020-17300 RESERVED CVE-2020-17299 RESERVED CVE-2020-17298 RESERVED CVE-2020-17297 RESERVED CVE-2020-17296 RESERVED CVE-2020-17295 RESERVED CVE-2020-17294 RESERVED CVE-2020-17293 RESERVED CVE-2020-17292 RESERVED CVE-2020-17291 RESERVED CVE-2020-17290 RESERVED CVE-2020-17289 RESERVED CVE-2020-17288 RESERVED CVE-2020-17287 RESERVED CVE-2020-17286 RESERVED CVE-2020-17285 RESERVED CVE-2020-17284 RESERVED CVE-2020-17283 RESERVED CVE-2020-17282 RESERVED CVE-2020-17281 RESERVED CVE-2020-17280 RESERVED CVE-2020-17279 RESERVED CVE-2020-17278 RESERVED CVE-2020-17277 RESERVED CVE-2020-17276 RESERVED CVE-2020-17275 RESERVED CVE-2020-17274 RESERVED CVE-2020-17273 RESERVED CVE-2020-17272 RESERVED CVE-2020-17271 RESERVED CVE-2020-17270 RESERVED CVE-2020-17269 RESERVED CVE-2020-17268 RESERVED CVE-2020-17267 RESERVED CVE-2020-17266 RESERVED CVE-2020-17265 RESERVED CVE-2020-17264 RESERVED CVE-2020-17263 RESERVED CVE-2020-17262 RESERVED CVE-2020-17261 RESERVED CVE-2020-17260 RESERVED CVE-2020-17259 RESERVED CVE-2020-17258 RESERVED CVE-2020-17257 RESERVED CVE-2020-17256 RESERVED CVE-2020-17255 RESERVED CVE-2020-17254 RESERVED CVE-2020-17253 RESERVED CVE-2020-17252 RESERVED CVE-2020-17251 RESERVED CVE-2020-17250 RESERVED CVE-2020-17249 RESERVED CVE-2020-17248 RESERVED CVE-2020-17247 RESERVED CVE-2020-17246 RESERVED CVE-2020-17245 RESERVED CVE-2020-17244 RESERVED CVE-2020-17243 RESERVED CVE-2020-17242 RESERVED CVE-2020-17241 RESERVED CVE-2020-17240 RESERVED CVE-2020-17239 RESERVED CVE-2020-17238 RESERVED CVE-2020-17237 RESERVED CVE-2020-17236 RESERVED CVE-2020-17235 RESERVED CVE-2020-17234 RESERVED CVE-2020-17233 RESERVED CVE-2020-17232 RESERVED CVE-2020-17231 RESERVED CVE-2020-17230 RESERVED CVE-2020-17229 RESERVED CVE-2020-17228 RESERVED CVE-2020-17227 RESERVED CVE-2020-17226 RESERVED CVE-2020-17225 RESERVED CVE-2020-17224 RESERVED CVE-2020-17223 RESERVED CVE-2020-17222 RESERVED CVE-2020-17221 RESERVED CVE-2020-17220 RESERVED CVE-2020-17219 RESERVED CVE-2020-17218 RESERVED CVE-2020-17217 RESERVED CVE-2020-17216 RESERVED CVE-2020-17215 RESERVED CVE-2020-17214 RESERVED CVE-2020-17213 RESERVED CVE-2020-17212 RESERVED CVE-2020-17211 RESERVED CVE-2020-17210 RESERVED CVE-2020-17209 RESERVED CVE-2020-17208 RESERVED CVE-2020-17207 RESERVED CVE-2020-17206 RESERVED CVE-2020-17205 RESERVED CVE-2020-17204 RESERVED CVE-2020-17203 RESERVED CVE-2020-17202 RESERVED CVE-2020-17201 RESERVED CVE-2020-17200 RESERVED CVE-2020-17199 RESERVED CVE-2020-17198 RESERVED CVE-2020-17197 RESERVED CVE-2020-17196 RESERVED CVE-2020-17195 RESERVED CVE-2020-17194 RESERVED CVE-2020-17193 RESERVED CVE-2020-17192 RESERVED CVE-2020-17191 RESERVED CVE-2020-17190 RESERVED CVE-2020-17189 RESERVED CVE-2020-17188 RESERVED CVE-2020-17187 RESERVED CVE-2020-17186 RESERVED CVE-2020-17185 RESERVED CVE-2020-17184 RESERVED CVE-2020-17183 RESERVED CVE-2020-17182 RESERVED CVE-2020-17181 RESERVED CVE-2020-17180 RESERVED CVE-2020-17179 RESERVED CVE-2020-17178 RESERVED CVE-2020-17177 RESERVED CVE-2020-17176 RESERVED CVE-2020-17175 RESERVED CVE-2020-17174 RESERVED CVE-2020-17173 RESERVED CVE-2020-17172 RESERVED CVE-2020-17171 RESERVED CVE-2020-17170 RESERVED CVE-2020-17169 RESERVED CVE-2020-17168 RESERVED CVE-2020-17167 RESERVED CVE-2020-17166 RESERVED CVE-2020-17165 RESERVED CVE-2020-17164 RESERVED CVE-2020-17163 (Visual Studio Code Python Extension Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17161 RESERVED CVE-2020-17160 REJECTED CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2020-17158 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) NOT-FOR-US: Microsoft CVE-2020-17157 RESERVED CVE-2020-17156 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17155 RESERVED CVE-2020-17154 RESERVED CVE-2020-17153 (Microsoft Edge for Android Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17152 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) NOT-FOR-US: Microsoft CVE-2020-17151 RESERVED CVE-2020-17150 (Visual Studio Code Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17149 RESERVED CVE-2020-17148 (Visual Studio Code Remote Development Extension Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2020-17147 (Dynamics CRM Webclient Cross-site Scripting Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17146 RESERVED CVE-2020-17145 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17144 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17143 (Microsoft Exchange Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17142 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17141 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17140 (Windows SMB Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17139 (Windows Overlay Filter Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17138 (Windows Error Reporting Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17137 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17136 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure) NOT-FOR-US: Microsoft CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17131 (Chakra Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17130 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17129 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17128 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17127 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17126 (Microsoft Excel Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17125 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17124 (Microsoft PowerPoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17123 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17122 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17121 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17120 (Microsoft SharePoint Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17119 (Microsoft Outlook Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17118 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17117 (Microsoft Exchange Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17116 RESERVED CVE-2020-17115 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17114 RESERVED CVE-2020-17113 (Windows Camera Codec Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17112 RESERVED CVE-2020-17111 RESERVED CVE-2020-17110 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17109 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17108 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17107 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17106 (HEVC Video Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17103 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17100 (Visual Studio Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17099 (Windows Lock Screen Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17098 (Windows GDI+ Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17097 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17096 (Windows NTFS Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17095 (Windows Hyper-V Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17094 (Windows Error Reporting Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17093 RESERVED CVE-2020-17092 (Windows Network Connections Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17089 (Microsoft SharePoint Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17086 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17085 (Microsoft Exchange Server Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17084 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17083 (Microsoft Exchange Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17082 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17081 (Microsoft Raw Image Extension Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17080 RESERVED CVE-2020-17079 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17078 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17077 (Windows Update Stack Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17076 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17075 (Windows USO Core Worker Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17074 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17073 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17072 RESERVED CVE-2020-17071 (Windows Delivery Optimization Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17070 (Windows Update Medic Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17069 (Windows NDIS Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17068 (Windows GDI+ Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17067 (Microsoft Excel Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17066 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17065 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17064 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17063 (Microsoft Office Online Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17062 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2020-17061 (Microsoft SharePoint Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17060 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17059 RESERVED CVE-2020-17058 (Microsoft Browser Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17057 (Windows Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17056 (Windows Network File System Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17055 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17054 (Chakra Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17053 (Internet Explorer Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17052 (Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17051 (Windows Network File System Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17050 RESERVED CVE-2020-17049 (

A security feature bypass vulnerability exists in the way Key Distr ...) NOT-FOR-US: Microsoft CVE-2020-17048 (Chakra Scripting Engine Memory Corruption Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17047 (Windows Network File System Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17046 (Windows Error Reporting Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17045 (Windows KernelStream Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17044 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17043 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17042 (Windows Print Spooler Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17041 (Windows Print Configuration Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17040 (Windows Hyper-V Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17039 RESERVED CVE-2020-17038 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17037 (Windows WalletService Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17036 (Windows Function Discovery SSDP Provider Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2020-17035 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17034 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17033 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17032 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17031 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17030 (Windows MSCTF Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17029 (Windows Canonical Display Driver Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17028 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17027 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17026 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17025 (Windows Remote Access Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17024 (Windows Client Side Rendering Print Provider Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2020-17023 (

A remote code execution vulnerability exists in Visual Studio Code ...) NOT-FOR-US: Microsoft CVE-2020-17022 (

A remote code execution vulnerability exists in the way that Micros ...) NOT-FOR-US: Microsoft CVE-2020-17021 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17020 (Microsoft Word Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17019 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17018 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17017 (Microsoft SharePoint Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17016 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17015 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17014 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17013 (Win32k Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17012 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17011 (Windows Port Class Library Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17010 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17009 RESERVED CVE-2020-17008 RESERVED CVE-2020-17007 (Windows Error Reporting Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17006 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17005 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17004 (Windows Graphics Component Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17003 (

A remote code execution vulnerability exists when the Base3D render ...) NOT-FOR-US: Microsoft CVE-2020-17002 (Azure SDK for C Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17001 (Windows Print Spooler Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-17000 (Remote Desktop Protocol Client Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16999 (Windows WalletService Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16998 (DirectX Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16997 (Remote Desktop Protocol Server Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16996 (Kerberos Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16995 (

An elevation of privilege vulnerability exists in Network Watcher A ...) NOT-FOR-US: Microsoft CVE-2020-16994 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16993 (Azure Sphere Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16992 (Azure Sphere Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16991 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16990 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16989 (Azure Sphere Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16988 (Azure Sphere Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16987 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16986 (Azure Sphere Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16985 (Azure Sphere Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16984 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16983 (Azure Sphere Tampering Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16982 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16981 (Azure Sphere Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16980 (

An elevation of privilege vulnerability exists when the Windows iSC ...) NOT-FOR-US: Microsoft CVE-2020-16979 (Microsoft SharePoint Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16978 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16977 (

A remote code execution vulnerability exists in Visual Studio Code ...) NOT-FOR-US: Microsoft CVE-2020-16976 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16975 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16974 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16973 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16972 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16971 (Azure SDK for Java Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16970 (Azure Sphere Unsigned Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16969 (

An information disclosure vulnerability exists in how Microsoft Exc ...) NOT-FOR-US: Microsoft CVE-2020-16968 (

A remote code execution vulnerability exists when the Windows Camer ...) NOT-FOR-US: Microsoft CVE-2020-16967 (

A remote code execution vulnerability exists when the Windows Camer ...) NOT-FOR-US: Microsoft CVE-2020-16966 RESERVED CVE-2020-16965 RESERVED CVE-2020-16964 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16963 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16962 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16961 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16960 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16959 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16958 (Windows Backup Engine Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2020-16957 (

A remote code execution vulnerability exists when the Microsoft Off ...) NOT-FOR-US: Microsoft CVE-2020-16956 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16955 (

An elevation of privilege vulnerability exists in the way that Micr ...) NOT-FOR-US: Microsoft CVE-2020-16954 (

A remote code execution vulnerability exists in Microsoft Office so ...) NOT-FOR-US: Microsoft CVE-2020-16953 (

An information disclosure vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16952 (

A remote code execution vulnerability exists in Microsoft SharePoin ...) NOT-FOR-US: Microsoft CVE-2020-16951 (

A remote code execution vulnerability exists in Microsoft SharePoin ...) NOT-FOR-US: Microsoft CVE-2020-16950 (

An information disclosure vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16949 (

A denial of service vulnerability exists in Microsoft Outlook softw ...) NOT-FOR-US: Microsoft CVE-2020-16948 (

An information disclosure vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16947 (

A remote code execution vulnerability exists in Microsoft Outlook s ...) NOT-FOR-US: Microsoft CVE-2020-16946 (

A cross-site-scripting (XSS) vulnerability exists when Microsoft Sh ...) NOT-FOR-US: Microsoft CVE-2020-16945 (

A cross-site-scripting (XSS) vulnerability exists when Microsoft Sh ...) NOT-FOR-US: Microsoft CVE-2020-16944 (

This vulnerability is caused when SharePoint Server does not proper ...) NOT-FOR-US: Microsoft CVE-2020-16943 (

An elevation of privilege vulnerability exists in Microsoft Dynamic ...) NOT-FOR-US: Microsoft CVE-2020-16942 (

An information disclosure vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16941 (

An information disclosure vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16940 (

An elevation of privilege vulnerability exists when the Windows Use ...) NOT-FOR-US: Microsoft CVE-2020-16939 (

An elevation of privilege vulnerability exists when Group Policy im ...) NOT-FOR-US: Microsoft CVE-2020-16938 (

An information disclosure vulnerability exists when the Windows ker ...) NOT-FOR-US: Microsoft CVE-2020-16937 (

An information disclosure vulnerability exists when the .NET Framew ...) - dotnet-core-3.1 (bug #968921) CVE-2020-16936 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16935 (

An elevation of privilege vulnerability exists when Windows imprope ...) NOT-FOR-US: Microsoft CVE-2020-16934 (

An elevation of privilege vulnerability exists in the way that Micr ...) NOT-FOR-US: Microsoft CVE-2020-16933 (

A security feature bypass vulnerability exists in Microsoft Word so ...) NOT-FOR-US: Microsoft CVE-2020-16932 (

A remote code execution vulnerability exists in Microsoft Excel sof ...) NOT-FOR-US: Microsoft CVE-2020-16931 (

A remote code execution vulnerability exists in Microsoft Excel sof ...) NOT-FOR-US: Microsoft CVE-2020-16930 (

A remote code execution vulnerability exists in Microsoft Excel sof ...) NOT-FOR-US: Microsoft CVE-2020-16929 (

A remote code execution vulnerability exists in Microsoft Excel sof ...) NOT-FOR-US: Microsoft CVE-2020-16928 (

An elevation of privilege vulnerability exists in the way that Micr ...) NOT-FOR-US: Microsoft CVE-2020-16927 (

A denial of service vulnerability exists in Remote Desktop Protocol ...) NOT-FOR-US: Microsoft CVE-2020-16926 RESERVED CVE-2020-16925 RESERVED CVE-2020-16924 (

A remote code execution vulnerability exists when the Windows Jet D ...) NOT-FOR-US: Microsoft CVE-2020-16923 (

A remote code execution vulnerability exists in the way that Micros ...) NOT-FOR-US: Microsoft CVE-2020-16922 (

A spoofing vulnerability exists when Windows incorrectly validates ...) NOT-FOR-US: Microsoft CVE-2020-16921 (

An information disclosure vulnerability exists in Text Services Fra ...) NOT-FOR-US: Microsoft CVE-2020-16920 (

An elevation of privilege vulnerability exists when the Windows App ...) NOT-FOR-US: Microsoft CVE-2020-16919 (

An information disclosure vulnerability exists when the Windows Ent ...) NOT-FOR-US: Microsoft CVE-2020-16918 (

A remote code execution vulnerability exists when the Base3D render ...) NOT-FOR-US: Microsoft CVE-2020-16917 RESERVED CVE-2020-16916 (

An elevation of privilege vulnerability exists when Windows imprope ...) NOT-FOR-US: Microsoft CVE-2020-16915 (

A memory corruption vulnerability exists when Windows Media Foundat ...) NOT-FOR-US: Microsoft CVE-2020-16914 (

An information disclosure vulnerability exists in the way that the ...) NOT-FOR-US: Microsoft CVE-2020-16913 (

An elevation of privilege vulnerability exists in Windows when the ...) NOT-FOR-US: Microsoft CVE-2020-16912 (

An elevation of privilege vulnerability exists when the Windows Bac ...) NOT-FOR-US: Microsoft CVE-2020-16911 (

A remote code execution vulnerability exists in the way that the Wi ...) NOT-FOR-US: Microsoft CVE-2020-16910 (

A security feature bypass vulnerability exists when Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2020-16909 (

An elevation of privilege vulnerability exists in Windows Error Rep ...) NOT-FOR-US: Microsoft CVE-2020-16908 (

An elevation of privilege vulnerability exists in Windows Setup in ...) NOT-FOR-US: Microsoft CVE-2020-16907 (

An elevation of privilege vulnerability exists in Windows when the ...) NOT-FOR-US: Microsoft CVE-2020-16906 RESERVED CVE-2020-16905 (

An elevation of privilege vulnerability exists in Windows Error Rep ...) NOT-FOR-US: Microsoft CVE-2020-16904 (

An elevation of privilege vulnerability exists in the way Azure Fun ...) NOT-FOR-US: Microsoft CVE-2020-16903 RESERVED CVE-2020-16902 (

An elevation of privilege vulnerability exists in the Windows Insta ...) NOT-FOR-US: Microsoft CVE-2020-16901 (

An information disclosure vulnerability exists when the Windows ker ...) NOT-FOR-US: Microsoft CVE-2020-16900 (

An elevation of privilege vulnerability exists when the Windows Eve ...) NOT-FOR-US: Microsoft CVE-2020-16899 (

A denial of service vulnerability exists when the Windows TCP/IP st ...) NOT-FOR-US: Microsoft CVE-2020-16898 (

A remote code execution vulnerability exists when the Windows TCP/I ...) NOT-FOR-US: Microsoft CVE-2020-16897 (

An information disclosure vulnerability exists when NetBIOS over TC ...) NOT-FOR-US: Microsoft CVE-2020-16896 (

An information disclosure vulnerability exists in Remote Desktop Pr ...) NOT-FOR-US: Microsoft CVE-2020-16895 (

An elevation of privilege vulnerability exists when Windows Error R ...) NOT-FOR-US: Microsoft CVE-2020-16894 (

A denial of service vulnerability exists when Windows Network Addre ...) NOT-FOR-US: Microsoft CVE-2020-16893 RESERVED CVE-2020-16892 (

An elevation of privilege vulnerability exists in the way that the ...) NOT-FOR-US: Microsoft CVE-2020-16891 (

A remote code execution vulnerability exists when Windows Hyper-V o ...) NOT-FOR-US: Microsoft CVE-2020-16890 (

An elevation of privilege vulnerability exists when the Windows ker ...) NOT-FOR-US: Microsoft CVE-2020-16889 (

An information disclosure vulnerability exists when the Windows Ker ...) NOT-FOR-US: Microsoft CVE-2020-16888 RESERVED CVE-2020-16887 (

An elevation of privilege vulnerability exists in the way that the ...) NOT-FOR-US: Microsoft CVE-2020-16886 (

A security feature bypass vulnerability exists in the PowerShellGet ...) NOT-FOR-US: Microsoft CVE-2020-16885 (

An elevation of privilege vulnerability exists when the Windows Sto ...) NOT-FOR-US: Microsoft CVE-2020-16884 (

A remote code execution vulnerability exists in the way that the IE ...) NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer CVE-2020-16883 RESERVED CVE-2020-16882 RESERVED CVE-2020-16881 (

A remote code execution vulnerability exists in Visual Studio Code ...) NOT-FOR-US: Microsoft CVE-2020-16880 RESERVED CVE-2020-16879 (

An information disclosure vulnerability exists when a Windows Proje ...) NOT-FOR-US: Microsoft CVE-2020-16878 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16877 (

An elevation of privilege vulnerability exists when Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2020-16876 (

An elevation of privilege vulnerability exists when the Windows App ...) NOT-FOR-US: Microsoft CVE-2020-16875 (

A remote code execution vulnerability exists in Microsoft Exchange ...) NOT-FOR-US: Microsoft CVE-2020-16874 (

A remote code execution vulnerability exists in Visual Studio when ...) NOT-FOR-US: Microsoft CVE-2020-16873 (

A spoofing vulnerability manifests in Microsoft Xamarin.Forms due t ...) NOT-FOR-US: Microsoft CVE-2020-16872 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16871 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16870 RESERVED CVE-2020-16869 RESERVED CVE-2020-16868 RESERVED CVE-2020-16867 RESERVED CVE-2020-16866 RESERVED CVE-2020-16865 RESERVED CVE-2020-16864 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16863 (

A denial of service vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-16862 (

A remote code execution vulnerability exists in Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16861 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16860 (

A remote code execution vulnerability exists in Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16859 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16858 (

A cross site scripting vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16857 (

A remote code execution vulnerability exists in Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-16856 (

A remote code execution vulnerability exists in Visual Studio when ...) NOT-FOR-US: Microsoft CVE-2020-16855 (

An information disclosure vulnerability exists when Microsoft Offic ...) NOT-FOR-US: Microsoft CVE-2020-16854 (

An information disclosure vulnerability exists when the Windows ker ...) NOT-FOR-US: Microsoft CVE-2020-16853 (

An elevation of privilege vulnerability exists when the OneDrive fo ...) NOT-FOR-US: Microsoft CVE-2020-16852 (

An elevation of privilege vulnerability exists when the OneDrive fo ...) NOT-FOR-US: Microsoft CVE-2020-16851 (

An elevation of privilege vulnerability exists when the OneDrive fo ...) NOT-FOR-US: Microsoft CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthent ...) NOT-FOR-US: Mitsubishi CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An "Improper Ha ...) NOT-FOR-US: Canon CVE-2020-16848 RESERVED CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...) NOT-FOR-US: Extreme Management Center CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending crafte ...) {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ NOTE: https://gitlab.com/saltstack/open/salt-patches/tree/master/patches/2020/09/02/ NOTE: Regression: https://github.com/saltstack/salt/issues/58970 NOTE: Regression fix: https://github.com/saltstack/salt/commit/84d91931865626a9b53558f88d6c8919a270df3a (v3000.6) CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) {DSA-4848-1 DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc2-1 - golang-1.14 1.14.7-1 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo NOTE: https://github.com/golang/go/issues/40618 NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15 CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...) NOT-FOR-US: Istio CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) NOT-FOR-US: Firecracker CVE-2020-16842 RESERVED CVE-2020-16841 RESERVED CVE-2020-16840 RESERVED CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...) NOT-FOR-US: Crestron CVE-2020-16838 RESERVED CVE-2020-16837 RESERVED CVE-2020-16836 REJECTED CVE-2020-16835 REJECTED CVE-2020-16834 REJECTED CVE-2020-16833 REJECTED CVE-2020-16832 REJECTED CVE-2020-16831 REJECTED CVE-2020-16830 REJECTED CVE-2020-16829 REJECTED CVE-2020-16828 REJECTED CVE-2020-16827 REJECTED CVE-2020-16826 REJECTED CVE-2020-16825 REJECTED CVE-2020-16824 REJECTED CVE-2020-16823 REJECTED CVE-2020-16822 REJECTED CVE-2020-16821 REJECTED CVE-2020-16820 REJECTED CVE-2020-16819 REJECTED CVE-2020-16818 REJECTED CVE-2020-16817 REJECTED CVE-2020-16816 REJECTED CVE-2020-16815 REJECTED CVE-2020-16814 REJECTED CVE-2020-16813 REJECTED CVE-2020-16812 REJECTED CVE-2020-16811 REJECTED CVE-2020-16810 REJECTED CVE-2020-16809 REJECTED CVE-2020-16808 REJECTED CVE-2020-16807 REJECTED CVE-2020-16806 REJECTED CVE-2020-16805 REJECTED CVE-2020-16804 REJECTED CVE-2020-16803 REJECTED CVE-2020-16802 REJECTED CVE-2020-16801 REJECTED CVE-2020-16800 REJECTED CVE-2020-16799 REJECTED CVE-2020-16798 REJECTED CVE-2020-16797 REJECTED CVE-2020-16796 REJECTED CVE-2020-16795 REJECTED CVE-2020-16794 REJECTED CVE-2020-16793 REJECTED CVE-2020-16792 REJECTED CVE-2020-16791 REJECTED CVE-2020-16790 REJECTED CVE-2020-16789 REJECTED CVE-2020-16788 REJECTED CVE-2020-16787 REJECTED CVE-2020-16786 REJECTED CVE-2020-16785 REJECTED CVE-2020-16784 REJECTED CVE-2020-16783 REJECTED CVE-2020-16782 REJECTED CVE-2020-16781 REJECTED CVE-2020-16780 REJECTED CVE-2020-16779 REJECTED CVE-2020-16778 REJECTED CVE-2020-16777 REJECTED CVE-2020-16776 REJECTED CVE-2020-16775 REJECTED CVE-2020-16774 REJECTED CVE-2020-16773 REJECTED CVE-2020-16772 REJECTED CVE-2020-16771 REJECTED CVE-2020-16770 REJECTED CVE-2020-16769 REJECTED CVE-2020-16768 REJECTED CVE-2020-16767 REJECTED CVE-2020-16766 REJECTED CVE-2020-16765 REJECTED CVE-2020-16764 REJECTED CVE-2020-16763 REJECTED CVE-2020-16762 REJECTED CVE-2020-16761 REJECTED CVE-2020-16760 REJECTED CVE-2020-16759 REJECTED CVE-2020-16758 REJECTED CVE-2020-16757 REJECTED CVE-2020-16756 REJECTED CVE-2020-16755 REJECTED CVE-2020-16754 REJECTED CVE-2020-16753 REJECTED CVE-2020-16752 REJECTED CVE-2020-16751 REJECTED CVE-2020-16750 REJECTED CVE-2020-16749 REJECTED CVE-2020-16748 REJECTED CVE-2020-16747 REJECTED CVE-2020-16746 REJECTED CVE-2020-16745 REJECTED CVE-2020-16744 REJECTED CVE-2020-16743 REJECTED CVE-2020-16742 REJECTED CVE-2020-16741 REJECTED CVE-2020-16740 REJECTED CVE-2020-16739 REJECTED CVE-2020-16738 REJECTED CVE-2020-16737 REJECTED CVE-2020-16736 REJECTED CVE-2020-16735 REJECTED CVE-2020-16734 REJECTED CVE-2020-16733 REJECTED CVE-2020-16732 REJECTED CVE-2020-16731 REJECTED CVE-2020-16730 REJECTED CVE-2020-16729 REJECTED CVE-2020-16728 REJECTED CVE-2020-16727 REJECTED CVE-2020-16726 REJECTED CVE-2020-16725 REJECTED CVE-2020-16724 REJECTED CVE-2020-16723 REJECTED CVE-2020-16722 REJECTED CVE-2020-16721 REJECTED CVE-2020-16720 REJECTED CVE-2020-16719 REJECTED CVE-2020-16718 REJECTED CVE-2020-16717 REJECTED CVE-2020-16716 REJECTED CVE-2020-16715 REJECTED CVE-2020-16714 REJECTED CVE-2020-16713 REJECTED CVE-2020-16712 REJECTED CVE-2020-16711 REJECTED CVE-2020-16710 REJECTED CVE-2020-16709 REJECTED CVE-2020-16708 REJECTED CVE-2020-16707 REJECTED CVE-2020-16706 REJECTED CVE-2020-16705 REJECTED CVE-2020-16704 REJECTED CVE-2020-16703 REJECTED CVE-2020-16702 REJECTED CVE-2020-16701 REJECTED CVE-2020-16700 REJECTED CVE-2020-16699 REJECTED CVE-2020-16698 REJECTED CVE-2020-16697 REJECTED CVE-2020-16696 REJECTED CVE-2020-16695 REJECTED CVE-2020-16694 REJECTED CVE-2020-16693 REJECTED CVE-2020-16692 REJECTED CVE-2020-16691 REJECTED CVE-2020-16690 REJECTED CVE-2020-16689 REJECTED CVE-2020-16688 REJECTED CVE-2020-16687 REJECTED CVE-2020-16686 REJECTED CVE-2020-16685 REJECTED CVE-2020-16684 REJECTED CVE-2020-16683 REJECTED CVE-2020-16682 REJECTED CVE-2020-16681 REJECTED CVE-2020-16680 REJECTED CVE-2020-16679 REJECTED CVE-2020-16678 REJECTED CVE-2020-16677 REJECTED CVE-2020-16676 REJECTED CVE-2020-16675 REJECTED CVE-2020-16674 REJECTED CVE-2020-16673 REJECTED CVE-2020-16672 REJECTED CVE-2020-16671 REJECTED CVE-2020-16670 REJECTED CVE-2020-16669 REJECTED CVE-2020-16668 REJECTED CVE-2020-16667 REJECTED CVE-2020-16666 REJECTED CVE-2020-16665 REJECTED CVE-2020-16664 REJECTED CVE-2020-16663 REJECTED CVE-2020-16662 REJECTED CVE-2020-16661 REJECTED CVE-2020-16660 REJECTED CVE-2020-16659 REJECTED CVE-2020-16658 REJECTED CVE-2020-16657 REJECTED CVE-2020-16656 REJECTED CVE-2020-16655 REJECTED CVE-2020-16654 REJECTED CVE-2020-16653 REJECTED CVE-2020-16652 REJECTED CVE-2020-16651 REJECTED CVE-2020-16650 REJECTED CVE-2020-16649 REJECTED CVE-2020-16648 REJECTED CVE-2020-16647 REJECTED CVE-2020-16646 REJECTED CVE-2020-16645 REJECTED CVE-2020-16644 REJECTED CVE-2020-16643 REJECTED CVE-2020-16642 REJECTED CVE-2020-16641 REJECTED CVE-2020-16640 REJECTED CVE-2020-16639 REJECTED CVE-2020-16638 REJECTED CVE-2020-16637 REJECTED CVE-2020-16636 REJECTED CVE-2020-16635 RESERVED CVE-2020-16634 RESERVED CVE-2020-16633 RESERVED CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 ...) NOT-FOR-US: DedeCMS CVE-2020-16631 RESERVED CVE-2020-16630 (TI\u2019s BLE stack caches and reuses the LTK\u2019s property for a bo ...) NOT-FOR-US: Texas Instruments CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...) NOT-FOR-US: PhpOK CVE-2020-16628 RESERVED CVE-2020-16627 RESERVED CVE-2020-16626 RESERVED CVE-2020-16625 RESERVED CVE-2020-16624 RESERVED CVE-2020-16623 RESERVED CVE-2020-16622 RESERVED CVE-2020-16621 RESERVED CVE-2020-16620 RESERVED CVE-2020-16619 RESERVED CVE-2020-16618 RESERVED CVE-2020-16617 RESERVED CVE-2020-16616 RESERVED CVE-2020-16615 RESERVED CVE-2020-16614 RESERVED CVE-2020-16613 RESERVED CVE-2020-16612 RESERVED CVE-2020-16611 RESERVED CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...) NOT-FOR-US: Hoosk Codeigniter CMS CVE-2020-16609 RESERVED CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...) NOT-FOR-US: Notable CVE-2020-16607 RESERVED CVE-2020-16606 RESERVED CVE-2020-16605 RESERVED CVE-2020-16604 RESERVED CVE-2020-16603 RESERVED CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...) NOT-FOR-US: Razer Chroma SDK Rest Server CVE-2020-16601 RESERVED CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF ...) - mupdf 1.17.0+ds1-1 (bug #989526) [buster] - mupdf 1.14.0+ds1-4+deb10u3 [stretch] - mupdf (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b CVE-2020-16599 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25842 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4 NOTE: binutils not covered by security support CVE-2020-16598 REJECTED CVE-2020-16597 RESERVED CVE-2020-16596 RESERVED CVE-2020-16595 RESERVED CVE-2020-16594 RESERVED CVE-2020-16593 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25827 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729 NOTE: binutils not covered by security support CVE-2020-16592 (A use after free issue exists in the Binary File Descriptor (BFD) libr ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25823 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a NOTE: binutils not covered by security support CVE-2020-16591 (A Denial of Service vulnerability exists in the Binary File Descriptor ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25822 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2 NOTE: binutils not covered by security support CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor (BFD) ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25821 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4 NOTE: binutils not covered by security support CVE-2020-16589 (A head-based buffer overflow exists in Academy Software Foundation Ope ...) {DLA-3236-1 DLA-2491-1} - openexr 2.5.3-2 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/494 CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Foundation O ...) {DLA-3236-1 DLA-2491-1} - openexr 2.5.3-2 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...) {DLA-3236-1 DLA-2701-1} - openexr 2.5.3-2 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491 CVE-2020-16586 RESERVED CVE-2020-16585 RESERVED CVE-2020-16584 RESERVED CVE-2020-16583 RESERVED CVE-2020-16582 RESERVED CVE-2020-16581 RESERVED CVE-2020-16580 RESERVED CVE-2020-16579 RESERVED CVE-2020-16578 RESERVED CVE-2020-16577 RESERVED CVE-2020-16576 RESERVED CVE-2020-16575 RESERVED CVE-2020-16574 RESERVED CVE-2020-16573 RESERVED CVE-2020-16572 RESERVED CVE-2020-16571 RESERVED CVE-2020-16570 RESERVED CVE-2020-16569 RESERVED CVE-2020-16568 RESERVED CVE-2020-16567 RESERVED CVE-2020-16566 RESERVED CVE-2020-16565 RESERVED CVE-2020-16564 RESERVED CVE-2020-16563 RESERVED CVE-2020-16562 RESERVED CVE-2020-16561 RESERVED CVE-2020-16560 RESERVED CVE-2020-16559 RESERVED CVE-2020-16558 RESERVED CVE-2020-16557 RESERVED CVE-2020-16556 RESERVED CVE-2020-16555 RESERVED CVE-2020-16554 RESERVED CVE-2020-16553 RESERVED CVE-2020-16552 RESERVED CVE-2020-16551 RESERVED CVE-2020-16550 RESERVED CVE-2020-16549 RESERVED CVE-2020-16548 RESERVED CVE-2020-16547 RESERVED CVE-2020-16546 RESERVED CVE-2020-16545 RESERVED CVE-2020-16544 RESERVED CVE-2020-16543 RESERVED CVE-2020-16542 RESERVED CVE-2020-16541 RESERVED CVE-2020-16540 RESERVED CVE-2020-16539 RESERVED CVE-2020-16538 RESERVED CVE-2020-16537 RESERVED CVE-2020-16536 RESERVED CVE-2020-16535 RESERVED CVE-2020-16534 RESERVED CVE-2020-16533 RESERVED CVE-2020-16532 RESERVED CVE-2020-16531 RESERVED CVE-2020-16530 RESERVED CVE-2020-16529 RESERVED CVE-2020-16528 RESERVED CVE-2020-16527 RESERVED CVE-2020-16526 REJECTED CVE-2020-16525 RESERVED CVE-2020-16524 RESERVED CVE-2020-16523 RESERVED CVE-2020-16522 RESERVED CVE-2020-16521 RESERVED CVE-2020-16520 RESERVED CVE-2020-16519 RESERVED CVE-2020-16518 RESERVED CVE-2020-16517 RESERVED CVE-2020-16516 RESERVED CVE-2020-16515 RESERVED CVE-2020-16514 RESERVED CVE-2020-16513 RESERVED CVE-2020-16512 RESERVED CVE-2020-16511 RESERVED CVE-2020-16510 RESERVED CVE-2020-16509 RESERVED CVE-2020-16508 RESERVED CVE-2020-16507 RESERVED CVE-2020-16506 RESERVED CVE-2020-16505 RESERVED CVE-2020-16504 RESERVED CVE-2020-16503 RESERVED CVE-2020-16502 RESERVED CVE-2020-16501 RESERVED CVE-2020-16500 RESERVED CVE-2020-16499 RESERVED CVE-2020-16498 RESERVED CVE-2020-16497 RESERVED CVE-2020-16496 RESERVED CVE-2020-16495 RESERVED CVE-2020-16494 RESERVED CVE-2020-16493 RESERVED CVE-2020-16492 RESERVED CVE-2020-16491 RESERVED CVE-2020-16490 RESERVED CVE-2020-16489 RESERVED CVE-2020-16488 RESERVED CVE-2020-16487 RESERVED CVE-2020-16486 RESERVED CVE-2020-16485 RESERVED CVE-2020-16484 RESERVED CVE-2020-16483 RESERVED CVE-2020-16482 RESERVED CVE-2020-16481 RESERVED CVE-2020-16480 RESERVED CVE-2020-16479 RESERVED CVE-2020-16478 RESERVED CVE-2020-16477 RESERVED CVE-2020-16476 RESERVED CVE-2020-16475 RESERVED CVE-2020-16474 RESERVED CVE-2020-16473 RESERVED CVE-2020-16472 RESERVED CVE-2020-16471 RESERVED CVE-2020-16470 RESERVED CVE-2020-16469 RESERVED CVE-2020-16468 RESERVED CVE-2020-16467 RESERVED CVE-2020-16466 RESERVED CVE-2020-16465 RESERVED CVE-2020-16464 RESERVED CVE-2020-16463 RESERVED CVE-2020-16462 RESERVED CVE-2020-16461 RESERVED CVE-2020-16460 RESERVED CVE-2020-16459 RESERVED CVE-2020-16458 RESERVED CVE-2020-16457 RESERVED CVE-2020-16456 RESERVED CVE-2020-16455 RESERVED CVE-2020-16454 RESERVED CVE-2020-16453 RESERVED CVE-2020-16452 RESERVED CVE-2020-16451 RESERVED CVE-2020-16450 RESERVED CVE-2020-16449 RESERVED CVE-2020-16448 RESERVED CVE-2020-16447 RESERVED CVE-2020-16446 RESERVED CVE-2020-16445 RESERVED CVE-2020-16444 RESERVED CVE-2020-16443 RESERVED CVE-2020-16442 RESERVED CVE-2020-16441 RESERVED CVE-2020-16440 RESERVED CVE-2020-16439 RESERVED CVE-2020-16438 RESERVED CVE-2020-16437 RESERVED CVE-2020-16436 RESERVED CVE-2020-16435 RESERVED CVE-2020-16434 RESERVED CVE-2020-16433 RESERVED CVE-2020-16432 RESERVED CVE-2020-16431 RESERVED CVE-2020-16430 RESERVED CVE-2020-16429 RESERVED CVE-2020-16428 RESERVED CVE-2020-16427 RESERVED CVE-2020-16426 RESERVED CVE-2020-16425 RESERVED CVE-2020-16424 RESERVED CVE-2020-16423 RESERVED CVE-2020-16422 RESERVED CVE-2020-16421 RESERVED CVE-2020-16420 RESERVED CVE-2020-16419 RESERVED CVE-2020-16418 RESERVED CVE-2020-16417 RESERVED CVE-2020-16416 RESERVED CVE-2020-16415 RESERVED CVE-2020-16414 RESERVED CVE-2020-16413 RESERVED CVE-2020-16412 RESERVED CVE-2020-16411 RESERVED CVE-2020-16410 RESERVED CVE-2020-16409 RESERVED CVE-2020-16408 RESERVED CVE-2020-16407 RESERVED CVE-2020-16406 RESERVED CVE-2020-16405 RESERVED CVE-2020-16404 RESERVED CVE-2020-16403 RESERVED CVE-2020-16402 RESERVED CVE-2020-16401 RESERVED CVE-2020-16400 RESERVED CVE-2020-16399 RESERVED CVE-2020-16398 RESERVED CVE-2020-16397 RESERVED CVE-2020-16396 RESERVED CVE-2020-16395 RESERVED CVE-2020-16394 RESERVED CVE-2020-16393 RESERVED CVE-2020-16392 RESERVED CVE-2020-16391 RESERVED CVE-2020-16390 RESERVED CVE-2020-16389 RESERVED CVE-2020-16388 RESERVED CVE-2020-16387 RESERVED CVE-2020-16386 RESERVED CVE-2020-16385 RESERVED CVE-2020-16384 RESERVED CVE-2020-16383 RESERVED CVE-2020-16382 RESERVED CVE-2020-16381 RESERVED CVE-2020-16380 RESERVED CVE-2020-16379 RESERVED CVE-2020-16378 RESERVED CVE-2020-16377 RESERVED CVE-2020-16376 RESERVED CVE-2020-16375 RESERVED CVE-2020-16374 RESERVED CVE-2020-16373 RESERVED CVE-2020-16372 RESERVED CVE-2020-16371 RESERVED CVE-2020-16370 RESERVED CVE-2020-16369 RESERVED CVE-2020-16368 RESERVED CVE-2020-16367 RESERVED CVE-2020-16366 RESERVED CVE-2020-16365 RESERVED CVE-2020-16364 RESERVED CVE-2020-16363 RESERVED CVE-2020-16362 RESERVED CVE-2020-16361 RESERVED CVE-2020-16360 RESERVED CVE-2020-16359 RESERVED CVE-2020-16358 RESERVED CVE-2020-16357 RESERVED CVE-2020-16356 RESERVED CVE-2020-16355 RESERVED CVE-2020-16354 RESERVED CVE-2020-16353 RESERVED CVE-2020-16352 RESERVED CVE-2020-16351 RESERVED CVE-2020-16350 RESERVED CVE-2020-16349 RESERVED CVE-2020-16348 RESERVED CVE-2020-16347 RESERVED CVE-2020-16346 RESERVED CVE-2020-16345 RESERVED CVE-2020-16344 RESERVED CVE-2020-16343 RESERVED CVE-2020-16342 RESERVED CVE-2020-16341 RESERVED CVE-2020-16340 RESERVED CVE-2020-16339 RESERVED CVE-2020-16338 RESERVED CVE-2020-16337 RESERVED CVE-2020-16336 RESERVED CVE-2020-16335 RESERVED CVE-2020-16334 RESERVED CVE-2020-16333 RESERVED CVE-2020-16332 RESERVED CVE-2020-16331 RESERVED CVE-2020-16330 RESERVED CVE-2020-16329 RESERVED CVE-2020-16328 RESERVED CVE-2020-16327 RESERVED CVE-2020-16326 RESERVED CVE-2020-16325 RESERVED CVE-2020-16324 RESERVED CVE-2020-16323 RESERVED CVE-2020-16322 RESERVED CVE-2020-16321 RESERVED CVE-2020-16320 RESERVED CVE-2020-16319 RESERVED CVE-2020-16318 RESERVED CVE-2020-16317 RESERVED CVE-2020-16316 RESERVED CVE-2020-16315 RESERVED CVE-2020-16314 RESERVED CVE-2020-16313 RESERVED CVE-2020-16312 RESERVED CVE-2020-16311 RESERVED CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51) CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51) NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51) CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51) CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51) CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51) CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51) CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51) CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51) CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51) CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51) CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #2, see also CVE-2020-17538 CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796 CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51) CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51) CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51) CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787 CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786 CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51) CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791 CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51) CVE-2020-16286 RESERVED CVE-2020-16285 RESERVED CVE-2020-16284 RESERVED CVE-2020-16283 RESERVED CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...) NOT-FOR-US: Rangee CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...) NOT-FOR-US: Rangee CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...) NOT-FOR-US: Rangee CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...) NOT-FOR-US: Rangee CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16276 (An SQL injection vulnerability in the Assets component of SAINT Securi ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Manager c ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16274 RESERVED CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...) NOT-FOR-US: Arm hardware issue CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...) NOT-FOR-US: OLIMPOKS CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/17383 CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...) NOT-FOR-US: 1E Client CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) - mantis CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...) NOT-FOR-US: OcPortal CVE-2020-16265 RESERVED CVE-2020-16264 RESERVED CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts arbitrary ...) NOT-FOR-US: Winston devices CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is overly permis ...) NOT-FOR-US: Winston devices CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local roo ...) NOT-FOR-US: Winston devices CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is exploitabl ...) NOT-FOR-US: Winston devices CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access from bastio ...) NOT-FOR-US: Winston devices CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed during ...) NOT-FOR-US: Winston devices CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via the API.) NOT-FOR-US: Winston devices CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF.) NOT-FOR-US: Winston devices CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...) - owncloud CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) NOT-FOR-US: Chartkick gem CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF.) - ruby-pghero (bug #882288) CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.) NOT-FOR-US: Field Test gem CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16249 RESERVED CVE-2020-16248 (Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF ...) - prometheus-blackbox-exporter (unimportant) NOTE: https://github.com/prometheus/blackbox_exporter/issues/669 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/12 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3 NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) NOT-FOR-US: Reason S20 Ethernet Switch CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) NOT-FOR-US: Advantech CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) NOT-FOR-US: GE Digital APM Classic CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...) NOT-FOR-US: LeviStudioU CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) NOT-FOR-US: General Electric CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) NOT-FOR-US: Philips SureSigns CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...) NOT-FOR-US: GE Digital APM Classic CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...) NOT-FOR-US: Philips SureSigns CVE-2020-16238 (A vulnerability in the configuration import mechanism of the B. Braun ...) NOT-FOR-US: B. Braun Melsungen AG CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...) NOT-FOR-US: Philips SureSigns CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...) NOT-FOR-US: FPWIN Pro CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...) NOT-FOR-US: Emerson CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...) NOT-FOR-US: PLC WinProladder CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) NOT-FOR-US: CodeMeter CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...) NOT-FOR-US: Yokogawa WideField3 CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...) NOT-FOR-US: Bachmann Electronic CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16228 (In Patient Information Center iX (PICiX) Versions C.02 and C.03, Perf ...) NOT-FOR-US: Philips CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...) NOT-FOR-US: Mitsubishi CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics CVE-2020-16224 (In Patient Information Center iX (PICiX) Versions C.02, C.03, the sof ...) NOT-FOR-US: Philips CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...) NOT-FOR-US: Delta Electronics CVE-2020-16222 (In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and ...) NOT-FOR-US: Philips CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...) NOT-FOR-US: Delta Electronics CVE-2020-16220 (In Patient Information Center iX (PICiX) Versions C.02, C.03, Perform ...) NOT-FOR-US: Philips CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...) NOT-FOR-US: Delta Electronics CVE-2020-16218 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) NOT-FOR-US: Philips CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16216 (In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, ...) NOT-FOR-US: Philips CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16214 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) NOT-FOR-US: Philips CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16212 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) NOT-FOR-US: Philips CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...) NOT-FOR-US: N-Tron CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...) NOT-FOR-US: Fieldcomm Group CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...) NOT-FOR-US: N-Tron CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...) NOT-FOR-US: N-Tron CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...) NOT-FOR-US: G-Cam and G-Code CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...) NOT-FOR-US: N-Tron CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permissions ...) NOT-FOR-US: WebAccess Node CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) NOT-FOR-US: Philips CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 REJECTED CVE-2020-16195 RESERVED CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...) NOT-FOR-US: Prestashop Opart devis CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...) NOT-FOR-US: osTicket CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...) - limesurvey (bug #472802) CVE-2020-16191 RESERVED CVE-2020-16190 RESERVED CVE-2020-16189 RESERVED CVE-2020-16188 RESERVED CVE-2020-16187 RESERVED CVE-2020-16186 REJECTED CVE-2020-16185 RESERVED CVE-2020-16184 RESERVED CVE-2020-16183 RESERVED CVE-2020-16182 RESERVED CVE-2020-16181 RESERVED CVE-2020-16180 RESERVED CVE-2020-16179 RESERVED CVE-2020-16178 RESERVED CVE-2020-16177 RESERVED CVE-2020-16176 RESERVED CVE-2020-16175 RESERVED CVE-2020-16174 RESERVED CVE-2020-16173 RESERVED CVE-2020-16172 RESERVED CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...) NOT-FOR-US: Acronis CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...) NOT-FOR-US: Temi application fo Android CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...) NOT-FOR-US: Temi Robox OS CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...) NOT-FOR-US: Temi firmware CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...) NOT-FOR-US: Temi Launcher OS CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) NOT-FOR-US: SpringBlade CVE-2020-16164 (An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-202 ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16163 (An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020 ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16162 (An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-202 ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...) NOT-FOR-US: GoPro CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...) NOT-FOR-US: GoPro CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...) NOT-FOR-US: GoPro CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...) NOT-FOR-US: GoPro CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...) NOT-FOR-US: Nagios Log Server CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass.) - perl 5.36.0-4 (bug #1015985) [bullseye] - perl (Minor issue) [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035273 NOTE: https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c (2.29) NOTE: https://github.com/andk/cpanpm/commit/bcbf6d608e48d25306ecfd273118b4d6ba1c5df6 (2.29) NOTE: https://github.com/andk/cpanpm/commit/46fe910becd5746adca92e18660567c9e8d37eb5 (2.29) NOTE: https://github.com/andk/cpanpm/commit/7f9e5e8c52f535c1c13e177595a5ef4710c72058 (2.29) NOTE: https://github.com/andk/cpanpm/commit/c03257dbebccd4deeff1987d5efd98113643f717 (2.29) NOTE: https://github.com/andk/cpanpm/commit/7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 (2.33-TRIAL) NOTE: https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 (2.33-TRIAL) CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...) - libcpan-checksums-perl 2.13-1 (bug #1033109) [bullseye] - libcpan-checksums-perl (Minor issue) [buster] - libcpan-checksums-perl (Minor issue) [stretch] - libcpan-checksums-perl (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html NOTE: https://github.com/andk/cpan-checksums/commit/9d2f5f26470ff7ce53ef697d09790fc4db451ab1 (2.13) CVE-2020-16154 (The App::cpanminus package 1.7044 for Perl allows Signature Verificati ...) - cpanminus 1.7045-1 [bullseye] - cpanminus (Minor issue) [buster] - cpanminus (Minor issue) [stretch] - cpanminus (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html CVE-2020-16153 RESERVED CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...) NOT-FOR-US: Extreme Networks CVE-2020-16151 RESERVED CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 (bug #972806) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 CVE-2020-16149 REJECTED CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog <= 6.0 ( ...) NOT-FOR-US: Telmat AccessLog CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an att ...) NOT-FOR-US: Telmat AccessLog CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x ...) NOT-FOR-US: Espressif CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...) {DSA-4744-1 DLA-2322-1} - roundcube 1.4.8+dfsg.1-1 (bug #968216) NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8) NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15) NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12) CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...) - owncloud CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) - seafile-client (Windows-specific) CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles CVE-2020-16141 RESERVED CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for WordPress is ...) NOT-FOR-US: search functionality of the Greenmart theme for WordPress CVE-2020-16139 (A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4 ...) NOT-FOR-US: Cisco CVE-2020-16138 (A denial-of-service issue in Cisco Unified IP Conference Station 7937G ...) NOT-FOR-US: Cisco CVE-2020-16137 (A privilege escalation issue in Cisco Unified IP Conference Station 79 ...) NOT-FOR-US: Cisco CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) NOT-FOR-US: tgstation-server CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) {DLA-2303-1} - libssh 0.9.5-1 (bug #966560) [buster] - libssh (Minor issue) NOTE: https://bugs.libssh.org/T232 NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...) NOT-FOR-US: Swisscom CVE-2020-16133 RESERVED CVE-2020-16132 REJECTED CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...) NOT-FOR-US: beroNet CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...) - tikiwiki CVE-2020-16130 RESERVED CVE-2020-16129 RESERVED CVE-2020-16128 (The aptdaemon DBus interface disclosed file existence disclosure by se ...) - aptdaemon NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 CVE-2020-16127 (An Ubuntu-specific modification to AccountsService in versions before ...) - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) CVE-2020-16126 (An Ubuntu-specific modification to AccountsService in versions before ...) - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...) {DLA-2434-1} - gdm3 3.38.2-1 [buster] - gdm3 (Minor issue on Debian) NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28 NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642 CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...) - ros-ros-comm 1.15.8+ds1-2 [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2 [stretch] - ros-ros-comm (Minor issue) NOTE: https://github.com/ros/ros_comm/pull/2065 CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where ...) - pulseaudio (Ubuntu-specific issue) CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...) {DLA-2399-1} - packagekit 1.2.1-1 (bug #972229) [buster] - packagekit (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged callers th ...) {DLA-2399-1} - packagekit 1.2.1-1 (bug #972229) [buster] - packagekit (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 CVE-2020-16120 (Overlayfs did not properly perform permission checking when copying up ...) - linux 5.8.7-1 [stretch] - linux (Vulnerable configuration combination not possible) NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6 CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...) {DSA-4978-1 DLA-2843-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7 NOTE: https://git.kernel.org/linus/d9ea761fdd197351890418acd462c51f241014a7 CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) - balsa 2.6.0-1 [buster] - balsa (Minor issue) [stretch] - balsa (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23 CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...) {DLA-2309-1} - evolution-data-server 3.36.0-1 [buster] - evolution-data-server 3.30.5-1+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...) {DSA-4738-1 DLA-3015-1} - ark 4:20.04.3-1 NOTE: https://kde.org/info/security/advisory-20200730-1.txt NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f CVE-2020-16115 REJECTED CVE-2020-16114 REJECTED CVE-2020-16113 REJECTED CVE-2020-16112 REJECTED CVE-2020-16111 REJECTED CVE-2020-16110 REJECTED CVE-2020-16109 REJECTED CVE-2020-16108 REJECTED CVE-2020-16107 REJECTED CVE-2020-16106 REJECTED CVE-2020-16105 REJECTED CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...) NOT-FOR-US: dlf for TYPO3 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - claws-mail 3.17.7-1 (bug #966630) [buster] - claws-mail (Minor issue) [stretch] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...) {DLA-3287-1} - lemonldap-ng 2.0.9+ds-1 [stretch] - lemonldap-ng (Minor issue + 2.x is a complete re-write, so very hard to backport!) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 CVE-2020-16091 REJECTED CVE-2020-16090 RESERVED CVE-2020-16089 RESERVED CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) NOT-FOR-US: OpenIKED CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...) NOT-FOR-US: VNG Zalo Desktop CVE-2020-16086 RESERVED CVE-2020-16085 RESERVED CVE-2020-16084 RESERVED CVE-2020-16083 RESERVED CVE-2020-16082 RESERVED CVE-2020-16081 RESERVED CVE-2020-16080 RESERVED CVE-2020-16079 RESERVED CVE-2020-16078 RESERVED CVE-2020-16077 RESERVED CVE-2020-16076 RESERVED CVE-2020-16075 RESERVED CVE-2020-16074 RESERVED CVE-2020-16073 RESERVED CVE-2020-16072 RESERVED CVE-2020-16071 RESERVED CVE-2020-16070 RESERVED CVE-2020-16069 RESERVED CVE-2020-16068 RESERVED CVE-2020-16067 RESERVED CVE-2020-16066 RESERVED CVE-2020-16065 RESERVED CVE-2020-16064 RESERVED CVE-2020-16063 RESERVED CVE-2020-16062 RESERVED CVE-2020-16061 RESERVED CVE-2020-16060 RESERVED CVE-2020-16059 RESERVED CVE-2020-16058 RESERVED CVE-2020-16057 RESERVED CVE-2020-16056 RESERVED CVE-2020-16055 RESERVED CVE-2020-16054 RESERVED CVE-2020-16053 RESERVED CVE-2020-16052 RESERVED CVE-2020-16051 RESERVED CVE-2020-16050 RESERVED CVE-2020-16049 RESERVED CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979 CVE-2020-16047 RESERVED CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...) - chromium (Only affects Chrome on iOS) CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...) - chromium (Only affects Chrome on Android) CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1} - firefox 84.0.2-1 - firefox-esr 78.6.1esr-1 - thunderbird 1:78.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044 CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...) {DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042 CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...) {DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-16012 CVE-2020-16011 (Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4 ...) {DSA-4824-1} - chromium (Windows-specific) CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4 ...) - chromium (Android-specific) CVE-2020-16009 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.18 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16007 (Insufficient data validation in installer in Google Chrome prior to 86 ...) - chromium (debian package disables the installer) CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16005 (Insufficient policy enforcement in ANGLE in Google Chrome prior to 86. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16004 (Use after free in user interface in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16003 (Use after free in printing in Google Chrome prior to 86.0.4240.111 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16002 (Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16001 (Use after free in media in Google Chrome prior to 86.0.4240.111 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16000 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15999 (Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1 DSA-4777-1 DLA-2415-1} - freetype 2.10.2+dfsg-4 (bug #972586) NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7 NOTE: https://savannah.nongnu.org/bugs/?59308 NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103 CVE-2020-15998 (Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a ...) - chromium (Chrome on Android) CVE-2020-15997 (Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed ...) - chromium (Chrome on Android) CVE-2020-15996 (Use after free in passwords in Google Chrome prior to 86.0.4240.99 all ...) - chromium (Chrome on Android) CVE-2020-15995 (Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allow ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2020-15994 (Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a ...) - chromium (Chrome on Android) CVE-2020-15993 (Use after free in printing in Google Chrome prior to 86.0.4240.99 allo ...) - chromium (Chrome on Android) CVE-2020-15992 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15991 (Use after free in password manager in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15990 (Use after free in autofill in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15989 (Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15988 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15987 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15986 (Integer overflow in media in Google Chrome prior to 86.0.4240.75 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15985 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15984 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15983 (Insufficient data validation in webUI in Google Chrome on ChromeOS pri ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15982 (Inappropriate implementation in cache in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15981 (Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15980 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15979 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15978 (Insufficient data validation in navigation in Google Chrome on Android ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15977 (Insufficient data validation in dialogs in Google Chrome on OS X prior ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15976 (Use after free in WebXR in Google Chrome on Android prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15975 (Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15974 (Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15973 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15972 (Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15971 (Use after free in printing in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15970 (Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15969 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) {DSA-4824-1 DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969 CVE-2020-15968 (Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15967 (Use after free in payments in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15965 (Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15964 (Insufficient data validation in media in Google Chrome prior to 85.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15963 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15962 (Insufficient policy validation in serial in Google Chrome prior to 85. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15961 (Insufficient policy validation in extensions in Google Chrome prior to ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15960 (Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.12 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15959 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) NOT-FOR-US: 1CRM System CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) NOT-FOR-US: ACTi NVR3 Standard Server CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...) NOT-FOR-US: s/qmail CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) {DLA-2300-1} - kdepim-runtime 4:20.04.1-2 (bug #966666) [buster] - kdepim-runtime (Minor issue) - kmail-account-wizard 4:20.04.1-2 (bug #966667) [buster] - kmail-account-wizard (Minor issue) - ksmtp 21.12.3-2 [bullseye] - ksmtp (Minor issue; Upstream changes change API) [buster] - ksmtp (Minor issue; Upstream changes change API) NOTE: https://bugs.kde.org/show_bug.cgi?id=423426 NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2 NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6 NOTE: https://kde.org/info/security/advisory-20211118-1.txt NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 NOTE: https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 NOTE: https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) {DLA-2329-1} - libetpan 1.9.4-3 (bug #966647) [buster] - libetpan 1.9.3-2+deb10u1 NOTE: https://github.com/dinhvh/libetpan/issues/386 NOTE: https://github.com/dinhvh/libetpan/pull/387 NOTE: https://github.com/dinhvh/libetpan/pull/388 CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a low-privileged u ...) NOT-FOR-US: Immuta CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without properly san ...) NOT-FOR-US: Immuta CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user session ...) NOT-FOR-US: Immuta CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...) NOT-FOR-US: Immuta CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.) NOT-FOR-US: eGain Chat CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...) - rust-linked-hash-map 0.5.4-1 (bug #966246) [buster] - rust-linked-hash-map (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15946 RESERVED CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...) - lua5.4 5.4.1-1 - lua5.3 (Specific to 5.4) - lua5.2 (Specific to 5.4) - lua5.1 (Specific to 5.4) - lua50 (Specific to 5.4) NOTE: https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 (v5.4.1) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00123.html CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...) NOT-FOR-US: Fortinet CVE-2020-15941 (A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4 ...) NOT-FOR-US: Fortiguard CVE-2020-15940 (An improper neutralization of input vulnerability [CWE-79] in FortiCli ...) NOT-FOR-US: Fortiguard CVE-2020-15939 (An improper access control vulnerability (CWE-284) in FortiSandbox ver ...) NOT-FOR-US: FortiGuard CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...) NOT-FOR-US: FortiGate FortiGuard CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...) NOT-FOR-US: FortiGate FortiGuard CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3 and be ...) NOT-FOR-US: FortiGuard CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...) NOT-FOR-US: Fortiguard CVE-2020-15934 RESERVED CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...) NOT-FOR-US: FortiGuard CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) NOT-FOR-US: Overwolf CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...) NOT-FOR-US: Netwrix Account Lockout Examiner CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) NOT-FOR-US: Joplin desktop CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) NOT-FOR-US: Ortus TestBox CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) NOT-FOR-US: Ortus TestBox CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) NOT-FOR-US: Rocket.Chat CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...) NOT-FOR-US: Mida eFramework CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...) NOT-FOR-US: Mida eFramework CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows ...) NOT-FOR-US: Mida eFramework CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...) NOT-FOR-US: Mida eFramework CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...) NOT-FOR-US: Mida eFramework CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...) NOT-FOR-US: Mida eFramework CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...) NOT-FOR-US: Mida eFramework CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...) - claws-mail 3.17.6-1 [buster] - claws-mail (Minor issue) [stretch] - claws-mail (low priority issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...) NOT-FOR-US: Tenda devices CVE-2020-15915 RESERVED CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the Origin Client ...) NOT-FOR-US: EA Origin Client CVE-2020-15913 RESERVED CVE-2020-15912 (Tesla Model 3 vehicles allow attackers to open a door by leveraging ac ...) NOT-FOR-US: Tesla CVE-2020-15911 RESERVED CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...) NOT-FOR-US: SolarWinds CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...) NOT-FOR-US: SolarWinds CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...) NOT-FOR-US: Cauldron cbang CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...) - mahara CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...) - tikiwiki CVE-2020-15905 RESERVED CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...) NOT-FOR-US: bsdiff4 (different from src:bsdiff) CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...) NOT-FOR-US: Nagios XI CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...) NOT-FOR-US: Nagios XI CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...) NOT-FOR-US: Nagios XI CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) - ghostscript 9.52.1~dfsg-1 [buster] - ghostscript (Vulnerable code introduced later) [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1) CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) NOT-FOR-US: Grin CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded across VL ...) NOT-FOR-US: Arista CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) NOT-FOR-US: Arista EOS CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...) NOT-FOR-US: D-Link CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...) NOT-FOR-US: D-Link CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...) NOT-FOR-US: D-Link CVE-2020-15891 RESERVED CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) {DLA-2296-1} - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant; bug #966148) NOTE: https://github.com/LuaJIT/LuaJIT/issues/601 NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6 NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-15889 (Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...) - lua5.4 5.4.0-2 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312 NOTE: Introduced in 5.4 CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...) - lua5.4 5.4.1-1 (bug #972101) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...) NOT-FOR-US: MunkiReport CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...) NOT-FOR-US: MunkiReport CVE-2020-15885 (A Cross-Site Scripting (XSS) vulnerability in the comment module befor ...) NOT-FOR-US: MunkiReport CVE-2020-15884 (A SQL injection vulnerability in TableQuery.php in MunkiReport before ...) NOT-FOR-US: MunkiReport CVE-2020-15883 (A Cross-Site Scripting (XSS) vulnerability in the managedinstalls modu ...) NOT-FOR-US: MunkiReport CVE-2020-15882 (A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6. ...) NOT-FOR-US: MunkiReport CVE-2020-15881 (A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Mun ...) NOT-FOR-US: MunkiReport CVE-2020-15880 RESERVED CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...) NOT-FOR-US: Bitwarden Server NOTE: bitwarden client is ITP'ed as #956836 CVE-2020-15878 RESERVED CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...) NOT-FOR-US: LibreNMS CVE-2020-15876 RESERVED CVE-2020-15875 RESERVED CVE-2020-15874 RESERVED CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...) NOT-FOR-US: LibreNMS CVE-2020-15872 RESERVED CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...) NOT-FOR-US: Go Git Service CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) {DLA-2996-1} - mruby 2.1.2-1 (bug #972051) [buster] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview) NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2) CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...) NOT-FOR-US: Stimulsoft CVE-2020-15864 (An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability ...) NOT-FOR-US: Quali CloudShell CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) {DSA-4760-1 DLA-2288-1} - qemu 1:5.0-12 NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...) {DSA-4746-1 DLA-2313-1} - net-snmp 5.8+dfsg-5 (bug #966599) NOTE: https://github.com/net-snmp/net-snmp/issues/145 NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) NOT-FOR-US: Parallels CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) {DLA-3099-1 DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #965978) NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...) NOT-FOR-US: Thales DIS CVE-2020-15857 RESERVED CVE-2020-15856 RESERVED CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.) NOT-FOR-US: Bodhi CVE-2020-15854 RESERVED CVE-2020-15853 (supybot-fedora implements the command 'refresh', that refreshes the ca ...) NOT-FOR-US: supybot-fedora CVE-2020-XXXX [mpv insecure lua loadpath] - mpv 0.32.0-2 (bug #950816) [buster] - mpv (Minor issue) [stretch] - mpv (Minor issue) NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6 CVE-2020-15851 (Lack of access control in Nakivo Backup & Replication Transporter vers ...) NOT-FOR-US: Nakivo Backup CVE-2020-15850 (Insecure permissions in Nakivo Backup & Replication Director version 9 ...) NOT-FOR-US: Nakivo Backup CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...) NOT-FOR-US: Re:Desk CVE-2020-15848 RESERVED CVE-2020-15847 RESERVED CVE-2020-15846 RESERVED CVE-2020-15845 RESERVED CVE-2020-15844 RESERVED CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...) NOT-FOR-US: ActFax CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...) NOT-FOR-US: Liferay CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...) NOT-FOR-US: Liferay CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...) NOT-FOR-US: Liferay CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...) NOT-FOR-US: Liferay CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...) NOT-FOR-US: ConnectWise Automate CVE-2020-15837 RESERVED CVE-2020-15836 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15835 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15834 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15833 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15832 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...) NOT-FOR-US: JetBrains ToolBox CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...) - kotlin (Only affects the 1.4.x series) CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15862 (Net-SNMP through 5.8 has Improper Privilege Management because SNMP WR ...) {DSA-4746-1 DLA-2299-1} - net-snmp 5.8+dfsg-4 (bug #965166) NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07 NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still NOTE: possible to enable the MIB via --with-mib-modules configure option. NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB NOTE: read-only, cf. https://bugs.debian.org/966544 NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5 NOTE: Makes extended mib read-only: NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) NOT-FOR-US: Western Digital WD Discovery CVE-2020-15815 RESERVED CVE-2020-15814 RESERVED CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...) - graylog2 (bug #652273) CVE-2020-15812 RESERVED CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968932) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968933) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968934) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...) NOT-FOR-US: SpinetiX devices CVE-2020-15808 RESERVED CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...) - libredwg (bug #595191) CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...) NOT-FOR-US: CODESYS CVE-2020-15805 RESERVED CVE-2020-15804 RESERVED CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...) {DLA-3390-1 DLA-2631-1 DLA-2311-1} - zabbix 1:5.0.2+dfsg-1 (bug #966146) NOTE: https://support.zabbix.com/browse/ZBX-18057 CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...) NOTE: Bluetooth protocol issue NOTE: https://www.kb.cert.org/vuls/id/589825/ CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...) - python3.9 (Windows-specific) - python3.8 (Windows-specific) - python3.7 (Windows-specific) - python3.5 (Windows-specific) - python2.7 (Windows-specific) CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) - libredwg (bug #595191) CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) - libredwg (bug #595191) CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...) - linux 5.7.10-1 [buster] - linux (Only affects 5.5 and later) [stretch] - linux (Only affects 5.5 and later) NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1 CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) NOT-FOR-US: Siemens CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2020-15795 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...) NOT-FOR-US: Siemens CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) NOT-FOR-US: Siemens CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...) NOT-FOR-US: Siveillance Video Client CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Spectrum Power 4 CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) NOT-FOR-US: Siemens CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) NOT-FOR-US: Node socket.io-file CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) - linux 5.7.10-1 [buster] - linux 4.19.146-1 [stretch] - linux (securelevel included but not supported) NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3 NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354 CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in the scp.c tor ...) - openssh (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487 NOTE: https://github.com/cpandya2909/CVE-2020-15778 NOTE: Negligible security impact, changing the scp protocol can have a good chance NOTE: of breaking existing workflows. CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) NOT-FOR-US: Maven Extension plugin for Gradle Enterprise CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CS ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /u ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An att ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When c ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. An attacker can p ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15766 REJECTED CVE-2020-15765 REJECTED CVE-2020-15764 REJECTED CVE-2020-15763 REJECTED CVE-2020-15762 REJECTED CVE-2020-15761 REJECTED CVE-2020-15760 REJECTED CVE-2020-15759 REJECTED CVE-2020-15758 REJECTED CVE-2020-15757 REJECTED CVE-2020-15756 REJECTED CVE-2020-15755 REJECTED CVE-2020-15754 REJECTED CVE-2020-15753 REJECTED CVE-2020-15752 REJECTED CVE-2020-15751 REJECTED CVE-2020-15750 REJECTED CVE-2020-15749 REJECTED CVE-2020-15748 REJECTED CVE-2020-15747 REJECTED CVE-2020-15746 REJECTED CVE-2020-15745 REJECTED CVE-2020-15744 (Stack-based Buffer Overflow vulnerability in the ONVIF server componen ...) NOT-FOR-US: Victure PC420 devices CVE-2020-15743 REJECTED CVE-2020-15742 RESERVED CVE-2020-15741 REJECTED CVE-2020-15740 REJECTED CVE-2020-15739 RESERVED CVE-2020-15738 REJECTED CVE-2020-15737 REJECTED CVE-2020-15736 REJECTED CVE-2020-15735 RESERVED CVE-2020-15734 (An Origin Validation Error vulnerability in Bitdefender Safepay allows ...) NOT-FOR-US: Bitdefender CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...) NOT-FOR-US: Bitdefender Antivirus Plus CVE-2020-15732 (Improper Certificate Validation vulnerability in the Online Threat Pre ...) NOT-FOR-US: Bitdefender CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...) NOT-FOR-US: Bitdefender CVE-2020-15730 REJECTED CVE-2020-15729 RESERVED CVE-2020-15728 REJECTED CVE-2020-15727 RESERVED CVE-2020-15726 RESERVED CVE-2020-15725 RESERVED CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...) NOT-FOR-US: 360 Total Security CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...) NOT-FOR-US: 360 Total Security CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...) NOT-FOR-US: 360 Total Security CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...) NOT-FOR-US: RosarioSIS CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273 NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...) - openldap (unimportant; bug #965184) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070 NOTE: RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch NOTE: OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap NOTE: behaviour does conform with RFC4513. RFC6125 does not superseed the rules for NOTE: verifying service identity provided in specifications for existing application NOTE: protocols published prior to RFC6125, like RFC4513 for LDAP. CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...) NOT-FOR-US: rConfig CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...) NOT-FOR-US: rConfig CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...) NOT-FOR-US: MISP CVE-2020-15710 (Potential double free in Bluez 5 module of PulseAudio could allow a lo ...) - pulseaudio (Issue in Ubuntu-specific patch) NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pulseaudio/%2Bbug/1884738 CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...) {DLA-2339-1} - software-properties (unimportant; bug #968850) NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...) - libvirt (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch NOTE: which caused the CVE-2020-15708 issue. NOTE: Upstream improved documentation in with: NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() leadi ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040 CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...) - grub2 (Vulnerable code specific in Ubuntu) NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling NOTE: those two cases in the same way when they were previously handled differently, NOTE: and so not a problem for src:grub2 in Debian. NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...) - ppp (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian) CVE-2020-15703 (There is no input validation on the Locale property in an apt transact ...) - aptdaemon NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235 CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...) NOT-FOR-US: Apport CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...) NOT-FOR-US: Apport CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...) NOT-FOR-US: Joomla! CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...) NOT-FOR-US: Joomla! CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...) NOT-FOR-US: Joomla! CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...) NOT-FOR-US: Joomla! CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1 CVE-2020-15691 RESERVED CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) NOT-FOR-US: Appweb CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) NOT-FOR-US: Embedthis GoAhead CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...) NOT-FOR-US: ACRN Project CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...) - linux 5.2.6-1 [buster] - linux 4.19.132-1 [stretch] - linux (securelevel included but not supported) NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1 NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...) {DLA-3432-1 DLA-2456-1 DLA-2337-1} - python3.9 3.9.0~b5-1 (low) - python3.8 3.8.5-1 (low) - python3.7 (low) [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 (low) - python2.7 2.7.18-2 (low; bug #970099) - pypy3 7.3.3+dfsg-1 NOTE: https://bugs.python.org/issue39017 NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master) NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch) NOTE: https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559 (3.8-branch) NOTE: https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06 (3.7-branch) NOTE: https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 (3.6-branch) NOTE: https://github.com/python/cpython/pull/21454 CVE-2020-15686 RESERVED CVE-2020-15685 (During the plaintext phase of the STARTTLS connection setup, protocol ...) {DSA-4842-1 DLA-2541-1} - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685 CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683 CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682 CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681 CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680 CVE-2020-15679 (An OAuth session fixation vulnerability existed in the VPN login flow, ...) NOT-FOR-US: Mozilla VPN CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678 CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677 CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676 CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675 CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674 CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 CVE-2020-15672 RESERVED CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/#CVE-2020-15671 CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox 80.0-1 - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15663 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662 CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661 CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...) - geckodriver (bug #989456) CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659 CVE-2020-15658 (The code for downloading files did not properly take care of special c ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658 CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...) - firefox (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657 CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656 CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655 CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654 CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653 CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652 CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651 CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650 CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649 CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...) - firefox 78.0.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648 CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...) - firefox (Only affects Firefox for Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647 CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...) {DSA-4718-1} - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646 CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15604 (An incomplete SSL server certification validation vulnerability in the ...) NOT-FOR-US: Trend Micro CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...) NOT-FOR-US: Trend Micro CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2020-15601 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...) NOT-FOR-US: CMSUno CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...) NOT-FOR-US: Victor CMS CVE-2020-15598 (Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a ...) {DSA-4765-1} - modsecurity 3.0.4-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ NOTE: https://coreruleset.org/20200914/cve-2020-15598/ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2348 CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...) NOT-FOR-US: SOPlanning CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...) NOT-FOR-US: ALPS ALPINE touchpad driver for Windows CVE-2019-20906 RESERVED CVE-2019-20905 RESERVED CVE-2019-20904 RESERVED CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...) NOT-FOR-US: Atlassian CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...) NOT-FOR-US: Atlassian CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...) NOT-FOR-US: Atlassian CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20899 (The Gadget API in Atlassian Jira Server and Data Center in affected ve ...) NOT-FOR-US: Atlassian CVE-2019-20898 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20897 (The avatar upload feature in affected versions of Atlassian Jira Serve ...) NOT-FOR-US: Atlassian CVE-2020-XXXX [veyon-configurator tmp handling] - veyon 4.4.1+repack1-1 (bug #964568) [buster] - veyon (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1 CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...) NOT-FOR-US: Zoho Application Control Plus CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...) NOT-FOR-US: Zoho Application Control Plus CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...) NOT-FOR-US: Private Internet Access client for Linux CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-15587 RESERVED CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...) {DSA-4848-1 DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc1-1 - golang-1.14 1.14.6-1 - golang-1.11 - golang-1.8 - golang-1.7 - golang NOTE: https://github.com/golang/go/issues/34902 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-15585 RESERVED CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) NOT-FOR-US: WebChess CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...) - tor 0.4.3.6-1 (unimportant) NOTE: Tor in Debian doesn't use NSS NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes CVE-2020-15571 RESERVED CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...) NOT-FOR-US: Whoopsie CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) {DLA-2292-1} - milkytracker 1.02.00+dfsg-2.1 (bug #964797) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...) NOT-FOR-US: TerraMaster TOS CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-328.html CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-317.html CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-321.html CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-327.html CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-319.html CVE-2020-15561 RESERVED CVE-2020-15560 RESERVED CVE-2020-15559 RESERVED CVE-2020-15558 RESERVED CVE-2020-15557 RESERVED CVE-2020-15556 RESERVED CVE-2020-15555 RESERVED CVE-2020-15554 RESERVED CVE-2020-15553 RESERVED CVE-2020-15552 RESERVED CVE-2020-15551 RESERVED CVE-2020-15550 RESERVED CVE-2020-15549 RESERVED CVE-2020-15548 RESERVED CVE-2020-15547 RESERVED CVE-2020-15546 RESERVED CVE-2020-15545 RESERVED CVE-2020-15544 RESERVED CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...) {DSA-4720-1} - roundcube 1.4.7+dfsg.1-1 (bug #964355) [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6 NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...) NOT-FOR-US: We-com OpenData CMS CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS ...) NOT-FOR-US: Vanguard plugin for WordPress CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...) NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...) NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress CVE-2020-15534 RESERVED CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2019-20895 RESERVED CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...) - steam (Steam on Windows) CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15527 RESERVED CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...) NOT-FOR-US: Redgate SQL Monitor CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...) - gitlab (Specific to EE) CVE-2020-15524 RESERVED CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) - python3.8 (Python on Windows) - python2.7 (Python on Windows) CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...) - bouncycastle 1.68-1 [buster] - bouncycastle (Minor issue) [stretch] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...) NOT-FOR-US: Zoho CVE-2020-15520 RESERVED CVE-2020-15519 RESERVED CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & ...) NOT-FOR-US: Veeam CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) NOT-FOR-US: Typo3 extension CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) NOT-FOR-US: Typo3 extension CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) NOT-FOR-US: Typo3 extension CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) NOT-FOR-US: Typo3 extension CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) NOT-FOR-US: Typo3 extension CVE-2020-15512 RESERVED CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2020-15510 RESERVED CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...) NOT-FOR-US: Nordic Semiconductor CVE-2020-15508 RESERVED CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connector ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connector v ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) NOT-FOR-US: Sophos CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) {DLA-3214-1} [experimental] - libraw 0.20.0-1 - libraw 0.20.0-4 (bug #964747) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (The DuckDuckGo application through 5.58.0 for Android, and through 7.4 ...) NOT-FOR-US: DuckDuckGo application for Android and iOS CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...) - traefik (bug #983289) CVE-2020-15501 (Smarter Coffee Maker before 2nd generation allows firmware replacement ...) NOT-FOR-US: Smarter Coffee Maker CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) NOT-FOR-US: TileServer GL CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 ...) NOT-FOR-US: Jalios JCMS CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...) NOT-FOR-US: Acronis CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...) NOT-FOR-US: Acronis CVE-2020-15494 RESERVED CVE-2020-15493 RESERVED CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 ...) NOT-FOR-US: INNEO CVE-2020-15491 RESERVED CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload.) NOT-FOR-US: Re:Desk CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...) NOT-FOR-US: Re:Desk CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...) NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15481 (An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSFore ...) NOT-FOR-US: PassMark CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15479 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...) NOT-FOR-US: Journal theme for OpenCart CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...) NOT-FOR-US: RaspberryTortoise CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) {DLA-3084-1 DLA-2354-1} - ndpi 3.4-1 (bug #972050) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4) CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Vulnerable code not present, content_disposition_line introduced later) [stretch] - ndpi (Vulnerable code not present, content_disposition_line introduced later) NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4) CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4) CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Patch cannot be cleanly applied. Codebase changed a lot) [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4) CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...) {DLA-3084-1} - ndpi 3.4-1 (bug #972050) [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4) CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4) CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) NOT-FOR-US: ffjpeg CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...) {DLA-3099-1 DLA-2560-1} - qemu 1:6.0+dfsg-3 (low; bug #970253) [bullseye] - qemu (Minor issue, too intrusive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) NOT-FOR-US: Persian VIP Download Script CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) NOT-FOR-US: Cohesive Networks vns3:vpn appliances CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) {DLA-2547-1} - wireshark 3.2.5-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html CVE-2020-15465 REJECTED CVE-2020-15464 REJECTED CVE-2020-15463 REJECTED CVE-2020-15462 REJECTED CVE-2020-15461 REJECTED CVE-2020-15460 REJECTED CVE-2020-15459 REJECTED CVE-2020-15458 REJECTED CVE-2020-15457 REJECTED CVE-2020-15456 REJECTED CVE-2020-15455 REJECTED CVE-2020-15454 REJECTED CVE-2020-15453 REJECTED CVE-2020-15452 REJECTED CVE-2020-15451 REJECTED CVE-2020-15450 REJECTED CVE-2020-15449 REJECTED CVE-2020-15448 REJECTED CVE-2020-15447 REJECTED CVE-2020-15446 REJECTED CVE-2020-15445 REJECTED CVE-2020-15444 REJECTED CVE-2020-15443 REJECTED CVE-2020-15442 REJECTED CVE-2020-15441 REJECTED CVE-2020-15440 REJECTED CVE-2020-15439 REJECTED CVE-2020-15438 REJECTED CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...) - linux 5.7.17-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/f4c23a140d80ef5e6d3d1f8f57007649014b60fa CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...) - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14 CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) NOT-FOR-US: DrayTek CVE-2020-15414 RESERVED CVE-2020-15413 RESERVED CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...) NOT-FOR-US: MISP CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...) NOT-FOR-US: MISP CVE-2020-15410 RESERVED CVE-2020-15409 RESERVED CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-15407 RESERVED CVE-2020-15406 RESERVED CVE-2020-15405 RESERVED CVE-2020-15404 RESERVED CVE-2020-15403 RESERVED CVE-2020-15402 RESERVED CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...) NOT-FOR-US: IOBit Malware Fighter Pro CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...) - cakephp (bug #985673) [bullseye] - cakephp (Minor issue) [buster] - cakephp (Minor issue) [stretch] - cakephp (Minor issue) CVE-2020-15399 RESERVED CVE-2020-15398 RESERVED CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...) - hylafax (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) - hylafax 3:6.0.7-3.1 (bug #964198) [buster] - hylafax (Minor issue) [stretch] - hylafax (Minor issue) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...) {DLA-2603-1} - libmediainfo 20.09+dfsg-1 (low; bug #967073) [buster] - libmediainfo (Minor issue) [jessie] - libmediainfo (Minor issue) NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/5b998282f47f080592d298a25c642f13a895c4dc CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...) NOT-FOR-US: Zoho CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...) NOT-FOR-US: Activision CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...) - libvncserver 0.9.12+dfsg-3 [buster] - libvncserver (Required change too invasive, minor issue) [stretch] - libvncserver (Required change too invasive, minor issue) NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433 NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2 CVE-2020-15393 (In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/u ...) {DLA-2420-1 DLA-2323-1} - linux 5.7.10-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...) NOT-FOR-US: Venki CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...) NOT-FOR-US: DevSpace CVE-2020-15390 (pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration ...) NOT-FOR-US: Pega Platform CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) {DSA-4882-1 DLA-2277-1} - openjpeg2 2.4.0-1 (bug #965220) NOTE: https://github.com/uclouvain/openjpeg/issues/1261 NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0) CVE-2020-15388 (A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0 ...) NOT-FOR-US: Brocade CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...) NOT-FOR-US: Brocade CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...) NOT-FOR-US: Brocade CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...) NOT-FOR-US: Brocade CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...) NOT-FOR-US: Brocade CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...) NOT-FOR-US: Brocade CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...) NOT-FOR-US: Brocade CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...) NOT-FOR-US: Brocade CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the \u ...) NOT-FOR-US: Brocade CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...) NOT-FOR-US: Brocade CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...) NOT-FOR-US: Brocade CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...) NOT-FOR-US: Brocade CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) NOT-FOR-US: ASRock RGB Driver CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...) NOT-FOR-US: Venki CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...) - node-ajv 6.12.4-1 [buster] - node-ajv (Minor issue) NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) - libraw (Vulnerable code introduced in 0.20-Beta1) NOTE: https://github.com/LibRaw/LibRaw/issues/301 NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2 CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...) NOT-FOR-US: Wordpress theme CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...) NOT-FOR-US: Wordpress theme CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...) NOT-FOR-US: thingsSDK WiFi Scanner CVE-2020-15361 RESERVED CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-15359 RESERVED CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and ...) NOT-FOR-US: Askey CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) - sqlite3 3.32.3-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced in 3.25.0) [jessie] - sqlite3 (Vulnerable code introduced in 3.25.0) - sqlite (multiSelectOrderBy not present, PoC doesn't crash) NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010 CVE-2020-15356 REJECTED CVE-2020-15355 REJECTED CVE-2020-15354 REJECTED CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...) - beaker (bug #966197) [bookworm] - beaker (Minor issue) [bullseye] - beaker (Minor issue) [buster] - beaker (Minor issue) [stretch] - beaker (Minor issue) NOTE: https://github.com/bbangert/beaker/issues/191 NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11 CVE-2020-15353 RESERVED CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) NOT-FOR-US: RIOT RIOT-OS CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation ...) NOT-FOR-US: BinaryNights ForkLift CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) NOT-FOR-US: Zyxel CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...) NOT-FOR-US: Zyxel CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...) NOT-FOR-US: Zyxel CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...) NOT-FOR-US: Zyxel CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...) NOT-FOR-US: Zyxel CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...) NOT-FOR-US: Zyxel CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...) NOT-FOR-US: Zyxel CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...) NOT-FOR-US: Zyxel CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...) NOT-FOR-US: Zyxel CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...) NOT-FOR-US: Zyxel CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...) NOT-FOR-US: Zyxel CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...) NOT-FOR-US: Zyxel CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...) NOT-FOR-US: Zyxel CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...) NOT-FOR-US: Zyxel CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...) NOT-FOR-US: Zyxel CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...) NOT-FOR-US: Zyxel CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...) NOT-FOR-US: Zyxel CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...) NOT-FOR-US: Zyxel CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...) NOT-FOR-US: Zyxel CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...) NOT-FOR-US: Zyxel CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...) NOT-FOR-US: Zyxel CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15311 REJECTED CVE-2020-15310 RESERVED CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) NOT-FOR-US: Support Incident Tracker CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...) NOT-FOR-US: Nozomi Guardian CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (getChunkOffsetTableSize introduced in v2) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54 CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (ImfDeepScanLineInputFile.cpp introduced in v2) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73 CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...) [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [buster] - openexr (Vulnerable code not present) [stretch] - openexr (Vulnerable code not present) [jessie] - openexr (Vulnerable code not present) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 (v3.0.4) NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4 (v2.4.1) CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an XML uploa ...) NOT-FOR-US: Infoblox NIOS CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...) NOT-FOR-US: Argent RecoveryManager CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration fields ...) NOT-FOR-US: SuiteCRM CVE-2020-15300 (SuiteCRM through 7.11.13 has an Open Redirect in the Documents module ...) NOT-FOR-US: SuiteCRM CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...) NOT-FOR-US: KingComposer plugin for WordPress CVE-2020-15298 REJECTED CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...) NOT-FOR-US: Bitdefender CVE-2020-15296 REJECTED CVE-2020-15295 REJECTED CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...) NOT-FOR-US: Bitdefender CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...) NOT-FOR-US: Bitdefender CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...) NOT-FOR-US: Bitdefender CVE-2020-15291 REJECTED CVE-2020-15290 REJECTED CVE-2020-15289 REJECTED CVE-2020-15288 REJECTED CVE-2020-15287 REJECTED CVE-2020-15286 REJECTED CVE-2020-15285 REJECTED CVE-2020-15284 RESERVED CVE-2020-15283 RESERVED CVE-2020-15282 REJECTED CVE-2020-15281 REJECTED CVE-2020-15280 RESERVED CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...) NOT-FOR-US: Bitdefender CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) NOT-FOR-US: Red Discord Bot CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...) NOT-FOR-US: baserCMS CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. A ...) NOT-FOR-US: baserCMS CVE-2020-15275 (MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attac ...) {DSA-4787-1 DLA-2446-1} - moin NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 NOTE: https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c (1.9.11) CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...) NOT-FOR-US: Wiki.js CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. T ...) NOT-FOR-US: baserCMS CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...) NOT-FOR-US: git-tag-annotation-action CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...) - lookatme 2.3.0-1 (bug #972988) NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0) NOTE: https://github.com/d0c-s4vage/lookatme/pull/110 CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...) NOT-FOR-US: Node parse-server CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...) NOT-FOR-US: Spree CVE-2020-15268 RESERVED CVE-2020-15267 RESERVED CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...) - tensorflow (bug #804612) CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...) - tensorflow (bug #804612) CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...) NOT-FOR-US: Boxstarter CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) NOT-FOR-US: Laravel Orchid Platform CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) NOT-FOR-US: Node webpack-subresource-integrity CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) - veyon (Windows-specific) NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp CVE-2020-15260 (PJSIP is a free and open source multimedia communication library writt ...) - pjproject [stretch] - pjproject (Vulnerable code introduced later, no connection reuse available) - ring 20210112.2.b757bac~ds1-1 (bug #986815) [buster] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) [stretch] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph NOTE: https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872 NOTE: https://github.com/pjsip/pjproject/pull/2663 CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...) NOT-FOR-US: ad-ldap-connector CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...) NOT-FOR-US: Wire app CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...) {DSA-4865-1} - containerd 1.4.3~ds1-1 - docker.io 20.10.0~rc1+dfsg2-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 NOTE: https://github.com/containerd/containerd/commit/3519233e1b5a408c7e92b0af4293000820a0089b (v1.2) NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` <= ...) - node-object-path 0.11.5-3 [buster] - node-object-path 0.11.4-2+deb10u1 [stretch] - node-object-path (Nodejs in stretch not covered by security support) NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...) NOT-FOR-US: Anuko Time Tracker CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...) - firefox 82.0-1 - rust-crossbeam-channel (Only affected 0.4.3 which was not released in Debian) NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254 CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via ...) NOT-FOR-US: Grocy CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...) NOT-FOR-US: XWiki CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...) NOT-FOR-US: Channelmgnt plug-in for Sopel CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...) {DLA-2426-1} - junit4 4.13.1-1 (bug #972231) [buster] - junit4 (Minor issue) NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) NOT-FOR-US: Sylius CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...) NOT-FOR-US: Magento CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) NOT-FOR-US: Smartstore CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect ...) NOT-FOR-US: next.js CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...) NOT-FOR-US: TYPO3 Fluid Engine CVE-2020-15240 (omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly val ...) - ruby-omniauth-auth0 (Introduced in 2.3.0) NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...) NOT-FOR-US: xmpp-http-upload CVE-2020-15238 (Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the Dhcp ...) {DSA-4781-1 DLA-2430-1} - blueman 2.1.4-1 (bug #973718) NOTE: https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx NOTE: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287 NOTE: https://github.com/blueman-project/blueman/commit/02161d60e8e311b08fb18254615259085fcd6688 NOTE: Additionally Build-Depends on libpolkit-agent-1-dev needed (blueman should NOTE: use polkit for authorisation but due to a packaging issue this was not NOTE: enabled). CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...) NOT-FOR-US: Shrine CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...) NOT-FOR-US: Wiki.js CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...) NOT-FOR-US: RACTF CVE-2020-15234 (ORY Fosite is a security first OAuth2 & OpenID Connect framework for G ...) NOT-FOR-US: ORY Fosite CVE-2020-15233 (ORY Fosite is a security first OAuth2 & OpenID Connect framework for G ...) NOT-FOR-US: ORY Fosite CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...) NOT-FOR-US: mapfish-print CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...) NOT-FOR-US: mapfish-print CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...) NOT-FOR-US: Vapor CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #972212) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...) NOT-FOR-US: Node @actions/core CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) {DLA-2617-1} - php-nette NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...) - django-filter 2.4.0-1 [buster] - django-filter (Minor issue) [stretch] - django-filter (Minor issue) NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973 NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...) NOT-FOR-US: Open Enclave CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framework fo ...) NOT-FOR-US: ORY Fosite CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framework fo ...) NOT-FOR-US: ORY Fosite CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...) - golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615) [buster] - golang-github-russellhaering-goxmldsig (Limited support, minor issue, no build rdeps) NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64 CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...) - electron (bug #842420) CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...) - tensorflow (bug #804612) CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...) - tensorflow (bug #804612) CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...) - tensorflow (bug #804612) CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...) - tensorflow (bug #804612) CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...) - tensorflow (bug #804612) CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...) - tensorflow (bug #804612) CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...) - tensorflow (bug #804612) CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...) - tensorflow (bug #804612) CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) NOT-FOR-US: SOY CMS CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) NOT-FOR-US: SOY CMS CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) - helm-kubernetes (bug #910799) CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) - helm-kubernetes (bug #910799) CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...) - helm-kubernetes (bug #910799) CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...) - helm-kubernetes (bug #910799) CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...) NOT-FOR-US: SoyCMS CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) NOT-FOR-US: SoyCMS CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) NOT-FOR-US: Alfresco Reset Password add-on CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...) {DSA-4776-1 DLA-2409-1} - mariadb-10.5 1:10.5.6-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 (bug #972746) - mariadb-10.1 - percona-xtradb-cluster-5.5 NOTE: Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47 NOTE: https://jira.mariadb.org/browse/MDEV-23884 NOTE: https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/ CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) NOT-FOR-US: ScratchSig MediaWiki extension CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...) NOT-FOR-US: PrestaShop CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php` endpoint insec ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in input that ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15175 (In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allo ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the ...) - electron (bug #842420) CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...) NOT-FOR-US: ACCEL-PPP CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...) NOT-FOR-US: Act module for Red Discord Bot CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...) NOT-FOR-US: XWiki CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...) NOT-FOR-US: apollo-adminservice CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...) {DSA-4766-1 DLA-2403-1} - rails 2:6.0.3.3+dfsg-1 (bug #970040) NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1 NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master) NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2) CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...) [experimental] - node-fetch 2.6.1-1 - node-fetch 2.6.1-2 (bug #970173) [buster] - node-fetch (Minor issue; Intrusive to backport) NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...) - miller 5.9.1+dfsg-1 (bug #969467) [buster] - miller (Introduced in 5.9.0) [stretch] - miller (Introduced in 5.9.0) NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...) {DSA-4761-1 DLA-2443-1} - zeromq3 4.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) NOT-FOR-US: Scrach Login MediaWiki extension CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...) - python-tuf (bug #934151) CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...) NOT-FOR-US: PrestaShop CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...) NOT-FOR-US: PrestaShop CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...) NOT-FOR-US: PrestaShop CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...) NOT-FOR-US: baserCMS CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...) NOT-FOR-US: libIEC61850 CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...) {DSA-4865-1} - containerd 1.3.2~ds1-2 - docker.io 19.03.13+dfsg2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14) NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 NOTE: docker.io/19.03.13+dfsg2-1 uses containerd 1.3.7 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) NOT-FOR-US: nodebb-plugin-blog-comments CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to perform S ...) - ampache CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server ...) NOT-FOR-US: Node ftp-srv CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) NOT-FOR-US: OpenMage CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...) NOT-FOR-US: Paginator CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) NOT-FOR-US: NodeBB CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...) - yii (bug #597899) CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...) NOT-FOR-US: Red Discord Bot CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) NOT-FOR-US: Composer-Setup for Windows CVE-2020-15144 RESERVED CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) NOT-FOR-US: openapi-python-client CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) NOT-FOR-US: openapi-python-client CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...) NOT-FOR-US: Red Discord Bot CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...) NOT-FOR-US: MyBB CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...) - node-prismjs 1.11.0+dfsg-4 (bug #968094) NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968752) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) NOT-FOR-US: Node save-server CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) - ruby-faye 1.4.0-1 (bug #967063) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 NOTE: https://github.com/faye/faye/issues/524 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) - ruby-faye-websocket 0.11.0-1 (bug #967061) [buster] - ruby-faye-websocket (Minor issue) NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv NOTE: https://github.com/faye/faye-websocket-ruby/pull/129 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...) NOT-FOR-US: Sulu CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) - traefik (bug #983289) CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) NOT-FOR-US: October CMS CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...) NOT-FOR-US: Countour CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) NOT-FOR-US: Node auth0 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) NOT-FOR-US: Goobi Viewer Core CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) NOT-FOR-US: Node codedev CVE-2020-15122 RESERVED CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 NOTE: https://github.com/radareorg/radare2/issues/16945 NOTE: https://github.com/radareorg/radare2/pull/16966 CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...) NOT-FOR-US: ihatemoney CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...) NOT-FOR-US: Node auth0-lock CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...) NOT-FOR-US: Wagtail CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - synergy [stretch] - synergy (minor issue, low priority) NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp CVE-2020-15116 RESERVED CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) NOT-FOR-US: Fiber CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...) NOT-FOR-US: jupyterhub-kubespawner CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...) NOT-FOR-US: solidus CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v NOTE: https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba NOTE: https://github.com/glpi-project/glpi/pull/6684 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) NOT-FOR-US: openenclave CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) NOT-FOR-US: Django Two-Factor Authentication CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...) - envoyproxy (bug #987544) CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...) {DLA-3606-1} - freerdp2 2.2.0+dfsg1-1 (bug #965979) - freerdp [stretch] - freerdp (Vulnerable gfx code not present) NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) NOT-FOR-US: PrestaShop CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) NOT-FOR-US: freewvs CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...) NOT-FOR-US: freewvs CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15097 (loklak is an open-source server application which is able to collect m ...) NOT-FOR-US: loklak CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) - electron (bug #842420) CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) - npm 6.14.6+ds-1 (low; bug #964746) [buster] - npm 5.8.0+ds6-4+deb10u2 NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...) - symfony 4.4.13+dfsg-1 [buster] - symfony (Vulnerable code introduced later - in v4.4.0) [stretch] - symfony (Vulnerable code introduced later - in v4.4.0) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...) NOT-FOR-US: Rust tough CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...) NOT-FOR-US: TimelineJS CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...) NOT-FOR-US: TenderMint CVE-2020-15090 RESERVED CVE-2020-15089 RESERVED CVE-2020-15088 RESERVED CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...) NOT-FOR-US: Presto query engine, different from src:presto CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...) NOT-FOR-US: TYPO3 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...) NOT-FOR-US: Saleor Storefront CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...) NOT-FOR-US: Node express-jwt CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...) NOT-FOR-US: PrestaShop CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...) NOT-FOR-US: PrestaShop CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...) NOT-FOR-US: PrestaShop CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...) NOT-FOR-US: PrestaShop CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...) {DLA-2992-1} - openvpn 2.5.1-2 (bug #987380) [buster] - openvpn 2.4.7-1+deb10u1 NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11) CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a remote attac ...) NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...) NOT-FOR-US: Private Tunnel installer for macOS CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...) NOT-FOR-US: OpenVPN Connect installer for macOS CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...) - phplist (bug #612288) CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...) - phplist (bug #612288) CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...) NOT-FOR-US: Symphony CMS CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...) - zulip-server (bug #800052) CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...) NOT-FOR-US: Sophos CVE-2020-15068 RESERVED CVE-2020-15067 RESERVED CVE-2020-15066 RESERVED CVE-2020-15065 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15064 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15063 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15062 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15061 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15060 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15059 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15058 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15057 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15056 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15055 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15054 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...) NOT-FOR-US: Artica Proxy CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...) NOT-FOR-US: Artica Proxy CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...) NOT-FOR-US: Artica Proxy CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...) NOT-FOR-US: Suprema BioStar CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...) {DSA-4732-1 DLA-2394-1} - squid 4.12-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch CVE-2020-15048 RESERVED CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...) - trojita (bug #795701) CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...) NOT-FOR-US: Node traceroute CVE-2018-21267 REJECTED CVE-2018-21266 REJECTED CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...) NOT-FOR-US: Supermicro CVE-2020-15045 RESERVED CVE-2020-15044 RESERVED CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...) NOT-FOR-US: iBall WRB303N devices CVE-2020-15042 RESERVED CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...) NOT-FOR-US: PHP-Fusion CVE-2020-15040 RESERVED CVE-2020-15039 RESERVED CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.) NOT-FOR-US: WordPress plugin CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) NOT-FOR-US: NeDi CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...) NOT-FOR-US: ConnectWise CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) NOT-FOR-US: Bludit CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...) - ntp 1:4.2.8p15-1 (low; bug #963807) [buster] - ntp (Minor issue) [stretch] - ntp (Vulnerable code introduced later) [jessie] - ntp (Vulnerable code introduced later) - ntpsec (Vulnerable code not present) NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661 NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...) NOT-FOR-US: Avast Antivirus CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...) NOT-FOR-US: Askey CVE-2020-15022 RESERVED CVE-2020-15021 RESERVED CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-15019 RESERVED CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation.) NOT-FOR-US: playSMS CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...) NOT-FOR-US: NeDi CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...) NOT-FOR-US: NeDi CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) NOT-FOR-US: FileExplorer component in GleamTech FileUltimate CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.) NOT-FOR-US: BlogCMS CVE-2020-15013 RESERVED CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) {DSA-4991-1 DLA-2276-1 DLA-2265-1} - mailman NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848 CVE-2020-15010 RESERVED CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...) NOT-FOR-US: ASUS CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...) NOT-FOR-US: Connectwise CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) - rbdoom3bfg (unimportant) NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec NOTE: Problematic code not built CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...) NOT-FOR-US: Bludit CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...) {DSA-4767-1 DLA-2504-1} - mediawiki 1:1.31.8-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...) NOT-FOR-US: Yubico YubiKey 5 NFC devices CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...) NOT-FOR-US: Yubico YubiKey 5 devices CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 12.5.21 ...) NOT-FOR-US: Acronis CVE-2020-14998 RESERVED CVE-2020-14997 RESERVED CVE-2020-14996 RESERVED CVE-2020-14995 RESERVED CVE-2020-14994 RESERVED CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...) NOT-FOR-US: DrayTek devices CVE-2020-14992 RESERVED CVE-2020-14991 RESERVED CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...) NOT-FOR-US: IOBit Advanced SystemCare Free CVE-2020-14989 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14988 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14987 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14986 RESERVED CVE-2020-14985 RESERVED CVE-2020-14984 RESERVED CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...) - crispy-doom 5.9.0-1 (bug #964564) [buster] - crispy-doom (Minor issue) - chocolate-doom 3.0.1-1 [buster] - chocolate-doom 3.0.0-4+deb10u1 [stretch] - chocolate-doom (games are not supported) [jessie] - chocolate-doom (games are not supported) NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293 NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...) NOT-FOR-US: Kronos WebTA CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...) NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...) NOT-FOR-US: Sophos Secure Email application for Android CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...) NOT-FOR-US: EVGA Precision X1 CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...) - gns3-server (bug #766166) CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...) NOT-FOR-US: webTareas CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...) NOT-FOR-US: Sourcecodester Pisay Online E-Learning System CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...) NOT-FOR-US: Pi-hole CVE-2020-14970 RESERVED CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...) NOT-FOR-US: MISP CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...) NOT-FOR-US: jsrsasign CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...) NOT-FOR-US: TP-Link CVE-2020-14964 RESERVED CVE-2020-14963 RESERVED CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...) NOT-FOR-US: Final Tiles Gallery plugin for WordPress CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...) NOT-FOR-US: Concrete5 CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...) NOT-FOR-US: PHP-Fusion CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...) NOT-FOR-US: Easy Testimonials plugin for WordPress CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...) NOT-FOR-US: Go Git Service CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) NOT-FOR-US: Jiangmin Antivirus CVE-2020-14953 RESERVED CVE-2020-14952 RESERVED CVE-2020-14951 RESERVED CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14949 RESERVED CVE-2020-14948 RESERVED CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...) - ocsinventory-server (unimportant) NOTE: Only supported in trusted environments, see debtags CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...) NOT-FOR-US: Surveillance module in Global RADAR BSA Radar CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...) NOT-FOR-US: Tendenci CVE-2020-14941 RESERVED CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...) - tuxguitar 1.5.6+dfsg1-7 (bug #963626) [bookworm] - tuxguitar (Minor issue) [bullseye] - tuxguitar (Minor issue) [buster] - tuxguitar (Minor issue) [stretch] - tuxguitar (Minor issue) [jessie] - tuxguitar (Minor issue) NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/ NOTE: Fixed by: https://github.com/helge17/tuxguitar/commit/bcaa280e93b0d67dc6f903b6e23a051a7894ba0c CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...) - freedroidrpg 1.0-1 (low; bug #964197) [bullseye] - freedroidrpg (Minor issue) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue953 NOTE: https://bugs.freedroid.org/b/issue967 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...) - freedroidrpg 1.0-1 (low; bug #964197) [bullseye] - freedroidrpg (Minor issue) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue952 NOTE: https://bugs.freedroid.org/b/issue967 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...) NOT-FOR-US: Contiki-NG CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...) - dmitry (bug #1070370) [bookworm] - dmitry (Minor issue) [bullseye] - dmitry (Minor issue) [buster] - dmitry (Minor issue, requires hostile whois server) NOTE: https://github.com/jaygreig86/dmitry/issues/4 NOTE: https://github.com/jaygreig86/dmitry/pull/6 NOTE: Fixed by: https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192 CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464 CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...) - net-snmp 5.8+dfsg-3 (bug #963713) [buster] - net-snmp (Vulnerable code introduced later) [stretch] - net-snmp (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 NOTE: https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2 NOTE: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6 NOTE: https://github.com/net-snmp/net-snmp/commit/7384a8b550d4ed4a00e41b72229cfcc124926b06 NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705 NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3 NOTE: Extra patches to address memory leaks: NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3 NOTE: Introduced in https://github.com/net-snmp/net-snmp/compare/1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c...e207b8113260fd7d84df0ebdb66925ab70da29b2 (5.8-dev) CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...) NOT-FOR-US: WooCommerce CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) {DLA-2254-1} - alpine 2.23+dfsg1-1 (bug #963179) [buster] - alpine (Minor issue) [stretch] - alpine (Minor issue) NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...) {DSA-4725-1 DLA-2281-1} - evolution-data-server 3.36.4-1 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...) NOT-FOR-US: Navigate CMS CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...) NOT-FOR-US: CMS Made Simple CVE-2020-14925 RESERVED CVE-2020-14924 RESERVED CVE-2020-14923 RESERVED CVE-2020-14922 RESERVED CVE-2020-14921 RESERVED CVE-2020-14920 RESERVED CVE-2020-14919 RESERVED CVE-2020-14918 RESERVED CVE-2020-14917 RESERVED CVE-2020-14916 RESERVED CVE-2020-14915 RESERVED CVE-2020-14914 RESERVED CVE-2020-14913 RESERVED CVE-2020-14912 RESERVED CVE-2020-14911 RESERVED CVE-2020-14910 RESERVED CVE-2020-14909 RESERVED CVE-2020-14908 RESERVED CVE-2020-14907 RESERVED CVE-2020-14906 RESERVED CVE-2020-14905 RESERVED CVE-2020-14904 RESERVED CVE-2020-14903 RESERVED CVE-2020-14902 RESERVED CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...) NOT-FOR-US: Oracle CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...) NOT-FOR-US: Oracle CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...) NOT-FOR-US: Oracle CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...) NOT-FOR-US: Oracle CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) NOT-FOR-US: Oracle CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14874 (Vulnerability in the Oracle Cloud Infrastructure Identity and Access M ...) NOT-FOR-US: Oracle CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...) NOT-FOR-US: Oracle CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) NOT-FOR-US: Oracle CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14848 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14847 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14846 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14845 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14844 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14843 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14842 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14840 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14839 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14838 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14837 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14834 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14833 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14832 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14830 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14829 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14828 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14827 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14826 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14825 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14824 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14823 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14822 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2020-14821 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14820 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14819 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14818 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14817 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14816 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14815 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-2538-1} - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mariadb-10.1 - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 CVE-2020-14811 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14810 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2020-14809 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14808 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14807 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2020-14806 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise Search ...) NOT-FOR-US: Oracle CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14801 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14794 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) NOTE: Fixed in MariaDB 10.5.7, 10.3.26 CVE-2020-14788 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) NOT-FOR-US: Oracle CVE-2020-14787 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) NOT-FOR-US: Oracle CVE-2020-14786 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14785 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...) NOT-FOR-US: Oracle CVE-2020-14777 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) NOTE: Fixed in MariaDB 10.5.7, 10.3.26 CVE-2020-14775 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) CVE-2020-14774 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14773 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14772 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-14771 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14770 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) NOT-FOR-US: Oracle CVE-2020-14769 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) CVE-2020-14768 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...) NOT-FOR-US: Oracle CVE-2020-14767 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) NOT-FOR-US: Oracle CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-2538-1} - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mariadb-10.1 - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 CVE-2020-14764 (Vulnerability in the Hyperion Planning product of Oracle Hyperion (com ...) NOT-FOR-US: Oracle CVE-2020-14763 (Vulnerability in the Oracle Application Express Quick Poll component o ...) NOT-FOR-US: Oracle CVE-2020-14762 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-14761 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) CVE-2020-14759 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14758 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14757 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14756 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-14755 RESERVED CVE-2020-14754 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14753 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-14751 RESERVED CVE-2020-14750 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14749 RESERVED CVE-2020-14748 RESERVED CVE-2020-14747 RESERVED CVE-2020-14746 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14745 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) NOT-FOR-US: Oracle CVE-2020-14744 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) NOT-FOR-US: Oracle CVE-2020-14743 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-14742 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-14741 (Vulnerability in the Database Filesystem component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2020-14740 (Vulnerability in the SQL Developer Install component of Oracle Databas ...) NOT-FOR-US: Oracle CVE-2020-14739 RESERVED CVE-2020-14738 RESERVED CVE-2020-14737 RESERVED CVE-2020-14736 (Vulnerability in the Database Vault component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2020-14735 (Vulnerability in the Scheduler component of Oracle Database Server. Su ...) NOT-FOR-US: Oracle CVE-2020-14734 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2020-14733 RESERVED CVE-2020-14732 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-14731 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-14730 RESERVED CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14727 RESERVED CVE-2020-14726 RESERVED CVE-2020-14725 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (MacOS-specific) CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...) NOT-FOR-US: Oracle CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...) NOT-FOR-US: Oracle CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14689 RESERVED CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14683 RESERVED CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14672 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...) NOT-FOR-US: Oracle CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...) NOT-FOR-US: Oracle CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) NOT-FOR-US: Oracle CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) NOT-FOR-US: Oracle CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14538 RESERVED CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14526 RESERVED CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...) NOT-FOR-US: Mitsubishi CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...) NOT-FOR-US: Mitsubishi CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...) NOT-FOR-US: CodeMeter CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...) NOT-FOR-US: Philips DreamMapper CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...) NOT-FOR-US: CodeMeter CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 ...) NOT-FOR-US: Rockwell Automation CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...) NOT-FOR-US: CodeMeter CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...) NOT-FOR-US: PLC CVE-2020-14513 (CodeMeter (All versions prior to 6.81) and the software using it may c ...) NOT-FOR-US: CodeMeter CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...) NOT-FOR-US: GateManager CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...) NOT-FOR-US: EDR routers CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...) NOT-FOR-US: GateManager CVE-2020-14509 (Multiple memory corruption vulnerabilities exist in CodeMeter (All ver ...) NOT-FOR-US: CodeMeter CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...) NOT-FOR-US: GateManager CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) NOT-FOR-US: Advantech CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech CVE-2020-14504 (The web interface of the 1734-AENTR communication module mishandles au ...) NOT-FOR-US: 1734-AENTR communication module CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...) NOT-FOR-US: Advantech CVE-2020-14502 (The web interface of the 1734-AENTR communication module is vulnerable ...) NOT-FOR-US: 1734-AENTR communication module CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...) NOT-FOR-US: Advantech CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...) NOT-FOR-US: Secomea GateManager CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...) NOT-FOR-US: Advantech CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vul ...) NOT-FOR-US: HMS Industrial Networks AB eCatche CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...) NOT-FOR-US: Advantech CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-14495 REJECTED CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...) NOT-FOR-US: OpenClinic GA CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...) NOT-FOR-US: OpenClinic CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...) NOT-FOR-US: OpenClinic CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...) NOT-FOR-US: OpenClinic GA CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...) NOT-FOR-US: OpenClinic CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...) NOT-FOR-US: OpenClinic CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...) NOT-FOR-US: OpenClinic CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...) NOT-FOR-US: OpenClinic CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...) NOT-FOR-US: OpenClinic CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing ...) NOT-FOR-US: Niagara CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...) NOT-FOR-US: Rockwell Automation CVE-2020-14479 (Sensitive information can be obtained through the handling of serializ ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...) NOT-FOR-US: Rockwell Automation CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) NOT-FOR-US: Philips CVE-2020-14476 REJECTED CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...) NOT-FOR-US: Cellebrite CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) NOT-FOR-US: DrayTek CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...) NOT-FOR-US: DrayTek CVE-2020-14471 RESERVED CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...) NOT-FOR-US: Octopus Deploy CVE-2020-14469 RESERVED CVE-2020-14468 RESERVED CVE-2020-14467 REJECTED CVE-2020-14466 RESERVED CVE-2020-14465 RESERVED CVE-2020-14464 RESERVED CVE-2020-14463 RESERVED CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box.) NOT-FOR-US: CALDERA CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...) NOT-FOR-US: Zyxel CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...) - mattermost-server (bug #823556) CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) - mattermost-server (bug #823556) CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) - mattermost-server (bug #823556) CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...) - mattermost-server (bug #823556) CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...) - mattermost-desktop (bug #831861) CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...) - mattermost-desktop (bug #831861) CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...) - mattermost-desktop (bug #831861) CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...) - mattermost-server (bug #823556) CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...) - mattermost-server (bug #823556) CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...) NOT-FOR-US: Mattermost CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...) - mattermost-server (bug #823556) CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...) NOT-FOR-US: Mattermost CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic ...) - mattermost-server (bug #823556) CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...) - mattermost-server (bug #823556) CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...) - mattermost-server (bug #823556) CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) - mattermost-server (bug #823556) CVE-2019-20888 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) - mattermost-server (bug #823556) CVE-2019-20887 (An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5. ...) - mattermost-server (bug #823556) CVE-2019-20886 (An issue was discovered in Mattermost Server before 5.8.0. The first u ...) - mattermost-server (bug #823556) CVE-2019-20885 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) - mattermost-server (bug #823556) CVE-2019-20884 (An issue was discovered in Mattermost Server before 5.8.0. It allows a ...) - mattermost-server (bug #823556) CVE-2019-20883 (An issue was discovered in Mattermost Server before 5.8.0, when Town S ...) - mattermost-server (bug #823556) CVE-2019-20882 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) - mattermost-server (bug #823556) CVE-2019-20881 (An issue was discovered in Mattermost Server before 5.8.0. It mishandl ...) - mattermost-server (bug #823556) CVE-2019-20880 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) - mattermost-server (bug #823556) CVE-2019-20879 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) - mattermost-server (bug #823556) CVE-2019-20878 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20877 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20876 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20875 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20874 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20873 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20872 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20871 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20870 (An issue was discovered in Mattermost Server before 5.10.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20869 (An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8 ...) - mattermost-server (bug #823556) CVE-2019-20868 (An issue was discovered in Mattermost Server before 5.11.0. Invite IDs ...) - mattermost-server (bug #823556) CVE-2019-20867 (An issue was discovered in Mattermost Server before 5.11.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20866 (An issue was discovered in Mattermost Server before 5.12.0. Use of a P ...) - mattermost-server (bug #823556) CVE-2019-20865 (An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5. ...) - mattermost-server (bug #823556) CVE-2019-20864 (An issue was discovered in Mattermost Plugins before 5.13.0. The GitHu ...) NOT-FOR-US: Mattermost CVE-2019-20863 (An issue was discovered in Mattermost Server before 5.13.0. Incoming w ...) - mattermost-server (bug #823556) CVE-2019-20862 (An issue was discovered in Mattermost Server before 5.13.0. Non-member ...) - mattermost-server (bug #823556) CVE-2019-20861 (An issue was discovered in Mattermost Desktop App before 4.2.2. It all ...) - mattermost-desktop (bug #831861) CVE-2019-20860 (An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5. ...) - mattermost-server (bug #823556) CVE-2019-20859 (An issue was discovered in Mattermost Server before 5.15.0. Login acce ...) - mattermost-server (bug #823556) CVE-2019-20858 (An issue was discovered in Mattermost Server before 5.15.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20857 (An issue was discovered in Mattermost Server before 5.16.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20856 (An issue was discovered in Mattermost Desktop App before 4.3.0 on macO ...) - mattermost-desktop (bug #831861) CVE-2019-20855 (An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20854 (An issue was discovered in Mattermost Server before 5.17.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20853 (An issue was discovered in Mattermost Packages before 5.16.3. A Drople ...) NOT-FOR-US: Mattermost CVE-2019-20852 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local ...) NOT-FOR-US: Mattermost CVE-2019-20851 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. An at ...) NOT-FOR-US: Mattermost CVE-2019-20850 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. A vie ...) NOT-FOR-US: Mattermost CVE-2019-20849 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cooki ...) NOT-FOR-US: Mattermost CVE-2019-20848 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Q ...) NOT-FOR-US: Mattermost CVE-2019-20847 (An issue was discovered in Mattermost Server before 5.18.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20846 (An issue was discovered in Mattermost Server before 5.18.0. It has wea ...) - mattermost-server (bug #823556) CVE-2019-20845 (An issue was discovered in Mattermost Server before 5.18.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20844 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20843 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20842 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20841 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...) - mattermost-desktop (bug #831861) CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) - mattermost-server (bug #823556) CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) - mattermost-server (bug #823556) CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...) - mattermost-server (bug #823556) CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) - mattermost-server (bug #823556) CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) - mattermost-server (bug #823556) CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...) - mattermost-server (bug #823556) CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - mattermost-server (bug #823556) CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - mattermost-server (bug #823556) CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - mattermost-server (bug #823556) CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...) - mattermost-server (bug #823556) CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...) - mattermost-server (bug #823556) CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...) - mattermost-server (bug #823556) CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...) - mattermost-server (bug #823556) CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...) - mattermost-server (bug #823556) CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and ...) - mattermost-server (bug #823556) CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...) - mattermost-server (bug #823556) CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...) - mattermost-server (bug #823556) CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...) - mattermost-server (bug #823556) CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...) - mattermost-server (bug #823556) CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...) - mattermost-server (bug #823556) CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...) - mattermost-server (bug #823556) CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) - mattermost-server (bug #823556) CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...) - mattermost-server (bug #823556) CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) - mattermost-server (bug #823556) CVE-2017-18902 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - mattermost-server (bug #823556) CVE-2017-18901 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - mattermost-server (bug #823556) CVE-2017-18900 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) - mattermost-server (bug #823556) CVE-2017-18899 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18898 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18897 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18896 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18895 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18894 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18893 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18892 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18891 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) - mattermost-server (bug #823556) CVE-2017-18890 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18889 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18888 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18887 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18886 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18885 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18884 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18883 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18882 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18881 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18880 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18879 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18878 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18877 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18876 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18875 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18874 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18873 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) - mattermost-server (bug #823556) CVE-2017-18872 (An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...) - mattermost-server (bug #823556) CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3. ...) - mattermost-server (bug #823556) CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and ...) - mattermost-server (bug #823556) CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...) - mattermost-server (bug #823556) CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...) - mattermost-server (bug #823556) CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...) - mattermost-server (bug #823556) CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...) - mattermost-server (bug #823556) CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...) - mattermost-server (bug #823556) CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...) - mattermost-server (bug #823556) CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...) - mattermost-server (bug #823556) CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...) - mattermost-server (bug #823556) CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) - mattermost-server (bug #823556) CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...) - mattermost-server (bug #823556) CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...) - mattermost-server (bug #823556) CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed ...) - mattermost-server (bug #823556) CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...) - mattermost-server (bug #823556) CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...) - mattermost-server (bug #823556) CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...) - mattermost-desktop (bug #831861) CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...) - mattermost-server (bug #823556) CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...) - mattermost-server (bug #823556) CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...) - mattermost-server (bug #823556) CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.4-1 - neomutt 20200619+dfsg.1-1 NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 NOTE: https://gitlab.com/muttmua/mutt/-/issues/248 NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...) - dolibarr CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...) NOT-FOR-US: NETGEAR CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the app.o ...) NOT-FOR-US: Foxit Reader CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...) - cacti 1.2.19+ds1-1 [bullseye] - cacti (Vulnerable code not present) [buster] - cacti (Vulnerable code not present) [stretch] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/pull/4261 NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18) CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) NOT-FOR-US: Convos CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) {DLA-3424-1 DLA-2280-1} - python3.8 3.8.4~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue, DoS with constraints) - python2.7 (ipaddress module introduced in 3.3) - python-ipaddress [bullseye] - python-ipaddress (Minor issue) NOTE: https://bugs.python.org/issue41004 NOTE: https://github.com/python/cpython/pull/20956 NOTE: https://github.com/python/cpython/pull/21033 NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master) NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch) NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1) NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch) NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch) CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14420 RESERVED CVE-2020-14419 RESERVED CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...) NOT-FOR-US: madCodeHook CVE-2020-14417 RESERVED CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0) CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_data ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.210-1+deb9u1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...) NOT-FOR-US: NeDi CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...) NOT-FOR-US: NeDi CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...) NOT-FOR-US: NeDi CVE-2020-14411 RESERVED CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...) {DLA-3314-1 DLA-2536-1} - libsdl1.2 (Only affects SDL2) - libsdl2 2.0.14+dfsg2-2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...) {DLA-3314-1 DLA-2536-1} - libsdl2 2.0.14+dfsg2-2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637 CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-14407 RESERVED CVE-2020-14406 RESERVED CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Proposed patch might break ABI for consumers) [stretch] - libvncserver (Proposed patch might break ABI for consumers) [jessie] - libvncserver (Proposed patch might break ABI for consumers) NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Vulnerable code not present) [stretch] - libvncserver (Vulnerable code not present) [jessie] - libvncserver (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 CVE-2020-14395 REJECTED CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...) {DLA-3362-1} - qemu 1:7.1+dfsg-1 (bug #979677) [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/646 NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/effaf5a240e03020f4ae953e10b764622c3e87cc (v7.1.0-rc3) CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local att ...) {DLA-2386-1} - libdbi-perl 1.643-1 [buster] - libdbi-perl 1.642-1+deb10u1 NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A ...) {DLA-2386-1} - libdbi-perl 1.643-1 [buster] - libdbi-perl 1.642-1+deb10u1 NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 CVE-2020-14391 (A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...) - gnome-settings-daemon (Red Hat-specific plugin) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093 CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.10-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2 CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit a user w ...) NOT-FOR-US: Keycloak CVE-2020-14388 (A flaw was found in the Red Hat 3scale API Management Platform, where ...) NOT-FOR-US: 3scale CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...) - rsync 3.2.3-3 (bug #969530) [buster] - rsync (Vulnerable code introduced later) [stretch] - rsync (Vulnerable code introduced later) NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3 CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...) {DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) NOT-FOR-US: JBossWeb CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...) {DLA-3792-1 DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973398) NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472 CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...) - cryptsetup 2:2.3.4-1 (bug #969471) [buster] - cryptsetup (Vulnerable code not present) [stretch] - cryptsetup (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712 NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102 NOTE: Fixed by: https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0) CVE-2020-14381 (A flaw was found in the Linux kernel\u2019s futex implementation. This ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254 CVE-2020-14380 (An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14379 (A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can ...) NOT-FOR-US: Red Hat AMQ broker CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7a5af91f8bf46f121cc1a7873045ef37f63d56c2 (v18.11.10) NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=fd9dd27602a6494663ace53f0d52122ed9f0de1c (v18.11.1-rc1) CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090 (v18.11.10) NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090 (v18.11.10) NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=6e8a4da39e68c581c236b1f109fef4b6e22b35ef (v18.11.10) NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=75f8df70a2c8a477ed61bf3145746ef1164466ce (v18.11.10) NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3c79609fda7cba51835c5f76e1bf4a454c653ff2 (v18.05-rc5) CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...) - ghostscript 9.26~dfsg-1 [stretch] - ghostscript 9.26~dfsg-0+deb9u1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-14371 (A credential leak vulnerability was found in Red Hat Satellite. This f ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...) - libpod 2.0.6+dfsg1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268 NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...) NOT-FOR-US: Eclipse Che CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...) - chrony 3.5.1-1 (unimportant) [buster] - chrony 3.4-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1 NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1) NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1) NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1) NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3 NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...) NOT-FOR-US: Keycloak CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 NOTE: https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275 (v2.9.13) NOTE: Negligible security impact on Debian systems CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-4 (bug #968947) NOTE: https://xenbits.xen.org/xsa/advisory-335.html NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b946434f2659a182afc17e155be6791ebfb302eb CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...) {DLA-2361-1} - libx11 2:1.6.12-1 (bug #969008) [buster] - libx11 2:1.6.7-1+deb10u1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787 CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An out-of ...) {DSA-4803-1 DLA-2486-1} - xorg-server 2:1.20.10-1 (bug #976216) NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b CVE-2020-14359 (A vulnerability was found in all versions of Keycloak Gatekeeper, wher ...) NOT-FOR-US: Keycloak CVE-2020-14358 REJECTED CVE-2020-14357 REJECTED CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.10-1 (bug #966846) [buster] - linux 4.19.146-1 NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...) {DSA-4771-1 DLA-2428-1 DLA-2427-1} - spice 0.14.3-2 (bug #971750) - spice-gtk 0.39-1 (bug #971751) [buster] - spice-gtk (Minor issue) NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4 NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206 NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6 CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version 1.16.0 ...) - c-ares 1.16.1-1 [buster] - c-ares (Vulnerable code introduced later) [stretch] - c-ares (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838 NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) CVE-2020-14353 REJECTED CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...) NOT-FOR-US: librepo CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/ CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...) {DLA-2331-1} - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 11.9-0+deb10u1 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59 CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...) - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 11.9-0+deb10u1 - postgresql-9.6 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...) NOT-FOR-US: AMQ Online CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 (bug #968986) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...) {DLA-2312-1} - libx11 2:1.6.10-1 [buster] - libx11 2:1.6.7-1+deb10u1 NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3.1-4 (bug #966233) [buster] - pyyaml (Vulnerable code not present) [stretch] - pyyaml (Vulnerable code not present) NOTE: https://github.com/yaml/pyyaml/issues/420 NOTE: Fixed via: https://github.com/yaml/pyyaml/pull/472 NOTE: https://github.com/yaml/pyyaml/commit/7adc0db3f613a82669f2b168edd98379b83adb3c NOTE: CVE is for an incomplete fix of CVE-2020-1747. CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...) - cifs-utils 2:6.11-1 (bug #970172) [buster] - cifs-utils (Minor issue) [stretch] - cifs-utils (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14442 NOTE: https://lists.samba.org/archive/samba-technical/2020-September/135747.html NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a CVE-2020-14341 (The "Test Connection" available in v7.x of the Red Hat Single Sign On ...) NOT-FOR-US: Red Hat Single Sign On application console CVE-2020-14340 (A vulnerability was discovered in XNIO where file descriptor leak caus ...) - jboss-xnio 3.8.2-1 [buster] - jboss-xnio (Minor issue) [stretch] - jboss-xnio (vulnerable code is not present) NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233 NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234 CVE-2020-14339 (A flaw was found in libvirt, where it leaked a file descriptor for `/d ...) - libvirt 6.6.0-1 (bug #966563) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860069 NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0) CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...) - wildfly (bug #752018) CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) NOT-FOR-US: Ansible Tower CVE-2020-14336 (A flaw was found in the Restricted Security Context Constraints (SCC), ...) NOT-FOR-US: OpenShift CVE-2020-14335 (A flaw was found in Red Hat Satellite, which allows a privileged attac ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) - foreman (bug #663101) CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...) NOT-FOR-US: ovirt-engine CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 (bug #966672) [stretch] - ansible (EOL'd for stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805 NOTE: https://github.com/ansible/ansible/pull/71033 NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12) CVE-2020-14331 (A flaw was found in the Linux kernel\u2019s implementation of the inve ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2 NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 [stretch] - ansible (EOL'd for stretch) NOTE: https://github.com/ansible/ansible/issues/68400 NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653 NOTE: Complete fix (reverting first and adding more elaborated fix): NOTE: https://github.com/ansible/ansible/pull/70762 NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e NOTE: https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12) CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions before 3.7 ...) NOT-FOR-US: Ansible Tower CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Server S ...) NOT-FOR-US: Ansible Tower CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...) NOT-FOR-US: Ansible Tower CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...) - resteasy (Vulnerable code introduced later) - resteasy3.0 (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826 NOTE: https://issues.redhat.com/browse/RESTEASY-2643 NOTE: https://issues.redhat.com/browse/RESTEASY-2646 NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final) CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...) {DLA-3792-1 DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973399) NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436 CVE-2020-14322 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to l ...) - moodle CVE-2020-14321 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course ...) - moodle CVE-2020-14320 (In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task ...) - moodle CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...) NOT-FOR-US: AMQ Online CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...) {DLA-3792-1 DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973400) NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434 CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805 appeared a ...) - wildfly (bug #752018) CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...) NOT-FOR-US: KubeVirt CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...) - bsdiff 4.3-22 (bug #964796) [buster] - bsdiff (Minor issue) [stretch] - bsdiff (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2 NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922 NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1 CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...) NOT-FOR-US: Quay CVE-2020-14312 (A flaw was found in the default configuration of dnsmasq, as shipped w ...) - dnsmasq 2.69-1 (bug #732610) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342 CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function read_sectio ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't check ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...) - wildfly (bug #752018) CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) NOT-FOR-US: OpenShift CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel\u ...) {DLA-2420-1} - linux 4.12.6-1 NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...) - linux (bug #960702) [bookworm] - linux (Minor issue) [bullseye] - linux (Minor issue) [buster] - linux (Minor issue) CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity ...) NOT-FOR-US: Keycloak CVE-2020-14301 (An information disclosure vulnerability was found in libvirt in versio ...) - libvirt (Vulnerable code introduced with 6.2.0) NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5 CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...) - docker.io (Red Hat specific regression) CVE-2020-14299 (A flaw was found in JBoss EAP, where the authentication configuration ...) NOT-FOR-US: JBoss EAP CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...) - docker.io (Red Hat specific regression) CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...) - wildfly (bug #752018) CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...) - cacti 1.2.13+ds1-1 (bug #963139) [buster] - cacti (Vulnerability introduced later) [stretch] - cacti (Vulnerability introduced later) [jessie] - cacti (Vulnerability introduced later) NOTE: https://github.com/Cacti/cacti/issues/3622 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839 NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6) CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...) NOT-FOR-US: Secudos Qiata FTA CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute ...) NOT-FOR-US: Secudos DOMOS CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...) NOT-FOR-US: COVIDSafe application for Android CVE-2020-14291 RESERVED CVE-2020-14290 RESERVED CVE-2020-14289 RESERVED CVE-2020-14288 RESERVED CVE-2020-14287 RESERVED CVE-2020-14286 RESERVED CVE-2020-14285 RESERVED CVE-2020-14284 RESERVED CVE-2020-14283 RESERVED CVE-2020-14282 RESERVED CVE-2020-14281 RESERVED CVE-2020-14280 RESERVED CVE-2020-14279 RESERVED CVE-2020-14278 RESERVED CVE-2020-14277 RESERVED CVE-2020-14276 RESERVED CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1 ...) NOT-FOR-US: HCL CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...) NOT-FOR-US: HCL CVE-2020-14273 (HCL Domino is susceptible to a Denial of Service (DoS) vulnerability d ...) NOT-FOR-US: HCL Domino CVE-2020-14272 RESERVED CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...) NOT-FOR-US: HCL iNotes CVE-2020-14270 (HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vu ...) NOT-FOR-US: HCL Domino CVE-2020-14269 RESERVED CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...) NOT-FOR-US: HCL Notes CVE-2020-14267 RESERVED CVE-2020-14266 RESERVED CVE-2020-14265 RESERVED CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14262 RESERVED CVE-2020-14261 RESERVED CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...) NOT-FOR-US: HCL Domino CVE-2020-14259 RESERVED CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...) NOT-FOR-US: HCL CVE-2020-14257 RESERVED CVE-2020-14256 RESERVED CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...) NOT-FOR-US: HCL CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...) NOT-FOR-US: HCL BigFix Inventory CVE-2020-14253 RESERVED CVE-2020-14252 RESERVED CVE-2020-14251 RESERVED CVE-2020-14250 RESERVED CVE-2020-14249 RESERVED CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) NOT-FOR-US: HCL BigFix Inventory CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...) NOT-FOR-US: HCL CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...) NOT-FOR-US: HCL CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...) NOT-FOR-US: HCL CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) NOT-FOR-US: HCL Domino server CVE-2020-14243 RESERVED CVE-2020-14242 RESERVED CVE-2020-14241 RESERVED CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and ...) NOT-FOR-US: HCL Notes CVE-2020-14239 RESERVED CVE-2020-14238 RESERVED CVE-2020-14237 RESERVED CVE-2020-14236 RESERVED CVE-2020-14235 RESERVED CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...) NOT-FOR-US: HCL CVE-2020-14233 RESERVED CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could ...) NOT-FOR-US: HCL Notes CVE-2020-14231 (A vulnerability in the input parameter handling of HCL Client Applicat ...) NOT-FOR-US: HCL CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...) NOT-FOR-US: HCL CVE-2020-14229 RESERVED CVE-2020-14228 RESERVED CVE-2020-14227 RESERVED CVE-2020-14226 RESERVED CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...) NOT-FOR-US: HCL iNotes CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...) NOT-FOR-US: HCL Notes CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...) NOT-FOR-US: HCL Digital Experience CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...) NOT-FOR-US: HCL Digital Experience CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...) NOT-FOR-US: HCL CVE-2020-14220 RESERVED CVE-2020-14219 RESERVED CVE-2020-14218 RESERVED CVE-2020-14217 RESERVED CVE-2020-14216 RESERVED CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Vulnerable code not present) [stretch] - libvncserver (Vulnerable code not present) [jessie] - libvncserver (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76 NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922. CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1 CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...) {DSA-4383-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 NOTE: https://github.com/LibVNC/libvncserver/issues/253 NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858 CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...) - zulip-server (bug #800052) CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...) - zammad (bug #841355) CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only ...) - zammad (bug #841355) CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...) - ffmpeg 7:4.3.1-1 [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8716 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-14211 RESERVED CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...) NOT-FOR-US: MONITORAPP CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...) - dolibarr CVE-2020-14208 (SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in t ...) NOT-FOR-US: SuiteCRM CVE-2020-14207 (The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection w ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14206 (The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XS ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14205 (The DiveBook plugin 1.1.4 for WordPress is prone to improper access co ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...) - dolibarr CVE-2020-14200 RESERVED CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...) NOT-FOR-US: Bitcoin protocol issue CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service.) - bitcoin 0.18.0~dfsg-1 (bug #976448) NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 CVE-2020-14197 RESERVED CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...) - pdns-recursor 4.3.2-1 (low; bug #964103) [buster] - pdns-recursor (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1 NOTE: https://github.com/PowerDNS/pdns/pull/9283/commits/e81271189216dbf2850c6d4461dfc3f37c731ac8 (rec-4.1.17) CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2765 NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...) - zulip-server (bug #800052) CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...) NOT-FOR-US: Atlassian CVE-2020-14192 (Affected versions of Atlassian Fisheye and Crucible allow remote attac ...) NOT-FOR-US: Atlassian CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) NOT-FOR-US: Atlassian CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) NOT-FOR-US: Atlassian CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...) NOT-FOR-US: Atlassian CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...) NOT-FOR-US: Atlassian CVE-2020-14187 RESERVED CVE-2020-14186 RESERVED CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...) NOT-FOR-US: Atlassian CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...) NOT-FOR-US: Atlassian CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a remote attacker ...) NOT-FOR-US: Atlassian CVE-2020-14182 RESERVED CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...) NOT-FOR-US: Atlassian CVE-2020-14180 (Affected versions of Atlassian Jira Service Desk Server and Data Cente ...) NOT-FOR-US: Atlassian CVE-2020-14179 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14177 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14176 RESERVED CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...) NOT-FOR-US: Atlassian CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...) NOT-FOR-US: Atlassian CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...) NOT-FOR-US: Atlassian CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...) NOT-FOR-US: Atlassian CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) NOT-FOR-US: Atlassian CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) NOT-FOR-US: Atlassian CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) NOT-FOR-US: Atlassian CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) NOT-FOR-US: Atlassian CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) NOT-FOR-US: Atlassian CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/commit/c2b662170245a16f46ce02eae68815c325d99821 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3804 CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...) NOT-FOR-US: Pi-Hole CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...) NOT-FOR-US: Gotenberg CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote ...) NOT-FOR-US: Gotenberg CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...) NOT-FOR-US: ConnectWise CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...) NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...) NOT-FOR-US: ABUS CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...) NOT-FOR-US: OpenBMC CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...) - pcre3 2:8.39-13 (bug #963086) [buster] - pcre3 (Minor issue) [stretch] - pcre3 (Minor issue) [jessie] - pcre3 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2463 NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44) CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to ...) - mutt 1.14.3-1 (unimportant) [buster] - mutt 1.10.1-2.1+deb10u1 - neomutt 20200619+dfsg.1-1 (unimportant) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95 NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 NOTE: Negligible security impact CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...) - libjpeg9 1:9d-1 - libjpeg-turbo (Vulnerable code not present; problematic condition cannot be reached) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) {DLA-2302-1} - libjpeg9 1:9d-1 (low) - libjpeg-turbo 1:1.5.2-1 (low) [jessie] - libjpeg-turbo (Minor issue) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933 CVE-2020-14151 REJECTED CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) - bison 2:3.6.1+dfsg-1 (unimportant) NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html NOTE: Crash in CLI tool, no security impact CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...) NOT-FOR-US: uftpd CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...) {DLA-2252-1} - ngircd 26-1 (bug #963147) [buster] - ngircd (Minor issue, fix along with next update) [stretch] - ngircd (Minor issue) NOTE: https://github.com/ngircd/ngircd/issues/274 NOTE: https://github.com/ngircd/ngircd/issues/277 NOTE: https://github.com/ngircd/ngircd/pull/275 NOTE: https://github.com/ngircd/ngircd/pull/276 NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...) {DSA-4731-1} - redis 5:6.0.0-1 [stretch] - redis (Vulnerable code reintroduced later) [jessie] - redis (Vulnerable code reintroduced later) NOTE: https://github.com/antirez/redis/pull/6875 NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4) NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 NOTE: Fixed upstream in 6.0~rc2 and 5.0.8 CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...) NOT-FOR-US: KumbiaPHP CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...) - openssh (unimportant) NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding NOTE: the issue, details in "3.1 OpenSSH" in the publication. NOTE: Partial mitigation: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d (V_8_4_P1) CVE-2020-14144 (The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for aut ...) - gitea CVE-2020-14143 RESERVED CVE-2020-14142 RESERVED CVE-2020-14141 RESERVED CVE-2020-14140 (When Xiaomi router firmware is updated in 2020, there is an unauthenti ...) NOT-FOR-US: Xiaomi CVE-2020-14139 RESERVED CVE-2020-14138 RESERVED CVE-2020-14137 RESERVED CVE-2020-14136 RESERVED CVE-2020-14135 RESERVED CVE-2020-14134 RESERVED CVE-2020-14133 RESERVED CVE-2020-14132 RESERVED CVE-2020-14131 (The Xiaomi Security Center expresses heartfelt thanks to ADLab of Venu ...) NOT-FOR-US: Xiaomi CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...) NOT-FOR-US: Xiaomi CVE-2020-14129 (A logic vulnerability exists in a Xiaomi product. The vulnerability is ...) NOT-FOR-US: Xiaomi CVE-2020-14128 RESERVED CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...) NOT-FOR-US: Xiaomi CVE-2020-14126 (Information leakage vulnerability exists in the Mi Sound APP. This vul ...) NOT-FOR-US: Xiaomi CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...) NOT-FOR-US: Xiaomi CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...) NOT-FOR-US: Xiaomi CVE-2020-14123 (There is a pointer double free vulnerability in Some MIUI Services. Wh ...) NOT-FOR-US: Xiaomi CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, and some ...) NOT-FOR-US: Xiaomi CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The vulnerabili ...) NOT-FOR-US: Xiaomi CVE-2020-14120 (Some Xiaomi models have a vulnerability in a certain application. The ...) NOT-FOR-US: Xiaomi CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...) NOT-FOR-US: Xiaomi CVE-2020-14118 (An intent redirection vulnerability in the Mi App Store product. This ...) NOT-FOR-US: Xiaomi CVE-2020-14117 (A improper permission configuration vulnerability in Xiaomi Content Ce ...) NOT-FOR-US: Xiaomi CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. This vu ...) NOT-FOR-US: Xiaomi CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...) NOT-FOR-US: Xiaomi CVE-2020-14114 (information leakage vulnerability exists in the Xiaomi SmartHome APP. ...) NOT-FOR-US: Xiaomi CVE-2020-14113 RESERVED CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router AX6000. The ...) NOT-FOR-US: Xiaomi CVE-2020-14111 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...) NOT-FOR-US: Xiaomi CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) NOT-FOR-US: AX3600 router CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 RESERVED CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...) NOT-FOR-US: Xiaomi CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...) NOT-FOR-US: Xiaomi CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...) NOT-FOR-US: Xiaomi CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...) NOT-FOR-US: Xiaomi CVE-2020-14103 (The application in the mobile phone can read the SNO information of th ...) NOT-FOR-US: Xiaomi CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...) NOT-FOR-US: Xiaomi CVE-2020-14101 (The data collection SDK of the router web management interface caused ...) NOT-FOR-US: Xiaomi CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 int ...) NOT-FOR-US: Xiaomi CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version ...) NOT-FOR-US: Xiaomi CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...) NOT-FOR-US: Xiaomi CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...) NOT-FOR-US: Xiaomi CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen wh ...) NOT-FOR-US: Xiaomi CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers ...) NOT-FOR-US: Xiaomi CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service can ...) NOT-FOR-US: Xiaomi CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...) - pcre3 (unimportant) NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43) NOTE: Only an issue when UTF support disabled CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...) - caddy (Fixed before initial upload to Debian) CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...) - pound 2.8-2 [stretch] - pound 2.7-1.3+deb9u1 [jessie] - pound 2.6-6+deb8u2 NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was NOTE: as well fixed with the same changes as done upstream for 2.8. The backport NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8. NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too. CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...) - node-chownr 1.1.1-1 (bug #909024) NOTE: https://github.com/isaacs/chownr/issues/14 NOTE: https://snyk.io/vuln/npm:chownr:20180731 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.3-1 (bug #962897) - neomutt 20200619+dfsg.1-1 NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107 NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748 CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...) NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress CVE-2020-14091 RESERVED CVE-2020-14090 RESERVED CVE-2020-14089 RESERVED CVE-2020-14088 RESERVED CVE-2020-14087 RESERVED CVE-2020-14086 RESERVED CVE-2020-14085 RESERVED CVE-2020-14084 RESERVED CVE-2020-14083 RESERVED CVE-2020-14082 RESERVED CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet TEW-827DRU devices CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...) NOT-FOR-US: MK-AUTH CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...) NOT-FOR-US: MK-AUTH CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...) NOT-FOR-US: MK-AUTH CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...) NOT-FOR-US: MK-AUTH CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...) NOT-FOR-US: MK-AUTH CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...) NOT-FOR-US: Navigate CMS CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...) NOT-FOR-US: TC Custom JavaScript plugin for WordPress CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2704 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2698 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2688 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...) - squid (vulnerability introduced in the 5.x series) - squid3 (vulnerability introduced in the 5.x series) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...) - squid 4.12-1 (unimportant) - squid3 (unimportant) NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57 NOTE: Squid in Debian builds without OpenSSL support CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...) NOT-FOR-US: Monsta FTP CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...) NOT-FOR-US: Monsta FTP CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...) NOT-FOR-US: Monsta FTP CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...) NOT-FOR-US: SOKKIA GNR5 Vanguard WEB CVE-2020-14053 RESERVED CVE-2020-14052 RESERVED CVE-2020-14051 RESERVED CVE-2020-14050 RESERVED CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...) NOT-FOR-US: Viber CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...) NOT-FOR-US: Zoho CVE-2020-14047 RESERVED CVE-2020-14046 RESERVED CVE-2020-14045 RESERVED CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forger ...) NOT-FOR-US: Codiad CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...) NOT-FOR-US: Codiad CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...) NOT-FOR-US: Codiad CVE-2020-14041 RESERVED CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...) - golang-golang-x-text 0.3.3-1 (bug #964272) - golang-x-text (bug #964271) [buster] - golang-x-text (Limited support, minor issue) [stretch] - golang-x-text (Minor issue) NOTE: https://github.com/golang/go/issues/39491 NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...) - golang-1.15 (Windows-specific) - golang-1.14 (Windows-specific) - golang-1.11 (Windows-specific) NOTE: https://golang.org/issue/39360 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...) {DSA-4709-1 DLA-2371-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47984 CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47951 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix) CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47950 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47949 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...) - wordpress 5.4.2+dfsg1-1 (bug #962685) [buster] - wordpress (Vulnerable code introduced later) [stretch] - wordpress (Vulnerable code introduced later) [jessie] - wordpress (Vulnerable code introduced later) NOTE: https://core.trac.wordpress.org/changeset/47947 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47948 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f CVE-2020-14038 RESERVED CVE-2020-14037 RESERVED CVE-2020-14036 RESERVED CVE-2020-14035 RESERVED CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via ...) NOT-FOR-US: ASRock CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The da ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file typ ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14020 RESERVED CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) - python-rtslib-fb 2.1.71-3 (bug #972227) [buster] - python-rtslib-fb (Introduced in 2.1.70) [stretch] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) [jessie] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162 NOTE: https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9 CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...) NOT-FOR-US: Navigate CMS CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...) NOT-FOR-US: Navigate CMS CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...) NOT-FOR-US: Navigate CMS CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) NOT-FOR-US: Navigate CMS CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query p ...) NOT-FOR-US: Navigate CMS CVE-2020-14013 RESERVED CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...) NOT-FOR-US: osTicket CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...) NOT-FOR-US: Lansweeper CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...) NOT-FOR-US: Laborator Xenon theme for WordPress CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vu ...) NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD) CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...) - icinga2 2.11.5-1 (bug #970252) [buster] - icinga2 2.10.3-2+deb10u1 [stretch] - icinga2 (prepare-dirs script not shipped) [jessie] - icinga2 (prepare-dirs script not shipped) NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171 NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 CVE-2020-14003 RESERVED CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) {DLA-3794-1} - putty 0.74-1 [stretch] - putty (Minor issue) [jessie] - putty (Minor issue) NOTE: Introduced by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=d21041f7f8846b16ff6d72ed696d6190627e19b4 (0.68) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) {DSA-4743-1 DLA-2316-1} [experimental] - ruby-kramdown 2.3.0-1 - ruby-kramdown 2.3.0-3 (bug #965305) NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6 NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) NOT-FOR-US: scratch-vm different from src:scratch CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) - libemf 1.0.13-1 (bug #963778) [buster] - libemf (Minor issue) NOTE: Fixed upstream in 1.0.13 CVE-2020-13998 (Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticate ...) NOT-FOR-US: Citrix CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...) NOT-FOR-US: Shopware CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...) NOT-FOR-US: J2Store plugin for Joomla! CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...) NOT-FOR-US: U.S. Air Force Sensor Data Management System extract75 CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...) NOT-FOR-US: Mods for HESK CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...) NOT-FOR-US: Mods for HESK CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...) NOT-FOR-US: Mods for HESK CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...) - iotjs (Vulnerable code not present; cf. #972228) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860 NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867 CVE-2020-13990 RESERVED CVE-2020-13989 RESERVED CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) NOT-FOR-US: Contiki CVE-2020-13985 (An issue was discovered in Contiki through 3.0. A memory corruption vu ...) NOT-FOR-US: Contiki CVE-2020-13984 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) NOT-FOR-US: Contiki CVE-2020-13983 REJECTED CVE-2020-13982 RESERVED CVE-2020-13981 RESERVED CVE-2020-13980 (OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2020-13979 RESERVED CVE-2020-13978 (Monstra CMS 3.0.4 allows an attacker, who already has administrative a ...) NOT-FOR-US: Monstra CMS CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) - nagios4 4.3.4-4 (bug #962826) [buster] - nagios4 (Minor issue) NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213 CVE-2020-13976 (An issue was discovered in DD-WRT through 16214. The Diagnostic page a ...) NOT-FOR-US: DD-WRT CVE-2020-13975 RESERVED CVE-2020-13974 (An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...) NOT-FOR-US: OWASP json-sanitizer CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...) NOT-FOR-US: Enghouse Web Chat CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...) NOT-FOR-US: Shopware CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...) NOT-FOR-US: Shopware CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on ...) NOT-FOR-US: CRK Business Platform CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL statements again ...) NOT-FOR-US: CRK Business Platform CVE-2020-13967 RESERVED CVE-2020-13966 RESERVED CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...) NOT-FOR-US: SOPlanning CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) - qtbase-opensource-src 5.14.2+dfsg-6 [buster] - qtbase-opensource-src (Only affects 5.12.2 and later) [stretch] - qtbase-opensource-src (Only affects 5.12.2 and later) [jessie] - qtbase-opensource-src (Only affects 5.12.2 and later) NOTE: https://bugreports.qt.io/browse/QTBUG-83450 NOTE: https://github.com/mumble-voip/mumble/issues/3679 NOTE: https://github.com/mumble-voip/mumble/pull/4032 CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...) NOT-FOR-US: Strapi CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...) NOT-FOR-US: D-Link CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...) {DLA-2597-1} - velocity-tools 2.0-8 (bug #985221) [buster] - velocity-tools (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2 NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152 CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...) NOT-FOR-US: Apache OpenOffice CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...) - lucene-solr (Vulnerable functionality not yet present) CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...) {DSA-4772-1 DLA-2405-1} - httpcomponents-client 4.5.13-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587 NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1) CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...) NOT-FOR-US: Apache Calcite CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...) NOT-FOR-US: Apache CXF CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...) NOT-FOR-US: Apache Tapestry CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...) NOT-FOR-US: Apache Superset CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...) NOT-FOR-US: Apache OpenMeetings CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 [buster] - apache2 (Vulnerable code not present) [stretch] - apache2 (Vulnerable code not present) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 NOTE: Fixed by: https://svn.apache.org/r1678771 NOTE: Introduced by: https://svn.apache.org/r1656259 CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) [experimental] - thrift 0.16.0-1 - thrift 0.16.0-3 (bug #988949) [bullseye] - thrift (Minor issue) [buster] - thrift (Minor issue) NOTE: https://seclists.org/oss-sec/2021/q1/140 CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...) - activemq 5.16.1-1 (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt NOTE: Fixed in 5.15.13, 5.16.1 CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...) - cassandra (bug #585905) CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the Admin ...) NOT-FOR-US: Apache APISIX CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some of ...) - airflow (bug #819700) CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...) {DSA-4835-1 DLA-2407-1} - tomcat9 9.0.38-1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38) NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58) CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...) NOT-FOR-US: Apache Unomi CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (Minor issue) [stretch] - lucene-solr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1 NOTE: https://issues.apache.org/jira/browse/SOLR-14561 NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...) NOT-FOR-US: Apache NiFi CVE-2020-13939 REJECTED CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...) - apache2 (Only affects Apache on Windows) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938 CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...) {DLA-2595-1} - velocity 1.7-6 (bug #985220) [buster] - velocity 1.7-5+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1 NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3 NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57) NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37) CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4 NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57) NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37) CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...) {DLA-2726-1} - shiro 1.3.2-5 (bug #968753) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) NOT-FOR-US: Apache ActiveMQ Artemis NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0 ...) NOT-FOR-US: Apache TomEE CVE-2020-13930 RESERVED CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows an attac ...) NOT-FOR-US: Apache Zeppelin CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...) NOT-FOR-US: Apache Atlas CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...) - airflow (bug #819700) CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13924 (In Apache Ambari versions 2.6.2.2 and earlier, malicious users can con ...) NOT-FOR-US: Apache Ambari CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) NOT-FOR-US: Apache OFBiz CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...) NOT-FOR-US: Apache DolphinScheduler CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...) NOT-FOR-US: Apache SkyWalking CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...) {DLA-3657-1 DLA-2400-1} - activemq 5.16.0-1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt NOTE: When fixing this issue make sure to use a complete fix and not open up NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing NOTE: JMX re-bind). NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13) CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...) NOT-FOR-US: SolarWinds Advanced Monitoring Agent CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...) NOT-FOR-US: Your Online Shop CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...) NOT-FOR-US: Pengutronix Barebox CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...) NOT-FOR-US: Laravel Ignition component CVE-2020-13908 RESERVED CVE-2020-13907 RESERVED CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13904 (FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duratio ...) {DSA-4722-1 DLA-2291-1} - ffmpeg 7:4.3.1-1 NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc NOTE: https://trac.ffmpeg.org/ticket/8673 CVE-2020-13903 REJECTED CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [stretch] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [jessie] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86 CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636 CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120 CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS.) NOT-FOR-US: HESK CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...) NOT-FOR-US: Maipu devices CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...) NOT-FOR-US: DEXT5 Editor CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...) NOT-FOR-US: Sage EasyPay CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS.) NOT-FOR-US: SportsPress plugin for WordPress CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...) NOT-FOR-US: Mattermost CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...) NOT-FOR-US: Bootstrap theme CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS.) NOT-FOR-US: Bludit CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...) NOT-FOR-US: Kordil EDMS CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...) NOT-FOR-US: Kordil EDMS CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...) - libcrypt-perl-perl (bug #907353) NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14 NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2 CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...) NOT-FOR-US: Intelbras TIP CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...) NOT-FOR-US: Citrix CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...) NOT-FOR-US: Citrix CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...) - lynis 3.0.0-1 (unimportant) NOTE: Neutralised by kernel hardening NOTE: https://github.com/CISOfy/lynis/pull/594 NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2730-1 DLA-2239-1} - libpam-tacplus 1.3.8-2.1 (low; bug #962830) [buster] - libpam-tacplus 1.3.8-2+deb10u1 [stretch] - libpam-tacplus (Minor issue) NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 NOTE: https://github.com/kravietz/pam_tacplus/issues/149 CVE-2020-13880 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-bas ...) NOT-FOR-US: IrfanView B3D PlugIns CVE-2020-13879 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-bas ...) NOT-FOR-US: IrfanView B3D PlugIns CVE-2020-13878 (IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-bas ...) NOT-FOR-US: IrfanView B3D PlugIns CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress Meeting M ...) NOT-FOR-US: ResourceXpress Meeting Monitor CVE-2020-13876 RESERVED CVE-2020-13875 RESERVED CVE-2020-13874 RESERVED CVE-2020-13873 (A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/T ...) NOT-FOR-US: Codoforum CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...) NOT-FOR-US: Royal TS CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...) {DLA-2340-1} - sqlite3 3.32.2-2 [buster] - sqlite3 (Vulnerability introduced later) [jessie] - sqlite3 (Vulnerable code not present) - sqlite (Vulnerability introduced later) NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104 NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4 NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529 NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...) - targetcli-fb 1:2.1.53-1 (low; bug #962331) [buster] - targetcli-fb (Minor issue) [stretch] - targetcli-fb (Minor issue) NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172 CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...) NOT-FOR-US: WinGate CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-13862 RESERVED CVE-2020-13861 RESERVED CVE-2020-13860 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13859 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13858 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) NOT-FOR-US: Mofi Network devices CVE-2020-13857 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) NOT-FOR-US: Mofi Network devices CVE-2020-13856 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation.) NOT-FOR-US: Artica Pandora FMS CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.) NOT-FOR-US: Artica Pandora FMS CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...) NOT-FOR-US: MQTT protocol flaw CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...) {DLA-2585-1 DLA-2238-1} - pupnp (Fixed before initial upload to Debian after source package rename) - pupnp-1.8 (bug #962282) [bookworm] - pupnp-1.8 (Minor issue) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp NOTE: https://github.com/pupnp/pupnp/issues/177 NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...) NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile NOTE: the entire distro, which is not warranted for the impact) NOTE: GCC patches: NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...) NOT-FOR-US: LG mobile devices CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...) - dolibarr CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...) - phplist (bug #612288) CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...) NOT-FOR-US: i-doit CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...) NOT-FOR-US: i-doit CVE-2020-13824 RESERVED CVE-2020-13823 RESERVED CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...) - node-elliptic 6.5.3~dfsg-1 (bug #963149) [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1 NOTE: https://github.com/indutny/elliptic/issues/226 CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...) NOT-FOR-US: HiveMQ Broker Control Center CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...) NOT-FOR-US: Extreme Management Center CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...) NOT-FOR-US: Extreme EAC Appliance CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when is use ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...) - ntp 1:4.2.8p14+dfsg-1 (low) [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) [jessie] - ntp (Too intrusive to backport, requires new configuration) - ntpsec (Doesn't affect ntpsec per upstream, #964395) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596 NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14) NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14) CVE-2020-13816 REJECTED CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) NOT-FOR-US: Foxit Reader CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...) - rebar3 (Fixed before initial upload to Debian) NOTE: https://github.com/erlang/rebar3/pull/2302 NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2 CVE-2020-13801 RESERVED CVE-2020-13799 (Western Digital has identified a security vulnerability in the Replay ...) NOT-FOR-US: Western Digital iNAND devices CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...) NOT-FOR-US: Navigate CMS CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...) NOT-FOR-US: Harbor CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...) NOT-FOR-US: Ivanti CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...) NOT-FOR-US: PlayTube CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20835 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20834 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows s ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20833 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mish ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20832 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homo ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20831 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) NOT-FOR-US: Foxit Reader CVE-2019-20830 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20829 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20828 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20827 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) NOT-FOR-US: Foxit Reader CVE-2019-20826 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) NOT-FOR-US: Foxit Reader CVE-2019-20825 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20824 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20823 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a bu ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20822 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) NOT-FOR-US: Foxit Reader CVE-2019-20821 (An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a N ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20820 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20819 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20818 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20817 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20816 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20815 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows s ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20814 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows m ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20813 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21244 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows ar ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21243 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21242 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Re ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21241 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an un ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21240 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...) NOT-FOR-US: Foxit Reader CVE-2018-21239 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...) NOT-FOR-US: Foxit Reader CVE-2018-21238 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows me ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21237 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NT ...) NOT-FOR-US: Foxit PhantomPDF CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a NULL po ...) NOT-FOR-US: Foxit Reader CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...) NOT-FOR-US: Foxit E-mail advertising system CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962124) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3 CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962123) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455 CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...) {DLA-2302-1} - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 [jessie] - libjpeg-turbo (No other package in Debian jessie uses the TurboJPEG API or the TurboJPEG CLI tools) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) CVE-2020-13789 RESERVED CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...) NOT-FOR-US: Harbor CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...) NOT-FOR-US: D-Link CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.) NOT-FOR-US: D-Link CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...) NOT-FOR-US: D-Link CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...) NOT-FOR-US: D-Link CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...) NOT-FOR-US: D-Link CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.) NOT-FOR-US: D-Link CVE-2020-13781 RESERVED CVE-2020-13780 RESERVED CVE-2020-13779 RESERVED CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...) NOT-FOR-US: rConfig CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...) {DSA-4697-1} - gnutls28 3.6.14-1 (bug #962289) [stretch] - gnutls28 (Vulnerable code introduced in 3.6.4) [jessie] - gnutls28 (Vulnerable code introduced in 3.6.4) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...) - systemd 246-2 (unimportant) [buster] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/issues/15985 NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1) NOTE: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 (v246-rc1) NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082. CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...) - znc 1.8.1-1 (bug #962105) [buster] - znc (Vulnerable code introduced later) [stretch] - znc (Vulnerable code introduced later) [jessie] - znc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1) NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0) CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...) NOT-FOR-US: Ivanti CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...) NOT-FOR-US: Ivanti CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...) NOT-FOR-US: Ivanti CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...) NOT-FOR-US: Ivanti CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...) NOT-FOR-US: Ivanti CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...) NOT-FOR-US: Ivanti CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...) NOT-FOR-US: MiniShare CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...) NOT-FOR-US: Mitel CVE-2020-13766 RESERVED CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:4.2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 NOTE: https://bugs.launchpad.net/qemu/+bug/1844635 CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can ...) NOT-FOR-US: Gravity Forms plugin for WordPress CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...) NOT-FOR-US: Joomla! CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...) NOT-FOR-US: Joomla! CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag ...) NOT-FOR-US: Joomla! CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...) NOT-FOR-US: Joomla! CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The prb_calc ...) - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...) {DSA-4698-1 DLA-2242-1} - linux 4.19.37-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux ...) {DLA-2323-1} - linux 5.6.7-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983 CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...) NOT-FOR-US: rust-vmm CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...) - python-rsa 4.7.2-1 (bug #962142) [bullseye] - python-rsa (Minor issue) [buster] - python-rsa (Minor issue) [stretch] - python-rsa (Minor issue) [jessie] - python-rsa (Minor issue) NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146 NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1) CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...) NOT-FOR-US: Sabberworm PHP CSS Parser CVE-2020-13755 RESERVED CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-13752 REJECTED CVE-2020-13751 REJECTED CVE-2020-13750 REJECTED CVE-2020-13749 REJECTED CVE-2020-13748 REJECTED CVE-2020-13747 REJECTED CVE-2020-13746 REJECTED CVE-2020-13745 REJECTED CVE-2020-13744 REJECTED CVE-2020-13743 REJECTED CVE-2020-13742 REJECTED CVE-2020-13741 REJECTED CVE-2020-13740 REJECTED CVE-2020-13739 REJECTED CVE-2020-13738 REJECTED CVE-2020-13737 REJECTED CVE-2020-13736 REJECTED CVE-2020-13735 REJECTED CVE-2020-13734 REJECTED CVE-2020-13733 REJECTED CVE-2020-13732 REJECTED CVE-2020-13731 REJECTED CVE-2020-13730 REJECTED CVE-2020-13729 REJECTED CVE-2020-13728 REJECTED CVE-2020-13727 REJECTED CVE-2020-13726 REJECTED CVE-2020-13725 REJECTED CVE-2020-13724 REJECTED CVE-2020-13723 REJECTED CVE-2020-13722 REJECTED CVE-2020-13721 REJECTED CVE-2020-13720 REJECTED CVE-2020-13719 REJECTED CVE-2020-13718 REJECTED CVE-2020-13717 REJECTED CVE-2020-13716 REJECTED CVE-2020-13715 REJECTED CVE-2020-13714 REJECTED CVE-2020-13713 REJECTED CVE-2020-13712 RESERVED CVE-2020-13711 RESERVED CVE-2020-13710 RESERVED CVE-2020-13709 RESERVED CVE-2020-13708 RESERVED CVE-2020-13707 RESERVED CVE-2020-13706 RESERVED CVE-2020-13705 RESERVED CVE-2020-13704 RESERVED CVE-2020-13703 RESERVED CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...) NOT-FOR-US: Compound Finance Compound Price Oracle CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...) NOT-FOR-US: Apple/Google Exposure Notification API CVE-2020-13701 RESERVED CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...) NOT-FOR-US: acf-to-rest-api plugin for WordPress CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...) NOT-FOR-US: TeamViewer Desktop CVE-2020-13698 RESERVED CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...) NOT-FOR-US: NanoHTTPD Java CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...) {DLA-2246-1} - xawtv 3.107-1 (bug #962221) [stretch] - xawtv (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 NOTE: But those sill allow to test for arbitrary files and would need: NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1 CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) NOT-FOR-US: bbPress plugin for WordPress CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.) - libpgjava 42.2.12-2 (low; bug #962828) [buster] - libpgjava 42.2.5-2+deb10u1 [stretch] - libpgjava (Minor issue) [jessie] - libpgjava (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 CVE-2020-13691 RESERVED CVE-2020-13690 RESERVED CVE-2020-13689 RESERVED CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2020-009 CVE-2020-13687 RESERVED CVE-2020-13686 RESERVED CVE-2020-13685 RESERVED CVE-2020-13684 RESERVED CVE-2020-13683 RESERVED CVE-2020-13682 RESERVED CVE-2020-13681 RESERVED CVE-2020-13680 RESERVED CVE-2020-13679 RESERVED CVE-2020-13678 RESERVED CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...) NOT-FOR-US: Drupal 8.x CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some ...) NOT-FOR-US: Drupal 8.x CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...) NOT-FOR-US: Drupal 8.x CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...) NOT-FOR-US: Drupal 8.x CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities ...) NOT-FOR-US: Drupal Entity Embed module CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...) {DLA-2458-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-012 NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84 CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...) NOT-FOR-US: Drupal 8.x CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...) NOT-FOR-US: Drupal 8.x CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...) NOT-FOR-US: Drupal 8.x CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...) NOT-FOR-US: Drupal 8.x CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...) {DLA-2458-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-007 NOTE: https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-006 CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-005 CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does ...) {DSA-4706-1 DLA-2263-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-004 NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to execute ar ...) NOT-FOR-US: Telerik CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82 CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...) NOT-FOR-US: Lansweeper CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...) NOT-FOR-US: Avast CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...) NOT-FOR-US: Hobbes CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...) - collabtive CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...) NOT-FOR-US: XWiki CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...) NOT-FOR-US: Zimbra CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 ...) NOT-FOR-US: DigDash CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) - iotjs 1.0+715-1 [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788 CVE-2020-13648 RESERVED CVE-2020-13647 RESERVED CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...) NOT-FOR-US: cheetah free wifi CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...) - glib-networking 2.64.3-2 (bug #961756) [buster] - glib-networking 2.58.0-2+deb10u1 [stretch] - glib-networking 2.50.0-1+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility NOTE: update as well for balsa (cf. https://bugs.debian.org/961792) CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...) - qemu 1:4.2-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0) CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...) {DLA-2876-1} - vim 2:8.1.2136-1 [buster] - vim 2:8.1.0875-5+deb10u1 [jessie] - vim (Minor issue) NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...) NOT-FOR-US: Accordion plugin for WordPress CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...) NOT-FOR-US: Real-Time Find and Replace plugin for WordPress CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress CVE-2020-13639 (A stored XSS vulnerability was discovered in the ECT Provider in OutSy ...) NOT-FOR-US: OutSystems Platform CVE-2020-13638 (lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authenti ...) NOT-FOR-US: rConfig CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...) NOT-FOR-US: stashcat app CVE-2020-13636 RESERVED CVE-2020-13635 RESERVED CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...) NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title.) NOT-FOR-US: Fork CMS CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...) {DLA-2340-1} - sqlite3 3.32.0-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Vulnerable code not present) - sqlite (FTS (full-text search) modules not present in v2) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/a4dd148928ea65bd NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) - sqlite3 3.32.0-1 [buster] - sqlite3 (Minor issue, too intrusive to backport) [stretch] - sqlite3 (Minor issue, too intrusive to backport) [jessie] - sqlite3 (Minor issue, too intrusive to backport) - sqlite (ALTER TABLE not available in v2) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...) {DLA-2340-1} - sqlite3 3.32.0-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Vulnerable code not found) - sqlite (FTS (full-text search) modules not present in v2) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/0d69f76f0865f962 NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 CVE-2020-13629 RESERVED CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...) NOT-FOR-US: OnePlus App Locker CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) {DLA-2306-1 DLA-2244-1} - libphp-phpmailer 6.1.6-1 (bug #962827) [buster] - libphp-phpmailer (Minor issue) NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3 CVE-2020-13624 RESERVED CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3785 CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3787 NOTE: https://github.com/jerryscript-project/jerryscript/pull/3797 CVE-2020-13621 RESERVED CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...) NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...) NOT-FOR-US: Locutus PHP CVE-2020-13618 RESERVED CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...) NOT-FOR-US: Mitel CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) NOT-FOR-US: pichi CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) NOT-FOR-US: Qore CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) - axel 2.17.8-1 [buster] - axel (Minor issue) [stretch] - axel (Minor issue) [jessie] - axel (SSL/TLS implemented from v2.10. But without ssl support is a major drawback) NOTE: https://github.com/axel-download-accelerator/axel/issues/262 CVE-2020-13613 RESERVED CVE-2020-13612 REJECTED CVE-2020-13611 REJECTED CVE-2020-13610 REJECTED CVE-2020-13609 REJECTED CVE-2020-13608 REJECTED CVE-2020-13607 REJECTED CVE-2020-13606 REJECTED CVE-2020-13605 REJECTED CVE-2020-13604 REJECTED CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions >= 1. ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions >= 1.14.2 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) NOT-FOR-US: Calico CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch) NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch) NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch) CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) NOT-FOR-US: Espressif CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be tricked ...) {DSA-4693-1 DLA-2250-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072 CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lists/cho ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13590 (Multiple exploitable SQL injection vulnerabilities exist in the 'entit ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the \u2018entitie ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the \u2018entitie ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...) NOT-FOR-US: SoftMaker CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...) NOT-FOR-US: AccuSoft CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server functional ...) NOT-FOR-US: Micrium CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...) NOT-FOR-US: Micrium CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...) NOT-FOR-US: SoftMaker CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: SoftMaker CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...) NOT-FOR-US: SoftMaker CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) {DLA-3745-1} - gsoap 2.8.104-3 (bug #983596) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) {DLA-3745-1} - gsoap 2.8.104-3 (bug #983596) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...) {DLA-3745-1} - gsoap 2.8.104-3 (bug #983596) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...) {DLA-3745-1} - gsoap 2.8.104-3 (bug #983596) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) {DLA-3745-1} - gsoap 2.8.104-3 (bug #983596) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: Rockwell Automation RSLinx Classic CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser decodes ...) NOT-FOR-US: Accusoft CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE decompressi ...) NOT-FOR-US: Accusoft CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...) NOT-FOR-US: OpenEMR CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...) NOT-FOR-US: phpGACL CVE-2020-13567 (Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A speci ...) NOT-FOR-US: phpGACL CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...) NOT-FOR-US: phpGACL CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...) NOT-FOR-US: OpenEMR CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13563 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13562 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser of Accu ...) NOT-FOR-US: Accusoft CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...) NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...) {DSA-4854-1} - webkit2gtk 2.30.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.5-1 NOTE: https://webkitgtk.org/security/WSA-2021-0001.html CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Sytech XL Reporter CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...) NOT-FOR-US: SoftMaker CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...) NOT-FOR-US: SoftMaker CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...) NOT-FOR-US: SoftMaker CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0009.html CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...) NOT-FOR-US: LogicalDoc CVE-2020-13541 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Mobile-911 Server CVE-2020-13540 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Win-911 Enterprise CVE-2020-13539 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Win-911 Enterprise CVE-2020-13538 RESERVED CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Moxa CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Microsoft CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...) NOT-FOR-US: Kepware LinkMaster CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. C ...) NOT-FOR-US: Dream Report CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) NOT-FOR-US: Dream Report CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) NOT-FOR-US: Dream Report CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in Systemd 245. ...) - systemd 249.4-2 (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 NOTE: https://github.com/systemd/systemd/issues/16774 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397 NOTE: Fixed by: https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5 (v249-rc2) NOTE: Generic DHCP protocol issue, negligible security impact CVE-2020-13528 (An information disclosure vulnerability exists in the Web Manager and ...) NOT-FOR-US: Lantronix CVE-2020-13527 (An authentication bypass vulnerability exists in the Web Manager funct ...) NOT-FOR-US: Lantronix CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...) NOT-FOR-US: ProcessMaker CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...) NOT-FOR-US: ProcessMaker CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...) NOT-FOR-US: SoftPerfect CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...) NOT-FOR-US: SoftPerfect CVE-2020-13521 REJECTED CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13509 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13508 REJECTED CVE-2020-13507 REJECTED CVE-2020-13506 REJECTED CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...) NOT-FOR-US: ednareporting.asmx CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...) NOT-FOR-US: ednareporting.asmx CVE-2020-13503 REJECTED CVE-2020-13502 REJECTED CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) NOT-FOR-US: CHaD.asmx CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...) NOT-FOR-US: CHaD.asmx CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) NOT-FOR-US: CHaD.asmx CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13495 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13492 RESERVED CVE-2020-13491 RESERVED CVE-2020-13490 RESERVED CVE-2020-13489 RESERVED CVE-2020-13488 RESERVED CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...) NOT-FOR-US: WordPress plugin CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...) NOT-FOR-US: Bitrix24 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...) NOT-FOR-US: EM-HTTP-Request CVE-2020-13481 RESERVED CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...) NOT-FOR-US: Verint Workforce Optimization (WFO) CVE-2020-13479 RESERVED CVE-2020-13478 RESERVED CVE-2020-13477 RESERVED CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the ...) NOT-FOR-US: NCH Express Invoice CVE-2020-13475 RESERVED CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated low-privile ...) NOT-FOR-US: NCH Express Accounts CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to discover t ...) NOT-FOR-US: NCH Express Accounts CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...) NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...) NOT-FOR-US: Gigadevice GD32VF103 devices CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...) NOT-FOR-US: Gigadevice GD32F130 devices CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integrated ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...) NOT-FOR-US: STMicroelectronics STM32F103 devices CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integrated ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13462 (Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, ...) NOT-FOR-US: Tufin CVE-2020-13461 (Username enumeration in present in Tufin SecureTrack. It's affecting a ...) NOT-FOR-US: Tufin CVE-2020-13460 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were presen ...) NOT-FOR-US: Tufin CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13457 RESERVED CVE-2020-13456 RESERVED CVE-2020-13455 RESERVED CVE-2020-13454 RESERVED CVE-2020-13453 RESERVED CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...) NOT-FOR-US: Gotenberg CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of ...) NOT-FOR-US: Gotenberg CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...) NOT-FOR-US: Gotenberg CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...) NOT-FOR-US: Gotenberg CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) NOT-FOR-US: QuickBox CVE-2020-13447 RESERVED CVE-2020-13446 RESERVED CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...) NOT-FOR-US: Liferay CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...) NOT-FOR-US: Liferay CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...) NOT-FOR-US: ExpressionEngine CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...) NOT-FOR-US: DEXT5 CVE-2020-13441 RESERVED CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.) NOT-FOR-US: ffjpeg CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...) NOT-FOR-US: ffjpeg CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...) NOT-FOR-US: ffjpeg CVE-2020-13437 RESERVED CVE-2020-13436 RESERVED CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...) - sqlite3 3.32.1-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) - sqlite (Vulnerable code introduced later, window functions not present in v2) NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1 NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1 NOTE: https://www.sqlite.org/src/info/572105de1d44bca4 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...) {DLA-2340-1 DLA-2221-1} - sqlite3 3.32.1-1 [buster] - sqlite3 3.27.2-3+deb10u1 - sqlite [buster] - sqlite (Vulnerable code introduced later) NOTE: https://www.sqlite.org/src/info/23439ea582241138 NOTE: https://www.sqlite.org/src/info/d08d3405878d394e NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 NOTE: floating point precision limit safeguards are present in sqlite (V2), refactoring in V3 made it vulnerable. CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...) NOT-FOR-US: Jason2605 AdminPanel CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...) - i2p (Windows-specific) CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.) - grafana NOTE: https://github.com/grafana/grafana/pull/24539 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) NOT-FOR-US: piechart-panel plugin for Grafana CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...) {DSA-4704-1} - vlc 3.0.11-1 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...) NOT-FOR-US: Victor CMS CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...) NOT-FOR-US: Multi-Scheduler plugin for WordPress CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...) NOT-FOR-US: TrackR CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...) NOT-FOR-US: Joomla addon CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...) NOT-FOR-US: Form Builder for Magento CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...) NOT-FOR-US: OpenIAM CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...) NOT-FOR-US: OpenIAM CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: OpenIAM CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.) NOT-FOR-US: OpenIAM CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.) NOT-FOR-US: OpenIAM CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...) NOT-FOR-US: Aviatrix CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...) NOT-FOR-US: Aviatrix CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...) NOT-FOR-US: Aviatrix CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...) NOT-FOR-US: Aviatrix CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...) NOT-FOR-US: Aviatrix CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...) NOT-FOR-US: Aviatrix CVE-2020-13411 RESERVED CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...) NOT-FOR-US: MoscaJS Aedes CVE-2020-13409 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) NOT-FOR-US: Tufin CVE-2020-13408 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) NOT-FOR-US: Tufin CVE-2020-13407 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) NOT-FOR-US: Tufin CVE-2020-13406 RESERVED CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...) NOT-FOR-US: Microweber CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...) NOT-FOR-US: Atos-Magento CVE-2020-13403 RESERVED CVE-2020-13402 RESERVED CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker ...) {DSA-4716-1} - docker.io 19.03.11+dfsg1-1 (bug #962141) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233 NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6 CVE-2020-13400 RESERVED CVE-2020-13399 RESERVED CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc CVE-2020-13395 RESERVED CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) NOT-FOR-US: jw.util CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...) NOT-FOR-US: Pexip Infinity CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...) NOT-FOR-US: SmartDraw CVE-2020-13385 RESERVED CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...) NOT-FOR-US: Monstra CMS CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal.) NOT-FOR-US: openSIS CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control.) NOT-FOR-US: openSIS CVE-2020-13381 (openSIS through 7.4 allows SQL Injection.) NOT-FOR-US: openSIS CVE-2020-13380 (openSIS before 7.4 allows SQL Injection.) NOT-FOR-US: openSIS CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...) - grafana NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4 NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/ CVE-2020-13378 (Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Inj ...) NOT-FOR-US: Loadbalancer.org Enterprise VA MAX CVE-2020-13377 (The web-services interface of Loadbalancer.org Enterprise VA MAX throu ...) NOT-FOR-US: Loadbalancer.org Enterprise VA MAX CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...) NOT-FOR-US: SecurEnvoy SecurMail CVE-2020-13375 RESERVED CVE-2020-13374 RESERVED CVE-2020-13373 RESERVED CVE-2020-13372 RESERVED CVE-2020-13371 RESERVED CVE-2020-13370 RESERVED CVE-2020-13369 RESERVED CVE-2020-13368 RESERVED CVE-2020-13367 RESERVED CVE-2020-13366 RESERVED CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...) NOT-FOR-US: Zyxel CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...) NOT-FOR-US: Zyxel CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961887) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961888) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) {DSA-4698-1 DLA-2242-1} - linux 5.2.6-1 [buster] - linux 4.19.118-1 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528 CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...) - upx-ucl 3.96-1 (unimportant) NOTE: https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010 NOTE: https://github.com/upx/upx/issues/317 CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...) NOT-FOR-US: Gila CMS CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...) NOT-FOR-US: Gila CMS CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...) - jodd (bug #961298) [buster] - jodd (Minor issue; upstream fix needs changes in rdeps and none present in Buster) NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 NOTE: https://github.com/oblac/jodd/issues/628 CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...) NOT-FOR-US: Digi XBee 2 devices CVE-2020-13360 REJECTED CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object storage si ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, > ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13355 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13354 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13353 (When importing repos via URL, one time use git credentials were persis ...) - gitaly 13.3.9-1 CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 10.2 and a ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in GitLab CE/ ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab CE/EE all ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...) - gitlab-ci-multi-runner (Only affects gitlab-runner when configured on Windows) CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...) - gitlab 13.2.10-1 CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 13.2.10-1 CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.2.10-1 CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 13.2.10-1 CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.10-1 CVE-2020-13341 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.2.10-1 CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 13.2.10-1 CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273 CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 12.10 t ...) - gitlab (Only affected 12.10 to 12.10.12) NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049 CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...) - gitlab (Only affected 11.x/12.x while unstable on 13.x) CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...) - gitlab 13.2.10-1 CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...) - gitlab 13.2.10-1 CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...) - gitlab 13.2.10-1 CVE-2020-13332 REJECTED CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...) - gitlab 13.2.3-2 CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.3-2 CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...) - gitlab-ci-multi-runner 14.10.1-1 (bug #985377) CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) - gitlab 13.2.3-2 CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...) - gitlab 13.2.3-2 CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) - gitlab 13.2.3-2 CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...) - gitlab 13.2.3-2 CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...) - gitlab 13.2.3-2 CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...) - gitlab 13.2.3-2 CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...) - gitlab 13.2.3-2 CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.3-2 CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13317 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13315 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13314 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13313 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13312 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13311 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before 13.1.3 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13300 (GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth a ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13296 (An issue has been discovered in GitLab affecting versions >=10.7 <13.0 ...) - gitlab 13.2.6-1 CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...) - gitlab-ci-multi-runner (bug #985377) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...) - gitlab (Only affects GitLab 13.2 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...) - gitlab (Only affects GitLab 13.0 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...) - gitlab (Only affects GitLab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13282 (For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occur ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13281 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists i ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13280 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exi ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...) NOT-FOR-US: gitlab-vscode-extension CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...) NOT-FOR-US: RosarioSIS Student Information System CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/ CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) - gitlab (Only affects GitLab EE/CE 12.2 and later) CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) - gitlab (Only affects GitLab 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) - gitlab (Only affects GitLab 12.3 and later) CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) - gitlab (Only affects GitLab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) - gitlab (Specific to EE) CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) - gitlab (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) NOT-FOR-US: Contentful CVE-2020-13257 RESERVED CVE-2020-13256 RESERVED CVE-2020-13255 RESERVED CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch) NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch) NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch) NOTE: Regression https://code.djangoproject.com/ticket/31654 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...) {DLA-3099-1 DLA-2373-1} - qemu 1:5.0-8 (bug #961297) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1) CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-13251 RESERVED CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8023 CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) - mariadb-10.3 1:10.3.23-1 [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) - gitea CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...) NOT-FOR-US: Netgear CVE-2020-13244 RESERVED CVE-2020-13243 RESERVED CVE-2020-13242 RESERVED CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) NOT-FOR-US: Microweber CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) - dolibarr CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) - dolibarr CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...) NOT-FOR-US: Mitsubishi CVE-2020-13237 RESERVED CVE-2020-13236 RESERVED CVE-2020-13235 RESERVED CVE-2020-13234 RESERVED CVE-2020-13233 RESERVED CVE-2020-13232 RESERVED CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...) - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (auth_profile.php / user self-management introduced in v1.0) NOTE: https://github.com/Cacti/cacti/issues/3342 CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...) {DLA-2965-1} - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 NOTE: https://github.com/Cacti/cacti/issues/3343 CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3025 CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...) NOT-FOR-US: TP-Link CVE-2020-13223 (HashiCorp Vault and Vault Enterprise logged proxy environment variable ...) NOT-FOR-US: HashiCorp Vault CVE-2020-13222 REJECTED CVE-2020-13221 REJECTED CVE-2020-13220 REJECTED CVE-2020-13219 REJECTED CVE-2020-13218 REJECTED CVE-2020-13217 REJECTED CVE-2020-13216 REJECTED CVE-2020-13215 REJECTED CVE-2020-13214 REJECTED CVE-2020-13213 REJECTED CVE-2020-13212 REJECTED CVE-2020-13211 REJECTED CVE-2020-13210 REJECTED CVE-2020-13209 REJECTED CVE-2020-13208 REJECTED CVE-2020-13207 REJECTED CVE-2020-13206 REJECTED CVE-2020-13205 REJECTED CVE-2020-13204 REJECTED CVE-2020-13203 REJECTED CVE-2020-13202 REJECTED CVE-2020-13201 REJECTED CVE-2020-13200 REJECTED CVE-2020-13199 REJECTED CVE-2020-13198 REJECTED CVE-2020-13197 REJECTED CVE-2020-13196 REJECTED CVE-2020-13195 REJECTED CVE-2020-13194 REJECTED CVE-2020-13193 REJECTED CVE-2020-13192 REJECTED CVE-2020-13191 REJECTED CVE-2020-13190 REJECTED CVE-2020-13189 REJECTED CVE-2020-13188 REJECTED CVE-2020-13187 REJECTED CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...) NOT-FOR-US: Teradici CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...) NOT-FOR-US: Teradici CVE-2020-13184 RESERVED CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) NOT-FOR-US: Teradici CVE-2020-13182 RESERVED CVE-2020-13181 RESERVED CVE-2020-13180 RESERVED CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...) NOT-FOR-US: Teradici CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...) NOT-FOR-US: Teradici CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...) NOT-FOR-US: Teradici CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...) NOT-FOR-US: Teradici CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...) NOT-FOR-US: Teradici CVE-2020-13172 RESERVED CVE-2020-13171 RESERVED CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8068 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) NOT-FOR-US: SolarWinds CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...) NOT-FOR-US: SysAid CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) NOT-FOR-US: Netsweeper CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) NOT-FOR-US: MyLittleAdmin CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) {DLA-2547-1} - wireshark 3.2.4-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Can be fixed along with other CVEs) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) NOT-FOR-US: em-imap CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...) NOT-FOR-US: Pulse Secure Client CVE-2020-13161 RESERVED CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) NOT-FOR-US: AnyDesk CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...) NOT-FOR-US: Artica Proxy CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...) NOT-FOR-US: Artica Proxy CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...) NOT-FOR-US: NukeViet CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a ...) NOT-FOR-US: NukeViet CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...) NOT-FOR-US: NukeViet CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...) NOT-FOR-US: Zoho CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) NOT-FOR-US: MISP CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) - amarok (unimportant) NOTE: Elevated resource usage in client application, no security impact CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...) NOT-FOR-US: Aerospike CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...) NOT-FOR-US: D-Link CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) NOT-FOR-US: Dragon Center CVE-2020-13148 RESERVED CVE-2020-13147 RESERVED CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13142 RESERVED CVE-2020-13141 RESERVED CVE-2020-13140 RESERVED CVE-2020-13139 RESERVED CVE-2020-13138 RESERVED CVE-2020-13137 RESERVED CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...) NOT-FOR-US: D-Link CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...) NOT-FOR-US: D-Link CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) NOT-FOR-US: Tufin SecureChange CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) NOT-FOR-US: Tufin SecureChange CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...) - yubico-piv-tool 2.1.1-1 (bug #972644) [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/ NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...) - yubico-piv-tool 2.1.1-1 (bug #975612) [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f CVE-2020-13130 RESERVED CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...) NOT-FOR-US: stashcat app for MacOS CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) NOT-FOR-US: Manolo GWTUpload CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) NOT-FOR-US: Readdle Documents CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) NOT-FOR-US: Readdle Documents CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...) - cherokee CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be ...) - cherokee CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...) - cherokee CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...) - prboom-plus 2:2.5.1.7um+git82-1 (bug #961031) [buster] - prboom-plus (Minor issue) [stretch] - prboom-plus (Minor issue) [jessie] - prboom-plus (games are not supported) NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/ NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/ CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...) - sabnzbdplus 3.1.1+dfsg-1 [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1 [stretch] - sabnzbdplus (contrib not supported) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429 NOTE: https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3 CVE-2020-13123 RESERVED CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) NOT-FOR-US: Noviflow CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 RESERVED CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking.) NOT-FOR-US: ismartgate PRO CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) NOT-FOR-US: Mikrotik-Router-Monitoring-System CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...) NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...) NOT-FOR-US: OpenText Carbonite Server Backup Portal CVE-2020-13115 RESERVED CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961410) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961409) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961407) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) NOT-FOR-US: NaviServer CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) NOT-FOR-US: Node kerberos CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...) NOT-FOR-US: Morita Shogi CVE-2020-13108 RESERVED CVE-2020-13107 RESERVED CVE-2020-13106 RESERVED CVE-2020-13105 RESERVED CVE-2020-13104 RESERVED CVE-2020-13103 RESERVED CVE-2020-13102 RESERVED CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...) NOT-FOR-US: OASIS Digital Signature Services (DSS) CVE-2020-13100 (Arista\u2019s CloudVision eXchange (CVX) server before 4.21.12M, 4.22. ...) NOT-FOR-US: Arista CVE-2020-13099 RESERVED CVE-2020-13098 RESERVED CVE-2020-13097 RESERVED CVE-2020-13096 RESERVED CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...) NOT-FOR-US: Little Snitch CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS.) - dolibarr CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute ...) - scikit-learn (unimportant) CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...) - pandas (unimportant) CVE-2020-13090 RESERVED CVE-2020-13089 REJECTED CVE-2020-13088 REJECTED CVE-2020-13087 REJECTED CVE-2020-13086 REJECTED CVE-2020-13085 REJECTED CVE-2020-13084 REJECTED CVE-2020-13083 REJECTED CVE-2020-13082 REJECTED CVE-2020-13081 REJECTED CVE-2020-13080 REJECTED CVE-2020-13079 REJECTED CVE-2020-13078 REJECTED CVE-2020-13077 REJECTED CVE-2020-13076 REJECTED CVE-2020-13075 REJECTED CVE-2020-13074 REJECTED CVE-2020-13073 REJECTED CVE-2020-13072 REJECTED CVE-2020-13071 REJECTED CVE-2020-13070 REJECTED CVE-2020-13069 REJECTED CVE-2020-13068 REJECTED CVE-2020-13067 REJECTED CVE-2020-13066 REJECTED CVE-2020-13065 REJECTED CVE-2020-13064 REJECTED CVE-2020-13063 REJECTED CVE-2020-13062 REJECTED CVE-2020-13061 REJECTED CVE-2020-13060 REJECTED CVE-2020-13059 REJECTED CVE-2020-13058 REJECTED CVE-2020-13057 REJECTED CVE-2020-13056 REJECTED CVE-2020-13055 REJECTED CVE-2020-13054 REJECTED CVE-2020-13053 REJECTED CVE-2020-13052 REJECTED CVE-2020-13051 REJECTED CVE-2020-13050 REJECTED CVE-2020-13049 REJECTED CVE-2020-13048 REJECTED CVE-2020-13047 REJECTED CVE-2020-13046 REJECTED CVE-2020-13045 REJECTED CVE-2020-13044 REJECTED CVE-2020-13043 REJECTED CVE-2020-13042 REJECTED CVE-2020-13041 REJECTED CVE-2020-13040 REJECTED CVE-2020-13039 REJECTED CVE-2020-13038 REJECTED CVE-2020-13037 REJECTED CVE-2020-13036 REJECTED CVE-2020-13035 REJECTED CVE-2020-13034 REJECTED CVE-2020-13033 REJECTED CVE-2020-13032 REJECTED CVE-2020-13031 REJECTED CVE-2020-13030 REJECTED CVE-2020-13029 REJECTED CVE-2020-13028 REJECTED CVE-2020-13027 REJECTED CVE-2020-13026 REJECTED CVE-2020-13025 REJECTED CVE-2020-13024 REJECTED CVE-2020-13023 REJECTED CVE-2020-13022 REJECTED CVE-2020-13021 REJECTED CVE-2020-13020 REJECTED CVE-2020-13019 REJECTED CVE-2020-13018 REJECTED CVE-2020-13017 REJECTED CVE-2020-13016 REJECTED CVE-2020-13015 REJECTED CVE-2020-13014 REJECTED CVE-2020-13013 REJECTED CVE-2020-13012 REJECTED CVE-2020-13011 REJECTED CVE-2020-13010 REJECTED CVE-2020-13009 REJECTED CVE-2020-13008 REJECTED CVE-2020-13007 REJECTED CVE-2020-13006 REJECTED CVE-2020-13005 REJECTED CVE-2020-13004 REJECTED CVE-2020-13003 REJECTED CVE-2020-13002 REJECTED CVE-2020-13001 REJECTED CVE-2020-13000 REJECTED CVE-2020-12999 REJECTED CVE-2020-12998 REJECTED CVE-2020-12997 REJECTED CVE-2020-12996 REJECTED CVE-2020-12995 REJECTED CVE-2020-12994 REJECTED CVE-2020-12993 REJECTED CVE-2020-12992 REJECTED CVE-2020-12991 REJECTED CVE-2020-12990 REJECTED CVE-2020-12989 REJECTED CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...) NOT-FOR-US: AMD CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...) NOT-FOR-US: AMD CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) NOT-FOR-US: AMD CVE-2020-12985 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) NOT-FOR-US: AMD CVE-2020-12984 REJECTED CVE-2020-12983 (An out of bounds write vulnerability in the AMD Graphics Driver for Wi ...) NOT-FOR-US: AMD CVE-2020-12982 (An invalid object pointer free vulnerability in the AMD Graphics Drive ...) NOT-FOR-US: AMD CVE-2020-12981 (An insufficient input validation in the AMD Graphics Driver for Window ...) NOT-FOR-US: AMD CVE-2020-12980 (An out of bounds write and read vulnerability in the AMD Graphics Driv ...) NOT-FOR-US: AMD CVE-2020-12979 REJECTED CVE-2020-12978 REJECTED CVE-2020-12977 REJECTED CVE-2020-12976 REJECTED CVE-2020-12975 REJECTED CVE-2020-12974 REJECTED CVE-2020-12973 REJECTED CVE-2020-12972 REJECTED CVE-2020-12971 REJECTED CVE-2020-12970 REJECTED CVE-2020-12969 REJECTED CVE-2020-12968 REJECTED CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...) NOT-FOR-US: AMD CVE-2020-12966 (AMD EPYC\u2122 Processors contain an information disclosure vulnerabil ...) NOT-FOR-US: AMD CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...) NOT-FOR-US: AMD CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...) NOT-FOR-US: Intel / AMD CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) NOT-FOR-US: Intel / AMD CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...) NOT-FOR-US: AMD CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...) NOT-FOR-US: AMD CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...) NOT-FOR-US: AMD CVE-2020-12959 REJECTED CVE-2020-12958 REJECTED CVE-2020-12957 REJECTED CVE-2020-12956 REJECTED CVE-2020-12955 REJECTED CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...) NOT-FOR-US: AMD CVE-2020-12953 REJECTED CVE-2020-12952 REJECTED CVE-2020-12951 (Race condition in ASP firmware could allow less privileged x86 code to ...) NOT-FOR-US: AMD CVE-2020-12950 REJECTED CVE-2020-12949 REJECTED CVE-2020-12948 REJECTED CVE-2020-12947 REJECTED CVE-2020-12946 (Insufficient input validation in ASP firmware for discrete TPM command ...) NOT-FOR-US: AMD CVE-2020-12945 REJECTED CVE-2020-12944 (Insufficient validation of BIOS image length by ASP Firmware could lea ...) NOT-FOR-US: AMD CVE-2020-12943 REJECTED CVE-2020-12942 REJECTED CVE-2020-12941 REJECTED CVE-2020-12940 RESERVED CVE-2020-12939 REJECTED CVE-2020-12938 REJECTED CVE-2020-12937 REJECTED CVE-2020-12936 REJECTED CVE-2020-12935 REJECTED CVE-2020-12934 REJECTED CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...) NOT-FOR-US: AMD ATIKMDAG.SYS CVE-2020-12932 RESERVED CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP) kernel ...) NOT-FOR-US: AMD CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP) drivers may ...) NOT-FOR-US: AMD CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...) NOT-FOR-US: AMD CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...) NOT-FOR-US: AMD Ryzen Master CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver in AMD VB ...) NOT-FOR-US: AMD CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not properly ...) NOT-FOR-US: AMD CVE-2020-12925 REJECTED CVE-2020-12924 REJECTED CVE-2020-12923 REJECTED CVE-2020-12922 REJECTED CVE-2020-12921 REJECTED CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...) NOT-FOR-US: AMD CVE-2020-12919 REJECTED CVE-2020-12918 REJECTED CVE-2020-12917 REJECTED CVE-2020-12916 REJECTED CVE-2020-12915 REJECTED CVE-2020-12914 REJECTED CVE-2020-12913 REJECTED CVE-2020-12912 (A potential vulnerability in the AMD extension to Linux "hwmon" servic ...) - linux 5.9.9-1 (unimportant) [buster] - linux (Vulnerable driver introduced later) [stretch] - linux (Vulnerable driver introduced later) NOTE: https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402 NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481 NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...) NOT-FOR-US: AMD ATIKMDAG.SYS CVE-2020-12910 REJECTED CVE-2020-12909 REJECTED CVE-2020-12908 REJECTED CVE-2020-12907 REJECTED CVE-2020-12906 REJECTED CVE-2020-12905 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) NOT-FOR-US: Intel / AMD CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) NOT-FOR-US: Intel / AMD CVE-2020-12903 (Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in ...) NOT-FOR-US: Intel / AMD CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...) NOT-FOR-US: Intel / AMD CVE-2020-12901 (Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lea ...) NOT-FOR-US: Intel / AMD CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...) NOT-FOR-US: Intel / AMD CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...) NOT-FOR-US: Intel / AMD CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...) NOT-FOR-US: Intel / AMD CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...) NOT-FOR-US: Intel / AMD CVE-2020-12896 REJECTED CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...) NOT-FOR-US: Intel / AMD CVE-2020-12894 (Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x4001 ...) NOT-FOR-US: Intel / AMD CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape ...) NOT-FOR-US: Intel / AMD CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...) NOT-FOR-US: Intel / AMD CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...) NOT-FOR-US: AMD CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...) NOT-FOR-US: AMD CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) NOT-FOR-US: MISP CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) NOT-FOR-US: Submitty CVE-2020-12881 RESERVED CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-12879 RESERVED CVE-2020-12878 (Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate pr ...) NOT-FOR-US: Digi ConnectPort X2e CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) NOT-FOR-US: Veritas CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) NOT-FOR-US: Alfresco Enterprise Content Management (ECM) CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 [jessie] - erlang (Minor issue) NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 NOTE: https://github.com/erlyaws/yaws/issues/402 NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which NOTE: landed in Buster as fixed (although it was possibly fixed earlier between NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422 NOTE: for discussion. CVE-2020-12871 RESERVED CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS.) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12868 RESERVED CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...) {DLA-2332-1 DLA-2231-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30) CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30) CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30) CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30) CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) NOT-FOR-US: COVIDSafe CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) NOT-FOR-US: COVIDSafe CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) NOT-FOR-US: COVIDSafe CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) NOT-FOR-US: COVIDSafe CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) NOT-FOR-US: Pydio Cells CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...) NOT-FOR-US: Pydio Cells CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...) NOT-FOR-US: Pydio Cells CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...) NOT-FOR-US: Pydio Cells CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...) NOT-FOR-US: Pydio Cells CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...) NOT-FOR-US: Pydio Cells CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...) NOT-FOR-US: Pydio Cells CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...) NOT-FOR-US: Zimbra CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...) - cherokee CVE-2020-12844 RESERVED CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) NOT-FOR-US: ismartgate PRO CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: ismartgate PRO CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: ismartgate PRO CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) NOT-FOR-US: ismartgate PRO CVE-2020-12836 RESERVED CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...) NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) NOT-FOR-US: eQ-3 Homematic Central Control Unit CVE-2020-12833 RESERVED CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) NOT-FOR-US: simple-file-list plugin for WordPress CVE-2020-12831 (An issue was discovered in FRRouting FRR (aka Free Range Routing) thro ...) - frr (unimportant) NOTE: https://github.com/FRRouting/frr/pull/6383 NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that could al ...) NOT-FOR-US: Western Digital My Cloud devices CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...) {DSA-4760-1} - qemu 1:5.0-12 (low; bug #961451) [stretch] - qemu (SM501 only compiled for misc/sh4 where it's not enabled as a graphics device yet; intrusive) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) NOT-FOR-US: AnchorFree VPN SDK CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...) NOT-FOR-US: MJML CVE-2019-20796 RESERVED CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) {DLA-2241-1} - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...) - libcroco (low; bug #960527) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...) NOT-FOR-US: Pexip Infinity CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...) {DLA-2212-1} - openconnect 8.10-1 (unimportant; bug #960620) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108 NOTE: Only triggerable by local certs, which are under the control of the user CVE-2020-12822 RESERVED CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) NOT-FOR-US: Gossipsub CVE-2020-12820 RESERVED CVE-2020-12819 RESERVED CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...) NOT-FOR-US: FortiGuard CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...) NOT-FOR-US: FortiGuard CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...) NOT-FOR-US: FortiGuard CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...) NOT-FOR-US: FortiGuard CVE-2020-12814 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortiguard CVE-2020-12813 RESERVED CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...) NOT-FOR-US: Fortinet CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...) NOT-FOR-US: FortiGuard CVE-2020-12810 RESERVED CVE-2020-12809 RESERVED CVE-2020-12808 RESERVED CVE-2020-12807 RESERVED CVE-2020-12806 RESERVED CVE-2020-12805 RESERVED CVE-2020-12804 RESERVED CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...) {DLA-3703-1} - libreoffice 1:6.4.4-1 (low) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...) {DLA-3703-1} - libreoffice 1:6.4.4-1 (low) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) {DLA-3703-1} - libreoffice 1:6.4.3-1 (low) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...) NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress CVE-2020-12799 RESERVED CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) NOT-FOR-US: Cellebrite UFED CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8047 CVE-2020-12796 RESERVED CVE-2020-12795 RESERVED CVE-2020-12794 RESERVED CVE-2020-12793 RESERVED CVE-2020-12792 RESERVED CVE-2020-12791 RESERVED CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12786 RESERVED CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...) NOT-FOR-US: cPanel CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...) NOT-FOR-US: cPanel CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...) NOT-FOR-US: Openfind MailGates CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...) NOT-FOR-US: Combodo iTop CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...) NOT-FOR-US: Combodo iTop CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...) NOT-FOR-US: Combodo iTop CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...) NOT-FOR-US: Combodo iTop CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...) NOT-FOR-US: Combodo iTop CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...) NOT-FOR-US: Openfind Mail2000 CVE-2020-12775 (Hicos citizen certificate client-side component does not filter specia ...) NOT-FOR-US: Hicos Natural Person Credential CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) NOT-FOR-US: D-Link CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...) NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) {DSA-4687-1 DLA-2213-1} - exim4 4.93-16 NOTE: https://bugs.exim.org/show_bug.cgi?id=2571 NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) {DLA-2214-1} - libexif 0.6.21-7 (bug #960199) [buster] - libexif 0.6.21-5.1+deb10u2 [stretch] - libexif 0.6.21-2+deb9u2 NOTE: https://github.com/libexif/libexif/issues/31 NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...) - iproute2 5.2.0-1 [buster] - iproute2 (Minor issue) [stretch] - iproute2 (Vulnerable code introduced later) [jessie] - iproute2 (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0) NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0) CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 a ...) - fex 20160919-2 [buster] - fex 20160919-2~deb10u1 [stretch] - fex 20160919-2~deb9u1 NOTE: https://secfault-security.com/advisories/cve2020-15591.html CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) {DLA-2420-1 DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 NOTE: https://lkml.org/lkml/2020/4/26/87 NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2) CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) {DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) CVE-2020-12768 (An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit ...) {DSA-4699-1} - linux 5.6.7-1 (unimportant) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) NOT-FOR-US: Gnuteca CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&item= Dire ...) NOT-FOR-US: Solis Miolo CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.) NOT-FOR-US: Gnuteca CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) NOT-FOR-US: TRENDnet ProView CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) {DSA-4741-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1} - json-c 0.13.1+dfsg-8 (bug #960326) - libfastjson 1.2304.0-1 (bug #1035302) [bullseye] - libfastjson (Minor issue) NOTE: https://github.com/json-c/json-c/pull/592 NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426 NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45 NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67 NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157 NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6 NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as: NOTE: https://github.com/json-c/json-c/issues/599 NOTE: https://github.com/json-c/json-c/pull/610 NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608 NOTE: https://github.com/rsyslog/libfastjson/issues/161 CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...) - imlib2 1.6.1-2 (bug #960192) [buster] - imlib2 (Vulnerable code introduced later) [stretch] - imlib2 (Vulnerable code introduced later) [jessie] - imlib2 (Vulnerable code introduced later) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) - opennms (bug #450615) CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...) - zulip-server (bug #800052) CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/7783 CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured ...) NOT-FOR-US: HashiCorp Vault CVE-2020-12756 RESERVED CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...) - kio-extras 4:20.08.3-1 (low; bug #960306) [buster] - kio-extras (Minor issue) [stretch] - kio-extras (Minor issue) NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145 CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...) - linux [bookworm] - linux (Minor issue, revisit when fixed upstream) [bullseye] - linux (Minor issue, revisit when fixed upstream) [buster] - linux (Minor issue, revisit when fixed upstream) NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/ CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12744 (The MSI installer in Verint Desktop Resources 15.2 allows an unprivile ...) NOT-FOR-US: Verint Desktop Resources CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) NOT-FOR-US: Gazie CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress CVE-2020-12741 RESERVED CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) - tcpreplay 4.3.3-1 (unimportant) [jessie] - tcpreplay (Vulnerable code added later) NOTE: https://github.com/appneta/tcpreplay/issues/576 NOTE: https://github.com/appneta/tcpreplay/pull/590 NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...) NOT-FOR-US: Fanuc i Series CNC CVE-2020-12738 RESERVED CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) NOT-FOR-US: Maxum Rumpus CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...) NOT-FOR-US: Code42 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) NOT-FOR-US: DomainMOD CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...) NOT-FOR-US: MagicMotion Flamingo 2 application for Android CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...) NOT-FOR-US: MagicMotion Flamingo 2 CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...) NOT-FOR-US: MagicMotion Flamingo 2 CVE-2020-12728 RESERVED CVE-2020-12727 RESERVED CVE-2020-12726 RESERVED CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...) NOT-FOR-US: Redash CVE-2020-12724 RESERVED CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) CVE-2020-12722 RESERVED CVE-2020-12721 RESERVED CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) NOT-FOR-US: vBulletin CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) NOT-FOR-US: WSO2 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) NOT-FOR-US: PHP-Fusion CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) NOT-FOR-US: COVIDSafe (Australia) app CVE-2020-12716 RESERVED CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...) NOT-FOR-US: CipherMail CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) NOT-FOR-US: CipherMail CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...) NOT-FOR-US: SOS JobScheduler CVE-2020-12711 RESERVED CVE-2020-12710 RESERVED CVE-2020-12709 RESERVED CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) NOT-FOR-US: LeptonCMS CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) NOT-FOR-US: LeptonCMS CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS.) NOT-FOR-US: UliCMS CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall.) NOT-FOR-US: UliCMS CVE-2020-12702 (Weak encryption in the Quick Pairing mode in the eWeLink mobile applic ...) NOT-FOR-US: eWeLink mobile application CVE-2020-12701 RESERVED CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) NOT-FOR-US: Typo3 extension CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) NOT-FOR-US: Typo3 extension CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) NOT-FOR-US: Typo3 extension CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) NOT-FOR-US: Typo3 extension CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL.) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) {DSA-4898-1 DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1} - wpa 2:2.9.0-16 (bug #976106) - gupnp 1.2.3-1 [buster] - gupnp 1.0.5-0+deb10u1 - minidlna 1.2.1+dfsg-3 (bug #976594) - pupnp (Fixed before initial upload to Debian after source package rename) - pupnp-1.8 (bug #983206) [bookworm] - pupnp-1.8 (Minor issue) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp [stretch] - libupnp (Invasive change, hard to backport; chances of regression) NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch NOTE: https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 (v1_3_0) NOTE: https://github.com/pupnp/pupnp/commit/5f76bf2858dd601bd985bf37a1db9f262c0ff7bf (release-1.14.0) NOTE: https://github.com/pupnp/pupnp/commit/7b3f0f5f497f9f493c82307af495b87fa9ebdacb (release-1.14.0) CVE-2020-12694 RESERVED CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) {DSA-4841-1 DLA-2886-1} - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #961406) [jessie] - slurm-llnl (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html NOTE: Issue affects systems with Message Aggregation enabled NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) NOT-FOR-US: Serpico CVE-2020-12686 RESERVED CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) NOT-FOR-US: Interchange CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...) NOT-FOR-US: i-net Clear Reports CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues.) NOT-FOR-US: Katyshop2 CVE-2020-12682 RESERVED CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices ...) NOT-FOR-US: 3xLogic Infinias eIDC32 devices CVE-2020-12680 (Avira Free Antivirus through 15.0.2005.1866 allows local users to disc ...) NOT-FOR-US: Avira Free Antivirus CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...) NOT-FOR-US: Mitel CVE-2020-12678 REJECTED CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) NOT-FOR-US: Progress MOVEit Automation Web Admin CVE-2020-12676 (FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge me ...) NOT-FOR-US: FusionAuth CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-WordPress plugin for WordPress CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872737 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4 CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872733 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1873290 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6 CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3 NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145 CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2 NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie) NOTE: https://bugs.launchpad.net/keystone/+bug/1872735 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...) {DLA-2902-1 DLA-2236-1} - graphicsmagick 1.4+really1.3.35-2 (bug #960000) [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u2 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/ CVE-2020-12671 RESERVED CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save function of ...) - webmin CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) {DLA-3795-1} - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) NOT-FOR-US: macaron CVE-2020-12665 RESERVED CVE-2020-12664 RESERVED CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...) NOT-FOR-US: Netgear CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2020-12661 RESERVED CVE-2020-12660 RESERVED CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) CVE-2020-12658 (gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex befor ...) {DLA-2516-1} - gssproxy (unimportant; bug #978931) NOTE: https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 (v0.8.3) NOTE: code change in question only happens in a shutdown path. CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...) - linux 5.7.6-1 (unimportant) [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 NOTE: Issue is triggered only at module reloading / rebinding CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...) {DLA-2420-1 DLA-2323-1} - linux 5.6.14-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: SecureCRT CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) NOT-FOR-US: Gurbalib CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) - tinymce (bug #972642) [buster] - tinymce (Minor issue) [stretch] - tinymce (Vulnerable code not present and not reproducible) NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...) NOT-FOR-US: OX App Suite CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...) NOT-FOR-US: OX App Suite CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...) NOT-FOR-US: OX App Suite CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...) NOT-FOR-US: OX App Suite CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...) NOT-FOR-US: Report Portal CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...) - phplist (bug #612288) CVE-2020-12638 (An encryption-bypass issue was discovered on Espressif ESP-IDF devices ...) NOT-FOR-US: Espressif CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...) NOT-FOR-US: Zulip Desktop CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...) - tensorflow (bug #804612) CVE-2020-12636 RESERVED CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...) NOT-FOR-US: WebForms Pro M2 extension for Magento CVE-2020-12634 RESERVED CVE-2020-12633 RESERVED CVE-2020-12632 RESERVED CVE-2020-12631 RESERVED CVE-2020-12630 RESERVED CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...) NOT-FOR-US: osTicket CVE-2020-12628 RESERVED CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...) NOT-FOR-US: Calibre-Web CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...) NOT-FOR-US: League CVE-2020-12623 RESERVED CVE-2020-12622 RESERVED CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...) NOT-FOR-US: Teamwire application for Android CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...) NOT-FOR-US: Pi-hole CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...) NOT-FOR-US: MailMate CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...) NOT-FOR-US: eM Client CVE-2020-12617 RESERVED CVE-2020-12616 RESERVED CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows CVE-2020-12611 RESERVED CVE-2020-12610 RESERVED CVE-2020-12609 RESERVED CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...) NOT-FOR-US: SolarWinds CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) NOT-FOR-US: DB Soft CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) - envoyproxy (bug #987544) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) - envoyproxy (bug #987544) CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) - envoyproxy (bug #987544) CVE-2020-12602 RESERVED CVE-2020-12601 RESERVED CVE-2020-12600 RESERVED CVE-2020-12599 RESERVED CVE-2020-12598 RESERVED CVE-2020-12597 RESERVED CVE-2020-12596 RESERVED CVE-2020-12595 (An information disclosure flaw allows a malicious, authenticated, priv ...) NOT-FOR-US: Symantec CVE-2020-12594 (A privilege escalation flaw allows a malicious, authenticated, privile ...) NOT-FOR-US: Symantec CVE-2020-12593 (Symantec Endpoint Detection & Response, prior to 4.5, may be susceptib ...) NOT-FOR-US: Symantec CVE-2020-12592 REJECTED CVE-2020-12591 REJECTED CVE-2020-12590 REJECTED CVE-2020-12589 REJECTED CVE-2020-12588 REJECTED CVE-2020-12587 REJECTED CVE-2020-12586 REJECTED CVE-2020-12585 REJECTED CVE-2020-12584 REJECTED CVE-2020-12583 REJECTED CVE-2020-12582 REJECTED CVE-2020-12581 REJECTED CVE-2020-12580 REJECTED CVE-2020-12579 REJECTED CVE-2020-12578 REJECTED CVE-2020-12577 REJECTED CVE-2020-12576 REJECTED CVE-2020-12575 REJECTED CVE-2020-12574 REJECTED CVE-2020-12573 REJECTED CVE-2020-12572 REJECTED CVE-2020-12571 REJECTED CVE-2020-12570 REJECTED CVE-2020-12569 REJECTED CVE-2020-12568 REJECTED CVE-2020-12567 REJECTED CVE-2020-12566 REJECTED CVE-2020-12565 REJECTED CVE-2020-12564 REJECTED CVE-2020-12563 REJECTED CVE-2020-12562 REJECTED CVE-2020-12561 REJECTED CVE-2020-12560 REJECTED CVE-2020-12559 REJECTED CVE-2020-12558 REJECTED CVE-2020-12557 REJECTED CVE-2020-12556 REJECTED CVE-2020-12555 REJECTED CVE-2020-12554 REJECTED CVE-2020-12553 REJECTED CVE-2020-12552 REJECTED CVE-2020-12551 REJECTED CVE-2020-12550 REJECTED CVE-2020-12549 REJECTED CVE-2020-12548 REJECTED CVE-2020-12547 REJECTED CVE-2020-12546 REJECTED CVE-2020-12545 REJECTED CVE-2020-12544 REJECTED CVE-2020-12543 REJECTED CVE-2020-12542 REJECTED CVE-2020-12541 REJECTED CVE-2020-12540 REJECTED CVE-2020-12539 REJECTED CVE-2020-12538 REJECTED CVE-2020-12537 REJECTED CVE-2020-12536 REJECTED CVE-2020-12535 REJECTED CVE-2020-12534 REJECTED CVE-2020-12533 REJECTED CVE-2020-12532 REJECTED CVE-2020-12531 REJECTED CVE-2020-12530 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12529 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...) NOT-FOR-US: MB connect software CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...) NOT-FOR-US: TwinCAT OPC UA Server CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and ...) NOT-FOR-US: M&M Software fdtCONTAINER Component CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...) NOT-FOR-US: Phoenix Contact HMIs BTP CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...) NOT-FOR-US: Phoenix Contact mGuard Devices CVE-2020-12522 (The reported vulnerability allows an attacker who has network access t ...) NOT-FOR-US: WAGO CVE-2020-12521 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12520 REJECTED CVE-2020-12519 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12518 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12517 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...) NOT-FOR-US: WAGO CVE-2020-12515 REJECTED CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...) NOT-FOR-US: Beckhoff CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...) NOT-FOR-US: s::can moni::tools CVE-2020-12508 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...) NOT-FOR-US: s::can moni::tools CVE-2020-12507 (In s::can moni::tools before version 4.2 an authenticated attacker cou ...) NOT-FOR-US: s::can moni::tools CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) NOT-FOR-US: WAGO CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) NOT-FOR-US: WAGO CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...) NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...) NOT-FOR-US: Phoenix CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...) NOT-FOR-US: Phoenix CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and ...) NOT-FOR-US: Endress+Hauser CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with ...) NOT-FOR-US: Endress+Hauser CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...) NOT-FOR-US: Beckhoff CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...) NOT-FOR-US: SWARCOs CPU LS4000 Series CVE-2020-12492 RESERVED CVE-2020-12491 RESERVED CVE-2020-12490 RESERVED CVE-2020-12489 RESERVED CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...) NOT-FOR-US: Vivo CVE-2020-12487 RESERVED CVE-2020-12486 RESERVED CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...) NOT-FOR-US: Vivo CVE-2020-12484 RESERVED CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...) NOT-FOR-US: Vivo CVE-2020-12482 RESERVED CVE-2020-12481 RESERVED CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...) NOT-FOR-US: Play Framework CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) - teampass (bug #730180) CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) - teampass (bug #730180) CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...) - teampass (bug #730180) CVE-2020-12476 RESERVED CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...) NOT-FOR-US: TP-Link CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...) - telegram-desktop 2.1.0+ds-1 [buster] - telegram-desktop (Minor issue) NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...) NOT-FOR-US: MonoX CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...) NOT-FOR-US: MonoX CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...) NOT-FOR-US: MonoX CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...) NOT-FOR-US: MonoX CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...) NOT-FOR-US: Subrion CMS CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...) NOT-FOR-US: Subrion CMS CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...) NOT-FOR-US: Subrion CMS CVE-2019-20793 RESERVED CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...) NOT-FOR-US: Xerox CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959142) NOTE: https://github.com/roundcube/roundcubemail/pull/7302 NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713 CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959140) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7 CVE-2020-12466 RESERVED CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) NOT-FOR-US: Avira CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...) NOT-FOR-US: PHP-Fusion CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...) {DLA-2639-1} - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464) [buster] - opendmarc 1.3.2-6+deb10u2 NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64 NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...) NOT-FOR-US: Grafana as shipped in Red Hat CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...) - grafana NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765 NOTE: https://github.com/grafana/grafana/issues/8283 CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable) NOTE: https://github.com/wolfSSL/wolfssl/pull/2927 CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...) NOT-FOR-US: Mitel CVE-2020-12455 RESERVED CVE-2020-12454 RESERVED CVE-2020-12453 RESERVED CVE-2020-12452 RESERVED CVE-2020-12451 RESERVED CVE-2020-12450 RESERVED CVE-2020-12449 RESERVED CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...) - gitlab (Only affects GitLab EE 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/ CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...) NOT-FOR-US: Onkyo CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...) NOT-FOR-US: G.SKILL Trident Z Lighting Control CVE-2020-12445 RESERVED CVE-2020-12444 RESERVED CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...) NOT-FOR-US: BigBlueButton CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) NOT-FOR-US: Ivanti CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...) NOT-FOR-US: Ivanti CVE-2020-12440 REJECTED CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) NOT-FOR-US: PHP-Fusion CVE-2020-12437 RESERVED CVE-2020-12436 RESERVED CVE-2020-12435 RESERVED CVE-2020-12434 RESERVED CVE-2020-12433 RESERVED CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...) NOT-FOR-US: Vereign Collabora CODE CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) NOT-FOR-US: Splashtop Software Updater CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) {DLA-3778-1} [experimental] - libvirt 6.2.0-1 - libvirt 6.4.0-2 (low; bug #959447) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190 CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...) - opensc 0.20.0-1 (low) [buster] - opensc 0.19.0-1+deb10u1 [stretch] - opensc (Coolkey driver added in 0.17.0) [jessie] - opensc (Minor issue but can be worth fixing later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4 CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...) NOT-FOR-US: Online Course Registration CVE-2020-12428 RESERVED CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) NOT-FOR-US: Western Digital CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426 CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425 CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424 CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423 CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422 CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421 CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420 CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419 CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418 CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417 CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416 CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415 CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...) - firefox (Specific to Firefox on iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414 CVE-2020-12413 (The Raccoon attack is a timing attack on DHE ciphersuites inherit in t ...) - nss 2:3.17-1 [buster] - nss (Minor issue) [stretch] - nss (Minor issue) NOTE: https://raccoon-attack.com/ NOTE: Starting with 3.17 NSS allows to disable reuse of ECDHE keys, marking this NOTE: as the "fixed" version for unstable: NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412 CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410 CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409 CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408 CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406 CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405 CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...) - firefox (Specific to iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404 CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...) {DLA-3327-1 DLA-2388-1} - nss 2:3.55-1 NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931 CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...) {DSA-4726-1 DLA-2388-1 DLA-2266-1} - nss 2:3.53.1-1 (bug #963152) NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1 NOTE: Fixed upstream in 3.53.1 CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...) {DLA-3327-1 DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401 CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...) {DLA-3327-1 DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400 CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...) {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - nss 2:3.53-1 (bug #961752) - thunderbird 1:68.9.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public) NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399 CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...) {DSA-4702-1 DLA-2247-1} - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398 CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...) {DSA-4683-1 DLA-2206-1} - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392 CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12383 REJECTED CVE-2020-12382 REJECTED CVE-2020-12381 REJECTED CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...) NOT-FOR-US: Intel CVE-2020-12379 REJECTED CVE-2020-12378 REJECTED CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...) NOT-FOR-US: Intel CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) NOT-FOR-US: Intel CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) {DLA-3380-1} - linux 5.14.6-1 [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...) NOT-FOR-US: Intel CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...) NOT-FOR-US: Intel CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...) NOT-FOR-US: Intel CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...) NOT-FOR-US: Intel CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...) NOT-FOR-US: Intel CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...) NOT-FOR-US: Intel CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...) NOT-FOR-US: Intel CVE-2020-12352 (Improper access control in BlueZ may allow an unauthenticated user to ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.9.1-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8 CVE-2020-12351 (Improper input validation in BlueZ may allow an unauthenticated user t ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.9.1-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22 CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...) NOT-FOR-US: Intel CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-12348 REJECTED CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...) NOT-FOR-US: Intel CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...) NOT-FOR-US: Intel CVE-2020-12344 REJECTED CVE-2020-12343 REJECTED CVE-2020-12342 REJECTED CVE-2020-12341 REJECTED CVE-2020-12340 REJECTED CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...) NOT-FOR-US: Intel CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...) NOT-FOR-US: Intel CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) NOT-FOR-US: Intel CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...) NOT-FOR-US: Intel CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...) NOT-FOR-US: Intel CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...) NOT-FOR-US: Intel CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...) NOT-FOR-US: Intel CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...) NOT-FOR-US: Intel CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...) NOT-FOR-US: Intel CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...) NOT-FOR-US: Intel CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...) NOT-FOR-US: Intel CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...) NOT-FOR-US: Intel CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...) NOT-FOR-US: Intel (Wireless Bluetooth products, but only affecting Windows) CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...) NOTE: Intel firmware, there is no conclusive information if the blobs shipped in NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...) NOT-FOR-US: Intel CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) NOTE: Intel firmware, there is no conclusive information if the blobs shipped in NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...) NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...) NOTE: Intel firmware, there is no conclusive information if the blobs shipped in NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...) NOT-FOR-US: Intel CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...) NOT-FOR-US: Intel CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) CVE-2020-12313 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) NOTE: Intel firmware, there is no conclusive information if the blobs shipped in NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html NOTE: Fixed firmware blobs: NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3 NOTE: ibt-hw-37.8.10-fw-22.50.19.14.f.bseq NOTE: Not shipped in Debian: Wi-Fi 6 AX200, Wireless-AC 9560, Wireless-AC 9462, Wireless-AC 9461, Dual Band Wireless-AC 3165 NOTE: Intel seems to have missed the update for ibt-12-16.sfi, last update from May 2019 NOTE: Intel seems to have missed the update for ibt-11-5.sfi, last update from Jan 2019 CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) NOT-FOR-US: Intel CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) NOT-FOR-US: Intel CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) NOT-FOR-US: Intel CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...) NOT-FOR-US: Intel CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...) NOT-FOR-US: Intel CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...) NOT-FOR-US: Intel CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...) NOT-FOR-US: Intel CVE-2020-12305 REJECTED CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...) NOT-FOR-US: Intel CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...) NOT-FOR-US: Intel CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant before ...) NOT-FOR-US: Intel CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) NOT-FOR-US: Intel CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) NOT-FOR-US: Intel CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...) NOT-FOR-US: Intel CVE-2020-12298 REJECTED CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...) NOT-FOR-US: Intel CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) NOT-FOR-US: Intel CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...) NOT-FOR-US: Intel CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM) ...) NOT-FOR-US: Intel CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...) NOT-FOR-US: Intel CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...) NOT-FOR-US: Intel CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) NOT-FOR-US: Intel CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...) NOT-FOR-US: Intel CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...) NOT-FOR-US: Intel CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...) NOT-FOR-US: Intel CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...) NOT-FOR-US: Intel CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...) NOT-FOR-US: OpenThread CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...) - re2c (unimportant) NOTE: https://github.com/skvadrik/re2c/issues/219 NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/5fffb1870181d6179118586e21ed2889b8b4abc8 NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2 NOTE: Crash im CLI tool, no security impact CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) NOT-FOR-US: Octopus Deploy CVE-2020-12285 RESERVED CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2 ...) {DSA-4722-1} - ffmpeg 7:4.2.3-1 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 CVE-2017-18863 (Certain NETGEAR devices are affected by command execution via a PHP fo ...) NOT-FOR-US: Netgear CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Su ...) NOT-FOR-US: Netgear CVE-2017-18860 (Certain NETGEAR devices are affected by debugging command execution. T ...) NOT-FOR-US: Netgear CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage. This affect ...) NOT-FOR-US: Netgear CVE-2017-18858 (Certain NETGEAR devices are affected by command execution. This affect ...) NOT-FOR-US: Netgear CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and iOS is aff ...) NOT-FOR-US: Netgear CVE-2017-18856 (NETGEAR ReadyNAS devices before 6.6.1 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2017-18855 (NETGEAR WNR854T devices before 1.5.2 are affected by command execution ...) NOT-FOR-US: Netgear CVE-2017-18854 (NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.) NOT-FOR-US: Netgear CVE-2017-18853 (Certain NETGEAR devices are affected by password recovery and file acc ...) NOT-FOR-US: Netgear CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...) NOT-FOR-US: Netgear CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...) NOT-FOR-US: Netgear CVE-2016-11058 (The NETGEAR genie application before 2.4.34 for Android is affected by ...) NOT-FOR-US: Netgear CVE-2016-11057 (Certain NETGEAR devices are affected by mishandling of repeated URL ca ...) NOT-FOR-US: Netgear CVE-2016-11056 (Certain NETGEAR devices are affected by anonymous root access. This af ...) NOT-FOR-US: Netgear CVE-2016-11055 (Certain NETGEAR devices are affected by CSRF. This affects CM400 befor ...) NOT-FOR-US: Netgear CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command ex ...) NOT-FOR-US: Netgear CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...) NOT-FOR-US: Sourcegraph CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) {DLA-3340-1 DLA-2936-1} - libgit2 0.28.4+dfsg.1-2 [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) {DLA-3340-1 DLA-2936-1} - libgit2 0.28.4+dfsg.1-2 [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) NOT-FOR-US: TestLink CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) NOT-FOR-US: TestLink CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) {DLA-3546-1} - opendmarc 1.4.0~beta1+dfsg-4 (bug #977767) [stretch] - opendmarc (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/opendmarc/tickets/237/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf NOTE: Fix: https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) NOT-FOR-US: SFOS CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...) NOT-FOR-US: Bluezone CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) {DLA-2796-1} - jbig2dec 0.18-1 [buster] - jbig2dec 0.16-1+deb10u1 [jessie] - jbig2dec (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...) - qtbase-opensource-src (Vulnerable code not present) NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 NOTE: The 5.14 in experimental contains the code, but is already fixed CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...) - opendmarc 1.4.0~beta1+dfsg-4 (bug #977766) [buster] - opendmarc (Minor issue) [stretch] - opendmarc (Minor issue) NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 NOTE: https://sourceforge.net/p/opendmarc/tickets/235/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf NOTE: Issue is disputed upstream and considered "work as designed" (wontfix) NOTE: https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20790 NOTE: Upstream reconsidering position: NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/158 CVE-2020-12266 (An issue was discovered where there are multiple externally accessible ...) NOT-FOR-US: WAVLINK CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) NOT-FOR-US: Node decompress CVE-2020-12264 RESERVED CVE-2020-12263 RESERVED CVE-2020-12262 (Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61 ...) NOT-FOR-US: Intelbras CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login.) NOT-FOR-US: Open-AudIT CVE-2020-12260 RESERVED CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...) NOT-FOR-US: rConfig CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...) NOT-FOR-US: rConfig CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...) NOT-FOR-US: rConfig CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...) NOT-FOR-US: rConfig CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...) NOT-FOR-US: rConfig CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) NOT-FOR-US: Avira Antivirus CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...) NOT-FOR-US: Croogo CVE-2020-12253 RESERVED CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12250 RESERVED CVE-2020-12249 RESERVED CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Di ...) NOT-FOR-US: Beeline Smart Box CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) - grafana NOTE: https://github.com/grafana/grafana/pull/23816 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) {DSA-4666-1 DLA-2199-1} - openldap 2.4.50+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202 NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50) CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...) NOT-FOR-US: Valve CVE-2020-12241 RESERVED CVE-2020-12240 RESERVED CVE-2020-12239 RESERVED CVE-2020-12238 RESERVED CVE-2020-12237 RESERVED CVE-2020-12236 RESERVED CVE-2020-12235 RESERVED CVE-2020-12234 RESERVED CVE-2020-12233 RESERVED CVE-2020-12232 RESERVED CVE-2020-12231 RESERVED CVE-2020-12230 RESERVED CVE-2020-12229 RESERVED CVE-2020-12228 RESERVED CVE-2020-12227 RESERVED CVE-2020-12226 RESERVED CVE-2020-12225 RESERVED CVE-2020-12224 RESERVED CVE-2020-12223 RESERVED CVE-2020-12222 RESERVED CVE-2020-12221 RESERVED CVE-2020-12220 RESERVED CVE-2020-12219 RESERVED CVE-2020-12218 RESERVED CVE-2020-12217 RESERVED CVE-2020-12216 RESERVED CVE-2020-12215 RESERVED CVE-2020-12214 RESERVED CVE-2020-12213 RESERVED CVE-2020-12212 RESERVED CVE-2020-12211 RESERVED CVE-2020-12210 RESERVED CVE-2020-12209 RESERVED CVE-2020-12208 RESERVED CVE-2020-12207 RESERVED CVE-2020-12206 RESERVED CVE-2020-12205 RESERVED CVE-2020-12204 RESERVED CVE-2020-12203 RESERVED CVE-2020-12202 RESERVED CVE-2020-12201 RESERVED CVE-2020-12200 RESERVED CVE-2020-12199 RESERVED CVE-2020-12198 RESERVED CVE-2020-12197 RESERVED CVE-2020-12196 RESERVED CVE-2020-12195 RESERVED CVE-2020-12194 RESERVED CVE-2020-12193 RESERVED CVE-2020-12192 RESERVED CVE-2020-12191 RESERVED CVE-2020-12190 RESERVED CVE-2020-12189 RESERVED CVE-2020-12188 RESERVED CVE-2020-12187 RESERVED CVE-2020-12186 RESERVED CVE-2020-12185 RESERVED CVE-2020-12184 RESERVED CVE-2020-12183 RESERVED CVE-2020-12182 RESERVED CVE-2020-12181 RESERVED CVE-2020-12180 RESERVED CVE-2020-12179 RESERVED CVE-2020-12178 RESERVED CVE-2020-12177 RESERVED CVE-2020-12176 RESERVED CVE-2020-12175 RESERVED CVE-2020-12174 RESERVED CVE-2020-12173 RESERVED CVE-2020-12172 RESERVED CVE-2020-12171 RESERVED CVE-2020-12170 RESERVED CVE-2020-12169 RESERVED CVE-2020-12168 RESERVED CVE-2020-12167 RESERVED CVE-2020-12166 RESERVED CVE-2020-12165 RESERVED CVE-2020-12164 RESERVED CVE-2020-12163 RESERVED CVE-2020-12162 RESERVED CVE-2020-12161 RESERVED CVE-2020-12160 RESERVED CVE-2020-12159 RESERVED CVE-2020-12158 RESERVED CVE-2020-12157 RESERVED CVE-2020-12156 RESERVED CVE-2020-12155 RESERVED CVE-2020-12154 RESERVED CVE-2020-12153 RESERVED CVE-2020-12152 RESERVED CVE-2020-12151 RESERVED CVE-2020-12150 RESERVED CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM ...) NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...) NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) NOT-FOR-US: Silver Peak Cloud Portal CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) NOT-FOR-US: EdgeConnect CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...) NOT-FOR-US: EdgeConnect CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...) NOT-FOR-US: SNMP stack in Contiki-NG CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...) NOT-FOR-US: Contiki-NG CVE-2020-12139 RESERVED CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) NOT-FOR-US: AMD ATI atillk64.sys specific issue CVE-2020-12136 RESERVED CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) - duo-unix (unimportant; bug #958998) NOTE: Embedded older version, but affected function not used CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...) NOT-FOR-US: Nanometrics Centaur / TitanSMA CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...) NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...) NOT-FOR-US: Fifthplay CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) NOT-FOR-US: DONG JOO CHO File Transfer iFamily CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...) NOT-FOR-US: WAVLINK CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...) NOT-FOR-US: WAVLINK CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...) NOT-FOR-US: WAVLINK CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...) NOT-FOR-US: WAVLINK CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...) NOT-FOR-US: WAVLINK CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...) NOT-FOR-US: Max Secure Max Spyware Detector CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) NOT-FOR-US: PrestaShop CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...) NOT-FOR-US: Ledger Live CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) NOT-FOR-US: Binance tss-lib CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) NOT-FOR-US: Moxa CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) NOT-FOR-US: BigBlueButton CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: BigBlueButton CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...) NOT-FOR-US: TP-Link CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects ...) NOT-FOR-US: TP-Link CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) NOT-FOR-US: TP-Link CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) {DSA-4991-1 DLA-2276-1 DLA-2204-1} - mailman NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) NOT-FOR-US: VPNCrypt CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...) NOT-FOR-US: VPNCrypt CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...) - openconnect (unimportant; bug #959428) [jessie] - openconnect (Vulnerable code introduced later) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96 NOTE: Only an issue if building with OpenSSL, where Debian binary packages use NOTE: GnuTLS. CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...) NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...) NOT-FOR-US: Tiny File Manager CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...) NOT-FOR-US: Tiny File Manager CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...) NOT-FOR-US: xt:Commerce CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1 NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad NOTE: https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b NOTE: https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405 NOTE: https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801 NOTE: https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667 NOTE: https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b NOTE: https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3 NOTE: https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490 NOTE: https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049 NOTE: https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf NOTE: https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67 NOTE: https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133 NOTE: https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4 NOTE: https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716 NOTE: https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161 NOTE: https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3 CVE-2020-12099 RESERVED CVE-2020-12098 RESERVED CVE-2020-12097 RESERVED CVE-2020-12096 RESERVED CVE-2020-12095 RESERVED CVE-2020-12094 RESERVED CVE-2020-12093 RESERVED CVE-2020-12092 RESERVED CVE-2020-12091 RESERVED CVE-2020-12090 RESERVED CVE-2020-12089 RESERVED CVE-2020-12088 RESERVED CVE-2020-12087 RESERVED CVE-2020-12086 RESERVED CVE-2020-12085 RESERVED CVE-2020-12084 RESERVED CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...) NOT-FOR-US: Code Insight CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...) NOT-FOR-US: Insight CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) NOT-FOR-US: FlexNet Publisher lmadmin.exe CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...) NOT-FOR-US: FlexNet CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) {DLA-2146-1} - libvncserver 0.9.12+dfsg-9 (bug #954163) [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) {DSA-4664-1 DLA-2200-1} - mailman (bug #958930) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...) NOT-FOR-US: Beaker browser, different from src:beaker CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...) NOT-FOR-US: Open-AudIT CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-WordPress plugin for WordPress CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) NOT-FOR-US: responsive-add-ons plugin for WordPress CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content.) NOT-FOR-US: Anchor CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 (In CODESYS V3 products in all versions prior V3.5.16.0 containing the ...) NOT-FOR-US: Pilz PMC programming tool CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) NOT-FOR-US: CODESYS CVE-2020-12067 (In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Devel ...) NOT-FOR-US: Pilz PMC programming tool CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) {DSA-4763-1} - teeworlds 0.7.5-1 [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785 CVE-2020-12065 RESERVED CVE-2020-12064 RESERVED CVE-2020-12063 (A certain Postfix 2.10.1-7 package could allow an attacker to send an ...) NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals CVE-2020-12062 (The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to ...) - openssh 1:8.3p1-1 (unimportant) NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894 NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1 NOTE: Negligible security impact, a malicious peer can achieve no more than already NOTE: able o achieve within the scp protocol. CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...) NOT-FOR-US: Nitrokey firmware CVE-2020-12060 RESERVED CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) {DLA-3629-1} - ceph 14.2.4-1 [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/44967 NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1) NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...) NOTE: Duplicate of CVE-2019-10877 CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...) NOT-FOR-US: osCommerce CE Phoenix CVE-2020-12057 RESERVED CVE-2020-12056 RESERVED CVE-2020-12055 RESERVED CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...) NOT-FOR-US: Catch Breadcrumb plugin for WordPress CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...) NOT-FOR-US: Unisys Stealth CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS.) - grafana CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...) NOT-FOR-US: MediaWiki extension CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...) - sqliteodbc (unimportant) NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same NOTE: issue. CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServe ...) {DLA-2235-1} - dbus 1.12.18-1 [buster] - dbus 1.12.20-0+deb10u1 [stretch] - dbus 1.10.32-0+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748 CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...) NOT-FOR-US: Phoenix Hemodialysis Delivery System CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12044 RESERVED CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...) NOT-FOR-US: Sigma Spectrum Infusion System CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...) NOT-FOR-US: Baxter CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...) NOT-FOR-US: Rockwell Automation CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...) NOT-FOR-US: Emerson WirelessHART Gateway CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...) NOT-FOR-US: FactoryTalk View CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...) NOT-FOR-US: Rockwell Automation CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...) NOT-FOR-US: Baxter CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...) NOT-FOR-US: Philips CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...) NOT-FOR-US: OSIsoft PI Web CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...) NOT-FOR-US: Baxter CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...) NOT-FOR-US: WebAccess Node CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...) NOT-FOR-US: GE Grid Solutions Reason RT Clocks CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions ...) NOT-FOR-US: Baxter CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...) NOT-FOR-US: Mitsubishi CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions ...) NOT-FOR-US: Baxter CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...) NOT-FOR-US: Mitsubishi CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...) NOT-FOR-US: Mitsubishi CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12004 (The affected product lacks proper authentication required to query the ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...) - activemq (Only affects 5.15.12) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...) - guacamole-client (bug #1015986) [stretch] - guacamole-client (Minor issue; fix intrusive to backport) NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123 NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed NOTE: https://github.com/glyptodon/guacamole-client/pull/453 NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14 CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) {DSA-4727-1 DLA-2279-1} - tomcat9 9.0.36-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its earlier ...) NOT-FOR-US: Apache Dubbo CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) NOT-FOR-US: Apache Camel CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3 NOTE: https://svn.apache.org/r1879642 NOTE: https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c CVE-2020-11992 REJECTED CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...) - cocoon CVE-2020-11990 (We have resolved a security issue in the camera plugin that could have ...) NOT-FOR-US: Apache Cordova CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...) {DLA-2273-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This NOTE: CVE is closely related to CVE-2020-1957. CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...) - xmlgraphics-commons 2.4-2 (bug #984949) [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 [buster] - xmlgraphics-commons 2.3-1+deb10u1 [stretch] - xmlgraphics-commons (Vulnerable code is not present) NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183 NOTE: https://issues.apache.org/jira/browse/XGC-122 CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...) {DLA-3619-1} - batik 1.14-1 (bug #984829) [bullseye] - batik (Minor issue) [stretch] - batik (Minor issue) NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) - netbeans 12.1-1 [stretch] - netbeans (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) - apache2 2.4.25-1 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2 NOTE: Upstream patch: https://svn.apache.org/r1688399 NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020 CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...) {DSA-4757-1 DLA-2362-1} - apache2 2.4.46-1 [stretch] - apache2 (Vulnerable code not present) - uwsgi (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/1 NOTE: https://svn.apache.org/r1880251 NOTE: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72 NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...) - airflow (bug #819700) CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...) - apache-karaf (bug #881297) CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...) - ant 1.10.9-1 (bug #971612) [buster] - ant (Vulnerability not present as CVE-2020-1945 not addressed) [stretch] - ant (Vulnerability not present as CVE-2020-1945 not addressed) NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed. CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...) - airflow (bug #819700) CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...) NOT-FOR-US: Apache Syncope CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...) NOT-FOR-US: Apache Wicket CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...) NOT-FOR-US: Apache Unomi CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote co ...) NOT-FOR-US: DolphinScheduler CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...) NOT-FOR-US: Apache Camel CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...) NOT-FOR-US: Apache Camel CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...) NOT-FOR-US: Apache Camel CVE-2020-11970 REJECTED CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...) NOT-FOR-US: Apache TomEE CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...) NOT-FOR-US: IQrouter CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...) NOT-FOR-US: IQrouter CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...) NOT-FOR-US: IQrouter CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...) NOT-FOR-US: IQrouter CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...) NOT-FOR-US: IQrouter CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...) NOT-FOR-US: IQrouter CVE-2020-11962 RESERVED CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...) NOT-FOR-US: Xiaomi CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...) NOT-FOR-US: Xiaomi CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...) NOT-FOR-US: Xiaomi CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) - re2c 1.3-2 (bug #963158) [buster] - re2c (Vulnerability introduced later) [stretch] - re2c (Vulnerability introduced later) [jessie] - re2c (Vulnerability introduced later) NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2) NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2) NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070 NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...) NOT-FOR-US: Cypress CVE-2020-11956 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11955 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11954 RESERVED CVE-2020-11953 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11952 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11951 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11948 RESERVED CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...) {DSA-4665-1 DLA-2288-1} - qemu 1:4.2-7 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4) CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...) NOT-FOR-US: bitcoin-abe CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...) NOT-FOR-US: Open-AudIT CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...) NOT-FOR-US: Open-AudIT CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) NOT-FOR-US: Open-AudIT CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4) NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 (3.4) NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...) NOT-FOR-US: Whoopsie CVE-2020-11936 RESERVED CVE-2020-11935 (It was discovered that aufs improperly managed inode reference counts ...) - aufs (bug #964748) [buster] - aufs (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release) [stretch] - aufs (Minor issue; too many other aufs issues open) NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled. NOTE: linux/4.9.y had the config enabled, but was disabled in later versions NOTE: including linux/4.19.y. NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/ NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8 CVE-2020-11934 (It was discovered that snapctl user-open allowed altering the $XDG_DAT ...) - snapd 2.45.2-1 [buster] - snapd (Minor issue) [stretch] - snapd (Vulnerable code not present) NOTE: https://github.com/snapcore/snapd/commit/06342a31878f1cf99d56da5483e71b9af61f46ad CVE-2020-11933 (cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 de ...) NOT-FOR-US: cloud-init in some Ubuntu images CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) NOT-FOR-US: Subiquity installer for Ubuntu CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) NOT-FOR-US: Ubuntu snap packaging of Pulseaudio CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21229 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21228 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21227 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21226 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2018-21225 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21224 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21223 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21222 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21221 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21220 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21219 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21218 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21217 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21216 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21215 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21214 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21213 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21212 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21211 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21210 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21209 (Certain NETGEAR devices are affected by reflected XSS. This affects JN ...) NOT-FOR-US: Netgear CVE-2018-21208 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21207 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21206 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21205 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21204 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21203 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21202 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21201 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21200 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21199 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21198 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21197 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21196 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21195 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21194 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21193 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21192 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21191 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21190 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21189 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21188 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21187 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21186 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21185 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21184 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21183 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21182 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21181 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21172 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21171 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21170 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21169 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21168 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2018-21167 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) NOT-FOR-US: Netgear CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2018-21164 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21163 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21162 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.) NOT-FOR-US: Netgear CVE-2018-21159 (NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2018-21158 (NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2018-21157 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21156 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2018-21155 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2018-21154 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21153 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21152 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21149 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21147 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21146 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21145 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21144 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21143 (NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of ...) NOT-FOR-US: Netgear CVE-2018-21142 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2018-21141 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2018-21140 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21139 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2018-21138 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21137 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) NOT-FOR-US: Netgear CVE-2018-21136 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2018-21135 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21134 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21133 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21132 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2018-21131 (Certain NETGEAR devices are affected by unauthenticated firmware downg ...) NOT-FOR-US: Netgear CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication ...) NOT-FOR-US: Netgear CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escal ...) NOT-FOR-US: Netgear CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...) NOT-FOR-US: Netgear CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21110 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21109 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21108 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21105 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21104 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21103 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.) NOT-FOR-US: Netgear CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21100 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21099 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21098 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2018-21097 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2018-21096 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...) NOT-FOR-US: Netgear CVE-2018-21095 (Certain NETGEAR devices are affected by stored XSS. This affects SRR60 ...) NOT-FOR-US: Netgear CVE-2018-21094 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21093 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18852 (Certain NETGEAR devices are affected by CSRF and authentication bypass ...) NOT-FOR-US: NETGEAR CVE-2017-18851 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2017-18850 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: NETGEAR CVE-2017-18849 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: NETGEAR CVE-2017-18848 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...) NOT-FOR-US: NETGEAR CVE-2017-18847 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: NETGEAR CVE-2017-18846 (Certain NETGEAR devices are affected by a stack-based buffer overflow. ...) NOT-FOR-US: NETGEAR CVE-2017-18845 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2017-18844 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2017-18843 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2017-18842 (Certain NETGEAR devices are affected by CSRF. This affects R7300 befor ...) NOT-FOR-US: NETGEAR CVE-2017-18841 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: NETGEAR CVE-2017-18840 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: NETGEAR CVE-2017-18839 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18838 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) NOT-FOR-US: NETGEAR CVE-2017-18837 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) NOT-FOR-US: NETGEAR CVE-2017-18836 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: NETGEAR CVE-2017-18835 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) NOT-FOR-US: NETGEAR CVE-2017-18834 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) NOT-FOR-US: NETGEAR CVE-2017-18833 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) NOT-FOR-US: NETGEAR CVE-2017-18832 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18831 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18830 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) NOT-FOR-US: NETGEAR CVE-2017-18829 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) NOT-FOR-US: NETGEAR CVE-2017-18828 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18827 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18826 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) NOT-FOR-US: NETGEAR CVE-2017-18825 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: NETGEAR CVE-2017-18824 (Certain NETGEAR devices are affected by directory traversal. This affe ...) NOT-FOR-US: NETGEAR CVE-2017-18823 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: NETGEAR CVE-2017-18822 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) NOT-FOR-US: NETGEAR CVE-2017-18821 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) NOT-FOR-US: Netgear CVE-2017-18820 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18819 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) NOT-FOR-US: Netgear CVE-2017-18818 RESERVED CVE-2017-18817 RESERVED CVE-2017-18816 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) NOT-FOR-US: Netgear CVE-2017-18815 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) NOT-FOR-US: Netgear CVE-2017-18814 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18813 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18812 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18811 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18810 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18809 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18808 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18807 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) NOT-FOR-US: Netgear CVE-2017-18806 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18805 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18804 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18803 (NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2017-18802 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18801 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18800 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...) NOT-FOR-US: Netgear CVE-2017-18799 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18798 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18797 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18796 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18795 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18794 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18793 (NETGEAR R7800 devices before 1.0.2.36 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2017-18792 (NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command i ...) NOT-FOR-US: Netgear CVE-2017-18791 (Certain NETGEAR devices are affected by CSRF. This affects R6050/JR615 ...) NOT-FOR-US: Netgear CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2017-18789 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2017-18788 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2017-18787 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18786 (Certain NETGEAR devices are affected by command injection. This affect ...) NOT-FOR-US: Netgear CVE-2017-18785 (Certain NETGEAR devices are affected by XSS. This affects D3600 before ...) NOT-FOR-US: Netgear CVE-2017-18784 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...) NOT-FOR-US: Netgear CVE-2017-18783 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...) NOT-FOR-US: Netgear CVE-2017-18782 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) NOT-FOR-US: Netgear CVE-2017-18781 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) NOT-FOR-US: Netgear CVE-2017-18780 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2017-18779 (Certain NETGEAR devices are affected by a buffer overflow. This affect ...) NOT-FOR-US: Netgear CVE-2017-18778 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18777 (Certain NETGEAR devices are affected by administrative password disclo ...) NOT-FOR-US: Netgear CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects R6100 befor ...) NOT-FOR-US: Netgear CVE-2017-18774 REJECTED CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18771 REJECTED CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2017-18769 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18768 (Certain NETGEAR devices are affected by CSRF. This affects EX6100 befo ...) NOT-FOR-US: Netgear CVE-2017-18767 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2017-18766 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18765 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2017-18764 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18763 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buf ...) NOT-FOR-US: Netgear CVE-2017-18760 REJECTED CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18758 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18757 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18756 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...) NOT-FOR-US: Netgear CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2017-18753 REJECTED CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18750 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18749 (Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 b ...) NOT-FOR-US: Netgear CVE-2017-18748 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18747 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18746 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18745 (Certain NETGEAR devices are affected by stored XSS. This affects R6400 ...) NOT-FOR-US: Netgear CVE-2017-18744 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18743 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18742 (Certain NETGEAR devices are affected by CSRF. This affects JR6150 befo ...) NOT-FOR-US: Netgear CVE-2017-18741 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18740 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18739 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18738 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18737 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18736 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18735 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18734 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2017-18733 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18732 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18731 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18730 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18729 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18728 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18727 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18726 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18725 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18724 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18723 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18722 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18721 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18720 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2017-18719 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18718 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18717 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18716 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18715 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...) NOT-FOR-US: Netgear CVE-2017-18714 (NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of s ...) NOT-FOR-US: Netgear CVE-2017-18713 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18712 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18711 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18710 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2017-18709 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18708 (Certain NETGEAR devices are affected by CSRF. This affects R8300 befor ...) NOT-FOR-US: Netgear CVE-2017-18707 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2017-18706 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18705 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2017-18704 (Certain NETGEAR devices are affected by an attacker's ability to read ...) NOT-FOR-US: Netgear CVE-2017-18703 (Certain NETGEAR devices are affected by CSRF. This affects D1500 befor ...) NOT-FOR-US: Netgear CVE-2017-18702 (NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2017-18701 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...) NOT-FOR-US: Netgear CVE-2017-18700 (Certain NETGEAR devices are affected by stored XSS. This affects D6400 ...) NOT-FOR-US: Netgear CVE-2017-18699 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18698 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2017-18697 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...) NOT-FOR-US: GTranslate plugin for WordPress CVE-2020-11929 RESERVED CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...) NOT-FOR-US: media-library-assistant plugin for WordPress CVE-2020-11927 RESERVED CVE-2020-11926 RESERVED CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...) NOT-FOR-US: Luvion Grand Elite 3 Connect CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credentials are ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11921 RESERVED CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) NOT-FOR-US: Svakom Siime Eye CVE-2020-11919 RESERVED CVE-2020-11918 RESERVED CVE-2020-11917 RESERVED CVE-2020-11916 RESERVED CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) NOT-FOR-US: Svakom Siime Eye CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...) NOT-FOR-US: Pion DTLS CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/197 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/196 CVE-2020-11893 RESERVED CVE-2020-11892 RESERVED CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...) NOT-FOR-US: Joomla! CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) - python-markdown2 2.3.9-1 (bug #959445) [buster] - python-markdown2 2.3.7-2+deb10u1 NOTE: https://github.com/trentm/python-markdown2/issues/348 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) - opennms (bug #450615) CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...) {DSA-4667-1} - linux 5.6.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) NOT-FOR-US: O2 Business CVE-2020-11881 (An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7 ...) NOT-FOR-US: MikroTik RouterOS CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail 4:20.04.1-1 (bug #958054) [buster] - kmail (Minor issue) - kdepim [stretch] - kdepim (Minor issue) [jessie] - kdepim (Minor issue) NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 [buster] - evolution (Minor issue) [stretch] - evolution (Minor issue) [jessie] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) - jitsi-meet (bug #760485) CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 a ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash o ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) NOT-FOR-US: OpenTrace CVE-2020-11871 RESERVED CVE-2020-11870 RESERVED CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2 CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...) {DLA-2201-1} - ntp 1:4.2.8p14+dfsg-1 [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) - ntpsec (Doesn't affect ntpsec per upstream, #958027) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592 NOTE: http://bugs.ntp.org/3592 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665 NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651 CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...) - audacity 2.4.2~dfsg0-4 (bug #976874) [buster] - audacity (Minor issue) [stretch] - audacity (Minor issue) NOTE: https://github.com/audacity/audacity/pull/700 CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...) NOT-FOR-US: LG mobile devices CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...) NOT-FOR-US: LG Bridge CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...) NOT-FOR-US: LG mobile devices CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...) NOT-FOR-US: LG mobile devices CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...) NOT-FOR-US: LG PC Suite CVE-2020-11862 (Allocation of Resources Without Limits or Throttling vulnerability in ...) NOT-FOR-US: OpenText NetIQ Privileged Account Manager CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...) NOT-FOR-US: Micro Focus CVE-2020-11859 RESERVED CVE-2020-11858 (Code execution with escalated privileges vulnerability in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge Manager, App ...) NOT-FOR-US: Micro Focus CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...) NOT-FOR-US: Micro Focus CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...) NOT-FOR-US: Micro Focus CVE-2020-11850 RESERVED CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) NOT-FOR-US: Micro Focus CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...) NOT-FOR-US: Micro Focus CVE-2020-11847 RESERVED CVE-2020-11846 RESERVED CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) NOT-FOR-US: Micro Focus CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...) NOT-FOR-US: Micro Focus CVE-2020-11843 RESERVED CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...) NOT-FOR-US: Micro Focus CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...) NOT-FOR-US: Micro Focus CVE-2020-11837 RESERVED CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...) NOT-FOR-US: OPPO Android Phone CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...) NOT-FOR-US: oppo CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...) NOT-FOR-US: oppo CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...) NOT-FOR-US: oppo CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...) NOT-FOR-US: oppo CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...) NOT-FOR-US: OvoiceManager CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...) NOT-FOR-US: QualityProtect CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...) NOT-FOR-US: com.coloros.codebook (oppo.com) CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) NOT-FOR-US: ColorOS CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...) NOT-FOR-US: GOG Galaxy client CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) NOT-FOR-US: Memono CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) - dolibarr CVE-2020-11824 RESERVED CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) - dolibarr CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) NOT-FOR-US: Rukovoditel CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) NOT-FOR-US: Rukovoditel CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) NOT-FOR-US: Rukovoditel CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) NOT-FOR-US: Rukovoditel CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) NOT-FOR-US: Rukovoditel CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) NOT-FOR-US: Rukovoditel CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...) NOT-FOR-US: qdPM CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...) NOT-FOR-US: Rukovoditel CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...) NOT-FOR-US: qdPM CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...) {DLA-2992-1} - openvpn 2.4.9-1 (low) [buster] - openvpn 2.4.7-1+deb10u1 [jessie] - openvpn (Vulnerable code introduced in 2.4) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED CVE-2020-11808 RESERVED CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) NOT-FOR-US: Sourcefabric Newscoop CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...) NOT-FOR-US: Pexip Reverse Proxy and TURN Server CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11802 RESERVED CVE-2020-11801 RESERVED CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...) NOT-FOR-US: ServiceNow IT Service Management Kingston CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...) {DLA-2461-1} - zabbix 1:4.0.0+dfsg-1 NOTE: https://support.zabbix.com/browse/DEV-1538 NOTE: https://support.zabbix.com/browse/ZBX-17600 NOTE: https://support.zabbix.com/browse/ZBXSEC-30 (not public) NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/85453e04656fc7bd8a6790f5295d79410101745c CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) NOT-FOR-US: Z-Cron CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...) NOT-FOR-US: Mitel CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...) NOT-FOR-US: Mitel CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) NOT-FOR-US: JetBrains Space CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) NOT-FOR-US: JetBrains Space CVE-2020-11794 RESERVED CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) {DSA-4658-1} - webkit2gtk 2.28.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.1-1 NOTE: https://webkitgtk.org/security/WSA-2020-0004.html CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) NOT-FOR-US: Netgear CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) NOT-FOR-US: Netgear CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) NOT-FOR-US: Netgear CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...) NOT-FOR-US: Netgear CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This affects D3 ...) NOT-FOR-US: Netgear CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overf ...) NOT-FOR-US: Netgear CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) NOT-FOR-US: Netgear CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This affects D3 ...) NOT-FOR-US: Netgear CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects D3600 befor ...) NOT-FOR-US: Netgear CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...) NOT-FOR-US: Netgear CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20668 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20667 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20666 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20665 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20664 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20663 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20662 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20661 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20660 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20659 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20658 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20657 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20656 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) NOT-FOR-US: Netgear CVE-2019-20655 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20654 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20653 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20652 (NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20651 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20650 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20649 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) NOT-FOR-US: Netgear CVE-2019-20648 (NETGEAR RN42400 devices before 6.10.2 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2019-20647 (NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of servic ...) NOT-FOR-US: Netgear CVE-2019-20646 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of ad ...) NOT-FOR-US: Netgear CVE-2019-20645 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2019-20644 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.) NOT-FOR-US: Netgear CVE-2019-20643 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of se ...) NOT-FOR-US: Netgear CVE-2019-20642 (NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2019-20641 (NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access c ...) NOT-FOR-US: Netgear CVE-2019-20640 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20639 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) NOT-FOR-US: Netgear CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) NOT-FOR-US: Istio CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) NOT-FOR-US: iFAX AvantFAX CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bad53af7eebed507564dd5fc90320e4c6a6c0bc CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/801272c9bf8b84a66c62f1e8a4490ece81da6a56 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/43cd3ad47d53356da6ae2e983e47c8313aebf72e NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ea3349896d4a8a3b523e8f3b830334a85240b1e6 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (SSE support introduced in v2.0) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c CVE-2020-11757 RESERVED CVE-2020-11756 RESERVED CVE-2020-11755 RESERVED CVE-2020-11754 RESERVED CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...) NOT-FOR-US: Sonatype CVE-2020-11752 RESERVED CVE-2020-11751 RESERVED CVE-2020-11750 RESERVED CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in ...) NOT-FOR-US: Pandora FMS CVE-2020-11748 RESERVED CVE-2020-11747 REJECTED CVE-2020-11746 RESERVED CVE-2020-11745 RESERVED CVE-2020-11744 RESERVED CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-316.html CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-318.html CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-314.html CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...) NOT-FOR-US: Snap Creek Duplicator plugin for WordPress CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...) NOT-FOR-US: Zimbra CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...) - wolfssl 4.4.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) {DLA-2180-1} - file-roller 3.36.2-1 (bug #956638) [buster] - file-roller 3.30.1-2+deb10u1 [stretch] - file-roller 3.22.3-1+deb9u2 NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) NOT-FOR-US: CyberSolutions CyberMail CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...) NOT-FOR-US: Spirent CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11730 RESERVED CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/18 NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/19 NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...) NOT-FOR-US: AlgolPlus CVE-2020-11726 RESERVED CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) {DSA-4750-1 DLA-2283-1} - nginx 1.18.0-5 (bug #964950) NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests) NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15) NOTE: nginx packages include ngx_lua in debian/modules/ CVE-2020-11725 (snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5 ...) - linux (unimportant) NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 NOTE: Disputed security-impact across the kernel community CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl 2:0.25.0-1 (bug #958232) [buster] - crawl (Minor issue) [stretch] - crawl (Minor issue) [jessie] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - libsixel 1.10.3-1 (low; bug #972641) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/134 NOTE: https://github.com/libsixel/libsixel/issues/9 NOTE: https://github.com/libsixel/libsixel/pull/10 NOTE: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 (v1.9.0) NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...) NOT-FOR-US: Programi CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...) NOT-FOR-US: Panasonic CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) NOT-FOR-US: Panasonic CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) - wolfssl 4.4.0+dfsg-1 (bug #960190) NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) NOT-FOR-US: Open Upload CVE-2020-11711 (An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored ...) NOT-FOR-US: Stormshield SNS CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) - cpp-httplib (Fixed before initial upload to Debian) NOTE: https://github.com/yhirose/cpp-httplib/issues/425 NOTE: https://github.com/yhirose/cpp-httplib/commit/85327e19ae7e72028c30917247238d638ce56d0b (v0.5.9) CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) NOT-FOR-US: Combodo iTop CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) NOT-FOR-US: Combodo iTop CVE-2020-11695 RESERVED CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) - pycharm (bug #742394) CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) - intellij-idea (bug #747616) CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) NOT-FOR-US: JetBrains GoLand CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...) NOT-FOR-US: Samsung mobile devices CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11678 RESERVED CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).) NOT-FOR-US: Cerner medico CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).) NOT-FOR-US: Cerner medico CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).) NOT-FOR-US: Cerner medico CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...) NOT-FOR-US: Cerner medico CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) NOT-FOR-US: Responsive Poll for WordPress CVE-2020-11672 RESERVED CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...) - teampass (bug #730180) CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) - sqlite3 3.32.0-1 (unimportant) - sqlite (ALTER TABLE not available in v2) NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 NOTE: https://www.sqlite.org/src/info/b64674919f673602 NOTE: Negliglible security impact (and uncovered in DEBUG build) CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) {DLA-2340-1 DLA-2203-1} - sqlite3 3.31.1-5 [buster] - sqlite3 (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354) - sqlite (window functions not present in v2) NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354 NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718 NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) {DLA-3208-1} - varnish 6.4.0-1 (bug #956307) [stretch] - varnish (Only affects 6.x) [jessie] - varnish (Only affects 6.x) NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2) NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3) NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/04/14/ CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) {DLA-2547-1} - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956305) [buster] - varnish (Minor issue) [stretch] - varnish (Minor issue) [jessie] - varnish (Vulnerability introduced later, PoC not leaking) NOTE: http://varnish-cache.org/security/VSV00004.html#vsv00004 NOTE: https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c (6.x fix) NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer) NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0) NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0) CVE-2020-11646 (A log information disclosure vulnerability in B&R GateManager 4260 and ...) NOT-FOR-US: B&R GateManager CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260 and 9250 ver ...) NOT-FOR-US: B&R GateManager CVE-2020-11644 (The information disclosure vulnerability present in B&R GateManager 42 ...) NOT-FOR-US: B&R GateManager CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager 4260 and 92 ...) NOT-FOR-US: B&R GateManager CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManager vers ...) NOT-FOR-US: B&R SiteManager CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions <9.2. ...) NOT-FOR-US: B&R GateManager CVE-2020-11640 RESERVED CVE-2020-11639 RESERVED CVE-2020-11638 RESERVED CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versions < ...) NOT-FOR-US: B&R Automation Runtime CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) {DLA-2241-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 CVE-2020-11636 RESERVED CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...) NOT-FOR-US: Zscaler Client Connector for Windows CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote the sear ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11622 (A vulnerability exists in Arista\u2019s Cloud EOS VM / vEOS 4.23.2M an ...) NOT-FOR-US: Cloud EOS CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...) NOT-FOR-US: THOMSON CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) NOT-FOR-US: THOMSON CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) {DSA-4885-1 DLA-2364-1} - netty 1:4.1.48-1 [jessie] - netty (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) NOTE: https://github.com/netty/netty/issues/6168 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) NOT-FOR-US: xdLocalStorage CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21085 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21084 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21083 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21082 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21081 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21080 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21079 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21078 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21077 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21076 (An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8 ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21075 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21074 (An issue was discovered on Samsung mobile devices with M(6.x) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21073 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21072 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21071 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21070 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21069 (An issue was discovered on Samsung mobile devices with N(7.x) (MediaTe ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21068 (An issue was discovered on Samsung mobile devices with O(8.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21067 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21066 (An issue was discovered on Samsung mobile devices with M(6.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21065 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21064 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21063 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21062 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21061 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21060 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21059 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21058 (An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21057 (An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, a ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21056 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21055 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21054 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21053 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21052 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21051 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21050 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21049 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21048 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21047 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21046 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21045 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21044 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21043 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21042 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21041 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21040 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21039 (An issue was discovered on Samsung mobile devices with N(7.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18696 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18695 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18694 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18693 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18692 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18691 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18690 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18689 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18688 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18687 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18686 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18685 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18684 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18683 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18682 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18681 (An issue was discovered on Samsung Galaxy S5 mobile devices with softw ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18680 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18679 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18678 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18677 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18676 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18675 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18674 (An issue was discovered on Samsung mobile devices with N(7.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18673 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18672 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18671 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18670 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18669 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18668 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18667 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18666 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18665 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18664 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18663 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18662 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18661 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18660 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18659 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18658 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18657 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18656 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18655 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18654 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18653 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18652 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18651 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18650 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18649 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18648 (An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18647 (An issue was discovered on Samsung mobile devices with M(6,x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18646 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18645 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18644 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2017-18643 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11053 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11052 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11051 REJECTED CVE-2016-11050 (An issue was discovered on Samsung mobile devices with S3(KK), Note2(K ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11049 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11048 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spr ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11047 (An issue was discovered on Samsung mobile devices with JBP(4.2) and KK ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11046 (An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4. ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11045 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11044 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11043 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11042 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11041 (An issue was discovered on Samsung mobile devices with KK(4.4) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11040 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (wit ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11039 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11038 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11037 REJECTED CVE-2016-11036 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11035 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11034 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11033 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11032 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11031 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11030 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11029 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11028 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11027 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11026 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11025 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2015-9545 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...) NOT-FOR-US: xdLocalStorage CVE-2015-9544 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...) NOT-FOR-US: xdLocalStorage CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...) - libconvert-asn1-perl 0.27-3 (bug #956186) [buster] - libconvert-asn1-perl (Minor issue) [stretch] - libconvert-asn1-perl (Minor issue) [jessie] - libconvert-asn1-perl (Minor issue) NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14 CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) NOT-FOR-US: CIPPlanner CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) NOT-FOR-US: CIPPlanner CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) NOT-FOR-US: CIPPlanner CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) NOT-FOR-US: CIPPlanner CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) NOT-FOR-US: DNN (formerly DotNetNuke) CVE-2020-11584 (A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows r ...) NOT-FOR-US: Plesk Onyx CVE-2020-11583 (A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allo ...) NOT-FOR-US: Plesk Obsidian CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...) NOT-FOR-US: Chadha PHPKB CVE-2020-11578 RESERVED CVE-2020-11577 RESERVED CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) NOT-FOR-US: Argo CVE-2020-11575 RESERVED CVE-2020-11574 RESERVED CVE-2020-11573 RESERVED CVE-2020-11572 RESERVED CVE-2020-11571 RESERVED CVE-2020-11570 RESERVED CVE-2020-11569 RESERVED CVE-2020-11568 RESERVED CVE-2020-11567 RESERVED CVE-2020-11566 RESERVED CVE-2020-11565 (An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_ ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED CVE-2020-11563 RESERVED CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) [jessie] - gpac (Vulnerable code not present and not reproducible) NOTE: https://github.com/gpac/gpac/issues/1440 NOTE: Introduced by: https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 (v0.9.0-preview) NOTE: and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649 (v0.9.0-preview) NOTE: Fixed by: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c (v0.9.0-preview~20) CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...) NOT-FOR-US: ManageEngine CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...) NOT-FOR-US: SuperWebMailer CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) NOT-FOR-US: TechSmith SnagIt CVE-2020-11540 RESERVED CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...) NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...) - pillow 7.2.0-1 (low) [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4504 NOTE: https://github.com/python-pillow/Pillow/pull/4538 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) NOT-FOR-US: Chop Slider 3 WordPress plugin CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) NOT-FOR-US: bit2spr CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 h ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0 ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ha ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of- ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 h ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) NOT-FOR-US: Zoho CVE-2020-11517 RESERVED CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows remote attac ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11510 RESERVED NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects GitLab EE 12.8.0 and later) NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...) NOT-FOR-US: Sophos CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) NOT-FOR-US: Zoom CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) NOT-FOR-US: Firmware Analysis and Comparison Tool CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) NOT-FOR-US: Slack Nebula CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...) NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...) NOT-FOR-US: Sprecher SPRECON-E firmware CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...) NOT-FOR-US: codeBeamer CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) {DSA-4652-1} - gnutls28 3.6.13-2 (bug #955556) [stretch] - gnutls28 (Vulnerable code introduced later) [jessie] - gnutls28 (Vulnerable code introduced later) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) CVE-2020-11482 RESERVED CVE-2020-11481 RESERVED CVE-2020-11480 RESERVED CVE-2020-11479 RESERVED CVE-2020-11478 RESERVED CVE-2020-11477 RESERVED CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...) NOT-FOR-US: Concrete5 CVE-2020-11475 RESERVED CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...) NOT-FOR-US: NCP Secure Enterprise Client CVE-2020-11473 RESERVED CVE-2020-11472 RESERVED CVE-2020-11471 RESERVED CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) NOT-FOR-US: Zoom CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) NOT-FOR-US: Zoom CVE-2020-11468 RESERVED CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) NOT-FOR-US: Deskpro CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) NOT-FOR-US: Deskpro CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) NOT-FOR-US: Deskpro CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) NOT-FOR-US: Deskpro CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) NOT-FOR-US: Deskpro CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-11461 RESERVED CVE-2020-11460 RESERVED CVE-2020-11459 RESERVED CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) NOT-FOR-US: MISP CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) NOT-FOR-US: pfSense CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) - limesurvey (bug #472802) CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) - limesurvey (bug #472802) CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) NOT-FOR-US: Microstrategy Web CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...) NOT-FOR-US: Microstrategy Web CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) NOT-FOR-US: Microstrategy Web CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) NOT-FOR-US: Microstrategy Web CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) NOT-FOR-US: Microstrategy Web CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) NOT-FOR-US: Technicolor devices CVE-2020-11448 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There ...) NOT-FOR-US: Bell HomeHub 3000 SG48222070 devices CVE-2020-11447 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remot ...) NOT-FOR-US: Bell HomeHub 3000 SG48222070 devices CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...) NOT-FOR-US: ESET CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) NOT-FOR-US: TP-Link CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...) NOT-FOR-US: Zoom CVE-2020-11442 RESERVED CVE-2020-11441 (phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astrin ...) - phpmyadmin (unimportant) [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 NOTE: Not considered a security issue CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no ...) NOT-FOR-US: Wind River CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF.) NOT-FOR-US: LibreHealth EMR CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11435 RESERVED CVE-2020-11434 RESERVED CVE-2020-11433 RESERVED CVE-2020-11432 RESERVED CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...) NOT-FOR-US: i-net CVE-2020-11430 RESERVED CVE-2020-11429 RESERVED CVE-2020-11428 RESERVED CVE-2020-11427 RESERVED CVE-2020-11426 RESERVED CVE-2020-11425 RESERVED CVE-2020-11424 RESERVED CVE-2020-11423 RESERVED CVE-2020-11422 RESERVED CVE-2020-11421 RESERVED CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) NOT-FOR-US: UPS Adapter CS141 CVE-2020-11419 RESERVED CVE-2020-11418 RESERVED CVE-2020-11417 RESERVED CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats.) NOT-FOR-US: JetBrains Space CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 REJECTED CVE-2020-11412 REJECTED CVE-2020-11411 REJECTED CVE-2020-11410 REJECTED CVE-2020-11409 REJECTED CVE-2020-11408 REJECTED CVE-2020-11407 REJECTED CVE-2020-11406 REJECTED CVE-2020-11405 REJECTED CVE-2020-11404 REJECTED CVE-2020-11403 REJECTED CVE-2020-11402 REJECTED CVE-2020-11401 REJECTED CVE-2020-11400 REJECTED CVE-2020-11399 REJECTED CVE-2020-11398 REJECTED CVE-2020-11397 REJECTED CVE-2020-11396 REJECTED CVE-2020-11395 REJECTED CVE-2020-11394 REJECTED CVE-2020-11393 REJECTED CVE-2020-11392 REJECTED CVE-2020-11391 REJECTED CVE-2020-11390 REJECTED CVE-2020-11389 REJECTED CVE-2020-11388 REJECTED CVE-2020-11387 REJECTED CVE-2020-11386 REJECTED CVE-2020-11385 REJECTED CVE-2020-11384 REJECTED CVE-2020-11383 REJECTED CVE-2020-11382 REJECTED CVE-2020-11381 REJECTED CVE-2020-11380 REJECTED CVE-2020-11379 REJECTED CVE-2020-11378 REJECTED CVE-2020-11377 REJECTED CVE-2020-11376 REJECTED CVE-2020-11375 REJECTED CVE-2020-11374 REJECTED CVE-2020-11373 REJECTED CVE-2020-11372 REJECTED CVE-2020-11371 REJECTED CVE-2020-11370 REJECTED CVE-2020-11369 REJECTED CVE-2020-11368 REJECTED CVE-2020-11367 REJECTED CVE-2020-11366 REJECTED CVE-2020-11365 REJECTED CVE-2020-11364 REJECTED CVE-2020-11363 REJECTED CVE-2020-11362 REJECTED CVE-2020-11361 REJECTED CVE-2020-11360 REJECTED CVE-2020-11359 REJECTED CVE-2020-11358 REJECTED CVE-2020-11357 REJECTED CVE-2020-11356 REJECTED CVE-2020-11355 REJECTED CVE-2020-11354 REJECTED CVE-2020-11353 REJECTED CVE-2020-11352 REJECTED CVE-2020-11351 REJECTED CVE-2020-11350 REJECTED CVE-2020-11349 REJECTED CVE-2020-11348 REJECTED CVE-2020-11347 REJECTED CVE-2020-11346 REJECTED CVE-2020-11345 REJECTED CVE-2020-11344 REJECTED CVE-2020-11343 REJECTED CVE-2020-11342 REJECTED CVE-2020-11341 REJECTED CVE-2020-11340 REJECTED CVE-2020-11339 REJECTED CVE-2020-11338 REJECTED CVE-2020-11337 REJECTED CVE-2020-11336 REJECTED CVE-2020-11335 REJECTED CVE-2020-11334 REJECTED CVE-2020-11333 REJECTED CVE-2020-11332 REJECTED CVE-2020-11331 REJECTED CVE-2020-11330 REJECTED CVE-2020-11329 REJECTED CVE-2020-11328 REJECTED CVE-2020-11327 REJECTED CVE-2020-11326 REJECTED CVE-2020-11325 REJECTED CVE-2020-11324 REJECTED CVE-2020-11323 REJECTED CVE-2020-11322 REJECTED CVE-2020-11321 REJECTED CVE-2020-11320 REJECTED CVE-2020-11319 REJECTED CVE-2020-11318 REJECTED CVE-2020-11317 REJECTED CVE-2020-11316 REJECTED CVE-2020-11315 REJECTED CVE-2020-11314 REJECTED CVE-2020-11313 REJECTED CVE-2020-11312 REJECTED CVE-2020-11311 RESERVED CVE-2020-11310 REJECTED CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11307 (Buffer overflow in modem due to improper array index check before copy ...) NOT-FOR-US: Snapdragon CVE-2020-11306 (Possible integer overflow in RPMB counter due to lack of length check ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...) NOT-FOR-US: Snapdragon CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11302 REJECTED CVE-2020-11301 (Improper authentication of un-encrypted plaintext Wi-Fi frames in an e ...) NOT-FOR-US: Qualcomm WIGIG chipsets CVE-2020-11300 REJECTED CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtypes in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to improper ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11295 (Use after free in camera If the threadmanager is being cleaned up whil ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated while ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11292 (Possible buffer overflow in voice service due to lack of input validat ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11291 (Possible buffer overflow while updating ikev2 parameters for delete pa ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11289 (Out of bound write can occur in TZ command handler due to lack of vali ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11288 (Out of bound write can occur in playready while processing command due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC address by co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB control tra ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11285 (Buffer over-read while unpacking the RTCP packet we may read extra byt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11284 (Locked memory can be unlocked and modified by non secure boot loader t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to lack of in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11282 (Improper access control when using mmap with the kgsl driver with a sp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC address by co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11280 (Denial of service while processing fine timing measurement request (FT ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11279 (Memory corruption while processing crafted SDES packets due to imprope ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11278 (Possible denial of service while handling host WMI command due to impr ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11277 (Possible race condition during async fastrpc session after sending RPC ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA attribute of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon frame du ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11274 (Denial of service in MODEM due to assert to the invalid configuration ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11273 (Histogram type KPI was teardown with the assumption of the existence o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11272 (Before enqueuing a frame to the PE queue for further processing, an en ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11271 (Possible out of bounds while accessing global control elements due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11270 (Possible denial of service due to RTT responder consistently rejects a ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...) NOT-FOR-US: Snapdragon CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11264 (Improper authentication of Non-EAPOL/WAPI plaintext frames during four ...) NOT-FOR-US: Qualcomm WLAN Windows Host CVE-2020-11263 (An integer overflow due to improper check performed after the address ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11262 (A race between command submission and destroying the context can cause ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dumps are ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11250 (Use after free due to race condition when reopening the device driver ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of offset le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11246 (A double free condition can occur when the device moves to suspend mod ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11244 RESERVED CVE-2020-11243 (RRC sends a connection establishment success to NAS even though connec ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11241 (Out of bound read will happen if EAPOL Key length is less than expecte ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11240 (Memory corruption due to ioctl command size was incorrectly set to the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11239 (Use after free issue when importing a DMA buffer by using the CPU addr ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11238 (Possible Buffer over-read in ARP/NS parsing due to lack of check of pa ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11235 (Buffer overflow might occur while parsing unified command due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11233 (Time-of-check time-of-use race condition While processing partition en ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11232 RESERVED CVE-2020-11231 (Two threads call one or both functions concurrently leading to corrupt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...) NOT-FOR-US: Snapdragon CVE-2020-11229 RESERVED CVE-2020-11228 (Part of RPM region was not protected from xblSec itself due to imprope ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11227 (Out of bound write while parsing RTT/TTY packet parsing due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11226 (Out of bound memory read in Data modem while unpacking data due to lac ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11224 RESERVED CVE-2020-11223 (Out of bound in camera driver due to lack of check of validation of ar ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11222 (Buffer over read while processing MT SMS with maximum length due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11221 (Usage of syscall by non-secure entity can allow extraction of secure Q ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11220 (While processing storage SCM commands there is a time of check or time ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11219 RESERVED CVE-2020-11218 (Denial of service in baseband when NW configures LTE betaOffset-RI-Ind ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11216 (Buffer over read can happen in video driver when playing clip with ato ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11215 (An out of bounds read can happen when processing VSA attribute due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11214 (Buffer over-read while processing NDL attribute if attribute length is ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11213 (Out of bound reads might occur in while processing Service descriptor ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUIs due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11211 RESERVED CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU configura ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11209 (Improper authorization in DSP process could allow unauthorized users t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11208 (Out of Bound issue in DSP services while processing received arguments ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11207 (Buffer overflow in LibFastCV library due to improper size checks with ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11206 (Possible buffer overflow in Fastrpc while handling received parameters ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11204 (Possible memory corruption and information leakage in sub-system due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size received f ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11202 (Buffer overflow/underflow occurs when typecasting the buffer passed by ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11201 (Arbitrary access to DSP memory due to improper check in loaded library ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11199 (HLOS to access EL3 stack canary by just mapping imem region due to Imp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data related ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11197 (Possible integer overflow can occur when stream info update is called ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11195 (Out of bound write and read in TA while processing command from NS sid ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11194 (Possible out of bound access in TA while processing a command from NS ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to lack of c ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11188 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11187 (Possible memory corruption in BSI module due to improper validation of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11186 (Modem will enter into busy mode in an infinite loop while parsing hist ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11182 (Possible heap overflow while parsing NAL header due to lack of check o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...) NOT-FOR-US: Snapdragon CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11178 (Trusted APPS to overwrite the CPZ memory of another use-case as TZ onl ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11177 (User can overwrite Security Code NV item without knowing current SPC d ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11176 (While processing server certificate from IPSec server, certificate val ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to race ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11171 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11170 (Out of bound memory access while playing music playbacks with crafted ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11165 (Memory corruption due to buffer overflow while copying the message pro ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and cause p ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input paramete ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11161 (Out-of-bounds memory access can occur while calculating alignment requ ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11160 (Resource leakage issue during dci client registration due to reference ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11159 (Buffer over-read can happen while processing WPA,RSN IE of beacon and ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) NOT-FOR-US: Qualcomm CVE-2020-11157 (u'Lack of handling unexpected control messages while encryption was in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11156 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11155 (u'Buffer overflow while processing PDU packet in bluetooth due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in blueto ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11152 (Race condition in HAL layer while processing callback objects received ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11151 (Race condition occurs while calling user space ioctl from two differen ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11150 (Out of bound memory access in camera driver due to improper validation ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11149 (Out of bound access due to usage of an out-of-range pointer offset in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11148 (Use after free issue in HIDL while using callback to post event in Rx ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11147 (Use after free issue in audio modules while removing and freeing objec ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack of check ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11145 (Divide by zero issue can happen while updating delta extension header ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11144 (Buffer over-read while UE process invalid DL ROHC packet for decompres ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11143 (Out of bound memory access during music playback with modified content ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11142 RESERVED CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...) NOT-FOR-US: Snapdragon CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management functio ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...) NOT-FOR-US: Snapdragon CVE-2020-11134 (Possible stack out of bound write might happen due to time bitmap leng ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) NOT-FOR-US: Snapdragon CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...) NOT-FOR-US: Snapdragon CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11126 (Possible out of bound read while WLAN frame parsing due to lack of che ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) NOT-FOR-US: Snapdragon CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11119 (Buffer over-read can happen when the buffer length received from respo ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...) NOT-FOR-US: Snapdragon CVE-2020-11116 (u'Possible out of bound write while processing association response re ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11114 (u'Bluetooth devices does not properly restrict the L2CAP payload lengt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) - bubblewrap 0.4.1-1 (low; bug #955441) [buster] - bubblewrap (Introduced in 0.4.0) [stretch] - bubblewrap (Introduced in 0.4.0) NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...) - grafana CVE-2020-11109 RESERVED CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...) NOT-FOR-US: Pi-hole CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) NOT-FOR-US: XAMPP CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, ...) NOT-FOR-US: Webswing CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu 1:4.2-4 (bug #956145) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) CVE-2020-11101 (Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles ...) NOT-FOR-US: Sierra Wireless AirLink Mobility Manager CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) {DSA-4649-1} - haproxy 2.0.13-2 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...) NOT-FOR-US: Proofpoint Email Protection CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...) NOT-FOR-US: odata4j CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...) NOT-FOR-US: odata4j CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0 (3.0.0-beta1) NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/ce1a9d8d1969ecbb4d24b9f4812654638a44abc2 (3.0.0-beta1) NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/746d10179c54e77beccf0b4edf2c9803d5a8e7da (2.1.2) NOTE: Regression fix: https://github.com/FreeRDP/FreeRDP/commit/62530e2d9dab999d1c5ddd1368d67c599dccd580 (2.2.0) CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...) {DLA-3606-1} - freerdp2 2.1.2+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...) NOT-FOR-US: October CMS CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...) NOT-FOR-US: Hyperledger Indy Node CVE-2020-11092 RESERVED CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...) NOT-FOR-US: Weave Net CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...) NOT-FOR-US: Indy Node CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...) NOT-FOR-US: iPear CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...) NOT-FOR-US: October CMS CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...) {DSA-5005-1 DLA-2763-1} - ruby-kaminari 1.0.1-6 (bug #961847) [jessie] - ruby-kaminari (No reverse dependency) NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...) - osquery (bug #803502) CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) {DSA-4696-1 DLA-3621-1 DLA-2786-1} - nghttp2 1.41.0-1 - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr NOTE: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 (v1.41.0) NOTE: https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 (v1.41.0) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080 CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...) NOT-FOR-US: dns-sync nodejs module CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) {DLA-2232-1} - python-httplib2 0.18.1-1 [buster] - python-httplib2 (Minor issue) [stretch] - python-httplib2 (Minor issue) NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) {DLA-2398-1} - puma 4.3.6-1 (bug #972102) [buster] - puma 3.12.0-2+deb10u2 NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...) {DLA-2398-1} - puma 4.3.6-1 (bug #972102) [buster] - puma 3.12.0-2+deb10u2 NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) NOT-FOR-US: Anchore Engine CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) NOT-FOR-US: zsh-autoswitch-virtualenv CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) NOT-FOR-US: Node slp-validate CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) NOT-FOR-US: Node slpjs CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) NOT-FOR-US: TYPO3 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...) NOT-FOR-US: LoRaMac-node CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...) NOT-FOR-US: TYPO3 CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...) NOT-FOR-US: TYPO3 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) {DLA-2353-1} - bacula 9.6.5-1 [buster] - bacula 9.4.2-2+deb10u1 - bareos (bug #968957) [buster] - bareos (Minor issue; can be fixed via point release) [stretch] - bareos (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 NOTE: https://bugs.bareos.org/view.php?id=1210 NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master) NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4) CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) NOT-FOR-US: AEgir CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) NOT-FOR-US: XWiki CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) NOT-FOR-US: Sprout Forms CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) NOT-FOR-US: BookStack CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) - qutebrowser 1.11.1.post1-1 (unimportant) NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403 NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j NOTE: Depends on qtwebkit, which is not covered by security support CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) - oauth2-proxy (bug #982891) CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) NOT-FOR-US: Sorcery CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) NOT-FOR-US: Wiki.js CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) NOT-FOR-US: Java-WebSocket, different from src:websocket-api CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp (Vulnerable code introduced later) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) {DLA-3606-1 DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...) NOT-FOR-US: Wagtail CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh NOTE: https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) - wordpress 5.4.1+dfsg1-1 (bug #959391) [buster] - wordpress (Vulnerable code not present) [stretch] - wordpress (Vulnerable code not present) [jessie] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/47636 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47637 NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master) CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47635 NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3 CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47634 NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master) CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47638 NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master) CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...) {DSA-4677-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) [jessie] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47633 NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...) NOT-FOR-US: Moonlight iOS/tvOS CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...) {DSA-4693-1 DLA-3551-1 DLA-2608-1} - jquery [buster] - jquery 3.3.1~dfsg-3+deb10u1 [jessie] - jquery (Vulnerable code not present) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) - otrs2 6.0.30-1 [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 NOTE: https://www.drupal.org/sa-core-2020-002 NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...) {DSA-4693-1 DLA-3551-1 DLA-2608-1} - jquery [buster] - jquery 3.3.1~dfsg-3+deb10u1 [jessie] - jquery (Vulnerable code not present) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) - otrs2 6.0.30-1 [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 NOTE: https://www.drupal.org/sa-core-2020-002 NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...) NOT-FOR-US: Actions Http-Client CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...) - ruby-faye 1.4.0-1 (bug #959392) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...) {DLA-3606-1} - freerdp2 2.1.1+dfsg1-1 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) NOT-FOR-US: IntelMQ Manager CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...) NOT-FOR-US: thinx-device-api IoT Device Management Server CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...) NOT-FOR-US: Electron-Cash-SLP CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...) - helm-kubernetes (bug #910799) CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...) NOT-FOR-US: MinIO CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...) NOT-FOR-US: Phproject CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...) NOT-FOR-US: Tortoise ORM CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...) NOT-FOR-US: Rundeck CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4659-1 DLA-2182-1} - git 1:2.26.2-1 NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/ NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...) NOT-FOR-US: Shopizer CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...) NOT-FOR-US: Shopizer CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) NOT-FOR-US: WindowsHello CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) NOT-FOR-US: Admidio CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) NOT-FOR-US: dropwizard-validation CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) NOT-FOR-US: Wagtail CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 RESERVED CVE-2020-10998 RESERVED CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...) - percona-xtrabackup (Vulnerable code introduced later) NOTE: https://jira.percona.com/browse/PXB-2142 NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11) NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) - percona-xtradb-cluster-5.5 CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...) - pillow 7.2.0-1 (unimportant) NOTE: https://github.com/python-pillow/Pillow/pull/4505 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 7.1.0 NOTE: Debian packages are built without JPEG2000 support CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) NOT-FOR-US: Osmand CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) NOT-FOR-US: Azkaban CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) NOT-FOR-US: Mulesoft APIkit CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) NOT-FOR-US: Accenture Mercury CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...) NOT-FOR-US: Tenda CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...) NOT-FOR-US: Tenda CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...) NOT-FOR-US: Tenda CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...) NOT-FOR-US: Tenda CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.) NOT-FOR-US: Gambio GX CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.) NOT-FOR-US: Gambio GX CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.) NOT-FOR-US: Gambio GX CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.) NOT-FOR-US: Gambio GX CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10974 (An issue was discovered affecting a backup feature where a crafted POS ...) NOT-FOR-US: Wavlink CVE-2020-10973 (An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink ...) NOT-FOR-US: Wavlink CVE-2020-10972 (An issue was discovered where a page is exposed that has the current a ...) NOT-FOR-US: Wavlink CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a crafted P ...) NOT-FOR-US: Wavlink CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Th ...) - rust-bumpalo 3.2.1-1 (bug #955151) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - serendipity CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through ...) NOT-FOR-US: PSAppDeployToolkit CVE-2020-10961 RESERVED CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) {DSA-4651-1} - mediawiki 1:1.31.7-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T246602 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...) - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T232932 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) - gitlab (Only affects GitLab EE 11.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...) NOT-FOR-US: Western Digital My Cloud Home and ibi devices CVE-2020-10950 RESERVED CVE-2020-10949 RESERVED CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) NOT-FOR-US: Sophos CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses.) - centreon-web (bug #913903) CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...) - nomad 0.10.5+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7468 CVE-2020-10943 RESERVED CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...) - patch (Incomplete fix for CVE-2018-6952 not applied) NOTE: https://savannah.gnu.org/bugs/index.php?56683 CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ...) {DLA-3249-1} - mbedtls 2.16.5-1 [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) {DSA-4675-1 DLA-2173-1} - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can ...) - ipfs (bug #779893) CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation.) {DSA-4818-1 DLA-2401-1} - sympa 6.2.40~dfsg-5 (bug #961491) NOTE: https://sympa-community.github.io/security/2020-002.html NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/ NOTE: https://github.com/sympa-community/sympa/issues/943 CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...) {DSA-4818-1 DLA-2401-1} - sympa 6.2.40~dfsg-7 (bug #971904) NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions NOTE: (already suid root and word-executable) allowing to gain root privileges NOTE: without first to escalate to sympa user. NOTE: https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...) - zulip-server (bug #800052) CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) {DSA-4721-1} - ruby2.7 2.7.1-1 - ruby2.5 - ruby2.3 (Vulnerable code introduced in 2.5.0) - ruby2.1 (Vulnerable code introduced in 2.5.0) NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) {DLA-3249-1} - mbedtls 2.16.9-0.1 (bug #963159) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: C-MORE HMI CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...) NOT-FOR-US: C-MORE HMI CVE-2020-10920 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: C-MORE HMI CVE-2020-10919 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: C-MORE HMI CVE-2020-10918 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: C-MORE HMI CVE-2020-10917 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NEC CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) NOT-FOR-US: TP-Link CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: TP-Link CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) NOT-FOR-US: TP-Link CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: TP-Link CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1271 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1270 CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1268 CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1264 NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0) NOTE: Fixed by: qhttps://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview) CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8 NOTE: https://github.com/gpac/gpac/issues/1269 CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3) CVE-2020-10877 RESERVED CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) NOT-FOR-US: Motorola devices CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files.) NOT-FOR-US: Motorola devices CVE-2020-10873 RESERVED CVE-2020-10872 RESERVED CVE-2020-10871 (In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retriev ...) NOT-FOR-US: OpenWrt LuCI CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) - zim 0.72.1-1 (unimportant; bug #954810) NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 NOTE: Negligible security impact CVE-2020-10869 RESERVED CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) NOT-FOR-US: Avast Antivirus CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) NOT-FOR-US: Zoho CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...) NOT-FOR-US: Zulip Desktop CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...) NOT-FOR-US: Zulip Desktop CVE-2020-10856 RESERVED CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.) NOT-FOR-US: AutoUpdater.NET CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...) NOT-FOR-US: Honda HR-V 2017 vehicles CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) - memcached 1.6.2-1 (bug #954808) [buster] - memcached (Introduced in 1.6) [stretch] - memcached (Introduced in 1.6) [jessie] - memcached (Introduced in 1.6) NOTE: https://github.com/memcached/memcached/issues/629 NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) NOT-FOR-US: Draytek CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) NOT-FOR-US: Draytek CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) NOT-FOR-US: Draytek CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) NOT-FOR-US: Draytek CVE-2020-10822 RESERVED CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.) NOT-FOR-US: Nagios XI CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) NOT-FOR-US: Artica Proxy CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any (before May ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20595 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20590 (An issue was discovered on Samsung mobile devices with O(8.x) (Qualcom ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20589 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20588 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20587 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20586 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20585 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20584 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20583 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20582 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20581 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20580 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20579 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20578 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20573 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20572 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20571 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20570 (An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20569 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20568 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20567 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20566 (An issue was discovered on Samsung mobile devices with any (before Sep ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20565 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20564 (An issue was discovered on Samsung mobile devices with any (before Oct ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20563 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20562 (An issue was discovered on Samsung mobile devices with P(9.0) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20561 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20560 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20559 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20558 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20557 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20556 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20555 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20554 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20553 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20552 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20551 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20550 (An issue was discovered on Samsung mobile devices with O(8.x) (release ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20549 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20548 (An issue was discovered on Samsung mobile devices with P(9.0) devices ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20547 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20546 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20545 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20544 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20543 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20542 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20541 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20540 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20539 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20538 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20537 (An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20536 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20535 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20534 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20533 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20532 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) NOT-FOR-US: Code::Blocks CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) NOT-FOR-US: FTPDMIN CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 1.10.8+repack-1 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108 NOTE: Duplicate of CVE-2018-14033 CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 1.10.8+repack-1 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108 CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006 CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) NOT-FOR-US: Caldera CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) NOT-FOR-US: eZ Publish Kernel CVE-2020-10805 RESERVED CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 ...) NOT-FOR-US: Netgear CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 [jessie] - phpmyadmin (Vulnerable code not present) NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe CVE-2020-10801 RESERVED CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) NOT-FOR-US: lix node (different from src:lix) CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) NOT-FOR-US: svglib CVE-2020-10798 RESERVED CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...) NOT-FOR-US: pfSense CVE-2020-10796 RESERVED CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...) - codeigniter (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10785 RESERVED CVE-2020-10784 RESERVED CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...) NOT-FOR-US: Ansible Tower CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...) {DLA-2385-1} - linux 5.7.10-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1 NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680 CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is possib ...) NOT-FOR-US: Keycloak CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...) NOT-FOR-US: ovirt-engine CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...) - linux (Red Hat-specific patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964 CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.81-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380 CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...) - unbound (Red Hat specific regression in backport) CVE-2020-10771 (A flaw was found in Infinispan version 10, where it is possible to per ...) NOT-FOR-US: Infinispan CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is possible to fo ...) NOT-FOR-US: Keycloak CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...) - linux 4.19.20-1 [stretch] - linux 4.9.161-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e CVE-2020-10765 REJECTED CVE-2020-10764 REJECTED CVE-2020-10763 (An information-disclosure flaw was found in the way Heketi before 10.1 ...) - heketi (bug #903384) CVE-2020-10762 (An information-disclosure flaw was found in the way that gluster-block ...) NOT-FOR-US: gluster-block CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1 NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...) {DLA-2274-1} - fwupd 1.3.10-1 (bug #962517) [buster] - fwupd 1.2.13-1 - libjcat 0.1.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316 NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10) NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2) NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...) NOT-FOR-US: Keycloak CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) {DSA-4728-1 DLA-2288-1} - libslirp 4.3.1-1 - qemu 1:4.1-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...) - cinder 2:16.1.0-1 (low) [buster] - cinder (Minor issue) [stretch] - cinder (Minor issue) [jessie] - cinder (OpenStack component, not supported in jessie LTS) - python-os-brick 3.1.0-1 (low) [buster] - python-os-brick (Minor issue) [stretch] - python-os-brick (Minor issue) NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) - network-manager 1.24.2-1 (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific NOTE: plugin). CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) {DLA-3629-1 DLA-2735-1} - ceph 14.2.15-1 (bug #975300) [jessie] - ceph (Minor issue) NOTE: https://github.com/ceph/ceph/pull/35773 NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2 CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...) NOT-FOR-US: OpenShift CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) NOT-FOR-US: Jaeger CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) - golang-github-containernetworking-plugins 0.8.6-1 NOTE: https://github.com/containernetworking/plugins/pull/484 NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...) NOT-FOR-US: Keycloak CVE-2020-10747 REJECTED CVE-2020-10746 (A flaw was found in Infinispan (org.infinispan:infinispan-server-runti ...) NOT-FOR-US: Infinispan CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) - ansible 2.9.13+dfsg-1 (bug #966660) [buster] - ansible (Incomplete fix not applied) [stretch] - ansible (Incomplete fix not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 NOTE: https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d NOTE: https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f (v2.9.12) NOTE: CVE is for an incomplete fix of CVE-2020-1733 CVE-2020-10743 (It was discovered that OpenShift Container Platform's (OCP) distributi ...) - kibana (bug #700337) CVE-2020-10742 (A flaw was found in the Linux kernel. An index buffer overflow during ...) - linux 3.16.2-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127 CVE-2020-10741 REJECTED CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...) - wildfly (bug #752018) CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...) - envoyproxy (bug #987544) CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...) - oddjob 0.34.6-1 (bug #960089) [buster] - oddjob (Minor issue) [stretch] - oddjob (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...) - ceph (Vulnerable code introduced later) NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time complexi ...) {DLA-3477-1} - python3.11 3.11.0~rc2-1 - python3.10 3.10.7-1 - python3.9 [bullseye] - python3.9 (Minor issue) - python3.7 - python2.7 [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) [buster] - python2.7 (Minor issue, CPU DoS, intrusive backport) - pypy3 7.3.10+dfsg-1 [bullseye] - pypy3 (Minor issue) [buster] - pypy3 (Minor issue) NOTE: https://github.com/python/cpython/issues/95778 NOTE: https://github.com/python/cpython/pull/96499 NOTE: https://github.com/python/cpython/commit/f8b71da9aac6ea74808dcdd0cc266e705431356b (v3.11.0rc2) NOTE: https://github.com/python/cpython/commit/8f0fa4bd10aba723aff988720cd26b93be99bc12 (v3.10.7) NOTE: https://github.com/python/cpython/commit/cec1e9dfd769bd3a16142d0fdd1a36f19c77ed15 (v3.9.14) NOTE: https://github.com/python/cpython/commit/15ec1afd4fcd2da1e2d2b256c562fb42d8d886a2 (v3.7.14) CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...) NOT-FOR-US: Keycloak CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) - postgresql-12 (Windows-specific) - postgresql-11 (Windows-specific) - postgresql-9.6 (Windows-specific) NOTE: https://www.postgresql.org/about/news/2038/ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Does not affect supported architectures) NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...) NOT-FOR-US: Red Hat OpenStack platform CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) {DSA-4884-1 DLA-2463-1} - ldb 2:2.1.4-1 [stretch] - ldb (Vulnerable code introduced later) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...) {DSA-4950-1} - ansible 2.9.6+dfsg-1 [stretch] - ansible (EOL'd for stretch) [jessie] - ansible (Vulnerable code introduced later, no variables template caching) NOTE: https://github.com/ansible/ansible/issues/34144 NOTE: https://github.com/ansible/ansible/pull/67429/ NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0) CVE-2020-10728 (A flaw was found in automationbroker/apb container in versions up to a ...) NOT-FOR-US: automationbroker/apb CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...) NOT-FOR-US: ApacheMQ Artemis CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) {DSA-4688-1} - dpdk 19.11.2-1 (bug #960936) CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...) NOT-FOR-US: fabric8-maven-plugin CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.76-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...) - undertow 2.1.1-1 (bug #969913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...) - wildfly (bug #752018) CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) - qemu 1:5.0-5 (bug #959746) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...) NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...) NOT-FOR-US: WildFly Elytron CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) NOT-FOR-US: image registry operator in OpenShift Container Platform CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-1 [jessie] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 CVE-2020-10710 (A flaw was found where the Plaintext Candlepin password is disclosed w ...) NOT-FOR-US: foreman-installer CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...) - ansible-awx (bug #908763) NOTE: https://github.com/ansible/awx/issues/6630 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 CVE-2020-10708 REJECTED CVE-2020-10707 REJECTED CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) NOT-FOR-US: OpenShift CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...) - undertow 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) {DLA-2463-1} - samba 2:4.12.3+dfsg-2 (bug #960188) [buster] - samba (Can be fixed along in future DSA) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334 NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...) {DLA-3778-1} - libvirt 6.0.0-2 [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...) - qemu 1:4.2-5 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible ...) - libvirt 6.0.0-7 (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...) - samba 2:4.12.3+dfsg-2 (bug #960189) [buster] - samba (Vulnerable code introduced later) [stretch] - samba (Vulnerable code introduced later) [jessie] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331 NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 ...) - targetcli-fb (Vulnerable code introduced later) NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows ...) NOT-FOR-US: Ansible Tower CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...) NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah 1.11.6-2 NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...) NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 REJECTED CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...) - libhibernate-validator-java (bug #988946) [bookworm] - libhibernate-validator-java (Minor issue) [bullseye] - libhibernate-validator-java (Minor issue) [buster] - libhibernate-validator-java (EL support added in 5.x) [stretch] - libhibernate-validator-java (EL support added in 5.x) [jessie] - libhibernate-validator-java (EL support added in 5.x) - libhibernate-validator4-java (EL support added in 5.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501 CVE-2020-10692 REJECTED CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...) - ansible 2.9.7+dfsg-1 [buster] - ansible (Vulnerable code introduced later) [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 NOTE: https://github.com/ansible/ansible/pull/68596 NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) {DLA-2241-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.228-1 NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...) - resteasy (bug #970328) - resteasy3.0 3.0.26-4 (bug #1015001) [bullseye] - resteasy3.0 (Minor issue) [buster] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) NOTE: https://github.com/resteasy/Resteasy/pull/2320 NOTE: https://github.com/resteasy/Resteasy/commit/3fe881cf945c06bdb16895fbc73bc620694d2ba7 (4.6.0.Final) CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...) - undertow 2.2.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 NOTE: https://issues.jboss.org/browse/UNDERTOW-1780 NOTE: https://github.com/undertow-io/undertow/pull/951 NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e (2.2.0.Final) CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...) NOT-FOR-US: Keycloak CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [stretch] - ansible (EOL'd for stretch) [jessie] - ansible (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 NOTE: https://github.com/ansible/ansible/pull/68433 NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9 NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1) CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [stretch] - ansible (EOL'd for stretch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...) {DLA-2191-1} - dom4j 2.1.3-1 (bug #958055) [buster] - dom4j (Minor issue) [stretch] - dom4j (Minor issue) NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?) NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?) CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) NOT-FOR-US: CMS Made Simple CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) NOT-FOR-US: CMS Made Simple CVE-2020-10680 RESERVED CVE-2020-10679 RESERVED CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) NOT-FOR-US: Octopus Deploy CVE-2020-10677 RESERVED CVE-2020-10676 (In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly ap ...) NOT-FOR-US: Rancher CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) [buster] - golang-github-buger-jsonparser (Limited support, minor issue) NOTE: https://github.com/buger/jsonparser/issues/188 NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) NOT-FOR-US: Canon CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXa ...) NOT-FOR-US: FreePBX CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) - libperlspeak-perl (bug #954238) [jessie] - libperlspeak-perl (Not supported in jessie LTS) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) NOT-FOR-US: VxWorks CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) {DSA-4721-1 DLA-2192-1 DLA-2190-1} - ruby-json 2.3.0+dfsg-1 [buster] - ruby-json 2.1.0+dfsg-2+deb10u1 [stretch] - ruby-json 2.0.1+dfsg-3+deb9u1 - ruby2.7 (Fixed before initial upload to Debian) - ruby2.5 - ruby2.3 [stretch] - ruby2.3 2.3.3-1+deb9u8 - ruby2.1 NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ NOTE: https://hackerone.com/reports/706934 NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6) NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8) CVE-2020-10662 RESERVED CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) NOT-FOR-US: HashiCorp Vault CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...) NOT-FOR-US: Frappe Framework CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...) NOT-FOR-US: ilchCMS CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...) NOT-FOR-US: ilchCMS CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...) NOT-FOR-US: ilchCMS CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...) NOT-FOR-US: ERPNext CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...) NOT-FOR-US: ERPNext CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...) NOT-FOR-US: ERPNext CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...) NOT-FOR-US: ERPNext CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...) NOT-FOR-US: ERPNext CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...) NOT-FOR-US: ERPNext CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...) NOT-FOR-US: ERPNext CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...) NOT-FOR-US: ERPNext CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS.) NOT-FOR-US: Open edX Ironwood.1 CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...) NOT-FOR-US: Open edX Ironwood.1 CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection.) NOT-FOR-US: ERPNext CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) NOT-FOR-US: Ping Identity PingID CVE-2020-10653 RESERVED CVE-2020-10652 RESERVED CVE-2020-10651 RESERVED CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind through 2.9. ...) {DLA-3407-1} - jackson-databind 2.11.1-1 NOTE: https://github.com/advisories/GHSA-rpr3-cw39-3pxh NOTE: https://github.com/FasterXML/jackson-databind/issues/2658 NOTE: https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef (jackson-databind-2.9.10.4) CVE-2019-20510 REJECTED CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - u-boot 2020.04+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html CVE-2020-10647 REJECTED CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) NOT-FOR-US: Fuji Electric V-Server Lite CVE-2020-10645 RESERVED CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...) NOT-FOR-US: PI Vision CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an a ...) NOT-FOR-US: Rockwell CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) NOT-FOR-US: Inductive Automation CVE-2020-10640 (Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to ...) NOT-FOR-US: Emerson CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10636 (Inadequate encryption may allow the passwords for Emerson OpenEnterpri ...) NOT-FOR-US: Emerson CVE-2020-10635 (Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server ...) NOT-FOR-US: KUKA.Sim Pro CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 (Inadequate folder security permissions in Emerson OpenEnterprise versi ...) NOT-FOR-US: Emerson CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...) NOT-FOR-US: Insulet Omnipod Insulin Management System CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...) NOT-FOR-US: Grundfos CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) NOT-FOR-US: Advantech WebAccess CVE-2020-10606 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...) NOT-FOR-US: Grundfos CIM CVE-2020-10604 (In OSIsoft PI System multiple products and versions, a remote, unauthe ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) NOT-FOR-US: Pyxis CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...) NOT-FOR-US: Insulet CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...) NOT-FOR-US: Subrion CMS CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) {DSA-4648-1 DLA-2166-1} - libpam-krb5 4.9-1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) - tor 0.4.2.7-1 [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor (See DSA 4644) [jessie] - tor (Not supported in jessie LTS) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33120 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) NOT-FOR-US: Walmart Labs Concord CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API that ex ...) NOT-FOR-US: Replicated Classic CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) NOT-FOR-US: antiX and MX Linux CVE-2020-10586 RESERVED CVE-2020-10585 RESERVED CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10581 (Multiple session validity check issues in several administration funct ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) NOT-FOR-US: QCMS CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) - janus 0.9.2-1 (bug #954668) NOTE: https://github.com/meetecho/janus-gateway/pull/1990 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1993 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1994 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1989 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1988 CVE-2020-10572 RESERVED CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...) NOT-FOR-US: SysAid On-Premise CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...) NOT-FOR-US: Sails.js CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) NOT-FOR-US: File Upload plugin for WordPress CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) NOT-FOR-US: DEVOME GRR CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. ...) NOT-FOR-US: Xiaomi CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) NOT-FOR-US: driving interface of Tesla Model 3 vehicles CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 RESERVED CVE-2020-10555 RESERVED CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...) NOT-FOR-US: Psyprax CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...) NOT-FOR-US: Psyprax CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...) NOT-FOR-US: Psyprax CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...) NOT-FOR-US: rConfig CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...) NOT-FOR-US: rConfig CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10545 RESERVED CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) NOT-FOR-US: PrimeTek PrimeFaces CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...) NOT-FOR-US: Invision Power Board CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...) NOT-FOR-US: Epikur CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...) NOT-FOR-US: Epikur CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...) NOT-FOR-US: Epikur CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) NOT-FOR-US: MediaWiki extension CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 RESERVED CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) {DSA-4646-1 DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca NOTE: https://github.com/unicode-org/icu/pull/971 CVE-2020-10530 RESERVED CVE-2020-10529 RESERVED CVE-2020-10528 RESERVED CVE-2020-10527 RESERVED CVE-2020-10526 RESERVED CVE-2020-10525 RESERVED CVE-2020-10524 RESERVED CVE-2020-10523 RESERVED CVE-2020-10522 RESERVED CVE-2020-10521 RESERVED CVE-2020-10520 RESERVED CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...) NOT-FOR-US: GitHub Enterprise Server API CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...) NOT-FOR-US: iCatch DVR CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...) NOT-FOR-US: iCatch DVR CVE-2020-10512 (HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAIL ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10511 (HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN be ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) NOT-FOR-US: WPForms Contact Form plugin for WordPress CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection.) - rmysql 0.10.20-1 [buster] - rmysql (Minor issue) [jessie] - rmysql (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow 7.2.0-1 [buster] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [stretch] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [jessie] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4507 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...) - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4506 NOTE: https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7 NOTE: https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test) NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) NOT-FOR-US: Mitel CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...) NOT-FOR-US: New Media Smarty CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 RESERVED CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) NOT-FOR-US: Ramp AltitudeCDN Altimeter CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED - bluez-firmware (BCM4345C0.hcd introduced already in fixed version in Debian with bluez-firmware/1.2-6) NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a CVE-2020-10369 RESERVED CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) NOT-FOR-US: SSH daemon on MikroTik routers CVE-2020-10363 RESERVED CVE-2020-10362 RESERVED CVE-2020-10361 RESERVED CVE-2020-10360 RESERVED CVE-2020-10359 RESERVED CVE-2020-10358 RESERVED CVE-2020-10357 RESERVED CVE-2020-10356 RESERVED CVE-2020-10355 RESERVED CVE-2020-10354 RESERVED CVE-2020-10353 RESERVED CVE-2020-10352 RESERVED CVE-2020-10351 RESERVED CVE-2020-10350 RESERVED CVE-2020-10349 RESERVED CVE-2020-10348 RESERVED CVE-2020-10347 RESERVED CVE-2020-10346 RESERVED CVE-2020-10345 RESERVED CVE-2020-10344 RESERVED CVE-2020-10343 RESERVED CVE-2020-10342 RESERVED CVE-2020-10341 RESERVED CVE-2020-10340 RESERVED CVE-2020-10339 RESERVED CVE-2020-10338 RESERVED CVE-2020-10337 RESERVED CVE-2020-10336 RESERVED CVE-2020-10335 RESERVED CVE-2020-10334 RESERVED CVE-2020-10333 RESERVED CVE-2020-10332 RESERVED CVE-2020-10331 RESERVED CVE-2020-10330 RESERVED CVE-2020-10329 RESERVED CVE-2020-10328 RESERVED CVE-2020-10327 RESERVED CVE-2020-10326 RESERVED CVE-2020-10325 RESERVED CVE-2020-10324 RESERVED CVE-2020-10323 RESERVED CVE-2020-10322 RESERVED CVE-2020-10321 RESERVED CVE-2020-10320 RESERVED CVE-2020-10319 RESERVED CVE-2020-10318 RESERVED CVE-2020-10317 RESERVED CVE-2020-10316 RESERVED CVE-2020-10315 RESERVED CVE-2020-10314 RESERVED CVE-2020-10313 RESERVED CVE-2020-10312 RESERVED CVE-2020-10311 RESERVED CVE-2020-10310 RESERVED CVE-2020-10309 RESERVED CVE-2020-10308 RESERVED CVE-2020-10307 RESERVED CVE-2020-10306 RESERVED CVE-2020-10305 RESERVED CVE-2020-10304 RESERVED CVE-2020-10303 RESERVED CVE-2020-10302 RESERVED CVE-2020-10301 RESERVED CVE-2020-10300 RESERVED CVE-2020-10299 RESERVED CVE-2020-10298 RESERVED CVE-2020-10297 RESERVED CVE-2020-10296 RESERVED CVE-2020-10295 RESERVED CVE-2020-10294 RESERVED CVE-2020-10293 RESERVED CVE-2020-10292 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) NOT-FOR-US: Visual Components CVE-2020-10291 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) NOT-FOR-US: Visual Components CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...) NOT-FOR-US: Universal Robots controller CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...) {DLA-2357-1} - ros-actionlib 1.13.1-4 (bug #968830) [buster] - ros-actionlib 1.11.15-1+deb10u1 NOTE: https://github.com/ros/actionlib/pull/171 CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...) NOT-FOR-US: ABB IRC5 CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...) NOT-FOR-US: ABB IRC5 CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers ...) NOT-FOR-US: xArm CVE-2020-10285 (The authentication implementation on the xArm controller has very low ...) NOT-FOR-US: xArm CVE-2020-10284 (No authentication is required to control the robot inside the network, ...) NOT-FOR-US: xArm CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...) NOT-FOR-US: MiR CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...) NOT-FOR-US: MiR CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...) NOT-FOR-US: MiR CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from ...) NOT-FOR-US: MiR CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...) NOT-FOR-US: Safety PLC CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...) NOT-FOR-US: MiR CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...) NOT-FOR-US: MiR CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...) NOT-FOR-US: MiR CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...) NOT-FOR-US: MiR CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...) NOT-FOR-US: MiR CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...) NOT-FOR-US: Kuka CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) NOT-FOR-US: Universal Robots+ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) NOT-FOR-US: Universal Robots+ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2019-20509 REJECTED CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 RESERVED CVE-2020-10259 RESERVED CVE-2020-10258 RESERVED CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 (An issue was discovered in beta versions of the 1Password command-line ...) NOT-FOR-US: 1Password CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...) - owncloud CVE-2020-10253 RESERVED CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...) - owncloud CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741) [buster] - imagemagick (Vulnerable code introduced later with HEIC color profiles support) [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/0a28a9416018661ecc52e908205c738ce5e17e40 NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/8b5a3f92ef102d6f76a51fa20b408795952fc1b0 NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/c6c591c3ec9b043593262a3f3b848355a4804758 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 CVE-2019-20508 RESERVED CVE-2019-20507 RESERVED CVE-2019-20506 RESERVED CVE-2019-20505 RESERVED CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) NOT-FOR-US: MISP CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) NOT-FOR-US: MISP CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) NOT-FOR-US: CODESYS CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.) NOT-FOR-US: JPaseto CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) NOT-FOR-US: Joomla! CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) NOT-FOR-US: Joomla! CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) NOT-FOR-US: Joomla! CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) NOT-FOR-US: Joomla! CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) NOT-FOR-US: Joomla! CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) - froxlor (bug #581792) CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) - froxlor (bug #581792) CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) - froxlor (bug #581792) CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...) NOT-FOR-US: IObit Advanced SystemCare CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 NOTE: Crash in CLI tool, no security impact CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) {DLA-3054-1 DLA-2137-1} - sleuthkit 4.9.0+dfsg-2 (low; bug #953976) [buster] - sleuthkit 4.6.5-1+deb10u1 NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) NOT-FOR-US: TP-Link CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-10229 (A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unw ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10228 (A file upload vulnerability in vtecrm vtenext 19 CE allows authenticat ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10227 (A cross-site scripting (XSS) vulnerability in the messages module of v ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10226 RESERVED CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Job Portal CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Online Book Store CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) NOT-FOR-US: rConfig CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance ...) NOT-FOR-US: Quest KACE CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remot ...) NOT-FOR-US: D-Link CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) NOT-FOR-US: Sapplica Sentrifugo CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) NOT-FOR-US: Mitel CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...) NOT-FOR-US: Amino Communications CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...) NOT-FOR-US: Amino Communications CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...) NOT-FOR-US: Amino Communications CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...) NOT-FOR-US: Amino Communications CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...) NOT-FOR-US: Amino Communications CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS.) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10202 RESERVED CVE-2020-10201 RESERVED CVE-2020-10200 RESERVED CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) NOT-FOR-US: Zimbra CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) NOT-FOR-US: Munkireport CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) {DLA-2341-1 DLA-2176-1} - inetutils 2:1.9.4-12 (bug #956084) [buster] - inetutils 2:1.9.4-7+deb10u1 - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-3481-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...) - ruby-doorkeeper 5.0.3-1 (bug #959903) [buster] - ruby-doorkeeper (Vulnerable code not present) [stretch] - ruby-doorkeeper (Vulnerable code not present) NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 NOTE: Introduced in https://github.com/doorkeeper-gem/doorkeeper/commit/4acc923dc77fa00928268136f54136d5a6a865dc (v5.0.0.rc1) CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) NOT-FOR-US: Sumavision Enhanced Multimedia Router CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...) NOT-FOR-US: EFS Easy Chat Server CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 RESERVED CVE-2020-10178 REJECTED CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...) {DLA-2317-1} - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 NOTE: https://github.com/python-pillow/Pillow/pull/4503 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) NOT-FOR-US: ASSA ABLOY Yale WIPC-301W CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift 20.03+ds-1 (bug #953385) [buster] - timeshift 19.01+ds-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices CVE-2020-10172 RESERVED CVE-2020-10171 RESERVED CVE-2020-10170 RESERVED CVE-2020-10169 RESERVED CVE-2020-10168 RESERVED CVE-2020-10167 RESERVED CVE-2020-10166 RESERVED CVE-2020-10165 RESERVED CVE-2020-10164 RESERVED CVE-2020-10163 RESERVED CVE-2020-10162 RESERVED CVE-2020-10161 RESERVED CVE-2020-10160 RESERVED CVE-2020-10159 RESERVED CVE-2020-10158 RESERVED CVE-2020-10157 RESERVED CVE-2020-10156 RESERVED CVE-2020-10155 RESERVED CVE-2020-10154 RESERVED CVE-2020-10153 RESERVED CVE-2020-10152 RESERVED CVE-2020-10151 RESERVED CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...) NOT-FOR-US: SolarWinds CVE-2020-10147 RESERVED CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...) NOT-FOR-US: Microsoft Teams CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure access-control li ...) NOT-FOR-US: Adobe CVE-2020-10144 RESERVED CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies an OPENSS ...) NOT-FOR-US: Macrium Reflect CVE-2020-10142 RESERVED CVE-2020-10141 RESERVED CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...) NOT-FOR-US: Acronis CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...) NOT-FOR-US: Acronis CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...) NOT-FOR-US: Acronis CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...) NOT-FOR-US: Z-Wave devices CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) NOT-FOR-US: Cisco CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) NOTE: Bluetooth protocol issue CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2 and earlier may permit an unauthent ...) NOTE: Bluetooth protocol issue CVE-2020-10133 RESERVED CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin resource s ...) NOT-FOR-US: SearchBlox CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection i ...) NOT-FOR-US: SearchBlox CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic bypass w ...) NOT-FOR-US: SearchBlox CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation ...) NOT-FOR-US: SearchBlox CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to stored c ...) NOT-FOR-US: SearchBlox CVE-2020-10127 RESERVED CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) NOT-FOR-US: cPanel CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) NOT-FOR-US: cPanel CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) NOT-FOR-US: cPanel CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) NOT-FOR-US: cPanel CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) NOT-FOR-US: cPanel CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) NOT-FOR-US: cPanel CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) NOT-FOR-US: cPanel CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) NOT-FOR-US: cPanel CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) NOT-FOR-US: cPanel CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) NOT-FOR-US: cPanel CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citr ...) NOT-FOR-US: Citrix CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...) NOT-FOR-US: Citrix CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2927-1 DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted 18.9.0-3+deb10u1 NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2927-1 DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted 18.9.0-3+deb10u1 NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) - zammad (bug #841355) CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) - zammad (bug #841355) CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) - zammad (bug #841355) CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) - zammad (bug #841355) CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) - zammad (bug #841355) CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) - zammad (bug #841355) CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) - zammad (bug #841355) CVE-2020-10095 RESERVED CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...) NOT-FOR-US: Lexmark CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...) NOT-FOR-US: Lexmark CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) - gitlab (Only affects Gitlab 12.3.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) - gitlab (Only affects Gitlab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) - gitlab (Only affects Gitlab 12.2 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1. ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.1 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the ...) NOT-FOR-US: cPanel CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...) NOT-FOR-US: cPanel CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...) NOT-FOR-US: cPanel CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...) NOT-FOR-US: cPanel CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable ...) NOT-FOR-US: cPanel CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is ...) NOT-FOR-US: cPanel CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...) NOT-FOR-US: cPanel CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...) NOT-FOR-US: cPanel CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...) NOT-FOR-US: cPanel CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...) NOT-FOR-US: Siemens CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) NOT-FOR-US: Desigo CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) NOT-FOR-US: Siemens CVE-2020-10047 RESERVED CVE-2020-10046 RESERVED CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) NOT-FOR-US: Siemens CVE-2020-10036 RESERVED CVE-2020-10035 RESERVED CVE-2020-10034 RESERVED CVE-2020-10033 RESERVED CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - pdns-recursor 4.3.1-1 (unimportant) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 NOTE: Non exploitable on Linux CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) {DLA-3152-1} - glibc 2.30-1 (bug #953108) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a CVE-2020-9999 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9998 RESERVED CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9996 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9995 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Apple CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...) NOT-FOR-US: Apple CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2020-9989 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9988 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9987 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...) NOT-FOR-US: Apple CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2020-9981 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9978 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...) NOT-FOR-US: Apple CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9975 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9971 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9970 RESERVED CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9967 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9962 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9960 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9957 RESERVED CVE-2020-9956 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9955 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9953 RESERVED CVE-2020-9952 (An input validation issue was addressed with improved input validation ...) {DSA-4739-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9951 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9950 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9949 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9947 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9942 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...) NOT-FOR-US: Apple CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9930 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9926 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9922 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...) NOT-FOR-US: Apple CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...) NOT-FOR-US: Apple CVE-2020-9913 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Safari CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9896 RESERVED CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9894 (An out-of-bounds read was addressed with improved input validation. Th ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9893 (A use after free issue was addressed with improved memory management. ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9886 RESERVED CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...) NOT-FOR-US: Apple CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...) NOT-FOR-US: Apple CVE-2020-9867 RESERVED CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9861 (A stack overflow issue existed in Swift for Linux. The issue was addre ...) NOT-FOR-US: Swift (different from src:swift) CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...) NOT-FOR-US: Apple CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) NOT-FOR-US: Apple CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Safari CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9849 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9846 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9845 RESERVED CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9842 (An entitlement parsing issue was addressed with improved parsing. This ...) NOT-FOR-US: Apple CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9836 RESERVED CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) NOT-FOR-US: Apple CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9798 RESERVED CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) NOT-FOR-US: Apple CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9778 RESERVED CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) NOT-FOR-US: Apple CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...) NOT-FOR-US: Apple CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 (A vulnerability related to Dynamic-link Library (\u201cDLL\u201d) load ...) NOT-FOR-US: Zoom CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10026 REJECTED CVE-2020-10025 REJECTED CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10020 REJECTED CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) {DSA-4641-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0003.html CVE-2020-10017 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-10015 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10012 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-10010 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10008 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...) {DLA-2800-1} - cups 2.3.3op2-1 [buster] - cups 2.2.10-6+deb10u5 NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2) CVE-2020-10000 RESERVED CVE-2020-9766 RESERVED CVE-2020-9765 RESERVED CVE-2020-9764 RESERVED CVE-2020-9763 RESERVED CVE-2020-9762 RESERVED CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) NOT-FOR-US: UNCTAD ASYCUDA World CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat 2.3-1+deb10u1 NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat 2.3-1+deb10u1 NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) NOT-FOR-US: Patriot Viper RGB Driver CVE-2020-9755 RESERVED CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ...) NOT-FOR-US: Whale Browser CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) NOT-FOR-US: Whale Browser CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) NOT-FOR-US: Adobe CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) NOT-FOR-US: Adobe CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...) NOT-FOR-US: Adobe CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...) NOT-FOR-US: Adobe CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...) NOT-FOR-US: Adobe Flash Plugin CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...) NOT-FOR-US: Adobe AEM CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...) NOT-FOR-US: Adobe CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...) NOT-FOR-US: Adobe CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...) NOT-FOR-US: Adobe CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9713 RESERVED CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9711 RESERVED CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9709 RESERVED CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) NOT-FOR-US: Adobe CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9695 RESERVED CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...) NOT-FOR-US: Adobe CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9686 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9685 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9684 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9683 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9681 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) NOT-FOR-US: Adobe CVE-2020-9680 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9679 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9678 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9677 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9676 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9675 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2020-9674 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9668 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Impr ...) NOT-FOR-US: Adobe CVE-2020-9667 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) NOT-FOR-US: Adobe CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...) NOT-FOR-US: Adobe CVE-2020-9665 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9664 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9663 (Adobe Reader Mobile versions 20.0.1 and earlier have a directory trave ...) NOT-FOR-US: Adobe CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...) NOT-FOR-US: Adobe CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...) NOT-FOR-US: Adobe CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...) NOT-FOR-US: Adobe CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9619 RESERVED CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read ...) NOT-FOR-US: Adobe CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...) NOT-FOR-US: Adobe CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...) NOT-FOR-US: Adobe CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...) NOT-FOR-US: Adobe CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...) NOT-FOR-US: Adobe CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) NOT-FOR-US: Adobe CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) NOT-FOR-US: Adobe CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web ...) NOT-FOR-US: Netgear CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) NOT-FOR-US: Rubetek SmartHome 2020 devices CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) {DLA-2134-1} - pdfresurrect 0.20-1 (unimportant; bug #952948) NOTE: https://github.com/enferex/pdfresurrect/issues/8 NOTE: Crash in CLI tool, no security impact CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) NOT-FOR-US: Pale Moon CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) NOT-FOR-US: D-Link CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows att ...) - manila 1:9.0.0-5 (bug #953581) [buster] - manila 1:7.0.0-1+deb10u1 [stretch] - manila (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1861485 NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html CVE-2020-9542 RESERVED CVE-2020-9541 RESERVED CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) NOT-FOR-US: Sophos CVE-2020-9539 RESERVED CVE-2020-9538 RESERVED CVE-2020-9537 RESERVED CVE-2020-9536 RESERVED CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9533 RESERVED CVE-2020-9532 RESERVED CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) NOT-FOR-US: Xiaomi CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) NOT-FOR-US: Xiaomi CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...) NOT-FOR-US: Micro Focus CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) NOT-FOR-US: Micro Focus CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...) NOT-FOR-US: Micro Focus CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) NOT-FOR-US: Micro Focus Vibe CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) NOT-FOR-US: Micro Focus CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) NOT-FOR-US: Micro Focus CVE-2020-9516 RESERVED CVE-2020-9515 RESERVED CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) NOT-FOR-US: IMPress for IDX Broker plugin for WordPress CVE-2020-9513 RESERVED CVE-2020-9512 RESERVED CVE-2020-9511 RESERVED CVE-2020-9510 RESERVED CVE-2020-9509 RESERVED CVE-2020-9508 RESERVED CVE-2020-9507 RESERVED CVE-2020-9506 RESERVED CVE-2020-9505 RESERVED CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) NOT-FOR-US: Dahua CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) NOT-FOR-US: Dahua CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...) {DLA-2435-1} - guacamole-server 1.3.0-1 (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) {DLA-2435-1} - guacamole-server 1.3.0-1 (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...) NOT-FOR-US: Apache OFBiz CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...) NOT-FOR-US: Apache Archiva CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...) {DSA-4710-1} - trafficserver 8.0.8+ds-1 (bug #963629) NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 (A deserialization flaw was found in Apache Chainsaw versions prior to ...) NOT-FOR-US: Apache Chainsaw CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) - hadoop (bug #793644) CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) NOT-FOR-US: Apache NiFi CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4 NOTE: https://svn.apache.org/r1880396 NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) - tika (bug #984666) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) [jessie] - tika (the fix is too invasive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) {DLA-2852-1} - apache-log4j2 2.13.3-1 (bug #959450) [buster] - apache-log4j2 2.15.0-1~deb10u1 [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...) NOT-FOR-US: Apache NiFi CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...) NOT-FOR-US: Apache NiFi CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...) - airflow (bug #819700) CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1} - tomcat9 9.0.35-1 (bug #961209) - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...) NOT-FOR-US: Apache SkyWalking CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) NOT-FOR-US: Apache NiFi CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...) {DSA-4672-1} - trafficserver 8.0.7+ds-1 NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - apache-spark (bug #802194) CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...) NOT-FOR-US: Apache AsterixDB CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - libvirt 6.0.0-2 (low; bug #953078) [buster] - libvirt (Minor issue, intrusive to backport) [stretch] - libvirt (Minor issue) [jessie] - libvirt (Vulnerable code not present) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) NOTE: Disputed upstream: https://listman.redhat.com/archives/libvir-list/2019-December/msg00313.html CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) NOT-FOR-US: Swann CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) NOT-FOR-US: Rubrik CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows loca ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remo ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passw ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) NOT-FOR-US: Umbraco CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) NOT-FOR-US: Wing FTP Server CVE-2020-9469 RESERVED CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) - piwigo CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) - piwigo CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) NOT-FOR-US: Export Users to CSV plugin for WordPress CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) NOT-FOR-US: Athom CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) NOT-FOR-US: Octech Oempro CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...) NOT-FOR-US: Epson CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 RESERVED CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) NOT-FOR-US: GwtUpload CVE-2020-9446 RESERVED CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049) [buster] - qtwebsockets-opensource-src (Minor issue, fix adds new API only) [stretch] - qtwebsockets-opensource-src (Minor issue) [jessie] - qtwebsockets-opensource-src (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93 CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...) - zulip-server (bug #800052) CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...) - zulip-server (bug #800052) CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) NOT-FOR-US: CKEditor plugin CVE-2020-9439 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin ...) NOT-FOR-US: Uncanny Owl Tin Canny LearnDash Reporting CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...) NOT-FOR-US: Tinxy Door Lock CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...) NOT-FOR-US: SecureAuth IdP CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF.) NOT-FOR-US: OX Guard CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS.) NOT-FOR-US: OX Guard CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) NOT-FOR-US: rConfig CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) NOT-FOR-US: LogicalDoc CVE-2020-9422 RESERVED CVE-2020-9421 RESERVED CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...) NOT-FOR-US: Viki Vera CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...) NOT-FOR-US: Viki Vera CVE-2020-9420 (The login password of the web administrative dashboard in Arcadyan Wif ...) NOT-FOR-US: Arcadyan Wifi routers CVE-2020-9419 (Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan ...) NOT-FOR-US: Arcadyan Wifi routers CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (composite TVB handling added later) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...) NOT-FOR-US: TIBCO CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) NOT-FOR-US: TIBCO CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) NOT-FOR-US: TIBCO CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) NOT-FOR-US: TIBCO CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) NOT-FOR-US: TIBCO CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) NOT-FOR-US: IBL Online Weather CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) NOT-FOR-US: IBL Online Weather CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) NOT-FOR-US: IBL Online Weather CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) {DLA-3024-1} - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django 1:1.11.29-1~deb10u1 [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) CVE-2020-9401 RESERVED CVE-2020-9400 RESERVED CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) NOT-FOR-US: Avast AV parsing engine CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) NOT-FOR-US: ISPConfig CVE-2020-9397 RESERVED CVE-2020-9396 RESERVED CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...) NOT-FOR-US: Realtek CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...) NOT-FOR-US: SquaredUp CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...) NOT-FOR-US: SquaredUp CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...) NOT-FOR-US: SquaredUp CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - zint (Fixed with initial upload to archive) CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the Change ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fd ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) NOT-FOR-US: Total.js CMS CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) NOT-FOR-US: IPTV Smarters WEB TV PLAYER CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) NOT-FOR-US: Mitel CVE-2020-9378 RESERVED CVE-2020-9377 (D-Link DIR-610 devices allow Remote Command Execution via the cmd para ...) NOT-FOR-US: D-Link CVE-2020-9376 (D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVIC ...) NOT-FOR-US: D-Link CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) NOT-FOR-US: TP-Link CVE-2019-20482 RESERVED CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) NOT-FOR-US: TP-Link CVE-2020-9373 RESERVED CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) {DSA-4818-1} - sympa 6.2.40~dfsg-4 (low; bug #952428) [stretch] - sympa (Vulnerability introduced later in 6.2.38) [jessie] - sympa (Vulnerability introduced later in 6.2.38) NOTE: https://github.com/sympa-community/sympa/issues/886 NOTE: https://sympa-community.github.io/security/2020-001.html NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for PrestaShop enab ...) NOT-FOR-US: Module Olea Gift On Order module for PrestaShop CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) - pure-ftpd 1.0.49-3 (bug #952471) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Vulnerable code does not exist) NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) NOT-FOR-US: Creative Contact Form extension for Joomla! CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) NOT-FOR-US: Sophos AV CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) NOT-FOR-US: Quick Heal AV parsing engine CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...) NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...) NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...) NOT-FOR-US: Kunena CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) [buster] - screen (Vulnerable code introduced in v4.7.0) [stretch] - screen (Vulnerable code introduced in v4.7.0) [jessie] - screen (Vulnerable code introduced in v4.7.0) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...) NOT-FOR-US: CryptoPro CSP CVE-2020-9360 RESERVED CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) {DLA-2856-1 DLA-2159-1} - okular 4:19.12.3-2 (bug #954891) [buster] - okular 4:17.12.2-2.2+deb10u1 NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 NOTE: https://kde.org/info/security/advisory-20200312-1.txt NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) CVE-2020-9358 RESERVED CVE-2020-9357 RESERVED CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-9348 RESERVED CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) NOT-FOR-US: Subversion ALM CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php.) NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.) NOT-FOR-US: SOPlanning CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) NOT-FOR-US: GolfBuddy Course Manager CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> ...) NOT-FOR-US: fauzantrif eLection CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Requires invasive change to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) {DSA-4636-1} - python-bleach 3.1.1-1 (bug #951907) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) NOT-FOR-US: Envira Photo Gallery plugin for WordPress CVE-2020-9333 RESERVED CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...) NOT-FOR-US: FabulaTech CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...) NOT-FOR-US: CryptoPro CSP CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Vulnerable code not present) [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (vulnerable code not present) - sqlite (Vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9322 RESERVED CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) - traefik (bug #983289) CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 RESERVED CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9313 RESERVED CVE-2020-9312 RESERVED CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...) NOT-FOR-US: SilverStripe CVE-2020-9310 REJECTED CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...) NOT-FOR-US: SilverStripe CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) - libarchive 3.4.0-2 (bug #951759) [buster] - libarchive (rar5 support added in 3.4.0) [stretch] - libarchive (rar5 support added in 3.4.0) [jessie] - libarchive (rar5 support added in 3.4.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 NOTE: https://github.com/libarchive/libarchive/pull/1326 NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...) NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices CVE-2020-9306 (Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of ...) NOT-FOR-US: Tesla SolarCity Solar Monitoring Gateway CVE-2020-9305 RESERVED CVE-2020-9304 RESERVED CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...) NOT-FOR-US: Spinnaker CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) NOT-FOR-US: Netflix dispatch CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) NOT-FOR-US: Netflix dispatch CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...) NOT-FOR-US: Spinnaker CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...) NOT-FOR-US: Netflix Titus CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...) NOT-FOR-US: Netflix Conductor CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...) NOT-FOR-US: Fortiguard CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...) NOT-FOR-US: Fortiguard / FortiClient for Windows CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) NOT-FOR-US: Fortiguard CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...) NOT-FOR-US: Fortiguard CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...) NOT-FOR-US: Fortinet CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) NOT-FOR-US: Fortiguard CVE-2020-9285 (Some versions of Sonos One (1st and 2nd generation) allow partial or f ...) NOT-FOR-US: Sonos One CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) {DLA-3455-1 DLA-2455-1 DLA-2453-1 DLA-2402-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [jessie] - golang-go.crypto (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) NOT-FOR-US: CKEditor plugin CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...) NOT-FOR-US: SilverStripe CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...) NOT-FOR-US: D-Link CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...) NOT-FOR-US: D-Link CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...) NOT-FOR-US: D-Link CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...) NOT-FOR-US: D-Link CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...) NOT-FOR-US: D-Link CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an NOTE: out-of-bounds memory read which may result in information disclosure; NOTE: probably not the end of the world, but it is made worse by use of the rather NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-2 DLA-2115-1} - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) - proftpd-dfsg 1.3.6c-1 (unimportant) NOTE: https://github.com/proftpd/proftpd/issues/902 NOTE: Debian does not build mod_cap and does not use the embedded libcap. NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) {DLA-3409-1 DLA-2298-1 DLA-2130-1} - libapache2-mod-auth-openidc 2.4.1-1 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453 CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...) - ruamel.yaml (unimportant) NOTE: This is a well-known design deficiency in pyyaml (of which ruamel.yaml is derived), NOTE: various CVE IDs have been assigned to applications misusing the API over the years. NOTE: pyyaml 5.1 changed the default hebaviour CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...) - pyyaml 5.2-1 (unimportant) [buster] - pyyaml (Vulnerability introduced in 5.1) [stretch] - pyyaml (Vulnerability introduced in 5.1) [jessie] - pyyaml (Vulnerability introduced in 5.1) NOTE: CVE exists due to an incomplete fix for CVE-2017-18342. CVE-2019-20476 RESERVED CVE-2019-20475 RESERVED CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 1 ...) - nova 2:20.1.1-1 (bug #951635) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) [jessie] - nova (Minor issue) NOTE: https://launchpad.net/bugs/1492140 NOTE: https://review.opendev.org/220622 NOTE: https://www.openwall.com/lists/oss-security/2020/02/19/2 CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...) NOT-FOR-US: Huawei CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...) NOT-FOR-US: HUAWEI CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...) NOT-FOR-US: Huawei CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...) NOT-FOR-US: HUAWEI CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...) NOT-FOR-US: Huawei CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...) NOT-FOR-US: Huawei CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9253 RESERVED CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...) NOT-FOR-US: Huawei CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9250 RESERVED CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...) NOT-FOR-US: Huawei CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...) NOT-FOR-US: Huawei CVE-2020-9247 (There is a buffer overflow vulnerability in several Huawei products. T ...) NOT-FOR-US: Huawei CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...) NOT-FOR-US: Huawei CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...) NOT-FOR-US: Huawei CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...) NOT-FOR-US: Huawei CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) NOT-FOR-US: Huawei CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) NOT-FOR-US: Huawei CVE-2020-9240 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) NOT-FOR-US: Huawei CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...) NOT-FOR-US: Huawei CVE-2020-9238 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) NOT-FOR-US: Huawei CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) NOT-FOR-US: Huawei CVE-2020-9236 RESERVED CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...) NOT-FOR-US: Huawei CVE-2020-9234 RESERVED CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-9232 RESERVED CVE-2020-9231 RESERVED CVE-2020-9230 (WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due ...) NOT-FOR-US: Huawei CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) NOT-FOR-US: Huawei CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) NOT-FOR-US: HUAWEI CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) NOT-FOR-US: Huawei CVE-2020-9224 RESERVED CVE-2020-9223 (There is a denial of service vulnerability in some Huawei smartphones. ...) NOT-FOR-US: Huawei CVE-2020-9222 RESERVED CVE-2020-9221 RESERVED CVE-2020-9220 RESERVED CVE-2020-9219 RESERVED CVE-2020-9218 RESERVED CVE-2020-9217 RESERVED CVE-2020-9216 RESERVED CVE-2020-9215 RESERVED CVE-2020-9214 RESERVED CVE-2020-9213 (There is a denial of service vulnerability in some huawei products. In ...) NOT-FOR-US: Huawei CVE-2020-9212 (There is a vulnerability in some version of USG9500 that the device im ...) NOT-FOR-US: Huawei CVE-2020-9211 RESERVED CVE-2020-9210 RESERVED CVE-2020-9209 (There is a privilege escalation vulnerability in SMC2.0 product. Some ...) NOT-FOR-US: Huawei CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 6000 ver ...) NOT-FOR-US: Huawei CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...) NOT-FOR-US: Huawei CVE-2020-9206 (The eUDC660 product has a resource management vulnerability. An attack ...) NOT-FOR-US: Huawei CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...) NOT-FOR-US: Huawei CVE-2020-9204 RESERVED CVE-2020-9203 (There is a resource management errors vulnerability in Huawei P30. Loc ...) NOT-FOR-US: Huawei CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile software ...) NOT-FOR-US: TE Mobile CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions of NIP68 ...) NOT-FOR-US: Huawei CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 versio ...) NOT-FOR-US: Huawei CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...) NOT-FOR-US: Huawei CVE-2020-9198 RESERVED CVE-2020-9197 RESERVED CVE-2020-9196 RESERVED CVE-2020-9195 RESERVED CVE-2020-9194 RESERVED CVE-2020-9193 RESERVED CVE-2020-9192 RESERVED CVE-2020-9191 RESERVED CVE-2020-9190 RESERVED CVE-2020-9189 RESERVED CVE-2020-9188 RESERVED CVE-2020-9187 RESERVED CVE-2020-9186 RESERVED CVE-2020-9185 RESERVED CVE-2020-9184 RESERVED CVE-2020-9183 RESERVED CVE-2020-9182 RESERVED CVE-2020-9181 RESERVED CVE-2020-9180 RESERVED CVE-2020-9179 RESERVED CVE-2020-9178 RESERVED CVE-2020-9177 RESERVED CVE-2020-9176 RESERVED CVE-2020-9175 RESERVED CVE-2020-9174 RESERVED CVE-2020-9173 RESERVED CVE-2020-9172 RESERVED CVE-2020-9171 RESERVED CVE-2020-9170 RESERVED CVE-2020-9169 RESERVED CVE-2020-9168 RESERVED CVE-2020-9167 RESERVED CVE-2020-9166 RESERVED CVE-2020-9165 RESERVED CVE-2020-9164 RESERVED CVE-2020-9163 RESERVED CVE-2020-9162 RESERVED CVE-2020-9161 RESERVED CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2020-9157 RESERVED CVE-2020-9156 RESERVED CVE-2020-9155 RESERVED CVE-2020-9154 RESERVED CVE-2020-9153 RESERVED CVE-2020-9152 RESERVED CVE-2020-9151 RESERVED CVE-2020-9150 RESERVED CVE-2020-9149 (An application error verification vulnerability exists in a component ...) NOT-FOR-US: Huawei CVE-2020-9148 (An application bypass mechanism vulnerability exists in a component in ...) NOT-FOR-US: Huawei CVE-2020-9147 (A memory buffer error vulnerability exists in a component interface of ...) NOT-FOR-US: Huawei CVE-2020-9146 (A memory buffer error vulnerability exists in a component interface of ...) NOT-FOR-US: Huawei CVE-2020-9145 (There is an Out-of-bounds Write vulnerability in some Huawei smartphon ...) NOT-FOR-US: Huawei CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei smartphone, atta ...) NOT-FOR-US: Huawei CVE-2020-9143 (There is a missing authentication vulnerability in some Huawei smartph ...) NOT-FOR-US: Huawei CVE-2020-9142 (There is a heap base buffer overflow vulnerability in some Huawei smar ...) NOT-FOR-US: Huawei CVE-2020-9141 (There is a improper privilege management vulnerability in some Huawei ...) NOT-FOR-US: Huawei CVE-2020-9140 (There is a vulnerability with buffer access with incorrect length valu ...) NOT-FOR-US: Huawei CVE-2020-9139 (There is a improper input validation vulnerability in some Huawei Smar ...) NOT-FOR-US: Huawei CVE-2020-9138 (There is a heap-based buffer overflow vulnerability in some Huawei Sma ...) NOT-FOR-US: Huawei CVE-2020-9137 (There is a privilege escalation vulnerability in some versions of Clou ...) NOT-FOR-US: Huawei CVE-2020-9136 RESERVED CVE-2020-9135 RESERVED CVE-2020-9134 RESERVED CVE-2020-9133 RESERVED CVE-2020-9132 RESERVED CVE-2020-9131 RESERVED CVE-2020-9130 RESERVED CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...) NOT-FOR-US: Huawei CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...) NOT-FOR-US: Uawei FusionCompute CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...) NOT-FOR-US: Huawei CVE-2020-9126 RESERVED CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei smartphone Mate ...) NOT-FOR-US: Huawei CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei CloudE ...) NOT-FOR-US: Huawei CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...) NOT-FOR-US: Huawei CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...) NOT-FOR-US: Huawei CVE-2020-9121 RESERVED CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource management ...) NOT-FOR-US: Huawei CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...) NOT-FOR-US: Huawei CVE-2020-9118 (There is an insufficient integrity check vulnerability in Huawei Sound ...) NOT-FOR-US: Huawei CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...) NOT-FOR-US: Huawei CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...) NOT-FOR-US: Huawei CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...) NOT-FOR-US: Huawei CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...) NOT-FOR-US: Huawei CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...) NOT-FOR-US: Huawei CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...) NOT-FOR-US: Huawei CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...) NOT-FOR-US: Huawei CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...) NOT-FOR-US: Huawei CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-9108 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) NOT-FOR-US: Huawei CVE-2020-9107 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) NOT-FOR-US: Huawei CVE-2020-9106 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a pa ...) NOT-FOR-US: Huawei CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...) NOT-FOR-US: Huawei CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...) NOT-FOR-US: Huawei CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) NOT-FOR-US: Huawei CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) NOT-FOR-US: Huawei CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) NOT-FOR-US: Huawei CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...) NOT-FOR-US: Huawei CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) NOT-FOR-US: Huawei CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) NOT-FOR-US: Huawei CVE-2020-9097 RESERVED CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...) NOT-FOR-US: Huawei CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of Huawei ...) NOT-FOR-US: Huawei CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A versions 10.0. ...) NOT-FOR-US: Huawei CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...) NOT-FOR-US: Huawei CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...) NOT-FOR-US: Huawei CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...) NOT-FOR-US: Huawei CVE-2020-9089 RESERVED CVE-2020-9088 RESERVED CVE-2020-9087 (Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vul ...) NOT-FOR-US: Huawei CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) NOT-FOR-US: Taurus-AN00B CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) NOT-FOR-US: Huawei CVE-2020-9082 RESERVED CVE-2020-9081 RESERVED CVE-2020-9080 RESERVED CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...) NOT-FOR-US: Huawei CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...) NOT-FOR-US: Huawei CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...) NOT-FOR-US: Huawei CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...) NOT-FOR-US: Huawei CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...) NOT-FOR-US: Huawei CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) NOT-FOR-US: Huawei CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) NOT-FOR-US: Huawei CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...) NOT-FOR-US: Huawei CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) NOT-FOR-US: Huawei CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) NOT-FOR-US: Huawei CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) NOT-FOR-US: Huawei CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) NOT-FOR-US: Huawei CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...) NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...) NOT-FOR-US: Z-Wave devices CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...) NOT-FOR-US: Z-Wave devices CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...) NOT-FOR-US: Z-Wave devices CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 ...) NOT-FOR-US: Z-Wave devices CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...) NOT-FOR-US: Z-Wave devices CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...) NOT-FOR-US: Periscope BuySpeed CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) NOT-FOR-US: Versiant LYNX Customer Service Portal CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) NOT-FOR-US: ZyXEL CVE-2020-9053 REJECTED CVE-2020-9052 REJECTED CVE-2020-9051 REJECTED CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Johnson Controls CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) NOT-FOR-US: exacqVision Web Service CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C\u2022CURE 9000 v2.7 ...) NOT-FOR-US: Software House CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...) NOT-FOR-US: Couchbase CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...) NOT-FOR-US: Couchbase CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...) NOT-FOR-US: Couchbase CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS.) NOT-FOR-US: Joplin CVE-2020-9037 RESERVED CVE-2020-9036 (Jeedom through 4.0.38 allows XSS.) NOT-FOR-US: Jeedom CVE-2020-9035 RESERVED CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...) NOT-FOR-US: Zoho ManageEngine Remote Access Plus CVE-2016-11019 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) NOT-FOR-US: Xirrus devices CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) NOT-FOR-US: Post Oak AWAM Bluetooth Field Device CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) NOT-FOR-US: WPJobBoard plugin for WordPress CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to a ...) NOT-FOR-US: LiteCart CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile.) NOT-FOR-US: LiteCart CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...) NOT-FOR-US: Arista devices CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...) NOT-FOR-US: Epson CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) NOT-FOR-US: Gluu Identity Configuration CVE-2020-9011 RESERVED CVE-2020-9010 RESERVED CVE-2020-9009 (The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote a ...) NOT-FOR-US: CS-Cart plugin CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) NOT-FOR-US: Blackboard Learn/PeopleTool CVE-2019-20473 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20472 RESERVED CVE-2019-20471 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20470 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20469 RESERVED CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20464 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20463 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20462 RESERVED CVE-2019-20461 RESERVED CVE-2019-20460 RESERVED CVE-2019-20459 RESERVED CVE-2019-20458 RESERVED CVE-2019-20457 RESERVED CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic.) NOT-FOR-US: Codoforum CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) NOT-FOR-US: Popup Builder plugin for WordPress CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) NOT-FOR-US: Dota 2 CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...) NOT-FOR-US: Wowza Streaming Engine CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) NOT-FOR-US: Modula Image Gallery plugin for WordPress CVE-2020-9002 (An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gai ...) NOT-FOR-US: iPortalis iCS CVE-2020-9001 REJECTED CVE-2020-9000 (An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send ...) NOT-FOR-US: iPortalis iCS CVE-2020-8999 REJECTED CVE-2020-8998 REJECTED CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) NOT-FOR-US: AnyShare Cloud CVE-2019-20456 (Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, ...) NOT-FOR-US: Goverlan CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file ...) NOT-FOR-US: Programi Bilanc CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0 ...) NOT-FOR-US: Heartland & Global Payments PHP SDK CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...) {DLA-3363-1} - pcre2 10.34-1 [stretch] - pcre2 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2421 NOTE: https://bugs.php.net/bug.php?id=78338 NOTE: Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092 NOTE: Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091 CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.ozlabs.org/patch/1236118/ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages me ...) - lvm2 2.03.01-2 [stretch] - lvm2 (Minor issue) [jessie] - lvm2 (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) NOT-FOR-US: Avast AntiTrack CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) NOT-FOR-US: ZendTo CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) NOT-FOR-US: ZendTo CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) NOT-FOR-US: ZendTo CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...) NOT-FOR-US: Citrix CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...) NOT-FOR-US: Citrix CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-8980 RESERVED CVE-2020-8979 RESERVED CVE-2020-8978 RESERVED CVE-2020-8977 RESERVED CVE-2020-8976 (The integrated server of the ZGR TPS200 NG on its 2.00 firmware versio ...) NOT-FOR-US: ZGR TPS200 NG CVE-2020-8975 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...) NOT-FOR-US: ZGR TPS200 NG CVE-2020-8974 (In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the ...) NOT-FOR-US: ZGR TPS200 NG CVE-2020-8973 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...) NOT-FOR-US: ZGR TPS200 NG CVE-2020-8972 RESERVED CVE-2020-8971 RESERVED CVE-2020-8970 RESERVED CVE-2020-8969 RESERVED CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...) NOT-FOR-US: Parallels Remote Application Server (RAS) CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...) NOT-FOR-US: GESIO CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) - tikiwiki CVE-2020-8965 RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) NOT-FOR-US: Avira CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...) NOT-FOR-US: Guangzhou CVE-2020-8957 RESERVED CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...) NOT-FOR-US: Pulse Secure Pulse Secure Desktop Client CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 (bug #951289) [buster] - weechat 2.3-1+deb10u1 NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...) NOT-FOR-US: OpenSearch Web browser CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) NOT-FOR-US: Radeon AMD User Experience Program Launcher CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...) NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) NOT-FOR-US: Pandora FMS CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) NOT-FOR-US: Netis devices CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) [buster] - golang-github-proglottis-gpgme (Limited support, minor issue, requires rebuilding golang-github-keltia-archive and dmarc-cat) NOTE: https://github.com/proglottis/gpgme/pull/23 CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 ...) NOT-FOR-US: Asylo CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function allows a ...) NOT-FOR-US: Asylo CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8934 (The Site Kit by Google plugin for WordPress is vulnerable to Sensitive ...) NOT-FOR-US: Site Kit by Google plugin for WordPress CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8932 RESERVED CVE-2020-8931 RESERVED CVE-2020-8930 RESERVED CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...) NOT-FOR-US: Tink CVE-2020-8928 RESERVED CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...) {DSA-4801-1 DLA-2476-1} - brotli 1.0.9-1 NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 CVE-2020-8926 RESERVED CVE-2020-8925 RESERVED CVE-2020-8924 RESERVED CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) NOT-FOR-US: Dart (different from src:dart) CVE-2020-8922 RESERVED CVE-2020-8921 RESERVED CVE-2020-8920 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) - gerrit (bug #589436) CVE-2020-8919 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) - gerrit (bug #589436) CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...) NOT-FOR-US: go-tpm TPM1.2 library CVE-2020-8917 RESERVED CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...) NOT-FOR-US: wpantund CVE-2020-8915 RESERVED CVE-2020-8914 RESERVED CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...) NOT-FOR-US: Android's Play Core Library CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...) - guava-libraries 32.0.1-1 (bug #1038979) [bookworm] - guava-libraries (Minor issue) [bullseye] - guava-libraries (Minor issue) [buster] - guava-libraries (Minor issue) NOTE: https://github.com/google/guava/issues/4011 NOTE: https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40 NOTE: Issue incompletely fixed: NOTE: https://github.com/google/guava/issues/4011#issuecomment-1573923586 NOTE: https://github.com/google/guava/releases/tag/v32.0.0 NOTE: https://github.com/google/guava/issues/2575 CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8906 RESERVED CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...) NOT-FOR-US: Asylo CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...) NOT-FOR-US: Asylo CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...) NOT-FOR-US: Rendertron CVE-2020-8901 RESERVED CVE-2020-8900 RESERVED CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...) NOT-FOR-US: Samsung CVE-2020-8898 RESERVED CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption SDKs for ...) NOT-FOR-US: AWS Encryption SDKs CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...) NOT-FOR-US: Google Earth Pro CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...) NOT-FOR-US: windows installer of Google Earth Pro CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) NOT-FOR-US: MISP CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) NOT-FOR-US: MISP CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) NOT-FOR-US: MISP CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) NOT-FOR-US: MISP CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) NOT-FOR-US: MISP CVE-2020-8889 (The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to ...) NOT-FOR-US: CS-Cart plugin CVE-2020-8888 RESERVED CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 hav ...) NOT-FOR-US: Telestream Tektronix Medius CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) - ajaxplorer (bug #668381) CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) - ajaxplorer (bug #668381) CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: SocialEngine CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...) NOT-FOR-US: SocialEngine CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...) NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: OPC Foundation UA .NET Standard CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form 2.0.20-1 (bug #955020) [buster] - php-horde-form 2.0.18-3.1+deb10u1 [stretch] - php-horde-form 2.0.15-1+deb9u2 NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) {DLA-2175-1} - php-horde-trean 1.1.10-1 (bug #955019) [buster] - php-horde-trean 1.1.9-3+deb10u1 [stretch] - php-horde-trean 1.1.7-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001286.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) {DLA-3014-1} - elog NOTE: https://elog.psi.ch/elogs/Forum/69114 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-252/ NOTE: https://bitbucket.org/ritt/elog/commits/033e292301fa569738b20768b8d1f1d7d0bc1ca7 CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Moxa CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) NOT-FOR-US: Istio CVE-2020-8842 REJECTED CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) NOT-FOR-US: TestLink CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) {DLA-2111-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) {DLA-2304-1 DLA-2116-1} - libpam-radius-auth 1.4.0-3 (bug #951396) [buster] - libpam-radius-auth 1.4.0-3~deb10u1 NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980 CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8837 RESERVED CVE-2020-8836 RESERVED CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/ CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...) NOT-FOR-US: Apport CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux 4.16.5-1 [stretch] - linux (Vulnerable code not present, incomplete fix not applied) [jessie] - linux (No support for this hardware) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only NOTE: affects upstream versions (and downstreams) which applied the fix fo NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context NOTE: state on context switch"). But there is need to apply as well the prerequistite NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) NOT-FOR-US: Apport CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...) NOT-FOR-US: Prismview CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...) NOT-FOR-US: Syska Smart Bulb devices CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...) NOT-FOR-US: Ruckus CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...) NOT-FOR-US: Intelbras CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) NOT-FOR-US: Hitron devices CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulner ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) NOT-FOR-US: Digi TransPort CVE-2020-8821 (An Improper Data Validation Vulnerability exists in Webmin 1.941 and e ...) - webmin CVE-2020-8820 (An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the ...) - webmin CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) NOT-FOR-US: CardGate Payments plugin for WooCommerce CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) NOT-FOR-US: CardGate Payments plugin for Magento CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...) NOT-FOR-US: Dataiku CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...) NOT-FOR-US: Pi-hole CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) NOT-FOR-US: BearFTP CVE-2020-8814 RESERVED CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) NOT-FOR-US: Argo CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...) - lxc-templates (bug #988730; unimportant) - lxc 1:3.0.3-1 (low) [stretch] - lxc (Minor issue) [jessie] - lxc (https://lists.debian.org/debian-lts/2020/02/msg00102.html) NOTE: LXC 3.0.2 split the templates out to separate lxc-templates. NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 NOTE: Some of the templates were switched to fetch the pacakges over HTTPS, cf. NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template. NOTE: No security commitments from upstream and lxc-ltemplates deprecated in favour of NOTE: distrobuilder. CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) {DLA-3252-1} - cacti 1.2.10+ds1-1 (bug #951832) [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ NOTE: https://github.com/Cacti/cacti/issues/3285 NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 CVE-2020-8812 (Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaSc ...) NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) NOT-FOR-US: Bludit CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) NOT-FOR-US: Gurux CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) NOT-FOR-US: Gurux CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...) NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...) NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) NOT-FOR-US: SuiteCRM CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) NOT-FOR-US: SuiteCRM CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) NOT-FOR-US: SuiteCRM CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization.) NOT-FOR-US: SuiteCRM CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) NOT-FOR-US: SuiteCRM CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...) NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) NOT-FOR-US: Juplink CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) NOT-FOR-US: Juplink CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) - gitlab (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) [buster] - opensmtpd 6.0.3p1-5+deb10u4 [stretch] - opensmtpd 6.0.2p1-2+deb9u3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: Neutralised by kernel hardening CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...) NOT-FOR-US: Composr CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2019-20450 RESERVED CVE-2019-20449 RESERVED CVE-2019-20448 RESERVED CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...) NOT-FOR-US: ALEOS CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...) NOT-FOR-US: ALEOS CVE-2020-8780 RESERVED CVE-2020-8779 RESERVED CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...) NOT-FOR-US: Pega Platform CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...) NOT-FOR-US: Pega Platform CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...) NOT-FOR-US: Pega Platform CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) NOT-FOR-US: Time Capsule plugin for WordPress CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...) NOT-FOR-US: Intel CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...) NOT-FOR-US: Intel CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...) NOT-FOR-US: Intel CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) NOT-FOR-US: Intel CVE-2020-8762 REJECTED CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...) NOT-FOR-US: Intel CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) NOT-FOR-US: Intel CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) NOT-FOR-US: Intel CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...) NOT-FOR-US: Intel CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...) NOT-FOR-US: Intel CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...) NOT-FOR-US: Intel CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...) NOT-FOR-US: Intel CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...) NOT-FOR-US: Intel CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...) NOT-FOR-US: Intel CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) NOT-FOR-US: Intel CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...) NOT-FOR-US: Intel CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8748 REJECTED CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) NOT-FOR-US: Intel CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) NOT-FOR-US: Intel CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...) NOT-FOR-US: Intel CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel CVE-2020-8741 (Improper permissions in the installer for the Intel(R) Thunderbolt(TM) ...) NOT-FOR-US: Intel CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...) NOT-FOR-US: Intel CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...) NOT-FOR-US: Intel CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...) NOT-FOR-US: Intel CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) NOT-FOR-US: Intel CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) NOT-FOR-US: Intel CVE-2020-8735 REJECTED CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...) NOT-FOR-US: Intel CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...) NOT-FOR-US: Intel CVE-2020-8732 (Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8731 (Incorrect execution-assigned permissions in the file system for some I ...) NOT-FOR-US: Intel CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...) NOT-FOR-US: Intel CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8728 REJECTED CVE-2020-8727 REJECTED CVE-2020-8726 REJECTED CVE-2020-8725 REJECTED CVE-2020-8724 REJECTED CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...) NOT-FOR-US: Intel CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8721 (Improper input validation for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8720 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8719 (Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...) NOT-FOR-US: Intel CVE-2020-8718 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8717 (Improper input validation in a subsystem for some Intel Server Boards, ...) NOT-FOR-US: Intel CVE-2020-8716 (Improper access control for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8715 (Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...) NOT-FOR-US: Intel CVE-2020-8714 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8713 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8712 (Buffer overflow in a verification process for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8711 (Improper access control in the bootloader for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8710 (Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-8709 (Improper authentication in socket services for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) NOT-FOR-US: Intel CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...) NOT-FOR-US: Intel CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...) NOT-FOR-US: Intel CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic ...) NOT-FOR-US: Intel CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...) NOT-FOR-US: Intel CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2020-8699 REJECTED CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8697 REJECTED CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.9-1 [buster] - linux 4.19.160-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71 CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...) - iwd 1.5-1 [buster] - iwd (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...) NOT-FOR-US: Intel CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...) NOT-FOR-US: Intel CVE-2020-8686 REJECTED CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...) NOT-FOR-US: Intel CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...) NOT-FOR-US: Intel CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...) NOT-FOR-US: Intel CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...) NOT-FOR-US: Intel CVE-2020-8681 (Out of bounds write in system driver for some Intel(R) Graphics Driver ...) NOT-FOR-US: Intel CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 15.40. ...) NOT-FOR-US: Intel CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) NOT-FOR-US: Intel CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) NOT-FOR-US: Intel CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...) NOT-FOR-US: Intel CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...) NOT-FOR-US: Intel CVE-2020-8673 REJECTED CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...) NOT-FOR-US: Intel CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...) NOT-FOR-US: Intel CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow ...) NOT-FOR-US: Intel CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-8668 REJECTED CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...) - lua-cgi (session generation changed in 5.1.x, cf. CVE-2014-10399) NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...) - lua-cgi (session generation changed in 5.2.x, cf. CVE-2014-2875) NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 CVE-2020-8667 RESERVED CVE-2020-8666 RESERVED CVE-2020-8665 RESERVED CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) - envoyproxy (bug #987544) CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...) - envoyproxy (bug #987544) CVE-2020-8662 RESERVED CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) - envoyproxy (bug #987544) CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) - envoyproxy (bug #987544) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) - envoyproxy (bug #987544) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8653 RESERVED CVE-2020-8652 RESERVED CVE-2020-8651 RESERVED CVE-2020-8650 RESERVED CVE-2020-8646 RESERVED CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.) NOT-FOR-US: PlaySMS CVE-2020-8643 RESERVED CVE-2020-8642 RESERVED CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) NOT-FOR-US: Jobberbase CMS CVE-2020-27418 (A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://patchwork.freedesktop.org/patch/356372/ NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 NOTE: Duplicate CVE assignment for CVE-2020-8649 CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) NOT-FOR-US: TestLink CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951363) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/189 NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951362) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 REJECTED CVE-2020-8629 REJECTED CVE-2020-8628 REJECTED CVE-2020-8627 REJECTED CVE-2020-8626 REJECTED CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) {DSA-4857-1 DLA-2568-1} - bind9 1:9.16.12-1 (bug #983004) NOTE: https://kb.isc.org/v1/docs/cve-2020-8625 NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches NOTE: 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.12/patches NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/b04cb88462863d762093760ffcfe1946200e30f5 CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 ...) {DSA-4752-1} - bind9 1:9.16.6-1 (bug #966497) [stretch] - bind9 (Vulnerable code (dns_ssu_mtypefromstring()) introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8624 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/14aa0c5df65d28cf6aaf437151c6a008afb66fb1 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4cccf9668c7adee4724a7649ec64685f82c8677 (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also af ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8623 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8622 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6ed167ad0a647dff20c8cb08c944a7967df2d415 (v9_11_22) CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced in 9.14.x) [stretch] - bind9 (Vulnerable code introduced in 9.14.x) NOTE: https://kb.isc.org/docs/cve-2020-8621 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/81514ff925dfc6e0c293745e0fc8320a8af95586 (v9_16_6) CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establ ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8620 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6) CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, ...) {DSA-4752-1} - bind9 1:9.16.4-1 [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8619 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0854f631149848b64cc193979d0b0edf39159330 (v9_17_3) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/90a7416d1599df7aa1cdfac33b2da9352eeec4b0 (v9_11_21) CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...) - bind9 1:9.16.4-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8618 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850 CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8610 RESERVED CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} - libslirp 4.2.0-1 - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-11 [buster] - slirp 1:1.0.17-8+deb10u1 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99 CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...) NOT-FOR-US: Trend Micro CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-8602 (A vulnerability in the management consoles of Trend Micro Deep Securit ...) NOT-FOR-US: Trend Micro CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) NOT-FOR-US: Trend Micro CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) NOT-FOR-US: Trend Micro CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) {DSA-4632-1 DLA-2097-1} - lwip 2.1.2+dfsg1-5 (bug #951291) [buster] - lwip 2.0.3-3+deb10u1 - ppp 2.4.8-1+1 (bug #950618) NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: Istio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) NOT-FOR-US: eG Manager CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) NOT-FOR-US: eG Manager CVE-2020-8590 (Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to ...) NOT-FOR-US: NetApp CVE-2020-8586 REJECTED CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...) NOT-FOR-US: OnCommand Unified Manager Core Package CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...) NOT-FOR-US: Element OS CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8578 (Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vul ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8577 (SANtricity OS Controller Software versions 11.50.1 and higher are susc ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...) NOT-FOR-US: ONTAP CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...) NOT-FOR-US: NetApp CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) NOT-FOR-US: Element OS CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 (Kubernetes Java client libraries in version 10.0.0 and versions prior ...) NOT-FOR-US: Kubernetes Java client CVE-2020-8569 (Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could pa ...) NOT-FOR-US: Kubernetes CSI Snapshotter NOTE: https://github.com/kubernetes-csi/external-snapshotter/issues/421 CVE-2020-8568 (Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow ...) NOT-FOR-US: Kubernetes Secrets Store CSI Driver CVE-2020-8567 (Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azur ...) NOT-FOR-US: Kubernetes Secrets Store CSI Driver CVE-2020-8566 (In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...) - kubernetes 1.19.3-1 (bug #972341) NOTE: https://github.com/kubernetes/kubernetes/pull/95245 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95624 CVE-2020-8565 (In Kubernetes, if the logging level is set to at least 9, authorizatio ...) - kubernetes 1.20.0-1 (bug #972649) NOTE: https://github.com/kubernetes/kubernetes/pull/95316 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95623 CVE-2020-8564 (In Kubernetes clusters using a logging level of at least 4, processing ...) - kubernetes 1.19.3-1 (bug #972341) NOTE: https://github.com/kubernetes/kubernetes/pull/94712 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95622 CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a loggi ...) - kubernetes (Only affects 19.x) NOTE: https://github.com/kubernetes/kubernetes/pull/95236 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95621 CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes att ...) - kubernetes 1.20.5+really1.20.2-1 (bug #990793) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that contro ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://github.com/kubernetes/kubernetes/issues/104720 CVE-2020-8560 RESERVED CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...) - kubernetes 1.18.5-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6 CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...) - kubernetes 1.18.5-1 NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259 NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 CVE-2020-8557 (The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17. ...) - kubernetes 1.18.5-1 NOTE: https://github.com/kubernetes/kubernetes/issues/93032 NOTE: https://github.com/kubernetes/kubernetes/pull/92916 CVE-2020-8556 RESERVED CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) - kubernetes 1.18.2-1 NOTE: https://github.com/kubernetes/kubernetes/issues/91542 CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...) - kubernetes (bug #990793) [bookworm] - kubernetes (Kubernetes in Bullseye only ships the client) [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5 NOTE: https://github.com/kubernetes/kubernetes/issues/97076 NOTE: Server components no longer built since 1.20.5+really1.20.2-1 CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...) NOT-FOR-US: Kubernetes ingress-nginx component CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89378 CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89377 CVE-2020-8550 RESERVED CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) NOT-FOR-US: Strong Testimonials plugin for WordPress CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) NOT-FOR-US: massCode CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) - phplist (bug #612288) CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal.) NOT-FOR-US: AIL framework CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF.) NOT-FOR-US: OX App Suite CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation.) NOT-FOR-US: OX App Suite CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS.) NOT-FOR-US: OX App Suite CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks.) NOT-FOR-US: OX App Suite CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 (Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.00 ...) NOT-FOR-US: Kia Motors Head Unit with Software CVE-2020-8538 RESERVED CVE-2020-8537 RESERVED CVE-2020-8536 RESERVED CVE-2020-8535 RESERVED CVE-2020-8534 RESERVED CVE-2020-8533 RESERVED CVE-2020-8532 RESERVED CVE-2020-8531 RESERVED CVE-2020-8530 RESERVED CVE-2020-8529 RESERVED CVE-2020-8528 RESERVED CVE-2020-8527 RESERVED CVE-2020-8526 RESERVED CVE-2020-8525 RESERVED CVE-2020-8524 RESERVED CVE-2020-8523 RESERVED CVE-2020-8522 RESERVED CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...) NOT-FOR-US: phpzag CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...) NOT-FOR-US: phpzag CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...) NOT-FOR-US: phpzag CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) {DLA-2174-1} - php-horde-data 2.1.5-1 (bug #951537) [buster] - php-horde-data 2.1.4-5+deb10u1 [stretch] - php-horde-data 2.1.4-3+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001285.html NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (unimportant) - squid3 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...) - tor (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) {DLA-2285-1} - librsvg 2.46.4-1 [buster] - librsvg 2.44.10-2.1+deb10u1 [jessie] - librsvg (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515 NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135 CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS CVE-2020-8513 RESERVED CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) NOT-FOR-US: Citytv Video application for Android and iOS CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) NOT-FOR-US: Global TV application for Android and iOS CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED CVE-2020-8500 (In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) {DLA-3432-1 DLA-2280-1} - python3.8 3.8.3~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue) - python2.7 2.7.18-2 (low; bug #970099) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch) NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch) NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch) CVE-2020-8491 RESERVED CVE-2020-8490 RESERVED CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8483 RESERVED CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...) NOT-FOR-US: ABB CVE-2020-8481 (For ABB products ABB Ability\u2122 System 800xA and related system ext ...) NOT-FOR-US: ABB CVE-2020-8480 RESERVED CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...) NOT-FOR-US: ABB CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...) NOT-FOR-US: ABB CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) NOT-FOR-US: Trend Micro CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) NOT-FOR-US: Trend Micro CVE-2020-8466 (A command injection vulnerability in Trend Micro InterScan Web Securit ...) NOT-FOR-US: Trend Micro CVE-2020-8465 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8464 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8463 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8462 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan Web Se ...) NOT-FOR-US: Trend Micro CVE-2020-8460 RESERVED CVE-2020-8459 RESERVED CVE-2020-8458 RESERVED CVE-2020-8457 RESERVED CVE-2020-8456 RESERVED CVE-2020-8455 RESERVED CVE-2020-8454 RESERVED CVE-2020-8453 RESERVED CVE-2020-8452 RESERVED CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) - ossec-hids (bug #361954) CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) NOT-FOR-US: Monstra CMS CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) NOT-FOR-US: uTorrent CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution) CVE-2020-8433 RESERVED CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9861 NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1) NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1) NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950966) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9866 NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1) CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot 2020.01+dfsg-2 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) NOT-FOR-US: Stormshield Network Security 310 CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...) NOT-FOR-US: Kaseya Traverse CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) NOT-FOR-US: TP-Link CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 REJECTED CVE-2020-8414 REJECTED CVE-2020-8413 REJECTED CVE-2020-8412 REJECTED CVE-2020-8411 REJECTED CVE-2020-8410 REJECTED CVE-2020-8409 REJECTED CVE-2020-8408 REJECTED CVE-2020-8407 REJECTED CVE-2020-8406 REJECTED CVE-2020-8405 REJECTED CVE-2020-8404 REJECTED CVE-2020-8403 REJECTED CVE-2020-8402 REJECTED CVE-2020-8401 REJECTED CVE-2020-8400 REJECTED CVE-2020-8399 REJECTED CVE-2020-8398 REJECTED CVE-2020-8397 REJECTED CVE-2020-8396 REJECTED CVE-2020-8395 REJECTED CVE-2020-8394 REJECTED CVE-2020-8393 REJECTED CVE-2020-8392 REJECTED CVE-2020-8391 REJECTED CVE-2020-8390 REJECTED CVE-2020-8389 REJECTED CVE-2020-8388 REJECTED CVE-2020-8387 REJECTED CVE-2020-8386 REJECTED CVE-2020-8385 REJECTED CVE-2020-8384 REJECTED CVE-2020-8383 REJECTED CVE-2020-8382 REJECTED CVE-2020-8381 REJECTED CVE-2020-8380 REJECTED CVE-2020-8379 REJECTED CVE-2020-8378 REJECTED CVE-2020-8377 REJECTED CVE-2020-8376 REJECTED CVE-2020-8375 REJECTED CVE-2020-8374 REJECTED CVE-2020-8373 REJECTED CVE-2020-8372 REJECTED CVE-2020-8371 REJECTED CVE-2020-8370 REJECTED CVE-2020-8369 REJECTED CVE-2020-8368 REJECTED CVE-2020-8367 REJECTED CVE-2020-8366 REJECTED CVE-2020-8365 REJECTED CVE-2020-8364 REJECTED CVE-2020-8363 REJECTED CVE-2020-8362 REJECTED CVE-2020-8361 REJECTED CVE-2020-8360 REJECTED CVE-2020-8359 REJECTED CVE-2020-8358 REJECTED CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) NOT-FOR-US: Lenovo CVE-2020-8356 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) NOT-FOR-US: Lenovo CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...) NOT-FOR-US: Lenovo CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...) NOT-FOR-US: Lenovo CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change Detection BIOS ...) NOT-FOR-US: Lenovo CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo PCManager ...) NOT-FOR-US: Lenovo PCManager CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...) NOT-FOR-US: Lenovo CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...) NOT-FOR-US: Lenovo CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...) NOT-FOR-US: Lenovo CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...) NOT-FOR-US: Lenovo CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...) NOT-FOR-US: Lenovo CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...) NOT-FOR-US: Lenovo CVE-2020-8344 REJECTED CVE-2020-8343 REJECTED CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...) NOT-FOR-US: Lenovo CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...) NOT-FOR-US: Lenovo CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...) NOT-FOR-US: IBM CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...) NOT-FOR-US: IBM CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...) NOT-FOR-US: Lenovo CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...) NOT-FOR-US: Synaptics Smart Audio UWP app CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...) NOT-FOR-US: Lenovo CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...) NOT-FOR-US: Lenovo CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...) NOT-FOR-US: Lenovo CVE-2020-8331 REJECTED CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8328 REJECTED CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...) NOT-FOR-US: Lenovo CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...) NOT-FOR-US: Lenovo CVE-2020-8325 REJECTED CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) NOT-FOR-US: Lenovo CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...) NOT-FOR-US: Lenovo CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...) NOT-FOR-US: Lenovo CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) NOT-FOR-US: Lenovo CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) NOT-FOR-US: Lenovo CVE-2020-8317 (A DLL search path vulnerability was reported in Lenovo Drivers Managem ...) NOT-FOR-US: Lenovo CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) NOT-FOR-US: Lenovo CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1} - linux 5.4.19-1 [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) - python3.8 (Windows-specific) - python3.7 (Windows-specific) - python2.7 (Vulnerable code not present) NOTE: https://bugs.python.org/issue39401 CVE-2020-8314 RESERVED CVE-2020-8313 RESERVED CVE-2020-8312 RESERVED CVE-2020-8311 RESERVED CVE-2020-8310 RESERVED CVE-2020-8309 RESERVED CVE-2020-8308 RESERVED CVE-2020-8307 RESERVED CVE-2020-8306 RESERVED CVE-2020-8305 RESERVED CVE-2020-8304 RESERVED CVE-2020-8303 RESERVED CVE-2020-8302 RESERVED CVE-2020-8301 RESERVED CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...) NOT-FOR-US: Citrix CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...) NOT-FOR-US: Citrix CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) NOT-FOR-US: Node fs-path CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) - nextcloud-server (bug #941708) CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - nextcloud-server (bug #941708) CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) - nextcloud-server (bug #941708) CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...) - nextcloud-server (bug #941708) CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...) NOT-FOR-US: Rocket.Chat CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...) NOT-FOR-US: Rocket.Chat CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...) NOT-FOR-US: Backblaze CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...) NOT-FOR-US: Backblaze CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...) NOT-FOR-US: Rocket.Chat CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...) {DSA-4826-1 DLA-3224-1} - http-parser 2.9.4-5 (bug #1016690) [bullseye] - http-parser 2.9.4-4+deb11u1 - nodejs 12.20.1~dfsg-1 (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) NOTE: https://github.com/nodejs/http-parser/pull/530/ CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977161) NOTE: https://curl.se/docs/CVE-2020-8286.html NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0) CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977162) NOTE: https://curl.se/docs/CVE-2020-8285.html NOTE: https://github.com/curl/curl/issues/6255 NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0) CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977163) NOTE: https://curl.se/docs/CVE-2020-8284.html NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0) CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...) NOT-FOR-US: Citrix CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...) NOT-FOR-US: EdgePower 24V/54V firmware CVE-2020-8281 (A missing file type check in Nextcloud Contacts 3.3.0 allows a malicio ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8280 (A missing file type check in Nextcloud Contacts 3.4.0 allows a malicio ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8279 (Missing validation of server certificates for out-going connections in ...) NOT-FOR-US: Nextcloud Social app CVE-2020-8278 (Improper access control in Nextcloud Social app version 0.3.1 allowed ...) NOT-FOR-US: Nextcloud Social app CVE-2020-8277 (A Node.js application that allows an attacker to trigger a DNS request ...) - c-ares 1.17.1-1 [buster] - c-ares (Introduced in 1.16) [stretch] - c-ares (Introduced in 1.16) NOTE: Originally reported for nodes, which bundles c-ares: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277 NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3 NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885 CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...) - brave-browser (bug #864795) CVE-2020-8275 (Citrix Secure Mail for Android before 20.11.0 suffers from improper ac ...) NOT-FOR-US: Citrix CVE-2020-8274 (Citrix Secure Mail for Android before 20.11.0 suffers from Improper Co ...) NOT-FOR-US: Citrix CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix SD-WAN ...) NOT-FOR-US: Citrix SD-WAN center CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN functionality in ...) NOT-FOR-US: Citrix SD-WAN Center CVE-2020-8271 (Unauthenticated remote code execution with root privileges in Citrix S ...) NOT-FOR-US: Citrix SD-WAN Center CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can perform arb ...) NOT-FOR-US: Citrix CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary command ...) NOT-FOR-US: Citrix CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < 1 ...) NOT-FOR-US: Node json8-merge-patch CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...) NOT-FOR-US: UniFi Protect controller CVE-2020-8266 RESERVED CVE-2020-8265 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerab ...) {DSA-4826-1} - nodejs 12.20.1~dfsg-1 (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) CVE-2020-8264 (In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when a ...) - rails 2:6.0.3.4+dfsg-1 (bug #971988) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ CVE-2020-8263 (A vulnerability in the authenticated user web interface of Pulse Conne ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure belo ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9. ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interfac ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...) - nextcloud-server (bug #941708) CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...) NOT-FOR-US: Citrix CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...) NOT-FOR-US: Citrix CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interf ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interfac ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14 ...) - libuv1 1.39.0-1 (unimportant) [stretch] - libuv1 (Vulnerable code introduced later) NOTE: https://hackerone.com/reports/965914 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead NOTE: of the bundled one. NOTE: https://github.com/libuv/libuv/issues/2965 NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0) NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L). CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attack ...) - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) NOT-FOR-US: Citrix CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, ...) {DLA-2698-1} - node-bl 4.0.3-1 (bug #969309) [buster] - node-bl 1.1.2-1+deb10u1 NOTE: https://hackerone.com/reports/966347 NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interf ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8242 (Unsanitized user input in ExpressionEngine <= 5.4.0 control panel memb ...) NOT-FOR-US: ExpressionEngine CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a re ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerab ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to a d ...) NOT-FOR-US: Node json-bigint CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...) - nextcloud-server (bug #941708) CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware (Windows-specific) CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034 NOTE: Windows-specific code in shell_integration/windows/OCUtil NOTE: https://hackerone.com/reports/588562 CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...) NOT-FOR-US: Preferred Providers app CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 NOTE: https://hackerone.com/reports/685552 CVE-2020-8226 (A vulnerability exists in phpBB (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 NOTE: https://hackerone.com/reports/622170 CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...) - nextcloud-server (bug #941708) CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 t ...) NOT-FOR-US: Pulse CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 w ...) NOT-FOR-US: Pulse CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure <9.1R8 t ...) NOT-FOR-US: Pulse CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9. ...) NOT-FOR-US: Pulse CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) NOT-FOR-US: Pulse CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which could l ...) NOT-FOR-US: Node canvas CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an attacke ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) NOT-FOR-US: UniFi Protect CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) NOT-FOR-US: Citrix CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) NOT-FOR-US: Citrix CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) NOT-FOR-US: Citrix CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) NOT-FOR-US: Citrix CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) NOT-FOR-US: Citrix CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) NOT-FOR-US: Pulse CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a S ...) NOT-FOR-US: Node uppy CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...) NOT-FOR-US: Pulse CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...) - node-lodash 4.17.19+dfsg-1 (bug #965283) [buster] - node-lodash (Minor issue; can be fixed via point release) [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ...) - nodejs 12.18.4~dfsg-1 [buster] - nodejs (Only affects 12.x and later) [stretch] - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 allo ...) NOT-FOR-US: Citrix CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) NOT-FOR-US: Citrix CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...) NOT-FOR-US: Citrix CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...) NOT-FOR-US: Citrix CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) NOT-FOR-US: Node fastify CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) NOT-FOR-US: Citrix CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...) NOT-FOR-US: UniFi Protect CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...) NOT-FOR-US: Node devcert CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ...) [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081) - rails (Introduced in rails 6.x) NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...) {DLA-3298-1 DLA-2275-1} - ruby-rack 2.1.1-6 (bug #963477) NOTE: https://hackerone.com/reports/895727 NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...) - nextcloud-server (bug #941708) CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) NOT-FOR-US: Nextcloud Talk CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may lea ...) - node-jison (Vulnerable code not included in Debian source) NOTE: https://hackerone.com/reports/690010 NOTE: ports/ is stripped/excluded in the src:node-jison source package. CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...) {DSA-4881-1 DLA-2295-1} - curl 7.72.0-1 (bug #965281) NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0) CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) NOT-FOR-US: koa-shopify-auth CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) NOT-FOR-US: Node jimp CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174 CVE-2020-8173 (A too small set of random characters being used for encryption in Next ...) - nextcloud-server (bug #941708) CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...) - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...) {DSA-4881-1} - curl 7.72.0-1 (bug #965280) [stretch] - curl (Vulnerable code introduced later) [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0) CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8167 (A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2) CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2) NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails < ...) {DSA-4766-1 DLA-2282-1 DLA-2251-1} - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2) NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2) NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < 5. ...) {DSA-4766-1 DLA-2282-1 DLA-2251-1} [experimental] - rails 2:6.0.3.1+dfsg-1 - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2) CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...) {DLA-2282-1} - rails 2:5.2.0+dfsg-2 NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/ NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/ NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0 NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2) NOTE: Follow-up needed due to breaking change: https://github.com/rails/rails/issues/39301 NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3) NOTE: Follow-up #2: NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable) NOTE: For rails 5.0 the issue is fixed in >= 5.0.1 CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2) CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that allows ...) {DLA-3298-1 DLA-2275-1 DLA-2216-1} - ruby-rack 2.1.1-5 NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid hand ...) NOT-FOR-US: MendixSSO CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 that ...) {DLA-2719-1} - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 NOTE: https://github.com/rails/actionpack-page_caching/commit/127da70a559bed4fc573fdb4a6d498a7d5815ce2 (v1.2.1) NOTE: https://github.com/rails/actionpack-page_caching/commit/bf4aab113f90a0c5182009709d5115a1d5772608 (v1.2.2) CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 may ...) NOT-FOR-US: TypeORM CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key g ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) NOT-FOR-US: Nextcloud Mail CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...) - nextcloud-server (bug #941708) CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...) - nextcloud-server (bug #941708) CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...) NOT-FOR-US: Nextcloud Groupfolders app CVE-2020-8152 (Insufficient protection of the server-side encryption keys in Nextclou ...) - nextcloud-server (bug #941708) CVE-2020-8151 (There is a possible information disclosure issue in Active Resource (Vulnerable code splitted out upstream before initial upload to Debian) NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails NOTE: release as it was not widely used. CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...) - nextcloud-server (bug #941708) CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) NOT-FOR-US: Node logkitty CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables ...) NOT-FOR-US: UniFi Cloud Key firmware CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) NOT-FOR-US: UniFi CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) NOT-FOR-US: UniFi CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) NOT-FOR-US: UniFi CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) NOT-FOR-US: Revive Adserver CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) NOT-FOR-US: Revive Adserver CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 [buster] - node-dot 1.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/390929 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) - nextcloud-desktop (MacOS-specific) CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, ...) - nextcloud-server (bug #941708) CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0 ...) - nextcloud-server (bug #941708) CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) NOT-FOR-US: Node blamer CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows ...) NOT-FOR-US: Node fastify-multipart CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Fo ...) NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...) - nextcloud-server (bug #941708) CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 may ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg 1.22.4-2 (bug #952912) [buster] - node-yarnpkg (Minor issue) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3.3 i ...) {DLA-2120-1} - rake 12.3.3-1 [buster] - rake 12.3.1-3+deb10u1 [stretch] - rake 10.5.0-2+deb9u1 NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) NOT-FOR-US: jsreport CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) NOT-FOR-US: reveal.js CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) NOT-FOR-US: Ubiquiti Networks EdgeSwitch CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) - node-url-parse 1.4.7-1 [buster] - node-url-parse 1.2.0-2+deb10u1 [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b NOTE: https://hackerone.com/reports/496293 CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) NOT-FOR-US: strapi CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) - nextcloud-server (bug #941708) CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) - nextcloud-server (bug #941708) CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) - nextcloud-server (bug #941708) CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) - nextcloud-server (bug #941708) CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) - nextcloud-server (bug #941708) CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) - nextcloud-server (bug #941708) CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...) - node-dot-prop 5.2.0-1 [buster] - node-dot-prop 4.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/719856 NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) NOT-FOR-US: Revive Adserver CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DSA-4882-1 DLA-2277-1 DLA-2089-1} - openjpeg2 2.4.0-1 (bug #950184) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0) CVE-2020-8111 REJECTED CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...) NOT-FOR-US: Bitdefender CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...) NOT-FOR-US: Bitdefender CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...) NOT-FOR-US: Bitdefender CVE-2020-8106 REJECTED CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...) NOT-FOR-US: Abode iota All-In-One Security Kit CVE-2020-8104 RESERVED CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...) NOT-FOR-US: Safepay CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Bitdefender CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) NOT-FOR-US: Bitdefender CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8098 RESERVED CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...) NOT-FOR-US: Bitdefender CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) - piwigo CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) NOT-FOR-US: WSO2 CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) NOT-FOR-US: WSO2 CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) NOT-FOR-US: WSO2 CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) NOT-FOR-US: WSO2 CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) NOT-FOR-US: WSO2 CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) NOT-FOR-US: WSO2 CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) NOT-FOR-US: WSO2 CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) {DSA-4612-1} - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 NOTE: https://prosody.im/security/advisory_20200128/ CVE-2020-8085 RESERVED CVE-2020-8084 RESERVED CVE-2020-8083 RESERVED CVE-2020-8082 RESERVED CVE-2020-8081 RESERVED CVE-2020-8080 RESERVED CVE-2020-8079 RESERVED CVE-2020-8078 RESERVED CVE-2020-8077 RESERVED CVE-2020-8076 RESERVED CVE-2020-8075 RESERVED CVE-2020-8074 RESERVED CVE-2020-8073 RESERVED CVE-2020-8072 RESERVED CVE-2020-8071 RESERVED CVE-2020-8070 RESERVED CVE-2020-8069 RESERVED CVE-2020-8068 RESERVED CVE-2020-8067 RESERVED CVE-2020-8066 RESERVED CVE-2020-8065 RESERVED CVE-2020-8064 RESERVED CVE-2020-8063 RESERVED CVE-2020-8062 RESERVED CVE-2020-8061 RESERVED CVE-2020-8060 RESERVED CVE-2020-8059 RESERVED CVE-2020-8058 RESERVED CVE-2020-8057 RESERVED CVE-2020-8056 RESERVED CVE-2020-8055 RESERVED CVE-2020-8054 RESERVED CVE-2020-8053 RESERVED CVE-2020-8052 RESERVED CVE-2020-8051 RESERVED CVE-2020-8050 RESERVED CVE-2020-8049 RESERVED CVE-2020-8048 RESERVED CVE-2020-8047 RESERVED CVE-2020-8046 RESERVED CVE-2020-8045 RESERVED CVE-2020-8044 RESERVED CVE-2020-8043 RESERVED CVE-2020-8042 RESERVED CVE-2020-8041 RESERVED CVE-2020-8040 RESERVED CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...) {DLA-2444-1} - tcpdump 4.9.3-7 (unimportant; bug #973877) [buster] - tcpdump 4.9.3-1~deb10u2 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...) - tcpdump (Vulnerable code and support for SOME/IP protocol added later) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43 CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) {DLA-2230-1} - php-horde 5.2.23+debian0-1 (bug #963809) [buster] - php-horde 5.2.20+debian0-1+deb10u2 [stretch] - php-horde 5.2.13+debian0-1+deb9u2 NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf NOTE: https://lists.horde.org/archives/announce/2020/001290.html CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...) {DLA-2229-1} - php-horde-gollem 3.0.12-6 (bug #961649) [buster] - php-horde-gollem 3.0.12-3+deb10u1 [stretch] - php-horde-gollem 3.0.10-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001289.html NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) NOT-FOR-US: Ruckus CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...) - cyrus-sasl2 (openSUSE specific packaging issue) CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) - open-build-service 2.9.4-4 (bug #983576) [stretch] - open-build-service (Minor issue, XSS in web app) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880 NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...) NOT-FOR-US: SuSE CaaS CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: SuSE CaaS CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) NOT-FOR-US: Salt configuration in SUSE Server Manager CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...) NOT-FOR-US: SAP CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) NOT-FOR-US: SAP CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) - hylafax (SuSE-specific packaging issue) CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...) NOT-FOR-US: SAP CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) {DLA-2545-1} - open-build-service 2.9.4-4 (bug #983576) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) {DLA-2545-1} - open-build-service 2.9.4-4 (bug #983576) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) NOT-FOR-US: Some SLES images CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) - kopanocore (SuSE-specific packaging issue) CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) NOT-FOR-US: chkstat CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 RESERVED CVE-2020-8006 (The server in Circontrol Raption through 5.11.2 has a pre-authenticati ...) NOT-FOR-US: Circontrol Raption CVE-2020-8005 RESERVED CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control.) NOT-FOR-US: STMicroelectronics STM32F1 devices CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) - aspell 0.60.7-3 (bug #935128) [buster] - aspell (Minor issue) [stretch] - aspell (Minor issue) [jessie] - aspell (Minor issue) NOTE: http://aspell.net/buffer-overread-ucs.txt NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) {DLA-3232-1} - virglrenderer 0.8.2-1 (bug #949954) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) {DLA-3232-1} - virglrenderer 0.8.2-1 (bug #949954) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) NOT-FOR-US: Super File Explorer app for iOS CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) - dolibarr CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) - dolibarr CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) NOT-FOR-US: Prototype node module CVE-2020-7992 RESERVED CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) NOT-FOR-US: Adive Framework CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS.) NOT-FOR-US: Adive Framework CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS.) NOT-FOR-US: Adive Framework CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) - phpipam (bug #731713) CVE-2020-7987 RESERVED CVE-2020-7986 RESERVED CVE-2020-7985 RESERVED CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) NOT-FOR-US: SolarWinds CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...) NOT-FOR-US: Ruckus CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...) - lustre CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...) - lustre CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an LBUG pa ...) - lustre CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) - lustre CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in the mdt ...) - lustre CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) - lustre CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...) {DSA-4958-1 DLA-2750-1} - exiv2 0.27.2-8 (low; bug #950183) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 NOTE: https://github.com/Exiv2/exiv2/issues/1011 CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) NOT-FOR-US: OpenWrt CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder 1.5.1-3 (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.) - gitlab (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.) - gitlab (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.) - gitlab (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 REJECTED CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure.) - gitlab (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7973 (GitLab through 12.7.2 allows XSS.) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS.) - gitlab (Only affects Gitlab EE 11.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.) - gitlab (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).) - gitlab (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.) - gitlab (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 RESERVED CVE-2019-20420 RESERVED CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack via ...) - qtbase-opensource-src 5.12.5+dfsg-9 (low; bug #951066) [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u5 [stretch] - qtbase-opensource-src (Minor issue) [jessie] - qtbase-opensource-src (Minor issue; upstream patches use not-yet-available QStringView API) NOTE: https://bugreports.qt.io/browse/QTBUG-47417 NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7 NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport) CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...) NOT-FOR-US: One Identity Password Manager CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) NOT-FOR-US: Liferay Portal CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) NOT-FOR-US: LabVantage LIMS CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...) NOT-FOR-US: OnePlus 7 Pro devices CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7003 CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/issues/7160 NOTE: Fixed in 1.6.3. CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) NOT-FOR-US: OpServices OpMon CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) NOT-FOR-US: OpServices OpMon CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) NOT-FOR-US: Dota 2 CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (Doesn't affect Puppet masters (passenger-based) in Debian) [experimental] - puppetdb 7.10.1-1 - puppetdb 7.11.2-2 (low) [buster] - puppetdb (Minor issue) - puppetserver (Fixed before initial release, in 6.11.1) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) - puppet (unimportant) NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) NOTE: https://puppet.com/security/cve/CVE-2020-7942/ CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) NOT-FOR-US: Plone CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle N ...) NOT-FOR-US: LifeRay Portal CVE-2020-7933 RESERVED CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...) NOT-FOR-US: OMERO CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-51083 CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-49404 NOTE: https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694 (v3.6.20, SSPL) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555 (v3.5.5) CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds ...) NOT-FOR-US: MongoDB Ops Manager CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...) - mongodb [stretch] - mongodb (Minor issue, authenticated DoS) NOTE: https://jira.mongodb.org/browse/SERVER-50170 NOTE: https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174 (v4.4.1, SSPL) CVE-2020-7925 (Incorrect validation of user input in the role name parser may lead to ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-49142 NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18) CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...) - mongo-tools (bug #988021) [buster] - mongo-tools (Minor issue) [stretch] - mongo-tools (Minor issue) NOTE: https://jira.mongodb.org/browse/TOOLS-2587 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...) {DLA-2344-1} - mongodb NOTE: https://jira.mongodb.org/browse/SERVER-47773 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...) - mongodb [stretch] - mongodb (Minor issue) [jessie] - mongodb (Minor issue) NOTE: https://jira.mongodb.org/browse/SERVER-45472 CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20417 REJECTED CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...) NOT-FOR-US: Atlassian CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...) NOT-FOR-US: Atlassian CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...) NOT-FOR-US: Atlassian CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...) NOT-FOR-US: Atlassian CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...) NOT-FOR-US: Atlassian Jira CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...) NOT-FOR-US: Atlassian CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...) NOT-FOR-US: Atlassian CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) NOT-FOR-US: Atlassian CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) NOT-FOR-US: Atlassian CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...) NOT-FOR-US: Atlassian CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...) NOT-FOR-US: Atlassian CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) {DSA-4848-1} - golang-1.14 1.14~rc1-1 - golang-1.13 1.13.7-1 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (cryptobyte stuff introduced in golang-1.10) - golang-1.7 [stretch] - golang-1.7 (cryptobyte stuff introduced in golang-1.10) - golang NOTE: https://github.com/golang/go/issues/36837 NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea (bug #747616) CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) NOT-FOR-US: JetBrains CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) NOT-FOR-US: JetBrains CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) NOT-FOR-US: JetBrains CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) NOT-FOR-US: JetBrains CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea (bug #747616) CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea (bug #747616) CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1) CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935 NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08 NOTE: https://github.com/CESNET/libyang/issues/773 CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928 NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4 NOTE: https://github.com/CESNET/libyang/issues/739 CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 NOTE: https://github.com/CESNET/libyang/issues/740 CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924 NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237 NOTE: https://github.com/CESNET/libyang/issues/724 CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932 NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6 NOTE: https://github.com/CESNET/libyang/issues/769 CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930 NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed NOTE: https://github.com/CESNET/libyang/issues/742 CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922 NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5 NOTE: https://github.com/CESNET/libyang/issues/723 CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in ...) {DLA-3572-1} [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934 NOTE: https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8 NOTE: https://github.com/CESNET/libyang/issues/772 CVE-2020-7903 RESERVED CVE-2020-7902 RESERVED CVE-2020-7901 RESERVED CVE-2020-7900 RESERVED CVE-2020-7899 RESERVED CVE-2020-7898 RESERVED CVE-2020-7897 RESERVED CVE-2020-7896 RESERVED CVE-2020-7895 RESERVED CVE-2020-7894 RESERVED CVE-2020-7893 RESERVED CVE-2020-7892 RESERVED CVE-2020-7891 RESERVED CVE-2020-7890 RESERVED CVE-2020-7889 RESERVED CVE-2020-7888 RESERVED CVE-2020-7887 RESERVED CVE-2020-7886 RESERVED CVE-2020-7885 RESERVED CVE-2020-7884 RESERVED CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a vulnerability ...) NOT-FOR-US: Printchaser CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) NOT-FOR-US: anySign CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) NOT-FOR-US: AfreecaTV CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...) NOT-FOR-US: duozone NeoRS remote support CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...) NOT-FOR-US: ipTIME C200 IP Camera CVE-2020-7878 (An arbitrary file download and execution vulnerability was found in th ...) NOT-FOR-US: VideoOffice CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...) NOT-FOR-US: ZOOK CVE-2020-7876 RESERVED CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...) NOT-FOR-US: DEXT5 Upload CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...) NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...) NOT-FOR-US: Younglimwon CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) NOT-FOR-US: Cnesty Helpcom CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...) NOT-FOR-US: ezPDF CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remote ad ...) NOT-FOR-US: ZOOK software CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...) NOT-FOR-US: helpUS(remote administration tool) CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...) NOT-FOR-US: Helpu CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...) NOT-FOR-US: XPLATFORM CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...) NOT-FOR-US: ExECM CoreB2B CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...) NOT-FOR-US: Raonwiz DEXT5Editor CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...) NOT-FOR-US: Raonwiz CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...) NOT-FOR-US: HelpU remote control solution CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...) NOT-FOR-US: AnySupport CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...) NOT-FOR-US: UnEgg CVE-2020-7859 REJECTED CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...) NOT-FOR-US: AquaNPlayer CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...) NOT-FOR-US: XPlatform CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) NOT-FOR-US: Helpcom CVE-2020-7855 RESERVED CVE-2020-7854 RESERVED CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that does not ...) NOT-FOR-US: XPLATFORM CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) NOT-FOR-US: DaviewIndy CVE-2020-7851 (Innorix Web-Based File Transfer Solution versuibs prior to and includi ...) NOT-FOR-US: Innorix CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) NOT-FOR-US: EFM ipTIME C200 IP Camera CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...) NOT-FOR-US: ipTIME NAS product CVE-2020-7846 (Helpcom before v10.0 contains a file download and execution vulnerabil ...) NOT-FOR-US: Helpcom CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...) NOT-FOR-US: Spamsniper CVE-2020-7844 RESERVED CVE-2020-7843 RESERVED CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...) NOT-FOR-US: Netis Korea D'live AP CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...) NOT-FOR-US: TOBESOFT XPLATFORM CVE-2020-7840 RESERVED CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...) NOT-FOR-US: MaEPSBroker CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...) NOT-FOR-US: Smilegate STOVE Client CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...) NOT-FOR-US: ML Report Program CVE-2020-7836 (VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-ba ...) NOT-FOR-US: VOICEYE WSActiveBridgeES CVE-2020-7835 RESERVED CVE-2020-7834 RESERVED CVE-2020-7833 RESERVED CVE-2020-7832 (A vulnerability (improper input validation) in the DEXT5 Upload soluti ...) NOT-FOR-US: DEXT5 Upload CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...) NOT-FOR-US: Inogard Ebiz4u CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...) NOT-FOR-US: DaviewIndy CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) NOT-FOR-US: EyeSurfer BflyInstallerX.ocx CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) NOT-FOR-US: MiPlatform CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...) NOT-FOR-US: iPECS CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...) NOT-FOR-US: DaviewIndy CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) NOT-FOR-US: DaviewIndy CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7819 (A SQL-Injection vulnerability in the nTracker USB Enterprise(secure US ...) NOT-FOR-US: nTracker USB Enterprise CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) NOT-FOR-US: Daview CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...) NOT-FOR-US: MyBrowserPlus CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) NOT-FOR-US: DaView CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) NOT-FOR-US: XPLATFORM CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni ezHTTPTrans CVE-2020-7811 (Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows priv ...) NOT-FOR-US: Samsung CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...) NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) NOT-FOR-US: ALSong CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) NOT-FOR-US: RAONWIZ K Upload CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...) NOT-FOR-US: LG CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) NOT-FOR-US: Tobesoft Xplatform CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...) NOT-FOR-US: KT Slim egg IML500 wifi devices CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...) NOT-FOR-US: Handy Groupware CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...) NOT-FOR-US: Zoneplayer CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 RESERVED CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-7795 (The package get-npm-package-version before 1.0.7 are vulnerable to Com ...) NOT-FOR-US: Node get-npm-package-version CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...) NOT-FOR-US: Node buns CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...) - node-ua-parser-js 0.7.23+ds-1 [buster] - node-ua-parser-js (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 NOTE: https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 (0.7.23) CVE-2020-7792 (This affects all versions of package mout. The deepFillIn function can ...) NOT-FOR-US: Node mout CVE-2020-7791 (This affects the package i18n before 2.1.15. Vulnerability arises out ...) NOT-FOR-US: i18n module for asp.net CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specifying ...) NOT-FOR-US: spatie/browsershot CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...) NOT-FOR-US: Node node-notifier CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...) {DLA-2503-1} - node-ini 2.0.0-1 (bug #977718) [buster] - node-ini 1.3.5-1+deb10u1 NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974 NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...) NOT-FOR-US: Node react-adal CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) NOT-FOR-US: Node macfromip CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) NOT-FOR-US: Noed node-ps CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) NOT-FOR-US: Node ts-process-promises CVE-2020-7783 RESERVED CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) NOT-FOR-US: Node spritesheet-js CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) NOT-FOR-US: Node connection-tester CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) NOT-FOR-US: om.softwaremill.akka-http-session:core_2.13 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) NOT-FOR-US: Node djvalidator CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) NOT-FOR-US: Node systeminformation CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) NOT-FOR-US: Node jsen CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...) NOT-FOR-US: phpoffice/phpspreadsheet CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...) NOT-FOR-US: Node freediskspace CVE-2020-7774 (The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Proto ...) - node-y18n 4.0.0-3 (bug #976390) [buster] - node-y18n 3.2.1-2+deb10u1 [stretch] - node-y18n (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887 NOTE: https://github.com/yargs/y18n/issues/96 NOTE: https://github.com/yargs/y18n/pull/108 CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...) NOT-FOR-US: Node markdown-it-highlightjs CVE-2020-7772 (This affects the package doc-path before 2.1.2.) NOT-FOR-US: Node doc-path CVE-2020-7771 (The package asciitable.js before 1.0.3 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node asciitable.js CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...) NOT-FOR-US: Node json8 CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...) - node-nodemailer 6.4.16-1 NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 NOTE: https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...) NOT-FOR-US: Node grpc CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...) NOT-FOR-US: Node express-validators CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...) NOT-FOR-US: Node json-ptr CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...) NOT-FOR-US: Node firebase/util CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...) NOT-FOR-US: Node find-my-way CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1.) NOT-FOR-US: Node phantom-html-to-pdf CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0.) NOT-FOR-US: Node jsreport-chrome-pdf CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It allows caus ...) NOT-FOR-US: @absolunet/kafe CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...) {DSA-4789-1} - codemirror-js 5.58.2+~cs0.23.101-1 [stretch] - codemirror-js (Vulnerable code added later) NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...) NOT-FOR-US: pimcore CVE-2020-7758 (This affects versions of package browserless-chrome before 1.40.2-chro ...) NOT-FOR-US: Node browserless-chrome CVE-2020-7757 (This affects all versions of package droppy. It is possible to travers ...) NOT-FOR-US: droppy CVE-2020-7756 RESERVED CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...) NOT-FOR-US: dat.GUI CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...) NOT-FOR-US: npm-user-validate CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...) NOT-FOR-US: Node trim CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...) NOT-FOR-US: Node systeminformation CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution.) - node-pathval 1.1.0-4 (bug #972895) [buster] - node-pathval 1.1.0-3+deb10u1 NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 NOTE: https://github.com/chaijs/pathval/pull/58 CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...) NOT-FOR-US: scratch-svg-renderer nodejs module CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...) NOT-FOR-US: osm-static-maps nodejs module CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...) NOT-FOR-US: Ts.ED CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...) NOT-FOR-US: lightning-server nodejs module CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...) - node-chart.js 2.9.4+dfsg+~cs2.10.1-1 [buster] - node-chart.js (Minor issue; intrusive to backport) NOTE: https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 NOTE: https://github.com/chartjs/Chart.js/pull/7920 CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...) NOT-FOR-US: com.mintegral.msdk:alphab CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node mathjs CVE-2020-7742 (This affects the package simpl-schema before 1.10.2.) NOT-FOR-US: Node simpl-schema CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...) NOT-FOR-US: hello.js CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...) NOT-FOR-US: Node pdf-generator CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...) NOT-FOR-US: Node phantomjs-seo CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...) NOT-FOR-US: Node shiba CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node safetydance CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node bmoor CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...) NOT-FOR-US: ng-packagr CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...) NOT-FOR-US: cabot CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...) - node-ua-parser-js (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22) NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 CVE-2020-7732 RESERVED CVE-2020-7731 (This affects all versions <0.7.0 of package github.com/russellhaering/ ...) - golang-github-russellhaering-gosaml2 (bug #948190) NOTE: https://github.com/russellhaering/gosaml2/issues/59 NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302 CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) {DLA-2368-1} - grunt 1.3.0-1 (bug #969668) [buster] - grunt 1.0.1-8+deb10u1 NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 CVE-2020-7728 RESERVED CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) NOT-FOR-US: Node gedi CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node safe-object2 CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node worksmith CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node tiny-conf CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) NOT-FOR-US: Node promisehelpers CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node nodee-utils CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node node-oojs CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...) - node-node-forge 0.10.0~dfsg-1 (bug #969669) [buster] - node-node-forge (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...) NOT-FOR-US: Node locutus CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node gammautils CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node dot-notes CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) NOT-FOR-US: Node deeps CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node deep-get-set CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node confucious CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) NOT-FOR-US: Node arr-flatten-unflatten CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) NOT-FOR-US: Node json CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) - golang-github-russellhaering-goxmldsig 1.1.1-1 (bug #968928) [bullseye] - golang-github-russellhaering-goxmldsig 1.1.0-1+deb11u1 [buster] - golang-github-russellhaering-goxmldsig 0.0~git20170911.b7efc62-1+deb10u1 NOTE: https://github.com/russellhaering/goxmldsig/issues/48 NOTE: https://github.com/russellhaering/goxmldsig/commit/fb23e0af61c023e3a6dae8ad30dbd0f04d8a4d8f CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...) NOT-FOR-US: Node safe-eval CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...) NOT-FOR-US: Node json-pointer CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...) NOT-FOR-US: Node irrelon-path CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node property-expr CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node connie-lang CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK distribute ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node linux-cmdline CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node nis-utils CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...) NOT-FOR-US: templ8 CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) NOT-FOR-US: Node madlib-object-utils CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) NOT-FOR-US: phpjs CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) NOT-FOR-US: Gerapy CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) NOT-FOR-US: mock2easy nodejs module CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...) NOT-FOR-US: react-native-fast-image nodejs module CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...) - python-uvicorn 0.13.3-1 (bug #969275) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 NOTE: https://github.com/encode/uvicorn/issues/719 CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...) - python-uvicorn 0.13.3-1 (bug #969276) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560 NOTE: https://github.com/encode/uvicorn/issues/723 CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) - node-socks (Fixed before initial upload to archive) CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) - google-oauth-client-java 1.28.0-2 (bug #988944) NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469 NOTE: https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824 CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <" substring in an ini ...) NOT-FOR-US: Indeo Otter CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissec ...) {DSA-4060-1 DLA-1226-1} - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissect ...) {DSA-4060-1 DLA-1226-1} - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...) {DSA-4060-1 DLA-1226-1} - wireshark 2.4.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html CVE-2017-17082 REJECTED CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 an ...) {DSA-4099-1} - ffmpeg 7:3.4.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as dis ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421 CVE-2018-0740 REJECTED CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be fo ...) {DSA-4158-1 DSA-4157-1 DLA-1330-1} - openssl 1.1.0h-1 - openssl1.0 1.0.2o-1 - libtomcrypt 1.18.2-1 (low) [stretch] - libtomcrypt (Minor issue) [jessie] - libtomcrypt (Minor issue) NOTE: https://www.openssl.org/news/secadv/20180327.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d NOTE: https://github.com/libtom/libtomcrypt/pull/373 CVE-2018-0738 REJECTED CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ...) {DSA-4355-1 DSA-4348-1 DLA-1449-1} - openssl 1.1.0h-3 (low; bug #895844) [wheezy] - openssl (Can wait for next update) - openssl1.0 1.0.2q-1 (low; bug #895845) NOTE: https://www.openssl.org/news/secadv/20180416.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f NOTE: https://eprint.iacr.org/2018/367 CVE-2018-0736 REJECTED CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...) {DSA-4348-1 DLA-1586-1} - openssl 1.1.1a-1 - openssl1.0 (Vulnerable code never present in 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20181029.txt NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1 CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...) {DSA-4355-1 DSA-4348-1} - openssl 1.1.1a-1 [jessie] - openssl (vulnerable code not present, but see note below) - openssl1.0 1.0.2q-1 NOTE: https://www.openssl.org/news/secadv/20181030.txt NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac NOTE: Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which NOTE: futher reduces the amount of leaked timing information. It got no CVE on its own and NOTE: introduced this vulnerability. In order to not forget this issue and probably get more NOTE: information about it later, it is marked as instead of NOTE: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600 CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...) - openssl 1.1.0h-1 (unimportant) [stretch] - openssl 1.1.0f-3+deb9u2 [jessie] - openssl (vulnerable code not present) [wheezy] - openssl (vulnerable code not present) - openssl1.0 (Only affects OpenSSL 1.1.0) NOTE: Issue specific to HP-UX NOTE: https://www.openssl.org/news/secadv/20180327.txt CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ciphersuit ...) {DSA-4355-1 DSA-4348-1 DLA-1449-1} - openssl 1.1.1-1 (low) - openssl1.0 1.0.2q-1 (low) NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4 NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098 NOTE: https://www.openssl.org/news/secadv/20180612.txt CVE-2018-0731 REJECTED CVE-2017-17079 REJECTED CVE-2017-17078 REJECTED CVE-2017-17077 REJECTED CVE-2017-17076 REJECTED CVE-2017-17075 REJECTED CVE-2017-17074 REJECTED CVE-2017-17073 REJECTED CVE-2017-17072 REJECTED CVE-2017-17071 REJECTED CVE-2017-17070 REJECTED CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 al ...) NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...) NOT-FOR-US: Auth0 auth0.js library CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6 ...) NOT-FOR-US: Splunk Web CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of th ...) - i2pd (Fixed before/with the initial upload to Debian) NOTE: Issue fixed with 2.17.0 upstream CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB0 ...) NOT-FOR-US: D-Link CVE-2017-17064 RESERVED CVE-2017-17063 RESERVED CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...) NOT-FOR-US: Open-Xchange CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...) NOT-FOR-US: WordPress plugin wp-thumb-post CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...) {DSA-4057-1 DLA-1207-1} - erlang 1:20.1.7+dfsg-1 NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7) NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4) NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7) NOTE: https://robotattack.org/ CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory Trave ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) NOT-FOR-US: ZKTeco ZKTime Web Software CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevat ...) NOT-FOR-US: ZKTeco ZKTime Web Software CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to execute ...) NOT-FOR-US: Artica Web Proxy CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function new_aubi ...) - aubio 0.4.6-1 (bug #883355) [stretch] - aubio (Minor issue) [jessie] - aubio (Vulnerability introduced in 0.4.3) [wheezy] - aubio (Vulnerability introduced in 0.4.3) NOTE: https://github.com/aubio/aubio/issues/148 CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-17048 RESERVED CVE-2017-17047 RESERVED CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflecte ...) NOT-FOR-US: Emag Marketplace Connector for WordPress CVE-2017-17053 (The init_new_context function in arch/x86/include/asm/mmu_context.h in ...) - linux 4.12.12-1 [stretch] - linux 4.9.47-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before 4.12. ...) - linux 4.12.12-1 [stretch] - linux 4.9.47-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a CVE-2018-0730 (This command injection vulnerability in File Station allows attackers ...) NOT-FOR-US: QNAP CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...) NOT-FOR-US: QNAP CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...) NOT-FOR-US: QNAP CVE-2018-0727 RESERVED CVE-2018-0726 RESERVED CVE-2018-0725 RESERVED CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...) NOT-FOR-US: Q'center Virtual Appliance CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...) NOT-FOR-US: Q'center Virtual Appliance CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and earl ...) NOT-FOR-US: QNAP CVE-2018-0721 (Buffer Overflow vulnerability in NAS devices. QTS allows attackers to ...) NOT-FOR-US: QNAP QTS CVE-2018-0720 RESERVED CVE-2018-0719 (Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP System ...) NOT-FOR-US: QNAP QTS CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ver ...) NOT-FOR-US: Music Station CVE-2018-0717 RESERVED CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4. ...) NOT-FOR-US: QNAP CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station versions 5.7. ...) NOT-FOR-US: QNAP Photo Station CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and earlie ...) NOT-FOR-US: Helpdesk CVE-2018-0713 RESERVED CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...) NOT-FOR-US: QNAP CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180 ...) NOT-FOR-US: QNAP CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual Applia ...) NOT-FOR-US: QNAP CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center Virtual Appli ...) NOT-FOR-US: QNAP CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center Virtual ...) NOT-FOR-US: QNAP CVE-2018-0707 (Command injection vulnerability in change password of QNAP Q'center Vi ...) NOT-FOR-US: QNAP CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual Appliance ver ...) NOT-FOR-US: QNAP CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...) - yard 0.9.12-1 [stretch] - yard (Minor issue) [jessie] - yard (Minor issue) [wheezy] - yard (Minor issue) NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 (0.9.11) CVE-2017-17041 RESERVED CVE-2017-17040 RESERVED CVE-2017-17039 RESERVED CVE-2017-17038 RESERVED CVE-2017-17037 RESERVED CVE-2017-17036 RESERVED CVE-2017-17035 RESERVED CVE-2017-17034 RESERVED CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) NOT-FOR-US: QNAP QTS CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) NOT-FOR-US: QNAP QTS CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) NOT-FOR-US: QNAP QTS CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS version ...) NOT-FOR-US: QNAP QTS CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS version ...) NOT-FOR-US: QNAP QTS CVE-2017-17028 (A buffer overflow vulnerability in external device function in QNAP QT ...) NOT-FOR-US: QNAP QTS CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2 ...) NOT-FOR-US: QNAP QTS CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...) {DSA-4050-1 DLA-1559-1 DLA-1230-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-247.html CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...) {DSA-4050-1 DLA-1559-1 DLA-1230-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-246.html CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform allow ...) {DSA-4050-1 DLA-1549-1} - xen 4.8.2+xsa245-0+deb9u1 [wheezy] - xen (arm not supported) NOTE: https://xenbits.xen.org/xsa/advisory-245.html CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allow ...) NOT-FOR-US: Cybozu CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...) NOT-FOR-US: Cybozu CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...) NOT-FOR-US: Cybozu CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 al ...) NOT-FOR-US: Cybozu CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31 ...) NOT-FOR-US: BlueStacks App Player CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request prope ...) NOT-FOR-US: YukiWiki CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allow ...) NOT-FOR-US: YukiWiki CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...) NOT-FOR-US: GROWI CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and earl ...) NOT-FOR-US: Metabase CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage s ...) NOT-FOR-US: OpenAM (different from src:openam) CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...) NOT-FOR-US: User-friendly SVN CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary ...) NOT-FOR-US: FileZen CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows r ...) NOT-FOR-US: FileZen CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version 43.23.100 ...) NOT-FOR-US: Baidu CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior to ver ...) NOT-FOR-US: Softbank +Message App for Android CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ve ...) NOT-FOR-US: Music Center for PC CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and scanne ...) NOT-FOR-US: SEIKO CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-5 ...) NOT-FOR-US: SEIKO CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun ...) NOT-FOR-US: NEOJAPAN CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) NOT-FOR-US: NEOJAPAN CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and e ...) NOT-FOR-US: NEOJAPAN CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...) NOT-FOR-US: NEOJAPAN CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...) NOT-FOR-US: NEOJAPAN CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) NOT-FOR-US: NEOJAPAN CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) NOT-FOR-US: NEOJAPAN CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) NOT-FOR-US: NEOJAPAN CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network device ...) NOT-FOR-US: FXC CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows ...) NOT-FOR-US: BN-SDWBP3 CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with admi ...) NOT-FOR-US: BN-SDWBP3 CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the ...) NOT-FOR-US: BN-SDWBP3 CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script executi ...) NOT-FOR-US: AttacheCase CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script executi ...) NOT-FOR-US: AttacheCase CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allo ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to V ...) - movabletype-opensource CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...) NOT-FOR-US: INplc-RT CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...) NOT-FOR-US: INplc-RT CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...) NOT-FOR-US: INplc-RT CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers t ...) NOT-FOR-US: INplc-RT CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express ...) NOT-FOR-US: INplc CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...) NOT-FOR-US: Yamaha CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...) NOT-FOR-US: Yamaha CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...) NOT-FOR-US: NoMachine App for Android CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) NOT-FOR-US: I-O DATA network camera products CVE-2018-0662 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) NOT-FOR-US: I-O DATA network camera products CVE-2018-0661 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) NOT-FOR-US: I-O DATA network camera products CVE-2018-0660 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...) NOT-FOR-US: AttacheCase CVE-2018-0659 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...) NOT-FOR-US: AttacheCase CVE-2018-0658 (Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 ...) NOT-FOR-US: EC-CUBE CVE-2018-0657 (Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-P ...) NOT-FOR-US: EC-CUBE CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper ...) NOT-FOR-US: Digital Paper App CVE-2018-0655 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) NOT-FOR-US: GROWI CVE-2018-0654 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) NOT-FOR-US: GROWI CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) NOT-FOR-US: GROWI CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) NOT-FOR-US: GROWI CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA product ...) NOT-FOR-US: YOKOGAWA CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 do ...) NOT-FOR-US: LINE MUSIC for Android CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple Cano ...) NOT-FOR-US: CANON CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop A ...) NOT-FOR-US: installer of ChatWork Desktop App for Windows CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware ...) NOT-FOR-US: WL-330NUL Firmware CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows ...) NOT-FOR-US: Explzh CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via uns ...) NOT-FOR-US: MTAppjQuery CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage ...) NOT-FOR-US: ORCA (Online Receipt Computer Advantage) CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-serv ...) NOT-FOR-US: ORCA (Online Receipt Computer Advantage) CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...) NOT-FOR-US: FV Flowplayer Video Player CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...) NOT-FOR-US: Aterm CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...) NOT-FOR-US: Aterm CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) NOT-FOR-US: Aterm CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...) NOT-FOR-US: Aterm CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...) NOT-FOR-US: Aterm CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) NOT-FOR-US: Aterm CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) NOT-FOR-US: Aterm CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) NOT-FOR-US: Aterm CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) NOT-FOR-US: Aterm CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) NOT-FOR-US: Aterm CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) NOT-FOR-US: Aterm CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) NOT-FOR-US: Aterm CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...) NOT-FOR-US: Yayoi CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...) NOT-FOR-US: Yayoi CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...) NOT-FOR-US: DHC Online Shop App for Android CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOF ...) NOT-FOR-US: LOGICOOL CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...) NOT-FOR-US: LOGICOOL CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft Glar ...) NOT-FOR-US: Glarysoft CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ...) {DSA-4246-1 DLA-1442-1} - mailman 1:2.1.27-1 NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html NOTE: https://launchpad.net/mailman/+milestone/2.1.27 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1747 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783 NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785 CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.22 ...) NOT-FOR-US: ChamaNet MemoCGI CVE-2018-0616 RESERVED CVE-2018-0615 RESERVED CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CS ...) NOT-FOR-US: NEC CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 an ...) NOT-FOR-US: NEC CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter v1.0 ...) NOT-FOR-US: 5000 trillion yen converter CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 c ...) NOT-FOR-US: ANA App CVE-2018-0610 (Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allo ...) NOT-FOR-US: Zenphoto CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions befor ...) NOT-FOR-US: LINE CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote attacke ...) - h2o 2.2.5+dfsg1-1 NOTE: https://github.com/h2o/h2o/issues/1775 CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the Cy ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...) NOT-FOR-US: Pixelpost CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier all ...) NOT-FOR-US: Pixelpost CVE-2018-0604 (Pixelpost v1.7.3 and earlier allows remote code execution via unspecif ...) NOT-FOR-US: Pixelpost CVE-2018-0603 (Cross-site scripting vulnerability in Site Reviews versions prior to 2 ...) NOT-FOR-US: Site Reviews CVE-2018-0602 (Cross-site scripting vulnerability in Email Subscribers & Newsletters ...) NOT-FOR-US: Email Subscribers & Newsletters CVE-2018-0601 (Untrusted search path vulnerability in axpdfium v0.01 allows an attack ...) NOT-FOR-US: axpdfium CVE-2018-0600 (Untrusted search path vulnerability in the installer of PlayMemories H ...) NOT-FOR-US: PlayMemories CVE-2018-0599 (Untrusted search path vulnerability in the installer of Visual C++ Red ...) NOT-FOR-US: Visual C++ CVE-2018-0598 (Untrusted search path vulnerability in Self-extracting archive files c ...) NOT-FOR-US: IExpress CVE-2018-0597 (Untrusted search path vulnerability in the installer of Visual Studio ...) NOT-FOR-US: Visual Studio CVE-2018-0596 (Untrusted search path vulnerability in the installer of Visual Studio ...) NOT-FOR-US: Visual Studio CVE-2018-0595 (Untrusted search path vulnerability in the installer of Skype for Wind ...) NOT-FOR-US: Skype CVE-2018-0594 (Untrusted search path vulnerability in Skype for Windows allows an att ...) NOT-FOR-US: Skype CVE-2018-0593 (Untrusted search path vulnerability in the installer of Microsoft OneD ...) NOT-FOR-US: OneDrive CVE-2018-0592 (Untrusted search path vulnerability in Microsoft OneDrive allows an at ...) NOT-FOR-US: OneDrive CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3. ...) NOT-FOR-US: KINEPASS CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate Mem ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of Ultima ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to ...) NOT-FOR-US: WordPress plugin ultimate-member CVE-2018-0584 (IIJ SmartKey App for Android version 2.1.0 and earlier allows remote a ...) NOT-FOR-US: IIJ SmartKey CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware versio ...) NOT-FOR-US: ASUS CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version p ...) NOT-FOR-US: ASUS CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version p ...) NOT-FOR-US: ASUS CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series ...) NOT-FOR-US: CELSYS CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...) NOT-FOR-US: WordPress plugin wonderm00ns-simple-facebook-open-graph-tags CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ve ...) NOT-FOR-US: WordPress plugin pixelyoursite CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ve ...) NOT-FOR-US: WordPress plugin wp-google-map-plugin CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to v ...) NOT-FOR-US: WordPress plugin events-manager CVE-2018-0575 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) NOT-FOR-US: baserCMS CVE-2018-0574 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...) NOT-FOR-US: baserCMS CVE-2018-0573 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) NOT-FOR-US: baserCMS CVE-2018-0572 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) NOT-FOR-US: baserCMS CVE-2018-0571 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) NOT-FOR-US: baserCMS CVE-2018-0570 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...) NOT-FOR-US: baserCMS CVE-2018-0569 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) NOT-FOR-US: baserCMS CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ve ...) NOT-FOR-US: Joruri Gw CVE-2018-0567 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...) NOT-FOR-US: Cybozu Office CVE-2018-0566 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...) NOT-FOR-US: Cybozu Office CVE-2018-0565 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 a ...) NOT-FOR-US: Cybozu Office CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0. ...) NOT-FOR-US: EC-CUBE CVE-2018-0563 (Untrusted search path vulnerability in the installer of FLET'S VIRUS C ...) NOT-FOR-US: FLET CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free v ...) NOT-FOR-US: Installer of SoundEngine Free CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall Clie ...) NOT-FOR-US: Installer of PhishWall Client Internet Explorer CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attacker ...) NOT-FOR-US: Hatena Bookmark App for iOS CVE-2018-0559 (Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 a ...) NOT-FOR-US: Cybozu Mailwise CVE-2018-0558 (Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 ...) NOT-FOR-US: Cybozu Mailwise CVE-2018-0557 (Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to ...) NOT-FOR-US: Cybozu Mailwise CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execut ...) NOT-FOR-US: Buffalo WZR-1750DHP2 CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...) NOT-FOR-US: Buffalo WZR-1750DHP2 CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...) NOT-FOR-US: Buffalo WZR-1750DHP2 CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ve ...) NOT-FOR-US: iRemoconWiFi App for Android CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall Clie ...) NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows) CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 all ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 all ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...) NOT-FOR-US: WP All Import plugin for WordPress CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...) NOT-FOR-US: WP All Import plugin for WordPress CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrar ...) NOT-FOR-US: LXR CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier (Inst ...) NOT-FOR-US: WinShot CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier (Instal ...) NOT-FOR-US: Jtrim installer CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...) NOT-FOR-US: WebProxy (some software released by LunarLight) CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to caus ...) NOT-FOR-US: Tiny FTP Daemon CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows a ...) NOT-FOR-US: ViX CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary comma ...) NOT-FOR-US: QQQ SYSTEMS CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) NOT-FOR-US: QQQ SYSTEMS CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) NOT-FOR-US: QQQ SYSTEMS CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) NOT-FOR-US: QQQ SYSTEMS CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...) NOT-FOR-US: PHP 2chBBS CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an at ...) NOT-FOR-US: ArsenoL CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...) NOT-FOR-US: Cybozu Garoon CVE-2018-0529 (Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a deni ...) NOT-FOR-US: Cybozu Office CVE-2018-0528 (Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypas ...) NOT-FOR-US: Cybozu Office CVE-2018-0527 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 a ...) NOT-FOR-US: Cybozu Office CVE-2018-0526 (Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an im ...) NOT-FOR-US: Cybozu Office CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows ...) - jubatus (bug #704100) CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...) - jubatus (bug #704100) CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) NOT-FOR-US: Buffalo CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier ...) NOT-FOR-US: Buffalo CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) NOT-FOR-US: Buffalo CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS0 ...) NOT-FOR-US: FS010W firmware CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...) NOT-FOR-US: FS010W firmware CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...) NOT-FOR-US: LINE for iOS CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...) NOT-FOR-US: Anshin net security for Windows CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address selectio ...) NOT-FOR-US: FLET'S v4 / v6 address selection tool CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ve ...) NOT-FOR-US: FLET'S Azukeru Backup Tool CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remot ...) NOT-FOR-US: MP Form Mail CGI eCommerce Edition CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...) NOT-FOR-US: MTS Simple Booking CVE-2018-0512 (Devices with IP address setting tool "MagicalFinder" provided by I-O D ...) NOT-FOR-US: IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version 5. ...) NOT-FOR-US: WP Retina CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlie ...) NOT-FOR-US: kkcal CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result v ...) NOT-FOR-US: kkcal CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer (kkcald ...) NOT-FOR-US: kkcal CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...) NOT-FOR-US: FLET'S VIRUS CLEAR CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...) NOT-FOR-US: Nootka CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...) {DSA-4301-1} - mediawiki 1:1.31.1-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html NOTE: https://phabricator.wikimedia.org/T194605 CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an in ...) {DSA-4301-1} - mediawiki 1:1.31.1-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html NOTE: https://phabricator.wikimedia.org/T187638 CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...) {DSA-4301-1} - mediawiki 1:1.31.1-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html NOTE: https://phabricator.wikimedia.org/T169545 CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...) {DLA-2470-1} - zsh 5.6-1 (bug #908000) [jessie] - zsh (Minor issue) NOTE: https://www.zsh.org/mla/zsh-announce/136 NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ...) - apt 1.6.4 [stretch] - apt (Vulnerable code introduced in 1.6~alpha6) [jessie] - apt (Vulnerable code introduced in 1.6~alpha6) NOTE: https://mirror.fail/ CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including cur ...) - curl 7.61.0-1 (bug #903546) [stretch] - curl (Only affects 7.54.1 to 7.60.0) [jessie] - curl (Only affects 7.54.1 to 7.60.0) NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html CVE-2018-0499 (A cross-site scripting vulnerability in queryparser/termgenerator_inte ...) - xapian-core 1.4.6-1 (bug #902886) [stretch] - xapian-core 1.4.3-2+deb9u1 [jessie] - xapian-core (vulnerable code not present) NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows loc ...) {DSA-4296-1 DLA-1518-1} - mbedtls 2.12.0-1 (bug #904821) - polarssl NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows rem ...) {DSA-4296-1 DLA-1518-1} - mbedtls 2.12.0-1 (bug #904821) - polarssl NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 ...) {DLA-1686-1} - freedink-dfarc 3.14-1 [stretch] - freedink-dfarc 3.12-1+deb9u1 NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169 NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998 CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...) {DSA-4231-1 DLA-1405-1} - libgcrypt20 1.8.3-1 NOTE: https://dev.gnupg.org/T4011 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965 CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...) {DSA-4195-1 DLA-1375-1} - wget 1.19.5-1 (bug #898076) NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html NOTE: https://savannah.gnu.org/bugs/?53763 NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd NOTE: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt CVE-2018-0493 (remctld in remctl before 3.14, when an attacker is authorized to execu ...) {DSA-4159-1} - remctl 3.14-1 [jessie] - remctl (Affected code introduced in 3.12) [wheezy] - remctl (Affected code introduced in 3.12) NOTE: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html NOTE: https://git.eyrie.org/?p=kerberos/remctl.git;a=commitdiff;h=e2b34e086f199b39f8ea36dd621684003835d172 CVE-2018-0492 (Johnathan Nightingale beep through 1.3.4, if setuid, has a race condit ...) {DSA-4163-1 DLA-1338-1} - beep 1.3-5 (bug #894667) NOTE: https://github.com/johnath/beep/issues/11 CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...) - tor 0.3.2.10-1 [stretch] - tor (Only affects tor 0.3.2.x series and later) [jessie] - tor (Only affects tor 0.3.2.x series and later) [wheezy] - tor (Only affects tor 0.3.2.x series and later) NOTE: https://trac.torproject.org/projects/tor/ticket/25117 NOTE: https://trac.torproject.org/projects/tor/ticket/24700 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 NOTE: https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9 CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.1 ...) {DSA-4183-1} - tor 0.3.2.10-1 [jessie] - tor (Vulnerable code introduced after tor-0.2.9.4-alpha) [wheezy] - tor (Vulnerable code introduced after tor-0.2.9.4-alpha) NOTE: https://trac.torproject.org/projects/tor/ticket/25074 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 NOTE: https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4 CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Pr ...) {DSA-4126-1 DLA-1296-1} - xmltooling 1.6.4-1 NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128 NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...) {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 (bug #890287) - polarssl [wheezy] - polarssl (according to the upstream advisory < 1.2.19 not affected) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87 NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows rem ...) {DSA-4147-1 DSA-4138-1} - mbedtls 2.7.0-2 (bug #890288) - polarssl [wheezy] - polarssl (according to the upstream advisory < 1.3.7 not affected) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Pr ...) {DSA-4085-1 DLA-1242-1} - xmltooling 1.6.3-1 [stretch] - xmltooling 1.6.0-4+deb9u1 NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already NOTE: disallow DTD use. NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-127 NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=a02314e96d6746d29c5697b504d37f2e04a6e6cd CVE-2017-17026 RESERVED CVE-2017-17025 RESERVED CVE-2017-17024 RESERVED CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...) NOT-FOR-US: Sophos IPSec Client and NCP "Secure Entry Client" CVE-2017-17022 RESERVED CVE-2017-17021 RESERVED CVE-2017-17020 (On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 ...) NOT-FOR-US: D-Link CVE-2017-17019 RESERVED CVE-2017-17018 RESERVED CVE-2017-17017 RESERVED CVE-2017-17016 RESERVED CVE-2017-17015 RESERVED CVE-2017-17014 RESERVED CVE-2017-17013 RESERVED CVE-2017-17012 RESERVED CVE-2017-17011 RESERVED CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for P ...) NOT-FOR-US: Content Manager Assistant for PlayStation CVE-2017-17009 REJECTED CVE-2017-17008 REJECTED CVE-2017-17007 REJECTED CVE-2017-17006 REJECTED CVE-2017-17005 REJECTED CVE-2017-17004 REJECTED CVE-2017-17003 REJECTED CVE-2017-17002 REJECTED CVE-2017-17001 REJECTED CVE-2017-17000 REJECTED CVE-2017-16999 REJECTED CVE-2017-16998 REJECTED CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...) - glibc 2.25-6 (bug #884615) [stretch] - glibc 2.24-11+deb9u4 - eglibc [wheezy] - eglibc (Minor issue) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) - linux 4.14.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...) {DSA-4073-1} - linux 4.14.7-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which al ...) NOT-FOR-US: Pebble CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exist ...) NOT-FOR-US: Hitachi Vantara Pentaho BA Platform CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the Ja ...) NOT-FOR-US: typed-function CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a ...) NOT-FOR-US: math.js CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the JavaScrip ...) NOT-FOR-US: math.js CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections) NOT-FOR-US: GitPHP CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger code ...) NOT-FOR-US: Swagger-Parser CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...) {DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1} - atril 1.20.0-1 (low) [stretch] - atril 1.16.1-2+deb9u2 - evince 3.25.92-1 (low) [stretch] - evince (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947 NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1) NOTE: Fixed by: https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e (3.25.91) CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation I ...) NOT-FOR-US: Cisco CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell (SSH) ...) NOT-FOR-US: Cisco CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) NOT-FOR-US: Cisco CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco Prime N ...) NOT-FOR-US: Cisco CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Sof ...) NOT-FOR-US: Cisco CVE-2018-0479 RESERVED CVE-2018-0478 RESERVED CVE-2018-0477 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0476 (A vulnerability in the Network Address Translation (NAT) Session Initi ...) NOT-FOR-US: Cisco CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2018-0471 (A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software could al ...) NOT-FOR-US: Cisco CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software cou ...) NOT-FOR-US: Cisco CVE-2018-0468 (A vulnerability in the configuration of a local database installed as ...) NOT-FOR-US: Cisco CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE So ...) NOT-FOR-US: Cisco CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) imp ...) NOT-FOR-US: Cisco CVE-2018-0465 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2018-0464 (A vulnerability in Cisco Data Center Network Manager software could al ...) NOT-FOR-US: Cisco CVE-2018-0463 (A vulnerability in the Cisco Network Plug and Play server component of ...) NOT-FOR-US: Cisco CVE-2018-0462 (A vulnerability in the user management functionality of Cisco Enterpri ...) NOT-FOR-US: Cisco CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...) NOT-FOR-US: Cisco CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco Enterpr ...) NOT-FOR-US: Cisco CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ( ...) NOT-FOR-US: Cisco CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and Vers ...) NOT-FOR-US: Cisco CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud S ...) NOT-FOR-US: Cisco CVE-2018-0453 (A vulnerability in the Sourcefire tunnel control channel protocol in C ...) NOT-FOR-US: Cisco CVE-2018-0452 (A vulnerability in the web-based management interface of Cisco Tetrati ...) NOT-FOR-US: Cisco CVE-2018-0451 (A vulnerability in the web-based management interface of Cisco Tetrati ...) NOT-FOR-US: Cisco CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF) software, i ...) NOT-FOR-US: Cisco CVE-2018-0448 (A vulnerability in the identity management service of Cisco Digital Ne ...) NOT-FOR-US: Cisco CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco AsyncO ...) NOT-FOR-US: Cisco CVE-2018-0446 (A vulnerability in the web-based management interface of Cisco Industr ...) NOT-FOR-US: Cisco CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco Package ...) NOT-FOR-US: Cisco CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco Package ...) NOT-FOR-US: Cisco CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco IO ...) NOT-FOR-US: Cisco CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network Mana ...) NOT-FOR-US: Cisco CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...) NOT-FOR-US: Cisco CVE-2018-0438 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) ...) NOT-FOR-US: Cisco CVE-2018-0437 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) ...) NOT-FOR-US: Cisco CVE-2018-0436 (A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allo ...) NOT-FOR-US: Cisco CVE-2018-0435 (A vulnerability in the Cisco Umbrella API could allow an authenticated ...) NOT-FOR-US: Cisco CVE-2018-0434 (A vulnerability in the Zero Touch Provisioning feature of the Cisco SD ...) NOT-FOR-US: Cisco CVE-2018-0433 (A vulnerability in the command-line interface (CLI) in the Cisco SD-WA ...) NOT-FOR-US: Cisco CVE-2018-0432 (A vulnerability in the error reporting feature of the Cisco SD-WAN Sol ...) NOT-FOR-US: Cisco CVE-2018-0431 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2018-0430 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit 18 ...) NOT-FOR-US: Cisco CVE-2018-0428 (A vulnerability in the account management subsystem of Cisco Web Secur ...) NOT-FOR-US: Cisco CVE-2018-0427 (A vulnerability in the CronJob scheduler API of Cisco Digital Network ...) NOT-FOR-US: Cisco CVE-2018-0426 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2018-0425 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2018-0424 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2018-0423 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings clie ...) NOT-FOR-US: Cisco CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access Reg ...) NOT-FOR-US: Cisco CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) NOT-FOR-US: Cisco CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco Em ...) NOT-FOR-US: Cisco CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature ...) NOT-FOR-US: Cisco CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN Contr ...) NOT-FOR-US: Cisco CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) NOT-FOR-US: Cisco CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication Pro ...) NOT-FOR-US: Cisco CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control Ser ...) NOT-FOR-US: Cisco CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0412 (A vulnerability in the implementation of Extensible Authentication Pro ...) NOT-FOR-US: Cisco CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0410 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco CVE-2018-0409 (A vulnerability in the XCP Router service of the Cisco Unified Communi ...) NOT-FOR-US: Cisco CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2018-0406 (A vulnerability in the web-based management interface of Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2018-0405 (A vulnerability in the web framework code for Cisco RV180W Wireless-N ...) NOT-FOR-US: Cisco CVE-2018-0404 (A vulnerability in the web framework code for Cisco RV180W Wireless-N ...) NOT-FOR-US: Cisco CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software inst ...) NOT-FOR-US: Cisco CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified Communicatio ...) NOT-FOR-US: Cisco CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) NOT-FOR-US: Cisco CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services Pla ...) NOT-FOR-US: Cisco CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder int ...) NOT-FOR-US: Cisco CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an authen ...) NOT-FOR-US: Cisco CVE-2018-0391 (A vulnerability in the password change function of Cisco Prime Collabo ...) NOT-FOR-US: Cisco CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an una ...) NOT-FOR-US: Cisco CVE-2018-0389 (A vulnerability in the implementation of Session Initiation Protocol ( ...) NOT-FOR-US: Cisco CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) NOT-FOR-US: Cisco CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could all ...) NOT-FOR-US: Cisco CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager Softwar ...) NOT-FOR-US: Cisco CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket Lay ...) NOT-FOR-US: Cisco CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...) NOT-FOR-US: Cisco CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...) NOT-FOR-US: Cisco CVE-2018-0382 (A vulnerability in the session identification management functionality ...) NOT-FOR-US: Cisco CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) softwa ...) NOT-FOR-US: Cisco CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...) NOT-FOR-US: Cisco CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...) NOT-FOR-US: Cisco CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interfac ...) NOT-FOR-US: Cisco CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...) NOT-FOR-US: Cisco CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before 18 ...) NOT-FOR-US: Cisco CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite b ...) NOT-FOR-US: Cisco CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys fo ...) NOT-FOR-US: Cisco CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series F ...) NOT-FOR-US: Cisco CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...) NOT-FOR-US: Cisco CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 packets of ...) NOT-FOR-US: Cisco CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) NOT-FOR-US: Cisco CVE-2018-0367 (A vulnerability in the web-based management interface of the Cisco Reg ...) NOT-FOR-US: Cisco CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...) NOT-FOR-US: Cisco CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...) {DLA-1461-1} - clamav 0.100.1+dfsg-1 [stretch] - clamav 0.100.1+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant inf ...) {DLA-1461-1} - clamav 0.100.1+dfsg-1 [stretch] - clamav 0.100.1+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html CVE-2018-0359 (A vulnerability in the session identification management functionality ...) NOT-FOR-US: Cisco CVE-2018-0358 (A vulnerability in the file descriptor handling of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an una ...) NOT-FOR-US: Cisco CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an una ...) NOT-FOR-US: Cisco CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection could a ...) NOT-FOR-US: Cisco CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Security ...) NOT-FOR-US: Cisco CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide ...) NOT-FOR-US: Cisco CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WA ...) NOT-FOR-US: Cisco (tcpdump utility in Cisco SD-WAN Solution, but CVE is Cisco specific assigned) CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...) NOT-FOR-US: Cisco CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...) NOT-FOR-US: Cisco CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the ...) NOT-FOR-US: Cisco CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco SD ...) NOT-FOR-US: Cisco CVE-2018-0345 (A vulnerability in the configuration and management database of the Ci ...) NOT-FOR-US: Cisco CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and man ...) NOT-FOR-US: Cisco CVE-2018-0343 (A vulnerability in the configuration and management service of the Cis ...) NOT-FOR-US: Cisco CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the Cis ...) NOT-FOR-US: Cisco CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and ...) NOT-FOR-US: Cisco CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified Communicatio ...) NOT-FOR-US: Cisco CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0337 (A vulnerability in the role-based access-checking mechanisms of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime Colla ...) NOT-FOR-US: Cisco CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prim ...) NOT-FOR-US: Cisco CVE-2018-0334 (A vulnerability in the certificate management subsystem of Cisco AnyCo ...) NOT-FOR-US: Cisco CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco FireSIGHT ...) NOT-FOR-US: Cisco CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packe ...) NOT-FOR-US: Cisco CVE-2018-0331 (A vulnerability in the Cisco Discovery Protocol (formerly known as CDP ...) NOT-FOR-US: Cisco CVE-2018-0330 (A vulnerability in the NX-API management application programming inter ...) NOT-FOR-US: Cisco CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network Man ...) NOT-FOR-US: Cisco CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...) NOT-FOR-US: Cisco CVE-2018-0326 (A vulnerability in the web UI of Cisco TelePresence Server Software co ...) NOT-FOR-US: Cisco CVE-2018-0325 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...) NOT-FOR-US: Cisco CVE-2018-0324 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) NOT-FOR-US: Cisco CVE-2018-0323 (A vulnerability in the web management interface of Cisco Enterprise NF ...) NOT-FOR-US: Cisco CVE-2018-0322 (A vulnerability in the web management interface of Cisco Prime Collabo ...) NOT-FOR-US: Cisco CVE-2018-0321 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could ...) NOT-FOR-US: Cisco CVE-2018-0320 (A vulnerability in the web framework code of Cisco Prime Collaboration ...) NOT-FOR-US: Cisco CVE-2018-0319 (A vulnerability in the password recovery function of Cisco Prime Colla ...) NOT-FOR-US: Cisco CVE-2018-0318 (A vulnerability in the password reset function of Cisco Prime Collabor ...) NOT-FOR-US: Cisco CVE-2018-0317 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) NOT-FOR-US: Cisco CVE-2018-0316 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...) NOT-FOR-US: Cisco CVE-2018-0315 (A vulnerability in the authentication, authorization, and accounting ( ...) NOT-FOR-US: Cisco CVE-2018-0314 (A vulnerability in the Cisco Fabric Services (CFS) component of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0313 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2018-0312 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0311 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0310 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0309 (A vulnerability in the implementation of a specific CLI command and th ...) NOT-FOR-US: Cisco CVE-2018-0308 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0307 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2018-0306 (A vulnerability in the CLI parser of Cisco NX-OS Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0305 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0304 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2018-0303 (A vulnerability in the Cisco Discovery Protocol component of Cisco FXO ...) NOT-FOR-US: Cisco CVE-2018-0302 (A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...) NOT-FOR-US: Cisco CVE-2018-0301 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2018-0300 (A vulnerability in the process of uploading new application images to ...) NOT-FOR-US: Cisco CVE-2018-0299 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...) NOT-FOR-US: Cisco CVE-2018-0298 (A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Inter ...) NOT-FOR-US: Cisco CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...) NOT-FOR-US: Cisco CVE-2018-0296 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...) NOT-FOR-US: Cisco CVE-2018-0295 (A vulnerability in the Border Gateway Protocol (BGP) implementation of ...) NOT-FOR-US: Cisco CVE-2018-0294 (A vulnerability in the write-erase feature of Cisco FXOS Software and ...) NOT-FOR-US: Cisco CVE-2018-0293 (A vulnerability in role-based access control (RBAC) for Cisco NX-OS So ...) NOT-FOR-US: Cisco CVE-2018-0292 (A vulnerability in the Internet Group Management Protocol (IGMP) Snoop ...) NOT-FOR-US: Cisco CVE-2018-0291 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2018-0290 (A vulnerability in the TCP stack of Cisco SocialMiner could allow an u ...) NOT-FOR-US: Cisco CVE-2018-0289 (A vulnerability in the logs component of Cisco Identity Services Engin ...) NOT-FOR-US: Cisco CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could all ...) NOT-FOR-US: Cisco CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...) NOT-FOR-US: Cisco CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software coul ...) NOT-FOR-US: Cisco CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog cou ...) NOT-FOR-US: Cisco CVE-2018-0284 (A vulnerability in the local status page functionality of the Cisco Me ...) NOT-FOR-US: Cisco CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream pr ...) NOT-FOR-US: Cisco CVE-2018-0279 (A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Ente ...) NOT-FOR-US: Cisco CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System So ...) NOT-FOR-US: Cisco CVE-2018-0277 (A vulnerability in the Extensible Authentication Protocol-Transport La ...) NOT-FOR-US: Cisco CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an unauthenticat ...) NOT-FOR-US: Cisco CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity Servic ...) NOT-FOR-US: Cisco CVE-2018-0274 (A vulnerability in the CLI parser of Cisco Network Services Orchestrat ...) NOT-FOR-US: Cisco CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggrega ...) NOT-FOR-US: Cisco CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Fire ...) NOT-FOR-US: Cisco CVE-2018-0271 (A vulnerability in the API gateway of the Cisco Digital Network Archit ...) NOT-FOR-US: Cisco CVE-2018-0270 (A vulnerability in the web-based management interface of Cisco IoT Fie ...) NOT-FOR-US: Cisco CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital Network Arch ...) NOT-FOR-US: Cisco CVE-2018-0268 (A vulnerability in the container management subsystem of Cisco Digital ...) NOT-FOR-US: Cisco CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0265 REJECTED CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...) NOT-FOR-US: Cisco CVE-2018-0263 (A vulnerability in Cisco Meeting Server (CMS) could allow an unauthent ...) NOT-FOR-US: Cisco CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...) NOT-FOR-US: Cisco CVE-2018-0261 RESERVED CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...) NOT-FOR-US: Cisco CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE Co ...) NOT-FOR-US: Cisco CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting multi ...) NOT-FOR-US: Cisco CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series C ...) NOT-FOR-US: Cisco CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality o ...) NOT-FOR-US: Cisco CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Industria ...) NOT-FOR-US: Cisco CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access Con ...) NOT-FOR-US: Cisco CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly functio ...) NOT-FOR-US: Cisco CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of th ...) NOT-FOR-US: Cisco CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect A ...) NOT-FOR-US: Cisco CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...) NOT-FOR-US: Cisco CVE-2018-0248 (A vulnerability in the administrative GUI configuration feature of Cis ...) NOT-FOR-US: Cisco CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco ...) NOT-FOR-US: Cisco CVE-2018-0246 REJECTED CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...) NOT-FOR-US: Cisco CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol Inspection ...) NOT-FOR-US: Cisco CVE-2018-0239 (A vulnerability in the egress packet processing functionality of the C ...) NOT-FOR-US: Cisco CVE-2018-0238 (A vulnerability in the role-based resource checking functionality of t ...) NOT-FOR-US: Cisco CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco Adva ...) NOT-FOR-US: Cisco CVE-2018-0236 REJECTED CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the Ci ...) NOT-FOR-US: Cisco CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling Prot ...) NOT-FOR-US: Cisco CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly fu ...) NOT-FOR-US: Cisco CVE-2018-0232 RESERVED CVE-2018-0231 (A vulnerability in the Transport Layer Security (TLS) library of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0230 (A vulnerability in the internal packet-processing functionality of Cis ...) NOT-FOR-US: Cisco CVE-2018-0229 (A vulnerability in the implementation of Security Assertion Markup Lan ...) NOT-FOR-US: Cisco CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cisco Ad ...) NOT-FOR-US: Cisco CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Netw ...) NOT-FOR-US: Cisco CVE-2018-0226 (A vulnerability in the assignment and management of default user accou ...) NOT-FOR-US: Cisco CVE-2018-0225 (The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4 ...) NOT-FOR-US: Cisco CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) NOT-FOR-US: Cisco CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interfac ...) NOT-FOR-US: Cisco CVE-2018-0222 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) NOT-FOR-US: Cisco CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...) NOT-FOR-US: Cisco CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco Videosc ...) NOT-FOR-US: Cisco CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...) NOT-FOR-US: Cisco CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) NOT-FOR-US: Cisco CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services Eng ...) NOT-FOR-US: Cisco CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco Identi ...) NOT-FOR-US: Cisco CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...) NOT-FOR-US: Cisco CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ba ...) NOT-FOR-US: Cisco CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...) NOT-FOR-US: Cisco CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime Collab ...) NOT-FOR-US: Cisco CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...) NOT-FOR-US: Cisco CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allo ...) NOT-FOR-US: Cisco CVE-2018-0202 (clamscan in ClamAV before 0.99.4 contains a vulnerability that could a ...) {DLA-1307-1} - clamav 0.100.0~beta+dfsg-2 [stretch] - clamav 0.99.4+dfsg-1+deb9u1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980 NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560 NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3 NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857 CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) NOT-FOR-US: Cisco CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service Cata ...) NOT-FOR-US: Cisco CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) NOT-FOR-US: Cisco CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0197 (A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an a ...) NOT-FOR-US: Cisco CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0192 RESERVED CVE-2018-0191 REJECTED CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) NOT-FOR-US: Cisco CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0188 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) NOT-FOR-US: Cisco CVE-2018-0187 (A vulnerability in the Admin portal of Cisco Identity Services Engine ...) NOT-FOR-US: Cisco CVE-2018-0186 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) NOT-FOR-US: Cisco CVE-2018-0185 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0184 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy S ...) NOT-FOR-US: Cisco CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...) NOT-FOR-US: Cisco CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...) NOT-FOR-US: Cisco CVE-2018-0178 REJECTED CVE-2018-0177 (A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IO ...) NOT-FOR-US: Cisco CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery Protocol (LLDP ...) NOT-FOR-US: Cisco CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...) NOT-FOR-US: Cisco CVE-2018-0173 (A vulnerability in the Cisco IOS Software and Cisco IOS XE Software fu ...) NOT-FOR-US: Cisco CVE-2018-0172 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...) NOT-FOR-US: Cisco CVE-2018-0171 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...) NOT-FOR-US: Cisco CVE-2018-0170 (A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0169 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) NOT-FOR-US: Cisco CVE-2018-0168 RESERVED CVE-2018-0167 (Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery P ...) NOT-FOR-US: Cisco CVE-2018-0166 RESERVED CVE-2018-0165 (A vulnerability in the Internet Group Management Protocol (IGMP) packe ...) NOT-FOR-US: Cisco CVE-2018-0164 (A vulnerability in the Switch Integrated Security Features of Cisco IO ...) NOT-FOR-US: Cisco CVE-2018-0163 (A vulnerability in the 802.1x multiple-authentication (multi-auth) fea ...) NOT-FOR-US: Cisco CVE-2018-0162 RESERVED CVE-2018-0161 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2018-0160 (A vulnerability in Simple Network Management Protocol (SNMP) subsystem ...) NOT-FOR-US: Cisco CVE-2018-0159 (A vulnerability in the implementation of Internet Key Exchange Version ...) NOT-FOR-US: Cisco CVE-2018-0158 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...) NOT-FOR-US: Cisco CVE-2018-0157 (A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Softwa ...) NOT-FOR-US: Cisco CVE-2018-0156 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...) NOT-FOR-US: Cisco CVE-2018-0155 (A vulnerability in the Bidirectional Forwarding Detection (BFD) offloa ...) NOT-FOR-US: Cisco CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated Services ...) NOT-FOR-US: Cisco CVE-2018-0153 REJECTED CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...) NOT-FOR-US: Cisco CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access Co ...) NOT-FOR-US: Cisco CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework applicati ...) NOT-FOR-US: Cisco CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Dat ...) NOT-FOR-US: Cisco CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco Prime D ...) NOT-FOR-US: Cisco CVE-2018-0143 REJECTED CVE-2018-0142 RESERVED CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Softwa ...) NOT-FOR-US: Cisco CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security Applian ...) NOT-FOR-US: Cisco CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management con ...) NOT-FOR-US: Cisco CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) NOT-FOR-US: Cisco CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network c ...) NOT-FOR-US: Cisco CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...) NOT-FOR-US: Cisco CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...) NOT-FOR-US: Cisco CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...) NOT-FOR-US: Cisco CVE-2018-0133 RESERVED CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...) NOT-FOR-US: Cisco CVE-2018-0131 (A vulnerability in the implementation of RSA-encrypted nonces in Cisco ...) NOT-FOR-US: Cisco CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...) NOT-FOR-US: Cisco CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...) NOT-FOR-US: Cisco CVE-2018-0126 RESERVED CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wirele ...) NOT-FOR-US: Cisco CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could a ...) NOT-FOR-US: Cisco CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS a ...) NOT-FOR-US: Cisco CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) NOT-FOR-US: Cisco CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based s ...) NOT-FOR-US: Cisco CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0119 (A vulnerability in certain authentication controls in the account serv ...) NOT-FOR-US: Cisco CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the ...) NOT-FOR-US: Cisco CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...) NOT-FOR-US: Cisco CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) NOT-FOR-US: Cisco CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before 0.11 ...) NOT-FOR-US: Cisco node-jose CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could all ...) NOT-FOR-US: Cisco CVE-2018-0112 (A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Mee ...) NOT-FOR-US: Cisco CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2018-0110 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) NOT-FOR-US: Cisco CVE-2018-0109 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) NOT-FOR-US: Cisco CVE-2018-0108 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2018-0107 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...) NOT-FOR-US: Cisco CVE-2018-0106 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...) NOT-FOR-US: Cisco CVE-2018-0105 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced R ...) NOT-FOR-US: Cisco CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...) NOT-FOR-US: Cisco CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow a ...) NOT-FOR-US: Cisco CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...) NOT-FOR-US: Cisco CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure M ...) NOT-FOR-US: Cisco CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network T ...) NOT-FOR-US: Cisco CVE-2018-0098 (A vulnerability in the web-based management interface of Cisco WAP150 ...) NOT-FOR-US: Cisco CVE-2018-0097 (A vulnerability in the web interface of Cisco Prime Infrastructure cou ...) NOT-FOR-US: Cisco CVE-2018-0096 (A vulnerability in the role-based access control (RBAC) functionality ...) NOT-FOR-US: Cisco CVE-2018-0095 (A vulnerability in the administrative shell of Cisco AsyncOS on Cisco ...) NOT-FOR-US: Cisco CVE-2018-0094 (A vulnerability in IPv6 ingress packet processing for Cisco UCS Centra ...) NOT-FOR-US: Cisco CVE-2018-0093 (A vulnerability in the web-based management interface of Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2018-0092 (A vulnerability in the network-operator user role implementation for C ...) NOT-FOR-US: Cisco CVE-2018-0091 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2018-0090 (A vulnerability in management interface access control list (ACL) conf ...) NOT-FOR-US: Cisco CVE-2018-0089 (A vulnerability in the Policy and Charging Rules Function (PCRF) of th ...) NOT-FOR-US: Cisco CVE-2018-0088 (A vulnerability in one of the diagnostic test CLI commands on Cisco In ...) NOT-FOR-US: Cisco CVE-2018-0087 (A vulnerability in the FTP server of the Cisco Web Security Appliance ...) NOT-FOR-US: Cisco CVE-2018-0086 (A vulnerability in the application server of the Cisco Unified Custome ...) NOT-FOR-US: Cisco CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel b ...) - linux 4.14.2-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code introduced in 4.0) [wheezy] - linux (Vulnerable code introduced in 4.0) NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1) CVE-2017-16993 REJECTED CVE-2017-16992 REJECTED CVE-2017-16991 REJECTED CVE-2017-16990 REJECTED CVE-2017-16989 REJECTED CVE-2017-16988 REJECTED CVE-2017-16987 REJECTED CVE-2017-16986 REJECTED CVE-2017-16985 REJECTED CVE-2017-16984 REJECTED CVE-2017-16983 REJECTED CVE-2017-16982 REJECTED CVE-2017-16981 REJECTED CVE-2017-16980 REJECTED CVE-2017-16979 REJECTED CVE-2017-16978 REJECTED CVE-2017-16977 REJECTED CVE-2017-16976 REJECTED CVE-2017-16975 REJECTED CVE-2017-16974 REJECTED CVE-2017-16973 REJECTED CVE-2017-16972 REJECTED CVE-2017-16971 REJECTED CVE-2017-16970 REJECTED CVE-2017-16969 REJECTED CVE-2017-16968 REJECTED CVE-2017-16967 REJECTED CVE-2017-16966 REJECTED CVE-2017-16965 REJECTED CVE-2017-16964 REJECTED CVE-2017-16963 RESERVED CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate P ...) NOT-FOR-US: CommuniGate Pro CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree ...) NOT-FOR-US: BigTree CMS CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) NOT-FOR-US: TP-Link CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, a ...) NOT-FOR-US: TP-Link CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) NOT-FOR-US: TP-Link CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) NOT-FOR-US: TP-Link CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a priva ...) NOT-FOR-US: b3log Symphony CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for Word ...) NOT-FOR-US: InLinks plugin for WordPress CVE-2017-16954 RESERVED CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic A ...) NOT-FOR-US: ZTE CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: K-Multimedia Player CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial o ...) NOT-FOR-US: Winamp CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before 2 ...) - urbackup-server (bug #697325) CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post P ...) NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) NOT-FOR-US: TG Soft Vir.IT eXplorer Lite CVE-2017-16947 RESERVED CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...) NOT-FOR-US: MISP CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows loc ...) NOT-FOR-US: standardrestorer binary in Arq CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...) - libsndfile 1.0.27-1 [jessie] - libsndfile (Minor issue) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/341 CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) {DSA-4053-1} - exim4 4.89-13 (bug #882671) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2201 NOTE: https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542 NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) {DSA-4053-1} - exim4 4.89-12 (bug #882648) [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) NOTE: https://bugs.exim.org/show_bug.cgi?id=2199 NOTE: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4 NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html NOTE: https://twitter.com/philpennock/status/934270613811875840 NOTE: 4.89-10 adds a workaround which disables the affected code by default CVE-2017-16941 (October CMS through 1.0.428 does not prevent use of .htaccess in theme ...) NOT-FOR-US: October CMS CVE-2017-16940 RESERVED CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Lin ...) {DSA-4082-1 DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to c ...) {DSA-4058-1 DLA-1196-1} - optipng 0.7.6-1.1 (bug #878839) NOTE: https://sourceforge.net/p/optipng/bugs/69/ CVE-2017-16937 RESERVED CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...) NOT-FOR-US: Shenzhen Tenda CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...) NOT-FOR-US: Ametys CMS CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execut ...) NOT-FOR-US: DBL DBLTek devices CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown ca ...) - icinga2 2.8.4-1 (low; bug #883247) [stretch] - icinga2 (Minor issue) [jessie] - icinga2 (Minor issue) NOTE: https://github.com/Icinga/icinga2/issues/5793 NOTE: CVE is for the unsafe use of chown(1) CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...) - cacti 0.8.8h+ds1-5 (bug #833420) [jessie] - cacti 0.8.8b+dfsg-8+deb8u6 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u9 NOTE: https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697 NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 NOTE: Fix for the incomplete fix for CVE-2016-2313 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...) {DLA-2972-1 DLA-1194-1} [experimental] - libxml2 2.9.7+dfsg-1 - libxml2 2.9.10+dfsg-2 (bug #882613) [buster] - libxml2 (Minor issue; too intrusive to backport) [jessie] - libxml2 (Minor issue; too intrusive to backport) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 NOTE: Applying only 899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely NOTE: fix the issue, see https://bugs.debian.org/882613#12 for discussion. CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ...) {DLA-1194-1} - libxml2 2.9.4+dfsg1-3.1 [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 al ...) NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...) NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local us ...) NOT-FOR-US: arq_updater binary in Arq CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the sessio ...) {DLA-1203-1} - xrdp 0.9.4-3 (bug #882463) [stretch] - xrdp 0.9.1-9+deb9u2 [jessie] - xrdp (Minor issue) NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958 NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression NOTE: thus marking it only as fixed in the followup version, cf. #884702 CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted fi ...) - ohcount 3.1.0-1 (bug #882372) [stretch] - ohcount (Minor issue) [jessie] - ohcount (Minor issue) [wheezy] - ohcount (Minor issue) NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0) CVE-2017-16925 RESERVED CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in ManageEn ...) NOT-FOR-US: ManageEngine Desktop Central CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda A ...) NOT-FOR-US: Shenzhen Tenda CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Strea ...) NOT-FOR-US: Wowza CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and includin ...) {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 (bug #883774) NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/d12797bf1efa6722c2ba9af6d8238446c2903cd1 NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/368bc37f137e6344f4db014ee2e03c38e2fc62d2 NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/4043ebb2580cd8f87e7758e95bf0d77eea5c82ae CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY val ...) NOT-FOR-US: dayrui FineCms CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulne ...) NOT-FOR-US: MapOS CVE-2017-16918 RESERVED CVE-2017-16917 RESERVED CVE-2017-16916 RESERVED CVE-2017-16915 RESERVED CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.12-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.12-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366 CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux K ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.12-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4. ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.12-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...) {DLA-2903-1} - libraw 0.18.6-1 [wheezy] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...) - libraw 0.18.6-1 [wheezy] - libraw (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 NOTE: https://github.com/LibRaw/LibRaw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during crea ...) {DLA-2350-1} - php-horde-kronolith 4.2.24-1 (bug #909738) [jessie] - php-horde-kronolith (vulnerable code not present) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) {DLA-2349-1 DLA-2348-1 DLA-1536-1 DLA-1535-1} - php-horde 5.2.18+debian0-1 (bug #909739) - php-horde-core 2.31.3+debian0-1 (bug #909800) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 NOTE: php-horde-core: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) {DLA-2351-1 DLA-1537-1} - php-horde-kronolith 4.2.24-1 (bug #909737) NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html NOTE: https://bugs.horde.org/ticket/14857 NOTE: https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...) NOT-FOR-US: DuoLingo TinyCards application CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...) NOT-FOR-US: LvyeCMS CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute arbi ...) NOT-FOR-US: LvyeCMS CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long str ...) NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router CVE-2017-16901 RESERVED CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the ...) NOT-FOR-US: Hunesion i-oneNet CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows remo ...) - fig2dev 1:3.2.6a-5 (bug #881143) [stretch] - fig2dev 1:3.2.6a-2+deb9u1 - transfig [jessie] - transfig 1:3.2.5.e-4+deb8u1 [wheezy] - transfig (Minor issue) CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ea ...) {DLA-1240-1} - ming NOTE: https://github.com/libming/libming/issues/75 CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) NOT-FOR-US: Auth0 passport-wsfed-saml2 library CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass compon ...) - tt-rss 17.4+git20180312+dfsg-1 (bug #882543) NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...) NOT-FOR-US: Arq CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...) - php-laravel-framework (Fixed before initial upload to archive) NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-72070 CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...) - piwigo CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...) - bftpd (bug #640469) NOTE: http://bftpd.sourceforge.net/news.html#032390 CVE-2017-16891 RESERVED CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/57 NOTE: Crash in CLI tool, no security impact CVE-2017-16889 RESERVED CVE-2017-16888 RESERVED CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R ...) NOT-FOR-US: FiberHome LM53Q1 VH519R05C01S38 devices CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...) {DSA-4082-1 DSA-4073-1 DLA-1200-1} - linux 4.14.7-1 NOTE: https://www.spinics.net/lists/kvm/msg159809.html CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a passw ...) NOT-FOR-US: OpenDayLight CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use o ...) - linux 4.14.2-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (vulnerable code not present, cf. kernel-sec information) NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0 NOTE: https://www.openwall.com/lists/oss-security/2017/11/30/1 NOTE: https://github.com/bindecy/HugeDirtyCowPOC CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used th ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with Job/Co ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...) - jenkins CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...) - jenkins CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...) - jenkins CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...) - jenkins CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - jenkins CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...) - jenkins CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - jenkins CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...) - jenkins CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...) - jenkins CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...) - jenkins CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perfor ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores credent ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users ...) NOT-FOR-US: Jenkins plugin CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 all ...) NOT-FOR-US: MistServer CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming < ...) {DLA-1240-1} - ming NOTE: https://github.com/libming/libming/issues/77 CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but s ...) - icinga (Doesn't affect Icinga 1.x as packaged in Debian) NOTE: https://github.com/Icinga/icinga-core/issues/1601 NOTE: State is not fully correct, since "affected" source would be there, NOTE: But Debian does not install the binaries nor configuration files as NOTE: respective icinga user. CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON o ...) NOT-FOR-US: b3log Symphony CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before 2.1 ...) NOT-FOR-US: filp whoops CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) NOT-FOR-US: Snap7 Server CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme versi ...) NOT-FOR-US: WordPress plugin CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...) NOT-FOR-US: Opencast CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...) NOT-FOR-US: Opencast CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) - simple-xml 2.7.1-3 (low; bug #888547) [stretch] - simple-xml (Minor issue) [jessie] - simple-xml (Minor issue) [wheezy] - simple-xml (Minor issue) NOTE: https://github.com/ngallagher/simplexml/issues/18 NOTE: Fixing commit in a new fork of the library (which is renamed simple-xml-safe): NOTE: https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...) NOT-FOR-US: Phoenix Framework CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser) - exiv2 (Vulnerable code introduced in 0.26; only affected experimental) NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/177 CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888863) NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/176 CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser) - exiv2 (WebP support introduced in 0.26; only affected experimental; bug #888864) NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 NOTE: https://github.com/Exiv2/exiv2/issues/175 CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...) - ncurses 6.0+20171125-1 (bug #882620) [stretch] - ncurses 6.0+20161126-1+deb9u2 [jessie] - ncurses 5.9+20140913-1+deb8u3 [wheezy] - ncurses (Minor issue) NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125 CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal functio ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) NOT-FOR-US: ZEIT Next.js CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in mi ...) - mistune 0.8.1-1 [stretch] - mistune (Minor issue) NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98 CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...) {DSA-4170-1} - pjproject 2.7.1~dfsg-1 [jessie] - pjproject (Minor issue) NOTE: https://trac.pjsip.org/repos/ticket/2055 NOTE: https://trac.pjsip.org/repos/changeset/5680 NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN) CVE-2017-16874 RESERVED CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that ...) NOT-FOR-US: vagrant-vmware-fusion CVE-2017-1000233 REJECTED CVE-2017-1000222 REJECTED CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticate ...) - xrootd (Fixed with first upload to Debian) CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code execut ...) NOT-FOR-US: Elixir's vim plugin CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...) {DLA-1175-1} - lynx 2.8.9dev16-1 [stretch] - lynx (Minor issue) - lynx-cur [jessie] - lynx-cur (Minor issue) NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9 CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to buf ...) - htslib 1.4.1-1 [stretch] - htslib (Minor issue) [jessie] - htslib (Minor issue) CVE-2017-1000204 REJECTED CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...) - root-system [jessie] - root-system (Minor issue) [wheezy] - root-system (Minor issue as it's restricted to authenticated users) NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File I ...) NOT-FOR-US: Cygnux sysPass CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting i ...) NOT-FOR-US: Jool CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal) NOT-FOR-US: jqueryFileTree CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes whic ...) NOT-FOR-US: QuickerBB CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate pub ...) NOT-FOR-US: sodiumoxide CVE-2017-1000161 REJECTED CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...) {DSA-4170-1} - pjproject 2.7.1~dfsg-1 [jessie] - pjproject (Minor issue) NOTE: https://trac.pjsip.org/repos/ticket/2056 NOTE: https://trac.pjsip.org/repos/changeset/5682 NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN) CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) NOT-FOR-US: UpdraftPlus plugin for WordPress CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the u ...) NOT-FOR-US: UpdraftPlus plugin for WordPress CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of se ...) - upx-ucl 3.94-4 (bug #882041; unimportant) NOTE: https://github.com/upx/upx/issues/146 NOTE: crash in CLI tool, no security impact CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/52 NOTE: Crash in CLI tool, no security impact CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentica ...) NOT-FOR-US: Amazon Key CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis) - ruby-redis-store 1.1.6-2 (bug #882034) [stretch] - ruby-redis-store 1.1.6-1+deb9u1 NOTE: https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerab ...) - codeigniter (bug #471583) CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the initializa ...) - python-pysaml2 4.5.0-4 (bug #882012) [stretch] - python-pysaml2 (Minor issue) [jessie] - python-pysaml2 (Minor issue) NOTE: https://github.com/rohe/pysaml2/issues/417 NOTE: https://github.com/c00kiemon5ter/pysaml2/commit/7323f5c20efb59424d853c822e7a26d1aa3e84aa CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...) NOT-FOR-US: OpenEMR CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected & stored Cro ...) NOT-FOR-US: OpenEMR CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scrip ...) NOT-FOR-US: InvoicePlane CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload r ...) NOT-FOR-US: InvoicePlane CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...) - i-librarian (bug #649291) CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...) - i-librarian (bug #649291) CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...) - i-librarian (bug #649291) CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeratio ...) - i-librarian (bug #649291) CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...) {DLA-2910-1} - ldns 1.7.0-4 (bug #882014) [jessie] - ldns (Minor issue) [wheezy] - ldns (Vulnerable code not present) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 NOTE: https://github.com/NLnetLabs/ldns/commit/3bdeed02505c9bbacb3b64a97ddcb1de967153b7 CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) {DLA-2910-1 DLA-1182-1} - ldns 1.7.0-4 (bug #882015) [jessie] - ldns (Minor issue) NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2 CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) {DSA-4058-1 DLA-1184-1} - optipng 0.7.6-1.1 (bug #882032) NOTE: https://sourceforge.net/p/optipng/bugs/65/ NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...) - node-ejs 2.5.7-1 [stretch] - node-ejs (Node not covered by security support) NOTE: https://security.snyk.io/vuln/npm:ejs:20161128 NOTE: https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6 (v2.5.3) CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API) NOT-FOR-US: WordPress plugin CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using relevans ...) NOT-FOR-US: Relevanssi CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated attacke ...) NOT-FOR-US: WordPress plugin CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is prese ...) NOT-FOR-US: MODX Revolution CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the modu ...) NOT-FOR-US: soyuka/pidusage CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...) NOT-FOR-US: npm/KyleRoss windows-cpu CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the "writel ...) NOT-FOR-US: LightFTP CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST par ...) NOT-FOR-US: WBCE CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflo ...) NOT-FOR-US: picoTCP CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...) NOT-FOR-US: Java WebSocket client nv-websocket-client CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing f ...) NOT-FOR-US: Swagger-Parser CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...) NOT-FOR-US: October CMS CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...) NOT-FOR-US: October CMS CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset m ...) NOT-FOR-US: October CMS CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration modificati ...) NOT-FOR-US: October CMS CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...) NOT-FOR-US: October CMS CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-servi ...) - node-ejs 2.5.7-1 [stretch] - node-ejs (Node not covered by security support) NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4) CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ...) - node-ejs 2.5.7-1 [stretch] - node-ejs (Node not covered by security support) NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4) CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/36 NOTE: Crash in CLI tool, no security implications CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf.) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/34 NOTE: Crash in CLI tool, no security implications CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf.) - swftools [stretch] - swftools (Minor issue) [jessie] - swftools (Minor issue) [wheezy] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/33 CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf.) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/30 NOTE: Crash in CLI tool, no security implications CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc.) - swftools [stretch] - swftools (Minor issue) [jessie] - swftools (Minor issue) [wheezy] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/23 CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump swf_GetB ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/21 NOTE: Crash in CLI tool, no security implications CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook res ...) NOT-FOR-US: Tine groupware CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) NOT-FOR-US: EllisLab ExpressionEngine CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) {DSA-4307-1 DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1} - python3.5 3.5.5-1 - python3.4 - python2.7 2.7.13-4 [stretch] - python2.7 2.7.13-2+deb9u2 - python2.6 NOTE: https://bugs.python.org/issue30657 NOTE: 2.7 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae (v2.7.14rc1) NOTE: 3.4 https://github.com/python/cpython/commit/6c004b40f9d51872d848981ef1a18bb08c2dfc42 (v3.4.8rc1) NOTE: 3.5 https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9 (v3.5.5rc1) NOTE: The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog compone ...) - serendipity CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...) NOT-FOR-US: Codiad CVE-2018-0085 RESERVED CVE-2018-0084 RESERVED CVE-2018-0083 RESERVED CVE-2018-0082 RESERVED CVE-2018-0081 RESERVED CVE-2018-0080 RESERVED CVE-2018-0079 RESERVED CVE-2018-0078 RESERVED CVE-2018-0077 RESERVED CVE-2018-0076 RESERVED CVE-2018-0075 RESERVED CVE-2018-0074 RESERVED CVE-2018-0073 RESERVED CVE-2018-0072 RESERVED CVE-2018-0071 RESERVED CVE-2018-0070 RESERVED CVE-2018-0069 RESERVED CVE-2018-0068 RESERVED CVE-2018-0067 RESERVED CVE-2018-0066 RESERVED CVE-2018-0065 RESERVED CVE-2018-0064 RESERVED CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 m ...) NOT-FOR-US: Juniper CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote ...) NOT-FOR-US: Juniper CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS a ...) NOT-FOR-US: Juniper CVE-2018-0060 (An improper input validation weakness in the device control daemon pro ...) NOT-FOR-US: Juniper CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user ...) NOT-FOR-US: Juniper CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to tr ...) NOT-FOR-US: Juniper CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge (B ...) NOT-FOR-US: Juniper CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on a ...) NOT-FOR-US: Juniper CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS d ...) NOT-FOR-US: Juniper CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause f ...) NOT-FOR-US: Juniper CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...) NOT-FOR-US: Juniper CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...) NOT-FOR-US: Juniper CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...) NOT-FOR-US: Juniper CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of J ...) NOT-FOR-US: Juniper CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Ext ...) NOT-FOR-US: Juniper CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework us ...) NOT-FOR-US: Juniper CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included wit ...) NOT-FOR-US: Juniper CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ro ...) NOT-FOR-US: Juniper CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and hos ...) NOT-FOR-US: Juniper CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol daemo ...) NOT-FOR-US: Juniper CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...) NOT-FOR-US: Juniper Networks CSO CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...) NOT-FOR-US: Juniper CVE-2018-0040 (Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 ...) NOT-FOR-US: Juniper CVE-2018-0039 (Juniper Networks Contrail Service Orchestration releases prior to 4.0. ...) NOT-FOR-US: Juniper CVE-2018-0038 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...) NOT-FOR-US: Juniper CVE-2018-0037 (Junos OS routing protocol daemon (RPD) process may crash and restart o ...) NOT-FOR-US: Junos OS CVE-2018-0036 RESERVED CVE-2018-0035 (QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1 ...) NOT-FOR-US: Junos OS CVE-2018-0034 (A Denial of Service vulnerability exists in the Juniper Networks Junos ...) NOT-FOR-US: Juniper CVE-2018-0033 RESERVED CVE-2018-0032 (The receipt of a crafted BGP UPDATE can lead to a routing process daem ...) NOT-FOR-US: Juniper CVE-2018-0031 (Receipt of specially crafted UDP/IP packets over MPLS may be able to b ...) NOT-FOR-US: Juniper CVE-2018-0030 (Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1 ...) NOT-FOR-US: Juniper CVE-2018-0029 (While experiencing a broadcast storm, placing the fxp0 interface into ...) NOT-FOR-US: Juniper CVE-2018-0028 RESERVED CVE-2018-0027 (Receipt of a crafted or malformed RSVP PATH message may cause the rout ...) NOT-FOR-US: Juniper CVE-2018-0026 (After Junos OS device reboot or upgrade, the stateless firewall filter ...) NOT-FOR-US: Juniper CVE-2018-0025 (When an SRX Series device is configured to use HTTP/HTTPS pass-through ...) NOT-FOR-US: Juniper CVE-2018-0024 (An Improper Privilege Management vulnerability in a shell session of J ...) NOT-FOR-US: Juniper CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot Administrato ...) NOT-FOR-US: JSNAPy CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more i ...) NOT-FOR-US: Juniper CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...) NOT-FOR-US: Juniper CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE whic ...) NOT-FOR-US: Juniper CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may al ...) NOT-FOR-US: Juniper CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker ...) NOT-FOR-US: Juniper CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol Translat ...) NOT-FOR-US: Juniper CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP) ...) NOT-FOR-US: Juniper CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...) NOT-FOR-US: AppFormix CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with zer ...) NOT-FOR-US: Juniper CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space N ...) NOT-FOR-US: Juniper CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that m ...) NOT-FOR-US: Juniper CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ma ...) NOT-FOR-US: Juniper CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director ...) NOT-FOR-US: Juniper CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to m ...) NOT-FOR-US: Juniper CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit scri ...) NOT-FOR-US: Juniper CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously c ...) NOT-FOR-US: Juniper CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...) NOT-FOR-US: Juniper CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC mov ...) NOT-FOR-US: Juniper CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can ...) NOT-FOR-US: Juniper CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, o ...) NOT-FOR-US: Juniper CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG en ...) NOT-FOR-US: Juniper CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by expl ...) NOT-FOR-US: Juniper CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...) NOT-FOR-US: dayrui FineCms CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allows remo ...) NOT-FOR-US: Atlassian Jira CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 allow ...) NOT-FOR-US: Atlassian Jira CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows remo ...) NOT-FOR-US: PieChart gadget in Atlassian Jira CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version 7.6. ...) NOT-FOR-US: Atlassian Jira CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect action ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before ...) NOT-FOR-US: Atlassian CVE-2017-16859 (The review attachment resource in Atlassian Fisheye and Crucible befor ...) NOT-FOR-US: Atlassian CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...) NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via minim ...) NOT-FOR-US: Atlassian CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...) NOT-FOR-US: Atlassian Confluence CVE-2017-16855 REJECTED CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016 NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0 CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values dur ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.12~rc3+dfsg-1 (bug #882136) [wheezy] - qemu (Can be fixed along in a future update) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in a future update) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=802cbcb73002b92e6ddc8464d39b668a71b78d74 CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in for ...) {DSA-4041-1 DLA-1173-1} - procmail 3.22-26 (bug #876511) CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKey ...) NOT-FOR-US: Vonage VDV-23 CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in admin/google_search_consol ...) NOT-FOR-US: Yoast SEO plugin for WordPress CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /Calend ...) NOT-FOR-US: LanSweeper CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...) {DSA-4049-1} - ffmpeg 7:3.4.1-1 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...) NOT-FOR-US: vagrant-vmware-fusion CVE-2017-16838 RESERVED CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...) - tboot (Fixed with first upload to Debian) NOTE: https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/ CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...) NOT-FOR-US: Arris TG1682G devices CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...) NOT-FOR-US: Photo Video Locker-Calculator application for Android CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an u ...) - pnp4nagios (/etc/pnp4nagios and its content is installed as root by the Debian package) NOTE: https://github.com/lingej/pnp4nagios/issues/140 CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16 ...) NOT-FOR-US: Gemirro CVE-2017-16853 (The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicM ...) {DSA-4039-1 DLA-1178-1} - opensaml2 2.6.1-1 (bug #881856) NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataPro ...) {DSA-4038-1 DLA-1179-1} - shibboleth-sp2 2.6.1+dfsg1-1 (bug #881857) NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File Descr ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils 2.29 ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 al ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File D ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419 CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File De ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22376 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d CVE-2017-16825 RESERVED CVE-2017-16824 RESERVED CVE-2017-16823 RESERVED CVE-2017-16822 RESERVED CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.jav ...) NOT-FOR-US: b3log Symphony CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems R ...) NOT-FOR-US: Icon Time Systems RTC-1000 CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...) - ceph (Vulnerable code introduced after 12.1.0) NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a CVE-2017-16817 RESERVED CVE-2017-16816 (The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before ...) - condor 8.6.8~dfsg.1-1 [stretch] - condor (VOMS support disabled) [jessie] - condor (Minor issue) [wheezy] - condor (Minor issue) NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...) NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...) - collectd 5.8.0-1 (bug #881757) [stretch] - collectd (Minor issue) [jessie] - collectd (Minor issue) [wheezy] - collectd (Vulnerable code not present) NOTE: https://github.com/collectd/collectd/issues/2291 CVE-2017-16814 (A Directory Traversal issue was discovered in the Foxit MobilePDF app ...) NOT-FOR-US: Foxit CVE-2017-16813 (A denial-of-service issue was discovered in the Foxit MobilePDF app be ...) NOT-FOR-US: Foxit CVE-2017-16812 RESERVED CVE-2017-16811 RESERVED CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables tab in O ...) NOT-FOR-US: Octopus Deploy CVE-2017-16809 RESERVED CVE-2017-16808 (tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_ ...) - tcpdump 4.9.3~git20190901-1 (unimportant; bug #881862) NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645 NOTE: Crash in CLI tool, no security impact CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3 ...) NOT-FOR-US: Kirby Panel CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ul ...) NOT-FOR-US: Ulterius CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...) - radare2 2.1.0+dfsg-1 (bug #882134) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Vulnerable code does not exist; no dwarf support) NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d NOTE: https://github.com/radare/radare2/issues/8813 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) {DSA-4119-1} - libav (low) - ffmpeg 7:2.2.1-1 NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098 NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f NOTE: ffmpeg: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f NOTE: ffmpeg originally fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/b829da363985cb2f80130bba304cc29a632f6446 CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in app/webroot/js/mi ...) NOT-FOR-US: MISP CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/issues/25713 (private) NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0 NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17. ...) NOT-FOR-US: Octopus Deploy CVE-2017-16800 RESERVED CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, sto ...) NOT-FOR-US: CMS Made Simple CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules ...) NOT-FOR-US: CMS Made Simple CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properl ...) - swftools [stretch] - swftools (Minor issue) [jessie] - swftools (Minor issue) [wheezy] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/51 CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/51 NOTE: Crash in CLI tool, no security implications CVE-2017-16795 RESERVED CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) - swftools (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/50 NOTE: Crash in CLI tool, no security implications CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) - swftools [stretch] - swftools (Minor issue) [jessie] - swftools (Minor issue) [wheezy] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/47 CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...) NOT-FOR-US: geminabox CVE-2017-16791 RESERVED CVE-2017-16790 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) {DSA-4262-1} - symfony 3.4.0+dfsg-1 [jessie] - symfony (vulnerable code introduced in 2.4.*) NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files NOTE: https://github.com/symfony/symfony/pull/24993 CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS ...) NOT-FOR-US: TIBCO CVE-2017-16788 (Directory traversal vulnerability in the "Upload Groupkey" functionali ...) NOT-FOR-US: Meinberg LANTIME CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...) NOT-FOR-US: Meinberg LANTIME CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...) NOT-FOR-US: Meinberg LANTIME CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detail ...) NOT-FOR-US: CMS Made Simple CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...) NOT-FOR-US: CMS Made Simple CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript cod ...) NOT-FOR-US: Home Assistant CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS.) NOT-FOR-US: MyBB CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...) NOT-FOR-US: MyBB CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.) - cacti 1.1.27+ds1-3 [stretch] - cacti (Vulnerable code does not exist) [jessie] - cacti (Vulnerable code does not exist) [wheezy] - cacti (Vulnerable code does not exist) NOTE: https://github.com/Cacti/cacti/issues/1071 NOTE: this is more or less a dublicate of CVE-2017-16641 NOTE: one of the applied patches reopened the vulnerability CVE-2017-16779 RESERVED CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax Outdoor ...) NOT-FOR-US: Fermax Outdoor Panel CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...) NOT-FOR-US: Conserus Workflow Intelligence CVE-2017-16775 (Improper restriction of rendered UI layers or frames vulnerability in ...) NOT-FOR-US: Synology CVE-2017-16774 (Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotifica ...) NOT-FOR-US: Synology CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology ...) NOT-FOR-US: Synology CVE-2017-16772 (Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUploa ...) NOT-FOR-US: Synology Photo Station CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Pho ...) NOT-FOR-US: Synology Photo Station CVE-2017-16770 (File and directory information exposure vulnerability in SYNO.Surveill ...) NOT-FOR-US: Synology Surveillance Station CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in Synol ...) NOT-FOR-US: Synology Photo Station CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in Syno ...) NOT-FOR-US: Synology MailPlus Server CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology S ...) NOT-FOR-US: Synology Surveillance Station CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.) NOT-FOR-US: D-Link CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) NOT-FOR-US: django_make_app CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...) NOT-FOR-US: Confire CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory trave ...) NOT-FOR-US: Sanic CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allow ...) NOT-FOR-US: Inedo BuildMaster CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS.) NOT-FOR-US: Inedo BuildMaster CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote a ...) NOT-FOR-US: LibreNMS CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in admin/partials/uif-access- ...) NOT-FOR-US: WordPress plugin CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...) NOT-FOR-US: Hola VPN CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-si ...) NOT-FOR-US: Userscape HelpSpot CVE-2017-16755 (An issue was discovered in Userscape HelpSpot before 4.7.2. A reflecte ...) NOT-FOR-US: Userscape HelpSpot CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler route ...) NOT-FOR-US: Bolt CMS CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech WebAcce ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16752 RESERVED CVE-2017-16751 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor CVE-2017-16750 RESERVED CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics Delta Indus ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor CVE-2017-16748 (An attacker can log into the local Niagara platform (Niagara AX Framew ...) NOT-FOR-US: Niagara AX CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta Electronics Delta ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor CVE-2017-16746 RESERVED CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics Delta Indus ...) NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor CVE-2017-16744 (A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and ...) NOT-FOR-US: Niagara AX CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL S ...) NOT-FOR-US: PHOENIX CONTACT FL SWITCH CVE-2017-16742 RESERVED CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL SWI ...) NOT-FOR-US: PHOENIX CONTACT FL SWITCH CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation Allen-Br ...) NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...) NOT-FOR-US: WECON Technology LEVI Studio HMI Editor CVE-2017-16738 RESERVED CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...) NOT-FOR-US: WECON Technology LEVI Studio HMI Editor CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovere ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-16734 RESERVED CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB El ...) NOT-FOR-US: Ellipse CVE-2017-16730 RESERVED CVE-2017-16729 RESERVED CVE-2017-16728 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ver ...) NOT-FOR-US: Moxa CVE-2017-16726 (Beckhoff TwinCAT supports communication over ADS. ADS is a protocol fo ...) NOT-FOR-US: Beckhoff TwinCAT CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai Technol ...) NOT-FOR-US: Xiongmai Technology IP Cameras and DVRs CVE-2017-16724 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMS ...) NOT-FOR-US: PHOENIX CVE-2017-16722 RESERVED CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA V ...) NOT-FOR-US: Geovap Reliance SCADA CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions 8.3.2 and ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPor ...) NOT-FOR-US: Moxa CVE-2017-16718 (Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol ...) NOT-FOR-US: Beckhoff TwinCAT CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio ...) NOT-FOR-US: WECON LeviStudio HMI CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior to 8. ...) NOT-FOR-US: Advantech WebAccess CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Versio ...) NOT-FOR-US: Moxa CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) NOT-FOR-US: Ice Qube Thermal Management Center CVE-2017-16713 RESERVED CVE-2017-16712 RESERVED CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) - swftools (unimportant; bug #881390) NOTE: https://github.com/matthiaskramm/swftools/issues/46 NOTE: Crash in CLI tool, no security implications CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 d ...) NOT-FOR-US: Creston CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...) NOT-FOR-US: Creston CVE-2017-16708 RESERVED CVE-2017-16707 RESERVED CVE-2017-16706 RESERVED CVE-2017-16705 RESERVED CVE-2017-16704 RESERVED CVE-2017-16703 RESERVED CVE-2017-16702 RESERVED CVE-2017-16701 RESERVED CVE-2017-16700 RESERVED CVE-2017-16699 RESERVED CVE-2017-16698 RESERVED CVE-2017-16697 RESERVED CVE-2017-16696 RESERVED CVE-2017-16695 RESERVED CVE-2017-16694 RESERVED CVE-2017-16693 RESERVED CVE-2017-16692 RESERVED CVE-2017-16691 (SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.1 ...) NOT-FOR-US: SAP Note Assistant CVE-2017-16690 (A malicious DLL preload attack possible on NwSapSetup and Installation ...) NOT-FOR-US: SAP Plant Connectivity CVE-2017-16689 (A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SA ...) NOT-FOR-US: SAP KERNEL CVE-2017-16688 RESERVED CVE-2017-16687 (The user self-service tools of SAP HANA extended application services, ...) NOT-FOR-US: SAP HANA CVE-2017-16686 RESERVED CVE-2017-16685 (Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data In ...) NOT-FOR-US: SAP Business Warehouse Universal Data Integration CVE-2017-16684 (SAP Business Intelligence Promotion Management Application, Enterprise ...) NOT-FOR-US: SAP Business Intelligence Promotion Management Application CVE-2017-16683 (Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4 ...) NOT-FOR-US: SAP Business Objects Platform CVE-2017-16682 (SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 t ...) NOT-FOR-US: SAP NetWeaver Internet Transaction Server CVE-2017-16681 (Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence ...) NOT-FOR-US: SAP Business Intelligence Promotion Management Application CVE-2017-16680 (Two potential audit log injections in SAP HANA extended application se ...) NOT-FOR-US: SAP HANA extended application services CVE-2017-16679 (URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 ...) NOT-FOR-US: SAP's Startup Service CVE-2017-16678 (Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Know ...) NOT-FOR-US: SAP NetWeaver Knowledge Management Configuration Service CVE-2017-16677 RESERVED CVE-2017-16676 RESERVED CVE-2017-16675 RESERVED CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command execution vi ...) NOT-FOR-US: Datto Windows Agent CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming ...) NOT-FOR-US: Datto Backup Agent CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...) - asterisk 1:13.18.1~dfsg-1 (bug #881256) [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3 [jessie] - asterisk (Vulnerable code not present) [wheezy] - asterisk (Vulnerable code not present) NOTE: http://downloads.digium.com/pub/security/AST-2017-011.html NOTE: http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27345 CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 befo ...) - asterisk 1:13.18.1~dfsg-1 (bug #881257) [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3 [jessie] - asterisk (Vulnerable code do not exist) [wheezy] - asterisk (Vulnerable code do not exist) NOTE: http://downloads.digium.com/pub/security/AST-2017-010.html NOTE: http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27337 CVE-2017-16670 (The project import functionality in SoapUI 5.3.0 allows remote attacke ...) NOT-FOR-US: SoapUI CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...) {DSA-4321-1 DLA-1401-1 DLA-1168-1} - graphicsmagick 1.3.26-19 (bug #881391) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6 CVE-2017-16668 RESERVED CVE-2017-16666 (Xplico before 1.2.1 allows remote authenticated users to execute arbit ...) NOT-FOR-US: Xplico CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflec ...) NOT-FOR-US: RemObjects Remoting SDK CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket Requ ...) {DSA-4047-1 DLA-1212-1} - otrs2 5.0.24-1 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper escaping/quot ...) - backintime 1.1.24-0.1 (bug #881205) [stretch] - backintime (Minor issue) [jessie] - backintime (Minor issue) [wheezy] - backintime (Vulnerable code does not exist) NOTE: https://github.com/bit-team/backintime/issues/834 NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-base ...) {DLA-1185-1} - sam2p [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/16 CVE-2017-16662 RESERVED CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows loc ...) NOT-FOR-US: assp as packaged by Gentoo CVE-2017-16658 RESERVED CVE-2017-16657 RESERVED CVE-2017-16656 RESERVED CVE-2017-16655 RESERVED CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) {DSA-4262-1 DLA-1707-1} - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths NOTE: https://github.com/symfony/symfony/pull/24994 CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) {DSA-4262-1} - symfony 3.4.0+dfsg-1 [jessie] - symfony (vulnerable code not present in branch 2.3) NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https NOTE: https://github.com/symfony/symfony/pull/24992 CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2 ...) {DSA-4262-1 DLA-1707-1} - symfony 3.4.0+dfsg-1 NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers NOTE: https://github.com/symfony/symfony/pull/24995 NOTE: See CVE-2018-11408 to address original incomplete fix for CVE-2017-16652 CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...) {DSA-4030-1 DLA-1193-1} - roundcube 1.3.3+dfsg.1-1 NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806 NOTE: release-1.2: https://github.com/roundcube/roundcubemail/commit/9be2224c779d7abc7b29eea2b83a8a3671c543e0 NOTE: release-1.1: https://github.com/roundcube/roundcubemail/commit/e757cc410145d043c30889d28fa0b5f67a5cf2fd NOTE: release-1.0: https://github.com/roundcube/roundcubemail/commit/8d87bb34f3c6103ab81e5342d8b3d297832d178a NOTE: https://github.com/roundcube/roundcubemail/issues/6026 CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (Vulnerable code not present) CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend. ...) - linux (Vulnerable code not present) CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 all ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel throug ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu. ...) - linux 4.14.2-1 (unimportant) [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.56-1 [wheezy] - linux (Vulnerable code not present) NOTE: CONFIG_INPUT_IMS_PCU is not set in Debian config CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in th ...) {DSA-4073-1} - linux 4.14.7-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco. ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ...) {DSA-4081-1 DSA-4080-1} - php7.1 7.1.11-1 - php7.0 7.0.25-1 - php5 [wheezy] - php5 (Vulnerable code not present; proof of concept produces expected non-buggy output; upstream patch also appears overly intrusive) NOTE: Fixed in: 5.6.32, 7.0.25, 7.1.11 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75055 NOTE: https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 NOTE: https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read arbitr ...) - cacti 1.1.27+ds1-3 [stretch] - cacti (Vulnerable code does not exist) [jessie] - cacti (Vulnerable code does not exist) [wheezy] - cacti (Vulnerable code does not exist) NOTE: https://github.com/Cacti/cacti/issues/1066 NOTE: affected code was introduced in the 1.x release CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct Rem ...) - cacti 1.1.27+ds1-3 [stretch] - cacti (Vulnerable code does not exist) [jessie] - cacti (Vulnerable code does not exist) [wheezy] - cacti (Vulnerable code does not exist) NOTE: https://github.com/Cacti/cacti/issues/1066 NOTE: affected code was introduced in the 1.x release CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...) - cacti 1.1.27+ds1-3 (bug #881110) [stretch] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) [jessie] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) [wheezy] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) NOTE: https://github.com/Cacti/cacti/issues/1057 NOTE: https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e CVE-2017-16640 RESERVED CVE-2017-16639 (Tor Browser on Windows before 8.0 allows remote attackers to bypass th ...) NOT-FOR-US: Tor Browser on Windows CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not prope ...) - libnet-ping-external-perl (bug #881097) [wheezy] - libnet-ping-external-perl (Package may be removed from Wheezy, see #881102) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230 NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may allow memb ...) NOT-FOR-US: Gentoo net-misc/vde packaging issue CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when res ...) NOT-FOR-US: Vectura Perfect Privacy VPN Manager CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the ne ...) NOT-FOR-US: Bludit CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname ...) NOT-FOR-US: TinyWebGallery CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a user' ...) NOT-FOR-US: Joomla! CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...) NOT-FOR-US: Joomla! CVE-2017-16632 (In SapphireIMS 4097_1, the password in the database is stored in Base6 ...) NOT-FOR-US: SapphireIMS CVE-2017-16631 (In SapphireIMS 4097_1, a guest user is able to change the password of ...) NOT-FOR-US: SapphireIMS CVE-2017-16630 (In SapphireIMS 4097_1, a guest user can create a local administrator a ...) NOT-FOR-US: SapphireIMS CVE-2017-16629 (In SapphireIMS 4097_1, it is possible to guess the registered/active u ...) NOT-FOR-US: SapphireIMS CVE-2017-16628 RESERVED CVE-2017-16627 RESERVED CVE-2017-16626 RESERVED CVE-2017-16625 RESERVED CVE-2017-16624 RESERVED CVE-2017-16623 RESERVED CVE-2017-16622 RESERVED CVE-2017-16621 RESERVED CVE-2017-16620 RESERVED CVE-2017-16619 RESERVED CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...) NOT-FOR-US: OwlMixin CVE-2017-16617 RESERVED CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...) NOT-FOR-US: pyanyapi CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...) NOT-FOR-US: MLAlchemy CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows re ...) NOT-FOR-US: tpshop CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through 1 ...) {DSA-4044-1} - swauth 1.2.0-4 (bug #882314) NOTE: https://bugs.launchpad.net/swift/+bug/1655781 CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...) {DSA-4059-1 DLA-1201-1} - libxcursor 1:1.1.14-3.1 (bug #883792) - wayland 1.14.0-2 (bug #889681) [stretch] - wayland 1.12.0-1+deb9u1 [jessie] - wayland (Minor issue) [wheezy] - wayland (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/6 NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961 NOTE: Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38 NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload NOTE: did not merge in the 1.14.0-2 upload. CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...) {DLA-2901-1} - libxfont 1:2.0.3-1 (low; bug #883929) [jessie] - libxfont (Minor issue) [wheezy] - libxfont (Minor issue) - libxfont1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/7 NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 CVE-2017-16610 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgain CVE-2017-16609 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16608 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgain CVE-2017-16607 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16606 (This vulnerability allows remote attackers to execute code by creating ...) NOT-FOR-US: Netgain CVE-2017-16605 (This vulnerability allows remote attackers to overwrite arbitrary file ...) NOT-FOR-US: Netgain CVE-2017-16604 (This vulnerability allows remote attackers to overwrite arbitrary file ...) NOT-FOR-US: Netgain CVE-2017-16603 (This vulnerability allows remote attackers to execute code by creating ...) NOT-FOR-US: Netgain CVE-2017-16602 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgain CVE-2017-16601 (This vulnerability allows remote attackers to overwrite arbitrary file ...) NOT-FOR-US: Netgain CVE-2017-16600 (This vulnerability allows remote attackers to overwrite files on vulne ...) NOT-FOR-US: Netgain CVE-2017-16599 (This vulnerability allows remote attackers to delete arbitrary files o ...) NOT-FOR-US: Netgain CVE-2017-16598 (This vulnerability allows remote attackers to execute code by overwrit ...) NOT-FOR-US: Netgain CVE-2017-16597 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgain CVE-2017-16596 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16595 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16594 (This vulnerability allows remote attackers to create arbitrary files o ...) NOT-FOR-US: Netgain CVE-2017-16593 (This vulnerability allows remote attackers to delete arbitrary files o ...) NOT-FOR-US: Netgain CVE-2017-16592 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16591 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Netgain CVE-2017-16590 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: Netgain CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16587 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16586 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16585 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16584 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16583 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16582 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16581 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16580 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16579 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16578 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16577 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16576 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16575 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16574 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16573 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-16572 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16571 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...) NOT-FOR-US: KeystoneJS CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an h ...) NOT-FOR-US: Zurmo CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...) NOT-FOR-US: Logitech Media Server CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...) NOT-FOR-US: Logitech Media Server CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...) NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandst ...) NOT-FOR-US: Vonage CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...) NOT-FOR-US: Vonage CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vona ...) NOT-FOR-US: Vonage CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on a site ...) NOT-FOR-US: WordPress plugin userpro CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 i ...) NOT-FOR-US: Ingenious School Management System CVE-2017-16560 (SanDisk Secure Access 3.01 vault decrypts and copies encrypted files t ...) NOT-FOR-US: SanDisk Secure Access CVE-2017-16559 RESERVED CVE-2017-16558 (Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vu ...) NOT-FOR-US: Contao CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) NOT-FOR-US: K7 Antivirus CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...) NOT-FOR-US: K7 Antivirus CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) NOT-FOR-US: K7 Antivirus CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) NOT-FOR-US: K7 Antivirus CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) NOT-FOR-US: K7 Antivirus CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) NOT-FOR-US: K7 Antivirus CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) NOT-FOR-US: K7 Antivirus CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) NOT-FOR-US: K7 Antivirus CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) NOT-FOR-US: K7 Antivirus CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-develo ...) {DSA-4068-1 DLA-1218-1} - rsync 3.1.2-2.1 (bug #880954) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112 NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 doe ...) {DSA-4321-1 DLA-1456-1 DLA-1170-1} - graphicsmagick 1.3.26-18 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/ CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...) {DSA-4074-1 DSA-4040-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #881392) [wheezy] - imagemagick (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues) NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816 NOTE: https://github.com/ImageMagick/ImageMagick/issues/851 CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 doe ...) {DSA-4321-1} - graphicsmagick 1.3.26-18 [jessie] - graphicsmagick 1.3.20-3+deb8u3 [wheezy] - graphicsmagick (Not possible to trigger with presented test case) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/ NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...) {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #882258) [wheezy] - busybox (Minor issue) NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 allows SQ ...) NOT-FOR-US: Zoho CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows Po ...) NOT-FOR-US: Zoho CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) {DSA-4327-1 DLA-1575-1} - firefox 62.0-1 (unimportant) - firefox-esr 60.2.0esr-1 (unimportant) [stretch] - firefox-esr 60.2.0esr-1~deb9u2 - thunderbird 1:60.2.1-1 NOTE: https://trac.torproject.org/projects/tor/ticket/24052 NOTE: https://blog.torproject.org/tor-browser-709-released NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2017-16541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2017-16541 CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database co ...) NOT-FOR-US: OpenEMR CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby throug ...) - docker.io 1.13.1~ds3-1 (bug #900140) NOTE: https://github.com/moby/moby/pull/35399 NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1 CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.1 ...) {DSA-4082-1 DSA-4073-1} - linux 4.14.7-1 [wheezy] - linux (Vulnerable code not present) CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 CVE-2017-16536 (The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-ca ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in th ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/1c0edc3633b56000e18d82fc241e3995ca18a69e CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...) - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/2e1c42391ff2556387b3cb6308b24f6f65619feb CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linu ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows loc ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...) - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4 CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux k ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...) - linux 4.13.4-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57 CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/124751d5e63c823092060074bd0abaae61aaa9c4 CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local user ...) {DSA-4187-1 DLA-1369-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043 CVE-2017-16525 (The usb_serial_console_disconnect function in drivers/usb/serial/conso ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unre ...) NOT-FOR-US: Samsung SRN-1670D devices CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...) NOT-FOR-US: MitraStar CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...) NOT-FOR-US: MitraStar CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where XslComp ...) NOT-FOR-US: Inedo BuildMaster CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of ...) NOT-FOR-US: Inedo BuildMaster CVE-2017-16519 RESERVED CVE-2017-16518 RESERVED CVE-2017-16517 RESERVED CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...) {DLA-3516-1 DLA-3492-1 DLA-1167-1} - ruby-yajl 1.2.0-3.1 (low; bug #880691) [stretch] - ruby-yajl (Minor issue) [jessie] - ruby-yajl (Minor issue) - yajl 2.1.0-4 (bug #1040036) [bookworm] - yajl 2.1.0-3+deb12u2 [bullseye] - yajl 2.1.0-3+deb11u2 - burp (bug #1040146) [bookworm] - burp (Minor issue) [bullseye] - burp (Minor issue) - epics-base (bug #1040159) [bookworm] - epics-base (Minor issue) - r-cran-jsonlite 1.8.8+dfsg-1 (bug #1040161) [bookworm] - r-cran-jsonlite (Minor issue) [bullseye] - r-cran-jsonlite (Minor issue) [buster] - r-cran-jsonlite (Minor issue) - xqilla (Vulnerable code not present; embeds not-affected ancient yajl version) NOTE: xqilla's embedded yajl is ancient (around 0.2.2), not having the vulnerable code NOTE: https://github.com/brianmario/yajl-ruby/issues/176 NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce CVE-2017-16515 RESERVED CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...) NOT-FOR-US: WebsiteBaker CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in t ...) NOT-FOR-US: Ipswitch WS_FTP Professional CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 th ...) NOT-FOR-US: vagrant-vmware-fusion CVE-2017-16511 RESERVED CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to th ...) - mahara CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before ...) - mahara CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) - mahara CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) - mahara CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) - mahara CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before ...) - mahara CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 a ...) - mahara CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) - mahara CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to ...) - mahara CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15 ...) - mahara CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) - mahara CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04. ...) - mahara CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...) - mahara CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...) - mahara CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04. ...) - mahara CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000141 (An issue was discovered in Mahara before 18.10.0. It mishandled user r ...) - mahara NOTE: https://bugs.launchpad.net/mahara/+bug/1422492 CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...) - mahara CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...) - mahara CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...) - mahara CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...) - mahara CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) - mahara CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) - mahara CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) - mahara CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...) {DSA-4090-1 DLA-1160-1} - wordpress 4.8.3+dfsg-1 (bug #880528) NOTE: https://wpvulndb.com/vulnerabilities/8941 NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d NOTE: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html CVE-2017-16509 REJECTED CVE-2017-16508 REJECTED CVE-2017-16507 REJECTED CVE-2017-16506 REJECTED CVE-2017-16505 REJECTED CVE-2017-16504 REJECTED CVE-2017-16503 REJECTED CVE-2017-16502 REJECTED CVE-2017-16501 REJECTED CVE-2017-16500 REJECTED CVE-2017-16499 REJECTED CVE-2017-16498 REJECTED CVE-2017-16497 REJECTED CVE-2017-16496 REJECTED CVE-2017-16495 REJECTED CVE-2017-16494 REJECTED CVE-2017-16493 REJECTED CVE-2017-16492 REJECTED CVE-2017-16491 REJECTED CVE-2017-16490 REJECTED CVE-2017-16489 REJECTED CVE-2017-16488 REJECTED CVE-2017-16487 REJECTED CVE-2017-16486 REJECTED CVE-2017-16485 REJECTED CVE-2017-16484 REJECTED CVE-2017-16483 REJECTED CVE-2017-16482 REJECTED CVE-2017-16481 REJECTED CVE-2017-16480 REJECTED CVE-2017-16479 REJECTED CVE-2017-16478 REJECTED CVE-2017-16477 REJECTED CVE-2017-16476 REJECTED CVE-2017-16475 REJECTED CVE-2017-16474 REJECTED CVE-2017-16473 REJECTED CVE-2017-16472 REJECTED CVE-2017-16471 REJECTED CVE-2017-16470 REJECTED CVE-2017-16469 REJECTED CVE-2017-16468 REJECTED CVE-2017-16467 REJECTED CVE-2017-16466 REJECTED CVE-2017-16465 REJECTED CVE-2017-16464 REJECTED CVE-2017-16463 REJECTED CVE-2017-16462 REJECTED CVE-2017-16461 REJECTED CVE-2017-16460 REJECTED CVE-2017-16459 REJECTED CVE-2017-16458 REJECTED CVE-2017-16457 REJECTED CVE-2017-16456 REJECTED CVE-2017-16455 REJECTED CVE-2017-16454 REJECTED CVE-2017-16453 REJECTED CVE-2017-16452 REJECTED CVE-2017-16451 REJECTED CVE-2017-16450 REJECTED CVE-2017-16449 REJECTED CVE-2017-16448 REJECTED CVE-2017-16447 REJECTED CVE-2017-16446 REJECTED CVE-2017-16445 REJECTED CVE-2017-16444 REJECTED CVE-2017-16443 REJECTED CVE-2017-16442 REJECTED CVE-2017-16441 REJECTED CVE-2017-16440 REJECTED CVE-2017-16439 REJECTED CVE-2017-16438 REJECTED CVE-2017-16437 REJECTED CVE-2017-16436 REJECTED CVE-2017-16435 REJECTED CVE-2017-16434 REJECTED CVE-2017-16433 REJECTED CVE-2017-16432 REJECTED CVE-2017-16431 REJECTED CVE-2017-16430 REJECTED CVE-2017-16429 REJECTED CVE-2017-16428 REJECTED CVE-2017-16427 REJECTED CVE-2017-16426 REJECTED CVE-2017-16425 REJECTED CVE-2017-16424 REJECTED CVE-2017-16423 REJECTED CVE-2017-16422 REJECTED CVE-2017-16421 REJECTED CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16400 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16399 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16398 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16397 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16396 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16395 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16394 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16393 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16392 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16391 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16390 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16389 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16388 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16387 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16386 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16385 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16384 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16383 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16382 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16381 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16380 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16379 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16378 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16377 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16376 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16375 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16374 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16373 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16372 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16371 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16370 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16369 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16368 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16367 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16366 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16365 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16364 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16363 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16362 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16361 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16360 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ...) - radare2 2.1.0+dfsg-1 (bug #880616) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882 NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d NOTE: https://github.com/radare/radare2/issues/8764 CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ...) - radare2 2.1.0+dfsg-1 (bug #880619) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9 NOTE: https://github.com/radare/radare2/issues/8748 CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in store_ver ...) - radare2 2.1.0+dfsg-1 (bug #880620) [jessie] - radare2 (Vulnerable code introduced later) [wheezy] - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a NOTE: https://github.com/radare/radare2/issues/8742 CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) ...) NOT-FOR-US: Kubik-Rubik SIGE CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...) {DSA-4415-1} - passenger 5.0.30-1.1 (bug #884463) - ruby-passenger [jessie] - ruby-passenger (Minor issue) [wheezy] - ruby-passenger (Vulnerable code introduced later) NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf NOTE: https://www.openwall.com/lists/oss-security/2017/11/21/2 and following. NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to NOTE: get the status information. CVE-2017-16354 RESERVED CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...) {DSA-4321-1 DLA-1401-1 DLA-1159-1} - graphicsmagick 1.3.26-17 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vu ...) {DSA-4321-1 DLA-1456-1 DLA-1159-1} - graphicsmagick 1.3.26-17 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting vulner ...) - pluxml 5.6-1 (bug #881796) [stretch] - pluxml (Minor issue) [jessie] - pluxml (Minor issue) NOTE: https://github.com/pluxml/PluXml/issues/253 CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permission ch ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file wit ...) NOT-FOR-US: Jenkins plugin CVE-2017-16351 REJECTED CVE-2017-16350 REJECTED CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the reporti ...) NOT-FOR-US: SAP CVE-2017-16348 (An exploitable denial of service vulnerability exists in Insteon Hub r ...) NOT-FOR-US: Insteon Hub CVE-2017-16347 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16346 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16345 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16344 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16343 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16342 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16341 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16340 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16339 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16338 (An attacker could send an authenticated HTTP request to trigger this v ...) NOT-FOR-US: Insteon Hub CVE-2017-16337 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) NOT-FOR-US: Insteon Hub CVE-2017-16336 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16335 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16334 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16333 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16332 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16331 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16330 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16329 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16328 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16327 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16326 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16325 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16324 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16323 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16322 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16321 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16320 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16319 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16318 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16317 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16316 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16315 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16314 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16313 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16312 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16311 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16310 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16309 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16308 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16307 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16306 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16305 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16304 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16303 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16302 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16301 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16300 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16299 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16298 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16297 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16296 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16295 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16294 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16293 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16292 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16291 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16290 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16289 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16288 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16287 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16286 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16285 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16284 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16283 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16282 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16281 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16280 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16279 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16278 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16277 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16276 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16275 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16274 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16273 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16272 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16271 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16270 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16269 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16268 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16267 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16266 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16265 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16264 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16263 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16262 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16261 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16260 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16259 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16258 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16257 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16256 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) NOT-FOR-US: Insteon Hub CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon ...) NOT-FOR-US: Insteon Hub CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, releas ...) NOT-FOR-US: Mitel CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allo ...) NOT-FOR-US: Mitel CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...) NOT-FOR-US: Debut embedded http server CVE-2017-16247 RESERVED CVE-2017-16246 RESERVED CVE-2017-16245 RESERVED CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426 ...) NOT-FOR-US: OctoberCMS CVE-2017-16243 RESERVED CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint MECO ...) NOT-FOR-US: MECO CVE-2017-1000384 REJECTED CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores umas ...) NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original NOTE: file when creating a backup file. That's hardly incorrect behaviour NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182 CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...) - vim (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2017/10/31/15 NOTE: Cf. https://www.openwall.com/lists/oss-security/2017/11/01/4 NOTE: vim creates the .swp file according to the permissions of the file being NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp NOTE: file is readable by others. But that seem to be the intended behaviour. CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows r ...) - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) [stretch] - libcatalyst-plugin-static-simple-perl (Minor issue) [jessie] - libcatalyst-plugin-static-simple-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controller ...) NOT-FOR-US: AMAG Symmetry Door Edge Network Controllers CVE-2017-16240 RESERVED CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack No ...) - nova 2:16.0.3-6 (bug #883621) [stretch] - nova (Fix for CVE-2017-16239 not applied and not affecting 14.x.y) [jessie] - nova (Vulnerable code not present) [wheezy] - nova (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/12/05/5 NOTE: https://launchpad.net/bugs/1732976 CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throug ...) {DSA-4056-1} - nova 2:16.0.3-1 (bug #882009) [jessie] - nova (Vulnerble code introduced later) [wheezy] - nova (Vulnerble code introduced later) NOTE: https://launchpad.net/bugs/1664931 NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html NOTE: Regression fix: https://www.openwall.com/lists/oss-security/2017/12/05/4 CVE-2017-16238 RESERVED CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64 ...) NOT-FOR-US: Vir.IT eXplorer Anti-Virus CVE-2017-16236 RESERVED CVE-2017-16235 RESERVED CVE-2017-16234 RESERVED CVE-2017-16233 RESERVED CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS ...) NOT-FOR-US: D-Link devices CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...) NOT-FOR-US: Progress Software OpenEdge CVE-2017-16232 (LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow at ...) - tiff (unimportant) NOTE: http://seclists.org/oss-sec/2017/q4/168 NOTE: Related commit: https://gitlab.com/libtiff/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0 NOTE: This is actually only a partial fix, but upstream will not fix it completely. NOTE: The related commit is included in 4.0.9. The underlying memory-based DOS NOTE: would still be present. CVE-2017-16231 (In PCRE 8.41, after compiling, a pcretest load test PoC produces a cra ...) - pcre3 (unimportant) CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...) NOT-FOR-US: Typecho CVE-2017-16229 (In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based b ...) - ruby-ox 2.8.2-1 [stretch] - ruby-ox (Minor issue) [jessie] - ruby-ox (Minor issue) NOTE: https://github.com/ohler55/ox/issues/195 NOTE: https://github.com/ohler55/ox/pull/196 NOTE: https://github.com/ohler55/ox/commit/0708ae44faf2ffc3d9330daf6ae023859a8b168b CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote a ...) - dulwich 0.18.5-1 [stretch] - dulwich (Minor issue) [jessie] - dulwich (Minor issue) [wheezy] - dulwich (Minor issue) NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/ NOTE: This is similar class of issue as for CVE-2017-1000117/git NOTE: But needs a separate CVE since different codebasis. CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 al ...) {DSA-4011-1 DLA-1152-1} - quagga 1.2.2-1 (bug #879474) NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 CVE-2017-16226 (The static-eval module is intended to evaluate statically-analyzable e ...) NOT-FOR-US: static-eval module CVE-2017-16225 (aegir is a module to help automate JavaScript project management. Vers ...) NOT-FOR-US: aegir CVE-2017-16224 (st is a module for serving static files. An attacker is able to craft ...) NOT-FOR-US: st CVE-2017-16223 (nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a direct ...) NOT-FOR-US: nodeaaaaa CVE-2017-16222 (elding is a simple web server. elding is vulnerable to a directory tra ...) NOT-FOR-US: elding CVE-2017-16221 (yzt is a simple file server. yzt is vulnerable to a directory traversa ...) NOT-FOR-US: yzt CVE-2017-16220 (wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory tr ...) NOT-FOR-US: wind-mvc CVE-2017-16219 (yttivy is a static file server. yttivy is vulnerable to a directory tr ...) NOT-FOR-US: yttivy CVE-2017-16218 (dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a di ...) NOT-FOR-US: dgard8.lab6 CVE-2017-16217 (fbr-client sends files through sockets via socket.io and webRTC. fbr-c ...) NOT-FOR-US: fbr-client CVE-2017-16216 (tencent-server is a simple web server. tencent-server is vulnerable to ...) NOT-FOR-US: tencent-server CVE-2017-16215 (sgqserve is a simple file server. sgqserve is vulnerable to a director ...) NOT-FOR-US: sgqserve CVE-2017-16214 (peiserver is a static file server. peiserver is vulnerable to a direct ...) NOT-FOR-US: peiserver CVE-2017-16213 (mfrserver is a simple file server. mfrserver is vulnerable to a direct ...) NOT-FOR-US: mfrserver CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory traversa ...) NOT-FOR-US: ltt CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a direct ...) NOT-FOR-US: lessindex CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...) NOT-FOR-US: jn_jj_server CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...) NOT-FOR-US: enserver CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a direc ...) NOT-FOR-US: dmmcquay.lab6 CVE-2017-16207 (discordi.js is a malicious module based on the discord.js library that ...) NOT-FOR-US: discordi.js CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a user's pr ...) NOT-FOR-US: cofee-script CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a user's pri ...) NOT-FOR-US: coffescript CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's private S ...) NOT-FOR-US: jquey CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a user's pr ...) NOT-FOR-US: coffe-script CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a user's pri ...) NOT-FOR-US: cofeescript CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to a direct ...) NOT-FOR-US: zjjserver CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a dire ...) NOT-FOR-US: uv-tj-demo CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a director ...) NOT-FOR-US: sus-sum CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory travers ...) NOT-FOR-US: ritp CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a director ...) NOT-FOR-US: sinserve CVE-2017-16196 (quickserver is a simple static file server. quickserver is vulnerable ...) NOT-FOR-US: quickserver CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to a direct ...) NOT-FOR-US: pytservce CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a directory trave ...) NOT-FOR-US: picard CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a directory traver ...) NOT-FOR-US: mfrs CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerab ...) NOT-FOR-US: getcityapi.yoehoehne CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to a direct ...) NOT-FOR-US: cypserver CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a dire ...) NOT-FOR-US: dcdcdcdcdc CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...) NOT-FOR-US: sly07 CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory trav ...) NOT-FOR-US: reecerver CVE-2017-16187 (open-device creates a web interface for any device. open-device is vul ...) NOT-FOR-US: open-device CVE-2017-16186 (360class.jansenhm is a static file server. 360class.jansenhm is vulner ...) NOT-FOR-US: 360class.jansenhm CVE-2017-16185 (uekw1511server is a static file server. uekw1511server is vulnerable t ...) NOT-FOR-US: uekw1511server CVE-2017-16184 (scott-blanch-weather-app is a sample Node.js app using Express 4. scot ...) NOT-FOR-US: scott-blanch-weather-app CVE-2017-16183 (iter-server is a static file server. iter-server is vulnerable to a di ...) NOT-FOR-US: iter-server CVE-2017-16182 (serverxxx is a static file server. serverxxx is vulnerable to a direct ...) NOT-FOR-US: serverxxx CVE-2017-16181 (wintiwebdev is a static file server. wintiwebdev is vulnerable to a di ...) NOT-FOR-US: wintiwebdev CVE-2017-16180 (serverabc is a static file server. serverabc is vulnerable to a direct ...) NOT-FOR-US: serverabc CVE-2017-16179 (dasafio is a web server. dasafio is vulnerable to a directory traversa ...) NOT-FOR-US: dasafio CVE-2017-16178 (intsol-package is a file server. intsol-package is vulnerable to a dir ...) NOT-FOR-US: intsol-package CVE-2017-16177 (chatbyvista is a file server. chatbyvista is vulnerable to a directory ...) NOT-FOR-US: chatbyvista CVE-2017-16176 (jansenstuffpleasework is a file server. jansenstuffpleasework is vulne ...) NOT-FOR-US: jansenstuffpleasework CVE-2017-16175 (ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a direc ...) NOT-FOR-US: ewgaddis.lab6 CVE-2017-16174 (whispercast is a file server. whispercast is vulnerable to a directory ...) NOT-FOR-US: whispercast CVE-2017-16173 (utahcityfinder constructs lists of Utah cities with a certain prefix. ...) NOT-FOR-US: utahcityfinder CVE-2017-16172 (section2.madisonjbrooks12 is a simple web server. section2.madisonjbro ...) NOT-FOR-US: section2.madisonjbrooks12 CVE-2017-16171 (hcbserver is a static file server. hcbserver is vulnerable to a direct ...) NOT-FOR-US: hcbserver CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable to a di ...) NOT-FOR-US: liuyaserver CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a director ...) NOT-FOR-US: looppake CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving an attac ...) NOT-FOR-US: wffserve CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to a direct ...) NOT-FOR-US: yyooopack CVE-2017-16166 (byucslabsix is an http server. byucslabsix is vulnerable to a director ...) NOT-FOR-US: byucslabsix CVE-2017-16165 (calmquist.static-server is a static file server. calmquist.static-serv ...) NOT-FOR-US: calmquist.static-server CVE-2017-16164 (desafio is a simple web server. desafio is vulnerable to a directory t ...) NOT-FOR-US: desafio CVE-2017-16163 (dylmomo is a simple file server. dylmomo is vulnerable to a directory ...) NOT-FOR-US: dylmomo CVE-2017-16162 (22lixian is a simple file server. 22lixian is vulnerable to a director ...) NOT-FOR-US: 22lixian CVE-2017-16161 (shenliru is a simple file server. shenliru is vulnerable to a director ...) NOT-FOR-US: shenliru CVE-2017-16160 (11xiaoli is a simple file server. 11xiaoli is vulnerable to a director ...) NOT-FOR-US: 11xiaoli CVE-2017-16159 (caolilinode is a simple file server. caolilinode is vulnerable to a di ...) NOT-FOR-US: caolilinode CVE-2017-16158 (dcserver is a static file server. dcserver is vulnerable to a director ...) NOT-FOR-US: dcserver CVE-2017-16157 (censorify.tanisjr is a simple web server and API RESTful service. cens ...) NOT-FOR-US: censorify.tanisjr CVE-2017-16156 (myprolyz is a static file server. myprolyz is vulnerable to a director ...) NOT-FOR-US: myprolyz CVE-2017-16155 (fast-http-cli is the command line interface for fast-http, a simple we ...) NOT-FOR-US: fast-http-cli CVE-2017-16154 (earlybird is a web server module for early development. earlybird is v ...) NOT-FOR-US: earlybird CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an attac ...) NOT-FOR-US: gaoxuyan CVE-2017-16152 (static-html-server is a static file server. static-html-server is vuln ...) NOT-FOR-US: static-html-server CVE-2017-16151 (Based on details posted by the ElectronJS team; A remote code executio ...) NOT-FOR-US: Electron CVE-2017-16150 (wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to ...) NOT-FOR-US: wanggoujing123 CVE-2017-16149 (zwserver is a weather web server. zwserver is vulnerable to a director ...) NOT-FOR-US: zwserver CVE-2017-16148 (serve46 is a static file server. serve46 is vulnerable to a directory ...) NOT-FOR-US: serve46 CVE-2017-16147 (shit-server is a file server. shit-server is vulnerable to a directory ...) NOT-FOR-US: shit-server CVE-2017-16146 (mockserve is a file server. mockserve is vulnerable to a directory tra ...) NOT-FOR-US: mockserve CVE-2017-16145 (sspa is a server dedicated to single-page apps. sspa is vulnerable to ...) NOT-FOR-US: sspa CVE-2017-16144 (myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vul ...) NOT-FOR-US: myserver.alexcthomas18 CVE-2017-16143 (commentapp.stetsonwood is an http server. commentapp.stetsonwood is vu ...) NOT-FOR-US: commentapp.stetsonwood CVE-2017-16142 (infraserver is a RESTful server. infraserver is vulnerable to a direct ...) NOT-FOR-US: infraserver CVE-2017-16141 (lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a di ...) NOT-FOR-US: lab6drewfusbyu CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory ...) NOT-FOR-US: lab6.brit95 CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal i ...) NOT-FOR-US: jikes CVE-2017-16138 (The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular express ...) - node-mime 2.3.1-1 (unimportant; bug #901277) NOTE: https://github.com/broofa/node-mime/issues/167 NOTE: https://nodesecurity.io/advisories/535 NOTE: https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x) NOTE: https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x) NOTE: nodejs not covered by security support CVE-2017-16137 (The debug module is vulnerable to regular expression denial of service ...) - node-debug 3.1.0-1 (unimportant) NOTE: https://nodesecurity.io/advisories/534 NOTE: nodejs not covered by security support CVE-2017-16136 (method-override is a module used by the Express.js framework to let yo ...) NOT-FOR-US: method-override nodejs module CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to a direct ...) NOT-FOR-US: serverzyy CVE-2017-16134 (http_static_simple is an http server. http_static_simple is vulnerable ...) NOT-FOR-US: http_static_simple CVE-2017-16133 (goserv is an http server. goserv is vulnerable to a directory traversa ...) NOT-FOR-US: goserv CVE-2017-16132 (simple-npm-registry is a local npm package cache. simple-npm-registry ...) NOT-FOR-US: simple-npm-registry CVE-2017-16131 (unicorn-list is a web framework. unicorn-list is vulnerable to a direc ...) NOT-FOR-US: unicorn-list CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxx ...) NOT-FOR-US: exxxxxxxxxxx CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb attacks. I ...) - node-superagent 0.20.0+dfsg-2 [stretch] - node-superagent 0.20.0+dfsg-1+deb9u2 [jessie] - node-superagent (Nodejs in jessie not covered by security support) NOTE: https://github.com/visionmedia/superagent/issues/1259 NOTE: https://nodesecurity.io/advisories/479 CVE-2017-16128 (The module npm-script-demo opened a connection to a command and contro ...) NOT-FOR-US: npm-script-demo CVE-2017-16127 (The module pandora-doomsday infects other modules. It's since been unp ...) NOT-FOR-US: pandora-doomsday CVE-2017-16126 (The module botbait is a tool to be used to track bot and automated too ...) NOT-FOR-US: botbait CVE-2017-16125 (rtcmulticonnection-client is a signaling implementation for RTCMultiCo ...) NOT-FOR-US: rtcmulticonnection-client CVE-2017-16124 (node-server-forfront is a simple static file server. node-server-forfr ...) NOT-FOR-US: node-server-forfront CVE-2017-16123 (welcomyzt is a simple file server. welcomyzt is vulnerable to a direct ...) NOT-FOR-US: welcomyzt CVE-2017-16122 (cuciuci is a simple fileserver. cuciuci is vulnerable to a directory t ...) NOT-FOR-US: cuciuci CVE-2017-16121 (datachannel-client is a signaling implementation for DataChannel.js. d ...) NOT-FOR-US: datachannel-client CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a director ...) NOT-FOR-US: liyujing CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP response f ...) - node-fresh 0.2.0-2 (bug #927715) [stretch] - node-fresh (Nodejs in stretch not covered by security support) [jessie] - node-fresh (Nodejs in jessie not covered by security support) NOTE: https://nodesecurity.io/advisories/526 CVE-2017-16118 (The forwarded module is used by the Express.js framework to handle the ...) NOT-FOR-US: forwarded nodejs module CVE-2017-16117 (slug is a module to slugify strings, even if they contain unicode. slu ...) NOT-FOR-US: slug node module CVE-2017-16116 (The string module is a module that provides extra string operations. T ...) NOT-FOR-US: string node module CVE-2017-16115 (The timespan module is vulnerable to regular expression denial of serv ...) NOT-FOR-US: timespane node module CVE-2017-16114 (The marked module is vulnerable to a regular expression denial of serv ...) - node-marked 0.3.9+dfsg-1 (unimportant) NOTE: https://nodesecurity.io/advisories/531 CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial of ser ...) NOT-FOR-US: parsejson node module CVE-2017-16112 REJECTED CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is ...) NOT-FOR-US: node content CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. weather.sw ...) NOT-FOR-US: weather.swlyons CVE-2017-16109 (easyquick is a simple web server. easyquick is vulnerable to a directo ...) NOT-FOR-US: easyquick CVE-2017-16108 (gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerab ...) NOT-FOR-US: gaoxiaotingtingting CVE-2017-16107 (pooledwebsocket is vulnerable to a directory traversal issue, giving a ...) NOT-FOR-US: pooledwebsocket CVE-2017-16106 (tmock is a static file server. tmock is vulnerable to a directory trav ...) NOT-FOR-US: tmock CVE-2017-16105 (serverwzl is a simple http server. serverwzl is vulnerable to a direct ...) NOT-FOR-US: serverwzl CVE-2017-16104 (citypredict.whauwiller is vulnerable to a directory traversal issue, g ...) NOT-FOR-US: citypredict.whauwiller CVE-2017-16103 (serveryztyzt is a simple http server. serveryztyzt is vulnerable to a ...) NOT-FOR-US: serveryztyzt CVE-2017-16102 (serverhuwenhui is a simple http server. serverhuwenhui is vulnerable t ...) NOT-FOR-US: serverhuwenhui CVE-2017-16101 (serverwg is a simple http server. serverwg is vulnerable to a director ...) NOT-FOR-US: serverwg CVE-2017-16100 (dns-sync is a sync/blocking dns resolver. If untrusted user input is a ...) NOT-FOR-US: dns-sync CVE-2017-16099 (The no-case module is vulnerable to regular expression denial of servi ...) NOT-FOR-US: no-case CVE-2017-16098 (charset 1.0.0 and below are vulnerable to regular expression denial of ...) NOT-FOR-US: charset CVE-2017-16097 (tiny-http is a simple http server. tiny-http is vulnerable to a direct ...) NOT-FOR-US: tiny-http CVE-2017-16096 (serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable t ...) NOT-FOR-US: serveryaozeyan CVE-2017-16095 (serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable ...) NOT-FOR-US: serverliujiayi1 CVE-2017-16094 (iter-http is a server for static files. iter-http is vulnerable to a d ...) NOT-FOR-US: iter-http CVE-2017-16093 (cyber-js is a simple http server. A cyberjs server is vulnerable to a ...) NOT-FOR-US: cyber-js CVE-2017-16092 (Sencisho is a simple http server for local development. Sencisho is vu ...) NOT-FOR-US: Sencisho CVE-2017-16091 (xtalk helps your browser talk to nodex, a simple web framework. xtalk ...) NOT-FOR-US: xtalk (not the chat client) CVE-2017-16090 (fsk-server is a simple http server. fsk-server is vulnerable to a dire ...) NOT-FOR-US: fsk-server CVE-2017-16089 (serverlyr is a simple http server. serverlyr is vulnerable to a direct ...) NOT-FOR-US: serverlyr CVE-2017-16088 (The safe-eval module describes itself as a safer version of eval. By a ...) NOT-FOR-US: safe-eval CVE-2017-16087 RESERVED CVE-2017-16086 (ua-parser is a port of Browserscope's user agent parser. ua-parser is ...) NOT-FOR-US: ua-parser CVE-2017-16085 (tinyserver2 is a webserver for static files. tinyserver2 is vulnerable ...) NOT-FOR-US: tinyserver2 CVE-2017-16084 (list-n-stream is a server for static files to list and stream local vi ...) NOT-FOR-US: list-n-stream CVE-2017-16083 (node-simple-router is a minimalistic router for Node. node-simple-rout ...) NOT-FOR-US: node-simple-router CVE-2017-16082 (A remote code execution vulnerability was found within the pg module w ...) - node-postgres 7.7.1-1 (unimportant) NOTE: https://nodesecurity.io/advisories/521 NOTE: nodejs not covered by security support CVE-2017-16081 (cross-env.js was a malicious module published with the intent to hijac ...) NOT-FOR-US: malicious node module CVE-2017-16080 (nodesass was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16079 (smb was a malicious module published with the intent to hijack environ ...) NOT-FOR-US: malicious node module CVE-2017-16078 (shadowsock was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16077 (mongose was a malicious module published with the intent to hijack env ...) NOT-FOR-US: malicious node module CVE-2017-16076 (proxy.js was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16075 (http-proxy.js was a malicious module published with the intent to hija ...) NOT-FOR-US: malicious node module CVE-2017-16074 (crossenv was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16073 (noderequest was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16072 (nodemailer.js was a malicious module published with the intent to hija ...) NOT-FOR-US: malicious node module CVE-2017-16071 (nodemailer-js was a malicious module published with the intent to hija ...) NOT-FOR-US: malicious node module CVE-2017-16070 (nodecaffe was a malicious module published with the intent to hijack e ...) NOT-FOR-US: malicious node module CVE-2017-16069 (nodeffmpeg was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16068 (ffmepg was a malicious module published with the intent to hijack envi ...) NOT-FOR-US: malicious node module CVE-2017-16067 (node-opencv was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16066 (opencv.js was a malicious module published with the intent to hijack e ...) NOT-FOR-US: malicious node module CVE-2017-16065 (openssl.js was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16064 (node-openssl was a malicious module published with the intent to hijac ...) NOT-FOR-US: malicious node module CVE-2017-16063 (node-opensl was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16062 (node-tkinter was a malicious module published with the intent to hijac ...) NOT-FOR-US: malicious node module CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack env ...) NOT-FOR-US: malicious node module CVE-2017-16060 (babelcli was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16059 (mssql-node was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16058 (gruntcli was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16057 (nodemssql was a malicious module published with the intent to hijack e ...) NOT-FOR-US: malicious node module CVE-2017-16056 (mssql.js was a malicious module published with the intent to hijack en ...) NOT-FOR-US: malicious node module CVE-2017-16055 (`sqlserver` was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16054 (`nodefabric` was a malicious module published with the intent to hijac ...) NOT-FOR-US: malicious node module CVE-2017-16053 (`fabric-js` was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16052 (`node-fabric` was a malicious module published with the intent to hija ...) NOT-FOR-US: malicious node module CVE-2017-16051 (`sqliter` was a malicious module published with the intent to hijack e ...) NOT-FOR-US: malicious node module CVE-2017-16050 (`sqlite.js` was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16049 (`nodesqlite` was a malicious module published with the intent to hijac ...) NOT-FOR-US: malicious node module CVE-2017-16048 (`node-sqlite` was a malicious module published with the intent to hija ...) NOT-FOR-US: malicious node module CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack env ...) NOT-FOR-US: malicious node module CVE-2017-16046 (`mariadb` was a malicious module published with the intent to hijack e ...) NOT-FOR-US: malicious node module CVE-2017-16045 (`jquery.js` was a malicious module published with the intent to hijack ...) NOT-FOR-US: malicious node module CVE-2017-16044 (`d3.js` was a malicious module published with the intent to hijack env ...) NOT-FOR-US: malicious node module CVE-2017-16043 (Shout is an IRC client. Because the `/topic` command in messages is un ...) NOT-FOR-US: Shout CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...) - node-growl 1.10.5-1 (unimportant; bug #900868) [stretch] - node-growl 1.7.0-1+deb9u1 NOTE: Issue: https://github.com/tj/node-growl/issues/60 NOTE: https://github.com/tj/node-growl/pull/61 NOTE: https://nodesecurity.io/advisories/146 NOTE: nodejs not covered by security support CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which leaves ...) NOT-FOR-US: ikst CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass ...) NOT-FOR-US: gfe-sass CVE-2017-16039 (`hftp` is a static http or ftp server `hftp` is vulnerable to a direct ...) NOT-FOR-US: hftp CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversa ...) NOT-FOR-US: f2e-server CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allo ...) NOT-FOR-US: gomeplus-h5-proxy CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `ba ...) NOT-FOR-US: badjs-sourcemap-server CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development Server. D ...) NOT-FOR-US: hubl-server CVE-2017-16034 RESERVED CVE-2017-16033 RESERVED CVE-2017-16032 RESERVED CVE-2017-16031 (Socket.io is a realtime application framework that provides communicat ...) NOT-FOR-US: Socket.io CVE-2017-16030 (Useragent is used to parse useragent headers. It uses several regular ...) NOT-FOR-US: useragent nodejs module CVE-2017-16029 (hostr is a simple web server that serves up the contents of the curren ...) NOT-FOR-US: hostr CVE-2017-16028 (react-native-meteor-oauth is a library for Oauth2 login to a Meteor se ...) NOT-FOR-US: react-native-meteor-oauth CVE-2017-16027 RESERVED CVE-2017-16026 (Request is an http client. If a request is made using ```multipart```, ...) - node-request 2.88.1-1 (bug #901708) [stretch] - node-request (Nodejs in stretch not covered by security support) [jessie] - node-request (Nodejs in jessie not covered by security support) NOTE: https://github.com/request/request/issues/1904 NOTE: https://nodesecurity.io/advisories/309 NOTE: https://github.com/request/request/pull/2018 CVE-2017-16025 (Nes is a websocket extension library for hapi. Hapi is a webserver fra ...) NOT-FOR-US: Nes CVE-2017-16024 (The sync-exec module is used to simulate child_process.execSync in nod ...) NOT-FOR-US: sync-exec CVE-2017-16023 (Decamelize is used to convert a dash/dot/underscore/space separated st ...) - node-decamelize (Fixed before initial upload to Debian) NOTE: https://github.com/sindresorhus/decamelize/issues/5 NOTE: https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0 NOTE: nodejs not covered by security support CVE-2017-16022 (Morris.js creates an svg graph, with labels that appear when hovering ...) NOT-FOR-US: Morris.js CVE-2017-16021 (uri-js is a module that tries to fully implement RFC 3986. One of thes ...) NOT-FOR-US: uri-js nodejs module CVE-2017-16020 (Summit is a node web framework. When using the PouchDB driver in the m ...) NOT-FOR-US: Summit CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for building beau ...) NOT-FOR-US: GitBook CVE-2017-16018 (Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 ...) NOT-FOR-US: Restify CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...) - node-sanitize-html (Fixed before initial upload) CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...) - node-sanitize-html (Fixed before initial upload) CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...) NOT-FOR-US: Forms CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...) - node-http-proxy (Fixed before initial upload to Debian) NOTE: https://nodesecurity.io/advisories/323 NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101 NOTE: https://github.com/http-party/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48 (v0.7.0) CVE-2017-16013 (hapi is a web and services application framework. When hapi >= 15.0.0 ...) NOT-FOR-US: hapi CVE-2017-16012 REJECTED CVE-2017-16011 REJECTED CVE-2017-16010 (i18next is a language translation framework. When using the .init meth ...) - libjs-i18next (unimportant) NOTE: https://github.com/i18next/i18next/pull/826 NOTE: https://nodesecurity.io/advisories/326 NOTE: nodejs not covered by security support CVE-2017-16009 (ag-grid is an advanced data grid that is library agnostic. ag-grid is ...) NOT-FOR-US: ag-grid CVE-2017-16008 (i18next is a language translation framework. Because of how the interp ...) NOT-FOR-US: i18next CVE-2017-16007 (node-jose is a JavaScript implementation of the JSON Object Signing an ...) NOT-FOR-US: node-jose CVE-2017-16006 (Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkab ...) NOT-FOR-US: Remarkable CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's HTTP Signatu ...) - node-http-signature (Fixed before initial upload to Debian) NOTE: https://github.com/joyent/node-http-signature/issues/10 NOTE: https://nodesecurity.io/advisories/318 NOTE: nodejs not covered by security support CVE-2017-16004 RESERVED CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for Win ...) NOT-FOR-US: windows-build-tools CVE-2017-16002 RESERVED CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) NOT-FOR-US: VMware CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface (aka eo ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15999 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, no ...) NOT-FOR-US: Contacts Backup & Restore CVE-2017-15998 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES ...) NOT-FOR-US: Contacts Backup & Restore CVE-2017-15997 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 ...) NOT-FOR-US: Contacts Backup & Restore CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to c ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22361 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b CVE-2017-15995 RESERVED CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...) NOT-FOR-US: mystem-fix CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech synthesiz ...) NOT-FOR-US: react-native-baidu-voice-synthesizer CVE-2016-10696 (windows-latestchromedriver downloads the latest version of chromedrive ...) NOT-FOR-US: windows-latestchromedriver CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous, non-blocking ...) NOT-FOR-US: npm-test-sqlite3-trunk CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver for Mac, ...) NOT-FOR-US: alto-saxophone CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka server pm2-ka ...) NOT-FOR-US: pm2-kafka CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim download ...) NOT-FOR-US: haxeshim CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium Jar file w ...) NOT-FOR-US: windows-seleniumjar CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds support ...) NOT-FOR-US: openframe-ascii-image CVE-2016-10689 (The windows-iedriver module downloads fixed version of iedriverserver. ...) NOT-FOR-US: The windows-iedriver CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoeb ...) NOT-FOR-US: Haxe node module, different from src:haxe CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the Selenium ...) NOT-FOR-US: windows-selenium-chromedriver CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all downloa ...) NOT-FOR-US: fis-sass-all CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox dow ...) NOT-FOR-US: pk-app-wonderbox CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center agent ...) NOT-FOR-US: IBM CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to ...) NOT-FOR-US: arcanist node module, different from src:arcanist CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...) NOT-FOR-US: massif CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add sup ...) NOT-FOR-US: roslib-socketio CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation o ...) NOT-FOR-US: adamvr-geoip-lite CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to ...) NOT-FOR-US: selenium-standalone-painful CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads binary reso ...) NOT-FOR-US: serc.js CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for downloadin ...) NOT-FOR-US: google-closure-tools-latest CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api rs-brightcove d ...) NOT-FOR-US: rs-brightcove CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for libsbmlsim lib ...) NOT-FOR-US: libsbmlsim CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ve ...) NOT-FOR-US: limbus-buildgen CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee downlo ...) NOT-FOR-US: ipip-coffee CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis ...) NOT-FOR-US: cloudpub-redis CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper d ...) NOT-FOR-US: mystem-wrapper CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file windows-sel ...) NOT-FOR-US: windows-seleniumjar-mirror CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it vulnerable ...) NOT-FOR-US: soci CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML libsbml d ...) NOT-FOR-US: libsbml node integration, different from src:libsml CVE-2016-10667 (selenium-portal is a Selenium Testing Framework selenium-portal downlo ...) NOT-FOR-US: selenium-portal CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...) NOT-FOR-US: tomita-parser CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on libtins ...) NOT-FOR-US: herbivore CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text analyzer by Yan ...) NOT-FOR-US: mystem CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset binaries wix ...) NOT-FOR-US: wixtoolset CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita downloads bin ...) NOT-FOR-US: tomita CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu dow ...) NOT-FOR-US: phantomjs-cheniu CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using node-sass-b ...) NOT-FOR-US: fis-parser-sass-bin CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for co ...) NOT-FOR-US: nodejs poco module CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv do ...) NOT-FOR-US: native-opencv binding for node, different from src:opencv CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the install pr ...) NOT-FOR-US: co-cli-installer CVE-2016-10656 (qbs is a build tool that helps simplify the build process for developi ...) NOT-FOR-US: npm qbs (different from src:qbs) CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. clang-extra ...) NOT-FOR-US: npm clang-extra CVE-2016-10654 (sfml downloads resources over HTTP, which leaves it vulnerable to MITM ...) NOT-FOR-US: node-sfml CVE-2016-10653 (xd-testing is a testing library for cross-device (XD) web applications ...) NOT-FOR-US: node xp-testing CVE-2016-10652 (prebuild-lwip is a module for comprehensive, fast, and simple image pr ...) NOT-FOR-US: node prebuild-lwip CVE-2016-10651 (webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver ...) NOT-FOR-US: webdriver-launcher CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads b ...) NOT-FOR-US: ntfserver CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which leaves it ...) NOT-FOR-US: frames-compiler CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for sending acti ...) NOT-FOR-US: marionette-socket-host CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary r ...) NOT-FOR-US: node-air-sdk CVE-2016-10646 (resourcehacker is a Node wrapper of Resource Hacker (windows executabl ...) NOT-FOR-US: resourcehacker CVE-2016-10645 (grunt-images is a grunt plugin for processing images. grunt-images dow ...) NOT-FOR-US: grunt-images CVE-2016-10644 (slimerjs-edge is a npm wrapper for installing the bleeding edge versio ...) NOT-FOR-US: slimerjs-edge CVE-2016-10643 (jstestdriver is a wrapper for Google's jstestdriver. jstestdriver down ...) NOT-FOR-US: jstestdriver CVE-2016-10642 (cmake installs the cmake x86 linux binaries. cmake downloads binary re ...) NOT-FOR-US: cmake node intregration CVE-2016-10641 (node-bsdiff-android downloads resources over HTTP, which leaves it vul ...) NOT-FOR-US: node-bsdiff-android CVE-2016-10640 (node-thulac is a node binding for thulac. node-thulac downloads binary ...) NOT-FOR-US: node-thulac CVE-2016-10639 (redis-srvr is a npm wrapper for redis-server. redis-srvr downloads bin ...) NOT-FOR-US: redis-srvr CVE-2016-10638 (js-given is a JavaScript frontend to jgiven. js-given downloads binary ...) NOT-FOR-US: js-given CVE-2016-10637 (haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resour ...) NOT-FOR-US: haxe-dev, different from src:haxe CVE-2016-10636 (grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler do ...) NOT-FOR-US: grunt-ccompiler CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-c ...) NOT-FOR-US: broccoli-closure CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone ...) NOT-FOR-US: scala-standalone-bin CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp ...) NOT-FOR-US: dwebp-bin CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an A ...) NOT-FOR-US: apk-parser2 CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local syst ...) NOT-FOR-US: jvminstall CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it vulnerab ...) NOT-FOR-US: install-g-test CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloa ...) NOT-FOR-US: nw-with-arm CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation ...) NOT-FOR-US: selenium-wrapper CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary re ...) NOT-FOR-US: scala-bin CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...) NOT-FOR-US: mystem3 CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and sli ...) NOT-FOR-US: headless-browser-lite CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...) NOT-FOR-US: selenium-chromedriver CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedr ...) NOT-FOR-US: macaca-chromedriver-zxa CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschn ...) NOT-FOR-US: nodeschnaps CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. f ...) NOT-FOR-US: fibjs CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell applic ...) NOT-FOR-US: atom-node-module-installer CVE-2016-10619 (pennyworth is a natural language templating engine. pennyworth downloa ...) NOT-FOR-US: pennyworth CVE-2016-10618 (node-browser is a wrapper webdriver by nodejs. node-browser downloads ...) NOT-FOR-US: node-browser CVE-2016-10617 (box2d-native downloads binary resources over HTTP, which leaves it vul ...) NOT-FOR-US: box2d-native (different from src:box2d) CVE-2016-10616 (openframe-image is an Openframe extension which adds support for image ...) NOT-FOR-US: openframe-image CVE-2016-10615 (curses is bindings for the native curses library, a full featured cons ...) NOT-FOR-US: curses node module CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary re ...) NOT-FOR-US: httpsync node module CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra download ...) NOT-FOR-US: bionode-sra CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dal ...) NOT-FOR-US: dalek-browser-ie-canary CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. strider-sa ...) NOT-FOR-US: strider-sauce CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 down ...) NOT-FOR-US: unicode-json CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. chromedrive ...) NOT-FOR-US: chromedriver126 CVE-2016-10608 (robot-js is a module for native system automation for node.js. robot-j ...) NOT-FOR-US: robot-js CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for sh ...) NOT-FOR-US: openframe-glsviewer CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...) NOT-FOR-US: grunt-webdriver-qunit CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-brow ...) NOT-FOR-US: dalek-browser-ie CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-brow ...) NOT-FOR-US: dalek-browser-chrome CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads bina ...) NOT-FOR-US: air-sdk CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over ...) NOT-FOR-US: Haxe node module, different from src:haxe CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...) NOT-FOR-US: webdrvr CVE-2016-10600 (webrtc-native uses WebRTC from chromium project. webrtc-native downloa ...) NOT-FOR-US: webrtc-native CVE-2016-10599 (sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...) NOT-FOR-US: sauce-connect CVE-2016-10598 (arrayfire-js is a module for ArrayFire for the Node.js platform. array ...) NOT-FOR-US: arrayfire-js CVE-2016-10597 (cobalt-cli downloads resources over HTTP, which leaves it vulnerable t ...) NOT-FOR-US: cobalt-cli CVE-2016-10596 (imageoptim is a Node.js wrapper for some images compression algorithms ...) NOT-FOR-US: imageoptim CVE-2016-10595 (jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ex ...) NOT-FOR-US: jdf-sass CVE-2016-10594 (ipip is a Node.js module to query geolocation information for an IP or ...) NOT-FOR-US: ibip CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...) NOT-FOR-US: ibapi CVE-2016-10592 (jser-stat is a JSer.info stat library. jser-stat downloads data resour ...) NOT-FOR-US: jser-stat CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...) NOT-FOR-US: Prince Node API CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node do ...) NOT-FOR-US: cue-sdk-node CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. sel ...) NOT-FOR-US: selenium-binaries CVE-2016-10588 (nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...) NOT-FOR-US: nw CVE-2016-10587 (wasdk is a toolkit for creating WebAssembly modules. wasdk downloads b ...) NOT-FOR-US: wasdk CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium chromedriver ...) NOT-FOR-US: macaca-chromedriver CVE-2016-10585 (libxl provides Node bindings for the libxl library for reading and wri ...) NOT-FOR-US: libxl node bindings CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for DalekJ ...) NOT-FOR-US: dalek-browser-chrome-canary CVE-2016-10583 (closure-utils is Utilities for Closure Library based projects. closure ...) NOT-FOR-US: closure-utils CVE-2016-10582 (closurecompiler is a Closure Compiler for node.js. closurecompiler dow ...) NOT-FOR-US: closurecompiler CVE-2016-10581 (Steroids is PhoneGap on Steroids, providing native UI elements, multip ...) NOT-FOR-US: PhoneGap on Steroids CVE-2016-10580 (nodewebkit is an installer for node-webkit. nodewebkit downloads zippe ...) NOT-FOR-US: nodewebkit CVE-2016-10579 (Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...) NOT-FOR-US: Chromedriver CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. Un ...) NOT-FOR-US: nodejs unicode module CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...) NOT-FOR-US: ibm_db node.js module CVE-2016-10576 (Fuseki server wrapper and management API in fuseki before 1.0.1 downlo ...) NOT-FOR-US: Fuseki CVE-2016-10575 (Kindlegen is a simple Node.js wrapper of the official kindlegen progra ...) NOT-FOR-US: Kindlegen CVE-2016-10574 (apk-parser3 is a module to extract Android Manifest info from an APK f ...) NOT-FOR-US: apk-parser3 CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server fo ...) NOT-FOR-US: baryton-saxophone CVE-2016-10572 (mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instan ...) NOT-FOR-US: mongodb-instance CVE-2016-10571 (bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-w ...) NOT-FOR-US: bkjs-wand CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ve ...) NOT-FOR-US: pngcrush-installer CVE-2016-10569 (embedza is a module to create HTML snippets/embeds from URLs using inf ...) NOT-FOR-US: embedza CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, supportin ...) NOT-FOR-US: geoip-lite-country CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...) NOT-FOR-US: product-monitor CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches ...) NOT-FOR-US: install-nw CVE-2016-10565 (operadriver is a Opera Driver for Selenium. operadriver versions below ...) NOT-FOR-US: operadriver CVE-2016-10564 (apk-parser is a tool to extract Android Manifest info from an APK file ...) NOT-FOR-US: apk-parser CVE-2016-10563 (During the installation process, the go-ipfs-deps module before 0.4.4 ...) NOT-FOR-US: go-ipfs-deps CVE-2016-10562 (iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions be ...) NOT-FOR-US: iedriver CVE-2016-10561 (Bitty is a development web server tool that functions similar to `pyth ...) NOT-FOR-US: Bitty CVE-2016-10560 (galenframework-cli is the node wrapper for the Galen Framework. galenf ...) NOT-FOR-US: galenframework-cli CVE-2016-10559 (selenium-download downloads the latest versions of the selenium standa ...) NOT-FOR-US: selenium-download CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike version ...) NOT-FOR-US: aerospike CVE-2016-10557 (appium-chromedriver is a Node.js wrapper around Chromedriver. Versions ...) NOT-FOR-US: appium-chromedriver CVE-2016-10556 (sequelize is an Object-relational mapping, or a middleman to convert t ...) NOT-FOR-US: sequelize CVE-2016-10555 (Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 an ...) NOT-FOR-US: nodejs-jwt-simple CVE-2016-10554 (sequelize is an Object-relational mapping, or a middleman to convert t ...) NOT-FOR-US: sequelize CVE-2016-10553 (sequelize is an Object-relational mapping, or a middleman to convert t ...) NOT-FOR-US: sequelize CVE-2016-10552 (igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...) NOT-FOR-US: igniteui CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for Wa ...) NOT-FOR-US: waterline-sequel CVE-2016-10550 (sequelize is an Object-relational mapping, or a middleman to convert t ...) NOT-FOR-US: sequelize CVE-2016-10549 (Sails is an MVC style framework for building realtime web applications ...) NOT-FOR-US: Sails CVE-2016-10548 (Arbitrary code execution is possible in reduce-css-calc node module <= ...) NOT-FOR-US: reduce-css-calc CVE-2016-10547 (Nunjucks is a full featured templating engine for JavaScript. Versions ...) NOT-FOR-US: Nunjucks CVE-2016-10546 (An arbitrary code injection vector was found in PouchDB 6.0.4 and less ...) NOT-FOR-US: PouchDB CVE-2016-10545 REJECTED CVE-2016-10544 (uws is a WebSocket server library. By sending a 256mb websocket messag ...) NOT-FOR-US: uws CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framework. T ...) NOT-FOR-US: call HTTP router CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested websocket c ...) - node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671) [stretch] - node-ws 1.1.0+ds1.e6ddaae4-3+deb9u1 [jessie] - node-ws (Nodejs in jessie not covered by security support) NOTE: https://nodesecurity.io/advisories/120 NOTE: https://github.com/nodejs/node/issues/7388 CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...) - node-shell-quote (Fixed before initial upload to Debian) NOTE: https://nodesecurity.io/advisories/117 NOTE: nodejs not covered by security support CVE-2016-10540 (Minimatch is a minimal matching utility that works by converting glob ...) - node-minimatch 3.0.3-1 (unimportant) NOTE: https://nodesecurity.io/advisories/118 NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955 NOTE: libv8 is not covered by security support CVE-2016-10539 (negotiator is an HTTP content negotiator for Node.js and is used by ma ...) - node-negotiator 0.6.1-1 (unimportant) NOTE: https://nodesecurity.io/advisories/106 NOTE: nodejs not covered by security support CVE-2016-10538 (The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...) - node-cli (unimportant; bug #809252) NOTE: https://github.com/node-js-libs/cli/issues/81 NOTE: https://nodesecurity.io/advisories/95 CVE-2016-10537 (backbone is a module that adds in structure to a JavaScript heavy appl ...) - backbone 0.5.3-1 NOTE: https://nodesecurity.io/advisories/108 CVE-2016-10536 (engine.io-client is the client for engine.io, the implementation of a ...) NOT-FOR-US: engine.io-client CVE-2016-10535 (csrf-lite is a cross-site request forgery protection library for frame ...) NOT-FOR-US: csrf-lite CVE-2016-10534 (electron-packager is a command line tool that packages Electron source ...) NOT-FOR-US: electron-packager CVE-2016-10533 (express-restify-mongoose is a module to easily create a flexible REST ...) NOT-FOR-US: express-restify-mongoose CVE-2016-10532 (console-io is a module that allows users to implement a web console in ...) NOT-FOR-US: console-io CVE-2016-10531 (marked is an application that is meant to parse and compile markdown. ...) - node-marked 0.3.6+dfsg-1 (unimportant) NOTE: https://nodesecurity.io/advisories/101 NOTE: nodejs not covered by security support CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending environment ...) NOT-FOR-US: airbrake CVE-2016-10529 (Droppy versions <3.5.0 does not perform any verification for cross-dom ...) NOT-FOR-US: Droppy CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating, Reading, ...) NOT-FOR-US: restafary CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a regex (Cata ...) NOT-FOR-US: riot-compiler CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI system i ...) NOT-FOR-US: gh-pages CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, hapi-auth- ...) NOT-FOR-US: hapi CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and angula ...) NOT-FOR-US: i18n-node-angular CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted M ...) - node-mqtt-packet (Fixed before initial upload to the archive) NOTE: https://nodesecurity.io/advisories/75 CVE-2016-10522 (rails_admin ruby gem (bug #903855) [stretch] - ruby-rails-admin (Minor issue; has regression potential) NOTE: https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a NOTE: Regression: https://github.com/sferik/rails_admin/issues/2830 CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service (ReDo ...) NOT-FOR-US: jshamcrest CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...) NOT-FOR-US: jadedown CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that allows ...) NOT-FOR-US: bittorrent-dht CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws module b ...) - node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant) NOTE: https://nodesecurity.io/advisories/67 NOTE: Nodefs not covered by security support CVE-2015-9243 (When server level, connection level or route level CORS configurations ...) NOT-FOR-US: hapi CVE-2015-9242 (Certain input strings when passed to new Date() or Date.parse() in ecs ...) NOT-FOR-US: ecstatic CVE-2015-9241 (Certain input passed into the If-Modified-Since or Last-Modified heade ...) NOT-FOR-US: hapi CVE-2015-9240 (Due to a bug in the the default sign in functionality in the keystone ...) NOT-FOR-US: keystone node module CVE-2015-9239 (ansi2html is vulnerable to regular expression denial of service (ReDoS ...) NOT-FOR-US: ansi2html CVE-2015-9238 (secure-compare 3.0.0 and below do not actually compare two strings pro ...) NOT-FOR-US: secure-compare node module CVE-2015-9237 RESERVED CVE-2015-9236 (Hapi versions less than 11.0.0 implement CORS incorrectly and allowed ...) NOT-FOR-US: hapi CVE-2015-9235 (In jsonwebtoken node module before 4.2.2 it is possible for an attacke ...) NOT-FOR-US: jsonwebtoken node module CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always a ...) NOT-FOR-US: inert CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...) NOT-FOR-US: paypal-ipn CVE-2014-10066 (Versions less than 0.1.4 of the static file server module fancy-server ...) NOT-FOR-US: fancy-server CVE-2014-10065 (Certain input when passed into remarkable before 1.4.1 will bypass the ...) NOT-FOR-US: remarkable CVE-2014-10064 (The qs module before 1.0.0 does not have an option or default for spec ...) - node-qs 2.2.4-1 (unimportant) NOTE: https://nodesecurity.io/advisories/28 NOTE: nodejs not security by security support CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums ...) - rsync (Problematic code to allow checksum choice only introduced after 3.1.2 release) NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b NOTE: And possibly the following two commits on top: NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 NOTE: The following commit introduced special handling of archaic versions / handling of NOTE: --checksum-choice option to choose the checksum algorithms: NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598 CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php r ...) NOT-FOR-US: Zomato Clone Script CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' Paramet ...) NOT-FOR-US: Website Broker Script CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injec ...) NOT-FOR-US: Vastal I-Tech Agent Zone CVE-2017-15990 (Php Inventory & Invoice Management System allows Arbitrary File Upload ...) NOT-FOR-US: Php Inventory & Invoice Management System CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.ph ...) NOT-FOR-US: Online Exam Test Application CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme ...) NOT-FOR-US: PHP FAQ Script CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...) NOT-FOR-US: Fake Magazine Cover Script CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter ...) NOT-FOR-US: CPA Lead Reward Script CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...) NOT-FOR-US: Basic B2B Script CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...) NOT-FOR-US: Creative Management System (CMS) Lite CVE-2017-15983 (MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id par ...) NOT-FOR-US: MyMagazine Magazine & Blog CMS CVE-2017-15982 (Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id p ...) NOT-FOR-US: Dynamic News Magazine & Blog CMS CVE-2017-15981 (Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via ...) NOT-FOR-US: Responsive Newspaper Magazine & Blog CMS CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state pa ...) NOT-FOR-US: US Zip Codes Database Script CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via th ...) NOT-FOR-US: Shareet - Photo Sharing Social Network CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the office_adm ...) NOT-FOR-US: AROX School ERP PHP Script CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...) NOT-FOR-US: Protected Links - Expiring Download Links CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...) NOT-FOR-US: ZeeBuddy CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_ ...) NOT-FOR-US: Vastal I-Tech Dating Zone CVE-2017-15974 (tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 ...) NOT-FOR-US: tPanel CVE-2017-15973 (Sokial Social Network Script 1.0 allows SQL Injection via the id param ...) NOT-FOR-US: Sokial Social Network Script CVE-2017-15972 (SoftDatepro Dating Social Network 1.3 allows SQL Injection via the vie ...) NOT-FOR-US: SoftDatepro Dating Social Network CVE-2017-15971 (Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprof ...) NOT-FOR-US: Same Sex Dating Software Pro CVE-2017-15970 (PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index ...) NOT-FOR-US: PHP CityPortal CVE-2017-15969 (PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to searc ...) NOT-FOR-US: PG All Share Video CVE-2017-15968 (MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.p ...) NOT-FOR-US: MyBuilder Clone CVE-2017-15967 (Mailing List Manager Pro 3.0 allows SQL Injection via the edit paramet ...) NOT-FOR-US: Mailing List Manager Pro CVE-2017-15966 (The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! a ...) NOT-FOR-US: Zh YandexMap CVE-2017-15965 (The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joo ...) NOT-FOR-US: NS Download Shop CVE-2017-15964 (Job Board Script Software allows SQL Injection via the PATH_INFO to a ...) NOT-FOR-US: Job Board Script Software CVE-2017-15963 (iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.p ...) NOT-FOR-US: iTech Gigs Script CVE-2017-15962 (iStock Management System 1.0 allows Arbitrary File Upload via user/pro ...) NOT-FOR-US: iStock Management System CVE-2017-15961 (iProject Management System 1.0 allows SQL Injection via the ID paramet ...) NOT-FOR-US: iProject Management System CVE-2017-15960 (Article Directory Script 3.0 allows SQL Injection via the id parameter ...) NOT-FOR-US: Article Directory Scrip CVE-2017-15959 (Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /do ...) NOT-FOR-US: Adult Script Pro CVE-2017-15958 (D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the user ...) NOT-FOR-US: D-Park Pro Domain Parking Script CVE-2017-15957 (my_profile.php in Ingenious School Management System 2.3.0 allows a st ...) NOT-FOR-US: Ingenious School Management System CVE-2017-15956 (ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Down ...) NOT-FOR-US: ConverTo Video Downloader CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Ac ...) {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/4 CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...) {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/3 CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...) {DSA-4026-1 DLA-1158-1} - bchunk 1.2.0-12.1 (bug #880116) NOTE: https://github.com/extramaster/bchunk/issues/2 CVE-2017-15952 RESERVED CVE-2017-15951 (The KEYS subsystem in the Linux kernel before 4.13.10 does not correct ...) - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 (v4.14-rc6) CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buff ...) NOT-FOR-US: Flexense SyncBreeze CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedi ...) NOT-FOR-US: Xavier PHP Management Panel CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file upload ...) NOT-FOR-US: Perch Content Management System CVE-2017-15947 (Simple ASC Content Management System v1.2 has XSS in the location fiel ...) NOT-FOR-US: Simple ASC Content Management CVE-2017-15946 (In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerabil ...) NOT-FOR-US: Joomla addon CVE-2017-15945 (The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, d ...) NOT-FOR-US: Gentoo installation scripts CVE-2017-15944 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15943 (The configuration file import for applications, spyware and vulnerabil ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15940 (The web interface packet capture management component in Palo Alto Net ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) - binutils (Incomplete fix not applied) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9 NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22209 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/ CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...) NOT-FOR-US: Artica Pandora FMS CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission c ...) NOT-FOR-US: Artica Pandora FMS CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execut ...) NOT-FOR-US: Artica Pandora FMS CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scri ...) NOT-FOR-US: Artica Pandora FMS CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...) - radare2 2.1.0+dfsg-1 (bug #880024) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) NOTE: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9 NOTE: https://github.com/radare/radare2/issues/8743 CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...) - radare2 2.1.0+dfsg-1 (bug #880025) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd NOTE: https://github.com/radare/radare2/issues/8731 CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Po ...) {DSA-4321-1 DLA-1456-1 DLA-1154-1} - graphicsmagick 1.3.26-16 (bug #879999) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b NOTE: https://sourceforge.net/p/graphicsmagick/bugs/518/ CVE-2017-15929 RESERVED CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...) - ruby-ox 2.8.2-1 (bug #881445) [stretch] - ruby-ox 2.1.1-2+deb9u1 [jessie] - ruby-ox 2.1.1-2+deb8u1 NOTE: https://github.com/ohler55/ox/issues/194 NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8 CVE-2017-15927 RESERVED CVE-2017-15926 RESERVED CVE-2017-15925 RESERVED CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) {DSA-4033-1 DLA-1174-1} - konversation 1.7.3-1 (bug #881586) NOTE: https://github.com/KDE/konversation/commit/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...) {DLA-1198-1} - libextractor 1:1.6-2 (low; bug #880016) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117 CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...) NOT-FOR-US: Watchdog Anti-Malware CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...) NOT-FOR-US: Watchdog Anti-Malware CVE-2017-15918 (Sera 1.2 stores the user's login password in plain text in their home ...) NOT-FOR-US: Sera CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a cus ...) - systemd 235-3 (bug #880026) [stretch] - systemd 232-25+deb9u2 [jessie] - systemd (Vulnerable code introduced later) [wheezy] - systemd (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 NOTE: https://github.com/systemd/systemd/pull/7184 NOTE: Fix: https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62 CVE-2017-15919 (The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has S ...) NOT-FOR-US: WordPress plugin ultimate-form-builder-lite CVE-2017-15916 RESERVED CVE-2017-15915 RESERVED CVE-2017-15914 (Incorrect implementation of access controls allows remote users to ove ...) - borgbackup 1.1.3-1 [stretch] - borgbackup (Only affects 1.1.0, 1.1.1 and 1.1.2 releases) NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#version-1-1-3-2017-11-27 CVE-2017-15913 (The Installer in Whale allows DLL hijacking.) NOT-FOR-US: Installer in Whale CVE-2017-15912 RESERVED CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allo ...) NOT-FOR-US: Ignite Realtime Openfire Server CVE-2017-15910 RESERVED CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, ...) NOT-FOR-US: D-Link CVE-2017-15907 (SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remo ...) NOT-FOR-US: phpCollab CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 7.6 does ...) {DLA-1500-1} - openssh 1:7.6p1-1 (low) [stretch] - openssh 1:7.4p1-10+deb9u3 [wheezy] - openssh (Minor issue) NOTE: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 CVE-2017-15905 RESERVED CVE-2017-15904 RESERVED CVE-2017-15903 RESERVED CVE-2017-15902 RESERVED CVE-2017-15901 RESERVED CVE-2017-15900 RESERVED CVE-2017-15899 RESERVED CVE-2017-15898 RESERVED CVE-2017-15897 (Node.js had a bug in versions 8.X and 9.X which caused buffers to not ...) - nodejs (Only affects 8.x and 9.x) CVE-2017-15896 (Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...) - nodejs (HTTP2 module only in 8.x and 9.x and Debian package uses the system copy of OpenSSL) CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) NOT-FOR-US: Synology Router Manager CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) NOT-FOR-US: Synology File Station CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash Command C ...) NOT-FOR-US: Synology Chat CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in Synolog ...) NOT-FOR-US: Synology Calendar CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology Mai ...) NOT-FOR-US: Synology CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation M ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) NOT-FOR-US: Synology CVE-2017-15887 (An improper restriction of excessive authentication attempts vulnerabi ...) NOT-FOR-US: Synology CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in Sy ...) NOT-FOR-US: Synology Chat CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Networ ...) NOT-FOR-US: Axis CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remo ...) NOT-FOR-US: Sitefinity CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application befor ...) NOT-FOR-US: London Trust Media Private Internet Access (PIA) application CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 a ...) NOT-FOR-US: KeystoneJS CVE-2017-15880 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15879 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) NOT-FOR-US: KeystoneJS CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in fields/types/mark ...) NOT-FOR-US: KeystoneJS CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allo ...) NOT-FOR-US: GPWeb CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote a ...) NOT-FOR-US: GPWeb CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allow ...) NOT-FOR-US: GPWeb CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integ ...) - busybox 1:1.27.2-2 (bug #879732) [stretch] - busybox (Vulnerable code not present) [jessie] - busybox (Vulnerable code not present) [wheezy] - busybox (Vulnerable code not present) NOTE: https://bugs.busybox.net/show_bug.cgi?id=10436 NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...) {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-2 (bug #879732) [wheezy] - busybox (Minor issue) NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0 NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431 CVE-2017-15872 (phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and ...) NOT-FOR-US: phpwcms CVE-2017-15871 (The deserialize function in serialize-to-js through 1.1.1 allows attac ...) NOT-FOR-US: Disputed serialize-to-js issue CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers w ...) NOT-FOR-US: Palo Alto Networks GlobalProtect Agent CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZ ...) NOT-FOR-US: LiveZilla CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the L ...) {DSA-4082-1 DLA-1200-1} - linux 4.0.2-1 NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3) CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the user-login- ...) NOT-FOR-US: user-login-history plugin for WordPress CVE-2017-15866 RESERVED CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...) - frr (Fixed before initial upload) CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x throu ...) {DLA-1212-1} - otrs2 4.0.7-2 [jessie] - otrs2 3.3.18-1+deb8u2 NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ NOTE: https://github.com/OTRS/otrs/compare/3bc58ebeb9bdbe8107251a03cf7b9b8cfc515f53...80a0a9a138278d63a2621d146eb3c29e982aa2d5 NOTE: Root cause for the issue is the recursive parsing handling in the old NOTE: DTL template engine that OTRS used up to OTRS 3.3. Starting with OTRS 4 NOTE: OTRS switched to a new Template::Toolkit based engine which does not perform NOTE: recursive parsing and not affected by this issue. CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" b ...) {DLA-1161-1} - redis 3:3.2.7-1 [stretch] - redis (Minor issue) [jessie] - redis (Minor issue) NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin bef ...) NOT-FOR-US: WordPress plugin wp-noexternallinks CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15859 (While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_ ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15858 RESERVED CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an erro ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15856 (Due to a race condition while processing the power stats debug file to ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15854 (The value of fix_param->num_chans is received from firmware and if it ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15851 (Lack of copy_from_user and information leak in function "msm_ois_subde ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for MSM ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15843 (Due to a race condition in a bus driver, a double free in msm_bus_floo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex b ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15840 REJECTED CVE-2017-15839 REJECTED CVE-2017-15838 REJECTED CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15835 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15832 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2017-15831 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15830 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15828 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15827 RESERVED CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15825 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15824 (In Android releases from CAF using the linux kernel (Android for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15821 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15819 RESERVED CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-15816 REJECTED CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm closed-source components on Android CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) NOT-FOR-US: WordPress plugin CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the as ...) NOT-FOR-US: WordPress plugin CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a cr ...) NOT-FOR-US: phpMyFaq CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.) NOT-FOR-US: phpMyFaq CVE-2017-15807 RESERVED CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) NOT-FOR-US: Zeta Components Mail CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function i ...) {DLA-1191-1} - python-werkzeug 0.11.11+dfsg1-1 [jessie] - python-werkzeug 0.9.6+dfsg-1+deb8u1 NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ NOTE: https://github.com/pallets/werkzeug/pull/1001 NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65 CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and ...) NOT-FOR-US: Cisco CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) - glibc 2.25-3 (low; bug #879955) [stretch] - glibc 2.24-11+deb9u4 - eglibc (low) [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 CVE-2017-15803 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15802 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15800 REJECTED CVE-2017-15799 REJECTED CVE-2017-15798 REJECTED CVE-2017-15797 REJECTED CVE-2017-15796 REJECTED CVE-2017-15795 REJECTED CVE-2017-15794 REJECTED CVE-2017-15793 REJECTED CVE-2017-15792 REJECTED CVE-2017-15791 REJECTED CVE-2017-15790 REJECTED CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15788 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15787 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15786 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15785 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15784 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15783 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15782 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15781 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15780 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15779 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15778 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15777 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15776 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15775 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15774 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-15773 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-15771 REJECTED CVE-2017-15770 REJECTED CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service o ...) NOT-FOR-US: IrfanView CVE-2017-15768 (IrfanView version 4.50 - 64bit allows attackers to cause a denial of s ...) NOT-FOR-US: IrfanView CVE-2017-15767 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15766 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15765 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15764 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15763 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15762 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15761 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15760 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15759 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15758 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15757 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15756 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15755 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15754 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15753 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15752 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15751 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15750 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15749 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15748 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15747 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15746 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15745 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15744 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15743 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15742 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15741 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15740 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15739 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) NOT-FOR-US: IrfanView CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...) {DSA-4228-1} - spip 3.1.4-4 (bug #879954) [wheezy] - spip (vulnerable code not present) NOTE: https://core.spip.net/projects/spip/repository/revisions/23701 CVE-2017-15735 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...) NOT-FOR-US: phpMyFAQ CVE-2017-15734 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) NOT-FOR-US: phpMyFAQ CVE-2017-15733 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) NOT-FOR-US: phpMyFAQ CVE-2017-15732 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) NOT-FOR-US: phpMyFAQ CVE-2017-15731 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) NOT-FOR-US: phpMyFAQ CVE-2017-15730 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) NOT-FOR-US: phpMyFAQ CVE-2017-15729 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...) NOT-FOR-US: phpMyFAQ CVE-2017-15728 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...) NOT-FOR-US: phpMyFAQ CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...) NOT-FOR-US: phpMyFAQ CVE-2017-15726 RESERVED CVE-2017-15725 (An XML External Entity Injection vulnerability exists in Dzone AnswerH ...) NOT-FOR-US: Dzone AnswerHub CVE-2017-15724 RESERVED CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL ...) {DSA-4016-1} - irssi 1.0.5-1 (bug #879521) [wheezy] - irssi (Vulnerable code introduced in 0.8.17) NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a Safe ch ...) {DSA-4016-1 DLA-1217-1} - irssi 1.0.5-1 (bug #879521) NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages ...) {DSA-4016-1 DLA-1217-1} - irssi 1.0.5-1 (bug #879521) NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can execute ...) - airflow (bug #819700) CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M ...) NOT-FOR-US: Wicket jQuery UI CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the pas ...) - hadoop (bug #793644) CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the org.apache.sling ...) NOT-FOR-US: Apache Sling CVE-2017-15716 REJECTED CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/6 CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape u ...) NOT-FOR-US: BIRT plugin in Apache OFBiz CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before ...) - hadoop (bug #793644) CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 ...) NOT-FOR-US: Apache Oozie CVE-2017-15711 REJECTED CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...) {DSA-4164-1 DLA-1389-1} - apache2 2.4.33-1 NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/8 CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...) {DLA-2583-1} - activemq 5.15.3-1 (bug #890352) [jessie] - activemq (Issue introduced with OpenWire protocol support) [wheezy] - activemq (Issue introduced with OpenWire protocol support) CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java R ...) NOT-FOR-US: Apache Synapse CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated J ...) - libstruts1.2-java (Specific to 2.x) CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat ...) - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.24-1 [stretch] - tomcat8 (Issue introduced later) [jessie] - tomcat8 (Issue introduced later) - tomcat8.0 (unimportant) NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java - tomcat7 (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed) NOTE: https://svn.apache.org/r1814828 (7.0.x) NOTE: https://svn.apache.org/r1814827 (8.0.x) NOTE: https://svn.apache.org/r1814826 (8.5.x) NOTE: Introduced by fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=61201 NOTE: https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E CVE-2017-15705 (A denial of service vulnerability was identified that exists in Apache ...) {DLA-1578-1} - spamassassin 3.4.2-1 (bug #908969) [stretch] - spamassassin 3.4.2-1~deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1 CVE-2017-15704 REJECTED CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL permi ...) NOT-FOR-US: Apache NiFi CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...) - qpid-java (bug #840131) CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the b ...) - qpid-java (bug #840131) CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid meth ...) NOT-FOR-US: Apache Sling Authentication Service CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...) - qpid-dispatch (bug #737776) NOTE: https://www.openwall.com/lists/oss-security/2018/02/13/5 CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache T ...) {DSA-4118-1 DLA-1276-1} - tomcat-native 1.2.16-1 NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E NOTE: http://svn.apache.org/r1815200 NOTE: http://svn.apache.org/r1815218 NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header containin ...) NOT-FOR-US: Apache NiFi CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure mode ...) NOT-FOR-US: Apache Geode CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with ...) NOT-FOR-US: Apache Geode CVE-2017-15694 (When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in se ...) NOT-FOR-US: Apache Geode CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores application obj ...) NOT-FOR-US: Apache Geode CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator ...) NOT-FOR-US: Apache Geode CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0 ...) - uimaj 2.10.2-1 (bug #897009) [stretch] - uimaj (Minor issue) [jessie] - uimaj (Minor issue) [wheezy] - uimaj (Minor issue) NOTE: https://uima.apache.org/security_report#CVE-2017-15691 CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsin ...) {DSA-4009-1} - shadowsocks-libev 3.1.0+ds-2 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/ NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734 NOTE: https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275 CVE-2017-15690 RESERVED CVE-2017-15689 RESERVED CVE-2017-15688 RESERVED CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...) NOT-FOR-US: Logitech CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...) NOT-FOR-US: Crafter CMS Crafter Studio CVE-2017-15679 RESERVED CVE-2017-15678 RESERVED CVE-2017-15677 RESERVED CVE-2017-15676 RESERVED CVE-2017-15675 RESERVED CVE-2017-15674 RESERVED CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) NOT-FOR-US: CS-Cart CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3 ...) {DSA-4049-1 DLA-1630-1} - ffmpeg 7:3.4-1 - libav NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879500) [stretch] - glibc 2.24-11+deb9u4 - eglibc (low) [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- ...) [experimental] - glibc 2.26-0experimental0 - glibc 2.25-3 (low; bug #879501) [stretch] - glibc 2.24-11+deb9u4 - eglibc (low) [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c369d66e5426a30e4725b100d5cd28e372754f90 (master) NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a76376df7c07e577a9515c3faa5dbd50bda5da07 (release/2.26/master) CVE-2017-15669 RESERVED CVE-2017-15668 RESERVED CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from ...) NOT-FOR-US: Flexense SysGauge Server CVE-2017-15666 RESERVED CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers f ...) NOT-FOR-US: Flexense DiskBoss Enterprise CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suff ...) NOT-FOR-US: Flexense Sync Breeze Enterprise CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffe ...) NOT-FOR-US: Flexense Disk Pulse Enterprise CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffer ...) NOT-FOR-US: Flexense VX Search Enterprise CVE-2017-15661 RESERVED CVE-2017-15660 RESERVED CVE-2017-15659 RESERVED CVE-2017-15658 RESERVED CVE-2017-15657 RESERVED CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all c ...) NOT-FOR-US: HTTPd server in Asus asuswrt CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...) NOT-FOR-US: HTTPd server in Asus asuswrt CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current v ...) NOT-FOR-US: HTTPd server in Asus asuswrt CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...) NOT-FOR-US: HTTPd server in Asus asuswrt CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...) - ghostscript 9.25~dfsg-1 [stretch] - ghostscript 9.25~dfsg-0+deb9u1 [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) NOT-FOR-US: PRTG Network Monitor CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/008ba2a13f2d04c947adc536d19debb8fe66f110 NOTE: Fixed by: https://git.kernel.org/linus/4971613c1639d8e5f102c4e797c3bf8f83a5a69e CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the ...) NOT-FOR-US: PHPSUGAR PHP Melody CVE-2017-15647 (On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc v ...) NOT-FOR-US: On FiberHome CVE-2017-15646 (Webmin before 1.860 has XSS with resultant remote code execution. Unde ...) - webmin CVE-2017-15645 (CSRF exists in Webmin 1.850. By sending a GET request to at/create_job ...) - webmin CVE-2017-15644 (SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as d ...) - webmin CVE-2017-15643 (An active network attacker (MiTM) can achieve remote code execution on ...) NOT-FOR-US: IKARUS Anti Virus CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies ...) - musl 1.1.17-1 [stretch] - musl (Minor issue) [jessie] - musl (Minor issue) NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there i ...) {DLA-1695-1 DLA-1197-1} - sox 14.4.2-2 (bug #882144) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://sourceforge.net/p/sox/bugs/298/ NOTE: https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2 CVE-2017-15641 RESERVED CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip ...) - phpipam (bug #731713) CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypa ...) NOT-FOR-US: Mura CMS CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterpri ...) NOT-FOR-US: SuSEfirewall2 in SUSE CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...) - wordpress (bug #880868) [bookworm] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [bullseye] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [buster] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [stretch] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [jessie] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [wheezy] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) NOTE: https://core.trac.wordpress.org/ticket/21022 NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following. CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) NOT-FOR-US: TP-Link CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...) - mistune 0.8-1 (bug #879098) [stretch] - mistune (Minor issue) NOTE: https://github.com/lepture/mistune/pull/140 NOTE: https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly gra ...) NOT-FOR-US: Octopus Deploy CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special Gue ...) NOT-FOR-US: Octopus Deploy CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext i ...) NOT-FOR-US: Octopus Deploy CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change ...) NOT-FOR-US: Inedo ProGet CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based r ...) NOT-FOR-US: Inedo Otter CVE-2017-15606 RESERVED CVE-2017-15605 RESERVED CVE-2017-15604 RESERVED CVE-2017-15603 RESERVED CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...) {DLA-1198-1} - libextractor 1:1.6-1 (low) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...) {DLA-1198-1} - libextractor 1:1.6-1 (low) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091 CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EX ...) {DLA-1198-1} - libextractor 1:1.6-1 (low) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695 NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7 CVE-2017-15599 RESERVED CVE-2017-15598 RESERVED CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...) {DSA-4050-1 DLA-1549-1} - xen 4.8.2+xsa245-0+deb9u1 [wheezy] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-236.html CVE-2017-15586 RESERVED CVE-2017-15585 RESERVED CVE-2017-15584 RESERVED CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Lo ...) NOT-FOR-US: ABB Fox515T 1.0 devices CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4. ...) NOT-FOR-US: Diary with lock CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android ...) NOT-FOR-US: Diary with lock CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with a ...) NOT-FOR-US: osTicket CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pa ...) NOT-FOR-US: PHPSUGAR PHP Melody CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the imag ...) NOT-FOR-US: PHPSUGAR PHP Melody CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) MorphoSma ...) NOT-FOR-US: IDEMIA CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm b ...) {DSA-4023-1} - slurm-llnl 17.02.9-1 (bug #880530) [jessie] - slurm-llnl (Vulnerable code introduced later) [wheezy] - slurm-llnl (Vulnerable code introduced later) NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageCo ...) {DSA-4079-1 DLA-1177-1} - poppler 0.61.1-2 (bug #879066) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d CVE-2017-15564 REJECTED CVE-2017-15563 REJECTED CVE-2017-15562 REJECTED CVE-2017-15561 REJECTED CVE-2017-15560 REJECTED CVE-2017-15559 REJECTED CVE-2017-15558 REJECTED CVE-2017-15557 REJECTED CVE-2017-15556 REJECTED CVE-2017-15555 REJECTED CVE-2017-15554 REJECTED CVE-2017-15553 REJECTED CVE-2017-15552 REJECTED CVE-2017-15551 REJECTED CVE-2017-15550 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) NOT-FOR-US: EMC Avamar Server CVE-2017-15549 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) NOT-FOR-US: EMC Avamar Server CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) NOT-FOR-US: EMC Avamar Server CVE-2017-15547 REJECTED CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and ...) NOT-FOR-US: EMC RSA Authentication Manager CVE-2017-15545 REJECTED CVE-2017-15544 REJECTED CVE-2017-15543 REJECTED CVE-2017-15542 REJECTED CVE-2017-15541 REJECTED CVE-2017-15540 REJECTED CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id pa ...) NOT-FOR-US: zorovavi/blog CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...) {DSA-4006-2 DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-2 (bug #879055) NOTE: https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) NOTE: https://nandynarwhals.org/CVE-2017-15587/ CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...) - ilias (bug #195688) CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...) NOT-FOR-US: Cloudera Data Science Workbench CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...) - mongodb (wire protocol compression introduced in 3.4.x and disabled by default) NOTE: https://jira.mongodb.org/browse/SERVER-31273 CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...) NOT-FOR-US: Noron App Lock CVE-2017-15533 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, ...) NOT-FOR-US: Symantec CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a pa ...) NOT-FOR-US: Symantec CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does ...) NOT-FOR-US: Symantec CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) NOT-FOR-US: Norton CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) NOT-FOR-US: Norton CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be susce ...) NOT-FOR-US: Install Norton Security CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be suscepti ...) NOT-FOR-US: Symantec CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...) NOT-FOR-US: Symantec CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...) NOT-FOR-US: Symantec CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) comp ...) NOT-FOR-US: Kemp Load Balancer CVE-2017-15523 REJECTED CVE-2017-15522 REJECTED CVE-2017-15521 REJECTED CVE-2017-15520 REJECTED CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote ...) NOT-FOR-US: SnapCenter CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...) NOT-FOR-US: NetApp CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to o ...) NOT-FOR-US: AltaVault OST Plug-in CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...) NOT-FOR-US: NetApp CVE-2017-15515 (NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scr ...) NOT-FOR-US: NetApp SnapCenter Server CVE-2017-15514 REJECTED CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) {DSA-4191-1} - redmine 3.4.4-1 (bug #882544) [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3 NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) {DSA-4191-1} - redmine 3.4.4-1 (bug #882545) [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) {DSA-4191-1} - redmine 3.4.4-1 (bug #882547) [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) {DSA-4191-1} - redmine 3.4.4-1 (bug #882548) [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/27186 (private) NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because mar ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/25503 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can o ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/24416 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a che ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/24307 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/24199 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rend ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/23803 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering o ...) {DSA-4191-1} - redmine 3.4.2-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: https://www.redmine.org/issues/23793 (private) NOTE: upstream fixed in 3.2.6 and 3.3.3 CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affectin ...) - redmine 3.2.3-1 [jessie] - redmine (Not supported in Jessie-LTS) [wheezy] - redmine (Not supported in wheezy LTS) NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories NOTE: upstream fixed in 3.2.3 CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...) - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/814fb7bb7db5433757d76f4c4502c96fc53b0b5e (v4.14-rc3) CVE-2017-15513 REJECTED CVE-2017-15512 REJECTED CVE-2017-15511 REJECTED CVE-2017-15510 REJECTED CVE-2017-15509 REJECTED CVE-2017-15508 REJECTED CVE-2017-15507 REJECTED CVE-2017-15506 REJECTED CVE-2017-15505 REJECTED CVE-2017-15504 REJECTED CVE-2017-15503 REJECTED CVE-2017-15502 REJECTED CVE-2017-15501 REJECTED CVE-2017-15500 REJECTED CVE-2017-15499 REJECTED CVE-2017-15498 REJECTED CVE-2017-15497 REJECTED CVE-2017-15496 REJECTED CVE-2017-15495 REJECTED CVE-2017-15494 REJECTED CVE-2017-15493 REJECTED CVE-2017-15492 REJECTED CVE-2017-15491 REJECTED CVE-2017-15490 REJECTED CVE-2017-15489 REJECTED CVE-2017-15488 REJECTED CVE-2017-15487 REJECTED CVE-2017-15486 REJECTED CVE-2017-15485 REJECTED CVE-2017-15484 REJECTED CVE-2017-15483 REJECTED CVE-2017-15482 REJECTED CVE-2017-15481 REJECTED CVE-2017-15480 REJECTED CVE-2017-15479 REJECTED CVE-2017-15478 REJECTED CVE-2017-15477 REJECTED CVE-2017-15476 REJECTED CVE-2017-15475 REJECTED CVE-2017-15474 REJECTED CVE-2017-15473 REJECTED CVE-2017-15472 REJECTED CVE-2017-15471 REJECTED CVE-2017-15470 REJECTED CVE-2017-15469 REJECTED CVE-2017-15468 REJECTED CVE-2017-15467 REJECTED CVE-2017-15466 REJECTED CVE-2017-15465 REJECTED CVE-2017-15464 REJECTED CVE-2017-15463 REJECTED CVE-2017-15462 REJECTED CVE-2017-15461 REJECTED CVE-2017-15460 REJECTED CVE-2017-15459 REJECTED CVE-2017-15458 REJECTED CVE-2017-15457 REJECTED CVE-2017-15456 REJECTED CVE-2017-15455 REJECTED CVE-2017-15454 REJECTED CVE-2017-15453 REJECTED CVE-2017-15452 REJECTED CVE-2017-15451 REJECTED CVE-2017-15450 REJECTED CVE-2017-15449 REJECTED CVE-2017-15448 REJECTED CVE-2017-15447 REJECTED CVE-2017-15446 REJECTED CVE-2017-15445 REJECTED CVE-2017-15444 REJECTED CVE-2017-15443 REJECTED CVE-2017-15442 REJECTED CVE-2017-15441 REJECTED CVE-2017-15440 REJECTED CVE-2017-15439 REJECTED CVE-2017-15438 REJECTED CVE-2017-15437 REJECTED CVE-2017-15436 REJECTED CVE-2017-15435 REJECTED CVE-2017-15434 REJECTED CVE-2017-15433 REJECTED CVE-2017-15432 REJECTED CVE-2017-15431 RESERVED CVE-2017-15430 (Insufficient data validation in Chromecast plugin in Google Chrome pri ...) - chromium-browser (Plugin specific to Chrome) CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Google C ...) {DSA-4103-1} - chromium-browser 64.0.3282.119-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could lea ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15426 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15425 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15424 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15423 (Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prio ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15422 (Integer overflow in international date handling in International Compo ...) {DSA-4150-1} - icu 57.1-9 (bug #892766) [wheezy] - icu (Vulnerable code not present) NOTE: https://code.google.com/p/chromium/issues/detail?id=774382 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1523136 NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654 CVE-2017-15421 RESERVED CVE-2017-15420 (Incorrect handling of back navigations in error pages in Navigation in ...) {DSA-4103-1 DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15419 (Insufficient policy enforcement in Resource Timing API in Google Chrom ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15418 (Use of uninitialized memory in Skia in Google Chrome prior to 63.0.323 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15417 (Inappropriate implementation in Skia canvas composite operations in Go ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15416 (Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.8 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15415 (Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15414 RESERVED CVE-2017-15413 (Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.323 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15412 (Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...) {DSA-4086-1 DLA-1211-1} - libxml2 2.9.4+dfsg1-5.2 (bug #883790) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/0f3b843b3534784ef57a4f9b874238aa1fda5a73 CVE-2017-15411 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15410 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15409 (Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 al ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15408 (Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrome prio ...) {DSA-4064-1} - chromium-browser 63.0.3239.84-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 a ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful re ...) NOT-FOR-US: Chrome OS CVE-2017-15404 (An ability to process crash dumps under root privileges and inappropri ...) NOT-FOR-US: Chrome OS CVE-2017-15403 (Insufficient data validation in crosh could lead to a command injectio ...) NOT-FOR-US: Chrome OS CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which all ...) NOT-FOR-US: Chrome OS CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds rea ...) NOT-FOR-US: Chrome OS CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr ...) {DSA-4243-1} - cups 2.2.3-2 [jessie] - cups (Vulnerable code not present, ppdCreateFromIPP() introduced in v2.2.0) [wheezy] - cups (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215 NOTE: Patches from upstream to restrict what filters will be accpeted NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2) NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2) CVE-2017-15399 (A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed ...) {DSA-4024-1} - chromium-browser 62.0.3202.89-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-15398 (A stack buffer overflow in the QUIC networking stack in Google Chrome ...) {DSA-4024-1} - chromium-browser 62.0.3202.89-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...) NOT-FOR-US: ChromeVox in Google Chrome OS CVE-2017-15396 (A stack buffer overflow in NumberingSystem in International Components ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 allow ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to 62.0.3202 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to 62.0.3202. ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...) - radare2 2.1.0+dfsg-1 (bug #879119) [jessie] - radare2 (Vulnerable code introduced in 0.10.2) [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) NOTE: https://github.com/radare/radare2/issues/8685 NOTE: https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4 CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action.) NOT-FOR-US: Rate Me CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploita ...) NOT-FOR-US: Nero CVE-2017-15382 RESERVED CVE-2017-15381 (SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/res ...) NOT-FOR-US: E-Sic CVE-2017-15380 (XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester ...) NOT-FOR-US: E-Sic CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka login) UR ...) NOT-FOR-US: E-Sic CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka th ...) NOT-FOR-US: E-Sic CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant c ...) {DLA-1603-1} - suricata 1:4.0.0-1 (low) [stretch] - suricata (Minor issue) [wheezy] - suricata (Vulnerable code introduced later) NOTE: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57 NOTE: https://redmine.openinfosecfoundation.org/issues/2231 NOTE: introduced in https://github.com/OISF/suricata/commit/35f1f7e8d944a3 CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require authenti ...) NOT-FOR-US: Mobatek MobaXterm CVE-2017-15375 (Multiple client-side cross site scripting vulnerabilities have been di ...) NOT-FOR-US: WpJobBoard CVE-2017-15374 (Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the cu ...) NOT-FOR-US: Shopware CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restri ...) NOT-FOR-US: E-Sic CVE-2017-15372 (There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expan ...) {DLA-1695-1 DLA-1197-1} - sox 14.4.2-2 (bug #878808) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 NOTE: https://github.com/mansr/sox/commit/001c337552912d286ba68086ac378f6fdc1e8b50 CVE-2017-15371 (There is a reachable assertion abort in the function sox_append_commen ...) {DLA-1705-1 DLA-1197-1} - sox 14.4.2-2 (bug #878809) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 NOTE: https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of im ...) {DLA-1695-1 DLA-1197-1} - sox 14.4.2-2 (bug #878810) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554 NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...) - mupdf (Vulnerable code introduced later) NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592 CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...) - radare2 2.1.0+dfsg-1 (bug #878767) [jessie] - radare2 (Vulnerable code introduced in 2.0.0) [wheezy] - radare2 (Vulnerable code introduced in 2.0.0) NOTE: https://github.com/radare/radare2/issues/8673 NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515 CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vuln ...) NOT-FOR-US: Bacula-Web CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) NOT-FOR-US: Thornberry NDoc CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...) {DSA-4341-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 1:10.1.34-1 (bug #885345) - mariadb-10.0 [jessie] - mariadb-10.0 (vulnerable code not present) - percona-xtrabackup [jessie] - percona-xtrabackup (vulnerable code not present) - mysql-5.7 - mysql-5.5 (Vulnerable code not present) NOTE: MariaDB: Fixed in 10.2.10, 10.1.30 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234 NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified NOTE: Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1) NOTE: starting to be present in mariadb-10.1.1. CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attacke ...) NOT-FOR-US: ccsv CVE-2017-15363 (Directory traversal vulnerability in public/examples/resources/getsour ...) NOT-FOR-US: Luracast Restler CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...) NOT-FOR-US: osTicket CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...) NOT-FOR-US: Infineon RSA library CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...) NOT-FOR-US: PRTG Network Monitor CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically ...) NOT-FOR-US: 3CX Phone System CVE-2017-15358 (Race condition in the Charles Proxy Settings suid binary in Charles Pr ...) NOT-FOR-US: Charles Proxy CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 fo ...) NOT-FOR-US: Arq CVE-2017-15356 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) NOT-FOR-US: Huawei CVE-2017-15355 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) NOT-FOR-US: Huawei CVE-2017-15354 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) NOT-FOR-US: Huawei CVE-2017-15353 (Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V ...) NOT-FOR-US: Huawei CVE-2017-15352 (Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, ...) NOT-FOR-US: Huawei CVE-2017-15351 (The 'Find Phone' function in Huawei Honor V9 play smart phones with ve ...) NOT-FOR-US: Huawei CVE-2017-15350 (The Common Open Policy Service Protocol (COPS) module in Huawei DP300 ...) NOT-FOR-US: Huawei CVE-2017-15349 (Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R0 ...) NOT-FOR-US: Huawei CVE-2017-15348 (Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R0 ...) NOT-FOR-US: Huawei CVE-2017-15347 (Huawei Mate 9 Pro mobile phones with software of versions earlier than ...) NOT-FOR-US: Huawei CVE-2017-15346 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...) NOT-FOR-US: Huawei CVE-2017-15345 (Huawei Smartphones with software LON-L29DC721B186 have a denial of ser ...) NOT-FOR-US: Huawei CVE-2017-15344 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...) NOT-FOR-US: Huawei CVE-2017-15343 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...) NOT-FOR-US: Huawei CVE-2017-15342 (Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace ...) NOT-FOR-US: Huawei CVE-2017-15341 (Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R00 ...) NOT-FOR-US: Huawei CVE-2017-15340 (Huawei smartphones with software of TAG-AL00C92B168 have an informatio ...) NOT-FOR-US: Huawei CVE-2017-15339 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) NOT-FOR-US: Huawei CVE-2017-15338 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) NOT-FOR-US: Huawei CVE-2017-15337 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) NOT-FOR-US: Huawei CVE-2017-15336 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) NOT-FOR-US: Huawei CVE-2017-15335 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) NOT-FOR-US: Huawei CVE-2017-15334 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) NOT-FOR-US: Huawei CVE-2017-15333 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...) NOT-FOR-US: Huawei CVE-2017-15332 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...) NOT-FOR-US: Huawei CVE-2017-15331 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...) NOT-FOR-US: Huawei CVE-2017-15330 (The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC ...) NOT-FOR-US: Huawei CVE-2017-15329 (Huawei UMA V200R001C00 has a SQL injection vulnerability in the operat ...) NOT-FOR-US: Huawei CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an authentic ...) NOT-FOR-US: Huawei CVE-2017-15327 (S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01 ...) NOT-FOR-US: Huawei CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algori ...) NOT-FOR-US: Huawei CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...) NOT-FOR-US: Bdat driver of Prague smart phones CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnera ...) NOT-FOR-US: Huawei CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C3 ...) NOT-FOR-US: Huawei CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 a ...) NOT-FOR-US: Huawei CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an informat ...) NOT-FOR-US: Huawei CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) NOT-FOR-US: Huawei CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) NOT-FOR-US: Huawei CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) NOT-FOR-US: Huawei CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V20 ...) NOT-FOR-US: Huawei CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before MHA- ...) NOT-FOR-US: Huawei CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, N ...) NOT-FOR-US: Huawei CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V ...) NOT-FOR-US: Huawei CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An rem ...) NOT-FOR-US: Huawei CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) v ...) NOT-FOR-US: Huawei CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawe ...) NOT-FOR-US: Huawei CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vul ...) NOT-FOR-US: Huawei CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) NOT-FOR-US: Huawei CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation vulnerabil ...) NOT-FOR-US: Huawei CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than FRD-L04C ...) NOT-FOR-US: Huawei CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc. ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 (4.14-rc7) CVE-2017-15305 (XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.) NOT-FOR-US: NexusPHP CVE-2017-15304 (/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmwa ...) NOT-FOR-US: Airtame HDMI dongle CVE-2017-15303 (In CPUID CPU-Z before 1.43, there is an arbitrary memory write that re ...) NOT-FOR-US: CPUID CPU-Z CVE-2017-15302 (In CPUID CPU-Z through 1.81, there are improper access rights to a ker ...) NOT-FOR-US: CPUID CPU-Z CVE-2017-15301 RESERVED CVE-2017-15300 (The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b ...) NOT-FOR-US: EWBF Cuda Zcash Miner CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use o ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6) CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows rem ...) - git 1:2.16.1-1 (unimportant) NOTE: https://kate.io/blog/git-bomb/ NOTE: https://github.com/Katee/git-bomb NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e766479c8e780b17cce9c4b252fd97e40 NOTE: No practical security implications CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP SAPContro ...) NOT-FOR-US: SAP CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note 2478 ...) NOT-FOR-US: SAP CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for read/writ ...) NOT-FOR-US: SAP CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP Securi ...) NOT-FOR-US: SAP CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...) NOT-FOR-US: SAP CVE-2017-15292 RESERVED CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering ...) NOT-FOR-US: TP-Link TL-MR3220 wireless routers CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5 ...) NOT-FOR-US: Mirasys Video Management System CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...) {DSA-4050-1 DLA-1559-1} - xen 4.8.2+xsa245-0+deb9u1 [wheezy] - xen (minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-244.html CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) {DSA-4050-1 DLA-1559-1 DLA-1181-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-243.html CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) {DSA-4050-1 DLA-1559-1 DLA-1181-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-242.html CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) {DSA-4050-1 DLA-1549-1 DLA-1181-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-241.html CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) {DSA-4050-1 DLA-1559-1 DLA-1181-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-240.html CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) {DSA-4050-1 DLA-1549-1 DLA-1181-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-239.html CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) {DSA-4050-1} - xen 4.8.2+xsa245-0+deb9u1 [jessie] - xen (Only affects 4.5 and later) [wheezy] - xen (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-238.html CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS use ...) {DSA-4050-1 DLA-1549-1} - xen 4.8.2+xsa245-0+deb9u1 [wheezy] - xen (Patches too intrusive to backport) NOTE: https://xenbits.xen.org/xsa/advisory-237.html CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...) {DSA-4213-1 DLA-1497-1} - qemu 1:2.11+dfsg-1 (bug #880832) [wheezy] - qemu (Can be fixed along in a future update) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in a future update) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51 CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...) - scala 2.11.12-1 (unimportant) NOTE: http://scala-lang.org/news/security-update-nov17.html NOTE: For 2.11.x: https://github.com/scala/scala/pull/6108 NOTE: For 2.12.x: https://github.com/scala/scala/pull/6120 NOTE: For 2.10.x: https://github.com/scala/scala/pull/6128 NOTE: Neutralised by kernel hardening CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dream ...) NOT-FOR-US: BouquetEditor WebPlugin CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in she ...) - sqlite3 3.20.1-2 (low; bug #878680) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) [wheezy] - sqlite3 (Vulnerable code not present) - sqlite (Vulnerable code not present) NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md NOTE: https://www.sqlite.org/src/info/5d0ceb8dcdef92cd CVE-2017-15285 (X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Co ...) NOT-FOR-US: X-Cart CVE-2017-15284 (Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), all ...) NOT-FOR-US: OctoberCMS CVE-2017-15283 RESERVED CVE-2017-15282 RESERVED CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...) {DLA-2366-1 DLA-1785-1 DLA-1139-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579) NOTE: https://github.com/ImageMagick/ImageMagick/issues/832 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb CVE-2017-15280 (XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 al ...) NOT-FOR-US: Umbraco CMS CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 a ...) NOT-FOR-US: Umbraco CMS CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...) - teampass (bug #730180) CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...) {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #878578) - graphicsmagick 1.3.26-14 NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8 NOTE: https://github.com/ImageMagick/ImageMagick/issues/592 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/923c4a525c99 NOTE: https://github.com/neex/gifoeb CVE-2017-15276 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-15275 (Samba before 4.7.3 might allow remote attackers to obtain sensitive in ...) {DSA-4043-1 DLA-1183-1} - samba 2:4.7.1+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not cons ...) - linux 4.11.6-1 [stretch] - linux 4.9.47-1 [jessie] - linux 3.16.48-1 [wheezy] - linux 3.2.93-1 NOTE: Fixed by: https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5) CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSF ...) NOT-FOR-US: PSFTPd CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP compone ...) NOT-FOR-US: PSFTPd CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data befor ...) NOT-FOR-US: PSFTPd CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans b ...) NOT-FOR-US: PSFTPd CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) {DSA-4213-1} - qemu 1:2.11+dfsg-1 (bug #880836) [jessie] - qemu (I/O channels driver websockets introduced later) [wheezy] - qemu (I/O channels driver websockets introduced later) - qemu-kvm (I/O channels driver websockets introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1496879 NOTE: https://bugs.launchpad.net/bugs/1718964 NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_m ...) {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html NOTE: http://openwall.com/lists/oss-security/2017/10/11/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600 NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_ex ...) {DLA-1198-1} - libextractor 1:1.6-1 (bug #878314) [stretch] - libextractor 1:1.3-4+deb9u1 [jessie] - libextractor 1:1.3-2+deb8u1 NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html NOTE: http://openwall.com/lists/oss-security/2017/10/11/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599 NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2 CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...) {DLA-1200-1} - linux 4.13.4-2 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520 NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of s ...) NOT-FOR-US: IrfanView CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) NOT-FOR-US: IrfanView CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-aft ...) {DSA-4321-1} - graphicsmagick 1.3.26-14 [jessie] - graphicsmagick (Vulnerable code not present) [wheezy] - graphicsmagick (Vulnerable code do not exist) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=df946910910d NOTE: https://sourceforge.net/p/graphicsmagick/bugs/469/ CVE-2017-15237 RESERVED CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain propr ...) NOT-FOR-US: Tiandy IP cameras CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allo ...) {DLA-2352-1} - php-horde-gollem 3.0.12-1 [jessie] - php-horde-gollem (Minor issue) NOTE: https://blogs.securiteam.com/index.php/archives/3454 NOTE: https://lists.horde.org/archives/announce/2017/001260.html NOTE: https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51 CVE-2017-15234 RESERVED CVE-2017-15233 RESERVED CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...) - libjpeg-turbo 1:2.0.5-1 (unimportant; bug #878567) - libjpeg6b (Vulnerable code not present) - libjpeg8 (Vulnerable code not present) - libjpeg9 (Vulnerable code not present) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 NOTE: https://github.com/mozilla/mozjpeg/issues/268 NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69 NOTE: Crash in CLI tools, no security impact CVE-2017-15231 RESERVED CVE-2017-15230 RESERVED CVE-2017-15229 RESERVED CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated colour fo ...) {DSA-4016-1 DLA-1217-1} - irssi 1.0.5-1 (bug #879521) NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel synchronisation, may ...) {DSA-4016-1 DLA-1217-1} - irssi 1.0.5-1 (bug #879521) NOTE: https://irssi.org/security/irssi_sa_2017_10.txt NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the o ...) NOT-FOR-US: Zyxel CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descript ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22212 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 CVE-2017-15224 RESERVED CVE-2017-15223 (Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 a ...) NOT-FOR-US: ArGoSoft Mini Mail Server CVE-2017-15222 (Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows r ...) NOT-FOR-US: Ayukov NFTPD CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a cr ...) NOT-FOR-US: ASX to MP3 converter CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overfl ...) NOT-FOR-US: Flexense VX Search Enterprise CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Script ...) NOT-FOR-US: dotCMS CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/760 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844 CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.) [experimental] - imagemagick 8:6.9.9.34+dfsg-1 - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/759 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47 NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076 CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 a ...) - piwigo CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...) - piwigo CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete acti ...) NOT-FOR-US: MISP CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticate ...) - shaarli (Fixed before initial re-upload to the archive) CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...) NOT-FOR-US: Flyspray CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...) NOT-FOR-US: Flyspray CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector cou ...) - wireshark 2.4.2-1 (low) [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056 NOTE: https://code.wireshark.org/review/23537 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b NOTE: https://www.wireshark.org/security/wnpa-sec-2017-43.html CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector c ...) - wireshark 2.4.2-1 (low) [jessie] - wireshark (Vulnerable code introduced in version 1.99) [wheezy] - wireshark (Vulnerable code introduced in version 1.99) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049 NOTE: https://code.wireshark.org/review/23470 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the ...) {DLA-1634-1} - wireshark 2.4.2-1 (low) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068 NOTE: https://code.wireshark.org/review/23591 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e NOTE: https://www.wireshark.org/security/wnpa-sec-2017-44.html CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was ...) - wireshark 2.4.2-1 (low) [stretch] - wireshark (Only affects 2.4) [jessie] - wireshark (Only affects 2.4) [wheezy] - wireshark (Only affects 2.4) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077 NOTE: https://code.wireshark.org/review/23635 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an inf ...) - wireshark 2.4.2-1 (low) [jessie] - wireshark (vulnerable code not present) [wheezy] - wireshark (vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080 NOTE: https://code.wireshark.org/review/23663 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-46.html NOTE: vulnerable introduced in https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e1828e35188e1 CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web inter ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-15187 RESERVED CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...) - cacti 1.1.25+ds1-1 (bug #878304) [stretch] - cacti (Vulnerable code introduced in 1.0.0) [jessie] - cacti (Vulnerable code introduced in 1.0.0) [wheezy] - cacti (Vulnerable code introduced in 1.0.0) NOTE: https://github.com/Cacti/cacti/issues/1010 NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote at ...) {DSA-4049-1} - ffmpeg 7:3.4-1 - libav [jessie] - libav (vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/20/4 NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_cle ...) - mp3splt 2.6.2+20170630-2 [jessie] - mp3splt (Vulnerable code not present) [wheezy] - mp3splt (Vulnerable code does not exist) - libmp3splt [stretch] - libmp3splt (Minor issue) [jessie] - libmp3splt (Minor issue) [wheezy] - libmp3splt (Minor issue) NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932 CVE-2017-15184 REJECTED CVE-2017-15183 REJECTED CVE-2017-15182 REJECTED CVE-2017-15181 REJECTED CVE-2017-15180 REJECTED CVE-2017-15179 REJECTED CVE-2017-15178 REJECTED CVE-2017-15177 REJECTED CVE-2017-15176 REJECTED CVE-2017-15175 REJECTED CVE-2017-15174 REJECTED CVE-2017-15173 REJECTED CVE-2017-15172 REJECTED CVE-2017-15171 REJECTED CVE-2017-15170 REJECTED CVE-2017-15169 REJECTED CVE-2017-15168 REJECTED CVE-2017-15167 REJECTED CVE-2017-15166 REJECTED CVE-2017-15165 REJECTED CVE-2017-15164 REJECTED CVE-2017-15163 REJECTED CVE-2017-15162 REJECTED CVE-2017-15161 REJECTED CVE-2017-15160 REJECTED CVE-2017-15159 REJECTED CVE-2017-15158 REJECTED CVE-2017-15157 REJECTED CVE-2017-15156 REJECTED CVE-2017-15155 REJECTED CVE-2017-15154 REJECTED CVE-2017-15153 REJECTED CVE-2017-15152 REJECTED CVE-2017-15151 REJECTED CVE-2017-15150 REJECTED CVE-2017-15149 REJECTED CVE-2017-15148 REJECTED CVE-2017-15147 REJECTED CVE-2017-15146 REJECTED CVE-2017-15145 REJECTED CVE-2017-15144 REJECTED CVE-2017-15143 REJECTED CVE-2017-15142 REJECTED CVE-2017-15141 REJECTED CVE-2017-15140 REJECTED CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...) [experimental] - cinder 2:13.0.0-1 - cinder 2:13.0.0-2 [stretch] - cinder (Minor issue) [jessie] - cinder (ScaleIO Driver support does not exist) NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084 NOTE: https://bugs.launchpad.net/ossn/+bug/1699573 CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook tokens which ...) NOT-FOR-US: atomic-openshift CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions co ...) NOT-FOR-US: atomic-openshift CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...) NOT-FOR-US: Red Hat Satellite 6 CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0. ...) - 389-ds-base 1.3.7.9-1 (bug #888451) [stretch] - 389-ds-base (Affected code was never backported) [jessie] - 389-ds-base (vulnerable code (patch for CVE-2016-5405) not applied) CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...) {DLA-1428-1} - 389-ds-base 1.3.7.9-1 (bug #888452) [stretch] - 389-ds-base (Minor issue) NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9 CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...) - golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777) [stretch] - golang-github-miekg-dns (Minor issue) NOTE: https://github.com/miekg/dns/issues/627 NOTE: https://github.com/miekg/dns/pull/631 CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SA ...) {DSA-4130-1 DLA-1333-1} - dovecot 1:2.2.34-1 (bug #888432) NOTE: Fixed by: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch NOTE: Regression fix needed on top: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 CVE-2017-15131 (It was found that system umask policy is not being honored when creati ...) - xdg-user-dirs (unimportant) NOTE: The CVE relates that created directories by xdg-user-dirs might not NOTE: respect a system policy for user created files by setting a umask NOTE: system-wide in e.g. /etc/profile due to xdg-user-dirs beeing invoked NOTE: from Xsession scripts. This can be mitigated by e.g. using pam_umask NOTE: on session start and having it when xdg-user-dirs is executed. NOTE: In Debian xdg-user-dirs starting from 0.15-3 replaces the use of NOTE: /etc/X11/Xsession.d/*xdg-user-dirs-update with an autostart .desktop NOTE: file for user-dirs-update primarly to work as well with Wayland NOTE: sessions. NOTE: Enforcements can be achieved e.g. by using pam_umask. NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303 CVE-2017-15130 (A denial of service flaw was found in dovecot before 2.2.34. An attack ...) {DSA-4130-1 DLA-1333-1} - dovecot 1:2.2.34-1 (bug #891820) NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html NOTE: https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391 NOTE: https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21 NOTE: https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1 NOTE: https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f NOTE: https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb NOTE: https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code af ...) - linux 4.14.12-1 [stretch] - linux 4.9.80-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0 CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...) - linux 4.13.13-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...) - linux 3.13.4-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995 CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kerne ...) - linux 4.13.10-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/384632e67e0829deb8015ee6ad916b180049d252 CVE-2017-15125 (A flaw was found in CloudForms before 5.9.0.22 in the self-service UI ...) NOT-FOR-US: Red Hat CloudForms CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older wa ...) {DSA-4213-1} - qemu 1:2.12~rc3+dfsg-1 (bug #884806) [jessie] - qemu (invasive patch, also builds on 2.5 socket refactoring, tentative backport crashes, no other distro fix for 2.1) [wheezy] - qemu (Can be fixed along in later update) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in later update) NOTE: https://www.openwall.com/lists/oss-security/2017/12/19/4 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00796.html CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, ...) NOT-FOR-US: CloudForms CVE-2017-15122 REJECTED CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on RHEL 6 or ...) - linux 3.11.5-1 [wheezy] - linux (Too much work to backport) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1520893 NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1) CVE-2017-15120 (An issue has been found in the parsing of authoritative answers in Pow ...) {DSA-4063-1} - pdns-recursor 4.1.0-1 [jessie] - pdns-recursor (Vulnerable code introduced in 4.0.0) [wheezy] - pdns-recursor (Vulnerable code introduced in 4.0.0) NOTE: Patch: https://downloads.powerdns.com/patches/2017-08 NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html CVE-2017-15119 (The Network Block Device (NBD) server in Quick Emulator (QEMU) before ...) {DSA-4213-1} - qemu 1:2.11+dfsg-1 (bug #883399) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html CVE-2017-15118 (A stack-based buffer overflow vulnerability was found in NBD server im ...) - qemu 1:2.11+dfsg-1 (bug #883406) [stretch] - qemu (Vulnerable code introduced in 2.10) [jessie] - qemu (Vulnerable code introduced in 2.10) [wheezy] - qemu (Vulnerable code introduced in 2.10) - qemu-kvm (Vulnerable code introduced in 2.10) NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=f37708f6b8 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html CVE-2017-15117 REJECTED CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before 4 ...) - linux 4.2.1-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) {DLA-1200-1} - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) t ...) - tripleo-heat-templates (Vulnerability introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015 NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370 NOTE: TLS libvirt live migration disabled in: https://review.openstack.org/#/c/519015/ NOTE: TLS libvirt live migration introduced in: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa740c5e49994ffdd3a5aa1f43a0305c8e5a0b3a NOTE: Re-enabled libvirt TLS with SASL auth: NOTE: https://bugs.launchpad.net/tripleo/+bug/1732479 CVE-2017-15113 (ovirt-engine before version 4.1.7.6 with log level set to DEBUG includ ...) NOT-FOR-US: ovirt-engine CVE-2017-15112 (keycloak-httpd-client-install versions before 0.8 allow users to insec ...) NOT-FOR-US: Keycloak CVE-2017-15111 (keycloak-httpd-client-install versions before 0.8 insecurely creates t ...) NOT-FOR-US: Keycloak CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...) - moodle CVE-2017-15109 REJECTED CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...) {DLA-2524-1} - spice-vdagent 0.18.0-1 (bug #883238) [jessie] - spice-vdagent (Minor issue) [wheezy] - spice-vdagent (Vulnerable code not present) NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864 CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq u ...) - dnsmasq 2.79-1 (bug #888200) [stretch] - dnsmasq (Minor issue) [jessie] - dnsmasq (Minor issue) [wheezy] - dnsmasq (Minor issue) NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15106 REJECTED CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated wildcard-sy ...) {DLA-1676-1 DLA-1264-1} - unbound 1.7.1-1 (bug #887733) [stretch] - unbound 1.6.0-3+deb9u2 NOTE: https://unbound.net/downloads/CVE-2017-15105.txt NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json configurat ...) - heketi (bug #903384) CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API han ...) - heketi (bug #903384) CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the Lin ...) - linux 4.7.8-1 [jessie] - linux 3.16.43-1 [wheezy] - linux 3.2.86-1 NOTE: Fixed by: https://git.kernel.org/linus/2fae9e5a7babada041e2e161699ade2447a01989 (4.9-rc1) CVE-2017-15101 (A missing patch for a stack-based buffer overflow in findTable() was f ...) - liblouis (Incomplete fix not applied in Debian) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023 CVE-2017-15100 (An attacker submitting facts to the Foreman server containing HTML can ...) - foreman (bug #663101) CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10 ...) {DSA-4028-1} - postgresql-10 10.1-1 - postgresql-9.6 - postgresql-9.4 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) - postgresql-9.1 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function c ...) {DSA-4028-1 DSA-4027-1} - postgresql-10 10.1-1 - postgresql-9.6 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) [wheezy] - postgresql-9.1 (Vulnerable code does not exist) CVE-2017-15097 (Privilege escalation flaws were found in the Red Hat initialization sc ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1508985 NOTE: Similar issues as CVE-2016-1255 in Debian NOT-FOR-US: Red Hat specific provides scripts for starting the database server during system boot and for initializing the database CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null pointe ...) - glusterfs 3.12.2-2 (bug #880017) [stretch] - glusterfs (Vulnerable code introduced later) [jessie] - glusterfs (Vulnerable code introduced later) [wheezy] - glusterfs (Vulnerable code introduced later) NOTE: https://review.gluster.org/18538 (master) NOTE: https://review.gluster.org/18539 (release-3.10) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928 NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...) {DSA-4037-1 DLA-2342-1 DLA-2091-1} - jackson-databind 2.9.1-1 - libjackson-json-java 1.9.13-2 [buster] - libjackson-json-java 1.9.13-2~deb10u1 NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1) NOTE: misses the further sets of blacklists, in particular as well NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835 NOTE: which was already for CVE-2017-7525 but then the further tickets and patches NOTE: to block more dangerous types (at leas they are): NOTE: https://github.com/FasterXML/jackson-databind/issues/1680 NOTE: https://github.com/FasterXML/jackson-databind/issues/1723 NOTE: https://github.com/FasterXML/jackson-databind/issues/1737 NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1 NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba NOTE: This CVE-2017-15095 should be considered to include everything in NOTE: NO_DESER_CLASS_NAMES as of: NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 NOTE: Details: https://www.openwall.com/lists/oss-security/2017/11/02/3 NOTE: For libjackson-json-java: NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31 CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS Recurso ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html NOTE: https://downloads.powerdns.com/patches/2017-07/ CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor 3.6.2-2+deb8u4 [wheezy] - pdns-recursor (Vulnerable code introduced later) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html NOTE: https://downloads.powerdns.com/patches/2017-06/ CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of Po ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html NOTE: https://downloads.powerdns.com/patches/2017-05/ CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...) - pdns 4.0.5-1 [stretch] - pdns 4.0.3-1+deb9u2 [jessie] - pdns 3.4.1-4+deb8u8 [wheezy] - pdns (Vulnerable code not present) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html NOTE: https://downloads.powerdns.com/patches/2017-04/ CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...) - pdns-recursor 4.0.7-1 [stretch] - pdns-recursor 4.0.4-1+deb9u2 [jessie] - pdns-recursor (Issue introduced in 4.0.0) [wheezy] - pdns-recursor (Issue introduced in 4.0.0) NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html NOTE: https://downloads.powerdns.com/patches/2017-03/ CVE-2017-15089 (It was found that the Hotrod client in Infinispan before 9.2.0.CR1 wou ...) NOT-FOR-US: infinispan CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...) - krb5 1.15.2-2 (unimportant; bug #871698) NOTE: https://github.com/krb5/krb5/pull/707 NOTE: Fixed by: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4 NOTE: Red Hat eanbled the code in question in the KDC and thus having it NOTE: exposed as network-facing issue. For Debian and upstream the code only NOTE: runs on client systems, and only with a certificate that is explicitly NOTE: configured locally, leading to a local kinit crash if passed a crafted NOTE: local certificate. This is hardly has any harmful security implication. CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly shi ...) - samba (Incomplete Red Hat backport for CVE-2017-12163) CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly shi ...) - samba (Incomplete Red Hat backport for CVE-2017-12151) CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly shi ...) - samba (Incomplete Red Hat backport for CVE-2017-12150) CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout C ...) NOT-FOR-US: Metasploit Framework CVE-2017-15083 REJECTED CVE-2017-15082 RESERVED CVE-2017-15081 (In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlis ...) NOT-FOR-US: PHPSUGAR PHP Melody CMS CVE-2017-15080 RESERVED CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for W ...) NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress CVE-2017-15078 REJECTED CVE-2017-15077 REJECTED CVE-2017-15076 REJECTED CVE-2017-15075 REJECTED CVE-2017-15074 REJECTED CVE-2017-15073 REJECTED CVE-2017-15072 REJECTED CVE-2017-15071 REJECTED CVE-2017-15070 REJECTED CVE-2017-15069 REJECTED CVE-2017-15068 REJECTED CVE-2017-15067 REJECTED CVE-2017-15066 REJECTED CVE-2017-15065 REJECTED CVE-2017-15064 REJECTED CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...) - koji 1.16.0-1 (bug #877921) [stretch] - koji 1.10.0-1+deb9u1 NOTE: https://pagure.io/koji/issue/563 NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, i ...) {DSA-4007-1 DLA-1143-1} - curl 7.56.1-1 NOTE: https://curl.haxx.se/docs/adv_20171023.html CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad default configu ...) {DSA-4003-1} - libvirt 3.8.0-3 (bug #878799) [jessie] - libvirt (Vulnerable code introduced later) [wheezy] - libvirt (Vulnerable code introduced later) NOTE: https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html NOTE: https://security.libvirt.org/2017/0002.html NOTE: Broken by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ce61c16450d4992612d1fc6f39a39e79bfccead5 (master) NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157 (master) CVE-2017-1000255 (On Linux running on PowerPC hardware (Power8 or later) a user process ...) - linux 4.13.4-2 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/265e60a170d0a0ecfc2d20490134ed2c48dd45ab CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and ...) NOT-FOR-US: Subrion CMS CVE-2017-15062 RESERVED CVE-2017-15061 RESERVED CVE-2017-15060 RESERVED CVE-2017-15059 RESERVED CVE-2017-15058 RESERVED CVE-2017-15057 RESERVED CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote a ...) - upx-ucl 3.94-4 (unimportant) NOTE: https://github.com/upx/upx/issues/128 NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317 NOTE: crash in CLI tool, no security impact CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...) - teampass (bug #730180) CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before 2.1 ...) - teampass (bug #730180) CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...) - teampass (bug #730180) CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...) - teampass (bug #730180) CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...) - teampass (bug #730180) CVE-2017-15050 RESERVED CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900 ...) NOT-FOR-US: Zoom CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom cli ...) NOT-FOR-US: Zoom CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows atta ...) - redis 4:4.0.2-5 (bug #878076; unimportant) [jessie] - redis (Vulnerable code introduced later) [wheezy] - redis (Vulnerable code introduced later) NOTE: https://github.com/antirez/redis/issues/4278 NOTE: Pull request: https://github.com/antirez/redis/pull/4365 CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/479/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15045 (LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/478/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through 6. ...) NOT-FOR-US: DocuWare Fulltext Search server CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS ...) NOT-FOR-US: Sierra Wireless AirLink routers CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...) - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 [stretch] - golang-1.8 (Minor issue, would require rebuilds of affected go-based packages) - golang-1.7 [stretch] - golang-1.7 (Minor issue, would require rebuilds of affected go-based packages) - golang [jessie] - golang (Minor issue, would require rebuilds of affected go packages in oldstable) [wheezy] - golang (Vulnerable code introduced later in version 1.1) NOTE: https://github.com/golang/go/issues/22134 NOTE: https://golang.org/cl/68023 NOTE: https://golang.org/cl/68210 NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...) {DLA-2592-1 DLA-2591-1 DLA-1148-1} - golang-1.9 1.9.1-1 - golang-1.8 1.8.4-1 - golang-1.7 - golang [jessie] - golang (Minor issue) NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/ NOTE: https://github.com/golang/go/issues/22125 NOTE: https://golang.org/cl/68022 (1.9.x) NOTE: https://golang.org/cl/68190 (1.8.x) NOTE: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e (regression) NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ CVE-2017-15040 RESERVED CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a da ...) NOT-FOR-US: Zurmo CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...) {DSA-4213-1 DLA-1497-1 DLA-1129-1 DLA-1128-1} - qemu 1:2.10.0+dfsg-2 (bug #877890) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ...) - kfreebsd-10 (unimportant; bug #877903) NOTE: kfreebsd not covered by security support CVE-2017-15036 RESERVED CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial ...) NOT-FOR-US: EmTec PyroBatchFTP CVE-2017-15034 RESERVED CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/pull/756 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683 CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage i ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/pull/752 NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0 CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not ...) NOT-FOR-US: ARM Trusted Firmware CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-15028 RESERVED CVE-2017-15027 RESERVED CVE-2017-15026 RESERVED CVE-2017-15025 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48 CVE-2017-15024 (find_abstract_instance_name in dwarf2.c in the Binary File Descriptor ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22187 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2 CVE-2017-15023 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22200 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf NOTE: When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e. NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939 CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22201 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8 CVE-2017-15021 (bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (B ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22197 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d CVE-2017-15020 (dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init func ...) - lame 3.100-1 [stretch] - lame (Minor issue) [jessie] - lame (Minor issue) NOTE: https://sourceforge.net/p/lame/bugs/477/ CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...) - lame 3.99.5+repack1-8 [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://sourceforge.net/p/lame/bugs/480/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554) NOTE: https://github.com/ImageMagick/ImageMagick/issues/723 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375 CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) {DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/725 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457 NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905 NOTE: emf.c not compiled under Debian CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/724 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a0cef9db632ef8e1b9de4c463700c6a24d4f96ca CVE-2017-15014 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-15013 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-15012 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-1000120 ([ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in fra ...) NOT-FOR-US: ERPNext Frappe framework CVE-2017-1000119 (October CMS build 412 is vulnerable to PHP code execution in the file ...) NOT-FOR-US: October CMS CVE-2017-1000118 (Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Caus ...) NOT-FOR-US: Akka HTTP CVE-2017-1000114 (The Datadog Plugin stores an API key to access the Datadog service in ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000113 (The Deploy to container Plugin stored passwords unencrypted as part of ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000110 (Blue Ocean allows the creation of GitHub organization folders that are ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000109 (The custom Details view of the Static Analysis Utilities based OWASP D ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000106 (Blue Ocean allows the creation of GitHub organization folders that are ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000105 (The optional Run/Artifacts permission can be enabled by setting a Java ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000104 (The Config File Provider Plugin is used to centrally manage configurat ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000103 (The custom Details view of the Static Analysis Utilities based DRY Plu ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000102 (The Details view of some Static Analysis Utilities based plugins, was ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000098 (The net/http package's Request.ParseMultipartForm method starts writin ...) {DLA-1123-1} - golang-1.9 (Fixed before initial release to Debian) - golang-1.8 (Fixed before initial release to Debian) - golang-1.7 1.7.4-1 - golang [jessie] - golang (Minor issue) NOTE: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ NOTE: https://golang.org/cl/30410 NOTE: https://golang.org/issue/17965 CVE-2017-1000097 (On Darwin, user's trust preferences for root certificates were not hon ...) - golang (OS X specific issue) - golang-1.7 (OS X specific issue) - golang-1.8 (OS X specific issue) - golang-1.9 (OS X specific issue) NOTE: https://github.com/golang/go/issues/18141 CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and S ...) - qbittorrent (Only affects Windows) CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the t ...) - node-tough-cookie 2.3.4+dfsg-1 (bug #877660) NOTE: https://github.com/salesforce/tough-cookie/issues/92 NOTE: https://nodesecurity.io/advisories/525 CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected C ...) NOT-FOR-US: PRTG Network Monitor CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...) NOT-FOR-US: PRTG Network Monitor CVE-2017-15007 RESERVED CVE-2017-15006 RESERVED CVE-2017-15005 RESERVED CVE-2017-15004 RESERVED CVE-2017-15003 RESERVED CVE-2017-15002 RESERVED CVE-2017-15001 RESERVED CVE-2017-15000 RESERVED CVE-2017-14999 RESERVED CVE-2017-14998 RESERVED CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ser ...) {DSA-4321-1 DLA-1456-1 DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/ CVE-2017-14996 RESERVED CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...) NOT-FOR-US: WSO2 Application Server CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote at ...) {DSA-4321-1 DLA-1456-1 DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/ CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x be ...) NOT-FOR-US: OXID eShop Community Edition CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) version ...) - docker.io 18.03.1+dfsg1-2 (bug #908055) - golang-github-vbatts-tar-split 0.10.2-1 (bug #908056) [stretch] - golang-github-vbatts-tar-split (Minor issue) NOTE: Issue needs to be fixed in src:golang-github-vbatts-tar-split first NOTE: https://github.com/vbatts/tar-split/issues/41 NOTE: docker.io needs then a rebuild with a fixed golang-github-vbatts-tar-split NOTE: version. NOTE: 17.12.1+dfsg-1 was the first upload (to experimental) using the fixed version NOTE: golang-github-vbatts-tar-split. CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...) - linux 4.13.4-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/3e0097499839e0fe3af380410eababe5a47c4cf9 CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: EMC CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...) {DSA-3997-1} - wordpress 4.8.2+dfsg-2 (bug #877629) [wheezy] - wordpress (Fix requires database upgrade which is too intrusive compared to the actual benefit.) NOTE: https://core.trac.wordpress.org/ticket/38474 CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMa ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #878562) NOTE: https://github.com/ImageMagick/ImageMagick/issues/781 NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093 CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...) - openexr (bug #878551; unimportant) NOTE: https://github.com/openexr/openexr/issues/248 NOTE: Issue in the use of openexr via ImageMagick, no real security impact CVE-2017-14987 RESERVED CVE-2017-14986 RESERVED CVE-2017-14985 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14984 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14983 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14982 RESERVED CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The ...) NOT-FOR-US: ATutor CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attack ...) NOT-FOR-US: Sync Breeze Enterprise CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to ...) NOT-FOR-US: Gxlcms CVE-2017-14978 RESERVED CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0 ...) {DSA-4079-1 DLA-1177-1} - poppler 0.61.1-2 (low; bug #877952) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...) {DSA-4079-1 DLA-1177-1} - poppler 0.61.1-2 (low; bug #877954) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...) {DSA-4079-1 DLA-1177-1} - poppler 0.61.1-2 (low; bug #877957) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff CVE-2017-14974 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) - binutils 2.29.1-2 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by NOTE: a fixed 2.29.1-3 for unrelated issues. NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22163 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf CVE-2017-14973 (IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is ...) NOT-FOR-US: IDenticard Two-Reader Controller Configuration Manager CVE-2017-14972 (InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when ac ...) NOT-FOR-US: InFocus Mondopad CVE-2017-14971 (Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosur ...) NOT-FOR-US: InFocus Mondopad CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multip ...) [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html NOTE: Not considered a security issue by upstream, see #877543 CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitr ...) NOT-FOR-US: IKARUS anti.virus CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC Docum ...) NOT-FOR-US: EMC Document Sciences xPression CVE-2017-14959 RESERVED CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...) NOT-FOR-US: PivotX CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText be ...) NOT-FOR-US: BlogoText CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users the funct ...) NOT-FOR-US: AlienVault CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the failed-l ...) - check-mk 1.2.8p26-1 [wheezy] - check-mk (Vulnerable code not present) NOTE: http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8 NOTE: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54 CVE-2017-14954 (The waitid implementation in kernel/exit.c in the Linux kernel through ...) - linux (Vulnerable code introduced in v4.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired configuration, allow ...) NOT-FOR-US: HikVision CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for Unico ...) - icu 57.1-7 (bug #878840) [stretch] - icu 57.1-6+deb9u1 [jessie] - icu 52.1-8+deb8u6 [wheezy] - icu (Can be fixed in next update) NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/ NOTE: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp CVE-2017-14951 RESERVED CVE-2017-14950 RESERVED CVE-2015-9234 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...) NOT-FOR-US: WordPress plugin CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...) NOT-FOR-US: WordPress plugin CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...) - restlet (bug #596472) CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...) NOT-FOR-US: D-Link CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitra ...) NOT-FOR-US: GSView (different from gv) CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...) NOT-FOR-US: GSView (different from gv) CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...) NOT-FOR-US: GSView (different from gv) CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...) NOT-FOR-US: Inedo ProGet CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure (emails ...) NOT-FOR-US: Trapeze TransitMaster CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the configura ...) NOT-FOR-US: Intelbras WRN 150 devices CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ...) - jasperreports (bug #880467; bug #884131) [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) [wheezy] - jasperreports (cannot be supported due to lack of information) NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22169 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724 NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor ( ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6 NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/ CVE-2017-14937 (The airbag detonation algorithm allows injury to passenger-car occupan ...) NOT-FOR-US: passenger-car CVE-2017-14936 RESERVED CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for main ...) NOT-FOR-US: MultiTech FaxFinder CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...) NOT-FOR-US: Pulse Secure CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) libr ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22219 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b CVE-2017-14933 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22210 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32 CVE-2017-14932 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22204 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005 CVE-2017-14931 (ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allo ...) NOT-FOR-US: OpenExif CVE-2017-14930 (Memory leak in decode_line_info in dwarf2.c in the Binary File Descrip ...) [experimental] - binutils 2.29.51.20171128-1 - binutils 2.29.90.20180122-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22191 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object::dictL ...) - poppler 0.61.1-2 (bug #877222) [stretch] - poppler 0.48.0-2+deb9u2 [jessie] - poppler (Minor impact, too intrusive to backport) [wheezy] - poppler (unreproducible, requires API change which appears to be too intrusive in this case.) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) {DLA-2440-1} - poppler 0.61.1-2 (low; bug #877231) [jessie] - poppler (Problematic code introduced in 0.36) [wheezy] - poppler (Problematic code introduced in 0.36) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=1316c7a41f4dd7276f404f775ebb5fef2d24ab1c CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutp ...) - poppler 0.61.1-2 (low; bug #877237) [stretch] - poppler (Vulnerable code introduced in 0.49) [jessie] - poppler (Vulnerable code introduced in 0.49) [wheezy] - poppler (Vulnerable code introduced in 0.49) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) {DLA-2440-1} - poppler 0.61.1-2 (low; bug #877239) [jessie] - poppler (Problematic code introduced in 0.36) [wheezy] - poppler (Problematic code introduced in 0.36) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - tikiwiki CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - tikiwiki CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...) NOT-FOR-US: Tine groupware CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...) NOT-FOR-US: Tine groupware CVE-2017-14921 (Stored XSS vulnerability via IMG element at "Filename" of Filemanager ...) NOT-FOR-US: Tine groupware CVE-2017-14920 (Stored XSS vulnerability in eGroupware Community Edition before 16.1.2 ...) NOT-FOR-US: eGroupware CVE-2017-14919 (Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ...) - nodejs (Debian didn't use an affected zlib version) NOTE: Debian doesn't use zlib 1.2.9 yet NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14915 (In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14913 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14912 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14911 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14910 (In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm closed-source components on Android CVE-2017-14906 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android MediaServer CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14893 (While flashing meta image, a buffer over-read may potentially occur wh ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14888 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14886 RESERVED CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in Andro ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in An ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14880 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD A ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, a ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-14874 REJECTED CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14871 RESERVED CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...) - restlet (bug #596472) CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...) - exiv2 (Versions prior to 0.26 don't parse ICC profiles yet; only affected experimental; bug #880015) NOTE: https://github.com/Exiv2/exiv2/issues/140 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781 CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function o ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888865) NOTE: https://github.com/Exiv2/exiv2/issues/134 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778 NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57 CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...) {DLA-3265-1 DLA-1147-1} - exiv2 0.27.2-6 (low) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/73 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467 NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888866) NOTE: https://github.com/Exiv2/exiv2/issues/132 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443 CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...) {DLA-3265-1 DLA-1147-1} - exiv2 0.27.2-6 (low) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/75 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786 NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca CVE-2017-14861 (There is a stack consumption vulnerability in the Exiv2::Internal::str ...) - exiv2 (printIFDStructure introduced in 0.26; only affected experimental; bug #880027) NOTE: https://github.com/Exiv2/exiv2/issues/139 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787 CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888867) NOTE: https://github.com/Exiv2/exiv2/issues/71 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776 NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108 CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...) {DLA-3265-1 DLA-1147-1} - exiv2 0.27.2-6 (low) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/74 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780 NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...) - exiv2 (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134) NOTE: https://github.com/Exiv2/exiv2/issues/138 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...) - exiv2 (Vulnerable code not present; only affected experimental; bug #888869) NOTE: https://github.com/Exiv2/exiv2/issues/76 NOTE: https://github.com/Exiv2/exiv2/issues/124 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043 CVE-2017-14856 RESERVED CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...) NOT-FOR-US: Red Lion HMI CVE-2017-14854 (A stack buffer overflow exists in one of the Orpak SiteOmat CGI compon ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14853 (The Orpak SiteOmat OrCU component is vulnerable to code injection, for ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14852 (An insecure communication was found between a user and the Orpak SiteO ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14851 (A SQL injection vulnerability exists in all Orpak SiteOmat versions pr ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14850 (All known versions of the Orpak SiteOmat web management console is vul ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...) - nodejs (Vulnerable code introduced in 8.5.0) NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ NOTE: https://twitter.com/nodejs/status/913131152868876288 CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL In ...) NOT-FOR-US: WordPress plugin CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL In ...) NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...) NOT-FOR-US: Mojoomla Hospital Management System for WordPress CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL In ...) NOT-FOR-US: Mojoomla WPCHURCH Church Management System for WordPress CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection vi ...) NOT-FOR-US: Mojoomla WPGYM WordPress Gym Management System CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection v ...) NOT-FOR-US: Mojoomla School Management System for WordPress CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL I ...) NOT-FOR-US: Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows Ar ...) NOT-FOR-US: Mojoomla Annual Maintenance Contract (AMC) Management System CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.) NOT-FOR-US: TeamWork TicketPlus CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...) NOT-FOR-US: TeamWork Photo Fusion CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and c ...) NOT-FOR-US: TeamWork Job Links CVE-2017-14837 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14836 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14835 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14834 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14833 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14832 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14831 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14830 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14829 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14828 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14827 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14826 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14825 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14824 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14823 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-14822 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-14821 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-14820 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on vu ...) NOT-FOR-US: Foxit Reader CVE-2017-14817 REJECTED CVE-2017-14816 REJECTED CVE-2017-14815 REJECTED CVE-2017-14814 REJECTED CVE-2017-14813 REJECTED CVE-2017-14812 REJECTED CVE-2017-14811 REJECTED CVE-2017-14810 REJECTED CVE-2017-14809 REJECTED CVE-2017-14808 REJECTED CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command ...) NOT-FOR-US: SUSE Studio CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...) NOT-FOR-US: SUSE Studio CVE-2017-14805 RESERVED CVE-2017-14804 (The build package before 20171128 did not check directory names during ...) - obs-build 20180302-1 (bug #887306) [stretch] - obs-build 20160921-1+deb9u1 [jessie] - obs-build (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1069904 CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server w ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 4.3.3 have ...) NOT-FOR-US: Novell Access Manager Admin Console CVE-2017-14801 (Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attacke ...) NOT-FOR-US: NetIQ CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access Manager be ...) NOT-FOR-US: NetIQ CVE-2017-14799 (A cross site scripting attack in handling the ESP login parameter hand ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-14798 (A race condition in the postgresql init script could be used by attack ...) NOT-FOR-US: SuSE-specific flaw in Postgres init script CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue Bridge B ...) NOT-FOR-US: Philips Hue CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...) NOT-FOR-US: libbpg CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...) NOT-FOR-US: libbpg CVE-2017-14794 REJECTED CVE-2017-14793 REJECTED CVE-2017-14792 REJECTED CVE-2017-14791 REJECTED CVE-2017-14790 REJECTED CVE-2017-14789 REJECTED CVE-2017-14788 REJECTED CVE-2017-14787 REJECTED CVE-2017-14786 REJECTED CVE-2017-14785 REJECTED CVE-2017-14784 REJECTED CVE-2017-14783 REJECTED CVE-2017-14782 REJECTED CVE-2017-14781 REJECTED CVE-2017-14780 REJECTED CVE-2017-14779 REJECTED CVE-2017-14778 REJECTED CVE-2017-14777 REJECTED CVE-2017-14776 REJECTED CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...) - php-laravel-framework (Fixed before initial upload to Debian) NOTE: https://github.com/laravel/framework/pull/21320 CVE-2017-14774 RESERVED CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...) NOT-FOR-US: Skybox Manager Client Application CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure v ...) NOT-FOR-US: Skybox Manager Client Application CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an arbi ...) NOT-FOR-US: Skybox Manager Client Application CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an info ...) NOT-FOR-US: Skybox Manager Client Application CVE-2017-14769 RESERVED CVE-2017-14768 RESERVED CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c i ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d NOTE: Fixed in 3.2.8 NOTE: The check is completely missing in Jessie. It should be added. CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an Aut ...) NOT-FOR-US: WordPress plugin CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in ...) NOT-FOR-US: GeniXCMS CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated use ...) NOT-FOR-US: GeniXCMS CVE-2017-14763 (In the Install Themes page in GeniXCMS 1.1.4, remote authenticated use ...) NOT-FOR-US: GeniXCMS CVE-2017-14762 (In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS ...) NOT-FOR-US: GeniXCMS CVE-2017-14761 (In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the ...) NOT-FOR-US: GeniXCMS CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ev ...) NOT-FOR-US: Event Espresso Lite CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) NOT-FOR-US: OpenText Document Sciences xPression CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...) - mahara NOTE: https://mahara.org/interaction/forum/topic.php?id=8083 CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to ...) NOT-FOR-US: WordPress plugin CVE-2017-14750 RESERVED CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...) - iotjs 1.0+715-1 [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008 CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...) NOT-FOR-US: Blizzard Overwatch CVE-2017-14747 RESERVED CVE-2017-14746 (Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote a ...) {DSA-4043-1} - samba 2:4.7.1+dfsg-2 [wheezy] - samba (Issue introduced in 4.0.0) NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) - binutils 2.29-11 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96 (master) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef (binutils-2_29-branch) CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...) {DSA-3984-1 DLA-1120-1} - git 1:2.14.2-1 (bug #876854) NOTE: https://www.openwall.com/lists/oss-security/2017/09/26/9 NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.) NOT-FOR-US: UEditor CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL inje ...) NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...) NOT-FOR-US: LabF nfsAxe CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548) NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...) NOT-FOR-US: GeniXCMS CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547) NOTE: https://github.com/ImageMagick/ImageMagick/issues/780 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089 NOTE: Requires additional fixes: NOTE: https://github.com/ImageMagick/ImageMagick/commit/bbc582d5439a7f9338c6bdc8c34b1ae221ae5214 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/67a633df9386704f45d1ad24f7f5af8a5d11f4a3 CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...) NOT-FOR-US: FileRun CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...) {DLA-2812-1 DLA-1125-1} - botan1.10 1.10.17-0.1 (bug #877436) [jessie] - botan1.10 (Minor issue) NOTE: https://github.com/randombit/botan/issues/1222 NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4 NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da CVE-2017-14736 RESERVED CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...) - libowasp-antisamy-java 1.7.4-1 (bug #1014981) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) [stretch] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/issues/10 CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...) NOT-FOR-US: libbpg CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE h ...) {DSA-4321-1 DLA-1401-1 DLA-1130-1} - graphicsmagick 1.3.26-13 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/ CVE-2017-14732 RESERVED CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attack ...) {DLA-1192-1} - libofx 1:0.9.11-5 (bug #877442) [stretch] - libofx 1:0.9.10-2+deb9u1 [jessie] - libofx 1:0.9.10-1+deb8u1 NOTE: https://github.com/libofx/libofx/issues/10 NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before 5. ...) NOT-FOR-US: Gentoo packagin flaw for Logstash CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) - binutils 2.29.1-2 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by NOTE: a fixed 2.29.1-3 for unrelated issues. NOTE: https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22170 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360 CVE-2017-14728 (An authentication bypass was found in an unknown area of the SiteOmat ...) NOT-FOR-US: Orpak SiteOmat CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...) {DSA-3997-1} - wordpress 4.8.2+dfsg-1 (bug #876274) [wheezy] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/41395 CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect at ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41398 CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...) - wordpress 4.8.2+dfsg-1 (bug #876274) [stretch] - wordpress 4.7.5+dfsg-2+deb9u1 [jessie] - wordpress (Vulnerable code not present) [wheezy] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/41448 CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41470 NOTE: https://core.trac.wordpress.org/changeset/41496 NOTE: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48 NOTE: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94 NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack i ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41397 CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the pl ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41412 CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41412 CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversa ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41457 CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site Script ...) {DSA-3997-1 DLA-1151-1} - wordpress 4.8.2+dfsg-1 (bug #876274) NOTE: https://core.trac.wordpress.org/changeset/41393 CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash v ...) {DLA-1111-1} - weechat 1.9.1-1 (bug #876553) [stretch] - weechat 1.6-1+deb9u2 [jessie] - weechat 1.0.1-1+deb8u2 NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556 CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Descripti ...) NOT-FOR-US: EPESI CVE-2017-14716 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title par ...) NOT-FOR-US: EPESI CVE-2017-14715 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Ti ...) NOT-FOR-US: EPESI CVE-2017-14714 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subj ...) NOT-FOR-US: EPESI CVE-2017-14713 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Desc ...) NOT-FOR-US: EPESI CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...) NOT-FOR-US: EPESI CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- ak ...) NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager" CVE-2017-14710 (The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashi ...) NOT-FOR-US: Fashion Shopping app CVE-2017-14709 (The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- a ...) NOT-FOR-US: Cycling & Hiking Maps app CVE-2017-14708 RESERVED CVE-2017-14707 RESERVED CVE-2017-14706 (DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to ob ...) NOT-FOR-US: DenyAll WAF CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command executi ...) NOT-FOR-US: DenyAll WAF CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) imageSubm ...) NOT-FOR-US: Claydip Laravel Airbnb Clone CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...) NOT-FOR-US: Cash Back Comparison Script CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary c ...) NOT-FOR-US: ERS Data System CVE-2017-14701 RESERVED CVE-2017-14700 RESERVED CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud feat ...) NOT-FOR-US: ASUS routers CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC5 ...) NOT-FOR-US: ASUS routers CVE-2017-14697 RESERVED CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7 ...) - salt 2016.11.8+dfsg1-1 (bug #879090) [stretch] - salt 2016.11.2+ds-1+deb9u1 [jessie] - salt (Minor issue) NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11) CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...) - salt 2016.11.8+dfsg1-1 (bug #879089) [stretch] - salt 2016.11.2+ds-1+deb9u1 [jessie] - salt (Minor issue) NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11) CVE-2017-14694 (Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 ...) NOT-FOR-US: Foxit Reader CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) NOT-FOR-US: IrfanView CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14691 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14690 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14689 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) {DSA-4006-1 DLA-1164-1} - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf (Minor issue) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558 NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...) {DSA-4006-1} - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf (vulnerable code not present, poc not effective) [wheezy] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540 NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) {DSA-4006-1} - mupdf 1.11+ds1-1.1 (bug #877379) [jessie] - mupdf (vulnerable code not present, poc not effective) [wheezy] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539 NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487) NOTE: https://github.com/ImageMagick/ImageMagick/issues/770 NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated b ...) NOT-FOR-US: geminabox CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #876488) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file aft ...) - p3scan (bug #876674) [stretch] - p3scan (Minor issue) [jessie] - p3scan (Minor issue) [wheezy] - p3scan (Minor issue) NOTE: https://sourceforge.net/p/p3scan/bugs/33/ CVE-2017-14680 (ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensit ...) NOT-FOR-US: ZKTeco ZKTime Web CVE-2017-14679 REJECTED CVE-2017-14678 REJECTED CVE-2017-14677 REJECTED CVE-2017-14676 REJECTED CVE-2017-14675 REJECTED CVE-2017-14674 REJECTED CVE-2017-14673 REJECTED CVE-2017-14672 REJECTED CVE-2017-14671 REJECTED CVE-2017-14670 REJECTED CVE-2017-14669 REJECTED CVE-2017-14668 REJECTED CVE-2017-14667 REJECTED CVE-2017-14666 REJECTED CVE-2017-14665 REJECTED CVE-2017-14664 REJECTED CVE-2017-14663 REJECTED CVE-2017-14662 REJECTED CVE-2017-14661 REJECTED CVE-2017-14660 REJECTED CVE-2017-14659 REJECTED CVE-2017-14658 REJECTED CVE-2017-14657 REJECTED CVE-2017-14656 REJECTED CVE-2017-14655 REJECTED CVE-2017-14654 RESERVED CVE-2017-14653 (member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticat ...) NOT-FOR-US: ASP4CMS AspCMS CVE-2017-14652 (SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tap ...) NOT-FOR-US: Tapatalk plugin for MyBB CVE-2017-14651 (WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_colle ...) NOT-FOR-US: WSO2 Data Analytics Server CVE-2017-14649 (ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does ...) - graphicsmagick 1.3.26-12 (unimportant; bug #876460) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a NOTE: https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/439/ CVE-2017-14648 (A global buffer overflow was discovered in the iteration_loop function ...) NOT-FOR-US: BladeEnc CVE-2017-14647 (A heap-based buffer overflow was discovered in AP4_VisualSampleEntry:: ...) NOT-FOR-US: Bento4 CVE-2017-14646 (The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 ...) NOT-FOR-US: Bento4 CVE-2017-14645 (A heap-based buffer over-read was discovered in AP4_BitStream::ReadByt ...) NOT-FOR-US: Bento4 CVE-2017-14644 (A heap-based buffer overflow was discovered in the AP4_HdlrAtom class ...) NOT-FOR-US: Bento4 CVE-2017-14643 (The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0 ...) NOT-FOR-US: Bento4 CVE-2017-14642 (A NULL pointer dereference was discovered in the AP4_HdlrAtom class in ...) NOT-FOR-US: Bento4 CVE-2017-14641 (A NULL pointer dereference was discovered in the AP4_DataAtom class in ...) NOT-FOR-US: Bento4 CVE-2017-14640 (A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetS ...) NOT-FOR-US: Bento4 CVE-2017-14639 (AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 ...) NOT-FOR-US: Bento4 CVE-2017-14638 (AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Be ...) NOT-FOR-US: Bento4 CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb f ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 5) CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffff ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 4) CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4 ...) {DSA-4021-1 DLA-1119-1} - otrs2 5.0.23-1 (bug #876462) NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0) NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0) NOTE: https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897 (rel-5_0) NOTE: https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5 (rel-5_0) NOTE: https://github.com/OTRS/otrs/commit/3ccc426ec220267d0cac8e3fdc39015a3db7d720 (rel-3_3) NOTE: https://github.com/OTRS/otrs/commit/f27dc65e4a937ba832d60e212ce6c9e3a28e406b (rel-3_3) NOTE: https://github.com/OTRS/otrs/commit/454c50116c2bf82dcd9dfee9146a7416be686875 (rel-3_3) NOTE: https://github.com/OTRS/otrs/commit/5468720cc8225a85699b1977ff230adbf9f8362d (rel-3_3) NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3) NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Imag ...) {DSA-4276-1 DLA-1395-1} - php-horde-image 2.5.2-1 (bug #876400) NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2 NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (bug #876783) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...) {DSA-4113-1 DLA-2039-1 DLA-1368-1} - libvorbis 1.3.5-4.1 (bug #876778) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329 NOTE: https://github.com/xiph/vorbis/pull/34 NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uni ...) {DSA-4113-1 DLA-1368-1} - libvorbis 1.3.5-4.1 (bug #876779) [jessie] - libvorbis (Vulnerable code not present) [wheezy] - libvorbis (Vulnerable code not present) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328 NOTE: https://github.com/xiph/vorbis/issues/29 NOTE: https://github.com/xiph/vorbis/pull/34 CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integ ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 1) CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 func ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 6) CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integ ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 3) CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadIma ...) {DLA-1127-1} - sam2p (bug #876744) [jessie] - sam2p 0.49.2-3+deb8u1 NOTE: https://github.com/pts/sam2p/issues/14 (bug 2) CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...) NOT-FOR-US: CyberLink LabelPrint CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/720 NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/722 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97 CVE-2017-14623 (In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker ...) - golang-github-go-ldap-ldap 2.5.1-1 (low; bug #876404) [stretch] - golang-github-go-ldap-ldap 2.4.1-1+deb9u1 NOTE: https://github.com/go-ldap/ldap/pull/126 NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66 CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...) NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead.) NOT-FOR-US: Portus CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP L ...) NOT-FOR-US: SmarterStats CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 all ...) NOT-FOR-US: phpMyFAQ CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFA ...) NOT-FOR-US: phpMyFAQ CVE-2017-14617 (In Poppler 0.59.0, a floating point exception occurs in the ImageStrea ...) {DLA-1116-1} - poppler 0.61.1-2 (bug #876385) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102854 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7 NOTE: The patch applied in 0.48.0-2+deb9u1 (stretch) and 0.26.5-2+deb8u2 (jessie) NOTE: does not completely fix the issue thus still marked as unfixed even if the NOTE: CVE is recorded in debian/changelog. CVE-2015-9232 (The Good for Enterprise application 3.0.0.415 for Android does not use ...) NOT-FOR-US: Good for Enterprise application for Android CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. I ...) NOT-FOR-US: WatchGuard Fireware CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. W ...) NOT-FOR-US: WatchGuard Fireware CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in GridGain ...) NOT-FOR-US: GridGain CVE-2017-14613 RESERVED CVE-2017-14612 ("Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot- ...) NOT-FOR-US: Book sale app CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...) NOT-FOR-US: Cockpit CMS (different from src:cockpit) CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...) - bareos (low; bug #877334) [buster] - bareos (Minor issue) [stretch] - bareos (Minor issue) [jessie] - bareos (Minor issue) NOTE: https://bugs.bareos.org/view.php?id=847 CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file after ...) - kannel (No real security issue in combination with start-stop-daemon from dpkg, see #877361) NOTE: https://redmine.kannel.org/issues/771 CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...) {DLA-2903-1 DLA-1109-1} - libraw 0.18.5-1 (low) NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 NOTE: https://github.com/LibRaw/LibRaw/issues/101 CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to Read ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878527) NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74 NOTE: https://github.com/ImageMagick/ImageMagick/issues/765 CVE-2017-14606 RESERVED CVE-2017-14605 RESERVED CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords ...) NOT-FOR-US: iTerm2 CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...) {DSA-3994-1} - nautilus 3.25.90-1 (bug #860268) [jessie] - nautilus (Minor issue, issue mitigated because does not silently decompress tarballs) [wheezy] - nautilus (Minor issue, issue mitigated because does not silently decompress tarballs) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991 NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ NOTE: https://github.com/freedomofpress/securedrop/issues/2238 NOTE: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0 CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...) {DSA-3990-1} - asterisk 1:13.17.2~dfsg-1 (bug #876328) [wheezy] - asterisk (strictrtp option is disabled by default. Too intrusive too backport) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252 CVE-2017-14602 (A vulnerability has been identified in the management interface of Cit ...) NOT-FOR-US: Citrix CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms ...) NOT-FOR-US: Pragyan CMS CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/ ...) NOT-FOR-US: Pragyan CMS CVE-2017-14599 RESERVED CVE-2017-14598 RESERVED CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the ...) NOT-FOR-US: AfterLogic WebMail CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authenticatio ...) NOT-FOR-US: Joomla! CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...) NOT-FOR-US: Joomla! CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ve ...) NOT-FOR-US: Atlassian Jira CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...) NOT-FOR-US: Atlassian Sourcetree CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs i ...) NOT-FOR-US: Atlassian Sourcetree CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4. ...) NOT-FOR-US: Atlassian CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial reposito ...) NOT-FOR-US: Atlassian Bamboo CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...) NOT-FOR-US: Atlassian Bamboo CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...) NOT-FOR-US: Atlassian CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...) NOT-FOR-US: Atlassian CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to remot ...) NOT-FOR-US: Atlassian CVE-2017-14584 RESERVED CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...) NOT-FOR-US: NetApp Clustered Data ONTAP CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for A ...) NOT-FOR-US: Zoho CVE-2017-XXXX [pcb code injection by malicious layout file] - pcb-rnd 1.2.5-2 (bug #876540) [stretch] - pcb-rnd 1.1.4-2 CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...) NOT-FOR-US: SAP CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14578 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) NOT-FOR-US: IrfanView CVE-2017-14577 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14576 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14575 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14574 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14573 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14572 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14571 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14570 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14569 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14568 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14567 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14566 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14565 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14564 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14563 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14562 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14561 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14560 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14559 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14558 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14557 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14556 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14555 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14554 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14553 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14552 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14551 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14550 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14549 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14548 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14547 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14546 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14545 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14544 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14543 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14542 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14541 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14540 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) NOT-FOR-US: IrfanView CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) NOT-FOR-US: IrfanView CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter t ...) NOT-FOR-US: trixbox CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user ...) NOT-FOR-US: trixbox CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in t ...) NOT-FOR-US: trixbox CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...) NOT-FOR-US: NexusPHP CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/648 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907 CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...) {DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #878541) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/719 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590 CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in c ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/718 NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1385a09732c261f1f403a9af6700979ca56c76d3 CVE-2017-14530 (WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordP ...) NOT-FOR-US: Crony Cronjob Manager plugin for WordPress CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Descripto ...) - binutils 2.29-10 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22113 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582 CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...) {DLA-2523-1} [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 (bug #878544) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Can't reproduce crash with file) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730 NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6f7cba13ebae405b2689647a2277827f1c272364 CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) NOT-FOR-US: OpenText Documentum Webtop CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) NOT-FOR-US: OpenText Documentum Administrator CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6 ...) NOT-FOR-US: OpenText Documentum Webtop CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum Administ ...) NOT-FOR-US: OpenText Documentum Administrator CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...) NOT-FOR-US: WonderCMS CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary us ...) NOT-FOR-US: WonderCMS CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random applicatio ...) NOT-FOR-US: WonderCMS CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in Splash::scaleI ...) {DSA-4079-1} - poppler 0.61.1-2 (low; bug #876081) [wheezy] - poppler (vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262 CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to Object::strea ...) {DSA-4079-1 DLA-1116-1} - poppler 0.61.1-2 (bug #876086) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee CVE-2017-14518 (In Poppler 0.59.0, a floating point exception exists in the isImageInt ...) {DSA-4079-1} - poppler 0.61.1-2 (low; bug #876082) [wheezy] - poppler (vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2 CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::pars ...) {DSA-4079-1 DLA-1116-1} - poppler 0.61.1-2 (low; bug #876079) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Co ...) NOT-FOR-US: SAP Business Objects Financial Consolidation CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 all ...) NOT-FOR-US: Tenda W15E devices CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 allows rem ...) NOT-FOR-US: Tenda W15E devices CVE-2017-14513 (Directory traversal vulnerability in MetInfo 5.3.17 allows remote atta ...) NOT-FOR-US: MetInfo CVE-2017-14512 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...) NOT-FOR-US: NexusPHP CVE-2017-14511 (An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through ...) NOT-FOR-US: SAP CVE-2017-14510 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) NOT-FOR-US: SugarCRM CVE-2017-14509 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) NOT-FOR-US: SugarCRM CVE-2017-14508 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) NOT-FOR-US: SugarCRM CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitt ...) NOT-FOR-US: Twitter iOS client CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline plugin ...) NOT-FOR-US: Content Timeline plugin for WordPress CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...) NOT-FOR-US: geminabox CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545) NOTE: https://github.com/ImageMagick/ImageMagick/issues/716 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948 CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...) {DSA-4321-1 DLA-1456-1 DLA-1130-1} - graphicsmagick 1.3.26-11 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/466/ CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_da ...) {DSA-4360-1 DLA-1600-1} - libarchive 3.2.2-4.1 (bug #875960) [wheezy] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/948 NOTE: https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14 CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 s ...) {DSA-4360-1 DLA-1600-1} - libarchive 3.2.2-4.1 (bug #875974) [wheezy] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in archive_read_s ...) {DSA-4360-1 DLA-1600-1} - libarchive 3.2.2-4.2 (bug #875966) [wheezy] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/issues/949 NOTE: https://github.com/libarchive/libarchive/commit/f9569c086ff29259c73790db9cbf39fe8fb9d862 CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in t ...) {DSA-3977-1 DLA-1104-1} - newsbeuter 2.9-7 (bug #876004) NOTE: http://openwall.com/lists/oss-security/2017/09/16/1 NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333 NOTE: master: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260 NOTE: https://github.com/akrennmair/newsbeuter/issues/598 CVE-2017-14499 RESERVED CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mish ...) NOT-FOR-US: SilverStripe CMS CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) - linux 4.12.13-1 [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13) CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before 2 ...) - dnsmasq 2.78-1 [stretch] - dnsmasq 2.76-5+deb9u1 [jessie] - dnsmasq (Vulnerable code introduced later) [wheezy] - dnsmasq (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id o ...) - dnsmasq 2.78-1 [stretch] - dnsmasq 2.76-5+deb9u1 [jessie] - dnsmasq (Vulnerable code introduced later) [wheezy] - dnsmasq (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45 CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote attacke ...) {DSA-3989-1 DLA-1124-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262 CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote attac ...) {DSA-3989-1} - dnsmasq 2.78-1 [wheezy] - dnsmasq (Vulnerable code introduced later) NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033 CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...) {DSA-3989-1 DLA-1124-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10 CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...) {DSA-3989-1 DLA-1124-1} - dnsmasq 2.78-1 NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=62cb936cb7ad5f219715515ae7d32dd281a5aa1f CVE-2017-14490 RESERVED CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 NOTE: https://patchwork.kernel.org/patch/9923803/ NOTE: Fixed by: https://git.kernel.org/linus/c88f0e6b06f4092995688211a631bb436125d77b CVE-2017-14488 RESERVED CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to ...) NOT-FOR-US: OhMiBod Remote app CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease C ...) NOT-FOR-US: Vibease Wireless Remote Vibrator app CVE-2017-14485 RESERVED CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Int ...) NOT-FOR-US: Gentoo packaging flaw in gimps CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 f ...) - flower (Gentoo-specific issue, Debian doesn't provide an init script at all) CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...) - kubernetes (Vulnerable code not yet present) CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation v1. ...) NOT-FOR-US: WordPress plugin CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...) NOT-FOR-US: WordPress plugin CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, Th ...) NOT-FOR-US: WordPress plugin CVE-2017-1002025 (Vulnerability in wordpress plugin add-edit-delete-listing-for-member-m ...) NOT-FOR-US: WordPress plugin CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code d ...) NOT-FOR-US: WordPress plugin CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in questio ...) NOT-FOR-US: WordPress plugin CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in individ ...) NOT-FOR-US: WordPress plugin CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_ ...) NOT-FOR-US: WordPress plugin CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...) NOT-FOR-US: WordPress plugin CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...) NOT-FOR-US: WordPress plugin CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The c ...) NOT-FOR-US: WordPress plugin CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...) NOT-FOR-US: WordPress plugin CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) NOT-FOR-US: WordPress plugin CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) NOT-FOR-US: WordPress plugin CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) NOT-FOR-US: WordPress plugin CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) NOT-FOR-US: WordPress plugin CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) NOT-FOR-US: WordPress plugin CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...) NOT-FOR-US: WordPress plugin CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...) NOT-FOR-US: WordPress plugin CVE-2017-1002008 (Vulnerability in wordpress plugin membership-simplified-for-oap-member ...) NOT-FOR-US: WordPress plugin CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...) NOT-FOR-US: WordPress plugin CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...) NOT-FOR-US: WordPress plugin CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/de ...) NOT-FOR-US: WordPress plugin CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/do ...) NOT-FOR-US: WordPress plugin CVE-2017-1002003 (Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android ...) NOT-FOR-US: WordPress plugin CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin incl ...) NOT-FOR-US: WordPress plugin CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05 ...) NOT-FOR-US: WordPress plugin CVE-2017-1002000 (Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easyt ...) NOT-FOR-US: WordPress plugin CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi- ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Re ...) NOT-FOR-US: MySQL ulti-Master Replication Manager CVE-2017-14473 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14472 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14471 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14470 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14469 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14468 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14467 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14466 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14465 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14464 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14463 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14462 (An exploitable access control vulnerability exists in the data, progra ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to Dovecot ...) {DSA-4130-1 DLA-1333-1} - dovecot 1:2.2.34-1 (bug #891819) NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html NOTE: https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4 NOTE: https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e NOTE: https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141 NOTE: https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b NOTE: https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11 NOTE: https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732 NOTE: https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0510 CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist vulnera ...) - parity (bug #890550) CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the Telnet ...) NOT-FOR-US: Moxa CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...) - cpp-ethereum (bug #860434) CVE-2017-14456 REJECTED CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) NOT-FOR-US: Insteon Hub CVE-2017-14454 (Multiple exploitable buffer overflow vulnerabilities exists in the Pub ...) NOT-FOR-US: Insteon Hub CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) NOT-FOR-US: Insteon Hub CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...) NOT-FOR-US: CPP-Ethereum CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84 CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering function ...) {DSA-4177-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 (Vulnerable code not present) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image re ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695 CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability exists in Ins ...) NOT-FOR-US: Insteon Hub CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...) NOT-FOR-US: Insteon Hub CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...) NOT-FOR-US: Insteon Hub CVE-2017-14443 (An exploitable information leak vulnerability exists in Insteon Hub ru ...) NOT-FOR-US: Insteon Hub CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image re ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8 CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image re ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10 CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image r ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489 NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c CVE-2017-14439 (Exploitable denial of service vulnerabilities exists in the Service Ag ...) NOT-FOR-US: Moxa CVE-2017-14438 (Exploitable denial of service vulnerabilities exists in the Service Ag ...) NOT-FOR-US: Moxa CVE-2017-14437 (An exploitable denial of service vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14436 (An exploitable denial of service vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14435 (An exploitable denial of service vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14434 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14433 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14432 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114 ...) NOT-FOR-US: D-Link CVE-2017-14428 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14427 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14426 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14425 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14424 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14423 (htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmw ...) NOT-FOR-US: D-Link CVE-2017-14422 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) NOT-FOR-US: D-Link CVE-2017-14421 (D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have ...) NOT-FOR-US: D-Link CVE-2017-14420 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...) NOT-FOR-US: D-Link CVE-2017-14419 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...) NOT-FOR-US: D-Link CVE-2017-14418 (The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850 ...) NOT-FOR-US: D-Link CVE-2017-14417 (register_send.php on D-Link DIR-850L REV. B (with firmware through FW2 ...) NOT-FOR-US: D-Link CVE-2017-14416 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) NOT-FOR-US: D-Link CVE-2017-14415 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) NOT-FOR-US: D-Link CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) NOT-FOR-US: D-Link CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) NOT-FOR-US: D-Link CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in mp ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/ CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/ CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in mpgli ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/ CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/ CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/ CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in gain_an ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/ NOTE: Not reproducible with 1.6.2. NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface. ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/ CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote comma ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file i ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14403 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546) NOTE: https://github.com/ImageMagick/ImageMagick/issues/746 NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591 CVE-2017-14399 (In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend ...) NOT-FOR-US: BlackCat CMS CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and ...) NOT-FOR-US: Razer Synapse CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.) NOT-FOR-US: AnyDesk CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by constructing a ...) NOT-FOR-US: osTicket CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...) NOT-FOR-US: OpenAM CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...) NOT-FOR-US: OpenAM CVE-2017-14393 REJECTED CVE-2017-14392 REJECTED CVE-2017-14391 REJECTED CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration ...) NOT-FOR-US: Cloud Foundry CVE-2017-14389 (An issue was discovered in Cloud Foundry Foundation capi-release (all ...) NOT-FOR-US: Cloud Foundry CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30. ...) NOT-FOR-US: Cloud Foundry Foundation GrootFS CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8. ...) NOT-FOR-US: EMC Isilon OneFS CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser P ...) NOT-FOR-US: Dell CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions ...) NOT-FOR-US: EMC Data Domain DD OS CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMig ...) NOT-FOR-US: EMConfigMigration service CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File 8.1. ...) NOT-FOR-US: EMC VNX CVE-2017-14382 REJECTED CVE-2017-14381 REJECTED CVE-2017-14380 (In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2 ...) NOT-FOR-US: EMC Isilon OneFS CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scri ...) NOT-FOR-US: EMC RSA CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agen ...) NOT-FOR-US: EMC RSA CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 an ...) NOT-FOR-US: EMC RSA CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ha ...) NOT-FOR-US: EMC AppSync Server CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4. ...) NOT-FOR-US: EMC CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.2 ...) NOT-FOR-US: Dell CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a refle ...) NOT-FOR-US: RSA Authentication Manager CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege es ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-14368 RESERVED CVE-2017-14367 RESERVED CVE-2017-14366 RESERVED CVE-2017-14365 RESERVED CVE-2017-14364 RESERVED CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...) NOT-FOR-US: Micro Focus Operations Manager CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and Po ...) NOT-FOR-US: Micro Focus Project and Portfolio Management Center CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio M ...) NOT-FOR-US: Micro Focus Project and Portfolio Management Center CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...) NOT-FOR-US: HPE CVE-2017-14359 (A potential security vulnerability has been identified in HPE Performa ...) NOT-FOR-US: HPE Performance Center CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM a ...) NOT-FOR-US: HP ArcSight CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ...) NOT-FOR-US: HP ArcSight CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM ...) NOT-FOR-US: HP ArcSight CVE-2017-14355 (A potential security vulnerability has been identified in HPE Connecte ...) NOT-FOR-US: HPE Connected Backup CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation Sof ...) NOT-FOR-US: HP UCMDB Foundation CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...) NOT-FOR-US: HP UCMDB Foundation CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB Con ...) NOT-FOR-US: HP CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB Con ...) NOT-FOR-US: HP CVE-2017-14350 (A potential security vulnerability has been identified in HPE Applicat ...) NOT-FOR-US: HP CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions 11.2 ...) NOT-FOR-US: HP CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the Bul ...) NOT-FOR-US: WordPress plugin CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...) NOT-FOR-US: Photocrati NextGEN Gallery CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.p ...) NOT-FOR-US: NexusPHP CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted fil ...) NOT-FOR-US: tianchoy/blog CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id pa ...) NOT-FOR-US: tianchoy/blog CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on Ju ...) NOT-FOR-US: Jungo WinDriver CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/649 CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGIm ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/650 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21 CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105) NOTE: https://github.com/ImageMagick/ImageMagick/issues/654 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4 CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...) {DLA-2903-1} - libraw 0.18.5-1 [jessie] - libraw (Vulnerable code not present) [wheezy] - libraw (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/100 NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ker ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check for the pr ...) {DSA-4001-1} - yadifa 2.2.6-1 (bug #876315) NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog CVE-2017-14338 RESERVED CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate authentic ...) NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) CVE-2017-14336 RESERVED CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...) NOT-FOR-US: Beijing Hanbang Hanbanggaoke devices CVE-2017-14334 RESERVED CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.2 ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21990 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de CVE-2017-14332 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hij ...) NOT-FOR-US: Extreme EXOS CVE-2017-14331 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the ...) NOT-FOR-US: Extreme EXOS CVE-2017-14330 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...) NOT-FOR-US: Extreme EXOS CVE-2017-14329 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...) NOT-FOR-US: Extreme EXOS CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to tri ...) NOT-FOR-US: Extreme EXOS CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitr ...) NOT-FOR-US: Extreme EXOS CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/740 NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0 CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/741 CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/739 NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2 CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...) NOT-FOR-US: Onethink CVE-2017-14322 (The function in charge to check whether the user is already logged in ...) NOT-FOR-US: Interspire Email Marketer CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Mirasvit Helpdesk MX CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to exec ...) NOT-FOR-US: Mirasvit Helpdesk MX CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When remo ...) {DSA-4050-1 DLA-1549-1 DLA-1132-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-234.html CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gn ...) {DSA-4050-1 DLA-1132-1} - xen 4.8.2+xsa245-0+deb9u1 [jessie] - xen (Only affects 4.5 and later) NOTE: https://xenbits.xen.org/xsa/advisory-232.html NOTE: Wheezy will be affected with the upcoming grant table backport CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka cx ...) {DSA-4050-1 DLA-1549-1 DLA-1132-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-233.html CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. Th ...) {DSA-4050-1 DLA-1549-1 DLA-1132-1} - xen 4.8.2+xsa245-0+deb9u1 NOTE: https://xenbits.xen.org/xsa/advisory-231.html CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementatio ...) NOT-FOR-US: Apple CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in Graph ...) {DSA-4321-1 DLA-1401-1 DLA-1130-1} - graphicsmagick 1.3.26-10 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/ CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...) - nagios3 (Doesn't affect Nagios as packaged in Debian) NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/424 NOTE: State is not fully correct, since "affected" source would be there. CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for Wo ...) NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress CVE-2017-15596 (An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest ...) {DSA-3969-1} - xen 4.8.1-1+deb9u3 [wheezy] - xen (No arm support in Wheezy) NOTE: https://xenbits.xen.org/xsa/advisory-235.html CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows lo ...) NOT-FOR-US: NetMechanica NetDecision CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14308 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14307 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14306 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14305 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14304 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14303 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14302 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) NOT-FOR-US: STDU Viewer CVE-2017-14301 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14300 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14299 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14298 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14297 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14296 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14295 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14294 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14293 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14292 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14291 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14290 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14289 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14288 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14287 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14286 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) NOT-FOR-US: STDU Viewer CVE-2017-14285 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14284 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14283 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14282 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14281 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14280 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14279 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14278 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14277 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14276 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) NOT-FOR-US: XnView CVE-2017-14275 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14274 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14273 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14272 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14271 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-14270 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function in up ...) NOT-FOR-US: AlegroCart CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remot ...) NOT-FOR-US: AlegroCart CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitrary cod ...) {DSA-3975-1 DSA-3970-1 DLA-1101-1} - emacs25 25.2+1-6 (bug #875447) - emacs24 (bug #875448) - emacs23 (bug #875449) NOTE: https://www.openwall.com/lists/oss-security/2017/09/11/1 NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350 NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70 CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...) {DSA-3973-1 DLA-1096-1} - wordpress-shibboleth 1.8-1 (bug #874416) NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/ CVE-2017-14269 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attack ...) NOT-FOR-US: EE 4GEE WiFi MBB CVE-2017-14268 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms ...) NOT-FOR-US: EE 4GEE WiFi MBB CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...) NOT-FOR-US: EE 4GEE WiFi MBB CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnera ...) - tcpreplay 3.4.4-3 [jessie] - tcpreplay 3.4.4-2+deb8u1 [wheezy] - tcpreplay 3.4.3-2+wheezy2 NOTE: Fixed by http://launchpadlibrarian.net/270778908/tcpreplay_3.4.4-2_3.4.4-3.diff.gz NOTE: Not a duplicate of CVE-2016-6160 the detailed MITRE description, but both issues NOTE: are addressed with the same patch: NOTE: Patch enforce-maxpacket.patch addresses the issue CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...) {DLA-2903-1} - libraw 0.18.5-1 [wheezy] - libraw (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/99 NOTE: https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60 CVE-2017-14264 RESERVED CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account ...) NOT-FOR-US: Honeywell CVE-2017-14262 (On Samsung NVR devices, remote attackers can read the MD5 password has ...) NOT-FOR-US: Samsung CVE-2017-14261 (In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom. ...) NOT-FOR-US: Bento4 CVE-2017-14260 (In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom. ...) NOT-FOR-US: Bento4 CVE-2017-14259 (In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom. ...) NOT-FOR-US: Bento4 CVE-2017-14258 (In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h fil ...) NOT-FOR-US: Bento4 CVE-2017-14257 (In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core ...) NOT-FOR-US: Bento4 CVE-2017-14256 RESERVED CVE-2017-14255 RESERVED CVE-2017-14254 RESERVED CVE-2017-14253 RESERVED CVE-2017-14252 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in sysex ...) - typo3-src [wheezy] - typo3-src (Not supported in Wheezy LTS) CVE-2017-14250 REJECTED CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099) NOTE: https://github.com/ImageMagick/ImageMagick/issues/708 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04 CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/resize.c ...) - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/717 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5402b6e0fcf8b694ae2af6a6652ebb8ce0ccf46 CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14244 (An authentication bypass vulnerability on iBall Baton ADSL2+ Home Rout ...) NOT-FOR-US: iBall CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadba ...) NOT-FOR-US: UTStar CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...) - dolibarr (bug #885319) NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 all ...) - dolibarr (bug #885320) NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 CVE-2017-14240 (There is a sensitive information disclosure vulnerability in document. ...) - dolibarr (bug #885320) NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...) - dolibarr (bug #885320) NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CR ...) - dolibarr (bug #885320) NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 CVE-2017-14237 RESERVED CVE-2017-14236 RESERVED CVE-2017-14235 RESERVED CVE-2017-14234 RESERVED CVE-2017-14233 RESERVED CVE-2017-14232 (The read_chunk function in flif-dec.cpp in Free Lossless Image Format ...) - flif CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: GenixCMS CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP befo ...) - cyrus-imapd (Vulnerable code introduced later) - cyrus-imapd-2.4 (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79 NOTE: Introduced by: https://github.com/cyrusimap/cyrus-imapd/commit/1fe918087237f55e09a37fa414bf988873739021 (cyrus-imapd-3.0.0-beta1) NOTE: https://github.com/cyrusimap/cyrus-imapd/issues/2132 CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_ ...) - jasper [jessie] - jasper (Minor issue) [wheezy] - jasper (Minor issue) NOTE: https://github.com/mdadams/jasper/issues/146 NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648 CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...) - nasm 2.13.02-0.1 (unimportant; bug #874731) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423 NOTE: Crash in CLI tool, no securiy impact CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-it ...) - libbson 1.8.0-1 (bug #874754) [stretch] - libbson (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362 NOTE: Latest https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0) NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding. NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069 NOTE: Still the underlying issue in bson-iter.c when parsing BSON with a codewscope NOTE: type is present in earlier versions. NOTE: Upstream issue: https://jira.mongodb.org/browse/CDRIVER-2269 NOTE: Fixed by: https://github.com/mongodb/libbson/commit/42900956dc461dfe7fb91d93361d10737c1602b3 CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.c ...) - libwpd 0.10.2-1 (bug #876001) [stretch] - libwpd 0.10.1-5+deb9u1 [jessie] - libwpd 0.10.0-2+deb8u1 [wheezy] - libwpd (Vulnerable code do not exist) NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269 NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/ NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/ CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...) {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav [jessie] - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in Image ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #876097) NOTE: https://github.com/ImageMagick/ImageMagick/issues/733 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_i ...) {DSA-3996-1 DLA-1654-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97 CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...) {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav [jessie] - libav (vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382 CVE-2017-14221 RESERVED CVE-2017-14220 RESERVED CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmw ...) NOT-FOR-US: Intelbras Wireless N 150Mbps router CVE-2017-14218 RESERVED CVE-2017-14217 RESERVED CVE-2017-14216 RESERVED CVE-2017-14215 RESERVED CVE-2017-14214 RESERVED CVE-2017-14213 RESERVED CVE-2017-14212 RESERVED CVE-2017-14211 RESERVED CVE-2017-14210 RESERVED CVE-2017-14209 RESERVED CVE-2017-14208 REJECTED CVE-2017-14207 REJECTED CVE-2017-14206 REJECTED CVE-2017-14205 REJECTED CVE-2017-14204 REJECTED CVE-2017-14203 REJECTED CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) NOT-FOR-US: Zephyr CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...) NOT-FOR-US: Zephyr CVE-2017-14200 REJECTED CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...) NOT-FOR-US: Zephyr OS CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...) NOT-FOR-US: Squiz Matrix CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...) NOT-FOR-US: Squiz Matrix CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 an ...) NOT-FOR-US: Squiz Matrix CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...) NOT-FOR-US: dayrui FineCms CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms 5.0 ...) NOT-FOR-US: dayrui FineCms CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineCms 5.0 ...) NOT-FOR-US: dayrui FineCms CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCm ...) NOT-FOR-US: dayrui FineCms CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up ...) NOT-FOR-US: Fortinet CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager 5 ...) NOT-FOR-US: Fortinet CVE-2017-14188 RESERVED CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...) NOT-FOR-US: Fortinet CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...) NOT-FOR-US: Fortinet CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for Wi ...) NOT-FOR-US: Fortinet CVE-2017-14183 RESERVED CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5 ...) NOT-FOR-US: Fortinet CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes originatin ...) NOT-FOR-US: Apport CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...) NOT-FOR-US: Apport CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...) - snapd 2.30-1 [stretch] - snapd (Issue introduced in 2.27) NOTE: https://launchpad.net/bugs/1730255 CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...) NOT-FOR-US: Apport CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) NOT-FOR-US: aacplusenc CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502) NOTE: https://github.com/ImageMagick/ImageMagick/issues/712 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56 CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503) NOTE: https://github.com/ImageMagick/ImageMagick/issues/714 NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504) NOTE: https://github.com/ImageMagick/ImageMagick/issues/713 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NS ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_inde ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...) {DSA-3996-1 DLA-1654-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: libav in Jessie uses a different guard for item_num. Check whether NOTE: the guard is necessary at all. NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad CVE-2017-14168 RESERVED CVE-2017-14167 (Integer overflow in the load_multiboot function in hw/i386/multiboot.c ...) {DSA-3991-1 DLA-1497-1 DLA-1129-1 DLA-1128-1} - qemu 1:2.10.0-1 (bug #874606) - qemu-kvm NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489375 CVE-2017-14163 (An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8 ...) - mahara CVE-2017-14162 RESERVED CVE-2017-14161 RESERVED CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...) {DSA-4360-1 DLA-1600-1 DLA-1092-1} - libarchive 3.2.2-3.1 (bug #874539) NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/5 NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71 NOTE: https://github.com/libarchive/libarchive/issues/935 CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...) - graphicsmagick 1.3.26-9 (unimportant; bug #874724) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/ CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) [wheezy] - libvorbis (Minor issue, can be revisited once fixed upstream) NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330 NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...) {DSA-4052-1 DLA-1107-1} - bzr 2.7.0+bzr6622-7 (bug #874429) - breezy 3.0.0~bzr6772-1 NOTE: https://bugs.launchpad.net/bzr/+bug/1710979 CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...) - openldap (unimportant) NOTE: http://www.openldap.org/its/index.cgi?findid=8703 NOTE: Negligible security impact, but filed #877512 CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...) - python-scrapy (unimportant; bug #875947) NOTE: http://blog.csdn.net/wangtua/article/details/75228728 NOTE: https://github.com/scrapy/scrapy/issues/482 NOTE: Negligable security impact CVE-2017-14157 RESERVED CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in th ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 (low) CVE-2017-14155 RESERVED CVE-2017-14154 RESERVED CVE-2017-14153 (This vulnerability allows local attackers to escalate privileges on Ju ...) NOT-FOR-US: Jungo WinDriver CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in lib/ope ...) - openjpeg2 (Incomplete fix for CVE-2017-14152 not applied) CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...) {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874431) NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 NOTE: https://github.com/uclouvain/openjpeg/issues/985 NOTE: When fixing this issue make sure to apply the complete fix including the following NOTE: commit: NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164. CVE-2017-14151 (An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_ ...) - openjpeg2 2.3.0-1 (bug #874430) [stretch] - openjpeg2 2.1.2-1.1+deb9u2 [jessie] - openjpeg2 (Vulnerable code introduced later, see #874430) NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 NOTE: https://github.com/uclouvain/openjpeg/issues/982 CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. Wh ...) {DSA-3992-1 DLA-1121-1} - curl 7.56.1-1 (bug #877671) NOTE: https://curl.haxx.se/docs/adv_20171004.html NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7 NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584 CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...) - linux 4.0.2-1 [jessie] - linux 3.16.7-ckt11-1 [wheezy] - linux 3.2.71-1 CVE-2017-1000252 (The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS u ...) - linux 4.12.13-1 [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb (v4.14-rc1) NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2 NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2 CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at th ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 (bug #875881) NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 NOTE: https://www.armis.com/blueborne/ NOTE: https://access.redhat.com/security/vulnerabilities/blueborne CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are vulnerabl ...) {DSA-3972-1 DLA-1103-1} - bluez 5.46-1 (bug #875633) NOTE: https://www.armis.com/blueborne/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09 CVE-2017-1000249 (An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b ...) {DSA-3965-1} - file 1:5.32-1 [jessie] - file (Vulnerable code introduced later) [wheezy] - file (Vulnerable code introduced later) NOTE: Upstream fix: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793 NOTE: Introduced by: https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1 CVE-2017-14150 RESERVED CVE-2017-14149 (GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the webs ...) NOT-FOR-US: GoAhead CVE-2017-14148 RESERVED CVE-2017-14147 (An issue was discovered on FiberHome User End Routers Bearing Model Nu ...) NOT-FOR-US: FiberHome CVE-2017-14146 (HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary ...) NOT-FOR-US: HelpDEZk CVE-2017-14145 (HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\logi ...) NOT-FOR-US: HelpDEZk CVE-2017-14144 RESERVED CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcod ...) NOT-FOR-US: Kaltura CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before ...) NOT-FOR-US: Kaltura CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...) NOT-FOR-US: Kaltura CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.12-1 NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9 CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage i ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/578 NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dbe0008c6fa225d01085ca86f3e425c306ee6240 NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6 NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage i ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/639 CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue whe ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/641 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004 NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes) CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...) - opencv (Incomplete patch never shipped) NOTE: https://github.com/opencv/opencv/issues/9443 NOTE: https://github.com/opencv/opencv/pull/9448 CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the we ...) NOT-FOR-US: webadmin plugin for opendreambox CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password page of M ...) NOT-FOR-US: Maplesoft Maple CVE-2017-14133 RESERVED CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...) {DLA-1583-1} - jasper (low) [wheezy] - jasper (Minor issue) NOTE: https://github.com/mdadams/jasper/issues/147 NOTE: The suggested fix by thoger addresses the reported issue. CVE-2017-14131 RESERVED CVE-2017-14130 (The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary Fi ...) - binutils 2.29-9 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor (B ...) - binutils 2.29-10 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22047 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643 CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Descripto ...) - binutils 2.29-9 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22059 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on Technicol ...) NOT-FOR-US: Technicolor CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS ...) NOT-FOR-US: WordPress plugin CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin bef ...) NOT-FOR-US: Responsive Image Gallery plugin for WordPress CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when cla ...) NOT-FOR-US: eLux CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...) NOT-FOR-US: Zoho ManageEngine CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...) {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...) {DLA-2567-1} - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Crash in CLI tool, no security impact CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...) {DLA-2567-1 DLA-1091-1} - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059) [jessie] - unrar-free (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29 CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14118 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14117 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 d ...) NOT-FOR-US: Arris CVE-2017-14116 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when ...) NOT-FOR-US: Arris CVE-2017-14115 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 d ...) NOT-FOR-US: Arris CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...) - rtpproxy (unimportant; bug #874070) NOTE: https://rtpbleed.com/ NOTE: https://github.com/sippy/rtpproxy/issues/70 NOTE: Design limitation in RTP protocol CVE-2017-14113 REJECTED CVE-2017-14112 RESERVED CVE-2017-14111 (The workstation logging function in Philips IntelliSpace Cardiovascula ...) NOT-FOR-US: Philips IntelliSpace Cardiovascular and Xcelera CVE-2017-14110 RESERVED CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulner ...) NOT-FOR-US: tcmu-runner CVE-2017-1000200 (tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered N ...) NOT-FOR-US: tcmu-runner CVE-2017-1000199 (tcmu-runner version 0.91 up to 1.20 is vulnerable to information discl ...) NOT-FOR-US: tcmu-runner CVE-2017-1000198 (tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid mem ...) NOT-FOR-US: tcmu-runner CVE-2017-14109 RESERVED CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ...) - gedit (unimportant; bug #875311) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037 NOTE: negligible security impact CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...) {DLA-2858-1} [experimental] - libzip 1.3.0+dfsg.1-1 - libzip 1.5.1-3 (low; bug #874010) [jessie] - libzip (Minor issue) [wheezy] - libzip (Minor issue) - php5 (unimportant) [jessie] - php5 5.6.33+dfsg-0+deb8u1 NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5 NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...) NOT-FOR-US: HiveManager CVE-2017-14104 RESERVED CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel befo ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.6-1 NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3) CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in Grap ...) {DLA-1130-1} - graphicsmagick 1.3.26-8 [stretch] - graphicsmagick (Incomplete fix for CVE-2017-11403 not applied) [jessie] - graphicsmagick (Incomplete fix for CVE-2017-11403 not applied) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f NOTE: https://www.openwall.com/lists/oss-security/2017/09/01/6 NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/ CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping privileg ...) - mimedefang 2.83-1 (bug #877363) [stretch] - mimedefang (Minor issue) [jessie] - mimedefang (Minor issue) [wheezy] - mimedefang (Minor issue only exploitable if daemon is compromised in some other way) NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...) NOT-FOR-US: Conserus Image Repository CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart Protecti ...) NOT-FOR-US: Trend Micro CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...) NOT-FOR-US: Trend Micro CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...) NOT-FOR-US: Trend Micro CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...) NOT-FOR-US: Trend Micro CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for E ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 1 ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2017-14091 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2017-14090 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...) NOT-FOR-US: Trend Micro ScanMail for Exchange CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeS ...) NOT-FOR-US: Trend Micro CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12 ...) NOT-FOR-US: Trend Micro CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 ...) NOT-FOR-US: Trend Micro CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Mic ...) NOT-FOR-US: Trend Micro CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote un ...) NOT-FOR-US: Trend Micro CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...) NOT-FOR-US: Trend Micro CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...) NOT-FOR-US: Trend Micro Mobile Security CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security (En ...) NOT-FOR-US: Trend Micro Mobile Security CVE-2017-14079 (Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) ...) NOT-FOR-US: Trend Micro Mobile Security CVE-2017-14078 (SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterpri ...) NOT-FOR-US: Trend Micro Mobile Security CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17. ...) - asterisk 1:13.17.1~dfsg-1 (bug #873909) [stretch] - asterisk (Vulnerable code not present; issue introduced in 13.15) [jessie] - asterisk (Vulnerable code not present; issue introduced in 13.15) [wheezy] - asterisk (Vulnerable code not present; issue introduced in 13.15) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152 NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152 CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...) {DSA-3964-1 DLA-1122-1} - asterisk 1:13.17.1~dfsg-1 (bug #873908) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103 NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103 CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...) {DSA-3964-1} - asterisk 1:13.17.1~dfsg-1 (bug #873907) [wheezy] - asterisk (strictrtp option is disabled by default. Too intrusive too backport) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013 NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013 CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...) NOT-FOR-US: Securimage CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id paramet ...) NOT-FOR-US: NexusPHP CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on Ju ...) NOT-FOR-US: Jungo WinDriver CVE-2017-14074 RESERVED CVE-2017-14073 RESERVED CVE-2017-14072 RESERVED CVE-2017-14071 RESERVED CVE-2017-14070 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...) NOT-FOR-US: NexusPHP CVE-2017-14069 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw arr ...) NOT-FOR-US: NexusPHP CVE-2017-14068 RESERVED CVE-2017-14067 RESERVED CVE-2017-14066 RESERVED CVE-2017-14065 RESERVED CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can e ...) {DSA-3966-1 DLA-1421-1 DLA-1114-1} - ruby2.3 2.3.3-1+deb9u1 (bug #873906) - ruby2.1 - ruby1.9.1 NOTE: https://bugs.ruby-lang.org/issues/13853 NOTE: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 CVE-2017-14062 (Integer overflow in the decode_digit function in puny_decode.c in Libi ...) {DSA-3988-1 DLA-1447-1 DLA-1085-1 DLA-1084-1} - libidn2-0 2.0.2-4 (bug #873902) - libidn 1.33-2 (bug #873903) [stretch] - libidn 1.33-1+deb9u1 NOTE: https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2 ...) - libidn2-0 2.0.2-4 (bug #873904) [stretch] - libidn2-0 (Vulnerable code not present) [jessie] - libidn2-0 (Vulnerable code not present) [wheezy] - libidn2-0 (Vulnerable code not present) - libidn (Vulnerable code not present) NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305 CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506) NOTE: https://github.com/ImageMagick/ImageMagick/issues/710 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48 CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF che ...) {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav [jessie] - libav (vulnerable code is not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...) {DSA-3996-1 DLA-1740-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 NOTE: libav: The vulnerable code is in asfdec.c. CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due t ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...) {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...) {DSA-3996-1} - ffmpeg 7:3.3.4-1 (low) - libav [jessie] - libav (vulnerable code is not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...) NOT-FOR-US: NetApp CVE-2017-14052 RESERVED CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...) {DLA-1241-1} - libkohana2-php [jessie] - libkohana2-php (Minor issue) NOTE: https://github.com/kohana/kohana/issues/107 NOTE: Fixed by https://github.com/kohana/core/pull/697 CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function ...) NOT-FOR-US: OpenCart CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() befo ...) NOT-FOR-US: phpThumb CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...) - async-http-client (Vulnerable code introduced later after port to new Request API) NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455 NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3 CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote authenti ...) NOT-FOR-US: BlackCat CMS CVE-2017-14049 (In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows re ...) NOT-FOR-US: BlackCat CMS CVE-2017-14048 (BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary ...) NOT-FOR-US: BlackCat CMS CVE-2017-14047 RESERVED CVE-2017-14046 RESERVED CVE-2017-14045 RESERVED CVE-2017-14044 RESERVED CVE-2017-14043 RESERVED CVE-2017-14038 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerabilit ...) NOT-FOR-US: CrushFTP CVE-2017-14037 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerab ...) NOT-FOR-US: CrushFTP CVE-2017-14036 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.) NOT-FOR-US: CrushFTP CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability.) NOT-FOR-US: CrushFTP CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...) {DLA-1200-1} - linux 4.12.13-1 (unimportant) [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux 3.16.43-2+deb8u5 NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017 NOTE: https://patchwork.kernel.org/patch/9929625/ NOTE: Non issue, only "exploitable" with root access CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as use ...) NOT-FOR-US: libbpg NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...) {DSA-4031-1 DLA-1421-1 DLA-1114-1} - ruby2.3 2.3.5-1 (bug #875928) - ruby2.1 - ruby1.9.1 - ruby1.8 (vunlerable code not present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1058757 NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/ NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada 1 ...) NOT-FOR-US: Trihedral VTScada CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted se ...) NOT-FOR-US: Moxa MXview CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) NOT-FOR-US: Trihedral VTScada CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...) NOT-FOR-US: Moxa CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) NOT-FOR-US: Korenix CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) NOT-FOR-US: Ice Qube Thermal Management Center CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T relea ...) NOT-FOR-US: ABB FOX515T CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider Electr ...) NOT-FOR-US: Schneider Electric CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC P ...) NOT-FOR-US: Siemens CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell Automati ...) NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) NOT-FOR-US: Korenix CVE-2017-14020 (In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) ...) NOT-FOR-US: AutomationDirect CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea Movi ...) NOT-FOR-US: Progea Movicon CVE-2017-14018 (An improper authentication issue was discovered in Johnson & Johnson E ...) NOT-FOR-US: Johnson & Johnson Ethicon Endo-Surgery Generator Gen11 CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea Mov ...) NOT-FOR-US: Progea Movicon CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...) NOT-FOR-US: Advantech CVE-2017-14015 RESERVED CVE-2017-14014 (Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded crypt ...) NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120 CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14012 (Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at ...) NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120 CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent MultiFL ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14010 (In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions ...) NOT-FOR-US: SpiderControl CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX M1 ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current vers ...) NOT-FOR-US: GE Centricity PACS RA1000 CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent M ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all ...) NOT-FOR-US: GE Xeleris CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent MultiF ...) NOT-FOR-US: ProMinent MultiFLEX M10a Controller CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are affecte ...) NOT-FOR-US: GE GEMNet License server CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA Ethe ...) NOT-FOR-US: LAVA Ether-Serial Link CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current ...) NOT-FOR-US: GE Infinia/Infinia with Hawkeye 4 medical imaging systems CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command i ...) NOT-FOR-US: Asterisk GUI NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI CVE-2017-14000 (An Improper Authentication issue was discovered in Ctek SkyRouter Seri ...) NOT-FOR-US: Ctek SkyRouter CVE-2017-13999 (A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studi ...) NOT-FOR-US: WECON LEVI Studio HMI Editor CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...) NOT-FOR-US: LOYTEC LVIS-3ME CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...) NOT-FOR-US: Schneider CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME vers ...) NOT-FOR-US: LOYTEC LVIS-3ME CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions in ...) NOT-FOR-US: iniNet Solutions iniNet Webserver CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME version ...) NOT-FOR-US: LOYTEC LVIS-3ME CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS ...) NOT-FOR-US: i-SENS SmartLog Diabetes Management Software CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versio ...) NOT-FOR-US: LOYTEC LVIS-3ME CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...) NOT-FOR-US: ArcSight CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...) NOT-FOR-US: ArcSight CVE-2017-13989 (An improper access control vulnerability in ArcSight ESM and ArcSight ...) NOT-FOR-US: ArcSight CVE-2017-13988 (An improper access control vulnerability in ArcSight ESM and ArcSight ...) NOT-FOR-US: ArcSight CVE-2017-13987 (An insufficient access control vulnerability in ArcSight ESM and ArcSi ...) NOT-FOR-US: ArcSight CVE-2017-13986 (A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM an ...) NOT-FOR-US: ArcSight CVE-2017-13985 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) NOT-FOR-US: HP CVE-2017-13984 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) NOT-FOR-US: HP CVE-2017-13983 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) NOT-FOR-US: HP CVE-2017-13982 (A directory traversal vulnerability in HPE BSM Platform Application Pe ...) NOT-FOR-US: HP CVE-2017-13981 REJECTED CVE-2017-13980 REJECTED CVE-2017-13979 REJECTED CVE-2017-13978 REJECTED CVE-2017-13977 REJECTED CVE-2017-13976 REJECTED CVE-2017-13975 REJECTED CVE-2017-13974 REJECTED CVE-2017-13973 REJECTED CVE-2017-13972 REJECTED CVE-2017-13971 REJECTED CVE-2017-13970 REJECTED CVE-2017-13969 REJECTED CVE-2017-13968 REJECTED CVE-2017-13967 REJECTED CVE-2017-13966 REJECTED CVE-2017-13965 REJECTED CVE-2017-13964 REJECTED CVE-2017-13963 REJECTED CVE-2017-13962 REJECTED CVE-2017-13961 REJECTED CVE-2017-13960 REJECTED CVE-2017-13959 REJECTED CVE-2017-13958 REJECTED CVE-2017-13957 REJECTED CVE-2017-13956 REJECTED CVE-2017-13955 REJECTED CVE-2017-13954 REJECTED CVE-2017-13953 REJECTED CVE-2017-13952 REJECTED CVE-2017-13951 REJECTED CVE-2017-13950 REJECTED CVE-2017-13949 REJECTED CVE-2017-13948 REJECTED CVE-2017-13947 REJECTED CVE-2017-13946 REJECTED CVE-2017-13945 REJECTED CVE-2017-13944 REJECTED CVE-2017-13943 REJECTED CVE-2017-13942 REJECTED CVE-2017-13941 REJECTED CVE-2017-13940 REJECTED CVE-2017-13939 REJECTED CVE-2017-13938 REJECTED CVE-2017-13937 REJECTED CVE-2017-13936 REJECTED CVE-2017-13935 REJECTED CVE-2017-13934 REJECTED CVE-2017-13933 REJECTED CVE-2017-13932 REJECTED CVE-2017-13931 REJECTED CVE-2017-13930 REJECTED CVE-2017-13929 REJECTED CVE-2017-13928 REJECTED CVE-2017-13927 REJECTED CVE-2017-13926 REJECTED CVE-2017-13925 REJECTED CVE-2017-13924 REJECTED CVE-2017-13923 REJECTED CVE-2017-13922 REJECTED CVE-2017-13921 REJECTED CVE-2017-13920 REJECTED CVE-2017-13919 REJECTED CVE-2017-13918 REJECTED CVE-2017-13917 REJECTED CVE-2017-13916 REJECTED CVE-2017-13915 REJECTED CVE-2017-13914 REJECTED CVE-2017-13913 REJECTED CVE-2017-13912 REJECTED CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...) NOT-FOR-US: Apple CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...) NOT-FOR-US: Apple CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...) NOT-FOR-US: Apple CVE-2017-13907 (A state management issue was addressed with improved state validation. ...) NOT-FOR-US: Apple CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...) NOT-FOR-US: Apple CVE-2017-13902 REJECTED CVE-2017-13901 REJECTED CVE-2017-13900 REJECTED CVE-2017-13899 REJECTED CVE-2017-13898 REJECTED CVE-2017-13897 REJECTED CVE-2017-13896 REJECTED CVE-2017-13895 REJECTED CVE-2017-13894 REJECTED CVE-2017-13893 REJECTED CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...) NOT-FOR-US: Apple CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...) NOT-FOR-US: Apple CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13889 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, ...) NOT-FOR-US: Apple CVE-2017-13888 (In iOS before 11.2, a type confusion issue was addressed with improved ...) NOT-FOR-US: Apple CVE-2017-13887 (In macOS High Sierra before 10.13.2, a logic issue existed in APFS whe ...) NOT-FOR-US: Apple CVE-2017-13886 (In macOS High Sierra before 10.13.2, an access issue existed with priv ...) NOT-FOR-US: Apple CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-13884 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13882 RESERVED CVE-2017-13881 RESERVED CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13877 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13873 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra b ...) NOT-FOR-US: Apple CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 o ...) NOT-FOR-US: Apple CVE-2017-13863 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13859 RESERVED CVE-2017-13858 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13857 RESERVED CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13854 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-13853 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13851 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-13850 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13847 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Potentially src:pcre3, but Apple doesn't play by the rules CVE-2017-13845 RESERVED CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13843 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13842 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13839 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13832 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13831 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13830 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13827 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-13826 REJECTED CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13824 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13823 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13822 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13821 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13820 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13819 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple products. ...) NOT-FOR-US: Apple CVE-2017-13816 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules CVE-2017-13815 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-13814 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13813 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13809 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13808 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13807 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13806 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-13805 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13804 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13803 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13802 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13801 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13800 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13799 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-13798 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13797 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple-specific Webkit change (since not mentioned in webkitgtk releases) CVE-2017-13796 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13795 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13794 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13793 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13792 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13791 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13790 (An issue was discovered in certain Apple products. Safari before 11.0. ...) NOT-FOR-US: Apple Safari CVE-2017-13789 (An issue was discovered in certain Apple products. Safari before 11.0. ...) NOT-FOR-US: Apple Safari CVE-2017-13788 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13787 RESERVED CVE-2017-13786 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13785 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13784 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13783 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0009.html NOTE: Not covered by security support CVE-2017-13782 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-13781 RESERVED CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory tr ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentic ...) {DSA-3967-1} - mbedtls 2.6.0-1 (bug #873557) - polarssl [jessie] - polarssl (Vulnerable code not present) [wheezy] - polarssl (Vulnerable code not present) NOTE: Affected versions: all from version 1.3.10 up and including 2.1 and later releases NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 NOTE: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offli ...) NOT-FOR-US: India Goods and Services Tax Network CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...) NOT-FOR-US: Fiyo CMS CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...) {DSA-4321-1 DLA-1456-1 DLA-1082-1} - graphicsmagick 1.3.26-8 (low) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...) {DSA-4321-1 DLA-1456-1 DLA-1082-1} - graphicsmagick 1.3.26-8 (low) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...) {DSA-4321-1 DLA-1456-1} - graphicsmagick 1.3.26-8 (low) [wheezy] - graphicsmagick (Vulnerable code not present) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd CVE-2017-13774 (Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to gener ...) NOT-FOR-US: Hikvision CVE-2017-13773 RESERVED CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers w ...) NOT-FOR-US: TP-Link CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configu ...) NOT-FOR-US: Lexmark Scan To Network CVE-2017-13770 RESERVED CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878507) NOTE: https://github.com/ImageMagick/ImageMagick/issues/705 NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5 NOTE: Extra checks: NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260 CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352) NOTE: https://github.com/ImageMagick/ImageMagick/issues/706 NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP diss ...) - wireshark 2.4.1-1 [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector coul ...) - wireshark 2.4.1-1 [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM di ...) {DLA-1634-1} - wireshark 2.4.1-1 [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL point ...) - wireshark 2.4.1-1 [jessie] - wireshark (vulnerable request not implemented) [wheezy] - wireshark (vulnerable request not implemented) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html CVE-2017-13763 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of m ...) NOT-FOR-US: ONOS CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.) NOT-FOR-US: ONOS CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a thi ...) NOT-FOR-US: Fastly CDN module for Magento2 CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...) {DLA-3054-1} - sleuthkit 4.4.2-3 (unimportant; bug #873724) NOTE: https://github.com/sleuthkit/sleuthkit/issues/906 NOTE: Negligible security impact CVE-2017-13759 RESERVED CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...) {DSA-4040-1 DSA-4032-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #878508) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/57eced684ad0660fe580800d977ba94623ec67ac CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.29-10 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...) {DLA-3054-1} - sleuthkit 4.4.2-3 (unimportant; bug #873725) NOTE: https://github.com/sleuthkit/sleuthkit/issues/914 NOTE: Negligible security impact CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...) {DLA-3054-1} - sleuthkit 4.4.2-3 (unimportant; bug #873726) NOTE: https://github.com/sleuthkit/sleuthkit/issues/913 NOTE: Negligible security impact CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the "advanced settings - t ...) NOT-FOR-US: Wibu-Systems CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in convert ...) - openjpeg2 2.1.2-1 [jessie] - openjpeg2 (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2) NOTE: https://github.com/uclouvain/openjpeg/issues/833 CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...) - openjpeg2 (unimportant) NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b NOTE: https://github.com/uclouvain/openjpeg/issues/731 NOTE: https://github.com/uclouvain/openjpeg/issues/732 NOTE: https://github.com/uclouvain/openjpeg/issues/777 NOTE: https://github.com/uclouvain/openjpeg/issues/778 NOTE: https://github.com/uclouvain/openjpeg/issues/779 NOTE: https://github.com/uclouvain/openjpeg/issues/780 CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...) - openjpeg2 (unimportant) NOTE: https://github.com/uclouvain/openjpeg/issues/776 NOTE: https://github.com/uclouvain/openjpeg/issues/784 NOTE: https://github.com/uclouvain/openjpeg/issues/785 NOTE: https://github.com/uclouvain/openjpeg/issues/792 CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout functi ...) - openjpeg2 2.2.0-1 (bug #874113) [stretch] - openjpeg2 2.1.2-1.1+deb9u2 [jessie] - openjpeg2 (Vulnerable code introduced later, see #874113) NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04 NOTE: https://github.com/uclouvain/openjpeg/issues/835 CVE-2017-13753 REJECTED CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485276 CVE-2017-13751 (There is a reachable assertion abort in the function calcstepsizes() i ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485283 CVE-2017-13750 (There is a reachable assertion abort in the function jpc_dec_process_s ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485280 CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285 CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the func ...) {DLA-1583-1} - jasper (low) [wheezy] - jasper (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287 NOTE: https://github.com/mdadams/jasper/issues/168 NOTE: Fixed by https://github.com/mdadams/jasper/pull/159 but still no upstream comment. CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() i ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485282 CVE-2017-13746 (There is a reachable assertion abort in the function jpc_dec_process_s ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485286 CVE-2017-13745 (There is a reachable assertion abort in the function jpc_dec_process_s ...) - jasper (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485274 CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484338 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4 CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the functio ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484335 CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484332 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/af5791ea792acc0a9707738001aa1df3daff7a66 CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two thou ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in co ...) - liblouis 3.3.0-1 (low; bug #874302) [stretch] - liblouis 3.0.0-3+deb9u1 [jessie] - liblouis (Minor issue) [wheezy] - liblouis (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297 NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4 CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...) {DSA-4321-1 DLA-1456-1 DLA-1140-1} - graphicsmagick 1.3.26-15 (low; bug #878511) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196 NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magick/com ...) - graphicsmagick (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192 CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...) {DLA-2903-1} - libraw 0.18.5-1 (low; bug #874729) [wheezy] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/96 NOTE: Isolated patch: https://github.com/LibRaw/LibRaw/files/1276421/radc_divbyzero.txt NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988 CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291 CVE-2017-13733 (There is an illegal address access in the fmt_entry function in progs/ ...) - ncurses 6.0+20170902-1 (bug #873746) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290 CVE-2017-13732 (There is an illegal address access in the function dump_uses() in prog ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287 CVE-2017-13731 (There is an illegal address access in the function postprocess_termcap ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285 CVE-2017-13730 (There is an illegal address access in the function _nc_read_entry_sour ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284 CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in all ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276 CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...) - ncurses 6.0+20170827-1 (bug #873723) [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274 CVE-2017-13727 (There is a reachable assertion abort in the function TIFFWriteDirector ...) {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-5 (bug #873879) - tiff3 [wheezy] - tiff3 (Vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc CVE-2017-13726 (There is a reachable assertion abort in the function TIFFWriteDirector ...) {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-5 (bug #873880) - tiff3 [wheezy] - tiff3 (Vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scri ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local a ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.4-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac NOTE: This is in libxkbfile in wheezy CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont throu ...) {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd NOTE: libxfont1 is only used by xfonts-utils, no security impact CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attack ...) {DSA-4000-1} - xorg-server 2:1.19.4-1 [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...) {DSA-3995-1 DLA-1126-1} - libxfont 1:2.0.1-4 - libxfont1 (unimportant) NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 NOTE: libxfont1 is only used by xfonts-utils, no security impact CVE-2017-13719 (The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 ...) NOT-FOR-US: Amcrest CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...) NOT-FOR-US: Starry Station CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...) NOT-FOR-US: Starry Station CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...) - binutils (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009 NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE NOTE: has assigned it specifically to the issue as raised within binutils. NOTE: binutils not covered by security support CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the Li ...) - linux 4.3.1-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 (4.3-rc1) NOTE: Introduced by: https://git.kernel.org/linus/b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 (4.2-rc1) CVE-2017-13714 RESERVED CVE-2017-13713 (T&W WIFI Repeater BE126 allows remote authenticated users to execute a ...) NOT-FOR-US: T&W WIFI Repeater BE126 CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in libm ...) - lame 3.100-1 (low) [stretch] - lame (Minor issue) [jessie] - lame (Minor issue) NOTE: https://sourceforge.net/p/lame/bugs/472/ CVE-2017-13711 (Use-after-free vulnerability in the sofree function in slirp/socket.c ...) {DSA-3991-1} - qemu 1:2.10.0-1 (bug #873875) [jessie] - qemu (Vulnerable code introduced later) [wheezy] - qemu (Vulnerable code introduced later) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400 CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage functio ...) {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874115) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/ NOTE: https://github.com/uclouvain/openjpeg/issues/997 CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPE ...) {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874117) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/ NOTE: https://github.com/uclouvain/openjpeg/issues/995 CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packe ...) {DSA-4013-1} - openjpeg2 2.3.0-1 (bug #874118) NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/ NOTE: https://github.com/uclouvain/openjpeg/issues/992 NOTE: The issue is covered by https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage functio ...) - graphicsmagick 1.3.26-9 (unimportant; bug #873538) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d NOTE: https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/ NOTE: https://sourceforge.net/p/graphicsmagick/bugs/441/ CVE-2017-13710 (The setup_group function in elf.c in the Binary File Descriptor (BFD) ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterprise 10.0 ...) NOT-FOR-US: VX Search Enterprise CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version 2 ...) NOT-FOR-US: Replibit CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package function ...) NOT-FOR-US: Lansweeper CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...) - flightgear 1:2017.2.1+dfsg-4 (low; bug #873439) [stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1 [jessie] - flightgear 3.0.0-5+deb8u3 NOTE: https://www.openwall.com/lists/oss-security/2017/08/27/1 CVE-2017-13705 RESERVED CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the expe ...) - dnsmasq 2.78-1 (bug #877102) [stretch] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) [jessie] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) [wheezy] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510 NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: Moxa CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: MOXA CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) NOT-FOR-US: MOXA CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...) NOT-FOR-US: FineCMS CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of Du ...) NOT-FOR-US: Dup Scout Enterprise CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0007.html NOTE: Not covered by security support CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0007.html NOTE: Not covered by security support CVE-2017-13695 (The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...) - acpica-unix 20180209-1 (unimportant) - linux 4.17.3-1 (unimportant) NOTE: https://patchwork.kernel.org/patch/9850567/ NOTE: non-issue/no relevant security impact CVE-2017-13694 (The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...) - acpica-unix 20180209-1 (unimportant) - linux (unimportant) NOTE: https://patchwork.kernel.org/patch/9806085/ NOTE: non-issue/no relevant security impact CVE-2017-13693 (The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...) - acpica-unix 20180209-1 (unimportant) - linux (unimportant) NOTE: https://patchwork.kernel.org/patch/9919053/ NOTE: non-issue/no relevant security impact CVE-2017-13692 (In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attacker ...) - tidy-html5 (Vulnerable code introduced later) - tidy (Vulnerable code introduced later) NOTE: https://github.com/htacg/tidy-html5/issues/588 CVE-2017-13691 RESERVED CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read i ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...) - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205 CVE-2016-1000245 RESERVED CVE-2017-13685 (The dump_callback function in SQLite 3.20.0 allows remote attackers to ...) - sqlite3 3.20.1-1 (unimportant; bug #873762) - sqlite (unimportant) NOTE: https://sqlite.org/src/info/02f0f4c54f2819b3 NOTE: http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html NOTE: Crash in the command-line shell program, not the the core SQLite library. CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE b ...) NOT-FOR-US: Unisys Libra CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory ...) NOT-FOR-US: Symantec CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memo ...) NOT-FOR-US: Symantec CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be suscep ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Wi ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...) NOT-FOR-US: Symantec CVE-2017-13678 (Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) ...) NOT-FOR-US: Symantec CVE-2017-13677 (Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure ...) NOT-FOR-US: Symantec CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading vulne ...) NOT-FOR-US: Symantec CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption befor ...) NOT-FOR-US: Symantec CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege esc ...) NOT-FOR-US: Symantec ProxyClient CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty bitm ...) - qemu 1:2.10.0+dfsg-2 [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) [wheezy] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375 (v2.10.1) NOTE: Introduced by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72 NOTE: In the unstable upload the fix is integrated in debian/patches/qemu-2.10.1.diff CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator su ...) {DSA-3991-1} - qemu 1:2.10.0-1 (low; bug #873851) [jessie] - qemu (Minor issue, root DoS, too complex to backport) [wheezy] - qemu (Can be fixed along in a future DSA) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along in a future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html NOTE: Fixed by https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681 NOTE: CentOS7 has a backport/upgrade(?) for their frankenstein version NOTE: http://vault.centos.org/7.6.1810/updates/Source/SPackages/qemu-kvm-1.5.3-160.el7_6.3.src.rpm CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...) NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any file vi ...) NOT-FOR-US: BlackCat CMS CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...) NOT-FOR-US: NexusPHP CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...) - x265 (Affected code is not enabled) CVE-2017-13665 RESERVED CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version 2.2. ...) NOT-FOR-US: iSmartAlarm CubeOne CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2 ...) NOT-FOR-US: iSmartAlarm CubeOne CVE-2017-13662 RESERVED CVE-2017-13661 RESERVED CVE-2017-13660 RESERVED CVE-2017-13659 RESERVED CVE-2017-13657 REJECTED CVE-2017-13656 REJECTED CVE-2017-13655 REJECTED CVE-2017-13654 REJECTED CVE-2017-13653 REJECTED CVE-2017-13652 (NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are ...) NOT-FOR-US: NetApp CVE-2017-13651 REJECTED CVE-2017-13650 RESERVED CVE-2017-1002150 (python-fedora 0.8.0 and lower is vulnerable to an open redirect result ...) - python-fedora 0.9.0-1 [stretch] - python-fedora (Minor issue) [jessie] - python-fedora (Minor issue) NOTE: https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privil ...) - unrealircd (bug #515130) CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...) - graphicsmagick 1.3.27-1 (unimportant) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/433/ CVE-2017-13647 RESERVED CVE-2017-13646 RESERVED CVE-2017-13645 RESERVED CVE-2017-13644 RESERVED CVE-2017-13643 RESERVED CVE-2017-13642 RESERVED CVE-2017-13641 RESERVED CVE-2017-13640 RESERVED CVE-2017-13639 RESERVED CVE-2017-13638 RESERVED CVE-2017-13637 RESERVED CVE-2017-13636 RESERVED CVE-2017-13635 RESERVED CVE-2017-13634 RESERVED CVE-2017-13633 RESERVED CVE-2017-13632 RESERVED CVE-2017-13631 RESERVED CVE-2017-13630 RESERVED CVE-2017-13629 RESERVED CVE-2017-13628 RESERVED CVE-2017-13627 RESERVED CVE-2017-13626 RESERVED CVE-2017-13625 RESERVED CVE-2017-13624 RESERVED CVE-2017-13623 RESERVED CVE-2017-13622 RESERVED CVE-2017-13621 RESERVED CVE-2017-13620 RESERVED CVE-2017-13619 RESERVED CVE-2017-13618 RESERVED CVE-2017-13617 RESERVED CVE-2017-13616 RESERVED CVE-2017-13615 RESERVED CVE-2017-13614 RESERVED CVE-2017-13613 RESERVED CVE-2017-13612 RESERVED CVE-2017-13611 RESERVED CVE-2017-13610 RESERVED CVE-2017-13609 RESERVED CVE-2017-13608 RESERVED CVE-2017-13607 RESERVED CVE-2017-13606 RESERVED CVE-2017-13605 RESERVED CVE-2017-13604 RESERVED CVE-2017-13603 RESERVED CVE-2017-13602 RESERVED CVE-2017-13601 RESERVED CVE-2017-13600 RESERVED CVE-2017-13599 RESERVED CVE-2017-13598 RESERVED CVE-2017-13597 RESERVED CVE-2017-13596 RESERVED CVE-2017-13595 RESERVED CVE-2017-13594 RESERVED CVE-2017-13593 RESERVED CVE-2017-13592 RESERVED CVE-2017-13591 RESERVED CVE-2017-13590 RESERVED CVE-2017-13589 RESERVED CVE-2017-13588 RESERVED CVE-2017-13587 RESERVED CVE-2017-13586 RESERVED CVE-2017-13585 RESERVED CVE-2017-13584 RESERVED CVE-2017-13583 RESERVED CVE-2017-13582 RESERVED CVE-2017-13581 RESERVED CVE-2017-13580 RESERVED CVE-2017-13579 RESERVED CVE-2017-13578 RESERVED CVE-2017-13577 RESERVED CVE-2017-13576 RESERVED CVE-2017-13575 RESERVED CVE-2017-13574 RESERVED CVE-2017-13573 RESERVED CVE-2017-13572 RESERVED CVE-2017-13571 RESERVED CVE-2017-13570 RESERVED CVE-2017-13569 RESERVED CVE-2017-13568 RESERVED CVE-2017-13567 RESERVED CVE-2017-13566 RESERVED CVE-2017-13565 RESERVED CVE-2017-13564 RESERVED CVE-2017-13563 RESERVED CVE-2017-13562 RESERVED CVE-2017-13561 RESERVED CVE-2017-13560 RESERVED CVE-2017-13559 RESERVED CVE-2017-13558 RESERVED CVE-2017-13557 RESERVED CVE-2017-13556 RESERVED CVE-2017-13555 RESERVED CVE-2017-13554 RESERVED CVE-2017-13553 RESERVED CVE-2017-13552 RESERVED CVE-2017-13551 RESERVED CVE-2017-13550 RESERVED CVE-2017-13549 RESERVED CVE-2017-13548 RESERVED CVE-2017-13547 RESERVED CVE-2017-13546 RESERVED CVE-2017-13545 RESERVED CVE-2017-13544 RESERVED CVE-2017-13543 RESERVED CVE-2017-13542 RESERVED CVE-2017-13541 RESERVED CVE-2017-13540 RESERVED CVE-2017-13539 RESERVED CVE-2017-13538 RESERVED CVE-2017-13537 RESERVED CVE-2017-13536 RESERVED CVE-2017-13535 RESERVED CVE-2017-13534 RESERVED CVE-2017-13533 RESERVED CVE-2017-13532 RESERVED CVE-2017-13531 RESERVED CVE-2017-13530 RESERVED CVE-2017-13529 RESERVED CVE-2017-13528 RESERVED CVE-2017-13527 RESERVED CVE-2017-13526 RESERVED CVE-2017-13525 RESERVED CVE-2017-13524 RESERVED CVE-2017-13523 RESERVED CVE-2017-13522 RESERVED CVE-2017-13521 RESERVED CVE-2017-13520 RESERVED CVE-2017-13519 RESERVED CVE-2017-13518 RESERVED CVE-2017-13517 RESERVED CVE-2017-13516 RESERVED CVE-2017-13515 RESERVED CVE-2017-13514 RESERVED CVE-2017-13513 RESERVED CVE-2017-13512 RESERVED CVE-2017-13511 RESERVED CVE-2017-13510 RESERVED CVE-2017-13509 RESERVED CVE-2017-13508 RESERVED CVE-2017-13507 RESERVED CVE-2017-13506 RESERVED CVE-2017-13505 RESERVED CVE-2017-13504 RESERVED CVE-2017-13503 RESERVED CVE-2017-13502 RESERVED CVE-2017-13501 RESERVED CVE-2017-13500 RESERVED CVE-2017-13499 RESERVED CVE-2017-13498 RESERVED CVE-2017-13497 RESERVED CVE-2017-13496 RESERVED CVE-2017-13495 RESERVED CVE-2017-13494 RESERVED CVE-2017-13493 RESERVED CVE-2017-13492 RESERVED CVE-2017-13491 RESERVED CVE-2017-13490 RESERVED CVE-2017-13489 RESERVED CVE-2017-13488 RESERVED CVE-2017-13487 RESERVED CVE-2017-13486 RESERVED CVE-2017-13485 RESERVED CVE-2017-13484 RESERVED CVE-2017-13483 RESERVED CVE-2017-13482 RESERVED CVE-2017-13481 RESERVED CVE-2017-13480 RESERVED CVE-2017-13479 RESERVED CVE-2017-13478 RESERVED CVE-2017-13477 RESERVED CVE-2017-13476 RESERVED CVE-2017-13475 RESERVED CVE-2017-13474 RESERVED CVE-2017-13473 RESERVED CVE-2017-13472 RESERVED CVE-2017-13471 RESERVED CVE-2017-13470 RESERVED CVE-2017-13469 RESERVED CVE-2017-13468 RESERVED CVE-2017-13467 RESERVED CVE-2017-13466 RESERVED CVE-2017-13465 RESERVED CVE-2017-13464 RESERVED CVE-2017-13463 RESERVED CVE-2017-13462 RESERVED CVE-2017-13461 RESERVED CVE-2017-13460 RESERVED CVE-2017-13459 RESERVED CVE-2017-13458 RESERVED CVE-2017-13457 RESERVED CVE-2017-13456 RESERVED CVE-2017-13455 RESERVED CVE-2017-13454 RESERVED CVE-2017-13453 RESERVED CVE-2017-13452 RESERVED CVE-2017-13451 RESERVED CVE-2017-13450 RESERVED CVE-2017-13449 RESERVED CVE-2017-13448 RESERVED CVE-2017-13447 RESERVED CVE-2017-13446 RESERVED CVE-2017-13445 RESERVED CVE-2017-13444 RESERVED CVE-2017-13443 RESERVED CVE-2017-13442 RESERVED CVE-2017-13441 RESERVED CVE-2017-13440 RESERVED CVE-2017-13439 RESERVED CVE-2017-13438 RESERVED CVE-2017-13437 RESERVED CVE-2017-13436 RESERVED CVE-2017-13435 RESERVED CVE-2017-13434 RESERVED CVE-2017-13433 RESERVED CVE-2017-13432 RESERVED CVE-2017-13431 RESERVED CVE-2017-13430 RESERVED CVE-2017-13429 RESERVED CVE-2017-13428 RESERVED CVE-2017-13427 RESERVED CVE-2017-13426 RESERVED CVE-2017-13425 RESERVED CVE-2017-13424 RESERVED CVE-2017-13423 RESERVED CVE-2017-13422 RESERVED CVE-2017-13421 RESERVED CVE-2017-13420 RESERVED CVE-2017-13419 RESERVED CVE-2017-13418 RESERVED CVE-2017-13417 RESERVED CVE-2017-13416 RESERVED CVE-2017-13415 RESERVED CVE-2017-13414 RESERVED CVE-2017-13413 RESERVED CVE-2017-13412 RESERVED CVE-2017-13411 RESERVED CVE-2017-13410 RESERVED CVE-2017-13409 RESERVED CVE-2017-13408 RESERVED CVE-2017-13407 RESERVED CVE-2017-13406 RESERVED CVE-2017-13405 RESERVED CVE-2017-13404 RESERVED CVE-2017-13403 RESERVED CVE-2017-13402 RESERVED CVE-2017-13401 RESERVED CVE-2017-13400 RESERVED CVE-2017-13399 RESERVED CVE-2017-13398 RESERVED CVE-2017-13397 RESERVED CVE-2017-13396 RESERVED CVE-2017-13395 RESERVED CVE-2017-13394 RESERVED CVE-2017-13393 RESERVED CVE-2017-13392 RESERVED CVE-2017-13391 RESERVED CVE-2017-13390 RESERVED CVE-2017-13389 RESERVED CVE-2017-13388 RESERVED CVE-2017-13387 RESERVED CVE-2017-13386 RESERVED CVE-2017-13385 RESERVED CVE-2017-13384 RESERVED CVE-2017-13383 RESERVED CVE-2017-13382 RESERVED CVE-2017-13381 RESERVED CVE-2017-13380 RESERVED CVE-2017-13379 RESERVED CVE-2017-13378 RESERVED CVE-2017-13377 RESERVED CVE-2017-13376 RESERVED CVE-2017-13375 RESERVED CVE-2017-13374 RESERVED CVE-2017-13373 RESERVED CVE-2017-13372 RESERVED CVE-2017-13371 RESERVED CVE-2017-13370 RESERVED CVE-2017-13369 RESERVED CVE-2017-13368 RESERVED CVE-2017-13367 RESERVED CVE-2017-13366 RESERVED CVE-2017-13365 RESERVED CVE-2017-13364 RESERVED CVE-2017-13363 RESERVED CVE-2017-13362 RESERVED CVE-2017-13361 RESERVED CVE-2017-13360 RESERVED CVE-2017-13359 RESERVED CVE-2017-13358 RESERVED CVE-2017-13357 RESERVED CVE-2017-13356 RESERVED CVE-2017-13355 RESERVED CVE-2017-13354 RESERVED CVE-2017-13353 RESERVED CVE-2017-13352 RESERVED CVE-2017-13351 RESERVED CVE-2017-13350 RESERVED CVE-2017-13349 RESERVED CVE-2017-13348 RESERVED CVE-2017-13347 RESERVED CVE-2017-13346 RESERVED CVE-2017-13345 RESERVED CVE-2017-13344 RESERVED CVE-2017-13343 RESERVED CVE-2017-13342 RESERVED CVE-2017-13341 RESERVED CVE-2017-13340 RESERVED CVE-2017-13339 RESERVED CVE-2017-13338 RESERVED CVE-2017-13337 RESERVED CVE-2017-13336 RESERVED CVE-2017-13335 RESERVED CVE-2017-13334 RESERVED CVE-2017-13333 RESERVED CVE-2017-13332 RESERVED CVE-2017-13331 RESERVED CVE-2017-13330 RESERVED CVE-2017-13329 RESERVED CVE-2017-13328 RESERVED CVE-2017-13327 RESERVED CVE-2017-13326 RESERVED CVE-2017-13325 RESERVED CVE-2017-13324 RESERVED CVE-2017-13323 RESERVED NOT-FOR-US: Android CVE-2017-13322 RESERVED NOT-FOR-US: Android CVE-2017-13321 RESERVED NOT-FOR-US: Android CVE-2017-13320 RESERVED NOT-FOR-US: Android Media Framework CVE-2017-13319 RESERVED NOT-FOR-US: Android Media Framework CVE-2017-13318 RESERVED NOT-FOR-US: Android Media Framework CVE-2017-13317 RESERVED NOT-FOR-US: Android Media Framework CVE-2017-13316 RESERVED NOT-FOR-US: Android CVE-2017-13315 RESERVED CVE-2017-13314 RESERVED CVE-2017-13313 RESERVED CVE-2017-13312 RESERVED CVE-2017-13311 RESERVED CVE-2017-13310 RESERVED CVE-2017-13309 RESERVED CVE-2017-13308 RESERVED CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel encrypte ...) {DLA-1731-1} - linux 4.12.6-1 [stretch] - linux 4.9.82-1+deb9u1 NOTE: Fixed by: https://git.kernel.org/linus/794b4bc292f5d31739d89c0202c54e7dc9bc3add CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm d ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver. ...) NOT-FOR-US: Broadcom components for Android CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). P ...) NOT-FOR-US: Android CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). P ...) NOT-FOR-US: Android CVE-2017-13300 (A denial of service vulnerability in the Android media framework (libh ...) NOT-FOR-US: Android media framework CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). Product ...) NOT-FOR-US: Android media framework CVE-2017-13298 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13297 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13296 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13295 (A denial of service vulnerability in the Android framework (package in ...) NOT-FOR-US: Android CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp ...) NOT-FOR-US: Android framework (aosp email application) CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bound ...) NOT-FOR-US: Broadcom components for Android CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible N ...) NOT-FOR-US: Android CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of b ...) NOT-FOR-US: Android CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a p ...) NOT-FOR-US: Android CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...) NOT-FOR-US: Android CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a possi ...) NOT-FOR-US: Android CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...) NOT-FOR-US: Android CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...) NOT-FOR-US: Android CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT ...) NOT-FOR-US: Android CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possi ...) NOT-FOR-US: Android CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible s ...) NOT-FOR-US: Android CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stac ...) NOT-FOR-US: Android CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of libframesequen ...) NOT-FOR-US: Android media framework CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource exhau ...) NOT-FOR-US: Android media framework CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...) NOT-FOR-US: Android media framework CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bo ...) NOT-FOR-US: Android media framework CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...) NOT-FOR-US: Android CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient locking ...) NOT-FOR-US: Android CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2017-13271 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13270 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2017-13269 (A information disclosure vulnerability in the Android system (bluetoot ...) NOT-FOR-US: Android CVE-2017-13268 (A information disclosure vulnerability in the Android system (bluetoot ...) NOT-FOR-US: Android CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...) NOT-FOR-US: Android CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...) NOT-FOR-US: Android CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA upda ...) NOT-FOR-US: Android CVE-2017-13264 (A other vulnerability in the Android media framework (Avcdec). Product ...) NOT-FOR-US: Android Media Framework CVE-2017-13263 (A elevation of privilege vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-13262 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2017-13261 (In bnep_process_control_packet of bnep_utils.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2017-13260 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2017-13259 (In functionality implemented in sdp_discovery.cc, there are possible o ...) NOT-FOR-US: Android CVE-2017-13258 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2017-13257 (In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after f ...) NOT-FOR-US: Android CVE-2017-13256 (In process_service_search_attr_req of sdp_server.cc, there is an out o ...) NOT-FOR-US: Android CVE-2017-13255 (In process_service_attr_req of sdp_server.c, there is an out of bounds ...) NOT-FOR-US: Android CVE-2017-13254 (A other vulnerability in the Android media framework (AACExtractor). P ...) NOT-FOR-US: Android Media Framework CVE-2017-13253 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android Media Framework CVE-2017-13252 (In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds writ ...) NOT-FOR-US: Android Media Framework CVE-2017-13251 (In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possib ...) NOT-FOR-US: Android Media Framework CVE-2017-13250 (In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of ...) NOT-FOR-US: Android Media Framework CVE-2017-13249 (In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an ou ...) NOT-FOR-US: Android Media Framework CVE-2017-13248 (In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there ...) NOT-FOR-US: Android Media Framework CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which b ...) NOT-FOR-US: HTC Android components CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel network ...) NOT-FOR-US: Closed source network driver for Pixel phones CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel audio dr ...) NOT-FOR-US: Closed source audio driver for Pixel phones CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel easel. P ...) NOT-FOR-US: Easel driver for Pixel phones CVE-2017-13243 (A information disclosure vulnerability in the Android system (ui). Pro ...) NOT-FOR-US: Android CVE-2017-13242 (A information disclosure vulnerability in the Android system (bluetoot ...) NOT-FOR-US: Android CVE-2017-13241 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13240 (A information disclosure vulnerability in the Android framework (crypt ...) NOT-FOR-US: Android CVE-2017-13239 (A information disclosure vulnerability in the Android framework (ui fr ...) NOT-FOR-US: Android CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used to dump ...) NOT-FOR-US: HTC Android components CVE-2017-13237 RESERVED CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that allows acc ...) NOT-FOR-US: Android CVE-2017-13235 (A other vulnerability in the Android media framework (n/a). Product: A ...) NOT-FOR-US: Android Media Framework CVE-2017-13234 (In DLSParser of the sonivox library, there is possible resource exhaus ...) NOT-FOR-US: Android Media Framework CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible ...) NOT-FOR-US: Android Media Framework CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log statement ...) NOT-FOR-US: Android Media Framework CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to improper input ...) NOT-FOR-US: Android Media Framework CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an incorrect bou ...) NOT-FOR-US: Android Media Framework CVE-2017-13229 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an out-of-bo ...) NOT-FOR-US: Android Media Framework CVE-2017-13227 RESERVED NOT-FOR-US: Android CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2017-13225 (In libMtkOmxVdec.so there is a possible heap buffer overflow. This cou ...) NOT-FOR-US: Mediatek components for Android CVE-2017-13224 RESERVED CVE-2017-13223 RESERVED CVE-2017-13222 (An information disclosure vulnerability in the Upstream kernel kernel. ...) NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13221 (An elevation of privilege vulnerability in the Upstream kernel wifi dr ...) NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel bluez. ...) {DSA-4187-1} - linux 4.0.2-1 [wheezy] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics tou ...) NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13218 (Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdra ...) NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write d ...) NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to in ...) - linux 4.14.17-1 (unimportant) [stretch] - linux 4.9.80-1 [jessie] - linux 3.16.56-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel skcipher ...) - linux 4.4.2-1 [jessie] - linux 3.16.7-ckt25-1 [wheezy] - linux 3.2.78-1 CVE-2017-13214 (In the hardware HEVC decoder, some media files could cause a page faul ...) NOT-FOR-US: HTC components for Android CVE-2017-13213 (An elevation of privilege vulnerability in the Broadcom bcmdhd driver. ...) NOT-FOR-US: Broadcom component for Android CVE-2017-13212 (An elevation of privilege vulnerability in the Android system (systemu ...) NOT-FOR-US: Android CVE-2017-13211 (In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible ...) NOT-FOR-US: Android CVE-2017-13210 (In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, th ...) NOT-FOR-US: Android CVE-2017-13209 (In the ServiceManager::add function in the hardware service manager, t ...) NOT-FOR-US: Android CVE-2017-13208 (In receive_packet of libnetutils/packet.c, there is a possible out-of- ...) NOT-FOR-US: Android CVE-2017-13207 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13206 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13205 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13204 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13203 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13202 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13201 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13200 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13199 (In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception ...) NOT-FOR-US: Android media framework CVE-2017-13198 (A vulnerability in the Android media framework (ex) related to composi ...) NOT-FOR-US: Android media framework CVE-2017-13197 (In the ihevcd_parse_slice.c function, slave threads are not joined if ...) NOT-FOR-US: Android media framework CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur due to i ...) NOT-FOR-US: Android media framework CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several pa ...) NOT-FOR-US: Android media framework CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...) {DSA-4132-1 DLA-1290-1} - libvpx 1.7.0-2 NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9 CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...) NOT-FOR-US: Android media framework CVE-2017-13192 (In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header ...) NOT-FOR-US: Android media framework CVE-2017-13191 (In the ihevcd_decode function of ihevcd_decode.c, there is an infinite ...) NOT-FOR-US: Android media framework CVE-2017-13190 (A vulnerability in the Android media framework (libhevc) related to ha ...) NOT-FOR-US: Android media framework CVE-2017-13189 (A vulnerability in the Android media framework (libavc) related to han ...) NOT-FOR-US: Android media framework CVE-2017-13188 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13187 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13186 (A vulnerability in the Android media framework (libavc) related to inc ...) NOT-FOR-US: Android media framework CVE-2017-13185 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there is a po ...) NOT-FOR-US: Android media framework CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ther ...) NOT-FOR-US: Android media framework CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible intege ...) NOT-FOR-US: Android media framework CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a ...) NOT-FOR-US: Android media framework CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible out-o ...) NOT-FOR-US: Android media framework CVE-2017-13179 (In the ihevcd_allocate_static_bufs and ihevcd_create functions of Soft ...) NOT-FOR-US: Android media framework CVE-2017-13178 (In the initDecoder function of SoftAVCDec, there is a possible out-of- ...) NOT-FOR-US: Android media framework CVE-2017-13177 (In several functions of libhevc, NEON registers are not preserved. Thi ...) NOT-FOR-US: Android media framework CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper input ...) NOT-FOR-US: Android CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. Prod ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: An ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth driv ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performance se ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display driver ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. P ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. Pro ...) - linux 4.17.6-1 [stretch] - linux 4.9.130-1 NOTE: Fixed by: https://git.kernel.org/linus/26b5b874aff5659a7e26e5b1997e3df2c41fa7fd CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. Pro ...) - linux 4.4.2-1 [jessie] - linux 3.16.7-ckt25-1 NOTE: Fixed by: https://git.kernel.org/linus/c3b1681375dc6e71d89a3ae00cc3ce9e775a8917 NOTE: Fixed by: https://git.kernel.org/linus/4dff5c7b7093b19c19d3a100f8a3ad87cb7cd9e7 CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video drive ...) {DSA-4187-1 DSA-4120-1 DLA-1369-1} - linux 4.15.4-1 NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. Pro ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. P ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...) NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless drive ...) NOT-FOR-US: Broadcom components for Android CVE-2017-13160 (A remote code execution vulnerability in the Android system (bluetooth ...) NOT-FOR-US: Android CVE-2017-13159 (An information disclosure vulnerability in the Android system (activit ...) NOT-FOR-US: Android CVE-2017-13158 (An information disclosure vulnerability in the Android system (activit ...) NOT-FOR-US: Android CVE-2017-13157 (An information disclosure vulnerability in the Android system (activit ...) NOT-FOR-US: Android CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). P ...) - android-platform-system-core (Not exploitable on Debian, see #890949) CVE-2017-13155 RESERVED CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-13148 (A denial of service vulnerability in the Android media framework (libm ...) NOT-FOR-US: Android Media Framework CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was foun ...) - graphicsmagick 1.3.27-1 (unimportant) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/ CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memor ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870013) NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430 CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file c ...) {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116) NOTE: https://github.com/ImageMagick/ImageMagick/issues/600 CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...) NOT-FOR-US: Wordpress theme CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in th ...) NOT-FOR-US: WordPress plugin CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ov ...) NOT-FOR-US: libbpg CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...) - x265 2.6-3 (low) [stretch] - x265 (Minor issue) NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1 NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135 NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1401-1 DLA-1170-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #873099) - graphicsmagick 1.3.26-19 (bug #881524) NOTE: https://github.com/ImageMagick/ImageMagick/issues/670 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904 NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05 CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100) NOTE: https://github.com/ImageMagick/ImageMagick/issues/679 NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5 CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c ope ...) - imagemagick (Vulnerable code not present, introduced in 7.0.1-0) NOTE: https://github.com/ImageMagick/ImageMagick/issues/674 CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/676 CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafte ...) NOT-FOR-US: BMC Patrol CVE-2017-13129 (Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2 ...) NOT-FOR-US: ZKTeco ZKTime Web CVE-2017-13128 RESERVED CVE-2017-13127 (The VIP.com application for IOS and Android allows remote attackers to ...) NOT-FOR-US: VIP.com app CVE-2017-13126 REJECTED CVE-2017-13125 REJECTED CVE-2017-13124 REJECTED CVE-2017-13123 REJECTED CVE-2017-13122 REJECTED CVE-2017-13121 REJECTED CVE-2017-13120 REJECTED CVE-2017-13119 REJECTED CVE-2017-13118 REJECTED CVE-2017-13117 REJECTED CVE-2017-13116 REJECTED CVE-2017-13115 REJECTED CVE-2017-13114 REJECTED CVE-2017-13113 REJECTED CVE-2017-13112 REJECTED CVE-2017-13111 REJECTED CVE-2017-13110 REJECTED CVE-2017-13109 REJECTED CVE-2017-13108 (DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, A ...) NOT-FOR-US: DFNDR Security Antivirus, Anti-hacking & Cleaner CVE-2017-13107 (Live.me - live stream video chat, 3.7.20, 2017-11-06, Android applicat ...) NOT-FOR-US: Live.me - live stream video chat Android application CVE-2017-13106 (Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5. ...) NOT-FOR-US: Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient Android application CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13 ...) NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android application CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, ...) NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery iOS application CVE-2017-13103 REJECTED CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS ...) NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS application CVE-2017-13101 (Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-1 ...) NOT-FOR-US: Musical.ly Inc., musical.ly - your video social network iOS application CVE-2017-13100 (DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application ...) NOT-FOR-US: DistinctDev, Inc., The Moron Test iOS application CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...) - wolfssl 3.13.0+dfsg-1 (bug #884235) NOTE: https://github.com/wolfSSL/wolfssl/pull/1229 NOTE: https://robotattack.org/ CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the JC ...) {DSA-4072-1} - bouncycastle 1.58-1 (bug #884241) [jessie] - bouncycastle (Vulnerable code introduced in 1.56 with tls API addition) [wheezy] - bouncycastle (Vulnerable code not present) NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3 NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c NOTE: Fixed in 1.59 beta 9 NOTE: https://robotattack.org/ CVE-2017-13097 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13096 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13095 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13094 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13093 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13092 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13091 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) NOT-FOR-US: P1735 IEEE standard CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK respon ...) {DSA-4008-1 DLA-1149-1} - wget 1.19.2-1 (bug #879957) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...) {DSA-4008-1 DLA-1149-1} - wget 1.19.2-1 (bug #879957) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...) {DSA-3999-1 DLA-1150-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...) {DSA-3999-1 DLA-1150-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tun ...) {DSA-3999-1 DLA-1150-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13085 RESERVED CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ...) - wpa (unimportant) NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey NOTE: implementation in wpa_supplicant is not fully functional and the actual NOTE: installation of the key into the driver does not work. As such, this NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed. CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately v ...) NOT-FOR-US: Akeo Consulting Rufus CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allow ...) {DSA-3999-1 DLA-1150-1} - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...) {DSA-3999-1 DLA-1573-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...) {DSA-3999-1 DLA-1573-1 DLA-1200-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: https://w1.fi/security/2017-1/ NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6) CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...) {DSA-3999-1 DLA-1573-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...) {DSA-3999-1 DLA-1573-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pai ...) {DSA-3999-1 DLA-1573-1 DLA-1150-1} - firmware-nonfree 20180825-1 [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) - wpa 2:2.4-1.1 NOTE: https://w1.fi/security/2017-1/ CVE-2017-13076 RESERVED CVE-2017-13075 RESERVED CVE-2017-13074 RESERVED CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...) NOT-FOR-US: NAP NAS application Photo Station CVE-2017-13072 (Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2 ...) NOT-FOR-US: QNAP CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern all ...) NOT-FOR-US: QNAP CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...) NOT-FOR-US: QNAP CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...) NOT-FOR-US: QNAP CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern all ...) NOT-FOR-US: QNAP CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the Q ...) NOT-FOR-US: QNAP CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...) - graphicsmagick 1.3.27-1 (unimportant) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/ CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in ...) {DSA-4321-1 DLA-1401-1 DLA-1082-1} - graphicsmagick 1.3.26-7 (bug #873119) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...) {DSA-4321-1 DLA-1401-1 DLA-1082-1} - graphicsmagick 1.3.26-7 (bug #873129) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...) {DSA-4321-1 DLA-1401-1 DLA-1082-1} - graphicsmagick 1.3.26-7 (bug #873130) NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/ NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/669 CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...) {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #873131) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/645 NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7 CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/644 CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/667 CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/666 CVE-2017-13057 RESERVED CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might a ...) NOT-FOR-US: PDF-XChange Viewer CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buf ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a buffer o ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-rea ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop d ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite loop du ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an infinite loop d ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, adm ...) NOT-FOR-US: PHPMyWind CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw. ...) {DSA-4040-1 DSA-4032-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #873134) NOTE: https://github.com/ImageMagick/ImageMagick/issues/682 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/26078285f49c361ad8ddc8e14bd1d4aab7ed5682 CVE-2017-12981 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...) NOT-FOR-US: NexusPHP CVE-2017-12980 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...) - dokuwiki 0.0.20180422.a-1 (bug #872941) [jessie] - dokuwiki (Minor issue) [wheezy] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/2081 NOTE: https://github.com/splitbrain/dokuwiki/commit/f883db117a4fdeae72071db41b3ef5932d6335da CVE-2017-12979 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...) - dokuwiki 0.0.20180422.a-1 (bug #872940) [jessie] - dokuwiki (Minor issue) [wheezy] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/issues/2080 NOTE: https://github.com/splitbrain/dokuwiki/commit/56bd9509ab2037512829392fda6427af7f390724 CVE-2017-12978 (lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...) - cacti 1.1.18+ds1-1 [stretch] - cacti (Vulnerable code, external link support, introduced later) [jessie] - cacti (Vulnerable code, external link support, introduced later) [wheezy] - cacti (Vulnerable code, external link support, introduced later) NOTE: https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 NOTE: https://github.com/Cacti/cacti/issues/918 CVE-2017-12977 (The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin ...) NOT-FOR-US: Web-Dorado plugin for Wordpress CVE-2017-1000216 REJECTED CVE-2017-1000205 REJECTED CVE-2017-1000202 REJECTED CVE-2017-1000184 REJECTED CVE-2017-1000183 REJECTED CVE-2017-1000181 REJECTED CVE-2017-1000180 REJECTED CVE-2017-1000179 REJECTED CVE-2017-1000178 REJECTED CVE-2017-1000177 REJECTED CVE-2017-1000175 REJECTED CVE-2017-1000167 REJECTED CVE-2017-1000166 REJECTED CVE-2017-1000165 REJECTED CVE-2017-1000162 REJECTED CVE-2017-1000124 REJECTED CVE-2017-1000123 REJECTED CVE-2017-12982 (The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...) - openjpeg2 2.3.0-1 (unimportant) NOTE: https://github.com/uclouvain/openjpeg/issues/983 NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7 CVE-2017-12975 RESERVED CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without e ...) NOT-FOR-US: Nimbus JOSE + JWT CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...) NOT-FOR-US: Nimbus JOSE + JWT CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check whe ...) NOT-FOR-US: Nimbus JOSE + JWT CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute arbitra ...) {DSA-4010-1 DLA-1495-1 DLA-1144-1} - git-annex 6.20170818-1 (bug #873088) NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471 NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn NOTE: jessie patch: https://gitlab.com/anarcat/git-annex/commit/58daf6cbe4c1ea1cf71f3a538a0e27b5075c7265 NOTE: stretch patch: https://gitlab.com/anarcat/git-annex/commit/115585df48dce16aa702663dab220de625b9de7d NOTE: This is similar class of issue as for CVE-2017-1000117/git CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...) NOT-FOR-US: Apache2Triad CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) NOT-FOR-US: Apache2Triad CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Ava ...) NOT-FOR-US: Avaya IP Office Contact Center CVE-2017-12968 RESERVED CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) li ...) - binutils 2.29-5 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962 CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ...) - asn1c (unimportant) CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...) NOT-FOR-US: Apache2Triad CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) NOTE: Bogus report against historic libsass version CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...) NOTE: Bogus report against historic libsass version CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...) NOTE: Bogus report against historic libsass version CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436 NOTE: Crash in CLI tool, no security impact CVE-2017-12960 (There is a reachable assertion abort in the function dict_rename_var() ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482433 NOTE: Crash in CLI tool, no security impact CVE-2017-12959 (There is a reachable assertion abort in the function dict_add_mrset() ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482432 NOTE: Crash in CLI tool, no security impact CVE-2017-12958 (There is an illegal address access in the function output_hex() in dat ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482429 NOTE: Crash in CLI tool, no security impact CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...) - exiv2 (Incorrect memory allocation introduced in 0.26) NOTE: https://github.com/Exiv2/exiv2/issues/60 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 NOTE: Experimental is affected, tracking as #876242 CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888872) NOTE: https://github.com/Exiv2/exiv2/issues/59 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888873) NOTE: https://github.com/Exiv2/exiv2/issues/58 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4 ...) - libgig 4.0.0-5 (low; bug #877652) [stretch] - libgig (Minor issue) [jessie] - libgig (Minor issue) [wheezy] - libgig (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3350 CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgi ...) - libgig 4.0.0-4 (low; bug #873718) [stretch] - libgig (Minor issue) [jessie] - libgig (Minor issue) [wheezy] - libgig (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote atta ...) - libgig 4.0.0-4 (low; bug #873718) [stretch] - libgig (Minor issue) [jessie] - libgig (Minor issue) [wheezy] - libgig (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in l ...) - libgig 4.0.0-5 (low; bug #877651) [stretch] - libgig (Minor issue) [jessie] - libgig (Minor issue) [wheezy] - libgig (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349 CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows rem ...) - libgig 4.0.0-4 (low; bug #873718) [stretch] - libgig (Minor issue) [jessie] - libgig (Minor issue) [wheezy] - libgig (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove Pod ...) NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlie ...) NOT-FOR-US: PressForward plugin for Wordpress CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...) NOT-FOR-US: Easy Modal plugin for WordPress CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...) NOT-FOR-US: Easy Modal plugin for WordPress CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod be ...) NOT-FOR-US: Solstice Pod CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mish ...) {DSA-4100-1 DLA-1093-1} - tiff 4.0.8-6 (bug #872607) - tiff3 [wheezy] - tiff3 (Vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2725 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/dc02f9050311a90b3c0655147cee09bfa7081cfc CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attacker ...) NOT-FOR-US: D-Link DIR-600 Rev Bx devices CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ve ...) NOT-FOR-US: Unity Editor CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack:: ...) - unrar-nonfree 1:5.5.8-1 [stretch] - unrar-nonfree (Non-free not supported) [jessie] - unrar-nonfree (Non-free not supported) [wheezy] - unrar-nonfree (Non-free not supported) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpa ...) - unrar-nonfree 1:5.5.8-1 [stretch] - unrar-nonfree (Non-free not supported) [jessie] - unrar-nonfree (Non-free not supported) [wheezy] - unrar-nonfree (Non-free not supported) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Enco ...) - unrar-nonfree 1:5.5.8-1 [stretch] - unrar-nonfree (Non-free not supported) [jessie] - unrar-nonfree (Non-free not supported) [wheezy] - unrar-nonfree (Non-free not supported) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a directory-trave ...) - unrar-nonfree 1:5.5.8-1 [stretch] - unrar-nonfree (Non-free not supported) [jessie] - unrar-nonfree (Non-free not supported) [wheezy] - unrar-nonfree (Non-free not supported) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/2 CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...) {DSA-4321-1 DLA-1401-1 DLA-1082-1} - graphicsmagick 1.3.26-6 (bug #872574) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/5 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...) {DSA-4321-1 DLA-1456-1 DLA-1082-1} - graphicsmagick 1.3.26-6 (bug #872575) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/3 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mis ...) {DSA-4321-1 DLA-1456-1 DLA-1082-1} - graphicsmagick 1.3.26-6 (bug #872576) NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/4 NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188 CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...) {DSA-4080-1} - php7.1 7.1.8-1 - php7.0 7.0.22-1 NOTE: Fixed in 7.1.7, 7.0.21 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101 CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...) {DSA-4081-1 DSA-4080-1 DLA-1076-1} - php7.1 7.1.8-1 - php7.0 7.0.22-1 - php5 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111 CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...) {DSA-4080-1} - php7.1 7.1.8-1 - php7.0 7.0.22-1 NOTE: Fixed in 7.1.8, 7.0.22 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74103 NOTE: https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4 CVE-2017-12931 RESERVED CVE-2017-12930 (SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 v ...) NOT-FOR-US: TecnoVISION DLX Spot Player4 CVE-2017-12929 (Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 ...) NOT-FOR-US: TecnoVISION DLX Spot Player4 CVE-2017-12928 (A hard-coded password of tecn0visi0n for the dlxuser account in TecnoV ...) NOT-FOR-US: TecnoVISION DLX Spot Player4 CVE-2017-12926 RESERVED CVE-2017-12918 RESERVED CVE-2017-12917 RESERVED CVE-2017-12916 RESERVED CVE-2017-12915 RESERVED CVE-2017-12914 RESERVED CVE-2017-12913 RESERVED CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which resu ...) - mp3gain 1.6.2-1 [wheezy] - mp3gain NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows rem ...) NOT-FOR-US: NexusPHP CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remo ...) NOT-FOR-US: NexusPHP CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows ...) NOT-FOR-US: NexusPHP CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...) NOT-FOR-US: NexusPHP CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow ...) NOT-FOR-US: NexusPHP CVE-2017-12905 (Server Side Request Forgery vulnerability in Vebto Pixie Image Editor ...) NOT-FOR-US: Vebto Pixie Image Editor CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in b ...) {DSA-3947-1 DLA-1061-1} - newsbeuter 2.9-6 NOTE: https://github.com/akrennmair/newsbeuter/issues/591 NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 CVE-2017-12903 RESERVED CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) {DSA-3971-1 DLA-1097-1} - tcpdump 4.9.2-1 CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p ...) NOT-FOR-US: libfpx CVE-2017-12924 (CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote a ...) NOT-FOR-US: libfpx CVE-2017-12923 (OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remo ...) NOT-FOR-US: libfpx CVE-2017-12922 (wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial o ...) NOT-FOR-US: libfpx CVE-2017-12921 (PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3. ...) NOT-FOR-US: libfpx CVE-2017-12920 (CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote at ...) NOT-FOR-US: libfpx CVE-2017-12919 (Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp ...) NOT-FOR-US: libfpx CVE-2017-12927 (A cross-site scripting vulnerability exists in Cacti 1.1.17 in the met ...) - cacti 1.1.17+ds1-2 (bug #872478) [stretch] - cacti (Vulnerable code introduced later) [jessie] - cacti (Vulnerable code introduced later) [wheezy] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/907 NOTE: https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 CVE-2017-1000108 (The Pipeline: Input Step Plugin by default allowed users with Item/Rea ...) NOT-FOR-US: Jenkins Input Step Plugin CVE-2017-1000107 (Script Security Plugin did not apply sandboxing restrictions to constr ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2017-12892 (Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2. ...) NOT-FOR-US: Foxit PDF Compressor CVE-2017-12891 RESERVED CVE-2017-12890 RESERVED CVE-2017-12889 RESERVED CVE-2017-12888 RESERVED CVE-2017-12887 RESERVED CVE-2017-12886 RESERVED CVE-2017-12885 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Sit ...) NOT-FOR-US: OX Software GmbH App Suite CVE-2017-12884 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Informati ...) NOT-FOR-US: OX Software GmbH App Suite CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875597) [wheezy] - perl (Vulnerable code introduced later) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public) NOTE: https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/2692dda97731c37082a0075eff50d741901c665f NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/40b3cdad3649334585cee8f4630ec9a025e62be6 CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin ...) NOT-FOR-US: Spring Batch Admin CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch Ad ...) NOT-FOR-US: Spring Batch Admin CVE-2017-12880 REJECTED CVE-2017-12879 (Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENS ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2017-12878 RESERVED CVE-2016-10502 (While generating trusted application id, An integer overflow can occur ...) NOT-FOR-US: Snapdragon CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10500 REJECTED CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10497 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10496 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10495 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10494 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10493 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10492 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10491 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10488 REJECTED CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10485 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10484 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10483 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10482 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10481 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10480 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10479 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10478 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10477 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10476 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10475 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10474 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10473 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10470 REJECTED CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10468 REJECTED CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10465 REJECTED CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10463 REJECTED CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10460 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10459 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10458 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10457 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10456 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10453 REJECTED CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10450 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10449 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10448 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10447 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10446 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10445 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10444 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10443 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10442 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10441 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10440 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10439 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10438 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10437 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10436 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10435 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10434 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10433 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10432 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10431 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10430 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10429 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10428 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10427 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10426 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10425 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10424 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10423 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10422 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10421 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10420 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10419 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10418 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10417 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10416 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10413 REJECTED CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10410 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10408 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10406 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9225 REJECTED CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9222 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9221 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9220 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9219 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9218 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9217 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9214 REJECTED CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9211 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9210 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9209 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9208 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9207 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9206 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9205 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9204 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9203 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9202 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9201 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9200 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9199 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9198 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9197 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9196 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9195 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9194 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9193 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9192 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9191 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9190 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9189 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9188 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9187 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9186 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9185 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9184 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9183 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9182 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9181 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9180 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9179 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9178 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9177 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9176 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9175 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9174 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9173 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9172 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9171 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9168 REJECTED CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9165 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9164 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9163 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9162 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9161 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9160 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9159 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9158 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9155 REJECTED CVE-2015-9154 REJECTED CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9151 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9150 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9149 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9148 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9147 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9146 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9145 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9144 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9143 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9142 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9141 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9140 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9139 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9138 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9137 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9136 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9135 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9134 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9133 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9132 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9131 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9130 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9129 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9128 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9125 REJECTED CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9121 REJECTED CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9117 REJECTED CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9114 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9113 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9112 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9111 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9110 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9109 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9108 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9998 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9997 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9996 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9995 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9992 REJECTED CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9989 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9988 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9987 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9986 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9985 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10061 REJECTED CVE-2014-10060 REJECTED CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10057 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10056 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10055 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10054 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10053 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10052 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10049 REJECTED CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10046 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10045 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10044 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10043 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10039 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c i ...) {DSA-4074-1 DSA-4040-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #872373) NOTE: https://github.com/ImageMagick/ImageMagick/issues/662 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890 NOTE: This doesn't affect the base releases, but got introduced via security fixes, which got backported to older suites CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 ...) - imagemagick (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology) NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871) NOTE: https://github.com/ImageMagick/ImageMagick/issues/659 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd CVE-2017-12866 RESERVED CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlie ...) {DSA-3956-1 DLA-1078-1} - connman 1.35-1 (bug #872844) NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35) CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875345) NOTE: https://github.com/opencv/opencv/issues/9372 CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875344) NOTE: https://github.com/opencv/opencv/issues/9371 CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #875342) NOTE: https://github.com/opencv/opencv/issues/9370 CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...) NOT-FOR-US: Epson "EasyMP" CVE-2017-12860 (The Epson "EasyMP" software is designed to remotely stream a users com ...) NOT-FOR-US: Epson "EasyMP" CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS enviro ...) NOT-FOR-US: NetApp CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...) - libzip (Vulnerable code introduced later) NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0) NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0) CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...) NOT-FOR-US: Polycom CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote ...) NOT-FOR-US: C.P.Sub CVE-2017-12854 RESERVED CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XM ...) {DSA-4127-1 DLA-1205-1} - simplesamlphp 1.14.11-1 NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed NOTE: in 1.0.1. The module is embedded in src:simplesamlphp NOTE: https://simplesamlphp.org/security/201612-03 NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ...) {DSA-4127-1 DLA-1205-1} - simplesamlphp 1.14.11-1 NOTE: https://simplesamlphp.org/security/201612-04 NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...) {DLA-1408-1 DLA-1205-1} - simplesamlphp 1.14.15-1 [stretch] - simplesamlphp (Minor issue) NOTE: https://simplesamlphp.org/security/201703-01 NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ...) - simplesamlphp 1.14.15-1 [stretch] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) [jessie] - simplesamlphp (Vulnerable code not present) [wheezy] - simplesamlphp (Vulnerable code not present) NOTE: https://simplesamlphp.org/security/201703-02 CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...) - simplesamlphp 1.14.15-1 [stretch] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) [jessie] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) [wheezy] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) NOTE: https://simplesamlphp.org/security/201704-01 CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remot ...) {DSA-4127-1 DLA-1205-1} - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201704-02 NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ...) {DLA-1408-1 DLA-1205-1} - simplesamlphp 1.14.15-1 [stretch] - simplesamlphp (Only affects setups with old PHP versions not found in stable) NOTE: https://simplesamlphp.org/security/201705-01 NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 an ...) {DSA-4127-1 DLA-1205-1} - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201708-01 NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform t ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-230.html CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affecte ...) NOT-FOR-US: RealTime RWR-3G-100 Router Firmware CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...) - python-numpy 1:1.14.3-1 (unimportant; bug #872407) NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 NOTE: Negligible security impact CVE-2017-12851 (An authenticated standard user could reset the password of the admin b ...) - kanboard (Fixed before initial upload to Debian) CVE-2017-12850 (An authenticated standard user could reset the password of other users ...) - kanboard (Fixed before initial upload to Debian) NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae CVE-2017-12849 (Response discrepancy in the login and password reset forms in SilverSt ...) NOT-FOR-US: SilverStripe CMS CVE-2017-12848 RESERVED CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...) - nagios3 [jessie] - nagios3 (Minor issue) [wheezy] - nagios3 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/08/16/7 NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404 NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752 NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb CVE-2017-12846 RESERVED CVE-2017-12845 RESERVED CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...) NOT-FOR-US: IceWarp CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...) - cyrus-imapd (Vulnerable code introduced later) - cyrus-imapd-2.4 (Vulnerable code introduced later) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0 CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...) - bitcoin 0.14.2~dfsg-1~exp2 CVE-2017-12841 RESERVED CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...) NOTE: DESLock+ CVE-2017-12839 (A heap-based buffer over-read in the getbits function in src/libmpg123 ...) - mpg123 1.25.6-1 [stretch] - mpg123 (Minor issue) [jessie] - mpg123 (Minor issue) NOTE: https://sourceforge.net/p/mpg123/bugs/255/ NOTE: https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...) NOT-FOR-US: NexusPHP CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...) {DSA-3982-1} - perl 5.26.0-8 (bug #875596) [wheezy] - perl (Vulnerable code introduced after 5.14.4) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public) NOTE: https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/66288bb3f44c8aa5122e5f40d8cfc0eada8b1695 NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876 CVE-2017-12835 REJECTED CVE-2017-12834 REJECTED CVE-2017-12833 REJECTED CVE-2017-12832 REJECTED CVE-2017-12831 REJECTED CVE-2017-12830 REJECTED CVE-2017-12829 REJECTED CVE-2017-12828 REJECTED CVE-2017-12827 REJECTED CVE-2017-12826 REJECTED CVE-2017-12825 RESERVED CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in I ...) NOT-FOR-US: InPage CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...) NOT-FOR-US: Kaspersky CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, S ...) NOT-FOR-US: Gemalto CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LD ...) NOT-FOR-US: Gemalto CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...) NOT-FOR-US: Gemalto CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay att ...) NOT-FOR-US: Gemalto CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HA ...) NOT-FOR-US: Gemalto CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the a ...) NOT-FOR-US: Kaspersky Internet Security for Android CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of appli ...) NOT-FOR-US: Kaspersky Internet Security for Android CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 5279 ...) NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in win32/perl ...) - perl (Windows specific issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public) CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments sect ...) NOT-FOR-US: PHPJabbers File Sharing Script CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name para ...) NOT-FOR-US: PHPJabbers Night Club Booking Software CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.) NOT-FOR-US: PHPJabbers Star Rating Script CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ad ...) NOT-FOR-US: PHPJabbers PHP Newsletter Script CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...) {DSA-3991-1} - qemu 1:2.10.0-1 (bug #873849) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html CVE-2017-12808 RESERVED CVE-2017-12807 REJECTED CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) {DLA-2366-1} - imagemagick 8:6.9.9.34+dfsg-3 [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/660 CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) {DLA-2333-1} - imagemagick 8:6.9.9.34+dfsg-3 [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/664 CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...) NOT-FOR-US: ImageWorsener CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0. ...) NOT-FOR-US: mkclean CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 201 ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-0 ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through 20 ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) wi ...) NOT-FOR-US: D-Link CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...) {DSA-3940-1 DLA-1056-1} - cvs 2:1.12.13+real-24 (bug #871810) NOTE: https://www.openwall.com/lists/oss-security/2017/08/11/1 CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows re ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21933 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=957e1fc1c5d0262e4b2f764cf031ad1458446498 CVE-2017-12798 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q p ...) NOT-FOR-US: NexusPHP CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3 parse ...) - mpg123 1.25.6-1 [stretch] - mpg123 (Minor issue) [jessie] - mpg123 (Minor issue) [wheezy] - mpg123 (Minor issue) NOTE: https://sourceforge.net/p/mpg123/bugs/254/ NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/ CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distri ...) NOT-FOR-US: OpenMRS addon CVE-2017-12795 (OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper I ...) NOT-FOR-US: OpenMRS CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...) - python-django 1:1.11.5-1 (low; bug #874415) [stretch] - python-django 1:1.10.7-2+deb9u2 [jessie] - python-django (Vulnerable code do not exist) [wheezy] - python-django (Vulnerable code do not exist) NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ CVE-2017-12793 RESERVED CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP ...) NOT-FOR-US: NexusPHP CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...) - salt 2016.11.8+dfsg1-1 (bug #872399) [stretch] - salt 2016.11.2+ds-1+deb9u1 [jessie] - salt (Minor issue) NOTE: https://github.com/saltstack/salt/pull/42944 NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...) NOT-FOR-US: Metinfo CVE-2017-12789 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...) NOT-FOR-US: Metinfo CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: Metinfo CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...) NOT-FOR-US: NoviWare CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included ...) NOT-FOR-US: NoviWare CVE-2017-12785 (The novish command-line interface, included in the NoviWare software d ...) NOT-FOR-US: NoviWare CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...) NOT-FOR-US: Youngzsoft CCFile CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08 ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 a ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012 ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 a ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator 0. ...) NOT-FOR-US: libembl2 (different codebase than src:libebml) CVE-2017-12778 (The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Aut ...) NOT-FOR-US: qBittorrent non issue CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...) {DSA-3981-1} - linux 4.12.6-1 (low) [wheezy] - linux (Low severity and difficult to backport) NOTE: Introduced by: https://git.kernel.org/linus/e89e9cf539a28df7d0eb1d0a545368e9920b34ac (2.6.15-rc1) NOTE: Fixed by: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa CVE-2017-1000111 (Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.6-1 NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1) NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7 NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1 CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an unsus ...) {DSA-3934-1 DLA-1068-1} - git 1:2.14.1-1 NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...) {DSA-3963-1 DLA-1072-1} - mercurial 4.3.1-1 (bug #871710) NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29 NOTE: 11 patches need to be applied, the following are for 4.2: NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2 NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406 NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8 NOTE: https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f NOTE: https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522 NOTE: https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba NOTE: https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9 NOTE: https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7 NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00 NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23 NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1 CVE-2017-1000115 (Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ...) {DSA-3963-1 DLA-1072-1} - mercurial 4.3.1-1 (bug #871709) NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test) NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix) NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777 CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some pa ...) NOT-FOR-US: NexusPHP CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remo ...) NOT-FOR-US: NexusPHP CVE-2017-12775 (qa-include/qa-install.php in Question2Answer before 1.7.5 allows remot ...) NOT-FOR-US: question2answer CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows remot ...) NOT-FOR-US: FineCMS CVE-2017-12773 RESERVED CVE-2017-12772 RESERVED CVE-2017-12771 RESERVED CVE-2017-12770 RESERVED CVE-2017-12769 RESERVED CVE-2017-12768 RESERVED CVE-2017-12767 RESERVED CVE-2017-12766 RESERVED CVE-2017-12765 RESERVED CVE-2017-12764 RESERVED CVE-2017-12763 (An unspecified server utility in NoMachine before 5.3.10 on Mac OS X a ...) NOT-FOR-US: NoMachine CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied in ...) - linux 4.13.4-1 (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4) NOTE: Driver is disabled since squeeze and unmaintained for a long time CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by ...) NOT-FOR-US: Endober WebFile Explorer CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa ...) NOT-FOR-US: Ynet Interactive CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Man ...) NOT-FOR-US: Ynet Interactive CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 ...) NOT-FOR-US: Joomla! Component Appointment CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Inje ...) NOT-FOR-US: Ambit CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and ...) {DLA-1063-1} - extplorer NOTE: http://extplorer.net/news/21 CVE-2017-12755 RESERVED CVE-2017-12754 (Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-A ...) NOT-FOR-US: Asuswrt-Merlin firmware CVE-2017-12753 RESERVED CVE-2017-12752 RESERVED CVE-2017-12751 RESERVED CVE-2017-12750 RESERVED CVE-2017-12749 RESERVED CVE-2017-12748 RESERVED CVE-2017-12747 RESERVED CVE-2017-12746 RESERVED CVE-2017-12745 RESERVED CVE-2017-12744 RESERVED CVE-2017-12743 RESERVED CVE-2017-12742 RESERVED CVE-2017-12741 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...) NOT-FOR-US: Siemens CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) NOT-FOR-US: Siemens CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) NOT-FOR-US: Siemens CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) NOT-FOR-US: Siemens CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...) NOT-FOR-US: Siemens CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...) NOT-FOR-US: SiteSentinel CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Ve ...) NOT-FOR-US: GE CIMPLICITY CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems Si ...) NOT-FOR-US: SiteSentinel CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...) NOT-FOR-US: mySCADA myPRO CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer throu ...) NOT-FOR-US: Moxa SoftCMS Live Viewer CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...) NOT-FOR-US: SpiderControl SCADA Web Server CVE-2017-12727 RESERVED CVE-2017-12726 (A Use of Hard-coded Password issue was discovered in Smiths Medical Me ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12725 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12724 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12723 (A Password in Configuration File issue was discovered in Smiths Medica ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12722 (An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12721 (An Improper Certificate Validation issue was discovered in Smiths Medi ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12720 (An Improper Access Control issue was discovered in Smiths Medical Medf ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...) NOT-FOR-US: Advantech CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical Medfu ...) NOT-FOR-US: Smiths Medical Medfusion CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...) NOT-FOR-US: Abbott Laboratories Accent and Anthem pacemakers CVE-2017-12715 RESERVED CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do n ...) NOT-FOR-US: Abbott Laboratories pacemakers CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was dis ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers manufac ...) NOT-FOR-US: Abbott Laboratories pacemakers CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech We ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions p ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ve ...) NOT-FOR-US: Westermo devices CVE-2017-12708 (An Improper Restriction Of Operations Within The Bounds Of A Memory Bu ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl SC ...) NOT-FOR-US: SpiderControl SCADA MicroBrowser CVE-2017-12706 (A stack-based buffer overflow issue was discovered in Advantech WebAcc ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12705 (A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. ...) NOT-FOR-US: Advantech CVE-2017-12704 (A heap-based buffer overflow issue was discovered in Advantech WebAcce ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo M ...) NOT-FOR-US: Westermo CVE-2017-12702 (An Externally Controlled Format String issue was discovered in Advante ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain ...) NOT-FOR-US: BMC Medical Luna CPAP Machines CVE-2017-12700 RESERVED CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTech DAQF ...) NOT-FOR-US: AzeoTech DAQFactory CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...) NOT-FOR-US: Advantech WebAccess CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and Sh ...) NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-12696 RESERVED CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...) NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...) NOT-FOR-US: SpiderControl SCADA Web Server CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...) {DSA-3992-1} - curl 7.55.0-1 (bug #871554) [wheezy] - curl (Vulnerable code not present, introduced later in 7.34.0) NOTE: https://curl.haxx.se/docs/adv_20170809A.html NOTE: https://curl.haxx.se/CVE-2017-1000101.patch CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL that contai ...) {DSA-3992-1 DLA-1062-1} - curl 7.55.0-1 (bug #871555) NOTE: https://curl.haxx.se/docs/adv_20170809B.html NOTE: https://curl.haxx.se/CVE-2017-1000100.patch CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides a featu ...) - curl (Only affects 7.54.1, no affected version ever in the archive) NOTE: https://curl.haxx.se/docs/adv_20170809C.html NOTE: https://curl.haxx.se/CVE-2017-1000099.patch NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341) NOTE: https://github.com/ImageMagick/ImageMagick/issues/652 NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339) NOTE: https://github.com/ImageMagick/ImageMagick/issues/653 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15 CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...) {DLA-2366-1 DLA-1785-1 DLA-1131-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338) NOTE: https://github.com/ImageMagick/ImageMagick/issues/656 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519 CVE-2017-12690 RESERVED CVE-2017-12689 RESERVED CVE-2017-12688 RESERVED CVE-2017-12687 RESERVED CVE-2017-12686 RESERVED CVE-2017-12685 RESERVED CVE-2017-12684 RESERVED CVE-2017-12683 RESERVED CVE-2017-12682 RESERVED CVE-2017-12681 RESERVED CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type paramet ...) NOT-FOR-US: NexusPHP CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...) NOT-FOR-US: NexusPHP CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...) {DLA-2772-1} - taglib 1.11.1+dfsg.1-0.2 (bug #871511) [jessie] - taglib (Vulnerable code not present) [wheezy] - taglib (Vulnerable code not present) - silverjuke (Vulnerable code not present, based on older taglib version) NOTE: https://github.com/taglib/taglib/issues/829 NOTE: https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Ang ...) NOT-FOR-US: IdentityServer CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870118) NOTE: https://github.com/ImageMagick/ImageMagick/issues/618 NOTE: https://github.com/ImageMagick/ImageMagick/commit/387adbe4b05a545b9f3972e862602480c850303c NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7287f50888c26b133ee173816332fcaec4e8cb62 CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870022) NOTE: https://github.com/ImageMagick/ImageMagick/issues/616 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7 CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609) NOTE: https://github.com/ImageMagick/ImageMagick/issues/604 NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117) NOTE: https://github.com/ImageMagick/ImageMagick/issues/619 CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021) NOTE: https://github.com/ImageMagick/ImageMagick/issues/617 CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/ ...) {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119) NOTE: https://github.com/ImageMagick/ImageMagick/issues/621 CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...) - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475) NOTE: https://github.com/ImageMagick/ImageMagick/issues/571 CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage i ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870489) NOTE: https://github.com/ImageMagick/ImageMagick/issues/575 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/560e6e512961008938aa1d1b9aab06347b1c8f9b CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...) - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015) NOTE: https://github.com/ImageMagick/ImageMagick/issues/553 CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImag ...) - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870482) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/572 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5559407ce29f4371e5df9c1cbde65455fe5854c NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870501) NOTE: https://github.com/ImageMagick/ImageMagick/issues/577 NOTE: https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/859084b4fd966ac007965c3d85caabccd8aee9b4 CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage i ...) - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483) NOTE: https://github.com/ImageMagick/ImageMagick/issues/573 CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage i ...) - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492) NOTE: https://github.com/ImageMagick/ImageMagick/issues/576 CVE-2017-12661 RESERVED CVE-2017-12660 RESERVED CVE-2017-12659 RESERVED CVE-2017-12658 RESERVED CVE-2017-12657 RESERVED CVE-2017-12656 RESERVED CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the que ...) NOT-FOR-US: NexusPHP CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 all ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870502) NOTE: https://github.com/ImageMagick/ImageMagick/issues/620 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ffcb8f8e2248fde38a2cb30aeb48403d2b3471cc NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f2c26fa4db84e92d754c7f8b269db2883cf7f32c CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escal ...) NOT-FOR-US: 360 Total Security CVE-2017-12652 (libpng before 1.6.32 does not properly check the length of chunks agai ...) - libpng1.6 1.6.32-1 [stretch] - libpng1.6 (Minor issue) NOTE: https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55 NOTE: https://github.com/glennrp/libpng/commit/a1fe2c98489519d415b72bc0026f0c86d82278b7 NOTE: https://github.com/glennrp/libpng/commit/095b4ce16bb46acb259ea1a4ca6562a623e58d93 NOTE: https://github.com/glennrp/libpng/commit/2dbef2f2a9e759a80d2decb6862518acf4919c59 NOTE: https://github.com/glennrp/libpng/commit/2dca15686fadb1b8951cb29b02bad4cae73448da NOTE: https://github.com/glennrp/libpng/commit/fcd1bb93124d76059abef98216d8390f520c577b NOTE: https://github.com/glennrp/libpng/commit/13bc0b6b1f8f2f2491fcc9f0c1c939ff06e13c15 CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelis ...) NOT-FOR-US: Loginizer plugin for WordPress CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPres ...) NOT-FOR-US: Loginizer plugin for WordPress CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or ...) NOT-FOR-US: Liferay Portal CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.) NOT-FOR-US: Liferay Portal CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ar ...) NOT-FOR-US: Liferay Portal CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, passw ...) NOT-FOR-US: Liferay Portal CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletI ...) NOT-FOR-US: Liferay Portal CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/551 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0 CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869796) NOTE: https://github.com/ImageMagick/ImageMagick/issues/552 CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870108) NOTE: https://github.com/ImageMagick/ImageMagick/issues/550 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOne ...) {DSA-4040-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870106) NOTE: https://github.com/ImageMagick/ImageMagick/issues/542 NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...) NOT-FOR-US: Ipswitch IMail CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...) NOT-FOR-US: Ipswitch IMail CVE-2017-12637 (Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/ ...) NOT-FOR-US: SAP CVE-2017-12636 (CouchDB administrative users can configure the database server via HTT ...) {DLA-1252-1} - couchdb NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6 NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354 NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7 CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and JavaScript-base ...) {DLA-1252-1} - couchdb NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6 NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20. ...) NOT-FOR-US: Apache Camel CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20 ...) NOT-FOR-US: Apache Camel CVE-2017-12632 (A malicious host header in an incoming HTTP request could cause NiFi t ...) NOT-FOR-US: Apache NiFi CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query pag ...) NOT-FOR-US: Apache Drill CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache Luc ...) {DSA-4124-1 DLA-1254-1} - lucene-solr 3.6.2+dfsg-11 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529 NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25 NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4 CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...) NOT-FOR-US: Apache James CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of exte ...) {DLA-1328-1} - xerces-c 3.2.1+debian-1 (bug #894050) [stretch] - xerces-c 3.1.4+debian-2+deb9u1 [jessie] - xerces-c 3.1.1-5.1+deb8u4 NOTE: https://svn.apache.org/r1819998 NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...) - libapache-poi-java 3.17-1 (bug #888651) [stretch] - libapache-poi-java (Minor issue) [jessie] - libapache-poi-java (Minor issue) [wheezy] - libapache-poi-java (Minor issue) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=52372 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61295 CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2 ...) NOT-FOR-US: Apache Hive CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either the J ...) NOT-FOR-US: Apache CXF CVE-2017-12623 (An authorized user could upload a template which contained malicious c ...) NOT-FOR-US: Apache NiFi CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) NOT-FOR-US: Apache Geode CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom doctyp ...) - jenkins-commons-jelly [jessie] - jenkins-commons-jelly (Minor issue, only used by Jenkins which got removed) [wheezy] - jenkins-commons-jelly (Minor issue, only used by Jenkins which got removed) NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6 CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...) NOT-FOR-US: Apache OpenNLP CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...) NOT-FOR-US: Apache Zeppelin CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to val ...) {DLA-1163-1} - apr-util 1.6.1-1 (low; bug #879996) [stretch] - apr-util (Minor issue) [jessie] - apr-util (Minor issue) NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147 CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22 ...) {DLA-1166-1} - tomcat8 (Specific to running Tomcat on Windows) - tomcat8.0 (Specific to running Tomcat on Windows) - tomcat7 (Specific to running Tomcat on Windows) NOTE: https://svn.apache.org/r1809673 (8.5.x) NOTE: https://svn.apache.org/r1809675 (8.5.x) NOTE: https://svn.apache.org/r1809896 (8.5.x) NOTE: https://svn.apache.org/r1809921 (8.0.x) NOTE: https://svn.apache.org/r1809978 (7.0.x) NOTE: https://svn.apache.org/r1809992 (7.0.x) NOTE: https://svn.apache.org/r1810014 (7.0.x) NOTE: https://svn.apache.org/r1810026 (7.0.x) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61542 CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it w ...) {DLA-1400-1 DLA-1108-1} - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API NOTE: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 NOTE: https://svn.apache.org/r1804729 CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs e ...) - tomcat7 (Windows-specific) CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...) - airflow (bug #819700) CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) {DLA-2897-1 DLA-1162-1} - apr 1.6.3-1 (low; bug #879708) [jessie] - apr (Minor issue) NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe de ...) - apache-spark (bug #802194) CVE-2017-12611 (In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using ...) - libstruts1.2-java [wheezy] - libstruts1.2-java (Minor issue) NOTE: Only a problem if the application programmer has made a security mistake. NOTE: https://struts.apache.org/docs/s2-053.html CVE-2017-12610 (In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authent ...) - kafka (bug #786460) CVE-2017-12609 REJECTED CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1 ...) {DSA-4022-1 DLA-1214-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and spec ...) {DSA-4022-1 DLA-1214-1} - libreoffice 1:5.0.2-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607 NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...) NOT-FOR-US: Liferay Portal CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872045) [stretch] - opencv (Minor issue) [jessie] - opencv (Minor issue) [wheezy] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9311 CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872045) [stretch] - opencv (Minor issue) [jessie] - opencv (Minor issue) [wheezy] - opencv (Minor issue) NOTE: https://github.com/opencv/opencv/issues/9311 CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) {DLA-2799-1 DLA-1438-1 DLA-1117-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #872044) NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) {DLA-2358-1} - openexr 2.2.0-11.1 (bug #877352) [jessie] - openexr (Minor issue) [wheezy] - openexr 1.6.1-6+deb7u1 NOTE: https://github.com/openexr/openexr/issues/238 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c (v2.3.0) CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dic ...) - qpdf 7.0.0-1 [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/146 NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b CVE-2017-12594 RESERVED CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.) NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnera ...) NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross sit ...) NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vu ...) NOT-FOR-US: ASUS RT-N14UHP devices CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protecti ...) NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...) - rsyslog 8.28.0-1 (unimportant) NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b NOTE: https://github.com/rsyslog/rsyslog/pull/1565 NOTE: The zmq3 input and output modules are not enabled and built in Debian CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (bug #870526) NOTE: https://github.com/ImageMagick/ImageMagick/issues/535 NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d4192df5eb03892089806d52a317cc3101856726 CVE-2017-12586 (SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue becau ...) NOT-FOR-US: SLiMS 8 Akasia CVE-2017-12585 (SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_ha ...) NOT-FOR-US: SLiMS 8 Akasia CVE-2017-12584 (There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an ...) NOT-FOR-US: SLiMS 8 Akasia CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE ...) - dokuwiki 0.0.20180422.a-1 (bug #870903) [jessie] - dokuwiki (Vulnerable code not present) [wheezy] - dokuwiki (Vulnerable code not present) NOTE: https://github.com/splitbrain/dokuwiki/issues/2061 CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...) NOT-FOR-US: QNAP CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because o ...) - electron (bug #842420) CVE-2017-12580 (An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploi ...) NOT-FOR-US: IDM UltraEdit CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-12578 RESERVED CVE-2017-12577 (An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded accoun ...) NOT-FOR-US: PLANEX CVE-2017-12576 (An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undoc ...) NOT-FOR-US: PLANEX CVE-2017-12575 (An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router h ...) NOT-FOR-US: NEC CVE-2017-12574 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...) NOT-FOR-US: PLANEX CVE-2017-12573 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...) NOT-FOR-US: PLANEX CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5. ...) NOT-FOR-US: Splunk CVE-2017-12571 RESERVED CVE-2017-12570 RESERVED CVE-2017-12569 RESERVED CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brothe ...) NOT-FOR-US: Brother CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance 6.4.1208 ...) NOT-FOR-US: Quest KACE Asset Management Appliance CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870503) NOTE: https://github.com/ImageMagick/ImageMagick/issues/603 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16 CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870115) NOTE: https://github.com/ImageMagick/ImageMagick/issues/602 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458 CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870017) NOTE: https://github.com/ImageMagick/ImageMagick/issues/601 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530) NOTE: https://github.com/ImageMagick/ImageMagick/issues/599 NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12555 (A remote arbitrary file download and disclosure of information vulnera ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management H ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System Ma ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System Ma ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System Manageme ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management H ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System Manage ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System Manage ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management Homepag ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management Home ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...) NOT-FOR-US: HPE System Management Homepage CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote Co ...) NOT-FOR-US: Moonshot Remote Console Administrator Pro CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE Int ...) NOT-FOR-US: HPE ILO 4 CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12519 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12518 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12517 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12516 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12515 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12514 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12513 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12512 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12511 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12510 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12509 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12508 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12507 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12506 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12505 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12504 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12503 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12502 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12501 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12500 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12499 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12498 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12497 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12496 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12495 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12494 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12493 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12492 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12491 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12490 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12489 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12488 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12487 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-12486 RESERVED CVE-2017-12485 RESERVED CVE-2017-12484 RESERVED CVE-2017-12483 RESERVED CVE-2017-12482 (The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1 ...) - ledger 3.1.2+dfsg1-1 (low; bug #870900) [stretch] - ledger (Minor issue) [jessie] - ledger (Minor issue) [wheezy] - ledger (Minor issue) NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1224 NOTE: https://github.com/ledger/ledger/issues/1224 NOTE: https://github.com/ledger/ledger/commit/7c0ae5b02571e21f97d45f5d091cb78af9885713 CVE-2017-12481 (The find_option function in option.cc in Ledger 3.1.1 allows remote at ...) - ledger 3.1.2+dfsg1-1 (low; bug #870900) [stretch] - ledger (Minor issue) [jessie] - ledger (Minor issue) [wheezy] - ledger (Minor issue) NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1222 NOTE: https://github.com/ledger/ledger/issues/1222 NOTE: https://github.com/ledger/ledger/commit/c5343f18744d0f6fddcc590f9a54c23674d8c489 CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading ...) NOT-FOR-US: Sandboxie CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends Back ...) NOT-FOR-US: Unitrends Backup CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends Back ...) NOT-FOR-US: Unitrends Backup CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...) NOT-FOR-US: Unitrends Backup CVE-2017-12476 (The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Be ...) NOT-FOR-US: Bento4 CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 ...) NOT-FOR-US: Bento4 CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable ...) NOT-FOR-US: Bento4 CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers t ...) NOT-FOR-US: CCN-lite CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attac ...) NOT-FOR-US: CCN-lite CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows context-depe ...) NOT-FOR-US: CCN-lite CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...) NOT-FOR-US: CCN-lite CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows c ...) NOT-FOR-US: CCN-lite CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows ...) NOT-FOR-US: CCN-lite CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...) NOT-FOR-US: CCN-lite CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have unspec ...) NOT-FOR-US: CCN-lite CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow context-depen ...) NOT-FOR-US: CCN-lite CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent atta ...) NOT-FOR-US: CCN-lite CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite bef ...) NOT-FOR-US: CCN-lite CVE-2017-12462 RESERVED CVE-2017-12461 RESERVED CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7 ...) NOT-FOR-US: Barco ClickShare CSM-1 firmware CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Bina ...) - binutils 2.29-8 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc CVE-2017-12458 (The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Bin ...) - binutils 2.29-8 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc CVE-2017-12457 (The bfd_make_section_with_flags function in section.c in the Binary Fi ...) - binutils 2.29-8 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc CVE-2017-12456 (The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binuti ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 CVE-2017-12455 (The evax_bfd_print_emh function in vms-alpha.c in the Binary File Desc ...) - binutils 2.29-8 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc CVE-2017-12454 (The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 CVE-2017-12453 (The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descri ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 CVE-2017-12452 (The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386 ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 CVE-2017-12451 (The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff6 ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21786 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=29866fa186ee3ebda5242221607dba360b2e541e CVE-2017-12450 (The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e CVE-2017-12449 (The _bfd_vms_save_sized_string function in vms-misc.c in the Binary Fi ...) - binutils 2.29-8 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File Descrip ...) - binutils 2.29-9 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21787 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24 CVE-2017-12447 (GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus ...) - gdk-pixbuf 2.34.0-1 [jessie] - gdk-pixbuf 2.31.1-2+deb8u5 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785979 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2) CVE-2017-12446 RESERVED CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ...) - minidjvu (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ...) - minidjvu (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ...) - minidjvu (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ...) - minidjvu (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ...) - minidjvu (unimportant; bug #871495) NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11 ...) {DSA-3953-1} - aodh 5.0.0-2 (bug #872605) NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0080 NOTE: Master: https://review.openstack.org/#/c/493823/ NOTE: Ocata: https://review.openstack.org/#/c/493824/ NOTE: Newton: https://review.openstack.org/#/c/493826/ NOTE: https://github.com/openstack/aodh/commit/cb90d3ad472bba8d648803ca94a9196dff97f0e8 CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ad ...) NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional CVE-2017-12438 RESERVED CVE-2017-12437 RESERVED CVE-2017-12436 RESERVED CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504) NOTE: https://github.com/ImageMagick/ImageMagick/issues/543 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088 CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...) {DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872481) NOTE: https://github.com/ImageMagick/ImageMagick/issues/548 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620 CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/536 NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74 CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) {DLA-2366-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/545 NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ac6c73d39d59a7b0285b3756810272121759a31 NOTE: The fix applied for #869727 included the change for upstream issue 545, cf. NOTE: https://github.com/ImageMagick/ImageMagick/issues/546#issuecomment-313968413 CVE-2017-12427 (The ProcessMSLScript function in coders/msl.c in ImageMagick before 6. ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870525) NOTE: https://github.com/ImageMagick/ImageMagick/issues/636 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456 CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ...) - gitlab 9.5.4+dfsg-7 (bug #872190; unimportant) NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212 NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself. NOTE: The CVE is for the issue when importing a project via crafted SSH URLs, NOTE: which becomes ineffective with a fixed git version itself. CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...) {DLA-2596-1} - shadow 1:4.5-1 (bug #756630) [jessie] - shadow (Minor issue) [wheezy] - shadow (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5) CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...) NOT-FOR-US: NetApp CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3 ...) NOT-FOR-US: NetApp CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...) NOT-FOR-US: NetApp CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp Cluster ...) NOT-FOR-US: NetApp CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on MySQL/M ...) - mantis [wheezy] - mantis (Not supported in Wheezy) NOTE: https://mantisbt.org/bugs/view.php?id=23173 CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...) {DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872498) NOTE: https://github.com/ImageMagick/ImageMagick/issues/643 NOTE: https://github.com/ImageMagick/ImageMagick/commit/46382526a3f09cebf9f2af680fc55b2a668fcbef NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d CVE-2017-12417 RESERVED CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x be ...) NOT-FOR-US: OXID eShop CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption a ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untr ...) NOT-FOR-US: Format Factory CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin ...) NOT-FOR-US: AXIS 2100 devices CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent at ...) NOT-FOR-US: CCN-lite CVE-2017-12411 RESERVED CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulne ...) NOT-FOR-US: Kaseya Virtual System Administrator agent CVE-2017-12409 RESERVED CVE-2017-12408 RESERVED CVE-2017-12407 RESERVED CVE-2017-12406 RESERVED CVE-2017-12405 RESERVED CVE-2017-12404 RESERVED CVE-2017-12403 RESERVED CVE-2017-12402 RESERVED CVE-2017-12401 RESERVED CVE-2017-12400 RESERVED CVE-2017-12399 RESERVED CVE-2017-12398 RESERVED CVE-2017-12397 RESERVED CVE-2017-12396 RESERVED CVE-2017-12395 RESERVED CVE-2017-12394 RESERVED CVE-2017-12393 RESERVED CVE-2017-12392 RESERVED CVE-2017-12391 RESERVED CVE-2017-12390 RESERVED CVE-2017-12389 RESERVED CVE-2017-12388 RESERVED CVE-2017-12387 RESERVED CVE-2017-12386 RESERVED CVE-2017-12385 RESERVED CVE-2017-12384 RESERVED CVE-2017-12383 RESERVED CVE-2017-12382 RESERVED CVE-2017-12381 RESERVED CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11945 NOTE: https://github.com/vrtadmin/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897 CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11944 NOTE: https://github.com/vrtadmin/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11946 NOTE: https://github.com/vrtadmin/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4 NOTE: https://github.com/vrtadmin/clamav-devel/commit/0cf813f835e48ab0f94dd54200ceba0dc25fa1c4 CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11943 NOTE: https://github.com/vrtadmin/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c NOTE: https://github.com/vrtadmin/clamav-devel/commit/e887f113242ffcb0ea8735c3f567c6be77f382d6 CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11942 NOTE: https://github.com/vrtadmin/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11940 NOTE: https://github.com/vrtadmin/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209 CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...) {DLA-1261-1} - clamav 0.99.3~beta2+dfsg-1 (bug #888484) [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11939 NOTE: https://github.com/vrtadmin/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326 CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...) NOT-FOR-US: Cisco CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) NOT-FOR-US: Cisco CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) NOT-FOR-US: Cisco CVE-2017-12370 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) NOT-FOR-US: Cisco CVE-2017-12369 (A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" e ...) NOT-FOR-US: Cisco CVE-2017-12368 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) NOT-FOR-US: Cisco CVE-2017-12367 (A "Cisco WebEx Network Recording Player Denial of Service Vulnerabilit ...) NOT-FOR-US: Cisco CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...) NOT-FOR-US: Cisco CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an authenticat ...) NOT-FOR-US: Cisco CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco Prime Serv ...) NOT-FOR-US: Cisco CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an unauthent ...) NOT-FOR-US: Cisco CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could ...) NOT-FOR-US: Cisco CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an unauthentic ...) NOT-FOR-US: Cisco CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for WebEx Reco ...) NOT-FOR-US: Cisco CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...) NOT-FOR-US: Cisco CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS) ingress ...) NOT-FOR-US: Cisco CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure Access Cont ...) NOT-FOR-US: Cisco CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) NOT-FOR-US: Cisco CVE-2017-12352 (A vulnerability in certain system script files that are installed at b ...) NOT-FOR-US: Cisco CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS System Softw ...) NOT-FOR-US: Cisco CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 an ...) NOT-FOR-US: Cisco CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) NOT-FOR-US: Cisco CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) NOT-FOR-US: Cisco CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) NOT-FOR-US: Cisco CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) NOT-FOR-US: Cisco CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) NOT-FOR-US: Cisco CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of Cisco Nex ...) NOT-FOR-US: Cisco CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on Cisco MDS Mu ...) NOT-FOR-US: Cisco CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration produc ...) NOT-FOR-US: Cisco CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS System S ...) NOT-FOR-US: Cisco CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...) NOT-FOR-US: Cisco CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch installation coul ...) NOT-FOR-US: Cisco CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...) NOT-FOR-US: Cisco CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) NOT-FOR-US: Cisco CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible Operating Sys ...) NOT-FOR-US: Cisco CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call handling in ...) NOT-FOR-US: Cisco CVE-2017-12327 RESERVED CVE-2017-12326 RESERVED CVE-2017-12325 RESERVED CVE-2017-12324 RESERVED CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet ...) NOT-FOR-US: Cisco CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...) NOT-FOR-US: Cisco CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...) NOT-FOR-US: Cisco CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity Servi ...) NOT-FOR-US: Cisco CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...) NOT-FOR-US: Cisco CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...) NOT-FOR-US: Cisco CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco ...) NOT-FOR-US: Cisco CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the Cis ...) NOT-FOR-US: Cisco CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...) NOT-FOR-US: Cisco CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark Hybrid Cale ...) NOT-FOR-US: Cisco CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allo ...) NOT-FOR-US: Cisco CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed S ...) NOT-FOR-US: Cisco CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business Managed S ...) NOT-FOR-US: Cisco CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allo ...) NOT-FOR-US: Cisco CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series c ...) NOT-FOR-US: Cisco CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interfac ...) NOT-FOR-US: Cisco CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filterin ...) NOT-FOR-US: Cisco CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL databa ...) NOT-FOR-US: Cisco CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...) NOT-FOR-US: Cisco CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower Syste ...) NOT-FOR-US: Cisco CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks du ...) NOT-FOR-US: Cisco CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...) NOT-FOR-US: Cisco CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an authentic ...) NOT-FOR-US: Cisco CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) NOT-FOR-US: Cisco CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) NOT-FOR-US: Cisco CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec fe ...) NOT-FOR-US: Cisco CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-12287 (A vulnerability in the cluster database (CDB) management component of ...) NOT-FOR-US: Cisco CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could allow an au ...) NOT-FOR-US: Cisco CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis Module ...) NOT-FOR-US: Cisco CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Clien ...) NOT-FOR-US: Cisco CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) NOT-FOR-US: Cisco CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress fr ...) NOT-FOR-US: Cisco CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible Authenti ...) NOT-FOR-US: Cisco CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software fo ...) NOT-FOR-US: Cisco CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco Fi ...) NOT-FOR-US: Cisco CVE-2017-12276 (A vulnerability in the web framework code for the SQL database interfa ...) NOT-FOR-US: Cisco CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set (BS ...) NOT-FOR-US: Cisco CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress fr ...) NOT-FOR-US: Cisco CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) NOT-FOR-US: Cisco CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...) NOT-FOR-US: Cisco CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allo ...) NOT-FOR-US: Cisco CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Ne ...) NOT-FOR-US: Cisco CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging Software could ...) NOT-FOR-US: Cisco CVE-2017-12268 (A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnec ...) NOT-FOR-US: Cisco CVE-2017-12267 (A vulnerability in the Independent Computing Architecture (ICA) accele ...) NOT-FOR-US: Cisco CVE-2017-12266 (A vulnerability in the routine that loads DLL files in Cisco Meeting A ...) NOT-FOR-US: Cisco CVE-2017-12265 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2017-12264 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...) NOT-FOR-US: Cisco CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) NOT-FOR-US: Cisco CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco Applica ...) NOT-FOR-US: Cisco CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...) NOT-FOR-US: Cisco CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ( ...) NOT-FOR-US: Cisco CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ( ...) NOT-FOR-US: Cisco CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified Communications Ma ...) NOT-FOR-US: Cisco CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings Server co ...) NOT-FOR-US: Cisco CVE-2017-12256 (A vulnerability in the Akamai Connect feature of Cisco Wide Area Appli ...) NOT-FOR-US: Cisco CVE-2017-12255 (A vulnerability in the CLI of Cisco UCS Central Software could allow a ...) NOT-FOR-US: Cisco CVE-2017-12254 (A vulnerability in the web interface of Cisco Unified Intelligence Cen ...) NOT-FOR-US: Cisco CVE-2017-12253 (A vulnerability in the Cisco Unified Intelligence Center could allow a ...) NOT-FOR-US: Cisco CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...) NOT-FOR-US: Cisco CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services Platfor ...) NOT-FOR-US: Cisco CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area Applicat ...) NOT-FOR-US: Cisco CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server include ...) NOT-FOR-US: Cisco Meeting Server CVE-2017-12248 (A vulnerability in the web framework code of Cisco Unified Intelligenc ...) NOT-FOR-US: Cisco CVE-2017-12247 RESERVED CVE-2017-12246 (A vulnerability in the implementation of the direct authentication fea ...) NOT-FOR-US: Cisco CVE-2017-12245 (A vulnerability in SSL traffic decryption for Cisco Firepower Threat D ...) NOT-FOR-US: Cisco CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for Ci ...) NOT-FOR-US: Cisco CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, C ...) NOT-FOR-US: Cisco CVE-2017-12242 RESERVED CVE-2017-12241 RESERVED CVE-2017-12240 (The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS ...) NOT-FOR-US: Cisco CVE-2017-12239 (A vulnerability in motherboard console ports of line cards for Cisco A ...) NOT-FOR-US: Cisco CVE-2017-12238 (A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisc ...) NOT-FOR-US: Cisco CVE-2017-12237 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...) NOT-FOR-US: Cisco CVE-2017-12236 (A vulnerability in the implementation of the Locator/ID Separation Pro ...) NOT-FOR-US: Cisco CVE-2017-12235 (A vulnerability in the implementation of the PROFINET Discovery and Co ...) NOT-FOR-US: Cisco CVE-2017-12234 (Multiple vulnerabilities in the implementation of the Common Industria ...) NOT-FOR-US: Cisco CVE-2017-12233 (Multiple vulnerabilities in the implementation of the Common Industria ...) NOT-FOR-US: Cisco CVE-2017-12232 (A vulnerability in the implementation of a protocol in Cisco Integrate ...) NOT-FOR-US: Cisco CVE-2017-12231 (A vulnerability in the implementation of Network Address Translation ( ...) NOT-FOR-US: Cisco CVE-2017-12230 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2017-12229 (A vulnerability in the REST API of the web-based user interface (web U ...) NOT-FOR-US: Cisco CVE-2017-12228 (A vulnerability in the Cisco Network Plug and Play application of Cisc ...) NOT-FOR-US: Cisco CVE-2017-12227 (A vulnerability in the SQL database interface for Cisco Emergency Resp ...) NOT-FOR-US: Cisco CVE-2017-12226 (A vulnerability in the web-based Wireless Controller GUI of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2017-12225 (A vulnerability in the web functionality of the Cisco Prime LAN Manage ...) NOT-FOR-US: Cisco CVE-2017-12224 (A vulnerability in the ability for guest users to join meetings via a ...) NOT-FOR-US: Cisco CVE-2017-12223 (A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integr ...) NOT-FOR-US: Cisco CVE-2017-12222 (A vulnerability in the wireless controller manager of Cisco IOS XE cou ...) NOT-FOR-US: Cisco CVE-2017-12221 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2017-12220 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2017-12219 (A vulnerability in the handling of IP fragments for the Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2017-12218 (A vulnerability in the malware detection functionality within Advanced ...) NOT-FOR-US: Cisco CVE-2017-12217 (A vulnerability in the General Packet Radio Service (GPRS) Tunneling P ...) NOT-FOR-US: Cisco CVE-2017-12216 (A vulnerability in the web-based user interface of Cisco SocialMiner c ...) NOT-FOR-US: Cisco CVE-2017-12215 (A vulnerability in the email message filtering feature of Cisco AsyncO ...) NOT-FOR-US: Cisco CVE-2017-12214 (A vulnerability in the Operations, Administration, Maintenance, and Pr ...) NOT-FOR-US: Cisco CVE-2017-12213 (A vulnerability in the dynamic access control list (ACL) feature of Ci ...) NOT-FOR-US: Cisco CVE-2017-12212 (A vulnerability in the web framework of Cisco Unity Connection could a ...) NOT-FOR-US: Cisco CVE-2017-12211 (A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) ...) NOT-FOR-US: Cisco CVE-2017-12210 RESERVED CVE-2017-12209 RESERVED CVE-2017-12208 RESERVED CVE-2017-12207 RESERVED CVE-2017-12206 RESERVED CVE-2017-12205 RESERVED CVE-2017-12204 RESERVED CVE-2017-12203 RESERVED CVE-2017-12202 RESERVED CVE-2017-12201 RESERVED CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome ...) {DSA-3590-1} - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1 ...) {DSA-3924-1} - varnish 5.0.0-7.1 (bug #870467) [wheezy] - varnish (code path is not exposed to clients) NOTE: https://www.varnish-cache.org/security/VSV00001.html#vsv00001 NOTE: https://github.com/varnishcache/varnish-cache/issues/2379 NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XS ...) NOT-FOR-US: WordPress plugin CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQ ...) NOT-FOR-US: WordPress plugin CVE-2017-12198 RESERVED CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly va ...) {DSA-4025-1 DLA-1165-1} - libpam4j 1.4-3 (bug #879001) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103 NOTE: https://github.com/kohsuke/libpam4j/issues/18 NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was fou ...) - undertow 1.4.25-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870 NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f CVE-2017-12195 (A flaw was found in all Openshift Enterprise versions using the opensh ...) NOT-FOR-US: OpenShift CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages se ...) - spice-gtk 0.35-1 (bug #898503) [stretch] - spice-gtk (Minor issue) [jessie] - spice-gtk (Minor issue) [wheezy] - spice-gtk (Vulnerable code is not in any binary package, only in the source package) NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165 NOTE: Although not present in the binary packages the (de)marshal.py are used to NOTE: generate repsecitve code which should be in libspice-common-client. CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array. ...) - linux 4.13.13-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (Vulnerable code introduced in 3.13-rc1) NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1) CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key Mana ...) - linux 4.13.4-2 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3) NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1) CVE-2017-12191 (A flaw was found in the CloudForms account configuration when using VM ...) NOT-FOR-US: Red Hat CloudForms CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in th ...) {DLA-1200-1} - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089 CVE-2017-12189 (It was discovered that the jboss init script as used in Red Hat JBoss ...) NOT-FOR-US: Red Hat JBoss; jbossas init script CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested vir ...) - linux 4.13.4-2 [stretch] - linux 4.9.65-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380 NOTE: https://www.spinics.net/lists/kvm/msg156651.html CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in RENDER ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in X-Resou ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in MIT-SCR ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in XINERAM ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in XFIXES ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5 CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server (Vulnerable code introduced later) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S ...) {DSA-4000-1} - xorg-server 2:1.19.5-1 [wheezy] - xorg-server (Vulnerable code introduced later) CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in ProcXICh ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821 CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in Pr ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831 CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validation in P ...) {DSA-4000-1 DLA-1186-1} - xorg-server 2:1.19.5-1 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81 CVE-2017-12175 (Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule ...) NOT-FOR-US: Red Hat Satellite CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...) NOT-FOR-US: Artemis and HornetQ CVE-2017-12173 (It was found that sssd's sysdb_search_user_by_upn_res() function befor ...) - sssd 1.15.3-2 (bug #877885) [stretch] - sssd 1.15.0-3+deb9u1 [jessie] - sssd (Vulnerable code introduced later) [wheezy] - sssd (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173 NOTE: Fixed by: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835 NOTE: Introduced by https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a (sssd-1_12_0) CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, ...) - postgresql-10 10.1-1 (unimportant) - postgresql-9.6 (unimportant) [stretch] - postgresql-9.6 9.6.6-0+deb9u1 - postgresql-9.4 (unimportant) [jessie] - postgresql-9.4 9.4.15-0+deb8u1 - postgresql-9.1 (unimportant) [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) [wheezy] - postgresql-9.1 (Vulnerable code not installed) NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed CVE-2017-12171 (A regression was found in the Red Hat Enterprise Linux 6.9 version of ...) - apache2 (Introduced by Red Hat RHEL 6.9 specific non-security patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056 CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vuln ...) - pure-ftpd (Fedora specific packaging error) CVE-2017-12169 (It was found that FreeIPA 4.2.0 and later could disclose password hash ...) - freeipa (unimportant; bug #895950) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1487697 NOTE: Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1331008 NOTE: Negligible security impact CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Lin ...) - linux 4.8.11-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6) CVE-2017-12167 (It was found in EAP 7 before 7.0.9 that properties based files of the ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...) {DLA-2992-1} - openvpn 2.4.4-1 (bug #877089) [jessie] - openvpn (Minor issue) [wheezy] - openvpn (Minor issue) NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 NOTE: https://www.openwall.com/lists/oss-security/2017/09/28/2 NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master) NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4) NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3) NOTE: https://community.openvpn.net/openvpn/changeset/a9f5c744d6b09f2495ca48d2c926efd3a4b981e6/ (release/2.2) CVE-2017-12165 (It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 proces ...) - undertow 2.0.23-1 (bug #885338) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301 NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559 NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 CVE-2017-12164 (A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer se ...) - gdm3 3.26.0-1 [stretch] - gdm3 (Vulnerable code not present) [jessie] - gdm3 (Vulnerable code not present) [wheezy] - gdm3 (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417 NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28 CVE-2017-12163 (An information leak flaw was found in the way SMB1 protocol was implem ...) {DSA-3983-1 DLA-1110-1} - samba 2:4.6.7+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html CVE-2017-12162 RESERVED CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...) NOT-FOR-US: Keycloak CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated resourc ...) NOT-FOR-US: Keycloak CVE-2017-12159 (It was found that the cookie used for CSRF prevention in Keycloak was ...) NOT-FOR-US: Keycloak CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in the admin ...) NOT-FOR-US: Keycloak CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view details a ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=358586 CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the "non-respondents" page i ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=358585 CVE-2017-12155 (A resource-permission flaw was found in the openstack-tripleo-heat-tem ...) - tripleo-heat-templates (bug #900176) NOTE: https://bugs.launchpad.net/tripleo/+bug/1720787 CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1) NOTE: https://www.spinics.net/lists/kvm/msg155414.html CVE-2017-12153 (A security flaw was discovered in the nl80211_set_rekey_data() functio ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.13-1 NOTE: https://marc.info/?t=150525503100001&r=1&w=2 NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2 CVE-2017-12152 REJECTED CVE-2017-12151 (A flaw was found in the way samba client before samba 4.4.16, samba 4. ...) {DSA-3983-1} - samba 2:4.6.7+dfsg-2 [wheezy] - samba (Vulnerable code introduced later) NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html CVE-2017-12150 (It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x ...) {DSA-3983-1 DLA-1110-1} - samba 2:4.6.7+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise Applica ...) - jbossas4 [wheezy] - jbossas4 (incomplete packaging, 4.x series released more than nine years ago.) CVE-2017-12148 (A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 w ...) NOT-FOR-US: Ansible Tower CVE-2017-12147 RESERVED CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c in the L ...) - linux 4.11.11-1 [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/6265539776a0810b7ce6398c27866ddb9c6bd154 (v4.13-rc1) CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the function ...) - libquicktime (unimportant) NOTE: Negligible security impact CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function TNEFFi ...) - libytnef 1.9.3-1 (bug #870817) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/51 NOTE: https://github.com/ohwgiles/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...) - libquicktime (unimportant) NOTE: Negligible security impact CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the ...) - libytnef 1.9.3-1 (low; bug #870816) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/49 NOTE: https://github.com/Yeraze/ytnef/commit/35dc50190aac54947bafb3d84ab7727e940c6236 CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found i ...) - libytnef 1.9.3-1 (low; bug #870815) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/50 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059) NOTE: https://github.com/ImageMagick/ImageMagick/issues/533 NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c CVE-2017-12139 (XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing ...) NOT-FOR-US: XOOPS CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /mo ...) NOT-FOR-US: XOOPS CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS pr ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-227.html CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x allo ...) - xen 4.8.1-1+deb9u3 [stretch] - xen 4.8.1-1+deb9u3 [jessie] - xen (Only affects 4.6 and later) [wheezy] - xen (Only affects 4.6 and later) NOTE: https://xenbits.xen.org/xsa/advisory-228.html CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) o ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-226.html CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xe ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.12-1 NOTE: https://xenbits.xen.org/xsa/advisory-229.html NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6) CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...) - glibc 2.24-15 (bug #870648) [stretch] - glibc 2.24-11+deb9u2 - eglibc [wheezy] - eglibc (Minor issue) NOTE: issue introduced by fix for CVE-2016-4429 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21115 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491 CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...) [experimental] - glibc 2.25-0experimental1 - glibc 2.25-1 (bug #870650) - eglibc [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25 NOTE: https://arxiv.org/pdf/1205.4011.pdf CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/se ...) NOT-FOR-US: WordPress plugin CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ti ...) NOT-FOR-US: tinysvcmdns CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...) NOT-FOR-US: Moxa CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the Serv ...) NOT-FOR-US: Moxa CVE-2017-12127 (A password storage vulnerability exists in the operating system functi ...) NOT-FOR-US: Moxa CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the ...) NOT-FOR-US: Moxa CVE-2017-12125 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-12123 (An exploitable clear text transmission of password vulnerability exist ...) NOT-FOR-US: Moxa CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image r ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 - sdl-image1.2 1.2.12-8 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488 NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09 NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665 CVE-2017-12121 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-12120 (An exploitable command injection vulnerability exists in the web serve ...) NOT-FOR-US: Moxa CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple AP ...) - cpp-ethereum (bug #860434) CVE-2017-12118 (An exploitable improper authorization vulnerability exists in miner_st ...) - cpp-ethereum (bug #860434) CVE-2017-12117 (An exploitable improper authorization vulnerability exists in miner_st ...) - cpp-ethereum (bug #860434) CVE-2017-12116 (An exploitable improper authorization vulnerability exists in miner_se ...) - cpp-ethereum (bug #860434) CVE-2017-12115 (An exploitable improper authorization vulnerability exists in miner_se ...) - cpp-ethereum (bug #860434) CVE-2017-12114 (An exploitable improper authorization vulnerability exists in admin_pe ...) - cpp-ethereum (bug #860434) CVE-2017-12113 (An exploitable improper authorization vulnerability exists in admin_no ...) - cpp-ethereum (bug #860434) CVE-2017-12112 (An exploitable improper authorization vulnerability exists in admin_ad ...) - cpp-ethereum (bug #860434) CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell f ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463 CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the xls_append ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462 CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the xls_prepar ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461 CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the xls_prepar ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460 CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing function ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing functiona ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ope ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457 CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ope ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456 CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ope ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455 CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ope ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454 CVE-2017-12101 (An exploitable integer overflow exists in the 'modifier_mdef_compact_i ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453 CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' f ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452 CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy Me ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451 CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...) - ruby-rails-admin (bug #900178) [stretch] - ruby-rails-admin (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450 NOTE: https://github.com/sferik/rails_admin/issues/2985 NOTE: https://github.com/sferik/rails_admin/commit/44f09ed72b5e0e917a5d61bd89c48d97c494b41c CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists in the ...) NOT-FOR-US: delayed_job_web rails gem CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle w ...) NOT-FOR-US: Circle of Disney CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point feature o ...) NOT-FOR-US: Circle of Disney CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of Cir ...) NOT-FOR-US: Circle with Disney CVE-2017-12093 (An exploitable insufficient resource pool vulnerability exists in the ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12092 (An exploitable file write vulnerability exists in the memory module fu ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12091 REJECTED CVE-2017-12090 (An exploitable denial of service vulnerability exists in the processin ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12089 (An exploitable denial of service vulnerability exists in the program d ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12088 (An exploitable denial of service vulnerability exists in the Ethernet ...) NOT-FOR-US: Allen Bradley Micrologix CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvcmdns l ...) - shairport-sync 3.1.4-1 (unimportant; bug #882508) NOTE: Debian build uses Avahi instead NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668 CVE-2017-12086 (An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_t ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438 CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...) NOT-FOR-US: Circle with Disney CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of Cir ...) NOT-FOR-US: Circle with Disney CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...) NOT-FOR-US: Circle with Disney CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh loadin ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434 CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433 CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration fi ...) NOT-FOR-US: Synology Photo Station CVE-2017-12079 (Files or directories accessible to external parties vulnerability in p ...) NOT-FOR-US: Synology Photo Station CVE-2017-12078 (Command injection vulnerability in EZ-Internet in Synology Router Mana ...) NOT-FOR-US: Synology CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...) NOT-FOR-US: Synology CVE-2017-12076 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...) NOT-FOR-US: Synology CVE-2017-12075 (Command injection vulnerability in EZ-Internet in Synology DiskStation ...) NOT-FOR-US: Synology CVE-2017-12074 (Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZon ...) NOT-FOR-US: Synology CVE-2017-12073 REJECTED CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...) NOT-FOR-US: Synology CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...) NOT-FOR-US: Synology CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation may be ...) NOT-FOR-US: OPC Foundation CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET Sam ...) NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array pa ...) NOT-FOR-US: WordPress plugin CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...) - potrace 1.15-1 (unimportant; bug #870356) NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/ NOTE: Crash only in CLI tool mkbitmap, negligible security impact CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...) - cacti 1.1.16+ds1-1 (bug #870354) [stretch] - cacti (Vulnerable code introduced later) [jessie] - cacti (Vulnerable code introduced later) [wheezy] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e NOTE: https://github.com/Cacti/cacti/issues/877 CVE-2017-12065 (spikekill.php in Cacti before 1.1.16 might allow remote attackers to e ...) - cacti 1.1.16+ds1-1 (bug #870353) [stretch] - cacti (Vulnerable code introduced later) [jessie] - cacti (Vulnerable code introduced later) [wheezy] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e NOTE: https://github.com/Cacti/cacti/issues/877 CVE-2017-12064 (The csv_log_html function in library/edihistory/edih_csv_inc.php in Op ...) NOT-FOR-US: OpenEMR CVE-2017-12063 RESERVED CVE-2017-12062 (An XSS issue was discovered in manage_user_page.php in MantisBT 2.x be ...) - mantis [wheezy] - mantis (Not supported in Wheezy LTS) CVE-2017-12061 (An XSS issue was discovered in admin/install.php in MantisBT before 1. ...) - mantis [wheezy] - mantis (Not supported in Wheezy LTS) CVE-2017-12060 RESERVED CVE-2017-12059 RESERVED CVE-2017-12058 RESERVED CVE-2017-12057 RESERVED CVE-2017-12056 RESERVED CVE-2017-12055 RESERVED CVE-2017-12054 RESERVED CVE-2017-12053 RESERVED CVE-2017-12052 RESERVED CVE-2017-12051 RESERVED CVE-2017-12050 RESERVED CVE-2017-12049 RESERVED CVE-2017-12048 RESERVED CVE-2017-12047 RESERVED CVE-2017-12046 RESERVED CVE-2017-12045 RESERVED CVE-2017-12044 RESERVED CVE-2017-12043 RESERVED CVE-2017-12042 RESERVED CVE-2017-12041 RESERVED CVE-2017-12040 RESERVED CVE-2017-12039 RESERVED CVE-2017-12038 RESERVED CVE-2017-12037 RESERVED CVE-2017-12036 RESERVED CVE-2017-12035 RESERVED CVE-2017-12034 RESERVED CVE-2017-12033 RESERVED CVE-2017-12032 RESERVED CVE-2017-12031 RESERVED CVE-2017-12030 RESERVED CVE-2017-12029 RESERVED CVE-2017-12028 RESERVED CVE-2017-12027 RESERVED CVE-2017-12026 RESERVED CVE-2017-12025 RESERVED CVE-2017-12024 RESERVED CVE-2017-12023 RESERVED CVE-2017-12022 RESERVED CVE-2017-12021 RESERVED CVE-2017-12020 RESERVED CVE-2017-12019 RESERVED CVE-2017-12018 RESERVED CVE-2017-12017 RESERVED CVE-2017-12016 RESERVED CVE-2017-12015 RESERVED CVE-2017-12014 RESERVED CVE-2017-12013 RESERVED CVE-2017-12012 RESERVED CVE-2017-12011 RESERVED CVE-2017-12010 RESERVED CVE-2017-12009 RESERVED CVE-2017-12008 RESERVED CVE-2017-12007 RESERVED CVE-2017-12006 RESERVED CVE-2017-12005 RESERVED CVE-2017-12004 RESERVED CVE-2017-12003 RESERVED CVE-2017-12002 RESERVED CVE-2017-12001 RESERVED CVE-2017-12000 RESERVED CVE-2017-11999 RESERVED CVE-2017-11998 RESERVED CVE-2017-11997 RESERVED CVE-2017-11996 RESERVED CVE-2017-11995 RESERVED CVE-2017-11994 RESERVED CVE-2017-11993 RESERVED CVE-2017-11992 RESERVED CVE-2017-11991 RESERVED CVE-2017-11990 RESERVED CVE-2017-11989 RESERVED CVE-2017-11988 RESERVED CVE-2017-11987 RESERVED CVE-2017-11986 RESERVED CVE-2017-11985 RESERVED CVE-2017-11984 RESERVED CVE-2017-11983 RESERVED CVE-2017-11982 RESERVED CVE-2017-11981 RESERVED CVE-2017-11980 RESERVED CVE-2017-11979 RESERVED CVE-2017-11978 RESERVED CVE-2017-11977 RESERVED CVE-2017-11976 RESERVED CVE-2017-11975 RESERVED CVE-2017-11974 RESERVED CVE-2017-11973 RESERVED CVE-2017-11972 RESERVED CVE-2017-11971 RESERVED CVE-2017-11970 RESERVED CVE-2017-11969 RESERVED CVE-2017-11968 RESERVED CVE-2017-11967 RESERVED CVE-2017-11966 RESERVED CVE-2017-11965 RESERVED CVE-2017-11964 RESERVED CVE-2017-11963 RESERVED CVE-2017-11962 RESERVED CVE-2017-11961 RESERVED CVE-2017-11960 RESERVED CVE-2017-11959 RESERVED CVE-2017-11958 RESERVED CVE-2017-11957 RESERVED CVE-2017-11956 RESERVED CVE-2017-11955 RESERVED CVE-2017-11954 RESERVED CVE-2017-11953 RESERVED CVE-2017-11952 RESERVED CVE-2017-11951 RESERVED CVE-2017-11950 RESERVED CVE-2017-11949 RESERVED CVE-2017-11948 RESERVED CVE-2017-11947 RESERVED CVE-2017-11946 RESERVED CVE-2017-11945 RESERVED CVE-2017-11944 RESERVED CVE-2017-11943 RESERVED CVE-2017-11942 RESERVED CVE-2017-11941 RESERVED CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-11939 (Microsoft Office 2016 Click-to-Run (C2R) allows an information disclos ...) NOT-FOR-US: Microsoft CVE-2017-11938 RESERVED CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-11936 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...) NOT-FOR-US: Microsoft CVE-2017-11935 (Microsoft Office 2016 Click-to-Run (C2R) allows a remote code executio ...) NOT-FOR-US: Microsoft CVE-2017-11934 (Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft ...) NOT-FOR-US: Microsoft CVE-2017-11933 RESERVED CVE-2017-11932 (Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 ...) NOT-FOR-US: Microsoft CVE-2017-11931 RESERVED CVE-2017-11930 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11929 RESERVED CVE-2017-11928 RESERVED CVE-2017-11927 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft Windows CVE-2017-11926 RESERVED CVE-2017-11925 RESERVED CVE-2017-11924 RESERVED CVE-2017-11923 RESERVED CVE-2017-11922 RESERVED CVE-2017-11921 RESERVED CVE-2017-11920 RESERVED CVE-2017-11919 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11918 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11917 RESERVED CVE-2017-11916 (ChakraCore allows an attacker to execute arbitrary code in the context ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11915 RESERVED CVE-2017-11914 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11913 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11912 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11911 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11910 (ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Se ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11909 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11908 (ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11907 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11906 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11905 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11904 RESERVED CVE-2017-11903 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11902 RESERVED CVE-2017-11901 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11900 RESERVED CVE-2017-11899 (Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2 ...) NOT-FOR-US: Microsoft Windows CVE-2017-11898 RESERVED CVE-2017-11897 RESERVED CVE-2017-11896 RESERVED CVE-2017-11895 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11894 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11893 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11892 RESERVED CVE-2017-11891 RESERVED CVE-2017-11890 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...) NOT-FOR-US: Microsoft Windows CVE-2017-11889 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) NOT-FOR-US: Microsoft ChakraCore CVE-2017-11888 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...) NOT-FOR-US: Microsoft Edge CVE-2017-11887 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2017-11886 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...) NOT-FOR-US: Microsoft Windows CVE-2017-11885 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft Windows CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbi ...) NOT-FOR-US: Microsoft CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...) NOT-FOR-US: .NET core CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pa ...) NOT-FOR-US: Microsoft CVE-2017-11881 RESERVED CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session informatio ...) NOT-FOR-US: Microsoft CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) NOT-FOR-US: Microsoft CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) NOT-FOR-US: Microsoft CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server 20 ...) NOT-FOR-US: Microsoft CVE-2017-11875 RESERVED CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ver ...) NOT-FOR-US: Microsoft CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Wi ...) NOT-FOR-US: Microsoft CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...) NOT-FOR-US: Microsoft CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...) NOT-FOR-US: Microsoft CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft CVE-2017-11868 RESERVED CVE-2017-11867 RESERVED CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) NOT-FOR-US: Microsoft CVE-2017-11865 RESERVED CVE-2017-11864 RESERVED CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...) NOT-FOR-US: Microsoft CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, v ...) NOT-FOR-US: Microsoft CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...) NOT-FOR-US: Microsoft CVE-2017-11860 RESERVED CVE-2017-11859 RESERVED CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11857 RESERVED CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2 ...) NOT-FOR-US: Microsoft CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 a ...) NOT-FOR-US: Microsoft CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) NOT-FOR-US: Microsoft CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows ...) NOT-FOR-US: Microsoft CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) NOT-FOR-US: Microsoft CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) NOT-FOR-US: Microsoft CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Ser ...) NOT-FOR-US: Microsoft CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 160 ...) NOT-FOR-US: Microsoft CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...) NOT-FOR-US: Microsoft CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Serve ...) NOT-FOR-US: Microsoft CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability wh ...) NOT-FOR-US: Microsoft CVE-2017-11828 RESERVED CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint S ...) NOT-FOR-US: Microsoft CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...) NOT-FOR-US: Microsoft CVE-2017-11824 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11823 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...) NOT-FOR-US: Microsoft CVE-2017-11822 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11821 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) NOT-FOR-US: Microsoft CVE-2017-11820 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2017-11819 (Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code i ...) NOT-FOR-US: Microsoft CVE-2017-11818 (The Microsoft Windows Storage component on Microsoft Windows 8.1, Wind ...) NOT-FOR-US: Microsoft CVE-2017-11817 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11816 (The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Win ...) NOT-FOR-US: Microsoft CVE-2017-11815 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2017-11814 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11813 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-11812 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703 ...) NOT-FOR-US: Microsoft CVE-2017-11811 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11810 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11809 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11808 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11807 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) NOT-FOR-US: Microsoft CVE-2017-11806 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) NOT-FOR-US: Microsoft CVE-2017-11805 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) NOT-FOR-US: Microsoft CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) NOT-FOR-US: Microsoft CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...) NOT-FOR-US: Microsoft CVE-2017-11800 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11799 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11798 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-11797 (ChakraCore allows an attacker to execute arbitrary code in the context ...) NOT-FOR-US: Microsoft CVE-2017-11796 (ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to ...) NOT-FOR-US: Microsoft CVE-2017-11795 RESERVED CVE-2017-11794 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) NOT-FOR-US: Microsoft CVE-2017-11793 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an at ...) NOT-FOR-US: Microsoft CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11789 RESERVED CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-11787 RESERVED CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2 ...) NOT-FOR-US: Skype CVE-2017-11785 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11784 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11783 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-11782 (The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 ...) NOT-FOR-US: Microsoft CVE-2017-11781 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2017-11780 (The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 ...) NOT-FOR-US: Microsoft CVE-2017-11779 (The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft ...) NOT-FOR-US: Microsoft CVE-2017-11778 RESERVED CVE-2017-11777 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2017-11776 (Microsoft Outlook 2016 allows an attacker to obtain the email content ...) NOT-FOR-US: Microsoft CVE-2017-11775 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2017-11774 (Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2 ...) NOT-FOR-US: Microsoft CVE-2017-11773 RESERVED CVE-2017-11772 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...) NOT-FOR-US: .NET Core CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 151 ...) NOT-FOR-US: Microsoft CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the curr ...) NOT-FOR-US: Microsoft CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-11765 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-11764 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-11763 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11762 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-11761 (Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allo ...) NOT-FOR-US: Microsoft CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...) NOT-FOR-US: ProjeQtOr CVE-2017-11759 RESERVED CVE-2017-11758 RESERVED CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...) NOT-FOR-US: Actian Pervasive PSQL server CVE-2017-XXXX [executes javascript code downloaded from insecure URL] - smplayer 17.7.0~ds0-1 (low; bug #870233) [stretch] - smplayer (Minor issue) [jessie] - smplayer (Minor issue) [wheezy] - smplayer (vulnerable code not present) NOTE: The version tracking here is not 100% since the vulnerable code still would NOTE: be present in the source. Users though need to explicitly rebuilt the package NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is NOTE: disabled by default on upstream since 17.2.0 CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGIm ...) {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870111) [stretch] - imagemagick (Minor issue) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/596 NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645 CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGIm ...) {DSA-4040-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870109) NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05 CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107) NOTE: https://github.com/ImageMagick/ImageMagick/issues/549 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105) NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3 NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated u ...) NOT-FOR-US: Earcms CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/634 NOTE: Possibly fixed by same commit as issue #631 upstream CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) - imagemagick (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/633 NOTE: ossibly fixed by same commit as issue #631 upstream CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7. ...) - imagemagick (Affects only ImageMagick-7; vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/629 CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870481) NOTE: https://github.com/ImageMagick/ImageMagick/issues/628 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0 CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870480) NOTE: https://github.com/ImageMagick/ImageMagick/issues/631 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323 CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 an ...) - imagemagick 8:6.9.7.4+dfsg-16 (bug #870478) [stretch] - imagemagick (Incomplete patch for upstream issues/618 not applied) [jessie] - imagemagick (Incomplete patch for upstream issues/618 not applied) [wheezy] - imagemagick (Incomplete patch for upstream issues/618 not applied) NOTE: https://github.com/ImageMagick/ImageMagick/issues/632 NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08 NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680 NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7 NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618 CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path ...) NOT-FOR-US: InternetSoft FTP Commander CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...) NOT-FOR-US: VIT Spider Player CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...) {DLA-2163-1} - tinyproxy 1.10.0-1 (bug #870307) [stretch] - tinyproxy 1.8.4-3~deb9u2 [wheezy] - tinyproxy (Minor issue) NOTE: https://github.com/tinyproxy/tinyproxy/issues/106 CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a n ...) {DLA-1069-1} - tenshi 0.13-2.1 (unimportant; bug #871321) [stretch] - tenshi 0.13-2.1~deb9u1 NOTE: https://github.com/inversepath/tenshi/issues/6 NOTE: https://github.com/inversepath/tenshi/commit/d0e7f28c13ffbd5888b31d6532c2faf78f10f176 NOTE: Negligible security impact CVE-2017-11745 RESERVED CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the Syste ...) NOT-FOR-US: MODX Revolution CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential th ...) NOT-FOR-US: MEDHOST Connex CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat i ...) - expat (Windows specfic issue) CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2017-11738 (In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, th ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...) - rspamd 1.7.6-1 [jessie] - rspamd (Vulnerable code not present) NOTE: https://github.com/vstakhov/rspamd/issues/1738 NOTE: https://github.com/rspamd/rspamd/pull/1739 CVE-2017-11736 (SQL injection vulnerability in core\admin\auto-modules\forms\process.p ...) NOT-FOR-US: BigTree CMS CVE-2017-11735 REJECTED CVE-2017-11734 (A heap-based buffer over-read was found in the function decompileCALLF ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/83 CVE-2017-11733 (A null pointer dereference vulnerability was found in the function sta ...) {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/78 CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function d ...) {DLA-1240-1} - ming NOTE: https://github.com/libming/libming/issues/80 CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/84 CVE-2017-11730 (A heap-based buffer over-read was found in the function OpCode (called ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/81 CVE-2017-11729 (A heap-based buffer over-read was found in the function OpCode (called ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/79 CVE-2017-11728 (A heap-based buffer over-read was found in the function OpCode (called ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/82 CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in ConnectWise Manage ...) NOT-FOR-US: ConnectWise Manage CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise Manage ...) NOT-FOR-US: ConnectWise Manage CVE-2017-11725 (The share function in Thycotic Secret Server before 10.2.000019 mishan ...) NOT-FOR-US: Thycotic Secret Server CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php ...) NOT-FOR-US: Xinha CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9 ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870023) NOTE: https://github.com/ImageMagick/ImageMagick/issues/624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...) {DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020) [stretch] - imagemagick (Minor issue, PoC triggers earlier assertion, fix reverted upstream) NOTE: https://github.com/ImageMagick/ImageMagick/issues/610 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36 NOTE: https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb NOTE: https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0 NOTE: fix reverted with CVE-2017-18029 NOTE: triggered by CVE-2017-12877 CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019) NOTE: https://github.com/ImageMagick/ImageMagick/issues/598 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89 CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found i ...) {DSA-4019-1} - imagemagick 8:6.9.7.4+dfsg-14 (bug #870014) [stretch] - imagemagick (Minor issue) [jessie] - imagemagick (vulnerable code not present) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/547 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375 CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...) {DSA-4204-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (bug #870012) NOTE: https://github.com/ImageMagick/ImageMagick/issues/362 NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f86268752ffc70e40b6e1afdebfc96dcc29452db CVE-2017-11722 (The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...) {DSA-4321-1} - graphicsmagick 1.3.26-4 (bug #870158) [jessie] - graphicsmagick (vulnerable code not present) [wheezy] - graphicsmagick (vulnerable code not present) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e CVE-2017-11721 (Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers ...) {DSA-3948-1 DSA-3941-1} - ioquake3 1.36+u20170803+dfsg1-1 (bug #870725) [wheezy] - ioquake3 (games are not supported in Wheezy) NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1 - iortcw 1.51+dfsg1-3 (bug #870811) NOTE: https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934 NOTE: Also affects openjk (only in experimental; fixed in 0~20170718+dfsg1-2 CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused by a ...) - lame 3.99.5+repack1-6 (low; bug #870809; bug #777159) [wheezy] - lame 3.99.5+repack1-3+deb7u1 NOTE: https://sourceforge.net/p/lame/bugs/460/ NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3. ...) {DSA-3957-1} - ffmpeg 7:3.3.3-1 - libav [jessie] - libav (Issue only present in ffmpeg since 6f1ccca4) NOTE: https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92 NOTE: Fixed in 3.2.7 CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...) NOT-FOR-US: MetInfo CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 secon ...) NOT-FOR-US: MetInfo CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.) NOT-FOR-US: MetInfo CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php exte ...) NOT-FOR-US: MetInfo CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869977) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) CVE-2017-11713 RESERVED CVE-2017-11712 RESERVED CVE-2017-11711 RESERVED CVE-2017-11710 RESERVED CVE-2017-11709 RESERVED CVE-2017-11708 RESERVED CVE-2017-11707 RESERVED CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote a ...) NOT-FOR-US: Boozt Fashion application CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in uti ...) - ming [wheezy] - ming (Minor issue present everywhere in the source code, hard to fix) NOTE: https://github.com/libming/libming/issues/71 CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...) {DLA-1133-1} - ming NOTE: https://github.com/libming/libming/issues/76 CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTIO ...) - ming [wheezy] - ming (Minor issue present everywhere in the source code, hard to fix) NOTE: https://github.com/libming/libming/issues/72 CVE-2017-11702 RESERVED CVE-2017-11701 RESERVED CVE-2017-11700 RESERVED CVE-2017-11699 RESERVED CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ...) - nss (bug #873259; unimportant) NOTE: Issues triggered by crafted DBM databases, which would NOTE: require local user access to a machine running NSS and NOTE: crafting the local DBM files. NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779 CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network Security Ser ...) - nss (bug #873258; unimportant) NOTE: Issues triggered by crafted DBM databases, which would NOTE: require local user access to a machine running NSS and NOTE: crafting the local DBM files. NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900 CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...) - nss (bug #873257; unimportant) NOTE: Issues triggered by crafted DBM databases, which would NOTE: require local user access to a machine running NSS and NOTE: crafting the local DBM files. NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778 CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...) - nss (bug #873256; unimportant) NOTE: Issues triggered by crafted DBM databases, which would NOTE: require local user access to a machine running NSS and NOTE: crafting the local DBM files. NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782 CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentials tha ...) NOT-FOR-US: MEDHOST Document Management System CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials tha ...) NOT-FOR-US: MEDHOST Document Management System CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 a ...) - yaml-cpp 0.6.3-1 (low; bug #870326) [buster] - yaml-cpp (Minor issue) [stretch] - yaml-cpp (Minor issue) [jessie] - yaml-cpp (Minor issue) [wheezy] - yaml-cpp (Minor issue) - yaml-cpp0.3 (bug #870327) [stretch] - yaml-cpp0.3 (Minor issue) [jessie] - yaml-cpp0.3 (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/519 NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18 CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code exe ...) NOT-FOR-US: Avira CVE-2017-11690 RESERVED CVE-2017-11689 RESERVED CVE-2017-11688 RESERVED CVE-2017-11687 (Multiple Persistent cross-site scripting (XSS) vulnerabilities in Even ...) NOT-FOR-US: Zoho ManageEngine Event Log Analyzer CVE-2017-11686 (Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attac ...) NOT-FOR-US: Zoho ManageEngine Event Log Analyzer CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in sear ...) NOT-FOR-US: Zoho ManageEngine Event Log Analyzer CVE-2017-11684 (There is an illegal address access in the build_table function in liba ...) - libav [jessie] - libav 6:11.11-1~deb8u1 - ffmpeg 7:2.3.1-1 NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1073 NOTE: Fixed by https://github.com/libav/libav/commit/ec683ed527cef9aad208d1daeb10d0e7fb63e75e.patch CVE-2017-11683 (There is a reachable assertion in the Internal::TiffReader::visitDirec ...) {DLA-3186-1 DLA-1147-1} - exiv2 0.27.2-6 (unimportant) NOTE: http://dev.exiv2.org/issues/1307 NOTE: https://github.com/Exiv2/exiv2/issues/57 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 NOTE: Problematic assert() exists in all versions in Debian. NOTE: Negligable security impact CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) NOT-FOR-US: Hashtopussy CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows rem ...) NOT-FOR-US: Hashtopussy CVE-2017-11680 (Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowin ...) NOT-FOR-US: Hashtopussy CVE-2017-11679 (Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the pas ...) NOT-FOR-US: Hashtopus CVE-2017-11678 (SQL injection vulnerability in Hashtopus 1.5g allows remote authentica ...) NOT-FOR-US: Hashtopus CVE-2017-11677 (Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remo ...) NOT-FOR-US: Hashtopus CVE-2017-11676 RESERVED CVE-2017-11675 (The traverseStrictSanitize function in admin_dir/includes/classes/Admi ...) NOT-FOR-US: ZenCart CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a denial o ...) NOT-FOR-US: Acunetix CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrar ...) NOT-FOR-US: Acunetix CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ins ...) NOT-FOR-US: OPC Foundation Local Discovery Server CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386. ...) - gcc-6 6.3.0-12 - gcc-5 5.4.1-10 - gcc-4.9 [jessie] - gcc-4.9 (Minor issue) - gcc-4.8 [jessie] - gcc-4.8 (Minor issue) - gcc-4.7 [wheezy] - gcc-4.7 (Minor issue) - gcc-4.6 [wheezy] - gcc-4.6 (Minor issue) NOTE: http://openwall.com/lists/oss-security/2017/07/27/2 NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 NOTE: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html CVE-2017-11670 (A length validation (leading to out-of-bounds read and write) flaw was ...) NOT-FOR-US: eapmd5pass CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function in ea ...) NOT-FOR-US: eapmd5pass CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ea ...) NOT-FOR-US: eapmd5pass CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...) {DSA-4019-1 DLA-1785-1} - imagemagick 8:6.9.7.4+dfsg-13 (bug #869830) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/501 NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa NOTE: https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc CVE-2017-11691 (Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...) - cacti 1.1.15+ds1-1 (bug #869848) [stretch] - cacti (Vulnerable code introduced later with addition of user profile management page for users) [jessie] - cacti (Vulnerable code introduced later with addition of user profile management page for users) [wheezy] - cacti (Vulnerable code introduced later with addition of user profile management page for users) NOTE: https://github.com/Cacti/cacti/issues/867 NOTE: /for/fohttps://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expir ...) NOT-FOR-US: OpenProject CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the f ...) NOT-FOR-US: Kopano CVE-2017-11665 (The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg ...) {DSA-3957-1} - ffmpeg 7:3.3.3-1 NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130 NOTE: Fixed in 3.2.7 CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0. ...) - wildmidi 0.4.2-1 (low; bug #871616) [stretch] - wildmidi (Minor issue) [jessie] - wildmidi (vulnerable code not present) [wheezy] - wildmidi (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0. ...) - wildmidi 0.4.2-1 (low; bug #871616) [stretch] - wildmidi (Minor issue) [jessie] - wildmidi (vulnerable code not present) [wheezy] - wildmidi (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ...) - wildmidi 0.4.2-1 (low; bug #871616) [stretch] - wildmidi (Minor issue) [jessie] - wildmidi (vulnerable code not present) [wheezy] - wildmidi (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0. ...) - wildmidi 0.4.2-1 (low; bug #871616) [stretch] - wildmidi (Minor issue) [jessie] - wildmidi (vulnerable code not present) [wheezy] - wildmidi (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11660 RESERVED CVE-2017-11659 RESERVED CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...) NOT-FOR-US: WordPress plugin CVE-2017-11657 (Dashlane might allow local users to gain privileges by placing a Troja ...) NOT-FOR-US: Dashlane CVE-2017-11656 RESERVED CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of ...) - sipcrack (unimportant; bug #869803) NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1 NOTE: Negligible security impact CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...) - sipcrack (unimportant; bug #869803) NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1 NOTE: Negligible security impact CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the D ...) NOT-FOR-US: Razer Synapse CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the C ...) NOT-FOR-US: Razer Synapse CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...) NOT-FOR-US: NexusPHP CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devic ...) NOT-FOR-US: DrayTek CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910 ...) NOT-FOR-US: DrayTek CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do ...) NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) NOT-FOR-US: NetComm Wireless 4GT101W routers CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) NOT-FOR-US: NetComm Wireless 4GT101W routers CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) NOT-FOR-US: NetComm Wireless 4GT101W routers CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870016) NOTE: https://github.com/ImageMagick/ImageMagick/issues/587 NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() func ...) {DSA-4321-1 DLA-1401-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870157) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71 CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPIm ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870156) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function i ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870155) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318 CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DSA-4040-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870067) NOTE: https://github.com/ImageMagick/ImageMagick/issues/584 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86 CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DSA-4204-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (bug #870065) NOTE: https://github.com/ImageMagick/ImageMagick/issues/588 NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImag ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870154) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLIm ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870153) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257 CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() funct ...) {DSA-4321-1 DLA-1401-1 DLA-1045-1} - graphicsmagick 1.3.26-4 (bug #870149) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers c ...) NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...) NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...) NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A root acco ...) NOT-FOR-US: Wireless IP Camera 360 devices CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL inj ...) NOT-FOR-US: Fiyo CMS CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows ...) NOT-FOR-US: Fiyo CMS CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in contro ...) NOT-FOR-US: FineCMS CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ...) {DSA-4081-1 DSA-4080-1 DLA-1066-1} - php7.1 7.1.8-1 (low) - php7.0 7.0.22-1 (low) - php5 (low) NOTE: https://bugs.php.net/bug.php?id=74603 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 NOTE: Fixed by https://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e CVE-2017-11627 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #871320) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/118 CVE-2017-11626 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #871320) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/119 CVE-2017-11625 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #871320) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/120 CVE-2017-11624 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #871320) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://github.com/qpdf/qpdf/issues/117 CVE-2017-11623 RESERVED CVE-2017-11622 RESERVED CVE-2017-11621 RESERVED CVE-2017-11620 RESERVED CVE-2017-11619 RESERVED CVE-2017-XXXX [out-of-bounds read in eexec_line()] - t1utils 1.40-1 (bug #868134; unimportant) [jessie] - t1utils (Vulnerable code introduced in 1.39) [wheezy] - t1utils (Vulnerable code introduced in 1.39) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/kohler/t1utils/issues/6 CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...) {DSA-4040-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (bug #869728) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84 CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) {DLA-2366-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727) NOTE: https://github.com/ImageMagick/ImageMagick/issues/546 NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9 CVE-2017-XXXX [memory leak in quantize] - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869722) [wheezy] - imagemagick 8:6.7.7.10-5+deb7u16 NOTE: Workaround entry for DLA-1081-1 since no CVE assigned NOTE: https://github.com/ImageMagick/ImageMagick/issues/574 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123 CVE-2017-12664 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721) NOTE: https://github.com/ImageMagick/ImageMagick/issues/574 NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in th ...) {DSA-4040-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (bug #869715) NOTE: https://github.com/ImageMagick/ImageMagick/issues/555 NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2 CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...) {DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869713) NOTE: https://github.com/ImageMagick/ImageMagick/issues/544 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277 CVE-2017-11618 RESERVED CVE-2017-11617 (Cross-site scripting (XSS) vulnerability in atmail prior to version 7. ...) - atmailopen CVE-2017-11616 RESERVED CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 ...) NOT-FOR-US: Wube Factorio CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for custo ...) NOT-FOR-US: MEDHOST Connex CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the TI ...) {DSA-4349-1 DLA-1411-1 DLA-1391-1} - tiff 4.0.9-5 (low; bug #869823) - tiff3 [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530 NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8 NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...) NOT-FOR-US: Joomla! CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...) NOT-FOR-US: ZyXEL CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulner ...) NOT-FOR-US: Wolf CMS CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2 ...) {DSA-3942-1 DLA-1047-1} - supervisor 3.3.1-1.1 (bug #870187) NOTE: https://github.com/Supervisor/supervisor/issues/964 NOTE: 3.3.3 https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e NOTE: 3.2.4 https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e NOTE: 3.1.4 https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88 NOTE: 3.0.1 https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0 CVE-2017-11609 RESERVED CVE-2017-11608 (There is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...) - libsass 3.4.6-1 (bug #870186) [stretch] - libsass (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474276 NOTE: https://github.com/sass/libsass/commit/648f763ede97f9a2c2c843a0a18ac18bbde3507b (3.4.6) CVE-2017-11607 RESERVED CVE-2017-11606 RESERVED CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...) NOTE: Bogus report against historic libsass version CVE-2017-11604 RESERVED CVE-2017-11603 RESERVED CVE-2017-11602 RESERVED CVE-2017-11601 RESERVED CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG ...) {DSA-3981-1 DLA-1099-1} - linux 4.12.6-1 NOTE: http://seclists.org/bugtraq/2017/Jul/30 CVE-2017-11599 RESERVED CVE-2017-11598 RESERVED CVE-2017-11597 RESERVED CVE-2017-11596 RESERVED CVE-2017-11595 RESERVED CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in Loo ...) - loomio (bug #756319) CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...) NOT-FOR-US: Chrome extension Markdown Preview Plus CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) - exiv2 (printTiffStructure introduced in 0.26; only affected experimental; bug #895568) NOTE: https://github.com/Exiv2/exiv2/issues/56 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function i ...) {DLA-3265-1 DLA-1147-1} - exiv2 0.27.2-6 (low; bug #876893) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/55 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1). CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in g ...) {DLA-1054-1} - libgxps 0.3.0-1 (low; bug #870183) [stretch] - libgxps (Minor issue) [jessie] - libgxps (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479 NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920 CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) NOT-FOR-US: Cisco CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) NOT-FOR-US: Cisco CVE-2017-11587 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) NOT-FOR-US: Cisco CVE-2017-11586 (dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in ...) NOT-FOR-US: FineCms CVE-2017-11585 (dayrui FineCms 5.0.9 has remote PHP code execution via the param param ...) NOT-FOR-US: FineCms CVE-2017-11584 (dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an a ...) NOT-FOR-US: FineCms CVE-2017-11583 (dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an a ...) NOT-FOR-US: FineCms CVE-2017-11582 (dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an act ...) NOT-FOR-US: FineCms CVE-2017-11581 (dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php ...) NOT-FOR-US: FineCms CVE-2017-11580 (Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory c ...) NOT-FOR-US: Blipcare Wifi blood pressure monitor BP700 10.1 devices CVE-2017-11579 (In the most recent firmware for Blipcare, the device provides an open ...) NOT-FOR-US: Blipcare CVE-2017-11578 (It was discovered as a part of the research on IoT devices in the most ...) NOT-FOR-US: Blipcare CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3088 NOTE: https://github.com/fontforge/fontforge/commit/3245d354865def9d712bdffe61fa211ad6aa4081 CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3091 NOTE: https://github.com/fontforge/fontforge/commit/df349365630344ef3004a3c7934c7e7496692fb1 CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3096 NOTE: https://github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3090 NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3 CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...) - fontforge (unimportant; bug #873588) NOTE: https://github.com/fontforge/fontforge/issues/3098 NOTE: Crash in GUI tool/related desktop libs, no security impact CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3092 CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3087 NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...) - fontforge (unimportant; bug #873587) NOTE: https://github.com/fontforge/fontforge/issues/3097 NOTE: Crash in GUI tool/related desktop libs, no security impact CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3093 NOTE: https://github.com/fontforge/fontforge/commit/7bfec47910293bf149b8debe44c6f3f788506092 CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ...) {DSA-3958-1 DLA-1065-1} - fontforge 1:20170731~dfsg-1 (bug #869614) NOTE: https://github.com/fontforge/fontforge/issues/3089 CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server ...) NOT-FOR-US: Mongoose CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field.) NOT-FOR-US: AppUse CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ...) - pagure (Fixed before initial upload to the archive) NOTE: https://pagure.io/pagure/pull-request/2426 CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command i ...) NOT-FOR-US: D-Link CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code executio ...) NOT-FOR-US: D-Link CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...) NOT-FOR-US: MT4 SenhaSegura CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...) NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...) NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...) NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2017-11558 RESERVED CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...) NOT-FOR-US: ZOHO ManageEngine Applications Manager CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...) - libsass 3.5.4-1 (bug #870182) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2447 NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623 CVE-2017-11555 (There is an illegal address access in the Eval::operator function in e ...) - libsass 3.5.4-1 (bug #870182) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2446 NOTE: https://github.com/sass/libsass/commit/946ef4995bee1b19de581b69850e1eb841c06b12 CVE-2017-11554 (There is a stack consumption vulnerability in the lex function in pars ...) - libsass 3.5.4-1 (bug #870182) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2445 NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623 CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...) - exiv2 (Vulnerable code introduced after 0.25; only present in experimental; bug #888874) NOTE: https://github.com/Exiv2/exiv2/issues/54 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use wit ...) - mpg321 0.3.2-2 (bug #870406) [stretch] - mpg321 (Minor issue) [jessie] - mpg321 (Minor issue) [wheezy] - mpg321 (Minor issue) NOTE: CVE was originally assigned for libmad, but further analysis has shown NOTE: that the underlying issue is in src:mpg321 NOTE: Cf. https://bugs.debian.org/870406#25 for more Details. NOTE: http://seclists.org/fulldisclosure/2017/Jul/94 CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows re ...) - libid3tag 0.15.1b-5 (bug #870333) NOTE: http://seclists.org/fulldisclosure/2017/Jul/85 NOTE: Same issue as #304913 CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows rem ...) - libid3tag 0.15.1b-9 (bug #405801) NOTE: http://seclists.org/fulldisclosure/2017/Jul/85 NOTE: Addressed by the 11_unknown_encoding.dpatch patch CVE-2017-11549 (The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ...) - timidity (unimportant; bug #870338) NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ NOTE: Crash in CLI tool, no security impact CVE-2017-11548 (The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ...) - libao (unimportant; bug #870608) NOTE: http://seclists.org/fulldisclosure/2017/Jul/84 NOTE: Not a security issue in ao, needs to be validated in applications using it, see #870608 CVE-2017-11547 (The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...) - timidity 2.14.0-4 (unimportant; bug #870338) NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ NOTE: Crash in CLI tool, no security impact CVE-2017-11546 (The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allo ...) - timidity 2.14.0-4 (unimportant; bug #870338) NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ NOTE: Crash in CLI tool, no security impact CVE-2017-11545 REJECTED CVE-2017-11544 REJECTED CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...) {DSA-3971-1 DLA-1090-1} - tcpdump 4.9.1-3 (bug #873806) NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print fun ...) {DSA-3971-1 DLA-1090-1} - tcpdump 4.9.1-3 (bug #873805) NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print func ...) {DSA-3971-1 DLA-1090-1} - tcpdump 4.9.1-3 (bug #873804) NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print CVE-2017-11540 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) - imagemagick (Only affects ImageMagick-7 series) NOTE: https://github.com/ImageMagick/ImageMagick/issues/581 CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870120) NOTE: https://github.com/ImageMagick/ImageMagick/issues/582 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/36aad912d1f405a28a9a1204120b569e7da5898e CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) - imagemagick (Vulnerable code introduced later, cf bug #870110) NOTE: https://github.com/ImageMagick/ImageMagick/issues/569 NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697 CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712) NOTE: https://github.com/ImageMagick/ImageMagick/issues/560 NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869831) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/567 NOTE: https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6 CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DSA-4204-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (bug #869827) NOTE: https://github.com/ImageMagick/ImageMagick/issues/561 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4 NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441 CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869711) NOTE: https://github.com/ImageMagick/ImageMagick/issues/564 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90 CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DSA-4204-1 DSA-4019-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (bug #869834) NOTE: https://github.com/ImageMagick/ImageMagick/issues/562 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59 CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869726) NOTE: https://github.com/ImageMagick/ImageMagick/issues/563 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161 CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) {DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869725) NOTE: https://github.com/ImageMagick/ImageMagick/issues/566 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8 CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...) {DLA-2865-1 DLA-1439-1 DLA-1040-1} - resiprocate (low; bug #869404) NOTE: https://github.com/resiprocate/resiprocate/pull/88 NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8 CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon paramet ...) NOT-FOR-US: ATutor CVE-2017-11520 RESERVED CVE-2017-11519 (passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an a ...) NOT-FOR-US: TP-Link CVE-2016-10399 (Sendio versions before 8.2.1 were affected by a Local File Inclusion v ...) NOT-FOR-US: Sendio CVE-2017-11518 RESERVED CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in Geuteb ...) NOT-FOR-US: Geutebrueck Gcore CVE-2017-11516 (An XSS vulnerability exists in framework/views/errorHandler/exception. ...) NOT-FOR-US: Yii Framework CVE-2017-11515 RESERVED CVE-2017-11514 RESERVED CVE-2017-11513 RESERVED CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) NOT-FOR-US: ManageEngine ServiceDesk CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) NOT-FOR-US: ManageEngine ServiceDesk CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...) NOT-FOR-US: Wanscam's HW0021 network camera CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...) {DLA-2824-1 DLA-2129-1 DLA-1374-1} - firebird3.0 3.0.3.32900.ds4-3 - firebird2.5 NOTE: https://www.tenable.com/security/research/tra-2017-36 NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed NOTE: in "any current release". NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, NOTE: and might actually be considered more of just a mitigation. NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) - check-mk 1.2.8p26-1 [wheezy] - check-mk (Minor issue) NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=7661 NOTE: https://www.tenable.com/security/research/tra-2017-20 CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...) NOT-FOR-US: Nessus CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor wa ...) - tor 0.3.1.7-1 (bug #869153) [stretch] - tor (Minor issue) [jessie] - tor (aa-exec in jessie is located in /usr/sbin/) [wheezy] - tor (aa-exec in jessie is located in /usr/sbin/) NOTE: https://twitter.com/pissquark/status/888142796414226432 CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9 ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210) NOTE: https://github.com/ImageMagick/ImageMagick/issues/591 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078 NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78 CVE-2017-11522 (The WriteOnePNGImage function in coders/png.c in ImageMagick through 6 ...) - imagemagick (bug #869209; vulnerable code not present, ImageMagick-7 issue only) NOTE: https://github.com/ImageMagick/ImageMagick/issues/586 NOTE: https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f CVE-2017-11504 RESERVED CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...) - libphp-phpmailer 6.0.6-0.1 (unimportant) NOTE: code_generator.phps installed to examples CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ar ...) NOT-FOR-US: Technicolor CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL Certi ...) NOT-FOR-US: NixOS CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...) NOT-FOR-US: MetInfo CVE-2017-11499 (Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...) - nodejs 4.8.4~dfsg-1 (bug #868162; unimportant) NOTE: https://nodejs.org/en/blog/release/v6.11.1/ NOTE: https://nodejs.org/en/blog/release/v4.8.4/ CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all ...) NOT-FOR-US: Gemalto ACC CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...) NOT-FOR-US: Gemalto ACC CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...) NOT-FOR-US: Gemalto ACC CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticat ...) NOT-FOR-US: PHICOMM CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...) NOT-FOR-US: SOL.Connect ISET-mpp meter CVE-2017-11493 REJECTED CVE-2017-11492 REJECTED CVE-2017-11491 REJECTED CVE-2017-11490 REJECTED CVE-2017-11489 REJECTED CVE-2017-11488 REJECTED CVE-2017-11487 REJECTED CVE-2017-11486 REJECTED CVE-2017-11485 REJECTED CVE-2017-11484 REJECTED CVE-2017-11483 REJECTED CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pa ...) - kibana (bug #700337) CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (X ...) - kibana (bug #700337) CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...) NOT-FOR-US: Packetbeat CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulner ...) - kibana (bug #700337) CVE-2017-11477 RESERVED CVE-2017-11476 RESERVED CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exp ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/com ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...) NOT-FOR-US: IDERA Uptime Monitor CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...) NOT-FOR-US: IDERA Uptime Monitor CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in th ...) NOT-FOR-US: IDERA Uptime Monitor CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly ...) - docker-registry 2.6.2~ds1-1 (bug #869242) CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...) NOT-FOR-US: OrientDB CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ...) - ruby2.3 (Specific to Ruby 2.4) - ruby2.1 (Specific to Ruby 2.4) CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...) {DLA-2285-1} - librsvg 2.40.18-1 (bug #869129) [jessie] - librsvg (Vulnerable code introduced in 2.40.9) [wheezy] - librsvg (Vulnerable code introduced in 2.40.9) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783835 NOTE: Introduced in: https://git.gnome.org/browse/librsvg/commit/?id=054807726db76558728e7a7513aabc4698b3dc95 (2.40.9) NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in arch/x86/k ...) - linux 4.13.4-1 (unimportant) [stretch] - linux 4.9.47-1 [jessie] - linux 3.16.51-1 [wheezy] - linux 3.2.96-1 NOTE: Fixed by: https://git.kernel.org/linus/dad5ab0db8deac535d03e3fe3d8f2892173fa6a4 NOTE: Non-issue since ACPI tables are trusted CVE-2017-11472 (The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in t ...) - linux 4.12.6-1 (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1) NOTE: Non-issue since ACPI tables are trusted CVE-2017-11466 (Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxF ...) NOT-FOR-US: dotCMS CVE-2017-11463 (In Ivanti Service Desk (formerly LANDESK Management Suite) versions be ...) NOT-FOR-US: LANDESK CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker ...) - krb5 1.15.2-1 (low; bug #873563) [stretch] - krb5 (Minor issue, might lead to behaviour changes) [jessie] - krb5 (Minor issue, might lead to behaviour changes) [wheezy] - krb5 (Minor issue, might lead to behaviour changes) NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions pr ...) NOT-FOR-US: NetApp CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService s ...) NOT-FOR-US: SAP CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...) NOT-FOR-US: SAP CVE-2017-11458 (Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol s ...) NOT-FOR-US: SAP CVE-2017-11457 (XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP Ne ...) NOT-FOR-US: SAP CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...) NOT-FOR-US: Geneko GWR routers CVE-2017-11455 (diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8. ...) NOT-FOR-US: Pulse Connect Secure CVE-2017-11454 RESERVED CVE-2017-11453 RESERVED CVE-2017-11452 RESERVED CVE-2017-11451 RESERVED CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867894) NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602 CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable st ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867896) NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0. ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867893) NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11 CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...) {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867897) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has a ...) {DSA-4019-1 DLA-1785-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950) NOTE: https://github.com/ImageMagick/ImageMagick/issues/537 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96182884778bfc43d6a9a0abd90cedb5d8cf8977 CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/a ...) NOT-FOR-US: Subrion CMS CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /fron ...) NOT-FOR-US: Subrion CMS CVE-2017-11443 RESERVED CVE-2017-11442 RESERVED CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before ...) NOT-FOR-US: WHM Upload Locale interface in cPanel CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the shell/Applic ...) NOT-FOR-US: Sitecore CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tool ...) NOT-FOR-US: Sitecore CVE-2017-11438 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.1 ...) - gitlab (Only affects 8.5 onwards) NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/ CVE-2017-11437 (GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, an ...) - gitlab (Only affects Enterprise Edition) NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905 NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/ CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x ...) NOT-FOR-US: D-Link CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authenticat ...) NOT-FOR-US: Humax Wi-Fi Router model HG100R-* CVE-2017-11434 (The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ...) {DSA-3925-1 DLA-1497-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-7 (bug #869171) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html CVE-2017-11433 RESERVED CVE-2017-11432 RESERVED CVE-2017-11431 RESERVED CVE-2017-11430 (OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the ...) - ruby-omniauth-saml (The actual vulnerability is in ruby-saml, which is used by the Debian package) NOTE: The change in 1.10.0 simply bumps the version requirement NOTE: https://github.com/omniauth/omniauth-saml/issues/156 NOTE: https://github.com/omniauth/omniauth-saml/pull/157 NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2017-11429 (Clever saml2-js 2.0 and earlier may incorrectly utilize the results of ...) NOT-FOR-US: Clever saml2-js NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://nodesecurity.io/advisories/567 NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2017-11428 (OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the resul ...) - ruby-saml 1.7.2-1 (bug #892865) [stretch] - ruby-saml (Minor issue) NOTE: fixed in 1.7.0 NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 NOTE: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f CVE-2017-11427 (OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the resu ...) NOT-FOR-US: OneLogin python-saml NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 CVE-2017-11426 RESERVED CVE-2017-11425 RESERVED CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm ...) {DSA-3979-1} - pyjwt 1.4.2-1.1 (bug #873244) NOTE: https://github.com/jpadilla/pyjwt/pull/277 CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...) {DSA-3946-1 DLA-1279-1} - libmspack 0.6-1 (bug #868956) - clamav 0.99.3~beta1+dfsg-1 (unimportant) [stretch] - clamav 0.99.4+dfsg-1+deb9u1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public) NOTE: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul NOTE: ClamAV: https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13 NOTE: ClamaV: https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96 NOTE: ClamAV uses the libmspack system library when available. This is the NOTE: case from starting from Debian Jessie. Debian Wheezy does not have NOTE: libmspack and thus need to have the fix as well in the src:clamav source package. CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's p ...) NOT-FOR-US: Statamic CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asusw ...) NOT-FOR-US: ASUS CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/edito ...) NOT-FOR-US: Fiyo CMS CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) NOT-FOR-US: Fiyo CMS CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) NOT-FOR-US: Fiyo CMS CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/inser ...) NOT-FOR-US: Fiyo CMS CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article ...) NOT-FOR-US: Fiyo CMS CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment ...) NOT-FOR-US: Fiyo CMS CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) NOT-FOR-US: Fiyo CMS CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/ ...) NOT-FOR-US: Fiyo CMS CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY di ...) - wireshark 2.4.0-1 (bug #870179) [stretch] - wireshark (Incomplete fix for CVE-2017-9350 not applied) [jessie] - wireshark (Incomplete fix for CVE-2017-9350 not applied) [wheezy] - wireshark (Incomplete fix for CVE-2017-9350 not applied) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a83a324acdfc07a0ca8b65e6ebaba3374ab19c76 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissect ...) - wireshark 2.4.0-1 (bug #870180) [jessie] - wireshark (Incomplete fix for CVE-2017-7702 not applied) [wheezy] - wireshark (Incomplete fix for CVE-2017-7702 not applied) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a l ...) {DLA-1634-1} - wireshark 2.2.0~rc1+g438c022-1 (low) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html NOTE: Technically the 2.2.0~rc1+g438c022-1 is just the first version in unstable NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid NOTE: in version 2.1.0. CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector co ...) {DSA-4060-1 DLA-1226-1} - wireshark 2.4.0-1 (bug #870172) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector coul ...) {DLA-1634-1} - wireshark 2.4.0-1 (low; bug #870172) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...) {DLA-1634-1} - wireshark 2.4.0-1 (bug #870172) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) NOT-FOR-US: CMS Made Simple CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) NOT-FOR-US: CMS Made Simple CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-3 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103 NOTE: issue. See: https://www.openwall.com/lists/oss-security/2017/09/01/6 NOTE: The addition required commit is: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection wh ...) - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1 NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 CVE-2017-11399 (Integer overflow in the ape_decode_frame function in libavcodec/apedec ...) {DSA-3957-1} - ffmpeg 7:3.3.3-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0 NOTE: Fixed in 3.2.7 CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro Sm ...) NOT-FOR-US: Trend Micro CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for E ...) NOT-FOR-US: Trend Micro CVE-2017-11396 (Vulnerability issues with the web service inspection of input paramete ...) NOT-FOR-US: Trend Micro Web Security Virtual Appliance CVE-2017-11395 (Command injection vulnerability in Trend Micro Smart Protection Server ...) NOT-FOR-US: Trend Micro Smart Protection Server CVE-2017-11394 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) NOT-FOR-US: Trend Micro CVE-2017-11393 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) NOT-FOR-US: Trend Micro CVE-2017-11392 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...) NOT-FOR-US: Trend Micro CVE-2017-11391 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...) NOT-FOR-US: Trend Micro CVE-2017-11390 (XML external entity (XXE) processing vulnerability in Trend Micro Cont ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11389 (Directory traversal vulnerability in Trend Micro Control Manager 6.0 a ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11388 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11387 (Authentication Bypass in Trend Micro Control Manager 6.0 causes Inform ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11386 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11385 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11384 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11383 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) NOT-FOR-US: Trend Micro Control Manager CVE-2017-11382 (Denial of Service vulnerability in Trend Micro Deep Discovery Email In ...) NOT-FOR-US: Trend Micro CVE-2017-11381 (A command injection vulnerability exists in Trend Micro Deep Discovery ...) NOT-FOR-US: Trend Micro Deep Discovery Director CVE-2017-11380 (Backup archives were found to be encrypted with a static password acro ...) NOT-FOR-US: Trend Micro Deep Discovery Director CVE-2017-11379 (Configuration and database backup archives are not signed or validated ...) NOT-FOR-US: Trend Micro Deep Discovery Director CVE-2017-11378 RESERVED CVE-2017-11377 RESERVED CVE-2017-11376 RESERVED CVE-2017-11375 RESERVED CVE-2017-11374 RESERVED CVE-2017-11373 RESERVED CVE-2017-11372 RESERVED CVE-2017-11371 RESERVED CVE-2017-11370 RESERVED CVE-2017-11369 RESERVED CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...) {DLA-1058-1} - krb5 1.15.1-2 (bug #869260) [stretch] - krb5 1.15-1+deb9u1 [jessie] - krb5 1.12.1+dfsg-19+deb8u3 NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2 CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 a ...) NOT-FOR-US: shoco CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...) NOT-FOR-US: Codiad CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access Control. Th ...) - symfony (introduced in versions that were never packaged in Debian) NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's own ...) NOT-FOR-US: Joomla! CVE-2017-11363 RESERVED CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...) - php7.1 7.1.8-1 (unimportant) - php7.0 7.0.22-1 (unimportant) - php5 (unimportant) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73473 NOTE: Fixed in 7.1.7, 7.0.21 NOTE: Only triggerable by malicious script CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...) NOT-FOR-US: Inteno routers CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808) NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allow ...) {DLA-1705-1 DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox 14.4.1-5+deb9u2 NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ NOTE: https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60 CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 all ...) {DLA-1705-1 DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox 14.4.1-5+deb9u2 NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ NOTE: https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00 CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not prope ...) NOT-FOR-US: Progress Telerik UI CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...) NOT-FOR-US: PEGA Platform CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7 ...) NOT-FOR-US: PEGA Platform CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_a ...) NOT-FOR-US: Fiyo CMS CVE-2017-11351 (Axesstel MU553S MU55XS-V1.14 devices have a default password of admin ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 CVE-2017-11350 (Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axess ...) NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose program ...) NOT-FOR-US: dataTaker CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with Packag ...) NOT-FOR-US: Octopus Deploy CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a ...) NOT-FOR-US: MetInfo CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote at ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASU ...) NOT-FOR-US: ASUS CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for AS ...) NOT-FOR-US: ASUS CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition (relate ...) - yadm 1.11.1-1 (bug #868300) [stretch] - yadm 1.06-1+deb9u1 NOTE: https://github.com/TheLocehiliosan/yadm/issues/74 CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Sc ...) - chicken 4.12.0-0.2 (bug #870266) [stretch] - chicken (Minor issue) [jessie] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...) NOTE: Bogus report against historic libsass version CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...) NOTE: Bogus report against historic libsass version CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/53 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950 NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/52 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946 NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/51 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913 NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file". NOTE: Reproducible with 0.26-1 (experimental). CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/50 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737 NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file". NOTE: Reproducible with 0.26-1 (experimental). NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption. CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...) - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/49 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729 NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind). NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4 ...) {DSA-4100-1 DLA-1094-1 DLA-1093-1} - tiff 4.0.8-4 (bug #868513) [stretch] - tiff (Minor issue) [jessie] - tiff (Minor issue) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556 CVE-2017-11529 (The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9- ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867823) NOTE: https://github.com/ImageMagick/ImageMagick/issues/525 CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867826) NOTE: https://github.com/ImageMagick/ImageMagick/issues/528 CVE-2017-11526 (The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9 ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867825) NOTE: https://github.com/ImageMagick/ImageMagick/issues/527 CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through 6. ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867824) [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/526 CVE-2017-11530 (The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9- ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867821) NOTE: https://github.com/ImageMagick/ImageMagick/issues/524 CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9. ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867798) NOTE: https://github.com/ImageMagick/ImageMagick/issues/506 CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...) {DSA-3925-1} - qemu 1:2.8+dfsg-7 (bug #869173) [jessie] - qemu (Minor issue, root DoS, Xen regression, multiple refactorings after 2.5, no reproducer) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 NOTE: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1752761 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...) {DSA-4113-1 DLA-2039-1 DLA-1368-1} - libvorbis 1.3.5-4.1 (low; bug #870341) NOTE: http://seclists.org/fulldisclosure/2017/Jul/82 NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) {DLA-1705-1 DLA-1197-1} - sox 14.4.2-2 (bug #870328) [stretch] - sox 14.4.1-5+deb9u2 NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ NOTE: https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571 CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...) - vorbis-tools (unimportant) NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch NOTE: still the return of malloc is not checked. NOTE: http://seclists.org/fulldisclosure/2017/Jul/80 NOTE: Crash in CLI tool only, negligible security impact CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFi ...) NOT-FOR-US: DivFix++ CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.ph ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with root and p ...) NOT-FOR-US: Android CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in obj ...) - yara 3.6.3+dfsg-1 [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...) NOT-FOR-US: Tilde CMS CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass t ...) NOT-FOR-US: Tilde CMS CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be rea ...) NOT-FOR-US: Tilde CMS CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...) NOT-FOR-US: Tilde CMS CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows r ...) NOT-FOR-US: ESTsoft ALZip CVE-2017-11322 (The chroothole_client executable in UCOPIA Wireless Appliance before 5 ...) NOT-FOR-US: UCOPIA Wireless Appliance CVE-2017-11321 (The restricted shell interface in UCOPIA Wireless Appliance before 5.1 ...) NOT-FOR-US: UCOPIA Wireless Appliance CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...) NOT-FOR-US: Technicolor TC7337 routers CVE-2017-11319 (Perspective ICM Investigation & Case 5.1.1.16 allows remote authentica ...) NOT-FOR-US: Perspective ICM Investigation CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...) NOT-FOR-US: Cobian CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...) NOT-FOR-US: Progress Telerik UI CVE-2017-11316 RESERVED CVE-2017-11315 RESERVED CVE-2017-11314 RESERVED CVE-2017-11313 RESERVED CVE-2017-11312 RESERVED CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt bef ...) - libopenmpt 0.2.8461~beta26-1 (bug #867579) [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2 CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick 7 ...) - imagemagick (Vulnerable code not present, Only affects ImageMagick-7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/517 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08 CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before 10 ...) NOT-FOR-US: Avaya IP Office CVE-2017-11308 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11307 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11306 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11305 (A regression affecting Adobe Flash Player version 27.0.0.187 (and earl ...) NOT-FOR-US: Adobe CVE-2017-11304 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...) NOT-FOR-US: Adobe CVE-2017-11303 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...) NOT-FOR-US: Adobe CVE-2017-11302 (An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. ...) NOT-FOR-US: Adobe CVE-2017-11301 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11300 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11299 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11298 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11297 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11296 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) NOT-FOR-US: Adobe CVE-2017-11295 (An issue was discovered in Adobe DNG Converter 9.12.1 and earlier vers ...) NOT-FOR-US: Adobe CVE-2017-11294 (An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An ...) NOT-FOR-US: Adobe CVE-2017-11293 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) NOT-FOR-US: Adobe CVE-2017-11292 (Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecod ...) NOT-FOR-US: Adobe Flash Player CVE-2017-11291 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) NOT-FOR-US: Adobe CVE-2017-11290 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) NOT-FOR-US: Adobe CVE-2017-11289 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) NOT-FOR-US: Adobe CVE-2017-11288 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) NOT-FOR-US: Adobe CVE-2017-11287 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) NOT-FOR-US: Adobe CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection vulnerabil ...) NOT-FOR-US: Adobe ColdFusion CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...) NOT-FOR-US: Adobe ColdFusion CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) NOT-FOR-US: Adobe ColdFusion CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) NOT-FOR-US: Adobe ColdFusion CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) NOT-FOR-US: Adobe CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) NOT-FOR-US: Adobe CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) NOT-FOR-US: Adobe CVE-2017-11279 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...) NOT-FOR-US: Adobe CVE-2017-11278 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) NOT-FOR-US: Adobe CVE-2017-11277 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) NOT-FOR-US: Adobe CVE-2017-11276 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) NOT-FOR-US: Adobe CVE-2017-11275 (Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overf ...) NOT-FOR-US: Adobe CVE-2017-11274 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...) NOT-FOR-US: Adobe CVE-2017-11273 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) NOT-FOR-US: Adobe CVE-2017-11272 (Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnera ...) NOT-FOR-US: Adobe CVE-2017-11271 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11270 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11269 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11268 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11267 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11266 REJECTED CVE-2017-11265 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11264 REJECTED CVE-2017-11263 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11262 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11261 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11260 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11259 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11258 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11257 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11256 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11255 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11254 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11253 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11252 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11251 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11250 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11249 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11248 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11247 REJECTED CVE-2017-11246 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11245 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11244 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11243 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11242 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11241 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11240 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2017-11239 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11238 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11237 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11236 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11235 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11234 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11233 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11232 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11231 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11230 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11229 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11228 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11227 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11226 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11225 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) NOT-FOR-US: Adobe CVE-2017-11224 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11223 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11222 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11221 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11220 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11219 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11218 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11217 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11216 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11215 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) NOT-FOR-US: Adobe CVE-2017-11214 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11213 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) NOT-FOR-US: Adobe CVE-2017-11212 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11211 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11210 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-11209 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-1000083 (backend/comics/comics-document.c (aka the comic book backend) in GNOME ...) {DSA-3916-1 DSA-3911-1 DLA-1031-1} - evince 3.22.1-4 - atril 1.16.1-2.1 (bug #868500) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630 CVE-2017-11208 RESERVED CVE-2017-11207 RESERVED CVE-2017-11206 RESERVED CVE-2017-11205 RESERVED CVE-2017-11204 RESERVED CVE-2017-11203 RESERVED CVE-2017-11202 (FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScri ...) NOT-FOR-US: FineCMS CVE-2017-11201 (application/core/controller/images.php in FineCMS through 2017-07-12 a ...) NOT-FOR-US: FineCMS CVE-2017-11200 (SQL Injection exists in FineCMS through 2017-07-12 via the application ...) NOT-FOR-US: FineCMS CVE-2017-11199 RESERVED CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...) NOT-FOR-US: FineCMS CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privi ...) NOT-FOR-US: CyberArk Viewfinity CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...) {DLA-3058-1 DLA-1049-1} - libsndfile 1.0.28-3 (bug #869166) [jessie] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/292 NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...) NOT-FOR-US: Pulse Connect Secure CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The he ...) NOT-FOR-US: Pulse Connect Secure CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetai ...) NOT-FOR-US: Pulse Connect Secure CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the dia ...) NOT-FOR-US: Pulse Connect Secure CVE-2017-11192 RESERVED CVE-2017-11191 (FreeIPA 4.x with API version 2.213 allows a remote authenticated users ...) NOTE: non-issue claimed for freepia CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...) - unrar-free 1:0.0.2-0.1 (unimportant; bug #995065) NOTE: Affected debug code not enabled NOTE: https://gitlab.com/bgermann/unrar-free/-/commit/e4b3d2d974780af12d8221a25165809e611676df CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...) - unrar-free 1:0.0.1+cvs20140707-4 (unimportant) NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...) NOT-FOR-US: phpMyFAQ CVE-2017-11186 RESERVED CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to c ...) {DSA-3962-1 DLA-1059-1} - strongswan 5.6.0-1 (bug #872155) NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7 CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated admi ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...) NOT-FOR-US: Rise Ultimate Project Manager CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...) NOT-FOR-US: Rise Ultimate Project Manager CVE-2017-11180 (FineCMS through 2017-07-11 has stored XSS in the logging functionality ...) NOT-FOR-US: FineCMS CVE-2017-11179 (FineCMS through 2017-07-11 has stored XSS in route=admin when modifyin ...) NOT-FOR-US: FineCMS CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style.php a ...) NOT-FOR-US: FineCMS CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file acce ...) NOT-FOR-US: TRITON CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...) {DSA-3945-1 DSA-3927-1 DLA-1099-1} - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1 CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is vulnera ...) NOT-FOR-US: J2 Innovations FIN Stack CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8 ...) NOT-FOR-US: XOOPS CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a ...) {DSA-3931-1} - ruby-rack-cors 0.4.1-1 [jessie] - ruby-rack-cors (Vulnerable code not present) CVE-2017-11172 RESERVED CVE-2017-1000096 (Arbitrary code execution due to incomplete sandbox protection: Constru ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000095 (The default whitelist included the following unsafe entries: DefaultGr ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000094 (Docker Commons Plugin provides a list of applicable credential IDs to ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000093 (Poll SCM Plugin was not requiring requests to its API be sent via POST ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000092 (Git Plugin connects to a user-specified Git repository as part of form ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000091 (GitHub Branch Source Plugin connects to a user-specified GitHub API UR ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000090 (Role-based Authorization Strategy Plugin was not requiring requests to ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000089 (Builds in Jenkins are associated with an authentication that controls ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000088 (The Sidebar Link plugin allows users able to configure jobs, views, an ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000087 (GitHub Branch Source provides a list of applicable credential IDs to a ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000086 (The Periodic Backup Plugin did not perform any permission checks, allo ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000085 (Subversion Plugin connects to a user-specified Subversion repository a ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000084 (Parameterized Trigger Plugin fails to check Item/Build permission: The ...) NOT-FOR-US: Jenkins plugin CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in gs ...) - gnome-session 2.30.0-1 NOTE: https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184) NOTE: https://github.com/ImageMagick/ImageMagick/issues/472 CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 device ...) NOT-FOR-US: iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices CVE-2017-11168 RESERVED CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...) NOT-FOR-US: FineCMS CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...) - imagemagick 8:6.9.7.4+dfsg-7 (unimportant; bug #868263) [wheezy] - imagemagick 8:6.7.7.10-5+deb7u14 NOTE: https://github.com/ImageMagick/ImageMagick/issues/471 CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: dataTaker CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...) - pcre3 (unimportant) NOTE: http://openwall.com/lists/oss-security/2017/07/11/3 CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...) - cacti 1.1.12+ds1-1 (bug #868080) [stretch] - cacti (Vulnerable code introduced later) [jessie] - cacti (Vulnerable code introduced later) [wheezy] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/847 NOTE: aggregate_graphs.php not available in 0.8.8. NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4 CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo Stat ...) NOT-FOR-US: Synology CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station befor ...) NOT-FOR-US: Synology CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in Synolog ...) NOT-FOR-US: Installer in Synology Assistant CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in Synolog ...) NOT-FOR-US: Installer in Synology Photo Station Uploader CVE-2017-11158 (Multiple untrusted search path vulnerabilities in the installer in Syn ...) NOT-FOR-US: Synology Cloud Station Drive CVE-2017-11157 (Multiple untrusted search path vulnerabilities in the installer in Syn ...) NOT-FOR-US: Synology CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2 ...) NOT-FOR-US: Synology Download Station CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo S ...) NOT-FOR-US: Synology Photo Station CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in Sy ...) NOT-FOR-US: Synology Photo Station CVE-2017-11153 (Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology ...) NOT-FOR-US: Synology Photo Station CVE-2017-11152 (Directory traversal vulnerability in PixlrEditorHandler.php in Synolog ...) NOT-FOR-US: Synology Photo Station CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station befo ...) NOT-FOR-US: Synology Photo Station CVE-2017-11150 (Command injection vulnerability in Document.php in Synology Office 2.2 ...) NOT-FOR-US: Synology Office CVE-2017-11149 (Server-side request forgery (SSRF) vulnerability in Downloader in Syno ...) NOT-FOR-US: Synology Download Station CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview in Sy ...) NOT-FOR-US: Synology Chat CVE-2017-11146 REJECTED CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ...) {DSA-4081-1 DSA-4080-1 DLA-1034-1} - php7.1 7.1.8-1 - php7.0 7.0.22-1 - php5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 NOTE: Fixed by: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and re-encryp ...) - jenkins CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...) NOT-FOR-US: ONOS CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.) NOT-FOR-US: ONOS CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS.) NOT-FOR-US: ONOS CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registra ...) NOT-FOR-US: ONOS CVE-2017-1000077 REJECTED CVE-2017-1000076 REJECTED CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an un ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass i ...) - php-cas 1.3.6-1 (bug #868466) [stretch] - php-cas (Minor issue) [jessie] - php-cas (Minor issue) [wheezy] - php-cas (Minor issue, only works with old CAS server) NOTE: https://github.com/Jasig/phpCAS/issues/228 NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd NOTE: The vulnerability only exists when the server is affected by NOTE: another very old vulnerability fixed in 2010. CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an o ...) NOT-FOR-US: Bitly oauth2_proxy CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow) NOT-FOR-US: Bitly oauth2_proxy CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an authent ...) NOT-FOR-US: TestTrack CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injecti ...) NOT-FOR-US: MODX Revolution CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently ...) - keepass2 (Only affects 1.x) CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in Open ...) NOT-FOR-US: OpenMediaVault CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...) NOT-FOR-US: kittoframework kitto CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...) NOT-FOR-US: kittoframework kitto CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...) NOT-FOR-US: kittoframework kitto CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansio ...) - xmlsec1 1.2.24-1 [stretch] - xmlsec1 (Minor issue) [jessie] - xmlsec1 (Minor issue) [wheezy] - xmlsec1 (Minor issue) NOTE: https://github.com/lsh123/xmlsec/issues/43 CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leadin ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site S ...) NOT-FOR-US: Live Helper Chat CVE-2017-1000058 (Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one ...) NOT-FOR-US: chevereto CMS CVE-2017-1000057 REJECTED CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...) - kubernetes 1.5.5+dfsg-1 NOTE: https://github.com/kubernetes/kubernetes/issues/43459 CVE-2017-1000055 REJECTED CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdo ...) NOT-FOR-US: Rocket.Chat CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) NOT-FOR-US: Elixir Plug CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) NOT-FOR-US: Elixir Plug CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs C ...) NOT-FOR-US: XWiki labs CVE-2017-1000049 REJECTED CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...) NOT-FOR-US: ljharb CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in t ...) - rbenv (bug #869702) [bookworm] - rbenv (Minor issue) [bullseye] - rbenv (Minor issue) [buster] - rbenv (Minor issue) [stretch] - rbenv (Minor issue) [jessie] - rbenv (Minor issue) [wheezy] - rbenv (Minor issue) NOTE: https://github.com/rbenv/rbenv/issues/977 NOTE: .ruby-version is .rbenv-version in wheezy NOTE: https://github.com/rbenv/rbenv/commit/370c26a6c9ee0511972ea04904fcc89014a22987 (v1.2.0) CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies) NOT-FOR-US: Mautic CVE-2017-1000045 REJECTED CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulne ...) NOT-FOR-US: Mapbox.js CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulne ...) NOT-FOR-US: Mapbox.js CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV Ex ...) NOT-FOR-US: Framadate CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XS ...) NOT-FOR-US: WordPress plugin CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD resul ...) NOT-FOR-US: RVM CVE-2017-1000036 REJECTED CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attac ...) - tt-rss 17.1+git20170410+dfsg-1 NOTE: https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserializa ...) NOT-FOR-US: Akka CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflec ...) NOT-FOR-US: WordPress plugin CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remot ...) - cacti 0.8.8b+dfsg-6 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u3 NOTE: MITRE will not reject the entry, but the issue is already covered by the NOTE: patch as for CVE-2014-4002. See discussion in NOTE: https://github.com/distributedweaknessfiling/DWF-CVE-Database/issues/27 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8 ...) - cacti 0.8.8e+ds1-1 [jessie] - cacti (Minor issue, can be mitigated with Web Application Firewalls) [wheezy] - cacti (Minor issue, can be mitigated with Web Application Firewalls) NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789 NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172. NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on vulnerability NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite sharing attack NOTE: vectors with this vulnerability, and covers different attack vectors than NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be NOTE: independently fixable from said vulnerability based on the fix provided here: NOTE: https://github.com/Cacti/cacti/issues/866 NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448 NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46 NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5 NOTE: After the request to MITRE to reject this CVE, elbrus discovered that also NOTE: CVE-2015-4634 seems part of the duplication. Upstream commit 4e4dd67 was in the NOTE: preperation git tree for 1.x, its equivalent svn commit was used to fix NOTE: CVE-2015-4634 in Debian. CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable t ...) NOT-FOR-US: Koozali Foundation SME Server CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...) {DSA-3915-1} - ruby-mixlib-archive 0.4.1-1 (bug #868572) NOTE: https://github.com/chef/mixlib-archive/pull/6 NOTE: https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 befo ...) - epiphany-browser 3.22.6-1 (unimportant) NOTE: webkit not covered by security support CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...) - shotwell 0.25.4+really0.24.5-0.1 (unimportant) CVE-2017-1000023 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS w ...) NOT-FOR-US: LogicalDoc Community Edition CVE-2017-1000022 (LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect acce ...) NOT-FOR-US: LogicalDoc Community Edition CVE-2017-1000021 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when ...) NOT-FOR-US: LogicalDoc Community Edition CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded de ...) NOT-FOR-US: ECos CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the re ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-7 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/afe84645f29f5acc9970f3ffa5673585bf2dee7d (4.0-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1af76a88545352 (4.4-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/96b4f13e54c9ebbebfd19d0690bfa0812b6818c1 (4.6-branch) CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-6 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8ad5bd759156c8c00a1c3e0ef374660027a3bb4 (4.0-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e675c1ab20387 (4.{4,6}-branch) CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary value ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f9ecaab86c488d106b1588d7683a6d53ef CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-4 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/8a0816266cc1db9e9889829f9f0d88a19650c977 (4.0-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e65355bf49f342 (4.4-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3a6247674e653507294f23480b4c0e1c532badbe (4.6-branch) CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the t ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-3 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3d230b6ab76ff018645f2090c2664169835f465b (4.{0,4,6}-branch) CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakne ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7fe97a1f3c4695f630e39d9433b8fa7539eee30e (4.0-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b92497767c8677653cba (4.4-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4c84070ad6136c3158caa93286754ebbfbce61ab (4.6-branch) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/e37bf40f44a3272a6709eb5b38feccac41658e3f (4.6-branch) CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...) NOT-FOR-US: MySQL Dumper CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database manag ...) NOT-FOR-US: MyWebSQL CVE-2017-1000010 (Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avf ...) - audacity (Specific to Windows packaging) CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell ...) NOT-FOR-US: Akeneo PIM CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user setting ...) NOT-FOR-US: Chyrp Lite CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate veri ...) NOT-FOR-US: txAWS CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an X ...) NOT-FOR-US: plotly.js (different from the plotly Python package) CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the nam ...) NOT-FOR-US: PHPMiniAdmin CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...) NOT-FOR-US: ATutor CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to an incorrect acces ...) NOT-FOR-US: ATutor CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory traver ...) NOT-FOR-US: ATutor CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw res ...) - fedmsg (bug #868508) [jessie] - fedmsg (Minor issue) NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264) NOTE: https://github.com/ImageMagick/ImageMagick/issues/469 NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 c ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-3 (low) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJN ...) {DSA-4321-1} - graphicsmagick 1.3.26-2 (low) [jessie] - graphicsmagick (vulnerable code for CVE-2017-11102 not applied in Jessie) [wheezy] - graphicsmagick (vulnerable code for CVE-2017-11102 not applied in Wheezy) NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b CVE-2017-11138 RESERVED CVE-2017-11137 RESERVED CVE-2017-11136 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11135 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11134 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11133 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11132 (An issue was discovered in heinekingmedia StashCat before 1.5.18 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11131 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11130 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11129 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) NOT-FOR-US: heinekingmedia StashCat CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by t ...) NOT-FOR-US: Bolt CMS CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ...) NOT-FOR-US: Bolt CMS CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...) - mpg123 1.25.3-1 (unimportant) NOTE: no security impact CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_p ...) - xar CVE-2017-11124 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unser ...) - xar CVE-2017-11123 RESERVED CVE-2017-11122 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can t ...) NOT-FOR-US: Broadcom CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, p ...) NOT-FOR-US: Broadcom CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, a ...) NOT-FOR-US: Broadcom CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...) - xine-lib-1.2 (it is built with --disable-nosefart) - xine-lib (it is built with --disable-nosefart) NOTE: https://sourceforge.net/p/nosefart/bugs/6/ CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in Open ...) NOT-FOR-US: OpenExif CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenEx ...) NOT-FOR-US: OpenExif CVE-2017-11116 (The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenEx ...) NOT-FOR-US: OpenExif CVE-2017-11115 (The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in ...) NOT-FOR-US: OpenExif CVE-2017-11114 (The put_chars function in html_r.c in Twibright Links 2.14 allows remo ...) - links2 2.14-3 (unimportant; bug #870299) NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76 CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9- ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867812) NOTE: https://github.com/ImageMagick/ImageMagick/issues/523 CVE-2017-11528 (The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9- ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867811) NOTE: https://github.com/ImageMagick/ImageMagick/issues/522 CVE-2017-11525 (The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9- ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867810) NOTE: https://github.com/ImageMagick/ImageMagick/issues/519 CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867806) NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_e ...) - ncurses 6.0+20170701-1 [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691 CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...) - ncurses 6.0+20170701-1 [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686 CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...) {DLA-1041-1} - nasm 2.13.02-0.1 (bug #867988) [stretch] - nasm (Minor issue) [jessie] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415 CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers ...) {DSA-3917-1 DLA-1037-1} - catdoc 1:0.95-3 (bug #867717) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471 CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) o ...) {DLA-1871-1 DLA-1030-1} - vim 2:8.0.0197-5 (low; bug #867720) [stretch] - vim 2:8.0.0197-4+deb9u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service (he ...) {DSA-3971-1 DLA-1090-1} - tcpdump 4.9.1-1 (bug #867718) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468504 NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1 (4.9.1) CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the ...) {DLA-1561-1 DLA-1019-1} - phpldapadmin 1.2.2-6.2 (bug #867719) NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50 NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 CVE-2017-11106 RESERVED CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 part ...) NOT-FOR-US: OnePlus CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...) - jasper (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2017/03/06/1 NOTE: https://github.com/mdadams/jasper/issues/120 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293 CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/u ...) NOT-FOR-US: kindeditor CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services wit ...) {DSA-3912-1 DSA-3909-1 DLA-1027-1} - heimdal 7.4.0.dfsg.1-1 (bug #868208) - samba 2:4.6.5+dfsg-4 (bug #868209) [wheezy] - samba (Heimdal is only used in 4.x, wheezy ships 3.6.6) - samba4 [wheezy] - samba4 (dynamically linked against system heimdal) NOTE: https://orpheus-lyre.info/ NOTE: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea NOTE: samba's source package embeds heimdal but the binary is statically linked to src:heimdal NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894 CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...) {DSA-4321-1 DLA-1456-1 DLA-1045-1} - graphicsmagick 1.3.26-2 (bug #867746) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230 CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) - swftools (unimportant; bug #871022) NOTE: https://github.com/matthiaskramm/swftools/issues/26 CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...) - swftools (unimportant; bug #871024) NOTE: https://github.com/matthiaskramm/swftools/issues/27 CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...) - swftools (unimportant; bug #871018) NOTE: https://github.com/matthiaskramm/swftools/issues/31 CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...) - swftools (unimportant; bug #871020) NOTE: https://github.com/matthiaskramm/swftools/issues/32 CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...) - swftools (unimportant; bug #871025) NOTE: https://github.com/matthiaskramm/swftools/issues/24 CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) - swftools (unimportant; bug #871026) NOTE: https://github.com/matthiaskramm/swftools/issues/25 CVE-2017-11095 RESERVED CVE-2017-11094 RESERVED CVE-2017-11093 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11092 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11091 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) - linux 4.12.6-1 [stretch] - linux 4.9.47-1 [jessie] - linux 3.16.51-1 NOTE: Fixed by: https://git.kernel.org/linus/8feb69c7bd89513be80eb19198d48f154b254021 CVE-2017-11088 (Improper Input Validation in Linux io-prefetch in Snapdragon Mobile an ...) NOT-FOR-US: Snapdragon CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android cop ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-11086 RESERVED CVE-2017-11085 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11084 RESERVED CVE-2017-11083 RESERVED CVE-2017-11082 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11081 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11077 RESERVED CVE-2017-11076 RESERVED CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: HTC component for Android CVE-2017-11071 REJECTED CVE-2017-11070 RESERVED CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11068 RESERVED CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11065 RESERVED CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11058 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-11039 RESERVED CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11037 RESERVED CVE-2017-11036 RESERVED CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11034 RESERVED CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11021 RESERVED CVE-2017-11020 REJECTED CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11011 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11009 RESERVED CVE-2017-11008 REJECTED CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm closed-source components for Android CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm closed-source components for Android CVE-2017-11004 (A non-secure user may be able to access certain registers in snapdrago ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-11001 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-11000 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-10999 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-10998 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-10997 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-10996 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allow ...) {DSA-4204-1 DLA-1081-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #867748) NOTE: https://github.com/ImageMagick/ImageMagick/issues/538 NOTE: https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23 NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fdc09dc8f9522f07f5f501fe8453765ad82556c NOTE: The second commit is not security sensitive relevant, cf. NOTE: https://github.com/ImageMagick/ImageMagick/issues/538#issuecomment-317047977 CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrar ...) NOT-FOR-US: Foxit Reader CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...) NOT-FOR-US: Contao CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...) NOT-FOR-US: HPE CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...) NOT-FOR-US: WordPress plugin CVE-2017-10990 RESERVED CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...) {DLA-1633-1 DLA-1018-1} - sqlite3 3.19.3-3 (bug #867618) [stretch] - sqlite3 3.16.2-5+deb9u1 - sqlite (rtree extension not present in v2) NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 NOTE: https://sqlite.org/src/info/66de6f4a NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 NOTE: http://marc.info/?l=sqlite-users&m=149933696214713&w=2 CVE-2017-10988 REJECTED CVE-2017-10987 (An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buff ...) - freeradius 3.0.15+dfsg-1 (bug #868765) [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 [jessie] - freeradius (Only affects 3.x series) [wheezy] - freeradius (Only affects 3.x series) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-304 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866 CVE-2017-10986 (An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infi ...) - freeradius 3.0.15+dfsg-1 (bug #868765) [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 [jessie] - freeradius (Only affects 3.x series) [wheezy] - freeradius (Only affects 3.x series) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-303 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c CVE-2017-10985 (An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite lo ...) - freeradius 3.0.15+dfsg-1 (bug #868765) [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 [jessie] - freeradius (Only affects 3.x series) [wheezy] - freeradius (Only affects 3.x series) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-302 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97 CVE-2017-10984 (An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overf ...) - freeradius 3.0.15+dfsg-1 (bug #868765) [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 [jessie] - freeradius (Only affects 3.x series) [wheezy] - freeradius (Only affects 3.x series) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-301 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806 CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...) {DSA-3930-1 DLA-1064-1} - freeradius 3.0.15+dfsg-1 (bug #868765) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206 NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buff ...) {DLA-1064-1} - freeradius 3.0.12+dfsg-3 [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875 NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable NOTE: This is not fully technically correct, the issue affects only the 2.x NOTE: series but not 3.x. CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...) {DLA-1064-1} - freeradius 3.0.12+dfsg-3 [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable NOTE: This is not fully technically correct, the issue affects only the 2.x NOTE: series but not 3.x. CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...) {DLA-1064-1} - freeradius 3.0.12+dfsg-3 [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029 NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable NOTE: This is not fully technically correct, the issue affects only the 2.x NOTE: series but not 3.x. CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overf ...) {DLA-1064-1} - freeradius 3.0.12+dfsg-3 [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5 NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable NOTE: This is not fully technically correct, the issue affects only the 2.x NOTE: series but not 3.x. CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...) {DSA-3930-1 DLA-1064-1} - freeradius 3.0.15+dfsg-1 (bug #868765) NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201 NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68 NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/fc8662d7e827f630d515eaa0bddfa94754c8047f CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...) - systemd 234-1 (unimportant) [jessie] - systemd (Vulnerable code introduced in systemd-229) [wheezy] - systemd (Vulnerable code introduced in systemd-229) NOTE: https://github.com/systemd/systemd/issues/6237 NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159 NOTE: https://www.openwall.com/lists/oss-security/2017/07/02/1 CVE-2017-10977 RESERVED CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...) - swftools (unimportant) NOTE: ttftool not shipped in Debian package CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might all ...) NOT-FOR-US: Lutim CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ...) - yaws 1.91-2 NOTE: Slightly different, additional CVE assignment which MITRE insists on, but fixed by the NOTE: original patch for CVE-2011-4350 CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...) NOT-FOR-US: FineCMS CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 a ...) - cacti 1.1.12+ds1-1 (bug #867532) [stretch] - cacti (Vulnerable code introduced later) [jessie] - cacti (Vulnerable code introduced later) [wheezy] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/838 NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5 CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ...) {DLA-1034-1} - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 [jessie] - php5 5.6.30+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773 NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ...) {DLA-1034-1} - php7.1 (Fixed with initial upload to unstable) - php7.0 7.0.13-1 - php5 [jessie] - php5 5.6.28+dfsg-0+deb8u1 NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192 NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...) {DSA-4081-1 DSA-4080-1 DLA-1034-1} - php7.1 7.1.8-1 - php7.0 7.0.22-1 - php5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e NOTE: https://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...) {DSA-4081-1 DLA-1034-1} - php7.1 (Only affected 5.6) - php7.0 (Only affected 5.6) - php5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...) {DSA-4081-1} - php7.1 7.1.3+-1 - php7.0 7.0.17-1 - php5 [wheezy] - php5 (vulnerable code not present) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807 NOTE: Fixed in 7.1.3, 7.0.17, 5.6.31 NOTE: https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3 NOTE: https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handling of ...) {DSA-3905-1 DLA-1026-1} - xorg-server 2:1.19.3-2 (bug #867492) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6 CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X ...) {DSA-3905-1 DLA-1026-1} - xorg-server 2:1.19.3-2 (bug #867492) NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455 NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6 CVE-2017-10969 RESERVED CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.ph ...) NOT-FOR-US: FineCMS CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php a ...) NOT-FOR-US: FineCMS CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the inte ...) {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) [stretch] - irssi 1.0.2-1+deb9u2 [jessie] - irssi 0.8.17-1+deb8u5 NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...) {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) [stretch] - irssi 1.0.2-1+deb9u2 [jessie] - irssi 0.8.17-1+deb8u5 NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 CVE-2017-10964 RESERVED CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobil ...) NOT-FOR-US: Samsung CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string.) NOT-FOR-US: REDCap CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File Repos ...) NOT-FOR-US: REDCap CVE-2017-10960 RESERVED CVE-2017-10959 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10958 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10957 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10956 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-10955 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: EMC CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bitdefender Internet Security Internet Security 2018 CVE-2017-10953 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10952 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10951 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10950 (This vulnerability allows local attackers to execute arbitrary code on ...) NOT-FOR-US: Bitdefender Total Security CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes Informati ...) NOT-FOR-US: Dell Storage Manager CVE-2017-10948 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10947 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10946 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10945 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10944 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-10943 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-10942 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2017-10941 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2017-10940 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Joyent CVE-2017-10939 REJECTED CVE-2017-10938 REJECTED CVE-2017-10937 (SQL injection vulnerability in all versions prior to V2.01.05.09 of th ...) NOT-FOR-US: ZTE CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 of the Z ...) NOT-FOR-US: ZTE ZXCDN-SNS CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products ...) NOT-FOR-US: ZTE ZXR10 1800-2S products CVE-2017-10934 (All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use ...) NOT-FOR-US: ZTE ZXIPTV-EPG product CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring sy ...) NOT-FOR-US: ZTE ZXDT22 SF01 CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series pro ...) NOT-FOR-US: ZTE Microwave CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download o ...) NOT-FOR-US: ZXR10 1800-2S CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a re ...) NOT-FOR-US: ZXR10 1800-2S CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...) {DLA-1044-1} - ipsec-tools 1:0.8.2+20140711-9 (bug #867986) [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1 [jessie] - ipsec-tools (Will be fixed via point release) NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1 NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682 NOTE: Patch disputed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1047443#c1 NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...) {DLA-1016-1} - radare2 1.6.0+dfsg-1 (low; bug #867369) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/7855 NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85 CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextTo ...) {DSA-3914-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #867367) NOTE: https://github.com/ImageMagick/ImageMagick/issues/539 CVE-2017-10927 RESERVED CVE-2017-10926 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...) NOT-FOR-US: IrfanView CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...) NOT-FOR-US: IrfanView CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) NOT-FOR-US: IrfanView CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) - node-mqtt (Fixed before initial upload) CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) - h2o 2.2.4+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1544 CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and e ...) NOT-FOR-US: OneThird CMS Show Off CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 th ...) - fluentd (bug #926692) CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...) NOT-FOR-US: Qt for Android CVE-2017-10904 (Qt for Android prior to 5.9.0 allows remote attackers to execute arbit ...) NOT-FOR-US: Qt for Android CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 a ...) NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...) NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote a ...) NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass ...) NOT-FOR-US: PTW-WMS1 firmware CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT clou ...) NOT-FOR-US: A-Reserve CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...) NOT-FOR-US: A-Member CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ro ...) NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG ...) NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: sDNSProxy CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...) NOT-FOR-US: StreamRelay.NET CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification Servic ...) NOT-FOR-US: The Public Certification Service for Individuals CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) NOT-FOR-US: Music Center for PC CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...) NOT-FOR-US: Media Go CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to 09.87.1 ...) NOT-FOR-US: RX-V200 firmware CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML Ex ...) NOT-FOR-US: TablePress CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver ...) NOT-FOR-US: BOOK WALKER CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2 ...) NOT-FOR-US: BOOK WALKER CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...) NOT-FOR-US: CS-Cart CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...) NOT-FOR-US: HYPER SBI CVE-2017-10884 RESERVED CVE-2017-10883 RESERVED CVE-2017-10882 RESERVED CVE-2017-10881 RESERVED CVE-2017-10880 RESERVED CVE-2017-10879 RESERVED CVE-2017-10878 RESERVED CVE-2017-10877 RESERVED CVE-2017-10876 RESERVED CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacke ...) NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query pack ...) NOT-FOR-US: PWR-Q200 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass authenticati ...) NOT-FOR-US: OpenAM CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) - h2o 2.2.4+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1543 CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02 ...) NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 20 ...) NOT-FOR-US: Rakuraku Hagaki CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote attacke ...) - h2o 2.2.3+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1460 CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause a denia ...) - h2o 2.2.3+dfsg-1 (medium) NOTE: https://github.com/h2o/h2o/issues/1459 CVE-2017-10867 RESERVED CVE-2017-10866 RESERVED CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...) NOT-FOR-US: HIBUN Confidential File Decryption CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...) NOT-FOR-US: HIBUN Confidential File Decryption CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...) NOT-FOR-US: HIBUN Confidential File Decryption CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...) NOT-FOR-US: jwt-scala CVE-2017-10861 (Directory traversal vulnerability in QND Advance/Standard allows an at ...) NOT-FOR-US: QND Advance/Standard CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...) NOT-FOR-US: i-filter 6.0 installer CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...) NOT-FOR-US: i-filter 6.0 installer CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...) NOT-FOR-US: i-filter 6.0 install program CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypas ...) NOT-FOR-US: Cybozu CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL ...) NOT-FOR-US: SEIL CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4 ...) NOT-FOR-US: FENCE-Explorer for Windows CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypa ...) NOT-FOR-US: Corega CG-WGR1200 firmware CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) NOT-FOR-US: Corega CG-WGR1200 firmware CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) NOT-FOR-US: Corega CG-WGR1200 firmware CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge Ut ...) NOT-FOR-US: Installer for ContentsBridge Utility for Windows CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...) NOT-FOR-US: Various installer for Drivers for ApeosPort-VI and DocuCentre-VI products CVE-2017-10849 (Untrusted search path vulnerability in Self-extracting document genera ...) NOT-FOR-US: DocuWorks CVE-2017-10848 (Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 ...) NOT-FOR-US: Installers for DocuWorks CVE-2017-10847 RESERVED CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote at ...) NOT-FOR-US: Wi-Fi STATION L-02F Software CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote at ...) NOT-FOR-US: Wi-Fi STATION L-02F Software CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to e ...) NOT-FOR-US: baserCMS CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote a ...) NOT-FOR-US: baserCMS CVE-2017-10842 (SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 ...) NOT-FOR-US: baserCMS CVE-2017-10841 (Directory traversal vulnerability in WebCalendar 1.2.7 and earlier all ...) - webcalendar CVE-2017-10840 (Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier al ...) - webcalendar CVE-2017-10839 (SQL injection vulnerability in the SEO Panel prior to version 3.11.0 a ...) NOT-FOR-US: SEO Panel CVE-2017-10838 (Cross-site scripting vulnerability in SEO Panel prior to version 3.11. ...) NOT-FOR-US: SEO Panel CVE-2017-10837 (Cross-site scripting vulnerability in BackupGuard prior to version 1.1 ...) NOT-FOR-US: BackupGuard CVE-2017-10836 (Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlie ...) NOT-FOR-US: Optimal Guard CVE-2017-10835 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware CVE-2017-10834 (Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD F ...) NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware CVE-2017-10833 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware CVE-2017-10832 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware CVE-2017-10831 (Untrusted search path vulnerability in The electronic authentication s ...) NOT-FOR-US: The CRCA user's Software system CVE-2017-10830 (Untrusted search path vulnerability in Security Setup Tool all version ...) NOT-FOR-US: Security Setup Tool CVE-2017-10829 (Untrusted search path vulnerability in Remote Support Tool (Enkaku Sup ...) NOT-FOR-US: Remote Support Tool (Enkaku Support Tool) CVE-2017-10828 (Untrusted search path vulnerability in Flets Install Tool all versions ...) NOT-FOR-US: Flets Install Tool CVE-2017-10827 (Untrusted search path vulnerability in Flets Azukeru for Windows Auto ...) NOT-FOR-US: Flets Azukeru for Windows Auto Backup Tool CVE-2017-10826 (Untrusted search path vulnerability in Security Kinou Mihariban v1.0.2 ...) NOT-FOR-US: Security Kinou Mihariban CVE-2017-10825 (Untrusted search path vulnerability in Installer of Flets Easy Setup T ...) NOT-FOR-US: Installer of Flets Easy Setup Tool CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software Versi ...) NOT-FOR-US: TDB CA TypeA use software CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji Hou ...) NOT-FOR-US: Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...) NOT-FOR-US: Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...) NOT-FOR-US: Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for W ...) NOT-FOR-US: Installer of IP Messenger for Win CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...) NOT-FOR-US: MaLion CVE-2017-10818 (MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cr ...) NOT-FOR-US: MaLion CVE-2017-10817 (MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to b ...) NOT-FOR-US: MaLion CVE-2017-10816 (SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to ...) NOT-FOR-US: MaLion CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is in ...) NOT-FOR-US: MaLion CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allow ...) NOT-FOR-US: CG-WLR300NM Firmware CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ex ...) NOT-FOR-US: CG-WLR300NM Firmware CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software Ve ...) NOT-FOR-US: Photo Collection PC Software CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an att ...) NOT-FOR-US: Buffalo WCR-1166DS devices CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in drivers/gpu/dr ...) {DSA-3927-1} - linux 4.11.11-1 (low) [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/385aee965b4e4c36551c362a334378d2985b722a CVE-2017-10809 RESERVED CVE-2017-10808 RESERVED CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Em ...) {DSA-3925-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #867751) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate ...) {DSA-3902-1} - jabberd2 2.6.1-1 (bug #867032) NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16 NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/17921 CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/17914 CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/17898 CVE-2017-10802 RESERVED CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...) NOT-FOR-US: phpSocial CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, i ...) {DSA-4321-1} - graphicsmagick 1.3.26-1 (bug #867060) [jessie] - graphicsmagick (Minor issue) [wheezy] - graphicsmagick (Minor issue) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 NOTE: The above commit unfortunately is not enough. There are more related NOTE: changes, and Bob Friesenhahn commented that it's not complete. All NOTE: the rlated changesets to mat.c since the one referenced should be NOTE: picked up. CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata indica ...) {DSA-4321-1 DLA-1755-1 DLA-1045-1} - graphicsmagick 1.3.26-1 (bug #867077) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62 CVE-2017-10798 (In ObjectPlanet Opinio before 7.6.4, there is XSS.) NOT-FOR-US: ObjectPlanet Opinio CVE-2017-10797 RESERVED CVE-2017-10796 (On TP-Link NC250 devices with firmware through 1.2.1 build 170515, any ...) NOT-FOR-US: TP-Link CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows r ...) NOT-FOR-US: Subrion CMS CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadat ...) {DSA-4321-1} - graphicsmagick 1.3.26-1 (bug #867085) [jessie] - graphicsmagick (vulnerable code not present) [wheezy] - graphicsmagick (vulnerable code not present) NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2 CVE-2017-10793 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and ...) NOT-FOR-US: Arris CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...) - pspp 1.0.0-1 (unimportant; bug #866890) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467005 NOTE: No security impact, crash in CLI tool CVE-2017-10791 (There is an Integer overflow in the hash_int function of the libpspp l ...) - pspp 1.0.0-1 (unimportant; bug #866890) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004 NOTE: No security impact as built in Debian CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...) {DSA-4106-1 DLA-2255-1 DLA-1038-1} - libtasn1-6 4.12-2.1 (bug #867398) - libtasn1-3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141 NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39 CVE-2017-10789 (The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 sett ...) {DLA-1079-1} - libdbd-mysql-perl 4.046-1 (bug #866821) [stretch] - libdbd-mysql-perl (Minor issue, can be fixed via point release) [jessie] - libdbd-mysql-perl (Minor issue, can be fixed via point release) NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/110 NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/114 NOTE: Upstream 4.042 fixed this issue, but was reverted upstream in 4.043: NOTE: https://www.nntp.perl.org/group/perl.dbi.dev/2017/08/msg8037.html NOTE: No upstream-blessed patch available. CVE-2017-10788 (The DBD::mysql module through 4.043 for Perl allows remote attackers t ...) {DLA-1079-1} - libdbd-mysql-perl 4.046-1 (bug #866818) [stretch] - libdbd-mysql-perl (Minor issue, can be fixed via point release) [jessie] - libdbd-mysql-perl (Minor issue, can be fixed via point release) NOTE: http://seclists.org/oss-sec/2017/q2/443 NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/120 NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/142 CVE-2017-10787 RESERVED CVE-2017-10786 RESERVED CVE-2017-10785 RESERVED CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...) {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1} - ruby2.3 2.3.5-1 (bug #875931) - ruby2.1 - ruby1.9.1 - ruby1.8 NOTE: https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/ NOTE: https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7 NOTE: https://hackerone.com/reports/223363 CVE-2017-10783 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10782 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10781 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10780 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10779 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10778 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10777 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10776 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10775 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10774 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10773 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10772 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10771 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10770 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10769 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10768 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10767 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10766 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10765 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10764 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10763 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10762 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10761 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10760 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10759 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10758 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10757 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10756 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10755 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10754 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10753 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10752 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10751 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) NOT-FOR-US: XnView CVE-2017-10750 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10749 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10748 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10747 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10746 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10745 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10744 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10743 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10742 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10741 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10740 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10739 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10738 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10737 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10736 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) NOT-FOR-US: XnView CVE-2017-10735 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) NOT-FOR-US: IrfanView CVE-2017-10734 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) NOT-FOR-US: IrfanView CVE-2017-10733 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) NOT-FOR-US: IrfanView CVE-2017-10732 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) NOT-FOR-US: IrfanView CVE-2017-10731 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) NOT-FOR-US: IrfanView CVE-2017-10730 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) NOT-FOR-US: IrfanView CVE-2017-10729 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) NOT-FOR-US: IrfanView CVE-2017-10728 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) NOT-FOR-US: Winamp CVE-2017-10727 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) NOT-FOR-US: Winamp CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) NOT-FOR-US: Winamp CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary cod ...) NOT-FOR-US: Winamp CVE-2017-10724 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10723 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10722 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10721 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10720 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10719 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10718 (Recently it was discovered as a part of the research on IoT devices in ...) NOT-FOR-US: Shekar Endoscope CVE-2017-10717 RESERVED CVE-2017-10716 RESERVED CVE-2017-10715 RESERVED CVE-2017-10714 RESERVED CVE-2017-10713 RESERVED CVE-2017-10712 RESERVED CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send P ...) NOT-FOR-US: SimpleRisk CVE-2017-10710 RESERVED CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) NOT-FOR-US: Elephone P9000 devices CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) NOT-FOR-US: Apport CVE-2017-10707 RESERVED CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) NOT-FOR-US: When Antiy Antivirus Engine CVE-2017-10705 RESERVED CVE-2017-10704 RESERVED CVE-2017-10703 RESERVED CVE-2017-10702 RESERVED CVE-2017-10701 (Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 ...) NOT-FOR-US: SAP Enterprise Portal CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authentica ...) NOT-FOR-US: QNAP CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 201 ...) {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 NOTE: https://trac.videolan.org/vlc/ticket/18467 CVE-2017-10698 RESERVED CVE-2017-10697 RESERVED CVE-2017-10696 RESERVED CVE-2017-10695 RESERVED CVE-2017-10694 RESERVED CVE-2017-10693 RESERVED CVE-2017-10692 RESERVED CVE-2017-10691 RESERVED CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...) - puppet (Only affects Puppet 5, only in experimental) NOTE: https://puppet.com/security/cve/CVE-2017-10690 NOTE: https://tickets.puppetlabs.com/browse/PUP-8225 NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a modu ...) - puppet 5.4.0-1 (bug #890412) [stretch] - puppet (Minor issue) [jessie] - puppet (Minor issue) [wheezy] - puppet (vulnerable code not present) NOTE: https://puppet.com/security/cve/CVE-2017-10689 NOTE: https://tickets.puppetlabs.com/browse/PUP-7866 NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399 CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectory ...) {DSA-3903-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866611) - tiff3 [wheezy] - tiff3 (vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...) NOTE: Bogus report against historic libsass version CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...) {DLA-1041-1} - nasm 2.13.02-0.1 (bug #867988) [stretch] - nasm (Minor issue) [jessie] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414 CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entr ...) - ncurses 6.0+20170701-1 [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692 CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entr ...) - ncurses 6.0+20170708-1 [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses 5.9+20140913-1+deb8u1 [wheezy] - ncurses (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687 CVE-2017-10683 (In mpg123 1.25.0, there is a heap-based buffer over-read in the conver ...) {DLA-1017-1} - mpg123 1.25.1-1 (bug #866860) [stretch] - mpg123 (Minor issue) [jessie] - mpg123 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465819 NOTE: Duplicate of https://sourceforge.net/p/mpg123/bugs/252/ NOTE: Patch: http://scm.orgis.org/view/mpg123/trunk/src/libmpg123/id3.c?sortby=date&r1=4249&r2=4248&pathrev=4249 CVE-2017-10682 (SQL injection vulnerability in the administrative backend in Piwigo th ...) - piwigo CVE-2017-10681 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) - piwigo CVE-2017-10680 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) - piwigo CVE-2017-10679 (Piwigo through 2.9.1 allows remote attackers to obtain sensitive infor ...) - piwigo CVE-2017-10678 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) - piwigo CVE-2017-10677 (Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices wit ...) NOT-FOR-US: Linksys EA4500 devices CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was ...) NOT-FOR-US: D-Link CVE-2017-10675 RESERVED CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a de ...) NOT-FOR-US: Antiy Antivirus Engine CVE-2015-9106 RESERVED NOT-FOR-US: WordPress plugin the-holiday-calendar CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video ...) NOT-FOR-US: Synology CVE-2015-9104 (Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5 ...) NOT-FOR-US: Synology CVE-2015-9103 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Note S ...) NOT-FOR-US: Synology CVE-2015-9102 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...) NOT-FOR-US: Synology CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field.) NOT-FOR-US: GetSimple CMS CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) {DSA-4042-1 DLA-1171-1} - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8 CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...) - thttpd CVE-2017-10670 (An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as use ...) NOT-FOR-US: OSCI-Transport CVE-2017-10669 (Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transp ...) NOT-FOR-US: OSCI-Transport CVE-2017-10668 (A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transpor ...) NOT-FOR-US: OSCI-Transport CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can cause XS ...) NOT-FOR-US: Zen Cart CVE-2017-10666 RESERVED CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson Grou ...) NOT-FOR-US: Kayson Group Ltd. phpGrid CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf thr ...) - dwarfutils 20170416-3 (bug #866968) [stretch] - dwarfutils 20161124-1+deb9u1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756 CVE-2017-9997 RESERVED CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which a ...) {DSA-3920-1 DLA-1599-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-7 (bug #866674) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...) - linux 4.12.6-1 [stretch] - linux 4.9.47-1 [jessie] - linux (Hard to backport and low priority outside of Android) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1) CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ke ...) - linux 4.9.30-1 [jessie] - linux (Hard to backport and low priority outside of Android) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1) CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allo ...) {DLA-1099-1} - linux 4.9.30-1 [jessie] - linux 3.16.43-2+deb8u5 NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1) CVE-2017-10660 REJECTED CVE-2017-10659 REJECTED CVE-2017-10658 REJECTED CVE-2017-10657 REJECTED CVE-2017-10656 REJECTED CVE-2017-10655 REJECTED CVE-2017-10654 REJECTED CVE-2017-10653 REJECTED CVE-2017-10652 REJECTED CVE-2017-10651 REJECTED CVE-2017-10650 RESERVED CVE-2017-10649 RESERVED CVE-2017-10648 RESERVED CVE-2017-10647 RESERVED CVE-2017-10646 RESERVED CVE-2017-10645 RESERVED CVE-2017-10644 RESERVED CVE-2017-10643 RESERVED CVE-2017-10642 RESERVED CVE-2017-10641 RESERVED CVE-2017-10640 RESERVED CVE-2017-10639 RESERVED CVE-2017-10638 RESERVED CVE-2017-10637 RESERVED CVE-2017-10636 RESERVED CVE-2017-10635 RESERVED CVE-2017-10634 RESERVED CVE-2017-10633 RESERVED CVE-2017-10632 RESERVED CVE-2017-10631 RESERVED CVE-2017-10630 RESERVED CVE-2017-10629 RESERVED CVE-2017-10628 RESERVED CVE-2017-10627 RESERVED CVE-2017-10626 RESERVED CVE-2017-10625 RESERVED CVE-2017-10624 (Insufficient verification of node certificates in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2017-10623 (Lack of authentication and authorization of cluster messages in Junipe ...) NOT-FOR-US: Juniper CVE-2017-10622 (An authentication bypass vulnerability in Juniper Networks Junos Space ...) NOT-FOR-US: Juniper CVE-2017-10621 (A denial of service vulnerability in telnetd service on Juniper Networ ...) NOT-FOR-US: Juniper CVE-2017-10620 (Juniper Networks Junos OS on SRX series devices do not verify the HTTP ...) NOT-FOR-US: Juniper CVE-2017-10619 (When Express Path (formerly known as service offloading) is configured ...) NOT-FOR-US: Juniper CVE-2017-10618 (When the 'bgp-error-tolerance' feature â€" designed to help ...) NOT-FOR-US: Juniper CVE-2017-10617 (The ifmap service that comes bundled with Contrail has an XML External ...) NOT-FOR-US: Juniper CVE-2017-10616 (The ifmap service that comes bundled with Juniper Networks Contrail re ...) NOT-FOR-US: Juniper CVE-2017-10615 (A vulnerability in the pluggable authentication module (PAM) of Junipe ...) NOT-FOR-US: Juniper CVE-2017-10614 (A vulnerability in telnetd service on Junos OS allows a remote attacke ...) NOT-FOR-US: Juniper CVE-2017-10613 (A vulnerability in a specific loopback filter action command, processe ...) NOT-FOR-US: Juniper CVE-2017-10612 (A persistent site scripting vulnerability in Juniper Networks Junos Sp ...) NOT-FOR-US: Juniper CVE-2017-10611 (If extended statistics are enabled via 'set chassis extended-statistic ...) NOT-FOR-US: Juniper CVE-2017-10610 (On SRX Series devices, a crafted ICMP packet embedded within a NAT64 I ...) NOT-FOR-US: Juniper CVE-2017-10609 RESERVED CVE-2017-10608 (Any Juniper Networks SRX series device with one or more ALGs enabled m ...) NOT-FOR-US: Juniper CVE-2017-10607 (Juniper Networks Junos OS 16.1R1, and services releases based off of 1 ...) NOT-FOR-US: Juniper CVE-2017-10606 (Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper ...) NOT-FOR-US: Juniper CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP relay is con ...) NOT-FOR-US: Juniper CVE-2017-10604 (When the device is configured to perform account lockout with a define ...) NOT-FOR-US: Juniper CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a locally aut ...) NOT-FOR-US: Juniper CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a local auth ...) NOT-FOR-US: Juniper CVE-2017-10601 (A specific device configuration can result in a commit failure conditi ...) NOT-FOR-US: Juniper CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...) NOT-FOR-US: ubuntu-image CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x be ...) - ffmpeg 7:3.2.5-1 - libav (Vulnerable feature not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660 NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature that is NOTE: not present in Libav. Libav detects CHUNKY files and bails out early. CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validat ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69 NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706 CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x b ...) {DLA-1630-1} - ffmpeg 7:3.2.5-1 - libav [wheezy] - libav (Vulnerable code not present, WebP decoder feature introduced in v10) NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6 ...) {DSA-3957-1 DLA-1630-1} - ffmpeg 7:3.2.6-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021 NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb NOTE: Fixed in 3.2.6 NOTE: Jessie is only partially affected. Only the second commit is NOTE: relevant. HTTP Live Streaming filename extension code is not present. CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in libavcodec/d ...) {DSA-4012-1 DLA-1142-1} - ffmpeg 7:3.2.5-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360 NOTE: Fixed in 11.11 CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in libavco ...) - ffmpeg 7:3.2.5-1 - libav (Vulnerable feature not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06 NOTE: The error occurs in the support for 8bpp XWD images where bpp and image NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp NOTE: images and bails out early -- Diego Biurrun (libav project) CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in li ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879 CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A craf ...) {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/86 CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...) {DLA-1176-1} - ming NOTE: https://github.com/libming/libming/issues/85 CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in m ...) {DLA-1907-1} - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1067 NOTE: Five different issues but only one POC instead of five attached. NOTE: Requires more information. CVE-2017-9986 (The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel thr ...) - linux 4.15.4-1 (unimportant) NOTE: No security issue, only "exploitable" with malicious ISA cards CVE-2017-9985 (The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...) - linux 4.13.4-1 (unimportant) [stretch] - linux 4.9.51-1 NOTE: No security issue, only "exploitable" with malicious ISA cards NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196133 CVE-2017-9984 (The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in t ...) - linux 4.13.4-1 (unimportant) [stretch] - linux 4.9.51-1 NOTE: No security issue, only "exploitable" with malicious ISA cards NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196131 CVE-2017-9983 RESERVED CVE-2017-9982 (TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of s ...) - teamspeak-client [wheezy] - teamspeak-client (non-free is not supported) CVE-2017-9981 RESERVED CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "P ...) NOT-FOR-US: Green Packet CVE-2017-9979 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the RE ...) NOT-FOR-US: QuantaStor CVE-2017-9978 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw wa ...) NOT-FOR-US: QuantaStor CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow remot ...) NOT-FOR-US: AVG CVE-2017-9976 RESERVED CVE-2017-9975 REJECTED CVE-2017-9974 REJECTED CVE-2017-9973 REJECTED CVE-2017-9972 REJECTED CVE-2017-9971 REJECTED CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's S ...) NOT-FOR-US: Schneider Electric CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...) NOT-FOR-US: Schneider Electric CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider Electric ...) NOT-FOR-US: Schneider Electric CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider Electric ...) NOT-FOR-US: Schneider Electric CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's Pe ...) NOT-FOR-US: Schneider Electric CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...) NOT-FOR-US: Schneider Electric CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco Vide ...) NOT-FOR-US: Schneider Electric CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...) NOT-FOR-US: Schneider Electric CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...) NOT-FOR-US: Schneider Electric CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX vers ...) NOT-FOR-US: Schneider Electric CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...) NOT-FOR-US: Schneider Electric CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...) NOT-FOR-US: Schneider Electric CVE-2017-9958 (An improper access control vulnerability exists in Schneider Electric' ...) NOT-FOR-US: Schneider Electric CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...) NOT-FOR-US: Schneider Electric CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's ...) NOT-FOR-US: Schneider Electric CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor (B ...) - binutils 2.29-1 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21665 CVE-2017-9954 (The getvalue function in tekhex.c in the Binary File Descriptor (BFD) ...) - binutils 2.29-1 [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670 CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a S ...) - exiv2 (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061 NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea NOTE: which introduces printIFDStructure function and later restructurated NOTE: again. Around that commit upstream source though does not build. CVE-2017-9952 RESERVED CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.3 ...) {DSA-4218-1 DLA-1033-1} - memcached 1.5.0-1 (bug #868701) NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/ NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167 CVE-2017-9950 RESERVED CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...) - radare2 1.6.0+dfsg-1 (bug #866068) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/7683 NOTE: https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191 CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...) NOT-FOR-US: Microsoft Skype CVE-2017-9947 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...) NOT-FOR-US: Siemens CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...) NOT-FOR-US: Siemens CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (Al ...) NOT-FOR-US: Siemens CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manage ...) NOT-FOR-US: Siemens CVE-2017-9943 RESERVED CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) NOT-FOR-US: Siemens CVE-2017-9941 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) NOT-FOR-US: Siemens CVE-2017-9940 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) NOT-FOR-US: Siemens CVE-2017-9939 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) NOT-FOR-US: Siemens CVE-2017-9938 (A vulnerability was discovered in Siemens SIMATIC Logon (All versions ...) NOT-FOR-US: Siemens CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ...) - jbigkit (unimportant; bug #869708) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2707 NOTE: The CVE was assigned for src:tiff by MITRE, but the issue actually lies NOTE: in jbigkit itself. CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...) {DSA-3903-1 DLA-1023-1 DLA-1022-1} - tiff 4.0.8-3 (bug #866113) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_wri ...) {DSA-4100-1 DLA-1206-1} - tiff 4.0.9-2 (bug #866109) - tiff3 [wheezy] - tiff3 (does not build vulnerable tiff2pdf) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704 NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940 CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...) NOT-FOR-US: Joomla! CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads t ...) NOT-FOR-US: Joomla! CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a defa ...) NOT-FOR-US: Green Packet CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware vers ...) NOT-FOR-US: Green Packet CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...) NOT-FOR-US: Green Packet CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #866020) [jessie] - lrzip (Minor issue) [wheezy] - lrzip (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/75 NOTE: https://github.com/ckolivas/lrzip/commit/7123f5545bc68833a7a017bfeaf5720577d00041 (v0.640) CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #866022) [jessie] - lrzip (Minor issue) [wheezy] - lrzip (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/74 NOTE: https://github.com/ckolivas/lrzip/commit/f12c4a35f971eed00b8979bda6cd5e647986ed63 (v0.640) CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - swftools (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - swftools (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - swftools (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - swftools (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9922 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9921 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9920 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9919 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9918 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9917 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9916 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) NOT-FOR-US: IrfanView CVE-2017-9915 (IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers ...) NOT-FOR-US: IrfanView CVE-2017-9914 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9913 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9912 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9911 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9910 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9909 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9908 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9907 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9906 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9905 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9904 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) NOT-FOR-US: XnView CVE-2017-9903 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9902 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9901 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9900 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9899 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9898 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9897 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9896 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9895 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9894 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9893 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9892 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9891 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9890 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9889 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9888 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9887 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9886 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9885 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9884 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9883 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9882 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9881 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9880 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9879 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9878 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9877 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9876 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9875 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9874 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in l ...) - lame 3.99.5+repack1-8 (bug #867725) [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/ NOTE: https://sourceforge.net/p/lame/bugs/482/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...) - lame 3.99.5+repack1-8 (bug #867725) [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/ NOTE: https://sourceforge.net/p/lame/bugs/483/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...) - lame 3.99.5+repack1-8 (bug #867725) [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/ NOTE: https://sourceforge.net/p/lame/bugs/481/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in libmpgdecod ...) - lame 3.99.5+repack1-8 (bug #867725) [jessie] - lame 3.99.5+repack1-7+deb8u2 NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/ NOTE: https://sourceforge.net/p/lame/bugs/475/ NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) i ...) {DLA-1525-1 DLA-1146-1} - mosquitto 1.4.14-1 (bug #865959) [stretch] - mosquitto 1.4.10-3+deb9u1 NOTE: https://github.com/eclipse/mosquitto/issues/468 NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7 CVE-2017-9867 RESERVED CVE-2017-9866 RESERVED CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54. ...) {DSA-4079-1 DLA-1074-1} - poppler 0.57.0-2 (bug #867477) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774 NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=75fff6556eaf0ef3a6fcdef2c2229d0b6d1c58d9 CVE-2017-9864 (An issue was discovered in SMA Solar Technology products. An attacker ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9863 (An issue was discovered in SMA Solar Technology products. If a user si ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9862 (An issue was discovered in SMA Solar Technology products. When signed ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9861 (An issue was discovered in SMA Solar Technology products. The SIP impl ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9860 (An issue was discovered in SMA Solar Technology products. An attacker ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9859 (An issue was discovered in SMA Solar Technology products. The inverter ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9858 (An issue was discovered in SMA Solar Technology products. By sending c ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9857 (An issue was discovered in SMA Solar Technology products. The SMAdata2 ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9856 (An issue was discovered in SMA Solar Technology products. Sniffed pass ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9855 (An issue was discovered in SMA Solar Technology products. A secondary ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9854 (An issue was discovered in SMA Solar Technology products. By sniffing ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9853 (An issue was discovered in SMA Solar Technology products. All inverter ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9852 (An Incorrect Password Management issue was discovered in SMA Solar Tec ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9851 (An issue was discovered in SMA Solar Technology products. By sending n ...) NOT-FOR-US: SMA Solar Technology products CVE-2017-9850 RESERVED CVE-2017-9849 RESERVED CVE-2017-9848 (SQL injection vulnerability in C_InfoService.asmx in WebServices in Ea ...) NOT-FOR-US: Easysite CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote ...) - libtorrent-rasterbar 1.1.4-1 (bug #865845) [stretch] - libtorrent-rasterbar (Minor issue) [jessie] - libtorrent-rasterbar (Minor issue) [wheezy] - libtorrent-rasterbar (new bdecode introduced in 1.1.0; vulnerable code not present) NOTE: https://github.com/arvidn/libtorrent/issues/2099 NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db NOTE: Pre-1.1.0 versions possibly similarly affected in lazy_bdecode.cpp CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...) NOT-FOR-US: Winmail Server CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attacke ...) NOT-FOR-US: SAP CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a deni ...) NOT-FOR-US: SAP CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with cert ...) NOT-FOR-US: SAP CVE-2017-9842 RESERVED CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...) - phpunit 5.4.6-2 (bug #866200) [stretch] - phpunit 5.4.6-2~deb9u1 [jessie] - phpunit (Issue introduced later; vulnerable code not present) [wheezy] - phpunit (Issue introduced later; vulnerable code not present) NOTE: https://github.com/sebastianbergmann/phpunit/pull/1956 NOTE: https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5 NOTE: http://phpunit.vulnbusters.com/ CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...) - dolibarr (bug #867495) CVE-2017-9839 (Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 ...) - dolibarr CVE-2017-9838 (Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scriptin ...) - dolibarr CVE-2017-9837 REJECTED CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...) - piwigo CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869907) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...) NOT-FOR-US: WatuPRO plugin for WordPress CVE-2017-9833 (/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." us ...) NOT-FOR-US: Undetermined product NOTE: /wapopen is not part of BOA, it's probably an insecure CGI NOTE: script used in some embedded product relying on BOA as webserver. NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL functi ...) {DLA-2169-1 DLA-1029-1} - libmtp 1.1.13-1 NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx f ...) {DLA-2169-1 DLA-1029-1} - libmtp 1.1.13-1 NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at CVE-2017-9830 (Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the or ...) NOT-FOR-US: Code42 CVE-2017-9829 ('/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2017-9828 ('/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVO ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2017-9827 RESERVED CVE-2017-9826 RESERVED CVE-2017-11104 (Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within th ...) {DSA-3910-1} - knot 2.5.3-1 (bug #865678) NOTE: https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html NOTE: http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf CVE-2017-9825 RESERVED CVE-2017-9824 RESERVED CVE-2017-9823 RESERVED CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cook ...) NOT-FOR-US: DotNetNuke CVE-2017-9821 (The National Payments Corporation of India BHIM application 1.3 for An ...) NOT-FOR-US: India BHIM CVE-2017-9820 (The National Payments Corporation of India BHIM application 1.3 for An ...) NOT-FOR-US: India BHIM CVE-2017-9819 (The National Payments Corporation of India BHIM application 1.3 for An ...) NOT-FOR-US: India BHIM CVE-2017-9818 (The National Payments Corporation of India BHIM application 1.3 for An ...) NOT-FOR-US: India BHIM CVE-2017-9817 RESERVED CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Moni ...) NOT-FOR-US: Paessler PRTG Network Monitor CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/t ...) - tiff 4.0.8-1 [jessie] - tiff 4.0.3-12.3+deb8u4 [wheezy] - tiff 4.0.2-6+deb7u14 - tiff3 [wheezy] - tiff3 3.9.6-11+deb7u6 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b NOTE: The issue is addressed with the same commit as for CVE-2017-9403 CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote atta ...) - cairo 1.16.0-1 (low; bug #868580) [stretch] - cairo (Minor issue) [jessie] - cairo (Minor issue) [wheezy] - cairo (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547 NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/264 NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/commit/199823938780c8e50099b627d3e9137acba7a263 (1.15.14) CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be abu ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in Kaspe ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in Kas ...) NOT-FOR-US: Kaspersky Anti-Virus CVE-2017-9809 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Inform ...) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2017-9808 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) NOT-FOR-US: OX Software GmbH OX App Suite CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attack ...) NOT-FOR-US: Redgate SQL Monitor CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 o ...) NOT-FOR-US: OpenWebif plugin for E2 CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...) - libreoffice 1:3.4.3-1 NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295 NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806 NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10 CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and ...) - libstruts1.2-java [wheezy] - libstruts1.2-java (vulnerable code not present) NOTE: https://struts.apache.org/docs/s2-052.html CVE-2017-9804 (In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an ap ...) - libstruts1.2-java [wheezy] - libstruts1.2-java (Minor issue) NOTE: DOS class vulnerability and classified as low by upstream. NOTE: https://struts.apache.org/docs/s2-050.html CVE-2017-9803 (Apache Solr's Kerberos plugin can be configured to use delegation toke ...) - lucene-solr (Introduced in 6.2) CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...) NOT-FOR-US: Apache Sling CVE-2017-9801 (When a call-site passes a subject for an email that contains line-brea ...) - commons-email (Fixed with first upload to Debian) NOTE: https://commons.apache.org/proper/commons-email/security-reports.html NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801385 NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801388 NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801389 CVE-2017-9800 (A maliciously constructed svn+ssh:// URL would cause Subversion client ...) {DSA-3932-1 DLA-1052-1} - subversion 1.9.7-1 NOTE: Fixed by: http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 NOTE: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt CVE-2017-9799 (It was found that under some situations and configurations of Apache S ...) NOT-FOR-US: Apache Storm CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from process ...) {DSA-3980-1 DLA-1102-1} - apache2 2.4.27-6 (bug #876109) NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html NOTE: https://github.com/hannob/optionsbleed NOTE: Patch: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure mode ...) NOT-FOR-US: Apache Geode CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) NOT-FOR-US: Apache Geode CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) NOT-FOR-US: Apache Geode CVE-2017-9794 (When a cluster is operating in secure mode, a user with read privilege ...) NOT-FOR-US: Apache Geode CVE-2017-9793 (The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 t ...) - libstruts1.2-java [wheezy] - libstruts1.2-java (vulnerable code not present) NOTE: https://struts.apache.org/docs/s2-051.html CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with "AL ...) NOT-FOR-US: Apache Impala CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remot ...) - libstruts1.2-java (Vulnerable code not present) NOTE: Issue is specific to Struts 2.x. CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, libproc ...) - apache-mesos (bug #760315) CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...) - apache2 (Only affected 2.4.26) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...) {DSA-3913-1 DLA-1028-1} - apache2 2.4.27-1 (bug #868467) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955 NOTE: 2.4.x: https://github.com/apache/httpd/commit/549ba6a39aa0df78a610025f74f3a06503a70f67 NOTE: trunk: https://github.com/apache/httpd/commit/c5d3719133b9e5dab0d540c5aa03b2fdabc30395 CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is p ...) - libstruts1.2-java (Vulnerable code not present) NOTE: Issue is specific to Struts 2.x. NOTE: https://struts.apache.org/docs/s2-049.html CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...) NOT-FOR-US: ProjectSend CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse h ...) NOT-FOR-US: NancyFX Nancy CVE-2017-9784 RESERVED CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...) NOT-FOR-US: ProjectSend CVE-2017-10599 RESERVED CVE-2017-10598 RESERVED CVE-2017-10597 RESERVED CVE-2017-10596 RESERVED CVE-2017-10595 RESERVED CVE-2017-10594 RESERVED CVE-2017-10593 RESERVED CVE-2017-10592 RESERVED CVE-2017-10591 RESERVED CVE-2017-10590 RESERVED CVE-2017-10589 RESERVED CVE-2017-10588 RESERVED CVE-2017-10587 RESERVED CVE-2017-10586 RESERVED CVE-2017-10585 RESERVED CVE-2017-10584 RESERVED CVE-2017-10583 RESERVED CVE-2017-10582 RESERVED CVE-2017-10581 RESERVED CVE-2017-10580 RESERVED CVE-2017-10579 RESERVED CVE-2017-10578 RESERVED CVE-2017-10577 RESERVED CVE-2017-10576 RESERVED CVE-2017-10575 RESERVED CVE-2017-10574 RESERVED CVE-2017-10573 RESERVED CVE-2017-10572 RESERVED CVE-2017-10571 RESERVED CVE-2017-10570 RESERVED CVE-2017-10569 RESERVED CVE-2017-10568 RESERVED CVE-2017-10567 RESERVED CVE-2017-10566 RESERVED CVE-2017-10565 RESERVED CVE-2017-10564 RESERVED CVE-2017-10563 RESERVED CVE-2017-10562 RESERVED CVE-2017-10561 RESERVED CVE-2017-10560 RESERVED CVE-2017-10559 RESERVED CVE-2017-10558 RESERVED CVE-2017-10557 RESERVED CVE-2017-10556 RESERVED CVE-2017-10555 RESERVED CVE-2017-10554 RESERVED CVE-2017-10553 RESERVED CVE-2017-10552 RESERVED CVE-2017-10551 RESERVED CVE-2017-10550 RESERVED CVE-2017-10549 RESERVED CVE-2017-10548 RESERVED CVE-2017-10547 RESERVED CVE-2017-10546 RESERVED CVE-2017-10545 RESERVED CVE-2017-10544 RESERVED CVE-2017-10543 RESERVED CVE-2017-10542 RESERVED CVE-2017-10541 RESERVED CVE-2017-10540 RESERVED CVE-2017-10539 RESERVED CVE-2017-10538 RESERVED CVE-2017-10537 RESERVED CVE-2017-10536 RESERVED CVE-2017-10535 RESERVED CVE-2017-10534 RESERVED CVE-2017-10533 RESERVED CVE-2017-10532 RESERVED CVE-2017-10531 RESERVED CVE-2017-10530 RESERVED CVE-2017-10529 RESERVED CVE-2017-10528 RESERVED CVE-2017-10527 RESERVED CVE-2017-10526 RESERVED CVE-2017-10525 RESERVED CVE-2017-10524 RESERVED CVE-2017-10523 RESERVED CVE-2017-10522 RESERVED CVE-2017-10521 RESERVED CVE-2017-10520 RESERVED CVE-2017-10519 RESERVED CVE-2017-10518 RESERVED CVE-2017-10517 RESERVED CVE-2017-10516 RESERVED CVE-2017-10515 RESERVED CVE-2017-10514 RESERVED CVE-2017-10513 RESERVED CVE-2017-10512 RESERVED CVE-2017-10511 RESERVED CVE-2017-10510 RESERVED CVE-2017-10509 RESERVED CVE-2017-10508 RESERVED CVE-2017-10507 RESERVED CVE-2017-10506 RESERVED CVE-2017-10505 RESERVED CVE-2017-10504 RESERVED CVE-2017-10503 RESERVED CVE-2017-10502 RESERVED CVE-2017-10501 RESERVED CVE-2017-10500 RESERVED CVE-2017-10499 RESERVED CVE-2017-10498 RESERVED CVE-2017-10497 RESERVED CVE-2017-10496 RESERVED CVE-2017-10495 RESERVED CVE-2017-10494 RESERVED CVE-2017-10493 RESERVED CVE-2017-10492 RESERVED CVE-2017-10491 RESERVED CVE-2017-10490 RESERVED CVE-2017-10489 RESERVED CVE-2017-10488 RESERVED CVE-2017-10487 RESERVED CVE-2017-10486 RESERVED CVE-2017-10485 RESERVED CVE-2017-10484 RESERVED CVE-2017-10483 RESERVED CVE-2017-10482 RESERVED CVE-2017-10481 RESERVED CVE-2017-10480 RESERVED CVE-2017-10479 RESERVED CVE-2017-10478 RESERVED CVE-2017-10477 RESERVED CVE-2017-10476 RESERVED CVE-2017-10475 RESERVED CVE-2017-10474 RESERVED CVE-2017-10473 RESERVED CVE-2017-10472 RESERVED CVE-2017-10471 RESERVED CVE-2017-10470 RESERVED CVE-2017-10469 RESERVED CVE-2017-10468 RESERVED CVE-2017-10467 RESERVED CVE-2017-10466 RESERVED CVE-2017-10465 RESERVED CVE-2017-10464 RESERVED CVE-2017-10463 RESERVED CVE-2017-10462 RESERVED CVE-2017-10461 RESERVED CVE-2017-10460 RESERVED CVE-2017-10459 RESERVED CVE-2017-10458 RESERVED CVE-2017-10457 RESERVED CVE-2017-10456 RESERVED CVE-2017-10455 RESERVED CVE-2017-10454 RESERVED CVE-2017-10453 RESERVED CVE-2017-10452 RESERVED CVE-2017-10451 RESERVED CVE-2017-10450 RESERVED CVE-2017-10449 RESERVED CVE-2017-10448 RESERVED CVE-2017-10447 RESERVED CVE-2017-10446 RESERVED CVE-2017-10445 RESERVED CVE-2017-10444 RESERVED CVE-2017-10443 RESERVED CVE-2017-10442 RESERVED CVE-2017-10441 RESERVED CVE-2017-10440 RESERVED CVE-2017-10439 RESERVED CVE-2017-10438 RESERVED CVE-2017-10437 RESERVED CVE-2017-10436 RESERVED CVE-2017-10435 RESERVED CVE-2017-10434 RESERVED CVE-2017-10433 RESERVED CVE-2017-10432 RESERVED CVE-2017-10431 RESERVED CVE-2017-10430 RESERVED CVE-2017-10429 RESERVED CVE-2017-10428 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10427 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) NOT-FOR-US: Oracle CVE-2017-10426 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-10425 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10424 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) NOT-FOR-US: MySQL Enterprise Monitor component of Oracle MySQL CVE-2017-10423 (Vulnerability in the Oracle Retail Back Office component of Oracle Ret ...) NOT-FOR-US: Oracle CVE-2017-10422 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10421 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10420 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10419 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10418 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10417 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-10416 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-10415 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-10414 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10413 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10412 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10411 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10410 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10409 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10408 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10407 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10406 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10405 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10404 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10403 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10402 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10401 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) NOT-FOR-US: Oracle CVE-2017-10400 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-10399 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) NOT-FOR-US: Oracle CVE-2017-10398 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) NOT-FOR-US: Oracle CVE-2017-10397 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) NOT-FOR-US: Oracle CVE-2017-10396 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...) NOT-FOR-US: Oracle CVE-2017-10395 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) NOT-FOR-US: Oracle CVE-2017-10394 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10393 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-10392 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.30-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10391 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-10390 RESERVED CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10387 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-4002-1 DSA-3944-1 DLA-1141-1} - mariadb-10.2 (bug #884065) - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10383 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10382 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-4002-1 DSA-3944-1 DLA-1141-1} - mariadb-10.2 (bug #884065) - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.29-1 - mariadb-10.0 - mysql-5.7 (Fixed before initial release to Debian, upstream 5.7.12) - mysql-5.5 (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL NOTE: https://jira.mariadb.org/browse/MDEV-13819 NOTE: https://github.com/MariaDB/server/commit/b000e169562697aa072600695d4f0c0412f94f4f CVE-2017-10377 RESERVED CVE-2017-10376 RESERVED CVE-2017-10375 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10374 RESERVED CVE-2017-10373 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10372 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10371 RESERVED CVE-2017-10370 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10369 (Vulnerability in the Oracle Virtual Directory component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2017-10368 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...) NOT-FOR-US: Oracle CVE-2017-10367 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.2 (bug #884065) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10364 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10363 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10362 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10361 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) NOT-FOR-US: Oracle CVE-2017-10360 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2017-10359 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) NOT-FOR-US: Oracle CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10354 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10353 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10352 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10344 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10343 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10342 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10341 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10340 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10339 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10338 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10337 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10336 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10335 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2017-10334 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10333 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2017-10332 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10331 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-10330 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-10329 (Vulnerability in the Oracle Global Order Promising component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10328 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-10327 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10326 (Vulnerability in the Oracle Common Applications Calendar component of ...) NOT-FOR-US: Oracle CVE-2017-10325 (Vulnerability in the Oracle Common Applications Calendar component of ...) NOT-FOR-US: Oracle CVE-2017-10324 (Vulnerability in the Oracle Applications Technology Stack component of ...) NOT-FOR-US: Oracle CVE-2017-10323 (Vulnerability in the Oracle Web Applications Desktop Integrator compon ...) NOT-FOR-US: Oracle CVE-2017-10322 (Vulnerability in the Oracle Common Applications Calendar component of ...) NOT-FOR-US: Oracle CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.2 (bug #884065) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10319 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10318 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10317 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10316 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10315 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2017-10314 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10312 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) NOT-FOR-US: Oracle CVE-2017-10311 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10310 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) NOT-FOR-US: Oracle CVE-2017-10309 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-9 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2017-10308 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10307 RESERVED CVE-2017-10306 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...) NOT-FOR-US: Oracle CVE-2017-10305 RESERVED CVE-2017-10304 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...) NOT-FOR-US: Oracle CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence component ...) NOT-FOR-US: Oracle CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10298 RESERVED CVE-2017-10297 RESERVED CVE-2017-10296 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10294 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Seems to be specific to Oracle Java) - openjdk-7 (Seems to be specific to Oracle Java) - openjdk-6 (Seems to be specific to Oracle Java) CVE-2017-10292 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2017-10291 RESERVED CVE-2017-10290 RESERVED CVE-2017-10289 RESERVED CVE-2017-10288 RESERVED CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1} - mariadb-10.2 (bug #884065) - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10284 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10280 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10279 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) NOT-FOR-US: Oracle CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) - mysql-connector-net (bug #883923) [stretch] - mysql-connector-net (Minor issue) [jessie] - mysql-connector-net (Minor issue) [wheezy] - mysql-connector-net (Minor issue) CVE-2017-10276 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Oracle CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4048-1 DSA-4015-1 DLA-1187-1} - openjdk-9 9.0.1+11-1 - openjdk-8 8u151-b12-1 [experimental] - openjdk-7 7u151-2.6.11-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) NOT-FOR-US: Oracle CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of Or ...) NOT-FOR-US: Oracle CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) NOT-FOR-US: Oracle CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.29-1 - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (bug #878402) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) NOT-FOR-US: Oracle CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) NOT-FOR-US: Oracle CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) NOT-FOR-US: Oracle CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) NOT-FOR-US: Oracle CVE-2017-10259 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10256 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10255 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10254 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: PeopleSoft CVE-2017-10253 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: PeopleSoft CVE-2017-10252 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: PeopleSoft CVE-2017-10251 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: PeopleSoft CVE-2017-10250 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: PeopleSoft CVE-2017-10249 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: PeopleSoft CVE-2017-10248 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10247 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10246 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-10245 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10242 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10241 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10240 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10239 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10238 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10237 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10236 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10235 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10234 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...) NOT-FOR-US: Oracle CVE-2017-10233 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10232 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) NOT-FOR-US: Oracle CVE-2017-10231 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...) NOT-FOR-US: Oracle CVE-2017-10230 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) NOT-FOR-US: Oracle CVE-2017-10229 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) NOT-FOR-US: Oracle CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) NOT-FOR-US: Oracle CVE-2017-10227 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10226 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) NOT-FOR-US: Oracle CVE-2017-10225 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10224 (Vulnerability in the Oracle Hospitality Inventory Management component ...) NOT-FOR-US: Oracle CVE-2017-10223 (Vulnerability in the Oracle Hospitality Materials Control component of ...) NOT-FOR-US: Oracle CVE-2017-10222 (Vulnerability in the Oracle Hospitality Materials Control component of ...) NOT-FOR-US: Oracle CVE-2017-10221 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10220 (Vulnerability in the Hospitality Property Interfaces component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10219 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10218 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10217 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10216 (Vulnerability in the Hospitality Property Interfaces component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10215 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: PeopleSoft CVE-2017-10214 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) NOT-FOR-US: Oracle CVE-2017-10213 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) NOT-FOR-US: Oracle CVE-2017-10212 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) NOT-FOR-US: Oracle CVE-2017-10211 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) NOT-FOR-US: Oracle CVE-2017-10210 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10209 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10208 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) NOT-FOR-US: Oracle CVE-2017-10207 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10206 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10205 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10204 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10203 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) - mysql-connector-net (bug #883923) [stretch] - mysql-connector-net (Minor issue) [jessie] - mysql-connector-net (Minor issue) [wheezy] - mysql-connector-net (Minor issue) CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) NOT-FOR-US: Oracle CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) NOT-FOR-US: Oracle CVE-2017-10200 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) NOT-FOR-US: Oracle CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...) NOT-FOR-US: Oracle CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10197 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10194 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) NOT-FOR-US: Oracle CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10192 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2017-10190 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) NOT-FOR-US: Oracle CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2017-10187 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10186 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10185 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10184 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2017-10183 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) NOT-FOR-US: Oracle CVE-2017-10182 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-10181 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-10180 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10179 (Vulnerability in the Application Management Pack for Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-10178 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 CVE-2017-10175 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-10174 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-10173 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) NOT-FOR-US: Oracle CVE-2017-10172 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) NOT-FOR-US: Oracle CVE-2017-10171 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-10170 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2017-10169 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2017-10167 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10166 (Vulnerability in the Oracle Security Service component of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2017-10165 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10164 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-10163 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) NOT-FOR-US: Oracle CVE-2017-10162 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-10161 (Vulnerability in the Oracle Engineering Data Management component of O ...) NOT-FOR-US: Oracle CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Primavera CVE-2017-10159 (Vulnerability in the Oracle Communications Policy Management component ...) NOT-FOR-US: Oracle CVE-2017-10158 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10155 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #878398) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL CVE-2017-10154 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10153 (Vulnerability in the Oracle Communications WebRTC Session Controller c ...) NOT-FOR-US: Oracle CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) NOT-FOR-US: Primavera CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) NOT-FOR-US: Primavera CVE-2017-10148 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10147 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10146 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10145 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Oracle CVE-2017-10144 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-10143 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10142 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3 ...) {DLA-1137-1 DLA-1136-1 DLA-1135-1} - db5.3 5.3.28-13.1 (bug #872436) [stretch] - db5.3 5.3.28-12+deb9u1 [jessie] - db5.3 5.3.28-9+deb8u1 - db5.2 - db5.1 - db4.8 - db4.7 - db4.6 - db4.5 - db4.4 - db4.3 - db4.2 - db4.1 - db4.0 - db [jessie] - db 5.1.29-9+deb8u1 NOTE: https://www.openwall.com/lists/oss-security/2017/08/12/1 NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9 CVE-2017-10139 RESERVED CVE-2017-10138 RESERVED CVE-2017-10137 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) NOT-FOR-US: Oracle CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 NOTE: OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27 CVE-2017-10134 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-10133 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2017-10132 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2017-10131 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-10130 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10129 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-10128 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) NOT-FOR-US: Oracle CVE-2017-10127 RESERVED CVE-2017-10126 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10125 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2017-10124 RESERVED CVE-2017-10123 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10122 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10121 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10120 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4005-1} - openjfx 8u141-b14-1 (low; bug #870860) CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-10111 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3919-1} - openjdk-8 8u141-b15-1 CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10106 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10105 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2017-10104 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10099 (Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10095 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10094 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10093 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10092 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...) NOT-FOR-US: Oracle CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4005-1} - openjfx 8u141-b14-1 (low; bug #870860) CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10083 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10080 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10079 (Vulnerability in the Oracle Hospitality Suites Management component of ...) NOT-FOR-US: Oracle CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-3919-1} - openjdk-8 8u141-b15-1 CVE-2017-10077 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue M ...) NOT-FOR-US: Oracle CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10073 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10072 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10071 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) NOT-FOR-US: Oracle CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10066 (Vulnerability in the Oracle Applications Technology Stack component of ...) NOT-FOR-US: Oracle CVE-2017-10065 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) NOT-FOR-US: Oracle CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10062 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10060 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) NOT-FOR-US: Oracle CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) NOT-FOR-US: Oracle CVE-2017-10057 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) NOT-FOR-US: Oracle CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2017-10055 (Vulnerability in the Oracle iPlanet Web Server component of Oracle Fus ...) NOT-FOR-US: Oracle CVE-2017-10054 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) NOT-FOR-US: Oracle CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3954-1 DSA-3919-1 DLA-1073-1} - openjdk-8 8u141-b15-1 [experimental] - openjdk-7 7u151-2.6.11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10051 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10050 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (s ...) NOT-FOR-US: Oracle CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10047 (Vulnerability in the MICROS BellaVita component of Oracle Hospitality ...) NOT-FOR-US: Oracle CVE-2017-10046 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-10045 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10044 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-10043 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10042 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10041 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10040 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2017-10039 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-10037 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10034 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2017-10033 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of Ora ...) NOT-FOR-US: Oracle CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of Or ...) NOT-FOR-US: Oracle CVE-2017-10030 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10029 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10028 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10026 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) NOT-FOR-US: Oracle CVE-2017-10023 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10022 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10021 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10020 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10019 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10018 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-10017 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10016 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Oracle CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-10014 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Oracle CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10011 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10010 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10009 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10008 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10007 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10006 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10005 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-10004 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10003 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2017-10002 (Vulnerability in the Oracle Hospitality Inventory Management component ...) NOT-FOR-US: Oracle CVE-2017-10001 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...) NOT-FOR-US: Oracle CVE-2017-10000 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service (he ...) - jasper [jessie] - jasper (Minor issue) [wheezy] - jasper (Minor issue) NOTE: https://github.com/mdadams/jasper/issues/140 CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) [experimental] - check-mk 1.4.0p9-1 - check-mk (bug #865497) [wheezy] - check-mk (Minor issue) NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=4757 NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1 CVE-2017-9779 (OCaml compiler allows attackers to have unspecified impact via unknown ...) - ocaml 4.05.0-9 (bug #874700) [stretch] - ocaml (Minor issue) [jessie] - ocaml (Minor issue) [wheezy] - ocaml (Minor issue) NOTE: https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html NOTE: https://caml.inria.fr/mantis/view.php?id=7557 NOTE: Make sure any potential advisories are clear that any created suid NOTE: binaries using ocaml must be re-created once ocaml has been updated. CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, a ...) {DLA-1014-1 DLA-1003-1} - unrar-nonfree 1:5.5.5-1 (bug #865461) [stretch] - unrar-nonfree 1:5.3.2-1+deb9u1 [jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1 - libclamunrar 0.99-4 (bug #867223) [stretch] - libclamunrar 0.99-3+deb9u1 [jessie] - libclamunrar 0.99-0+deb8u3 NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd CVE-2017-9778 (GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ...) - gdb 8.3.1-1 (unimportant; bug #865607) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21600 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=723adb650a31859d7cc45832cb8adca0206455ed CVE-2017-9777 RESERVED CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...) {DSA-4079-2 DSA-4079-1 DLA-1074-1} - poppler 0.57.0-2 (bug #865679) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13 CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0 ...) {DSA-4079-1 DLA-1074-1} - poppler 0.57.0-2 (bug #865680) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...) {DSA-4276-1 DLA-1395-1} - php-horde-image 2.5.1-1 (bug #865505) NOTE: https://lists.horde.org/archives/announce/2017/001234.html NOTE: https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13 NOTE: Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1 CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a craf ...) {DSA-4276-1} - php-horde-image 2.5.1-1 (bug #865504) [jessie] - php-horde-image (Only Horde_Image above 2.3.0 affected) NOTE: https://lists.horde.org/archives/announce/2017/001234.html NOTE: https://github.com/horde/horde/commit/2b8a6fe1a5fc0fc662178145f853c65956985538 CVE-2017-9772 (Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4. ...) - ocaml (Only affects 4.04.0 and 4.04.1) NOTE: https://caml.inria.fr/mantis/view.php?id=7557 CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ex ...) NOT-FOR-US: WebsiteBaker CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...) NOT-FOR-US: Razer Synapse CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...) NOT-FOR-US: Razer Synapse CVE-2017-9768 RESERVED CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShel ...) NOT-FOR-US: Quali CloudShell CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allow ...) {DLA-1634-1} - wireshark 2.4.0-1 (low; bug #870175) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000 CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2 ...) {DLA-1036-1} - gsoap 2.8.48-1 [stretch] - gsoap 2.8.35-4+deb9u1 [jessie] - gsoap 2.8.17-1+deb8u1 - r-other-x4r 1.0.1+git20150806.c6bd9bd-2 NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017) NOTE: SuSE patch: https://bugzilla.suse.com/attachment.cgi?id=733005 CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remo ...) NOT-FOR-US: MetInfo CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ma ...) {DSA-3895-1} - flatpak 0.8.7-1 (bug #865413) NOTE: https://github.com/flatpak/flatpak/issues/845 CVE-2017-10923 (Xen through 4.8.x does not validate a vCPU array index upon the sendin ...) - xen 4.8.1-1+deb9u3 [stretch] - xen 4.8.1-1+deb9u3 [jessie] - xen (Vulnerable code not present) [wheezy] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-225.html CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region gr ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficien ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_devic ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-224.html CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...) - xen 4.8.1-1+deb9u3 [stretch] - xen 4.8.1-1+deb9u3 [jessie] - xen (No backport available, limited to arm) [wheezy] - xen (arm not supported) NOTE: https://xenbits.xen.org/xsa/advisory-223.html CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-222.html CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event c ...) {DSA-3969-1} - xen 4.8.1-1+deb9u3 [wheezy] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-221.html CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...) - xen 4.8.1-1+deb9u3 [stretch] - xen 4.8.1-1+deb9u3 [jessie] - xen (Vulnerable code not present) [wheezy] - xen (Vulnerable code not present) NOTE: https://xenbits.xen.org/xsa/advisory-220.html CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page referen ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-219.html CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition lead ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping in ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-218.html CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS user ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 NOTE: https://xenbits.xen.org/xsa/advisory-217.html CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in t ...) {DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1497-1 DLA-1099-1} - linux 4.11.11-1 - qemu 1:2.8+dfsg-7 (bug #869706) [wheezy] - qemu (Wheezy's xen uses an embedded qemu copy) - qemu-kvm [wheezy] - qemu-kvm (Wheezy's xen uses an embedded qemu copy) NOTE: https://xenbits.xen.org/xsa/advisory-216.html CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...) {DLA-998-1} - c-ares 1.12.0-4 (bug #865360) [stretch] - c-ares 1.12.0-1+deb9u1 [jessie] - c-ares 1.10.0-2+deb8u2 NOTE: https://c-ares.haxx.se/adv_20170620.html NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...) - grub2 2.02~beta2-8 (unimportant) - radare2 1.6.0+dfsg-1 (bug #869423) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd NOTE: https://github.com/radare/radare2/issues/7723 NOTE: Not a security issue for Grub CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...) - radare2 1.6.0+dfsg-1 (low; bug #869426) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/7726 NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ...) - radare2 1.6.0+dfsg-1 (low; bug #869428) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c NOTE: https://github.com/radare/radare2/issues/7727 CVE-2017-9760 RESERVED CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the fi ...) NOT-FOR-US: Zenbership CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ce ...) NOT-FOR-US: Savitech driver packages for Windows CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi vi ...) NOT-FOR-US: IPFire CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack re ...) NOT-FOR-US: NetBSD CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that ...) NOT-FOR-US: NetBSD CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an atta ...) NOT-FOR-US: OpenBSD CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...) NOT-FOR-US: OpenBSD CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...) {DSA-3886-1 DLA-993-1} - linux 4.11.6-1 [stretch] - linux 4.9.30-2+deb9u1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and envir ...) {DSA-3945-1 DSA-3927-1 DLA-1099-1} - linux 4.11.11-1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted LD_LIBRAR ...) {DSA-3887-1 DLA-992-1} - glibc 2.24-12 - eglibc NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000369 (Exim supports the use of multiple "-p" command line arguments which ar ...) {DSA-3888-1 DLA-1001-1} - exim4 4.89-3 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a vulnerabil ...) {DSA-3981-1} - linux 4.11.11-1 [wheezy] - linux (Memory layout is different) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a vulnerabil ...) {DSA-3981-1} - linux 4.11.11-1 [wheezy] - linux (Memory layout is different) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily ...) {DSA-3889-1 DLA-997-1} - libffi 3.2.1-4 NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d NOTE: and additionally cf. #751907 for the configure flag. NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...) NOT-FOR-US: GRSecurity/PAX Linux specific assignment CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21595 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 CVE-2017-9755 (opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number o ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21594 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d96e4df4812c3bad77c229dfef47a9bc115ac12 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8cac017d35ef374e65acc98818a17cf8a652cbd0 CVE-2017-9754 (The process_otr function in bfd/versados.c in the Binary File Descript ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac CVE-2017-9753 (The versados_mkobject function in bfd/versados.c in the Binary File De ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac CVE-2017-9752 (bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbf ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21589 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c53d2e6d744da000aaafe0237bced090aab62818 CVE-2017-9751 (opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21588 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63323b5b23bd83fa7b04ea00dff593c933e9b0e3 CVE-2017-9750 (opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for cer ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21587 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db5fa770268baf8cc82cf9b141d69799fd485fe2 CVE-2017-9749 (The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow rem ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21586 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c7881b814c546efc3996fd1decdf0877f7a779 CVE-2017-9748 (The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21582 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63634bb4a107877dd08b6282e28e11cfd1a1649e CVE-2017-9747 (The ieee_archive_p function in bfd/ieee.c in the Binary File Descripto ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21581 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=62b76e4b6e0b4cb5b3e0053d1de4097b32577049 CVE-2017-9746 (The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allow ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21580 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ae87f7e73eba29bd38b3a9684a10b948ed715612 CVE-2017-9745 (The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21579 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=76800cba595efc3fe95a446c2d664e42ae4ee869 CVE-2017-9744 (The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binar ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21578 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f461bbd847f15657f3dd2f317c30c75a7520da1f CVE-2017-9743 (The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Bin ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21577 CVE-2017-9742 (The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.2 ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21576 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...) NOT-FOR-US: ProjectSend CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghos ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869910) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) CVE-2017-9738 RESERVED CVE-2017-9737 RESERVED CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...) {DSA-3890-1} - spip 3.1.4-3 (bug #864921) [jessie] - spip (Vulnerable code not present) [wheezy] - spip (Vulnerable code not present) NOTE: https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta NOTE: https://core.spip.net/projects/spip/repository/revisions/23593 NOTE: https://core.spip.net/projects/spip/repository/revisions/23594 CVE-2017-9734 RESERVED CVE-2017-9733 RESERVED CVE-2017-9732 (The read_packet function in knc (Kerberised NetCat) before 1.11-1 is v ...) NOT-FOR-US: knc (Kerberised NetCat) CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yo ...) NOT-FOR-US: Poky for Yocto Project CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and ...) NOT-FOR-US: nuevoMailer CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...) - uclibc (unimportant) NOTE: http://openwall.com/lists/oss-security/2017/06/16/4 CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ...) - uclibc (unimportant) NOTE: http://openwall.com/lists/oss-security/2017/06/16/4 CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscrip ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869913) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869915) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...) {DLA-2661-1 DLA-1021-1 DLA-1020-1} - jetty9 9.2.22-1 (bug #864898) - jetty8 [jessie] - jetty8 (Minor issue) - jetty [jessie] - jetty (Minor issue) NOTE: https://github.com/eclipse/jetty.project/issues/1556 NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02 NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58 NOTE: https://github.com/eclipse/jetty.project/commit/2baa1abe4b1c380a30deacca1ed367466a1a62ea CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the Linu ...) - linux 4.3.1-1 NOTE: Fixed by: https://git.kernel.org/linus/67a2e213e7e937c41c52ab5bc46bf3f4de469f6e (4.3-rc7) CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS fo ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android boot loader (aboot) CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: qbt1000 driver in Android CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9713 RESERVED CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9711 RESERVED CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9707 RESERVED CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9699 RESERVED CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9695 RESERVED CVE-2017-9694 (While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID ...) NOT-FOR-US: Google drivers for Android CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_cha ...) NOT-FOR-US: Google drivers for Android CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL outpu ...) NOT-FOR-US: Google drivers for Android CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9688 REJECTED CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9681 (In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD ...) NOT-FOR-US: Google drivers for Android CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Google drivers for Android CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Google drivers for Android CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9677 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9676 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows a ...) NOT-FOR-US: D-Link DIR-605L devices CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ind ...) NOT-FOR-US: SimpleCE CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an adm ...) NOT-FOR-US: SimpleCE CVE-2017-9672 RESERVED CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...) NOT-FOR-US: apk (Alpine's package manager) CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...) - gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901) [stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1 [jessie] - gnuplot (Vulnerable code introduced later) [wheezy] - gnuplot (Vulnerable code introduced later) - gnuplot5 (unimportant; bug #864903) [jessie] - gnuplot5 (Vulnerable code introduced later) NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/ NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1044638#c5 NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6 NOTE: Crash in a CLI tool, no security impact CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...) NOT-FOR-US: apk (Alpine's package manager) CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user gro ...) NOT-FOR-US: CMS Made Simple CVE-2017-9667 RESERVED CVE-2017-9666 RESERVED CVE-2017-9665 RESERVED CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, a ...) NOT-FOR-US: ABB CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...) NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...) NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...) NOT-FOR-US: SIMPlight SCADA Software CVE-2017-9660 (A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch ...) NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Mo ...) NOT-FOR-US: Fuji Electric Monitouch V-SFT CVE-2017-9658 (Certain 802.11 network management messages have been determined to inv ...) NOT-FOR-US: Philips IntelliVue MX40 CVE-2017-9657 (Under specific 802.11 network conditions, a partial re-association of ...) NOT-FOR-US: Philips IntelliVue MX40 CVE-2017-9656 (The backend database of the Philips DoseWise Portal application versio ...) NOT-FOR-US: Philips DoseWise Portal CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator f ...) NOT-FOR-US: OSIsoft CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 a ...) NOT-FOR-US: Philips DoseWise Portal CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI Integrato ...) NOT-FOR-US: OSIsoft CVE-2017-9652 RESERVED CVE-2017-9651 RESERVED CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovere ...) NOT-FOR-US: Automated Logic Corporation (ALC) CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion T ...) NOT-FOR-US: Mirion CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...) NOT-FOR-US: Solar Controls WATTConfig M Software CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...) NOT-FOR-US: Continental AG Infineon S-Gold CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...) NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader) CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in Mirion Techn ...) NOT-FOR-US: Mirion CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated L ...) NOT-FOR-US: Automated Logic Corporation (ALC) CVE-2017-9643 RESERVED CVE-2017-9642 RESERVED CVE-2017-9641 (PI Coresight 2016 R2 contains a cross-site request forgery vulnerabili ...) NOT-FOR-US: PI Coresight CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ( ...) NOT-FOR-US: Automated Logic Corporation (ALC) CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...) NOT-FOR-US: Fuji Electric V-Server CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sectio ...) NOT-FOR-US: Mitsubishi E-Designer CVE-2017-9637 (Schneider Electric Ampla MES 6.4 provides capability to interact with ...) NOT-FOR-US: Schneider Electric CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five code secti ...) NOT-FOR-US: Mitsubishi E-Designer CVE-2017-9635 (Schneider Electric Ampla MES 6.4 provides capability to configure user ...) NOT-FOR-US: Schneider Electric CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sectio ...) NOT-FOR-US: Mitsubishi E-Designer CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) NOT-FOR-US: Continental AG Infineon S-Gold 2 CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ Man ...) NOT-FOR-US: PDQ Manufacturing LaserWash CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...) NOT-FOR-US: Schneider Electric CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing L ...) NOT-FOR-US: PDQ Manufacturing LaserWash CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider Electr ...) NOT-FOR-US: Schneider Electric CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Controls ...) NOT-FOR-US: Saia Burgess Controls CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...) NOT-FOR-US: Schneider Electric CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform do not ...) NOT-FOR-US: Marel Food Processing Systems Pluto platform CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS Ul ...) NOT-FOR-US: Envitech EnviDAS Ultimate CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) NOT-FOR-US: Telaxus/EPESI CVE-2017-9623 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) NOT-FOR-US: Telaxus/EPESI CVE-2017-9622 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) NOT-FOR-US: Telaxus/EPESI CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administ ...) NOT-FOR-US: Telaxus/EPESI CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghos ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870174) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=82fc557bed30b1aa69ca43a4291b64a9ce54c78a CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870173) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=620f69a74b18908e3424920c7bb01cb5e4cbd8b1 CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier all ...) NOT-FOR-US: Cognito Software Moneyworks CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 al ...) NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167 CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...) NOT-FOR-US: SAP SuccessFactors CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869916) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) {DSA-3986-1 DLA-1048-1} [experimental] - ghostscript 9.22~~rc1~dfsg-1 - ghostscript 9.22~dfsg-1 (bug #869917) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: The Debian binary package is not affected xps/ not used NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...) NOT-FOR-US: Blackcat CMS CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...) {DSA-3957-1} - ffmpeg 7:3.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2017/08/14/1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89 CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...) NOT-FOR-US: ARM Trusted Firmware CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local ...) NOT-FOR-US: Infotecs ViPNet Client and Coordinator CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) - kdepim 4:16.04.3-4 (bug #864804) [stretch] - kdepim 4:16.04.3-4~deb9u1 [jessie] - kdepim 4:4.14.1-1+deb8u1 [wheezy] - kdepim (sendlater issue is not present in kdepim-4.4.11.1+l10n) - kf5-messagelib 4:16.04.3-3 (bug #864803) [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1 NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the conte ...) - linux 4.11.6-1 [stretch] - linux 4.9.30-2+deb9u1 [jessie] - linux 3.16.43-2+deb8u1 NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an attac ...) NOT-FOR-US: NetBSD CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW ...) {DSA-3945-1 DSA-3927-1} - linux 4.11.6-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/06/13/2 NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5) CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordP ...) NOT-FOR-US: WP Jobs plugin for WordPress CVE-2017-9602 (KBVault Mysql Free Knowledge Base application package 0.16a comes with ...) NOT-FOR-US: KBVault Mysql Free Knowledge Base application CVE-2017-9601 (The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 ...) NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app CVE-2017-9600 (The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples ...) NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app befo ...) NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app CVE-2017-9598 (The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3. ...) NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app CVE-2017-9597 (The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank ...) NOT-FOR-US: "Blue Ridge Bank and Trust Co. Mobile Banking" app CVE-2017-9596 (The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- ...) NOT-FOR-US: "CFB Mobile Banking" by Citizens First Bank Wisconsin app CVE-2017-9595 (The "First State Bank of Bigfork Mobile Banking" by First State Bank o ...) NOT-FOR-US: "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app CVE-2017-9594 (The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka s ...) NOT-FOR-US: "SVB Mobile" by Sauk Valley Bank Mobile Banking app CVE-2017-9593 (The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina- ...) NOT-FOR-US: "Oculina Mobile Banking" by Oculina Bank app CVE-2017-9592 (The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy F ...) NOT-FOR-US: "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app CVE-2017-9591 (The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id4 ...) NOT-FOR-US: "PCB Mobile" by Phelps County Bank app CVE-2017-9590 (The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo ...) NOT-FOR-US: "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app CVE-2017-9589 (The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank a ...) NOT-FOR-US: "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app CVE-2017-9588 (The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani- ...) NOT-FOR-US: "Oritani Mobile Banking" by Oritani Bank app CVE-2017-9587 (The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/ ...) NOT-FOR-US: "PCSB BANK Mobile" by PCSB Bank app CVE-2017-9586 (The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 - ...) NOT-FOR-US: "FSBY Mobile Banking" by First State Bank of Yoakum TX app CVE-2017-9585 (The "Community State Bank - Lamar Mobile Banking" by Community State B ...) NOT-FOR-US: "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app CVE-2017-9584 (The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka h ...) NOT-FOR-US: "HBO Mobile Banking" by Heritage Bank of Ozarks app CVE-2017-9583 (The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka ...) NOT-FOR-US: "Charlevoix State Bank" by Charlevoix State Bank app CVE-2017-9582 (The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-m ...) NOT-FOR-US: "BNB Mobile Banking" by Brady National Bank app CVE-2017-9581 (The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app ...) NOT-FOR-US: "Algonquin State Bank Mobile Banking" by Algonquin State Bank app CVE-2017-9580 (The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST ap ...) NOT-FOR-US: "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app CVE-2017-9579 (The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- ak ...) NOT-FOR-US: "JMCU Mobile Banking" by Joplin Metro Credit Union app CVE-2017-9578 (The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/ ...) NOT-FOR-US: "RVCB Mobile" by RVCB Mobile Banking app CVE-2017-9577 (The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) a ...) NOT-FOR-US: "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app CVE-2017-9576 (The "Middleton Community Bank Mobile Banking" by Middleton Community B ...) NOT-FOR-US: "Middleton Community Bank Mobile Banking" by Middleton Community Bank app CVE-2017-9575 (The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1. ...) NOT-FOR-US: "FVB Mobile Banking" by First Volunteer Bank of Tennessee app CVE-2017-9574 (The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app ...) NOT-FOR-US: "KC Area Credit Union Mobile Banking" by K C Area Credit Union app CVE-2017-9573 (The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app ...) NOT-FOR-US: North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app CVE-2017-9572 (The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS doe ...) NOT-FOR-US: athens-state-bank-mobile-banking/id719748589 app CVE-2017-9571 (The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3. ...) NOT-FOR-US: Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app CVE-2017-9570 (The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for i ...) NOT-FOR-US: mount-vernon-bank-trust-mobile-banking/id542706679 app CVE-2017-9569 (The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS do ...) NOT-FOR-US: Citizens Bank (TX) cbtx-on-the-go/id892396102 app CVE-2017-9568 (The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does n ...) NOT-FOR-US: financial-plus-mobile-banking/id731070564 app CVE-2017-9567 (The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not ver ...) NOT-FOR-US: avb-bank-mobile-banking/id592565443 app CVE-2017-9566 (The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not ...) NOT-FOR-US: fsb-dequeen-mobile-banking/id1091025340 app CVE-2017-9565 (The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iO ...) NOT-FOR-US: first-security-bank-sleepy-eye-mobile/id870531890 app CVE-2017-9564 (The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verif ...) NOT-FOR-US: community-banks-cb2go/id445828071 app CVE-2017-9563 (The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS d ...) NOT-FOR-US: First Citizens Community Bank fccb/id809930960 app CVE-2017-9562 (The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 ...) NOT-FOR-US: Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app CVE-2017-9561 (The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does n ...) NOT-FOR-US: Lee Bank & Trust lbtc-mobile/id1068984753 app CVE-2017-9560 (The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not ...) NOT-FOR-US: cayuga-lake-national-bank/id1151601539 app CVE-2017-9559 (The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not v ...) NOT-FOR-US: MEA Financial vision-bank/id420406345 app CVE-2017-9558 (The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS ...) NOT-FOR-US: wawa-employees-credit-union-mobile/id1158082793 app CVE-2017-9557 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...) NOT-FOR-US: EFS Software Easy Chat Server CVE-2017-9556 (Cross-site scripting (XSS) vulnerability in Video Metadata Editor in S ...) NOT-FOR-US: Synology Video Station CVE-2017-9555 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...) NOT-FOR-US: Synology Photo Station CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ( ...) NOT-FOR-US: Synology DiskStation Manager CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 thr ...) NOT-FOR-US: Synology Photo Station CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...) {DSA-3966-1 DLA-1421-1} - ruby2.3 2.3.3-1+deb9u1 (bug #864860) - ruby2.1 - ruby1.9.1 [wheezy] - ruby1.9.1 (Minor issue, Net::SMTP users should validate data they send too) - ruby1.8 [wheezy] - ruby1.8 (Minor issue, Net::SMTP users should validate data they send too) NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215 CVE-2017-9551 (Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before ...) - mahara CVE-2017-9550 RESERVED CVE-2017-9549 RESERVED CVE-2017-9548 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...) NOT-FOR-US: BigTree CMS CVE-2017-9547 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...) NOT-FOR-US: BigTree CMS CVE-2017-9546 (admin.php in BigTree through 4.2.18 allows remote authenticated users ...) NOT-FOR-US: BigTree CMS CVE-2017-9545 (The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ...) - mpg123 1.25.4-1 (low; bug #870799) [stretch] - mpg123 (Minor issue) [jessie] - mpg123 (Minor issue) [wheezy] - mpg123 (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Jul/65 CVE-2017-9544 (There is a remote stack-based buffer overflow (SEH) in register.ghp in ...) NOT-FOR-US: EFS Software Easy Chat Server CVE-2017-9543 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...) NOT-FOR-US: EFS Software Easy Chat Server CVE-2017-9542 (D-Link DIR-615 Wireless N 300 Router allows authentication bypass via ...) NOT-FOR-US: D-Link CVE-2017-9541 RESERVED CVE-2017-9540 RESERVED CVE-2017-9539 RESERVED CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds Network Pe ...) NOT-FOR-US: SolarWinds Network Performance Monitor CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function of Sola ...) NOT-FOR-US: SolarWinds Network Performance Monitor CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9534 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9533 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9532 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9531 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) NOT-FOR-US: IrfanView CVE-2017-9530 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) NOT-FOR-US: IrfanView CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) NOT-FOR-US: XnView CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...) {DLA-2996-1} [experimental] - mruby 1.2.0+20170601+git51e0e690-1 - mruby 1.3.0-1 (low; bug #865778) [jessie] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/3486 NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99 CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session ke ...) {DSA-3880-1} - libgcrypt20 1.7.6-2 - libgcrypt11 (Curve Ed25519 signing and verification introduced in 1.6.0) NOTE: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b NOTE: 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56 NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6 NOTE: and following refactorings. CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ...) {DSA-3925-1} - qemu 1:2.8+dfsg-7 (bug #865755) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...) {DLA-2801-1 DLA-1723-1} - cron 3.0pl1-129 (bug #864466) [wheezy] - cron (Minor issue) - systemd-cron 1.5.17-2 (bug #993731) [bullseye] - systemd-cron (Minor issue) [buster] - systemd-cron (Minor issue) [stretch] - systemd-cron (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3 CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...) NOT-FOR-US: Sophos CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the defau ...) NOT-FOR-US: Time Warner firmware on Technicolor TC8717T devices CVE-2017-9521 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 all ...) - radare2 1.6.0+dfsg-1 (low; bug #864533) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 NOTE: https://github.com/radare/radare2/issues/7698 CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user ...) NOT-FOR-US: atmail CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMT ...) NOT-FOR-US: atmail CVE-2017-9517 (atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and imp ...) NOT-FOR-US: atmail CVE-2017-9516 (Craft CMS before 2.6.2982 allows for a potential XSS attack vector by ...) NOT-FOR-US: Craft CMS CVE-2017-9515 RESERVED CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...) NOT-FOR-US: Atlassian Bamboo CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...) NOT-FOR-US: Atlassian Activity Streams CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...) NOT-FOR-US: Atlassian CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...) NOT-FOR-US: Atlassian CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...) NOT-FOR-US: Atlassian CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...) NOT-FOR-US: Atlassian CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...) NOT-FOR-US: Atlassian CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 be ...) NOT-FOR-US: Atlassian CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...) NOT-FOR-US: Atlassian Confluence CVE-2017-9504 REJECTED CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...) {DLA-2288-1 DLA-1497-1} - qemu 1:2.10.0-1 (low; bug #865754) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=87e459a810d7b1ec1638085b5a80ea3d9b43119a NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=b356807fcdfc45583c437f761fc579ab2a8eab11 NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=36c327a69d723571f02a7691631667cdb1865ee1 NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=5104fac8539eaf155fc6de93e164be43e1e62242 NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=24c0c77af515acbf0f9705e8096f33ef24d37430 NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=134550bf81a026e18cf58b81e2c2cceaf516f92e NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=660174fc1b346803b3f1d7c260e2a36329b66435 CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol f ...) - curl (Windows only) CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...) {DSA-3914-1 DLA-1081-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721) NOTE: https://github.com/ImageMagick/ImageMagick/issues/491 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74 CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the func ...) {DSA-4019-1 DLA-1785-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778) NOTE: https://github.com/ImageMagick/ImageMagick/issues/500 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79 CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...) - imagemagick (Vulnerable code introduced later, only affects ImageMagick 7.x) NOTE: https://github.com/ImageMagick/ImageMagick/issues/492 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44 CVE-2017-9498 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9497 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9496 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9495 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9494 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9493 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9492 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9491 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9490 (The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SI ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9489 (The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9488 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9487 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9486 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9485 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9484 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9483 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9482 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9481 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9480 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9479 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9478 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9477 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9476 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) NOT-FOR-US: Comcast firmware on various devices CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to sp ...) NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remot ...) - libytnef 1.9.3-1 (low; bug #870192) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/40 NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/ CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...) - libytnef 1.9.3-1 (low; bug #870197) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/42 NOTE: https?//github.com/Yeraze/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0 NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/ CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote at ...) - libytnef 1.9.3-1 (low; bug #870193) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/41 NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/ CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote att ...) - libytnef 1.9.3-1 (low; bug #870194) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/39 NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/ CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote at ...) - libytnef 1.9.3-1 (low; bug #870196) [stretch] - libytnef (Minor issue) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/37 NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/ CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC f ...) {DSA-3885-1 DLA-1088-1} - irssi 1.0.3-1 (bug #864400) NOTE: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65 NOTE: https://irssi.org/security/irssi_sa_2017_06.txt CVE-2017-9468 (In Irssi before 1.0.3, when receiving a DCC message without source nic ...) {DSA-3885-1 DLA-1088-1} - irssi 1.0.3-1 (bug #864400) NOTE: https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586 NOTE: https://irssi.org/security/irssi_sa_2017_06.txt CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect external ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before TL-WR841N( ...) NOT-FOR-US: TP-Link CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...) - yara 3.6.2+dfsg-1 (low; bug #864517) [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: https://github.com/VirusTotal/yara/issues/678 NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661 CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably p ...) - piwigo CVE-2017-9463 (The application Piwigo is affected by a SQL injection vulnerability in ...) - piwigo CVE-2017-9460 RESERVED CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web interfa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect internal ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform capsule s ...) NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware CVE-2017-9456 RESERVED CVE-2017-9455 RESERVED CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded are ...) - resiprocate 1:1.11.0~beta4-1 (unimportant) NOTE: https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the NOTE: system library. CVE-2017-9453 (BMC Server Automation before 8.9.01 patch 1 allows Process Spawner com ...) NOT-FOR-US: BMC Server Automation CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...) - piwigo CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in fla ...) NOT-FOR-US: flatCore CMS CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ( ...) NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...) NOT-FOR-US: BigTree CMS CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2. ...) NOT-FOR-US: BigTree CMS CVE-2017-9462 (In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ...) {DLA-1414-1 DLA-1005-1} - mercurial 4.3.1-1 (bug #861243) [stretch] - mercurial 4.0-1+deb9u1 NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of ser ...) {DLA-1754-1} - samba 2:4.5.6+dfsg-1 (bug #864291) [wheezy] - samba (Minor, non reproducible issue) NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572 CVE-2017-9447 (In the web interface of Parallels Remote Application Server (RAS) 15.5 ...) NOT-FOR-US: Parallels Remote Application Server CVE-2017-9446 RESERVED CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in syst ...) - systemd 233-10 (bug #866147) [stretch] - systemd 232-25+deb9u1 [jessie] - systemd (Vulnerable code not present) [wheezy] - systemd (Vulnerable code not present) NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37 NOTE: https://www.openwall.com/lists/oss-security/2017/06/27/8 CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\ ...) NOT-FOR-US: BigTree CMS CVE-2017-9443 (BigTree CMS through 4.2.18 allows remote authenticated users to conduc ...) NOT-FOR-US: BigTree CMS CVE-2017-9442 (BigTree CMS through 4.2.18 allows remote authenticated users to execut ...) NOT-FOR-US: BigTree CMS CVE-2017-9441 (Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS thr ...) NOT-FOR-US: BigTree CMS CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPS ...) {DSA-3914-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/462 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPD ...) {DSA-3914-1 DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274) NOTE: https://github.com/ImageMagick/ImageMagick/issues/460 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718 CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...) - yara 3.6.1+dfsg-1 (low; bug #864518) [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: https://github.com/VirusTotal/yara/issues/674 NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7 CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This vulner ...) NOT-FOR-US: Openbravo Business Suite CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.que ...) - teampass (bug #730180) CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user ...) - dolibarr 5.0.4+dfsg3-1 (bug #864569) NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04 CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read v ...) - libcrypto++ 5.6.4-7 (bug #864214) [jessie] - libcrypto++ (Minor issue) [wheezy] - libcrypto++ (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/414 NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an out-of-bo ...) {DSA-3875-1} - libmwaw 0.3.9-2 (bug #864366) NOTE: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/ CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has an out ...) - libstaroffice 0.0.3-3 (bug #864207) CVE-2017-9431 (Google gRPC before 2017-04-05 has an out-of-bounds write caused by a h ...) - grpc 1.3.2-0.1 (bug #864210) NOTE: https://github.com/grpc/grpc/pull/10492 NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064 CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...) - dnstracer (unimportant) NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace. NOTE: One scenario would be to have a web application that launches dnstracer NOTE: with user supplied name strings to evaluate. CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for WordPre ...) NOT-FOR-US: Event List plugin for WordPress CVE-2017-9428 (A directory traversal vulnerability exists in core\admin\ajax\develope ...) NOT-FOR-US: BigTree CMS CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...) NOT-FOR-US: BigTree CMS CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection ...) NOT-FOR-US: Piwigo extension CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name paramet ...) NOT-FOR-US: Piwigo extension CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attacker ...) NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET CVE-2017-9423 RESERVED CVE-2017-9422 REJECTED CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks before 2017 ...) NOT-FOR-US: Accellion kiteworks CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) NOT-FOR-US: Spiffy Calendar plugin for WordPress CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fi ...) NOT-FOR-US: Webhammer WP Custom Fields Search plugin for WordPress CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for Wo ...) NOT-FOR-US: WP-Testimonials plugin for WordPress CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitra ...) {DLA-1573-1} - firmware-nonfree 20180518-1 (bug #869639) [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) [wheezy] - firmware-nonfree (non-free not supported) NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603 NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2 CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/17394 CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...) NOT-FOR-US: Subsonic CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...) NOT-FOR-US: Subsonic CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Podc ...) NOT-FOR-US: Subsonic CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...) NOT-FOR-US: Jamroom CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99. ...) - lame 3.99.5+repack1-7 [wheezy] - lame 3.99.5+repack1-3+deb7u1 NOTE: Fixed by the improved 0001-Add-check-for-invalid-input-sample-rate.patch in NOTE: 3.99.5+repack1-7, https://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/debian/patches?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09 NOTE: http://seclists.org/fulldisclosure/2017/Jul/63 NOTE: https://sourceforge.net/p/lame/bugs/463/ NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago@gentoo CVE-2017-9411 REJECTED CVE-2017-9410 REJECTED CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows atta ...) {DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864090) [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/458 CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...) {DSA-4079-1} - poppler 0.57.0-2 (low; bug #864009) [wheezy] - poppler (Vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b21b041f7948680c03109f0c404400a9dbc4544c CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows at ...) {DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864089) [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/459 CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...) {DSA-4079-1} - poppler 0.57.0-2 (low; bug #864010) [wheezy] - poppler (Vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4 CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allow ...) {DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864087) [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/457 CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...) {DLA-984-1 DLA-983-1} - tiff 4.0.8-1 [jessie] - tiff 4.0.3-12.3+deb8u4 - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b NOTE: Possibly sensible to add the other memory leaks fixes in OJPEGReadHeaderInfoSecTables NOTE: method from tif_ojpeg.c, i.e.: NOTE: https://github.com/vadz/libtiff/commit/e9bd1b06fe25219cf0873fca70e46f01843fd9f4 NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1 NOTE: Reproducing the issue itself is "covered" after fixing https://github.com/vadz/libtiff/commit/5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 NOTE: To verify 2ea32f7372b65c24b2816f11c04bf59b5090d05b fixes the issue build src:tiff NOTE: with ASAN with 5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 reverted. Before the NOTE: 2ea32f7372b65c24b2816f11c04bf59b5090d05b commit the Direct leak of 73 byte NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688 NOTE: is shown. CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...) {DLA-984-1 DLA-983-1} - tiff 4.0.8-1 [jessie] - tiff 4.0.3-12.3+deb8u4 - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b CVE-2017-9402 RESERVED CVE-2017-9401 RESERVED CVE-2017-9400 RESERVED CVE-2017-9399 RESERVED CVE-2017-9398 RESERVED CVE-2017-9397 RESERVED CVE-2017-9396 RESERVED CVE-2017-9395 RESERVED CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Governance ...) NOT-FOR-US: CA Identity Governance CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote a ...) NOT-FOR-US: CA Identity Manager CVE-2017-9392 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9391 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera devices CVE-2017-9389 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera devices CVE-2017-9387 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9386 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9385 (An issue was discovered on Vera Veralite 1.7.481 devices. The device h ...) NOT-FOR-US: Vera CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera devices CVE-2017-9383 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9382 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) NOT-FOR-US: Vera devices CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...) NOT-FOR-US: OpenEMR CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear p ...) NOT-FOR-US: BigTree CMS CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...) NOT-FOR-US: BigTree CMS CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit devic ...) NOT-FOR-US: Barco ClickShare Base Unit device CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file inclus ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ...) {DSA-3991-1 DLA-1927-1} - qemu 1:2.10.0-1 (bug #864219) [wheezy] - qemu (vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (vulnerable code not present) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emu ...) {DSA-3920-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #864568) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0 CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emu ...) {DSA-3920-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #864216) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04 CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in th ...) NOT-FOR-US: BlackBerry CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces S ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces Serve ...) NOT-FOR-US: BlackBerry Workspaces Server CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS ...) NOT-FOR-US: Telaxus EPESI CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...) NOT-FOR-US: BigTree CMS CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an a ...) NOT-FOR-US: BigTree CMS CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...) NOT-FOR-US: Soffid IAM console CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML injection at ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/detail ...) NOT-FOR-US: WebsiteBaker CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/det ...) NOT-FOR-US: WebsiteBaker CVE-2017-9357 RESERVED CVE-2017-9356 (Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability ...) NOT-FOR-US: Sitecore.NET CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...) - asterisk 1:13.14.1~dfsg-2 (bug #863906) [jessie] - asterisk (11.x series not affected) [wheezy] - asterisk (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source 1 ...) {DSA-3933-1} - pjproject 2.5.5~dfsg-6 (bug #863902) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939 CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x be ...) {DSA-3933-1} - pjproject 2.5.5~dfsg-6 (bug #863901) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...) NOT-FOR-US: Subsonic CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector co ...) - wireshark 2.2.7-1 (bug #864058) [jessie] - wireshark (vulnerable code introduced later) [wheezy] - wireshark (vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5debcf56eda16064c10f4e22b3db326c8b53406b CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Only affects 2.2.x) [wheezy] - wireshark (Only affects 2.2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8d7690a59059821e2a2a84ac8d925aa5e70b7ba CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector co ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-24.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609 CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissec ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6431695049116176361ce4691dfd3c77ab19858 NOTE: When fixing this entry make sure to apply the complete fix and adding NOTE: the related commits from the CVE-2017-11411. Otherwise those releases NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix. CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector h ...) {DLA-1729-1} - wireshark 2.2.7-1 (low; bug #864058) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685 CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...) - wireshark 2.2.7-1 (bug #864058) [jessie] - wireshark (Only affects 2.2.x) [wheezy] - wireshark (Only affects 2.2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-23.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608 CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...) - wireshark 2.2.7-1 (bug #864058) [stretch] - wireshark (Minor issue) [jessie] - wireshark (Only affects 2.2.x) [wheezy] - wireshark (Only affects 2.2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissecto ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7eab596c0824e6fa20aad6932bcd2fdb94b86edf CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector cou ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6408d6a8e842148f677a9f9413776ebaa150bb0 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP d ...) {DLA-1729-1} - wireshark 2.2.7-1 (low; bug #864058) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701 CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector m ...) - wireshark 2.2.7-1 (low; bug #864058) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7c39a77e8b6ed204d7c1ec9afd712ef30ac2db26 CVE-2017-9342 RESERVED CVE-2017-9341 RESERVED CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin t ...) - owncloud CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of ...) - owncloud CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...) - owncloud CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XS ...) NOT-FOR-US: WordPress plugin CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2017-9335 RESERVED CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...) NOT-FOR-US: OpenWebif CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...) NOT-FOR-US: PivotX CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored C ...) NOT-FOR-US: Telaxus EPESI CVE-2017-9329 RESERVED CVE-2017-9328 (Shell metacharacter injection vulnerability in /usr/www/include/ajax/G ...) NOT-FOR-US: TerraMaster TOS CVE-2017-9327 (Secret data of processes managed by CM is not secured by file permissi ...) NOT-FOR-US: Cloudera CVE-2017-9326 (The keystore password for the Spark History Server may be exposed in u ...) NOT-FOR-US: Cloudera CVE-2017-9325 (The provided secure solrconfig.xml sample configuration does not enfor ...) NOT-FOR-US: Cloudera CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length" procedure results in ...) - chicken 4.12.0-0.2 (low; bug #863884) [stretch] - chicken (Minor issue) [jessie] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI E ...) {DSA-3920-1 DLA-1497-1} - qemu 1:2.8+dfsg-7 (bug #863943) [wheezy] - qemu (Vulnerable code no present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code no present) NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d CVE-2017-9324 (In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through ...) {DSA-3876-1} - otrs2 5.0.20-1 (bug #864319) [stretch] - otrs2 5.0.16-1+deb9u1 [wheezy] - otrs2 (does not affect version 3.1.7) NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3 CVE-2017-9323 REJECTED CVE-2017-9322 REJECTED CVE-2017-9321 REJECTED CVE-2017-9320 RESERVED CVE-2017-9319 RESERVED CVE-2017-9318 RESERVED CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. Att ...) NOT-FOR-US: Dahua CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in Dahu ...) NOT-FOR-US: Dahua CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device inf ...) NOT-FOR-US: Dahua CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52X ...) NOT-FOR-US: Dahua NVR CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...) - webmin CVE-2017-9312 (Improperly implemented option-field processing in the TCP/IP stack on ...) NOT-FOR-US: Allen-Bradley CVE-2017-9311 RESERVED CVE-2017-9309 RESERVED CVE-2017-9308 RESERVED CVE-2017-9307 (SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remo ...) NOT-FOR-US: Allen Disk CVE-2017-9306 (inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to ...) NOT-FOR-US: sysPass CVE-2017-9305 (lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 all ...) - tikiwiki CVE-2017-9304 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...) - yara 3.6.1+dfsg-1 (bug #863842) [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: https://github.com/VirusTotal/yara/issues/674 NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699 CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running Fle ...) NOT-FOR-US: FlexNet Publisher CVE-2016-10394 RESERVED NOT-FOR-US: Android Qualcomm closed-source components CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Android Qualcomm closed-source components CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9095 REJECTED CVE-2015-9094 REJECTED CVE-2015-9093 REJECTED CVE-2015-9092 REJECTED CVE-2015-9091 REJECTED CVE-2015-9090 REJECTED CVE-2015-9089 REJECTED CVE-2015-9088 REJECTED CVE-2015-9087 REJECTED CVE-2015-9086 REJECTED CVE-2015-9085 REJECTED CVE-2015-9084 REJECTED CVE-2015-9083 REJECTED CVE-2015-9082 REJECTED CVE-2015-9081 REJECTED CVE-2015-9080 REJECTED CVE-2015-9079 REJECTED CVE-2015-9078 REJECTED CVE-2015-9077 REJECTED CVE-2015-9076 REJECTED CVE-2015-9075 REJECTED CVE-2015-9074 REJECTED CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...) - glibc 2.19-14 - eglibc [wheezy] - eglibc (Vulnerable code not present) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f CVE-2014-9982 REJECTED CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to ...) {DSA-3981-1 DLA-1099-1} - linux 4.11.6-1 NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5) NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5) CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an in ...) {DLA-1011-1} - sudo 1.8.20p1-1.1 (bug #863897) [buster] - sudo 1.8.19p1-2.1 [stretch] - sudo 1.8.19p1-2.1 [jessie] - sudo 1.8.10p3-1+deb8u5 NOTE: https://www.openwall.com/lists/oss-security/2017/06/02/7 NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...) {DSA-3867-1 DLA-970-1} - sudo 1.8.20p1-1 (bug #863731) [buster] - sudo 1.8.19p1-2 [stretch] - sudo 1.8.19p1-2 NOTE: https://www.sudo.ws/alerts/linux_tty.html NOTE: https://www.openwall.com/lists/oss-security/2017/05/30/16 NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ...) {DSA-3920-1} - qemu 1:2.8+dfsg-7 (bug #863840) [jessie] - qemu (Vulnerable code not present; e1000e introduced in 2.7.0-rc0) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77 CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...) - php-laravel-framework (Fixed before initial upload to Debian) CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: RealPlayer CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...) - vlc 2.2.5.1-1 [wheezy] - vlc (Not supported in wheezy LTS) CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 al ...) {DSA-4045-1} - vlc 2.2.6-3 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3 CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=Age ...) NOTE: This report for OTRS is quite vague/unclear and upstream can NOTE: not track the issue down to a specific fixed release claims though that NOTE: it should not be reproducible with versions later than 3.3.17. CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before 8. ...) NOT-FOR-US: Hitacho Device Manager CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...) NOT-FOR-US: Hitacho Device Manager CVE-2017-9296 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...) NOT-FOR-US: Hitacho Device Manager CVE-2017-9295 (XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitach ...) NOT-FOR-US: Hitacho Device Manager CVE-2017-9294 (RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows rem ...) NOT-FOR-US: Hitacho Device Manager CVE-2017-9293 RESERVED CVE-2017-9292 (Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug ...) NOT-FOR-US: Lansweeper CVE-2017-9291 RESERVED CVE-2017-9290 RESERVED CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in no ...) NOT-FOR-US: Bram Korsten Note CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...) NOT-FOR-US: WordPress plugin CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsa ...) NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions whe ...) NOT-FOR-US: NetIQ eDirectory CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive in ...) NOT-FOR-US: IDM CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus Vi ...) NOT-FOR-US: Micro Focus VisiBroker CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...) NOT-FOR-US: Micro Focus VisiBroker CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an out-of-bounds rea ...) NOT-FOR-US: Micro Focus VisiBroker CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity Manager 4.5.6 ...) NOT-FOR-US: NetIQ Identity Manager CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files with dou ...) NOT-FOR-US: NetIQ Identity Manager CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS l ...) NOT-FOR-US: NetIQ Identity Manager CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to ...) NOT-FOR-US: Novell eDirectory CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate parameter ...) NOT-FOR-US: Novell Access Manager iManager CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...) NOT-FOR-US: NetIQ Identity Reporting CVE-2017-9274 (A shell command injection in the obs-service-source_validator before 0 ...) - osc 0.162.1-1 (bug #887391) [stretch] - osc (Minor issue) [jessie] - osc (Minor issue) [wheezy] - osc (Minor issue) NOTE: Details in https://bugzilla.suse.com/show_bug.cgi?id=938556 NOTE: SUSE adressed the issue not only in the obs-service-source_validator NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.: NOTE: https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1 CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...) NOT-FOR-US: IDM CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...) NOT-FOR-US: IDM CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...) - libzypp 17.25.5-2 (low; bug #988152) [buster] - libzypp (Minor issue) [jessie] - libzypp (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625 NOTE: https://github.com/openSUSE/libzypp/commit/c693f46ca9bf18dda9b4b56f78e069e26b5b03ff (17.25.3) CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC reque ...) NOT-FOR-US: SuSE cryptctl CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories we ...) - libzypp 17.3.1-1 (bug #899065) [jessie] - libzypp (Minor issue) CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...) - open-build-service 2.9.4-1 (low) [stretch] - open-build-service (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519 NOTE: https://github.com/openSUSE/open-build-service/pull/3267 NOTE: https://github.com/openSUSE/open-build-service/pull/3269 NOTE: https://github.com/openSUSE/open-build-service/commit/b43efe6be46387b16c0b27cf8ee7b9ca53f905ef CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...) NOT-FOR-US: Novell eDirectory CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...) NOT-FOR-US: Joomla addon CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...) NOT-FOR-US: e107 CVE-2017-9266 RESERVED CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsin ...) [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662) [jessie] - openvswitch (Vulnerable code not present) [wheezy] - openvswitch (Vulnerable code not present) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html NOTE: OpenFlow 1.5 support still incomplete CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...) [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661) [jessie] - openvswitch (Vulnerable code not present; connection tracking support introduced in 2.6.0) [wheezy] - openvswitch (Vulnerable code not present; connection tracking support introduced in 2.6.0) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html NOTE: Userspace data path not enabled in Debian packaging CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status mes ...) [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655) [jessie] - openvswitch (No controllers implemented, cf. #863655) [wheezy] - openvswitch (No controllers implemented, cf. #863655) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html NOTE: Controllers shipped in Debian not vulnerable, see #863655 CVE-2017-9262 (In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c ...) {DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863834) [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/475 NOTE: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8 CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c ...) {DLA-1000-1} - imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863833) [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 NOTE: https://github.com/ImageMagick/ImageMagick/issues/476 NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199 CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_opti ...) - soundtouch 1.9.2-3 (low; bug #870857) [stretch] - soundtouch 1.9.2-2+deb9u1 [jessie] - soundtouch 1.8.0-1+deb8u1 [wheezy] - soundtouch (Minor issue) CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TD ...) - soundtouch 1.9.2-3 (low; bug #870856) [stretch] - soundtouch 1.9.2-2+deb9u1 [jessie] - soundtouch 1.8.0-1+deb8u1 [wheezy] - soundtouch (Minor issue) CVE-2017-9258 (The TDStretch::processSamples function in source/SoundTouch/TDStretch. ...) - soundtouch 1.9.2-3 (low; bug #870854) [stretch] - soundtouch 1.9.2-2+deb9u1 [jessie] - soundtouch 1.8.0-1+deb8u1 [wheezy] - soundtouch (Minor issue) CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switc ...) - openvswitch 2.6.1+git20161123-1 [jessie] - openvswitch (Vulnerable code using tot_len introduced later) [wheezy] - openvswitch (Vulnerable code using tot_len introduced later) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...) {DSA-3868-1 DLA-972-1} - openldap 2.4.44+dfsg-5 (bug #863563) NOTE: http://www.openldap.org/its/?findid=8655 NOTE: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e CVE-2017-9252 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...) NOT-FOR-US: FineCMS CVE-2017-9251 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...) NOT-FOR-US: FineCMS CVE-2017-9250 (The lexer_process_char_literal function in jerry-core/parser/js/js-lex ...) NOT-FOR-US: jerryscript CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remo ...) NOT-FOR-US: Allen Disk CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2 ...) NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2017-9247 (Multiple unquoted service path vulnerabilities in Sierra Wireless Wind ...) NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...) NOT-FOR-US: New Relic .NET Agent CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allow ...) NOT-FOR-US: Google News and Weather application for Android CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before 4.0. ...) NOT-FOR-US: Trello CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...) NOT-FOR-US: Aries QWR-1104 Wireless-N Router CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...) {DLA-2259-1 DLA-974-1} - picocom 1.7-2 (bug #863671) NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux k ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a CVE-2017-9241 RESERVED CVE-2017-9240 RESERVED CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote ...) {DSA-3943-1 DLA-967-1} - gajim 0.16.6-1.1 (bug #863445) NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc NOTE: https://dev.gajim.org/gajim/gajim/issues/8378 CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...) {DLA-2194-1 DLA-976-1} - yodl 3.07.01-1 NOTE: https://github.com/fbb-git/yodl/issues/1 NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3 CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...) {DLA-963-1} - exiv2 0.25-3.1 (bug #863410) [jessie] - exiv2 (Minor issue) NOTE: http://dev.exiv2.org/issues/1296 NOTE: fix: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8 CVE-2017-9238 RESERVED CVE-2017-9237 RESERVED CVE-2017-9236 RESERVED CVE-2017-9235 RESERVED CVE-2017-9234 RESERVED CVE-2017-9233 (XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...) {DSA-3898-1 DLA-990-1} - expat 2.2.1-1 NOTE: https://libexpat.github.io/doc/cve-2017-9233/ NOTE: https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a ...) - juju CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...) NOT-FOR-US: Citrix CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...) NOT-FOR-US: Bitcoin Proof-of-Work algorithm CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) {DLA-958-1} - libonig 6.1.3-2 (bug #863318) [jessie] - libonig 5.9.5-3.2+deb8u1 NOTE: https://github.com/kkos/oniguruma/issues/59 NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) {DLA-958-1} - libonig 6.1.3-2 (bug #863316) [jessie] - libonig 5.9.5-3.2+deb8u1 NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b NOTE: https://github.com/kkos/oniguruma/issues/60 CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) {DLA-958-1} - libonig 6.1.3-2 (bug #863315) [jessie] - libonig 5.9.5-3.2+deb8u1 NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 NOTE: https://github.com/kkos/oniguruma/issues/58 CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) {DLA-958-1} - libonig 6.1.3-2 (bug #863314) [jessie] - libonig 5.9.5-3.2+deb8u1 NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a NOTE: https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6 NOTE: https://github.com/kkos/oniguruma/issues/55 CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) - libonig 6.1.3-2 (bug #863313) [jessie] - libonig (Vulnerable code introduced later) [wheezy] - libonig (Vulnerable code introduced later) NOTE: https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f NOTE: https://github.com/kkos/oniguruma/issues/56 CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) {DLA-958-1} - libonig 6.1.3-2 (bug #863312) [jessie] - libonig 5.9.5-3.2+deb8u1 NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b NOTE: https://github.com/kkos/oniguruma/issues/57 CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...) {DLA-1077-1} - faad2 2.8.1-1 (low; bug #867724) [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 [jessie] - faad2 2.7-8+deb8u1 CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...) [experimental] - systemd 233-8 - systemd 232-24 (bug #863277) [jessie] - systemd (vulnerable code introduced later) [wheezy] - systemd (vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/pull/5998 CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscri ...) {DLA-2796-1} - jbig2dec 0.13-5 (bug #863279) [jessie] - jbig2dec (Minor issue) [wheezy] - jbig2dec (Minor issue, can be fixed in a future update) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 CVE-2017-9215 RESERVED CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) {DLA-2571-1} [experimental] - openvswitch 2.8.1+dfsg1-1 - openvswitch 2.8.1+dfsg1-2 (bug #863228) [jessie] - openvswitch (Vulnerable code not present) [wheezy] - openvswitch (Vulnerable code not present) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html CVE-2017-9213 RESERVED CVE-2017-9212 (The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the ...) NOT-FOR-US: Bluetooth stack on the BMW 330i 2011 CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linu ...) - linux 4.9.30-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9 CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be rep ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) - autotrace [wheezy] - autotrace (Not supported in wheezy LTS) CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel bef ...) - linux 4.9.30-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07 CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #863390) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 NOTE: https://github.com/qpdf/qpdf/issues/101 CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #863390) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 NOTE: https://github.com/qpdf/qpdf/issues/100 CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) [experimental] - qpdf 7.0~b1-1 - qpdf 7.0.0-1 (low; bug #863390) [stretch] - qpdf (Minor issue) [jessie] - qpdf (Minor issue) [wheezy] - qpdf (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 NOTE: https://github.com/qpdf/qpdf/issues/99 CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...) NOT-FOR-US: ImageWorsener CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...) NOT-FOR-US: ImageWorsener CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...) NOT-FOR-US: ImageWorsener CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...) NOT-FOR-US: ImageWorsener CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allo ...) NOT-FOR-US: ImageWorsener CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allow ...) NOT-FOR-US: ImageWorsener CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allow ...) NOT-FOR-US: ImageWorsener CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before ...) {DLA-977-1} - freeradius 3.0.12+dfsg-5 (bug #863673) [jessie] - freeradius (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13) NOTE: https://www.openwall.com/lists/oss-security/2017/05/29/1 NOTE: http://freeradius.org/security.html#session-resumption-2017 NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563 CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ti ...) {DLA-984-1 DLA-983-1} - tiff 4.0.8-2 (bug #863185) [jessie] - tiff 4.0.3-12.3+deb8u4 - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693 CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through ...) - libytnef 1.9.3-1 (bug #862707) [stretch] - libytnef (Minor issue, can be fixed via a point update) [jessie] - libytnef (Minor issue, can be fixed via a point update) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/47 NOTE: https://github.com/Yeraze/ytnef/commit/c576639e7e6bd9c7de0a288b9f94590d34ac9215 CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not p ...) - tikiwiki CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a cras ...) {DSA-4040-1 DLA-1081-1} - imagemagick 8:6.9.7.4+dfsg-12 (bug #868469) [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/502 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373 NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23 CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash becaus ...) {DSA-3863-1 DLA-1081-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-9 (bug #863126) NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198 CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-9 (bug #863125) NOTE: https://github.com/ImageMagick/ImageMagick/issues/490 NOTE: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-9 (bug #863124) NOTE: https://github.com/ImageMagick/ImageMagick/issues/489 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allo ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-9 (bug #863123) NOTE: https://github.com/ImageMagick/ImageMagick/issues/456 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4 CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebFo ...) NOT-FOR-US: Telerik CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers (FH1202/F ...) NOT-FOR-US: Tenda CVE-2017-9138 (There is a debug-interface vulnerability on some Tenda routers (FH1202 ...) NOT-FOR-US: Tenda CVE-2017-9137 (Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default pas ...) NOT-FOR-US: Ceragon FibeAir CVE-2017-9136 (An issue was discovered on Mimosa Client Radios before 2.2.3. In the d ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9135 (An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimos ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9134 (An information-leakage issue was discovered on Mimosa Client Radios be ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9133 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9132 (A hard-coded credentials issue was discovered on Mimosa Client Radios ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9131 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...) NOT-FOR-US: Mimosa Client Radios CVE-2017-9130 (The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio ...) - faac 1.29+git20170704-1 (bug #865909) [stretch] - faac (Non-free not supported) [jessie] - faac (Non-free not supported) NOTE: https://www.exploit-db.com/exploits/42207/ CVE-2017-9129 (The wav_open_read function in frontend/input.c in Freeware Advanced Au ...) - faac 1.29+git20170704-1 (bug #865909) [stretch] - faac (Non-free not supported) [jessie] - faac (Non-free not supported) NOTE: https://www.exploit-db.com/exploits/42207/ CVE-2017-9128 (The quicktime_video_width function in lqt_quicktime.c in libquicktime ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9127 (The quicktime_user_atoms_read_atom function in useratoms.c in libquick ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9126 (The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9125 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9124 (The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9123 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allow ...) {DLA-1042-1} - libquicktime 2:1.2.4-11 (low; bug #864664) [stretch] - libquicktime 2:1.2.4-10+deb9u1 [jessie] - libquicktime (Minor issue) CVE-2017-9121 RESERVED CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...) - php7.2 (unimportant) - php7.1 (unimportant) - php7.0 (unimportant) - php5 (Not reproducible, vulnerable code not present.) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 NOTE: Not treated as a security issue by upstream CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...) - php7.1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593 NOTE: Only triggerable by malicious script CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...) - php7.2 (unimportant) - php7.1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Check for Jessie again as soon as more information are available. NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 NOTE: Not treated as a security issue by upstream CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying t ...) - tiff (unimportant) - tiff3 (Does not ship libtiff-tools) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690 NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2 CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (bug #873885) [jessie] - openexr (Minor issue) [wheezy] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr (ImfFastHuf.cpp / DWA compressor introduced v2.2) [wheezy] - openexr (ImfFastHuf.cpp / DWA compressor introduced v2.2) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (low; bug #873885) [jessie] - openexr (Minor issue) [wheezy] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (bug #873885) [jessie] - openexr (Minor issue) [wheezy] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...) {DLA-2358-1 DLA-1083-1} - openexr 2.2.0-11.1 (bug #864078) [jessie] - openexr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868 NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90 NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13 NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47 NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...) - adns 1.6.0-2 (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2 NOTE: Stub resolver that should only be used with trusted recursors CVE-2017-9102 RESERVED CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows re ...) NOT-FOR-US: PlaySMS CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash c ...) - jasypt 1.9.2-1 [jessie] - jasypt (Minor issue) [wheezy] - jasypt (Minor issue) NOTE: https://sourceforge.net/p/jasypt/code/668/ CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote ...) NOT-FOR-US: D-Link CVE-2017-9099 RESERVED CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninit ...) {DSA-3863-1 DLA-1456-1 DLA-960-1 DLA-953-1} - imagemagick 8:6.9.7.4+dfsg-9 (bug #862967) - graphicsmagick 1.3.24-1 NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b NOTE: GraphicsMagick fix: http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through ...) NOT-FOR-US: Anti-Web CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not dis ...) NOT-FOR-US: iText CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files th ...) NOT-FOR-US: Diving Log CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...) NOT-FOR-US: ImageWorsener CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsene ...) NOT-FOR-US: ImageWorsener CVE-2017-9092 RESERVED CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION[' ...) NOT-FOR-US: Allen Disk CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha'][ ...) NOT-FOR-US: Allen Disk CVE-2017-9089 RESERVED CVE-2017-9088 RESERVED CVE-2017-9087 RESERVED CVE-2017-9086 RESERVED CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6. ...) NOT-FOR-US: Kodak InSite CVE-2017-9084 RESERVED CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL point ...) - poppler (unimportant; bug #863016) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101084 NOTE: Does not use JPX decoder but openjpeg; affected only source wise CVE-2017-9082 RESERVED CVE-2017-9081 RESERVED CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...) NOT-FOR-US: PlaySMS CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...) {DSA-3859-1 DLA-948-1} - dropbear 2016.74-5 (bug #862970) NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/0d889b068123 CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...) {DSA-3859-1} - dropbear 2016.74-5 (bug #862970) [wheezy] - dropbear (Vulnerable code not present) NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/c8114a48837c CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through 4.11 ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1 CVE-2017-9073 REJECTED CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. Calend ...) NOT-FOR-US: CalendarXP CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger ...) NOT-FOR-US: MODX Revolution CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit permissions ...) NOT-FOR-US: MODX Revolution CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload permissions i ...) NOT-FOR-US: MODX Revolution CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger Reflec ...) NOT-FOR-US: MODX Revolution CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker i ...) NOT-FOR-US: MODX Revolution CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in hw/display/virti ...) - qemu 1:2.10.0-1 (unimportant) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is NOTE: still present. NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows loc ...) - linux 4.9.30-1 [jessie] - linux (Introduced in 4.9) [wheezy] - linux (Introduced in 4.9) CVE-2017-9057 RESERVED CVE-2017-9056 RESERVED CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf 2017- ...) - dwarfutils 20170416-2 (bug #864064) [stretch] - dwarfutils 20161124-1+deb9u1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001 CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf 2017- ...) - dwarfutils 20170416-2 (bug #864064) [stretch] - dwarfutils 20161124-1+deb9u1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002 CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf 2017- ...) - dwarfutils 20170416-2 (bug #864064) [stretch] - dwarfutils 20161124-1+deb9u1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005 CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf 2017- ...) - dwarfutils 20170416-2 (bug #864064) [stretch] - dwarfutils 20161124-1+deb9u1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006 CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to NU ...) - libav (low) [jessie] - libav (Tested with the original reproducer, 0.11 branch not vulnerable) [wheezy] - libav (Tested with the original reproducer, 0.8 branch not vulnerable) - ffmpeg 7:2.6.1-1 (low) NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3 NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039 CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...) {DSA-3952-1 DLA-1008-1} - libxml2 2.9.4+dfsg1-3.1 (bug #863018) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public) NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e26630548e7d138d2c560844c43820b6767251e3 CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...) {DSA-3952-1 DLA-1008-1} - libxml2 2.9.4+dfsg1-3.1 (bug #863019) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public) NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e26630548e7d138d2c560844c43820b6767251e3 CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...) {DSA-3952-1 DLA-1008-1} - libxml2 2.9.4+dfsg1-3.1 (bug #863021) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public) NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab41475d4aa429c27d9afd175959d74 CVE-2017-9047 (A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...) {DSA-3952-1 DLA-1008-1} - libxml2 2.9.4+dfsg1-3.1 (bug #863022) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public) NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab41475d4aa429c27d9afd175959d74 CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code e ...) NOT-FOR-US: Pegasus Mail CVE-2017-9045 (The Google I/O 2017 application before 5.1.4 for Android downloads mul ...) NOT-FOR-US: Google I/O 2017 application CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU Binu ...) - binutils 2.29-1 (low) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large f ...) - binutils 2.29-1 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54 CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in t ...) - binutils 2.29-1 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) - binutils 2.28-6 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of s ...) - binutils 2.29-1 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) - binutils 2.28-6 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5 CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) - binutils 2.28-6 (low; bug #863674) [stretch] - binutils (Minor issue) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d CVE-2017-9037 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...) NOT-FOR-US: Trend Micro CVE-2017-9036 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local us ...) NOT-FOR-US: Trend Micro CVE-2017-9035 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...) NOT-FOR-US: Trend Micro CVE-2017-9034 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...) NOT-FOR-US: Trend Micro CVE-2017-9033 (Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerP ...) NOT-FOR-US: Trend Micro CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...) NOT-FOR-US: Trend Micro CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer over- ...) - libytnef 1.9.2-2 (low; bug #862556) [jessie] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/45 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) NOT-FOR-US: Joomla extension CVE-2017-9029 RESERVED CVE-2017-9028 RESERVED CVE-2017-9027 RESERVED CVE-2017-9026 (Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6 ...) NOT-FOR-US: HooHoo Trip Mate CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...) NOT-FOR-US: HooHoo Trip Mate CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation i ...) {DLA-1075-1} - wordpress 4.7.5+dfsg-1 (bug #862816) [jessie] - wordpress 4.1+dfsg-1+deb8u16 NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for po ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3 CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta dat ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-1 (bug #862816) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 CVE-2017-9024 (Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes S ...) NOT-FOR-US: Secure Bytes Cisco Configuration Manager CVE-2017-9023 (The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE ...) {DSA-3866-1 DLA-973-1} - strongswan 5.5.1-4 NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23 CVE-2017-9022 (The gmp plugin in strongSwan before 5.5.3 does not properly validate R ...) {DSA-3866-1 DLA-973-1} - strongswan 5.5.1-4 NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3 CVE-2017-9021 REJECTED CVE-2017-9020 RESERVED CVE-2016-10373 REJECTED CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, wh ...) NOT-FOR-US: Eir D1000 modem CVE-2017-9019 RESERVED CVE-2017-9018 REJECTED CVE-2017-9017 REJECTED CVE-2017-9016 REJECTED CVE-2017-9015 REJECTED CVE-2017-9014 REJECTED CVE-2017-9013 REJECTED CVE-2017-9012 REJECTED CVE-2017-9011 REJECTED CVE-2017-9010 REJECTED CVE-2017-9009 REJECTED CVE-2017-9008 REJECTED CVE-2017-9007 REJECTED CVE-2017-9006 REJECTED CVE-2017-9005 REJECTED CVE-2017-9004 REJECTED CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...) NOT-FOR-US: Aruba CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...) NOT-FOR-US: Aruba CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout ...) NOT-FOR-US: Aruba CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...) NOT-FOR-US: Aruba CVE-2017-8999 REJECTED CVE-2017-8998 REJECTED CVE-2017-8997 REJECTED CVE-2017-8996 REJECTED CVE-2017-8995 REJECTED CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...) NOT-FOR-US: HPE CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...) NOT-FOR-US: HPE Project and Portfolio Management CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability in HPE ...) NOT-FOR-US: HPE CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability in HPE C ...) NOT-FOR-US: HPE CVE-2017-8990 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, ...) NOT-FOR-US: HPE CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identified ...) NOT-FOR-US: HPE CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...) NOT-FOR-US: HPE CVE-2017-8986 REJECTED CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...) NOT-FOR-US: HPE XP Storage CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE Intell ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent Ma ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) fi ...) NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...) NOT-FOR-US: HPE IceWall Products CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...) NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance CVE-2017-8976 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...) NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance CVE-2017-8975 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...) NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance CVE-2017-8974 (A Local Authentication Restriction Bypass vulnerability in HPE NonStop ...) NOT-FOR-US: HPE NonStop Server CVE-2017-8973 (An improper input validation vulnerability in HPE Matrix Operating Env ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-8972 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-8971 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability in HP ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control vers ...) NOT-FOR-US: HPE Insight Control CVE-2017-8968 (A remote execution of arbitrary code vulnerability has been identified ...) NOT-FOR-US: HPE CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8965 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8964 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8963 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8962 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8961 (A directory traversal vulnerability in HPE Intelligent Management Cent ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8960 (An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SA ...) NOT-FOR-US: HPE MSA CVE-2017-8959 (An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 204 ...) NOT-FOR-US: HPE MSA CVE-2017-8958 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8957 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8956 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8955 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8954 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-8953 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v1 ...) NOT-FOR-US: HPE LoadRunner CVE-2017-8952 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) NOT-FOR-US: HPE SiteScope CVE-2017-8951 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) NOT-FOR-US: HPE SiteScope CVE-2017-8950 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) NOT-FOR-US: HPE SiteScope CVE-2017-8949 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) NOT-FOR-US: HPE SiteScope CVE-2017-8948 (A Remote Bypass Security Restriction vulnerability in HPE Network Node ...) NOT-FOR-US: HPE Network Node Manager CVE-2017-8947 (A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10 ...) NOT-FOR-US: HPE UCMDB CVE-2017-8946 (A Remote Code Execution vulnerability in HPE Aruba AirWave Glass versi ...) NOT-FOR-US: HPE Aruba AirWave Glass CVE-2017-8945 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...) NOT-FOR-US: HPE IceWall Federation Agent CVE-2017-8944 (A Remote Disclosure of Information vulnerability in HPE Cloud Optimize ...) NOT-FOR-US: HPE Cloud Optimizer CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...) NOT-FOR-US: PUMA PUMATRAC app CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 ...) NOT-FOR-US: YottaMark ShopWell app CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does not veri ...) NOT-FOR-US: Interval International app CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS ...) NOT-FOR-US: Zipongo app CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not ve ...) NOT-FOR-US: ellentube app CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 ...) NOT-FOR-US: Radio Javan app CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certific ...) NOT-FOR-US: Life Before Us Yo app CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.2 ...) NOT-FOR-US: MoboTap Dolphin Web Browser CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does n ...) NOT-FOR-US: Quest Information Systems Indiana Voters app CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things ...) - perltidy 20140328-2 (bug #862667) [jessie] - perltidy (Minor issue; can be fixed via point release) [wheezy] - perltidy (Minor issue) CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...) - golang-1.8 1.8.3-1 (bug #863307) [stretch] - golang-1.8 (Minor issue, would require rebuilds of affected go-based packages in stable) - golang-1.7 1.7.6-1 (bug #863308) [stretch] - golang-1.7 (Minor issue, would require rebuilds of affected go-based packages in stable) - golang [wheezy] - golang (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) [jessie] - golang (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) NOTE: Upstream issue: https://github.com/golang/go/issues/20040 NOTE: Upstream patch: https://golang.org/cl/41070 NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773 NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770 CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow a ...) NOT-FOR-US: Bitdefender CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple I ...) NOT-FOR-US: Simple Invoices CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allo ...) - yara 3.6.0+dfsg-1 [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: https://github.com/VirusTotal/yara/issues/658 NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...) NOT-FOR-US: mailcow CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory trave ...) {DSA-3856-1 DLA-943-1} - deluge 1.3.13+git20161130.48cedf63-3 (bug #862611) NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...) - pcmanfm 1.2.5-3 (low; bug #862571) [jessie] - pcmanfm (Minor issue) [wheezy] - pcmanfm (Minor issue) NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a ...) - menu-cache 1.0.2-3 (low; bug #862570) [jessie] - menu-cache (Minor issue) [wheezy] - menu-cache (Minor issue) NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause ...) NOT-FOR-US: Larson VizEx Reader CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...) NOT-FOR-US: Halliburton LogView Pro CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...) {DSA-3886-1 DLA-993-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8 CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in th ...) {DSA-3886-1 DLA-993-1} - linux 4.9.16-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...) - php7.1 (bug #881539) - php7.0 (bug #881538) [stretch] - php7.0 (Minor issue) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577 NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122 CVE-2017-8922 RESERVED CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows overwrit ...) - flightgear 1:2016.4.4+dfsg-3 (bug #862689) [jessie] - flightgear 3.0.0-5+deb8u2 NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next) NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4) NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0) CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...) - cgiirc CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...) NOT-FOR-US: NetApp CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...) NOT-FOR-US: Dive Assistant CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attac ...) NOT-FOR-US: Joomla! CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...) NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) NOT-FOR-US: SAP CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) NOT-FOR-US: SAP CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...) NOT-FOR-US: SAP CVE-2017-8912 (CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrato ...) NOT-FOR-US: CMS Made Simple CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() func ...) {DSA-3869-1 DLA-962-1} - tnef 1.4.12-1.2 (bug #862442) NOTE: https://github.com/verdammelt/tnef/issues/23 NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/a686971a1f124d9ae18946b1844dbc2c1f30df10 CVE-2017-8910 RESERVED CVE-2017-8909 RESERVED CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 all ...) - ghostscript 9.22~dfsg-1 (unimportant) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810 NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...) NOT-FOR-US: Atlassian Bamboo CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...) - x265 (Affected code is not enabled) NOTE: https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common CVE-2017-8902 RESERVED CVE-2017-8901 RESERVED CVE-2017-8900 (LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, ...) - lightdm (No guest account support in Debian, cf. #661230) CVE-2017-8899 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) NOT-FOR-US: Invision Power Services CVE-2017-8898 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) NOT-FOR-US: Invision Power Services CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) NOT-FOR-US: Invision Power Services CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6 ...) - owncloud CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before bui ...) NOT-FOR-US: Veritas CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software upd ...) NOT-FOR-US: AeroAdmin CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...) NOT-FOR-US: AeroAdmin CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...) NOT-FOR-US: OpenText Tempo Box CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a mal ...) - lepton 1.2.1+20170405-1 (bug #862446) NOTE: https://github.com/dropbox/lepton/issues/87 NOTE: https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346 CVE-2017-8889 RESERVED CVE-2017-8888 RESERVED CVE-2017-8887 RESERVED CVE-2017-8886 RESERVED CVE-2017-8885 RESERVED CVE-2017-8884 RESERVED CVE-2017-8883 RESERVED CVE-2017-8882 RESERVED CVE-2017-8881 RESERVED CVE-2017-8880 RESERVED CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the c ...) - dolibarr 5.0.4+dfsg3-1 (bug #863544) CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...) NOT-FOR-US: ASUS CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 a ...) NOT-FOR-US: ASUS CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to c ...) NOT-FOR-US: Symphony CMS CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...) NOT-FOR-US: Wordpress addon CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1 ...) NOT-FOR-US: Mautic CVE-2017-8873 RESERVED CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...) {DLA-2369-1} - libxml2 2.9.4+dfsg1-6.1 (bug #862450) [jessie] - libxml2 (Minor issue) [wheezy] - libxml2 (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...) - libcroco (bug #864666; low) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) [wheezy] - libcroco (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782649 CVE-2017-8870 (Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execut ...) NOT-FOR-US: AudioCoder CVE-2017-8869 (Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to e ...) NOT-FOR-US: MediaCoder CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...) NOT-FOR-US: flatCore CVE-2017-8867 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) NOT-FOR-US: Elemental Path's CogniToys Dino smart toys CVE-2017-8866 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) NOT-FOR-US: Elemental Path's CogniToys Dino smart toys CVE-2017-8865 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) NOT-FOR-US: Elemental Path's CogniToys Dino smart toys CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security optio ...) NOT-FOR-US: Cohu CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an ...) NOT-FOR-US: Cohu CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the firmwar ...) NOT-FOR-US: Cohu CVE-2017-8861 (Missing authentication for the remote configuration port 1236/tcp on t ...) NOT-FOR-US: Cohu CVE-2017-8860 (Information disclosure through directory listing on the Cohu 3960HD al ...) NOT-FOR-US: Cohu CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users ...) NOT-FOR-US: Veritas NetBackup CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) NOT-FOR-US: Veritas NetBackup CVE-2017-8857 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) NOT-FOR-US: Veritas NetBackup CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) NOT-FOR-US: Veritas NetBackup CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...) {DLA-969-1} - tiff 4.0.7-7 (low; bug #862929) [jessie] - tiff 4.0.3-12.3+deb8u5 - tiff3 [wheezy] - tiff3 (tiff tools are not built, can be fixed later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...) - gtk-vnc 0.4.3-1 NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3) CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a mal ...) - wolfssl 3.12.0+dfsg-1 (bug #870170) NOTE: Fixed upstream in 3.11.0, https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...) - wolfssl 3.10.2+dfsg-1 CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/ap ...) NOT-FOR-US: Fiyo CMS CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...) NOT-FOR-US: SAP CVE-2017-8851 (An issue was discovered on OnePlus One and X devices. Due to a lenient ...) NOT-FOR-US: OnePlus One CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due t ...) NOT-FOR-US: OnePlus One CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by lever ...) {DSA-3951-1 DLA-1002-1} - smb4k 1.2.1-2 (bug #862505) NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3 NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt NOTE: https://github.com/stealth/plasmapulsar NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e NOTE: smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a pa ...) NOT-FOR-US: Allen Disk CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863145) NOTE: https://github.com/ckolivas/lrzip/issues/67 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ NOTE: Crash in CLI tool, no security implications CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #863150) [jessie] - lrzip (Minor issue) [wheezy] - lrzip (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/71 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863151) NOTE: https://github.com/ckolivas/lrzip/issues/68 NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/ NOTE: Crash in CLI tool, no security implications CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #863153) [jessie] - lrzip (Minor issue) [wheezy] - lrzip (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/70 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ NOTE: https://github.com/ckolivas/lrzip/commit/dc57230636fe8da068674e1023b2f07c593ec21b (v0.640) CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863155) NOTE: https://github.com/ckolivas/lrzip/issues/69 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/ NOTE: https://github.com/ckolivas/lrzip/commit/cd456aa70e1f9b6769454ab4f8198e1551c33c49 (v0.640) NOTE: Crash in CLI tool, no security implications CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) {DLA-2725-1} - lrzip 0.631+git180517-1 (unimportant; bug #863156) NOTE: https://github.com/ckolivas/lrzip/issues/66 NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ NOTE: https://github.com/ckolivas/lrzip/commit/38386bd482c0a8102a79958cb3eddcb97a167ca3 (v0.640) NOTE: Crash in CLI tool, no security implications CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, a ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, 71 ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devi ...) NOT-FOR-US: Peplink Balance devices CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) NOT-FOR-US: Peplink Balance devices CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...) NOT-FOR-US: OnePlus CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a so ...) {DLA-935-1} - lxterminal 0.3.0-2 (low; bug #862098) [jessie] - lxterminal 0.2.0-1+deb8u1 NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...) - libcroco (bug #864666; low) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) [wheezy] - libcroco (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782647 CVE-2017-8833 (Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: ...) NOT-FOR-US: Zen Cart CVE-2017-8832 (Allen Disk 1.6 has XSS in the id parameter to downfile.php.) NOT-FOR-US: Allen Disk CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus. ...) {DLA-1200-1} - linux 4.12.6-1 [stretch] - linux 4.9.47-1 [jessie] - linux 3.16.51-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559 CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862637) NOTE: https://github.com/ImageMagick/ImageMagick/issues/467 CVE-2017-8828 RESERVED CVE-2017-8827 (forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might a ...) NOT-FOR-US: GenixCMS CVE-2017-8826 (FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly ...) NOT-FOR-US: FastStone Image Viewer CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling c ...) - libetpan 1.6-3 (bug #862151) [jessie] - libetpan (Minor issue) [wheezy] - libetpan (Minor issue) NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d NOTE: https://github.com/dinhviethoa/libetpan/issues/274 CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel t ...) {DSA-4082-1 DSA-4073-1 DLA-1200-1} - linux 4.14.7-1 NOTE: http://lists.openwall.net/netdev/2017/12/04/224 NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76 CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) {DSA-4054-1} - tor 0.3.1.9-1 [wheezy] - tor (Not supported in wheezy LTS) NOTE: https://bugs.torproject.org/24313 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) {DSA-4054-1} - tor 0.3.1.9-1 [wheezy] - tor (Not supported in wheezy LTS) NOTE: https://bugs.torproject.org/21534 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) {DSA-4054-1} - tor 0.3.1.9-1 [wheezy] - tor (Not supported in wheezy LTS) NOTE: https://bugs.torproject.org/24246 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) {DSA-4054-1} - tor 0.3.1.9-1 [wheezy] - tor (Not supported in wheezy LTS) NOTE: https://bugs.torproject.org/24245 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) {DSA-4054-1} - tor 0.3.1.9-1 [wheezy] - tor (Not supported in wheezy LTS) NOTE: https://bugs.torproject.org/24244 NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...) - curl 7.57.0-1 [stretch] - curl (Vulnerable code not present) [jessie] - curl (Vulnerable code not present) [wheezy] - curl (Vulnerable code not present) NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html NOTE: https://curl.haxx.se/CVE-2017-8818.patch CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows rem ...) {DSA-4051-1 DLA-1195-1} - curl 7.57.0-1 NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html NOTE: https://curl.haxx.se/CVE-2017-8817.patch CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on 3 ...) {DSA-4051-1} - curl 7.57.0-1 [wheezy] - curl (Vulnerable code not present, introduced in 7.36.0) NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html NOTE: https://curl.haxx.se/CVE-2017-8816.patch CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T119158 CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T124404 CVE-2017-8813 REJECTED CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T125163 CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki bef ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T176247 CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T134100 CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x b ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T128209 CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) {DSA-4036-1} - mediawiki 1:1.27.4-1 [wheezy] - mediawiki (Not supported in wheezy LTS) NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html NOTE: https://phabricator.wikimedia.org/T178451 CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cach ...) {DSA-4034-1} - varnish 5.2.1-1 (bug #881808) [jessie] - varnish (Vulnerable code not present, issue introduced in 4.1.0) [wheezy] - varnish (Vulnerable code not present, issue introduced in 4.1.0) NOTE: http://varnish-cache.org/security/VSV00002.html NOTE: https://github.com/varnishcache/varnish-cache/pull/2429 NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ...) {DSA-4029-1 DLA-1169-1} - postgresql-common 188 CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...) - archvsync 20171017 NOTE: https://www.openwall.com/lists/oss-security/2017/10/17/2 NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016 CVE-2017-1000041 REJECTED CVE-2017-1000040 REJECTED CVE-2017-1000019 REJECTED CVE-2016-1000393 REJECTED CVE-2016-1000373 REJECTED CVE-2016-1000372 REJECTED CVE-2016-1000371 REJECTED CVE-2016-1000370 REJECTED CVE-2016-1000369 REJECTED CVE-2016-1000368 REJECTED CVE-2016-1000367 REJECTED CVE-2016-1000366 REJECTED CVE-2016-1000365 REJECTED CVE-2016-1000364 REJECTED CVE-2016-1000363 REJECTED CVE-2016-1000362 REJECTED CVE-2016-1000361 REJECTED CVE-2016-1000360 REJECTED CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...) {DLA-1418-1} - bouncycastle 1.56-1 NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0 CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows attac ...) - lintian 2.5.50.4 (bug #861958) [jessie] - lintian (upstream/metadata check introduced in 2.5.41; vulnerable code not present) [wheezy] - lintian (upstream/metadata check introduced in 2.5.41; vulnerable code not present) CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...) NOTE: This is not a vulnerability in glibc, but a bug in the application, see NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html NOTE: https://www.openwall.com/lists/oss-security/2017/05/05/2 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461 CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow use ...) NOT-FOR-US: Notepad++ CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) NOT-FOR-US: Zimbra CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Buil ...) NOT-FOR-US: Trend Micro CVE-2017-8800 RESERVED CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before 4. ...) NOT-FOR-US: iRODS CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v ...) {DLA-2197-1 DLA-949-1} - miniupnpc 1.9.20140610-3 (bug #862273) NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly v ...) - linux 4.9.30-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1) CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) - libpodofo 0.9.5-7 (bug #861738) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: Possible unspecified impact. Needs further analysis. NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1851 CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial o ...) - pcre2 10.31-1 (unimportant; bug #861873) NOTE: https://bugs.exim.org/show_bug.cgi?id=2079 NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697 CVE-2017-8785 (FastStone Image Viewer 6.2 has a "Data from Faulting Address may be us ...) NOT-FOR-US: FastStone Image Viewer CVE-2017-8784 REJECTED CVE-2017-8783 (Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent ...) NOT-FOR-US: Zimbra CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming ...) {DLA-980-1} - ming NOTE: https://github.com/libming/libming/issues/70 CVE-2017-8781 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) NOT-FOR-US: XnView CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled durin ...) NOT-FOR-US: GenixCMS CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...) - gitlab (SVG rendering feature introduced later, cf. bug #861870) NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471 CVE-2017-8777 (Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: M ...) NOT-FOR-US: Open-Xchange GmbH OX Cloud Plugins CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0 ...) {DSA-3845-1 DLA-937-1 DLA-936-1} - rpcbind 0.2.3-0.6 (bug #861835) - libtirpc 0.2.5-1.2 (bug #861834) - ntirpc 1.4.4-1 (bug #861836) NOTE: https://www.openwall.com/lists/oss-security/2017/05/04/1 NOTE: https://github.com/guidovranken/rpcbomb/ NOTE: For rpcbind, 0.2.3-0.6 upload was based on Guido Vranken 's patch in NOTE: https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt NOTE: Upstream patch: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346 (rpcbind-0_2_5-rc1) NOTE: Followup for typo: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=c49a7ea639eb700823e174fd605bbbe183e229aa (rpcbind-0_2_5-rc2) CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) NOT-FOR-US: Quick Heal Internet Security CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) NOT-FOR-US: Quick Heal Internet Security CVE-2017-8774 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) NOT-FOR-US: Quick Heal Internet Security CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) NOT-FOR-US: Quick Heal Internet Security CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...) NOT-FOR-US: BE126 WIFI repeater CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...) NOT-FOR-US: BE126 WIFI repeater CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 device ...) NOT-FOR-US: BE126 WIFI repeater CVE-2017-8769 (Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD ca ...) NOT-FOR-US: WhatsApp Messenger CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command injecti ...) NOT-FOR-US: Atlassian SourceTree CVE-2017-8767 REJECTED CVE-2017-8766 (IrfanView version 4.44 (32bit) allows remote attackers to execute code ...) NOT-FOR-US: IrfanView CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5 ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862653) NOTE: https://github.com/ImageMagick/ImageMagick/issues/466 CVE-2017-8764 RESERVED CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for ...) NOT-FOR-US: EPESI CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits ...) NOT-FOR-US: GenixCMS CVE-2017-8761 (In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, ...) - swift 2.17.0-2 [stretch] - swift (Minor issue) [jessie] - swift (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/swift/+bug/1685798 CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...) NOT-FOR-US: Microsoft CVE-2017-8758 (Microsoft Exchange Server 2016 allows an elevation of privilege vulner ...) NOT-FOR-US: Microsoft CVE-2017-8757 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8756 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8755 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8754 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8753 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8752 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Apache Atlas CVE-2017-8751 (Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute ...) NOT-FOR-US: Microsoft CVE-2017-8750 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8749 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-8748 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8747 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8746 (Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 ...) NOT-FOR-US: Microsoft CVE-2017-8745 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2017-8744 (A remote code execution vulnerability exists in Excel Services, Micros ...) NOT-FOR-US: Microsoft CVE-2017-8743 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...) NOT-FOR-US: Microsoft CVE-2017-8742 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...) NOT-FOR-US: Microsoft CVE-2017-8741 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-8740 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8739 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) NOT-FOR-US: Microsoft CVE-2017-8738 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8737 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...) NOT-FOR-US: Microsoft CVE-2017-8736 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8735 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8734 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8733 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-8732 RESERVED CVE-2017-8731 (Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 al ...) NOT-FOR-US: Microsoft CVE-2017-8730 RESERVED CVE-2017-8729 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8728 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...) NOT-FOR-US: Microsoft CVE-2017-8727 (Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8726 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8725 (A remote code execution vulnerability exists in Microsoft Publisher 20 ...) NOT-FOR-US: Microsoft CVE-2017-8724 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...) NOT-FOR-US: Microsoft CVE-2017-8723 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8722 RESERVED CVE-2017-8721 RESERVED CVE-2017-8720 (The Microsoft Windows graphics component on Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2017-8719 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8718 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...) NOT-FOR-US: Microsoft CVE-2017-8717 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...) NOT-FOR-US: Microsoft CVE-2017-8716 (Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows ...) NOT-FOR-US: Microsoft CVE-2017-8715 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...) NOT-FOR-US: Microsoft CVE-2017-8714 (The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8713 (The Windows Hyper-V component on Microsoft Windows Windows 8.1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8712 (The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8711 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...) NOT-FOR-US: Microsoft CVE-2017-8710 (The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP ...) NOT-FOR-US: Microsoft CVE-2017-8709 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8708 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8707 (The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8706 (The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607 ...) NOT-FOR-US: Microsoft CVE-2017-8705 RESERVED CVE-2017-8704 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...) NOT-FOR-US: Microsoft CVE-2017-8703 (The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 ...) NOT-FOR-US: Microsoft CVE-2017-8702 (Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and ...) NOT-FOR-US: Microsoft CVE-2017-8701 RESERVED CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origi ...) NOT-FOR-US: Microsoft CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8698 RESERVED CVE-2017-8697 RESERVED CVE-2017-8696 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...) NOT-FOR-US: Microsoft CVE-2017-8695 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...) NOT-FOR-US: Microsoft CVE-2017-8694 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2017-8693 (The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1 ...) NOT-FOR-US: Microsoft CVE-2017-8692 (The Windows Uniscribe component on Microsoft Windows 8.1, Windows Serv ...) NOT-FOR-US: Microsoft CVE-2017-8691 (Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacke ...) NOT-FOR-US: Microsoft Windows CVE-2017-8690 RESERVED CVE-2017-8689 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2017-8688 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8687 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8686 (The Windows Server DHCP service in Windows Server 2012 Gold and R2, an ...) NOT-FOR-US: Microsoft CVE-2017-8685 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Wind ...) NOT-FOR-US: Microsoft CVE-2017-8684 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8683 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...) NOT-FOR-US: Microsoft CVE-2017-8682 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...) NOT-FOR-US: Microsoft CVE-2017-8681 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8680 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8679 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8678 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft CVE-2017-8677 (The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft CVE-2017-8676 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...) NOT-FOR-US: Microsoft CVE-2017-8675 (The Windows Kernel-Mode Drivers component on Microsoft Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8674 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8673 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2017-8672 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8671 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8670 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8669 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2017-8668 (The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8667 RESERVED CVE-2017-8666 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8665 (The Xamarin.iOS update component on systems running macOS allows an at ...) NOT-FOR-US: Xamarin.iOS CVE-2017-8664 (Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windo ...) NOT-FOR-US: Microsoft CVE-2017-8663 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) NOT-FOR-US: Microsoft CVE-2017-8662 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disc ...) NOT-FOR-US: Microsoft CVE-2017-8661 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8660 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) NOT-FOR-US: Microsoft CVE-2017-8658 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8655 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8654 (Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site sc ...) NOT-FOR-US: Microsoft CVE-2017-8653 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) NOT-FOR-US: Microsoft CVE-2017-8652 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8651 (Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Ser ...) NOT-FOR-US: Microsoft CVE-2017-8650 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to expl ...) NOT-FOR-US: Microsoft CVE-2017-8649 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) NOT-FOR-US: Microsoft CVE-2017-8648 (Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to ...) NOT-FOR-US: Microsoft CVE-2017-8647 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) NOT-FOR-US: Microsoft CVE-2017-8646 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...) NOT-FOR-US: Microsoft CVE-2017-8645 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...) NOT-FOR-US: Microsoft CVE-2017-8644 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8643 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8642 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elev ...) NOT-FOR-US: Microsoft CVE-2017-8641 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2017-8640 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Serve ...) NOT-FOR-US: Microsoft CVE-2017-8639 (Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allow ...) NOT-FOR-US: Microsoft CVE-2017-8638 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8637 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypa ...) NOT-FOR-US: Microsoft CVE-2017-8636 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2017-8635 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: MIcrosoft CVE-2017-8634 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8633 (Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-8632 (A remote code execution vulnerability exists in Microsoft Excel 2010 S ...) NOT-FOR-US: Microsoft CVE-2017-8631 (A remote code execution vulnerability exists in Excel Services, Micros ...) NOT-FOR-US: Microsoft CVE-2017-8630 (Microsoft Office 2016 allows a remote code execution vulnerability whe ...) NOT-FOR-US: Microsoft CVE-2017-8629 (Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of ...) NOT-FOR-US: Microsoft CVE-2017-8628 (Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, ...) NOT-FOR-US: Microsoft Windows NOTE: https://www.armis.com/blueborne/ CVE-2017-8627 (Windows Subsystem for Linux in Windows 10 1703, allows a denial of ser ...) NOT-FOR-US: Microsoft CVE-2017-8626 RESERVED CVE-2017-8625 (Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Se ...) NOT-FOR-US: Microsoft CVE-2017-8624 (CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 ...) NOT-FOR-US: Microsoft CVE-2017-8623 (Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allo ...) NOT-FOR-US: Microsoft CVE-2017-8622 (Windows Subsystem for Linux in Windows 10 1703 allows an elevation of ...) NOT-FOR-US: Microsoft CVE-2017-8621 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) NOT-FOR-US: Microsoft CVE-2017-8620 (Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W ...) NOT-FOR-US: Microsoft CVE-2017-8619 (Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8618 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8617 (Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code ...) NOT-FOR-US: Microsoft CVE-2017-8616 RESERVED CVE-2017-8615 RESERVED CVE-2017-8614 RESERVED CVE-2017-8613 (Azure AD Connect Password writeback, if misconfigured during enablemen ...) NOT-FOR-US: Azure AD Connect Password writeback CVE-2017-8612 RESERVED CVE-2017-8611 (Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8610 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) NOT-FOR-US: Microsoft CVE-2017-8609 (Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, ...) NOT-FOR-US: Microsoft CVE-2017-8608 (Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8. ...) NOT-FOR-US: Microsoft CVE-2017-8607 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...) NOT-FOR-US: Microsoft CVE-2017-8606 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...) NOT-FOR-US: Microsoft CVE-2017-8605 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8604 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...) NOT-FOR-US: Microsoft CVE-2017-8603 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...) NOT-FOR-US: Microsoft CVE-2017-8602 (Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2017-8601 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8600 RESERVED CVE-2017-8599 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8598 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8597 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...) NOT-FOR-US: Microsoft CVE-2017-8596 (Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Ser ...) NOT-FOR-US: Microsoft CVE-2017-8595 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8594 (Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Win ...) NOT-FOR-US: Microsoft CVE-2017-8593 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8592 (Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 200 ...) NOT-FOR-US: Microsoft CVE-2017-8591 (Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 ...) NOT-FOR-US: Microsoft CVE-2017-8590 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8589 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8588 (Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 ...) NOT-FOR-US: Microsoft CVE-2017-8587 (Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8586 RESERVED CVE-2017-8585 (Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker ...) NOT-FOR-US: Microsoft CVE-2017-8584 (Windows 10 1607 and Windows Server 2016 allow an attacker to execute c ...) NOT-FOR-US: Microsoft CVE-2017-8583 RESERVED CVE-2017-8582 (HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) NOT-FOR-US: Microsoft CVE-2017-8581 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8580 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8579 (The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...) NOT-FOR-US: Microsoft CVE-2017-8578 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8577 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) NOT-FOR-US: Microsoft CVE-2017-8576 (The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...) NOT-FOR-US: Microsoft CVE-2017-8575 (The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows ...) NOT-FOR-US: Windows CVE-2017-8574 (Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 a ...) NOT-FOR-US: Microsoft CVE-2017-8573 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) NOT-FOR-US: Microsoft CVE-2017-8572 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) NOT-FOR-US: Microsoft CVE-2017-8571 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) NOT-FOR-US: Microsoft CVE-2017-8570 (Microsoft Office allows a remote code execution vulnerability due to t ...) NOT-FOR-US: Microsoft CVE-2017-8569 (Microsoft SharePoint Server allows an elevation of privilege vulnerabi ...) NOT-FOR-US: Microsoft CVE-2017-8568 RESERVED CVE-2017-8567 (A remote code execution vulnerability exists in Microsoft Excel for Ma ...) NOT-FOR-US: Microsoft CVE-2017-8566 (Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevat ...) NOT-FOR-US: Microsoft CVE-2017-8565 (Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) NOT-FOR-US: Microsoft CVE-2017-8564 (Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8563 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8562 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, ...) NOT-FOR-US: Microsoft CVE-2017-8561 (Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and ...) NOT-FOR-US: Microsoft CVE-2017-8560 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) NOT-FOR-US: Microsoft CVE-2017-8559 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) NOT-FOR-US: Microsoft CVE-2017-8558 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8557 (Windows System Information Console in Windows Server 2008 SP2 and R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8556 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) NOT-FOR-US: Microsoft CVE-2017-8555 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to tric ...) NOT-FOR-US: Microsoft CVE-2017-8554 (The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 ...) NOT-FOR-US: Microsoft CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows Se ...) NOT-FOR-US: Microsoft CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, ...) NOT-FOR-US: Microsoft CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2017-8550 (A remote code execution vulnerability exists in Skype for Business whe ...) NOT-FOR-US: Microsoft CVE-2017-8549 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8548 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8547 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8546 RESERVED CVE-2017-8545 (A spoofing vulnerability exists in when Microsoft Outlook for Mac does ...) NOT-FOR-US: Microsoft CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...) NOT-FOR-US: Microsoft CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) NOT-FOR-US: Microsoft CVE-2017-8534 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8533 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8532 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8531 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8530 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8529 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) NOT-FOR-US: Microsoft CVE-2017-8528 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8527 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8526 RESERVED CVE-2017-8525 RESERVED CVE-2017-8524 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) NOT-FOR-US: Microsoft CVE-2017-8523 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) NOT-FOR-US: Microsoft CVE-2017-8522 (Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Window ...) NOT-FOR-US: Microsoft CVE-2017-8521 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) NOT-FOR-US: Microsoft CVE-2017-8520 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) NOT-FOR-US: Microsoft CVE-2017-8519 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) NOT-FOR-US: Microsoft CVE-2017-8518 (Microsoft Edge allows a remote code execution vulnerability due to the ...) NOT-FOR-US: Microsoft CVE-2017-8517 (Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...) NOT-FOR-US: Microsoft CVE-2017-8516 (Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, M ...) NOT-FOR-US: Microsoft CVE-2017-8515 (Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 all ...) NOT-FOR-US: Microsoft CVE-2017-8514 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2017-8513 (A remote code execution vulnerability exists in Microsoft PowerPoint w ...) NOT-FOR-US: Microsoft CVE-2017-8512 (A remote code execution vulnerability exists in Microsoft Office when ...) NOT-FOR-US: Microsoft CVE-2017-8511 (A remote code execution vulnerability exists in Microsoft Office when ...) NOT-FOR-US: Microsoft CVE-2017-8510 (A remote code execution vulnerability exists in Microsoft Office when ...) NOT-FOR-US: Microsoft CVE-2017-8509 (A remote code execution vulnerability exists in Microsoft Office when ...) NOT-FOR-US: Microsoft CVE-2017-8508 (A security feature bypass vulnerability exists in Microsoft Office sof ...) NOT-FOR-US: Microsoft CVE-2017-8507 (A remote code execution vulnerability exists in the way Microsoft Offi ...) NOT-FOR-US: Microsoft CVE-2017-8506 (A remote code execution vulnerability exists in Microsoft Office when ...) NOT-FOR-US: Microsoft CVE-2017-8505 RESERVED CVE-2017-8504 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...) NOT-FOR-US: Microsoft CVE-2017-8503 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8502 (Microsoft Office allows a remote code execution vulnerability due to t ...) NOT-FOR-US: Microsoft CVE-2017-8501 (Microsoft Office allows a remote code execution vulnerability due to t ...) NOT-FOR-US: Microsoft CVE-2017-8500 RESERVED CVE-2017-8499 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) NOT-FOR-US: Microsoft CVE-2017-8498 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...) NOT-FOR-US: Microsoft CVE-2017-8497 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...) NOT-FOR-US: Microsoft CVE-2017-8496 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...) NOT-FOR-US: Microsoft CVE-2017-8495 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8494 (Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 20 ...) NOT-FOR-US: Microsoft CVE-2017-8493 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) NOT-FOR-US: Microsoft CVE-2017-8492 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8491 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8490 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8489 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker t ...) NOT-FOR-US: Microsoft CVE-2017-8486 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8484 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8483 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8482 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8481 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8480 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8479 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8478 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8477 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8476 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8475 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8474 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Win ...) NOT-FOR-US: Microsoft CVE-2017-8473 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...) NOT-FOR-US: Microsoft CVE-2017-8472 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windo ...) NOT-FOR-US: Microsoft CVE-2017-8471 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8470 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) NOT-FOR-US: Microsoft CVE-2017-8469 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8468 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) NOT-FOR-US: Microsoft CVE-2017-8467 (Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP ...) NOT-FOR-US: Microsoft CVE-2017-8466 (Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Window ...) NOT-FOR-US: Microsoft CVE-2017-8465 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) NOT-FOR-US: Microsoft CVE-2017-8464 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) NOT-FOR-US: Microsoft CVE-2017-8463 (Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi ...) NOT-FOR-US: Microsoft CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) NOT-FOR-US: Microsoft CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and W ...) NOT-FOR-US: Microsoft CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows R ...) NOT-FOR-US: Microsoft CVE-2017-8459 (Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection ...) - brave-browser (bug #864795) CVE-2017-8458 (Brave 0.12.4 has a URI Obfuscation issue in which a string such as htt ...) - brave-browser (bug #864795) CVE-2017-8457 RESERVED CVE-2017-8456 RESERVED CVE-2017-8455 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) NOT-FOR-US: Foxit Reader CVE-2017-8454 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) NOT-FOR-US: Foxit Reader CVE-2017-8453 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) NOT-FOR-US: Foxit Reader CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162 ...) NOT-FOR-US: Opsview Monitor Pro CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475 ...) NOT-FOR-US: Opsview Monitor Pro CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4. ...) NOT-FOR-US: Proxmox Mail Gateway CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Ga ...) NOT-FOR-US: Proxmox Mail Gateway CVE-2017-8452 (Kibana versions prior to 5.2.1 configured for SSL client access, file ...) - kibana (bug #700337) CVE-2017-8451 (With X-Pack installed, Kibana versions before 5.3.1 have an open redir ...) NOT-FOR-US: Kibana addon CVE-2017-8450 (X-Pack 5.1.1 did not properly apply document and field level security ...) NOT-FOR-US: Kibana addon CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than the user ...) NOT-FOR-US: Kibana addon CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting 5.0 ...) - kibana (bug #700337) CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enf ...) NOT-FOR-US: X-Pack plugin for Kibana CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and standal ...) NOT-FOR-US: X-Pack plugin for Kibana CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for versio ...) NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0 ...) NOT-FOR-US: Elastic Cloud Enterprise CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ope ...) NOT-FOR-US: Kibana X-Pack Security CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, c ...) NOT-FOR-US: Elastic X-Pack Security CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not alwa ...) NOT-FOR-US: Elastic X-Pack Security CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vul ...) - kibana (bug #700337) CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...) - kibana (bug #700337) CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege es ...) NOT-FOR-US: Elastic X-Pack Security CVE-2017-8437 RESERVED CVE-2017-8436 RESERVED CVE-2017-8435 RESERVED CVE-2017-8434 RESERVED CVE-2017-8433 RESERVED CVE-2017-8432 RESERVED CVE-2017-8431 RESERVED CVE-2017-8430 RESERVED CVE-2017-8429 RESERVED CVE-2017-8428 RESERVED CVE-2017-8427 RESERVED CVE-2017-8426 RESERVED CVE-2017-8425 RESERVED CVE-2017-8424 RESERVED CVE-2017-8423 RESERVED CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to ...) {DSA-3849-1 DLA-952-1} - kauth 5.28.0-2 - kde4libs 4:4.14.26-2 NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3 NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...) - swftools (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...) - lame 3.99.5+repack1-7 [wheezy] - lame 3.99.5+repack1-3+deb7u1 NOTE: https://sourceforge.net/p/lame/bugs/458/ NOTE: Issue addressed in Debian via: https://sources.debian.org/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/ NOTE: in the revised version as included in 3.99.5+repack1-7 CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are vulnerabl ...) - kibana (bug #700337) CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerabi ...) - kibana (bug #700337) CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not proper ...) NOT-FOR-US: Kibana addon CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, ...) - logstash (bug #664841) CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin when upda ...) - logstash (bug #664841) CVE-2016-10361 REJECTED CVE-2016-10360 REJECTED CVE-2016-10359 REJECTED CVE-2016-10358 REJECTED CVE-2016-10357 REJECTED CVE-2016-10356 REJECTED CVE-2016-10355 REJECTED CVE-2016-10354 REJECTED CVE-2016-10353 REJECTED CVE-2016-10352 REJECTED CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attac ...) - kibana (bug #700337) CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, ...) {DSA-3847-1 DLA-964-1} - xen 4.8.0~rc3-1 (bug #861662) NOTE: https://xenbits.xen.org/xsa/advisory-215.html CVE-2017-8904 (Xen through 4.8.x mishandles the "contains segment descriptors" proper ...) {DSA-3847-1 DLA-964-1} - xen 4.8.1-1+deb9u1 (bug #861660) NOTE: https://xenbits.xen.org/xsa/advisory-214.html CVE-2017-8903 (Xen through 4.8.x on 64-bit platforms mishandles page tables after an ...) {DSA-3847-1 DLA-964-1} - xen 4.8.1-1+deb9u1 (bug #861659) NOTE: https://xenbits.xen.org/xsa/advisory-213.html CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing loc ...) - rubocop 0.49.1+dfsg-1 (bug #870852) NOTE: https://github.com/bbatsov/rubocop/issues/4336 NOTE: https://github.com/bbatsov/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7 CVE-2017-8417 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) NOT-FOR-US: D-Link CVE-2017-8416 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) NOT-FOR-US: D-Link CVE-2017-8415 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) NOT-FOR-US: D-Link CVE-2017-8414 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...) NOT-FOR-US: D-Link CVE-2017-8413 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) NOT-FOR-US: D-Link CVE-2017-8412 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) NOT-FOR-US: D-Link CVE-2017-8411 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) NOT-FOR-US: D-Link CVE-2017-8410 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...) NOT-FOR-US: D-Link CVE-2017-8409 (An issue was discovered on D-Link DCS-1130 devices. The device require ...) NOT-FOR-US: D-Link CVE-2017-8408 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) NOT-FOR-US: D-Link CVE-2017-8407 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) NOT-FOR-US: D-Link CVE-2017-8406 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) NOT-FOR-US: D-Link CVE-2017-8405 (An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The b ...) NOT-FOR-US: D-Link CVE-2017-8404 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) NOT-FOR-US: D-Link CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes and com ...) NOT-FOR-US: 360fly CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitrary P ...) NOT-FOR-US: PivotX CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...) {DLA-995-1} - swftools (unimportant; bug #861998) NOTE: https://github.com/matthiaskramm/swftools/issues/14 NOTE: https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2 NOTE: Crash in CLI tool not considered a security issue CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in th ...) {DLA-995-1} - swftools 0.9.2+git20130725-4.1 (bug #861693) [jessie] - swftools (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/13 NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a CVE-2017-8399 (PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based ...) - pcre2 (Did only affect revision after r670 upstream; not in a released version) NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674 CVE-2017-8398 (dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21438 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21434 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 CVE-2017-8396 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21432 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab CVE-2017-8395 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21431 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 CVE-2017-8394 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21414 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2 CVE-2017-8393 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.28-5 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21412 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 CVE-2017-8392 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21409 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250be783304bfe0429761c6e6b6b NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3239a4231ff79bf8b67b8faaf414b1667486167c CVE-2017-8391 (The OS Installation Management component in CA Client Automation r12.9 ...) NOT-FOR-US: OS Installation Management component in CA Client Automation CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-8389 RESERVED CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_U ...) NOT-FOR-US: GeniXCMS CVE-2017-8387 (STDU Viewer version 1.6.375 might allow user-assisted attackers to exe ...) NOT-FOR-US: STDU Viewer CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7 ...) {DSA-3848-1 DLA-938-1} - git 1:2.11.0-3 NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html NOTE: https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/ NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5 CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the URL in ...) NOT-FOR-US: Craft CMS CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array returned ...) NOT-FOR-US: Craft CMS CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the conte ...) NOT-FOR-US: Craft CMS CVE-2017-8382 (admidio 3.2.8 has CSRF in adm_program/modules/members/members_function ...) NOT-FOR-US: admidio CVE-2017-8381 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) NOT-FOR-US: XnView Classic for Windows CVE-2017-8380 (Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 all ...) - qemu 1:2.8+dfsg-5 (bug #862282) [jessie] - qemu (Vulnerable code introduced later) [wheezy] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...) {DLA-1497-1} - qemu 1:2.8+dfsg-5 (bug #862289) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in b ...) - libpodofo 0.9.5-9 (bug #861597) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/ CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.cont ...) NOT-FOR-US: GeniXCMS CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is m ...) NOT-FOR-US: GeniXCMS CVE-2017-8375 RESERVED CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allo ...) {DSA-4192-1 DLA-1380-1} - libmad 0.15.1b-9 NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/ NOTE: The patch from #508133 fixed things related to this, but did not fix this. NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...) {DSA-4192-1 DLA-1380-1} - libmad 0.15.1b-9 (bug #287519) NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/ NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it NOTE: "Duplicate with"/basically same as CVE-2017-8372 NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...) {DSA-4192-1 DLA-1380-1} - libmad 0.15.1b-9 (bug #287519) NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it NOTE: "Duplicate" with/basically same as CVE-2017-8373 NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses c ...) NOT-FOR-US: Schneider Electric CVE-2017-8370 (IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2017-8369 (IrfanView version 4.44 (32bit) has a "Data from Faulting Address contr ...) NOT-FOR-US: IrfanView CVE-2017-8368 (Sublime Text 3 Build 3126 allows user-assisted attackers to cause a de ...) - sublime-text (bug #682158) CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...) NOT-FOR-US: Ether Software CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...) {DSA-3874-1} - ettercap 1:0.8.2-5 (bug #861604) NOTE: https://github.com/Ettercap/ettercap/issues/792 NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90 CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote a ...) {DLA-1618-1 DLA-956-1} - libsndfile 1.0.27-3 (bug #862202) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ NOTE: https://github.com/erikd/libsndfile/issues/230 NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...) {DLA-2189-1 DLA-955-1} - rzip 2.1-4.1 (bug #861614) NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/ NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) {DLA-1618-1 DLA-956-1} - libsndfile 1.0.27-3 (bug #862203) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ NOTE: https://github.com/erikd/libsndfile/issues/233 NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) {DLA-1618-1 DLA-956-1} - libsndfile 1.0.27-3 (bug #862204) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ NOTE: https://github.com/erikd/libsndfile/issues/231 NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808 CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) {DLA-1618-1 DLA-956-1} - libsndfile 1.0.27-3 (bug #862205) NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ NOTE: https://github.com/erikd/libsndfile/issues/232 NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 CVE-2017-8360 (Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBo ...) NOT-FOR-US: Conexant Systems mictray64 task CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a h ...) - grpc 1.3.2-0.1 NOTE: https://github.com/grpc/grpc/pull/10353 NOTE: Fixed by: https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7 CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a h ...) - libreoffice (Vulnerable code introduced on 2017-03-15; never in released version) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c NOTE: Introduced by: https://github.com/LibreOffice/core/commit/ceb53ad9f34ae05d09f61845d581546eac0c6d60 CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862636) NOTE: https://github.com/ImageMagick/ImageMagick/issues/453 CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862635) NOTE: https://github.com/ImageMagick/ImageMagick/issues/449 CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862634) NOTE: https://github.com/ImageMagick/ImageMagick/issues/450 CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862633) NOTE: https://github.com/ImageMagick/ImageMagick/issues/451 CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows at ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862632) NOTE: https://github.com/ImageMagick/ImageMagick/issues/454 CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows atta ...) {DSA-3863-1 DLA-1081-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862590) NOTE: https://github.com/ImageMagick/ImageMagick/issues/452 CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862589) NOTE: https://github.com/ImageMagick/ImageMagick/issues/448 CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862587) NOTE: https://github.com/ImageMagick/ImageMagick/issues/447 CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862579) NOTE: https://github.com/ImageMagick/ImageMagick/issues/443 CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862578) NOTE: https://github.com/ImageMagick/ImageMagick/issues/445 CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862577) NOTE: https://github.com/ImageMagick/ImageMagick/issues/441 CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862575) NOTE: https://github.com/ImageMagick/ImageMagick/issues/440 CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862573) NOTE: https://github.com/ImageMagick/ImageMagick/issues/442 CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862574) NOTE: https://github.com/ImageMagick/ImageMagick/issues/446 CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows atta ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-7 (bug #862572) NOTE: https://github.com/ImageMagick/ImageMagick/issues/444 CVE-2017-8341 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-8340 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a ...) NOT-FOR-US: Panda Free Antivirus CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...) NOT-FOR-US: MikroTik CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) NOT-FOR-US: Securifi CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...) - telegram-desktop 1.1.19-2 NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666 CVE-2016-10350 (The archive_read_format_cab_read_header function in archive_read_suppo ...) {DSA-4360-1 DLA-1600-1 DLA-1006-1} - libarchive 3.2.2-3.1 (bug #861609) NOTE: https://github.com/libarchive/libarchive/issues/835 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0) CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 a ...) {DSA-4360-1 DLA-1600-1 DLA-1006-1} - libarchive 3.2.2-3.1 (bug #861609) NOTE: https://github.com/libarchive/libarchive/issues/834 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0) CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracl ...) {DLA-2187-1 DLA-934-1} - radicale 1.1.1+20160115-4 (bug #861514) NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsene ...) NOT-FOR-US: ImageWorsener CVE-2017-8326 (libimageworsener.a in ImageWorsener before 1.3.1 has "left shift canno ...) NOT-FOR-US: ImageWorsener CVE-2017-8325 (The iw_process_cols_to_intermediate function in imagew-main.c in libim ...) NOT-FOR-US: ImageWorsener CVE-2017-8324 RESERVED CVE-2017-8323 RESERVED CVE-2017-8322 RESERVED CVE-2017-8321 RESERVED CVE-2017-8320 RESERVED CVE-2017-8319 RESERVED CVE-2017-8318 RESERVED CVE-2017-8317 RESERVED CVE-2017-8316 (IntelliJ IDEA XML parser was found vulnerable to XML External Entity a ...) NOT-FOR-US: IntelliJ IDEA XML parser CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier w ...) - apktool 2.2.4-1 (low) [stretch] - apktool (Minor issue) NOTE: Upstream bug with details is restricted NOTE: According to Red Hat only eclipse-andmore was affected but it was NOTE: never shipped with Debian. Apktool is affected though. NOTE: Possible fixes: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c NOTE: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed NOTE: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063 CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 a ...) {DLA-1243-1} - kodi 2:17.1+dfsg1-3 (bug #863230) - xbmc [jessie] - xbmc (Minor issue) NOTE: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ NOTE: https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release NOTE: Fixed by https://github.com/xbmc/xbmc/commit/35cfe35608b15335ef21d798947fceab3f47c8d7 CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...) {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...) {DSA-3899-1} - vlc 2.2.6-1~deb9u1 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...) {DSA-3899-1} - vlc 2.2.5-1 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...) {DSA-3899-1} - vlc 2.2.5.1-1~deb9u1 [wheezy] - vlc (Not supported in wheezy LTS) NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...) {DLA-1497-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-5 (bug #862280) - qemu-kvm NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=3268a845f41253fb55852a8429c32b50f36f349a CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...) NOT-FOR-US: Avast Antivirus CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...) NOT-FOR-US: Avast Antivirus CVE-2017-8306 RESERVED CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) NOT-FOR-US: Accellion FTA devices CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ad ...) NOT-FOR-US: Mura CMS CVE-2017-8300 RESERVED CVE-2017-8299 RESERVED CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Pos ...) NOT-FOR-US: cnvs.io Canvas CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before 20 ...) NOT-FOR-US: simple-file-manager CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is w ...) {DLA-925-1} - kedpm (bug #860817) [jessie] - kedpm 1.0+deb8u1 NOTE: patch in BTS gives workaround to always prompt for password and do not save NOTE: to database. NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/9 CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a password- ...) {DSA-3870-1 DLA-975-1} - wordpress 4.7.5+dfsg-2 (bug #862053) NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html NOTE: https://core.trac.wordpress.org/ticket/25239 NOTE: https://core.trac.wordpress.org/changeset/48601 (5.5) CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote attack ...) - yara 3.6.0+dfsg-1 (bug #861590) [stretch] - yara (Minor issue, too intrusive to backport) [jessie] - yara (Minor issue, too intrusive to backport) NOTE: https://github.com/VirusTotal/yara/issues/646 NOTE: https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e CVE-2017-8293 RESERVED CVE-2017-8292 RESERVED CVE-2017-8290 (A potential Buffer Overflow Vulnerability (from a BB Code handling iss ...) - teamspeak-server [wheezy] - teamspeak-server (non-free is not supported) CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in sys/ ...) NOT-FOR-US: RIOS OS CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to rel ...) - gnome-shell 3.22.3-3 [jessie] - gnome-shell (Minor issue) [wheezy] - gnome-shell (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781728 NOTE: https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1 CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a buffe ...) - udfclient 0.8.8-1 (bug #861347) CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_ ...) - libressl (bug #754513) NOTE: https://www.openwall.com/lists/oss-security/2017/04/27/11 CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...) {DSA-3838-1 DLA-932-1} - ghostscript 9.20~dfsg-3.1 (bug #861295) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private) NOTE: Full report viewable at: https://bugzilla.suse.com/show_bug.cgi?id=1036453 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a he ...) {DSA-3839-1 DLA-931-1} - freetype 2.6.3-3.2 (bug #861308) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 CVE-2017-8286 RESERVED CVE-2017-8285 RESERVED CVE-2017-8284 (The disas_insn function in target/i386/translate.c in QEMU before 2.9. ...) - qemu 1:2.10.0-1 (unimportant) - qemu-kvm (unimportant) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14 NOTE: qemu issue without security implication per upstream CVE-2017-8282 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) NOT-FOR-US: XnView Classic for Windows CVE-2017-8281 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8280 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8279 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon aut ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl i ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android re ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8252 (Kernel can inject faults in computations during the execution of Trust ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8249 REJECTED CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...) NOT-FOR-US: Qualcomm Telephony CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF ...) - linux (Android-specific patch) CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while process ...) - linux (Android-specific patch) CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF ...) - linux (Android-specific patch) CVE-2017-8243 (A buffer overflow can occur in all Qualcomm products with Android for ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race condit ...) - linux (Android-specific patch) CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Android driver CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel driv ...) - linux 4.0.2-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, userspace-con ...) NOT-FOR-US: Android driver CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Android driver CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Android driver CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Android driver CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory stru ...) NOT-FOR-US: Android driver CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of bou ...) NOT-FOR-US: Android driver CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...) NOT-FOR-US: Android driver CVE-2017-8232 REJECTED CVE-2017-8231 RESERVED CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...) NOT-FOR-US: Amcrest CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenti ...) NOT-FOR-US: Amcrest CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots w ...) NOT-FOR-US: Amcrest CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout poli ...) NOT-FOR-US: Amcrest CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default creden ...) NOT-FOR-US: Amcrest CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...) - dpkg 1.18.24 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2017/04/20/2 CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (con ...) NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account ...) NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the R ...) NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS ...) NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunne ...) NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) NOT-FOR-US: TP-Link CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) NOT-FOR-US: TP-Link CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032 ...) NOT-FOR-US: TP-Link CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) NOT-FOR-US: TP-Link CVE-2017-8216 (Warsaw Huawei Smart phones with software of versions earlier than Wars ...) NOT-FOR-US: Huawei CVE-2017-8215 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...) NOT-FOR-US: Huawei CVE-2017-8214 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...) NOT-FOR-US: Huawei CVE-2017-8213 (Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R00 ...) NOT-FOR-US: Huawei CVE-2017-8212 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) NOT-FOR-US: Huawei CVE-2017-8211 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) NOT-FOR-US: Huawei CVE-2017-8210 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) NOT-FOR-US: Huawei CVE-2017-8209 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) NOT-FOR-US: Huawei CVE-2017-8208 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) NOT-FOR-US: Huawei CVE-2017-8207 (The driver of honor 5C, honor 6x Huawei smart phones with software of ...) NOT-FOR-US: Huawei CVE-2017-8206 (HONOR 7 Lite mobile phones with software of versions earlier than NEM- ...) NOT-FOR-US: Huawei CVE-2017-8205 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...) NOT-FOR-US: Huawei CVE-2017-8204 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...) NOT-FOR-US: Huawei CVE-2017-8203 (The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with softw ...) NOT-FOR-US: Huawei CVE-2017-8202 (The CameraISP driver of some Huawei smart phones with software of vers ...) NOT-FOR-US: Huawei CVE-2017-8201 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) NOT-FOR-US: Huawei CVE-2017-8200 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) NOT-FOR-US: Huawei CVE-2017-8199 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) NOT-FOR-US: Huawei CVE-2017-8198 (FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability ...) NOT-FOR-US: Huawei CVE-2017-8197 (FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerabil ...) NOT-FOR-US: Huawei CVE-2017-8196 (FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vul ...) NOT-FOR-US: Huawei CVE-2017-8195 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...) NOT-FOR-US: Huawei CVE-2017-8194 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...) NOT-FOR-US: Huawei CVE-2017-8193 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command inject ...) NOT-FOR-US: Huawei CVE-2017-8192 (FusionSphere OpenStack V100R006C00 has an improper authorization vulne ...) NOT-FOR-US: Huawei CVE-2017-8191 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic ...) NOT-FOR-US: Huawei CVE-2017-8190 (FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verificat ...) NOT-FOR-US: Huawei CVE-2017-8189 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vuln ...) NOT-FOR-US: Huawei CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection v ...) NOT-FOR-US: Huawei CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege e ...) NOT-FOR-US: Huawei CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of earlier than ...) NOT-FOR-US: Huawei CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a p ...) NOT-FOR-US: Huawei CVE-2017-8184 (MTK platform in Huawei smart phones with software of earlier than Nice ...) NOT-FOR-US: Huawei CVE-2017-8183 (MTK platform in Huawei smart phones with software of earlier than Nice ...) NOT-FOR-US: Huawei CVE-2017-8182 (MTK platform in Huawei smart phones with software of earlier than Nice ...) NOT-FOR-US: Huawei CVE-2017-8181 (The camera driver of MTK platform in Huawei smart phones with software ...) NOT-FOR-US: Huawei CVE-2017-8180 (The camera driver of MTK platform in Huawei smart phones with software ...) NOT-FOR-US: Huawei CVE-2017-8179 (The camera driver of MTK platform in Huawei smart phones with software ...) NOT-FOR-US: Huawei CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones with software of earlier than ...) NOT-FOR-US: Huawei CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not support sig ...) NOT-FOR-US: Huawei CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 ver ...) NOT-FOR-US: Huawei CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier than Vic ...) NOT-FOR-US: Huawei CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001 ...) NOT-FOR-US: Huawei CVE-2017-8173 (Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart ...) NOT-FOR-US: Huawei CVE-2017-8172 (Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL ...) NOT-FOR-US: Huawei CVE-2017-8171 (Huawei smart phones with software earlier than Vicky-AL00AC00B172D ver ...) NOT-FOR-US: Huawei CVE-2017-8170 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...) NOT-FOR-US: Huawei CVE-2017-8169 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...) NOT-FOR-US: Huawei CVE-2017-8168 (FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R0 ...) NOT-FOR-US: Huawei CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A ...) NOT-FOR-US: Huawei CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before Duke-A ...) NOT-FOR-US: Huawei CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...) NOT-FOR-US: Huawei CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...) NOT-FOR-US: Huawei CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...) NOT-FOR-US: Huawei CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...) NOT-FOR-US: Huawei CVE-2017-8161 (EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D0 ...) NOT-FOR-US: Huawei CVE-2017-8160 (The Madapt Driver of some Huawei smart phones with software Earlier th ...) NOT-FOR-US: Huawei CVE-2017-8159 (Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019, ...) NOT-FOR-US: Huawei CVE-2017-8158 (FusionCompute V100R005C00 and V100R005C10 have an improper authorizati ...) NOT-FOR-US: Huawei CVE-2017-8157 (OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor ...) NOT-FOR-US: Huawei CVE-2017-8156 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...) NOT-FOR-US: Huawei CVE-2017-8155 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...) NOT-FOR-US: Huawei CVE-2017-8154 (The Themes App Honor 8 Lite Huawei mobile phones with software of vers ...) NOT-FOR-US: Huawei CVE-2017-8153 (Huawei VMall (for Android) with the versions before 1.5.8.5 have a pri ...) NOT-FOR-US: Huawei CVE-2017-8152 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...) NOT-FOR-US: Huawei CVE-2017-8151 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...) NOT-FOR-US: Huawei CVE-2017-8150 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...) NOT-FOR-US: Huawei CVE-2017-8149 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...) NOT-FOR-US: Huawei CVE-2017-8148 (Audio driver in P9 smartphones with software The versions before EVA-A ...) NOT-FOR-US: Huawei CVE-2017-8147 (AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software ...) NOT-FOR-US: Huawei CVE-2017-8146 (The call module of P10 and P10 Plus smartphones with software versions ...) NOT-FOR-US: Huawei CVE-2017-8145 (The call module of P10 and P10 Plus smartphones with software versions ...) NOT-FOR-US: Huawei CVE-2017-8144 (Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones ...) NOT-FOR-US: Huawei CVE-2017-8143 (Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software ...) NOT-FOR-US: Huawei CVE-2017-8142 (The Trusted Execution Environment (TEE) module driver of Mate 9 and Ma ...) NOT-FOR-US: Huawei CVE-2017-8141 (The Touch Panel (TP) driver in P10 Plus smart phones with software ver ...) NOT-FOR-US: Huawei CVE-2017-8140 (The soundtrigger driver in P9 Plus smart phones with software versions ...) NOT-FOR-US: Huawei CVE-2017-8139 (HedEx Earlier than V200R006C00 versions have the stored cross-site scr ...) NOT-FOR-US: Huawei CVE-2017-8138 (HedEx Earlier than V200R006C00 versions has a cross-site request forge ...) NOT-FOR-US: Huawei CVE-2017-8137 (HedEx Earlier than V200R006C00 versions has a dynamic link library (DL ...) NOT-FOR-US: Huawei CVE-2017-8136 (HedEx Earlier than V200R006C00 versions has an arbitrary file download ...) NOT-FOR-US: Huawei CVE-2017-8135 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) NOT-FOR-US: Huawei CVE-2017-8134 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) NOT-FOR-US: Huawei CVE-2017-8133 (Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a ...) NOT-FOR-US: Huawei CVE-2017-8132 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) NOT-FOR-US: Huawei CVE-2017-8131 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) NOT-FOR-US: Huawei CVE-2017-8130 (The UMA product with software V200R001 and V300R001 has an information ...) NOT-FOR-US: Huawei CVE-2017-8129 (The UMA product with software V200R001 and V300R001 has a privilege el ...) NOT-FOR-US: Huawei CVE-2017-8128 (The UMA product with software V200R001 and V300R001 has a privilege el ...) NOT-FOR-US: Huawei CVE-2017-8127 (The UMA product with software V200R001 has a cross-site scripting (XSS ...) NOT-FOR-US: Huawei CVE-2017-8126 (The UMA product with software V200R001 has a privilege elevation vulne ...) NOT-FOR-US: Huawei CVE-2017-8125 (The UMA product with software V200R001 and V300R001 has a cross-site s ...) NOT-FOR-US: Huawei CVE-2017-8124 (The UMA product with software V200R001 has a privilege elevation vulne ...) NOT-FOR-US: Huawei CVE-2017-8123 (The UMA product with software V200R001 has a privilege elevation vulne ...) NOT-FOR-US: Huawei CVE-2017-8122 (The UMA product with software V200R001 has a privilege elevation vulne ...) NOT-FOR-US: Huawei CVE-2017-8121 (The UMA product with software V200R001 and V300R001 has an information ...) NOT-FOR-US: Huawei CVE-2017-8120 (The UMA product with software V200R001 and V300R001 has a privilege el ...) NOT-FOR-US: Huawei CVE-2017-8119 (The UMA product with software V200R001 and V300R001 has a privilege el ...) NOT-FOR-US: Huawei CVE-2017-8118 (The UMA product with software V200R001 and V300R001 has an information ...) NOT-FOR-US: Huawei CVE-2017-8117 (The UMA product with software V200R001 and V300R001 has a privilege el ...) NOT-FOR-US: Huawei CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka LuCI) w ...) NOT-FOR-US: Teltonika RUT9XX routers CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...) NOT-FOR-US: MODX CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated us ...) {DLA-933-1} - roundcube 1.2.3+dfsg.1-4 (bug #861388) NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.2.5 NOTE: https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x) NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.9 NOTE: https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50 (1.1.x) NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.0.11 NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x) CVE-2017-8113 RESERVED CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ...) {DLA-1497-1} - qemu 1:2.8+dfsg-5 (bug #861351) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1445621 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=f68826989cd4d1217797251339579c57b3c0934e CVE-2017-8111 RESERVED CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 1069 ...) NOT-FOR-US: modified eCommerce Shopsoftware CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 co ...) - salt 2016.11.5+ds-1 (bug #861219) [stretch] - salt 2016.11.2+ds-1+deb9u2 [jessie] - salt (Vulnerable code not present) NOTE: https://github.com/saltstack/salt/issues/40075 NOTE: https://github.com/saltstack/salt/pull/40609 NOTE: https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151 CVE-2017-8108 (Unspecified tests in Lynis before 2.5.0 allow local users to write to ...) - lynis 2.5.0-1 (unimportant) [wheezy] - lynis (Vulnerable code do not exist) NOTE: Neutralised by kernel hardening CVE-2017-8107 RESERVED CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3 ...) - linux 3.16.2-1 [wheezy] - linux (Vulnerable code not present) NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4) CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a he ...) {DSA-3839-1 DLA-918-1} - freetype 2.6.3-3.2 (bug #861220) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 CVE-2017-8104 (In MyBB before 1.8.11, the smilie module allows Directory Traversal vi ...) NOT-FOR-US: MyBB CVE-2017-8103 (In MyBB before 1.8.11, the Email MyCode component allows XSS, as demon ...) NOT-FOR-US: MyBB CVE-2017-8102 (Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admi ...) - serendipity CVE-2017-8101 (There is CSRF in Serendipity 2.0.5, allowing attackers to install any ...) - serendipity CVE-2017-8100 (There is CSRF in the CopySafe Web Protection plugin before 2.6 for Wor ...) NOT-FOR-US: CopySafe Web Protection plugin CVE-2017-8099 (There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing ...) NOT-FOR-US: WHIZZ plugin for Wordpress CVE-2017-8098 (e107 2.1.4 is vulnerable to cross-site request forgery in plugin-insta ...) NOT-FOR-US: e107 CVE-2017-8097 RESERVED CVE-2017-8096 RESERVED CVE-2017-8095 RESERVED CVE-2017-8094 RESERVED CVE-2017-8093 RESERVED CVE-2017-8092 RESERVED CVE-2017-8091 RESERVED CVE-2017-8090 RESERVED CVE-2017-8089 RESERVED CVE-2017-8088 RESERVED CVE-2017-8087 (Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with ...) NOT-FOR-US: AVM CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ...) {DLA-1497-1 DLA-1035-1 DLA-965-1} - qemu 1:2.8+dfsg-5 (bug #861348) - qemu-kvm NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4) NOTE: Introduced possibly by the fix d10142c11bdcecebe97fd834a834167053b7a05c to NOTE: partially fix CVE-2016-9602. CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...) NOT-FOR-US: Exponent CMS CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds c ...) {DSA-3945-1 DLA-1099-1} - linux 4.9.30-1 (low) NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2) NOTE: https://alephsecurity.com/vulns/aleph-2017023 CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status pac ...) NOT-FOR-US: OpenDaylight CVE-2017-1000360 (StreamCorruptedException and NullPointerException in OpenDaylight odl- ...) NOT-FOR-US: OpenDaylight CVE-2017-1000359 (Java out of memory error and significant increase in resource consumpt ...) NOT-FOR-US: OpenDaylight CVE-2017-1000358 (Controller throws an exception and does not allow user to add subseque ...) NOT-FOR-US: OpenDaylight CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets fr ...) NOT-FOR-US: OpenDaylight CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) - jenkins CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) - jenkins CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) - jenkins CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) - jenkins CVE-2017-8084 RESERVED CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 ...) NOT-FOR-US: CompuLab Intense PC and MintBox 2 devices CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, whic ...) NOT-FOR-US: concrete5 CVE-2017-8081 (Poor cryptographic salt initialization in admin/inc/template_functions ...) NOT-FOR-US: GetSimple CMS CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated user ...) NOT-FOR-US: HipChat CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...) - linux (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6) CVE-2017-8079 RESERVED CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested rem ...) NOT-FOR-US: TP-Link CVE-2017-8077 (On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a l ...) NOT-FOR-US: TP-Link CVE-2017-8076 (On the TP-Link TL-SG108E 1.0, admin network communications are RC4 enc ...) NOT-FOR-US: TP-Link CVE-2017-8075 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...) NOT-FOR-US: TP-Link CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...) NOT-FOR-US: TP-Link CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via D ...) {DSA-3836-1 DLA-919-1} - weechat 1.7-3 (bug #861121) [stretch] - weechat 1.6-1+deb9u1 NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c i ...) - linux 4.9.10-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/8e9faa15469ed7c7467423db4c62aeed3ff4cae3 CVE-2017-8071 (drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a ...) - linux 4.9.10-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/7a7b5df84b6b4e5d599c7289526eed96541a0654 CVE-2017-8070 (drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interac ...) - linux 4.9.13-1 [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478 CVE-2017-8069 (drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 inte ...) - linux 4.9.13-1 [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/7926aff5c57b577ab0f43364ff0c59d968f6a414 CVE-2017-8068 (drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 inte ...) - linux 4.9.10-1 (bug #852556) [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/5593523f968bc86d42a035c6df47d5e0979b5ace CVE-2017-8067 (drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x bef ...) - linux 4.9.25-1 [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/c4baad50297d84bde1a7ad45e50c73adae4a2192 CVE-2017-8066 (drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x befo ...) - linux 4.9.16-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/c919a3069c775c1c876bec55e00b2305d5125caa CVE-2017-8065 (crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 inte ...) - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032 CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...) {DSA-3886-1} - linux 4.9.25-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a CVE-2017-8063 (drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x ...) - linux 4.9.25-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/3f190e3aec212fc8c61e202c51400afa7384d4bc CVE-2017-8062 (drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10. ...) - linux 4.9.16-1 [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/606142af57dad981b78707234cfbd15f9f7b7125 CVE-2017-8061 (drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x ...) - linux 4.9.25-1 [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Se ...) NOT-FOR-US: Panda CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF ...) NOT-FOR-US: Foxit CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipCha ...) NOT-FOR-US: HipChat CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) NOT-FOR-US: Joomla! CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) NOT-FOR-US: WatchGuard CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML- ...) NOT-FOR-US: WatchGuard CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...) - libpodofo 0.9.5-9 (bug #860995) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) NOTE: and the worst case is a DoS. NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/ NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1872 NOTE: partially reverted in: https://sourceforge.net/p/podofo/code/1881 NOTE: ... and re-fixed in: https://sourceforge.net/p/podofo/code/1882 NOTE: and https://sourceforge.net/p/podofo/code/1883 CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack co ...) - libpodofo 0.9.6+dfsg-3 (bug #860994) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: http://openwall.com/lists/oss-security/2017/04/22/1 NOTE: https://sourceforge.net/p/podofo/tickets/7/ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1834 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1924 CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks.) NOT-FOR-US: Craft CMS CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...) NOT-FOR-US: Tenable Appliance CVE-2017-8050 (Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the We ...) NOT-FOR-US: Tenable Appliance CVE-2017-8049 REJECTED CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42 ...) NOT-FOR-US: Cloud Foundry CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...) NOT-FOR-US: Cloud Foundry CVE-2017-8046 (Malicious PATCH requests submitted to servers using Spring Data REST v ...) NOT-FOR-US: Spring Data REST CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an ...) NOT-FOR-US: Spring AMQP CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1 ...) NOT-FOR-US: Pivotal SSO CVE-2017-8043 REJECTED CVE-2017-8042 REJECTED CVE-2017-8041 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...) NOT-FOR-US: Pivotal CVE-2017-8040 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...) NOT-FOR-US: Pivotal CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Appl ...) NOT-FOR-US: Spring Web Flow CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0, access cont ...) NOT-FOR-US: Cloud Foundry Foundation Credhub-release CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and pri ...) NOT-FOR-US: Cloud Foundry CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) NOT-FOR-US: Cloud Foundry CVE-2017-8035 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) NOT-FOR-US: Cloud Foundry CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ve ...) NOT-FOR-US: Cloud Foundry CVE-2017-8033 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) NOT-FOR-US: Cloud Foundry CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ve ...) NOT-FOR-US: Cloud Foundry CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release (all ve ...) NOT-FOR-US: Cloud Foundry CVE-2017-8030 REJECTED CVE-2017-8029 REJECTED CVE-2017-8028 (In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some ...) {DSA-4046-1 DLA-1180-1} - libspring-ldap-java NOTE: https://pivotal.io/security/cve-2017-8028 NOTE: https://github.com/spring-projects/spring-ldap/issues/430 CVE-2017-8027 REJECTED CVE-2017-8026 REJECTED CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary f ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2 ...) NOT-FOR-US: EMC CVE-2017-8023 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...) NOT-FOR-US: EMC CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all suppor ...) NOT-FOR-US: EMC CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumen ...) NOT-FOR-US: EMC Elastic Cloud Storage CVE-2017-8020 (An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vuln ...) NOT-FOR-US: EMC CVE-2017-8019 (An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in mes ...) NOT-FOR-US: EMC CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only ...) NOT-FOR-US: EMC AppSync CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9 ...) NOT-FOR-US: EMC Network Configuration Manager CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...) NOT-FOR-US: RSA Archer GRC Platform CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection vulne ...) NOT-FOR-US: EMC CVE-2017-8014 REJECTED CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before pat ...) NOT-FOR-US: EMC Data Protection Adv CVE-2017-8012 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Sol ...) NOT-FOR-US: EMC CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution P ...) NOT-FOR-US: EMC CVE-2017-8010 REJECTED CVE-2017-8009 REJECTED CVE-2017-8008 REJECTED CVE-2017-8007 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Sol ...) NOT-FOR-US: EMC CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malic ...) NOT-FOR-US: EMC CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...) NOT-FOR-US: EMC CVE-2017-8004 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...) NOT-FOR-US: EMC CVE-2017-8003 (EMC Data Protection Advisor prior to 6.4 contains a path traversal vul ...) NOT-FOR-US: EMC Data Protection Advisor CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL i ...) NOT-FOR-US: EMC Data Protection Advisor CVE-2017-8001 (An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment ...) NOT-FOR-US: EMC CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...) NOT-FOR-US: EMC CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote au ...) NOT-FOR-US: Atlassian Eucalyptus CVE-2017-7998 (Multiple cross-site scripting (XSS) vulnerabilities in Gespage before ...) NOT-FOR-US: Gespage CVE-2017-7997 (Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow r ...) NOT-FOR-US: Gespage CVE-2017-7996 RESERVED CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges ...) {DLA-964-1} - xen 4.3.0-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033948 CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoD ...) - libpodofo 0.9.5-7 (bug #860930) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://github.com/icepng/PoC/tree/master/PoC1 NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849 CVE-2017-7993 RESERVED CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2 ...) NOT-FOR-US: Heartland Payment Systems Payment Gateway PHP SDK CVE-2016-10348 RESERVED CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serializ ...) NOT-FOR-US: Exponent CMS CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resul ...) NOT-FOR-US: OpenMRS CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...) NOT-FOR-US: Joomla! CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) NOT-FOR-US: Joomla! CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping o ...) NOT-FOR-US: Joomla! CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) NOT-FOR-US: Joomla! CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) NOT-FOR-US: Joomla! CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) NOT-FOR-US: Joomla! CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the J ...) NOT-FOR-US: Joomla! CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in libimob ...) {DLA-2168-1} - libplist 1.12+git+1+e37ca00-0.3 (bug #860945) [wheezy] - libplist (Minor issue) NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325 NOTE: https://github.com/libimobiledevice/libplist/issues/103 NOTE: The issue seems covered in prior versions of upstream dccd9290745345896e3a4a73154576a599fd8b7b NOTE: which is CVE-2017-6440. CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 Synt ...) NOT-FOR-US: Enalean Tuleap CVE-2017-7980 (Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick E ...) {DLA-1497-1 DLA-1035-1 DLA-939-1} - qemu 1:2.8+dfsg-4 - qemu-kvm NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ffaf857778286ca54e3804432a2369a279e73aa7 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f019722cbbb45aea153294fc8921fcc96a4d3fa2 CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software a ...) NOT-FOR-US: Samsung CVE-2017-7979 (The cookie feature in the packet action API implementation in net/sche ...) - linux (Only affects 4.11-rc1 onwards) CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers t ...) NOT-FOR-US: Screensavercc component in eLux RP CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...) {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860787) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...) {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860788) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...) NOT-FOR-US: Schneider Electric CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...) NOT-FOR-US: Schneider Electric CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) NOT-FOR-US: Schneider Electric CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) NOT-FOR-US: Schneider Electric CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) NOT-FOR-US: Schneider Electric CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...) NOT-FOR-US: Schneider Electric CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider Ele ...) NOT-FOR-US: Schneider CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...) NOT-FOR-US: Schneider CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...) NOT-FOR-US: Schneider CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software executa ...) NOT-FOR-US: Schneider CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the r ...) NOT-FOR-US: Zyxel CVE-2017-7963 (The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP ...) NOTE: PHP non-issue, might get rejected CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...) NOT-FOR-US: ImageWorsener CVE-2017-7961 (The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0 ...) {DLA-909-1} - libcroco 0.6.11-3 (bug #860961) [jessie] - libcroco (Minor issue; will be fixed via point release) NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ NOTE: https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 an ...) {DLA-909-1} - libcroco 0.6.11-3 (bug #860961) [jessie] - libcroco (Minor issue; will be fixed via point release) NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ NOTE: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 CVE-2017-7959 RESERVED CVE-2017-7958 RESERVED CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used ...) {DSA-3841-1 DLA-930-1} - libxstream-java 1.4.9-2 (bug #861521) NOTE: https://x-stream.github.io/CVE-2017-7957.html NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be CVE-2017-7956 RESERVED CVE-2017-7955 RESERVED CVE-2017-7954 RESERVED CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields.) NOT-FOR-US: INFOR EAM CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search fields, rela ...) NOT-FOR-US: INFOR EAM CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspe ...) NOT-FOR-US: WonderCMS CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Nitro Pro CVE-2017-7949 RESERVED CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.2 ...) - ghostscript 9.22~dfsg-1 (unimportant) [jessie] - ghostscript (Vulnerable code not present) [wheezy] - ghostscript (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...) NOT-FOR-US: NetApp CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...) NOT-FOR-US: aescrypt gem for Ruby CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...) - radare2 1.1.0+dfsg-5 (low; bug #860962) [jessie] - radare2 (Minor issue) [wheezy] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/7301 NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92 CVE-2017-7945 (The GlobalProtect external interface in Palo Alto Networks PAN-OS befo ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...) NOT-FOR-US: XOOPS CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remot ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736) NOTE: https://github.com/ImageMagick/ImageMagick/issues/427 CVE-2017-7942 (The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remot ...) - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860735) [jessie] - imagemagick (Vulnerable code not present, does not use pixel_info yet) [wheezy] - imagemagick (Vulnerable code not present, does not use pixel_info yet) NOTE: https://github.com/ImageMagick/ImageMagick/issues/429 CVE-2017-7941 (The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remot ...) {DSA-3863-1 DLA-960-1} - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860734) NOTE: https://github.com/ImageMagick/ImageMagick/issues/428 CVE-2017-7940 (The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ...) NOT-FOR-US: ImageWorsener CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...) NOT-FOR-US: ImageWorsener CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...) - dmitry (bug #1070370) [bookworm] - dmitry (Minor issue) [bullseye] - dmitry (Minor issue) [buster] - dmitry (Minor issue, crash in CLI tool, requires malicious parameter) NOTE: https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html NOTE: https://github.com/jaygreig86/dmitry/pull/12 CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact Gmb ...) NOT-FOR-US: Phoenix Contact CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.M ...) NOT-FOR-US: NXP i.MX devices CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGu ...) NOT-FOR-US: Phoenix Contact CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...) NOT-FOR-US: OSIsoft CVE-2017-7933 (In ABB IP GATEWAY 3.39 and prior, some configuration files contain pas ...) NOT-FOR-US: ABB CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...) NOT-FOR-US: NXP i.MX devices CVE-2017-7931 (In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform reso ...) NOT-FOR-US: ABB CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...) NOT-FOR-US: OSIsoft CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...) NOT-FOR-US: Advantech WebAccess CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer Engineer ...) NOT-FOR-US: Schweitzer Engineering Laboratories Security Gateway CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue wa ...) NOT-FOR-US: Dahua CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web AP ...) NOT-FOR-US: OSIsoft CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua DH-IPC- ...) NOT-FOR-US: Dahua CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell Automati ...) NOT-FOR-US: Rockwell CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision DS- ...) NOT-FOR-US: Hikvision CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium Netwo ...) NOT-FOR-US: Cambium Networks ePMP CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision DS-2CD2xx ...) NOT-FOR-US: Hikvision CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi Log ...) NOT-FOR-US: ABB WiFi Logger Card CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...) NOT-FOR-US: Newport CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks eP ...) NOT-FOR-US: Cambium Networks ePMP CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110 ...) NOT-FOR-US: Moxa CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...) NOT-FOR-US: ABB WiFi Logger Card CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...) NOT-FOR-US: Moxa CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation Pa ...) NOT-FOR-US: Rockwell Rockwell PanelView Plus CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...) NOT-FOR-US: Moxa CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...) NOT-FOR-US: Hanwha Techwin firmware CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...) NOT-FOR-US: CyberVision Kaa IoT Platform CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...) NOT-FOR-US: Digital Canal Structural Wind Analysis CVE-2017-7909 (A Use of Client-Side Authentication issue was discovered in Advantech ...) NOT-FOR-US: Advantech CVE-2017-7908 (A heap-based buffer overflow exists in the third-party product Gigasof ...) NOT-FOR-US: Gigasoft CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...) NOT-FOR-US: Schneider CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...) NOT-FOR-US: ABB CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in General Elec ...) NOT-FOR-US: General Electric CVE-2017-7904 RESERVED CVE-2017-7903 (A Weak Password Requirements issue was discovered in Rockwell Automati ...) NOT-FOR-US: Rockwell Automation CVE-2017-7902 (A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Ro ...) NOT-FOR-US: Rockwell Automation CVE-2017-7901 (A Predictable Value Range from Previous Values issue was discovered in ...) NOT-FOR-US: Rockwell Automation CVE-2017-7900 RESERVED CVE-2017-7899 (An Information Exposure issue was discovered in Rockwell Automation Al ...) NOT-FOR-US: Rockwell Automation CVE-2017-7898 (An Improper Restriction of Excessive Authentication Attempts issue was ...) NOT-FOR-US: Rockwell Automation CVE-2017-7897 (A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x befo ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...) {DSA-3886-1 DLA-993-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...) - passenger 6.0.10-1 (unimportant) NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441 NOTE: Source present, but passenger-install-nginx-module not installed CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party TEE ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer un ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can over ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some validati ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt w ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a dynamically ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive s ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack protect ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo St ...) NOT-FOR-US: Synology Photo Station CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID progra ...) NOT-FOR-US: Synology Photo Station CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...) NOT-FOR-US: Synology Photo Station CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory a ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the Hyperviso ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some interfac ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access contro ...) NOT-FOR-US: Qualcomm component for Android CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a Time-of-che ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ov ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code via ...) NOT-FOR-US: WinDjView CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can impers ...) - salt 2016.11.5+ds-1 [stretch] - salt (Minor issue) [jessie] - salt (Vulnerable code introduced later, but older versions did not verify master anyways) NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html NOTE: https://github.com/saltstack/salt/issues/48939 NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40159.patch NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40206.patch NOTE: The behaviour though was back off by default in a later commit again NOTE: cf. https://github.com/saltstack/salt/pull/40206 NOTE: The fix is the second part of the #40159 PR, but the behaviour is turned NOTE: off by default and needs considerations of admins before enabling. We still NOTE: consider the issue as fixed starting with this change. Details in NOTE: https://github.com/saltstack/salt/issues/48939#issuecomment-410777638 CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to ...) - capnproto 0.6.1-1 (unimportant; bug #860960) NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4 NOTE: So far only Apple's compiler has been shown to apply the problematic optimization, fixed in 0.5.3.1 upstream CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via th ...) NOT-FOR-US: SourceBans++ CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ...) {DSA-3938-1 DLA-1055-1} - php7.1 7.1.8-1 (unimportant) - php7.0 7.0.22-1 (unimportant) - php5 (unimportant) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74435 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 - libgd2 2.2.5-1 (bug #869263) NOTE: https://github.com/libgd/libgd/issues/399 NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424 CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...) - dolibarr 5.0.4+dfsg3-1 (bug #863544) NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall p ...) - dolibarr 5.0.4+dfsg3-1 (bug #863544) NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css. ...) - dolibarr 5.0.4+dfsg3-1 (bug #863544) NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to den ...) {DSA-3855-1 DLA-942-1} - jbig2dec 0.13-4.1 (bug #860460) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) - apcupsd (Only APC UPS Daemon on Windows) CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...) {DSA-3945-1 DLA-1099-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7) CVE-2017-7883 RESERVED CVE-2017-7882 (LibreOffice before 2017-03-14 has an out-of-bounds write related to th ...) - libreoffice (Vulnerable code not present in any release) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c CVE-2017-7881 (BigTree CMS through 4.2.17 relies on a substring check for CSRF protec ...) NOT-FOR-US: BigTree CMS CVE-2017-7880 RESERVED CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...) NOT-FOR-US: flatCore CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...) NOT-FOR-US: flatCore CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers t ...) NOT-FOR-US: flatCore CVE-2017-7876 (This command injection vulnerability in QTS allows attackers to run ar ...) NOT-FOR-US: QNAP QTS CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...) {DLA-2219-1 DLA-899-1} - feh 2.18-2 (low; bug #860367) NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d CVE-2017-7874 REJECTED CVE-2017-7873 RESERVED CVE-2017-7872 RESERVED CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...) NOT-FOR-US: trollepierre/tdm CVE-2016-1000259 REJECTED CVE-2016-1000258 REJECTED CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a h ...) {DSA-3837-1 DLA-910-1} - libreoffice 1:5.2.5-1 NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integ ...) - gnutls28 3.5.8-4 [jessie] - gnutls28 3.3.8-6+deb8u5 - gnutls26 [wheezy] - gnutls26 (Minor issue) NOTE: OpenPGP-related issue NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3 CVE-2017-7868 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...) {DSA-3830-1 DLA-947-1} - icu 57.1-6 (bug #860314) NOTE: http://bugs.icu-project.org/trac/changeset/39671 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437 CVE-2017-7867 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...) {DSA-3830-1 DLA-947-1} - icu 57.1-6 (bug #860314) NOTE: http://bugs.icu-project.org/trac/changeset/39671 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack- ...) - ffmpeg 7:3.2.4-1 - libav [jessie] - libav (vulnerable code not present) NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264 CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-b ...) {DLA-1654-1} - ffmpeg 7:3.2.4-1 - libav NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a he ...) - freetype (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509 CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-b ...) {DLA-1654-1} - ffmpeg 7:3.2.4-1 - libav NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e NOTE: libav in jessie only supports transparency with RGB palette, only parts of the upstream fix apply CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-b ...) {DSA-4012-1 DLA-1142-1} - ffmpeg 7:3.2.4-1 - libav NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a NOTE: Fixed in 11.11 CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write related to th ...) - grpc 1.2.5-1+nmu0 (bug #860316) CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused by a h ...) - grpc 1.2.5-1+nmu0 (bug #860316) CVE-2017-7859 (FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-b ...) - ffmpeg (Only affected master, not present in a release) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1034183 NOTE: https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb CVE-2017-7858 (FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ...) - freetype (Vulnerable code introduced in 2.6.4) NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738 CVE-2017-7857 (FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a he ...) - freetype (Vulnerable code introduced in 2.6.4) NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759 CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a h ...) - libreoffice (Didn't affect any released version of LibreOffice) CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a he ...) - freetype (Only affected head for about a day, see bug #860303) NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739 NOTE: Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8 NOTE: http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 CVE-2016-10327 (LibreOffice before 2016-12-22 has an out-of-bounds write caused by a h ...) - libreoffice 1:5.2.5-1 [jessie] - libreoffice (Vulnerable code not present) [wheezy] - libreoffice (Vulnerable code not present) NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416 CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS ...) NOT-FOR-US: IceWarp CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ...) - radare2 (Vulnerable code introduced later) CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can l ...) {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109265 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allo ...) NOT-FOR-US: D-Link CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an inadequat ...) NOT-FOR-US: D-Link CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109132 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109131 NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696 CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) {DSA-3879-1 DLA-898-1} - libosip2 4.1.0-2.1 (bug #860287) NOTE: https://savannah.gnu.org/support/index.php?109133 NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local priv ...) NOT-FOR-US: Nessus CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local deni ...) NOT-FOR-US: Nessus CVE-2017-7848 (RSS fields can inject new lines into the created email structure, modi ...) {DSA-4075-1 DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848 CVE-2017-7847 (Crafted CSS in an RSS feed can leak and reveal local path strings, whi ...) {DSA-4075-1 DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847 CVE-2017-7846 (It is possible to execute JavaScript in the parsed RSS feed when RSS f ...) {DSA-4075-1 DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846 CVE-2017-7845 (A buffer overflow occurs when drawing and validating elements using Di ...) - firefox (Only affects Firefox on Windows) - firefox-esr (Only affects Firefox ESR on Windows) - thunderbird (Only affects Firefox on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845 CVE-2017-7844 (A combination of an external SVG image referenced on a page and the co ...) - firefox 57.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844 CVE-2017-7843 (When Private Browsing mode is used, it is possible for a web worker to ...) {DSA-4062-1 DLA-1202-1} - firefox 57.0.1-1 - firefox-esr 52.5.2esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 CVE-2017-7842 (If a document's Referrer Policy attribute is set to "no-referrer" some ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842 CVE-2017-7841 RESERVED CVE-2017-7840 (JavaScript can be injected into an exported bookmarks file by placing ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840 CVE-2017-7839 (Control characters prepended before "javascript:" URLs pasted in the a ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839 CVE-2017-7838 (Punycode format text will be displayed for entire qualified internatio ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838 CVE-2017-7837 (SVG loaded through "" tags can use "" tags within the SVG d ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837 CVE-2017-7836 (The "pingsender" executable used by the Firefox Health Report dynamica ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836 CVE-2017-7835 (Mixed content blocking of insecure (HTTP) sub-resources in a secure (H ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835 CVE-2017-7834 (A "data:" URL loaded in a new tab did not inherit the Content Security ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 CVE-2017-7833 (Some Arabic and Indic vowel marker characters can be combined with Lat ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833 CVE-2017-7832 (The combined, single character, version of the letter 'i' with any of ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832 CVE-2017-7831 (A vulnerability where the security wrapper does not deny access to som ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831 CVE-2017-7830 (The Resource Timing API incorrectly revealed navigations in cross-orig ...) {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 - thunderbird 1:52.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830 CVE-2017-7829 (It is possible to spoof the sender's email address and display an arbi ...) {DSA-4075-1 DLA-1223-1} - thunderbird 1:52.5.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829 CVE-2017-7828 (A use-after-free vulnerability can occur when flushing and resizing la ...) {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 - thunderbird 1:52.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828 CVE-2017-7827 (Memory safety bugs were reported in Firefox 56. Some of these bugs sho ...) - firefox 57.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827 CVE-2017-7826 (Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ...) {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} - firefox 57.0-1 - firefox-esr 52.5.0esr-1 - thunderbird 1:52.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826 CVE-2017-7825 (Several fonts on OS X display some Tibetan and Arabic characters as wh ...) - firefox (Only affects Firefox on OS X) - firefox-esr (Only affects Firefox ESR on OS X) - icedove (Only affects Thunderbird on OS X) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825 CVE-2017-7824 (A buffer overflow occurs when drawing and validating elements with the ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824 CVE-2017-7823 (The content security policy (CSP) "sandbox" directive did not create a ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823 CVE-2017-7822 (The AES-GCM implementation in WebCrypto API accepts 0-length IV when i ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822 CVE-2017-7821 (A vulnerability where WebExtensions can download and attempt to open a ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821 CVE-2017-7820 (The "instanceof" operator can bypass the Xray wrapper mechanism. When ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820 CVE-2017-7819 (A use-after-free vulnerability can occur in design mode when image obj ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819 CVE-2017-7818 (A use-after-free vulnerability can occur when manipulating arrays of A ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818 CVE-2017-7817 (A spoofing vulnerability can occur when a page switches to fullscreen ...) - firefox (Only affects Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817 CVE-2017-7816 (WebExtensions could use popups and panels in the extension UI to load ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816 CVE-2017-7815 (On pages containing an iframe, the "data:" protocol can be used to cre ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815 CVE-2017-7814 (File downloads encoded with "blob:" and "data:" URL elements bypassed ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814 CVE-2017-7813 (Inside the JavaScript parser, a cast of an integer to a narrower type ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813 CVE-2017-7812 (If web content on a page is dragged onto portions of the browser UI, s ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812 CVE-2017-7811 (Memory safety bugs were reported in Firefox 55. Some of these bugs sho ...) - firefox 56.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811 CVE-2017-7810 (Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810 CVE-2017-7809 (A use-after-free vulnerability can occur when an editor DOM node is de ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7808 (A content security policy (CSP) "frame-ancestors" directive containing ...) - firefox 55.0-1 CVE-2017-7807 (A mechanism that uses AppCache to hijack a URL in a domain using fallb ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7806 (A use-after-free vulnerability can occur when the layer manager is fre ...) - firefox 55.0-1 CVE-2017-7805 (During TLS 1.2 exchanges, handshake hashes are generated which point t ...) {DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 - nss 2:3.33-1 NOTE: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618 (not public) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805 CVE-2017-7804 (The destructor function for the "WindowsDllDetourPatcher" class can be ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - icedove (Windows-specific) CVE-2017-7803 (When a page's content security policy (CSP) header contains a "sandbox ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7802 (A use-after-free vulnerability can occur when manipulating the DOM dur ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7801 (A use-after-free vulnerability can occur while re-computing layout for ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7800 (A use-after-free vulnerability can occur in WebSockets when the object ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7799 (JavaScript in the "about:webrtc" page is not sanitized properly being ...) - firefox 55.0-1 CVE-2017-7798 (The Developer Tools feature suffers from a XUL injection vulnerability ...) {DSA-3928-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 CVE-2017-7797 (Response header name interning does not have same-origin protections a ...) - firefox 55.0-1 CVE-2017-7796 (On Windows systems, the logger run by the Windows updater deletes the ...) - firefox (Windows-specific) CVE-2017-7795 RESERVED CVE-2017-7794 (On Linux systems, if the content process is compromised, the sandbox b ...) - firefox 55.0-1 CVE-2017-7793 (A use-after-free vulnerability can occur in the Fetch API when the wor ...) {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} - firefox 56.0-1 - firefox-esr 52.4.0esr-2 - thunderbird 1:52.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793 CVE-2017-7792 (A buffer overflow will occur when viewing a certificate in the certifi ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7791 (On pages containing an iframe, the "data:" protocol can be used to cre ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7790 (On Windows systems, if non-null-terminated strings are copied into the ...) - firefox (Windows-specific) CVE-2017-7789 (If a server sends two Strict-Transport-Security (STS) headers for a si ...) - firefox 55.0-1 (low) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642 CVE-2017-7788 (When an "iframe" has a "sandbox" attribute and its content is specifie ...) - firefox 55.0-1 CVE-2017-7787 (Same-origin policy protections can be bypassed on pages with embedded ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7786 (A buffer overflow can occur when the image renderer attempts to paint ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7785 (A buffer overflow can occur when manipulating Accessible Rich Internet ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7784 (A use-after-free vulnerability can occur when reading an image observe ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7783 (If a long user name is used in a username/password combination in a si ...) - firefox 55.0-1 CVE-2017-7782 (An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - icedove (Windows-specific) CVE-2017-7781 (An error occurs in the elliptic curve point addition algorithm that us ...) - firefox 55.0-1 CVE-2017-7780 (Memory safety bugs were reported in Firefox 54. Some of these bugs sho ...) - firefox 55.0-1 CVE-2017-7779 (Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library includi ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778 CVE-2017-7777 (Use of uninitialized memory in Graphite2 library in Firefox before 54 ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551 CVE-2017-7776 (Heap-based Buffer Overflow read in Graphite2 library in Firefox before ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607 CVE-2017-7775 REJECTED CVE-2017-7774 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174 CVE-2017-7773 (Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747 CVE-2017-7772 (Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745 CVE-2017-7771 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...) {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} - graphite2 1.3.10-1 - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047 CVE-2017-7770 (A mechanism where when a new tab is loaded through JavaScript events, ...) - firefox (Only Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770 CVE-2017-7769 RESERVED CVE-2017-7768 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768 CVE-2017-7767 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767 CVE-2017-7766 (An attack using manipulation of "updater.ini" contents, used by the Mo ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766 CVE-2017-7765 (The "Mark of the Web" was not correctly saved on Windows when files wi ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) - icedove (Only Thunderbird on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765 CVE-2017-7764 (Characters from the "Canadian Syllabics" unicode block can be mixed wi ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764 CVE-2017-7763 (Default fonts on OS X display some Tibetan characters as whitespace. W ...) - firefox (Only firefox on Mac OS X) - firefox-esr (Only Firefox ESR on Mac OS X) - icedove (Only Thunderbird on Mac OS X) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763 CVE-2017-7762 (When entered directly, Reader Mode did not strip the username and pass ...) - firefox 54.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762 CVE-2017-7761 (The Mozilla Maintenance Service "helper.exe" application creates a tem ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761 CVE-2017-7760 (The Mozilla Windows updater modifies some files to be updated by readi ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760 CVE-2017-7759 (Android intent URLs given to Firefox for Android can be used to naviga ...) - firefox (Only Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759 CVE-2017-7758 (An out-of-bounds read vulnerability with the Opus encoder when the num ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758 CVE-2017-7757 (A use-after-free vulnerability in IndexedDB when one of its objects is ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757 CVE-2017-7756 (A use-after-free and use-after-scope vulnerability when logging errors ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756 CVE-2017-7755 (The Firefox installer on Windows can be made to load malicious DLL fil ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox ESR on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755 CVE-2017-7754 (An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754 CVE-2017-7753 (An out-of-bounds read occurs when applying style rules to pseudo-eleme ...) {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} - firefox 55.0-1 - firefox-esr 52.3.0esr-1 - icedove 1:52.3.0-1 (bug #872834) CVE-2017-7752 (A use-after-free vulnerability during specific user interactions with ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752 CVE-2017-7751 (A use-after-free vulnerability with content viewer listeners that resu ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751 CVE-2017-7750 (A use-after-free vulnerability during video control operations when a ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750 CVE-2017-7749 (A use-after-free vulnerability when using an incorrect URL during the ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7749 CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector cou ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark (Vulnerable code introduced later) [wheezy] - wireshark (Vulnerable code introduced later) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581 CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissecto ...) {DLA-1634-1} - wireshark 2.2.6+g32dac6a-1 [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559 CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector co ...) {DLA-1634-1} - wireshark 2.2.6+g32dac6a-1 (low) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576 CVE-2017-7745 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector ...) - wireshark 2.2.6+g32dac6a-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-20.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578 CVE-2017-7744 RESERVED CVE-2017-7743 RESERVED CVE-2017-7742 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) {DLA-928-1} - libsndfile 1.0.27-3 (bug #860255) [jessie] - libsndfile (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ CVE-2017-7741 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch CVE-2017-7740 RESERVED CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy disc ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7738 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...) NOT-FOR-US: Fortinet CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...) NOT-FOR-US: Fortinet CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 t ...) NOT-FOR-US: Fortinet CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet Forti ...) NOT-FOR-US: Fortinet CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal version ...) NOT-FOR-US: Fortinet FortiPortal CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...) NOT-FOR-US: iSmartAlarm CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...) NOT-FOR-US: iSmartAlarm CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...) NOT-FOR-US: iSmartAlarm CVE-2017-7727 REJECTED CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation Vulnerabil ...) NOT-FOR-US: iSmartAlarm CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...) NOT-FOR-US: concrete5 CVE-2017-7724 RESERVED CVE-2017-7723 (XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the ...) NOT-FOR-US: Easy WP SMTP WordPress plugin CVE-2017-7722 (In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu ...) NOT-FOR-US: SolarWinds CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Acce ...) NOT-FOR-US: IrfanView CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...) NOT-FOR-US: PrivateTunnel CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) NOT-FOR-US: Spider Event Calendar CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...) {DLA-1497-1 DLA-1035-1 DLA-939-1} - qemu 1:2.8+dfsg-4 - qemu-kvm NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904 NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=3328c14e63f08fb07e8c6dec779c9d365e9e9864 (v2.8.1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443441 CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the E ...) NOT-FOR-US: SAP CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ...) - radare2 (Vulnerable code introduced later) NOTE: https://github.com/radare/radare2/issues/7260 CVE-2017-7715 RESERVED CVE-2017-7714 RESERVED CVE-2017-7713 RESERVED CVE-2017-7712 RESERVED CVE-2017-7711 RESERVED CVE-2017-7710 RESERVED CVE-2017-7709 RESERVED CVE-2017-7708 RESERVED CVE-2017-7707 RESERVED CVE-2017-7706 RESERVED CVE-2017-7705 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dis ...) - wireshark 2.2.6+g32dac6a-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-15.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13558 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=08d392bbecc8fb666bf979e70a34536007b83ea2 CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infini ...) - wireshark 2.2.6+g32dac6a-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-17.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8 CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector co ...) {DLA-1634-1} - wireshark 2.2.6+g32dac6a-1 (low) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9 CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector c ...) - wireshark 2.2.6+g32dac6a-1 (low) [jessie] - wireshark (Minor issue) [wheezy] - wireshark (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 NOTE: When for older releases fixing this entry, make sure to fix apply the NOTE: complete patch including https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 NOTE: to not open CVE-2017-11410. CVE-2017-7701 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector cou ...) - wireshark 2.2.6+g32dac6a-1 [jessie] - wireshark (Vulnerable code not present) [wheezy] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-16.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file pa ...) {DLA-1634-1 DLA-858-1} - wireshark 2.2.6+g32dac6a-1 (low) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53 CVE-2017-7699 RESERVED CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier all ...) - swftools 0.9.2+ds1-2 NOTE: https://github.com/matthiaskramm/swftools/pull/19 NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...) {DLA-2845-1} - libsamplerate 0.1.9-1 (bug #860159) [jessie] - libsamplerate (Minor issue) [wheezy] - libsamplerate (Minor issue) NOTE: https://github.com/erikd/libsamplerate/issues/11 NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/ NOTE: Fixed by: https://github.com/erikd/libsamplerate/commit/c3b66186656de44da18b7058aec099dbe782dd0b CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote at ...) NOT-FOR-US: SAP CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an at ...) NOT-FOR-US: BigTree CMS CVE-2017-7694 (Remote Code Execution vulnerability in symphony/content/content.bluepr ...) NOT-FOR-US: Symphony CMS CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbed OPN ...) NOT-FOR-US: Riverbed OPNET App Response Xpert (ARX) CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...) {DSA-3852-1 DLA-941-1} - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2017/04/19/6 NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...) NOT-FOR-US: SAP TREX CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...) NOT-FOR-US: Proxifier for Mac CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk Contr ...) NOT-FOR-US: Schneider Electric CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure manner.) NOT-FOR-US: Apache OpenMeetings CVE-2017-7687 (When handling a decoding failure for a malformed URL path of an HTTP r ...) - apache-mesos (bug #760315) CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to up ...) NOT-FOR-US: Apache Ignite CVE-2017-7685 (Apache OpenMeetings 1.0.0 responds to the following insecure HTTP meth ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7684 (Apache OpenMeetings 1.0.0 doesn't check contents of files being upload ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7683 (Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error s ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7682 (Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation atta ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7681 (Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7680 (Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml fil ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take a ...) - apache-spark (bug #802194) CVE-2017-7677 (In environments that use external location for hive tables, Hive Autho ...) NOT-FOR-US: Apache Ranger CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores characte ...) NOT-FOR-US: Apache Ranger CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...) - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.16-1 [stretch] - tomcat8 8.5.14-1+deb9u2 [jessie] - tomcat8 (Only affects 8.5.0 to 8.5.15) - tomcat7 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) - tomcat6 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120 CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...) {DSA-3974-1 DLA-1400-1} - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.16-1 - tomcat7 7.0.72-3 [wheezy] - tomcat7 (Vulnerable code not present) NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101 CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7672 (If an application allows enter an URL in a form field and built-in URL ...) - libstruts1.2-java (Vulnerable code not present) NOTE: Issue is specific to Struts 2.x. CVE-2017-7671 (There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ...) {DSA-4128-1} - trafficserver 7.1.2+ds-1 [wheezy] - trafficserver (Vulnerable code not present) NOTE: https://github.com/apache/trafficserver/pull/1941 CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...) NOT-FOR-US: Apache Traffic Control CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxConta ...) - hadoop (bug #793644) CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the re ...) NOT-FOR-US: Apache NiFi CVE-2017-7666 (Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7665 (In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain us ...) NOT-FOR-US: Apache NiFi CVE-2017-7664 (Uploaded XML documents were not correctly validated in Apache OpenMeet ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7663 (Both global and Room chat are vulnerable to XSS attack in Apache OpenM ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has ...) NOT-FOR-US: Apache CXF CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...) NOT-FOR-US: Apache CXF CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node communicat ...) - lucene-solr (Vulnerable code introduced later) NOTE: https://issues.apache.org/jira/browse/SOLR-10624 NOTE: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 in Apac ...) - apache2 2.4.25-4 [stretch] - apache2 2.4.25-3+deb9u1 [jessie] - apache2 (Vulnerable code not present) [wheezy] - apache2 (Vulnerable code not present) NOTE: HTTP/2 support introduced in 2.4.17 NOTE: https://www.openwall.com/lists/oss-security/2017/06/19/5 CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...) {DSA-4278-1} - jetty [jessie] - jetty (very hard to exploit, complex patch) - jetty8 [jessie] - jetty8 (very hard to exploit, complex patch) - jetty9 9.2.25-1 (low; bug #902953) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669 NOTE: https://github.com/eclipse/jetty.project/commit/a285deea NOTE: Exploit very unlikely, needs a very particular intermediary behaviour. CVE-2017-7657 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...) {DSA-4278-1} - jetty [jessie] - jetty (very hard to exploit, complex patch) - jetty8 [jessie] - jetty8 (very hard to exploit, complex patch) - jetty9 9.2.25-1 (low; bug #902953) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668 NOTE: https://github.com/eclipse/jetty.project/commit/a285deea CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...) {DSA-4278-1} - jetty [jessie] - jetty (very hard to exploit, complex patch) - jetty8 [jessie] - jetty8 (very hard to exploit, complex patch) - jetty9 9.2.25-1 (low; bug #902953) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667 NOTE: https://github.com/eclipse/jetty.project/commit/a285deea CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...) {DLA-2793-1 DLA-1972-1} - mosquitto 1.5.4-1 (low) [stretch] - mosquitto (Minor issue) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775 NOTE: https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...) {DSA-4325-1 DLA-1525-1} - mosquitto 1.5.4-1 (bug #911265) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493 NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ...) {DSA-4325-1 DLA-1525-1} - mosquitto 1.5.4-1 (bug #911266) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113 NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4 CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running wi ...) {DSA-4325-1 DLA-1409-1 DLA-1334-1} - mosquitto 1.4.15-1 NOTE: Patches: https://mosquitto.org/files/cve/2017-7652 NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...) {DSA-4325-1 DLA-1409-1 DLA-1334-1} - mosquitto 1.4.15-1 NOTE: Patches: https://mosquitto.org/files/cve/2017-7651 NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ CVE-2017-7650 (In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clie ...) {DSA-3865-1 DLA-961-1} - mosquitto 1.4.10-3 NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/ CVE-2017-7649 (The network enabled distribution of Kura before 2.1.0 takes control ov ...) NOT-FOR-US: Kura CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...) NOT-FOR-US: Foscam CVE-2017-7647 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an a ...) NOT-FOR-US: SolarWinds CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an a ...) NOT-FOR-US: SolarWinds CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel throu ...) {DSA-3886-1 DLA-993-1} - linux 4.9.25-1 NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...) NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges vi ...) NOT-FOR-US: Proxifier for Mac CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vag ...) NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7639 (QNAP NAS application Proxy Server through version 1.2.0 does not authe ...) NOT-FOR-US: QNAP CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7637 (QNAP NAS application Proxy Server through version 1.2.0 allows remote ...) NOT-FOR-US: QNAP CVE-2017-7636 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy ...) NOT-FOR-US: QNAP CVE-2017-7635 (QNAP NAS application Proxy Server through version 1.2.0 does not utili ...) NOT-FOR-US: QNAP CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...) NOT-FOR-US: QNAP NAS application Media Streaming add-on CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive informati ...) NOT-FOR-US: QNAP CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4 ...) NOT-FOR-US: File Station of QNAP QTS CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...) NOT-FOR-US: File Station of QNAP CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier al ...) NOT-FOR-US: QNAP CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...) NOT-FOR-US: QNAP QTS CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL injecti ...) NOT-FOR-US: Joomla extension CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not preven ...) NOT-FOR-US: Joomla extension CVE-2017-7626 (The "Smart related articles" extension 1.1 for Joomla! has XSS in dial ...) NOT-FOR-US: Joomla extension CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...) NOT-FOR-US: Fiyo CMS CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...) NOT-FOR-US: ImageWorsener CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsene ...) NOT-FOR-US: ImageWorsener CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15. ...) NOT-FOR-US: dde-daemon CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technomet ...) NOT-FOR-US: core-eMLi CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits ...) - mantis [wheezy] - mantis (Not supported in Wheezy LTS) NOTE: https://mantisbt.org/bugs/view.php?id=22909 NOTE: https://mantisbt.org/bugs/view.php?id=22702 CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2 CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscall ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6) NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain priv ...) NOT-FOR-US: Synology Photo Station CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated gue ...) NOT-FOR-US: Synology Photo Station CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and unauthentic ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://www.openwall.com/lists/oss-security/2017/04/16/2 CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) - binutils 2.28-4 (low; bug #859989) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/ NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections a ...) {DLA-1689-1} - elfutils 0.168-1 (bug #859990) [wheezy] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows rem ...) {DLA-1689-1} - elfutils 0.168-1 (bug #859991) [wheezy] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...) {DLA-1689-1} - elfutils 0.168-1 (bug #859992) [wheezy] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...) {DLA-1689-1} - elfutils 0.168-1 (bug #859993) [wheezy] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21 CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compressio ...) - elfutils 0.168-1 (bug #859994) [jessie] - elfutils (Vulnerable code not present) [wheezy] - elfutils (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/ CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in elfu ...) {DLA-1689-1} - elfutils 0.168-1 (bug #859995) [wheezy] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/ NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603 CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows rem ...) - elfutils 0.168-1 (bug #859996) [jessie] - elfutils (vulnerable code not present) [wheezy] - elfutils (vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/ CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion ...) NOT-FOR-US: libaacplus CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift ...) NOT-FOR-US: libaacplus CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed inte ...) NOT-FOR-US: libaacplus CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...) {DSA-3844-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 [wheezy] - tiff3 (vulnerable code not present) NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" un ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...) {DSA-3844-1 DLA-911-1} - tiff 4.0.7-6 (low) - tiff3 [wheezy] - tiff3 (vulnerable code not present) NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representa ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 - tiff3 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows re ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 (low; bug #860003) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653 NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in Lib ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 (low; bug #860001) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659 NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1 CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is proper ...) {DSA-3844-1 DLA-912-1 DLA-911-1} - tiff 4.0.7-6 (bug #860000) - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651 NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a lef ...) {DSA-3844-1 DLA-911-1} - tiff 4.0.7-6 (bug #859998) - tiff3 [wheezy] - tiff3 (vulnerable code not present) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658 NOTE: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before 13 ...) - asterisk 1:13.14.1~dfsg-1 (bug #859910) [jessie] - asterisk (Vulnerable code not present) [wheezy] - asterisk (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a floati ...) {DSA-3863-1 DLA-902-1} - imagemagick 8:6.9.7.4+dfsg-4 (bug #859769) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506 NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of repre ...) {DSA-3863-1 DLA-902-1} - imagemagick 8:6.9.7.4+dfsg-4 (bug #859771) NOTE: https://github.com/ImageMagick/ImageMagick/issues/415 NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/ CVE-2017-7591 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site ...) NOT-FOR-US: ForgeRock OpenIDM CVE-2017-7590 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site ...) NOT-FOR-US: ForgeRock OpenIDM CVE-2017-7589 (In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sens ...) NOT-FOR-US: ForgeRock OpenIDM CVE-2017-7588 (On certain Brother devices, authorization is mishandled by including a ...) NOT-FOR-US: Brother devices CVE-2017-7587 RESERVED CVE-2017-7586 (In libsndfile before 1.0.28, an error in the "header_read()" function ...) {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074 NOTE: https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236 NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) {DLA-928-1} - libsndfile 1.0.27-2 [jessie] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/ NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...) NOT-FOR-US: Foxit PDF Toolkit CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents.) - ilias (bug #195688) CVE-2017-7582 RESERVED CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module 5 ...) NOT-FOR-US: News module for TYPO3 CVE-2017-7580 RESERVED CVE-2017-7579 (inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field ...) NOT-FOR-US: phpMyFAQ CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) NOT-FOR-US: Dataprobe iBootBar CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of arbi ...) NOT-FOR-US: XiongMai uc-httpd CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login creden ...) NOT-FOR-US: DragonWave Horizon CVE-2017-7575 (Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote att ...) NOT-FOR-US: Schneider CVE-2017-7574 (Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modi ...) NOT-FOR-US: Schneider CVE-2017-7573 RESERVED CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...) - backintime 1.1.12-2 (bug #859815) [jessie] - backintime (Minor issue) [wheezy] - backintime (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/2 NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869 CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtai ...) NOT-FOR-US: Faveo CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ar ...) NOT-FOR-US: PivotX CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-64 ...) NOT-FOR-US: vBulletin CVE-2017-7568 (NetApp OnCommand Unified Manager for 7-Mode (core package) versions pr ...) NOT-FOR-US: NetApp CVE-2017-7567 RESERVED CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF protectio ...) NOT-FOR-US: MyBB CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that allo ...) NOT-FOR-US: Splunk Hadoop Connect App CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive d ...) NOT-FOR-US: ARM CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...) NOT-FOR-US: ARM CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a filena ...) NOT-FOR-US: textract CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC c ...) NOT-FOR-US: ARM CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8 ...) NOT-FOR-US: ClipBucket CVE-2016-1000306 REJECTED CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allo ...) {DLA-890-1} - ming NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/1 NOTE: https://github.com/libming/libming/issues/68 CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth int ...) - krb5 (Vulnerable code introduced later, cf. #873281) NOTE: https://github.com/krb5/krb5/pull/694 NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2 NOTE: https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196 NOTE: https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerab ...) - resteasy 3.6.2-1 (bug #873392) [jessie] - resteasy (CORS Filter added in 3.0.7.Final) - resteasy3.0 3.0.26-1 (bug #908836) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823 NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704 NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028 NOTE: Fixed in 4.0.0.Beta1, 3.0.25.Final, 3.5.0.CR1 CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable that a ...) - rhnsd (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550 NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1. ...) - undertow 1.4.23-1 (bug #885576) NOTE: CVE is for an incomplete fix of CVE-2017-2666 NOTE: Invalid characters were still allowed in the query string and path parameters. NOTE: https://issues.jboss.org/browse/UNDERTOW-1165 NOTE: https://issues.jboss.org/browse/UNDERTOW-1295 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 CVE-2017-7558 (A kernel data leak due to an out-of-bound read was found in the Linux ...) - linux 4.12.13-1 [stretch] - linux 4.9.30-2+deb9u5 [jessie] - linux (Vulnerable code introduced later 4.7 and not backported) [wheezy] - linux (Vulnerable code introduced later 4.7 and not backported) CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechan ...) - dnsdist 1.2.0-1 (low; bug #872854) [stretch] - dnsdist 1.1.0-2+deb9u1 NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html NOTE: https://downloads.powerdns.com/patches/2017-02 CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulne ...) NOT-FOR-US: hawtio CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...) {DSA-3949-1 DLA-1067-1} - augeas 1.8.1-1 (bug #872400) NOTE: https://github.com/hercules-team/augeas/pull/480 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373 CVE-2017-7554 (It was found that the App Studio component of RHMAP 4.4 executes javas ...) NOT-FOR-US: Red Hat Mobile Application Platform CVE-2017-7553 (The external_request api call in App Studio (millicore) allows server ...) NOT-FOR-US: Red Hat Mobile Application Platform CVE-2017-7552 (A flaw was discovered in the file editor of millicore, affecting versi ...) NOT-FOR-US: Red Hat Mobile Application Platform CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to pass ...) - 389-ds-base 1.3.6.7-1 (bug #870752) [stretch] - 389-ds-base (Minor issue) [jessie] - 389-ds-base (vulnerable code not present) NOTE: https://pagure.io/389-ds-base/issue/49336 CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...) - ansible 2.4.2.0+dfsg-1 (unimportant) NOTE: https://github.com/ansible/ansible/issues/30874 NOTE: https://github.com/ansible/ansible/pull/30875 NOTE: Just an insecure example CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat Op ...) NOT-FOR-US: instack-undercloud CVE-2017-7548 (PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to a ...) {DSA-3936-1 DSA-3935-1} - postgresql-9.6 9.6.4-1 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) [wheezy] - postgresql-9.1 (Vulnerable code not present) - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) NOTE: https://www.postgresql.org/about/news/1772/ CVE-2017-7547 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...) {DSA-3936-1 DSA-3935-1 DLA-1051-1} - postgresql-9.6 9.6.4-1 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) NOTE: https://www.postgresql.org/about/news/1772/ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...) {DSA-3936-1 DSA-3935-1 DLA-1051-1} - postgresql-9.6 9.6.4-1 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) NOTE: https://www.postgresql.org/about/news/1772/ CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 perform ...) NOT-FOR-US: jbpm-designer / jBPM CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...) {DLA-2214-1} - libexif 0.6.21-2.1 (bug #876466) [stretch] - libexif 0.6.21-2+deb9u2 [wheezy] - libexif (Minor issue) NOTE: https://sourceforge.net/p/libexif/bugs/130/ CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before 7.2.0 ...) - neutron (Specific to Red Hat packaging) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792 CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linu ...) {DSA-3945-1 DSA-3927-1 DLA-1099-1} - linux 4.12.6-1 NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6 CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/b ...) {DSA-3945-1 DSA-3927-1} - linux 4.12.6-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are v ...) NOT-FOR-US: Safemode ruby gem CVE-2017-7539 (An assertion-failure flaw was found in Qemu before 2.10.1, in the Netw ...) - qemu (Vulnerable code introduced in v2.9.0-rc0) - qemu-kvm (Vulnerable code introduced in v2.9.0-rc0) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 CVE-2017-7538 (A cross-site scripting (XSS) flaw was found in how an organization nam ...) NOT-FOR-US: Red Hat Satellite CVE-2017-7537 (It was found that a mock CMC authentication plugin with a hardcoded se ...) - dogtag-pki 10.3.5+12-5 (bug #869261) NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817 CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...) - libhibernate-validator-java 4.3.3-4 (bug #885577) [stretch] - libhibernate-validator-java 4.3.3-1+deb9u1 [jessie] - libhibernate-validator-java (Vulnerable code introduced in 4.3) [wheezy] - libhibernate-validator-java (Vulnerable code introduced in 4.3) NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573 CVE-2017-7535 (foreman before version 1.16.0 is vulnerable to a stored XSS in organiz ...) - foreman (bug #663101) CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...) NOT-FOR-US: OpenShift CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel thro ...) {DSA-3945-1 DSA-3927-1} - linux 4.12.6-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/08/03/2 NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1) CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default setti ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=355556 CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...) - moodle (Only affects 3.3) NOTE: https://moodle.org/mod/forum/discuss.php?d=355555 CVE-2017-7530 (In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5 ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...) {DSA-3908-1 DLA-1024-1} - nginx 1.13.3-1 (bug #868109) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html NOTE: Fixed in 1.13.3, 1.12.1. CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 i ...) NOT-FOR-US: Ansible Tower CVE-2017-7527 REJECTED CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...) {DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1} - libgcrypt20 1.7.8-1 - libgcrypt11 - gnupg2 (Uses system libgcrypt) - gnupg1 1.4.22-1 [stretch] - gnupg1 (Only affects the legacy packages) - gnupg NOTE: https://eprint.iacr.org/2017/627 NOTE: Fixes for RSA exponent blinding fixes (A): NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38 NOTE: Fixes for mpi_powm itsef (B): NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3 NOTE: For the particular attack to RSA, either (A) or (B) is enough. In NOTE: general cases, (A) plus (B) is needed. NOTE: For GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce NOTE: GnuPG1: https://dev.gnupg.org/D438 CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...) {DSA-4004-1 DLA-2342-1 DLA-2091-1} - jackson-databind 2.9.1-1 (bug #870848) - libjackson-json-java 1.9.13-2 [buster] - libjackson-json-java 1.9.13-2~deb10u1 NOTE: https://github.com/FasterXML/jackson-databind/issues/1599 NOTE: For libjackson-json-java: NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31 CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...) - tpm2-tools 2.1.0-1 (bug #866257) NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157 CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buff ...) NOT-FOR-US: Cygwin CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...) - openvpn 2.4.3-1 (unimportant) [jessie] - openvpn (x509-track implemented in 2.4.0) [wheezy] - openvpn (x509-track implemented in 2.4.0) NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected NOTE: code present. CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...) {DSA-3900-1} - openvpn 2.4.3-1 (bug #865480) [wheezy] - openvpn (Vulnerable code not present) NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/2d032c7fcdfd692c851ea2fa858b4c2d9ea7d52d NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/cb4e35ece4a5b70b10ef9013be3bff263d82f32b NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/2341f716198fa90193e040b3fdb16959a47c6c27 NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/040084067119dd5a9e15eb3bcfc0079debaa3777 NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238 NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...) {DSA-3900-1 DLA-999-1} - openvpn 2.4.3-1 (bug #865480) NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77 NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2 NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924 NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper par ...) {DSA-4339-1} - ceph 12.2.8+dfsg1-1 (bug #864535) [jessie] - ceph (Vulnerable code not present) NOTE: http://tracker.ceph.com/issues/20240 CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way th ...) {DSA-3981-1} - linux 4.11.11-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/5 NOTE: https://www.spinics.net/lists/kvm/msg151817.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473 NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4 CVE-2017-7517 (An input validation vulnerability exists in Openshift Enterprise due t ...) NOT-FOR-US: OpenShift CVE-2017-7516 REJECTED CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...) - poppler 0.57.0-2 (unimportant) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3 NOTE: Crash in CLI tool, no security implications CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action e ...) NOT-FOR-US: Red Hat Satellite CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the PostgreS ...) NOT-FOR-US: Red Hat Satellite CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2. ...) NOT-FOR-US: Red Hat 3scale CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer deref ...) - poppler 0.57.0-2 (unimportant; bug #863759) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101149 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153 NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a NOTE: Crash in CLI tool, no security implications CVE-2017-7510 (In ovirt-engine 4.1, if a host was provisioned with cloud-init, the ro ...) NOT-FOR-US: ovirt-engine CVE-2017-7509 (An input validation error was found in Red Hat Certificate System's ha ...) NOT-FOR-US: Red Hat Certificate System CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...) {DSA-3900-1} - openvpn 2.4.3-1 (bug #865480) [wheezy] - openvpn (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022 NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92 NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/fc61d1bda112ffc669dbde961fab19f60b3c7439 CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dere ...) {DSA-3884-1} [experimental] - gnutls28 3.5.13-1 - gnutls28 3.5.8-6 (bug #864560) - gnutls26 [wheezy] - gnutls26 (Vulnerable code not present) NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4 NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03 NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory acce ...) {DSA-3907-1} - spice 0.12.8-2.2 (bug #868083) [wheezy] - spice (Vulnerable code not introduced later) CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) - foreman (bug #663101) CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the Jbos ...) NOT-FOR-US: Red Hat JBoss CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax. ...) NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was found w ...) {DSA-3872-1 DLA-971-1} [experimental] - nss 2:3.29-1 - nss 2:3.26.2-1.1 (bug #863839) NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary files ...) - rpm (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133 NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) CVE-2017-7500 (It was found that rpm did not properly handle RPM installations when a ...) - rpm (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369 NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) CVE-2017-7499 REJECTED CVE-2017-7498 REJECTED CVE-2017-7497 (The dialog for creating cloud volumes (cinder provider) in CloudForms ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to loca ...) NOT-FOR-US: fedora-arm-installer CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=order ...) - linux 4.6.2-1 [jessie] - linux 3.16.39-1 [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824 CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulne ...) {DSA-3860-1 DLA-951-1} - samba 2:4.5.8+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...) {DLA-1497-1 DLA-1035-1 DLA-965-1} - qemu 1:2.8+dfsg-6 - qemu-kvm NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html CVE-2017-7492 REJECTED CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=352355 CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible becaus ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=352354 CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership o ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=352353 CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure whil ...) NOT-FOR-US: authconfig in Red Hat CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel thro ...) {DSA-3886-1 DLA-993-1} - linux 4.9.30-1 NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg ...) {DSA-3851-1 DLA-1051-1} - postgresql-9.6 9.6.3-1 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) - postgresql-8.4 (feature not present in 8.x) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808 CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9 ...) {DSA-3851-1} - postgresql-9.6 9.6.3-1 - postgresql-9.4 - postgresql-9.1 (bug introduced in 9.3) - postgresql-8.4 (bug introduced in 9.3) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL ...) {DSA-3851-1} - postgresql-9.6 9.6.3-1 - postgresql-9.4 - postgresql-9.1 [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) [wheezy] - postgresql-9.1 (Vulnerable code do not exist) - postgresql-8.4 [wheezy] - postgresql-8.4 (Vulnerable code do not exist) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6 CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...) {DLA-2683-1} - rxvt 1:2.7.10-7.1 (low; bug #861694) [jessie] - rxvt (Minor issue) [wheezy] - rxvt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/05/01/15 CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...) {DSA-3945-1 DSA-3927-1 DLA-1099-1} - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0 CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...) {DLA-2535-1} - ansible 2.3.1.0+dfsg-1 (bug #862666) [jessie] - ansible (vulnerable code introduced in version 2.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018 NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over in ...) {DLA-1039-1} - rkhunter 1.4.4-1 (bug #866677) [stretch] - rkhunter 1.4.2-6+deb9u1 [jessie] - rkhunter 1.4.2-0.4+deb8u1 NOTE: https://www.openwall.com/lists/oss-security/2017/06/29/2 NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...) {DLA-944-1} - openvpn 2.4.0-5 (low) [jessie] - openvpn 2.3.4-5+deb8u2 NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master) NOTE: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 (2.4.x) NOTE: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x) NOTE: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x) NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...) - openvpn 2.4.0-5 [jessie] - openvpn (Vulnerable code introduced later) [wheezy] - openvpn (Vulnerable code introduced later) NOTE: https://github.com/OpenVPN/openvpn/commit/5774cf4c25e1d8bf4e544702db8f157f111c9d93 (master) NOTE: https://github.com/OpenVPN/openvpn/commit/66b99a0753352c5cc43e11e39835b6423112df98 (2.4.x) NOTE: https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3 (2.3.x) NOTE: Introduced in: https://github.com/OpenVPN/openvpn/commit/3c1b19e04745177185decd14da82c71458442b82 (2.4.0) NOTE: Introduced in (backported to 2.3.12): https://github.com/OpenVPN/openvpn/commit/358f513c008bf01fadb82759ac75ffb8613fc785 NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec modul ...) - linux 4.9.25-1 [jessie] - linux (Introduced in 4.6) [wheezy] - linux (Introduced in 4.6) NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/4 NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ ...) - gnulib (Vulnerable code introduced later) NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571 NOTE: Introduced with 4bc76593 and 4e6e16b3f. CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...) - cairo (low; bug #870264) [bookworm] - cairo (Minor issue) [bullseye] - cairo (Minor issue) [buster] - cairo (Minor issue) [stretch] - cairo (Minor issue) [jessie] - cairo (Minor issue) [wheezy] - cairo (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763 NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/80 CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handl ...) NOT-FOR-US: Keycloak CVE-2017-7473 REJECTED CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows local use ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 NOTE: https://lkml.org/lkml/2017/4/1/235 NOTE: https://lkml.org/lkml/2017/4/3/724 CVE-2017-7471 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...) {DLA-1035-1} - qemu 1:2.8+dfsg-5 (bug #860785) [jessie] - qemu (Vulnerable code introduced with fix for CVE-2016-9602) [wheezy] - qemu (Vulnerable code introduced with fix for CVE-2016-9602) - qemu-kvm (Vulnerable code introduced with fix for CVE-2016-9602) NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e NOTE: Fixed by (stable-2.8): http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf (v2.8.1.1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443401 NOTE: Introduced by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=acf22d2264a131ad2695b5a18746dabf0cc8b843 NOTE: which is part of the fix for CVE-2016-9602. CVE-2017-7470 (It was found that spacewalk-channel can be used by a non-admin user or ...) NOT-FOR-US: Red Hat / spacewalk-backend CVE-2017-7469 REJECTED CVE-2017-7468 (In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would atte ...) - curl 7.52.1-5 [jessie] - curl (Only affects 7.52 and later) [wheezy] - curl (Only affects 7.52 and later) NOTE: https://curl.haxx.se/docs/adv_20170419.html CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before version 2.7 ...) {DLA-914-1} - minicom 2.7-1.1 (bug #860940) [jessie] - minicom 2.7-1+deb8u1 NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/5 CVE-2017-7466 (Ansible before version 2.3 has an input validation vulnerability in th ...) - ansible 2.2.1.0-2 [jessie] - ansible (Vulnerable code not present) NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1) CVE-2017-7465 (It was found that the JAXP implementation used in JBoss EAP 7.0 for XS ...) NOT-FOR-US: JBoss JAXP CVE-2017-7464 (It was found that the JAXP implementation used in JBoss EAP 7.0 for SA ...) NOT-FOR-US: JBoss JAXP CVE-2017-7463 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflecte ...) NOT-FOR-US: Red Hat business central CVE-2017-7462 (Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a r ...) NOT-FOR-US: Intellinet NFC-30ir IP Camera CVE-2017-7461 (Directory traversal vulnerability in the web-based management site on ...) NOT-FOR-US: Intellinet NFC-30ir IP Camera CVE-2017-7460 RESERVED CVE-2017-7459 (ntopng before 3.0 allows HTTP Response Splitting.) - ntopng 2.4+dfsg1-4 (bug #866719) [stretch] - ntopng (Minor issue) [jessie] - ntopng (Minor issue) NOTE: https://github.com/ntop/ntopng/commit/9469e58f07e043da712e6d6c41244852a11bcaeb CVE-2017-7458 (The NetworkInterface::getHost function in NetworkInterface.cpp in ntop ...) - ntopng 2.4+dfsg1-4 (bug #866721) [stretch] - ntopng (Minor issue) [jessie] - ntopng (Minor issue) NOTE: https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f CVE-2017-7457 (XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 r ...) NOT-FOR-US: Moxa CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service b ...) NOT-FOR-US: Moxa CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private k ...) NOT-FOR-US: Moxa CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) NOT-FOR-US: ImageWorsener CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) NOT-FOR-US: ImageWorsener CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in libimageworsene ...) NOT-FOR-US: ImageWorsener CVE-2017-7451 RESERVED CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated ...) NOT-FOR-US: AIRTAME HDMI dongle CVE-2017-7449 RESERVED CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.h ...) - lepton 1.2.1-3 (bug #859714) NOTE: https://github.com/dropbox/lepton/issues/86 NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7 CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) NOT-FOR-US: HelpDEZk CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtai ...) NOT-FOR-US: HelpDEZk CVE-2017-7445 RESERVED CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...) - nextcloud (bug #835086) CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspe ...) NOT-FOR-US: Exponent CMS CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) - libxslt (unimportant; bug #859796) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119 NOTE: There's no indication that math.random() in intended to ensure cryptographic NOTE: randomness requirements. Proper seeding needs to happen in the application NOTE: using libxslt. CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking vul ...) NOT-FOR-US: Veritas System Recovery CVE-2017-7442 (Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Nitro Pro CVE-2017-7441 (In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the ...) NOT-FOR-US: Sophos CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ap ...) NOT-FOR-US: Kerio CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...) NOT-FOR-US: NetApp CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...) NOT-FOR-US: NetIQ Privileged Account Manager CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...) NOT-FOR-US: NetIQ Privileged Account Manager CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned packag ...) - libzypp 17.3.1-1 (bug #899065) [jessie] - libzypp (Minor issue) CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM reposit ...) - libzypp 17.3.1-1 (bug #899065) [jessie] - libzypp (Minor issue) CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending out in ...) NOT-FOR-US: NetIQ Identity Manager CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...) NOT-FOR-US: Micro Focus Vibe CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) NOT-FOR-US: Novell Novell iManager and NetIQ iManager CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) NOT-FOR-US: Novell Novell iManager and NetIQ iManager CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) NOT-FOR-US: Novell Novell iManager and NetIQ iManager CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Pat ...) NOT-FOR-US: NetIQ eDirectory PKI plugin CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...) NOT-FOR-US: NetIQ iManager CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity Manag ...) NOT-FOR-US: NetIQ Identity Manager Plug-in CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...) NOT-FOR-US: NetIQ Identity Manager Plugins CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager versio ...) NOT-FOR-US: NetIQ CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in ...) NOT-FOR-US: Micro Focus CVE-2017-7422 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...) NOT-FOR-US: Micro Focus CVE-2017-7421 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...) NOT-FOR-US: Micro Focus CVE-2017-7420 (An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterpr ...) NOT-FOR-US: Micro Focus CVE-2017-7419 (A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 b ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the h ...) - proftpd-dfsg 1.3.5b-4 (low; bug #859592) [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2 [wheezy] - proftpd-dfsg (Minor issue) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295 NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed NOTE: https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f CVE-2017-7417 RESERVED CVE-2017-7416 (ntopng before 3.0 allows XSS because GET and POST parameters are impro ...) - ntopng 3.2+dfsg1-1 (bug #866722) [stretch] - ntopng (Minor issue) [jessie] - ntopng (Minor issue) CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypas ...) NOT-FOR-US: Atlassian Confluence CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function i ...) - linux 4.7.4-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) CVE-2017-7414 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...) {DLA-1398-1} - php-horde-crypt 2.7.5-2 (bug #859635) CVE-2017-7413 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...) {DLA-1398-1} - php-horde-crypt 2.7.5-2 (bug #859635) CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...) NOT-FOR-US: NixOS specific Docker issue CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The ...) NOT-FOR-US: Enalean Tuleap CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and accou ...) NOT-FOR-US: WebsiteBaker CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect e ...) NOT-FOR-US: Palo Alto Networks CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...) NOT-FOR-US: Palo Alto Networks Traps ESM Console CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...) {DLA-883-1} - curl 7.52.1-4 (unimportant; bug #859500) NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13 NOTE: Negligible security impact CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any o ...) NOT-FOR-US: D-Link CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this dev ...) NOT-FOR-US: D-Link CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...) NOT-FOR-US: D-Link CVE-2017-7403 RESERVED CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ar ...) NOT-FOR-US: Pixie CMS CVE-2017-7401 (Incorrect interaction of the parse_packet() and parse_part_sign_sha256 ...) {DLA-884-1} - collectd 5.7.2-1 (bug #859494) [stretch] - collectd (Minor issue) [jessie] - collectd (Minor issue) NOTE: https://github.com/collectd/collectd/issues/2174 NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211 CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 a ...) - horizon 3:10.0.1-1 (bug #859559) [jessie] - horizon (Vulnerable code not present) [wheezy] - horizon (Vulnerable code not present) NOTE: https://launchpad.net/bugs/1667086 CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex S ...) - ghostscript 9.22~dfsg-2.1 (bug #860869) [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 [jessie] - ghostscript 9.06~dfsg-2+deb8u7 [wheezy] - ghostscript (Not directly reproducible, to re-evaluate once the upstream fix is known) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 NOTE: I got the reproducer file from the bug submitter and tried to reproduce it. NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2 NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind NOTE: reports no buffer overrun. -- Raphael Hertzog CVE-2017-1001000 (The register_routes function in wp-includes/rest-api/endpoints/class-w ...) - wordpress 4.7.2+dfsg-1 [jessie] - wordpress (Vulnerable code introduced after 4.4) [wheezy] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7 NOTE: rest-api introduced in 4.4 upstream CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G CVE-2016-1000351 REJECTED CVE-2016-1000350 REJECTED CVE-2016-1000349 REJECTED CVE-2016-1000348 REJECTED CVE-2016-1000268 REJECTED CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...) NOT-FOR-US: Cloudera CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...) NOT-FOR-US: D-Link CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...) NOT-FOR-US: BackBox OS specific CVE assignment CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unaut ...) - tigervnc 1.7.0+dfsg-7 (bug #859259) NOTE: https://github.com/TigerVNC/tigervnc/pull/436 NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0 CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by c ...) - tigervnc 1.7.0+dfsg-7 (bug #859259) NOTE: https://github.com/TigerVNC/tigervnc/pull/436 NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689 CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), una ...) - tigervnc 1.7.0+dfsg-7 (bug #859259) NOTE: https://github.com/TigerVNC/tigervnc/pull/440 CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an a ...) - tigervnc 1.7.0+dfsg-7 (bug #859259) NOTE: https://github.com/TigerVNC/tigervnc/pull/438 CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityV ...) - tigervnc 1.7.0+dfsg-7 (bug #859259) NOTE: https://github.com/TigerVNC/tigervnc/pull/441 CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vul ...) NOT-FOR-US: Magmi CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...) NOT-FOR-US: SocialNetwork CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Rel ...) NOT-FOR-US: The Open eClass Platform CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Th ...) NOT-FOR-US: WallacePOS CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a r ...) NOT-FOR-US: HelpMeWatchWho CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie ...) NOT-FOR-US: symetrie CVE-2017-7385 RESERVED CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allow ...) NOT-FOR-US: FlipBuilder Flip PDF CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attac ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #859329) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attac ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #859329) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attacker ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #859329) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attacker ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #859329) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncodi ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #859331) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/2 NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/ CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoF ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #859330) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/1 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847 CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...) {DLA-1497-1 DLA-1035-1 DLA-965-1} - qemu 1:2.8+dfsg-4 (bug #859854) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e NOTE: https://www.openwall.com/lists/oss-security/2017/04/03/2 NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...) {DSA-3952-1 DLA-1060-1} - libxml2 2.9.4+dfsg1-3.1 (bug #870865) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4 NOTE: Fix upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e NOTE: The upstream patch has the slight consequence that some port values end up NOTE: negative when cast to a 32-bit int. A negative port though in the URL would NOTE: make the URL invalid. It is discussed if instead it would be best to prevent NOTE: the port from ever being negative. Upstream decided to leave the above patch. CVE-2017-7375 (A flaw in libxml2 allows remote XML entity inclusion with default pars ...) {DSA-3952-1 DLA-1008-1} - libxml2 2.9.4+dfsg1-3.1 (bug #870867) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa NOTE: Fix upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...) - linux 4.9.25-1 [jessie] - linux (Vulnerable code not present; Introduced in 4.2-rc1) [wheezy] - linux (Vulnerable code not present; Introduced in 4.2-rc1) NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4) CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a double free ...) NOT-FOR-US: Android display driver CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race condit ...) NOT-FOR-US: Android CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data pointe ...) NOT-FOR-US: Android CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race condit ...) NOT-FOR-US: Android CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an array inde ...) - linux (Android-specific) CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race condit ...) NOT-FOR-US: Android driver CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an integer un ...) NOT-FOR-US: Android CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL ioctl ...) NOT-FOR-US: Android driver CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Android CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack ...) NOT-FOR-US: Pixie CMS CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attac ...) NOT-FOR-US: Pixie CMS CVE-2017-7361 (Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack ...) NOT-FOR-US: Pixie CMS CVE-2017-7360 (Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.) NOT-FOR-US: Pixie CMS CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.) NOT-FOR-US: Pixie CMS CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in debian/guest ...) - lightdm (Vulnerable code not present) NOTE: https://launchpad.net/bugs/1677924 NOTE: Specific script debian/guest-account.sh not merged from Ubuntu CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with Ser ...) NOT-FOR-US: Hipchat Server CVE-2017-7356 RESERVED CVE-2017-7355 RESERVED CVE-2017-7354 RESERVED CVE-2017-7353 RESERVED CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...) NOT-FOR-US: Pure Storage Purity CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap 7.x be ...) NOT-FOR-US: REDCap CVE-2017-7350 RESERVED CVE-2017-7349 RESERVED CVE-2017-7348 RESERVED CVE-2017-7347 RESERVED CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmw ...) {DSA-3945-1 DSA-3927-1} - linux 4.11.6-1 [wheezy] - linux (Vulnerable code introduced in 3.14) NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...) NOT-FOR-US: NetApp CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows re ...) NOT-FOR-US: SAP CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in SA ...) NOT-FOR-US: MobiLink Synchronization Server CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earli ...) NOT-FOR-US: Fortinet FortiClient Windows CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...) NOT-FOR-US: Fortinet FortiPortal CVE-2017-7342 (A weak password recovery process vulnerability in Fortinet FortiPortal ...) NOT-FOR-US: Fortinet CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 throu ...) NOT-FOR-US: Fortinet CVE-2017-7340 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...) NOT-FOR-US: Fortinet CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...) NOT-FOR-US: Fortinet FortiPortal CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions 4 ...) NOT-FOR-US: Fortinet FortiPortal CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal versi ...) NOT-FOR-US: Fortinet FortiPortal CVE-2017-7336 (A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lo ...) NOT-FOR-US: Fortinet CVE-2017-7335 (A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x ...) NOT-FOR-US: Fortinet CVE-2017-7334 RESERVED CVE-2017-7333 RESERVED CVE-2017-7332 RESERVED CVE-2017-7331 RESERVED CVE-2017-7330 RESERVED CVE-2017-7329 RESERVED CVE-2017-7328 RESERVED CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...) NOT-FOR-US: Yandex Browser installer for Desktop CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 al ...) NOT-FOR-US: Yandex Browser for Android CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the addr ...) NOT-FOR-US: Yandex Browser CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier a ...) NOT-FOR-US: MODX Revolution CVE-2017-7323 (The (1) update and (2) package-installation features in MODX Revolutio ...) NOT-FOR-US: MODX Revolution CVE-2017-7322 (The (1) update and (2) package-installation features in MODX Revolutio ...) NOT-FOR-US: MODX Revolution CVE-2017-7321 (setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier ...) NOT-FOR-US: MODX Revolution CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...) NOT-FOR-US: MODX Revolution CVE-2017-7319 REJECTED CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote comman ...) NOT-FOR-US: Siklu EtherHaul CVE-2017-7317 (An issue was discovered on Humax Digital HG100 2.0.6 devices. The atta ...) NOT-FOR-US: Humax Digital HG100 CVE-2017-7316 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. There i ...) NOT-FOR-US: Humax Digital HG100R CVE-2017-7315 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. To down ...) NOT-FOR-US: Humax Digital HG100R CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) NOT-FOR-US: Personify360 e-Business CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) NOT-FOR-US: Personify360 e-Business CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) NOT-FOR-US: Personify360 e-Business CVE-2017-7311 RESERVED CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...) NOT-FOR-US: Sync Breeze Enterprise CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...) NOT-FOR-US: Riverbed RiOS CVE-2017-7306 (Riverbed RiOS through 9.6.0 has a weak default password for the secure ...) NOT-FOR-US: Riverbed RiOS CVE-2017-7305 (Riverbed RiOS through 9.6.0 does not require a bootloader password, wh ...) NOT-FOR-US: Riverbed RiOS CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20931 CVE-2017-7303 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20922 CVE-2017-7302 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20921 CVE-2017-7301 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20924 CVE-2017-7300 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20909 CVE-2017-7299 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) - binutils 2.27.51.20161220-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20908 CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote a ...) NOT-FOR-US: Ceragon FibeAir CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built- ...) NOT-FOR-US: Siklu EtherHaul CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and S ...) NOT-FOR-US: Trango CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with ...) NOT-FOR-US: Trango CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2 ...) NOT-FOR-US: Trango CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remot ...) NOT-FOR-US: SAP CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ke ...) {DLA-922-1} - linux 4.9.18-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2 NOTE: Fixed by: https://git.kernel.org/linus/8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70 NOTE: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Ad ...) - moodle (unimportant) NOTE: http://www.daimacn.com/post/12.html NOTE: https://tracker.moodle.org/browse/MDL-52038 NOTE: Not considered a security issue/bug upstream, disputed that it got a CVE NOTE: assigned. Mark as unimportant as non-issue. CVE-2017-7297 (Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated user ...) NOT-FOR-US: Rancher Labs rancher server CVE-2017-7296 (An issue was discovered in Contiki Operating System 3.0. A Persistent ...) NOT-FOR-US: Contiki Operating System CVE-2017-7295 (An issue was discovered in Contiki Operating System 3.0. A use-after-f ...) NOT-FOR-US: Contiki Operating System CVE-2017-7293 (The Dolby DAX2 and DAX3 API services are vulnerable to a privilege esc ...) NOT-FOR-US: Dolby CVE-2017-7294 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...) {DLA-922-1} - linux 4.9.18-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/e7e11f99564222d82f0ce84bd521e57d78a6b678 CVE-2017-7292 RESERVED CVE-2017-7291 RESERVED CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before ...) NOT-FOR-US: XOOPS CVE-2017-7289 RESERVED CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) NOT-FOR-US: Zimbra CVE-2017-7287 RESERVED CVE-2017-7286 REJECTED CVE-2016-10303 RESERVED CVE-2016-10302 RESERVED CVE-2016-10301 RESERVED CVE-2016-10300 RESERVED CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver cou ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could e ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver cou ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) NOT-FOR-US: Mediatek driver for Android CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) NOT-FOR-US: Mediatek driver for Android CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) NOT-FOR-US: Mediatek driver for Android CVE-2016-10279 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10278 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader cou ...) NOT-FOR-US: Motorola component for Android CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...) NOT-FOR-US: Qualcomm component for Android CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...) NOT-FOR-US: Mediatek driver for Android CVE-2015-9018 RESERVED CVE-2015-9017 RESERVED CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a pos ...) {DSA-4187-1} - linux 4.2.3-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1) CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles counte ...) - linux 3.16.7-ckt7-1 [wheezy] - linux (Vulnerable code not present) CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the L ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the L ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in th ...) {DSA-3945-1} - linux 4.0.2-1 (low) [wheezy] - linux (Vulnerable code not present) CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 releas ...) NOT-FOR-US: MikroTik CVE-2017-7284 (An attacker that has hijacked a Unitrends Enterprise Backup (before 9. ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7283 (An authenticated user of Unitrends Enterprise Backup before 9.1.2 can ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7282 (An issue was discovered in Unitrends Enterprise Backup before 9.1.1. T ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7281 (An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends Enter ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 w ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 44 ...) NOT-FOR-US: ASSA ABLOY APTUS Styra Porttelefonkort 4400 CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TI ...) - linux (Vulnerable code introduced in 4.10-rc1) CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before ...) NOT-FOR-US: TOPdesk CVE-2017-7275 (The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ...) - imagemagick (unimportant; bug #859025) NOTE: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/ NOTE: https://github.com/ImageMagick/ImageMagick/issues/271 NOTE: Furthermore: upstream is not able to reproduce the problem as well NOTE: The problem result in a memory allocation issue when compiled with ASAN NOTE: but unreproducible from unstream. Since no more details can be provided NOTE: and the issue not addressed, treat this as "non-issue" (and thus marked NOTE: unimportant). If in future details can be elaborated by the reporter NOTE: we might re-evaluate this entry. CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...) - radare2 (Vulnerable parsers introduced in 1.3.0-git, cf. #858873) NOTE: https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf NOTE: https://github.com/radare/radare2/issues/7152 CVE-2017-7271 (Reflected Cross-site scripting (XSS) vulnerability in Yii Framework be ...) - yii (bug #597899) CVE-2017-7270 RESERVED CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...) {DLA-922-1} - linux 4.9.6-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110 CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...) {DLA-875-1} - php7.3 [buster] - php7.3 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) - php7.1 - php7.0 [stretch] - php7.0 (Upstream patch breaks existing applications, revisit if a new approach has been identified) - php5 [jessie] - php5 (Never applied to PHP 5 by upstream, breaks existing applications) NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a NOTE: https://bugs.php.net/bug.php?id=74216 NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3 CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ser ...) NOT-FOR-US: Windows CVE-2017-7268 RESERVED CVE-2017-7267 RESERVED CVE-2017-7266 (Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout ...) NOT-FOR-US: Netflix Security Monkey CVE-2017-7265 RESERVED CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function in fi ...) {DSA-3797-1} - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow NOTE: in fz_subsample_pixmap. CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows rem ...) - potrace 1.15-1 (bug #858763) [stretch] - potrace (Minor issue) [jessie] - potrace (Minor issue) [wheezy] - potrace (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/ NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH NOTE: This CVE is for an incomplete fix of CVE-2016-8698 CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavi ...) NOT-FOR-US: Jensen of Scandinavia Air:Link Routers CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...) NOT-FOR-US: Hardware bug in AMD Ryzen CPUs, cannot be fixed via micro code updates, but only BIOS updates CVE-2017-7261 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...) {DLA-922-1} - linux 4.9.18-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/36274ab8c596f1240c606bb514da329add2a1bcd CVE-2017-7260 RESERVED CVE-2017-7259 REJECTED CVE-2017-7258 (HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi a ...) NOT-FOR-US: AuroMeera Technometrix CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) NOT-FOR-US: CMS Made Simple CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) NOT-FOR-US: CMS Made Simple CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) NOT-FOR-US: CMS Made Simple CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (libtiff-tools not shipped by this source package) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a d ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (libtiff-tools not shipped by this source package) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...) {DSA-3844-1} - tiff 4.0.7-2 (bug #846837) [wheezy] - tiff 4.0.2-6+deb7u9 - tiff3 [wheezy] - tiff3 (Unreproducible) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608 CVE-2016-10269 (LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0. ...) {DSA-3844-1 DLA-877-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (Unreproducible) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604 CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a den ...) {DLA-877-1} - tiff 4.0.7-2 (unimportant) - tiff3 (unimportant) [wheezy] - tiff3 (issue in tiffcp that is not shipped by the source package) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598 NOTE: Crash in CLI tool not treated as a security issue CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...) {DSA-3844-1 DLA-877-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (Unreproducible, BigTIFF not supported by this version) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/ NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611 CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...) {DSA-3844-1 DLA-877-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (Unreproducible) NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero NOTE: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596 CVE-2017-7254 RESERVED CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...) NOT-FOR-US: Dahua IP Camera devices CVE-2017-7252 (bcrypt password hashing in Botan before 2.1.0 does not correctly handl ...) - botan1.10 (Introduced in 1.11.0) NOTE: Bug introduced in 1.11.0, fixed in 2.1.0. CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...) NOT-FOR-US: pi-engine CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...) NOT-FOR-US: Gazelle torrent tracker CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) NOT-FOR-US: Gazelle torrent tracker CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...) NOT-FOR-US: Gazelle torrent tracker CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) NOT-FOR-US: Gazelle torrent tracker CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...) - pcre3 (bug #858679; unimportant) [jessie] - pcre3 (Minor issue; 32bit character support not enabled) [wheezy] - pcre3 (Vulnerable code not present) NOTE: https://bugs.exim.org/show_bug.cgi?id=2057 NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ NOTE: pcre32 support enabled only in pcre3/1:8.35-4 NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41) CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...) - pcre3 (bug #858678; unimportant) [jessie] - pcre3 (Minor issue; 32bit character support not enabled) [wheezy] - pcre3 (Vulnerable code not present) NOTE: https://bugs.exim.org/show_bug.cgi?id=2055 NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ NOTE: pcre32 support enabled only in pcre3/1:8.35-4 NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41) CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...) - pcre3 2:8.39-3 (bug #858683) [jessie] - pcre3 (Minor issue; 32bit character support not enabled) [wheezy] - pcre3 (Vulnerable code not present) NOTE: https://bugs.exim.org/show_bug.cgi?id=2054 NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ NOTE: pcre32 support enabled only in pcre3/1:8.35-4 NOTE: Bisected and the following change addresses the issue for pcre3: NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1688 (8.41) CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to caus ...) NOT-FOR-US: Eclipse tinydtls for Eclipse IoT CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules c ...) NOT-FOR-US: SLiMS CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move Attach ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The corre ...) NOT-FOR-US: Miele Professional PG 8528 PST10 devices CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...) - ninka (Fixed with the initial release to Debian) NOTE: https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf CVE-2017-7238 RESERVED CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7 ...) NOT-FOR-US: Spiceworks CVE-2017-7236 (SQL injection vulnerability in NetApp OnCommand Unified Manager Core P ...) NOT-FOR-US: NetApp CVE-2016-10265 RESERVED CVE-2016-10264 RESERVED CVE-2016-10263 RESERVED CVE-2016-10262 RESERVED CVE-2016-10261 RESERVED CVE-2016-10260 RESERVED CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...) NOT-FOR-US: Blue Coat CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...) NOT-FOR-US: Symantec CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7. ...) NOT-FOR-US: Symantec CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6 ...) NOT-FOR-US: Symantec CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ma ...) NOT-FOR-US: cloudflare-scrape CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...) {DSA-3835-1 DLA-885-1} - python-django 1:1.10.7-1 (bug #859516) NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753 CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 re ...) {DSA-3835-1 DLA-885-1} - python-django 1:1.10.7-1 (bug #859515) NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a CVE-2017-7232 RESERVED CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow v ...) NOT-FOR-US: pngdefry CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and e ...) NOT-FOR-US: Disk Sorter Enterprise CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5. ...) NOT-FOR-US: Vaultive O365 CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes availabl ...) {DSA-3847-1 DLA-907-1} - xen 4.8.1-1 (bug #859560) NOTE: https://xenbits.xen.org/xsa/advisory-212.html CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buf ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20906 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=406bd128dba2a59d0736839fc87a59bce319076c CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) libra ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20905 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...) - binutils 2.27.51.20161201-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20891 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=50455f1ab2935f7321215dfa681745c9b1cb5b19 CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is vuln ...) - binutils 2.27.51.20161201-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20892 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e82ab856bb4689330c29fb9f1c57a8555b26380e CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ov ...) - binutils 2.27.51.20161212-1 [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20898 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17 CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 al ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection mechan ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via sys_obj ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10. ...) NOT-FOR-US: Citrix CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.1 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...) - elfutils 0.168-0.2 (low) [jessie] - elfutils (Minor issue) [wheezy] - elfutils (Minor issue) NOTE: 0.168-0.2 first version uploaded to unstable NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/ NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07 CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows ...) - elfutils 0.168-0.2 (low) [jessie] - elfutils (Minor issue) [wheezy] - elfutils (Minor issue) NOTE: 0.168-0.2 first version uploaded to unstable NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/ NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=191000fdedba3fafe4d5b8cddad3f3318b49c3fb CVE-2017-7215 (Cross site scripting in some view elements in the index filter tool in ...) NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) CVE-2017-7214 (An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x ...) - nova 2:14.0.0-4 (bug #858568) [jessie] - nova (Vulnerable code not present) [wheezy] - nova (Not supported in Wheezy LTS) NOTE: https://bugs.launchpad.net/nova/+bug/1673569 CVE-2017-7213 (Zoho ManageEngine Desktop Central before build 100082 allows remote at ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2017-7212 RESERVED CVE-2017-7211 RESERVED CVE-2017-7210 (objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buff ...) - binutils 2.28-3 (low; bug #858324) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21157 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a2dea0b20bc66a4c287c3c50002b8c3b3e9d953a CVE-2017-7209 (The dump_section_as_bytes function in readelf in GNU Binutils 2.28 acc ...) - binutils 2.28-3 (low; bug #858323) [jessie] - binutils (Vulnerable code introduced later) [wheezy] - binutils (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21135 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...) {DSA-4012-1 DLA-1142-1} - libav (low) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...) {DSA-3838-1 DLA-1048-1} - ghostscript 9.20~dfsg-3 (bug #858350) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676 CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...) - libav [jessie] - libav (Vulnerable code not present) - ffmpeg (bug #872517; Previous patches mitigated the issue) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1002 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=83b2b34d06e74cc8775ba3d833f9782505e17539 CVE-2017-7205 (A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. T ...) NOT-FOR-US: GamePanelX-V3 CVE-2017-7204 (A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vuln ...) NOT-FOR-US: imdbphp CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30. ...) - zoneminder 1.30.4+dfsg-1 (bug #858329) [wheezy] - zoneminder (Minor issue) NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797 NOTE: Fixed in 1.30.2 upstream. CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...) NOT-FOR-US: SLiMS CVE-2017-7201 RESERVED CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...) NOT-FOR-US: Nessus CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The 'c ...) - glance 2:13.0.0-1 [jessie] - glance (Minor issue, too intrusive to backport) [wheezy] - glance (Not supported in Wheezy LTS) NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0078 NOTE: https://bugs.launchpad.net/ossn/+bug/1606495 NOTE: https://bugs.launchpad.net/ossn/+bug/1153614 NOTE: The only implemented solution is to move to the v2 API (deprecated in NOTE: 2:13.0.0-1, using that as the fixed version) CVE-2017-7198 RESERVED CVE-2017-7197 RESERVED CVE-2017-7196 RESERVED CVE-2017-7195 RESERVED CVE-2017-7194 RESERVED CVE-2017-7193 RESERVED CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...) NOT-FOR-US: Starscream CVE-2017-7190 RESERVED CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...) - php7.3 [buster] - php7.3 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) - php7.0 [stretch] - php7.0 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) - php5 [jessie] - php5 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192 NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a NOTE: The commit was later on reverted again because of breaking some features. NOTE: See as well the related CVE-2017-7272. CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...) NOT-FOR-US: Zurmo CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...) - linux 4.9.18-1 [jessie] - linux (Introduced in 3.17) [wheezy] - linux (Introduced in 3.17) NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5) NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1) CVE-2017-7185 (Use-after-free vulnerability in the mg_http_multipart_wait_for_boundar ...) NOT-FOR-US: Mongoose CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...) NOT-FOR-US: ExtraPuTTY CVE-2017-7182 RESERVED CVE-2017-7181 RESERVED CVE-2017-7180 (Net Monitor for Employees Pro through 5.3.4 has an unquoted service pa ...) NOT-FOR-US: Net Monitor for Employees Pro CVE-2017-7179 RESERVED CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ...) - erlang 1:19.2.1+dfsg-2 (bug #858313) [jessie] - erlang 1:17.3-dfsg-4+deb8u1 [wheezy] - erlang (Vulnerable code not present) NOTE: https://github.com/erlang/otp/pull/1108 CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Lin ...) {DLA-922-1} - linux 4.9.18-1 (low) [jessie] - linux 3.16.43-1 NOTE: Unprivileged user namespaces are disabled in Debian, this only affects NOTE: non-standard setups CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attacke ...) - pcre3 2:8.39-3 (bug #858230) [jessie] - pcre3 (Minor issue; 32bit character support not enabled) [wheezy] - pcre3 (Vulnerable code not present) - pcre2 10.22-3 (bug #858233) NOTE: https://bugs.exim.org/show_bug.cgi?id=2052 NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date (for pcre3) NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3) NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2) NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2) CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The exploit ...) {DSA-3856-1 DLA-863-1} - deluge 1.3.13+git20161130.48cedf63-2 (bug #857903) NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to p ...) - mat 0.6.1-4 (bug #858058) [jessie] - mat (Vulnerable code not present) [wheezy] - mat (Vulnerable code not present) NOTE: https://0xacab.org/mat/mat/issues/11527 NOTE: Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9 NOTE: Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5 CVE-2017-7176 REJECTED CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS com ...) NOT-FOR-US: NfSen CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 a ...) NOT-FOR-US: Chef Manage CVE-2017-7173 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-7172 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7171 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7170 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-7169 REJECTED CVE-2017-7168 REJECTED CVE-2017-7167 (An issue was discovered in certain Apple products. Xcode before 9.2 is ...) NOT-FOR-US: Apple CVE-2017-7166 REJECTED CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-7164 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7161 (An issue was discovered in certain Apple products. Safari before 11.0. ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.4-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0010.html NOTE: Not covered by security support CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Intel Graphics Driver on Apple / macOS CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7153 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) - webkit2gtk 2.18.6-1 (unimportant) [stretch] - webkit2gtk 2.18.6-1~deb9u1 NOTE: https://webkitgtk.org/security/WSA-2018-0002.html NOTE: Not covered by security support CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) NOT-FOR-US: Apple CVE-2017-7151 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7148 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7147 (An issue was discovered in certain Apple products. The Apple Support a ...) NOT-FOR-US: Apple CVE-2017-7146 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7145 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7144 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7143 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7142 (An issue was discovered in certain Apple products. Safari before 11 is ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7141 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7140 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7139 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7138 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7137 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) NOT-FOR-US: Apple CVE-2017-7136 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) NOT-FOR-US: Apple CVE-2017-7135 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) NOT-FOR-US: Apple CVE-2017-7134 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) NOT-FOR-US: Apple CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before 10.13. ...) NOT-FOR-US: Apple CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7119 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7118 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7117 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7116 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7115 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7113 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) NOT-FOR-US: Apple CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7110 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7109 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7108 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7107 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7106 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7105 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7104 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7103 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7102 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7101 RESERVED CVE-2017-7100 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7099 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7098 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7097 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7096 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7095 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7094 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7093 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7092 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7091 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7090 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7089 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7088 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7087 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7086 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7085 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7084 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7083 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7082 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7081 (An issue was discovered in certain Apple products. iOS before 11 is af ...) - webkit2gtk 2.18.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0008.html NOTE: Not covered by security support CVE-2017-7080 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7079 (An issue was discovered in certain Apple products. iTunes before 12.7 ...) NOT-FOR-US: Apple CVE-2017-7078 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7077 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7076 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) NOT-FOR-US: Apple CVE-2017-7075 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7074 (An issue was discovered in certain Apple products. macOS before 10.13 ...) NOT-FOR-US: Apple CVE-2017-7073 RESERVED CVE-2017-7072 (An issue was discovered in certain Apple products. iOS before 11 is af ...) NOT-FOR-US: Apple CVE-2017-7071 (An issue was discovered in certain Apple products. Safari before 10.1 ...) NOT-FOR-US: Apple CVE-2017-7070 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple / libarchive NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7066 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7065 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7062 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: Not covered by security support CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7059 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-7058 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7057 RESERVED CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: Not covered by security support CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7053 (An issue was discovered in certain Apple products. iTunes before 12.6. ...) NOT-FOR-US: Apple CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.4-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7050 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7049 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7044 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7043 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7042 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7041 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7040 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...) - webkit2gtk 2.16.3-2 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7035 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7032 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7031 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7028 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7027 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7026 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7025 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7024 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7023 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7022 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7021 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7020 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7019 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.6-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7016 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7015 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2 CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7011 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2 CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7007 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2017-0006.html NOTE: Not covered by security support CVE-2017-7005 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules CVE-2017-7000 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-6999 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6998 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6997 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6996 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6995 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6994 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6993 RESERVED CVE-2017-6992 RESERVED CVE-2017-6991 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOTE: Unspecified sqlite issue found by Apple, no further details available CVE-2017-6990 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6989 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6988 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6987 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6986 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6985 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6984 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-6983 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOTE: Unspecified sqlite issue found by Apple, no further details available CVE-2017-6982 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6981 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6980 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-6979 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-6978 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6977 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6976 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-6975 (Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack ...) NOT-FOR-US: Applie CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an e ...) NOT-FOR-US: AlienVault CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow rem ...) NOT-FOR-US: AlienVault CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow loc ...) NOT-FOR-US: AlienVault CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated u ...) NOT-FOR-US: GMV Checker ATM Security CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over ...) - binutils 2.28-3 (bug #858256) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14 CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect ...) {DLA-872-1} [experimental] - xrdp 0.9.2~20170325-1~exp1 - xrdp 0.9.1-9 (bug #858143) [jessie] - xrdp (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742 NOTE: https://github.com/neutrinolabs/xrdp/issues/350 NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694 NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696 NOTE: https://www.openwall.com/lists/oss-security/2017/03/18/1 NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically read-a ...) - binutils 2.28-3 (bug #858263) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9 CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while process ...) - binutils 2.28-3 (bug #858264) [jessie] - binutils (Minor issue) [wheezy] - binutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493 CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and Ubun ...) {DSA-3823-1 DLA-876-1} - eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872) NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627 CVE-2017-6963 RESERVED CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) {DLA-2911-1} - apng2gif 1.8-0.1 (bug #854447) [jessie] - apng2gif (Vulnerable code introduced later with refactoring) [wheezy] - apng2gif (Vulnerable code introduced later with refactoring) CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...) {DLA-2911-1} - apng2gif 1.8-0.1 (bug #854441) [jessie] - apng2gif (Vulnerable code introduced later with refactoring) [wheezy] - apng2gif (Vulnerable code introduced later with refactoring) CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) {DLA-2911-1 DLA-2165-1 DLA-981-1} - apng2gif 1.8-0.1 (bug #854367) CVE-2017-6959 REJECTED CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...) NOT-FOR-US: MantisBT Source Integration Plugin CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...) NOT-FOR-US: Firmware on some Broadcom SoCs CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ov ...) NOT-FOR-US: Firmware on some Broadcom SoCs CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...) NOT-FOR-US: wordpress Anyone plugin CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress Do ...) NOT-FOR-US: wordpress buddypress docs plugin CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflo ...) NOT-FOR-US: Gemalto SmartDiag Diagnosis Tool CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...) - capstone (Vulnerable code not present, in Windows specific distribution) CVE-2017-9999 REJECTED CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linu ...) {DLA-922-1} - linux 4.0.2-1 [jessie] - linux 3.16.43-1 CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended sec ...) NOT-FOR-US: SAP CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...) {DLA-908-1} - chicken 4.12.0-0.2 (bug #858057) [stretch] - chicken (Minor issue) [jessie] - chicken (Minor issue) NOTE: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html CVE-2017-6948 RESERVED CVE-2017-6947 RESERVED CVE-2017-6946 RESERVED CVE-2017-6945 RESERVED CVE-2017-6944 RESERVED CVE-2017-6943 RESERVED CVE-2017-6942 RESERVED CVE-2017-6941 RESERVED CVE-2017-6940 RESERVED CVE-2017-6939 RESERVED CVE-2017-6938 RESERVED CVE-2017-6937 RESERVED CVE-2017-6936 RESERVED CVE-2017-6935 RESERVED CVE-2017-6934 RESERVED CVE-2017-6933 RESERVED CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray modul ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/sa-core-2018-001 CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node access ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/sa-core-2018-001 CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission t ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/sa-core-2018-001 CVE-2017-6925 (In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-004 CVE-2017-6924 (In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-004 CVE-2017-6923 (In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-004 CVE-2017-6922 (In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; P ...) {DSA-3897-1 DLA-1004-1} - drupal8 (bug #756305) - drupal7 7.56-1 (bug #865498) NOTE: https://www.drupal.org/SA-CORE-2017-003 NOTE: http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936 CVE-2017-6921 (In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-003 CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-003 CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypa ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-CORE-2017-002 CVE-2017-6918 (CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to th ...) NOT-FOR-US: BigTree CMS CVE-2017-6917 (CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admi ...) NOT-FOR-US: BigTree CMS CVE-2017-6916 (CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to ...) NOT-FOR-US: BigTree CMS CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the a ...) NOT-FOR-US: BigTree CMS CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to ...) NOT-FOR-US: BigTree CMS CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail b ...) NOT-FOR-US: Open-Xchange CVE-2017-6912 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...) NOT-FOR-US: USB Pratirodh CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...) NOT-FOR-US: Kaazing Gateway CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...) NOT-FOR-US: Shimmie CVE-2017-6908 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exi ...) NOT-FOR-US: concrete5 CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerabilit ...) NOT-FOR-US: Open.GL CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The vulnerabili ...) NOT-FOR-US: SiberianCMS CVE-2017-6905 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exi ...) NOT-FOR-US: concrete5 CVE-2017-6904 RESERVED CVE-2017-6902 REJECTED CVE-2017-6901 RESERVED CVE-2017-6900 (An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue ...) NOT-FOR-US: Riello NetMan CVE-2017-6899 (The msm_bus_dbg_update_request_write function in drivers/platform/msm/ ...) NOT-FOR-US: android_kernel_huawei_msm8916 in LineageOS (and other kernels for MSM devices) CVE-2017-6898 RESERVED CVE-2017-6897 RESERVED CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wi ...) NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ( ...) NOT-FOR-US: USB Pratirodh CVE-2017-6894 (A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 a ...) NOT-FOR-US: FlexNet Manager Suite CVE-2017-6893 RESERVED CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) {DLA-2418-1 DLA-985-1} - libsndfile 1.0.28-1 (bug #864704) [jessie] - libsndfile (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...) {DSA-3861-1 DLA-950-1} - libtasn1-6 4.10-1.1 (bug #863186) - libtasn1-3 NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ NOTE: https://gitlab.com/gnutls/libtasn1/commit/5520704d075802df25ce4ffccc010ba1641bd484 CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function (dcraw_foveo ...) NOT-FOR-US: libraw demosaic extension (not packaged in Debian) CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function (dc ...) NOT-FOR-US: libraw demosaic extension (not packaged in Debian) CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC ...) {DLA-2514-1} - flac 1.3.2-2 (low; bug #897015) [jessie] - flac (Minor issue) [wheezy] - flac (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ NOTE: https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67 (1.3.3) NOTE: https://android.googlesource.com/platform/external/flac/+/4f47b63e9c971e6391590caf00a0f2a5ed612e67 CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function (internal/dcra ...) {DSA-3950-1 DLA-1057-1} - libraw 0.18.2-2 (bug #864183) NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251 CVE-2017-6886 (An error within the "parse_tiff_ifd()" function (internal/dcraw_common ...) {DSA-3950-1 DLA-1057-1} - libraw 0.18.2-2 (bug #864183) NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251 CVE-2017-6885 (An error when handling certain external commands and services related ...) NOT-FOR-US: FlexNet CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has insuff ...) {DSA-3812-1} - ioquake3 1.36+u20161101+dfsg1-2 (bug #857699) [wheezy] - ioquake3 (Not supported in Wheezy LTS) - iortcw 1.50a+dfsg1-3 (bug #857714) NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ NOTE: Also affects openjk (only in experimental; bug #857715) CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926 ...) NOT-FOR-US: Zyxel CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF be ...) NOT-FOR-US: Foxit CVE-2017-6882 RESERVED CVE-2017-6881 RESERVED CVE-2017-6880 (Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attacker ...) NOT-FOR-US: Cerberus FTP Server CVE-2017-6879 RESERVED CVE-2017-6878 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remo ...) NOT-FOR-US: MetInfo CVE-2017-6877 (Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim ...) NOT-FOR-US: Lutim CVE-2017-6876 RESERVED CVE-2017-6875 RESERVED CVE-2017-6874 (Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 a ...) - linux 4.9.16-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/040757f738e13caaa9c5078bca79aa97e11dde88 CVE-2017-6873 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...) NOT-FOR-US: Siemens CVE-2017-6872 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...) NOT-FOR-US: Siemens CVE-2017-6871 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...) NOT-FOR-US: Siemens CVE-2017-6870 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...) NOT-FOR-US: Siemens CVE-2017-6869 (A vulnerability was discovered in Siemens ViewPort for Web Office Port ...) NOT-FOR-US: Siemens CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP ...) NOT-FOR-US: Siemens CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before U ...) NOT-FOR-US: Siemens CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...) NOT-FOR-US: Siemens CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST) (All v ...) NOT-FOR-US: Siemens CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) NOT-FOR-US: Siemens CVE-2017-6863 RESERVED CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1. ...) NOT-FOR-US: NETGEAR CVE-2017-6861 RESERVED CVE-2017-6860 RESERVED CVE-2017-6859 RESERVED CVE-2017-6858 RESERVED CVE-2017-6857 RESERVED CVE-2017-6856 RESERVED CVE-2017-6855 RESERVED CVE-2017-6854 RESERVED CVE-2017-6853 RESERVED CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka aud ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote att ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ NOTE: https://github.com/mpruett/audiofile/issues/41 NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in li ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h NOTE: https://github.com/mpruett/audiofile/issues/40 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio Fi ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp NOTE: https://github.com/mpruett/audiofile/issues/39 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp NOTE: https://github.com/mpruett/audiofile/issues/38 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio F ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp NOTE: https://github.com/mpruett/audiofile/issues/37 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp NOTE: https://github.com/mpruett/audiofile/issues/36 NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp NOTE: https://github.com/mpruett/audiofile/issues/35 NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp NOTE: https://github.com/mpruett/audiofile/issues/34 NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka audiof ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://github.com/mpruett/audiofile/issues/33 NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://github.com/mpruett/audiofile/issues/31 NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients func ...) {DSA-3814-1 DLA-867-1} - audiofile 0.3.6-4 (bug #857651) NOTE: https://github.com/mpruett/audiofile/issues/32 NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.c in I ...) {DSA-3808-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #857426) [wheezy] - imagemagick (vulnerable code not present) NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...) {DSA-3827-1 DLA-920-1} - jasper NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/11 NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387 NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...) - jasper (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2016/10/20/5 NOTE: Not suitable for code injection, hardly denial of service NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...) {DLA-2765-1} - mupdf 1.11+ds1-1 (unimportant) [wheezy] - mupdf (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19 CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...) {DLA-2765-1} - mupdf 1.11+ds1-1 (unimportant) [wheezy] - mupdf (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20 CVE-2017-XXXX [Server certificates are not verified] - profanity 0.5.1-1 (bug #857546) [jessie] - profanity (Minor issue) NOTE: https://github.com/boothj5/profanity/issues/280 CVE-2017-7191 (The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to c ...) - irssi 1.0.2-1 (bug #857502) [jessie] - irssi (Different code path caused the netjoins to be flushed prior reaching use-after-free condition) [wheezy] - irssi (Different code path caused the netjoins to be flushed prior reaching use-after-free condition) NOTE: https://irssi.org/security/irssi_sa_2017_03.txt NOTE: https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3 CVE-2017-6826 RESERVED CVE-2017-6825 RESERVED CVE-2017-6824 RESERVED CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges ...) NOT-FOR-US: Fiyo CMS CVE-2017-6822 RESERVED CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka Z ...) NOT-FOR-US: Zimbra CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ...) {DLA-855-1} - roundcube 1.2.3+dfsg.1-3 (bug #857473) NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305 NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fa ...) NOT-FOR-US: Zimbra CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6810 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6809 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6808 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) NOT-FOR-US: MaNGOSWebV4 CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Tr ...) - libapache2-mod-auth-mellon 0.12.0-2 [jessie] - libapache2-mod-auth-mellon (Minor issue) CVE-2017-6806 RESERVED CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm Pers ...) NOT-FOR-US: MobaXterm CVE-2017-6804 REJECTED CVE-2017-6803 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: SolarWinds (formerly Serv-U) FTP Voyager CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulne ...) NOT-FOR-US: Trend Micro Endpoint Sensor CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential he ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.2-1 NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ou ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.2-1 NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7 CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory acces ...) {DSA-3846-1} - libytnef 1.9.2-1 [wheezy] - libytnef (vulnerable code not present) NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89 CVE-2017-6799 (A cross-site scripting (XSS) vulnerability in view_filters_page.php in ...) - mantis (Vulnerable versions only 2.1.0 through 2.2.0) [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95 NOTE: http://www.mantisbt.org/bugs/view.php?id=22497 CVE-2017-6797 (A cross-site scripting (XSS) vulnerability in bug_change_status_page.p ...) - mantis [wheezy] - mantis (Unsupported in Wheezy LTS) NOTE: https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f NOTE: https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e NOTE: http://www.mantisbt.org/bugs/view.php?id=22486 CVE-2017-6796 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...) NOT-FOR-US: Cisco CVE-2017-6795 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...) NOT-FOR-US: Cisco CVE-2017-6794 (A vulnerability in the CLI command-parsing code of Cisco Meeting Serve ...) NOT-FOR-US: Cisco CVE-2017-6793 (A vulnerability in the Inventory Management feature of Cisco Prime Col ...) NOT-FOR-US: Cisco CVE-2017-6792 (A vulnerability in the batch provisioning feature in Cisco Prime Colla ...) NOT-FOR-US: Cisco CVE-2017-6791 (A vulnerability in the Trust Verification Service (TVS) of Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the Cisco ...) NOT-FOR-US: Cisco CVE-2017-6789 (A vulnerability in the Cisco Unified Intelligence Center web interface ...) NOT-FOR-US: Cisco CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client ...) NOT-FOR-US: Cisco CVE-2017-6787 RESERVED CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could allow an au ...) NOT-FOR-US: Cisco CVE-2017-6785 (A vulnerability in configuration modification permissions validation f ...) NOT-FOR-US: Cisco CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345, and RV ...) NOT-FOR-US: Cisco CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security Appliance ( ...) NOT-FOR-US: Cisco CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco Prime Inf ...) NOT-FOR-US: Cisco CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisco Pol ...) NOT-FOR-US: Cisco CVE-2017-6780 (A vulnerability in the TCP throttling process for Cisco IoT Field Netw ...) NOT-FOR-US: Cisco CVE-2017-6779 (Multiple Cisco products are affected by a vulnerability in local file ...) NOT-FOR-US: Cisco CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...) NOT-FOR-US: Cisco CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...) NOT-FOR-US: Cisco CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services Control ...) NOT-FOR-US: Cisco CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...) NOT-FOR-US: Cisco CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers r ...) NOT-FOR-US: Cisco CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...) NOT-FOR-US: Cisco CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC) could allow ...) NOT-FOR-US: Cisco CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco Ultra Serv ...) NOT-FOR-US: Cisco CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Softwar ...) NOT-FOR-US: Cisco CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco Sec ...) NOT-FOR-US: Cisco CVE-2017-6768 (A vulnerability in the build procedure for certain executable system f ...) NOT-FOR-US: Cisco CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure Controller ...) NOT-FOR-US: Cisco CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspe ...) NOT-FOR-US: Cisco CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco M ...) NOT-FOR-US: Cisco CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2017-6760 RESERVED CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...) NOT-FOR-US: Cisco CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5 ...) NOT-FOR-US: Cisco CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime Collabora ...) NOT-FOR-US: Cisco CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...) NOT-FOR-US: Cisco CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco Sma ...) NOT-FOR-US: Cisco CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome an ...) NOT-FOR-US: Cisco CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...) NOT-FOR-US: Cisco CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web Securi ...) NOT-FOR-US: Cisco CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...) NOT-FOR-US: Cisco CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...) NOT-FOR-US: Cisco CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Service ...) NOT-FOR-US: Cisco CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security Applian ...) NOT-FOR-US: Cisco CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape Distributi ...) NOT-FOR-US: Cisco CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...) NOT-FOR-US: Cisco CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) NOT-FOR-US: Cisco CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco FireS ...) NOT-FOR-US: Cisco CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2017-6733 (A vulnerability in the web-based application interface of the Cisco Id ...) NOT-FOR-US: Cisco CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime Network ...) NOT-FOR-US: Cisco CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress ...) NOT-FOR-US: Cisco CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area Application Se ...) NOT-FOR-US: Cisco CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing functi ...) NOT-FOR-US: Cisco CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of Cisco Wi ...) NOT-FOR-US: Cisco CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway could al ...) NOT-FOR-US: Cisco CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) NOT-FOR-US: Cisco CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) NOT-FOR-US: Cisco CVE-2017-6723 RESERVED CVE-2017-6722 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2017-6721 (A vulnerability in the ingress processing of fragmented TCP packets by ...) NOT-FOR-US: Cisco CVE-2017-6720 (A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Bus ...) NOT-FOR-US: Cisco CVE-2017-6719 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2017-6718 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2017-6717 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2017-6716 (A vulnerability in the web framework code of Cisco Firepower Managemen ...) NOT-FOR-US: Cisco CVE-2017-6715 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2017-6714 (A vulnerability in the AutoIT service of Cisco Ultra Services Framewor ...) NOT-FOR-US: Cisco CVE-2017-6713 (A vulnerability in the Play Framework of Cisco Elastic Services Contro ...) NOT-FOR-US: Cisco CVE-2017-6712 (A vulnerability in certain commands of Cisco Elastic Services Controll ...) NOT-FOR-US: Cisco CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ult ...) NOT-FOR-US: Cisco CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF) Element Ma ...) NOT-FOR-US: Cisco CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra Services Frame ...) NOT-FOR-US: Cisco CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation functionality ...) NOT-FOR-US: Cisco CVE-2017-6707 (A vulnerability in the CLI command-parsing code of the Cisco StarOS op ...) NOT-FOR-US: Cisco CVE-2017-6706 (A vulnerability in the logging subsystem of the Cisco Prime Collaborat ...) NOT-FOR-US: Cisco CVE-2017-6705 (A vulnerability in the filesystem of the Cisco Prime Collaboration Pro ...) NOT-FOR-US: Cisco CVE-2017-6704 (A vulnerability in the web application in the Cisco Prime Collaboratio ...) NOT-FOR-US: Cisco CVE-2017-6703 (A vulnerability in the web application in the Cisco Prime Collaboratio ...) NOT-FOR-US: Cisco CVE-2017-6702 (A vulnerability in the web framework of Cisco SocialMiner could allow ...) NOT-FOR-US: Cisco CVE-2017-6701 (A vulnerability in the web application interface of the Cisco Identity ...) NOT-FOR-US: Cisco CVE-2017-6700 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2017-6699 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2017-6698 (A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Pro ...) NOT-FOR-US: Cisco CVE-2017-6697 (A vulnerability in the web interface of Cisco Elastic Services Control ...) NOT-FOR-US: Cisco CVE-2017-6696 (A vulnerability in the file system of Cisco Elastic Services Controlle ...) NOT-FOR-US: Cisco CVE-2017-6695 (A vulnerability in the ConfD server in Cisco Ultra Services Platform c ...) NOT-FOR-US: Cisco CVE-2017-6694 (A vulnerability in the Virtual Network Function Manager's (VNFM) loggi ...) NOT-FOR-US: Cisco CVE-2017-6693 (A vulnerability in the ConfD server component of Cisco Elastic Service ...) NOT-FOR-US: Cisco CVE-2017-6692 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) NOT-FOR-US: Cisco CVE-2017-6691 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) NOT-FOR-US: Cisco CVE-2017-6690 (A vulnerability in the file check operation of Cisco ASR 5000 Series A ...) NOT-FOR-US: Cisco CVE-2017-6689 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) NOT-FOR-US: Cisco CVE-2017-6688 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...) NOT-FOR-US: Cisco CVE-2017-6687 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) NOT-FOR-US: Cisco CVE-2017-6686 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) NOT-FOR-US: Cisco CVE-2017-6685 (A vulnerability in Cisco Ultra Services Framework Staging Server could ...) NOT-FOR-US: Cisco CVE-2017-6684 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...) NOT-FOR-US: Cisco CVE-2017-6683 (A vulnerability in the esc_listener.py script of Cisco Elastic Service ...) NOT-FOR-US: Cisco CVE-2017-6682 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) NOT-FOR-US: Cisco CVE-2017-6681 (A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Ser ...) NOT-FOR-US: Cisco CVE-2017-6680 (A vulnerability in the AutoVNF logging function of Cisco Ultra Service ...) NOT-FOR-US: Cisco CVE-2017-6679 (The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained ...) NOT-FOR-US: Cisco CVE-2017-6678 (A vulnerability in the ingress UDP packet processing functionality of ...) NOT-FOR-US: Cisco CVE-2017-6677 RESERVED CVE-2017-6676 RESERVED CVE-2017-6675 (A vulnerability in the web interface of Cisco Industrial Network Direc ...) NOT-FOR-US: Cisco CVE-2017-6674 (A vulnerability in the feature-license management functionality of Cis ...) NOT-FOR-US: Cisco CVE-2017-6673 (A vulnerability in Cisco Firepower Management Center could allow an au ...) NOT-FOR-US: Cisco CVE-2017-6672 (A vulnerability in certain filtering mechanisms of access control list ...) NOT-FOR-US: Cisco CVE-2017-6671 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2017-6670 (A vulnerability in the web-based GUI of Cisco Unified Communications D ...) NOT-FOR-US: Cisco CVE-2017-6669 (Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Netw ...) NOT-FOR-US: Cisco CVE-2017-6668 (Vulnerabilities in the web-based GUI of Cisco Unified Communications D ...) NOT-FOR-US: Cisco CVE-2017-6667 (A vulnerability in the update process for the dynamic JAR file of the ...) NOT-FOR-US: Cisco CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software f ...) NOT-FOR-US: Cisco CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...) NOT-FOR-US: Cisco CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...) NOT-FOR-US: Cisco CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime Infrast ...) NOT-FOR-US: Cisco CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2017-6660 RESERVED CVE-2017-6659 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread rela ...) NOT-FOR-US: Cisco CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Vali ...) NOT-FOR-US: Cisco CVE-2017-6656 (A vulnerability in Session Initiation Protocol (SIP) call handling of ...) NOT-FOR-US: Cisco CVE-2017-6655 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol imp ...) NOT-FOR-US: Cisco CVE-2017-6654 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-6653 (A vulnerability in the TCP throttling process for the GUI of the Cisco ...) NOT-FOR-US: Cisco CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence IX5000 ...) NOT-FOR-US: Cisco CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow unauthentic ...) NOT-FOR-US: Cisco CVE-2017-6650 (A vulnerability in the Telnet CLI command of Cisco NX-OS System Softwa ...) NOT-FOR-US: Cisco CVE-2017-6649 (A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through ...) NOT-FOR-US: Cisco CVE-2017-6648 (A vulnerability in the Session Initiation Protocol (SIP) of the Cisco ...) NOT-FOR-US: Cisco CVE-2017-6647 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6646 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6645 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6644 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6643 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6642 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) NOT-FOR-US: Cisco CVE-2017-6641 (A vulnerability in the TCP connection handling functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2017-6640 (A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Soft ...) NOT-FOR-US: Cisco CVE-2017-6639 (A vulnerability in the role-based access control (RBAC) functionality ...) NOT-FOR-US: Cisco CVE-2017-6638 (A vulnerability in how DLL files are loaded with Cisco AnyConnect Secu ...) NOT-FOR-US: Cisco CVE-2017-6637 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) NOT-FOR-US: Cisco CVE-2017-6636 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) NOT-FOR-US: Cisco CVE-2017-6635 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) NOT-FOR-US: Cisco CVE-2017-6634 (A vulnerability in the Device Manager web interface of Cisco Industria ...) NOT-FOR-US: Cisco CVE-2017-6633 (A vulnerability in the TCP throttling process of Cisco UCS C-Series Ra ...) NOT-FOR-US: Cisco CVE-2017-6632 (A vulnerability in the logging configuration of Secure Sockets Layer ( ...) NOT-FOR-US: Cisco CVE-2017-6631 (A vulnerability in the HTTP remote procedure call (RPC) service of set ...) NOT-FOR-US: Cisco CVE-2017-6630 (A vulnerability in the Session Initiation Protocol (SIP) implementatio ...) NOT-FOR-US: Cisco CVE-2017-6629 (A vulnerability in the ImageID parameter of Cisco Unity Connection 10. ...) NOT-FOR-US: Cisco CVE-2017-6628 (A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide ...) NOT-FOR-US: Cisco CVE-2017-6627 (A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, an ...) NOT-FOR-US: Cisco CVE-2017-6626 (A vulnerability in the Cisco Finesse Notification Service for Cisco Un ...) NOT-FOR-US: Cisco CVE-2017-6625 (A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA wi ...) NOT-FOR-US: Cisco CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager E ...) NOT-FOR-US: Cisco CVE-2017-6623 (A vulnerability in a script file that is installed as part of the Cisc ...) NOT-FOR-US: Cisco CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime Collaboration Pro ...) NOT-FOR-US: Cisco CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) NOT-FOR-US: Cisco CVE-2017-6620 (A vulnerability in the remote management access control list (ACL) fea ...) NOT-FOR-US: Cisco CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) NOT-FOR-US: Cisco CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) NOT-FOR-US: Cisco CVE-2017-6617 (A vulnerability in the session identification management functionality ...) NOT-FOR-US: Cisco CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) NOT-FOR-US: Cisco CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...) NOT-FOR-US: Cisco CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime Netw ...) NOT-FOR-US: Cisco CVE-2017-6612 (A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5 ...) NOT-FOR-US: Cisco CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) NOT-FOR-US: Cisco CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH c ...) NOT-FOR-US: Cisco CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...) NOT-FOR-US: Cisco CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer ...) NOT-FOR-US: Cisco CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an u ...) NOT-FOR-US: Cisco CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could all ...) NOT-FOR-US: Cisco CVE-2017-6605 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management Co ...) NOT-FOR-US: Cisco CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running wit ...) NOT-FOR-US: Cisco CVE-2017-6602 (A vulnerability in the CLI of Cisco Unified Computing System (UCS) Man ...) NOT-FOR-US: Cisco CVE-2017-6601 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...) NOT-FOR-US: Cisco CVE-2017-6600 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...) NOT-FOR-US: Cisco CVE-2017-6599 (A vulnerability in Google-defined remote procedure call (gRPC) handlin ...) NOT-FOR-US: Cisco CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco Unifie ...) NOT-FOR-US: Cisco CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified Com ...) NOT-FOR-US: Cisco CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer o ...) {DLA-923-1} [experimental] - partclone 0.2.90-1 - partclone 0.2.89-3 (bug #857966) [jessie] - partclone (Minor issue) NOTE: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md NOTE: https://github.com/Thomas-Tsai/partclone/issues/91 NOTE: https://github.com/Thomas-Tsai/partclone/commit/2d6bcfd8016dc6090090934bab71c663d9a4d36d NOTE: https://github.com/Thomas-Tsai/partclone/commit/96401fb5b7221fc5f44df7079485c395f9c3a428 CVE-2017-6595 RESERVED CVE-2017-6594 (The transit path validation code in Heimdal before 7.3 might allow att ...) - heimdal 7.1.0+dfsg-12 [wheezy] - heimdal (Minor issue) NOTE: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 NOTE: See https://lists.debian.org/debian-lts/2017/05/msg00010.html CVE-2017-6593 RESERVED CVE-2017-6592 RESERVED CVE-2017-6591 (There is a cross-site scripting vulnerability in django-epiceditor 0.2 ...) NOT-FOR-US: django-epiceditor CVE-2017-6590 (An issue was discovered in network-manager-applet (aka network-manager ...) - network-manager-applet (unimportant) NOTE: Marked as 'unimportant', since not exploitable in Debian, although the source NOTE: would be affected as well for Debian. NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321 CVE-2017-6589 (EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecu ...) NOT-FOR-US: django-epiceditor CVE-2017-6588 RESERVED CVE-2017-6587 RESERVED CVE-2017-6586 RESERVED CVE-2017-6585 RESERVED CVE-2017-6584 RESERVED CVE-2017-6583 RESERVED CVE-2017-6582 RESERVED CVE-2017-6581 RESERVED CVE-2017-6580 RESERVED CVE-2017-6579 RESERVED CVE-2017-6578 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6577 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6576 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6575 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6574 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6573 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6572 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6571 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6570 (A SQL injection issue is exploitable, with WordPress admin access, in ...) NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress CVE-2017-6569 RESERVED CVE-2017-6568 RESERVED CVE-2017-6567 RESERVED CVE-2017-6566 RESERVED CVE-2017-6565 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDia ...) NOT-FOR-US: Franklin Fueling Systems TS-550 evo CVE-2017-6564 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest u ...) NOT-FOR-US: Franklin Fueling Systems TS-550 evo CVE-2017-6563 RESERVED CVE-2017-6562 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetOb ...) NOT-FOR-US: Agora-Project CVE-2017-6561 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action ...) NOT-FOR-US: Agora-Project CVE-2017-6560 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[ ...) NOT-FOR-US: Agora-Project CVE-2017-6559 (XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNo ...) NOT-FOR-US: Agora-Project CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n ...) NOT-FOR-US: iball Baton CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the p ...) NOT-FOR-US: ArrayOS CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2. ...) NOT-FOR-US: CMS Made Simple CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) NOT-FOR-US: CMS Made Simple CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...) NOT-FOR-US: Quest Privilege Manager CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix befor ...) NOT-FOR-US: Quest One Identity Privilege Manager for Unix CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...) NOT-FOR-US: Livebox 3 Sagemcom CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a denial o ...) NOT-FOR-US: Pexip Infinity CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerl ...) NOT-FOR-US: Kinsey Infor-Lawson CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC6 ...) NOT-FOR-US: ASUS CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT- ...) NOT-FOR-US: ASUS CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT- ...) NOT-FOR-US: ASUS CVE-2017-6546 RESERVED CVE-2017-6545 RESERVED CVE-2017-6544 (Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuh ...) NOT-FOR-US: wuhu CVE-2017-6543 (Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance be ...) NOT-FOR-US: Nessus CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...) - putty 0.67-3 (bug #857642) [jessie] - putty (Minor issue) [wheezy] - putty (Minor issue) NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68) NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if NOTE: the attacker can already be able to connect to the Unix-domain socket NOTE: representing the forwarded agent connection. CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) NOT-FOR-US: webpagetest CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) NOT-FOR-US: webpagetest CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) NOT-FOR-US: webpagetest CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) NOT-FOR-US: webpagetest CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) NOT-FOR-US: webpagetest CVE-2017-6532 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ha ...) NOT-FOR-US: Televes COAXDATA GATEWAY CVE-2017-6531 (On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ...) NOT-FOR-US: Televes COAXDATA GATEWAY CVE-2017-6530 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do ...) NOT-FOR-US: Televes COAXDATA GATEWAY CVE-2017-6529 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) NOT-FOR-US: dnaLIMS CVE-2017-6528 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affe ...) NOT-FOR-US: dnaLIMS CVE-2017-6527 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) NOT-FOR-US: dnaLIMS CVE-2017-6526 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) NOT-FOR-US: dnaLIMS CVE-2017-6525 RESERVED CVE-2017-6524 RESERVED CVE-2017-6523 RESERVED CVE-2017-6522 RESERVED CVE-2017-6521 RESERVED CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvert ...) NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ...) - avahi 0.7-5 (unimportant; bug #917047) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712 NOTE: https://github.com/lathiat/avahi/issues/203 NOTE: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) NOT-FOR-US: SanaCMS CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow a ...) NOT-FOR-US: Microsoft CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo befo ...) NOT-FOR-US: MagniComp CVE-2017-6515 RESERVED CVE-2017-6514 (WordPress 4.7.2 mishandles listings of post authors, which allows remo ...) - wordpress (unimportant) NOTE: No security impact CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2 ...) NOT-FOR-US: Softaculous Virtualizor CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the File-Pat ...) {DSA-3873-1 DLA-978-1} - perl 5.24.1-3 (bug #863870) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951 NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...) {DLA-1812-1} - doxygen 1.8.12-1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934 NOTE: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081 (Release_1_8_12) CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in ...) NOT-FOR-US: FineCMS CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a directory ...) NOT-FOR-US: Easy File Sharing FTP Server CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XS ...) NOT-FOR-US: burgundy-cms CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect handling of ...) - apparmor 2.11.0-3 (bug #858768) [jessie] - apparmor (Minor issue) [wheezy] - apparmor (Experimental/unsupported feature) NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647 NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648 NOTE: https://bugs.launchpad.net/apparmor/+bug/1668892 NOTE: affects only third-party rules, e.g. from Docker or LXC NOTE: LXC in wheezy doesn't support proper isolation CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...) {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...) {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...) {DSA-3815-1 DLA-860-1} - wordpress 4.7.3+dfsg-1 (bug #857026) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...) {DSA-3815-1} - wordpress 4.7.3+dfsg-1 (bug #857026) [wheezy] - wordpress (vulnerable code was introduced later) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...) - wordpress 4.7.3+dfsg-1 (bug #857026) [jessie] - wordpress (Only affects 4.7.x) [wheezy] - wordpress (Only affects 4.7.x) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...) - wordpress 4.7.3+dfsg-1 (bug #857026) [jessie] - wordpress (Only affects 4.2 and later) [wheezy] - wordpress (Only affects 4.2 and later) NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ NOTE: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 CVE-2017-6508 (CRLF injection vulnerability in the url_parse function in url.c in Wge ...) {DLA-851-1} - wget 1.19.1-2 (bug #857073) [buster] - wget 1.18-5 [stretch] - wget 1.18-5 [jessie] - wget 1.16-1+deb8u2 NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4 CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function s ...) NOT-FOR-US: Azure Data Expert Ultimate CVE-2017-6505 (The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Qu ...) {DLA-1497-1 DLA-1071-1 DLA-1070-1} - qemu 1:2.8+dfsg-4 (bug #856969) - qemu-kvm NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options hea ...) {DLA-897-1} - qbittorrent 3.3.7-3 (low; bug #856978) [jessie] - qbittorrent (Minor issue) NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d NOTE: Fixed upstream in 3.3.11 CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which c ...) {DLA-897-1} - qbittorrent 3.3.7-3 (low; bug #856977) [jessie] - qbittorrent (Minor issue) NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16 NOTE: Fixed upstream in 3.3.11 CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...) - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #856883) NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14 NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf ...) - imagemagick 8:6.9.7.4+dfsg-2 (bug #856881) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751 CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun ...) {DSA-3808-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-2 (bug #856879) NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528 NOTE: https://github.com/ImageMagick/ImageMagick/issues/375 NOTE: https://github.com/ImageMagick/ImageMagick/issues/376 CVE-2017-6499 (An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially ...) {DSA-3808-1} - imagemagick 8:6.9.7.4+dfsg-2 (bug #856880) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634 NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543 CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files coul ...) {DSA-3808-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-2 (bug #856878) NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9 NOTE: https://github.com/ImageMagick/ImageMagick/pull/359 CVE-2017-6497 (An issue was discovered in ImageMagick 6.9.7. A specially crafted psd ...) - imagemagick 8:6.9.7.4+dfsg-2 (bug #856882) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94 CVE-2017-6496 RESERVED CVE-2017-6495 RESERVED CVE-2017-6494 RESERVED CVE-2017-6493 RESERVED CVE-2017-6492 (SQL Injection was discovered in adm_program/modules/dates/dates_functi ...) NOT-FOR-US: Admidio CVE-2017-6491 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) NOT-FOR-US: EPESI CVE-2017-6490 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) NOT-FOR-US: EPESI CVE-2017-6489 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) NOT-FOR-US: EPESI CVE-2017-6488 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) NOT-FOR-US: EPESI CVE-2017-6487 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) NOT-FOR-US: EPESI CVE-2017-6486 (A Cross-Site Scripting (XSS) issue was discovered in reasoncms before ...) NOT-FOR-US: reasoncms CVE-2017-6485 (A Cross-Site Scripting (XSS) issue was discovered in php-calendar befo ...) NOT-FOR-US: PHP-Calendar CVE-2017-6484 (Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Me ...) NOT-FOR-US: INTER-Mediator CVE-2017-6483 (Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2 ...) NOT-FOR-US: ATutor CVE-2017-6482 REJECTED CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam ...) - phpipam (bug #731713) CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS ...) NOT-FOR-US: cmsgroovel CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a re ...) NOT-FOR-US: FenixHosting (different than fenix game engine) CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...) NOT-FOR-US: MaNGOSWebV4 CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...) {DSA-3839-1 DLA-848-1} [experimental] - freetype 2.7.1-0.1 - freetype 2.6.3-3.1 (bug #856971) NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7) CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by leve ...) {DSA-3803-1 DLA-847-1} - texlive-bin 2019.20190605.51237-2 (unimportant) - texlive-base 2016.20161130-1 NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/ NOTE: http://www.tug.org/svn/texlive?view=revision&revision=42605 CVE-2017-6477 RESERVED CVE-2017-6476 RESERVED CVE-2017-6475 RESERVED CVE-2017-6474 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-07.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429 CVE-2017-6473 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file p ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-09.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7edc761a01cda8e1b37677f673985582330317d2 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431 CVE-2017-6472 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dis ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-04.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b3a0909beff8963b390034c594e0b6be6a4e531 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347 CVE-2017-6471 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infini ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-05.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348 CVE-2017-6470 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infi ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-10.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432 CVE-2017-6469 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS diss ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-03.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346 CVE-2017-6468 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-08.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430 CVE-2017-6467 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.5+g440fd4d-2 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-11.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=284ad58d288722a8725401967bff0c4455488f0c NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083 CVE-2017-6466 (F-Secure Software Updater 2.20, as distributed in several F-Secure pro ...) NOT-FOR-US: F-Secure CVE-2017-6465 (Remote Code Execution was discovered in FTPShell Client 6.53. By defau ...) NOT-FOR-US: FTPShell Client CVE-2017-6464 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...) - ntp 1:4.2.8p10+dfsg-1 (low) [jessie] - ntp (Minor issue) [wheezy] - ntp (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3389 NOTE: https://cure53.de/pentest-report_ntp.pdf CVE-2017-6463 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ...) - ntp 1:4.2.8p10+dfsg-1 [jessie] - ntp (Minor issue) [wheezy] - ntp (Minor issue) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387 NOTE: https://cure53.de/pentest-report_ntp.pdf CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...) - ntp 1:4.2.8p10+dfsg-1 (unimportant) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388 NOTE: https://cure53.de/pentest-report_ntp.pdf NOTE: Obscure legacy feature, no real impact CVE-2017-6461 REJECTED CVE-2017-6460 (Stack-based buffer overflow in the reslist function in ntpq in NTP bef ...) - ntp 1:4.2.8p10+dfsg-1 [jessie] - ntp (Vulnerable code not present) [wheezy] - ntp (Vulnerable code not present) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3377 NOTE: https://cure53.de/pentest-report_ntp.pdf CVE-2017-6459 (The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...) - ntp (NTP on Windows) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3382 CVE-2017-6458 (Multiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...) - ntp 1:4.2.8p10+dfsg-1 (unimportant) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379 NOTE: https://cure53.de/pentest-report_ntp.pdf NOTE: This is not a vulnerability per se, but a weakness in an internal helper function CVE-2017-6457 REJECTED CVE-2017-6456 REJECTED CVE-2017-6455 (NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...) - ntp (NTP on Windows) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3384 CVE-2017-6454 REJECTED CVE-2017-6453 REJECTED CVE-2017-6452 (Stack-based buffer overflow in the Windows installer for NTP before 4. ...) - ntp (NTP on Windows) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3383 CVE-2017-6451 (The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ...) - ntp (Vulnerable code not enabled at build time) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3378 CVE-2017-6450 RESERVED CVE-2017-6449 RESERVED CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...) {DLA-901-1} [experimental] - radare2 1.3.0+dfsg-1 - radare2 1.1.0+dfsg-4 (bug #859447) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257 (1.3.0-git) NOTE: https://github.com/radare/radare2/issues/6885 CVE-2017-6447 RESERVED CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and ...) - dotclear CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment Center (O ...) NOT-FOR-US: OpenELEC CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism for unso ...) NOT-FOR-US: MikroTik Router hAP Lite CVE-2017-6443 (Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 ...) NOT-FOR-US: EPSON TMNet WebConfig CVE-2002-2447 RESERVED CVE-2017-XXXX [dns: out of bound memory read] - suricata 3.2.1-1 (bug #856648) [jessie] - suricata 2.0.7-2+deb8u3 [wheezy] - suricata (vulnerable code not present) NOTE: https://redmine.openinfosecfoundation.org/issues/2022 NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1) CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...) {DLA-1603-1 DLA-865-1} - suricata 3.2.1-1 (bug #856649) NOTE: https://redmine.openinfosecfoundation.org/issues/2019 NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) CVE-2017-6442 RESERVED CVE-2017-6441 (The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allow ...) NOTE: PHP bug without security relevance CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist ...) - libplist 1.12+git+1+e37ca00-0.2 (bug #858055) [jessie] - libplist (Minor issue) [wheezy] - libplist (vulnerable code not present) NOTE: https://github.com/libimobiledevice/libplist/issues/99 NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in bplist ...) {DLA-2168-1 DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 NOTE: https://github.com/libimobiledevice/libplist/issues/95 NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd CVE-2017-6438 (Heap-based buffer overflow in the parse_unicode_node function in bplis ...) - libplist 1.12+git+1+e37ca00-0.2 (bug #858786) [jessie] - libplist (Minor issue) [wheezy] - libplist (vulnerable code not present) NOTE: https://github.com/libimobiledevice/libplist/issues/98 NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b CVE-2017-6437 (The base64encode function in base64.c in libimobiledevice libplist 1.1 ...) - libplist 1.12+git+1+e37ca00-0.2 (bug #858787) [jessie] - libplist (Minor issue) [wheezy] - libplist (vulnerable code not present) NOTE: https://github.com/libimobiledevice/libplist/issues/100 NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice libplis ...) {DLA-2168-1 DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 NOTE: https://github.com/libimobiledevice/libplist/issues/94 NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice libplis ...) {DLA-2168-1 DLA-870-1} - libplist 1.12+git+1+e37ca00-0.1 NOTE: https://github.com/libimobiledevice/libplist/issues/93 NOTE: https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56 CVE-2017-6434 RESERVED CVE-2017-6433 RESERVED CVE-2017-6432 (An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build ...) NOT-FOR-US: Dahua DVR CVE-2017-6431 RESERVED CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter utility ...) {DSA-3874-1} - ettercap 1:0.8.2-4 (bug #857035) NOTE: https://github.com/Ettercap/ettercap/issues/782 NOTE: Patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 CVE-2017-6429 (Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Be ...) - tcpreplay (Vulnerable code not present) NOTE: https://github.com/appneta/tcpreplay/issues/278 NOTE: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9 CVE-2017-6428 RESERVED CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A cr ...) NOT-FOR-US: EvoStream Media Server CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in Po ...) - libpodofo 0.9.5-9 (bug #861566) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/10 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp NOTE: https://sourceforge.net/p/podofo/tickets/8/ NOTE: Same fix as for CVE-2017-6845 CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoF ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #861565) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/9 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #861564) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/8 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace fun ...) - libpodofo 0.9.5-9 (bug #861563) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/7 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/ NOTE: https://sourceforge.net/p/podofo/tickets/9/ NOTE: Same fix as for CVE-2017-6845 CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9. ...) - libpodofo 0.9.5-9 (bug #861562) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: The motivation for no-dsa in wheezy is that there are no known NOTE: services that use this library (apart from desktop applications) NOTE: and the worst case is a DoS. NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/6 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892 CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #861561) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/5 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad func ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #861560) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/4 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #861559) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/3 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement funct ...) - libpodofo 0.9.5-9 (bug #861558) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/2 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h NOTE: https://sourceforge.net/p/podofo/tickets/10/ NOTE: Same fix as for CVE-2017-6845 CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...) {DLA-968-1} - libpodofo 0.9.4-6 (bug #861557) [jessie] - libpodofo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/1 NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 CVE-2017-6426 (An information disclosure vulnerability in the Qualcomm SPMI driver. P ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-6425 (An information disclosure vulnerability in the Qualcomm video driver. ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-6424 (An elevation of privilege vulnerability in the Qualcomm WiFi driver. P ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-6423 (An elevation of privilege vulnerability in the Qualcomm kyro L2 driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in ...) NOT-FOR-US: Qualcomm component/driver for Android CVE-2016-10241 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10240 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10237 (If shared content protection memory were passed as the secure camera m ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. Pr ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. Product ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. Pr ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver. ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver. ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec dr ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. P ...) NOT-FOR-US: Qualcomm driver for Android CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to execut ...) - linux 4.5.1-1 (bug #808293) [jessie] - linux 3.16.7-ckt20-1+deb8u2 [wheezy] - linux 3.2.73-2+deb7u2 NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1) CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all Androi ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can potentia ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9001 (In TrustZone an information exposure vulnerability can potentially occ ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can potent ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially occur i ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could potentia ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could potentia ...) NOT-FOR-US: Qualcomm components for Android CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially occur i ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...) - git 1:2.0.0~rc2-1 [wheezy] - git (Vulnerable code introduced in 1.8.1-rc0) NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f NOTE: https://github.com/njhartwell/pw3nage NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250 CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could potentia ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ove ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases f ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a Bu ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a Signe ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local us ...) - linux 4.0.2-1 [jessie] - linux 3.16.39-1 [wheezy] - linux 3.2.82-1 NOTE: Fixed by: https://git.kernel.org/linus/69c433ed2ecd2d3264efd7afec4439524b319121 (v3.18-rc2) CVE-2017-6422 RESERVED CVE-2017-6421 (In the touch controller function in all Qualcomm products with Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...) {DLA-1261-1 DLA-1105-1} - clamav 0.99.3~beta1+dfsg-1 [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11798 NOTE: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc NOTE: https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98 CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...) {DSA-3946-1 DLA-1279-1} - libmspack 0.6-1 (bug #871263) - clamav 0.99.3~beta1+dfsg-1 (unimportant) [stretch] - clamav 0.99.4+dfsg-1+deb9u1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701 NOTE: https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 NOTE: ClamAV uses the libmspack system library when available. This is the NOTE: case from starting from Debian Jessie. Debian Wheezy does not have NOTE: have libmspack and thus need to have the fix as well in the NOTE: src:clamav source package. NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229 CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause ...) {DLA-1261-1 DLA-1105-1} - clamav 0.99.3~beta1+dfsg-1 [stretch] - clamav 0.99.2+dfsg-6+deb9u1 [jessie] - clamav 0.99.2+dfsg-0+deb8u3 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11797 NOTE: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and e ...) NOT-FOR-US: Avira Total Security Suite CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerab ...) NOT-FOR-US: SysGauge CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...) - radare2 1.1.0+dfsg-3 (bug #856572) [jessie] - radare2 (Vulnerable code introduced in 1.1.0) [wheezy] - radare2 (Vulnerable code introduced in 1.1.0) NOTE: https://github.com/radare/radare2/issues/6872 NOTE: https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308 CVE-2017-6414 (Memory leak in the vcard_apdu_new function in card_7816.c in libcacard ...) - libcacard 1:2.5.0-3 (bug #856501) NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) - libapache2-mod-auth-openidc 2.1.6-1 [jessie] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could o ...) NOT-FOR-US: Sophos CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devic ...) NOT-FOR-US: D-Link CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 call ...) {DSA-3849-1 DLA-952-1} - kio 5.28.0-2 (bug #856889) - kde4libs 4:4.14.26-2 (bug #856890) NOTE: https://www.kde.org/info/security/advisory-20170228-1.txt NOTE: Patch for kio: https://commits.kde.org/kio/f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 NOTE: Patch for kde4libs: https://commits.kde.org/kdelibs/1804c2fde7bf4e432c6cf5bb8cce5701c7010559 CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and NetBackup ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) NOT-FOR-US: Veritas NetBackup CVE-2017-6398 (An issue was discovered in Trend Micro InterScan Messaging Security (V ...) NOT-FOR-US: Trend Micro CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerabilit ...) NOT-FOR-US: FlightAirMap CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnera ...) NOT-FOR-US: WPO-Foundation WebPageTest CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability exists due ...) NOT-FOR-US: HashOveer CVE-2017-6394 (Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR ...) NOT-FOR-US: OpenEMR CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability exists due ...) - nagvis (Vulnerable code introduced in nagvis-1.8.0) NOTE: https://github.com/NagVis/nagvis/issues/91 CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...) NOT-FOR-US: Kaltura server CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...) NOT-FOR-US: Kaltura server CVE-2017-6390 (An issue was discovered in whatanime.ga before c334dd8499a681587dd4199 ...) NOT-FOR-US: whatanime.ga CVE-2017-6389 RESERVED CVE-2017-6388 RESERVED CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ...) - radare2 1.1.0+dfsg-3 (bug #856574) [jessie] - radare2 (Vulnerable code not present) [wheezy] - radare2 (Vulnerable code not present) NOTE: https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb NOTE: https://github.com/radare/radare2/issues/6857 CVE-2017-6386 (Memory leak in the vrend_create_vertex_elements_state function in vren ...) - virglrenderer 0.6.0-2 (bug #858255; bug #872884) NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920 CVE-2017-6385 RESERVED CVE-2017-6383 REJECTED CVE-2017-6382 RESERVED CVE-2017-6381 (A 3rd party development library including with Drupal 8 development de ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-2017-001 CVE-2017-6380 RESERVED CVE-2017-6379 (Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-2017-001 CVE-2017-6378 RESERVED CVE-2017-6377 (When adding a private file via the editor in Drupal 8.2.x before 8.2.7 ...) - drupal8 (bug #756305) NOTE: https://www.drupal.org/SA-2017-001 CVE-2017-6376 RESERVED CVE-2017-6375 RESERVED CVE-2017-6374 RESERVED CVE-2017-6373 RESERVED CVE-2017-6372 RESERVED CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...) NOT-FOR-US: Synchronet BBS CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...) NOT-FOR-US: TYPO3 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...) {DSA-3824-1 DLA-879-1} - firebird2.5 (bug #858641) - firebird3.0 3.0.1.32609.ds4-14 (bug #858644) NOTE: http://tracker.firebirdsql.org/browse/CORE-5474 NOTE: Fixed by: https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375 (3.0) NOTE: https://github.com/FirebirdSQL/firebird/commit/9d9b9e0c94e201da489d1da81f858c570d3ca6ef (2.5) NOTE: https://github.com/FirebirdSQL/firebird/commit/a802126cd501f641f00d6cda12d5d9ee3ecda6f5 (2.5) CVE-2017-6368 RESERVED CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Win ...) NOT-FOR-US: Cerberus FTP Server CVE-2017-6366 (Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 rou ...) NOT-FOR-US: Netgear CVE-2017-6365 RESERVED CVE-2017-6364 RESERVED CVE-2017-6363 (In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap- ...) - libgd2 2.3.0-1 [buster] - libgd2 (Minor issue) [stretch] - libgd2 (Minor issue) [jessie] - libgd2 (Minor issue) NOTE: https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c NOTE: https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397 NOTE: https://github.com/libgd/libgd/issues/383 CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...) {DSA-3961-1 DLA-1106-1} - libgd2 2.2.5-1 NOTE: https://github.com/libgd/libgd/issues/381 NOTE: https://github.com/libgd/libgd/commit/56ce6ef068b954ad28379e83cca04feefc51320c CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbit ...) NOT-FOR-US: QNAP CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...) NOT-FOR-US: QNAP CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...) NOT-FOR-US: QNAP CVE-2017-6358 RESERVED CVE-2017-6357 RESERVED CVE-2017-6356 (Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 ...) NOT-FOR-US: Palo Alto Networks Terminal Services CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration use ...) - php7.1 (Fixed before initial upload to Debian) - php7.0 7.0.14-1 - php5 [jessie] - php5 5.6.29+dfsg-0+deb8u1 [wheezy] - php5 (vulnerable code not present) NOTE: Fixed in 7.1.0, 7.0.14, 5.6.29 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=69090 CVE-2015-8993 (Malicious file execution vulnerability in Intel Security CloudAV (Beta ...) NOT-FOR-US: Intel antivirus CVE-2015-8992 (Malicious file execution vulnerability in Intel Security WebAdvisor be ...) NOT-FOR-US: Intel antivirus CVE-2015-8991 (Malicious file execution vulnerability in Intel Security McAfee Securi ...) NOT-FOR-US: Intel antivirus CVE-2015-8990 (Detection bypass vulnerability in Intel Security Advanced Threat Defen ...) NOT-FOR-US: Intel antivirus CVE-2015-8989 (Unsalted password vulnerability in the Enterprise Manager (web portal) ...) NOT-FOR-US: Intel antivirus CVE-2015-8988 (Unquoted executable path vulnerability in Client Management and Gatewa ...) NOT-FOR-US: Intel antivirus CVE-2015-8987 (Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in ...) NOT-FOR-US: Intel antivirus CVE-2015-8986 (Sandbox detection evasion vulnerability in hardware appliances in McAf ...) NOT-FOR-US: Intel antivirus CVE-2014-9921 (Information disclosure vulnerability in McAfee (now Intel Security) Cl ...) NOT-FOR-US: Intel antivirus CVE-2014-9920 (Unauthorized execution of binary vulnerability in McAfee (now Intel Se ...) NOT-FOR-US: Intel antivirus CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...) NOT-FOR-US: Intel antivirus CVE-2013-7461 (A write protection and execution bypass vulnerability in McAfee (now I ...) NOT-FOR-US: Intel antivirus CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now I ...) NOT-FOR-US: Intel antivirus CVE-2017-6355 (Integer overflow in the vrend_create_shader function in vrend_renderer ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (0.6.0) CVE-2017-6354 RESERVED CVE-2017-6352 RESERVED CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacture ...) NOT-FOR-US: WePresent WiPG-1500 CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...) {DLA-850-1} - vim 2:8.0.0197-3 (bug #856266) [jessie] - vim 2:7.4.488-7+deb8u3 - neovim 0.1.7-4 NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occu ...) {DLA-850-1} - vim 2:8.0.0197-3 (bug #856266) [jessie] - vim 2:7.4.488-7+deb8u3 - neovim 0.1.7-4 NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allow ...) NOT-FOR-US: Grails PDF plugin CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...) NOT-FOR-US: Dahua devices CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Fir ...) NOT-FOR-US: Dahua devices CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06 ...) NOT-FOR-US: Dahua devices CVE-2017-6340 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...) NOT-FOR-US: Trend Micro CVE-2017-6339 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...) NOT-FOR-US: Trend Micro CVE-2017-6338 (Multiple Access Control issues in Trend Micro InterScan Web Security V ...) NOT-FOR-US: Trend Micro CVE-2017-6337 RESERVED CVE-2017-6336 RESERVED CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0. ...) NOT-FOR-US: NETGEAR CVE-2017-6333 RESERVED CVE-2017-6332 RESERVED CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter ...) NOT-FOR-US: Symantec CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote atta ...) NOT-FOR-US: Symantec CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...) NOT-FOR-US: Symantec CVE-2017-6328 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...) NOT-FOR-US: Symantec CVE-2017-6327 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...) NOT-FOR-US: Symantec CVE-2017-6326 (The Symantec Messaging Gateway can encounter an issue of remote code e ...) NOT-FOR-US: Symantec CVE-2017-6325 (The Symantec Messaging Gateway can encounter a file inclusion vulnerab ...) NOT-FOR-US: Symantec CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific email attac ...) NOT-FOR-US: Symantec CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_H ...) NOT-FOR-US: Symantec CVE-2017-6322 RESERVED CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)] - pax-utils 1.2.3-1 (unimportant; bug #856196) NOTE: https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/ NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559 CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2 CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788 CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Li ...) - linux 4.9.13-1 [jessie] - linux (Vulnerable code introduced in 4.0) [wheezy] - linux (Vulnerable code introduced in 4.0) NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before 4. ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure th ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762 CVE-2017-6321 RESERVED CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...) NOT-FOR-US: Barracuda CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...) - radare2 1.1.0+dfsg-3 (bug #856579) [jessie] - radare2 (Vulnerable code introduced in 1.1.0) [wheezy] - radare2 (Vulnerable code introduced in 1.1.0) NOTE: https://github.com/radare/radare2/issues/6836 NOTE: https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431 CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain sensit ...) {DLA-940-1} - sane-backends 1.0.25-4 (low; bug #854804) [jessie] - sane-backends 1.0.24-8+deb8u2 NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...) NOT-FOR-US: Citrix CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...) NOT-FOR-US: Astaro CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1. ...) {DLA-1456-1} - graphicsmagick 1.3.25-8 [wheezy] - graphicsmagick (vulnerable code not present) NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/ CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.c in ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0) CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...) {DLA-2043-1} - gdk-pixbuf 2.36.11-2 (low; bug #856448) [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020 NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in gdk-p ...) {DLA-2043-1} - gdk-pixbuf 2.36.11-2 (low; bug #856445) [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016 NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4 NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8 CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent at ...) {DLA-2043-1} - gdk-pixbuf 2.36.11-2 (low; bug #856444) [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012 NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dec9ca22d70c0f0d4492333b4e8147afb038afd2 NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...) - gdk-pixbuf 2.36.10-1 (bug #858491; unimportant) [stretch] - gdk-pixbuf (thumbnailer not installed before 2.36.5-3) [jessie] - gdk-pixbuf (Code introduced in 2.36.1) [wheezy] - gdk-pixbuf (Code introduced in 2.36.1) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204 NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html NOTE: Upload of gdk-pixbuf 2.36.5-3 to experimental added a new binary package containing NOTE: the thumbnailer. NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=57362ed4c1f37c05723e25e136327e262f32d35f NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=758655315bc3760c2d646e1e935f7448847073af NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=67a02e1bfef1ae8f7fa50ca36f6d922c1b6d3ed6 CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ha ...) {DSA-3798-1 DLA-839-1} - tnef 1.4.12-1.1 (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/9c4015433ecd3177976f820f7aa524c7e64c7c92 NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/c0b99164d14dcc61348a2ddffd47dfe31d087bad CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions hav ...) {DSA-3798-1 DLA-839-1} - tnef 1.4.12-1.1 (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer Overflo ...) {DSA-3798-1 DLA-839-1} - tnef 1.4.12-1.1 (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176 CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have bee ...) {DSA-3798-1 DLA-839-1} - tnef 1.4.12-1.1 (bug #856117) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1} - libytnef 1.9.1-1 [wheezy] - libytnef (vulnerable code not present) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) {DSA-3846-1 DLA-878-1} - libytnef 1.9.1-1 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does n ...) NOT-FOR-US: MikroTik RouterOS CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM applicati ...) NOT-FOR-US: NVIDIA CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster im ...) NOT-FOR-US: NVIDIA CVE-2017-6294 (In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 ...) NOT-FOR-US: NVIDIA CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6292 (In Android before the 2018-06-05 security patch level, NVIDIA TLZ Trus ...) NOT-FOR-US: NVIDIA CVE-2017-6291 RESERVED CVE-2017-6290 (In Android before the 2018-06-05 security patch level, NVIDIA TLK Trus ...) NOT-FOR-US: NVIDIA CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a missi ...) NOT-FOR-US: NVIDIA CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic R ...) NOT-FOR-US: NVIDIA CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function wh ...) NOT-FOR-US: NVIDIA CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...) NOT-FOR-US: NVIDIA CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a impro ...) NOT-FOR-US: NVIDIA CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal ...) NOT-FOR-US: NVIDIA Tegra CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...) NOT-FOR-US: NVIDIA CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader compo ...) NOT-FOR-US: NVIDIA ADSP Firmware CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers 384.130-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6270 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6269 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers 384.130-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) [experimental] - nvidia-graphics-drivers 384.90-1 - nvidia-graphics-drivers 384.98-2 (bug #876414) [stretch] - nvidia-graphics-drivers 384.130-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 CVE-2017-6265 RESERVED CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU drive ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use afte ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...) NOT-FOR-US: NVIDIA Vibrante Linux CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) - nvidia-graphics-drivers 375.82-1 (bug #869783) [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1 [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (Limited to E384 and E375) - nvidia-graphics-drivers-legacy-304xx (Limited to E384 and E375) CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...) NOT-FOR-US: Nvidia component for Android CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) - nvidia-graphics-drivers 375.82-1 (bug #869783) [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1 [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (Limited to E384 and E375) - nvidia-graphics-drivers-legacy-304xx (Limited to E384 and E375) CVE-2017-6256 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6255 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6254 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6253 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helpe ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-6246 RESERVED CVE-2017-6245 RESERVED CVE-2017-6244 RESERVED CVE-2017-6243 RESERVED CVE-2017-6242 RESERVED CVE-2017-6241 RESERVED CVE-2017-6240 RESERVED CVE-2017-6239 RESERVED CVE-2017-6238 RESERVED CVE-2017-6237 RESERVED CVE-2017-6236 RESERVED CVE-2017-6235 RESERVED CVE-2017-6234 RESERVED CVE-2017-6233 RESERVED CVE-2017-6232 RESERVED CVE-2017-6231 RESERVED CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...) NOT-FOR-US: Ruckus Networks firmware CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...) NOT-FOR-US: Ruckus Networks firmware CVE-2017-6228 RESERVED CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN product ...) NOT-FOR-US: Brocade CVE-2017-6226 RESERVED CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management i ...) NOT-FOR-US: Brocade CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10 ...) NOT-FOR-US: Ruckus CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD ...) NOT-FOR-US: Ruckus CVE-2017-6222 RESERVED CVE-2017-6221 RESERVED CVE-2017-6220 RESERVED CVE-2017-6219 RESERVED CVE-2017-6218 RESERVED CVE-2017-6217 (paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XS ...) NOT-FOR-US: paypal/adaptivepayments-sdk-php CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...) NOT-FOR-US: novaksolutions/infusionsoft-php-sdk CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...) NOT-FOR-US: PayPal permissions-sdk-php CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permi ...) NOT-FOR-US: PayPal invoice-sdk-php CVE-2017-6212 REJECTED CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel bef ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8) CVE-2017-6210 (The vrend_decode_reset function in vrend_decode.c in virglrenderer bef ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (0.6.0) CVE-2017-6209 (Stack-based buffer overflow in the parse_identifier function in tgsi_t ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (0.6.0) CVE-2017-6208 RESERVED CVE-2017-6207 REJECTED CVE-2017-6206 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...) NOT-FOR-US: D-Link CVE-2017-6205 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...) NOT-FOR-US: D-Link CVE-2017-6204 RESERVED CVE-2017-6203 RESERVED CVE-2017-6202 RESERVED CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app ...) NOT-FOR-US: Sandstorm CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any speci ...) NOT-FOR-US: Sandstorm CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction ...) NOT-FOR-US: Sandstorm CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource limit ...) NOT-FOR-US: Sandstorm CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ...) {DLA-837-1} - radare2 1.1.0+dfsg-2 (bug #856063) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/6816 NOTE: Fixed by: https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989 NOTE: Although the respective new versions were only introduced in 0.10.3 NOTE: The NULL pointer dereferences are still triggerable, via the shown NOTE: vector and seen under valgrind. It might be disputable if that is the NOTE: same vulnerability though. CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...) - ghostscript (Issue introduced later, cf. bug #856142) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596 NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 NOTE: Possibly introduced only after https://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...) NOT-FOR-US: Ipswitch MOVEit Transfer CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...) [experimental] - radare2 1.3.0+dfsg-1 - radare2 1.1.0+dfsg-4 (bug #859448) [jessie] - radare2 (Vulnerable code not present) [wheezy] - radare2 (Vulnerable code not present) NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git) NOTE: https://github.com/radare/radare2/issues/6829 CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...) NOT-FOR-US: APNGDis CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers t ...) NOT-FOR-US: APNGDis CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to e ...) NOT-FOR-US: APNGDis CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link D ...) NOT-FOR-US: D-Link CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before 1.1 ...) NOT-FOR-US: Amazon Kindle CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4 ...) NOT-FOR-US: DiskSavvy Enterprise CVE-2017-6186 (Code injection vulnerability in Bitdefender Total Security 12.0 (and e ...) NOT-FOR-US: Bitdefender CVE-2017-6185 RESERVED CVE-2017-6184 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) NOT-FOR-US: Sophos CVE-2017-6183 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) NOT-FOR-US: Sophos CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) NOT-FOR-US: Sophos CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ...) - ruby2.3 (Introduced in v2_4_0_rc1) - ruby2.1 (Introduced in v2_4_0_rc1) NOTE: Introduced by: https://github.com/ruby/ruby/commit/2873edeafb6f6df1fc99bb9b1167591b99dd378c NOTE: Fixed by: https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c345d7015eda0bf06671f87e9 NOTE: https://bugs.ruby-lang.org/issues/13234 CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vuln ...) NOT-FOR-US: Keekoon KK002 devices CVE-2017-6179 RESERVED CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ga ...) NOT-FOR-US: USBPcap CVE-2017-6177 REJECTED CVE-2017-6176 REJECTED CVE-2017-6175 REJECTED CVE-2017-6174 REJECTED CVE-2017-6173 REJECTED CVE-2017-6172 REJECTED CVE-2017-6171 REJECTED CVE-2017-6170 REJECTED CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virt ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...) NOT-FOR-US: F5 BIG-IP NOTE: https://support.f5.com/csp/article/K21905460 NOTE: https://robotattack.org/ CVE-2017-6167 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PE ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6164 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM softwa ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controlle ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6158 (In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 th ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6156 (When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11. ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11 ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6153 (Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3. ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...) NOT-FOR-US: F5 BIG-IQ Centralized Management CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6149 REJECTED CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0. ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6146 REJECTED CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Li ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Alloc ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6143 (X509 certificate verification was not correctly implemented in the IP ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ear ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSaf ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6139 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare condit ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6138 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) NOT-FOR-US: F5 CVE-2017-6136 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6135 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6134 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6133 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6132 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6131 (In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0. ...) NOT-FOR-US: F5 CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulner ...) NOT-FOR-US: F5 CVE-2017-6129 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumsta ...) NOT-FOR-US: F5 BIG-IP CVE-2017-6128 (An attacker may be able to cause a denial-of-service (DoS) attack agai ...) NOT-FOR-US: F5 CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when CGI gra ...) {DSA-3794-1 DLA-836-1} - munin 2.0.31-1 (bug #855705) NOTE: https://github.com/munin-monitoring/munin/issues/721 CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in the acce ...) NOT-FOR-US: DIGISOL DG-HR1400 Wireless Router CVE-2017-6126 RESERVED CVE-2017-6125 RESERVED CVE-2017-6124 RESERVED CVE-2017-6123 RESERVED CVE-2017-6122 RESERVED CVE-2017-6121 RESERVED CVE-2017-6120 RESERVED CVE-2017-6119 RESERVED CVE-2017-6118 RESERVED CVE-2017-6117 RESERVED CVE-2017-6116 RESERVED CVE-2017-6115 RESERVED CVE-2017-6114 RESERVED CVE-2017-6113 RESERVED CVE-2017-6112 RESERVED CVE-2017-6111 RESERVED CVE-2017-6110 RESERVED CVE-2017-6109 RESERVED CVE-2017-6108 RESERVED CVE-2017-6107 RESERVED CVE-2017-6106 RESERVED CVE-2017-6105 RESERVED CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...) NOT-FOR-US: WordPress plugin CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.) NOT-FOR-US: WordPress plugin CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.) NOT-FOR-US: WordPress plugin CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in saslserv/ ...) - atheme-services 7.2.9-1 (bug #855588) [jessie] - atheme-services (versions prior to 7.2.7 not vulnerable) NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another DOS, fixed in 7.2.9 NOTE: (Possibly) introduced in https://github.com/atheme/atheme/commit/8ac7aa8d007331ae694f099c288e27f911e8cad1 (v7.2.7) CVE-2017-6101 RESERVED CVE-2017-6099 (Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in ...) NOT-FOR-US: PayPal PHP Merchant SDK CVE-2017-6098 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) NOT-FOR-US: Mail Masta plugin for Wordpress CVE-2017-6097 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) NOT-FOR-US: Mail Masta plugin for Wordpress CVE-2017-6096 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) NOT-FOR-US: Mail Masta plugin for Wordpress CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) NOT-FOR-US: Mail Masta plugin for Wordpress CVE-2017-6094 (CPEs used by subscribers on the access network receive their individua ...) NOT-FOR-US: Genexis GASP CVE-2017-6093 RESERVED CVE-2017-6092 RESERVED CVE-2017-6091 RESERVED CVE-2017-6090 (Unrestricted file upload vulnerability in clients/editclient.php in Ph ...) NOT-FOR-US: PhpCollab CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remo ...) NOT-FOR-US: PhpCollab CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 ...) NOT-FOR-US: EyesOfNetwork CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated user ...) NOT-FOR-US: EyesOfNetwork CVE-2017-6086 (Multiple cross-site request forgery (CSRF) vulnerabilities in the addA ...) NOT-FOR-US: ViMbAdmin CVE-2017-6085 RESERVED CVE-2017-6084 RESERVED CVE-2017-6083 RESERVED CVE-2017-6082 RESERVED CVE-2017-6081 (A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...) - zammad (bug #841355) CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) - zammad (bug #841355) CVE-2017-6079 (The HTTP web-management application on Edgewater Networks Edgemarc app ...) NOT-FOR-US: Edgewater CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause ...) NOT-FOR-US: FastStone MaxView CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 al ...) NOT-FOR-US: NETGEAR CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...) {DLA-3152-1} - glibc 2.31-3 (low; bug #856503) - eglibc [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07 CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...) NOT-FOR-US: Zyxel CVE-2017-6076 (In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes i ...) - wolfssl 3.10.2+dfsg-1 (bug #856114) NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable NOTE: https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d CVE-2017-6075 RESERVED CVE-2017-6074 (The dccp_rcv_state_process function in net/dccp/input.c in the Linux k ...) {DSA-3791-1 DLA-833-1} - linux 4.9.13-1 NOTE: Fixed by: https://git.kernel.org/linus/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 CVE-2017-6073 RESERVED CVE-2017-6072 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) NOT-FOR-US: CMS Made Simple CVE-2017-6071 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) NOT-FOR-US: CMS Made Simple CVE-2017-6070 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) NOT-FOR-US: CMS Made Simple CVE-2017-6069 (Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add an ...) NOT-FOR-US: Subrion CMS CVE-2017-6068 (Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can crea ...) NOT-FOR-US: Subrion CMS CVE-2017-6067 (Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom ...) NOT-FOR-US: Symphony CMS CVE-2017-6066 (Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker ca ...) NOT-FOR-US: Subrion CMS CVE-2017-6065 (SQL injection vulnerability in inc/lib/Control/Backend/menus.control.p ...) NOT-FOR-US: GenixCMS CVE-2017-6064 RESERVED CVE-2017-6063 RESERVED CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) - webkitgtk (unimportant) NOTE: Not covered by security support CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...) NOT-FOR-US: SAP CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...) {DLA-2765-1} - mupdf 1.12.0+ds1-1 (unimportant) [wheezy] - mupdf (Vulnerable code not present) NOTE: Although jstest_main.c compiled during build and mujstest is created NOTE: it is not included in the produced binary packages NOTE: https://www.openwall.com/lists/oss-security/2017/02/18/1 CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ...) - qemu 1:2.8+dfsg-3 (bug #855616) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1423358 CVE-2017-6057 RESERVED CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3. ...) NOT-FOR-US: eParakstitajs and eParaksts Java lib CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...) NOT-FOR-US: Hyundai CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada Versi ...) NOT-FOR-US: Trihedral VTScada CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...) NOT-FOR-US: Hyundai CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech L ...) NOT-FOR-US: BLF-Tech LLC VisualView HMI CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2. ...) NOT-FOR-US: Ecava IntegraXor CVE-2017-6049 (Detcon Sitewatch Gateway, all versions without cellular, an attacker c ...) NOT-FOR-US: Detcon Sitewatch Gateway CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data L ...) NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters CVE-2017-6047 (Detcon Sitewatch Gateway, all versions without cellular, Passwords are ...) NOT-FOR-US: Detcon Sitewatch Gateway CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in Sierra ...) NOT-FOR-US: Sierra Wireless AirLink Raven CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada Vers ...) NOT-FOR-US: Trihedral VTScada CVE-2017-6044 (An Improper Authorization issue was discovered in Sierra Wireless AirL ...) NOT-FOR-US: Sierra Wireless AirLink Raven CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada Versi ...) NOT-FOR-US: Trihedral VTScada CVE-2017-6042 (A Cross-Site Request Forgery issue was discovered in Sierra Wireless A ...) NOT-FOR-US: Sierra Wireless AirLink Raven CVE-2017-6041 (An Unrestricted Upload issue was discovered in Marel Food Processing S ...) NOT-FOR-US: Marel CVE-2017-6040 (An Information Exposure issue was discovered in Belden Hirschmann GECK ...) NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...) NOT-FOR-US: Phoenix CVE-2017-6038 (A Cross-Site Request Forgery issue was discovered in Belden Hirschmann ...) NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologie ...) NOT-FOR-US: Wecon CVE-2017-6036 (A Server-Side Request Forgery issue was discovered in Belden Hirschman ...) NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon Technologi ...) NOT-FOR-US: Wecon CVE-2017-6034 (An Authentication Bypass by Capture-Replay issue was discovered in Sch ...) NOT-FOR-US: Schneider Electric CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric Interactive ...) NOT-FOR-US: Schneider Electric CVE-2017-6032 (A Violation of Secure Design Principles issue was discovered in Schnei ...) NOT-FOR-US: Schneider Electric CVE-2017-6031 (A Header Injection issue was discovered in Certec EDV GmbH atvise scad ...) NOT-FOR-US: Certec EDV GmbH atvise scada CVE-2017-6030 (A Predictable Value Range from Previous Values issue was discovered in ...) NOT-FOR-US: Schneider Electric CVE-2017-6029 (A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise ...) NOT-FOR-US: Certec EDV GmbH atvise scada CVE-2017-6028 (An Insufficiently Protected Credentials issue was discovered in Schnei ...) NOT-FOR-US: Schneider Electric CVE-2017-6027 (An Arbitrary File Upload issue was discovered in 3S-Smart Software Sol ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server CVE-2017-6026 (A Use of Insufficiently Random Values issue was discovered in Schneide ...) NOT-FOR-US: Schneider Electric CVE-2017-6025 (A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solu ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server CVE-2017-6024 (A Resource Exhaustion issue was discovered in Rockwell Automation Cont ...) NOT-FOR-US: Rockwell CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. The a ...) NOT-FOR-US: Fatek CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and Co ...) NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 20 ...) NOT-FOR-US: Schneider CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis S ...) NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model 865 ...) NOT-FOR-US: Schneider Electric CVE-2017-6018 (An open redirect issue was discovered in B. Braun Medical SpaceCom mod ...) NOT-FOR-US: SpaceCom / SpaceStation CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric Modic ...) NOT-FOR-US: Schneider Electric CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao Consult ...) NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA) CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell ...) NOT-FOR-US: Rockwell CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 cap ...) {DSA-3811-1 DLA-826-1} - wireshark 2.2.5+g440fd4d-2 (bug #855408) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416 CVE-2017-6013 (Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the quer ...) NOT-FOR-US: Subrion CMS CVE-2017-6012 RESERVED CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read lead ...) {DSA-3807-1 DLA-854-1} - icoutils 0.31.2-1 (bug #854054) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74 NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393 CVE-2017-6010 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...) {DSA-3807-1 DLA-854-1} - icoutils 0.31.2-1 (bug #854054) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74 NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393 CVE-2017-6009 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...) {DSA-3807-1 DLA-854-1} - icoutils 0.31.2-1 (bug #854050) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407 CVE-2017-6008 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...) NOT-FOR-US: Sophos CVE-2017-6007 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...) NOT-FOR-US: Sophos CVE-2017-6006 REJECTED CVE-2017-6005 (Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Wi ...) NOT-FOR-US: Waves MaxxAudio CVE-2017-6004 (The compile_bracket_matchingpath function in pcre_jit_compile.c in PCR ...) - pcre3 2:8.39-2.1 (bug #855405) [jessie] - pcre3 (Vulnerable code introduced later) [wheezy] - pcre3 (Vulnerable code introduced later) NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch NOTE: https://bugs.exim.org/show_bug.cgi?id=2035 CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_languag ...) NOT-FOR-US: dotCMS CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...) NOT-FOR-US: Subrion CMS CVE-2014-9919 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the f ...) NOT-FOR-US: Bilboplanet CVE-2014-9918 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the u ...) NOT-FOR-US: Bilboplanet CVE-2014-9917 (An issue was discovered in Bilboplanet 2.0. There is a stored XSS vuln ...) NOT-FOR-US: Bilboplanet CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...) NOT-FOR-US: Bilboplanet CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before 4.9. ...) {DSA-3791-1 DLA-833-1} - linux 4.9.10-1 NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290 CVE-2017-6000 REJECTED CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an algorit ...) NOT-FOR-US: sysPass CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE E ...) NOT-FOR-US: InterSect Alliance SNARE Epilog CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remo ...) NOT-FOR-US: SAP Message Server CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before ...) NOT-FOR-US: Bomgar Remote Support CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2. ...) NOT-FOR-US: NetApp ONTAP Select Deploy administration utility CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a ...) {DLA-1493-1} - xen 4.8.1-1 (bug #856229) [wheezy] - xen (Minor issue) NOTE: https://xenbits.xen.org/xsa/advisory-207.html CVE-2017-XXXX [XSA-206: xenstore denial of service via repeated update] - xen 4.8.1-1 (bug #860565) [jessie] - xen 4.4.4lts1-0+deb8u1 [wheezy] - xen (Too intrusive to backport) NOTE: https://xenbits.xen.org/xsa/advisory-206.html CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state f ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422452 CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blit ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438 CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...) {DSA-3797-1} - mupdf 1.9a+ds1-4 (low) [wheezy] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500 NOTE: https://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...) NOT-FOR-US: PhreeBooksERP CVE-2017-5989 RESERVED CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enab ...) NOT-FOR-US: NetApp CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...) {DLA-1497-1} - qemu 1:2.8+dfsg-3 (bug #855159) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket ...) {DSA-3804-1 DLA-849-1} - linux 4.9.10-1 NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90 CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-u ...) - lxc 1:2.0.7-2 (bug #857295) [jessie] - lxc 1:1.0.6-6+deb8u6 [wheezy] - lxc (vulnerable code not present) NOTE: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html NOTE: https://launchpad.net/bugs/1654676 NOTE: master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9 NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3 NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a h ...) - libav [jessie] - libav (Vulnerable code introduced later) - ffmpeg (ffmpeg not affected) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1019 NOTE: https://patches.libav.org/patch/62534/ CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...) NOT-FOR-US: JIRA Workflow Designer Plugin CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...) {DLA-3712-1} - kodi 2:18.6+dfsg1-1 (bug #855225) [stretch] - kodi (Minor issue) [jessie] - kodi (Minor issue) - xbmc (bug #861274) [jessie] - xbmc (Minor issue) [wheezy] - xbmc (Minor issue) NOTE: http://seclists.org/fulldisclosure/2017/Feb/27 NOTE: http://trac.kodi.tv/ticket/17314 NOTE: https://lists.debian.org/debian-lts/2017/04/msg00025.html NOTE: https://lists.debian.org/debian-lts/2017/04/msg00055.html (and followups) NOTE: https://lists.debian.org/debian-lts/2017/05/msg00006.html CVE-2017-5681 (The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) E ...) NOT-FOR-US: Intel QuickAssist Technology (QAT) Engine CVE-2017-6056 (It was discovered that a programming error in the processing of HTTPS ...) {DSA-3788-1 DSA-3787-1 DLA-823-1} - tomcat8 8.0.21-2 (bug #851304) - tomcat7 7.0.72-3 (bug #854551) NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544 CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial o ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/ CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/ CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remot ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/ CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/ CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.6 ...) {DSA-3878-1} - zziplib 0.13.62-3.1 (bug #864150; bug #854727) [jessie] - zziplib (Minor issue) [wheezy] - zziplib (Minor issue) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/ CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block function ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/ CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in fetch.c in ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/ NOTE: https://github.com/gdraheim/zziplib/commit/33d6e9c52fcf1a8983896a512033994dc2ca5734 (v0.13.63) NOTE: https://github.com/gdraheim/zziplib/commit/64e745f8a3604ba1c444febed86b5e142ce03dd7 (v0.13.63) CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in fetch.c in ...) {DSA-3878-1 DLA-994-1} - zziplib 0.13.62-3.1 (bug #854727) NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/ CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ...) {DLA-1497-1 DLA-845-1 DLA-842-1} - qemu 1:2.8+dfsg-3 (bug #855611) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html NOTE: https://www.openwall.com/lists/oss-security/2017/02/13/11 CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a SY ...) - linux 4.4.2-1 [jessie] - linux (Known perfomance limitation) [wheezy] - linux (Known perfomance limitation) CVE-2016-10225 (The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and ...) NOT-FOR-US: sunxi-debug driver in Allwinner kernel CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application use ...) NOT-FOR-US: Sauter NovaWeb CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerabilit ...) NOT-FOR-US: BigTree CMS CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to e ...) NOT-FOR-US: NewsBee CMS CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Lin ...) {DSA-3791-1 DLA-922-1} - linux 4.9.10-1 NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8) NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1) CVE-2017-5969 (libxml2 2.9.4, when used in recover mode, allows remote attackers to c ...) {DLA-2972-1} - libxml2 2.9.4+dfsg1-5.1 (bug #855001) [jessie] - libxml2 (Minor issue, only a denial-of-service when using recover mode) [wheezy] - libxml2 (Minor issue, only a denial-of-service when using recover mode) NOTE: https://www.openwall.com/lists/oss-security/2016/11/05/3 NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519 NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/94691dc884d1a8ada39f073408b4bb92fe7fe882 CVE-2017-5968 RESERVED CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIME ...) - linux 4.9.13-1 (low) CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...) NOT-FOR-US: Sitecore CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authe ...) NOT-FOR-US: Sitecore CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...) NOT-FOR-US: Emoncms CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...) NOT-FOR-US: TYPO3 extension CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...) NOT-FOR-US: TYPO3 extension CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...) NOT-FOR-US: ionize CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...) NOT-FOR-US: Phalcon Eye CVE-2017-5959 (CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation ...) NOT-FOR-US: GenixCMS CVE-2017-5958 RESERVED CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126 CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...) - virglrenderer 0.6.0-1 (bug #858255) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073 NOTE: The original fix opens a memory leak: https://www.openwall.com/lists/oss-security/2017/02/24/2 NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395 CVE-2017-5955 RESERVED CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for Node. ...) NOT-FOR-US: serialize-to-js Node package CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree l ...) {DSA-3786-1 DLA-822-1} - vim 2:8.0.0197-2 (bug #854969) - neovim 0.1.7-4 NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d CVE-2017-5952 RESERVED CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Softw ...) {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859696) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 NOTE: Fixed by: https://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) - yaml-cpp 0.6.3-1 (low; bug #859891) [buster] - yaml-cpp (Minor issue) [stretch] - yaml-cpp (Minor issue) [jessie] - yaml-cpp (Minor issue) [wheezy] - yaml-cpp (Minor issue) - yaml-cpp0.3 (low; bug #859892) [stretch] - yaml-cpp0.3 (Minor issue) [jessie] - yaml-cpp0.3 (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/459 NOTE: possible fix: https://github.com/jbeder/yaml-cpp/pull/489 CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) - webkitgtk (unimportant) NOTE: Not covered by security support CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Oxyge ...) NOT-FOR-US: OnePlus One CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices wit ...) NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...) {DSA-3801-1 DLA-846-1} - ruby-zip 1.2.0-1.1 (bug #856269) - libzip-ruby NOTE: https://github.com/rubyzip/rubyzip/issues/315 CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...) NOT-FOR-US: Moodle plugin CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT) 4.x befor ...) {DSA-3882-1 DLA-987-1} - request-tracker4 4.4.1-4 CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...) {DSA-3882-1 DLA-987-1} - request-tracker4 4.4.1-4 CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...) - webkitgtk (unimportant) NOTE: Not covered by security support CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. Mu ...) - mupdf (Vulnerable code not yet present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400 CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Soft ...) {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859694) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450 CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. Ghos ...) {DSA-3838-1 DLA-905-1} - ghostscript 9.20~dfsg-3.1 (bug #859666) NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) - ghostscript (Vulnerable code introduced later) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...) - ghostscript 9.20~dfsg-3.1 (bug #859662) [jessie] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) [wheezy] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) NOT-FOR-US: IT ITems DataBase CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder befor ...) NOT-FOR-US: Fastspot BigTree bigtree-form-builder CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for Node.j ...) NOT-FOR-US: node-serialize CVE-2017-5939 RESERVED CVE-2017-5936 (OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pair ...) NOT-FOR-US: Nova-LXD CVE-2017-5937 (The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d ...) - virglrenderer 0.6.0-1 (bug #854728) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246 CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in virglrend ...) - virglrenderer 0.6.0-1 (bug #854728) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266 CVE-2017-5935 RESERVED CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...) {DSA-4318-1 DLA-1546-1} - moin 1.9.9-1+deb9u1 (bug #910776) NOTE: https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11 ...) NOT-FOR-US: Citrix CVE-2016-10213 (A10 AX1030 and possibly other devices with software before 2.7.2-P8 us ...) NOT-FOR-US: A10 CVE-2016-10212 (Radware devices use the same value for the first two GCM nonces, which ...) NOT-FOR-US: Radware devices CVE-2017-5932 (The path autocompletion feature in Bash 4.4 allows local users to gain ...) - bash 4.4-3 [jessie] - bash (Introduced in 4.4) [wheezy] - bash (Introduced in 4.4) NOTE: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf NOTE: Fix http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715 CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emula ...) - qemu 1:2.8+dfsg-3 (bug #854730) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/8 CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote ...) - postfixadmin 3.0.2-1 (bug #854742) [jessie] - postfixadmin (Vulnerable code not present) [wheezy] - postfixadmin (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/6 CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ...) {DLA-888-1} - logback 1:1.1.9-3 (bug #857343) [jessie] - logback 1:1.1.2-1+deb8u1 NOTE: https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8 NOTE: https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9 NOTE: https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5 NOTE: https://github.com/qos-ch/logback/commit/3b4f605454534b304770eeee3cb343521fcd6968 NOTE: Information asked about complete patchset to fix CVE-2017-5929: http://mailman.qos.ch/pipermail/logback-user/2017-March/004875.html CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web browse ...) NOT-FOR-US: Design limitation of W3C High Resolution Time API CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical addre ...) NOT-FOR-US: Hardware issue in some Intel CPUs CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical addre ...) NOT-FOR-US: Hardware issue in some Intel CPUs CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical addre ...) NOT-FOR-US: Hardware issue in some Intel CPUs CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) - yara 3.5.0+dfsg-9 (bug #859821) [jessie] - yara 3.1.0-2+deb8u1 NOTE: https://github.com/VirusTotal/yara/issues/593 CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) - yara 3.5.0+dfsg-9 (bug #859821) [jessie] - yara 3.1.0-2+deb8u1 NOTE: https://github.com/VirusTotal/yara/issues/597 CVE-2017-5922 RESERVED CVE-2017-5921 RESERVED CVE-2017-5920 RESERVED CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) - yara 3.5.0+dfsg-9 (bug #859821) [jessie] - yara 3.1.0-2+deb8u1 NOTE: https://github.com/VirusTotal/yara/issues/575 CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denia ...) - yara 3.5.0+dfsg-9 (bug #859821) [jessie] - yara 3.1.0-2+deb8u1 NOTE: https://github.com/VirusTotal/yara/issues/576 CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in li ...) {DSA-4360-1 DLA-1600-1 DLA-1006-1} - libarchive 3.2.2-3.1 (low; bug #859456) NOTE: https://github.com/libarchive/libarchive/issues/842 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0) CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ce ...) NOT-FOR-US: 21st Century Insurance app for iOS CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.50 ...) NOT-FOR-US: Banco de Costa Rica BCR Movil app for iOS CVE-2017-5917 REJECTED CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1. ...) NOT-FOR-US: America's First Federal Credit Union (FCU) Mobile Banking app CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10 ...) NOT-FOR-US: Emirates NBD Bank P.J.S.C Emirates NBD KSA app CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certif ...) NOT-FOR-US: DOT IT Banque Zitouna app CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...) NOT-FOR-US: TradeKing Forex for iPhone app CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...) NOT-FOR-US: FOREX.com FOREXTrader for iPhone app CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS d ...) NOT-FOR-US: Banco Santander Mexico SA Supermovil app CVE-2017-5910 RESERVED CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...) NOT-FOR-US: Electronic Funds Source (EFS) Mobile Driver Source app CVE-2017-5908 REJECTED CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...) NOT-FOR-US: Great Southern Bank Great Southern Mobile Banking app CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker ap ...) NOT-FOR-US: Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certifi ...) NOT-FOR-US: Dollar Bank Mobile app CVE-2017-5904 RESERVED CVE-2017-5903 RESERVED CVE-2017-5902 (The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates fr ...) NOT-FOR-US: PayQuicker app CVE-2017-5901 (The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not ...) NOT-FOR-US: State Bank of India State Bank Anywhere app CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 rout ...) NOT-FOR-US: NetComm CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in fitz ...) {DSA-3797-1} - mupdf 1.9a+ds1-3 (bug #854734) [wheezy] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ NOTE: https://www.openwall.com/lists/oss-security/2017/02/10/1 CVE-2017-5895 RESERVED CVE-2017-5894 RESERVED CVE-2017-5893 RESERVED CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...) NOT-FOR-US: ASUS CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ha ...) NOT-FOR-US: ASUS CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in usb/dev-s ...) {DLA-845-1 DLA-842-1} - qemu 1:2.8+dfsg-3 (bug #854729) [jessie] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1419699 NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a CVE-2017-5897 (The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allo ...) {DSA-3791-1} - linux 4.9.13-1 [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756 NOTE: Introduced by: https://github.com/torvalds/linux/commit/c12b395a46646bab69089ce7016ac78177f6001f (3.7-rc1) CVE-2017-5890 RESERVED CVE-2017-5889 RESERVED CVE-2017-5888 RESERVED CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...) NOT-FOR-US: Starscream CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message an ...) {DLA-831-1} - gtk-vnc 0.6.0-3 (bug #854450) [jessie] - gtk-vnc (Minor issue) NOTE: http://openwall.com/lists/oss-security/2017/02/05/5 CVE-2017-5884 (gtk-vnc before 0.7.0 does not properly check boundaries of subrectangl ...) {DLA-831-1} - gtk-vnc 0.6.0-3 (bug #854450) [jessie] - gtk-vnc (Minor issue) NOTE: Scope of the CVE is all of https://bugzilla.gnome.org/show_bug.cgi?id=778048#c1 NOTE: http://openwall.com/lists/oss-security/2017/02/05/5 CVE-2017-5883 RESERVED CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in SANADATA Sana ...) NOT-FOR-US: SanaCMS CVE-2017-5881 (GOM Player 2.3.10.5266 allows remote attackers to cause a denial of se ...) NOT-FOR-US: GOM Player CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x bef ...) NOT-FOR-US: Splunk CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL inj ...) NOT-FOR-US: Exponent CMS CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restric ...) NOT-FOR-US: AMF unmarshallers in Red5 Media Server CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial ...) - tigervnc 1.7.0-1 NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012 CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ker ...) {DLA-922-1} - linux 4.8.15-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7) CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in l ...) {DSA-3784-1 DLA-820-1} - viewvc 1.1.26-1 (bug #854681) NOTE: https://www.openwall.com/lists/oss-security/2017/02/08/7 NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows rem ...) - openpyxl 2.3.0-3 (bug #854442) [jessie] - openpyxl (vulnerable code not present) [wheezy] - openpyxl (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/5 NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749 NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...) - libapache2-mod-auth-openidc 2.1.5-1 [jessie] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212 CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) - libapache2-mod-auth-openidc 2.1.5-1 [jessie] - libapache2-mod-auth-openidc (support for OIDCUnAuthAction added in 1.8.5rc1) NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222 CVE-2017-XXXX [irssi memory leak] - irssi 1.0.1-1 (bug #855108) [jessie] - irssi (support for sasl not present) [wheezy] - irssi (support for sasl not present) NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144 NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8 CVE-2017-XXXX [irssi missing null terminator] - irssi 1.0.1-1 (unimportant) NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6 NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8 CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows r ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows remo ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) - zoneminder 1.30.4+dfsg-1 (bug #854272) [jessie] - zoneminder (Minor issue) [wheezy] - zoneminder (Minor issue) CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...) {DLA-1200-1} - linux 4.9.10-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1) NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1) CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken f ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #854604) [jessie] - libpodofo (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837 CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...) NOT-FOR-US: dotCMS CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...) NOT-FOR-US: dotCMS CVE-2017-5875 (XSS was discovered in dotCMS 3.7.0, with an authenticated attack again ...) NOT-FOR-US: dotCMS CVE-2017-5874 (CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_ ...) NOT-FOR-US: D-Link CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service in Uni ...) NOT-FOR-US: Unisys CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...) NOT-FOR-US: Unisys ClearPath CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Op ...) - odoo (Fixed before initial upload to Debian) CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...) NOT-FOR-US: ViMbAdmin CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...) NOT-FOR-US: Nuxeo CVE-2017-5868 (CRLF injection vulnerability in the web interface in OpenVPN Access Se ...) NOT-FOR-US: OpenVPN Access Server CVE-2017-5867 (ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, ...) - owncloud CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud Server ...) - owncloud CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, 8.2 ...) - owncloud CVE-2017-5864 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5862 RESERVED CVE-2017-5861 REJECTED CVE-2017-5860 RESERVED CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...) NOT-FOR-US: Cambium Networks cnPilot CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: converse.js CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers t ...) - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) [jessie] - libplist (Minor issue) [wheezy] - libplist (pointers are not incorrectly freed and non-string key nodes are officially allowed) NOTE: https://github.com/libimobiledevice/libplist/issues/86 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory a ...) {DLA-2168-1 DLA-840-1} - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) NOTE: https://github.com/libimobiledevice/libplist/issues/88 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers ...) {DLA-2168-1 DLA-840-1} - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) NOTE: https://github.com/libimobiledevice/libplist/issues/89 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass Poli ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass Po ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5827 (A reflected cross site scripting vulnerability in HPE Aruba ClearPass ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5826 (An authenticated remote code execution vulnerability in HPE Aruba Clea ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5825 (A privilege escalation vulnerability in HPE Aruba ClearPass Policy Man ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5824 (An unauthenticated remote code execution vulnerability in HPE Aruba Cl ...) NOT-FOR-US: HPE Aruba ClearPass Policy Manager CVE-2017-5823 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5822 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5821 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5820 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5819 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5818 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...) NOT-FOR-US: HPE CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network Automatio ...) NOT-FOR-US: HPE CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network Autom ...) NOT-FOR-US: HPE CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation versio ...) NOT-FOR-US: HPE CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...) NOT-FOR-US: HPE CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) NOT-FOR-US: HPE CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) NOT-FOR-US: HPE CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) NOT-FOR-US: HPE CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop Server ...) NOT-FOR-US: HPE NonStop Servers CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...) NOT-FOR-US: HPE Vertica Analytics Platform CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business Pro ...) NOT-FOR-US: HPE Business Process Monitor CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Br ...) NOT-FOR-US: HPE Operations Bridge Analytics CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...) NOT-FOR-US: HPE OpenCall Media Platform CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...) NOT-FOR-US: HPE OpenCall Media Platform CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in HP ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 S ...) NOT-FOR-US: HPE 2620 Series Network Switches CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent Manag ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent Mana ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Man ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent Manageme ...) NOT-FOR-US: HPE Intelligent Management Center NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200 CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE Intell ...) NOT-FOR-US: HPE Intelligent Management Center CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before ...) NOT-FOR-US: HPE LoadRunner NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200 CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE NonSt ...) NOT-FOR-US: HPE NonStop Software Essentials CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control Reposi ...) NOT-FOR-US: HPE Version Control Manager CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE OfficeConn ...) NOT-FOR-US: HPE OfficeConnect Network Switches CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...) NOT-FOR-US: HPE Matrix Operating Environment CVE-2017-5779 REJECTED CVE-2017-5778 REJECTED CVE-2017-5777 REJECTED CVE-2017-5776 REJECTED CVE-2017-5775 REJECTED CVE-2017-5774 REJECTED CVE-2017-5773 REJECTED CVE-2017-5772 REJECTED CVE-2017-5771 REJECTED CVE-2017-5770 REJECTED CVE-2017-5769 REJECTED CVE-2017-5768 REJECTED CVE-2017-5767 REJECTED CVE-2017-5766 REJECTED CVE-2017-5765 REJECTED CVE-2017-5764 REJECTED CVE-2017-5763 REJECTED CVE-2017-5762 REJECTED CVE-2017-5761 REJECTED CVE-2017-5760 REJECTED CVE-2017-5759 REJECTED CVE-2017-5758 REJECTED CVE-2017-5757 REJECTED CVE-2017-5756 REJECTED CVE-2017-5755 REJECTED CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and indir ...) {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1} - linux 4.14.12-1 - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 [jessie] - nvidia-graphics-drivers 340.106-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - linux-grsec - xen 4.11.1~pre+1.733450b39b-1 [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4 [jessie] - xen (Too intrusive to backport) NOTE: https://meltdownattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html NOTE: Paper: https://meltdownattack.com/meltdown.pdf NOTE: https://01.org/security/advisories/intel-oss-10003 CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and branc ...) {DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1} - linux 4.15.11-1 - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 [jessie] - nvidia-graphics-drivers 340.106-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - linux-grsec NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html NOTE: Paper: https://spectreattack.com/spectre.pdf NOTE: https://01.org/security/advisories/intel-oss-10002 CVE-2017-5752 REJECTED CVE-2017-5751 REJECTED CVE-2017-5750 REJECTED CVE-2017-5749 REJECTED CVE-2017-5748 REJECTED CVE-2017-5747 REJECTED CVE-2017-5746 REJECTED CVE-2017-5745 REJECTED CVE-2017-5744 REJECTED CVE-2017-5743 REJECTED CVE-2017-5742 REJECTED CVE-2017-5741 REJECTED CVE-2017-5740 REJECTED CVE-2017-5739 REJECTED CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite ...) NOT-FOR-US: Intel Unite App CVE-2017-5737 REJECTED CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...) NOT-FOR-US: Intel CVE-2017-5735 REJECTED CVE-2017-5734 REJECTED CVE-2017-5733 REJECTED CVE-2017-5732 REJECTED CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an ...) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686 NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150 NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html CVE-2017-5730 REJECTED CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and T ...) NOT-FOR-US: Intel CVE-2017-5728 REJECTED CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 1 ...) NOT-FOR-US: Intel CVE-2017-5726 REJECTED CVE-2017-5725 REJECTED CVE-2017-5724 REJECTED CVE-2017-5723 REJECTED CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, N ...) NOT-FOR-US: Intel CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...) NOT-FOR-US: Intel CVE-2017-5720 REJECTED CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...) NOT-FOR-US: Intel CVE-2017-5718 REJECTED CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics Dr ...) NOT-FOR-US: Intel graphics driver CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...) {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2743-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} - linux 4.15.11-1 - intel-microcode 3.20180425.1 [stretch] - intel-microcode 3.20180425.1~deb9u1 [jessie] - intel-microcode 3.20180425.1~deb8u1 - amd64-microcode 3.20180515.1 NOTE: https://spectreattack.com/ NOTE: https://xenbits.xen.org/xsa/advisory-254.html NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html NOTE: Paper: https://spectreattack.com/spectre.pdf NOTE: https://www.suse.com/de-de/support/kb/doc/?id=7022512 NOTE: https://www.suse.com/support/update/announcement/2018/suse-su-20180009-1/ NOTE: For the required microcode updates in advance: NOTE: intel-microcode: https://bugs.debian.org/886367 NOTE: intel-microcode: Some microcode updates to partially adress CVE-2017-5715 included in 3.20171215.1 NOTE: Further updates in 3.20180312.1 NOTE: amd64-microcode: https://bugs.debian.org/886382 NOTE: amd64-microcode updates in 3.20180515.1 - qemu 1:2.12~rc3+dfsg-1 (bug #886532) - qemu-kvm NOTE: Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html NOTE: to pass thorugh new MSR and CPUID flags from the host VM to the CPU, to NOTE: allow (future) enabling/disabling ranch prediction features in the Intel NOTE: CPU. - virtualbox 5.2.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) - nvidia-graphics-drivers 384.111-1 (bug #886852) [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 [jessie] - nvidia-graphics-drivers 340.106-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.106-1 [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - linux-grsec - xen 4.11.1~pre+1.733450b39b-1 [jessie] - xen (Too intrusive to backport) CVE-2017-5714 REJECTED CVE-2017-5713 REJECTED CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel Managea ...) NOT-FOR-US: Intel CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in Int ...) NOT-FOR-US: Intel CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted Execution En ...) NOT-FOR-US: Intel CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server Platform Serv ...) NOT-FOR-US: Intel CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability Engine ...) NOT-FOR-US: Intel CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution Engine ...) NOT-FOR-US: Intel CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Services ...) NOT-FOR-US: Intel CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine Firm ...) NOT-FOR-US: Intel CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core Process ...) NOT-FOR-US: Intel CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel platfo ...) NOT-FOR-US: Intel CVE-2017-5702 REJECTED CVE-2017-5701 (Insecure platform configuration in system firmware for Intel NUC7i3BNK ...) NOT-FOR-US: Intel CVE-2017-5700 (Insufficient protection of password storage in system firmware for Int ...) NOT-FOR-US: Intel CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior ...) NOT-FOR-US: Intel MinnowBoard 3 Firmware NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...) NOT-FOR-US: Intel CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of Inte ...) NOT-FOR-US: Intel CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, a ...) NOT-FOR-US: Intel CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Drive C ...) NOT-FOR-US: Intel CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive P ...) NOT-FOR-US: Intel CVE-2017-5693 (Firmware in the Intel Puma 5, 6, and 7 Series might experience resourc ...) NOT-FOR-US: Intel Puma CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Graphics ...) NOT-FOR-US: Intel Graphics Driver for Windows CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...) NOT-FOR-US: Intel CPUs CVE-2017-5690 REJECTED CVE-2017-5689 (An unprivileged network attacker could gain system privileges to provi ...) NOT-FOR-US: Intel AMT CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid S ...) NOT-FOR-US: Intel Solid State Drive Toolbox CVE-2017-5687 REJECTED CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) NOT-FOR-US: BIOS in Intel NUC systems CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) NOT-FOR-US: BIOS in Intel NUC systems CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core pr ...) NOT-FOR-US: BIOS in Intel NUC systems CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Acc ...) NOT-FOR-US: Intel Hardware Accelerated Execution Manager CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, In ...) NOT-FOR-US: Intel PSET CVE-2017-5680 REJECTED CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6-beta ...) {DSA-3789-1 DLA-824-1} - libevent 2.0.21-stable-3 (bug #854092) NOTE: https://github.com/libevent/libevent/issues/332 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...) {DSA-3789-1 DLA-824-1} - libevent 2.0.21-stable-3 (bug #854092) NOTE: https://github.com/libevent/libevent/issues/318 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...) {DSA-3789-1 DLA-824-1} - libevent 2.0.21-stable-3 (bug #854092) NOTE: https://github.com/libevent/libevent/issues/317 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...) {DSA-3818-1 DLA-2164-1 DLA-830-1} - gst-plugins-bad1.0 1.10.4-1 (low) - gst-plugins-bad0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957 NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...) {DSA-3821-1 DLA-2226-1 DLA-829-1} - gst-plugins-ugly1.0 1.10.4-1 (low) - gst-plugins-ugly0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955 NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37 CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...) {DSA-3821-1 DLA-2226-1 DLA-829-1} - gst-plugins-ugly1.0 1.10.3-1 (low) - gst-plugins-ugly0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937 CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...) {DSA-3820-1} - gst-plugins-good1.0 1.10.3-1 (low) - gst-plugins-good0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532 CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) {DSA-3819-1 DLA-2126-1 DLA-827-1} - gst-plugins-base1.0 1.10.3-1 (low) - gst-plugins-base0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525 CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...) {DSA-3818-1 DLA-2164-1 DLA-830-1} - gst-plugins-bad1.0 1.10.3-1 - gst-plugins-bad0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503 CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...) {DSA-3819-1} - gst-plugins-base1.0 1.10.3-1 - gst-plugins-base0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502 CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...) {DSA-3820-1} - gst-plugins-good1.0 1.10.3-1 (low) - gst-plugins-good0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500 CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...) {DSA-3820-1 DLA-2225-1 DLA-828-1} - gst-plugins-good1.0 1.10.3-1 (low) - gst-plugins-good0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469 CVE-2017-5839 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) {DSA-3819-1} - gst-plugins-base1.0 1.10.3-1 - gst-plugins-base0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265 CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdatetime. ...) {DSA-3822-1} - gstreamer1.0 1.10.3-1 (low) - gstreamer0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263 CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) {DSA-3819-1 DLA-2126-1 DLA-827-1} - gst-plugins-base1.0 1.10.3-1 (low) - gst-plugins-base0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262 CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...) {DSA-3820-1} - gst-plugins-good1.0 1.10.3-1 (low) - gst-plugins-good0.10 (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451 CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...) {DSA-3820-1 DLA-2225-1 DLA-828-1} - gst-plugins-good1.0 1.10.3-1 (low) - gst-plugins-good0.10 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450 CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy] - iio-sensor-proxy 2.0-4 (bug #853951) CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0. ...) - ffmpeg 7:3.2.2-1 - libav (Vulnerable code not present in libav, only in ffmpeg) NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...) {DLA-1611-1} - ffmpeg 7:3.2.2-1 - libav NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7 NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...) {DLA-1611-1} - ffmpeg 7:3.2.2-1 - libav NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...) - mp3splt (unimportant) NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c NOTE: No security impact, crash in CLI tool CVE-2017-5679 RESERVED CVE-2017-5678 REJECTED CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerab ...) NOT-FOR-US: PEAR HTML_AJAX NOTE: http://karmainsecurity.com/KIS-2017-01 CVE-2017-5676 RESERVED CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in hw/display/vir ...) - qemu 1:2.8+dfsg-3 (bug #853996; unimportant) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382 NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/21 CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ...) {DLA-1497-1} - qemu 1:2.8+dfsg-3 (bug #853996) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/19 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342 CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...) NOT-FOR-US: espeak-ruby Ruby gem CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...) NOT-FOR-US: festivaltts4r CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection functi ...) {DLA-929-1} - libpodofo 0.9.4-1 (bug #854599) [jessie] - libpodofo (Minor issue) NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ NOTE: https://sourceforge.net/p/podofo/code/1672 CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...) - libpodofo 0.9.4-6 (bug #854603) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843 CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ca ...) - libpodofo 0.9.5-9 (bug #854602) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) [wheezy] - libpodofo (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876 NOTE: duplicate CVE: CVE-2018-5308 CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote a ...) {DLA-929-1} - libpodofo 0.9.4-5 (bug #854601) [jessie] - libpodofo (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/ NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVar ...) {DLA-929-1} - libpodofo 0.9.5-7 (low; bug #854600) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1838 NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1841 NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/ CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRG ...) - netpbm-free (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/02/02/2 NOTE: Debian uses an unaffected fork: NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8 CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service ...) NOT-FOR-US: OpenBSD httpd CVE-2017-5833 (Cross-site scripting (XSS) vulnerability in the invocation code genera ...) NOT-FOR-US: Revive Adserver CVE-2017-5832 (Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0 ...) NOT-FOR-US: Revive Adserver CVE-2017-5831 (Session fixation vulnerability in the forgot password mechanism in Rev ...) NOT-FOR-US: Revive Adserver CVE-2017-5830 (Revive Adserver before 4.0.1 allows remote attackers to execute arbitr ...) NOT-FOR-US: Revive Adserver CVE-2017-5675 (A command-injection vulnerability exists in a web application on a cus ...) NOT-FOR-US: GoAhead Web Server CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, V ...) NOT-FOR-US: GoAhead Web Server CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum mes ...) NOT-FOR-US: Joomla extension CVE-2017-5672 (Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnera ...) NOT-FOR-US: Kony Enterprise Mobile Management CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 indust ...) NOT-FOR-US: Honeywell CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm progr ...) NOT-FOR-US: Riverbed RiOS CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...) {DSA-3804-1 DLA-849-1} - linux 4.9.13-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931 CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...) - mp3splt (unimportant; bug #854278) NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ NOTE: Negligable security impact CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ...) - mp3splt (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ NOTE: No security impact, crash in CLI tool CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requires th ...) {DSA-3892-1 DSA-3891-1 DLA-996-1} - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.14-2 (bug #864447) - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie [wheezy] - tomcat6 (Not supported in Wheezy) NOTE: https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E NOTE: Fixed by: http://svn.apache.org/r1793469 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1793488 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1793489 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1793470 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x) NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x) CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incub ...) NOT-FOR-US: Apache Fineract CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the serve ...) {DSA-4215-1 DLA-926-1} - batik 1.9-1 (bug #860566) NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/1 NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139 NOTE: Fixed by: http://svn.apache.org/r1743326 NOTE: Similar issue to CVE-2015-0250 CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server ...) {DSA-3864-1 DLA-927-1} - fop 1:2.1-6 (bug #860567) NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/2 NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668 NOTE: Fixed by: http://svn.apache.org/r1769967 NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6) CVE-2017-5660 (There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ...) {DSA-4128-1} - trafficserver 7.1.2+ds-1 [wheezy] - trafficserver (Vulnerable code not present) NOTE: https://github.com/apache/trafficserver/pull/1657 NOTE: https://issues.apache.org/jira/browse/TS-4930 CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...) - trafficserver 7.0.0-1 [wheezy] - trafficserver (PoC doesn't crash the server, fix too hard to backport) NOTE: https://issues.apache.org/jira/browse/TS-4507 NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above) NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153 CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to b ...) NOT-FOR-US: Apache Pony Mail CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected aga ...) NOT-FOR-US: Apache Archiva CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of c ...) NOT-FOR-US: Apache CXF CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be ...) NOT-FOR-US: Apache Ambari CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of ...) NOT-FOR-US: Apache Ambari CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...) NOT-FOR-US: Apache CXF CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...) NOT-FOR-US: Impala CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...) - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.11-2 (bug #860071) [jessie] - tomcat8 (Only affects 8.5 and later) NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/21 NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x) CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...) - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.11-2 (bug #860070) [jessie] - tomcat8 (Only affects 8.5 and later) NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/22 NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x) CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by sett ...) NOT-FOR-US: Apache Geode CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to appli ...) {DSA-3843-1 DSA-3842-1 DLA-924-1} - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.11-2 (bug #860069) - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 (Only affects 7.0 an later) NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/23 NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x) CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...) {DSA-3843-1 DSA-3842-1 DLA-924-1} - tomcat9 (Fixed before initial upload to Debian) - tomcat8 8.5.11-2 (bug #860068) - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/24 NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x) NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x) NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x) NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x) CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated us ...) NOT-FOR-US: Apache Knox CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...) - apache-log4j2 2.7-2 (bug #860489) [jessie] - apache-log4j2 (Minor issue, no consumers of liblog4j2-java in Jessie) NOTE: https://issues.apache.org/jira/browse/LOG4J2-1863 NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers t ...) - libapache-poi-java 3.17-1 (bug #858301) [stretch] - libapache-poi-java (Minor issue) [jessie] - libapache-poi-java (Minor issue) [wheezy] - libapache-poi-java (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2017/03/20/9 CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via rem ...) NOT-FOR-US: Apache Camel CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artif ...) NOT-FOR-US: Apache Ambari CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not r ...) NOT-FOR-US: Apache Flex BlazeDS CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...) NOT-FOR-US: Impala CVE-2017-5639 REJECTED CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 an ...) - libstruts1.2-java (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045 CVE-2017-5637 (Two four letter word commands "wchp/wchc" are CPU intensive and could ...) {DSA-3871-1 DLA-986-1} - zookeeper 3.4.9-3 (bug #863811) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 CVE-2017-5636 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...) NOT-FOR-US: Apache NiFi CVE-2017-5635 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...) NOT-FOR-US: Apache NiFi CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows phy ...) NOT-FOR-US: Norwegian CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Li ...) NOT-FOR-US: D-Link CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with Firmw ...) NOT-FOR-US: Asus router CVE-2017-5631 (An issue was discovered in KMCIS CaseAware. Reflected cross site scrip ...) NOT-FOR-US: KMCIS CaseAware CVE-2017-5630 (PECL in the download utility class in the Installer in PEAR Base Syste ...) - php5 (unimportant) - php-pear (unimportant) NOTE: https://pear.php.net/bugs/bug.php?id=21171 NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway CVE-2017-5629 RESERVED CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fas ...) NOT-FOR-US: OxygenOS CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized ...) NOT-FOR-US: OxygenOS CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...) NOT-FOR-US: OxygenOS CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T d ...) NOT-FOR-US: OxygenOS CVE-2017-5622 (With OxygenOS before 4.0.3, when a charger is connected to a powered-o ...) NOT-FOR-US: OxygenOS CVE-2017-5621 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) - zammad (bug #841355) CVE-2017-5620 (An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...) - zammad (bug #841355) CVE-2017-5619 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) - zammad (bug #841355) CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in Se ...) - serendipity CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x befo ...) NOT-FOR-US: Splunk CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: Xabber CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: Movim CVE-2017-5604 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - mcabber 1.0.4-1.1 (bug #854738) [jessie] - mcabber (XEP-0280: Message Carbons not implemented) [wheezy] - mcabber (XEP-0280: Message Carbons not implemented) CVE-2017-5603 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - jitsi (bug #854737) CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - jappix (bug #619347) CVE-2017-5601 (An error in the lha_read_file_header_1() function (archive_read_suppor ...) {DLA-1600-1 DLA-810-1} - libarchive 3.2.1-6 (bug #853278) NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 NOTE: https://secunia.com/secunia_research/2017-3/ CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd. ...) NOT-FOR-US: D-Link CVE-2016-10185 (An issue was discovered on the D-Link DWR-932B router. A secure_mode=n ...) NOT-FOR-US: D-Link CVE-2016-10184 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows f ...) NOT-FOR-US: D-Link CVE-2016-10183 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows d ...) NOT-FOR-US: D-Link CVE-2016-10182 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows c ...) NOT-FOR-US: D-Link CVE-2016-10181 (An issue was discovered on the D-Link DWR-932B router. qmiweb provides ...) NOT-FOR-US: D-Link CVE-2016-10180 (An issue was discovered on the D-Link DWR-932B router. WPS PIN generat ...) NOT-FOR-US: D-Link CVE-2016-10179 (An issue was discovered on the D-Link DWR-932B router. There is a hard ...) NOT-FOR-US: D-Link CVE-2016-10178 (An issue was discovered on the D-Link DWR-932B router. HELODBG on port ...) NOT-FOR-US: D-Link CVE-2016-10177 (An issue was discovered on the D-Link DWR-932B router. Undocumented TE ...) NOT-FOR-US: D-Link CVE-2016-10176 (The NETGEAR WNR2000v5 router allows an administrator to perform sensit ...) NOT-FOR-US: Netgear CVE-2016-10175 (The NETGEAR WNR2000v5 router leaks its serial number when performing a ...) NOT-FOR-US: Netgear CVE-2016-10174 (The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_ ...) NOT-FOR-US: Netgear CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending o ...) NOT-FOR-US: Gentoo ebuilds dir permissions at install time CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...) {DLA-1497-1} - qemu 1:2.8+dfsg-3 (bug #853996) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559 NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/2 CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a deni ...) - bitlbee 3.5.1-1 (bug #853282) [jessie] - bitlbee (Incomplete fix for CVE-2016-10189 not applied) [wheezy] - bitlbee (Incomplete fix for CVE-2016-10189 not applied) NOTE: https://bugs.bitlbee.org/ticket/1282 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1) NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189 CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of servic ...) {DSA-3853-1 DLA-832-1} - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1282 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5) NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 NOTE: When fixing this CVE make sure to apply as well NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 NOTE: to not open CVE-2017-5668 CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows re ...) {DSA-3853-1 DLA-832-1} - bitlbee 3.5-1 NOTE: https://bugs.bitlbee.org/ticket/1281 NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5) NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...) - firejail 0.9.44.6-1 NOTE: Changelog mentions the new fix for CVE-2017-5180 in RELNOTES for 0.9.44.6 NOTE: an needs series of commits after 0.9.44.4 NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6) NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6) NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/4 CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...) {DLA-859-1} - calibre 2.75.1+dfsg-1 (low; bug #853004) [jessie] - calibre (Minor issue) NOTE: Upstream report: https://launchpad.net/bugs/1651728 NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/8 CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in ...) - s-nail 14.8.16-1 (bug #852934) NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160 NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/7 CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...) - mujs (Fixed before initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;h=8f62ea10a0af68e56d5c00720523ebcba13c2e6a NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697496 CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...) - mujs (Fixed before initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;h=4006739a28367c708dea19aeb19b8a1a9326ce08 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697497 CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web app ...) {DSA-3781-1 DLA-816-1} - svgsalamander 1.1.1+dfsg-2 (bug #853134) NOTE: https://github.com/blackears/svgSalamander/issues/11 NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/3 CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function ...) - piwigo CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 ...) NOT-FOR-US: NetApp OnCommand Insight CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) NOT-FOR-US: eClinicalWorks CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. Thi ...) NOT-FOR-US: eClinicalWorks CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849 NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.2+dfsg-1 (bug #852767) NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454 NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in web/views/file ...) {DLA-1145-1} - zoneminder 1.30.4+dfsg-1 (bug #854733) NOTE: Check https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerab ...) NOT-FOR-US: Pagekit CMS CVE-2017-5593 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - psi-plus (vulnerable code not present, XEP-0280 not implemented) CVE-2017-5592 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - profanity 0.5.1-1 (bug #854735) [jessie] - profanity (Vulnerable code not present) CVE-2017-5591 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) - sleekxmpp 1.3.1-6 (bug #854739) [jessie] - sleekxmpp (vulnerable code not present, XEP-0280 not implemented) [wheezy] - sleekxmpp (vulnerable code not present, XEP-0280 not implemented) - slixmpp 1.2.2-1.1 (bug #854740) CVE-2017-5590 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: ChatSecure / Zom CVE-2017-5589 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) NOT-FOR-US: yaxim / Bruno CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...) {DSA-3778-1 DLA-808-1} - ruby-minitar 0.5.4-3.1 (bug #853075) - ruby-archive-tar-minitar (bug #853249) NOTE: https://github.com/halostatue/minitar/issues/16 NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4 NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740 CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before 5. ...) - wavpack 5.0.0-2 (bug #853076) [jessie] - wavpack (Vulnerable code not present) [wheezy] - wavpack (Vulnerable code not present) NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before 5. ...) - wavpack 5.0.0-2 (bug #853076) [jessie] - wavpack (Vulnerable code not present) [wheezy] - wavpack (Vulnerable code not present) NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 all ...) - wavpack 5.0.0-2 (bug #853076) [jessie] - wavpack (Vulnerable code not present) [wheezy] - wavpack (Vulnerable code not present) NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...) - wavpack 5.0.0-2 (bug #853076) [wheezy] - wavpack (Minor issue) NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_interpol ...) {DSA-3777-1} - libgd2 2.2.4-1 [wheezy] - libgd2 (Vulnerable code not present) NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...) {DSA-3777-1 DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 (unimportant) [jessie] - php5 5.6.30+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73868 NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30 - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...) {DSA-3777-1 DLA-804-1} - php7.1 7.1.1-1 (unimportant) - php7.0 7.0.15-1 (unimportant) - php5 (unimportant) [jessie] - php5 5.6.30+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73869 NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30 - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 CVE-2017-5588 RESERVED CVE-2017-5587 RESERVED CVE-2017-5586 (OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote ...) NOT-FOR-US: OpenText Documentum D2 CVE-2017-5585 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) NOT-FOR-US: OpenText Documentum Content Server CVE-2017-5584 (Cross-site scripting (XSS) vulnerability in the Management Web Interfa ...) NOT-FOR-US: Palo Alto Networks CVE-2017-5583 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...) NOT-FOR-US: Palo Alto Networks CVE-2017-5582 RESERVED CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2 ...) - jasper [jessie] - jasper (Minor issue) [wheezy] - jasper (Minor issue) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114 NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/10 NOTE: The POC only triggers an assertion failure but an overflow cannot be observed. CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...) - jasper (unimportant) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112 NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/8 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...) - jasper (unimportant) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113 NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/9 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files a ...) - screen 4.5.0-3 (bug #852484) [stretch] - screen (Vulnerable code not present/never migrated to stretch) [jessie] - screen (Vulnerable code not present) [wheezy] - screen (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html NOTE: https://savannah.gnu.org/bugs/?50142 NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58 NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4 NOTE: https://www.openwall.com/lists/oss-security/2017/01/24/10 CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector c ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.4+gcc3dc1b-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345 CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector ...) {DSA-3811-1 DLA-858-1} - wireshark 2.2.4+gcc3dc1b-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344 CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...) {DSA-3774-1 DLA-803-1} - lcms2 2.8-4 (bug #852627) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program req ...) {DSA-3772-1 DLA-801-1} - libxpm 1:3.5.12-1 NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185 NOTE: https://www.openwall.com/lists/oss-security/2017/01/22/2 CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in ...) - virglrenderer 0.6.0-1 (bug #852603) NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944 CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in Tig ...) - tigervnc 1.7.0+dfsg-3 (bug #852213) NOTE: https://github.com/TigerVNC/tigervnc/pull/399 NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c i ...) - virglrenderer 0.6.0-1 (bug #852604) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986 NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=28894a30a17a84529be102b21118e55d6c9f23fa (0.6.0) NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html CVE-2017-5579 (Memory leak in the serial_exit_core function in hw/char/serial.c in QE ...) {DLA-1497-1} - qemu 1:2.8+dfsg-3 (bug #853002) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157 CVE-2017-5578 (Memory leak in the virtio_gpu_resource_attach_backing function in hw/d ...) - qemu 1:2.10.0-1 (unimportant) [jessie] - qemu (Vulnerable code introduced later) [wheezy] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b (v2.9.0-rc0) NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=62232bf48456bda4058ceae05851bc58c1032338 (v2.4.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795 NOTE: Marked as unimportant, since 1:2.8+dfsg-2 upload reverts NOTE: enable virtio gpu (virglrenderer) and opengl support CVE-2017-5577 (The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the Video ...) - linux 4.9.6-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/6b8ac63847bc2f958dd93c09edc941a0118992d9 NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1) CVE-2017-5576 (Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc ...) - linux 4.9.6-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/0f2ff82e11c86c05d051cae32b58226392d33bbf NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1) CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS b ...) NOT-FOR-US: GenixCMS CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...) NOT-FOR-US: GenixCMS CVE-2017-5573 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...) NOT-FOR-US: Citrix CVE-2017-5572 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...) NOT-FOR-US: Citrix CVE-2017-5571 (Open redirect vulnerability in the lmadmin component in Flexera FlexNe ...) NOT-FOR-US: Flexera FlexNet Publisher CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) NOT-FOR-US: eClinicalWorks CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) NOT-FOR-US: eClinicalWorks CVE-2017-5568 RESERVED CVE-2017-5567 (Code injection vulnerability in Avast Premier 12.3 (and earlier), Inte ...) NOT-FOR-US: Avast CVE-2017-5566 (Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG I ...) NOT-FOR-US: AVG CVE-2017-5565 (Code injection vulnerability in Trend Micro Maximum Security 11.0 (and ...) NOT-FOR-US: Trend Micro CVE-2017-5564 RESERVED CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...) - tiff (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2664 NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2 CVE-2017-5562 RESERVED CVE-2017-5561 RESERVED CVE-2017-5560 RESERVED CVE-2017-5559 RESERVED CVE-2017-5558 RESERVED CVE-2017-5557 RESERVED CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF befo ...) NOT-FOR-US: Foxit Reader CVE-2017-5555 RESERVED CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4 ...) NOT-FOR-US: OnePlus 3 / 3T OxygenOS CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_m ...) - b2evolution CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...) {DLA-2168-1 DLA-811-1} - libplist 1.12+git+1+e37ca00-0.1 (low; bug #852385) NOTE: https://github.com/libimobiledevice/libplist/issues/87 NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches V210R240. ...) NOT-FOR-US: FiberHome switches CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote ...) NOT-FOR-US: Subrion CMS CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in template/usererror.missing ...) NOT-FOR-US: Symphony CMS CVE-2017-5541 (Directory traversal vulnerability in template/usererror.missing_extens ...) NOT-FOR-US: Symphony CMS CVE-2017-5540 RESERVED CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in b2evolution versi ...) - b2evolution CVE-2017-5536 (The GridServer Broker, and GridServer Director components of TIBCO Sof ...) NOT-FOR-US: TIBCO GridServer CVE-2017-5535 (The GridServer Broker, GridServer Driver, and GridServer Engine compon ...) NOT-FOR-US: TIBCO GridServer CVE-2017-5534 (The tibbr user profiles components of tibbr Community, and tibbr Enter ...) NOT-FOR-US: tibbr CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports Ser ...) - jasperreports (bug #884131) [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) [wheezy] - jasperreports (cannot be supported due to lack of information) NOTE: http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017 CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO JasperReport ...) - jasperreports (bug #884131) [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) [wheezy] - jasperreports (cannot be supported due to lack of information) NOTE: https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532 CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions 8.0 ...) NOT-FOR-US: TIBCO CVE-2017-5530 (The tibbr web server components of tibbr Community, and tibbr Enterpri ...) NOT-FOR-US: tibbr CVE-2017-5529 (JasperReports library components contain an information disclosure vul ...) - jasperreports (bug #880467) [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) [wheezy] - jasperreports (cannot be supported due to lack of information) NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 CVE-2017-5528 (Multiple JasperReports Server components contain vulnerabilities which ...) - jasperreports (bug #880467) [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) [wheezy] - jasperreports (cannot be supported due to lack of information) NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x be ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...) - php7.1 7.1.1-1 - php7.0 7.0.15-1 NOTE: PHP Bug: https://bugs.php.net/73831 NOTE: Fixed in 7.0.15, 7.1.1 CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...) {DSA-3783-1 DLA-818-1} - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 NOTE: PHP Bug: https://bugs.php.net/73825 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...) {DSA-3783-1 DLA-818-1} - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 NOTE: PHP Bug: https://bugs.php.net/73768 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...) {DSA-3783-1 DLA-818-1} - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 NOTE: PHP Bug: https://bugs.php.net/73764 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...) {DSA-3783-1 DLA-818-1} - php7.1 7.1.1-1 - php7.0 7.0.15-1 - php5 NOTE: PHP Bug: https://bugs.php.net/73737 NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...) NOT-FOR-US: Akamai NetSession CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable s ...) - systemd 229-1 [jessie] - systemd (Vulnerability introduced in v228) [wheezy] - systemd (Vulnerability introduced in v228) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601 NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229) NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228) CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allow ...) {DLA-869-1} - cgiemail (bug #852031) NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...) {DLA-869-1} - cgiemail (bug #852031) NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote atta ...) {DLA-869-1} - cgiemail (bug #852031) NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote atta ...) {DLA-869-1} - cgiemail (bug #852031) NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...) {DLA-1497-1} - qemu 1:2.8+dfsg-2 (low; bug #852232) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e CVE-2016-10154 (The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x ...) - linux 4.9.2-1 [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1) CVE-2016-10153 (The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 inte ...) - linux 4.9.6-1 [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1) CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ba ...) {DLA-796-1} - hesiod 3.2.1-3.1 (low; bug #852093) [stretch] - hesiod (Minor issue) [jessie] - hesiod (Minor issue) NOTE: https://github.com/achernya/hesiod/pull/10 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493 CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...) {DLA-796-1} - hesiod 3.2.1-3.1 (low; bug #852094) [stretch] - hesiod (Minor issue) [jessie] - hesiod (Minor issue) NOTE: https://github.com/achernya/hesiod/pull/9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508 CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...) - linux 4.8.15-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 (v4.9-rc8) NOTE: Introduced by: https://git.kernel.org/linus/a28ebea2adc4a2bef5989a5a181ec238f59fbcad (v4.8-rc2) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414506 CVE-2016-10148 (The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ...) - wordpress 4.6.1+dfsg-1 [jessie] - wordpress (wp_ajax_update_plugin function introduced in 4.2) [wheezy] - wordpress (wp_ajax_update_plugin function introduced in 4.2) NOTE: https://core.trac.wordpress.org/ticket/37490 NOTE: https://core.trac.wordpress.org/changeset/38168 CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in hw/displa ...) - qemu 1:2.10.0-1 (bug #852119; unimportant) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 (v2.9.0-rc0) NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is NOTE: still present. CVE-2017-5551 (The simple_set_acl function in fs/posix_acl.c in the Linux kernel befo ...) {DSA-3791-1} - linux 4.9.6-1 [wheezy] - linux 3.2.84-1 NOTE: Backported fix for CVE-2016-7097 already covered this CVE for wheezy NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4) CVE-2017-5550 (Off-by-one error in the pipe_advance function in lib/iov_iter.c in the ...) - linux 4.9.6-1 [jessie] - linux (Introduced in 4.9) [wheezy] - linux (Introduced in 4.9) NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4) NOTE: Introduced by: https://github.com/torvalds/linux/commit/241699cd72a8489c9446ae3910ddd243e9b9061b (4.9-rc1) CVE-2017-5549 (The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105. ...) {DSA-3791-1 DLA-833-1} - linux 4.9.6-1 NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4) CVE-2017-5548 (drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 ...) - linux 4.9.6-1 [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655 CVE-2017-5547 (drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 inter ...) - linux 4.9.6-1 [jessie] - linux (Vulnerable code introduced in v4.4-rc1) [wheezy] - linux (Vulnerable code introduced in v4.4-rc1) NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d CVE-2017-5546 (The freelist-randomization feature in mm/slab.c in the Linux kernel 4. ...) - linux 4.9.6-1 [jessie] - linux (freelist randomisation introduced in 4.7) [wheezy] - linux (freelist randomisation introduced in 4.7) NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4) CVE-2017-5538 (The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c i ...) NOT-FOR-US: Samsung Exynos CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers ...) NOT-FOR-US: Plone CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different er ...) - weblate (bug #745661) NOTE: https://www.openwall.com/lists/oss-security/2017/01/18/11 CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ...) {DLA-1497-1} - qemu 1:2.8+dfsg-2 (bug #851910) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da NOTE: Sound device hotplug not supported by libvirt CVE-2017-5525 (Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows loc ...) {DLA-1497-1} - qemu 1:2.8+dfsg-2 (bug #852021) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401 NOTE: Sound device hotplug not supported by libvirt CVE-2017-5523 RESERVED CVE-2017-5522 (Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6. ...) {DSA-3766-1 DLA-790-1} - mapserver 7.0.4-1 NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page.) - moodle 2.7.18+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=345915 CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of attributes i ...) - moodle 2.7.18+dfsg-1 NOTE: https://moodle.org/mod/forum/discuss.php?d=345912 CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, ...) NOT-FOR-US: NETGEAR CVE-2017-5520 (The media rename feature in GeniXCMS through 0.0.8 does not consider a ...) NOT-FOR-US: GenixCMS CVE-2017-5519 (SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0 ...) NOT-FOR-US: GenixCMS CVE-2017-5518 (The media-file upload feature in GeniXCMS through 0.0.8 allows remote ...) NOT-FOR-US: GenixCMS CVE-2017-5517 (SQL injection vulnerability in author.control.php in GeniXCMS through ...) NOT-FOR-US: GenixCMS CVE-2017-5516 (Multiple cross-site scripting (XSS) vulnerabilities in the user forms ...) NOT-FOR-US: GenixCMS CVE-2017-5515 (Cross-site scripting (XSS) vulnerability in the user prompt function i ...) NOT-FOR-US: GenixCMS CVE-2017-5514 RESERVED CVE-2017-5513 RESERVED CVE-2017-5512 RESERVED CVE-2017-5497 RESERVED CVE-2017-5496 (Sawmill Enterprise 8.7.9 allows remote attackers to gain login access ...) NOT-FOR-US: Sawmill Enterprise CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbou ...) - quagga 1.1.1-1 (bug #852454) [jessie] - quagga (Minor issue) [wheezy] - quagga (Minor issue) NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783 NOTE: http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt NOTE: Fixed by: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=b7ceefea77a246fe5c1dcd1b91bf6079d1b97c02 NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7d66284a5817a1613b1e4d64a0775ec04fdf8c01 CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file types ...) - b2evolution CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in a ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in prin ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5481 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 a ...) NOT-FOR-US: Trend Micro CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php in b2evo ...) - b2evolution CVE-2017-5479 RESERVED CVE-2017-5478 RESERVED CVE-2017-5477 RESERVED CVE-2017-5476 (Serendipity through 2.0.5 allows CSRF for the installation of an event ...) - serendipity CVE-2017-5475 (comment.php in Serendipity through 2.0.5 allows CSRF in deleting any c ...) - serendipity CVE-2017-5474 (Open redirect vulnerability in comment.php in Serendipity through 2.0. ...) - serendipity CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 ...) - ntopng 2.4+dfsg1-3 (bug #852109) [jessie] - ntopng (Minor issue) NOTE: https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3 NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15 CVE-2017-5472 (A use-after-free vulnerability with the frameloader during tree recons ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472 CVE-2017-5471 (Memory safety bugs were reported in Firefox 53. Some of these bugs sho ...) - firefox 54.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471 CVE-2017-5470 (Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ...) {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} - firefox 54.0-1 - firefox-esr 52.2.0esr-1 - icedove 1:52.2.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470 CVE-2017-5469 (Fixed potential buffer overflows in generated Firefox code due to CVE- ...) {DSA-3831-1 DLA-906-1} - firefox-esr 45.9.0esr-1 - firefox 52.0.1-1 CVE-2017-5468 (An issue with incorrect ownership model of "privateBrowsing" informati ...) - firefox 52.0.1-1 CVE-2017-5467 (A potential memory corruption and crash when using Skia content when d ...) - firefox 52.0.1-1 CVE-2017-5466 (If a page is loaded from an original site through a hyperlink and cont ...) - firefox 52.0.1-1 CVE-2017-5465 (An out-of-bounds read while processing SVG content in "ConvolvePixel". ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5464 (During DOM manipulations of the accessibility tree through script, the ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5463 (Android intents can be used to launch Firefox for Android in reader mo ...) - firefox (Only affects Firefox on Android) CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Services ...) {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 [experimental] - nss 2:3.30-1 - nss 2:3.26.2-1.1 (bug #862958) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462 NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5 CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...) {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 [experimental] - nss 2:3.30.1-1 - nss 2:3.26.2-1.1 (bug #862958) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a combi ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5459 (A buffer overflow in WebGL triggerable by web content, resulting in a ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5458 (When a "javascript:" URL is drag and dropped by a user into the addres ...) - firefox 52.0.1-1 CVE-2017-5457 RESERVED CVE-2017-5456 (A mechanism to bypass file system access protections in the sandbox us ...) - firefox 52.0.1-1 CVE-2017-5455 (The internal feed reader APIs that crossed the sandbox barrier allowed ...) - firefox 52.0.1-1 CVE-2017-5454 (A mechanism to bypass file system access protections in the sandbox to ...) - firefox 52.0.1-1 CVE-2017-5453 (A mechanism to inject static HTML into the RSS reader preview page due ...) - firefox 52.0.1-1 CVE-2017-5452 (Malicious sites can display a spoofed addressbar on a page when the ex ...) - firefox (Only affects Firefox on Android) CVE-2017-5451 (A mechanism to spoof the addressbar through the user interaction on th ...) - firefox 52.0.1-1 CVE-2017-5450 (A mechanism to spoof the Firefox for Android addressbar using a "javas ...) - firefox 52.0.1-1 CVE-2017-5449 (A possibly exploitable crash triggered during layout and manipulation ...) - firefox 52.0.1-1 CVE-2017-5448 (An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5447 (An out-of-bounds read during the processing of glyph widths during tex ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5446 (An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5445 (A vulnerability while parsing "application/http-index-format" format c ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5444 (A buffer overflow vulnerability while parsing "application/http-index- ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5443 (An out-of-bounds write vulnerability while decoding improperly formed ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5442 (A use-after-free vulnerability during changes in style when manipulati ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5441 (A use-after-free vulnerability when holding a selection during scroll ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5440 (A use-after-free vulnerability during XSLT processing due to a failure ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5439 (A use-after-free vulnerability during XSLT processing due to poor hand ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5438 (A use-after-free vulnerability during XSLT processing due to the resul ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5437 REJECTED CVE-2017-5436 (An out-of-bounds write in the Graphite 2 library triggered with a mali ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5435 (A use-after-free vulnerability occurs during transaction processing in ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5434 (A use-after-free vulnerability occurs when redirecting focus handling ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5433 (A use-after-free vulnerability in SMIL animation functions occurs when ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5432 (A use-after-free vulnerability occurs during certain text input select ...) {DSA-3831-1 DLA-906-1} - firefox 52.0.1-1 - firefox-esr 45.9.0esr-1 CVE-2017-5431 RESERVED CVE-2017-5430 (Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ...) - firefox 52.0.1-1 - firefox-esr (Only affects ESR52 and Firefox) CVE-2017-5429 (Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ...) {DSA-3831-1 DLA-906-1} - firefox-esr 45.9.0esr-1 - firefox 52.0.1-1 CVE-2017-5428 (An integer overflow in "createImageBitmap()" was reported through the ...) - firefox-esr (Only affects 52 ESR, which isn't packaged yet except experimental where it's fixed) - firefox 52.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428 CVE-2017-5427 (A non-existent chrome.manifest file will attempt to be loaded during s ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427 CVE-2017-5426 (On Linux, if the secure computing mode BPF (seccomp-bpf) filter is run ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426 CVE-2017-5425 (The Gecko Media Plugin sandbox allows access to local files that match ...) - firefox (Only Firefox on OS X) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425 CVE-2017-5424 RESERVED CVE-2017-5423 RESERVED CVE-2017-5422 (If a malicious site uses the "view-source:" protocol in a series withi ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422 CVE-2017-5421 (A malicious site could spoof the contents of the print preview window ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421 CVE-2017-5420 (A "javascript:" url loaded by a malicious page can obfuscate its locat ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420 CVE-2017-5419 (If a malicious site repeatedly triggers a modal authentication prompt, ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419 CVE-2017-5418 (An out of bounds read error occurs when parsing some HTTP digest autho ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418 CVE-2017-5417 (When dragging content from the primary browser pane to the addressbar ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417 CVE-2017-5416 (In certain circumstances a networking event listener can be prematurel ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416 CVE-2017-5415 (An attack can use a blob URL and script to spoof an arbitrary addressb ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415 CVE-2017-5414 (The file picker dialog can choose and display the wrong local default ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414 CVE-2017-5413 (A segmentation fault can occur during some bidirectional layout operat ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413 CVE-2017-5412 (A buffer overflow read during SVG filter color value operations, resul ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412 CVE-2017-5411 (A use-after-free can occur during buffer storage operations within the ...) - firefox (Only Firefox on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411 CVE-2017-5410 (Memory corruption resulting in a potentially exploitable crash during ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 CVE-2017-5409 (The Mozilla Windows updater can be called by a non-privileged user to ...) - firefox (Only Firefox on Windows) - firefox-esr (Only Firefox on Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409 CVE-2017-5408 (Video files loaded video captions cross-origin without checking for th ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 CVE-2017-5407 (Using SVG filters that don't use the fixed point math implementation o ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407 CVE-2017-5406 (A segmentation fault can occur in the Skia graphics library during som ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406 CVE-2017-5405 (Certain response codes in FTP connections can result in the use of uni ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 CVE-2017-5404 (A use-after-free error can occur when manipulating ranges in selection ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 CVE-2017-5403 (When adding a range to an object in the DOM, it is possible to use "ad ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403 CVE-2017-5402 (A use-after-free can occur when events are fired for a "FontFace" obje ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 CVE-2017-5401 (A crash triggerable by web content in which an "ErrorResult" reference ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 CVE-2017-5400 (JIT-spray targeting asm.js combined with a heap spray allows for a byp ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 CVE-2017-5399 (Memory safety bugs were reported in Firefox 51. Some of these bugs sho ...) - firefox 52.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399 CVE-2017-5398 (Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ...) {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} - firefox 52.0-1 - firefox-esr 45.8.0esr-1 - icedove 1:45.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 CVE-2017-5397 (The cache directory on the local file system is set to be world writab ...) - firefox (Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397 CVE-2017-5396 (A use-after-free vulnerability in the Media Decoder when working with ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396 CVE-2017-5395 (Malicious sites can display a spoofed location bar on a subsequently l ...) - firefox (Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395 CVE-2017-5394 (A location bar spoofing attack where the location bar of loaded page w ...) - firefox (Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394 CVE-2017-5393 (The "mozAddonManager" allows for the installation of extensions from t ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393 CVE-2017-5392 (Weak proxy objects have weak references on multiple threads when they ...) - firefox (Firefox on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392 CVE-2017-5391 (Special "about:" pages used by web content, such as RSS feeds, can loa ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391 CVE-2017-5390 (The JSON viewer in the Developer Tools uses insecure methods to create ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390 CVE-2017-5389 (WebExtensions could use the "mozAddonManager" API by modifying the CSP ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389 CVE-2017-5388 (A STUN server in conjunction with a large number of "webkitRTCPeerConn ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388 CVE-2017-5387 (The existence of a specifically requested local file can be found due ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387 CVE-2017-5386 (WebExtension scripts can use the "data:" protocol to affect pages load ...) {DSA-3771-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386 CVE-2017-5385 (Data sent with in multipart channels, such as the multipart/x-mixed-re ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385 CVE-2017-5384 (Proxy Auto-Config (PAC) files can specify a JavaScript function called ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384 CVE-2017-5383 (URLs containing certain unicode glyphs for alternative hyphens and quo ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383 CVE-2017-5382 (Feed preview for RSS feeds can be used to capture errors and exception ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382 CVE-2017-5381 (The "export" function in the Certificate Viewer can force local filesy ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381 CVE-2017-5380 (A potential use-after-free found through fuzzing during DOM manipulati ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380 CVE-2017-5379 (Use-after-free vulnerability in Web Animations when interacting with c ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379 CVE-2017-5378 (Hashed codes of JavaScript objects are shared between pages. This allo ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378 CVE-2017-5377 (A memory corruption vulnerability in Skia that can occur when using tr ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377 CVE-2017-5376 (Use-after-free while manipulating XSL in XSLT documents. This vulnerab ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376 CVE-2017-5375 (JIT code allocation can allow for a bypass of ASLR and DEP protections ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375 CVE-2017-5374 (Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ...) - firefox 51.0-1 - firefox-esr (Does not affect Firefox ESR) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374 CVE-2017-5373 (Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ...) {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} - firefox 51.0-1 - firefox-esr 45.7.0esr-1 - icedove 1:45.7.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5373 CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE compon ...) NOT-FOR-US: SAP CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote ...) NOT-FOR-US: SAP CVE-2017-5370 RESERVED CVE-2017-5369 RESERVED CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application ...) - zoneminder 1.30.4+dfsg-1 (bug #854733) [wheezy] - zoneminder (Too intrusive to backport) NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1822 CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link inpu ...) - zoneminder 1.30.4+dfsg-1 (bug #854733) [wheezy] - zoneminder (Minor issue) CVE-2017-5366 RESERVED CVE-2017-5365 RESERVED CVE-2017-5364 (Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an at ...) NOT-FOR-US: Foxit PDF Toolkit CVE-2017-5363 RESERVED CVE-2017-5362 RESERVED CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...) {DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1} - request-tracker4 4.4.1-4 - rt-authen-externalauth NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9 CVE-2017-5360 RESERVED CVE-2017-5359 (EasyCom SQL iPlug allows remote attackers to cause a denial of service ...) NOT-FOR-US: EasyCom CVE-2017-5358 (Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PH ...) NOT-FOR-US: EasyCom CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...) - linux 4.8.15-1 [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9) CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...) - tikiwiki CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...) NOTE: Generic IPv6 issue CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) NOT-FOR-US: BLU CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with ...) NOT-FOR-US: BLU CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) NOT-FOR-US: BLU CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) NOT-FOR-US: BLU CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset with L(5.0 ...) NOT-FOR-US: LG CVE-2017-5505 (The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows rem ...) - jasper (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c NOTE: https://github.com/mdadams/jasper/issues/88 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-5504 (The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.2 ...) - jasper (unimportant) NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c NOTE: https://github.com/mdadams/jasper/issues/89 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-5503 (The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900. ...) - jasper (Vulnerable code introduced later) NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c NOTE: https://github.com/mdadams/jasper/issues/90 CVE-2017-5502 (libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...) - jasper (unimportant) NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ NOTE: https://github.com/mdadams/jasper/issues/76 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-5501 (Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...) - jasper (unimportant) NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ NOTE: https://github.com/mdadams/jasper/issues/70 NOTE: Only crashes with debug builds using ubsan CVE-2017-5500 (libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...) - jasper (unimportant) NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ NOTE: https://github.com/mdadams/jasper/issues/64 CVE-2017-5499 (Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...) - jasper (unimportant) NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ NOTE: https://github.com/mdadams/jasper/issues/63 NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service CVE-2017-5498 (libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote a ...) - jasper (unimportant) NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ NOTE: https://github.com/mdadams/jasper/issues/62 CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allows re ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851383) NOTE: https://github.com/ImageMagick/ImageMagick/issues/354 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x befo ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851382) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ImageMa ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851381) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4 CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ImageM ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.0+dfsg-2 (bug #851380) NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists ...) {DLA-806-1} - zoneminder 1.30.4+dfsg-1 (bug #851710) NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697 NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63 NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4 CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) - imagemagick 8:6.9.7.4+dfsg-1 (bug #851377) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/350 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851376) NOTE: https://github.com/ImageMagick/ImageMagick/issues/348 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9 CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851374) NOTE: https://github.com/ImageMagick/ImageMagick/issues/347 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790 CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851485) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...) {DSA-3799-1 DLA-807-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #851483) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9 NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...) - wordpress 4.7.1+dfsg-1 (bug #851310) [jessie] - wordpress (vulnerable code not present) [wheezy] - wordpress (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8715 NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60 CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8716 NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8717 CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8718 NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359 CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8719 NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8720 NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...) {DSA-3779-1 DLA-813-1} - wordpress 4.7.1+dfsg-1 (bug #851310) NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 NOTE: https://wpvulndb.com/vulnerabilities/8721 NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of servi ...) {DLA-1217-1} - irssi 0.8.21-1 (low) [jessie] - irssi 0.8.17-1+deb8u3 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5355 RESERVED CVE-2017-5354 RESERVED CVE-2017-5353 RESERVED CVE-2017-5352 RESERVED CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software all ...) NOT-FOR-US: Samsung CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allo ...) NOT-FOR-US: Samsung CVE-2017-5349 RESERVED CVE-2017-5348 RESERVED CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php in GeniX ...) NOT-FOR-US: GeniXMS CVE-2017-5346 (SQL injection vulnerability in inc/lib/Control/Backend/posts.control.p ...) NOT-FOR-US: GeniXMS CVE-2017-5345 (SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control. ...) NOT-FOR-US: GeniXMS CVE-2017-5344 (An issue was discovered in dotCMS through 3.6.1. The findChildrenByFil ...) NOT-FOR-US: dotCMS CVE-2017-5343 RESERVED CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, G ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print- ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...) - mujs (Fixed before initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697448 CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...) - mujs (Fixed before initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697401 CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...) - mujs (Fixed before initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697381 CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...) - codeigniter (bug #471583) CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...) - ed (Vulnerable code not present, cf #851159) NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/5 NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream NOTE: changed a malloc'ed buffer for a static one. NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local u ...) NOT-FOR-US: Palo Alto Networks Terminal Services Agent CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows attacke ...) NOT-FOR-US: Palo Alto Networks Terminal Services Agent CVE-2017-5327 RESERVED CVE-2017-5326 RESERVED CVE-2017-5325 RESERVED CVE-2017-5324 RESERVED CVE-2017-5323 RESERVED CVE-2017-5322 RESERVED CVE-2017-5321 RESERVED CVE-2017-5320 RESERVED CVE-2017-5319 RESERVED CVE-2017-5318 RESERVED CVE-2017-5317 RESERVED CVE-2017-5316 RESERVED CVE-2017-5315 RESERVED CVE-2017-5314 RESERVED CVE-2017-5313 RESERVED CVE-2017-5312 RESERVED CVE-2017-5311 RESERVED CVE-2017-5310 RESERVED CVE-2017-5309 RESERVED CVE-2017-5308 RESERVED CVE-2017-5307 RESERVED CVE-2017-5306 RESERVED CVE-2017-5305 RESERVED CVE-2017-5304 RESERVED CVE-2017-5303 RESERVED CVE-2017-5302 RESERVED CVE-2017-5301 RESERVED CVE-2017-5300 RESERVED CVE-2017-5299 RESERVED CVE-2017-5298 RESERVED CVE-2017-5297 RESERVED CVE-2017-5296 RESERVED CVE-2017-5295 RESERVED CVE-2017-5294 RESERVED CVE-2017-5293 RESERVED CVE-2017-5292 RESERVED CVE-2017-5291 RESERVED CVE-2017-5290 RESERVED CVE-2017-5289 RESERVED CVE-2017-5288 RESERVED CVE-2017-5287 RESERVED CVE-2017-5286 RESERVED CVE-2017-5285 RESERVED CVE-2017-5284 RESERVED CVE-2017-5283 RESERVED CVE-2017-5282 RESERVED CVE-2017-5281 RESERVED CVE-2017-5280 RESERVED CVE-2017-5279 RESERVED CVE-2017-5278 RESERVED CVE-2017-5277 RESERVED CVE-2017-5276 RESERVED CVE-2017-5275 RESERVED CVE-2017-5274 RESERVED CVE-2017-5273 RESERVED CVE-2017-5272 RESERVED CVE-2017-5271 RESERVED CVE-2017-5270 RESERVED CVE-2017-5269 RESERVED CVE-2017-5268 RESERVED CVE-2017-5267 RESERVED CVE-2017-5266 RESERVED CVE-2017-5265 RESERVED CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate the so ...) NOT-FOR-US: Nexpose CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack ...) NOT-FOR-US: Cambium Networks cnPilot firmware CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...) NOT-FOR-US: Cambium Networks cnPilot firmware CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...) NOT-FOR-US: Cambium Networks cnPilot firmware CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...) NOT-FOR-US: Cambium Networks cnPilot firmware CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...) NOT-FOR-US: Cambium Networks cnPilot firmware CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...) NOT-FOR-US: Cambium Networks ePMP firmware CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...) NOT-FOR-US: Cambium Networks ePMP firmware CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all authen ...) NOT-FOR-US: Cambium Networks ePMP firmware CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of ...) NOT-FOR-US: Cambium Networks ePMP firmware CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the non-ad ...) NOT-FOR-US: Cambium Networks ePMP firmware CVE-2017-5253 RESERVED CVE-2017-5252 RESERVED CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio transmis ...) NOT-FOR-US: Insteon CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, t ...) NOT-FOR-US: Insteon CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...) NOT-FOR-US: Wink CVE-2017-5248 RESERVED CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in t ...) NOT-FOR-US: Biscom Secure File Transfer CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression inje ...) NOT-FOR-US: Biscom Secure File Transfer CVE-2017-5245 REJECTED CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones o ...) NOT-FOR-US: Metasploit CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances sh ...) NOT-FOR-US: Rapid7 Nexpose hardware appliances CVE-2017-5242 (Nexpose and InsightVM virtual appliances downloaded between April 5th, ...) NOT-FOR-US: Nexpose and InsightVM virtual appliances CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...) NOT-FOR-US: Biscom Secure File Transfer CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...) NOT-FOR-US: Rapid7 AppSpider Pro CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive infor ...) NOT-FOR-US: Eview GPS trackers CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields f ...) NOT-FOR-US: Eview GPS trackers CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...) NOT-FOR-US: Eview GPS trackers CVE-2017-5236 (Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 ...) NOT-FOR-US: Rapid7 AppSpider Pro CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 co ...) NOT-FOR-US: Rapid7 CVE-2017-5234 (Rapid7 Insight Collector installers prior to version 1.0.16 contain a ...) NOT-FOR-US: Rapid7 CVE-2017-5233 (Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DL ...) NOT-FOR-US: Rapid7 CVE-2017-5232 (All editions of Rapid7 Nexpose installers prior to version 6.4.24 cont ...) NOT-FOR-US: Rapid7 CVE-2017-5231 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) NOT-FOR-US: Rapid7 CVE-2017-5230 (The Java keystore in all versions and editions of Rapid7 Nexpose prior ...) NOT-FOR-US: Rapid7 CVE-2017-5229 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) NOT-FOR-US: Rapid7 CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) NOT-FOR-US: Rapid7 CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sens ...) NOT-FOR-US: QNAP CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the t ...) {DSA-3844-1 DLA-795-1} - tiff 4.0.7-5 (bug #851297) NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2657 CVE-2017-5224 RESERVED CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTM ...) {DLA-1591-1 DLA-817-1} - libphp-phpmailer 5.2.14+dfsg-2.3 (bug #853232) NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 (v5.2.22) NOTE: http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/ CVE-2017-5222 RESERVED CVE-2017-5221 RESERVED CVE-2017-5220 RESERVED CVE-2017-5219 (An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component M ...) NOT-FOR-US: SageCRM CVE-2017-5218 (A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. Th ...) NOT-FOR-US: SageCRM CVE-2017-5217 (Installing a zero-permission Android application on certain Samsung An ...) NOT-FOR-US: Samsung CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control vers ...) NOT-FOR-US: Netop Remote Control CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) NOT-FOR-US: Joomla extension CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) NOT-FOR-US: Joomla extension CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...) NOT-FOR-US: Open-Xchange GmbH OX App Suite CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...) {DLA-2168-1 DLA-811-1} - libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196) NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84 NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in pri ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in prin ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...) {DSA-3775-1 DLA-809-1} - tcpdump 4.9.0-1 CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow rem ...) NOT-FOR-US: NetApp CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...) - salt 2016.11.2+ds-1 [jessie] - salt (Vulnerable code not present) NOTE: https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e CVE-2017-5339 REJECTED CVE-2017-5338 REJECTED CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...) - libgit2 0.25.1+really0.24.6-1 (bug #851406) [jessie] - libgit2 (Vulnerable code not present) [experimental] - cargo 0.17.0-1~exp1 - cargo 0.17.0-1 (bug #860990) NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1) NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6) CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ...) - libgit2 0.25.1+really0.24.6-1 (bug #851406) [jessie] - libgit2 (Minor issue) [experimental] - cargo 0.17.0-1~exp1 - cargo 0.17.0-1 (bug #860990) NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1) NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6) CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in transports/smart ...) - libgit2 0.25.1+really0.24.6-1 (bug #851406) [jessie] - libgit2 (Minor issue) [experimental] - cargo 0.17.0-1~exp1 - cargo 0.17.0-1 (bug #860990) NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1) NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6) CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0. ...) NOT-FOR-US: Splunk CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...) NOT-FOR-US: D-Link CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...) - python-pysaml2 (unimportant; bug #859135) NOTE: https://github.com/rohe/pysaml2/issues/366 NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12 NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE) CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...) {DSA-3759-1} - python-pysaml2 3.0.0-5 (bug #850716) NOTE: https://github.com/rohe/pysaml2/pull/379 NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b CVE-2017-XXXX [multiple new security issues] - w3m 0.5.3-34 (bug #850432) [jessie] - w3m 0.5.3-19+deb8u2 [wheezy] - w3m (Minor issues) CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ...) {DSA-3802-1} - zabbix 1:3.0.4+dfsg-1 (bug #850936) NOTE: https://support.zabbix.com/browse/ZBX-11023 NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/4 CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...) - gnutls28 3.5.8-1 [jessie] - gnutls28 3.3.8-6+deb8u5 - gnutls26 [wheezy] - gnutls26 (Minor issue) NOTE: OpenPGP-related issue NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/op ...) - gnutls28 3.5.8-1 [jessie] - gnutls28 3.3.8-6+deb8u5 - gnutls26 [wheezy] - gnutls26 (Minor issue) NOTE: OpenPGP-related issue NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732 CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS be ...) - gnutls28 3.5.8-1 [jessie] - gnutls28 3.3.8-6+deb8u5 - gnutls26 [wheezy] - gnutls26 (Minor issue) NOTE: OpenPGP-related issue NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...) - gnutls28 3.5.8-1 [jessie] - gnutls28 3.3.8-6+deb8u5 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1 NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitrary c ...) - ark 4:16.08.3-2 (bug #850874) [jessie] - ark (Vulnerable code introduced later) [wheezy] - ark (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/KDE/ark/commit/82fdfd24d46966a117fa625b68784735a40f9065 NOTE: "Open File" action introduced in https://github.com/KDE/ark/commit/f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80) CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...) - bubblewrap 0.1.5-2 (bug #850702) NOTE: https://github.com/projectatomic/bubblewrap/issues/142 CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows loc ...) - firejail 0.9.44.4-1 (bug #850528) NOTE: https://github.com/netblue30/firejail/issues/1023 NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc NOTE: https://www.openwall.com/lists/oss-security/2017/01/07/3 CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, a ...) - firejail 0.9.44.4-1 (bug #850558) NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allo ...) NOT-FOR-US: SolarWinds LEM CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configura ...) NOT-FOR-US: SolarWinds LEM CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...) NOT-FOR-US: SilverStripe CVE-2017-5192 (When using the local_batch client from salt-api in SaltStack Salt befo ...) - salt 2016.11.2+ds-1 [jessie] - salt (Vulnerable code not present) CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when c ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a Java appl ...) NOT-FOR-US: NetIQ iManager CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed rela ...) - open-build-service 2.7.4-3 (low; bug #900133) [stretch] - open-build-service (Minor issue) NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661 (2.7.x) NOTE: https://github.com/openSUSE/open-build-service/commit/8595d06570ded81d8514c8c5a147b250541bf388 (2.9.x) NOTE: A followup https://bugzilla.suse.com/show_bug.cgi?id=1029824 shows NOTE: it might be wise to disallow as well other types (devices, sockets, NOTE: directories, symlinks, ...) and needs: NOTE: https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Serv ...) NOT-FOR-US: Micro Focus CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0. ...) NOT-FOR-US: Novell iManager CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...) NOT-FOR-US: NetIQ Sentinel CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...) NOT-FOR-US: NetIQ Sentinel CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...) NOT-FOR-US: NetIQ Access Manager CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...) NOT-FOR-US: Open Enterprise Server CVE-2017-5181 REJECTED CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial o ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi (Affects only 0.8.18 and later) [wheezy] - irssi (Affects only 0.8.18 and later) NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial o ...) - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 [wheezy] - irssi (Affects only 0.8.17 and later) NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote atta ...) {DLA-1217-1} - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...) {DLA-1217-1} - irssi 0.8.21-1 (bug #850403) [jessie] - irssi 0.8.17-1+deb8u3 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d NOTE: https://irssi.org/security/irssi_sa_2017_01.txt CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...) NOT-FOR-US: Nessus CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop V ...) NOT-FOR-US: Schneider CVE-2017-5177 (A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 ...) NOT-FOR-US: VIPA Controls WinPLC7 CVE-2017-5176 (A DLL Hijack issue was discovered in Rockwell Automation Connected Com ...) NOT-FOR-US: Rockwell Automation Connected Components Workbench CVE-2017-5175 (Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerabi ...) NOT-FOR-US: Advantech WebAccess CVE-2017-5174 (An Authentication Bypass issue was discovered in Geutebruck IP Camera ...) NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250 CVE-2017-5173 (An Improper Neutralization of Special Elements (in an OS command) issu ...) NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250 CVE-2017-5172 RESERVED CVE-2017-5171 RESERVED CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa SoftN ...) NOT-FOR-US: Moxa CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...) NOT-FOR-US: Hanwha Techwin CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...) NOT-FOR-US: Hanwha Techwin CVE-2017-5167 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) NOT-FOR-US: BINOM3 CVE-2017-5166 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) NOT-FOR-US: BINOM3 CVE-2017-5165 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) NOT-FOR-US: BINOM3 CVE-2017-5164 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) NOT-FOR-US: BINOM3 CVE-2017-5163 (An issue was discovered in Belden Hirschmann GECKO Lite Managed switch ...) NOT-FOR-US: Belden Hirschmann CVE-2017-5162 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) NOT-FOR-US: BINOM3 CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, ...) NOT-FOR-US: Sielco Sistemi CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider El ...) NOT-FOR-US: Schneider Electric CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have be ...) NOT-FOR-US: Phoenix Contact mGuard CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric Won ...) NOT-FOR-US: Schneider Electric CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, LSS ...) NOT-FOR-US: Schneider CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electri ...) NOT-FOR-US: Schneider Electric CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 201 ...) NOT-FOR-US: Schneider CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...) NOT-FOR-US: Advantech WebAccess CVE-2017-5153 (An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier ve ...) NOT-FOR-US: OSIsoft PI Coresight CVE-2017-5152 (An issue was discovered in Advantech WebAccess Version 8.1. By accessi ...) NOT-FOR-US: Advantech WebAccess CVE-2017-5151 (An issue was discovered in VideoInsight Web Client Version 6.3.5.11 an ...) NOT-FOR-US: VideoInsight Web Client CVE-2017-5150 RESERVED CVE-2017-5149 (An issue was discovered in St. Jude Medical Merlin@home, versions prio ...) NOT-FOR-US: St. Jude Medical Merlin@home CVE-2017-5148 RESERVED CVE-2017-5147 (An Uncontrolled Search Path Element issue was discovered in AzeoTech D ...) NOT-FOR-US: AzeoTech DAQFactory CVE-2017-5146 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) NOT-FOR-US: Carlo Gavazzi CVE-2017-5145 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) NOT-FOR-US: Carlo Gavazzi CVE-2017-5144 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) NOT-FOR-US: Carlo Gavazzi CVE-2017-5143 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) NOT-FOR-US: Honeywell CVE-2017-5142 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) NOT-FOR-US: Honeywell CVE-2017-5141 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) NOT-FOR-US: Honeywell CVE-2017-5140 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) NOT-FOR-US: Honeywell CVE-2017-5139 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) NOT-FOR-US: Honeywell CVE-2017-5138 RESERVED CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) NOT-FOR-US: SendQuick Entera and Avera devices CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) NOT-FOR-US: SendQuick Entera and Avera devices CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...) - lxc 1:2.0.0-1 [jessie] - lxc (Minor issue) [wheezy] - lxc (Minor issue) NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6 NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2) CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...) - firejail 0.9.38-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1) CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...) - firejail 0.9.44.2-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2) NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2) CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...) - firejail 0.9.38-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38) CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...) - firejail 0.9.38-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1) CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local ...) - firejail 0.9.38-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38) CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot ...) - firejail 0.9.44.2-1 (low) NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2) CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...) - firejail 0.9.38-1 NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1) CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo ...) NOT-FOR-US: NETGEAR CVE-2016-10115 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo ...) NOT-FOR-US: NETGEAR CVE-2016-10114 (SQL injection vulnerability in the "aWeb Cart Watching System for Virt ...) NOT-FOR-US: Joomla extension CVE-2016-10113 RESERVED CVE-2016-10112 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...) NOT-FOR-US: WordPress plugin woocommerce CVE-2016-10111 RESERVED CVE-2016-10110 RESERVED CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...) - firejail 0.9.44.2-3 (bug #850160) NOTE: https://www.openwall.com/lists/oss-security/2017/01/04/1 NOTE: https://github.com/netblue30/firejail/issues/1020 CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, possib ...) NOT-FOR-US: Technicolor CVE-2017-5134 RESERVED CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to 6 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 all ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...) {DLA-2972-1 DLA-1188-1} - libxml2 2.9.4+dfsg1-5.1 (bug #880000) [jessie] - libxml2 (Minor issue) - chromium-browser 62.0.3202.75-1 (unimportant) NOTE: chromium-browser uses system libxml2. NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public) NOTE: xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc. NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/897dffbae322b46b83f99a607d527058a72c51ed NOTE: Needs follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ed48d65b4d6c5cec7be035ad5eebeba873b4b955 CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3 ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 a ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowe ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allo ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 al ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...) {DSA-4020-1} - chromium-browser 62.0.3202.75-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...) - linux 4.13.4-2 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/96ca579a1ecc943b75beba58bebb0356f6cc4b51 CVE-2017-5122 (Inappropriate use of table size handling in V8 in Google Chrome prior ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5121 (Inappropriate use of JIT optimisation in V8 in Google Chrome prior to ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5120 (Inappropriate use of www mismatch redirects in browser navigation in G ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5119 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5118 (Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Lin ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5117 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5116 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, W ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5115 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Window ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5114 (Inappropriate use of partition alloc in PDFium in Google Chrome prior ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5113 (Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5112 (Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 f ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5111 (A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for ...) {DSA-3985-1} - chromium-browser 61.0.3163.100-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5110 (Inappropriate implementation of the web payments API on blob: and data ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5109 (Inappropriate implementation of unload handler handling in permission ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5108 (Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Ma ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5107 (A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.7 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5106 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5105 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5104 (Inappropriate implementation in interstitials in Google Chrome prior t ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5103 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5102 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5101 (Inappropriate implementation in Omnibox in Google Chrome prior to 60.0 ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5100 (A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Wi ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5099 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5098 (A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5097 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5096 (Insufficient policy enforcement during navigation between different sc ...) - chromium-browser (Android-specific) CVE-2017-5095 (Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Li ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5094 (Type confusion in extensions JavaScript bindings in Google Chrome prio ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5093 (Inappropriate implementation in modal dialog handling in Blink in Goog ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5092 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5091 (A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 f ...) {DSA-3926-1} - chromium-browser 60.0.3112.78-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5090 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) - chromium-browser (Chrome on Mac) CVE-2017-5089 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5088 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5087 (A use after free in Blink in Google Chrome prior to 59.0.3071.104 for ...) {DSA-3926-1} - chromium-browser 59.0.3071.104-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5086 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5085 (Inappropriate implementation in Bookmarks in Google Chrome prior to 59 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5084 (Inappropriate implementation in image-burner in Google Chrome OS prior ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5083 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5082 (Failure to take advantage of available mitigations in credit card auto ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5081 (Lack of verification of an extension's locale folder in Google Chrome ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5080 (A use after free in credit card autofill in Google Chrome prior to 59. ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5079 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5078 (Insufficient validation of untrusted input in Blink's mailto: handling ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5077 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5076 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5075 (Inappropriate implementation in CSP reporting in Blink in Google Chrom ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5074 (A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5073 (Use after free in print preview in Blink in Google Chrome prior to 59. ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5072 (Inappropriate implementation in Omnibox in Google Chrome prior to 59.0 ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5071 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5070 (Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, ...) - chromium-browser 59.0.3071.86-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5069 (Incorrect MIME type of XSS-Protection reports in Blink in Google Chrom ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5068 (Incorrect handling of picture ID in WebRTC in Google Chrome prior to 5 ...) - chromium-browser 58.0.3029.96-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5067 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5066 (Insufficient consistency checks in signature handling in the networkin ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5065 (Lack of an appropriate action on page navigation in Blink in Google Ch ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5064 (Incorrect handling of DOM changes in Blink in Google Chrome prior to 5 ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5063 (A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5062 (A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5061 (A race condition in navigation in Google Chrome prior to 58.0.3029.81 ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5060 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5059 (Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Lin ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5058 (A use after free in PrintPreview in Google Chrome prior to 58.0.3029.8 ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5057 (Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Ma ...) - chromium-browser 58.0.3029.81-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5056 (A use after free in Blink in Google Chrome prior to 57.0.2987.133 for ...) - chromium-browser 57.0.2987.133-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5055 (A use after free in printing in Google Chrome prior to 57.0.2987.133 f ...) - chromium-browser 57.0.2987.133-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5054 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...) - chromium-browser 57.0.2987.133-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5053 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...) - chromium-browser 57.0.2987.133-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5052 (An incorrect assumption about block structure in Blink in Google Chrom ...) - chromium-browser 57.0.2987.133-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) - chromium-browser 57.0.2987.98-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: https://codereview.chromium.org/2654913002 CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) - chromium-browser 57.0.2987.98-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: https://codereview.chromium.org/2654913002 CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) - chromium-browser 57.0.2987.98-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: https://codereview.chromium.org/2654913002 CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) - chromium-browser 57.0.2987.98-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: https://codereview.chromium.org/2654913002 CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) - chromium-browser 57.0.2987.98-1 [jessie] - chromium-browser (End of life, see DSA 4020) [wheezy] - chromium-browser (Not supported in Wheezy) NOTE: https://codereview.chromium.org/2654913002 CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, a ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google Chrome pri ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linu ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race con ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Lin ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be mad ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for W ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome prior to ...) {DSA-3810-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29, as us ...) {DSA-3810-1 DLA-866-1} - chromium-browser 57.0.2987.98-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libxslt 1.1.29-2.1 (bug #858546) [jessie] - libxslt 1.1.28-2+deb8u3 NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 CVE-2017-5028 (Insufficient data validation in V8 in Google Chrome prior to 56.0.2924 ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5026 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5025 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) {DSA-3776-1} - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser (Not supported in Wheezy) - ffmpeg 7:3.2.4-1 CVE-2017-5024 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) {DSA-3776-1} - chromium-browser 44.0.2403.157-1 [wheezy] - chromium-browser (Not supported in Wheezy) - ffmpeg 7:3.2.4-1 CVE-2017-5023 (Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5022 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5021 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5020 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5019 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5018 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5017 (Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5016 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5015 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5014 (Heap buffer overflow during image processing in Skia in Google Chrome ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5013 (Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5012 (A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 fo ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2017-5011 (Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitiz ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5010 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5009 (WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5008 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5007 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5006 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) {DSA-3776-1} - chromium-browser 56.0.2924.76-3 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-5005 (Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 ...) NOT-FOR-US: Quickheal CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the Western ...) NOT-FOR-US: Western Digital MyCloud NAS CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the Western ...) NOT-FOR-US: Western Digital MyCloud NAS CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR ...) NOT-FOR-US: NETGEAR devices CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...) - piwigo CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software' ...) NOT-FOR-US: Hitek CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek So ...) NOT-FOR-US: Hitek CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when encry ...) NOT-FOR-US: Hitek CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...) NOT-FOR-US: Hitek CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate arc ...) - borgbackup 1.0.9-1 NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic pro ...) - borgbackup 1.0.9-1 NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability CVE-2017-5333 (Integer overflow in the extract_group_icon_cursor_resource function in ...) {DSA-3765-1 DLA-789-1} - icoutils 0.31.1-1 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a" NOTE: http://seclists.org/oss-sec/2017/q1/56 CVE-2017-5332 (The extract_group_icon_cursor_resource in wrestool/extract.c in icouti ...) {DSA-3765-1 DLA-789-1} - icoutils 0.31.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4 NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a." CVE-2017-5331 (Integer overflow in the check_offset function in b/wrestool/fileread.c ...) {DSA-3765-1 DLA-789-1} - icoutils 0.31.1-1 NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4 CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 all ...) {DSA-3756-1 DLA-789-1} - icoutils 0.31.0-4 (bug #850017) NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173 NOTE: https://www.openwall.com/lists/oss-security/2017/01/08/1 CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...) - php7.1 7.1.1-1 (bug #852022) - php7.0 7.0.15-1 (bug #850158) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73832 NOTE: Fixed in PHP 7.1.1, 7.0.15 CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remot ...) {DSA-3752-1 DLA-778-1} - pcsc-lite 1.8.20-1 NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22 NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b NOTE: https://www.openwall.com/lists/oss-security/2017/01/03/2 CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) NOT-FOR-US: SendQuick Entera and Avera devices CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...) NOT-FOR-US: OpenAM CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...) NOT-FOR-US: GenixCMS CVE-2016-10090 RESERVED CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service De ...) NOT-FOR-US: CA Service Desk Manager CVE-2017-5004 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...) NOT-FOR-US: RSA Identity Governance and Lifecycle CVE-2017-5003 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...) NOT-FOR-US: RSA Identity Governance and Lifecycle CVE-2017-5002 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) NOT-FOR-US: EMC CVE-2017-5001 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) NOT-FOR-US: EMC CVE-2017-5000 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) NOT-FOR-US: EMC CVE-2017-4999 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) NOT-FOR-US: EMC CVE-2017-4998 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) NOT-FOR-US: EMC CVE-2017-4997 (EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an un ...) NOT-FOR-US: EMC CVE-2017-4996 REJECTED CVE-2017-4995 (An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE throu ...) - libspring-security-java (bug #582181) NOTE: https://pivotal.io/security/cve-2017-4995 CVE-2017-4994 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4993 REJECTED CVE-2017-4992 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-23 ...) NOT-FOR-US: EMC CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-3 ...) NOT-FOR-US: EMC CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is a ...) NOT-FOR-US: EMC CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) NOT-FOR-US: EMC CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...) NOT-FOR-US: EMC CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) NOT-FOR-US: EMC CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) NOT-FOR-US: EMC CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1 ...) NOT-FOR-US: EMC Data Domain OS CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1 ...) NOT-FOR-US: EMC Mainframe CVE-2017-4981 (EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper cert ...) NOT-FOR-US: EMC CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that ma ...) NOT-FOR-US: EMC CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2 ...) NOT-FOR-US: EMC CVE-2017-4978 (EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 ...) NOT-FOR-US: EMC CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified Collect ...) NOT-FOR-US: EMC CVE-2017-4976 (EMC ESRS Policy Manager prior to 6.8 contains an undocumented account ...) NOT-FOR-US: EMC CVE-2017-4975 (An issue was discovered in Pivotal PCF Tile Generator versions prior t ...) NOT-FOR-US: Pivotal PCF Tile Generator CVE-2017-4974 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4973 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4972 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry CVE-2017-4971 (An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Appl ...) NOT-FOR-US: Spring Web Flow CVE-2017-4970 (An issue was discovered in Cloud Foundry Foundation cf-release v255 an ...) NOT-FOR-US: Cloud Foundry CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v25 ...) NOT-FOR-US: Cloud Foundry CVE-2017-4968 REJECTED CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) [jessie] - rabbitmq-server (Minor issue) [wheezy] - rabbitmq-server (Minor issue) CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) [jessie] - rabbitmq-server (Vulnerable code introduced later) [wheezy] - rabbitmq-server (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9) NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0) CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) {DLA-2710-1} - rabbitmq-server 3.6.10-1 (low; bug #863586) [jessie] - rabbitmq-server (Minor issue) [wheezy] - rabbitmq-server (Minor issue) CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...) NOT-FOR-US: Cloud Foundry CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry rele ...) NOT-FOR-US: Cloud Foundry CVE-2017-4962 REJECTED CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...) NOT-FOR-US: Cloud Foundry CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UA ...) NOT-FOR-US: Cloud Foundry CVE-2017-4959 (An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions ...) NOT-FOR-US: Pivotal PCF Elastic Runtime CVE-2017-4958 REJECTED CVE-2017-4957 REJECTED CVE-2017-4956 REJECTED CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...) NOT-FOR-US: Pivotal PCF Elastic Runtime CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in tif_dir. ...) {DLA-984-1 DLA-983-1} - tiff 4.0.8-2 (bug #850316) [jessie] - tiff 4.0.3-12.3+deb8u4 - tiff3 NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit NOTE: While the _TIFFVGetField function is a generic function, CVE IDs seem to be NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095 refers to the NOTE: tiffsplit tool NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625 NOTE: Fixes as per http://bugzilla.maptools.org/show_bug.cgi?id=2580 CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools ...) {DSA-3762-1} - tiff 4.0.7-4 [wheezy] - tiff (vulnerable code introduced later) - tiff3 (vulnerable code introduced later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9 ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (libtiff-tools not shipped by this source package) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-2 - tiff3 [wheezy] - tiff3 (libtiff-tools not shipped by this source package) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote att ...) - unrtf 0.21.9-clean-3 (bug #849705) [jessie] - unrtf 0.21.5-3+deb8u1 [wheezy] - unrtf (Minor issue) NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote authenticate ...) - piwigo CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenti ...) - piwigo CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo ...) - piwigo CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through 2.0.5 is vu ...) - serendipity CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...) - shutter 0.93.1-1.3 (bug #849777) [jessie] - shutter 0.92-0.1+deb8u2 [wheezy] - shutter (Minor issue) NOTE: https://bugs.launchpad.net/shutter/+bug/1652600 CVE-2016-10080 RESERVED CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...) NOT-FOR-US: SAPlpd CVE-2016-10078 RESERVED CVE-2016-10077 RESERVED CVE-2016-10076 RESERVED CVE-2017-4954 RESERVED CVE-2017-4953 RESERVED CVE-2017-4952 (VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR ...) NOT-FOR-US: VMware Xenon CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) co ...) NOT-FOR-US: VMware AirWatch Console CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow vulnerabilit ...) NOT-FOR-US: VMware CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...) NOT-FOR-US: VMware CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Clie ...) NOT-FOR-US: VMware CVE-2017-4947 (VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Contai ...) NOT-FOR-US: VMware Realize Automation CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a pr ...) NOT-FOR-US: VMware CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...) NOT-FOR-US: VMware CVE-2017-4944 RESERVED CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...) NOT-FOR-US: VMware CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control vulnera ...) NOT-FOR-US: VMware CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG ...) NOT-FOR-US: VMware CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...) NOT-FOR-US: VMware CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL hijac ...) NOT-FOR-US: VMware CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) NOT-FOR-US: VMware CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) NOT-FOR-US: VMware CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) NOT-FOR-US: VMware CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) NOT-FOR-US: VMware CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) NOT-FOR-US: VMware CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x befor ...) NOT-FOR-US: VMware CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnera ...) NOT-FOR-US: VMware CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...) NOT-FOR-US: VMware CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...) NOT-FOR-US: VMware CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...) NOT-FOR-US: VMware CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...) NOT-FOR-US: VMware CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) d ...) NOT-FOR-US: VMware CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability t ...) NOT-FOR-US: VMware CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without p ...) NOT-FOR-US: VMware CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...) NOT-FOR-US: VMware CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...) NOT-FOR-US: VMware CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...) NOT-FOR-US: VMware CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure libra ...) NOT-FOR-US: VMware CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x pri ...) NOT-FOR-US: VMware CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...) NOT-FOR-US: VMware vCenter Server CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...) NOT-FOR-US: VMware CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x lo ...) NOT-FOR-US: VMware CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference vuln ...) NOT-FOR-US: VMware CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading vul ...) NOT-FOR-US: VMware CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x co ...) NOT-FOR-US: VMware CVE-2017-4913 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4912 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4911 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4910 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4909 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4908 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) NOT-FOR-US: VMware CVE-2017-4907 (VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and ...) NOT-FOR-US: VMware CVE-2017-4906 RESERVED CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...) NOT-FOR-US: VMware CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410 ...) NOT-FOR-US: VMware CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...) NOT-FOR-US: VMware CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without pat ...) NOT-FOR-US: VMware CVE-2017-4901 (The drag-and-drop (DnD) function in VMware Workstation 12.x before ver ...) NOT-FOR-US: VMware CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL point ...) NOT-FOR-US: VMware CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security v ...) NOT-FOR-US: VMware CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loadin ...) NOT-FOR-US: VMware CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists ...) NOT-FOR-US: VMware Horizon DaaS CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a r ...) NOT-FOR-US: Airwatch Inbox for Android CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a d ...) NOT-FOR-US: Airwatch Inbox for Android CVE-2017-4894 REJECTED CVE-2017-4893 REJECTED CVE-2017-4892 REJECTED CVE-2017-4891 REJECTED CVE-2017-4890 REJECTED CVE-2017-4889 REJECTED CVE-2017-4888 REJECTED CVE-2017-4887 REJECTED CVE-2017-4886 REJECTED CVE-2017-4885 REJECTED CVE-2017-4884 REJECTED CVE-2017-4883 REJECTED CVE-2017-4882 REJECTED CVE-2017-4881 REJECTED CVE-2017-4880 REJECTED CVE-2017-4879 REJECTED CVE-2017-4878 REJECTED CVE-2017-4877 REJECTED CVE-2017-4876 REJECTED CVE-2017-4875 REJECTED CVE-2017-4874 REJECTED CVE-2017-4873 REJECTED CVE-2017-4872 REJECTED CVE-2017-4871 REJECTED CVE-2017-4870 REJECTED CVE-2017-4869 REJECTED CVE-2017-4868 REJECTED CVE-2017-4867 REJECTED CVE-2017-4866 REJECTED CVE-2017-4865 REJECTED CVE-2017-4864 REJECTED CVE-2017-4863 REJECTED CVE-2017-4862 REJECTED CVE-2017-4861 REJECTED CVE-2017-4860 REJECTED CVE-2017-4859 REJECTED CVE-2017-4858 REJECTED CVE-2017-4857 REJECTED CVE-2017-4856 REJECTED CVE-2017-4855 REJECTED CVE-2017-4854 REJECTED CVE-2017-4853 REJECTED CVE-2017-4852 REJECTED CVE-2017-4851 REJECTED CVE-2017-4850 REJECTED CVE-2017-4849 REJECTED CVE-2017-4848 REJECTED CVE-2017-4847 REJECTED CVE-2017-4846 REJECTED CVE-2017-4845 REJECTED CVE-2017-4844 REJECTED CVE-2017-4843 REJECTED CVE-2017-4842 REJECTED CVE-2017-4841 REJECTED CVE-2017-4840 REJECTED CVE-2017-4839 REJECTED CVE-2017-4838 REJECTED CVE-2017-4837 REJECTED CVE-2017-4836 REJECTED CVE-2017-4835 REJECTED CVE-2017-4834 REJECTED CVE-2017-4833 REJECTED CVE-2017-4832 REJECTED CVE-2017-4831 REJECTED CVE-2017-4830 REJECTED CVE-2017-4829 REJECTED CVE-2017-4828 REJECTED CVE-2017-4827 REJECTED CVE-2017-4826 REJECTED CVE-2017-4825 REJECTED CVE-2017-4824 REJECTED CVE-2017-4823 REJECTED CVE-2017-4822 REJECTED CVE-2017-4821 REJECTED CVE-2017-4820 REJECTED CVE-2017-4819 REJECTED CVE-2017-4818 REJECTED CVE-2017-4817 REJECTED CVE-2017-4816 REJECTED CVE-2017-4815 REJECTED CVE-2017-4814 REJECTED CVE-2017-4813 REJECTED CVE-2017-4812 REJECTED CVE-2017-4811 REJECTED CVE-2017-4810 REJECTED CVE-2017-4809 REJECTED CVE-2017-4808 REJECTED CVE-2017-4807 REJECTED CVE-2017-4806 REJECTED CVE-2017-4805 REJECTED CVE-2017-4804 REJECTED CVE-2017-4803 REJECTED CVE-2017-4802 REJECTED CVE-2017-4801 REJECTED CVE-2017-4800 REJECTED CVE-2017-4799 REJECTED CVE-2017-4798 REJECTED CVE-2017-4797 REJECTED CVE-2017-4796 REJECTED CVE-2017-4795 REJECTED CVE-2017-4794 REJECTED CVE-2017-4793 REJECTED CVE-2017-4792 REJECTED CVE-2017-4791 REJECTED CVE-2017-4790 REJECTED CVE-2017-4789 REJECTED CVE-2017-4788 REJECTED CVE-2017-4787 REJECTED CVE-2017-4786 REJECTED CVE-2017-4785 REJECTED CVE-2017-4784 REJECTED CVE-2017-4783 REJECTED CVE-2017-4782 REJECTED CVE-2017-4781 REJECTED CVE-2017-4780 REJECTED CVE-2017-4779 REJECTED CVE-2017-4778 REJECTED CVE-2017-4777 REJECTED CVE-2017-4776 REJECTED CVE-2017-4775 REJECTED CVE-2017-4774 REJECTED CVE-2017-4773 REJECTED CVE-2017-4772 REJECTED CVE-2017-4771 REJECTED CVE-2017-4770 REJECTED CVE-2017-4769 REJECTED CVE-2017-4768 REJECTED CVE-2017-4767 REJECTED CVE-2017-4766 REJECTED CVE-2017-4765 REJECTED CVE-2017-4764 REJECTED CVE-2017-4763 REJECTED CVE-2017-4762 REJECTED CVE-2017-4761 REJECTED CVE-2017-4760 REJECTED CVE-2017-4759 REJECTED CVE-2017-4758 REJECTED CVE-2017-4757 REJECTED CVE-2017-4756 REJECTED CVE-2017-4755 REJECTED CVE-2017-4754 REJECTED CVE-2017-4753 REJECTED CVE-2017-4752 REJECTED CVE-2017-4751 REJECTED CVE-2017-4750 REJECTED CVE-2017-4749 REJECTED CVE-2017-4748 REJECTED CVE-2017-4747 REJECTED CVE-2017-4746 REJECTED CVE-2017-4745 REJECTED CVE-2017-4744 REJECTED CVE-2017-4743 REJECTED CVE-2017-4742 REJECTED CVE-2017-4741 REJECTED CVE-2017-4740 REJECTED CVE-2017-4739 REJECTED CVE-2017-4738 REJECTED CVE-2017-4737 REJECTED CVE-2017-4736 REJECTED CVE-2017-4735 REJECTED CVE-2017-4734 REJECTED CVE-2017-4733 REJECTED CVE-2017-4732 REJECTED CVE-2017-4731 REJECTED CVE-2017-4730 REJECTED CVE-2017-4729 REJECTED CVE-2017-4728 REJECTED CVE-2017-4727 REJECTED CVE-2017-4726 REJECTED CVE-2017-4725 REJECTED CVE-2017-4724 REJECTED CVE-2017-4723 REJECTED CVE-2017-4722 REJECTED CVE-2017-4721 REJECTED CVE-2017-4720 REJECTED CVE-2017-4719 REJECTED CVE-2017-4718 REJECTED CVE-2017-4717 REJECTED CVE-2017-4716 REJECTED CVE-2017-4715 REJECTED CVE-2017-4714 REJECTED CVE-2017-4713 REJECTED CVE-2017-4712 REJECTED CVE-2017-4711 REJECTED CVE-2017-4710 REJECTED CVE-2017-4709 REJECTED CVE-2017-4708 REJECTED CVE-2017-4707 REJECTED CVE-2017-4706 REJECTED CVE-2017-4705 REJECTED CVE-2017-4704 REJECTED CVE-2017-4703 REJECTED CVE-2017-4702 REJECTED CVE-2017-4701 REJECTED CVE-2017-4700 REJECTED CVE-2017-4699 REJECTED CVE-2017-4698 REJECTED CVE-2017-4697 REJECTED CVE-2017-4696 REJECTED CVE-2017-4695 REJECTED CVE-2017-4694 REJECTED CVE-2017-4693 REJECTED CVE-2017-4692 REJECTED CVE-2017-4691 REJECTED CVE-2017-4690 REJECTED CVE-2017-4689 REJECTED CVE-2017-4688 REJECTED CVE-2017-4687 REJECTED CVE-2017-4686 REJECTED CVE-2017-4685 REJECTED CVE-2017-4684 REJECTED CVE-2017-4683 REJECTED CVE-2017-4682 REJECTED CVE-2017-4681 REJECTED CVE-2017-4680 REJECTED CVE-2017-4679 REJECTED CVE-2017-4678 REJECTED CVE-2017-4677 REJECTED CVE-2017-4676 REJECTED CVE-2017-4675 REJECTED CVE-2017-4674 REJECTED CVE-2017-4673 REJECTED CVE-2017-4672 REJECTED CVE-2017-4671 REJECTED CVE-2017-4670 REJECTED CVE-2017-4669 REJECTED CVE-2017-4668 REJECTED CVE-2017-4667 REJECTED CVE-2017-4666 REJECTED CVE-2017-4665 REJECTED CVE-2017-4664 REJECTED CVE-2017-4663 REJECTED CVE-2017-4662 REJECTED CVE-2017-4661 REJECTED CVE-2017-4660 REJECTED CVE-2017-4659 REJECTED CVE-2017-4658 REJECTED CVE-2017-4657 REJECTED CVE-2017-4656 REJECTED CVE-2017-4655 REJECTED CVE-2017-4654 REJECTED CVE-2017-4653 REJECTED CVE-2017-4652 REJECTED CVE-2017-4651 REJECTED CVE-2017-4650 REJECTED CVE-2017-4649 REJECTED CVE-2017-4648 REJECTED CVE-2017-4647 REJECTED CVE-2017-4646 REJECTED CVE-2017-4645 REJECTED CVE-2017-4644 REJECTED CVE-2017-4643 REJECTED CVE-2017-4642 REJECTED CVE-2017-4641 REJECTED CVE-2017-4640 REJECTED CVE-2017-4639 REJECTED CVE-2017-4638 REJECTED CVE-2017-4637 REJECTED CVE-2017-4636 REJECTED CVE-2017-4635 REJECTED CVE-2017-4634 REJECTED CVE-2017-4633 REJECTED CVE-2017-4632 REJECTED CVE-2017-4631 REJECTED CVE-2017-4630 REJECTED CVE-2017-4629 REJECTED CVE-2017-4628 REJECTED CVE-2017-4627 REJECTED CVE-2017-4626 REJECTED CVE-2017-4625 REJECTED CVE-2017-4624 REJECTED CVE-2017-4623 REJECTED CVE-2017-4622 REJECTED CVE-2017-4621 REJECTED CVE-2017-4620 REJECTED CVE-2017-4619 REJECTED CVE-2017-4618 REJECTED CVE-2017-4617 REJECTED CVE-2017-4616 REJECTED CVE-2017-4615 REJECTED CVE-2017-4614 REJECTED CVE-2017-4613 REJECTED CVE-2017-4612 REJECTED CVE-2017-4611 REJECTED CVE-2017-4610 REJECTED CVE-2017-4609 REJECTED CVE-2017-4608 REJECTED CVE-2017-4607 REJECTED CVE-2017-4606 REJECTED CVE-2017-4605 REJECTED CVE-2017-4604 REJECTED CVE-2017-4603 REJECTED CVE-2017-4602 REJECTED CVE-2017-4601 REJECTED CVE-2017-4600 REJECTED CVE-2017-4599 REJECTED CVE-2017-4598 REJECTED CVE-2017-4597 REJECTED CVE-2017-4596 REJECTED CVE-2017-4595 REJECTED CVE-2017-4594 REJECTED CVE-2017-4593 REJECTED CVE-2017-4592 REJECTED CVE-2017-4591 REJECTED CVE-2017-4590 REJECTED CVE-2017-4589 REJECTED CVE-2017-4588 REJECTED CVE-2017-4587 REJECTED CVE-2017-4586 REJECTED CVE-2017-4585 REJECTED CVE-2017-4584 REJECTED CVE-2017-4583 REJECTED CVE-2017-4582 REJECTED CVE-2017-4581 REJECTED CVE-2017-4580 REJECTED CVE-2017-4579 REJECTED CVE-2017-4578 REJECTED CVE-2017-4577 REJECTED CVE-2017-4576 REJECTED CVE-2017-4575 REJECTED CVE-2017-4574 REJECTED CVE-2017-4573 REJECTED CVE-2017-4572 REJECTED CVE-2017-4571 REJECTED CVE-2017-4570 REJECTED CVE-2017-4569 REJECTED CVE-2017-4568 REJECTED CVE-2017-4567 REJECTED CVE-2017-4566 REJECTED CVE-2017-4565 REJECTED CVE-2017-4564 REJECTED CVE-2017-4563 REJECTED CVE-2017-4562 REJECTED CVE-2017-4561 REJECTED CVE-2017-4560 REJECTED CVE-2017-4559 REJECTED CVE-2017-4558 REJECTED CVE-2017-4557 REJECTED CVE-2017-4556 REJECTED CVE-2017-4555 REJECTED CVE-2017-4554 REJECTED CVE-2017-4553 REJECTED CVE-2017-4552 REJECTED CVE-2017-4551 REJECTED CVE-2017-4550 REJECTED CVE-2017-4549 REJECTED CVE-2017-4548 REJECTED CVE-2017-4547 REJECTED CVE-2017-4546 REJECTED CVE-2017-4545 REJECTED CVE-2017-4544 REJECTED CVE-2017-4543 REJECTED CVE-2017-4542 REJECTED CVE-2017-4541 REJECTED CVE-2017-4540 REJECTED CVE-2017-4539 REJECTED CVE-2017-4538 REJECTED CVE-2017-4537 REJECTED CVE-2017-4536 REJECTED CVE-2017-4535 REJECTED CVE-2017-4534 REJECTED CVE-2017-4533 REJECTED CVE-2017-4532 REJECTED CVE-2017-4531 REJECTED CVE-2017-4530 REJECTED CVE-2017-4529 REJECTED CVE-2017-4528 REJECTED CVE-2017-4527 REJECTED CVE-2017-4526 REJECTED CVE-2017-4525 REJECTED CVE-2017-4524 REJECTED CVE-2017-4523 REJECTED CVE-2017-4522 REJECTED CVE-2017-4521 REJECTED CVE-2017-4520 REJECTED CVE-2017-4519 REJECTED CVE-2017-4518 REJECTED CVE-2017-4517 REJECTED CVE-2017-4516 REJECTED CVE-2017-4515 REJECTED CVE-2017-4514 REJECTED CVE-2017-4513 REJECTED CVE-2017-4512 REJECTED CVE-2017-4511 REJECTED CVE-2017-4510 REJECTED CVE-2017-4509 REJECTED CVE-2017-4508 REJECTED CVE-2017-4507 REJECTED CVE-2017-4506 REJECTED CVE-2017-4505 REJECTED CVE-2017-4504 REJECTED CVE-2017-4503 REJECTED CVE-2017-4502 REJECTED CVE-2017-4501 REJECTED CVE-2017-4500 REJECTED CVE-2017-4499 REJECTED CVE-2017-4498 REJECTED CVE-2017-4497 REJECTED CVE-2017-4496 REJECTED CVE-2017-4495 REJECTED CVE-2017-4494 REJECTED CVE-2017-4493 REJECTED CVE-2017-4492 REJECTED CVE-2017-4491 REJECTED CVE-2017-4490 REJECTED CVE-2017-4489 REJECTED CVE-2017-4488 REJECTED CVE-2017-4487 REJECTED CVE-2017-4486 REJECTED CVE-2017-4485 REJECTED CVE-2017-4484 REJECTED CVE-2017-4483 REJECTED CVE-2017-4482 REJECTED CVE-2017-4481 REJECTED CVE-2017-4480 REJECTED CVE-2017-4479 REJECTED CVE-2017-4478 REJECTED CVE-2017-4477 REJECTED CVE-2017-4476 REJECTED CVE-2017-4475 REJECTED CVE-2017-4474 REJECTED CVE-2017-4473 REJECTED CVE-2017-4472 REJECTED CVE-2017-4471 REJECTED CVE-2017-4470 REJECTED CVE-2017-4469 REJECTED CVE-2017-4468 REJECTED CVE-2017-4467 REJECTED CVE-2017-4466 REJECTED CVE-2017-4465 REJECTED CVE-2017-4464 REJECTED CVE-2017-4463 REJECTED CVE-2017-4462 REJECTED CVE-2017-4461 REJECTED CVE-2017-4460 REJECTED CVE-2017-4459 REJECTED CVE-2017-4458 REJECTED CVE-2017-4457 REJECTED CVE-2017-4456 REJECTED CVE-2017-4455 REJECTED CVE-2017-4454 REJECTED CVE-2017-4453 REJECTED CVE-2017-4452 REJECTED CVE-2017-4451 REJECTED CVE-2017-4450 REJECTED CVE-2017-4449 REJECTED CVE-2017-4448 REJECTED CVE-2017-4447 REJECTED CVE-2017-4446 REJECTED CVE-2017-4445 REJECTED CVE-2017-4444 REJECTED CVE-2017-4443 REJECTED CVE-2017-4442 REJECTED CVE-2017-4441 REJECTED CVE-2017-4440 REJECTED CVE-2017-4439 REJECTED CVE-2017-4438 REJECTED CVE-2017-4437 REJECTED CVE-2017-4436 REJECTED CVE-2017-4435 REJECTED CVE-2017-4434 REJECTED CVE-2017-4433 REJECTED CVE-2017-4432 REJECTED CVE-2017-4431 REJECTED CVE-2017-4430 REJECTED CVE-2017-4429 REJECTED CVE-2017-4428 REJECTED CVE-2017-4427 REJECTED CVE-2017-4426 REJECTED CVE-2017-4425 REJECTED CVE-2017-4424 REJECTED CVE-2017-4423 REJECTED CVE-2017-4422 REJECTED CVE-2017-4421 REJECTED CVE-2017-4420 REJECTED CVE-2017-4419 REJECTED CVE-2017-4418 REJECTED CVE-2017-4417 REJECTED CVE-2017-4416 REJECTED CVE-2017-4415 REJECTED CVE-2017-4414 REJECTED CVE-2017-4413 REJECTED CVE-2017-4412 REJECTED CVE-2017-4411 REJECTED CVE-2017-4410 REJECTED CVE-2017-4409 REJECTED CVE-2017-4408 REJECTED CVE-2017-4407 REJECTED CVE-2017-4406 REJECTED CVE-2017-4405 REJECTED CVE-2017-4404 REJECTED CVE-2017-4403 REJECTED CVE-2017-4402 REJECTED CVE-2017-4401 REJECTED CVE-2017-4400 REJECTED CVE-2017-4399 REJECTED CVE-2017-4398 REJECTED CVE-2017-4397 REJECTED CVE-2017-4396 REJECTED CVE-2017-4395 REJECTED CVE-2017-4394 REJECTED CVE-2017-4393 REJECTED CVE-2017-4392 REJECTED CVE-2017-4391 REJECTED CVE-2017-4390 REJECTED CVE-2017-4389 REJECTED CVE-2017-4388 REJECTED CVE-2017-4387 REJECTED CVE-2017-4386 REJECTED CVE-2017-4385 REJECTED CVE-2017-4384 REJECTED CVE-2017-4383 REJECTED CVE-2017-4382 REJECTED CVE-2017-4381 REJECTED CVE-2017-4380 REJECTED CVE-2017-4379 REJECTED CVE-2017-4378 REJECTED CVE-2017-4377 REJECTED CVE-2017-4376 REJECTED CVE-2017-4375 REJECTED CVE-2017-4374 REJECTED CVE-2017-4373 REJECTED CVE-2017-4372 REJECTED CVE-2017-4371 REJECTED CVE-2017-4370 REJECTED CVE-2017-4369 REJECTED CVE-2017-4368 REJECTED CVE-2017-4367 REJECTED CVE-2017-4366 REJECTED CVE-2017-4365 REJECTED CVE-2017-4364 REJECTED CVE-2017-4363 REJECTED CVE-2017-4362 REJECTED CVE-2017-4361 REJECTED CVE-2017-4360 REJECTED CVE-2017-4359 REJECTED CVE-2017-4358 REJECTED CVE-2017-4357 REJECTED CVE-2017-4356 REJECTED CVE-2017-4355 REJECTED CVE-2017-4354 REJECTED CVE-2017-4353 REJECTED CVE-2017-4352 REJECTED CVE-2017-4351 REJECTED CVE-2017-4350 REJECTED CVE-2017-4349 REJECTED CVE-2017-4348 REJECTED CVE-2017-4347 REJECTED CVE-2017-4346 REJECTED CVE-2017-4345 REJECTED CVE-2017-4344 REJECTED CVE-2017-4343 REJECTED CVE-2017-4342 REJECTED CVE-2017-4341 REJECTED CVE-2017-4340 REJECTED CVE-2017-4339 REJECTED CVE-2017-4338 REJECTED CVE-2017-4337 REJECTED CVE-2017-4336 REJECTED CVE-2017-4335 REJECTED CVE-2017-4334 REJECTED CVE-2017-4333 REJECTED CVE-2017-4332 REJECTED CVE-2017-4331 REJECTED CVE-2017-4330 REJECTED CVE-2017-4329 REJECTED CVE-2017-4328 REJECTED CVE-2017-4327 REJECTED CVE-2017-4326 REJECTED CVE-2017-4325 REJECTED CVE-2017-4324 REJECTED CVE-2017-4323 REJECTED CVE-2017-4322 REJECTED CVE-2017-4321 REJECTED CVE-2017-4320 REJECTED CVE-2017-4319 REJECTED CVE-2017-4318 REJECTED CVE-2017-4317 REJECTED CVE-2017-4316 REJECTED CVE-2017-4315 REJECTED CVE-2017-4314 REJECTED CVE-2017-4313 REJECTED CVE-2017-4312 REJECTED CVE-2017-4311 REJECTED CVE-2017-4310 REJECTED CVE-2017-4309 REJECTED CVE-2017-4308 REJECTED CVE-2017-4307 REJECTED CVE-2017-4306 REJECTED CVE-2017-4305 REJECTED CVE-2017-4304 REJECTED CVE-2017-4303 REJECTED CVE-2017-4302 REJECTED CVE-2017-4301 REJECTED CVE-2017-4300 REJECTED CVE-2017-4299 REJECTED CVE-2017-4298 REJECTED CVE-2017-4297 REJECTED CVE-2017-4296 REJECTED CVE-2017-4295 REJECTED CVE-2017-4294 REJECTED CVE-2017-4293 REJECTED CVE-2017-4292 REJECTED CVE-2017-4291 REJECTED CVE-2017-4290 REJECTED CVE-2017-4289 REJECTED CVE-2017-4288 REJECTED CVE-2017-4287 REJECTED CVE-2017-4286 REJECTED CVE-2017-4285 REJECTED CVE-2017-4284 REJECTED CVE-2017-4283 REJECTED CVE-2017-4282 REJECTED CVE-2017-4281 REJECTED CVE-2017-4280 REJECTED CVE-2017-4279 REJECTED CVE-2017-4278 REJECTED CVE-2017-4277 REJECTED CVE-2017-4276 REJECTED CVE-2017-4275 REJECTED CVE-2017-4274 REJECTED CVE-2017-4273 REJECTED CVE-2017-4272 REJECTED CVE-2017-4271 REJECTED CVE-2017-4270 REJECTED CVE-2017-4269 REJECTED CVE-2017-4268 REJECTED CVE-2017-4267 REJECTED CVE-2017-4266 REJECTED CVE-2017-4265 REJECTED CVE-2017-4264 REJECTED CVE-2017-4263 REJECTED CVE-2017-4262 REJECTED CVE-2017-4261 REJECTED CVE-2017-4260 REJECTED CVE-2017-4259 REJECTED CVE-2017-4258 REJECTED CVE-2017-4257 REJECTED CVE-2017-4256 REJECTED CVE-2017-4255 REJECTED CVE-2017-4254 REJECTED CVE-2017-4253 REJECTED CVE-2017-4252 REJECTED CVE-2017-4251 REJECTED CVE-2017-4250 REJECTED CVE-2017-4249 REJECTED CVE-2017-4248 REJECTED CVE-2017-4247 REJECTED CVE-2017-4246 REJECTED CVE-2017-4245 REJECTED CVE-2017-4244 REJECTED CVE-2017-4243 REJECTED CVE-2017-4242 REJECTED CVE-2017-4241 REJECTED CVE-2017-4240 REJECTED CVE-2017-4239 REJECTED CVE-2017-4238 REJECTED CVE-2017-4237 REJECTED CVE-2017-4236 REJECTED CVE-2017-4235 REJECTED CVE-2017-4234 REJECTED CVE-2017-4233 REJECTED CVE-2017-4232 REJECTED CVE-2017-4231 REJECTED CVE-2017-4230 REJECTED CVE-2017-4229 REJECTED CVE-2017-4228 REJECTED CVE-2017-4227 REJECTED CVE-2017-4226 REJECTED CVE-2017-4225 REJECTED CVE-2017-4224 REJECTED CVE-2017-4223 REJECTED CVE-2017-4222 REJECTED CVE-2017-4221 REJECTED CVE-2017-4220 REJECTED CVE-2017-4219 REJECTED CVE-2017-4218 REJECTED CVE-2017-4217 REJECTED CVE-2017-4216 REJECTED CVE-2017-4215 REJECTED CVE-2017-4214 REJECTED CVE-2017-4213 REJECTED CVE-2017-4212 REJECTED CVE-2017-4211 REJECTED CVE-2017-4210 REJECTED CVE-2017-4209 REJECTED CVE-2017-4208 REJECTED CVE-2017-4207 REJECTED CVE-2017-4206 REJECTED CVE-2017-4205 REJECTED CVE-2017-4204 REJECTED CVE-2017-4203 REJECTED CVE-2017-4202 REJECTED CVE-2017-4201 REJECTED CVE-2017-4200 REJECTED CVE-2017-4199 REJECTED CVE-2017-4198 REJECTED CVE-2017-4197 REJECTED CVE-2017-4196 REJECTED CVE-2017-4195 REJECTED CVE-2017-4194 REJECTED CVE-2017-4193 REJECTED CVE-2017-4192 REJECTED CVE-2017-4191 REJECTED CVE-2017-4190 REJECTED CVE-2017-4189 REJECTED CVE-2017-4188 REJECTED CVE-2017-4187 REJECTED CVE-2017-4186 REJECTED CVE-2017-4185 REJECTED CVE-2017-4184 REJECTED CVE-2017-4183 REJECTED CVE-2017-4182 REJECTED CVE-2017-4181 REJECTED CVE-2017-4180 REJECTED CVE-2017-4179 REJECTED CVE-2017-4178 REJECTED CVE-2017-4177 REJECTED CVE-2017-4176 REJECTED CVE-2017-4175 REJECTED CVE-2017-4174 REJECTED CVE-2017-4173 REJECTED CVE-2017-4172 REJECTED CVE-2017-4171 REJECTED CVE-2017-4170 REJECTED CVE-2017-4169 REJECTED CVE-2017-4168 REJECTED CVE-2017-4167 REJECTED CVE-2017-4166 REJECTED CVE-2017-4165 REJECTED CVE-2017-4164 REJECTED CVE-2017-4163 REJECTED CVE-2017-4162 REJECTED CVE-2017-4161 REJECTED CVE-2017-4160 REJECTED CVE-2017-4159 REJECTED CVE-2017-4158 REJECTED CVE-2017-4157 REJECTED CVE-2017-4156 REJECTED CVE-2017-4155 REJECTED CVE-2017-4154 REJECTED CVE-2017-4153 REJECTED CVE-2017-4152 REJECTED CVE-2017-4151 REJECTED CVE-2017-4150 REJECTED CVE-2017-4149 REJECTED CVE-2017-4148 REJECTED CVE-2017-4147 REJECTED CVE-2017-4146 REJECTED CVE-2017-4145 REJECTED CVE-2017-4144 REJECTED CVE-2017-4143 REJECTED CVE-2017-4142 REJECTED CVE-2017-4141 REJECTED CVE-2017-4140 REJECTED CVE-2017-4139 REJECTED CVE-2017-4138 REJECTED CVE-2017-4137 REJECTED CVE-2017-4136 REJECTED CVE-2017-4135 REJECTED CVE-2017-4134 REJECTED CVE-2017-4133 REJECTED CVE-2017-4132 REJECTED CVE-2017-4131 REJECTED CVE-2017-4130 REJECTED CVE-2017-4129 REJECTED CVE-2017-4128 REJECTED CVE-2017-4127 REJECTED CVE-2017-4126 REJECTED CVE-2017-4125 REJECTED CVE-2017-4124 REJECTED CVE-2017-4123 REJECTED CVE-2017-4122 REJECTED CVE-2017-4121 REJECTED CVE-2017-4120 REJECTED CVE-2017-4119 REJECTED CVE-2017-4118 REJECTED CVE-2017-4117 REJECTED CVE-2017-4116 REJECTED CVE-2017-4115 REJECTED CVE-2017-4114 REJECTED CVE-2017-4113 REJECTED CVE-2017-4112 REJECTED CVE-2017-4111 REJECTED CVE-2017-4110 REJECTED CVE-2017-4109 REJECTED CVE-2017-4108 REJECTED CVE-2017-4107 REJECTED CVE-2017-4106 REJECTED CVE-2017-4105 REJECTED CVE-2017-4104 REJECTED CVE-2017-4103 REJECTED CVE-2017-4102 REJECTED CVE-2017-4101 REJECTED CVE-2017-4100 REJECTED CVE-2017-4099 REJECTED CVE-2017-4098 REJECTED CVE-2017-4097 REJECTED CVE-2017-4096 REJECTED CVE-2017-4095 REJECTED CVE-2017-4094 REJECTED CVE-2017-4093 REJECTED CVE-2017-4092 REJECTED CVE-2017-4091 REJECTED CVE-2017-4090 REJECTED CVE-2017-4089 REJECTED CVE-2017-4088 REJECTED CVE-2017-4087 REJECTED CVE-2017-4086 REJECTED CVE-2017-4085 REJECTED CVE-2017-4084 REJECTED CVE-2017-4083 REJECTED CVE-2017-4082 REJECTED CVE-2017-4081 REJECTED CVE-2017-4080 REJECTED CVE-2017-4079 REJECTED CVE-2017-4078 REJECTED CVE-2017-4077 REJECTED CVE-2017-4076 REJECTED CVE-2017-4075 REJECTED CVE-2017-4074 REJECTED CVE-2017-4073 REJECTED CVE-2017-4072 REJECTED CVE-2017-4071 REJECTED CVE-2017-4070 REJECTED CVE-2017-4069 REJECTED CVE-2017-4068 REJECTED CVE-2017-4067 REJECTED CVE-2017-4066 REJECTED CVE-2017-4065 REJECTED CVE-2017-4064 REJECTED CVE-2017-4063 REJECTED CVE-2017-4062 REJECTED CVE-2017-4061 REJECTED CVE-2017-4060 REJECTED CVE-2017-4059 REJECTED CVE-2017-4058 REJECTED CVE-2017-4057 (Privilege Escalation vulnerability in the web interface in McAfee Adva ...) NOT-FOR-US: McAfee CVE-2017-4056 REJECTED CVE-2017-4055 (Exploitation of Authentication vulnerability in the web interface in M ...) NOT-FOR-US: McAfee CVE-2017-4054 (Command Injection vulnerability in the web interface in McAfee Advance ...) NOT-FOR-US: McAfee CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee Advance ...) NOT-FOR-US: McAfee CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee Adv ...) NOT-FOR-US: McAfee CVE-2017-4051 REJECTED CVE-2017-4050 REJECTED CVE-2017-4049 REJECTED CVE-2017-4048 REJECTED CVE-2017-4047 REJECTED CVE-2017-4046 REJECTED CVE-2017-4045 REJECTED CVE-2017-4044 REJECTED CVE-2017-4043 REJECTED CVE-2017-4042 REJECTED CVE-2017-4041 REJECTED CVE-2017-4040 REJECTED CVE-2017-4039 REJECTED CVE-2017-4038 REJECTED CVE-2017-4037 REJECTED CVE-2017-4036 REJECTED CVE-2017-4035 REJECTED CVE-2017-4034 REJECTED CVE-2017-4033 REJECTED CVE-2017-4032 REJECTED CVE-2017-4031 REJECTED CVE-2017-4030 REJECTED CVE-2017-4029 REJECTED CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft Wind ...) NOT-FOR-US: MacAfee CVE-2017-4027 REJECTED CVE-2017-4026 REJECTED CVE-2017-4025 REJECTED CVE-2017-4024 REJECTED CVE-2017-4023 REJECTED CVE-2017-4022 REJECTED CVE-2017-4021 REJECTED CVE-2017-4020 REJECTED CVE-2017-4019 REJECTED CVE-2017-4018 REJECTED CVE-2017-4017 (User Name Disclosure in the server in McAfee Network Data Loss Prevent ...) NOT-FOR-US: McAfee CVE-2017-4016 (Web Server method disclosure in the server in McAfee Network Data Loss ...) NOT-FOR-US: McAfee CVE-2017-4015 (Clickjacking vulnerability in the server in McAfee Network Data Loss P ...) NOT-FOR-US: McAfee CVE-2017-4014 (Session Side jacking vulnerability in the server in McAfee Network Dat ...) NOT-FOR-US: McAfee CVE-2017-4013 (Banner Disclosure in the server in McAfee Network Data Loss Prevention ...) NOT-FOR-US: McAfee CVE-2017-4012 (Privilege Escalation vulnerability in the server in McAfee Network Dat ...) NOT-FOR-US: McAfee CVE-2017-4011 (Embedding Script (XSS) in HTTP Headers vulnerability in the server in ...) NOT-FOR-US: McAfee CVE-2017-4010 REJECTED CVE-2017-4009 REJECTED CVE-2017-4008 REJECTED CVE-2017-4007 REJECTED CVE-2017-4006 REJECTED CVE-2017-4005 REJECTED CVE-2017-4004 REJECTED CVE-2017-4003 REJECTED CVE-2017-4002 REJECTED CVE-2017-4001 REJECTED CVE-2017-4000 REJECTED CVE-2017-3999 REJECTED CVE-2017-3998 REJECTED CVE-2017-3997 REJECTED CVE-2017-3996 REJECTED CVE-2017-3995 REJECTED CVE-2017-3994 REJECTED CVE-2017-3993 REJECTED CVE-2017-3992 REJECTED CVE-2017-3991 REJECTED CVE-2017-3990 REJECTED CVE-2017-3989 REJECTED CVE-2017-3988 REJECTED CVE-2017-3987 REJECTED CVE-2017-3986 REJECTED CVE-2017-3985 REJECTED CVE-2017-3984 REJECTED CVE-2017-3983 REJECTED CVE-2017-3982 REJECTED CVE-2017-3981 REJECTED CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in McAfee ePo ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2017-3979 REJECTED CVE-2017-3978 REJECTED CVE-2017-3977 REJECTED CVE-2017-3976 REJECTED CVE-2017-3975 REJECTED CVE-2017-3974 REJECTED CVE-2017-3973 REJECTED CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...) NOT-FOR-US: McAfee CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network Sec ...) NOT-FOR-US: McAfee CVE-2017-3970 REJECTED CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...) NOT-FOR-US: McAfee CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...) NOT-FOR-US: McAfee CVE-2017-3967 (Target influence via framing vulnerability in the web interface in McA ...) NOT-FOR-US: McAfee CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted cred ...) NOT-FOR-US: McAfee CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability i ...) NOT-FOR-US: McAfee CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web interfa ...) NOT-FOR-US: McAfee CVE-2017-3963 REJECTED CVE-2017-3962 (Password recovery exploitation vulnerability in the non-certificate-ba ...) NOT-FOR-US: McAfee CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in McAfe ...) NOT-FOR-US: McAfee CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in Mc ...) NOT-FOR-US: McAfee CVE-2017-3959 REJECTED CVE-2017-3958 REJECTED CVE-2017-3957 REJECTED CVE-2017-3956 REJECTED CVE-2017-3955 REJECTED CVE-2017-3954 REJECTED CVE-2017-3953 REJECTED CVE-2017-3952 REJECTED CVE-2017-3951 REJECTED CVE-2017-3950 REJECTED CVE-2017-3949 REJECTED CVE-2017-3948 (Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee ...) NOT-FOR-US: McAfee CVE-2017-3947 REJECTED CVE-2017-3946 REJECTED CVE-2017-3945 REJECTED CVE-2017-3944 REJECTED CVE-2017-3943 REJECTED CVE-2017-3942 REJECTED CVE-2017-3941 REJECTED CVE-2017-3940 REJECTED CVE-2017-3939 REJECTED CVE-2017-3938 REJECTED CVE-2017-3937 REJECTED CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO ...) NOT-FOR-US: McAfee CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...) NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...) NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...) NOT-FOR-US: McAfee Network Data Loss Prevention CVE-2017-3932 REJECTED CVE-2017-3931 REJECTED CVE-2017-3930 REJECTED CVE-2017-3929 REJECTED CVE-2017-3928 REJECTED CVE-2017-3927 REJECTED CVE-2017-3926 REJECTED CVE-2017-3925 REJECTED CVE-2017-3924 REJECTED CVE-2017-3923 REJECTED CVE-2017-3922 REJECTED CVE-2017-3921 REJECTED CVE-2017-3920 REJECTED CVE-2017-3919 REJECTED CVE-2017-3918 REJECTED CVE-2017-3917 REJECTED CVE-2017-3916 REJECTED CVE-2017-3915 REJECTED CVE-2017-3914 REJECTED CVE-2017-3913 REJECTED CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and Ch ...) NOT-FOR-US: McAfee CVE-2017-3911 REJECTED CVE-2017-3910 REJECTED CVE-2017-3909 REJECTED CVE-2017-3908 REJECTED CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...) NOT-FOR-US: McAfee CVE-2017-3906 REJECTED CVE-2017-3905 REJECTED CVE-2017-3904 REJECTED CVE-2017-3903 REJECTED CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...) NOT-FOR-US: Intel Security ePO CVE-2017-3901 REJECTED CVE-2017-3900 REJECTED CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...) NOT-FOR-US: Intel antivirus CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...) NOT-FOR-US: McAfee CVE-2017-3897 (A Code Injection vulnerability in the non-certificate-based authentica ...) NOT-FOR-US: McAfee CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing capabili ...) NOT-FOR-US: Intel McAfee CVE-2017-3895 REJECTED CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...) - libpng1.6 1.6.27-1 (bug #849799) - libpng [jessie] - libpng 1.2.50-2+deb8u3 [wheezy] - libpng (Minor issue) NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27 NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16) NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12) CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local ...) - tqdm 4.11.2-1 (bug #849632) NOTE: https://github.com/tqdm/tqdm/issues/328 CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...) {DSA-3769-1 DLA-792-1} - libphp-swiftmailer 5.4.2-1.1 (bug #849626) NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html NOTE: https://github.com/swiftmailer/swiftmailer/issues/844 NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86 CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums befo ...) NOT-FOR-US: Vanilla Forums CVE-2016-10072 (WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000. ...) NOT-FOR-US: WampServer CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 do ...) - linux 4.7.8-1 [jessie] - linux 3.16.43-1 [wheezy] - linux (Changes required are too invasive) CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM ...) NOT-FOR-US: Radisys MRF Web Panel CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (ak ...) NOT-FOR-US: Arcadyan SLT-00 Star* devices CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service Progr ...) NOT-FOR-US: Sprecher Automation SPRECON-E Service CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows rem ...) - qt4-x11 4:4.8.7+dfsg-1 (low; bug #851058) [jessie] - qt4-x11 (Minor issue) [wheezy] - qt4-x11 (Minor issue) - qtbase-opensource-src 5.2.0+dfsg-7 NOTE: CVE assignment specific to https://www.openwall.com/lists/oss-security/2016/12/24/2 NOTE: https://www.openwall.com/lists/oss-security/2016/12/24/1 NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...) NOT-FOR-US: MODX Revolution CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...) NOT-FOR-US: MODX Revolution CVE-2016-10037 (Directory traversal in /connectors/index.php in MODX Revolution before ...) NOT-FOR-US: MODX Revolution CVE-2016-10036 (Unrestricted file upload vulnerability in ui/artifact/upload in JFrog ...) NOT-FOR-US: JFrog Artifactory CVE-2016-10035 RESERVED CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail componen ...) - zendframework (Vulnerable code not present in ZF1, cf. #850215) NOTE: https://framework.zend.com/security/advisory/ZF2016-04 NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0 NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html CVE-2014-9914 (Race condition in the ip4_datagram_release_cb function in net/ipv4/dat ...) - linux 3.16.2-1 [wheezy] - linux (Vulnerable code introduced later) CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote att ...) - libphp-phpmailer (Incomplete fix not applied) NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before 5.2. ...) {DSA-3750-1 DLA-770-1} - libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365) NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449 NOTE: Fix potentially incomplete, cf https://www.openwall.com/lists/oss-security/2016/12/28/1 NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045. NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html NOTE: Needs followup: https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae NOTE: Another followup: https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0 CVE-2016-10032 RESERVED CVE-2016-10031 (WampServer 3.0.6 installs two services called 'wampapache' and 'wampmy ...) NOT-FOR-US: WampServer CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 1 ...) {DLA-921-1} - slurm-llnl 16.05.8-1 (bug #850491) [jessie] - slurm-llnl 14.03.9-5+deb8u1 NOTE: https://www.schedmd.com/news.php?id=178 NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...) NOT-FOR-US: BlackBerry CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the defau ...) NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an inform ...) NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevat ...) NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry Watch ...) NOT-FOR-US: BlackBerry CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope ...) NOT-FOR-US: Cisco CVE-2017-3888 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-3887 (A vulnerability in the detection engine that handles Secure Sockets La ...) NOT-FOR-US: Cisco CVE-2017-3886 (A vulnerability in the Cisco Unified Communications Manager web interf ...) NOT-FOR-US: Cisco CVE-2017-3885 (A vulnerability in the detection engine reassembly of Secure Sockets L ...) NOT-FOR-US: Cisco CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...) NOT-FOR-US: Cisco CVE-2017-3883 (A vulnerability in the authentication, authorization, and accounting ( ...) NOT-FOR-US: Cisco CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation i ...) NOT-FOR-US: Cisco CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) process ...) NOT-FOR-US: Cisco CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings Server ...) NOT-FOR-US: Cisco CVE-2017-3879 (A Denial of Service vulnerability in the remote login functionality fo ...) NOT-FOR-US: Cisco CVE-2017-3878 (A Denial of Service vulnerability in the Telnet remote login functiona ...) NOT-FOR-US: Cisco CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...) NOT-FOR-US: Cisco CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...) NOT-FOR-US: Cisco CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Airo ...) NOT-FOR-US: Cisco CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...) NOT-FOR-US: Cisco CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network management ...) NOT-FOR-US: Cisco CVE-2017-3870 (A vulnerability in the URL filtering feature of Cisco AsyncOS Software ...) NOT-FOR-US: Cisco CVE-2017-3869 (An API Credentials Management vulnerability in the APIs for Cisco Prim ...) NOT-FOR-US: Cisco CVE-2017-3868 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2017-3867 (A vulnerability in the Border Gateway Protocol (BGP) Bidirectional For ...) NOT-FOR-US: Cisco CVE-2017-3866 (A vulnerability in the web framework code of Cisco Prime Service Catal ...) NOT-FOR-US: Cisco CVE-2017-3865 (A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5 ...) NOT-FOR-US: Cisco CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...) NOT-FOR-US: Cisco CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) NOT-FOR-US: Cisco CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) NOT-FOR-US: Cisco CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) NOT-FOR-US: Cisco CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) NOT-FOR-US: Cisco CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning featu ...) NOT-FOR-US: Cisco CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could al ...) NOT-FOR-US: Cisco CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing funct ...) NOT-FOR-US: Cisco CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through ...) NOT-FOR-US: Cisco CVE-2017-3855 RESERVED CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC ...) NOT-FOR-US: Cisco CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...) NOT-FOR-US: Cisco CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) compo ...) NOT-FOR-US: Cisco CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the C ...) NOT-FOR-US: Cisco CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) featu ...) NOT-FOR-US: Cisco CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) regis ...) NOT-FOR-US: Cisco CVE-2017-3848 (A vulnerability in the HTTP web-based management interface of Cisco Pr ...) NOT-FOR-US: Cisco CVE-2017-3847 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2017-3846 (A vulnerability in the Client Manager Server of Cisco Workload Automat ...) NOT-FOR-US: Cisco CVE-2017-3845 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2017-3844 (A vulnerability in exporting functions of the user interface for Cisco ...) NOT-FOR-US: Cisco CVE-2017-3843 (A vulnerability in the file download functions for Cisco Prime Collabo ...) NOT-FOR-US: Cisco CVE-2017-3842 (A vulnerability in the web-based management interface of the Cisco Int ...) NOT-FOR-US: Cisco CVE-2017-3841 (A vulnerability in the web interface of the Cisco Secure Access Contro ...) NOT-FOR-US: Cisco CVE-2017-3840 (A vulnerability in the web interface of the Cisco Secure Access Contro ...) NOT-FOR-US: Cisco CVE-2017-3839 (An XML External Entity vulnerability in the web-based user interface o ...) NOT-FOR-US: Cisco CVE-2017-3838 (A vulnerability in Cisco Secure Access Control System (ACS) could allo ...) NOT-FOR-US: Cisco CVE-2017-3837 (An HTTP Packet Processing vulnerability in the Web Bridge interface of ...) NOT-FOR-US: Cisco CVE-2017-3836 (A vulnerability in the web framework Cisco Unified Communications Mana ...) NOT-FOR-US: Cisco CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engin ...) NOT-FOR-US: Cisco CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Se ...) NOT-FOR-US: Cisco CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN ...) NOT-FOR-US: Cisco CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Se ...) NOT-FOR-US: Cisco CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) c ...) NOT-FOR-US: Cisco CVE-2017-3829 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-3828 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) NOT-FOR-US: Cisco CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) dec ...) NOT-FOR-US: Cisco CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series Co ...) NOT-FOR-US: Cisco CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on G ...) NOT-FOR-US: Cisco CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower Threat ...) NOT-FOR-US: Cisco Firepower Threat Defense CVE-2017-3821 (A vulnerability in the serviceability page of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) functions ...) NOT-FOR-US: Cisco IOS XE CVE-2017-3819 (A privilege escalation vulnerability in the Secure Shell (SSH) subsyst ...) NOT-FOR-US: Cisco CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) NOT-FOR-US: Cisco Email Security Appliances CVE-2017-3817 (A vulnerability in the role-based resource checking functionality of C ...) NOT-FOR-US: Cisco CVE-2017-3816 RESERVED CVE-2017-3815 (An API Privilege vulnerability in Cisco TelePresence Server Software c ...) NOT-FOR-US: Cisco CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow an unau ...) NOT-FOR-US: Cisco Firepower System Software CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco AnyCon ...) NOT-FOR-US: Cisco CVE-2017-3812 (A vulnerability in the implementation of Common Industrial Protocol (C ...) NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches CVE-2017-3811 (An XML External Entity vulnerability in Cisco WebEx Meetings Server co ...) NOT-FOR-US: Cisco CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...) NOT-FOR-US: Cisco Prime Service Catalog CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...) NOT-FOR-US: Cisco Firepower Management Center CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttlin ...) NOT-FOR-US: Cisco CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the Clien ...) NOT-FOR-US: Cisco CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...) NOT-FOR-US: Cisco Firepower CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...) NOT-FOR-US: Cisco IOS CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS) ...) NOT-FOR-US: Cisco CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of Cisco 29 ...) NOT-FOR-US: Cisco CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...) NOT-FOR-US: Cisco CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...) NOT-FOR-US: Cisco CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco Email Security Appliance CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...) NOT-FOR-US: Cisco CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...) NOT-FOR-US: Cisco CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) NOT-FOR-US: Cisco CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) NOT-FOR-US: Cisco CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...) NOT-FOR-US: Cisco TelePresence CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow a ...) NOT-FOR-US: Cisco CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway Seri ...) NOT-FOR-US: Cisco Expressway CVE-2016-5103 REJECTED CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...) - libsmack-java (bug #640873) CVE-2016-10023 REJECTED CVE-2016-10022 REJECTED CVE-2016-10021 REJECTED CVE-2016-10020 REJECTED CVE-2016-10019 REJECTED CVE-2016-10018 REJECTED CVE-2016-10017 REJECTED CVE-2016-10016 REJECTED CVE-2016-10015 REJECTED CVE-2016-10014 REJECTED CVE-2016-9645 (The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in edi ...) - ikiwiki 3.20161229 [jessie] - ikiwiki (Incomplete fix for CVE-2016-10026 not applied) [wheezy] - ikiwiki (Incomplete fix for CVE-2016-10026 not applied) NOTE: https://ikiwiki.info/security/#cve-2016-9645 CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes the a ...) {DSA-3760-1 DLA-812-1} - ikiwiki 3.20161219 NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/7 NOTE: When fixing this issue make sure to apply the complete correct fix to NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645. CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...) - xen 4.8.0-1 [jessie] - xen (Vulnerable code introduced later) [wheezy] - xen (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-203.html CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators t ...) {DSA-3847-1 DLA-783-1} - xen 4.8.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-202.html CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...) - qemu 1:2.10.0-1 (bug #849798; unimportant) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/1 NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is NOTE: still present. NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31 (v2.9.0-rc0) CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...) - qemu 1:2.7+dfsg-1 [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0) NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/2 CVE-2017-3789 REJECTED CVE-2017-3788 REJECTED CVE-2017-3787 REJECTED CVE-2017-3786 REJECTED CVE-2017-3785 REJECTED CVE-2017-3784 REJECTED CVE-2017-3783 REJECTED CVE-2017-3782 REJECTED CVE-2017-3781 REJECTED CVE-2017-3780 REJECTED CVE-2017-3779 REJECTED CVE-2017-3778 REJECTED CVE-2017-3777 REJECTED CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowe ...) NOT-FOR-US: Lenovo Help Android mobile app CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode ...) NOT-FOR-US: Lenovo CVE-2017-3774 (A stack overflow vulnerability was discovered within the web administr ...) NOT-FOR-US: IBM CVE-2017-3773 REJECTED CVE-2017-3772 RESERVED CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and ThinkC ...) NOT-FOR-US: Lenovo CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...) NOT-FOR-US: Lenovo LXCA CVE-2017-3769 RESERVED CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could cause a d ...) NOT-FOR-US: IBM System x / IMM2 CVE-2017-3767 (A local privilege escalation vulnerability was identified in the Realt ...) NOT-FOR-US: Lenovo CVE-2017-3766 RESERVED CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and IBM Rac ...) NOT-FOR-US: IBM RackSwitch and BladeCenter products CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...) NOT-FOR-US: Lenovo XClarity Administrator CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file sys ...) NOT-FOR-US: Lenovo LXCA CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01. ...) NOT-FOR-US: Lenovo Fingerprint Manager Pro CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...) NOT-FOR-US: Lenovo CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of nonsecu ...) NOT-FOR-US: Lenovo CVE-2017-3759 (The Lenovo Service Framework Android application accepts some response ...) NOT-FOR-US: Lenovo CVE-2017-3758 (Improper access controls on several Android components in the Lenovo S ...) NOT-FOR-US: Lenovo CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver fo ...) NOT-FOR-US: Lenovo CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active P ...) NOT-FOR-US: Lenovo CVE-2017-3755 RESERVED CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections prope ...) NOT-FOR-US: Lenovo CVE-2017-3753 (A vulnerability has been identified in some Lenovo products that use U ...) NOT-FOR-US: Lenovo CVE-2017-3752 (An industry-wide vulnerability has been identified in the implementati ...) NOT-FOR-US: Lenovo CVE-2017-3751 (An unquoted service path vulnerability was identified in the driver fo ...) NOT-FOR-US: driver for the ThinkPad Compact USB Keyboard with TrackPoint CVE-2017-3750 (On Lenovo VIBE mobile phones, the Lenovo Security Android application ...) NOT-FOR-US: Lenovo CVE-2017-3749 (On Lenovo VIBE mobile phones, the Idea Friend Android application allo ...) NOT-FOR-US: Lenovo CVE-2017-3748 (On Lenovo VIBE mobile phones, improper access controls on the nac_serv ...) NOT-FOR-US: Lenovo CVE-2017-3747 (Privilege escalation vulnerability in Lenovo Nerve Center for Windows ...) NOT-FOR-US: Lenovo CVE-2017-3746 (ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, var ...) NOT-FOR-US: Lenovo CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data ...) NOT-FOR-US: Lenovo CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands issue ...) NOT-FOR-US: Lenovo CVE-2017-3743 (If multiple users are concurrently logged into a single system where o ...) NOT-FOR-US: Lenovo CVE-2017-3742 (In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4. ...) NOT-FOR-US: Lenovo CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user ...) NOT-FOR-US: Lenovo CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with ...) NOT-FOR-US: Lenovo CVE-2017-3739 REJECTED CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication procedu ...) {DSA-4065-1} - openssl 1.1.0h-1 (low) [stretch] - openssl 1.1.0f-3+deb9u2 [jessie] - openssl (Vulnerable code not present) [wheezy] - openssl (Vulnerable code not present) - openssl1.0 1.0.2n-1 (low) NOTE: https://www.openssl.org/news/secadv/20171207.txt NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76 CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error stat ...) {DSA-4065-1} - openssl 1.1.0b-2 [jessie] - openssl (Issue introduced in 1.0.2b) [wheezy] - openssl (Issue introduced in 1.0.2b) - openssl1.0 1.0.2n-1 NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0 NOTE: thus mark as fixed in the first 1.1.0 version which entered unstable. NOTE: https://www.openssl.org/news/secadv/20171207.txt NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc NOTE: 1.0.2b introduced a hardening mechanism designed to protect against bugs NOTE: in application code. This CVE applies to the hardening mechanism being NOTE: incomplete. OpenSSL versions older than 1.0.2b don't have the hardening NOTE: mechanism at all. NOTE: Hardening mechanism introduced in: NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...) {DSA-4017-1} - openssl 1.1.0g-1 [stretch] - openssl 1.1.0f-3+deb9u1 [jessie] - openssl (Vulnerable code not present) [wheezy] - openssl (Vulnerable code not present) - openssl1.0 1.0.2m-1 NOTE: https://www.openssl.org/news/secadv/20171102.txt NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) {DSA-4018-1 DSA-4017-1 DLA-1157-1} - openssl 1.1.0g-1 - openssl1.0 1.0.2m-1 NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822 CVE-2017-3734 REJECTED CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...) - openssl 1.1.0e-1 [jessie] - openssl (Only affects 1.1) [wheezy] - openssl (Only affects 1.1) - openssl1.0 (Only affects 1.1) NOTE: https://www.openssl.org/news/secadv/20170216.txt CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...) - openssl 1.1.0d-1 [jessie] - openssl (Only affects 1.0.2 and 1.1.0) [wheezy] - openssl (Only affects 1.0.2 and 1.1.0) - openssl1.0 1.0.2k-1 NOTE: https://www.openssl.org/news/secadv/20170126.txt CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a spec ...) {DSA-3773-1 DLA-814-1} - openssl 1.1.0d-1 - openssl1.0 1.0.2k-1 NOTE: https://www.openssl.org/news/secadv/20170126.txt NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9 NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0 NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21 CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad par ...) - openssl 1.1.0d-1 [jessie] - openssl (Only affects OpenSSL 1.1) [wheezy] - openssl (Only affects OpenSSL 1.1) - openssl1.0 (Only affects OpenSSL 1.1) NOTE: https://www.openssl.org/news/secadv/20170126.txt CVE-2016-9999 RESERVED CVE-2016-9996 REJECTED CVE-2016-9995 REJECTED CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...) NOT-FOR-US: IBM CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authentic ...) NOT-FOR-US: IBM CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) NOT-FOR-US: IBM CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) NOT-FOR-US: IBM CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerabili ...) NOT-FOR-US: IBM CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an a ...) NOT-FOR-US: IBM CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...) NOT-FOR-US: IBM CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...) NOT-FOR-US: IBM CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2016-9974 RESERVED CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...) NOT-FOR-US: IBM CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensiti ...) NOT-FOR-US: IBM CVE-2016-9971 RESERVED CVE-2016-9970 RESERVED CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux.) - libwebp 0.5.2-1 [jessie] - libwebp (Vulnerable code not present; introduced later) NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=322 NOTE: https://chromium.googlesource.com/webm/libwebp/+/5ab6d9de1fb690dc20a27e5120e4d976b96502aa CVE-2016-9968 RESERVED CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...) NOT-FOR-US: Samsung CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the Teleco ...) NOT-FOR-US: Samsung CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Teleco ...) NOT-FOR-US: Samsung CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ptra ...) - docker.io 1.13.1~ds1-2 (bug #850952) - runc 0.1.1+dfsg1-2 (bug #850951) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568 NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6 NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5 CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular E ...) - chicken 4.12.0-0.2 (low; bug #851278) [stretch] - chicken (Minor issue) [jessie] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/18 NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1 NOTE: For chicken vulnerable code in ./irregex-core.scm CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...) - curl (Windows CE specific issue) NOTE: https://curl.haxx.se/docs/adv_20161221C.html CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...) - curl (Windows CE specific issue) NOTE: https://curl.haxx.se/docs/adv_20161221B.html CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" scr ...) NOT-FOR-US: dotCMS CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in dotCM ...) NOT-FOR-US: dotCMS CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...) - libowasp-antisamy-java 1.7.4-1 (bug #1014981) [bookworm] - libowasp-antisamy-java (Minor issue) [bullseye] - libowasp-antisamy-java (Minor issue) [buster] - libowasp-antisamy-java (Minor issue) [stretch] - libowasp-antisamy-java (Minor issue) NOTE: https://github.com/nahsra/antisamy/issues/2 CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...) NOT-FOR-US: SAP CVE-2016-10004 RESERVED CVE-2016-10001 RESERVED CVE-2016-10000 RESERVED CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain p ...) {DSA-3847-1 DLA-783-1} - xen 4.8.0-1 (bug #848713) NOTE: https://xenbits.xen.org/xsa/advisory-204.html CVE-2016-10012 (The shared memory manager (associated with pre-authentication compress ...) {DLA-1500-1} - openssh 1:7.4p1-1 (low; bug #848717) [wheezy] - openssh (Minor issue) NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20 CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...) {DLA-1500-1} - openssh 1:7.4p1-1 (low; bug #848716) [wheezy] - openssh (Minor issue) NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122 CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not used, cre ...) - openssh 1:7.4p1-1 (unimportant; bug #848715) NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189 NOTE: Privilege separation is enabled in the Debian package CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...) {DLA-1500-1} - openssh 1:7.4p1-1 (low; bug #848714) [wheezy] - openssh (Minor issue) NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215 CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...) {DLA-760-1} - spip 3.1.4-2 (bug #848641) [jessie] - spip 3.0.17-2+deb8u3 NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...) {DLA-760-1} - spip 3.1.4-2 (bug #848641) [jessie] - spip 3.0.17-2+deb8u3 NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 CVE-2015-8980 (The plural form formula in ngettext family of calls in php-gettext bef ...) - php-gettext 1.0.12-0.1 (bug #851770) [jessie] - php-gettext (Minor issue) [wheezy] - php-gettext (Minor issue) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: For phpmyadmin, unimportant, since embeds lib but does not use in exploitable way NOTE: http://seclists.org/fulldisclosure/2016/Aug/76 NOTE: Upstream patch: https://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/61 CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext function i ...) {DSA-3749-1 DLA-755-1} - dcmtk 3.6.1~20160216-2 (bug #848830) NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76 NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/2 CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 t ...) - squid3 3.5.23-1 (bug #848491) [jessie] - squid3 (Does not affect Squid versions before 3.5.0.1) [wheezy] - squid3 (Does not affect Squid versions before 3.5.0.1) NOTE: Marked as not-affected, vulnerable vulnerability not present due to NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22) NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only) NOTE: Vulnerable Squid Versions: NOTE: 3.5.0.1 up to and including 3.5.22 NOTE: 4.0.1 up to and including 4.0.16 NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1 CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...) {DSA-3745-1 DLA-763-1} - squid3 3.5.23-1 (bug #848493) NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169 NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch NOTE: Vulnerable squid versions: NOTE: 3.1.10 up to and including 3.1.23 NOTE: 3.2.0.3 up to and including 3.5.22 NOTE: 4.0.1 up to and including 4.0.16 NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1 CVE-2016-582384 REJECTED CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...) {DSA-3743-1 DLA-761-1} - python-bottle 0.12.11-1 (bug #848392) NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913 NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54 CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private ...) {DSA-3747-1 DLA-762-1} - exim4 4.88~RC6-2 NOTE: https://bugs.exim.org/show_bug.cgi?id=1996 NOTE: https://www.openwall.com/lists/oss-security/2016/12/16/1 NOTE: https://exim.org/static/doc/CVE-2016-9963.txt CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values.) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1.) {DSA-3735-1 DLA-750-1} - game-music-emu 0.6.0-4 (bug #848071) NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...) {DSA-3742-1} - flightgear 1:2016.4.3+dfsg-1 (bug #848114) NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/11 CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...) NOT-FOR-US: Apport CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...) NOT-FOR-US: Apport CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...) NOT-FOR-US: Apport CVE-2016-9948 RESERVED CVE-2016-9947 RESERVED CVE-2016-9946 RESERVED CVE-2016-9945 RESERVED CVE-2016-9944 RESERVED CVE-2016-9943 RESERVED CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...) {DSA-3753-1 DLA-1979-1 DLA-777-1} - libvncserver 0.9.11+dfsg-1 (bug #850008) - italc 1:3.0.2+dfsg1-1 - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/pull/137 NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...) {DSA-3753-1 DLA-1979-1 DLA-777-1} - libvncserver 0.9.11+dfsg-1 (bug #850007) - italc 1:3.0.2+dfsg1-1 - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/pull/137 NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2 CVE-2016-9940 RESERVED CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...) {DLA-1298-1} - simplesamlphp 1.14.11-1 (low) [jessie] - simplesamlphp (Minor issue) NOTE: https://simplesamlphp.org/security/201612-02 NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205 NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/7 CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...) {DSA-3748-1 DLA-766-1} - libcrypto++ 5.6.4-5 (bug #848009) NOTE: https://github.com/weidai11/cryptopp/issues/346 CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows l ...) {DSA-3847-1 DLA-964-1} - xen 4.8.0~rc3-1 (bug #848081) NOTE: https://xenbits.xen.org/xsa/advisory-200.html CVE-2016-9931 RESERVED CVE-2016-9930 RESERVED CVE-2016-9929 RESERVED CVE-2016-9927 RESERVED CVE-2016-9926 RESERVED CVE-2016-9925 RESERVED CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers ...) NOT-FOR-US: Zimbra CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...) - php7.0 7.0.14-1 NOTE: Fixed in PHP 7.0.14 and 7.1.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978 NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17 NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...) {DSA-3737-1 DLA-818-1} - php7.0 7.0.14-1 - php5 NOTE: Fixed in PHP 5.6.29 and 7.0.14 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631 NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0 NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...) {DSA-3732-1 DLA-818-1} - php7.0 7.0.13-1 - php5 NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331 NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...) {DSA-3751-1 DSA-3732-1 DLA-758-1} - libgd2 2.2.2-29-g3c2b605-1 (bug #849038) NOTE: This problem could be seen as a programmer fault but the fix is easy and NOTE: the effect is rather dramatic so it should be fixed anyway. NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2) NOTE: Scope of CVE is only the missing "color < 0" test in older versions. NOTE: GD release info: https://libgd.github.io/release-2.2.2.html - php7.0 7.0.13-1 (unimportant) - php5 (unimportant) NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696 NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...) - asterisk (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1) NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending NOTE: function. Thus Debian was never vulnerable. NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html NOTE: Cf. https://bugs.debian.org/847666 CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 1 ...) - asterisk 1:13.13.1~dfsg-1 (bug #847668) [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u2 [wheezy] - asterisk (Minor issue) NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html NOTE: Only applicable if a proxy is in use. CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is vuln ...) - qemu 1:2.8+dfsg-1 (bug #847957) [jessie] - qemu (Minor issue; too complex to backport) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480 (v2.8.0-rc0) CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Qu ...) {DLA-1497-1 DLA-765-1 DLA-764-1} - qemu 1:2.8+dfsg-1 (bug #847960) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) NOTE: CVE for the "blit pitch values" issue. NOTE: Should be fixed along with CVE-2014-8106 CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator sup ...) {DLA-1497-1 DLA-765-1 DLA-764-1} - qemu 1:2.8+dfsg-1 (bug #847960) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue. CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html NOTE: Crash in btmon CLI tool, no security impact CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in hcidump CLI tool, no security impact CVE-2016-9906 REJECTED CVE-2016-9905 (A potentially exploitable crash in "EnumerateSubDocuments" while addin ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox (Only affects Firefox 45 ESR series) - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905 CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to determine ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904 CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ...) - firefox 50.1.0-1 - firefox-esr (Only affects Firefox 50.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903 CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events fired fr ...) {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902 CVE-2016-9901 (HTML tags received from the Pocket server will be processed without sa ...) {DSA-3734-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901 CVE-2016-9900 (External resources that should be blocked when loaded by SVG images ca ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900 CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio elemen ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899 CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when manipul ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898 CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash during ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897 CVE-2016-9896 (Use-after-free while manipulating the "navigator" object within WebVR. ...) - firefox 50.1.0-1 - firefox-esr (Only affects Firefox 50.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896 CVE-2016-9895 (Event handlers on "marquee" elements were executed despite a strict Co ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895 CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ...) - firefox 50.1.0-1 - firefox-esr (Only affects Firefox 50.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894 CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ...) {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} - firefox 50.1.0-1 - firefox-esr 45.6.0esr-1 - icedove 1:45.6.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893 CVE-2017-3729 RESERVED CVE-2017-3728 RESERVED CVE-2017-3727 RESERVED CVE-2017-3726 RESERVED CVE-2017-3725 RESERVED CVE-2017-3724 RESERVED CVE-2017-3723 RESERVED CVE-2017-3722 RESERVED CVE-2017-3721 RESERVED CVE-2017-3720 RESERVED CVE-2017-3719 RESERVED CVE-2017-3718 (Improper setting of device configuration in system firmware for Intel( ...) NOT-FOR-US: Intel CVE-2017-3717 RESERVED CVE-2017-3716 RESERVED CVE-2017-3715 RESERVED CVE-2017-3714 RESERVED CVE-2017-3713 RESERVED CVE-2017-3712 RESERVED CVE-2017-3711 RESERVED CVE-2017-3710 RESERVED CVE-2017-3709 RESERVED CVE-2017-3708 RESERVED CVE-2017-3707 RESERVED CVE-2017-3706 RESERVED CVE-2017-3705 RESERVED CVE-2017-3704 RESERVED CVE-2017-3703 RESERVED CVE-2017-3702 RESERVED CVE-2017-3701 RESERVED CVE-2017-3700 RESERVED CVE-2017-3699 RESERVED CVE-2017-3698 RESERVED CVE-2017-3697 RESERVED CVE-2017-3696 RESERVED CVE-2017-3695 RESERVED CVE-2017-3694 RESERVED CVE-2017-3693 RESERVED CVE-2017-3692 RESERVED CVE-2017-3691 RESERVED CVE-2017-3690 RESERVED CVE-2017-3689 RESERVED CVE-2017-3688 RESERVED CVE-2017-3687 RESERVED CVE-2017-3686 RESERVED CVE-2017-3685 RESERVED CVE-2017-3684 RESERVED CVE-2017-3683 RESERVED CVE-2017-3682 RESERVED CVE-2017-3681 RESERVED CVE-2017-3680 RESERVED CVE-2017-3679 RESERVED CVE-2017-3678 RESERVED CVE-2017-3677 RESERVED CVE-2017-3676 RESERVED CVE-2017-3675 RESERVED CVE-2017-3674 RESERVED CVE-2017-3673 RESERVED CVE-2017-3672 RESERVED CVE-2017-3671 RESERVED CVE-2017-3670 RESERVED CVE-2017-3669 RESERVED CVE-2017-3668 RESERVED CVE-2017-3667 RESERVED CVE-2017-3666 RESERVED CVE-2017-3665 RESERVED CVE-2017-3664 RESERVED CVE-2017-3663 RESERVED CVE-2017-3662 RESERVED CVE-2017-3661 RESERVED CVE-2017-3660 RESERVED CVE-2017-3659 RESERVED CVE-2017-3658 RESERVED CVE-2017-3657 RESERVED CVE-2017-3656 RESERVED CVE-2017-3655 RESERVED CVE-2017-3654 RESERVED CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.26-1 - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3652 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3922-1 DLA-1043-1} - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3651 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3922-1 DLA-1043-1} - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3650 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3649 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3648 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3922-1 DLA-1043-1} - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3647 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3646 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3645 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3643 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3642 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.26-1 - mariadb-10.0 - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3640 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3639 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3638 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3637 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.26-1 - mariadb-10.0 - mysql-5.7 (Only affects MySQL 5.5 and 5.6) - mysql-5.5 (bug #868788) CVE-2017-3635 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) {DSA-3922-1 DLA-1043-1} - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (bug #868788) CVE-2017-3634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3633 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3632 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle Solaris CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3628 RESERVED CVE-2017-3627 RESERVED CVE-2017-3626 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Only affects 3.x) CVE-2017-3625 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2017-3624 RESERVED CVE-2017-3623 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3622 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3621 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Solaris CVE-2017-3620 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3619 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3618 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3617 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3616 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3615 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3614 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3613 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3612 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3611 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3610 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3609 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3608 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3607 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3606 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3605 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3604 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2017-3603 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3602 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mariadb-10.1 (Fixed before initial upload to Debian) - mariadb-10.0 10.0.28-1 [jessie] - mariadb-10.0 10.0.28-0+deb8u1 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/ NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1 NOTE: Per MariaDB Security fixed with the following three commits: NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (ONly affects MySQL 5.6 and 5.7) CVE-2017-3598 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3597 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3596 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3595 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3594 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3593 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3592 (Vulnerability in the Oracle Payables component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-3591 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) - mysql-connector-python 2.1.6-1 (bug #861511) [jessie] - mysql-connector-python (Minor issue) [wheezy] - mysql-connector-python (Minor issue, can be fixed along in a future update) CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) {DSA-3857-1 DLA-945-1} - mysql-connector-java 5.1.42-1 CVE-2017-3588 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...) NOT-FOR-US: Oracle CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) {DSA-3857-1 DLA-945-1} - mysql-connector-java 5.1.42-1 CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Solaris CVE-2017-3584 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Solaris CVE-2017-3583 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-3582 (Vulnerability in the Oracle SuperCluster Specific Software component o ...) NOT-FOR-US: Solaris CVE-2017-3581 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3580 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Solaris CVE-2017-3579 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-3578 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Solaris CVE-2017-3577 (Vulnerability in the PeopleSoft Enterprise CS Campus Community compone ...) NOT-FOR-US: Oracle CVE-2017-3576 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3575 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3574 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3573 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3572 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2017-3571 (Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component ...) NOT-FOR-US: Oracle CVE-2017-3570 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2017-3569 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3568 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3567 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) NOT-FOR-US: Oracle CVE-2017-3566 RESERVED CVE-2017-3565 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3564 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3563 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3562 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3560 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3559 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3558 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3557 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3556 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-3555 (Vulnerability in the Oracle iReceivables component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2017-3554 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3553 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2017-3552 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) NOT-FOR-US: Oracle CVE-2017-3551 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3550 (Vulnerability in the Oracle Customer Interaction History component of ...) NOT-FOR-US: Oracle CVE-2017-3549 (Vulnerability in the Oracle Scripting component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3548 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3547 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3546 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3543 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3542 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3541 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3538 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.16-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3537 (Vulnerability in the Oracle Real-Time Scheduler component of Oracle Ut ...) NOT-FOR-US: Oracle CVE-2017-3536 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3535 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3532 (Vulnerability in the Oracle Retail Warehouse Management System compone ...) NOT-FOR-US: Oracle CVE-2017-3531 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3530 (Vulnerability in the Oracle Transportation Manager component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3529 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 (bug #868798) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3528 (Vulnerability in the Oracle Applications Framework component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3525 (Vulnerability in the PeopleSoft Enterprise SCM Service Procurement com ...) NOT-FOR-US: Oracle CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing comp ...) NOT-FOR-US: Oracle CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) {DSA-3840-1 DLA-945-1} - mysql-connector-java 5.1.41-1 NOTE: https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection co ...) NOT-FOR-US: Oracle CVE-2017-3521 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...) NOT-FOR-US: Oracle CVE-2017-3520 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3519 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2017-3518 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...) NOT-FOR-US: Oracle CVE-2017-3517 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-3516 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3515 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2017-3514 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Windows builds only) - openjdk-7 (Windows builds only) NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/95fd1952637b CVE-2017-3513 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.20-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3512 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (MacOSX builds only) - openjdk-7 (MacOSX builds only) NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3858-1 DLA-954-1} - openjdk-8 8u131-b11-1 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3508 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...) NOT-FOR-US: Oracle CVE-2017-3507 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2017-3506 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3505 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3504 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3503 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2017-3502 (Vulnerability in the PeopleSoft Enterprise FIN Receivables component o ...) NOT-FOR-US: Oracle CVE-2017-3501 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) NOT-FOR-US: Oracle CVE-2017-3500 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...) NOT-FOR-US: Oracle CVE-2017-3499 (Vulnerability in the Oracle Social Network component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3498 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3497 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3496 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3495 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-3494 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3493 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3492 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3491 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3490 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3489 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2017-3488 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2017-3487 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2017-3486 (Vulnerability in the SQL*Plus component of Oracle Database Server. Sup ...) NOT-FOR-US: Oracle CVE-2017-3485 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3484 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3483 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) NOT-FOR-US: Oracle CVE-2017-3482 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3481 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3480 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2017-3479 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3478 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3477 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3476 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3475 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3474 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3473 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3472 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3471 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component ...) NOT-FOR-US: Oracle CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...) - mysql-workbench 6.3.10+dfsg-1 (low; bug #861487) [stretch] - mysql-workbench (Minor issue) [jessie] - mysql-workbench (Minor issue) [wheezy] - mysql-workbench (Minor issue) CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3467 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3466 RESERVED CVE-2017-3465 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1 DSA-3834-1 DLA-916-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3459 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3458 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3457 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1 DSA-3834-1 DLA-916-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3454 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1 DSA-3834-1 DLA-916-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 5.6) - mysql-5.5 (Only affects MySQL 5.6) CVE-2017-3451 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) NOT-FOR-US: Oracle CVE-2017-3450 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3449 RESERVED CVE-2017-3448 RESERVED CVE-2017-3447 REJECTED CVE-2017-3446 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3445 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3444 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of ...) NOT-FOR-US: Oracle CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History component of ...) NOT-FOR-US: Oracle CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History component of ...) NOT-FOR-US: Oracle CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3393 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3337 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3331 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle Siebel CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle Siebel CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle Primavera CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) NOT-FOR-US: MySQL Cluster CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) NOT-FOR-US: MySQL Cluster CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) NOT-FOR-US: MySQL Cluster CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 (Only affects MySQL 5.7) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 (Only affects MySQL 5.7) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3315 (Vulnerability in the PeopleSoft Enterprise HCM ePerformance component ...) NOT-FOR-US: Oracle PeopleSoft CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3809-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3311 (Vulnerability in the Application Testing Suite component of Oracle Ent ...) NOT-FOR-US: Oracle CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) NOT-FOR-US: Oracle CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1 DSA-3834-1 DLA-916-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3944-1 DSA-3834-1 DLA-916-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 5.7.18-1 (bug #860547) - mysql-5.5 (bug #860544) CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) NOT-FOR-US: MySQL Enterprise Monitor CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) NOT-FOR-US: MySQL Enterprise Monitor CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3834-1 DLA-916-1} - mysql-5.7 (Fixed before the initial release to Debian) - mysql-5.5 (bug #860544) NOTE: The issue arises because of an improper fix for the issue known under NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in NOTE: opening CVE-2017-3305. NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22 NOTE: https://www.openwall.com/lists/oss-security/2017/03/17/4 CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) - mysql-cluster (bug #833356) CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x bef ...) {DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1} - mariadb-10.1 10.1.23-1 - mariadb-10.0 - mysql-5.7 (Fixed before initial release in Debian) - mysql-5.6 (Fixed before initial release in Debian) - mysql-5.5 (bug #854713; bug #860544) NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93 NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5 NOTE: https://bugs.mysql.com/bug.php?id=70429 NOTE: https://bugs.mysql.com/bug.php?id=63363 NOTE: https://www.openwall.com/lists/oss-security/2017/01/28/1 CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle PeopleSoft CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle PeopleSoft CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle PeopleSoft CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...) NOT-FOR-US: Oracle Commerce CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle PeopleSoft CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.1.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) [wheezy] - virtualbox (DSA 3454) CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 CVE-2017-3288 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...) NOT-FOR-US: Oracle CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...) NOT-FOR-US: Oracle CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) NOT-FOR-US: Oracle CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Solaris CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle Siebel CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle Primavera CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (specific to Oracle Java) CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1} - mariadb-10.2 (bug #884065) - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (Only affects MySQL 5.6 and 5.7) CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 (Only affects MySQL 5.7) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2017-3254 (Vulnerability in the Oracle Retail Invoice Matching component of Oracl ...) NOT-FOR-US: Oracle CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 (Only affects MySQL 5.7) - mysql-5.5 (Only affects MySQL 5.7) CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Vulnerable code not included, see bug #853998) CVE-2017-3246 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 (Only affects MySQL 5.5) - mysql-5.6 (Only affects MySQL 5.5) - mysql-5.5 (bug #851233) CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of Oracle Su ...) NOT-FOR-US: Solaris CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) - glassfish (Only affects 3.x) CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-3770-1 DSA-3767-1 DLA-797-1} - mariadb-10.1 10.1.21-1 (bug #851759) - mariadb-10.0 (bug #851755) - mysql-5.7 5.7.17-1 (bug #851235) - mysql-5.6 5.6.35-1 (bug #851234) - mysql-5.5 (bug #851233) CVE-2017-3237 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2017-3234 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3233 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3232 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) NOT-FOR-US: Oracle CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-3782-1 DLA-821-1} - openjdk-8 8u121-b13-1 [experimental] - openjdk-7 7u121-2.6.8-2 - openjdk-7 - openjdk-6 [wheezy] - openjdk-6 CVE-2017-3230 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...) NOT-FOR-US: Oracle CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before 6 ...) NOT-FOR-US: ESET CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and admin/ ...) - dotclear CVE-2016-9890 RESERVED CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...) - tikiwiki CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...) {DLA-2183-1 DLA-740-1} - libgsf 1.14.41-1 NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5 CVE-2016-9887 RESERVED CVE-2016-9886 REJECTED CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prio ...) NOT-FOR-US: Pivotal GemFire for PCF CVE-2016-9884 REJECTED CVE-2016-9883 REJECTED CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) NOT-FOR-US: Cloud Foundry Foundation cf-release CVE-2016-9881 REJECTED CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x befo ...) NOT-FOR-US: Cloud Foundry CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1. ...) - libspring-security-java (bug #582181) NOTE: https://pivotal.io/security/cve-2016-9879 CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...) {DLA-1853-1} - libspring-java 4.3.5-1 (bug #849167) [wheezy] - libspring-java (Minor issue) NOTE: https://pivotal.io/security/cve-2016-9878 NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch) NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch) NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch) NOTE: https://jira.spring.io/browse/SPR-14946 CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...) {DSA-3761-1} - rabbitmq-server 3.6.6-1 (bug #849849) [wheezy] - rabbitmq-server (Vulnerable code introduced later) NOTE: https://pivotal.io/security/cve-2016-9877 NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96 NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98 CVE-2016-9876 REJECTED CVE-2016-9875 REJECTED CVE-2016-9874 REJECTED CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a ...) NOT-FOR-US: EMC Documentum CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Re ...) NOT-FOR-US: EMC Documentum CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isil ...) NOT-FOR-US: EMC Isilon CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isil ...) NOT-FOR-US: EMC CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorr ...) NOT-FOR-US: EMC ScaleIO CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...) NOT-FOR-US: EMC ScaleIO CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...) NOT-FOR-US: EMC ScaleIO CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through ...) - linux 4.8.15-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851 NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8) CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...) - qemu 1:2.8+dfsg-1 (bug #847391) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/12 CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...) {DLA-1497-1} - qemu 1:2.8+dfsg-1 (bug #847496) [wheezy] - qemu (Minor issue, virtfs-proxy-helper not present) - qemu-kvm [wheezy] - qemu-kvm (Minor issue, virtfs-proxy-helper not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2) NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0) NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...) {DLA-1497-1} - qemu 1:2.8+dfsg-1 (bug #847496) [wheezy] - qemu (handle driver not included during compilation) - qemu-kvm [wheezy] - qemu-kvm (handle driver not included during compilation) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2) NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0) NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ...) {DLA-1497-1} - qemu 1:2.8+dfsg-1 (bug #847496) [wheezy] - qemu (proxy and handle drivers not included during compilation) - qemu-kvm [wheezy] - qemu-kvm (proxy and handle drivers not included during compilation) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2) NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented: NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...) - qemu 1:2.8+dfsg-1 (bug #847496) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2) NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...) {DLA-1497-1 DLA-765-1 DLA-764-1} - qemu 1:2.8+dfsg-1 (bug #847951) - qemu-kvm NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0) NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/10 CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...) {DLA-1497-1} - qemu 1:2.8+dfsg-1 (bug #847953) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm [wheezy] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/3 NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776 CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...) - qemu 1:2.8+dfsg-1 (bug #847400) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/2 CVE-2017-3229 REJECTED CVE-2017-3228 REJECTED CVE-2017-3227 RESERVED CVE-2017-3226 (Das U-Boot is a device bootloader that can read its configuration from ...) - u-boot (unimportant) [wheezy] - u-boot (Vulnerable code do not exist) NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove NOTE: it in future versions. NOTE: https://www.kb.cert.org/vuls/id/166743 NOTE: Negligible security impact CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration from ...) - u-boot (unimportant) [wheezy] - u-boot (Vulnerable code do not exist) NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove NOTE: it in future versions. NOTE: https://www.kb.cert.org/vuls/id/166743 NOTE: Negligible security impact CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may improperl ...) - quagga (low; bug #871617) [buster] - quagga (Minor issue) [stretch] - quagga (Minor issue) [jessie] - quagga (Minor issue) [wheezy] - quagga (Minor issue) - frr (Fixed before initial upload to Debian) NOTE: http://www.kb.cert.org/vuls/id/793496 NOTE: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681 CVE-2017-3223 (Dahua IP camera products using firmware versions prior to V2.400.0000. ...) NOT-FOR-US: Dahua IP camera products CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...) NOT-FOR-US: AmosConnect CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...) NOT-FOR-US: AmosConnect CVE-2017-3220 RESERVED CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 perform ...) NOT-FOR-US: Acronis True Image CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS soft ...) NOT-FOR-US: Samsung CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text me ...) NOT-FOR-US: CalAmp LMU 3030 series OBD-II CDMA and GSM devices CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom htt ...) NOT-FOR-US: WiMAX routers CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens wi ...) NOT-FOR-US: Milwaukee ONE-KEY Android mobile application CVE-2017-3214 (The Milwaukee ONE-KEY Android mobile application stores the master tok ...) NOT-FOR-US: Milwaukee ONE-KEY Android mobile application CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...) NOT-FOR-US: Think Mutual Bank Mobile Banking app CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...) NOT-FOR-US: Space Coast Credit Union Mobile app CVE-2017-3211 (Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks ...) NOT-FOR-US: Yopify (e-commerce notification plugin) CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 t ...) NOT-FOR-US: Portrait Display SDK CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its o ...) NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by M ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3206 (The Java implementation of AMF3 deserializers used by Flamingo amf-ser ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3205 RESERVED CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host keys ...) - golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (bug #859655) [jessie] - golang-go.crypto (In jessie no rdeps using SSH, that version doesn't even support host key validation) NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 NOTE: https://github.com/golang/go/issues/19767 CVE-2017-3203 (The Java implementations of AMF3 deserializers in Pivotal/Spring Sprin ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3202 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3201 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS, versi ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deseriali ...) NOT-FOR-US: AMF3 deserialisers CVE-2017-3198 (GIGABYTE BRIX UEFI firmware does not cryptographically validate images ...) NOT-FOR-US: GIGABYTE CVE-2017-3197 (GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB- ...) NOT-FOR-US: GIGABYTE CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, allowin ...) NOT-FOR-US: PCAUSA Rawether CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or ...) NOT-FOR-US: Commvault Edge Communication Service CVE-2017-3194 (Pandora iOS app prior to version 8.3.2 fails to properly validate SSL ...) NOT-FOR-US: Pandora iOS app CVE-2017-3193 (Multiple D-Link devices including the DIR-850L firmware versions 1.14B ...) NOT-FOR-US: D-Link CVE-2017-3192 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...) NOT-FOR-US: D-Link CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...) NOT-FOR-US: D-Link CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for i ...) NOT-FOR-US: Flash Seats Mobile App CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...) NOT-FOR-US: dotCMS CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...) NOT-FOR-US: dotCMS CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier, are vulne ...) NOT-FOR-US: dotCMS CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware versio ...) NOT-FOR-US: ACTi cameras CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware versio ...) NOT-FOR-US: ACTi cameras CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware versio ...) NOT-FOR-US: ACTi cameras CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database acce ...) NOT-FOR-US: Sage XRT Treasury CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail t ...) NOT-FOR-US: ThreatMetrix SDK CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified SQL-injectio ...) NOT-FOR-US: TIBCO CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site s ...) NOT-FOR-US: TIBCO CVE-2017-3179 REJECTED CVE-2017-3178 REJECTED CVE-2017-3177 REJECTED CVE-2017-3176 REJECTED CVE-2017-3175 REJECTED CVE-2017-3174 REJECTED CVE-2017-3173 REJECTED CVE-2017-3172 REJECTED CVE-2017-3171 REJECTED CVE-2017-3170 REJECTED CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-3168 REJECTED CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ...) {DSA-3896-1 DLA-1009-1} - apache2 2.4.25-4 CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-al ...) - hadoop (bug #793644) CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cro ...) NOT-FOR-US: Apache Brooklyn CVE-2017-3164 (Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...) - lucene-solr (unimportant; bug #922242) NOTE: https://issues.apache.org/jira/browse/SOLR-12770 CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull i ...) {DSA-4124-1 DLA-1046-1} - lucene-solr 3.6.2+dfsg-11 (bug #867712) NOTE: https://issues.apache.org/jira/browse/SOLR-10031 NOTE: https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the HDF ...) - hadoop (bug #793644) CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross ...) - hadoop (bug #793644) CVE-2017-3160 (After the Android platform is added to Cordova the first time, or afte ...) NOT-FOR-US: Apache Cordova CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...) NOT-FOR-US: Apache Camel CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 th ...) - guacamole-client (bug #891798) [stretch] - guacamole-client (Minor issue) [jessie] - guacamole-client (Minor issue) - guacamole [wheezy] - guacamole (Version not vulnerable) CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...) {DSA-3792-1 DLA-910-1} - libreoffice 1:5.2.3-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ CVE-2017-3156 (The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3. ...) NOT-FOR-US: Apache CXF CVE-2017-3155 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) NOT-FOR-US: Apache Atlas CVE-2017-3154 (Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0- ...) NOT-FOR-US: Apache Atlas CVE-2017-3153 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) NOT-FOR-US: Apache Atlas CVE-2017-3152 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) NOT-FOR-US: Apache Atlas CVE-2017-3151 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) NOT-FOR-US: Apache Atlas CVE-2017-3150 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookie ...) NOT-FOR-US: Apache Atlas CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...) {DLA-737-1} - roundcube 1.2.3+dfsg.1-1 (bug #847287) NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1 NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote attack ...) - html5lib 0.999999999-1 [jessie] - html5lib (Minor issue) [wheezy] - html5lib (Minor issue) NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5 CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...) - html5lib 0.999999999-1 [jessie] - html5lib (Minor issue) [wheezy] - html5lib (Minor issue) NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5 CVE-2017-3149 REJECTED CVE-2017-3148 REJECTED CVE-2017-3147 REJECTED CVE-2017-3146 REJECTED CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream recursio ...) {DSA-4089-1 DLA-1255-1} - bind9 1:9.11.2.P1-1 NOTE: https://kb.isc.org/article/AA-01542 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d NOTE: Fixed by (9.10.6-P1): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=55baf7d7e25c0e6444cb7e415f14d9e0819b5508 CVE-2017-3144 (A vulnerability stemming from failure to properly clean up closed OMAP ...) {DSA-4133-1} - isc-dhcp 4.3.5-3.1 (bug #887413) [wheezy] - isc-dhcp (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767 NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894 NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3 CVE-2017-3143 (An attacker who is able to send and receive messages to an authoritati ...) {DSA-3904-1 DLA-1025-1} - bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564) NOTE: https://kb.isc.org/article/AA-01503 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 CVE-2017-3142 (An attacker who is able to send and receive messages to an authoritati ...) {DSA-3904-1 DLA-1025-1} - bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564) NOTE: https://kb.isc.org/article/AA-01504 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 CVE-2017-3141 (The BIND installer on Windows uses an unquoted service path which can ...) - bind9 (Affects only Windows systems) NOTE: https://kb.isc.org/article/AA-01496 CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an error pro ...) - bind9 (Upstream change #4377 not backported/included) NOTE: https://kb.isc.org/article/AA-01495 NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7 NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7 NOTE: CVE-2017-3140 is introduced by the upstream change #4377 NOTE: https://www.openwall.com/lists/oss-security/2017/06/14/4 CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...) - bind9 (RHEL6 specific) CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...) {DSA-3854-1 DLA-957-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226) NOTE: https://kb.isc.org/article/AA-01471 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610 NOTE: In practice for any Debian version applying this commit is merely NOTE: hardening, since the feature to allow only a subset of "read only" NOTE: commands was added only in 9.11.0 and before existing commands permitted NOTE: over the control channel were already be given to cause the server to stop. NOTE: The CVE-2017-3138 is barely an issue in practice anyway. CVE-2017-3137 (Mistaken assumptions about the ordering of records in the answer secti ...) {DSA-3854-1 DLA-957-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225) NOTE: https://kb.isc.org/article/AA-01466 NOTE: Additional information for backporting patch: https://www.openwall.com/lists/oss-security/2017/04/17/5 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation) NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix) CVE-2017-3136 (A query with a specific set of characteristics could cause a server us ...) {DSA-3854-1 DLA-957-1} - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224) NOTE: https://kb.isc.org/article/AA-01465 NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a CVE-2017-3135 (Under some conditions when using both DNS64 and RPZ to rewrite query r ...) {DSA-3795-1 DLA-843-1} - bind9 1:9.10.3.dfsg.P4-12 (bug #855520) NOTE: https://kb.isc.org/article/AA-01453 NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434 CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD versi ...) NOT-FOR-US: Fortinet FortiWLC-SD CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4 ...) NOT-FOR-US: Fortinet CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7 ...) NOT-FOR-US: Fortinet FortiWeb CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...) NOT-FOR-US: Fortinet FortiOS CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 throu ...) NOT-FOR-US: Fortinet CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...) NOT-FOR-US: Fortinet FortiAnalyzer CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...) NOT-FOR-US: FortiMail CVE-2017-3124 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3123 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3122 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3121 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3120 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3119 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3118 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3117 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3116 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3115 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3114 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) NOT-FOR-US: Adobe CVE-2017-3113 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3112 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) NOT-FOR-US: Adobe CVE-2017-3111 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) NOT-FOR-US: Adobe CVE-2017-3110 (Adobe Experience Manager 6.1 and earlier has a sensitive data exposure ...) NOT-FOR-US: Adobe CVE-2017-3109 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) NOT-FOR-US: Adobe CVE-2017-3108 (Adobe Experience Manager 6.2 and earlier has a malicious file executio ...) NOT-FOR-US: Adobe CVE-2017-3107 (Adobe Experience Manager 6.3 and earlier has a misconfiguration vulner ...) NOT-FOR-US: Adobe CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects versio ...) NOT-FOR-US: Adobe CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This af ...) NOT-FOR-US: Adobe CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site scri ...) NOT-FOR-US: Adobe Connect CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site s ...) NOT-FOR-US: Adobe Connect CVE-2017-3101 (Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerabi ...) NOT-FOR-US: Adobe Connect CVE-2017-3100 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3099 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3098 (Adobe Captivate versions 9 and earlier have a remote code execution vu ...) NOT-FOR-US: Adobe CVE-2017-3097 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) NOT-FOR-US: Adobe CVE-2017-3096 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3095 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3094 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3093 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3092 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) NOT-FOR-US: Adobe CVE-2017-3091 (Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier ha ...) NOT-FOR-US: Adobe CVE-2017-3090 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) NOT-FOR-US: Adobe CVE-2017-3089 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3088 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-3087 (Adobe Captivate versions 9 and earlier have an information disclosure ...) NOT-FOR-US: Adobe CVE-2017-3086 (Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable me ...) NOT-FOR-US: Adobe CVE-2017-3085 (Adobe Flash Player versions 26.0.0.137 and earlier have a security byp ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3084 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3083 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3082 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3081 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3080 (Adobe Flash Player versions 26.0.0.131 and earlier have a security byp ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3079 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3078 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3077 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3076 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3075 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an informat ...) NOT-FOR-US: Adobe CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...) NOT-FOR-US: Adobe CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3063 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3062 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3061 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3060 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3059 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3058 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3057 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3056 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3055 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3054 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3053 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3052 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3051 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3050 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3049 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3048 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3047 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3046 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3045 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3044 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3043 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3042 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3041 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3040 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3039 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3038 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3037 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3036 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3035 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3034 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3033 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3032 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3031 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3030 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3029 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3028 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3027 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3026 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3025 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3024 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3023 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3022 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3021 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3020 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3019 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3018 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3017 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3016 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3015 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3014 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3013 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3012 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3011 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...) NOT-FOR-US: Adobe CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the ...) NOT-FOR-US: Adobe Thor CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related ...) NOT-FOR-US: Adobe Thor CVE-2017-3005 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...) NOT-FOR-US: Adobe Photoshop CVE-2017-3004 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...) NOT-FOR-US: Adobe Photoshop CVE-2017-3003 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3002 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3001 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-3000 (Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerabilit ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2999 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2998 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2997 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2989 (Adobe Campaign versions Build 8770 and earlier have an input validatio ...) NOT-FOR-US: Adobe CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2983 (Adobe Shockwave versions 12.2.7.197 and earlier have an insecure libra ...) NOT-FOR-US: Adobe CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) NOT-FOR-US: Adobe CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site ...) NOT-FOR-US: Adobe CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code inject ...) NOT-FOR-US: Adobe CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a security byp ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM ...) NOT-FOR-US: Adobe Acrobat Chrome extension CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash Player CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...) {DLA-734-1} - mapserver 7.0.3-1 [jessie] - mapserver 6.4.1-5+deb8u1 NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html NOTE: https://github.com/mapserver/mapserver/pull/4928 NOTE: https://github.com/mapserver/mapserver/pull/5356 CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.ph ...) NOT-FOR-US: Joomla! CVE-2016-9837 (An issue was discovered in templates/beez3/html/com_content/article/de ...) NOT-FOR-US: Joomla! CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! C ...) NOT-FOR-US: Joomla! CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x b ...) NOT-FOR-US: Zikula CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary clie ...) NOT-FOR-US: Sophos CVE-2016-9833 RESERVED CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...) NOT-FOR-US: ACE-ABAP CVE-2016-9805 RESERVED CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs i ...) NOT-FOR-US: Alcatel-Lucent OmniVista CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client Automat ...) NOT-FOR-US: CA Common Services CVE-2016-9792 REJECTED CVE-2016-9791 REJECTED CVE-2016-9790 REJECTED CVE-2016-9789 REJECTED CVE-2016-9788 REJECTED CVE-2016-9787 REJECTED CVE-2016-9786 REJECTED CVE-2016-9785 REJECTED CVE-2016-9784 REJECTED CVE-2016-9783 REJECTED CVE-2016-9782 REJECTED CVE-2016-9781 REJECTED CVE-2016-9780 REJECTED CVE-2016-9779 REJECTED CVE-2016-9778 (An error in handling certain queries can cause an assertion failure wh ...) - bind9 (Only Supported Preview Edition/Subscription Edition and 9.11.x) NOTE: https://kb.isc.org/article/AA-01442/0 CVE-2016-9771 REJECTED CVE-2016-9770 REJECTED CVE-2016-9769 REJECTED CVE-2016-9768 REJECTED CVE-2016-9767 REJECTED CVE-2016-9766 REJECTED CVE-2016-9765 REJECTED CVE-2016-9764 REJECTED CVE-2016-9763 REJECTED CVE-2016-9762 REJECTED CVE-2016-9761 REJECTED CVE-2016-9760 REJECTED CVE-2016-9759 REJECTED CVE-2016-9758 REJECTED CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user inte ...) NOT-FOR-US: Rapid7 Nexpose CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...) - qemu 1:2.8+dfsg-1 (bug #847382) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...) - qemu 1:2.8+dfsg-1 (bug #847381) [jessie] - qemu (Vulnerable code not present) [wheezy] - qemu (Vulnerable code not present) - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...) {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847275) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) [stretch] - rsync 3.1.2-1+deb9u2 NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...) {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847274) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) [stretch] - rsync 3.1.2-1+deb9u2 NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...) {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-4 (bug #847270) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) [stretch] - rsync 3.1.2-1+deb9u2 NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...) {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847270) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) [stretch] - rsync 3.1.2-1+deb9u2 NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZi ...) {DLA-741-1} - unzip 6.0-21 (bug #847486) [jessie] - unzip 6.0-16+deb8u3 NOTE: https://launchpad.net/bugs/1643750 NOTE: https://www.openwall.com/lists/oss-security/2016/12/05/13 NOTE: Proposed patch in https://www.openwall.com/lists/oss-security/2016/12/05/19 CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...) {DLA-741-1} - unzip 6.0-21 (bug #847485) [jessie] - unzip 6.0-16+deb8u3 NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750 NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash NOTE: in different areas of the unzip codebase) NOTE: https://www.openwall.com/lists/oss-security/2014/11/03/5 CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing] - tiff 4.0.7-2 (unimportant; bug #846838) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619 CVE-2016-9831 (Heap-based buffer overflow in the parseSWF_RGBA function in parser.c i ...) {DLA-799-1} - ming NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows ...) {DSA-3746-1} - graphicsmagick 1.3.25-6 (bug #847055) [wheezy] - graphicsmagick (fix too intrusive, depends on jan 15th magickresources changes) NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc CVE-2016-9829 (Heap-based buffer overflow in the parseSWF_DEFINEFONT function in pars ...) {DLA-799-1} - ming NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c CVE-2016-9828 (The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 ...) {DLA-799-1} - ming NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c CVE-2016-9827 (The _iprintf function in outputtxt.c in the listswf tool in libming 0. ...) {DLA-799-1} - ming NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...) - libav (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c NOTE: https://bugzilla.libav.org/show_bug.cgi?id=985 CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause a de ...) - libav (unimportant) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c NOTE: https://bugzilla.libav.org/show_bug.cgi?id=984 CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remo ...) - libav [jessie] - libav (Minor issue, usan-only no-crash warning, no patch) [wheezy] - libav (Minor issue) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983 CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ca ...) - libav [jessie] - libav (Minor issue, usan-only no-crash warning, no patch) [wheezy] - libav (Minor issue) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982 CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...) {DSA-3833-1 DLA-791-1} - libav NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9) CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...) {DSA-3833-1 DLA-791-1} - libav NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9) CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...) {DLA-791-1} - libav (unimportant) [jessie] - libav (The fixing patches are included in the upstream version) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9) CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause ...) {DLA-791-1} - libav (unimportant) [jessie] - libav (The fixing patches are included in the upstream version) NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980 NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9) CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen (Minor issue) [wheezy] - xen (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen (Minor issue) [wheezy] - xen (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen (Minor issue) [wheezy] - xen (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) - xen 4.8.0-1 [jessie] - xen (Minor issue) [wheezy] - xen (ARM support introduced in 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-201.html NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...) {DLA-1298-1} - simplesamlphp 1.14.10-1 (low) [jessie] - simplesamlphp (Minor issue) NOTE: https://simplesamlphp.org/security/201612-01 NOTE: https://github.com/simplesamlphp/saml2/pull/81 NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c NOTE: only exploitable in hard to achieve conditions NOTE: https://www.openwall.com/lists/oss-security/2016/12/03/5 CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists in the ...) {DSA-3976-1 DLA-1098-1} - freexl 1.0.4-1 (bug #875691) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists in the ...) {DSA-3976-1 DLA-1098-1} - freexl 1.0.4-1 (bug #875690) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the Websocket ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Websocket ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing function ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 CVE-2017-2918 (An exploitable integer overflow exists in the Image loading functional ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: :https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425 CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...) NOT-FOR-US: Circle with Disney CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...) NOT-FOR-US: Circle with Disney CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration function ...) NOT-FOR-US: Circle with Disney CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in the API d ...) NOT-FOR-US: Circle with Disney CVE-2017-2913 (An exploitable vulnerability exists in the filtering functionality of ...) NOT-FOR-US: Circle with Disney CVE-2017-2912 (An exploitable vulnerability exists in the remote control functionalit ...) NOT-FOR-US: Circle with Disney CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...) NOT-FOR-US: Circle with Disney CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...) - r-cran-readxl (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0417 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927234 CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415 CVE-2017-2907 (An exploitable integer overflow exists in the animation playing functi ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414 CVE-2017-2906 (An exploitable integer overflow exists in the animation playing functi ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading functionalit ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412 CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading functio ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411 CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading functionalit ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410 CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading functionalit ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409 CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading functionali ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20 NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408 CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading functionalit ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407 CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading functionali ...) {DSA-4248-1 DLA-1465-1} - blender 2.79.a+dfsg0-1 [wheezy] - blender (Vulnerable but not ignored) NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406 CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of t ...) NOT-FOR-US: Circle with Disney CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the read_MS ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404 CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the xls_mer ...) {DSA-4173-1} - r-cran-readxl 1.0.0-2 (bug #895564) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in the MQTT ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in the MQ ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP server ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer (Vulnerable code not present) [jessie] - smplayer (Vulnerable code not present) [wheezy] - smplayer (Vulnerable code not present) NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...) NOT-FOR-US: Circle with Disney CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...) NOT-FOR-US: Circle with Disney CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...) {DLA-2803-1 DLA-1714-2} - libsdl2 2.0.6+dfsg1-4 (bug #878264) [jessie] - libsdl2 (Minor issue) - libsdl1.2 (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395 NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF propert ...) {DSA-4184-1 DSA-4177-1 DLA-1134-1} - libsdl2-image 2.0.1+dfsg-4 (bug #878266) - sdl-image1.2 1.2.12-7 (bug #878267) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394 NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705 CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) NOT-FOR-US: ACDSee Ultimate CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists in the ...) {DSA-3929-1} - libsoup2.4 2.56.1-1 (bug #871650) [wheezy] - libsoup2.4 (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774 CVE-2017-2884 (An exploitable vulnerability exists in the user photo update functiona ...) NOT-FOR-US: Circle with Disney CVE-2017-2883 (An exploitable vulnerability exists in the database update functionali ...) NOT-FOR-US: Circle with Disney CVE-2017-2882 (An exploitable vulnerability exists in the servers update functionalit ...) NOT-FOR-US: Circle with Disney CVE-2017-2881 (An exploitable vulnerability exists in the torlist update functionalit ...) NOT-FOR-US: Circle with Disney CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing function ...) NOT-FOR-US: Computerinsel Photoline CVE-2017-2879 (An exploitable buffer overflow vulnerability exists in the UPnP implem ...) NOT-FOR-US: Foscam CVE-2017-2878 (An exploitable buffer overflow vulnerability exists in the web managem ...) NOT-FOR-US: Foscam CVE-2017-2877 (A missing error check exists in the Multi-Camera interface used by the ...) NOT-FOR-US: Foscam CVE-2017-2876 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...) NOT-FOR-US: Foscam CVE-2017-2875 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...) NOT-FOR-US: Foscam CVE-2017-2874 (An information disclosure vulnerability exists in the Multi-Camera int ...) NOT-FOR-US: Foscam CVE-2017-2873 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam CVE-2017-2872 (Insufficient security checks exist in the recovery procedure used by t ...) NOT-FOR-US: Foscam CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used by t ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...) {DLA-2043-1} - gdk-pixbuf 2.36.10-1 (unimportant; bug #873787) [stretch] - gdk-pixbuf (Built with GCC in Debian) NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269 NOTE: Built with GCC in Debian, which doesn't remove the check CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2868 (An exploitable code execution vulnerability exists in the NewProducerS ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2867 (An exploitable code execution vulnerability exists in the SavePatientM ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup function ...) NOT-FOR-US: Circle with Disney CVE-2017-2865 (An exploitable vulnerability exists in the firmware update functionali ...) NOT-FOR-US: Circle with Disney CVE-2017-2864 (An exploitable vulnerability exists in the generation of authenticatio ...) NOT-FOR-US: Circle with Disney CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing functio ...) NOT-FOR-US: Iceni Infix CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the gdk_pixbuf__j ...) {DSA-3978-1 DLA-1100-1} - gdk-pixbuf 2.36.10-1 (bug #874552) NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926 NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup en ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2859 REJECTED CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2857 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) NOT-FOR-US: Foscam CVE-2017-2856 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) NOT-FOR-US: Foscam CVE-2017-2855 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) NOT-FOR-US: Foscam CVE-2017-2854 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) NOT-FOR-US: Foscam CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the RequestForPa ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the unseriali ...) NOT-FOR-US: Natus Xltek NeuroWorks CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2849 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2848 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2847 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2846 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2845 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2844 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) NOT-FOR-US: Foscam C1 Indoor HD cameras CVE-2017-2843 (In the web management interface in Foscam C1 Indoor HD Camera running ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera running ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2841 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing functionalit ...) NOT-FOR-US: EZB Systems UltraISO CVE-2017-2839 (An exploitable denial of service vulnerability exists within the handl ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2838 (An exploitable denial of service vulnerability exists within the handl ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2837 (An exploitable denial of service vulnerability exists within the handl ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2836 (An exploitable denial of service vulnerability exists within the readi ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP receive ...) {DSA-3923-1 DLA-1095-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2834 (An exploitable code execution vulnerability exists in the authenticati ...) {DSA-3923-1} - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) [wheezy] - freerdp (vulnerable code not present) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) CVE-2017-2833 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2832 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web managem ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web managem ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web man ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2828 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2827 (An exploitable command injection vulnerability exists in the web manag ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy re ...) - zabbix 1:4.0.0+dfsg-1 (low) [stretch] - zabbix (Minor issue, workaround exists) [jessie] - zabbix (Minor issue, workaround exists) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327 NOTE: Relates to the information disclosure as mentioned in (but is not the same issue) NOTE: https://support.zabbix.com/browse/ZBX-12076 NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration NOTE: using encrypted connections with the proxy. CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...) {DSA-3937-1} - zabbix 1:3.0.7+dfsg-3 (bug #863584) NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/ NOTE: https://support.zabbix.com/browse/ZBX-12076 CVE-2017-2824 (An exploitable code execution vulnerability exists in the trapper comm ...) {DSA-3937-1} - zabbix 1:3.0.7+dfsg-3 (bug #863584) NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/ NOTE: https://support.zabbix.com/browse/ZBX-12075 CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing functionalit ...) NOT-FOR-US: PowerISO CVE-2017-2822 (An exploitable code execution vulnerability exists in the image render ...) NOT-FOR-US: Lexmark CVE-2017-2821 (An exploitable use-after-free exists in the PDF parsing functionality ...) NOT-FOR-US: Lexmark CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) - poppler (unimportant) NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is NOTE: against Ubuntu, which disables openjpeg due to being in universe NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321 CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word Pr ...) NOT-FOR-US: Hancom Thinkfree Office NEO CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image renderi ...) - poppler (unimportant) NOTE: Debian links against libjpeg which is unaffected NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing functi ...) NOT-FOR-US: PowerISO CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) {DLA-1192-1} - libofx 1:0.9.11-4 (bug #875801) [stretch] - libofx 1:0.9.10-2+deb9u1 [jessie] - libofx 1:0.9.10-1+deb8u1 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317 NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d NOTE: https://github.com/libofx/libofx/issues/9 CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire U ...) NOT-FOR-US: OpenFire User Import Export Plugin CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image renderi ...) - poppler (unimportant) NOTE: Debian links against libjpeg which is unaffected NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) NOT-FOR-US: IrfanView CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand funct ...) NOT-FOR-US: Kakadu CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing ...) NOT-FOR-US: Kakadu CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading functional ...) - python-tablib 0.9.11-3 (bug #864818) [stretch] - python-tablib 0.9.11-2+deb8u1 [jessie] - python-tablib 0.9.11-2+deb8u1 NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307 CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...) NOT-FOR-US: Ansible Vault CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account pars ...) - ledger 3.1.2+dfsg1-1 (low; bug #876659) [stretch] - ledger (Minor issue) [jessie] - ledger (Minor issue) [wheezy] - ledger (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304 NOTE: https://github.com/ledger/ledger/issues/1723 NOTE: https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) - ledger 3.1.2+dfsg1-1 (low; bug #876660) [stretch] - ledger (Minor issue) [jessie] - ledger (Minor issue) [wheezy] - ledger (Minor issue) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 NOTE: https://github.com/ledger/ledger/issues/1722 NOTE: https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7 CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...) NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: Foscam C1 Indoor HD Camera CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing f ...) NOT-FOR-US: Core PHOTO-PAINT X8 CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing f ...) NOT-FOR-US: Core PHOTO-PAINT X8 CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the poaService.ex ...) NOT-FOR-US: Dell CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic libr ...) {DSA-3939-1 DLA-915-1} - botan1.10 1.10.16-1 (bug #860072) NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16) NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16 CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of bounds ...) - wolfssl 3.12.0+dfsg-1 (bug #862154) NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/ CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the AddSst func ...) NOT-FOR-US: Antenna House DMC HTMLFilter CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the GetIndexArr ...) NOT-FOR-US: Antenna House DMC HTMLFilter CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ParseEnvironm ...) NOT-FOR-US: Antenna House CVE-2017-2796 RESERVED CVE-2017-2795 (An exploitable heap corruption vulnerability exists in the Txo functio ...) NOT-FOR-US: Antenna House CVE-2017-2794 (An exploitable stack-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: Antenna House CVE-2017-2793 (An exploitable heap corruption vulnerability exists in the UnCompressU ...) NOT-FOR-US: Antenna House CVE-2017-2792 (An exploitable heap corruption vulnerability exists in the iBldDirInfo ...) NOT-FOR-US: Antenna House CVE-2017-2791 (JustSystems Ichitaro 2016 Trial contains a vulnerability that exists w ...) NOT-FOR-US: JustSystems Ichitaro 2016 Trial CVE-2017-2790 (When processing a record type of 0x3c from a Workbook stream from an E ...) NOT-FOR-US: JustSystems Ichitaro Office CVE-2017-2789 (When copying filedata into a buffer, JustSystems Ichitaro Office 2016 ...) NOT-FOR-US: JustSystems Ichitaro Office 2016 Trial CVE-2017-2788 (A buffer overflows exists in the psnotifyd application of the Pharos P ...) NOT-FOR-US: Pharos PopUp Printer Client CVE-2017-2787 (A buffer overflows exists in the psnotifyd application of the Pharos P ...) NOT-FOR-US: Pharos PopUp Printer Client CVE-2017-2786 (A denial of service vulnerability exists in the psnotifyd application ...) NOT-FOR-US: Pharos PopUp Printer Client CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of ...) NOT-FOR-US: Pharos PopUp Printer Client CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the x50 ...) - mbedtls 2.4.2-1 (bug #857560) - polarssl (bug #857561) [jessie] - polarssl 1.3.9-2.1+deb8u2 [wheezy] - polarssl (Vulnerable code not present) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however. CVE-2017-2783 (An exploitable heap corruption vulnerability exists in the FillRowForm ...) NOT-FOR-US: AntennaHouse CVE-2017-2782 (An integer overflow vulnerability exists in the X509 certificate parsi ...) - matrixssl [wheezy] - matrixssl (not supported in Wheezy) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278 CVE-2017-2781 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...) - matrixssl [wheezy] - matrixssl (not supported in Wheezy) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277 CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...) - matrixssl [wheezy] - matrixssl (not supported in Wheezy) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276 CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC segm ...) NOT-FOR-US: Labview CVE-2017-2778 REJECTED CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ipStringCreat ...) NOT-FOR-US: Iceni Argus CVE-2017-2776 REJECTED CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the LvVariant ...) NOT-FOR-US: Labview CVE-2017-2774 REJECTED CVE-2017-2773 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...) NOT-FOR-US: Pivotal PCF Elastic Runtime CVE-2017-2772 REJECTED CVE-2017-2771 REJECTED CVE-2017-2770 REJECTED CVE-2017-2769 REJECTED CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...) NOT-FOR-US: EMC Network Configuration Manager CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...) NOT-FOR-US: EMC Network Configuration Manager CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 ...) NOT-FOR-US: EMC Documentum eRoom CVE-2017-2765 (EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, ...) NOT-FOR-US: EMC Isilon InsightIQ CVE-2017-2764 RESERVED CVE-2017-2763 RESERVED CVE-2017-2762 RESERVED CVE-2017-2761 RESERVED CVE-2017-2760 RESERVED CVE-2017-2759 RESERVED CVE-2017-2758 RESERVED CVE-2017-2757 RESERVED CVE-2017-2756 RESERVED CVE-2017-2755 RESERVED CVE-2017-2754 RESERVED CVE-2017-2753 RESERVED CVE-2017-2752 (A potential security vulnerability caused by incomplete obfuscation of ...) NOT-FOR-US: Tommy Hilfiger TH24/7 Android app CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on certain ...) NOT-FOR-US: firmware on HP notebooks CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential execut ...) NOT-FOR-US: HP printers CVE-2017-2749 RESERVED CVE-2017-2748 (A potential security vulnerability caused by the use of insecure (http ...) NOT-FOR-US: Isaac Mizrahi Smartwatch mobile app CVE-2017-2747 (HP has identified a potential security vulnerability before IG_11_00_0 ...) NOT-FOR-US: HP printers CVE-2017-2746 (Potential security vulnerabilities have been identified with HP JetAdv ...) NOT-FOR-US: HP JetAdvantage Security Manager CVE-2017-2745 (Potential security vulnerabilities have been identified with HP JetAdv ...) NOT-FOR-US: HP JetAdvantage Security Manager CVE-2017-2744 (The vulnerability allows attacker to extract binaries into protected f ...) NOT-FOR-US: HP Support Assistant CVE-2017-2743 (HP has identified a potential security vulnerability with HP Enterpris ...) NOT-FOR-US: HP printers CVE-2017-2742 (A potential security vulnerability has been identified with HP Web Jet ...) NOT-FOR-US: HP Web JetAdmin CVE-2017-2741 (A potential security vulnerability has been identified with HP PageWid ...) NOT-FOR-US: HP printers CVE-2017-2740 (A potential security vulnerability has been identified with the comman ...) NOT-FOR-US: HP ThinPro CVE-2017-2739 (The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 v ...) NOT-FOR-US: Huawei CVE-2017-2738 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...) NOT-FOR-US: Huawei CVE-2017-2737 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...) NOT-FOR-US: Huawei CVE-2017-2736 (VCM5010 with software versions earlier before V100R002C50SPC100 has a ...) NOT-FOR-US: Huawei CVE-2017-2735 (TIT-AL00 smartphones with software versions earlier before TIT-AL00C58 ...) NOT-FOR-US: Huawei CVE-2017-2734 (P9 Plus smartphones with software versions earlier before VIE-AL10BC00 ...) NOT-FOR-US: Huawei CVE-2017-2733 (Honor 6X smartphones with software versions earlier than BLN-AL10C00B3 ...) NOT-FOR-US: Huawei CVE-2017-2732 (Huawei Hilink APP Versions earlier before 5.0.25.306 has an informatio ...) NOT-FOR-US: Huawei CVE-2017-2731 (The vibrator service in P9 Plus smart phones with software versions ea ...) NOT-FOR-US: Huawei CVE-2017-2730 (HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUA ...) NOT-FOR-US: Huawei CVE-2017-2729 (The boot loaders in Honor 5A smart phones with software Versions earli ...) NOT-FOR-US: Huawei CVE-2017-2728 (Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier vers ...) NOT-FOR-US: Huawei CVE-2017-2727 (Huawei P9 smart phones with software versions earlier before EVA-AL00C ...) NOT-FOR-US: Huawei CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) NOT-FOR-US: Huawei CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) NOT-FOR-US: Huawei CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) NOT-FOR-US: Huawei CVE-2017-2723 (The Files APP 7.1.1.308 and earlier versions in some Huawei mobile pho ...) NOT-FOR-US: Huawei CVE-2017-2722 (DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R00 ...) NOT-FOR-US: Huawei CVE-2017-2721 (Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C18 ...) NOT-FOR-US: Huawei CVE-2017-2720 (FusionSphere OpenStack V100R006C00 has an information exposure vulnera ...) NOT-FOR-US: Huawei CVE-2017-2719 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...) NOT-FOR-US: Huawei CVE-2017-2718 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...) NOT-FOR-US: Huawei CVE-2017-2717 (honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L0 ...) NOT-FOR-US: Huawei CVE-2017-2716 (The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 h ...) NOT-FOR-US: Huawei CVE-2017-2715 (The Files APP 7.1.1.309 and earlier versions in some Huawei mobile pho ...) NOT-FOR-US: Huawei CVE-2017-2714 (The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier ve ...) NOT-FOR-US: Huawei CVE-2017-2713 (HUAWEI P9 smartphones with software versions earlier before EVA-L09C43 ...) NOT-FOR-US: Huawei CVE-2017-2712 (S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vu ...) NOT-FOR-US: Huawei CVE-2017-2711 (P9 Plus smartphones with software earlier than VIE-AL10C00B352 version ...) NOT-FOR-US: Huawei CVE-2017-2710 (BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B ...) NOT-FOR-US: Huawei CVE-2017-2709 (HiGame with software earlier than 7.3.0 versions, SkyTone with softwar ...) NOT-FOR-US: Huawei CVE-2017-2708 (The 'Find Phone' function in Nice smartphones with software versions e ...) NOT-FOR-US: Huawei CVE-2017-2707 (Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege esc ...) NOT-FOR-US: Huawei CVE-2017-2706 (Mate 9 smartphones with software MHA-AL00AC00B125 have a directory tra ...) NOT-FOR-US: Huawei CVE-2017-2705 (Huawei P9 smartphones with software versions earlier before EVA-AL10C0 ...) NOT-FOR-US: Huawei CVE-2017-2704 (Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier v ...) NOT-FOR-US: Huawei CVE-2017-2703 (Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earl ...) NOT-FOR-US: Huawei CVE-2017-2702 (Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. ...) NOT-FOR-US: Huawei CVE-2017-2701 (Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vu ...) NOT-FOR-US: Huawei CVE-2017-2700 (AC6005 with software V200R006C10, AC6605 with software V200R006C10 hav ...) NOT-FOR-US: Huawei CVE-2017-2699 (The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versio ...) NOT-FOR-US: Huawei CVE-2017-2698 (The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has bu ...) NOT-FOR-US: Huawei CVE-2017-2697 (The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C4 ...) NOT-FOR-US: Huawei CVE-2017-2696 (The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C ...) NOT-FOR-US: Huawei CVE-2017-2695 (TIT-AL00C583B211 has a directory traversal vulnerability which allows ...) NOT-FOR-US: Huawei CVE-2017-2694 (The AlarmService component in HwVmall with software earlier than 1.5.2 ...) NOT-FOR-US: Huawei CVE-2017-2693 (ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versi ...) NOT-FOR-US: Huawei CVE-2017-2692 (The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L ...) NOT-FOR-US: Huawei CVE-2017-2691 (Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier be ...) NOT-FOR-US: Huawei CVE-2017-2690 (SoftCo with software V200R003C20,eSpace U1910 with software V200R003C0 ...) NOT-FOR-US: Huawei CVE-2017-2689 (Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to ...) NOT-FOR-US: Siemens CVE-2017-2688 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) NOT-FOR-US: Siemens CVE-2017-2687 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the ...) NOT-FOR-US: Siemens CVE-2017-2686 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that co ...) NOT-FOR-US: Siemens CVE-2017-2685 (Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (incl ...) NOT-FOR-US: Siemens CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attack ...) NOT-FOR-US: Siemens CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NMS < V ...) NOT-FOR-US: Siemens CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...) NOT-FOR-US: Siemens CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...) NOT-FOR-US: Siemens CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...) NOT-FOR-US: Siemens CVE-2017-2679 REJECTED CVE-2017-2678 REJECTED CVE-2017-2677 REJECTED CVE-2017-2676 REJECTED CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege ...) NOT-FOR-US: Little Snitch CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored X ...) NOT-FOR-US: Red Hat business central CVE-2017-2673 (An authorization-check flaw was discovered in federation configuration ...) - keystone 2:10.0.0-9 (bug #861189) [jessie] - keystone (Vulnerable code not present) [wheezy] - keystone (Vulnerable code not present) NOTE: https://bugs.launchpad.net/keystone/+bug/1677723 CVE-2017-2672 (A flaw was found in foreman before version 1.15 in the logging of addi ...) - foreman (bug #663101) CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel throug ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 NOTE: https://www.openwall.com/lists/oss-security/2017/03/24/6 NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893 CVE-2017-2670 (It was found in Undertow before 1.3.28 that with non-clean TCP close, ...) {DSA-3906-1} - undertow 1.4.18-1 (bug #864405) NOTE: Fixed by https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d NOTE: https://issues.jboss.org/browse/UNDERTOW-1035 CVE-2017-2669 (Dovecot before version 2.2.29 is vulnerable to a denial of service. Wh ...) - dovecot 1:2.2.27-3 (bug #860049) [jessie] - dovecot (Vulnerable code not present) [wheezy] - dovecot (Vulnerable code not present) NOTE: Fixed by: https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735 NOTE: Introduced by: https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22 CVE-2017-2668 (389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an ...) - 389-ds-base 1.3.5.17-1 (bug #860125) [jessie] - 389-ds-base (Vulnerable code not present) NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575 CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...) - foreman (bug #663101) CVE-2017-2666 (It was discovered in Undertow that the code that parsed the HTTP reque ...) {DSA-3906-1} - undertow 1.4.18-1 (bug #864405) NOTE: https://issues.jboss.org/browse/UNDERTOW-1101 NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring ...) NOT-FOR-US: Red Hat Storage / skyring CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8. ...) NOT-FOR-US: Red Hat CloudForms CVE-2017-2663 (It was found that subscription-manager's DBus interface before 1.19.4 ...) NOT-FOR-US: candlepin / subscription-manager CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5. After sett ...) - foreman (bug #663101) CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site s ...) - pcs 0.9.155+dfsg-2 (bug #858379) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948 NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f NOTE: https://www.openwall.com/lists/oss-security/2017/03/23/2 CVE-2017-2660 REJECTED CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...) - dropbear 2013.60-1 NOTE: https://hg.ucc.asn.au/dropbear/rev/d7784616409a#l1.86 CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...) NOT-FOR-US: JBoss BPMS CVE-2017-2657 REJECTED CVE-2017-2656 REJECTED CVE-2017-2655 REJECTED CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an Informatio ...) NOT-FOR-US: jenkins-email-ext CVE-2017-2653 (A number of unused delete routes are present in CloudForms before 5.7. ...) NOT-FOR-US: Red Hat CloudForms CVE-2017-2652 (It was found that there were no permission checks performed in the Dis ...) NOT-FOR-US: Jenkins plugin CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an informat ...) NOT-FOR-US: jenkins-mailer-plugin CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins plugin e ...) NOT-FOR-US: Jenkins plugin CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to and in ...) NOT-FOR-US: Jenkins plugin CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15 did no ...) NOT-FOR-US: jenkins-ssh-slaves-plugin CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users ...) {DLA-922-1} - linux 4.0.2-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (v3.18-rc1) CVE-2017-2646 (It was found that when Keycloak before 2.5.5 receives a Logout request ...) NOT-FOR-US: Keycloak CVE-2017-2645 (In Moodle 3.x, XSS can occur via attachments to evidence of prior lear ...) - moodle (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4) NOTE: https://tracker.moodle.org/browse/MDL-57597 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57597 CVE-2017-2644 (In Moodle 3.x, XSS can occur via evidence of prior learning.) - moodle (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4) NOTE: https://tracker.moodle.org/browse/MDL-57596 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57596 CVE-2017-2643 (In Moodle 3.2.x, global search displays user names for unauthenticated ...) - moodle (Only affects 3.2 to 3.2.1) NOTE: https://tracker.moodle.org/browse/MDL-56526 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526 CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page.) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=355554 CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences.) - moodle 2.7.19+dfsg-1 NOTE: https://tracker.moodle.org/browse/MDL-58010 NOTE: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010 CVE-2017-2640 (An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 ...) {DSA-3806-1 DLA-853-1} - pidgin 2.12.0-1 (bug #859159) NOTE: https://www.pidgin.im/news/security/?id=109 NOTE: https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9 CVE-2017-2639 (It was found that CloudForms does not verify that the server hostname ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-2638 (It was found that the REST API in Infinispan before version 9.0.0 did ...) NOT-FOR-US: infinispan CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform direct ...) NOT-FOR-US: Red Hat OpenStack Platform director CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.1 ...) {DSA-3804-1 DLA-849-1} - linux 4.9.16-1 NOTE: https://www.openwall.com/lists/oss-security/2017/03/07/6 NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2) NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html CVE-2017-2635 (A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...) - libvirt 3.0.0-3 (bug #856313) [jessie] - libvirt (Vulnerable code introduced later) [wheezy] - libvirt (Vulnerable code introduced later) NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390ff0a8e65014172bb8c0a8d312c3353 (v3.0.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 (v3.1.0-rc1) CVE-2017-2634 (It was found that the Linux kernel's Datagram Congestion Control Proto ...) - linux (Fixed before initial rename to src:linux) NOTE: Fixed by: https://git.kernel.org/linus/f53dc67c5e7babafe239b93a11678b0e05bead51 (2.6.25-rc1) CVE-2017-2633 (An out-of-bounds memory access issue was found in Quick Emulator (QEMU ...) - qemu 2.1+dfsg-1 [wheezy] - qemu (Can be fixed along when more severe issues are being fixed) - qemu-kvm [wheezy] - qemu-kvm (Can be fixed along when more severe issues are being fixed) NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7 CVE-2017-2632 (A logic error in valid_role() in CloudForms role validation before 5.7 ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2017-2631 REJECTED CVE-2017-2630 (A stack buffer overflow flaw was found in the Quick Emulator (QEMU) be ...) - qemu 1:2.8+dfsg-3 (bug #855227) [jessie] - qemu (Vulnerable code introduced in v2.8.0-rc0) [wheezy] - qemu (Vulnerable code introduced in v2.8.0-rc0) - qemu-kvm (Vulnerable code introduced later) NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422415 CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS Certificate Status Request ext ...) - curl 7.52.1-3 [jessie] - curl (Vulnerable code introduced later) [wheezy] - curl (Vulnerable code introduced later) NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0 NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch NOTE: https://curl.haxx.se/docs/adv_20170222.html CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-5 ...) - curl (Red Hat specific backport issue) CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with Red Hat O ...) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917 NOT-FOR-US: RHEL packaging flaw for openstack CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy to ge ...) {DLA-2002-1} - libice 2:1.0.9-2 (bug #856400) [wheezy] - libice (Minor issue, can be fixed in a point update or next DSA) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used weak entro ...) - libxdmcp 1:1.1.2-2 (bug #856399) [wheezy] - libxdmcp (Minor issue, can be fixed in a point update or next DSA) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ CVE-2017-2624 (It was found that xorg-x11-server before 1.19.0 including uses memcmp( ...) {DLA-1186-1} - xorg-server 2:1.19.2-1 (low; bug #856398) [jessie] - xorg-server 2:1.16.4-1+deb8u2 NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ CVE-2017-2623 (It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 ...) NOT-FOR-US: Red Hat rpm-ostree CVE-2017-2622 (An accessibility flaw was found in the OpenStack Workflow (mistral) se ...) - mistral (Red Hat-specific) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992 NOTE: tracing the installation shows that mkdir -p /var/log/mistral NOTE: is executed, which depending on the umask might end in wrong NOTE: permissions. But for Debian the final permissions seem to end NOTE: to 0750, despite, owned by mistral:adm. Thus might need more NOTE: investigation to determine the affected status. CVE-2017-2621 (An access-control flaw was found in the OpenStack Orchestration (heat) ...) - heat (heat-common postinst chmod's 0750 /var/log/heat) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990 CVE-2017-2620 (Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA E ...) {DLA-1497-1 DLA-1270-1 DLA-845-1 DLA-842-1} - qemu 1:2.8+dfsg-3 (bug #855791) - qemu-kvm - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-209.html NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a mali ...) {DSA-3816-1 DLA-894-1} - samba 2:4.5.6+dfsg-2 NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html CVE-2017-2618 (A flaw was found in the Linux kernel's handling of clearing SELinux at ...) {DSA-3791-1} - linux 4.9.10-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125 CVE-2017-2617 (hawtio before version 1.5.5 is vulnerable to remote code execution via ...) NOT-FOR-US: hawtio CVE-2017-2616 (A race condition was found in util-linux before 2.32.1 in the way su h ...) {DSA-3793-1 DLA-838-1} - shadow 1:4.4-4 (bug #855943) NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 - util-linux 2.29.2-1 (unimportant) NOTE: https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891 - coreutils 8.20-1 (unimportant) NOTE: Coreutils: Removed from source in https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737 NOTE: and not installed by default since 2007. CVE-2017-2615 (Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator sup ...) {DLA-1497-1 DLA-845-1 DLA-842-1} - qemu 1:2.8+dfsg-3 (low; bug #854731) NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106) NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64 CVE-2017-2614 (When updating a password in the rhvm database the ovirt-aaa-jdbc-tool ...) NOT-FOR-US: Red Hat ovirt-aaa-jdbc-tool tools CVE-2017-2613 (jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2612 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2609 (jenkins before versions 2.44, 2.32.2 is vulnerable to an information d ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ex ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information e ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2605 REJECTED CVE-2017-2604 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2603 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2602 (jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blac ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could be vie ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficie ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode wi ...) - jenkins NOTE: https://jenkins.io/security/advisory/2017-02-01/ CVE-2017-2597 REJECTED CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux ...) {DSA-3791-1} - linux 4.9.13-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://www.spinics.net/lists/kvm/msg144319.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417812 CVE-2017-2595 (It was found that the log file viewer in Red Hat JBoss Enterprise Appl ...) - wildfly (bug #752018) CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, ...) NOT-FOR-US: hawtio CVE-2017-2593 REJECTED CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulner ...) - python-oslo.middleware 3.19.0-3 (bug #852742) NOTE: https://launchpad.net/bugs/1628031 CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL t ...) - 389-ds-base 1.3.5.15-2 (bug #851769) [jessie] - 389-ds-base (Only affects 1.3.4.0 and later) NOTE: https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/ CVE-2017-2590 (A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...) - freeipa (ca plugin introduced in 4.4) NOTE: https://pagure.io/freeipa/issue/6713 NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4 CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single HttpClient ...) NOT-FOR-US: hawtio CVE-2017-2588 REJECTED CVE-2017-2587 (A memory allocation vulnerability was found in netpbm before 10.61. A ...) - netpbm-free (vulnerable code not present) NOTE: Debian uses an old fork of netpbm NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328 CVE-2017-2586 (A null pointer dereference vulnerability was found in netpbm before 10 ...) - netpbm-free (vulnerable code not present) NOTE: Debian uses an old fork of netpbm NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328 CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ve ...) NOT-FOR-US: Keycloak CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...) {DSA-3791-1} - linux 4.9.6-1 [wheezy] - linux (Vulnerable code introduced in 3.6-rc1) NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulate.c i ...) {DSA-3791-1} - linux 4.9.6-1 [wheezy] - linux (Vulnerable code introduced in 3.6-rc1) NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3 CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserUtil c ...) NOT-FOR-US: Keycloak CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...) - netpbm-free 2:10.97.00-1 (bug #854978) [bullseye] - netpbm-free (Legacy fork not affected) [buster] - netpbm-free (Legacy fork not affected) [stretch] - netpbm-free (Legacy fork not affected) NOTE: Debian uses an old fork of netpbm, switched to current releases as of 2:10.97.00-1 NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 NOTE: PoC+report attached to #854978 NOTE: Similar code path seems protected by earlier stricter size checks ("object too large") NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2989/ (10.78.05) CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...) - netpbm-free 2:10.97.00-1 (bug #854978) [bullseye] - netpbm-free (Legacy fork not affected) [buster] - netpbm-free (Legacy fork not affected) [stretch] - netpbm-free (Legacy fork not affected) [jessie] - netpbm-free (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions) NOTE: Debian uses an old fork of netpbm NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 NOTE: PoC+report attached to #854978 NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821 (10.47.63) CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61. ...) - netpbm-free 2:10.97.00-1 (bug #854978) [bullseye] - netpbm-free (Legacy fork not affected) [buster] - netpbm-free (Legacy fork not affected) [stretch] - netpbm-free (Legacy fork not affected) [jessie] - netpbm-free (pnm/giftopnm.c rewritten, PoC triggers clean application error handling) NOTE: Debian uses an old fork of netpbm NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1024288 (reproducer) NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821 (10.47.63) CVE-2017-2577 REJECTED CVE-2017-2575 (A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL poi ...) NOT-FOR-US: libbpg CVE-2017-2574 RESERVED CVE-2017-2573 RESERVED CVE-2017-2572 RESERVED CVE-2017-2571 RESERVED CVE-2017-2570 RESERVED CVE-2017-2569 RESERVED CVE-2017-2568 RESERVED CVE-2017-2567 RESERVED CVE-2017-2566 RESERVED CVE-2017-2565 RESERVED CVE-2017-2564 RESERVED CVE-2017-2563 RESERVED CVE-2017-2562 RESERVED CVE-2017-2561 RESERVED CVE-2017-2560 RESERVED CVE-2017-2559 RESERVED CVE-2017-2558 RESERVED CVE-2017-2557 RESERVED CVE-2017-2556 RESERVED CVE-2017-2555 RESERVED CVE-2017-2554 RESERVED CVE-2017-2553 RESERVED CVE-2017-2552 RESERVED CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possib ...) NOT-FOR-US: WordPress plugin BackWPup CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a cop ...) NOT-FOR-US: Easy Joomla Backup CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2548 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2547 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2546 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2545 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2544 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2543 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2542 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2541 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2540 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2539 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-1 (unimportant) NOTE: Not covered by security support CVE-2017-2538 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.4-1 (unimportant) [stretch] - webkit2gtk 2.16.6-0+deb9u1 NOTE: Not covered by security support CVE-2017-2537 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2536 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2535 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2534 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2533 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2532 RESERVED CVE-2017-2531 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2530 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2529 RESERVED CVE-2017-2528 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2527 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2526 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2525 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2524 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2523 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2522 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) {DLA-1633-1} - sqlite3 3.16.2-1 [wheezy] - sqlite3 (Vulnerable code not present) - sqlite (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384 NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016 NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1 CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) {DLA-1633-1} - sqlite3 3.16.0-1 [wheezy] - sqlite3 (Vulnerable code not present) - sqlite (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288 NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632 NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6 CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) {DLA-1633-1} - sqlite3 3.15.2-1 [wheezy] - sqlite3 (Minor issue) - sqlite (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199 NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936 NOTE: Fixed by: https://www.sqlite.org/src/info/0a98c8d76ac86412 NOTE: Introduced by: https://www.sqlite.org/src/info/0d2e258e1a3276e5 (v3.5.9) CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) NOT-FOR-US: Apple Safari CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2515 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2514 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2513 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - sqlite3 3.15.2-1 [jessie] - sqlite3 (Vulnerable code not present) [wheezy] - sqlite3 (Vulnerable code not present) - sqlite (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171 NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544 NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a CVE-2017-2512 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2511 (An issue was discovered in certain Apple products. Safari before 10.1. ...) NOT-FOR-US: Apple Safari CVE-2017-2510 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-1 (unimportant) NOTE: Not covered by security support CVE-2017-2509 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2508 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2507 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2506 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2505 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2504 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2503 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2502 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2501 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2500 (An issue was discovered in certain Apple products. Safari before 10.1. ...) NOT-FOR-US: Apple Safari CVE-2017-2499 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2498 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2497 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple CVE-2017-2496 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) - webkit2gtk 2.16.3-1 (unimportant) NOTE: Not covered by security support CVE-2017-2495 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) NOT-FOR-US: Apple Safari CVE-2017-2494 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2493 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2492 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2491 (Use after free vulnerability in the String.replace method JavaScriptCo ...) NOT-FOR-US: Apple Safari CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving Intel Graphics Driver CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...) NOT-FOR-US: Apple CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving FontParser component CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2485 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Security component CVE-2017-2484 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Phone component CVE-2017-2483 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2482 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2481 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2480 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2475 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2474 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2473 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2472 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2471 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2470 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2469 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2468 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2467 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving ImageIO component CVE-2017-2466 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2465 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2464 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2463 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2462 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2461 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving CoreText component CVE-2017-2460 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2459 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2458 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2457 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2456 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2455 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2454 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2453 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple Safari CVE-2017-2452 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple Siri CVE-2017-2451 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Security component CVE-2017-2450 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving CoreText component CVE-2017-2449 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple invovling Bluetooth component CVE-2017-2448 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Keychain component CVE-2017-2447 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2446 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2445 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2444 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving CoreGraphics component CVE-2017-2443 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving Intel Graphics Driver CVE-2017-2442 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2441 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple libc++abi component CVE-2017-2440 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving Kernel component CVE-2017-2439 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving FontParser component CVE-2017-2438 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving AppleRAID component CVE-2017-2437 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving IOFireWireAVC component CVE-2017-2436 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple involving IOFireWireAVC component CVE-2017-2435 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving CoreText component CVE-2017-2434 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving HomeKit component CVE-2017-2433 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2432 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple involving ImageIO component CVE-2017-2431 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2430 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2429 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2428 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2427 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2426 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2425 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2424 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2423 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2422 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2421 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2420 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2419 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2418 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2417 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2416 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2415 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2414 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2413 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2411 (In iOS before 11.2, exchange rates were retrieved from HTTP rather tha ...) NOT-FOR-US: Apple CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2408 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2407 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2406 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2405 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2404 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2403 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2402 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2401 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2400 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2399 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2398 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2397 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2396 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2395 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2394 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2393 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2392 (An issue was discovered in certain Apple products. Safari before 10.1 ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, N ...) NOT-FOR-US: Apple CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple / libarchive NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2387 (The Apple Music (aka com.apple.android.music) application before 2.0 f ...) NOT-FOR-US: Apple Music application for Android CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2385 (An issue was discovered in certain Apple products. Safari before 10.1 ...) NOT-FOR-US: Apple CVE-2017-2384 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2383 (An issue was discovered in certain Apple products. iCloud before 6.2 o ...) NOT-FOR-US: Apple CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...) NOT-FOR-US: Apple CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple, that's likely just a broken sudo config CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Apple CVE-2017-2378 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkit2gtk 2.16.3-2 (unimportant) NOTE: Not covered by security support CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...) NOT-FOR-US: Apple CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...) NOT-FOR-US: Apple CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2372 (An issue was discovered in certain Apple products. GarageBand before 1 ...) NOT-FOR-US: Apple CVE-2017-2371 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2370 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) NOT-FOR-US: Apple CVE-2017-2369 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2368 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) NOT-FOR-US: Apple CVE-2017-2367 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) - webkitgtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2366 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2365 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2364 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.6-1 (unimportant) NOTE: Not covered by security support CVE-2017-2363 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2362 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2361 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2360 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) NOT-FOR-US: Apple CVE-2017-2359 (An issue was discovered in certain Apple products. Safari before 10.0. ...) NOT-FOR-US: Apple CVE-2017-2358 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2357 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2356 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2355 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2354 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2353 (An issue was discovered in certain Apple products. macOS before 10.12. ...) NOT-FOR-US: Apple CVE-2017-2352 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) NOT-FOR-US: Apple CVE-2017-2351 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) NOT-FOR-US: Apple CVE-2017-2350 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) - webkit2gtk 2.14.4-1 (unimportant) NOTE: Not covered by security support CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper Networ ...) NOT-FOR-US: Juniper CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU utilization ...) NOT-FOR-US: Juniper CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper Networks Ju ...) NOT-FOR-US: Juniper CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented packet ...) NOT-FOR-US: Juniper CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker with u ...) NOT-FOR-US: Juniper CVE-2017-2344 (A routine within an internal Junos OS sockets library is vulnerable to ...) NOT-FOR-US: Juniper CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in Junos ...) NOT-FOR-US: Juniper CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D ...) NOT-FOR-US: Juniper CVE-2017-2341 (An insufficient authentication vulnerability on platforms where Junos ...) NOT-FOR-US: Juniper CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...) NOT-FOR-US: Juniper CVE-2017-2339 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) NOT-FOR-US: Juniper CVE-2017-2338 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) NOT-FOR-US: Juniper CVE-2017-2337 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) NOT-FOR-US: Juniper CVE-2017-2336 (A reflected cross site scripting vulnerability in NetScreen WebUI of J ...) NOT-FOR-US: Juniper CVE-2017-2335 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) NOT-FOR-US: Juniper CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks North ...) NOT-FOR-US: Juniper CVE-2017-2332 (An insufficient authentication vulnerability in Juniper Networks North ...) NOT-FOR-US: Juniper CVE-2017-2331 (A firewall bypass vulnerability in Juniper Networks NorthStar Controll ...) NOT-FOR-US: Juniper CVE-2017-2330 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2329 (An insufficient authentication vulnerability in Juniper Networks North ...) NOT-FOR-US: Juniper CVE-2017-2328 (An information leak vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2327 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2326 (An information disclosure vulnerability in Juniper Networks NorthStar ...) NOT-FOR-US: Juniper CVE-2017-2325 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...) NOT-FOR-US: Juniper CVE-2017-2324 (A command injection vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2323 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2322 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2321 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) NOT-FOR-US: Juniper CVE-2017-2320 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) NOT-FOR-US: Juniper CVE-2017-2319 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) NOT-FOR-US: Juniper CVE-2017-2318 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) NOT-FOR-US: Juniper CVE-2017-2317 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) NOT-FOR-US: Juniper CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...) NOT-FOR-US: Juniper CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...) NOT-FOR-US: Juniper CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing protocol ...) NOT-FOR-US: Juniper CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be imp ...) NOT-FOR-US: Juniper CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and wit ...) NOT-FOR-US: Juniper CVE-2017-2311 (On Juniper Networks Junos Space versions prior to 16.1R1, an unauthent ...) NOT-FOR-US: Juniper CVE-2017-2310 (A firewall bypass vulnerability in the host based firewall of Juniper ...) NOT-FOR-US: Juniper CVE-2017-2309 (On Juniper Networks Junos Space versions prior to 16.1R1 when certific ...) NOT-FOR-US: Juniper CVE-2017-2308 (An XML External Entity Injection vulnerability in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2017-2307 (A reflected cross site scripting vulnerability in the administrative i ...) NOT-FOR-US: Juniper CVE-2017-2306 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...) NOT-FOR-US: Juniper CVE-2017-2305 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...) NOT-FOR-US: Juniper CVE-2017-2304 (Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 ...) NOT-FOR-US: Juniper CVE-2017-2303 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...) NOT-FOR-US: Juniper CVE-2017-2302 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...) NOT-FOR-US: Juniper CVE-2017-2301 (On Juniper Networks products or platforms running Junos OS 11.4 prior ...) NOT-FOR-US: Juniper CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis clusters runn ...) NOT-FOR-US: Juniper CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 mak ...) - puppet-module-puppetlabs-apache 3.0.0-1 (bug #875983) [stretch] - puppet-module-puppetlabs-apache (Minor issue) [jessie] - puppet-module-puppetlabs-apache (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2017-2299 NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/7bb35c2293c12ce52329a4391fe1f20389efef06 CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...) NOT-FOR-US: mcollective-sshkey-security plugin CVE-2017-2297 (Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not corr ...) - puppet (Specific to Puppet Enterprise) CVE-2017-2296 (In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...) - puppet (Specific to Puppet Enterprise) CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...) {DSA-3862-1 DLA-1012-1} - puppet 4.8.2-5 (bug #863212) NOTE: https://puppet.com/security/cve/cve-2017-2295 NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...) - puppet (Doesn't affect Puppet as shipped in Debian) NOTE: Puppet as shipped in Debian doesn't provide puppetdb yet CVE-2017-2293 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped wi ...) - puppet (Specific to Puppet Enterprise) CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...) - mcollective 2.12.0+dfsg-1 (bug #866711) [jessie] - mcollective (Minor issue) [wheezy] - mcollective (Minor issue) NOTE: https://puppet.com/security/cve/cve-2017-2292 NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0 CVE-2017-2291 RESERVED CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, versi ...) NOT-FOR-US: mcollective-puppet-agent plugin on Windows CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station connec ...) NOT-FOR-US: Installer of Qua station connection tool for Windows CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...) NOT-FOR-US: LhaForge CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover Ver.1 ...) NOT-FOR-US: NFC Port Software remover CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software Version 5.5.0 ...) NOT-FOR-US: NFC Port Software CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS prior t ...) NOT-FOR-US: Simple Custom CSS and JS CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to version 1.6 ...) NOT-FOR-US: Popup Maker CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credential ...) NOT-FOR-US: WN-G300R3 firmware CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allow ...) NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an attacker to ex ...) NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentia ...) NOT-FOR-US: WN-AX1167GR firmware CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier al ...) NOT-FOR-US: Tween CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEE ...) NOT-FOR-US: RBB SPEED TEST App CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access restric ...) NOT-FOR-US: WG-C10 CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ex ...) NOT-FOR-US: WG-C10 CVE-2017-2275 (WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS ...) NOT-FOR-US: WG-C10 CVE-2017-2274 (Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and ea ...) NOT-FOR-US: WMR-433* firmware CVE-2017-2273 (Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ve ...) NOT-FOR-US: WMR-433* firmware CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...) NOT-FOR-US: AttacheCase CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...) NOT-FOR-US: AttacheCase CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) NOT-FOR-US: FileCapsule Deluxe Portable CVE-2017-2264 RESERVED CVE-2017-2263 RESERVED CVE-2017-2262 RESERVED CVE-2017-2261 RESERVED CVE-2017-2260 RESERVED CVE-2017-2259 RESERVED CVE-2017-2258 (Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allo ...) NOT-FOR-US: Cybozu CVE-2017-2257 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...) NOT-FOR-US: Cybozu CVE-2017-2256 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...) NOT-FOR-US: Cybozu CVE-2017-2255 (Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 all ...) NOT-FOR-US: Cybozu CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of s ...) NOT-FOR-US: Cybozu CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar (fo ...) NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer) CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files c ...) NOT-FOR-US: File Compact CVE-2017-2251 RESERVED CVE-2017-2250 RESERVED CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive files c ...) NOT-FOR-US: Lhaz+ CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+ version 3.4. ...) NOT-FOR-US: Lhaz+ CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive files c ...) NOT-FOR-US: Lhaz CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 ...) NOT-FOR-US: Lhaz CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to vers ...) NOT-FOR-US: Shortcodes Ultimate CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmwar ...) NOT-FOR-US: MFC-J960DWN firmware CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ver ...) NOT-FOR-US: Responsive Lightbox CVE-2017-2242 (Untrusted search path vulnerability in Flets Setsuzoku Tool for Window ...) NOT-FOR-US: Flets Setsuzoku Tool for Windows CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and e ...) NOT-FOR-US: AssetView for MacOS CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and ...) NOT-FOR-US: AssetView for MacOS CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access loca ...) NOT-FOR-US: Marp CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home gatewa ...) NOT-FOR-US: Toshiba Home gateway HEM-GW16A CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital Signat ...) NOT-FOR-US: PDF Digital Signature Plugin CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo Sof ...) NOT-FOR-US: Installer of Shinseiyo Sogo Soft CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT DenshiSei ...) NOT-FOR-US: installer of MLIT DenshiSeikabutsuSakuseiShienKensa system CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check P ...) NOT-FOR-US: Douro Kouji Kanseizutou Check Program CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...) NOT-FOR-US: Douroshisetu Kihon Data Sakusei System CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien To ...) NOT-FOR-US: Teikihoukokusho Sakuseishien Tool CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP V ...) NOT-FOR-US: installer of Charamin OMP CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance preparati ...) NOT-FOR-US: e-Tax CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...) NOT-FOR-US: EbidSettingChecker.exe CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to versi ...) NOT-FOR-US: Event Calendar WD CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM ...) NOT-FOR-US: TS-WPTCAM CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version 3.1. ...) NOT-FOR-US: WP-Members CVE-2017-2221 (Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1 ...) NOT-FOR-US: Installer of Baidu IME CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator ...) NOT-FOR-US: Installer of CASL II simulator CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] instal ...) NOT-FOR-US: Simeji CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for Wind ...) NOT-FOR-US: Installer of QuickTime for Windows CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ver ...) NOT-FOR-US: WordPress Download Manager CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...) NOT-FOR-US: WordPress Download Manager CVE-2017-2215 (Untrusted search path vulnerability in Installer of "Setup file of adv ...) NOT-FOR-US: Installer of "Setup file of advance preparation" CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...) NOT-FOR-US: AppCheck CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EX ...) NOT-FOR-US: SemiDynaEXE CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. ...) NOT-FOR-US: TKY2JGD CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101. ...) NOT-FOR-US: PatchJGD CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...) NOT-FOR-US: PatchJGD CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo Sak ...) NOT-FOR-US: Houkokusyo Sakusei Shien Tool CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic tenderi ...) NOT-FOR-US: Installer of Electronic tendering and bid opening system CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...) NOT-FOR-US: SaAT Personal CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen v ...) NOT-FOR-US: SaAT Netizen CVE-2017-2205 RESERVED CVE-2017-2204 RESERVED CVE-2017-2203 RESERVED CVE-2017-2202 RESERVED CVE-2017-2201 RESERVED CVE-2017-2200 RESERVED CVE-2017-2199 RESERVED CVE-2017-2198 RESERVED CVE-2017-2197 RESERVED CVE-2017-2196 RESERVED CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...) NOT-FOR-US: Multi Feed Reader plugin for wordpress CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying to ...) NOT-FOR-US: iCodeChecker CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...) NOT-FOR-US: Tera Term CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify executio ...) NOT-FOR-US: RW5100 installer CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for Wi ...) NOT-FOR-US: RW5100 installer CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify executio ...) NOT-FOR-US: RW4040 CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for Wi ...) NOT-FOR-US: RW4040 CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...) NOT-FOR-US: Installer of Denshinouhin Check System CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ve ...) NOT-FOR-US: WP Live Chat CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...) NOT-FOR-US: HOME SPOT CUBE2 firmware CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...) NOT-FOR-US: HOME SPOT CUBE2 firmware CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...) NOT-FOR-US: HOME SPOT CUBE2 firmware CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...) NOT-FOR-US: HOME SPOT CUBE2 firmware CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic tenderi ...) NOT-FOR-US: electronic tendering and bid opening system CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki Densh ...) NOT-FOR-US: Shogyo Touki Denshi Ninsho CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers (jasdf_0 ...) NOT-FOR-US: screensaver installers for Windows CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - eXt ...) NOT-FOR-US: Empirical Project Monitor - eXtended CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...) NOT-FOR-US: Empirical Project Monitor - eXtended CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...) NOT-FOR-US: Empirical Project Monitor - eXtended CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 t ...) NOT-FOR-US: Cybozu CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...) NOT-FOR-US: WordPress plugins provided by BestWebSoft CVE-2017-2170 RESERVED CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to version 6.19 ...) NOT-FOR-US: MaxButtons plugin for WordPress CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free version p ...) NOT-FOR-US: WP Booking System CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive Deskto ...) NOT-FOR-US: PrimeDrive CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...) NOT-FOR-US: GroupSession CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated at ...) NOT-FOR-US: GroupSession CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 an ...) NOT-FOR-US: SOY CMS CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 a ...) NOT-FOR-US: SOY CMS CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier ...) NOT-FOR-US: FlashAirTM CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier ...) NOT-FOR-US: FlashAirTM CVE-2017-2160 RESERVED CVE-2017-2159 RESERVED CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus version ...) NOT-FOR-US: Lhaplus CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public Certi ...) NOT-FOR-US: The Public Certification Service CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows p ...) NOT-FOR-US: Vivaldi installer Windows CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...) NOT-FOR-US: Hoozin Viewer CVE-2017-2154 (Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanak ...) NOT-FOR-US: Booking Calendar CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5. ...) NOT-FOR-US: SEIL CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...) NOT-FOR-US: WNC01WH firmware CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...) NOT-FOR-US: Booking Calendar CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and ...) NOT-FOR-US: Booking Calendar CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for ...) NOT-FOR-US: installers of the software for SDHC/SDXC Memory Cards CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.0 ...) NOT-FOR-US: WN-AC1167GR firmware CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) NOT-FOR-US: WP Statistics CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 all ...) NOT-FOR-US: Cybozu Garoon CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows ...) NOT-FOR-US: Cybozu Garoon CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another use ...) NOT-FOR-US: Cybozu Garoon CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...) NOT-FOR-US: CS-Cart CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remo ...) NOT-FOR-US: WN-G300R3 firmware CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with administrato ...) NOT-FOR-US: WN-G300R3 firmware CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be e ...) NOT-FOR-US: Tablacus Explorer CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS ...) NOT-FOR-US: CS-Cart CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Ed ...) NOT-FOR-US: CS-Cart CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attac ...) NOT-FOR-US: ProSAFE Plus Configuration Utility CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) NOT-FOR-US: WP Statistics CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...) NOT-FOR-US: WP Statistics CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...) NOT-FOR-US: ASSETBASE CVE-2017-2133 (SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices ...) NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices CVE-2017-2132 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...) NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices CVE-2017-2131 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...) NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall Clie ...) NOT-FOR-US: installer of PhishWall Client Internet Explorer CVE-2017-2129 RESERVED CVE-2017-2128 (Security guide for website operators allows remote attackers to execut ...) NOT-FOR-US: Security guide for website operators CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...) NOT-FOR-US: YOP Poll CVE-2017-2126 (WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1 ...) NOT-FOR-US: WAPM-* firmware CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote authe ...) NOT-FOR-US: CentreCOM AR260S CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) NOT-FOR-US: OneThird CMS CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) NOT-FOR-US: OneThird CMS CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6. ...) NOT-FOR-US: Nessus CVE-2017-2121 RESERVED CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...) NOT-FOR-US: WBCE CMS CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allow ...) NOT-FOR-US: WBCE CMS CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allo ...) NOT-FOR-US: WBCE CMS CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5 ...) NOT-FOR-US: CubeCart CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...) NOT-FOR-US: Cybozu CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...) NOT-FOR-US: Cybozu CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 a ...) NOT-FOR-US: Cybozu CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPT ...) NOT-FOR-US: firmware in network cameras by I-O DATA CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware versi ...) NOT-FOR-US: firmware in network cameras by I-O DATA CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...) NOT-FOR-US: firmware in network cameras by I-O DATA CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2. ...) NOT-FOR-US: CX App for Android CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ob ...) NOT-FOR-US: Cybozu CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application ...) NOT-FOR-US: PrimeDrive Desktop Application CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files c ...) NOT-FOR-US: 7-ZIP32.DLL CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...) - webmin CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 certi ...) NOT-FOR-US: TVer App for Android CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not veri ...) NOT-FOR-US: Business LaLa Call App for Android CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...) NOT-FOR-US: LaLa Call App for Android CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerabil ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application CVE-2017-2101 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application CVE-2017-2100 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application CVE-2017-2099 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) NOT-FOR-US: CubeCart CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...) NOT-FOR-US: Knowledge CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...) NOT-FOR-US: smalruby-editor CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens u ...) NOT-FOR-US: Cybozu CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 all ...) NOT-FOR-US: Cybozu CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) NOT-FOR-US: CubeCart CVE-2017-2089 REJECTED CVE-2017-2088 REJECTED CVE-2017-2087 REJECTED CVE-2017-2086 REJECTED CVE-2017-2085 REJECTED CVE-2017-2084 REJECTED CVE-2017-2083 REJECTED CVE-2017-2082 REJECTED CVE-2017-2081 REJECTED CVE-2017-2080 REJECTED CVE-2017-2079 REJECTED CVE-2017-2078 REJECTED CVE-2017-2077 REJECTED CVE-2017-2076 REJECTED CVE-2017-2075 REJECTED CVE-2017-2074 REJECTED CVE-2017-2073 REJECTED CVE-2017-2072 REJECTED CVE-2017-2071 REJECTED CVE-2017-2070 REJECTED CVE-2017-2069 REJECTED CVE-2017-2068 REJECTED CVE-2017-2067 REJECTED CVE-2017-2066 REJECTED CVE-2017-2065 REJECTED CVE-2017-2064 REJECTED CVE-2017-2063 REJECTED CVE-2017-2062 REJECTED CVE-2017-2061 REJECTED CVE-2017-2060 REJECTED CVE-2017-2059 REJECTED CVE-2017-2058 REJECTED CVE-2017-2057 REJECTED CVE-2017-2056 REJECTED CVE-2017-2055 REJECTED CVE-2017-2054 REJECTED CVE-2017-2053 REJECTED CVE-2017-2052 REJECTED CVE-2017-2051 REJECTED CVE-2017-2050 REJECTED CVE-2017-2049 REJECTED CVE-2017-2048 REJECTED CVE-2017-2047 REJECTED CVE-2017-2046 REJECTED CVE-2017-2045 REJECTED CVE-2017-2044 REJECTED CVE-2017-2043 REJECTED CVE-2017-2042 REJECTED CVE-2017-2041 REJECTED CVE-2017-2040 REJECTED CVE-2017-2039 REJECTED CVE-2017-2038 REJECTED CVE-2017-2037 REJECTED CVE-2017-2036 REJECTED CVE-2017-2035 REJECTED CVE-2017-2034 REJECTED CVE-2017-2033 REJECTED CVE-2017-2032 REJECTED CVE-2017-2031 REJECTED CVE-2017-2030 REJECTED CVE-2017-2029 REJECTED CVE-2017-2028 REJECTED CVE-2017-2027 REJECTED CVE-2017-2026 REJECTED CVE-2017-2025 REJECTED CVE-2017-2024 REJECTED CVE-2017-2023 REJECTED CVE-2017-2022 REJECTED CVE-2017-2021 REJECTED CVE-2017-2020 REJECTED CVE-2017-2019 REJECTED CVE-2017-2018 REJECTED CVE-2017-2017 REJECTED CVE-2017-2016 REJECTED CVE-2017-2015 REJECTED CVE-2017-2014 REJECTED CVE-2017-2013 REJECTED CVE-2017-2012 REJECTED CVE-2017-2011 REJECTED CVE-2017-2010 REJECTED CVE-2017-2009 REJECTED CVE-2017-2008 REJECTED CVE-2017-2007 REJECTED CVE-2017-2006 REJECTED CVE-2017-2005 REJECTED CVE-2017-2004 REJECTED CVE-2017-2003 REJECTED CVE-2017-2002 REJECTED CVE-2017-2001 REJECTED CVE-2017-2000 REJECTED CVE-2017-1999 REJECTED CVE-2017-1998 REJECTED CVE-2017-1997 REJECTED CVE-2017-1996 REJECTED CVE-2017-1995 REJECTED CVE-2017-1994 REJECTED CVE-2017-1993 REJECTED CVE-2017-1992 REJECTED CVE-2017-1991 REJECTED CVE-2017-1990 REJECTED CVE-2017-1989 REJECTED CVE-2017-1988 REJECTED CVE-2017-1987 REJECTED CVE-2017-1986 REJECTED CVE-2017-1985 REJECTED CVE-2017-1984 REJECTED CVE-2017-1983 REJECTED CVE-2017-1982 REJECTED CVE-2017-1981 REJECTED CVE-2017-1980 REJECTED CVE-2017-1979 REJECTED CVE-2017-1978 REJECTED CVE-2017-1977 REJECTED CVE-2017-1976 REJECTED CVE-2017-1975 REJECTED CVE-2017-1974 REJECTED CVE-2017-1973 REJECTED CVE-2017-1972 REJECTED CVE-2017-1971 REJECTED CVE-2017-1970 REJECTED CVE-2017-1969 REJECTED CVE-2017-1968 REJECTED CVE-2017-1967 REJECTED CVE-2017-1966 REJECTED CVE-2017-1965 REJECTED CVE-2017-1964 REJECTED CVE-2017-1963 REJECTED CVE-2017-1962 REJECTED CVE-2017-1961 REJECTED CVE-2017-1960 REJECTED CVE-2017-1959 REJECTED CVE-2017-1958 REJECTED CVE-2017-1957 REJECTED CVE-2017-1956 REJECTED CVE-2017-1955 REJECTED CVE-2017-1954 REJECTED CVE-2017-1953 REJECTED CVE-2017-1952 REJECTED CVE-2017-1951 REJECTED CVE-2017-1950 REJECTED CVE-2017-1949 REJECTED CVE-2017-1948 REJECTED CVE-2017-1947 REJECTED CVE-2017-1946 REJECTED CVE-2017-1945 REJECTED CVE-2017-1944 REJECTED CVE-2017-1943 REJECTED CVE-2017-1942 REJECTED CVE-2017-1941 REJECTED CVE-2017-1940 REJECTED CVE-2017-1939 REJECTED CVE-2017-1938 REJECTED CVE-2017-1937 REJECTED CVE-2017-1936 REJECTED CVE-2017-1935 REJECTED CVE-2017-1934 REJECTED CVE-2017-1933 REJECTED CVE-2017-1932 REJECTED CVE-2017-1931 REJECTED CVE-2017-1930 REJECTED CVE-2017-1929 REJECTED CVE-2017-1928 REJECTED CVE-2017-1927 REJECTED CVE-2017-1926 REJECTED CVE-2017-1925 REJECTED CVE-2017-1924 REJECTED CVE-2017-1923 REJECTED CVE-2017-1922 REJECTED CVE-2017-1921 REJECTED CVE-2017-1920 REJECTED CVE-2017-1919 REJECTED CVE-2017-1918 REJECTED CVE-2017-1917 REJECTED CVE-2017-1916 REJECTED CVE-2017-1915 REJECTED CVE-2017-1914 REJECTED CVE-2017-1913 REJECTED CVE-2017-1912 REJECTED CVE-2017-1911 REJECTED CVE-2017-1910 REJECTED CVE-2017-1909 REJECTED CVE-2017-1908 REJECTED CVE-2017-1907 REJECTED CVE-2017-1906 REJECTED CVE-2017-1905 REJECTED CVE-2017-1904 REJECTED CVE-2017-1903 REJECTED CVE-2017-1902 REJECTED CVE-2017-1901 REJECTED CVE-2017-1900 REJECTED CVE-2017-1899 REJECTED CVE-2017-1898 REJECTED CVE-2017-1897 REJECTED CVE-2017-1896 REJECTED CVE-2017-1895 REJECTED CVE-2017-1894 REJECTED CVE-2017-1893 REJECTED CVE-2017-1892 REJECTED CVE-2017-1891 REJECTED CVE-2017-1890 REJECTED CVE-2017-1889 REJECTED CVE-2017-1888 REJECTED CVE-2017-1887 REJECTED CVE-2017-1886 REJECTED CVE-2017-1885 REJECTED CVE-2017-1884 REJECTED CVE-2017-1883 REJECTED CVE-2017-1882 REJECTED CVE-2017-1881 REJECTED CVE-2017-1880 REJECTED CVE-2017-1879 REJECTED CVE-2017-1878 REJECTED CVE-2017-1877 REJECTED CVE-2017-1876 REJECTED CVE-2017-1875 REJECTED CVE-2017-1874 REJECTED CVE-2017-1873 REJECTED CVE-2017-1872 REJECTED CVE-2017-1871 REJECTED CVE-2017-1870 REJECTED CVE-2017-1869 REJECTED CVE-2017-1868 REJECTED CVE-2017-1867 REJECTED CVE-2017-1866 REJECTED CVE-2017-1865 REJECTED CVE-2017-1864 REJECTED CVE-2017-1863 REJECTED CVE-2017-1862 REJECTED CVE-2017-1861 REJECTED CVE-2017-1860 REJECTED CVE-2017-1859 REJECTED CVE-2017-1858 REJECTED CVE-2017-1857 REJECTED CVE-2017-1856 REJECTED CVE-2017-1855 REJECTED CVE-2017-1854 REJECTED CVE-2017-1853 REJECTED CVE-2017-1852 REJECTED CVE-2017-1851 REJECTED CVE-2017-1850 REJECTED CVE-2017-1849 REJECTED CVE-2017-1848 REJECTED CVE-2017-1847 REJECTED CVE-2017-1846 REJECTED CVE-2017-1845 REJECTED CVE-2017-1844 REJECTED CVE-2017-1843 REJECTED CVE-2017-1842 REJECTED CVE-2017-1841 REJECTED CVE-2017-1840 REJECTED CVE-2017-1839 REJECTED CVE-2017-1838 REJECTED CVE-2017-1837 REJECTED CVE-2017-1836 REJECTED CVE-2017-1835 REJECTED CVE-2017-1834 REJECTED CVE-2017-1833 REJECTED CVE-2017-1832 REJECTED CVE-2017-1831 REJECTED CVE-2017-1830 REJECTED CVE-2017-1829 REJECTED CVE-2017-1828 REJECTED CVE-2017-1827 REJECTED CVE-2017-1826 REJECTED CVE-2017-1825 REJECTED CVE-2017-1824 REJECTED CVE-2017-1823 REJECTED CVE-2017-1822 REJECTED CVE-2017-1821 REJECTED CVE-2017-1820 REJECTED CVE-2017-1819 REJECTED CVE-2017-1818 REJECTED CVE-2017-1817 REJECTED CVE-2017-1816 REJECTED CVE-2017-1815 REJECTED CVE-2017-1814 REJECTED CVE-2017-1813 REJECTED CVE-2017-1812 REJECTED CVE-2017-1811 REJECTED CVE-2017-1810 RESERVED CVE-2017-1809 RESERVED CVE-2017-1808 RESERVED CVE-2017-1807 RESERVED CVE-2017-1806 RESERVED CVE-2017-1805 RESERVED CVE-2017-1804 RESERVED CVE-2017-1803 RESERVED CVE-2017-1802 RESERVED CVE-2017-1801 RESERVED CVE-2017-1800 RESERVED CVE-2017-1799 RESERVED CVE-2017-1798 RESERVED CVE-2017-1797 RESERVED CVE-2017-1796 RESERVED CVE-2017-1795 (IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local u ...) NOT-FOR-US: IBM WebSphere MQ CVE-2017-1794 (IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 ...) NOT-FOR-US: IBM CVE-2017-1793 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) NOT-FOR-US: IBM CVE-2017-1792 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) NOT-FOR-US: IBM CVE-2017-1791 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) NOT-FOR-US: IBM CVE-2017-1790 (IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through ...) NOT-FOR-US: IBM DOORS Next Generation CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticate ...) NOT-FOR-US: IBM CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login coul ...) NOT-FOR-US: IBM CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerab ...) NOT-FOR-US: IBM Publishing Engine CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under speci ...) NOT-FOR-US: IBM CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote us ...) NOT-FOR-US: IBM API Connect CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files tha ...) NOT-FOR-US: IBM Cognos Analytics CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change parameter ...) NOT-FOR-US: IBM Cognos Analytics CVE-2017-1782 RESERVED CVE-2017-1781 RESERVED CVE-2017-1780 RESERVED CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that ...) NOT-FOR-US: IBM Cognos Analytics CVE-2017-1778 RESERVED CVE-2017-1777 RESERVED CVE-2017-1776 RESERVED CVE-2017-1775 RESERVED CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sen ...) NOT-FOR-US: IBM Security Guardium Big Data Intelligence CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...) NOT-FOR-US: IBM DataPower Gateways CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and ...) NOT-FOR-US: IBM CVE-2017-1771 RESERVED CVE-2017-1770 RESERVED CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request f ...) NOT-FOR-US: IBM Business Process Manager CVE-2017-1768 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an ...) NOT-FOR-US: IBM CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...) NOT-FOR-US: IBM CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user wit ...) NOT-FOR-US: IBM CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, u ...) NOT-FOR-US: IBM CVE-2017-1763 RESERVED CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) NOT-FOR-US: IBM CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM WebSphere Portal CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash t ...) NOT-FOR-US: IBM WebSphere MQ CVE-2017-1759 RESERVED CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote at ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...) NOT-FOR-US: IBM CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1754 RESERVED CVE-2017-1753 (Multiple IBM Rational products are vulnerable to HTML injection. A rem ...) NOT-FOR-US: IBM CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileg ...) NOT-FOR-US: IBM UrbanCode Deploy CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vuln ...) NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0 ...) NOT-FOR-US: IBM Jazz Reporting Service CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...) NOT-FOR-US: IBM UrbanCode Deploy CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to con ...) NOT-FOR-US: IBM CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM Web ...) NOT-FOR-US: IBM CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...) NOT-FOR-US: IBM Jazz for Service Management CVE-2017-1745 RESERVED CVE-2017-1744 RESERVED CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2017-1742 RESERVED CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2017-1738 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 c ...) NOT-FOR-US: IBM CVE-2017-1737 RESERVED CVE-2017-1736 RESERVED CVE-2017-1735 RESERVED CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) NOT-FOR-US: IBM CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files t ...) NOT-FOR-US: IBM CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does n ...) NOT-FOR-US: IBM CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2017-1730 RESERVED CVE-2017-1729 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) NOT-FOR-US: IBM CVE-2017-1728 RESERVED CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1726 RESERVED CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) NOT-FOR-US: IBM CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated us ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrar ...) NOT-FOR-US: IBM Notes CVE-2017-1719 RESERVED CVE-2017-1718 RESERVED CVE-2017-1717 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose s ...) NOT-FOR-US: IBM Tivoli Workload Scheduler CVE-2017-1715 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated loca ...) NOT-FOR-US: IBM Notes and Domino NSD CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...) NOT-FOR-US: IBM CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the Domino serv ...) NOT-FOR-US: IBM CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...) NOT-FOR-US: IBM iNotes CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (20 ...) NOT-FOR-US: IBM CVE-2017-1709 RESERVED CVE-2017-1708 RESERVED CVE-2017-1707 RESERVED CVE-2017-1706 RESERVED CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, sen ...) NOT-FOR-US: IBM CVE-2017-1704 RESERVED CVE-2017-1703 RESERVED CVE-2017-1702 RESERVED CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6. ...) NOT-FOR-US: IBM CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) NOT-FOR-US: IBM CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissio ...) NOT-FOR-US: IBM MQ Managed File Transfer Agent CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive inf ...) NOT-FOR-US: IBM WebSphere Portal CVE-2017-1697 RESERVED CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...) NOT-FOR-US: IBM QRadar CVE-2017-1695 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic al ...) NOT-FOR-US: IBM CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain i ...) NOT-FOR-US: IBM Integration Bus CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has capt ...) NOT-FOR-US: IBM Integration Bus CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability t ...) NOT-FOR-US: IBM AIX CVE-2017-1691 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1690 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1689 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2017-1688 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2017-1687 RESERVED CVE-2017-1686 RESERVED CVE-2017-1685 RESERVED CVE-2017-1684 RESERVED CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM Connections Engagement Center CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM Connections CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2017-1680 RESERVED CVE-2017-1679 (IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attac ...) NOT-FOR-US: IBM CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...) NOT-FOR-US: IBM CVE-2017-1676 RESERVED CVE-2017-1675 RESERVED CVE-2017-1674 RESERVED CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cr ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-si ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQ ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive in ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1667 RESERVED CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...) NOT-FOR-US: IBM Tivoli Key Lifecycle Manager CVE-2017-1663 RESERVED CVE-2017-1662 RESERVED CVE-2017-1661 RESERVED CVE-2017-1660 RESERVED CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerabili ...) NOT-FOR-US: HCL iNotes CVE-2017-1658 RESERVED CVE-2017-1657 RESERVED CVE-2017-1656 RESERVED CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) NOT-FOR-US: IBM CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivi ...) NOT-FOR-US: IBM CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6 ...) NOT-FOR-US: IBM Jazz Foundation CVE-2017-1652 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1651 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2017-1649 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...) NOT-FOR-US: IBM CVE-2017-1648 RESERVED CVE-2017-1647 RESERVED CVE-2017-1646 RESERVED CVE-2017-1645 RESERVED CVE-2017-1644 RESERVED CVE-2017-1643 RESERVED CVE-2017-1642 RESERVED CVE-2017-1641 RESERVED CVE-2017-1640 RESERVED CVE-2017-1639 RESERVED CVE-2017-1638 RESERVED CVE-2017-1637 RESERVED CVE-2017-1636 RESERVED CVE-2017-1635 (IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to exec ...) NOT-FOR-US: IBM Tivoli Monitoring CVE-2017-1634 RESERVED CVE-2017-1633 (IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authentic ...) NOT-FOR-US: IBM CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM Sterling File Gateway CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...) NOT-FOR-US: IBM Jazz for Service Management CVE-2017-1630 RESERVED CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) NOT-FOR-US: IBM CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to sto ...) NOT-FOR-US: IBM CVE-2017-1627 RESERVED CVE-2017-1626 RESERVED CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...) NOT-FOR-US: IBM CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...) NOT-FOR-US: IBM CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM QRadar CVE-2017-1622 (IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly valida ...) NOT-FOR-US: IBM CVE-2017-1621 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1620 RESERVED CVE-2017-1619 RESERVED CVE-2017-1618 RESERVED CVE-2017-1617 RESERVED CVE-2017-1616 RESERVED CVE-2017-1615 RESERVED CVE-2017-1614 RESERVED CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...) NOT-FOR-US: IBM Connections CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module coul ...) NOT-FOR-US: IBM WebSphere MQ CVE-2017-1611 RESERVED CVE-2017-1610 RESERVED CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are ...) NOT-FOR-US: IBM CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0. ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2017-1605 RESERVED CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM Maximo Anywhere CVE-2017-1603 RESERVED CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6. ...) NOT-FOR-US: IBM CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database A ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1599 RESERVED CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1597 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...) NOT-FOR-US: IBM CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1594 RESERVED CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1592 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1590 RESERVED CVE-2017-1589 RESERVED CVE-2017-1588 RESERVED CVE-2017-1587 RESERVED CVE-2017-1586 RESERVED CVE-2017-1585 RESERVED CVE-2017-1584 RESERVED CVE-2017-1583 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...) NOT-FOR-US: IBM CVE-2017-1582 RESERVED CVE-2017-1581 RESERVED CVE-2017-1580 RESERVED CVE-2017-1579 RESERVED CVE-2017-1578 RESERVED CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2017-1576 RESERVED CVE-2017-1575 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...) NOT-FOR-US: IBM CVE-2017-1574 RESERVED CVE-2017-1573 RESERVED CVE-2017-1572 RESERVED CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to obta ...) NOT-FOR-US: IBM CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerabili ...) NOT-FOR-US: IBM CVE-2017-1568 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1567 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1566 RESERVED CVE-2017-1565 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1564 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1563 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1562 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1561 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1560 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1559 (Multiple IBM Rational products could disclose sensitive information by ...) NOT-FOR-US: IBM CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with au ...) NOT-FOR-US: IBM WebSphere MQ CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular exp ...) NOT-FOR-US: IBM CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated u ...) NOT-FOR-US: IBM CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injec ...) NOT-FOR-US: IBM CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2017-1550 (IBM Sterling File Gateway 2.2 could allow an authenticated user to cha ...) NOT-FOR-US: IBM Sterling File Gateway CVE-2017-1549 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM Sterling File Gateway CVE-2017-1548 (IBM Sterling File Gateway 2.2 could allow a remote attacker to travers ...) NOT-FOR-US: IBM Sterling File Gateway CVE-2017-1547 RESERVED CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable t ...) NOT-FOR-US: IBM DOORS Next Generation CVE-2017-1545 (IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1544 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...) NOT-FOR-US: IBM CVE-2017-1543 RESERVED CVE-2017-1542 RESERVED CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...) NOT-FOR-US: IBM CVE-2017-1540 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privil ...) NOT-FOR-US: IBM CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) NOT-FOR-US: IBM CVE-2017-1537 RESERVED CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 an ...) NOT-FOR-US: IBM Support Tools for Lotus WCM CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a re ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-sit ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1532 (IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vuln ...) NOT-FOR-US: IBM DOORS CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...) NOT-FOR-US: IBM CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...) NOT-FOR-US: IBM CVE-2017-1529 RESERVED CVE-2017-1528 RESERVED CVE-2017-1527 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML ...) NOT-FOR-US: IBM CVE-2017-1526 RESERVED CVE-2017-1525 RESERVED CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) NOT-FOR-US: IBM CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 cou ...) NOT-FOR-US: IBM CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1521 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized com ...) NOT-FOR-US: IBM CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A re ...) NOT-FOR-US: IBM CVE-2017-1518 RESERVED CVE-2017-1517 RESERVED CVE-2017-1516 (IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hija ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1515 (IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to ...) NOT-FOR-US: IBM Doors Web Access CVE-2017-1514 RESERVED CVE-2017-1513 RESERVED CVE-2017-1512 RESERVED CVE-2017-1511 RESERVED CVE-2017-1510 RESERVED CVE-2017-1509 (IBM Jazz Foundation products could allow an authenticated user to obta ...) NOT-FOR-US: IBM CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in wi ...) NOT-FOR-US: IBM CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information duri ...) NOT-FOR-US: IBM Jazz Foundation Products CVE-2017-1506 (IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM Cognos TM1 CVE-2017-1505 RESERVED CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide weaker ...) NOT-FOR-US: IBM CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weake ...) NOT-FOR-US: IBM CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the aut ...) NOT-FOR-US: IBM CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This vulner ...) NOT-FOR-US: IBM CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...) NOT-FOR-US: IBM CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a pr ...) NOT-FOR-US: IBM CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM Business Process Manager CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated us ...) NOT-FOR-US: IBM UrbanCode Deploy CVE-2017-1492 RESERVED CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...) NOT-FOR-US: IBM CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jazz Rep ...) NOT-FOR-US: IBM CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configu ...) NOT-FOR-US: IBM CVE-2017-1488 (An undisclosed vulnerability in Jazz common products exists with poten ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...) NOT-FOR-US: IBM CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...) NOT-FOR-US: IBM CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) NOT-FOR-US: IBM CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...) NOT-FOR-US: IBM CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...) NOT-FOR-US: IBM CVE-2017-1480 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1479 RESERVED CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be sto ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML Ext ...) NOT-FOR-US: IBM CVE-2017-1476 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1475 RESERVED CVE-2017-1474 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...) NOT-FOR-US: IBM CVE-2017-1472 RESERVED CVE-2017-1471 RESERVED CVE-2017-1470 RESERVED CVE-2017-1469 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...) NOT-FOR-US: IBM CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...) NOT-FOR-US: IBM CVE-2017-1467 (A network layer security vulnerability in InfoSphere Information Serve ...) NOT-FOR-US: IBM CVE-2017-1466 RESERVED CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hi ...) NOT-FOR-US: IBM CVE-2017-1464 RESERVED CVE-2017-1463 RESERVED CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM Rhapsody DM CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router sp ...) NOT-FOR-US: IBM CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permis ...) NOT-FOR-US: IBM Security Access Manager Appliance CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity ...) NOT-FOR-US: IBM CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2017-1456 RESERVED CVE-2017-1455 RESERVED CVE-2017-1454 RESERVED CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a remote authe ...) NOT-FOR-US: IBM CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...) NOT-FOR-US: IBM CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...) NOT-FOR-US: IBM CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could all ...) NOT-FOR-US: IBM CVE-2017-1447 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2017-1444 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1441 (IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to ...) NOT-FOR-US: IBM CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2017-1439 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1438 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1437 RESERVED CVE-2017-1436 RESERVED CVE-2017-1435 RESERVED CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...) NOT-FOR-US: IBM CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2017-1432 RESERVED CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2017-1430 RESERVED CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the ...) NOT-FOR-US: IBM CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1426 RESERVED CVE-2017-1425 (IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross- ...) NOT-FOR-US: IBM CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are ...) NOT-FOR-US: IBM WebSphere Portal CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper verifi ...) NOT-FOR-US: IBM CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...) NOT-FOR-US: IBM iNotes CVE-2017-1420 RESERVED CVE-2017-1419 RESERVED CVE-2017-1418 (IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (includ ...) NOT-FOR-US: IBM CVE-2017-1417 RESERVED CVE-2017-1416 RESERVED CVE-2017-1415 RESERVED CVE-2017-1414 RESERVED CVE-2017-1413 RESERVED CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1410 RESERVED CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1408 RESERVED CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allo ...) NOT-FOR-US: IBM CVE-2017-1406 RESERVED CVE-2017-1405 (IBM Security Identity Manager Virtual Appliance 7.0 processes patches, ...) NOT-FOR-US: IBM Security Identity Manager Virtual Appliance CVE-2017-1404 RESERVED CVE-2017-1403 RESERVED CVE-2017-1402 RESERVED CVE-2017-1401 RESERVED CVE-2017-1400 RESERVED CVE-2017-1399 RESERVED CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) NOT-FOR-US: IBM CVE-2017-1397 RESERVED CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...) NOT-FOR-US: IBM CVE-2017-1394 RESERVED CVE-2017-1393 RESERVED CVE-2017-1392 RESERVED CVE-2017-1391 RESERVED CVE-2017-1390 RESERVED CVE-2017-1389 RESERVED CVE-2017-1388 RESERVED CVE-2017-1387 RESERVED CVE-2017-1386 (IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictio ...) NOT-FOR-US: IBM CVE-2017-1385 RESERVED CVE-2017-1384 RESERVED CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create f ...) NOT-FOR-US: IBM CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router (ODR ...) NOT-FOR-US: IBM CVE-2017-1380 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensit ...) NOT-FOR-US: IBM CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) dis ...) NOT-FOR-US: IBM CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error messages ...) NOT-FOR-US: IBM CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to disabl ...) NOT-FOR-US: IBM JDK CVE-2017-1375 (IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses we ...) NOT-FOR-US: IBM CVE-2017-1374 (Sensitive data can be exposed in the IBM TRIRIGA Application Platform ...) NOT-FOR-US: IBM CVE-2017-1373 (Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and ...) NOT-FOR-US: IBM CVE-2017-1372 (IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4 ...) NOT-FOR-US: IBM CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive ...) NOT-FOR-US: IBM CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...) NOT-FOR-US: IBM CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) NOT-FOR-US: IBM CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle M ...) NOT-FOR-US: IBM Team Concert CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credent ...) NOT-FOR-US: IBM CVE-2017-1361 RESERVED CVE-2017-1360 RESERVED CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1358 RESERVED CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...) NOT-FOR-US: IBM CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL inj ...) NOT-FOR-US: IBM CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive informa ...) NOT-FOR-US: IBM CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an authentic ...) NOT-FOR-US: IBM CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...) NOT-FOR-US: IBM CVE-2017-1351 RESERVED CVE-2017-1350 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allo ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2017-1349 (IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially se ...) NOT-FOR-US: IBM CVE-2017-1348 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores file ...) NOT-FOR-US: IBM CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2017-1344 RESERVED CVE-2017-1343 RESERVED CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive informat ...) NOT-FOR-US: IBM CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, ...) NOT-FOR-US: IBM CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Ser ...) NOT-FOR-US: IBM CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...) NOT-FOR-US: IBM CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject cod ...) NOT-FOR-US: IBM CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenti ...) NOT-FOR-US: IBM CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2017-1330 RESERVED CVE-2017-1329 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) NOT-FOR-US: IBM Quality Manager CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to byp ...) NOT-FOR-US: IBM CVE-2017-1327 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests bas ...) NOT-FOR-US: IBM CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2017-1323 RESERVED CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Inject ...) NOT-FOR-US: IBM CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerabili ...) NOT-FOR-US: IBM CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ad ...) NOT-FOR-US: IBM CVE-2017-1317 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1316 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1315 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1314 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1313 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1312 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. ...) NOT-FOR-US: IBM CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user c ...) NOT-FOR-US: IBM CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 cou ...) NOT-FOR-US: IBM CVE-2017-1307 RESERVED CVE-2017-1306 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utiliz ...) NOT-FOR-US: IBM CVE-2017-1303 (IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is ...) NOT-FOR-US: IBM CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local u ...) NOT-FOR-US: IBM CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launc ...) NOT-FOR-US: IBM CVE-2017-1300 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2017-1299 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1298 REJECTED CVE-2017-1297 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1296 RESERVED CVE-2017-1295 (IBM RSA DM contains unspecified vulnerability in CLM Applications with ...) NOT-FOR-US: IBM CVE-2017-1294 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1293 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that ...) NOT-FOR-US: IBM CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...) NOT-FOR-US: IBM CVE-2017-1290 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity Inj ...) NOT-FOR-US: IBM JDK CVE-2017-1288 RESERVED CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct p ...) NOT-FOR-US: IBM CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode Dep ...) NOT-FOR-US: IBM UrbanCode Deploy CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user wit ...) NOT-FOR-US: IBM CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...) NOT-FOR-US: IBM CVE-2017-1283 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...) NOT-FOR-US: IBM CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2017-1281 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1280 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1279 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remo ...) NOT-FOR-US: IBM Tealeaf Customer Experience CVE-2017-1278 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1277 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1276 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1275 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in t ...) NOT-FOR-US: IBM CVE-2017-1273 RESERVED CVE-2017-1272 (IBM Security Guardium 10.0 and 10.5 stores sensitive information in UR ...) NOT-FOR-US: IBM CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between m ...) NOT-FOR-US: IBM CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a s ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...) NOT-FOR-US: IBM CVE-2017-1268 (IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash ag ...) NOT-FOR-US: IBM CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups a ...) NOT-FOR-US: IBM CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a security-critic ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1265 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...) NOT-FOR-US: IBM CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves tha ...) NOT-FOR-US: IBM CVE-2017-1263 RESERVED CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response splitting at ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive information in ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1260 RESERVED CVE-2017-1259 RESERVED CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to unauthor ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weake ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity Inje ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM Security Guardium CVE-2017-1252 RESERVED CVE-2017-1251 (An undisclosed vulnerability in CLM applications may result in some ad ...) NOT-FOR-US: IBM CVE-2017-1250 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) NOT-FOR-US: IBM CVE-2017-1249 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2017-1248 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) NOT-FOR-US: IBM Quality Manager CVE-2017-1247 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1246 RESERVED CVE-2017-1245 (IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerab ...) NOT-FOR-US: IBM CVE-2017-1244 RESERVED CVE-2017-1243 RESERVED CVE-2017-1242 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) NOT-FOR-US: IBM Quality Manager CVE-2017-1241 (An unspecified vulnerability in IBM Jazz Foundation based applications ...) NOT-FOR-US: IBM CVE-2017-1240 (IBM Rhapsody DM products could reveal sensitive information in HTTP 50 ...) NOT-FOR-US: IBM CVE-2017-1239 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sen ...) NOT-FOR-US: IBM Quality Manager CVE-2017-1238 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) NOT-FOR-US: IBM Quality Manager CVE-2017-1237 (IBM Jazz based applications are vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentiall ...) NOT-FOR-US: IBM CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a prem ...) NOT-FOR-US: IBM CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the component to ...) NOT-FOR-US: IBM Remote Control CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmit ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1231 (IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in cl ...) NOT-FOR-US: IBM CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ins ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a rem ...) NOT-FOR-US: IBM CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could al ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...) NOT-FOR-US: IBM CVE-2017-1226 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generate ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1225 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores s ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic al ...) NOT-FOR-US: IBM CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct p ...) NOT-FOR-US: IBM CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require ...) NOT-FOR-US: IBM CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) disclose ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Inj ...) NOT-FOR-US: IBM CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request forger ...) NOT-FOR-US: IBM CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2017-1216 RESERVED CVE-2017-1215 RESERVED CVE-2017-1214 (IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malform ...) NOT-FOR-US: IBM CVE-2017-1213 RESERVED CVE-2017-1212 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 i ...) NOT-FOR-US: IBM CVE-2017-1211 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 c ...) NOT-FOR-US: IBM CVE-2017-1210 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 c ...) NOT-FOR-US: IBM CVE-2017-1209 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 i ...) NOT-FOR-US: IBM CVE-2017-1208 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2017-1207 (IBM WebSphere Message Broker stores user credentials in plain in clear ...) NOT-FOR-US: IBM CVE-2017-1206 RESERVED CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...) NOT-FOR-US: IBM CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-code ...) NOT-FOR-US: IBM Tealeaf Customer Experience CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...) NOT-FOR-US: IBM CVE-2017-1202 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulne ...) NOT-FOR-US: IBM CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores use ...) NOT-FOR-US: IBM CVE-2017-1200 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not ...) NOT-FOR-US: IBM CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 1 ...) NOT-FOR-US: IBM CVE-2017-1198 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores s ...) NOT-FOR-US: IBM CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...) NOT-FOR-US: IBM CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require tha ...) NOT-FOR-US: IBM CVE-2017-1195 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow ...) NOT-FOR-US: IBM CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to o ...) NOT-FOR-US: IBM CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entit ...) NOT-FOR-US: IBM CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM Ration ...) NOT-FOR-US: IBM Rational Collaborative Lifecycle Management CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could ...) NOT-FOR-US: IBM CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vuln ...) NOT-FOR-US: IBM CVE-2017-1188 RESERVED CVE-2017-1187 RESERVED CVE-2017-1186 RESERVED CVE-2017-1185 RESERVED CVE-2017-1184 RESERVED CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...) NOT-FOR-US: IBM CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...) NOT-FOR-US: Oracle Primavera CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local attacker to ...) NOT-FOR-US: IBM CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could a ...) NOT-FOR-US: IBM TRIRIGA Document Manager CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected crypt ...) NOT-FOR-US: IBM CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...) NOT-FOR-US: IBM CVE-2017-1177 (IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive informati ...) NOT-FOR-US: IBM CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...) NOT-FOR-US: IBM CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL inj ...) NOT-FOR-US: IBM CVE-2017-1174 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2017-1173 RESERVED CVE-2017-1172 RESERVED CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulne ...) NOT-FOR-US: IBM CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) NOT-FOR-US: IBM CVE-2017-1169 (IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2017-1168 (IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulner ...) NOT-FOR-US: IBM CVE-2017-1167 RESERVED CVE-2017-1166 RESERVED CVE-2017-1165 RESERVED CVE-2017-1164 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...) NOT-FOR-US: IBM CVE-2017-1163 RESERVED CVE-2017-1162 (IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized ...) NOT-FOR-US: IBM CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbit ...) NOT-FOR-US: IBM CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) NOT-FOR-US: IBM CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2017-1158 RESERVED CVE-2017-1157 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authentica ...) NOT-FOR-US: IBM CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to cond ...) NOT-FOR-US: IBM CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) NOT-FOR-US: IBM CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) NOT-FOR-US: IBM CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability th ...) NOT-FOR-US: IBM CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly up ...) NOT-FOR-US: IBM CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...) NOT-FOR-US: IBM CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...) NOT-FOR-US: IBM CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...) NOT-FOR-US: IBM CVE-2017-1148 (IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry ...) NOT-FOR-US: IBM CVE-2017-1147 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents wh ...) NOT-FOR-US: IBM CVE-2017-1144 (IBM WebSphere Message Broker could allow a local user with specialized ...) NOT-FOR-US: IBM CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...) NOT-FOR-US: IBM CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...) NOT-FOR-US: IBM CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an au ...) NOT-FOR-US: IBM CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2017-1139 RESERVED CVE-2017-1138 RESERVED CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker th ...) NOT-FOR-US: IBM CVE-2017-1136 RESERVED CVE-2017-1135 RESERVED CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to e ...) NOT-FOR-US: IBM CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...) NOT-FOR-US: IBM CVE-2017-1132 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2017-1131 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) NOT-FOR-US: IBM CVE-2017-1130 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...) NOT-FOR-US: IBM CVE-2017-1129 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...) NOT-FOR-US: IBM CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...) NOT-FOR-US: IBM CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...) NOT-FOR-US: IBM CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local atta ...) NOT-FOR-US: IBM CVE-2017-1123 RESERVED CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...) NOT-FOR-US: IBM CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2017-1119 (IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote a ...) NOT-FOR-US: IBM CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...) NOT-FOR-US: IBM CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...) NOT-FOR-US: IBM CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive ...) NOT-FOR-US: IBM CVE-2017-1115 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A rem ...) NOT-FOR-US: IBM CVE-2017-1114 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2017-1112 RESERVED CVE-2017-1111 RESERVED CVE-2017-1110 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an ...) NOT-FOR-US: IBM CVE-2017-1109 RESERVED CVE-2017-1108 RESERVED CVE-2017-1107 (IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive ...) NOT-FOR-US: IBM CVE-2017-1106 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) NOT-FOR-US: IBM CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...) NOT-FOR-US: IBM CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...) NOT-FOR-US: IBM CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to ...) NOT-FOR-US: IBM CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to c ...) NOT-FOR-US: IBM CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...) NOT-FOR-US: IBM CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2017-1095 RESERVED CVE-2017-1094 RESERVED CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulner ...) NOT-FOR-US: IBM AIX CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unaut ...) NOT-FOR-US: IBM CVE-2017-1091 RESERVED CVE-2017-1090 REJECTED CVE-2017-1089 REJECTED CVE-2017-1088 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...) - kfreebsd-10 (unimportant) NOTE: kfreebsd not covered by security support CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ...) - kfreebsd-10 (unimportant) NOTE: kfreebsd not covered by security support CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...) - kfreebsd-10 (unimportant) NOTE: kfreebsd not covered by security support CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...) - kfreebsd-10 (unimportant) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: kfreebsd not covered by security support CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ...) - kfreebsd-10 (unimportant) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: kfreebsd not covered by security support CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...) - kfreebsd-10 (unimportant) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: kfreebsd not covered by security support CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...) - kfreebsd-10 (unimportant) NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt NOTE: kfreebsd not covered by security support CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc NOTE: kfreebsd not covered by security support CVE-2017-1080 REJECTED CVE-2017-1079 REJECTED CVE-2017-1078 REJECTED CVE-2017-1077 REJECTED CVE-2017-1076 REJECTED CVE-2017-1075 REJECTED CVE-2017-1074 REJECTED CVE-2017-1073 REJECTED CVE-2017-1072 REJECTED CVE-2017-1071 REJECTED CVE-2017-1070 REJECTED CVE-2017-1069 REJECTED CVE-2017-1068 REJECTED CVE-2017-1067 REJECTED CVE-2017-1066 REJECTED CVE-2017-1065 REJECTED CVE-2017-1064 REJECTED CVE-2017-1063 REJECTED CVE-2017-1062 REJECTED CVE-2017-1061 REJECTED CVE-2017-1060 REJECTED CVE-2017-1059 REJECTED CVE-2017-1058 REJECTED CVE-2017-1057 REJECTED CVE-2017-1056 REJECTED CVE-2017-1055 REJECTED CVE-2017-1054 REJECTED CVE-2017-1053 REJECTED CVE-2017-1052 REJECTED CVE-2017-1051 REJECTED CVE-2017-1050 REJECTED CVE-2017-1049 REJECTED CVE-2017-1048 REJECTED CVE-2017-1047 REJECTED CVE-2017-1046 REJECTED CVE-2017-1045 REJECTED CVE-2017-1044 REJECTED CVE-2017-1043 REJECTED CVE-2017-1042 REJECTED CVE-2017-1041 REJECTED CVE-2017-1040 REJECTED CVE-2017-1039 REJECTED CVE-2017-1038 REJECTED CVE-2017-1037 REJECTED CVE-2017-1036 REJECTED CVE-2017-1035 REJECTED CVE-2017-1034 REJECTED CVE-2017-1033 REJECTED CVE-2017-1032 REJECTED CVE-2017-1031 REJECTED CVE-2017-1030 REJECTED CVE-2017-1029 REJECTED CVE-2017-1028 REJECTED CVE-2017-1027 REJECTED CVE-2017-1026 REJECTED CVE-2017-1025 REJECTED CVE-2017-1024 REJECTED CVE-2017-1023 REJECTED CVE-2017-1022 REJECTED CVE-2017-1021 REJECTED CVE-2017-1020 REJECTED CVE-2017-1019 REJECTED CVE-2017-1018 REJECTED CVE-2017-1017 REJECTED CVE-2017-1016 REJECTED CVE-2017-1015 REJECTED CVE-2017-1014 REJECTED CVE-2017-1013 REJECTED CVE-2017-1012 REJECTED CVE-2017-1011 REJECTED CVE-2017-1010 REJECTED CVE-2017-1009 REJECTED CVE-2017-1008 REJECTED CVE-2017-1007 REJECTED CVE-2017-1006 REJECTED CVE-2017-1005 REJECTED CVE-2017-1004 REJECTED CVE-2017-1003 REJECTED CVE-2017-1002 REJECTED CVE-2017-1001 REJECTED CVE-2017-1000 REJECTED CVE-2017-0999 REJECTED CVE-2017-0998 REJECTED CVE-2017-0997 REJECTED CVE-2017-0996 REJECTED CVE-2017-0995 REJECTED CVE-2017-0994 REJECTED CVE-2017-0993 REJECTED CVE-2017-0992 REJECTED CVE-2017-0991 REJECTED CVE-2017-0990 REJECTED CVE-2017-0989 REJECTED CVE-2017-0988 REJECTED CVE-2017-0987 REJECTED CVE-2017-0986 REJECTED CVE-2017-0985 REJECTED CVE-2017-0984 REJECTED CVE-2017-0983 REJECTED CVE-2017-0982 REJECTED CVE-2017-0981 REJECTED CVE-2017-0980 RESERVED CVE-2017-0979 RESERVED CVE-2017-0978 RESERVED CVE-2017-0977 RESERVED CVE-2017-0976 RESERVED CVE-2017-0975 RESERVED CVE-2017-0974 RESERVED CVE-2017-0973 RESERVED CVE-2017-0972 RESERVED CVE-2017-0971 RESERVED CVE-2017-0970 RESERVED CVE-2017-0969 RESERVED CVE-2017-0968 RESERVED CVE-2017-0967 RESERVED CVE-2017-0966 RESERVED CVE-2017-0965 RESERVED CVE-2017-0964 RESERVED CVE-2017-0963 RESERVED CVE-2017-0962 RESERVED CVE-2017-0961 RESERVED CVE-2017-0960 RESERVED CVE-2017-0959 RESERVED CVE-2017-0958 RESERVED CVE-2017-0957 RESERVED CVE-2017-0956 RESERVED CVE-2017-0955 RESERVED CVE-2017-0954 RESERVED CVE-2017-0953 RESERVED CVE-2017-0952 RESERVED CVE-2017-0951 RESERVED CVE-2017-0950 RESERVED CVE-2017-0949 RESERVED CVE-2017-0948 RESERVED CVE-2017-0947 RESERVED CVE-2017-0946 RESERVED CVE-2017-0945 RESERVED CVE-2017-0944 RESERVED CVE-2017-0943 RESERVED CVE-2017-0942 RESERVED CVE-2017-0941 RESERVED CVE-2017-0940 RESERVED CVE-2017-0939 RESERVED CVE-2017-0938 (Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMA ...) NOT-FOR-US: airMAX CVE-2017-0937 RESERVED CVE-2017-0936 (Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorizatio ...) - nextcloud (bug #835086) CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...) NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improp ...) NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-S ...) NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...) NOT-FOR-US: Ubiquiti Networks EdgeOS CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS) vul ...) NOT-FOR-US: html-janitor node module CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due ...) NOT-FOR-US: augustine node module CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request F ...) NOT-FOR-US: DNN (aka DotNetNuke) CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical ...) NOT-FOR-US: html-janitor node module CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...) - gitlab 10.5.5+dfsg-1 (bug #888508) [stretch] - gitlab (Doesn't affect 8.x) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insuffici ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) - gitlab 10.5.5+dfsg-1 [stretch] - gitlab (Only affects 9.0 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input va ...) - gitlab 10.5.5+dfsg-1 (bug #888508) [stretch] - gitlab (Doesn't affect 8.x) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an authorizati ...) - gitlab 10.5.5+dfsg-1 [stretch] - gitlab (Only affects 9.1 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...) {DSA-4206-1} - gitlab 10.5.5+dfsg-1 NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0919 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...) - gitlab 10.5.5+dfsg-1 NOTE: https://hackerone.com/reports/301137 NOTE: Fixed in 10.1.6, 10.2.6, and 10.3.4 CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path traversa ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82 CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of inp ...) {DSA-4145-1} - gitlab 10.5.5+dfsg-1 (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2. ...) - gitlab 10.5.5+dfsg-1 [stretch] - gitlab (Only affects 9.4 and later) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to r ...) NOT-FOR-US: Ubiquiti UCRM CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-s ...) NOT-FOR-US: Ubiquiti UCRM CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...) NOT-FOR-US: Twitter Kit for iOS CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a vuln ...) - zulip-server (bug #800052) CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a byp ...) NOT-FOR-US: private_address_check ruby gem CVE-2017-0908 REJECTED CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1. ...) NOT-FOR-US: Recurly Client .NET Library CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...) NOT-FOR-US: Recurly Client Python Library CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...) NOT-FOR-US: Recurly Client Ruby Library CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a byp ...) NOT-FOR-US: private_address_check ruby gem CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...) {DSA-4031-1 DLA-1421-1} - ruby2.3 2.3.5-1 (bug #879231) - ruby2.1 - ruby1.9.1 [wheezy] - ruby1.9.1 (Vulnerable code introduced later) - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...) {DSA-3966-1 DLA-1421-1} - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 - ruby1.9.1 [wheezy] - ruby1.9.1 (Vulnerable code introduced later) - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification na ...) {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1} - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 - ruby1.9.1 - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...) {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1} - ruby2.3 2.3.3-1+deb9u1 (bug #873802) - ruby2.1 - ruby1.9.1 - rubygems 3.2.0~rc.1-1 NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...) {DSA-3966-1 DLA-1421-1 DLA-1114-1} - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) - ruby2.1 (unimportant) - ruby1.9.1 (unimportant) - rubygems 3.2.0~rc.1-1 (unimportant) NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...) {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1} - ruby2.3 2.3.5-1 (bug #875936) - ruby2.1 - ruby1.9.1 - ruby1.8 NOTE: https://github.com/mruby/mruby/issues/3722 NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ NOTE: https://bugs.ruby-lang.org/issues/13499 CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create a ...) NOT-FOR-US: ExpressionEngine CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the implementatio ...) - zulip-server (bug #800052) CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...) - nextcloud (bug #835086) CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid sh ...) - nextcloud (bug #835086) CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vu ...) - nextcloud (bug #835086) CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ha ...) - nextcloud (bug #835086) CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...) - nextcloud (bug #835086) CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...) - nextcloud (bug #835086) CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...) NOT-FOR-US: paperclip ruby gem CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoof ...) - nextcloud (bug #835086) CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Ser ...) - nextcloud (bug #835086) CVE-2017-0885 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message ...) - nextcloud (bug #835086) CVE-2017-0884 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of f ...) - nextcloud (bug #835086) CVE-2017-0883 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission in ...) - nextcloud (bug #835086) CVE-2017-0882 (Multiple versions of GitLab expose sensitive user credentials when ass ...) - gitlab 8.13.11+dfsg-7 (bug #858410) NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the chec ...) NOT-FOR-US: Zulip CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...) - linux 4.6.1-1 [jessie] - linux 3.16.39-1 [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1) CVE-2016-9753 RESERVED CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...) - serendipity CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front e ...) - piwigo [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text ...) NOT-FOR-US: IBM CVE-2016-9749 (IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive inf ...) NOT-FOR-US: IBM CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2016-9745 RESERVED CVE-2016-9744 RESERVED CVE-2016-9743 RESERVED CVE-2016-9742 RESERVED CVE-2016-9741 RESERVED CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resources ...) NOT-FOR-US: IBM CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user credential ...) NOT-FOR-US: IBM CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong ...) NOT-FOR-US: IBM CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could a ...) NOT-FOR-US: IBM CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain sensit ...) NOT-FOR-US: IBM CVE-2016-9734 RESERVED CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2016-9732 (IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerabl ...) NOT-FOR-US: IBM CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2016-9730 (IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request ...) NOT-FOR-US: IBM CVE-2016-9729 (IBM QRadar 7.2 does not perform an authentication check for a critical ...) NOT-FOR-US: IBM CVE-2016-9728 (IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could ...) NOT-FOR-US: IBM CVE-2016-9727 (IBM QRadar 7.2 could allow a remote authenticated attacker to execute ...) NOT-FOR-US: IBM CVE-2016-9726 (IBM QRadar Incident Forensics 7.2 could allow a remote authenticated a ...) NOT-FOR-US: IBM CVE-2016-9725 (IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sha ...) NOT-FOR-US: IBM CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML ...) NOT-FOR-US: IBM CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...) NOT-FOR-US: IBM CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical r ...) NOT-FOR-US: IBM QRadar CVE-2016-9721 RESERVED CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users. ...) NOT-FOR-US: IBM CVE-2016-9719 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...) NOT-FOR-US: IBM CVE-2016-9718 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...) NOT-FOR-US: IBM CVE-2016-9717 (HTTP Parameter Override is identified in the IBM Infosphere Master Dat ...) NOT-FOR-US: IBM CVE-2016-9716 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...) NOT-FOR-US: IBM CVE-2016-9715 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...) NOT-FOR-US: IBM CVE-2016-9714 (IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 1 ...) NOT-FOR-US: IBM CVE-2016-9713 RESERVED CVE-2016-9712 RESERVED CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveal ...) NOT-FOR-US: IBM CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a remot ...) NOT-FOR-US: IBM CVE-2016-9709 RESERVED CVE-2016-9708 RESERVED CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...) NOT-FOR-US: IBM CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLO ...) NOT-FOR-US: IBM CVE-2016-9705 RESERVED CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate se ...) NOT-FOR-US: IBM CVE-2016-9702 RESERVED CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain se ...) NOT-FOR-US: IBM CVE-2016-9699 RESERVED CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service ...) NOT-FOR-US: IBM CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 coul ...) NOT-FOR-US: IBM CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A r ...) NOT-FOR-US: IBM CVE-2016-9695 RESERVED CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download cap ...) NOT-FOR-US: IBM CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to Ex ...) NOT-FOR-US: IBM CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2016-9690 REJECTED CVE-2016-9689 REJECTED CVE-2016-9688 REJECTED CVE-2016-9687 REJECTED CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...) - puppet (Only affects Puppet Enterprise) CVE-2017-0880 (A denial of service vulnerability in the Android media framework (libs ...) - skia (bug #818180) CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0875 RESERVED CVE-2017-0874 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android Media Framework CVE-2017-0873 (A denial of service vulnerability in the Android media framework (libm ...) NOT-FOR-US: Android Media Framework CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework (fram ...) NOT-FOR-US: Android CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework (libm ...) NOT-FOR-US: Android CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could c ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-0868 RESERVED CVE-2017-0867 RESERVED CVE-2017-0866 (An elevation of privilege vulnerability in the Direct rendering infras ...) NOT-FOR-US: NVIDIA components for Android CVE-2017-0865 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0864 (An elevation of privilege vulnerability in the MediaTek ioctl (flashli ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0863 (An elevation of privilege vulnerability in the Upstream kernel video d ...) NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...) NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...) {DSA-4187-1 DLA-1369-1} - linux 4.13.4-1 [stretch] - linux 4.9.80-1 NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229 NOTE: UAF actually already removed in https://git.kernel.org/linus/e11f0f90a626f93899687b1cc909ee37dd6c5809 CVE-2017-0860 (An elevation of privilege vulnerability in the Android system (inputdi ...) NOT-FOR-US: Android CVE-2017-0859 (Another vulnerability in the Android media framework (n/a). Product: A ...) NOT-FOR-US: Android media framework CVE-2017-0858 (Another vulnerability in the Android media framework (n/a). Product: A ...) NOT-FOR-US: Android media framework CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Product: A ...) NOT-FOR-US: Android media framework CVE-2017-0856 RESERVED CVE-2017-0855 (In MPEG4Extractor.cpp, there are several places where functions return ...) NOT-FOR-US: Android media framework CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0852 (A denial of service vulnerability in the Android media framework (libh ...) NOT-FOR-US: Android media framework CVE-2017-0851 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0850 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0849 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0848 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0847 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0846 (An information disclosure vulnerability in the Android framework (clip ...) NOT-FOR-US: Android CVE-2017-0845 (A denial of service vulnerability in the Android framework (syncstorag ...) NOT-FOR-US: Android CVE-2017-0844 RESERVED CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...) NOT-FOR-US: MediaTek component for Android CVE-2017-0842 (An elevation of privilege vulnerability in the Android system (bluetoo ...) NOT-FOR-US: Fluoride Bluetooth stack in Android CVE-2017-0841 (A remote code execution vulnerability in the Android system (libutils) ...) - android-platform-system-core (unimportant) NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/ CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0834 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0833 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework (wind ...) NOT-FOR-US: Android CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework (devi ...) NOT-FOR-US: Android CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. Pr ...) NOT-FOR-US: Motorola bootloader CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. Prod ...) NOT-FOR-US: Huawei bootloader CVE-2017-0827 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0826 (An elevation of privilege vulnerability in the HTC bootloader. Product ...) NOT-FOR-US: HTC bootloader CVE-2017-0825 (An information disclosure vulnerability in the Broadcom wifi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild). ...) NOT-FOR-US: Android (rild) CVE-2017-0822 (An elevation of privilege vulnerability in the Android system (camera) ...) - android-framework-23 (unimportant) NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a CVE-2017-0821 RESERVED CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: Android ...) NOT-FOR-US: Android media framework CVE-2017-0819 (A vulnerability in the Android media framework (n/a). Product: Android ...) NOT-FOR-US: Android media framework CVE-2017-0818 (A vulnerability in the Android media framework (n/a). Product: Android ...) NOT-FOR-US: Android media framework CVE-2017-0817 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0816 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0815 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0814 (An information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0813 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: Android media framework CVE-2017-0812 (An elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0811 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0810 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0809 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0808 (An information disclosure vulnerability in the Android framework (file ...) NOT-FOR-US: Android CVE-2017-0807 (An elevation of privilege vulnerability in the Android framework (ui f ...) NOT-FOR-US: Android CVE-2017-0806 (An elevation of privilege vulnerability in the Android framework (gate ...) NOT-FOR-US: Android CVE-2017-0805 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc driver. Pro ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei. Product: ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus. Produc ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc driver. ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel scsi dri ...) NOT-FOR-US: Android kernel on Nexus (probably) NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't link a public patch, so probably related to some binary-only component on Nexus CVE-2017-0793 (A information disclosure vulnerability in the N/A memory subsystem. Pr ...) NOT-FOR-US: Imagetech driver for Android CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) - linux 4.13.4-2 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.51-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/17df6453d4be17910456e99c5a85025aa1b7a246 (v4.14-rc4) CVE-2017-0785 (A information disclosure vulnerability in the Android system (bluetoot ...) NOT-FOR-US: Android NOTE: https://www.armis.com/blueborne/ CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). Pr ...) NOT-FOR-US: Android CVE-2017-0783 (A information disclosure vulnerability in the Android system (bluetoot ...) NOT-FOR-US: Android NOTE: https://www.armis.com/blueborne/ CVE-2017-0782 (A remote code execution vulnerability in the Android system (bluetooth ...) NOT-FOR-US: Android NOTE: https://www.armis.com/blueborne/ CVE-2017-0781 (A remote code execution vulnerability in the Android system (bluetooth ...) NOT-FOR-US: Android NOTE: https://www.armis.com/blueborne/ CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android mess ...) NOT-FOR-US: Android messaging CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0777 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0776 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0775 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: Android Media Framework CVE-2017-0774 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: Android Media Framework CVE-2017-0773 (A denial of service vulnerability in the Android media framework (libh ...) NOT-FOR-US: Android Media Framework CVE-2017-0772 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android Media Framework CVE-2017-0771 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: Android Media Framework CVE-2017-0770 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0769 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0768 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0767 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android Media Framework CVE-2017-0766 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0765 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0764 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0763 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0762 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0761 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0760 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0759 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0758 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0757 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0756 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android Media Framework CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries (libmi ...) NOT-FOR-US: Android CVE-2017-0754 RESERVED CVE-2017-0753 (A remote code execution vulnerability in the Android libraries (libgdx ...) NOT-FOR-US: Android (libgdx) CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework (windo ...) - android-framework-23 (unimportant) NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/ CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE driver. Pr ...) NOT-FOR-US: Google drivers for Android CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file syst ...) - linux (Android-specific change) NOTE: https://source.android.com/security/bulletin/2017-08-01 CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux linux ker ...) - linux (Android-specific change) NOTE: https://source.android.com/security/bulletin/2017-08-01 CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio driver. ...) NOT-FOR-US: Google drivers for Android CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm proprietary com ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0746 (A elevation of privilege vulnerability in the Qualcomm ipa driver. Pro ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0745 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: libstagefright CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware process ...) NOT-FOR-US: Google drivers for Android CVE-2017-0743 RESERVED CVE-2017-0742 (A elevation of privilege vulnerability in the MediaTek video driver. P ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0741 (A elevation of privilege vulnerability in the MediaTek gpu driver. Pro ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0740 (A remote code execution vulnerability in the Broadcom networking drive ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0739 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0738 (A information disclosure vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0737 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: libstagefright CVE-2017-0736 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android media framework CVE-2017-0735 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android media framework CVE-2017-0734 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android media framework CVE-2017-0733 (A denial of service vulnerability in the Android media framework (libm ...) NOT-FOR-US: Android media framework CVE-2017-0732 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: libstagefright CVE-2017-0731 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: libstagefright CVE-2017-0730 (A denial of service vulnerability in the Android media framework (h264 ...) NOT-FOR-US: Android media framework CVE-2017-0729 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0728 (A denial of service vulnerability in the Android media framework (hevc ...) NOT-FOR-US: Android media framework CVE-2017-0727 (A elevation of privilege vulnerability in the Android media framework ...) NOT-FOR-US: Android media framework CVE-2017-0726 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: libstagefright CVE-2017-0725 (A denial of service vulnerability in the Android media framework (libs ...) NOT-FOR-US: Android media framework CVE-2017-0724 (A denial of service vulnerability in the Android media framework (libm ...) NOT-FOR-US: Android media framework CVE-2017-0723 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0722 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: libstagefright CVE-2017-0721 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0720 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0719 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0718 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0717 RESERVED CVE-2017-0716 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0715 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0714 (A remote code execution vulnerability in the Android media framework ( ...) NOT-FOR-US: Android media framework CVE-2017-0713 (A remote code execution vulnerability in the Android libraries (sfntly ...) NOT-FOR-US: Android CVE-2017-0712 (A elevation of privilege vulnerability in the Android framework (wi-fi ...) NOT-FOR-US: Android CVE-2017-0711 (A elevation of privilege vulnerability in the MediaTek networking driv ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0710 (A elevation of privilege vulnerability in the Upstream Linux tcb. Prod ...) NOT-FOR-US: Android Trusted Computing Base CVE-2017-0709 (A information disclosure vulnerability in the HTC sensor hub driver. P ...) NOT-FOR-US: HTC driver for Android CVE-2017-0708 (A information disclosure vulnerability in the HTC sound driver. Produc ...) NOT-FOR-US: HTC driver for Android CVE-2017-0707 (A elevation of privilege vulnerability in the HTC led driver. Product: ...) NOT-FOR-US: HTC driver for Android CVE-2017-0706 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0705 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0704 (A elevation of privilege vulnerability in the Android system ui. Produ ...) NOT-FOR-US: Android CVE-2017-0703 (A elevation of privilege vulnerability in the Android system ui. Produ ...) NOT-FOR-US: Android CVE-2017-0702 (A remote code execution vulnerability in the Android system ui. Produc ...) NOT-FOR-US: Android CVE-2017-0701 (A remote code execution vulnerability in the Android system ui. Produc ...) NOT-FOR-US: Android CVE-2017-0700 (A remote code execution vulnerability in the Android system ui. Produc ...) NOT-FOR-US: Android CVE-2017-0699 (A information disclosure vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0698 (A information disclosure vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0697 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0696 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0695 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0694 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0693 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0692 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0691 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0690 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0689 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0688 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0687 (A denial of service vulnerability in the Android media framework (liba ...) NOT-FOR-US: Android media framework CVE-2017-0686 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0685 (A denial of service vulnerability in the Android media framework. Prod ...) NOT-FOR-US: Android media framework CVE-2017-0684 (A elevation of privilege vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0683 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0682 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0681 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0680 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0679 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0678 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0677 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0676 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0675 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0674 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...) NOT-FOR-US: Android media framework CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: A ...) NOT-FOR-US: Android CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. Produc ...) NOT-FOR-US: Android NOTE: Not publicly available CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: A ...) NOT-FOR-US: Android CVE-2017-0669 (A information disclosure vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0668 (A information disclosure vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0667 (A elevation of privilege vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0666 (A elevation of privilege vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0665 (A elevation of privilege vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. Produ ...) NOT-FOR-US: Android CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an attac ...) {DSA-3952-1 DLA-1060-1} - libxml2 2.9.4+dfsg1-3.1 (bug #870870) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92b9e8c8b3787068565a1820ba575d042f9eec66 CVE-2017-0662 RESERVED CVE-2017-0661 RESERVED CVE-2017-0660 RESERVED CVE-2017-0659 RESERVED CVE-2017-0658 RESERVED CVE-2017-0657 RESERVED CVE-2017-0656 RESERVED CVE-2017-0655 RESERVED CVE-2017-0654 RESERVED CVE-2017-0653 RESERVED CVE-2017-0652 RESERVED CVE-2017-0651 (An information disclosure vulnerability in the kernel ION subsystem co ...) NOT-FOR-US: Android CVE-2017-0650 (An information disclosure vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0649 (An elevation of privilege vulnerability in the MediaTek sound driver c ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0648 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...) NOT-FOR-US: Android CVE-2017-0647 (An information disclosure vulnerability in libziparchive could enable ...) - android-platform-system-core 1:7.0.0+r33-2 (unimportant; bug #867229) [jessie] - android-platform-system-core (Vulnerable code not present) NOTE: No impact on SDK usage CVE-2017-0646 (An information disclosure vulnerability in Bluetooth component could e ...) NOT-FOR-US: Android CVE-2017-0645 (An elevation of privilege vulnerability in Bluetooth could enable a lo ...) NOT-FOR-US: Android CVE-2017-0644 (A remote denial of service vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0643 (A remote denial of service vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0642 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0641 (A remote denial of service vulnerability in libvpx in Mediaserver coul ...) - libvpx (unimportant; bug #871931) NOTE: https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb NOTE: Debian builds configures with --size-limit=16384x16384, Android lowered NOTE: the limit to something more aligned for smart phones CVE-2017-0640 (A remote denial of service vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0639 (An information disclosure vulnerability in Bluetooth component could e ...) NOT-FOR-US: Android CVE-2017-0638 (A remote code execution vulnerability in System UI component could ena ...) NOT-FOR-US: Android CVE-2017-0637 (A remote code execution vulnerability in libhevc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0636 (An elevation of privilege vulnerability in the MediaTek command queue ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in libstagef ...) NOT-FOR-US: libstagefright CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec dr ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...) - linux (unimportant) NOTE: https://lore.kernel.org/lkml/20180725202238.165314-1-salyzyn@android.com/ NOTE: Negligible security impact CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...) NOT-FOR-US: Android kernel CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could en ...) NOT-FOR-US: HTC driver for Android CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen driv ...) NOT-FOR-US: Goodix driver for Android CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver c ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system managem ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver c ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0605 REJECTED CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power d ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver cou ...) NOT-FOR-US: libstagefright CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a loc ...) NOT-FOR-US: Android CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...) NOT-FOR-US: Android CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in Mediaser ...) NOT-FOR-US: libstagefright CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...) NOT-FOR-US: libstagefright CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...) NOT-FOR-US: libstagefright CVE-2017-0594 (An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncode ...) NOT-FOR-US: libstagefright CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in libstage ...) NOT-FOR-US: Android CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could e ...) NOT-FOR-US: Android Mediaserver CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...) NOT-FOR-US: libstagefright CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...) NOT-FOR-US: libstagefright CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0584 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0583 (An elevation of privilege vulnerability in the Qualcomm CP access driv ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0582 (An elevation of privilege vulnerability in the HTC OEM fastboot comman ...) NOT-FOR-US: HTC driver for Android CVE-2017-0581 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0580 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0579 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0578 (An elevation of privilege vulnerability in the DTS sound driver could ...) NOT-FOR-US: DTS driver for Android CVE-2017-0577 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0576 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0575 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0574 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0573 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0572 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0571 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0570 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0569 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0568 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0567 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0566 (An elevation of privilege vulnerability in the MediaTek camera driver ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0565 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0564 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) NOT-FOR-US: Android ION subsystem NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no NOTE: patch has been made available it's likely some closed-source addon CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware c ...) {DLA-1573-1} - firmware-nonfree 20180518-1 (bug #869639) [stretch] - firmware-nonfree 20161130-4 [jessie] - firmware-nonfree (non-free not supported) CVE-2017-0560 (An information disclosure vulnerability in the factory reset process c ...) NOT-FOR-US: Android CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a loca ...) - skia (bug #818180) CVE-2017-0558 (An information disclosure vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0557 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0556 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0555 (An information disclosure vulnerability in libavc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver/ libavc CVE-2017-0554 (An elevation of privilege vulnerability in the Telephony component cou ...) NOT-FOR-US: Android CVE-2017-0553 (An elevation of privilege vulnerability in libnl could enable a local ...) {DLA-892-1 DLA-891-1} - libnl3 3.2.27-2 (unimportant; bug #859948) - libnl (unimportant) NOTE: Fixed by: http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb NOTE: Fix via Android: https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0 NOTE: Not a security issue by itself, the upstream patch protects against API misuse, NOTE: this still requires missing input validation in the application using libnl CVE-2017-0552 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) NOT-FOR-US: Android Mediaserver / libavc CVE-2017-0551 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) NOT-FOR-US: Android Mediaserver / libavc CVE-2017-0550 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) NOT-FOR-US: Android Mediaserver / libavc CVE-2017-0549 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) NOT-FOR-US: Android Mediaserver / libavc CVE-2017-0548 (A remote denial of service vulnerability in libskia could enable an at ...) - skia (bug #818180) CVE-2017-0547 (An information disclosure vulnerability in libmedia in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0546 (An elevation of privilege vulnerability in SurfaceFlinger could enable ...) NOT-FOR-US: Android CVE-2017-0545 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android CVE-2017-0544 (An elevation of privilege vulnerability in CameraBase could enable a l ...) NOT-FOR-US: Android CVE-2017-0543 (A remote code execution vulnerability in libavc in Mediaserver could e ...) NOT-FOR-US: Android Mediaserver/ libavc CVE-2017-0542 (A remote code execution vulnerability in libavc in Mediaserver could e ...) NOT-FOR-US: Android Mediaserver/ libavc CVE-2017-0541 (A remote code execution vulnerability in sonivox in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0540 (A remote code execution vulnerability in libhevc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0539 (A remote code execution vulnerability in libhevc in Mediaserver could ...) NOT-FOR-US: Android Mediaserver CVE-2017-0538 (A remote code execution vulnerability in libavc in Mediaserver could e ...) NOT-FOR-US: Android Mediaserver / libavc CVE-2017-0537 (An information disclosure vulnerability in the kernel USB gadget drive ...) NOT-FOR-US: Nvidia driver for Android NOTE: https://source.android.com/security/bulletin/2017-03-01.html NOTE: Android bulletin lists as affecting only Pixel C (Tegra X1) and Tegra USB gadget mode is not in mainline Linux CVE-2017-0536 (An information disclosure vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0535 (An information disclosure vulnerability in the HTC sound codec driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0534 (An information disclosure vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0533 (An information disclosure vulnerability in the Qualcomm video driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0532 (An information disclosure vulnerability in the MediaTek video codec dr ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0531 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0530 RESERVED CVE-2017-0529 (An information disclosure vulnerability in the MediaTek driver could e ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0528 (An elevation of privilege vulnerability in the kernel security subsyst ...) NOT-FOR-US: Android bulletin lists as affecting only Pixel and Pixel XL (Qualcomm Snapdragon) so probably relates to Qualcomm driver NOTE: https://source.android.com/security/bulletin/2017-03-01.html CVE-2017-0527 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...) NOT-FOR-US: HTC driver for Android CVE-2017-0526 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...) NOT-FOR-US: HTC driver for Android CVE-2017-0525 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0524 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0523 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0522 (An elevation of privilege vulnerability in a MediaTek APK could enable ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0521 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0520 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0519 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0518 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0517 (An elevation of privilege vulnerability in the MediaTek hardware senso ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0516 (An elevation of privilege vulnerability in the Qualcomm input hardware ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0515 RESERVED CVE-2017-0514 RESERVED CVE-2017-0513 RESERVED CVE-2017-0512 RESERVED CVE-2017-0511 RESERVED CVE-2017-0510 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...) - linux (Android-specific patch) CVE-2017-0509 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0508 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) NOT-FOR-US: Android ION subsystem NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no NOTE: patch has been made available it's likely some closed-source addon CVE-2017-0507 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) NOT-FOR-US: Android ION subsystem NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no NOTE: patch has been made available it's likely some closed-source addon CVE-2017-0506 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0505 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0504 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0503 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0502 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0501 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0500 (An elevation of privilege vulnerability in MediaTek components, includ ...) NOT-FOR-US: MediaTek driver for Android CVE-2017-0499 (A denial of service vulnerability in Audioserver could enable a local ...) NOT-FOR-US: Android Audioserver CVE-2017-0498 (A denial of service vulnerability in Setup Wizard could allow a local ...) NOT-FOR-US: Android CVE-2017-0497 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0496 (A denial of service vulnerability in Setup Wizard could allow a local ...) NOT-FOR-US: Android CVE-2017-0495 (An information disclosure vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...) NOT-FOR-US: Android CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...) NOT-FOR-US: Android CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable ...) NOT-FOR-US: Android CVE-2017-0491 (An elevation of privilege vulnerability in Package Manager could enabl ...) NOT-FOR-US: Android CVE-2017-0490 (An elevation of privilege vulnerability in Wi-Fi could enable a local ...) NOT-FOR-US: Android CVE-2017-0489 (An elevation of privilege vulnerability in Location Manager could enab ...) NOT-FOR-US: Android CVE-2017-0488 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0487 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0486 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0485 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0484 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0483 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0482 (A denial of service vulnerability in Mediaserver could enable an attac ...) NOT-FOR-US: Android Mediaserver CVE-2017-0481 (An elevation of privilege vulnerability in NFC could enable a proximat ...) NOT-FOR-US: Android CVE-2017-0480 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0479 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0478 (A remote code execution vulnerability in the Framesequence library cou ...) NOT-FOR-US: Framesequence library CVE-2017-0477 (A remote code execution vulnerability in libgdx could enable an attack ...) - libgdx (bug #686673) CVE-2017-0476 (A remote code execution vulnerability in AOSP Messaging could enable a ...) NOT-FOR-US: Android CVE-2017-0475 (An elevation of privilege vulnerability in the recovery verifier could ...) NOT-FOR-US: Android CVE-2017-0474 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0473 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0472 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0471 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0470 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0469 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0468 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0467 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0463 (An elevation of privilege vulnerability in the Qualcomm networking dri ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0462 (An elevation of privilege vulnerability in the Qualcomm Seemp driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0461 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0460 (An elevation of privilege vulnerability in the Qualcomm networking dri ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0459 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0458 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0457 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0456 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0455 (An information disclosure vulnerability in the Qualcomm bootloader cou ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0454 (An elevation of privilege vulnerability in the Qualcomm audio driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0453 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0452 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0451 (An information disclosure vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0450 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0449 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0448 (An information disclosure vulnerability in the NVIDIA video driver cou ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0447 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0446 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0445 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) NOT-FOR-US: HTC driver for Android CVE-2017-0444 (An elevation of privilege vulnerability in the Realtek sound driver co ...) NOT-FOR-US: Realtek driver for Android CVE-2017-0443 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0442 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0441 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0440 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0439 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0438 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0437 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0436 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0435 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0434 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) NOT-FOR-US: Synaptics driver for Android CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could e ...) NOT-FOR-US: Mediatek driver for Android CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Broadcom driver for Android CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system coul ...) NOT-FOR-US: Unspecified Android filesystem, apparently not in mainline NOTE: https://source.android.com/security/bulletin/2017-02-01.html NOTE: Android bulletin lists all recent devices as affected. NOTE: No source patch available, so may relate to Apache-licensed sdcardfs. CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could enable ...) NOT-FOR-US: Android filesystem layout CVE-2017-0425 (An information disclosure vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0424 (An information disclosure vulnerability in AOSP Messaging could enable ...) NOT-FOR-US: Android CVE-2017-0423 (An elevation of privilege vulnerability in Bluetooth could enable a pr ...) NOT-FOR-US: Android CVE-2017-0422 (A denial of service vulnerability in Bionic DNS could enable a remote ...) NOT-FOR-US: Android CVE-2017-0421 (An information disclosure vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0420 (An information disclosure vulnerability in AOSP Mail could enable a lo ...) NOT-FOR-US: Android CVE-2017-0419 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0418 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0417 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0416 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0415 (An elevation of privilege vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0414 (An information disclosure vulnerability in AOSP Messaging could enable ...) NOT-FOR-US: Android CVE-2017-0413 (An information disclosure vulnerability in AOSP Messaging could enable ...) NOT-FOR-US: Android CVE-2017-0412 (An elevation of privilege vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0411 (An elevation of privilege vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0410 (An elevation of privilege vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0409 (A remote code execution vulnerability in libstagefright could enable a ...) NOT-FOR-US: libstagefright CVE-2017-0408 (A remote code execution vulnerability in libgdx could enable an attack ...) - libgdx (bug #686673) CVE-2017-0407 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0406 (A remote code execution vulnerability in Mediaserver could enable an a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0405 (A remote code execution vulnerability in Surfaceflinger could enable a ...) NOT-FOR-US: Android CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound subsystem ...) - linux (Android-specific sound system) CVE-2017-0403 (An elevation of privilege vulnerability in the kernel performance subs ...) - linux (Android-specific performance subsystem) CVE-2017-0402 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) NOT-FOR-US: Android Audioserver CVE-2017-0401 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) NOT-FOR-US: Android Qualcomm audio post processor CVE-2017-0400 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) NOT-FOR-US: Android Audioserver CVE-2017-0399 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) NOT-FOR-US: Android Qualcomm audio post processor CVE-2017-0398 (An information disclosure vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in libstagefrig ...) NOT-FOR-US: Android Mediaserver CVE-2017-0396 (An information disclosure vulnerability in visualizer/EffectVisualizer ...) NOT-FOR-US: Android Mediaserver CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could enable a loc ...) NOT-FOR-US: Android Contacts CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote a ...) NOT-FOR-US: Android Telephony CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could enabl ...) - libvpx 1.6.1-1 [jessie] - libvpx (Minor issue) [wheezy] - libvpx (Minor issue) NOTE: probably fixed earlier, but this was the version checked NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable. NOTE: https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...) NOT-FOR-US: libstagefright CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in libhev ...) NOT-FOR-US: Android Mediaserver CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver cou ...) NOT-FOR-US: Android Mediaserver CVE-2017-0389 (A denial of service vulnerability in core networking could enable a re ...) NOT-FOR-US: Android CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage Provid ...) NOT-FOR-US: Android CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could enable a ...) NOT-FOR-US: Android Mediaserver CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library could ena ...) - libnl3 (Specific to Android's use of libnl) NOTE: https://github.com/thom311/libnl/issues/124 CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could enable a ...) NOT-FOR-US: Android Audioserver CVE-2017-0384 (An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBu ...) NOT-FOR-US: Android Audioserver CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs could en ...) NOT-FOR-US: Android CVE-2017-0382 (A remote code execution vulnerability in the Framesequence library cou ...) NOT-FOR-US: Android CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c in li ...) {DLA-793-1} - opus 1.2~alpha2-1 (bug #851612) [jessie] - opus (Minor issue, https://bugs.debian.org/851612#10) NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha) NOTE: https://github.com/xiph/opus/commit/70a3d641b760b3d313b6025f82aed93a460720e5 CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in hcidump CLI tool, no security impact CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in CLI tools, no security impact CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html NOTE: Crash in btmon CLI tool, no security impact CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in CLI tools, no security impact CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in CLI tools, no security impact CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html NOTE: Crash in btmon CLI tool, no security impact CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in hcidump CLI tool, no security impact CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...) - bluez (unimportant; bug #847837) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html NOTE: Crash in hcidump CLI tool, no security impact CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in sound/core/pc ...) {DLA-772-1} - linux 4.7.2-1 [jessie] - linux 3.16.39-1 NOTE: https://patchwork.kernel.org/patch/8752621/ NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1) NOTE: http://seclists.org/oss-sec/2016/q4/576 CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...) {DLA-772-1} - linux 4.8.15-1 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ...) {DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1} - tomcat8 8.5.8-2 (bug #845385) - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5 CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...) {DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1} - tomcat8 8.5.8-2 (bug #845393) - tomcat7 7.0.72-3 NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5 CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does ...) - linux 4.8.15-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804 NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7) NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1) NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/2 CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...) {DLA-1497-1} - qemu 1:2.8+dfsg-1 (bug #846797) [wheezy] - qemu (Minor issue) - qemu-kvm [wheezy] - qemu-kvm (Coldfire is not emulated by kvm) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829 CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not prop ...) {DLA-772-1} - linux 4.8.15-1 [jessie] - linux 3.16.39-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468 NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...) - linux 4.8.15-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa (v4.9-rc8) NOTE: https://groups.google.com/forum/#!topic/syzkaller/GFbGpX7nTEo CVE-2016-9684 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) NOT-FOR-US: SonicWall CVE-2016-9683 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) NOT-FOR-US: SonicWall CVE-2016-9682 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) NOT-FOR-US: SonicWall CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity bef ...) - serendipity CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...) NOT-FOR-US: Citrix CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute a ...) NOT-FOR-US: Citrix CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before 7. ...) NOT-FOR-US: Citrix CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...) NOT-FOR-US: Citrix CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows att ...) NOT-FOR-US: Citrix CVE-2016-9674 REJECTED CVE-2016-9673 REJECTED CVE-2016-9672 REJECTED CVE-2016-9671 REJECTED CVE-2016-9670 REJECTED CVE-2016-9669 REJECTED CVE-2016-9668 REJECTED CVE-2016-9667 REJECTED CVE-2016-9666 REJECTED CVE-2016-9665 REJECTED CVE-2016-9664 REJECTED CVE-2016-9663 REJECTED CVE-2016-9662 REJECTED CVE-2016-9661 REJECTED CVE-2016-9660 REJECTED CVE-2016-9659 REJECTED CVE-2016-9658 REJECTED CVE-2016-9657 REJECTED CVE-2016-9656 REJECTED CVE-2016-9655 REJECTED CVE-2016-9654 REJECTED CVE-2016-9653 REJECTED CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...) {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...) {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) - libv8 (unimportant) NOTE: libv8 not covered by security support CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...) {DSA-3731-1} - chromium-browser 55.0.2883.75-1 [wheezy] - chromium-browser (Not supported in Wheezy) CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...) {DSA-3993-1} - tor 0.3.1.7-1 (bug #876221) [jessie] - tor (Issue introduced in 0.2.7.2-alpha) [wheezy] - tor (Issue introduced in 0.2.7.2-alpha) NOTE: https://trac.torproject.org/projects/tor/ticket/23490 NOTE: https://gitweb.torproject.org/tor.git/commit/?id=09ea89764a4d3a907808ed7d4fe42abfe64bd486 CVE-2017-0379 (Libgcrypt before 1.8.1 does not properly consider Curve25519 side-chan ...) {DSA-3959-1} - libgcrypt20 1.7.9-1 (bug #873383) [jessie] - libgcrypt20 (Vulnerable code not present, no Curve25519 support) - libgcrypt11 (Vulnerable code not present, no Curve25519 support) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b NOTE: https://eprint.iacr.org/2017/806 CVE-2017-0378 (XSS exists in the login_form function in views/helpers.php in Phamm be ...) - phamm 0.6.8-1 (bug #868988) [stretch] - phamm (Minor issue) [jessie] - phamm (Minor issue) [wheezy] - phamm (Minor issue) NOTE: https://github.com/lota/phamm/issues/21 NOTE: https://github.com/lota/phamm/commit/331bdbf0e79632385495fa62e087a6b4cf78857e CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only con ...) - tor (Affects only 0.3.x series) NOTE: https://trac.torproject.org/projects/tor/ticket/22753 NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...) {DSA-3877-1 DLA-982-1} - tor 0.2.9.11-1 (bug #864424) NOTE: https://trac.torproject.org/22494 NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=56a7c5bc15e0447203a491c1ee37de9939ad1dcd NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...) - tor (Introduced in 0.3.0.1-alpha) NOTE: https://trac.torproject.org/22493 NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=79b59a2dfcb68897ee89d98587d09e55f07e68d7 NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha CVE-2017-0374 (lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before ...) - libconfig-model-perl 2.097-2 [jessie] - libconfig-model-perl (Minor issue) [wheezy] - libconfig-model-perl (Minor issue. Perl itself has to fix this and this can not be done easily) NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573 CVE-2017-0373 (The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod ...) - libconfig-model-perl 2.097-2 [jessie] - libconfig-model-perl (Minor issue) [wheezy] - libconfig-model-perl (Vulnerable code do not exist) NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773 CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawiki bef ...) - mediawiki 1:1.27.3-1 (bug #861585) [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T158689 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T140591 NOTE: https://phabricator.wikimedia.org/T68404 CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T48143 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0369 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T108138 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0368 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawH ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T156184 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0367 (Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary d ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Vulnerable code not present) NOTE: https://phabricator.wikimedia.org/T161453 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0366 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T151735 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0365 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerabilit ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T144845 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0364 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Speci ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T122209 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0363 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:Us ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T109140 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0362 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the " ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T150044 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0361 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information dis ...) - mediawiki 1:1.27.2-1 [wheezy] - mediawiki (Not supported in Wheezy LTS) NOTE: https://phabricator.wikimedia.org/T125177 NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authentica ...) {DSA-3826-1 DLA-882-1} - tryton-server 4.2.1-2 NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x) CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based on th ...) - diffoscope 77 (bug #854723) CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...) {DSA-3780-1 DLA-815-1} - ntfs-3g 1:2016.2.22AR.1-4 NOTE: PoC https://www.openwall.com/lists/oss-security/2017/02/04/1 CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting ...) - iucode-tool 2.1.1-1 [jessie] - iucode-tool (Vulnerable code not present) [wheezy] - iucode-tool (Vulnerable code not present) NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3 CVE-2017-0356 (A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.201701 ...) {DSA-3760-1 DLA-812-1} - ikiwiki 3.20170111 NOTE: https://ikiwiki.info/security/#cve-2017-0356 CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...) {DLA-733-1} - openafs 1.6.20-1 (bug #846922) [jessie] - openafs 1.6.9-2+deb8u6 NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master) NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch NOTE: https://www.openwall.com/lists/oss-security/2016/12/01/12 CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the ...) - linux 4.5.1-1 [jessie] - linux 3.16.36-1 [wheezy] - linux 3.2.81-1 NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1) CVE-2016-9649 REJECTED CVE-2016-9648 REJECTED CVE-2016-9647 REJECTED CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->fie ...) {DSA-3760-1 DLA-812-1} - ikiwiki 3.20161229 NOTE: https://ikiwiki.info/security/#cve-2016-9646 CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...) - webkitgtk 2.14.6-1 (unimportant) NOTE: Not covered by security support NOTE: https://www.openwall.com/lists/oss-security/2016/11/26/2 CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...) - webkitgtk (unimportant) NOTE: Not covered by security support CVE-2016-9641 RESERVED CVE-2016-9640 RESERVED CVE-2017-0355 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0354 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0353 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0352 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) - nvidia-graphics-drivers 375.66-1 (bug #863515) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) CVE-2017-0351 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) - nvidia-graphics-drivers 375.66-1 (bug #863515) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) CVE-2017-0350 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) - nvidia-graphics-drivers 375.66-1 (bug #863515) [jessie] - nvidia-graphics-drivers (Non-free not supported) [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) CVE-2017-0349 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0348 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0347 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0346 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0345 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0344 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0343 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0342 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) NOT-FOR-US: NVIDIA Windows drivers CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser comp ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0337 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0336 (An information disclosure vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0335 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0334 (An information disclosure vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0333 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0332 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0331 (An elevation of privilege vulnerability in the NVIDIA video driver cou ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0330 (An information disclosure vulnerability in the NVIDIA crypto driver co ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0329 (An elevation of privilege vulnerability in the NVIDIA boot and power m ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0328 (An information disclosure vulnerability in the NVIDIA crypto driver co ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver c ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) - nvidia-graphics-drivers 375.39-1 (bug #855277) [jessie] - nvidia-graphics-drivers 340.102-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a vulnerabilit ...) - nvidia-graphics-drivers 375.39-1 (bug #855277) [jessie] - nvidia-graphics-drivers 340.102-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0316 (In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Fra ...) NOT-FOR-US: NVIDIA Installer Framework CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...) - nvidia-graphics-drivers 375.39-1 (bug #855277) [jessie] - nvidia-graphics-drivers 340.102-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) - nvidia-graphics-drivers 375.39-1 (bug #855277) [jessie] - nvidia-graphics-drivers 340.102-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) - nvidia-graphics-drivers 375.39-1 (bug #855277) [jessie] - nvidia-graphics-drivers 340.102-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) NOT-FOR-US: NVIDIA drivers for Windows CVE-2017-0307 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2017-0306 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) NOT-FOR-US: NVIDIA driver for Android CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary "listguests64" is configur ...) NOT-FOR-US: BMC Patrol CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu i ...) {DLA-1270-1} - qemu (Vulnerability specific to Xen) - qemu-kvm (Vulnerability specific to Xen) - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-199.html CVE-2016-9620 REJECTED CVE-2016-9619 REJECTED CVE-2016-9618 REJECTED CVE-2016-9617 REJECTED CVE-2016-9616 REJECTED CVE-2016-9615 REJECTED CVE-2016-9614 REJECTED CVE-2016-9613 REJECTED CVE-2016-9612 REJECTED CVE-2016-9611 REJECTED CVE-2016-9610 REJECTED CVE-2016-9609 REJECTED CVE-2016-9608 REJECTED CVE-2016-9607 REJECTED CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...) - resteasy 3.1.4-1 (bug #851430) [jessie] - resteasy (Minor issue) - resteasy3.0 3.0.26-1 NOTE: See CVE-2018-1051 to address original incomplete fix for CVE-2016-9606 CVE-2016-9605 (A flaw was found in cobbler software component version 2.6.11-1. It su ...) - cobbler (bug #858844) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333 CVE-2016-9604 (It was discovered in the Linux kernel before 4.11-rc8 that root can ga ...) {DLA-922-1} - linux 4.9.25-1 [jessie] - linux 3.16.43-1 NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA e ...) {DLA-1497-1 DLA-1270-1 DLA-1035-1 DLA-939-1} - qemu 1:2.8+dfsg-4 (bug #857744) - qemu-kvm - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-211.html NOTE: https://www.openwall.com/lists/oss-security/2017/03/14/2 NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6 CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...) {DLA-1497-1 DLA-1035-1 DLA-965-1} - qemu 1:2.8+dfsg-3 (bug #853006) - qemu-kvm NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929 NOTE: The original proposed patch does not fix the issue, cf. NOTE: https://www.openwall.com/lists/oss-security/2017/01/17/14 NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035 NOTE: If fixing this issue for older suites, then make sure not to open the NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e NOTE: See further details in the CVE-2017-7471 tracker entry. CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer o ...) {DSA-3817-1 DLA-874-1} - jbig2dec 0.13-4 (bug #850497) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457 NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...) - jasper (unimportant) NOTE: https://github.com/mdadams/jasper/issues/109 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846 NOTE: Not suitable for code injection, hardly denial of service CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access ...) NOT-FOR-US: puppet-tripleo CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows context-depend ...) - libxml2 (Red Hat specific security regressions) CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ...) - libxml2 (Red Hat specific security regressions) CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery m ...) - libxml2 (Red Hat specific security regressions) CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts a ...) NOT-FOR-US: Katello CVE-2016-9594 (curl before version 7.52.1 is vulnerable to an uninitialized random in ...) - curl (Only affects 7.52.0) NOTE: https://curl.haxx.se/docs/adv_20161223.html CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman ...) - foreman (bug #663101) CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a f ...) NOT-FOR-US: OpenShift CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the ...) {DSA-3827-1 DLA-920-1} - jasper NOTE: https://github.com/mdadams/jasper/issues/105 NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an informat ...) - puppet-module-swift 9.4.4-1 (bug #851293) CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...) NOT-FOR-US: Red Hat specific use of undertow in Wildfly CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...) {DSA-3804-1 DLA-849-1} - linux 4.8.15-2 NOTE: https://www.spinics.net/lists/kvm/msg142495.html NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388 CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...) - ansible 2.2.0.0-3 (bug #850846) [jessie] - ansible (Vulnerable code not present, way ssh commands was reworked in 2.x branch) NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3) NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4) NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4) NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3 CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when doi ...) {DLA-1568-1 DLA-767-1} - curl 7.52.1-1 (bug #848958) NOTE: https://curl.haxx.se/docs/adv_20161221A.html NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 NOTE: There are no known vulnerable applications but as this is a NOTE: library it should be fixed as we do not know the full impact. CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untr ...) NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5 CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use-afte ...) {DLA-959-1} - libical3 3.0.1-1 - libical (bug #852034) [stretch] - libical (Minor issue) [jessie] - libical (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/5 NOTE: Upstream ticket: https://github.com/libical/libical/issues/253 CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...) - jasper (unimportant) NOTE: https://github.com/mdadams/jasper/issues/103 NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27 NOTE: The issue exists due to an overflow check which is not present NOTE: in Wheezy and Jessie. However it makes sense to implement this check. NOTE: This can be done when more important issues are found [wheezy]. NOTE: Not suitable for code injection, hardly denial of service CVE-2016-9582 REJECTED CVE-2016-9581 (An infinite loop vulnerability in tiftoimage that results in heap buff ...) - openjpeg2 (unimportant) NOTE: https://github.com/uclouvain/openjpeg/issues/872 NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 NOTE: not built into the binary packages CVE-2016-9580 (An integer overflow vulnerability was found in tiftoimage function in ...) - openjpeg2 (unimportant) NOTE: https://github.com/uclouvain/openjpeg/issues/871 NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 NOTE: not built into the binary packages CVE-2016-9579 (A flaw was found in the way Ceph Object Gateway would process cross-or ...) - ceph 10.2.5-2 (bug #849048) [jessie] - ceph 0.80.7-2+deb8u2 NOTE: http://tracker.ceph.com/issues/18187 CVE-2016-9578 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...) {DSA-3790-1 DLA-825-1} - spice 0.12.8-2.1 (bug #854336) NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x) NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x) CVE-2016-9577 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...) {DSA-3790-1 DLA-825-1} - spice 0.12.8-2.1 (bug #854336) NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 (0.12.x) CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not properl ...) {DLA-772-1} - linux 4.8.15-2 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1) CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...) {DLA-772-1} - linux 4.8.15-1 [jessie] - linux 3.16.39-1 NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2 NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9) CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...) - freeipa 4.4.4-1 (bug #849950) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311 NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15 NOTE: https://fedorahosted.org/freeipa/ticket/6560 CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of service du ...) - nss 2:3.25-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 NOTE: The CVE is specific to the segfault resulting from the reproducing steps NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482 NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735 CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in th ...) {DSA-3768-1} - openjpeg2 2.1.2-1.1 (bug #851422) NOTE: https://github.com/uclouvain/openjpeg/issues/863 NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d CVE-2016-9572 (A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 de ...) {DSA-3768-1} - openjpeg2 2.1.2-1.1 (bug #851422) NOTE: https://github.com/uclouvain/openjpeg/issues/863 NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d CVE-2016-9571 REJECTED CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...) NOT-FOR-US: Carbon Black CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...) NOT-FOR-US: Carbon Black CVE-2016-9568 (A security design issue can allow an unprivileged user to interact wit ...) NOT-FOR-US: Carbon Black CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) soft ...) NOT-FOR-US: Samsung CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...) {DLA-1615-1 DLA-751-1} - nagios3 [wheezy] - nagios3 (Minor issue) NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile - icinga 1.13.4-1 [jessie] - icinga (Minor issue) [wheezy] - icinga (Minor issue) NOTE: https://dev.icinga.com/issues/13709 NOTE: https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65 NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0 CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before 4. ...) {DLA-751-1} - nagios3 3.5.1-1 NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected NOTE: function was removed. NOTE: The scope of the CVE is specific to Nagios. NOTE: impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remot ...) - boa (the vuln was removed in 0.93.14) NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticate ...) NOT-FOR-US: SAP CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...) NOT-FOR-US: SAP CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...) - ffmpeg 7:3.2.4-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/1 NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media NOTE: files, it needs to set resource limits CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...) NOT-FOR-US: Sophos CVE-2016-9553 (The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote ...) NOT-FOR-US: Sophos CVE-2016-9552 RESERVED CVE-2016-9551 RESERVED CVE-2016-9550 RESERVED CVE-2016-9549 RESERVED CVE-2016-9548 RESERVED CVE-2016-9547 RESERVED CVE-2016-9546 RESERVED CVE-2016-9545 RESERVED CVE-2016-9544 RESERVED CVE-2016-9543 RESERVED CVE-2016-9542 RESERVED CVE-2016-9541 RESERVED CVE-2016-9531 REJECTED CVE-2016-9530 REJECTED CVE-2016-9529 REJECTED CVE-2016-9528 REJECTED CVE-2016-9527 REJECTED CVE-2016-9526 REJECTED CVE-2016-9525 REJECTED CVE-2016-9524 REJECTED CVE-2016-9523 REJECTED CVE-2016-9522 REJECTED CVE-2016-9521 REJECTED CVE-2016-9520 REJECTED CVE-2016-9519 REJECTED CVE-2016-9518 REJECTED CVE-2016-9517 REJECTED CVE-2016-9516 REJECTED CVE-2016-9515 REJECTED CVE-2016-9514 REJECTED CVE-2016-9513 REJECTED CVE-2016-9512 REJECTED CVE-2016-9511 REJECTED CVE-2016-9510 REJECTED CVE-2016-9509 REJECTED CVE-2016-9508 REJECTED CVE-2016-9507 REJECTED CVE-2016-9506 REJECTED CVE-2016-9505 REJECTED CVE-2016-9504 REJECTED CVE-2016-9503 REJECTED CVE-2016-9502 REJECTED CVE-2016-9501 REJECTED CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft P ...) NOT-FOR-US: Accellion CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the us ...) NOT-FOR-US: Accellion CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200, allows ...) NOT-FOR-US: ManageEngine CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) NOT-FOR-US: Hughes CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) NOT-FOR-US: Hughes CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) NOT-FOR-US: Hughes CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) NOT-FOR-US: Hughes CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) NOT-FOR-US: PHP FormMail Generator CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) NOT-FOR-US: PHP FormMail Generator CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690 allows ...) NOT-FOR-US: ManageEngine CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build 13200, an ...) NOT-FOR-US: ManageEngine CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...) NOT-FOR-US: EpubCheck CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the loc ...) NOT-FOR-US: SecureConnector agent CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the loc ...) NOT-FOR-US: SecureConnector agent CVE-2016-9484 (The generated PHP form code does not properly validate user input fold ...) NOT-FOR-US: PHP FormMail Generator CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes unt ...) NOT-FOR-US: PHP FormMail Generator CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote unauthenti ...) NOT-FOR-US: PHP FormMail Generator CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...) - php5 5.6.0+dfsg-1 [wheezy] - php5 5.4.34-0+deb7u1 NOTE: Fixed in 5.6.0, 5.5.14, 5.4.30, 5.3.29 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=67397 NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest NOTE: PHP workaround for CVE-2014-9911 in icu CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into foll ...) {DLA-757-1} - phpmyadmin 4:4.1.7-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/ NOTE: may affect wheezy only. CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/ NOTE: Debian packaging generates blowfish secret CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/ NOTE: disabled by default, debugging setting required CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...) {DLA-1821-1 DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/ CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the allow ...) {DLA-1821-1 DLA-757-1} - phpmyadmin 4:4.6.5.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/ CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) [jessie] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/ CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ NOTE: path disclosure not relevant in Debian CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ NOTE: path disclosure not relevant in Debian CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ NOTE: path disclosure not relevant in Debian CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ NOTE: path disclosure not relevant in Debian CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix f ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/ CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a we ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/ CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can exe ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ma ...) {DLA-1821-1 DLA-757-1} - phpmyadmin 4:4.6.5.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/ CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...) - phpmyadmin 4:4.6.5.1-1 [jessie] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/ CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ta ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) [jessie] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/ CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ta ...) {DLA-1821-1 DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/ CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized stri ...) {DLA-1415-1 DLA-757-1} - phpmyadmin 4:4.6.5.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d (MAINT_4_4_15) CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is diffe ...) - phpmyadmin 4:4.6.5.1-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/ NOTE: unlikely PHP configuration required, unclear impact CVE-2014-9911 (Stack-based buffer overflow in the ures_getByKeyWithFallback function ...) {DSA-3725-1 DLA-744-1} - icu 55.1-3 NOTE: http://bugs.icu-project.org/trac/ticket/10891 NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699 NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the NOTE: first fixed package version uploaded to unstable is 55.1-3 . CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...) - salt 2016.3.0+ds-1 [jessie] - salt (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2016/11/25/2 CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...) {DSA-3818-1} - gst-plugins-bad1.0 1.10.2-1 (low) - gst-plugins-bad0.10 (Vulnerable code introduced in 1.1.1 of 1.0 series) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120 CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...) {DSA-3818-1} - gst-plugins-bad1.0 1.10.2-1 (low) - gst-plugins-bad0.10 (Vulnerable code introduced in 1.1.1 of 1.0 series) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048 CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer be ...) {DSA-3819-1 DLA-2126-1 DLA-735-1} - gst-plugins-base1.0 1.10.2-1 - gst-plugins-base0.10 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902 CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in g ...) - gst-plugins-good1.0 1.10.1-2 [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 - gst-plugins-good0.10 [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897 CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ...) {DSA-3818-1 DLA-2164-1 DLA-736-1} - gst-plugins-bad1.0 1.10.2-1 - gst-plugins-bad0.10 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896 CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...) - gst-plugins-good1.0 1.10.1-2 [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 - gst-plugins-good0.10 [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859 NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff NOTE: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer bef ...) - gst-plugins-good1.0 1.10.1-2 [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 - gst-plugins-good0.10 [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859 NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9806 (Race condition in the netlink_dump function in net/netlink/af_netlink. ...) - linux 4.6.3-1 [jessie] - linux 3.16.39-1 [wheezy] - linux (Introduced in 3.12) NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1) CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) {DSA-3724-1 DSA-3723-1 DLA-727-1} - gst-plugins-good1.0 1.10.1-2 (bug #845375) - gst-plugins-good0.10 NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/23 CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/43 CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/42 CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/41 CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/40 CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/39 CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/38 NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189 CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/37 CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/36 CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/35 CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/33 CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/32 CVE-2016-9621 REJECTED CVE-2016-9560 (Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_ ...) {DSA-3785-1 DLA-739-1} - jasper NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495 CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf ...) - dwarfutils 20161124-1 (bug #845408) [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows remot ...) - jasper [jessie] - jasper (There is no application crash unless jasper is built with ASAN) [wheezy] - jasper (the fix is too invasive) NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kern ...) {DLA-772-1} - linux 4.8.11-1 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4) CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of Expo ...) NOT-FOR-US: Exponent CMS CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain sensi ...) - dwarfutils 20161124-1 [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006 NOTE: https://sourceforge.net/p/libdwarf/bugs/5/ NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older NOTE: versions, but there seem to be still back then an unchecked dereference NOTE: of val_ptr. CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...) - b2evolution CVE-2016-9478 REJECTED CVE-2016-9477 REJECTED CVE-2016-9476 REJECTED CVE-2016-9475 REJECTED CVE-2016-9474 REJECTED CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and e ...) - brave-browser (bug #864795) CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...) NOT-FOR-US: Revive Adserver CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element In ...) NOT-FOR-US: Revive Adserver CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Dow ...) NOT-FOR-US: Revive Adserver CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any authentic ...) - gitlab 8.13.6+dfsg2-2 (bug #847157) NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/ NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...) - nextcloud (bug #835086) CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...) - nextcloud (bug #835086) CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...) - nextcloud (bug #835086) CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...) - nextcloud (bug #835086) CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...) - nextcloud (bug #835086) CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1 ...) - nextcloud (bug #835086) CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) - nextcloud (bug #835086) CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) - nextcloud (bug #835086) CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vuln ...) - nextcloud (bug #835086) CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vuln ...) - nextcloud (bug #835086) CVE-2016-9458 REJECTED CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/st ...) NOT-FOR-US: Revive Adserver CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) NOT-FOR-US: Revive Adserver CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) NOT-FOR-US: Revive Adserver CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) NOT-FOR-US: Revive Adserver CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...) {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851062) NOTE: https://kb.isc.org/article/AA-01441/0 CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...) {DLA-2260-1 DLA-724-1} - mcabber 0.10.2-1.1 (bug #845258) NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 NOTE: https://www.openwall.com/lists/oss-security/2016/12/09/5 CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688] - slixmpp 1.2.2-1 NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE) CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory] - tomcat8 8.0.38-1 (bug #840685) [jessie] - tomcat8 8.0.14-1+deb8u4 NOTE: Workaround entry for DSA-3720-1 since no CVE assinged - tomcat7 7.0.72-3 (bug #841655) [jessie] - tomcat7 7.0.56-3+deb8u5 [wheezy] - tomcat7 7.0.28-4+deb7u7 NOTE: Workaround entry for DSA-3721-1 since no CVE assinged NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845244) NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845243) NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1 NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master) NOTE: https://github.com/ImageMagick/ImageMagick/issues/298 CVE-2016-9773 (Heap-based buffer overflow in the IsPixelGray function in MagickCore/p ...) - imagemagick (Affects only the ImageMagick-7 branch, cf. NOTE) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3 NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/ NOTE: https://github.com/ImageMagick/ImageMagick/issues/312 NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045 CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242) NOTE: https://github.com/ImageMagick/ImageMagick/issues/301 NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master) CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attack ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.5+dfsg-1 (bug #845241) NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797 NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...) - imagemagick 8:6.9.6.5+dfsg-1 (bug #845239) [jessie] - imagemagick (Vulnerable code using layer_info[i].info introduced later) [wheezy] - imagemagick (Vulnerable code using layer_info[i].info introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845212) NOTE: https://github.com/ImageMagick/ImageMagick/issues/129 NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05 NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845202) NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845198) NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...) {DSA-3799-1 DLA-868-1} - imagemagick 8:6.9.7.4+dfsg-1 (bug #849439) NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: https://github.com/ImageMagick/ImageMagick/issues/352 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was NOTE: specifically noted at the beginning of issues/196, but not fixed in NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same NOTE: as the fputc issue in ReadGROUP4Image. NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7. ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...) {DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) [jessie] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows ...) {DSA-3726-1 DLA-756-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...) - tiff (Vulnerable code introduced by fix for CVE-2016-9297) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593 NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297 CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the Ad ...) NOT-FOR-US: MyBB CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1 ...) NOT-FOR-US: MyBB CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) NOT-FOR-US: MyBB CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...) NOT-FOR-US: MyBB CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1. ...) NOT-FOR-US: MyBB CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka MyB ...) NOT-FOR-US: MyBB CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...) NOT-FOR-US: MyBB CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) NOT-FOR-US: MyBB CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) NOT-FOR-US: MyBB CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) NOT-FOR-US: MyBB CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) NOT-FOR-US: MyBB CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) NOT-FOR-US: MyBB CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) NOT-FOR-US: MyBB CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in M ...) NOT-FOR-US: MyBB CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in ...) NOT-FOR-US: MyBB CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB ...) NOT-FOR-US: MyBB CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...) NOT-FOR-US: MyBB CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka MyBull ...) NOT-FOR-US: MyBB CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as u ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845663) NOTE: https://xenbits.xen.org/xsa/advisory-191.html CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x throug ...) {DSA-3729-1} - xen 4.8.0-1 (bug #845665) [wheezy] - xen (Only affects Xen >= 4.4) NOTE: https://xenbits.xen.org/xsa/advisory-193.html CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host informati ...) - xen 4.8.0-1 (bug #845667) [jessie] - xen (Only affects Xen >= 4.7) [wheezy] - xen (Only affects Xen >= 4.7) NOTE: https://xenbits.xen.org/xsa/advisory-194.html CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS us ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845668) NOTE: https://xenbits.xen.org/xsa/advisory-195.html CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, whic ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845664) NOTE: https://xenbits.xen.org/xsa/advisory-192.html CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS administra ...) {DLA-720-1} - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: https://xenbits.xen.org/xsa/advisory-197.html CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output form ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845670) NOTE: https://xenbits.xen.org/xsa/advisory-198.html CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output forma ...) {DSA-3729-1 DLA-720-1} - xen 4.8.0-1 (bug #845670) NOTE: https://xenbits.xen.org/xsa/advisory-198.html CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...) - xen 4.8.0-1 (bug #845669) [jessie] - xen (Only 4.5 onwards vulnerable) [wheezy] - xen (Only 4.5 onwards vulnerable) NOTE: https://xenbits.xen.org/xsa/advisory-196.html CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...) - xen 4.8.0-1 (bug #845669) [jessie] - xen (Only 4.5 onwards vulnerable) [wheezy] - xen (Only 4.5 onwards vulnerable) NOTE: https://xenbits.xen.org/xsa/advisory-196.html CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9370 REJECTED CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication Inter ...) NOT-FOR-US: Eaton xComfort Ethernet Communication Interface CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions ...) NOT-FOR-US: Moxa CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (release ...) NOT-FOR-US: WAGO CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFI ...) NOT-FOR-US: General Electric CVE-2016-9359 REJECTED CVE-2016-9358 (A Hard-Coded Passwords issue was discovered in Marel Food Processing S ...) NOT-FOR-US: Marel CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected ...) NOT-FOR-US: legacy Eaton ePDUs CVE-2016-9356 (An issue was discovered in Moxa DACenter Versions 1.4 and older. The a ...) NOT-FOR-US: Moxa CVE-2016-9355 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...) NOT-FOR-US: Alaris 8015 Point of Care CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. A spe ...) NOT-FOR-US: Moxa CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9352 REJECTED CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9350 REJECTED CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) NOT-FOR-US: Advantech SUISAccess Server CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) NOT-FOR-US: Moxa CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Ca ...) NOT-FOR-US: Emerson CVE-2016-9346 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...) NOT-FOR-US: Moxa CVE-2016-9345 (An issue was discovered in Emerson DeltaV Easy Security Management Del ...) NOT-FOR-US: Emerson CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...) NOT-FOR-US: Moxa CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable ...) NOT-FOR-US: Rockwell CVE-2016-9342 REJECTED CVE-2016-9341 REJECTED CVE-2016-9340 REJECTED CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versio ...) NOT-FOR-US: INTERSCHALT Maritime Systems CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...) NOT-FOR-US: Rockwell CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all firmwa ...) NOT-FOR-US: Tesla car CVE-2016-9336 REJECTED CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red Lio ...) NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...) NOT-FOR-US: Rockwell CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...) NOT-FOR-US: Moxa CVE-2016-9332 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...) NOT-FOR-US: Moxa CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...) {DLA-723-1} - libsoap-lite-perl 1.19-1 [jessie] - libsoap-lite-perl (Minor issue) NOTE: https://github.com/redhotpenguin/soaplite/pull/21 NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124 CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and My ...) NOT-FOR-US: MyBB CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB ...) NOT-FOR-US: MyBB CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the admi ...) NOT-FOR-US: MyBB CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x befo ...) NOT-FOR-US: MyBB CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote att ...) {DSA-3762-1} - tiff 4.0.6-3 [wheezy] - tiff 4.0.2-6+deb7u7 NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652 - tiff3 [wheezy] - tiff3 (Tools not shipped by tiff3) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579 NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1 NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652 NOTE: and included in patches/09-CVE-2016-5652.patch NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind): NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered. NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered. NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample". NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading. CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render canva ...) {DSA-3717-1 DLA-712-1} - gst-plugins-bad0.10 - gst-plugins-bad1.0 1.10.1-1 NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote at ...) {DSA-3717-1 DLA-712-1} - gst-plugins-bad0.10 - gst-plugins-bad1.0 1.10.1-1 NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533 NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...) - drupal8 (bug #756305) - drupal7 (Only affects Drupal 8) NOTE: https://www.drupal.org/SA-CORE-2016-005 NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...) {DSA-3718-1 DLA-715-1} - drupal7 7.52-1 NOTE: https://www.drupal.org/SA-CORE-2016-005 NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote ...) - drupal8 (bug #756305) - drupal7 (Only affects Drupal 8) NOTE: https://www.drupal.org/SA-CORE-2016-005 NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...) {DSA-3718-1 DLA-715-1} - drupal8 (bug #756305) - drupal7 7.52-1 NOTE: https://www.drupal.org/SA-CORE-2016-005 NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/28 CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29 CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/24 CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/22 CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-33 (bug #844726) [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/20 CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/18 CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/17 CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly initiali ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/16 NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 do ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/16 NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/15 CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/14 CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/13 CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/10 CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/7 CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/29 CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/26 CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows attac ...) {DLA-2966-1 DLA-721-1} [experimental] - libgc 1:7.4.4-1 - libgc 1:7.6.4-0.3 (bug #844771) [jessie] - libgc (Minor issue) NOTE: https://github.com/ivmai/bdwgc/issues/135 NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4 NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7 CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/25 CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/21 CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/12 CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/9 CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) - w3m 0.5.3-30 [jessie] - w3m 0.5.3-19+deb8u1 [wheezy] - w3m (Minor issue) NOTE: https://github.com/tats/w3m/issues/8 CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell an ...) {DLA-1726-1} - bash 4.4-3 (bug #844727) [wheezy] - bash (Minor issue) NOTE: Upstream bash considers this issue only to be a bug. NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006 CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remo ...) - jasper (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes NOTE: Negligible security impact CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 all ...) - jasper (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2 NOTE: Negligible security impact CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows rem ...) - jasper (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize NOTE: Negligible security impact CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0. ...) - jasper (unimportant) NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN NOTE: Negligible security impact CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 a ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t NOTE: Negligible security impact CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 a ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t NOTE: Negligible security impact CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl NOTE: Negligible security impact CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allo ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes NOTE: Negligible security impact CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits NOTE: Negligible security impact CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 a ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t NOTE: Negligible security impact CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.90 ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict NOTE: Negligible security impact CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823 NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap NOTE: Negligible security impact CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/ ...) - jasper (unimportant) NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t NOTE: Negligible security impact CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop exc ...) - wireshark 2.2.2+g9c5aae3-1 [jessie] - wireshark (Only affects 2.2.x) [wheezy] - wireshark (Only affects 2.2.x) NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector c ...) {DSA-3719-1 DLA-714-1} - wireshark 2.2.2+g9c5aae3-1 NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector ...) {DSA-3719-1 DLA-714-1} - wireshark 2.2.2+g9c5aae3-1 NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector coul ...) {DSA-3719-1 DLA-714-1} - wireshark 2.2.2+g9c5aae3-1 NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...) {DSA-3719-1 DLA-714-1} - wireshark 2.2.2+g9c5aae3-1 NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html CVE-2016-9331 REJECTED CVE-2016-9330 REJECTED CVE-2016-9329 REJECTED CVE-2016-9328 REJECTED CVE-2016-9327 REJECTED CVE-2016-9326 REJECTED CVE-2016-9325 REJECTED CVE-2016-9324 REJECTED CVE-2016-9323 REJECTED CVE-2016-9322 REJECTED CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...) - teeworlds 0.6.4+dfsg-1 (bug #844546) [jessie] - teeworlds (Minor issue; can be fixed via point release) [wheezy] - teeworlds (Games are not supported in Wheezy) NOTE: https://www.teeworlds.com/?page=news&id=12086 NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release) NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/8 CVE-2016-9321 RESERVED CVE-2016-9320 RESERVED CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro Enterpr ...) NOT-FOR-US: Trend Micro CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...) {DLA-2972-1} [experimental] - libxml2 2.9.8+dfsg-1 - libxml2 2.9.10+dfsg-2 (bug #844581) [buster] - libxml2 (Minor issue; intrusive to backport) [jessie] - libxml2 (Minor issue; intrusive to backport) [wheezy] - libxml2 (Minor issue) NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2304078555896cf1638c628f50326aeef6f0e0d0 NOTE: The patch introduces a new option that can be specified if this NOTE: behaviour is wanted. Not enforced by default. NOTE: The option though was reverted in https://gitlab.gnome.org/GNOME/libxml2/-/commit/030b1f7a27c22f9237eddca49ec5e620b6258d7d NOTE: New proposed/commited fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad88b54f1a28a8565964a370b5d387927b633c0d CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) befo ...) {DSA-3777-1 DLA-804-1} - libgd2 2.2.4-1 NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1 NOTE: https://github.com/libgd/libgd/issues/340 CVE-2016-9316 (Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.tren ...) NOT-FOR-US: Trend Micro CVE-2016-9315 (Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updat ...) NOT-FOR-US: Trend Micro CVE-2016-9314 (Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigB ...) NOT-FOR-US: Trend Micro CVE-2016-9313 (security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles un ...) - linux 4.8.7-1 [jessie] - linux (Vulnerable code introduced later) [wheezy] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3) NOTE: Introduced by: https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1) CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...) - ntp (Only ntpd on Windows) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110 NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 1:4.2.8p9+dfsg-1 CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...) - ntp 1:4.2.8p9+dfsg-1 [jessie] - ntp (Minor issue) [wheezy] - ntp (Minor issue, not vulnerable by default) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119 NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/ NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction. CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...) - ntp 1:4.2.8p9+dfsg-1 [jessie] - ntp (Minor issue) [wheezy] - ntp (Minor issue, not vulnerable by default) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118 NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0203/ NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction. CVE-2016-9309 RESERVED CVE-2016-9308 RESERVED CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) NOT-FOR-US: Autodesk CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) NOT-FOR-US: Autodesk CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismat ...) NOT-FOR-US: Autodesk CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) NOT-FOR-US: Autodesk CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) NOT-FOR-US: Autodesk CVE-2016-9295 RESERVED CVE-2016-9293 RESERVED CVE-2016-9292 RESERVED CVE-2016-9291 RESERVED CVE-2016-9290 RESERVED CVE-2016-9289 RESERVED CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php i ...) NOT-FOR-US: Exponent CMS CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of E ...) NOT-FOR-US: Exponent CMS CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CM ...) NOT-FOR-US: Exponent CMS CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in Exp ...) NOT-FOR-US: Exponent CMS CVE-2016-9284 (getUsersByJSON in framework/modules/users/controllers/usersController. ...) NOT-FOR-US: Exponent CMS CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent C ...) NOT-FOR-US: Exponent CMS CVE-2016-9282 (SQL Injection in framework/modules/search/controllers/searchController ...) NOT-FOR-US: Exponent CMS CVE-2016-9281 RESERVED CVE-2016-9280 RESERVED CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...) NOT-FOR-US: Samsung CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows loca ...) NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...) NOT-FOR-US: Exponent CMS CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...) NOT-FOR-US: Cloudera CVE-2016-9270 RESERVED CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...) NOT-FOR-US: Trend Micro CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the " ...) - dotclear NOTE: http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2 NOTE: http://dev.dotclear.org/2.0/ticket/2214 CVE-2016-9267 RESERVED CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...) {DLA-1151-1} - wordpress 4.1+dfsg-1 NOTE: https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/ NOTE: flashmediaelement.swf removed from source tree starting in 4.1+dfsg-1 CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote a ...) {DSA-3713-1 DLA-712-1} - gst-plugins-bad0.10 NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...) - jenkins NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/4 CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...) - imagemagick 8:6.9.6.5+dfsg-1 (bug #844211) [jessie] - imagemagick (Vulnerable code not present) [wheezy] - imagemagick (Vulnerable code not present) NOTE: https://github.com/ImageMagick/ImageMagick/issues/296 NOTE: https://www.openwall.com/lists/oss-security/2016/11/13/1 CVE-2016-9300 REJECTED CVE-2016-9301 REJECTED CVE-2016-9302 REJECTED CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...) {DSA-3762-1 DLA-716-1} - tiff 4.0.7-1 (bug #844226) - tiff3 [wheezy] - tiff3 (Unreproducible) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590 NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/2 NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7 NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1 NOTE: When fixing this CVE make sure to make the fix complete and not NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593 NOTE: Fix in 4.0.7 is complete. NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled im ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 (tiff3 not shipping tools) NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readCon ...) - tiff 4.0.7-1 (unimportant) - tiff3 (tiff3 not shipping tools) NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 NOTE: Crash in CLI tool, no security impact CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readCon ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 (tiff3 not shipping tools) NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 (tiff3 not shipping tools) NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...) {DSA-3762-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 (tiff3 not shipping tools) NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...) {DSA-3844-1 DLA-880-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of TI ...) {DSA-3762-1 DLA-880-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilitie ...) {DSA-3762-1 DLA-880-1 DLA-795-1} - tiff 4.0.7-1 - tiff3 NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in tiffcr ...) {DSA-3762-1 DLA-716-1} - tiff 4.0.7-1 (bug #844057) - tiff3 [wheezy] - tiff3 (Tools not shipped by tiff3) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592 NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad NOTE: https://www.openwall.com/lists/oss-security/2016/11/11/14 CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...) - p7zip 16.02+dfsg-2 (unimportant; bug #844344) [jessie] - p7zip (Vulnerable code with potential NULL pointer dereference introduced later) [wheezy] - p7zip (Vulnerable code with potential NULL pointer dereference introduced later) NOTE: https://sourceforge.net/p/p7zip/bugs/185/ NOTE: no security impact CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...) - mujs (Fixed before initial upload to Debian) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697172 NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=5008105780c0b0182ea6eda83ad5598f225be3ee CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...) NOT-FOR-US: Samsung Exynos fimg2d driver for Android CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...) NOT-FOR-US: Samsung Exynos fimg2d driver for Android CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf bef ...) - dwarfutils 20161124-1 (bug #844011) [jessie] - dwarfutils (Minor issue) [wheezy] - dwarfutils (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit. CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in libdwa ...) - dwarfutils 20161124-1 (bug #844012) [jessie] - dwarfutils (Vulnerable code not present) [wheezy] - dwarfutils (Vulnerable code not present) NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit. CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial o ...) {DSA-3762-1 DLA-716-1} - tiff 4.0.7-1 (bug #844013) - tiff3 [wheezy] - tiff3 (Unreproducible) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587 NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7 NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7 NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1 CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation En ...) NOT-FOR-US: Tenable Log Correlation Engine CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...) NOT-FOR-US: Nessus CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...) NOT-FOR-US: Nessus CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauth ...) NOT-FOR-US: F5 CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM management UI o ...) NOT-FOR-US: F5 BIG-IP CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) NOT-FOR-US: F5 CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated us ...) NOT-FOR-US: F5 CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11. ...) NOT-FOR-US: F5 BIG-IP CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified impa ...) {DLA-799-1} - ming (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c NOTE: https://github.com/libming/libming/issues/53 CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remo ...) {DLA-799-1} - ming (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list NOTE: https://github.com/libming/libming/issues/52 CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in Libmin ...) {DLA-799-1} - ming (bug #843928) NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c NOTE: https://github.com/libming/libming/issues/51 CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in base/jas ...) - jasper [jessie] - jasper (Vulnerable code introduced later) [wheezy] - jasper (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735 NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the NOTE: CVE is assigned for everything fixed in the above commit, a such seems till NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c CVE-2016-9258 REJECTED CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...) NOT-FOR-US: F5 CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl c ...) NOT-FOR-US: F5 CVE-2016-9255 REJECTED CVE-2016-9254 REJECTED CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic pattern ...) NOT-FOR-US: F5 CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF ...) NOT-FOR-US: F5 BIG-IP CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be a ...) NOT-FOR-US: F5 CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...) NOT-FOR-US: F5 CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server wit ...) NOT-FOR-US: F5 CVE-2016-9248 REJECTED CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server wit ...) NOT-FOR-US: F5 CVE-2016-9246 REJECTED CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtu ...) NOT-FOR-US: F5 CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has ...) NOT-FOR-US: F5 TLS stack NOTE: https://ticketbleed.com/ CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...) - python-cryptography 1.5.3-1 [jessie] - python-cryptography 0.6.1-1+deb8u1 NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211 NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 NOTE: https://www.openwall.com/lists/oss-security/2016/11/08/6 CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...) NOT-FOR-US: Exponent CMS CVE-2016-9241 REJECTED CVE-2016-9240 REJECTED CVE-2016-9239 REJECTED CVE-2016-9238 REJECTED CVE-2016-9237 REJECTED CVE-2016-9236 REJECTED CVE-2016-9235 REJECTED CVE-2016-9234 REJECTED CVE-2016-9233 REJECTED CVE-2016-9232 REJECTED CVE-2016-9231 REJECTED CVE-2016-9230 REJECTED CVE-2016-9229 REJECTED CVE-2016-9228 REJECTED CVE-2016-9227 REJECTED CVE-2016-9226 REJECTED CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco Ada ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an unauth ...) NOT-FOR-US: Cisco CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco CloudCente ...) NOT-FOR-US: Cisco CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...) NOT-FOR-US: Cisco CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection authent ...) NOT-FOR-US: Cisco CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...) NOT-FOR-US: Cisco CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco Wirel ...) NOT-FOR-US: Cisco CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an unauthen ...) NOT-FOR-US: Cisco CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco Inte ...) NOT-FOR-US: Cisco CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr ...) NOT-FOR-US: Cisco ASR 5000 CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that cou ...) NOT-FOR-US: Cisco CVE-2016-9213 REJECTED CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...) NOT-FOR-US: Cisco CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series Multi ...) NOT-FOR-US: Cisco CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool accessed vi ...) NOT-FOR-US: Cisco CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system software c ...) NOT-FOR-US: Cisco CVE-2016-9208 (A vulnerability in the File Management Utility, the Download File form ...) NOT-FOR-US: Cisco CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco Expressw ...) NOT-FOR-US: Cisco CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified Communications M ...) NOT-FOR-US: Cisco CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR ...) NOT-FOR-US: Cisco CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director could al ...) NOT-FOR-US: Cisco CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature ...) NOT-FOR-US: Cisco CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Ci ...) NOT-FOR-US: Cisco CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime Collaboration ...) NOT-FOR-US: Cisco CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework (CAF) of Ci ...) NOT-FOR-US: Cisco CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...) NOT-FOR-US: Cisco CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Expres ...) NOT-FOR-US: Cisco CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet 18 ...) NOT-FOR-US: Cisco CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request proces ...) NOT-FOR-US: Cisco CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...) NOT-FOR-US: Cisco CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...) NOT-FOR-US: Cisco CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...) NOT-FOR-US: Cisco CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in frontend/m ...) - gnuchess 6.2.4-1 (unimportant) NOTE: Built with hardening flags, no security impact NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html NOTE: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary command ...) {DSA-3712-1} - terminology 0.7.0-2 (bug #843434) NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/12 CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 m ...) {DSA-3791-1} - linux 4.9.6-1 [wheezy] - linux (Vulnerable code introduced in 3.11-rc1) NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4) NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1) CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...) {DSA-3710-1 DLA-705-1} - pillow 3.4.2-1 - python-imaging NOTE: https://github.com/python-pillow/Pillow/issues/2105 NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...) {DSA-3710-1 DLA-705-1} - pillow 3.4.2-1 - python-imaging NOTE: https://github.com/python-pillow/Pillow/issues/2105 NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before ...) NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...) NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy course files" an ...) NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an a ...) - heat 1:7.0.0-2 (bug #843232) [jessie] - heat (Minor issue) NOTE: https://bugs.launchpad.net/ossa/+bug/1606500 CVE-2016-9184 (In /framework/modules/core/controllers/expHTMLEditorController.php of ...) NOT-FOR-US: Exponent CMS CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php of Exp ...) NOT-FOR-US: Exponent CMS CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a controller ...) NOT-FOR-US: Exponent CMS CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote attackers ...) NOT-FOR-US: Spark (sparkjava) CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of Mi ...) NOT-FOR-US: Micro Focus Rumba CVE-2016-9175 REJECTED CVE-2016-9174 REJECTED CVE-2016-9173 REJECTED CVE-2016-9172 REJECTED CVE-2016-9171 REJECTED CVE-2016-9170 REJECTED CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Documen ...) NOT-FOR-US: Novell CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...) NOT-FOR-US: Novell CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...) NOT-FOR-US: Novell CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some circumstances, co ...) NOT-FOR-US: Novell CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management (form ...) NOT-FOR-US: CA Unified Infrastructure Management CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified Infra ...) NOT-FOR-US: CA Unified Infrastructure Management CVE-2016-9163 REJECTED CVE-2016-9162 REJECTED CVE-2016-9161 REJECTED CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) NOT-FOR-US: Siemens SIMATIC CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) NOT-FOR-US: Siemens SIMATIC CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) NOT-FOR-US: Siemens SICAM PAS CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) NOT-FOR-US: Siemens SICAM PAS CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, ...) NOT-FOR-US: Siemens CVE-2016-9154 (Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo ...) NOT-FOR-US: Siemens Desigo PX CVE-2016-9153 RESERVED CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...) {DLA-738-1} - spip 3.1.4-2 (bug #847156) [jessie] - spip 3.0.17-2+deb8u3 NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x be ...) NOT-FOR-US: PAN-OS CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks ...) NOT-FOR-US: PAN-OS CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20 ...) NOT-FOR-US: PAN-OS CVE-2016-9148 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (f ...) NOT-FOR-US: CA Service Desk Manager CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...) {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851063) NOTE: https://kb.isc.org/article/AA-01440/0 CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to ...) NOT-FOR-US: git-fastclone CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution f ...) NOT-FOR-US: git-fastclone CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not veri ...) - linux 4.4.2-1 [jessie] - linux 3.16.7-ckt25-1 [wheezy] - linux 3.2.78-1 NOTE: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1386286 NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1) NOTE: Followed by a complete set of related upstrema commits. See kernel-sec NOTE: triage for details. NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/6 CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority component of ...) {DLA-719-1} - lynx 2.8.9dev11-1 (bug #843258) - lynx-cur [jessie] - lynx-cur (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/4 NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream NOTE: the uplaod to unstable as 2.8.9dev10-1 CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...) - linux (Vulnerable code not present) NOTE: No incorrect backport of CVE-2016-9178 done in Debian NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af NOTE: (added in 4.8) is backported without also backporting NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to NOTE: the 3.2 and 3.16 LTS series NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/2 CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...) {DLA-772-1} - linux 4.7.5-1 [jessie] - linux 3.16.39-1 NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7) NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644 CVE-2016-9146 RESERVED CVE-2016-9145 REJECTED CVE-2016-9144 REJECTED CVE-2016-9143 REJECTED CVE-2016-9142 REJECTED CVE-2016-9141 REJECTED CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ( ...) - libimage-info-perl 1.39-1 (bug #842891) [jessie] - libimage-info-perl (Minor issue) [wheezy] - libimage-info-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556 NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6 NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1 NOTE: Older versions of libimage-info-perl only can use XML::Simple. NOTE: Controlling XXE processing behavior in XML::Simple is not really NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794), NOTE: so as a workaround the underlying SAX parser is fixed to NOTE: XML::SAX::PurePerl which is uncapable of processing external entities NOTE: but unfortunately it is also a slow parser. CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as con ...) - libxml-twig-perl 1:3.50-1.1 (low; bug #842893) [stretch] - libxml-twig-perl (Minor issue; can be fixed via point release) [jessie] - libxml-twig-perl (Minor issue; can be fixed via point release) [wheezy] - libxml-twig-perl (Minor issue, new flag would require changes to applications too, not worth the effort) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553 NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1 NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities. NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...) - mujs (Fixed before initial upload to Debian) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697244 CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...) NOT-FOR-US: Exponent CMS CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...) NOT-FOR-US: Exponent CMS CVE-2016-9133 RESERVED CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer over ...) {DLA-786-1} - botan1.10 1.10.14-1 [jessie] - botan1.10 (Minor issue, not believed to be exploitable in practice) NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected. NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...) {DSA-3758-1 DLA-805-1} [experimental] - bind9 1:9.10.4-P5-1 - bind9 1:9.10.3.dfsg.P4-11 (bug #851065) NOTE: https://kb.isc.org/article/AA-01439/0 CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) NOT-FOR-US: Revive Adserver CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...) NOT-FOR-US: Revive Adserver CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate ...) NOT-FOR-US: Revive Adserver CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) NOT-FOR-US: Revive Adserver CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames ar ...) NOT-FOR-US: Revive Adserver CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by allowin ...) NOT-FOR-US: Revive Adserver CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of Exce ...) NOT-FOR-US: Revive Adserver CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bi ...) - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. Th ...) - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH ...) - golang-gopkg-square-go-jose.v1 1.0.5-1 CVE-2016-9140 REJECTED CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) {DLA-787-1} - otrs2 5.0.14-1 (bug #843091) [jessie] - otrs2 3.3.18-1+deb8u1 NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/5 NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...) - linux 4.6.1-1 (unimportant) [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1) CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...) {DSA-3715-1 DLA-717-1} - moin 1.9.9-1 (bug #844338) NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of conve ...) {DSA-4013-1} - openjpeg2 2.1.2-1.2 (bug #844557) NOTE: https://github.com/uclouvain/openjpeg/issues/861 NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41 CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...) - openjpeg2 (unimportant; bug #844556) NOTE: https://github.com/uclouvain/openjpeg/issues/860 NOTE: No code injection, function only exposed in the CLI tool CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...) - openjpeg2 (unimportant; bug #844555) NOTE: https://github.com/uclouvain/openjpeg/issues/859 NOTE: No code injection, function only exposed in the CLI tool CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...) - openjpeg2 (unimportant; bug #844554) NOTE: https://github.com/uclouvain/openjpeg/issues/858 NOTE: No code injection, function only exposed in the CLI tool CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...) - openjpeg2 (unimportant; bug #844553) NOTE: https://github.com/uclouvain/openjpeg/issues/857 NOTE: No code injection, function only exposed in the CLI tool CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of convertb ...) - openjpeg2 (unimportant; bug #844552) NOTE: https://github.com/uclouvain/openjpeg/issues/856 NOTE: No code injection, function only exposed in the CLI tool CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...) {DLA-1851-1} - openjpeg2 2.1.2-1.2 (bug #844551) [stretch] - openjpeg2 2.1.2-1.1+deb9u4 NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b NOTE: https://github.com/uclouvain/openjpeg/issues/855 CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4. ...) NOT-FOR-US: Citrix CVE-2016-9110 RESERVED CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...) NOT-FOR-US: Symantec CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...) NOT-FOR-US: Symantec CVE-2016-9098 REJECTED CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, Proxy ...) NOT-FOR-US: Symantec CVE-2016-9096 REJECTED CVE-2016-9095 REJECTED CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in quarant ...) NOT-FOR-US: Symantec CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec Endpoint P ...) NOT-FOR-US: Symantec CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail ...) NOT-FOR-US: Symantec CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...) NOT-FOR-US: Blue Coat Advanced Secure Gateway CVE-2016-9090 RESERVED CVE-2016-9089 RESERVED CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...) - linux 4.0.2-1 (unimportant) NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1) NOTE: Missing security mitigation, not a vulnerability per se CVE-2015-8966 (arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allow ...) - linux 4.4.2-1 [jessie] - linux 3.16.7-ckt25-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8) CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...) - mujs (Fixed before initial upload to Debian) CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...) - mujs (Fixed before initial upload to Debian) CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...) - gajim-otr (bug #722130) NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145 NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae NOTE: https://www.openwall.com/lists/oss-security/2016/10/30/2 CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Android Broadcom driver CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Android Broadcom driver CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/4 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9 CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/3 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/2 CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/1 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550 NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/15 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06 CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...) {DLA-1599-1 DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842455) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538 NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/14 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0) CVE-2016-9088 RESERVED CVE-2016-9087 (SQL injection vulnerability in framework/modules/filedownloads/control ...) NOT-FOR-US: Exponent CMS CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw in th ...) - gitlab 8.13.3+dfsg1-2 (bug #843519) NOTE: https://hackerone.com/reports/178152 NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/ CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, passwo ...) NOT-FOR-US: Joomla! CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...) - firefox 50.1.0-1 - firefox-esr (Only affects Firefox 50.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080 CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been discovered. A ...) {DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1} - firefox 50.0.2-1 - firefox-esr 45.5.1esr-1 - icedove 1:45.5.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079 CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL assigns the refer ...) - firefox 50.0.2-1 - firefox-esr (Does not affect Firefox 45 ESR release) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/ CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap" filter on images load ...) - firefox 50.0-1 - firefox-esr (Does not affect Firefox 45 ESR release) CVE-2016-9076 (An issue where a "